diff options
Diffstat (limited to 'security/nss/gtests')
125 files changed, 24665 insertions, 1329 deletions
diff --git a/security/nss/gtests/Makefile b/security/nss/gtests/Makefile index 2b5492506..718850c3a 100644 --- a/security/nss/gtests/Makefile +++ b/security/nss/gtests/Makefile @@ -26,6 +26,16 @@ include $(CORE_DEPTH)/coreconf/config.mk # (4) Include "local" platform-dependent assignments (OPTIONAL). # ####################################################################### +# Don't build sysinit gtests unless we are also building libnsssysinit. +# See lib/Makefile for the corresponding rules. +ifndef MOZILLA_CLIENT +ifeq ($(OS_ARCH),Linux) +ifneq ($(NSS_BUILD_UTIL_ONLY),1) +SYSINIT_GTEST=sysinit_gtest +endif +endif +endif + ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # diff --git a/security/nss/gtests/__init__.py b/security/nss/gtests/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/security/nss/gtests/__init__.py diff --git a/security/nss/gtests/certdb_gtest/cert_unittest.cc b/security/nss/gtests/certdb_gtest/cert_unittest.cc new file mode 100644 index 000000000..93003fa59 --- /dev/null +++ b/security/nss/gtests/certdb_gtest/cert_unittest.cc @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "nss.h" +#include "secerr.h" +#include "pk11pub.h" +#include "nss_scoped_ptrs.h" + +namespace nss_test { + +class CertTest : public ::testing::Test {}; + +// Tests CERT_GetCertificateDer for the certs we have. +TEST_F(CertTest, GetCertDer) { + // Listing all the certs should get us the default trust anchors. + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + + for (PRCList* cursor = PR_NEXT_LINK(&certs->list); cursor != &certs->list; + cursor = PR_NEXT_LINK(cursor)) { + CERTCertListNode* node = (CERTCertListNode*)cursor; + SECItem der; + ASSERT_EQ(SECSuccess, CERT_GetCertificateDer(node->cert, &der)); + ASSERT_EQ(0, SECITEM_CompareItem(&der, &node->cert->derCert)); + } +} + +TEST_F(CertTest, GetCertDerBad) { + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + CERTCertListNode* node = (CERTCertListNode*)PR_NEXT_LINK(&certs->list); + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(node->cert, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + SECItem der; + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, &der)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} +} diff --git a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp index 898102def..7f5bb324b 100644 --- a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp +++ b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp @@ -12,6 +12,8 @@ 'type': 'executable', 'sources': [ 'alg1485_unittest.cc', + 'cert_unittest.cc', + 'decode_certs_unittest.cc', '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ @@ -20,6 +22,7 @@ '<(DEPTH)/lib/util/util.gyp:nssutil3', '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', '<(DEPTH)/lib/nss/nss.gyp:nss3', + '<(DEPTH)/lib/smime/smime.gyp:smime3', ] } ], diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc new file mode 100644 index 000000000..405194edc --- /dev/null +++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "cert.h" +#include "prerror.h" +#include "secerr.h" + +class DecodeCertsTest : public ::testing::Test {}; + +TEST_F(DecodeCertsTest, EmptyCertPackage) { + // This represents a PKCS#7 ContentInfo with a contentType of + // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content + // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no + // certificates, so CERT_DecodeCertFromPackage should just return a null + // pointer. + unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + 0x05, 0xa0, 0x02, 0x30, 0x00}; + EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage( + reinterpret_cast<char*>(emptyCertPackage), + sizeof(emptyCertPackage))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); +} diff --git a/security/nss/gtests/certdb_gtest/manifest.mn b/security/nss/gtests/certdb_gtest/manifest.mn index 4a3a1fda0..c95cf991f 100644 --- a/security/nss/gtests/certdb_gtest/manifest.mn +++ b/security/nss/gtests/certdb_gtest/manifest.mn @@ -8,6 +8,8 @@ MODULE = nss CPPSRCS = \ alg1485_unittest.cc \ + cert_unittest.cc \ + decode_certs_unittest.cc \ $(NULL) INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ diff --git a/security/nss/gtests/common/__init__.py b/security/nss/gtests/common/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/security/nss/gtests/common/__init__.py diff --git a/security/nss/gtests/common/gtest.gypi b/security/nss/gtests/common/gtest.gypi index c4865bba5..919c23aa3 100644 --- a/security/nss/gtests/common/gtest.gypi +++ b/security/nss/gtests/common/gtest.gypi @@ -21,6 +21,13 @@ 'libraries': [ '-lws2_32', ], + 'conditions': [ + ['static_libs==1', { + 'libraries': [ + '-ladvapi32', + ], + }], + ], }], ['OS=="android"', { 'libraries': [ diff --git a/security/nss/gtests/common/gtests.cc b/security/nss/gtests/common/gtests.cc index bd5a97a8e..d0f21ee04 100644 --- a/security/nss/gtests/common/gtests.cc +++ b/security/nss/gtests/common/gtests.cc @@ -1,6 +1,5 @@ #include "nspr.h" #include "nss.h" -#include "ssl.h" #include <cstdlib> @@ -10,10 +9,23 @@ int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); - if (NSS_NoDB_Init(nullptr) != SECSuccess) { - return 1; + const char *workdir = ""; + uint32_t flags = NSS_INIT_READONLY; + + for (int i = 0; i < argc; i++) { + if (!strcmp(argv[i], "-d")) { + if (i + 1 >= argc) { + PR_fprintf(PR_STDERR, "Usage: %s [-d <dir> [-w]]\n", argv[0]); + exit(2); + } + workdir = argv[i + 1]; + i++; + } else if (!strcmp(argv[i], "-w")) { + flags &= ~NSS_INIT_READONLY; + } } - if (NSS_SetDomesticPolicy() != SECSuccess) { + + if (NSS_Initialize(workdir, "", "", SECMOD_DB, flags) != SECSuccess) { return 1; } int rv = RUN_ALL_TESTS(); diff --git a/security/nss/gtests/common/testvectors/chachapoly-vectors.h b/security/nss/gtests/common/testvectors/chachapoly-vectors.h new file mode 100644 index 000000000..2e2683bda --- /dev/null +++ b/security/nss/gtests/common/testvectors/chachapoly-vectors.h @@ -0,0 +1,3299 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This file is generated from sources in nss/gtests/common/wycheproof + * automatically and should not be touched manually. + * Generation is trigged by calling ./mach wycheproof */ + +#ifndef chachapoly_vectors_h__ +#define chachapoly_vectors_h__ + +#include <string> +#include <vector> + +typedef struct chaChaTestVectorStr { + uint32_t id; + std::vector<uint8_t> Data; + std::vector<uint8_t> AAD; + std::vector<uint8_t> Key; + std::vector<uint8_t> IV; + std::vector<uint8_t> CT; + bool invalidTag; + bool invalidIV; +} chaChaTestVector; + +// ChaCha20/Poly1305 Test Vector 1, RFC 7539 +// <http://tools.ietf.org/html/rfc7539#section-2.8.2> +// ChaCha20/Poly1305 Test Vector 2, RFC 7539 +// <http://tools.ietf.org/html/rfc7539#appendix-A.5> +const chaChaTestVector kChaCha20Vectors[] = { + {0, + {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, + 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, + 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, + 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, + 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e}, + {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47}, + {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, + 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, + 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, + 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, + 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, + 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, + 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91}, + false, + false}, + {1, + {0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, + 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, + 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, + 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, + 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, + 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, + 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c, + 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, + 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, + 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70, + 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, + 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, + 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, + 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20, + 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, + 0x9d}, + {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91}, + {0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, + 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, + 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0}, + {0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, + 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, + 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18, + 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, + 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, + 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, + 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e, + 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, + 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e, + 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, + 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76, + 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, + 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0, + 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, + 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04, + 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, + 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, + 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, + 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9, + 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, + 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d, + 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, + 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36, + 0xfe, 0xa1, 0x85, 0x1f, 0x38}, + false, + false}}; + +// Testvectors from project wycheproof +// <https://github.com/google/wycheproof> +const chaChaTestVector kChaCha20WycheproofVectors[] = { + + // Comment: rfc7539 + {0, + {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, + 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, + 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, + 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, + 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e}, + {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47}, + {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, + 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, + 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, + 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, + 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, + 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, + 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91}, + false, + false}, + + // Comment: + {1, + {}, + {}, + {0x80, 0xba, 0x31, 0x92, 0xc8, 0x03, 0xce, 0x96, 0x5e, 0xa3, 0x71, + 0xd5, 0xff, 0x07, 0x3c, 0xf0, 0xf4, 0x3b, 0x6a, 0x2a, 0xb5, 0x76, + 0xb2, 0x08, 0x42, 0x6e, 0x11, 0x40, 0x9c, 0x09, 0xb9, 0xb0}, + {0x4d, 0xa5, 0xbf, 0x8d, 0xfd, 0x58, 0x52, 0xc1, 0xea, 0x12, 0x37, 0x9d}, + {0x76, 0xac, 0xb3, 0x42, 0xcf, 0x31, 0x66, 0xa5, 0xb6, 0x3c, 0x0c, 0x0e, + 0xa1, 0x38, 0x3c, 0x8d}, + false, + false}, + + // Comment: + {2, + {}, + {0xbd, 0x50, 0x67, 0x64, 0xf2, 0xd2, 0xc4, 0x10}, + {0x7a, 0x4c, 0xd7, 0x59, 0x17, 0x2e, 0x02, 0xeb, 0x20, 0x4d, 0xb2, + 0xc3, 0xf5, 0xc7, 0x46, 0x22, 0x7d, 0xf5, 0x84, 0xfc, 0x13, 0x45, + 0x19, 0x63, 0x91, 0xdb, 0xb9, 0x57, 0x7a, 0x25, 0x07, 0x42}, + {0xa9, 0x2e, 0xf0, 0xac, 0x99, 0x1d, 0xd5, 0x16, 0xa3, 0xc6, 0xf6, 0x89}, + {0x90, 0x6f, 0xa6, 0x28, 0x4b, 0x52, 0xf8, 0x7b, 0x73, 0x59, 0xcb, 0xaa, + 0x75, 0x63, 0xc7, 0x09}, + false, + false}, + + // Comment: + {3, + {0x2a}, + {}, + {0xcc, 0x56, 0xb6, 0x80, 0x55, 0x2e, 0xb7, 0x50, 0x08, 0xf5, 0x48, + 0x4b, 0x4c, 0xb8, 0x03, 0xfa, 0x50, 0x63, 0xeb, 0xd6, 0xea, 0xb9, + 0x1f, 0x6a, 0xb6, 0xae, 0xf4, 0x91, 0x6a, 0x76, 0x62, 0x73}, + {0x99, 0xe2, 0x3e, 0xc4, 0x89, 0x85, 0xbc, 0xcd, 0xee, 0xab, 0x60, 0xf1}, + {0x3a, 0xca, 0xc2, 0x7d, 0xec, 0x09, 0x68, 0x80, 0x1e, 0x9f, 0x6e, 0xde, + 0xd6, 0x9d, 0x80, 0x75, 0x22}, + false, + false}, + + // Comment: + {4, + {0x51}, + {0x91, 0xca, 0x6c, 0x59, 0x2c, 0xbc, 0xca, 0x53}, + {0x46, 0xf0, 0x25, 0x49, 0x65, 0xf7, 0x69, 0xd5, 0x2b, 0xdb, 0x4a, + 0x70, 0xb4, 0x43, 0x19, 0x9f, 0x8e, 0xf2, 0x07, 0x52, 0x0d, 0x12, + 0x20, 0xc5, 0x5e, 0x4b, 0x70, 0xf0, 0xfd, 0xa6, 0x20, 0xee}, + {0xab, 0x0d, 0xca, 0x71, 0x6e, 0xe0, 0x51, 0xd2, 0x78, 0x2f, 0x44, 0x03}, + {0xc4, 0x16, 0x83, 0x10, 0xca, 0x45, 0xb1, 0xf7, 0xc6, 0x6c, 0xad, 0x4e, + 0x99, 0xe4, 0x3f, 0x72, 0xb9}, + false, + false}, + + // Comment: + {5, + {0x5c, 0x60}, + {}, + {0x2f, 0x7f, 0x7e, 0x4f, 0x59, 0x2b, 0xb3, 0x89, 0x19, 0x49, 0x89, + 0x74, 0x35, 0x07, 0xbf, 0x3e, 0xe9, 0xcb, 0xde, 0x17, 0x86, 0xb6, + 0x69, 0x5f, 0xe6, 0xc0, 0x25, 0xfd, 0x9b, 0xa4, 0xc1, 0x00}, + {0x46, 0x1a, 0xf1, 0x22, 0xe9, 0xf2, 0xe0, 0x34, 0x7e, 0x03, 0xf2, 0xdb}, + {0x4d, 0x13, 0x91, 0xe8, 0xb6, 0x1e, 0xfb, 0x39, 0xc1, 0x22, 0x19, 0x54, + 0x53, 0x07, 0x7b, 0x22, 0xe5, 0xe2}, + false, + false}, + + // Comment: + {6, + {0xdd, 0xf2}, + {0x88, 0x36, 0x4f, 0xc8, 0x06, 0x05, 0x18, 0xbf}, + {0xc8, 0x83, 0x3d, 0xce, 0x5e, 0xa9, 0xf2, 0x48, 0xaa, 0x20, 0x30, + 0xea, 0xcf, 0xe7, 0x2b, 0xff, 0xe6, 0x9a, 0x62, 0x0c, 0xaf, 0x79, + 0x33, 0x44, 0xe5, 0x71, 0x8f, 0xe0, 0xd7, 0xab, 0x1a, 0x58}, + {0x61, 0x54, 0x6b, 0xa5, 0xf1, 0x72, 0x05, 0x90, 0xb6, 0x04, 0x0a, 0xc6}, + {0xb6, 0x0d, 0xea, 0xd0, 0xfd, 0x46, 0x97, 0xec, 0x2e, 0x55, 0x58, 0x23, + 0x77, 0x19, 0xd0, 0x24, 0x37, 0xa2}, + false, + false}, + + // Comment: + {7, + {0xab, 0x85, 0xe9, 0xc1, 0x57, 0x17, 0x31}, + {}, + {0x55, 0x56, 0x81, 0x58, 0xd3, 0xa6, 0x48, 0x3f, 0x1f, 0x70, 0x21, + 0xea, 0xb6, 0x9b, 0x70, 0x3f, 0x61, 0x42, 0x51, 0xca, 0xdc, 0x1a, + 0xf5, 0xd3, 0x4a, 0x37, 0x4f, 0xdb, 0xfc, 0x5a, 0xda, 0xc7}, + {0x3c, 0x4e, 0x65, 0x4d, 0x66, 0x3f, 0xa4, 0x59, 0x6d, 0xc5, 0x5b, 0xb7}, + {0x5d, 0xfe, 0x34, 0x40, 0xdb, 0xb3, 0xc3, 0xed, 0x7a, 0x43, 0x4e, 0x26, + 0x02, 0xd3, 0x94, 0x28, 0x1e, 0x0a, 0xfa, 0x9f, 0xb7, 0xaa, 0x42}, + false, + false}, + + // Comment: + {8, + {0x4e, 0xe5, 0xcd, 0xa2, 0x0d, 0x42, 0x90}, + {0x84, 0xe4, 0x6b, 0xe8, 0xc0, 0x91, 0x90, 0x53}, + {0xe3, 0xc0, 0x9e, 0x7f, 0xab, 0x1a, 0xef, 0xb5, 0x16, 0xda, 0x6a, + 0x33, 0x02, 0x2a, 0x1d, 0xd4, 0xeb, 0x27, 0x2c, 0x80, 0xd5, 0x40, + 0xc5, 0xda, 0x52, 0xa7, 0x30, 0xf3, 0x4d, 0x84, 0x0d, 0x7f}, + {0x58, 0x38, 0x93, 0x75, 0xc6, 0x9e, 0xe3, 0x98, 0xde, 0x94, 0x83, 0x96}, + {0x4b, 0xd4, 0x72, 0x12, 0x94, 0x1c, 0xe3, 0x18, 0x5f, 0x14, 0x08, 0xee, + 0x7f, 0xbf, 0x18, 0xf5, 0xab, 0xad, 0x6e, 0x22, 0x53, 0xa1, 0xba}, + false, + false}, + + // Comment: + {9, + {0xbe, 0x33, 0x08, 0xf7, 0x2a, 0x2c, 0x6a, 0xed}, + {}, + {0x51, 0xe4, 0xbf, 0x2b, 0xad, 0x92, 0xb7, 0xaf, 0xf1, 0xa4, 0xbc, + 0x05, 0x55, 0x0b, 0xa8, 0x1d, 0xf4, 0xb9, 0x6f, 0xab, 0xf4, 0x1c, + 0x12, 0xc7, 0xb0, 0x0e, 0x60, 0xe4, 0x8d, 0xb7, 0xe1, 0x52}, + {0x4f, 0x07, 0xaf, 0xed, 0xfd, 0xc3, 0xb6, 0xc2, 0x36, 0x18, 0x23, 0xd3}, + {0x8e, 0x94, 0x39, 0xa5, 0x6e, 0xee, 0xc8, 0x17, 0xfb, 0xe8, 0xa6, 0xed, + 0x8f, 0xab, 0xb1, 0x93, 0x75, 0x39, 0xdd, 0x6c, 0x00, 0xe9, 0x00, 0x21}, + false, + false}, + + // Comment: + {10, + {0xa4, 0xc9, 0xc2, 0x80, 0x1b, 0x71, 0xf7, 0xdf}, + {0x66, 0xc0, 0xae, 0x70, 0x07, 0x6c, 0xb1, 0x4d}, + {0x11, 0x31, 0xc1, 0x41, 0x85, 0x77, 0xa0, 0x54, 0xde, 0x7a, 0x4a, + 0xc5, 0x51, 0x95, 0x0f, 0x1a, 0x05, 0x3f, 0x9a, 0xe4, 0x6e, 0x5b, + 0x75, 0xfe, 0x4a, 0xbd, 0x56, 0x08, 0xd7, 0xcd, 0xda, 0xdd}, + {0xb4, 0xea, 0x66, 0x6e, 0xe1, 0x19, 0x56, 0x33, 0x66, 0x48, 0x4a, 0x78}, + {0xb9, 0xb9, 0x10, 0x43, 0x3a, 0xf0, 0x52, 0xb0, 0x45, 0x30, 0xf5, 0x1a, + 0xee, 0xe0, 0x24, 0xe0, 0xa4, 0x45, 0xa6, 0x32, 0x8f, 0xa6, 0x7a, 0x18}, + false, + false}, + + // Comment: + {11, + {0x42, 0xba, 0xae, 0x59, 0x78, 0xfe, 0xaf, 0x5c, 0x36, 0x8d, 0x14, 0xe0}, + {}, + {0x99, 0xb6, 0x2b, 0xd5, 0xaf, 0xbe, 0x3f, 0xb0, 0x15, 0xbd, 0xe9, + 0x3f, 0x0a, 0xbf, 0x48, 0x39, 0x57, 0xa1, 0xc3, 0xeb, 0x3c, 0xa5, + 0x9c, 0xb5, 0x0b, 0x39, 0xf7, 0xf8, 0xa9, 0xcc, 0x51, 0xbe}, + {0x9a, 0x59, 0xfc, 0xe2, 0x6d, 0xf0, 0x00, 0x5e, 0x07, 0x53, 0x86, 0x56}, + {0xff, 0x7d, 0xc2, 0x03, 0xb2, 0x6c, 0x46, 0x7a, 0x6b, 0x50, + 0xdb, 0x33, 0x57, 0x8c, 0x0f, 0x27, 0x58, 0xc2, 0xe1, 0x4e, + 0x36, 0xd4, 0xfc, 0x10, 0x6d, 0xcb, 0x29, 0xb4}, + false, + false}, + + // Comment: + {12, + {0xfd, 0xc8, 0x5b, 0x94, 0xa4, 0xb2, 0xa6, 0xb7, 0x59, 0xb1, 0xa0, 0xda}, + {0xa5, 0x06, 0xe1, 0xa5, 0xc6, 0x90, 0x93, 0xf9}, + {0x85, 0xf3, 0x5b, 0x62, 0x82, 0xcf, 0xf4, 0x40, 0xbc, 0x10, 0x20, + 0xc8, 0x13, 0x6f, 0xf2, 0x70, 0x31, 0x11, 0x0f, 0xa6, 0x3e, 0xc1, + 0x6f, 0x1e, 0x82, 0x51, 0x18, 0xb0, 0x06, 0xb9, 0x12, 0x57}, + {0x58, 0xdb, 0xd4, 0xad, 0x2c, 0x4a, 0xd3, 0x5d, 0xd9, 0x06, 0xe9, 0xce}, + {0x9f, 0x88, 0x16, 0xde, 0x09, 0x94, 0xe9, 0x38, 0xd9, 0xe5, + 0x3f, 0x95, 0xd0, 0x86, 0xfc, 0x6c, 0x9d, 0x8f, 0xa9, 0x15, + 0xfd, 0x84, 0x23, 0xa7, 0xcf, 0x05, 0x07, 0x2f}, + false, + false}, + + // Comment: + {13, + {0x51, 0xf8, 0xc1, 0xf7, 0x31, 0xea, 0x14, 0xac, 0xdb, 0x21, 0x0a, 0x6d, + 0x97, 0x3e, 0x07}, + {}, + {0x67, 0x11, 0x96, 0x27, 0xbd, 0x98, 0x8e, 0xda, 0x90, 0x62, 0x19, + 0xe0, 0x8c, 0x0d, 0x0d, 0x77, 0x9a, 0x07, 0xd2, 0x08, 0xce, 0x8a, + 0x4f, 0xe0, 0x70, 0x9a, 0xf7, 0x55, 0xee, 0xec, 0x6d, 0xcb}, + {0x68, 0xab, 0x7f, 0xdb, 0xf6, 0x19, 0x01, 0xda, 0xd4, 0x61, 0xd2, 0x3c}, + {0x0b, 0x29, 0x63, 0x8e, 0x1f, 0xbd, 0xd6, 0xdf, 0x53, 0x97, 0x0b, + 0xe2, 0x21, 0x00, 0x42, 0x2a, 0x91, 0x34, 0x08, 0x7d, 0x67, 0xa4, + 0x6e, 0x79, 0x17, 0x8d, 0x0a, 0x93, 0xf5, 0xe1, 0xd2}, + false, + false}, + + // Comment: + {14, + {0x97, 0x46, 0x9d, 0xa6, 0x67, 0xd6, 0x11, 0x0f, 0x9c, 0xbd, 0xa1, 0xd1, + 0xa2, 0x06, 0x73}, + {0x64, 0x53, 0xa5, 0x33, 0x84, 0x63, 0x22, 0x12}, + {0xe6, 0xf1, 0x11, 0x8d, 0x41, 0xe4, 0xb4, 0x3f, 0xb5, 0x82, 0x21, + 0xb7, 0xed, 0x79, 0x67, 0x38, 0x34, 0xe0, 0xd8, 0xac, 0x5c, 0x4f, + 0xa6, 0x0b, 0xbc, 0x8b, 0xc4, 0x89, 0x3a, 0x58, 0x89, 0x4d}, + {0xd9, 0x5b, 0x32, 0x43, 0xaf, 0xae, 0xf7, 0x14, 0xc5, 0x03, 0x5b, 0x6a}, + {0x32, 0xdb, 0x66, 0xc4, 0xa3, 0x81, 0x9d, 0x81, 0x55, 0x74, 0x55, + 0xe5, 0x98, 0x0f, 0xed, 0xfe, 0xae, 0x30, 0xde, 0xc9, 0x4e, 0x6a, + 0xd3, 0xa9, 0xee, 0xa0, 0x6a, 0x0d, 0x70, 0x39, 0x17}, + false, + false}, + + // Comment: + {15, + {0x54, 0x9b, 0x36, 0x5a, 0xf9, 0x13, 0xf3, 0xb0, 0x81, 0x13, 0x1c, 0xcb, + 0x6b, 0x82, 0x55, 0x88}, + {}, + {0x59, 0xd4, 0xea, 0xfb, 0x4d, 0xe0, 0xcf, 0xc7, 0xd3, 0xdb, 0x99, + 0xa8, 0xf5, 0x4b, 0x15, 0xd7, 0xb3, 0x9f, 0x0a, 0xcc, 0x8d, 0xa6, + 0x97, 0x63, 0xb0, 0x19, 0xc1, 0x69, 0x9f, 0x87, 0x67, 0x4a}, + {0x2f, 0xcb, 0x1b, 0x38, 0xa9, 0x9e, 0x71, 0xb8, 0x47, 0x40, 0xad, 0x9b}, + {0xe9, 0x11, 0x0e, 0x9f, 0x56, 0xab, 0x3c, 0xa4, 0x83, 0x50, 0x0c, + 0xea, 0xba, 0xb6, 0x7a, 0x13, 0x83, 0x6c, 0xca, 0xbf, 0x15, 0xa6, + 0xa2, 0x2a, 0x51, 0xc1, 0x07, 0x1c, 0xfa, 0x68, 0xfa, 0x0c}, + false, + false}, + + // Comment: + {16, + {0x55, 0xa4, 0x65, 0x64, 0x4f, 0x5b, 0x65, 0x09, 0x28, 0xcb, 0xee, 0x7c, + 0x06, 0x32, 0x14, 0xd6}, + {0x03, 0x45, 0x85, 0x62, 0x1a, 0xf8, 0xd7, 0xff}, + {0xb9, 0x07, 0xa4, 0x50, 0x75, 0x51, 0x3f, 0xe8, 0xa8, 0x01, 0x9e, + 0xde, 0xe3, 0xf2, 0x59, 0x14, 0x87, 0xb2, 0xa0, 0x30, 0xb0, 0x3c, + 0x6e, 0x1d, 0x77, 0x1c, 0x86, 0x25, 0x71, 0xd2, 0xea, 0x1e}, + {0x11, 0x8a, 0x69, 0x64, 0xc2, 0xd3, 0xe3, 0x80, 0x07, 0x1f, 0x52, 0x66}, + {0xe4, 0xb1, 0x13, 0xcb, 0x77, 0x59, 0x45, 0xf3, 0xd3, 0xa8, 0xae, + 0x9e, 0xc1, 0x41, 0xc0, 0x0c, 0x7c, 0x43, 0xf1, 0x6c, 0xe0, 0x96, + 0xd0, 0xdc, 0x27, 0xc9, 0x58, 0x49, 0xdc, 0x38, 0x3b, 0x7d}, + false, + false}, + + // Comment: + {17, + {0x3f, 0xf1, 0x51, 0x4b, 0x1c, 0x50, 0x39, 0x15, 0x91, 0x8f, 0x0c, 0x0c, + 0x31, 0x09, 0x4a, 0x6e, 0x1f}, + {}, + {0x3b, 0x24, 0x58, 0xd8, 0x17, 0x6e, 0x16, 0x21, 0xc0, 0xcc, 0x24, + 0xc0, 0xc0, 0xe2, 0x4c, 0x1e, 0x80, 0xd7, 0x2f, 0x7e, 0xe9, 0x14, + 0x9a, 0x4b, 0x16, 0x61, 0x76, 0x62, 0x96, 0x16, 0xd0, 0x11}, + {0x45, 0xaa, 0xa3, 0xe5, 0xd1, 0x6d, 0x2d, 0x42, 0xdc, 0x03, 0x44, 0x5d}, + {0x02, 0xcc, 0x3a, 0xcb, 0x5e, 0xe1, 0xfc, 0xdd, 0x12, 0xa0, 0x3b, + 0xb8, 0x57, 0x97, 0x64, 0x74, 0xd3, 0xd8, 0x3b, 0x74, 0x63, 0xa2, + 0xc3, 0x80, 0x0f, 0xe9, 0x58, 0xc2, 0x8e, 0xaa, 0x29, 0x08, 0x13}, + false, + false}, + + // Comment: + {18, + {0x63, 0x85, 0x8c, 0xa3, 0xe2, 0xce, 0x69, 0x88, 0x7b, 0x57, 0x8a, 0x3c, + 0x16, 0x7b, 0x42, 0x1c, 0x9c}, + {0x9a, 0xaf, 0x29, 0x9e, 0xee, 0xa7, 0x8f, 0x79}, + {0xf6, 0x0c, 0x6a, 0x1b, 0x62, 0x57, 0x25, 0xf7, 0x6c, 0x70, 0x37, + 0xb4, 0x8f, 0xe3, 0x57, 0x7f, 0xa7, 0xf7, 0xb8, 0x7b, 0x1b, 0xd5, + 0xa9, 0x82, 0x17, 0x6d, 0x18, 0x23, 0x06, 0xff, 0xb8, 0x70}, + {0xf0, 0x38, 0x4f, 0xb8, 0x76, 0x12, 0x14, 0x10, 0x63, 0x3d, 0x99, 0x3d}, + {0x35, 0x76, 0x64, 0x88, 0xd2, 0xbc, 0x7c, 0x2b, 0x8d, 0x17, 0xcb, + 0xbb, 0x9a, 0xbf, 0xad, 0x9e, 0x6d, 0x1f, 0x39, 0x1e, 0x65, 0x7b, + 0x27, 0x38, 0xdd, 0xa0, 0x84, 0x48, 0xcb, 0xa2, 0x81, 0x1c, 0xeb}, + false, + false}, + + // Comment: + {19, + {0x10, 0xf1, 0xec, 0xf9, 0xc6, 0x05, 0x84, 0x66, 0x5d, 0x9a, 0xe5, 0xef, + 0xe2, 0x79, 0xe7, 0xf7, 0x37, 0x7e, 0xea, 0x69, 0x16, 0xd2, 0xb1, 0x11}, + {}, + {0x02, 0x12, 0xa8, 0xde, 0x50, 0x07, 0xed, 0x87, 0xb3, 0x3f, 0x1a, + 0x70, 0x90, 0xb6, 0x11, 0x4f, 0x9e, 0x08, 0xce, 0xfd, 0x96, 0x07, + 0xf2, 0xc2, 0x76, 0xbd, 0xcf, 0xdb, 0xc5, 0xce, 0x9c, 0xd7}, + {0xe6, 0xb1, 0xad, 0xf2, 0xfd, 0x58, 0xa8, 0x76, 0x2c, 0x65, 0xf3, 0x1b}, + {0x42, 0xf2, 0x6c, 0x56, 0xcb, 0x4b, 0xe2, 0x1d, 0x9d, 0x8d, + 0x0c, 0x80, 0xfc, 0x99, 0xdd, 0xe0, 0x0d, 0x75, 0xf3, 0x80, + 0x74, 0xbf, 0xe7, 0x64, 0x54, 0xaa, 0x7e, 0x13, 0xd4, 0x8f, + 0xff, 0x7d, 0x75, 0x57, 0x03, 0x94, 0x57, 0x04, 0x0a, 0x3a}, + false, + false}, + + // Comment: + {20, + {0x92, 0x22, 0xf9, 0x01, 0x8e, 0x54, 0xfd, 0x6d, 0xe1, 0x20, 0x08, 0x06, + 0xa9, 0xee, 0x8e, 0x4c, 0xc9, 0x04, 0xd2, 0x9f, 0x25, 0xcb, 0xa1, 0x93}, + {0x3e, 0x8b, 0xc5, 0xad, 0xe1, 0x82, 0xff, 0x08}, + {0xc5, 0xbc, 0x09, 0x56, 0x56, 0x46, 0xe7, 0xed, 0xda, 0x95, 0x4f, + 0x1f, 0x73, 0x92, 0x23, 0xda, 0xda, 0x20, 0xb9, 0x5c, 0x44, 0xab, + 0x03, 0x3d, 0x0f, 0xae, 0x4b, 0x02, 0x83, 0xd1, 0x8b, 0xe3}, + {0x6b, 0x28, 0x2e, 0xbe, 0xcc, 0x54, 0x1b, 0xcd, 0x78, 0x34, 0xed, 0x55}, + {0x12, 0x30, 0x32, 0x43, 0x7b, 0x4b, 0xfd, 0x69, 0x20, 0xe8, + 0xf7, 0xe7, 0xe0, 0x08, 0x7a, 0xe4, 0x88, 0x9e, 0xbe, 0x7a, + 0x0a, 0xd0, 0xe9, 0x00, 0x3c, 0xf6, 0x8f, 0x17, 0x95, 0x50, + 0xda, 0x63, 0xd3, 0xb9, 0x6c, 0x2d, 0x55, 0x41, 0x18, 0x65}, + false, + false}, + + // Comment: + {21, + {0xb0, 0x53, 0x99, 0x92, 0x86, 0xa2, 0x82, 0x4f, 0x42, 0xcc, 0x8c, + 0x20, 0x3a, 0xb2, 0x4e, 0x2c, 0x97, 0xa6, 0x85, 0xad, 0xcc, 0x2a, + 0xd3, 0x26, 0x62, 0x55, 0x8e, 0x55, 0xa5, 0xc7, 0x29}, + {}, + {0x2e, 0xb5, 0x1c, 0x46, 0x9a, 0xa8, 0xeb, 0x9e, 0x6c, 0x54, 0xa8, + 0x34, 0x9b, 0xae, 0x50, 0xa2, 0x0f, 0x0e, 0x38, 0x27, 0x11, 0xbb, + 0xa1, 0x15, 0x2c, 0x42, 0x4f, 0x03, 0xb6, 0x67, 0x1d, 0x71}, + {0x04, 0xa9, 0xbe, 0x03, 0x50, 0x8a, 0x5f, 0x31, 0x37, 0x1a, 0x6f, 0xd2}, + {0x45, 0xc7, 0xd6, 0xb5, 0x3a, 0xca, 0xd4, 0xab, 0xb6, 0x88, 0x76, 0xa6, + 0xe9, 0x6a, 0x48, 0xfb, 0x59, 0x52, 0x4d, 0x2c, 0x92, 0xc9, 0xd8, 0xa1, + 0x89, 0xc9, 0xfd, 0x2d, 0xb9, 0x17, 0x46, 0x56, 0x6d, 0x3c, 0xa1, 0x0e, + 0x31, 0x1b, 0x69, 0x5f, 0x3e, 0xae, 0x15, 0x51, 0x65, 0x24, 0x93}, + false, + false}, + + // Comment: + {22, + {0xf4, 0x52, 0x06, 0xab, 0xc2, 0x55, 0x52, 0xb2, 0xab, 0xc9, 0xab, + 0x7f, 0xa2, 0x43, 0x03, 0x5f, 0xed, 0xaa, 0xdd, 0xc3, 0xb2, 0x29, + 0x39, 0x56, 0xf1, 0xea, 0x6e, 0x71, 0x56, 0xe7, 0xeb}, + {0x37, 0x46, 0x18, 0xa0, 0x6e, 0xa9, 0x8a, 0x48}, + {0x7f, 0x5b, 0x74, 0xc0, 0x7e, 0xd1, 0xb4, 0x0f, 0xd1, 0x43, 0x58, + 0xfe, 0x2f, 0xf2, 0xa7, 0x40, 0xc1, 0x16, 0xc7, 0x70, 0x65, 0x10, + 0xe6, 0xa4, 0x37, 0xf1, 0x9e, 0xa4, 0x99, 0x11, 0xce, 0xc4}, + {0x47, 0x0a, 0x33, 0x9e, 0xcb, 0x32, 0x19, 0xb8, 0xb8, 0x1a, 0x1f, 0x8b}, + {0x46, 0xa8, 0x0c, 0x41, 0x87, 0x02, 0x47, 0x20, 0x08, 0x46, 0x27, 0x58, + 0x00, 0x80, 0xdd, 0xe5, 0xa3, 0xf4, 0xa1, 0x10, 0x93, 0xa7, 0x07, 0x6e, + 0xd6, 0xf3, 0xd3, 0x26, 0xbc, 0x7b, 0x70, 0x53, 0x4d, 0x4a, 0xa2, 0x83, + 0x5a, 0x52, 0xe7, 0x2d, 0x14, 0xdf, 0x0e, 0x4f, 0x47, 0xf2, 0x5f}, + false, + false}, + + // Comment: + {23, + {0xb9, 0xc5, 0x54, 0xcb, 0xc3, 0x6a, 0xc1, 0x8a, 0xe8, 0x97, 0xdf, + 0x7b, 0xee, 0xca, 0xc1, 0xdb, 0xeb, 0x4e, 0xaf, 0xa1, 0x56, 0xbb, + 0x60, 0xce, 0x2e, 0x5d, 0x48, 0xf0, 0x57, 0x15, 0xe6, 0x78}, + {}, + {0xe1, 0x73, 0x1d, 0x58, 0x54, 0xe1, 0xb7, 0x0c, 0xb3, 0xff, 0xe8, + 0xb7, 0x86, 0xa2, 0xb3, 0xeb, 0xf0, 0x99, 0x43, 0x70, 0x95, 0x47, + 0x57, 0xb9, 0xdc, 0x8c, 0x7b, 0xc5, 0x35, 0x46, 0x34, 0xa3}, + {0x72, 0xcf, 0xd9, 0x0e, 0xf3, 0x02, 0x6c, 0xa2, 0x2b, 0x7e, 0x6e, 0x6a}, + {0xea, 0x29, 0xaf, 0xa4, 0x9d, 0x36, 0xe8, 0x76, 0x0f, 0x5f, 0xe1, 0x97, + 0x23, 0xb9, 0x81, 0x1e, 0xd5, 0xd5, 0x19, 0x93, 0x4a, 0x44, 0x0f, 0x50, + 0x81, 0xac, 0x43, 0x0b, 0x95, 0x3b, 0x0e, 0x21, 0x22, 0x25, 0x41, 0xaf, + 0x46, 0xb8, 0x65, 0x33, 0xc6, 0xb6, 0x8d, 0x2f, 0xf1, 0x08, 0xa7, 0xea}, + false, + false}, + + // Comment: + {24, + {0x6b, 0x26, 0x04, 0x99, 0x6c, 0xd3, 0x0c, 0x14, 0xa1, 0x3a, 0x52, + 0x57, 0xed, 0x6c, 0xff, 0xd3, 0xbc, 0x5e, 0x29, 0xd6, 0xb9, 0x7e, + 0xb1, 0x79, 0x9e, 0xb3, 0x35, 0xe2, 0x81, 0xea, 0x45, 0x1e}, + {0x23, 0x33, 0xe5, 0xce, 0x0f, 0x93, 0xb0, 0x59}, + {0x27, 0xd8, 0x60, 0x63, 0x1b, 0x04, 0x85, 0xa4, 0x10, 0x70, 0x2f, + 0xea, 0x61, 0xbc, 0x87, 0x3f, 0x34, 0x42, 0x26, 0x0c, 0xad, 0xed, + 0x4a, 0xbd, 0xe2, 0x5b, 0x78, 0x6a, 0x2d, 0x97, 0xf1, 0x45}, + {0x26, 0x28, 0x80, 0xd4, 0x75, 0xf3, 0xda, 0xc5, 0x34, 0x0d, 0xd1, 0xb8}, + {0x6d, 0xad, 0x63, 0x78, 0x97, 0x54, 0x4d, 0x8b, 0xf6, 0xbe, 0x95, 0x07, + 0xed, 0x4d, 0x1b, 0xb2, 0xe9, 0x54, 0xbc, 0x42, 0x7e, 0x5d, 0xe7, 0x29, + 0xda, 0xf5, 0x07, 0x62, 0x84, 0x6f, 0xf2, 0xf4, 0x7b, 0x99, 0x7d, 0x93, + 0xc9, 0x82, 0x18, 0x9d, 0x70, 0x95, 0xdc, 0x79, 0x4c, 0x74, 0x62, 0x32}, + false, + false}, + + // Comment: + {25, + {0x97, 0x3d, 0x0c, 0x75, 0x38, 0x26, 0xba, 0xe4, 0x66, 0xcf, 0x9a, 0xbb, + 0x34, 0x93, 0x15, 0x2e, 0x9d, 0xe7, 0x81, 0x9e, 0x2b, 0xd0, 0xc7, 0x11, + 0x71, 0x34, 0x6b, 0x4d, 0x2c, 0xeb, 0xf8, 0x04, 0x1a, 0xa3, 0xce, 0xdc, + 0x0d, 0xfd, 0x7b, 0x46, 0x7e, 0x26, 0x22, 0x8b, 0xc8, 0x6c, 0x9a}, + {}, + {0xcf, 0x0d, 0x40, 0xa4, 0x64, 0x4e, 0x5f, 0x51, 0x81, 0x51, 0x65, + 0xd5, 0x30, 0x1b, 0x22, 0x63, 0x1f, 0x45, 0x44, 0xc4, 0x9a, 0x18, + 0x78, 0xe3, 0xa0, 0xa5, 0xe8, 0xe1, 0xaa, 0xe0, 0xf2, 0x64}, + {0xe7, 0x4a, 0x51, 0x5e, 0x7e, 0x21, 0x02, 0xb9, 0x0b, 0xef, 0x55, 0xd2}, + {0xfb, 0xa7, 0x8a, 0xe4, 0xf9, 0xd8, 0x08, 0xa6, 0x2e, 0x3d, 0xa4, + 0x0b, 0xe2, 0xcb, 0x77, 0x00, 0xc3, 0x61, 0x3d, 0x9e, 0xb2, 0xc5, + 0x29, 0xc6, 0x52, 0xe7, 0x6a, 0x43, 0x2c, 0x65, 0x8d, 0x27, 0x09, + 0x5f, 0x0e, 0xb8, 0xf9, 0x40, 0xc3, 0x24, 0x98, 0x1e, 0xa9, 0x35, + 0xe5, 0x07, 0xf9, 0x8f, 0x04, 0x69, 0x56, 0xdb, 0x3a, 0x51, 0x29, + 0x08, 0xbd, 0x7a, 0xfc, 0x8f, 0x2a, 0xb0, 0xa9}, + false, + false}, + + // Comment: + {26, + {0xa9, 0x89, 0x95, 0x50, 0x4d, 0xf1, 0x6f, 0x74, 0x8b, 0xfb, 0x77, 0x85, + 0xff, 0x91, 0xee, 0xb3, 0xb6, 0x60, 0xea, 0x9e, 0xd3, 0x45, 0x0c, 0x3d, + 0x5e, 0x7b, 0x0e, 0x79, 0xef, 0x65, 0x36, 0x59, 0xa9, 0x97, 0x8d, 0x75, + 0x54, 0x2e, 0xf9, 0x1c, 0x45, 0x67, 0x62, 0x21, 0x56, 0x40, 0xb9}, + {0xb3, 0xe4, 0x06, 0x46, 0x83, 0xb0, 0x2d, 0x84}, + {0x6c, 0xbf, 0xd7, 0x1c, 0x64, 0x5d, 0x18, 0x4c, 0xf5, 0xd2, 0x3c, + 0x40, 0x2b, 0xdb, 0x0d, 0x25, 0xec, 0x54, 0x89, 0x8c, 0x8a, 0x02, + 0x73, 0xd4, 0x2e, 0xb5, 0xbe, 0x10, 0x9f, 0xdc, 0xb2, 0xac}, + {0xd4, 0xd8, 0x07, 0x34, 0x16, 0x83, 0x82, 0x5b, 0x31, 0xcd, 0x4d, 0x95}, + {0xa1, 0xff, 0xed, 0x80, 0x76, 0x18, 0x29, 0xec, 0xce, 0x24, 0x2e, + 0x0e, 0x88, 0xb1, 0x38, 0x04, 0x90, 0x16, 0xbc, 0xa0, 0x18, 0xda, + 0x2b, 0x6e, 0x19, 0x98, 0x6b, 0x3e, 0x31, 0x8c, 0xae, 0x8d, 0x80, + 0x61, 0x98, 0xfb, 0x4c, 0x52, 0x7c, 0xc3, 0x93, 0x50, 0xeb, 0xdd, + 0xea, 0xc5, 0x73, 0xc4, 0xcb, 0xf0, 0xbe, 0xfd, 0xa0, 0xb7, 0x02, + 0x42, 0xc6, 0x40, 0xd7, 0xcd, 0x02, 0xd7, 0xa3}, + false, + false}, + + // Comment: + {27, + {0xd0, 0x96, 0x80, 0x31, 0x81, 0xbe, 0xef, 0x9e, 0x00, 0x8f, 0xf8, + 0x5d, 0x5d, 0xdc, 0x38, 0xdd, 0xac, 0xf0, 0xf0, 0x9e, 0xe5, 0xf7, + 0xe0, 0x7f, 0x1e, 0x40, 0x79, 0xcb, 0x64, 0xd0, 0xdc, 0x8f, 0x5e, + 0x67, 0x11, 0xcd, 0x49, 0x21, 0xa7, 0x88, 0x7d, 0xe7, 0x6e, 0x26, + 0x78, 0xfd, 0xc6, 0x76, 0x18, 0xf1, 0x18, 0x55, 0x86, 0xbf, 0xea, + 0x9d, 0x4c, 0x68, 0x5d, 0x50, 0xe4, 0xbb, 0x9a, 0x82}, + {}, + {0x5b, 0x1d, 0x10, 0x35, 0xc0, 0xb1, 0x7e, 0xe0, 0xb0, 0x44, 0x47, + 0x67, 0xf8, 0x0a, 0x25, 0xb8, 0xc1, 0xb7, 0x41, 0xf4, 0xb5, 0x0a, + 0x4d, 0x30, 0x52, 0x22, 0x6b, 0xaa, 0x1c, 0x6f, 0xb7, 0x01}, + {0xd6, 0x10, 0x40, 0xa3, 0x13, 0xed, 0x49, 0x28, 0x23, 0xcc, 0x06, 0x5b}, + {0x9a, 0x4e, 0xf2, 0x2b, 0x18, 0x16, 0x77, 0xb5, 0x75, 0x5c, 0x08, 0xf7, + 0x47, 0xc0, 0xf8, 0xd8, 0xe8, 0xd4, 0xc1, 0x8a, 0x9c, 0xc2, 0x40, 0x5c, + 0x12, 0xbb, 0x51, 0xbb, 0x18, 0x72, 0xc8, 0xe8, 0xb8, 0x77, 0x67, 0x8b, + 0xec, 0x44, 0x2c, 0xfc, 0xbb, 0x0f, 0xf4, 0x64, 0xa6, 0x4b, 0x74, 0x33, + 0x2c, 0xf0, 0x72, 0x89, 0x8c, 0x7e, 0x0e, 0xdd, 0xf6, 0x23, 0x2e, 0xa6, + 0xe2, 0x7e, 0xfe, 0x50, 0x9f, 0xf3, 0x42, 0x7a, 0x0f, 0x32, 0xfa, 0x56, + 0x6d, 0x9c, 0xa0, 0xa7, 0x8a, 0xef, 0xc0, 0x13}, + false, + false}, + + // Comment: + {28, + {0x94, 0xee, 0x16, 0x6d, 0x6d, 0x6e, 0xcf, 0x88, 0x32, 0x43, 0x71, + 0x36, 0xb4, 0xae, 0x80, 0x5d, 0x42, 0x88, 0x64, 0x35, 0x95, 0x86, + 0xd9, 0x19, 0x3a, 0x25, 0x01, 0x62, 0x93, 0xed, 0xba, 0x44, 0x3c, + 0x58, 0xe0, 0x7e, 0x7b, 0x71, 0x95, 0xec, 0x5b, 0xd8, 0x45, 0x82, + 0xa9, 0xd5, 0x6c, 0x8d, 0x4a, 0x10, 0x8c, 0x7d, 0x7c, 0xe3, 0x4e, + 0x6c, 0x6f, 0x8e, 0xa1, 0xbe, 0xc0, 0x56, 0x73, 0x17}, + {0x71, 0x93, 0xf6, 0x23, 0x66, 0x33, 0x21, 0xa2}, + {0x97, 0xd6, 0x35, 0xc4, 0xf4, 0x75, 0x74, 0xd9, 0x99, 0x8a, 0x90, + 0x87, 0x5d, 0xa1, 0xd3, 0xa2, 0x84, 0xb7, 0x55, 0xb2, 0xd3, 0x92, + 0x97, 0xa5, 0x72, 0x52, 0x35, 0x19, 0x0e, 0x10, 0xa9, 0x7e}, + {0xd3, 0x1c, 0x21, 0xab, 0xa1, 0x75, 0xb7, 0x0d, 0xe4, 0xeb, 0xb1, 0x9c}, + {0x5f, 0xbb, 0xde, 0xcc, 0x34, 0xbe, 0x20, 0x16, 0x14, 0xf6, 0x36, 0x03, + 0x1e, 0xeb, 0x42, 0xf1, 0xca, 0xce, 0x3c, 0x79, 0xa1, 0x2c, 0xff, 0xd8, + 0x71, 0xee, 0x8e, 0x73, 0x82, 0x0c, 0x82, 0x97, 0x49, 0xf1, 0xab, 0xb4, + 0x29, 0x43, 0x67, 0x84, 0x9f, 0xb6, 0xc2, 0xaa, 0x56, 0xbd, 0xa8, 0xa3, + 0x07, 0x8f, 0x72, 0x3d, 0x7c, 0x1c, 0x85, 0x20, 0x24, 0xb0, 0x17, 0xb5, + 0x89, 0x73, 0xfb, 0x1e, 0x09, 0x26, 0x3d, 0xa7, 0xb4, 0xcb, 0x92, 0x14, + 0x52, 0xf9, 0x7d, 0xca, 0x40, 0xf5, 0x80, 0xec}, + false, + false}, + + // Comment: + {29, + {0xb4, 0x29, 0xeb, 0x80, 0xfb, 0x8f, 0xe8, 0xba, 0xed, 0xa0, 0xc8, + 0x5b, 0x9c, 0x33, 0x34, 0x58, 0xe7, 0xc2, 0x99, 0x2e, 0x55, 0x84, + 0x75, 0x06, 0x9d, 0x12, 0xd4, 0x5c, 0x22, 0x21, 0x75, 0x64, 0x12, + 0x15, 0x88, 0x03, 0x22, 0x97, 0xef, 0xf5, 0x67, 0x83, 0x74, 0x2a, + 0x5f, 0xc2, 0x2d, 0x74, 0x10, 0xff, 0xb2, 0x9d, 0x66, 0x09, 0x86, + 0x61, 0xd7, 0x6f, 0x12, 0x6c, 0x3c, 0x27, 0x68, 0x9e, 0x43, 0xb3, + 0x72, 0x67, 0xca, 0xc5, 0xa3, 0xa6, 0xd3, 0xab, 0x49, 0xe3, 0x91, + 0xda, 0x29, 0xcd, 0x30, 0x54, 0xa5, 0x69, 0x2e, 0x28, 0x07, 0xe4, + 0xc3, 0xea, 0x46, 0xc8, 0x76, 0x1d, 0x50, 0xf5, 0x92}, + {}, + {0xfe, 0x6e, 0x55, 0xbd, 0xae, 0xd1, 0xf7, 0x28, 0x4c, 0xa5, 0xfc, + 0x0f, 0x8c, 0x5f, 0x2b, 0x8d, 0xf5, 0x6d, 0xc0, 0xf4, 0x9e, 0x8c, + 0xa6, 0x6a, 0x41, 0x99, 0x5e, 0x78, 0x33, 0x51, 0xf9, 0x01}, + {0x17, 0xc8, 0x6a, 0x8a, 0xbb, 0xb7, 0xe0, 0x03, 0xac, 0xde, 0x27, 0x99}, + {0xd0, 0x10, 0x2f, 0x6c, 0x25, 0x8b, 0xf4, 0x97, 0x42, 0xce, 0xc3, 0x4c, + 0xf2, 0xd0, 0xfe, 0xdf, 0x23, 0xd1, 0x05, 0xfb, 0x4c, 0x84, 0xcf, 0x98, + 0x51, 0x5e, 0x1b, 0xc9, 0xa6, 0x4f, 0x8a, 0xd5, 0xbe, 0x8f, 0x07, 0x21, + 0xbd, 0xe5, 0x06, 0x45, 0xd0, 0x00, 0x83, 0xc3, 0xa2, 0x63, 0xa3, 0x10, + 0x53, 0xb7, 0x60, 0x24, 0x5f, 0x52, 0xae, 0x28, 0x66, 0xa5, 0xec, 0x83, + 0xb1, 0x9f, 0x61, 0xbe, 0x1d, 0x30, 0xd5, 0xc5, 0xd9, 0xfe, 0xcc, 0x4c, + 0xbb, 0xe0, 0x8f, 0xd3, 0x85, 0x81, 0x3a, 0x2a, 0xa3, 0x9a, 0x00, 0xff, + 0x9c, 0x10, 0xf7, 0xf2, 0x37, 0x02, 0xad, 0xd1, 0xe4, 0xb2, 0xff, 0xa3, + 0x1c, 0x41, 0x86, 0x5f, 0xc7, 0x1d, 0xe1, 0x2b, 0x19, 0x61, 0x21, 0x27, + 0xce, 0x49, 0x99, 0x3b, 0xb0}, + false, + false}, + + // Comment: + {30, + {0xce, 0xb5, 0x34, 0xce, 0x50, 0xdc, 0x23, 0xff, 0x63, 0x8a, 0xce, + 0x3e, 0xf6, 0x3a, 0xb2, 0xcc, 0x29, 0x73, 0xee, 0xad, 0xa8, 0x07, + 0x85, 0xfc, 0x16, 0x5d, 0x06, 0xc2, 0xf5, 0x10, 0x0f, 0xf5, 0xe8, + 0xab, 0x28, 0x82, 0xc4, 0x75, 0xaf, 0xcd, 0x05, 0xcc, 0xd4, 0x9f, + 0x2e, 0x7d, 0x8f, 0x55, 0xef, 0x3a, 0x72, 0xe3, 0xdc, 0x51, 0xd6, + 0x85, 0x2b, 0x8e, 0x6b, 0x9e, 0x7a, 0xec, 0xe5, 0x7b, 0xe6, 0x55, + 0x6b, 0x0b, 0x6d, 0x94, 0x13, 0xe3, 0x3f, 0xc5, 0xfc, 0x24, 0xa9, + 0xa2, 0x05, 0xad, 0x59, 0x57, 0x4b, 0xb3, 0x9d, 0x94, 0x4a, 0x92, + 0xdc, 0x47, 0x97, 0x0d, 0x84, 0xa6, 0xad, 0x31, 0x76}, + {0xa1, 0x1c, 0x40, 0xb6, 0x03, 0x76, 0x73, 0x30}, + {0xaa, 0xbc, 0x06, 0x34, 0x74, 0xe6, 0x5c, 0x4c, 0x3e, 0x9b, 0xdc, + 0x48, 0x0d, 0xea, 0x97, 0xb4, 0x51, 0x10, 0xc8, 0x61, 0x88, 0x46, + 0xff, 0x6b, 0x15, 0xbd, 0xd2, 0xa4, 0xa5, 0x68, 0x2c, 0x4e}, + {0x46, 0x36, 0x2f, 0x45, 0xd6, 0x37, 0x9e, 0x63, 0xe5, 0x22, 0x94, 0x60}, + {0x75, 0x45, 0x39, 0x1b, 0x51, 0xde, 0x01, 0xd5, 0xc5, 0x3d, 0xfa, 0xca, + 0x77, 0x79, 0x09, 0x06, 0x3e, 0x58, 0xed, 0xee, 0x4b, 0xb1, 0x22, 0x7e, + 0x71, 0x10, 0xac, 0x4d, 0x26, 0x20, 0xc2, 0xae, 0xc2, 0xf8, 0x48, 0xf5, + 0x6d, 0xee, 0xb0, 0x37, 0xa8, 0xdc, 0xed, 0x75, 0xaf, 0xa8, 0xa6, 0xc8, + 0x90, 0xe2, 0xde, 0xe4, 0x2f, 0x95, 0x0b, 0xb3, 0x3d, 0x9e, 0x24, 0x24, + 0xd0, 0x8a, 0x50, 0x5d, 0x89, 0x95, 0x63, 0x97, 0x3e, 0xd3, 0x88, 0x70, + 0xf3, 0xde, 0x6e, 0xe2, 0xad, 0xc7, 0xfe, 0x07, 0x2c, 0x36, 0x6c, 0x14, + 0xe2, 0xcf, 0x7c, 0xa6, 0x2f, 0xb3, 0xd3, 0x6b, 0xee, 0x11, 0x68, 0x54, + 0x61, 0xb7, 0x0d, 0x44, 0xef, 0x8c, 0x66, 0xc5, 0xc7, 0xbb, 0xf1, 0x0d, + 0xca, 0xdd, 0x7f, 0xac, 0xf6}, + false, + false}, + + // Comment: + {31, + {0xe5, 0xcc, 0xaa, 0x44, 0x1b, 0xc8, 0x14, 0x68, 0x8f, 0x8f, 0x6e, 0x8f, + 0x28, 0xb5, 0x00, 0xb2}, + {0x02}, + {0x7d, 0x00, 0xb4, 0x80, 0x95, 0xad, 0xfa, 0x32, 0x72, 0x05, 0x06, + 0x07, 0xb2, 0x64, 0x18, 0x50, 0x02, 0xba, 0x99, 0x95, 0x7c, 0x49, + 0x8b, 0xe0, 0x22, 0x77, 0x0f, 0x2c, 0xe2, 0xf3, 0x14, 0x3c}, + {0x87, 0x34, 0x5f, 0x10, 0x55, 0xfd, 0x9e, 0x21, 0x02, 0xd5, 0x06, 0x56}, + {0x7e, 0x72, 0xf5, 0xa1, 0x85, 0xaf, 0x16, 0xa6, 0x11, 0x92, 0x1b, + 0x43, 0x8f, 0x74, 0x9f, 0x0b, 0x12, 0x42, 0xc6, 0x70, 0x73, 0x23, + 0x34, 0x02, 0x9a, 0xdf, 0xe1, 0xc5, 0x00, 0x16, 0x51, 0xe4}, + false, + false}, + + // Comment: + {32, + {0x02, 0xcd, 0xe1, 0x68, 0xfb, 0xa3, 0xf5, 0x44, 0xbb, 0xd0, 0x33, 0x2f, + 0x7a, 0xde, 0xad, 0xa8}, + {0xb6, 0x48}, + {0x64, 0x32, 0x71, 0x7f, 0x1d, 0xb8, 0x5e, 0x41, 0xac, 0x78, 0x36, + 0xbc, 0xe2, 0x51, 0x85, 0xa0, 0x80, 0xd5, 0x76, 0x2b, 0x9e, 0x2b, + 0x18, 0x44, 0x4b, 0x6e, 0xc7, 0x2c, 0x3b, 0xd8, 0xe4, 0xdc}, + {0x87, 0xa3, 0x16, 0x3e, 0xc0, 0x59, 0x8a, 0xd9, 0x5b, 0x3a, 0xa7, 0x13}, + {0x85, 0xf2, 0x9a, 0x71, 0x95, 0x57, 0xcd, 0xd1, 0x4d, 0x1f, 0x8f, + 0xff, 0xab, 0x6d, 0x9e, 0x60, 0x73, 0x2c, 0xa3, 0x2b, 0xec, 0xd5, + 0x15, 0xa1, 0xed, 0x35, 0x3f, 0x54, 0x2e, 0x99, 0x98, 0x58}, + false, + false}, + + // Comment: + {33, + {0x16, 0xdd, 0xd2, 0x3f, 0xf5, 0x3f, 0x3d, 0x23, 0xc0, 0x63, 0x34, 0x48, + 