summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:06:40 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:06:40 +0100
commitf4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch)
tree211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests
parentf7d30133221896638f7bf4f66c504255c4b14f48 (diff)
downloadUXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz
UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/gtests')
-rw-r--r--security/nss/gtests/Makefile10
-rw-r--r--security/nss/gtests/__init__.py0
-rw-r--r--security/nss/gtests/certdb_gtest/cert_unittest.cc47
-rw-r--r--security/nss/gtests/certdb_gtest/certdb_gtest.gyp3
-rw-r--r--security/nss/gtests/certdb_gtest/decode_certs_unittest.cc28
-rw-r--r--security/nss/gtests/certdb_gtest/manifest.mn2
-rw-r--r--security/nss/gtests/common/__init__.py0
-rw-r--r--security/nss/gtests/common/gtest.gypi7
-rw-r--r--security/nss/gtests/common/gtests.cc20
-rw-r--r--security/nss/gtests/common/testvectors/chachapoly-vectors.h3299
-rw-r--r--security/nss/gtests/common/testvectors/curve25519-vectors.h1879
-rw-r--r--security/nss/gtests/common/testvectors/gcm-vectors.h1535
-rw-r--r--security/nss/gtests/common/testvectors/kw-vectors.h1940
-rw-r--r--security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h117
-rw-r--r--security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h75
-rw-r--r--security/nss/gtests/common/testvectors_base/gcm-vectors_base.h (renamed from security/nss/gtests/common/gcm-vectors.h)105
-rw-r--r--security/nss/gtests/common/util.h91
-rw-r--r--security/nss/gtests/common/wycheproof/__init__.py0
-rw-r--r--security/nss/gtests/common/wycheproof/genTestVectors.py191
-rw-r--r--security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json2940
-rw-r--r--security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json1868
-rw-r--r--security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json956
-rw-r--r--security/nss/gtests/der_gtest/der_quickder_unittest.cc51
-rw-r--r--security/nss/gtests/freebl_gtest/cmac_unittests.cc187
-rw-r--r--security/nss/gtests/freebl_gtest/freebl_gtest.gyp11
-rw-r--r--security/nss/gtests/freebl_gtest/ghash_unittest.cc2
-rw-r--r--security/nss/gtests/freebl_gtest/mpi_unittest.cc51
-rw-r--r--security/nss/gtests/freebl_gtest/rsa_unittest.cc1
-rw-r--r--security/nss/gtests/manifest.mn3
-rw-r--r--security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp1
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp34
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp4
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp2
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp7
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp50
-rw-r--r--security/nss/gtests/mozpkix_gtest/pkixgtest.h2
-rw-r--r--security/nss/gtests/pk11_gtest/manifest.mn15
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc91
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc128
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc190
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc415
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc558
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc381
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc159
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc82
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_des_unittest.cc65
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc5
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h32
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc547
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_gtest.gyp35
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_import_unittest.cc281
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_key_unittest.cc80
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_keygen.cc143
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_keygen.h34
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_module_unittest.cc84
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc94
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc14
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc71
-rw-r--r--security/nss/gtests/pk11_gtest/pk11_signature_test.h3
-rw-r--r--security/nss/gtests/pkcs11testmodule/Makefile45
-rw-r--r--security/nss/gtests/pkcs11testmodule/config.mk16
-rw-r--r--security/nss/gtests/pkcs11testmodule/manifest.mn22
-rw-r--r--security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp658
-rw-r--r--security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def8
-rw-r--r--security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp25
-rw-r--r--security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc60
-rw-r--r--security/nss/gtests/smime_gtest/Makefile43
-rw-r--r--security/nss/gtests/smime_gtest/manifest.mn22
-rw-r--r--security/nss/gtests/smime_gtest/smime_gtest.gyp30
-rw-r--r--security/nss/gtests/smime_gtest/smime_unittest.cc137
-rw-r--r--security/nss/gtests/softoken_gtest/manifest.mn10
-rw-r--r--security/nss/gtests/softoken_gtest/softoken_gtest.cc275
-rw-r--r--security/nss/gtests/softoken_gtest/softoken_gtest.gyp8
-rw-r--r--security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc124
-rw-r--r--security/nss/gtests/ssl_gtest/Makefile6
-rw-r--r--security/nss/gtests/ssl_gtest/libssl_internals.c101
-rw-r--r--security/nss/gtests/ssl_gtest/libssl_internals.h18
-rw-r--r--security/nss/gtests/ssl_gtest/manifest.mn7
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc410
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc622
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc14
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc241
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc29
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc5
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc53
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc96
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc172
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc74
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc125
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc63
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_gtest.gyp18
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc112
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc31
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc218
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_record_unittest.cc36
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc577
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc57
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc23
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc190
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_version_unittest.cc13
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc10
-rw-r--r--security/nss/gtests/ssl_gtest/test_io.cc14
-rw-r--r--security/nss/gtests/ssl_gtest/test_io.h6
-rw-r--r--security/nss/gtests/ssl_gtest/tls_agent.cc107
-rw-r--r--security/nss/gtests/ssl_gtest/tls_agent.h41
-rw-r--r--security/nss/gtests/ssl_gtest/tls_connect.cc91
-rw-r--r--security/nss/gtests/ssl_gtest/tls_connect.h20
-rw-r--r--security/nss/gtests/ssl_gtest/tls_esni_unittest.cc174
-rw-r--r--security/nss/gtests/ssl_gtest/tls_filter.cc227
-rw-r--r--security/nss/gtests/ssl_gtest/tls_filter.h112
-rw-r--r--security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc206
-rw-r--r--security/nss/gtests/ssl_gtest/tls_protect.cc179
-rw-r--r--security/nss/gtests/ssl_gtest/tls_protect.h77
-rw-r--r--security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc568
-rw-r--r--security/nss/gtests/sysinit_gtest/Makefile43
-rw-r--r--security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc164
-rw-r--r--security/nss/gtests/sysinit_gtest/manifest.mn27
-rw-r--r--security/nss/gtests/sysinit_gtest/sysinit_gtest.cc9
-rw-r--r--security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp35
-rw-r--r--security/nss/gtests/util_gtest/manifest.mn31
-rw-r--r--security/nss/gtests/util_gtest/util_gtest.gyp18
-rw-r--r--security/nss/gtests/util_gtest/util_gtests.cc9
125 files changed, 24665 insertions, 1329 deletions
diff --git a/security/nss/gtests/Makefile b/security/nss/gtests/Makefile
index 2b5492506..718850c3a 100644
--- a/security/nss/gtests/Makefile
+++ b/security/nss/gtests/Makefile
@@ -26,6 +26,16 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
+# Don't build sysinit gtests unless we are also building libnsssysinit.
+# See lib/Makefile for the corresponding rules.
+ifndef MOZILLA_CLIENT
+ifeq ($(OS_ARCH),Linux)
+ifneq ($(NSS_BUILD_UTIL_ONLY),1)
+SYSINIT_GTEST=sysinit_gtest
+endif
+endif
+endif
+
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
diff --git a/security/nss/gtests/__init__.py b/security/nss/gtests/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/security/nss/gtests/__init__.py
diff --git a/security/nss/gtests/certdb_gtest/cert_unittest.cc b/security/nss/gtests/certdb_gtest/cert_unittest.cc
new file mode 100644
index 000000000..93003fa59
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/cert_unittest.cc
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "nss.h"
+#include "secerr.h"
+#include "pk11pub.h"
+#include "nss_scoped_ptrs.h"
+
+namespace nss_test {
+
+class CertTest : public ::testing::Test {};
+
+// Tests CERT_GetCertificateDer for the certs we have.
+TEST_F(CertTest, GetCertDer) {
+ // Listing all the certs should get us the default trust anchors.
+ ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr));
+ ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list));
+
+ for (PRCList* cursor = PR_NEXT_LINK(&certs->list); cursor != &certs->list;
+ cursor = PR_NEXT_LINK(cursor)) {
+ CERTCertListNode* node = (CERTCertListNode*)cursor;
+ SECItem der;
+ ASSERT_EQ(SECSuccess, CERT_GetCertificateDer(node->cert, &der));
+ ASSERT_EQ(0, SECITEM_CompareItem(&der, &node->cert->derCert));
+ }
+}
+
+TEST_F(CertTest, GetCertDerBad) {
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr));
+ ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list));
+ CERTCertListNode* node = (CERTCertListNode*)PR_NEXT_LINK(&certs->list);
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(node->cert, nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ SECItem der;
+ EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, &der));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+}
+}
diff --git a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp
index 898102def..7f5bb324b 100644
--- a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp
+++ b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp
@@ -12,6 +12,8 @@
'type': 'executable',
'sources': [
'alg1485_unittest.cc',
+ 'cert_unittest.cc',
+ 'decode_certs_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
@@ -20,6 +22,7 @@
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/lib/nss/nss.gyp:nss3',
+ '<(DEPTH)/lib/smime/smime.gyp:smime3',
]
}
],
diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
new file mode 100644
index 000000000..405194edc
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
@@ -0,0 +1,28 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "cert.h"
+#include "prerror.h"
+#include "secerr.h"
+
+class DecodeCertsTest : public ::testing::Test {};
+
+TEST_F(DecodeCertsTest, EmptyCertPackage) {
+ // This represents a PKCS#7 ContentInfo with a contentType of
+ // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content
+ // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no
+ // certificates, so CERT_DecodeCertFromPackage should just return a null
+ // pointer.
+ unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+ 0x05, 0xa0, 0x02, 0x30, 0x00};
+ EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage(
+ reinterpret_cast<char*>(emptyCertPackage),
+ sizeof(emptyCertPackage)));
+ EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
diff --git a/security/nss/gtests/certdb_gtest/manifest.mn b/security/nss/gtests/certdb_gtest/manifest.mn
index 4a3a1fda0..c95cf991f 100644
--- a/security/nss/gtests/certdb_gtest/manifest.mn
+++ b/security/nss/gtests/certdb_gtest/manifest.mn
@@ -8,6 +8,8 @@ MODULE = nss
CPPSRCS = \
alg1485_unittest.cc \
+ cert_unittest.cc \
+ decode_certs_unittest.cc \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
diff --git a/security/nss/gtests/common/__init__.py b/security/nss/gtests/common/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/security/nss/gtests/common/__init__.py
diff --git a/security/nss/gtests/common/gtest.gypi b/security/nss/gtests/common/gtest.gypi
index c4865bba5..919c23aa3 100644
--- a/security/nss/gtests/common/gtest.gypi
+++ b/security/nss/gtests/common/gtest.gypi
@@ -21,6 +21,13 @@
'libraries': [
'-lws2_32',
],
+ 'conditions': [
+ ['static_libs==1', {
+ 'libraries': [
+ '-ladvapi32',
+ ],
+ }],
+ ],
}],
['OS=="android"', {
'libraries': [
diff --git a/security/nss/gtests/common/gtests.cc b/security/nss/gtests/common/gtests.cc
index bd5a97a8e..d0f21ee04 100644
--- a/security/nss/gtests/common/gtests.cc
+++ b/security/nss/gtests/common/gtests.cc
@@ -1,6 +1,5 @@
#include "nspr.h"
#include "nss.h"
-#include "ssl.h"
#include <cstdlib>
@@ -10,10 +9,23 @@
int main(int argc, char **argv) {
::testing::InitGoogleTest(&argc, argv);
- if (NSS_NoDB_Init(nullptr) != SECSuccess) {
- return 1;
+ const char *workdir = "";
+ uint32_t flags = NSS_INIT_READONLY;
+
+ for (int i = 0; i < argc; i++) {
+ if (!strcmp(argv[i], "-d")) {
+ if (i + 1 >= argc) {
+ PR_fprintf(PR_STDERR, "Usage: %s [-d <dir> [-w]]\n", argv[0]);
+ exit(2);
+ }
+ workdir = argv[i + 1];
+ i++;
+ } else if (!strcmp(argv[i], "-w")) {
+ flags &= ~NSS_INIT_READONLY;
+ }
}
- if (NSS_SetDomesticPolicy() != SECSuccess) {
+
+ if (NSS_Initialize(workdir, "", "", SECMOD_DB, flags) != SECSuccess) {
return 1;
}
int rv = RUN_ALL_TESTS();
diff --git a/security/nss/gtests/common/testvectors/chachapoly-vectors.h b/security/nss/gtests/common/testvectors/chachapoly-vectors.h
new file mode 100644
index 000000000..2e2683bda
--- /dev/null
+++ b/security/nss/gtests/common/testvectors/chachapoly-vectors.h
@@ -0,0 +1,3299 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling ./mach wycheproof */
+
+#ifndef chachapoly_vectors_h__
+#define chachapoly_vectors_h__
+
+#include <string>
+#include <vector>
+
+typedef struct chaChaTestVectorStr {
+ uint32_t id;
+ std::vector<uint8_t> Data;
+ std::vector<uint8_t> AAD;
+ std::vector<uint8_t> Key;
+ std::vector<uint8_t> IV;
+ std::vector<uint8_t> CT;
+ bool invalidTag;
+ bool invalidIV;
+} chaChaTestVector;
+
+// ChaCha20/Poly1305 Test Vector 1, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#section-2.8.2>
+// ChaCha20/Poly1305 Test Vector 2, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#appendix-A.5>
+const chaChaTestVector kChaCha20Vectors[] = {
+ {0,
+ {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+ 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+ 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+ 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+ 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+ 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+ 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e},
+ {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47},
+ {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+ 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+ 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+ 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+ 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+ 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+ 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+ 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+ 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+ 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+ 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91},
+ false,
+ false},
+ {1,
+ {0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+ 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+ 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+ 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+ 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+ 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+ 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+ 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+ 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+ 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+ 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+ 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+ 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+ 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+ 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+ 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+ 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+ 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+ 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+ 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+ 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+ 0x9d},
+ {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91},
+ {0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+ 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+ 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0},
+ {0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+ 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+ 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+ 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+ 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+ 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+ 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+ 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+ 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+ 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+ 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+ 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+ 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+ 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+ 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+ 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+ 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+ 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+ 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+ 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+ 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+ 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+ 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+ 0xfe, 0xa1, 0x85, 0x1f, 0x38},
+ false,
+ false}};
+
+// Testvectors from project wycheproof
+// <https://github.com/google/wycheproof>
+const chaChaTestVector kChaCha20WycheproofVectors[] = {
+
+ // Comment: rfc7539
+ {0,
+ {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+ 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+ 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+ 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+ 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+ 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+ 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e},
+ {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47},
+ {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+ 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+ 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+ 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+ 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+ 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+ 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+ 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+ 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+ 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+ 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91},
+ false,
+ false},
+
+ // Comment:
+ {1,
+ {},
+ {},
+ {0x80, 0xba, 0x31, 0x92, 0xc8, 0x03, 0xce, 0x96, 0x5e, 0xa3, 0x71,
+ 0xd5, 0xff, 0x07, 0x3c, 0xf0, 0xf4, 0x3b, 0x6a, 0x2a, 0xb5, 0x76,
+ 0xb2, 0x08, 0x42, 0x6e, 0x11, 0x40, 0x9c, 0x09, 0xb9, 0xb0},
+ {0x4d, 0xa5, 0xbf, 0x8d, 0xfd, 0x58, 0x52, 0xc1, 0xea, 0x12, 0x37, 0x9d},
+ {0x76, 0xac, 0xb3, 0x42, 0xcf, 0x31, 0x66, 0xa5, 0xb6, 0x3c, 0x0c, 0x0e,
+ 0xa1, 0x38, 0x3c, 0x8d},
+ false,
+ false},
+
+ // Comment:
+ {2,
+ {},
+ {0xbd, 0x50, 0x67, 0x64, 0xf2, 0xd2, 0xc4, 0x10},
+ {0x7a, 0x4c, 0xd7, 0x59, 0x17, 0x2e, 0x02, 0xeb, 0x20, 0x4d, 0xb2,
+ 0xc3, 0xf5, 0xc7, 0x46, 0x22, 0x7d, 0xf5, 0x84, 0xfc, 0x13, 0x45,
+ 0x19, 0x63, 0x91, 0xdb, 0xb9, 0x57, 0x7a, 0x25, 0x07, 0x42},
+ {0xa9, 0x2e, 0xf0, 0xac, 0x99, 0x1d, 0xd5, 0x16, 0xa3, 0xc6, 0xf6, 0x89},
+ {0x90, 0x6f, 0xa6, 0x28, 0x4b, 0x52, 0xf8, 0x7b, 0x73, 0x59, 0xcb, 0xaa,
+ 0x75, 0x63, 0xc7, 0x09},
+ false,
+ false},
+
+ // Comment:
+ {3,
+ {0x2a},
+ {},
+ {0xcc, 0x56, 0xb6, 0x80, 0x55, 0x2e, 0xb7, 0x50, 0x08, 0xf5, 0x48,
+ 0x4b, 0x4c, 0xb8, 0x03, 0xfa, 0x50, 0x63, 0xeb, 0xd6, 0xea, 0xb9,
+ 0x1f, 0x6a, 0xb6, 0xae, 0xf4, 0x91, 0x6a, 0x76, 0x62, 0x73},
+ {0x99, 0xe2, 0x3e, 0xc4, 0x89, 0x85, 0xbc, 0xcd, 0xee, 0xab, 0x60, 0xf1},
+ {0x3a, 0xca, 0xc2, 0x7d, 0xec, 0x09, 0x68, 0x80, 0x1e, 0x9f, 0x6e, 0xde,
+ 0xd6, 0x9d, 0x80, 0x75, 0x22},
+ false,
+ false},
+
+ // Comment:
+ {4,
+ {0x51},
+ {0x91, 0xca, 0x6c, 0x59, 0x2c, 0xbc, 0xca, 0x53},
+ {0x46, 0xf0, 0x25, 0x49, 0x65, 0xf7, 0x69, 0xd5, 0x2b, 0xdb, 0x4a,
+ 0x70, 0xb4, 0x43, 0x19, 0x9f, 0x8e, 0xf2, 0x07, 0x52, 0x0d, 0x12,
+ 0x20, 0xc5, 0x5e, 0x4b, 0x70, 0xf0, 0xfd, 0xa6, 0x20, 0xee},
+ {0xab, 0x0d, 0xca, 0x71, 0x6e, 0xe0, 0x51, 0xd2, 0x78, 0x2f, 0x44, 0x03},
+ {0xc4, 0x16, 0x83, 0x10, 0xca, 0x45, 0xb1, 0xf7, 0xc6, 0x6c, 0xad, 0x4e,
+ 0x99, 0xe4, 0x3f, 0x72, 0xb9},
+ false,
+ false},
+
+ // Comment:
+ {5,
+ {0x5c, 0x60},
+ {},
+ {0x2f, 0x7f, 0x7e, 0x4f, 0x59, 0x2b, 0xb3, 0x89, 0x19, 0x49, 0x89,
+ 0x74, 0x35, 0x07, 0xbf, 0x3e, 0xe9, 0xcb, 0xde, 0x17, 0x86, 0xb6,
+ 0x69, 0x5f, 0xe6, 0xc0, 0x25, 0xfd, 0x9b, 0xa4, 0xc1, 0x00},
+ {0x46, 0x1a, 0xf1, 0x22, 0xe9, 0xf2, 0xe0, 0x34, 0x7e, 0x03, 0xf2, 0xdb},
+ {0x4d, 0x13, 0x91, 0xe8, 0xb6, 0x1e, 0xfb, 0x39, 0xc1, 0x22, 0x19, 0x54,
+ 0x53, 0x07, 0x7b, 0x22, 0xe5, 0xe2},
+ false,
+ false},
+
+ // Comment:
+ {6,
+ {0xdd, 0xf2},
+ {0x88, 0x36, 0x4f, 0xc8, 0x06, 0x05, 0x18, 0xbf},
+ {0xc8, 0x83, 0x3d, 0xce, 0x5e, 0xa9, 0xf2, 0x48, 0xaa, 0x20, 0x30,
+ 0xea, 0xcf, 0xe7, 0x2b, 0xff, 0xe6, 0x9a, 0x62, 0x0c, 0xaf, 0x79,
+ 0x33, 0x44, 0xe5, 0x71, 0x8f, 0xe0, 0xd7, 0xab, 0x1a, 0x58},
+ {0x61, 0x54, 0x6b, 0xa5, 0xf1, 0x72, 0x05, 0x90, 0xb6, 0x04, 0x0a, 0xc6},
+ {0xb6, 0x0d, 0xea, 0xd0, 0xfd, 0x46, 0x97, 0xec, 0x2e, 0x55, 0x58, 0x23,
+ 0x77, 0x19, 0xd0, 0x24, 0x37, 0xa2},
+ false,
+ false},
+
+ // Comment:
+ {7,
+ {0xab, 0x85, 0xe9, 0xc1, 0x57, 0x17, 0x31},
+ {},
+ {0x55, 0x56, 0x81, 0x58, 0xd3, 0xa6, 0x48, 0x3f, 0x1f, 0x70, 0x21,
+ 0xea, 0xb6, 0x9b, 0x70, 0x3f, 0x61, 0x42, 0x51, 0xca, 0xdc, 0x1a,
+ 0xf5, 0xd3, 0x4a, 0x37, 0x4f, 0xdb, 0xfc, 0x5a, 0xda, 0xc7},
+ {0x3c, 0x4e, 0x65, 0x4d, 0x66, 0x3f, 0xa4, 0x59, 0x6d, 0xc5, 0x5b, 0xb7},
+ {0x5d, 0xfe, 0x34, 0x40, 0xdb, 0xb3, 0xc3, 0xed, 0x7a, 0x43, 0x4e, 0x26,
+ 0x02, 0xd3, 0x94, 0x28, 0x1e, 0x0a, 0xfa, 0x9f, 0xb7, 0xaa, 0x42},
+ false,
+ false},
+
+ // Comment:
+ {8,
+ {0x4e, 0xe5, 0xcd, 0xa2, 0x0d, 0x42, 0x90},
+ {0x84, 0xe4, 0x6b, 0xe8, 0xc0, 0x91, 0x90, 0x53},
+ {0xe3, 0xc0, 0x9e, 0x7f, 0xab, 0x1a, 0xef, 0xb5, 0x16, 0xda, 0x6a,
+ 0x33, 0x02, 0x2a, 0x1d, 0xd4, 0xeb, 0x27, 0x2c, 0x80, 0xd5, 0x40,
+ 0xc5, 0xda, 0x52, 0xa7, 0x30, 0xf3, 0x4d, 0x84, 0x0d, 0x7f},
+ {0x58, 0x38, 0x93, 0x75, 0xc6, 0x9e, 0xe3, 0x98, 0xde, 0x94, 0x83, 0x96},
+ {0x4b, 0xd4, 0x72, 0x12, 0x94, 0x1c, 0xe3, 0x18, 0x5f, 0x14, 0x08, 0xee,
+ 0x7f, 0xbf, 0x18, 0xf5, 0xab, 0xad, 0x6e, 0x22, 0x53, 0xa1, 0xba},
+ false,
+ false},
+
+ // Comment:
+ {9,
+ {0xbe, 0x33, 0x08, 0xf7, 0x2a, 0x2c, 0x6a, 0xed},
+ {},
+ {0x51, 0xe4, 0xbf, 0x2b, 0xad, 0x92, 0xb7, 0xaf, 0xf1, 0xa4, 0xbc,
+ 0x05, 0x55, 0x0b, 0xa8, 0x1d, 0xf4, 0xb9, 0x6f, 0xab, 0xf4, 0x1c,
+ 0x12, 0xc7, 0xb0, 0x0e, 0x60, 0xe4, 0x8d, 0xb7, 0xe1, 0x52},
+ {0x4f, 0x07, 0xaf, 0xed, 0xfd, 0xc3, 0xb6, 0xc2, 0x36, 0x18, 0x23, 0xd3},
+ {0x8e, 0x94, 0x39, 0xa5, 0x6e, 0xee, 0xc8, 0x17, 0xfb, 0xe8, 0xa6, 0xed,
+ 0x8f, 0xab, 0xb1, 0x93, 0x75, 0x39, 0xdd, 0x6c, 0x00, 0xe9, 0x00, 0x21},
+ false,
+ false},
+
+ // Comment:
+ {10,
+ {0xa4, 0xc9, 0xc2, 0x80, 0x1b, 0x71, 0xf7, 0xdf},
+ {0x66, 0xc0, 0xae, 0x70, 0x07, 0x6c, 0xb1, 0x4d},
+ {0x11, 0x31, 0xc1, 0x41, 0x85, 0x77, 0xa0, 0x54, 0xde, 0x7a, 0x4a,
+ 0xc5, 0x51, 0x95, 0x0f, 0x1a, 0x05, 0x3f, 0x9a, 0xe4, 0x6e, 0x5b,
+ 0x75, 0xfe, 0x4a, 0xbd, 0x56, 0x08, 0xd7, 0xcd, 0xda, 0xdd},
+ {0xb4, 0xea, 0x66, 0x6e, 0xe1, 0x19, 0x56, 0x33, 0x66, 0x48, 0x4a, 0x78},
+ {0xb9, 0xb9, 0x10, 0x43, 0x3a, 0xf0, 0x52, 0xb0, 0x45, 0x30, 0xf5, 0x1a,
+ 0xee, 0xe0, 0x24, 0xe0, 0xa4, 0x45, 0xa6, 0x32, 0x8f, 0xa6, 0x7a, 0x18},
+ false,
+ false},
+
+ // Comment:
+ {11,
+ {0x42, 0xba, 0xae, 0x59, 0x78, 0xfe, 0xaf, 0x5c, 0x36, 0x8d, 0x14, 0xe0},
+ {},
+ {0x99, 0xb6, 0x2b, 0xd5, 0xaf, 0xbe, 0x3f, 0xb0, 0x15, 0xbd, 0xe9,
+ 0x3f, 0x0a, 0xbf, 0x48, 0x39, 0x57, 0xa1, 0xc3, 0xeb, 0x3c, 0xa5,
+ 0x9c, 0xb5, 0x0b, 0x39, 0xf7, 0xf8, 0xa9, 0xcc, 0x51, 0xbe},
+ {0x9a, 0x59, 0xfc, 0xe2, 0x6d, 0xf0, 0x00, 0x5e, 0x07, 0x53, 0x86, 0x56},
+ {0xff, 0x7d, 0xc2, 0x03, 0xb2, 0x6c, 0x46, 0x7a, 0x6b, 0x50,
+ 0xdb, 0x33, 0x57, 0x8c, 0x0f, 0x27, 0x58, 0xc2, 0xe1, 0x4e,
+ 0x36, 0xd4, 0xfc, 0x10, 0x6d, 0xcb, 0x29, 0xb4},
+ false,
+ false},
+
+ // Comment:
+ {12,
+ {0xfd, 0xc8, 0x5b, 0x94, 0xa4, 0xb2, 0xa6, 0xb7, 0x59, 0xb1, 0xa0, 0xda},
+ {0xa5, 0x06, 0xe1, 0xa5, 0xc6, 0x90, 0x93, 0xf9},
+ {0x85, 0xf3, 0x5b, 0x62, 0x82, 0xcf, 0xf4, 0x40, 0xbc, 0x10, 0x20,
+ 0xc8, 0x13, 0x6f, 0xf2, 0x70, 0x31, 0x11, 0x0f, 0xa6, 0x3e, 0xc1,
+ 0x6f, 0x1e, 0x82, 0x51, 0x18, 0xb0, 0x06, 0xb9, 0x12, 0x57},
+ {0x58, 0xdb, 0xd4, 0xad, 0x2c, 0x4a, 0xd3, 0x5d, 0xd9, 0x06, 0xe9, 0xce},
+ {0x9f, 0x88, 0x16, 0xde, 0x09, 0x94, 0xe9, 0x38, 0xd9, 0xe5,
+ 0x3f, 0x95, 0xd0, 0x86, 0xfc, 0x6c, 0x9d, 0x8f, 0xa9, 0x15,
+ 0xfd, 0x84, 0x23, 0xa7, 0xcf, 0x05, 0x07, 0x2f},
+ false,
+ false},
+
+ // Comment:
+ {13,
+ {0x51, 0xf8, 0xc1, 0xf7, 0x31, 0xea, 0x14, 0xac, 0xdb, 0x21, 0x0a, 0x6d,
+ 0x97, 0x3e, 0x07},
+ {},
+ {0x67, 0x11, 0x96, 0x27, 0xbd, 0x98, 0x8e, 0xda, 0x90, 0x62, 0x19,
+ 0xe0, 0x8c, 0x0d, 0x0d, 0x77, 0x9a, 0x07, 0xd2, 0x08, 0xce, 0x8a,
+ 0x4f, 0xe0, 0x70, 0x9a, 0xf7, 0x55, 0xee, 0xec, 0x6d, 0xcb},
+ {0x68, 0xab, 0x7f, 0xdb, 0xf6, 0x19, 0x01, 0xda, 0xd4, 0x61, 0xd2, 0x3c},
+ {0x0b, 0x29, 0x63, 0x8e, 0x1f, 0xbd, 0xd6, 0xdf, 0x53, 0x97, 0x0b,
+ 0xe2, 0x21, 0x00, 0x42, 0x2a, 0x91, 0x34, 0x08, 0x7d, 0x67, 0xa4,
+ 0x6e, 0x79, 0x17, 0x8d, 0x0a, 0x93, 0xf5, 0xe1, 0xd2},
+ false,
+ false},
+
+ // Comment:
+ {14,
+ {0x97, 0x46, 0x9d, 0xa6, 0x67, 0xd6, 0x11, 0x0f, 0x9c, 0xbd, 0xa1, 0xd1,
+ 0xa2, 0x06, 0x73},
+ {0x64, 0x53, 0xa5, 0x33, 0x84, 0x63, 0x22, 0x12},
+ {0xe6, 0xf1, 0x11, 0x8d, 0x41, 0xe4, 0xb4, 0x3f, 0xb5, 0x82, 0x21,
+ 0xb7, 0xed, 0x79, 0x67, 0x38, 0x34, 0xe0, 0xd8, 0xac, 0x5c, 0x4f,
+ 0xa6, 0x0b, 0xbc, 0x8b, 0xc4, 0x89, 0x3a, 0x58, 0x89, 0x4d},
+ {0xd9, 0x5b, 0x32, 0x43, 0xaf, 0xae, 0xf7, 0x14, 0xc5, 0x03, 0x5b, 0x6a},
+ {0x32, 0xdb, 0x66, 0xc4, 0xa3, 0x81, 0x9d, 0x81, 0x55, 0x74, 0x55,
+ 0xe5, 0x98, 0x0f, 0xed, 0xfe, 0xae, 0x30, 0xde, 0xc9, 0x4e, 0x6a,
+ 0xd3, 0xa9, 0xee, 0xa0, 0x6a, 0x0d, 0x70, 0x39, 0x17},
+ false,
+ false},
+
+ // Comment:
+ {15,
+ {0x54, 0x9b, 0x36, 0x5a, 0xf9, 0x13, 0xf3, 0xb0, 0x81, 0x13, 0x1c, 0xcb,
+ 0x6b, 0x82, 0x55, 0x88},
+ {},
+ {0x59, 0xd4, 0xea, 0xfb, 0x4d, 0xe0, 0xcf, 0xc7, 0xd3, 0xdb, 0x99,
+ 0xa8, 0xf5, 0x4b, 0x15, 0xd7, 0xb3, 0x9f, 0x0a, 0xcc, 0x8d, 0xa6,
+ 0x97, 0x63, 0xb0, 0x19, 0xc1, 0x69, 0x9f, 0x87, 0x67, 0x4a},
+ {0x2f, 0xcb, 0x1b, 0x38, 0xa9, 0x9e, 0x71, 0xb8, 0x47, 0x40, 0xad, 0x9b},
+ {0xe9, 0x11, 0x0e, 0x9f, 0x56, 0xab, 0x3c, 0xa4, 0x83, 0x50, 0x0c,
+ 0xea, 0xba, 0xb6, 0x7a, 0x13, 0x83, 0x6c, 0xca, 0xbf, 0x15, 0xa6,
+ 0xa2, 0x2a, 0x51, 0xc1, 0x07, 0x1c, 0xfa, 0x68, 0xfa, 0x0c},
+ false,
+ false},
+
+ // Comment:
+ {16,
+ {0x55, 0xa4, 0x65, 0x64, 0x4f, 0x5b, 0x65, 0x09, 0x28, 0xcb, 0xee, 0x7c,
+ 0x06, 0x32, 0x14, 0xd6},
+ {0x03, 0x45, 0x85, 0x62, 0x1a, 0xf8, 0xd7, 0xff},
+ {0xb9, 0x07, 0xa4, 0x50, 0x75, 0x51, 0x3f, 0xe8, 0xa8, 0x01, 0x9e,
+ 0xde, 0xe3, 0xf2, 0x59, 0x14, 0x87, 0xb2, 0xa0, 0x30, 0xb0, 0x3c,
+ 0x6e, 0x1d, 0x77, 0x1c, 0x86, 0x25, 0x71, 0xd2, 0xea, 0x1e},
+ {0x11, 0x8a, 0x69, 0x64, 0xc2, 0xd3, 0xe3, 0x80, 0x07, 0x1f, 0x52, 0x66},
+ {0xe4, 0xb1, 0x13, 0xcb, 0x77, 0x59, 0x45, 0xf3, 0xd3, 0xa8, 0xae,
+ 0x9e, 0xc1, 0x41, 0xc0, 0x0c, 0x7c, 0x43, 0xf1, 0x6c, 0xe0, 0x96,
+ 0xd0, 0xdc, 0x27, 0xc9, 0x58, 0x49, 0xdc, 0x38, 0x3b, 0x7d},
+ false,
+ false},
+
+ // Comment:
+ {17,
+ {0x3f, 0xf1, 0x51, 0x4b, 0x1c, 0x50, 0x39, 0x15, 0x91, 0x8f, 0x0c, 0x0c,
+ 0x31, 0x09, 0x4a, 0x6e, 0x1f},
+ {},
+ {0x3b, 0x24, 0x58, 0xd8, 0x17, 0x6e, 0x16, 0x21, 0xc0, 0xcc, 0x24,
+ 0xc0, 0xc0, 0xe2, 0x4c, 0x1e, 0x80, 0xd7, 0x2f, 0x7e, 0xe9, 0x14,
+ 0x9a, 0x4b, 0x16, 0x61, 0x76, 0x62, 0x96, 0x16, 0xd0, 0x11},
+ {0x45, 0xaa, 0xa3, 0xe5, 0xd1, 0x6d, 0x2d, 0x42, 0xdc, 0x03, 0x44, 0x5d},
+ {0x02, 0xcc, 0x3a, 0xcb, 0x5e, 0xe1, 0xfc, 0xdd, 0x12, 0xa0, 0x3b,
+ 0xb8, 0x57, 0x97, 0x64, 0x74, 0xd3, 0xd8, 0x3b, 0x74, 0x63, 0xa2,
+ 0xc3, 0x80, 0x0f, 0xe9, 0x58, 0xc2, 0x8e, 0xaa, 0x29, 0x08, 0x13},
+ false,
+ false},
+
+ // Comment:
+ {18,
+ {0x63, 0x85, 0x8c, 0xa3, 0xe2, 0xce, 0x69, 0x88, 0x7b, 0x57, 0x8a, 0x3c,
+ 0x16, 0x7b, 0x42, 0x1c, 0x9c},
+ {0x9a, 0xaf, 0x29, 0x9e, 0xee, 0xa7, 0x8f, 0x79},
+ {0xf6, 0x0c, 0x6a, 0x1b, 0x62, 0x57, 0x25, 0xf7, 0x6c, 0x70, 0x37,
+ 0xb4, 0x8f, 0xe3, 0x57, 0x7f, 0xa7, 0xf7, 0xb8, 0x7b, 0x1b, 0xd5,
+ 0xa9, 0x82, 0x17, 0x6d, 0x18, 0x23, 0x06, 0xff, 0xb8, 0x70},
+ {0xf0, 0x38, 0x4f, 0xb8, 0x76, 0x12, 0x14, 0x10, 0x63, 0x3d, 0x99, 0x3d},
+ {0x35, 0x76, 0x64, 0x88, 0xd2, 0xbc, 0x7c, 0x2b, 0x8d, 0x17, 0xcb,
+ 0xbb, 0x9a, 0xbf, 0xad, 0x9e, 0x6d, 0x1f, 0x39, 0x1e, 0x65, 0x7b,
+ 0x27, 0x38, 0xdd, 0xa0, 0x84, 0x48, 0xcb, 0xa2, 0x81, 0x1c, 0xeb},
+ false,
+ false},
+
+ // Comment:
+ {19,
+ {0x10, 0xf1, 0xec, 0xf9, 0xc6, 0x05, 0x84, 0x66, 0x5d, 0x9a, 0xe5, 0xef,
+ 0xe2, 0x79, 0xe7, 0xf7, 0x37, 0x7e, 0xea, 0x69, 0x16, 0xd2, 0xb1, 0x11},
+ {},
+ {0x02, 0x12, 0xa8, 0xde, 0x50, 0x07, 0xed, 0x87, 0xb3, 0x3f, 0x1a,
+ 0x70, 0x90, 0xb6, 0x11, 0x4f, 0x9e, 0x08, 0xce, 0xfd, 0x96, 0x07,
+ 0xf2, 0xc2, 0x76, 0xbd, 0xcf, 0xdb, 0xc5, 0xce, 0x9c, 0xd7},
+ {0xe6, 0xb1, 0xad, 0xf2, 0xfd, 0x58, 0xa8, 0x76, 0x2c, 0x65, 0xf3, 0x1b},
+ {0x42, 0xf2, 0x6c, 0x56, 0xcb, 0x4b, 0xe2, 0x1d, 0x9d, 0x8d,
+ 0x0c, 0x80, 0xfc, 0x99, 0xdd, 0xe0, 0x0d, 0x75, 0xf3, 0x80,
+ 0x74, 0xbf, 0xe7, 0x64, 0x54, 0xaa, 0x7e, 0x13, 0xd4, 0x8f,
+ 0xff, 0x7d, 0x75, 0x57, 0x03, 0x94, 0x57, 0x04, 0x0a, 0x3a},
+ false,
+ false},
+
+ // Comment:
+ {20,
+ {0x92, 0x22, 0xf9, 0x01, 0x8e, 0x54, 0xfd, 0x6d, 0xe1, 0x20, 0x08, 0x06,
+ 0xa9, 0xee, 0x8e, 0x4c, 0xc9, 0x04, 0xd2, 0x9f, 0x25, 0xcb, 0xa1, 0x93},
+ {0x3e, 0x8b, 0xc5, 0xad, 0xe1, 0x82, 0xff, 0x08},
+ {0xc5, 0xbc, 0x09, 0x56, 0x56, 0x46, 0xe7, 0xed, 0xda, 0x95, 0x4f,
+ 0x1f, 0x73, 0x92, 0x23, 0xda, 0xda, 0x20, 0xb9, 0x5c, 0x44, 0xab,
+ 0x03, 0x3d, 0x0f, 0xae, 0x4b, 0x02, 0x83, 0xd1, 0x8b, 0xe3},
+ {0x6b, 0x28, 0x2e, 0xbe, 0xcc, 0x54, 0x1b, 0xcd, 0x78, 0x34, 0xed, 0x55},
+ {0x12, 0x30, 0x32, 0x43, 0x7b, 0x4b, 0xfd, 0x69, 0x20, 0xe8,
+ 0xf7, 0xe7, 0xe0, 0x08, 0x7a, 0xe4, 0x88, 0x9e, 0xbe, 0x7a,
+ 0x0a, 0xd0, 0xe9, 0x00, 0x3c, 0xf6, 0x8f, 0x17, 0x95, 0x50,
+ 0xda, 0x63, 0xd3, 0xb9, 0x6c, 0x2d, 0x55, 0x41, 0x18, 0x65},
+ false,
+ false},
+
+ // Comment:
+ {21,
+ {0xb0, 0x53, 0x99, 0x92, 0x86, 0xa2, 0x82, 0x4f, 0x42, 0xcc, 0x8c,
+ 0x20, 0x3a, 0xb2, 0x4e, 0x2c, 0x97, 0xa6, 0x85, 0xad, 0xcc, 0x2a,
+ 0xd3, 0x26, 0x62, 0x55, 0x8e, 0x55, 0xa5, 0xc7, 0x29},
+ {},
+ {0x2e, 0xb5, 0x1c, 0x46, 0x9a, 0xa8, 0xeb, 0x9e, 0x6c, 0x54, 0xa8,
+ 0x34, 0x9b, 0xae, 0x50, 0xa2, 0x0f, 0x0e, 0x38, 0x27, 0x11, 0xbb,
+ 0xa1, 0x15, 0x2c, 0x42, 0x4f, 0x03, 0xb6, 0x67, 0x1d, 0x71},
+ {0x04, 0xa9, 0xbe, 0x03, 0x50, 0x8a, 0x5f, 0x31, 0x37, 0x1a, 0x6f, 0xd2},
+ {0x45, 0xc7, 0xd6, 0xb5, 0x3a, 0xca, 0xd4, 0xab, 0xb6, 0x88, 0x76, 0xa6,
+ 0xe9, 0x6a, 0x48, 0xfb, 0x59, 0x52, 0x4d, 0x2c, 0x92, 0xc9, 0xd8, 0xa1,
+ 0x89, 0xc9, 0xfd, 0x2d, 0xb9, 0x17, 0x46, 0x56, 0x6d, 0x3c, 0xa1, 0x0e,
+ 0x31, 0x1b, 0x69, 0x5f, 0x3e, 0xae, 0x15, 0x51, 0x65, 0x24, 0x93},
+ false,
+ false},
+
+ // Comment:
+ {22,
+ {0xf4, 0x52, 0x06, 0xab, 0xc2, 0x55, 0x52, 0xb2, 0xab, 0xc9, 0xab,
+ 0x7f, 0xa2, 0x43, 0x03, 0x5f, 0xed, 0xaa, 0xdd, 0xc3, 0xb2, 0x29,
+ 0x39, 0x56, 0xf1, 0xea, 0x6e, 0x71, 0x56, 0xe7, 0xeb},
+ {0x37, 0x46, 0x18, 0xa0, 0x6e, 0xa9, 0x8a, 0x48},
+ {0x7f, 0x5b, 0x74, 0xc0, 0x7e, 0xd1, 0xb4, 0x0f, 0xd1, 0x43, 0x58,
+ 0xfe, 0x2f, 0xf2, 0xa7, 0x40, 0xc1, 0x16, 0xc7, 0x70, 0x65, 0x10,
+ 0xe6, 0xa4, 0x37, 0xf1, 0x9e, 0xa4, 0x99, 0x11, 0xce, 0xc4},
+ {0x47, 0x0a, 0x33, 0x9e, 0xcb, 0x32, 0x19, 0xb8, 0xb8, 0x1a, 0x1f, 0x8b},
+ {0x46, 0xa8, 0x0c, 0x41, 0x87, 0x02, 0x47, 0x20, 0x08, 0x46, 0x27, 0x58,
+ 0x00, 0x80, 0xdd, 0xe5, 0xa3, 0xf4, 0xa1, 0x10, 0x93, 0xa7, 0x07, 0x6e,
+ 0xd6, 0xf3, 0xd3, 0x26, 0xbc, 0x7b, 0x70, 0x53, 0x4d, 0x4a, 0xa2, 0x83,
+ 0x5a, 0x52, 0xe7, 0x2d, 0x14, 0xdf, 0x0e, 0x4f, 0x47, 0xf2, 0x5f},
+ false,
+ false},
+
+ // Comment:
+ {23,
+ {0xb9, 0xc5, 0x54, 0xcb, 0xc3, 0x6a, 0xc1, 0x8a, 0xe8, 0x97, 0xdf,
+ 0x7b, 0xee, 0xca, 0xc1, 0xdb, 0xeb, 0x4e, 0xaf, 0xa1, 0x56, 0xbb,
+ 0x60, 0xce, 0x2e, 0x5d, 0x48, 0xf0, 0x57, 0x15, 0xe6, 0x78},
+ {},
+ {0xe1, 0x73, 0x1d, 0x58, 0x54, 0xe1, 0xb7, 0x0c, 0xb3, 0xff, 0xe8,
+ 0xb7, 0x86, 0xa2, 0xb3, 0xeb, 0xf0, 0x99, 0x43, 0x70, 0x95, 0x47,
+ 0x57, 0xb9, 0xdc, 0x8c, 0x7b, 0xc5, 0x35, 0x46, 0x34, 0xa3},
+ {0x72, 0xcf, 0xd9, 0x0e, 0xf3, 0x02, 0x6c, 0xa2, 0x2b, 0x7e, 0x6e, 0x6a},
+ {0xea, 0x29, 0xaf, 0xa4, 0x9d, 0x36, 0xe8, 0x76, 0x0f, 0x5f, 0xe1, 0x97,
+ 0x23, 0xb9, 0x81, 0x1e, 0xd5, 0xd5, 0x19, 0x93, 0x4a, 0x44, 0x0f, 0x50,
+ 0x81, 0xac, 0x43, 0x0b, 0x95, 0x3b, 0x0e, 0x21, 0x22, 0x25, 0x41, 0xaf,
+ 0x46, 0xb8, 0x65, 0x33, 0xc6, 0xb6, 0x8d, 0x2f, 0xf1, 0x08, 0xa7, 0xea},
+ false,
+ false},
+
+ // Comment:
+ {24,
+ {0x6b, 0x26, 0x04, 0x99, 0x6c, 0xd3, 0x0c, 0x14, 0xa1, 0x3a, 0x52,
+ 0x57, 0xed, 0x6c, 0xff, 0xd3, 0xbc, 0x5e, 0x29, 0xd6, 0xb9, 0x7e,
+ 0xb1, 0x79, 0x9e, 0xb3, 0x35, 0xe2, 0x81, 0xea, 0x45, 0x1e},
+ {0x23, 0x33, 0xe5, 0xce, 0x0f, 0x93, 0xb0, 0x59},
+ {0x27, 0xd8, 0x60, 0x63, 0x1b, 0x04, 0x85, 0xa4, 0x10, 0x70, 0x2f,
+ 0xea, 0x61, 0xbc, 0x87, 0x3f, 0x34, 0x42, 0x26, 0x0c, 0xad, 0xed,
+ 0x4a, 0xbd, 0xe2, 0x5b, 0x78, 0x6a, 0x2d, 0x97, 0xf1, 0x45},
+ {0x26, 0x28, 0x80, 0xd4, 0x75, 0xf3, 0xda, 0xc5, 0x34, 0x0d, 0xd1, 0xb8},
+ {0x6d, 0xad, 0x63, 0x78, 0x97, 0x54, 0x4d, 0x8b, 0xf6, 0xbe, 0x95, 0x07,
+ 0xed, 0x4d, 0x1b, 0xb2, 0xe9, 0x54, 0xbc, 0x42, 0x7e, 0x5d, 0xe7, 0x29,
+ 0xda, 0xf5, 0x07, 0x62, 0x84, 0x6f, 0xf2, 0xf4, 0x7b, 0x99, 0x7d, 0x93,
+ 0xc9, 0x82, 0x18, 0x9d, 0x70, 0x95, 0xdc, 0x79, 0x4c, 0x74, 0x62, 0x32},
+ false,
+ false},
+
+ // Comment:
+ {25,
+ {0x97, 0x3d, 0x0c, 0x75, 0x38, 0x26, 0xba, 0xe4, 0x66, 0xcf, 0x9a, 0xbb,
+ 0x34, 0x93, 0x15, 0x2e, 0x9d, 0xe7, 0x81, 0x9e, 0x2b, 0xd0, 0xc7, 0x11,
+ 0x71, 0x34, 0x6b, 0x4d, 0x2c, 0xeb, 0xf8, 0x04, 0x1a, 0xa3, 0xce, 0xdc,
+ 0x0d, 0xfd, 0x7b, 0x46, 0x7e, 0x26, 0x22, 0x8b, 0xc8, 0x6c, 0x9a},
+ {},
+ {0xcf, 0x0d, 0x40, 0xa4, 0x64, 0x4e, 0x5f, 0x51, 0x81, 0x51, 0x65,
+ 0xd5, 0x30, 0x1b, 0x22, 0x63, 0x1f, 0x45, 0x44, 0xc4, 0x9a, 0x18,
+ 0x78, 0xe3, 0xa0, 0xa5, 0xe8, 0xe1, 0xaa, 0xe0, 0xf2, 0x64},
+ {0xe7, 0x4a, 0x51, 0x5e, 0x7e, 0x21, 0x02, 0xb9, 0x0b, 0xef, 0x55, 0xd2},
+ {0xfb, 0xa7, 0x8a, 0xe4, 0xf9, 0xd8, 0x08, 0xa6, 0x2e, 0x3d, 0xa4,
+ 0x0b, 0xe2, 0xcb, 0x77, 0x00, 0xc3, 0x61, 0x3d, 0x9e, 0xb2, 0xc5,
+ 0x29, 0xc6, 0x52, 0xe7, 0x6a, 0x43, 0x2c, 0x65, 0x8d, 0x27, 0x09,
+ 0x5f, 0x0e, 0xb8, 0xf9, 0x40, 0xc3, 0x24, 0x98, 0x1e, 0xa9, 0x35,
+ 0xe5, 0x07, 0xf9, 0x8f, 0x04, 0x69, 0x56, 0xdb, 0x3a, 0x51, 0x29,
+ 0x08, 0xbd, 0x7a, 0xfc, 0x8f, 0x2a, 0xb0, 0xa9},
+ false,
+ false},
+
+ // Comment:
+ {26,
+ {0xa9, 0x89, 0x95, 0x50, 0x4d, 0xf1, 0x6f, 0x74, 0x8b, 0xfb, 0x77, 0x85,
+ 0xff, 0x91, 0xee, 0xb3, 0xb6, 0x60, 0xea, 0x9e, 0xd3, 0x45, 0x0c, 0x3d,
+ 0x5e, 0x7b, 0x0e, 0x79, 0xef, 0x65, 0x36, 0x59, 0xa9, 0x97, 0x8d, 0x75,
+ 0x54, 0x2e, 0xf9, 0x1c, 0x45, 0x67, 0x62, 0x21, 0x56, 0x40, 0xb9},
+ {0xb3, 0xe4, 0x06, 0x46, 0x83, 0xb0, 0x2d, 0x84},
+ {0x6c, 0xbf, 0xd7, 0x1c, 0x64, 0x5d, 0x18, 0x4c, 0xf5, 0xd2, 0x3c,
+ 0x40, 0x2b, 0xdb, 0x0d, 0x25, 0xec, 0x54, 0x89, 0x8c, 0x8a, 0x02,
+ 0x73, 0xd4, 0x2e, 0xb5, 0xbe, 0x10, 0x9f, 0xdc, 0xb2, 0xac},
+ {0xd4, 0xd8, 0x07, 0x34, 0x16, 0x83, 0x82, 0x5b, 0x31, 0xcd, 0x4d, 0x95},
+ {0xa1, 0xff, 0xed, 0x80, 0x76, 0x18, 0x29, 0xec, 0xce, 0x24, 0x2e,
+ 0x0e, 0x88, 0xb1, 0x38, 0x04, 0x90, 0x16, 0xbc, 0xa0, 0x18, 0xda,
+ 0x2b, 0x6e, 0x19, 0x98, 0x6b, 0x3e, 0x31, 0x8c, 0xae, 0x8d, 0x80,
+ 0x61, 0x98, 0xfb, 0x4c, 0x52, 0x7c, 0xc3, 0x93, 0x50, 0xeb, 0xdd,
+ 0xea, 0xc5, 0x73, 0xc4, 0xcb, 0xf0, 0xbe, 0xfd, 0xa0, 0xb7, 0x02,
+ 0x42, 0xc6, 0x40, 0xd7, 0xcd, 0x02, 0xd7, 0xa3},
+ false,
+ false},
+
+ // Comment:
+ {27,
+ {0xd0, 0x96, 0x80, 0x31, 0x81, 0xbe, 0xef, 0x9e, 0x00, 0x8f, 0xf8,
+ 0x5d, 0x5d, 0xdc, 0x38, 0xdd, 0xac, 0xf0, 0xf0, 0x9e, 0xe5, 0xf7,
+ 0xe0, 0x7f, 0x1e, 0x40, 0x79, 0xcb, 0x64, 0xd0, 0xdc, 0x8f, 0x5e,
+ 0x67, 0x11, 0xcd, 0x49, 0x21, 0xa7, 0x88, 0x7d, 0xe7, 0x6e, 0x26,
+ 0x78, 0xfd, 0xc6, 0x76, 0x18, 0xf1, 0x18, 0x55, 0x86, 0xbf, 0xea,
+ 0x9d, 0x4c, 0x68, 0x5d, 0x50, 0xe4, 0xbb, 0x9a, 0x82},
+ {},
+ {0x5b, 0x1d, 0x10, 0x35, 0xc0, 0xb1, 0x7e, 0xe0, 0xb0, 0x44, 0x47,
+ 0x67, 0xf8, 0x0a, 0x25, 0xb8, 0xc1, 0xb7, 0x41, 0xf4, 0xb5, 0x0a,
+ 0x4d, 0x30, 0x52, 0x22, 0x6b, 0xaa, 0x1c, 0x6f, 0xb7, 0x01},
+ {0xd6, 0x10, 0x40, 0xa3, 0x13, 0xed, 0x49, 0x28, 0x23, 0xcc, 0x06, 0x5b},
+ {0x9a, 0x4e, 0xf2, 0x2b, 0x18, 0x16, 0x77, 0xb5, 0x75, 0x5c, 0x08, 0xf7,
+ 0x47, 0xc0, 0xf8, 0xd8, 0xe8, 0xd4, 0xc1, 0x8a, 0x9c, 0xc2, 0x40, 0x5c,
+ 0x12, 0xbb, 0x51, 0xbb, 0x18, 0x72, 0xc8, 0xe8, 0xb8, 0x77, 0x67, 0x8b,
+ 0xec, 0x44, 0x2c, 0xfc, 0xbb, 0x0f, 0xf4, 0x64, 0xa6, 0x4b, 0x74, 0x33,
+ 0x2c, 0xf0, 0x72, 0x89, 0x8c, 0x7e, 0x0e, 0xdd, 0xf6, 0x23, 0x2e, 0xa6,
+ 0xe2, 0x7e, 0xfe, 0x50, 0x9f, 0xf3, 0x42, 0x7a, 0x0f, 0x32, 0xfa, 0x56,
+ 0x6d, 0x9c, 0xa0, 0xa7, 0x8a, 0xef, 0xc0, 0x13},
+ false,
+ false},
+
+ // Comment:
+ {28,
+ {0x94, 0xee, 0x16, 0x6d, 0x6d, 0x6e, 0xcf, 0x88, 0x32, 0x43, 0x71,
+ 0x36, 0xb4, 0xae, 0x80, 0x5d, 0x42, 0x88, 0x64, 0x35, 0x95, 0x86,
+ 0xd9, 0x19, 0x3a, 0x25, 0x01, 0x62, 0x93, 0xed, 0xba, 0x44, 0x3c,
+ 0x58, 0xe0, 0x7e, 0x7b, 0x71, 0x95, 0xec, 0x5b, 0xd8, 0x45, 0x82,
+ 0xa9, 0xd5, 0x6c, 0x8d, 0x4a, 0x10, 0x8c, 0x7d, 0x7c, 0xe3, 0x4e,
+ 0x6c, 0x6f, 0x8e, 0xa1, 0xbe, 0xc0, 0x56, 0x73, 0x17},
+ {0x71, 0x93, 0xf6, 0x23, 0x66, 0x33, 0x21, 0xa2},
+ {0x97, 0xd6, 0x35, 0xc4, 0xf4, 0x75, 0x74, 0xd9, 0x99, 0x8a, 0x90,
+ 0x87, 0x5d, 0xa1, 0xd3, 0xa2, 0x84, 0xb7, 0x55, 0xb2, 0xd3, 0x92,
+ 0x97, 0xa5, 0x72, 0x52, 0x35, 0x19, 0x0e, 0x10, 0xa9, 0x7e},
+ {0xd3, 0x1c, 0x21, 0xab, 0xa1, 0x75, 0xb7, 0x0d, 0xe4, 0xeb, 0xb1, 0x9c},
+ {0x5f, 0xbb, 0xde, 0xcc, 0x34, 0xbe, 0x20, 0x16, 0x14, 0xf6, 0x36, 0x03,
+ 0x1e, 0xeb, 0x42, 0xf1, 0xca, 0xce, 0x3c, 0x79, 0xa1, 0x2c, 0xff, 0xd8,
+ 0x71, 0xee, 0x8e, 0x73, 0x82, 0x0c, 0x82, 0x97, 0x49, 0xf1, 0xab, 0xb4,
+ 0x29, 0x43, 0x67, 0x84, 0x9f, 0xb6, 0xc2, 0xaa, 0x56, 0xbd, 0xa8, 0xa3,
+ 0x07, 0x8f, 0x72, 0x3d, 0x7c, 0x1c, 0x85, 0x20, 0x24, 0xb0, 0x17, 0xb5,
+ 0x89, 0x73, 0xfb, 0x1e, 0x09, 0x26, 0x3d, 0xa7, 0xb4, 0xcb, 0x92, 0x14,
+ 0x52, 0xf9, 0x7d, 0xca, 0x40, 0xf5, 0x80, 0xec},
+ false,
+ false},
+
+ // Comment:
+ {29,
+ {0xb4, 0x29, 0xeb, 0x80, 0xfb, 0x8f, 0xe8, 0xba, 0xed, 0xa0, 0xc8,
+ 0x5b, 0x9c, 0x33, 0x34, 0x58, 0xe7, 0xc2, 0x99, 0x2e, 0x55, 0x84,
+ 0x75, 0x06, 0x9d, 0x12, 0xd4, 0x5c, 0x22, 0x21, 0x75, 0x64, 0x12,
+ 0x15, 0x88, 0x03, 0x22, 0x97, 0xef, 0xf5, 0x67, 0x83, 0x74, 0x2a,
+ 0x5f, 0xc2, 0x2d, 0x74, 0x10, 0xff, 0xb2, 0x9d, 0x66, 0x09, 0x86,
+ 0x61, 0xd7, 0x6f, 0x12, 0x6c, 0x3c, 0x27, 0x68, 0x9e, 0x43, 0xb3,
+ 0x72, 0x67, 0xca, 0xc5, 0xa3, 0xa6, 0xd3, 0xab, 0x49, 0xe3, 0x91,
+ 0xda, 0x29, 0xcd, 0x30, 0x54, 0xa5, 0x69, 0x2e, 0x28, 0x07, 0xe4,
+ 0xc3, 0xea, 0x46, 0xc8, 0x76, 0x1d, 0x50, 0xf5, 0x92},
+ {},
+ {0xfe, 0x6e, 0x55, 0xbd, 0xae, 0xd1, 0xf7, 0x28, 0x4c, 0xa5, 0xfc,
+ 0x0f, 0x8c, 0x5f, 0x2b, 0x8d, 0xf5, 0x6d, 0xc0, 0xf4, 0x9e, 0x8c,
+ 0xa6, 0x6a, 0x41, 0x99, 0x5e, 0x78, 0x33, 0x51, 0xf9, 0x01},
+ {0x17, 0xc8, 0x6a, 0x8a, 0xbb, 0xb7, 0xe0, 0x03, 0xac, 0xde, 0x27, 0x99},
+ {0xd0, 0x10, 0x2f, 0x6c, 0x25, 0x8b, 0xf4, 0x97, 0x42, 0xce, 0xc3, 0x4c,
+ 0xf2, 0xd0, 0xfe, 0xdf, 0x23, 0xd1, 0x05, 0xfb, 0x4c, 0x84, 0xcf, 0x98,
+ 0x51, 0x5e, 0x1b, 0xc9, 0xa6, 0x4f, 0x8a, 0xd5, 0xbe, 0x8f, 0x07, 0x21,
+ 0xbd, 0xe5, 0x06, 0x45, 0xd0, 0x00, 0x83, 0xc3, 0xa2, 0x63, 0xa3, 0x10,
+ 0x53, 0xb7, 0x60, 0x24, 0x5f, 0x52, 0xae, 0x28, 0x66, 0xa5, 0xec, 0x83,
+ 0xb1, 0x9f, 0x61, 0xbe, 0x1d, 0x30, 0xd5, 0xc5, 0xd9, 0xfe, 0xcc, 0x4c,
+ 0xbb, 0xe0, 0x8f, 0xd3, 0x85, 0x81, 0x3a, 0x2a, 0xa3, 0x9a, 0x00, 0xff,
+ 0x9c, 0x10, 0xf7, 0xf2, 0x37, 0x02, 0xad, 0xd1, 0xe4, 0xb2, 0xff, 0xa3,
+ 0x1c, 0x41, 0x86, 0x5f, 0xc7, 0x1d, 0xe1, 0x2b, 0x19, 0x61, 0x21, 0x27,
+ 0xce, 0x49, 0x99, 0x3b, 0xb0},
+ false,
+ false},
+
+ // Comment:
+ {30,
+ {0xce, 0xb5, 0x34, 0xce, 0x50, 0xdc, 0x23, 0xff, 0x63, 0x8a, 0xce,
+ 0x3e, 0xf6, 0x3a, 0xb2, 0xcc, 0x29, 0x73, 0xee, 0xad, 0xa8, 0x07,
+ 0x85, 0xfc, 0x16, 0x5d, 0x06, 0xc2, 0xf5, 0x10, 0x0f, 0xf5, 0xe8,
+ 0xab, 0x28, 0x82, 0xc4, 0x75, 0xaf, 0xcd, 0x05, 0xcc, 0xd4, 0x9f,
+ 0x2e, 0x7d, 0x8f, 0x55, 0xef, 0x3a, 0x72, 0xe3, 0xdc, 0x51, 0xd6,
+ 0x85, 0x2b, 0x8e, 0x6b, 0x9e, 0x7a, 0xec, 0xe5, 0x7b, 0xe6, 0x55,
+ 0x6b, 0x0b, 0x6d, 0x94, 0x13, 0xe3, 0x3f, 0xc5, 0xfc, 0x24, 0xa9,
+ 0xa2, 0x05, 0xad, 0x59, 0x57, 0x4b, 0xb3, 0x9d, 0x94, 0x4a, 0x92,
+ 0xdc, 0x47, 0x97, 0x0d, 0x84, 0xa6, 0xad, 0x31, 0x76},
+ {0xa1, 0x1c, 0x40, 0xb6, 0x03, 0x76, 0x73, 0x30},
+ {0xaa, 0xbc, 0x06, 0x34, 0x74, 0xe6, 0x5c, 0x4c, 0x3e, 0x9b, 0xdc,
+ 0x48, 0x0d, 0xea, 0x97, 0xb4, 0x51, 0x10, 0xc8, 0x61, 0x88, 0x46,
+ 0xff, 0x6b, 0x15, 0xbd, 0xd2, 0xa4, 0xa5, 0x68, 0x2c, 0x4e},
+ {0x46, 0x36, 0x2f, 0x45, 0xd6, 0x37, 0x9e, 0x63, 0xe5, 0x22, 0x94, 0x60},
+ {0x75, 0x45, 0x39, 0x1b, 0x51, 0xde, 0x01, 0xd5, 0xc5, 0x3d, 0xfa, 0xca,
+ 0x77, 0x79, 0x09, 0x06, 0x3e, 0x58, 0xed, 0xee, 0x4b, 0xb1, 0x22, 0x7e,
+ 0x71, 0x10, 0xac, 0x4d, 0x26, 0x20, 0xc2, 0xae, 0xc2, 0xf8, 0x48, 0xf5,
+ 0x6d, 0xee, 0xb0, 0x37, 0xa8, 0xdc, 0xed, 0x75, 0xaf, 0xa8, 0xa6, 0xc8,
+ 0x90, 0xe2, 0xde, 0xe4, 0x2f, 0x95, 0x0b, 0xb3, 0x3d, 0x9e, 0x24, 0x24,
+ 0xd0, 0x8a, 0x50, 0x5d, 0x89, 0x95, 0x63, 0x97, 0x3e, 0xd3, 0x88, 0x70,
+ 0xf3, 0xde, 0x6e, 0xe2, 0xad, 0xc7, 0xfe, 0x07, 0x2c, 0x36, 0x6c, 0x14,
+ 0xe2, 0xcf, 0x7c, 0xa6, 0x2f, 0xb3, 0xd3, 0x6b, 0xee, 0x11, 0x68, 0x54,
+ 0x61, 0xb7, 0x0d, 0x44, 0xef, 0x8c, 0x66, 0xc5, 0xc7, 0xbb, 0xf1, 0x0d,
+ 0xca, 0xdd, 0x7f, 0xac, 0xf6},
+ false,
+ false},
+
+ // Comment:
+ {31,
+ {0xe5, 0xcc, 0xaa, 0x44, 0x1b, 0xc8, 0x14, 0x68, 0x8f, 0x8f, 0x6e, 0x8f,
+ 0x28, 0xb5, 0x00, 0xb2},
+ {0x02},
+ {0x7d, 0x00, 0xb4, 0x80, 0x95, 0xad, 0xfa, 0x32, 0x72, 0x05, 0x06,
+ 0x07, 0xb2, 0x64, 0x18, 0x50, 0x02, 0xba, 0x99, 0x95, 0x7c, 0x49,
+ 0x8b, 0xe0, 0x22, 0x77, 0x0f, 0x2c, 0xe2, 0xf3, 0x14, 0x3c},
+ {0x87, 0x34, 0x5f, 0x10, 0x55, 0xfd, 0x9e, 0x21, 0x02, 0xd5, 0x06, 0x56},
+ {0x7e, 0x72, 0xf5, 0xa1, 0x85, 0xaf, 0x16, 0xa6, 0x11, 0x92, 0x1b,
+ 0x43, 0x8f, 0x74, 0x9f, 0x0b, 0x12, 0x42, 0xc6, 0x70, 0x73, 0x23,
+ 0x34, 0x02, 0x9a, 0xdf, 0xe1, 0xc5, 0x00, 0x16, 0x51, 0xe4},
+ false,
+ false},
+
+ // Comment:
+ {32,
+ {0x02, 0xcd, 0xe1, 0x68, 0xfb, 0xa3, 0xf5, 0x44, 0xbb, 0xd0, 0x33, 0x2f,
+ 0x7a, 0xde, 0xad, 0xa8},
+ {0xb6, 0x48},
+ {0x64, 0x32, 0x71, 0x7f, 0x1d, 0xb8, 0x5e, 0x41, 0xac, 0x78, 0x36,
+ 0xbc, 0xe2, 0x51, 0x85, 0xa0, 0x80, 0xd5, 0x76, 0x2b, 0x9e, 0x2b,
+ 0x18, 0x44, 0x4b, 0x6e, 0xc7, 0x2c, 0x3b, 0xd8, 0xe4, 0xdc},
+ {0x87, 0xa3, 0x16, 0x3e, 0xc0, 0x59, 0x8a, 0xd9, 0x5b, 0x3a, 0xa7, 0x13},
+ {0x85, 0xf2, 0x9a, 0x71, 0x95, 0x57, 0xcd, 0xd1, 0x4d, 0x1f, 0x8f,
+ 0xff, 0xab, 0x6d, 0x9e, 0x60, 0x73, 0x2c, 0xa3, 0x2b, 0xec, 0xd5,
+ 0x15, 0xa1, 0xed, 0x35, 0x3f, 0x54, 0x2e, 0x99, 0x98, 0x58},
+ false,
+ false},
+
+ // Comment:
+ {33,
+ {0x16, 0xdd, 0xd2, 0x3f, 0xf5, 0x3f, 0x3d, 0x23, 0xc0, 0x63, 0x34, 0x48,
+ 0x70, 0x40, 0xeb, 0x47},
+ {0xbd, 0x4c, 0xd0, 0x2f, 0xc7, 0x50, 0x2b, 0xbd, 0xbd, 0xf6, 0xc9, 0xa3,
+ 0xcb, 0xe8, 0xf0},
+ {0x8e, 0x34, 0xcf, 0x73, 0xd2, 0x45, 0xa1, 0x08, 0x2a, 0x92, 0x0b,
+ 0x86, 0x36, 0x4e, 0xb8, 0x96, 0xc4, 0x94, 0x64, 0x67, 0xbc, 0xb3,
+ 0xd5, 0x89, 0x29, 0xfc, 0xb3, 0x66, 0x90, 0xe6, 0x39, 0x4f},
+ {0x6f, 0x57, 0x3a, 0xa8, 0x6b, 0xaa, 0x49, 0x2b, 0xa4, 0x65, 0x96, 0xdf},
+ {0xc1, 0xb2, 0x95, 0x93, 0x6d, 0x56, 0xfa, 0xda, 0xc0, 0x3e, 0x5f,
+ 0x74, 0x2b, 0xff, 0x73, 0xa1, 0x39, 0xc4, 0x57, 0xdb, 0xab, 0x66,
+ 0x38, 0x2b, 0xab, 0xb3, 0xb5, 0x58, 0x00, 0xcd, 0xa5, 0xb8},
+ false,
+ false},
+
+ // Comment:
+ {34,
+ {0x62, 0x3b, 0x78, 0x50, 0xc3, 0x21, 0xe2, 0xcf, 0x0c, 0x6f, 0xbc, 0xc8,
+ 0xdf, 0xd1, 0xaf, 0xf2},
+ {0x89, 0xcc, 0xe9, 0xfb, 0x47, 0x44, 0x1d, 0x07, 0xe0, 0x24, 0x5a, 0x66,
+ 0xfe, 0x8b, 0x77, 0x8b},
+ {0xcb, 0x55, 0x75, 0xf5, 0xc7, 0xc4, 0x5c, 0x91, 0xcf, 0x32, 0x0b,
+ 0x13, 0x9f, 0xb5, 0x94, 0x23, 0x75, 0x60, 0xd0, 0xa3, 0xe6, 0xf8,
+ 0x65, 0xa6, 0x7d, 0x4f, 0x63, 0x3f, 0x2c, 0x08, 0xf0, 0x16},
+ {0x1a, 0x65, 0x18, 0xf0, 0x2e, 0xde, 0x1d, 0xa6, 0x80, 0x92, 0x66, 0xd9},
+ {0xc8, 0x4c, 0x9b, 0xb7, 0xc6, 0x1c, 0x1b, 0xcb, 0x17, 0x77, 0x2a,
+ 0x1c, 0x50, 0x0c, 0x50, 0x95, 0xdb, 0xad, 0xf7, 0xa5, 0x13, 0x8c,
+ 0xa0, 0x34, 0x59, 0xa2, 0xcd, 0x65, 0x83, 0x1e, 0x09, 0x2f},
+ false,
+ false},
+
+ // Comment:
+ {35,
+ {0x87, 0xb3, 0xa4, 0xd7, 0xb2, 0x6d, 0x8d, 0x32, 0x03, 0xa0, 0xde, 0x1d,
+ 0x64, 0xef, 0x82, 0xe3},
+ {0xd1, 0x9f, 0x2d, 0x98, 0x90, 0x95, 0xf7, 0xab, 0x03, 0xa5, 0xfd, 0xe8,
+ 0x44, 0x16, 0xe0, 0x0c, 0x0e},
+ {0xa5, 0x56, 0x9e, 0x72, 0x9a, 0x69, 0xb2, 0x4b, 0xa6, 0xe0, 0xff,
+ 0x15, 0xc4, 0x62, 0x78, 0x97, 0x43, 0x68, 0x24, 0xc9, 0x41, 0xe9,
+ 0xd0, 0x0b, 0x2e, 0x93, 0xfd, 0xdc, 0x4b, 0xa7, 0x76, 0x57},
+ {0x56, 0x4d, 0xee, 0x49, 0xab, 0x00, 0xd2, 0x40, 0xfc, 0x10, 0x68, 0xc3},
+ {0x94, 0xbc, 0x80, 0x62, 0x1e, 0xd1, 0xe7, 0x1b, 0x1f, 0xd2, 0xb5,
+ 0xc3, 0xa1, 0x5e, 0x35, 0x68, 0x33, 0x35, 0x11, 0x86, 0x17, 0x96,
+ 0x97, 0x84, 0x01, 0x59, 0x8b, 0x96, 0x37, 0x22, 0xf5, 0xb3},
+ false,
+ false},
+
+ // Comment:
+ {36,
+ {0xe6, 0x01, 0xb3, 0x85, 0x57, 0x79, 0x7d, 0xa2, 0xf8, 0xa4, 0x10, 0x6a,
+ 0x08, 0x9d, 0x1d, 0xa6},
+ {0x5e, 0x64, 0x70, 0xfa, 0xcd, 0x99, 0xc1, 0xd8, 0x1e, 0x37,
+ 0xcd, 0x44, 0x01, 0x5f, 0xe1, 0x94, 0x80, 0xa2, 0xa4, 0xd3,
+ 0x35, 0x2a, 0x4f, 0xf5, 0x60, 0xc0, 0x64, 0x0f, 0xdb, 0xda},
+ {0x56, 0x20, 0x74, 0x65, 0xb4, 0xe4, 0x8e, 0x6d, 0x04, 0x63, 0x0f,
+ 0x4a, 0x42, 0xf3, 0x5c, 0xfc, 0x16, 0x3a, 0xb2, 0x89, 0xc2, 0x2a,
+ 0x2b, 0x47, 0x84, 0xf6, 0xf9, 0x29, 0x03, 0x30, 0xbe, 0xe0},
+ {0xdf, 0x87, 0x13, 0xe8, 0x7e, 0xc3, 0xdb, 0xcf, 0xad, 0x14, 0xd5, 0x3e},
+ {0x29, 0x9b, 0x5d, 0x3f, 0x3d, 0x03, 0xc0, 0x87, 0x20, 0x9a, 0x16,
+ 0xe2, 0x85, 0x14, 0x31, 0x11, 0x4b, 0x45, 0x4e, 0xd1, 0x98, 0xde,
+ 0x11, 0x7e, 0x83, 0xec, 0x49, 0xfa, 0x8d, 0x85, 0x08, 0xd6},
+ false,
+ false},
+
+ // Comment:
+ {37,
+ {0xdc, 0x9e, 0x9e, 0xaf, 0x11, 0xe3, 0x14, 0x18, 0x2d, 0xf6, 0xa4, 0xeb,
+ 0xa1, 0x7a, 0xec, 0x9c},
+ {0xba, 0x44, 0x6f, 0x6f, 0x9a, 0x0c, 0xed, 0x22, 0x45, 0x0f, 0xeb,
+ 0x10, 0x73, 0x7d, 0x90, 0x07, 0xfd, 0x69, 0xab, 0xc1, 0x9b, 0x1d,
+ 0x4d, 0x90, 0x49, 0xa5, 0x55, 0x1e, 0x86, 0xec, 0x2b, 0x37},
+ {0x39, 0x37, 0x98, 0x6a, 0xf8, 0x6d, 0xaf, 0xc1, 0xba, 0x0c, 0x46,
+ 0x72, 0xd8, 0xab, 0xc4, 0x6c, 0x20, 0x70, 0x62, 0x68, 0x2d, 0x9c,
+ 0x26, 0x4a, 0xb0, 0x6d, 0x6c, 0x58, 0x07, 0x20, 0x51, 0x30},
+ {0x8d, 0xf4, 0xb1, 0x5a, 0x88, 0x8c, 0x33, 0x28, 0x6a, 0x7b, 0x76, 0x51},
+ {0x60, 0x5b, 0xbf, 0x90, 0xae, 0xb9, 0x74, 0xf6, 0x60, 0x2b, 0xc7,
+ 0x78, 0x05, 0x6f, 0x0d, 0xca, 0x38, 0xea, 0x23, 0xd9, 0x90, 0x54,
+ 0xb4, 0x6b, 0x42, 0xff, 0xe0, 0x04, 0x12, 0x9d, 0x22, 0x04},
+ false,
+ false},
+
+ // Comment:
+ {38,
+ {0x81, 0xce, 0x84, 0xed, 0xe9, 0xb3, 0x58, 0x59, 0xcc, 0x8c, 0x49, 0xa8,
+ 0xf6, 0xbe, 0x7d, 0xc6},
+ {0xd4, 0x1a, 0x82, 0x8d, 0x5e, 0x71, 0x82, 0x92, 0x47, 0x02, 0x19,
+ 0x05, 0x40, 0x2e, 0xa2, 0x57, 0xdc, 0xcb, 0xc3, 0xb8, 0x0f, 0xcd,
+ 0x56, 0x75, 0x05, 0x6b, 0x68, 0xbb, 0x59, 0xe6, 0x2e, 0x88, 0x73},
+ {0x36, 0x37, 0x2a, 0xbc, 0xdb, 0x78, 0xe0, 0x27, 0x96, 0x46, 0xac,
+ 0x3d, 0x17, 0x6b, 0x96, 0x74, 0xe9, 0x15, 0x4e, 0xec, 0xf0, 0xd5,
+ 0x46, 0x9c, 0x65, 0x1e, 0xc7, 0xe1, 0x6b, 0x4c, 0x11, 0x99},
+ {0xbe, 0x40, 0xe5, 0xf1, 0xa1, 0x18, 0x17, 0xa0, 0xa8, 0xfa, 0x89, 0x49},
+ {0x7b, 0x7c, 0xe0, 0xd8, 0x24, 0x80, 0x9a, 0x70, 0xde, 0x32, 0x56,
+ 0x2c, 0xcf, 0x2c, 0x2b, 0xbd, 0x15, 0xd4, 0x4a, 0x00, 0xce, 0x0d,
+ 0x19, 0xb4, 0x23, 0x1f, 0x92, 0x1e, 0x22, 0xbc, 0x0a, 0x43},
+ false,
+ false},
+
+ // Comment:
+ {39,
+ {0xa6, 0x67, 0x47, 0xc8, 0x9e, 0x85, 0x7a, 0xf3, 0xa1, 0x8e, 0x2c, 0x79,
+ 0x50, 0x00, 0x87, 0xed},
+ {0x3f, 0x2d, 0xd4, 0x9b, 0xbf, 0x09, 0xd6, 0x9a, 0x78, 0xa3, 0xd8, 0x0e,
+ 0xa2, 0x56, 0x66, 0x14, 0xfc, 0x37, 0x94, 0x74, 0x19, 0x6c, 0x1a, 0xae,
+ 0x84, 0x58, 0x3d, 0xa7, 0x3d, 0x7f, 0xf8, 0x5c, 0x6f, 0x42, 0xca, 0x42,
+ 0x05, 0x6a, 0x97, 0x92, 0xcc, 0x1b, 0x9f, 0xb3, 0xc7, 0xd2, 0x61},
+ {0x9f, 0x14, 0x79, 0xed, 0x09, 0x7d, 0x7f, 0xe5, 0x29, 0xc1, 0x1f,
+ 0x2f, 0x5a, 0xdd, 0x9a, 0xaf, 0xf4, 0xa1, 0xca, 0x0b, 0x68, 0x99,
+ 0x7a, 0x2c, 0xb7, 0xf7, 0x97, 0x49, 0xbd, 0x90, 0xaa, 0xf4},
+ {0x84, 0xc8, 0x7d, 0xae, 0x4e, 0xee, 0x27, 0x73, 0x0e, 0xc3, 0x5d, 0x12},
+ {0xca, 0x82, 0xbf, 0xf3, 0xe2, 0xf3, 0x10, 0xcc, 0xc9, 0x76, 0x67,
+ 0x2c, 0x44, 0x15, 0xe6, 0x9b, 0x57, 0x63, 0x8c, 0x62, 0xa5, 0xd8,
+ 0x5d, 0xed, 0x77, 0x4f, 0x91, 0x3c, 0x81, 0x3e, 0xa0, 0x32},
+ false,
+ false},
+
+ // Comment:
+ {40,
+ {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04,
+ 0x84, 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb,
+ 0x3b, 0x7b, 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe6, 0xd3, 0xd7, 0x32,
+ 0x4a, 0x1c, 0xbb, 0xa7, 0x77, 0xbb, 0xb0, 0xec, 0xdd, 0xa3, 0x78, 0x07},
+ false,
+ false},
+
+ // Comment:
+ {41,
+ {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04,
+ 0x84, 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb,
+ 0x3b, 0x7b, 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe, 0xe3,
+ 0xbc, 0xdb, 0x5b, 0x1e, 0xde, 0xfc, 0xfe, 0x8b, 0xcd, 0xa1, 0xb6,
+ 0xa1, 0x5c, 0x8c, 0x2b, 0x08, 0x69, 0xff, 0xd2, 0xec, 0x5e, 0x26,
+ 0xe5, 0x53, 0xb7, 0xb2, 0x27, 0xfe, 0x87, 0xfd, 0xbd},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x06, 0x2d, 0xe6, 0x79, 0x5f, 0x27, 0x4f, 0xd2,
+ 0xa3, 0x05, 0xd7, 0x69, 0x80, 0xbc, 0x9c, 0xce},
+ false,
+ false},
+
+ // Comment:
+ {42,
+ {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04, 0x84,
+ 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb, 0x3b, 0x7b,
+ 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe, 0xe3, 0xbc, 0xdb, 0x5b,
+ 0x1e, 0xde, 0xfc, 0xfe, 0x8b, 0xcd, 0xa1, 0xb6, 0xa1, 0x5c, 0x8c, 0x2b,
+ 0x08, 0x69, 0xff, 0xd2, 0xec, 0x5e, 0x26, 0xe5, 0x53, 0xb7, 0xb2, 0x27,
+ 0xfe, 0x87, 0xfd, 0xbd, 0x7a, 0xda, 0x44, 0x42, 0x42, 0x69, 0xbf, 0xfa,
+ 0x55, 0x27, 0xf2, 0x70, 0xac, 0xf6, 0x85, 0x02, 0xb7, 0x4c, 0x5a, 0xe2,
+ 0xe6, 0x0c, 0x05, 0x80, 0x98, 0x1a, 0x49, 0x38, 0x45, 0x93, 0x92, 0xc4,
+ 0x9b, 0xb2, 0xf2, 0x84, 0xb6, 0x46, 0xef, 0xc7, 0xf3, 0xf0, 0xb1, 0x36,
+ 0x1d, 0xc3, 0x48, 0xed, 0x77, 0xd3, 0x0b, 0xc5, 0x76, 0x92, 0xed, 0x38,
+ 0xfb, 0xac, 0x01, 0x88, 0x38, 0x04, 0x88, 0xc7},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd8, 0xb4, 0x79, 0x02,
+ 0xba, 0xae, 0xaf, 0xb3, 0x42, 0x03, 0x05, 0x15, 0x29, 0xaf, 0x28, 0x2e},
+ false,
+ false},
+
+ // Comment:
+ {43,
+ {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb,
+ 0x7b, 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04,
+ 0xc4, 0x84, 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xb3, 0x89, 0x1c, 0x84,
+ 0x9c, 0xb5, 0x2c, 0x27, 0x74, 0x7e, 0xdf, 0xcf, 0x31, 0x21, 0x3b, 0xb6},
+ false,
+ false},
+
+ // Comment:
+ {44,
+ {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb,
+ 0x7b, 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04,
+ 0xc4, 0x84, 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41, 0x1c,
+ 0x43, 0x24, 0xa4, 0xe1, 0x21, 0x03, 0x01, 0x74, 0x32, 0x5e, 0x49,
+ 0x5e, 0xa3, 0x73, 0xd4, 0xf7, 0x96, 0x00, 0x2d, 0x13, 0xa1, 0xd9,
+ 0x1a, 0xac, 0x48, 0x4d, 0xd8, 0x01, 0x78, 0x02, 0x42},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf0, 0xc1, 0x2d, 0x26, 0xef, 0x03, 0x02, 0x9b,
+ 0x62, 0xc0, 0x08, 0xda, 0x27, 0xc5, 0xdc, 0x68},
+ false,
+ false},
+
+ // Comment:
+ {45,
+ {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb, 0x7b,
+ 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04, 0xc4, 0x84,
+ 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41, 0x1c, 0x43, 0x24, 0xa4,
+ 0xe1, 0x21, 0x03, 0x01, 0x74, 0x32, 0x5e, 0x49, 0x5e, 0xa3, 0x73, 0xd4,
+ 0xf7, 0x96, 0x00, 0x2d, 0x13, 0xa1, 0xd9, 0x1a, 0xac, 0x48, 0x4d, 0xd8,
+ 0x01, 0x78, 0x02, 0x42, 0x85, 0x25, 0xbb, 0xbd, 0xbd, 0x96, 0x40, 0x05,
+ 0xaa, 0xd8, 0x0d, 0x8f, 0x53, 0x09, 0x7a, 0xfd, 0x48, 0xb3, 0xa5, 0x1d,
+ 0x19, 0xf3, 0xfa, 0x7f, 0x67, 0xe5, 0xb6, 0xc7, 0xba, 0x6c, 0x6d, 0x3b,
+ 0x64, 0x4d, 0x0d, 0x7b, 0x49, 0xb9, 0x10, 0x38, 0x0c, 0x0f, 0x4e, 0xc9,
+ 0xe2, 0x3c, 0xb7, 0x12, 0x88, 0x2c, 0xf4, 0x3a, 0x89, 0x6d, 0x12, 0xc7,
+ 0x04, 0x53, 0xfe, 0x77, 0xc7, 0xfb, 0x77, 0x38},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xee, 0x65, 0x78, 0x30,
+ 0x01, 0xc2, 0x56, 0x91, 0xfa, 0x28, 0xd0, 0xf5, 0xf1, 0xc1, 0xd7, 0x62},
+ false,
+ false},
+
+ // Comment:
+ {46,
+ {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04,
+ 0x04, 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb,
+ 0x3b, 0xfb, 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x79, 0xba, 0x7a, 0x29,
+ 0xf5, 0xa7, 0xbb, 0x75, 0x79, 0x7a, 0xf8, 0x7a, 0x61, 0x01, 0x29, 0xa4},
+ false,
+ false},
+
+ // Comment:
+ {47,
+ {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04,
+ 0x04, 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb,
+ 0x3b, 0xfb, 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e, 0xe3,
+ 0xbc, 0xdb, 0xdb, 0x1e, 0xde, 0xfc, 0x7e, 0x8b, 0xcd, 0xa1, 0x36,
+ 0xa1, 0x5c, 0x8c, 0xab, 0x08, 0x69, 0xff, 0x52, 0xec, 0x5e, 0x26,
+ 0x65, 0x53, 0xb7, 0xb2, 0xa7, 0xfe, 0x87, 0xfd, 0x3d},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x36, 0xb1, 0x74, 0x38, 0x19, 0xe1, 0xb9, 0xba,
+ 0x15, 0x51, 0xe8, 0xed, 0x92, 0x2a, 0x95, 0x9a},
+ false,
+ false},
+
+ // Comment:
+ {48,
+ {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04, 0x04,
+ 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb, 0x3b, 0xfb,
+ 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e, 0xe3, 0xbc, 0xdb, 0xdb,
+ 0x1e, 0xde, 0xfc, 0x7e, 0x8b, 0xcd, 0xa1, 0x36, 0xa1, 0x5c, 0x8c, 0xab,
+ 0x08, 0x69, 0xff, 0x52, 0xec, 0x5e, 0x26, 0x65, 0x53, 0xb7, 0xb2, 0xa7,
+ 0xfe, 0x87, 0xfd, 0x3d, 0x7a, 0xda, 0x44, 0xc2, 0x42, 0x69, 0xbf, 0x7a,
+ 0x55, 0x27, 0xf2, 0xf0, 0xac, 0xf6, 0x85, 0x82, 0xb7, 0x4c, 0x5a, 0x62,
+ 0xe6, 0x0c, 0x05, 0x00, 0x98, 0x1a, 0x49, 0xb8, 0x45, 0x93, 0x92, 0x44,
+ 0x9b, 0xb2, 0xf2, 0x04, 0xb6, 0x46, 0xef, 0x47, 0xf3, 0xf0, 0xb1, 0xb6,
+ 0x1d, 0xc3, 0x48, 0x6d, 0x77, 0xd3, 0x0b, 0x45, 0x76, 0x92, 0xed, 0xb8,
+ 0xfb, 0xac, 0x01, 0x08, 0x38, 0x04, 0x88, 0x47},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0xfe, 0xac, 0x49, 0x55,
+ 0x55, 0x4e, 0x80, 0x6f, 0x3a, 0x19, 0x02, 0xe2, 0x44, 0x32, 0xc0, 0x8a},
+ false,
+ false},
+
+ // Comment:
+ {49,
+ {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb,
+ 0xfb, 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04,
+ 0xc4, 0x04, 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0x20, 0xa3, 0x79, 0x8d,
+ 0xf1, 0x29, 0x2c, 0x59, 0x72, 0xbf, 0x97, 0x41, 0xae, 0xc3, 0x8a, 0x19},
+ false,
+ false},
+
+ // Comment:
+ {50,
+ {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb,
+ 0xfb, 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04,
+ 0xc4, 0x04, 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1, 0x1c,
+ 0x43, 0x24, 0x24, 0xe1, 0x21, 0x03, 0x81, 0x74, 0x32, 0x5e, 0xc9,
+ 0x5e, 0xa3, 0x73, 0x54, 0xf7, 0x96, 0x00, 0xad, 0x13, 0xa1, 0xd9,
+ 0x9a, 0xac, 0x48, 0x4d, 0x58, 0x01, 0x78, 0x02, 0xc2},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3d, 0x9f, 0x67, 0x35, 0x4a, 0x97, 0xb2,
+ 0xf0, 0x74, 0xf7, 0x55, 0x15, 0x57, 0xe4, 0x9c},
+ false,
+ false},
+
+ // Comment:
+ {51,
+ {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb, 0xfb,
+ 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04, 0xc4, 0x04,
+ 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1, 0x1c, 0x43, 0x24, 0x24,
+ 0xe1, 0x21, 0x03, 0x81, 0x74, 0x32, 0x5e, 0xc9, 0x5e, 0xa3, 0x73, 0x54,
+ 0xf7, 0x96, 0x00, 0xad, 0x13, 0xa1, 0xd9, 0x9a, 0xac, 0x48, 0x4d, 0x58,
+ 0x01, 0x78, 0x02, 0xc2, 0x85, 0x25, 0xbb, 0x3d, 0xbd, 0x96, 0x40, 0x85,
+ 0xaa, 0xd8, 0x0d, 0x0f, 0x53, 0x09, 0x7a, 0x7d, 0x48, 0xb3, 0xa5, 0x9d,
+ 0x19, 0xf3, 0xfa, 0xff, 0x67, 0xe5, 0xb6, 0x47, 0xba, 0x6c, 0x6d, 0xbb,
+ 0x64, 0x4d, 0x0d, 0xfb, 0x49, 0xb9, 0x10, 0xb8, 0x0c, 0x0f, 0x4e, 0x49,
+ 0xe2, 0x3c, 0xb7, 0x92, 0x88, 0x2c, 0xf4, 0xba, 0x89, 0x6d, 0x12, 0x47,
+ 0x04, 0x53, 0xfe, 0xf7, 0xc7, 0xfb, 0x77, 0xb8},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xc8, 0x6d, 0xa8, 0xdd,
+ 0x65, 0x22, 0x86, 0xd5, 0x02, 0x13, 0xd3, 0x28, 0xd6, 0x3e, 0x40, 0x06},
+ false,
+ false},
+
+ // Comment:
+ {52,
+ {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb,
+ 0x7b, 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04,
+ 0xc4, 0x84, 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xbe, 0xde, 0x90, 0x83,
+ 0xce, 0xb3, 0x6d, 0xdf, 0xe5, 0xfa, 0x81, 0x1f, 0x95, 0x47, 0x1c, 0x67},
+ false,
+ false},
+
+ // Comment:
+ {53,
+ {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb,
+ 0x7b, 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04,
+ 0xc4, 0x84, 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41, 0x9c,
+ 0x43, 0x24, 0xa4, 0x61, 0x21, 0x03, 0x01, 0xf4, 0x32, 0x5e, 0x49,
+ 0xde, 0xa3, 0x73, 0xd4, 0x77, 0x96, 0x00, 0x2d, 0x93, 0xa1, 0xd9,
+ 0x1a, 0x2c, 0x48, 0x4d, 0xd8, 0x81, 0x78, 0x02, 0x42},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x30, 0x08, 0x74, 0xbb, 0x06, 0x92, 0xb6, 0x89,
+ 0xde, 0xad, 0x9a, 0xe1, 0x5b, 0x06, 0x73, 0x90},
+ false,
+ false},
+
+ // Comment:
+ {54,
+ {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb, 0x7b,
+ 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04, 0xc4, 0x84,
+ 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41, 0x9c, 0x43, 0x24, 0xa4,
+ 0x61, 0x21, 0x03, 0x01, 0xf4, 0x32, 0x5e, 0x49, 0xde, 0xa3, 0x73, 0xd4,
+ 0x77, 0x96, 0x00, 0x2d, 0x93, 0xa1, 0xd9, 0x1a, 0x2c, 0x48, 0x4d, 0xd8,
+ 0x81, 0x78, 0x02, 0x42, 0x05, 0x25, 0xbb, 0xbd, 0x3d, 0x96, 0x40, 0x05,
+ 0x2a, 0xd8, 0x0d, 0x8f, 0xd3, 0x09, 0x7a, 0xfd, 0xc8, 0xb3, 0xa5, 0x1d,
+ 0x99, 0xf3, 0xfa, 0x7f, 0xe7, 0xe5, 0xb6, 0xc7, 0x3a, 0x6c, 0x6d, 0x3b,
+ 0xe4, 0x4d, 0x0d, 0x7b, 0xc9, 0xb9, 0x10, 0x38, 0x8c, 0x0f, 0x4e, 0xc9,
+ 0x62, 0x3c, 0xb7, 0x12, 0x08, 0x2c, 0xf4, 0x3a, 0x09, 0x6d, 0x12, 0xc7,
+ 0x84, 0x53, 0xfe, 0x77, 0x47, 0xfb, 0x77, 0x38},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff,
+ 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x99, 0xca, 0xd8, 0x5f,
+ 0x45, 0xca, 0x40, 0x94, 0x2d, 0x0d, 0x4d, 0x5e, 0x95, 0x0a, 0xde, 0x22},
+ false,
+ false},
+
+ // Comment:
+ {55,
+ {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04,
+ 0x84, 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04,
+ 0xc4, 0x84, 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x8b, 0xbe, 0x14, 0x52,
+ 0x72, 0xe7, 0xc2, 0xd9, 0xa1, 0x89, 0x1a, 0x3a, 0xb0, 0x98, 0x3d, 0x9d},
+ false,
+ false},
+
+ // Comment:
+ {56,
+ {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04,
+ 0x84, 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04,
+ 0xc4, 0x84, 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41, 0xe3,
+ 0xbc, 0xdb, 0x5b, 0xe1, 0x21, 0x03, 0x01, 0x8b, 0xcd, 0xa1, 0xb6,
+ 0x5e, 0xa3, 0x73, 0xd4, 0x08, 0x69, 0xff, 0xd2, 0x13, 0xa1, 0xd9,
+ 0x1a, 0x53, 0xb7, 0xb2, 0x27, 0x01, 0x78, 0x02, 0x42},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x3b, 0x41, 0x86, 0x19, 0x13, 0xa8, 0xf6, 0xde,
+ 0x7f, 0x61, 0xe2, 0x25, 0x63, 0x1b, 0xc3, 0x82},
+ false,
+ false},
+
+ // Comment:
+ {57,
+ {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04, 0x84,
+ 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04, 0xc4, 0x84,
+ 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41, 0xe3, 0xbc, 0xdb, 0x5b,
+ 0xe1, 0x21, 0x03, 0x01, 0x8b, 0xcd, 0xa1, 0xb6, 0x5e, 0xa3, 0x73, 0xd4,
+ 0x08, 0x69, 0xff, 0xd2, 0x13, 0xa1, 0xd9, 0x1a, 0x53, 0xb7, 0xb2, 0x27,
+ 0x01, 0x78, 0x02, 0x42, 0x7a, 0xda, 0x44, 0x42, 0xbd, 0x96, 0x40, 0x05,
+ 0x55, 0x27, 0xf2, 0x70, 0x53, 0x09, 0x7a, 0xfd, 0xb7, 0x4c, 0x5a, 0xe2,
+ 0x19, 0xf3, 0xfa, 0x7f, 0x98, 0x1a, 0x49, 0x38, 0xba, 0x6c, 0x6d, 0x3b,
+ 0x9b, 0xb2, 0xf2, 0x84, 0x49, 0xb9, 0x10, 0x38, 0xf3, 0xf0, 0xb1, 0x36,
+ 0xe2, 0x3c, 0xb7, 0x12, 0x77, 0xd3, 0x0b, 0xc5, 0x89, 0x6d, 0x12, 0xc7,
+ 0xfb, 0xac, 0x01, 0x88, 0xc7, 0xfb, 0x77, 0x38},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x84, 0x28, 0xbc, 0xf0,
+ 0x23, 0xec, 0x6b, 0xf3, 0x1f, 0xd9, 0xef, 0xb2, 0x03, 0xff, 0x08, 0x71},
+ false,
+ false},
+
+ // Comment:
+ {58,
+ {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb,
+ 0x7b, 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb,
+ 0x3b, 0x7b, 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x13, 0x9f, 0xdf, 0x64,
+ 0x74, 0xea, 0x24, 0xf5, 0x49, 0xb0, 0x75, 0x82, 0x5f, 0x2c, 0x76, 0x20},
+ false,
+ false},
+
+ // Comment:
+ {59,
+ {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb,
+ 0x7b, 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb,
+ 0x3b, 0x7b, 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe, 0x1c,
+ 0x43, 0x24, 0xa4, 0x1e, 0xde, 0xfc, 0xfe, 0x74, 0x32, 0x5e, 0x49,
+ 0xa1, 0x5c, 0x8c, 0x2b, 0xf7, 0x96, 0x00, 0x2d, 0xec, 0x5e, 0x26,
+ 0xe5, 0xac, 0x48, 0x4d, 0xd8, 0xfe, 0x87, 0xfd, 0xbd},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xbb, 0xad, 0x8d, 0x86, 0x3b, 0x83, 0x5a, 0x8e,
+ 0x86, 0x64, 0xfd, 0x1d, 0x45, 0x66, 0xb6, 0xb4},
+ false,
+ false},
+
+ // Comment:
+ {60,
+ {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb, 0x7b,
+ 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb, 0x3b, 0x7b,
+ 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe, 0x1c, 0x43, 0x24, 0xa4,
+ 0x1e, 0xde, 0xfc, 0xfe, 0x74, 0x32, 0x5e, 0x49, 0xa1, 0x5c, 0x8c, 0x2b,
+ 0xf7, 0x96, 0x00, 0x2d, 0xec, 0x5e, 0x26, 0xe5, 0xac, 0x48, 0x4d, 0xd8,
+ 0xfe, 0x87, 0xfd, 0xbd, 0x85, 0x25, 0xbb, 0xbd, 0x42, 0x69, 0xbf, 0xfa,
+ 0xaa, 0xd8, 0x0d, 0x8f, 0xac, 0xf6, 0x85, 0x02, 0x48, 0xb3, 0xa5, 0x1d,
+ 0xe6, 0x0c, 0x05, 0x80, 0x67, 0xe5, 0xb6, 0xc7, 0x45, 0x93, 0x92, 0xc4,
+ 0x64, 0x4d, 0x0d, 0x7b, 0xb6, 0x46, 0xef, 0xc7, 0x0c, 0x0f, 0x4e, 0xc9,
+ 0x1d, 0xc3, 0x48, 0xed, 0x88, 0x2c, 0xf4, 0x3a, 0x76, 0x92, 0xed, 0x38,
+ 0x04, 0x53, 0xfe, 0x77, 0x38, 0x04, 0x88, 0xc7},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x42, 0xf2, 0x35, 0x42,
+ 0x97, 0x84, 0x9a, 0x51, 0x1d, 0x53, 0xe5, 0x57, 0x17, 0x72, 0xf7, 0x1f},
+ false,
+ false},
+
+ // Comment: Flipped bit 0 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {61,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa2, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 1 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {62,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa1, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 7 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {63,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x23, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 8 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {64,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe2, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 31 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {65,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0x79, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 32 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {66,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfa, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 33 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {67,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xf9, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 63 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {68,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 64 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {69,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5b, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 77 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {70,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xf2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 80 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {71,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x61, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 96 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {72,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x41, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 97 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {73,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x42, 0xb7, 0xf4, 0x47},
+ true,
+ false},
+
+ // Comment: Flipped bit 120 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {74,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x46},
+ true,
+ false},
+
+ // Comment: Flipped bit 121 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {75,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x45},
+ true,
+ false},
+
+ // Comment: Flipped bit 126 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {76,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0x07},
+ true,
+ false},
+
+ // Comment: Flipped bit 127 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {77,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0xc7},
+ true,
+ false},
+
+ // Comment: Flipped bit 63 and 127 in tag expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {78,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f,
+ 0x40, 0xb7, 0xf4, 0xc7},
+ true,
+ false},
+
+ // Comment: Tag changed to all zero expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {79,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ true,
+ false},
+
+ // Comment: tag change to all 1 expected
+ // tag:a3e3fdf9fba6861b5ad2607f40b7f447
+ {80,
+ {},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff},
+ true,
+ false},
+
+ // Comment: Flipped bit 0 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {81,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x26, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 1 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {82,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x25, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 7 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {83,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0xa7, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 8 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {84,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xdb, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 31 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {85,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0xcf, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 32 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {86,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x16, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 33 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {87,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x15, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 63 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {88,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0x32, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 64 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {89,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x39, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 77 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {90,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x64, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 80 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {91,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa4, 0x49, 0x0b, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 96 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {92,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0a, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 97 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {93,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x09, 0xfc, 0x40, 0x01},
+ true,
+ false},
+
+ // Comment: Flipped bit 120 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {94,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x00},
+ true,
+ false},
+
+ // Comment: Flipped bit 121 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {95,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x03},
+ true,
+ false},
+
+ // Comment: Flipped bit 126 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {96,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x41},
+ true,
+ false},
+
+ // Comment: Flipped bit 127 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {97,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x81},
+ true,
+ false},
+
+ // Comment: Flipped bit 63 and 127 in tag expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {98,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7,
+ 0xf1, 0x32, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x81},
+ true,
+ false},
+
+ // Comment: Tag changed to all zero expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {99,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ true,
+ false},
+
+ // Comment: tag change to all 1 expected
+ // tag:27da374f17b7f1b23844a5490bfc4001
+ {100,
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00},
+ {0x61, 0x61, 0x64},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e,
+ 0x1d, 0x88, 0xbe, 0xad, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ true,
+ false},
+
+ // Comment: checking for int overflows
+ {101,
+ {0xd4, 0x50, 0x0b, 0xf0, 0x09, 0x49, 0x35, 0x51, 0xc3, 0x80, 0xad, 0xf5,
+ 0x2c, 0x57, 0x3a, 0x69, 0xdf, 0x7e, 0x8b, 0x76, 0x24, 0x63, 0x33, 0x0f,
+ 0xac, 0xc1, 0x6a, 0x57, 0x26, 0xbe, 0x71, 0x90, 0xc6, 0x3c, 0x5a, 0x1c,
+ 0x92, 0x65, 0x84, 0xa0, 0x96, 0x75, 0x68, 0x28, 0xdc, 0xdc, 0x64, 0xac,
+ 0xdf, 0x96, 0x3d, 0x93, 0x1b, 0xf1, 0xda, 0xe2, 0x38, 0xf3, 0xf1, 0x57,
+ 0x22, 0x4a, 0xc4, 0xb5, 0x42, 0xd7, 0x85, 0xb0, 0xdd, 0x84, 0xdb, 0x6b,
+ 0xe3, 0xbc, 0x5a, 0x36, 0x63, 0xe8, 0x41, 0x49, 0xff, 0xbe, 0xd0, 0x9e,
+ 0x54, 0xf7, 0x8f, 0x16, 0xa8, 0x22, 0x3b, 0x24, 0xcb, 0x01, 0x9f, 0x58,
+ 0xb2, 0x1b, 0x0e, 0x55, 0x1e, 0x7a, 0xa0, 0x73, 0x27, 0x62, 0x95, 0x51,
+ 0x37, 0x6c, 0xcb, 0xc3, 0x93, 0x76, 0x71, 0xa0, 0x62, 0x9b, 0xd9, 0x5c,
+ 0x99, 0x15, 0xc7, 0x85, 0x55, 0x77, 0x1e, 0x7a},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x02, 0x50, 0x6e},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0b, 0x30, 0x0d, 0x8d,
+ 0xa5, 0x6c, 0x21, 0x85, 0x75, 0x52, 0x79, 0x55, 0x3c, 0x4c, 0x82, 0xca},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {102,
+ {0x7d, 0xe8, 0x7f, 0x67, 0x29, 0x94, 0x52, 0x75, 0xd0, 0x65, 0x5d, 0xa4,
+ 0xc7, 0xfd, 0xe4, 0x56, 0x9e, 0x16, 0xf1, 0x11, 0xb5, 0xeb, 0x26, 0xc2,
+ 0x2d, 0x85, 0x9e, 0x3f, 0xf8, 0x22, 0xec, 0xed, 0x3a, 0x6d, 0xd9, 0xa6,
+ 0x0f, 0x22, 0x95, 0x7f, 0x7b, 0x7c, 0x85, 0x7e, 0x88, 0x22, 0xeb, 0x9f,
+ 0xe0, 0xb8, 0xd7, 0x02, 0x21, 0x41, 0xf2, 0xd0, 0xb4, 0x8f, 0x4b, 0x56,
+ 0x12, 0xd3, 0x22, 0xa8, 0x8d, 0xd0, 0xfe, 0x0b, 0x4d, 0x91, 0x79, 0x32,
+ 0x4f, 0x7c, 0x6c, 0x9e, 0x99, 0x0e, 0xfb, 0xd8, 0x0e, 0x5e, 0xd6, 0x77,
+ 0x58, 0x26, 0x49, 0x8b, 0x1e, 0xfe, 0x0f, 0x71, 0xa0, 0xf3, 0xec, 0x5b,
+ 0x29, 0xcb, 0x28, 0xc2, 0x54, 0x0a, 0x7d, 0xcd, 0x51, 0xb7, 0xda, 0xae,
+ 0xe0, 0xff, 0x4a, 0x7f, 0x3a, 0xc1, 0xee, 0x54, 0xc2, 0x9e, 0xe4, 0xc1,
+ 0x70, 0xde, 0x40, 0x8f, 0x66, 0x69, 0x21, 0x94},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x03, 0x18, 0xa5},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc5, 0x78, 0xe2, 0xaa,
+ 0x44, 0xd3, 0x09, 0xb7, 0xb6, 0xa5, 0x19, 0x3b, 0xdc, 0x61, 0x18, 0xf5},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {103,
+ {0x1b, 0x99, 0x6f, 0x9a, 0x3c, 0xcc, 0x67, 0x85, 0xde, 0x22, 0xff, 0x5b,
+ 0x8a, 0xdd, 0x95, 0x02, 0xce, 0x03, 0xa0, 0xfa, 0xf5, 0x99, 0x2a, 0x09,
+ 0x52, 0x2c, 0xdd, 0x12, 0x06, 0xd2, 0x20, 0xb8, 0xf8, 0xbd, 0x07, 0xd1,
+ 0xf1, 0xf5, 0xa1, 0xbd, 0x9a, 0x71, 0xd1, 0x1c, 0x7f, 0x57, 0x9b, 0x85,
+ 0x58, 0x18, 0xc0, 0x8d, 0x4d, 0xe0, 0x36, 0x39, 0x31, 0x83, 0xb7, 0xf5,
+ 0x90, 0xb3, 0x35, 0xae, 0xd8, 0xde, 0x5b, 0x57, 0xb1, 0x3c, 0x5f, 0xed,
+ 0xe2, 0x44, 0x1c, 0x3e, 0x18, 0x4a, 0xa9, 0xd4, 0x6e, 0x61, 0x59, 0x85,
+ 0x06, 0xb3, 0xe1, 0x1c, 0x43, 0xc6, 0x2c, 0xbc, 0xac, 0xec, 0xed, 0x33,
+ 0x19, 0x08, 0x75, 0xb0, 0x12, 0x21, 0x8b, 0x19, 0x30, 0xfb, 0x7c, 0x38,
+ 0xec, 0x45, 0xac, 0x11, 0xc3, 0x53, 0xd0, 0xcf, 0x93, 0x8d, 0xcc, 0xb9,
+ 0xef, 0xad, 0x8f, 0xed, 0xbe, 0x46, 0xda, 0xa5},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0xb4, 0xf0},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4b, 0x0b, 0xda, 0x8a,
+ 0xd0, 0x43, 0x83, 0x0d, 0x83, 0x19, 0xab, 0x82, 0xc5, 0x0c, 0x76, 0x63},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {104,
+ {0x86, 0xcb, 0xac, 0xae, 0x4d, 0x3f, 0x74, 0xae, 0x01, 0x21, 0x3e, 0x05,
+ 0x51, 0xcc, 0x15, 0x16, 0x0e, 0xa1, 0xbe, 0x84, 0x08, 0xe3, 0xd5, 0xd7,
+ 0x4f, 0x01, 0x46, 0x49, 0x95, 0xa6, 0x9e, 0x61, 0x76, 0xcb, 0x9e, 0x02,
+ 0xb2, 0x24, 0x7e, 0xd2, 0x99, 0x89, 0x2f, 0x91, 0x82, 0xa4, 0x5c, 0xaf,
+ 0x4c, 0x69, 0x40, 0x56, 0x11, 0x76, 0x6e, 0xdf, 0xaf, 0xdc, 0x28, 0x55,
+ 0x19, 0xea, 0x30, 0x48, 0x0c, 0x44, 0xf0, 0x5e, 0x78, 0x1e, 0xac, 0xf8,
+ 0xfc, 0xec, 0xc7, 0x09, 0x0a, 0xbb, 0x28, 0xfa, 0x5f, 0xd5, 0x85, 0xac,
+ 0x8c, 0xda, 0x7e, 0x87, 0x72, 0xe5, 0x94, 0xe4, 0xce, 0x6c, 0x88, 0x32,
+ 0x81, 0x93, 0x2e, 0x0f, 0x89, 0xf8, 0x77, 0xa1, 0xf0, 0x4d, 0x9c, 0x32,
+ 0xb0, 0x6c, 0xf9, 0x0b, 0x0e, 0x76, 0x2b, 0x43, 0x0c, 0x4d, 0x51, 0x7c,
+ 0x97, 0x10, 0x70, 0x68, 0xf4, 0x98, 0xef, 0x7f},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0xfb, 0x66},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4b, 0xc9, 0x8f, 0x72,
+ 0xc4, 0x94, 0xc2, 0xa4, 0x3c, 0x2b, 0x15, 0xa1, 0x04, 0x3f, 0x1c, 0xfa},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {105,
+ {0xfa, 0xb1, 0xcd, 0xdf, 0x4f, 0xe1, 0x98, 0xef, 0x63, 0xad, 0xd8, 0x81,
+ 0xd6, 0xea, 0xd6, 0xc5, 0x76, 0x37, 0xbb, 0xe9, 0x20, 0x18, 0xca, 0x7c,
+ 0x0b, 0x96, 0xfb, 0xa0, 0x87, 0x1e, 0x93, 0x2d, 0xb1, 0xfb, 0xf9, 0x07,
+ 0x61, 0xbe, 0x25, 0xdf, 0x8d, 0xfa, 0xf9, 0x31, 0xce, 0x57, 0x57, 0xe6,
+ 0x17, 0xb3, 0xd7, 0xa9, 0xf0, 0xbf, 0x0f, 0xfe, 0x5d, 0x59, 0x1a, 0x33,
+ 0xc1, 0x43, 0xb8, 0xf5, 0x3f, 0xd0, 0xb5, 0xa1, 0x96, 0x09, 0xfd, 0x62,
+ 0xe5, 0xc2, 0x51, 0xa4, 0x28, 0x1a, 0x20, 0x0c, 0xfd, 0xc3, 0x4f, 0x28,
+ 0x17, 0x10, 0x40, 0x6f, 0x4e, 0x37, 0x62, 0x54, 0x46, 0xff, 0x6e, 0xf2,
+ 0x24, 0x91, 0x3d, 0xeb, 0x0d, 0x89, 0xaf, 0x33, 0x71, 0x28, 0xe3, 0xd1,
+ 0x55, 0xd1, 0x6d, 0x3e, 0xc3, 0x24, 0x60, 0x41, 0x43, 0x21, 0x43, 0xe9,
+ 0xab, 0x3a, 0x6d, 0x2c, 0xcc, 0x2f, 0x4d, 0x62},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0xbb, 0x90},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf7, 0xe9, 0xe1, 0x51,
+ 0xb0, 0x25, 0x33, 0xc7, 0x46, 0x58, 0xbf, 0xc7, 0x73, 0x7c, 0x68, 0x0d},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {106,
+ {0x22, 0x72, 0x02, 0xbe, 0x7f, 0x35, 0x15, 0xe9, 0xd1, 0xc0, 0x2e, 0xea,
+ 0x2f, 0x19, 0x50, 0xb6, 0x48, 0x1b, 0x04, 0x8a, 0x4c, 0x91, 0x50, 0x6c,
+ 0xb4, 0x0d, 0x50, 0x4e, 0x6c, 0x94, 0x9f, 0x82, 0xd1, 0x97, 0xc2, 0x5a,
+ 0xd1, 0x7d, 0xc7, 0x21, 0x65, 0x11, 0x25, 0x78, 0x2a, 0xc7, 0xa7, 0x12,
+ 0x47, 0xfe, 0xae, 0xf3, 0x2f, 0x1f, 0x25, 0x0c, 0xe4, 0xbb, 0x8f, 0x79,
+ 0xac, 0xaa, 0x17, 0x9d, 0x45, 0xa7, 0xb0, 0x54, 0x5f, 0x09, 0x24, 0x32,
+ 0x5e, 0xfa, 0x87, 0xd5, 0xe4, 0x41, 0xd2, 0x84, 0x78, 0xc6, 0x1f, 0x22,
+ 0x23, 0xee, 0x67, 0xc3, 0xb4, 0x1f, 0x43, 0x94, 0x53, 0x5e, 0x2a, 0x24,
+ 0x36, 0x9a, 0x2e, 0x16, 0x61, 0x3c, 0x45, 0x94, 0x90, 0xc1, 0x4f, 0xb1,
+ 0xd7, 0x55, 0xfe, 0x53, 0xfb, 0xe1, 0xee, 0x45, 0xb1, 0xb2, 0x1f, 0x71,
+ 0x62, 0xe2, 0xfc, 0xaa, 0x74, 0x2a, 0xbe, 0xfd},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x48, 0x4a},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x79, 0x5b, 0xcf, 0xf6,
+ 0x47, 0xc5, 0x53, 0xc2, 0xe4, 0xeb, 0x6e, 0x0e, 0xaf, 0xd9, 0xe0, 0x4e},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {107,
+ {0xfa, 0xe5, 0x83, 0x45, 0xc1, 0x6c, 0xb0, 0xf5, 0xcc, 0x53, 0x7f, 0x2b,
+ 0x1b, 0x34, 0x69, 0xc9, 0x69, 0x46, 0x3b, 0x3e, 0xa7, 0x1b, 0xcf, 0x6b,
+ 0x98, 0xd6, 0x69, 0xa8, 0xe6, 0x0e, 0x04, 0xfc, 0x08, 0xd5, 0xfd, 0x06,
+ 0x9c, 0x36, 0x26, 0x38, 0xe3, 0x40, 0x0e, 0xf4, 0xcb, 0x24, 0x2e, 0x27,
+ 0xe2, 0x24, 0x5e, 0x68, 0xcb, 0x9e, 0xc5, 0x83, 0xda, 0x53, 0x40, 0xb1,
+ 0x2e, 0xdf, 0x42, 0x3b, 0x73, 0x26, 0xad, 0x20, 0xfe, 0xeb, 0x57, 0xda,
+ 0xca, 0x2e, 0x04, 0x67, 0xa3, 0x28, 0x99, 0xb4, 0x2d, 0xf8, 0xe5, 0x6d,
+ 0x84, 0xe0, 0x06, 0xbc, 0x8a, 0x7a, 0xcc, 0x73, 0x1e, 0x7c, 0x1f, 0x6b,
+ 0xec, 0xb5, 0x71, 0x9f, 0x70, 0x77, 0xf0, 0xd4, 0xf4, 0xc6, 0x1a, 0xb1,
+ 0x1e, 0xba, 0xc1, 0x00, 0x18, 0x01, 0xce, 0x33, 0xc4, 0xe4, 0xa7, 0x7d,
+ 0x83, 0x1d, 0x3c, 0xe3, 0x4e, 0x84, 0x10, 0xe1},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x93, 0x2f, 0x40},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x19, 0x46, 0xd6, 0x53,
+ 0x96, 0x0f, 0x94, 0x7a, 0x74, 0xd3, 0xe8, 0x09, 0x3c, 0xf4, 0x85, 0x02},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {108,
+ {0xeb, 0xb2, 0x16, 0xdd, 0xd7, 0xca, 0x70, 0x92, 0x15, 0xf5, 0x03, 0xdf,
+ 0x9c, 0xe6, 0x3c, 0x5c, 0xd2, 0x19, 0x4e, 0x7d, 0x90, 0x99, 0xe8, 0xa9,
+ 0x0b, 0x2a, 0xfa, 0xad, 0x5e, 0xba, 0x35, 0x06, 0x99, 0x25, 0xa6, 0x03,
+ 0xfd, 0xbc, 0x34, 0x1a, 0xae, 0xd4, 0x15, 0x05, 0xb1, 0x09, 0x41, 0xfa,
+ 0x38, 0x56, 0xa7, 0xe2, 0x47, 0xb1, 0x04, 0x07, 0x09, 0x74, 0x6c, 0xfc,
+ 0x20, 0x96, 0xca, 0xa6, 0x31, 0xb2, 0xff, 0xf4, 0x1c, 0x25, 0x05, 0x06,
+ 0xd8, 0x89, 0xc1, 0xc9, 0x06, 0x71, 0xad, 0xe8, 0x53, 0xee, 0x63, 0x94,
+ 0xc1, 0x91, 0x92, 0xa5, 0xcf, 0x37, 0x10, 0xd1, 0x07, 0x30, 0x99, 0xe5,
+ 0xbc, 0x94, 0x65, 0x82, 0xfc, 0x0f, 0xab, 0x9f, 0x54, 0x3c, 0x71, 0x6a,
+ 0xe2, 0x48, 0x6a, 0x86, 0x83, 0xfd, 0xca, 0x39, 0xd2, 0xe1, 0x4f, 0x23,
+ 0xd0, 0x0a, 0x58, 0x26, 0x64, 0xf4, 0xec, 0xb1},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x93, 0x35},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x36, 0xc3, 0x00, 0x29,
+ 0x85, 0xdd, 0x21, 0xba, 0xf8, 0x95, 0xd6, 0x33, 0x57, 0x3f, 0x12, 0xc0},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {109,
+ {0x40, 0x8a, 0xe6, 0xef, 0x1c, 0x7e, 0xf0, 0xfb, 0x2c, 0x2d, 0x61, 0x08,
+ 0x16, 0xfc, 0x78, 0x49, 0xef, 0xa5, 0x8f, 0x78, 0x27, 0x3f, 0x5f, 0x16,
+ 0x6e, 0xa6, 0x5f, 0x81, 0xb5, 0x75, 0x74, 0x7d, 0x03, 0x5b, 0x30, 0x40,
+ 0xfe, 0xde, 0x1e, 0xb9, 0x45, 0x97, 0x88, 0x66, 0x97, 0x88, 0x40, 0x8e,
+ 0x00, 0x41, 0x3b, 0x3e, 0x37, 0x6d, 0x15, 0x2d, 0x20, 0x4a, 0xa2, 0xb7,
+ 0xa8, 0x35, 0x58, 0xfc, 0xd4, 0x8a, 0x0e, 0xf7, 0xa2, 0x6b, 0x1c, 0xd6,
+ 0xd3, 0x5d, 0x23, 0xb3, 0xf5, 0xdf, 0xe0, 0xca, 0x77, 0xa4, 0xce, 0x32,
+ 0xb9, 0x4a, 0xbf, 0x83, 0xda, 0x2a, 0xef, 0xca, 0xf0, 0x68, 0x38, 0x08,
+ 0x79, 0xe8, 0x9f, 0xb0, 0xa3, 0x82, 0x95, 0x95, 0xcf, 0x44, 0xc3, 0x85,
+ 0x2a, 0xe2, 0xcc, 0x66, 0x2b, 0x68, 0x9f, 0x93, 0x55, 0xd9, 0xc1, 0x83,
+ 0x80, 0x1f, 0x6a, 0xcc, 0x31, 0x3f, 0x89, 0x07},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xf7, 0xd5},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x65, 0x14, 0x51, 0x8e,
+ 0x0a, 0x26, 0x41, 0x42, 0xe0, 0xb7, 0x35, 0x1f, 0x96, 0x7f, 0xc2, 0xae},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {110,
+ {0x0a, 0x0a, 0x24, 0x49, 0x9b, 0xca, 0xde, 0x58, 0xcf, 0x15, 0x76, 0xc3,
+ 0x12, 0xac, 0xa9, 0x84, 0x71, 0x8c, 0xb4, 0xcc, 0x7e, 0x01, 0x53, 0xf5,
+ 0xa9, 0x01, 0x58, 0x10, 0x85, 0x96, 0x44, 0xdf, 0xc0, 0x21, 0x17, 0x4e,
+ 0x0b, 0x06, 0x0a, 0x39, 0x74, 0x48, 0xde, 0x8b, 0x48, 0x4a, 0x86, 0x03,
+ 0xbe, 0x68, 0x0a, 0x69, 0x34, 0xc0, 0x90, 0x6f, 0x30, 0xdd, 0x17, 0xea,
+ 0xe2, 0xd4, 0xc5, 0xfa, 0xa7, 0x77, 0xf8, 0xca, 0x53, 0x37, 0x0e, 0x08,
+ 0x33, 0x1b, 0x88, 0xc3, 0x42, 0xba, 0xc9, 0x59, 0x78, 0x7b, 0xbb, 0x33,
+ 0x93, 0x0e, 0x3b, 0x56, 0xbe, 0x86, 0xda, 0x7f, 0x2a, 0x6e, 0xb1, 0xf9,
+ 0x40, 0x89, 0xd1, 0xd1, 0x81, 0x07, 0x4d, 0x43, 0x02, 0xf8, 0xe0, 0x55,
+ 0x2d, 0x0d, 0xe1, 0xfa, 0xb3, 0x06, 0xa2, 0x1b, 0x42, 0xd4, 0xc3, 0xba,
+ 0x6e, 0x6f, 0x0c, 0xbc, 0xc8, 0x1e, 0x87, 0x7a},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xfc, 0xe4},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x19, 0x4d, 0xa6,
+ 0xa9, 0x9f, 0xd6, 0x5b, 0x40, 0xe9, 0xca, 0xd7, 0x98, 0xf4, 0x4b, 0x19},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {111,
+ {0x4a, 0x0a, 0xaf, 0xf8, 0x49, 0x47, 0x29, 0x18, 0x86, 0x91, 0x70, 0x13,
+ 0x40, 0xf3, 0xce, 0x2b, 0x8a, 0x78, 0xee, 0xd3, 0xa0, 0xf0, 0x65, 0x99,
+ 0x4b, 0x72, 0x48, 0x4e, 0x79, 0x91, 0xd2, 0x5c, 0x29, 0xaa, 0x07, 0x5e,
+ 0xb1, 0xfc, 0x16, 0xde, 0x93, 0xfe, 0x06, 0x90, 0x58, 0x11, 0x2a, 0xb2,
+ 0x84, 0xa3, 0xed, 0x18, 0x78, 0x03, 0x26, 0xd1, 0x25, 0x8a, 0x47, 0x22,
+ 0x2f, 0xa6, 0x33, 0xd8, 0xb2, 0x9f, 0x3b, 0xd9, 0x15, 0x0b, 0x23, 0x9b,
+ 0x15, 0x46, 0xc2, 0xbb, 0x9b, 0x9f, 0x41, 0x0f, 0xeb, 0xea, 0xd3, 0x96,
+ 0x00, 0x0e, 0xe4, 0x77, 0x70, 0x15, 0x32, 0xc3, 0xd0, 0xf5, 0xfb, 0xf8,
+ 0x95, 0xd2, 0x80, 0x19, 0x6d, 0x2f, 0x73, 0x7c, 0x5e, 0x9f, 0xec, 0x50,
+ 0xd9, 0x2b, 0xb0, 0xdf, 0x5d, 0x7e, 0x51, 0x3b, 0xe5, 0xb8, 0xea, 0x97,
+ 0x13, 0x10, 0xd5, 0xbf, 0x16, 0xba, 0x7a, 0xee},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x84, 0x86, 0xa8},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc8, 0xae, 0x77, 0x88,
+ 0xcd, 0x28, 0x74, 0xab, 0xc1, 0x38, 0x54, 0x1e, 0x11, 0xfd, 0x05, 0x87},
+ false,
+ false},
+
+ // Comment: checking for int overflows
+ {112,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x78, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x9f, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x9c, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xd4, 0xd2, 0x06, 0x61,
+ 0x6f, 0x92, 0x93, 0xf6, 0x5b, 0x45, 0xdb, 0xbc, 0x74, 0xe7, 0xc2, 0xed,
+ 0xfb, 0xcb, 0xbf, 0x1c, 0xfb, 0x67, 0x9b, 0xb7, 0x39, 0xa5, 0x86, 0x2d,
+ 0xe2, 0xbc, 0xb9, 0x37, 0xf7, 0x4d, 0x5b, 0xf8, 0x67, 0x1c, 0x5a, 0x8a,
+ 0x50, 0x92, 0xf6, 0x1d, 0x54, 0xc9, 0xaa, 0x5b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x93, 0x3a, 0x51, 0x63,
+ 0xc7, 0xf6, 0x23, 0x68, 0x32, 0x7b, 0x3f, 0xbc, 0x10, 0x36, 0xc9, 0x43},
+ false,
+ false},
+
+ // Comment: special case tag
+ {113,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0x85, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xa6, 0x90, 0x2f, 0xcb, 0xc8, 0x83,
+ 0xbb, 0xc1, 0x80, 0xb2, 0x56, 0xae, 0x34, 0xad, 0x7f, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
+ false,
+ false},
+
+ // Comment: special case tag
+ {114,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x24, 0x7e, 0x50, 0x64, 0x2a, 0x1c,
+ 0x0a, 0x2f, 0x8f, 0x77, 0x21, 0x96, 0x09, 0xdb, 0xa9, 0x58},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false,
+ false},
+
+ // Comment: special case tag
+ {115,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xd9, 0xe7, 0x2c, 0x06, 0x4a, 0xc8,
+ 0x96, 0x1f, 0x3f, 0xa5, 0x85, 0xe0, 0xe2, 0xab, 0xd6, 0x00},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ false,
+ false},
+
+ // Comment: special case tag
+ {116,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0x65, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x95, 0xaf, 0x0f, 0x4d, 0x0b, 0x68,
+ 0x6e, 0xae, 0xcc, 0xca, 0x43, 0x07, 0xd5, 0x96, 0xf5, 0x02},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80,
+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80},
+ false,
+ false},
+
+ // Comment: special case tag
+ {117,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x85, 0x40, 0xb4, 0x64, 0x35, 0x77,
+ 0x07, 0xbe, 0x3a, 0x39, 0xd5, 0x5c, 0x34, 0xf8, 0xbc, 0xb3},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f,
+ 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f},
+ false,
+ false},
+
+ // Comment: special case tag
+ {118,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0x4f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x66, 0x23, 0xd9, 0x90, 0xb8, 0x98,
+ 0xd8, 0x30, 0xd2, 0x12, 0xaf, 0x23, 0x83, 0x33, 0x07, 0x01},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00},
+ false,
+ false},
+
+ // Comment: special case tag
+ {119,
+ {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4,
+ 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2,
+ 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf,
+ 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc,
+ 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12,
+ 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d},
+ {0x83, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f, 0x16, 0xd0, 0x9f, 0x17, 0x78,
+ 0x72, 0x11, 0xb7, 0xd4, 0x84, 0xe0, 0x24, 0xf8, 0x97, 0x01},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {120,
+ {0x00, 0x52, 0x35, 0xd2, 0xa9, 0x19, 0xf2, 0x8d, 0x3d, 0xb7, 0x66, 0x4a,
+ 0x34, 0xae, 0x6b, 0x44, 0x4d, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x5b, 0x8b, 0x94, 0x50,
+ 0x9e, 0x2b, 0x74, 0xa3, 0x6d, 0x34, 0x6e, 0x33, 0xd5, 0x72, 0x65, 0x9b,
+ 0xa9, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0x83, 0xdc, 0xe9, 0xf3, 0x07, 0x3e, 0xfa, 0xdb,
+ 0x7d, 0x23, 0xb8, 0x7a, 0xce, 0x35, 0x16, 0x8c},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x00, 0x39, 0xe2, 0xfd, 0x2f, 0xd3, 0x12, 0x14, 0x9e, 0x98, 0x98, 0x80,
+ 0x88, 0x48, 0x13, 0xe7, 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3b, 0x0e, 0x86, 0x9a,
+ 0xaa, 0x8e, 0xa4, 0x96, 0x32, 0xff, 0xff, 0x37, 0xb9, 0xe8, 0xce, 0x00,
+ 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x3b, 0x0e, 0x86, 0x9a, 0xaa, 0x8e, 0xa4, 0x96,
+ 0x32, 0xff, 0xff, 0x37, 0xb9, 0xe8, 0xce, 0x00, 0xa5, 0x19, 0xac, 0x1a,
+ 0x35, 0xb4, 0xa5, 0x77, 0x87, 0x51, 0x0a, 0xf7, 0x8d, 0x8d, 0x20, 0x0a},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {121,
+ {0xd3, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xe5, 0xda, 0x78, 0x76, 0x6f, 0xa1, 0x92, 0x90,
+ 0xc0, 0x31, 0xf7, 0x52, 0x08, 0x50, 0x67, 0x45, 0xae, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x49, 0x6d, 0xde, 0xb0, 0x55, 0x09, 0xc6, 0xef, 0xff, 0xab, 0x75, 0xeb,
+ 0x2d, 0xf4, 0xab, 0x09, 0x76, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x01, 0x49, 0xef, 0x50,
+ 0x4b, 0x71, 0xb1, 0x20, 0xca, 0x4f, 0xf3, 0x95, 0x19, 0xc2, 0xc2, 0x10},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x62, 0x18, 0xb2, 0x7f, 0x83, 0xb8, 0xb4, 0x66,
+ 0x02, 0xf6, 0xe1, 0xd8, 0x34, 0x20, 0x7b, 0x02, 0xce, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x2a, 0x64, 0x16, 0xce, 0xdb, 0x1c, 0xdd, 0x29, 0x6e, 0xf5, 0xd7, 0xd6,
+ 0x92, 0xda, 0xff, 0x02, 0xce, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x2a, 0x64, 0x16, 0xce,
+ 0xdb, 0x1c, 0xdd, 0x29, 0x6e, 0xf5, 0xd7, 0xd6, 0x92, 0xda, 0xff, 0x02,
+ 0x30, 0x2f, 0xe8, 0x2a, 0xb0, 0xa0, 0x9a, 0xf6, 0x44, 0x00, 0xd0, 0x15,
+ 0xae, 0x83, 0xd9, 0xcc},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {122,
+ {0xe9, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x6d, 0xf1, 0x39, 0x4e, 0xdc, 0x53, 0x9b, 0x5b,
+ 0x3a, 0x09, 0x57, 0xbe, 0x0f, 0xb8, 0x59, 0x46, 0x80, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xd1, 0x76, 0x9f, 0xe8, 0x06, 0xbb, 0xfe, 0xb6, 0xf5, 0x90, 0x95, 0x0f,
+ 0x2e, 0xac, 0x9e, 0x0a, 0x58, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x99, 0x52, 0xae, 0x08,
+ 0x18, 0xc3, 0x89, 0x79, 0xc0, 0x74, 0x13, 0x71, 0x1a, 0x9a, 0xf7, 0x13},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xe9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xea, 0x33, 0xf3, 0x47, 0x30, 0x4a, 0xbd, 0xad,
+ 0xf8, 0xce, 0x41, 0x34, 0x33, 0xc8, 0x45, 0x01, 0xe0, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xb2, 0x7f, 0x57, 0x96, 0x88, 0xae, 0xe5, 0x70, 0x64, 0xce, 0x37, 0x32,
+ 0x91, 0x82, 0xca, 0x01, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xb2, 0x7f, 0x57, 0x96,
+ 0x88, 0xae, 0xe5, 0x70, 0x64, 0xce, 0x37, 0x32, 0x91, 0x82, 0xca, 0x01,
+ 0x98, 0xa7, 0xe8, 0x36, 0xe0, 0xee, 0x4d, 0x02, 0x35, 0x00, 0xd0, 0x55,
+ 0x7e, 0xc2, 0xcb, 0xe0},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {123,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01,
+ 0x35, 0x43, 0x19, 0x87, 0x5c, 0x64, 0xf9, 0x0f, 0x5b, 0x26, 0x92,
+ 0xb8, 0x60, 0xd4, 0x59, 0x6f, 0xf4, 0xb3, 0x40, 0x2c, 0x5c, 0x00,
+ 0xb9, 0xbb, 0x53, 0x70, 0x7a, 0xa6, 0x67, 0xd3, 0x56, 0xfe, 0x50,
+ 0xc7, 0x19, 0x96, 0x94, 0x03, 0x35, 0x61, 0xe7, 0xca, 0xca, 0x6d,
+ 0x94, 0x1d, 0xc3, 0xcd, 0x69, 0x14, 0xad, 0x69, 0x04},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xe3, 0x3b, 0xc5, 0x52, 0xca, 0x8b, 0x9e, 0x96,
+ 0x16, 0x9e, 0x79, 0x7e, 0x8f, 0x30, 0x30, 0x1b, 0x60, 0x3c, 0xa9, 0x99,
+ 0x44, 0xdf, 0x76, 0x52, 0x8c, 0x9d, 0x6f, 0x54, 0xab, 0x83, 0x3d, 0x0f,
+ 0x60, 0x3c, 0xa9, 0x99, 0x44, 0xdf, 0x76, 0x52, 0x8c, 0x9d, 0x6f, 0x54,
+ 0xab, 0x83, 0x3d, 0x0f, 0x6a, 0xb8, 0xdc, 0xe2, 0xc5, 0x9d, 0xa4, 0x73,
+ 0x71, 0x30, 0xb0, 0x25, 0x2f, 0x68, 0xa8, 0xd8},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {124,
+ {0x68, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xb0, 0x8f, 0x25, 0x67, 0x5b, 0x9b, 0xcb, 0xf6,
+ 0xe3, 0x84, 0x07, 0xde, 0x2e, 0xc7, 0x5a, 0x47, 0x9f, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x2d, 0x2a, 0xf7, 0xcd, 0x6b, 0x08, 0x05, 0x01, 0xd3, 0x1b, 0xa5, 0x4f,