0x70, 0x40, 0xeb, 0x47}, + {0xbd, 0x4c, 0xd0, 0x2f, 0xc7, 0x50, 0x2b, 0xbd, 0xbd, 0xf6, 0xc9, 0xa3, + 0xcb, 0xe8, 0xf0}, + {0x8e, 0x34, 0xcf, 0x73, 0xd2, 0x45, 0xa1, 0x08, 0x2a, 0x92, 0x0b, + 0x86, 0x36, 0x4e, 0xb8, 0x96, 0xc4, 0x94, 0x64, 0x67, 0xbc, 0xb3, + 0xd5, 0x89, 0x29, 0xfc, 0xb3, 0x66, 0x90, 0xe6, 0x39, 0x4f}, + {0x6f, 0x57, 0x3a, 0xa8, 0x6b, 0xaa, 0x49, 0x2b, 0xa4, 0x65, 0x96, 0xdf}, + {0xc1, 0xb2, 0x95, 0x93, 0x6d, 0x56, 0xfa, 0xda, 0xc0, 0x3e, 0x5f, + 0x74, 0x2b, 0xff, 0x73, 0xa1, 0x39, 0xc4, 0x57, 0xdb, 0xab, 0x66, + 0x38, 0x2b, 0xab, 0xb3, 0xb5, 0x58, 0x00, 0xcd, 0xa5, 0xb8}, + false, + false}, + + // Comment: + {34, + {0x62, 0x3b, 0x78, 0x50, 0xc3, 0x21, 0xe2, 0xcf, 0x0c, 0x6f, 0xbc, 0xc8, + 0xdf, 0xd1, 0xaf, 0xf2}, + {0x89, 0xcc, 0xe9, 0xfb, 0x47, 0x44, 0x1d, 0x07, 0xe0, 0x24, 0x5a, 0x66, + 0xfe, 0x8b, 0x77, 0x8b}, + {0xcb, 0x55, 0x75, 0xf5, 0xc7, 0xc4, 0x5c, 0x91, 0xcf, 0x32, 0x0b, + 0x13, 0x9f, 0xb5, 0x94, 0x23, 0x75, 0x60, 0xd0, 0xa3, 0xe6, 0xf8, + 0x65, 0xa6, 0x7d, 0x4f, 0x63, 0x3f, 0x2c, 0x08, 0xf0, 0x16}, + {0x1a, 0x65, 0x18, 0xf0, 0x2e, 0xde, 0x1d, 0xa6, 0x80, 0x92, 0x66, 0xd9}, + {0xc8, 0x4c, 0x9b, 0xb7, 0xc6, 0x1c, 0x1b, 0xcb, 0x17, 0x77, 0x2a, + 0x1c, 0x50, 0x0c, 0x50, 0x95, 0xdb, 0xad, 0xf7, 0xa5, 0x13, 0x8c, + 0xa0, 0x34, 0x59, 0xa2, 0xcd, 0x65, 0x83, 0x1e, 0x09, 0x2f}, + false, + false}, + + // Comment: + {35, + {0x87, 0xb3, 0xa4, 0xd7, 0xb2, 0x6d, 0x8d, 0x32, 0x03, 0xa0, 0xde, 0x1d, + 0x64, 0xef, 0x82, 0xe3}, + {0xd1, 0x9f, 0x2d, 0x98, 0x90, 0x95, 0xf7, 0xab, 0x03, 0xa5, 0xfd, 0xe8, + 0x44, 0x16, 0xe0, 0x0c, 0x0e}, + {0xa5, 0x56, 0x9e, 0x72, 0x9a, 0x69, 0xb2, 0x4b, 0xa6, 0xe0, 0xff, + 0x15, 0xc4, 0x62, 0x78, 0x97, 0x43, 0x68, 0x24, 0xc9, 0x41, 0xe9, + 0xd0, 0x0b, 0x2e, 0x93, 0xfd, 0xdc, 0x4b, 0xa7, 0x76, 0x57}, + {0x56, 0x4d, 0xee, 0x49, 0xab, 0x00, 0xd2, 0x40, 0xfc, 0x10, 0x68, 0xc3}, + {0x94, 0xbc, 0x80, 0x62, 0x1e, 0xd1, 0xe7, 0x1b, 0x1f, 0xd2, 0xb5, + 0xc3, 0xa1, 0x5e, 0x35, 0x68, 0x33, 0x35, 0x11, 0x86, 0x17, 0x96, + 0x97, 0x84, 0x01, 0x59, 0x8b, 0x96, 0x37, 0x22, 0xf5, 0xb3}, + false, + false}, + + // Comment: + {36, + {0xe6, 0x01, 0xb3, 0x85, 0x57, 0x79, 0x7d, 0xa2, 0xf8, 0xa4, 0x10, 0x6a, + 0x08, 0x9d, 0x1d, 0xa6}, + {0x5e, 0x64, 0x70, 0xfa, 0xcd, 0x99, 0xc1, 0xd8, 0x1e, 0x37, + 0xcd, 0x44, 0x01, 0x5f, 0xe1, 0x94, 0x80, 0xa2, 0xa4, 0xd3, + 0x35, 0x2a, 0x4f, 0xf5, 0x60, 0xc0, 0x64, 0x0f, 0xdb, 0xda}, + {0x56, 0x20, 0x74, 0x65, 0xb4, 0xe4, 0x8e, 0x6d, 0x04, 0x63, 0x0f, + 0x4a, 0x42, 0xf3, 0x5c, 0xfc, 0x16, 0x3a, 0xb2, 0x89, 0xc2, 0x2a, + 0x2b, 0x47, 0x84, 0xf6, 0xf9, 0x29, 0x03, 0x30, 0xbe, 0xe0}, + {0xdf, 0x87, 0x13, 0xe8, 0x7e, 0xc3, 0xdb, 0xcf, 0xad, 0x14, 0xd5, 0x3e}, + {0x29, 0x9b, 0x5d, 0x3f, 0x3d, 0x03, 0xc0, 0x87, 0x20, 0x9a, 0x16, + 0xe2, 0x85, 0x14, 0x31, 0x11, 0x4b, 0x45, 0x4e, 0xd1, 0x98, 0xde, + 0x11, 0x7e, 0x83, 0xec, 0x49, 0xfa, 0x8d, 0x85, 0x08, 0xd6}, + false, + false}, + + // Comment: + {37, + {0xdc, 0x9e, 0x9e, 0xaf, 0x11, 0xe3, 0x14, 0x18, 0x2d, 0xf6, 0xa4, 0xeb, + 0xa1, 0x7a, 0xec, 0x9c}, + {0xba, 0x44, 0x6f, 0x6f, 0x9a, 0x0c, 0xed, 0x22, 0x45, 0x0f, 0xeb, + 0x10, 0x73, 0x7d, 0x90, 0x07, 0xfd, 0x69, 0xab, 0xc1, 0x9b, 0x1d, + 0x4d, 0x90, 0x49, 0xa5, 0x55, 0x1e, 0x86, 0xec, 0x2b, 0x37}, + {0x39, 0x37, 0x98, 0x6a, 0xf8, 0x6d, 0xaf, 0xc1, 0xba, 0x0c, 0x46, + 0x72, 0xd8, 0xab, 0xc4, 0x6c, 0x20, 0x70, 0x62, 0x68, 0x2d, 0x9c, + 0x26, 0x4a, 0xb0, 0x6d, 0x6c, 0x58, 0x07, 0x20, 0x51, 0x30}, + {0x8d, 0xf4, 0xb1, 0x5a, 0x88, 0x8c, 0x33, 0x28, 0x6a, 0x7b, 0x76, 0x51}, + {0x60, 0x5b, 0xbf, 0x90, 0xae, 0xb9, 0x74, 0xf6, 0x60, 0x2b, 0xc7, + 0x78, 0x05, 0x6f, 0x0d, 0xca, 0x38, 0xea, 0x23, 0xd9, 0x90, 0x54, + 0xb4, 0x6b, 0x42, 0xff, 0xe0, 0x04, 0x12, 0x9d, 0x22, 0x04}, + false, + false}, + + // Comment: + {38, + {0x81, 0xce, 0x84, 0xed, 0xe9, 0xb3, 0x58, 0x59, 0xcc, 0x8c, 0x49, 0xa8, + 0xf6, 0xbe, 0x7d, 0xc6}, + {0xd4, 0x1a, 0x82, 0x8d, 0x5e, 0x71, 0x82, 0x92, 0x47, 0x02, 0x19, + 0x05, 0x40, 0x2e, 0xa2, 0x57, 0xdc, 0xcb, 0xc3, 0xb8, 0x0f, 0xcd, + 0x56, 0x75, 0x05, 0x6b, 0x68, 0xbb, 0x59, 0xe6, 0x2e, 0x88, 0x73}, + {0x36, 0x37, 0x2a, 0xbc, 0xdb, 0x78, 0xe0, 0x27, 0x96, 0x46, 0xac, + 0x3d, 0x17, 0x6b, 0x96, 0x74, 0xe9, 0x15, 0x4e, 0xec, 0xf0, 0xd5, + 0x46, 0x9c, 0x65, 0x1e, 0xc7, 0xe1, 0x6b, 0x4c, 0x11, 0x99}, + {0xbe, 0x40, 0xe5, 0xf1, 0xa1, 0x18, 0x17, 0xa0, 0xa8, 0xfa, 0x89, 0x49}, + {0x7b, 0x7c, 0xe0, 0xd8, 0x24, 0x80, 0x9a, 0x70, 0xde, 0x32, 0x56, + 0x2c, 0xcf, 0x2c, 0x2b, 0xbd, 0x15, 0xd4, 0x4a, 0x00, 0xce, 0x0d, + 0x19, 0xb4, 0x23, 0x1f, 0x92, 0x1e, 0x22, 0xbc, 0x0a, 0x43}, + false, + false}, + + // Comment: + {39, + {0xa6, 0x67, 0x47, 0xc8, 0x9e, 0x85, 0x7a, 0xf3, 0xa1, 0x8e, 0x2c, 0x79, + 0x50, 0x00, 0x87, 0xed}, + {0x3f, 0x2d, 0xd4, 0x9b, 0xbf, 0x09, 0xd6, 0x9a, 0x78, 0xa3, 0xd8, 0x0e, + 0xa2, 0x56, 0x66, 0x14, 0xfc, 0x37, 0x94, 0x74, 0x19, 0x6c, 0x1a, 0xae, + 0x84, 0x58, 0x3d, 0xa7, 0x3d, 0x7f, 0xf8, 0x5c, 0x6f, 0x42, 0xca, 0x42, + 0x05, 0x6a, 0x97, 0x92, 0xcc, 0x1b, 0x9f, 0xb3, 0xc7, 0xd2, 0x61}, + {0x9f, 0x14, 0x79, 0xed, 0x09, 0x7d, 0x7f, 0xe5, 0x29, 0xc1, 0x1f, + 0x2f, 0x5a, 0xdd, 0x9a, 0xaf, 0xf4, 0xa1, 0xca, 0x0b, 0x68, 0x99, + 0x7a, 0x2c, 0xb7, 0xf7, 0x97, 0x49, 0xbd, 0x90, 0xaa, 0xf4}, + {0x84, 0xc8, 0x7d, 0xae, 0x4e, 0xee, 0x27, 0x73, 0x0e, 0xc3, 0x5d, 0x12}, + {0xca, 0x82, 0xbf, 0xf3, 0xe2, 0xf3, 0x10, 0xcc, 0xc9, 0x76, 0x67, + 0x2c, 0x44, 0x15, 0xe6, 0x9b, 0x57, 0x63, 0x8c, 0x62, 0xa5, 0xd8, + 0x5d, 0xed, 0x77, 0x4f, 0x91, 0x3c, 0x81, 0x3e, 0xa0, 0x32}, + false, + false}, + + // Comment: + {40, + {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04, + 0x84, 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb, + 0x3b, 0x7b, 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe6, 0xd3, 0xd7, 0x32, + 0x4a, 0x1c, 0xbb, 0xa7, 0x77, 0xbb, 0xb0, 0xec, 0xdd, 0xa3, 0x78, 0x07}, + false, + false}, + + // Comment: + {41, + {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04, + 0x84, 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb, + 0x3b, 0x7b, 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe, 0xe3, + 0xbc, 0xdb, 0x5b, 0x1e, 0xde, 0xfc, 0xfe, 0x8b, 0xcd, 0xa1, 0xb6, + 0xa1, 0x5c, 0x8c, 0x2b, 0x08, 0x69, 0xff, 0xd2, 0xec, 0x5e, 0x26, + 0xe5, 0x53, 0xb7, 0xb2, 0x27, 0xfe, 0x87, 0xfd, 0xbd}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x06, 0x2d, 0xe6, 0x79, 0x5f, 0x27, 0x4f, 0xd2, + 0xa3, 0x05, 0xd7, 0x69, 0x80, 0xbc, 0x9c, 0xce}, + false, + false}, + + // Comment: + {42, + {0x25, 0x6d, 0x40, 0x88, 0x80, 0x94, 0x17, 0x83, 0x55, 0xd3, 0x04, 0x84, + 0x64, 0x43, 0xfe, 0xe8, 0xdf, 0x99, 0x47, 0x03, 0x03, 0xfb, 0x3b, 0x7b, + 0x80, 0xe0, 0x30, 0xbe, 0xeb, 0xd3, 0x29, 0xbe, 0xe3, 0xbc, 0xdb, 0x5b, + 0x1e, 0xde, 0xfc, 0xfe, 0x8b, 0xcd, 0xa1, 0xb6, 0xa1, 0x5c, 0x8c, 0x2b, + 0x08, 0x69, 0xff, 0xd2, 0xec, 0x5e, 0x26, 0xe5, 0x53, 0xb7, 0xb2, 0x27, + 0xfe, 0x87, 0xfd, 0xbd, 0x7a, 0xda, 0x44, 0x42, 0x42, 0x69, 0xbf, 0xfa, + 0x55, 0x27, 0xf2, 0x70, 0xac, 0xf6, 0x85, 0x02, 0xb7, 0x4c, 0x5a, 0xe2, + 0xe6, 0x0c, 0x05, 0x80, 0x98, 0x1a, 0x49, 0x38, 0x45, 0x93, 0x92, 0xc4, + 0x9b, 0xb2, 0xf2, 0x84, 0xb6, 0x46, 0xef, 0xc7, 0xf3, 0xf0, 0xb1, 0x36, + 0x1d, 0xc3, 0x48, 0xed, 0x77, 0xd3, 0x0b, 0xc5, 0x76, 0x92, 0xed, 0x38, + 0xfb, 0xac, 0x01, 0x88, 0x38, 0x04, 0x88, 0xc7}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd8, 0xb4, 0x79, 0x02, + 0xba, 0xae, 0xaf, 0xb3, 0x42, 0x03, 0x05, 0x15, 0x29, 0xaf, 0x28, 0x2e}, + false, + false}, + + // Comment: + {43, + {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb, + 0x7b, 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04, + 0xc4, 0x84, 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xb3, 0x89, 0x1c, 0x84, + 0x9c, 0xb5, 0x2c, 0x27, 0x74, 0x7e, 0xdf, 0xcf, 0x31, 0x21, 0x3b, 0xb6}, + false, + false}, + + // Comment: + {44, + {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb, + 0x7b, 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04, + 0xc4, 0x84, 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41, 0x1c, + 0x43, 0x24, 0xa4, 0xe1, 0x21, 0x03, 0x01, 0x74, 0x32, 0x5e, 0x49, + 0x5e, 0xa3, 0x73, 0xd4, 0xf7, 0x96, 0x00, 0x2d, 0x13, 0xa1, 0xd9, + 0x1a, 0xac, 0x48, 0x4d, 0xd8, 0x01, 0x78, 0x02, 0x42}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xf0, 0xc1, 0x2d, 0x26, 0xef, 0x03, 0x02, 0x9b, + 0x62, 0xc0, 0x08, 0xda, 0x27, 0xc5, 0xdc, 0x68}, + false, + false}, + + // Comment: + {45, + {0xda, 0x92, 0xbf, 0x77, 0x7f, 0x6b, 0xe8, 0x7c, 0xaa, 0x2c, 0xfb, 0x7b, + 0x9b, 0xbc, 0x01, 0x17, 0x20, 0x66, 0xb8, 0xfc, 0xfc, 0x04, 0xc4, 0x84, + 0x7f, 0x1f, 0xcf, 0x41, 0x14, 0x2c, 0xd6, 0x41, 0x1c, 0x43, 0x24, 0xa4, + 0xe1, 0x21, 0x03, 0x01, 0x74, 0x32, 0x5e, 0x49, 0x5e, 0xa3, 0x73, 0xd4, + 0xf7, 0x96, 0x00, 0x2d, 0x13, 0xa1, 0xd9, 0x1a, 0xac, 0x48, 0x4d, 0xd8, + 0x01, 0x78, 0x02, 0x42, 0x85, 0x25, 0xbb, 0xbd, 0xbd, 0x96, 0x40, 0x05, + 0xaa, 0xd8, 0x0d, 0x8f, 0x53, 0x09, 0x7a, 0xfd, 0x48, 0xb3, 0xa5, 0x1d, + 0x19, 0xf3, 0xfa, 0x7f, 0x67, 0xe5, 0xb6, 0xc7, 0xba, 0x6c, 0x6d, 0x3b, + 0x64, 0x4d, 0x0d, 0x7b, 0x49, 0xb9, 0x10, 0x38, 0x0c, 0x0f, 0x4e, 0xc9, + 0xe2, 0x3c, 0xb7, 0x12, 0x88, 0x2c, 0xf4, 0x3a, 0x89, 0x6d, 0x12, 0xc7, + 0x04, 0x53, 0xfe, 0x77, 0xc7, 0xfb, 0x77, 0x38}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xee, 0x65, 0x78, 0x30, + 0x01, 0xc2, 0x56, 0x91, 0xfa, 0x28, 0xd0, 0xf5, 0xf1, 0xc1, 0xd7, 0x62}, + false, + false}, + + // Comment: + {46, + {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04, + 0x04, 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb, + 0x3b, 0xfb, 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x79, 0xba, 0x7a, 0x29, + 0xf5, 0xa7, 0xbb, 0x75, 0x79, 0x7a, 0xf8, 0x7a, 0x61, 0x01, 0x29, 0xa4}, + false, + false}, + + // Comment: + {47, + {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04, + 0x04, 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb, + 0x3b, 0xfb, 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e, 0xe3, + 0xbc, 0xdb, 0xdb, 0x1e, 0xde, 0xfc, 0x7e, 0x8b, 0xcd, 0xa1, 0x36, + 0xa1, 0x5c, 0x8c, 0xab, 0x08, 0x69, 0xff, 0x52, 0xec, 0x5e, 0x26, + 0x65, 0x53, 0xb7, 0xb2, 0xa7, 0xfe, 0x87, 0xfd, 0x3d}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x36, 0xb1, 0x74, 0x38, 0x19, 0xe1, 0xb9, 0xba, + 0x15, 0x51, 0xe8, 0xed, 0x92, 0x2a, 0x95, 0x9a}, + false, + false}, + + // Comment: + {48, + {0x25, 0x6d, 0x40, 0x08, 0x80, 0x94, 0x17, 0x03, 0x55, 0xd3, 0x04, 0x04, + 0x64, 0x43, 0xfe, 0x68, 0xdf, 0x99, 0x47, 0x83, 0x03, 0xfb, 0x3b, 0xfb, + 0x80, 0xe0, 0x30, 0x3e, 0xeb, 0xd3, 0x29, 0x3e, 0xe3, 0xbc, 0xdb, 0xdb, + 0x1e, 0xde, 0xfc, 0x7e, 0x8b, 0xcd, 0xa1, 0x36, 0xa1, 0x5c, 0x8c, 0xab, + 0x08, 0x69, 0xff, 0x52, 0xec, 0x5e, 0x26, 0x65, 0x53, 0xb7, 0xb2, 0xa7, + 0xfe, 0x87, 0xfd, 0x3d, 0x7a, 0xda, 0x44, 0xc2, 0x42, 0x69, 0xbf, 0x7a, + 0x55, 0x27, 0xf2, 0xf0, 0xac, 0xf6, 0x85, 0x82, 0xb7, 0x4c, 0x5a, 0x62, + 0xe6, 0x0c, 0x05, 0x00, 0x98, 0x1a, 0x49, 0xb8, 0x45, 0x93, 0x92, 0x44, + 0x9b, 0xb2, 0xf2, 0x04, 0xb6, 0x46, 0xef, 0x47, 0xf3, 0xf0, 0xb1, 0xb6, + 0x1d, 0xc3, 0x48, 0x6d, 0x77, 0xd3, 0x0b, 0x45, 0x76, 0x92, 0xed, 0xb8, + 0xfb, 0xac, 0x01, 0x08, 0x38, 0x04, 0x88, 0x47}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0xfe, 0xac, 0x49, 0x55, + 0x55, 0x4e, 0x80, 0x6f, 0x3a, 0x19, 0x02, 0xe2, 0x44, 0x32, 0xc0, 0x8a}, + false, + false}, + + // Comment: + {49, + {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb, + 0xfb, 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04, + 0xc4, 0x04, 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0x20, 0xa3, 0x79, 0x8d, + 0xf1, 0x29, 0x2c, 0x59, 0x72, 0xbf, 0x97, 0x41, 0xae, 0xc3, 0x8a, 0x19}, + false, + false}, + + // Comment: + {50, + {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb, + 0xfb, 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04, + 0xc4, 0x04, 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1, 0x1c, + 0x43, 0x24, 0x24, 0xe1, 0x21, 0x03, 0x81, 0x74, 0x32, 0x5e, 0xc9, + 0x5e, 0xa3, 0x73, 0x54, 0xf7, 0x96, 0x00, 0xad, 0x13, 0xa1, 0xd9, + 0x9a, 0xac, 0x48, 0x4d, 0x58, 0x01, 0x78, 0x02, 0xc2}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3d, 0x9f, 0x67, 0x35, 0x4a, 0x97, 0xb2, + 0xf0, 0x74, 0xf7, 0x55, 0x15, 0x57, 0xe4, 0x9c}, + false, + false}, + + // Comment: + {51, + {0xda, 0x92, 0xbf, 0xf7, 0x7f, 0x6b, 0xe8, 0xfc, 0xaa, 0x2c, 0xfb, 0xfb, + 0x9b, 0xbc, 0x01, 0x97, 0x20, 0x66, 0xb8, 0x7c, 0xfc, 0x04, 0xc4, 0x04, + 0x7f, 0x1f, 0xcf, 0xc1, 0x14, 0x2c, 0xd6, 0xc1, 0x1c, 0x43, 0x24, 0x24, + 0xe1, 0x21, 0x03, 0x81, 0x74, 0x32, 0x5e, 0xc9, 0x5e, 0xa3, 0x73, 0x54, + 0xf7, 0x96, 0x00, 0xad, 0x13, 0xa1, 0xd9, 0x9a, 0xac, 0x48, 0x4d, 0x58, + 0x01, 0x78, 0x02, 0xc2, 0x85, 0x25, 0xbb, 0x3d, 0xbd, 0x96, 0x40, 0x85, + 0xaa, 0xd8, 0x0d, 0x0f, 0x53, 0x09, 0x7a, 0x7d, 0x48, 0xb3, 0xa5, 0x9d, + 0x19, 0xf3, 0xfa, 0xff, 0x67, 0xe5, 0xb6, 0x47, 0xba, 0x6c, 0x6d, 0xbb, + 0x64, 0x4d, 0x0d, 0xfb, 0x49, 0xb9, 0x10, 0xb8, 0x0c, 0x0f, 0x4e, 0x49, + 0xe2, 0x3c, 0xb7, 0x92, 0x88, 0x2c, 0xf4, 0xba, 0x89, 0x6d, 0x12, 0x47, + 0x04, 0x53, 0xfe, 0xf7, 0xc7, 0xfb, 0x77, 0xb8}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xc8, 0x6d, 0xa8, 0xdd, + 0x65, 0x22, 0x86, 0xd5, 0x02, 0x13, 0xd3, 0x28, 0xd6, 0x3e, 0x40, 0x06}, + false, + false}, + + // Comment: + {52, + {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb, + 0x7b, 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04, + 0xc4, 0x84, 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xbe, 0xde, 0x90, 0x83, + 0xce, 0xb3, 0x6d, 0xdf, 0xe5, 0xfa, 0x81, 0x1f, 0x95, 0x47, 0x1c, 0x67}, + false, + false}, + + // Comment: + {53, + {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb, + 0x7b, 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04, + 0xc4, 0x84, 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41, 0x9c, + 0x43, 0x24, 0xa4, 0x61, 0x21, 0x03, 0x01, 0xf4, 0x32, 0x5e, 0x49, + 0xde, 0xa3, 0x73, 0xd4, 0x77, 0x96, 0x00, 0x2d, 0x93, 0xa1, 0xd9, + 0x1a, 0x2c, 0x48, 0x4d, 0xd8, 0x81, 0x78, 0x02, 0x42}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x30, 0x08, 0x74, 0xbb, 0x06, 0x92, 0xb6, 0x89, + 0xde, 0xad, 0x9a, 0xe1, 0x5b, 0x06, 0x73, 0x90}, + false, + false}, + + // Comment: + {54, + {0x5a, 0x92, 0xbf, 0x77, 0xff, 0x6b, 0xe8, 0x7c, 0x2a, 0x2c, 0xfb, 0x7b, + 0x1b, 0xbc, 0x01, 0x17, 0xa0, 0x66, 0xb8, 0xfc, 0x7c, 0x04, 0xc4, 0x84, + 0xff, 0x1f, 0xcf, 0x41, 0x94, 0x2c, 0xd6, 0x41, 0x9c, 0x43, 0x24, 0xa4, + 0x61, 0x21, 0x03, 0x01, 0xf4, 0x32, 0x5e, 0x49, 0xde, 0xa3, 0x73, 0xd4, + 0x77, 0x96, 0x00, 0x2d, 0x93, 0xa1, 0xd9, 0x1a, 0x2c, 0x48, 0x4d, 0xd8, + 0x81, 0x78, 0x02, 0x42, 0x05, 0x25, 0xbb, 0xbd, 0x3d, 0x96, 0x40, 0x05, + 0x2a, 0xd8, 0x0d, 0x8f, 0xd3, 0x09, 0x7a, 0xfd, 0xc8, 0xb3, 0xa5, 0x1d, + 0x99, 0xf3, 0xfa, 0x7f, 0xe7, 0xe5, 0xb6, 0xc7, 0x3a, 0x6c, 0x6d, 0x3b, + 0xe4, 0x4d, 0x0d, 0x7b, 0xc9, 0xb9, 0x10, 0x38, 0x8c, 0x0f, 0x4e, 0xc9, + 0x62, 0x3c, 0xb7, 0x12, 0x08, 0x2c, 0xf4, 0x3a, 0x09, 0x6d, 0x12, 0xc7, + 0x84, 0x53, 0xfe, 0x77, 0x47, 0xfb, 0x77, 0x38}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, + 0x7f, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x99, 0xca, 0xd8, 0x5f, + 0x45, 0xca, 0x40, 0x94, 0x2d, 0x0d, 0x4d, 0x5e, 0x95, 0x0a, 0xde, 0x22}, + false, + false}, + + // Comment: + {55, + {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04, + 0x84, 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04, + 0xc4, 0x84, 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x8b, 0xbe, 0x14, 0x52, + 0x72, 0xe7, 0xc2, 0xd9, 0xa1, 0x89, 0x1a, 0x3a, 0xb0, 0x98, 0x3d, 0x9d}, + false, + false}, + + // Comment: + {56, + {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04, + 0x84, 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04, + 0xc4, 0x84, 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41, 0xe3, + 0xbc, 0xdb, 0x5b, 0xe1, 0x21, 0x03, 0x01, 0x8b, 0xcd, 0xa1, 0xb6, + 0x5e, 0xa3, 0x73, 0xd4, 0x08, 0x69, 0xff, 0xd2, 0x13, 0xa1, 0xd9, + 0x1a, 0x53, 0xb7, 0xb2, 0x27, 0x01, 0x78, 0x02, 0x42}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x3b, 0x41, 0x86, 0x19, 0x13, 0xa8, 0xf6, 0xde, + 0x7f, 0x61, 0xe2, 0x25, 0x63, 0x1b, 0xc3, 0x82}, + false, + false}, + + // Comment: + {57, + {0x25, 0x6d, 0x40, 0x88, 0x7f, 0x6b, 0xe8, 0x7c, 0x55, 0xd3, 0x04, 0x84, + 0x9b, 0xbc, 0x01, 0x17, 0xdf, 0x99, 0x47, 0x03, 0xfc, 0x04, 0xc4, 0x84, + 0x80, 0xe0, 0x30, 0xbe, 0x14, 0x2c, 0xd6, 0x41, 0xe3, 0xbc, 0xdb, 0x5b, + 0xe1, 0x21, 0x03, 0x01, 0x8b, 0xcd, 0xa1, 0xb6, 0x5e, 0xa3, 0x73, 0xd4, + 0x08, 0x69, 0xff, 0xd2, 0x13, 0xa1, 0xd9, 0x1a, 0x53, 0xb7, 0xb2, 0x27, + 0x01, 0x78, 0x02, 0x42, 0x7a, 0xda, 0x44, 0x42, 0xbd, 0x96, 0x40, 0x05, + 0x55, 0x27, 0xf2, 0x70, 0x53, 0x09, 0x7a, 0xfd, 0xb7, 0x4c, 0x5a, 0xe2, + 0x19, 0xf3, 0xfa, 0x7f, 0x98, 0x1a, 0x49, 0x38, 0xba, 0x6c, 0x6d, 0x3b, + 0x9b, 0xb2, 0xf2, 0x84, 0x49, 0xb9, 0x10, 0x38, 0xf3, 0xf0, 0xb1, 0x36, + 0xe2, 0x3c, 0xb7, 0x12, 0x77, 0xd3, 0x0b, 0xc5, 0x89, 0x6d, 0x12, 0xc7, + 0xfb, 0xac, 0x01, 0x88, 0xc7, 0xfb, 0x77, 0x38}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x84, 0x28, 0xbc, 0xf0, + 0x23, 0xec, 0x6b, 0xf3, 0x1f, 0xd9, 0xef, 0xb2, 0x03, 0xff, 0x08, 0x71}, + false, + false}, + + // Comment: + {58, + {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb, + 0x7b, 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb, + 0x3b, 0x7b, 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x13, 0x9f, 0xdf, 0x64, + 0x74, 0xea, 0x24, 0xf5, 0x49, 0xb0, 0x75, 0x82, 0x5f, 0x2c, 0x76, 0x20}, + false, + false}, + + // Comment: + {59, + {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb, + 0x7b, 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb, + 0x3b, 0x7b, 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe, 0x1c, + 0x43, 0x24, 0xa4, 0x1e, 0xde, 0xfc, 0xfe, 0x74, 0x32, 0x5e, 0x49, + 0xa1, 0x5c, 0x8c, 0x2b, 0xf7, 0x96, 0x00, 0x2d, 0xec, 0x5e, 0x26, + 0xe5, 0xac, 0x48, 0x4d, 0xd8, 0xfe, 0x87, 0xfd, 0xbd}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xbb, 0xad, 0x8d, 0x86, 0x3b, 0x83, 0x5a, 0x8e, + 0x86, 0x64, 0xfd, 0x1d, 0x45, 0x66, 0xb6, 0xb4}, + false, + false}, + + // Comment: + {60, + {0xda, 0x92, 0xbf, 0x77, 0x80, 0x94, 0x17, 0x83, 0xaa, 0x2c, 0xfb, 0x7b, + 0x64, 0x43, 0xfe, 0xe8, 0x20, 0x66, 0xb8, 0xfc, 0x03, 0xfb, 0x3b, 0x7b, + 0x7f, 0x1f, 0xcf, 0x41, 0xeb, 0xd3, 0x29, 0xbe, 0x1c, 0x43, 0x24, 0xa4, + 0x1e, 0xde, 0xfc, 0xfe, 0x74, 0x32, 0x5e, 0x49, 0xa1, 0x5c, 0x8c, 0x2b, + 0xf7, 0x96, 0x00, 0x2d, 0xec, 0x5e, 0x26, 0xe5, 0xac, 0x48, 0x4d, 0xd8, + 0xfe, 0x87, 0xfd, 0xbd, 0x85, 0x25, 0xbb, 0xbd, 0x42, 0x69, 0xbf, 0xfa, + 0xaa, 0xd8, 0x0d, 0x8f, 0xac, 0xf6, 0x85, 0x02, 0x48, 0xb3, 0xa5, 0x1d, + 0xe6, 0x0c, 0x05, 0x80, 0x67, 0xe5, 0xb6, 0xc7, 0x45, 0x93, 0x92, 0xc4, + 0x64, 0x4d, 0x0d, 0x7b, 0xb6, 0x46, 0xef, 0xc7, 0x0c, 0x0f, 0x4e, 0xc9, + 0x1d, 0xc3, 0x48, 0xed, 0x88, 0x2c, 0xf4, 0x3a, 0x76, 0x92, 0xed, 0x38, + 0x04, 0x53, 0xfe, 0x77, 0x38, 0x04, 0x88, 0xc7}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0x32, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x42, 0xf2, 0x35, 0x42, + 0x97, 0x84, 0x9a, 0x51, 0x1d, 0x53, 0xe5, 0x57, 0x17, 0x72, 0xf7, 0x1f}, + false, + false}, + + // Comment: Flipped bit 0 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {61, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa2, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 1 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {62, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa1, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 7 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {63, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x23, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 8 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {64, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe2, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 31 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {65, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0x79, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 32 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {66, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfa, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 33 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {67, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xf9, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 63 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {68, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 64 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {69, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5b, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 77 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {70, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xf2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 80 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {71, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x61, 0x7f, + 0x40, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 96 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {72, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x41, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 97 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {73, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x42, 0xb7, 0xf4, 0x47}, + true, + false}, + + // Comment: Flipped bit 120 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {74, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x46}, + true, + false}, + + // Comment: Flipped bit 121 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {75, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x45}, + true, + false}, + + // Comment: Flipped bit 126 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {76, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0x07}, + true, + false}, + + // Comment: Flipped bit 127 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {77, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x1b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0xc7}, + true, + false}, + + // Comment: Flipped bit 63 and 127 in tag expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {78, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xa3, 0xe3, 0xfd, 0xf9, 0xfb, 0xa6, 0x86, 0x9b, 0x5a, 0xd2, 0x60, 0x7f, + 0x40, 0xb7, 0xf4, 0xc7}, + true, + false}, + + // Comment: Tag changed to all zero expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {79, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + true, + false}, + + // Comment: tag change to all 1 expected + // tag:a3e3fdf9fba6861b5ad2607f40b7f447 + {80, + {}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff}, + true, + false}, + + // Comment: Flipped bit 0 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {81, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x26, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 1 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {82, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x25, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 7 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {83, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0xa7, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 8 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {84, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xdb, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 31 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {85, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0xcf, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 32 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {86, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x16, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 33 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {87, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x15, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 63 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {88, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0x32, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 64 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {89, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x39, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 77 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {90, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x64, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 80 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {91, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa4, 0x49, 0x0b, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 96 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {92, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0a, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 97 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {93, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x09, 0xfc, 0x40, 0x01}, + true, + false}, + + // Comment: Flipped bit 120 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {94, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x00}, + true, + false}, + + // Comment: Flipped bit 121 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {95, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x03}, + true, + false}, + + // Comment: Flipped bit 126 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {96, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x41}, + true, + false}, + + // Comment: Flipped bit 127 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {97, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0xb2, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x81}, + true, + false}, + + // Comment: Flipped bit 63 and 127 in tag expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {98, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x27, 0xda, 0x37, 0x4f, 0x17, 0xb7, + 0xf1, 0x32, 0x38, 0x44, 0xa5, 0x49, 0x0b, 0xfc, 0x40, 0x81}, + true, + false}, + + // Comment: Tag changed to all zero expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {99, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + true, + false}, + + // Comment: tag change to all 1 expected + // tag:27da374f17b7f1b23844a5490bfc4001 + {100, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00}, + {0x61, 0x61, 0x64}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0x2c, 0xf8, 0xae, 0x52, 0x5f, 0xc8, 0x60, 0x25, 0x26, 0x8a, 0x4e, + 0x1d, 0x88, 0xbe, 0xad, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + true, + false}, + + // Comment: checking for int overflows + {101, + {0xd4, 0x50, 0x0b, 0xf0, 0x09, 0x49, 0x35, 0x51, 0xc3, 0x80, 0xad, 0xf5, + 0x2c, 0x57, 0x3a, 0x69, 0xdf, 0x7e, 0x8b, 0x76, 0x24, 0x63, 0x33, 0x0f, + 0xac, 0xc1, 0x6a, 0x57, 0x26, 0xbe, 0x71, 0x90, 0xc6, 0x3c, 0x5a, 0x1c, + 0x92, 0x65, 0x84, 0xa0, 0x96, 0x75, 0x68, 0x28, 0xdc, 0xdc, 0x64, 0xac, + 0xdf, 0x96, 0x3d, 0x93, 0x1b, 0xf1, 0xda, 0xe2, 0x38, 0xf3, 0xf1, 0x57, + 0x22, 0x4a, 0xc4, 0xb5, 0x42, 0xd7, 0x85, 0xb0, 0xdd, 0x84, 0xdb, 0x6b, + 0xe3, 0xbc, 0x5a, 0x36, 0x63, 0xe8, 0x41, 0x49, 0xff, 0xbe, 0xd0, 0x9e, + 0x54, 0xf7, 0x8f, 0x16, 0xa8, 0x22, 0x3b, 0x24, 0xcb, 0x01, 0x9f, 0x58, + 0xb2, 0x1b, 0x0e, 0x55, 0x1e, 0x7a, 0xa0, 0x73, 0x27, 0x62, 0x95, 0x51, + 0x37, 0x6c, 0xcb, 0xc3, 0x93, 0x76, 0x71, 0xa0, 0x62, 0x9b, 0xd9, 0x5c, + 0x99, 0x15, 0xc7, 0x85, 0x55, 0x77, 0x1e, 0x7a}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x02, 0x50, 0x6e}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0b, 0x30, 0x0d, 0x8d, + 0xa5, 0x6c, 0x21, 0x85, 0x75, 0x52, 0x79, 0x55, 0x3c, 0x4c, 0x82, 0xca}, + false, + false}, + + // Comment: checking for int overflows + {102, + {0x7d, 0xe8, 0x7f, 0x67, 0x29, 0x94, 0x52, 0x75, 0xd0, 0x65, 0x5d, 0xa4, + 0xc7, 0xfd, 0xe4, 0x56, 0x9e, 0x16, 0xf1, 0x11, 0xb5, 0xeb, 0x26, 0xc2, + 0x2d, 0x85, 0x9e, 0x3f, 0xf8, 0x22, 0xec, 0xed, 0x3a, 0x6d, 0xd9, 0xa6, + 0x0f, 0x22, 0x95, 0x7f, 0x7b, 0x7c, 0x85, 0x7e, 0x88, 0x22, 0xeb, 0x9f, + 0xe0, 0xb8, 0xd7, 0x02, 0x21, 0x41, 0xf2, 0xd0, 0xb4, 0x8f, 0x4b, 0x56, + 0x12, 0xd3, 0x22, 0xa8, 0x8d, 0xd0, 0xfe, 0x0b, 0x4d, 0x91, 0x79, 0x32, + 0x4f, 0x7c, 0x6c, 0x9e, 0x99, 0x0e, 0xfb, 0xd8, 0x0e, 0x5e, 0xd6, 0x77, + 0x58, 0x26, 0x49, 0x8b, 0x1e, 0xfe, 0x0f, 0x71, 0xa0, 0xf3, 0xec, 0x5b, + 0x29, 0xcb, 0x28, 0xc2, 0x54, 0x0a, 0x7d, 0xcd, 0x51, 0xb7, 0xda, 0xae, + 0xe0, 0xff, 0x4a, 0x7f, 0x3a, 0xc1, 0xee, 0x54, 0xc2, 0x9e, 0xe4, 0xc1, + 0x70, 0xde, 0x40, 0x8f, 0x66, 0x69, 0x21, 0x94}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x03, 0x18, 0xa5}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc5, 0x78, 0xe2, 0xaa, + 0x44, 0xd3, 0x09, 0xb7, 0xb6, 0xa5, 0x19, 0x3b, 0xdc, 0x61, 0x18, 0xf5}, + false, + false}, + + // Comment: checking for int overflows + {103, + {0x1b, 0x99, 0x6f, 0x9a, 0x3c, 0xcc, 0x67, 0x85, 0xde, 0x22, 0xff, 0x5b, + 0x8a, 0xdd, 0x95, 0x02, 0xce, 0x03, 0xa0, 0xfa, 0xf5, 0x99, 0x2a, 0x09, + 0x52, 0x2c, 0xdd, 0x12, 0x06, 0xd2, 0x20, 0xb8, 0xf8, 0xbd, 0x07, 0xd1, + 0xf1, 0xf5, 0xa1, 0xbd, 0x9a, 0x71, 0xd1, 0x1c, 0x7f, 0x57, 0x9b, 0x85, + 0x58, 0x18, 0xc0, 0x8d, 0x4d, 0xe0, 0x36, 0x39, 0x31, 0x83, 0xb7, 0xf5, + 0x90, 0xb3, 0x35, 0xae, 0xd8, 0xde, 0x5b, 0x57, 0xb1, 0x3c, 0x5f, 0xed, + 0xe2, 0x44, 0x1c, 0x3e, 0x18, 0x4a, 0xa9, 0xd4, 0x6e, 0x61, 0x59, 0x85, + 0x06, 0xb3, 0xe1, 0x1c, 0x43, 0xc6, 0x2c, 0xbc, 0xac, 0xec, 0xed, 0x33, + 0x19, 0x08, 0x75, 0xb0, 0x12, 0x21, 0x8b, 0x19, 0x30, 0xfb, 0x7c, 0x38, + 0xec, 0x45, 0xac, 0x11, 0xc3, 0x53, 0xd0, 0xcf, 0x93, 0x8d, 0xcc, 0xb9, + 0xef, 0xad, 0x8f, 0xed, 0xbe, 0x46, 0xda, 0xa5}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0xb4, 0xf0}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4b, 0x0b, 0xda, 0x8a, + 0xd0, 0x43, 0x83, 0x0d, 0x83, 0x19, 0xab, 0x82, 0xc5, 0x0c, 0x76, 0x63}, + false, + false}, + + // Comment: checking for int overflows + {104, + {0x86, 0xcb, 0xac, 0xae, 0x4d, 0x3f, 0x74, 0xae, 0x01, 0x21, 0x3e, 0x05, + 0x51, 0xcc, 0x15, 0x16, 0x0e, 0xa1, 0xbe, 0x84, 0x08, 0xe3, 0xd5, 0xd7, + 0x4f, 0x01, 0x46, 0x49, 0x95, 0xa6, 0x9e, 0x61, 0x76, 0xcb, 0x9e, 0x02, + 0xb2, 0x24, 0x7e, 0xd2, 0x99, 0x89, 0x2f, 0x91, 0x82, 0xa4, 0x5c, 0xaf, + 0x4c, 0x69, 0x40, 0x56, 0x11, 0x76, 0x6e, 0xdf, 0xaf, 0xdc, 0x28, 0x55, + 0x19, 0xea, 0x30, 0x48, 0x0c, 0x44, 0xf0, 0x5e, 0x78, 0x1e, 0xac, 0xf8, + 0xfc, 0xec, 0xc7, 0x09, 0x0a, 0xbb, 0x28, 0xfa, 0x5f, 0xd5, 0x85, 0xac, + 0x8c, 0xda, 0x7e, 0x87, 0x72, 0xe5, 0x94, 0xe4, 0xce, 0x6c, 0x88, 0x32, + 0x81, 0x93, 0x2e, 0x0f, 0x89, 0xf8, 0x77, 0xa1, 0xf0, 0x4d, 0x9c, 0x32, + 0xb0, 0x6c, 0xf9, 0x0b, 0x0e, 0x76, 0x2b, 0x43, 0x0c, 0x4d, 0x51, 0x7c, + 0x97, 0x10, 0x70, 0x68, 0xf4, 0x98, 0xef, 0x7f}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0xfb, 0x66}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4b, 0xc9, 0x8f, 0x72, + 0xc4, 0x94, 0xc2, 0xa4, 0x3c, 0x2b, 0x15, 0xa1, 0x04, 0x3f, 0x1c, 0xfa}, + false, + false}, + + // Comment: checking for int overflows + {105, + {0xfa, 0xb1, 0xcd, 0xdf, 0x4f, 0xe1, 0x98, 0xef, 0x63, 0xad, 0xd8, 0x81, + 0xd6, 0xea, 0xd6, 0xc5, 0x76, 0x37, 0xbb, 0xe9, 0x20, 0x18, 0xca, 0x7c, + 0x0b, 0x96, 0xfb, 0xa0, 0x87, 0x1e, 0x93, 0x2d, 0xb1, 0xfb, 0xf9, 0x07, + 0x61, 0xbe, 0x25, 0xdf, 0x8d, 0xfa, 0xf9, 0x31, 0xce, 0x57, 0x57, 0xe6, + 0x17, 0xb3, 0xd7, 0xa9, 0xf0, 0xbf, 0x0f, 0xfe, 0x5d, 0x59, 0x1a, 0x33, + 0xc1, 0x43, 0xb8, 0xf5, 0x3f, 0xd0, 0xb5, 0xa1, 0x96, 0x09, 0xfd, 0x62, + 0xe5, 0xc2, 0x51, 0xa4, 0x28, 0x1a, 0x20, 0x0c, 0xfd, 0xc3, 0x4f, 0x28, + 0x17, 0x10, 0x40, 0x6f, 0x4e, 0x37, 0x62, 0x54, 0x46, 0xff, 0x6e, 0xf2, + 0x24, 0x91, 0x3d, 0xeb, 0x0d, 0x89, 0xaf, 0x33, 0x71, 0x28, 0xe3, 0xd1, + 0x55, 0xd1, 0x6d, 0x3e, 0xc3, 0x24, 0x60, 0x41, 0x43, 0x21, 0x43, 0xe9, + 0xab, 0x3a, 0x6d, 0x2c, 0xcc, 0x2f, 0x4d, 0x62}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x38, 0xbb, 0x90}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf7, 0xe9, 0xe1, 0x51, + 0xb0, 0x25, 0x33, 0xc7, 0x46, 0x58, 0xbf, 0xc7, 0x73, 0x7c, 0x68, 0x0d}, + false, + false}, + + // Comment: checking for int overflows + {106, + {0x22, 0x72, 0x02, 0xbe, 0x7f, 0x35, 0x15, 0xe9, 0xd1, 0xc0, 0x2e, 0xea, + 0x2f, 0x19, 0x50, 0xb6, 0x48, 0x1b, 0x04, 0x8a, 0x4c, 0x91, 0x50, 0x6c, + 0xb4, 0x0d, 0x50, 0x4e, 0x6c, 0x94, 0x9f, 0x82, 0xd1, 0x97, 0xc2, 0x5a, + 0xd1, 0x7d, 0xc7, 0x21, 0x65, 0x11, 0x25, 0x78, 0x2a, 0xc7, 0xa7, 0x12, + 0x47, 0xfe, 0xae, 0xf3, 0x2f, 0x1f, 0x25, 0x0c, 0xe4, 0xbb, 0x8f, 0x79, + 0xac, 0xaa, 0x17, 0x9d, 0x45, 0xa7, 0xb0, 0x54, 0x5f, 0x09, 0x24, 0x32, + 0x5e, 0xfa, 0x87, 0xd5, 0xe4, 0x41, 0xd2, 0x84, 0x78, 0xc6, 0x1f, 0x22, + 0x23, 0xee, 0x67, 0xc3, 0xb4, 0x1f, 0x43, 0x94, 0x53, 0x5e, 0x2a, 0x24, + 0x36, 0x9a, 0x2e, 0x16, 0x61, 0x3c, 0x45, 0x94, 0x90, 0xc1, 0x4f, 0xb1, + 0xd7, 0x55, 0xfe, 0x53, 0xfb, 0xe1, 0xee, 0x45, 0xb1, 0xb2, 0x1f, 0x71, + 0x62, 0xe2, 0xfc, 0xaa, 0x74, 0x2a, 0xbe, 0xfd}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x48, 0x4a}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x79, 0x5b, 0xcf, 0xf6, + 0x47, 0xc5, 0x53, 0xc2, 0xe4, 0xeb, 0x6e, 0x0e, 0xaf, 0xd9, 0xe0, 0x4e}, + false, + false}, + + // Comment: checking for int overflows + {107, + {0xfa, 0xe5, 0x83, 0x45, 0xc1, 0x6c, 0xb0, 0xf5, 0xcc, 0x53, 0x7f, 0x2b, + 0x1b, 0x34, 0x69, 0xc9, 0x69, 0x46, 0x3b, 0x3e, 0xa7, 0x1b, 0xcf, 0x6b, + 0x98, 0xd6, 0x69, 0xa8, 0xe6, 0x0e, 0x04, 0xfc, 0x08, 0xd5, 0xfd, 0x06, + 0x9c, 0x36, 0x26, 0x38, 0xe3, 0x40, 0x0e, 0xf4, 0xcb, 0x24, 0x2e, 0x27, + 0xe2, 0x24, 0x5e, 0x68, 0xcb, 0x9e, 0xc5, 0x83, 0xda, 0x53, 0x40, 0xb1, + 0x2e, 0xdf, 0x42, 0x3b, 0x73, 0x26, 0xad, 0x20, 0xfe, 0xeb, 0x57, 0xda, + 0xca, 0x2e, 0x04, 0x67, 0xa3, 0x28, 0x99, 0xb4, 0x2d, 0xf8, 0xe5, 0x6d, + 0x84, 0xe0, 0x06, 0xbc, 0x8a, 0x7a, 0xcc, 0x73, 0x1e, 0x7c, 0x1f, 0x6b, + 0xec, 0xb5, 0x71, 0x9f, 0x70, 0x77, 0xf0, 0xd4, 0xf4, 0xc6, 0x1a, 0xb1, + 0x1e, 0xba, 0xc1, 0x00, 0x18, 0x01, 0xce, 0x33, 0xc4, 0xe4, 0xa7, 0x7d, + 0x83, 0x1d, 0x3c, 0xe3, 0x4e, 0x84, 0x10, 0xe1}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x93, 0x2f, 0x40}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x19, 0x46, 0xd6, 0x53, + 0x96, 0x0f, 0x94, 0x7a, 0x74, 0xd3, 0xe8, 0x09, 0x3c, 0xf4, 0x85, 0x02}, + false, + false}, + + // Comment: checking for int overflows + {108, + {0xeb, 0xb2, 0x16, 0xdd, 0xd7, 0xca, 0x70, 0x92, 0x15, 0xf5, 0x03, 0xdf, + 0x9c, 0xe6, 0x3c, 0x5c, 0xd2, 0x19, 0x4e, 0x7d, 0x90, 0x99, 0xe8, 0xa9, + 0x0b, 0x2a, 0xfa, 0xad, 0x5e, 0xba, 0x35, 0x06, 0x99, 0x25, 0xa6, 0x03, + 0xfd, 0xbc, 0x34, 0x1a, 0xae, 0xd4, 0x15, 0x05, 0xb1, 0x09, 0x41, 0xfa, + 0x38, 0x56, 0xa7, 0xe2, 0x47, 0xb1, 0x04, 0x07, 0x09, 0x74, 0x6c, 0xfc, + 0x20, 0x96, 0xca, 0xa6, 0x31, 0xb2, 0xff, 0xf4, 0x1c, 0x25, 0x05, 0x06, + 0xd8, 0x89, 0xc1, 0xc9, 0x06, 0x71, 0xad, 0xe8, 0x53, 0xee, 0x63, 0x94, + 0xc1, 0x91, 0x92, 0xa5, 0xcf, 0x37, 0x10, 0xd1, 0x07, 0x30, 0x99, 0xe5, + 0xbc, 0x94, 0x65, 0x82, 0xfc, 0x0f, 0xab, 0x9f, 0x54, 0x3c, 0x71, 0x6a, + 0xe2, 0x48, 0x6a, 0x86, 0x83, 0xfd, 0xca, 0x39, 0xd2, 0xe1, 0x4f, 0x23, + 0xd0, 0x0a, 0x58, 0x26, 0x64, 0xf4, 0xec, 0xb1}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x93, 0x35}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x36, 0xc3, 0x00, 0x29, + 0x85, 0xdd, 0x21, 0xba, 0xf8, 0x95, 0xd6, 0x33, 0x57, 0x3f, 0x12, 0xc0}, + false, + false}, + + // Comment: checking for int overflows + {109, + {0x40, 0x8a, 0xe6, 0xef, 0x1c, 0x7e, 0xf0, 0xfb, 0x2c, 0x2d, 0x61, 0x08, + 0x16, 0xfc, 0x78, 0x49, 0xef, 0xa5, 0x8f, 0x78, 0x27, 0x3f, 0x5f, 0x16, + 0x6e, 0xa6, 0x5f, 0x81, 0xb5, 0x75, 0x74, 0x7d, 0x03, 0x5b, 0x30, 0x40, + 0xfe, 0xde, 0x1e, 0xb9, 0x45, 0x97, 0x88, 0x66, 0x97, 0x88, 0x40, 0x8e, + 0x00, 0x41, 0x3b, 0x3e, 0x37, 0x6d, 0x15, 0x2d, 0x20, 0x4a, 0xa2, 0xb7, + 