+ 0xb2, 0xeb, 0x75, 0x96, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x65, 0x0e, 0xc6, 0x2d,
+ 0x75, 0x70, 0x72, 0xce, 0xe6, 0xff, 0x23, 0x31, 0x86, 0xdd, 0x1c, 0x8f},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x68, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x37, 0x4d, 0xef, 0x6e, 0xb7, 0x82, 0xed, 0x00,
+ 0x21, 0x43, 0x11, 0x54, 0x12, 0xb7, 0x46, 0x00, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x4e, 0x23, 0x3f, 0xb3, 0xe5, 0x1d, 0x1e, 0xc7, 0x42, 0x45, 0x07, 0x72,
+ 0x0d, 0xc5, 0x21, 0x9d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4e, 0x23, 0x3f, 0xb3,
+ 0xe5, 0x1d, 0x1e, 0xc7, 0x42, 0x45, 0x07, 0x72, 0x0d, 0xc5, 0x21, 0x9d,
+ 0x04, 0x4d, 0xea, 0x60, 0x88, 0x80, 0x41, 0x2b, 0xfd, 0xff, 0xcf, 0x35,
+ 0x57, 0x9e, 0x9b, 0x26},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {125,
+ {0x6d, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xa1, 0x61, 0xb5, 0xab, 0x04, 0x09, 0x00, 0x62,
+ 0x9e, 0xfe, 0xff, 0x78, 0xd7, 0xd8, 0x6b, 0x45, 0x9f, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xc6, 0xf8, 0x07, 0x8c, 0xc8, 0xef, 0x12, 0xa0, 0xff, 0x65, 0x7d, 0x6d,
+ 0x08, 0xdb, 0x10, 0xb8, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x8e, 0xdc, 0x36, 0x6c,
+ 0xd6, 0x97, 0x65, 0x6f, 0xca, 0x81, 0xfb, 0x13, 0x3c, 0xed, 0x79, 0xa1},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x6d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x26, 0xa3, 0x7f, 0xa2, 0xe8, 0x10, 0x26, 0x94,
+ 0x5c, 0x39, 0xe9, 0xf2, 0xeb, 0xa8, 0x77, 0x02, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xa5, 0xf1, 0xcf, 0xf2, 0x46, 0xfa, 0x09, 0x66, 0x6e, 0x3b, 0xdf, 0x50,
+ 0xb7, 0xf5, 0x44, 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xa5, 0xf1, 0xcf, 0xf2,
+ 0x46, 0xfa, 0x09, 0x66, 0x6e, 0x3b, 0xdf, 0x50, 0xb7, 0xf5, 0x44, 0xb3,
+ 0x1e, 0x6b, 0xea, 0x63, 0x14, 0x54, 0x2e, 0x2e, 0xf9, 0xff, 0xcf, 0x45,
+ 0x0b, 0x2e, 0x98, 0x2b},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {126,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01,
+ 0x35, 0x43, 0x19, 0x87, 0x5c, 0xfc, 0x01, 0xb8, 0x91, 0xe5, 0xf0,
+ 0xf9, 0x12, 0x8d, 0x7d, 0x1c, 0x57, 0x91, 0x92, 0xb6, 0x98, 0x63,
+ 0x41, 0x44, 0x15, 0xb6, 0x99, 0x68, 0x95, 0x9a, 0x72, 0x91, 0xb7,
+ 0xa5, 0xaf, 0x13, 0x48, 0x60, 0xcd, 0x9e, 0xa1, 0x0c, 0x29, 0xa3,
+ 0x66, 0x54, 0xe7, 0xa2, 0x8e, 0x76, 0x1b, 0xec, 0xd8},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x7b, 0xc3, 0x72, 0x98, 0x09, 0xe9, 0xdf, 0xe4,
+ 0x4f, 0xba, 0x0a, 0xdd, 0xad, 0xe2, 0xaa, 0xdf, 0x03, 0xc4, 0x56, 0xdf,
+ 0x82, 0x3c, 0xb8, 0xa0, 0xc5, 0xb9, 0x00, 0xb3, 0xc9, 0x35, 0xb8, 0xd3,
+ 0x03, 0xc4, 0x56, 0xdf, 0x82, 0x3c, 0xb8, 0xa0, 0xc5, 0xb9, 0x00, 0xb3,
+ 0xc9, 0x35, 0xb8, 0xd3, 0xed, 0x20, 0x17, 0xc8, 0xdb, 0xa4, 0x77, 0x56,
+ 0x29, 0x04, 0x9d, 0x78, 0x6e, 0x3b, 0xce, 0xb1},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {127,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01,
+ 0x35, 0x43, 0x19, 0x87, 0x5c, 0x6b, 0x6d, 0xc9, 0xd2, 0x1a, 0x81,
+ 0x9e, 0x70, 0xb5, 0x77, 0xf4, 0x41, 0x37, 0xd3, 0xd6, 0xbd, 0x13,
+ 0x35, 0xf5, 0xeb, 0x44, 0x49, 0x40, 0x77, 0xb2, 0x64, 0x49, 0xa5,
+ 0x4b, 0x6c, 0x7c, 0x75, 0x10, 0xb9, 0x2f, 0x5f, 0xfe, 0xf9, 0x8b,
+ 0x84, 0x7c, 0xf1, 0x7a, 0x9c, 0x98, 0xd8, 0x83, 0xe5},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xec, 0xaf, 0x03, 0xdb, 0xf6, 0x98, 0xb8, 0x86,
+ 0x77, 0xb0, 0xe2, 0xcb, 0x0b, 0xa3, 0xca, 0xfa, 0x73, 0xb0, 0xe7, 0x21,
+ 0x70, 0xec, 0x90, 0x42, 0xed, 0xaf, 0xd8, 0xa1, 0x27, 0xf6, 0xd7, 0xee,
+ 0x73, 0xb0, 0xe7, 0x21, 0x70, 0xec, 0x90, 0x42, 0xed, 0xaf, 0xd8, 0xa1,
+ 0x27, 0xf6, 0xd7, 0xee, 0x07, 0x3f, 0x17, 0xcb, 0x67, 0x78, 0x64, 0x59,
+ 0x25, 0x04, 0x9d, 0x88, 0x22, 0xcb, 0xca, 0xb6},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {128,
+ {0xff, 0xcb, 0x2b, 0x11, 0x06, 0xf8, 0x23, 0x4c, 0x5e, 0x99, 0xd4, 0xdb,
+ 0x4c, 0x70, 0x48, 0xde, 0x32, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x16, 0xe9, 0x88, 0x4a,
+ 0x11, 0x4f, 0x0e, 0x92, 0x66, 0xce, 0xa3, 0x88, 0x5f, 0xe3, 0x6b, 0x9f,
+ 0xd6, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xce, 0xbe, 0xf5, 0xe9, 0x88, 0x5a, 0x80, 0xea,
+ 0x76, 0xd9, 0x75, 0xc1, 0x44, 0xa4, 0x18, 0x88},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xa0, 0xfc, 0x3e, 0x80, 0x32, 0xc3, 0xd5, 0xfd, 0xb6, 0x2a, 0x11,
+ 0xf0, 0x96, 0x30, 0x7d, 0xb5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x76, 0x6c, 0x9a, 0x80,
+ 0x25, 0xea, 0xde, 0xa7, 0x39, 0x05, 0x32, 0x8c, 0x33, 0x79, 0xc0, 0x04,
+ 0xb5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x76, 0x6c, 0x9a, 0x80, 0x25, 0xea, 0xde, 0xa7,
+ 0x39, 0x05, 0x32, 0x8c, 0x33, 0x79, 0xc0, 0x04, 0x8b, 0x9b, 0xb4, 0xb4,
+ 0x86, 0x12, 0x89, 0x65, 0x8c, 0x69, 0x6a, 0x83, 0x40, 0x15, 0x04, 0x05},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {129,
+ {0x6f, 0x9e, 0x70, 0xed, 0x3b, 0x8b, 0xac, 0xa0, 0x26, 0xe4, 0x6a, 0x5a,
+ 0x09, 0x43, 0x15, 0x8d, 0x21, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x0c, 0x61, 0x2c, 0x5e,
+ 0x8d, 0x89, 0xa8, 0x73, 0xdb, 0xca, 0xad, 0x5b, 0x73, 0x46, 0x42, 0x9b,
+ 0xc5, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xd4, 0x36, 0x51, 0xfd, 0x14, 0x9c, 0x26, 0x0b,
+ 0xcb, 0xdd, 0x7b, 0x12, 0x68, 0x01, 0x31, 0x8c},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x6f, 0xf5, 0xa7, 0xc2, 0xbd, 0x41, 0x4c, 0x39, 0x85, 0xcb, 0x94, 0x90,
+ 0xb5, 0xa5, 0x6d, 0x2e, 0xa6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x6c, 0xe4, 0x3e, 0x94,
+ 0xb9, 0x2c, 0x78, 0x46, 0x84, 0x01, 0x3c, 0x5f, 0x1f, 0xdc, 0xe9, 0x00,
+ 0xa6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x6c, 0xe4, 0x3e, 0x94, 0xb9, 0x2c, 0x78, 0x46,
+ 0x84, 0x01, 0x3c, 0x5f, 0x1f, 0xdc, 0xe9, 0x00, 0x8b, 0x3b, 0xbd, 0x51,
+ 0x64, 0x44, 0x59, 0x56, 0x8d, 0x81, 0xca, 0x1f, 0xa7, 0x2c, 0xe4, 0x04},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {130,
+ {0x41, 0x2b, 0x08, 0x0a, 0x3e, 0x19, 0xc1, 0x0d, 0x44, 0xa1, 0xaf, 0x1e,
+ 0xab, 0xde, 0xb4, 0xce, 0x35, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x6b, 0x83, 0x94, 0x33,
+ 0x09, 0x21, 0x48, 0x6c, 0xa1, 0x1d, 0x29, 0x1c, 0x3e, 0x97, 0xee, 0x9a,
+ 0xd1, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xb3, 0xd4, 0xe9, 0x90, 0x90, 0x34, 0xc6, 0x14,
+ 0xb1, 0x0a, 0xff, 0x55, 0x25, 0xd0, 0x9d, 0x8d},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x41, 0x40, 0xdf, 0x25, 0xb8, 0xd3, 0x21, 0x94, 0xe7, 0x8e, 0x51, 0xd4,
+ 0x17, 0x38, 0xcc, 0x6d, 0xb2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0b, 0x06, 0x86, 0xf9,
+ 0x3d, 0x84, 0x98, 0x59, 0xfe, 0xd6, 0xb8, 0x18, 0x52, 0x0d, 0x45, 0x01,
+ 0xb2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x0b, 0x06, 0x86, 0xf9, 0x3d, 0x84, 0x98, 0x59,
+ 0xfe, 0xd6, 0xb8, 0x18, 0x52, 0x0d, 0x45, 0x01, 0x86, 0xfb, 0xab, 0x2b,
+ 0x4a, 0x94, 0xf4, 0x7a, 0xa5, 0x6f, 0x0a, 0xea, 0x65, 0xd1, 0x10, 0x08},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {131,
+ {0xb2, 0x47, 0xa7, 0x47, 0x23, 0x49, 0x1a, 0xac, 0xac, 0xaa, 0xd7, 0x09,
+ 0xc9, 0x1e, 0x93, 0x2b, 0x31, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x9a, 0xde, 0x04, 0xe7,
+ 0x5b, 0xb7, 0x01, 0xd9, 0x66, 0x06, 0x01, 0xb3, 0x47, 0x65, 0xde, 0x98,
+ 0xd5, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0x42, 0x89, 0x79, 0x44, 0xc2, 0xa2, 0x8f, 0xa1,
+ 0x76, 0x11, 0xd7, 0xfa, 0x5c, 0x22, 0xad, 0x8f},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xb2, 0x2c, 0x70, 0x68, 0xa5, 0x83, 0xfa, 0x35, 0x0f, 0x85, 0x29, 0xc3,
+ 0x75, 0xf8, 0xeb, 0x88, 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, 0x5b, 0x16, 0x2d,
+ 0x6f, 0x12, 0xd1, 0xec, 0x39, 0xcd, 0x90, 0xb7, 0x2b, 0xff, 0x75, 0x03,
+ 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfa, 0x5b, 0x16, 0x2d, 0x6f, 0x12, 0xd1, 0xec,
+ 0x39, 0xcd, 0x90, 0xb7, 0x2b, 0xff, 0x75, 0x03, 0xa0, 0x19, 0xac, 0x2e,
+ 0xd6, 0x67, 0xe1, 0x7d, 0xa1, 0x6f, 0x0a, 0xfa, 0x19, 0x61, 0x0d, 0x0d},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {132,
+ {0x74, 0x0f, 0x9e, 0x49, 0xf6, 0x10, 0xef, 0xa5, 0x85, 0xb6, 0x59, 0xca,
+ 0x6e, 0xd8, 0xb4, 0x99, 0x2d, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x41, 0x2d, 0x96, 0xaf,
+ 0xbe, 0x80, 0xec, 0x3e, 0x79, 0xd4, 0x51, 0xb0, 0x0a, 0x2d, 0xb2, 0x9a,
+ 0xc9, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0x99, 0x7a, 0xeb, 0x0c, 0x27, 0x95, 0x62, 0x46,
+ 0x69, 0xc3, 0x87, 0xf9, 0x11, 0x6a, 0xc1, 0x8d},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x74, 0x64, 0x49, 0x66, 0x70, 0xda, 0x0f, 0x3c, 0x26, 0x99, 0xa7, 0x00,
+ 0xd2, 0x3e, 0xcc, 0x3a, 0xaa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xa8, 0x84, 0x65,
+ 0x8a, 0x25, 0x3c, 0x0b, 0x26, 0x1f, 0xc0, 0xb4, 0x66, 0xb7, 0x19, 0x01,
+ 0xaa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x21, 0xa8, 0x84, 0x65, 0x8a, 0x25, 0x3c, 0x0b,
+ 0x26, 0x1f, 0xc0, 0xb4, 0x66, 0xb7, 0x19, 0x01, 0x73, 0x6e, 0x18, 0x18,
+ 0x16, 0x96, 0xa5, 0x88, 0x9c, 0x31, 0x59, 0xfa, 0xab, 0xab, 0x20, 0xfd},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {133,
+ {0xad, 0xba, 0x5d, 0x10, 0x5b, 0xc8, 0xaa, 0x06, 0x2c, 0x23, 0x36, 0xcb,
+ 0x88, 0x9d, 0xdb, 0xd5, 0x37, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x17, 0x7c, 0x5f, 0xfe,
+ 0x28, 0x75, 0xf4, 0x68, 0xf6, 0xc2, 0x96, 0x57, 0x48, 0xf3, 0x59, 0x9a,
+ 0xd3, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xcf, 0x2b, 0x22, 0x5d, 0xb1, 0x60, 0x7a, 0x10,
+ 0xe6, 0xd5, 0x40, 0x1e, 0x53, 0xb4, 0x2a, 0x8d},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xad, 0xd1, 0x8a, 0x3f, 0xdd, 0x02, 0x4a, 0x9f, 0x8f, 0x0c, 0xc8, 0x01,
+ 0x34, 0x7b, 0xa3, 0x76, 0xb0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x77, 0xf9, 0x4d, 0x34,
+ 0x1c, 0xd0, 0x24, 0x5d, 0xa9, 0x09, 0x07, 0x53, 0x24, 0x69, 0xf2, 0x01,
+ 0xb0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x77, 0xf9, 0x4d, 0x34, 0x1c, 0xd0, 0x24, 0x5d,
+ 0xa9, 0x09, 0x07, 0x53, 0x24, 0x69, 0xf2, 0x01, 0xba, 0xd5, 0x8f, 0x10,
+ 0xa9, 0x1e, 0x6a, 0x88, 0x9a, 0xba, 0x32, 0xfd, 0x17, 0xd8, 0x33, 0x1a},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {134,
+ {0xfe, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xc0, 0x01, 0xed, 0xc5, 0xda, 0x44, 0x2e, 0x71,
+ 0x9b, 0xce, 0x9a, 0xbe, 0x27, 0x3a, 0xf1, 0x44, 0xb4, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x48, 0x02, 0x5f, 0x41, 0xfa, 0x4e, 0x33, 0x6c, 0x78, 0x69, 0x57, 0xa2,
+ 0xa7, 0xc4, 0x93, 0x0a, 0x6c, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x00, 0x26, 0x6e, 0xa1,
+ 0xe4, 0x36, 0x44, 0xa3, 0x4d, 0x8d, 0xd1, 0xdc, 0x93, 0xf2, 0xfa, 0x13},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x47, 0xc3, 0x27, 0xcc, 0x36, 0x5d, 0x08, 0x87,
+ 0x59, 0x09, 0x8c, 0x34, 0x1b, 0x4a, 0xed, 0x03, 0xd4, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x2b, 0x0b, 0x97, 0x3f, 0x74, 0x5b, 0x28, 0xaa, 0xe9, 0x37, 0xf5, 0x9f,
+ 0x18, 0xea, 0xc7, 0x01, 0xd4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x2b, 0x0b, 0x97, 0x3f,
+ 0x74, 0x5b, 0x28, 0xaa, 0xe9, 0x37, 0xf5, 0x9f, 0x18, 0xea, 0xc7, 0x01,
+ 0xd6, 0x8c, 0xe1, 0x74, 0x07, 0x9a, 0xdd, 0x02, 0x8d, 0xd0, 0x5c, 0xf8,
+ 0x14, 0x63, 0x04, 0x88},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {135,
+ {0xb5, 0x13, 0xb0, 0x6a, 0xb9, 0xac, 0x14, 0x43, 0x5a, 0xcb, 0x8a, 0xa3,
+ 0xa3, 0x7a, 0xfd, 0xb6, 0x54, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x61, 0x95, 0x01, 0x93,
+ 0xb1, 0xbf, 0x03, 0x11, 0xff, 0x11, 0x79, 0x89, 0xae, 0xd9, 0xa9, 0x99,
+ 0xb0, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xb9, 0xc2, 0x7c, 0x30, 0x28, 0xaa, 0x8d, 0x69,
+ 0xef, 0x06, 0xaf, 0xc0, 0xb5, 0x9e, 0xda, 0x8e},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xb5, 0x78, 0x67, 0x45, 0x3f, 0x66, 0xf4, 0xda, 0xf9, 0xe4, 0x74, 0x69,
+ 0x1f, 0x9c, 0x85, 0x15, 0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x10, 0x13, 0x59,
+ 0x85, 0x1a, 0xd3, 0x24, 0xa0, 0xda, 0xe8, 0x8d, 0xc2, 0x43, 0x02, 0x02,
+ 0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x01, 0x10, 0x13, 0x59, 0x85, 0x1a, 0xd3, 0x24,
+ 0xa0, 0xda, 0xe8, 0x8d, 0xc2, 0x43, 0x02, 0x02, 0xaa, 0x48, 0xa3, 0x88,
+ 0x7d, 0x4b, 0x05, 0x96, 0x99, 0xc2, 0xfd, 0xf9, 0xc6, 0x78, 0x7e, 0x0a},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {136,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xd4, 0xf1, 0x09, 0xe8, 0x14, 0xce, 0xa8, 0x5a,
+ 0x08, 0xc0, 0x11, 0xd8, 0x50, 0xdd, 0x1d, 0xcb, 0xcf, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x53, 0x40, 0xb8, 0x5a, 0x9a, 0xa0, 0x82, 0x96, 0xb7, 0x7a, 0x5f, 0xc3,
+ 0x96, 0x1f, 0x66, 0x0f, 0x17, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x1b, 0x64, 0x89, 0xba,
+ 0x84, 0xd8, 0xf5, 0x59, 0x82, 0x9e, 0xd9, 0xbd, 0xa2, 0x29, 0x0f, 0x16},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x53, 0x33, 0xc3, 0xe1, 0xf8, 0xd7, 0x8e, 0xac,
+ 0xca, 0x07, 0x07, 0x52, 0x6c, 0xad, 0x01, 0x8c, 0xaf, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x30, 0x49, 0x70, 0x24, 0x14, 0xb5, 0x99, 0x50, 0x26, 0x24, 0xfd, 0xfe,
+ 0x29, 0x31, 0x32, 0x04, 0xaf, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x49, 0x70, 0x24,
+ 0x14, 0xb5, 0x99, 0x50, 0x26, 0x24, 0xfd, 0xfe, 0x29, 0x31, 0x32, 0x04,
+ 0xb9, 0x36, 0xa8, 0x17, 0xf2, 0x21, 0x1a, 0xf1, 0x29, 0xe2, 0xcf, 0x16,
+ 0x0f, 0xd4, 0x2b, 0xcb},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {137,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xdf, 0x4c, 0x62, 0x03, 0x2d, 0x41, 0x19, 0xb5,
+ 0x88, 0x47, 0x7e, 0x99, 0x92, 0x5a, 0x56, 0xd9, 0xd6, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xfa, 0x84, 0xf0, 0x64, 0x55, 0x36, 0x42, 0x1b, 0x2b, 0xb9, 0x24, 0x6e,
+ 0xc2, 0x19, 0xed, 0x0b, 0x0e, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xb2, 0xa0, 0xc1, 0x84,
+ 0x4b, 0x4e, 0x35, 0xd4, 0x1e, 0x5d, 0xa2, 0x10, 0xf6, 0x2f, 0x84, 0x12},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x58, 0x8e, 0xa8, 0x0a, 0xc1, 0x58, 0x3f, 0x43,
+ 0x4a, 0x80, 0x68, 0x13, 0xae, 0x2a, 0x4a, 0x9e, 0xb6, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x99, 0x8d, 0x38, 0x1a, 0xdb, 0x23, 0x59, 0xdd, 0xba, 0xe7, 0x86, 0x53,
+ 0x7d, 0x37, 0xb9, 0x00, 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0x8d, 0x38, 0x1a,
+ 0xdb, 0x23, 0x59, 0xdd, 0xba, 0xe7, 0x86, 0x53, 0x7d, 0x37, 0xb9, 0x00,
+ 0x9f, 0x7a, 0xc4, 0x35, 0x1f, 0x6b, 0x91, 0xe6, 0x30, 0x97, 0xa7, 0x13,
+ 0x11, 0x5d, 0x05, 0xbe},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {138,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x13, 0xf8, 0x0a, 0x00, 0x6d, 0xc1, 0xbb, 0xda,
+ 0xd6, 0x39, 0xa9, 0x2f, 0xc7, 0xec, 0xa6, 0x55, 0xf7, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x63, 0x48, 0xb8, 0xfd, 0x29, 0xbf, 0x96, 0xd5, 0x63, 0xa5, 0x17, 0xe2,
+ 0x7d, 0x7b, 0xfc, 0x0f, 0x2f, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x2b, 0x6c, 0x89, 0x1d,
+ 0x37, 0xc7, 0xe1, 0x1a, 0x56, 0x41, 0x91, 0x9c, 0x49, 0x4d, 0x95, 0x16},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x94, 0x3a, 0xc0, 0x09, 0x81, 0xd8, 0x9d, 0x2c,
+ 0x14, 0xfe, 0xbf, 0xa5, 0xfb, 0x9c, 0xba, 0x12, 0x97, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x00, 0x41, 0x70, 0x83, 0xa7, 0xaa, 0x8d, 0x13, 0xf2, 0xfb, 0xb5, 0xdf,
+ 0xc2, 0x55, 0xa8, 0x04, 0x97, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x41, 0x70, 0x83,
+ 0xa7, 0xaa, 0x8d, 0x13, 0xf2, 0xfb, 0xb5, 0xdf, 0xc2, 0x55, 0xa8, 0x04,
+ 0x9a, 0x18, 0xa8, 0x28, 0x07, 0x02, 0x69, 0xf4, 0x47, 0x00, 0xd0, 0x09,
+ 0xe7, 0x17, 0x1c, 0xc9},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {139,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x82, 0xe5, 0x9b, 0x45, 0x82, 0x91, 0x50, 0x38,
+ 0xf9, 0x33, 0x81, 0x1e, 0x65, 0x2d, 0xc6, 0x6a, 0xfc, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xb6, 0x71, 0xc8, 0xca, 0xc2, 0x70, 0xc2, 0x65, 0xa0, 0xac, 0x2f, 0x53,
+ 0x57, 0x99, 0x88, 0x0a, 0x24, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xfe, 0x55, 0xf9, 0x2a,
+ 0xdc, 0x08, 0xb5, 0xaa, 0x95, 0x48, 0xa9, 0x2d, 0x63, 0xaf, 0xe1, 0x13},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x05, 0x27, 0x51, 0x4c, 0x6e, 0x88, 0x76, 0xce,
+ 0x3b, 0xf4, 0x97, 0x94, 0x59, 0x5d, 0xda, 0x2d, 0x9c, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xd5, 0x78, 0x00, 0xb4, 0x4c, 0x65, 0xd9, 0xa3, 0x31, 0xf2, 0x8d, 0x6e,
+ 0xe8, 0xb7, 0xdc, 0x01, 0x9c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd5, 0x78, 0x00, 0xb4,
+ 0x4c, 0x65, 0xd9, 0xa3, 0x31, 0xf2, 0x8d, 0x6e, 0xe8, 0xb7, 0xdc, 0x01,
+ 0xb4, 0x36, 0xa8, 0x2b, 0x93, 0xd5, 0x55, 0xf7, 0x43, 0x00, 0xd0, 0x19,
+ 0x9b, 0xa7, 0x18, 0xce},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {140,
+ {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0xf1, 0xd1, 0x28, 0x87, 0xb7, 0x21, 0x69, 0x86,
+ 0xa1, 0x2d, 0x79, 0x09, 0x8b, 0x6d, 0xe6, 0x0f, 0xc0, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xa7, 0xc7, 0x58, 0x99, 0xf3, 0xe6, 0x0a, 0xf1, 0xfc, 0xb6, 0xc7, 0x30,
+ 0x7d, 0x87, 0x59, 0x0f, 0x18, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xef, 0xe3, 0x69, 0x79,
+ 0xed, 0x9e, 0x7d, 0x3e, 0xc9, 0x52, 0x41, 0x4e, 0x49, 0xb1, 0x30, 0x16},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x76, 0x13, 0xe2, 0x8e, 0x5b, 0x38, 0x4f, 0x70,
+ 0x63, 0xea, 0x6f, 0x83, 0xb7, 0x1d, 0xfa, 0x48, 0xa0, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xc4, 0xce, 0x90, 0xe7, 0x7d, 0xf3, 0x11, 0x37, 0x6d, 0xe8, 0x65, 0x0d,
+ 0xc2, 0xa9, 0x0d, 0x04, 0xa0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc4, 0xce, 0x90, 0xe7,
+ 0x7d, 0xf3, 0x11, 0x37, 0x6d, 0xe8, 0x65, 0x0d, 0xc2, 0xa9, 0x0d, 0x04,
+ 0xce, 0x54, 0xa8, 0x2e, 0x1f, 0xa9, 0x42, 0xfa, 0x3f, 0x00, 0xd0, 0x29,
+ 0x4f, 0x37, 0x15, 0xd3},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {141,
+ {0xcb, 0xf1, 0xda, 0x9e, 0x0b, 0xa9, 0x37, 0x73, 0x74, 0xe6, 0x9e, 0x1c,
+ 0x0e, 0x60, 0x0c, 0xfc, 0x34, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0xbe, 0x3f, 0xa6, 0x6b,
+ 0x6c, 0xe7, 0x80, 0x8a, 0xa3, 0xe4, 0x59, 0x49, 0xf9, 0x44, 0x64, 0x9f,
+ 0xd0, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0x66, 0x68, 0xdb, 0xc8, 0xf5, 0xf2, 0x0e, 0xf2,
+ 0xb3, 0xf3, 0x8f, 0x00, 0xe2, 0x03, 0x17, 0x88},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xcb, 0x9a, 0x0d, 0xb1, 0x8d, 0x63, 0xd7, 0xea, 0xd7, 0xc9, 0x60, 0xd6,
+ 0xb2, 0x86, 0x74, 0x5f, 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xde, 0xba, 0xb4, 0xa1,
+ 0x58, 0x42, 0x50, 0xbf, 0xfc, 0x2f, 0xc8, 0x4d, 0x95, 0xde, 0xcf, 0x04,
+ 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xde, 0xba, 0xb4, 0xa1, 0x58, 0x42, 0x50, 0xbf,
+ 0xfc, 0x2f, 0xc8, 0x4d, 0x95, 0xde, 0xcf, 0x04, 0x23, 0x83, 0xab, 0x0b,
+ 0x79, 0x92, 0x05, 0x69, 0x9b, 0x51, 0x0a, 0xa7, 0x09, 0xbf, 0x31, 0xf1},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {142,
+ {0x8f, 0x27, 0x86, 0x94, 0xc4, 0xe9, 0xda, 0xeb, 0xd5, 0x8d, 0x3e, 0x5b,
+ 0x96, 0x6e, 0x8b, 0x68, 0x42, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09,
+ 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x06, 0x53, 0xe7, 0xa3,
+ 0x31, 0x71, 0x88, 0x33, 0xac, 0xc3, 0xb9, 0xad, 0xff, 0x1c, 0x31, 0x98,
+ 0xa6, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2,
+ 0x40, 0xd1, 0xab, 0xf4, 0xde, 0x04, 0x9a, 0x00, 0xa8, 0x64, 0x06, 0x4b,
+ 0xbc, 0xd4, 0x6f, 0xe4, 0xe4, 0x5b, 0x42, 0x8f},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x8f, 0x4c, 0x51, 0xbb, 0x42, 0x23, 0x3a, 0x72, 0x76, 0xa2, 0xc0, 0x91,
+ 0x2a, 0x88, 0xf3, 0xcb, 0xc5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x66, 0xd6, 0xf5, 0x69,
+ 0x05, 0xd4, 0x58, 0x06, 0xf3, 0x08, 0x28, 0xa9, 0x93, 0x86, 0x9a, 0x03,
+ 0xc5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x66, 0xd6, 0xf5, 0x69, 0x05, 0xd4, 0x58, 0x06,
+ 0xf3, 0x08, 0x28, 0xa9, 0x93, 0x86, 0x9a, 0x03, 0x8b, 0xfb, 0xab, 0x17,
+ 0xa9, 0xe0, 0xb8, 0x74, 0x8b, 0x51, 0x0a, 0xe7, 0xd9, 0xfd, 0x23, 0x05},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {143,
+ {0xd5, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x9a, 0x22, 0xd7, 0x0a, 0x48, 0xe2, 0x4f, 0xdd,
+ 0xcd, 0xd4, 0x41, 0x9d, 0xe6, 0x4c, 0x8f, 0x44, 0xfc, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x77, 0xb5, 0xc9, 0x07, 0xd9, 0xc9, 0xe1, 0xea, 0x51, 0x85, 0x1a, 0x20,
+ 0x4a, 0xad, 0x9f, 0x0a, 0x24, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x3f, 0x91, 0xf8, 0xe7,
+ 0xc7, 0xb1, 0x96, 0x25, 0x64, 0x61, 0x9c, 0x5e, 0x7e, 0x9b, 0xf6, 0x13},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xd5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x1d, 0xe0, 0x1d, 0x03, 0xa4, 0xfb, 0x69, 0x2b,
+ 0x0f, 0x13, 0x57, 0x17, 0xda, 0x3c, 0x93, 0x03, 0x9c, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x14, 0xbc, 0x01, 0x79, 0x57, 0xdc, 0xfa, 0x2c, 0xc0, 0xdb, 0xb8, 0x1d,
+ 0xf5, 0x83, 0xcb, 0x01, 0x9c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x14, 0xbc, 0x01, 0x79,
+ 0x57, 0xdc, 0xfa, 0x2c, 0xc0, 0xdb, 0xb8, 0x1d, 0xf5, 0x83, 0xcb, 0x01,
+ 0x49, 0xbc, 0x6e, 0x9f, 0xc5, 0x1c, 0x4d, 0x50, 0x30, 0x36, 0x64, 0x4d,
+ 0x84, 0x27, 0x73, 0xd2},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {144,
+ {0xdb, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x75, 0xd5, 0x64, 0x3a, 0xa5, 0xaf, 0x93, 0x4d,
+ 0x8c, 0xce, 0x39, 0x2c, 0xc3, 0xee, 0xdb, 0x47, 0xc0, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0x60, 0x1b, 0x5a, 0xd2, 0x06, 0x7f, 0x28, 0x06, 0x6a, 0x8f, 0x32, 0x81,
+ 0x71, 0x5b, 0xa8, 0x08, 0x18, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x28, 0x3f, 0x6b, 0x32,
+ 0x18, 0x07, 0x5f, 0xc9, 0x5f, 0x6b, 0xb4, 0xff, 0x45, 0x6d, 0xc1, 0x11},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xf2, 0x17, 0xae, 0x33, 0x49, 0xb6, 0xb5, 0xbb,
+ 0x4e, 0x09, 0x2f, 0xa6, 0xff, 0x9e, 0xc7, 0x00, 0xa0, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0x03, 0x12, 0x92, 0xac, 0x88, 0x6a, 0x33, 0xc0, 0xfb, 0xd1, 0x90, 0xbc,
+ 0xce, 0x75, 0xfc, 0x03, 0xa0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x12, 0x92, 0xac,
+ 0x88, 0x6a, 0x33, 0xc0, 0xfb, 0xd1, 0x90, 0xbc, 0xce, 0x75, 0xfc, 0x03,
+ 0x63, 0xda, 0x6e, 0xa2, 0x51, 0xf0, 0x39, 0x53, 0x2c, 0x36, 0x64, 0x5d,
+ 0x38, 0xb7, 0x6f, 0xd7},
+ false,
+ false},
+
+ // Comment: edge case intermediate sums in poly1305
+ {145,
+ {0x93, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35,
+ 0x43, 0x19, 0x87, 0x5c, 0x62, 0x48, 0x39, 0x60, 0x42, 0x16, 0xe4, 0x03,
+ 0xeb, 0xcc, 0x6a, 0xf5, 0x59, 0xec, 0x8b, 0x43, 0x97, 0x7a, 0xed, 0x35,
+ 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64,
+ 0xd8, 0xc8, 0xc3, 0xfa, 0x1a, 0x9e, 0x47, 0x4a, 0xbe, 0x52, 0xd0, 0x2c,
+ 0x81, 0x87, 0xe9, 0x0f, 0x4f, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2,
+ 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x90, 0xec, 0xf2, 0x1a,
+ 0x04, 0xe6, 0x30, 0x85, 0x8b, 0xb6, 0x56, 0x52, 0xb5, 0xb1, 0x80, 0x16},
+ {0xff, 0xff, 0xff, 0xff},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52},
+ {0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xe5, 0x8a, 0xf3, 0x69, 0xae, 0x0f, 0xc2, 0xf5,
+ 0x29, 0x0b, 0x7c, 0x7f, 0x65, 0x9c, 0x97, 0x04, 0xf7, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xbb, 0xc1, 0x0b, 0x84, 0x94, 0x8b, 0x5c, 0x8c, 0x2f, 0x0c, 0x72, 0x11,
+ 0x3e, 0xa9, 0xbd, 0x04, 0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbb, 0xc1, 0x0b, 0x84,
+ 0x94, 0x8b, 0x5c, 0x8c, 0x2f, 0x0c, 0x72, 0x11, 0x3e, 0xa9, 0xbd, 0x04,
+ 0x73, 0xeb, 0x27, 0x24, 0xb5, 0xc4, 0x05, 0xf0, 0x4d, 0x00, 0xd0, 0xf1,
+ 0x58, 0x40, 0xa1, 0xc1},
+ false,
+ false},
+
+ // Comment: invalid nonce size
+ {146,
+ {},
+ {},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f},
+ {},
+ true,
+ true},
+
+ // Comment: invalid nonce size
+ {147,
+ {},
+ {},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f},
+ {},
+ true,
+ true},
+
+ // Comment: invalid nonce size
+ {148,
+ {},
+ {},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f},
+ {},
+ true,
+ true},
+
+ // Comment: invalid nonce size
+ {149,
+ {},
+ {},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f,
+ 0x5f, 0x5f},
+ {},
+ true,
+ true},
+
+ // Comment: invalid nonce size
+ {150,
+ {},
+ {},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f,
+ 0x5f, 0x5f, 0x5f, 0x5f},
+ {},
+ true,
+ true}};
+
+#endif // chachapoly_vectors_h__
diff --git a/security/nss/gtests/common/testvectors/curve25519-vectors.h b/security/nss/gtests/common/testvectors/curve25519-vectors.h
new file mode 100644
index 000000000..bf350cfa6
--- /dev/null
+++ b/security/nss/gtests/common/testvectors/curve25519-vectors.h
@@ -0,0 +1,1879 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef curve25519_vectors_h__
+#define curve25519_vectors_h__
+
+#include <string>
+#include <vector>
+
+typedef struct curve25519_testvector_str {
+ std::vector<uint8_t> private_key;
+ std::vector<uint8_t> public_key;
+ std::vector<uint8_t> secret;
+ bool valid;
+} curve25519_testvector;
+
+const curve25519_testvector kCurve25519Vectors[] = {
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
+ 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
+ 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
+ true},
+
+ // A public key that's too short (31 bytes).
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x20, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b},
+ {},
+ false},
+
+ // A public key that's too long (33 bytes).
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34},
+ {},
+ false},
+
+ // A private key with leading zeros (they should not be stripped)
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x00, 0x99, 0xD1, 0x90, 0x60, 0xCF, 0x79, 0xF0, 0x6F, 0x4F, 0x2E, 0x47,
+ 0x97, 0x5B, 0x2A, 0x90, 0x01, 0x6C, 0x94, 0xF4, 0x3D, 0x94, 0x02, 0x57,
+ 0x13, 0xDB, 0xB2, 0xA3, 0xD9, 0x54, 0x0B, 0xE5, 0xa1, 0x23, 0x03, 0x21,
+ 0x05, 0x66, 0xA7, 0x26, 0xE0, 0xFC, 0x83, 0xEF, 0xA2, 0x56, 0xF4, 0xCC,
+ 0xEA, 0x71, 0x07, 0x4D, 0xBB, 0x5C, 0x76, 0x0A, 0x9F, 0xF4, 0x7E, 0x5C,
+ 0x5D, 0x4C, 0xB8, 0xDA, 0x9E, 0x44, 0x60, 0x52, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {0xB9, 0x4B, 0x92, 0xEA, 0xDA, 0x64, 0x40, 0xD3, 0x08, 0x63, 0x06,
+ 0x45, 0xF4, 0x4C, 0xCD, 0x19, 0x7B, 0xE6, 0x0A, 0xBC, 0x6C, 0x9D,
+ 0x96, 0x8F, 0x5D, 0x70, 0x44, 0x55, 0xD0, 0x1B, 0xEE, 0x4A},
+ true},
+
+ // A private key that's too short
+ {{0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48,
+ 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA,
+ 0x47, 0x0F, 0x01, 0x04, 0x4B, 0x30, 0x49, 0x02, 0x01, 0x01, 0x04, 0x1F,
+ 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1, 0x72, 0x51,
+ 0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A, 0xB1,
+ 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03, 0x21, 0x00,
+ 0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B, 0x7D, 0xDC,
+ 0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38, 0x1A, 0xF4,
+ 0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
+ 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
+ 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
+ false},
+
+ // A private key that's too long
+ {{0x30, 0x68, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48,
+ 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA,
+ 0x47, 0x0F, 0x01, 0x04, 0x4D, 0x30, 0x4B, 0x02, 0x01, 0x01, 0x04, 0x21,
+ 0x43, 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1,
+ 0x72, 0x51, 0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99,
+ 0x2A, 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03,
+ 0x21, 0x00, 0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B,
+ 0x7D, 0xDC, 0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38,
+ 0x1A, 0xF4, 0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
+ 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
+ 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
+ false}};
+
+// Testvectors from project wycheproof
+// <https://github.com/google/wycheproof>
+const curve25519_testvector kCurve25519WycheproofVectors[] = {
+
+ // Comment: normal case
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x48, 0x52, 0x83, 0x4d, 0x9d, 0x6b, 0x77, 0xda, 0xde, 0xab, 0xaa, 0xf2,
+ 0xe1, 0x1d, 0xca, 0x66, 0xd1, 0x9f, 0xe7, 0x49, 0x93, 0xa7, 0xbe, 0xc3,
+ 0x6c, 0x6e, 0x16, 0xa0, 0x98, 0x3f, 0xea, 0xba, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5, 0x8f,
+ 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9, 0x15, 0xc4, 0xb2, 0xe0, 0x8e,
+ 0x74, 0x4a, 0x0e, 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a},
+ {0x87, 0xb7, 0xf2, 0x12, 0xb6, 0x27, 0xf7, 0xa5, 0x4c, 0xa5, 0xe0,
+ 0xbc, 0xda, 0xdd, 0xd5, 0x38, 0x9d, 0x9d, 0xe6, 0x15, 0x6c, 0xdb,
+ 0xcf, 0x8e, 0xbe, 0x14, 0xff, 0xbc, 0xfb, 0x43, 0x65, 0x51},
+ true},
+
+ // Comment: normal case
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5, 0x8f,
+ 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9, 0x15, 0xc4, 0xb2, 0xe0, 0x8e,
+ 0x74, 0x4a, 0x0e, 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a},
+ {0x4b, 0x82, 0xbd, 0x86, 0x50, 0xea, 0x9b, 0x81, 0xa4, 0x21, 0x81,
+ 0x84, 0x09, 0x26, 0xa4, 0xff, 0xa1, 0x64, 0x34, 0xd1, 0xbf, 0x29,
+ 0x8d, 0xe1, 0xdb, 0x87, 0xef, 0xb5, 0xb0, 0xa9, 0xe3, 0x4e},
+ true},
+
+ // Comment: public key on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x58, 0x8c, 0x06, 0x1a, 0x50, 0x80, 0x4a, 0xc4, 0x88, 0xad, 0x77, 0x4a,
+ 0xc7, 0x16, 0xc3, 0xf5, 0xba, 0x71, 0x4b, 0x27, 0x12, 0xe0, 0x48, 0x49,
+ 0x13, 0x79, 0xa5, 0x00, 0x21, 0x19, 0x98, 0xa8, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x63, 0xaa, 0x40, 0xc6, 0xe3, 0x83, 0x46, 0xc5, 0xca,
+ 0xf2, 0x3a, 0x6d, 0xf0, 0xa5, 0xe6, 0xc8, 0x08, 0x89, 0xa0, 0x86, 0x47,
+ 0xe5, 0x51, 0xb3, 0x56, 0x34, 0x49, 0xbe, 0xfc, 0xfc, 0x97, 0x33},
+ {0xb1, 0xa7, 0x07, 0x51, 0x94, 0x95, 0xff, 0xff, 0xb2, 0x98, 0xff,
+ 0x94, 0x17, 0x16, 0xb0, 0x6d, 0xfa, 0xb8, 0x7c, 0xf8, 0xd9, 0x11,
+ 0x23, 0xfe, 0x2b, 0xe9, 0xa2, 0x33, 0xdd, 0xa2, 0x22, 0x12},
+ true},
+
+ // Comment: public key on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xb0, 0x5b, 0xfd, 0x32, 0xe5, 0x53, 0x25, 0xd9, 0xfd, 0x64, 0x8c, 0xb3,
+ 0x02, 0x84, 0x80, 0x39, 0x00, 0x0b, 0x39, 0x0e, 0x44, 0xd5, 0x21, 0xe5,
+ 0x8a, 0xab, 0x3b, 0x29, 0xa6, 0x96, 0x0b, 0xa8, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x0f, 0x83, 0xc3, 0x6f, 0xde, 0xd9, 0xd3, 0x2f, 0xad,
+ 0xf4, 0xef, 0xa3, 0xae, 0x93, 0xa9, 0x0b, 0xb5, 0xcf, 0xa6, 0x68, 0x93,
+ 0xbc, 0x41, 0x2c, 0x43, 0xfa, 0x72, 0x87, 0xdb, 0xb9, 0x97, 0x79},
+ {0x67, 0xdd, 0x4a, 0x6e, 0x16, 0x55, 0x33, 0x53, 0x4c, 0x0e, 0x3f,
+ 0x17, 0x2e, 0x4a, 0xb8, 0x57, 0x6b, 0xca, 0x92, 0x3a, 0x5f, 0x07,
+ 0xb2, 0xc0, 0x69, 0xb4, 0xc3, 0x10, 0xff, 0x2e, 0x93, 0x5b},
+ true},
+
+ // Comment: public key on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x70, 0xe3, 0x4b, 0xcb, 0xe1, 0xf4, 0x7f, 0xbc, 0x0f, 0xdd, 0xfd, 0x7c,
+ 0x1e, 0x1a, 0xa5, 0x3d, 0x57, 0xbf, 0xe0, 0xf6, 0x6d, 0x24, 0x30, 0x67,
+ 0xb4, 0x24, 0xbb, 0x62, 0x10, 0xbe, 0xd1, 0x9c, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x0b, 0x82, 0x11, 0xa2, 0xb6, 0x04, 0x90, 0x97, 0xf6,
+ 0x87, 0x1c, 0x6c, 0x05, 0x2d, 0x3c, 0x5f, 0xc1, 0xba, 0x17, 0xda, 0x9e,
+ 0x32, 0xae, 0x45, 0x84, 0x03, 0xb0, 0x5b, 0xb2, 0x83, 0x09, 0x2a},
+ {0x4a, 0x06, 0x38, 0xcf, 0xaa, 0x9e, 0xf1, 0x93, 0x3b, 0x47, 0xf8,
+ 0x93, 0x92, 0x96, 0xa6, 0xb2, 0x5b, 0xe5, 0x41, 0xef, 0x7f, 0x70,
+ 0xe8, 0x44, 0xc0, 0xbc, 0xc0, 0x0b, 0x13, 0x4d, 0xe6, 0x4a},
+ true},
+
+ // Comment: public key on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x68, 0xc1, 0xf3, 0xa6, 0x53, 0xa4, 0xcd, 0xb1, 0xd3, 0x7b, 0xba, 0x94,
+ 0x73, 0x8f, 0x8b, 0x95, 0x7a, 0x57, 0xbe, 0xb2, 0x4d, 0x64, 0x6e, 0x99,
+ 0x4d, 0xc2, 0x9a, 0x27, 0x6a, 0xad, 0x45, 0x8d, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x34, 0x3a, 0xc2, 0x0a, 0x3b, 0x9c, 0x6a, 0x27, 0xb1,
+ 0x00, 0x81, 0x76, 0x50, 0x9a, 0xd3, 0x07, 0x35, 0x85, 0x6e, 0xc1, 0xc8,
+ 0xd8, 0xfc, 0xae, 0x13, 0x91, 0x2d, 0x08, 0xd1, 0x52, 0xf4, 0x6c},
+ {0x39, 0x94, 0x91, 0xfc, 0xe8, 0xdf, 0xab, 0x73, 0xb4, 0xf9, 0xf6,
+ 0x11, 0xde, 0x8e, 0xa0, 0xb2, 0x7b, 0x28, 0xf8, 0x59, 0x94, 0x25,
+ 0x0b, 0x0f, 0x47, 0x5d, 0x58, 0x5d, 0x04, 0x2a, 0xc2, 0x07},
+ true},
+
+ // Comment: public key on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xd8, 0x77, 0xb2, 0x6d, 0x06, 0xdf, 0xf9, 0xd9, 0xf7, 0xfd, 0x4c, 0x5b,
+ 0x37, 0x69, 0xf8, 0xcd, 0xd5, 0xb3, 0x05, 0x16, 0xa5, 0xab, 0x80, 0x6b,
+ 0xe3, 0x24, 0xff, 0x3e, 0xb6, 0x9e, 0xa0, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xfa, 0x69, 0x5f, 0xc7, 0xbe, 0x8d, 0x1b, 0xe5, 0xbf,
+ 0x70, 0x48, 0x98, 0xf3, 0x88, 0xc4, 0x52, 0xba, 0xfd, 0xd3, 0xb8, 0xea,
+ 0xe8, 0x05, 0xf8, 0x68, 0x1a, 0x8d, 0x15, 0xc2, 0xd4, 0xe1, 0x42},
+ {0x2c, 0x4f, 0xe1, 0x1d, 0x49, 0x0a, 0x53, 0x86, 0x17, 0x76, 0xb1,
+ 0x3b, 0x43, 0x54, 0xab, 0xd4, 0xcf, 0x5a, 0x97, 0x69, 0x9d, 0xb6,
+ 0xe6, 0xc6, 0x8c, 0x16, 0x26, 0xd0, 0x76, 0x62, 0xf7, 0x58},
+ true},
+
+ // Comment: public key = 0
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x20, 0x74, 0x94, 0x03, 0x8f, 0x2b, 0xb8, 0x11, 0xd4, 0x78, 0x05, 0xbc,
+ 0xdf, 0x04, 0xa2, 0xac, 0x58, 0x5a, 0xda, 0x7f, 0x2f, 0x23, 0x38, 0x9b,
+ 0xfd, 0x46, 0x58, 0xf9, 0xdd, 0xd4, 0xde, 0xbc, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key = 1
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x20, 0x2e, 0x89, 0x72, 0xb6, 0x1c, 0x7e, 0x61, 0x93, 0x0e, 0xb9, 0x45,
+ 0x0b, 0x50, 0x70, 0xea, 0xe1, 0xc6, 0x70, 0x47, 0x56, 0x85, 0x54, 0x1f,
+ 0x04, 0x76, 0x21, 0x7e, 0x48, 0x18, 0xcf, 0xab, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x38, 0xdd, 0xe9, 0xf3, 0xe7, 0xb7, 0x99, 0x04, 0x5f, 0x9a, 0xc3, 0x79,
+ 0x3d, 0x4a, 0x92, 0x77, 0xda, 0xde, 0xad, 0xc4, 0x1b, 0xec, 0x02, 0x90,
+ 0xf8, 0x1f, 0x74, 0x4f, 0x73, 0x77, 0x5f, 0x84, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x9a, 0x2c, 0xfe, 0x84, 0xff, 0x9c, 0x4a, 0x97, 0x39, 0x62, 0x5c,
+ 0xae, 0x4a, 0x3b, 0x82, 0xa9, 0x06, 0x87, 0x7a, 0x44, 0x19, 0x46,
+ 0xf8, 0xd7, 0xb3, 0xd7, 0x95, 0xfe, 0x8f, 0x5d, 0x16, 0x39},
+ true},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x98, 0x57, 0xa9, 0x14, 0xe3, 0xc2, 0x90, 0x36, 0xfd, 0x9a, 0x44, 0x2b,
+ 0xa5, 0x26, 0xb5, 0xcd, 0xcd, 0xf2, 0x82, 0x16, 0x15, 0x3e, 0x63, 0x6c,
+ 0x10, 0x67, 0x7a, 0xca, 0xb6, 0xbd, 0x6a, 0xa5, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x4d, 0xa4, 0xe0, 0xaa, 0x07, 0x2c, 0x23, 0x2e, 0xe2, 0xf0, 0xfa,
+ 0x4e, 0x51, 0x9a, 0xe5, 0x0b, 0x52, 0xc1, 0xed, 0xd0, 0x8a, 0x53,
+ 0x4d, 0x4e, 0xf3, 0x46, 0xc2, 0xe1, 0x06, 0xd2, 0x1d, 0x60},
+ true},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x48, 0xe2, 0x13, 0x0d, 0x72, 0x33, 0x05, 0xed, 0x05, 0xe6, 0xe5, 0x89,
+ 0x4d, 0x39, 0x8a, 0x5e, 0x33, 0x36, 0x7a, 0x8c, 0x6a, 0xac, 0x8f, 0xcd,
+ 0xf0, 0xa8, 0x8e, 0x4b, 0x42, 0x82, 0x0d, 0xb7, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0xf8, 0xff, 0xff,
+ 0x1f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfe, 0xff,
+ 0xff, 0x07, 0x00, 0x00, 0xf0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00},
+ {0x9e, 0xd1, 0x0c, 0x53, 0x74, 0x7f, 0x64, 0x7f, 0x82, 0xf4, 0x51,
+ 0x25, 0xd3, 0xde, 0x15, 0xa1, 0xe6, 0xb8, 0x24, 0x49, 0x6a, 0xb4,
+ 0x04, 0x10, 0xff, 0xcc, 0x3c, 0xfe, 0x95, 0x76, 0x0f, 0x3b},
+ true},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x28, 0xf4, 0x10, 0x11, 0x69, 0x18, 0x51, 0xb3, 0xa6, 0x2b, 0x64, 0x15,
+ 0x53, 0xb3, 0x0d, 0x0d, 0xfd, 0xdc, 0xb8, 0xff, 0xfc, 0xf5, 0x37, 0x00,
+ 0xa7, 0xbe, 0x2f, 0x6a, 0x87, 0x2e, 0x9f, 0xb0, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0x07, 0x00, 0x00,
+ 0xe0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x01, 0x00,
+ 0x00, 0xf8, 0xff, 0xff, 0x0f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x7f},
+ {0xcf, 0x72, 0xb4, 0xaa, 0x6a, 0xa1, 0xc9, 0xf8, 0x94, 0xf4, 0x16,
+ 0x5b, 0x86, 0x10, 0x9a, 0xa4, 0x68, 0x51, 0x76, 0x48, 0xe1, 0xf0,
+ 0xcc, 0x70, 0xe1, 0xab, 0x08, 0x46, 0x01, 0x76, 0x50, 0x6b},
+ true},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x18, 0xa9, 0x3b, 0x64, 0x99, 0xb9, 0xf6, 0xb3, 0x22, 0x5c, 0xa0, 0x2f,
+ 0xef, 0x41, 0x0e, 0x0a, 0xde, 0xc2, 0x35, 0x32, 0x32, 0x1d, 0x2d, 0x8e,
+ 0xf1, 0xa6, 0xd6, 0x02, 0xa8, 0xc6, 0x5b, 0x83, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
+ 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x7f},
+ {0x5d, 0x50, 0xb6, 0x28, 0x36, 0xbb, 0x69, 0x57, 0x94, 0x10, 0x38,
+ 0x6c, 0xf7, 0xbb, 0x81, 0x1c, 0x14, 0xbf, 0x85, 0xb1, 0xc7, 0xb1,
+ 0x7e, 0x59, 0x24, 0xc7, 0xff, 0xea, 0x91, 0xef, 0x9e, 0x12},
+ true},
+
+ // Comment: edge case on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc0, 0x1d, 0x13, 0x05, 0xa1, 0x33, 0x8a, 0x1f, 0xca, 0xc2, 0xba, 0x7e,
+ 0x2e, 0x03, 0x2b, 0x42, 0x7e, 0x0b, 0x04, 0x90, 0x31, 0x65, 0xac, 0xa9,
+ 0x57, 0xd8, 0xd0, 0x55, 0x3d, 0x87, 0x17, 0xb0, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x19, 0x23, 0x0e, 0xb1, 0x48, 0xd5, 0xd6, 0x7c, 0x3c, 0x22, 0xab,
+ 0x1d, 0xae, 0xff, 0x80, 0xa5, 0x7e, 0xae, 0x42, 0x65, 0xce, 0x28,
+ 0x72, 0x65, 0x7b, 0x2c, 0x80, 0x99, 0xfc, 0x69, 0x8e, 0x50},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x38, 0x6f, 0x7f, 0x16, 0xc5, 0x07, 0x31, 0xd6, 0x4f, 0x82, 0xe6, 0xa1,
+ 0x70, 0xb1, 0x42, 0xa4, 0xe3, 0x4f, 0x31, 0xfd, 0x77, 0x68, 0xfc, 0xb8,
+ 0x90, 0x29, 0x25, 0xe7, 0xd1, 0xe2, 0x1a, 0xbe, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x0f, 0xca, 0xb5, 0xd8, 0x42, 0xa0, 0x78, 0xd7, 0xa7, 0x1f, 0xc5,
+ 0x9b, 0x57, 0xbf, 0xb4, 0xca, 0x0b, 0xe6, 0x87, 0x3b, 0x49, 0xdc,
+ 0xdb, 0x9f, 0x44, 0xe1, 0x4a, 0xe8, 0xfb, 0xdf, 0xa5, 0x42},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xe0, 0x23, 0xa2, 0x89, 0xbd, 0x5e, 0x90, 0xfa, 0x28, 0x04, 0xdd, 0xc0,
+ 0x19, 0xa0, 0x5e, 0xf3, 0xe7, 0x9d, 0x43, 0x4b, 0xb6, 0xea, 0x2f, 0x52,
+ 0x2e, 0xcb, 0x64, 0x3a, 0x75, 0x29, 0x6e, 0x95, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff,
+ 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00,
+ 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00},
+ {0x54, 0xce, 0x8f, 0x22, 0x75, 0xc0, 0x77, 0xe3, 0xb1, 0x30, 0x6a,
+ 0x39, 0x39, 0xc5, 0xe0, 0x3e, 0xef, 0x6b, 0xbb, 0x88, 0x06, 0x05,
+ 0x44, 0x75, 0x8d, 0x9f, 0xef, 0x59, 0xb0, 0xbc, 0x3e, 0x4f},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x68, 0xf0, 0x10, 0xd6, 0x2e, 0xe8, 0xd9, 0x26, 0x05, 0x3a, 0x36, 0x1c,
+ 0x3a, 0x75, 0xc6, 0xea, 0x4e, 0xbd, 0xc8, 0x60, 0x6a, 0xb2, 0x85, 0x00,
+ 0x3a, 0x6f, 0x8f, 0x40, 0x76, 0xb0, 0x1e, 0x83, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03},
+ {0xf1, 0x36, 0x77, 0x5c, 0x5b, 0xeb, 0x0a, 0xf8, 0x11, 0x0a, 0xf1,
+ 0x0b, 0x20, 0x37, 0x23, 0x32, 0x04, 0x3c, 0xab, 0x75, 0x24, 0x19,
+ 0x67, 0x87, 0x75, 0xa2, 0x23, 0xdf, 0x57, 0xc9, 0xd3, 0x0d},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x58, 0xeb, 0xcb, 0x35, 0xb0, 0xf8, 0x84, 0x5c, 0xaf, 0x1e, 0xc6, 0x30,
+ 0xf9, 0x65, 0x76, 0xb6, 0x2c, 0x4b, 0x7b, 0x6c, 0x36, 0xb2, 0x9d, 0xeb,
+ 0x2c, 0xb0, 0x08, 0x46, 0x51, 0x75, 0x5c, 0x96, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xfb, 0xff, 0xff, 0xfb, 0xff, 0xff,
+ 0xdf, 0xff, 0xff, 0xdf, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfe, 0xff,
+ 0xff, 0xf7, 0xff, 0xff, 0xf7, 0xff, 0xff, 0xbf, 0xff, 0xff, 0x3f},
+ {0xbf, 0x9a, 0xff, 0xd0, 0x6b, 0x84, 0x40, 0x85, 0x58, 0x64, 0x60,
+ 0x96, 0x2e, 0xf2, 0x14, 0x6f, 0xf3, 0xd4, 0x53, 0x3d, 0x94, 0x44,
+ 0xaa, 0xb0, 0x06, 0xeb, 0x88, 0xcc, 0x30, 0x54, 0x40, 0x7d},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x18, 0x8c, 0x4b, 0xc5, 0xb9, 0xc4, 0x4b, 0x38, 0xbb, 0x65, 0x8b, 0x9b,
+ 0x2a, 0xe8, 0x2d, 0x5b, 0x01, 0x01, 0x5e, 0x09, 0x31, 0x84, 0xb1, 0x7c,
+ 0xb7, 0x86, 0x35, 0x03, 0xa7, 0x83, 0xe1, 0xbb, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f},
+ {0xd4, 0x80, 0xde, 0x04, 0xf6, 0x99, 0xcb, 0x3b, 0xe0, 0x68, 0x4a,
+ 0x9c, 0xc2, 0xe3, 0x12, 0x81, 0xea, 0x0b, 0xc5, 0xa9, 0xdc, 0xc1,
+ 0x57, 0xd3, 0xd2, 0x01, 0x58, 0xd4, 0x6c, 0xa5, 0x24, 0x6d},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xe0, 0x6c, 0x11, 0xbb, 0x2e, 0x13, 0xce, 0x3d, 0xc7, 0x67, 0x3f, 0x67,
+ 0xf5, 0x48, 0x22, 0x42, 0x90, 0x94, 0x23, 0xa9, 0xae, 0x95, 0xee, 0x98,
+ 0x6a, 0x98, 0x8d, 0x98, 0xfa, 0xee, 0x23, 0xa2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0xff,
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfe,
+ 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f},
+ {0x4c, 0x44, 0x01, 0xcc, 0xe6, 0xb5, 0x1e, 0x4c, 0xb1, 0x8f, 0x27,
+ 0x90, 0x24, 0x6c, 0x9b, 0xf9, 0x14, 0xdb, 0x66, 0x77, 0x50, 0xa1,
+ 0xcb, 0x89, 0x06, 0x90, 0x92, 0xaf, 0x07, 0x29, 0x22, 0x76},
+ true},
+
+ // Comment: edge case for public key
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc0, 0x65, 0x8c, 0x46, 0xdd, 0xe1, 0x81, 0x29, 0x29, 0x38, 0x77, 0x53,
+ 0x5b, 0x11, 0x62, 0xb6, 0xf9, 0xf5, 0x41, 0x4a, 0x23, 0xcf, 0x4d, 0x2c,
+ 0xbc, 0x14, 0x0a, 0x4d, 0x99, 0xda, 0x2b, 0x8f, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x57, 0x8b, 0xa8, 0xcc, 0x2d, 0xbd, 0xc5, 0x75, 0xaf, 0xcf, 0x9d,
+ 0xf2, 0xb3, 0xee, 0x61, 0x89, 0xf5, 0x33, 0x7d, 0x68, 0x54, 0xc7,
+ 0x9b, 0x4c, 0xe1, 0x65, 0xea, 0x12, 0x29, 0x3b, 0x3a, 0x0f},
+ true},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x25, 0x5c, 0x92, 0x30, 0xa9, 0x7a, 0x30, 0xa4, 0x58, 0xca, 0x28,
+ 0x4a, 0x62, 0x96, 0x69, 0x29, 0x3a, 0x31, 0x89, 0x0c, 0xda, 0x9d, 0x14,
+ 0x7f, 0xeb, 0xc7, 0xd1, 0xe2, 0x2d, 0x6b, 0xb1, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16,
+ 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c,
+ 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x78, 0xf1, 0xe8, 0xed, 0xf1, 0x44, 0x81, 0xb3, 0x89, 0x44, 0x8d, 0xac,
+ 0x8f, 0x59, 0xc7, 0x0b, 0x03, 0x8e, 0x7c, 0xf9, 0x2e, 0xf2, 0xc7, 0xef,
+ 0xf5, 0x7a, 0x72, 0x46, 0x6e, 0x11, 0x52, 0x96, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1,
+ 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58,
+ 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa0, 0x5a, 0x3e, 0x8f, 0x9f, 0x44, 0x20, 0x4d, 0x5f, 0x80, 0x59,
+ 0xa9, 0x4a, 0xc7, 0xdf, 0xc3, 0x9a, 0x49, 0xac, 0x01, 0x6d, 0xd7, 0x43,
+ 0xdb, 0xfa, 0x43, 0xc5, 0xd6, 0x71, 0xfd, 0x88, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xd0, 0xdb, 0xb3, 0xed, 0x19, 0x06, 0x66, 0x3f, 0x15, 0x42, 0x0a, 0xf3,
+ 0x1f, 0x4e, 0xaf, 0x65, 0x09, 0xd9, 0xa9, 0x94, 0x97, 0x23, 0x50, 0x06,
+ 0x05, 0xad, 0x7c, 0x1c, 0x6e, 0x74, 0x50, 0xa9, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc0, 0xb1, 0xd0, 0xeb, 0x22, 0xb2, 0x44, 0xfe, 0x32, 0x91, 0x14, 0x00,
+ 0x72, 0xcd, 0xd9, 0xd9, 0x89, 0xb5, 0xf0, 0xec, 0xd9, 0x6c, 0x10, 0x0f,
+ 0xeb, 0x5b, 0xca, 0x24, 0x1c, 0x1d, 0x9f, 0x8f, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x48, 0x0b, 0xf4, 0x5f, 0x59, 0x49, 0x42, 0xa8, 0xbc, 0x0f, 0x33, 0x53,
+ 0xc6, 0xe8, 0xb8, 0x85, 0x3d, 0x77, 0xf3, 0x51, 0xf1, 0xc2, 0xca, 0x6c,
+ 0x2d, 0x1a, 0xbf, 0x8a, 0x00, 0xb4, 0x22, 0x9c, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x30, 0xf9, 0x93, 0xfc, 0xf8, 0x51, 0x4f, 0xc8, 0x9b, 0xd8, 0xdb, 0x14,
+ 0xcd, 0x43, 0xba, 0x0d, 0x4b, 0x25, 0x30, 0xe7, 0x3c, 0x42, 0x76, 0xa0,
+ 0x5e, 0x1b, 0x14, 0x5d, 0x42, 0x0c, 0xed, 0xb4, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc0, 0x49, 0x74, 0xb7, 0x58, 0x38, 0x0e, 0x2a, 0x5b, 0x5d, 0xf6, 0xeb,
+ 0x09, 0xbb, 0x2f, 0x6b, 0x34, 0x34, 0xf9, 0x82, 0x72, 0x2a, 0x8e, 0x67,
+ 0x6d, 0x3d, 0xa2, 0x51, 0xd1, 0xb3, 0xde, 0x83, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16,
+ 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c,
+ 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x50, 0x2a, 0x31, 0x37, 0x3d, 0xb3, 0x24, 0x46, 0x84, 0x2f, 0xe5, 0xad,
+ 0xd3, 0xe0, 0x24, 0x02, 0x2e, 0xa5, 0x4f, 0x27, 0x41, 0x82, 0xaf, 0xc3,
+ 0xd9, 0xf1, 0xbb, 0x3d, 0x39, 0x53, 0x4e, 0xb5, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1,
+ 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58,
+ 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x90, 0xfa, 0x64, 0x17, 0xb0, 0xe3, 0x70, 0x30, 0xfd, 0x6e, 0x43, 0xef,
+ 0xf2, 0xab, 0xae, 0xf1, 0x4c, 0x67, 0x93, 0x11, 0x7a, 0x03, 0x9c, 0xf6,
+ 0x21, 0x31, 0x8b, 0xa9, 0x0f, 0x4e, 0x98, 0xbe, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x78, 0xad, 0x3f, 0x26, 0x02, 0x7f, 0x1c, 0x9f, 0xdd, 0x97, 0x5a, 0x16,
+ 0x13, 0xb9, 0x47, 0x77, 0x9b, 0xad, 0x2c, 0xf2, 0xb7, 0x41, 0xad, 0xe0,
+ 0x18, 0x40, 0x88, 0x5a, 0x30, 0xbb, 0x97, 0x9c, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x98, 0xe2, 0x3d, 0xe7, 0xb1, 0xe0, 0x92, 0x6e, 0xd9, 0xc8, 0x7e, 0x7b,
+ 0x14, 0xba, 0xf5, 0x5f, 0x49, 0x7a, 0x1d, 0x70, 0x96, 0xf9, 0x39, 0x77,
+ 0x68, 0x0e, 0x44, 0xdc, 0x1c, 0x7b, 0x7b, 0x8b, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1,
+ 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58,
+ 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16,
+ 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c,
+ 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1,
+ 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58,
+ 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16,
+ 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c,
+ 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key with low order
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2,
+ 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14,
+ 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ false},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xf0, 0x1e, 0x48, 0xda, 0xfa, 0xc9, 0xd7, 0xbc, 0xf5, 0x89, 0xcb, 0xc3,
+ 0x82, 0xc8, 0x78, 0xd1, 0x8b, 0xda, 0x35, 0x50, 0x58, 0x9f, 0xfb, 0x5d,
+ 0x50, 0xb5, 0x23, 0xbe, 0xbe, 0x32, 0x9d, 0xae, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0xbd, 0x36, 0xa0, 0x79, 0x0e, 0xb8, 0x83, 0x09, 0x8c, 0x98, 0x8b,
+ 0x21, 0x78, 0x67, 0x73, 0xde, 0x0b, 0x3a, 0x4d, 0xf1, 0x62, 0x28,
+ 0x2c, 0xf1, 0x10, 0xde, 0x18, 0xdd, 0x48, 0x4c, 0xe7, 0x4b},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x28, 0x87, 0x96, 0xbc, 0x5a, 0xff, 0x4b, 0x81, 0xa3, 0x75, 0x01, 0x75,
+ 0x7b, 0xc0, 0x75, 0x3a, 0x3c, 0x21, 0x96, 0x47, 0x90, 0xd3, 0x86, 0x99,
+ 0x30, 0x8d, 0xeb, 0xc1, 0x7a, 0x6e, 0xaf, 0x8d, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0xb4, 0xe0, 0xdd, 0x76, 0xda, 0x7b, 0x07, 0x17, 0x28, 0xb6, 0x1f,
+ 0x85, 0x67, 0x71, 0xaa, 0x35, 0x6e, 0x57, 0xed, 0xa7, 0x8a, 0x5b,
+ 0x16, 0x55, 0xcc, 0x38, 0x20, 0xfb, 0x5f, 0x85, 0x4c, 0x5c},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x98, 0xdf, 0x84, 0x5f, 0x66, 0x51, 0xbf, 0x11, 0x38, 0x22, 0x1f, 0x11,
+ 0x90, 0x41, 0xf7, 0x2b, 0x6d, 0xbc, 0x3c, 0x4a, 0xce, 0x71, 0x43, 0xd9,
+ 0x9f, 0xd5, 0x5a, 0xd8, 0x67, 0x48, 0x0d, 0xa8, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x6f, 0xdf, 0x6c, 0x37, 0x61, 0x1d, 0xbd, 0x53, 0x04, 0xdc, 0x0f,
+ 0x2e, 0xb7, 0xc9, 0x51, 0x7e, 0xb3, 0xc5, 0x0e, 0x12, 0xfd, 0x05,
+ 0x0a, 0xc6, 0xde, 0xc2, 0x70, 0x71, 0xd4, 0xbf, 0xc0, 0x34},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xf0, 0x94, 0x98, 0xe4, 0x6f, 0x02, 0xf8, 0x78, 0x82, 0x9e, 0x78, 0xb8,
+ 0x03, 0xd3, 0x16, 0xa2, 0xed, 0x69, 0x5d, 0x04, 0x98, 0xa0, 0x8a, 0xbd,
+ 0xf8, 0x27, 0x69, 0x30, 0xe2, 0x4e, 0xdc, 0xb0, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ {0x4c, 0x8f, 0xc4, 0xb1, 0xc6, 0xab, 0x88, 0xfb, 0x21, 0xf1, 0x8f,
+ 0x6d, 0x4c, 0x81, 0x02, 0x40, 0xd4, 0xe9, 0x46, 0x51, 0xba, 0x44,
+ 0xf7, 0xa2, 0xc8, 0x63, 0xce, 0xc7, 0xdc, 0x56, 0x60, 0x2d},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x18, 0x13, 0xc1, 0x0a, 0x5c, 0x7f, 0x21, 0xf9, 0x6e, 0x17, 0xf2, 0x88,
+ 0xc0, 0xcc, 0x37, 0x60, 0x7c, 0x04, 0xc5, 0xf5, 0xae, 0xa2, 0xdb, 0x13,
+ 0x4f, 0x9e, 0x2f, 0xfc, 0x66, 0xbd, 0x9d, 0xb8, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x1c, 0xd0, 0xb2, 0x82, 0x67, 0xdc, 0x54, 0x1c, 0x64, 0x2d, 0x6d,
+ 0x7d, 0xca, 0x44, 0xa8, 0xb3, 0x8a, 0x63, 0x73, 0x6e, 0xef, 0x5c,
+ 0x4e, 0x65, 0x01, 0xff, 0xbb, 0xb1, 0x78, 0x0c, 0x03, 0x3c},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x78, 0x57, 0xfb, 0x80, 0x86, 0x53, 0x64, 0x5a, 0x0b, 0xeb, 0x13, 0x8a,
+ 0x64, 0xf5, 0xf4, 0xd7, 0x33, 0xa4, 0x5e, 0xa8, 0x4c, 0x3c, 0xda, 0x11,
+ 0xa9, 0xc0, 0x6f, 0x7e, 0x71, 0x39, 0x14, 0x9e, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x87, 0x55, 0xbe, 0x01, 0xc6, 0x0a, 0x7e, 0x82, 0x5c, 0xff, 0x3e,
+ 0x0e, 0x78, 0xcb, 0x3a, 0xa4, 0x33, 0x38, 0x61, 0x51, 0x6a, 0xa5,
+ 0x9b, 0x1c, 0x51, 0xa8, 0xb2, 0xa5, 0x43, 0xdf, 0xa8, 0x22},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xe0, 0x3a, 0xa8, 0x42, 0xe2, 0xab, 0xc5, 0x6e, 0x81, 0xe8, 0x7b, 0x8b,
+ 0x9f, 0x41, 0x7b, 0x2a, 0x1e, 0x59, 0x13, 0xc7, 0x23, 0xee, 0xd2, 0x8d,
+ 0x75, 0x2f, 0x8d, 0x47, 0xa5, 0x9f, 0x49, 0x8f, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80},
+ {0x54, 0xc9, 0xa1, 0xed, 0x95, 0xe5, 0x46, 0xd2, 0x78, 0x22, 0xa3,
+ 0x60, 0x93, 0x1d, 0xda, 0x60, 0xa1, 0xdf, 0x04, 0x9d, 0xa6, 0xf9,
+ 0x04, 0x25, 0x3c, 0x06, 0x12, 0xbb, 0xdc, 0x08, 0x74, 0x76},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xf8, 0xf7, 0x07, 0xb7, 0x99, 0x9b, 0x18, 0xcb, 0x0d, 0x6b, 0x96, 0x12,
+ 0x4f, 0x20, 0x45, 0x97, 0x2c, 0xa2, 0x74, 0xbf, 0xc1, 0x54, 0xad, 0x0c,
+ 0x87, 0x03, 0x8c, 0x24, 0xc6, 0xd0, 0xd4, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xcc, 0x1f, 0x40, 0xd7, 0x43, 0xcd, 0xc2, 0x23, 0x0e, 0x10, 0x43,
+ 0xda, 0xba, 0x8b, 0x75, 0xe8, 0x10, 0xf1, 0xfb, 0xab, 0x7f, 0x25,
+ 0x52, 0x69, 0xbd, 0x9e, 0xbb, 0x29, 0xe6, 0xbf, 0x49, 0x4f},
+ false},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0x34, 0xf6, 0x84, 0xfa, 0x63, 0x1e, 0x1a, 0x34, 0x81, 0x18, 0xc1,
+ 0xce, 0x4c, 0x98, 0x23, 0x1f, 0x2d, 0x9e, 0xec, 0x9b, 0xa5, 0x36, 0x5b,
+ 0x4a, 0x05, 0xd6, 0x9a, 0x78, 0x5b, 0x07, 0x96, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x54, 0x99, 0x8e, 0xe4, 0x3a, 0x5b, 0x00, 0x7b, 0xf4, 0x99, 0xf0,
+ 0x78, 0xe7, 0x36, 0x52, 0x44, 0x00, 0xa8, 0xb5, 0xc7, 0xe9, 0xb9,
+ 0xb4, 0x37, 0x71, 0x74, 0x8c, 0x7c, 0xdf, 0x88, 0x04, 0x12},
+ false},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x30, 0xb6, 0xc6, 0xa0, 0xf2, 0xff, 0xa6, 0x80, 0x76, 0x8f, 0x99, 0x2b,
+ 0xa8, 0x9e, 0x15, 0x2d, 0x5b, 0xc9, 0x89, 0x3d, 0x38, 0xc9, 0x11, 0x9b,
+ 0xe4, 0xf7, 0x67, 0xbf, 0xab, 0x6e, 0x0c, 0xa5, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xdc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xea, 0xd9, 0xb3, 0x8e, 0xfd, 0xd7, 0x23, 0x63, 0x79, 0x34, 0xe5,
+ 0x5a, 0xb7, 0x17, 0xa7, 0xae, 0x09, 0xeb, 0x86, 0xa2, 0x1d, 0xc3,
+ 0x6a, 0x3f, 0xee, 0xb8, 0x8b, 0x75, 0x9e, 0x39, 0x1e, 0x09},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x90, 0x1b, 0x9d, 0xcf, 0x88, 0x1e, 0x01, 0xe0, 0x27, 0x57, 0x50, 0x35,
+ 0xd4, 0x0b, 0x43, 0xbd, 0xc1, 0xc5, 0x24, 0x2e, 0x03, 0x08, 0x47, 0x49,
+ 0x5b, 0x0c, 0x72, 0x86, 0x46, 0x9b, 0x65, 0x91, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x60, 0x2f, 0xf4, 0x07, 0x89, 0xb5, 0x4b, 0x41, 0x80, 0x59, 0x15,
+ 0xfe, 0x2a, 0x62, 0x21, 0xf0, 0x7a, 0x50, 0xff, 0xc2, 0xc3, 0xfc,
+ 0x94, 0xcf, 0x61, 0xf1, 0x3d, 0x79, 0x04, 0xe8, 0x8e, 0x0e},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x80, 0x46, 0x67, 0x7c, 0x28, 0xfd, 0x82, 0xc9, 0xa1, 0xbd, 0xb7, 0x1a,
+ 0x1a, 0x1a, 0x34, 0xfa, 0xba, 0x12, 0x25, 0xe2, 0x50, 0x7f, 0xe3, 0xf5,
+ 0x4d, 0x10, 0xbd, 0x5b, 0x0d, 0x86, 0x5f, 0x8e, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xe0, 0x0a, 0xe8, 0xb1, 0x43, 0x47, 0x12, 0x47, 0xba, 0x24, 0xf1,
+ 0x2c, 0x88, 0x55, 0x36, 0xc3, 0xcb, 0x98, 0x1b, 0x58, 0xe1, 0xe5,
+ 0x6b, 0x2b, 0xaf, 0x35, 0xc1, 0x2a, 0xe1, 0xf7, 0x9c, 0x26},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x60, 0x2f, 0x7e, 0x2f, 0x68, 0xa8, 0x46, 0xb8, 0x2c, 0xc2, 0x69, 0xb1,
+ 0xd4, 0x8e, 0x93, 0x98, 0x86, 0xae, 0x54, 0xfd, 0x63, 0x6c, 0x1f, 0xe0,
+ 0x74, 0xd7, 0x10, 0x12, 0x7d, 0x47, 0x24, 0x91, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x98, 0xcb, 0x9b, 0x50, 0xdd, 0x3f, 0xc2, 0xb0, 0xd4, 0xf2, 0xd2,
+ 0xbf, 0x7c, 0x5c, 0xfd, 0xd1, 0x0c, 0x8f, 0xcd, 0x31, 0xfc, 0x40,
+ 0xaf, 0x1a, 0xd4, 0x4f, 0x47, 0xc1, 0x31, 0x37, 0x63, 0x62},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x60, 0x88, 0x7b, 0x3d, 0xc7, 0x24, 0x43, 0x02, 0x6e, 0xbe, 0xdb, 0xbb,
+ 0xb7, 0x06, 0x65, 0xf4, 0x2b, 0x87, 0xad, 0xd1, 0x44, 0x0e, 0x77, 0x68,
+ 0xfb, 0xd7, 0xe8, 0xe2, 0xce, 0x5f, 0x63, 0x9d, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x38, 0xd6, 0x30, 0x4c, 0x4a, 0x7e, 0x6d, 0x9f, 0x79, 0x59, 0x33,
+ 0x4f, 0xb5, 0x24, 0x5b, 0xd2, 0xc7, 0x54, 0x52, 0x5d, 0x4c, 0x91,
+ 0xdb, 0x95, 0x02, 0x06, 0x92, 0x62, 0x34, 0xc1, 0xf6, 0x33},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x78, 0xd3, 0x1d, 0xfa, 0x85, 0x44, 0x97, 0xd7, 0x2d, 0x8d, 0xef, 0x8a,
+ 0x1b, 0x7f, 0xb0, 0x06, 0xce, 0xc2, 0xd8, 0xc4, 0x92, 0x46, 0x47, 0xc9,
+ 0x38, 0x14, 0xae, 0x56, 0xfa, 0xed, 0xa4, 0x95, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x78, 0x6c, 0xd5, 0x49, 0x96, 0xf0, 0x14, 0xa5, 0xa0, 0x31, 0xec,
+ 0x14, 0xdb, 0x81, 0x2e, 0xd0, 0x83, 0x55, 0x06, 0x1f, 0xdb, 0x5d,
+ 0xe6, 0x80, 0xa8, 0x00, 0xac, 0x52, 0x1f, 0x31, 0x8e, 0x23},
+ true},
+
+ // Comment: public key >= p
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc0, 0x4c, 0x5b, 0xae, 0xfa, 0x83, 0x02, 0xdd, 0xde, 0xd6, 0xa4, 0xbb,
+ 0x95, 0x77, 0x61, 0xb4, 0xeb, 0x97, 0xae, 0xfa, 0x4f, 0xc3, 0xb8, 0x04,
+ 0x30, 0x85, 0xf9, 0x6a, 0x56, 0x59, 0xb3, 0xa5, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x29, 0xae, 0x8b, 0xc7, 0x3e, 0x9b, 0x10, 0xa0, 0x8b, 0x4f, 0x68,
+ 0x1c, 0x43, 0xc3, 0xe0, 0xac, 0x1a, 0x17, 0x1d, 0x31, 0xb3, 0x8f,
+ 0x1a, 0x48, 0xef, 0xba, 0x29, 0xae, 0x63, 0x9e, 0xa1, 0x34},
+ true},
+
+ // Comment: RFC 7748
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15, 0x4b,
+ 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
+ 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0x44, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 0x35,
+ 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 0x72, 0x66, 0x24, 0xec, 0x26,
+ 0xb3, 0x35, 0x3b, 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c},
+ {0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 0x8e, 0x94, 0xea,
+ 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c,
+ 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52},
+ true},
+
+ // Comment: RFC 7748
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x48, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c, 0x5a, 0xd2, 0x26, 0x91,
+ 0x95, 0x7d, 0x6a, 0xf5, 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
+ 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x4d, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3, 0xf4,
+ 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c, 0x31, 0xdb, 0xe7, 0x10, 0x6f,
+ 0xc0, 0x3c, 0x3e, 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x13},
+ {0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d, 0x7a, 0xad, 0xe4,
+ 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f,
+ 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x0a, 0xb4, 0xe7, 0x63, 0x80, 0xd8, 0x4d, 0xde, 0x4f,
+ 0x68, 0x33, 0xc5, 0x8f, 0x2a, 0x9f, 0xb8, 0xf8, 0x3b, 0xb0, 0x16, 0x9b,
+ 0x17, 0x2b, 0xe4, 0xb6, 0xe0, 0x59, 0x28, 0x87, 0x74, 0x1a, 0x36},
+ {0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x89, 0xe1, 0x0d, 0x57, 0x01, 0xb4, 0x33, 0x7d, 0x2d,
+ 0x03, 0x21, 0x81, 0x53, 0x8b, 0x10, 0x64, 0xbd, 0x40, 0x84, 0x40, 0x1c,
+ 0xec, 0xa1, 0xfd, 0x12, 0x66, 0x3a, 0x19, 0x59, 0x38, 0x80, 0x00},
+ {0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x2b, 0x55, 0xd3, 0xaa, 0x4a, 0x8f, 0x80, 0xc8, 0xc0,
+ 0xb2, 0xae, 0x5f, 0x93, 0x3e, 0x85, 0xaf, 0x49, 0xbe, 0xac, 0x36, 0xc2,
+ 0xfa, 0x73, 0x94, 0xba, 0xb7, 0x6c, 0x89, 0x33, 0xf8, 0xf8, 0x1d},
+ {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x63, 0xe5, 0xb1, 0xfe, 0x96, 0x01, 0xfe, 0x84, 0x38,
+ 0x5d, 0x88, 0x66, 0xb0, 0x42, 0x12, 0x62, 0xf7, 0x8f, 0xbf, 0xa5, 0xaf,
+ 0xf9, 0x58, 0x5e, 0x62, 0x66, 0x79, 0xb1, 0x85, 0x47, 0xd9, 0x59},
+ {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xe4, 0x28, 0xf3, 0xda, 0xc1, 0x78, 0x09, 0xf8, 0x27,
+ 0xa5, 0x22, 0xce, 0x32, 0x35, 0x50, 0x58, 0xd0, 0x73, 0x69, 0x36, 0x4a,
+ 0xa7, 0x89, 0x02, 0xee, 0x10, 0x13, 0x9b, 0x9f, 0x9d, 0xd6, 0x53},
+ {0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xb3, 0xb5, 0x0e, 0x3e, 0xd3, 0xa4, 0x07, 0xb9, 0x5d,
+ 0xe9, 0x42, 0xef, 0x74, 0x57, 0x5b, 0x5a, 0xb8, 0xa1, 0x0c, 0x09, 0xee,
+ 0x10, 0x35, 0x44, 0xd6, 0x0b, 0xdf, 0xed, 0x81, 0x38, 0xab, 0x2b},
+ {0xf9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x21, 0x3f, 0xff, 0xe9, 0x3d, 0x5e, 0xa8, 0xcd, 0x24,
+ 0x2e, 0x46, 0x28, 0x44, 0x02, 0x99, 0x22, 0xc4, 0x3c, 0x77, 0xc9, 0xe3,
+ 0xe4, 0x2f, 0x56, 0x2f, 0x48, 0x5d, 0x24, 0xc5, 0x01, 0xa2, 0x0b},
+ {0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x91, 0xb2, 0x32, 0xa1, 0x78, 0xb3, 0xcd, 0x53, 0x09,
+ 0x32, 0x44, 0x1e, 0x61, 0x39, 0x41, 0x8f, 0x72, 0x17, 0x22, 0x92, 0xf1,
+ 0xda, 0x4c, 0x18, 0x34, 0xfc, 0x5e, 0xbf, 0xef, 0xb5, 0x1e, 0x3f},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x04, 0x5c, 0x6e, 0x11, 0xc5, 0xd3, 0x32, 0x55, 0x6c,
+ 0x78, 0x22, 0xfe, 0x94, 0xeb, 0xf8, 0x9b, 0x56, 0xa3, 0x87, 0x8d, 0xc2,
+ 0x7c, 0xa0, 0x79, 0x10, 0x30, 0x58, 0x84, 0x9f, 0xab, 0xcb, 0x4f},
+ {0xe5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x1c, 0xa2, 0x19, 0x0b, 0x71, 0x16, 0x35, 0x39, 0x06,
+ 0x3c, 0x35, 0x77, 0x3b, 0xda, 0x0c, 0x9c, 0x92, 0x8e, 0x91, 0x36, 0xf0,
+ 0x62, 0x0a, 0xeb, 0x09, 0x3f, 0x09, 0x91, 0x97, 0xb7, 0xf7, 0x4e},
+ {0xe3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xf7, 0x6e, 0x90, 0x10, 0xac, 0x33, 0xc5, 0x04, 0x3b,
+ 0x2d, 0x3b, 0x76, 0xa8, 0x42, 0x17, 0x10, 0x00, 0xc4, 0x91, 0x62, 0x22,
+ 0xe9, 0xe8, 0x58, 0x97, 0xa0, 0xae, 0xc7, 0xf6, 0x35, 0x0b, 0x3c},
+ {0xdd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xbb, 0x72, 0x68, 0x8d, 0x8f, 0x8a, 0xa7, 0xa3, 0x9c,
+ 0xd6, 0x06, 0x0c, 0xd5, 0xc8, 0x09, 0x3c, 0xde, 0xc6, 0xfe, 0x34, 0x19,
+ 0x37, 0xc3, 0x88, 0x6a, 0x99, 0x34, 0x6c, 0xd0, 0x7f, 0xaa, 0x55},
+ {0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x88, 0xfd, 0xde, 0xa1, 0x93, 0x39, 0x1c, 0x6a, 0x59,
+ 0x33, 0xef, 0x9b, 0x71, 0x90, 0x15, 0x49, 0x44, 0x72, 0x05, 0xaa, 0xe9,
+ 0xda, 0x92, 0x8a, 0x6b, 0x91, 0xa3, 0x52, 0xba, 0x10, 0xf4, 0x1f},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
+ true},
+
+ // Comment: edge case for shared secret
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c,
+ 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
+ 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x30, 0x3b, 0x39, 0x2f, 0x15, 0x31, 0x16, 0xca, 0xd9,
+ 0xcc, 0x68, 0x2a, 0x00, 0xcc, 0xc4, 0x4c, 0x95, 0xff, 0x0d, 0x3b, 0xbe,
+ 0x56, 0x8b, 0xeb, 0x6c, 0x4e, 0x73, 0x9b, 0xaf, 0xdc, 0x2c, 0x68},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00},
+ true},
+
+ // Comment: checking for overflow
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9,
+ 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
+ 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xfd, 0x30, 0x0a, 0xeb, 0x40, 0xe1, 0xfa, 0x58, 0x25,
+ 0x18, 0x41, 0x2b, 0x49, 0xb2, 0x08, 0xa7, 0x84, 0x2b, 0x1e, 0x1f, 0x05,
+ 0x6a, 0x04, 0x01, 0x78, 0xea, 0x41, 0x41, 0x53, 0x4f, 0x65, 0x2d},
+ {0xb7, 0x34, 0x10, 0x5d, 0xc2, 0x57, 0x58, 0x5d, 0x73, 0xb5, 0x66,
+ 0xcc, 0xb7, 0x6f, 0x06, 0x27, 0x95, 0xcc, 0xbe, 0xc8, 0x91, 0x28,
+ 0xe5, 0x2b, 0x02, 0xf3, 0xe5, 0x96, 0x39, 0xf1, 0x3c, 0x46},
+ true},
+
+ // Comment: checking for overflow
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9,
+ 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
+ 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xc8, 0xef, 0x79, 0xb5, 0x14, 0xd7, 0x68, 0x26, 0x77,
+ 0xbc, 0x79, 0x31, 0xe0, 0x6e, 0xe5, 0xc2, 0x7c, 0x9b, 0x39, 0x2b, 0x4a,
+ 0xe9, 0x48, 0x44, 0x73, 0xf5, 0x54, 0xe6, 0x67, 0x8e, 0xcc, 0x2e},
+ {0x64, 0x7a, 0x46, 0xb6, 0xfc, 0x3f, 0x40, 0xd6, 0x21, 0x41, 0xee,
+ 0x3c, 0xee, 0x70, 0x6b, 0x4d, 0x7a, 0x92, 0x71, 0x59, 0x3a, 0x7b,
+ 0x14, 0x3e, 0x8e, 0x2e, 0x22, 0x79, 0x88, 0x3e, 0x45, 0x50},
+ true},
+
+ // Comment: checking for overflow
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9,
+ 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
+ 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x64, 0xae, 0xac, 0x25, 0x04, 0x14, 0x48, 0x61, 0x53,
+ 0x2b, 0x7b, 0xbc, 0xb6, 0xc8, 0x7d, 0x67, 0xdd, 0x4c, 0x1f, 0x07, 0xeb,
+ 0xc2, 0xe0, 0x6e, 0xff, 0xb9, 0x5a, 0xec, 0xc6, 0x17, 0x0b, 0x2c},
+ {0x4f, 0xf0, 0x3d, 0x5f, 0xb4, 0x3c, 0xd8, 0x65, 0x7a, 0x3c, 0xf3,
+ 0x7c, 0x13, 0x8c, 0xad, 0xce, 0xcc, 0xe5, 0x09, 0xe4, 0xeb, 0xa0,
+ 0x89, 0xd0, 0xef, 0x40, 0xb4, 0xe4, 0xfb, 0x94, 0x61, 0x55},
+ true},
+
+ // Comment: checking for overflow
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9,
+ 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
+ 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xbf, 0x68, 0xe3, 0x5e, 0x9b, 0xdb, 0x7e, 0xee, 0x1b,
+ 0x50, 0x57, 0x02, 0x21, 0x86, 0x0f, 0x5d, 0xcd, 0xad, 0x8a, 0xcb, 0xab,
+ 0x03, 0x1b, 0x14, 0x97, 0x4c, 0xc4, 0x90, 0x13, 0xc4, 0x98, 0x31},
+ {0x21, 0xce, 0xe5, 0x2e, 0xfd, 0xbc, 0x81, 0x2e, 0x1d, 0x02, 0x1a,
+ 0x4a, 0xf1, 0xe1, 0xd8, 0xbc, 0x4d, 0xb3, 0xc4, 0x00, 0xe4, 0xd2,
+ 0xa2, 0xc5, 0x6a, 0x39, 0x26, 0xdb, 0x4d, 0x99, 0xc6, 0x5b},
+ true},
+
+ // Comment: checking for overflow
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9,
+ 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
+ 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x53, 0x47, 0xc4, 0x91, 0x33, 0x1a, 0x64, 0xb4, 0x3d,
+ 0xdc, 0x68, 0x30, 0x34, 0xe6, 0x77, 0xf5, 0x3d, 0xc3, 0x2b, 0x52, 0xa5,
+ 0x2a, 0x57, 0x7c, 0x15, 0xa8, 0x3b, 0xf2, 0x98, 0xe9, 0x9f, 0x19},
+ {0x18, 0xcb, 0x89, 0xe4, 0xe2, 0x0c, 0x0c, 0x2b, 0xd3, 0x24, 0x30,
+ 0x52, 0x45, 0x26, 0x6c, 0x93, 0x27, 0x69, 0x0b, 0xbe, 0x79, 0xac,
+ 0xb8, 0x8f, 0x5b, 0x8f, 0xb3, 0xf7, 0x4e, 0xca, 0x3e, 0x52},
+ true},
+
+ // Comment: private key == -1 (mod order)
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xa0, 0x23, 0xcd, 0xd0, 0x83, 0xef, 0x5b, 0xb8, 0x2f, 0x10, 0xd6, 0x2e,
+ 0x59, 0xe1, 0x5a, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 0xe6,
+ 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57, 0x19, 0x2d, 0x80, 0x71, 0x7e,
+ 0xdc, 0x82, 0x8f, 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75},
+ {0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 0xe6, 0x57, 0x19,
+ 0xfc, 0x69, 0x06, 0xc6, 0x57, 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc,
+ 0x82, 0x8f, 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75},
+ true},
+
+ // Comment: private key == 1 (mod order) on twist
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x58, 0x08, 0x3d, 0xd2, 0x61, 0xad, 0x91, 0xef, 0xf9, 0x52, 0x32, 0x2e,
+ 0xc8, 0x24, 0xc6, 0x82, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 0x2d,
+ 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6, 0xe9, 0xd0, 0xdb, 0xd1, 0xe3,
+ 0x83, 0xef, 0x64, 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35},
+ {0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 0x2d, 0x37, 0xd2,
+ 0x58, 0xf8, 0x73, 0xa8, 0xe6, 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83,
+ 0xef, 0x64, 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35},
+ true}};
+
+#endif // curve25519_vectors_h__
diff --git a/security/nss/gtests/common/testvectors/gcm-vectors.h b/security/nss/gtests/common/testvectors/gcm-vectors.h
new file mode 100644
index 000000000..f0b6cc7e3
--- /dev/null
+++ b/security/nss/gtests/common/testvectors/gcm-vectors.h
@@ -0,0 +1,1535 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling ./mach wycheproof */
+
+#ifndef gcm_vectors_h__
+#define gcm_vectors_h__
+
+#include <string>
+
+typedef struct gcm_kat_str {
+ uint32_t test_id;
+ std::string key;
+ std::string plaintext;
+ std::string additional_data;
+ std::string iv;
+ std::string hash_key;
+ std::string ghash;
+ std::string result;
+ bool invalid_ct;
+ bool invalid_iv;
+} gcm_kat_value;
+
+/*
+ * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ */
+const gcm_kat_value kGcmKatValues[] = {
+ {1, "00000000000000000000000000000000", "", "", "000000000000000000000000",
+ "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000",
+ "58e2fccefa7e3061367f1d57a4e7455a", false, false},
+
+ {2, "00000000000000000000000000000000", "00000000000000000000000000000000",
+ "", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
+ "f38cbb1ad69223dcc3457ae5b6b0f885",
+ "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf", false,
+ false},
+
+ {3, "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78",
+ "7f1b32b81b820d02614f8895ac1d4eac",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+ "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c"
+ "f35abd2ba6fab4",
+ false, false},
+
+ {4, "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f",
+ "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
+ "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7"
+ "121a47",
+ false, false},
+
+ {5, "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b",
+ "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
+ "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac"
+ "a2fccb",
+ false, false},
+
+ {6, "feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de",
+ "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
+ "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16"
+ "99d050",
+ false, false},
+
+ {7, "000000000000000000000000000000000000000000000000", "", "",
+ "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7",
+ "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435",
+ false, false},
+
+ {8, "000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000", "", "000000000000000000000000",
+ "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce",
+ "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb", false,
+ false},
+
+ {9, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249",
+ "51110d40f6c8fff0eb1ae33445a889f0",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+ "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1"
+ "18024db8674a14",
+ false, false},
+
+ {10, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268",
+ "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
+ "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d"
+ "27618c",
+ false, false},
+
+ {11, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089",
+ "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
+ "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d"
+ "3533f8",
+ false, false},
+
+ {12, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94",
+ "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
+ "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3"
+ "76a6d9",
+ false, false},
+
+ {13, "0000000000000000000000000000000000000000000000000000000000000000", "",
+ "", "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
+ "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b",
+ false, false},
+
+ {14, "0000000000000000000000000000000000000000000000000000000000000000",
+ "00000000000000000000000000000000", "", "000000000000000000000000",
+ "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92",
+ "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919", false,
+ false},
+
+ {15, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+ "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7",
+ "4db870d37cb75fcb46097c36230d1612",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+ "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec"
+ "1a502270e3cc6c",
+ false, false},
+
+ {16, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
+ "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65",
+ "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
+ "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb"
+ "2d551b",
+ false, false},
+
+ {17, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
+ "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63",
+ "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
+ "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe"
+ "2ea8f2",
+ false, false},
+
+ {18, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
+ "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+ "feedfacedeadbeeffeedfacedeadbeefabaddad2",
+ "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
+ "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+ "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b",
+ "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
+ "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a"
+ "e9f19a",
+ false, false},
+
+ /* Extra, non-NIST, test case to test 64-bit binary multiplication carry
+ * correctness. This is a GHASH-only test. */
+ {19, "", "", "", "", "0000000000000000fcefef64ffc4766c",
+ "3561e34e52d8b598f9937982512fff27",
+ "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000", false,
+ false}};
+
+// Testvectors from project wycheproof
+// <https://github.com/google/wycheproof>
+const gcm_kat_value kGcmWycheproofVectors[] = {
+ {1, "5b9604fe14eadba931b0ccf34843dab9", "001d0c231287c1182784554ca3a21908",
+ "", "028318abc1824029138141a2", "", "0a3ea7a5487cb5f7d70fb6c58d038554",
+ "26073cc1d851beff176384dc9896d5ff0a3ea7a5487cb5f7d70fb6c58d038554", false,
+ false},
+
+ {2, "5b9604fe14eadba931b0ccf34843dab9", "001d0c231287c1182784554ca3a21908",
+ "00112233445566778899aabbccddeeff", "921d2507fa8007b7bd067d34", "",
+ "1e348ba07cca2cf04c618cb4d43a5b92",
+ "49d8b9783e911913d87094d1f63cc7651e348ba07cca2cf04c618cb4d43a5b92", false,
+ false},
+
+ {3, "aa023d0478dcb2b2312498293d9a9129", "2035af313d1346ab00154fea78322105",
+ "aac39231129872a2", "0432bc49ac34412081288127", "",
+ "4bb9b4812519dadf9e1232016d068133",
+ "eea945f3d0f98cc0fbab472a0cf24e874bb9b4812519dadf9e1232016d068133", false,
+ false},
+
+ {4, "384ea416ac3c2f51a76e7d8226346d4e", "35", "",
+ "b30c084727ad1c592ac21d12", "", "7c1e4ae88bb27e5638343cb9fd3f6337",
+ "547c1e4ae88bb27e5638343cb9fd3f6337", false, false},
+
+ {5, "cae31cd9f55526eb038241fc44cac1e5", "d10989f2c52e94ad", "",
+ "b5e006ded553110e6dc56529", "", "3b626940e0e9f0cbea8e18c437fd6011",
+ "a036ead03193903f3b626940e0e9f0cbea8e18c437fd6011", false, false},
+
+ {6, "dd6197cd63c963919cf0c273ef6b28bf", "4dcc1485365866e25ac3f2ca6aba97",
+ "", "ecb0c42f7000ef0e6f95f24d", "", "1486a91cccf92c9a5b00f7b0e034891c",
+ "8a9992388e735f80ee18f4a63c10ad1486a91cccf92c9a5b00f7b0e034891c", false,
+ false},
+
+ {7, "ffdf4228361ea1f8165852136b3480f7", "25b12e28ac0ef6ead0226a3b2288c800",
+ "", "0e1666f2dc652f7708fb8f0d", "", "1ee6513ce30c7873f59dd4350a588f42",
+ "f7bd379d130477176b8bb3cb23dbbbaa1ee6513ce30c7873f59dd4350a588f42", false,
+ false},
+
+ {8, "c15ed227dd2e237ecd087eaaaad19ea4",
+ "fee62fde973fe025ad6b322dcdf3c63fc7", "", "965ff6643116ac1443a2dec7", "",
+ "6cd8521422c0177e83ef1b7a845d97db",
+ "0de51fe4f7f2d1f0f917569f5c6d1b009c6cd8521422c0177e83ef1b7a845d97db",
+ false, false},
+
+ {9, "a8ee11b26d7ceb7f17eaa1e4b83a2cf6",
+ "c08f085e6a9e0ef3636280c11ecfadf0c1e72919ffc17eaf", "",
+ "fbbc04fd6e025b7193eb57f6", "", "f4eb193241226db017b32ec38ca47217",
+ "7cd9f4e4f365704fff3b9900aa93ba54b672bac554275650f4eb193241226db017b32ec38"
+ "ca47217",
+ false, false},
+
+ {10, "28ff3def08179311e2734c6d1c4e2871",
+ "dfc61a20df8505b53e3cd59f25770d5018add3d6", "c3",
+ "32bcb9b569e3b852d37c766a", "", "5901131d0760c8715901d881fdfd3bc0",
+ "f58d453212c2c8a436e9283672f579f1191229785901131d0760c8715901d881fdfd3bc0",
+ false, false},
+
+ {11, "e63a43216c08867210e248859eb5e99c",
+ "b14da56b0462dc05b871fc815273ff4810f92f4b", "834afdc5c737186b",
+ "9c3a4263d983456658aad4b1", "", "a97d25b490390b53c5db91f6ee2a15b8",
+ "bf864616c2347509ca9b10446379b9bdbb3b8f64a97d25b490390b53c5db91f6ee2a15b8",
+ false, false},
+
+ {12, "38449890234eb8afab0bbf82e2385454",
+ "f762776bf83163b323ca63a6b3adeac1e1357262",
+ "4020855c66ac4595058395f367201c4c", "33e90658416e7c1a7c005f11", "",
+ "b8bbdc4f5014bc752c8b4e9b87f650a3",
+ "a6f2ef3c7ef74a126dd2d5f6673964e27d5b34b6b8bbdc4f5014bc752c8b4e9b87f650a3",
+ false, false},
+
+ {13, "6a68671dfe323d419894381f85eb63fd",
+ "0fc67899c3f1bbe196d90f1eca3797389230aa37",
+ "76eb5f147250fa3c12bff0a6e3934a0b16860cf11646773b",
+ "9f0d85b605711f34cd2a35ba", "", "fce9a5b530c7d7af718be1ec0ae9ed4d",
+ "bd64802cfebaeb487d3a8f76ce943a37b3472dd5fce9a5b530c7d7af718be1ec0ae9ed4d",
+ false, false},
+
+ {14, "00112233445566778899aabbccddeeff", "ebd4a3e10cf6d41c50aeae007563b072",
+ "", "000000000000000000000000", "", "ffffffffffffffffffffffffffffffff",
+ "f62d84d649e56bc8cfedc5d74a51e2f7ffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {15, "00112233445566778899aabbccddeeff", "d593c4d8224f1b100c35e4f6c4006543",
+ "", "ffffffffffffffffffffffff", "", "00000000000000000000000000000000",
+ "431f31e6840931fd95f94bf88296ff6900000000000000000000000000000000", false,
+ false},
+
+ {16, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d9847dbc326a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d9847dbc326a06e988c77ad3863e6083", true,
+ false},
+
+ {17, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "da847dbc326a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39da847dbc326a06e988c77ad3863e6083", true,
+ false},
+
+ {18, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "58847dbc326a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b3958847dbc326a06e988c77ad3863e6083", true,
+ false},
+
+ {19, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8857dbc326a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8857dbc326a06e988c77ad3863e6083", true,
+ false},
+
+ {20, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847d3c326a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847d3c326a06e988c77ad3863e6083", true,
+ false},
+
+ {21, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc336a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc336a06e988c77ad3863e6083", true,
+ false},
+
+ {22, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc306a06e988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc306a06e988c77ad3863e6083", true,
+ false},
+
+ {23, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a066988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a066988c77ad3863e6083", true,
+ false},
+
+ {24, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e989c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e989c77ad3863e6083", true,
+ false},
+
+ {25, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e908c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e908c77ad3863e6083", true,
+ false},
+
+ {26, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988e77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988e77ad3863e6083", true,
+ false},
+
+ {27, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77bd3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77bd3863e6083", true,
+ false},
+
+ {28, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3873e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3873e6083", true,
+ false},
+
+ {29, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3843e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3843e6083", true,
+ false},
+
+ {30, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3063e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3063e6083", true,
+ false},
+
+ {31, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6082",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6082", true,
+ false},
+
+ {32, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6081",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6081", true,
+ false},
+
+ {33, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e60c3",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e60c3", true,
+ false},
+
+ {34, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6003",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6003", true,
+ false},
+
+ {35, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d9847dbc326a06e989c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d9847dbc326a06e989c77ad3863e6083", true,
+ false},
+
+ {36, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847d3c326a066988c77ad3863e6083",
+ "eb156d081ed6b6b55f4612f021d87b39d8847d3c326a066988c77ad3863e6083", true,
+ false},
+
+ {37, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d8847dbc326a066988c77ad3863e6003",
+ "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a066988c77ad3863e6003", true,
+ false},
+
+ {38, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "277b8243cd95f9167738852c79c19f7c",
+ "eb156d081ed6b6b55f4612f021d87b39277b8243cd95f9167738852c79c19f7c", true,
+ false},
+
+ {39, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "00000000000000000000000000000000",
+ "eb156d081ed6b6b55f4612f021d87b3900000000000000000000000000000000", true,
+ false},
+
+ {40, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "ffffffffffffffffffffffffffffffff",
+ "eb156d081ed6b6b55f4612f021d87b39ffffffffffffffffffffffffffffffff", true,
+ false},
+
+ {41, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "5804fd3cb2ea86690847fa5306bee003",
+ "eb156d081ed6b6b55f4612f021d87b395804fd3cb2ea86690847fa5306bee003", true,
+ false},
+
+ {42, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f",
+ "", "505152535455565758595a5b", "", "d9857cbd336b07e889c67bd2873f6182",
+ "eb156d081ed6b6b55f4612f021d87b39d9857cbd336b07e889c67bd2873f6182", true,
+ false},
+
+ {43, "aa023d0478dcb2b2312498293d9a9129", "2035af313d1346ab00154fea78322105",
+ "aac39231129872a2", "0432bc49ac344120", "",
+ "b7d0dd70b00d65b97cfd080ff4b819d1",
+ "64c36bb3b732034e3a7d04efc5197785b7d0dd70b00d65b97cfd080ff4b819d1", false,
+ false},
+
+ {44, "25dd4d6cad5a4604957847c8c6d3fc4e", "5c347835b3fa61c2ce253e5a", "",
+ "68cbeafe8f9e8a66", "", "5452843e32c13c3e35ed8230fe3446c0",
+ "9a078a04d14938918e0043585452843e32c13c3e35ed8230fe3446c0", false, false},
+
+ {45, "2034a82547276c83dd3212a813572bce",
+ "02efd2e5782312827ed5d230189a2a342b277ce048462193",
+ "1a0293d8f90219058902139013908190bc490890d3ff12a3",
+ "3254202d854734812398127a3d134421", "", "9b7abadd6e69c1d9ec925786534f5075",
+ "64069c2d58690561f27ee199e6b479b6369eec688672bde99b7abadd6e69c1d9ec9257865"
+ "34f5075",
+ false, false},
+
+ {46, "209e6dbf2ad26a105445fc0207cd9e9a", "01", "",
+ "9477849d6ccdfca112d92e53fae4a7ca", "", "032df7bba5d8ea1a14f16f70bd0e14ec",
+ "fd032df7bba5d8ea1a14f16f70bd0e14ec", false, false},
+
+ {47, "a549442e35154032d07c8666006aa6a2", "1182e93596cac5608946400bc73f3a",
+ "", "5171524568e81d97e8c4de4ba56c10a0", "",
+ "e06d1ef473132957ad37eaef29733ca0",
+ "2f333087bdca58219f9bfc273e45cce06d1ef473132957ad37eaef29733ca0", false,
+ false},
+
+ {48, "cfb4c26f126f6a0acb8e4e220f6c56cd", "09dfd7f080275257cf97e76f966b1ad9",
+ "", "1275115499ae722268515bf0c164b49c", "",
+ "2adeffa682c8d8a81fada7d9fcdd2ee2",
+ "a780bd01c80885156c88a973264c8ee52adeffa682c8d8a81fada7d9fcdd2ee2", false,
+ false},
+
+ {49, "0b11ef3a08c02970f74281c860691c75",
+ "f693d4edd825dbb0618d91113128880dbebb23e25d00ed1f077d870be9cc7536", "",
+ "95c1dd8c0f1705ece68937901f7add7b", "", "d01444fa5d9c499629d174ff3927a1ac",
+ "7e47e10fe3c6fbfa381770eaf5d48d1482e71e0c44dff1e30ca6f95d92052084d01444fa5"
+ "d9c499629d174ff3927a1ac",
+ false, false},
+
+ {50, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "f95fde4a751913202aeeee32a0b55753", "",
+ "152a65045fe674f97627427af5be22da",
+ "00078d109d92143fcd5df56721b884fac64ac7762cc09eea2a3c68e92a17bdb575f87bda1"
+ "8be564e152a65045fe674f97627427af5be22da",
+ false, false},
+
+ {51, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "7b95b8c356810a84711d68150a1b7750", "",
+ "213a3cb93855d18e69337eee66aeec07",
+ "84d4c9c08b4f482861e3a9c6c35bc4d91df927374513bfd49f436bd73f325285daef4ff7e"
+ "13d46a6213a3cb93855d18e69337eee66aeec07",
+ false, false},
+
+ {52, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "1a552e67cdc4dc1a33b824874ebf0bed", "",
+ "99b381bfa2af9751c39d1b6e86d1be6a",
+ "948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc3c60ad5a949886de968cf53ea"
+ "6462aed99b381bfa2af9751c39d1b6e86d1be6a",
+ false, false},
+
+ {53, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "dd9d0b4a0c3d681524bffca31d907661", "",
+ "5281efc7f13ac8e14ccf5dca7bfbfdd1",
+ "64b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e88aeffb1c598f3607007702417"
+ "ea0e0bc5281efc7f13ac8e14ccf5dca7bfbfdd1",
+ false, false},
+
+ {54, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "57c5643c4e37b4041db794cfe8e1f0f4", "",
+ "a3ea2c09ee4f8c8a12f45cddf9aeff81",
+ "2bb69c3e5d1f91815c6b87a0d5bbea7164b19314c31af45accdf7e3c4db79f0d948ca37a8"
+ "e6649e8a3ea2c09ee4f8c8a12f45cddf9aeff81",
+ false, false},
+
+ {55, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "99821c2dd5daecded07300f577f7aff1", "",
+ "07eb2fe4a958f8434d40684899507c7c",
+ "127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4af37d0fe9af033052bd537c4a"
+ "e978f6007eb2fe4a958f8434d40684899507c7c",
+ false, false},
+
+ {56, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "5e4a3900142358d1c774d8d124d8d27d", "",
+ "f145c2dcaf339eede427be934357eac0",
+ "0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f"
+ "877e0c4f145c2dcaf339eede427be934357eac0",
+ false, false},
+
+ {57, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "d4125676562984c0fe7cb0bdd1a954e8", "",
+ "facd0bfe8701b7b4a2ba96d98af52bd9",
+ "f0c6ffc18bd46df5569185a9afd169eb0cf6ae47156b14dce03c8a07a2e172b1127af9b39"
+ "ecdfc57facd0bfe8701b7b4a2ba96d98af52bd9",
+ false, false},
+
+ {58, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "b97ec62a5e5900ccf9e4be332e336091", "",
+ "a03e729dcfd7a03155655fece8affd7e",
+ "d6928e094c06e0a7c4db42184cf7529e95de88b767edebe9b343000be3dab47ea08b74429"
+ "3eed698a03e729dcfd7a03155655fece8affd7e",
+ false, false},
+
+ {59, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "7eb6e3079fa0b4c3eee366177d1c1d1d", "",
+ "1e43926828bc9a1614c7b1639096c195",
+ "d82ce58771bf6487116bf8e96421877ed6928e094c06e0a7c4db42184cf7529e95de88b76"
+ "7edebe91e43926828bc9a1614c7b1639096c195",
+ false, false},
+
+ {60, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "0314fcd10fdd675d3c612962c931f635", "",
+ "f08baddf0b5285c91fc06a67fe4708ca",
+ "a197a37a5d79697078536bc27fe46cd8d475526d9044aa94f088a054f8e380c64f7941479"
+ "5c61480f08baddf0b5285c91fc06a67fe4708ca",
+ false, false},
+
+ {61, "00112233445566778899aabbccddeeff",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "c4dcd9fcce24d3522b66f1469a1e8bb9", "",
+ "62a4b6875c288345d6a454399eac1afa",
+ "149fde9abbd3a43c2548575e0db9fb84a197a37a5d79697078536bc27fe46cd8d475526d9"
+ "044aa9462a4b6875c288345d6a454399eac1afa",
+ false, false},
+
+ {62, "00112233445566778899aabbccddeeff", "bec6fa05c1718b9b84c47345bbed7dcb",
+ "", "00000000000000000000000000000000", "",
+ "00000000000000000000000000000000",
+ "45a3f89d02918bfd0c8161658ccc979500000000000000000000000000000000", false,
+ false},
+
+ {63, "00112233445566778899aabbccddeeff", "4d82639c39d3f3490ee903dd0be7afcf",
+ "", "ffffffffffffffffffffffffffffffff", "",
+ "ffffffffffffffffffffffffffffffff",
+ "1cd5a06214235ceb044d4bad7b047312ffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {64, "92ace3e348cd821092cd921aa3546374299ab46209691bc28b8752d17f123c20",
+ "00010203040506070809", "00000000ffffffff", "00112233445566778899aabb", "",
+ "9a4a2579529301bcfb71c78d4060f52c",
+ "e27abdd2d2a53d2f136b9a4a2579529301bcfb71c78d4060f52c", false, false},
+
+ {65, "29d3a44f8723dc640239100c365423a312934ac80239212ac3df3421a2098123", "",
+ "aabbccddeeff", "00112233445566778899aabb", "",
+ "2a7d77fa526b8250cb296078926b5020", "2a7d77fa526b8250cb296078926b5020",
+ false, false},
+
+ {66, "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273",
+ "2a", "", "99e23ec48985bccdeeab60f1", "",
+ "633c1e9703ef744ffffb40edf9d14355", "06633c1e9703ef744ffffb40edf9d14355",
+ false, false},
+
+ {67, "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152",
+ "be3308f72a2c6aed", "", "4f07afedfdc3b6c2361823d3", "",
+ "602e8d7c4799d62c140c9bb834876b09",
+ "cf332a12fdee800b602e8d7c4799d62c140c9bb834876b09", false, false},
+
+ {68, "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb",
+ "51f8c1f731ea14acdb210a6d973e07", "", "68ab7fdbf61901dad461d23c", "",
+ "ec04aacb7148a8b8be44cb7eaf4efa69",
+ "43fc101bff4b32bfadd3daf57a590eec04aacb7148a8b8be44cb7eaf4efa69", false,
+ false},
+
+ {69, "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a",
+ "549b365af913f3b081131ccb6b825588", "", "2fcb1b38a99e71b84740ad9b", "",
+ "28752c20153092818faba2a334640d6e",
+ "f58c16690122d75356907fd96b570fca28752c20153092818faba2a334640d6e", false,
+ false},
+
+ {70, "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011",
+ "3ff1514b1c503915918f0c0c31094a6e1f", "", "45aaa3e5d16d2d42dc03445d", "",
+ "2d7379ec1db5952d4e95d30c340b1b1d",
+ "73a6b6f45f6ccc5131e07f2caa1f2e2f562d7379ec1db5952d4e95d30c340b1b1d",
+ false, false},
+
+ {71, "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7",
+ "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", "",
+ "e6b1adf2fd58a8762c65f31b", "", "7355fde599006715053813ce696237a8",
+ "0843fff52d934fc7a071ea62c0bd351ce85678cde3ea2c9e7355fde599006715053813ce6"
+ "96237a8",
+ false, false},
+
+ {72, "b279f57e19c8f53f2f963f5f2519fdb7c1779be2ca2b3ae8e1128b7d6c627fc4",
+ "fcc515b294408c8645c9183e3f4ecee5127846d1", "c0",
+ "98bc2c7438d5cd7665d76f6e", "", "ecb660e1fb0541ec41e8d68a64141b3a",
+ "eb5500e3825952866d911253f8de860c00831c81ecb660e1fb0541ec41e8d68a64141b3a",
+ false, false},
+
+ {73, "cdccfe3f46d782ef47df4e72f0c02d9c7f774def970d23486f11a57f54247f17",
+ "e28e0e9f9d22463ac0e42639b530f42102fded75", "956846a209e087ed",
+ "376187894605a8d45e30de51", "", "082e91924deeb77880e1b1c84f9b8d30",
+ "feca44952447015b5df1f456df8ca4bb4eee2ce2082e91924deeb77880e1b1c84f9b8d30",
+ false, false},
+
+ {74, "f32364b1d339d82e4f132d8f4a0ec1ff7e746517fa07ef1a7f422f4e25a48194",
+ "43891bccb522b1e72a6b53cf31c074e9d6c2df8e",
+ "ab2ac7c44c60bdf8228c7884adb20184", "5a86a50a0e8a179c734b996d", "",
+ "c3922583476ced575404ddb85dd8cd44",
+ "43dda832e942e286da314daa99bef5071d9d2c78c3922583476ced575404ddb85dd8cd44",
+ false, false},
+
+ {75, "ff0089ee870a4a39f645b0a5da774f7a5911e9696fc9cad646452c2aa8595a12",
+ "748b28031621d95ee61812b4b4f47d04c6fc2ff3",
+ "972ab4e06390caae8f99dd6e2187be6c7ff2c08a24be16ef",
+ "bc2a7757d0ce2d8b1f14ccd9", "", "ebec6774b955e789591c822dab739e12",
+ "a929ee7e67c7a2f91bbcec6389a3caf43ab49305ebec6774b955e789591c822dab739e12",
+ false, false},
+
+ {76, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "561008fa07a68f5c61285cd013464eaf", "", "000000000000000000000000", "",
+ "ffffffffffffffffffffffffffffffff",
+ "23293e9b07ca7d1b0cae7cc489a973b3ffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {77, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "c6152244cea1978d3e0bc274cf8c0b3b", "", "ffffffffffffffffffffffff", "",
+ "00000000000000000000000000000000",
+ "7cb6fc7c6abc009efe9551a99f36a42100000000000000000000000000000000", false,
+ false},
+
+ {78, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9de8fef6d8ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9de8fef6d8ab1bf1bf887232eab590dd", true,
+ false},
+
+ {79, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ee8fef6d8ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ee8fef6d8ab1bf1bf887232eab590dd", true,
+ false},
+
+ {80, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "1ce8fef6d8ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa1ce8fef6d8ab1bf1bf887232eab590dd", true,
+ false},
+
+ {81, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce9fef6d8ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce9fef6d8ab1bf1bf887232eab590dd", true,
+ false},
+
+ {82, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fe76d8ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fe76d8ab1bf1bf887232eab590dd", true,
+ false},
+
+ {83, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d9ab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d9ab1bf1bf887232eab590dd", true,
+ false},
+
+ {84, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6daab1bf1bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6daab1bf1bf887232eab590dd", true,
+ false},
+
+ {85, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1b71bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1b71bf887232eab590dd", true,
+ false},
+
+ {86, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1be887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1be887232eab590dd", true,
+ false},
+
+ {87, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf13f887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf13f887232eab590dd", true,
+ false},
+
+ {88, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bfa87232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bfa87232eab590dd", true,
+ false},
+
+ {89, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887332eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887332eab590dd", true,
+ false},
+
+ {90, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232ebb590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232ebb590dd", true,
+ false},
+
+ {91, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232e8b590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232e8b590dd", true,
+ false},
+
+ {92, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf8872326ab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf8872326ab590dd", true,
+ false},
+
+ {93, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232eab590dc",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab590dc", true,
+ false},
+
+ {94, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232eab590df",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab590df", true,
+ false},
+
+ {95, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232eab5909d",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab5909d", true,
+ false},
+
+ {96, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1bf1bf887232eab5905d",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab5905d", true,
+ false},
+
+ {97, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9de8fef6d8ab1bf1be887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9de8fef6d8ab1bf1be887232eab590dd", true,
+ false},
+
+ {98, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fe76d8ab1b71bf887232eab590dd",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fe76d8ab1b71bf887232eab590dd", true,
+ false},
+
+ {99, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9ce8fef6d8ab1b71bf887232eab5905d",
+ "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1b71bf887232eab5905d", true,
+ false},
+
+ {100, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "631701092754e40e40778dcd154a6f22",
+ "b2061457c0759fc1749f174ee1ccadfa631701092754e40e40778dcd154a6f22", true,
+ false},
+
+ {101, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "00000000000000000000000000000000",
+ "b2061457c0759fc1749f174ee1ccadfa00000000000000000000000000000000", true,
+ false},
+
+ {102, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "ffffffffffffffffffffffffffffffff",
+ "b2061457c0759fc1749f174ee1ccadfaffffffffffffffffffffffffffffffff", true,
+ false},
+
+ {103, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "1c687e76582b9b713f08f2b26a35105d",
+ "b2061457c0759fc1749f174ee1ccadfa1c687e76582b9b713f08f2b26a35105d", true,
+ false},
+
+ {104, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "9de9fff7d9aa1af0be897333ebb491dc",
+ "b2061457c0759fc1749f174ee1ccadfa9de9fff7d9aa1af0be897333ebb491dc", true,
+ false},
+
+ {105, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "029e0e777db092b12535d043012f09ba", "",
+ "09338a42f0acc14f97c064f52f5f1688",
+ "f83cee467336e1a09b75f24e9b4385c99c13e6af722256a66129ece961fe803b167bad206"
+ "f5017fb09338a42f0acc14f97c064f52f5f1688",
+ false, false},
+
+ {106, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "f1be3b06b7feac07e7eab629f556047b", "",
+ "90be3606de58bd778fa5beff4a4102bd",
+ "0b32b648a2c28e9edd7cee08eeeb900034cae7215e5ab1e201bd2eed1032c5a97866ba582"
+ "a3458a490be3606de58bd778fa5beff4a4102bd",
+ false, false},
+
+ {107, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "de9eb63b1daed321a11b7547cc9e223c", "",
+ "6e4d6396125a10df5443bd0cbc8566d1",
+ "575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d8d23434de2cd07733be49d62a"
+ "c1ae0856e4d6396125a10df5443bd0cbc8566d1",
+ false, false},
+
+ {108, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "40bb0abebc483ff6d5671241ff5d66c6", "",
+ "dc481f172545268eff63ab0490403dc3",
+ "2a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a"
+ "68d8d9ddc481f172545268eff63ab0490403dc3",
+ false, false},
+
+ {109, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "20d5cf305e630a8f49e3bb4bab18abc9", "",
+ "8a3a22bf2592958b930292aa47f590e8",
+ "96d36b795f8e7edf6a8e0dbcd20d6c072a818888d1f09f32aa7beedd2869b446575e2ecec"
+ "2b3c72d8a3a22bf2592958b930292aa47f590e8",
+ false, false},
+
+ {110, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "255358a71a0e5731f6dd6ce28e158ae6", "",
+ "2db9dc1b7fd315df1c95432432fcf474",
+ "cfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f41303c46d5c7bf9ca4c2c45a8"
+ "f1e66562db9dc1b7fd315df1c95432432fcf474",
+ false, false},
+
+ {111, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "bb76e422bbe8bbe682a10be4bdd6ce1c", "",
+ "82ad967f7ac19084354f69a751443fb2",
+ "69a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0bb49a751955b236d1b887baef"
+ "d25c47f82ad967f7ac19084354f69a751443fb2",
+ false, false},
+
+ {112, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "db1821ac59c38e9f1e25a2eee9930313", "",
+ "472d5dd582dc05ef5fc496b612023cb2",
+ "4e4417a83beac1eb7e24456a05f6ba5569a24169792e9a07f6e6f4736fa972dccfce3d920"
+ "f0e01f0472d5dd582dc05ef5fc496b612023cb2",
+ false, false},
+
+ {113, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "f7a02ecca03064b2ef3cce9feab79f07", "",
+ "caff723826df150934aee3201ba175e7",
+ "6f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3d20062009848044eef8f31f7d"
+ "2fead05caff723826df150934aee3201ba175e7",
+ false, false},
+
+ {114, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "6985924901d688659b40a999d974dbfd", "",
+ "3b08958be1286c2b4acba02b3674adb2",
+ "af193090ce3d43a388a1d294a09616906f8e174efca3097299f784efd4caff0bf168c3e51"
+ "65b9ad33b08958be1286c2b4acba02b3674adb2",
+ false, false},
+
+ {115, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "3f1188546c65ed0fc55e75032c68ee44", "",
+ "c14d52208f0f51b816a48971eaf8ff7e",
+ "5deccf838b2cf5f869c90d2a611160b1e578ab8121b93735cba4a1930647b8c4c84bf7763"
+ "33ee45ac14d52208f0f51b816a48971eaf8ff7e",
+ false, false},
+
+ {116, "00112233445566778899aabbccddeeff1021324354657687",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "a13434d1cd8301d8b12212051fabaabe", "",
+ "ea2d018099cd7925c507cef0ceddb0ae",
+ "d2cae1684aa407a13a2e2da5357e29f55deccf838b2cf5f869c90d2a611160b1e578ab812"
+ "1b93735ea2d018099cd7925c507cef0ceddb0ae",
+ false, false},
+
+ {117, "00112233445566778899aabbccddeeff1021324354657687",
+ "5c7d3f81d4b5055ed6f8db53614587a4", "", "00000000000000000000000000000000",
+ "", "00000000000000000000000000000000",
+ "541b835dc828d541073f7d7d7504ebf500000000000000000000000000000000", false,
+ false},
+
+ {118, "00112233445566778899aabbccddeeff1021324354657687",
+ "6a347ad1190e72ede611044e7475f0eb", "", "ffffffffffffffffffffffffffffffff",
+ "", "ffffffffffffffffffffffffffffffff",
+ "a3f36154331c196624564bc395e49c3bffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {119, "cee9abbc26b63e169f0ced621fe21d95904e75b881d93e6b", "46", "",
+ "1e8259e0a43e571068f701cd2064fc0c", "", "af1f5535b125b34fc466902ea40cb3a2",
+ "dcaf1f5535b125b34fc466902ea40cb3a2", false, false},
+
+ {120, "189f0bd390ba40632586a45c39735c2b87113329c800f394",
+ "b4bcd7b8eeca3050dd17682c6a914e", "", "c84442d6975f0359737de0fa828f958e",
+ "", "6b03b7557c7131e2352e495d54e61aef",
+ "2aab5c87dcb4a4dae4e975ddb65aab6b03b7557c7131e2352e495d54e61aef", false,
+ false},
+
+ {121, "b0724f15df5b792c2f49bc51df0ac5aad69be0030981613c",
+ "8da3ab9c3d195b04df452ad23953da4d", "", "13cd526ec77b58f62d48d03f8b88f2b8",
+ "", "eb05bda937faeed27f8833295d4ba559",
+ "d127fd2e67c0887d90eb92b91f357d97eb05bda937faeed27f8833295d4ba559", false,
+ false},
+
+ {122, "998750ba784841e40a7c5b03985732b6397e5459a3843954",
+ "2f60ca3494a958dc3e6ebeb5d0b4e6dda0d0c4331ab9c957f6422a5100878ebf", "",
+ "1d3d62eccd8ac5e896f2654a7f606fc9", "", "bab7fbf499ff06aad5f757b1c1a4fcc0",
+ "344c2cea17b06cb3da272e22a22a3a71ee0eaa1959a7facfff464660ddccedd1bab7fbf49"
+ "9ff06aad5f757b1c1a4fcc0",
+ false, false},
+
+ {123, "00112233445566778899aabbccddeeff1021324354657687",
+ "0b4dbbba8982e0f649f8ba85f3aa061b", "", "000000000000000000000000", "",
+ "ffffffffffffffffffffffffffffffff",
+ "3f875c9bd7d8511448459468e398c3b2ffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {124, "00112233445566778899aabbccddeeff1021324354657687",
+ "1ae93688ef7e2650a9342ad4718b2780", "", "ffffffffffffffffffffffff", "",
+ "00000000000000000000000000000000",
+ "210dabea4364c6d5b3429e774332293600000000000000000000000000000000", false,
+ false},
+
+ {125, "21218af790428f8024d3e7e1428c9fcf578c216636d60e73", "e3", "",
+ "34047bc39b9c608384dff5b8", "", "2e982e24b81cd120d35a70fe6935e665",
+ "fe2e982e24b81cd120d35a70fe6935e665", false, false},
+
+ {126, "3a8bf543c480925632118245bcbf5d01522b987a31a33da3",
+ "53fc72e71b59eeb3", "", "4ebc13cf4636cc7c45e560a7", "",
+ "6870f104ddc514477b400336fb01860e",
+ "99f2ff1c8a44e5f26870f104ddc514477b400336fb01860e", false, false},
+
+ {127, "92f4d2672fceec43963ccffb17e6ea7578b11418b06a3b82",
+ "c3ec16adb184affa8ae9738bffb916", "", "6e7ff7f0797685cfc44b05ff", "",
+ "29fff7f285768645c9c8bf7a471c9393",
+ "afe8ef41591bfcc00db3c880ceb18629fff7f285768645c9c8bf7a471c9393", false,
+ false},
+
+ {128, "bcb6bc5ee6743df1396a34639327b25809ec9c81dd6a0c0e",
+ "80474a3a3b809560eee2ce7a7a33ea07", "", "be0326d23bdc2c64648d13f4", "",
+ "e3d33e01ce64f271783147de226228bc",
+ "90339dca02ef717f1603994aee6cf6d2e3d33e01ce64f271783147de226228bc", false,
+ false},
+
+ {129, "5e1d28213e092536525bbae09e214af4c891e202b2b4fa4f",
+ "53d59433a7db7f41b31ccb6d4a2d789965", "", "b6be6cd0681235d826aa28ea", "",
+ "9f50c03e055e519712c582ec9db3235b",
+ "b98ed6321679941a3e521834296686ad989f50c03e055e519712c582ec9db3235b",
+ false, false},
+
+ {130, "7f672d85e151aa490bc0eec8f66b5e5bee74af11642be3ff",
+ "ef6412c72b03c643fa02565a0ae2378a9311c11a84065f80", "",
+ "b022067048505b20946216ef", "", "fa0484f8baa95f5b7a31c56d1b34c58b",
+ "addd303651119e52f6170dfc7a915064253d57532987b9abfa0484f8baa95f5b7a31c56d1"
+ "b34c58b",
+ false, false},
+
+ {131, "969fed5068541d65418c2c1de8fe1f845e036030496e1272",
+ "3d8233191a2823bf767e99167b1d4af4f4848458", "cb",
+ "817fe51c31f2879141a34335", "", "92909a80e90540e1878ab59ef300072b",
+ "0d2c3a3c0cc4b40e70ed45e188e356a0e1533b3192909a80e90540e1878ab59ef300072b",
+ false, false},
+
+ {132, "fa5b9b41f93f8b682c04ba816c3fecc24eec095b04dd7497",
+ "18159841813a69fc0f8f4229e1678da7c9016711", "2ed8487153e21b12",
+ "62b9cf1e923bc1138d05d205", "", "253317f98bdab87531ece20475cd9ebb",
+ "c7c1cbb85ce2a0a3f32cb9ef01ad45ec1118b66d253317f98bdab87531ece20475cd9ebb",
+ false, false},
+
+ {133, "fbfb395662787e2d25a2e7510f818e825936a35114e237c9",
+ "2952a3d64107d5cbb9602239d05a5c5c222cf72b",
+ "74318d8876528243f1944b73eb77e96e", "3f1a1e02e90a4ba7a1db9df2", "",
+ "e0877a100f9dd9d6795f0e74c56a9fab",
+ "ecf5e403f19c007c8da7a456caf0a6d75762829be0877a100f9dd9d6795f0e74c56a9fab",
+ false, false},
+
+ {134, "5d8e9c2222316c9ed5ff94513cc957436ae447a6e1a73a29",
+ "42b4439e1d2116f834b91c516a26299df279956b",
+ "5ca354a4cb8e4fc9798aa209ad4f739dc7c232fdd1f22584",
+ "0802ae86c75a73bf79561521", "", "62196638590cef429d6b1d1a59839c02",
+ "94d844d98b9467daa7e8dde7f4290037354d7fb262196638590cef429d6b1d1a59839c02",
+ false, false},
+
+ {135, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b5e44c5b2fe90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b5e44c5b2fe90e4c78f358da0d99cb64", true,
+ false},
+
+ {136, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b6e44c5b2fe90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b6e44c5b2fe90e4c78f358da0d99cb64", true,
+ false},
+
+ {137, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "34e44c5b2fe90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db034e44c5b2fe90e4c78f358da0d99cb64", true,
+ false},
+
+ {138, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e54c5b2fe90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e54c5b2fe90e4c78f358da0d99cb64", true,
+ false},
+
+ {139, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44cdb2fe90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44cdb2fe90e4c78f358da0d99cb64", true,
+ false},
+
+ {140, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2ee90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2ee90e4c78f358da0d99cb64", true,
+ false},
+
+ {141, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2de90e4c78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2de90e4c78f358da0d99cb64", true,
+ false},
+
+ {142, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90ecc78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90ecc78f358da0d99cb64", true,
+ false},
+
+ {143, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c79f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c79f358da0d99cb64", true,
+ false},
+
+ {144, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4cf8f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4cf8f358da0d99cb64", true,
+ false},
+
+ {145, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78d358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78d358da0d99cb64", true,
+ false},
+
+ {146, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f359da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f359da0d99cb64", true,
+ false},
+
+ {147, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0c99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0c99cb64", true,
+ false},
+
+ {148, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0f99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0f99cb64", true,
+ false},
+
+ {149, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da8d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da8d99cb64", true,
+ false},
+
+ {150, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0d99cb65",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb65", true,
+ false},
+
+ {151, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0d99cb66",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb66", true,
+ false},
+
+ {152, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0d99cb24",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb24", true,
+ false},
+
+ {153, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90e4c78f358da0d99cbe4",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cbe4", true,
+ false},
+
+ {154, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b5e44c5b2fe90e4c79f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b5e44c5b2fe90e4c79f358da0d99cb64", true,
+ false},
+
+ {155, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44cdb2fe90ecc78f358da0d99cb64",
+ "458256842dfd297f30bd2f8f15c92db0b4e44cdb2fe90ecc78f358da0d99cb64", true,
+ false},
+
+ {156, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b4e44c5b2fe90ecc78f358da0d99cbe4",
+ "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90ecc78f358da0d99cbe4", true,
+ false},
+
+ {157, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "4b1bb3a4d016f1b3870ca725f266349b",
+ "458256842dfd297f30bd2f8f15c92db04b1bb3a4d016f1b3870ca725f266349b", true,
+ false},
+
+ {158, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "00000000000000000000000000000000",
+ "458256842dfd297f30bd2f8f15c92db000000000000000000000000000000000", true,
+ false},
+
+ {159, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "ffffffffffffffffffffffffffffffff",
+ "458256842dfd297f30bd2f8f15c92db0ffffffffffffffffffffffffffffffff", true,
+ false},
+
+ {160, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "3464ccdbaf698eccf873d85a8d194be4",
+ "458256842dfd297f30bd2f8f15c92db03464ccdbaf698eccf873d85a8d194be4", true,
+ false},
+
+ {161, "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "",
+ "b5e54d5a2ee80f4d79f259db0c98ca65",
+ "458256842dfd297f30bd2f8f15c92db0b5e54d5a2ee80f4d79f259db0c98ca65", true,
+ false},
+
+ {162, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "5c2ea9b695fcf6e264b96074d6bfa572", "",
+ "d5808a1bd11a01129bf3c6919aff2339",
+ "28e1c5232f4ee8161dbe4c036309e0b3254e9212bef0a93431ce5e5604c8f6a73c18a3183"
+ "018b770d5808a1bd11a01129bf3c6919aff2339",
+ false, false},
+
+ {163, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "57b3a81f2c36b6b06577ca0fbab8fa8e", "",
+ "8132e865b69d64ef37db261f80cbbe24",
+ "cceebeb4fe4cd90c514e52d2327a2ecd75393661006cf2476d8620149aef3d1cdce491fff"
+ "3e7a7a38132e865b69d64ef37db261f80cbbe24",
+ false, false},
+
+ {164, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "ce20a7e870696a5e68533c465bad2ba1", "",
+ "155da6441ec071ef2d8e6cffbacc1c7c",
+ "4f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e2af7bfe1a8aadaa0baa3de38a"
+ "41d9713155da6441ec071ef2d8e6cffbacc1c7c",
+ false, false},
+
+ {165, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "918e3c19dbdfee2db18156c5b93f3d75", "",
+ "6c574aa6a2490cc3b2f2f8f0ffbc56c4",
+ "8316a53167b6de1a7575700693ffef274f4350565d91d9aa8c5f4048550492ad6d6fdabf6"
+ "6da5d1e6c574aa6a2490cc3b2f2f8f0ffbc56c4",
+ false, false},
+
+ {166, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "717d900b270462b9dbf7e9419e890609", "",
+ "8082a761e1d755344bf29622144e7d39",
+ "5175927513e751eb309f45bc2ef225f28316a53167b6de1a7575700693ffef274f4350565"
+ "d91d9aa8082a761e1d755344bf29622144e7d39",
+ false, false},
+
+ {167, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "ecd52120af240e9b4bf3b9d1eeb49434", "",
+ "033e0ef2953ebfd8425737c7d393f89a",
+ "36b3fbecd09178d04527fb37544f5579d20d60a41266f685c48098e1a52804ca387d90709"
+ "d3268dd033e0ef2953ebfd8425737c7d393f89a",
+ false, false},
+
+ {168, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "b37bbad104928ae89221d3520c2682e0", "",
+ "ca448bb7e52e897eca234ef343d057d0",
+ "16929b773051f12b0adac95f65e21a7f36b3fbecd09178d04527fb37544f5579d20d60a41"
+ "266f685ca448bb7e52e897eca234ef343d057d0",
+ false, false},
+
+ {169, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "538816c3f849067cf8576cd62b90b99c", "",
+ "84f49740e6757f63dd0df7cb7656d0ef",
+ "6d3faefaf691d58163846f8d4b9ffd5916929b773051f12b0adac95f65e21a7f36b3fbecd"
+ "09178d084f49740e6757f63dd0df7cb7656d0ef",
+ false, false},
+
+ {170, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "d10e631943cd3bdababab2bbd13951c0", "",
+ "877e15d9889e69a99fcc6d727465c391",
+ "d60196c2d14fcf30c0991d2721ddc52d385f407a16691dade82c9023c855fd8e2e8fbb562"
+ "102f018877e15d9889e69a99fcc6d727465c391",
+ false, false},
+
+ {171, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "8ea0f8e8e87bbfa96368d83833ab4714", "",
+ "cd5757626945976ba9f0264bd6bee894",
+ "948fbceca12a6e4fabb79b6d965e336fd60196c2d14fcf30c0991d2721ddc52d385f407a1"
+ "6691dadcd5757626945976ba9f0264bd6bee894",
+ false, false},
+
+ {172, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "7b2df4fbed1de2727eb24898e5deabb9", "",
+ "b015d72da62c81cb4d267253b20db9e5",
+ "a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d8857d84e6e183a1dea6ee85a7da8"
+ "4fbc35db015d72da62c81cb4d267253b20db9e5",
+ false, false},
+
+ {173, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "0000000000000000000000000000000000000000000000000000000000000000000000000"
+ "0000000",
+ "", "24836f0a46ab6601a760221b074cbd6d", "",
+ "ee74ccb30d649ebf6916d05a7dbe5696",
+ "5e3434b45edbf0d1f6e02d1144dbf867a1a0120660ff52e6b1700b12c54d2d33b94b00cd7"
+ "882d885ee74ccb30d649ebf6916d05a7dbe5696",
+ false, false},
+
+ {174, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "8d74f1c97243d362577ff376c393d2dc", "", "00000000000000000000000000000000",
+ "", "00000000000000000000000000000000",
+ "265c42e2b96ea1de9c24f7182e33739000000000000000000000000000000000", false,
+ false},
+
+ {175, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "884df0e76f3ce227bf9595d103825a46", "", "ffffffffffffffffffffffffffffffff",
+ "", "ffffffffffffffffffffffffffffffff",
+ "988f47668ea650cbaa6714711abe268dffffffffffffffffffffffffffffffff", false,
+ false},
+
+ {176, "b7797eb0c1a6089ad5452d81fdb14828c040ddc4589c32b565aad8cb4de3e4a0",
+ "ed", "", "0ad570d8863918fe89124e09d125a271", "",
+ "fd8f593b83314e33c5a72efbeb7095e8", "3ffd8f593b83314e33c5a72efbeb7095e8",
+ false, false},
+
+ {177, "4c010d9561c7234c308c01cea3040c925a9f324dc958ff904ae39b37e60e1e03",
+ "2a093c9ed72b8ff4994201e9f9e010", "", "2a55caa137c5b0b66cf3809eb8f730c4",
+ "", "5b8a2f2da20ef657c903da88ef5f57bb",
+ "041341078f0439e50b43c9916351175b8a2f2da20ef657c903da88ef5f57bb", false,
+ false},
+
+ {178, "e7f7a48df99edd92b81f508618aa96526b279debd9ddb292d385ddbae80b2259",
+ "5e51dbbb861b5ec60751c0996e00527f", "", "7ee376910f08f497aa6c3aa7113697fd",
+ "", "254ada5cf662d90c5e11b2bd9c4db4c4",
+ "469478d448f7e97d755541aa09ad95b0254ada5cf662d90c5e11b2bd9c4db4c4", false,
+ false},
+
+ {179, "4f84782bfbb64a973c3de3dcfa3430367fd68bc0b4c3b31e5d7c8141ba3e6a67",
+ "78cb6650a1908a842101ea85804fed00cc56fbdafafba0ef4d1ca607dcae57b6", "",
+ "5d1bde6fa0994b33efd8f23f531248a7", "", "8dfce16467c3a6ebb3e7242c9a551962",
+ "cb960201fa5ad41d41d1c2c8037c71d52b72e76b16b589d71b976627c9734c9d8dfce1646"
+ "7c3a6ebb3e7242c9a551962",
+ false, false},
+
+ {180, "34c74e28182948e03af02a01f46eb4f7", "fe82ba66cf2e265741f2c86c", "",
+ "b0a73119a97d623806b49d45ddf4c7", "", "4b6f6f5be291a90b9e93a8a82ddbc8d8",
+ "2bc3ef8e7402b4631f48e9be4b6f6f5be291a90b9e93a8a82ddbc8d8", false, false},
+
+ {181, "55cb7cac77efe18a1ea3b30c65f3f346", "2f3d11ea32bf5bc72cbe2b8d", "",
+ "e22b6b144ab26b5781316e7a42a76202ac4b2278", "",
+ "05975b175316df8045889f43e0c857e0",
+ "4fe13ef29f118f85a63188f805975b175316df8045889f43e0c857e0", false, false},
+
+ {182, "f6a4bf8c4e15034699ce5801cbbac7509cd3f94cf28d8307",
+ "de8eaa41e5e6a590c3cfbf61", "", "60d6bfca67f5d810", "",
+ "e370e7dd328655929bd4691f396a1033",
+ "a2966fb189f8d9d391503857e370e7dd328655929bd4691f396a1033", false, false},
+
+ {183, "66f75acbd8d3acf7af47d13e8384c2809d6b91503a7f294b",
+ "a900c86b6b7e0e5563f8f826", "", "edf93e16294f15eded83808f09320e", "",
+ "20529bff3c59222ec33353af337b1d40",
+ "9af1a022c61c4315aa0e923e20529bff3c59222ec33353af337b1d40", false, false},
+
+ {184, "ef2e299dd4ecd7e3b9cc62780922cc2c89f78840564d1276",
+ "03f59579b14437199583270e", "", "130c14c839e35b7d56b3350b194b0da342e6b65d",
+ "", "17205999491bd4c1d6c7ec3e56779c32",
+ "073a5291b11df379f31b4f1617205999491bd4c1d6c7ec3e56779c32", false, false},
+
+ {185, "df64c84ae52d9ca820a47421bed6e96f7165369fc4c1b65f8f6307b17ce1006c",
+ "f5fafdded54a86a4edab44bd", "", "c0c568a400b7194f", "",
+ "00955d7d27f66868cfec734bf59c5e6d",
+ "99313a220d1fcb665887628300955d7d27f66868cfec734bf59c5e6d", false, false},
+
+ {186, "e98b0669a645eb14cd06df6968fc5f10edc9f54feed264e3d410cdc61b72ef51",
+ "f384b3ed7b274641f5db60cf", "", "17ca250fb733877556263223eadde1", "",
+ "36b15bab6923b17218fe1c24048e2391",
+ "fc213602aa423b87d7c2a87436b15bab6923b17218fe1c24048e2391", false, false},
+
+ {187, "849b3e6b8cdd85bdcfb8eb701aa5522ae2340fbe5214e389622cef76979225c4",
+ "8c5564e53051c0de273199b4", "", "0f9d6ed7eef362dfa4a7dfa5c0f74c5b27bd4ebf",
+ "", "7cf036d235d3b2dd349a8c804b65144a",
+ "c1d76233e8c5042e92bf8d327cf036d235d3b2dd349a8c804b65144a", false, false},
+
+ {188, "8f3f52e3c75c58f5cb261f518f4ad30a", "", "", "", "",
+ "cf71978ffcc778f3c85ac9c31b6fe191", "cf71978ffcc778f3c85ac9c31b6fe191",
+ true, true},
+
+ {189, "2a4bf90e56b70fdd8649d775c089de3b",
+ "324ced6cd15ecc5b3741541e22c18ad9", "", "", "",
+ "a2c7e8d7a19b884f742dfec3e76c75ee",
+ "00a29f0a5e2e7490279d1faf8b881c7ba2c7e8d7a19b884f742dfec3e76c75ee", true,
+ true},
+
+ {190, "0b18d21337035c7baa08211b702fa780ac7c09be8f9ed11f", "", "", "", "",
+ "ca69a2eb3a096ea36b1015d5dffff532", "ca69a2eb3a096ea36b1015d5dffff532",
+ true, true},
+
+ {191, "ba76d594a6df915bb7ab7e6d1a8d024b2796336c1b8328a9",
+ "d62f302742d61d823ea991b93430d589", "", "", "",
+ "2c9488d53a0b2b5308c2757dfac7219f",
+ "509b0658d09f7a5bb9db43b70c8387f72c9488d53a0b2b5308c2757dfac7219f", true,
+ true},
+
+ {192, "3f8ca47b9a940582644e8ecf9c2d44e8138377a8379c5c11aafe7fec19856cf1",
+ "", "", "", "", "1726aa695fbaa21a1db88455c670a4b0",
+ "1726aa695fbaa21a1db88455c670a4b0", true, true},
+
+ {193, "7660d10966c6503903a552dde2a809ede9da490e5e5cc3e349da999671809883",
+ "c314235341debfafa1526bb61044a7f1", "", "", "",
+ "8fe0520ad744a11f0ccfd228454363fa",
+ "7772ea358901f571d3d35c19497639d98fe0520ad744a11f0ccfd228454363fa", true,
+ true},
+
+ {194, "59a284f50aedd8d3e2a91637d3815579", "", "", "80", "",
+ "af498f701d2470695f6e7c8327a2398b", "af498f701d2470695f6e7c8327a2398b",
+ false, false},
+
+ {195, "fec58aa8cf06bfe05de829f27ec77693",
+ "f2d99a9f893378e0757d27c2e3a3101b", "", "9d", "",
+ "96e6fd2cdc707e3ee0a1c90d34c9c36c",
+ "0a24612a9d1cbe967dbfe804bf8440e596e6fd2cdc707e3ee0a1c90d34c9c36c", false,
+ false},
+
+ {196, "88a972cce9eaf5a7813ce8149d0c1d0e", "", "", "0f2f", "",
+ "4ccf1efb4da05b4ae4452aea42f5424b", "4ccf1efb4da05b4ae4452aea42f5424b",
+ false, false},
+
+ {197, "b43967ee933e4632bd6562ba1201bf83",
+ "5a6ad6db70591d1e520b0122f05021a0", "", "8760", "",
+ "98f47a5279cebbcac214515710f6cd8a",
+ "ba3e7f8b2999995c7fc4006ca4f475ff98f47a5279cebbcac214515710f6cd8a", false,
+ false},
+
+ {198, "4e9a97d3ed54c7b54610793ab05052e1", "", "", "cc851957", "",
+ "e574b355bda2980e047e584feb1676ca", "e574b355bda2980e047e584feb1676ca",
+ false, false},
+
+ {199, "d83c1d7a97c43f182409a4aa5609c1b1",
+ "c8f07ba1d65554a9bd40390c30c5529c", "", "7b5faeb2", "",
+ "5c0bb79d8240041edce0f94bd4bb384f",
+ "1b84baea9df1e65bee7b49e4a8cda1ec5c0bb79d8240041edce0f94bd4bb384f", false,
+ false},
+
+ {200, "c6a705677affb49e276d9511caa46145", "", "", "4ad80c2854fb", "",
+ "1e2ed72af590cafb8647d185865f5463", "1e2ed72af590cafb8647d185865f5463",
+ false, false},
+
+ {201, "eba7699b56cc0aa2f66a2a5be9944413",
+ "d021e53d9098a2df3d6b903cdad0cd9c", "", "d1dafc8de3e3", "",
+ "9c0e22e5c41b1039ff5661ffaefa8e0f",
+ "18291aa8dc7b07448aa8f71bb8e380bf9c0e22e5c41b1039ff5661ffaefa8e0f", false,
+ false},
+
+ {202, "c70ce38e84e5f53ed41c3f0d2ca493412ad32cb04c6e2efa", "", "", "cb", "",
+ "08d96edb5e22874cd10cb2256ca04bc6", "08d96edb5e22874cd10cb2256ca04bc6",
+ false, false},
+
+ {203, "74c816b83dfd287210a3e2c6da8d3053bbfbd9b156d3fdd8",
+ "f2b7b2c9b312cf2af78f003df15c8e19", "", "0f", "",
+ "96a132ed43924e98feb888ff682bdaef",
+ "6c5e796ba9a3ddc64f401e68d135101d96a132ed43924e98feb888ff682bdaef", false,
+ false},
+
+ {204, "cbf45ba488932aea1a10e5862f92e4a7e277bda9f34af6d0", "", "", "75e5",
+ "", "1f0d23070fcd748e25bf6454f5c9136e", "1f0d23070fcd748e25bf6454f5c9136e",
+ false, false},
+
+ {205, "e1c0446f11ae6aa4fa254f9a846fc6e13e45e537e47f2042",
+ "3a2f5ad0eb216e546e0bcaa377b6cbc7", "", "8989", "",
+ "f6e0a979481f9957ddad0f21a777a73a",
+ "550b48a43e821fd76f49f0f1a897aeadf6e0a979481f9957ddad0f21a777a73a", false,
+ false},
+
+ {206, "567563bf4cf154902275a53bc57cd6dd7b370d27011bdac8", "", "",
+ "68d7fc38", "", "1475563e3212f3b5e40062569afd71e3",
+ "1475563e3212f3b5e40062569afd71e3", false, false},
+
+ {207, "834d0bb601170865a78139428a1503695a6a291ebd747cd1",
+ "6f79e18b4acd5a03d3a5f7e1a8d0f183", "", "bb9d2aa3", "",
+ "03ab26993b701910a2e8ecccd2ba9e52",
+ "309133e76159fe8a41b20843486511ab03ab26993b701910a2e8ecccd2ba9e52", false,
+ false},
+
+ {208, "99fb18f5ba430bb9ea942968ecb799b43406e1af4b6425a1", "", "",
+ "a984bdcdcae2", "", "d7b9a6b58a97982916e83219fbf71b1e",
+ "d7b9a6b58a97982916e83219fbf71b1e", false, false},
+
+ {209, "b77b242aa0d51c92fda013e0cb0ef2437399ace5d3f507e4",
+ "4ba541a9914729216153801340ab1779", "", "52aa01e0d0d6", "",
+ "c052a55df3926a50990a532efe3d80ec",
+ "e08261e46eaf90d978ea8f7889bccd4fc052a55df3926a50990a532efe3d80ec", false,
+ false},
+
+ {210, "8f9a38c1014966e4d9ae736139c5e79b99345874f42d4c7d2c81aa6797c417c0",
+ "", "", "a9", "", "2a268bf3a75fd7b00ba230b904bbb014",
+ "2a268bf3a75fd7b00ba230b904bbb014", false, false},
+
+ {211, "144cd8279229e8bb2de99d24e615306663913fe9177fcd270fafec493d43bca1",
+ "976229f5538f9636476d69f0c328e29d", "", "b3", "",
+ "8bbad4adc54b37a2b2f0f6e8617548c9",
+ "7bea30ecc2f73f8e121263b37966954c8bbad4adc54b37a2b2f0f6e8617548c9", false,
+ false},
+
+ {212, "7d31861f9d3536e14016a3216b1042e0d2f7d4614314268b6f834ec7f38bbb65",
+ "", "", "c332", "", "1d978a693120c11f6d51a3ed88cd4ace",
+ "1d978a693120c11f6d51a3ed88cd4ace", false, false},
+
+ {213, "22b35fe9623ee11f8b60b6d22db3765b666ed972fa7ccd92b45f22deee02cab1",
+ "5341c78e4ce5bf8fbc3e077d1990dd5d", "", "da6c", "",
+ "b63ff43c12073ec5572b1be70f17e231",
+ "9c39f5b110361e9a770cc5e8b0f444bbb63ff43c12073ec5572b1be70f17e231", false,
+ false},
+
+ {214, "c224e0bba3d7a99165f7996b67a0fce3e12f2c01179b197b69b7e628bca92096",
+ "", "", "6b30145e", "", "ae6f7c9a29f0d8204ca50b14a1e0dcf2",
+ "ae6f7c9a29f0d8204ca50b14a1e0dcf2", false, false},
+
+ {215, "093eb12343537ee8e91c1f715b862603f8daf9d4e1d7d67212a9d68e5aac9358",
+ "33efb58c91e8c70271870ec00fe2e202", "", "5110604c", "",
+ "b824c33c13f289429659aa017c632f71",
+ "f73f72f976a296ba3ca94bc6eb08cd46b824c33c13f289429659aa017c632f71", false,
+ false},
+
+ {216, "98e6f8ab673e804e865e32403a6551bf807a959343c60d34559360bc295ecb5b",
+ "", "", "d4d857510888", "", "3db16725fafc828d414ab61c16a6c38f",
+ "3db16725fafc828d414ab61c16a6c38f", false, false},
+
+ {217, "0bd0e8e7781166e1d876dec8fad34ba95b032a27cac0551595116091005947b7",
+ "91222263b12cf5616a049cbe29ab9b5b", "", "1bdcd44b663e", "",
+ "c8fc39906aca0c64e14a43ff750abd8a",
+ "ed463f4f43336af3f4d7e08770201145c8fc39906aca0c64e14a43ff750abd8a", false,
+ false}};
+
+#endif // gcm_vectors_h__
diff --git a/security/nss/gtests/common/testvectors/kw-vectors.h b/security/nss/gtests/common/testvectors/kw-vectors.h
new file mode 100644
index 000000000..38e641a30
--- /dev/null
+++ b/security/nss/gtests/common/testvectors/kw-vectors.h
@@ -0,0 +1,1940 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef kw_vectors_h__
+#define kw_vectors_h__
+
+#include <string>
+#include <vector>
+#include <map>
+
+/* The result struct adds some granularity to what we are testing.
+ * With the single "valid" boolean, we don't know whether the function under
+ * test itself is expected to fail (i.e. return SECFailure), or if we simply
+ * expect the output to differ from what's in the test vector. Therefore,
+ * each vector contains a map of Actions (i.e. NSS capabilities that we wish to
+ * test) mapping to expected Result values (both in terms of return code as
+ * well as whether or not the output should match the test vector).
+ *
+ * - If |output_match| is true, the function under test MUST return the same
+ * data (length and contents).
+ * - If |output_match| is false, the function under test MUST NOT return the
+ * same data (length or contents must be different).
+ */
+
+typedef struct Result {
+ SECStatus expect_rv;
+ bool output_match;
+} Result;
+
+enum Action { WRAP, UNWRAP };
+
+typedef struct keywrap_vector {
+ uint32_t test_id;
+ std::vector<uint8_t> key;
+ std::vector<uint8_t> msg;
+ std::vector<uint8_t> ct;
+ std::map<Action, Result> tests;
+} keywrap_vector;
+
+const keywrap_vector kWycheproofAesKWVectors[] = {
+ {1,
+ {0x6f, 0x67, 0x48, 0x6d, 0x1e, 0x91, 0x44, 0x19, 0xcb, 0x43, 0xc2, 0x85,
+ 0x09, 0xc7, 0xc1, 0xea},
+ {0x8d, 0xc0, 0x63, 0x2d, 0x92, 0xee, 0x0b, 0xe4, 0xf7, 0x40, 0x02, 0x84,
+ 0x10, 0xb0, 0x82, 0x70},
+ {0x9d, 0xe4, 0x53, 0xce, 0xd5, 0xd4, 0xab, 0x46, 0xa5, 0x60, 0x17, 0x08,
+ 0xee, 0xef, 0xef, 0xb5, 0xe5, 0x93, 0xe6, 0xae, 0x8e, 0x86, 0xb2, 0x6b},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {2,
+ {0xa0, 0xb1, 0x71, 0x72, 0xbb, 0x29, 0x6d, 0xb7, 0xf5, 0xc8, 0x69, 0xe9,
+ 0xa3, 0x6b, 0x5c, 0xe3},
+ {0x61, 0x5d, 0xd0, 0x22, 0xd6, 0x07, 0xc9, 0x10, 0xf2, 0x01, 0x78, 0xcb,
+ 0xdf, 0x42, 0x06, 0x0f},
+ {0x8c, 0x3a, 0xba, 0x85, 0xcc, 0x0a, 0xe1, 0xae, 0x10, 0xb3, 0x66, 0x58,
+ 0xb0, 0x68, 0xf5, 0x95, 0xba, 0xf8, 0xca, 0xaf, 0xb7, 0x45, 0xef, 0x3c},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {3,
+ {0x0e, 0x49, 0xd5, 0x71, 0xc1, 0x9b, 0x52, 0x50, 0xef, 0xfd, 0x41, 0xd9,
+ 0x4b, 0xde, 0x39, 0xd6},
+ {0xf2, 0x5e, 0x4d, 0xe8, 0xca, 0xca, 0x36, 0x3f, 0xd5, 0xf2, 0x94, 0x42,
+ 0xeb, 0x14, 0x7b, 0x55},
+ {0x1d, 0xe0, 0x93, 0x65, 0x48, 0x26, 0xf1, 0x8f, 0xcd, 0x0f, 0x3f, 0xd4,
+ 0x99, 0x41, 0x6f, 0xf2, 0x2e, 0xd7, 0x5e, 0xe1, 0x2f, 0xe0, 0xb6, 0x24},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {4, // wrapped key is longer than wrapping key
+ {0xe0, 0xe1, 0x29, 0x59, 0x10, 0x91, 0x03, 0xe3, 0x0a, 0xe8, 0xb5, 0x68,
+ 0x4a, 0x22, 0xe6, 0x62},
+ {0xdb, 0xb0, 0xf2, 0xbb, 0x2b, 0xe9, 0x12, 0xa2, 0x04, 0x30, 0x97, 0x2d,
+ 0x98, 0x42, 0xce, 0x3f, 0xd3, 0xb9, 0x28, 0xe5, 0x73, 0xe1, 0xac, 0x8e},
+ {0x9c, 0x3d, 0xdc, 0x23, 0x82, 0x7b, 0x7b, 0x3c, 0x13, 0x10, 0x5f,
+ 0x9e, 0x8b, 0x11, 0x52, 0x3b, 0xac, 0xcd, 0xfb, 0x6c, 0x8b, 0x7e,
+ 0x78, 0x25, 0x49, 0x6e, 0x7a, 0x84, 0x0b, 0xd3, 0x2a, 0xec},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {5, // wrapped key is longer than wrapping key
+ {0xdd, 0x58, 0x3d, 0x9f, 0x10, 0x59, 0x86, 0x14, 0x30, 0xec, 0x8b, 0x5d,
+ 0x8a, 0x18, 0x0e, 0x9b},
+ {0xf2, 0xe3, 0x4f, 0x35, 0x63, 0x62, 0xa3, 0x1b, 0x51, 0xd6, 0xe0, 0x2b,
+ 0xcd, 0x33, 0x3c, 0x9e, 0x61, 0x70, 0x49, 0x4c, 0xa5, 0xff, 0x54, 0x87},
+ {0xaf, 0xb7, 0x44, 0xaa, 0xf7, 0x46, 0xdc, 0xc0, 0xb5, 0x7f, 0x8b,
+ 0x37, 0x8c, 0x40, 0x4c, 0xbe, 0x87, 0x7f, 0x44, 0xcf, 0x3d, 0x45,
+ 0x14, 0x0d, 0x60, 0x81, 0x4e, 0xda, 0x3f, 0x54, 0x1f, 0x01},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {6, // wrapped key is longer than wrapping key
+ {0xfa, 0xf5, 0xcc, 0xfa, 0xe4, 0x2b, 0x43, 0xce, 0xe2, 0xc5, 0xf0, 0xf3,
+ 0x17, 0x7a, 0x7c, 0x5d},
+ {0x4e, 0x02, 0x08, 0x48, 0x33, 0x66, 0x0c, 0x46, 0x38, 0x30, 0x48, 0x3b,
+ 0x36, 0xda, 0xb8, 0x66, 0xc6, 0x4c, 0x8c, 0xf7, 0x42, 0x9c, 0xac, 0x3d},
+ {0xcf, 0xf9, 0x8c, 0xd6, 0x4c, 0xb5, 0x1a, 0xb9, 0x9b, 0x81, 0xae,
+ 0xe8, 0x2c, 0xee, 0x42, 0x74, 0xd0, 0xdf, 0x3e, 0x1b, 0x6a, 0x49,
+ 0x43, 0xd3, 0x92, 0x36, 0xea, 0x98, 0x98, 0x46, 0xd0, 0xcc},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {7, // wrapped key is longer than wrapping key
+ {0xc2, 0xb9, 0xd2, 0x3f, 0x28, 0x31, 0xdd, 0xcd, 0xeb, 0x45, 0x68, 0x53,
+ 0xd4, 0x01, 0x4d, 0xb9},
+ {0xf4, 0xcf, 0xea, 0x98, 0xe5, 0x8b, 0x93, 0x9c, 0xc8, 0x59, 0x55,
+ 0x43, 0x85, 0xcf, 0x3a, 0x6c, 0x7f, 0x82, 0x17, 0xf7, 0x28, 0xef,
+ 0xb4, 0x31, 0xc9, 0x64, 0x78, 0x6d, 0xe8, 0x27, 0x49, 0x07},
+ {0x58, 0xdc, 0xfb, 0x0e, 0x7e, 0xc4, 0xd3, 0xbc, 0x80, 0x03,
+ 0x41, 0x8d, 0x86, 0x5f, 0xbd, 0x52, 0x0c, 0x6b, 0x24, 0xb2,
+ 0xbd, 0xe3, 0x5b, 0x1b, 0xe5, 0xb1, 0xc5, 0xff, 0x32, 0xa1,
+ 0x30, 0xf3, 0x3d, 0x03, 0x5e, 0x59, 0x32, 0x61, 0x60, 0x83},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {8, // wrapped key is longer than wrapping key
+ {0x62, 0x0a, 0x08, 0xf3, 0x20, 0xcd, 0xed, 0xbf, 0x7a, 0xe5, 0x51, 0xad,
+ 0xd3, 0x48, 0xd9, 0x5e},
+ {0xce, 0xc3, 0x4e, 0xaf, 0x8e, 0x67, 0xe1, 0xce, 0x61, 0x9d, 0xdf,
+ 0xc3, 0x09, 0x53, 0x1c, 0x42, 0xf1, 0x60, 0x33, 0xa7, 0xe2, 0xcb,
+ 0xc4, 0xf5, 0xeb, 0x3a, 0x54, 0x81, 0x64, 0xe9, 0xb2, 0x91},
+ {0x4e, 0xe4, 0x7b, 0xd6, 0x8d, 0x41, 0x85, 0x86, 0xc4, 0x47,
+ 0xa3, 0x91, 0x11, 0xe2, 0xec, 0x15, 0x02, 0xff, 0x0f, 0x17,
+ 0x26, 0xea, 0x91, 0xc5, 0xd9, 0x73, 0x70, 0x40, 0x9d, 0x89,
+ 0xb8, 0xe6, 0x6e, 0x88, 0x9b, 0x63, 0x8a, 0xc4, 0x0c, 0xed},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {9, // wrapped key is longer than wrapping key
+ {0xed, 0x08, 0x9a, 0xc2, 0x74, 0xf8, 0xc7, 0xce, 0xa2, 0x41, 0x56, 0x71,
+ 0xa9, 0x4b, 0x5e, 0x53},
+ {0x60, 0x65, 0xe4, 0x1d, 0xf1, 0x4d, 0xae, 0xee, 0xfa, 0xca, 0xc5,
+ 0xda, 0xeb, 0x76, 0x74, 0xcd, 0xc9, 0xc1, 0xf6, 0x86, 0x01, 0x3b,
+ 0x79, 0x71, 0x53, 0xe8, 0x0e, 0xf2, 0x15, 0x89, 0x32, 0x99},
+ {0xd3, 0xb0, 0x93, 0xfd, 0x82, 0x2c, 0xe4, 0x54, 0xeb, 0xc2,
+ 0x51, 0xc6, 0xf2, 0x1f, 0xa7, 0x1c, 0x38, 0x58, 0xee, 0x7e,
+ 0x62, 0x3e, 0xcb, 0xfb, 0xbf, 0x88, 0x73, 0x98, 0xa3, 0x0b,
+ 0x40, 0xc5, 0x5d, 0x05, 0x65, 0xc7, 0xa1, 0x5e, 0x40, 0x15},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {10, // Round counter overflows 256
+ {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c,
+ 0x50, 0x48, 0xfe, 0x0c},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x22, 0x2d, 0xea, 0xdd, 0xe6, 0xef, 0xb7, 0x60, 0xca, 0xe4, 0x2f, 0xa1,
+ 0x88, 0x31, 0x0e, 0x0c, 0x07, 0xe7, 0xd5, 0x57, 0x52, 0x97, 0x66, 0x44,
+ 0x4a, 0x9e, 0xfb, 0x33, 0x09, 0x07, 0xd4, 0x2f, 0x0d, 0xd8, 0xf3, 0xd1,
+ 0x7b, 0x3a, 0x38, 0xbf, 0x40, 0xd6, 0x8c, 0x09, 0x5a, 0x9c, 0xce, 0x19,
+ 0xda, 0xf9, 0x07, 0xbf, 0x2c, 0x92, 0xf1, 0xe5, 0x9b, 0x18, 0xb2, 0x77,
+ 0xff, 0x03, 0x97, 0xfc, 0x50, 0xf4, 0x5f, 0x58, 0x2d, 0xb9, 0x36, 0xaa,
+ 0x8a, 0xfb, 0x94, 0x3d, 0xe0, 0x1b, 0x58, 0xab, 0xfd, 0xc8, 0x1d, 0xae,
+ 0xf4, 0xe0, 0x38, 0xc9, 0x9e, 0x4c, 0x1e, 0xb3, 0xee, 0x44, 0x74, 0x64,
+ 0xbb, 0x8f, 0x89, 0xa4, 0xea, 0x81, 0xe5, 0x65, 0x56, 0xcc, 0x26, 0xc7,
+ 0x28, 0x83, 0xc0, 0x6a, 0x7f, 0xe8, 0x50, 0xd0, 0x43, 0x47, 0xd6, 0x8b,
+ 0xba, 0xdc, 0x4a, 0x06, 0x77, 0x50, 0x30, 0x67, 0x6d, 0xb8, 0xcc, 0x34,
+ 0xae, 0xb0, 0x7e, 0x39, 0xc7, 0xf0, 0x59, 0xc2, 0xbf, 0xf7, 0x6a, 0x7f,
+ 0x2b, 0xaf, 0x07, 0x67, 0x49, 0x00, 0x4e, 0xf7, 0x18, 0x9f, 0x88, 0x7f,
+ 0x89, 0x02, 0x9f, 0x88, 0xc5, 0xc1, 0xd0, 0xf5, 0xee, 0x62, 0x32, 0x0b,
+ 0x42, 0x30, 0x48, 0xe2, 0xad, 0x81, 0x86, 0xe6, 0x3b, 0xe2, 0x3c, 0x55,
+ 0x3f, 0x55, 0x76, 0xa4, 0x0d, 0x96, 0x7e, 0x8b, 0x52, 0x7c, 0xcd, 0x78,
+ 0x3c, 0x41, 0xab, 0xc6, 0x4b, 0xea, 0x1a, 0xec, 0x8a, 0x76, 0xde, 0xb3,
+ 0xe9, 0xc9, 0xa6, 0x65, 0x67, 0x56, 0xe1, 0xda, 0xc3, 0x8b, 0xd2, 0x5f,
+ 0xf0, 0x08, 0x88, 0x8a, 0x55, 0x91, 0xaf, 0x76, 0x3f, 0xd7, 0x3f, 0x5a,
+ 0xdd, 0xd7, 0x49, 0x79, 0x48, 0x17, 0x07, 0x09, 0x90, 0x48, 0x46, 0x54,
+ 0xa4, 0x6e, 0xf4, 0x42, 0xad, 0xae, 0xac, 0xab, 0x14, 0xd1, 0x2d, 0xaa,
+ 0xf8, 0x7b, 0xcb, 0x91, 0x66, 0x1a, 0x21, 0x59, 0x37, 0x17, 0xd9, 0xb9,
+ 0x35, 0x29, 0xd8, 0x13, 0xea, 0x5f, 0xc8, 0x12, 0xd7, 0x08, 0xc0, 0xd8,
+ 0xe9, 0xb6, 0x81, 0x22, 0xd9, 0xf5, 0xe6, 0x26, 0x7c, 0xde, 0x36, 0x37,
+ 0x80, 0xa4, 0x5d, 0x07, 0xe4, 0xca, 0xa5, 0xbf, 0x14, 0xf2, 0x33, 0x4f,
+ 0x25, 0xb9, 0xd1, 0x77, 0x63, 0x2b, 0xb8, 0x0a, 0x82, 0x89, 0x4a, 0xa4,
+ 0x7b, 0x6f, 0x36, 0x0b, 0x2d, 0xa1, 0x13, 0x8d, 0xed, 0xd4, 0x33, 0x1f,
+ 0x07, 0x7c, 0x90, 0x05, 0x54, 0xc7, 0xa6, 0x8b, 0x5d, 0x15, 0x49, 0x80,
+ 0xbb, 0x35, 0x17, 0xac, 0x20, 0xa7, 0x8a, 0x51, 0xf6, 0xf2, 0x1e, 0x42,
+ 0xb2, 0xc4, 0xc9, 0x60, 0xd3, 0x1c, 0xbd, 0x22, 0xbd, 0x61, 0x08, 0x19,
+ 0x18, 0x2c, 0x5e, 0x45, 0x6b, 0xa7, 0xd7, 0xe9, 0x03, 0xf5, 0xe6, 0x0f,
+ 0x6e, 0x0c, 0x4c, 0xc0, 0x14, 0xfe, 0xb4, 0xf8, 0x19, 0x73, 0xce, 0x48,
+ 0xad, 0x6f, 0x4d, 0xab, 0x8d, 0xa5, 0x1e, 0xb7},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {11, // empty keys cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {},
+ {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {12, // keys of size 8 byte cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
+ {0xdc, 0x26, 0xfb, 0x69, 0x11, 0xd7, 0x19, 0x71, 0xdf, 0x03, 0x56, 0xd6,
+ 0xbb, 0x9e, 0xd6, 0xe6},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {13, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {14, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {15, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {16, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {17, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03, 0x04},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {18, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {},
+ {{Action::WRAP, {SECFailure, false}}}},
+
+ {19, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {20, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {21, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {22, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0x9f},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {23, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0xdc, 0x9e, 0x95, 0x80},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {24, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {25, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
+ 0x91, 0xca, 0x6b},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {26, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
+ 0x31, 0x33, 0x8f, 0x33, 0xae},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {27, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {},
+ {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
+ 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {28, // bytes appended to wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6, 0x76, 0x4e, 0x01,
+ 0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b, 0xed, 0x26, 0x33, 0xae, 0xa6, 0x65},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {28, // Bytes appended to wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6,
+ 0x76, 0x4e, 0x01, 0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b,
+ 0xed, 0x26, 0x33, 0xae, 0xa6, 0x65, 0x00},
+ {{Action::UNWRAP, {SECFailure, false}}}},
+
+ {29, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x0a, 0xac, 0x32, 0x9c, 0xcd, 0x51, 0x3e, 0xdb, 0xdd, 0x63, 0x67, 0xdf,
+ 0x67, 0x99, 0x9e, 0xaa, 0xc9, 0xe7, 0xb5, 0x19, 0x84, 0xc4, 0xd3, 0x8d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {30, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x5a, 0x55, 0xdc, 0x42, 0x97, 0x49, 0xca, 0x49, 0xbb, 0x4a, 0xb0, 0x1d,
+ 0x96, 0x6b, 0x19, 0xea, 0x9a, 0x9e, 0x14, 0x02, 0xe6, 0xab, 0x29, 0x62},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {31, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x45, 0xf5, 0x33, 0xf6, 0x07, 0x2f, 0x64, 0x0e, 0xb7, 0xe1, 0xe5, 0x12,
+ 0xd5, 0x60, 0x72, 0x08, 0x55, 0x67, 0xf4, 0xad, 0x60, 0x12, 0xa9, 0x7a},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {32, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x84, 0xf2, 0x84, 0x56, 0x5d, 0xf4, 0x7c, 0x40, 0x91, 0x07, 0xf7, 0xa0,
+ 0xa7, 0x1b, 0xc3, 0x70, 0xa8, 0xed, 0x44, 0x89, 0xd4, 0x14, 0xb9, 0xe9},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {33, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x39, 0x41, 0xc3, 0x66, 0x55, 0x4f, 0xc8, 0x96, 0xe9, 0xfe, 0x52, 0xf0,
+ 0x24, 0x93, 0xca, 0x03, 0xd4, 0x39, 0xeb, 0x17, 0xc2, 0x36, 0x14, 0x6d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {34, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x45, 0xc9, 0xd4, 0x23, 0x63, 0xd9, 0x81, 0xd0, 0x86, 0xa9, 0x72, 0x72,
+ 0x8e, 0x13, 0x0a, 0x42, 0xf5, 0xdd, 0x90, 0xbd, 0xa5, 0x62, 0xa8, 0x5a},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {35, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x03, 0x7d, 0x17, 0x85, 0x95, 0x19, 0xd6, 0xc0, 0x72, 0x8a, 0x9e, 0xb6,
+ 0xe6, 0x41, 0x13, 0xe8, 0x69, 0x19, 0xde, 0xca, 0xbd, 0x3b, 0xbb, 0x88},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {36, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x1a, 0xd1, 0x0a, 0xf7, 0xf6, 0xc0, 0x42, 0xb2, 0x67, 0xa0, 0xc7, 0xbc,
+ 0x4d, 0x25, 0xd2, 0x7c, 0x00, 0x3d, 0xeb, 0x50, 0xe2, 0xcc, 0x56, 0x6a},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {37, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x63, 0x0c, 0x57, 0x1b, 0x7f, 0xb8, 0x64, 0x7a, 0xc5, 0x36, 0x0a, 0x25,
+ 0x5f, 0x9f, 0x5d, 0x36, 0x45, 0x79, 0x5a, 0xc4, 0x52, 0x85, 0xcb, 0xaa},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {38, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x16, 0xdb, 0x55, 0x3e, 0x46, 0x7d, 0x40, 0x29, 0xd0, 0xfe, 0xa6, 0x2b,
+ 0x2c, 0x44, 0x0e, 0x5d, 0xf6, 0xc6, 0x59, 0x1f, 0x04, 0x97, 0xa9, 0x9d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {39, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x09, 0x79, 0x91, 0x09, 0x0a, 0x15, 0x60, 0x47, 0xd4, 0x78, 0x4b, 0x75,
+ 0x7f, 0x26, 0x2e, 0x12, 0xce, 0x57, 0xe1, 0x3a, 0x3d, 0x5d, 0x28, 0x6c},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {40, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x39, 0x57, 0xc3, 0x38, 0xb7, 0x50, 0xa3, 0x28, 0x5e, 0xb7, 0xb6, 0x5c,
+ 0x9c, 0xfe, 0x77, 0x05, 0x3d, 0xd7, 0xd8, 0x14, 0x9f, 0x42, 0xca, 0xa1},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {41, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
+ 0xcc, 0xdd, 0xee, 0xff},
+ {0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, 0xae, 0xf3, 0x4b, 0xd8,
+ 0xfb, 0x5a, 0x7b, 0x82, 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {42,
+ {0xf7, 0x5a, 0x2f, 0x49, 0xa6, 0x30, 0xc7, 0xdc, 0x91, 0x62, 0x6b, 0x00,
+ 0xce, 0x02, 0x9f, 0x0b, 0xd2, 0x98, 0x1d, 0x7c, 0x74, 0xa9, 0x3e, 0xbe},
+ {0x9a, 0xdb, 0xc0, 0x0c, 0x71, 0x0b, 0x11, 0x01, 0xbd, 0xf6, 0xa4, 0xed,
+ 0x65, 0xb3, 0x2d, 0x72},
+ {0x00, 0xbe, 0x1c, 0xad, 0xdf, 0xd5, 0xad, 0x76, 0x97, 0x87, 0x70, 0x17,
+ 0x79, 0x5f, 0x9c, 0xee, 0x4b, 0xce, 0x5a, 0x61, 0x68, 0x7a, 0x61, 0x26},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {43,
+ {0xb7, 0x13, 0xf6, 0xb7, 0x81, 0x4f, 0x98, 0x89, 0x4d, 0x7b, 0x15, 0x39,
+ 0x74, 0x68, 0x43, 0x59, 0xf1, 0x46, 0x02, 0x13, 0xeb, 0x74, 0xbe, 0x68},
+ {0x78, 0x58, 0x5f, 0x0c, 0x49, 0x92, 0x2e, 0x82, 0xca, 0xf1, 0x7e, 0xbc,
+ 0x37, 0x21, 0xb4, 0xdb},
+ {0x54, 0xe7, 0xf2, 0x78, 0xb5, 0xa1, 0xfb, 0x4c, 0x31, 0xa0, 0xd7, 0x9a,
+ 0xc1, 0xf6, 0x15, 0xed, 0xd9, 0x10, 0xbf, 0x22, 0x01, 0x5a, 0x06, 0x68},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {44,
+ {0x13, 0xec, 0xf4, 0x23, 0x21, 0x1c, 0xaa, 0x33, 0x4b, 0xa6, 0xdb, 0x37,
+ 0x25, 0x9a, 0x53, 0x5c, 0x20, 0xde, 0x8a, 0xd1, 0x0f, 0xc8, 0xc4, 0x32},
+ {0x4f, 0xc7, 0x5d, 0x0f, 0x22, 0x1e, 0x22, 0x40, 0x8a, 0x37, 0xe1, 0x12,
+ 0x65, 0xd4, 0x9a, 0x05},
+ {0x51, 0x04, 0x55, 0xbd, 0x9c, 0x07, 0x8a, 0xc1, 0xf0, 0x7b, 0xb3, 0x75,
+ 0x2c, 0xbd, 0x04, 0xe4, 0x21, 0xb0, 0xdd, 0x63, 0x51, 0x90, 0xfa, 0x62},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {45,
+ {0x44, 0x17, 0xfb, 0xbe, 0xa5, 0x1b, 0xdd, 0x91, 0x81, 0x8d, 0x74, 0x05,
+ 0x19, 0x57, 0xdd, 0x70, 0xe1, 0x35, 0xc5, 0xcf, 0x37, 0x32, 0xbd, 0xf1},
+ {0xf5, 0x35, 0x7d, 0xa9, 0xf8, 0xfd, 0x4a, 0x11, 0x90, 0xf3, 0x6e, 0x9f,
+ 0xa0, 0x9a, 0x90, 0xfc, 0xf1, 0x4d, 0x87, 0xd6, 0x23, 0x32, 0xf1, 0xa5},
+ {0x88, 0x0d, 0xa5, 0xb4, 0x10, 0xf9, 0x13, 0xad, 0x72, 0xcc, 0x93,
+ 0xf4, 0x63, 0x44, 0xf1, 0x15, 0x21, 0x65, 0xbd, 0xea, 0x14, 0x66,
+ 0x4f, 0xd2, 0xd3, 0xaf, 0xbd, 0x87, 0xb8, 0xcc, 0x5c, 0xfd},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {46,
+ {0xb3, 0xf2, 0x6d, 0x8a, 0x22, 0xfd, 0xd6, 0x1f, 0x70, 0x98, 0x41, 0x23,
+ 0x1f, 0xbd, 0xe6, 0x95, 0xb3, 0xf2, 0x8d, 0xdd, 0xce, 0xd6, 0xd4, 0x1e},
+ {0x0d, 0x0a, 0xf9, 0x55, 0xd2, 0xe3, 0x82, 0x9c, 0xc3, 0xd6, 0x43, 0x21,
+ 0x9b, 0x30, 0x1e, 0x64, 0xe0, 0x51, 0x0d, 0xfb, 0xc4, 0x28, 0x11, 0x9a},
+ {0x27, 0x65, 0x4c, 0xf6, 0xa6, 0x3d, 0x60, 0x04, 0xae, 0x83, 0xda,
+ 0x54, 0xc2, 0xe5, 0xd7, 0xb5, 0xfa, 0xd2, 0x08, 0x78, 0xf3, 0x50,
+ 0x08, 0x7d, 0xdd, 0x17, 0xac, 0x44, 0xa2, 0xbe, 0x86, 0x8f},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {47,
+ {0xf7, 0x0c, 0xfb, 0x26, 0x2c, 0x72, 0x9a, 0x18, 0x20, 0x6c, 0x8a, 0xfd,
+ 0x74, 0x35, 0x6e, 0xc7, 0xe0, 0x49, 0xd1, 0x0b, 0x44, 0xa6, 0xe0, 0x00},
+ {0x24, 0x1c, 0xed, 0xfa, 0x64, 0xc4, 0xe7, 0xbe, 0xc5, 0x41, 0xa2, 0xeb,
+ 0x4c, 0x36, 0x82, 0x69, 0xe0, 0xf0, 0xdd, 0xeb, 0xc5, 0x82, 0x67, 0xea},
+ {0xad, 0x7c, 0xa6, 0x6a, 0xd4, 0x66, 0x4f, 0x43, 0xe4, 0xdd, 0x09,
+ 0x29, 0x6a, 0x6e, 0x6f, 0x02, 0xd5, 0xaf, 0x44, 0x08, 0xf2, 0x25,
+ 0xc0, 0xab, 0xeb, 0x0d, 0x9b, 0x76, 0xc8, 0xd1, 0xe9, 0x82},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {48, // wrapped key is longer than wrapping key
+ {0x16, 0x39, 0xf9, 0xf8, 0x1e, 0x53, 0xe2, 0xee, 0xb6, 0x77, 0xa2, 0x49,
+ 0xe5, 0xec, 0xed, 0x3a, 0xf1, 0x08, 0x97, 0x13, 0x01, 0x60, 0x1a, 0x7b},
+ {0xec, 0x3c, 0x6a, 0x1f, 0x1a, 0x95, 0x85, 0x32, 0x7f, 0xe6, 0x58,
+ 0x49, 0x0c, 0x74, 0x63, 0x5e, 0x53, 0x00, 0x87, 0x6d, 0xa5, 0x84,
+ 0x6a, 0x62, 0x93, 0x98, 0x98, 0x4f, 0xb5, 0x51, 0xd6, 0x91},
+ {0xe2, 0x45, 0xc9, 0x0a, 0x6b, 0x46, 0xca, 0xec, 0xe9, 0x4f,
+ 0x47, 0x11, 0x7d, 0x60, 0x83, 0x31, 0x95, 0x8c, 0x8f, 0x75,
+ 0xf5, 0x31, 0xeb, 0xcd, 0xc9, 0x02, 0xc0, 0x21, 0x3d, 0x91,
+ 0x05, 0xf2, 0x15, 0x5a, 0xf0, 0x7d, 0xaa, 0x62, 0xd1, 0x32},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {49, // wrapped key is longer than wrapping key
+ {0x1f, 0x22, 0xd5, 0x65, 0x8a, 0xa6, 0x85, 0xb8, 0xba, 0x86, 0x59, 0xdc,
+ 0x34, 0x28, 0x80, 0xd5, 0xb2, 0x39, 0x9e, 0x6a, 0x81, 0x50, 0x05, 0xb0},
+ {0x50, 0xbe, 0x4c, 0x1b, 0x2f, 0x29, 0xa6, 0x3f, 0x44, 0xd7, 0xfc,
+ 0x63, 0x73, 0x7f, 0x60, 0x0f, 0x01, 0x94, 0xea, 0x3f, 0xb3, 0x6e,
+ 0x17, 0x3d, 0x2d, 0xdd, 0x19, 0xf2, 0x18, 0x65, 0x63, 0x80},
+ {0x8a, 0x32, 0xb9, 0xf2, 0x07, 0xae, 0x5a, 0xae, 0xdb, 0x7e,
+ 0x8a, 0x0d, 0x94, 0x51, 0x07, 0x41, 0x2c, 0x1b, 0xd0, 0x69,
+ 0x99, 0xbc, 0x5a, 0xc8, 0x3c, 0x1f, 0x95, 0x8d, 0xfb, 0x77,
+ 0xeb, 0xdc, 0xf9, 0xd9, 0x8c, 0x60, 0xdb, 0xd4, 0x65, 0x0a},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {50, // wrapped key is longer than wrapping key
+ {0x3a, 0x2f, 0x4a, 0xa5, 0x04, 0x41, 0x95, 0x4b, 0xba, 0x5a, 0x18, 0x36,
+ 0x29, 0x4c, 0xe0, 0x71, 0xf9, 0x29, 0x6b, 0x23, 0xdb, 0xed, 0x67, 0x71},
+ {0x65, 0xda, 0x02, 0xff, 0x21, 0xb4, 0x83, 0xa1, 0xe3, 0x95, 0x75,
+ 0x49, 0x0b, 0x43, 0x19, 0xe8, 0x4a, 0xe0, 0x29, 0x9f, 0x1f, 0x00,
+ 0xb3, 0x85, 0x9f, 0xbe, 0x2e, 0x74, 0xb3, 0xec, 0x2a, 0xaf},
+ {0x4a, 0x58, 0x42, 0xb1, 0x0d, 0x2d, 0xb9, 0x6e, 0xa1, 0x03,
+ 0x9e, 0xf4, 0x78, 0x5c, 0xe7, 0x22, 0x55, 0x5b, 0x37, 0x51,
+ 0xa9, 0xb6, 0xdd, 0x39, 0x12, 0x6a, 0xd3, 0x63, 0x37, 0x8c,
+ 0x72, 0x32, 0x0d, 0x83, 0xea, 0x7a, 0xdb, 0x81, 0x61, 0x5a},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {51, // Round counter overflows 256
+ {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c,
+ 0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6, 0x35, 0x02},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xe2, 0x19, 0x25, 0x98, 0xe6, 0x12, 0x4f, 0x27, 0x91, 0xb2, 0x75, 0x1f,
+ 0x93, 0x09, 0x58, 0x43, 0x5b, 0xb1, 0xd0, 0x2e, 0x98, 0xaa, 0x1e, 0x09,
+ 0x78, 0x1b, 0xba, 0x0b, 0x15, 0x94, 0x35, 0xdb, 0x65, 0x9f, 0xa7, 0x3f,
+ 0xa3, 0x10, 0x11, 0x17, 0x04, 0x69, 0x2c, 0x68, 0xe1, 0x6d, 0xdf, 0x4b,
+ 0xe0, 0x60, 0x22, 0xc5, 0x2f, 0xe9, 0xdb, 0xa6, 0x27, 0x9a, 0xad, 0x1a,
+ 0xeb, 0x81, 0x41, 0x25, 0xd0, 0xdd, 0xf3, 0x3f, 0x31, 0xe5, 0x8e, 0x62,
+ 0x5a, 0xf3, 0x23, 0x05, 0x05, 0x0c, 0xfe, 0xa3, 0x90, 0xd8, 0x78, 0x2d,
+ 0x32, 0xca, 0xac, 0x55, 0x88, 0x89, 0xca, 0x8e, 0x64, 0x19, 0x08, 0x20,
+ 0x8d, 0xa6, 0x97, 0x65, 0x42, 0xb4, 0x0d, 0xbd, 0x09, 0x01, 0x78, 0xe2,
+ 0xa6, 0x81, 0x2a, 0x43, 0x6c, 0x18, 0xa5, 0xe8, 0x91, 0xac, 0x80, 0x83,
+ 0x17, 0x6a, 0xce, 0x1d, 0xdf, 0xee, 0x4d, 0x38, 0x28, 0x56, 0xa5, 0x9c,
+ 0x80, 0xc6, 0x43, 0xec, 0xd5, 0xc1, 0xab, 0x68, 0xc6, 0x6b, 0x2b, 0x89,
+ 0x84, 0xce, 0x6e, 0x0e, 0x38, 0x6f, 0x65, 0x54, 0xa9, 0xcb, 0x91, 0xd3,
+ 0x63, 0xbb, 0x4a, 0xcc, 0xf0, 0x28, 0x87, 0x8e, 0xc2, 0x0b, 0x8b, 0x2e,
+ 0x37, 0x21, 0x4f, 0x7b, 0x12, 0xdb, 0xcd, 0x78, 0xfb, 0x38, 0xf7, 0x11,
+ 0xa9, 0x0f, 0xe2, 0x62, 0xc7, 0x84, 0x91, 0xb9, 0x05, 0x83, 0x54, 0xe2,
+ 0x7b, 0x34, 0xfc, 0x92, 0xef, 0x0d, 0x70, 0x28, 0x59, 0x4c, 0xb0, 0x82,
+ 0x59, 0xf8, 0x6b, 0x54, 0xcb, 0x1d, 0x31, 0x7e, 0xc5, 0x5f, 0x2e, 0xf2,
+ 0xab, 0x7e, 0x8b, 0x14, 0x16, 0x71, 0xf8, 0xbc, 0xb1, 0xa9, 0x0b, 0xb7,
+ 0xd8, 0x2b, 0xc8, 0xcb, 0x4f, 0xb0, 0x2c, 0x9c, 0xe4, 0x30, 0xef, 0x4a,
+ 0xe0, 0xdc, 0x84, 0x7e, 0x91, 0xe7, 0xd4, 0xfb, 0x46, 0x3e, 0xb9, 0xdd,
+ 0x87, 0xfc, 0x9d, 0xc9, 0x56, 0x8f, 0x3a, 0x4e, 0xf5, 0x04, 0xd7, 0x4c,
+ 0x13, 0x4d, 0xcb, 0x60, 0xca, 0x01, 0xb3, 0x6c, 0xe1, 0x0c, 0xb4, 0x67,
+ 0x26, 0x8e, 0xa2, 0x97, 0xc0, 0x51, 0x8a, 0x50, 0xd1, 0x2c, 0xc0, 0x25,
+ 0xcf, 0xee, 0xa1, 0x38, 0x1d, 0xdd, 0x7d, 0xd6, 0x3e, 0x4a, 0xc9, 0x48,
+ 0x90, 0xa0, 0xea, 0xe9, 0xdb, 0xd8, 0xdb, 0x24, 0x46, 0x25, 0xa3, 0xc8,
+ 0xaf, 0x2e, 0x1a, 0xff, 0x6a, 0x81, 0x12, 0xc4, 0xd3, 0xd9, 0x8e, 0x82,
+ 0x63, 0x58, 0x8e, 0xe1, 0xdd, 0x90, 0x63, 0xb7, 0x09, 0xb8, 0xec, 0x00,
+ 0x47, 0x4c, 0x4e, 0xa4, 0x13, 0xa8, 0x02, 0xb8, 0xcd, 0xe8, 0x14, 0xe7,
+ 0xb3, 0x73, 0x14, 0x10, 0x80, 0x9e, 0xd0, 0x00, 0x06, 0x0f, 0xb7, 0xb9,
+ 0xb0, 0xbf, 0x85, 0x09, 0xef, 0x17, 0x51, 0x5f, 0x33, 0x3e, 0x86, 0x8b,
+ 0x18, 0x8e, 0xa1, 0x64, 0x45, 0xf3, 0x80, 0xb3, 0xa7, 0xd4, 0x27, 0x74,
+ 0xf6, 0x45, 0x6c, 0xdf, 0x72, 0x42, 0x46, 0xfa},
+ {{Action::WRAP,
+ {SECSuccess, true}}, // Round counter overflows - acceptable
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {52, // empty keys cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {},
+ {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {53, // keys of size 8 byte cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
+ {0x38, 0xd8, 0x23, 0x8c, 0xdb, 0x0d, 0x9a, 0x2d, 0xa2, 0x8d, 0x6d, 0x56,
+ 0x19, 0x4f, 0x2e, 0x78},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {54, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {55, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {56, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {57, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {58, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03, 0x04},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {59, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {60, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {61, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9,
+ 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {62, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {63, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0x9f},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {64, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0xdc, 0x9e, 0x95, 0x80},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {65, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {66, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
+ 0x91, 0xca, 0x6b},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {67, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
+ 0x31, 0x33, 0x8f, 0x33, 0xae},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {68, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {},
+ {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
+ 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {69, // bytes appended to wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4,
+ 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x55, 0xdf, 0xb2, 0xf7, 0xe0, 0xc1, 0xea, 0x04, 0xfe,
+ 0xad, 0x89, 0x7c, 0x45, 0x1c, 0x05, 0x05, 0x92, 0x1d,
+ 0xc4, 0x7f, 0x30, 0x8c, 0x49, 0x17, 0x00},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {70, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x9b, 0x15, 0x93, 0xfd, 0x7d, 0x4f, 0xe2, 0x5a, 0x66, 0x0b, 0xbc, 0x19,
+ 0x76, 0xea, 0x4a, 0xb6, 0x8b, 0xcc, 0x53, 0xf8, 0x48, 0xa8, 0xeb, 0x9d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {71, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xe7, 0xed, 0xb8, 0x47, 0xfa, 0x91, 0xe2, 0xde, 0xde, 0xd7, 0x26, 0xed,
+ 0xf3, 0xab, 0x93, 0xda, 0x91, 0x15, 0x16, 0x97, 0x42, 0x5f, 0xee, 0x28},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {72, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x1b, 0x51, 0xa7, 0xc0, 0x33, 0xc1, 0xef, 0xb5, 0xee, 0x29, 0x94, 0x25,
+ 0x9c, 0x40, 0xf0, 0x3b, 0xb5, 0x7d, 0x8c, 0xc0, 0x9e, 0x50, 0x7e, 0x6e},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {73, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xc4, 0x0b, 0x61, 0x4a, 0x50, 0x62, 0xf5, 0xfd, 0x04, 0x9c, 0x53, 0x79,
+ 0xb3, 0xe8, 0x14, 0x16, 0x14, 0xc2, 0xda, 0x97, 0x89, 0x35, 0x89, 0xfb},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {74, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xd7, 0x57, 0x5e, 0xf0, 0x2d, 0xf5, 0x4b, 0x30, 0x86, 0xeb, 0x49, 0x03,
+ 0x5e, 0xea, 0xfb, 0xce, 0x0e, 0x08, 0x33, 0x6e, 0x89, 0xb3, 0x5a, 0xb0},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {75, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x0d, 0x61, 0x7f, 0x1c, 0x12, 0x48, 0x5a, 0x35, 0x91, 0x7d, 0x2a, 0x94,
+ 0x1e, 0x94, 0x9d, 0x2f, 0xdb, 0xf0, 0x3a, 0x34, 0x68, 0x89, 0xb8, 0x50},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {76, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xc7, 0xdf, 0x34, 0x72, 0x91, 0x74, 0xdb, 0x2e, 0x83, 0xee, 0x16, 0xc6,
+ 0xde, 0x74, 0xd5, 0xeb, 0x97, 0x66, 0x71, 0x5f, 0xad, 0x04, 0x9b, 0x40},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {77, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xc3, 0xed, 0x38, 0xd6, 0xf9, 0xcc, 0xb9, 0xbf, 0x3c, 0x56, 0xbb, 0x31,
+ 0x76, 0xf0, 0x0d, 0x3c, 0xe9, 0x88, 0x75, 0x21, 0xf8, 0xd4, 0xc7, 0x0b},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {78, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x65, 0x82, 0xb5, 0xf4, 0x65, 0x27, 0x44, 0xb0, 0x53, 0x7e, 0x97, 0xe7,
+ 0xcd, 0xae, 0x0f, 0x44, 0x31, 0x30, 0x14, 0x0d, 0xba, 0xea, 0x60, 0x4c},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {79, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xfc, 0x9b, 0x9b, 0xdf, 0x25, 0xf2, 0xb4, 0x8a, 0xd7, 0x99, 0x34, 0xc8,
+ 0xd3, 0x48, 0x97, 0xcd, 0xbf, 0x4c, 0x84, 0x6f, 0x8c, 0xb4, 0xb1, 0x1d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {80, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xfc, 0x23, 0xc7, 0xf4, 0xfe, 0x20, 0xaa, 0x81, 0x10, 0x5e, 0xfc, 0x1a,
+ 0x71, 0x05, 0xa5, 0x31, 0x6b, 0x23, 0x39, 0x9a, 0xc7, 0x92, 0xc8, 0x24},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {81, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x37, 0xb4, 0xa2, 0x61, 0xb9, 0x6b, 0xce, 0xc9, 0xcc, 0x93, 0xee, 0xf5,
+ 0xb2, 0xfb, 0xbb, 0xe8, 0x46, 0x34, 0xf9, 0x78, 0xc5, 0x89, 0x3d, 0xda},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {82, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x18, 0x31, 0x10, 0x98, 0x47, 0xd1, 0x7d, 0x01, 0x0b, 0xfc, 0xd9,
+ 0x3f, 0xb4, 0x6f, 0x31, 0x50, 0xcd, 0xaf, 0xd5, 0x27, 0x33, 0xdb,
+ 0x74, 0xc2, 0x21, 0xb0, 0x34, 0xfe, 0x8e, 0x15, 0x52, 0xc0},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {83, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x2b, 0x2b, 0x89, 0xc3, 0xc6, 0xb2, 0xdb, 0x49, 0x03, 0x87, 0x7a,
+ 0xd4, 0x62, 0x2c, 0xa3, 0x3f, 0x3a, 0x3c, 0xb7, 0xe6, 0x70, 0x1d,
+ 0x13, 0x40, 0xe6, 0xaf, 0xc0, 0xfd, 0xab, 0x7d, 0xbd, 0x72},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {84, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x3c, 0x69, 0x03, 0xf3, 0x7d, 0xa5, 0x71, 0x61, 0xaf, 0x67, 0x06,
+ 0x05, 0x0a, 0x2e, 0xd7, 0x47, 0xcd, 0x55, 0x34, 0x4d, 0x86, 0x91,
+ 0x89, 0xfd, 0x49, 0xd2, 0x53, 0x6f, 0xf9, 0x48, 0x12, 0x9d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {85, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x8a, 0x8d, 0xc8, 0xb1, 0x31, 0xc6, 0xb9, 0x68, 0xb6, 0x0c, 0x1d,
+ 0xd8, 0x19, 0xa6, 0x55, 0x39, 0x2d, 0x1a, 0x96, 0xd6, 0xca, 0xfa,
+ 0x48, 0xe3, 0x0f, 0xb1, 0x14, 0x6f, 0x09, 0x62, 0x29, 0xc6},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {86, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x30, 0x3e, 0x0b, 0x36, 0x02, 0xd5, 0x14, 0xa7, 0xd5, 0x2e, 0xdb,
+ 0xa3, 0x30, 0x6d, 0x73, 0x83, 0xe8, 0x99, 0x9e, 0x7c, 0x65, 0x2a,
+ 0x51, 0x03, 0x35, 0xa8, 0x94, 0x9e, 0xfb, 0x42, 0xeb, 0x66},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {87, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x31, 0x9b, 0xef, 0xbf, 0x2d, 0xdb, 0xb4, 0x75, 0x72, 0x3f, 0xb2,
+ 0xfa, 0x30, 0xf2, 0xae, 0x7f, 0xc1, 0xce, 0xb1, 0xe6, 0xf3, 0x61,
+ 0x71, 0x5e, 0xca, 0x72, 0x09, 0x60, 0x88, 0x73, 0xc7, 0xfc},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {88, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x9b, 0x3e, 0x44, 0x03, 0x41, 0xc5, 0xda, 0x13, 0x15, 0x59, 0x95,
+ 0x9d, 0xb6, 0xb3, 0x55, 0x3a, 0x53, 0x46, 0x91, 0x16, 0x2f, 0x4f,
+ 0x00, 0x93, 0x27, 0xbf, 0x2c, 0x21, 0xd6, 0xfe, 0x5a, 0xda},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {89, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xeb, 0xa6, 0xcc, 0x09, 0x59, 0xe6, 0xa5, 0x63, 0x39, 0xb1, 0x41,
+ 0x62, 0x98, 0x40, 0xad, 0xd8, 0x0f, 0x45, 0x65, 0x65, 0x6d, 0xc6,
+ 0x87, 0xa3, 0xb9, 0x96, 0x96, 0x0c, 0x99, 0x4d, 0xfd, 0x26},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {90, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xb7, 0x03, 0xb6, 0xcf, 0x45, 0x87, 0x70, 0x93, 0x53, 0xc7, 0xe4,
+ 0x00, 0x4d, 0x3d, 0xa6, 0x1c, 0xe5, 0xf5, 0xde, 0xaf, 0x71, 0x63,
+ 0xca, 0x9d, 0x61, 0x58, 0xdd, 0xe9, 0x19, 0xe0, 0xac, 0x34},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {91, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x72, 0x54, 0x9d, 0x52, 0xd6, 0xf4, 0xff, 0x91, 0x2d, 0x83, 0x3c,
+ 0x74, 0x13, 0x6d, 0x90, 0x63, 0x4c, 0xe8, 0xaf, 0xa4, 0xf8, 0x44,
+ 0x12, 0xbb, 0xee, 0x80, 0x74, 0x08, 0x4d, 0x4c, 0xec, 0xff},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {92, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x13, 0x37, 0xc8, 0xbd, 0x6c, 0x8a, 0x5d, 0xd4, 0x3a, 0xba, 0x8d,
+ 0x29, 0x88, 0x64, 0xff, 0xe7, 0x6a, 0xd6, 0xea, 0x90, 0x9f, 0x34,
+ 0x88, 0x15, 0x7a, 0x15, 0xe6, 0xc4, 0x6a, 0xcf, 0x22, 0x14},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {93, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc,
+ 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x4a, 0xaf, 0xfa, 0xca, 0x5f, 0xe8, 0x58, 0x14, 0xd0, 0x40, 0xaa,
+ 0x2a, 0x30, 0x6b, 0xa4, 0xd1, 0xd4, 0x47, 0x46, 0xcf, 0xe4, 0x6c,
+ 0x97, 0x8a, 0xa0, 0x57, 0xb5, 0x3f, 0xd2, 0x53, 0x16, 0xc1},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {94, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
+ 0xcc, 0xdd, 0xee, 0xff},
+ {0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, 0xf9, 0x2b, 0x5b, 0x97,
+ 0xc0, 0x50, 0xae, 0xd2, 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {95, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
+ 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
+ {0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, 0x68, 0xf2, 0x4e,
+ 0xc2, 0x60, 0x74, 0x3e, 0xdc, 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72,
+ 0x5a, 0x93, 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {96,
+ {0xfc, 0xe0, 0x42, 0x9c, 0x61, 0x06, 0x58, 0xef, 0x8e, 0x7c, 0xfb,
+ 0x01, 0x54, 0xc5, 0x1d, 0xe2, 0x23, 0x9a, 0x8a, 0x31, 0x7f, 0x5a,
+ 0xf5, 0xb6, 0x71, 0x4f, 0x98, 0x5f, 0xb5, 0xc4, 0xd7, 0x5c},
+ {0x28, 0x73, 0x26, 0xb5, 0xed, 0x00, 0x78, 0xe7, 0xca, 0x01, 0x64, 0xd7,
+ 0x48, 0xf6, 0x67, 0xe7},
+ {0x94, 0x0b, 0x1c, 0x58, 0x0e, 0x0c, 0x72, 0x33, 0xa7, 0x91, 0xb0, 0xf1,
+ 0x92, 0x43, 0x8d, 0x2e, 0xac, 0xe1, 0x42, 0x14, 0xce, 0xe4, 0x55, 0xb7},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {97,
+ {0x0d, 0xda, 0x6d, 0xa5, 0x12, 0x3e, 0x2c, 0x37, 0xc6, 0xfa, 0x16,
+ 0xba, 0x0d, 0x33, 0x4c, 0xd0, 0x1a, 0xcd, 0x65, 0x2f, 0x89, 0x94,
+ 0x21, 0x17, 0x51, 0xdf, 0xab, 0x4f, 0xaa, 0xc2, 0xfc, 0x22},
+ {0xb4, 0x0b, 0x68, 0x28, 0x72, 0x9b, 0x45, 0x63, 0x22, 0xa8, 0xd0, 0x65,
+ 0xab, 0xc0, 0xd0, 0x81},
+ {0x93, 0x9b, 0x33, 0x89, 0x33, 0x6f, 0xea, 0x4a, 0x97, 0x51, 0xbf, 0x01,
+ 0x4e, 0xf1, 0x80, 0x11, 0x32, 0x30, 0x90, 0xe8, 0xa0, 0x50, 0x0b, 0xc4},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {98,
+ {0xd6, 0x92, 0x59, 0x14, 0xcd, 0x06, 0x30, 0x8f, 0x81, 0xad, 0x91,
+ 0xe2, 0x30, 0x73, 0x59, 0x3d, 0x99, 0xd4, 0xe5, 0x03, 0x51, 0xb2,
+ 0x0e, 0xb2, 0xa8, 0xd1, 0xa1, 0xac, 0x4c, 0xed, 0x65, 0x88},
+ {0x03, 0x7b, 0x27, 0xb3, 0xdc, 0x95, 0xb1, 0x9d, 0x15, 0xbd, 0x40, 0x91,
+ 0xe3, 0x20, 0xbf, 0xe1},
+ {0x59, 0xee, 0x8e, 0x51, 0x98, 0x86, 0x12, 0x37, 0xf6, 0x82, 0xed, 0xec,
+ 0x6b, 0xa9, 0x06, 0x52, 0x6c, 0x01, 0x6d, 0x4d, 0x93, 0x59, 0x42, 0xbd},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {99,
+ {0x07, 0x51, 0x8a, 0x82, 0xcb, 0xc8, 0xda, 0x1d, 0xce, 0xc5, 0x5f,
+ 0x37, 0x63, 0xa2, 0x06, 0xd2, 0x77, 0x48, 0x7a, 0xbd, 0x03, 0xce,
+ 0xdd, 0x0b, 0x8b, 0xef, 0x9e, 0xe2, 0xfb, 0x15, 0x71, 0x21},
+ {0xfa, 0xa4, 0x66, 0x4d, 0x79, 0xfc, 0xe3, 0xc7, 0xd2, 0xfd, 0xd4, 0x62,
+ 0xf6, 0xc1, 0xc4, 0x23, 0xc2, 0xf8, 0xe6, 0xb6, 0x9b, 0xe2, 0xe0, 0x71},
+ {0x1a, 0xb5, 0x3a, 0x06, 0x5d, 0x8f, 0x77, 0x6a, 0x08, 0xb3, 0x3e,
+ 0x51, 0x38, 0x30, 0x71, 0xb6, 0xf1, 0x54, 0x61, 0x21, 0x16, 0x65,
+ 0x51, 0x37, 0xbd, 0x3b, 0x7e, 0xc2, 0x9b, 0x70, 0xfd, 0x56},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {100,
+ {0xea, 0x46, 0x99, 0x1d, 0x4e, 0x71, 0xf5, 0x3d, 0xd6, 0x24, 0xe7,
+ 0xfe, 0x7f, 0xde, 0x11, 0x94, 0x4a, 0x7c, 0x59, 0x42, 0xd2, 0x32,
+ 0x36, 0x9b, 0x80, 0x65, 0xd4, 0x2b, 0x8c, 0xd2, 0xdd, 0xe1},
+ {0xdf, 0xfc, 0x5c, 0xf1, 0xdd, 0x54, 0x11, 0xd0, 0x15, 0xd8, 0x46, 0x01,
+ 0xfa, 0x38, 0xdf, 0x5e, 0xff, 0xe8, 0x85, 0xc7, 0xf2, 0x6a, 0x48, 0x25},
+ {0xa1, 0xbf, 0x8e, 0x73, 0xe3, 0xfa, 0x1d, 0xb7, 0x59, 0xf0, 0xab,
+ 0x2a, 0xb0, 0xb1, 0xca, 0x6f, 0x2c, 0x85, 0xb6, 0x3d, 0x83, 0xe2,
+ 0x5f, 0x7a, 0x0b, 0x52, 0x93, 0xd0, 0xa2, 0x16, 0xa2, 0xb7},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {101,
+ {0xfd, 0xcf, 0xa9, 0x02, 0xc6, 0xf2, 0x22, 0xf5, 0x27, 0xaf, 0x84,
+ 0xda, 0x53, 0x3b, 0x14, 0xb5, 0x2e, 0x26, 0x15, 0xda, 0x3a, 0x89,
+ 0xd1, 0xd3, 0x57, 0x08, 0xb0, 0xcd, 0x49, 0xf6, 0x0d, 0x87},
+ {0x96, 0x6b, 0x07, 0x04, 0x73, 0x54, 0x96, 0x6a, 0x70, 0x3e, 0x79, 0x60,
+ 0x7b, 0x55, 0x60, 0x32, 0xf4, 0xf5, 0x96, 0xb7, 0xf9, 0x20, 0x6f, 0x05},
+ {0x27, 0x30, 0x8a, 0x0e, 0x1a, 0x6c, 0x0a, 0x1d, 0x15, 0xd6, 0x17,
+ 0x4a, 0xb7, 0xd6, 0x86, 0x75, 0x20, 0x7b, 0x61, 0x5d, 0xf1, 0x6f,
+ 0xcf, 0x7a, 0x3c, 0x69, 0xb2, 0x5f, 0x55, 0x1c, 0xca, 0x9f},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {102,
+ {0x38, 0xe1, 0xb1, 0xd0, 0x75, 0xd9, 0xd8, 0x52, 0xb9, 0xa6, 0xc0,
+ 0x1c, 0x8f, 0xf6, 0x96, 0x5a, 0xf0, 0x1b, 0xac, 0x45, 0x7a, 0x4e,
+ 0x33, 0x9a, 0xe3, 0xe1, 0xd7, 0xb2, 0xff, 0xac, 0xc0, 0xcd},
+ {0x80, 0xad, 0x68, 0x20, 0xf1, 0xc9, 0x09, 0x81, 0xe2, 0xca, 0x42,
+ 0xb8, 0x17, 0xa3, 0x45, 0xc1, 0x17, 0x9d, 0x0a, 0x11, 0xd8, 0xe2,
+ 0x3a, 0x8a, 0xdc, 0x05, 0x05, 0xe1, 0x3d, 0x87, 0x29, 0x5a},
+ {0x71, 0x55, 0xee, 0x93, 0x2b, 0x03, 0x58, 0xd9, 0x81, 0x82,
+ 0xa2, 0x3f, 0x7f, 0x42, 0x7c, 0x77, 0x4a, 0xb3, 0x40, 0xa4,
+ 0x75, 0x7d, 0x0b, 0x6a, 0x63, 0xfa, 0xcd, 0x3d, 0xe9, 0x05,
+ 0x78, 0x43, 0x8c, 0xf0, 0x32, 0x01, 0xc3, 0xf8, 0x80, 0x57},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {103,
+ {0xc6, 0x41, 0xf1, 0x68, 0x9d, 0x81, 0xca, 0xa8, 0xba, 0x37, 0xd8,
+ 0x95, 0x27, 0x22, 0x40, 0x66, 0x40, 0x54, 0xed, 0x97, 0x4c, 0xff,
+ 0xfc, 0x40, 0xe6, 0xc5, 0xc0, 0xca, 0xd1, 0xb9, 0x16, 0xc7},
+ {0x3f, 0xd0, 0xba, 0x19, 0x95, 0x5e, 0x46, 0x74, 0x9f, 0x54, 0xd8,
+ 0x8e, 0x99, 0xd0, 0x80, 0xb7, 0x33, 0x9d, 0x58, 0x8f, 0xe6, 0x12,
+ 0xec, 0x0f, 0x40, 0x21, 0xca, 0x3c, 0xa2, 0x10, 0x42, 0x70},
+ {0xf2, 0x0b, 0x9b, 0x55, 0x3b, 0xc0, 0x84, 0x75, 0x29, 0xf8,
+ 0xd4, 0x37, 0x9f, 0xa9, 0x09, 0x21, 0x1e, 0x68, 0x24, 0x9b,
+ 0xd4, 0x29, 0xf4, 0x36, 0xc6, 0x15, 0xc4, 0xc4, 0xa5, 0xd9,
+ 0xf1, 0xa1, 0x96, 0x8f, 0x0b, 0x89, 0xc5, 0x23, 0x7b, 0x30},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {104,
+ {0xaa, 0x0a, 0xb9, 0xd6, 0x8e, 0xd4, 0xa0, 0x4e, 0x72, 0x3f, 0x81,
+ 0xb4, 0x4c, 0x0c, 0x88, 0xd0, 0xbc, 0xde, 0x7a, 0x80, 0xcf, 0xd4,
+ 0x76, 0xeb, 0x4b, 0x88, 0x36, 0xd9, 0xaa, 0x01, 0xec, 0x4c},
+ {0x57, 0xfa, 0xa8, 0x76, 0x6f, 0x6d, 0x6a, 0x0a, 0xa1, 0xcf, 0x64,
+ 0x3f, 0x85, 0x7c, 0x15, 0x0d, 0xf5, 0xb3, 0x13, 0x03, 0xb5, 0x0a,
+ 0xf4, 0x80, 0xe2, 0x1c, 0x4b, 0x5e, 0x8c, 0x8a, 0x15, 0xd5},
+ {0x28, 0x11, 0x71, 0x68, 0x54, 0xa2, 0x14, 0xae, 0xcd, 0xd3,
+ 0x18, 0xc6, 0x67, 0x0b, 0x9b, 0x2a, 0x75, 0x11, 0x71, 0x3c,
+ 0x9a, 0x0c, 0x0f, 0xa8, 0x05, 0x23, 0x0f, 0xf0, 0x5c, 0xf8,
+ 0x4a, 0xf7, 0x95, 0xdd, 0x72, 0xf6, 0xc1, 0xa4, 0x45, 0x12},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {105, // Round counter overflows 256
+ {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72,
+ 0x7c, 0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6,
+ 0x35, 0x02, 0x5c, 0xba, 0xc1, 0xec, 0xf5, 0x2c, 0xa4, 0x95},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x53, 0x22, 0xbc, 0x62, 0xbd, 0x83, 0x79, 0xab, 0xbb, 0x75, 0xf6, 0x96,
+ 0x88, 0xb8, 0xf0, 0x0e, 0x31, 0x96, 0x2b, 0x8f, 0x9a, 0xe1, 0xe8, 0x97,
+ 0x71, 0x95, 0x2d, 0x8a, 0x2a, 0x74, 0x9e, 0x13, 0x52, 0xec, 0x33, 0xb5,
+ 0x43, 0x5a, 0x67, 0x42, 0x71, 0xb3, 0x14, 0x76, 0x0a, 0xb9, 0xf7, 0x53,
+ 0xb1, 0x67, 0x26, 0x18, 0x5e, 0xc7, 0xd3, 0x19, 0xac, 0x60, 0x53, 0x13,
+ 0x55, 0x34, 0x4c, 0x1d, 0x53, 0xc7, 0x90, 0x30, 0x00, 0xa8, 0x03, 0x9e,
+ 0xb4, 0x0f, 0x70, 0x56, 0x4a, 0x0a, 0xd3, 0xf4, 0x1b, 0x23, 0x55, 0xea,
+ 0x5d, 0xfa, 0x6a, 0x1d, 0x46, 0x39, 0x2f, 0x1d, 0x10, 0x6a, 0x5d, 0xa5,
+ 0x69, 0xbf, 0xb0, 0x49, 0x3b, 0xf7, 0xc1, 0x2d, 0xff, 0x04, 0xba, 0xfe,
+ 0xae, 0x37, 0x7d, 0xf4, 0xbb, 0x47, 0xcd, 0x44, 0x0b, 0x6f, 0x60, 0xfb,
+ 0xab, 0x2a, 0x54, 0xa9, 0x85, 0x51, 0xb7, 0x62, 0x73, 0xe0, 0x2c, 0xac,
+ 0x8d, 0x7b, 0xe9, 0xf2, 0x34, 0x3d, 0x3a, 0xbb, 0x2a, 0x23, 0xaf, 0x1c,
+ 0x91, 0xa7, 0x01, 0x1c, 0x67, 0xa7, 0x90, 0x72, 0x60, 0x11, 0x6b, 0x67,
+ 0xd5, 0x10, 0xaa, 0xbe, 0x5c, 0x7c, 0xa4, 0x6c, 0x1c, 0x20, 0xf7, 0x71,
+ 0x06, 0xc4, 0x59, 0x66, 0x58, 0x3b, 0x3e, 0x4e, 0xd7, 0x99, 0xa4, 0x7e,
+ 0xe1, 0x9b, 0xb4, 0x22, 0x32, 0x09, 0x26, 0x5c, 0x2b, 0x1a, 0xc8, 0x18,
+ 0x3a, 0x67, 0x8f, 0xf4, 0x3b, 0xc9, 0xa3, 0x47, 0x0a, 0x50, 0xb9, 0xee,
+ 0x4d, 0x10, 0xf6, 0x06, 0x74, 0x26, 0x8d, 0x72, 0xc6, 0x8b, 0xe0, 0x03,
+ 0xa0, 0xd9, 0xdd, 0x68, 0x49, 0xab, 0xa8, 0x36, 0xfe, 0x8a, 0x17, 0x92,
+ 0xb8, 0x1c, 0x90, 0xe1, 0x29, 0x45, 0xbf, 0xe1, 0xf2, 0x7a, 0x9c, 0x6b,
+ 0x2a, 0xf6, 0x6a, 0x06, 0x3c, 0xdb, 0x77, 0x21, 0xa7, 0xf2, 0x3f, 0xb3,
+ 0x0a, 0xfd, 0xbd, 0x8b, 0x18, 0xdb, 0x37, 0x7d, 0xd1, 0x69, 0x7f, 0x15,
+ 0x7b, 0xe8, 0x1c, 0x15, 0x78, 0xd0, 0x8b, 0x06, 0x6c, 0x71, 0xb0, 0xc5,
+ 0xca, 0x7f, 0xee, 0xca, 0xc1, 0xcd, 0xd9, 0x38, 0xcf, 0x9a, 0xd5, 0x25,
+ 0xf7, 0x48, 0x44, 0x66, 0x09, 0x08, 0x19, 0x4b, 0x28, 0xe5, 0x4e, 0xdd,
+ 0xb1, 0x58, 0xf6, 0xe4, 0xc9, 0x21, 0xb8, 0x11, 0xd9, 0x0d, 0xb7, 0x1a,
+ 0x92, 0xff, 0x87, 0x2d, 0xb2, 0x25, 0x0d, 0xcc, 0x3f, 0x84, 0x7f, 0xc7,
+ 0x52, 0xb6, 0x6d, 0x77, 0xe3, 0x3c, 0x85, 0x08, 0x4d, 0x3f, 0xa5, 0x3b,
+ 0x4f, 0x30, 0x50, 0x3d, 0x2a, 0x06, 0xe6, 0xca, 0xbb, 0x90, 0x33, 0xd5,
+ 0x9f, 0xc1, 0xdc, 0x15, 0xe3, 0x2f, 0x19, 0x84, 0x6a, 0x03, 0x9b, 0x91,
+ 0x59, 0x7b, 0x0b, 0xa3, 0x14, 0x1a, 0x7d, 0x97, 0x17, 0x63, 0x00, 0x62,
+ 0x17, 0x01, 0x17, 0xb2, 0x13, 0x1d, 0xab, 0x77, 0x40, 0x6e, 0x9e, 0xd7,
+ 0xd6, 0x6b, 0x2c, 0x75, 0x4d, 0x84, 0x9c, 0x60},
+ {{Action::WRAP,
+ {SECSuccess, true}}, // Round counter overflows - acceptable
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {106, // empty keys cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {},
+ {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {107, // keys of size 8 byte cannot be wrapped
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
+ {0x18, 0x1b, 0xa6, 0xa3, 0xa4, 0x39, 0x24, 0x69, 0xe3, 0xde, 0x98, 0xdd,
+ 0xbb, 0xdd, 0x24, 0x32},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {108, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {109, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {110, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {111, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {112, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03, 0x04},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {113, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {114, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {115, // wrapped key size must be divisible by 8
+ {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7,
+ 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e,
+ 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {116, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {117, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0x9f},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {118, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0xdc, 0x9e, 0x95, 0x80},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {119, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {120, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45,
+ 0x91, 0xca, 0x6b},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {121, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18,
+ 0x31, 0x33, 0x8f, 0x33, 0xae},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {122, // invalid size of wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {},
+ {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff,
+ 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00},
+ {{Action::WRAP, {SECFailure, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {123, // bytes appended to wrapped key
+ {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c,
+ 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10,
+ 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x7d, 0xfb, 0xd7, 0xcf, 0x61, 0x58, 0xd7, 0x5b, 0xb5,
+ 0x90, 0x0b, 0x3b, 0xf1, 0xe3, 0x87, 0x10, 0x03, 0x40,
+ 0x2a, 0x65, 0x08, 0xb1, 0x91, 0x28, 0x00},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {124, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xa4, 0x17, 0x67, 0x1b, 0xc6, 0x2a, 0x23, 0xc7, 0xa6, 0x55, 0x43, 0x09,
+ 0x21, 0x24, 0x02, 0x4d, 0xf7, 0x2c, 0x04, 0x8d, 0x8d, 0xb3, 0x30, 0xc7},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {125, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x95, 0x18, 0xd0, 0xf9, 0x9d, 0x7a, 0x73, 0xed, 0x4a, 0x50, 0x2b, 0x44,
+ 0x9c, 0x14, 0xc2, 0x85, 0x97, 0x1b, 0x0e, 0x61, 0x77, 0xce, 0x0e, 0xca},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {126, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xf3, 0x51, 0x1f, 0x04, 0x91, 0xbd, 0x74, 0xae, 0x1d, 0xef, 0xb5, 0x30,
+ 0x7f, 0x0e, 0x18, 0xdb, 0x86, 0x4b, 0x57, 0xb5, 0xc4, 0x04, 0xd4, 0x28},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {127, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x6c, 0x03, 0xce, 0x77, 0x92, 0x59, 0x66, 0x1c, 0x43, 0xd4, 0x1d, 0x5d,
+ 0x0e, 0x45, 0x68, 0x7f, 0x87, 0x43, 0x53, 0xbb, 0xa5, 0x16, 0xc7, 0x3e},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {128, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x8d, 0xf0, 0x19, 0x69, 0xa1, 0x1c, 0x87, 0x02, 0x65, 0x35, 0xbf, 0xcc,
+ 0xf7, 0x2b, 0x1d, 0x06, 0x4c, 0x86, 0xec, 0xc7, 0xe5, 0x22, 0x71, 0x57},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {129, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x8e, 0xd1, 0xcd, 0xe2, 0x28, 0xd9, 0xc8, 0xd0, 0x46, 0xdc, 0xa6, 0x5c,
+ 0x7a, 0x27, 0xae, 0xf2, 0xed, 0xf8, 0xae, 0x90, 0xc7, 0x05, 0xd1, 0xe9},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {130, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xd6, 0x9b, 0x3e, 0x34, 0xe9, 0xde, 0x38, 0xd4, 0x4d, 0xe1, 0x99, 0x89,
+ 0x92, 0x36, 0x2a, 0x6f, 0xa1, 0xf6, 0x96, 0xb5, 0xac, 0xab, 0x3f, 0x10},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {131, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x67, 0x86, 0x51, 0x22, 0xaf, 0x32, 0x94, 0xb8, 0xda, 0x05, 0x88, 0x77,
+ 0x51, 0x25, 0xcb, 0xd6, 0xdc, 0x19, 0xd5, 0xe5, 0xca, 0xb9, 0x7b, 0x6d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {132, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x9f, 0x0f, 0xa5, 0x23, 0x63, 0xdd, 0x55, 0xdf, 0x47, 0x2d, 0x86, 0x7e,
+ 0x6f, 0xaf, 0x5d, 0xa8, 0xeb, 0x20, 0x4a, 0x1d, 0x6d, 0x49, 0x70, 0x30},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {133, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xc3, 0x99, 0xf9, 0x99, 0xc9, 0x6a, 0x42, 0x04, 0x32, 0x5e, 0x7f, 0x08,
+ 0xd6, 0xa4, 0xde, 0x25, 0x6f, 0xaf, 0x21, 0xec, 0x2c, 0x00, 0x7d, 0xdf},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {134, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0x28, 0x20, 0x82, 0x26, 0x4a, 0x87, 0xdc, 0x35, 0xce, 0x1c, 0xc5, 0xb9,
+ 0x93, 0x1b, 0x77, 0xd8, 0x0d, 0x82, 0xfc, 0xac, 0xc0, 0x92, 0x7f, 0x85},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {135, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5},
+ {0xc1, 0x92, 0xc9, 0x0b, 0x83, 0x00, 0x3c, 0xa9, 0x67, 0x44, 0x49, 0x80,
+ 0x14, 0xb6, 0xad, 0x6b, 0xed, 0xda, 0x83, 0x79, 0x55, 0x26, 0x98, 0x19},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {136, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x30, 0xa9, 0x83, 0xcd, 0x9e, 0x69, 0xd5, 0x61, 0xac, 0xc9, 0x5c,
+ 0x42, 0xb2, 0x52, 0xab, 0xa4, 0x18, 0x5f, 0x83, 0x92, 0xf2, 0xe6,
+ 0xc9, 0x35, 0xc8, 0xeb, 0x10, 0x5a, 0xf8, 0x08, 0x2e, 0x34},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {137, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x4d, 0xe9, 0xa6, 0x39, 0xb7, 0x99, 0x63, 0x0b, 0x45, 0xb4, 0x9e,
+ 0x28, 0xdb, 0xfc, 0x44, 0xda, 0xbb, 0x98, 0x43, 0xee, 0x58, 0x8a,
+ 0x8c, 0xff, 0x28, 0x6b, 0x8d, 0x5f, 0xbd, 0x7b, 0x32, 0xee},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {138, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xd9, 0x15, 0xb2, 0xcd, 0xfb, 0x76, 0x9d, 0x9d, 0x82, 0x25, 0x9d,
+ 0xc3, 0xd1, 0x24, 0x64, 0x6b, 0xbf, 0x97, 0x2b, 0x83, 0xef, 0xd4,
+ 0xc2, 0xea, 0xe9, 0xb9, 0xf7, 0x51, 0x07, 0x3f, 0x78, 0xd6},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {139, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x11, 0x7d, 0x65, 0x3f, 0x48, 0x0b, 0x69, 0xfc, 0xe5, 0x64, 0xf1,
+ 0xfe, 0x99, 0x57, 0x24, 0x92, 0x94, 0x51, 0x89, 0xed, 0x5a, 0xf7,
+ 0x89, 0xce, 0x05, 0xa2, 0x65, 0x1b, 0xaf, 0x90, 0xbb, 0x5e},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {140, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x82, 0x26, 0xd0, 0x7a, 0x2f, 0x91, 0x9e, 0x24, 0xad, 0xa1, 0x08,
+ 0x1c, 0x69, 0xa7, 0x55, 0x20, 0xbe, 0x89, 0x5e, 0x3a, 0x2b, 0xda,
+ 0x9b, 0x80, 0x5d, 0x97, 0x47, 0x77, 0x3d, 0xde, 0xaa, 0x38},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {141, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xb0, 0xa7, 0x43, 0x45, 0xbe, 0xdf, 0x88, 0x65, 0x34, 0x8d, 0xaf,
+ 0x45, 0xd0, 0x54, 0xb9, 0x9c, 0xe5, 0x15, 0xea, 0x8b, 0xe1, 0x36,
+ 0x27, 0x0d, 0x1c, 0xf7, 0x1e, 0x1c, 0xfa, 0x7a, 0xa4, 0xa2},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {142, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xa2, 0x61, 0xdb, 0x77, 0xf1, 0x7f, 0x7e, 0xc7, 0x36, 0xd1, 0xa8,
+ 0xbe, 0x16, 0xe5, 0xf9, 0xae, 0x43, 0x2f, 0xe2, 0xa1, 0x70, 0x12,
+ 0xe5, 0xa6, 0xf0, 0x7c, 0x54, 0x26, 0xa9, 0xf0, 0xca, 0x59},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {143, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xc5, 0x3a, 0xcb, 0x5e, 0x09, 0x6b, 0x54, 0x54, 0x8e, 0x13, 0x85,
+ 0xb2, 0xff, 0x18, 0xea, 0xef, 0x68, 0xd2, 0x35, 0xc9, 0x5b, 0x01,
+ 0x94, 0xe7, 0x4a, 0x23, 0x83, 0xd3, 0xa7, 0xa5, 0x30, 0xdc},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {144, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xfa, 0xef, 0x48, 0x2d, 0x99, 0xeb, 0xb1, 0x80, 0xe5, 0xbc, 0x5e,
+ 0x3c, 0xf7, 0x75, 0xba, 0x29, 0x2c, 0x2a, 0x3b, 0x6c, 0x44, 0xaa,
+ 0x4a, 0x21, 0xad, 0x40, 0x09, 0x06, 0xf1, 0x1a, 0xf3, 0x92},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {145, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x73, 0xa4, 0x50, 0xb6, 0x3b, 0x07, 0xb3, 0xae, 0xce, 0x9d, 0x1a,
+ 0xe5, 0xbf, 0x09, 0x7a, 0x3d, 0xd3, 0xfc, 0xf7, 0x3e, 0x3e, 0xc2,
+ 0xf1, 0xbd, 0x8f, 0xc3, 0xb5, 0x58, 0x6c, 0xb9, 0xbd, 0x73},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {146, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0xd3, 0x4b, 0x6e, 0xe1, 0x84, 0xd3, 0x87, 0xc9, 0xaa, 0x4b, 0x2d,
+ 0x18, 0x0a, 0xe0, 0xa8, 0x94, 0x98, 0x01, 0x4e, 0x55, 0xfe, 0x8e,
+ 0x41, 0x6b, 0xe4, 0xf8, 0x26, 0xfc, 0xf7, 0xd5, 0x65, 0x22},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {147, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa,
+ 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1},
+ {0x2a, 0xf8, 0x23, 0xd1, 0x60, 0x28, 0x03, 0x74, 0x0b, 0xfa, 0x90,
+ 0x40, 0xc2, 0xc4, 0xe7, 0x69, 0xa5, 0xb6, 0xde, 0x91, 0x9d, 0x40,
+ 0x3c, 0xfb, 0xa9, 0xad, 0x36, 0x0f, 0x63, 0xaf, 0x11, 0x13},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {148, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xdd, 0x78, 0xeb, 0xd3, 0x09, 0x1c, 0x55, 0xa5, 0xda, 0x5b,
+ 0x24, 0x50, 0x42, 0x00, 0xf7, 0xfa, 0xdd, 0x1b, 0x3a, 0xc6,
+ 0xad, 0x35, 0xf8, 0x14, 0xf7, 0x33, 0xe6, 0x03, 0xc1, 0x39,
+ 0x36, 0x24, 0x5d, 0x69, 0xd8, 0x3f, 0x26, 0x2f, 0x6b, 0x1e},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {149, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0x3d, 0x83, 0x38, 0xea, 0xe7, 0xde, 0x32, 0x23, 0x99, 0xe1,
+ 0xd1, 0xb4, 0xa3, 0xdf, 0x54, 0x32, 0x6b, 0x24, 0x2b, 0x56,
+ 0x36, 0x12, 0xea, 0x4b, 0x27, 0xda, 0x22, 0xa0, 0x41, 0xd3,
+ 0xc8, 0x09, 0x66, 0x91, 0x1b, 0xc0, 0x09, 0x91, 0x17, 0x61},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {150, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xd0, 0x4b, 0xf7, 0x5c, 0xad, 0xd3, 0xb5, 0xf0, 0x99, 0xc3,
+ 0x4b, 0x27, 0xa9, 0x1e, 0x64, 0xa8, 0xf2, 0xdb, 0xcf, 0x08,
+ 0xe8, 0xc5, 0xc1, 0xc9, 0xf0, 0x7a, 0x77, 0x7e, 0xeb, 0x80,
+ 0x5d, 0x5d, 0x0e, 0x8c, 0x5c, 0x01, 0xaf, 0xc4, 0x39, 0x44},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {151, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xbe, 0x0c, 0x5d, 0x19, 0x3b, 0x61, 0xc5, 0x13, 0x7a, 0x8f,
+ 0xd8, 0xa6, 0xd7, 0xd1, 0xed, 0x8f, 0x0f, 0xa2, 0x8c, 0xec,
+ 0x51, 0x6f, 0x54, 0x46, 0x97, 0xc1, 0x2a, 0xdd, 0x4f, 0x8f,
+ 0x4d, 0x5c, 0xfc, 0xa6, 0x5e, 0xde, 0xb1, 0x01, 0x99, 0x74},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {152, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xa8, 0x3e, 0xbc, 0xbe, 0xb2, 0xbe, 0x9d, 0x68, 0x07, 0xb5,
+ 0xcf, 0xc3, 0x1c, 0x89, 0x84, 0x9d, 0x13, 0x43, 0xdd, 0x4e,
+ 0xb2, 0x2e, 0x5b, 0xfe, 0x9e, 0x2b, 0x2b, 0x37, 0x90, 0xad,
+ 0x89, 0x00, 0x60, 0x1f, 0x1f, 0x5d, 0x54, 0xfd, 0x47, 0x2f},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {153, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0x41, 0x62, 0x21, 0x48, 0x5a, 0x6c, 0xb9, 0x8a, 0xd1, 0x34,
+ 0x2e, 0xa9, 0xa1, 0x29, 0x26, 0xa9, 0xa1, 0x33, 0xea, 0xd8,
+ 0xbd, 0x91, 0x93, 0x23, 0xfe, 0x78, 0x9b, 0xb8, 0xf8, 0x9a,
+ 0x4f, 0xca, 0xf8, 0x1e, 0x1b, 0xe5, 0x4f, 0x9d, 0x35, 0x8e},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {154, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xbf, 0x6a, 0x53, 0x28, 0x6f, 0xac, 0x48, 0xe7, 0xf2, 0x5d,
+ 0x89, 0xb7, 0x05, 0x6b, 0x27, 0xaa, 0x91, 0x7d, 0x5b, 0x54,
+ 0xc0, 0xd3, 0x17, 0x1d, 0xff, 0x36, 0x9f, 0x72, 0x49, 0x15,
+ 0x3b, 0xf0, 0x9d, 0xa5, 0x89, 0x1e, 0xb4, 0xdc, 0x2d, 0x88},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {155, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0x99, 0xd5, 0x17, 0xa1, 0x32, 0x1b, 0xb6, 0x33, 0xb0, 0xd5,
+ 0xf3, 0xaf, 0xda, 0x23, 0x72, 0xd3, 0xab, 0xf6, 0x8b, 0x41,
+ 0xd1, 0x3c, 0xbf, 0xdf, 0xfc, 0x78, 0xf1, 0x73, 0xb8, 0x8b,
+ 0xc4, 0xb9, 0x7e, 0xfc, 0xab, 0x2b, 0x29, 0x04, 0x78, 0x8d},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {156, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xd9, 0x24, 0x56, 0xbc, 0x77, 0xa2, 0x68, 0xef, 0x71, 0xcb,
+ 0xa7, 0x60, 0x64, 0xa1, 0xb7, 0x72, 0xd1, 0xfe, 0xe2, 0xae,
+ 0x4f, 0x0e, 0xe3, 0xbb, 0x93, 0x2a, 0x2a, 0xdb, 0x2b, 0x03,
+ 0x17, 0x96, 0xb9, 0xea, 0xdb, 0x51, 0x75, 0x3f, 0x28, 0x68},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {157, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0x5b, 0xb5, 0x46, 0x30, 0xab, 0x8d, 0x73, 0xa0, 0x40, 0xf0,
+ 0xf8, 0x7e, 0x70, 0xe2, 0x63, 0xd1, 0xae, 0xb2, 0x35, 0x8b,
+ 0xcd, 0xc0, 0xdc, 0xe6, 0x99, 0x4d, 0x0d, 0x87, 0x44, 0x52,
+ 0xbb, 0xd8, 0x74, 0x1b, 0x7e, 0xc1, 0xd5, 0x9d, 0x82, 0x98},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {158, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0x45, 0x81, 0xd6, 0x53, 0x60, 0x39, 0xdb, 0x1b, 0x23, 0xda,
+ 0x50, 0xc6, 0x48, 0x77, 0x7e, 0x90, 0xc8, 0x2d, 0x61, 0x28,
+ 0xbb, 0x92, 0xe2, 0x8b, 0x29, 0x74, 0xba, 0xe1, 0x14, 0x15,
+ 0x43, 0xa1, 0x9a, 0x15, 0x92, 0xfd, 0xa1, 0xfb, 0xd6, 0x1f},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {159, // Incorrect IV
+ {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3,
+ 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a,
+ 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7},
+ {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84,
+ 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b,
+ 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c},
+ {0xd3, 0x5b, 0xc6, 0x7e, 0x62, 0x06, 0x4c, 0x34, 0xf4, 0x81,
+ 0x50, 0x99, 0x9b, 0xa3, 0x0d, 0xed, 0x47, 0x5d, 0x8c, 0x75,
+ 0x97, 0x8f, 0x45, 0x73, 0x73, 0x20, 0xf2, 0x3e, 0xda, 0xaa,
+ 0x7a, 0x40, 0xd7, 0x80, 0x3f, 0xc6, 0x1a, 0xdd, 0x34, 0xa4},
+ {{Action::WRAP, {SECSuccess, false}},
+ {Action::UNWRAP, {SECFailure, false}}}},
+
+ {160, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+ 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
+ 0xcc, 0xdd, 0xee, 0xff},
+ {0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, 0x63, 0xe9, 0x77, 0x79,
+ 0x05, 0x81, 0x8a, 0x2a, 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {161, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+ 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
+ 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
+ {0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, 0xf6, 0xe6, 0xf4,
+ 0xfb, 0xe3, 0x0e, 0x71, 0xe4, 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c,
+ 0xb8, 0x95, 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+
+ {162, // RFC 3394
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+ 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f},
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa,
+ 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f},
+ {0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, 0xcb, 0xcc,
+ 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, 0x3f, 0x57, 0x86, 0xe2,
+ 0xd8, 0x0e, 0xd3, 0x26, 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99,
+ 0xf4, 0x3b, 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21},
+ {{Action::WRAP, {SECSuccess, true}},
+ {Action::UNWRAP, {SECSuccess, true}}}},
+};
+#endif // kw_vectors_h__ \ No newline at end of file
diff --git a/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h b/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h
new file mode 100644
index 000000000..5fa7d2de0
--- /dev/null
+++ b/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h
@@ -0,0 +1,117 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling ./mach wycheproof */
+
+#ifndef chachapoly_vectors_h__
+#define chachapoly_vectors_h__
+
+#include <string>
+#include <vector>
+
+typedef struct chaChaTestVectorStr {
+ uint32_t id;
+ std::vector<uint8_t> Data;
+ std::vector<uint8_t> AAD;
+ std::vector<uint8_t> Key;
+ std::vector<uint8_t> IV;
+ std::vector<uint8_t> CT;
+ bool invalidTag;
+ bool invalidIV;
+} chaChaTestVector;
+
+// ChaCha20/Poly1305 Test Vector 1, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#section-2.8.2>
+// ChaCha20/Poly1305 Test Vector 2, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#appendix-A.5>
+const chaChaTestVector kChaCha20Vectors[] = {
+ {0,
+ {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+ 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+ 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+ 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+ 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+ 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+ 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e},
+ {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7},
+ {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+ 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+ 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f},
+ {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47},
+ {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+ 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+ 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+ 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+ 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+ 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+ 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+ 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+ 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+ 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+ 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91},
+ false,
+ false},
+ {1,
+ {0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+ 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+ 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+ 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+ 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+ 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+ 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+ 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+ 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+ 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+ 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+ 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+ 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+ 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+ 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+ 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+ 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+ 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+ 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+ 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+ 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+ 0x9d},
+ {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91},
+ {0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+ 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+ 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0},
+ {0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+ 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+ 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+ 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+ 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+ 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+ 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+ 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+ 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+ 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+ 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+ 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+ 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+ 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+ 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+ 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+ 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+ 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+ 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+ 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+ 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+ 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+ 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+ 0xfe, 0xa1, 0x85, 0x1f, 0x38},
+ false,
+ false}};
+
+#endif // chachapoly_vectors_h__
diff --git a/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h b/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h
new file mode 100644
index 000000000..a92b83e86
--- /dev/null
+++ b/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h
@@ -0,0 +1,75 @@
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef curve25519_vectors_h__
+#define curve25519_vectors_h__
+
+#include <string>
+#include <vector>
+
+typedef struct curve25519_testvector_str {
+ std::vector<uint8_t> private_key;
+ std::vector<uint8_t> public_key;
+ std::vector<uint8_t> secret;
+ bool valid;
+} curve25519_testvector;
+
+const curve25519_testvector kCurve25519Vectors[] = {
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
+ 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
+ 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42},
+ true},
+
+ // A public key that's too short (31 bytes).