0xa8, 0x35, 0x58, 0xfc, 0xd4, 0x8a, 0x0e, 0xf7, 0xa2, 0x6b, 0x1c, 0xd6, + 0xd3, 0x5d, 0x23, 0xb3, 0xf5, 0xdf, 0xe0, 0xca, 0x77, 0xa4, 0xce, 0x32, + 0xb9, 0x4a, 0xbf, 0x83, 0xda, 0x2a, 0xef, 0xca, 0xf0, 0x68, 0x38, 0x08, + 0x79, 0xe8, 0x9f, 0xb0, 0xa3, 0x82, 0x95, 0x95, 0xcf, 0x44, 0xc3, 0x85, + 0x2a, 0xe2, 0xcc, 0x66, 0x2b, 0x68, 0x9f, 0x93, 0x55, 0xd9, 0xc1, 0x83, + 0x80, 0x1f, 0x6a, 0xcc, 0x31, 0x3f, 0x89, 0x07}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0xf7, 0xd5}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x65, 0x14, 0x51, 0x8e, + 0x0a, 0x26, 0x41, 0x42, 0xe0, 0xb7, 0x35, 0x1f, 0x96, 0x7f, 0xc2, 0xae}, + false, + false}, + + // Comment: checking for int overflows + {110, + {0x0a, 0x0a, 0x24, 0x49, 0x9b, 0xca, 0xde, 0x58, 0xcf, 0x15, 0x76, 0xc3, + 0x12, 0xac, 0xa9, 0x84, 0x71, 0x8c, 0xb4, 0xcc, 0x7e, 0x01, 0x53, 0xf5, + 0xa9, 0x01, 0x58, 0x10, 0x85, 0x96, 0x44, 0xdf, 0xc0, 0x21, 0x17, 0x4e, + 0x0b, 0x06, 0x0a, 0x39, 0x74, 0x48, 0xde, 0x8b, 0x48, 0x4a, 0x86, 0x03, + 0xbe, 0x68, 0x0a, 0x69, 0x34, 0xc0, 0x90, 0x6f, 0x30, 0xdd, 0x17, 0xea, + 0xe2, 0xd4, 0xc5, 0xfa, 0xa7, 0x77, 0xf8, 0xca, 0x53, 0x37, 0x0e, 0x08, + 0x33, 0x1b, 0x88, 0xc3, 0x42, 0xba, 0xc9, 0x59, 0x78, 0x7b, 0xbb, 0x33, + 0x93, 0x0e, 0x3b, 0x56, 0xbe, 0x86, 0xda, 0x7f, 0x2a, 0x6e, 0xb1, 0xf9, + 0x40, 0x89, 0xd1, 0xd1, 0x81, 0x07, 0x4d, 0x43, 0x02, 0xf8, 0xe0, 0x55, + 0x2d, 0x0d, 0xe1, 0xfa, 0xb3, 0x06, 0xa2, 0x1b, 0x42, 0xd4, 0xc3, 0xba, + 0x6e, 0x6f, 0x0c, 0xbc, 0xc8, 0x1e, 0x87, 0x7a}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xfc, 0xe4}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x19, 0x4d, 0xa6, + 0xa9, 0x9f, 0xd6, 0x5b, 0x40, 0xe9, 0xca, 0xd7, 0x98, 0xf4, 0x4b, 0x19}, + false, + false}, + + // Comment: checking for int overflows + {111, + {0x4a, 0x0a, 0xaf, 0xf8, 0x49, 0x47, 0x29, 0x18, 0x86, 0x91, 0x70, 0x13, + 0x40, 0xf3, 0xce, 0x2b, 0x8a, 0x78, 0xee, 0xd3, 0xa0, 0xf0, 0x65, 0x99, + 0x4b, 0x72, 0x48, 0x4e, 0x79, 0x91, 0xd2, 0x5c, 0x29, 0xaa, 0x07, 0x5e, + 0xb1, 0xfc, 0x16, 0xde, 0x93, 0xfe, 0x06, 0x90, 0x58, 0x11, 0x2a, 0xb2, + 0x84, 0xa3, 0xed, 0x18, 0x78, 0x03, 0x26, 0xd1, 0x25, 0x8a, 0x47, 0x22, + 0x2f, 0xa6, 0x33, 0xd8, 0xb2, 0x9f, 0x3b, 0xd9, 0x15, 0x0b, 0x23, 0x9b, + 0x15, 0x46, 0xc2, 0xbb, 0x9b, 0x9f, 0x41, 0x0f, 0xeb, 0xea, 0xd3, 0x96, + 0x00, 0x0e, 0xe4, 0x77, 0x70, 0x15, 0x32, 0xc3, 0xd0, 0xf5, 0xfb, 0xf8, + 0x95, 0xd2, 0x80, 0x19, 0x6d, 0x2f, 0x73, 0x7c, 0x5e, 0x9f, 0xec, 0x50, + 0xd9, 0x2b, 0xb0, 0xdf, 0x5d, 0x7e, 0x51, 0x3b, 0xe5, 0xb8, 0xea, 0x97, + 0x13, 0x10, 0xd5, 0xbf, 0x16, 0xba, 0x7a, 0xee}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x84, 0x86, 0xa8}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc8, 0xae, 0x77, 0x88, + 0xcd, 0x28, 0x74, 0xab, 0xc1, 0x38, 0x54, 0x1e, 0x11, 0xfd, 0x05, 0x87}, + false, + false}, + + // Comment: checking for int overflows + {112, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x78, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x9f, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x9c, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xd4, 0xd2, 0x06, 0x61, + 0x6f, 0x92, 0x93, 0xf6, 0x5b, 0x45, 0xdb, 0xbc, 0x74, 0xe7, 0xc2, 0xed, + 0xfb, 0xcb, 0xbf, 0x1c, 0xfb, 0x67, 0x9b, 0xb7, 0x39, 0xa5, 0x86, 0x2d, + 0xe2, 0xbc, 0xb9, 0x37, 0xf7, 0x4d, 0x5b, 0xf8, 0x67, 0x1c, 0x5a, 0x8a, + 0x50, 0x92, 0xf6, 0x1d, 0x54, 0xc9, 0xaa, 0x5b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x93, 0x3a, 0x51, 0x63, + 0xc7, 0xf6, 0x23, 0x68, 0x32, 0x7b, 0x3f, 0xbc, 0x10, 0x36, 0xc9, 0x43}, + false, + false}, + + // Comment: special case tag + {113, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0x85, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xa6, 0x90, 0x2f, 0xcb, 0xc8, 0x83, + 0xbb, 0xc1, 0x80, 0xb2, 0x56, 0xae, 0x34, 0xad, 0x7f, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, + false, + false}, + + // Comment: special case tag + {114, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x24, 0x7e, 0x50, 0x64, 0x2a, 0x1c, + 0x0a, 0x2f, 0x8f, 0x77, 0x21, 0x96, 0x09, 0xdb, 0xa9, 0x58}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false, + false}, + + // Comment: special case tag + {115, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xd9, 0xe7, 0x2c, 0x06, 0x4a, 0xc8, + 0x96, 0x1f, 0x3f, 0xa5, 0x85, 0xe0, 0xe2, 0xab, 0xd6, 0x00}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + false, + false}, + + // Comment: special case tag + {116, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0x65, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x95, 0xaf, 0x0f, 0x4d, 0x0b, 0x68, + 0x6e, 0xae, 0xcc, 0xca, 0x43, 0x07, 0xd5, 0x96, 0xf5, 0x02}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80, + 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x80}, + false, + false}, + + // Comment: special case tag + {117, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x85, 0x40, 0xb4, 0x64, 0x35, 0x77, + 0x07, 0xbe, 0x3a, 0x39, 0xd5, 0x5c, 0x34, 0xf8, 0xbc, 0xb3}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f, + 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0x7f}, + false, + false}, + + // Comment: special case tag + {118, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0x4f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x66, 0x23, 0xd9, 0x90, 0xb8, 0x98, + 0xd8, 0x30, 0xd2, 0x12, 0xaf, 0x23, 0x83, 0x33, 0x07, 0x01}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00}, + false, + false}, + + // Comment: special case tag + {119, + {0x9a, 0x49, 0xc4, 0x0f, 0x8b, 0x48, 0xd7, 0xc6, 0x6d, 0x1d, 0xb4, + 0xe5, 0x3f, 0x20, 0xf2, 0xdd, 0x4a, 0xaa, 0x24, 0x1d, 0xda, 0xb2, + 0x6b, 0x5b, 0xc0, 0xe2, 0x18, 0xb7, 0x2c, 0x33, 0x90, 0xf2, 0xdf, + 0x3e, 0xbd, 0x01, 0x76, 0x70, 0x44, 0x19, 0x97, 0x2b, 0xcd, 0xbc, + 0x6b, 0xbc, 0xb3, 0xe4, 0xe7, 0x4a, 0x71, 0x52, 0x8e, 0xf5, 0x12, + 0x63, 0xce, 0x24, 0xe0, 0xd5, 0x75, 0xe0, 0xe4, 0x4d}, + {0x83, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f, 0x16, 0xd0, 0x9f, 0x17, 0x78, + 0x72, 0x11, 0xb7, 0xd4, 0x84, 0xe0, 0x24, 0xf8, 0x97, 0x01}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {120, + {0x00, 0x52, 0x35, 0xd2, 0xa9, 0x19, 0xf2, 0x8d, 0x3d, 0xb7, 0x66, 0x4a, + 0x34, 0xae, 0x6b, 0x44, 0x4d, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x5b, 0x8b, 0x94, 0x50, + 0x9e, 0x2b, 0x74, 0xa3, 0x6d, 0x34, 0x6e, 0x33, 0xd5, 0x72, 0x65, 0x9b, + 0xa9, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0x83, 0xdc, 0xe9, 0xf3, 0x07, 0x3e, 0xfa, 0xdb, + 0x7d, 0x23, 0xb8, 0x7a, 0xce, 0x35, 0x16, 0x8c}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x00, 0x39, 0xe2, 0xfd, 0x2f, 0xd3, 0x12, 0x14, 0x9e, 0x98, 0x98, 0x80, + 0x88, 0x48, 0x13, 0xe7, 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3b, 0x0e, 0x86, 0x9a, + 0xaa, 0x8e, 0xa4, 0x96, 0x32, 0xff, 0xff, 0x37, 0xb9, 0xe8, 0xce, 0x00, + 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x3b, 0x0e, 0x86, 0x9a, 0xaa, 0x8e, 0xa4, 0x96, + 0x32, 0xff, 0xff, 0x37, 0xb9, 0xe8, 0xce, 0x00, 0xa5, 0x19, 0xac, 0x1a, + 0x35, 0xb4, 0xa5, 0x77, 0x87, 0x51, 0x0a, 0xf7, 0x8d, 0x8d, 0x20, 0x0a}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {121, + {0xd3, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xe5, 0xda, 0x78, 0x76, 0x6f, 0xa1, 0x92, 0x90, + 0xc0, 0x31, 0xf7, 0x52, 0x08, 0x50, 0x67, 0x45, 0xae, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x49, 0x6d, 0xde, 0xb0, 0x55, 0x09, 0xc6, 0xef, 0xff, 0xab, 0x75, 0xeb, + 0x2d, 0xf4, 0xab, 0x09, 0x76, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x01, 0x49, 0xef, 0x50, + 0x4b, 0x71, 0xb1, 0x20, 0xca, 0x4f, 0xf3, 0x95, 0x19, 0xc2, 0xc2, 0x10}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x62, 0x18, 0xb2, 0x7f, 0x83, 0xb8, 0xb4, 0x66, + 0x02, 0xf6, 0xe1, 0xd8, 0x34, 0x20, 0x7b, 0x02, 0xce, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x2a, 0x64, 0x16, 0xce, 0xdb, 0x1c, 0xdd, 0x29, 0x6e, 0xf5, 0xd7, 0xd6, + 0x92, 0xda, 0xff, 0x02, 0xce, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x2a, 0x64, 0x16, 0xce, + 0xdb, 0x1c, 0xdd, 0x29, 0x6e, 0xf5, 0xd7, 0xd6, 0x92, 0xda, 0xff, 0x02, + 0x30, 0x2f, 0xe8, 0x2a, 0xb0, 0xa0, 0x9a, 0xf6, 0x44, 0x00, 0xd0, 0x15, + 0xae, 0x83, 0xd9, 0xcc}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {122, + {0xe9, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x6d, 0xf1, 0x39, 0x4e, 0xdc, 0x53, 0x9b, 0x5b, + 0x3a, 0x09, 0x57, 0xbe, 0x0f, 0xb8, 0x59, 0x46, 0x80, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xd1, 0x76, 0x9f, 0xe8, 0x06, 0xbb, 0xfe, 0xb6, 0xf5, 0x90, 0x95, 0x0f, + 0x2e, 0xac, 0x9e, 0x0a, 0x58, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x99, 0x52, 0xae, 0x08, + 0x18, 0xc3, 0x89, 0x79, 0xc0, 0x74, 0x13, 0x71, 0x1a, 0x9a, 0xf7, 0x13}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xe9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xea, 0x33, 0xf3, 0x47, 0x30, 0x4a, 0xbd, 0xad, + 0xf8, 0xce, 0x41, 0x34, 0x33, 0xc8, 0x45, 0x01, 0xe0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xb2, 0x7f, 0x57, 0x96, 0x88, 0xae, 0xe5, 0x70, 0x64, 0xce, 0x37, 0x32, + 0x91, 0x82, 0xca, 0x01, 0xe0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xb2, 0x7f, 0x57, 0x96, + 0x88, 0xae, 0xe5, 0x70, 0x64, 0xce, 0x37, 0x32, 0x91, 0x82, 0xca, 0x01, + 0x98, 0xa7, 0xe8, 0x36, 0xe0, 0xee, 0x4d, 0x02, 0x35, 0x00, 0xd0, 0x55, + 0x7e, 0xc2, 0xcb, 0xe0}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {123, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, + 0x35, 0x43, 0x19, 0x87, 0x5c, 0x64, 0xf9, 0x0f, 0x5b, 0x26, 0x92, + 0xb8, 0x60, 0xd4, 0x59, 0x6f, 0xf4, 0xb3, 0x40, 0x2c, 0x5c, 0x00, + 0xb9, 0xbb, 0x53, 0x70, 0x7a, 0xa6, 0x67, 0xd3, 0x56, 0xfe, 0x50, + 0xc7, 0x19, 0x96, 0x94, 0x03, 0x35, 0x61, 0xe7, 0xca, 0xca, 0x6d, + 0x94, 0x1d, 0xc3, 0xcd, 0x69, 0x14, 0xad, 0x69, 0x04}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xe3, 0x3b, 0xc5, 0x52, 0xca, 0x8b, 0x9e, 0x96, + 0x16, 0x9e, 0x79, 0x7e, 0x8f, 0x30, 0x30, 0x1b, 0x60, 0x3c, 0xa9, 0x99, + 0x44, 0xdf, 0x76, 0x52, 0x8c, 0x9d, 0x6f, 0x54, 0xab, 0x83, 0x3d, 0x0f, + 0x60, 0x3c, 0xa9, 0x99, 0x44, 0xdf, 0x76, 0x52, 0x8c, 0x9d, 0x6f, 0x54, + 0xab, 0x83, 0x3d, 0x0f, 0x6a, 0xb8, 0xdc, 0xe2, 0xc5, 0x9d, 0xa4, 0x73, + 0x71, 0x30, 0xb0, 0x25, 0x2f, 0x68, 0xa8, 0xd8}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {124, + {0x68, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xb0, 0x8f, 0x25, 0x67, 0x5b, 0x9b, 0xcb, 0xf6, + 0xe3, 0x84, 0x07, 0xde, 0x2e, 0xc7, 0x5a, 0x47, 0x9f, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x2d, 0x2a, 0xf7, 0xcd, 0x6b, 0x08, 0x05, 0x01, 0xd3, 0x1b, 0xa5, 0x4f, + 0xb2, 0xeb, 0x75, 0x96, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x65, 0x0e, 0xc6, 0x2d, + 0x75, 0x70, 0x72, 0xce, 0xe6, 0xff, 0x23, 0x31, 0x86, 0xdd, 0x1c, 0x8f}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x68, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x37, 0x4d, 0xef, 0x6e, 0xb7, 0x82, 0xed, 0x00, + 0x21, 0x43, 0x11, 0x54, 0x12, 0xb7, 0x46, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x4e, 0x23, 0x3f, 0xb3, 0xe5, 0x1d, 0x1e, 0xc7, 0x42, 0x45, 0x07, 0x72, + 0x0d, 0xc5, 0x21, 0x9d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4e, 0x23, 0x3f, 0xb3, + 0xe5, 0x1d, 0x1e, 0xc7, 0x42, 0x45, 0x07, 0x72, 0x0d, 0xc5, 0x21, 0x9d, + 0x04, 0x4d, 0xea, 0x60, 0x88, 0x80, 0x41, 0x2b, 0xfd, 0xff, 0xcf, 0x35, + 0x57, 0x9e, 0x9b, 0x26}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {125, + {0x6d, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xa1, 0x61, 0xb5, 0xab, 0x04, 0x09, 0x00, 0x62, + 0x9e, 0xfe, 0xff, 0x78, 0xd7, 0xd8, 0x6b, 0x45, 0x9f, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xc6, 0xf8, 0x07, 0x8c, 0xc8, 0xef, 0x12, 0xa0, 0xff, 0x65, 0x7d, 0x6d, + 0x08, 0xdb, 0x10, 0xb8, 0x47, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x8e, 0xdc, 0x36, 0x6c, + 0xd6, 0x97, 0x65, 0x6f, 0xca, 0x81, 0xfb, 0x13, 0x3c, 0xed, 0x79, 0xa1}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x6d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x26, 0xa3, 0x7f, 0xa2, 0xe8, 0x10, 0x26, 0x94, + 0x5c, 0x39, 0xe9, 0xf2, 0xeb, 0xa8, 0x77, 0x02, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xa5, 0xf1, 0xcf, 0xf2, 0x46, 0xfa, 0x09, 0x66, 0x6e, 0x3b, 0xdf, 0x50, + 0xb7, 0xf5, 0x44, 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xa5, 0xf1, 0xcf, 0xf2, + 0x46, 0xfa, 0x09, 0x66, 0x6e, 0x3b, 0xdf, 0x50, 0xb7, 0xf5, 0x44, 0xb3, + 0x1e, 0x6b, 0xea, 0x63, 0x14, 0x54, 0x2e, 0x2e, 0xf9, 0xff, 0xcf, 0x45, + 0x0b, 0x2e, 0x98, 0x2b}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {126, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, + 0x35, 0x43, 0x19, 0x87, 0x5c, 0xfc, 0x01, 0xb8, 0x91, 0xe5, 0xf0, + 0xf9, 0x12, 0x8d, 0x7d, 0x1c, 0x57, 0x91, 0x92, 0xb6, 0x98, 0x63, + 0x41, 0x44, 0x15, 0xb6, 0x99, 0x68, 0x95, 0x9a, 0x72, 0x91, 0xb7, + 0xa5, 0xaf, 0x13, 0x48, 0x60, 0xcd, 0x9e, 0xa1, 0x0c, 0x29, 0xa3, + 0x66, 0x54, 0xe7, 0xa2, 0x8e, 0x76, 0x1b, 0xec, 0xd8}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x7b, 0xc3, 0x72, 0x98, 0x09, 0xe9, 0xdf, 0xe4, + 0x4f, 0xba, 0x0a, 0xdd, 0xad, 0xe2, 0xaa, 0xdf, 0x03, 0xc4, 0x56, 0xdf, + 0x82, 0x3c, 0xb8, 0xa0, 0xc5, 0xb9, 0x00, 0xb3, 0xc9, 0x35, 0xb8, 0xd3, + 0x03, 0xc4, 0x56, 0xdf, 0x82, 0x3c, 0xb8, 0xa0, 0xc5, 0xb9, 0x00, 0xb3, + 0xc9, 0x35, 0xb8, 0xd3, 0xed, 0x20, 0x17, 0xc8, 0xdb, 0xa4, 0x77, 0x56, + 0x29, 0x04, 0x9d, 0x78, 0x6e, 0x3b, 0xce, 0xb1}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {127, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, + 0x35, 0x43, 0x19, 0x87, 0x5c, 0x6b, 0x6d, 0xc9, 0xd2, 0x1a, 0x81, + 0x9e, 0x70, 0xb5, 0x77, 0xf4, 0x41, 0x37, 0xd3, 0xd6, 0xbd, 0x13, + 0x35, 0xf5, 0xeb, 0x44, 0x49, 0x40, 0x77, 0xb2, 0x64, 0x49, 0xa5, + 0x4b, 0x6c, 0x7c, 0x75, 0x10, 0xb9, 0x2f, 0x5f, 0xfe, 0xf9, 0x8b, + 0x84, 0x7c, 0xf1, 0x7a, 0x9c, 0x98, 0xd8, 0x83, 0xe5}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xec, 0xaf, 0x03, 0xdb, 0xf6, 0x98, 0xb8, 0x86, + 0x77, 0xb0, 0xe2, 0xcb, 0x0b, 0xa3, 0xca, 0xfa, 0x73, 0xb0, 0xe7, 0x21, + 0x70, 0xec, 0x90, 0x42, 0xed, 0xaf, 0xd8, 0xa1, 0x27, 0xf6, 0xd7, 0xee, + 0x73, 0xb0, 0xe7, 0x21, 0x70, 0xec, 0x90, 0x42, 0xed, 0xaf, 0xd8, 0xa1, + 0x27, 0xf6, 0xd7, 0xee, 0x07, 0x3f, 0x17, 0xcb, 0x67, 0x78, 0x64, 0x59, + 0x25, 0x04, 0x9d, 0x88, 0x22, 0xcb, 0xca, 0xb6}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {128, + {0xff, 0xcb, 0x2b, 0x11, 0x06, 0xf8, 0x23, 0x4c, 0x5e, 0x99, 0xd4, 0xdb, + 0x4c, 0x70, 0x48, 0xde, 0x32, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x16, 0xe9, 0x88, 0x4a, + 0x11, 0x4f, 0x0e, 0x92, 0x66, 0xce, 0xa3, 0x88, 0x5f, 0xe3, 0x6b, 0x9f, + 0xd6, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xce, 0xbe, 0xf5, 0xe9, 0x88, 0x5a, 0x80, 0xea, + 0x76, 0xd9, 0x75, 0xc1, 0x44, 0xa4, 0x18, 0x88}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xa0, 0xfc, 0x3e, 0x80, 0x32, 0xc3, 0xd5, 0xfd, 0xb6, 0x2a, 0x11, + 0xf0, 0x96, 0x30, 0x7d, 0xb5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x76, 0x6c, 0x9a, 0x80, + 0x25, 0xea, 0xde, 0xa7, 0x39, 0x05, 0x32, 0x8c, 0x33, 0x79, 0xc0, 0x04, + 0xb5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x76, 0x6c, 0x9a, 0x80, 0x25, 0xea, 0xde, 0xa7, + 0x39, 0x05, 0x32, 0x8c, 0x33, 0x79, 0xc0, 0x04, 0x8b, 0x9b, 0xb4, 0xb4, + 0x86, 0x12, 0x89, 0x65, 0x8c, 0x69, 0x6a, 0x83, 0x40, 0x15, 0x04, 0x05}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {129, + {0x6f, 0x9e, 0x70, 0xed, 0x3b, 0x8b, 0xac, 0xa0, 0x26, 0xe4, 0x6a, 0x5a, + 0x09, 0x43, 0x15, 0x8d, 0x21, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x0c, 0x61, 0x2c, 0x5e, + 0x8d, 0x89, 0xa8, 0x73, 0xdb, 0xca, 0xad, 0x5b, 0x73, 0x46, 0x42, 0x9b, + 0xc5, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xd4, 0x36, 0x51, 0xfd, 0x14, 0x9c, 0x26, 0x0b, + 0xcb, 0xdd, 0x7b, 0x12, 0x68, 0x01, 0x31, 0x8c}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x6f, 0xf5, 0xa7, 0xc2, 0xbd, 0x41, 0x4c, 0x39, 0x85, 0xcb, 0x94, 0x90, + 0xb5, 0xa5, 0x6d, 0x2e, 0xa6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x6c, 0xe4, 0x3e, 0x94, + 0xb9, 0x2c, 0x78, 0x46, 0x84, 0x01, 0x3c, 0x5f, 0x1f, 0xdc, 0xe9, 0x00, + 0xa6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x6c, 0xe4, 0x3e, 0x94, 0xb9, 0x2c, 0x78, 0x46, + 0x84, 0x01, 0x3c, 0x5f, 0x1f, 0xdc, 0xe9, 0x00, 0x8b, 0x3b, 0xbd, 0x51, + 0x64, 0x44, 0x59, 0x56, 0x8d, 0x81, 0xca, 0x1f, 0xa7, 0x2c, 0xe4, 0x04}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {130, + {0x41, 0x2b, 0x08, 0x0a, 0x3e, 0x19, 0xc1, 0x0d, 0x44, 0xa1, 0xaf, 0x1e, + 0xab, 0xde, 0xb4, 0xce, 0x35, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x6b, 0x83, 0x94, 0x33, + 0x09, 0x21, 0x48, 0x6c, 0xa1, 0x1d, 0x29, 0x1c, 0x3e, 0x97, 0xee, 0x9a, + 0xd1, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xb3, 0xd4, 0xe9, 0x90, 0x90, 0x34, 0xc6, 0x14, + 0xb1, 0x0a, 0xff, 0x55, 0x25, 0xd0, 0x9d, 0x8d}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x41, 0x40, 0xdf, 0x25, 0xb8, 0xd3, 0x21, 0x94, 0xe7, 0x8e, 0x51, 0xd4, + 0x17, 0x38, 0xcc, 0x6d, 0xb2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0b, 0x06, 0x86, 0xf9, + 0x3d, 0x84, 0x98, 0x59, 0xfe, 0xd6, 0xb8, 0x18, 0x52, 0x0d, 0x45, 0x01, + 0xb2, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x0b, 0x06, 0x86, 0xf9, 0x3d, 0x84, 0x98, 0x59, + 0xfe, 0xd6, 0xb8, 0x18, 0x52, 0x0d, 0x45, 0x01, 0x86, 0xfb, 0xab, 0x2b, + 0x4a, 0x94, 0xf4, 0x7a, 0xa5, 0x6f, 0x0a, 0xea, 0x65, 0xd1, 0x10, 0x08}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {131, + {0xb2, 0x47, 0xa7, 0x47, 0x23, 0x49, 0x1a, 0xac, 0xac, 0xaa, 0xd7, 0x09, + 0xc9, 0x1e, 0x93, 0x2b, 0x31, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x9a, 0xde, 0x04, 0xe7, + 0x5b, 0xb7, 0x01, 0xd9, 0x66, 0x06, 0x01, 0xb3, 0x47, 0x65, 0xde, 0x98, + 0xd5, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0x42, 0x89, 0x79, 0x44, 0xc2, 0xa2, 0x8f, 0xa1, + 0x76, 0x11, 0xd7, 0xfa, 0x5c, 0x22, 0xad, 0x8f}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xb2, 0x2c, 0x70, 0x68, 0xa5, 0x83, 0xfa, 0x35, 0x0f, 0x85, 0x29, 0xc3, + 0x75, 0xf8, 0xeb, 0x88, 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, 0x5b, 0x16, 0x2d, + 0x6f, 0x12, 0xd1, 0xec, 0x39, 0xcd, 0x90, 0xb7, 0x2b, 0xff, 0x75, 0x03, + 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xfa, 0x5b, 0x16, 0x2d, 0x6f, 0x12, 0xd1, 0xec, + 0x39, 0xcd, 0x90, 0xb7, 0x2b, 0xff, 0x75, 0x03, 0xa0, 0x19, 0xac, 0x2e, + 0xd6, 0x67, 0xe1, 0x7d, 0xa1, 0x6f, 0x0a, 0xfa, 0x19, 0x61, 0x0d, 0x0d}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {132, + {0x74, 0x0f, 0x9e, 0x49, 0xf6, 0x10, 0xef, 0xa5, 0x85, 0xb6, 0x59, 0xca, + 0x6e, 0xd8, 0xb4, 0x99, 0x2d, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x41, 0x2d, 0x96, 0xaf, + 0xbe, 0x80, 0xec, 0x3e, 0x79, 0xd4, 0x51, 0xb0, 0x0a, 0x2d, 0xb2, 0x9a, + 0xc9, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0x99, 0x7a, 0xeb, 0x0c, 0x27, 0x95, 0x62, 0x46, + 0x69, 0xc3, 0x87, 0xf9, 0x11, 0x6a, 0xc1, 0x8d}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x74, 0x64, 0x49, 0x66, 0x70, 0xda, 0x0f, 0x3c, 0x26, 0x99, 0xa7, 0x00, + 0xd2, 0x3e, 0xcc, 0x3a, 0xaa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xa8, 0x84, 0x65, + 0x8a, 0x25, 0x3c, 0x0b, 0x26, 0x1f, 0xc0, 0xb4, 0x66, 0xb7, 0x19, 0x01, + 0xaa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x21, 0xa8, 0x84, 0x65, 0x8a, 0x25, 0x3c, 0x0b, + 0x26, 0x1f, 0xc0, 0xb4, 0x66, 0xb7, 0x19, 0x01, 0x73, 0x6e, 0x18, 0x18, + 0x16, 0x96, 0xa5, 0x88, 0x9c, 0x31, 0x59, 0xfa, 0xab, 0xab, 0x20, 0xfd}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {133, + {0xad, 0xba, 0x5d, 0x10, 0x5b, 0xc8, 0xaa, 0x06, 0x2c, 0x23, 0x36, 0xcb, + 0x88, 0x9d, 0xdb, 0xd5, 0x37, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x17, 0x7c, 0x5f, 0xfe, + 0x28, 0x75, 0xf4, 0x68, 0xf6, 0xc2, 0x96, 0x57, 0x48, 0xf3, 0x59, 0x9a, + 0xd3, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xcf, 0x2b, 0x22, 0x5d, 0xb1, 0x60, 0x7a, 0x10, + 0xe6, 0xd5, 0x40, 0x1e, 0x53, 0xb4, 0x2a, 0x8d}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xad, 0xd1, 0x8a, 0x3f, 0xdd, 0x02, 0x4a, 0x9f, 0x8f, 0x0c, 0xc8, 0x01, + 0x34, 0x7b, 0xa3, 0x76, 0xb0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x77, 0xf9, 0x4d, 0x34, + 0x1c, 0xd0, 0x24, 0x5d, 0xa9, 0x09, 0x07, 0x53, 0x24, 0x69, 0xf2, 0x01, + 0xb0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x77, 0xf9, 0x4d, 0x34, 0x1c, 0xd0, 0x24, 0x5d, + 0xa9, 0x09, 0x07, 0x53, 0x24, 0x69, 0xf2, 0x01, 0xba, 0xd5, 0x8f, 0x10, + 0xa9, 0x1e, 0x6a, 0x88, 0x9a, 0xba, 0x32, 0xfd, 0x17, 0xd8, 0x33, 0x1a}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {134, + {0xfe, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xc0, 0x01, 0xed, 0xc5, 0xda, 0x44, 0x2e, 0x71, + 0x9b, 0xce, 0x9a, 0xbe, 0x27, 0x3a, 0xf1, 0x44, 0xb4, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x48, 0x02, 0x5f, 0x41, 0xfa, 0x4e, 0x33, 0x6c, 0x78, 0x69, 0x57, 0xa2, + 0xa7, 0xc4, 0x93, 0x0a, 0x6c, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x00, 0x26, 0x6e, 0xa1, + 0xe4, 0x36, 0x44, 0xa3, 0x4d, 0x8d, 0xd1, 0xdc, 0x93, 0xf2, 0xfa, 0x13}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x47, 0xc3, 0x27, 0xcc, 0x36, 0x5d, 0x08, 0x87, + 0x59, 0x09, 0x8c, 0x34, 0x1b, 0x4a, 0xed, 0x03, 0xd4, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x2b, 0x0b, 0x97, 0x3f, 0x74, 0x5b, 0x28, 0xaa, 0xe9, 0x37, 0xf5, 0x9f, + 0x18, 0xea, 0xc7, 0x01, 0xd4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x2b, 0x0b, 0x97, 0x3f, + 0x74, 0x5b, 0x28, 0xaa, 0xe9, 0x37, 0xf5, 0x9f, 0x18, 0xea, 0xc7, 0x01, + 0xd6, 0x8c, 0xe1, 0x74, 0x07, 0x9a, 0xdd, 0x02, 0x8d, 0xd0, 0x5c, 0xf8, + 0x14, 0x63, 0x04, 0x88}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {135, + {0xb5, 0x13, 0xb0, 0x6a, 0xb9, 0xac, 0x14, 0x43, 0x5a, 0xcb, 0x8a, 0xa3, + 0xa3, 0x7a, 0xfd, 0xb6, 0x54, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x61, 0x95, 0x01, 0x93, + 0xb1, 0xbf, 0x03, 0x11, 0xff, 0x11, 0x79, 0x89, 0xae, 0xd9, 0xa9, 0x99, + 0xb0, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xb9, 0xc2, 0x7c, 0x30, 0x28, 0xaa, 0x8d, 0x69, + 0xef, 0x06, 0xaf, 0xc0, 0xb5, 0x9e, 0xda, 0x8e}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xb5, 0x78, 0x67, 0x45, 0x3f, 0x66, 0xf4, 0xda, 0xf9, 0xe4, 0x74, 0x69, + 0x1f, 0x9c, 0x85, 0x15, 0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01, 0x10, 0x13, 0x59, + 0x85, 0x1a, 0xd3, 0x24, 0xa0, 0xda, 0xe8, 0x8d, 0xc2, 0x43, 0x02, 0x02, + 0xd3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x01, 0x10, 0x13, 0x59, 0x85, 0x1a, 0xd3, 0x24, + 0xa0, 0xda, 0xe8, 0x8d, 0xc2, 0x43, 0x02, 0x02, 0xaa, 0x48, 0xa3, 0x88, + 0x7d, 0x4b, 0x05, 0x96, 0x99, 0xc2, 0xfd, 0xf9, 0xc6, 0x78, 0x7e, 0x0a}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {136, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xd4, 0xf1, 0x09, 0xe8, 0x14, 0xce, 0xa8, 0x5a, + 0x08, 0xc0, 0x11, 0xd8, 0x50, 0xdd, 0x1d, 0xcb, 0xcf, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x53, 0x40, 0xb8, 0x5a, 0x9a, 0xa0, 0x82, 0x96, 0xb7, 0x7a, 0x5f, 0xc3, + 0x96, 0x1f, 0x66, 0x0f, 0x17, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x1b, 0x64, 0x89, 0xba, + 0x84, 0xd8, 0xf5, 0x59, 0x82, 0x9e, 0xd9, 0xbd, 0xa2, 0x29, 0x0f, 0x16}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x53, 0x33, 0xc3, 0xe1, 0xf8, 0xd7, 0x8e, 0xac, + 0xca, 0x07, 0x07, 0x52, 0x6c, 0xad, 0x01, 0x8c, 0xaf, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x30, 0x49, 0x70, 0x24, 0x14, 0xb5, 0x99, 0x50, 0x26, 0x24, 0xfd, 0xfe, + 0x29, 0x31, 0x32, 0x04, 0xaf, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x49, 0x70, 0x24, + 0x14, 0xb5, 0x99, 0x50, 0x26, 0x24, 0xfd, 0xfe, 0x29, 0x31, 0x32, 0x04, + 0xb9, 0x36, 0xa8, 0x17, 0xf2, 0x21, 0x1a, 0xf1, 0x29, 0xe2, 0xcf, 0x16, + 0x0f, 0xd4, 0x2b, 0xcb}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {137, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xdf, 0x4c, 0x62, 0x03, 0x2d, 0x41, 0x19, 0xb5, + 0x88, 0x47, 0x7e, 0x99, 0x92, 0x5a, 0x56, 0xd9, 0xd6, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xfa, 0x84, 0xf0, 0x64, 0x55, 0x36, 0x42, 0x1b, 0x2b, 0xb9, 0x24, 0x6e, + 0xc2, 0x19, 0xed, 0x0b, 0x0e, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xb2, 0xa0, 0xc1, 0x84, + 0x4b, 0x4e, 0x35, 0xd4, 0x1e, 0x5d, 0xa2, 0x10, 0xf6, 0x2f, 0x84, 0x12}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x58, 0x8e, 0xa8, 0x0a, 0xc1, 0x58, 0x3f, 0x43, + 0x4a, 0x80, 0x68, 0x13, 0xae, 0x2a, 0x4a, 0x9e, 0xb6, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x99, 0x8d, 0x38, 0x1a, 0xdb, 0x23, 0x59, 0xdd, 0xba, 0xe7, 0x86, 0x53, + 0x7d, 0x37, 0xb9, 0x00, 0xb6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x99, 0x8d, 0x38, 0x1a, + 0xdb, 0x23, 0x59, 0xdd, 0xba, 0xe7, 0x86, 0x53, 0x7d, 0x37, 0xb9, 0x00, + 0x9f, 0x7a, 0xc4, 0x35, 0x1f, 0x6b, 0x91, 0xe6, 0x30, 0x97, 0xa7, 0x13, + 0x11, 0x5d, 0x05, 0xbe}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {138, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x13, 0xf8, 0x0a, 0x00, 0x6d, 0xc1, 0xbb, 0xda, + 0xd6, 0x39, 0xa9, 0x2f, 0xc7, 0xec, 0xa6, 0x55, 0xf7, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x63, 0x48, 0xb8, 0xfd, 0x29, 0xbf, 0x96, 0xd5, 0x63, 0xa5, 0x17, 0xe2, + 0x7d, 0x7b, 0xfc, 0x0f, 0x2f, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x2b, 0x6c, 0x89, 0x1d, + 0x37, 0xc7, 0xe1, 0x1a, 0x56, 0x41, 0x91, 0x9c, 0x49, 0x4d, 0x95, 0x16}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x94, 0x3a, 0xc0, 0x09, 0x81, 0xd8, 0x9d, 0x2c, + 0x14, 0xfe, 0xbf, 0xa5, 0xfb, 0x9c, 0xba, 0x12, 0x97, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x41, 0x70, 0x83, 0xa7, 0xaa, 0x8d, 0x13, 0xf2, 0xfb, 0xb5, 0xdf, + 0xc2, 0x55, 0xa8, 0x04, 0x97, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x41, 0x70, 0x83, + 0xa7, 0xaa, 0x8d, 0x13, 0xf2, 0xfb, 0xb5, 0xdf, 0xc2, 0x55, 0xa8, 0x04, + 0x9a, 0x18, 0xa8, 0x28, 0x07, 0x02, 0x69, 0xf4, 0x47, 0x00, 0xd0, 0x09, + 0xe7, 0x17, 0x1c, 0xc9}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {139, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x82, 0xe5, 0x9b, 0x45, 0x82, 0x91, 0x50, 0x38, + 0xf9, 0x33, 0x81, 0x1e, 0x65, 0x2d, 0xc6, 0x6a, 0xfc, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xb6, 0x71, 0xc8, 0xca, 0xc2, 0x70, 0xc2, 0x65, 0xa0, 0xac, 0x2f, 0x53, + 0x57, 0x99, 0x88, 0x0a, 0x24, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xfe, 0x55, 0xf9, 0x2a, + 0xdc, 0x08, 0xb5, 0xaa, 0x95, 0x48, 0xa9, 0x2d, 0x63, 0xaf, 0xe1, 0x13}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x05, 0x27, 0x51, 0x4c, 0x6e, 0x88, 0x76, 0xce, + 0x3b, 0xf4, 0x97, 0x94, 0x59, 0x5d, 0xda, 0x2d, 0x9c, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xd5, 0x78, 0x00, 0xb4, 0x4c, 0x65, 0xd9, 0xa3, 0x31, 0xf2, 0x8d, 0x6e, + 0xe8, 0xb7, 0xdc, 0x01, 0x9c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd5, 0x78, 0x00, 0xb4, + 0x4c, 0x65, 0xd9, 0xa3, 0x31, 0xf2, 0x8d, 0x6e, 0xe8, 0xb7, 0xdc, 0x01, + 0xb4, 0x36, 0xa8, 0x2b, 0x93, 0xd5, 0x55, 0xf7, 0x43, 0x00, 0xd0, 0x19, + 0x9b, 0xa7, 0x18, 0xce}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {140, + {0xff, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0xf1, 0xd1, 0x28, 0x87, 0xb7, 0x21, 0x69, 0x86, + 0xa1, 0x2d, 0x79, 0x09, 0x8b, 0x6d, 0xe6, 0x0f, 0xc0, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xa7, 0xc7, 0x58, 0x99, 0xf3, 0xe6, 0x0a, 0xf1, 0xfc, 0xb6, 0xc7, 0x30, + 0x7d, 0x87, 0x59, 0x0f, 0x18, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0xef, 0xe3, 0x69, 0x79, + 0xed, 0x9e, 0x7d, 0x3e, 0xc9, 0x52, 0x41, 0x4e, 0x49, 0xb1, 0x30, 0x16}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x76, 0x13, 0xe2, 0x8e, 0x5b, 0x38, 0x4f, 0x70, + 0x63, 0xea, 0x6f, 0x83, 0xb7, 0x1d, 0xfa, 0x48, 0xa0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xc4, 0xce, 0x90, 0xe7, 0x7d, 0xf3, 0x11, 0x37, 0x6d, 0xe8, 0x65, 0x0d, + 0xc2, 0xa9, 0x0d, 0x04, 0xa0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc4, 0xce, 0x90, 0xe7, + 0x7d, 0xf3, 0x11, 0x37, 0x6d, 0xe8, 0x65, 0x0d, 0xc2, 0xa9, 0x0d, 0x04, + 0xce, 0x54, 0xa8, 0x2e, 0x1f, 0xa9, 0x42, 0xfa, 0x3f, 0x00, 0xd0, 0x29, + 0x4f, 0x37, 0x15, 0xd3}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {141, + {0xcb, 0xf1, 0xda, 0x9e, 0x0b, 0xa9, 0x37, 0x73, 0x74, 0xe6, 0x9e, 0x1c, + 0x0e, 0x60, 0x0c, 0xfc, 0x34, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0xbe, 0x3f, 0xa6, 0x6b, + 0x6c, 0xe7, 0x80, 0x8a, 0xa3, 0xe4, 0x59, 0x49, 0xf9, 0x44, 0x64, 0x9f, + 0xd0, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0x66, 0x68, 0xdb, 0xc8, 0xf5, 0xf2, 0x0e, 0xf2, + 0xb3, 0xf3, 0x8f, 0x00, 0xe2, 0x03, 0x17, 0x88}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xcb, 0x9a, 0x0d, 0xb1, 0x8d, 0x63, 0xd7, 0xea, 0xd7, 0xc9, 0x60, 0xd6, + 0xb2, 0x86, 0x74, 0x5f, 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xde, 0xba, 0xb4, 0xa1, + 0x58, 0x42, 0x50, 0xbf, 0xfc, 0x2f, 0xc8, 0x4d, 0x95, 0xde, 0xcf, 0x04, + 0xb3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xde, 0xba, 0xb4, 0xa1, 0x58, 0x42, 0x50, 0xbf, + 0xfc, 0x2f, 0xc8, 0x4d, 0x95, 0xde, 0xcf, 0x04, 0x23, 0x83, 0xab, 0x0b, + 0x79, 0x92, 0x05, 0x69, 0x9b, 0x51, 0x0a, 0xa7, 0x09, 0xbf, 0x31, 0xf1}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {142, + {0x8f, 0x27, 0x86, 0x94, 0xc4, 0xe9, 0xda, 0xeb, 0xd5, 0x8d, 0x3e, 0x5b, + 0x96, 0x6e, 0x8b, 0x68, 0x42, 0x3d, 0x35, 0xf6, 0x13, 0xe6, 0xd9, 0x09, + 0x3d, 0x38, 0xe9, 0x75, 0xc3, 0x8f, 0xe3, 0xb8, 0x06, 0x53, 0xe7, 0xa3, + 0x31, 0x71, 0x88, 0x33, 0xac, 0xc3, 0xb9, 0xad, 0xff, 0x1c, 0x31, 0x98, + 0xa6, 0xf6, 0x37, 0x81, 0x71, 0xea, 0xe4, 0x39, 0x6e, 0xa1, 0x5d, 0xc2, + 0x40, 0xd1, 0xab, 0xf4, 0xde, 0x04, 0x9a, 0x00, 0xa8, 0x64, 0x06, 0x4b, + 0xbc, 0xd4, 0x6f, 0xe4, 0xe4, 0x5b, 0x42, 0x8f}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x8f, 0x4c, 0x51, 0xbb, 0x42, 0x23, 0x3a, 0x72, 0x76, 0xa2, 0xc0, 0x91, + 0x2a, 0x88, 0xf3, 0xcb, 0xc5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x66, 0xd6, 0xf5, 0x69, + 0x05, 0xd4, 0x58, 0x06, 0xf3, 0x08, 0x28, 0xa9, 0x93, 0x86, 0x9a, 0x03, + 0xc5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x66, 0xd6, 0xf5, 0x69, 0x05, 0xd4, 0x58, 0x06, + 0xf3, 0x08, 0x28, 0xa9, 0x93, 0x86, 0x9a, 0x03, 0x8b, 0xfb, 0xab, 0x17, + 0xa9, 0xe0, 0xb8, 0x74, 0x8b, 0x51, 0x0a, 0xe7, 0xd9, 0xfd, 0x23, 0x05}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {143, + {0xd5, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x9a, 0x22, 0xd7, 0x0a, 0x48, 0xe2, 0x4f, 0xdd, + 0xcd, 0xd4, 0x41, 0x9d, 0xe6, 0x4c, 0x8f, 0x44, 0xfc, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x77, 0xb5, 0xc9, 0x07, 0xd9, 0xc9, 0xe1, 0xea, 0x51, 0x85, 0x1a, 0x20, + 0x4a, 0xad, 0x9f, 0x0a, 0x24, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x3f, 0x91, 0xf8, 0xe7, + 0xc7, 0xb1, 0x96, 0x25, 0x64, 0x61, 0x9c, 0x5e, 0x7e, 0x9b, 0xf6, 0x13}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xd5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x1d, 0xe0, 0x1d, 0x03, 0xa4, 0xfb, 0x69, 0x2b, + 0x0f, 0x13, 0x57, 0x17, 0xda, 0x3c, 0x93, 0x03, 0x9c, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x14, 0xbc, 0x01, 0x79, 0x57, 0xdc, 0xfa, 0x2c, 0xc0, 0xdb, 0xb8, 0x1d, + 0xf5, 0x83, 0xcb, 0x01, 0x9c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x14, 0xbc, 0x01, 0x79, + 0x57, 0xdc, 0xfa, 0x2c, 0xc0, 0xdb, 0xb8, 0x1d, 0xf5, 0x83, 0xcb, 0x01, + 0x49, 0xbc, 0x6e, 0x9f, 0xc5, 0x1c, 0x4d, 0x50, 0x30, 0x36, 0x64, 0x4d, + 0x84, 0x27, 0x73, 0xd2}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {144, + {0xdb, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x75, 0xd5, 0x64, 0x3a, 0xa5, 0xaf, 0x93, 0x4d, + 0x8c, 0xce, 0x39, 0x2c, 0xc3, 0xee, 0xdb, 0x47, 0xc0, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0x60, 0x1b, 0x5a, 0xd2, 0x06, 0x7f, 0x28, 0x06, 0x6a, 0x8f, 0x32, 0x81, + 0x71, 0x5b, 0xa8, 0x08, 0x18, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x28, 0x3f, 0x6b, 0x32, + 0x18, 0x07, 0x5f, 0xc9, 0x5f, 0x6b, 0xb4, 0xff, 0x45, 0x6d, 0xc1, 0x11}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xf2, 0x17, 0xae, 0x33, 0x49, 0xb6, 0xb5, 0xbb, + 0x4e, 0x09, 0x2f, 0xa6, 0xff, 0x9e, 0xc7, 0x00, 0xa0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x03, 0x12, 0x92, 0xac, 0x88, 0x6a, 0x33, 0xc0, 0xfb, 0xd1, 0x90, 0xbc, + 0xce, 0x75, 0xfc, 0x03, 0xa0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03, 0x12, 0x92, 0xac, + 0x88, 0x6a, 0x33, 0xc0, 0xfb, 0xd1, 0x90, 0xbc, 0xce, 0x75, 0xfc, 0x03, + 0x63, 0xda, 0x6e, 0xa2, 0x51, 0xf0, 0x39, 0x53, 0x2c, 0x36, 0x64, 0x5d, + 0x38, 0xb7, 0x6f, 0xd7}, + false, + false}, + + // Comment: edge case intermediate sums in poly1305 + {145, + {0x93, 0x94, 0x28, 0xd0, 0x79, 0x35, 0x1f, 0x66, 0x5c, 0xd0, 0x01, 0x35, + 0x43, 0x19, 0x87, 0x5c, 0x62, 0x48, 0x39, 0x60, 0x42, 0x16, 0xe4, 0x03, + 0xeb, 0xcc, 0x6a, 0xf5, 0x59, 0xec, 0x8b, 0x43, 0x97, 0x7a, 0xed, 0x35, + 0xcb, 0x5a, 0x2f, 0xca, 0xa0, 0x34, 0x6e, 0xfb, 0x93, 0x65, 0x54, 0x64, + 0xd8, 0xc8, 0xc3, 0xfa, 0x1a, 0x9e, 0x47, 0x4a, 0xbe, 0x52, 0xd0, 0x2c, + 0x81, 0x87, 0xe9, 0x0f, 0x4f, 0x2d, 0x90, 0x96, 0x52, 0x4f, 0xa1, 0xb2, + 0xb0, 0x23, 0xb8, 0xb2, 0x88, 0x22, 0x27, 0x73, 0x90, 0xec, 0xf2, 0x1a, + 0x04, 0xe6, 0x30, 0x85, 0x8b, 0xb6, 0x56, 0x52, 0xb5, 0xb1, 0x80, 0x16}, + {0xff, 0xff, 0xff, 0xff}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x4c, 0x2d, 0x52}, + {0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xe5, 0x8a, 0xf3, 0x69, 0xae, 0x0f, 0xc2, 0xf5, + 0x29, 0x0b, 0x7c, 0x7f, 0x65, 0x9c, 0x97, 0x04, 0xf7, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xbb, 0xc1, 0x0b, 0x84, 0x94, 0x8b, 0x5c, 0x8c, 0x2f, 0x0c, 0x72, 0x11, + 0x3e, 0xa9, 0xbd, 0x04, 0xf7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbb, 0xc1, 0x0b, 0x84, + 0x94, 0x8b, 0x5c, 0x8c, 0x2f, 0x0c, 0x72, 0x11, 0x3e, 0xa9, 0xbd, 0x04, + 0x73, 0xeb, 0x27, 0x24, 0xb5, 0xc4, 0x05, 0xf0, 0x4d, 0x00, 0xd0, 0xf1, + 0x58, 0x40, 0xa1, 0xc1}, + false, + false}, + + // Comment: invalid nonce size + {146, + {}, + {}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f}, + {}, + true, + true}, + + // Comment: invalid nonce size + {147, + {}, + {}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f}, + {}, + true, + true}, + + // Comment: invalid nonce size + {148, + {}, + {}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f}, + {}, + true, + true}, + + // Comment: invalid nonce size + {149, + {}, + {}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, + 0x5f, 0x5f}, + {}, + true, + true}, + + // Comment: invalid nonce size + {150, + {}, + {}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, + 0x5f, 0x5f, 0x5f, 0x5f}, + {}, + true, + true}}; + +#endif // chachapoly_vectors_h__ diff --git a/security/nss/gtests/common/testvectors/curve25519-vectors.h b/security/nss/gtests/common/testvectors/curve25519-vectors.h new file mode 100644 index 000000000..bf350cfa6 --- /dev/null +++ b/security/nss/gtests/common/testvectors/curve25519-vectors.h @@ -0,0 +1,1879 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef curve25519_vectors_h__ +#define curve25519_vectors_h__ + +#include <string> +#include <vector> + +typedef struct curve25519_testvector_str { + std::vector<uint8_t> private_key; + std::vector<uint8_t> public_key; + std::vector<uint8_t> secret; + bool valid; +} curve25519_testvector; + +const curve25519_testvector kCurve25519Vectors[] = { + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b, + 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, + 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42}, + true}, + + // A public key that's too short (31 bytes). + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x20, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b}, + {}, + false}, + + // A public key that's too long (33 bytes). + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34}, + {}, + false}, + + // A private key with leading zeros (they should not be stripped) + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x00, 0x99, 0xD1, 0x90, 0x60, 0xCF, 0x79, 0xF0, 0x6F, 0x4F, 0x2E, 0x47, + 0x97, 0x5B, 0x2A, 0x90, 0x01, 0x6C, 0x94, 0xF4, 0x3D, 0x94, 0x02, 0x57, + 0x13, 0xDB, 0xB2, 0xA3, 0xD9, 0x54, 0x0B, 0xE5, 0xa1, 0x23, 0x03, 0x21, + 0x05, 0x66, 0xA7, 0x26, 0xE0, 0xFC, 0x83, 0xEF, 0xA2, 0x56, 0xF4, 0xCC, + 0xEA, 0x71, 0x07, 0x4D, 0xBB, 0x5C, 0x76, 0x0A, 0x9F, 0xF4, 0x7E, 0x5C, + 0x5D, 0x4C, 0xB8, 0xDA, 0x9E, 0x44, 0x60, 0x52, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {0xB9, 0x4B, 0x92, 0xEA, 0xDA, 0x64, 0x40, 0xD3, 0x08, 0x63, 0x06, + 0x45, 0xF4, 0x4C, 0xCD, 0x19, 0x7B, 0xE6, 0x0A, 0xBC, 0x6C, 0x9D, + 0x96, 0x8F, 0x5D, 0x70, 0x44, 0x55, 0xD0, 0x1B, 0xEE, 0x4A}, + true}, + + // A private key that's too short + {{0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, + 0x47, 0x0F, 0x01, 0x04, 0x4B, 0x30, 0x49, 0x02, 0x01, 0x01, 0x04, 0x1F, + 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1, 0x72, 0x51, + 0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, 0x2A, 0xB1, + 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B, 0x7D, 0xDC, + 0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38, 0x1A, 0xF4, + 0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b, + 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, + 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42}, + false}, + + // A private key that's too long + {{0x30, 0x68, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, + 0x47, 0x0F, 0x01, 0x04, 0x4D, 0x30, 0x4B, 0x02, 0x01, 0x01, 0x04, 0x21, + 0x43, 0x77, 0x07, 0x6D, 0x0A, 0x73, 0x18, 0xA5, 0x7D, 0x3C, 0x16, 0xC1, + 0x72, 0x51, 0xB2, 0x66, 0x45, 0xDF, 0x4C, 0x2F, 0x87, 0xEB, 0xC0, 0x99, + 0x2A, 0xB1, 0x77, 0xFB, 0xA5, 0x1D, 0xB9, 0x2C, 0x2A, 0xA1, 0x23, 0x03, + 0x21, 0x00, 0x85, 0x20, 0xF0, 0x09, 0x89, 0x30, 0xA7, 0x54, 0x74, 0x8B, + 0x7D, 0xDC, 0xB4, 0x3E, 0xF7, 0x5A, 0x0D, 0xBF, 0x3A, 0x0D, 0x26, 0x38, + 0x1A, 0xF4, 0xEB, 0xA4, 0xA9, 0x8E, 0xAA, 0x9B, 0x4E, 0x6A}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b, + 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, + 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42}, + false}}; + +// Testvectors from project wycheproof +// <https://github.com/google/wycheproof> +const curve25519_testvector kCurve25519WycheproofVectors[] = { + + // Comment: normal case + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x48, 0x52, 0x83, 0x4d, 0x9d, 0x6b, 0x77, 0xda, 0xde, 0xab, 0xaa, 0xf2, + 0xe1, 0x1d, 0xca, 0x66, 0xd1, 0x9f, 0xe7, 0x49, 0x93, 0xa7, 0xbe, 0xc3, + 0x6c, 0x6e, 0x16, 0xa0, 0x98, 0x3f, 0xea, 0xba, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5, 0x8f, + 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9, 0x15, 0xc4, 0xb2, 0xe0, 0x8e, + 0x74, 0x4a, 0x0e, 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a}, + {0x87, 0xb7, 0xf2, 0x12, 0xb6, 0x27, 0xf7, 0xa5, 0x4c, 0xa5, 0xe0, + 0xbc, 0xda, 0xdd, 0xd5, 0x38, 0x9d, 0x9d, 0xe6, 0x15, 0x6c, 0xdb, + 0xcf, 0x8e, 0xbe, 0x14, 0xff, 0xbc, 0xfb, 0x43, 0x65, 0x51}, + true}, + + // Comment: normal case + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5, 0x8f, + 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9, 0x15, 0xc4, 0xb2, 0xe0, 0x8e, + 0x74, 0x4a, 0x0e, 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a}, + {0x4b, 0x82, 0xbd, 0x86, 0x50, 0xea, 0x9b, 0x81, 0xa4, 0x21, 0x81, + 0x84, 0x09, 0x26, 0xa4, 0xff, 0xa1, 0x64, 0x34, 0xd1, 0xbf, 0x29, + 0x8d, 0xe1, 0xdb, 0x87, 0xef, 0xb5, 0xb0, 0xa9, 0xe3, 0x4e}, + true}, + + // Comment: public key on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x58, 0x8c, 0x06, 0x1a, 0x50, 0x80, 0x4a, 0xc4, 0x88, 0xad, 0x77, 0x4a, + 0xc7, 0x16, 0xc3, 0xf5, 0xba, 0x71, 0x4b, 0x27, 0x12, 0xe0, 0x48, 0x49, + 0x13, 0x79, 0xa5, 0x00, 0x21, 0x19, 0x98, 0xa8, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x63, 0xaa, 0x40, 0xc6, 0xe3, 0x83, 0x46, 0xc5, 0xca, + 0xf2, 0x3a, 0x6d, 0xf0, 0xa5, 0xe6, 0xc8, 0x08, 0x89, 0xa0, 0x86, 0x47, + 0xe5, 0x51, 0xb3, 0x56, 0x34, 0x49, 0xbe, 0xfc, 0xfc, 0x97, 0x33}, + {0xb1, 0xa7, 0x07, 0x51, 0x94, 0x95, 0xff, 0xff, 0xb2, 0x98, 0xff, + 0x94, 0x17, 0x16, 0xb0, 0x6d, 0xfa, 0xb8, 0x7c, 0xf8, 0xd9, 0x11, + 0x23, 0xfe, 0x2b, 0xe9, 0xa2, 0x33, 0xdd, 0xa2, 0x22, 0x12}, + true}, + + // Comment: public key on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xb0, 0x5b, 0xfd, 0x32, 0xe5, 0x53, 0x25, 0xd9, 0xfd, 0x64, 0x8c, 0xb3, + 0x02, 0x84, 0x80, 0x39, 0x00, 0x0b, 0x39, 0x0e, 0x44, 0xd5, 0x21, 0xe5, + 0x8a, 0xab, 0x3b, 0x29, 0xa6, 0x96, 0x0b, 0xa8, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x0f, 0x83, 0xc3, 0x6f, 0xde, 0xd9, 0xd3, 0x2f, 0xad, + 0xf4, 0xef, 0xa3, 0xae, 0x93, 0xa9, 0x0b, 0xb5, 0xcf, 0xa6, 0x68, 0x93, + 0xbc, 0x41, 0x2c, 0x43, 0xfa, 0x72, 0x87, 0xdb, 0xb9, 0x97, 0x79}, + {0x67, 0xdd, 0x4a, 0x6e, 0x16, 0x55, 0x33, 0x53, 0x4c, 0x0e, 0x3f, + 0x17, 0x2e, 0x4a, 0xb8, 0x57, 0x6b, 0xca, 0x92, 0x3a, 0x5f, 0x07, + 0xb2, 0xc0, 0x69, 0xb4, 0xc3, 0x10, 0xff, 0x2e, 0x93, 0x5b}, + true}, + + // Comment: public key on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x70, 0xe3, 0x4b, 0xcb, 0xe1, 0xf4, 0x7f, 0xbc, 0x0f, 0xdd, 0xfd, 0x7c, + 0x1e, 0x1a, 0xa5, 0x3d, 0x57, 0xbf, 0xe0, 0xf6, 0x6d, 0x24, 0x30, 0x67, + 0xb4, 0x24, 0xbb, 0x62, 0x10, 0xbe, 0xd1, 0x9c, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x0b, 0x82, 0x11, 0xa2, 0xb6, 0x04, 0x90, 0x97, 0xf6, + 0x87, 0x1c, 0x6c, 0x05, 0x2d, 0x3c, 0x5f, 0xc1, 0xba, 0x17, 0xda, 0x9e, + 0x32, 0xae, 0x45, 0x84, 0x03, 0xb0, 0x5b, 0xb2, 0x83, 0x09, 0x2a}, + {0x4a, 0x06, 0x38, 0xcf, 0xaa, 0x9e, 0xf1, 0x93, 0x3b, 0x47, 0xf8, + 0x93, 0x92, 0x96, 0xa6, 0xb2, 0x5b, 0xe5, 0x41, 0xef, 0x7f, 0x70, + 0xe8, 0x44, 0xc0, 0xbc, 0xc0, 0x0b, 0x13, 0x4d, 0xe6, 0x4a}, + true}, + + // Comment: public key on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x68, 0xc1, 0xf3, 0xa6, 0x53, 0xa4, 0xcd, 0xb1, 0xd3, 0x7b, 0xba, 0x94, + 0x73, 0x8f, 0x8b, 0x95, 0x7a, 0x57, 0xbe, 0xb2, 0x4d, 0x64, 0x6e, 0x99, + 0x4d, 0xc2, 0x9a, 0x27, 0x6a, 0xad, 0x45, 0x8d, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x34, 0x3a, 0xc2, 0x0a, 0x3b, 0x9c, 0x6a, 0x27, 0xb1, + 0x00, 0x81, 0x76, 0x50, 0x9a, 0xd3, 0x07, 0x35, 0x85, 0x6e, 0xc1, 0xc8, + 0xd8, 0xfc, 0xae, 0x13, 0x91, 0x2d, 0x08, 0xd1, 0x52, 0xf4, 0x6c}, + {0x39, 0x94, 0x91, 0xfc, 0xe8, 0xdf, 0xab, 0x73, 0xb4, 0xf9, 0xf6, + 0x11, 0xde, 0x8e, 0xa0, 0xb2, 0x7b, 0x28, 0xf8, 0x59, 0x94, 0x25, + 0x0b, 0x0f, 0x47, 0x5d, 0x58, 0x5d, 0x04, 0x2a, 0xc2, 0x07}, + true}, + + // Comment: public key on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xd8, 0x77, 0xb2, 0x6d, 0x06, 0xdf, 0xf9, 0xd9, 0xf7, 0xfd, 0x4c, 0x5b, + 0x37, 0x69, 0xf8, 0xcd, 0xd5, 0xb3, 0x05, 0x16, 0xa5, 0xab, 0x80, 0x6b, + 0xe3, 0x24, 0xff, 0x3e, 0xb6, 0x9e, 0xa0, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xfa, 0x69, 0x5f, 0xc7, 0xbe, 0x8d, 0x1b, 0xe5, 0xbf, + 0x70, 0x48, 0x98, 0xf3, 0x88, 0xc4, 0x52, 0xba, 0xfd, 0xd3, 0xb8, 0xea, + 0xe8, 0x05, 0xf8, 0x68, 0x1a, 0x8d, 0x15, 0xc2, 0xd4, 0xe1, 0x42}, + {0x2c, 0x4f, 0xe1, 0x1d, 0x49, 0x0a, 0x53, 0x86, 0x17, 0x76, 0xb1, + 0x3b, 0x43, 0x54, 0xab, 0xd4, 0xcf, 0x5a, 0x97, 0x69, 0x9d, 0xb6, + 0xe6, 0xc6, 0x8c, 0x16, 0x26, 0xd0, 0x76, 0x62, 0xf7, 0x58}, + true}, + + // Comment: public key = 0 + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x20, 0x74, 0x94, 0x03, 0x8f, 0x2b, 0xb8, 0x11, 0xd4, 0x78, 0x05, 0xbc, + 0xdf, 0x04, 0xa2, 0xac, 0x58, 0x5a, 0xda, 0x7f, 0x2f, 0x23, 0x38, 0x9b, + 0xfd, 0x46, 0x58, 0xf9, 0xdd, 0xd4, 0xde, 0xbc, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key = 1 + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x20, 0x2e, 0x89, 0x72, 0xb6, 0x1c, 0x7e, 0x61, 0x93, 0x0e, 0xb9, 0x45, + 0x0b, 0x50, 0x70, 0xea, 0xe1, 0xc6, 0x70, 0x47, 0x56, 0x85, 0x54, 0x1f, + 0x04, 0x76, 0x21, 0x7e, 0x48, 0x18, 0xcf, 0xab, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x38, 0xdd, 0xe9, 0xf3, 0xe7, 0xb7, 0x99, 0x04, 0x5f, 0x9a, 0xc3, 0x79, + 0x3d, 0x4a, 0x92, 0x77, 0xda, 0xde, 0xad, 0xc4, 0x1b, 0xec, 0x02, 0x90, + 0xf8, 0x1f, 0x74, 0x4f, 0x73, 0x77, 0x5f, 0x84, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x9a, 0x2c, 0xfe, 0x84, 0xff, 0x9c, 0x4a, 0x97, 0x39, 0x62, 0x5c, + 0xae, 0x4a, 0x3b, 0x82, 0xa9, 0x06, 0x87, 0x7a, 0x44, 0x19, 0x46, + 0xf8, 0xd7, 0xb3, 0xd7, 0x95, 0xfe, 0x8f, 0x5d, 0x16, 0x39}, + true}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x98, 0x57, 0xa9, 0x14, 0xe3, 0xc2, 0x90, 0x36, 0xfd, 0x9a, 0x44, 0x2b, + 0xa5, 0x26, 0xb5, 0xcd, 0xcd, 0xf2, 0x82, 0x16, 0x15, 0x3e, 0x63, 0x6c, + 0x10, 0x67, 0x7a, 0xca, 0xb6, 0xbd, 0x6a, 0xa5, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x4d, 0xa4, 0xe0, 0xaa, 0x07, 0x2c, 0x23, 0x2e, 0xe2, 0xf0, 0xfa, + 0x4e, 0x51, 0x9a, 0xe5, 0x0b, 0x52, 0xc1, 0xed, 0xd0, 0x8a, 0x53, + 0x4d, 0x4e, 0xf3, 0x46, 0xc2, 0xe1, 0x06, 0xd2, 0x1d, 0x60}, + true}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x48, 0xe2, 0x13, 0x0d, 0x72, 0x33, 0x05, 0xed, 0x05, 0xe6, 0xe5, 0x89, + 0x4d, 0x39, 0x8a, 0x5e, 0x33, 0x36, 0x7a, 0x8c, 0x6a, 0xac, 0x8f, 0xcd, + 0xf0, 0xa8, 0x8e, 0x4b, 0x42, 0x82, 0x0d, 0xb7, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0xf8, 0xff, 0xff, + 0x1f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0xfe, 0xff, + 0xff, 0x07, 0x00, 0x00, 0xf0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00}, + {0x9e, 0xd1, 0x0c, 0x53, 0x74, 0x7f, 0x64, 0x7f, 0x82, 0xf4, 0x51, + 0x25, 0xd3, 0xde, 0x15, 0xa1, 0xe6, 0xb8, 0x24, 0x49, 0x6a, 0xb4, + 0x04, 0x10, 0xff, 0xcc, 0x3c, 0xfe, 0x95, 0x76, 0x0f, 0x3b}, + true}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x28, 0xf4, 0x10, 0x11, 0x69, 0x18, 0x51, 0xb3, 0xa6, 0x2b, 0x64, 0x15, + 0x53, 0xb3, 0x0d, 0x0d, 0xfd, 0xdc, 0xb8, 0xff, 0xfc, 0xf5, 0x37, 0x00, + 0xa7, 0xbe, 0x2f, 0x6a, 0x87, 0x2e, 0x9f, 0xb0, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0x07, 0x00, 0x00, + 0xe0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x01, 0x00, + 0x00, 0xf8, 0xff, 0xff, 0x0f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x7f}, + {0xcf, 0x72, 0xb4, 0xaa, 0x6a, 0xa1, 0xc9, 0xf8, 0x94, 0xf4, 0x16, + 0x5b, 0x86, 0x10, 0x9a, 0xa4, 0x68, 0x51, 0x76, 0x48, 0xe1, 0xf0, + 0xcc, 0x70, 0xe1, 0xab, 0x08, 0x46, 0x01, 0x76, 0x50, 0x6b}, + true}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x18, 0xa9, 0x3b, 0x64, 0x99, 0xb9, 0xf6, 0xb3, 0x22, 0x5c, 0xa0, 0x2f, + 0xef, 0x41, 0x0e, 0x0a, 0xde, 0xc2, 0x35, 0x32, 0x32, 0x1d, 0x2d, 0x8e, + 0xf1, 0xa6, 0xd6, 0x02, 0xa8, 0xc6, 0x5b, 0x83, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x7f}, + {0x5d, 0x50, 0xb6, 0x28, 0x36, 0xbb, 0x69, 0x57, 0x94, 0x10, 0x38, + 0x6c, 0xf7, 0xbb, 0x81, 0x1c, 0x14, 0xbf, 0x85, 0xb1, 0xc7, 0xb1, + 0x7e, 0x59, 0x24, 0xc7, 0xff, 0xea, 0x91, 0xef, 0x9e, 0x12}, + true}, + + // Comment: edge case on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc0, 0x1d, 0x13, 0x05, 0xa1, 0x33, 0x8a, 0x1f, 0xca, 0xc2, 0xba, 0x7e, + 0x2e, 0x03, 0x2b, 0x42, 0x7e, 0x0b, 0x04, 0x90, 0x31, 0x65, 0xac, 0xa9, + 0x57, 0xd8, 0xd0, 0x55, 0x3d, 0x87, 0x17, 0xb0, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x19, 0x23, 0x0e, 0xb1, 0x48, 0xd5, 0xd6, 0x7c, 0x3c, 0x22, 0xab, + 0x1d, 0xae, 0xff, 0x80, 0xa5, 0x7e, 0xae, 0x42, 0x65, 0xce, 0x28, + 0x72, 0x65, 0x7b, 0x2c, 0x80, 0x99, 0xfc, 0x69, 0x8e, 0x50}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x38, 0x6f, 0x7f, 0x16, 0xc5, 0x07, 0x31, 0xd6, 0x4f, 0x82, 0xe6, 0xa1, + 0x70, 0xb1, 0x42, 0xa4, 0xe3, 0x4f, 0x31, 0xfd, 0x77, 0x68, 0xfc, 0xb8, + 0x90, 0x29, 0x25, 0xe7, 0xd1, 0xe2, 0x1a, 0xbe, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x0f, 0xca, 0xb5, 0xd8, 0x42, 0xa0, 0x78, 0xd7, 0xa7, 0x1f, 0xc5, + 0x9b, 0x57, 0xbf, 0xb4, 0xca, 0x0b, 0xe6, 0x87, 0x3b, 0x49, 0xdc, + 0xdb, 0x9f, 0x44, 0xe1, 0x4a, 0xe8, 0xfb, 0xdf, 0xa5, 0x42}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xe0, 0x23, 0xa2, 0x89, 0xbd, 0x5e, 0x90, 0xfa, 0x28, 0x04, 0xdd, 0xc0, + 0x19, 0xa0, 0x5e, 0xf3, 0xe7, 0x9d, 0x43, 0x4b, 0xb6, 0xea, 0x2f, 0x52, + 0x2e, 0xcb, 0x64, 0x3a, 0x75, 0x29, 0x6e, 0x95, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, + 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00}, + {0x54, 0xce, 0x8f, 0x22, 0x75, 0xc0, 0x77, 0xe3, 0xb1, 0x30, 0x6a, + 0x39, 0x39, 0xc5, 0xe0, 0x3e, 0xef, 0x6b, 0xbb, 0x88, 0x06, 0x05, + 0x44, 0x75, 0x8d, 0x9f, 0xef, 0x59, 0xb0, 0xbc, 0x3e, 0x4f}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x68, 0xf0, 0x10, 0xd6, 0x2e, 0xe8, 0xd9, 0x26, 0x05, 0x3a, 0x36, 0x1c, + 0x3a, 0x75, 0xc6, 0xea, 0x4e, 0xbd, 0xc8, 0x60, 0x6a, 0xb2, 0x85, 0x00, + 0x3a, 0x6f, 0x8f, 0x40, 0x76, 0xb0, 0x1e, 0x83, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03}, + {0xf1, 0x36, 0x77, 0x5c, 0x5b, 0xeb, 0x0a, 0xf8, 0x11, 0x0a, 0xf1, + 0x0b, 0x20, 0x37, 0x23, 0x32, 0x04, 0x3c, 0xab, 0x75, 0x24, 0x19, + 0x67, 0x87, 0x75, 0xa2, 0x23, 0xdf, 0x57, 0xc9, 0xd3, 0x0d}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x58, 0xeb, 0xcb, 0x35, 0xb0, 0xf8, 0x84, 0x5c, 0xaf, 0x1e, 0xc6, 0x30, + 0xf9, 0x65, 0x76, 0xb6, 0x2c, 0x4b, 0x7b, 0x6c, 0x36, 0xb2, 0x9d, 0xeb, + 0x2c, 0xb0, 0x08, 0x46, 0x51, 0x75, 0x5c, 0x96, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xfb, 0xff, 0xff, 0xfb, 0xff, 0xff, + 0xdf, 0xff, 0xff, 0xdf, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xfe, 0xff, + 0xff, 0xf7, 0xff, 0xff, 0xf7, 0xff, 0xff, 0xbf, 0xff, 0xff, 0x3f}, + {0xbf, 0x9a, 0xff, 0xd0, 0x6b, 0x84, 0x40, 0x85, 0x58, 0x64, 0x60, + 0x96, 0x2e, 0xf2, 0x14, 0x6f, 0xf3, 0xd4, 0x53, 0x3d, 0x94, 0x44, + 0xaa, 0xb0, 0x06, 0xeb, 0x88, 0xcc, 0x30, 0x54, 0x40, 0x7d}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x18, 0x8c, 0x4b, 0xc5, 0xb9, 0xc4, 0x4b, 0x38, 0xbb, 0x65, 0x8b, 0x9b, + 0x2a, 0xe8, 0x2d, 0x5b, 0x01, 0x01, 0x5e, 0x09, 0x31, 0x84, 0xb1, 0x7c, + 0xb7, 0x86, 0x35, 0x03, 0xa7, 0x83, 0xe1, 0xbb, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f}, + {0xd4, 0x80, 0xde, 0x04, 0xf6, 0x99, 0xcb, 0x3b, 0xe0, 0x68, 0x4a, + 0x9c, 0xc2, 0xe3, 0x12, 0x81, 0xea, 0x0b, 0xc5, 0xa9, 0xdc, 0xc1, + 0x57, 0xd3, 0xd2, 0x01, 0x58, 0xd4, 0x6c, 0xa5, 0x24, 0x6d}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xe0, 0x6c, 0x11, 0xbb, 0x2e, 0x13, 0xce, 0x3d, 0xc7, 0x67, 0x3f, 0x67, + 0xf5, 0x48, 0x22, 0x42, 0x90, 0x94, 0x23, 0xa9, 0xae, 0x95, 0xee, 0x98, + 0x6a, 0x98, 0x8d, 0x98, 0xfa, 0xee, 0x23, 0xa2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0xff, + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f}, + {0x4c, 0x44, 0x01, 0xcc, 0xe6, 0xb5, 0x1e, 0x4c, 0xb1, 0x8f, 0x27, + 0x90, 0x24, 0x6c, 0x9b, 0xf9, 0x14, 0xdb, 0x66, 0x77, 0x50, 0xa1, + 0xcb, 0x89, 0x06, 0x90, 0x92, 0xaf, 0x07, 0x29, 0x22, 0x76}, + true}, + + // Comment: edge case for public key + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc0, 0x65, 0x8c, 0x46, 0xdd, 0xe1, 0x81, 0x29, 0x29, 0x38, 0x77, 0x53, + 0x5b, 0x11, 0x62, 0xb6, 0xf9, 0xf5, 0x41, 0x4a, 0x23, 0xcf, 0x4d, 0x2c, + 0xbc, 0x14, 0x0a, 0x4d, 0x99, 0xda, 0x2b, 0x8f, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x57, 0x8b, 0xa8, 0xcc, 0x2d, 0xbd, 0xc5, 0x75, 0xaf, 0xcf, 0x9d, + 0xf2, 0xb3, 0xee, 0x61, 0x89, 0xf5, 0x33, 0x7d, 0x68, 0x54, 0xc7, + 0x9b, 0x4c, 0xe1, 0x65, 0xea, 0x12, 0x29, 0x3b, 0x3a, 0x0f}, + true}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x25, 0x5c, 0x92, 0x30, 0xa9, 0x7a, 0x30, 0xa4, 0x58, 0xca, 0x28, + 0x4a, 0x62, 0x96, 0x69, 0x29, 0x3a, 0x31, 0x89, 0x0c, 0xda, 0x9d, 0x14, + 0x7f, 0xeb, 0xc7, 0xd1, 0xe2, 0x2d, 0x6b, 0xb1, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, + 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, + 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x78, 0xf1, 0xe8, 0xed, 0xf1, 0x44, 0x81, 0xb3, 0x89, 0x44, 0x8d, 0xac, + 0x8f, 0x59, 0xc7, 0x0b, 0x03, 0x8e, 0x7c, 0xf9, 0x2e, 0xf2, 0xc7, 0xef, + 0xf5, 0x7a, 0x72, 0x46, 0x6e, 0x11, 0x52, 0x96, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, + 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, + 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa0, 0x5a, 0x3e, 0x8f, 0x9f, 0x44, 0x20, 0x4d, 0x5f, 0x80, 0x59, + 0xa9, 0x4a, 0xc7, 0xdf, 0xc3, 0x9a, 0x49, 0xac, 0x01, 0x6d, 0xd7, 0x43, + 0xdb, 0xfa, 0x43, 0xc5, 0xd6, 0x71, 0xfd, 0x88, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xd0, 0xdb, 0xb3, 0xed, 0x19, 0x06, 0x66, 0x3f, 0x15, 0x42, 0x0a, 0xf3, + 0x1f, 0x4e, 0xaf, 0x65, 0x09, 0xd9, 0xa9, 0x94, 0x97, 0x23, 0x50, 0x06, + 0x05, 0xad, 0x7c, 0x1c, 0x6e, 0x74, 0x50, 0xa9, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc0, 0xb1, 0xd0, 0xeb, 0x22, 0xb2, 0x44, 0xfe, 0x32, 0x91, 0x14, 0x00, + 0x72, 0xcd, 0xd9, 0xd9, 0x89, 0xb5, 0xf0, 0xec, 0xd9, 0x6c, 0x10, 0x0f, + 0xeb, 0x5b, 0xca, 0x24, 0x1c, 0x1d, 0x9f, 0x8f, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x48, 0x0b, 0xf4, 0x5f, 0x59, 0x49, 0x42, 0xa8, 0xbc, 0x0f, 0x33, 0x53, + 0xc6, 0xe8, 0xb8, 0x85, 0x3d, 0x77, 0xf3, 0x51, 0xf1, 0xc2, 0xca, 0x6c, + 0x2d, 0x1a, 0xbf, 0x8a, 0x00, 0xb4, 0x22, 0x9c, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x30, 0xf9, 0x93, 0xfc, 0xf8, 0x51, 0x4f, 0xc8, 0x9b, 0xd8, 0xdb, 0x14, + 0xcd, 0x43, 0xba, 0x0d, 0x4b, 0x25, 0x30, 0xe7, 0x3c, 0x42, 0x76, 0xa0, + 0x5e, 0x1b, 0x14, 0x5d, 0x42, 0x0c, 0xed, 0xb4, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc0, 0x49, 0x74, 0xb7, 0x58, 0x38, 0x0e, 0x2a, 0x5b, 0x5d, 0xf6, 0xeb, + 0x09, 0xbb, 0x2f, 0x6b, 0x34, 0x34, 0xf9, 0x82, 0x72, 0x2a, 0x8e, 0x67, + 0x6d, 0x3d, 0xa2, 0x51, 0xd1, 0xb3, 0xde, 0x83, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, + 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, + 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x50, 0x2a, 0x31, 0x37, 0x3d, 0xb3, 0x24, 0x46, 0x84, 0x2f, 0xe5, 0xad, + 0xd3, 0xe0, 0x24, 0x02, 0x2e, 0xa5, 0x4f, 0x27, 0x41, 0x82, 0xaf, 0xc3, + 0xd9, 0xf1, 0xbb, 0x3d, 0x39, 0x53, 0x4e, 0xb5, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, + 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, + 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x90, 0xfa, 0x64, 0x17, 0xb0, 0xe3, 0x70, 0x30, 0xfd, 0x6e, 0x43, 0xef, + 0xf2, 0xab, 0xae, 0xf1, 0x4c, 0x67, 0x93, 0x11, 0x7a, 0x03, 0x9c, 0xf6, + 0x21, 0x31, 0x8b, 0xa9, 0x0f, 0x4e, 0x98, 0xbe, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x78, 0xad, 0x3f, 0x26, 0x02, 0x7f, 0x1c, 0x9f, 0xdd, 0x97, 0x5a, 0x16, + 0x13, 0xb9, 0x47, 0x77, 0x9b, 0xad, 0x2c, 0xf2, 0xb7, 0x41, 0xad, 0xe0, + 0x18, 0x40, 0x88, 0x5a, 0x30, 0xbb, 0x97, 0x9c, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x98, 0xe2, 0x3d, 0xe7, 0xb1, 0xe0, 0x92, 0x6e, 0xd9, 0xc8, 0x7e, 0x7b, + 0x14, 0xba, 0xf5, 0x5f, 0x49, 0x7a, 0x1d, 0x70, 0x96, 0xf9, 0x39, 0x77, + 0x68, 0x0e, 0x44, 0xdc, 0x1c, 0x7b, 0x7b, 0x8b, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, + 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, + 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, + 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, + 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, + 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, + 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, + 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, + 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key with low order + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x10, 0x64, 0xa6, 0x7d, 0xa6, 0x39, 0xa8, 0xf6, 0xdf, 0x4f, 0xbe, 0xa2, + 0xd6, 0x33, 0x58, 0xb6, 0x5b, 0xca, 0x80, 0xa7, 0x70, 0x71, 0x2e, 0x14, + 0xea, 0x8a, 0x72, 0xdf, 0x5a, 0x33, 0x13, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + false}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xf0, 0x1e, 0x48, 0xda, 0xfa, 0xc9, 0xd7, 0xbc, 0xf5, 0x89, 0xcb, 0xc3, + 0x82, 0xc8, 0x78, 0xd1, 0x8b, 0xda, 0x35, 0x50, 0x58, 0x9f, 0xfb, 0x5d, + 0x50, 0xb5, 0x23, 0xbe, 0xbe, 0x32, 0x9d, 0xae, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0xbd, 0x36, 0xa0, 0x79, 0x0e, 0xb8, 0x83, 0x09, 0x8c, 0x98, 0x8b, + 0x21, 0x78, 0x67, 0x73, 0xde, 0x0b, 0x3a, 0x4d, 0xf1, 0x62, 0x28, + 0x2c, 0xf1, 0x10, 0xde, 0x18, 0xdd, 0x48, 0x4c, 0xe7, 0x4b}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x28, 0x87, 0x96, 0xbc, 0x5a, 0xff, 0x4b, 0x81, 0xa3, 0x75, 0x01, 0x75, + 0x7b, 0xc0, 0x75, 0x3a, 0x3c, 0x21, 0x96, 0x47, 0x90, 0xd3, 0x86, 0x99, + 0x30, 0x8d, 0xeb, 0xc1, 0x7a, 0x6e, 0xaf, 0x8d, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0xb4, 0xe0, 0xdd, 0x76, 0xda, 0x7b, 0x07, 0x17, 0x28, 0xb6, 0x1f, + 0x85, 0x67, 0x71, 0xaa, 0x35, 0x6e, 0x57, 0xed, 0xa7, 0x8a, 0x5b, + 0x16, 0x55, 0xcc, 0x38, 0x20, 0xfb, 0x5f, 0x85, 0x4c, 0x5c}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x98, 0xdf, 0x84, 0x5f, 0x66, 0x51, 0xbf, 0x11, 0x38, 0x22, 0x1f, 0x11, + 0x90, 0x41, 0xf7, 0x2b, 0x6d, 0xbc, 0x3c, 0x4a, 0xce, 0x71, 0x43, 0xd9, + 0x9f, 0xd5, 0x5a, 0xd8, 0x67, 0x48, 0x0d, 0xa8, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x6f, 0xdf, 0x6c, 0x37, 0x61, 0x1d, 0xbd, 0x53, 0x04, 0xdc, 0x0f, + 0x2e, 0xb7, 0xc9, 0x51, 0x7e, 0xb3, 0xc5, 0x0e, 0x12, 0xfd, 0x05, + 0x0a, 0xc6, 0xde, 0xc2, 0x70, 0x71, 0xd4, 0xbf, 0xc0, 0x34}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xf0, 0x94, 0x98, 0xe4, 0x6f, 0x02, 0xf8, 0x78, 0x82, 0x9e, 0x78, 0xb8, + 0x03, 0xd3, 0x16, 0xa2, 0xed, 0x69, 0x5d, 0x04, 0x98, 0xa0, 0x8a, 0xbd, + 0xf8, 0x27, 0x69, 0x30, 0xe2, 0x4e, 0xdc, 0xb0, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + {0x4c, 0x8f, 0xc4, 0xb1, 0xc6, 0xab, 0x88, 0xfb, 0x21, 0xf1, 0x8f, + 0x6d, 0x4c, 0x81, 0x02, 0x40, 0xd4, 0xe9, 0x46, 0x51, 0xba, 0x44, + 0xf7, 0xa2, 0xc8, 0x63, 0xce, 0xc7, 0xdc, 0x56, 0x60, 0x2d}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x18, 0x13, 0xc1, 0x0a, 0x5c, 0x7f, 0x21, 0xf9, 0x6e, 0x17, 0xf2, 0x88, + 0xc0, 0xcc, 0x37, 0x60, 0x7c, 0x04, 0xc5, 0xf5, 0xae, 0xa2, 0xdb, 0x13, + 0x4f, 0x9e, 0x2f, 0xfc, 0x66, 0xbd, 0x9d, 0xb8, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x1c, 0xd0, 0xb2, 0x82, 0x67, 0xdc, 0x54, 0x1c, 0x64, 0x2d, 0x6d, + 0x7d, 0xca, 0x44, 0xa8, 0xb3, 0x8a, 0x63, 0x73, 0x6e, 0xef, 0x5c, + 0x4e, 0x65, 0x01, 0xff, 0xbb, 0xb1, 0x78, 0x0c, 0x03, 0x3c}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x78, 0x57, 0xfb, 0x80, 0x86, 0x53, 0x64, 0x5a, 0x0b, 0xeb, 0x13, 0x8a, + 0x64, 0xf5, 0xf4, 0xd7, 0x33, 0xa4, 0x5e, 0xa8, 0x4c, 0x3c, 0xda, 0x11, + 0xa9, 0xc0, 0x6f, 0x7e, 0x71, 0x39, 0x14, 0x9e, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x87, 0x55, 0xbe, 0x01, 0xc6, 0x0a, 0x7e, 0x82, 0x5c, 0xff, 0x3e, + 0x0e, 0x78, 0xcb, 0x3a, 0xa4, 0x33, 0x38, 0x61, 0x51, 0x6a, 0xa5, + 0x9b, 0x1c, 0x51, 0xa8, 0xb2, 0xa5, 0x43, 0xdf, 0xa8, 0x22}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xe0, 0x3a, 0xa8, 0x42, 0xe2, 0xab, 0xc5, 0x6e, 0x81, 0xe8, 0x7b, 0x8b, + 0x9f, 0x41, 0x7b, 0x2a, 0x1e, 0x59, 0x13, 0xc7, 0x23, 0xee, 0xd2, 0x8d, + 0x75, 0x2f, 0x8d, 0x47, 0xa5, 0x9f, 0x49, 0x8f, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80}, + {0x54, 0xc9, 0xa1, 0xed, 0x95, 0xe5, 0x46, 0xd2, 0x78, 0x22, 0xa3, + 0x60, 0x93, 0x1d, 0xda, 0x60, 0xa1, 0xdf, 0x04, 0x9d, 0xa6, 0xf9, + 0x04, 0x25, 0x3c, 0x06, 0x12, 0xbb, 0xdc, 0x08, 0x74, 0x76}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xf8, 0xf7, 0x07, 0xb7, 0x99, 0x9b, 0x18, 0xcb, 0x0d, 0x6b, 0x96, 0x12, + 0x4f, 0x20, 0x45, 0x97, 0x2c, 0xa2, 0x74, 0xbf, 0xc1, 0x54, 0xad, 0x0c, + 0x87, 0x03, 0x8c, 0x24, 0xc6, 0xd0, 0xd4, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xcc, 0x1f, 0x40, 0xd7, 0x43, 0xcd, 0xc2, 0x23, 0x0e, 0x10, 0x43, + 0xda, 0xba, 0x8b, 0x75, 0xe8, 0x10, 0xf1, 0xfb, 0xab, 0x7f, 0x25, + 0x52, 0x69, 0xbd, 0x9e, 0xbb, 0x29, 0xe6, 0xbf, 0x49, 0x4f}, + false}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0x34, 0xf6, 0x84, 0xfa, 0x63, 0x1e, 0x1a, 0x34, 0x81, 0x18, 0xc1, + 0xce, 0x4c, 0x98, 0x23, 0x1f, 0x2d, 0x9e, 0xec, 0x9b, 0xa5, 0x36, 0x5b, + 0x4a, 0x05, 0xd6, 0x9a, 0x78, 0x5b, 0x07, 0x96, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x54, 0x99, 0x8e, 0xe4, 0x3a, 0x5b, 0x00, 0x7b, 0xf4, 0x99, 0xf0, + 0x78, 0xe7, 0x36, 0x52, 0x44, 0x00, 0xa8, 0xb5, 0xc7, 0xe9, 0xb9, + 0xb4, 0x37, 0x71, 0x74, 0x8c, 0x7c, 0xdf, 0x88, 0x04, 0x12}, + false}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x30, 0xb6, 0xc6, 0xa0, 0xf2, 0xff, 0xa6, 0x80, 0x76, 0x8f, 0x99, 0x2b, + 0xa8, 0x9e, 0x15, 0x2d, 0x5b, 0xc9, 0x89, 0x3d, 0x38, 0xc9, 0x11, 0x9b, + 0xe4, 0xf7, 0x67, 0xbf, 0xab, 0x6e, 0x0c, 0xa5, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xdc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xea, 0xd9, 0xb3, 0x8e, 0xfd, 0xd7, 0x23, 0x63, 0x79, 0x34, 0xe5, + 0x5a, 0xb7, 0x17, 0xa7, 0xae, 0x09, 0xeb, 0x86, 0xa2, 0x1d, 0xc3, + 0x6a, 0x3f, 0xee, 0xb8, 0x8b, 0x75, 0x9e, 0x39, 0x1e, 0x09}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x90, 0x1b, 0x9d, 0xcf, 0x88, 0x1e, 0x01, 0xe0, 0x27, 0x57, 0x50, 0x35, + 0xd4, 0x0b, 0x43, 0xbd, 0xc1, 0xc5, 0x24, 0x2e, 0x03, 0x08, 0x47, 0x49, + 0x5b, 0x0c, 0x72, 0x86, 0x46, 0x9b, 0x65, 0x91, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x60, 0x2f, 0xf4, 0x07, 0x89, 0xb5, 0x4b, 0x41, 0x80, 0x59, 0x15, + 0xfe, 0x2a, 0x62, 0x21, 0xf0, 0x7a, 0x50, 0xff, 0xc2, 0xc3, 0xfc, + 0x94, 0xcf, 0x61, 0xf1, 0x3d, 0x79, 0x04, 0xe8, 0x8e, 0x0e}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x80, 0x46, 0x67, 0x7c, 0x28, 0xfd, 0x82, 0xc9, 0xa1, 0xbd, 0xb7, 0x1a, + 0x1a, 0x1a, 0x34, 0xfa, 0xba, 0x12, 0x25, 0xe2, 0x50, 0x7f, 0xe3, 0xf5, + 0x4d, 0x10, 0xbd, 0x5b, 0x0d, 0x86, 0x5f, 0x8e, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xe0, 0x0a, 0xe8, 0xb1, 0x43, 0x47, 0x12, 0x47, 0xba, 0x24, 0xf1, + 0x2c, 0x88, 0x55, 0x36, 0xc3, 0xcb, 0x98, 0x1b, 0x58, 0xe1, 0xe5, + 0x6b, 0x2b, 0xaf, 0x35, 0xc1, 0x2a, 0xe1, 0xf7, 0x9c, 0x26}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x60, 0x2f, 0x7e, 0x2f, 0x68, 0xa8, 0x46, 0xb8, 0x2c, 0xc2, 0x69, 0xb1, + 0xd4, 0x8e, 0x93, 0x98, 0x86, 0xae, 0x54, 0xfd, 0x63, 0x6c, 0x1f, 0xe0, + 0x74, 0xd7, 0x10, 0x12, 0x7d, 0x47, 0x24, 0x91, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x98, 0xcb, 0x9b, 0x50, 0xdd, 0x3f, 0xc2, 0xb0, 0xd4, 0xf2, 0xd2, + 0xbf, 0x7c, 0x5c, 0xfd, 0xd1, 0x0c, 0x8f, 0xcd, 0x31, 0xfc, 0x40, + 0xaf, 0x1a, 0xd4, 0x4f, 0x47, 0xc1, 0x31, 0x37, 0x63, 0x62}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x60, 0x88, 0x7b, 0x3d, 0xc7, 0x24, 0x43, 0x02, 0x6e, 0xbe, 0xdb, 0xbb, + 0xb7, 0x06, 0x65, 0xf4, 0x2b, 0x87, 0xad, 0xd1, 0x44, 0x0e, 0x77, 0x68, + 0xfb, 0xd7, 0xe8, 0xe2, 0xce, 0x5f, 0x63, 0x9d, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x38, 0xd6, 0x30, 0x4c, 0x4a, 0x7e, 0x6d, 0x9f, 0x79, 0x59, 0x33, + 0x4f, 0xb5, 0x24, 0x5b, 0xd2, 0xc7, 0x54, 0x52, 0x5d, 0x4c, 0x91, + 0xdb, 0x95, 0x02, 0x06, 0x92, 0x62, 0x34, 0xc1, 0xf6, 0x33}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x78, 0xd3, 0x1d, 0xfa, 0x85, 0x44, 0x97, 0xd7, 0x2d, 0x8d, 0xef, 0x8a, + 0x1b, 0x7f, 0xb0, 0x06, 0xce, 0xc2, 0xd8, 0xc4, 0x92, 0x46, 0x47, 0xc9, + 0x38, 0x14, 0xae, 0x56, 0xfa, 0xed, 0xa4, 0x95, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x78, 0x6c, 0xd5, 0x49, 0x96, 0xf0, 0x14, 0xa5, 0xa0, 0x31, 0xec, + 0x14, 0xdb, 0x81, 0x2e, 0xd0, 0x83, 0x55, 0x06, 0x1f, 0xdb, 0x5d, + 0xe6, 0x80, 0xa8, 0x00, 0xac, 0x52, 0x1f, 0x31, 0x8e, 0x23}, + true}, + + // Comment: public key >= p + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc0, 0x4c, 0x5b, 0xae, 0xfa, 0x83, 0x02, 0xdd, 0xde, 0xd6, 0xa4, 0xbb, + 0x95, 0x77, 0x61, 0xb4, 0xeb, 0x97, 0xae, 0xfa, 0x4f, 0xc3, 0xb8, 0x04, + 0x30, 0x85, 0xf9, 0x6a, 0x56, 0x59, 0xb3, 0xa5, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x29, 0xae, 0x8b, 0xc7, 0x3e, 0x9b, 0x10, 0xa0, 0x8b, 0x4f, 0x68, + 0x1c, 0x43, 0xc3, 0xe0, 0xac, 0x1a, 0x17, 0x1d, 0x31, 0xb3, 0x8f, + 0x1a, 0x48, 0xef, 0xba, 0x29, 0xae, 0x63, 0x9e, 0xa1, 0x34}, + true}, + + // Comment: RFC 7748 + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 0x3b, 0x16, 0x15, 0x4b, + 0x82, 0x46, 0x5e, 0xdd, 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18, + 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0x44, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 0x35, + 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 0x72, 0x66, 0x24, 0xec, 0x26, + 0xb3, 0x35, 0x3b, 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c}, + {0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 0x8e, 0x94, 0xea, + 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, + 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52}, + true}, + + // Comment: RFC 7748 + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x48, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c, 0x5a, 0xd2, 0x26, 0x91, + 0x95, 0x7d, 0x6a, 0xf5, 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4, + 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x4d, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3, 0xf4, + 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c, 0x31, 0xdb, 0xe7, 0x10, 0x6f, + 0xc0, 0x3c, 0x3e, 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x13}, + {0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d, 0x7a, 0xad, 0xe4, + 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, + 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x0a, 0xb4, 0xe7, 0x63, 0x80, 0xd8, 0x4d, 0xde, 0x4f, + 0x68, 0x33, 0xc5, 0x8f, 0x2a, 0x9f, 0xb8, 0xf8, 0x3b, 0xb0, 0x16, 0x9b, + 0x17, 0x2b, 0xe4, 0xb6, 0xe0, 0x59, 0x28, 0x87, 0x74, 0x1a, 0x36}, + {0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x89, 0xe1, 0x0d, 0x57, 0x01, 0xb4, 0x33, 0x7d, 0x2d, + 0x03, 0x21, 0x81, 0x53, 0x8b, 0x10, 0x64, 0xbd, 0x40, 0x84, 0x40, 0x1c, + 0xec, 0xa1, 0xfd, 0x12, 0x66, 0x3a, 0x19, 0x59, 0x38, 0x80, 0x00}, + {0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x2b, 0x55, 0xd3, 0xaa, 0x4a, 0x8f, 0x80, 0xc8, 0xc0, + 0xb2, 0xae, 0x5f, 0x93, 0x3e, 0x85, 0xaf, 0x49, 0xbe, 0xac, 0x36, 0xc2, + 0xfa, 0x73, 0x94, 0xba, 0xb7, 0x6c, 0x89, 0x33, 0xf8, 0xf8, 0x1d}, + {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x63, 0xe5, 0xb1, 0xfe, 0x96, 0x01, 0xfe, 0x84, 0x38, + 0x5d, 0x88, 0x66, 0xb0, 0x42, 0x12, 0x62, 0xf7, 0x8f, 0xbf, 0xa5, 0xaf, + 0xf9, 0x58, 0x5e, 0x62, 0x66, 0x79, 0xb1, 0x85, 0x47, 0xd9, 0x59}, + {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xe4, 0x28, 0xf3, 0xda, 0xc1, 0x78, 0x09, 0xf8, 0x27, + 0xa5, 0x22, 0xce, 0x32, 0x35, 0x50, 0x58, 0xd0, 0x73, 0x69, 0x36, 0x4a, + 0xa7, 0x89, 0x02, 0xee, 0x10, 0x13, 0x9b, 0x9f, 0x9d, 0xd6, 0x53}, + {0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xb3, 0xb5, 0x0e, 0x3e, 0xd3, 0xa4, 0x07, 0xb9, 0x5d, + 0xe9, 0x42, 0xef, 0x74, 0x57, 0x5b, 0x5a, 0xb8, 0xa1, 0x0c, 0x09, 0xee, + 0x10, 0x35, 0x44, 0xd6, 0x0b, 0xdf, 0xed, 0x81, 0x38, 0xab, 0x2b}, + {0xf9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x21, 0x3f, 0xff, 0xe9, 0x3d, 0x5e, 0xa8, 0xcd, 0x24, + 0x2e, 0x46, 0x28, 0x44, 0x02, 0x99, 0x22, 0xc4, 0x3c, 0x77, 0xc9, 0xe3, + 0xe4, 0x2f, 0x56, 0x2f, 0x48, 0x5d, 0x24, 0xc5, 0x01, 0xa2, 0x0b}, + {0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x91, 0xb2, 0x32, 0xa1, 0x78, 0xb3, 0xcd, 0x53, 0x09, + 0x32, 0x44, 0x1e, 0x61, 0x39, 0x41, 0x8f, 0x72, 0x17, 0x22, 0x92, 0xf1, + 0xda, 0x4c, 0x18, 0x34, 0xfc, 0x5e, 0xbf, 0xef, 0xb5, 0x1e, 0x3f}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x04, 0x5c, 0x6e, 0x11, 0xc5, 0xd3, 0x32, 0x55, 0x6c, + 0x78, 0x22, 0xfe, 0x94, 0xeb, 0xf8, 0x9b, 0x56, 0xa3, 0x87, 0x8d, 0xc2, + 0x7c, 0xa0, 0x79, 0x10, 0x30, 0x58, 0x84, 0x9f, 0xab, 0xcb, 0x4f}, + {0xe5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x1c, 0xa2, 0x19, 0x0b, 0x71, 0x16, 0x35, 0x39, 0x06, + 0x3c, 0x35, 0x77, 0x3b, 0xda, 0x0c, 0x9c, 0x92, 0x8e, 0x91, 0x36, 0xf0, + 0x62, 0x0a, 0xeb, 0x09, 0x3f, 0x09, 0x91, 0x97, 0xb7, 0xf7, 0x4e}, + {0xe3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xf7, 0x6e, 0x90, 0x10, 0xac, 0x33, 0xc5, 0x04, 0x3b, + 0x2d, 0x3b, 0x76, 0xa8, 0x42, 0x17, 0x10, 0x00, 0xc4, 0x91, 0x62, 0x22, + 0xe9, 0xe8, 0x58, 0x97, 0xa0, 0xae, 0xc7, 0xf6, 0x35, 0x0b, 0x3c}, + {0xdd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xbb, 0x72, 0x68, 0x8d, 0x8f, 0x8a, 0xa7, 0xa3, 0x9c, + 0xd6, 0x06, 0x0c, 0xd5, 0xc8, 0x09, 0x3c, 0xde, 0xc6, 0xfe, 0x34, 0x19, + 0x37, 0xc3, 0x88, 0x6a, 0x99, 0x34, 0x6c, 0xd0, 0x7f, 0xaa, 0x55}, + {0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x88, 0xfd, 0xde, 0xa1, 0x93, 0x39, 0x1c, 0x6a, 0x59, + 0x33, 0xef, 0x9b, 0x71, 0x90, 0x15, 0x49, 0x44, 0x72, 0x05, 0xaa, 0xe9, + 0xda, 0x92, 0x8a, 0x6b, 0x91, 0xa3, 0x52, 0xba, 0x10, 0xf4, 0x1f}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02}, + true}, + + // Comment: edge case for shared secret + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 0xb1, 0xce, 0xdb, 0x7c, + 0xb8, 0x55, 0x84, 0xa3, 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x30, 0x3b, 0x39, 0x2f, 0x15, 0x31, 0x16, 0xca, 0xd9, + 0xcc, 0x68, 0x2a, 0x00, 0xcc, 0xc4, 0x4c, 0x95, 0xff, 0x0d, 0x3b, 0xbe, + 0x56, 0x8b, 0xeb, 0x6c, 0x4e, 0x73, 0x9b, 0xaf, 0xdc, 0x2c, 0x68}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00}, + true}, + + // Comment: checking for overflow + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9, + 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xfd, 0x30, 0x0a, 0xeb, 0x40, 0xe1, 0xfa, 0x58, 0x25, + 0x18, 0x41, 0x2b, 0x49, 0xb2, 0x08, 0xa7, 0x84, 0x2b, 0x1e, 0x1f, 0x05, + 0x6a, 0x04, 0x01, 0x78, 0xea, 0x41, 0x41, 0x53, 0x4f, 0x65, 0x2d}, + {0xb7, 0x34, 0x10, 0x5d, 0xc2, 0x57, 0x58, 0x5d, 0x73, 0xb5, 0x66, + 0xcc, 0xb7, 0x6f, 0x06, 0x27, 0x95, 0xcc, 0xbe, 0xc8, 0x91, 0x28, + 0xe5, 0x2b, 0x02, 0xf3, 0xe5, 0x96, 0x39, 0xf1, 0x3c, 0x46}, + true}, + + // Comment: checking for overflow + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9, + 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xc8, 0xef, 0x79, 0xb5, 0x14, 0xd7, 0x68, 0x26, 0x77, + 0xbc, 0x79, 0x31, 0xe0, 0x6e, 0xe5, 0xc2, 0x7c, 0x9b, 0x39, 0x2b, 0x4a, + 0xe9, 0x48, 0x44, 0x73, 0xf5, 0x54, 0xe6, 0x67, 0x8e, 0xcc, 0x2e}, + {0x64, 0x7a, 0x46, 0xb6, 0xfc, 0x3f, 0x40, 0xd6, 0x21, 0x41, 0xee, + 0x3c, 0xee, 0x70, 0x6b, 0x4d, 0x7a, 0x92, 0x71, 0x59, 0x3a, 0x7b, + 0x14, 0x3e, 0x8e, 0x2e, 0x22, 0x79, 0x88, 0x3e, 0x45, 0x50}, + true}, + + // Comment: checking for overflow + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9, + 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x64, 0xae, 0xac, 0x25, 0x04, 0x14, 0x48, 0x61, 0x53, + 0x2b, 0x7b, 0xbc, 0xb6, 0xc8, 0x7d, 0x67, 0xdd, 0x4c, 0x1f, 0x07, 0xeb, + 0xc2, 0xe0, 0x6e, 0xff, 0xb9, 0x5a, 0xec, 0xc6, 0x17, 0x0b, 0x2c}, + {0x4f, 0xf0, 0x3d, 0x5f, 0xb4, 0x3c, 0xd8, 0x65, 0x7a, 0x3c, 0xf3, + 0x7c, 0x13, 0x8c, 0xad, 0xce, 0xcc, 0xe5, 0x09, 0xe4, 0xeb, 0xa0, + 0x89, 0xd0, 0xef, 0x40, 0xb4, 0xe4, 0xfb, 0x94, 0x61, 0x55}, + true}, + + // Comment: checking for overflow + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9, + 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xbf, 0x68, 0xe3, 0x5e, 0x9b, 0xdb, 0x7e, 0xee, 0x1b, + 0x50, 0x57, 0x02, 0x21, 0x86, 0x0f, 0x5d, 0xcd, 0xad, 0x8a, 0xcb, 0xab, + 0x03, 0x1b, 0x14, 0x97, 0x4c, 0xc4, 0x90, 0x13, 0xc4, 0x98, 0x31}, + {0x21, 0xce, 0xe5, 0x2e, 0xfd, 0xbc, 0x81, 0x2e, 0x1d, 0x02, 0x1a, + 0x4a, 0xf1, 0xe1, 0xd8, 0xbc, 0x4d, 0xb3, 0xc4, 0x00, 0xe4, 0xd2, + 0xa2, 0xc5, 0x6a, 0x39, 0x26, 0xdb, 0x4d, 0x99, 0xc6, 0x5b}, + true}, + + // Comment: checking for overflow + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 0x31, 0x70, 0x3c, 0xc9, + 0x7e, 0x3a, 0x37, 0x8d, 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x53, 0x47, 0xc4, 0x91, 0x33, 0x1a, 0x64, 0xb4, 0x3d, + 0xdc, 0x68, 