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b,
+ 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+ 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f},
+ {},
+ false},
+
+ // A public key that's too long (33 bytes).
+ {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+ 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+ 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+ 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+ 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+ 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+ 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a},
+ {0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+ 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+ 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+ 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34},
+ {},
+ false}};
+
+#endif // curve25519_vectors_h__
diff --git a/security/nss/gtests/common/gcm-vectors.h b/security/nss/gtests/common/testvectors_base/gcm-vectors_base.h
index b0646c964..ccb5761da 100644
--- a/security/nss/gtests/common/gcm-vectors.h
+++ b/security/nss/gtests/common/testvectors_base/gcm-vectors_base.h
@@ -3,12 +3,17 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* This file is generated from sources in nss/gtests/common/wycheproof
+ * automatically and should not be touched manually.
+ * Generation is trigged by calling ./mach wycheproof */
+
#ifndef gcm_vectors_h__
#define gcm_vectors_h__
#include <string>
typedef struct gcm_kat_str {
+ uint32_t test_id;
std::string key;
std::string plaintext;
std::string additional_data;
@@ -16,49 +21,55 @@ typedef struct gcm_kat_str {
std::string hash_key;
std::string ghash;
std::string result;
+ bool invalid_ct;
+ bool invalid_iv;
} gcm_kat_value;
/*
* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
*/
const gcm_kat_value kGcmKatValues[] = {
- {"00000000000000000000000000000000", "", "", "000000000000000000000000",
+ {1, "00000000000000000000000000000000", "", "", "000000000000000000000000",
"66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000",
- "58e2fccefa7e3061367f1d57a4e7455a"},
+ "58e2fccefa7e3061367f1d57a4e7455a", false, false},
- {"00000000000000000000000000000000", "00000000000000000000000000000000", "",
- "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
+ {2, "00000000000000000000000000000000", "00000000000000000000000000000000",
+ "", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
"f38cbb1ad69223dcc3457ae5b6b0f885",
- "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf"},
+ "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf", false,
+ false},
- {"feffe9928665731c6d6a8f9467308308",
+ {3, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78",
"7f1b32b81b820d02614f8895ac1d4eac",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c"
- "f35abd2ba6fab4"},
+ "f35abd2ba6fab4",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308",
+ {4, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7"
- "121a47"},
+ "121a47",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308",
+ {5, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b",
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
"49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac"
- "a2fccb"},
+ "a2fccb",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308",
+ {6, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
@@ -67,45 +78,51 @@ const gcm_kat_value kGcmKatValues[] = {
"b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de",
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
"ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16"
- "99d050"},
+ "99d050",
+ false, false},
- {"000000000000000000000000000000000000000000000000", "", "",
+ {7, "000000000000000000000000000000000000000000000000", "", "",
"000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7",
- "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435"},
+ "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435",
+ false, false},
- {"000000000000000000000000000000000000000000000000",
+ {8, "000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000", "", "000000000000000000000000",
"aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce",
- "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb"},
+ "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb", false,
+ false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ {9, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249",
"51110d40f6c8fff0eb1ae33445a889f0",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1"
- "18024db8674a14"},
+ "18024db8674a14",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ {10, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d"
- "27618c"},
+ "27618c",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ {11, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089",
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
"a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d"
- "3533f8"},
+ "3533f8",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+ {12, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
@@ -114,45 +131,51 @@ const gcm_kat_value kGcmKatValues[] = {
"466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94",
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
"f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3"
- "76a6d9"},
+ "76a6d9",
+ false, false},
- {"0000000000000000000000000000000000000000000000000000000000000000", "", "",
- "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
- "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b"},
+ {13, "0000000000000000000000000000000000000000000000000000000000000000", "",
+ "", "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
+ "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b",
+ false, false},
- {"0000000000000000000000000000000000000000000000000000000000000000",
+ {14, "0000000000000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000", "", "000000000000000000000000",
"dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92",
- "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919"},
+ "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919", false,
+ false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ {15, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7",
"4db870d37cb75fcb46097c36230d1612",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec"
- "1a502270e3cc6c"},
+ "1a502270e3cc6c",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ {16, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb"
- "2d551b"},
+ "2d551b",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ {17, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63",
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
"934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe"
- "2ea8f2"},
+ "2ea8f2",
+ false, false},
- {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+ {18, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
@@ -161,12 +184,14 @@ const gcm_kat_value kGcmKatValues[] = {
"acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b",
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
"0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a"
- "e9f19a"},
+ "e9f19a",
+ false, false},
/* Extra, non-NIST, test case to test 64-bit binary multiplication carry
* correctness. This is a GHASH-only test. */
- {"", "", "", "", "0000000000000000fcefef64ffc4766c",
+ {19, "", "", "", "", "0000000000000000fcefef64ffc4766c",
"3561e34e52d8b598f9937982512fff27",
- "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000"}};
+ "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000", false,
+ false}};
#endif // gcm_vectors_h__
diff --git a/security/nss/gtests/common/util.h b/security/nss/gtests/common/util.h
index 7ed1fd799..9a4c8da10 100644
--- a/security/nss/gtests/common/util.h
+++ b/security/nss/gtests/common/util.h
@@ -8,7 +8,21 @@
#define util_h__
#include <cassert>
+#include <cstdlib>
+#include <iomanip>
+#include <iostream>
+#include <sstream>
+#include <sys/stat.h>
#include <vector>
+#if defined(_WIN32)
+#include <windows.h>
+#include <codecvt>
+#include <direct.h>
+#else
+#include <unistd.h>
+#endif
+
+#include "nspr.h"
static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
std::vector<uint8_t> bytes;
@@ -18,4 +32,81 @@ static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
return bytes;
}
+// Given a prefix, attempts to create a unique directory that the user can do
+// work in without impacting other tests. For example, if given the prefix
+// "scratch", a directory like "scratch05c17b25" will be created in the current
+// working directory (or the location specified by NSS_GTEST_WORKDIR, if
+// defined).
+// Upon destruction, the implementation will attempt to delete the directory.
+// However, no attempt is made to first remove files in the directory - the
+// user is responsible for this. If the directory is not empty, deleting it will
+// fail.
+// Statistically, it is technically possible to fail to create a unique
+// directory name, but this is extremely unlikely given the expected workload of
+// this implementation.
+class ScopedUniqueDirectory {
+ public:
+ explicit ScopedUniqueDirectory(const std::string &prefix) {
+ std::string path;
+ const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
+ if (workingDirectory) {
+ path.assign(workingDirectory);
+ }
+ path.append(prefix);
+ for (int i = 0; i < RETRY_LIMIT; i++) {
+ std::string pathCopy(path);
+ // TryMakingDirectory will modify its input. If it fails, we want to throw
+ // away the modified result.
+ if (TryMakingDirectory(pathCopy)) {
+ mPath.assign(pathCopy);
+ break;
+ }
+ }
+ assert(mPath.length() > 0);
+#if defined(_WIN32)
+ // sqldb always uses UTF-8 regardless of the current system locale.
+ DWORD len =
+ MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0);
+ std::vector<wchar_t> buf(len, L'\0');
+ MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(),
+ buf.size());
+ std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
+ mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end()));
+#else
+ mUTF8Path = mPath;
+#endif
+ }
+
+ // NB: the directory must be empty upon destruction
+ ~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); }
+
+ const std::string &GetPath() { return mPath; }
+ const std::string &GetUTF8Path() { return mUTF8Path; }
+
+ private:
+ static const int RETRY_LIMIT = 5;
+
+ static void GenerateRandomName(/*in/out*/ std::string &prefix) {
+ std::stringstream ss;
+ ss << prefix;
+ // RAND_MAX is at least 32767.
+ ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand();
+ // This will overwrite the value of prefix. This is a little inefficient,
+ // but at least it makes the code simple.
+ ss >> prefix;
+ }
+
+ static bool TryMakingDirectory(/*in/out*/ std::string &prefix) {
+ GenerateRandomName(prefix);
+#if defined(_WIN32)
+ return _mkdir(prefix.c_str()) == 0;
+#else
+ return mkdir(prefix.c_str(), 0777) == 0;
+#endif
+ }
+
+ std::string mPath;
+ std::string mUTF8Path;
+};
+
#endif // util_h__
diff --git a/security/nss/gtests/common/wycheproof/__init__.py b/security/nss/gtests/common/wycheproof/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/security/nss/gtests/common/wycheproof/__init__.py
diff --git a/security/nss/gtests/common/wycheproof/genTestVectors.py b/security/nss/gtests/common/wycheproof/genTestVectors.py
new file mode 100644
index 000000000..1e2eb47ec
--- /dev/null
+++ b/security/nss/gtests/common/wycheproof/genTestVectors.py
@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import json
+import os
+import subprocess
+
+script_dir = os.path.dirname(os.path.abspath(__file__))
+
+# Imports a JSON testvector file.
+def import_testvector(file):
+ """Import a JSON testvector file and return an array of the contained objects."""
+ with open(file) as f:
+ vectors = json.loads(f.read())
+ return vectors
+
+# Convert a test data string to a hex array.
+def string_to_hex_array(string):
+ """Convert a string of hex chars to a string representing a C-format array of hex bytes."""
+ b = bytearray.fromhex(string)
+ result = '{' + ', '.join("{:#04x}".format(x) for x in b) + '}'
+ return result
+
+# Writes one AES-GCM testvector into C-header format. (Not clang-format conform)
+class AESGCM():
+ """Class that provides the generator function for a single AES-GCM test case."""
+
+ def format_testcase(self, vector):
+ """Format an AES-GCM testcase object. Return a string in C-header format."""
+ result = '{{ {},\n'.format(vector['tcId'])
+ for key in ['key', 'msg', 'aad', 'iv']:
+ result += ' \"{}\",\n'.format(vector[key])
+ result += ' \"\",\n'
+ result += ' \"{}\",\n'.format(vector['tag'])
+ result += ' \"{}\",\n'.format(vector['ct'] + vector['tag'])
+ result += ' {},\n'.format(str(vector['result'] == 'invalid').lower())
+ result += ' {}}},\n\n'.format(str('ZeroLengthIv' in vector['flags']).lower())
+
+ return result
+
+# Writes one ChaChaPoly testvector into C-header format. (Not clang-format conform)
+class ChaChaPoly():
+ """Class that provides the generator function for a single ChaCha test case."""
+
+ def format_testcase(self, testcase):
+ """Format an ChaCha testcase object. Return a string in C-header format."""
+ result = '\n// Comment: {}'.format(testcase['comment'])
+ result += '\n{{{},\n'.format(testcase['tcId']-1)
+ for key in ['msg', 'aad', 'key', 'iv']:
+ result += '{},\n'.format(string_to_hex_array(testcase[key]))
+ ct = testcase['ct'] + testcase['tag']
+ result += '{},\n'.format(string_to_hex_array(ct))
+ result += '{},\n'.format(str(testcase['result'] == 'invalid').lower())
+ result += '{}}},\n'.format(str(testcase['comment'] == 'invalid nonce size').lower())
+
+ return result
+
+# Writes one Curve25519 testvector into C-header format. (Not clang-format conform)
+class Curve25519():
+ """Class that provides the generator function for a single curve25519 test case."""
+
+ # Static pkcs8 and skpi wrappers for the raw keys from Wycheproof.
+ # The public key section of the pkcs8 wrapper is filled up with 0's, which is
+ # not correct, but acceptable for the tests at this moment because
+ # validity of the public key is not checked.
+ # It's still necessary because of
+ # https://searchfox.org/nss/rev/7bc70a3317b800aac07bad83e74b6c79a9ec5bff/lib/pk11wrap/pk11pk12.c#171
+ pkcs8WrapperStart = "3067020100301406072a8648ce3d020106092b06010401da470f01044c304a0201010420"
+ pkcs8WrapperEnd = "a1230321000000000000000000000000000000000000000000000000000000000000000000"
+ spkiWrapper = "3039301406072a8648ce3d020106092b06010401da470f01032100"
+
+ def format_testcase(self, testcase):
+ result = '\n// Comment: {}'.format(testcase['comment'])
+ result += '\n{{{},\n'.format(string_to_hex_array(self.pkcs8WrapperStart + testcase['private'] + self.pkcs8WrapperEnd))
+ result += '{},\n'.format(string_to_hex_array(self.spkiWrapper + testcase['public']))
+ result += '{},\n'.format(string_to_hex_array(testcase['shared']))
+
+ # Flag 'acceptable' cases with secret == 0 as invalid for NSS.
+ # Flag 'acceptable' cases with forbidden public key values as invalid for NSS.
+ # Flag 'acceptable' cases with small public key (0 or 1) as invalid for NSS.
+ valid = testcase['result'] in ['valid', 'acceptable'] \
+ and not testcase['shared'] == "0000000000000000000000000000000000000000000000000000000000000000" \
+ and not testcase["public"] == "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" \
+ and not testcase["public"] == "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" \
+ and not 'Small public key' in testcase['flags']
+ result += '{}}},\n'.format(str(valid).lower())
+
+ return result
+
+def generate_vectors_file(params):
+ """
+ Generate and store a .h-file with test vectors for one test.
+
+ params -- Dictionary with parameters for test vector generation for the desired test.
+ """
+
+ cases = import_testvector(os.path.join(script_dir, params['source_dir'] + params['source_file']))
+
+ with open(os.path.join(script_dir, params['base'])) as base:
+ header = base.read()
+
+ header = header[:params['crop_size_start']]
+ header += '\n\n// Testvectors from project wycheproof\n'
+ header += '// <https://github.com/google/wycheproof>\n'
+ vectors_file = header + params['array_init']
+
+ for group in cases['testGroups']:
+ for test in group['tests']:
+ vectors_file += params['formatter'].format_testcase(test)
+
+ vectors_file = vectors_file[:params['crop_size_end']] + '};\n\n'
+ vectors_file += params['finish']
+
+ with open(os.path.join(script_dir, params['target']), 'w') as target:
+ target.write(vectors_file)
+
+# Parameters that describe the generation of a testvector file for each supoorted testself.
+# source -- relaive path the wycheproof JSON source file with testvectorsself.
+# base -- relative path to the pre-fabricated .h-file with general defintions and non-wycheproof vectors.
+# target -- relative path to where the finished .h-file is written.
+# crop_size_start -- number of characters removed from the end of the base file at start.
+# array_init -- string to initialize the c-header style array of testvectors.
+# formatter -- the test case formatter class to be used for this test.
+# crop_size_end -- number of characters removed from the end of the last generated test vector to close the array definiton.
+# finish -- string to re-insert at the end and finish the file. (identical to chars cropped at the start)
+# comment -- additional comments to add to the file just before defintion of the test vector array.
+aes_gcm_params = {
+ 'source_dir': 'source_vectors/',
+ 'source_file': 'aes_gcm_test.json',
+ 'base': '../testvectors_base/gcm-vectors_base.h',
+ 'target': '../testvectors/gcm-vectors.h',
+ 'crop_size_start': -27,
+ 'array_init': 'const gcm_kat_value kGcmWycheproofVectors[] = {\n',
+ 'formatter' : AESGCM(),
+ 'crop_size_end': -3,
+ 'finish': '#endif // gcm_vectors_h__\n',
+ 'comment' : ''
+}
+
+chacha_poly_params = {
+ 'source_dir': 'source_vectors/',
+ 'source_file': 'chacha20_poly1305_test.json',
+ 'base': '../testvectors_base/chachapoly-vectors_base.h',
+ 'target': '../testvectors/chachapoly-vectors.h',
+ 'crop_size_start': -35,
+ 'array_init': 'const chacha_testvector kChaCha20WycheproofVectors[] = {\n',
+ 'formatter' : ChaChaPoly(),
+ 'crop_size_end': -2,
+ 'finish': '#endif // chachapoly_vectors_h__\n',
+ 'comment' : ''
+}
+
+curve25519_params = {
+ 'source_dir': 'source_vectors/',
+ 'source_file': 'x25519_test.json',
+ 'base': '../testvectors_base/curve25519-vectors_base.h',
+ 'target': '../testvectors/curve25519-vectors.h',
+ 'crop_size_start': -34,
+ 'array_init': 'const curve25519_testvector kCurve25519WycheproofVectors[] = {\n',
+ 'formatter' : Curve25519(),
+ 'crop_size_end': -2,
+ 'finish': '#endif // curve25519_vectors_h__\n',
+ 'comment' : '// The public key section of the pkcs8 wrapped private key is\n\
+ // filled up with 0\'s, which is not correct, but acceptable for the\n\
+ // tests at this moment because validity of the public key is not checked.\n'
+}
+
+def update_tests(tests):
+
+ remote = "https://raw.githubusercontent.com/google/wycheproof/master/testvectors/"
+ for test in tests:
+ subprocess.check_call(['wget', remote+test['source_file'], '-O',
+ 'gtests/common/wycheproof/source_vectors/' +test['source_file'],
+ '--no-check-certificate'])
+
+def generate_test_vectors():
+ """Generate C-header files for all supported tests."""
+ all_tests = [aes_gcm_params, chacha_poly_params, curve25519_params]
+ update_tests(all_tests)
+ for test in all_tests:
+ generate_vectors_file(test)
+
+def main():
+ generate_test_vectors()
+
+if __name__ == '__main__':
+ main()
diff --git a/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json b/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json
new file mode 100644
index 000000000..f2f327921
--- /dev/null
+++ b/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json
@@ -0,0 +1,2940 @@
+{
+ "algorithm" : "AES-GCM",
+ "generatorVersion" : "0.4.12",
+ "notes" : {
+ "ConstructedIv" : "The counter for AES-GCM is reduced modulo 2**32. This test vector was constructed to test for correct wrapping of the counter.",
+ "ZeroLengthIv" : "AES-GCM does not allow an IV of length 0. Encrypting with such an IV leaks the authentication key. Hence using an IV of length 0 is insecure even if the key itself is only used for a single encryption."
+ },
+ "numberOfTests" : 217,
+ "header" : [],
+ "testGroups" : [
+ {
+ "ivSize" : 96,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 1,
+ "comment" : "",
+ "key" : "5b9604fe14eadba931b0ccf34843dab9",
+ "iv" : "028318abc1824029138141a2",
+ "aad" : "",
+ "msg" : "001d0c231287c1182784554ca3a21908",
+ "ct" : "26073cc1d851beff176384dc9896d5ff",
+ "tag" : "0a3ea7a5487cb5f7d70fb6c58d038554",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 2,
+ "comment" : "",
+ "key" : "5b9604fe14eadba931b0ccf34843dab9",
+ "iv" : "921d2507fa8007b7bd067d34",
+ "aad" : "00112233445566778899aabbccddeeff",
+ "msg" : "001d0c231287c1182784554ca3a21908",
+ "ct" : "49d8b9783e911913d87094d1f63cc765",
+ "tag" : "1e348ba07cca2cf04c618cb4d43a5b92",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 3,
+ "comment" : "",
+ "key" : "aa023d0478dcb2b2312498293d9a9129",
+ "iv" : "0432bc49ac34412081288127",
+ "aad" : "aac39231129872a2",
+ "msg" : "2035af313d1346ab00154fea78322105",
+ "ct" : "eea945f3d0f98cc0fbab472a0cf24e87",
+ "tag" : "4bb9b4812519dadf9e1232016d068133",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 4,
+ "comment" : "",
+ "key" : "384ea416ac3c2f51a76e7d8226346d4e",
+ "iv" : "b30c084727ad1c592ac21d12",
+ "aad" : "",
+ "msg" : "35",
+ "ct" : "54",
+ "tag" : "7c1e4ae88bb27e5638343cb9fd3f6337",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 5,
+ "comment" : "",
+ "key" : "cae31cd9f55526eb038241fc44cac1e5",
+ "iv" : "b5e006ded553110e6dc56529",
+ "aad" : "",
+ "msg" : "d10989f2c52e94ad",
+ "ct" : "a036ead03193903f",
+ "tag" : "3b626940e0e9f0cbea8e18c437fd6011",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 6,
+ "comment" : "",
+ "key" : "dd6197cd63c963919cf0c273ef6b28bf",
+ "iv" : "ecb0c42f7000ef0e6f95f24d",
+ "aad" : "",
+ "msg" : "4dcc1485365866e25ac3f2ca6aba97",
+ "ct" : "8a9992388e735f80ee18f4a63c10ad",
+ "tag" : "1486a91cccf92c9a5b00f7b0e034891c",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 7,
+ "comment" : "",
+ "key" : "ffdf4228361ea1f8165852136b3480f7",
+ "iv" : "0e1666f2dc652f7708fb8f0d",
+ "aad" : "",
+ "msg" : "25b12e28ac0ef6ead0226a3b2288c800",
+ "ct" : "f7bd379d130477176b8bb3cb23dbbbaa",
+ "tag" : "1ee6513ce30c7873f59dd4350a588f42",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 8,
+ "comment" : "",
+ "key" : "c15ed227dd2e237ecd087eaaaad19ea4",
+ "iv" : "965ff6643116ac1443a2dec7",
+ "aad" : "",
+ "msg" : "fee62fde973fe025ad6b322dcdf3c63fc7",
+ "ct" : "0de51fe4f7f2d1f0f917569f5c6d1b009c",
+ "tag" : "6cd8521422c0177e83ef1b7a845d97db",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 9,
+ "comment" : "",
+ "key" : "a8ee11b26d7ceb7f17eaa1e4b83a2cf6",
+ "iv" : "fbbc04fd6e025b7193eb57f6",
+ "aad" : "",
+ "msg" : "c08f085e6a9e0ef3636280c11ecfadf0c1e72919ffc17eaf",
+ "ct" : "7cd9f4e4f365704fff3b9900aa93ba54b672bac554275650",
+ "tag" : "f4eb193241226db017b32ec38ca47217",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 10,
+ "comment" : "",
+ "key" : "28ff3def08179311e2734c6d1c4e2871",
+ "iv" : "32bcb9b569e3b852d37c766a",
+ "aad" : "c3",
+ "msg" : "dfc61a20df8505b53e3cd59f25770d5018add3d6",
+ "ct" : "f58d453212c2c8a436e9283672f579f119122978",
+ "tag" : "5901131d0760c8715901d881fdfd3bc0",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 11,
+ "comment" : "",
+ "key" : "e63a43216c08867210e248859eb5e99c",
+ "iv" : "9c3a4263d983456658aad4b1",
+ "aad" : "834afdc5c737186b",
+ "msg" : "b14da56b0462dc05b871fc815273ff4810f92f4b",
+ "ct" : "bf864616c2347509ca9b10446379b9bdbb3b8f64",
+ "tag" : "a97d25b490390b53c5db91f6ee2a15b8",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 12,
+ "comment" : "",
+ "key" : "38449890234eb8afab0bbf82e2385454",
+ "iv" : "33e90658416e7c1a7c005f11",
+ "aad" : "4020855c66ac4595058395f367201c4c",
+ "msg" : "f762776bf83163b323ca63a6b3adeac1e1357262",
+ "ct" : "a6f2ef3c7ef74a126dd2d5f6673964e27d5b34b6",
+ "tag" : "b8bbdc4f5014bc752c8b4e9b87f650a3",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 13,
+ "comment" : "",
+ "key" : "6a68671dfe323d419894381f85eb63fd",
+ "iv" : "9f0d85b605711f34cd2a35ba",
+ "aad" : "76eb5f147250fa3c12bff0a6e3934a0b16860cf11646773b",
+ "msg" : "0fc67899c3f1bbe196d90f1eca3797389230aa37",
+ "ct" : "bd64802cfebaeb487d3a8f76ce943a37b3472dd5",
+ "tag" : "fce9a5b530c7d7af718be1ec0ae9ed4d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 14,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "000000000000000000000000",
+ "aad" : "",
+ "msg" : "ebd4a3e10cf6d41c50aeae007563b072",
+ "ct" : "f62d84d649e56bc8cfedc5d74a51e2f7",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 15,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "ffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "d593c4d8224f1b100c35e4f6c4006543",
+ "ct" : "431f31e6840931fd95f94bf88296ff69",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 16,
+ "comment" : "Flipped bit 0 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d9847dbc326a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 17,
+ "comment" : "Flipped bit 1 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "da847dbc326a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 18,
+ "comment" : "Flipped bit 7 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "58847dbc326a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 19,
+ "comment" : "Flipped bit 8 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8857dbc326a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 20,
+ "comment" : "Flipped bit 31 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847d3c326a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 21,
+ "comment" : "Flipped bit 32 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc336a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 22,
+ "comment" : "Flipped bit 33 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc306a06e988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 23,
+ "comment" : "Flipped bit 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a066988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 24,
+ "comment" : "Flipped bit 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e989c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 25,
+ "comment" : "Flipped bit 71 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e908c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 26,
+ "comment" : "Flipped bit 77 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988e77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 27,
+ "comment" : "Flipped bit 80 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77bd3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 28,
+ "comment" : "Flipped bit 96 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3873e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 29,
+ "comment" : "Flipped bit 97 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3843e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 30,
+ "comment" : "Flipped bit 103 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3063e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 31,
+ "comment" : "Flipped bit 120 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3863e6082",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 32,
+ "comment" : "Flipped bit 121 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3863e6081",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 33,
+ "comment" : "Flipped bit 126 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3863e60c3",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 34,
+ "comment" : "Flipped bit 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a06e988c77ad3863e6003",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 35,
+ "comment" : "Flipped bits 0 and 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d9847dbc326a06e989c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 36,
+ "comment" : "Flipped bits 31 and 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847d3c326a066988c77ad3863e6083",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 37,
+ "comment" : "Flipped bits 63 and 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d8847dbc326a066988c77ad3863e6003",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 38,
+ "comment" : "all bits of tag flipped",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "277b8243cd95f9167738852c79c19f7c",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 39,
+ "comment" : "Tag changed to all zero",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 40,
+ "comment" : "tag changed to all 1",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 41,
+ "comment" : "msbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "5804fd3cb2ea86690847fa5306bee003",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 42,
+ "comment" : "lsbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "eb156d081ed6b6b55f4612f021d87b39",
+ "tag" : "d9857cbd336b07e889c67bd2873f6182",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 64,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 43,
+ "comment" : "",
+ "key" : "aa023d0478dcb2b2312498293d9a9129",
+ "iv" : "0432bc49ac344120",
+ "aad" : "aac39231129872a2",
+ "msg" : "2035af313d1346ab00154fea78322105",
+ "ct" : "64c36bb3b732034e3a7d04efc5197785",
+ "tag" : "b7d0dd70b00d65b97cfd080ff4b819d1",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 44,
+ "comment" : "unusual IV size",
+ "key" : "25dd4d6cad5a4604957847c8c6d3fc4e",
+ "iv" : "68cbeafe8f9e8a66",
+ "aad" : "",
+ "msg" : "5c347835b3fa61c2ce253e5a",
+ "ct" : "9a078a04d14938918e004358",
+ "tag" : "5452843e32c13c3e35ed8230fe3446c0",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 128,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 45,
+ "comment" : "",
+ "key" : "2034a82547276c83dd3212a813572bce",
+ "iv" : "3254202d854734812398127a3d134421",
+ "aad" : "1a0293d8f90219058902139013908190bc490890d3ff12a3",
+ "msg" : "02efd2e5782312827ed5d230189a2a342b277ce048462193",
+ "ct" : "64069c2d58690561f27ee199e6b479b6369eec688672bde9",
+ "tag" : "9b7abadd6e69c1d9ec925786534f5075",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 46,
+ "comment" : "",
+ "key" : "209e6dbf2ad26a105445fc0207cd9e9a",
+ "iv" : "9477849d6ccdfca112d92e53fae4a7ca",
+ "aad" : "",
+ "msg" : "01",
+ "ct" : "fd",
+ "tag" : "032df7bba5d8ea1a14f16f70bd0e14ec",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 47,
+ "comment" : "",
+ "key" : "a549442e35154032d07c8666006aa6a2",
+ "iv" : "5171524568e81d97e8c4de4ba56c10a0",
+ "aad" : "",
+ "msg" : "1182e93596cac5608946400bc73f3a",
+ "ct" : "2f333087bdca58219f9bfc273e45cc",
+ "tag" : "e06d1ef473132957ad37eaef29733ca0",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 48,
+ "comment" : "",
+ "key" : "cfb4c26f126f6a0acb8e4e220f6c56cd",
+ "iv" : "1275115499ae722268515bf0c164b49c",
+ "aad" : "",
+ "msg" : "09dfd7f080275257cf97e76f966b1ad9",
+ "ct" : "a780bd01c80885156c88a973264c8ee5",
+ "tag" : "2adeffa682c8d8a81fada7d9fcdd2ee2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 49,
+ "comment" : "",
+ "key" : "0b11ef3a08c02970f74281c860691c75",
+ "iv" : "95c1dd8c0f1705ece68937901f7add7b",
+ "aad" : "",
+ "msg" : "f693d4edd825dbb0618d91113128880dbebb23e25d00ed1f077d870be9cc7536",
+ "ct" : "7e47e10fe3c6fbfa381770eaf5d48d1482e71e0c44dff1e30ca6f95d92052084",
+ "tag" : "d01444fa5d9c499629d174ff3927a1ac",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 50,
+ "comment" : "J0:000102030405060708090a0b0c0d0e0f",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "f95fde4a751913202aeeee32a0b55753",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "00078d109d92143fcd5df56721b884fac64ac7762cc09eea2a3c68e92a17bdb575f87bda18be564e",
+ "tag" : "152a65045fe674f97627427af5be22da",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 51,
+ "comment" : "J0:00000000000000000000000000000000",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "7b95b8c356810a84711d68150a1b7750",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "84d4c9c08b4f482861e3a9c6c35bc4d91df927374513bfd49f436bd73f325285daef4ff7e13d46a6",
+ "tag" : "213a3cb93855d18e69337eee66aeec07",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 52,
+ "comment" : "J0:ffffffffffffffffffffffffffffffff",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "1a552e67cdc4dc1a33b824874ebf0bed",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc3c60ad5a949886de968cf53ea6462aed",
+ "tag" : "99b381bfa2af9751c39d1b6e86d1be6a",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 53,
+ "comment" : "J0:fffffffffffffffffffffffffffffffe",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "dd9d0b4a0c3d681524bffca31d907661",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "64b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc",
+ "tag" : "5281efc7f13ac8e14ccf5dca7bfbfdd1",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 54,
+ "comment" : "J0:fffffffffffffffffffffffffffffffd",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "57c5643c4e37b4041db794cfe8e1f0f4",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "2bb69c3e5d1f91815c6b87a0d5bbea7164b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e8",
+ "tag" : "a3ea2c09ee4f8c8a12f45cddf9aeff81",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 55,
+ "comment" : "J0:000102030405060708090a0bffffffff",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "99821c2dd5daecded07300f577f7aff1",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4af37d0fe9af033052bd537c4ae978f60",
+ "tag" : "07eb2fe4a958f8434d40684899507c7c",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 56,
+ "comment" : "J0:000102030405060708090a0bfffffffe",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "5e4a3900142358d1c774d8d124d8d27d",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4",
+ "tag" : "f145c2dcaf339eede427be934357eac0",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 57,
+ "comment" : "J0:000102030405060708090a0bfffffffd",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "d4125676562984c0fe7cb0bdd1a954e8",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "f0c6ffc18bd46df5569185a9afd169eb0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57",
+ "tag" : "facd0bfe8701b7b4a2ba96d98af52bd9",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 58,
+ "comment" : "J0:000102030405060708090a0b7fffffff",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "b97ec62a5e5900ccf9e4be332e336091",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "d6928e094c06e0a7c4db42184cf7529e95de88b767edebe9b343000be3dab47ea08b744293eed698",
+ "tag" : "a03e729dcfd7a03155655fece8affd7e",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 59,
+ "comment" : "J0:000102030405060708090a0b7ffffffe",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "7eb6e3079fa0b4c3eee366177d1c1d1d",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "d82ce58771bf6487116bf8e96421877ed6928e094c06e0a7c4db42184cf7529e95de88b767edebe9",
+ "tag" : "1e43926828bc9a1614c7b1639096c195",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 60,
+ "comment" : "J0:000102030405060708090a0bffff7fff",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "0314fcd10fdd675d3c612962c931f635",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "a197a37a5d79697078536bc27fe46cd8d475526d9044aa94f088a054f8e380c64f79414795c61480",
+ "tag" : "f08baddf0b5285c91fc06a67fe4708ca",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 61,
+ "comment" : "J0:000102030405060708090a0bffff7ffe",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "c4dcd9fcce24d3522b66f1469a1e8bb9",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "149fde9abbd3a43c2548575e0db9fb84a197a37a5d79697078536bc27fe46cd8d475526d9044aa94",
+ "tag" : "62a4b6875c288345d6a454399eac1afa",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 62,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "00000000000000000000000000000000",
+ "aad" : "",
+ "msg" : "bec6fa05c1718b9b84c47345bbed7dcb",
+ "ct" : "45a3f89d02918bfd0c8161658ccc9795",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 63,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff",
+ "iv" : "ffffffffffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "4d82639c39d3f3490ee903dd0be7afcf",
+ "ct" : "1cd5a06214235ceb044d4bad7b047312",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 96,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 64,
+ "comment" : "",
+ "key" : "92ace3e348cd821092cd921aa3546374299ab46209691bc28b8752d17f123c20",
+ "iv" : "00112233445566778899aabb",
+ "aad" : "00000000ffffffff",
+ "msg" : "00010203040506070809",
+ "ct" : "e27abdd2d2a53d2f136b",
+ "tag" : "9a4a2579529301bcfb71c78d4060f52c",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 65,
+ "comment" : "",
+ "key" : "29d3a44f8723dc640239100c365423a312934ac80239212ac3df3421a2098123",
+ "iv" : "00112233445566778899aabb",
+ "aad" : "aabbccddeeff",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "2a7d77fa526b8250cb296078926b5020",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 66,
+ "comment" : "",
+ "key" : "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273",
+ "iv" : "99e23ec48985bccdeeab60f1",
+ "aad" : "",
+ "msg" : "2a",
+ "ct" : "06",
+ "tag" : "633c1e9703ef744ffffb40edf9d14355",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 67,
+ "comment" : "",
+ "key" : "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152",
+ "iv" : "4f07afedfdc3b6c2361823d3",
+ "aad" : "",
+ "msg" : "be3308f72a2c6aed",
+ "ct" : "cf332a12fdee800b",
+ "tag" : "602e8d7c4799d62c140c9bb834876b09",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 68,
+ "comment" : "",
+ "key" : "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb",
+ "iv" : "68ab7fdbf61901dad461d23c",
+ "aad" : "",
+ "msg" : "51f8c1f731ea14acdb210a6d973e07",
+ "ct" : "43fc101bff4b32bfadd3daf57a590e",
+ "tag" : "ec04aacb7148a8b8be44cb7eaf4efa69",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 69,
+ "comment" : "",
+ "key" : "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a",
+ "iv" : "2fcb1b38a99e71b84740ad9b",
+ "aad" : "",
+ "msg" : "549b365af913f3b081131ccb6b825588",
+ "ct" : "f58c16690122d75356907fd96b570fca",
+ "tag" : "28752c20153092818faba2a334640d6e",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 70,
+ "comment" : "",
+ "key" : "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011",
+ "iv" : "45aaa3e5d16d2d42dc03445d",
+ "aad" : "",
+ "msg" : "3ff1514b1c503915918f0c0c31094a6e1f",
+ "ct" : "73a6b6f45f6ccc5131e07f2caa1f2e2f56",
+ "tag" : "2d7379ec1db5952d4e95d30c340b1b1d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 71,
+ "comment" : "",
+ "key" : "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7",
+ "iv" : "e6b1adf2fd58a8762c65f31b",
+ "aad" : "",
+ "msg" : "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111",
+ "ct" : "0843fff52d934fc7a071ea62c0bd351ce85678cde3ea2c9e",
+ "tag" : "7355fde599006715053813ce696237a8",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 72,
+ "comment" : "",
+ "key" : "b279f57e19c8f53f2f963f5f2519fdb7c1779be2ca2b3ae8e1128b7d6c627fc4",
+ "iv" : "98bc2c7438d5cd7665d76f6e",
+ "aad" : "c0",
+ "msg" : "fcc515b294408c8645c9183e3f4ecee5127846d1",
+ "ct" : "eb5500e3825952866d911253f8de860c00831c81",
+ "tag" : "ecb660e1fb0541ec41e8d68a64141b3a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 73,
+ "comment" : "",
+ "key" : "cdccfe3f46d782ef47df4e72f0c02d9c7f774def970d23486f11a57f54247f17",
+ "iv" : "376187894605a8d45e30de51",
+ "aad" : "956846a209e087ed",
+ "msg" : "e28e0e9f9d22463ac0e42639b530f42102fded75",
+ "ct" : "feca44952447015b5df1f456df8ca4bb4eee2ce2",
+ "tag" : "082e91924deeb77880e1b1c84f9b8d30",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 74,
+ "comment" : "",
+ "key" : "f32364b1d339d82e4f132d8f4a0ec1ff7e746517fa07ef1a7f422f4e25a48194",
+ "iv" : "5a86a50a0e8a179c734b996d",
+ "aad" : "ab2ac7c44c60bdf8228c7884adb20184",
+ "msg" : "43891bccb522b1e72a6b53cf31c074e9d6c2df8e",
+ "ct" : "43dda832e942e286da314daa99bef5071d9d2c78",
+ "tag" : "c3922583476ced575404ddb85dd8cd44",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 75,
+ "comment" : "",
+ "key" : "ff0089ee870a4a39f645b0a5da774f7a5911e9696fc9cad646452c2aa8595a12",
+ "iv" : "bc2a7757d0ce2d8b1f14ccd9",
+ "aad" : "972ab4e06390caae8f99dd6e2187be6c7ff2c08a24be16ef",
+ "msg" : "748b28031621d95ee61812b4b4f47d04c6fc2ff3",
+ "ct" : "a929ee7e67c7a2f91bbcec6389a3caf43ab49305",
+ "tag" : "ebec6774b955e789591c822dab739e12",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 76,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "000000000000000000000000",
+ "aad" : "",
+ "msg" : "561008fa07a68f5c61285cd013464eaf",
+ "ct" : "23293e9b07ca7d1b0cae7cc489a973b3",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 77,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "ffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "c6152244cea1978d3e0bc274cf8c0b3b",
+ "ct" : "7cb6fc7c6abc009efe9551a99f36a421",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 78,
+ "comment" : "Flipped bit 0 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9de8fef6d8ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 79,
+ "comment" : "Flipped bit 1 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ee8fef6d8ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 80,
+ "comment" : "Flipped bit 7 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "1ce8fef6d8ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 81,
+ "comment" : "Flipped bit 8 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce9fef6d8ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 82,
+ "comment" : "Flipped bit 31 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fe76d8ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 83,
+ "comment" : "Flipped bit 32 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d9ab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 84,
+ "comment" : "Flipped bit 33 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6daab1bf1bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 85,
+ "comment" : "Flipped bit 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1b71bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 86,
+ "comment" : "Flipped bit 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1be887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 87,
+ "comment" : "Flipped bit 71 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf13f887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 88,
+ "comment" : "Flipped bit 77 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bfa87232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 89,
+ "comment" : "Flipped bit 80 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887332eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 90,
+ "comment" : "Flipped bit 96 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232ebb590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 91,
+ "comment" : "Flipped bit 97 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232e8b590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 92,
+ "comment" : "Flipped bit 103 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf8872326ab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 93,
+ "comment" : "Flipped bit 120 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232eab590dc",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 94,
+ "comment" : "Flipped bit 121 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232eab590df",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 95,
+ "comment" : "Flipped bit 126 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232eab5909d",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 96,
+ "comment" : "Flipped bit 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1bf1bf887232eab5905d",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 97,
+ "comment" : "Flipped bits 0 and 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9de8fef6d8ab1bf1be887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 98,
+ "comment" : "Flipped bits 31 and 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fe76d8ab1b71bf887232eab590dd",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 99,
+ "comment" : "Flipped bits 63 and 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9ce8fef6d8ab1b71bf887232eab5905d",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 100,
+ "comment" : "all bits of tag flipped",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "631701092754e40e40778dcd154a6f22",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 101,
+ "comment" : "Tag changed to all zero",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 102,
+ "comment" : "tag changed to all 1",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 103,
+ "comment" : "msbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "1c687e76582b9b713f08f2b26a35105d",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 104,
+ "comment" : "lsbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "b2061457c0759fc1749f174ee1ccadfa",
+ "tag" : "9de9fff7d9aa1af0be897333ebb491dc",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 128,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 105,
+ "comment" : "J0:000102030405060708090a0b0c0d0e0f",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "029e0e777db092b12535d043012f09ba",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "f83cee467336e1a09b75f24e9b4385c99c13e6af722256a66129ece961fe803b167bad206f5017fb",
+ "tag" : "09338a42f0acc14f97c064f52f5f1688",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 106,
+ "comment" : "J0:00000000000000000000000000000000",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "f1be3b06b7feac07e7eab629f556047b",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "0b32b648a2c28e9edd7cee08eeeb900034cae7215e5ab1e201bd2eed1032c5a97866ba582a3458a4",
+ "tag" : "90be3606de58bd778fa5beff4a4102bd",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 107,
+ "comment" : "J0:ffffffffffffffffffffffffffffffff",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "de9eb63b1daed321a11b7547cc9e223c",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d8d23434de2cd07733be49d62ac1ae085",
+ "tag" : "6e4d6396125a10df5443bd0cbc8566d1",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 108,
+ "comment" : "J0:fffffffffffffffffffffffffffffffe",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "40bb0abebc483ff6d5671241ff5d66c6",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "2a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d",
+ "tag" : "dc481f172545268eff63ab0490403dc3",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 109,
+ "comment" : "J0:fffffffffffffffffffffffffffffffd",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "20d5cf305e630a8f49e3bb4bab18abc9",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "96d36b795f8e7edf6a8e0dbcd20d6c072a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d",
+ "tag" : "8a3a22bf2592958b930292aa47f590e8",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 110,
+ "comment" : "J0:000102030405060708090a0bffffffff",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "255358a71a0e5731f6dd6ce28e158ae6",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "cfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f41303c46d5c7bf9ca4c2c45a8f1e6656",
+ "tag" : "2db9dc1b7fd315df1c95432432fcf474",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 111,
+ "comment" : "J0:000102030405060708090a0bfffffffe",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "bb76e422bbe8bbe682a10be4bdd6ce1c",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "69a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f",
+ "tag" : "82ad967f7ac19084354f69a751443fb2",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 112,
+ "comment" : "J0:000102030405060708090a0bfffffffd",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "db1821ac59c38e9f1e25a2eee9930313",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "4e4417a83beac1eb7e24456a05f6ba5569a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0",
+ "tag" : "472d5dd582dc05ef5fc496b612023cb2",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 113,
+ "comment" : "J0:000102030405060708090a0b7fffffff",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "f7a02ecca03064b2ef3cce9feab79f07",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "6f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3d20062009848044eef8f31f7d2fead05",
+ "tag" : "caff723826df150934aee3201ba175e7",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 114,
+ "comment" : "J0:000102030405060708090a0b7ffffffe",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "6985924901d688659b40a999d974dbfd",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "af193090ce3d43a388a1d294a09616906f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3",
+ "tag" : "3b08958be1286c2b4acba02b3674adb2",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 115,
+ "comment" : "J0:000102030405060708090a0bffff7fff",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "3f1188546c65ed0fc55e75032c68ee44",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "5deccf838b2cf5f869c90d2a611160b1e578ab8121b93735cba4a1930647b8c4c84bf776333ee45a",
+ "tag" : "c14d52208f0f51b816a48971eaf8ff7e",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 116,
+ "comment" : "J0:000102030405060708090a0bffff7ffe",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "a13434d1cd8301d8b12212051fabaabe",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "d2cae1684aa407a13a2e2da5357e29f55deccf838b2cf5f869c90d2a611160b1e578ab8121b93735",
+ "tag" : "ea2d018099cd7925c507cef0ceddb0ae",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 117,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "00000000000000000000000000000000",
+ "aad" : "",
+ "msg" : "5c7d3f81d4b5055ed6f8db53614587a4",
+ "ct" : "541b835dc828d541073f7d7d7504ebf5",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 118,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "ffffffffffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "6a347ad1190e72ede611044e7475f0eb",
+ "ct" : "a3f36154331c196624564bc395e49c3b",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 119,
+ "comment" : "",
+ "key" : "cee9abbc26b63e169f0ced621fe21d95904e75b881d93e6b",
+ "iv" : "1e8259e0a43e571068f701cd2064fc0c",
+ "aad" : "",
+ "msg" : "46",
+ "ct" : "dc",
+ "tag" : "af1f5535b125b34fc466902ea40cb3a2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 120,
+ "comment" : "",
+ "key" : "189f0bd390ba40632586a45c39735c2b87113329c800f394",
+ "iv" : "c84442d6975f0359737de0fa828f958e",
+ "aad" : "",
+ "msg" : "b4bcd7b8eeca3050dd17682c6a914e",
+ "ct" : "2aab5c87dcb4a4dae4e975ddb65aab",
+ "tag" : "6b03b7557c7131e2352e495d54e61aef",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 121,
+ "comment" : "",
+ "key" : "b0724f15df5b792c2f49bc51df0ac5aad69be0030981613c",
+ "iv" : "13cd526ec77b58f62d48d03f8b88f2b8",
+ "aad" : "",
+ "msg" : "8da3ab9c3d195b04df452ad23953da4d",
+ "ct" : "d127fd2e67c0887d90eb92b91f357d97",
+ "tag" : "eb05bda937faeed27f8833295d4ba559",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 122,
+ "comment" : "",
+ "key" : "998750ba784841e40a7c5b03985732b6397e5459a3843954",
+ "iv" : "1d3d62eccd8ac5e896f2654a7f606fc9",
+ "aad" : "",
+ "msg" : "2f60ca3494a958dc3e6ebeb5d0b4e6dda0d0c4331ab9c957f6422a5100878ebf",
+ "ct" : "344c2cea17b06cb3da272e22a22a3a71ee0eaa1959a7facfff464660ddccedd1",
+ "tag" : "bab7fbf499ff06aad5f757b1c1a4fcc0",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 96,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 123,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "000000000000000000000000",
+ "aad" : "",
+ "msg" : "0b4dbbba8982e0f649f8ba85f3aa061b",
+ "ct" : "3f875c9bd7d8511448459468e398c3b2",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 124,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff1021324354657687",
+ "iv" : "ffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "1ae93688ef7e2650a9342ad4718b2780",
+ "ct" : "210dabea4364c6d5b3429e7743322936",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 125,
+ "comment" : "",
+ "key" : "21218af790428f8024d3e7e1428c9fcf578c216636d60e73",
+ "iv" : "34047bc39b9c608384dff5b8",
+ "aad" : "",
+ "msg" : "e3",
+ "ct" : "fe",
+ "tag" : "2e982e24b81cd120d35a70fe6935e665",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 126,
+ "comment" : "",
+ "key" : "3a8bf543c480925632118245bcbf5d01522b987a31a33da3",
+ "iv" : "4ebc13cf4636cc7c45e560a7",
+ "aad" : "",
+ "msg" : "53fc72e71b59eeb3",
+ "ct" : "99f2ff1c8a44e5f2",
+ "tag" : "6870f104ddc514477b400336fb01860e",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 127,
+ "comment" : "",
+ "key" : "92f4d2672fceec43963ccffb17e6ea7578b11418b06a3b82",
+ "iv" : "6e7ff7f0797685cfc44b05ff",
+ "aad" : "",
+ "msg" : "c3ec16adb184affa8ae9738bffb916",
+ "ct" : "afe8ef41591bfcc00db3c880ceb186",
+ "tag" : "29fff7f285768645c9c8bf7a471c9393",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 128,
+ "comment" : "",
+ "key" : "bcb6bc5ee6743df1396a34639327b25809ec9c81dd6a0c0e",
+ "iv" : "be0326d23bdc2c64648d13f4",
+ "aad" : "",
+ "msg" : "80474a3a3b809560eee2ce7a7a33ea07",
+ "ct" : "90339dca02ef717f1603994aee6cf6d2",
+ "tag" : "e3d33e01ce64f271783147de226228bc",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 129,
+ "comment" : "",
+ "key" : "5e1d28213e092536525bbae09e214af4c891e202b2b4fa4f",
+ "iv" : "b6be6cd0681235d826aa28ea",
+ "aad" : "",
+ "msg" : "53d59433a7db7f41b31ccb6d4a2d789965",
+ "ct" : "b98ed6321679941a3e521834296686ad98",
+ "tag" : "9f50c03e055e519712c582ec9db3235b",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 130,
+ "comment" : "",
+ "key" : "7f672d85e151aa490bc0eec8f66b5e5bee74af11642be3ff",
+ "iv" : "b022067048505b20946216ef",
+ "aad" : "",
+ "msg" : "ef6412c72b03c643fa02565a0ae2378a9311c11a84065f80",
+ "ct" : "addd303651119e52f6170dfc7a915064253d57532987b9ab",
+ "tag" : "fa0484f8baa95f5b7a31c56d1b34c58b",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 131,
+ "comment" : "",
+ "key" : "969fed5068541d65418c2c1de8fe1f845e036030496e1272",
+ "iv" : "817fe51c31f2879141a34335",
+ "aad" : "cb",
+ "msg" : "3d8233191a2823bf767e99167b1d4af4f4848458",
+ "ct" : "0d2c3a3c0cc4b40e70ed45e188e356a0e1533b31",
+ "tag" : "92909a80e90540e1878ab59ef300072b",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 132,
+ "comment" : "",
+ "key" : "fa5b9b41f93f8b682c04ba816c3fecc24eec095b04dd7497",
+ "iv" : "62b9cf1e923bc1138d05d205",
+ "aad" : "2ed8487153e21b12",
+ "msg" : "18159841813a69fc0f8f4229e1678da7c9016711",
+ "ct" : "c7c1cbb85ce2a0a3f32cb9ef01ad45ec1118b66d",
+ "tag" : "253317f98bdab87531ece20475cd9ebb",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 133,
+ "comment" : "",
+ "key" : "fbfb395662787e2d25a2e7510f818e825936a35114e237c9",
+ "iv" : "3f1a1e02e90a4ba7a1db9df2",
+ "aad" : "74318d8876528243f1944b73eb77e96e",
+ "msg" : "2952a3d64107d5cbb9602239d05a5c5c222cf72b",
+ "ct" : "ecf5e403f19c007c8da7a456caf0a6d75762829b",
+ "tag" : "e0877a100f9dd9d6795f0e74c56a9fab",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 134,
+ "comment" : "",
+ "key" : "5d8e9c2222316c9ed5ff94513cc957436ae447a6e1a73a29",
+ "iv" : "0802ae86c75a73bf79561521",
+ "aad" : "5ca354a4cb8e4fc9798aa209ad4f739dc7c232fdd1f22584",
+ "msg" : "42b4439e1d2116f834b91c516a26299df279956b",
+ "ct" : "94d844d98b9467daa7e8dde7f4290037354d7fb2",
+ "tag" : "62196638590cef429d6b1d1a59839c02",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 135,
+ "comment" : "Flipped bit 0 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b5e44c5b2fe90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 136,
+ "comment" : "Flipped bit 1 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b6e44c5b2fe90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 137,
+ "comment" : "Flipped bit 7 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "34e44c5b2fe90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 138,
+ "comment" : "Flipped bit 8 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e54c5b2fe90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 139,
+ "comment" : "Flipped bit 31 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44cdb2fe90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 140,
+ "comment" : "Flipped bit 32 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2ee90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 141,
+ "comment" : "Flipped bit 33 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2de90e4c78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 142,
+ "comment" : "Flipped bit 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90ecc78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 143,
+ "comment" : "Flipped bit 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c79f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 144,
+ "comment" : "Flipped bit 71 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4cf8f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 145,
+ "comment" : "Flipped bit 77 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78d358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 146,
+ "comment" : "Flipped bit 80 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f359da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 147,
+ "comment" : "Flipped bit 96 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0c99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 148,
+ "comment" : "Flipped bit 97 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0f99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 149,
+ "comment" : "Flipped bit 103 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da8d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 150,
+ "comment" : "Flipped bit 120 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0d99cb65",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 151,
+ "comment" : "Flipped bit 121 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0d99cb66",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 152,
+ "comment" : "Flipped bit 126 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0d99cb24",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 153,
+ "comment" : "Flipped bit 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90e4c78f358da0d99cbe4",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 154,
+ "comment" : "Flipped bits 0 and 64 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b5e44c5b2fe90e4c79f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 155,
+ "comment" : "Flipped bits 31 and 63 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44cdb2fe90ecc78f358da0d99cb64",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 156,
+ "comment" : "Flipped bits 63 and 127 in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b4e44c5b2fe90ecc78f358da0d99cbe4",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 157,
+ "comment" : "all bits of tag flipped",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "4b1bb3a4d016f1b3870ca725f266349b",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 158,
+ "comment" : "Tag changed to all zero",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 159,
+ "comment" : "tag changed to all 1",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 160,
+ "comment" : "msbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "3464ccdbaf698eccf873d85a8d194be4",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 161,
+ "comment" : "lsbs changed in tag",
+ "key" : "000102030405060708090a0b0c0d0e0f1011121314151617",
+ "iv" : "505152535455565758595a5b",
+ "aad" : "",
+ "msg" : "202122232425262728292a2b2c2d2e2f",
+ "ct" : "458256842dfd297f30bd2f8f15c92db0",
+ "tag" : "b5e54d5a2ee80f4d79f259db0c98ca65",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 128,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 162,
+ "comment" : "J0:000102030405060708090a0b0c0d0e0f",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "5c2ea9b695fcf6e264b96074d6bfa572",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "28e1c5232f4ee8161dbe4c036309e0b3254e9212bef0a93431ce5e5604c8f6a73c18a3183018b770",
+ "tag" : "d5808a1bd11a01129bf3c6919aff2339",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 163,
+ "comment" : "J0:00000000000000000000000000000000",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "57b3a81f2c36b6b06577ca0fbab8fa8e",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "cceebeb4fe4cd90c514e52d2327a2ecd75393661006cf2476d8620149aef3d1cdce491fff3e7a7a3",
+ "tag" : "8132e865b69d64ef37db261f80cbbe24",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 164,
+ "comment" : "J0:ffffffffffffffffffffffffffffffff",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "ce20a7e870696a5e68533c465bad2ba1",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "4f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e2af7bfe1a8aadaa0baa3de38a41d9713",
+ "tag" : "155da6441ec071ef2d8e6cffbacc1c7c",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 165,
+ "comment" : "J0:fffffffffffffffffffffffffffffffe",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "918e3c19dbdfee2db18156c5b93f3d75",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "8316a53167b6de1a7575700693ffef274f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e",
+ "tag" : "6c574aa6a2490cc3b2f2f8f0ffbc56c4",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 166,
+ "comment" : "J0:fffffffffffffffffffffffffffffffd",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "717d900b270462b9dbf7e9419e890609",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "5175927513e751eb309f45bc2ef225f28316a53167b6de1a7575700693ffef274f4350565d91d9aa",
+ "tag" : "8082a761e1d755344bf29622144e7d39",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 167,
+ "comment" : "J0:000102030405060708090a0bffffffff",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "ecd52120af240e9b4bf3b9d1eeb49434",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "36b3fbecd09178d04527fb37544f5579d20d60a41266f685c48098e1a52804ca387d90709d3268dd",
+ "tag" : "033e0ef2953ebfd8425737c7d393f89a",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 168,
+ "comment" : "J0:000102030405060708090a0bfffffffe",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "b37bbad104928ae89221d3520c2682e0",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "16929b773051f12b0adac95f65e21a7f36b3fbecd09178d04527fb37544f5579d20d60a41266f685",
+ "tag" : "ca448bb7e52e897eca234ef343d057d0",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 169,
+ "comment" : "J0:000102030405060708090a0bfffffffd",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "538816c3f849067cf8576cd62b90b99c",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "6d3faefaf691d58163846f8d4b9ffd5916929b773051f12b0adac95f65e21a7f36b3fbecd09178d0",
+ "tag" : "84f49740e6757f63dd0df7cb7656d0ef",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 170,
+ "comment" : "J0:000102030405060708090a0b7fffffff",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "d10e631943cd3bdababab2bbd13951c0",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "d60196c2d14fcf30c0991d2721ddc52d385f407a16691dade82c9023c855fd8e2e8fbb562102f018",
+ "tag" : "877e15d9889e69a99fcc6d727465c391",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 171,
+ "comment" : "J0:000102030405060708090a0b7ffffffe",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "8ea0f8e8e87bbfa96368d83833ab4714",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "948fbceca12a6e4fabb79b6d965e336fd60196c2d14fcf30c0991d2721ddc52d385f407a16691dad",
+ "tag" : "cd5757626945976ba9f0264bd6bee894",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 172,
+ "comment" : "J0:000102030405060708090a0bffff7fff",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "7b2df4fbed1de2727eb24898e5deabb9",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d8857d84e6e183a1dea6ee85a7da84fbc35d",
+ "tag" : "b015d72da62c81cb4d267253b20db9e5",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 173,
+ "comment" : "J0:000102030405060708090a0bffff7ffe",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "24836f0a46ab6601a760221b074cbd6d",
+ "aad" : "",
+ "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "ct" : "5e3434b45edbf0d1f6e02d1144dbf867a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d885",
+ "tag" : "ee74ccb30d649ebf6916d05a7dbe5696",
+ "result" : "valid",
+ "flags" : [
+ "ConstructedIv"
+ ]
+ },
+ {
+ "tcId" : 174,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "00000000000000000000000000000000",
+ "aad" : "",
+ "msg" : "8d74f1c97243d362577ff376c393d2dc",
+ "ct" : "265c42e2b96ea1de9c24f7182e337390",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 175,
+ "comment" : "special case",
+ "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f",
+ "iv" : "ffffffffffffffffffffffffffffffff",
+ "aad" : "",
+ "msg" : "884df0e76f3ce227bf9595d103825a46",
+ "ct" : "988f47668ea650cbaa6714711abe268d",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 176,
+ "comment" : "",
+ "key" : "b7797eb0c1a6089ad5452d81fdb14828c040ddc4589c32b565aad8cb4de3e4a0",
+ "iv" : "0ad570d8863918fe89124e09d125a271",
+ "aad" : "",
+ "msg" : "ed",
+ "ct" : "3f",
+ "tag" : "fd8f593b83314e33c5a72efbeb7095e8",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 177,
+ "comment" : "",
+ "key" : "4c010d9561c7234c308c01cea3040c925a9f324dc958ff904ae39b37e60e1e03",
+ "iv" : "2a55caa137c5b0b66cf3809eb8f730c4",
+ "aad" : "",
+ "msg" : "2a093c9ed72b8ff4994201e9f9e010",
+ "ct" : "041341078f0439e50b43c991635117",
+ "tag" : "5b8a2f2da20ef657c903da88ef5f57bb",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 178,
+ "comment" : "",
+ "key" : "e7f7a48df99edd92b81f508618aa96526b279debd9ddb292d385ddbae80b2259",
+ "iv" : "7ee376910f08f497aa6c3aa7113697fd",
+ "aad" : "",
+ "msg" : "5e51dbbb861b5ec60751c0996e00527f",
+ "ct" : "469478d448f7e97d755541aa09ad95b0",
+ "tag" : "254ada5cf662d90c5e11b2bd9c4db4c4",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 179,
+ "comment" : "",
+ "key" : "4f84782bfbb64a973c3de3dcfa3430367fd68bc0b4c3b31e5d7c8141ba3e6a67",
+ "iv" : "5d1bde6fa0994b33efd8f23f531248a7",
+ "aad" : "",
+ "msg" : "78cb6650a1908a842101ea85804fed00cc56fbdafafba0ef4d1ca607dcae57b6",
+ "ct" : "cb960201fa5ad41d41d1c2c8037c71d52b72e76b16b589d71b976627c9734c9d",
+ "tag" : "8dfce16467c3a6ebb3e7242c9a551962",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 120,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 180,
+ "comment" : "unusual IV size",
+ "key" : "34c74e28182948e03af02a01f46eb4f7",
+ "iv" : "b0a73119a97d623806b49d45ddf4c7",
+ "aad" : "",
+ "msg" : "fe82ba66cf2e265741f2c86c",
+ "ct" : "2bc3ef8e7402b4631f48e9be",
+ "tag" : "4b6f6f5be291a90b9e93a8a82ddbc8d8",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 160,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 181,
+ "comment" : "unusual IV size",
+ "key" : "55cb7cac77efe18a1ea3b30c65f3f346",
+ "iv" : "e22b6b144ab26b5781316e7a42a76202ac4b2278",
+ "aad" : "",
+ "msg" : "2f3d11ea32bf5bc72cbe2b8d",
+ "ct" : "4fe13ef29f118f85a63188f8",
+ "tag" : "05975b175316df8045889f43e0c857e0",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 64,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 182,
+ "comment" : "unusual IV size",
+ "key" : "f6a4bf8c4e15034699ce5801cbbac7509cd3f94cf28d8307",
+ "iv" : "60d6bfca67f5d810",
+ "aad" : "",
+ "msg" : "de8eaa41e5e6a590c3cfbf61",
+ "ct" : "a2966fb189f8d9d391503857",
+ "tag" : "e370e7dd328655929bd4691f396a1033",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 120,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 183,
+ "comment" : "unusual IV size",
+ "key" : "66f75acbd8d3acf7af47d13e8384c2809d6b91503a7f294b",
+ "iv" : "edf93e16294f15eded83808f09320e",
+ "aad" : "",
+ "msg" : "a900c86b6b7e0e5563f8f826",
+ "ct" : "9af1a022c61c4315aa0e923e",
+ "tag" : "20529bff3c59222ec33353af337b1d40",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 160,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 184,
+ "comment" : "unusual IV size",
+ "key" : "ef2e299dd4ecd7e3b9cc62780922cc2c89f78840564d1276",
+ "iv" : "130c14c839e35b7d56b3350b194b0da342e6b65d",
+ "aad" : "",
+ "msg" : "03f59579b14437199583270e",
+ "ct" : "073a5291b11df379f31b4f16",
+ "tag" : "17205999491bd4c1d6c7ec3e56779c32",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 64,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 185,
+ "comment" : "unusual IV size",
+ "key" : "df64c84ae52d9ca820a47421bed6e96f7165369fc4c1b65f8f6307b17ce1006c",
+ "iv" : "c0c568a400b7194f",
+ "aad" : "",
+ "msg" : "f5fafdded54a86a4edab44bd",
+ "ct" : "99313a220d1fcb6658876283",
+ "tag" : "00955d7d27f66868cfec734bf59c5e6d",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 120,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 186,
+ "comment" : "unusual IV size",
+ "key" : "e98b0669a645eb14cd06df6968fc5f10edc9f54feed264e3d410cdc61b72ef51",
+ "iv" : "17ca250fb733877556263223eadde1",
+ "aad" : "",
+ "msg" : "f384b3ed7b274641f5db60cf",
+ "ct" : "fc213602aa423b87d7c2a874",
+ "tag" : "36b15bab6923b17218fe1c24048e2391",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 160,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 187,
+ "comment" : "unusual IV size",
+ "key" : "849b3e6b8cdd85bdcfb8eb701aa5522ae2340fbe5214e389622cef76979225c4",
+ "iv" : "0f9d6ed7eef362dfa4a7dfa5c0f74c5b27bd4ebf",
+ "aad" : "",
+ "msg" : "8c5564e53051c0de273199b4",
+ "ct" : "c1d76233e8c5042e92bf8d32",
+ "tag" : "7cf036d235d3b2dd349a8c804b65144a",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 0,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 188,
+ "comment" : "0 size IV is not valid",
+ "key" : "8f3f52e3c75c58f5cb261f518f4ad30a",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "cf71978ffcc778f3c85ac9c31b6fe191",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ },
+ {
+ "tcId" : 189,
+ "comment" : "0 size IV is not valid",
+ "key" : "2a4bf90e56b70fdd8649d775c089de3b",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "324ced6cd15ecc5b3741541e22c18ad9",
+ "ct" : "00a29f0a5e2e7490279d1faf8b881c7b",
+ "tag" : "a2c7e8d7a19b884f742dfec3e76c75ee",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ }
+ ]
+ },
+ {
+ "ivSize" : 0,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 190,
+ "comment" : "0 size IV is not valid",
+ "key" : "0b18d21337035c7baa08211b702fa780ac7c09be8f9ed11f",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "ca69a2eb3a096ea36b1015d5dffff532",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ },
+ {
+ "tcId" : 191,
+ "comment" : "0 size IV is not valid",
+ "key" : "ba76d594a6df915bb7ab7e6d1a8d024b2796336c1b8328a9",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "d62f302742d61d823ea991b93430d589",
+ "ct" : "509b0658d09f7a5bb9db43b70c8387f7",
+ "tag" : "2c9488d53a0b2b5308c2757dfac7219f",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ }
+ ]
+ },
+ {
+ "ivSize" : 0,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 192,
+ "comment" : "0 size IV is not valid",
+ "key" : "3f8ca47b9a940582644e8ecf9c2d44e8138377a8379c5c11aafe7fec19856cf1",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "1726aa695fbaa21a1db88455c670a4b0",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ },
+ {
+ "tcId" : 193,
+ "comment" : "0 size IV is not valid",
+ "key" : "7660d10966c6503903a552dde2a809ede9da490e5e5cc3e349da999671809883",
+ "iv" : "",
+ "aad" : "",
+ "msg" : "c314235341debfafa1526bb61044a7f1",
+ "ct" : "7772ea358901f571d3d35c19497639d9",
+ "tag" : "8fe0520ad744a11f0ccfd228454363fa",
+ "result" : "invalid",
+ "flags" : [
+ "ZeroLengthIv"
+ ]
+ }
+ ]
+ },
+ {
+ "ivSize" : 8,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 194,
+ "comment" : "small IV sizes",
+ "key" : "59a284f50aedd8d3e2a91637d3815579",
+ "iv" : "80",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "af498f701d2470695f6e7c8327a2398b",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 195,
+ "comment" : "small IV sizes",
+ "key" : "fec58aa8cf06bfe05de829f27ec77693",
+ "iv" : "9d",
+ "aad" : "",
+ "msg" : "f2d99a9f893378e0757d27c2e3a3101b",
+ "ct" : "0a24612a9d1cbe967dbfe804bf8440e5",
+ "tag" : "96e6fd2cdc707e3ee0a1c90d34c9c36c",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 16,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 196,
+ "comment" : "small IV sizes",
+ "key" : "88a972cce9eaf5a7813ce8149d0c1d0e",
+ "iv" : "0f2f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "4ccf1efb4da05b4ae4452aea42f5424b",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 197,
+ "comment" : "small IV sizes",
+ "key" : "b43967ee933e4632bd6562ba1201bf83",
+ "iv" : "8760",
+ "aad" : "",
+ "msg" : "5a6ad6db70591d1e520b0122f05021a0",
+ "ct" : "ba3e7f8b2999995c7fc4006ca4f475ff",
+ "tag" : "98f47a5279cebbcac214515710f6cd8a",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 32,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 198,
+ "comment" : "small IV sizes",
+ "key" : "4e9a97d3ed54c7b54610793ab05052e1",
+ "iv" : "cc851957",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "e574b355bda2980e047e584feb1676ca",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 199,
+ "comment" : "small IV sizes",
+ "key" : "d83c1d7a97c43f182409a4aa5609c1b1",
+ "iv" : "7b5faeb2",
+ "aad" : "",
+ "msg" : "c8f07ba1d65554a9bd40390c30c5529c",
+ "ct" : "1b84baea9df1e65bee7b49e4a8cda1ec",
+ "tag" : "5c0bb79d8240041edce0f94bd4bb384f",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 48,
+ "keySize" : 128,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 200,
+ "comment" : "small IV sizes",
+ "key" : "c6a705677affb49e276d9511caa46145",
+ "iv" : "4ad80c2854fb",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "1e2ed72af590cafb8647d185865f5463",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 201,
+ "comment" : "small IV sizes",
+ "key" : "eba7699b56cc0aa2f66a2a5be9944413",
+ "iv" : "d1dafc8de3e3",
+ "aad" : "",
+ "msg" : "d021e53d9098a2df3d6b903cdad0cd9c",
+ "ct" : "18291aa8dc7b07448aa8f71bb8e380bf",
+ "tag" : "9c0e22e5c41b1039ff5661ffaefa8e0f",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 8,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 202,
+ "comment" : "small IV sizes",
+ "key" : "c70ce38e84e5f53ed41c3f0d2ca493412ad32cb04c6e2efa",
+ "iv" : "cb",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "08d96edb5e22874cd10cb2256ca04bc6",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 203,
+ "comment" : "small IV sizes",
+ "key" : "74c816b83dfd287210a3e2c6da8d3053bbfbd9b156d3fdd8",
+ "iv" : "0f",
+ "aad" : "",
+ "msg" : "f2b7b2c9b312cf2af78f003df15c8e19",
+ "ct" : "6c5e796ba9a3ddc64f401e68d135101d",
+ "tag" : "96a132ed43924e98feb888ff682bdaef",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 16,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 204,
+ "comment" : "small IV sizes",
+ "key" : "cbf45ba488932aea1a10e5862f92e4a7e277bda9f34af6d0",
+ "iv" : "75e5",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "1f0d23070fcd748e25bf6454f5c9136e",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 205,
+ "comment" : "small IV sizes",
+ "key" : "e1c0446f11ae6aa4fa254f9a846fc6e13e45e537e47f2042",
+ "iv" : "8989",
+ "aad" : "",
+ "msg" : "3a2f5ad0eb216e546e0bcaa377b6cbc7",
+ "ct" : "550b48a43e821fd76f49f0f1a897aead",
+ "tag" : "f6e0a979481f9957ddad0f21a777a73a",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 32,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 206,
+ "comment" : "small IV sizes",
+ "key" : "567563bf4cf154902275a53bc57cd6dd7b370d27011bdac8",
+ "iv" : "68d7fc38",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "1475563e3212f3b5e40062569afd71e3",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 207,
+ "comment" : "small IV sizes",
+ "key" : "834d0bb601170865a78139428a1503695a6a291ebd747cd1",
+ "iv" : "bb9d2aa3",
+ "aad" : "",
+ "msg" : "6f79e18b4acd5a03d3a5f7e1a8d0f183",
+ "ct" : "309133e76159fe8a41b20843486511ab",
+ "tag" : "03ab26993b701910a2e8ecccd2ba9e52",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 48,
+ "keySize" : 192,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 208,
+ "comment" : "small IV sizes",
+ "key" : "99fb18f5ba430bb9ea942968ecb799b43406e1af4b6425a1",
+ "iv" : "a984bdcdcae2",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "d7b9a6b58a97982916e83219fbf71b1e",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 209,
+ "comment" : "small IV sizes",
+ "key" : "b77b242aa0d51c92fda013e0cb0ef2437399ace5d3f507e4",
+ "iv" : "52aa01e0d0d6",
+ "aad" : "",
+ "msg" : "4ba541a9914729216153801340ab1779",
+ "ct" : "e08261e46eaf90d978ea8f7889bccd4f",
+ "tag" : "c052a55df3926a50990a532efe3d80ec",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 8,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 210,
+ "comment" : "small IV sizes",
+ "key" : "8f9a38c1014966e4d9ae736139c5e79b99345874f42d4c7d2c81aa6797c417c0",
+ "iv" : "a9",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "2a268bf3a75fd7b00ba230b904bbb014",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 211,
+ "comment" : "small IV sizes",
+ "key" : "144cd8279229e8bb2de99d24e615306663913fe9177fcd270fafec493d43bca1",
+ "iv" : "b3",
+ "aad" : "",
+ "msg" : "976229f5538f9636476d69f0c328e29d",
+ "ct" : "7bea30ecc2f73f8e121263b37966954c",
+ "tag" : "8bbad4adc54b37a2b2f0f6e8617548c9",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 16,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 212,
+ "comment" : "small IV sizes",
+ "key" : "7d31861f9d3536e14016a3216b1042e0d2f7d4614314268b6f834ec7f38bbb65",
+ "iv" : "c332",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "1d978a693120c11f6d51a3ed88cd4ace",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 213,
+ "comment" : "small IV sizes",
+ "key" : "22b35fe9623ee11f8b60b6d22db3765b666ed972fa7ccd92b45f22deee02cab1",
+ "iv" : "da6c",
+ "aad" : "",
+ "msg" : "5341c78e4ce5bf8fbc3e077d1990dd5d",
+ "ct" : "9c39f5b110361e9a770cc5e8b0f444bb",
+ "tag" : "b63ff43c12073ec5572b1be70f17e231",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 32,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 214,
+ "comment" : "small IV sizes",
+ "key" : "c224e0bba3d7a99165f7996b67a0fce3e12f2c01179b197b69b7e628bca92096",
+ "iv" : "6b30145e",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "ae6f7c9a29f0d8204ca50b14a1e0dcf2",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 215,
+ "comment" : "small IV sizes",
+ "key" : "093eb12343537ee8e91c1f715b862603f8daf9d4e1d7d67212a9d68e5aac9358",
+ "iv" : "5110604c",
+ "aad" : "",
+ "msg" : "33efb58c91e8c70271870ec00fe2e202",
+ "ct" : "f73f72f976a296ba3ca94bc6eb08cd46",
+ "tag" : "b824c33c13f289429659aa017c632f71",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 48,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 216,
+ "comment" : "small IV sizes",
+ "key" : "98e6f8ab673e804e865e32403a6551bf807a959343c60d34559360bc295ecb5b",
+ "iv" : "d4d857510888",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "3db16725fafc828d414ab61c16a6c38f",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 217,
+ "comment" : "small IV sizes",
+ "key" : "0bd0e8e7781166e1d876dec8fad34ba95b032a27cac0551595116091005947b7",
+ "iv" : "1bdcd44b663e",
+ "aad" : "",
+ "msg" : "91222263b12cf5616a049cbe29ab9b5b",
+ "ct" : "ed463f4f43336af3f4d7e08770201145",
+ "tag" : "c8fc39906aca0c64e14a43ff750abd8a",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ }
+ ]
+}
diff --git a/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json b/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json
new file mode 100644
index 000000000..f4d72ecc1
--- /dev/null
+++ b/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json
@@ -0,0 +1,1868 @@
+{
+ "algorithm" : "CHACHA20-POLY1305",
+ "generatorVersion" : "0.4.12",
+ "numberOfTests" : 151,
+ "header" : [],
+ "testGroups" : [
+ {
+ "ivSize" : 96,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 1,
+ "comment" : "rfc7539",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "070000004041424344454647",
+ "aad" : "50515253c0c1c2c3c4c5c6c7",
+ "msg" : "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
+ "ct" : "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
+ "tag" : "1ae10b594f09e26a7e902ecbd0600691",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 2,
+ "comment" : "",
+ "key" : "80ba3192c803ce965ea371d5ff073cf0f43b6a2ab576b208426e11409c09b9b0",
+ "iv" : "4da5bf8dfd5852c1ea12379d",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "76acb342cf3166a5b63c0c0ea1383c8d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 3,
+ "comment" : "",
+ "key" : "7a4cd759172e02eb204db2c3f5c746227df584fc1345196391dbb9577a250742",
+ "iv" : "a92ef0ac991dd516a3c6f689",
+ "aad" : "bd506764f2d2c410",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "906fa6284b52f87b7359cbaa7563c709",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 4,
+ "comment" : "",
+ "key" : "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273",
+ "iv" : "99e23ec48985bccdeeab60f1",
+ "aad" : "",
+ "msg" : "2a",
+ "ct" : "3a",
+ "tag" : "cac27dec0968801e9f6eded69d807522",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 5,
+ "comment" : "",
+ "key" : "46f0254965f769d52bdb4a70b443199f8ef207520d1220c55e4b70f0fda620ee",
+ "iv" : "ab0dca716ee051d2782f4403",
+ "aad" : "91ca6c592cbcca53",
+ "msg" : "51",
+ "ct" : "c4",
+ "tag" : "168310ca45b1f7c66cad4e99e43f72b9",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 6,
+ "comment" : "",
+ "key" : "2f7f7e4f592bb389194989743507bf3ee9cbde1786b6695fe6c025fd9ba4c100",
+ "iv" : "461af122e9f2e0347e03f2db",
+ "aad" : "",
+ "msg" : "5c60",
+ "ct" : "4d13",
+ "tag" : "91e8b61efb39c122195453077b22e5e2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 7,
+ "comment" : "",
+ "key" : "c8833dce5ea9f248aa2030eacfe72bffe69a620caf793344e5718fe0d7ab1a58",
+ "iv" : "61546ba5f1720590b6040ac6",
+ "aad" : "88364fc8060518bf",
+ "msg" : "ddf2",
+ "ct" : "b60d",
+ "tag" : "ead0fd4697ec2e5558237719d02437a2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 8,
+ "comment" : "",
+ "key" : "55568158d3a6483f1f7021eab69b703f614251cadc1af5d34a374fdbfc5adac7",
+ "iv" : "3c4e654d663fa4596dc55bb7",
+ "aad" : "",
+ "msg" : "ab85e9c1571731",
+ "ct" : "5dfe3440dbb3c3",
+ "tag" : "ed7a434e2602d394281e0afa9fb7aa42",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 9,
+ "comment" : "",
+ "key" : "e3c09e7fab1aefb516da6a33022a1dd4eb272c80d540c5da52a730f34d840d7f",
+ "iv" : "58389375c69ee398de948396",
+ "aad" : "84e46be8c0919053",
+ "msg" : "4ee5cda20d4290",
+ "ct" : "4bd47212941ce3",
+ "tag" : "185f1408ee7fbf18f5abad6e2253a1ba",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 10,
+ "comment" : "",
+ "key" : "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152",
+ "iv" : "4f07afedfdc3b6c2361823d3",
+ "aad" : "",
+ "msg" : "be3308f72a2c6aed",
+ "ct" : "8e9439a56eeec817",
+ "tag" : "fbe8a6ed8fabb1937539dd6c00e90021",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 11,
+ "comment" : "",
+ "key" : "1131c1418577a054de7a4ac551950f1a053f9ae46e5b75fe4abd5608d7cddadd",
+ "iv" : "b4ea666ee119563366484a78",
+ "aad" : "66c0ae70076cb14d",
+ "msg" : "a4c9c2801b71f7df",
+ "ct" : "b9b910433af052b0",
+ "tag" : "4530f51aeee024e0a445a6328fa67a18",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 12,
+ "comment" : "",
+ "key" : "99b62bd5afbe3fb015bde93f0abf483957a1c3eb3ca59cb50b39f7f8a9cc51be",
+ "iv" : "9a59fce26df0005e07538656",
+ "aad" : "",
+ "msg" : "42baae5978feaf5c368d14e0",
+ "ct" : "ff7dc203b26c467a6b50db33",
+ "tag" : "578c0f2758c2e14e36d4fc106dcb29b4",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 13,
+ "comment" : "",
+ "key" : "85f35b6282cff440bc1020c8136ff27031110fa63ec16f1e825118b006b91257",
+ "iv" : "58dbd4ad2c4ad35dd906e9ce",
+ "aad" : "a506e1a5c69093f9",
+ "msg" : "fdc85b94a4b2a6b759b1a0da",
+ "ct" : "9f8816de0994e938d9e53f95",
+ "tag" : "d086fc6c9d8fa915fd8423a7cf05072f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 14,
+ "comment" : "",
+ "key" : "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb",
+ "iv" : "68ab7fdbf61901dad461d23c",
+ "aad" : "",
+ "msg" : "51f8c1f731ea14acdb210a6d973e07",
+ "ct" : "0b29638e1fbdd6df53970be2210042",
+ "tag" : "2a9134087d67a46e79178d0a93f5e1d2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 15,
+ "comment" : "",
+ "key" : "e6f1118d41e4b43fb58221b7ed79673834e0d8ac5c4fa60bbc8bc4893a58894d",
+ "iv" : "d95b3243afaef714c5035b6a",
+ "aad" : "6453a53384632212",
+ "msg" : "97469da667d6110f9cbda1d1a20673",
+ "ct" : "32db66c4a3819d81557455e5980fed",
+ "tag" : "feae30dec94e6ad3a9eea06a0d703917",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 16,
+ "comment" : "",
+ "key" : "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a",
+ "iv" : "2fcb1b38a99e71b84740ad9b",
+ "aad" : "",
+ "msg" : "549b365af913f3b081131ccb6b825588",
+ "ct" : "e9110e9f56ab3ca483500ceabab67a13",
+ "tag" : "836ccabf15a6a22a51c1071cfa68fa0c",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 17,
+ "comment" : "",
+ "key" : "b907a45075513fe8a8019edee3f2591487b2a030b03c6e1d771c862571d2ea1e",
+ "iv" : "118a6964c2d3e380071f5266",
+ "aad" : "034585621af8d7ff",
+ "msg" : "55a465644f5b650928cbee7c063214d6",
+ "ct" : "e4b113cb775945f3d3a8ae9ec141c00c",
+ "tag" : "7c43f16ce096d0dc27c95849dc383b7d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 18,
+ "comment" : "",
+ "key" : "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011",
+ "iv" : "45aaa3e5d16d2d42dc03445d",
+ "aad" : "",
+ "msg" : "3ff1514b1c503915918f0c0c31094a6e1f",
+ "ct" : "02cc3acb5ee1fcdd12a03bb857976474d3",
+ "tag" : "d83b7463a2c3800fe958c28eaa290813",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 19,
+ "comment" : "",
+ "key" : "f60c6a1b625725f76c7037b48fe3577fa7f7b87b1bd5a982176d182306ffb870",
+ "iv" : "f0384fb876121410633d993d",
+ "aad" : "9aaf299eeea78f79",
+ "msg" : "63858ca3e2ce69887b578a3c167b421c9c",
+ "ct" : "35766488d2bc7c2b8d17cbbb9abfad9e6d",
+ "tag" : "1f391e657b2738dda08448cba2811ceb",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 20,
+ "comment" : "",
+ "key" : "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7",
+ "iv" : "e6b1adf2fd58a8762c65f31b",
+ "aad" : "",
+ "msg" : "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111",
+ "ct" : "42f26c56cb4be21d9d8d0c80fc99dde00d75f38074bfe764",
+ "tag" : "54aa7e13d48fff7d7557039457040a3a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 21,
+ "comment" : "",
+ "key" : "c5bc09565646e7edda954f1f739223dada20b95c44ab033d0fae4b0283d18be3",
+ "iv" : "6b282ebecc541bcd7834ed55",
+ "aad" : "3e8bc5ade182ff08",
+ "msg" : "9222f9018e54fd6de1200806a9ee8e4cc904d29f25cba193",
+ "ct" : "123032437b4bfd6920e8f7e7e0087ae4889ebe7a0ad0e900",
+ "tag" : "3cf68f179550da63d3b96c2d55411865",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 22,
+ "comment" : "",
+ "key" : "2eb51c469aa8eb9e6c54a8349bae50a20f0e382711bba1152c424f03b6671d71",
+ "iv" : "04a9be03508a5f31371a6fd2",
+ "aad" : "",
+ "msg" : "b053999286a2824f42cc8c203ab24e2c97a685adcc2ad32662558e55a5c729",
+ "ct" : "45c7d6b53acad4abb68876a6e96a48fb59524d2c92c9d8a189c9fd2db91746",
+ "tag" : "566d3ca10e311b695f3eae1551652493",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 23,
+ "comment" : "",
+ "key" : "7f5b74c07ed1b40fd14358fe2ff2a740c116c7706510e6a437f19ea49911cec4",
+ "iv" : "470a339ecb3219b8b81a1f8b",
+ "aad" : "374618a06ea98a48",
+ "msg" : "f45206abc25552b2abc9ab7fa243035fedaaddc3b2293956f1ea6e7156e7eb",
+ "ct" : "46a80c4187024720084627580080dde5a3f4a11093a7076ed6f3d326bc7b70",
+ "tag" : "534d4aa2835a52e72d14df0e4f47f25f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 24,
+ "comment" : "",
+ "key" : "e1731d5854e1b70cb3ffe8b786a2b3ebf0994370954757b9dc8c7bc5354634a3",
+ "iv" : "72cfd90ef3026ca22b7e6e6a",
+ "aad" : "",
+ "msg" : "b9c554cbc36ac18ae897df7beecac1dbeb4eafa156bb60ce2e5d48f05715e678",
+ "ct" : "ea29afa49d36e8760f5fe19723b9811ed5d519934a440f5081ac430b953b0e21",
+ "tag" : "222541af46b86533c6b68d2ff108a7ea",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 25,
+ "comment" : "",
+ "key" : "27d860631b0485a410702fea61bc873f3442260caded4abde25b786a2d97f145",
+ "iv" : "262880d475f3dac5340dd1b8",
+ "aad" : "2333e5ce0f93b059",
+ "msg" : "6b2604996cd30c14a13a5257ed6cffd3bc5e29d6b97eb1799eb335e281ea451e",
+ "ct" : "6dad637897544d8bf6be9507ed4d1bb2e954bc427e5de729daf50762846ff2f4",
+ "tag" : "7b997d93c982189d7095dc794c746232",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 26,
+ "comment" : "",
+ "key" : "cf0d40a4644e5f51815165d5301b22631f4544c49a1878e3a0a5e8e1aae0f264",
+ "iv" : "e74a515e7e2102b90bef55d2",
+ "aad" : "",
+ "msg" : "973d0c753826bae466cf9abb3493152e9de7819e2bd0c71171346b4d2cebf8041aa3cedc0dfd7b467e26228bc86c9a",
+ "ct" : "fba78ae4f9d808a62e3da40be2cb7700c3613d9eb2c529c652e76a432c658d27095f0eb8f940c324981ea935e507f9",
+ "tag" : "8f046956db3a512908bd7afc8f2ab0a9",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 27,
+ "comment" : "",
+ "key" : "6cbfd71c645d184cf5d23c402bdb0d25ec54898c8a0273d42eb5be109fdcb2ac",
+ "iv" : "d4d807341683825b31cd4d95",
+ "aad" : "b3e4064683b02d84",
+ "msg" : "a98995504df16f748bfb7785ff91eeb3b660ea9ed3450c3d5e7b0e79ef653659a9978d75542ef91c456762215640b9",
+ "ct" : "a1ffed80761829ecce242e0e88b138049016bca018da2b6e19986b3e318cae8d806198fb4c527cc39350ebddeac573",
+ "tag" : "c4cbf0befda0b70242c640d7cd02d7a3",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 28,
+ "comment" : "",
+ "key" : "5b1d1035c0b17ee0b0444767f80a25b8c1b741f4b50a4d3052226baa1c6fb701",
+ "iv" : "d61040a313ed492823cc065b",
+ "aad" : "",
+ "msg" : "d096803181beef9e008ff85d5ddc38ddacf0f09ee5f7e07f1e4079cb64d0dc8f5e6711cd4921a7887de76e2678fdc67618f1185586bfea9d4c685d50e4bb9a82",
+ "ct" : "9a4ef22b181677b5755c08f747c0f8d8e8d4c18a9cc2405c12bb51bb1872c8e8b877678bec442cfcbb0ff464a64b74332cf072898c7e0eddf6232ea6e27efe50",
+ "tag" : "9ff3427a0f32fa566d9ca0a78aefc013",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 29,
+ "comment" : "",
+ "key" : "97d635c4f47574d9998a90875da1d3a284b755b2d39297a5725235190e10a97e",
+ "iv" : "d31c21aba175b70de4ebb19c",
+ "aad" : "7193f623663321a2",
+ "msg" : "94ee166d6d6ecf8832437136b4ae805d428864359586d9193a25016293edba443c58e07e7b7195ec5bd84582a9d56c8d4a108c7d7ce34e6c6f8ea1bec0567317",
+ "ct" : "5fbbdecc34be201614f636031eeb42f1cace3c79a12cffd871ee8e73820c829749f1abb4294367849fb6c2aa56bda8a3078f723d7c1c852024b017b58973fb1e",
+ "tag" : "09263da7b4cb921452f97dca40f580ec",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 30,
+ "comment" : "",
+ "key" : "fe6e55bdaed1f7284ca5fc0f8c5f2b8df56dc0f49e8ca66a41995e783351f901",
+ "iv" : "17c86a8abbb7e003acde2799",
+ "aad" : "",
+ "msg" : "b429eb80fb8fe8baeda0c85b9c333458e7c2992e558475069d12d45c22217564121588032297eff56783742a5fc22d7410ffb29d66098661d76f126c3c27689e43b37267cac5a3a6d3ab49e391da29cd3054a5692e2807e4c3ea46c8761d50f592",
+ "ct" : "d0102f6c258bf49742cec34cf2d0fedf23d105fb4c84cf98515e1bc9a64f8ad5be8f0721bde50645d00083c3a263a31053b760245f52ae2866a5ec83b19f61be1d30d5c5d9fecc4cbbe08fd385813a2aa39a00ff9c10f7f23702add1e4b2ffa31c",
+ "tag" : "41865fc71de12b19612127ce49993bb0",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 31,
+ "comment" : "",
+ "key" : "aabc063474e65c4c3e9bdc480dea97b45110c8618846ff6b15bdd2a4a5682c4e",
+ "iv" : "46362f45d6379e63e5229460",
+ "aad" : "a11c40b603767330",
+ "msg" : "ceb534ce50dc23ff638ace3ef63ab2cc2973eeada80785fc165d06c2f5100ff5e8ab2882c475afcd05ccd49f2e7d8f55ef3a72e3dc51d6852b8e6b9e7aece57be6556b0b6d9413e33fc5fc24a9a205ad59574bb39d944a92dc47970d84a6ad3176",
+ "ct" : "7545391b51de01d5c53dfaca777909063e58edee4bb1227e7110ac4d2620c2aec2f848f56deeb037a8dced75afa8a6c890e2dee42f950bb33d9e2424d08a505d899563973ed38870f3de6ee2adc7fe072c366c14e2cf7ca62fb3d36bee11685461",
+ "tag" : "b70d44ef8c66c5c7bbf10dcadd7facf6",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 32,
+ "comment" : "",
+ "key" : "7d00b48095adfa3272050607b264185002ba99957c498be022770f2ce2f3143c",
+ "iv" : "87345f1055fd9e2102d50656",
+ "aad" : "02",
+ "msg" : "e5ccaa441bc814688f8f6e8f28b500b2",
+ "ct" : "7e72f5a185af16a611921b438f749f0b",
+ "tag" : "1242c670732334029adfe1c5001651e4",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 33,
+ "comment" : "",
+ "key" : "6432717f1db85e41ac7836bce25185a080d5762b9e2b18444b6ec72c3bd8e4dc",
+ "iv" : "87a3163ec0598ad95b3aa713",
+ "aad" : "b648",
+ "msg" : "02cde168fba3f544bbd0332f7adeada8",
+ "ct" : "85f29a719557cdd14d1f8fffab6d9e60",
+ "tag" : "732ca32becd515a1ed353f542e999858",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 34,
+ "comment" : "",
+ "key" : "8e34cf73d245a1082a920b86364eb896c4946467bcb3d58929fcb36690e6394f",
+ "iv" : "6f573aa86baa492ba46596df",
+ "aad" : "bd4cd02fc7502bbdbdf6c9a3cbe8f0",
+ "msg" : "16ddd23ff53f3d23c06334487040eb47",
+ "ct" : "c1b295936d56fadac03e5f742bff73a1",
+ "tag" : "39c457dbab66382babb3b55800cda5b8",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 35,
+ "comment" : "",
+ "key" : "cb5575f5c7c45c91cf320b139fb594237560d0a3e6f865a67d4f633f2c08f016",
+ "iv" : "1a6518f02ede1da6809266d9",
+ "aad" : "89cce9fb47441d07e0245a66fe8b778b",
+ "msg" : "623b7850c321e2cf0c6fbcc8dfd1aff2",
+ "ct" : "c84c9bb7c61c1bcb17772a1c500c5095",
+ "tag" : "dbadf7a5138ca03459a2cd65831e092f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 36,
+ "comment" : "",
+ "key" : "a5569e729a69b24ba6e0ff15c4627897436824c941e9d00b2e93fddc4ba77657",
+ "iv" : "564dee49ab00d240fc1068c3",
+ "aad" : "d19f2d989095f7ab03a5fde84416e00c0e",
+ "msg" : "87b3a4d7b26d8d3203a0de1d64ef82e3",
+ "ct" : "94bc80621ed1e71b1fd2b5c3a15e3568",
+ "tag" : "333511861796978401598b963722f5b3",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 37,
+ "comment" : "",
+ "key" : "56207465b4e48e6d04630f4a42f35cfc163ab289c22a2b4784f6f9290330bee0",
+ "iv" : "df8713e87ec3dbcfad14d53e",
+ "aad" : "5e6470facd99c1d81e37cd44015fe19480a2a4d3352a4ff560c0640fdbda",
+ "msg" : "e601b38557797da2f8a4106a089d1da6",
+ "ct" : "299b5d3f3d03c087209a16e285143111",
+ "tag" : "4b454ed198de117e83ec49fa8d8508d6",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 38,
+ "comment" : "",
+ "key" : "3937986af86dafc1ba0c4672d8abc46c207062682d9c264ab06d6c5807205130",
+ "iv" : "8df4b15a888c33286a7b7651",
+ "aad" : "ba446f6f9a0ced22450feb10737d9007fd69abc19b1d4d9049a5551e86ec2b37",
+ "msg" : "dc9e9eaf11e314182df6a4eba17aec9c",
+ "ct" : "605bbf90aeb974f6602bc778056f0dca",
+ "tag" : "38ea23d99054b46b42ffe004129d2204",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 39,
+ "comment" : "",
+ "key" : "36372abcdb78e0279646ac3d176b9674e9154eecf0d5469c651ec7e16b4c1199",
+ "iv" : "be40e5f1a11817a0a8fa8949",
+ "aad" : "d41a828d5e71829247021905402ea257dccbc3b80fcd5675056b68bb59e62e8873",
+ "msg" : "81ce84ede9b35859cc8c49a8f6be7dc6",
+ "ct" : "7b7ce0d824809a70de32562ccf2c2bbd",
+ "tag" : "15d44a00ce0d19b4231f921e22bc0a43",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 40,
+ "comment" : "",
+ "key" : "9f1479ed097d7fe529c11f2f5add9aaff4a1ca0b68997a2cb7f79749bd90aaf4",
+ "iv" : "84c87dae4eee27730ec35d12",
+ "aad" : "3f2dd49bbf09d69a78a3d80ea2566614fc379474196c1aae84583da73d7ff85c6f42ca42056a9792cc1b9fb3c7d261",
+ "msg" : "a66747c89e857af3a18e2c79500087ed",
+ "ct" : "ca82bff3e2f310ccc976672c4415e69b",
+ "tag" : "57638c62a5d85ded774f913c813ea032",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 41,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000000000000000000000000000",
+ "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329be",
+ "ct" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "tag" : "e6d3d7324a1cbba777bbb0ecdda37807",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 42,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000000000000000000000000000",
+ "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd",
+ "ct" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "tag" : "062de6795f274fd2a305d76980bc9cce",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 43,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000000000000000000000000000",
+ "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd7ada44424269bffa5527f270acf68502b74c5ae2e60c0580981a4938459392c49bb2f284b646efc7f3f0b1361dc348ed77d30bc57692ed38fbac0188380488c7",
+ "ct" : "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+ "tag" : "d8b47902baaeafb34203051529af282e",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 44,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffffffffffffffffffffffffffff",
+ "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd641",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "b3891c849cb52c27747edfcf31213bb6",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 45,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffffffffffffffffffffffffffff",
+ "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4e121030174325e495ea373d4f796002d13a1d91aac484dd801780242",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "f0c12d26ef03029b62c008da27c5dc68",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 46,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffffffffffffffffffffffffffff",
+ "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4e121030174325e495ea373d4f796002d13a1d91aac484dd8017802428525bbbdbd964005aad80d8f53097afd48b3a51d19f3fa7f67e5b6c7ba6c6d3b644d0d7b49b910380c0f4ec9e23cb712882cf43a896d12c70453fe77c7fb7738",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "ee65783001c25691fa28d0f5f1c1d762",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 47,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000080000000800000008000000080",
+ "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293e",
+ "ct" : "0000008000000080000000800000008000000080000000800000008000000080",
+ "tag" : "79ba7a29f5a7bb75797af87a610129a4",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 48,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000080000000800000008000000080",
+ "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d",
+ "ct" : "00000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080",
+ "tag" : "36b1743819e1b9ba1551e8ed922a959a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 49,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000080000000800000008000000080",
+ "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d7ada44c24269bf7a5527f2f0acf68582b74c5a62e60c0500981a49b8459392449bb2f204b646ef47f3f0b1b61dc3486d77d30b457692edb8fbac010838048847",
+ "ct" : "0000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080",
+ "tag" : "feac4955554e806f3a1902e24432c08a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 50,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffff7fffffff7fffffff7fffffff7f",
+ "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c1",
+ "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f",
+ "tag" : "20a3798df1292c5972bf9741aec38a19",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 51,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffff7fffffff7fffffff7fffffff7f",
+ "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c2",
+ "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f",
+ "tag" : "c03d9f67354a97b2f074f7551557e49c",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 52,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffff7fffffff7fffffff7fffffff7f",
+ "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c28525bb3dbd964085aad80d0f53097a7d48b3a59d19f3faff67e5b647ba6c6dbb644d0dfb49b910b80c0f4e49e23cb792882cf4ba896d12470453fef7c7fb77b8",
+ "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f",
+ "tag" : "c86da8dd652286d50213d328d63e4006",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 53,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "7fffffff7fffffff7fffffff7fffffff",
+ "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd641",
+ "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff",
+ "tag" : "bede9083ceb36ddfe5fa811f95471c67",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 54,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "7fffffff7fffffff7fffffff7fffffff",
+ "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a461210301f4325e49dea373d47796002d93a1d91a2c484dd881780242",
+ "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff",
+ "tag" : "300874bb0692b689dead9ae15b067390",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 55,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "7fffffff7fffffff7fffffff7fffffff",
+ "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a461210301f4325e49dea373d47796002d93a1d91a2c484dd8817802420525bbbd3d9640052ad80d8fd3097afdc8b3a51d99f3fa7fe7e5b6c73a6c6d3be44d0d7bc9b910388c0f4ec9623cb712082cf43a096d12c78453fe7747fb7738",
+ "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff",
+ "tag" : "99cad85f45ca40942d0d4d5e950ade22",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 56,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000ffffffff00000000ffffffff",
+ "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641",
+ "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff",
+ "tag" : "8bbe145272e7c2d9a1891a3ab0983d9d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 57,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000ffffffff00000000ffffffff",
+ "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5be12103018bcda1b65ea373d40869ffd213a1d91a53b7b22701780242",
+ "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff",
+ "tag" : "3b41861913a8f6de7f61e225631bc382",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 58,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "00000000ffffffff00000000ffffffff",
+ "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5be12103018bcda1b65ea373d40869ffd213a1d91a53b7b227017802427ada4442bd9640055527f27053097afdb74c5ae219f3fa7f981a4938ba6c6d3b9bb2f28449b91038f3f0b136e23cb71277d30bc5896d12c7fbac0188c7fb7738",
+ "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff",
+ "tag" : "8428bcf023ec6bf31fd9efb203ff0871",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 59,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffff00000000ffffffff00000000",
+ "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be",
+ "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000",
+ "tag" : "139fdf6474ea24f549b075825f2c7620",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 60,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffff00000000ffffffff00000000",
+ "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a41edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd",
+ "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000",
+ "tag" : "bbad8d863b835a8e8664fd1d4566b6b4",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 61,
+ "comment" : "",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000000000000000001ee3200",
+ "aad" : "ffffffff00000000ffffffff00000000",
+ "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a41edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd8525bbbd4269bffaaad80d8facf6850248b3a51de60c058067e5b6c7459392c4644d0d7bb646efc70c0f4ec91dc348ed882cf43a7692ed380453fe77380488c7",
+ "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000",
+ "tag" : "42f2354297849a511d53e5571772f71f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 62,
+ "comment" : "Flipped bit 0 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a2e3fdf9fba6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 63,
+ "comment" : "Flipped bit 1 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a1e3fdf9fba6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 64,
+ "comment" : "Flipped bit 7 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "23e3fdf9fba6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 65,
+ "comment" : "Flipped bit 8 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e2fdf9fba6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 66,
+ "comment" : "Flipped bit 31 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fd79fba6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 67,
+ "comment" : "Flipped bit 32 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9faa6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 68,
+ "comment" : "Flipped bit 33 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9f9a6861b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 69,
+ "comment" : "Flipped bit 63 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6869b5ad2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 70,
+ "comment" : "Flipped bit 64 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5bd2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 71,
+ "comment" : "Flipped bit 77 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5af2607f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 72,
+ "comment" : "Flipped bit 80 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2617f40b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 73,
+ "comment" : "Flipped bit 96 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f41b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 74,
+ "comment" : "Flipped bit 97 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f42b7f447",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 75,
+ "comment" : "Flipped bit 120 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f40b7f446",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 76,
+ "comment" : "Flipped bit 121 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f40b7f445",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 77,
+ "comment" : "Flipped bit 126 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f40b7f407",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 78,
+ "comment" : "Flipped bit 127 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6861b5ad2607f40b7f4c7",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 79,
+ "comment" : "Flipped bit 63 and 127 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "a3e3fdf9fba6869b5ad2607f40b7f4c7",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 80,
+ "comment" : "Tag changed to all zero expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 81,
+ "comment" : "tag change to all 1 expected tag:a3e3fdf9fba6861b5ad2607f40b7f447",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 82,
+ "comment" : "Flipped bit 0 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "26da374f17b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 83,
+ "comment" : "Flipped bit 1 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "25da374f17b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 84,
+ "comment" : "Flipped bit 7 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "a7da374f17b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 85,
+ "comment" : "Flipped bit 8 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27db374f17b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 86,
+ "comment" : "Flipped bit 31 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da37cf17b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 87,
+ "comment" : "Flipped bit 32 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f16b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 88,
+ "comment" : "Flipped bit 33 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f15b7f1b23844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 89,
+ "comment" : "Flipped bit 63 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1323844a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 90,
+ "comment" : "Flipped bit 64 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23944a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 91,
+ "comment" : "Flipped bit 77 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23864a5490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 92,
+ "comment" : "Flipped bit 80 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a4490bfc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 93,
+ "comment" : "Flipped bit 96 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a5490afc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 94,
+ "comment" : "Flipped bit 97 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a54909fc4001",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 95,
+ "comment" : "Flipped bit 120 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a5490bfc4000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 96,
+ "comment" : "Flipped bit 121 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a5490bfc4003",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 97,
+ "comment" : "Flipped bit 126 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a5490bfc4041",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 98,
+ "comment" : "Flipped bit 127 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1b23844a5490bfc4081",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 99,
+ "comment" : "Flipped bit 63 and 127 in tag expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "27da374f17b7f1323844a5490bfc4081",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 100,
+ "comment" : "Tag changed to all zero expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 101,
+ "comment" : "tag change to all 1 expected tag:27da374f17b7f1b23844a5490bfc4001",
+ "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "616164",
+ "msg" : "00000000000000000000000000000000",
+ "ct" : "2cf8ae525fc86025268a4e1d88bead19",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "invalid",
+ "flags" : []
+ },
+ {
+ "tcId" : 102,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "30303030303030300002506e",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "d4500bf009493551c380adf52c573a69df7e8b762463330facc16a5726be7190c63c5a1c926584a096756828dcdc64acdf963d931bf1dae238f3f157224ac4b542d785b0dd84db6be3bc5a3663e84149ffbed09e54f78f16a8223b24cb019f58b21b0e551e7aa07327629551376ccbc3937671a0629bd95c9915c78555771e7a",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "0b300d8da56c2185755279553c4c82ca",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 103,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "3030303030303030000318a5",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "7de87f6729945275d0655da4c7fde4569e16f111b5eb26c22d859e3ff822eced3a6dd9a60f22957f7b7c857e8822eb9fe0b8d7022141f2d0b48f4b5612d322a88dd0fe0b4d9179324f7c6c9e990efbd80e5ed6775826498b1efe0f71a0f3ec5b29cb28c2540a7dcd51b7daaee0ff4a7f3ac1ee54c29ee4c170de408f66692194",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "c578e2aa44d309b7b6a5193bdc6118f5",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 104,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "00000000000000000007b4f0",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "1b996f9a3ccc6785de22ff5b8add9502ce03a0faf5992a09522cdd1206d220b8f8bd07d1f1f5a1bd9a71d11c7f579b855818c08d4de036393183b7f590b335aed8de5b57b13c5fede2441c3e184aa9d46e61598506b3e11c43c62cbcaceced33190875b012218b1930fb7c38ec45ac11c353d0cf938dccb9efad8fedbe46daa5",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "4b0bda8ad043830d8319ab82c50c7663",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 105,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "00000000000000000020fb66",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "86cbacae4d3f74ae01213e0551cc15160ea1be8408e3d5d74f01464995a69e6176cb9e02b2247ed299892f9182a45caf4c69405611766edfafdc285519ea30480c44f05e781eacf8fcecc7090abb28fa5fd585ac8cda7e8772e594e4ce6c883281932e0f89f877a1f04d9c32b06cf90b0e762b430c4d517c97107068f498ef7f",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "4bc98f72c494c2a43c2b15a1043f1cfa",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 106,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "00000000000000000038bb90",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "fab1cddf4fe198ef63add881d6ead6c57637bbe92018ca7c0b96fba0871e932db1fbf90761be25df8dfaf931ce5757e617b3d7a9f0bf0ffe5d591a33c143b8f53fd0b5a19609fd62e5c251a4281a200cfdc34f281710406f4e37625446ff6ef224913deb0d89af337128e3d155d16d3ec3246041432143e9ab3a6d2ccc2f4d62",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "f7e9e151b02533c74658bfc7737c680d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 107,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "00000000000000000070484a",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "227202be7f3515e9d1c02eea2f1950b6481b048a4c91506cb40d504e6c949f82d197c25ad17dc721651125782ac7a71247feaef32f1f250ce4bb8f79acaa179d45a7b0545f0924325efa87d5e441d28478c61f2223ee67c3b41f4394535e2a24369a2e16613c459490c14fb1d755fe53fbe1ee45b1b21f7162e2fcaa742abefd",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "795bcff647c553c2e4eb6e0eafd9e04e",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 108,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "000000000000000000932f40",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "fae58345c16cb0f5cc537f2b1b3469c969463b3ea71bcf6b98d669a8e60e04fc08d5fd069c362638e3400ef4cb242e27e2245e68cb9ec583da5340b12edf423b7326ad20feeb57daca2e0467a32899b42df8e56d84e006bc8a7acc731e7c1f6becb5719f7077f0d4f4c61ab11ebac1001801ce33c4e4a77d831d3ce34e8410e1",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "1946d653960f947a74d3e8093cf48502",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 109,
+ "comment" : "checking for int overflows",
+ "key" : "3030303030303030303030303030303030303030303030303030303030303030",
+ "iv" : "000000000000000000e29335",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "ebb216ddd7ca709215f503df9ce63c5cd2194e7d9099e8a90b2afaad5eba35069925a603fdbc341aaed41505b10941fa3856a7e247b1040709746cfc2096caa631b2fff41c250506d889c1c90671ade853ee6394c19192a5cf3710d1073099e5bc946582fc0fab9f543c716ae2486a8683fdca39d2e14f23d00a582664f4ecb1",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "36c3002985dd21baf895d633573f12c0",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 110,
+ "comment" : "checking for int overflows",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000000ef7d5",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "408ae6ef1c7ef0fb2c2d610816fc7849efa58f78273f5f166ea65f81b575747d035b3040fede1eb9459788669788408e00413b3e376d152d204aa2b7a83558fcd48a0ef7a26b1cd6d35d23b3f5dfe0ca77a4ce32b94abf83da2aefcaf068380879e89fb0a3829595cf44c3852ae2cc662b689f9355d9c183801f6acc313f8907",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "6514518e0a264142e0b7351f967fc2ae",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 111,
+ "comment" : "checking for int overflows",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000003dfce4",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "0a0a24499bcade58cf1576c312aca984718cb4cc7e0153f5a9015810859644dfc021174e0b060a397448de8b484a8603be680a6934c0906f30dd17eae2d4c5faa777f8ca53370e08331b88c342bac959787bbb33930e3b56be86da7f2a6eb1f94089d1d181074d4302f8e0552d0de1fab306a21b42d4c3ba6e6f0cbcc81e877a",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "4c194da6a99fd65b40e9cad798f44b19",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 112,
+ "comment" : "checking for int overflows",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000018486a8",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "4a0aaff8494729188691701340f3ce2b8a78eed3a0f065994b72484e7991d25c29aa075eb1fc16de93fe069058112ab284a3ed18780326d1258a47222fa633d8b29f3bd9150b239b1546c2bb9b9f410febead396000ee477701532c3d0f5fbf895d280196d2f737c5e9fec50d92bb0df5d7e513be5b8ea971310d5bf16ba7aee",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "c8ae7788cd2874abc138541e11fd0587",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 113,
+ "comment" : "checking for int overflows",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "msg" : "ff9428d079351f665cd001354319875c783d35f613e6d9093d38e975c38fe3b89f7aed35cb5a2fcaa0346efb936554649cf6378171eae4396ea15dc240d1abf4472d9096524fa1b2b023b8b288222773d4d206616f9293f65b45dbbc74e7c2edfbcbbf1cfb679bb739a5862de2bcb937f74d5bf8671c5a8a5092f61d54c9aa5b",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "933a5163c7f62368327b3fbc1036c943",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 114,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "85ffffffffffffffffffffffffffffffa6902fcbc883bbc180b256ae34ad7f00",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "000102030405060708090a0b0c0d0e0f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 115,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "ffffffffffffffffffffffffffffffff247e50642a1c0a2f8f77219609dba958",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "00000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 116,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "7cffffffffffffffffffffffffffffffd9e72c064ac8961f3fa585e0e2abd600",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "ffffffffffffffffffffffffffffffff",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 117,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "65ffffffffffffffffffffffffffffff95af0f4d0b686eaeccca4307d596f502",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "00000080000000800000008000000080",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 118,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "ffffffffffffffffffffffffffffffff8540b464357707be3a39d55c34f8bcb3",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "ffffff7fffffff7fffffff7fffffff7f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 119,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "4fffffffffffffffffffffffffffffff6623d990b898d830d212af2383330701",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "01000000010000000100000001000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 120,
+ "comment" : "special case tag",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "000102030405060708090a0b",
+ "aad" : "83ffffffffffffffffffffffffffffff5f16d09f17787211b7d484e024f89701",
+ "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d",
+ "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "tag" : "ffffffff000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 121,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "005235d2a919f28d3db7664a34ae6b444d3d35f613e6d9093d38e975c38fe3b85b8b94509e2b74a36d346e33d572659ba9f6378171eae4396ea15dc240d1abf483dce9f3073efadb7d23b87ace35168c",
+ "ct" : "0039e2fd2fd312149e989880884813e7caffffffffffffffffffffffffffffff3b0e869aaa8ea49632ffff37b9e8ce00caffffffffffffffffffffffffffffff3b0e869aaa8ea49632ffff37b9e8ce00",
+ "tag" : "a519ac1a35b4a57787510af78d8d200a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 122,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "d39428d079351f665cd001354319875ce5da78766fa19290c031f75208506745ae7aed35cb5a2fcaa0346efb93655464496ddeb05509c6efffab75eb2df4ab09762d9096524fa1b2b023b8b2882227730149ef504b71b120ca4ff39519c2c210",
+ "ct" : "d3ffffffffffffffffffffffffffffff6218b27f83b8b46602f6e1d834207b02ceffffffffffffffffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02ceffffffffffffffffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02",
+ "tag" : "302fe82ab0a09af64400d015ae83d9cc",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 123,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "e99428d079351f665cd001354319875c6df1394edc539b5b3a0957be0fb85946807aed35cb5a2fcaa0346efb93655464d1769fe806bbfeb6f590950f2eac9e0a582d9096524fa1b2b023b8b2882227739952ae0818c38979c07413711a9af713",
+ "ct" : "e9ffffffffffffffffffffffffffffffea33f347304abdadf8ce413433c84501e0ffffffffffffffffffffffffffffffb27f579688aee57064ce37329182ca01e0ffffffffffffffffffffffffffffffb27f579688aee57064ce37329182ca01",
+ "tag" : "98a7e836e0ee4d023500d0557ec2cbe0",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 124,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875c64f90f5b2692b860d4596ff4b3402c5c00b9bb53707aa667d356fe50c7199694033561e7caca6d941dc3cd6914ad6904",
+ "ct" : "ffffffffffffffffffffffffffffffffe33bc552ca8b9e96169e797e8f30301b603ca99944df76528c9d6f54ab833d0f603ca99944df76528c9d6f54ab833d0f",
+ "tag" : "6ab8dce2c59da4737130b0252f68a8d8",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 125,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "689428d079351f665cd001354319875cb08f25675b9bcbf6e38407de2ec75a479f7aed35cb5a2fcaa0346efb936554642d2af7cd6b080501d31ba54fb2eb7596472d9096524fa1b2b023b8b288222773650ec62d757072cee6ff233186dd1c8f",
+ "ct" : "68ffffffffffffffffffffffffffffff374def6eb782ed002143115412b74600ffffffffffffffffffffffffffffffff4e233fb3e51d1ec7424507720dc5219dffffffffffffffffffffffffffffffff4e233fb3e51d1ec7424507720dc5219d",
+ "tag" : "044dea608880412bfdffcf35579e9b26",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 126,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "6d9428d079351f665cd001354319875ca161b5ab040900629efeff78d7d86b459f7aed35cb5a2fcaa0346efb93655464c6f8078cc8ef12a0ff657d6d08db10b8472d9096524fa1b2b023b8b2882227738edc366cd697656fca81fb133ced79a1",
+ "ct" : "6dffffffffffffffffffffffffffffff26a37fa2e81026945c39e9f2eba87702ffffffffffffffffffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3ffffffffffffffffffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3",
+ "tag" : "1e6bea6314542e2ef9ffcf450b2e982b",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 127,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875cfc01b891e5f0f9128d7d1c579192b69863414415b69968959a7291b7a5af134860cd9ea10c29a36654e7a28e761becd8",
+ "ct" : "ffffffffffffffffffffffffffffffff7bc3729809e9dfe44fba0addade2aadf03c456df823cb8a0c5b900b3c935b8d303c456df823cb8a0c5b900b3c935b8d3",
+ "tag" : "ed2017c8dba4775629049d786e3bceb1",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 128,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875c6b6dc9d21a819e70b577f44137d3d6bd1335f5eb44494077b26449a54b6c7c7510b92f5ffef98b847cf17a9c98d883e5",
+ "ct" : "ffffffffffffffffffffffffffffffffecaf03dbf698b88677b0e2cb0ba3cafa73b0e72170ec9042edafd8a127f6d7ee73b0e72170ec9042edafd8a127f6d7ee",
+ "tag" : "073f17cb6778645925049d8822cbcab6",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 129,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ffcb2b1106f8234c5e99d4db4c7048de323d35f613e6d9093d38e975c38fe3b816e9884a114f0e9266cea3885fe36b9fd6f6378171eae4396ea15dc240d1abf4cebef5e9885a80ea76d975c144a41888",
+ "ct" : "ffa0fc3e8032c3d5fdb62a11f096307db5ffffffffffffffffffffffffffffff766c9a8025eadea73905328c3379c004b5ffffffffffffffffffffffffffffff766c9a8025eadea73905328c3379c004",
+ "tag" : "8b9bb4b4861289658c696a8340150405",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 130,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "6f9e70ed3b8baca026e46a5a0943158d213d35f613e6d9093d38e975c38fe3b80c612c5e8d89a873dbcaad5b7346429bc5f6378171eae4396ea15dc240d1abf4d43651fd149c260bcbdd7b126801318c",
+ "ct" : "6ff5a7c2bd414c3985cb9490b5a56d2ea6ffffffffffffffffffffffffffffff6ce43e94b92c784684013c5f1fdce900a6ffffffffffffffffffffffffffffff6ce43e94b92c784684013c5f1fdce900",
+ "tag" : "8b3bbd51644459568d81ca1fa72ce404",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 131,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "412b080a3e19c10d44a1af1eabdeb4ce353d35f613e6d9093d38e975c38fe3b86b8394330921486ca11d291c3e97ee9ad1f6378171eae4396ea15dc240d1abf4b3d4e9909034c614b10aff5525d09d8d",
+ "ct" : "4140df25b8d32194e78e51d41738cc6db2ffffffffffffffffffffffffffffff0b0686f93d849859fed6b818520d4501b2ffffffffffffffffffffffffffffff0b0686f93d849859fed6b818520d4501",
+ "tag" : "86fbab2b4a94f47aa56f0aea65d11008",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 132,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "b247a74723491aacacaad709c91e932b313d35f613e6d9093d38e975c38fe3b89ade04e75bb701d9660601b34765de98d5f6378171eae4396ea15dc240d1abf442897944c2a28fa17611d7fa5c22ad8f",
+ "ct" : "b22c7068a583fa350f8529c375f8eb88b6fffffffffffffffffffffffffffffffa5b162d6f12d1ec39cd90b72bff7503b6fffffffffffffffffffffffffffffffa5b162d6f12d1ec39cd90b72bff7503",
+ "tag" : "a019ac2ed667e17da16f0afa19610d0d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 133,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "740f9e49f610efa585b659ca6ed8b4992d3d35f613e6d9093d38e975c38fe3b8412d96afbe80ec3e79d451b00a2db29ac9f6378171eae4396ea15dc240d1abf4997aeb0c2795624669c387f9116ac18d",
+ "ct" : "7464496670da0f3c2699a700d23ecc3aaaffffffffffffffffffffffffffffff21a884658a253c0b261fc0b466b71901aaffffffffffffffffffffffffffffff21a884658a253c0b261fc0b466b71901",
+ "tag" : "736e18181696a5889c3159faabab20fd",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 134,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "adba5d105bc8aa062c2336cb889ddbd5373d35f613e6d9093d38e975c38fe3b8177c5ffe2875f468f6c2965748f3599ad3f6378171eae4396ea15dc240d1abf4cf2b225db1607a10e6d5401e53b42a8d",
+ "ct" : "add18a3fdd024a9f8f0cc801347ba376b0ffffffffffffffffffffffffffffff77f94d341cd0245da90907532469f201b0ffffffffffffffffffffffffffffff77f94d341cd0245da90907532469f201",
+ "tag" : "bad58f10a91e6a889aba32fd17d8331a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 135,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "fe9428d079351f665cd001354319875cc001edc5da442e719bce9abe273af144b47aed35cb5a2fcaa0346efb9365546448025f41fa4e336c786957a2a7c4930a6c2d9096524fa1b2b023b8b28822277300266ea1e43644a34d8dd1dc93f2fa13",
+ "ct" : "feffffffffffffffffffffffffffffff47c327cc365d088759098c341b4aed03d4ffffffffffffffffffffffffffffff2b0b973f745b28aae937f59f18eac701d4ffffffffffffffffffffffffffffff2b0b973f745b28aae937f59f18eac701",
+ "tag" : "d68ce174079add028dd05cf814630488",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 136,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "b513b06ab9ac14435acb8aa3a37afdb6543d35f613e6d9093d38e975c38fe3b861950193b1bf0311ff117989aed9a999b0f6378171eae4396ea15dc240d1abf4b9c27c3028aa8d69ef06afc0b59eda8e",
+ "ct" : "b57867453f66f4daf9e474691f9c8515d3ffffffffffffffffffffffffffffff01101359851ad324a0dae88dc2430202d3ffffffffffffffffffffffffffffff01101359851ad324a0dae88dc2430202",
+ "tag" : "aa48a3887d4b059699c2fdf9c6787e0a",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 137,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875cd4f109e814cea85a08c011d850dd1dcbcf7aed35cb5a2fcaa0346efb936554645340b85a9aa08296b77a5fc3961f660f172d9096524fa1b2b023b8b2882227731b6489ba84d8f559829ed9bda2290f16",
+ "ct" : "ffffffffffffffffffffffffffffffff5333c3e1f8d78eacca0707526cad018cafffffffffffffffffffffffffffffff3049702414b599502624fdfe29313204afffffffffffffffffffffffffffffff3049702414b599502624fdfe29313204",
+ "tag" : "b936a817f2211af129e2cf160fd42bcb",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 138,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875cdf4c62032d4119b588477e99925a56d9d67aed35cb5a2fcaa0346efb93655464fa84f0645536421b2bb9246ec219ed0b0e2d9096524fa1b2b023b8b288222773b2a0c1844b4e35d41e5da210f62f8412",
+ "ct" : "ffffffffffffffffffffffffffffffff588ea80ac1583f434a806813ae2a4a9eb6ffffffffffffffffffffffffffffff998d381adb2359ddbae786537d37b900b6ffffffffffffffffffffffffffffff998d381adb2359ddbae786537d37b900",
+ "tag" : "9f7ac4351f6b91e63097a713115d05be",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 139,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875c13f80a006dc1bbdad639a92fc7eca655f77aed35cb5a2fcaa0346efb936554646348b8fd29bf96d563a517e27d7bfc0f2f2d9096524fa1b2b023b8b2882227732b6c891d37c7e11a5641919c494d9516",
+ "ct" : "ffffffffffffffffffffffffffffffff943ac00981d89d2c14febfa5fb9cba1297ffffffffffffffffffffffffffffff00417083a7aa8d13f2fbb5dfc255a80497ffffffffffffffffffffffffffffff00417083a7aa8d13f2fbb5dfc255a804",
+ "tag" : "9a18a828070269f44700d009e7171cc9",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 140,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875c82e59b4582915038f933811e652dc66afc7aed35cb5a2fcaa0346efb93655464b671c8cac270c265a0ac2f535799880a242d9096524fa1b2b023b8b288222773fe55f92adc08b5aa9548a92d63afe113",
+ "ct" : "ffffffffffffffffffffffffffffffff0527514c6e8876ce3bf49794595dda2d9cffffffffffffffffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc019cffffffffffffffffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc01",
+ "tag" : "b436a82b93d555f74300d0199ba718ce",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 141,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "ff9428d079351f665cd001354319875cf1d12887b7216986a12d79098b6de60fc07aed35cb5a2fcaa0346efb93655464a7c75899f3e60af1fcb6c7307d87590f182d9096524fa1b2b023b8b288222773efe36979ed9e7d3ec952414e49b13016",
+ "ct" : "ffffffffffffffffffffffffffffffff7613e28e5b384f7063ea6f83b71dfa48a0ffffffffffffffffffffffffffffffc4ce90e77df311376de8650dc2a90d04a0ffffffffffffffffffffffffffffffc4ce90e77df311376de8650dc2a90d04",
+ "tag" : "ce54a82e1fa942fa3f00d0294f3715d3",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 142,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "cbf1da9e0ba9377374e69e1c0e600cfc343d35f613e6d9093d38e975c38fe3b8be3fa66b6ce7808aa3e45949f944649fd0f6378171eae4396ea15dc240d1abf46668dbc8f5f20ef2b3f38f00e2031788",
+ "ct" : "cb9a0db18d63d7ead7c960d6b286745fb3ffffffffffffffffffffffffffffffdebab4a1584250bffc2fc84d95decf04b3ffffffffffffffffffffffffffffffdebab4a1584250bffc2fc84d95decf04",
+ "tag" : "2383ab0b799205699b510aa709bf31f1",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 143,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "8f278694c4e9daebd58d3e5b966e8b68423d35f613e6d9093d38e975c38fe3b80653e7a331718833acc3b9adff1c3198a6f6378171eae4396ea15dc240d1abf4de049a00a864064bbcd46fe4e45b428f",
+ "ct" : "8f4c51bb42233a7276a2c0912a88f3cbc5ffffffffffffffffffffffffffffff66d6f56905d45806f30828a993869a03c5ffffffffffffffffffffffffffffff66d6f56905d45806f30828a993869a03",
+ "tag" : "8bfbab17a9e0b8748b510ae7d9fd2305",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 144,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "d59428d079351f665cd001354319875c9a22d70a48e24fddcdd4419de64c8f44fc7aed35cb5a2fcaa0346efb9365546477b5c907d9c9e1ea51851a204aad9f0a242d9096524fa1b2b023b8b2882227733f91f8e7c7b1962564619c5e7e9bf613",
+ "ct" : "d5ffffffffffffffffffffffffffffff1de01d03a4fb692b0f135717da3c93039cffffffffffffffffffffffffffffff14bc017957dcfa2cc0dbb81df583cb019cffffffffffffffffffffffffffffff14bc017957dcfa2cc0dbb81df583cb01",
+ "tag" : "49bc6e9fc51c4d503036644d842773d2",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 145,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "db9428d079351f665cd001354319875c75d5643aa5af934d8cce392cc3eedb47c07aed35cb5a2fcaa0346efb93655464601b5ad2067f28066a8f3281715ba808182d9096524fa1b2b023b8b288222773283f6b3218075fc95f6bb4ff456dc111",
+ "ct" : "dbfffffffffffffffffffffffffffffff217ae3349b6b5bb4e092fa6ff9ec700a0ffffffffffffffffffffffffffffff031292ac886a33c0fbd190bcce75fc03a0ffffffffffffffffffffffffffffff031292ac886a33c0fbd190bcce75fc03",
+ "tag" : "63da6ea251f039532c36645d38b76fd7",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 146,
+ "comment" : "edge case intermediate sums in poly1305",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "0000000000000000064c2d52",
+ "aad" : "ffffffff",
+ "msg" : "939428d079351f665cd001354319875c624839604216e403ebcc6af559ec8b43977aed35cb5a2fcaa0346efb93655464d8c8c3fa1a9e474abe52d02c8187e90f4f2d9096524fa1b2b023b8b28822277390ecf21a04e630858bb65652b5b18016",
+ "ct" : "93ffffffffffffffffffffffffffffffe58af369ae0fc2f5290b7c7f659c9704f7ffffffffffffffffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04f7ffffffffffffffffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04",
+ "tag" : "73eb2724b5c405f04d00d0f15840a1c1",
+ "result" : "valid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 64,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 147,
+ "comment" : "invalid nonce size",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "5f5f5f5f5f5f5f5f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 80,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 148,
+ "comment" : "invalid nonce size",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "5f5f5f5f5f5f5f5f5f5f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 88,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 149,
+ "comment" : "invalid nonce size",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "5f5f5f5f5f5f5f5f5f5f5f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 112,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 150,
+ "comment" : "invalid nonce size",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "5f5f5f5f5f5f5f5f5f5f5f5f5f5f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ },
+ {
+ "ivSize" : 128,
+ "keySize" : 256,
+ "tagSize" : 128,
+ "type" : "AeadTest",
+ "tests" : [
+ {
+ "tcId" : 151,
+ "comment" : "invalid nonce size",
+ "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+ "iv" : "5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f",
+ "aad" : "",
+ "msg" : "",
+ "ct" : "",
+ "tag" : "",
+ "result" : "invalid",
+ "flags" : []
+ }
+ ]
+ }
+ ]
+}
diff --git a/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json b/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json
new file mode 100644
index 000000000..f6694876e
--- /dev/null
+++ b/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json
@@ -0,0 +1,956 @@
+{
+ "algorithm" : "X25519",
+ "generatorVersion" : "0.4.12",
+ "notes" : {
+ "LowOrderPublic" : "Curve25519 or its twist contains some points of low order. This test vector contains a public key with such a point. While many libraries reject such public keys, doing so is not a strict requirement according to RFC 7748.",
+ "Small public key" : "The public key is insecure and does not belong to a valid private key. Some libraries reject such keys.",
+ "Twist" : "Public keys are either points on curve25519 or points on its twist. Implementations may either reject such keys or compute X25519 using the twist. If a point multiplication is performed then it is important that the result is correct, since otherwise attacks with invalid keys are possible."