0x30, 0x34, 0xe6, 0x77, 0xf5, 0x3d, 0xc3, 0x2b, 0x52, 0xa5, + 0x2a, 0x57, 0x7c, 0x15, 0xa8, 0x3b, 0xf2, 0x98, 0xe9, 0x9f, 0x19}, + {0x18, 0xcb, 0x89, 0xe4, 0xe2, 0x0c, 0x0c, 0x2b, 0xd3, 0x24, 0x30, + 0x52, 0x45, 0x26, 0x6c, 0x93, 0x27, 0x69, 0x0b, 0xbe, 0x79, 0xac, + 0xb8, 0x8f, 0x5b, 0x8f, 0xb3, 0xf7, 0x4e, 0xca, 0x3e, 0x52}, + true}, + + // Comment: private key == -1 (mod order) + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xa0, 0x23, 0xcd, 0xd0, 0x83, 0xef, 0x5b, 0xb8, 0x2f, 0x10, 0xd6, 0x2e, + 0x59, 0xe1, 0x5a, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 0xe6, + 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57, 0x19, 0x2d, 0x80, 0x71, 0x7e, + 0xdc, 0x82, 0x8f, 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75}, + {0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 0xe6, 0x57, 0x19, + 0xfc, 0x69, 0x06, 0xc6, 0x57, 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, + 0x82, 0x8f, 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75}, + true}, + + // Comment: private key == 1 (mod order) on twist + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x58, 0x08, 0x3d, 0xd2, 0x61, 0xad, 0x91, 0xef, 0xf9, 0x52, 0x32, 0x2e, + 0xc8, 0x24, 0xc6, 0x82, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 0x2d, + 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6, 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, + 0x83, 0xef, 0x64, 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35}, + {0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 0x2d, 0x37, 0xd2, + 0x58, 0xf8, 0x73, 0xa8, 0xe6, 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, + 0xef, 0x64, 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35}, + true}}; + +#endif // curve25519_vectors_h__ diff --git a/security/nss/gtests/common/testvectors/gcm-vectors.h b/security/nss/gtests/common/testvectors/gcm-vectors.h new file mode 100644 index 000000000..f0b6cc7e3 --- /dev/null +++ b/security/nss/gtests/common/testvectors/gcm-vectors.h @@ -0,0 +1,1535 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This file is generated from sources in nss/gtests/common/wycheproof + * automatically and should not be touched manually. + * Generation is trigged by calling ./mach wycheproof */ + +#ifndef gcm_vectors_h__ +#define gcm_vectors_h__ + +#include <string> + +typedef struct gcm_kat_str { + uint32_t test_id; + std::string key; + std::string plaintext; + std::string additional_data; + std::string iv; + std::string hash_key; + std::string ghash; + std::string result; + bool invalid_ct; + bool invalid_iv; +} gcm_kat_value; + +/* + * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf + */ +const gcm_kat_value kGcmKatValues[] = { + {1, "00000000000000000000000000000000", "", "", "000000000000000000000000", + "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000", + "58e2fccefa7e3061367f1d57a4e7455a", false, false}, + + {2, "00000000000000000000000000000000", "00000000000000000000000000000000", + "", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e", + "f38cbb1ad69223dcc3457ae5b6b0f885", + "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf", false, + false}, + + {3, "feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78", + "7f1b32b81b820d02614f8895ac1d4eac", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" + "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c" + "f35abd2ba6fab4", + false, false}, + + {4, "feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f", + "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" + "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7" + "121a47", + false, false}, + + {5, "feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b", + "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e" + "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac" + "a2fccb", + false, false}, + + {6, "feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de", + "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f" + "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16" + "99d050", + false, false}, + + {7, "000000000000000000000000000000000000000000000000", "", "", + "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7", + "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435", + false, false}, + + {8, "000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", "", "000000000000000000000000", + "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce", + "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb", false, + false}, + + {9, "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249", + "51110d40f6c8fff0eb1ae33445a889f0", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" + "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1" + "18024db8674a14", + false, false}, + + {10, "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268", + "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" + "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d" + "27618c", + false, false}, + + {11, "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089", + "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9" + "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d" + "3533f8", + false, false}, + + {12, "feffe9928665731c6d6a8f9467308308feffe9928665731c", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94", + "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a" + "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3" + "76a6d9", + false, false}, + + {13, "0000000000000000000000000000000000000000000000000000000000000000", "", + "", "000000000000000000000000", "dc95c078a2408989ad48a21492842087", + "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b", + false, false}, + + {14, "0000000000000000000000000000000000000000000000000000000000000000", + "00000000000000000000000000000000", "", "000000000000000000000000", + "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92", + "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919", false, + false}, + + {15, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", + "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7", + "4db870d37cb75fcb46097c36230d1612", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" + "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec" + "1a502270e3cc6c", + false, false}, + + {16, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", + "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65", + "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" + "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb" + "2d551b", + false, false}, + + {17, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", + "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63", + "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33" + "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe" + "2ea8f2", + false, false}, + + {18, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" + "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", + "feedfacedeadbeeffeedfacedeadbeefabaddad2", + "9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515" + "6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b", + "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b", + "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78" + "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a" + "e9f19a", + false, false}, + + /* Extra, non-NIST, test case to test 64-bit binary multiplication carry + * correctness. This is a GHASH-only test. */ + {19, "", "", "", "", "0000000000000000fcefef64ffc4766c", + "3561e34e52d8b598f9937982512fff27", + "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000", false, + false}}; + +// Testvectors from project wycheproof +// <https://github.com/google/wycheproof> +const gcm_kat_value kGcmWycheproofVectors[] = { + {1, "5b9604fe14eadba931b0ccf34843dab9", "001d0c231287c1182784554ca3a21908", + "", "028318abc1824029138141a2", "", "0a3ea7a5487cb5f7d70fb6c58d038554", + "26073cc1d851beff176384dc9896d5ff0a3ea7a5487cb5f7d70fb6c58d038554", false, + false}, + + {2, "5b9604fe14eadba931b0ccf34843dab9", "001d0c231287c1182784554ca3a21908", + "00112233445566778899aabbccddeeff", "921d2507fa8007b7bd067d34", "", + "1e348ba07cca2cf04c618cb4d43a5b92", + "49d8b9783e911913d87094d1f63cc7651e348ba07cca2cf04c618cb4d43a5b92", false, + false}, + + {3, "aa023d0478dcb2b2312498293d9a9129", "2035af313d1346ab00154fea78322105", + "aac39231129872a2", "0432bc49ac34412081288127", "", + "4bb9b4812519dadf9e1232016d068133", + "eea945f3d0f98cc0fbab472a0cf24e874bb9b4812519dadf9e1232016d068133", false, + false}, + + {4, "384ea416ac3c2f51a76e7d8226346d4e", "35", "", + "b30c084727ad1c592ac21d12", "", "7c1e4ae88bb27e5638343cb9fd3f6337", + "547c1e4ae88bb27e5638343cb9fd3f6337", false, false}, + + {5, "cae31cd9f55526eb038241fc44cac1e5", "d10989f2c52e94ad", "", + "b5e006ded553110e6dc56529", "", "3b626940e0e9f0cbea8e18c437fd6011", + "a036ead03193903f3b626940e0e9f0cbea8e18c437fd6011", false, false}, + + {6, "dd6197cd63c963919cf0c273ef6b28bf", "4dcc1485365866e25ac3f2ca6aba97", + "", "ecb0c42f7000ef0e6f95f24d", "", "1486a91cccf92c9a5b00f7b0e034891c", + "8a9992388e735f80ee18f4a63c10ad1486a91cccf92c9a5b00f7b0e034891c", false, + false}, + + {7, "ffdf4228361ea1f8165852136b3480f7", "25b12e28ac0ef6ead0226a3b2288c800", + "", "0e1666f2dc652f7708fb8f0d", "", "1ee6513ce30c7873f59dd4350a588f42", + "f7bd379d130477176b8bb3cb23dbbbaa1ee6513ce30c7873f59dd4350a588f42", false, + false}, + + {8, "c15ed227dd2e237ecd087eaaaad19ea4", + "fee62fde973fe025ad6b322dcdf3c63fc7", "", "965ff6643116ac1443a2dec7", "", + "6cd8521422c0177e83ef1b7a845d97db", + "0de51fe4f7f2d1f0f917569f5c6d1b009c6cd8521422c0177e83ef1b7a845d97db", + false, false}, + + {9, "a8ee11b26d7ceb7f17eaa1e4b83a2cf6", + "c08f085e6a9e0ef3636280c11ecfadf0c1e72919ffc17eaf", "", + "fbbc04fd6e025b7193eb57f6", "", "f4eb193241226db017b32ec38ca47217", + "7cd9f4e4f365704fff3b9900aa93ba54b672bac554275650f4eb193241226db017b32ec38" + "ca47217", + false, false}, + + {10, "28ff3def08179311e2734c6d1c4e2871", + "dfc61a20df8505b53e3cd59f25770d5018add3d6", "c3", + "32bcb9b569e3b852d37c766a", "", "5901131d0760c8715901d881fdfd3bc0", + "f58d453212c2c8a436e9283672f579f1191229785901131d0760c8715901d881fdfd3bc0", + false, false}, + + {11, "e63a43216c08867210e248859eb5e99c", + "b14da56b0462dc05b871fc815273ff4810f92f4b", "834afdc5c737186b", + "9c3a4263d983456658aad4b1", "", "a97d25b490390b53c5db91f6ee2a15b8", + "bf864616c2347509ca9b10446379b9bdbb3b8f64a97d25b490390b53c5db91f6ee2a15b8", + false, false}, + + {12, "38449890234eb8afab0bbf82e2385454", + "f762776bf83163b323ca63a6b3adeac1e1357262", + "4020855c66ac4595058395f367201c4c", "33e90658416e7c1a7c005f11", "", + "b8bbdc4f5014bc752c8b4e9b87f650a3", + "a6f2ef3c7ef74a126dd2d5f6673964e27d5b34b6b8bbdc4f5014bc752c8b4e9b87f650a3", + false, false}, + + {13, "6a68671dfe323d419894381f85eb63fd", + "0fc67899c3f1bbe196d90f1eca3797389230aa37", + "76eb5f147250fa3c12bff0a6e3934a0b16860cf11646773b", + "9f0d85b605711f34cd2a35ba", "", "fce9a5b530c7d7af718be1ec0ae9ed4d", + "bd64802cfebaeb487d3a8f76ce943a37b3472dd5fce9a5b530c7d7af718be1ec0ae9ed4d", + false, false}, + + {14, "00112233445566778899aabbccddeeff", "ebd4a3e10cf6d41c50aeae007563b072", + "", "000000000000000000000000", "", "ffffffffffffffffffffffffffffffff", + "f62d84d649e56bc8cfedc5d74a51e2f7ffffffffffffffffffffffffffffffff", false, + false}, + + {15, "00112233445566778899aabbccddeeff", "d593c4d8224f1b100c35e4f6c4006543", + "", "ffffffffffffffffffffffff", "", "00000000000000000000000000000000", + "431f31e6840931fd95f94bf88296ff6900000000000000000000000000000000", false, + false}, + + {16, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d9847dbc326a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d9847dbc326a06e988c77ad3863e6083", true, + false}, + + {17, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "da847dbc326a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39da847dbc326a06e988c77ad3863e6083", true, + false}, + + {18, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "58847dbc326a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b3958847dbc326a06e988c77ad3863e6083", true, + false}, + + {19, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8857dbc326a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8857dbc326a06e988c77ad3863e6083", true, + false}, + + {20, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847d3c326a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847d3c326a06e988c77ad3863e6083", true, + false}, + + {21, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc336a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc336a06e988c77ad3863e6083", true, + false}, + + {22, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc306a06e988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc306a06e988c77ad3863e6083", true, + false}, + + {23, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a066988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a066988c77ad3863e6083", true, + false}, + + {24, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e989c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e989c77ad3863e6083", true, + false}, + + {25, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e908c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e908c77ad3863e6083", true, + false}, + + {26, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988e77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988e77ad3863e6083", true, + false}, + + {27, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77bd3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77bd3863e6083", true, + false}, + + {28, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3873e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3873e6083", true, + false}, + + {29, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3843e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3843e6083", true, + false}, + + {30, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3063e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3063e6083", true, + false}, + + {31, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6082", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6082", true, + false}, + + {32, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6081", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6081", true, + false}, + + {33, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e60c3", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e60c3", true, + false}, + + {34, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a06e988c77ad3863e6003", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a06e988c77ad3863e6003", true, + false}, + + {35, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d9847dbc326a06e989c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d9847dbc326a06e989c77ad3863e6083", true, + false}, + + {36, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847d3c326a066988c77ad3863e6083", + "eb156d081ed6b6b55f4612f021d87b39d8847d3c326a066988c77ad3863e6083", true, + false}, + + {37, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d8847dbc326a066988c77ad3863e6003", + "eb156d081ed6b6b55f4612f021d87b39d8847dbc326a066988c77ad3863e6003", true, + false}, + + {38, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "277b8243cd95f9167738852c79c19f7c", + "eb156d081ed6b6b55f4612f021d87b39277b8243cd95f9167738852c79c19f7c", true, + false}, + + {39, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "00000000000000000000000000000000", + "eb156d081ed6b6b55f4612f021d87b3900000000000000000000000000000000", true, + false}, + + {40, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "ffffffffffffffffffffffffffffffff", + "eb156d081ed6b6b55f4612f021d87b39ffffffffffffffffffffffffffffffff", true, + false}, + + {41, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "5804fd3cb2ea86690847fa5306bee003", + "eb156d081ed6b6b55f4612f021d87b395804fd3cb2ea86690847fa5306bee003", true, + false}, + + {42, "000102030405060708090a0b0c0d0e0f", "202122232425262728292a2b2c2d2e2f", + "", "505152535455565758595a5b", "", "d9857cbd336b07e889c67bd2873f6182", + "eb156d081ed6b6b55f4612f021d87b39d9857cbd336b07e889c67bd2873f6182", true, + false}, + + {43, "aa023d0478dcb2b2312498293d9a9129", "2035af313d1346ab00154fea78322105", + "aac39231129872a2", "0432bc49ac344120", "", + "b7d0dd70b00d65b97cfd080ff4b819d1", + "64c36bb3b732034e3a7d04efc5197785b7d0dd70b00d65b97cfd080ff4b819d1", false, + false}, + + {44, "25dd4d6cad5a4604957847c8c6d3fc4e", "5c347835b3fa61c2ce253e5a", "", + "68cbeafe8f9e8a66", "", "5452843e32c13c3e35ed8230fe3446c0", + "9a078a04d14938918e0043585452843e32c13c3e35ed8230fe3446c0", false, false}, + + {45, "2034a82547276c83dd3212a813572bce", + "02efd2e5782312827ed5d230189a2a342b277ce048462193", + "1a0293d8f90219058902139013908190bc490890d3ff12a3", + "3254202d854734812398127a3d134421", "", "9b7abadd6e69c1d9ec925786534f5075", + "64069c2d58690561f27ee199e6b479b6369eec688672bde99b7abadd6e69c1d9ec9257865" + "34f5075", + false, false}, + + {46, "209e6dbf2ad26a105445fc0207cd9e9a", "01", "", + "9477849d6ccdfca112d92e53fae4a7ca", "", "032df7bba5d8ea1a14f16f70bd0e14ec", + "fd032df7bba5d8ea1a14f16f70bd0e14ec", false, false}, + + {47, "a549442e35154032d07c8666006aa6a2", "1182e93596cac5608946400bc73f3a", + "", "5171524568e81d97e8c4de4ba56c10a0", "", + "e06d1ef473132957ad37eaef29733ca0", + "2f333087bdca58219f9bfc273e45cce06d1ef473132957ad37eaef29733ca0", false, + false}, + + {48, "cfb4c26f126f6a0acb8e4e220f6c56cd", "09dfd7f080275257cf97e76f966b1ad9", + "", "1275115499ae722268515bf0c164b49c", "", + "2adeffa682c8d8a81fada7d9fcdd2ee2", + "a780bd01c80885156c88a973264c8ee52adeffa682c8d8a81fada7d9fcdd2ee2", false, + false}, + + {49, "0b11ef3a08c02970f74281c860691c75", + "f693d4edd825dbb0618d91113128880dbebb23e25d00ed1f077d870be9cc7536", "", + "95c1dd8c0f1705ece68937901f7add7b", "", "d01444fa5d9c499629d174ff3927a1ac", + "7e47e10fe3c6fbfa381770eaf5d48d1482e71e0c44dff1e30ca6f95d92052084d01444fa5" + "d9c499629d174ff3927a1ac", + false, false}, + + {50, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "f95fde4a751913202aeeee32a0b55753", "", + "152a65045fe674f97627427af5be22da", + "00078d109d92143fcd5df56721b884fac64ac7762cc09eea2a3c68e92a17bdb575f87bda1" + "8be564e152a65045fe674f97627427af5be22da", + false, false}, + + {51, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "7b95b8c356810a84711d68150a1b7750", "", + "213a3cb93855d18e69337eee66aeec07", + "84d4c9c08b4f482861e3a9c6c35bc4d91df927374513bfd49f436bd73f325285daef4ff7e" + "13d46a6213a3cb93855d18e69337eee66aeec07", + false, false}, + + {52, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "1a552e67cdc4dc1a33b824874ebf0bed", "", + "99b381bfa2af9751c39d1b6e86d1be6a", + "948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc3c60ad5a949886de968cf53ea" + "6462aed99b381bfa2af9751c39d1b6e86d1be6a", + false, false}, + + {53, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "dd9d0b4a0c3d681524bffca31d907661", "", + "5281efc7f13ac8e14ccf5dca7bfbfdd1", + "64b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e88aeffb1c598f3607007702417" + "ea0e0bc5281efc7f13ac8e14ccf5dca7bfbfdd1", + false, false}, + + {54, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "57c5643c4e37b4041db794cfe8e1f0f4", "", + "a3ea2c09ee4f8c8a12f45cddf9aeff81", + "2bb69c3e5d1f91815c6b87a0d5bbea7164b19314c31af45accdf7e3c4db79f0d948ca37a8" + "e6649e8a3ea2c09ee4f8c8a12f45cddf9aeff81", + false, false}, + + {55, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "99821c2dd5daecded07300f577f7aff1", "", + "07eb2fe4a958f8434d40684899507c7c", + "127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4af37d0fe9af033052bd537c4a" + "e978f6007eb2fe4a958f8434d40684899507c7c", + false, false}, + + {56, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "5e4a3900142358d1c774d8d124d8d27d", "", + "f145c2dcaf339eede427be934357eac0", + "0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f" + "877e0c4f145c2dcaf339eede427be934357eac0", + false, false}, + + {57, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "d4125676562984c0fe7cb0bdd1a954e8", "", + "facd0bfe8701b7b4a2ba96d98af52bd9", + "f0c6ffc18bd46df5569185a9afd169eb0cf6ae47156b14dce03c8a07a2e172b1127af9b39" + "ecdfc57facd0bfe8701b7b4a2ba96d98af52bd9", + false, false}, + + {58, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "b97ec62a5e5900ccf9e4be332e336091", "", + "a03e729dcfd7a03155655fece8affd7e", + "d6928e094c06e0a7c4db42184cf7529e95de88b767edebe9b343000be3dab47ea08b74429" + "3eed698a03e729dcfd7a03155655fece8affd7e", + false, false}, + + {59, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "7eb6e3079fa0b4c3eee366177d1c1d1d", "", + "1e43926828bc9a1614c7b1639096c195", + "d82ce58771bf6487116bf8e96421877ed6928e094c06e0a7c4db42184cf7529e95de88b76" + "7edebe91e43926828bc9a1614c7b1639096c195", + false, false}, + + {60, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "0314fcd10fdd675d3c612962c931f635", "", + "f08baddf0b5285c91fc06a67fe4708ca", + "a197a37a5d79697078536bc27fe46cd8d475526d9044aa94f088a054f8e380c64f7941479" + "5c61480f08baddf0b5285c91fc06a67fe4708ca", + false, false}, + + {61, "00112233445566778899aabbccddeeff", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "c4dcd9fcce24d3522b66f1469a1e8bb9", "", + "62a4b6875c288345d6a454399eac1afa", + "149fde9abbd3a43c2548575e0db9fb84a197a37a5d79697078536bc27fe46cd8d475526d9" + "044aa9462a4b6875c288345d6a454399eac1afa", + false, false}, + + {62, "00112233445566778899aabbccddeeff", "bec6fa05c1718b9b84c47345bbed7dcb", + "", "00000000000000000000000000000000", "", + "00000000000000000000000000000000", + "45a3f89d02918bfd0c8161658ccc979500000000000000000000000000000000", false, + false}, + + {63, "00112233445566778899aabbccddeeff", "4d82639c39d3f3490ee903dd0be7afcf", + "", "ffffffffffffffffffffffffffffffff", "", + "ffffffffffffffffffffffffffffffff", + "1cd5a06214235ceb044d4bad7b047312ffffffffffffffffffffffffffffffff", false, + false}, + + {64, "92ace3e348cd821092cd921aa3546374299ab46209691bc28b8752d17f123c20", + "00010203040506070809", "00000000ffffffff", "00112233445566778899aabb", "", + "9a4a2579529301bcfb71c78d4060f52c", + "e27abdd2d2a53d2f136b9a4a2579529301bcfb71c78d4060f52c", false, false}, + + {65, "29d3a44f8723dc640239100c365423a312934ac80239212ac3df3421a2098123", "", + "aabbccddeeff", "00112233445566778899aabb", "", + "2a7d77fa526b8250cb296078926b5020", "2a7d77fa526b8250cb296078926b5020", + false, false}, + + {66, "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "2a", "", "99e23ec48985bccdeeab60f1", "", + "633c1e9703ef744ffffb40edf9d14355", "06633c1e9703ef744ffffb40edf9d14355", + false, false}, + + {67, "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "be3308f72a2c6aed", "", "4f07afedfdc3b6c2361823d3", "", + "602e8d7c4799d62c140c9bb834876b09", + "cf332a12fdee800b602e8d7c4799d62c140c9bb834876b09", false, false}, + + {68, "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "51f8c1f731ea14acdb210a6d973e07", "", "68ab7fdbf61901dad461d23c", "", + "ec04aacb7148a8b8be44cb7eaf4efa69", + "43fc101bff4b32bfadd3daf57a590eec04aacb7148a8b8be44cb7eaf4efa69", false, + false}, + + {69, "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "549b365af913f3b081131ccb6b825588", "", "2fcb1b38a99e71b84740ad9b", "", + "28752c20153092818faba2a334640d6e", + "f58c16690122d75356907fd96b570fca28752c20153092818faba2a334640d6e", false, + false}, + + {70, "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "3ff1514b1c503915918f0c0c31094a6e1f", "", "45aaa3e5d16d2d42dc03445d", "", + "2d7379ec1db5952d4e95d30c340b1b1d", + "73a6b6f45f6ccc5131e07f2caa1f2e2f562d7379ec1db5952d4e95d30c340b1b1d", + false, false}, + + {71, "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", "", + "e6b1adf2fd58a8762c65f31b", "", "7355fde599006715053813ce696237a8", + "0843fff52d934fc7a071ea62c0bd351ce85678cde3ea2c9e7355fde599006715053813ce6" + "96237a8", + false, false}, + + {72, "b279f57e19c8f53f2f963f5f2519fdb7c1779be2ca2b3ae8e1128b7d6c627fc4", + "fcc515b294408c8645c9183e3f4ecee5127846d1", "c0", + "98bc2c7438d5cd7665d76f6e", "", "ecb660e1fb0541ec41e8d68a64141b3a", + "eb5500e3825952866d911253f8de860c00831c81ecb660e1fb0541ec41e8d68a64141b3a", + false, false}, + + {73, "cdccfe3f46d782ef47df4e72f0c02d9c7f774def970d23486f11a57f54247f17", + "e28e0e9f9d22463ac0e42639b530f42102fded75", "956846a209e087ed", + "376187894605a8d45e30de51", "", "082e91924deeb77880e1b1c84f9b8d30", + "feca44952447015b5df1f456df8ca4bb4eee2ce2082e91924deeb77880e1b1c84f9b8d30", + false, false}, + + {74, "f32364b1d339d82e4f132d8f4a0ec1ff7e746517fa07ef1a7f422f4e25a48194", + "43891bccb522b1e72a6b53cf31c074e9d6c2df8e", + "ab2ac7c44c60bdf8228c7884adb20184", "5a86a50a0e8a179c734b996d", "", + "c3922583476ced575404ddb85dd8cd44", + "43dda832e942e286da314daa99bef5071d9d2c78c3922583476ced575404ddb85dd8cd44", + false, false}, + + {75, "ff0089ee870a4a39f645b0a5da774f7a5911e9696fc9cad646452c2aa8595a12", + "748b28031621d95ee61812b4b4f47d04c6fc2ff3", + "972ab4e06390caae8f99dd6e2187be6c7ff2c08a24be16ef", + "bc2a7757d0ce2d8b1f14ccd9", "", "ebec6774b955e789591c822dab739e12", + "a929ee7e67c7a2f91bbcec6389a3caf43ab49305ebec6774b955e789591c822dab739e12", + false, false}, + + {76, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "561008fa07a68f5c61285cd013464eaf", "", "000000000000000000000000", "", + "ffffffffffffffffffffffffffffffff", + "23293e9b07ca7d1b0cae7cc489a973b3ffffffffffffffffffffffffffffffff", false, + false}, + + {77, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "c6152244cea1978d3e0bc274cf8c0b3b", "", "ffffffffffffffffffffffff", "", + "00000000000000000000000000000000", + "7cb6fc7c6abc009efe9551a99f36a42100000000000000000000000000000000", false, + false}, + + {78, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9de8fef6d8ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9de8fef6d8ab1bf1bf887232eab590dd", true, + false}, + + {79, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ee8fef6d8ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ee8fef6d8ab1bf1bf887232eab590dd", true, + false}, + + {80, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "1ce8fef6d8ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa1ce8fef6d8ab1bf1bf887232eab590dd", true, + false}, + + {81, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce9fef6d8ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce9fef6d8ab1bf1bf887232eab590dd", true, + false}, + + {82, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fe76d8ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fe76d8ab1bf1bf887232eab590dd", true, + false}, + + {83, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d9ab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d9ab1bf1bf887232eab590dd", true, + false}, + + {84, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6daab1bf1bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6daab1bf1bf887232eab590dd", true, + false}, + + {85, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1b71bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1b71bf887232eab590dd", true, + false}, + + {86, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1be887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1be887232eab590dd", true, + false}, + + {87, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf13f887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf13f887232eab590dd", true, + false}, + + {88, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bfa87232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bfa87232eab590dd", true, + false}, + + {89, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887332eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887332eab590dd", true, + false}, + + {90, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232ebb590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232ebb590dd", true, + false}, + + {91, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232e8b590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232e8b590dd", true, + false}, + + {92, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf8872326ab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf8872326ab590dd", true, + false}, + + {93, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232eab590dc", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab590dc", true, + false}, + + {94, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232eab590df", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab590df", true, + false}, + + {95, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232eab5909d", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab5909d", true, + false}, + + {96, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1bf1bf887232eab5905d", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1bf1bf887232eab5905d", true, + false}, + + {97, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9de8fef6d8ab1bf1be887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9de8fef6d8ab1bf1be887232eab590dd", true, + false}, + + {98, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fe76d8ab1b71bf887232eab590dd", + "b2061457c0759fc1749f174ee1ccadfa9ce8fe76d8ab1b71bf887232eab590dd", true, + false}, + + {99, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9ce8fef6d8ab1b71bf887232eab5905d", + "b2061457c0759fc1749f174ee1ccadfa9ce8fef6d8ab1b71bf887232eab5905d", true, + false}, + + {100, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "631701092754e40e40778dcd154a6f22", + "b2061457c0759fc1749f174ee1ccadfa631701092754e40e40778dcd154a6f22", true, + false}, + + {101, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "00000000000000000000000000000000", + "b2061457c0759fc1749f174ee1ccadfa00000000000000000000000000000000", true, + false}, + + {102, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "ffffffffffffffffffffffffffffffff", + "b2061457c0759fc1749f174ee1ccadfaffffffffffffffffffffffffffffffff", true, + false}, + + {103, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "1c687e76582b9b713f08f2b26a35105d", + "b2061457c0759fc1749f174ee1ccadfa1c687e76582b9b713f08f2b26a35105d", true, + false}, + + {104, "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "9de9fff7d9aa1af0be897333ebb491dc", + "b2061457c0759fc1749f174ee1ccadfa9de9fff7d9aa1af0be897333ebb491dc", true, + false}, + + {105, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "029e0e777db092b12535d043012f09ba", "", + "09338a42f0acc14f97c064f52f5f1688", + "f83cee467336e1a09b75f24e9b4385c99c13e6af722256a66129ece961fe803b167bad206" + "f5017fb09338a42f0acc14f97c064f52f5f1688", + false, false}, + + {106, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "f1be3b06b7feac07e7eab629f556047b", "", + "90be3606de58bd778fa5beff4a4102bd", + "0b32b648a2c28e9edd7cee08eeeb900034cae7215e5ab1e201bd2eed1032c5a97866ba582" + "a3458a490be3606de58bd778fa5beff4a4102bd", + false, false}, + + {107, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "de9eb63b1daed321a11b7547cc9e223c", "", + "6e4d6396125a10df5443bd0cbc8566d1", + "575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d8d23434de2cd07733be49d62a" + "c1ae0856e4d6396125a10df5443bd0cbc8566d1", + false, false}, + + {108, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "40bb0abebc483ff6d5671241ff5d66c6", "", + "dc481f172545268eff63ab0490403dc3", + "2a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a" + "68d8d9ddc481f172545268eff63ab0490403dc3", + false, false}, + + {109, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "20d5cf305e630a8f49e3bb4bab18abc9", "", + "8a3a22bf2592958b930292aa47f590e8", + "96d36b795f8e7edf6a8e0dbcd20d6c072a818888d1f09f32aa7beedd2869b446575e2ecec" + "2b3c72d8a3a22bf2592958b930292aa47f590e8", + false, false}, + + {110, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "255358a71a0e5731f6dd6ce28e158ae6", "", + "2db9dc1b7fd315df1c95432432fcf474", + "cfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f41303c46d5c7bf9ca4c2c45a8" + "f1e66562db9dc1b7fd315df1c95432432fcf474", + false, false}, + + {111, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "bb76e422bbe8bbe682a10be4bdd6ce1c", "", + "82ad967f7ac19084354f69a751443fb2", + "69a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0bb49a751955b236d1b887baef" + "d25c47f82ad967f7ac19084354f69a751443fb2", + false, false}, + + {112, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "db1821ac59c38e9f1e25a2eee9930313", "", + "472d5dd582dc05ef5fc496b612023cb2", + "4e4417a83beac1eb7e24456a05f6ba5569a24169792e9a07f6e6f4736fa972dccfce3d920" + "f0e01f0472d5dd582dc05ef5fc496b612023cb2", + false, false}, + + {113, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "f7a02ecca03064b2ef3cce9feab79f07", "", + "caff723826df150934aee3201ba175e7", + "6f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3d20062009848044eef8f31f7d" + "2fead05caff723826df150934aee3201ba175e7", + false, false}, + + {114, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "6985924901d688659b40a999d974dbfd", "", + "3b08958be1286c2b4acba02b3674adb2", + "af193090ce3d43a388a1d294a09616906f8e174efca3097299f784efd4caff0bf168c3e51" + "65b9ad33b08958be1286c2b4acba02b3674adb2", + false, false}, + + {115, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "3f1188546c65ed0fc55e75032c68ee44", "", + "c14d52208f0f51b816a48971eaf8ff7e", + "5deccf838b2cf5f869c90d2a611160b1e578ab8121b93735cba4a1930647b8c4c84bf7763" + "33ee45ac14d52208f0f51b816a48971eaf8ff7e", + false, false}, + + {116, "00112233445566778899aabbccddeeff1021324354657687", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "a13434d1cd8301d8b12212051fabaabe", "", + "ea2d018099cd7925c507cef0ceddb0ae", + "d2cae1684aa407a13a2e2da5357e29f55deccf838b2cf5f869c90d2a611160b1e578ab812" + "1b93735ea2d018099cd7925c507cef0ceddb0ae", + false, false}, + + {117, "00112233445566778899aabbccddeeff1021324354657687", + "5c7d3f81d4b5055ed6f8db53614587a4", "", "00000000000000000000000000000000", + "", "00000000000000000000000000000000", + "541b835dc828d541073f7d7d7504ebf500000000000000000000000000000000", false, + false}, + + {118, "00112233445566778899aabbccddeeff1021324354657687", + "6a347ad1190e72ede611044e7475f0eb", "", "ffffffffffffffffffffffffffffffff", + "", "ffffffffffffffffffffffffffffffff", + "a3f36154331c196624564bc395e49c3bffffffffffffffffffffffffffffffff", false, + false}, + + {119, "cee9abbc26b63e169f0ced621fe21d95904e75b881d93e6b", "46", "", + "1e8259e0a43e571068f701cd2064fc0c", "", "af1f5535b125b34fc466902ea40cb3a2", + "dcaf1f5535b125b34fc466902ea40cb3a2", false, false}, + + {120, "189f0bd390ba40632586a45c39735c2b87113329c800f394", + "b4bcd7b8eeca3050dd17682c6a914e", "", "c84442d6975f0359737de0fa828f958e", + "", "6b03b7557c7131e2352e495d54e61aef", + "2aab5c87dcb4a4dae4e975ddb65aab6b03b7557c7131e2352e495d54e61aef", false, + false}, + + {121, "b0724f15df5b792c2f49bc51df0ac5aad69be0030981613c", + "8da3ab9c3d195b04df452ad23953da4d", "", "13cd526ec77b58f62d48d03f8b88f2b8", + "", "eb05bda937faeed27f8833295d4ba559", + "d127fd2e67c0887d90eb92b91f357d97eb05bda937faeed27f8833295d4ba559", false, + false}, + + {122, "998750ba784841e40a7c5b03985732b6397e5459a3843954", + "2f60ca3494a958dc3e6ebeb5d0b4e6dda0d0c4331ab9c957f6422a5100878ebf", "", + "1d3d62eccd8ac5e896f2654a7f606fc9", "", "bab7fbf499ff06aad5f757b1c1a4fcc0", + "344c2cea17b06cb3da272e22a22a3a71ee0eaa1959a7facfff464660ddccedd1bab7fbf49" + "9ff06aad5f757b1c1a4fcc0", + false, false}, + + {123, "00112233445566778899aabbccddeeff1021324354657687", + "0b4dbbba