+ },
+ "numberOfTests" : 87,
+ "header" : [],
+ "testGroups" : [
+ {
+ "curve" : "curve25519",
+ "tests" : [
+ {
+ "tcId" : 1,
+ "comment" : "normal case",
+ "curve" : "curve25519",
+ "public" : "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a",
+ "private" : "4852834d9d6b77dadeabaaf2e11dca66d19fe74993a7bec36c6e16a0983feaba",
+ "shared" : "87b7f212b627f7a54ca5e0bcdaddd5389d9de6156cdbcf8ebe14ffbcfb436551",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 2,
+ "comment" : "normal case",
+ "curve" : "curve25519",
+ "public" : "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "4b82bd8650ea9b81a42181840926a4ffa16434d1bf298de1db87efb5b0a9e34e",
+ "result" : "valid",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 3,
+ "comment" : "public key on twist",
+ "curve" : "curve25519",
+ "public" : "63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733",
+ "private" : "588c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211998a8",
+ "shared" : "b1a707519495ffffb298ff941716b06dfab87cf8d91123fe2be9a233dda22212",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 4,
+ "comment" : "public key on twist",
+ "curve" : "curve25519",
+ "public" : "0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779",
+ "private" : "b05bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6960ba8",
+ "shared" : "67dd4a6e165533534c0e3f172e4ab8576bca923a5f07b2c069b4c310ff2e935b",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 5,
+ "comment" : "public key on twist",
+ "curve" : "curve25519",
+ "public" : "0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a",
+ "private" : "70e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210bed19c",
+ "shared" : "4a0638cfaa9ef1933b47f8939296a6b25be541ef7f70e844c0bcc00b134de64a",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 6,
+ "comment" : "public key on twist",
+ "curve" : "curve25519",
+ "public" : "343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c",
+ "private" : "68c1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad458d",
+ "shared" : "399491fce8dfab73b4f9f611de8ea0b27b28f85994250b0f475d585d042ac207",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 7,
+ "comment" : "public key on twist",
+ "curve" : "curve25519",
+ "public" : "fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142",
+ "private" : "d877b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69ea0b2",
+ "shared" : "2c4fe11d490a53861776b13b4354abd4cf5a97699db6e6c68c1626d07662f758",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 8,
+ "comment" : "public key = 0",
+ "curve" : "curve25519",
+ "public" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "private" : "207494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd4debc",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "Small public key"
+ ]
+ },
+ {
+ "tcId" : 9,
+ "comment" : "public key = 1",
+ "curve" : "curve25519",
+ "public" : "0100000000000000000000000000000000000000000000000000000000000000",
+ "private" : "202e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e4818cfab",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "Small public key"
+ ]
+ },
+ {
+ "tcId" : 10,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "0200000000000000000000000000000000000000000000000000000000000000",
+ "private" : "38dde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f84",
+ "shared" : "9a2cfe84ff9c4a9739625cae4a3b82a906877a441946f8d7b3d795fe8f5d1639",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 11,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "0300000000000000000000000000000000000000000000000000000000000000",
+ "private" : "9857a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6aa5",
+ "shared" : "4da4e0aa072c232ee2f0fa4e519ae50b52c1edd08a534d4ef346c2e106d21d60",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 12,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000",
+ "private" : "48e2130d723305ed05e6e5894d398a5e33367a8c6aac8fcdf0a88e4b42820db7",
+ "shared" : "9ed10c53747f647f82f45125d3de15a1e6b824496ab40410ffcc3cfe95760f3b",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 13,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f",
+ "private" : "28f41011691851b3a62b641553b30d0dfddcb8fffcf53700a7be2f6a872e9fb0",
+ "shared" : "cf72b4aa6aa1c9f894f4165b86109aa468517648e1f0cc70e1ab08460176506b",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 14,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f",
+ "private" : "18a93b6499b9f6b3225ca02fef410e0adec23532321d2d8ef1a6d602a8c65b83",
+ "shared" : "5d50b62836bb69579410386cf7bb811c14bf85b1c7b17e5924c7ffea91ef9e12",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 15,
+ "comment" : "edge case on twist",
+ "curve" : "curve25519",
+ "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "c01d1305a1338a1fcac2ba7e2e032b427e0b04903165aca957d8d0553d8717b0",
+ "shared" : "19230eb148d5d67c3c22ab1daeff80a57eae4265ce2872657b2c8099fc698e50",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 16,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "0400000000000000000000000000000000000000000000000000000000000000",
+ "private" : "386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e21abe",
+ "shared" : "0fcab5d842a078d7a71fc59b57bfb4ca0be6873b49dcdb9f44e14ae8fbdfa542",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 17,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000",
+ "private" : "e023a289bd5e90fa2804ddc019a05ef3e79d434bb6ea2f522ecb643a75296e95",
+ "shared" : "54ce8f2275c077e3b1306a3939c5e03eef6bbb88060544758d9fef59b0bc3e4f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 18,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03",
+ "private" : "68f010d62ee8d926053a361c3a75c6ea4ebdc8606ab285003a6f8f4076b01e83",
+ "shared" : "f136775c5beb0af8110af10b20372332043cab752419678775a223df57c9d30d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 19,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "fffffffbfffffbffffdfffffdffffffffefffffefffff7fffff7ffffbfffff3f",
+ "private" : "58ebcb35b0f8845caf1ec630f96576b62c4b7b6c36b29deb2cb0084651755c96",
+ "shared" : "bf9affd06b844085586460962ef2146ff3d4533d9444aab006eb88cc3054407d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 20,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+ "private" : "188c4bc5b9c44b38bb658b9b2ae82d5b01015e093184b17cb7863503a783e1bb",
+ "shared" : "d480de04f699cb3be0684a9cc2e31281ea0bc5a9dcc157d3d20158d46ca5246d",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 21,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f",
+ "private" : "e06c11bb2e13ce3dc7673f67f5482242909423a9ae95ee986a988d98faee23a2",
+ "shared" : "4c4401cce6b51e4cb18f2790246c9bf914db667750a1cb89069092af07292276",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 22,
+ "comment" : "edge case for public key",
+ "curve" : "curve25519",
+ "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "c0658c46dde18129293877535b1162b6f9f5414a23cf4d2cbc140a4d99da2b8f",
+ "shared" : "578ba8cc2dbdc575afcf9df2b3ee6189f5337d6854c79b4ce165ea12293b3a0f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 23,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800",
+ "private" : "10255c9230a97a30a458ca284a629669293a31890cda9d147febc7d1e22d6bb1",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 24,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
+ "private" : "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 25,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "a0a05a3e8f9f44204d5f8059a94ac7dfc39a49ac016dd743dbfa43c5d671fd88",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 26,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "d0dbb3ed1906663f15420af31f4eaf6509d9a9949723500605ad7c1c6e7450a9",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 27,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "c0b1d0eb22b244fe3291140072cdd9d989b5f0ecd96c100feb5bca241c1d9f8f",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 28,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0000000000000000000000000000000000000000000000000000000000000080",
+ "private" : "480bf45f594942a8bc0f3353c6e8b8853d77f351f1c2ca6c2d1abf8a00b4229c",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 29,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0100000000000000000000000000000000000000000000000000000000000080",
+ "private" : "30f993fcf8514fc89bd8db14cd43ba0d4b2530e73c4276a05e1b145d420cedb4",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 30,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880",
+ "private" : "c04974b758380e2a5b5df6eb09bb2f6b3434f982722a8e676d3da251d1b3de83",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 31,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7",
+ "private" : "502a31373db32446842fe5add3e024022ea54f274182afc3d9f1bb3d39534eb5",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 32,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "90fa6417b0e37030fd6e43eff2abaef14c6793117a039cf621318ba90f4e98be",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 33,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "78ad3f26027f1c9fdd975a1613b947779bad2cf2b741ade01840885a30bb979c",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 34,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "98e23de7b1e0926ed9c87e7b14baf55f497a1d7096f93977680e44dc1c7b7b8b",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "LowOrderPublic"
+ ]
+ },
+ {
+ "tcId" : 35,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 36,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0100000000000000000000000000000000000000000000000000000000000000",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 37,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 38,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 39,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 40,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 41,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 42,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0000000000000000000000000000000000000000000000000000000000000080",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 43,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "0100000000000000000000000000000000000000000000000000000000000080",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 44,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 45,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 46,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 47,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 48,
+ "comment" : "public key with low order",
+ "curve" : "curve25519",
+ "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 49,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "f01e48dafac9d7bcf589cbc382c878d18bda3550589ffb5d50b523bebe329dae",
+ "shared" : "bd36a0790eb883098c988b21786773de0b3a4df162282cf110de18dd484ce74b",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 50,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d",
+ "shared" : "b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 51,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "98df845f6651bf1138221f119041f72b6dbc3c4ace7143d99fd55ad867480da8",
+ "shared" : "6fdf6c37611dbd5304dc0f2eb7c9517eb3c50e12fd050ac6dec27071d4bfc034",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 52,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "private" : "f09498e46f02f878829e78b803d316a2ed695d0498a08abdf8276930e24edcb0",
+ "shared" : "4c8fc4b1c6ab88fb21f18f6d4c810240d4e94651ba44f7a2c863cec7dc56602d",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 53,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "0200000000000000000000000000000000000000000000000000000000000080",
+ "private" : "1813c10a5c7f21f96e17f288c0cc37607c04c5f5aea2db134f9e2ffc66bd9db8",
+ "shared" : "1cd0b28267dc541c642d6d7dca44a8b38a63736eef5c4e6501ffbbb1780c033c",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 54,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "0300000000000000000000000000000000000000000000000000000000000080",
+ "private" : "7857fb808653645a0beb138a64f5f4d733a45ea84c3cda11a9c06f7e7139149e",
+ "shared" : "8755be01c60a7e825cff3e0e78cb3aa4333861516aa59b1c51a8b2a543dfa822",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 55,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "0400000000000000000000000000000000000000000000000000000000000080",
+ "private" : "e03aa842e2abc56e81e87b8b9f417b2a1e5913c723eed28d752f8d47a59f498f",
+ "shared" : "54c9a1ed95e546d27822a360931dda60a1df049da6f904253c0612bbdc087476",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 56,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "f8f707b7999b18cb0d6b96124f2045972ca274bfc154ad0c87038c24c6d0d4b2",
+ "shared" : "cc1f40d743cdc2230e1043daba8b75e810f1fbab7f255269bd9ebb29e6bf494f",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 57,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "a034f684fa631e1a348118c1ce4c98231f2d9eec9ba5365b4a05d69a785b0796",
+ "shared" : "54998ee43a5b007bf499f078e736524400a8b5c7e9b9b43771748c7cdf880412",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 58,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "30b6c6a0f2ffa680768f992ba89e152d5bc9893d38c9119be4f767bfab6e0ca5",
+ "shared" : "ead9b38efdd723637934e55ab717a7ae09eb86a21dc36a3feeb88b759e391e09",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 59,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "901b9dcf881e01e027575035d40b43bdc1c5242e030847495b0c7286469b6591",
+ "shared" : "602ff40789b54b41805915fe2a6221f07a50ffc2c3fc94cf61f13d7904e88e0e",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 60,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "8046677c28fd82c9a1bdb71a1a1a34faba1225e2507fe3f54d10bd5b0d865f8e",
+ "shared" : "e00ae8b143471247ba24f12c885536c3cb981b58e1e56b2baf35c12ae1f79c26",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 61,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "602f7e2f68a846b82cc269b1d48e939886ae54fd636c1fe074d710127d472491",
+ "shared" : "98cb9b50dd3fc2b0d4f2d2bf7c5cfdd10c8fcd31fc40af1ad44f47c131376362",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 62,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d",
+ "shared" : "38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 63,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "78d31dfa854497d72d8def8a1b7fb006cec2d8c4924647c93814ae56faeda495",
+ "shared" : "786cd54996f014a5a031ec14db812ed08355061fdb5de680a800ac521f318e23",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 64,
+ "comment" : "public key >= p",
+ "curve" : "curve25519",
+ "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "private" : "c04c5baefa8302ddded6a4bb957761b4eb97aefa4fc3b8043085f96a5659b3a5",
+ "shared" : "29ae8bc73e9b10a08b4f681c43c3e0ac1a171d31b38f1a48efba29ae639ea134",
+ "result" : "acceptable",
+ "flags" : []
+ },
+ {
+ "tcId" : 65,
+ "comment" : "RFC 7748",
+ "curve" : "curve25519",
+ "public" : "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c",
+ "private" : "a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44",
+ "shared" : "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 66,
+ "comment" : "RFC 7748",
+ "curve" : "curve25519",
+ "public" : "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413",
+ "private" : "4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d",
+ "shared" : "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 67,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "0200000000000000000000000000000000000000000000000000000000000000",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 68,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "0900000000000000000000000000000000000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 69,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "1000000000000000000000000000000000000000000000000000000000000000",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 70,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "63e5b1fe9601fe84385d8866b0421262f78fbfa5aff9585e626679b18547d959",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 71,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "e428f3dac17809f827a522ce32355058d07369364aa78902ee10139b9f9dd653",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 72,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "b3b50e3ed3a407b95de942ef74575b5ab8a10c09ee103544d60bdfed8138ab2b",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 73,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "213fffe93d5ea8cd242e462844029922c43c77c9e3e42f562f485d24c501a20b",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 74,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "91b232a178b3cd530932441e6139418f72172292f1da4c1834fc5ebfefb51e3f",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 75,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "045c6e11c5d332556c7822fe94ebf89b56a3878dc27ca079103058849fabcb4f",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 76,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "1ca2190b71163539063c35773bda0c9c928e9136f0620aeb093f099197b7f74e",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 77,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "f76e9010ac33c5043b2d3b76a842171000c4916222e9e85897a0aec7f6350b3c",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 78,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "bb72688d8f8aa7a39cd6060cd5c8093cdec6fe341937c3886a99346cd07faa55",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 79,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "88fddea193391c6a5933ef9b71901549447205aae9da928a6b91a352ba10f41f",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000000002",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 80,
+ "comment" : "edge case for shared secret",
+ "curve" : "curve25519",
+ "public" : "303b392f153116cad9cc682a00ccc44c95ff0d3bbe568beb6c4e739bafdc2c68",
+ "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63",
+ "shared" : "0000000000000000000000000000000000000000000000000000000000008000",
+ "result" : "acceptable",
+ "flags" : [
+ "Twist"
+ ]
+ },
+ {
+ "tcId" : 81,
+ "comment" : "checking for overflow",
+ "curve" : "curve25519",
+ "public" : "fd300aeb40e1fa582518412b49b208a7842b1e1f056a040178ea4141534f652d",
+ "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2",
+ "shared" : "b734105dc257585d73b566ccb76f062795ccbec89128e52b02f3e59639f13c46",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 82,
+ "comment" : "checking for overflow",
+ "curve" : "curve25519",
+ "public" : "c8ef79b514d7682677bc7931e06ee5c27c9b392b4ae9484473f554e6678ecc2e",
+ "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2",
+ "shared" : "647a46b6fc3f40d62141ee3cee706b4d7a9271593a7b143e8e2e2279883e4550",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 83,
+ "comment" : "checking for overflow",
+ "curve" : "curve25519",
+ "public" : "64aeac2504144861532b7bbcb6c87d67dd4c1f07ebc2e06effb95aecc6170b2c",
+ "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2",
+ "shared" : "4ff03d5fb43cd8657a3cf37c138cadcecce509e4eba089d0ef40b4e4fb946155",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 84,
+ "comment" : "checking for overflow",
+ "curve" : "curve25519",
+ "public" : "bf68e35e9bdb7eee1b50570221860f5dcdad8acbab031b14974cc49013c49831",
+ "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2",
+ "shared" : "21cee52efdbc812e1d021a4af1e1d8bc4db3c400e4d2a2c56a3926db4d99c65b",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 85,
+ "comment" : "checking for overflow",
+ "curve" : "curve25519",
+ "public" : "5347c491331a64b43ddc683034e677f53dc32b52a52a577c15a83bf298e99f19",
+ "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2",
+ "shared" : "18cb89e4e20c0c2bd324305245266c9327690bbe79acb88f5b8fb3f74eca3e52",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 86,
+ "comment" : "private key == -1 (mod order)",
+ "curve" : "curve25519",
+ "public" : "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75",
+ "private" : "a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050",
+ "shared" : "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75",
+ "result" : "valid",
+ "flags" : []
+ },
+ {
+ "tcId" : 87,
+ "comment" : "private key == 1 (mod order) on twist",
+ "curve" : "curve25519",
+ "public" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035",
+ "private" : "58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f",
+ "shared" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035",
+ "result" : "acceptable",
+ "flags" : []
+ }
+ ]
+ }
+ ]
+}
diff --git a/security/nss/gtests/der_gtest/der_quickder_unittest.cc b/security/nss/gtests/der_gtest/der_quickder_unittest.cc
index 944117909..a5301f15c 100644
--- a/security/nss/gtests/der_gtest/der_quickder_unittest.cc
+++ b/security/nss/gtests/der_gtest/der_quickder_unittest.cc
@@ -16,17 +16,35 @@
#include "secerr.h"
#include "secitem.h"
-const SEC_ASN1Template mySEC_NullTemplate[] = {
- {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}};
-
namespace nss_test {
+struct TemplateAndInput {
+ const SEC_ASN1Template* t;
+ SECItem input;
+};
+
class QuickDERTest : public ::testing::Test,
- public ::testing::WithParamInterface<SECItem> {};
+ public ::testing::WithParamInterface<TemplateAndInput> {};
+static const uint8_t kBitstringTag = 0x03;
static const uint8_t kNullTag = 0x05;
static const uint8_t kLongLength = 0x80;
+const SEC_ASN1Template kBitstringTemplate[] = {
+ {SEC_ASN1_BIT_STRING, 0, NULL, sizeof(SECItem)}, {0}};
+
+// Empty bitstring with unused bits.
+static uint8_t kEmptyBitstringUnused[] = {kBitstringTag, 1, 1};
+
+// Bitstring with 8 unused bits.
+static uint8_t kBitstring8Unused[] = {kBitstringTag, 3, 8, 0xff, 0x00};
+
+// Bitstring with >8 unused bits.
+static uint8_t kBitstring9Unused[] = {kBitstringTag, 3, 9, 0xff, 0x80};
+
+const SEC_ASN1Template kNullTemplate[] = {
+ {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}, {0}};
+
// Length of zero wrongly encoded as 0x80 instead of 0x00.
static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0};
@@ -53,14 +71,22 @@ static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10,
0x00, 0x00,
0x00, 0x00};
-static const SECItem kInvalidDER[] = {
- {siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)},
- {siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)},
- {siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)},
+#define TI(t, x) \
+ { \
+ t, { siBuffer, x, sizeof(x) } \
+ }
+static const TemplateAndInput kInvalidDER[] = {
+ TI(kBitstringTemplate, kEmptyBitstringUnused),
+ TI(kBitstringTemplate, kBitstring8Unused),
+ TI(kBitstringTemplate, kBitstring9Unused),
+ TI(kNullTemplate, kOverlongLength_0_0),
+ TI(kNullTemplate, kOverlongLength_1_0),
+ TI(kNullTemplate, kOverlongLength_16_0),
};
+#undef TI
TEST_P(QuickDERTest, InvalidLengths) {
- const SECItem& original_input(GetParam());
+ const SECItem& original_input(GetParam().input);
ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U));
ASSERT_TRUE(copy_of_input);
@@ -69,11 +95,10 @@ TEST_P(QuickDERTest, InvalidLengths) {
PORTCheapArenaPool pool;
PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
- ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U));
- ASSERT_TRUE(parsed_value);
+ StackSECItem parsed_value;
ASSERT_EQ(SECFailure,
- SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(),
- mySEC_NullTemplate, copy_of_input.get()));
+ SEC_QuickDERDecodeItem(&pool.arena, &parsed_value, GetParam().t,
+ copy_of_input.get()));
ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
PORT_DestroyCheapArena(&pool);
}
diff --git a/security/nss/gtests/freebl_gtest/cmac_unittests.cc b/security/nss/gtests/freebl_gtest/cmac_unittests.cc
new file mode 100644
index 000000000..40088dcaf
--- /dev/null
+++ b/security/nss/gtests/freebl_gtest/cmac_unittests.cc
@@ -0,0 +1,187 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "gtest/gtest.h"
+
+#include <stdint.h>
+#include <memory>
+
+#include "blapi.h"
+#include "secitem.h"
+#include "freebl_scoped_ptrs.h"
+
+class CmacAesTest : public ::testing::Test {
+ protected:
+ bool Compare(const uint8_t *actual, const uint8_t *expected,
+ unsigned int length) {
+ return strncmp((const char *)actual, (const char *)expected, length) == 0;
+ }
+};
+
+TEST_F(CmacAesTest, CreateInvalidSize) {
+ uint8_t key[1] = {0x00};
+ ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, sizeof(key)));
+ ASSERT_EQ(ctx, nullptr);
+}
+
+TEST_F(CmacAesTest, CreateRightSize) {
+ uint8_t *key = PORT_NewArray(uint8_t, AES_128_KEY_LENGTH);
+ ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, AES_128_KEY_LENGTH));
+
+ ASSERT_NE(ctx, nullptr);
+ PORT_Free(key);
+}
+
+// The following tests were taken from NIST's Cryptographic Standards and
+// Guidelines page for AES-CMAC Examples with Intermediate Values. These same
+// test vectors for AES-128 can be found in RFC 4493, Section 4.
+
+static const uint8_t kNistKeys[][AES_256_KEY_LENGTH] = {
+ {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15,
+ 0x88, 0x09, 0xCF, 0x4F, 0x3C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 0xC8, 0x10, 0xF3,
+ 0x2B, 0x80, 0x90, 0x79, 0xE5, 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C,
+ 0x6B, 0x7B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 0x2B, 0x73, 0xAE,
+ 0xF0, 0x85, 0x7D, 0x77, 0x81, 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61,
+ 0x08, 0xD7, 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4}};
+static const size_t kNistKeyLengthsCount = PR_ARRAY_SIZE(kNistKeys);
+static const unsigned int kNistKeyLengths[kNistKeyLengthsCount] = {
+ AES_128_KEY_LENGTH, AES_192_KEY_LENGTH, AES_256_KEY_LENGTH};
+
+static const uint8_t kNistPlaintext[64] = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E,
+ 0x11, 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03,
+ 0xAC, 0x9C, 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, 0x30,
+ 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 0xE5, 0xFB, 0xC1, 0x19,
+ 0x1A, 0x0A, 0x52, 0xEF, 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B,
+ 0x17, 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10};
+static const unsigned int kNistPlaintextLengths[] = {0, 16, 20, 64};
+static const size_t kNistPlaintextLengthsCount =
+ PR_ARRAY_SIZE(kNistPlaintextLengths);
+
+// This table contains the result of a CMAC over kNistPlaintext using keys from
+// kNistKeys. For each key, there are kNistPlaintextLengthsCount answers, all
+// listed one after the other as the input is truncated to the different sizes
+// in kNistPlaintextLengths.
+static const uint8_t kNistKnown[][AES_BLOCK_SIZE] = {
+ {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59, 0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12,
+ 0x9B, 0x75, 0x67, 0x46},
+ {0x07, 0x0A, 0x16, 0xB4, 0x6B, 0x4D, 0x41, 0x44, 0xF7, 0x9B, 0xDD, 0x9D,
+ 0xD0, 0x4A, 0x28, 0x7C},
+ {0x7D, 0x85, 0x44, 0x9E, 0xA6, 0xEA, 0x19, 0xC8, 0x23, 0xA7, 0xBF, 0x78,
+ 0x83, 0x7D, 0xFA, 0xDE},
+ {0x51, 0xF0, 0xBE, 0xBF, 0x7E, 0x3B, 0x9D, 0x92, 0xFC, 0x49, 0x74, 0x17,
+ 0x79, 0x36, 0x3C, 0xFE},
+ {0xD1, 0x7D, 0xDF, 0x46, 0xAD, 0xAA, 0xCD, 0xE5, 0x31, 0xCA, 0xC4, 0x83,
+ 0xDE, 0x7A, 0x93, 0x67},
+ {0x9E, 0x99, 0xA7, 0xBF, 0x31, 0xE7, 0x10, 0x90, 0x06, 0x62, 0xF6, 0x5E,
+ 0x61, 0x7C, 0x51, 0x84},
+ {0x3D, 0x75, 0xC1, 0x94, 0xED, 0x96, 0x07, 0x04, 0x44, 0xA9, 0xFA, 0x7E,
+ 0xC7, 0x40, 0xEC, 0xF8},
+ {0xA1, 0xD5, 0xDF, 0x0E, 0xED, 0x79, 0x0F, 0x79, 0x4D, 0x77, 0x58, 0x96,
+ 0x59, 0xF3, 0x9A, 0x11},
+ {0x02, 0x89, 0x62, 0xF6, 0x1B, 0x7B, 0xF8, 0x9E, 0xFC, 0x6B, 0x55, 0x1F,
+ 0x46, 0x67, 0xD9, 0x83},
+ {0x28, 0xA7, 0x02, 0x3F, 0x45, 0x2E, 0x8F, 0x82, 0xBD, 0x4B, 0xF2, 0x8D,
+ 0x8C, 0x37, 0xC3, 0x5C},
+ {0x15, 0x67, 0x27, 0xDC, 0x08, 0x78, 0x94, 0x4A, 0x02, 0x3C, 0x1F, 0xE0,
+ 0x3B, 0xAD, 0x6D, 0x93},
+ {0xE1, 0x99, 0x21, 0x90, 0x54, 0x9F, 0x6E, 0xD5, 0x69, 0x6A, 0x2C, 0x05,
+ 0x6C, 0x31, 0x54, 0x10}};
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(kNistKnown) ==
+ kNistKeyLengthsCount * kNistPlaintextLengthsCount);
+
+TEST_F(CmacAesTest, AesNistAligned) {
+ for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
+ key_index++) {
+ ScopedCMACContext ctx(CMAC_Create(CMAC_AES, kNistKeys[key_index],
+ kNistKeyLengths[key_index]));
+ ASSERT_NE(ctx, nullptr);
+
+ for (unsigned int plaintext_index = 0;
+ plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
+ CMAC_Begin(ctx.get());
+
+ unsigned int known_index =
+ (key_index * kNistPlaintextLengthsCount) + plaintext_index;
+ CMAC_Update(ctx.get(), kNistPlaintext,
+ kNistPlaintextLengths[plaintext_index]);
+
+ uint8_t output[AES_BLOCK_SIZE];
+ CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE);
+
+ ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE));
+ }
+ }
+}
+
+TEST_F(CmacAesTest, AesNistUnaligned) {
+ for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
+ key_index++) {
+ unsigned int key_length = kNistKeyLengths[key_index];
+ ScopedCMACContext ctx(
+ CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length));
+ ASSERT_NE(ctx, nullptr);
+
+ // Skip the zero-length test.
+ for (unsigned int plaintext_index = 1;
+ plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
+ unsigned int known_index =
+ (key_index * kNistPlaintextLengthsCount) + plaintext_index;
+ unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index];
+
+ // Test all possible offsets and make sure that misaligned updates
+ // produce the desired result. That is, do two updates:
+ // 0 ... offset
+ // offset ... len - offset
+ // and ensure the result is the same as doing one update.
+ for (unsigned int offset = 1; offset < plaintext_length; offset++) {
+ CMAC_Begin(ctx.get());
+
+ CMAC_Update(ctx.get(), kNistPlaintext, offset);
+ CMAC_Update(ctx.get(), kNistPlaintext + offset,
+ plaintext_length - offset);
+
+ uint8_t output[AES_BLOCK_SIZE];
+ CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE);
+
+ ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE));
+ }
+ }
+ }
+}
+
+TEST_F(CmacAesTest, AesNistTruncated) {
+ for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount;
+ key_index++) {
+ unsigned int key_length = kNistKeyLengths[key_index];
+ ScopedCMACContext ctx(
+ CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length));
+ ASSERT_TRUE(ctx != nullptr);
+
+ // Skip the zero-length test.
+ for (unsigned int plaintext_index = 1;
+ plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) {
+ unsigned int known_index =
+ (key_index * kNistPlaintextLengthsCount) + plaintext_index;
+ unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index];
+
+ // Test truncated outputs to ensure that we always get the desired values.
+ for (unsigned int out_len = 1; out_len < AES_BLOCK_SIZE; out_len++) {
+ CMAC_Begin(ctx.get());
+
+ CMAC_Update(ctx.get(), kNistPlaintext, plaintext_length);
+
+ unsigned int actual_out_len = 0;
+ uint8_t output[AES_BLOCK_SIZE];
+ CMAC_Finish(ctx.get(), output, &actual_out_len, out_len);
+
+ ASSERT_TRUE(actual_out_len == out_len);
+ ASSERT_TRUE(Compare(output, kNistKnown[known_index], out_len));
+ }
+ }
+ }
+}
diff --git a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
index 21a87c557..c19db414e 100644
--- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
+++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -23,6 +23,7 @@
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
},
{
@@ -34,12 +35,20 @@
'ecl_unittest.cc',
'ghash_unittest.cc',
'rsa_unittest.cc',
+ 'cmac_unittests.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
'freebl_gtest_deps',
'<(DEPTH)/exports.gyp:nss_exports',
],
+ 'conditions': [
+ [ 'cc_is_gcc==1 and (target_arch=="ia32" or target_arch=="x64")', {
+ 'cflags_cc': [
+ '-msse2',
+ ],
+ }],
+ ],
},
{
'target_name': 'prng_gtest',
@@ -78,7 +87,7 @@
'defines': [
'NSS_USE_STATIC_LIBS',
],
- # For test builds we have to set MPI defines.
+ # For static builds we have to set MPI defines.
'conditions': [
[ 'ct_verif==1', {
'defines': [
diff --git a/security/nss/gtests/freebl_gtest/ghash_unittest.cc b/security/nss/gtests/freebl_gtest/ghash_unittest.cc
index 3c9045bec..327c2bcb3 100644
--- a/security/nss/gtests/freebl_gtest/ghash_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/ghash_unittest.cc
@@ -2,7 +2,7 @@
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at http://mozilla.org/MPL/2.0/.
-#include "gcm-vectors.h"
+#include "testvectors/gcm-vectors.h"
#include "gtest/gtest.h"
#include "util.h"
diff --git a/security/nss/gtests/freebl_gtest/mpi_unittest.cc b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
index 2ccb8c351..56b7454dc 100644
--- a/security/nss/gtests/freebl_gtest/mpi_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -6,6 +6,7 @@
#include <stdint.h>
#include <string.h>
+#include <memory>
#ifdef __MACH__
#include <mach/clock.h>
@@ -27,7 +28,7 @@ void gettime(struct timespec* tp) {
tp->tv_sec = mts.tv_sec;
tp->tv_nsec = mts.tv_nsec;
#else
- clock_gettime(CLOCK_MONOTONIC, tp);
+ ASSERT_NE(0, timespec_get(tp, TIME_UTC));
#endif
}
@@ -84,8 +85,9 @@ class MPITest : public ::testing::Test {
mp_int a;
ASSERT_EQ(MP_OKAY, mp_init(&a));
ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size()));
- uint8_t buf[len];
- ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf, len));
+ std::unique_ptr<uint8_t[]> buf(new uint8_t[len]);
+ ASSERT_NE(buf, nullptr);
+ ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf.get(), len));
size_t compare;
if (len > ref.size()) {
for (size_t i = 0; i < len - ref.size(); ++i) {
@@ -96,9 +98,9 @@ class MPITest : public ::testing::Test {
compare = len;
}
dump("value", ref.data(), ref.size());
- dump("output", buf, len);
- ASSERT_EQ(0, memcmp(buf + len - compare, ref.data() + ref.size() - compare,
- compare))
+ dump("output", buf.get(), len);
+ ASSERT_EQ(0, memcmp(buf.get() + len - compare,
+ ref.data() + ref.size() - compare, compare))
<< "comparing " << compare << " octets";
mp_clear(&a);
}
@@ -146,6 +148,41 @@ TEST_F(MPITest, MpiCmpUnalignedTest) {
}
#endif
+// The two follow tests ensure very similar mp_set_* functions are ok.
+TEST_F(MPITest, MpiSetUlong) {
+ mp_int a, b, c;
+ MP_DIGITS(&a) = 0;
+ MP_DIGITS(&b) = 0;
+ MP_DIGITS(&c) = 0;
+ ASSERT_EQ(MP_OKAY, mp_init(&a));
+ ASSERT_EQ(MP_OKAY, mp_init(&b));
+ ASSERT_EQ(MP_OKAY, mp_init(&c));
+ EXPECT_EQ(MP_OKAY, mp_set_ulong(&a, 1));
+ EXPECT_EQ(MP_OKAY, mp_set_ulong(&b, 0));
+ EXPECT_EQ(MP_OKAY, mp_set_ulong(&c, -1));
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&c);
+}
+
+TEST_F(MPITest, MpiSetInt) {
+ mp_int a, b, c;
+ MP_DIGITS(&a) = 0;
+ MP_DIGITS(&b) = 0;
+ MP_DIGITS(&c) = 0;
+ ASSERT_EQ(MP_OKAY, mp_init(&a));
+ ASSERT_EQ(MP_OKAY, mp_init(&b));
+ ASSERT_EQ(MP_OKAY, mp_init(&c));
+ EXPECT_EQ(MP_OKAY, mp_set_int(&a, 1));
+ EXPECT_EQ(MP_OKAY, mp_set_int(&b, 0));
+ EXPECT_EQ(MP_OKAY, mp_set_int(&c, -1));
+
+ mp_clear(&a);
+ mp_clear(&b);
+ mp_clear(&c);
+}
+
TEST_F(MPITest, MpiFixlenOctetsZero) {
std::vector<uint8_t> zero = {0};
TestToFixedOctets(zero, 1);
@@ -253,4 +290,4 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) {
mp_clear(&c);
}
-} // nss_test
+} // namespace nss_test
diff --git a/security/nss/gtests/freebl_gtest/rsa_unittest.cc b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
index a1453168f..9a6a9c11f 100644
--- a/security/nss/gtests/freebl_gtest/rsa_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/rsa_unittest.cc
@@ -5,6 +5,7 @@
#include "gtest/gtest.h"
#include <stdint.h>
+#include <memory>
#include "blapi.h"
#include "secitem.h"
diff --git a/security/nss/gtests/manifest.mn b/security/nss/gtests/manifest.mn
index 13048f037..1d97da3dd 100644
--- a/security/nss/gtests/manifest.mn
+++ b/security/nss/gtests/manifest.mn
@@ -24,9 +24,12 @@ NSS_SRCDIRS = \
cryptohi_gtest \
der_gtest \
pk11_gtest \
+ smime_gtest \
softoken_gtest \
ssl_gtest \
+ $(SYSINIT_GTEST) \
nss_bogo_shim \
+ pkcs11testmodule \
$(NULL)
endif
endif
diff --git a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
index 899b849fc..1623d76bb 100644
--- a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
+++ b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp
@@ -43,6 +43,7 @@
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix',
'<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib',
],
diff --git a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
index e17321075..c1c81b3a7 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp
@@ -152,10 +152,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -301,10 +305,14 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -321,7 +329,7 @@ public:
{
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
@@ -442,10 +450,14 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -665,10 +677,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
@@ -723,7 +739,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain
{
public:
Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time,
- Duration, /*optional*/ const Input*,
+ Time, Duration, /*optional*/ const Input*,
/*optional*/ const Input*) override
{
if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) {
@@ -828,10 +844,14 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time,
+ Time validityBeginning, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
+ // All of the certificates in this test for which this is called have a
+ // validity period that begins "one day before now".
+ EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning);
return Success;
}
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
index 762fac146..71399a26b 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp
@@ -70,7 +70,7 @@ private:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*, /*optional*/ const Input*)
override
{
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
index 00ccffb04..54e19fc3d 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp
@@ -92,7 +92,7 @@ private:
return checker.Check(issuerCert, nullptr, keepGoing);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
const Input*, const Input*) override
{
return Success;
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
index 0aef3d5c1..9fd1e52f1 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp
@@ -558,7 +558,7 @@ private:
return checker.Check(derCert, nullptr, keepGoing);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
const Input*, const Input*) override
{
return Success;
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
index 136f8719a..b87f0a772 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
@@ -166,8 +166,8 @@ void ASSERT_SimpleCase(uint8_t unusedBits, uint8_t bits, KeyUsage usage)
// Test that none of the other non-padding bits are mistaken for the given
// key usage in the single-byte value case.
- NAMED_SIMPLE_KU(notGood, unusedBits,
- static_cast<uint8_t>((~bits >> unusedBits) << unusedBits));
+ uint8_t paddingBits = (static_cast<uint8_t>(~bits) >> unusedBits) << unusedBits;
+ NAMED_SIMPLE_KU(notGood, unusedBits, paddingBits);
ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, &notGood, usage));
ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, &notGood, usage));
diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
index 70e6fd410..e1f35e5b4 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp
@@ -302,7 +302,7 @@ public:
return Success;
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override
{
diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
index cf91fa2c6..c66f06e6a 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp
@@ -191,8 +191,10 @@ TEST_F(pkixder_input_tests, ReadByteWrapAroundPointer)
// a null pointer is undefined behavior according to the C++ language spec.,
// but this should catch the problem on at least some compilers, if not all of
// them.
- const uint8_t* der = nullptr;
- --der;
+ uintptr_t derint = -1;
+ auto der = reinterpret_cast<const uint8_t*>(derint);
+ ASSERT_EQ(sizeof(der), sizeof(derint))
+ << "underflow of pointer might not work";
Input buf;
ASSERT_EQ(Success, buf.Init(der, 0));
Reader input(buf);
@@ -359,6 +361,7 @@ TEST_F(pkixder_input_tests, Skip_WrapAroundPointer)
// but this should catch the problem on at least some compilers, if not all of
// them.
const uint8_t* der = nullptr;
+ // coverity[FORWARD_NULL]
--der;
Input buf;
ASSERT_EQ(Success, buf.Init(der, 0));
diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
index 260c735ec..0dc8555d9 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
+++ b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp
@@ -1224,3 +1224,53 @@ TEST_F(pkixder_universal_types_tests, OID)
ASSERT_EQ(Success, OID(reader, expectedOID));
}
+
+TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag)
+{
+ const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0A,
+ 0x0B,
+ 0x0C,
+ };
+ Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
+ ASSERT_TRUE(reader.AtEnd());
+}
+
+TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch)
+{
+ const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = {
+ 0x81,
+ 0x04,
+ 0x00,
+ 0x0A,
+ 0x0B,
+ 0x0C,
+ };
+ Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2));
+ ASSERT_FALSE(reader.AtEnd());
+}
+
+TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag)
+{
+ const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = {
+ 0xA1,
+ 0x03,
+ 0x05,
+ 0x01,
+ 0x00,
+ };
+ Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1);
+ Reader reader(input);
+
+ ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1));
+ ASSERT_FALSE(reader.AtEnd());
+}
diff --git a/security/nss/gtests/mozpkix_gtest/pkixgtest.h b/security/nss/gtests/mozpkix_gtest/pkixgtest.h
index bb3491d44..0a203c5e1 100644
--- a/security/nss/gtests/mozpkix_gtest/pkixgtest.h
+++ b/security/nss/gtests/mozpkix_gtest/pkixgtest.h
@@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain {
Result::FATAL_ERROR_LIBRARY_FAILURE);
}
- Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration,
+ Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration,
/*optional*/ const Input*,
/*optional*/ const Input*) override {
ADD_FAILURE();
diff --git a/security/nss/gtests/pk11_gtest/manifest.mn b/security/nss/gtests/pk11_gtest/manifest.mn
index ea7b43a2b..1c0ae6921 100644
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -7,20 +7,32 @@ DEPTH = ../..
MODULE = nss
CPPSRCS = \
+ pk11_aes_gcm_unittest.cc \
pk11_aeskeywrap_unittest.cc \
+ pk11_aeskeywrappad_unittest.cc \
+ pk11_cbc_unittest.cc \
pk11_chacha20poly1305_unittest.cc \
pk11_curve25519_unittest.cc \
+ pk11_der_private_key_import_unittest.cc \
+ pk11_des_unittest.cc \
pk11_ecdsa_unittest.cc \
pk11_encrypt_derive_unittest.cc \
pk11_export_unittest.cc \
+ pk11_find_certs_unittest.cc \
+ pk11_import_unittest.cc \
+ pk11_keygen.cc \
+ pk11_key_unittest.cc \
+ pk11_module_unittest.cc \
pk11_pbkdf2_unittest.cc \
pk11_prf_unittest.cc \
pk11_prng_unittest.cc \
pk11_rsapkcs1_unittest.cc \
pk11_rsapss_unittest.cc \
- pk11_der_private_key_import_unittest.cc \
+ pk11_seed_cbc_unittest.cc \
$(NULL)
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-I$(CORE_DEPTH)/gtests/common \
-I$(CORE_DEPTH)/cpputil
@@ -33,4 +45,3 @@ EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
$(NULL)
-
diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
new file mode 100644
index 000000000..c520fffd1
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc
@@ -0,0 +1,91 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "sechash.h"
+
+#include "blapi.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "util.h"
+
+namespace nss_test {
+
+class Pkcs11AesCmacTest : public ::testing::Test {
+ protected:
+ ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot) {
+ ADD_FAILURE() << "Can't get slot";
+ return nullptr;
+ }
+
+ ScopedPK11SymKey result(PK11_ImportSymKey(
+ slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr));
+
+ return result;
+ }
+
+ void RunTest(uint8_t *key, unsigned int key_len, uint8_t *data,
+ unsigned int data_len, uint8_t *expected,
+ unsigned int expected_len, CK_ULONG mechanism) {
+ // Create SECItems for everything...
+ std::vector<uint8_t> output(expected_len);
+ SECItem key_item = {siBuffer, key, key_len};
+ SECItem output_item = {siBuffer, output.data(), expected_len};
+ SECItem data_item = {siBuffer, data, data_len};
+ SECItem expected_item = {siBuffer, expected, expected_len};
+
+ // Do the PKCS #11 stuff...
+ ScopedPK11SymKey p11_key = ImportKey(mechanism, &key_item);
+ ASSERT_NE(nullptr, p11_key.get());
+
+ SECStatus ret = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL,
+ &output_item, &data_item);
+
+ // Verify the result...
+ ASSERT_EQ(SECSuccess, ret);
+ ASSERT_EQ(0, SECITEM_CompareItem(&output_item, &expected_item));
+ }
+};
+
+// Sanity check of the PKCS #11 API only. Extensive tests for correctness of
+// underling CMAC implementation conducted in the following file:
+// gtests/freebl_gtest/cmac_unittests.cc
+
+TEST_F(Pkcs11AesCmacTest, Aes128NistExample1) {
+ uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
+ 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
+ 0x09, 0xCF, 0x4F, 0x3C};
+ uint8_t known[AES_BLOCK_SIZE] = {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59,
+ 0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12,
+ 0x9B, 0x75, 0x67, 0x46};
+
+ RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, AES_BLOCK_SIZE,
+ CKM_AES_CMAC);
+}
+
+TEST_F(Pkcs11AesCmacTest, General) {
+ uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE,
+ 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
+ 0x09, 0xCF, 0x4F, 0x3C};
+ uint8_t known[4] = {0xBB, 0x1D, 0x69, 0x29};
+
+ RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, 4, CKM_AES_CMAC_GENERAL);
+}
+
+TEST_F(Pkcs11AesCmacTest, InvalidKeySize) {
+ uint8_t key[4] = {0x00, 0x00, 0x00, 0x00};
+ SECItem key_item = {siBuffer, key, 4};
+
+ ScopedPK11SymKey result = ImportKey(CKM_AES_CMAC, &key_item);
+ ASSERT_EQ(nullptr, result.get());
+}
+}
diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
index 4072cf2b7..2c58063d4 100644
--- a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
@@ -12,7 +12,7 @@
#include "nss_scoped_ptrs.h"
-#include "gcm-vectors.h"
+#include "testvectors/gcm-vectors.h"
#include "gtest/gtest.h"
#include "util.h"
@@ -26,87 +26,120 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
std::vector<uint8_t> plaintext = hex_string_to_bytes(val.plaintext);
std::vector<uint8_t> aad = hex_string_to_bytes(val.additional_data);
std::vector<uint8_t> result = hex_string_to_bytes(val.result);
-
+ bool invalid_ct = val.invalid_ct;
+ bool invalid_iv = val.invalid_iv;
+ std::stringstream s;
+ s << "Test #" << val.test_id << " failed.";
+ std::string msg = s.str();
// Ignore GHASH-only vectors.
if (key.empty()) {
return;
}
// Prepare AEAD params.
- CK_GCM_PARAMS gcmParams;
- gcmParams.pIv = iv.data();
- gcmParams.ulIvLen = iv.size();
- gcmParams.pAAD = aad.data();
- gcmParams.ulAADLen = aad.size();
- gcmParams.ulTagBits = 128;
+ CK_GCM_PARAMS gcm_params;
+ gcm_params.pIv = iv.data();
+ gcm_params.ulIvLen = iv.size();
+ gcm_params.pAAD = aad.data();
+ gcm_params.ulAADLen = aad.size();
+ gcm_params.ulTagBits = 128;
- SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
- sizeof(gcmParams)};
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params),
+ sizeof(gcm_params)};
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- SECItem keyItem = {siBuffer, key.data(),
- static_cast<unsigned int>(key.size())};
+ SECItem key_item = {siBuffer, key.data(),
+ static_cast<unsigned int>(key.size())};
// Import key.
- ScopedPK11SymKey symKey(PK11_ImportSymKey(
- slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
- EXPECT_TRUE(!!symKey);
+ ScopedPK11SymKey sym_key(PK11_ImportSymKey(
+ slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, nullptr));
+ ASSERT_TRUE(!!sym_key) << msg;
+
+ // Encrypt with bogus parameters.
+ unsigned int output_len = 0;
+ std::vector<uint8_t> output(plaintext.size() + gcm_params.ulTagBits / 8);
+ // "maxout" must be at least "inlen + tagBytes", or, in this case:
+ // "output.size()" must be at least "plaintext.size() + tagBytes"
+ gcm_params.ulTagBits = 128;
+ SECStatus rv =
+ PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
+ output.size() - 10, plaintext.data(), plaintext.size());
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, output_len);
+
+ // The valid values for tag size in AES_GCM are:
+ // 32, 64, 96, 104, 112, 120 and 128.
+ gcm_params.ulTagBits = 110;
+ rv = PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
+ output.size(), plaintext.data(), plaintext.size());
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, output_len);
// Encrypt.
- unsigned int outputLen = 0;
- std::vector<uint8_t> output(plaintext.size() + gcmParams.ulTagBits / 8);
- SECStatus rv =
- PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
- output.size(), plaintext.data(), plaintext.size());
- EXPECT_EQ(rv, SECSuccess);
- ASSERT_EQ(outputLen, output.size());
+ gcm_params.ulTagBits = 128;
+ rv = PK11_Encrypt(sym_key.get(), mech, &params, output.data(), &output_len,
+ output.size(), plaintext.data(), plaintext.size());
+ if (invalid_iv) {
+ EXPECT_EQ(SECFailure, rv) << msg;
+ EXPECT_EQ(0U, output_len);
+ return;
+ }
+ EXPECT_EQ(SECSuccess, rv) << msg;
+
+ ASSERT_EQ(output_len, output.size()) << msg;
// Check ciphertext and tag.
- EXPECT_EQ(result, output);
+ if (invalid_ct) {
+ EXPECT_NE(result, output) << msg;
+ } else {
+ EXPECT_EQ(result, output) << msg;
+ }
// Decrypt.
- unsigned int decryptedLen = 0;
+ unsigned int decrypted_len = 0;
// The PK11 AES API is stupid, it expects an explicit IV and thus wants
// a block more of available output memory.
std::vector<uint8_t> decrypted(output.size());
- rv =
- PK11_Decrypt(symKey.get(), mech, &params, decrypted.data(),
- &decryptedLen, decrypted.size(), output.data(), outputLen);
- EXPECT_EQ(rv, SECSuccess);
- ASSERT_EQ(decryptedLen, plaintext.size());
+ rv = PK11_Decrypt(sym_key.get(), mech, &params, decrypted.data(),
+ &decrypted_len, decrypted.size(), output.data(),
+ output_len);
+ EXPECT_EQ(SECSuccess, rv) << msg;
+ ASSERT_EQ(decrypted_len, plaintext.size()) << msg;
// Check the plaintext.
EXPECT_EQ(plaintext,
std::vector<uint8_t>(decrypted.begin(),
- decrypted.begin() + decryptedLen));
+ decrypted.begin() + decrypted_len))
+ << msg;
}
SECStatus EncryptWithIV(std::vector<uint8_t>& iv) {
// Generate a random key.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- ScopedPK11SymKey symKey(
+ ScopedPK11SymKey sym_key(
PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr));
- EXPECT_TRUE(!!symKey);
+ EXPECT_TRUE(!!sym_key);
std::vector<uint8_t> data(17);
std::vector<uint8_t> output(33);
std::vector<uint8_t> aad(0);
// Prepare AEAD params.
- CK_GCM_PARAMS gcmParams;
- gcmParams.pIv = iv.data();
- gcmParams.ulIvLen = iv.size();
- gcmParams.pAAD = aad.data();
- gcmParams.ulAADLen = aad.size();
- gcmParams.ulTagBits = 128;
+ CK_GCM_PARAMS gcm_params;
+ gcm_params.pIv = iv.data();
+ gcm_params.ulIvLen = iv.size();
+ gcm_params.pAAD = aad.data();
+ gcm_params.ulAADLen = aad.size();
+ gcm_params.ulTagBits = 128;
- SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams),
- sizeof(gcmParams)};
+ SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params),
+ sizeof(gcm_params)};
// Try to encrypt.
- unsigned int outputLen = 0;
- return PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
- output.size(), data.data(), data.size());
+ unsigned int output_len = 0;
+ return PK11_Encrypt(sym_key.get(), mech, &params, output.data(),
+ &output_len, output.size(), data.data(), data.size());
}
const CK_MECHANISM_TYPE mech = CKM_AES_GCM;
@@ -117,19 +150,22 @@ TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); }
INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest,
::testing::ValuesIn(kGcmKatValues));
+INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11AesGcmTest,
+ ::testing::ValuesIn(kGcmWycheproofVectors));
+
TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) {
std::vector<uint8_t> iv(0);
- EXPECT_EQ(EncryptWithIV(iv), SECFailure);
+ EXPECT_EQ(SECFailure, EncryptWithIV(iv));
}
TEST_F(Pkcs11AesGcmTest, AllZeroIV) {
std::vector<uint8_t> iv(16, 0);
- EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv));
}
TEST_F(Pkcs11AesGcmTest, TwelveByteZeroIV) {
std::vector<uint8_t> iv(12, 0);
- EXPECT_EQ(EncryptWithIV(iv), SECSuccess);
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv));
}
} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
index 4d4250a5e..0aa711dc8 100644
--- a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -8,125 +8,115 @@
#include "nss.h"
#include "pk11pub.h"
+#include "testvectors/kw-vectors.h"
#include "gtest/gtest.h"
#include "nss_scoped_ptrs.h"
namespace nss_test {
-// Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6
-unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-
-unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
-
-unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5};
-
-unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17};
-
-unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D};
-
-unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
-
-unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7};
-
-unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
-
-unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2};
-
-unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1};
-
-unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-
-unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21};
-
-class Pkcs11AESKeyWrapTest : public ::testing::Test {
+class Pkcs11AESKeyWrapTest : public ::testing::TestWithParam<keywrap_vector> {
protected:
CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP;
- void WrapUnwrap(unsigned char* kek, unsigned int kekLen,
- unsigned char* keyData, unsigned int keyDataLen,
- unsigned char* expectedCiphertext) {
- unsigned char wrappedKey[40];
- unsigned int wrappedKeyLen;
- unsigned char unwrappedKey[40];
- unsigned int unwrappedKeyLen = 0;
+ void WrapUnwrap(unsigned char* kek_data, unsigned int kek_len,
+ unsigned char* key_data, unsigned int key_data_len,
+ unsigned char* expected_ciphertext,
+ unsigned int expected_ciphertext_len,
+ std::map<Action, Result> tests, uint32_t test_id) {
+ std::vector<unsigned char> wrapped_key(PR_MAX(1U, expected_ciphertext_len));
+ std::vector<unsigned char> unwrapped_key(PR_MAX(1U, key_data_len));
+ std::vector<unsigned char> zeros(PR_MAX(1U, expected_ciphertext_len));
+ std::fill(zeros.begin(), zeros.end(), 0);
+ unsigned int wrapped_key_len = 0;
+ unsigned int unwrapped_key_len = 0;
SECStatus rv;
+ std::stringstream s;
+ s << "Test with original ID #" << test_id << " failed." << std::endl;
+ std::string msg = s.str();
+
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- ASSERT_NE(nullptr, slot);
+ ASSERT_NE(nullptr, slot) << msg;
// Import encryption key.
- SECItem keyItem = {siBuffer, kek, kekLen};
- ScopedPK11SymKey encryptionKey(
- PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap,
- CKA_ENCRYPT, &keyItem, nullptr));
- EXPECT_TRUE(!!encryptionKey);
+ SECItem kek_item = {siBuffer, kek_data, kek_len};
+ ScopedPK11SymKey kek(PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP,
+ PK11_OriginUnwrap, CKA_ENCRYPT,
+ &kek_item, nullptr));
+ EXPECT_TRUE(!!kek) << msg;
// Wrap key
- rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */,
- wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData,
- keyDataLen);
- EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed";
- EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen));
+ Action test = WRAP;
+ if (tests.count(test)) {
+ rv = PK11_Encrypt(kek.get(), mechanism, nullptr /* param */,
+ wrapped_key.data(), &wrapped_key_len,
+ wrapped_key.size(), key_data, key_data_len);
+ ASSERT_EQ(rv, tests[test].expect_rv) << msg;
+
+ // If we failed, check that output was not produced.
+ if (rv == SECFailure) {
+ EXPECT_TRUE(wrapped_key_len == 0);
+ EXPECT_TRUE(!memcmp(wrapped_key.data(), zeros.data(), wrapped_key_len));
+ }
+
+ if (tests[test].output_match) {
+ EXPECT_EQ(expected_ciphertext_len, wrapped_key_len) << msg;
+ EXPECT_TRUE(!memcmp(expected_ciphertext, wrapped_key.data(),
+ expected_ciphertext_len))
+ << msg;
+ } else {
+ // If we produced output, verify that it doesn't match the vector
+ if (wrapped_key_len) {
+ EXPECT_FALSE(wrapped_key_len == expected_ciphertext_len &&
+ !memcmp(wrapped_key.data(), expected_ciphertext,
+ expected_ciphertext_len))
+ << msg;
+ }
+ }
+ }
// Unwrap key
- rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */,
- unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey),
- wrappedKey, wrappedKeyLen);
- EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n";
- EXPECT_TRUE(!memcmp(keyData, unwrappedKey, unwrappedKeyLen));
+ test = UNWRAP;
+ if (tests.count(test)) {
+ rv = PK11_Decrypt(kek.get(), mechanism, nullptr /* param */,
+ unwrapped_key.data(), &unwrapped_key_len,
+ unwrapped_key.size(), expected_ciphertext,
+ expected_ciphertext_len);
+ ASSERT_EQ(rv, tests[test].expect_rv) << msg;
+
+ // If we failed, check that output was not produced.
+ if (rv == SECFailure) {
+ EXPECT_TRUE(unwrapped_key_len == 0);
+ EXPECT_TRUE(
+ !memcmp(unwrapped_key.data(), zeros.data(), unwrapped_key_len));
+ }
+
+ if (tests[test].output_match) {
+ EXPECT_EQ(unwrapped_key_len, key_data_len) << msg;
+ EXPECT_TRUE(!memcmp(key_data, unwrapped_key.data(), key_data_len))
+ << msg;
+ } else {
+ // If we produced output, verify that it doesn't match the vector
+ if (unwrapped_key_len) {
+ EXPECT_FALSE(
+ unwrapped_key_len == expected_ciphertext_len &&
+ !memcmp(unwrapped_key.data(), key_data, unwrapped_key_len))
+ << msg;
+ }
+ }
+ }
}
-};
-
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest1) {
- WrapUnwrap(kKEK1, sizeof(kKEK1), kKD1, sizeof(kKD1), kC1);
-}
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest2) {
- WrapUnwrap(kKEK2, sizeof(kKEK2), kKD1, sizeof(kKD1), kC2);
-}
-
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest3) {
- WrapUnwrap(kKEK3, sizeof(kKEK3), kKD1, sizeof(kKD1), kC3);
-}
-
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest4) {
- WrapUnwrap(kKEK2, sizeof(kKEK2), kKD4, sizeof(kKD4), kC4);
-}
-
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest5) {
- WrapUnwrap(kKEK3, sizeof(kKEK3), kKD4, sizeof(kKD4), kC5);
-}
+ void WrapUnwrap(keywrap_vector testvector) {
+ WrapUnwrap(testvector.key.data(), testvector.key.size(),
+ testvector.msg.data(), testvector.msg.size(),
+ testvector.ct.data(), testvector.ct.size(), testvector.tests,
+ testvector.test_id);
+ }
+};
-TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest6) {
- WrapUnwrap(kKEK3, sizeof(kKEK3), kKD6, sizeof(kKD6), kC6);
-}
+TEST_P(Pkcs11AESKeyWrapTest, TestVectors) { WrapUnwrap(GetParam()); }
+INSTANTIATE_TEST_CASE_P(Pkcs11WycheproofAESKWTest, Pkcs11AESKeyWrapTest,
+ ::testing::ValuesIn(kWycheproofAesKWVectors));
} /* nss_test */
diff --git a/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc
new file mode 100644
index 000000000..0f79abed5
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc
@@ -0,0 +1,415 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "gtest/gtest.h"
+#include "nss.h"
+#include "nss_scoped_ptrs.h"
+#include "pk11pub.h"
+
+namespace nss_test {
+
+class Pkcs11AESKeyWrapPadTest : public ::testing::Test {};
+
+// Encrypt an ephemeral EC key (U2F use case)
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapECKey) {
+ const uint32_t kwrappedBufLen = 256;
+ const uint32_t kPublicKeyLen = 65;
+ const uint32_t kOidLen = 65;
+ unsigned char param_buf[kOidLen];
+ unsigned char unwrap_buf[kPublicKeyLen];
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+
+ SECItem ecdsa_params = {siBuffer, param_buf, sizeof(param_buf)};
+ SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
+ ASSERT_NE(oid_data, nullptr);
+ ecdsa_params.data[0] = SEC_ASN1_OBJECT_ID;
+ ecdsa_params.data[1] = oid_data->oid.len;
+ memcpy(ecdsa_params.data + 2, oid_data->oid.data, oid_data->oid.len);
+ ecdsa_params.len = oid_data->oid.len + 2;
+
+ SECKEYPublicKey* pub_tmp;
+ ScopedSECKEYPublicKey pub_key;
+ ScopedSECKEYPrivateKey priv_key(
+ PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &ecdsa_params,
+ &pub_tmp, PR_FALSE, PR_TRUE, nullptr));
+ ASSERT_NE(nullptr, priv_key);
+ ASSERT_NE(nullptr, pub_tmp);
+ pub_key.reset(pub_tmp);
+
+ // Generate a KEK.
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ ScopedSECItem wrapped(::SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen));
+ ScopedSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, nullptr));
+
+ SECStatus rv = PK11_WrapPrivKey(slot.get(), kek.get(), priv_key.get(),
+ CKM_NSS_AES_KEY_WRAP_PAD, param.get(),
+ wrapped.get(), nullptr);
+ ASSERT_EQ(rv, SECSuccess);
+
+ SECItem pubKey = {siBuffer, unwrap_buf, kPublicKeyLen};
+ CK_ATTRIBUTE_TYPE usages[] = {CKA_SIGN};
+ int usageCount = 1;
+
+ ScopedSECKEYPrivateKey unwrapped(
+ PK11_UnwrapPrivKey(slot.get(), kek.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+ param.get(), wrapped.get(), nullptr, &pubKey, false,
+ true, CKK_EC, usages, usageCount, nullptr));
+ ASSERT_EQ(0, PORT_GetError());
+ ASSERT_TRUE(!!unwrapped);
+}
+
+// Encrypt an ephemeral RSA key
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRsaKey) {
+ const uint32_t kwrappedBufLen = 648;
+ unsigned char unwrap_buf[kwrappedBufLen];
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+
+ PK11RSAGenParams rsa_param;
+ rsa_param.keySizeInBits = 1024;
+ rsa_param.pe = 65537L;
+
+ SECKEYPublicKey* pub_tmp;
+ ScopedSECKEYPublicKey pub_key;
+ ScopedSECKEYPrivateKey priv_key(
+ PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsa_param,
+ &pub_tmp, PR_FALSE, PR_FALSE, nullptr));
+ ASSERT_NE(nullptr, priv_key);
+ ASSERT_NE(nullptr, pub_tmp);
+ pub_key.reset(pub_tmp);
+
+ // Generate a KEK.
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ ScopedSECItem wrapped(::SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen));
+ ScopedSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, nullptr));
+
+ SECStatus rv = PK11_WrapPrivKey(slot.get(), kek.get(), priv_key.get(),
+ CKM_NSS_AES_KEY_WRAP_PAD, param.get(),
+ wrapped.get(), nullptr);
+ ASSERT_EQ(rv, SECSuccess);
+
+ SECItem pubKey = {siBuffer, unwrap_buf, kwrappedBufLen};
+ CK_ATTRIBUTE_TYPE usages[] = {CKA_SIGN};
+ int usageCount = 1;
+
+ ScopedSECKEYPrivateKey unwrapped(
+ PK11_UnwrapPrivKey(slot.get(), kek.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+ param.get(), wrapped.get(), nullptr, &pubKey, false,
+ false, CKK_EC, usages, usageCount, nullptr));
+ ASSERT_EQ(0, PORT_GetError());
+ ASSERT_TRUE(!!unwrapped);
+
+ ScopedSECItem priv_key_data(
+ PK11_ExportDERPrivateKeyInfo(priv_key.get(), nullptr));
+ ScopedSECItem unwrapped_data(
+ PK11_ExportDERPrivateKeyInfo(unwrapped.get(), nullptr));
+ EXPECT_TRUE(!!priv_key_data);
+ EXPECT_TRUE(!!unwrapped_data);
+ ASSERT_EQ(priv_key_data->len, unwrapped_data->len);
+ ASSERT_EQ(
+ 0, memcmp(priv_key_data->data, unwrapped_data->data, priv_key_data->len));
+}
+
+// Wrap a random that's a multiple of the block size, and compare the unwrap
+// result.
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_EvenBlock) {
+ const uint32_t kInputKeyLen = 128;
+ uint32_t out_len = 0;
+ std::vector<unsigned char> input_key(kInputKeyLen);
+ std::vector<unsigned char> wrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+ std::vector<unsigned char> unwrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+
+ // Generate input key material
+ SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size());
+ EXPECT_EQ(SECSuccess, rv);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ wrapped_key.data(), &out_len,
+ static_cast<unsigned int>(wrapped_key.size()),
+ input_key.data(),
+ static_cast<unsigned int>(input_key.size()));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(input_key.size(), out_len);
+ ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len));
+}
+
+// Wrap a random that's NOT a multiple of the block size, and compare the unwrap
+// result.
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_OddBlock1) {
+ const uint32_t kInputKeyLen = 65;
+ uint32_t out_len = 0;
+ std::vector<unsigned char> input_key(kInputKeyLen);
+ std::vector<unsigned char> wrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+ std::vector<unsigned char> unwrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+
+ // Generate input key material
+ SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size());
+ EXPECT_EQ(SECSuccess, rv);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ wrapped_key.data(), &out_len,
+ static_cast<unsigned int>(wrapped_key.size()),
+ input_key.data(),
+ static_cast<unsigned int>(input_key.size()));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(input_key.size(), out_len);
+ ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len));
+}
+
+// Wrap a random that's NOT a multiple of the block size, and compare the unwrap
+// result.
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_OddBlock2) {
+ const uint32_t kInputKeyLen = 63;
+ uint32_t out_len = 0;
+ std::vector<unsigned char> input_key(kInputKeyLen);
+ std::vector<unsigned char> wrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+ std::vector<unsigned char> unwrapped_key(
+ kInputKeyLen + AES_BLOCK_SIZE); // One block of padding
+
+ // Generate input key material
+ SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size());
+ EXPECT_EQ(SECSuccess, rv);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ wrapped_key.data(), &out_len, wrapped_key.size(),
+ input_key.data(), input_key.size());
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(input_key.size(), out_len);
+ ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len));
+}
+
+// Invalid long padding (over the block size, but otherwise valid)
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_PaddingTooLong) {
+ const uint32_t kInputKeyLen = 32;
+ uint32_t out_len = 0;
+
+ // Apply our own padding
+ const unsigned char buf[32] = {
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
+ std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+ std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ SECStatus rv =
+ PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding
+ /* param */ nullptr, wrapped_key.data(), &out_len,
+ wrapped_key.size(), buf, sizeof(buf));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECFailure, rv);
+}
+
+// Invalid 0-length padding (there should be a full block if the message doesn't
+// need to be padded)
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_NoPadding) {
+ const uint32_t kInputKeyLen = 32;
+ uint32_t out_len = 0;
+
+ // Apply our own padding
+ const unsigned char buf[32] = {0};
+ std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+ std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ SECStatus rv =
+ PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding
+ /* param */ nullptr, wrapped_key.data(), &out_len,
+ wrapped_key.size(), buf, sizeof(buf));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECFailure, rv);
+}
+
+// Invalid padding
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_BadPadding1) {
+ const uint32_t kInputKeyLen = 32;
+ uint32_t out_len = 0;
+
+ // Apply our own padding
+ const unsigned char buf[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08,
+ 0x08, 0x08, 0x08, 0x08}; // Check all 8 bytes
+ std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+ std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ SECStatus rv =
+ PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding
+ /* param */ nullptr, wrapped_key.data(), &out_len,
+ wrapped_key.size(), buf, sizeof(buf));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECFailure, rv);
+}
+
+// Invalid padding
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_BadPadding2) {
+ const uint32_t kInputKeyLen = 32;
+ uint32_t out_len = 0;
+
+ // Apply our own padding
+ const unsigned char
+ buf[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01, 0x02}; // Check first loop repeat
+ std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+ std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ SECStatus rv =
+ PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding
+ /* param */ nullptr, wrapped_key.data(), &out_len,
+ wrapped_key.size(), buf, sizeof(buf));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECFailure, rv);
+}
+
+// Minimum valid padding
+TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_ShortValidPadding) {
+ const uint32_t kInputKeyLen = 32;
+ uint32_t out_len = 0;
+
+ // Apply our own padding
+ const unsigned char buf[kInputKeyLen] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; // Minimum
+ std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+ std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE);
+
+ // Generate a KEK.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey kek(
+ PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr));
+ ASSERT_NE(nullptr, kek);
+
+ // Wrap the key
+ SECStatus rv =
+ PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding
+ /* param */ nullptr, wrapped_key.data(), &out_len,
+ wrapped_key.size(), buf, sizeof(buf));
+ ASSERT_EQ(SECSuccess, rv);
+
+ rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr,
+ unwrapped_key.data(), &out_len,
+ static_cast<unsigned int>(unwrapped_key.size()),
+ wrapped_key.data(), out_len);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(kInputKeyLen - 1, out_len);
+ ASSERT_EQ(0, memcmp(buf, unwrapped_key.data(), out_len));
+}
+
+} /* nss_test */
diff --git a/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc
new file mode 100644
index 000000000..ecc705ad4
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc
@@ -0,0 +1,558 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+
+#include "nss_scoped_ptrs.h"
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+static const uint8_t kInput[99] = {1, 2, 3};
+static const uint8_t kKeyData[24] = {'K', 'E', 'Y'};
+
+static SECItem* GetIv() {
+ static const uint8_t kIvData[16] = {'I', 'V'};
+ static const SECItem kIv = {siBuffer, const_cast<uint8_t*>(kIvData),
+ static_cast<unsigned int>(sizeof(kIvData))};
+ return const_cast<SECItem*>(&kIv);
+}
+
+class Pkcs11CbcPadTest : public ::testing::TestWithParam<CK_MECHANISM_TYPE> {
+ protected:
+ bool is_padded() const {
+ switch (GetParam()) {
+ case CKM_AES_CBC_PAD:
+ case CKM_DES3_CBC_PAD:
+ return true;
+
+ case CKM_AES_CBC:
+ case CKM_DES3_CBC:
+ return false;
+
+ default:
+ ADD_FAILURE() << "Unknown mechanism " << GetParam();
+ }
+ return false;
+ }
+
+ uint32_t GetUnpaddedMechanism() const {
+ switch (GetParam()) {
+ case CKM_AES_CBC_PAD:
+ return CKM_AES_CBC;
+ case CKM_DES3_CBC_PAD:
+ return CKM_DES3_CBC;
+ default:
+ ADD_FAILURE() << "Unknown padded mechanism " << GetParam();
+ }
+ return 0;
+ }
+
+ size_t block_size() const {
+ return static_cast<size_t>(PK11_GetBlockSize(GetParam(), nullptr));
+ }
+
+ size_t GetInputLen(CK_ATTRIBUTE_TYPE op) const {
+ if (is_padded() && op == CKA_ENCRYPT) {
+ // Anything goes for encryption when padded.
+ return sizeof(kInput);
+ }
+
+ // Otherwise, use a strict multiple of the block size.
+ size_t block_count = sizeof(kInput) / block_size();
+ EXPECT_LT(1U, block_count) << "need 2 blocks for tests";
+ return block_count * block_size();
+ }
+
+ ScopedPK11SymKey MakeKey(CK_ATTRIBUTE_TYPE op) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ EXPECT_NE(nullptr, slot);
+ if (!slot) {
+ return nullptr;
+ }
+
+ unsigned int key_len = 0;
+ switch (GetParam()) {
+ case CKM_AES_CBC_PAD:
+ case CKM_AES_CBC:
+ key_len = 16; // This doesn't do AES-256 to keep it simple.
+ break;
+
+ case CKM_DES3_CBC_PAD:
+ case CKM_DES3_CBC:
+ key_len = 24;
+ break;
+
+ default:
+ ADD_FAILURE() << "Unknown mechanism " << GetParam();
+ return nullptr;
+ }
+
+ SECItem key_item = {siBuffer, const_cast<uint8_t*>(kKeyData), key_len};
+ PK11SymKey* p = PK11_ImportSymKey(slot.get(), GetParam(), PK11_OriginUnwrap,
+ op, &key_item, nullptr);
+ EXPECT_NE(nullptr, p);
+ return ScopedPK11SymKey(p);
+ }
+
+ ScopedPK11Context MakeContext(CK_ATTRIBUTE_TYPE op) {
+ ScopedPK11SymKey k = MakeKey(op);
+ PK11Context* ctx =
+ PK11_CreateContextBySymKey(GetParam(), op, k.get(), GetIv());
+ EXPECT_NE(nullptr, ctx);
+ return ScopedPK11Context(ctx);
+ }
+};
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt) {
+ uint8_t encrypted[sizeof(kInput) + 64]; // Allow for padding and expansion.
+ size_t input_len = GetInputLen(CKA_ENCRYPT);
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ unsigned int encrypted_len = 0;
+ SECStatus rv =
+ PK11_Encrypt(ek.get(), GetParam(), GetIv(), encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_LE(input_len, static_cast<size_t>(encrypted_len));
+
+ // Though the decrypted result can't be larger than the input we provided,
+ // NSS needs extra space to put the padding in.
+ uint8_t decrypted[sizeof(kInput) + 64];
+ unsigned int decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted, &decrypted_len,
+ sizeof(decrypted), encrypted, encrypted_len);
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len));
+ EXPECT_EQ(0, memcmp(kInput, decrypted, input_len));
+}
+
+TEST_P(Pkcs11CbcPadTest, ContextEncryptDecrypt) {
+ uint8_t encrypted[sizeof(kInput) + 64]; // Allow for padding and expansion.
+ size_t input_len = GetInputLen(CKA_ENCRYPT);
+
+ ScopedPK11Context ectx = MakeContext(CKA_ENCRYPT);
+ int encrypted_len = 0;
+ SECStatus rv = PK11_CipherOp(ectx.get(), encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_LE(0, encrypted_len); // Stupid signed parameters.
+
+ unsigned int final_len = 0;
+ rv = PK11_CipherFinal(ectx.get(), encrypted + encrypted_len, &final_len,
+ sizeof(encrypted) - encrypted_len);
+ ASSERT_EQ(SECSuccess, rv);
+ encrypted_len += final_len;
+ EXPECT_LE(input_len, static_cast<size_t>(encrypted_len));
+
+ uint8_t decrypted[sizeof(kInput) + 64];
+ int decrypted_len = 0;
+ ScopedPK11Context dctx = MakeContext(CKA_DECRYPT);
+ rv = PK11_CipherOp(dctx.get(), decrypted, &decrypted_len, sizeof(decrypted),
+ encrypted, encrypted_len);
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_LE(0, decrypted_len);
+
+ rv = PK11_CipherFinal(dctx.get(), decrypted + decrypted_len, &final_len,
+ sizeof(decrypted) - decrypted_len);
+ ASSERT_EQ(SECSuccess, rv);
+ decrypted_len += final_len;
+ EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len));
+ EXPECT_EQ(0, memcmp(kInput, decrypted, input_len));
+}
+
+TEST_P(Pkcs11CbcPadTest, ContextEncryptDecryptTwoParts) {
+ uint8_t encrypted[sizeof(kInput) + 64];
+ size_t input_len = GetInputLen(CKA_ENCRYPT);
+
+ ScopedPK11Context ectx = MakeContext(CKA_ENCRYPT);
+ int first_len = 0;
+ SECStatus rv = PK11_CipherOp(ectx.get(), encrypted, &first_len,
+ sizeof(encrypted), kInput, block_size());
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_LE(0, first_len);
+
+ int second_len = 0;
+ rv = PK11_CipherOp(ectx.get(), encrypted + first_len, &second_len,
+ sizeof(encrypted) - first_len, kInput + block_size(),
+ input_len - block_size());
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_LE(0, second_len);
+
+ unsigned int final_len = 0;
+ rv = PK11_CipherFinal(ectx.get(), encrypted + first_len + second_len,
+ &final_len, sizeof(encrypted) - first_len - second_len);
+ ASSERT_EQ(SECSuccess, rv);
+ unsigned int encrypted_len = first_len + second_len + final_len;
+ ASSERT_LE(input_len, static_cast<size_t>(encrypted_len));
+
+ // Now decrypt this in a similar fashion.
+ uint8_t decrypted[sizeof(kInput) + 64];
+ ScopedPK11Context dctx = MakeContext(CKA_DECRYPT);
+ rv = PK11_CipherOp(dctx.get(), decrypted, &first_len, sizeof(decrypted),
+ encrypted, block_size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_LE(0, first_len);
+
+ rv = PK11_CipherOp(dctx.get(), decrypted + first_len, &second_len,
+ sizeof(decrypted) - first_len, encrypted + block_size(),
+ encrypted_len - block_size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_LE(0, second_len);
+
+ unsigned int decrypted_len = 0;
+ rv = PK11_CipherFinal(dctx.get(), decrypted + first_len + second_len,
+ &decrypted_len,
+ sizeof(decrypted) - first_len - second_len);
+ ASSERT_EQ(SECSuccess, rv);
+ decrypted_len += first_len + second_len;
+ EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len));
+ EXPECT_EQ(0, memcmp(kInput, decrypted, input_len));
+}
+
+TEST_P(Pkcs11CbcPadTest, FailDecryptSimple) {
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ uint8_t output[sizeof(kInput) + 64];
+ unsigned int output_len = 999;
+ SECStatus rv =
+ PK11_Decrypt(dk.get(), GetParam(), GetIv(), output, &output_len,
+ sizeof(output), kInput, GetInputLen(CKA_DECRYPT));
+ if (is_padded()) {
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(999U, output_len);
+ } else {
+ // Unpadded decryption can't really fail.
+ EXPECT_EQ(SECSuccess, rv);
+ }
+}
+
+TEST_P(Pkcs11CbcPadTest, FailEncryptSimple) {
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ uint8_t output[3]; // Too small for anything.
+ unsigned int output_len = 333;
+
+ SECStatus rv =
+ PK11_Encrypt(ek.get(), GetParam(), GetIv(), output, &output_len,
+ sizeof(output), kInput, GetInputLen(CKA_ENCRYPT));
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(333U, output_len);
+}
+
+// It's a bit of a lie to put this in pk11_cbc_unittest, since we
+// also test bounds checking in other modes. There doesn't seem
+// to be an appropriately-generic place elsewhere.
+TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) {
+ SECStatus rv = SECFailure;
+ uint8_t encrypted[sizeof(kInput)];
+ unsigned int encrypted_len = 0;
+ size_t input_len = AES_BLOCK_SIZE;
+
+ // CK_GCM_PARAMS is the largest param struct used across AES modes
+ uint8_t param_buf[sizeof(CK_GCM_PARAMS)];
+ SECItem param = {siBuffer, param_buf, sizeof(param_buf)};
+ SECItem key_item = {siBuffer, const_cast<uint8_t*>(kKeyData), 16};
+
+ // Setup (we use the ECB key for other modes)
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_NE(nullptr, slot);
+ ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), CKM_AES_ECB,
+ PK11_OriginUnwrap, CKA_ENCRYPT,
+ &key_item, nullptr));
+ ASSERT_TRUE(key.get());
+
+ // CTR should have a CK_AES_CTR_PARAMS
+ param.len = sizeof(CK_AES_CTR_PARAMS) - 1;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CTR, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECFailure, rv);
+
+ param.len++;
+ reinterpret_cast<CK_AES_CTR_PARAMS*>(param.data)->ulCounterBits = 32;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CTR, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECSuccess, rv);
+
+ // GCM should have a CK_GCM_PARAMS
+ param.len = sizeof(CK_GCM_PARAMS) - 1;
+ rv = PK11_Encrypt(key.get(), CKM_AES_GCM, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECFailure, rv);
+
+ param.len++;
+ reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pIv = param_buf;
+ reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulIvLen = 12;
+ reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pAAD = nullptr;
+ reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulAADLen = 0;
+ reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulTagBits = 128;
+ rv = PK11_Encrypt(key.get(), CKM_AES_GCM, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECSuccess, rv);
+
+ // CBC should have a 16B IV
+ param.len = AES_BLOCK_SIZE - 1;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CBC, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECFailure, rv);
+
+ param.len++;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CBC, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECSuccess, rv);
+
+ // CTS
+ param.len = AES_BLOCK_SIZE - 1;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CTS, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECFailure, rv);
+
+ param.len++;
+ rv = PK11_Encrypt(key.get(), CKM_AES_CTS, &param, encrypted, &encrypted_len,
+ sizeof(encrypted), kInput, input_len);
+ EXPECT_EQ(SECSuccess, rv);
+}
+
+TEST_P(Pkcs11CbcPadTest, ContextFailDecryptSimple) {
+ ScopedPK11Context dctx = MakeContext(CKA_DECRYPT);
+ uint8_t output[sizeof(kInput) + 64];
+ int output_len = 77;
+
+ SECStatus rv = PK11_CipherOp(dctx.get(), output, &output_len, sizeof(output),
+ kInput, GetInputLen(CKA_DECRYPT));
+ EXPECT_EQ(SECSuccess, rv);
+ EXPECT_LE(0, output_len) << "this is not an AEAD, so content leaks";
+
+ unsigned int final_len = 88;
+ rv = PK11_CipherFinal(dctx.get(), output, &final_len, sizeof(output));
+ if (is_padded()) {
+ EXPECT_EQ(SECFailure, rv);
+ ASSERT_EQ(88U, final_len) << "final_len should be untouched";
+ } else {
+ // Unpadded decryption can't really fail.
+ EXPECT_EQ(SECSuccess, rv);
+ }
+}
+
+TEST_P(Pkcs11CbcPadTest, ContextFailDecryptInvalidBlockSize) {
+ ScopedPK11Context dctx = MakeContext(CKA_DECRYPT);
+ uint8_t output[sizeof(kInput) + 64];
+ int output_len = 888;
+
+ SECStatus rv = PK11_CipherOp(dctx.get(), output, &output_len, sizeof(output),
+ kInput, GetInputLen(CKA_DECRYPT) - 1);
+ EXPECT_EQ(SECFailure, rv);
+ // Because PK11_CipherOp is partial, it can return data on failure.
+ // This means that it needs to reset its output length to 0 when it starts.
+ EXPECT_EQ(0, output_len) << "output_len is reset";
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Padding that's over the block size
+ const std::vector<uint8_t> input = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, decrypted_len);
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding1) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Padding that's one byte short
+ const std::vector<uint8_t> input = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, decrypted_len);
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding2) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Padding that's one byte short
+ const std::vector<uint8_t> input = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, decrypted_len);
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ZeroLengthPadding) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Padding of length zero
+ const std::vector<uint8_t> input = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, decrypted_len);
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_OverflowPadding) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Padding that's much longer than block size
+ const std::vector<uint8_t> input = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, decrypted_len);
+}
+
+TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortValidPadding) {
+ if (!is_padded()) {
+ return;
+ }
+
+ // Minimal valid padding
+ const std::vector<uint8_t> input = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
+ std::vector<uint8_t> encrypted(input.size());
+ uint32_t encrypted_len = 0;
+
+ ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT);
+ SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(),
+ encrypted.data(), &encrypted_len,
+ encrypted.size(), input.data(), input.size());
+ ASSERT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size(), encrypted_len);
+
+ std::vector<uint8_t> decrypted(input.size());
+ uint32_t decrypted_len = 0;
+ ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT);
+ rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted_len);
+ EXPECT_EQ(SECSuccess, rv);
+ EXPECT_EQ(input.size() - 1, decrypted_len);
+ EXPECT_EQ(0, memcmp(decrypted.data(), input.data(), decrypted_len));
+}
+
+INSTANTIATE_TEST_CASE_P(EncryptDecrypt, Pkcs11CbcPadTest,
+ ::testing::Values(CKM_AES_CBC_PAD, CKM_AES_CBC,
+ CKM_DES3_CBC_PAD, CKM_DES3_CBC));
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
index 07bc91ee6..882f1f0d2 100644
--- a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -8,114 +8,31 @@
#include "nss.h"
#include "pk11pub.h"
#include "sechash.h"
+#include "secerr.h"
#include "cpputil.h"
#include "nss_scoped_ptrs.h"
+#include "testvectors/chachapoly-vectors.h"
#include "gtest/gtest.h"
namespace nss_test {
-// ChaCha20/Poly1305 Test Vector 1, RFC 7539
-// <http://tools.ietf.org/html/rfc7539#section-2.8.2>
-const uint8_t kTestVector1Data[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
- 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
- 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
- 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e};
-const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
- 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7};
-const uint8_t kTestVector1Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
- 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
- 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
-const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
- 0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
-const uint8_t kTestVector1CT[] = {
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
- 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
- 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
- 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
- 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
- 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
- 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91};
-
-// ChaCha20/Poly1305 Test Vector 2, RFC 7539
-// <http://tools.ietf.org/html/rfc7539#appendix-A.5>
-const uint8_t kTestVector2Data[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
- 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
- 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
- 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
- 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
- 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
- 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
- 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
- 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
- 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d};
-const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91};
-const uint8_t kTestVector2Key[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
- 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
- 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0};
-const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
- 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
-const uint8_t kTestVector2CT[] = {
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
- 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
- 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
- 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
- 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
- 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
- 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
- 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
- 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
- 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
- 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
- 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
- 0xfe, 0xa1, 0x85, 0x1f, 0x38};
-
-class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
+static const CK_MECHANISM_TYPE kMech = CKM_NSS_CHACHA20_POLY1305;
+static const CK_MECHANISM_TYPE kMechXor = CKM_NSS_CHACHA20_CTR;
+// Some test data for simple tests.
+static const uint8_t kKeyData[32] = {'k'};
+static const uint8_t kCtrNonce[16] = {'c', 0, 0, 0, 'n'};
+static const uint8_t kData[16] = {'d'};
+
+class Pkcs11ChaCha20Poly1305Test
+ : public ::testing::TestWithParam<chaChaTestVector> {
public:
- void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len,
- const uint8_t* aad, size_t aad_len, const uint8_t* iv,
- size_t iv_len, const uint8_t* ct = nullptr,
- size_t ct_len = 0) {
+ void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv,
+ const bool invalid_tag, const uint8_t* data,
+ size_t data_len, const uint8_t* aad, size_t aad_len,
+ const uint8_t* iv, size_t iv_len,
+ const uint8_t* ct = nullptr, size_t ct_len = 0) {
// Prepare AEAD params.
CK_NSS_AEAD_PARAMS aead_params;
aead_params.pNonce = toUcharPtr(iv);
@@ -127,135 +44,261 @@ class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
sizeof(aead_params)};
+ // Encrypt with bad parameters.
+ unsigned int encrypted_len = 0;
+ std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+ aead_params.ulTagLen = 158072;
+ SECStatus rv =
+ PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(0U, encrypted_len);
+ aead_params.ulTagLen = 16;
+
// Encrypt.
- unsigned int outputLen = 0;
- std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
- SECStatus rv = PK11_Encrypt(symKey, mech, &params, &output[0], &outputLen,
- output.size(), data, data_len);
+ rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
+ &encrypted_len, encrypted.size(), data, data_len);
+
+ // Return if encryption failure was expected due to invalid IV.
+ // Without valid ciphertext, all further tests can be skipped.
+ if (invalid_iv) {
+ EXPECT_EQ(rv, SECFailure);
+ EXPECT_EQ(0U, encrypted_len)
+ << "encrypted_len is unmodified after failure";
+ return;
+ }
+
EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(encrypted.size(), static_cast<size_t>(encrypted_len));
// Check ciphertext and tag.
if (ct) {
- EXPECT_TRUE(!memcmp(ct, &output[0], outputLen));
+ ASSERT_EQ(ct_len, encrypted_len);
+ EXPECT_TRUE(!memcmp(ct, encrypted.data(), encrypted.size()) !=
+ invalid_tag);
}
- // Decrypt.
- unsigned int decryptedLen = 0;
- std::vector<uint8_t> decrypted(data_len);
- rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
- decrypted.size(), &output[0], outputLen);
+ // Get the *estimated* plaintext length. This value should
+ // never be zero as it could lead to a NULL outPtr being
+ // passed to a subsequent decryption call (for AEAD we
+ // must authenticate even when the pt is zero-length).
+ unsigned int decrypt_bytes_needed = 0;
+ rv = PK11_Decrypt(key.get(), kMech, &params, nullptr, &decrypt_bytes_needed,
+ 0, encrypted.data(), encrypted_len);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_GT(decrypt_bytes_needed, data_len);
+
+ // Now decrypt it
+ std::vector<uint8_t> decrypted(decrypt_bytes_needed);
+ unsigned int decrypted_len = 0;
+ rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
+ &decrypted_len, decrypted.size(), encrypted.data(),
+ encrypted.size());
EXPECT_EQ(rv, SECSuccess);
// Check the plaintext.
- EXPECT_TRUE(!memcmp(data, &decrypted[0], decryptedLen));
+ ASSERT_EQ(data_len, decrypted_len);
+ EXPECT_TRUE(!memcmp(data, decrypted.data(), decrypted_len));
// Decrypt with bogus data.
- {
- std::vector<uint8_t> bogusCiphertext(output);
- bogusCiphertext[0] ^= 0xff;
- rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
- decrypted.size(), &bogusCiphertext[0], outputLen);
- EXPECT_NE(rv, SECSuccess);
+ // Skip if there's no data to modify.
+ if (encrypted_len > 0) {
+ decrypted_len = 0;
+ std::vector<uint8_t> bogus_ciphertext(encrypted);
+ bogus_ciphertext[0] ^= 0xff;
+ rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
+ &decrypted_len, decrypted.size(),
+ bogus_ciphertext.data(), encrypted_len);
+ EXPECT_EQ(rv, SECFailure);
+ EXPECT_EQ(0U, decrypted_len);
}
// Decrypt with bogus tag.
- {
- std::vector<uint8_t> bogusTag(output);
- bogusTag[outputLen - 1] ^= 0xff;
- rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
- decrypted.size(), &bogusTag[0], outputLen);
- EXPECT_NE(rv, SECSuccess);
+ // Skip if there's no tag to modify.
+ if (encrypted_len > 0) {
+ decrypted_len = 0;
+ std::vector<uint8_t> bogus_tag(encrypted);
+ bogus_tag[encrypted_len - 1] ^= 0xff;
+ rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
+ &decrypted_len, decrypted.size(), bogus_tag.data(),
+ encrypted_len);
+ EXPECT_EQ(rv, SECFailure);
+ EXPECT_EQ(0U, decrypted_len);
}
// Decrypt with bogus IV.
- {
- SECItem bogusParams(params);
+ // iv_len == 0 is invalid and should be caught earlier.
+ // Still skip, if there's no IV to modify.
+ if (iv_len != 0) {
+ decrypted_len = 0;
+ SECItem bogus_params(params);
CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
- bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
+ bogus_params.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
std::vector<uint8_t> bogusIV(iv, iv + iv_len);
- bogusAeadParams.pNonce = toUcharPtr(&bogusIV[0]);
+ bogusAeadParams.pNonce = toUcharPtr(bogusIV.data());
bogusIV[0] ^= 0xff;
- rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
- &decryptedLen, data_len, &output[0], outputLen);
- EXPECT_NE(rv, SECSuccess);
+ rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
+ &decrypted_len, data_len, encrypted.data(),
+ encrypted.size());
+ EXPECT_EQ(rv, SECFailure);
+ EXPECT_EQ(0U, decrypted_len);
}
// Decrypt with bogus additional data.
- {
- SECItem bogusParams(params);
- CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
- bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
-
- std::vector<uint8_t> bogusAAD(aad, aad + aad_len);
- bogusAeadParams.pAAD = toUcharPtr(&bogusAAD[0]);
- bogusAAD[0] ^= 0xff;
-
- rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
- &decryptedLen, data_len, &output[0], outputLen);
- EXPECT_NE(rv, SECSuccess);
+ // Skip when AAD was empty and can't be modified.
+ // Alternatively we could generate random aad.
+ if (aad_len != 0) {
+ decrypted_len = 0;
+ SECItem bogus_params(params);
+ CK_NSS_AEAD_PARAMS bogus_aead_params(aead_params);
+ bogus_params.data = reinterpret_cast<unsigned char*>(&bogus_aead_params);
+
+ std::vector<uint8_t> bogus_aad(aad, aad + aad_len);
+ bogus_aead_params.pAAD = toUcharPtr(bogus_aad.data());
+ bogus_aad[0] ^= 0xff;
+
+ rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
+ &decrypted_len, data_len, encrypted.data(),
+ encrypted.size());
+ EXPECT_EQ(rv, SECFailure);
+ EXPECT_EQ(0U, decrypted_len);
}
}
- void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data,
- size_t data_len, const uint8_t* aad, size_t aad_len,
- const uint8_t* iv, size_t iv_len, const uint8_t* ct,
- size_t ct_len) {
+ void EncryptDecrypt(const chaChaTestVector testvector) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- SECItem keyItem = {siBuffer, toUcharPtr(key),
- static_cast<unsigned int>(key_len)};
+ SECItem keyItem = {siBuffer, toUcharPtr(testvector.Key.data()),
+ static_cast<unsigned int>(testvector.Key.size())};
// Import key.
- ScopedPK11SymKey symKey(PK11_ImportSymKey(
- slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
- EXPECT_TRUE(!!symKey);
+ ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), kMech, PK11_OriginUnwrap,
+ CKA_ENCRYPT, &keyItem, nullptr));
+ EXPECT_TRUE(!!key);
// Check.
- EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct,
- ct_len);
+ EncryptDecrypt(key, testvector.invalidIV, testvector.invalidTag,
+ testvector.Data.data(), testvector.Data.size(),
+ testvector.AAD.data(), testvector.AAD.size(),
+ testvector.IV.data(), testvector.IV.size(),
+ testvector.CT.data(), testvector.CT.size());
}
protected:
- CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305;
};
-#define ENCRYPT_DECRYPT(v) \
- EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \
- sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT));
-
TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
// Generate a random key.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
- EXPECT_TRUE(!!symKey);
+ ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
+ EXPECT_TRUE(!!key);
// Generate random data.
- std::vector<uint8_t> data(512);
- SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), &data[0], data.size());
+ std::vector<uint8_t> input(512);
+ SECStatus rv =
+ PK11_GenerateRandomOnSlot(slot.get(), input.data(), input.size());
EXPECT_EQ(rv, SECSuccess);
// Generate random AAD.
std::vector<uint8_t> aad(16);
- rv = PK11_GenerateRandomOnSlot(slot.get(), &aad[0], aad.size());
+ rv = PK11_GenerateRandomOnSlot(slot.get(), aad.data(), aad.size());
EXPECT_EQ(rv, SECSuccess);
// Generate random IV.
std::vector<uint8_t> iv(12);
- rv = PK11_GenerateRandomOnSlot(slot.get(), &iv[0], iv.size());
+ rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size());
EXPECT_EQ(rv, SECSuccess);
// Check.
- EncryptDecrypt(symKey.get(), &data[0], data.size(), &aad[0], aad.size(),
- &iv[0], iv.size());
+ EncryptDecrypt(key, false, false, input.data(), input.size(), aad.data(),
+ aad.size(), iv.data(), iv.size());
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
+ static const uint8_t kExpected[sizeof(kData)] = {
+ 0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a,
+ 0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51};
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ SECItem keyItem = {siBuffer, toUcharPtr(kKeyData),
+ static_cast<unsigned int>(sizeof(kKeyData))};
+ ScopedPK11SymKey key(PK11_ImportSymKey(
+ slot.get(), kMechXor, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
+ EXPECT_TRUE(!!key);
+
+ SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
+ static_cast<unsigned int>(sizeof(kCtrNonce))};
+ uint8_t encrypted[sizeof(kData)];
+ unsigned int encrypted_len = 88; // This should be overwritten.
+ SECStatus rv =
+ PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
+ EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
+
+ // Decrypting has the same effect.
+ rv = PK11_Decrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
+ EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
+
+ // Operating in reverse too.
+ rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kExpected,
+ sizeof(kExpected));
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
+ EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData)));
}
-TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector1) {
- ENCRYPT_DECRYPT(kTestVector1);
+// This test just ensures that a key can be generated for use with the XOR
+// function. The result is random and therefore cannot be checked.
+TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXor) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
+ EXPECT_TRUE(!!key);
+
+ SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
+ static_cast<unsigned int>(sizeof(kCtrNonce))};
+ uint8_t encrypted[sizeof(kData)];
+ unsigned int encrypted_len = 88; // This should be overwritten.
+ SECStatus rv =
+ PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
}
-TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) {
- ENCRYPT_DECRYPT(kTestVector2);
+TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
+ EXPECT_TRUE(!!key);
+
+ SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
+ static_cast<unsigned int>(sizeof(kCtrNonce)) - 1};
+ uint8_t encrypted[sizeof(kData)];
+ unsigned int encrypted_len = 88;
+ SECStatus rv =
+ PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+ EXPECT_EQ(SECFailure, rv);
+
+ ctrNonceItem.data = nullptr;
+ rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+ &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+ EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
}
+TEST_P(Pkcs11ChaCha20Poly1305Test, TestVectors) { EncryptDecrypt(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(NSSTestVector, Pkcs11ChaCha20Poly1305Test,
+ ::testing::ValuesIn(kChaCha20Vectors));
+
+INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11ChaCha20Poly1305Test,
+ ::testing::ValuesIn(kChaCha20WycheproofVectors));
+
} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
index 009c44fce..647e3a706 100644
--- a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
@@ -5,111 +5,122 @@
#include <memory>
#include "nss.h"
#include "pk11pub.h"
-
+#include "prerror.h"
#include "cpputil.h"
#include "nss_scoped_ptrs.h"
+#include "testvectors/curve25519-vectors.h"
#include "gtest/gtest.h"
namespace nss_test {
-// <https://tools.ietf.org/html/rfc7748#section-6.1>
-const uint8_t kPkcs8[] = {
- 0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
- 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
- 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
- 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
- 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
- 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
- 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
- 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
- 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a};
-const uint8_t kSpki[] = {
- 0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
- 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
- 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
- 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f};
-const uint8_t kSecret[] = {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
- 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
- 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
- 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42};
-
-// A public key that's too short (31 bytes).
-const uint8_t kSpkiShort[] = {
- 0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
- 0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b,
- 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
- 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f};
-
-// A public key that's too long (33 bytes).