8982e0f649f8ba85f3aa061b", "", "000000000000000000000000", "", + "ffffffffffffffffffffffffffffffff", + "3f875c9bd7d8511448459468e398c3b2ffffffffffffffffffffffffffffffff", false, + false}, + + {124, "00112233445566778899aabbccddeeff1021324354657687", + "1ae93688ef7e2650a9342ad4718b2780", "", "ffffffffffffffffffffffff", "", + "00000000000000000000000000000000", + "210dabea4364c6d5b3429e774332293600000000000000000000000000000000", false, + false}, + + {125, "21218af790428f8024d3e7e1428c9fcf578c216636d60e73", "e3", "", + "34047bc39b9c608384dff5b8", "", "2e982e24b81cd120d35a70fe6935e665", + "fe2e982e24b81cd120d35a70fe6935e665", false, false}, + + {126, "3a8bf543c480925632118245bcbf5d01522b987a31a33da3", + "53fc72e71b59eeb3", "", "4ebc13cf4636cc7c45e560a7", "", + "6870f104ddc514477b400336fb01860e", + "99f2ff1c8a44e5f26870f104ddc514477b400336fb01860e", false, false}, + + {127, "92f4d2672fceec43963ccffb17e6ea7578b11418b06a3b82", + "c3ec16adb184affa8ae9738bffb916", "", "6e7ff7f0797685cfc44b05ff", "", + "29fff7f285768645c9c8bf7a471c9393", + "afe8ef41591bfcc00db3c880ceb18629fff7f285768645c9c8bf7a471c9393", false, + false}, + + {128, "bcb6bc5ee6743df1396a34639327b25809ec9c81dd6a0c0e", + "80474a3a3b809560eee2ce7a7a33ea07", "", "be0326d23bdc2c64648d13f4", "", + "e3d33e01ce64f271783147de226228bc", + "90339dca02ef717f1603994aee6cf6d2e3d33e01ce64f271783147de226228bc", false, + false}, + + {129, "5e1d28213e092536525bbae09e214af4c891e202b2b4fa4f", + "53d59433a7db7f41b31ccb6d4a2d789965", "", "b6be6cd0681235d826aa28ea", "", + "9f50c03e055e519712c582ec9db3235b", + "b98ed6321679941a3e521834296686ad989f50c03e055e519712c582ec9db3235b", + false, false}, + + {130, "7f672d85e151aa490bc0eec8f66b5e5bee74af11642be3ff", + "ef6412c72b03c643fa02565a0ae2378a9311c11a84065f80", "", + "b022067048505b20946216ef", "", "fa0484f8baa95f5b7a31c56d1b34c58b", + "addd303651119e52f6170dfc7a915064253d57532987b9abfa0484f8baa95f5b7a31c56d1" + "b34c58b", + false, false}, + + {131, "969fed5068541d65418c2c1de8fe1f845e036030496e1272", + "3d8233191a2823bf767e99167b1d4af4f4848458", "cb", + "817fe51c31f2879141a34335", "", "92909a80e90540e1878ab59ef300072b", + "0d2c3a3c0cc4b40e70ed45e188e356a0e1533b3192909a80e90540e1878ab59ef300072b", + false, false}, + + {132, "fa5b9b41f93f8b682c04ba816c3fecc24eec095b04dd7497", + "18159841813a69fc0f8f4229e1678da7c9016711", "2ed8487153e21b12", + "62b9cf1e923bc1138d05d205", "", "253317f98bdab87531ece20475cd9ebb", + "c7c1cbb85ce2a0a3f32cb9ef01ad45ec1118b66d253317f98bdab87531ece20475cd9ebb", + false, false}, + + {133, "fbfb395662787e2d25a2e7510f818e825936a35114e237c9", + "2952a3d64107d5cbb9602239d05a5c5c222cf72b", + "74318d8876528243f1944b73eb77e96e", "3f1a1e02e90a4ba7a1db9df2", "", + "e0877a100f9dd9d6795f0e74c56a9fab", + "ecf5e403f19c007c8da7a456caf0a6d75762829be0877a100f9dd9d6795f0e74c56a9fab", + false, false}, + + {134, "5d8e9c2222316c9ed5ff94513cc957436ae447a6e1a73a29", + "42b4439e1d2116f834b91c516a26299df279956b", + "5ca354a4cb8e4fc9798aa209ad4f739dc7c232fdd1f22584", + "0802ae86c75a73bf79561521", "", "62196638590cef429d6b1d1a59839c02", + "94d844d98b9467daa7e8dde7f4290037354d7fb262196638590cef429d6b1d1a59839c02", + false, false}, + + {135, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b5e44c5b2fe90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b5e44c5b2fe90e4c78f358da0d99cb64", true, + false}, + + {136, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b6e44c5b2fe90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b6e44c5b2fe90e4c78f358da0d99cb64", true, + false}, + + {137, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "34e44c5b2fe90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db034e44c5b2fe90e4c78f358da0d99cb64", true, + false}, + + {138, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e54c5b2fe90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e54c5b2fe90e4c78f358da0d99cb64", true, + false}, + + {139, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44cdb2fe90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44cdb2fe90e4c78f358da0d99cb64", true, + false}, + + {140, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2ee90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2ee90e4c78f358da0d99cb64", true, + false}, + + {141, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2de90e4c78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2de90e4c78f358da0d99cb64", true, + false}, + + {142, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90ecc78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90ecc78f358da0d99cb64", true, + false}, + + {143, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c79f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c79f358da0d99cb64", true, + false}, + + {144, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4cf8f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4cf8f358da0d99cb64", true, + false}, + + {145, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78d358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78d358da0d99cb64", true, + false}, + + {146, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f359da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f359da0d99cb64", true, + false}, + + {147, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0c99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0c99cb64", true, + false}, + + {148, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0f99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0f99cb64", true, + false}, + + {149, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da8d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da8d99cb64", true, + false}, + + {150, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0d99cb65", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb65", true, + false}, + + {151, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0d99cb66", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb66", true, + false}, + + {152, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0d99cb24", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cb24", true, + false}, + + {153, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90e4c78f358da0d99cbe4", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90e4c78f358da0d99cbe4", true, + false}, + + {154, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b5e44c5b2fe90e4c79f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b5e44c5b2fe90e4c79f358da0d99cb64", true, + false}, + + {155, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44cdb2fe90ecc78f358da0d99cb64", + "458256842dfd297f30bd2f8f15c92db0b4e44cdb2fe90ecc78f358da0d99cb64", true, + false}, + + {156, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b4e44c5b2fe90ecc78f358da0d99cbe4", + "458256842dfd297f30bd2f8f15c92db0b4e44c5b2fe90ecc78f358da0d99cbe4", true, + false}, + + {157, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "4b1bb3a4d016f1b3870ca725f266349b", + "458256842dfd297f30bd2f8f15c92db04b1bb3a4d016f1b3870ca725f266349b", true, + false}, + + {158, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "00000000000000000000000000000000", + "458256842dfd297f30bd2f8f15c92db000000000000000000000000000000000", true, + false}, + + {159, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "ffffffffffffffffffffffffffffffff", + "458256842dfd297f30bd2f8f15c92db0ffffffffffffffffffffffffffffffff", true, + false}, + + {160, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "3464ccdbaf698eccf873d85a8d194be4", + "458256842dfd297f30bd2f8f15c92db03464ccdbaf698eccf873d85a8d194be4", true, + false}, + + {161, "000102030405060708090a0b0c0d0e0f1011121314151617", + "202122232425262728292a2b2c2d2e2f", "", "505152535455565758595a5b", "", + "b5e54d5a2ee80f4d79f259db0c98ca65", + "458256842dfd297f30bd2f8f15c92db0b5e54d5a2ee80f4d79f259db0c98ca65", true, + false}, + + {162, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "5c2ea9b695fcf6e264b96074d6bfa572", "", + "d5808a1bd11a01129bf3c6919aff2339", + "28e1c5232f4ee8161dbe4c036309e0b3254e9212bef0a93431ce5e5604c8f6a73c18a3183" + "018b770d5808a1bd11a01129bf3c6919aff2339", + false, false}, + + {163, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "57b3a81f2c36b6b06577ca0fbab8fa8e", "", + "8132e865b69d64ef37db261f80cbbe24", + "cceebeb4fe4cd90c514e52d2327a2ecd75393661006cf2476d8620149aef3d1cdce491fff" + "3e7a7a38132e865b69d64ef37db261f80cbbe24", + false, false}, + + {164, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "ce20a7e870696a5e68533c465bad2ba1", "", + "155da6441ec071ef2d8e6cffbacc1c7c", + "4f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e2af7bfe1a8aadaa0baa3de38a" + "41d9713155da6441ec071ef2d8e6cffbacc1c7c", + false, false}, + + {165, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "918e3c19dbdfee2db18156c5b93f3d75", "", + "6c574aa6a2490cc3b2f2f8f0ffbc56c4", + "8316a53167b6de1a7575700693ffef274f4350565d91d9aa8c5f4048550492ad6d6fdabf6" + "6da5d1e6c574aa6a2490cc3b2f2f8f0ffbc56c4", + false, false}, + + {166, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "717d900b270462b9dbf7e9419e890609", "", + "8082a761e1d755344bf29622144e7d39", + "5175927513e751eb309f45bc2ef225f28316a53167b6de1a7575700693ffef274f4350565" + "d91d9aa8082a761e1d755344bf29622144e7d39", + false, false}, + + {167, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "ecd52120af240e9b4bf3b9d1eeb49434", "", + "033e0ef2953ebfd8425737c7d393f89a", + "36b3fbecd09178d04527fb37544f5579d20d60a41266f685c48098e1a52804ca387d90709" + "d3268dd033e0ef2953ebfd8425737c7d393f89a", + false, false}, + + {168, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "b37bbad104928ae89221d3520c2682e0", "", + "ca448bb7e52e897eca234ef343d057d0", + "16929b773051f12b0adac95f65e21a7f36b3fbecd09178d04527fb37544f5579d20d60a41" + "266f685ca448bb7e52e897eca234ef343d057d0", + false, false}, + + {169, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "538816c3f849067cf8576cd62b90b99c", "", + "84f49740e6757f63dd0df7cb7656d0ef", + "6d3faefaf691d58163846f8d4b9ffd5916929b773051f12b0adac95f65e21a7f36b3fbecd" + "09178d084f49740e6757f63dd0df7cb7656d0ef", + false, false}, + + {170, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "d10e631943cd3bdababab2bbd13951c0", "", + "877e15d9889e69a99fcc6d727465c391", + "d60196c2d14fcf30c0991d2721ddc52d385f407a16691dade82c9023c855fd8e2e8fbb562" + "102f018877e15d9889e69a99fcc6d727465c391", + false, false}, + + {171, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "8ea0f8e8e87bbfa96368d83833ab4714", "", + "cd5757626945976ba9f0264bd6bee894", + "948fbceca12a6e4fabb79b6d965e336fd60196c2d14fcf30c0991d2721ddc52d385f407a1" + "6691dadcd5757626945976ba9f0264bd6bee894", + false, false}, + + {172, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "7b2df4fbed1de2727eb24898e5deabb9", "", + "b015d72da62c81cb4d267253b20db9e5", + "a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d8857d84e6e183a1dea6ee85a7da8" + "4fbc35db015d72da62c81cb4d267253b20db9e5", + false, false}, + + {173, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "0000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000", + "", "24836f0a46ab6601a760221b074cbd6d", "", + "ee74ccb30d649ebf6916d05a7dbe5696", + "5e3434b45edbf0d1f6e02d1144dbf867a1a0120660ff52e6b1700b12c54d2d33b94b00cd7" + "882d885ee74ccb30d649ebf6916d05a7dbe5696", + false, false}, + + {174, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "8d74f1c97243d362577ff376c393d2dc", "", "00000000000000000000000000000000", + "", "00000000000000000000000000000000", + "265c42e2b96ea1de9c24f7182e33739000000000000000000000000000000000", false, + false}, + + {175, "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "884df0e76f3ce227bf9595d103825a46", "", "ffffffffffffffffffffffffffffffff", + "", "ffffffffffffffffffffffffffffffff", + "988f47668ea650cbaa6714711abe268dffffffffffffffffffffffffffffffff", false, + false}, + + {176, "b7797eb0c1a6089ad5452d81fdb14828c040ddc4589c32b565aad8cb4de3e4a0", + "ed", "", "0ad570d8863918fe89124e09d125a271", "", + "fd8f593b83314e33c5a72efbeb7095e8", "3ffd8f593b83314e33c5a72efbeb7095e8", + false, false}, + + {177, "4c010d9561c7234c308c01cea3040c925a9f324dc958ff904ae39b37e60e1e03", + "2a093c9ed72b8ff4994201e9f9e010", "", "2a55caa137c5b0b66cf3809eb8f730c4", + "", "5b8a2f2da20ef657c903da88ef5f57bb", + "041341078f0439e50b43c9916351175b8a2f2da20ef657c903da88ef5f57bb", false, + false}, + + {178, "e7f7a48df99edd92b81f508618aa96526b279debd9ddb292d385ddbae80b2259", + "5e51dbbb861b5ec60751c0996e00527f", "", "7ee376910f08f497aa6c3aa7113697fd", + "", "254ada5cf662d90c5e11b2bd9c4db4c4", + "469478d448f7e97d755541aa09ad95b0254ada5cf662d90c5e11b2bd9c4db4c4", false, + false}, + + {179, "4f84782bfbb64a973c3de3dcfa3430367fd68bc0b4c3b31e5d7c8141ba3e6a67", + "78cb6650a1908a842101ea85804fed00cc56fbdafafba0ef4d1ca607dcae57b6", "", + "5d1bde6fa0994b33efd8f23f531248a7", "", "8dfce16467c3a6ebb3e7242c9a551962", + "cb960201fa5ad41d41d1c2c8037c71d52b72e76b16b589d71b976627c9734c9d8dfce1646" + "7c3a6ebb3e7242c9a551962", + false, false}, + + {180, "34c74e28182948e03af02a01f46eb4f7", "fe82ba66cf2e265741f2c86c", "", + "b0a73119a97d623806b49d45ddf4c7", "", "4b6f6f5be291a90b9e93a8a82ddbc8d8", + "2bc3ef8e7402b4631f48e9be4b6f6f5be291a90b9e93a8a82ddbc8d8", false, false}, + + {181, "55cb7cac77efe18a1ea3b30c65f3f346", "2f3d11ea32bf5bc72cbe2b8d", "", + "e22b6b144ab26b5781316e7a42a76202ac4b2278", "", + "05975b175316df8045889f43e0c857e0", + "4fe13ef29f118f85a63188f805975b175316df8045889f43e0c857e0", false, false}, + + {182, "f6a4bf8c4e15034699ce5801cbbac7509cd3f94cf28d8307", + "de8eaa41e5e6a590c3cfbf61", "", "60d6bfca67f5d810", "", + "e370e7dd328655929bd4691f396a1033", + "a2966fb189f8d9d391503857e370e7dd328655929bd4691f396a1033", false, false}, + + {183, "66f75acbd8d3acf7af47d13e8384c2809d6b91503a7f294b", + "a900c86b6b7e0e5563f8f826", "", "edf93e16294f15eded83808f09320e", "", + "20529bff3c59222ec33353af337b1d40", + "9af1a022c61c4315aa0e923e20529bff3c59222ec33353af337b1d40", false, false}, + + {184, "ef2e299dd4ecd7e3b9cc62780922cc2c89f78840564d1276", + "03f59579b14437199583270e", "", "130c14c839e35b7d56b3350b194b0da342e6b65d", + "", "17205999491bd4c1d6c7ec3e56779c32", + "073a5291b11df379f31b4f1617205999491bd4c1d6c7ec3e56779c32", false, false}, + + {185, "df64c84ae52d9ca820a47421bed6e96f7165369fc4c1b65f8f6307b17ce1006c", + "f5fafdded54a86a4edab44bd", "", "c0c568a400b7194f", "", + "00955d7d27f66868cfec734bf59c5e6d", + "99313a220d1fcb665887628300955d7d27f66868cfec734bf59c5e6d", false, false}, + + {186, "e98b0669a645eb14cd06df6968fc5f10edc9f54feed264e3d410cdc61b72ef51", + "f384b3ed7b274641f5db60cf", "", "17ca250fb733877556263223eadde1", "", + "36b15bab6923b17218fe1c24048e2391", + "fc213602aa423b87d7c2a87436b15bab6923b17218fe1c24048e2391", false, false}, + + {187, "849b3e6b8cdd85bdcfb8eb701aa5522ae2340fbe5214e389622cef76979225c4", + "8c5564e53051c0de273199b4", "", "0f9d6ed7eef362dfa4a7dfa5c0f74c5b27bd4ebf", + "", "7cf036d235d3b2dd349a8c804b65144a", + "c1d76233e8c5042e92bf8d327cf036d235d3b2dd349a8c804b65144a", false, false}, + + {188, "8f3f52e3c75c58f5cb261f518f4ad30a", "", "", "", "", + "cf71978ffcc778f3c85ac9c31b6fe191", "cf71978ffcc778f3c85ac9c31b6fe191", + true, true}, + + {189, "2a4bf90e56b70fdd8649d775c089de3b", + "324ced6cd15ecc5b3741541e22c18ad9", "", "", "", + "a2c7e8d7a19b884f742dfec3e76c75ee", + "00a29f0a5e2e7490279d1faf8b881c7ba2c7e8d7a19b884f742dfec3e76c75ee", true, + true}, + + {190, "0b18d21337035c7baa08211b702fa780ac7c09be8f9ed11f", "", "", "", "", + "ca69a2eb3a096ea36b1015d5dffff532", "ca69a2eb3a096ea36b1015d5dffff532", + true, true}, + + {191, "ba76d594a6df915bb7ab7e6d1a8d024b2796336c1b8328a9", + "d62f302742d61d823ea991b93430d589", "", "", "", + "2c9488d53a0b2b5308c2757dfac7219f", + "509b0658d09f7a5bb9db43b70c8387f72c9488d53a0b2b5308c2757dfac7219f", true, + true}, + + {192, "3f8ca47b9a940582644e8ecf9c2d44e8138377a8379c5c11aafe7fec19856cf1", + "", "", "", "", "1726aa695fbaa21a1db88455c670a4b0", + "1726aa695fbaa21a1db88455c670a4b0", true, true}, + + {193, "7660d10966c6503903a552dde2a809ede9da490e5e5cc3e349da999671809883", + "c314235341debfafa1526bb61044a7f1", "", "", "", + "8fe0520ad744a11f0ccfd228454363fa", + "7772ea358901f571d3d35c19497639d98fe0520ad744a11f0ccfd228454363fa", true, + true}, + + {194, "59a284f50aedd8d3e2a91637d3815579", "", "", "80", "", + "af498f701d2470695f6e7c8327a2398b", "af498f701d2470695f6e7c8327a2398b", + false, false}, + + {195, "fec58aa8cf06bfe05de829f27ec77693", + "f2d99a9f893378e0757d27c2e3a3101b", "", "9d", "", + "96e6fd2cdc707e3ee0a1c90d34c9c36c", + "0a24612a9d1cbe967dbfe804bf8440e596e6fd2cdc707e3ee0a1c90d34c9c36c", false, + false}, + + {196, "88a972cce9eaf5a7813ce8149d0c1d0e", "", "", "0f2f", "", + "4ccf1efb4da05b4ae4452aea42f5424b", "4ccf1efb4da05b4ae4452aea42f5424b", + false, false}, + + {197, "b43967ee933e4632bd6562ba1201bf83", + "5a6ad6db70591d1e520b0122f05021a0", "", "8760", "", + "98f47a5279cebbcac214515710f6cd8a", + "ba3e7f8b2999995c7fc4006ca4f475ff98f47a5279cebbcac214515710f6cd8a", false, + false}, + + {198, "4e9a97d3ed54c7b54610793ab05052e1", "", "", "cc851957", "", + "e574b355bda2980e047e584feb1676ca", "e574b355bda2980e047e584feb1676ca", + false, false}, + + {199, "d83c1d7a97c43f182409a4aa5609c1b1", + "c8f07ba1d65554a9bd40390c30c5529c", "", "7b5faeb2", "", + "5c0bb79d8240041edce0f94bd4bb384f", + "1b84baea9df1e65bee7b49e4a8cda1ec5c0bb79d8240041edce0f94bd4bb384f", false, + false}, + + {200, "c6a705677affb49e276d9511caa46145", "", "", "4ad80c2854fb", "", + "1e2ed72af590cafb8647d185865f5463", "1e2ed72af590cafb8647d185865f5463", + false, false}, + + {201, "eba7699b56cc0aa2f66a2a5be9944413", + "d021e53d9098a2df3d6b903cdad0cd9c", "", "d1dafc8de3e3", "", + "9c0e22e5c41b1039ff5661ffaefa8e0f", + "18291aa8dc7b07448aa8f71bb8e380bf9c0e22e5c41b1039ff5661ffaefa8e0f", false, + false}, + + {202, "c70ce38e84e5f53ed41c3f0d2ca493412ad32cb04c6e2efa", "", "", "cb", "", + "08d96edb5e22874cd10cb2256ca04bc6", "08d96edb5e22874cd10cb2256ca04bc6", + false, false}, + + {203, "74c816b83dfd287210a3e2c6da8d3053bbfbd9b156d3fdd8", + "f2b7b2c9b312cf2af78f003df15c8e19", "", "0f", "", + "96a132ed43924e98feb888ff682bdaef", + "6c5e796ba9a3ddc64f401e68d135101d96a132ed43924e98feb888ff682bdaef", false, + false}, + + {204, "cbf45ba488932aea1a10e5862f92e4a7e277bda9f34af6d0", "", "", "75e5", + "", "1f0d23070fcd748e25bf6454f5c9136e", "1f0d23070fcd748e25bf6454f5c9136e", + false, false}, + + {205, "e1c0446f11ae6aa4fa254f9a846fc6e13e45e537e47f2042", + "3a2f5ad0eb216e546e0bcaa377b6cbc7", "", "8989", "", + "f6e0a979481f9957ddad0f21a777a73a", + "550b48a43e821fd76f49f0f1a897aeadf6e0a979481f9957ddad0f21a777a73a", false, + false}, + + {206, "567563bf4cf154902275a53bc57cd6dd7b370d27011bdac8", "", "", + "68d7fc38", "", "1475563e3212f3b5e40062569afd71e3", + "1475563e3212f3b5e40062569afd71e3", false, false}, + + {207, "834d0bb601170865a78139428a1503695a6a291ebd747cd1", + "6f79e18b4acd5a03d3a5f7e1a8d0f183", "", "bb9d2aa3", "", + "03ab26993b701910a2e8ecccd2ba9e52", + "309133e76159fe8a41b20843486511ab03ab26993b701910a2e8ecccd2ba9e52", false, + false}, + + {208, "99fb18f5ba430bb9ea942968ecb799b43406e1af4b6425a1", "", "", + "a984bdcdcae2", "", "d7b9a6b58a97982916e83219fbf71b1e", + "d7b9a6b58a97982916e83219fbf71b1e", false, false}, + + {209, "b77b242aa0d51c92fda013e0cb0ef2437399ace5d3f507e4", + "4ba541a9914729216153801340ab1779", "", "52aa01e0d0d6", "", + "c052a55df3926a50990a532efe3d80ec", + "e08261e46eaf90d978ea8f7889bccd4fc052a55df3926a50990a532efe3d80ec", false, + false}, + + {210, "8f9a38c1014966e4d9ae736139c5e79b99345874f42d4c7d2c81aa6797c417c0", + "", "", "a9", "", "2a268bf3a75fd7b00ba230b904bbb014", + "2a268bf3a75fd7b00ba230b904bbb014", false, false}, + + {211, "144cd8279229e8bb2de99d24e615306663913fe9177fcd270fafec493d43bca1", + "976229f5538f9636476d69f0c328e29d", "", "b3", "", + "8bbad4adc54b37a2b2f0f6e8617548c9", + "7bea30ecc2f73f8e121263b37966954c8bbad4adc54b37a2b2f0f6e8617548c9", false, + false}, + + {212, "7d31861f9d3536e14016a3216b1042e0d2f7d4614314268b6f834ec7f38bbb65", + "", "", "c332", "", "1d978a693120c11f6d51a3ed88cd4ace", + "1d978a693120c11f6d51a3ed88cd4ace", false, false}, + + {213, "22b35fe9623ee11f8b60b6d22db3765b666ed972fa7ccd92b45f22deee02cab1", + "5341c78e4ce5bf8fbc3e077d1990dd5d", "", "da6c", "", + "b63ff43c12073ec5572b1be70f17e231", + "9c39f5b110361e9a770cc5e8b0f444bbb63ff43c12073ec5572b1be70f17e231", false, + false}, + + {214, "c224e0bba3d7a99165f7996b67a0fce3e12f2c01179b197b69b7e628bca92096", + "", "", "6b30145e", "", "ae6f7c9a29f0d8204ca50b14a1e0dcf2", + "ae6f7c9a29f0d8204ca50b14a1e0dcf2", false, false}, + + {215, "093eb12343537ee8e91c1f715b862603f8daf9d4e1d7d67212a9d68e5aac9358", + "33efb58c91e8c70271870ec00fe2e202", "", "5110604c", "", + "b824c33c13f289429659aa017c632f71", + "f73f72f976a296ba3ca94bc6eb08cd46b824c33c13f289429659aa017c632f71", false, + false}, + + {216, "98e6f8ab673e804e865e32403a6551bf807a959343c60d34559360bc295ecb5b", + "", "", "d4d857510888", "", "3db16725fafc828d414ab61c16a6c38f", + "3db16725fafc828d414ab61c16a6c38f", false, false}, + + {217, "0bd0e8e7781166e1d876dec8fad34ba95b032a27cac0551595116091005947b7", + "91222263b12cf5616a049cbe29ab9b5b", "", "1bdcd44b663e", "", + "c8fc39906aca0c64e14a43ff750abd8a", + "ed463f4f43336af3f4d7e08770201145c8fc39906aca0c64e14a43ff750abd8a", false, + false}}; + +#endif // gcm_vectors_h__ diff --git a/security/nss/gtests/common/testvectors/kw-vectors.h b/security/nss/gtests/common/testvectors/kw-vectors.h new file mode 100644 index 000000000..38e641a30 --- /dev/null +++ b/security/nss/gtests/common/testvectors/kw-vectors.h @@ -0,0 +1,1940 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef kw_vectors_h__ +#define kw_vectors_h__ + +#include <string> +#include <vector> +#include <map> + +/* The result struct adds some granularity to what we are testing. + * With the single "valid" boolean, we don't know whether the function under + * test itself is expected to fail (i.e. return SECFailure), or if we simply + * expect the output to differ from what's in the test vector. Therefore, + * each vector contains a map of Actions (i.e. NSS capabilities that we wish to + * test) mapping to expected Result values (both in terms of return code as + * well as whether or not the output should match the test vector). + * + * - If |output_match| is true, the function under test MUST return the same + * data (length and contents). + * - If |output_match| is false, the function under test MUST NOT return the + * same data (length or contents must be different). + */ + +typedef struct Result { + SECStatus expect_rv; + bool output_match; +} Result; + +enum Action { WRAP, UNWRAP }; + +typedef struct keywrap_vector { + uint32_t test_id; + std::vector<uint8_t> key; + std::vector<uint8_t> msg; + std::vector<uint8_t> ct; + std::map<Action, Result> tests; +} keywrap_vector; + +const keywrap_vector kWycheproofAesKWVectors[] = { + {1, + {0x6f, 0x67, 0x48, 0x6d, 0x1e, 0x91, 0x44, 0x19, 0xcb, 0x43, 0xc2, 0x85, + 0x09, 0xc7, 0xc1, 0xea}, + {0x8d, 0xc0, 0x63, 0x2d, 0x92, 0xee, 0x0b, 0xe4, 0xf7, 0x40, 0x02, 0x84, + 0x10, 0xb0, 0x82, 0x70}, + {0x9d, 0xe4, 0x53, 0xce, 0xd5, 0xd4, 0xab, 0x46, 0xa5, 0x60, 0x17, 0x08, + 0xee, 0xef, 0xef, 0xb5, 0xe5, 0x93, 0xe6, 0xae, 0x8e, 0x86, 0xb2, 0x6b}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {2, + {0xa0, 0xb1, 0x71, 0x72, 0xbb, 0x29, 0x6d, 0xb7, 0xf5, 0xc8, 0x69, 0xe9, + 0xa3, 0x6b, 0x5c, 0xe3}, + {0x61, 0x5d, 0xd0, 0x22, 0xd6, 0x07, 0xc9, 0x10, 0xf2, 0x01, 0x78, 0xcb, + 0xdf, 0x42, 0x06, 0x0f}, + {0x8c, 0x3a, 0xba, 0x85, 0xcc, 0x0a, 0xe1, 0xae, 0x10, 0xb3, 0x66, 0x58, + 0xb0, 0x68, 0xf5, 0x95, 0xba, 0xf8, 0xca, 0xaf, 0xb7, 0x45, 0xef, 0x3c}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {3, + {0x0e, 0x49, 0xd5, 0x71, 0xc1, 0x9b, 0x52, 0x50, 0xef, 0xfd, 0x41, 0xd9, + 0x4b, 0xde, 0x39, 0xd6}, + {0xf2, 0x5e, 0x4d, 0xe8, 0xca, 0xca, 0x36, 0x3f, 0xd5, 0xf2, 0x94, 0x42, + 0xeb, 0x14, 0x7b, 0x55}, + {0x1d, 0xe0, 0x93, 0x65, 0x48, 0x26, 0xf1, 0x8f, 0xcd, 0x0f, 0x3f, 0xd4, + 0x99, 0x41, 0x6f, 0xf2, 0x2e, 0xd7, 0x5e, 0xe1, 0x2f, 0xe0, 0xb6, 0x24}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {4, // wrapped key is longer than wrapping key + {0xe0, 0xe1, 0x29, 0x59, 0x10, 0x91, 0x03, 0xe3, 0x0a, 0xe8, 0xb5, 0x68, + 0x4a, 0x22, 0xe6, 0x62}, + {0xdb, 0xb0, 0xf2, 0xbb, 0x2b, 0xe9, 0x12, 0xa2, 0x04, 0x30, 0x97, 0x2d, + 0x98, 0x42, 0xce, 0x3f, 0xd3, 0xb9, 0x28, 0xe5, 0x73, 0xe1, 0xac, 0x8e}, + {0x9c, 0x3d, 0xdc, 0x23, 0x82, 0x7b, 0x7b, 0x3c, 0x13, 0x10, 0x5f, + 0x9e, 0x8b, 0x11, 0x52, 0x3b, 0xac, 0xcd, 0xfb, 0x6c, 0x8b, 0x7e, + 0x78, 0x25, 0x49, 0x6e, 0x7a, 0x84, 0x0b, 0xd3, 0x2a, 0xec}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {5, // wrapped key is longer than wrapping key + {0xdd, 0x58, 0x3d, 0x9f, 0x10, 0x59, 0x86, 0x14, 0x30, 0xec, 0x8b, 0x5d, + 0x8a, 0x18, 0x0e, 0x9b}, + {0xf2, 0xe3, 0x4f, 0x35, 0x63, 0x62, 0xa3, 0x1b, 0x51, 0xd6, 0xe0, 0x2b, + 0xcd, 0x33, 0x3c, 0x9e, 0x61, 0x70, 0x49, 0x4c, 0xa5, 0xff, 0x54, 0x87}, + {0xaf, 0xb7, 0x44, 0xaa, 0xf7, 0x46, 0xdc, 0xc0, 0xb5, 0x7f, 0x8b, + 0x37, 0x8c, 0x40, 0x4c, 0xbe, 0x87, 0x7f, 0x44, 0xcf, 0x3d, 0x45, + 0x14, 0x0d, 0x60, 0x81, 0x4e, 0xda, 0x3f, 0x54, 0x1f, 0x01}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {6, // wrapped key is longer than wrapping key + {0xfa, 0xf5, 0xcc, 0xfa, 0xe4, 0x2b, 0x43, 0xce, 0xe2, 0xc5, 0xf0, 0xf3, + 0x17, 0x7a, 0x7c, 0x5d}, + {0x4e, 0x02, 0x08, 0x48, 0x33, 0x66, 0x0c, 0x46, 0x38, 0x30, 0x48, 0x3b, + 0x36, 0xda, 0xb8, 0x66, 0xc6, 0x4c, 0x8c, 0xf7, 0x42, 0x9c, 0xac, 0x3d}, + {0xcf, 0xf9, 0x8c, 0xd6, 0x4c, 0xb5, 0x1a, 0xb9, 0x9b, 0x81, 0xae, + 0xe8, 0x2c, 0xee, 0x42, 0x74, 0xd0, 0xdf, 0x3e, 0x1b, 0x6a, 0x49, + 0x43, 0xd3, 0x92, 0x36, 0xea, 0x98, 0x98, 0x46, 0xd0, 0xcc}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {7, // wrapped key is longer than wrapping key + {0xc2, 0xb9, 0xd2, 0x3f, 0x28, 0x31, 0xdd, 0xcd, 0xeb, 0x45, 0x68, 0x53, + 0xd4, 0x01, 0x4d, 0xb9}, + {0xf4, 0xcf, 0xea, 0x98, 0xe5, 0x8b, 0x93, 0x9c, 0xc8, 0x59, 0x55, + 0x43, 0x85, 0xcf, 0x3a, 0x6c, 0x7f, 0x82, 0x17, 0xf7, 0x28, 0xef, + 0xb4, 0x31, 0xc9, 0x64, 0x78, 0x6d, 0xe8, 0x27, 0x49, 0x07}, + {0x58, 0xdc, 0xfb, 0x0e, 0x7e, 0xc4, 0xd3, 0xbc, 0x80, 0x03, + 0x41, 0x8d, 0x86, 0x5f, 0xbd, 0x52, 0x0c, 0x6b, 0x24, 0xb2, + 0xbd, 0xe3, 0x5b, 0x1b, 0xe5, 0xb1, 0xc5, 0xff, 0x32, 0xa1, + 0x30, 0xf3, 0x3d, 0x03, 0x5e, 0x59, 0x32, 0x61, 0x60, 0x83}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {8, // wrapped key is longer than wrapping key + {0x62, 0x0a, 0x08, 0xf3, 0x20, 0xcd, 0xed, 0xbf, 0x7a, 0xe5, 0x51, 0xad, + 0xd3, 0x48, 0xd9, 0x5e}, + {0xce, 0xc3, 0x4e, 0xaf, 0x8e, 0x67, 0xe1, 0xce, 0x61, 0x9d, 0xdf, + 0xc3, 0x09, 0x53, 0x1c, 0x42, 0xf1, 0x60, 0x33, 0xa7, 0xe2, 0xcb, + 0xc4, 0xf5, 0xeb, 0x3a, 0x54, 0x81, 0x64, 0xe9, 0xb2, 0x91}, + {0x4e, 0xe4, 0x7b, 0xd6, 0x8d, 0x41, 0x85, 0x86, 0xc4, 0x47, + 0xa3, 0x91, 0x11, 0xe2, 0xec, 0x15, 0x02, 0xff, 0x0f, 0x17, + 0x26, 0xea, 0x91, 0xc5, 0xd9, 0x73, 0x70, 0x40, 0x9d, 0x89, + 0xb8, 0xe6, 0x6e, 0x88, 0x9b, 0x63, 0x8a, 0xc4, 0x0c, 0xed}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {9, // wrapped key is longer than wrapping key + {0xed, 0x08, 0x9a, 0xc2, 0x74, 0xf8, 0xc7, 0xce, 0xa2, 0x41, 0x56, 0x71, + 0xa9, 0x4b, 0x5e, 0x53}, + {0x60, 0x65, 0xe4, 0x1d, 0xf1, 0x4d, 0xae, 0xee, 0xfa, 0xca, 0xc5, + 0xda, 0xeb, 0x76, 0x74, 0xcd, 0xc9, 0xc1, 0xf6, 0x86, 0x01, 0x3b, + 0x79, 0x71, 0x53, 0xe8, 0x0e, 0xf2, 0x15, 0x89, 0x32, 0x99}, + {0xd3, 0xb0, 0x93, 0xfd, 0x82, 0x2c, 0xe4, 0x54, 0xeb, 0xc2, + 0x51, 0xc6, 0xf2, 0x1f, 0xa7, 0x1c, 0x38, 0x58, 0xee, 0x7e, + 0x62, 0x3e, 0xcb, 0xfb, 0xbf, 0x88, 0x73, 0x98, 0xa3, 0x0b, + 0x40, 0xc5, 0x5d, 0x05, 0x65, 0xc7, 0xa1, 0x5e, 0x40, 0x15}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {10, // Round counter overflows 256 + {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c, + 0x50, 0x48, 0xfe, 0x0c}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x22, 0x2d, 0xea, 0xdd, 0xe6, 0xef, 0xb7, 0x60, 0xca, 0xe4, 0x2f, 0xa1, + 0x88, 0x31, 0x0e, 0x0c, 0x07, 0xe7, 0xd5, 0x57, 0x52, 0x97, 0x66, 0x44, + 0x4a, 0x9e, 0xfb, 0x33, 0x09, 0x07, 0xd4, 0x2f, 0x0d, 0xd8, 0xf3, 0xd1, + 0x7b, 0x3a, 0x38, 0xbf, 0x40, 0xd6, 0x8c, 0x09, 0x5a, 0x9c, 0xce, 0x19, + 0xda, 0xf9, 0x07, 0xbf, 0x2c, 0x92, 0xf1, 0xe5, 0x9b, 0x18, 0xb2, 0x77, + 0xff, 0x03, 0x97, 0xfc, 0x50, 0xf4, 0x5f, 0x58, 0x2d, 0xb9, 0x36, 0xaa, + 0x8a, 0xfb, 0x94, 0x3d, 0xe0, 0x1b, 0x58, 0xab, 0xfd, 0xc8, 0x1d, 0xae, + 0xf4, 0xe0, 0x38, 0xc9, 0x9e, 0x4c, 0x1e, 0xb3, 0xee, 0x44, 0x74, 0x64, + 0xbb, 0x8f, 0x89, 0xa4, 0xea, 0x81, 0xe5, 0x65, 0x56, 0xcc, 0x26, 0xc7, + 0x28, 0x83, 0xc0, 0x6a, 0x7f, 0xe8, 0x50, 0xd0, 0x43, 0x47, 0xd6, 0x8b, + 0xba, 0xdc, 0x4a, 0x06, 0x77, 0x50, 0x30, 0x67, 0x6d, 0xb8, 0xcc, 0x34, + 0xae, 0xb0, 0x7e, 0x39, 0xc7, 0xf0, 0x59, 0xc2, 0xbf, 0xf7, 0x6a, 0x7f, + 0x2b, 0xaf, 0x07, 0x67, 0x49, 0x00, 0x4e, 0xf7, 0x18, 0x9f, 0x88, 0x7f, + 0x89, 0x02, 0x9f, 0x88, 0xc5, 0xc1, 0xd0, 0xf5, 0xee, 0x62, 0x32, 0x0b, + 0x42, 0x30, 0x48, 0xe2, 0xad, 0x81, 0x86, 0xe6, 0x3b, 0xe2, 0x3c, 0x55, + 0x3f, 0x55, 0x76, 0xa4, 0x0d, 0x96, 0x7e, 0x8b, 0x52, 0x7c, 0xcd, 0x78, + 0x3c, 0x41, 0xab, 0xc6, 0x4b, 0xea, 0x1a, 0xec, 0x8a, 0x76, 0xde, 0xb3, + 0xe9, 0xc9, 0xa6, 0x65, 0x67, 0x56, 0xe1, 0xda, 0xc3, 0x8b, 0xd2, 0x5f, + 0xf0, 0x08, 0x88, 0x8a, 0x55, 0x91, 0xaf, 0x76, 0x3f, 0xd7, 0x3f, 0x5a, + 0xdd, 0xd7, 0x49, 0x79, 0x48, 0x17, 0x07, 0x09, 0x90, 0x48, 0x46, 0x54, + 0xa4, 0x6e, 0xf4, 0x42, 0xad, 0xae, 0xac, 0xab, 0x14, 0xd1, 0x2d, 0xaa, + 0xf8, 0x7b, 0xcb, 0x91, 0x66, 0x1a, 0x21, 0x59, 0x37, 0x17, 0xd9, 0xb9, + 0x35, 0x29, 0xd8, 0x13, 0xea, 0x5f, 0xc8, 0x12, 0xd7, 0x08, 0xc0, 0xd8, + 0xe9, 0xb6, 0x81, 0x22, 0xd9, 0xf5, 0xe6, 0x26, 0x7c, 0xde, 0x36, 0x37, + 0x80, 0xa4, 0x5d, 0x07, 0xe4, 0xca, 0xa5, 0xbf, 0x14, 0xf2, 0x33, 0x4f, + 0x25, 0xb9, 0xd1, 0x77, 0x63, 0x2b, 0xb8, 0x0a, 0x82, 0x89, 0x4a, 0xa4, + 0x7b, 0x6f, 0x36, 0x0b, 0x2d, 0xa1, 0x13, 0x8d, 0xed, 0xd4, 0x33, 0x1f, + 0x07, 0x7c, 0x90, 0x05, 0x54, 0xc7, 0xa6, 0x8b, 0x5d, 0x15, 0x49, 0x80, + 0xbb, 0x35, 0x17, 0xac, 0x20, 0xa7, 0x8a, 0x51, 0xf6, 0xf2, 0x1e, 0x42, + 0xb2, 0xc4, 0xc9, 0x60, 0xd3, 0x1c, 0xbd, 0x22, 0xbd, 0x61, 0x08, 0x19, + 0x18, 0x2c, 0x5e, 0x45, 0x6b, 0xa7, 0xd7, 0xe9, 0x03, 0xf5, 0xe6, 0x0f, + 0x6e, 0x0c, 0x4c, 0xc0, 0x14, 0xfe, 0xb4, 0xf8, 0x19, 0x73, 0xce, 0x48, + 0xad, 0x6f, 0x4d, 0xab, 0x8d, 0xa5, 0x1e, 0xb7}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {11, // empty keys cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {}, + {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {12, // keys of size 8 byte cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0xdc, 0x26, 0xfb, 0x69, 0x11, 0xd7, 0x19, 0x71, 0xdf, 0x03, 0x56, 0xd6, + 0xbb, 0x9e, 0xd6, 0xe6}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {13, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {14, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {15, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {16, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {17, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03, 0x04}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {18, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05}, + {}, + {{Action::WRAP, {SECFailure, false}}}}, + + {19, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {20, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {21, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {22, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0x9f}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {23, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0xdc, 0x9e, 0x95, 0x80}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {24, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {25, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45, + 0x91, 0xca, 0x6b}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {26, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18, + 0x31, 0x33, 0x8f, 0x33, 0xae}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {27, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {}, + {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff, + 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {28, // bytes appended to wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f}, + {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6, 0x76, 0x4e, 0x01, + 0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b, 0xed, 0x26, 0x33, 0xae, 0xa6, 0x65}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {28, // Bytes appended to wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f}, + {0x97, 0x90, 0xab, 0x51, 0xfb, 0xcb, 0x85, 0x0d, 0xf6, + 0x76, 0x4e, 0x01, 0x1a, 0xe9, 0x7c, 0x85, 0x78, 0x5b, + 0xed, 0x26, 0x33, 0xae, 0xa6, 0x65, 0x00}, + {{Action::UNWRAP, {SECFailure, false}}}}, + + {29, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x0a, 0xac, 0x32, 0x9c, 0xcd, 0x51, 0x3e, 0xdb, 0xdd, 0x63, 0x67, 0xdf, + 0x67, 0x99, 0x9e, 0xaa, 0xc9, 0xe7, 0xb5, 0x19, 0x84, 0xc4, 0xd3, 0x8d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {30, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x5a, 0x55, 0xdc, 0x42, 0x97, 0x49, 0xca, 0x49, 0xbb, 0x4a, 0xb0, 0x1d, + 0x96, 0x6b, 0x19, 0xea, 0x9a, 0x9e, 0x14, 0x02, 0xe6, 0xab, 0x29, 0x62}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {31, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x45, 0xf5, 0x33, 0xf6, 0x07, 0x2f, 0x64, 0x0e, 0xb7, 0xe1, 0xe5, 0x12, + 0xd5, 0x60, 0x72, 0x08, 0x55, 0x67, 0xf4, 0xad, 0x60, 0x12, 0xa9, 0x7a}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {32, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x84, 0xf2, 0x84, 0x56, 0x5d, 0xf4, 0x7c, 0x40, 0x91, 0x07, 0xf7, 0xa0, + 0xa7, 0x1b, 0xc3, 0x70, 0xa8, 0xed, 0x44, 0x89, 0xd4, 0x14, 0xb9, 0xe9}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {33, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x39, 0x41, 0xc3, 0x66, 0x55, 0x4f, 0xc8, 0x96, 0xe9, 0xfe, 0x52, 0xf0, + 0x24, 0x93, 0xca, 0x03, 0xd4, 0x39, 0xeb, 0x17, 0xc2, 0x36, 0x14, 0x6d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {34, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x45, 0xc9, 0xd4, 0x23, 0x63, 0xd9, 0x81, 0xd0, 0x86, 0xa9, 0x72, 0x72, + 0x8e, 0x13, 0x0a, 0x42, 0xf5, 0xdd, 0x90, 0xbd, 0xa5, 0x62, 0xa8, 0x5a}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {35, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x03, 0x7d, 0x17, 0x85, 0x95, 0x19, 0xd6, 0xc0, 0x72, 0x8a, 0x9e, 0xb6, + 0xe6, 0x41, 0x13, 0xe8, 0x69, 0x19, 0xde, 0xca, 0xbd, 0x3b, 0xbb, 0x88}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {36, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x1a, 0xd1, 0x0a, 0xf7, 0xf6, 0xc0, 0x42, 0xb2, 0x67, 0xa0, 0xc7, 0xbc, + 0x4d, 0x25, 0xd2, 0x7c, 0x00, 0x3d, 0xeb, 0x50, 0xe2, 0xcc, 0x56, 0x6a}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {37, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x63, 0x0c, 0x57, 0x1b, 0x7f, 0xb8, 0x64, 0x7a, 0xc5, 0x36, 0x0a, 0x25, + 0x5f, 0x9f, 0x5d, 0x36, 0x45, 0x79, 0x5a, 0xc4, 0x52, 0x85, 0xcb, 0xaa}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {38, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x16, 0xdb, 0x55, 0x3e, 0x46, 0x7d, 0x40, 0x29, 0xd0, 0xfe, 0xa6, 0x2b, + 0x2c, 0x44, 0x0e, 0x5d, 0xf6, 0xc6, 0x59, 0x1f, 0x04, 0x97, 0xa9, 0x9d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {39, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x09, 0x79, 0x91, 0x09, 0x0a, 0x15, 0x60, 0x47, 0xd4, 0x78, 