-const uint8_t kSpkiLong[] = {
- 0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
- 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
- 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
- 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34};
-
-class Pkcs11Curve25519Test : public ::testing::Test {
+class Pkcs11Curve25519Test
+ : public ::testing::TestWithParam<curve25519_testvector> {
protected:
void Derive(const uint8_t* pkcs8, size_t pkcs8_len, const uint8_t* spki,
size_t spki_len, const uint8_t* secret, size_t secret_len,
bool expect_success) {
- ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
- SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8),
- static_cast<unsigned int>(pkcs8_len)};
+ SECItem pkcs8_item = {siBuffer, toUcharPtr(pkcs8),
+ static_cast<unsigned int>(pkcs8_len)};
SECKEYPrivateKey* key = nullptr;
SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
- slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key,
+ slot.get(), &pkcs8_item, nullptr, nullptr, false, false, KU_ALL, &key,
nullptr);
EXPECT_EQ(SECSuccess, rv);
- ScopedSECKEYPrivateKey privKey(key);
- ASSERT_TRUE(privKey);
+ ScopedSECKEYPrivateKey priv_key_sess(key);
+ ASSERT_TRUE(priv_key_sess);
- SECItem spkiItem = {siBuffer, toUcharPtr(spki),
- static_cast<unsigned int>(spki_len)};
+ SECItem spki_item = {siBuffer, toUcharPtr(spki),
+ static_cast<unsigned int>(spki_len)};
- ScopedCERTSubjectPublicKeyInfo certSpki(
- SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
- ASSERT_TRUE(certSpki);
+ ScopedCERTSubjectPublicKeyInfo cert_spki(
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
+ if (!expect_success && !cert_spki) {
+ return;
+ }
+ ASSERT_TRUE(cert_spki);
- ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
- ASSERT_TRUE(pubKey);
+ ScopedSECKEYPublicKey pub_key_remote(
+ SECKEY_ExtractPublicKey(cert_spki.get()));
+ ASSERT_TRUE(pub_key_remote);
- ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF(
- privKey.get(), pubKey.get(), false, nullptr, nullptr, CKM_ECDH1_DERIVE,
- CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr));
- EXPECT_EQ(expect_success, !!symKey);
+ // sym_key_sess = ECDH(session_import(private_test), public_test)
+ ScopedPK11SymKey sym_key_sess(PK11_PubDeriveWithKDF(
+ priv_key_sess.get(), pub_key_remote.get(), false, nullptr, nullptr,
+ CKM_ECDH1_DERIVE, CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr,
+ nullptr));
+ ASSERT_EQ(expect_success, !!sym_key_sess);
if (expect_success) {
- rv = PK11_ExtractKeyValue(symKey.get());
+ rv = PK11_ExtractKeyValue(sym_key_sess.get());
EXPECT_EQ(SECSuccess, rv);
- SECItem* keyData = PK11_GetKeyData(symKey.get());
- EXPECT_EQ(secret_len, keyData->len);
- EXPECT_EQ(memcmp(keyData->data, secret, secret_len), 0);
+ SECItem* key_data = PK11_GetKeyData(sym_key_sess.get());
+ EXPECT_EQ(secret_len, key_data->len);
+ EXPECT_EQ(memcmp(key_data->data, secret, secret_len), 0);
+
+ // Perform wrapped export on the imported private, import it as
+ // permanent, and verify we derive the same shared secret
+ static const uint8_t pw[] = "pw";
+ SECItem pwItem = {siBuffer, toUcharPtr(pw), sizeof(pw)};
+ ScopedSECKEYEncryptedPrivateKeyInfo epki(PK11_ExportEncryptedPrivKeyInfo(
+ slot.get(), SEC_OID_AES_256_CBC, &pwItem, priv_key_sess.get(), 1,
+ nullptr));
+ ASSERT_NE(nullptr, epki) << "PK11_ExportEncryptedPrivKeyInfo failed: "
+ << PORT_ErrorToName(PORT_GetError());
+
+ ScopedSECKEYPublicKey pub_key_local(
+ SECKEY_ConvertToPublicKey(priv_key_sess.get()));
+
+ SECKEYPrivateKey* priv_key_tok = nullptr;
+ rv = PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(
+ slot.get(), epki.get(), &pwItem, nullptr,
+ &pub_key_local->u.ec.publicValue, PR_TRUE, PR_TRUE, ecKey, 0,
+ &priv_key_tok, nullptr);
+ ASSERT_EQ(SECSuccess, rv) << "PK11_ImportEncryptedPrivateKeyInfo failed "
+ << PORT_ErrorToName(PORT_GetError());
+ ASSERT_TRUE(priv_key_tok);
+
+ // sym_key_tok = ECDH(token_import(export(private_test)),
+ // public_test)
+ ScopedPK11SymKey sym_key_tok(PK11_PubDeriveWithKDF(
+ priv_key_tok, pub_key_remote.get(), false, nullptr, nullptr,
+ CKM_ECDH1_DERIVE, CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr,
+ nullptr));
+ EXPECT_TRUE(sym_key_tok);
+
+ if (sym_key_tok) {
+ rv = PK11_ExtractKeyValue(sym_key_tok.get());
+ EXPECT_EQ(SECSuccess, rv);
+
+ key_data = PK11_GetKeyData(sym_key_tok.get());
+ EXPECT_EQ(secret_len, key_data->len);
+ EXPECT_EQ(memcmp(key_data->data, secret, secret_len), 0);
+ }
+ rv = PK11_DeleteTokenPrivateKey(priv_key_tok, true);
+ EXPECT_EQ(SECSuccess, rv);
}
- }
+ };
+
+ void Derive(const curve25519_testvector testvector) {
+ Derive(testvector.private_key.data(), testvector.private_key.size(),
+ testvector.public_key.data(), testvector.public_key.size(),
+ testvector.secret.data(), testvector.secret.size(),
+ testvector.valid);
+ };
};
-TEST_F(Pkcs11Curve25519Test, DeriveSharedSecret) {
- Derive(kPkcs8, sizeof(kPkcs8), kSpki, sizeof(kSpki), kSecret, sizeof(kSecret),
- true);
-}
+TEST_P(Pkcs11Curve25519Test, TestVectors) { Derive(GetParam()); }
-TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretShort) {
- Derive(kPkcs8, sizeof(kPkcs8), kSpkiShort, sizeof(kSpkiShort), nullptr, 0,
- false);
-}
+INSTANTIATE_TEST_CASE_P(NSSTestVector, Pkcs11Curve25519Test,
+ ::testing::ValuesIn(kCurve25519Vectors));
-TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretLong) {
- Derive(kPkcs8, sizeof(kPkcs8), kSpkiLong, sizeof(kSpkiLong), nullptr, 0,
- false);
-}
+INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11Curve25519Test,
+ ::testing::ValuesIn(kCurve25519WycheproofVectors));
} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
index 88c283317..449e7728b 100644
--- a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
@@ -15,6 +15,20 @@
namespace nss_test {
+const std::vector<uint8_t> kValidP256Key = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+ 0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+ 0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42,
+ 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61,
+ 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61,
+ 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03,
+ 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28,
+ 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3,
+ 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+
const std::vector<uint8_t> kValidRSAKey = {
// 512-bit RSA private key (PKCS#8)
0x30, 0x82, 0x01, 0x54, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
@@ -73,38 +87,76 @@ const std::vector<uint8_t> kInvalidZeroLengthKey = {
class DERPrivateKeyImportTest : public ::testing::Test {
public:
- bool ParsePrivateKey(const std::vector<uint8_t>& data) {
- ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- EXPECT_TRUE(slot);
-
+ bool ParsePrivateKey(const std::vector<uint8_t>& data, bool expect_success) {
SECKEYPrivateKey* key = nullptr;
+ SECStatus rv = SECFailure;
+ std::string nick_str =
+ ::testing::UnitTest::GetInstance()->current_test_info()->name() +
+ std::to_string(rand());
SECItem item = {siBuffer, const_cast<unsigned char*>(data.data()),
- (unsigned int)data.size()};
+ static_cast<unsigned int>(data.size())};
+ SECItem nick = {siBuffer, reinterpret_cast<unsigned char*>(
+ const_cast<char*>(nick_str.data())),
+ static_cast<unsigned int>(nick_str.length())};
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ EXPECT_TRUE(slot);
+ if (!slot) {
+ return false;
+ }
- SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
- slot.get(), &item, nullptr, nullptr, false, false, KU_ALL, &key,
- nullptr);
+ if (PK11_NeedUserInit(slot.get())) {
+ if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) {
+ EXPECT_EQ(rv, SECSuccess) << "PK11_InitPin failed";
+ }
+ }
+ rv = PK11_Authenticate(slot.get(), PR_TRUE, nullptr);
+ EXPECT_EQ(rv, SECSuccess);
+ rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ slot.get(), &item, &nick, nullptr, true, false, KU_ALL, &key, nullptr);
EXPECT_EQ(rv == SECSuccess, key != nullptr);
- SECKEY_DestroyPrivateKey(key);
+
+ if (expect_success) {
+ // Try to find the key via its label
+ ScopedSECKEYPrivateKeyList list(PK11_ListPrivKeysInSlot(
+ slot.get(), const_cast<char*>(nick_str.c_str()), nullptr));
+ EXPECT_FALSE(!list);
+ }
+
+ if (key) {
+ rv = PK11_DeleteTokenPrivateKey(key, true);
+ EXPECT_EQ(SECSuccess, rv);
+
+ // PK11_DeleteTokenPrivateKey leaves an errorCode set when there's
+ // no cert. This is expected, so clear it.
+ if (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) {
+ PORT_SetError(0);
+ }
+ }
return rv == SECSuccess;
}
};
TEST_F(DERPrivateKeyImportTest, ImportPrivateRSAKey) {
- EXPECT_TRUE(ParsePrivateKey(kValidRSAKey));
- EXPECT_FALSE(PORT_GetError());
+ EXPECT_TRUE(ParsePrivateKey(kValidRSAKey, true));
+ EXPECT_FALSE(PORT_GetError()) << PORT_GetError();
+}
+
+TEST_F(DERPrivateKeyImportTest, ImportEcdsaKey) {
+ EXPECT_TRUE(ParsePrivateKey(kValidP256Key, true));
+ EXPECT_FALSE(PORT_GetError()) << PORT_GetError();
}
TEST_F(DERPrivateKeyImportTest, ImportInvalidPrivateKey) {
- EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey));
- EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER);
+ EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey, false));
+ EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER) << PORT_GetError();
}
TEST_F(DERPrivateKeyImportTest, ImportZeroLengthPrivateKey) {
- EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey));
- EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY);
+ EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey, false));
+ EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY) << PORT_GetError();
}
} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc
new file mode 100644
index 000000000..30f1afb8d
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc
@@ -0,0 +1,65 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "nss_scoped_ptrs.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+class Pkcs11DesTest : public ::testing::Test {
+ protected:
+ SECStatus EncryptWithIV(std::vector<uint8_t>& iv,
+ const CK_MECHANISM_TYPE mech) {
+ // Generate a random key.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey sym_key(
+ PK11_KeyGen(slot.get(), mech, nullptr, 8, nullptr));
+ EXPECT_TRUE(!!sym_key);
+
+ std::vector<uint8_t> data(16);
+ std::vector<uint8_t> output(16);
+
+ SECItem params = {siBuffer, iv.data(),
+ static_cast<unsigned int>(iv.size())};
+
+ // Try to encrypt.
+ unsigned int output_len = 0;
+ return PK11_Encrypt(sym_key.get(), mech, &params, output.data(),
+ &output_len, output.size(), data.data(), data.size());
+ }
+};
+
+TEST_F(Pkcs11DesTest, ZeroLengthIV) {
+ std::vector<uint8_t> iv(0);
+ EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES_CBC));
+ EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES3_CBC));
+}
+
+TEST_F(Pkcs11DesTest, IVTooShort) {
+ std::vector<uint8_t> iv(7);
+ EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES_CBC));
+ EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES3_CBC));
+}
+
+TEST_F(Pkcs11DesTest, WrongLengthIV) {
+ // We tolerate IVs > 8
+ std::vector<uint8_t> iv(15, 0);
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES_CBC));
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES3_CBC));
+}
+
+TEST_F(Pkcs11DesTest, AllGood) {
+ std::vector<uint8_t> iv(8, 0);
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES_CBC));
+ EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES3_CBC));
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
index e905f7835..1816e3c9c 100644
--- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
@@ -45,6 +45,11 @@ static const Pkcs11EcdsaTestParams kEcdsaVectors[] = {
DataBuffer(kP256Spki, sizeof(kP256Spki)),
DataBuffer(kP256Data, sizeof(kP256Data)),
DataBuffer(kP256Signature, sizeof(kP256Signature))}},
+ {SEC_OID_SHA256,
+ {DataBuffer(kP256Pkcs8ZeroPad, sizeof(kP256Pkcs8ZeroPad)),
+ DataBuffer(kP256SpkiZeroPad, sizeof(kP256SpkiZeroPad)),
+ DataBuffer(kP256DataZeroPad, sizeof(kP256DataZeroPad)),
+ DataBuffer(kP256SignatureZeroPad, sizeof(kP256SignatureZeroPad))}},
{SEC_OID_SHA384,
{DataBuffer(kP384Pkcs8, sizeof(kP384Pkcs8)),
DataBuffer(kP384Spki, sizeof(kP384Spki)),
diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h b/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
index 1dd2c8728..9f625dd08 100644
--- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
+++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
@@ -130,6 +130,38 @@ const uint8_t kP521Signature[] = {
0xd8, 0xb8, 0xc3, 0x7f, 0xf0, 0x77, 0x7b, 0x1a, 0x20, 0xf8, 0xcc, 0xb1,
0xdc, 0xcc, 0x43, 0x99, 0x7f, 0x1e, 0xe0, 0xe4, 0x4d, 0xa4, 0xa6, 0x7a};
+// ECDSA P256 test case with a leading zero in the private key
+const uint8_t kP256Pkcs8ZeroPad[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x00, 0x16, 0x40, 0x71, 0x99, 0xe3, 0x07, 0xaa, 0xdc, 0x98, 0x0b, 0x21,
+ 0x62, 0xce, 0x66, 0x1f, 0xe4, 0x1a, 0x86, 0x9a, 0x23, 0x33, 0xf6, 0x72,
+ 0xb4, 0xa3, 0xdc, 0x3b, 0x50, 0xba, 0x20, 0xce, 0xa1, 0x44, 0x03, 0x42,
+ 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6, 0xf8,
+ 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63, 0x2e,
+ 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba, 0xd6,
+ 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85, 0xbd,
+ 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e, 0xd3,
+ 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02};
+const uint8_t kP256SpkiZeroPad[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6,
+ 0xf8, 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63,
+ 0x2e, 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba,
+ 0xd6, 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85,
+ 0xbd, 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e,
+ 0xd3, 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02};
+const uint8_t kP256DataZeroPad[] = {'s', 'a', 'm', 'p', 'l', 'e'};
+const uint8_t kP256SignatureZeroPad[] = {
+ 0xa6, 0xf4, 0xe4, 0xa8, 0x3f, 0x03, 0x59, 0x89, 0x60, 0x53, 0xe7,
+ 0xdc, 0xb5, 0xbe, 0x78, 0xaf, 0xc1, 0xca, 0xc0, 0x65, 0xba, 0xa4,
+ 0x3c, 0xf1, 0xe4, 0xae, 0xe3, 0xba, 0x22, 0x3d, 0xac, 0x9d, 0x6d,
+ 0x1b, 0x26, 0x00, 0xcf, 0x47, 0xa1, 0xe1, 0x04, 0x21, 0x8d, 0x0b,
+ 0xbb, 0x16, 0xfa, 0x3e, 0x59, 0x32, 0x01, 0xb0, 0x45, 0x3e, 0x27,
+ 0xa4, 0xc4, 0xfd, 0x31, 0xc9, 0x1a, 0x8e, 0x74, 0xd8};
+
// ECDSA test vectors, SPKI and PKCS#8 edge cases.
const uint8_t kP256Pkcs8NoCurveOIDOrAlgorithmParams[] = {
0x30, 0x7d, 0x02, 0x01, 0x00, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48,
diff --git a/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc
new file mode 100644
index 000000000..5958b2367
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc
@@ -0,0 +1,547 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* vim: set ts=4 et sw=4 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <string.h>
+
+#include "nss.h"
+#include "pk11pub.h"
+#include "prenv.h"
+#include "prerror.h"
+#include "secmod.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "util.h"
+
+namespace nss_test {
+
+// These test certificates were generated using pycert/pykey from
+// mozilla-central (https://hg.mozilla.org/mozilla-central/file/ ...
+// 9968319230a74eb8c1953444a0e6973c7500a9f8/security/manager/ssl/ ...
+// tests/unit/pycert.py).
+
+// issuer:test cert
+// subject:test cert
+// issuerKey:secp256r1
+// subjectKey:secp256r1
+// serialNumber:1
+const std::vector<uint8_t> kTestCert1DER = {
+ 0x30, 0x82, 0x01, 0x1D, 0x30, 0x81, 0xC2, 0xA0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
+ 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18,
+ 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5A, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65,
+ 0x72, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8,
+ 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B,
+ 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45,
+ 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07,
+ 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B,
+ 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
+ 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13,
+ 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91,
+ 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80,
+ 0x0A, 0x70, 0xE6, 0x02, 0x20, 0x11, 0xFA, 0xA2, 0xCA, 0x06, 0xF3, 0xBC,
+ 0x5F, 0x8A, 0xCA, 0x17, 0x63, 0x36, 0x87, 0xCF, 0x8D, 0x5C, 0xA0, 0x56,
+ 0x84, 0x44, 0x61, 0xB2, 0x33, 0x42, 0x07, 0x58, 0x9F, 0x0C, 0x9E, 0x49,
+ 0x83,
+};
+
+// issuer:test cert
+// subject:test cert
+// issuerKey:secp256r1
+// subjectKey:secp256r1
+// serialNumber:2
+const std::vector<uint8_t> kTestCert2DER = {
+ 0x30, 0x82, 0x01, 0x1E, 0x30, 0x81, 0xC2, 0xA0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
+ 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18,
+ 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5A, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65,
+ 0x72, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01,
+ 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8,
+ 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B,
+ 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45,
+ 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07,
+ 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B,
+ 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00,
+ 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13,
+ 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91,
+ 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80,
+ 0x0A, 0x70, 0xE6, 0x02, 0x21, 0x00, 0xF6, 0x5E, 0x42, 0xC7, 0x54, 0x40,
+ 0x81, 0xE9, 0x4C, 0x16, 0x48, 0xB1, 0x39, 0x0A, 0xA0, 0xE2, 0x8C, 0x23,
+ 0xAA, 0xC5, 0xBB, 0xAC, 0xEB, 0x9B, 0x15, 0x0B, 0x2F, 0xB7, 0xF5, 0x85,
+ 0xB2, 0x54,
+};
+
+const std::vector<uint8_t> kTestCertSubjectDER = {
+ 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03,
+ 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65, 0x72, 0x74,
+};
+
+// issuer:test cert
+// subject:unrelated subject DN
+// issuerKey:secp256r1
+// subjectKey:secp256r1
+// serialNumber:3
+const std::vector<uint8_t> kUnrelatedTestCertDER = {
+ 0x30, 0x82, 0x01, 0x28, 0x30, 0x81, 0xCD, 0xA0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
+ 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18,
+ 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5A, 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0C, 0x14, 0x75, 0x6E, 0x72, 0x65, 0x6C, 0x61, 0x74,
+ 0x65, 0x64, 0x20, 0x73, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x44,
+ 0x4E, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+ 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07,
+ 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8, 0xF9,
+ 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B, 0x42,
+ 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45, 0x5C,
+ 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07, 0x06,
+ 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B, 0x2D,
+ 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03,
+ 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13, 0x11,
+ 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91, 0xFF,
+ 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80, 0x0A,
+ 0x70, 0xE6, 0x02, 0x20, 0x0F, 0x1A, 0x04, 0xC2, 0xF8, 0xBA, 0xC2, 0x94,
+ 0x26, 0x6E, 0xBC, 0x91, 0x7D, 0xDB, 0x75, 0x7B, 0xE8, 0xA3, 0x4F, 0x69,
+ 0x1B, 0xF3, 0x1F, 0x2C, 0xCE, 0x82, 0x67, 0xC9, 0x5B, 0xBB, 0xBA, 0x0A,
+};
+
+class PK11FindCertsTestBase : public ::testing::Test {
+ protected:
+ PK11FindCertsTestBase()
+ : m_slot(nullptr), test_cert_db_dir_("PK11FindCertsTestBase-") {}
+
+ virtual void SetUp() {
+ std::string test_cert_db_path(test_cert_db_dir_.GetPath());
+ const char* test_name =
+ ::testing::UnitTest::GetInstance()->current_test_info()->name();
+ std::string mod_spec = "configDir='sql:";
+ mod_spec.append(test_cert_db_path);
+ mod_spec.append("' tokenDescription='");
+ mod_spec.append(test_name);
+ mod_spec.append("'");
+ m_slot = SECMOD_OpenUserDB(mod_spec.c_str());
+ ASSERT_NE(m_slot, nullptr);
+ }
+
+ virtual void TearDown() {
+ ASSERT_EQ(SECMOD_CloseUserDB(m_slot), SECSuccess);
+ PK11_FreeSlot(m_slot);
+ std::string test_cert_db_path(test_cert_db_dir_.GetPath());
+ ASSERT_EQ(0, unlink((test_cert_db_path + "/cert9.db").c_str()));
+ ASSERT_EQ(0, unlink((test_cert_db_path + "/key4.db").c_str()));
+ }
+
+ PK11SlotInfo* m_slot;
+ ScopedUniqueDirectory test_cert_db_dir_;
+};
+
+class PK11FindRawCertsBySubjectTest : public PK11FindCertsTestBase {};
+
+// If we don't have any certificates, we shouldn't get any when we search for
+// them.
+TEST_F(PK11FindRawCertsBySubjectTest, TestNoCertsImportedNoCertsFound) {
+ SECItem subject_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()),
+ (unsigned int)kTestCertSubjectDER.size()};
+ CERTCertificateList* certificates = nullptr;
+ SECStatus rv =
+ PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(certificates, nullptr);
+}
+
+// If we have one certificate but it has an unrelated subject DN, we shouldn't
+// get it when we search.
+TEST_F(PK11FindRawCertsBySubjectTest, TestOneCertImportedNoCertsFound) {
+ char cert_nickname[] = "Unrelated Cert";
+ SECItem cert_item = {siBuffer,
+ const_cast<unsigned char*>(kUnrelatedTestCertDER.data()),
+ (unsigned int)kUnrelatedTestCertDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE,
+ cert_nickname, false),
+ SECSuccess);
+
+ SECItem subject_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()),
+ (unsigned int)kTestCertSubjectDER.size()};
+ CERTCertificateList* certificates = nullptr;
+ SECStatus rv =
+ PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(certificates, nullptr);
+}
+
+TEST_F(PK11FindRawCertsBySubjectTest, TestMultipleMatchingCertsFound) {
+ char cert1_nickname[] = "Test Cert 1";
+ SECItem cert1_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert1DER.data()),
+ (unsigned int)kTestCert1DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE,
+ cert1_nickname, false),
+ SECSuccess);
+ char cert2_nickname[] = "Test Cert 2";
+ SECItem cert2_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert2DER.data()),
+ (unsigned int)kTestCert2DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert2_item, CK_INVALID_HANDLE,
+ cert2_nickname, false),
+ SECSuccess);
+ char unrelated_cert_nickname[] = "Unrelated Test Cert";
+ SECItem unrelated_cert_item = {
+ siBuffer, const_cast<unsigned char*>(kUnrelatedTestCertDER.data()),
+ (unsigned int)kUnrelatedTestCertDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &unrelated_cert_item, CK_INVALID_HANDLE,
+ unrelated_cert_nickname, false),
+ SECSuccess);
+
+ CERTCertificateList* certificates = nullptr;
+ SECItem subject_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()),
+ (unsigned int)kTestCertSubjectDER.size()};
+ SECStatus rv =
+ PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ ASSERT_NE(certificates, nullptr);
+ ScopedCERTCertificateList scoped_certificates(certificates);
+ ASSERT_EQ(scoped_certificates->len, 2);
+
+ std::vector<uint8_t> found_cert1(
+ scoped_certificates->certs[0].data,
+ scoped_certificates->certs[0].data + scoped_certificates->certs[0].len);
+ std::vector<uint8_t> found_cert2(
+ scoped_certificates->certs[1].data,
+ scoped_certificates->certs[1].data + scoped_certificates->certs[1].len);
+ EXPECT_TRUE(found_cert1 == kTestCert1DER || found_cert1 == kTestCert2DER);
+ EXPECT_TRUE(found_cert2 == kTestCert1DER || found_cert2 == kTestCert2DER);
+ EXPECT_TRUE(found_cert1 != found_cert2);
+}
+
+// If we try to search the internal slots, we won't find the certificate we just
+// imported (because it's on a different slot).
+TEST_F(PK11FindRawCertsBySubjectTest, TestNoCertsOnInternalSlots) {
+ char cert1_nickname[] = "Test Cert 1";
+ SECItem cert1_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert1DER.data()),
+ (unsigned int)kTestCert1DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE,
+ cert1_nickname, false),
+ SECSuccess);
+
+ SECItem subject_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()),
+ (unsigned int)kTestCertSubjectDER.size()};
+ CERTCertificateList* internal_key_slot_certificates = nullptr;
+ ScopedPK11SlotInfo internal_key_slot(PK11_GetInternalKeySlot());
+ SECStatus rv = PK11_FindRawCertsWithSubject(
+ internal_key_slot.get(), &subject_item, &internal_key_slot_certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(internal_key_slot_certificates, nullptr);
+
+ CERTCertificateList* internal_slot_certificates = nullptr;
+ ScopedPK11SlotInfo internal_slot(PK11_GetInternalSlot());
+ rv = PK11_FindRawCertsWithSubject(internal_slot.get(), &subject_item,
+ &internal_slot_certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(internal_slot_certificates, nullptr);
+}
+
+// issuer:test cert
+// subject:(empty - this had to be done by hand as pycert doesn't support this)
+// issuerKey:secp256r1
+// subjectKey:secp256r1
+// serialNumber:4
+const std::vector<uint8_t> kEmptySubjectCertDER = {
+ 0x30, 0x82, 0x01, 0x09, 0x30, 0x81, 0xAE, 0xA0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x04, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37,
+ 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18,
+ 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x5A, 0x30, 0x00, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48,
+ 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB,
+ 0xBB, 0x61, 0xE0, 0xF8, 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04,
+ 0xE2, 0xEC, 0x05, 0x0B, 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C,
+ 0x4F, 0x79, 0x4B, 0x45, 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36,
+ 0xC4, 0x11, 0x9D, 0x07, 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90,
+ 0xD7, 0x99, 0x1B, 0x7B, 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6,
+ 0xC0, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x01, 0x0B, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C,
+ 0x75, 0x51, 0x9F, 0x13, 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3,
+ 0xBC, 0x06, 0x30, 0x91, 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC,
+ 0xFD, 0xCB, 0x42, 0x80, 0x0A, 0x70, 0xE6, 0x02, 0x20, 0x31, 0x1B, 0x92,
+ 0xAA, 0xA8, 0xB7, 0x51, 0x52, 0x7B, 0x64, 0xD6, 0xF7, 0x2F, 0x0C, 0xFB,
+ 0xBB, 0xD5, 0xDF, 0x86, 0xA3, 0x97, 0x96, 0x60, 0x42, 0xDA, 0xD4, 0xA8,
+ 0x5F, 0x2F, 0xA4, 0xDE, 0x7C};
+
+std::vector<uint8_t> kEmptySubjectDER = {0x30, 0x00};
+
+// This certificate has the smallest possible subject. Finding it should work.
+TEST_F(PK11FindRawCertsBySubjectTest, TestFindEmptySubject) {
+ char empty_subject_cert_nickname[] = "Empty Subject Cert";
+ SECItem empty_subject_cert_item = {
+ siBuffer, const_cast<unsigned char*>(kEmptySubjectCertDER.data()),
+ (unsigned int)kEmptySubjectCertDER.size()};
+ ASSERT_EQ(
+ PK11_ImportDERCert(m_slot, &empty_subject_cert_item, CK_INVALID_HANDLE,
+ empty_subject_cert_nickname, false),
+ SECSuccess);
+
+ SECItem subject_item = {siBuffer,
+ const_cast<unsigned char*>(kEmptySubjectDER.data()),
+ (unsigned int)kEmptySubjectDER.size()};
+ CERTCertificateList* certificates = nullptr;
+ SECStatus rv =
+ PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ ASSERT_NE(certificates, nullptr);
+ ScopedCERTCertificateList scoped_certificates(certificates);
+ ASSERT_EQ(scoped_certificates->len, 1);
+
+ std::vector<uint8_t> found_cert(
+ scoped_certificates->certs[0].data,
+ scoped_certificates->certs[0].data + scoped_certificates->certs[0].len);
+ EXPECT_EQ(found_cert, kEmptySubjectCertDER);
+}
+
+// Searching for a zero-length subject doesn't make sense (the minimum subject
+// is the SEQUENCE tag followed by a length byte of 0), but it shouldn't cause
+// problems.
+TEST_F(PK11FindRawCertsBySubjectTest, TestSearchForNullSubject) {
+ char cert1_nickname[] = "Test Cert 1";
+ SECItem cert1_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert1DER.data()),
+ (unsigned int)kTestCert1DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE,
+ cert1_nickname, false),
+ SECSuccess);
+
+ SECItem subject_item = {siBuffer, nullptr, 0};
+ CERTCertificateList* certificates = nullptr;
+ SECStatus rv =
+ PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates);
+ EXPECT_EQ(rv, SECSuccess);
+ EXPECT_EQ(certificates, nullptr);
+}
+
+class PK11GetCertsMatchingPrivateKeyTest : public PK11FindCertsTestBase {};
+
+// This is the private secp256r1 key corresponding to the above test
+// certificates.
+const std::vector<uint8_t> kTestPrivateKeyInfoDER = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x21, 0x91, 0x40, 0x3d, 0x57, 0x10, 0xbf, 0x15, 0xa2, 0x65, 0x81, 0x8c,
+ 0xd4, 0x2e, 0xd6, 0xfe, 0xdf, 0x09, 0xad, 0xd9, 0x2d, 0x78, 0xb1, 0x8e,
+ 0x7a, 0x1e, 0x9f, 0xeb, 0x95, 0x52, 0x47, 0x02, 0xa1, 0x44, 0x03, 0x42,
+ 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6,
+ 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c,
+ 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69,
+ 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e,
+ 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3,
+ 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0,
+};
+
+// issuer:test cert (different key)
+// subject:test cert (different key)
+// issuerKey:secp256k1
+// subjectKey:secp256k1
+// serialNumber:1
+const std::vector<uint8_t> kTestCertWithOtherKeyDER = {
+ 0x30, 0x82, 0x01, 0x3a, 0x30, 0x81, 0xdf, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x24, 0x31, 0x22, 0x30, 0x20,
+ 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x74, 0x65, 0x73, 0x74, 0x20,
+ 0x63, 0x65, 0x72, 0x74, 0x20, 0x28, 0x64, 0x69, 0x66, 0x66, 0x65, 0x72,
+ 0x65, 0x6e, 0x74, 0x20, 0x6b, 0x65, 0x79, 0x29, 0x30, 0x22, 0x18, 0x0f,
+ 0x32, 0x30, 0x31, 0x37, 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30,
+ 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x24, 0x31, 0x22,
+ 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x74, 0x65, 0x73,
+ 0x74, 0x20, 0x63, 0x65, 0x72, 0x74, 0x20, 0x28, 0x64, 0x69, 0x66, 0x66,
+ 0x65, 0x72, 0x65, 0x6e, 0x74, 0x20, 0x6b, 0x65, 0x79, 0x29, 0x30, 0x56,
+ 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
+ 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, 0x03, 0x42, 0x00, 0x04, 0x35, 0xee,
+ 0x7c, 0x72, 0x89, 0xd8, 0xfe, 0xf7, 0xa8, 0x6a, 0xfe, 0x5d, 0xa6, 0x6d,
+ 0x8b, 0xc2, 0xeb, 0xb6, 0xa8, 0x54, 0x3f, 0xd2, 0xfe, 0xad, 0x08, 0x9f,
+ 0x45, 0xce, 0x7a, 0xcd, 0x0f, 0xa6, 0x43, 0x82, 0xa9, 0x50, 0x0c, 0x41,
+ 0xda, 0xd7, 0x70, 0xff, 0xd4, 0xb5, 0x11, 0xbf, 0x4b, 0x49, 0x2e, 0xb1,
+ 0x23, 0x88, 0x00, 0xc3, 0x2c, 0x4f, 0x76, 0xc7, 0x3a, 0x3f, 0x32, 0x94,
+ 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20,
+ 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff, 0xd1, 0x16, 0x4e,
+ 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77, 0x5c, 0x93, 0x60,
+ 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02, 0x20, 0x1e, 0xa0,
+ 0x7b, 0xee, 0x90, 0x9b, 0x5f, 0x2c, 0x49, 0xd6, 0x61, 0xda, 0x31, 0x14,
+ 0xb1, 0xa4, 0x0d, 0x2d, 0x90, 0x2b, 0x70, 0xd8, 0x6b, 0x07, 0x64, 0x27,
+ 0xa5, 0x2e, 0xfe, 0xca, 0x6e, 0xe6,
+};
+
+// If there are no certs at all, we'll get back a null list.
+TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestNoCertsAtAll) {
+ SECItem private_key_info = {
+ siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()),
+ (unsigned int)kTestPrivateKeyInfoDER.size(),
+ };
+ SECKEYPrivateKey* priv_key = nullptr;
+ ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ m_slot, &private_key_info, nullptr, nullptr, false, false,
+ KU_ALL, &priv_key, nullptr),
+ SECSuccess);
+ ASSERT_NE(priv_key, nullptr);
+ ScopedSECKEYPrivateKey scoped_priv_key(priv_key);
+ ScopedCERTCertList certs(
+ PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get()));
+ ASSERT_TRUE(CERT_LIST_EMPTY(certs));
+}
+
+// If there are no certs for the private key, we'll get back a null list.
+TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestNoCertsForKey) {
+ SECItem private_key_info = {
+ siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()),
+ (unsigned int)kTestPrivateKeyInfoDER.size(),
+ };
+ SECKEYPrivateKey* priv_key = nullptr;
+ ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ m_slot, &private_key_info, nullptr, nullptr, false, false,
+ KU_ALL, &priv_key, nullptr),
+ SECSuccess);
+ ASSERT_NE(priv_key, nullptr);
+ ScopedSECKEYPrivateKey scoped_priv_key(priv_key);
+
+ char cert_nickname[] = "Test Cert With Other Key";
+ SECItem cert_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()),
+ (unsigned int)kTestCertWithOtherKeyDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE,
+ cert_nickname, false),
+ SECSuccess);
+
+ ScopedCERTCertList certs(
+ PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get()));
+ ASSERT_TRUE(CERT_LIST_EMPTY(certs));
+}
+
+void CheckCertListForSubjects(
+ ScopedCERTCertList& list,
+ const std::vector<const char*>& expected_subjects) {
+ ASSERT_NE(list.get(), nullptr);
+ ASSERT_NE(expected_subjects.size(), 0ul);
+ for (const auto& expected_subject : expected_subjects) {
+ size_t list_length = 0;
+ bool found = false;
+ for (CERTCertListNode* n = CERT_LIST_HEAD(list); !CERT_LIST_END(n, list);
+ n = CERT_LIST_NEXT(n)) {
+ list_length++;
+ if (strcmp(n->cert->subjectName, expected_subject) == 0) {
+ ASSERT_FALSE(found);
+ found = true;
+ }
+ }
+ ASSERT_TRUE(found);
+ ASSERT_EQ(list_length, expected_subjects.size());
+ }
+}
+
+// We should only get back certs that actually match the private key.
+TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestOneCertForKey) {
+ SECItem private_key_info = {
+ siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()),
+ (unsigned int)kTestPrivateKeyInfoDER.size(),
+ };
+ SECKEYPrivateKey* priv_key = nullptr;
+ ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ m_slot, &private_key_info, nullptr, nullptr, false, false,
+ KU_ALL, &priv_key, nullptr),
+ SECSuccess);
+ ASSERT_NE(priv_key, nullptr);
+ ScopedSECKEYPrivateKey scoped_priv_key(priv_key);
+
+ char cert1_nickname[] = "Test Cert 1";
+ SECItem cert1_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert1DER.data()),
+ (unsigned int)kTestCert1DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE,
+ cert1_nickname, false),
+ SECSuccess);
+
+ char cert_nickname[] = "Test Cert With Other Key";
+ SECItem cert_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()),
+ (unsigned int)kTestCertWithOtherKeyDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE,
+ cert_nickname, false),
+ SECSuccess);
+
+ ScopedCERTCertList certs(
+ PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get()));
+ CheckCertListForSubjects(certs, {"CN=test cert"});
+}
+
+// We should be able to get back all certs that match the private key.
+TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestTwoCertsForKey) {
+ SECItem private_key_info = {
+ siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()),
+ (unsigned int)kTestPrivateKeyInfoDER.size(),
+ };
+ SECKEYPrivateKey* priv_key = nullptr;
+ ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ m_slot, &private_key_info, nullptr, nullptr, false, false,
+ KU_ALL, &priv_key, nullptr),
+ SECSuccess);
+ ASSERT_NE(priv_key, nullptr);
+ ScopedSECKEYPrivateKey scoped_priv_key(priv_key);
+
+ char cert1_nickname[] = "Test Cert 1";
+ SECItem cert1_item = {siBuffer,
+ const_cast<unsigned char*>(kTestCert1DER.data()),
+ (unsigned int)kTestCert1DER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE,
+ cert1_nickname, false),
+ SECSuccess);
+ char cert2_nickname[] = "Test Cert 2 (same key, different subject)";
+ SECItem cert2_item = {
+ siBuffer, const_cast<unsigned char*>(kUnrelatedTestCertDER.data()),
+ (unsigned int)kUnrelatedTestCertDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert2_item, CK_INVALID_HANDLE,
+ cert2_nickname, false),
+ SECSuccess);
+
+ char cert_nickname[] = "Test Cert With Other Key";
+ SECItem cert_item = {
+ siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()),
+ (unsigned int)kTestCertWithOtherKeyDER.size()};
+ ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE,
+ cert_nickname, false),
+ SECSuccess);
+
+ ScopedCERTCertList certs(
+ PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get()));
+ CheckCertListForSubjects(certs, {"CN=test cert", "CN=unrelated subject DN"});
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
index c73139b05..b521687fb 100644
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -11,39 +11,50 @@
'target_name': 'pk11_gtest',
'type': 'executable',
'sources': [
- 'pk11_aeskeywrap_unittest.cc',
+ 'pk11_aes_cmac_unittest.cc',
'pk11_aes_gcm_unittest.cc',
+ 'pk11_aeskeywrap_unittest.cc',
+ 'pk11_aeskeywrappad_unittest.cc',
+ 'pk11_cbc_unittest.cc',
'pk11_chacha20poly1305_unittest.cc',
'pk11_cipherop_unittest.cc',
'pk11_curve25519_unittest.cc',
+ 'pk11_der_private_key_import_unittest.cc',
+ 'pk11_des_unittest.cc',
'pk11_ecdsa_unittest.cc',
'pk11_encrypt_derive_unittest.cc',
+ 'pk11_find_certs_unittest.cc',
+ 'pk11_import_unittest.cc',
+ 'pk11_keygen.cc',
+ 'pk11_key_unittest.cc',
+ 'pk11_module_unittest.cc',
'pk11_pbkdf2_unittest.cc',
'pk11_prf_unittest.cc',
'pk11_prng_unittest.cc',
'pk11_rsapkcs1_unittest.cc',
'pk11_rsapss_unittest.cc',
- 'pk11_der_private_key_import_unittest.cc',
+ 'pk11_seed_cbc_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
- '<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/cpputil/cpputil.gyp:cpputil',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+ '<(DEPTH)/lib/util/util.gyp:nssutil3',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
- '<(DEPTH)/lib/nss/nss.gyp:nss_static',
- '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
- '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
- '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
- '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
+ '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+ '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+ '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
+ '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+ '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
}, {
'dependencies': [
@@ -54,6 +65,12 @@
],
}
],
+ 'target_defaults': {
+ 'defines': [
+ 'DLL_PREFIX=\"<(dll_prefix)\"',
+ 'DLL_SUFFIX=\"<(dll_suffix)\"'
+ ]
+ },
'variables': {
'module': 'nss'
}
diff --git a/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc
new file mode 100644
index 000000000..19ecb94a2
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc
@@ -0,0 +1,281 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "pk11pqg.h"
+#include "prerror.h"
+#include "secoid.h"
+
+#include "cpputil.h"
+#include "nss_scoped_ptrs.h"
+#include "gtest/gtest.h"
+#include "databuffer.h"
+#include "pk11_keygen.h"
+
+namespace nss_test {
+
+// This deleter deletes a set of objects, unlike the deleter on
+// ScopedPK11GenericObject, which only deletes one.
+struct PK11GenericObjectsDeleter {
+ void operator()(PK11GenericObject* objs) {
+ if (objs) {
+ PK11_DestroyGenericObjects(objs);
+ }
+ }
+};
+
+class Pk11KeyImportTestBase : public ::testing::Test {
+ public:
+ Pk11KeyImportTestBase() = default;
+ virtual ~Pk11KeyImportTestBase() = default;
+
+ void SetUp() override {
+ slot_.reset(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot_);
+
+ static const uint8_t pw[] = "pw";
+ SECItem pwItem = {siBuffer, toUcharPtr(pw), sizeof(pw)};
+ password_.reset(SECITEM_DupItem(&pwItem));
+ }
+
+ void Test(const Pkcs11KeyPairGenerator& generator) {
+ // Generate a key and export it.
+ KeyType key_type = nullKey;
+ ScopedSECKEYEncryptedPrivateKeyInfo key_info;
+ ScopedSECItem public_value;
+ GenerateAndExport(generator, &key_type, &key_info, &public_value);
+
+ // Note: NSS is currently unable export wrapped DH keys, so this doesn't
+ // test those beyond generate and verify.
+ if (key_type == dhKey) {
+ return;
+ }
+ ASSERT_NE(nullptr, public_value);
+ ASSERT_NE(nullptr, key_info);
+
+ // Now import the encrypted key.
+ static const uint8_t nick[] = "nick";
+ SECItem nickname = {siBuffer, toUcharPtr(nick), sizeof(nick)};
+ SECKEYPrivateKey* priv_tmp;
+ SECStatus rv = PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(
+ slot_.get(), key_info.get(), password_.get(), &nickname,
+ public_value.get(), PR_TRUE, PR_TRUE, key_type, 0, &priv_tmp, NULL);
+ ASSERT_EQ(SECSuccess, rv) << "PK11_ImportEncryptedPrivateKeyInfo failed "
+ << PORT_ErrorToName(PORT_GetError());
+ ScopedSECKEYPrivateKey priv_key(priv_tmp);
+ ASSERT_NE(nullptr, priv_key);
+
+ CheckForPublicKey(priv_key, public_value.get());
+ }
+
+ private:
+ SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
+ SECItem null = {siBuffer, NULL, 0};
+ switch (SECKEY_GetPublicKeyType(pub_key.get())) {
+ case rsaKey:
+ case rsaPssKey:
+ case rsaOaepKey:
+ return pub_key->u.rsa.modulus;
+ case keaKey:
+ return pub_key->u.kea.publicValue;
+ case dsaKey:
+ return pub_key->u.dsa.publicValue;
+ case dhKey:
+ return pub_key->u.dh.publicValue;
+ case ecKey:
+ return pub_key->u.ec.publicValue;
+ case fortezzaKey: /* depricated */
+ case nullKey:
+ /* didn't use default here so we can catch new key types at compile time
+ */
+ break;
+ }
+ return null;
+ }
+ void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key,
+ const SECItem* expected_public) {
+ // Verify the public key exists.
+ StackSECItem priv_id;
+ KeyType type = SECKEY_GetPrivateKeyType(priv_key.get());
+ SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(),
+ CKA_ID, &priv_id);
+ ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: "
+ << PORT_ErrorToName(PORT_GetError());
+
+ CK_ATTRIBUTE_TYPE value_type = CKA_VALUE;
+ switch (type) {
+ case rsaKey:
+ value_type = CKA_MODULUS;
+ break;
+
+ case dhKey:
+ case dsaKey:
+ value_type = CKA_VALUE;
+ break;
+
+ case ecKey:
+ value_type = CKA_EC_POINT;
+ break;
+
+ default:
+ FAIL() << "unknown key type";
+ }
+
+ // Scan public key objects until we find one with the same CKA_ID as
+ // priv_key
+ std::unique_ptr<PK11GenericObject, PK11GenericObjectsDeleter> objs(
+ PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY));
+ ASSERT_NE(nullptr, objs);
+ for (PK11GenericObject* obj = objs.get(); obj != nullptr;
+ obj = PK11_GetNextGenericObject(obj)) {
+ StackSECItem pub_id;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, CKA_ID, &pub_id);
+ if (rv != SECSuccess) {
+ // Can't read CKA_ID from object.
+ continue;
+ }
+ if (!SECITEM_ItemsAreEqual(&priv_id, &pub_id)) {
+ // This isn't the object we're looking for.
+ continue;
+ }
+
+ StackSECItem token;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, CKA_TOKEN, &token);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_EQ(1U, token.len);
+ ASSERT_NE(0, token.data[0]);
+
+ StackSECItem raw_value;
+ SECItem decoded_value;
+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value);
+ ASSERT_EQ(SECSuccess, rv);
+ SECItem value = raw_value;
+
+ // Decode the EC_POINT and check the output against expected.
+ // CKA_EC_POINT isn't stable, see Bug 1520649.
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ ASSERT_TRUE(arena);
+ if (value_type == CKA_EC_POINT) {
+ // If this fails due to the noted inconsistency, we may need to
+ // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag
+ rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value,
+ SEC_ASN1_GET(SEC_OctetStringTemplate),
+ &raw_value);
+ ASSERT_EQ(SECSuccess, rv);
+ value = decoded_value;
+ }
+ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value))
+ << "expected: "
+ << DataBuffer(expected_public->data, expected_public->len)
+ << std::endl
+ << "actual: " << DataBuffer(value.data, value.len) << std::endl;
+
+ // Finally, convert the private to public and ensure it matches.
+ ScopedSECKEYPublicKey pub_key(SECKEY_ConvertToPublicKey(priv_key.get()));
+ ASSERT_TRUE(pub_key);
+ SECItem converted_public = GetPublicComponent(pub_key);
+ ASSERT_TRUE(converted_public.len != 0);
+
+ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public))
+ << "expected: "
+ << DataBuffer(expected_public->data, expected_public->len)
+ << std::endl
+ << "actual: "
+ << DataBuffer(converted_public.data, converted_public.len)
+ << std::endl;
+ }
+ }
+
+ void GenerateAndExport(const Pkcs11KeyPairGenerator& generator,
+ KeyType* key_type,
+ ScopedSECKEYEncryptedPrivateKeyInfo* key_info,
+ ScopedSECItem* public_value) {
+ ScopedSECKEYPrivateKey priv_key;
+ ScopedSECKEYPublicKey pub_key;
+ generator.GenerateKey(&priv_key, &pub_key);
+ ASSERT_TRUE(priv_key);
+
+ // Save the public value, which we will need on import */
+ SECItem* pub_val;
+ KeyType t = SECKEY_GetPublicKeyType(pub_key.get());
+ switch (t) {
+ case rsaKey:
+ pub_val = &pub_key->u.rsa.modulus;
+ break;
+ case dhKey:
+ pub_val = &pub_key->u.dh.publicValue;
+ break;
+ case dsaKey:
+ pub_val = &pub_key->u.dsa.publicValue;
+ break;
+ case ecKey:
+ pub_val = &pub_key->u.ec.publicValue;
+ break;
+ default:
+ FAIL() << "Unknown key type";
+ }
+
+ CheckForPublicKey(priv_key, pub_val);
+
+ *key_type = t;
+ // Note: NSS is currently unable export wrapped DH keys, so this doesn't
+ // test those beyond generate and verify.
+ if (t == dhKey) {
+ return;
+ }
+ public_value->reset(SECITEM_DupItem(pub_val));
+
+ // Wrap and export the key.
+ ScopedSECKEYEncryptedPrivateKeyInfo epki(PK11_ExportEncryptedPrivKeyInfo(
+ slot_.get(), SEC_OID_AES_256_CBC, password_.get(), priv_key.get(), 1,
+ nullptr));
+ ASSERT_NE(nullptr, epki) << "PK11_ExportEncryptedPrivKeyInfo failed: "
+ << PORT_ErrorToName(PORT_GetError());
+
+ key_info->swap(epki);
+ }
+
+ ScopedPK11SlotInfo slot_;
+ ScopedSECItem password_;
+};
+
+class Pk11KeyImportTest
+ : public Pk11KeyImportTestBase,
+ public ::testing::WithParamInterface<CK_MECHANISM_TYPE> {
+ public:
+ Pk11KeyImportTest() = default;
+ virtual ~Pk11KeyImportTest() = default;
+};
+
+TEST_P(Pk11KeyImportTest, GenerateExportImport) {
+ Test(Pkcs11KeyPairGenerator(GetParam()));
+}
+
+INSTANTIATE_TEST_CASE_P(Pk11KeyImportTest, Pk11KeyImportTest,
+ ::testing::Values(CKM_RSA_PKCS_KEY_PAIR_GEN,
+ CKM_DSA_KEY_PAIR_GEN,
+ CKM_DH_PKCS_KEY_PAIR_GEN));
+
+class Pk11KeyImportTestEC : public Pk11KeyImportTestBase,
+ public ::testing::WithParamInterface<SECOidTag> {
+ public:
+ Pk11KeyImportTestEC() = default;
+ virtual ~Pk11KeyImportTestEC() = default;
+};
+
+TEST_P(Pk11KeyImportTestEC, GenerateExportImport) {
+ Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam()));
+}
+
+INSTANTIATE_TEST_CASE_P(Pk11KeyImportTestEC, Pk11KeyImportTestEC,
+ ::testing::Values(SEC_OID_SECG_EC_SECP256R1,
+ SEC_OID_SECG_EC_SECP384R1,
+ SEC_OID_SECG_EC_SECP521R1,
+ SEC_OID_CURVE25519));
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc
new file mode 100644
index 000000000..1351b53de
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc
@@ -0,0 +1,80 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "pk11pqg.h"
+#include "prerror.h"
+#include "secoid.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "pk11_keygen.h"
+
+namespace nss_test {
+
+class Pkcs11NullKeyTestBase : public ::testing::Test {
+ protected:
+ // This constructs a key pair, then erases the public value from the public
+ // key. NSS should reject this.
+ void Test(const Pkcs11KeyPairGenerator& generator,
+ CK_MECHANISM_TYPE dh_mech) {
+ ScopedSECKEYPrivateKey priv;
+ ScopedSECKEYPublicKey pub;
+ generator.GenerateKey(&priv, &pub);
+ ASSERT_TRUE(priv);
+
+ // These don't leak because they are allocated to the arena associated with
+ // the public key.
+ SECItem* pub_val = nullptr;
+ switch (SECKEY_GetPublicKeyType(pub.get())) {
+ case rsaKey:
+ pub_val = &pub->u.rsa.modulus;
+ break;
+
+ case dsaKey:
+ pub_val = &pub->u.dsa.publicValue;
+ break;
+
+ case dhKey:
+ pub_val = &pub->u.dh.publicValue;
+ break;
+
+ case ecKey:
+ pub_val = &pub->u.ec.publicValue;
+ break;
+
+ default:
+ FAIL() << "Unknown key type " << SECKEY_GetPublicKeyType(pub.get());
+ }
+ pub_val->data = nullptr;
+ pub_val->len = 0;
+
+ ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF(
+ priv.get(), pub.get(), false, nullptr, nullptr, dh_mech,
+ CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr));
+ ASSERT_FALSE(symKey);
+ }
+};
+
+class Pkcs11DhNullKeyTest : public Pkcs11NullKeyTestBase {};
+TEST_F(Pkcs11DhNullKeyTest, UseNullPublicValue) {
+ Test(Pkcs11KeyPairGenerator(CKM_DH_PKCS_KEY_PAIR_GEN), CKM_DH_PKCS_DERIVE);
+}
+
+class Pkcs11EcdhNullKeyTest : public Pkcs11NullKeyTestBase,
+ public ::testing::WithParamInterface<SECOidTag> {
+};
+TEST_P(Pkcs11EcdhNullKeyTest, UseNullPublicValue) {
+ Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam()),
+ CKM_ECDH1_DERIVE);
+}
+INSTANTIATE_TEST_CASE_P(Pkcs11EcdhNullKeyTest, Pkcs11EcdhNullKeyTest,
+ ::testing::Values(SEC_OID_SECG_EC_SECP256R1,
+ SEC_OID_SECG_EC_SECP384R1,
+ SEC_OID_SECG_EC_SECP521R1,
+ SEC_OID_CURVE25519));
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_keygen.cc b/security/nss/gtests/pk11_gtest/pk11_keygen.cc
new file mode 100644
index 000000000..d96cd38f6
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_keygen.cc
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11_keygen.h"
+
+#include "pk11pub.h"
+#include "pk11pqg.h"
+#include "prerror.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+class ParamHolder {
+ public:
+ virtual void* get() = 0;
+ virtual ~ParamHolder() = default;
+
+ protected:
+ ParamHolder() = default;
+};
+
+void Pkcs11KeyPairGenerator::GenerateKey(ScopedSECKEYPrivateKey* priv_key,
+ ScopedSECKEYPublicKey* pub_key) const {
+ // This function returns if an assertion fails, so don't leak anything.
+ priv_key->reset(nullptr);
+ pub_key->reset(nullptr);
+
+ auto params = MakeParams();
+ ASSERT_NE(nullptr, params);
+
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot);
+
+ SECKEYPublicKey* pub_tmp;
+ ScopedSECKEYPrivateKey priv_tmp(PK11_GenerateKeyPair(
+ slot.get(), mech_, params->get(), &pub_tmp, PR_FALSE, PR_TRUE, nullptr));
+ ASSERT_NE(nullptr, priv_tmp) << "PK11_GenerateKeyPair failed: "
+ << PORT_ErrorToName(PORT_GetError());
+ ASSERT_NE(nullptr, pub_tmp);
+
+ priv_key->swap(priv_tmp);
+ pub_key->reset(pub_tmp);
+}
+
+class RsaParamHolder : public ParamHolder {
+ public:
+ RsaParamHolder() : params_({1024, 0x010001}) {}
+ ~RsaParamHolder() = default;
+
+ void* get() override { return &params_; }
+
+ private:
+ PK11RSAGenParams params_;
+};
+
+class PqgParamHolder : public ParamHolder {
+ public:
+ PqgParamHolder(PQGParams* params) : params_(params) {}
+ ~PqgParamHolder() = default;
+
+ void* get() override { return params_.get(); }
+
+ private:
+ ScopedPQGParams params_;
+};
+
+class DhParamHolder : public PqgParamHolder {
+ public:
+ DhParamHolder(PQGParams* params)
+ : PqgParamHolder(params),
+ params_({nullptr, params->prime, params->base}) {}
+ ~DhParamHolder() = default;
+
+ void* get() override { return &params_; }
+
+ private:
+ SECKEYDHParams params_;
+};
+
+class EcParamHolder : public ParamHolder {
+ public:
+ EcParamHolder(SECOidTag curve_oid) {
+ SECOidData* curve = SECOID_FindOIDByTag(curve_oid);
+ EXPECT_NE(nullptr, curve);
+
+ size_t plen = curve->oid.len + 2;
+ extra_.reset(new uint8_t[plen]);
+ extra_[0] = SEC_ASN1_OBJECT_ID;
+ extra_[1] = static_cast<uint8_t>(curve->oid.len);
+ memcpy(&extra_[2], curve->oid.data, curve->oid.len);
+
+ ec_params_ = {siBuffer, extra_.get(), static_cast<unsigned int>(plen)};
+ }
+ ~EcParamHolder() = default;
+
+ void* get() override { return &ec_params_; }
+
+ private:
+ SECKEYECParams ec_params_;
+ std::unique_ptr<uint8_t[]> extra_;
+};
+
+std::unique_ptr<ParamHolder> Pkcs11KeyPairGenerator::MakeParams() const {
+ switch (mech_) {
+ case CKM_RSA_PKCS_KEY_PAIR_GEN:
+ std::cerr << "Generate RSA pair" << std::endl;
+ return std::unique_ptr<ParamHolder>(new RsaParamHolder());
+
+ case CKM_DSA_KEY_PAIR_GEN:
+ case CKM_DH_PKCS_KEY_PAIR_GEN: {
+ PQGParams* pqg_params = nullptr;
+ PQGVerify* pqg_verify = nullptr;
+ const unsigned int key_size = 1024;
+ SECStatus rv = PK11_PQG_ParamGenV2(key_size, 0, key_size / 16,
+ &pqg_params, &pqg_verify);
+ if (rv != SECSuccess) {
+ ADD_FAILURE() << "PK11_PQG_ParamGenV2 failed";
+ return nullptr;
+ }
+ EXPECT_NE(nullptr, pqg_verify);
+ EXPECT_NE(nullptr, pqg_params);
+ PK11_PQG_DestroyVerify(pqg_verify);
+ if (mech_ == CKM_DSA_KEY_PAIR_GEN) {
+ std::cerr << "Generate DSA pair" << std::endl;
+ return std::unique_ptr<ParamHolder>(new PqgParamHolder(pqg_params));
+ }
+ std::cerr << "Generate DH pair" << std::endl;
+ return std::unique_ptr<ParamHolder>(new DhParamHolder(pqg_params));
+ }
+
+ case CKM_EC_KEY_PAIR_GEN:
+ std::cerr << "Generate EC pair on " << curve_ << std::endl;
+ return std::unique_ptr<ParamHolder>(new EcParamHolder(curve_));
+
+ default:
+ ADD_FAILURE() << "unknown OID " << mech_;
+ }
+ return nullptr;
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_keygen.h b/security/nss/gtests/pk11_gtest/pk11_keygen.h
new file mode 100644
index 000000000..05ff97210
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_keygen.h
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "secoid.h"
+
+#include "nss_scoped_ptrs.h"
+
+namespace nss_test {
+
+class ParamHolder;
+
+class Pkcs11KeyPairGenerator {
+ public:
+ Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech, SECOidTag curve_oid)
+ : mech_(mech), curve_(curve_oid) {}
+ Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech)
+ : Pkcs11KeyPairGenerator(mech, SEC_OID_UNKNOWN) {}
+
+ CK_MECHANISM_TYPE mechanism() const { return mech_; }
+ SECOidTag curve() const { return curve_; }
+
+ void GenerateKey(ScopedSECKEYPrivateKey* priv_key,
+ ScopedSECKEYPublicKey* pub_key) const;
+
+ private:
+ std::unique_ptr<ParamHolder> MakeParams() const;
+
+ CK_MECHANISM_TYPE mech_;
+ SECOidTag curve_;
+};
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc
new file mode 100644
index 000000000..9627c823e
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "prsystem.h"
+#include "secoid.h"
+
+#include "nss_scoped_ptrs.h"
+#include "gtest/gtest.h"
+#include "databuffer.h"
+
+namespace nss_test {
+
+class Pkcs11ModuleTest : public ::testing::Test {
+ public:
+ Pkcs11ModuleTest() {}
+
+ void SetUp() override {
+ ASSERT_EQ(SECSuccess, SECMOD_AddNewModule("Pkcs11ModuleTest", DLL_PREFIX
+ "pkcs11testmodule." DLL_SUFFIX,
+ 0, 0))
+ << PORT_ErrorToName(PORT_GetError());
+ }
+
+ void TearDown() override {
+ int type;
+ ASSERT_EQ(SECSuccess, SECMOD_DeleteModule("Pkcs11ModuleTest", &type));
+ ASSERT_EQ(SECMOD_EXTERNAL, type);
+ }
+};
+
+TEST_F(Pkcs11ModuleTest, LoadUnload) {
+ ScopedSECMODModule module(SECMOD_FindModule("Pkcs11ModuleTest"));
+ EXPECT_NE(nullptr, module);
+}
+
+TEST_F(Pkcs11ModuleTest, ListSlots) {
+ ScopedPK11SlotList slots(
+ PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr));
+ EXPECT_NE(nullptr, slots);
+
+ PK11SlotListElement* element = PK11_GetFirstSafe(slots.get());
+ EXPECT_NE(nullptr, element);
+
+ // These tokens are always present.
+ const std::vector<std::string> kSlotsWithToken = {
+ "NSS Internal Cryptographic Services",
+ "NSS User Private Key and Certificate Services",
+ "Test PKCS11 Public Certs Slot", "Test PKCS11 Slot 二"};
+ std::vector<std::string> foundSlots;
+
+ do {
+ std::string name = PK11_GetSlotName(element->slot);
+ foundSlots.push_back(name);
+ std::cerr << "loaded slot: " << name << std::endl;
+ } while ((element = PK11_GetNextSafe(slots.get(), element, PR_FALSE)) !=
+ nullptr);
+
+ std::sort(foundSlots.begin(), foundSlots.end());
+ EXPECT_TRUE(std::equal(kSlotsWithToken.begin(), kSlotsWithToken.end(),
+ foundSlots.begin()));
+}
+
+TEST_F(Pkcs11ModuleTest, PublicCertificatesToken) {
+ const std::string kRegularToken = "Test PKCS11 Tokeñ 2 Label";
+ const std::string kPublicCertificatesToken = "Test PKCS11 Public Certs Token";
+
+ ScopedPK11SlotInfo slot1(PK11_FindSlotByName(kRegularToken.c_str()));
+ EXPECT_NE(nullptr, slot1);
+ EXPECT_FALSE(PK11_IsFriendly(slot1.get()));
+
+ ScopedPK11SlotInfo slot2(
+ PK11_FindSlotByName(kPublicCertificatesToken.c_str()));
+ EXPECT_NE(nullptr, slot2);
+ EXPECT_TRUE(PK11_IsFriendly(slot2.get()));
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
index fc055f400..58684fc77 100644
--- a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -22,53 +22,102 @@ class Pkcs11Pbkdf2Test : public ::testing::Test {
public:
void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) {
// Shared between test vectors.
- const unsigned int iterations = 4096;
+ const unsigned int kIterations = 4096;
std::string pass("passwordPASSWORDpassword");
std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
// Derivation must succeed with the right values.
- EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
+ EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, kIterations));
// Derivation must fail when the password is bogus.
- std::string bogusPass("PasswordPASSWORDpassword");
- EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations));
+ std::string bogus_pass("PasswordPASSWORDpassword");
+ EXPECT_FALSE(DeriveBytes(bogus_pass, salt, derived, hash_alg, kIterations));
// Derivation must fail when the salt is bogus.
- std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
- EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations));
+ std::string bogus_salt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
+ EXPECT_FALSE(DeriveBytes(pass, bogus_salt, derived, hash_alg, kIterations));
// Derivation must fail when using the wrong hash function.
SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1);
- EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations));
+ EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, kIterations));
- // Derivation must fail when using the wrong number of iterations.
- EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
+ // Derivation must fail when using the wrong number of kIterations.
+ EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, kIterations + 1));
+ }
+
+ void KeySizes(SECOidTag hash_alg) {
+ // These tests will only validate the controls around the key sizes.
+ // The resulting key is tested above, with valid key sizes.
+ const unsigned int kIterations = 10;
+ std::string pass("passwordPASSWORDpassword");
+ std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
+
+ // Derivation must fail when using key sizes bigger than MAX_KEY_LEN.
+ const int big_key_size = 768;
+ EXPECT_FALSE(KeySizeParam(pass, salt, big_key_size, hash_alg, kIterations));
+
+ // Zero is acceptable as key size and will be managed internally.
+ const int zero_key_size = 0;
+ EXPECT_TRUE(KeySizeParam(pass, salt, zero_key_size, hash_alg, kIterations));
+
+ // -1 will be set to 0 internally and this means that the key size will be
+ // obtained from the template. If the template doesn't have this defined,
+ // it must fail.
+ const int minus_key_size = -1;
+ EXPECT_FALSE(
+ KeySizeParam(pass, salt, minus_key_size, hash_alg, kIterations));
+
+ // Lower than -1 is not allowed, as -1 means no keyLen defined.
+ const int negative_key_size = -10;
+ EXPECT_FALSE(
+ KeySizeParam(pass, salt, negative_key_size, hash_alg, kIterations));
}
private:
bool DeriveBytes(std::string& pass, std::string& salt,
std::vector<uint8_t>& derived, SECOidTag hash_alg,
- unsigned int iterations) {
- SECItem passItem = {siBuffer, ToUcharPtr(pass),
- static_cast<unsigned int>(pass.length())};
- SECItem saltItem = {siBuffer, ToUcharPtr(salt),
- static_cast<unsigned int>(salt.length())};
+ unsigned int kIterations) {
+ SECItem pass_item = {siBuffer, ToUcharPtr(pass),
+ static_cast<unsigned int>(pass.length())};
+ SECItem salt_item = {siBuffer, ToUcharPtr(salt),
+ static_cast<unsigned int>(salt.length())};
// Set up PBKDF2 params.
ScopedSECAlgorithmID alg_id(
PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
- derived.size(), iterations, &saltItem));
+ derived.size(), kIterations, &salt_item));
// Derive.
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
- ScopedPK11SymKey symKey(
- PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+ ScopedPK11SymKey sym_key(
+ PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr));
- SECStatus rv = PK11_ExtractKeyValue(symKey.get());
+ SECStatus rv = PK11_ExtractKeyValue(sym_key.get());
EXPECT_EQ(rv, SECSuccess);
- SECItem* keyData = PK11_GetKeyData(symKey.get());
- return !memcmp(&derived[0], keyData->data, keyData->len);
+ SECItem* key_data = PK11_GetKeyData(sym_key.get());
+ return !memcmp(&derived[0], key_data->data, key_data->len);
+ }
+
+ bool KeySizeParam(std::string& pass, std::string& salt, const int key_size,
+ SECOidTag hash_alg, unsigned int kIterations) {
+ SECItem pass_item = {siBuffer, ToUcharPtr(pass),
+ static_cast<unsigned int>(pass.length())};
+ SECItem salt_item = {siBuffer, ToUcharPtr(salt),
+ static_cast<unsigned int>(salt.length())};
+
+ // Set up PBKDF2 params.
+ ScopedSECAlgorithmID alg_id(
+ PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+ key_size, kIterations, &salt_item));
+
+ // Try to generate a key with the defined params.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey sym_key(
+ PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr));
+
+ // Should be nullptr if fail.
+ return sym_key.get();
}
};
@@ -93,4 +142,9 @@ TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
Derive(derived, SEC_OID_HMAC_SHA256);
}
+TEST_F(Pkcs11Pbkdf2Test, KeyLenSizes) {
+ // The size controls are regardless of the algorithms.
+ KeySizes(SEC_OID_HMAC_SHA256);
+}
+
} // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
index ed0573027..2024a525f 100644
--- a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -93,6 +93,20 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
EXPECT_EQ(rv, SECFailure);
}
+TEST_F(Pkcs11RsaPssTest, NoLeakWithInvalidExponent) {
+ // Attempt to generate an RSA key with a public exponent of 1. This should
+ // fail, but it shouldn't leak memory.
+ PK11RSAGenParams rsaGenParams = {1024, 0x01};
+
+ // Generate RSA key pair.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ SECKEYPublicKey* pubKey = nullptr;
+ SECKEYPrivateKey* privKey =
+ PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams,
+ &pubKey, false, false, nullptr);
+ EXPECT_FALSE(privKey);
+ EXPECT_FALSE(pubKey);
+}
class Pkcs11RsaPssVectorTest
: public Pkcs11RsaPssTest,
public ::testing::WithParamInterface<Pkcs11SignatureTestParams> {};
diff --git a/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc
new file mode 100644
index 000000000..dd90b7853
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+
+#include "nss_scoped_ptrs.h"
+#include "gtest/gtest.h"
+#include "util.h"
+
+namespace nss_test {
+class Pkcs11SeedCbcTest : public ::testing::Test {
+ protected:
+ enum class Action { Encrypt, Decrypt };
+
+ SECStatus EncryptDecryptSeed(Action action, unsigned int input_size,
+ unsigned int output_size) {
+ // Generate a random key.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey sym_key(
+ PK11_KeyGen(slot.get(), kMech, nullptr, 16, nullptr));
+ EXPECT_TRUE(!!sym_key);
+
+ std::vector<uint8_t> data(input_size);
+ std::vector<uint8_t> init_vector(16);
+ std::vector<uint8_t> output(output_size);
+ SECItem params = {siBuffer, init_vector.data(),
+ (unsigned int)init_vector.size()};
+
+ // Try to encrypt/decrypt.
+ unsigned int output_len = 0;
+ if (action == Action::Encrypt) {
+ return PK11_Encrypt(sym_key.get(), kMech, &params, output.data(),
+ &output_len, output_size, data.data(), data.size());
+ } else {
+ return PK11_Decrypt(sym_key.get(), kMech, &params, output.data(),
+ &output_len, output_size, data.data(), data.size());
+ }
+ }
+ const CK_MECHANISM_TYPE kMech = CKM_SEED_CBC;
+};
+
+// The intention here is to test the arguments of these functions
+// The resulted content is already tested in EncryptDeriveTests.
+// SEED_CBC needs an IV of 16 bytes.
+// The input data size must be multiple of 16.
+// If not, some padding should be added.
+// The output size must be at least the size of input data.
+TEST_F(Pkcs11SeedCbcTest, SeedCBC_ValidArgs) {
+ EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Encrypt, 16, 16));
+ EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Decrypt, 16, 16));
+ // No problem if maxLen is bigger than input data.
+ EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Encrypt, 16, 32));
+ EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Decrypt, 16, 32));
+}
+
+TEST_F(Pkcs11SeedCbcTest, SeedCBC_InvalidArgs) {
+ // maxLen lower than input data.
+ EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Encrypt, 16, 10));
+ EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Decrypt, 16, 10));
+ // input data not multiple of SEED_BLOCK_SIZE (16)
+ EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Encrypt, 17, 32));
+ EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Decrypt, 17, 32));
+}
+
+} // namespace nss_test \ No newline at end of file
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
index 0526fea55..cd46f17d7 100644
--- a/security/nss/gtests/pk11_gtest/pk11_signature_test.h
+++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
@@ -59,6 +59,9 @@ class Pk11SignatureTest : public ::testing::Test {
ScopedCERTSubjectPublicKeyInfo certSpki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+ if (!certSpki) {
+ return nullptr;
+ }
return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get()));
}
diff --git a/security/nss/gtests/pkcs11testmodule/Makefile b/security/nss/gtests/pkcs11testmodule/Makefile
new file mode 100644
index 000000000..6635aabc3
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+export:: private_export
diff --git a/security/nss/gtests/pkcs11testmodule/config.mk b/security/nss/gtests/pkcs11testmodule/config.mk
new file mode 100644
index 000000000..a1e2df79d
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/config.mk
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+endif
diff --git a/security/nss/gtests/pkcs11testmodule/manifest.mn b/security/nss/gtests/pkcs11testmodule/manifest.mn
new file mode 100644
index 000000000..3c0e40778
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+MODULE = nss
+
+CPPSRCS = \
+ pkcs11testmodule.cpp \
+ $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = cpputil
+
+MAPFILE = $(OBJDIR)/pkcs11testmodule.def
+
+LIBRARY_NAME = pkcs11testmodule
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
+ $(NULL)
diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp
new file mode 100644
index 000000000..dbb574442
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp
@@ -0,0 +1,658 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a testing PKCS #11 module that simulates a token being inserted and
+// removed from a slot every 50ms. This is achieved mainly in
+// Test_C_WaitForSlotEvent. If the application that loaded this module calls
+// C_WaitForSlotEvent, this module waits for 50ms and returns, having changed
+// its internal state to report that the token has either been inserted or
+// removed, as appropriate.
+// This module also provides an alternate token that is always present for tests
+// that don't want the cyclic behavior described above.
+
+#include <assert.h>
+#include <string.h>
+
+#ifdef _WIN32
+# include <windows.h> // for Sleep
+#else
+# include <unistd.h> // for usleep
+#endif
+
+#include "pkcs11t.h"
+
+#undef CK_DECLARE_FUNCTION
+
+#ifdef _WIN32
+#define CK_DECLARE_FUNCTION(rtype, func) extern rtype __declspec(dllexport) func
+#else
+#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func
+#endif
+
+#include "pkcs11.h"
+
+#if __cplusplus < 201103L
+# include <prtypes.h>
+# define static_assert(condition, message) PR_STATIC_ASSERT(condition)
+#endif
+
+CK_RV Test_C_Initialize(CK_VOID_PTR) { return CKR_OK; }
+
+CK_RV Test_C_Finalize(CK_VOID_PTR) { return CKR_OK; }
+
+static const CK_VERSION CryptokiVersion = {2, 2};
+static const CK_VERSION TestLibraryVersion = {0, 0};
+static const char TestLibraryDescription[] = "Test PKCS11 Library";
+static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID";
+
+/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs.
+ * Those buffers are padded with spaces. DestSize corresponds to the declared
+ * size for those buffers (e.g. 32 for `char foo[32]`).
+ * The src buffer is a string literal. SrcSize includes the string
+ * termination character (e.g. 4 for `const char foo[] = "foo"` */
+template <size_t DestSize, size_t SrcSize>
+void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize]) {
+ static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
+ memcpy(dest, src, SrcSize - 1);
+ memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1);
+}
+
+CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo) {
+ if (!pInfo) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ pInfo->cryptokiVersion = CryptokiVersion;
+ CopyString(pInfo->manufacturerID, TestManufacturerID);
+ pInfo->flags = 0; // must be 0
+ CopyString(pInfo->libraryDescription, TestLibraryDescription);
+ pInfo->libraryVersion = TestLibraryVersion;
+ return CKR_OK;
+}
+
+CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR) { return CKR_OK; }
+
+static int tokenPresent = 0;
+
+// The token in slot 4 has 2 objects. Both of them are profile object
+// and identified by object ID 1 or 2.
+static bool readingProfile = false;
+static const CK_PROFILE_ID profiles[] = {CKP_PUBLIC_CERTIFICATES_TOKEN,
+ CKP_BASELINE_PROVIDER};
+static int profileIndex = 0;
+
+CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent,
+ CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
+ if (!pulCount) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ CK_SLOT_ID slots[4];
+ CK_ULONG slotCount = 0;
+
+ // We always return slot 2 and 4.
+ slots[slotCount++] = 2;
+ slots[slotCount++] = 4;
+
+ // Slot 1 is a removable slot where a token is present if
+ // tokenPresent = CK_TRUE.
+ if (tokenPresent || !limitToTokensPresent) {
+ slots[slotCount++] = 1;
+ }
+
+ // Slot 3 is a removable slot which never has a token.
+ if (!limitToTokensPresent) {
+ slots[slotCount++] = 3;
+ }
+
+ if (pSlotList) {
+ if (*pulCount < slotCount) {
+ return CKR_BUFFER_TOO_SMALL;
+ }
+ memcpy(pSlotList, slots, sizeof(CK_SLOT_ID) * slotCount);
+ }
+
+ *pulCount = slotCount;
+ return CKR_OK;
+}
+
+static const char TestSlotDescription[] = "Test PKCS11 Slot";
+static const char TestSlot2Description[] = "Test PKCS11 Slot 二";
+static const char TestSlot3Description[] = "Empty PKCS11 Slot";
+static const char TestSlot4Description[] = "Test PKCS11 Public Certs Slot";
+
+CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
+ if (!pInfo) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ switch (slotID) {
+ case 1:
+ CopyString(pInfo->slotDescription, TestSlotDescription);
+ pInfo->flags =
+ (tokenPresent ? CKF_TOKEN_PRESENT : 0) | CKF_REMOVABLE_DEVICE;
+ break;
+ case 2:
+ CopyString(pInfo->slotDescription, TestSlot2Description);
+ pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+ break;
+ case 3:
+ CopyString(pInfo->slotDescription, TestSlot3Description);
+ pInfo->flags = CKF_REMOVABLE_DEVICE;
+ break;
+ case 4:
+ CopyString(pInfo->slotDescription, TestSlot4Description);
+ pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ CopyString(pInfo->manufacturerID, TestManufacturerID);
+ pInfo->hardwareVersion = TestLibraryVersion;
+ pInfo->firmwareVersion = TestLibraryVersion;
+ return CKR_OK;
+}
+
+// Deliberately include énye to ensure we're handling encoding correctly.
+// The PKCS #11 base specification v2.20 specifies that strings be encoded
+// as UTF-8.
+static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label";
+static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label";
+static const char TestToken4Label[] = "Test PKCS11 Public Certs Token";
+static const char TestTokenModel[] = "Test Model";
+
+CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) {
+ if (!pInfo) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ switch (slotID) {
+ case 1:
+ CopyString(pInfo->label, TestTokenLabel);
+ break;
+ case 2:
+ CopyString(pInfo->label, TestToken2Label);
+ break;
+ case 4:
+ CopyString(pInfo->label, TestToken4Label);
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ CopyString(pInfo->manufacturerID, TestManufacturerID);
+ CopyString(pInfo->model, TestTokenModel);
+ memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber));
+ pInfo->flags = CKF_TOKEN_INITIALIZED;
+ pInfo->ulMaxSessionCount = 1;
+ pInfo->ulSessionCount = 0;
+ pInfo->ulMaxRwSessionCount = 1;
+ pInfo->ulRwSessionCount = 0;
+ pInfo->ulMaxPinLen = 4;
+ pInfo->ulMinPinLen = 4;
+ pInfo->ulTotalPublicMemory = 1024;
+ pInfo->ulFreePublicMemory = 1024;
+ pInfo->ulTotalPrivateMemory = 1024;
+ pInfo->ulFreePrivateMemory = 1024;
+ pInfo->hardwareVersion = TestLibraryVersion;
+ pInfo->firmwareVersion = TestLibraryVersion;
+ memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime));
+ return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismList(CK_SLOT_ID, CK_MECHANISM_TYPE_PTR,
+ CK_ULONG_PTR pulCount) {
+ if (!pulCount) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ *pulCount = 0;
+ return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE,
+ CK_MECHANISM_INFO_PTR) {
+ return CKR_OK;
+}
+
+CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR) {
+ return CKR_OK;
+}
+
+CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG,
+ CK_UTF8CHAR_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY,
+ CK_SESSION_HANDLE_PTR phSession) {
+ switch (slotID) {
+ case 1:
+ *phSession = 1;
+ break;
+ case 2:
+ *phSession = 2;
+ break;
+ case 4:
+ *phSession = 4;
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ return CKR_OK;
+}
+
+CK_RV Test_C_CloseSession(CK_SESSION_HANDLE) { return CKR_OK; }
+
+CK_RV Test_C_CloseAllSessions(CK_SLOT_ID) { return CKR_OK; }
+
+CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+ CK_SESSION_INFO_PTR pInfo) {
+ if (!pInfo) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ switch (hSession) {
+ case 1:
+ pInfo->slotID = 1;
+ break;
+ case 2:
+ pInfo->slotID = 2;
+ break;
+ case 4:
+ pInfo->slotID = 4;
+ break;
+ default:
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ pInfo->state = CKS_RO_PUBLIC_SESSION;
+ pInfo->flags = CKF_SERIAL_SESSION;
+ return CKR_OK;
+}
+
+CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_OBJECT_HANDLE, CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Logout(CK_SESSION_HANDLE) { return CKR_FUNCTION_NOT_SUPPORTED; }
+
+CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+ CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR,
+ CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE hObject,
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
+ if (hSession == 4) {
+ assert(hObject >= 1 &&
+ hObject - 1 < sizeof(profiles) / sizeof(profiles[0]));
+ for (CK_ULONG count = 0; count < ulCount; count++) {
+ if (pTemplate[count].type == CKA_PROFILE_ID) {
+ if (pTemplate[count].pValue) {
+ assert(pTemplate[count].ulValueLen == sizeof(CK_ULONG));
+ CK_ULONG value = profiles[hObject - 1];
+ memcpy(pTemplate[count].pValue, &value, sizeof(value));
+ } else {
+ pTemplate[count].ulValueLen = sizeof(CK_ULONG);
+ }
+ } else {
+ pTemplate[count].ulValueLen = (CK_ULONG)-1;
+ }
+ }
+ return CKR_OK;
+ }
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) {
+ // Slot 4
+ if (hSession == 4) {
+ for (CK_ULONG count = 0; count < ulCount; count++) {
+ CK_ATTRIBUTE attribute = pTemplate[count];
+ if (attribute.type == CKA_CLASS) {
+ assert(attribute.ulValueLen == sizeof(CK_ULONG));
+
+ CK_ULONG value;
+ memcpy(&value, attribute.pValue, attribute.ulValueLen);
+ if (value == CKO_PROFILE) {
+ readingProfile = true;
+ profileIndex = 0;
+ break;
+ }
+ }
+ }
+ }
+ return CKR_OK;
+}
+
+CK_RV Test_C_FindObjects(CK_SESSION_HANDLE hSession,
+ CK_OBJECT_HANDLE_PTR phObject,
+ CK_ULONG ulMaxObjectCount,
+ CK_ULONG_PTR pulObjectCount) {
+ if (readingProfile) {
+ assert(hSession == 4);
+ CK_ULONG count = ulMaxObjectCount;
+ size_t remaining = sizeof(profiles) / sizeof(profiles[0]) - profileIndex;
+ if (count > remaining) {
+ count = remaining;
+ }
+ for (CK_ULONG i = 0; i < count; i++) {
+ phObject[i] = i + 1;
+ }
+ profileIndex += count;
+ *pulObjectCount = count;
+ } else {
+ *pulObjectCount = 0;
+ }
+ return CKR_OK;
+}
+
+CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
+ readingProfile = false;
+ return CKR_OK;
+}
+
+CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+ CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+ CK_OBJECT_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+ CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR,
+ CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+ CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR,
+ CK_ULONG, CK_OBJECT_HANDLE_PTR,
+ CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+ CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+ CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
+ CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+ CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE) {
+ return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR) {
+#ifdef _WIN32
+ Sleep(50); // Sleep takes the duration argument as milliseconds
+#else
+ usleep(50000); // usleep takes the duration argument as microseconds
+#endif
+ *pSlot = 1;
+ tokenPresent = !tokenPresent;
+ return CKR_OK;
+}
+
+static CK_FUNCTION_LIST FunctionList = {{2, 2},
+ Test_C_Initialize,
+ Test_C_Finalize,
+ Test_C_GetInfo,
+ Test_C_GetFunctionList,
+ Test_C_GetSlotList,
+ Test_C_GetSlotInfo,
+ Test_C_GetTokenInfo,
+ Test_C_GetMechanismList,
+ Test_C_GetMechanismInfo,
+ Test_C_InitToken,
+ Test_C_InitPIN,
+ Test_C_SetPIN,
+ Test_C_OpenSession,
+ Test_C_CloseSession,
+ Test_C_CloseAllSessions,
+ Test_C_GetSessionInfo,
+ Test_C_GetOperationState,
+ Test_C_SetOperationState,
+ Test_C_Login,
+ Test_C_Logout,
+ Test_C_CreateObject,
+ Test_C_CopyObject,
+ Test_C_DestroyObject,
+ Test_C_GetObjectSize,
+ Test_C_GetAttributeValue,
+ Test_C_SetAttributeValue,
+ Test_C_FindObjectsInit,
+ Test_C_FindObjects,
+ Test_C_FindObjectsFinal,
+ Test_C_EncryptInit,
+ Test_C_Encrypt,
+ Test_C_EncryptUpdate,
+ Test_C_EncryptFinal,
+ Test_C_DecryptInit,
+ Test_C_Decrypt,
+ Test_C_DecryptUpdate,
+ Test_C_DecryptFinal,
+ Test_C_DigestInit,
+ Test_C_Digest,
+ Test_C_DigestUpdate,
+ Test_C_DigestKey,
+ Test_C_DigestFinal,
+ Test_C_SignInit,
+ Test_C_Sign,
+ Test_C_SignUpdate,
+ Test_C_SignFinal,
+ Test_C_SignRecoverInit,
+ Test_C_SignRecover,
+ Test_C_VerifyInit,
+ Test_C_Verify,
+ Test_C_VerifyUpdate,
+ Test_C_VerifyFinal,
+ Test_C_VerifyRecoverInit,
+ Test_C_VerifyRecover,
+ Test_C_DigestEncryptUpdate,
+ Test_C_DecryptDigestUpdate,
+ Test_C_SignEncryptUpdate,
+ Test_C_DecryptVerifyUpdate,
+ Test_C_GenerateKey,
+ Test_C_GenerateKeyPair,
+ Test_C_WrapKey,
+ Test_C_UnwrapKey,
+ Test_C_DeriveKey,
+ Test_C_SeedRandom,
+ Test_C_GenerateRandom,
+ Test_C_GetFunctionStatus,
+ Test_C_CancelFunction,
+ Test_C_WaitForSlotEvent};
+
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+ *ppFunctionList = &FunctionList;
+ return CKR_OK;
+}
diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def
new file mode 100644
index 000000000..e03b39e5f
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def
@@ -0,0 +1,8 @@
+;+NSS_3.48 { # NSS 3.48 release
+;+ global:
+LIBRARY pkcs11testmodule ;-
+EXPORTS ;-
+C_GetFunctionList;
+;+ local:
+;+ *;
+;+};
diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp
new file mode 100644
index 000000000..00e449186
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../common/gtest.gypi',
+ ],
+ 'targets': [
+ {
+ 'target_name': 'pkcs11testmodule',
+ 'type': 'shared_library',
+ 'sources': [
+ 'pkcs11testmodule.cpp',
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
+ '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+ ],
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc
new file mode 100644
index 000000000..5baaa1d84
--- /dev/null
+++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <winver.h>
+
+#define MY_LIBNAME "pkcs11testmodule"
+#define MY_FILEDESCRIPTION "NSS PKCS #11 Test Module"
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME
+#define MY_VERSION "0"
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION 0,0,0,0
+ PRODUCTVERSION 0,0,0,0
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+ BLOCK "StringFileInfo"
+ BEGIN
+ BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+ BEGIN
+ VALUE "CompanyName", "Mozilla Foundation\0"
+ VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+ VALUE "FileVersion", MY_VERSION "\0"
+ VALUE "InternalName", MY_INTERNAL_NAME "\0"
+ VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+ VALUE "ProductName", "Network Security Services\0"
+ VALUE "ProductVersion", MY_VERSION "\0"
+ END
+ END
+ BLOCK "VarFileInfo"
+ BEGIN
+ VALUE "Translation", 0x409, 1200
+ END
+END
diff --git a/security/nss/gtests/smime_gtest/Makefile b/security/nss/gtests/smime_gtest/Makefile
new file mode 100644
index 000000000..0d547e080
--- /dev/null
+++ b/security/nss/gtests/smime_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
diff --git a/security/nss/gtests/smime_gtest/manifest.mn b/security/nss/gtests/smime_gtest/manifest.mn
new file mode 100644
index 000000000..d3e982cca
--- /dev/null
+++ b/security/nss/gtests/smime_gtest/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+MODULE = nss
+
+CPPSRCS = \
+ smime_unittest.cc \
+ $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common \
+ -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr gtest
+
+PROGRAM = smime_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX)
diff --git a/security/nss/gtests/smime_gtest/smime_gtest.gyp b/security/nss/gtests/smime_gtest/smime_gtest.gyp
new file mode 100644
index 000000000..0ff2804f8
--- /dev/null
+++ b/security/nss/gtests/smime_gtest/smime_gtest.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../common/gtest.gypi',
+ ],
+ 'targets': [
+ {
+ 'target_name': 'smime_gtest',
+ 'type': 'executable',
+ 'sources': [
+ 'smime_unittest.cc',
+ '<(DEPTH)/gtests/common/gtests.cc'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
+ '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+ '<(DEPTH)/lib/util/util.gyp:nssutil3',
+ '<(DEPTH)/lib/nss/nss.gyp:nss3',
+ '<(DEPTH)/lib/smime/smime.gyp:smime',
+ '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/gtests/smime_gtest/smime_unittest.cc b/security/nss/gtests/smime_gtest/smime_unittest.cc
new file mode 100644
index 000000000..385e19a97
--- /dev/null
+++ b/security/nss/gtests/smime_gtest/smime_unittest.cc
@@ -0,0 +1,137 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License v. 2.0. If a copy of the MPL was not distributed with this file
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <string>
+
+#include "gtest/gtest.h"
+
+#include "scoped_ptrs_smime.h"
+#include "smime.h"
+
+namespace nss_test {
+
+// See bug 1507174; this is a CMS serialization (RFC 5652) that claims to be
+// 12336 bytes long, which ensures CMS validates the streaming decoder's
+// incorrect length.
+static const unsigned char kHugeLenAsn1[] = {
+ 0x30, 0x82, 0x30, 0x30, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+ 0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x02, 0x30, 0x30, 0x30, 0x02,
+ 0x01, 0x30, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x30, 0x30, 0x30,
+ 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x30, 0x0B, 0x06,
+ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05};
+
+// secp256r1 signature with no certs and no attrs
+static unsigned char kValidSignature[] = {
+ 0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
+ 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
+ 0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
+ 0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
+ 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
+ 0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
+ 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
+ 0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
+ 0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
+ 0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
+ 0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
+ 0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
+ 0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
+ 0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
+ 0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
+ 0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
+ 0x2B, 0x73, 0x80, 0x4A, 0x1A};
+
+// See bug 1507135; this is a CMS signature that contains only the OID
+static unsigned char kTruncatedSignature[] = {0x30, 0x0B, 0x06, 0x09, 0x2A,
+ 0x86, 0x48, 0x86, 0xF7, 0x0D,
+ 0x01, 0x07, 0x02};
+
+// secp256r1 signature that's truncated by one byte.
+static unsigned char kSlightlyTruncatedSignature[] = {
+ 0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+ 0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31,
+ 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
+ 0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+ 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02,
+ 0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06,
+ 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53,
+ 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04,
+ 0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20,
+ 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20,
+ 0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97,
+ 0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD,
+ 0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
+ 0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE,
+ 0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB,
+ 0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1,
+ 0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87,
+ 0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E,
+ 0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05,
+ 0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC,
+ 0x2B, 0x73, 0x80, 0x4A};
+
+class SMimeTest : public ::testing::Test {};
+
+TEST_F(SMimeTest, InvalidDER) {
+ PK11SymKey* bulk_key = nullptr;
+ NSSCMSDecoderContext* dcx =
+ NSS_CMSDecoder_Start(nullptr, nullptr, nullptr, /* content callback */
+ nullptr, nullptr, /* password callback */
+ nullptr, /* key callback */
+ bulk_key);
+ ASSERT_NE(nullptr, dcx);
+ EXPECT_EQ(SECSuccess, NSS_CMSDecoder_Update(
+ dcx, reinterpret_cast<const char*>(kHugeLenAsn1),
+ sizeof(kHugeLenAsn1)));
+ EXPECT_EQ(nullptr, bulk_key);
+ ASSERT_FALSE(NSS_CMSDecoder_Finish(dcx));
+}
+
+TEST_F(SMimeTest, IsSignedValid) {
+ SECItem sig_der_item = {siBuffer, kValidSignature, sizeof(kValidSignature)};
+
+ ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
+ &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
+
+ ASSERT_TRUE(cms_msg);
+
+ ASSERT_TRUE(NSS_CMSMessage_IsSigned(cms_msg.get()));
+}
+
+TEST_F(SMimeTest, TruncatedCmsSignature) {
+ SECItem sig_der_item = {siBuffer, kTruncatedSignature,
+ sizeof(kTruncatedSignature)};
+
+ ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
+ &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
+
+ ASSERT_TRUE(cms_msg);
+
+ ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
+}
+
+TEST_F(SMimeTest, SlightlyTruncatedCmsSignature) {
+ SECItem sig_der_item = {siBuffer, kSlightlyTruncatedSignature,
+ sizeof(kSlightlyTruncatedSignature)};
+
+ ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER(
+ &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr));
+
+ ASSERT_FALSE(cms_msg);
+
+ ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get()));
+}
+
+TEST_F(SMimeTest, IsSignedNull) {
+ ASSERT_FALSE(NSS_CMSMessage_IsSigned(nullptr));
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/softoken_gtest/manifest.mn b/security/nss/gtests/softoken_gtest/manifest.mn
index 4b34c099f..8a533c56b 100644
--- a/security/nss/gtests/softoken_gtest/manifest.mn
+++ b/security/nss/gtests/softoken_gtest/manifest.mn
@@ -6,12 +6,22 @@ CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss
+DEFINES += -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" -DDLL_PREFIX=\"$(DLL_PREFIX)\"
+
+include $(CORE_DEPTH)/coreconf/arch.mk
+ifneq ($(OS_ARCH),WINNT)
+DB_TESTS = \
+ softoken_nssckbi_testlib_gtest.cc
+endif
+
CPPSRCS = \
softoken_gtest.cc \
+ $(DB_TESTS) \
$(NULL)
INCLUDES += \
-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common \
-I$(CORE_DEPTH)/cpputil \
$(NULL)
diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.cc b/security/nss/gtests/softoken_gtest/softoken_gtest.cc
index 5e2a497b8..17949800a 100644
--- a/security/nss/gtests/softoken_gtest/softoken_gtest.cc
+++ b/security/nss/gtests/softoken_gtest/softoken_gtest.cc
@@ -1,104 +1,20 @@
-#include <cstdlib>
-#if defined(_WIN32)
-#include <windows.h>
-#include <codecvt>
-#endif
-
#include "cert.h"
#include "certdb.h"
#include "nspr.h"
#include "nss.h"
#include "pk11pub.h"
+#include "secmod.h"
#include "secerr.h"
#include "nss_scoped_ptrs.h"
+#include "util.h"
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
+#include <fstream>
namespace nss_test {
-// Given a prefix, attempts to create a unique directory that the user can do
-// work in without impacting other tests. For example, if given the prefix
-// "scratch", a directory like "scratch05c17b25" will be created in the current
-// working directory (or the location specified by NSS_GTEST_WORKDIR, if
-// defined).
-// Upon destruction, the implementation will attempt to delete the directory.
-// However, no attempt is made to first remove files in the directory - the
-// user is responsible for this. If the directory is not empty, deleting it will
-// fail.
-// Statistically, it is technically possible to fail to create a unique
-// directory name, but this is extremely unlikely given the expected workload of
-// this implementation.
-class ScopedUniqueDirectory {
- public:
- explicit ScopedUniqueDirectory(const std::string &prefix);
-
- // NB: the directory must be empty upon destruction
- ~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); }
-
- const std::string &GetPath() { return mPath; }
- const std::string &GetUTF8Path() { return mUTF8Path; }
-
- private:
- static const int RETRY_LIMIT = 5;
- static void GenerateRandomName(/*in/out*/ std::string &prefix);
- static bool TryMakingDirectory(/*in/out*/ std::string &prefix);
-
- std::string mPath;
- std::string mUTF8Path;
-};
-
-ScopedUniqueDirectory::ScopedUniqueDirectory(const std::string &prefix) {
- std::string path;
- const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
- if (workingDirectory) {
- path.assign(workingDirectory);
- }
- path.append(prefix);
- for (int i = 0; i < RETRY_LIMIT; i++) {
- std::string pathCopy(path);
- // TryMakingDirectory will modify its input. If it fails, we want to throw
- // away the modified result.
- if (TryMakingDirectory(pathCopy)) {
- mPath.assign(pathCopy);
- break;
- }
- }
- assert(mPath.length() > 0);
-#if defined(_WIN32)
- // sqldb always uses UTF-8 regardless of the current system locale.
- DWORD len =
- MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0);
- std::vector<wchar_t> buf(len, L'\0');
- MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(),
- buf.size());
- std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
- mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end()));
-#else
- mUTF8Path = mPath;
-#endif
-}
-
-void ScopedUniqueDirectory::GenerateRandomName(std::string &prefix) {
- std::stringstream ss;
- ss << prefix;
- // RAND_MAX is at least 32767.
- ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand();
- // This will overwrite the value of prefix. This is a little inefficient, but
- // at least it makes the code simple.
- ss >> prefix;
-}
-
-bool ScopedUniqueDirectory::TryMakingDirectory(std::string &prefix) {
- GenerateRandomName(prefix);
-#if defined(_WIN32)
- return _mkdir(prefix.c_str()) == 0;
-#else
- return mkdir(prefix.c_str(), 0777) == 0;
-#endif
-}
-
class SoftokenTest : public ::testing::Test {
protected:
SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {}
@@ -205,6 +121,27 @@ TEST_F(SoftokenTest, CreateObjectChangePassword) {
EXPECT_EQ(nullptr, obj);
}
+// The size limit for a password is 500 characters as defined in pkcs11i.h
+TEST_F(SoftokenTest, CreateObjectChangeToBigPassword) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot);
+ EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
+ EXPECT_EQ(
+ SECSuccess,
+ PK11_ChangePW(slot.get(), "",
+ "rUIFIFr2bxKnbJbitsfkyqttpk6vCJzlYMNxcxXcaN37gSZKbLk763X7iR"
+ "yeVNWZHQ02lSF69HYjzTyPW3318ZD0DBFMMbALZ8ZPZP73CIo5uIQlaowV"
+ "IbP8eOhRYtGUqoLGlcIFNEYogV8Q3GN58VeBMs0KxrIOvPQ9s8SnYYkqvt"
+ "zzgntmAvCgvk64x6eQf0okHwegd5wi6m0WVJytEepWXkP9J629FSa5kNT8"
+ "FvL3jvslkiImzTNuTvl32fQDXXMSc8vVk5Q3mH7trMZM0VDdwHWYERjHbz"
+ "kGxFgp0VhediHx7p9kkz6H6ac4et9sW4UkTnN7xhYc1Zr17wRSk2heQtcX"
+ "oZJGwuzhiKm8A8wkuVxms6zO56P4JORIk8oaUW6lyNTLo2kWWnTA"));
+ EXPECT_EQ(SECSuccess, PK11_Logout(slot.get()));
+ ScopedPK11GenericObject obj(PK11_CreateGenericObject(
+ slot.get(), attributes, PR_ARRAY_SIZE(attributes), true));
+ EXPECT_EQ(nullptr, obj);
+}
+
TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
ASSERT_TRUE(slot);
@@ -221,6 +158,76 @@ TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) {
EXPECT_NE(nullptr, obj);
}
+// We should be able to read CRLF, LF and CR.
+// During the Initialization of the NSS Database, is called a function to load
+// PKCS11 modules defined in pkcs11.txt. This file is read to get the
+// specifications, parse them and load the modules. Here we are ensuring that
+// the parsing will work correctly, independent of the breaking line format of
+// pkcs11.txt file, which could vary depending where it was created.
+// If the parsing is not well interpreted, the database cannot initialize.
+TEST_F(SoftokenTest, CreateObjectReadBreakLine) {
+ const std::string path = mNSSDBDir.GetPath();
+ const std::string dbname_in = path + "/pkcs11.txt";
+ const std::string dbname_out_cr = path + "/pkcs11_cr.txt";
+ const std::string dbname_out_crlf = path + "/pkcs11_crlf.txt";
+ const std::string dbname_out_lf = path + "/pkcs11_lf.txt";
+
+ std::ifstream in(dbname_in);
+ ASSERT_TRUE(in);
+ std::ofstream out_cr(dbname_out_cr);
+ ASSERT_TRUE(out_cr);
+ std::ofstream out_crlf(dbname_out_crlf);
+ ASSERT_TRUE(out_crlf);
+ std::ofstream out_lf(dbname_out_lf);
+ ASSERT_TRUE(out_lf);
+
+ // Database should be correctly initialized by Setup()
+ ASSERT_TRUE(NSS_IsInitialized());
+ ASSERT_EQ(SECSuccess, NSS_Shutdown());
+
+ // Prepare the file formats with CR, CRLF and LF
+ for (std::string line; getline(in, line);) {
+ out_cr << line << "\r";
+ out_crlf << line << "\r\n";
+ out_lf << line << "\n";
+ }
+ in.close();
+ out_cr.close();
+ out_crlf.close();
+ out_lf.close();
+
+ // Change the pkcs11.txt to CR format.
+ ASSERT_TRUE(!remove(dbname_in.c_str()));
+ ASSERT_TRUE(!rename(dbname_out_cr.c_str(), dbname_in.c_str()));
+
+ // Try to initialize with CR format.
+ std::string nssInitArg("sql:");
+ nssInitArg.append(mNSSDBDir.GetUTF8Path());
+ ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB,
+ NSS_INIT_NOROOTINIT));
+ ASSERT_TRUE(NSS_IsInitialized());
+ ASSERT_EQ(SECSuccess, NSS_Shutdown());
+
+ // Change the pkcs11.txt to CRLF format.
+ ASSERT_TRUE(!remove(dbname_in.c_str()));
+ ASSERT_TRUE(!rename(dbname_out_crlf.c_str(), dbname_in.c_str()));
+
+ // Try to initialize with CRLF format.
+ ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB,
+ NSS_INIT_NOROOTINIT));
+ ASSERT_TRUE(NSS_IsInitialized());
+ ASSERT_EQ(SECSuccess, NSS_Shutdown());
+
+ // Change the pkcs11.txt to LF format.
+ ASSERT_TRUE(!remove(dbname_in.c_str()));
+ ASSERT_TRUE(!rename(dbname_out_lf.c_str(), dbname_in.c_str()));
+
+ // Try to initialize with LF format.
+ ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB,
+ NSS_INIT_NOROOTINIT));
+ ASSERT_TRUE(NSS_IsInitialized());
+}
+
class SoftokenNonAsciiTest : public SoftokenTest {
protected:
SoftokenNonAsciiTest() : SoftokenTest("SoftokenTest.\xF7-") {}
@@ -351,6 +358,100 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoDB) {
ASSERT_EQ(SECSuccess, NSS_Shutdown());
}
+#ifndef NSS_FIPS_DISABLED
+
+class SoftokenFipsTest : public SoftokenTest {
+ protected:
+ SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {}
+
+ virtual void SetUp() {
+ SoftokenTest::SetUp();
+
+ // Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c)
+ char *internal_name;
+ ASSERT_FALSE(PK11_IsFIPS());
+ internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName);
+ ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name));
+ PR_smprintf_free(internal_name);
+ ASSERT_TRUE(PK11_IsFIPS());
+ }
+};
+
+const std::vector<std::string> kFipsPasswordCases[] = {
+ // FIPS level1 -> level1 -> level1
+ {"", "", ""},
+ // FIPS level1 -> level1 -> level2
+ {"", "", "strong-_123"},
+ // FIXME: this should work: FIPS level1 -> level2 -> level2
+ // {"", "strong-_123", "strong-_456"},
+ // FIPS level2 -> level2 -> level2
+ {"strong-_123", "strong-_456", "strong-_123"}};
+
+const std::vector<std::string> kFipsPasswordBadCases[] = {
+ // FIPS level1 -> level2 -> level1
+ {"", "strong-_123", ""},
+ // FIPS level2 -> level1 -> level1
+ {"strong-_123", ""},
+ // FIPS level2 -> level2 -> level1
+ {"strong-_123", "strong-_456", ""},
+ // initialize with a weak password
+ {"weak"},
+ // FIPS level1 -> weak password
+ {"", "weak"},
+ // FIPS level2 -> weak password
+ {"strong-_123", "weak"}};
+
+class SoftokenFipsPasswordTest
+ : public SoftokenFipsTest,
+ public ::testing::WithParamInterface<std::vector<std::string>> {};
+
+class SoftokenFipsBadPasswordTest
+ : public SoftokenFipsTest,
+ public ::testing::WithParamInterface<std::vector<std::string>> {};
+
+TEST_P(SoftokenFipsPasswordTest, SetPassword) {
+ const std::vector<std::string> &passwords = GetParam();
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot);
+
+ auto it = passwords.begin();
+ auto prev_it = it;
+ EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, (*it).c_str()));
+ for (it++; it != passwords.end(); it++, prev_it++) {
+ EXPECT_EQ(SECSuccess,
+ PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str()));
+ }
+}
+
+TEST_P(SoftokenFipsBadPasswordTest, SetBadPassword) {
+ const std::vector<std::string> &passwords = GetParam();
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot);
+
+ auto it = passwords.begin();
+ auto prev_it = it;
+ SECStatus rv = PK11_InitPin(slot.get(), nullptr, (*it).c_str());
+ if (it + 1 == passwords.end())
+ EXPECT_EQ(SECFailure, rv);
+ else
+ EXPECT_EQ(SECSuccess, rv);
+ for (it++; it != passwords.end(); it++, prev_it++) {
+ rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str());
+ if (it + 1 == passwords.end())
+ EXPECT_EQ(SECFailure, rv);
+ else
+ EXPECT_EQ(SECSuccess, rv);
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest,
+ ::testing::ValuesIn(kFipsPasswordCases));
+
+INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest,
+ ::testing::ValuesIn(kFipsPasswordBadCases));
+
+#endif
+
} // namespace nss_test
int main(int argc, char **argv) {
diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
index cff0ea414..3d9b8dba9 100644
--- a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
+++ b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp
@@ -12,6 +12,7 @@
'type': 'executable',
'sources': [
'softoken_gtest.cc',
+ 'softoken_nssckbi_testlib_gtest.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
@@ -19,7 +20,7 @@
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
@@ -30,6 +31,7 @@
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
}, {
'dependencies': [
@@ -43,6 +45,10 @@
'target_defaults': {
'include_dirs': [
'../../lib/util'
+ ],
+ 'defines': [
+ 'DLL_PREFIX=\"<(dll_prefix)\"',
+ 'DLL_SUFFIX=\"<(dll_suffix)\"'
]
},
'variables': {
diff --git a/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc b/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc
new file mode 100644
index 000000000..e7d6bc28b
--- /dev/null
+++ b/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc
@@ -0,0 +1,124 @@
+#include "cert.h"
+#include "certdb.h"
+#include "nspr.h"
+#include "nss.h"
+#include "pk11pub.h"
+#include "secerr.h"
+
+#include "nss_scoped_ptrs.h"
+#include "util.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+class SoftokenBuiltinsTest : public ::testing::Test {
+ protected:
+ SoftokenBuiltinsTest() : nss_db_dir_("SoftokenBuiltinsTest.d-") {}
+ SoftokenBuiltinsTest(const std::string &prefix) : nss_db_dir_(prefix) {}
+
+ virtual void SetUp() {
+ std::string nss_init_arg("sql:");
+ nss_init_arg.append(nss_db_dir_.GetUTF8Path());
+ ASSERT_EQ(SECSuccess, NSS_Initialize(nss_init_arg.c_str(), "", "",
+ SECMOD_DB, NSS_INIT_NOROOTINIT));
+ }
+
+ virtual void TearDown() {
+ ASSERT_EQ(SECSuccess, NSS_Shutdown());
+ const std::string &nss_db_dir_path = nss_db_dir_.GetPath();
+ ASSERT_EQ(0, unlink((nss_db_dir_path + "/cert9.db").c_str()));
+ ASSERT_EQ(0, unlink((nss_db_dir_path + "/key4.db").c_str()));
+ ASSERT_EQ(0, unlink((nss_db_dir_path + "/pkcs11.txt").c_str()));
+ }
+
+ virtual void LoadModule() {
+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+ ASSERT_TRUE(slot);
+ EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr));
+ SECStatus result = SECMOD_AddNewModule(
+ "Builtins-testlib", DLL_PREFIX "nssckbi-testlib." DLL_SUFFIX, 0, 0);
+ ASSERT_EQ(result, SECSuccess);
+ }
+
+ ScopedUniqueDirectory nss_db_dir_;
+};
+
+// The next tests in this class are used to test the Distrust Fields.
+// More details about these fields in lib/ckfw/builtins/README.
+TEST_F(SoftokenBuiltinsTest, CheckNoDistrustFields) {
+ const char *kCertNickname =
+ "Builtin Object Token:Distrust Fields Test - no_distrust";
+ LoadModule();
+
+ CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
+ ASSERT_TRUE(cert_handle);
+ ScopedCERTCertificate cert(
+ CERT_FindCertByNickname(cert_handle, kCertNickname));
+ ASSERT_TRUE(cert);
+
+ EXPECT_EQ(PR_FALSE,
+ PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
+ CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE));
+ EXPECT_EQ(PR_FALSE,
+ PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
+ CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE));
+ ASSERT_FALSE(cert->distrust);
+}
+
+TEST_F(SoftokenBuiltinsTest, CheckOkDistrustFields) {
+ const char *kCertNickname =
+ "Builtin Object Token:Distrust Fields Test - ok_distrust";
+ LoadModule();
+
+ CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
+ ASSERT_TRUE(cert_handle);
+ ScopedCERTCertificate cert(
+ CERT_FindCertByNickname(cert_handle, kCertNickname));
+ ASSERT_TRUE(cert);
+
+ const char *kExpectedDERValueServer = "200617000000Z";
+ const char *kExpectedDERValueEmail = "071014085320Z";
+ // When a valid timestamp is encoded, the result length is exactly 13.
+ const unsigned int kDistrustFieldSize = 13;
+
+ ASSERT_TRUE(cert->distrust);
+ ASSERT_EQ(kDistrustFieldSize, cert->distrust->serverDistrustAfter.len);
+ ASSERT_NE(nullptr, cert->distrust->serverDistrustAfter.data);
+ EXPECT_TRUE(!memcmp(kExpectedDERValueServer,
+ cert->distrust->serverDistrustAfter.data,
+ kDistrustFieldSize));
+
+ ASSERT_EQ(kDistrustFieldSize, cert->distrust->emailDistrustAfter.len);
+ ASSERT_NE(nullptr, cert->distrust->emailDistrustAfter.data);
+ EXPECT_TRUE(!memcmp(kExpectedDERValueEmail,
+ cert->distrust->emailDistrustAfter.data,
+ kDistrustFieldSize));
+}
+
+TEST_F(SoftokenBuiltinsTest, CheckInvalidDistrustFields) {
+ const char *kCertNickname =
+ "Builtin Object Token:Distrust Fields Test - err_distrust";
+ LoadModule();
+
+ CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB();
+ ASSERT_TRUE(cert_handle);
+ ScopedCERTCertificate cert(
+ CERT_FindCertByNickname(cert_handle, kCertNickname));
+ ASSERT_TRUE(cert);
+
+ // The field should never be set to TRUE in production, we are just
+ // testing if this field is readable, even if set to TRUE.
+ EXPECT_EQ(PR_TRUE,
+ PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
+ CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE));
+ // If something other than CK_BBOOL CK_TRUE, it will be considered FALSE
+ // Here, there is an OCTAL value, but with unexpected content (1 digit less).
+ EXPECT_EQ(PR_FALSE,
+ PK11_HasAttributeSet(cert->slot, cert->pkcs11ID,
+ CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE));
+ ASSERT_FALSE(cert->distrust);
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/Makefile b/security/nss/gtests/ssl_gtest/Makefile
index 95c111aeb..46f030357 100644
--- a/security/nss/gtests/ssl_gtest/Makefile
+++ b/security/nss/gtests/ssl_gtest/Makefile
@@ -36,6 +36,12 @@ CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
CFLAGS += -DNSS_DISABLE_TLS_1_3
endif
+ifdef NSS_ALLOW_SSLKEYLOGFILE
+SSLKEYLOGFILE_FILES = ssl_keylog_unittest.cc
+else
+SSLKEYLOGFILE_FILES = $(NULL)
+endif
+
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.c b/security/nss/gtests/ssl_gtest/libssl_internals.c
index e43113de4..44eee9aa8 100644
--- a/security/nss/gtests/ssl_gtest/libssl_internals.c
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.c
@@ -12,6 +12,48 @@
#include "seccomon.h"
#include "selfencrypt.h"
+SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits,
+ PRBool changeScheme) {
+ if (!fd) {
+ return SECFailure;
+ }
+ sslSocket *ss = ssl_FindSocket(fd);
+ if (!ss) {
+ return SECFailure;
+ }
+
+ // Just toggle so we'll always have a valid value.
+ if (changeScheme) {
+ ss->sec.signatureScheme = (ss->sec.signatureScheme == ssl_sig_ed25519)
+ ? ssl_sig_ecdsa_secp256r1_sha256
+ : ssl_sig_ed25519;
+ }
+ if (changeAuthKeyBits) {
+ ss->sec.authKeyBits = ss->sec.authKeyBits ? ss->sec.authKeyBits * 2 : 384;
+ }
+
+ return SECSuccess;
+}
+
+SECStatus SSLInt_GetHandshakeRandoms(PRFileDesc *fd, SSL3Random client_random,
+ SSL3Random server_random) {
+ if (!fd) {
+ return SECFailure;
+ }
+ sslSocket *ss = ssl_FindSocket(fd);
+ if (!ss) {
+ return SECFailure;
+ }
+
+ if (client_random) {
+ memcpy(client_random, ss->ssl3.hs.client_random, sizeof(SSL3Random));
+ }
+ if (server_random) {
+ memcpy(server_random, ss->ssl3.hs.server_random, sizeof(SSL3Random));
+ }
+ return SECSuccess;
+}
+
SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
sslSocket *ss = ssl_FindSocket(fd);
if (!ss) {
@@ -109,9 +151,10 @@ void SSLInt_PrintCipherSpecs(const char *label, PRFileDesc *fd) {
}
}
-/* Force a timer expiry by backdating when all active timers were started. We
- * could set the remaining time to 0 but then backoff would not work properly if
- * we decide to test it. */
+/* DTLS timers are separate from the time that the rest of the stack uses.
+ * Force a timer expiry by backdating when all active timers were started.
+ * We could set the remaining time to 0 but then backoff would not work properly
+ * if we decide to test it. */
SECStatus SSLInt_ShiftDtlsTimers(PRFileDesc *fd, PRIntervalTime shift) {
size_t i;
sslSocket *ss = ssl_FindSocket(fd);
@@ -297,42 +340,6 @@ SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group) {
return groupDef->keaType;
}
-SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
- sslCipherSpecChangedFunc func,
- void *arg) {
- sslSocket *ss;
-
- ss = ssl_FindSocket(fd);
- if (!ss) {
- return SECFailure;
- }
-
- ss->ssl3.changedCipherSpecFunc = func;
- ss->ssl3.changedCipherSpecArg = arg;
-
- return SECSuccess;
-}
-
-PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec) {
- return spec->keyMaterial.key;
-}
-
-SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec) {
- return spec->cipherDef->calg;
-}
-
-const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec) {
- return spec->keyMaterial.iv;
-}
-
-PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec) {
- return spec->epoch;
-}
-
-void SSLInt_SetTicketLifetime(uint32_t lifetime) {
- ssl_ticket_lifetime = lifetime;
-}
-
SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size) {
sslSocket *ss;
@@ -356,20 +363,14 @@ SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size) {
return SECSuccess;
}
-void SSLInt_RolloverAntiReplay(void) {
- tls13_AntiReplayRollover(ssl_TimeUsec());
-}
-
-SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch,
- PRUint16 *writeEpoch) {
+SECStatus SSLInt_HasPendingHandshakeData(PRFileDesc *fd, PRBool *pending) {
sslSocket *ss = ssl_FindSocket(fd);
- if (!ss || !readEpoch || !writeEpoch) {
+ if (!ss) {
return SECFailure;
}
- ssl_GetSpecReadLock(ss);
- *readEpoch = ss->ssl3.crSpec->epoch;
- *writeEpoch = ss->ssl3.cwSpec->epoch;
- ssl_ReleaseSpecReadLock(ss);
+ ssl_GetSSL3HandshakeLock(ss);
+ *pending = ss->ssl3.hs.msg_body.len > 0;
+ ssl_ReleaseSSL3HandshakeLock(ss);
return SECSuccess;
}
diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.h b/security/nss/gtests/ssl_gtest/libssl_internals.h
index 3efb362c2..a908c9ab1 100644
--- a/security/nss/gtests/ssl_gtest/libssl_internals.h
+++ b/security/nss/gtests/ssl_gtest/libssl_internals.h
@@ -20,7 +20,8 @@ SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
size_t rnd_len, uint8_t *msg,
size_t msg_len);
-
+SECStatus SSLInt_GetHandshakeRandoms(PRFileDesc *fd, SSL3Random client_random,
+ SSL3Random server_random);
PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
void SSLInt_ClearSelfEncryptKey();
void SSLInt_SetSelfEncryptMacKey(PK11SymKey *key);
@@ -39,18 +40,9 @@ SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to);
SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to);
SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group);
-SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch,
- PRUint16 *writeEpoch);
-
-SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
- sslCipherSpecChangedFunc func,
- void *arg);
-PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec);
-PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec);
-SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec);
-const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec);
-void SSLInt_SetTicketLifetime(uint32_t lifetime);
+SECStatus SSLInt_HasPendingHandshakeData(PRFileDesc *fd, PRBool *pending);
SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size);
-void SSLInt_RolloverAntiReplay(void);
+SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits,
+ PRBool changeScheme);
#endif // ndef libssl_internals_h_
diff --git a/security/nss/gtests/ssl_gtest/manifest.mn b/security/nss/gtests/ssl_gtest/manifest.mn
index 7f4ee7953..ed1128f7c 100644
--- a/security/nss/gtests/ssl_gtest/manifest.mn
+++ b/security/nss/gtests/ssl_gtest/manifest.mn
@@ -17,9 +17,11 @@ CPPSRCS = \
ssl_agent_unittest.cc \
ssl_auth_unittest.cc \
ssl_cert_ext_unittest.cc \
+ ssl_cipherorder_unittest.cc \
ssl_ciphersuite_unittest.cc \
ssl_custext_unittest.cc \
ssl_damage_unittest.cc \
+ ssl_debug_env_unittest.cc \
ssl_dhe_unittest.cc \
ssl_drop_unittest.cc \
ssl_ecdh_unittest.cc \
@@ -31,11 +33,12 @@ CPPSRCS = \
ssl_gather_unittest.cc \
ssl_gtest.cc \
ssl_hrr_unittest.cc \
- ssl_keylog_unittest.cc \
ssl_keyupdate_unittest.cc \
ssl_loopback_unittest.cc \
ssl_misc_unittest.cc \
+ ssl_primitive_unittest.cc \
ssl_record_unittest.cc \
+ ssl_recordsep_unittest.cc \
ssl_recordsize_unittest.cc \
ssl_resumption_unittest.cc \
ssl_renegotiation_unittest.cc \
@@ -52,7 +55,9 @@ CPPSRCS = \
tls_hkdf_unittest.cc \
tls_filter.cc \
tls_protect.cc \
+ tls_subcerts_unittest.cc \
tls_esni_unittest.cc \
+ $(SSLKEYLOGFILE_FILES) \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
diff --git a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
index 07eadfbd1..928515067 100644
--- a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -45,11 +45,40 @@ TEST_P(TlsConnectTls13, ZeroRttServerRejectByOption) {
SendReceive();
}
+TEST_P(TlsConnectTls13, ZeroRttApplicationReject) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+
+ auto reject_0rtt = [](PRBool firstHello, const PRUint8* clientToken,
+ unsigned int clientTokenLen, PRUint8* appToken,
+ unsigned int* appTokenLen, unsigned int appTokenMax,
+ void* arg) {
+ auto* called = reinterpret_cast<bool*>(arg);
+ *called = true;
+
+ EXPECT_TRUE(firstHello);
+ EXPECT_EQ(0U, clientTokenLen);
+ return ssl_hello_retry_reject_0rtt;
+ };
+
+ bool cb_run = false;
+ EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(),
+ reject_0rtt, &cb_run));
+ ZeroRttSendReceive(true, false);
+ Handshake();
+ EXPECT_TRUE(cb_run);
+ CheckConnected();
+ SendReceive();
+}
+
TEST_P(TlsConnectTls13, ZeroRttApparentReplayAfterRestart) {
- // The test fixtures call SSL_SetupAntiReplay() in SetUp(). This results in
- // 0-RTT being rejected until at least one window passes. SetupFor0Rtt()
- // forces a rollover of the anti-replay filters, which clears this state.
- // Here, we do the setup manually here without that forced rollover.
+ // The test fixtures enable anti-replay in SetUp(). This results in 0-RTT
+ // being rejected until at least one window passes. SetupFor0Rtt() forces a
+ // rollover of the anti-replay filters, which clears that state and allows
+ // 0-RTT to work. Make the first connection manually to avoid that rollover
+ // and cause 0-RTT to be rejected.
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
@@ -106,7 +135,7 @@ class TlsZeroRttReplayTest : public TlsConnectTls13 {
SendReceive();
if (rollover) {
- SSLInt_RolloverAntiReplay();
+ RolloverAntiReplay();
}
// Now replay that packet against the server.
@@ -184,20 +213,21 @@ TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
CheckKeys();
}
-// A small sleep after sending the ClientHello means that the ticket age that
-// arrives at the server is too low. With a small tolerance for variation in
-// ticket age (which is determined by the |window| parameter that is passed to
-// SSL_SetupAntiReplay()), the server then rejects early data.
+// Advancing time after sending the ClientHello means that the ticket age that
+// arrives at the server is too low. The server then rejects early data if this
+// delay exceeds half the anti-replay window.
TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) {
+ static const PRTime kWindow = 10 * PR_USEC_PER_SEC;
+ ResetAntiReplay(kWindow);
SetupForZeroRtt();
+
+ Reset();
+ StartConnect();
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
- EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3));
- SSLInt_RolloverAntiReplay(); // Make sure to flush replay state.
- SSLInt_RolloverAntiReplay();
ExpectResumption(RESUME_TICKET);
- ZeroRttSendReceive(true, false, []() {
- PR_Sleep(PR_MillisecondsToInterval(10));
+ ZeroRttSendReceive(true, false, [this]() {
+ AdvanceTime(1 + kWindow / 2);
return true;
});
Handshake();
@@ -212,13 +242,15 @@ TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) {
// small tolerance for variation in ticket age and the ticket will appear to
// arrive prematurely, causing the server to reject early data.
TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) {
+ static const PRTime kWindow = 10 * PR_USEC_PER_SEC;
+ ResetAntiReplay(kWindow);
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
server_->Set0RttEnabled(true);
StartConnect();
client_->Handshake(); // ClientHello
server_->Handshake(); // ServerHello
- PR_Sleep(PR_MillisecondsToInterval(10));
+ AdvanceTime(1 + kWindow / 2);
Handshake(); // Remainder of handshake
CheckConnected();
SendReceive();
@@ -227,9 +259,6 @@ TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) {
Reset();
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
- EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3));
- SSLInt_RolloverAntiReplay(); // Make sure to flush replay state.
- SSLInt_RolloverAntiReplay();
ExpectResumption(RESUME_TICKET);
ExpectEarlyDataAccepted(false);
StartConnect();
@@ -649,6 +678,351 @@ TEST_P(TlsConnectTls13, ZeroRttOrdering) {
EXPECT_EQ(2U, step);
}
+// Early data remains available after the handshake completes for TLS.
+TEST_F(TlsConnectStreamTls13, ZeroRttLateReadTls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data.
+ const uint8_t data[] = {1, 2, 3, 4, 5, 6, 7, 8};
+ PRInt32 rv = PR_Write(client_->ssl_fd(), data, sizeof(data));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), rv);
+
+ // Consume the ClientHello and generate ServerHello..Finished.
+ server_->Handshake();
+
+ // Read some of the data.
+ std::vector<uint8_t> small_buffer(1 + sizeof(data) / 2);
+ rv = PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size());
+ EXPECT_EQ(static_cast<PRInt32>(small_buffer.size()), rv);
+ EXPECT_EQ(0, memcmp(data, small_buffer.data(), small_buffer.size()));
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+
+ // After the handshake, it should be possible to read the remainder.
+ uint8_t big_buf[100];
+ rv = PR_Read(server_->ssl_fd(), big_buf, sizeof(big_buf));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - small_buffer.size()), rv);
+ EXPECT_EQ(0, memcmp(&data[small_buffer.size()], big_buf,
+ sizeof(data) - small_buffer.size()));
+
+ // And that's all there is to read.
+ rv = PR_Read(server_->ssl_fd(), big_buf, sizeof(big_buf));
+ EXPECT_GT(0, rv);
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+// Early data that arrives before the handshake can be read after the handshake
+// is complete.
+TEST_F(TlsConnectDatagram13, ZeroRttLateReadDtls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data.
+ const uint8_t data[] = {1, 2, 3};
+ PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written);
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+
+ // Reading at the server should return the early data, which was buffered.