0x4b, 0x75, + 0x7f, 0x26, 0x2e, 0x12, 0xce, 0x57, 0xe1, 0x3a, 0x3d, 0x5d, 0x28, 0x6c}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {40, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x39, 0x57, 0xc3, 0x38, 0xb7, 0x50, 0xa3, 0x28, 0x5e, 0xb7, 0xb6, 0x5c, + 0x9c, 0xfe, 0x77, 0x05, 0x3d, 0xd7, 0xd8, 0x14, 0x9f, 0x42, 0xca, 0xa1}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {41, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, + 0xcc, 0xdd, 0xee, 0xff}, + {0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, 0xae, 0xf3, 0x4b, 0xd8, + 0xfb, 0x5a, 0x7b, 0x82, 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {42, + {0xf7, 0x5a, 0x2f, 0x49, 0xa6, 0x30, 0xc7, 0xdc, 0x91, 0x62, 0x6b, 0x00, + 0xce, 0x02, 0x9f, 0x0b, 0xd2, 0x98, 0x1d, 0x7c, 0x74, 0xa9, 0x3e, 0xbe}, + {0x9a, 0xdb, 0xc0, 0x0c, 0x71, 0x0b, 0x11, 0x01, 0xbd, 0xf6, 0xa4, 0xed, + 0x65, 0xb3, 0x2d, 0x72}, + {0x00, 0xbe, 0x1c, 0xad, 0xdf, 0xd5, 0xad, 0x76, 0x97, 0x87, 0x70, 0x17, + 0x79, 0x5f, 0x9c, 0xee, 0x4b, 0xce, 0x5a, 0x61, 0x68, 0x7a, 0x61, 0x26}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {43, + {0xb7, 0x13, 0xf6, 0xb7, 0x81, 0x4f, 0x98, 0x89, 0x4d, 0x7b, 0x15, 0x39, + 0x74, 0x68, 0x43, 0x59, 0xf1, 0x46, 0x02, 0x13, 0xeb, 0x74, 0xbe, 0x68}, + {0x78, 0x58, 0x5f, 0x0c, 0x49, 0x92, 0x2e, 0x82, 0xca, 0xf1, 0x7e, 0xbc, + 0x37, 0x21, 0xb4, 0xdb}, + {0x54, 0xe7, 0xf2, 0x78, 0xb5, 0xa1, 0xfb, 0x4c, 0x31, 0xa0, 0xd7, 0x9a, + 0xc1, 0xf6, 0x15, 0xed, 0xd9, 0x10, 0xbf, 0x22, 0x01, 0x5a, 0x06, 0x68}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {44, + {0x13, 0xec, 0xf4, 0x23, 0x21, 0x1c, 0xaa, 0x33, 0x4b, 0xa6, 0xdb, 0x37, + 0x25, 0x9a, 0x53, 0x5c, 0x20, 0xde, 0x8a, 0xd1, 0x0f, 0xc8, 0xc4, 0x32}, + {0x4f, 0xc7, 0x5d, 0x0f, 0x22, 0x1e, 0x22, 0x40, 0x8a, 0x37, 0xe1, 0x12, + 0x65, 0xd4, 0x9a, 0x05}, + {0x51, 0x04, 0x55, 0xbd, 0x9c, 0x07, 0x8a, 0xc1, 0xf0, 0x7b, 0xb3, 0x75, + 0x2c, 0xbd, 0x04, 0xe4, 0x21, 0xb0, 0xdd, 0x63, 0x51, 0x90, 0xfa, 0x62}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {45, + {0x44, 0x17, 0xfb, 0xbe, 0xa5, 0x1b, 0xdd, 0x91, 0x81, 0x8d, 0x74, 0x05, + 0x19, 0x57, 0xdd, 0x70, 0xe1, 0x35, 0xc5, 0xcf, 0x37, 0x32, 0xbd, 0xf1}, + {0xf5, 0x35, 0x7d, 0xa9, 0xf8, 0xfd, 0x4a, 0x11, 0x90, 0xf3, 0x6e, 0x9f, + 0xa0, 0x9a, 0x90, 0xfc, 0xf1, 0x4d, 0x87, 0xd6, 0x23, 0x32, 0xf1, 0xa5}, + {0x88, 0x0d, 0xa5, 0xb4, 0x10, 0xf9, 0x13, 0xad, 0x72, 0xcc, 0x93, + 0xf4, 0x63, 0x44, 0xf1, 0x15, 0x21, 0x65, 0xbd, 0xea, 0x14, 0x66, + 0x4f, 0xd2, 0xd3, 0xaf, 0xbd, 0x87, 0xb8, 0xcc, 0x5c, 0xfd}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {46, + {0xb3, 0xf2, 0x6d, 0x8a, 0x22, 0xfd, 0xd6, 0x1f, 0x70, 0x98, 0x41, 0x23, + 0x1f, 0xbd, 0xe6, 0x95, 0xb3, 0xf2, 0x8d, 0xdd, 0xce, 0xd6, 0xd4, 0x1e}, + {0x0d, 0x0a, 0xf9, 0x55, 0xd2, 0xe3, 0x82, 0x9c, 0xc3, 0xd6, 0x43, 0x21, + 0x9b, 0x30, 0x1e, 0x64, 0xe0, 0x51, 0x0d, 0xfb, 0xc4, 0x28, 0x11, 0x9a}, + {0x27, 0x65, 0x4c, 0xf6, 0xa6, 0x3d, 0x60, 0x04, 0xae, 0x83, 0xda, + 0x54, 0xc2, 0xe5, 0xd7, 0xb5, 0xfa, 0xd2, 0x08, 0x78, 0xf3, 0x50, + 0x08, 0x7d, 0xdd, 0x17, 0xac, 0x44, 0xa2, 0xbe, 0x86, 0x8f}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {47, + {0xf7, 0x0c, 0xfb, 0x26, 0x2c, 0x72, 0x9a, 0x18, 0x20, 0x6c, 0x8a, 0xfd, + 0x74, 0x35, 0x6e, 0xc7, 0xe0, 0x49, 0xd1, 0x0b, 0x44, 0xa6, 0xe0, 0x00}, + {0x24, 0x1c, 0xed, 0xfa, 0x64, 0xc4, 0xe7, 0xbe, 0xc5, 0x41, 0xa2, 0xeb, + 0x4c, 0x36, 0x82, 0x69, 0xe0, 0xf0, 0xdd, 0xeb, 0xc5, 0x82, 0x67, 0xea}, + {0xad, 0x7c, 0xa6, 0x6a, 0xd4, 0x66, 0x4f, 0x43, 0xe4, 0xdd, 0x09, + 0x29, 0x6a, 0x6e, 0x6f, 0x02, 0xd5, 0xaf, 0x44, 0x08, 0xf2, 0x25, + 0xc0, 0xab, 0xeb, 0x0d, 0x9b, 0x76, 0xc8, 0xd1, 0xe9, 0x82}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {48, // wrapped key is longer than wrapping key + {0x16, 0x39, 0xf9, 0xf8, 0x1e, 0x53, 0xe2, 0xee, 0xb6, 0x77, 0xa2, 0x49, + 0xe5, 0xec, 0xed, 0x3a, 0xf1, 0x08, 0x97, 0x13, 0x01, 0x60, 0x1a, 0x7b}, + {0xec, 0x3c, 0x6a, 0x1f, 0x1a, 0x95, 0x85, 0x32, 0x7f, 0xe6, 0x58, + 0x49, 0x0c, 0x74, 0x63, 0x5e, 0x53, 0x00, 0x87, 0x6d, 0xa5, 0x84, + 0x6a, 0x62, 0x93, 0x98, 0x98, 0x4f, 0xb5, 0x51, 0xd6, 0x91}, + {0xe2, 0x45, 0xc9, 0x0a, 0x6b, 0x46, 0xca, 0xec, 0xe9, 0x4f, + 0x47, 0x11, 0x7d, 0x60, 0x83, 0x31, 0x95, 0x8c, 0x8f, 0x75, + 0xf5, 0x31, 0xeb, 0xcd, 0xc9, 0x02, 0xc0, 0x21, 0x3d, 0x91, + 0x05, 0xf2, 0x15, 0x5a, 0xf0, 0x7d, 0xaa, 0x62, 0xd1, 0x32}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {49, // wrapped key is longer than wrapping key + {0x1f, 0x22, 0xd5, 0x65, 0x8a, 0xa6, 0x85, 0xb8, 0xba, 0x86, 0x59, 0xdc, + 0x34, 0x28, 0x80, 0xd5, 0xb2, 0x39, 0x9e, 0x6a, 0x81, 0x50, 0x05, 0xb0}, + {0x50, 0xbe, 0x4c, 0x1b, 0x2f, 0x29, 0xa6, 0x3f, 0x44, 0xd7, 0xfc, + 0x63, 0x73, 0x7f, 0x60, 0x0f, 0x01, 0x94, 0xea, 0x3f, 0xb3, 0x6e, + 0x17, 0x3d, 0x2d, 0xdd, 0x19, 0xf2, 0x18, 0x65, 0x63, 0x80}, + {0x8a, 0x32, 0xb9, 0xf2, 0x07, 0xae, 0x5a, 0xae, 0xdb, 0x7e, + 0x8a, 0x0d, 0x94, 0x51, 0x07, 0x41, 0x2c, 0x1b, 0xd0, 0x69, + 0x99, 0xbc, 0x5a, 0xc8, 0x3c, 0x1f, 0x95, 0x8d, 0xfb, 0x77, + 0xeb, 0xdc, 0xf9, 0xd9, 0x8c, 0x60, 0xdb, 0xd4, 0x65, 0x0a}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {50, // wrapped key is longer than wrapping key + {0x3a, 0x2f, 0x4a, 0xa5, 0x04, 0x41, 0x95, 0x4b, 0xba, 0x5a, 0x18, 0x36, + 0x29, 0x4c, 0xe0, 0x71, 0xf9, 0x29, 0x6b, 0x23, 0xdb, 0xed, 0x67, 0x71}, + {0x65, 0xda, 0x02, 0xff, 0x21, 0xb4, 0x83, 0xa1, 0xe3, 0x95, 0x75, + 0x49, 0x0b, 0x43, 0x19, 0xe8, 0x4a, 0xe0, 0x29, 0x9f, 0x1f, 0x00, + 0xb3, 0x85, 0x9f, 0xbe, 0x2e, 0x74, 0xb3, 0xec, 0x2a, 0xaf}, + {0x4a, 0x58, 0x42, 0xb1, 0x0d, 0x2d, 0xb9, 0x6e, 0xa1, 0x03, + 0x9e, 0xf4, 0x78, 0x5c, 0xe7, 0x22, 0x55, 0x5b, 0x37, 0x51, + 0xa9, 0xb6, 0xdd, 0x39, 0x12, 0x6a, 0xd3, 0x63, 0x37, 0x8c, + 0x72, 0x32, 0x0d, 0x83, 0xea, 0x7a, 0xdb, 0x81, 0x61, 0x5a}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {51, // Round counter overflows 256 + {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, 0x7c, + 0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6, 0x35, 0x02}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xe2, 0x19, 0x25, 0x98, 0xe6, 0x12, 0x4f, 0x27, 0x91, 0xb2, 0x75, 0x1f, + 0x93, 0x09, 0x58, 0x43, 0x5b, 0xb1, 0xd0, 0x2e, 0x98, 0xaa, 0x1e, 0x09, + 0x78, 0x1b, 0xba, 0x0b, 0x15, 0x94, 0x35, 0xdb, 0x65, 0x9f, 0xa7, 0x3f, + 0xa3, 0x10, 0x11, 0x17, 0x04, 0x69, 0x2c, 0x68, 0xe1, 0x6d, 0xdf, 0x4b, + 0xe0, 0x60, 0x22, 0xc5, 0x2f, 0xe9, 0xdb, 0xa6, 0x27, 0x9a, 0xad, 0x1a, + 0xeb, 0x81, 0x41, 0x25, 0xd0, 0xdd, 0xf3, 0x3f, 0x31, 0xe5, 0x8e, 0x62, + 0x5a, 0xf3, 0x23, 0x05, 0x05, 0x0c, 0xfe, 0xa3, 0x90, 0xd8, 0x78, 0x2d, + 0x32, 0xca, 0xac, 0x55, 0x88, 0x89, 0xca, 0x8e, 0x64, 0x19, 0x08, 0x20, + 0x8d, 0xa6, 0x97, 0x65, 0x42, 0xb4, 0x0d, 0xbd, 0x09, 0x01, 0x78, 0xe2, + 0xa6, 0x81, 0x2a, 0x43, 0x6c, 0x18, 0xa5, 0xe8, 0x91, 0xac, 0x80, 0x83, + 0x17, 0x6a, 0xce, 0x1d, 0xdf, 0xee, 0x4d, 0x38, 0x28, 0x56, 0xa5, 0x9c, + 0x80, 0xc6, 0x43, 0xec, 0xd5, 0xc1, 0xab, 0x68, 0xc6, 0x6b, 0x2b, 0x89, + 0x84, 0xce, 0x6e, 0x0e, 0x38, 0x6f, 0x65, 0x54, 0xa9, 0xcb, 0x91, 0xd3, + 0x63, 0xbb, 0x4a, 0xcc, 0xf0, 0x28, 0x87, 0x8e, 0xc2, 0x0b, 0x8b, 0x2e, + 0x37, 0x21, 0x4f, 0x7b, 0x12, 0xdb, 0xcd, 0x78, 0xfb, 0x38, 0xf7, 0x11, + 0xa9, 0x0f, 0xe2, 0x62, 0xc7, 0x84, 0x91, 0xb9, 0x05, 0x83, 0x54, 0xe2, + 0x7b, 0x34, 0xfc, 0x92, 0xef, 0x0d, 0x70, 0x28, 0x59, 0x4c, 0xb0, 0x82, + 0x59, 0xf8, 0x6b, 0x54, 0xcb, 0x1d, 0x31, 0x7e, 0xc5, 0x5f, 0x2e, 0xf2, + 0xab, 0x7e, 0x8b, 0x14, 0x16, 0x71, 0xf8, 0xbc, 0xb1, 0xa9, 0x0b, 0xb7, + 0xd8, 0x2b, 0xc8, 0xcb, 0x4f, 0xb0, 0x2c, 0x9c, 0xe4, 0x30, 0xef, 0x4a, + 0xe0, 0xdc, 0x84, 0x7e, 0x91, 0xe7, 0xd4, 0xfb, 0x46, 0x3e, 0xb9, 0xdd, + 0x87, 0xfc, 0x9d, 0xc9, 0x56, 0x8f, 0x3a, 0x4e, 0xf5, 0x04, 0xd7, 0x4c, + 0x13, 0x4d, 0xcb, 0x60, 0xca, 0x01, 0xb3, 0x6c, 0xe1, 0x0c, 0xb4, 0x67, + 0x26, 0x8e, 0xa2, 0x97, 0xc0, 0x51, 0x8a, 0x50, 0xd1, 0x2c, 0xc0, 0x25, + 0xcf, 0xee, 0xa1, 0x38, 0x1d, 0xdd, 0x7d, 0xd6, 0x3e, 0x4a, 0xc9, 0x48, + 0x90, 0xa0, 0xea, 0xe9, 0xdb, 0xd8, 0xdb, 0x24, 0x46, 0x25, 0xa3, 0xc8, + 0xaf, 0x2e, 0x1a, 0xff, 0x6a, 0x81, 0x12, 0xc4, 0xd3, 0xd9, 0x8e, 0x82, + 0x63, 0x58, 0x8e, 0xe1, 0xdd, 0x90, 0x63, 0xb7, 0x09, 0xb8, 0xec, 0x00, + 0x47, 0x4c, 0x4e, 0xa4, 0x13, 0xa8, 0x02, 0xb8, 0xcd, 0xe8, 0x14, 0xe7, + 0xb3, 0x73, 0x14, 0x10, 0x80, 0x9e, 0xd0, 0x00, 0x06, 0x0f, 0xb7, 0xb9, + 0xb0, 0xbf, 0x85, 0x09, 0xef, 0x17, 0x51, 0x5f, 0x33, 0x3e, 0x86, 0x8b, + 0x18, 0x8e, 0xa1, 0x64, 0x45, 0xf3, 0x80, 0xb3, 0xa7, 0xd4, 0x27, 0x74, + 0xf6, 0x45, 0x6c, 0xdf, 0x72, 0x42, 0x46, 0xfa}, + {{Action::WRAP, + {SECSuccess, true}}, // Round counter overflows - acceptable + {Action::UNWRAP, {SECSuccess, true}}}}, + + {52, // empty keys cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {}, + {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {53, // keys of size 8 byte cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0x38, 0xd8, 0x23, 0x8c, 0xdb, 0x0d, 0x9a, 0x2d, 0xa2, 0x8d, 0x6d, 0x56, + 0x19, 0x4f, 0x2e, 0x78}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {54, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {55, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {56, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {57, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {58, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03, 0x04}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {59, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {60, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {61, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, 0xa9, + 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, 0xed, 0x76}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {62, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {63, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0x9f}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {64, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0xdc, 0x9e, 0x95, 0x80}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {65, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {66, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45, + 0x91, 0xca, 0x6b}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {67, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18, + 0x31, 0x33, 0x8f, 0x33, 0xae}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {68, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {}, + {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff, + 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {69, // bytes appended to wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, 0xa4, + 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, 0xfd, 0x97}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f}, + {0x55, 0xdf, 0xb2, 0xf7, 0xe0, 0xc1, 0xea, 0x04, 0xfe, + 0xad, 0x89, 0x7c, 0x45, 0x1c, 0x05, 0x05, 0x92, 0x1d, + 0xc4, 0x7f, 0x30, 0x8c, 0x49, 0x17, 0x00}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {70, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x9b, 0x15, 0x93, 0xfd, 0x7d, 0x4f, 0xe2, 0x5a, 0x66, 0x0b, 0xbc, 0x19, + 0x76, 0xea, 0x4a, 0xb6, 0x8b, 0xcc, 0x53, 0xf8, 0x48, 0xa8, 0xeb, 0x9d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {71, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xe7, 0xed, 0xb8, 0x47, 0xfa, 0x91, 0xe2, 0xde, 0xde, 0xd7, 0x26, 0xed, + 0xf3, 0xab, 0x93, 0xda, 0x91, 0x15, 0x16, 0x97, 0x42, 0x5f, 0xee, 0x28}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {72, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x1b, 0x51, 0xa7, 0xc0, 0x33, 0xc1, 0xef, 0xb5, 0xee, 0x29, 0x94, 0x25, + 0x9c, 0x40, 0xf0, 0x3b, 0xb5, 0x7d, 0x8c, 0xc0, 0x9e, 0x50, 0x7e, 0x6e}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {73, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xc4, 0x0b, 0x61, 0x4a, 0x50, 0x62, 0xf5, 0xfd, 0x04, 0x9c, 0x53, 0x79, + 0xb3, 0xe8, 0x14, 0x16, 0x14, 0xc2, 0xda, 0x97, 0x89, 0x35, 0x89, 0xfb}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {74, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xd7, 0x57, 0x5e, 0xf0, 0x2d, 0xf5, 0x4b, 0x30, 0x86, 0xeb, 0x49, 0x03, + 0x5e, 0xea, 0xfb, 0xce, 0x0e, 0x08, 0x33, 0x6e, 0x89, 0xb3, 0x5a, 0xb0}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {75, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x0d, 0x61, 0x7f, 0x1c, 0x12, 0x48, 0x5a, 0x35, 0x91, 0x7d, 0x2a, 0x94, + 0x1e, 0x94, 0x9d, 0x2f, 0xdb, 0xf0, 0x3a, 0x34, 0x68, 0x89, 0xb8, 0x50}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {76, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xc7, 0xdf, 0x34, 0x72, 0x91, 0x74, 0xdb, 0x2e, 0x83, 0xee, 0x16, 0xc6, + 0xde, 0x74, 0xd5, 0xeb, 0x97, 0x66, 0x71, 0x5f, 0xad, 0x04, 0x9b, 0x40}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {77, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xc3, 0xed, 0x38, 0xd6, 0xf9, 0xcc, 0xb9, 0xbf, 0x3c, 0x56, 0xbb, 0x31, + 0x76, 0xf0, 0x0d, 0x3c, 0xe9, 0x88, 0x75, 0x21, 0xf8, 0xd4, 0xc7, 0x0b}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {78, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x65, 0x82, 0xb5, 0xf4, 0x65, 0x27, 0x44, 0xb0, 0x53, 0x7e, 0x97, 0xe7, + 0xcd, 0xae, 0x0f, 0x44, 0x31, 0x30, 0x14, 0x0d, 0xba, 0xea, 0x60, 0x4c}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {79, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xfc, 0x9b, 0x9b, 0xdf, 0x25, 0xf2, 0xb4, 0x8a, 0xd7, 0x99, 0x34, 0xc8, + 0xd3, 0x48, 0x97, 0xcd, 0xbf, 0x4c, 0x84, 0x6f, 0x8c, 0xb4, 0xb1, 0x1d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {80, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xfc, 0x23, 0xc7, 0xf4, 0xfe, 0x20, 0xaa, 0x81, 0x10, 0x5e, 0xfc, 0x1a, + 0x71, 0x05, 0xa5, 0x31, 0x6b, 0x23, 0x39, 0x9a, 0xc7, 0x92, 0xc8, 0x24}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {81, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x37, 0xb4, 0xa2, 0x61, 0xb9, 0x6b, 0xce, 0xc9, 0xcc, 0x93, 0xee, 0xf5, + 0xb2, 0xfb, 0xbb, 0xe8, 0x46, 0x34, 0xf9, 0x78, 0xc5, 0x89, 0x3d, 0xda}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {82, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x18, 0x31, 0x10, 0x98, 0x47, 0xd1, 0x7d, 0x01, 0x0b, 0xfc, 0xd9, + 0x3f, 0xb4, 0x6f, 0x31, 0x50, 0xcd, 0xaf, 0xd5, 0x27, 0x33, 0xdb, + 0x74, 0xc2, 0x21, 0xb0, 0x34, 0xfe, 0x8e, 0x15, 0x52, 0xc0}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {83, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x2b, 0x2b, 0x89, 0xc3, 0xc6, 0xb2, 0xdb, 0x49, 0x03, 0x87, 0x7a, + 0xd4, 0x62, 0x2c, 0xa3, 0x3f, 0x3a, 0x3c, 0xb7, 0xe6, 0x70, 0x1d, + 0x13, 0x40, 0xe6, 0xaf, 0xc0, 0xfd, 0xab, 0x7d, 0xbd, 0x72}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {84, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x3c, 0x69, 0x03, 0xf3, 0x7d, 0xa5, 0x71, 0x61, 0xaf, 0x67, 0x06, + 0x05, 0x0a, 0x2e, 0xd7, 0x47, 0xcd, 0x55, 0x34, 0x4d, 0x86, 0x91, + 0x89, 0xfd, 0x49, 0xd2, 0x53, 0x6f, 0xf9, 0x48, 0x12, 0x9d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {85, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x8a, 0x8d, 0xc8, 0xb1, 0x31, 0xc6, 0xb9, 0x68, 0xb6, 0x0c, 0x1d, + 0xd8, 0x19, 0xa6, 0x55, 0x39, 0x2d, 0x1a, 0x96, 0xd6, 0xca, 0xfa, + 0x48, 0xe3, 0x0f, 0xb1, 0x14, 0x6f, 0x09, 0x62, 0x29, 0xc6}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {86, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x30, 0x3e, 0x0b, 0x36, 0x02, 0xd5, 0x14, 0xa7, 0xd5, 0x2e, 0xdb, + 0xa3, 0x30, 0x6d, 0x73, 0x83, 0xe8, 0x99, 0x9e, 0x7c, 0x65, 0x2a, + 0x51, 0x03, 0x35, 0xa8, 0x94, 0x9e, 0xfb, 0x42, 0xeb, 0x66}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {87, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x31, 0x9b, 0xef, 0xbf, 0x2d, 0xdb, 0xb4, 0x75, 0x72, 0x3f, 0xb2, + 0xfa, 0x30, 0xf2, 0xae, 0x7f, 0xc1, 0xce, 0xb1, 0xe6, 0xf3, 0x61, + 0x71, 0x5e, 0xca, 0x72, 0x09, 0x60, 0x88, 0x73, 0xc7, 0xfc}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {88, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x9b, 0x3e, 0x44, 0x03, 0x41, 0xc5, 0xda, 0x13, 0x15, 0x59, 0x95, + 0x9d, 0xb6, 0xb3, 0x55, 0x3a, 0x53, 0x46, 0x91, 0x16, 0x2f, 0x4f, + 0x00, 0x93, 0x27, 0xbf, 0x2c, 0x21, 0xd6, 0xfe, 0x5a, 0xda}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {89, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xeb, 0xa6, 0xcc, 0x09, 0x59, 0xe6, 0xa5, 0x63, 0x39, 0xb1, 0x41, + 0x62, 0x98, 0x40, 0xad, 0xd8, 0x0f, 0x45, 0x65, 0x65, 0x6d, 0xc6, + 0x87, 0xa3, 0xb9, 0x96, 0x96, 0x0c, 0x99, 0x4d, 0xfd, 0x26}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {90, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xb7, 0x03, 0xb6, 0xcf, 0x45, 0x87, 0x70, 0x93, 0x53, 0xc7, 0xe4, + 0x00, 0x4d, 0x3d, 0xa6, 0x1c, 0xe5, 0xf5, 0xde, 0xaf, 0x71, 0x63, + 0xca, 0x9d, 0x61, 0x58, 0xdd, 0xe9, 0x19, 0xe0, 0xac, 0x34}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {91, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x72, 0x54, 0x9d, 0x52, 0xd6, 0xf4, 0xff, 0x91, 0x2d, 0x83, 0x3c, + 0x74, 0x13, 0x6d, 0x90, 0x63, 0x4c, 0xe8, 0xaf, 0xa4, 0xf8, 0x44, + 0x12, 0xbb, 0xee, 0x80, 0x74, 0x08, 0x4d, 0x4c, 0xec, 0xff}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {92, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x13, 0x37, 0xc8, 0xbd, 0x6c, 0x8a, 0x5d, 0xd4, 0x3a, 0xba, 0x8d, + 0x29, 0x88, 0x64, 0xff, 0xe7, 0x6a, 0xd6, 0xea, 0x90, 0x9f, 0x34, + 0x88, 0x15, 0x7a, 0x15, 0xe6, 0xc4, 0x6a, 0xcf, 0x22, 0x14}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {93, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, 0xdc, + 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, 0x84, 0xb4}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x4a, 0xaf, 0xfa, 0xca, 0x5f, 0xe8, 0x58, 0x14, 0xd0, 0x40, 0xaa, + 0x2a, 0x30, 0x6b, 0xa4, 0xd1, 0xd4, 0x47, 0x46, 0xcf, 0xe4, 0x6c, + 0x97, 0x8a, 0xa0, 0x57, 0xb5, 0x3f, 0xd2, 0x53, 0x16, 0xc1}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {94, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, + 0xcc, 0xdd, 0xee, 0xff}, + {0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, 0xf9, 0x2b, 0x5b, 0x97, + 0xc0, 0x50, 0xae, 0xd2, 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {95, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, + 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, 0x68, 0xf2, 0x4e, + 0xc2, 0x60, 0x74, 0x3e, 0xdc, 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, + 0x5a, 0x93, 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {96, + {0xfc, 0xe0, 0x42, 0x9c, 0x61, 0x06, 0x58, 0xef, 0x8e, 0x7c, 0xfb, + 0x01, 0x54, 0xc5, 0x1d, 0xe2, 0x23, 0x9a, 0x8a, 0x31, 0x7f, 0x5a, + 0xf5, 0xb6, 0x71, 0x4f, 0x98, 0x5f, 0xb5, 0xc4, 0xd7, 0x5c}, + {0x28, 0x73, 0x26, 0xb5, 0xed, 0x00, 0x78, 0xe7, 0xca, 0x01, 0x64, 0xd7, + 0x48, 0xf6, 0x67, 0xe7}, + {0x94, 0x0b, 0x1c, 0x58, 0x0e, 0x0c, 0x72, 0x33, 0xa7, 0x91, 0xb0, 0xf1, + 0x92, 0x43, 0x8d, 0x2e, 0xac, 0xe1, 0x42, 0x14, 0xce, 0xe4, 0x55, 0xb7}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {97, + {0x0d, 0xda, 0x6d, 0xa5, 0x12, 0x3e, 0x2c, 0x37, 0xc6, 0xfa, 0x16, + 0xba, 0x0d, 0x33, 0x4c, 0xd0, 0x1a, 0xcd, 0x65, 0x2f, 0x89, 0x94, + 0x21, 0x17, 0x51, 0xdf, 0xab, 0x4f, 0xaa, 0xc2, 0xfc, 0x22}, + {0xb4, 0x0b, 0x68, 0x28, 0x72, 0x9b, 0x45, 0x63, 0x22, 0xa8, 0xd0, 0x65, + 0xab, 0xc0, 0xd0, 0x81}, + {0x93, 0x9b, 0x33, 0x89, 0x33, 0x6f, 0xea, 0x4a, 0x97, 0x51, 0xbf, 0x01, + 0x4e, 0xf1, 0x80, 0x11, 0x32, 0x30, 0x90, 0xe8, 0xa0, 0x50, 0x0b, 0xc4}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {98, + {0xd6, 0x92, 0x59, 0x14, 0xcd, 0x06, 0x30, 0x8f, 0x81, 0xad, 0x91, + 0xe2, 0x30, 0x73, 0x59, 0x3d, 0x99, 0xd4, 0xe5, 0x03, 0x51, 0xb2, + 0x0e, 0xb2, 0xa8, 0xd1, 0xa1, 0xac, 0x4c, 0xed, 0x65, 0x88}, + {0x03, 0x7b, 0x27, 0xb3, 0xdc, 0x95, 0xb1, 0x9d, 0x15, 0xbd, 0x40, 0x91, + 0xe3, 0x20, 0xbf, 0xe1}, + {0x59, 0xee, 0x8e, 0x51, 0x98, 0x86, 0x12, 0x37, 0xf6, 0x82, 0xed, 0xec, + 0x6b, 0xa9, 0x06, 0x52, 0x6c, 0x01, 0x6d, 0x4d, 0x93, 0x59, 0x42, 0xbd}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {99, + {0x07, 0x51, 0x8a, 0x82, 0xcb, 0xc8, 0xda, 0x1d, 0xce, 0xc5, 0x5f, + 0x37, 0x63, 0xa2, 0x06, 0xd2, 0x77, 0x48, 0x7a, 0xbd, 0x03, 0xce, + 0xdd, 0x0b, 0x8b, 0xef, 0x9e, 0xe2, 0xfb, 0x15, 0x71, 0x21}, + {0xfa, 0xa4, 0x66, 0x4d, 0x79, 0xfc, 0xe3, 0xc7, 0xd2, 0xfd, 0xd4, 0x62, + 0xf6, 0xc1, 0xc4, 0x23, 0xc2, 0xf8, 0xe6, 0xb6, 0x9b, 0xe2, 0xe0, 0x71}, + {0x1a, 0xb5, 0x3a, 0x06, 0x5d, 0x8f, 0x77, 0x6a, 0x08, 0xb3, 0x3e, + 0x51, 0x38, 0x30, 0x71, 0xb6, 0xf1, 0x54, 0x61, 0x21, 0x16, 0x65, + 0x51, 0x37, 0xbd, 0x3b, 0x7e, 0xc2, 0x9b, 0x70, 0xfd, 0x56}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {100, + {0xea, 0x46, 0x99, 0x1d, 0x4e, 0x71, 0xf5, 0x3d, 0xd6, 0x24, 0xe7, + 0xfe, 0x7f, 0xde, 0x11, 0x94, 0x4a, 0x7c, 0x59, 0x42, 0xd2, 0x32, + 0x36, 0x9b, 0x80, 0x65, 0xd4, 0x2b, 0x8c, 0xd2, 0xdd, 0xe1}, + {0xdf, 0xfc, 0x5c, 0xf1, 0xdd, 0x54, 0x11, 0xd0, 0x15, 0xd8, 0x46, 0x01, + 0xfa, 0x38, 0xdf, 0x5e, 0xff, 0xe8, 0x85, 0xc7, 0xf2, 0x6a, 0x48, 0x25}, + {0xa1, 0xbf, 0x8e, 0x73, 0xe3, 0xfa, 0x1d, 0xb7, 0x59, 0xf0, 0xab, + 0x2a, 0xb0, 0xb1, 0xca, 0x6f, 0x2c, 0x85, 0xb6, 0x3d, 0x83, 0xe2, + 0x5f, 0x7a, 0x0b, 0x52, 0x93, 0xd0, 0xa2, 0x16, 0xa2, 0xb7}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {101, + {0xfd, 0xcf, 0xa9, 0x02, 0xc6, 0xf2, 0x22, 0xf5, 0x27, 0xaf, 0x84, + 0xda, 0x53, 0x3b, 0x14, 0xb5, 0x2e, 0x26, 0x15, 0xda, 0x3a, 0x89, + 0xd1, 0xd3, 0x57, 0x08, 0xb0, 0xcd, 0x49, 0xf6, 0x0d, 0x87}, + {0x96, 0x6b, 0x07, 0x04, 0x73, 0x54, 0x96, 0x6a, 0x70, 0x3e, 0x79, 0x60, + 0x7b, 0x55, 0x60, 0x32, 0xf4, 0xf5, 0x96, 0xb7, 0xf9, 0x20, 0x6f, 0x05}, + {0x27, 0x30, 0x8a, 0x0e, 0x1a, 0x6c, 0x0a, 0x1d, 0x15, 0xd6, 0x17, + 0x4a, 0xb7, 0xd6, 0x86, 0x75, 0x20, 0x7b, 0x61, 0x5d, 0xf1, 0x6f, + 0xcf, 0x7a, 0x3c, 0x69, 0xb2, 0x5f, 0x55, 0x1c, 0xca, 0x9f}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {102, + {0x38, 0xe1, 0xb1, 0xd0, 0x75, 0xd9, 0xd8, 0x52, 0xb9, 0xa6, 0xc0, + 0x1c, 0x8f, 0xf6, 0x96, 0x5a, 0xf0, 0x1b, 0xac, 0x45, 0x7a, 0x4e, + 0x33, 0x9a, 0xe3, 0xe1, 0xd7, 0xb2, 0xff, 0xac, 0xc0, 0xcd}, + {0x80, 0xad, 0x68, 0x20, 0xf1, 0xc9, 0x09, 0x81, 0xe2, 0xca, 0x42, + 0xb8, 0x17, 0xa3, 0x45, 0xc1, 0x17, 0x9d, 0x0a, 0x11, 0xd8, 0xe2, + 0x3a, 0x8a, 0xdc, 0x05, 0x05, 0xe1, 0x3d, 0x87, 0x29, 0x5a}, + {0x71, 0x55, 0xee, 0x93, 0x2b, 0x03, 0x58, 0xd9, 0x81, 0x82, + 0xa2, 0x3f, 0x7f, 0x42, 0x7c, 0x77, 0x4a, 0xb3, 0x40, 0xa4, + 0x75, 0x7d, 0x0b, 0x6a, 0x63, 0xfa, 0xcd, 0x3d, 0xe9, 0x05, + 0x78, 0x43, 0x8c, 0xf0, 0x32, 0x01, 0xc3, 0xf8, 0x80, 0x57}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {103, + {0xc6, 0x41, 0xf1, 0x68, 0x9d, 0x81, 0xca, 0xa8, 0xba, 0x37, 0xd8, + 0x95, 0x27, 0x22, 0x40, 0x66, 0x40, 0x54, 0xed, 0x97, 0x4c, 0xff, + 0xfc, 0x40, 0xe6, 0xc5, 0xc0, 0xca, 0xd1, 0xb9, 0x16, 0xc7}, + {0x3f, 0xd0, 0xba, 0x19, 0x95, 0x5e, 0x46, 0x74, 0x9f, 0x54, 0xd8, + 0x8e, 0x99, 0xd0, 0x80, 0xb7, 0x33, 0x9d, 0x58, 0x8f, 0xe6, 0x12, + 0xec, 0x0f, 0x40, 0x21, 0xca, 0x3c, 0xa2, 0x10, 0x42, 0x70}, + {0xf2, 0x0b, 0x9b, 0x55, 0x3b, 0xc0, 0x84, 0x75, 0x29, 0xf8, + 0xd4, 0x37, 0x9f, 0xa9, 0x09, 0x21, 0x1e, 0x68, 0x24, 0x9b, + 0xd4, 0x29, 0xf4, 0x36, 0xc6, 0x15, 0xc4, 0xc4, 0xa5, 0xd9, + 0xf1, 0xa1, 0x96, 0x8f, 0x0b, 0x89, 0xc5, 0x23, 0x7b, 0x30}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {104, + {0xaa, 0x0a, 0xb9, 0xd6, 0x8e, 0xd4, 0xa0, 0x4e, 0x72, 0x3f, 0x81, + 0xb4, 0x4c, 0x0c, 0x88, 0xd0, 0xbc, 0xde, 0x7a, 0x80, 0xcf, 0xd4, + 0x76, 0xeb, 0x4b, 0x88, 0x36, 0xd9, 0xaa, 0x01, 0xec, 0x4c}, + {0x57, 0xfa, 0xa8, 0x76, 0x6f, 0x6d, 0x6a, 0x0a, 0xa1, 0xcf, 0x64, + 0x3f, 0x85, 0x7c, 0x15, 0x0d, 0xf5, 0xb3, 0x13, 0x03, 0xb5, 0x0a, + 0xf4, 0x80, 0xe2, 0x1c, 0x4b, 0x5e, 0x8c, 0x8a, 0x15, 0xd5}, + {0x28, 0x11, 0x71, 0x68, 0x54, 0xa2, 0x14, 0xae, 0xcd, 0xd3, + 0x18, 0xc6, 0x67, 0x0b, 0x9b, 0x2a, 0x75, 0x11, 0x71, 0x3c, + 0x9a, 0x0c, 0x0f, 0xa8, 0x05, 0x23, 0x0f, 0xf0, 0x5c, 0xf8, + 0x4a, 0xf7, 0x95, 0xdd, 0x72, 0xf6, 0xc1, 0xa4, 0x45, 0x12}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {105, // Round counter overflows 256 + {0x31, 0xca, 0xcb, 0xb1, 0x7d, 0x6d, 0xbb, 0xec, 0xae, 0x40, 0x72, + 0x7c, 0x50, 0x48, 0xfe, 0x0c, 0x01, 0xbc, 0x53, 0xb2, 0x3a, 0xb6, + 0x35, 0x02, 0x5c, 0xba, 0xc1, 0xec, 0xf5, 0x2c, 0xa4, 0x95}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x53, 0x22, 0xbc, 0x62, 0xbd, 0x83, 0x79, 0xab, 0xbb, 0x75, 0xf6, 0x96, + 0x88, 0xb8, 0xf0, 0x0e, 0x31, 0x96, 0x2b, 0x8f, 0x9a, 0xe1, 0xe8, 0x97, + 0x71, 0x95, 0x2d, 0x8a, 0x2a, 0x74, 0x9e, 0x13, 0x52, 0xec, 0x33, 0xb5, + 0x43, 0x5a, 0x67, 0x42, 0x71, 0xb3, 0x14, 0x76, 0x0a, 0xb9, 0xf7, 0x53, + 0xb1, 0x67, 0x26, 0x18, 0x5e, 0xc7, 0xd3, 0x19, 0xac, 0x60, 0x53, 0x13, + 0x55, 0x34, 0x4c, 0x1d, 0x53, 0xc7, 0x90, 0x30, 0x00, 0xa8, 0x03, 0x9e, + 0xb4, 0x0f, 0x70, 0x56, 0x4a, 0x0a, 0xd3, 0xf4, 0x1b, 0x23, 0x55, 0xea, + 0x5d, 0xfa, 0x6a, 0x1d, 0x46, 0x39, 0x2f, 0x1d, 0x10, 0x6a, 0x5d, 0xa5, + 0x69, 0xbf, 0xb0, 0x49, 0x3b, 0xf7, 0xc1, 0x2d, 0xff, 0x04, 0xba, 0xfe, + 0xae, 0x37, 0x7d, 0xf4, 0xbb, 0x47, 0xcd, 0x44, 0x0b, 0x6f, 0x60, 0xfb, + 0xab, 0x2a, 0x54, 0xa9, 0x85, 0x51, 0xb7, 0x62, 0x73, 0xe0, 0x2c, 0xac, + 0x8d, 0x7b, 0xe9, 0xf2, 0x34, 0x3d, 0x3a, 0xbb, 0x2a, 0x23, 0xaf, 0x1c, + 0x91, 0xa7, 0x01, 0x1c, 0x67, 0xa7, 0x90, 0x72, 0x60, 0x11, 0x6b, 0x67, + 0xd5, 0x10, 0xaa, 0xbe, 0x5c, 0x7c, 0xa4, 0x6c, 0x1c, 0x20, 0xf7, 0x71, + 0x06, 0xc4, 0x59, 0x66, 0x58, 0x3b, 0x3e, 0x4e, 0xd7, 0x99, 0xa4, 0x7e, + 0xe1, 0x9b, 0xb4, 0x22, 0x32, 0x09, 0x26, 0x5c, 0x2b, 0x1a, 0xc8, 0x18, + 0x3a, 0x67, 0x8f, 0xf4, 0x3b, 0xc9, 0xa3, 0x47, 0x0a, 0x50, 0xb9, 0xee, + 0x4d, 0x10, 0xf6, 0x06, 0x74, 0x26, 0x8d, 0x72, 0xc6, 0x8b, 0xe0, 0x03, + 0xa0, 0xd9, 0xdd, 0x68, 0x49, 0xab, 0xa8, 0x36, 0xfe, 0x8a, 0x17, 0x92, + 0xb8, 0x1c, 0x90, 0xe1, 0x29, 0x45, 0xbf, 0xe1, 0xf2, 0x7a, 0x9c, 0x6b, + 0x2a, 0xf6, 0x6a, 0x06, 0x3c, 0xdb, 0x77, 0x21, 0xa7, 0xf2, 0x3f, 0xb3, + 0x0a, 0xfd, 0xbd, 0x8b, 0x18, 0xdb, 0x37, 0x7d, 0xd1, 0x69, 0x7f, 0x15, + 0x7b, 0xe8, 0x1c, 0x15, 0x78, 0xd0, 0x8b, 0x06, 0x6c, 0x71, 0xb0, 0xc5, + 0xca, 0x7f, 0xee, 0xca, 0xc1, 0xcd, 0xd9, 0x38, 0xcf, 0x9a, 0xd5, 0x25, + 0xf7, 0x48, 0x44, 0x66, 0x09, 0x08, 0x19, 0x4b, 0x28, 0xe5, 0x4e, 0xdd, + 0xb1, 0x58, 0xf6, 0xe4, 0xc9, 0x21, 0xb8, 0x11, 0xd9, 0x0d, 0xb7, 0x1a, + 0x92, 0xff, 0x87, 0x2d, 0xb2, 0x25, 0x0d, 0xcc, 0x3f, 0x84, 0x7f, 0xc7, + 0x52, 0xb6, 0x6d, 0x77, 0xe3, 0x3c, 0x85, 0x08, 0x4d, 0x3f, 0xa5, 0x3b, + 0x4f, 0x30, 0x50, 0x3d, 0x2a, 0x06, 0xe6, 0xca, 0xbb, 0x90, 0x33, 0xd5, + 0x9f, 0xc1, 0xdc, 0x15, 0xe3, 0x2f, 0x19, 0x84, 0x6a, 0x03, 0x9b, 0x91, + 0x59, 0x7b, 0x0b, 0xa3, 0x14, 0x1a, 0x7d, 0x97, 0x17, 0x63, 0x00, 0x62, + 0x17, 0x01, 0x17, 0xb2, 0x13, 0x1d, 0xab, 0x77, 0x40, 0x6e, 0x9e, 0xd7, + 0xd6, 0x6b, 0x2c, 0x75, 0x4d, 0x84, 0x9c, 0x60}, + {{Action::WRAP, + {SECSuccess, true}}, // Round counter overflows - acceptable + {Action::UNWRAP, {SECSuccess, true}}}}, + + {106, // empty keys cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {}, + {0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6, 0xa6}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {107, // keys of size 8 byte cannot be wrapped + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0x18, 0x1b, 0xa6, 0xa3, 0xa4, 0x39, 0x24, 0x69, 0xe3, 0xde, 0x98, 0xdd, + 0xbb, 0xdd, 0x24, 0x32}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {108, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {109, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {110, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {111, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {112, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03, 0x04}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {113, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {114, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {115, // wrapped key size must be divisible by 8 + {0x57, 0x49, 0x57, 0x15, 0x1f, 0xc2, 0xaf, 0xe0, 0xfa, 0x3d, 0xc7, + 0xa9, 0xa7, 0xda, 0x64, 0x95, 0x39, 0x8f, 0x18, 0xea, 0x0d, 0x8e, + 0xed, 0x76, 0xa5, 0x1a, 0xac, 0x96, 0x03, 0x8a, 0xd6, 0x92}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, + 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {116, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {117, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0x9f}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {118, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0xdc, 0x9e, 0x95, 0x80}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {119, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0xb9, 0xb2, 0x82, 0xd1, 0x38, 0x69, 0x30, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {120, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0x0e, 0xfc, 0x63, 0x5b, 0x2d, 0x61, 0xe2, 0x44, 0x05, 0x6b, 0x9d, 0x45, + 0x91, 0xca, 0x6b}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {121, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0x4a, 0x30, 0x5d, 0xae, 0x08, 0x7b, 0x0d, 0x24, 0xd6, 0x2a, 0xf4, 0x18, + 0x31, 0x33, 0x8f, 0x33, 0xae}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {122, // invalid size of wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {}, + {0x82, 0xcb, 0x92, 0x70, 0x97, 0xcf, 0x31, 0xea, 0x4a, 0xff, + 0xea, 0x44, 0x0b, 0x0d, 0x8c, 0xa6, 0xa2, 0x40, 0xb9, 0x00}, + {{Action::WRAP, {SECFailure, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {123, // bytes appended to wrapped key + {0xfe, 0x60, 0xfc, 0x8d, 0xf7, 0xd9, 0xf4, 0xeb, 0xb5, 0x41, 0x6c, + 0xa4, 0xe8, 0x21, 0x82, 0xf7, 0xe9, 0x92, 0x3a, 0x74, 0x61, 0x10, + 0xfd, 0x97, 0x8e, 0x3b, 0xd2, 0xde, 0xfc, 0x1c, 0x10, 0xd7}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f}, + {0x7d, 0xfb, 0xd7, 0xcf, 0x61, 0x58, 0xd7, 0x5b, 0xb5, + 0x90, 0x0b, 0x3b, 0xf1, 0xe3, 0x87, 0x10, 0x03, 0x40, + 0x2a, 0x65, 0x08, 0xb1, 0x91, 0x28, 0x00}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {124, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xa4, 0x17, 0x67, 0x1b, 0xc6, 0x2a, 0x23, 0xc7, 0xa6, 0x55, 0x43, 0x09, + 0x21, 0x24, 0x02, 0x4d, 0xf7, 0x2c, 0x04, 0x8d, 0x8d, 0xb3, 0x30, 0xc7}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {125, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x95, 0x18, 0xd0, 0xf9, 0x9d, 0x7a, 0x73, 0xed, 0x4a, 0x50, 0x2b, 0x44, + 0x9c, 0x14, 0xc2, 0x85, 0x97, 0x1b, 0x0e, 0x61, 0x77, 0xce, 0x0e, 0xca}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {126, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xf3, 0x51, 0x1f, 0x04, 0x91, 0xbd, 0x74, 0xae, 0x1d, 0xef, 0xb5, 0x30, + 0x7f, 0x0e, 0x18, 0xdb, 0x86, 0x4b, 0x57, 0xb5, 0xc4, 0x04, 0xd4, 0x28}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {127, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x6c, 0x03, 0xce, 0x77, 0x92, 0x59, 0x66, 0x1c, 0x43, 0xd4, 0x1d, 0x5d, + 0x0e, 0x45, 0x68, 0x7f, 0x87, 0x43, 0x53, 0xbb, 0xa5, 0x16, 0xc7, 0x3e}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {128, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x8d, 0xf0, 0x19, 0x69, 0xa1, 0x1c, 0x87, 0x02, 0x65, 0x35, 0xbf, 0xcc, + 0xf7, 0x2b, 0x1d, 0x06, 0x4c, 0x86, 0xec, 0xc7, 0xe5, 0x22, 0x71, 0x57}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {129, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x8e, 0xd1, 0xcd, 0xe2, 0x28, 0xd9, 0xc8, 0xd0, 0x46, 0xdc, 0xa6, 0x5c, + 0x7a, 0x27, 0xae, 0xf2, 0xed, 0xf8, 0xae, 0x90, 0xc7, 0x05, 0xd1, 0xe9}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {130, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xd6, 0x9b, 0x3e, 0x34, 0xe9, 0xde, 0x38, 0xd4, 0x4d, 0xe1, 0x99, 0x89, + 0x92, 0x36, 0x2a, 0x6f, 0xa1, 0xf6, 0x96, 0xb5, 0xac, 0xab, 0x3f, 0x10}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {131, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x67, 0x86, 0x51, 0x22, 0xaf, 0x32, 0x94, 0xb8, 0xda, 0x05, 0x88, 0x77, + 0x51, 0x25, 0xcb, 0xd6, 0xdc, 0x19, 0xd5, 0xe5, 0xca, 0xb9, 0x7b, 0x6d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {132, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x9f, 0x0f, 0xa5, 0x23, 0x63, 0xdd, 0x55, 0xdf, 0x47, 0x2d, 0x86, 0x7e, + 0x6f, 0xaf, 0x5d, 0xa8, 0xeb, 0x20, 0x4a, 0x1d, 0x6d, 0x49, 0x70, 0x30}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {133, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xc3, 0x99, 0xf9, 0x99, 0xc9, 0x6a, 0x42, 0x04, 0x32, 0x5e, 0x7f, 0x08, + 0xd6, 0xa4, 0xde, 0x25, 0x6f, 0xaf, 0x21, 0xec, 0x2c, 0x00, 0x7d, 0xdf}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {134, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0x28, 0x20, 0x82, 0x26, 0x4a, 0x87, 0xdc, 0x35, 0xce, 0x1c, 0xc5, 0xb9, + 0x93, 0x1b, 0x77, 0xd8, 0x0d, 0x82, 0xfc, 0xac, 0xc0, 0x92, 0x7f, 0x85}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {135, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5}, + {0xc1, 0x92, 0xc9, 0x0b, 0x83, 0x00, 0x3c, 0xa9, 0x67, 0x44, 0x49, 0x80, + 0x14, 0xb6, 0xad, 0x6b, 0xed, 0xda, 0x83, 0x79, 0x55, 0x26, 0x98, 0x19}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {136, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x30, 0xa9, 0x83, 0xcd, 0x9e, 0x69, 0xd5, 0x61, 0xac, 0xc9, 0x5c, + 0x42, 0xb2, 0x52, 0xab, 0xa4, 0x18, 0x5f, 0x83, 0x92, 0xf2, 0xe6, + 0xc9, 0x35, 0xc8, 0xeb, 0x10, 0x5a, 0xf8, 0x08, 0x2e, 0x34}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {137, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x4d, 0xe9, 0xa6, 0x39, 0xb7, 0x99, 0x63, 0x0b, 0x45, 0xb4, 0x9e, + 0x28, 0xdb, 0xfc, 0x44, 0xda, 0xbb, 0x98, 0x43, 0xee, 0x58, 0x8a, + 0x8c, 0xff, 0x28, 0x6b, 0x8d, 0x5f, 0xbd, 0x7b, 0x32, 0xee}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {138, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xd9, 0x15, 0xb2, 0xcd, 0xfb, 0x76, 0x9d, 0x9d, 0x82, 0x25, 0x9d, + 0xc3, 0xd1, 0x24, 0x64, 0x6b, 0xbf, 0x97, 0x2b, 0x83, 0xef, 0xd4, + 0xc2, 0xea, 0xe9, 0xb9, 0xf7, 0x51, 0x07, 0x3f, 0x78, 0xd6}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {139, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x11, 0x7d, 0x65, 0x3f, 0x48, 0x0b, 0x69, 0xfc, 0xe5, 0x64, 0xf1, + 0xfe, 0x99, 0x57, 0x24, 0x92, 0x94, 0x51, 0x89, 0xed, 0x5a, 0xf7, + 0x89, 0xce, 0x05, 0xa2, 0x65, 0x1b, 0xaf, 0x90, 0xbb, 0x5e}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {140, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x82, 0x26, 0xd0, 0x7a, 0x2f, 0x91, 0x9e, 0x24, 0xad, 0xa1, 0x08, + 0x1c, 0x69, 0xa7, 0x55, 0x20, 0xbe, 0x89, 0x5e, 0x3a, 0x2b, 0xda, + 0x9b, 0x80, 0x5d, 0x97, 0x47, 0x77, 0x3d, 0xde, 0xaa, 0x38}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {141, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xb0, 0xa7, 0x43, 0x45, 0xbe, 0xdf, 0x88, 0x65, 0x34, 0x8d, 0xaf, + 0x45, 0xd0, 0x54, 0xb9, 0x9c, 0xe5, 0x15, 0xea, 0x8b, 0xe1, 0x36, + 0x27, 0x0d, 0x1c, 0xf7, 0x1e, 0x1c, 0xfa, 0x7a, 0xa4, 0xa2}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {142, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xa2, 0x61, 0xdb, 0x77, 0xf1, 0x7f, 0x7e, 0xc7, 0x36, 0xd1, 0xa8, + 0xbe, 0x16, 0xe5, 0xf9, 0xae, 0x43, 0x2f, 0xe2, 0xa1, 0x70, 0x12, + 0xe5, 0xa6, 0xf0, 0x7c, 0x54, 0x26, 0xa9, 0xf0, 0xca, 0x59}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {143, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xc5, 0x3a, 0xcb, 0x5e, 0x09, 0x6b, 0x54, 0x54, 0x8e, 0x13, 0x85, + 0xb2, 0xff, 0x18, 0xea, 0xef, 0x68, 0xd2, 0x35, 0xc9, 0x5b, 0x01, + 0x94, 0xe7, 0x4a, 0x23, 0x83, 0xd3, 0xa7, 0xa5, 0x30, 0xdc}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {144, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xfa, 0xef, 0x48, 0x2d, 0x99, 0xeb, 0xb1, 0x80, 0xe5, 0xbc, 0x5e, + 0x3c, 0xf7, 0x75, 0xba, 0x29, 0x2c, 0x2a, 0x3b, 0x6c, 0x44, 0xaa, + 0x4a, 0x21, 0xad, 0x40, 0x09, 0x06, 0xf1, 0x1a, 0xf3, 