+ uint8_t buf[sizeof(data) + 1] = {0};
+ PRInt32 read = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read);
+ EXPECT_EQ(0, memcmp(data, buf, sizeof(data)));
+}
+
+class PacketHolder : public PacketFilter {
+ public:
+ PacketHolder() = default;
+
+ virtual Action Filter(const DataBuffer& input, DataBuffer* output) {
+ packet_ = input;
+ Disable();
+ return DROP;
+ }
+
+ const DataBuffer& packet() const { return packet_; }
+
+ private:
+ DataBuffer packet_;
+};
+
+// Early data that arrives late is discarded for DTLS.
+TEST_F(TlsConnectDatagram13, ZeroRttLateArrivalDtls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data. Twice, so that we can read bits of it.
+ const uint8_t data[] = {1, 2, 3};
+ PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written);
+
+ // Block and capture the next packet.
+ auto holder = std::make_shared<PacketHolder>();
+ client_->SetFilter(holder);
+ written = PR_Write(client_->ssl_fd(), data, sizeof(data));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written);
+ EXPECT_FALSE(holder->enabled()) << "the filter should disable itself";
+
+ // Consume the ClientHello and generate ServerHello..Finished.
+ server_->Handshake();
+
+ // Read some of the data.
+ std::vector<uint8_t> small_buffer(sizeof(data));
+ PRInt32 read =
+ PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size());
+
+ EXPECT_EQ(static_cast<PRInt32>(small_buffer.size()), read);
+ EXPECT_EQ(0, memcmp(data, small_buffer.data(), small_buffer.size()));
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+
+ server_->SendDirect(holder->packet());
+
+ // Reading now should return nothing, even though a valid packet was
+ // delivered.
+ read = PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size());
+ EXPECT_GT(0, read);
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+// Early data reads in TLS should be coalesced.
+TEST_F(TlsConnectStreamTls13, ZeroRttCoalesceReadTls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data. In two writes.
+ const uint8_t data[] = {1, 2, 3, 4, 5, 6};
+ PRInt32 written = PR_Write(client_->ssl_fd(), data, 1);
+ EXPECT_EQ(1, written);
+
+ written = PR_Write(client_->ssl_fd(), data + 1, sizeof(data) - 1);
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), written);
+
+ // Consume the ClientHello and generate ServerHello..Finished.
+ server_->Handshake();
+
+ // Read all of the data.
+ std::vector<uint8_t> buffer(sizeof(data));
+ PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size());
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read);
+ EXPECT_EQ(0, memcmp(data, buffer.data(), sizeof(data)));
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+}
+
+// Early data reads in DTLS should not be coalesced.
+TEST_F(TlsConnectDatagram13, ZeroRttNoCoalesceReadDtls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data. In two writes.
+ const uint8_t data[] = {1, 2, 3, 4, 5, 6};
+ PRInt32 written = PR_Write(client_->ssl_fd(), data, 1);
+ EXPECT_EQ(1, written);
+
+ written = PR_Write(client_->ssl_fd(), data + 1, sizeof(data) - 1);
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), written);
+
+ // Consume the ClientHello and generate ServerHello..Finished.
+ server_->Handshake();
+
+ // Try to read all of the data.
+ std::vector<uint8_t> buffer(sizeof(data));
+ PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size());
+ EXPECT_EQ(1, read);
+ EXPECT_EQ(0, memcmp(data, buffer.data(), 1));
+
+ // Read the remainder.
+ read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size());
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), read);
+ EXPECT_EQ(0, memcmp(data + 1, buffer.data(), sizeof(data) - 1));
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+}
+
+// Early data reads in DTLS should fail if the buffer is too small.
+TEST_F(TlsConnectDatagram13, ZeroRttShortReadDtls) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ client_->Handshake(); // ClientHello
+
+ // Write some early data. In two writes.
+ const uint8_t data[] = {1, 2, 3, 4, 5, 6};
+ PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data));
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written);
+
+ // Consume the ClientHello and generate ServerHello..Finished.
+ server_->Handshake();
+
+ // Try to read all of the data into a small buffer.
+ std::vector<uint8_t> buffer(sizeof(data));
+ PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), 1);
+ EXPECT_GT(0, read);
+ EXPECT_EQ(SSL_ERROR_RX_SHORT_DTLS_READ, PORT_GetError());
+
+ // Read again with more space.
+ read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size());
+ EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read);
+ EXPECT_EQ(0, memcmp(data, buffer.data(), sizeof(data)));
+
+ Handshake(); // Complete the handshake.
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+}
+
+// There are few ways in which TLS uses the clock and most of those operate on
+// timescales that would be ridiculous to wait for in a test. This is the one
+// test we have that uses the real clock. It tests that time passes by checking
+// that a small sleep results in rejection of early data. 0-RTT has a
+// configurable timer, which makes it ideal for this.
+TEST_F(TlsConnectStreamTls13, TimePassesByDefault) {
+ // Calling EnsureTlsSetup() replaces the time function on client and server,
+ // and sets up anti-replay, which we don't want, so initialize each directly.
+ client_->EnsureTlsSetup();
+ server_->EnsureTlsSetup();
+ // StartConnect() calls EnsureTlsSetup(), so avoid that too.
+ client_->StartConnect();
+ server_->StartConnect();
+
+ // Set a tiny anti-replay window. This has to be at least 2 milliseconds to
+ // have any chance of being relevant as that is the smallest window that we
+ // can detect. Anything smaller rounds to zero.
+ static const unsigned int kTinyWindowMs = 5;
+ ResetAntiReplay(static_cast<PRTime>(kTinyWindowMs * PR_USEC_PER_MSEC));
+ server_->SetAntiReplayContext(anti_replay_);
+
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ server_->Set0RttEnabled(true);
+ Handshake();
+ CheckConnected();
+ SendReceive(); // Absorb a session ticket.
+ CheckKeys();
+
+ // Clear the first window.
+ PR_Sleep(PR_MillisecondsToInterval(kTinyWindowMs));
+
+ Reset();
+ client_->EnsureTlsSetup();
+ server_->EnsureTlsSetup();
+ client_->StartConnect();
+ server_->StartConnect();
+
+ // Early data is rejected by the server only if time passes for it as well.
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ ZeroRttSendReceive(true, false, []() {
+ // Sleep long enough that we minimize the risk of our RTT estimation being
+ // duped by stutters in test execution. This is very long to allow for
+ // flaky and low-end hardware, especially what our CI runs on.
+ PR_Sleep(PR_MillisecondsToInterval(1000));
+ return true;
+ });
+ Handshake();
+ ExpectEarlyDataAccepted(false);
+ CheckConnected();
+}
+
+// Test that SSL_CreateAntiReplayContext doesn't pass bad inputs.
+TEST_F(TlsConnectStreamTls13, BadAntiReplayArgs) {
+ SSLAntiReplayContext* p;
+ // Zero or negative window.
+ EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, -1, 1, 1, &p));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 0, 1, 1, &p));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ // Zero k.
+ EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 0, 1, &p));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ // Zero bits.
+ EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 0, &p));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 1, nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Prove that these parameters do work, even if they are useless..
+ EXPECT_EQ(SECSuccess, SSL_CreateAntiReplayContext(0, 1, 1, 1, &p));
+ ASSERT_NE(nullptr, p);
+ ScopedSSLAntiReplayContext ctx(p);
+
+ // The socket isn't a client or server until later, so configuring a client
+ // should work OK.
+ client_->EnsureTlsSetup();
+ EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), ctx.get()));
+ EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), nullptr));
+}
+
+// See also TlsConnectGenericResumption.ResumeServerIncompatibleCipher
+TEST_P(TlsConnectTls13, ZeroRttDifferentCompatibleCipher) {
+ EnsureTlsSetup();
+ server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ // Change the ciphersuite. Resumption is OK because the hash is the same, but
+ // early data will be rejected.
+ server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256);
+ ExpectResumption(RESUME_TICKET);
+
+ StartConnect();
+ ZeroRttSendReceive(true, false);
+
+ Handshake();
+ ExpectEarlyDataAccepted(false);
+ CheckConnected();
+ SendReceive();
+}
+
+// See also TlsConnectGenericResumption.ResumeServerIncompatibleCipher
+TEST_P(TlsConnectTls13, ZeroRttDifferentIncompatibleCipher) {
+ EnsureTlsSetup();
+ server_->EnableSingleCipher(TLS_AES_256_GCM_SHA384);
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ // Resumption is rejected because the hash is different.
+ server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256);
+ ExpectResumption(RESUME_NONE);
+
+ StartConnect();
+ ZeroRttSendReceive(true, false);
+
+ Handshake();
+ ExpectEarlyDataAccepted(false);
+ CheckConnected();
+ SendReceive();
+}
+
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_TEST_CASE_P(Tls13ZeroRttReplayTest, TlsZeroRttReplayTest,
TlsConnectTestBase::kTlsVariantsAll);
diff --git a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
index 3a52ac20c..c1a810d04 100644
--- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -176,14 +176,434 @@ TEST_P(TlsConnectGeneric, ClientAuth) {
CheckKeys();
}
-// In TLS 1.3, the client sends its cert rejection on the
-// second flight, and since it has already received the
-// server's Finished, it transitions to complete and
-// then gets an alert from the server. The test harness
-// doesn't handle this right yet.
-TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) {
+class TlsCertificateRequestContextRecorder : public TlsHandshakeFilter {
+ public:
+ TlsCertificateRequestContextRecorder(const std::shared_ptr<TlsAgent>& a,
+ uint8_t handshake_type)
+ : TlsHandshakeFilter(a, {handshake_type}), buffer_(), filtered_(false) {
+ EnableDecryption();
+ }
+
+ bool filtered() const { return filtered_; }
+ const DataBuffer& buffer() const { return buffer_; }
+
+ protected:
+ virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+ const DataBuffer& input,
+ DataBuffer* output) {
+ assert(1 < input.len());
+ size_t len = input.data()[0];
+ assert(len + 1 < input.len());
+ buffer_.Assign(input.data() + 1, len);
+ filtered_ = true;
+ return KEEP;
+ }
+
+ private:
+ DataBuffer buffer_;
+ bool filtered_;
+};
+
+// All stream only tests; DTLS isn't supported yet.
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuth) {
+ EnsureTlsSetup();
+ auto capture_cert_req = MakeTlsFilter<TlsCertificateRequestContextRecorder>(
+ server_, kTlsHandshakeCertificateRequest);
+ auto capture_certificate =
+ MakeTlsFilter<TlsCertificateRequestContextRecorder>(
+ client_, kTlsHandshakeCertificate);
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(0U, called);
+ EXPECT_FALSE(capture_cert_req->filtered());
+ EXPECT_FALSE(capture_certificate->filtered());
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ // Need to do a round-trip so that the post-handshake message is
+ // handled on both client and server.
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(1U, called);
+ EXPECT_TRUE(capture_cert_req->filtered());
+ EXPECT_TRUE(capture_certificate->filtered());
+ // Check if a non-empty request context is generated and it is
+ // properly sent back.
+ EXPECT_LT(0U, capture_cert_req->buffer().len());
+ EXPECT_EQ(capture_cert_req->buffer().len(),
+ capture_certificate->buffer().len());
+ EXPECT_EQ(0, memcmp(capture_cert_req->buffer().data(),
+ capture_certificate->buffer().data(),
+ capture_cert_req->buffer().len()));
+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+ CERTDistNames* caNames,
+ CERTCertificate** clientCert,
+ SECKEYPrivateKey** clientKey) {
+ ScopedCERTCertificate cert;
+ ScopedSECKEYPrivateKey priv;
+ // use a different certificate than TlsAgent::kClient
+ if (!TlsAgent::LoadCertificate(TlsAgent::kRsa2048, &cert, &priv)) {
+ return SECFailure;
+ }
+
+ *clientCert = cert.release();
+ *clientKey = priv.release();
+ return SECSuccess;
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthMultiple) {
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(0U, called);
+ EXPECT_EQ(nullptr, SSL_PeerCertificate(server_->ssl_fd()));
+ // Send 1st CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(1U, called);
+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+ // Send 2nd CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
+ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(2U, called);
+ ScopedCERTCertificate cert3(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert3.get());
+ ScopedCERTCertificate cert4(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert4.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert4->derCert));
+ EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert1->derCert));
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthConcurrent) {
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ Connect();
+ // Send 1st CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ // Send 2nd CertificateRequest.
+ EXPECT_EQ(SECFailure, SSL_SendCertificateRequest(server_->ssl_fd()));
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthBeforeKeyUpdate) {
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ Connect();
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ // Send KeyUpdate.
+ EXPECT_EQ(SECFailure, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE));
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthDuringClientKeyUpdate) {
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ Connect();
+ CheckEpochs(3, 3);
+ // Send CertificateRequest from server.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ // Send KeyUpdate from client.
+ EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE));
+ server_->SendData(50); // server sends CertificateRequest
+ client_->SendData(50); // client sends KeyUpdate
+ server_->ReadBytes(50); // server receives KeyUpdate and defers response
+ CheckEpochs(4, 3);
+ client_->ReadBytes(50); // client receives CertificateRequest
+ client_->SendData(
+ 50); // client sends Certificate, CertificateVerify, Finished
+ server_->ReadBytes(
+ 50); // server receives Certificate, CertificateVerify, Finished
+ client_->CheckEpochs(3, 4);
+ server_->CheckEpochs(4, 4);
+ server_->SendData(50); // server sends KeyUpdate
+ client_->ReadBytes(50); // client receives KeyUpdate
+ client_->CheckEpochs(4, 4);
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthMissingExtension) {
+ client_->SetupClientAuth();
+ Connect();
+ // Send CertificateRequest, should fail due to missing
+ // post_handshake_auth extension.
+ EXPECT_EQ(SECFailure, SSL_SendCertificateRequest(server_->ssl_fd()));
+ EXPECT_EQ(SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION, PORT_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthAfterClientAuth) {
+ client_->SetupClientAuth();
server_->RequestClientAuth(true);
- ConnectExpectFail();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(1U, called);
+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
+ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(2U, called);
+ ScopedCERTCertificate cert3(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert3.get());
+ ScopedCERTCertificate cert4(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert4.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert4->derCert));
+ EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert1->derCert));
+}
+
+// Damages the request context in a CertificateRequest message.
+// We don't modify a Certificate message instead, so that the client
+// can compute CertificateVerify correctly.
+class TlsDamageCertificateRequestContextFilter : public TlsHandshakeFilter {
+ public:
+ TlsDamageCertificateRequestContextFilter(const std::shared_ptr<TlsAgent>& a)
+ : TlsHandshakeFilter(a, {kTlsHandshakeCertificateRequest}) {
+ EnableDecryption();
+ }
+
+ protected:
+ virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+ const DataBuffer& input,
+ DataBuffer* output) {
+ *output = input;
+ assert(1 < output->len());
+ // The request context has a 1 octet length.
+ output->data()[1] ^= 73;
+ return CHANGE;
+ }
+};
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthContextMismatch) {
+ EnsureTlsSetup();
+ MakeTlsFilter<TlsDamageCertificateRequestContextFilter>(server_);
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ Connect();
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ExpectSendAlert(kTlsAlertIllegalParameter);
+ server_->ReadBytes(50);
+ EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CERTIFICATE, PORT_GetError());
+ server_->ExpectReadWriteError();
+ server_->SendData(50);
+ client_->ExpectReceiveAlert(kTlsAlertIllegalParameter);
+ client_->ReadBytes(50);
+ EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, PORT_GetError());
+}
+
+// Replaces signature in a CertificateVerify message.
+class TlsDamageSignatureFilter : public TlsHandshakeFilter {
+ public:
+ TlsDamageSignatureFilter(const std::shared_ptr<TlsAgent>& a)
+ : TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}) {
+ EnableDecryption();
+ }
+
+ protected:
+ virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+ const DataBuffer& input,
+ DataBuffer* output) {
+ *output = input;
+ assert(2 < output->len());
+ // The signature follows a 2-octet signature scheme.
+ output->data()[2] ^= 73;
+ return CHANGE;
+ }
+};
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthBadSignature) {
+ EnsureTlsSetup();
+ MakeTlsFilter<TlsDamageSignatureFilter>(client_);
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ Connect();
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ExpectSendAlert(kTlsAlertDecodeError);
+ server_->ReadBytes(50);
+ EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, PORT_GetError());
+}
+
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthDecline) {
+ EnsureTlsSetup();
+ auto capture_cert_req = MakeTlsFilter<TlsCertificateRequestContextRecorder>(
+ server_, kTlsHandshakeCertificateRequest);
+ auto capture_certificate =
+ MakeTlsFilter<TlsCertificateRequestContextRecorder>(
+ client_, kTlsHandshakeCertificate);
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ EXPECT_EQ(SECSuccess,
+ SSL_OptionSet(server_->ssl_fd(), SSL_REQUIRE_CERTIFICATE,
+ SSL_REQUIRE_ALWAYS));
+ // Client to decline the certificate request.
+ EXPECT_EQ(SECSuccess,
+ SSL_GetClientAuthDataHook(
+ client_->ssl_fd(),
+ [](void*, PRFileDesc*, CERTDistNames*, CERTCertificate**,
+ SECKEYPrivateKey**) -> SECStatus { return SECFailure; },
+ nullptr));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(0U, called);
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50); // send Certificate Request
+ client_->ReadBytes(50); // read Certificate Request
+ client_->SendData(50); // send empty Certificate+Finished
+ server_->ExpectSendAlert(kTlsAlertCertificateRequired);
+ server_->ReadBytes(50); // read empty Certificate+Finished
+ server_->ExpectReadWriteError();
+ server_->SendData(50); // send alert
+ // AuthCertificateCallback is not called, because the client sends
+ // an empty certificate_list.
+ EXPECT_EQ(0U, called);
+ EXPECT_TRUE(capture_cert_req->filtered());
+ EXPECT_TRUE(capture_certificate->filtered());
+ // Check if a non-empty request context is generated and it is
+ // properly sent back.
+ EXPECT_LT(0U, capture_cert_req->buffer().len());
+ EXPECT_EQ(capture_cert_req->buffer().len(),
+ capture_certificate->buffer().len());
+ EXPECT_EQ(0, memcmp(capture_cert_req->buffer().data(),
+ capture_certificate->buffer().data(),
+ capture_cert_req->buffer().len()));
+}
+
+// Check if post-handshake auth still works when session tickets are enabled:
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
+ EnsureTlsSetup();
+ client_->SetupClientAuth();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
+ size_t called = 0;
+ server_->SetAuthCertificateCallback(
+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
+ called++;
+ return SECSuccess;
+ });
+ Connect();
+ EXPECT_EQ(0U, called);
+ // Send CertificateRequest.
+ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
+ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
+ server_->SendData(50);
+ client_->ReadBytes(50);
+ client_->SendData(50);
+ server_->ReadBytes(50);
+ EXPECT_EQ(1U, called);
+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+TEST_P(TlsConnectGenericPre13, ClientAuthRequiredRejected) {
+ server_->RequestClientAuth(true);
+ ConnectExpectAlert(server_, kTlsAlertBadCertificate);
+ client_->CheckErrorCode(SSL_ERROR_BAD_CERT_ALERT);
+ server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE);
+}
+
+// In TLS 1.3, the client will claim that the connection is done and then
+// receive the alert afterwards. So drive the handshake manually.
+TEST_P(TlsConnectTls13, ClientAuthRequiredRejected) {
+ server_->RequestClientAuth(true);
+ StartConnect();
+ client_->Handshake(); // CH
+ server_->Handshake(); // SH.. (no resumption)
+ client_->Handshake(); // Next message
+ ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+ ExpectAlert(server_, kTlsAlertCertificateRequired);
+ server_->Handshake(); // Alert
+ server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE);
+ client_->Handshake(); // Receive Alert
+ client_->CheckErrorCode(SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT);
}
TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) {
@@ -219,7 +639,9 @@ static void CheckSigScheme(std::shared_ptr<TlsHandshakeRecorder>& capture,
EXPECT_EQ(expected_scheme, static_cast<uint16_t>(scheme));
ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd()));
+ ASSERT_NE(nullptr, remote_cert.get());
ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get()));
+ ASSERT_NE(nullptr, remote_key.get());
EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get()));
}
@@ -273,9 +695,7 @@ class TlsReplaceSignatureSchemeFilter : public TlsHandshakeFilter {
TlsReplaceSignatureSchemeFilter(const std::shared_ptr<TlsAgent>& a,
SSLSignatureScheme scheme)
: TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}),
- scheme_(scheme) {
- EnableDecryption();
- }
+ scheme_(scheme) {}
protected:
virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
@@ -342,6 +762,59 @@ TEST_P(TlsConnectTls12, ClientAuthInconsistentPssSignatureScheme) {
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
}
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
+ static const SSLSignatureScheme kSignatureScheme[] = {
+ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
+
+ Reset(TlsAgent::kServerRsa, "rsa");
+ client_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ server_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+
+ auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>(
+ client_, kTlsHandshakeCertificateVerify);
+ capture_cert_verify->EnableDecryption();
+
+ Connect();
+ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
+ 1024);
+}
+
+// Client should refuse to connect without a usable signature scheme.
+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
+ static const SSLSignatureScheme kSignatureScheme[] = {
+ ssl_sig_rsa_pkcs1_sha256};
+
+ Reset(TlsAgent::kServerRsa, "rsa");
+ client_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ client_->SetupClientAuth();
+ client_->StartConnect();
+ client_->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+ client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+// Though the client has a usable signature scheme, when a certificate is
+// requested, it can't produce one.
+TEST_P(TlsConnectTls13, ClientAuthPkcs1AndEcdsaScheme) {
+ static const SSLSignatureScheme kSignatureScheme[] = {
+ ssl_sig_rsa_pkcs1_sha256, ssl_sig_ecdsa_secp256r1_sha256};
+
+ Reset(TlsAgent::kServerRsa, "rsa");
+ client_->SetSignatureSchemes(kSignatureScheme,
+ PR_ARRAY_SIZE(kSignatureScheme));
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
public:
TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
@@ -552,7 +1025,9 @@ TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) {
TEST_P(TlsConnectTls13, UnsupportedSignatureSchemeAlert) {
EnsureTlsSetup();
- MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(server_, ssl_sig_none);
+ auto filter =
+ MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(server_, ssl_sig_none);
+ filter->EnableDecryption();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
@@ -563,15 +1038,16 @@ TEST_P(TlsConnectTls13, InconsistentSignatureSchemeAlert) {
EnsureTlsSetup();
// This won't work because we use an RSA cert by default.
- MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(
+ auto filter = MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(
server_, ssl_sig_ecdsa_secp256r1_sha256);
+ filter->EnableDecryption();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
}
-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
+TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
server_->RequestClientAuth(false);
@@ -888,11 +1364,11 @@ TEST_P(TlsConnectGeneric, AuthFailImmediate) {
}
static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = {
- ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr};
+ ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr, nullptr, nullptr};
static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = {
- ssl_auth_rsa_sign, nullptr, nullptr, nullptr};
+ ssl_auth_rsa_sign, nullptr, nullptr, nullptr, nullptr, nullptr};
static const SSLExtraServerCertData ServerCertDataRsaPss = {
- ssl_auth_rsa_pss, nullptr, nullptr, nullptr};
+ ssl_auth_rsa_pss, nullptr, nullptr, nullptr, nullptr, nullptr};
// Test RSA cert with usage=[signature, encipherment].
TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) {
@@ -972,6 +1448,109 @@ TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
&ServerCertDataRsaPss));
}
+// A server should refuse to even start a handshake with
+// misconfigured certificate and signature scheme.
+TEST_P(TlsConnectTls12Plus, MisconfiguredCertScheme) {
+ Reset(TlsAgent::kServerDsa);
+ static const SSLSignatureScheme kScheme[] = {ssl_sig_ecdsa_secp256r1_sha256};
+ server_->SetSignatureSchemes(kScheme, PR_ARRAY_SIZE(kScheme));
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
+ // TLS 1.2 disables cipher suites, which leads to a different error.
+ server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+ } else {
+ server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+ }
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// In TLS 1.2, disabling an EC group causes ECDSA to be invalid.
+TEST_P(TlsConnectTls12, Tls12CertDisabledGroup) {
+ Reset(TlsAgent::kServerEcdsa256);
+ static const std::vector<SSLNamedGroup> k25519 = {ssl_grp_ec_curve25519};
+ server_->ConfigNamedGroups(k25519);
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// In TLS 1.3, ECDSA configuration only depends on the signature scheme.
+TEST_P(TlsConnectTls13, Tls13CertDisabledGroup) {
+ Reset(TlsAgent::kServerEcdsa256);
+ static const std::vector<SSLNamedGroup> k25519 = {ssl_grp_ec_curve25519};
+ server_->ConfigNamedGroups(k25519);
+ Connect();
+}
+
+// A client should refuse to even start a handshake with only DSA.
+TEST_P(TlsConnectTls13, Tls13DsaOnlyClient) {
+ static const SSLSignatureScheme kDsa[] = {ssl_sig_dsa_sha256};
+ client_->SetSignatureSchemes(kDsa, PR_ARRAY_SIZE(kDsa));
+ client_->StartConnect();
+ client_->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+ client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+TEST_P(TlsConnectTls13, Tls13DsaOnlyServer) {
+ Reset(TlsAgent::kServerDsa);
+ static const SSLSignatureScheme kDsa[] = {ssl_sig_dsa_sha256};
+ server_->SetSignatureSchemes(kDsa, PR_ARRAY_SIZE(kDsa));
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, Tls13Pkcs1OnlyClient) {
+ static const SSLSignatureScheme kPkcs1[] = {ssl_sig_rsa_pkcs1_sha256};
+ client_->SetSignatureSchemes(kPkcs1, PR_ARRAY_SIZE(kPkcs1));
+ client_->StartConnect();
+ client_->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+ client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+TEST_P(TlsConnectTls13, Tls13Pkcs1OnlyServer) {
+ static const SSLSignatureScheme kPkcs1[] = {ssl_sig_rsa_pkcs1_sha256};
+ server_->SetSignatureSchemes(kPkcs1, PR_ARRAY_SIZE(kPkcs1));
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, Tls13DsaIsNotAdvertisedClient) {
+ EnsureTlsSetup();
+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_dsa_sha256,
+ ssl_sig_rsa_pss_rsae_sha256};
+ client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+ auto capture =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn);
+ Connect();
+ // We should only have the one signature algorithm advertised.
+ static const uint8_t kExpectedExt[] = {0, 2, ssl_sig_rsa_pss_rsae_sha256 >> 8,
+ ssl_sig_rsa_pss_rsae_sha256 & 0xff};
+ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)),
+ capture->extension());
+}
+
+TEST_P(TlsConnectTls13, Tls13DsaIsNotAdvertisedServer) {
+ EnsureTlsSetup();
+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_dsa_sha256,
+ ssl_sig_rsa_pss_rsae_sha256};
+ server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+ auto capture = MakeTlsFilter<TlsExtensionCapture>(
+ server_, ssl_signature_algorithms_xtn, true);
+ capture->SetHandshakeTypes({kTlsHandshakeCertificateRequest});
+ capture->EnableDecryption();
+ server_->RequestClientAuth(false); // So we get a CertificateRequest.
+ Connect();
+ // We should only have the one signature algorithm advertised.
+ static const uint8_t kExpectedExt[] = {0, 2, ssl_sig_rsa_pss_rsae_sha256 >> 8,
+ ssl_sig_rsa_pss_rsae_sha256 & 0xff};
+ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)),
+ capture->extension());
+}
+
// variant, version, certificate, auth type, signature scheme
typedef std::tuple<SSLProtocolVariant, uint16_t, std::string, SSLAuthType,
SSLSignatureScheme>
@@ -1033,12 +1612,21 @@ TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) {
INSTANTIATE_TEST_CASE_P(
SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
::testing::Combine(
- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
+ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
::testing::Values(TlsAgent::kServerRsaSign),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
ssl_sig_rsa_pss_rsae_sha384)));
+// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
+INSTANTIATE_TEST_CASE_P(
+ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
+ TlsConnectTestBase::kTlsV13,
+ ::testing::Values(TlsAgent::kServerRsaSign),
+ ::testing::Values(ssl_auth_rsa_sign),
+ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_rsae_sha384)));
// PSS with SHA-512 needs a bigger key to work.
INSTANTIATE_TEST_CASE_P(
SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
diff --git a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
index 573c69c75..26e5fb502 100644
--- a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -43,10 +43,10 @@ class SignedCertificateTimestampsExtractor {
}
void assertTimestamps(const DataBuffer& timestamps) {
- EXPECT_TRUE(auth_timestamps_);
+ ASSERT_NE(nullptr, auth_timestamps_);
EXPECT_EQ(timestamps, *auth_timestamps_);
- EXPECT_TRUE(handshake_timestamps_);
+ ASSERT_NE(nullptr, handshake_timestamps_);
EXPECT_EQ(timestamps, *handshake_timestamps_);
const SECItem* current =
@@ -64,8 +64,8 @@ static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89};
static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue),
sizeof(kSctValue)};
static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue));
-static const SSLExtraServerCertData kExtraSctData = {ssl_auth_null, nullptr,
- nullptr, &kSctItem};
+static const SSLExtraServerCertData kExtraSctData = {
+ ssl_auth_null, nullptr, nullptr, &kSctItem, nullptr, nullptr};
// Test timestamps extraction during a successful handshake.
TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsLegacy) {
@@ -147,8 +147,8 @@ static const SECItem kOcspItems[] = {
{siBuffer, const_cast<uint8_t*>(kOcspValue2), sizeof(kOcspValue2)}};
static const SECItemArray kOcspResponses = {const_cast<SECItem*>(kOcspItems),
PR_ARRAY_SIZE(kOcspItems)};
-const static SSLExtraServerCertData kOcspExtraData = {ssl_auth_null, nullptr,
- &kOcspResponses, nullptr};
+const static SSLExtraServerCertData kOcspExtraData = {
+ ssl_auth_null, nullptr, &kOcspResponses, nullptr, nullptr, nullptr};
TEST_P(TlsConnectGeneric, NoOcsp) {
EnsureTlsSetup();
@@ -224,7 +224,7 @@ TEST_P(TlsConnectGeneric, OcspHugeSuccess) {
const SECItemArray hugeOcspResponses = {const_cast<SECItem*>(hugeOcspItems),
PR_ARRAY_SIZE(hugeOcspItems)};
const SSLExtraServerCertData hugeOcspExtraData = {
- ssl_auth_null, nullptr, &hugeOcspResponses, nullptr};
+ ssl_auth_null, nullptr, &hugeOcspResponses, nullptr, nullptr, nullptr};
// The value should be available during the AuthCertificateCallback
client_->SetAuthCertificateCallback([&](TlsAgent* agent, bool checksig,
diff --git a/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc
new file mode 100644
index 000000000..1e4f817e9
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc
@@ -0,0 +1,241 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+
+namespace nss_test {
+
+class TlsCipherOrderTest : public TlsConnectTestBase {
+ protected:
+ virtual void ConfigureTLS() {
+ EnsureTlsSetup();
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ }
+
+ virtual SECStatus BuildTestLists(std::vector<uint16_t> &cs_initial_list,
+ std::vector<uint16_t> &cs_new_list) {
+ // This is the current CipherSuites order of enabled CipherSuites as defined
+ // in ssl3con.c
+ const PRUint16 *kCipherSuites = SSL_GetImplementedCiphers();
+
+ for (unsigned int i = 0; i < kNumImplementedCiphers; i++) {
+ PRBool pref = PR_FALSE, policy = PR_FALSE;
+ SECStatus rv;
+ rv = SSL_CipherPolicyGet(kCipherSuites[i], &policy);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ rv = SSL_CipherPrefGetDefault(kCipherSuites[i], &pref);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ if (pref && policy) {
+ cs_initial_list.push_back(kCipherSuites[i]);
+ }
+ }
+
+ // We will test set function with the first 15 enabled ciphers.
+ const PRUint16 kNumCiphersToSet = 15;
+ for (unsigned int i = 0; i < kNumCiphersToSet; i++) {
+ cs_new_list.push_back(cs_initial_list[i]);
+ }
+ cs_new_list[0] = cs_initial_list[1];
+ cs_new_list[1] = cs_initial_list[0];
+ return SECSuccess;
+ }
+
+ public:
+ TlsCipherOrderTest() : TlsConnectTestBase(ssl_variant_stream, 0) {}
+ const unsigned int kNumImplementedCiphers = SSL_GetNumImplementedCiphers();
+};
+
+const PRUint16 kCSUnsupported[] = {20196, 10101};
+const PRUint16 kNumCSUnsupported = PR_ARRAY_SIZE(kCSUnsupported);
+const PRUint16 kCSEmpty[] = {0};
+
+// Get the active CipherSuites odered as they were compiled
+TEST_F(TlsCipherOrderTest, CipherOrderGet) {
+ std::vector<uint16_t> initial_cs_order;
+ std::vector<uint16_t> new_cs_order;
+ SECStatus result = BuildTestLists(initial_cs_order, new_cs_order);
+ ASSERT_EQ(result, SECSuccess);
+ ConfigureTLS();
+
+ std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ unsigned int current_num_active_cs = 0;
+ result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, initial_cs_order.size());
+ for (unsigned int i = 0; i < initial_cs_order.size(); i++) {
+ EXPECT_EQ(initial_cs_order[i], current_cs_order[i]);
+ }
+ // Get the chosen CipherSuite during the Handshake without any modification.
+ Connect();
+ SSLChannelInfo channel;
+ result = SSL_GetChannelInfo(client_->ssl_fd(), &channel, sizeof channel);
+ ASSERT_EQ(result, SECSuccess);
+ EXPECT_EQ(channel.cipherSuite, initial_cs_order[0]);
+}
+
+// The "server" used for gtests honor only its ciphersuites order.
+// So, we apply the new set for the server instead of client.
+// This is enough to test the effect of SSL_CipherSuiteOrderSet function.
+TEST_F(TlsCipherOrderTest, CipherOrderSet) {
+ std::vector<uint16_t> initial_cs_order;
+ std::vector<uint16_t> new_cs_order;
+ SECStatus result = BuildTestLists(initial_cs_order, new_cs_order);
+ ASSERT_EQ(result, SECSuccess);
+ ConfigureTLS();
+
+ // change the server_ ciphersuites order.
+ result = SSL_CipherSuiteOrderSet(server_->ssl_fd(), new_cs_order.data(),
+ new_cs_order.size());
+ ASSERT_EQ(result, SECSuccess);
+
+ // The function expect an array. We are using vector for VStudio
+ // compatibility.
+ std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ unsigned int current_num_active_cs = 0;
+ result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, new_cs_order.size());
+ for (unsigned int i = 0; i < new_cs_order.size(); i++) {
+ ASSERT_EQ(new_cs_order[i], current_cs_order[i]);
+ }
+
+ Connect();
+ SSLChannelInfo channel;
+ // changes in server_ order reflect in client chosen ciphersuite.
+ result = SSL_GetChannelInfo(client_->ssl_fd(), &channel, sizeof channel);
+ ASSERT_EQ(result, SECSuccess);
+ EXPECT_EQ(channel.cipherSuite, new_cs_order[0]);
+}
+
+// Duplicate socket configuration from a model.
+TEST_F(TlsCipherOrderTest, CipherOrderCopySocket) {
+ std::vector<uint16_t> initial_cs_order;
+ std::vector<uint16_t> new_cs_order;
+ SECStatus result = BuildTestLists(initial_cs_order, new_cs_order);
+ ASSERT_EQ(result, SECSuccess);
+ ConfigureTLS();
+
+ // Use the existing sockets for this test.
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(),
+ new_cs_order.size());
+ ASSERT_EQ(result, SECSuccess);
+
+ std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ unsigned int current_num_active_cs = 0;
+ result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, initial_cs_order.size());
+ for (unsigned int i = 0; i < current_num_active_cs; i++) {
+ ASSERT_EQ(initial_cs_order[i], current_cs_order[i]);
+ }
+
+ // Import/Duplicate configurations from client_ to server_
+ PRFileDesc *rv = SSL_ImportFD(client_->ssl_fd(), server_->ssl_fd());
+ EXPECT_NE(nullptr, rv);
+
+ result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, new_cs_order.size());
+ for (unsigned int i = 0; i < new_cs_order.size(); i++) {
+ EXPECT_EQ(new_cs_order.data()[i], current_cs_order[i]);
+ }
+}
+
+// If the infomed num of elements is lower than the actual list size, only the
+// first "informed num" elements will be considered. The rest is ignored.
+TEST_F(TlsCipherOrderTest, CipherOrderSetLower) {
+ std::vector<uint16_t> initial_cs_order;
+ std::vector<uint16_t> new_cs_order;
+ SECStatus result = BuildTestLists(initial_cs_order, new_cs_order);
+ ASSERT_EQ(result, SECSuccess);
+ ConfigureTLS();
+
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(),
+ new_cs_order.size() - 1);
+ ASSERT_EQ(result, SECSuccess);
+
+ std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ unsigned int current_num_active_cs = 0;
+ result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, new_cs_order.size() - 1);
+ for (unsigned int i = 0; i < new_cs_order.size() - 1; i++) {
+ ASSERT_EQ(new_cs_order.data()[i], current_cs_order[i]);
+ }
+}
+
+// Testing Errors Controls
+TEST_F(TlsCipherOrderTest, CipherOrderSetControls) {
+ std::vector<uint16_t> initial_cs_order;
+ std::vector<uint16_t> new_cs_order;
+ SECStatus result = BuildTestLists(initial_cs_order, new_cs_order);
+ ASSERT_EQ(result, SECSuccess);
+ ConfigureTLS();
+
+ // Create a new vector with diplicated entries
+ std::vector<uint16_t> repeated_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ std::copy(initial_cs_order.begin(), initial_cs_order.end(),
+ repeated_cs_order.begin());
+ repeated_cs_order[0] = repeated_cs_order[1];
+
+ // Repeated ciphersuites in the list
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), repeated_cs_order.data(),
+ initial_cs_order.size());
+ EXPECT_EQ(result, SECFailure);
+
+ // Zero size for the sent list
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(), 0);
+ EXPECT_EQ(result, SECFailure);
+
+ // Wrong size, greater than actual
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(),
+ SSL_GetNumImplementedCiphers() + 1);
+ EXPECT_EQ(result, SECFailure);
+
+ // Wrong ciphersuites, not implemented
+ result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), kCSUnsupported,
+ kNumCSUnsupported);
+ EXPECT_EQ(result, SECFailure);
+
+ // Null list
+ result =
+ SSL_CipherSuiteOrderSet(client_->ssl_fd(), nullptr, new_cs_order.size());
+ EXPECT_EQ(result, SECFailure);
+
+ // Empty list
+ result =
+ SSL_CipherSuiteOrderSet(client_->ssl_fd(), kCSEmpty, new_cs_order.size());
+ EXPECT_EQ(result, SECFailure);
+
+ // Confirm that the controls are working, as the current ciphersuites
+ // remained untouched
+ std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1);
+ unsigned int current_num_active_cs = 0;
+ result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(),
+ &current_num_active_cs);
+ ASSERT_EQ(result, SECSuccess);
+ ASSERT_EQ(current_num_active_cs, initial_cs_order.size());
+ for (unsigned int i = 0; i < initial_cs_order.size(); i++) {
+ ASSERT_EQ(initial_cs_order[i], current_cs_order[i]);
+ }
+}
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
index 194cbab47..7739fe76f 100644
--- a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -56,6 +56,9 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
std::vector<SSLNamedGroup> groups = {group_};
+ if (cert_group_ != ssl_grp_none) {
+ groups.push_back(cert_group_);
+ }
client_->ConfigNamedGroups(groups);
server_->ConfigNamedGroups(groups);
kea_type_ = SSLInt_GetKEAType(group_);
@@ -68,41 +71,48 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
virtual void SetupCertificate() {
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
switch (sig_scheme_) {
- case ssl_sig_rsa_pkcs1_sha256:
- case ssl_sig_rsa_pkcs1_sha384:
- case ssl_sig_rsa_pkcs1_sha512:
+ case ssl_sig_rsa_pss_rsae_sha256:
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha256" << std::endl;
Reset(TlsAgent::kServerRsaSign);
auth_type_ = ssl_auth_rsa_sign;
break;
- case ssl_sig_rsa_pss_rsae_sha256:
case ssl_sig_rsa_pss_rsae_sha384:
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha384" << std::endl;
Reset(TlsAgent::kServerRsaSign);
auth_type_ = ssl_auth_rsa_sign;
break;
case ssl_sig_rsa_pss_rsae_sha512:
// You can't fit SHA-512 PSS in a 1024-bit key.
+ std::cerr << "Signature scheme: rsa_pss_rsae_sha512" << std::endl;
Reset(TlsAgent::kRsa2048);
auth_type_ = ssl_auth_rsa_sign;
break;
case ssl_sig_rsa_pss_pss_sha256:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha256" << std::endl;
Reset(TlsAgent::kServerRsaPss);
auth_type_ = ssl_auth_rsa_pss;
break;
case ssl_sig_rsa_pss_pss_sha384:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha384" << std::endl;
Reset("rsa_pss384");
auth_type_ = ssl_auth_rsa_pss;
break;
case ssl_sig_rsa_pss_pss_sha512:
+ std::cerr << "Signature scheme: rsa_pss_pss_sha512" << std::endl;
Reset("rsa_pss512");
auth_type_ = ssl_auth_rsa_pss;
break;
case ssl_sig_ecdsa_secp256r1_sha256:
+ std::cerr << "Signature scheme: ecdsa_secp256r1_sha256" << std::endl;
Reset(TlsAgent::kServerEcdsa256);
auth_type_ = ssl_auth_ecdsa;
+ cert_group_ = ssl_grp_ec_secp256r1;
break;
case ssl_sig_ecdsa_secp384r1_sha384:
+ std::cerr << "Signature scheme: ecdsa_secp384r1_sha384" << std::endl;
Reset(TlsAgent::kServerEcdsa384);
auth_type_ = ssl_auth_ecdsa;
+ cert_group_ = ssl_grp_ec_secp384r1;
break;
default:
ADD_FAILURE() << "Unsupported signature scheme: " << sig_scheme_;
@@ -118,9 +128,11 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
break;
case ssl_auth_ecdsa:
Reset(TlsAgent::kServerEcdsa256);
+ cert_group_ = ssl_grp_ec_secp256r1;
break;
case ssl_auth_ecdh_ecdsa:
Reset(TlsAgent::kServerEcdhEcdsa);
+ cert_group_ = ssl_grp_ec_secp256r1;
break;
case ssl_auth_ecdh_rsa:
Reset(TlsAgent::kServerEcdhRsa);
@@ -198,6 +210,7 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase {
SSLAuthType auth_type_;
SSLKEAType kea_type_;
SSLNamedGroup group_;
+ SSLNamedGroup cert_group_ = ssl_grp_none;
SSLSignatureScheme sig_scheme_;
SSLCipherSuiteInfo csinfo_;
};
@@ -330,6 +343,12 @@ static SSLSignatureScheme kSignatureSchemesParamsArr[] = {
ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
ssl_sig_rsa_pss_pss_sha512};
+static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
+ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
+ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
+ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
+ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
+
INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
kDummySignatureSchemesParams,
TLS_RSA_WITH_RC4_128_SHA,
@@ -394,7 +413,7 @@ INSTANTIATE_CIPHER_TEST_P(
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
::testing::ValuesIn(kFasterDHEGroups),
- ::testing::ValuesIn(kSignatureSchemesParamsArr),
+ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_256_GCM_SHA384);
INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index 0723c9bee..9cbe9566f 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -62,7 +62,6 @@ TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
EnsureTlsSetup();
auto filter = MakeTlsFilter<TlsLastByteDamager>(
server_, kTlsHandshakeServerKeyExchange);
- filter->EnableDecryption();
ExpectAlert(client_, kTlsAlertDecryptError);
ConnectExpectFail();
client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
@@ -84,7 +83,9 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
server_->RequestClientAuth(true);
auto filter = MakeTlsFilter<TlsLastByteDamager>(
client_, kTlsHandshakeCertificateVerify);
- filter->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ filter->EnableDecryption();
+ }
server_->ExpectSendAlert(kTlsAlertDecryptError);
// Do these handshakes by hand to avoid race condition on
// the client processing the server's alert.
diff --git a/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc
new file mode 100644
index 000000000..59ec3d393
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <cstdlib>
+#include <fstream>
+#include <sstream>
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+extern "C" {
+extern FILE* ssl_trace_iob;
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+extern FILE* ssl_keylog_iob;
+#endif
+}
+
+// These tests ensure that when the associated environment variables are unset
+// that the lazily-initialized defaults are what they are supposed to be.
+
+#ifdef DEBUG
+TEST_P(TlsConnectGeneric, DebugEnvTraceFileNotSet) {
+ char* ev = PR_GetEnvSecure("SSLDEBUGFILE");
+ if (ev && ev[0]) {
+ // note: should use GTEST_SKIP when GTest gets updated to support it
+ return;
+ }
+
+ Connect();
+ EXPECT_EQ(stderr, ssl_trace_iob);
+}
+#endif
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+TEST_P(TlsConnectGeneric, DebugEnvKeylogFileNotSet) {
+ char* ev = PR_GetEnvSecure("SSLKEYLOGFILE");
+ if (ev && ev[0]) {
+ // note: should use GTEST_SKIP when GTest gets updated to support it
+ return;
+ }
+
+ Connect();
+ EXPECT_EQ(nullptr, ssl_keylog_iob);
+}
+#endif
+
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
index f1ccc2864..0fe88ea88 100644
--- a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
@@ -682,4 +682,100 @@ TEST_P(TlsConnectTls12, ConnectInconsistentSigAlgDHE) {
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
}
+static void CheckSkeSigScheme(
+ std::shared_ptr<TlsHandshakeRecorder>& capture_ske,
+ uint16_t expected_scheme) {
+ TlsParser parser(capture_ske->buffer());
+ EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_p";
+ EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_q";
+ EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_Ys";
+
+ uint32_t tmp;
+ EXPECT_TRUE(parser.Read(&tmp, 2)) << " read sig_scheme";
+ EXPECT_EQ(expected_scheme, static_cast<uint16_t>(tmp));
+}
+
+TEST_P(TlsConnectTls12, ConnectSigAlgEnabledByPolicyDhe) {
+ EnableOnlyDheCiphers();
+
+ const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1,
+ ssl_sig_rsa_pkcs1_sha384};
+
+ EnsureTlsSetup();
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ server_->SetSignatureSchemes(schemes.data(), schemes.size());
+ auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>(
+ server_, kTlsHandshakeServerKeyExchange);
+
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+
+ // Enable SHA-1 by policy.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SSL_KX, 0);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Handshake(); // Remainder of handshake
+ // The server should now report that it is connected
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+ CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha1);
+}
+
+TEST_P(TlsConnectTls12, ConnectSigAlgDisabledByPolicyDhe) {
+ EnableOnlyDheCiphers();
+
+ const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1,
+ ssl_sig_rsa_pkcs1_sha384};
+
+ EnsureTlsSetup();
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ server_->SetSignatureSchemes(schemes.data(), schemes.size());
+ auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>(
+ server_, kTlsHandshakeServerKeyExchange);
+
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+
+ // Disable SHA-1 by policy after sending ClientHello so that CH
+ // includes SHA-1 signature scheme.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Handshake(); // Remainder of handshake
+ // The server should now report that it is connected
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+ CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha384);
+}
+
+TEST_P(TlsConnectPre12, ConnectSigAlgDisabledByPolicyDhePre12) {
+ EnableOnlyDheCiphers();
+
+ EnsureTlsSetup();
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+
+ // Disable SHA-1 by policy. This will cause the connection fail as
+ // TLS 1.1 or earlier uses combined SHA-1 + MD5 signature.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ server_->ExpectSendAlert(kTlsAlertHandshakeFailure);
+ client_->ExpectReceiveAlert(kTlsAlertHandshakeFailure);
+
+ // Remainder of handshake
+ Handshake();
+
+ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+}
+
} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
index f25efc77a..b441b5c10 100644
--- a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
@@ -66,6 +66,38 @@ TEST_P(TlsConnectDatagramPre13, DropServerSecondFlightThrice) {
Connect();
}
+static void CheckAcks(const std::shared_ptr<TlsRecordRecorder>& acks,
+ size_t index, std::vector<uint64_t> expected) {
+ ASSERT_LT(index, acks->count());
+ const DataBuffer& buf = acks->record(index).buffer;
+ size_t offset = 2;
+ uint64_t len;
+
+ EXPECT_EQ(2 + expected.size() * 8, buf.len());
+ ASSERT_TRUE(buf.Read(0, 2, &len));
+ ASSERT_EQ(static_cast<size_t>(len + 2), buf.len());
+ if ((2 + expected.size() * 8) != buf.len()) {
+ while (offset < buf.len()) {
+ uint64_t ack;
+ ASSERT_TRUE(buf.Read(offset, 8, &ack));
+ offset += 8;
+ std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl;
+ }
+ return;
+ }
+
+ for (size_t i = 0; i < expected.size(); ++i) {
+ uint64_t a = expected[i];
+ uint64_t ack;
+ ASSERT_TRUE(buf.Read(offset, 8, &ack));
+ offset += 8;
+ if (a != ack) {
+ ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a
+ << " got=0x" << ack << std::dec;
+ }
+ }
+}
+
class TlsDropDatagram13 : public TlsConnectDatagram13,
public ::testing::WithParamInterface<bool> {
public:
@@ -139,37 +171,6 @@ class TlsDropDatagram13 : public TlsConnectDatagram13,
std::shared_ptr<PacketFilter> chain_;
};
- void CheckAcks(const DropAckChain& chain, size_t index,
- std::vector<uint64_t> acks) {
- const DataBuffer& buf = chain.ack_->record(index).buffer;
- size_t offset = 2;
- uint64_t len;
-
- EXPECT_EQ(2 + acks.size() * 8, buf.len());
- ASSERT_TRUE(buf.Read(0, 2, &len));
- ASSERT_EQ(static_cast<size_t>(len + 2), buf.len());
- if ((2 + acks.size() * 8) != buf.len()) {
- while (offset < buf.len()) {
- uint64_t ack;
- ASSERT_TRUE(buf.Read(offset, 8, &ack));
- offset += 8;
- std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl;
- }
- return;
- }
-
- for (size_t i = 0; i < acks.size(); ++i) {
- uint64_t a = acks[i];
- uint64_t ack;
- ASSERT_TRUE(buf.Read(offset, 8, &ack));
- offset += 8;
- if (a != ack) {
- ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a
- << " got=0x" << ack << std::dec;
- }
- }
- }
-
void CheckedHandshakeSendReceive() {
Handshake();
CheckPostHandshake();
@@ -199,7 +200,7 @@ TEST_P(TlsDropDatagram13, DropClientFirstFlightOnce) {
client_->Handshake();
server_->Handshake();
CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
TEST_P(TlsDropDatagram13, DropServerFirstFlightOnce) {
@@ -210,7 +211,7 @@ TEST_P(TlsDropDatagram13, DropServerFirstFlightOnce) {
server_->Handshake();
server_filters_.drop_->Disable();
CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// Dropping the server's first record also does not produce
@@ -223,7 +224,7 @@ TEST_P(TlsDropDatagram13, DropServerFirstRecordOnce) {
server_->Handshake();
Handshake();
CheckedHandshakeSendReceive();
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// Dropping the second packet of the server's flight should
@@ -236,8 +237,8 @@ TEST_P(TlsDropDatagram13, DropServerSecondRecordOnce) {
HandshakeAndAck(client_);
expected_client_acks_ = 1;
CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0, {0}); // ServerHello
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(client_filters_.ack_, 0, {0}); // ServerHello
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// Drop the server ACK and verify that the client retransmits
@@ -265,8 +266,8 @@ TEST_P(TlsDropDatagram13, DropServerAckOnce) {
EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
CheckPostHandshake();
// There should be two copies of the finished ACK
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- CheckAcks(server_filters_, 1, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 1, {0x0002000000000000ULL});
}
// Drop the client certificate verify.
@@ -281,10 +282,10 @@ TEST_P(TlsDropDatagram13, DropClientCertVerify) {
expected_server_acks_ = 2;
CheckedHandshakeSendReceive();
// Ack of the Cert.
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
// Ack of the whole client handshake.
CheckAcks(
- server_filters_, 1,
+ server_filters_.ack_, 1,
{0x0002000000000000ULL, // CH (we drop everything after this on client)
0x0002000000000003ULL, // CT (2)
0x0002000000000004ULL}); // FIN (2)
@@ -310,11 +311,11 @@ TEST_P(TlsDropDatagram13, DropFirstHalfOfServerCertificate) {
// as the previous CT1).
EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
+ CheckAcks(client_filters_.ack_, 0,
{0, // SH
0x0002000000000000ULL, // EE
0x0002000000000002ULL}); // CT2
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// Shrink the MTU down so that certs get split and drop the second piece.
@@ -336,13 +337,13 @@ TEST_P(TlsDropDatagram13, DropSecondHalfOfServerCertificate) {
// Check that the first record is CT1
EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len());
CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
+ CheckAcks(client_filters_.ack_, 0,
{
0, // SH
0x0002000000000000ULL, // EE
0x0002000000000001ULL, // CT1
});
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// In this test, the Certificate message is sent four times, we drop all or part
@@ -392,18 +393,18 @@ class TlsFragmentationAndRecoveryTest : public TlsDropDatagram13 {
0, // SH
0x0002000000000000ULL // EE
};
- CheckAcks(client_filters_, 0, client_acks);
+ CheckAcks(client_filters_.ack_, 0, client_acks);
// And from the second attempt for the half was kept (we delayed this ACK).
client_acks.push_back(0x0002000000000000ULL + second_flight_count +
~dropped_half % 2);
- CheckAcks(client_filters_, 1, client_acks);
+ CheckAcks(client_filters_.ack_, 1, client_acks);
// And the third attempt where the first and last thirds got through.
client_acks.push_back(0x0002000000000000ULL + second_flight_count +
third_flight_count - 1);
client_acks.push_back(0x0002000000000000ULL + second_flight_count +
third_flight_count + 1);
- CheckAcks(client_filters_, 2, client_acks);
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(client_filters_.ack_, 2, client_acks);
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
private:
@@ -548,7 +549,7 @@ TEST_P(TlsDropDatagram13, NoDropsDuringZeroRtt) {
CheckConnected();
SendReceive();
EXPECT_EQ(0U, client_filters_.ack_->count());
- CheckAcks(server_filters_, 0,
+ CheckAcks(server_filters_.ack_, 0,
{0x0001000000000001ULL, // EOED
0x0002000000000000ULL}); // Finished
}
@@ -567,8 +568,8 @@ TEST_P(TlsDropDatagram13, DropEEDuringZeroRtt) {
ExpectEarlyDataAccepted(true);
CheckConnected();
SendReceive();
- CheckAcks(client_filters_, 0, {0});
- CheckAcks(server_filters_, 0,
+ CheckAcks(client_filters_.ack_, 0, {0});
+ CheckAcks(server_filters_.ack_, 0,
{0x0001000000000002ULL, // EOED
0x0002000000000000ULL}); // Finished
}
@@ -608,22 +609,22 @@ TEST_P(TlsDropDatagram13, ReorderServerEE) {
expected_client_acks_ = 1;
HandshakeAndAck(client_);
CheckedHandshakeSendReceive();
- CheckAcks(client_filters_, 0,
+ CheckAcks(client_filters_.ack_, 0,
{
0, // SH
0x0002000000000000, // EE
});
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
// The client sends an out of order non-handshake message
// but with the handshake key.
class TlsSendCipherSpecCapturer {
public:
- TlsSendCipherSpecCapturer(std::shared_ptr<TlsAgent>& agent)
- : send_cipher_specs_() {
- SSLInt_SetCipherSpecChangeFunc(agent->ssl_fd(), CipherSpecChanged,
- (void*)this);
+ TlsSendCipherSpecCapturer(const std::shared_ptr<TlsAgent>& agent)
+ : agent_(agent), send_cipher_specs_() {
+ EXPECT_EQ(SECSuccess,
+ SSL_SecretCallback(agent_->ssl_fd(), SecretCallback, this));
}
std::shared_ptr<TlsCipherSpec> spec(size_t i) {
@@ -634,28 +635,42 @@ class TlsSendCipherSpecCapturer {
}
private:
- static void CipherSpecChanged(void* arg, PRBool sending,
- ssl3CipherSpec* newSpec) {
- if (!sending) {
+ static void SecretCallback(PRFileDesc* fd, PRUint16 epoch,
+ SSLSecretDirection dir, PK11SymKey* secret,
+ void* arg) {
+ auto self = static_cast<TlsSendCipherSpecCapturer*>(arg);
+ std::cerr << self->agent_->role_str() << ": capture " << dir
+ << " secret for epoch " << epoch << std::endl;
+
+ if (dir == ssl_secret_read) {
return;
}
- auto self = static_cast<TlsSendCipherSpecCapturer*>(arg);
-
- auto spec = std::make_shared<TlsCipherSpec>();
- bool ret = spec->Init(SSLInt_CipherSpecToEpoch(newSpec),
- SSLInt_CipherSpecToAlgorithm(newSpec),
- SSLInt_CipherSpecToKey(newSpec),
- SSLInt_CipherSpecToIv(newSpec));
- EXPECT_EQ(true, ret);
+ SSLPreliminaryChannelInfo preinfo;
+ EXPECT_EQ(SECSuccess,
+ SSL_GetPreliminaryChannelInfo(self->agent_->ssl_fd(), &preinfo,
+ sizeof(preinfo)));
+ EXPECT_EQ(sizeof(preinfo), preinfo.length);
+ EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite);
+
+ SSLCipherSuiteInfo cipherinfo;
+ EXPECT_EQ(SECSuccess,
+ SSL_GetCipherSuiteInfo(preinfo.cipherSuite, &cipherinfo,
+ sizeof(cipherinfo)));
+ EXPECT_EQ(sizeof(cipherinfo), cipherinfo.length);
+
+ auto spec = std::make_shared<TlsCipherSpec>(true, epoch);
+ EXPECT_TRUE(spec->SetKeys(&cipherinfo, secret));
self->send_cipher_specs_.push_back(spec);
}
+ std::shared_ptr<TlsAgent> agent_;
std::vector<std::shared_ptr<TlsCipherSpec>> send_cipher_specs_;
};
-TEST_P(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) {
+TEST_F(TlsConnectDatagram13, SendOutOfOrderAppWithHandshakeKey) {
StartConnect();
+ // Capturing secrets means that we can't use decrypting filters on the client.
TlsSendCipherSpecCapturer capturer(client_);
client_->Handshake();
server_->Handshake();
@@ -680,9 +695,12 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) {
EXPECT_EQ(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, PORT_GetError());
}
-TEST_P(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
+TEST_F(TlsConnectDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
StartConnect();
TlsSendCipherSpecCapturer capturer(client_);
+ auto acks = MakeTlsFilter<TlsRecordRecorder>(server_, ssl_ct_ack);
+ acks->EnableDecryption();
+
client_->Handshake();
server_->Handshake();
client_->Handshake();
@@ -699,10 +717,10 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) {
ssl_ct_handshake,
DataBuffer(buf, sizeof(buf))));
server_->Handshake();
- EXPECT_EQ(2UL, server_filters_.ack_->count());
+ EXPECT_EQ(2UL, acks->count());
// The server acknowledges client Finished twice.
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
- CheckAcks(server_filters_, 1, {0x0002000000000000ULL});
+ CheckAcks(acks, 0, {0x0002000000000000ULL});
+ CheckAcks(acks, 1, {0x0002000000000000ULL});
}
// Shrink the MTU down so that certs get split and then swap the first and
@@ -726,7 +744,7 @@ TEST_P(TlsReorderDatagram13, ReorderServerCertificate) {
ShiftDtlsTimers();
CheckedHandshakeSendReceive();
EXPECT_EQ(2UL, server_filters_.records_->count()); // ACK + Data
- CheckAcks(server_filters_, 0, {0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL});
}
TEST_P(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) {
@@ -761,7 +779,8 @@ TEST_P(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) {
CheckConnected();
EXPECT_EQ(0U, client_filters_.ack_->count());
// Acknowledgements for EOED and Finished.
- CheckAcks(server_filters_, 0, {0x0001000000000002ULL, 0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0,
+ {0x0001000000000002ULL, 0x0002000000000000ULL});
uint8_t buf[8];
rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
EXPECT_EQ(-1, rv);
@@ -800,7 +819,8 @@ TEST_P(TlsReorderDatagram13, DataAfterFinDuringZeroRtt) {
CheckConnected();
EXPECT_EQ(0U, client_filters_.ack_->count());
// Acknowledgements for EOED and Finished.
- CheckAcks(server_filters_, 0, {0x0001000000000002ULL, 0x0002000000000000ULL});
+ CheckAcks(server_filters_.ack_, 0,
+ {0x0001000000000002ULL, 0x0002000000000000ULL});
uint8_t buf[8];
rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
EXPECT_EQ(-1, rv);
diff --git a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
index f1cf1fabc..e62e002f3 100644
--- a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
@@ -666,6 +666,80 @@ TEST_P(TlsConnectTls12, ConnectIncorrectSigAlg) {
client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
}
+static void CheckSkeSigScheme(
+ std::shared_ptr<TlsHandshakeRecorder> &capture_ske,
+ uint16_t expected_scheme) {
+ TlsParser parser(capture_ske->buffer());
+ uint32_t tmp = 0;
+ EXPECT_TRUE(parser.Read(&tmp, 1)) << " read curve_type";
+ EXPECT_EQ(3U, tmp) << "curve type has to be 3";
+ EXPECT_TRUE(parser.Skip(2)) << " read namedcurve";
+ EXPECT_TRUE(parser.SkipVariable(1)) << " read public";
+
+ EXPECT_TRUE(parser.Read(&tmp, 2)) << " read sig_scheme";
+ EXPECT_EQ(expected_scheme, static_cast<uint16_t>(tmp));
+}
+
+TEST_P(TlsConnectTls12, ConnectSigAlgEnabledByPolicy) {
+ EnsureTlsSetup();
+ client_->DisableAllCiphers();
+ client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+ const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1,
+ ssl_sig_rsa_pkcs1_sha384};
+
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ server_->SetSignatureSchemes(schemes.data(), schemes.size());
+ auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>(
+ server_, kTlsHandshakeServerKeyExchange);
+
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+
+ // Enable SHA-1 by policy.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SSL_KX, 0);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Handshake(); // Remainder of handshake
+ // The server should now report that it is connected
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+ CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha1);
+}
+
+TEST_P(TlsConnectTls12, ConnectSigAlgDisabledByPolicy) {
+ EnsureTlsSetup();
+ client_->DisableAllCiphers();
+ client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+ const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1,
+ ssl_sig_rsa_pkcs1_sha384};
+
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ server_->SetSignatureSchemes(schemes.data(), schemes.size());
+ auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>(
+ server_, kTlsHandshakeServerKeyExchange);
+
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+
+ // Disable SHA-1 by policy.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Handshake(); // Remainder of handshake
+ // The server should now report that it is connected
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+ CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha384);
+}
+
INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV11Plus));
diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
index 5819af746..d7f350c8c 100644
--- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {
}
TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
- // 31 unknown signature algorithms followed by sha-256, rsa
+ // 31 unknown signature algorithms followed by sha-256, rsa-pss
const uint8_t val[] = {
0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
DataBuffer extension(val, sizeof(val));
MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
extension);
@@ -482,6 +482,73 @@ TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) {
client_, ssl_elliptic_curves_xtn, extension));
}
+TEST_P(TlsExtensionTest12, SupportedCurvesDisableX25519) {
+ // Disable session resumption.
+ ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+
+ // Ensure that we can enable its use in the key exchange.
+ SECStatus rv =
+ NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, NSS_USE_ALG_IN_SSL_KX, 0);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ auto capture1 =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_elliptic_curves_xtn);
+ Connect();
+
+ EXPECT_TRUE(capture1->captured());
+ const DataBuffer& ext1 = capture1->extension();
+
+ uint32_t count;
+ ASSERT_TRUE(ext1.Read(0, 2, &count));
+
+ // Whether or not we've seen x25519 offered in this handshake.
+ bool seen1_x25519 = false;
+ for (size_t offset = 2; offset <= count; offset++) {
+ uint32_t val;
+ ASSERT_TRUE(ext1.Read(offset, 2, &val));
+ if (val == ssl_grp_ec_curve25519) {
+ seen1_x25519 = true;
+ break;
+ }
+ }
+ ASSERT_TRUE(seen1_x25519);
+
+ // Ensure that we can disable its use in the key exchange.
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 0, NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ // Clean up after the last run.
+ Reset();
+ auto capture2 =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_elliptic_curves_xtn);
+ Connect();
+
+ EXPECT_TRUE(capture2->captured());
+ const DataBuffer& ext2 = capture2->extension();
+
+ ASSERT_TRUE(ext2.Read(0, 2, &count));
+
+ // Whether or not we've seen x25519 offered in this handshake.
+ bool seen2_x25519 = false;
+ for (size_t offset = 2; offset <= count; offset++) {
+ uint32_t val;
+ ASSERT_TRUE(ext2.Read(offset, 2, &val));
+
+ if (val == ssl_grp_ec_curve25519) {
+ seen2_x25519 = true;
+ break;
+ }
+ }
+
+ ASSERT_FALSE(seen2_x25519);
+}
+
TEST_P(TlsExtensionTestPre13, SupportedPointsEmpty) {
const uint8_t val[] = {0x00};
DataBuffer extension(val, sizeof(val));
@@ -547,6 +614,56 @@ TEST_P(TlsExtensionTest12, SignatureAlgorithmConfiguration) {
}
}
+// This only works on TLS 1.2, since it relies on DSA.
+TEST_P(TlsExtensionTest12, SignatureAlgorithmDisableDSA) {
+ const std::vector<SSLSignatureScheme> schemes = {
+ ssl_sig_dsa_sha1, ssl_sig_dsa_sha256, ssl_sig_dsa_sha384,
+ ssl_sig_dsa_sha512, ssl_sig_rsa_pss_rsae_sha256};
+
+ // Connect with DSA enabled by policy.
+ SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE,
+ NSS_USE_ALG_IN_SSL_KX, 0);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Reset(TlsAgent::kServerDsa);
+ auto capture1 =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn);
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ Connect();
+
+ // Check if all the signature algorithms are advertised.
+ EXPECT_TRUE(capture1->captured());
+ const DataBuffer& ext1 = capture1->extension();
+ EXPECT_EQ(2U + 2U * schemes.size(), ext1.len());
+
+ // Connect with DSA disabled by policy.
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, 0,
+ NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL,
+ 0);
+ ASSERT_EQ(SECSuccess, rv);
+
+ Reset(TlsAgent::kServerDsa);
+ auto capture2 =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn);
+ client_->SetSignatureSchemes(schemes.data(), schemes.size());
+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
+ server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+
+ // Check if no DSA algorithms are advertised.
+ EXPECT_TRUE(capture2->captured());
+ const DataBuffer& ext2 = capture2->extension();
+ EXPECT_EQ(2U + 2U, ext2.len());
+ uint32_t v = 0;
+ EXPECT_TRUE(ext2.Read(2, 2, &v));
+ EXPECT_EQ(ssl_sig_rsa_pss_rsae_sha256, v);
+}
+
// Temporary test to verify that we choke on an empty ClientKeyShare.
// This test will fail when we implement HelloRetryRequest.
TEST_P(TlsExtensionTest13, EmptyClientKeyShare) {
@@ -1121,6 +1238,10 @@ INSTANTIATE_TEST_CASE_P(
INSTANTIATE_TEST_CASE_P(ExtensionDatagramOnly, TlsExtensionTestDtls,
TlsConnectTestBase::kTlsV11Plus);
+INSTANTIATE_TEST_CASE_P(ExtensionTls12, TlsExtensionTest12,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
+ TlsConnectTestBase::kTlsV12));
+
INSTANTIATE_TEST_CASE_P(ExtensionTls12Plus, TlsExtensionTest12Plus,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
TlsConnectTestBase::kTlsV12Plus));
diff --git a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
index f033b7843..b222f15cb 100644
--- a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
@@ -22,7 +22,7 @@ namespace nss_test {
const uint8_t kShortEmptyFinished[8] = {0};
const uint8_t kLongEmptyFinished[128] = {0};
-class TlsFuzzTest : public ::testing::Test {};
+class TlsFuzzTest : public TlsConnectGeneric {};
// Record the application data stream.
class TlsApplicationDataRecorder : public TlsRecordFilter {
@@ -46,16 +46,9 @@ class TlsApplicationDataRecorder : public TlsRecordFilter {
DataBuffer buffer_;
};
-// Ensure that ssl_Time() returns a constant value.
-FUZZ_F(TlsFuzzTest, SSL_Time_Constant) {
- PRUint32 now = ssl_TimeSec();
- PR_Sleep(PR_SecondsToInterval(2));
- EXPECT_EQ(ssl_TimeSec(), now);
-}
-
// Check that due to the deterministic PRNG we derive
// the same master secret in two consecutive TLS sessions.
-FUZZ_P(TlsConnectGeneric, DeterministicExporter) {
+FUZZ_P(TlsFuzzTest, DeterministicExporter) {
const char kLabel[] = "label";
std::vector<unsigned char> out1(32), out2(32);
@@ -95,7 +88,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicExporter) {
// Check that due to the deterministic RNG two consecutive
// TLS sessions will have the exact same transcript.
-FUZZ_P(TlsConnectGeneric, DeterministicTranscript) {
+FUZZ_P(TlsFuzzTest, DeterministicTranscript) {
// Make sure we have RSA blinding params.
Connect();
@@ -130,9 +123,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicTranscript) {
// with all supported TLS versions, STREAM and DGRAM.
// Check that records are NOT encrypted.
// Check that records don't have a MAC.
-FUZZ_P(TlsConnectGeneric, ConnectSendReceive_NullCipher) {
- EnsureTlsSetup();
-
+FUZZ_P(TlsFuzzTest, ConnectSendReceive_NullCipher) {
// Set up app data filters.
auto client_recorder = MakeTlsFilter<TlsApplicationDataRecorder>(client_);
auto server_recorder = MakeTlsFilter<TlsApplicationDataRecorder>(server_);
@@ -157,7 +148,7 @@ FUZZ_P(TlsConnectGeneric, ConnectSendReceive_NullCipher) {
}
// Check that an invalid Finished message doesn't abort the connection.
-FUZZ_P(TlsConnectGeneric, BogusClientFinished) {
+FUZZ_P(TlsFuzzTest, BogusClientFinished) {
EnsureTlsSetup();
MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>(
@@ -168,7 +159,7 @@ FUZZ_P(TlsConnectGeneric, BogusClientFinished) {
}
// Check that an invalid Finished message doesn't abort the connection.
-FUZZ_P(TlsConnectGeneric, BogusServerFinished) {
+FUZZ_P(TlsFuzzTest, BogusServerFinished) {
EnsureTlsSetup();
MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>(
@@ -179,7 +170,7 @@ FUZZ_P(TlsConnectGeneric, BogusServerFinished) {
}
// Check that an invalid server auth signature doesn't abort the connection.
-FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) {
+FUZZ_P(TlsFuzzTest, BogusServerAuthSignature) {
EnsureTlsSetup();
uint8_t msg_type = version_ == SSL_LIBRARY_VERSION_TLS_1_3
? kTlsHandshakeCertificateVerify
@@ -190,7 +181,7 @@ FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) {
}
// Check that an invalid client auth signature doesn't abort the connection.
-FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) {
+FUZZ_P(TlsFuzzTest, BogusClientAuthSignature) {
EnsureTlsSetup();
client_->SetupClientAuth();
server_->RequestClientAuth(true);
@@ -199,7 +190,7 @@ FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) {
}
// Check that session ticket resumption works.
-FUZZ_P(TlsConnectGeneric, SessionTicketResumption) {
+FUZZ_P(TlsFuzzTest, SessionTicketResumption) {
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
Connect();
SendReceive();
@@ -212,7 +203,7 @@ FUZZ_P(TlsConnectGeneric, SessionTicketResumption) {
}
// Check that session tickets are not encrypted.
-FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) {
+FUZZ_P(TlsFuzzTest, UnencryptedSessionTickets) {
ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
auto filter = MakeTlsFilter<TlsHandshakeRecorder>(
@@ -220,23 +211,45 @@ FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) {
Connect();
std::cerr << "ticket" << filter->buffer() << std::endl;
- size_t offset = 4; /* lifetime */
+ size_t offset = 4; // Skip lifetime.
+
if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
- offset += 4; /* ticket_age_add */
+ offset += 4; // Skip ticket_age_add.
uint32_t nonce_len = 0;
EXPECT_TRUE(filter->buffer().Read(offset, 1, &nonce_len));
offset += 1 + nonce_len;
}
- offset += 2 + /* ticket length */
- 2; /* TLS_EX_SESS_TICKET_VERSION */
+
+ offset += 2; // Skip the ticket length.
+
+ // This bit parses the contents of the ticket, which would ordinarily be
+ // encrypted. Start by checking that we have the right version. This needs
+ // to be updated every time that TLS_EX_SESS_TICKET_VERSION is changed. But
+ // we don't use the #define. That way, any time that code is updated, this
+ // test will fail unless it is manually checked.
+ uint32_t ticket_version;
+ EXPECT_TRUE(filter->buffer().Read(offset, 2, &ticket_version));
+ EXPECT_EQ(0x010aU, ticket_version);
+ offset += 2;
+
// Check the protocol version number.
uint32_t tls_version = 0;
EXPECT_TRUE(filter->buffer().Read(offset, sizeof(version_), &tls_version));
EXPECT_EQ(version_, static_cast<decltype(version_)>(tls_version));
+ offset += sizeof(version_);
// Check the cipher suite.
uint32_t suite = 0;
- EXPECT_TRUE(filter->buffer().Read(offset + sizeof(version_), 2, &suite));
+ EXPECT_TRUE(filter->buffer().Read(offset, 2, &suite));
client_->CheckCipherSuite(static_cast<uint16_t>(suite));
}
-}
+
+INSTANTIATE_TEST_CASE_P(
+ FuzzStream, TlsFuzzTest,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
+ TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(
+ FuzzDatagram, TlsFuzzTest,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
+ TlsConnectTestBase::kTlsV11Plus));
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
index be1c4ea32..6cff0fc9d 100644
--- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -18,9 +18,11 @@
'ssl_agent_unittest.cc',
'ssl_auth_unittest.cc',
'ssl_cert_ext_unittest.cc',
+ 'ssl_cipherorder_unittest.cc',
'ssl_ciphersuite_unittest.cc',
'ssl_custext_unittest.cc',
'ssl_damage_unittest.cc',
+ 'ssl_debug_env_unittest.cc',
'ssl_dhe_unittest.cc',
'ssl_drop_unittest.cc',
'ssl_ecdh_unittest.cc',
@@ -32,11 +34,12 @@
'ssl_gather_unittest.cc',
'ssl_gtest.cc',
'ssl_hrr_unittest.cc',
- 'ssl_keylog_unittest.cc',
'ssl_keyupdate_unittest.cc',
'ssl_loopback_unittest.cc',
'ssl_misc_unittest.cc',
+ 'ssl_primitive_unittest.cc',
'ssl_record_unittest.cc',
+ 'ssl_recordsep_unittest.cc',
'ssl_recordsize_unittest.cc',
'ssl_resumption_unittest.cc',
'ssl_renegotiation_unittest.cc',
@@ -52,7 +55,8 @@
'tls_filter.cc',
'tls_hkdf_unittest.cc',
'tls_esni_unittest.cc',
- 'tls_protect.cc'
+ 'tls_protect.cc',
+ 'tls_subcerts_unittest.cc'
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
@@ -74,7 +78,7 @@
'<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
- [ 'test_build==1', {
+ [ 'static_libs==1', {
'dependencies': [
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
@@ -91,6 +95,14 @@
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
],
}],
+ [ 'enable_sslkeylogfile==1 and sanitizer_flags==0', {
+ 'sources': [
+ 'ssl_keylog_unittest.cc',
+ ],
+ 'defines': [
+ 'NSS_ALLOW_SSLKEYLOGFILE',
+ ],
+ }],
],
}
],
diff --git a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
index 322b64837..4713e52a2 100644
--- a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
@@ -4,8 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifdef NSS_ALLOW_SSLKEYLOGFILE
-
#include <cstdlib>
#include <fstream>
#include <sstream>
@@ -15,20 +13,59 @@
namespace nss_test {
-static const std::string keylog_file_path = "keylog.txt";
-static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path;
+static const std::string kKeylogFilePath = "keylog.txt";
+static const std::string kKeylogBlankEnv = "SSLKEYLOGFILE=";
+static const std::string kKeylogSetEnv = kKeylogBlankEnv + kKeylogFilePath;
+
+extern "C" {
+extern FILE* ssl_keylog_iob;
+}
+
+class KeyLogFileTestBase : public TlsConnectGeneric {
+ private:
+ std::string env_to_set_;
-class KeyLogFileTest : public TlsConnectGeneric {
public:
+ virtual void CheckKeyLog() = 0;
+
+ KeyLogFileTestBase(std::string env) : env_to_set_(env) {}
+
void SetUp() override {
TlsConnectGeneric::SetUp();
// Remove previous results (if any).
- (void)remove(keylog_file_path.c_str());
- PR_SetEnv(keylog_env.c_str());
+ (void)remove(kKeylogFilePath.c_str());
+ PR_SetEnv(env_to_set_.c_str());
}
- void CheckKeyLog() {
- std::ifstream f(keylog_file_path);
+ void ConnectAndCheck() {
+ // This is a child process, ensure that error messages immediately
+ // propagate or else it will not be visible.
+ ::testing::GTEST_FLAG(throw_on_failure) = true;
+
+ if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+ SetupForZeroRtt();
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ ZeroRttSendReceive(true, true);
+ Handshake();
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+ SendReceive();
+ } else {
+ Connect();
+ }
+ CheckKeyLog();
+ _exit(0);
+ }
+};
+
+class KeyLogFileTest : public KeyLogFileTestBase {
+ public:
+ KeyLogFileTest() : KeyLogFileTestBase(kKeylogSetEnv) {}
+
+ void CheckKeyLog() override {
+ std::ifstream f(kKeylogFilePath);
std::map<std::string, size_t> labels;
std::set<std::string> client_randoms;
for (std::string line; std::getline(f, line);) {
@@ -65,28 +102,6 @@ class KeyLogFileTest : public TlsConnectGeneric {
ASSERT_EQ(4U, labels["EXPORTER_SECRET"]);
}
}
-
- void ConnectAndCheck() {
- // This is a child process, ensure that error messages immediately
- // propagate or else it will not be visible.
- ::testing::GTEST_FLAG(throw_on_failure) = true;
-
- if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
- SetupForZeroRtt();
- client_->Set0RttEnabled(true);
- server_->Set0RttEnabled(true);
- ExpectResumption(RESUME_TICKET);
- ZeroRttSendReceive(true, true);
- Handshake();
- ExpectEarlyDataAccepted(true);
- CheckConnected();
- SendReceive();
- } else {
- Connect();
- }
- CheckKeyLog();
- _exit(0);
- }
};
// Tests are run in a separate process to ensure that NSS is not initialized yet
@@ -113,6 +128,37 @@ INSTANTIATE_TEST_CASE_P(
TlsConnectTestBase::kTlsV13));
#endif
-} // namespace nss_test
+class KeyLogFileUnsetTest : public KeyLogFileTestBase {
+ public:
+ KeyLogFileUnsetTest() : KeyLogFileTestBase(kKeylogBlankEnv) {}
+
+ void CheckKeyLog() override {
+ std::ifstream f(kKeylogFilePath);
+ EXPECT_FALSE(f.good());
+
+ EXPECT_EQ(nullptr, ssl_keylog_iob);
+ }
+};
+
+TEST_P(KeyLogFileUnsetTest, KeyLogFile) {
+ testing::GTEST_FLAG(death_test_style) = "threadsafe";
+
+ ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), "");
+}
-#endif // NSS_ALLOW_SSLKEYLOGFILE
+INSTANTIATE_TEST_CASE_P(
+ KeyLogFileDTLS12, KeyLogFileUnsetTest,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
+ TlsConnectTestBase::kTlsV11V12));
+INSTANTIATE_TEST_CASE_P(
+ KeyLogFileTLS12, KeyLogFileUnsetTest,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
+ TlsConnectTestBase::kTlsV10ToV12));
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(
+ KeyLogFileTLS13, KeyLogFileUnsetTest,
+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
+ TlsConnectTestBase::kTlsV13));
+#endif
+
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
index d6ac99a58..b921d2c1e 100644
--- a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc
@@ -33,6 +33,37 @@ TEST_F(TlsConnectTest, KeyUpdateClient) {
CheckEpochs(4, 3);
}
+TEST_F(TlsConnectStreamTls13, KeyUpdateTooEarly_Client) {
+ StartConnect();
+ auto filter = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>(
+ server_, kTlsHandshakeFinished, kTlsHandshakeKeyUpdate);
+ filter->EnableDecryption();
+
+ client_->Handshake();
+ server_->Handshake();
+ ExpectAlert(client_, kTlsAlertUnexpectedMessage);
+ client_->Handshake();
+ client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE);
+ server_->Handshake();
+ server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13, KeyUpdateTooEarly_Server) {
+ StartConnect();
+ auto filter = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>(
+ client_, kTlsHandshakeFinished, kTlsHandshakeKeyUpdate);
+ filter->EnableDecryption();
+
+ client_->Handshake();
+ server_->Handshake();
+ client_->Handshake();
+ ExpectAlert(server_, kTlsAlertUnexpectedMessage);
+ server_->Handshake();
+ server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE);
+ client_->Handshake();
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+}
+
TEST_F(TlsConnectTest, KeyUpdateClientRequestUpdate) {
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
Connect();
diff --git a/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc
new file mode 100644
index 000000000..66ecdeb12
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc
@@ -0,0 +1,218 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+
+#include "keyhi.h"
+#include "pk11pub.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslexp.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "nss_scoped_ptrs.h"
+#include "scoped_ptrs_ssl.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+// From tls_hkdf_unittest.cc:
+extern size_t GetHashLength(SSLHashType ht);
+
+class AeadTest : public ::testing::Test {
+ public:
+ AeadTest() : slot_(PK11_GetInternalSlot()) {}
+
+ void InitSecret(SSLHashType hash_type) {
+ static const uint8_t kData[64] = {'s', 'e', 'c', 'r', 'e', 't'};
+ SECItem key_item = {siBuffer, const_cast<uint8_t *>(kData),
+ static_cast<unsigned int>(GetHashLength(hash_type))};
+ PK11SymKey *s =
+ PK11_ImportSymKey(slot_.get(), CKM_SSL3_MASTER_KEY_DERIVE,
+ PK11_OriginUnwrap, CKA_DERIVE, &key_item, NULL);
+ ASSERT_NE(nullptr, s);
+ secret_.reset(s);
+ }
+
+ void SetUp() override {
+ InitSecret(ssl_hash_sha256);
+ PORT_SetError(0);
+ }
+
+ protected:
+ static void EncryptDecrypt(const ScopedSSLAeadContext &ctx,
+ const uint8_t *ciphertext, size_t ciphertext_len) {
+ static const uint8_t kAad[] = {'a', 'a', 'd'};
+ static const uint8_t kPlaintext[] = {'t', 'e', 'x', 't'};
+ static const size_t kMaxSize = 32;
+
+ ASSERT_GE(kMaxSize, ciphertext_len);
+ ASSERT_LT(0U, ciphertext_len);
+
+ uint8_t output[kMaxSize];
+ unsigned int output_len = 0;
+ EXPECT_EQ(SECSuccess, SSL_AeadEncrypt(ctx.get(), 0, kAad, sizeof(kAad),
+ kPlaintext, sizeof(kPlaintext),
+ output, &output_len, sizeof(output)));
+ ASSERT_EQ(ciphertext_len, static_cast<size_t>(output_len));
+ EXPECT_EQ(0, memcmp(ciphertext, output, ciphertext_len));
+
+ memset(output, 0, sizeof(output));
+ EXPECT_EQ(SECSuccess, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad),
+ ciphertext, ciphertext_len, output,
+ &output_len, sizeof(output)));
+ ASSERT_EQ(sizeof(kPlaintext), static_cast<size_t>(output_len));
+ EXPECT_EQ(0, memcmp(kPlaintext, output, sizeof(kPlaintext)));
+
+ // Now for some tests of decryption failure.
+ // Truncate the input.
+ EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad),
+ ciphertext, ciphertext_len - 1,
+ output, &output_len, sizeof(output)));
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+
+ // Skip the first byte of the AAD.
+ EXPECT_EQ(
+ SECFailure,
+ SSL_AeadDecrypt(ctx.get(), 0, kAad + 1, sizeof(kAad) - 1, ciphertext,
+ ciphertext_len, output, &output_len, sizeof(output)));
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+
+ uint8_t input[kMaxSize] = {0};
+ // Toggle a byte of the input.
+ memcpy(input, ciphertext, ciphertext_len);
+ input[0] ^= 9;
+ EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad),
+ input, ciphertext_len, output,
+ &output_len, sizeof(output)));
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+
+ // Toggle the last byte (the auth tag).
+ memcpy(input, ciphertext, ciphertext_len);
+ input[ciphertext_len - 1] ^= 77;
+ EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad),
+ input, ciphertext_len, output,
+ &output_len, sizeof(output)));
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+
+ // Toggle some of the AAD.
+ memcpy(input, kAad, sizeof(kAad));
+ input[1] ^= 23;
+ EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, input, sizeof(kAad),
+ ciphertext, ciphertext_len, output,
+ &output_len, sizeof(output)));
+ EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+ }
+
+ protected:
+ ScopedPK11SymKey secret_;
+
+ private:
+ ScopedPK11SlotInfo slot_;
+};
+
+// These tests all use fixed inputs: a fixed secret, a fixed label, and fixed
+// inputs. So they have fixed outputs.
+static const char *kLabel = "test ";
+static const uint8_t kCiphertextAes128Gcm[] = {
+ 0x11, 0x14, 0xfc, 0x58, 0x4f, 0x44, 0xff, 0x8c, 0xb6, 0xd8,
+ 0x20, 0xb3, 0xfb, 0x50, 0xd9, 0x3b, 0xd4, 0xc6, 0xe1, 0x14};
+static const uint8_t kCiphertextAes256Gcm[] = {
+ 0xf7, 0x27, 0x35, 0x80, 0x88, 0xaf, 0x99, 0x85, 0xf2, 0x83,
+ 0xca, 0xbb, 0x95, 0x42, 0x09, 0x3f, 0x9c, 0xf3, 0x29, 0xf0};
+static const uint8_t kCiphertextChaCha20Poly1305[] = {
+ 0x4e, 0x89, 0x2c, 0xfa, 0xfc, 0x8c, 0x40, 0x55, 0x6d, 0x7e,
+ 0x99, 0xac, 0x8e, 0x54, 0x58, 0xb1, 0x18, 0xd2, 0x66, 0x22};
+
+TEST_F(AeadTest, AeadBadVersion) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
+ secret_.get(), kLabel, strlen(kLabel), &ctx));
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadUnsupportedCipher) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_MD5,
+ secret_.get(), kLabel, strlen(kLabel), &ctx));
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadOlderCipher) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(
+ SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_AES_128_CBC_SHA,
+ secret_.get(), kLabel, strlen(kLabel), &ctx));
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadNoLabel) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256,
+ secret_.get(), nullptr, 12, &ctx));
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadLongLabel) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256,
+ secret_.get(), "", 254, &ctx));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadNoPointer) {
+ SSLAeadContext *ctx = nullptr;
+ ASSERT_EQ(SECFailure,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256,
+ secret_.get(), kLabel, strlen(kLabel), nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ EXPECT_EQ(nullptr, ctx);
+}
+
+TEST_F(AeadTest, AeadAes128Gcm) {
+ SSLAeadContext *ctxInit;
+ ASSERT_EQ(SECSuccess,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256,
+ secret_.get(), kLabel, strlen(kLabel), &ctxInit));
+ ScopedSSLAeadContext ctx(ctxInit);
+ EXPECT_NE(nullptr, ctx);
+
+ EncryptDecrypt(ctx, kCiphertextAes128Gcm, sizeof(kCiphertextAes128Gcm));
+}
+
+TEST_F(AeadTest, AeadAes256Gcm) {
+ SSLAeadContext *ctxInit = nullptr;
+ ASSERT_EQ(SECSuccess,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_256_GCM_SHA384,
+ secret_.get(), kLabel, strlen(kLabel), &ctxInit));
+ ScopedSSLAeadContext ctx(ctxInit);
+ EXPECT_NE(nullptr, ctx);
+
+ EncryptDecrypt(ctx, kCiphertextAes256Gcm, sizeof(kCiphertextAes256Gcm));
+}
+
+TEST_F(AeadTest, AeadChaCha20Poly1305) {
+ SSLAeadContext *ctxInit;
+ ASSERT_EQ(
+ SECSuccess,
+ SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_CHACHA20_POLY1305_SHA256,
+ secret_.get(), kLabel, strlen(kLabel), &ctxInit));
+ ScopedSSLAeadContext ctx(ctxInit);
+ EXPECT_NE(nullptr, ctx);
+
+ EncryptDecrypt(ctx, kCiphertextChaCha20Poly1305,
+ sizeof(kCiphertextChaCha20Poly1305));
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
index f1e85e898..86783b86e 100644
--- a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc
@@ -205,6 +205,42 @@ TEST_F(TlsConnectDatagram13, ShortHeadersServer) {
SendReceive();
}
+TEST_F(TlsConnectStreamTls13, UnencryptedFinishedMessage) {
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+ server_->Handshake(); // Send first server flight
+
+ // Record and drop the first record, which is the Finished.
+ auto recorder = std::make_shared<TlsRecordRecorder>(client_);
+ recorder->EnableDecryption();
+ auto dropper = std::make_shared<SelectiveDropFilter>(1);
+ client_->SetFilter(std::make_shared<ChainedPacketFilter>(
+ ChainedPacketFilterInit({recorder, dropper})));
+ client_->Handshake(); // Save and drop CFIN.
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+ ASSERT_EQ(1U, recorder->count());
+ auto& finished = recorder->record(0);
+
+ DataBuffer d;
+ size_t offset = d.Write(0, ssl_ct_handshake, 1);
+ offset = d.Write(offset, SSL_LIBRARY_VERSION_TLS_1_2, 2);
+ offset = d.Write(offset, finished.buffer.len(), 2);
+ d.Append(finished.buffer);
+ client_->SendDirect(d);
+
+ // Now process the message.
+ ExpectAlert(server_, kTlsAlertUnexpectedMessage);
+ // The server should generate an alert.
+ server_->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state());
+ server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE);
+ // Have the client consume the alert.
+ client_->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+}
+
const static size_t kContentSizesArr[] = {
1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288};
diff --git a/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc
new file mode 100644
index 000000000..393b50ffd
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc
@@ -0,0 +1,577 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include <queue>
+#include "gtest_utils.h"
+#include "nss_scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+class HandshakeSecretTracker {
+ public:
+ HandshakeSecretTracker(const std::shared_ptr<TlsAgent>& agent,
+ uint16_t first_read_epoch, uint16_t first_write_epoch)
+ : agent_(agent),
+ next_read_epoch_(first_read_epoch),
+ next_write_epoch_(first_write_epoch) {
+ EXPECT_EQ(SECSuccess,
+ SSL_SecretCallback(agent_->ssl_fd(),
+ HandshakeSecretTracker::SecretCb, this));
+ }
+
+ void CheckComplete() const {
+ EXPECT_EQ(0, next_read_epoch_);
+ EXPECT_EQ(0, next_write_epoch_);
+ }
+
+ private:
+ static void SecretCb(PRFileDesc* fd, PRUint16 epoch, SSLSecretDirection dir,
+ PK11SymKey* secret, void* arg) {
+ HandshakeSecretTracker* t = reinterpret_cast<HandshakeSecretTracker*>(arg);
+ t->SecretUpdated(epoch, dir, secret);
+ }
+
+ void SecretUpdated(PRUint16 epoch, SSLSecretDirection dir,
+ PK11SymKey* secret) {
+ if (g_ssl_gtest_verbose) {
+ std::cerr << agent_->role_str() << ": secret callback for " << dir
+ << " epoch " << epoch << std::endl;
+ }
+
+ EXPECT_TRUE(secret);
+ uint16_t* p;
+ if (dir == ssl_secret_read) {
+ p = &next_read_epoch_;
+ } else {
+ ASSERT_EQ(ssl_secret_write, dir);
+ p = &next_write_epoch_;
+ }
+ EXPECT_EQ(*p, epoch);
+ switch (*p) {
+ case 1: // 1 == 0-RTT, next should be handshake.
+ case 2: // 2 == handshake, next should be application data.
+ (*p)++;
+ break;
+
+ case 3: // 3 == application data, there should be no more.
+ // Use 0 as a sentinel value.
+ *p = 0;
+ break;
+
+ default:
+ ADD_FAILURE() << "Unexpected next epoch: " << *p;
+ }
+ }
+
+ std::shared_ptr<TlsAgent> agent_;
+ uint16_t next_read_epoch_;
+ uint16_t next_write_epoch_;
+};
+
+TEST_F(TlsConnectTest, HandshakeSecrets) {
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ EnsureTlsSetup();
+
+ HandshakeSecretTracker c(client_, 2, 2);
+ HandshakeSecretTracker s(server_, 2, 2);
+
+ Connect();
+ SendReceive();
+
+ c.CheckComplete();
+ s.CheckComplete();
+}
+
+TEST_F(TlsConnectTest, ZeroRttSecrets) {
+ SetupForZeroRtt();
+
+ HandshakeSecretTracker c(client_, 2, 1);
+ HandshakeSecretTracker s(server_, 1, 2);
+
+ client_->Set0RttEnabled(true);
+ server_->Set0RttEnabled(true);
+ ExpectResumption(RESUME_TICKET);
+ ZeroRttSendReceive(true, true);
+ Handshake();
+ ExpectEarlyDataAccepted(true);
+ CheckConnected();
+ SendReceive();
+
+ c.CheckComplete();
+ s.CheckComplete();
+}
+
+class KeyUpdateTracker {
+ public:
+ KeyUpdateTracker(const std::shared_ptr<TlsAgent>& agent,
+ bool expect_read_secret)
+ : agent_(agent), expect_read_secret_(expect_read_secret), called_(false) {
+ EXPECT_EQ(SECSuccess, SSL_SecretCallback(agent_->ssl_fd(),
+ KeyUpdateTracker::SecretCb, this));
+ }
+
+ void CheckCalled() const { EXPECT_TRUE(called_); }
+
+ private:
+ static void SecretCb(PRFileDesc* fd, PRUint16 epoch, SSLSecretDirection dir,
+ PK11SymKey* secret, void* arg) {
+ KeyUpdateTracker* t = reinterpret_cast<KeyUpdateTracker*>(arg);
+ t->SecretUpdated(epoch, dir, secret);
+ }
+
+ void SecretUpdated(PRUint16 epoch, SSLSecretDirection dir,
+ PK11SymKey* secret) {
+ EXPECT_EQ(4U, epoch);
+ EXPECT_EQ(expect_read_secret_, dir == ssl_secret_read);
+ EXPECT_TRUE(secret);
+ called_ = true;
+ }
+
+ std::shared_ptr<TlsAgent> agent_;
+ bool expect_read_secret_;
+ bool called_;
+};
+
+TEST_F(TlsConnectTest, KeyUpdateSecrets) {
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ Connect();
+ // The update is to the client write secret; the server read secret.
+ KeyUpdateTracker c(client_, false);
+ KeyUpdateTracker s(server_, true);
+ EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE));
+ SendReceive(50);
+ SendReceive(60);
+ CheckEpochs(4, 3);
+ c.CheckCalled();
+ s.CheckCalled();
+}
+
+// BadPrSocket is an instance of a PR IO layer that crashes the test if it is
+// ever used for reading or writing. It does that by failing to overwrite any
+// of the DummyIOLayerMethods, which all crash when invoked.
+class BadPrSocket : public DummyIOLayerMethods {
+ public:
+ BadPrSocket(std::shared_ptr<TlsAgent>& agent) : DummyIOLayerMethods() {
+ static PRDescIdentity bad_identity = PR_GetUniqueIdentity("bad NSPR id");
+ fd_ = DummyIOLayerMethods::CreateFD(bad_identity, this);
+
+ // This is terrible, but NSPR doesn't provide an easy way to replace the
+ // bottom layer of an IO stack. Take the DummyPrSocket and replace its
+ // NSPR method vtable with the ones from this object.
+ dummy_layer_ =
+ PR_GetIdentitiesLayer(agent->ssl_fd(), DummyPrSocket::LayerId());
+ EXPECT_TRUE(dummy_layer_);
+ original_methods_ = dummy_layer_->methods;
+ original_secret_ = dummy_layer_->secret;
+ dummy_layer_->methods = fd_->methods;
+ dummy_layer_->secret = reinterpret_cast<PRFilePrivate*>(this);
+ }
+
+ // This will be destroyed before the agent, so we need to restore the state
+ // before we tampered with it.
+ virtual ~BadPrSocket() {
+ dummy_layer_->methods = original_methods_;
+ dummy_layer_->secret = original_secret_;
+ }
+
+ private:
+ ScopedPRFileDesc fd_;
+ PRFileDesc* dummy_layer_;
+ const PRIOMethods* original_methods_;
+ PRFilePrivate* original_secret_;
+};
+
+class StagedRecords {
+ public:
+ StagedRecords(std::shared_ptr<TlsAgent>& agent) : agent_(agent), records_() {
+ EXPECT_EQ(SECSuccess,
+ SSL_RecordLayerWriteCallback(
+ agent_->ssl_fd(), StagedRecords::StageRecordData, this));
+ }
+
+ virtual ~StagedRecords() {
+ // Uninstall so that the callback doesn't fire during cleanup.
+ EXPECT_EQ(SECSuccess,
+ SSL_RecordLayerWriteCallback(agent_->ssl_fd(), nullptr, nullptr));
+ }
+
+ bool empty() const { return records_.empty(); }
+
+ void ForwardAll(std::shared_ptr<TlsAgent>& peer) {
+ EXPECT_NE(agent_, peer) << "can't forward to self";
+ for (auto r : records_) {
+ r.Forward(peer);
+ }
+ records_.clear();
+ }
+
+ // This forwards all saved data and checks the resulting state.
+ void ForwardAll(std::shared_ptr<TlsAgent>& peer,
+ TlsAgent::State expected_state) {
+ ForwardAll(peer);
+ switch (expected_state) {
+ case TlsAgent::STATE_CONNECTED:
+ // The handshake callback should have been called, so check that before
+ // checking that SSL_ForceHandshake succeeds.
+ EXPECT_EQ(expected_state, peer->state());
+ EXPECT_EQ(SECSuccess, SSL_ForceHandshake(peer->ssl_fd()));
+ break;
+
+ case TlsAgent::STATE_CONNECTING:
+ // Check that SSL_ForceHandshake() blocks.
+ EXPECT_EQ(SECFailure, SSL_ForceHandshake(peer->ssl_fd()));
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+ // Update and check the state.
+ peer->Handshake();
+ EXPECT_EQ(TlsAgent::STATE_CONNECTING, peer->state());
+ break;
+
+ default:
+ ADD_FAILURE() << "No idea how to handle this state";
+ }
+ }
+
+ void ForwardPartial(std::shared_ptr<TlsAgent>& peer) {
+ if (records_.empty()) {
+ ADD_FAILURE() << "No records to slice";
+ return;
+ }
+ auto& last = records_.back();
+ auto tail = last.SliceTail();
+ ForwardAll(peer, TlsAgent::STATE_CONNECTING);
+ records_.push_back(tail);
+ EXPECT_EQ(TlsAgent::STATE_CONNECTING, peer->state());
+ }
+
+ private:
+ // A single record.
+ class StagedRecord {
+ public:
+ StagedRecord(const std::string role, uint16_t epoch, SSLContentType ct,
+ const uint8_t* data, size_t len)
+ : role_(role), epoch_(epoch), content_type_(ct), data_(data, len) {
+ if (g_ssl_gtest_verbose) {
+ std::cerr << role_ << ": staged epoch " << epoch_ << " "
+ << content_type_ << ": " << data_ << std::endl;
+ }
+ }
+
+ // This forwards staged data to the identified agent.
+ void Forward(std::shared_ptr<TlsAgent>& peer) {
+ // Now there should be staged data.
+ EXPECT_FALSE(data_.empty());
+ if (g_ssl_gtest_verbose) {
+ std::cerr << role_ << ": forward " << data_ << std::endl;
+ }
+ EXPECT_EQ(SECSuccess,
+ SSL_RecordLayerData(peer->ssl_fd(), epoch_, content_type_,
+ data_.data(),
+ static_cast<unsigned int>(data_.len())));
+ }
+
+ // Slices the tail off this record and returns it.
+ StagedRecord SliceTail() {
+ size_t slice = 1;
+ if (data_.len() <= slice) {
+ ADD_FAILURE() << "record too small to slice in two";
+ slice = 0;
+ }
+ size_t keep = data_.len() - slice;
+ StagedRecord tail(role_, epoch_, content_type_, data_.data() + keep,
+ slice);
+ data_.Truncate(keep);
+ return tail;
+ }
+
+ private:
+ std::string role_;
+ uint16_t epoch_;
+ SSLContentType content_type_;
+ DataBuffer data_;
+ };
+
+ // This is an SSLRecordWriteCallback that stages data.
+ static SECStatus StageRecordData(PRFileDesc* fd, PRUint16 epoch,
+ SSLContentType content_type,
+ const PRUint8* data, unsigned int len,
+ void* arg) {
+ auto stage = reinterpret_cast<StagedRecords*>(arg);
+ stage->records_.push_back(StagedRecord(stage->agent_->role_str(), epoch,
+ content_type, data,
+ static_cast<size_t>(len)));
+ return SECSuccess;
+ }
+
+ std::shared_ptr<TlsAgent>& agent_;
+ std::deque<StagedRecord> records_;
+};
+
+// Attempting to feed application data in before the handshake is complete
+// should be caught.
+static void RefuseApplicationData(std::shared_ptr<TlsAgent>& peer,
+ uint16_t epoch) {
+ static const uint8_t d[] = {1, 2, 3};
+ EXPECT_EQ(SECFailure,
+ SSL_RecordLayerData(peer->ssl_fd(), epoch, ssl_ct_application_data,
+ d, static_cast<unsigned int>(sizeof(d))));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+}
+
+static void SendForwardReceive(std::shared_ptr<TlsAgent>& sender,
+ StagedRecords& sender_stage,
+ std::shared_ptr<TlsAgent>& receiver) {
+ const size_t count = 10;
+ sender->SendData(count, count);
+ sender_stage.ForwardAll(receiver);
+ receiver->ReadBytes(count);
+}
+
+TEST_P(TlsConnectStream, ReplaceRecordLayer) {
+ StartConnect();
+ client_->SetServerKeyBits(server_->server_key_bits());
+
+ // BadPrSocket installs an IO layer that crashes when the SSL layer attempts
+ // to read or write.
+ BadPrSocket bad_layer_client(client_);
+ BadPrSocket bad_layer_server(server_);
+
+ // StagedRecords installs a handler for unprotected data from the socket, and
+ // captures that data.
+ StagedRecords client_stage(client_);
+ StagedRecords server_stage(server_);
+
+ // Both peers should refuse application data from epoch 0.
+ RefuseApplicationData(client_, 0);
+ RefuseApplicationData(server_, 0);
+
+ // This first call forwards nothing, but it causes the client to handshake,
+ // which starts things off. This stages the ClientHello as a result.
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+ // This processes the ClientHello and stages the first server flight.
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING);
+ RefuseApplicationData(server_, 1);
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ // Process the server flight and the client is done.
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ } else {
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+ RefuseApplicationData(client_, 1);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED);
+ }
+ CheckKeys();
+
+ // Reading and writing application data should work.
+ SendForwardReceive(client_, client_stage, server_);
+ SendForwardReceive(server_, server_stage, client_);
+}
+
+static SECStatus AuthCompleteBlock(TlsAgent*, PRBool, PRBool) {
+ return SECWouldBlock;
+}
+
+TEST_P(TlsConnectStream, ReplaceRecordLayerAsyncLateAuth) {
+ StartConnect();
+ client_->SetServerKeyBits(server_->server_key_bits());
+
+ BadPrSocket bad_layer_client(client_);
+ BadPrSocket bad_layer_server(server_);
+ StagedRecords client_stage(client_);
+ StagedRecords server_stage(server_);
+
+ client_->SetAuthCertificateCallback(AuthCompleteBlock);
+
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING);
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+
+ // Prior to TLS 1.3, the client sends its second flight immediately. But in
+ // TLS 1.3, a client won't send a Finished until it is happy with the server
+ // certificate. So blocking certificate validation causes the client to send
+ // nothing.
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ ASSERT_TRUE(client_stage.empty());
+
+ // Client should have stopped reading when it saw the Certificate message,
+ // so it will be reading handshake epoch, and writing cleartext.
+ client_->CheckEpochs(2, 0);
+ // Server should be reading handshake, and writing application data.
+ server_->CheckEpochs(2, 3);
+
+ // Handshake again and the client will read the remainder of the server's
+ // flight, but it will remain blocked.
+ client_->Handshake();
+ ASSERT_TRUE(client_stage.empty());
+ EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+ } else {
+ // In prior versions, the client's second flight is always sent.
+ ASSERT_FALSE(client_stage.empty());
+ }
+
+ // Now declare the certificate good.
+ EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+ client_->Handshake();
+ ASSERT_FALSE(client_stage.empty());
+
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ } else {
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED);
+ }
+ CheckKeys();
+
+ // Reading and writing application data should work.
+ SendForwardReceive(client_, client_stage, server_);
+}
+
+TEST_F(TlsConnectStreamTls13, ReplaceRecordLayerAsyncPostHandshake) {
+ StartConnect();
+ client_->SetServerKeyBits(server_->server_key_bits());
+
+ BadPrSocket bad_layer_client(client_);
+ BadPrSocket bad_layer_server(server_);
+ StagedRecords client_stage(client_);
+ StagedRecords server_stage(server_);
+
+ client_->SetAuthCertificateCallback(AuthCompleteBlock);
+
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING);
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+
+ ASSERT_TRUE(client_stage.empty());
+ client_->Handshake();
+ ASSERT_TRUE(client_stage.empty());
+ EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+
+ // Now declare the certificate good.
+ EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+ client_->Handshake();
+ ASSERT_FALSE(client_stage.empty());
+
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ } else {
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED);
+ }
+ CheckKeys();
+
+ // Reading and writing application data should work.
+ SendForwardReceive(client_, client_stage, server_);
+
+ // Post-handshake messages should work here.
+ EXPECT_EQ(SECSuccess, SSL_SendSessionTicket(server_->ssl_fd(), nullptr, 0));
+ SendForwardReceive(server_, server_stage, client_);
+}
+
+// This test ensures that data is correctly forwarded when the handshake is
+// resumed after asynchronous server certificate authentication, when
+// SSL_AuthCertificateComplete() is called. The logic for resuming the
+// handshake involves a different code path than the usual one, so this test
+// exercises that code fully.
+TEST_F(TlsConnectStreamTls13, ReplaceRecordLayerAsyncEarlyAuth) {
+ StartConnect();
+ client_->SetServerKeyBits(server_->server_key_bits());
+
+ BadPrSocket bad_layer_client(client_);
+ BadPrSocket bad_layer_server(server_);
+ StagedRecords client_stage(client_);
+ StagedRecords server_stage(server_);
+
+ client_->SetAuthCertificateCallback(AuthCompleteBlock);
+
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING);
+
+ // Send a partial flight on to the client.
+ // This includes enough to trigger the certificate callback.
+ server_stage.ForwardPartial(client_);
+ EXPECT_TRUE(client_stage.empty());
+
+ // Declare the certificate good.
+ EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+ client_->Handshake();
+ EXPECT_TRUE(client_stage.empty());
+
+ // Send the remainder of the server flight.
+ PRBool pending = PR_FALSE;
+ EXPECT_EQ(SECSuccess,
+ SSLInt_HasPendingHandshakeData(client_->ssl_fd(), &pending));
+ EXPECT_EQ(PR_TRUE, pending);
+ EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+ server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED);
+ client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED);
+ CheckKeys();
+
+ SendForwardReceive(server_, server_stage, client_);
+}
+
+TEST_P(TlsConnectStream, ForwardDataFromWrongEpoch) {
+ const uint8_t data[] = {1};
+ Connect();
+ uint16_t next_epoch;
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ EXPECT_EQ(SECFailure,
+ SSL_RecordLayerData(client_->ssl_fd(), 2, ssl_ct_application_data,
+ data, sizeof(data)));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError())
+ << "Passing data from an old epoch is rejected";
+ next_epoch = 4;
+ } else {
+ // Prior to TLS 1.3, the epoch is only updated once during the handshake.
+ next_epoch = 2;
+ }
+ EXPECT_EQ(SECFailure,
+ SSL_RecordLayerData(client_->ssl_fd(), next_epoch,
+ ssl_ct_application_data, data, sizeof(data)));
+ EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError())
+ << "Passing data from a future epoch blocks";
+}
+
+TEST_F(TlsConnectStreamTls13, ForwardInvalidData) {
+ const uint8_t data[1] = {0};
+
+ EnsureTlsSetup();
+ // Zero-length data.
+ EXPECT_EQ(SECFailure, SSL_RecordLayerData(client_->ssl_fd(), 0,
+ ssl_ct_application_data, data, 0));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // NULL data.
+ EXPECT_EQ(SECFailure,
+ SSL_RecordLayerData(client_->ssl_fd(), 0, ssl_ct_application_data,
+ nullptr, 1));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+}
+
+TEST_F(TlsConnectDatagram13, ForwardDataDtls) {
+ EnsureTlsSetup();
+ const uint8_t data[1] = {0};
+ EXPECT_EQ(SECFailure,
+ SSL_RecordLayerData(client_->ssl_fd(), 0, ssl_ct_application_data,
+ data, sizeof(data)));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc
index 0a54ae1a8..f2003a358 100644
--- a/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc
@@ -123,9 +123,11 @@ TEST_P(TlsConnectGeneric, RecordSizeMaximum) {
EnsureTlsSetup();
auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_);
- client_max->EnableDecryption();
auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_);
- server_max->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ client_max->EnableDecryption();
+ server_max->EnableDecryption();
+ }
Connect();
client_->SendData(send_size, send_size);
@@ -140,7 +142,9 @@ TEST_P(TlsConnectGeneric, RecordSizeMaximum) {
TEST_P(TlsConnectGeneric, RecordSizeMinimumClient) {
EnsureTlsSetup();
auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_);
- server_max->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ server_max->EnableDecryption();
+ }
client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64);
Connect();
@@ -152,7 +156,9 @@ TEST_P(TlsConnectGeneric, RecordSizeMinimumClient) {
TEST_P(TlsConnectGeneric, RecordSizeMinimumServer) {
EnsureTlsSetup();
auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_);
- client_max->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ client_max->EnableDecryption();
+ }
server_->SetOption(SSL_RECORD_SIZE_LIMIT, 64);
Connect();
@@ -164,9 +170,11 @@ TEST_P(TlsConnectGeneric, RecordSizeMinimumServer) {
TEST_P(TlsConnectGeneric, RecordSizeAsymmetric) {
EnsureTlsSetup();
auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_);
- client_max->EnableDecryption();
auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_);
- server_max->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ client_max->EnableDecryption();
+ server_max->EnableDecryption();
+ }
client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64);
server_->SetOption(SSL_RECORD_SIZE_LIMIT, 100);
@@ -222,14 +230,15 @@ TEST_P(TlsConnectTls13, RecordSizePlaintextExceed) {
// Tweak the ciphertext of server records so that they greatly exceed the limit.
// This requires a much larger expansion than for plaintext to trigger the
-// guard, which runs before decryption (current allowance is 304 octets).
+// guard, which runs before decryption (current allowance is 320 octets,
+// see MAX_EXPANSION in ssl3con.c).
TEST_P(TlsConnectTls13, RecordSizeCiphertextExceed) {
EnsureTlsSetup();
client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64);
Connect();
- auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 320);
+ auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 336);
server_->SendData(100);
client_->ExpectReadWriteError();
@@ -256,9 +265,11 @@ class TlsRecordPadder : public TlsRecordFilter {
return KEEP;
}
+ uint16_t protection_epoch;
uint8_t inner_content_type;
DataBuffer plaintext;
- if (!Unprotect(header, record, &inner_content_type, &plaintext)) {
+ if (!Unprotect(header, record, &protection_epoch, &inner_content_type,
+ &plaintext)) {
return KEEP;
}
@@ -267,8 +278,8 @@ class TlsRecordPadder : public TlsRecordFilter {
}
DataBuffer ciphertext;
- bool ok =
- Protect(header, inner_content_type, plaintext, &ciphertext, padding_);
+ bool ok = Protect(spec(protection_epoch), header, inner_content_type,
+ plaintext, &ciphertext, padding_);
EXPECT_TRUE(ok);
if (!ok) {
return KEEP;
@@ -334,7 +345,9 @@ TEST_P(TlsConnectGeneric, RecordSizeCapExtensionClient) {
client_->SetOption(SSL_RECORD_SIZE_LIMIT, 16385);
auto capture =
MakeTlsFilter<TlsExtensionCapture>(client_, ssl_record_size_limit_xtn);
- capture->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ capture->EnableDecryption();
+ }
Connect();
uint64_t val = 0;
@@ -352,7 +365,9 @@ TEST_P(TlsConnectGeneric, RecordSizeCapExtensionServer) {
server_->SetOption(SSL_RECORD_SIZE_LIMIT, 16385);
auto capture =
MakeTlsFilter<TlsExtensionCapture>(server_, ssl_record_size_limit_xtn);
- capture->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ capture->EnableDecryption();
+ }
Connect();
uint64_t val = 0;
@@ -393,10 +408,24 @@ TEST_P(TlsConnectGeneric, RecordSizeServerExtensionInvalid) {
static const uint8_t v[] = {0xf4, 0x1f};
auto replace = MakeTlsFilter<TlsExtensionReplacer>(
server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v)));
- replace->EnableDecryption();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ replace->EnableDecryption();
+ }
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
}
+TEST_P(TlsConnectGeneric, RecordSizeServerExtensionExtra) {
+ EnsureTlsSetup();
+ server_->SetOption(SSL_RECORD_SIZE_LIMIT, 1000);
+ static const uint8_t v[] = {0x01, 0x00, 0x00};
+ auto replace = MakeTlsFilter<TlsExtensionReplacer>(
+ server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v)));
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ replace->EnableDecryption();
+ }
+ ConnectExpectAlert(client_, kTlsAlertDecodeError);
+}
+
class RecordSizeDefaultsTest : public ::testing::Test {
public:
void SetUp() {
diff --git a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
index a902a5f7f..072a1836c 100644
--- a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc
@@ -11,6 +11,11 @@
#include "sslerr.h"
#include "sslproto.h"
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
#include "gtest_utils.h"
#include "tls_connect.h"
@@ -34,6 +39,24 @@ TEST_P(TlsConnectStreamPre13, RenegotiateServer) {
CheckConnected();
}
+TEST_P(TlsConnectStreamPre13, RenegotiateRandoms) {
+ SSL3Random crand1, crand2, srand1, srand2;
+ Connect();
+ EXPECT_EQ(SECSuccess,
+ SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand1, srand1));
+
+ // Renegotiate and check that both randoms have changed.
+ client_->PrepareForRenegotiate();
+ server_->StartRenegotiate();
+ Handshake();
+ CheckConnected();
+ EXPECT_EQ(SECSuccess,
+ SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand2, srand2));
+
+ EXPECT_NE(0, memcmp(crand1, crand2, sizeof(SSL3Random)));
+ EXPECT_NE(0, memcmp(srand1, srand2, sizeof(SSL3Random)));
+}
+
// The renegotiation options shouldn't cause an error if TLS 1.3 is chosen.
TEST_F(TlsConnectTest, RenegotiationConfigTls13) {
EnsureTlsSetup();
diff --git a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
index 264bde67f..bfc3ccfeb 100644
--- a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
@@ -325,14 +325,17 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) {
SendReceive();
}
+// Tickets last two days maximum; this is a time longer than that.
+static const PRTime kLongerThanTicketLifetime =
+ 3LL * 24 * 60 * 60 * PR_USEC_PER_SEC;
+
TEST_P(TlsConnectGenericResumption, ConnectWithExpiredTicketAtClient) {
- SSLInt_SetTicketLifetime(1); // one second
// This causes a ticket resumption.
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
Connect();
SendReceive();
- WAIT_(false, 1000);
+ AdvanceTime(kLongerThanTicketLifetime);
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
@@ -354,7 +357,6 @@ TEST_P(TlsConnectGenericResumption, ConnectWithExpiredTicketAtClient) {
}
TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) {
- SSLInt_SetTicketLifetime(1); // one second
// This causes a ticket resumption.
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
Connect();
@@ -373,7 +375,7 @@ TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) {
EXPECT_TRUE(capture->captured());
EXPECT_LT(0U, capture->extension().len());
- WAIT_(false, 1000); // Let the ticket expire on the server.
+ AdvanceTime(kLongerThanTicketLifetime);
Handshake();
CheckConnected();
@@ -421,6 +423,7 @@ static int32_t SwitchCertificates(TlsAgent* agent, const SECItem* srvNameArr,
TEST_P(TlsConnectGeneric, ServerSNICertSwitch) {
Connect();
ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
Reset();
ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
@@ -429,6 +432,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertSwitch) {
Connect();
ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
CheckKeys();
EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
}
@@ -437,6 +441,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) {
Reset(TlsAgent::kServerEcdsa256);
Connect();
ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
Reset();
ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
@@ -447,6 +452,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) {
Connect();
ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
}
@@ -531,6 +537,7 @@ TEST_P(TlsConnectTls13, TestTls13ResumeNoCertificateRequest) {
Connect();
SendReceive(); // Need to read so that we absorb the session ticket.
ScopedCERTCertificate cert1(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
@@ -546,6 +553,7 @@ TEST_P(TlsConnectTls13, TestTls13ResumeNoCertificateRequest) {
// Sanity check whether the client certificate matches the one
// decrypted from ticket.
ScopedCERTCertificate cert2(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
}
@@ -561,6 +569,7 @@ TEST_P(TlsConnectTls13, WriteBeforeHandshakeCompleteOnResumption) {
Connect();
SendReceive(); // Absorb the session ticket.
ScopedCERTCertificate cert1(SSL_LocalCertificate(client_->ssl_fd()));
+ ASSERT_NE(nullptr, cert1.get());
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
@@ -577,6 +586,7 @@ TEST_P(TlsConnectTls13, WriteBeforeHandshakeCompleteOnResumption) {
// Check whether the client certificate matches the one from the ticket.
ScopedCERTCertificate cert2(SSL_PeerCertificate(server_->ssl_fd()));
+ ASSERT_NE(nullptr, cert2.get());
EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
}
@@ -589,15 +599,17 @@ static uint16_t ChooseOneCipher(uint16_t version) {
return TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
}
-static uint16_t ChooseAnotherCipher(uint16_t version) {
+static uint16_t ChooseIncompatibleCipher(uint16_t version) {
if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
return TLS_AES_256_GCM_SHA384;
}
return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
}
-// Test that we don't resume when we can't negotiate the same cipher.
-TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) {
+// Test that we don't resume when we can't negotiate the same cipher. Note that
+// for TLS 1.3, resumption is allowed between compatible ciphers, that is those
+// with the same KDF hash, but we choose an incompatible one here.
+TEST_P(TlsConnectGenericResumption, ResumeClientIncompatibleCipher) {
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
client_->EnableSingleCipher(ChooseOneCipher(version_));
Connect();
@@ -607,7 +619,7 @@ TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) {
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
ExpectResumption(RESUME_NONE);
- client_->EnableSingleCipher(ChooseAnotherCipher(version_));
+ client_->EnableSingleCipher(ChooseIncompatibleCipher(version_));
uint16_t ticket_extension;
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
ticket_extension = ssl_tls13_pre_shared_key_xtn;
@@ -622,24 +634,24 @@ TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) {
}
// Test that we don't resume when we can't negotiate the same cipher.
-TEST_P(TlsConnectGenericResumption, TestResumeServerDifferentCipher) {
+TEST_P(TlsConnectGenericResumption, ResumeServerIncompatibleCipher) {
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
server_->EnableSingleCipher(ChooseOneCipher(version_));
Connect();
- SendReceive(); // Need to read so that we absorb the session ticket.
+ SendReceive(); // Absorb the session ticket.
CheckKeys();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
ExpectResumption(RESUME_NONE);
- server_->EnableSingleCipher(ChooseAnotherCipher(version_));
+ server_->EnableSingleCipher(ChooseIncompatibleCipher(version_));
Connect();
CheckKeys();
}
// Test that the client doesn't tolerate the server picking a different cipher
// suite for resumption.
-TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
+TEST_P(TlsConnectStream, ResumptionOverrideCipher) {
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
server_->EnableSingleCipher(ChooseOneCipher(version_));
Connect();
@@ -648,8 +660,8 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
- MakeTlsFilter<SelectedCipherSuiteReplacer>(server_,
- ChooseAnotherCipher(version_));
+ MakeTlsFilter<SelectedCipherSuiteReplacer>(
+ server_, ChooseIncompatibleCipher(version_));
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
@@ -668,6 +680,38 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
}
}
+// In TLS 1.3, it is possible to resume with a different cipher if it has the
+// same hash.
+TEST_P(TlsConnectTls13, ResumeClientCompatibleCipher) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+ Connect();
+ SendReceive(); // Absorb the session ticket.
+ CheckKeys();
+
+ Reset();
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ ExpectResumption(RESUME_TICKET);
+ client_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256);
+ Connect();
+ CheckKeys();
+}
+
+TEST_P(TlsConnectTls13, ResumeServerCompatibleCipher) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+ Connect();
+ SendReceive(); // Absorb the session ticket.
+ CheckKeys();
+
+ Reset();
+ ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+ ExpectResumption(RESUME_TICKET);
+ server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256);
+ Connect();
+ CheckKeys();
+}
+
class SelectedVersionReplacer : public TlsHandshakeFilter {
public:
SelectedVersionReplacer(const std::shared_ptr<TlsAgent>& a, uint16_t version)
@@ -757,7 +801,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
ASSERT_LT(0U, initialTicket.len());
ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
- ASSERT_TRUE(!!cert1.get());
+ ASSERT_NE(nullptr, cert1.get());
Reset();
ClearStats();
@@ -773,7 +817,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
ASSERT_LT(0U, c2->extension().len());
ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
- ASSERT_TRUE(!!cert2.get());
+ ASSERT_NE(nullptr, cert2.get());
// Check that the cipher suite is reported the same on both sides, though in
// TLS 1.3 resumption actually negotiates a different cipher suite.
@@ -1109,7 +1153,7 @@ TEST_P(TlsConnectGenericResumption, ReConnectAgainTicket) {
ssl_auth_rsa_sign, ssl_sig_rsa_pss_rsae_sha256);
}
-void CheckGetInfoResult(uint32_t alpnSize, uint32_t earlyDataSize,
+void CheckGetInfoResult(PRTime now, uint32_t alpnSize, uint32_t earlyDataSize,
ScopedCERTCertificate& cert,
ScopedSSLResumptionTokenInfo& token) {
ASSERT_TRUE(cert);
@@ -1125,7 +1169,7 @@ void CheckGetInfoResult(uint32_t alpnSize, uint32_t earlyDataSize,
ASSERT_EQ(earlyDataSize, token->maxEarlyDataSize);
- ASSERT_LT(ssl_TimeUsec(), token->expirationTime);
+ ASSERT_LT(now, token->expirationTime);
}
// The client should generate a new, randomized session_id
@@ -1174,8 +1218,9 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfo) {
client_->GetTokenInfo(token);
ScopedCERTCertificate cert(
PK11_FindCertFromNickname(server_->name().c_str(), nullptr));
+ ASSERT_NE(nullptr, cert.get());
- CheckGetInfoResult(0, 0, cert, token);
+ CheckGetInfoResult(now(), 0, 0, cert, token);
Handshake();
CheckConnected();
@@ -1183,6 +1228,56 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfo) {
SendReceive();
}
+TEST_P(TlsConnectGenericResumptionToken, RefuseExpiredTicketClient) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ Connect();
+ SendReceive();
+
+ // Move the clock to the expiration time of the ticket.
+ SSLResumptionTokenInfo tokenInfo = {0};
+ ScopedSSLResumptionTokenInfo token(&tokenInfo);
+ client_->GetTokenInfo(token);
+ AdvanceTime(token->expirationTime - now());
+
+ Reset();
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ ExpectResumption(RESUME_TICKET);
+
+ StartConnect();
+ ASSERT_EQ(SECFailure,
+ SSL_SetResumptionToken(client_->ssl_fd(),
+ client_->GetResumptionToken().data(),
+ client_->GetResumptionToken().size()));
+ EXPECT_EQ(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR, PORT_GetError());
+}
+
+TEST_P(TlsConnectGenericResumptionToken, RefuseExpiredTicketServer) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ Connect();
+ SendReceive();
+
+ Reset();
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ ExpectResumption(RESUME_NONE);
+
+ // Start the handshake and send the ClientHello.
+ StartConnect();
+ ASSERT_EQ(SECSuccess,
+ SSL_SetResumptionToken(client_->ssl_fd(),
+ client_->GetResumptionToken().data(),
+ client_->GetResumptionToken().size()));
+ client_->Handshake();
+
+ // Move the clock to the expiration time of the ticket.
+ SSLResumptionTokenInfo tokenInfo = {0};
+ ScopedSSLResumptionTokenInfo token(&tokenInfo);
+ client_->GetTokenInfo(token);
+ AdvanceTime(token->expirationTime - now());
+
+ Handshake();
+ CheckConnected();
+}
+
TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) {
EnableAlpn();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
@@ -1204,8 +1299,9 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) {
client_->GetTokenInfo(token);
ScopedCERTCertificate cert(
PK11_FindCertFromNickname(server_->name().c_str(), nullptr));
+ ASSERT_NE(nullptr, cert.get());
- CheckGetInfoResult(1, 0, cert, token);
+ CheckGetInfoResult(now(), 1, 0, cert, token);
Handshake();
CheckConnected();
@@ -1216,7 +1312,7 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) {
TEST_P(TlsConnectTls13ResumptionToken, ConnectResumeGetInfoZeroRtt) {
EnableAlpn();
- SSLInt_RolloverAntiReplay();
+ RolloverAntiReplay();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
server_->Set0RttEnabled(true);
Connect();
@@ -1239,8 +1335,8 @@ TEST_P(TlsConnectTls13ResumptionToken, ConnectResumeGetInfoZeroRtt) {
client_->GetTokenInfo(token);
ScopedCERTCertificate cert(
PK11_FindCertFromNickname(server_->name().c_str(), nullptr));
-
- CheckGetInfoResult(1, 1024, cert, token);
+ ASSERT_NE(nullptr, cert.get());
+ CheckGetInfoResult(now(), 1, 1024, cert, token);
ZeroRttSendReceive(true, true);
Handshake();
@@ -1272,6 +1368,54 @@ TEST_P(TlsConnectGenericResumption, ConnectResumeClientAuth) {
SendReceive();
}
+// Check that resumption is blocked if the server requires client auth.
+TEST_P(TlsConnectGenericResumption, ClientAuthRequiredOnResumption) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ server_->RequestClientAuth(false);
+ Connect();
+ SendReceive();
+
+ Reset();
+ client_->SetupClientAuth();
+ server_->RequestClientAuth(true);
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ ExpectResumption(RESUME_NONE);
+ Connect();
+ SendReceive();
+}
+
+// Check that resumption is blocked if the server requires client auth and
+// the client fails to provide a certificate.
+TEST_P(TlsConnectGenericResumption, ClientAuthRequiredOnResumptionNoCert) {
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ server_->RequestClientAuth(false);
+ Connect();
+ SendReceive();
+
+ Reset();
+ server_->RequestClientAuth(true);
+ ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+ // Drive handshake manually because TLS 1.3 needs it.
+ StartConnect();
+ client_->Handshake(); // CH
+ server_->Handshake(); // SH.. (no resumption)
+ client_->Handshake(); // ...
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ // In TLS 1.3, the client thinks that everything is OK here.
+ ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+ ExpectAlert(server_, kTlsAlertCertificateRequired);
+ server_->Handshake(); // Alert
+ client_->Handshake(); // Receive Alert
+ client_->CheckErrorCode(SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT);
+ } else {
+ ExpectAlert(server_, kTlsAlertBadCertificate);
+ server_->Handshake(); // Alert
+ client_->Handshake(); // Receive Alert
+ client_->CheckErrorCode(SSL_ERROR_BAD_CERT_ALERT);
+ }
+ server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE);
+}
+
TEST_F(TlsConnectStreamTls13, ExternalTokenAfterHrr) {
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
Connect();
diff --git a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
index ffc0893e9..3255bd512 100644
--- a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
@@ -55,6 +55,10 @@ TEST_P(TlsConnectGeneric, ServerNegotiateTls12) {
// two validate that we can also detect fallback using the
// SSL_SetDowngradeCheckVersion() API.
TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) {
+ client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+ SSL_LIBRARY_VERSION_TLS_1_2);
+ server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+ SSL_LIBRARY_VERSION_TLS_1_2);
client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE);
MakeTlsFilter<TlsClientHelloVersionSetter>(client_,
SSL_LIBRARY_VERSION_TLS_1_1);
@@ -116,11 +120,11 @@ TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) {
TEST_F(TlsConnectTest, TestFallbackFromTls12) {
client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE);
- client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_1);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_2);
+ client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
@@ -269,4 +273,11 @@ TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) {
ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), version);
}
+// Offer 1.3 but with ClientHello.legacy_version == SSL 3.0. This
+// causes a protocol version alert. See RFC 8446 Appendix D.5.
+TEST_F(TlsConnectStreamTls13, Ssl30ClientHelloWithSupportedVersions) {
+ MakeTlsFilter<TlsClientHelloVersionSetter>(client_, SSL_LIBRARY_VERSION_3_0);
+ ConnectExpectAlert(server_, kTlsAlertProtocolVersion);
+}
+
} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
index a75dbb7aa..44e685414 100644
--- a/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc
@@ -214,12 +214,6 @@ class TestPolicyVersionRange
ASSERT_EQ(SECSuccess, rv);
rv = NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, saved_max_dtls_);
ASSERT_EQ(SECSuccess, rv);
- // If it wasn't set initially, clear the bit that we set.
- if (!(saved_algorithm_policy_ & NSS_USE_POLICY_IN_SSL)) {
- rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, 0,
- NSS_USE_POLICY_IN_SSL);
- ASSERT_EQ(SECSuccess, rv);
- }
}
private:
@@ -233,16 +227,12 @@ class TestPolicyVersionRange
ASSERT_EQ(SECSuccess, rv);
rv = NSS_OptionGet(NSS_DTLS_VERSION_MAX_POLICY, &saved_max_dtls_);
ASSERT_EQ(SECSuccess, rv);
- rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY,
- &saved_algorithm_policy_);
- ASSERT_EQ(SECSuccess, rv);
}
int32_t saved_min_tls_;
int32_t saved_max_tls_;
int32_t saved_min_dtls_;
int32_t saved_max_dtls_;
- uint32_t saved_algorithm_policy_;
};
VersionPolicy saved_version_policy_;
diff --git a/security/nss/gtests/ssl_gtest/test_io.cc b/security/nss/gtests/ssl_gtest/test_io.cc
index 6d792c520..4a7f91459 100644
--- a/security/nss/gtests/ssl_gtest/test_io.cc
+++ b/security/nss/gtests/ssl_gtest/test_io.cc
@@ -25,10 +25,13 @@ namespace nss_test {
if (g_ssl_gtest_verbose) LOG(a); \
} while (false)
+PRDescIdentity DummyPrSocket::LayerId() {
+ static PRDescIdentity id = PR_GetUniqueIdentity("dummysocket");
+ return id;
+}
+
ScopedPRFileDesc DummyPrSocket::CreateFD() {
- static PRDescIdentity test_fd_identity =
- PR_GetUniqueIdentity("testtransportadapter");
- return DummyIOLayerMethods::CreateFD(test_fd_identity, this);
+ return DummyIOLayerMethods::CreateFD(DummyPrSocket::LayerId(), this);
}
void DummyPrSocket::Reset() {
@@ -136,19 +139,18 @@ int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) {
DataBuffer filtered;
PacketFilter::Action action = PacketFilter::KEEP;
if (filter_) {
+ LOGV("Original packet: " << packet);
action = filter_->Process(packet, &filtered);
}
switch (action) {
case PacketFilter::CHANGE:
- LOG("Original packet: " << packet);
LOG("Filtered packet: " << filtered);
dst->PacketReceived(filtered);
break;
case PacketFilter::DROP:
- LOG("Droppped packet: " << packet);
+ LOG("Drop packet");
break;
case PacketFilter::KEEP:
- LOGV("Packet: " << packet);
dst->PacketReceived(packet);
break;
}
diff --git a/security/nss/gtests/ssl_gtest/test_io.h b/security/nss/gtests/ssl_gtest/test_io.h
index 062ae86c8..e262fb123 100644
--- a/security/nss/gtests/ssl_gtest/test_io.h
+++ b/security/nss/gtests/ssl_gtest/test_io.h
@@ -33,9 +33,11 @@ class PacketFilter {
CHANGE, // change the packet to a different value
DROP // drop the packet
};
- PacketFilter(bool enabled = true) : enabled_(enabled) {}
+ explicit PacketFilter(bool on = true) : enabled_(on) {}
virtual ~PacketFilter() {}
+ bool enabled() const { return enabled_; }
+
virtual Action Process(const DataBuffer& input, DataBuffer* output) {
if (!enabled_) {
return KEEP;
@@ -68,6 +70,8 @@ class DummyPrSocket : public DummyIOLayerMethods {
write_error_(0) {}
virtual ~DummyPrSocket() {}
+ static PRDescIdentity LayerId();
+
// Create a file descriptor that will reference this object. The fd must not
// live longer than this adapter; call PR_Close() before.
ScopedPRFileDesc CreateFD();
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc
index fb66196b5..88640481e 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.cc
+++ b/security/nss/gtests/ssl_gtest/tls_agent.cc
@@ -47,6 +47,8 @@ const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";
const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa";
const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa";
const std::string TlsAgent::kServerDsa = "dsa";
+const std::string TlsAgent::kDelegatorEcdsa256 = "delegator_ecdsa256";
+const std::string TlsAgent::kDelegatorRsae2048 = "delegator_rsae2048";
static const uint8_t kCannedTls13ServerHello[] = {
0x03, 0x03, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3,
@@ -127,16 +129,76 @@ void TlsAgent::SetState(State s) {
ScopedCERTCertificate* cert,
ScopedSECKEYPrivateKey* priv) {
cert->reset(PK11_FindCertFromNickname(name.c_str(), nullptr));
+ EXPECT_NE(nullptr, cert);
+ if (!cert) return false;
EXPECT_NE(nullptr, cert->get());
if (!cert->get()) return false;
priv->reset(PK11_FindKeyByAnyCert(cert->get(), nullptr));
+ EXPECT_NE(nullptr, priv);
+ if (!priv) return false;
EXPECT_NE(nullptr, priv->get());
if (!priv->get()) return false;
return true;
}
+// Loads a key pair from the certificate identified by |id|.
+/*static*/ bool TlsAgent::LoadKeyPairFromCert(const std::string& name,
+ ScopedSECKEYPublicKey* pub,
+ ScopedSECKEYPrivateKey* priv) {
+ ScopedCERTCertificate cert;
+ if (!TlsAgent::LoadCertificate(name, &cert, priv)) {
+ return false;
+ }
+
+ pub->reset(SECKEY_ExtractPublicKey(&cert->subjectPublicKeyInfo));
+ if (!pub->get()) {
+ return false;
+ }
+
+ return true;
+}
+
+void TlsAgent::DelegateCredential(const std::string& name,
+ const ScopedSECKEYPublicKey& dc_pub,
+ SSLSignatureScheme dc_cert_verify_alg,
+ PRUint32 dc_valid_for, PRTime now,
+ SECItem* dc) {
+ ScopedCERTCertificate cert;
+ ScopedSECKEYPrivateKey cert_priv;
+ EXPECT_TRUE(TlsAgent::LoadCertificate(name, &cert, &cert_priv))
+ << "Could not load delegate certificate: " << name
+ << "; test db corrupt?";
+
+ EXPECT_EQ(SECSuccess,
+ SSL_DelegateCredential(cert.get(), cert_priv.get(), dc_pub.get(),
+ dc_cert_verify_alg, dc_valid_for, now, dc));
+}
+
+void TlsAgent::EnableDelegatedCredentials() {
+ ASSERT_TRUE(EnsureTlsSetup());
+ SetOption(SSL_ENABLE_DELEGATED_CREDENTIALS, PR_TRUE);
+}
+
+void TlsAgent::AddDelegatedCredential(const std::string& dc_name,
+ SSLSignatureScheme dc_cert_verify_alg,
+ PRUint32 dc_valid_for, PRTime now) {
+ ASSERT_TRUE(EnsureTlsSetup());
+
+ ScopedSECKEYPublicKey pub;
+ ScopedSECKEYPrivateKey priv;
+ EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(dc_name, &pub, &priv));
+
+ StackSECItem dc;
+ TlsAgent::DelegateCredential(name_, pub, dc_cert_verify_alg, dc_valid_for,
+ now, &dc);
+
+ SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr,
+ nullptr, &dc, priv.get()};
+ EXPECT_TRUE(ConfigServerCert(name_, true, &extra_data));
+}
+
bool TlsAgent::ConfigServerCert(const std::string& id, bool updateKeyBits,
const SSLExtraServerCertData* serverCertData) {
ScopedCERTCertificate cert;
@@ -224,6 +286,9 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
EXPECT_EQ(SECSuccess, rv);
if (rv != SECSuccess) return false;
+ // All these tests depend on having this disabled to start with.
+ SetOption(SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_FALSE);
+
return true;
}
@@ -251,6 +316,10 @@ bool TlsAgent::MaybeSetResumptionToken() {
return true;
}
+void TlsAgent::SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx) {
+ EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd_.get(), ctx.get()));
+}
+
void TlsAgent::SetupClientAuth() {
EXPECT_TRUE(EnsureTlsSetup());
ASSERT_EQ(CLIENT, role_);
@@ -279,7 +348,7 @@ SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd,
ScopedCERTCertificate peerCert(SSL_PeerCertificate(agent->ssl_fd()));
EXPECT_TRUE(peerCert) << "Client should be able to see the server cert";
- // See bug 1457716
+ // See bug 1573945
// CheckCertReqAgainstDefaultCAs(caNames);
ScopedCERTCertificate cert;
@@ -640,6 +709,16 @@ void TlsAgent::CheckAlpn(SSLNextProtoState expected_state,
}
}
+void TlsAgent::CheckEpochs(uint16_t expected_read,
+ uint16_t expected_write) const {
+ uint16_t read_epoch = 0;
+ uint16_t write_epoch = 0;
+ EXPECT_EQ(SECSuccess,
+ SSL_GetCurrentEpoch(ssl_fd(), &read_epoch, &write_epoch));
+ EXPECT_EQ(expected_read, read_epoch) << role_str() << " read epoch";
+ EXPECT_EQ(expected_write, write_epoch) << role_str() << " write epoch";
+}
+
void TlsAgent::EnableSrtp() {
EXPECT_TRUE(EnsureTlsSetup());
const uint16_t ciphers[] = {SRTP_AES128_CM_HMAC_SHA1_80,
@@ -715,26 +794,26 @@ void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const {
}
void TlsAgent::CheckPreliminaryInfo() {
- SSLPreliminaryChannelInfo info;
+ SSLPreliminaryChannelInfo preinfo;
EXPECT_EQ(SECSuccess,
- SSL_GetPreliminaryChannelInfo(ssl_fd(), &info, sizeof(info)));
- EXPECT_EQ(sizeof(info), info.length);
- EXPECT_TRUE(info.valuesSet & ssl_preinfo_version);
- EXPECT_TRUE(info.valuesSet & ssl_preinfo_cipher_suite);
+ SSL_GetPreliminaryChannelInfo(ssl_fd(), &preinfo, sizeof(preinfo)));
+ EXPECT_EQ(sizeof(preinfo), preinfo.length);
+ EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_version);
+ EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite);
// A version of 0 is invalid and indicates no expectation. This value is
// initialized to 0 so that tests that don't explicitly set an expected
// version can negotiate a version.
if (!expected_version_) {
- expected_version_ = info.protocolVersion;
+ expected_version_ = preinfo.protocolVersion;
}
- EXPECT_EQ(expected_version_, info.protocolVersion);
+ EXPECT_EQ(expected_version_, preinfo.protocolVersion);
// As with the version; 0 is the null cipher suite (and also invalid).
if (!expected_cipher_suite_) {
- expected_cipher_suite_ = info.cipherSuite;
+ expected_cipher_suite_ = preinfo.cipherSuite;
}
- EXPECT_EQ(expected_cipher_suite_, info.cipherSuite);
+ EXPECT_EQ(expected_cipher_suite_, preinfo.cipherSuite);
}
// Check that all the expected callbacks have been called.
@@ -766,6 +845,13 @@ void TlsAgent::ResetPreliminaryInfo() {
expected_cipher_suite_ = 0;
}
+void TlsAgent::UpdatePreliminaryChannelInfo() {
+ SECStatus rv = SSL_GetPreliminaryChannelInfo(ssl_fd_.get(), &pre_info_,
+ sizeof(pre_info_));
+ EXPECT_EQ(SECSuccess, rv);
+ EXPECT_EQ(sizeof(pre_info_), pre_info_.length);
+}
+
void TlsAgent::ValidateCipherSpecs() {
PRInt32 cipherSpecs = SSLInt_CountCipherSpecs(ssl_fd());
// We use one ciphersuite in each direction.
@@ -828,6 +914,7 @@ void TlsAgent::Connected() {
// Preliminary values are exposed through callbacks during the handshake.
// If either expected values were set or the callbacks were called, check
// that the final values are correct.
+ UpdatePreliminaryChannelInfo();
EXPECT_EQ(expected_version_, info_.protocolVersion);
EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite);
diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h
index 020221868..4b6cce8e0 100644
--- a/security/nss/gtests/ssl_gtest/tls_agent.h
+++ b/security/nss/gtests/ssl_gtest/tls_agent.h
@@ -76,6 +76,8 @@ class TlsAgent : public PollTarget {
static const std::string kServerEcdhEcdsa;
static const std::string kServerEcdhRsa;
static const std::string kServerDsa;
+ static const std::string kDelegatorEcdsa256; // draft-ietf-tls-subcerts
+ static const std::string kDelegatorRsae2048; // draft-ietf-tls-subcerts
TlsAgent(const std::string& name, Role role, SSLProtocolVariant variant);
virtual ~TlsAgent();
@@ -108,9 +110,32 @@ class TlsAgent : public PollTarget {
void PrepareForRenegotiate();
// Prepares for renegotiation, then actually triggers it.
void StartRenegotiate();
+ void SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx);
+
static bool LoadCertificate(const std::string& name,
ScopedCERTCertificate* cert,
ScopedSECKEYPrivateKey* priv);
+ static bool LoadKeyPairFromCert(const std::string& name,
+ ScopedSECKEYPublicKey* pub,
+ ScopedSECKEYPrivateKey* priv);
+
+ // Delegated credentials.
+ //
+ // Generate a delegated credential and sign it using the certificate
+ // associated with |name|.
+ static void DelegateCredential(const std::string& name,
+ const ScopedSECKEYPublicKey& dcPub,
+ SSLSignatureScheme dcCertVerifyAlg,
+ PRUint32 dcValidFor, PRTime now, SECItem* dc);
+ // Indicate support for the delegated credentials extension.
+ void EnableDelegatedCredentials();
+ // Generate and configure a delegated credential to use in the handshake with
+ // clients that support this extension..
+ void AddDelegatedCredential(const std::string& dc_name,
+ SSLSignatureScheme dcCertVerifyAlg,
+ PRUint32 dcValidFor, PRTime now);
+ void UpdatePreliminaryChannelInfo();
+
bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
const SSLExtraServerCertData* serverCertData = nullptr);
bool ConfigServerCertWithChain(const std::string& name);
@@ -139,6 +164,7 @@ class TlsAgent : public PollTarget {
const std::string& expected = "") const;
void EnableSrtp();
void CheckSrtp() const;
+ void CheckEpochs(uint16_t expected_read, uint16_t expected_write) const;
void CheckErrorCode(int32_t expected) const;
void WaitForErrorCode(int32_t expected, uint32_t delay) const;
// Send data on the socket, encrypting it.
@@ -199,16 +225,20 @@ class TlsAgent : public PollTarget {
PRFileDesc* ssl_fd() const { return ssl_fd_.get(); }
std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; }
+ const SSLChannelInfo& info() const {
+ EXPECT_EQ(STATE_CONNECTED, state_);
+ return info_;
+ }
+
+ const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; }
+
bool is_compressed() const {
- return info_.compressionMethod != ssl_compression_null;
+ return info().compressionMethod != ssl_compression_null;
}
uint16_t server_key_bits() const { return server_key_bits_; }
uint16_t min_version() const { return vrange_.min; }
uint16_t max_version() const { return vrange_.max; }
- uint16_t version() const {
- EXPECT_EQ(STATE_CONNECTED, state_);
- return info_.protocolVersion;
- }
+ uint16_t version() const { return info().protocolVersion; }
bool cipher_suite(uint16_t* suite) const {
if (state_ != STATE_CONNECTED) return false;
@@ -399,6 +429,7 @@ class TlsAgent : public PollTarget {
bool handshake_callback_called_;
bool resumption_callback_called_;
SSLChannelInfo info_;
+ SSLPreliminaryChannelInfo pre_info_;
SSLCipherSuiteInfo csinfo_;
SSLVersionRange vrange_;
PRErrorCode error_code_;
diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc
index c48ae38ec..28165cf7f 100644
--- a/security/nss/gtests/ssl_gtest/tls_connect.cc
+++ b/security/nss/gtests/ssl_gtest/tls_connect.cc
@@ -106,6 +106,10 @@ std::string VersionString(uint16_t version) {
}
}
+// The default anti-replay window for tests. Tests that rely on a different
+// value call SSL_InitAntiReplay directly.
+static PRTime kAntiReplayWindow = 100 * PR_USEC_PER_SEC;
+
TlsConnectTestBase::TlsConnectTestBase(SSLProtocolVariant variant,
uint16_t version)
: variant_(variant),
@@ -167,18 +171,8 @@ void TlsConnectTestBase::CheckShares(
void TlsConnectTestBase::CheckEpochs(uint16_t client_epoch,
uint16_t server_epoch) const {
- uint16_t read_epoch = 0;
- uint16_t write_epoch = 0;
-
- EXPECT_EQ(SECSuccess,
- SSLInt_GetEpochs(client_->ssl_fd(), &read_epoch, &write_epoch));
- EXPECT_EQ(server_epoch, read_epoch) << "client read epoch";
- EXPECT_EQ(client_epoch, write_epoch) << "client write epoch";
-
- EXPECT_EQ(SECSuccess,
- SSLInt_GetEpochs(server_->ssl_fd(), &read_epoch, &write_epoch));
- EXPECT_EQ(client_epoch, read_epoch) << "server read epoch";
- EXPECT_EQ(server_epoch, write_epoch) << "server write epoch";
+ client_->CheckEpochs(server_epoch, client_epoch);
+ server_->CheckEpochs(client_epoch, server_epoch);
}
void TlsConnectTestBase::ClearStats() {
@@ -193,12 +187,37 @@ void TlsConnectTestBase::ClearServerCache() {
SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
}
+void TlsConnectTestBase::SaveAlgorithmPolicy() {
+ saved_policies_.clear();
+ for (auto it = algorithms_.begin(); it != algorithms_.end(); ++it) {
+ uint32_t policy;
+ SECStatus rv = NSS_GetAlgorithmPolicy(*it, &policy);
+ ASSERT_EQ(SECSuccess, rv);
+ saved_policies_.push_back(std::make_tuple(*it, policy));
+ }
+}
+
+void TlsConnectTestBase::RestoreAlgorithmPolicy() {
+ for (auto it = saved_policies_.begin(); it != saved_policies_.end(); ++it) {
+ auto algorithm = std::get<0>(*it);
+ auto policy = std::get<1>(*it);
+ SECStatus rv = NSS_SetAlgorithmPolicy(
+ algorithm, policy, NSS_USE_POLICY_IN_SSL | NSS_USE_ALG_IN_SSL_KX);
+ ASSERT_EQ(SECSuccess, rv);
+ }
+}
+
+PRTime TlsConnectTestBase::TimeFunc(void* arg) {
+ return *reinterpret_cast<PRTime*>(arg);
+}
+
void TlsConnectTestBase::SetUp() {
SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
SSLInt_ClearSelfEncryptKey();
- SSLInt_SetTicketLifetime(30);
- SSL_SetupAntiReplay(1 * PR_USEC_PER_SEC, 1, 3);
+ now_ = PR_Now();
+ ResetAntiReplay(kAntiReplayWindow);
ClearStats();
+ SaveAlgorithmPolicy();
Init();
}
@@ -209,6 +228,7 @@ void TlsConnectTestBase::TearDown() {
SSL_ClearSessionCache();
SSLInt_ClearSelfEncryptKey();
SSL_ShutdownServerSessionIDCache();
+ RestoreAlgorithmPolicy();
}
void TlsConnectTestBase::Init() {
@@ -220,6 +240,14 @@ void TlsConnectTestBase::Init() {
}
}
+void TlsConnectTestBase::ResetAntiReplay(PRTime window) {
+ SSLAntiReplayContext* p_anti_replay = nullptr;
+ EXPECT_EQ(SECSuccess,
+ SSL_CreateAntiReplayContext(now_, window, 1, 3, &p_anti_replay));
+ EXPECT_NE(nullptr, p_anti_replay);
+ anti_replay_.reset(p_anti_replay);
+}
+
void TlsConnectTestBase::Reset() {
// Take a copy of the names because they are about to disappear.
std::string server_name = server_->name();
@@ -238,6 +266,8 @@ void TlsConnectTestBase::Reset(const std::string& server_name,
server_->SkipVersionChecks();
}
+ std::cerr << "Reset server:" << server_name << ", client:" << client_name
+ << std::endl;
Init();
}
@@ -269,10 +299,14 @@ void TlsConnectTestBase::EnsureTlsSetup() {
: nullptr));
EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd()
: nullptr));
+ server_->SetAntiReplayContext(anti_replay_);
+ EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(client_->ssl_fd(),
+ TlsConnectTestBase::TimeFunc, &now_));
+ EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(server_->ssl_fd(),
+ TlsConnectTestBase::TimeFunc, &now_));
}
void TlsConnectTestBase::Handshake() {
- EnsureTlsSetup();
client_->SetServerKeyBits(server_->server_key_bits());
client_->Handshake();
server_->Handshake();
@@ -289,16 +323,16 @@ void TlsConnectTestBase::EnableExtendedMasterSecret() {
}
void TlsConnectTestBase::Connect() {
- server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr);
- client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr);
+ StartConnect();
client_->MaybeSetResumptionToken();
Handshake();
CheckConnected();
}
void TlsConnectTestBase::StartConnect() {
- server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr);
- client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr);
+ EnsureTlsSetup();
+ server_->StartConnect();
+ client_->StartConnect();
}
void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
@@ -666,8 +700,9 @@ void TlsConnectTestBase::SendReceive(size_t total) {
// Do a first connection so we can do 0-RTT on the second one.
void TlsConnectTestBase::SetupForZeroRtt() {
+ // Force rollover of the anti-replay window.
// If we don't do this, then all 0-RTT attempts will be rejected.
- SSLInt_RolloverAntiReplay();
+ RolloverAntiReplay();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
@@ -779,12 +814,20 @@ void TlsConnectTestBase::ShiftDtlsTimers() {
time_shift = time;
}
- if (time_shift == PR_INTERVAL_NO_TIMEOUT) {
- return;
+ if (time_shift != PR_INTERVAL_NO_TIMEOUT) {
+ AdvanceTime(PR_IntervalToMicroseconds(time_shift));
+ EXPECT_EQ(SECSuccess,
+ SSLInt_ShiftDtlsTimers(client_->ssl_fd(), time_shift));
+ EXPECT_EQ(SECSuccess,
+ SSLInt_ShiftDtlsTimers(server_->ssl_fd(), time_shift));
}
+}
+
+void TlsConnectTestBase::AdvanceTime(PRTime time_shift) { now_ += time_shift; }
- EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(client_->ssl_fd(), time_shift));
- EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(server_->ssl_fd(), time_shift));
+// Advance time by a full anti-replay window.
+void TlsConnectTestBase::RolloverAntiReplay() {
+ AdvanceTime(kAntiReplayWindow);
}
TlsConnectGeneric::TlsConnectGeneric()
diff --git a/security/nss/gtests/ssl_gtest/tls_connect.h b/security/nss/gtests/ssl_gtest/tls_connect.h
index 000494501..23c60bf4f 100644
--- a/security/nss/gtests/ssl_gtest/tls_connect.h
+++ b/security/nss/gtests/ssl_gtest/tls_connect.h
@@ -48,6 +48,8 @@ class TlsConnectTestBase : public ::testing::Test {
virtual void SetUp();
virtual void TearDown();
+ PRTime now() const { return now_; }
+
// Initialize client and server.
void Init();
// Clear the statistics.
@@ -131,6 +133,13 @@ class TlsConnectTestBase : public ::testing::Test {
// Move the DTLS timers for both endpoints to pop the next timer.
void ShiftDtlsTimers();
+ void AdvanceTime(PRTime time_shift);
+
+ void ResetAntiReplay(PRTime window);
+ void RolloverAntiReplay();
+
+ void SaveAlgorithmPolicy();
+ void RestoreAlgorithmPolicy();
protected:
SSLProtocolVariant variant_;
@@ -142,6 +151,7 @@ class TlsConnectTestBase : public ::testing::Test {
SessionResumptionMode expected_resumption_mode_;
uint8_t expected_resumptions_;
std::vector<std::vector<uint8_t>> session_ids_;
+ ScopedSSLAntiReplayContext anti_replay_;
// A simple value of "a", "b". Note that the preferred value of "a" is placed
// at the end, because the NSS API follows the now defunct NPN specification,
@@ -149,14 +159,24 @@ class TlsConnectTestBase : public ::testing::Test {
// NSS will move this final entry to the front when used with ALPN.
const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61};
+ // A list of algorithm IDs whose policies need to be preserved
+ // around test cases. In particular, DSA is checked in
+ // ssl_extension_unittest.cc.
+ const std::vector<SECOidTag> algorithms_ = {SEC_OID_APPLY_SSL_POLICY,
+ SEC_OID_ANSIX9_DSA_SIGNATURE,
+ SEC_OID_CURVE25519, SEC_OID_SHA1};
+ std::vector<std::tuple<SECOidTag, uint32_t>> saved_policies_;
+
private:
void CheckResumption(SessionResumptionMode expected);
void CheckExtendedMasterSecret();
void CheckEarlyDataAccepted();
+ static PRTime TimeFunc(void* arg);
bool expect_extended_master_secret_;
bool expect_early_data_accepted_;
bool skip_version_checks_;
+ PRTime now_;
// Track groups and make sure that there are no duplicates.
class DuplicateGroupChecker {
diff --git a/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc b/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
index 3c860a0b2..26275e0bc 100644
--- a/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
@@ -4,8 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include <ctime>
-
#include "secerr.h"
#include "ssl.h"
@@ -57,7 +55,7 @@ static void UpdateEsniKeysChecksum(DataBuffer* buf) {
buf->Write(2, sha256, 4);
}
-static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group,
+static void GenerateEsniKey(PRTime now, SSLNamedGroup group,
std::vector<uint16_t>& cipher_suites,
DataBuffer* record,
ScopedSECKEYPublicKey* pubKey = nullptr,
@@ -70,11 +68,12 @@ static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group,
ASSERT_NE(nullptr, priv);
SECITEM_FreeItem(&ecParams, PR_FALSE);
PRUint8 encoded[1024];
- unsigned int encoded_len;
+ unsigned int encoded_len = 0;
SECStatus rv = SSL_EncodeESNIKeys(
- &cipher_suites[0], cipher_suites.size(), group, pub, 100, windowStart,
- windowStart + 10, encoded, &encoded_len, sizeof(encoded));
+ &cipher_suites[0], cipher_suites.size(), group, pub, 100,
+ (now / PR_USEC_PER_SEC) - 1, (now / PR_USEC_PER_SEC) + 10, encoded,
+ &encoded_len, sizeof(encoded));
ASSERT_EQ(SECSuccess, rv);
ASSERT_GT(encoded_len, 0U);
@@ -92,15 +91,15 @@ static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group,
record->Write(0, encoded, encoded_len);
}
-static void SetupEsni(const std::shared_ptr<TlsAgent>& client,
+static void SetupEsni(PRTime now, const std::shared_ptr<TlsAgent>& client,
const std::shared_ptr<TlsAgent>& server,
SSLNamedGroup group = ssl_grp_ec_curve25519) {
ScopedSECKEYPublicKey pub;
ScopedSECKEYPrivateKey priv;
DataBuffer record;
- GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record,
- &pub, &priv);
+ GenerateEsniKey(now, ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub,
+ &priv);
SECStatus rv = SSL_SetESNIKeyPair(server->ssl_fd(), priv.get(), record.data(),
record.len());
ASSERT_EQ(SECSuccess, rv);
@@ -124,77 +123,87 @@ static void CheckSniExtension(const DataBuffer& data) {
ASSERT_EQ(expected, name);
}
-static void ClientInstallEsni(std::shared_ptr<TlsAgent>& agent,
- const DataBuffer& record, PRErrorCode err = 0) {
- SECStatus rv =
- SSL_EnableESNI(agent->ssl_fd(), record.data(), record.len(), kDummySni);
- if (err == 0) {
- ASSERT_EQ(SECSuccess, rv);
- } else {
- ASSERT_EQ(SECFailure, rv);
- ASSERT_EQ(err, PORT_GetError());
+class TlsAgentEsniTest : public TlsAgentTestClient13 {
+ public:
+ void SetUp() override { now_ = PR_Now(); }
+
+ protected:
+ PRTime now() const { return now_; }
+
+ void InstallEsni(const DataBuffer& record, PRErrorCode err = 0) {
+ SECStatus rv = SSL_EnableESNI(agent_->ssl_fd(), record.data(), record.len(),
+ kDummySni);
+ if (err == 0) {
+ ASSERT_EQ(SECSuccess, rv);
+ } else {
+ ASSERT_EQ(SECFailure, rv);
+ ASSERT_EQ(err, PORT_GetError());
+ }
}
-}
-TEST_P(TlsAgentTestClient13, EsniInstall) {
+ private:
+ PRTime now_ = 0;
+};
+
+TEST_P(TlsAgentEsniTest, EsniInstall) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
- ClientInstallEsni(agent_, record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ InstallEsni(record);
}
// The next set of tests fail at setup time.
-TEST_P(TlsAgentTestClient13, EsniInvalidHash) {
+TEST_P(TlsAgentEsniTest, EsniInvalidHash) {
EnsureInit();
DataBuffer record;
GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.data()[2]++;
- ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
+ InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
}
-TEST_P(TlsAgentTestClient13, EsniInvalidVersion) {
+TEST_P(TlsAgentEsniTest, EsniInvalidVersion) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.Write(0, 0xffff, 2);
- ClientInstallEsni(agent_, record, SSL_ERROR_UNSUPPORTED_VERSION);
+ InstallEsni(record, SSL_ERROR_UNSUPPORTED_VERSION);
}
-TEST_P(TlsAgentTestClient13, EsniShort) {
+TEST_P(TlsAgentEsniTest, EsniShort) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.Truncate(record.len() - 1);
UpdateEsniKeysChecksum(&record);
- ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
+ InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
}
-TEST_P(TlsAgentTestClient13, EsniLong) {
+TEST_P(TlsAgentEsniTest, EsniLong) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.Write(record.len(), 1, 1);
UpdateEsniKeysChecksum(&record);
- ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
+ InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
}
-TEST_P(TlsAgentTestClient13, EsniExtensionMismatch) {
+TEST_P(TlsAgentEsniTest, EsniExtensionMismatch) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.Write(record.len() - 1, 1, 1);
UpdateEsniKeysChecksum(&record);
- ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
+ InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS);
}
// The following tests fail by ignoring the Esni block.
-TEST_P(TlsAgentTestClient13, EsniUnknownGroup) {
+TEST_P(TlsAgentEsniTest, EsniUnknownGroup) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
record.Write(8, 0xffff, 2); // Fake group
UpdateEsniKeysChecksum(&record);
- ClientInstallEsni(agent_, record, 0);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
@@ -202,11 +211,11 @@ TEST_P(TlsAgentTestClient13, EsniUnknownGroup) {
ASSERT_TRUE(!filter->captured());
}
-TEST_P(TlsAgentTestClient13, EsniUnknownCS) {
+TEST_P(TlsAgentEsniTest, EsniUnknownCS) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kBogusSuites, &record);
- ClientInstallEsni(agent_, record, 0);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kBogusSuites, &record);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
@@ -214,12 +223,12 @@ TEST_P(TlsAgentTestClient13, EsniUnknownCS) {
ASSERT_TRUE(!filter->captured());
}
-TEST_P(TlsAgentTestClient13, EsniInvalidCS) {
+TEST_P(TlsAgentEsniTest, EsniInvalidCS) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kTls12Suites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kTls12Suites, &record);
UpdateEsniKeysChecksum(&record);
- ClientInstallEsni(agent_, record, 0);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
@@ -227,36 +236,34 @@ TEST_P(TlsAgentTestClient13, EsniInvalidCS) {
ASSERT_TRUE(!filter->captured());
}
-TEST_P(TlsAgentTestClient13, EsniNotReady) {
+TEST_P(TlsAgentEsniTest, EsniNotReady) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0) + 1000, ssl_grp_ec_curve25519, kDefaultSuites,
- &record);
- ClientInstallEsni(agent_, record, 0);
+ GenerateEsniKey(now() + 1000, ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
ASSERT_TRUE(!filter->captured());
}
-TEST_P(TlsAgentTestClient13, EsniExpired) {
+TEST_P(TlsAgentEsniTest, EsniExpired) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0) - 1000, ssl_grp_ec_curve25519, kDefaultSuites,
- &record);
- ClientInstallEsni(agent_, record, 0);
+ GenerateEsniKey(now() - 1000, ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
ASSERT_TRUE(!filter->captured());
}
-TEST_P(TlsAgentTestClient13, NoSniSoNoEsni) {
+TEST_P(TlsAgentEsniTest, NoSniSoNoEsni) {
EnsureInit();
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
SSL_SetURL(agent_->ssl_fd(), "");
- ClientInstallEsni(agent_, record, 0);
+ InstallEsni(record, 0);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn);
agent_->Handshake();
@@ -275,7 +282,7 @@ static int32_t SniCallback(TlsAgent* agent, const SECItem* srvNameAddr,
TEST_P(TlsConnectTls13, ConnectEsni) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
auto cFilterSni =
MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
auto cFilterEsni =
@@ -300,16 +307,19 @@ TEST_P(TlsConnectTls13, ConnectEsniHrr) {
EnsureTlsSetup();
const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
server_->ConfigNamedGroups(groups);
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
auto hrr_capture = MakeTlsFilter<TlsHandshakeRecorder>(
server_, kTlsHandshakeHelloRetryRequest);
auto filter =
MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
- auto cfilter =
- MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
+ auto filter2 =
+ MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn, true);
+ client_->SetFilter(std::make_shared<ChainedPacketFilter>(
+ ChainedPacketFilterInit({filter, filter2})));
server_->SetSniCallback(SniCallback);
Connect();
- CheckSniExtension(cfilter->extension());
+ CheckSniExtension(filter->extension());
+ CheckSniExtension(filter2->extension());
EXPECT_NE(0UL, hrr_capture->buffer().len());
}
@@ -319,8 +329,8 @@ TEST_P(TlsConnectTls13, ConnectEsniNoDummy) {
ScopedSECKEYPrivateKey priv;
DataBuffer record;
- GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record,
- &pub, &priv);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub,
+ &priv);
SECStatus rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(),
record.data(), record.len());
ASSERT_EQ(SECSuccess, rv);
@@ -343,8 +353,8 @@ TEST_P(TlsConnectTls13, ConnectEsniNullDummy) {
ScopedSECKEYPrivateKey priv;
DataBuffer record;
- GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record,
- &pub, &priv);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub,
+ &priv);
SECStatus rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(),
record.data(), record.len());
ASSERT_EQ(SECSuccess, rv);
@@ -369,14 +379,17 @@ TEST_P(TlsConnectTls13, ConnectEsniCSMismatch) {
ScopedSECKEYPrivateKey priv;
DataBuffer record;
- GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record,
- &pub, &priv);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub,
+ &priv);
PRUint8 encoded[1024];
- unsigned int encoded_len;
+ unsigned int encoded_len = 0;
SECStatus rv = SSL_EncodeESNIKeys(
&kChaChaSuite[0], kChaChaSuite.size(), ssl_grp_ec_curve25519, pub.get(),
- 100, time(0), time(0) + 10, encoded, &encoded_len, sizeof(encoded));
+ 100, (now() / PR_USEC_PER_SEC) - 1, (now() / PR_USEC_PER_SEC) + 10,
+ encoded, &encoded_len, sizeof(encoded));
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_LT(0U, encoded_len);
rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(), encoded, encoded_len);
ASSERT_EQ(SECSuccess, rv);
rv = SSL_EnableESNI(client_->ssl_fd(), record.data(), record.len(), "");
@@ -387,7 +400,7 @@ TEST_P(TlsConnectTls13, ConnectEsniCSMismatch) {
TEST_P(TlsConnectTls13, ConnectEsniP256) {
EnsureTlsSetup();
- SetupEsni(client_, server_, ssl_grp_ec_secp256r1);
+ SetupEsni(now(), client_, server_, ssl_grp_ec_secp256r1);
auto cfilter =
MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
auto sfilter =
@@ -400,18 +413,21 @@ TEST_P(TlsConnectTls13, ConnectEsniP256) {
TEST_P(TlsConnectTls13, ConnectMismatchedEsniKeys) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
// Now install a new set of keys on the client, so we have a mismatch.
DataBuffer record;
- GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record);
- ClientInstallEsni(client_, record, 0);
+ GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record);
+
+ SECStatus rv =
+ SSL_EnableESNI(client_->ssl_fd(), record.data(), record.len(), kDummySni);
+ ASSERT_EQ(SECSuccess, rv);
ConnectExpectAlert(server_, illegal_parameter);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
TEST_P(TlsConnectTls13, ConnectDamagedEsniExtensionCH) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
auto filter = MakeTlsFilter<TlsExtensionDamager>(
client_, ssl_tls13_encrypted_sni_xtn, 50); // in the ciphertext
ConnectExpectAlert(server_, illegal_parameter);
@@ -420,7 +436,7 @@ TEST_P(TlsConnectTls13, ConnectDamagedEsniExtensionCH) {
TEST_P(TlsConnectTls13, ConnectRemoveEsniExtensionEE) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
auto filter =
MakeTlsFilter<TlsExtensionDropper>(server_, ssl_tls13_encrypted_sni_xtn);
filter->EnableDecryption();
@@ -430,7 +446,7 @@ TEST_P(TlsConnectTls13, ConnectRemoveEsniExtensionEE) {
TEST_P(TlsConnectTls13, ConnectShortEsniExtensionEE) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
DataBuffer shortNonce;
auto filter = MakeTlsFilter<TlsExtensionReplacer>(
server_, ssl_tls13_encrypted_sni_xtn, shortNonce);
@@ -441,7 +457,7 @@ TEST_P(TlsConnectTls13, ConnectShortEsniExtensionEE) {
TEST_P(TlsConnectTls13, ConnectBogusEsniExtensionEE) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
const uint8_t bogusNonceBuf[16] = {0};
DataBuffer bogusNonce(bogusNonceBuf, sizeof(bogusNonceBuf));
auto filter = MakeTlsFilter<TlsExtensionReplacer>(
@@ -456,7 +472,7 @@ TEST_P(TlsConnectTls13, ConnectBogusEsniExtensionEE) {
// The client then aborts when it sees the server did TLS 1.2.
TEST_P(TlsConnectTls13, EsniButTLS12Server) {
EnsureTlsSetup();
- SetupEsni(client_, server_);
+ SetupEsni(now(), client_, server_);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
@@ -467,4 +483,4 @@ TEST_P(TlsConnectTls13, EsniButTLS12Server) {
ASSERT_FALSE(SSLInt_ExtensionNegotiated(server_->ssl_fd(),
ssl_tls13_encrypted_sni_xtn));
}
-}
+} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/tls_filter.cc b/security/nss/gtests/ssl_gtest/tls_filter.cc
index 25ad606fc..b2917274b 100644
--- a/security/nss/gtests/ssl_gtest/tls_filter.cc
+++ b/security/nss/gtests/ssl_gtest/tls_filter.cc
@@ -45,40 +45,65 @@ void TlsVersioned::WriteStream(std::ostream& stream) const {
}
}
+TlsRecordFilter::TlsRecordFilter(const std::shared_ptr<TlsAgent>& a)
+ : agent_(a) {
+ cipher_specs_.emplace_back(a->variant() == ssl_variant_datagram, 0);
+}
+
void TlsRecordFilter::EnableDecryption() {
- SSLInt_SetCipherSpecChangeFunc(agent()->ssl_fd(), CipherSpecChanged,
- (void*)this);
+ EXPECT_EQ(SECSuccess,
+ SSL_SecretCallback(agent()->ssl_fd(), SecretCallback, this));
+ decrypting_ = true;
}
-void TlsRecordFilter::CipherSpecChanged(void* arg, PRBool sending,
- ssl3CipherSpec* newSpec) {
+void TlsRecordFilter::SecretCallback(PRFileDesc* fd, PRUint16 epoch,
+ SSLSecretDirection dir, PK11SymKey* secret,
+ void* arg) {
TlsRecordFilter* self = static_cast<TlsRecordFilter*>(arg);
- PRBool isServer = self->agent()->role() == TlsAgent::SERVER;
-
if (g_ssl_gtest_verbose) {
- std::cerr << (isServer ? "server" : "client") << ": "
- << (sending ? "send" : "receive")
- << " cipher spec changed: " << newSpec->epoch << " ("
- << newSpec->phase << ")" << std::endl;
+ std::cerr << self->agent()->role_str() << ": " << dir
+ << " secret changed for epoch " << epoch << std::endl;
}
- if (!sending) {
+
+ if (dir == ssl_secret_read) {
return;
}
- uint64_t seq_no;
- if (self->agent()->variant() == ssl_variant_datagram) {
- seq_no = static_cast<uint64_t>(SSLInt_CipherSpecToEpoch(newSpec)) << 48;
+ for (auto& spec : self->cipher_specs_) {
+ ASSERT_NE(spec.epoch(), epoch) << "duplicate spec for epoch " << epoch;
+ }
+
+ SSLPreliminaryChannelInfo preinfo;
+ EXPECT_EQ(SECSuccess,
+ SSL_GetPreliminaryChannelInfo(self->agent()->ssl_fd(), &preinfo,
+ sizeof(preinfo)));
+ EXPECT_EQ(sizeof(preinfo), preinfo.length);
+
+ // Check the version.
+ if (preinfo.valuesSet & ssl_preinfo_version) {
+ EXPECT_EQ(SSL_LIBRARY_VERSION_TLS_1_3, preinfo.protocolVersion);
+ } else {
+ EXPECT_EQ(1U, epoch);
+ }
+
+ uint16_t suite;
+ if (epoch == 1) {
+ // 0-RTT
+ EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_0rtt_cipher_suite);
+ suite = preinfo.zeroRttCipherSuite;
} else {
- seq_no = 0;
+ EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite);
+ suite = preinfo.cipherSuite;
}
- self->in_sequence_number_ = seq_no;
- self->out_sequence_number_ = seq_no;
- self->dropped_record_ = false;
- self->cipher_spec_.reset(new TlsCipherSpec());
- bool ret = self->cipher_spec_->Init(
- SSLInt_CipherSpecToEpoch(newSpec), SSLInt_CipherSpecToAlgorithm(newSpec),
- SSLInt_CipherSpecToKey(newSpec), SSLInt_CipherSpecToIv(newSpec));
- EXPECT_EQ(true, ret);
+
+ SSLCipherSuiteInfo cipherinfo;
+ EXPECT_EQ(SECSuccess,
+ SSL_GetCipherSuiteInfo(suite, &cipherinfo, sizeof(cipherinfo)));
+ EXPECT_EQ(sizeof(cipherinfo), cipherinfo.length);
+
+ bool is_dtls = self->agent()->variant() == ssl_variant_datagram;
+ self->cipher_specs_.emplace_back(is_dtls, epoch);
+ EXPECT_TRUE(self->cipher_specs_.back().SetKeys(&cipherinfo, secret));
}
bool TlsRecordFilter::is_dtls13() const {
@@ -95,6 +120,23 @@ bool TlsRecordFilter::is_dtls13() const {
info.canSendEarlyData;
}
+// Gets the cipher spec that matches the specified epoch.
+TlsCipherSpec& TlsRecordFilter::spec(uint16_t write_epoch) {
+ for (auto& sp : cipher_specs_) {
+ if (sp.epoch() == write_epoch) {
+ return sp;
+ }
+ }
+
+ // If we aren't decrypting, provide a cipher spec that does nothing other than
+ // count sequence numbers.
+ EXPECT_FALSE(decrypting_) << "No spec available for epoch " << write_epoch;
+ ;
+ bool is_dtls = agent()->variant() == ssl_variant_datagram;
+ cipher_specs_.emplace_back(is_dtls, write_epoch);
+ return cipher_specs_.back();
+}
+
PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input,
DataBuffer* output) {
// Disable during shutdown.
@@ -108,34 +150,28 @@ PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input,
output->Allocate(input.len());
TlsParser parser(input);
+ // This uses the current write spec for the purposes of parsing the epoch and
+ // sequence number from the header. This might be wrong because we can
+ // receive records from older specs, but guessing is good enough:
+ // - In DTLS, parsing the sequence number corrects any errors.
+ // - In TLS, we don't use the sequence number unless decrypting, where we use
+ // trial decryption to get the right epoch.
+ uint16_t write_epoch = 0;
+ SECStatus rv = SSL_GetCurrentEpoch(agent()->ssl_fd(), nullptr, &write_epoch);
+ if (rv != SECSuccess) {
+ ADD_FAILURE() << "unable to read epoch";
+ return KEEP;
+ }
+ uint64_t guess_seqno = static_cast<uint64_t>(write_epoch) << 48;
+
while (parser.remaining()) {
TlsRecordHeader header;
DataBuffer record;
-
- if (!header.Parse(is_dtls13(), in_sequence_number_, &parser, &record)) {
+ if (!header.Parse(is_dtls13(), guess_seqno, &parser, &record)) {
ADD_FAILURE() << "not a valid record";
return KEEP;
}
- // Track the sequence number, which is necessary for stream mode when
- // decrypting and for TLS 1.3 datagram to recover the sequence number.
- //
- // We reset the counter when the cipher spec changes, but that notification
- // appears before a record is sent. If multiple records are sent with
- // different cipher specs, this would fail. This filters out cleartext
- // records, so we don't get confused by handshake messages that are sent at
- // the same time as encrypted records. Sequence numbers are therefore
- // likely to be incorrect for cleartext records.
- //
- // This isn't perfectly robust: if there is a change from an active cipher
- // spec to another active cipher spec (KeyUpdate for instance) AND writes
- // are consolidated across that change, this code could use the wrong
- // sequence numbers when re-encrypting records with the old keys.
- if (header.content_type() == ssl_ct_application_data) {
- in_sequence_number_ =
- (std::max)(in_sequence_number_, header.sequence_number() + 1);
- }
-
if (FilterRecord(header, record, &offset, output) != KEEP) {
changed = true;
} else {
@@ -159,14 +195,16 @@ PacketFilter::Action TlsRecordFilter::FilterRecord(
DataBuffer filtered;
uint8_t inner_content_type;
DataBuffer plaintext;
+ uint16_t protection_epoch = 0;
- if (!Unprotect(header, record, &inner_content_type, &plaintext)) {
- if (g_ssl_gtest_verbose) {
- std::cerr << "unprotect failed: " << header << ":" << record << std::endl;
- }
+ if (!Unprotect(header, record, &protection_epoch, &inner_content_type,
+ &plaintext)) {
+ std::cerr << agent()->role_str() << ": unprotect failed: " << header << ":"
+ << record << std::endl;
return KEEP;
}
+ auto& protection_spec = spec(protection_epoch);
TlsRecordHeader real_header(header.variant(), header.version(),
inner_content_type, header.sequence_number());
@@ -174,7 +212,9 @@ PacketFilter::Action TlsRecordFilter::FilterRecord(
// In stream mode, even if something doesn't change we need to re-encrypt if
// previous packets were dropped.
if (action == KEEP) {
- if (header.is_dtls() || !dropped_record_) {
+ if (header.is_dtls() || !protection_spec.record_dropped()) {
+ // Count every outgoing packet.
+ protection_spec.RecordProtected();
return KEEP;
}
filtered = plaintext;
@@ -182,7 +222,7 @@ PacketFilter::Action TlsRecordFilter::FilterRecord(
if (action == DROP) {
std::cerr << "record drop: " << header << ":" << record << std::endl;
- dropped_record_ = true;
+ protection_spec.RecordDropped();
return DROP;
}
@@ -192,19 +232,18 @@ PacketFilter::Action TlsRecordFilter::FilterRecord(
std::cerr << "record new: " << filtered << std::endl;
}
- uint64_t seq_num;
- if (header.is_dtls() || !cipher_spec_ ||
- header.content_type() != ssl_ct_application_data) {
- seq_num = header.sequence_number();
- } else {
- seq_num = out_sequence_number_++;
+ uint64_t seq_num = protection_spec.next_out_seqno();
+ if (!decrypting_ && header.is_dtls()) {
+ // Copy over the epoch, which isn't tracked when not decrypting.
+ seq_num |= header.sequence_number() & (0xffffULL << 48);
}
+
TlsRecordHeader out_header(header.variant(), header.version(),
header.content_type(), seq_num);
DataBuffer ciphertext;
- bool rv = Protect(out_header, inner_content_type, filtered, &ciphertext);
- EXPECT_TRUE(rv);
+ bool rv = Protect(protection_spec, out_header, inner_content_type, filtered,
+ &ciphertext);
if (!rv) {
return KEEP;
}
@@ -227,15 +266,20 @@ uint64_t TlsRecordHeader::RecoverSequenceNumber(uint64_t expected,
uint32_t partial,
size_t partial_bits) {
EXPECT_GE(32U, partial_bits);
- uint64_t mask = (1 << partial_bits) - 1;
+ uint64_t mask = (1ULL << partial_bits) - 1;
// First we determine the highest possible value. This is half the
- // expressible range above the expected value.
- uint64_t cap = expected + (1ULL << (partial_bits - 1));
+ // expressible range above the expected value, less 1.
+ //
+ // We subtract the extra 1 from the cap so that when given a choice between
+ // the equidistant expected+N and expected-N we want to chose the lower. With
+ // 0-RTT, we sometimes have to recover an epoch of 1 when we expect an epoch
+ // of 3 and with 2 partial bits, the alternative result of 5 is wrong.
+ uint64_t cap = expected + (1ULL << (partial_bits - 1)) - 1;
// Add the partial piece in. e.g., xxxx789a and 1234 becomes xxxx1234.
uint64_t seq_no = (cap & ~mask) | partial;
// If the partial value is higher than the same partial piece from the cap,
// then the real value has to be lower. e.g., xxxx1234 can't become xxxx5678.
- if (partial > (cap & mask)) {
+ if (partial > (cap & mask) && (seq_no >= (1ULL << partial_bits))) {
seq_no -= 1ULL << partial_bits;
}
return seq_no;
@@ -375,16 +419,41 @@ size_t TlsRecordHeader::Write(DataBuffer* buffer, size_t offset,
bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header,
const DataBuffer& ciphertext,
+ uint16_t* protection_epoch,
uint8_t* inner_content_type,
DataBuffer* plaintext) {
- if (!cipher_spec_ || header.content_type() != ssl_ct_application_data) {
+ if (!decrypting_ || header.content_type() != ssl_ct_application_data) {
+ // Maintain the epoch and sequence number for plaintext records.
+ uint16_t ep = 0;
+ if (agent()->variant() == ssl_variant_datagram) {
+ ep = static_cast<uint16_t>(header.sequence_number() >> 48);
+ }
+ spec(ep).RecordUnprotected(header.sequence_number());
+ *protection_epoch = ep;
*inner_content_type = header.content_type();
*plaintext = ciphertext;
return true;
}
- if (!cipher_spec_->Unprotect(header, ciphertext, plaintext)) {
- return false;
+ uint16_t ep = 0;
+ if (agent()->variant() == ssl_variant_datagram) {
+ ep = static_cast<uint16_t>(header.sequence_number() >> 48);
+ if (!spec(ep).Unprotect(header, ciphertext, plaintext)) {
+ return false;
+ }
+ } else {
+ // In TLS, records aren't clearly labelled with their epoch, and we
+ // can't just use the newest keys because the same flight of messages can
+ // contain multiple epochs. So... trial decrypt!
+ for (size_t i = cipher_specs_.size() - 1; i > 0; --i) {
+ if (cipher_specs_[i].Unprotect(header, ciphertext, plaintext)) {
+ ep = cipher_specs_[i].epoch();
+ break;
+ }
+ }
+ if (!ep) {
+ return false;
+ }
}
size_t len = plaintext->len();
@@ -396,33 +465,45 @@ bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header,
return false;
}
+ *protection_epoch = ep;
*inner_content_type = plaintext->data()[len - 1];
plaintext->Truncate(len - 1);
if (g_ssl_gtest_verbose) {
- std::cerr << "unprotect: " << std::hex << header.sequence_number()
- << std::dec << " type=" << static_cast<int>(*inner_content_type)
+ std::cerr << agent()->role_str() << ": unprotect: epoch=" << ep
+ << " seq=" << std::hex << header.sequence_number() << std::dec
<< " " << *plaintext << std::endl;
}
return true;
}
-bool TlsRecordFilter::Protect(const TlsRecordHeader& header,
+bool TlsRecordFilter::Protect(TlsCipherSpec& protection_spec,
+ const TlsRecordHeader& header,
uint8_t inner_content_type,
const DataBuffer& plaintext,
DataBuffer* ciphertext, size_t padding) {
- if (!cipher_spec_ || header.content_type() != ssl_ct_application_data) {
+ if (!protection_spec.is_protected()) {
+ // Not protected, just keep the sequence numbers updated.
+ protection_spec.RecordProtected();
*ciphertext = plaintext;
return true;
}
- if (g_ssl_gtest_verbose) {
- std::cerr << "protect: " << header.sequence_number() << std::endl;
- }
+
DataBuffer padded;
padded.Allocate(plaintext.len() + 1 + padding);
size_t offset = padded.Write(0, plaintext.data(), plaintext.len());
padded.Write(offset, inner_content_type, 1);
- return cipher_spec_->Protect(header, padded, ciphertext);
+
+ bool ok = protection_spec.Protect(header, padded, ciphertext);
+ if (!ok) {
+ ADD_FAILURE() << "protect fail";
+ } else if (g_ssl_gtest_verbose) {
+ std::cerr << agent()->role_str()
+ << ": protect: epoch=" << protection_spec.epoch()
+ << " seq=" << std::hex << header.sequence_number() << std::dec
+ << " " << *ciphertext << std::endl;
+ }
+ return ok;
}
bool IsHelloRetry(const DataBuffer& body) {
diff --git a/security/nss/gtests/ssl_gtest/tls_filter.h b/security/nss/gtests/ssl_gtest/tls_filter.h
index 2b6e88645..64ee71c89 100644
--- a/security/nss/gtests/ssl_gtest/tls_filter.h
+++ b/security/nss/gtests/ssl_gtest/tls_filter.h
@@ -97,13 +97,7 @@ inline std::shared_ptr<T> MakeTlsFilter(const std::shared_ptr<TlsAgent>& agent,
// Abstract filter that operates on entire (D)TLS records.
class TlsRecordFilter : public PacketFilter {
public:
- TlsRecordFilter(const std::shared_ptr<TlsAgent>& a)
- : agent_(a),
- count_(0),
- cipher_spec_(),
- dropped_record_(false),
- in_sequence_number_(0),
- out_sequence_number_(0) {}
+ TlsRecordFilter(const std::shared_ptr<TlsAgent>& a);
std::shared_ptr<TlsAgent> agent() const { return agent_.lock(); }
@@ -118,10 +112,11 @@ class TlsRecordFilter : public PacketFilter {
// behavior.
void EnableDecryption();
bool Unprotect(const TlsRecordHeader& header, const DataBuffer& cipherText,
- uint8_t* inner_content_type, DataBuffer* plaintext);
- bool Protect(const TlsRecordHeader& header, uint8_t inner_content_type,
- const DataBuffer& plaintext, DataBuffer* ciphertext,
- size_t padding = 0);
+ uint16_t* protection_epoch, uint8_t* inner_content_type,
+ DataBuffer* plaintext);
+ bool Protect(TlsCipherSpec& protection_spec, const TlsRecordHeader& header,
+ uint8_t inner_content_type, const DataBuffer& plaintext,
+ DataBuffer* ciphertext, size_t padding = 0);
protected:
// There are two filter functions which can be overriden. Both are
@@ -146,20 +141,17 @@ class TlsRecordFilter : public PacketFilter {
}
bool is_dtls13() const;
+ TlsCipherSpec& spec(uint16_t epoch);
private:
- static void CipherSpecChanged(void* arg, PRBool sending,
- ssl3CipherSpec* newSpec);
+ static void SecretCallback(PRFileDesc* fd, PRUint16 epoch,
+ SSLSecretDirection dir, PK11SymKey* secret,
+ void* arg);
std::weak_ptr<TlsAgent> agent_;
- size_t count_;
- std::unique_ptr<TlsCipherSpec> cipher_spec_;
- // Whether we dropped a record since the cipher spec changed.
- bool dropped_record_;
- // The sequence number we use for reading records as they are written.
- uint64_t in_sequence_number_;
- // The sequence number we use for writing modified records.
- uint64_t out_sequence_number_;
+ size_t count_ = 0;
+ std::vector<TlsCipherSpec> cipher_specs_;
+ bool decrypting_ = false;
};
inline std::ostream& operator<<(std::ostream& stream, const TlsVersioned& v) {
@@ -449,6 +441,80 @@ class TlsExtensionDropper : public TlsExtensionFilter {
uint16_t extension_;
};
+class TlsHandshakeDropper : public TlsHandshakeFilter {
+ public:
+ TlsHandshakeDropper(const std::shared_ptr<TlsAgent>& a)
+ : TlsHandshakeFilter(a) {}
+
+ protected:
+ PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+ const DataBuffer& input,
+ DataBuffer* output) override {
+ return DROP;
+ }
+};
+
+class TlsEncryptedHandshakeMessageReplacer : public TlsRecordFilter {
+ public:
+ TlsEncryptedHandshakeMessageReplacer(const std::shared_ptr<TlsAgent>& a,
+ uint8_t old_ct, uint8_t new_ct)
+ : TlsRecordFilter(a), old_ct_(old_ct), new_ct_(new_ct) {}
+
+ protected:
+ PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+ const DataBuffer& record, size_t* offset,
+ DataBuffer* output) override {
+ if (header.content_type() != ssl_ct_application_data) {
+ return KEEP;
+ }
+
+ uint16_t protection_epoch = 0;
+ uint8_t inner_content_type;
+ DataBuffer plaintext;
+ if (!Unprotect(header, record, &protection_epoch, &inner_content_type,
+ &plaintext) ||
+ !plaintext.len()) {
+ return KEEP;
+ }
+
+ if (inner_content_type != ssl_ct_handshake) {
+ return KEEP;
+ }
+
+ size_t off = 0;
+ uint32_t msg_len = 0;
+ uint32_t msg_type = 255; // Not a real message
+ do {
+ if (!plaintext.Read(off, 1, &msg_type) || msg_type == old_ct_) {
+ break;
+ }
+
+ // Increment and check next messages
+ if (!plaintext.Read(++off, 3, &msg_len)) {
+ break;
+ }
+ off += 3 + msg_len;
+ } while (msg_type != old_ct_);
+
+ if (msg_type == old_ct_) {
+ plaintext.Write(off, new_ct_, 1);
+ }
+
+ DataBuffer ciphertext;
+ bool ok = Protect(spec(protection_epoch), header, inner_content_type,
+ plaintext, &ciphertext, 0);
+ if (!ok) {
+ return KEEP;
+ }
+ *offset = header.Write(output, *offset, ciphertext);
+ return CHANGE;
+ }
+
+ private:
+ uint8_t old_ct_;
+ uint8_t new_ct_;
+};
+
class TlsExtensionInjector : public TlsHandshakeFilter {
public:
TlsExtensionInjector(const std::shared_ptr<TlsAgent>& a, uint16_t ext,
@@ -557,9 +623,9 @@ class SelectiveDropFilter : public PacketFilter {
class SelectiveRecordDropFilter : public TlsRecordFilter {
public:
SelectiveRecordDropFilter(const std::shared_ptr<TlsAgent>& a,
- uint32_t pattern, bool enabled = true)
+ uint32_t pattern, bool on = true)
: TlsRecordFilter(a), pattern_(pattern), counter_(0) {
- if (!enabled) {
+ if (!on) {
Disable();
}
}
diff --git a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
index 004da3b1c..e1ad9e9f0 100644
--- a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
@@ -7,6 +7,9 @@
#include <memory>
#include "nss.h"
#include "pk11pub.h"
+#include "secerr.h"
+#include "sslproto.h"
+#include "sslexp.h"
#include "tls13hkdf.h"
#include "databuffer.h"
@@ -56,6 +59,39 @@ const size_t kHashLength[] = {
64, /* ssl_hash_sha512 */
};
+size_t GetHashLength(SSLHashType hash) {
+ size_t i = static_cast<size_t>(hash);
+ if (i < PR_ARRAY_SIZE(kHashLength)) {
+ return kHashLength[i];
+ }
+ ADD_FAILURE() << "Unknown hash: " << hash;
+ return 0;
+}
+
+CK_MECHANISM_TYPE GetHkdfMech(SSLHashType hash) {
+ switch (hash) {
+ case ssl_hash_sha256:
+ return CKM_NSS_HKDF_SHA256;
+ case ssl_hash_sha384:
+ return CKM_NSS_HKDF_SHA384;
+ default:
+ ADD_FAILURE() << "Unknown hash: " << hash;
+ }
+ return CKM_INVALID_MECHANISM;
+}
+
+PRUint16 GetSomeCipherSuiteForHash(SSLHashType hash) {
+ switch (hash) {
+ case ssl_hash_sha256:
+ return TLS_AES_128_GCM_SHA256;
+ case ssl_hash_sha384:
+ return TLS_AES_256_GCM_SHA384;
+ default:
+ ADD_FAILURE() << "Unknown hash: " << hash;
+ }
+ return 0;
+}
+
const std::string kHashName[] = {"None", "MD5", "SHA-1", "SHA-224",
"SHA-256", "SHA-384", "SHA-512"};
@@ -64,7 +100,7 @@ static void ImportKey(ScopedPK11SymKey* to, const DataBuffer& key,
ASSERT_LT(hash_type, sizeof(kHashLength));
ASSERT_LE(kHashLength[hash_type], key.len());
SECItem key_item = {siBuffer, const_cast<uint8_t*>(key.data()),
- static_cast<unsigned int>(kHashLength[hash_type])};
+ static_cast<unsigned int>(GetHashLength(hash_type))};
PK11SymKey* inner =
PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, PK11_OriginUnwrap,
@@ -112,15 +148,19 @@ class TlsHkdfTest : public ::testing::Test,
ImportKey(&k2_, kKey2, hash_type_, slot_.get());
}
- void VerifyKey(const ScopedPK11SymKey& key, const DataBuffer& expected) {
+ void VerifyKey(const ScopedPK11SymKey& key, CK_MECHANISM_TYPE expected_mech,
+ const DataBuffer& expected_value) {
+ EXPECT_EQ(expected_mech, PK11_GetMechanism(key.get()));
+
SECStatus rv = PK11_ExtractKeyValue(key.get());
ASSERT_EQ(SECSuccess, rv);
SECItem* key_data = PK11_GetKeyData(key.get());
ASSERT_NE(nullptr, key_data);
- EXPECT_EQ(expected.len(), key_data->len);
- EXPECT_EQ(0, memcmp(expected.data(), key_data->data, expected.len()));
+ EXPECT_EQ(expected_value.len(), key_data->len);
+ EXPECT_EQ(
+ 0, memcmp(expected_value.data(), key_data->data, expected_value.len()));
}
void HkdfExtract(const ScopedPK11SymKey& ikmk1, const ScopedPK11SymKey& ikmk2,
@@ -133,7 +173,15 @@ class TlsHkdfTest : public ::testing::Test,
ScopedPK11SymKey prkk(prk);
DumpKey("Output", prkk);
- VerifyKey(prkk, expected);
+ VerifyKey(prkk, GetHkdfMech(base_hash), expected);
+
+ // Now test the public wrapper.
+ PRUint16 cs = GetSomeCipherSuiteForHash(base_hash);
+ rv = SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, cs, ikmk1.get(),
+ ikmk2.get(), &prk);
+ ASSERT_EQ(SECSuccess, rv);
+ ASSERT_NE(nullptr, prk);
+ VerifyKey(ScopedPK11SymKey(prk), GetHkdfMech(base_hash), expected);
}
void HkdfExpandLabel(ScopedPK11SymKey* prk, SSLHashType base_hash,
@@ -150,6 +198,32 @@ class TlsHkdfTest : public ::testing::Test,
ASSERT_EQ(SECSuccess, rv);
DumpData("Output", &output[0], output.size());
EXPECT_EQ(0, memcmp(expected.data(), &output[0], expected.len()));
+
+ // Verify that the public API produces the same result.
+ PRUint16 cs = GetSomeCipherSuiteForHash(base_hash);
+ PK11SymKey* secret;
+ rv = SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(),
+ session_hash, session_hash_len, label, label_len,
+ &secret);
+ EXPECT_EQ(SECSuccess, rv);
+ ASSERT_NE(nullptr, prk);
+ VerifyKey(ScopedPK11SymKey(secret), GetHkdfMech(base_hash), expected);
+
+ // Verify that a key can be created with a different key type and size.
+ rv = SSL_HkdfExpandLabelWithMech(
+ SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(), session_hash,
+ session_hash_len, label, label_len, CKM_DES3_CBC_PAD, 24, &secret);
+ EXPECT_EQ(SECSuccess, rv);
+ ASSERT_NE(nullptr, prk);
+ ScopedPK11SymKey with_mech(secret);
+ EXPECT_EQ(static_cast<CK_MECHANISM_TYPE>(CKM_DES3_CBC_PAD),
+ PK11_GetMechanism(with_mech.get()));
+ // Just verify that the key is the right size.
+ rv = PK11_ExtractKeyValue(with_mech.get());
+ ASSERT_EQ(SECSuccess, rv);
+ SECItem* key_data = PK11_GetKeyData(with_mech.get());
+ ASSERT_NE(nullptr, key_data);
+ EXPECT_EQ(24U, key_data->len);
}
protected:
@@ -175,7 +249,7 @@ TEST_P(TlsHkdfTest, HkdfNullNull) {
0x10, 0xba, 0x18, 0xe2, 0x35, 0x7e, 0x71, 0x69, 0x71, 0xf9, 0x36, 0x2f,
0x2c, 0x2f, 0xe2, 0xa7, 0x6b, 0xfd, 0x78, 0xdf, 0xec, 0x4e, 0xa9, 0xb5}};
- const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
HkdfExtract(nullptr, nullptr, hash_type_, expected_data);
}
@@ -193,7 +267,7 @@ TEST_P(TlsHkdfTest, HkdfKey1Only) {
0x57, 0xc2, 0x76, 0x9f, 0x3f, 0x83, 0x45, 0x2f, 0xf6, 0xf3, 0x56, 0x1f,
0x58, 0x63, 0xdb, 0x88, 0xda, 0x40, 0xce, 0x63, 0x7d, 0x24, 0x37, 0xf3}};
- const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
HkdfExtract(k1_, nullptr, hash_type_, expected_data);
}
@@ -211,7 +285,7 @@ TEST_P(TlsHkdfTest, HkdfKey2Only) {
0xd4, 0x6a, 0xf6, 0xe5, 0xec, 0xea, 0xf8, 0x7d, 0x91, 0x71, 0x81, 0xf1,
0xdb, 0x3b, 0xaf, 0xbf, 0xde, 0x71, 0x61, 0x15, 0xeb, 0xb5, 0x5f, 0x68}};
- const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
HkdfExtract(nullptr, k2_, hash_type_, expected_data);
}
@@ -229,7 +303,7 @@ TEST_P(TlsHkdfTest, HkdfKey1Key2) {
0x1c, 0x5b, 0x98, 0x0b, 0x02, 0x92, 0x3f, 0xfd, 0x73, 0x5a, 0x6f, 0x2a,
0x95, 0xa3, 0xee, 0xf6, 0xd6, 0x8e, 0x6f, 0x86, 0xea, 0x63, 0xf8, 0x33}};
- const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
HkdfExtract(k1_, k2_, hash_type_, expected_data);
}
@@ -247,12 +321,122 @@ TEST_P(TlsHkdfTest, HkdfExpandLabel) {
0x74, 0xf7, 0x8b, 0x06, 0x38, 0x28, 0x06, 0x37, 0x75, 0x23, 0xa2, 0xb7,
0x34, 0xb1, 0x72, 0x2e, 0x59, 0x6d, 0x5a, 0x31, 0xf5, 0x53, 0xab, 0x99}};
- const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
- HkdfExpandLabel(&k1_, hash_type_, kSessionHash, kHashLength[hash_type_],
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
+ HkdfExpandLabel(&k1_, hash_type_, kSessionHash, GetHashLength(hash_type_),
kLabelMasterSecret, strlen(kLabelMasterSecret),
expected_data);
}
+TEST_P(TlsHkdfTest, HkdfExpandLabelNoHash) {
+ const uint8_t tv[][48] = {
+ {/* ssl_hash_none */},
+ {/* ssl_hash_md5 */},
+ {/* ssl_hash_sha1 */},
+ {/* ssl_hash_sha224 */},
+ {0xb7, 0x08, 0x00, 0xe3, 0x8e, 0x48, 0x68, 0x91, 0xb1, 0x0f, 0x5e,
+ 0x6f, 0x22, 0x53, 0x6b, 0x84, 0x69, 0x75, 0xaa, 0xa3, 0x2a, 0xe7,
+ 0xde, 0xaa, 0xc3, 0xd1, 0xb4, 0x05, 0x22, 0x5c, 0x68, 0xf5},
+ {0x13, 0xd3, 0x36, 0x9f, 0x3c, 0x78, 0xa0, 0x32, 0x40, 0xee, 0x16, 0xe9,
+ 0x11, 0x12, 0x66, 0xc7, 0x51, 0xad, 0xd8, 0x3c, 0xa1, 0xa3, 0x97, 0x74,
+ 0xd7, 0x45, 0xff, 0xa7, 0x88, 0x9e, 0x52, 0x17, 0x2e, 0xaa, 0x3a, 0xd2,
+ 0x35, 0xd8, 0xd5, 0x35, 0xfd, 0x65, 0x70, 0x9f, 0xa9, 0xf9, 0xfa, 0x23}};
+
+ const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_));
+ HkdfExpandLabel(&k1_, hash_type_, nullptr, 0, kLabelMasterSecret,
+ strlen(kLabelMasterSecret), expected_data);
+}
+
+TEST_P(TlsHkdfTest, BadExtractWrapperInput) {
+ PK11SymKey* key = nullptr;
+
+ // Bad version.
+ EXPECT_EQ(SECFailure,
+ SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
+ k1_.get(), k2_.get(), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Bad ciphersuite.
+ EXPECT_EQ(SECFailure,
+ SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_SHA,
+ k1_.get(), k2_.get(), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Old ciphersuite.
+ EXPECT_EQ(SECFailure, SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(),
+ k2_.get(), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // NULL outparam..
+ EXPECT_EQ(SECFailure, SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(),
+ k2_.get(), nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ EXPECT_EQ(nullptr, key);
+}
+
+TEST_P(TlsHkdfTest, BadExpandLabelWrapperInput) {
+ PK11SymKey* key = nullptr;
+ static const char* kLabel = "label";
+
+ // Bad version.
+ EXPECT_EQ(
+ SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
+ k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Bad ciphersuite.
+ EXPECT_EQ(
+ SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_MD5,
+ k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Old ciphersuite.
+ EXPECT_EQ(SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(),
+ nullptr, 0, kLabel, strlen(kLabel), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Null PRK.
+ EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel(
+ SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
+ nullptr, nullptr, 0, kLabel, strlen(kLabel), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Null, non-zero-length handshake hash.
+ EXPECT_EQ(
+ SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256,
+ k1_.get(), nullptr, 2, kLabel, strlen(kLabel), &key));
+
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+ // Null, non-zero-length label.
+ EXPECT_EQ(SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0,
+ nullptr, strlen(kLabel), &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Null, empty label.
+ EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_AES_128_GCM_SHA256, k1_.get(),
+ nullptr, 0, nullptr, 0, &key));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ // Null key pointer..
+ EXPECT_EQ(SECFailure,
+ SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3,
+ TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0,
+ kLabel, strlen(kLabel), nullptr));
+ EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError());
+
+ EXPECT_EQ(nullptr, key);
+}
+
static const SSLHashType kHashTypes[] = {ssl_hash_sha256, ssl_hash_sha384};
INSTANTIATE_TEST_CASE_P(AllHashFuncs, TlsHkdfTest,
::testing::ValuesIn(kHashTypes));
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.cc b/security/nss/gtests/ssl_gtest/tls_protect.cc
index c715a36a6..de91982f7 100644
--- a/security/nss/gtests/ssl_gtest/tls_protect.cc
+++ b/security/nss/gtests/ssl_gtest/tls_protect.cc
@@ -5,145 +5,98 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "tls_protect.h"
+#include "sslproto.h"
#include "tls_filter.h"
namespace nss_test {
-AeadCipher::~AeadCipher() {
- if (key_) {
- PK11_FreeSymKey(key_);
+static uint64_t FirstSeqno(bool dtls, uint16_t epoc) {
+ if (dtls) {
+ return static_cast<uint64_t>(epoc) << 48;
}
+ return 0;
}
-bool AeadCipher::Init(PK11SymKey *key, const uint8_t *iv) {
- key_ = PK11_ReferenceSymKey(key);
- if (!key_) return false;
-
- memcpy(iv_, iv, sizeof(iv_));
- return true;
-}
-
-void AeadCipher::FormatNonce(uint64_t seq, uint8_t *nonce) {
- memcpy(nonce, iv_, 12);
-
- for (size_t i = 0; i < 8; ++i) {
- nonce[12 - (i + 1)] ^= seq & 0xff;
- seq >>= 8;
+TlsCipherSpec::TlsCipherSpec(bool dtls, uint16_t epoc)
+ : dtls_(dtls),
+ epoch_(epoc),
+ in_seqno_(FirstSeqno(dtls, epoc)),
+ out_seqno_(FirstSeqno(dtls, epoc)) {}
+
+bool TlsCipherSpec::SetKeys(SSLCipherSuiteInfo* cipherinfo,
+ PK11SymKey* secret) {
+ SSLAeadContext* ctx;
+ SECStatus rv = SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3,
+ cipherinfo->cipherSuite, secret, "",
+ 0, // Use the default labels.
+ &ctx);
+ if (rv != SECSuccess) {
+ return false;
}
-
- DataBuffer d(nonce, 12);
-}
-
-bool AeadCipher::AeadInner(bool decrypt, void *params, size_t param_length,
- const uint8_t *in, size_t inlen, uint8_t *out,
- size_t *outlen, size_t maxlen) {
- SECStatus rv;
- unsigned int uoutlen = 0;
- SECItem param = {
- siBuffer, static_cast<unsigned char *>(params),
- static_cast<unsigned int>(param_length),
- };
-
- if (decrypt) {
- rv = PK11_Decrypt(key_, mech_, &param, out, &uoutlen, maxlen, in, inlen);
- } else {
- rv = PK11_Encrypt(key_, mech_, &param, out, &uoutlen, maxlen, in, inlen);
- }
- *outlen = (int)uoutlen;
-
- return rv == SECSuccess;
-}
-
-bool AeadCipherAesGcm::Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len,
- uint64_t seq, const uint8_t *in, size_t inlen,
- uint8_t *out, size_t *outlen, size_t maxlen) {
- CK_GCM_PARAMS aeadParams;
- unsigned char nonce[12];
-
- memset(&aeadParams, 0, sizeof(aeadParams));
- aeadParams.pIv = nonce;
- aeadParams.ulIvLen = sizeof(nonce);
- aeadParams.pAAD = const_cast<uint8_t *>(hdr);
- aeadParams.ulAADLen = hdr_len;
- aeadParams.ulTagBits = 128;
-
- FormatNonce(seq, nonce);
- return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams),
- in, inlen, out, outlen, maxlen);
-}
-
-bool AeadCipherChacha20Poly1305::Aead(bool decrypt, const uint8_t *hdr,
- size_t hdr_len, uint64_t seq,
- const uint8_t *in, size_t inlen,
- uint8_t *out, size_t *outlen,
- size_t maxlen) {
- CK_NSS_AEAD_PARAMS aeadParams;
- unsigned char nonce[12];
-
- memset(&aeadParams, 0, sizeof(aeadParams));
- aeadParams.pNonce = nonce;
- aeadParams.ulNonceLen = sizeof(nonce);
- aeadParams.pAAD = const_cast<uint8_t *>(hdr);
- aeadParams.ulAADLen = hdr_len;
- aeadParams.ulTagLen = 16;
-
- FormatNonce(seq, nonce);
- return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams),
- in, inlen, out, outlen, maxlen);
+ aead_.reset(ctx);
+ return true;
}
-bool TlsCipherSpec::Init(uint16_t epoc, SSLCipherAlgorithm cipher,
- PK11SymKey *key, const uint8_t *iv) {
- epoch_ = epoc;
- switch (cipher) {
- case ssl_calg_aes_gcm:
- aead_.reset(new AeadCipherAesGcm());
- break;
- case ssl_calg_chacha20:
- aead_.reset(new AeadCipherChacha20Poly1305());
- break;
- default:
- return false;
+bool TlsCipherSpec::Unprotect(const TlsRecordHeader& header,
+ const DataBuffer& ciphertext,
+ DataBuffer* plaintext) {
+ if (aead_ == nullptr) {
+ return false;
}
-
- return aead_->Init(key, iv);
-}
-
-bool TlsCipherSpec::Unprotect(const TlsRecordHeader &header,
- const DataBuffer &ciphertext,
- DataBuffer *plaintext) {
// Make space.
plaintext->Allocate(ciphertext.len());
auto header_bytes = header.header();
- size_t len;
- bool ret =
- aead_->Aead(true, header_bytes.data(), header_bytes.len(),
- header.sequence_number(), ciphertext.data(), ciphertext.len(),
- plaintext->data(), &len, plaintext->len());
- if (!ret) return false;
+ unsigned int len;
+ uint64_t seqno;
+ if (dtls_) {
+ seqno = header.sequence_number();
+ } else {
+ seqno = in_seqno_;
+ }
+ SECStatus rv =
+ SSL_AeadDecrypt(aead_.get(), seqno, header_bytes.data(),
+ header_bytes.len(), ciphertext.data(), ciphertext.len(),
+ plaintext->data(), &len, plaintext->len());
+ if (rv != SECSuccess) {
+ return false;
+ }
- plaintext->Truncate(len);
+ RecordUnprotected(seqno);
+ plaintext->Truncate(static_cast<size_t>(len));
return true;
}
-bool TlsCipherSpec::Protect(const TlsRecordHeader &header,
- const DataBuffer &plaintext,
- DataBuffer *ciphertext) {
+bool TlsCipherSpec::Protect(const TlsRecordHeader& header,
+ const DataBuffer& plaintext,
+ DataBuffer* ciphertext) {
+ if (aead_ == nullptr) {
+ return false;
+ }
// Make a padded buffer.
-
ciphertext->Allocate(plaintext.len() +
32); // Room for any plausible auth tag
- size_t len;
+ unsigned int len;
DataBuffer header_bytes;
(void)header.WriteHeader(&header_bytes, 0, plaintext.len() + 16);
- bool ret =
- aead_->Aead(false, header_bytes.data(), header_bytes.len(),
- header.sequence_number(), plaintext.data(), plaintext.len(),
- ciphertext->data(), &len, ciphertext->len());
- if (!ret) return false;
+ uint64_t seqno;
+ if (dtls_) {
+ seqno = header.sequence_number();
+ } else {
+ seqno = out_seqno_;
+ }
+
+ SECStatus rv =
+ SSL_AeadEncrypt(aead_.get(), seqno, header_bytes.data(),
+ header_bytes.len(), plaintext.data(), plaintext.len(),
+ ciphertext->data(), &len, ciphertext->len());
+ if (rv != SECSuccess) {
+ return false;
+ }
+
+ RecordProtected();
ciphertext->Truncate(len);
return true;
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.h b/security/nss/gtests/ssl_gtest/tls_protect.h
index 6f129a4eb..b1febf887 100644
--- a/security/nss/gtests/ssl_gtest/tls_protect.h
+++ b/security/nss/gtests/ssl_gtest/tls_protect.h
@@ -10,71 +10,48 @@
#include <cstdint>
#include <memory>
-#include "databuffer.h"
#include "pk11pub.h"
#include "sslt.h"
+#include "sslexp.h"
+
+#include "databuffer.h"
+#include "scoped_ptrs_ssl.h"
namespace nss_test {
class TlsRecordHeader;
-class AeadCipher {
- public:
- AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {}
- virtual ~AeadCipher();
-
- bool Init(PK11SymKey *key, const uint8_t *iv);
- virtual bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len,
- uint64_t seq, const uint8_t *in, size_t inlen, uint8_t *out,
- size_t *outlen, size_t maxlen) = 0;
-
- protected:
- void FormatNonce(uint64_t seq, uint8_t *nonce);
- bool AeadInner(bool decrypt, void *params, size_t param_length,
- const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen,
- size_t maxlen);
-
- CK_MECHANISM_TYPE mech_;
- PK11SymKey *key_;
- uint8_t iv_[12];
-};
-
-class AeadCipherChacha20Poly1305 : public AeadCipher {
- public:
- AeadCipherChacha20Poly1305() : AeadCipher(CKM_NSS_CHACHA20_POLY1305) {}
-
- protected:
- bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, uint64_t seq,
- const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen,
- size_t maxlen);
-};
-
-class AeadCipherAesGcm : public AeadCipher {
- public:
- AeadCipherAesGcm() : AeadCipher(CKM_AES_GCM) {}
-
- protected:
- bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, uint64_t seq,
- const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen,
- size_t maxlen);
-};
-
// Our analog of ssl3CipherSpec
class TlsCipherSpec {
public:
- TlsCipherSpec() : epoch_(0), aead_() {}
+ TlsCipherSpec(bool dtls, uint16_t epoc);
+ bool SetKeys(SSLCipherSuiteInfo* cipherinfo, PK11SymKey* secret);
- bool Init(uint16_t epoch, SSLCipherAlgorithm cipher, PK11SymKey *key,
- const uint8_t *iv);
+ bool Protect(const TlsRecordHeader& header, const DataBuffer& plaintext,
+ DataBuffer* ciphertext);
+ bool Unprotect(const TlsRecordHeader& header, const DataBuffer& ciphertext,
+ DataBuffer* plaintext);
- bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext,
- DataBuffer *ciphertext);
- bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext,
- DataBuffer *plaintext);
uint16_t epoch() const { return epoch_; }
+ uint64_t next_in_seqno() const { return in_seqno_; }
+ void RecordUnprotected(uint64_t seqno) {
+ // Reordering happens, so don't let this go backwards.
+ in_seqno_ = (std::max)(in_seqno_, seqno + 1);
+ }
+ uint64_t next_out_seqno() { return out_seqno_; }
+ void RecordProtected() { out_seqno_++; }
+
+ void RecordDropped() { record_dropped_ = true; }
+ bool record_dropped() const { return record_dropped_; }
+
+ bool is_protected() const { return aead_ != nullptr; }
private:
+ bool dtls_;
uint16_t epoch_;
- std::unique_ptr<AeadCipher> aead_;
+ uint64_t in_seqno_;
+ uint64_t out_seqno_;
+ bool record_dropped_ = false;
+ ScopedSSLAeadContext aead_;
};
} // namespace nss_test
diff --git a/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc b/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc
new file mode 100644
index 000000000..0882ef7ef
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc
@@ -0,0 +1,568 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <ctime>
+
+#include "prtime.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#include "gtest_utils.h"
+#include "tls_agent.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+const std::string kEcdsaDelegatorId = TlsAgent::kDelegatorEcdsa256;
+const std::string kRsaeDelegatorId = TlsAgent::kDelegatorRsae2048;
+const std::string kDCId = TlsAgent::kServerEcdsa256;
+const SSLSignatureScheme kDCScheme = ssl_sig_ecdsa_secp256r1_sha256;
+const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds */;
+
+static void CheckPreliminaryPeerDelegCred(
+ const std::shared_ptr<TlsAgent>& client, bool expected,
+ PRUint32 key_bits = 0, SSLSignatureScheme sig_scheme = ssl_sig_none) {
+ EXPECT_NE(0U, (client->pre_info().valuesSet & ssl_preinfo_peer_auth));
+ EXPECT_EQ(expected, client->pre_info().peerDelegCred);
+ if (expected) {
+ EXPECT_EQ(key_bits, client->pre_info().authKeyBits);
+ EXPECT_EQ(sig_scheme, client->pre_info().signatureScheme);
+ }
+}
+
+static void CheckPeerDelegCred(const std::shared_ptr<TlsAgent>& client,
+ bool expected, PRUint32 key_bits = 0) {
+ EXPECT_EQ(expected, client->info().peerDelegCred);
+ EXPECT_EQ(expected, client->pre_info().peerDelegCred);
+ if (expected) {
+ EXPECT_EQ(key_bits, client->info().authKeyBits);
+ EXPECT_EQ(key_bits, client->pre_info().authKeyBits);
+ EXPECT_EQ(client->info().signatureScheme,
+ client->pre_info().signatureScheme);
+ }
+}
+
+// AuthCertificate callbacks to simulate DC validation
+static SECStatus CheckPreliminaryDC(TlsAgent* agent, bool checksig,
+ bool isServer) {
+ agent->UpdatePreliminaryChannelInfo();
+ EXPECT_EQ(PR_TRUE, agent->pre_info().peerDelegCred);
+ EXPECT_EQ(256U, agent->pre_info().authKeyBits);
+ EXPECT_EQ(ssl_sig_ecdsa_secp256r1_sha256, agent->pre_info().signatureScheme);
+ return SECSuccess;
+}
+
+static SECStatus CheckPreliminaryNoDC(TlsAgent* agent, bool checksig,
+ bool isServer) {
+ agent->UpdatePreliminaryChannelInfo();
+ EXPECT_EQ(PR_FALSE, agent->pre_info().peerDelegCred);
+ return SECSuccess;
+}
+
+// AuthCertificate callbacks for modifying DC attributes.
+// This allows testing tls13_CertificateVerify for rejection
+// of DC attributes that have changed since AuthCertificateHook
+// may have handled them.
+static SECStatus ModifyDCAuthKeyBits(TlsAgent* agent, bool checksig,
+ bool isServer) {
+ return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(),
+ PR_TRUE, // Change authKeyBits
+ PR_FALSE); // Change scheme
+}
+
+static SECStatus ModifyDCScheme(TlsAgent* agent, bool checksig, bool isServer) {
+ return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(),
+ PR_FALSE, // Change authKeyBits
+ PR_TRUE); // Change scheme
+}
+
+// Attempt to configure a DC when either the DC or DC private key is missing.
+TEST_P(TlsConnectTls13, DCNotConfigured) {
+ // Load and delegate the credential.
+ ScopedSECKEYPublicKey pub;
+ ScopedSECKEYPrivateKey priv;
+ EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(kDCId, &pub, &priv));
+
+ StackSECItem dc;
+ TlsAgent::DelegateCredential(kEcdsaDelegatorId, pub, kDCScheme, kDCValidFor,
+ now(), &dc);
+
+ // Attempt to install the certificate and DC with a missing DC private key.
+ EnsureTlsSetup();
+ SSLExtraServerCertData extra_data_missing_dc_priv_key = {
+ ssl_auth_null, nullptr, nullptr, nullptr, &dc, nullptr};
+ EXPECT_FALSE(server_->ConfigServerCert(kEcdsaDelegatorId, true,
+ &extra_data_missing_dc_priv_key));
+
+ // Attempt to install the certificate and with only the DC private key.
+ EnsureTlsSetup();
+ SSLExtraServerCertData extra_data_missing_dc = {
+ ssl_auth_null, nullptr, nullptr, nullptr, nullptr, priv.get()};
+ EXPECT_FALSE(server_->ConfigServerCert(kEcdsaDelegatorId, true,
+ &extra_data_missing_dc));
+}
+
+// Connected with ECDSA-P256.
+TEST_P(TlsConnectTls13, DCConnectEcdsaP256) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256,
+ ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor,
+ now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, true, 256);
+ EXPECT_EQ(ssl_sig_ecdsa_secp256r1_sha256, client_->info().signatureScheme);
+}
+
+// Connected with ECDSA-P521.
+TEST_P(TlsConnectTls13, DCConnectEcdsaP521) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
+ ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
+ now());
+ client_->EnableDelegatedCredentials();
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, true, 521);
+ EXPECT_EQ(ssl_sig_ecdsa_secp521r1_sha512, client_->info().signatureScheme);
+}
+
+// Connected with RSA-PSS, using an RSAE DC SPKI.
+TEST_P(TlsConnectTls13, DCConnectRsaPssRsae) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(
+ TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, true, 1024);
+ EXPECT_EQ(ssl_sig_rsa_pss_rsae_sha256, client_->info().signatureScheme);
+}
+
+// Connected with RSA-PSS, using a RSAE Delegator SPKI.
+TEST_P(TlsConnectTls13, DCConnectRsaeDelegator) {
+ Reset(kRsaeDelegatorId);
+
+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pss_rsae_sha256,
+ ssl_sig_rsa_pss_pss_sha256};
+ client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+ server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(
+ TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, true, 1024);
+ EXPECT_EQ(ssl_sig_rsa_pss_pss_sha256, client_->info().signatureScheme);
+}
+
+// Connected with RSA-PSS, using a PSS SPKI.
+TEST_P(TlsConnectTls13, DCConnectRsaPssPss) {
+ Reset(kEcdsaDelegatorId);
+
+ // Need to enable PSS-PSS, which is not on by default.
+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_ecdsa_secp256r1_sha256,
+ ssl_sig_rsa_pss_pss_sha256};
+ client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+ server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
+
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(
+ TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, true, 1024);
+ EXPECT_EQ(ssl_sig_rsa_pss_pss_sha256, client_->info().signatureScheme);
+}
+
+// Generate a weak key. We can't do this in the fixture because certutil
+// won't sign with such a tiny key. That's OK, because this is fast(ish).
+static void GenerateWeakRsaKey(ScopedSECKEYPrivateKey& priv,
+ ScopedSECKEYPublicKey& pub) {
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_TRUE(slot);
+ PK11RSAGenParams rsaparams;
+ // The absolute minimum size of RSA key that we can use with SHA-256 is
+ // 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528.
+ rsaparams.keySizeInBits = 528;
+ rsaparams.pe = 65537;
+
+ // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient
+ // entropy to generate a random key. We can fake some.
+ for (int retry = 0; retry < 10; ++retry) {
+ SECKEYPublicKey* p_pub = nullptr;
+ priv.reset(PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN,
+ &rsaparams, &p_pub, false, false, nullptr));
+ pub.reset(p_pub);
+ if (priv) {
+ return;
+ }
+
+ ASSERT_FALSE(pub);
+ if (PORT_GetError() != SEC_ERROR_PKCS11_FUNCTION_FAILED) {
+ break;
+ }
+
+ // https://xkcd.com/221/
+ static const uint8_t FRESH_ENTROPY[16] = {4};
+ ASSERT_EQ(
+ SECSuccess,
+ PK11_RandomUpdate(
+ const_cast<void*>(reinterpret_cast<const void*>(FRESH_ENTROPY)),
+ sizeof(FRESH_ENTROPY)));
+ break;
+ }
+ ADD_FAILURE() << "Unable to generate an RSA key: "
+ << PORT_ErrorToName(PORT_GetError());
+}
+
+// Fail to connect with a weak RSA key.
+TEST_P(TlsConnectTls13, DCWeakKey) {
+ Reset(kEcdsaDelegatorId);
+ EnsureTlsSetup();
+
+ ScopedSECKEYPrivateKey dc_priv;
+ ScopedSECKEYPublicKey dc_pub;
+ GenerateWeakRsaKey(dc_priv, dc_pub);
+ ASSERT_TRUE(dc_priv);
+
+ // Construct a DC.
+ StackSECItem dc;
+ TlsAgent::DelegateCredential(kEcdsaDelegatorId, dc_pub,
+ ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, now(),
+ &dc);
+
+ // Configure the DC on the server.
+ SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr,
+ nullptr, &dc, dc_priv.get()};
+ EXPECT_TRUE(server_->ConfigServerCert(kEcdsaDelegatorId, true, &extra_data));
+
+ client_->EnableDelegatedCredentials();
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity);
+}
+
+class ReplaceDCSigScheme : public TlsHandshakeFilter {
+ public:
+ ReplaceDCSigScheme(const std::shared_ptr<TlsAgent>& a)
+ : TlsHandshakeFilter(a, {ssl_hs_certificate_verify}) {}
+
+ protected:
+ PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+ const DataBuffer& input,
+ DataBuffer* output) override {
+ *output = input;
+ output->Write(0, ssl_sig_ecdsa_secp384r1_sha384, 2);
+ return CHANGE;
+ }
+};
+
+// Aborted because of incorrect DC signature algorithm indication.
+TEST_P(TlsConnectTls13, DCAbortBadExpectedCertVerifyAlg) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256,
+ ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor,
+ now());
+ auto filter = MakeTlsFilter<ReplaceDCSigScheme>(server_);
+ filter->EnableDecryption();
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+ client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH);
+ server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Aborted because of invalid DC signature.
+TEST_P(TlsConnectTls13, DCAbortBadSignature) {
+ Reset(kEcdsaDelegatorId);
+ EnsureTlsSetup();
+ client_->EnableDelegatedCredentials();
+
+ ScopedSECKEYPublicKey pub;
+ ScopedSECKEYPrivateKey priv;
+ EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(kDCId, &pub, &priv));
+
+ StackSECItem dc;
+ TlsAgent::DelegateCredential(kEcdsaDelegatorId, pub, kDCScheme, kDCValidFor,
+ now(), &dc);
+ ASSERT_TRUE(dc.data != nullptr);
+
+ // Flip the first bit of the DC so that the signature is invalid.
+ dc.data[0] ^= 0x01;
+
+ SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr,
+ nullptr, &dc, priv.get()};
+ EXPECT_TRUE(server_->ConfigServerCert(kEcdsaDelegatorId, true, &extra_data));
+
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+ client_->CheckErrorCode(SSL_ERROR_DC_BAD_SIGNATURE);
+ server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Aborted because of expired DC.
+TEST_P(TlsConnectTls13, DCAbortExpired) {
+ Reset(kEcdsaDelegatorId);
+ server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now());
+ client_->EnableDelegatedCredentials();
+ // When the client checks the time, it will be at least one second after the
+ // DC expired.
+ AdvanceTime((static_cast<PRTime>(kDCValidFor) + 1) * PR_USEC_PER_SEC);
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+ client_->CheckErrorCode(SSL_ERROR_DC_EXPIRED);
+ server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Aborted because of invalid key usage.
+TEST_P(TlsConnectTls13, DCAbortBadKeyUsage) {
+ // The sever does not have the delegationUsage extension.
+ Reset(TlsAgent::kServerEcdsa256);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now());
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+}
+
+// Connected without DC because of no client indication.
+TEST_P(TlsConnectTls13, DCConnectNoClientSupport) {
+ Reset(kEcdsaDelegatorId);
+ server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_FALSE(cfilter->captured());
+ CheckPeerDelegCred(client_, false);
+}
+
+// Connected without DC because of no server DC.
+TEST_P(TlsConnectTls13, DCConnectNoServerSupport) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, false);
+}
+
+// Connected without DC because client doesn't support TLS 1.3.
+TEST_P(TlsConnectTls13, DCConnectClientNoTls13) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now());
+
+ client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+ SSL_LIBRARY_VERSION_TLS_1_2);
+ server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+ SSL_LIBRARY_VERSION_TLS_1_3);
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ // Should fallback to TLS 1.2 and not negotiate a DC.
+ EXPECT_FALSE(cfilter->captured());
+ CheckPeerDelegCred(client_, false);
+}
+
+// Connected without DC because server doesn't support TLS 1.3.
+TEST_P(TlsConnectTls13, DCConnectServerNoTls13) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now());
+
+ client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+ SSL_LIBRARY_VERSION_TLS_1_3);
+ server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+ SSL_LIBRARY_VERSION_TLS_1_2);
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ // Should fallback to TLS 1.2 and not negotiate a DC. The client will still
+ // send the indication because it supports 1.3.
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, false);
+}
+
+// Connected without DC because client doesn't support the signature scheme.
+TEST_P(TlsConnectTls13, DCConnectExpectedCertVerifyAlgNotSupported) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ static const SSLSignatureScheme kClientSchemes[] = {
+ ssl_sig_ecdsa_secp256r1_sha256,
+ };
+ client_->SetSignatureSchemes(kClientSchemes, PR_ARRAY_SIZE(kClientSchemes));
+
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
+ ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
+ now());
+
+ auto cfilter = MakeTlsFilter<TlsExtensionCapture>(
+ client_, ssl_delegated_credentials_xtn);
+ Connect();
+
+ // Client sends indication, but the server doesn't send a DC.
+ EXPECT_TRUE(cfilter->captured());
+ CheckPeerDelegCred(client_, false);
+}
+
+// Check that preliminary channel info properly reflects the DC.
+TEST_P(TlsConnectTls13, DCCheckPreliminaryInfo) {
+ Reset(kEcdsaDelegatorId);
+ EnsureTlsSetup();
+ client_->EnableDelegatedCredentials();
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256,
+ ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor,
+ now());
+
+ auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
+ filter->SetHandshakeTypes(
+ {kTlsHandshakeCertificateVerify, kTlsHandshakeFinished});
+ filter->EnableDecryption();
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+ server_->Handshake(); // Send ServerHello
+
+ client_->SetAuthCertificateCallback(CheckPreliminaryDC);
+ client_->Handshake(); // Process response
+
+ client_->UpdatePreliminaryChannelInfo();
+ CheckPreliminaryPeerDelegCred(client_, true, 256,
+ ssl_sig_ecdsa_secp256r1_sha256);
+}
+
+// Check that preliminary channel info properly reflects a lack of DC.
+TEST_P(TlsConnectTls13, DCCheckPreliminaryInfoNoDC) {
+ Reset(kEcdsaDelegatorId);
+ EnsureTlsSetup();
+ client_->EnableDelegatedCredentials();
+ auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
+ filter->SetHandshakeTypes(
+ {kTlsHandshakeCertificateVerify, kTlsHandshakeFinished});
+ filter->EnableDecryption();
+ StartConnect();
+ client_->Handshake(); // Send ClientHello
+ server_->Handshake(); // Send ServerHello
+
+ client_->SetAuthCertificateCallback(CheckPreliminaryNoDC);
+ client_->Handshake(); // Process response
+
+ client_->UpdatePreliminaryChannelInfo();
+ CheckPreliminaryPeerDelegCred(client_, false);
+}
+
+// Tweak the scheme in between |Cert| and |CertVerify|.
+TEST_P(TlsConnectTls13, DCRejectModifiedDCScheme) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ client_->SetAuthCertificateCallback(ModifyDCScheme);
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
+ ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
+ now());
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+ server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+ client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH);
+}
+
+// Tweak the authKeyBits in between |Cert| and |CertVerify|.
+TEST_P(TlsConnectTls13, DCRejectModifiedDCAuthKeyBits) {
+ Reset(kEcdsaDelegatorId);
+ client_->EnableDelegatedCredentials();
+ client_->SetAuthCertificateCallback(ModifyDCAuthKeyBits);
+ server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521,
+ ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor,
+ now());
+ ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
+ server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+ client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH);
+}
+
+class DCDelegation : public ::testing::Test {};
+
+TEST_F(DCDelegation, DCDelegations) {
+ PRTime now = PR_Now();
+ ScopedCERTCertificate cert;
+ ScopedSECKEYPrivateKey priv;
+ ASSERT_TRUE(TlsAgent::LoadCertificate(kEcdsaDelegatorId, &cert, &priv));
+
+ ScopedSECKEYPublicKey pub_rsa;
+ ScopedSECKEYPrivateKey priv_rsa;
+ ASSERT_TRUE(
+ TlsAgent::LoadKeyPairFromCert(TlsAgent::kServerRsa, &pub_rsa, &priv_rsa));
+
+ StackSECItem dc;
+ EXPECT_EQ(SECFailure,
+ SSL_DelegateCredential(cert.get(), priv.get(), pub_rsa.get(),
+ ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor,
+ now, &dc));
+ EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError());
+
+ // Using different PSS hashes should be OK.
+ EXPECT_EQ(SECSuccess,
+ SSL_DelegateCredential(cert.get(), priv.get(), pub_rsa.get(),
+ ssl_sig_rsa_pss_rsae_sha256, kDCValidFor,
+ now, &dc));
+ // Make sure to reset |dc| after each success.
+ dc.Reset();
+ EXPECT_EQ(SECSuccess, SSL_DelegateCredential(
+ cert.get(), priv.get(), pub_rsa.get(),
+ ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now, &dc));
+ dc.Reset();
+ EXPECT_EQ(SECSuccess, SSL_DelegateCredential(
+ cert.get(), priv.get(), pub_rsa.get(),
+ ssl_sig_rsa_pss_pss_sha384, kDCValidFor, now, &dc));
+ dc.Reset();
+
+ ScopedSECKEYPublicKey pub_ecdsa;
+ ScopedSECKEYPrivateKey priv_ecdsa;
+ ASSERT_TRUE(TlsAgent::LoadKeyPairFromCert(TlsAgent::kServerEcdsa256,
+ &pub_ecdsa, &priv_ecdsa));
+
+ EXPECT_EQ(SECFailure,
+ SSL_DelegateCredential(cert.get(), priv.get(), pub_ecdsa.get(),
+ ssl_sig_rsa_pss_rsae_sha256, kDCValidFor,
+ now, &dc));
+ EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError());
+ EXPECT_EQ(SECFailure, SSL_DelegateCredential(
+ cert.get(), priv.get(), pub_ecdsa.get(),
+ ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now, &dc));
+ EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError());
+ EXPECT_EQ(SECFailure,
+ SSL_DelegateCredential(cert.get(), priv.get(), pub_ecdsa.get(),
+ ssl_sig_ecdsa_secp384r1_sha384, kDCValidFor,
+ now, &dc));
+ EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError());
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/sysinit_gtest/Makefile b/security/nss/gtests/sysinit_gtest/Makefile
new file mode 100644
index 000000000..0d547e080
--- /dev/null
+++ b/security/nss/gtests/sysinit_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
diff --git a/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc b/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc
new file mode 100644
index 000000000..845b6e36e
--- /dev/null
+++ b/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc
@@ -0,0 +1,164 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "gtest/gtest.h"
+#include "prenv.h"
+#include "seccomon.h"
+
+#include <stdlib.h>
+#include <string>
+#include <unistd.h>
+#include <sys/stat.h>
+
+namespace nss_test {
+
+// Return the path to user's NSS database.
+extern "C" char *getUserDB(void);
+
+class Sysinit : public ::testing::Test {
+ protected:
+ void SetUp() {
+ home_var_ = PR_GetEnvSecure("HOME");
+ if (home_var_) {
+ old_home_dir_ = home_var_;
+ }
+ xdg_data_home_var_ = PR_GetEnvSecure("XDG_DATA_HOME");
+ if (xdg_data_home_var_) {
+ old_xdg_data_home_ = xdg_data_home_var_;
+ ASSERT_EQ(0, unsetenv("XDG_DATA_HOME"));
+ }
+ char tmp[] = "/tmp/nss-tmp.XXXXXX";
+ tmp_home_ = mkdtemp(tmp);
+ ASSERT_EQ(0, setenv("HOME", tmp_home_.c_str(), 1));
+ }
+
+ void TearDown() {
+ // Set HOME back to original
+ if (home_var_) {
+ ASSERT_EQ(0, setenv("HOME", old_home_dir_.c_str(), 1));
+ } else {
+ ASSERT_EQ(0, unsetenv("HOME"));
+ }
+ // Set XDG_DATA_HOME back to original
+ if (xdg_data_home_var_) {
+ ASSERT_EQ(0, setenv("XDG_DATA_HOME", old_xdg_data_home_.c_str(), 1));
+ }
+ // Remove test dirs.
+ if (!nssdir_.empty()) {
+ ASSERT_EQ(0, RemoveEmptyDirsFromStart(nssdir_, tmp_home_));
+ }
+ }
+
+ // Remove all dirs within @start from @path containing only empty dirs.
+ // Assumes @start already exists.
+ // Upon successful completion, return 0. Otherwise, -1.
+ static int RemoveEmptyDirsFromStart(std::string path, std::string start) {
+ if (path.find(start) == std::string::npos) {
+ return -1;
+ }
+ std::string temp = path;
+ if (rmdir(temp.c_str())) {
+ return -1;
+ }
+ for (size_t i = temp.length() - 1; i > start.length(); --i) {
+ if (temp[i] == '/') {
+ temp[i] = '\0';
+ if (rmdir(temp.c_str())) {
+ return -1;
+ }
+ }
+ }
+ if (rmdir(start.c_str())) {
+ return -1;
+ }
+ return 0;
+ }
+
+ // Create empty dirs appending @path to @start with mode @mode.
+ // Assumes @start already exists.
+ // Upon successful completion, return the string @start + @path.
+ static std::string CreateEmptyDirsFromStart(std::string start,
+ std::string path, mode_t mode) {
+ std::string temp = start + "/";
+ for (size_t i = 1; i < path.length(); ++i) {
+ if (path[i] == '/') {
+ EXPECT_EQ(0, mkdir(temp.c_str(), mode));
+ }
+ temp += path[i];
+ }
+ // We reach the end of string before the last dir is created
+ EXPECT_EQ(0, mkdir(temp.c_str(), mode));
+ return temp;
+ }
+
+ char *home_var_;
+ char *xdg_data_home_var_;
+ std::string old_home_dir_;
+ std::string old_xdg_data_home_;
+ std::string nssdir_;
+ std::string tmp_home_;
+};
+
+class SysinitSetXdgUserDataHome : public Sysinit {
+ protected:
+ void SetUp() {
+ Sysinit::SetUp();
+ ASSERT_EQ(0, setenv("XDG_DATA_HOME", tmp_home_.c_str(), 1));
+ }
+};
+
+class SysinitSetTrashXdgUserDataHome : public Sysinit {
+ protected:
+ void SetUp() {
+ Sysinit::SetUp();
+ std::string trashPath = tmp_home_ + "/this/path/does/not/exist";
+ ASSERT_EQ(0, setenv("XDG_DATA_HOME", trashPath.c_str(), 1));
+ }
+
+ void TearDown() {
+ ASSERT_EQ(0, rmdir(tmp_home_.c_str()));
+ Sysinit::TearDown();
+ }
+};
+
+// Check if $HOME/.pki/nssdb is used if it exists
+TEST_F(Sysinit, LegacyPath) {
+ nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.pki/nssdb", 0760);
+ char *nssdb = getUserDB();
+ ASSERT_EQ(nssdir_, nssdb);
+ PORT_Free(nssdb);
+}
+
+// Check if $HOME/.local/share/pki/nssdb is used if:
+// - $HOME/.pki/nssdb does not exist;
+// - XDG_DATA_HOME is not set.
+TEST_F(Sysinit, XdgDefaultPath) {
+ nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.local/share", 0755);
+ nssdir_ = CreateEmptyDirsFromStart(nssdir_, "/pki/nssdb", 0760);
+ char *nssdb = getUserDB();
+ ASSERT_EQ(nssdir_, nssdb);
+ PORT_Free(nssdb);
+}
+
+// Check if ${XDG_DATA_HOME}/pki/nssdb is used if:
+// - $HOME/.pki/nssdb does not exist;
+// - XDG_DATA_HOME is set and the path exists.
+TEST_F(SysinitSetXdgUserDataHome, XdgSetPath) {
+ // XDG_DATA_HOME is set to HOME
+ nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/pki/nssdb", 0760);
+ char *nssdb = getUserDB();
+ ASSERT_EQ(nssdir_, nssdb);
+ PORT_Free(nssdb);
+}
+
+// Check if it fails when:
+// - XDG_DATA_HOME is set to a path that does not exist;
+// - $HOME/.pki/nssdb also does not exist. */
+TEST_F(SysinitSetTrashXdgUserDataHome, XdgSetToTrashPath) {
+ char *nssdb = getUserDB();
+ ASSERT_EQ(nullptr, nssdb);
+}
+
+} // namespace nss_test
diff --git a/security/nss/gtests/sysinit_gtest/manifest.mn b/security/nss/gtests/sysinit_gtest/manifest.mn
new file mode 100644
index 000000000..2fb8167aa
--- /dev/null
+++ b/security/nss/gtests/sysinit_gtest/manifest.mn
@@ -0,0 +1,27 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+
+MODULE = nss
+
+CPPSRCS = \
+ getUserDB_unittest.cc \
+ sysinit_gtest.cc \
+ $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = sysinit_gtest
+
+EXTRA_LIBS = \
+ $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+ $(DIST)/lib/$(LIB_PREFIX)nsssysinit.$(LIB_SUFFIX) \
+ $(NULL)
+
+USE_STATIC_LIBS = 1
diff --git a/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc b/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc
new file mode 100644
index 000000000..9f99e366d
--- /dev/null
+++ b/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc
@@ -0,0 +1,9 @@
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char** argv) {
+ // Start the tests
+ ::testing::InitGoogleTest(&argc, argv);
+ int rv = RUN_ALL_TESTS();
+ return rv;
+}
diff --git a/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp b/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp
new file mode 100644
index 000000000..1fcacfe7f
--- /dev/null
+++ b/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../common/gtest.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'sysinit_gtest',
+ 'type': 'executable',
+ 'sources': [
+ 'sysinit_gtest.cc',
+ 'getUserDB_unittest.cc',
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
+ '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+ '<(DEPTH)/lib/sysinit/sysinit.gyp:nsssysinit_static'
+ ]
+ }
+ ],
+ 'target_defaults': {
+ 'include_dirs': [
+ '../../lib/sysinit'
+ ],
+ 'defines': [
+ 'NSS_USE_STATIC_LIBS'
+ ]
+ },
+ 'variables': {
+ 'module': 'nss'
+ }
+}
diff --git a/security/nss/gtests/util_gtest/manifest.mn b/security/nss/gtests/util_gtest/manifest.mn
index a90e8431e..c09146c83 100644
--- a/security/nss/gtests/util_gtest/manifest.mn
+++ b/security/nss/gtests/util_gtest/manifest.mn
@@ -3,29 +3,30 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
-DEPTH = ../..
+DEPTH = ../..
MODULE = nss
CPPSRCS = \
- util_utf8_unittest.cc \
- util_b64_unittest.cc \
- util_pkcs11uri_unittest.cc \
- util_aligned_malloc_unittest.cc \
- util_memcmpzero_unittest.cc \
- $(NULL)
+ util_aligned_malloc_unittest.cc \
+ util_b64_unittest.cc \
+ util_gtests.cc \
+ util_memcmpzero_unittest.cc \
+ util_pkcs11uri_unittest.cc \
+ util_utf8_unittest.cc \
+ $(NULL)
INCLUDES += \
- -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
- -I$(CORE_DEPTH)/gtests/common \
- -I$(CORE_DEPTH)/cpputil \
- $(NULL)
+ -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common \
+ -I$(CORE_DEPTH)/cpputil \
+ $(NULL)
REQUIRES = nspr gtest
PROGRAM = util_gtest
EXTRA_LIBS = \
- $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
- $(NULL)
+ $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
+ $(NULL)
diff --git a/security/nss/gtests/util_gtest/util_gtest.gyp b/security/nss/gtests/util_gtest/util_gtest.gyp
index 1c54329b2..ab803b761 100644
--- a/security/nss/gtests/util_gtest/util_gtest.gyp
+++ b/security/nss/gtests/util_gtest/util_gtest.gyp
@@ -11,27 +11,17 @@
'target_name': 'util_gtest',
'type': 'executable',
'sources': [
- 'util_utf8_unittest.cc',
- 'util_b64_unittest.cc',
- 'util_pkcs11uri_unittest.cc',
'util_aligned_malloc_unittest.cc',
+ 'util_b64_unittest.cc',
+ 'util_gtests.cc',
'util_memcmpzero_unittest.cc',
- '<(DEPTH)/gtests/common/gtests.cc',
+ 'util_pkcs11uri_unittest.cc',
+ 'util_utf8_unittest.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/util/util.gyp:nssutil',
- '<(DEPTH)/lib/nss/nss.gyp:nss_static',
- '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
- '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
- '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
- '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
- '<(DEPTH)/lib/base/base.gyp:nssb',
- '<(DEPTH)/lib/dev/dev.gyp:nssdev',
- '<(DEPTH)/lib/pki/pki.gyp:nsspki',
- '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
- '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'conditions': [
[ 'OS=="win"', {
diff --git a/security/nss/gtests/util_gtest/util_gtests.cc b/security/nss/gtests/util_gtest/util_gtests.cc
new file mode 100644
index 000000000..77e663f3c
--- /dev/null
+++ b/security/nss/gtests/util_gtest/util_gtests.cc
@@ -0,0 +1,9 @@
+#include <cstdlib>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+ return RUN_ALL_TESTS();
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 23:18:16 +0000