0x92}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {145, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x73, 0xa4, 0x50, 0xb6, 0x3b, 0x07, 0xb3, 0xae, 0xce, 0x9d, 0x1a, + 0xe5, 0xbf, 0x09, 0x7a, 0x3d, 0xd3, 0xfc, 0xf7, 0x3e, 0x3e, 0xc2, + 0xf1, 0xbd, 0x8f, 0xc3, 0xb5, 0x58, 0x6c, 0xb9, 0xbd, 0x73}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {146, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0xd3, 0x4b, 0x6e, 0xe1, 0x84, 0xd3, 0x87, 0xc9, 0xaa, 0x4b, 0x2d, + 0x18, 0x0a, 0xe0, 0xa8, 0x94, 0x98, 0x01, 0x4e, 0x55, 0xfe, 0x8e, + 0x41, 0x6b, 0xe4, 0xf8, 0x26, 0xfc, 0xf7, 0xd5, 0x65, 0x22}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {147, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, 0xfa, + 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, 0xe4, 0xf1}, + {0x2a, 0xf8, 0x23, 0xd1, 0x60, 0x28, 0x03, 0x74, 0x0b, 0xfa, 0x90, + 0x40, 0xc2, 0xc4, 0xe7, 0x69, 0xa5, 0xb6, 0xde, 0x91, 0x9d, 0x40, + 0x3c, 0xfb, 0xa9, 0xad, 0x36, 0x0f, 0x63, 0xaf, 0x11, 0x13}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {148, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xdd, 0x78, 0xeb, 0xd3, 0x09, 0x1c, 0x55, 0xa5, 0xda, 0x5b, + 0x24, 0x50, 0x42, 0x00, 0xf7, 0xfa, 0xdd, 0x1b, 0x3a, 0xc6, + 0xad, 0x35, 0xf8, 0x14, 0xf7, 0x33, 0xe6, 0x03, 0xc1, 0x39, + 0x36, 0x24, 0x5d, 0x69, 0xd8, 0x3f, 0x26, 0x2f, 0x6b, 0x1e}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {149, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0x3d, 0x83, 0x38, 0xea, 0xe7, 0xde, 0x32, 0x23, 0x99, 0xe1, + 0xd1, 0xb4, 0xa3, 0xdf, 0x54, 0x32, 0x6b, 0x24, 0x2b, 0x56, + 0x36, 0x12, 0xea, 0x4b, 0x27, 0xda, 0x22, 0xa0, 0x41, 0xd3, + 0xc8, 0x09, 0x66, 0x91, 0x1b, 0xc0, 0x09, 0x91, 0x17, 0x61}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {150, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xd0, 0x4b, 0xf7, 0x5c, 0xad, 0xd3, 0xb5, 0xf0, 0x99, 0xc3, + 0x4b, 0x27, 0xa9, 0x1e, 0x64, 0xa8, 0xf2, 0xdb, 0xcf, 0x08, + 0xe8, 0xc5, 0xc1, 0xc9, 0xf0, 0x7a, 0x77, 0x7e, 0xeb, 0x80, + 0x5d, 0x5d, 0x0e, 0x8c, 0x5c, 0x01, 0xaf, 0xc4, 0x39, 0x44}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {151, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xbe, 0x0c, 0x5d, 0x19, 0x3b, 0x61, 0xc5, 0x13, 0x7a, 0x8f, + 0xd8, 0xa6, 0xd7, 0xd1, 0xed, 0x8f, 0x0f, 0xa2, 0x8c, 0xec, + 0x51, 0x6f, 0x54, 0x46, 0x97, 0xc1, 0x2a, 0xdd, 0x4f, 0x8f, + 0x4d, 0x5c, 0xfc, 0xa6, 0x5e, 0xde, 0xb1, 0x01, 0x99, 0x74}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {152, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xa8, 0x3e, 0xbc, 0xbe, 0xb2, 0xbe, 0x9d, 0x68, 0x07, 0xb5, + 0xcf, 0xc3, 0x1c, 0x89, 0x84, 0x9d, 0x13, 0x43, 0xdd, 0x4e, + 0xb2, 0x2e, 0x5b, 0xfe, 0x9e, 0x2b, 0x2b, 0x37, 0x90, 0xad, + 0x89, 0x00, 0x60, 0x1f, 0x1f, 0x5d, 0x54, 0xfd, 0x47, 0x2f}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {153, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0x41, 0x62, 0x21, 0x48, 0x5a, 0x6c, 0xb9, 0x8a, 0xd1, 0x34, + 0x2e, 0xa9, 0xa1, 0x29, 0x26, 0xa9, 0xa1, 0x33, 0xea, 0xd8, + 0xbd, 0x91, 0x93, 0x23, 0xfe, 0x78, 0x9b, 0xb8, 0xf8, 0x9a, + 0x4f, 0xca, 0xf8, 0x1e, 0x1b, 0xe5, 0x4f, 0x9d, 0x35, 0x8e}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {154, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xbf, 0x6a, 0x53, 0x28, 0x6f, 0xac, 0x48, 0xe7, 0xf2, 0x5d, + 0x89, 0xb7, 0x05, 0x6b, 0x27, 0xaa, 0x91, 0x7d, 0x5b, 0x54, + 0xc0, 0xd3, 0x17, 0x1d, 0xff, 0x36, 0x9f, 0x72, 0x49, 0x15, + 0x3b, 0xf0, 0x9d, 0xa5, 0x89, 0x1e, 0xb4, 0xdc, 0x2d, 0x88}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {155, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0x99, 0xd5, 0x17, 0xa1, 0x32, 0x1b, 0xb6, 0x33, 0xb0, 0xd5, + 0xf3, 0xaf, 0xda, 0x23, 0x72, 0xd3, 0xab, 0xf6, 0x8b, 0x41, + 0xd1, 0x3c, 0xbf, 0xdf, 0xfc, 0x78, 0xf1, 0x73, 0xb8, 0x8b, + 0xc4, 0xb9, 0x7e, 0xfc, 0xab, 0x2b, 0x29, 0x04, 0x78, 0x8d}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {156, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xd9, 0x24, 0x56, 0xbc, 0x77, 0xa2, 0x68, 0xef, 0x71, 0xcb, + 0xa7, 0x60, 0x64, 0xa1, 0xb7, 0x72, 0xd1, 0xfe, 0xe2, 0xae, + 0x4f, 0x0e, 0xe3, 0xbb, 0x93, 0x2a, 0x2a, 0xdb, 0x2b, 0x03, + 0x17, 0x96, 0xb9, 0xea, 0xdb, 0x51, 0x75, 0x3f, 0x28, 0x68}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {157, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0x5b, 0xb5, 0x46, 0x30, 0xab, 0x8d, 0x73, 0xa0, 0x40, 0xf0, + 0xf8, 0x7e, 0x70, 0xe2, 0x63, 0xd1, 0xae, 0xb2, 0x35, 0x8b, + 0xcd, 0xc0, 0xdc, 0xe6, 0x99, 0x4d, 0x0d, 0x87, 0x44, 0x52, + 0xbb, 0xd8, 0x74, 0x1b, 0x7e, 0xc1, 0xd5, 0x9d, 0x82, 0x98}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {158, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0x45, 0x81, 0xd6, 0x53, 0x60, 0x39, 0xdb, 0x1b, 0x23, 0xda, + 0x50, 0xc6, 0x48, 0x77, 0x7e, 0x90, 0xc8, 0x2d, 0x61, 0x28, + 0xbb, 0x92, 0xe2, 0x8b, 0x29, 0x74, 0xba, 0xe1, 0x14, 0x15, + 0x43, 0xa1, 0x9a, 0x15, 0x92, 0xfd, 0xa1, 0xfb, 0xd6, 0x1f}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {159, // Incorrect IV + {0x4f, 0x71, 0x0e, 0xb6, 0xb5, 0xe2, 0x87, 0x03, 0xbe, 0xcf, 0xc3, + 0xdc, 0x52, 0xfa, 0x8b, 0xc1, 0xdd, 0x44, 0xa4, 0xa6, 0xd3, 0x8a, + 0x84, 0xb4, 0xf9, 0x4e, 0x89, 0xac, 0x32, 0xd9, 0x87, 0xe7}, + {0xa8, 0x28, 0xcb, 0xda, 0x9b, 0x5f, 0xf0, 0xae, 0x37, 0x4f, 0x84, + 0xfa, 0x01, 0xd0, 0x70, 0xa5, 0xf0, 0xa1, 0x7a, 0x0c, 0x46, 0x2b, + 0xe4, 0xf1, 0xac, 0xce, 0x34, 0x97, 0x35, 0x26, 0x90, 0x8c}, + {0xd3, 0x5b, 0xc6, 0x7e, 0x62, 0x06, 0x4c, 0x34, 0xf4, 0x81, + 0x50, 0x99, 0x9b, 0xa3, 0x0d, 0xed, 0x47, 0x5d, 0x8c, 0x75, + 0x97, 0x8f, 0x45, 0x73, 0x73, 0x20, 0xf2, 0x3e, 0xda, 0xaa, + 0x7a, 0x40, 0xd7, 0x80, 0x3f, 0xc6, 0x1a, 0xdd, 0x34, 0xa4}, + {{Action::WRAP, {SECSuccess, false}}, + {Action::UNWRAP, {SECFailure, false}}}}, + + {160, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, + 0xcc, 0xdd, 0xee, 0xff}, + {0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, 0x63, 0xe9, 0x77, 0x79, + 0x05, 0x81, 0x8a, 0x2a, 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {161, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, + 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, 0xf6, 0xe6, 0xf4, + 0xfb, 0xe3, 0x0e, 0x71, 0xe4, 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, + 0xb8, 0x95, 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, + + {162, // RFC 3394 + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, + 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, + {0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, 0xcb, 0xcc, + 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, 0x3f, 0x57, 0x86, 0xe2, + 0xd8, 0x0e, 0xd3, 0x26, 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, + 0xf4, 0x3b, 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21}, + {{Action::WRAP, {SECSuccess, true}}, + {Action::UNWRAP, {SECSuccess, true}}}}, +}; +#endif // kw_vectors_h__
\ No newline at end of file diff --git a/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h b/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h new file mode 100644 index 000000000..5fa7d2de0 --- /dev/null +++ b/security/nss/gtests/common/testvectors_base/chachapoly-vectors_base.h @@ -0,0 +1,117 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This file is generated from sources in nss/gtests/common/wycheproof + * automatically and should not be touched manually. + * Generation is trigged by calling ./mach wycheproof */ + +#ifndef chachapoly_vectors_h__ +#define chachapoly_vectors_h__ + +#include <string> +#include <vector> + +typedef struct chaChaTestVectorStr { + uint32_t id; + std::vector<uint8_t> Data; + std::vector<uint8_t> AAD; + std::vector<uint8_t> Key; + std::vector<uint8_t> IV; + std::vector<uint8_t> CT; + bool invalidTag; + bool invalidIV; +} chaChaTestVector; + +// ChaCha20/Poly1305 Test Vector 1, RFC 7539 +// <http://tools.ietf.org/html/rfc7539#section-2.8.2> +// ChaCha20/Poly1305 Test Vector 2, RFC 7539 +// <http://tools.ietf.org/html/rfc7539#appendix-A.5> +const chaChaTestVector kChaCha20Vectors[] = { + {0, + {0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, + 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, + 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, + 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, + 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e}, + {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7}, + {0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, + 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, + 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}, + {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47}, + {0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, + 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, + 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, + 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, + 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, + 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, + 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91}, + false, + false}, + {1, + {0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, + 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, + 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, + 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, + 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, + 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, + 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c, + 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, + 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, + 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70, + 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, + 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, + 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, + 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, + 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20, + 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, + 0x9d}, + {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91}, + {0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, + 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, + 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0}, + {0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, + 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, + 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18, + 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, + 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, + 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, + 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e, + 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, + 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e, + 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, + 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76, + 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, + 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0, + 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, + 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04, + 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, + 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, + 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, + 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9, + 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, + 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d, + 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, + 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36, + 0xfe, 0xa1, 0x85, 0x1f, 0x38}, + false, + false}}; + +#endif // chachapoly_vectors_h__ diff --git a/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h b/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h new file mode 100644 index 000000000..a92b83e86 --- /dev/null +++ b/security/nss/gtests/common/testvectors_base/curve25519-vectors_base.h @@ -0,0 +1,75 @@ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef curve25519_vectors_h__ +#define curve25519_vectors_h__ + +#include <string> +#include <vector> + +typedef struct curve25519_testvector_str { + std::vector<uint8_t> private_key; + std::vector<uint8_t> public_key; + std::vector<uint8_t> secret; + bool valid; +} curve25519_testvector; + +const curve25519_testvector kCurve25519Vectors[] = { + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b, + 0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, + 0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42}, + true}, + + // A public key that's too short (31 bytes). + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, + 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, + 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}, + {}, + false}, + + // A public key that's too long (33 bytes). + {{0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, + 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, + 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, + 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, + 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, + 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}, + {0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, + 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, + 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, + 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34}, + {}, + false}}; + +#endif // curve25519_vectors_h__ diff --git a/security/nss/gtests/common/gcm-vectors.h b/security/nss/gtests/common/testvectors_base/gcm-vectors_base.h index b0646c964..ccb5761da 100644 --- a/security/nss/gtests/common/gcm-vectors.h +++ b/security/nss/gtests/common/testvectors_base/gcm-vectors_base.h @@ -3,12 +3,17 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* This file is generated from sources in nss/gtests/common/wycheproof + * automatically and should not be touched manually. + * Generation is trigged by calling ./mach wycheproof */ + #ifndef gcm_vectors_h__ #define gcm_vectors_h__ #include <string> typedef struct gcm_kat_str { + uint32_t test_id; std::string key; std::string plaintext; std::string additional_data; @@ -16,49 +21,55 @@ typedef struct gcm_kat_str { std::string hash_key; std::string ghash; std::string result; + bool invalid_ct; + bool invalid_iv; } gcm_kat_value; /* * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf */ const gcm_kat_value kGcmKatValues[] = { - {"00000000000000000000000000000000", "", "", "000000000000000000000000", + {1, "00000000000000000000000000000000", "", "", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000", - "58e2fccefa7e3061367f1d57a4e7455a"}, + "58e2fccefa7e3061367f1d57a4e7455a", false, false}, - {"00000000000000000000000000000000", "00000000000000000000000000000000", "", - "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e", + {2, "00000000000000000000000000000000", "00000000000000000000000000000000", + "", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e", "f38cbb1ad69223dcc3457ae5b6b0f885", - "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf"}, + "0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf", false, + false}, - {"feffe9928665731c6d6a8f9467308308", + {3, "feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", "", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78", "7f1b32b81b820d02614f8895ac1d4eac", "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c" - "f35abd2ba6fab4"}, + "f35abd2ba6fab4", + false, false}, - {"feffe9928665731c6d6a8f9467308308", + {4, "feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f", "42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25" "466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7" - "121a47"}, + "121a47", + false, false}, - {"feffe9928665731c6d6a8f9467308308", + {5, "feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", "b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b", "61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e" "49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac" - "a2fccb"}, + "a2fccb", + false, false}, - {"feffe9928665731c6d6a8f9467308308", + {6, "feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", @@ -67,45 +78,51 @@ const gcm_kat_value kGcmKatValues[] = { "b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de", "8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f" "ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16" - "99d050"}, + "99d050", + false, false}, - {"000000000000000000000000000000000000000000000000", "", "", + {7, "000000000000000000000000000000000000000000000000", "", "", "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7", - "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435"}, + "00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435", + false, false}, - {"000000000000000000000000000000000000000000000000", + {8, "000000000000000000000000000000000000000000000000", "00000000000000000000000000000000", "", "000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce", - "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb"}, + "98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb", false, + false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + {9, "feffe9928665731c6d6a8f9467308308feffe9928665731c", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", "", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249", "51110d40f6c8fff0eb1ae33445a889f0", "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" "144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1" - "18024db8674a14"}, + "18024db8674a14", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + {10, "feffe9928665731c6d6a8f9467308308feffe9928665731c", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268", "3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c" "144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d" - "27618c"}, + "27618c", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + {11, "feffe9928665731c6d6a8f9467308308feffe9928665731c", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", "466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089", "0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9" "a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d" - "3533f8"}, + "3533f8", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c", + {12, "feffe9928665731c6d6a8f9467308308feffe9928665731c", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", @@ -114,45 +131,51 @@ const gcm_kat_value kGcmKatValues[] = { "466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94", "d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a" "f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3" - "76a6d9"}, + "76a6d9", + false, false}, - {"0000000000000000000000000000000000000000000000000000000000000000", "", "", - "000000000000000000000000", "dc95c078a2408989ad48a21492842087", - "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b"}, + {13, "0000000000000000000000000000000000000000000000000000000000000000", "", + "", "000000000000000000000000", "dc95c078a2408989ad48a21492842087", + "00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b", + false, false}, - {"0000000000000000000000000000000000000000000000000000000000000000", + {14, "0000000000000000000000000000000000000000000000000000000000000000", "00000000000000000000000000000000", "", "000000000000000000000000", "dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92", - "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919"}, + "cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919", false, + false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + {15, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255", "", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7", "4db870d37cb75fcb46097c36230d1612", "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec" - "1a502270e3cc6c"}, + "1a502270e3cc6c", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + {16, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65", "522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485" "90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb" - "2d551b"}, + "2d551b", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + {17, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad", "acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63", "c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33" "934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe" - "2ea8f2"}, + "2ea8f2", + false, false}, - {"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", + {18, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308", "d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959" "56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39", "feedfacedeadbeeffeedfacedeadbeefabaddad2", @@ -161,12 +184,14 @@ const gcm_kat_value kGcmKatValues[] = { "acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b", "5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78" "0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a" - "e9f19a"}, + "e9f19a", + false, false}, /* Extra, non-NIST, test case to test 64-bit binary multiplication carry * correctness. This is a GHASH-only test. */ - {"", "", "", "", "0000000000000000fcefef64ffc4766c", + {19, "", "", "", "", "0000000000000000fcefef64ffc4766c", "3561e34e52d8b598f9937982512fff27", - "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000"}}; + "0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000", false, + false}}; #endif // gcm_vectors_h__ diff --git a/security/nss/gtests/common/util.h b/security/nss/gtests/common/util.h index 7ed1fd799..9a4c8da10 100644 --- a/security/nss/gtests/common/util.h +++ b/security/nss/gtests/common/util.h @@ -8,7 +8,21 @@ #define util_h__ #include <cassert> +#include <cstdlib> +#include <iomanip> +#include <iostream> +#include <sstream> +#include <sys/stat.h> #include <vector> +#if defined(_WIN32) +#include <windows.h> +#include <codecvt> +#include <direct.h> +#else +#include <unistd.h> +#endif + +#include "nspr.h" static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) { std::vector<uint8_t> bytes; @@ -18,4 +32,81 @@ static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) { return bytes; } +// Given a prefix, attempts to create a unique directory that the user can do +// work in without impacting other tests. For example, if given the prefix +// "scratch", a directory like "scratch05c17b25" will be created in the current +// working directory (or the location specified by NSS_GTEST_WORKDIR, if +// defined). +// Upon destruction, the implementation will attempt to delete the directory. +// However, no attempt is made to first remove files in the directory - the +// user is responsible for this. If the directory is not empty, deleting it will +// fail. +// Statistically, it is technically possible to fail to create a unique +// directory name, but this is extremely unlikely given the expected workload of +// this implementation. +class ScopedUniqueDirectory { + public: + explicit ScopedUniqueDirectory(const std::string &prefix) { + std::string path; + const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR"); + if (workingDirectory) { + path.assign(workingDirectory); + } + path.append(prefix); + for (int i = 0; i < RETRY_LIMIT; i++) { + std::string pathCopy(path); + // TryMakingDirectory will modify its input. If it fails, we want to throw + // away the modified result. + if (TryMakingDirectory(pathCopy)) { + mPath.assign(pathCopy); + break; + } + } + assert(mPath.length() > 0); +#if defined(_WIN32) + // sqldb always uses UTF-8 regardless of the current system locale. + DWORD len = + MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0); + std::vector<wchar_t> buf(len, L'\0'); + MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(), + buf.size()); + std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter; + mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end())); +#else + mUTF8Path = mPath; +#endif + } + + // NB: the directory must be empty upon destruction + ~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); } + + const std::string &GetPath() { return mPath; } + const std::string &GetUTF8Path() { return mUTF8Path; } + + private: + static const int RETRY_LIMIT = 5; + + static void GenerateRandomName(/*in/out*/ std::string &prefix) { + std::stringstream ss; + ss << prefix; + // RAND_MAX is at least 32767. + ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand(); + // This will overwrite the value of prefix. This is a little inefficient, + // but at least it makes the code simple. + ss >> prefix; + } + + static bool TryMakingDirectory(/*in/out*/ std::string &prefix) { + GenerateRandomName(prefix); +#if defined(_WIN32) + return _mkdir(prefix.c_str()) == 0; +#else + return mkdir(prefix.c_str(), 0777) == 0; +#endif + } + + std::string mPath; + std::string mUTF8Path; +}; + #endif // util_h__ diff --git a/security/nss/gtests/common/wycheproof/__init__.py b/security/nss/gtests/common/wycheproof/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/security/nss/gtests/common/wycheproof/__init__.py diff --git a/security/nss/gtests/common/wycheproof/genTestVectors.py b/security/nss/gtests/common/wycheproof/genTestVectors.py new file mode 100644 index 000000000..1e2eb47ec --- /dev/null +++ b/security/nss/gtests/common/wycheproof/genTestVectors.py @@ -0,0 +1,191 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +import json +import os +import subprocess + +script_dir = os.path.dirname(os.path.abspath(__file__)) + +# Imports a JSON testvector file. +def import_testvector(file): + """Import a JSON testvector file and return an array of the contained objects.""" + with open(file) as f: + vectors = json.loads(f.read()) + return vectors + +# Convert a test data string to a hex array. +def string_to_hex_array(string): + """Convert a string of hex chars to a string representing a C-format array of hex bytes.""" + b = bytearray.fromhex(string) + result = '{' + ', '.join("{:#04x}".format(x) for x in b) + '}' + return result + +# Writes one AES-GCM testvector into C-header format. (Not clang-format conform) +class AESGCM(): + """Class that provides the generator function for a single AES-GCM test case.""" + + def format_testcase(self, vector): + """Format an AES-GCM testcase object. Return a string in C-header format.""" + result = '{{ {},\n'.format(vector['tcId']) + for key in ['key', 'msg', 'aad', 'iv']: + result += ' \"{}\",\n'.format(vector[key]) + result += ' \"\",\n' + result += ' \"{}\",\n'.format(vector['tag']) + result += ' \"{}\",\n'.format(vector['ct'] + vector['tag']) + result += ' {},\n'.format(str(vector['result'] == 'invalid').lower()) + result += ' {}}},\n\n'.format(str('ZeroLengthIv' in vector['flags']).lower()) + + return result + +# Writes one ChaChaPoly testvector into C-header format. (Not clang-format conform) +class ChaChaPoly(): + """Class that provides the generator function for a single ChaCha test case.""" + + def format_testcase(self, testcase): + """Format an ChaCha testcase object. Return a string in C-header format.""" + result = '\n// Comment: {}'.format(testcase['comment']) + result += '\n{{{},\n'.format(testcase['tcId']-1) + for key in ['msg', 'aad', 'key', 'iv']: + result += '{},\n'.format(string_to_hex_array(testcase[key])) + ct = testcase['ct'] + testcase['tag'] + result += '{},\n'.format(string_to_hex_array(ct)) + result += '{},\n'.format(str(testcase['result'] == 'invalid').lower()) + result += '{}}},\n'.format(str(testcase['comment'] == 'invalid nonce size').lower()) + + return result + +# Writes one Curve25519 testvector into C-header format. (Not clang-format conform) +class Curve25519(): + """Class that provides the generator function for a single curve25519 test case.""" + + # Static pkcs8 and skpi wrappers for the raw keys from Wycheproof. + # The public key section of the pkcs8 wrapper is filled up with 0's, which is + # not correct, but acceptable for the tests at this moment because + # validity of the public key is not checked. + # It's still necessary because of + # https://searchfox.org/nss/rev/7bc70a3317b800aac07bad83e74b6c79a9ec5bff/lib/pk11wrap/pk11pk12.c#171 + pkcs8WrapperStart = "3067020100301406072a8648ce3d020106092b06010401da470f01044c304a0201010420" + pkcs8WrapperEnd = "a1230321000000000000000000000000000000000000000000000000000000000000000000" + spkiWrapper = "3039301406072a8648ce3d020106092b06010401da470f01032100" + + def format_testcase(self, testcase): + result = '\n// Comment: {}'.format(testcase['comment']) + result += '\n{{{},\n'.format(string_to_hex_array(self.pkcs8WrapperStart + testcase['private'] + self.pkcs8WrapperEnd)) + result += '{},\n'.format(string_to_hex_array(self.spkiWrapper + testcase['public'])) + result += '{},\n'.format(string_to_hex_array(testcase['shared'])) + + # Flag 'acceptable' cases with secret == 0 as invalid for NSS. + # Flag 'acceptable' cases with forbidden public key values as invalid for NSS. + # Flag 'acceptable' cases with small public key (0 or 1) as invalid for NSS. + valid = testcase['result'] in ['valid', 'acceptable'] \ + and not testcase['shared'] == "0000000000000000000000000000000000000000000000000000000000000000" \ + and not testcase["public"] == "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" \ + and not testcase["public"] == "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" \ + and not 'Small public key' in testcase['flags'] + result += '{}}},\n'.format(str(valid).lower()) + + return result + +def generate_vectors_file(params): + """ + Generate and store a .h-file with test vectors for one test. + + params -- Dictionary with parameters for test vector generation for the desired test. + """ + + cases = import_testvector(os.path.join(script_dir, params['source_dir'] + params['source_file'])) + + with open(os.path.join(script_dir, params['base'])) as base: + header = base.read() + + header = header[:params['crop_size_start']] + header += '\n\n// Testvectors from project wycheproof\n' + header += '// <https://github.com/google/wycheproof>\n' + vectors_file = header + params['array_init'] + + for group in cases['testGroups']: + for test in group['tests']: + vectors_file += params['formatter'].format_testcase(test) + + vectors_file = vectors_file[:params['crop_size_end']] + '};\n\n' + vectors_file += params['finish'] + + with open(os.path.join(script_dir, params['target']), 'w') as target: + target.write(vectors_file) + +# Parameters that describe the generation of a testvector file for each supoorted testself. +# source -- relaive path the wycheproof JSON source file with testvectorsself. +# base -- relative path to the pre-fabricated .h-file with general defintions and non-wycheproof vectors. +# target -- relative path to where the finished .h-file is written. +# crop_size_start -- number of characters removed from the end of the base file at start. +# array_init -- string to initialize the c-header style array of testvectors. +# formatter -- the test case formatter class to be used for this test. +# crop_size_end -- number of characters removed from the end of the last generated test vector to close the array definiton. +# finish -- string to re-insert at the end and finish the file. (identical to chars cropped at the start) +# comment -- additional comments to add to the file just before defintion of the test vector array. +aes_gcm_params = { + 'source_dir': 'source_vectors/', + 'source_file': 'aes_gcm_test.json', + 'base': '../testvectors_base/gcm-vectors_base.h', + 'target': '../testvectors/gcm-vectors.h', + 'crop_size_start': -27, + 'array_init': 'const gcm_kat_value kGcmWycheproofVectors[] = {\n', + 'formatter' : AESGCM(), + 'crop_size_end': -3, + 'finish': '#endif // gcm_vectors_h__\n', + 'comment' : '' +} + +chacha_poly_params = { + 'source_dir': 'source_vectors/', + 'source_file': 'chacha20_poly1305_test.json', + 'base': '../testvectors_base/chachapoly-vectors_base.h', + 'target': '../testvectors/chachapoly-vectors.h', + 'crop_size_start': -35, + 'array_init': 'const chacha_testvector kChaCha20WycheproofVectors[] = {\n', + 'formatter' : ChaChaPoly(), + 'crop_size_end': -2, + 'finish': '#endif // chachapoly_vectors_h__\n', + 'comment' : '' +} + +curve25519_params = { + 'source_dir': 'source_vectors/', + 'source_file': 'x25519_test.json', + 'base': '../testvectors_base/curve25519-vectors_base.h', + 'target': '../testvectors/curve25519-vectors.h', + 'crop_size_start': -34, + 'array_init': 'const curve25519_testvector kCurve25519WycheproofVectors[] = {\n', + 'formatter' : Curve25519(), + 'crop_size_end': -2, + 'finish': '#endif // curve25519_vectors_h__\n', + 'comment' : '// The public key section of the pkcs8 wrapped private key is\n\ + // filled up with 0\'s, which is not correct, but acceptable for the\n\ + // tests at this moment because validity of the public key is not checked.\n' +} + +def update_tests(tests): + + remote = "https://raw.githubusercontent.com/google/wycheproof/master/testvectors/" + for test in tests: + subprocess.check_call(['wget', remote+test['source_file'], '-O', + 'gtests/common/wycheproof/source_vectors/' +test['source_file'], + '--no-check-certificate']) + +def generate_test_vectors(): + """Generate C-header files for all supported tests.""" + all_tests = [aes_gcm_params, chacha_poly_params, curve25519_params] + update_tests(all_tests) + for test in all_tests: + generate_vectors_file(test) + +def main(): + generate_test_vectors() + +if __name__ == '__main__': + main() diff --git a/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json b/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json new file mode 100644 index 000000000..f2f327921 --- /dev/null +++ b/security/nss/gtests/common/wycheproof/source_vectors/aes_gcm_test.json @@ -0,0 +1,2940 @@ +{ + "algorithm" : "AES-GCM", + "generatorVersion" : "0.4.12", + "notes" : { + "ConstructedIv" : "The counter for AES-GCM is reduced modulo 2**32. This test vector was constructed to test for correct wrapping of the counter.", + "ZeroLengthIv" : "AES-GCM does not allow an IV of length 0. Encrypting with such an IV leaks the authentication key. Hence using an IV of length 0 is insecure even if the key itself is only used for a single encryption." + }, + "numberOfTests" : 217, + "header" : [], + "testGroups" : [ + { + "ivSize" : 96, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 1, + "comment" : "", + "key" : "5b9604fe14eadba931b0ccf34843dab9", + "iv" : "028318abc1824029138141a2", + "aad" : "", + "msg" : "001d0c231287c1182784554ca3a21908", + "ct" : "26073cc1d851beff176384dc9896d5ff", + "tag" : "0a3ea7a5487cb5f7d70fb6c58d038554", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "", + "key" : "5b9604fe14eadba931b0ccf34843dab9", + "iv" : "921d2507fa8007b7bd067d34", + "aad" : "00112233445566778899aabbccddeeff", + "msg" : "001d0c231287c1182784554ca3a21908", + "ct" : "49d8b9783e911913d87094d1f63cc765", + "tag" : "1e348ba07cca2cf04c618cb4d43a5b92", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 3, + "comment" : "", + "key" : "aa023d0478dcb2b2312498293d9a9129", + "iv" : "0432bc49ac34412081288127", + "aad" : "aac39231129872a2", + "msg" : "2035af313d1346ab00154fea78322105", + "ct" : "eea945f3d0f98cc0fbab472a0cf24e87", + "tag" : "4bb9b4812519dadf9e1232016d068133", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "", + "key" : "384ea416ac3c2f51a76e7d8226346d4e", + "iv" : "b30c084727ad1c592ac21d12", + "aad" : "", + "msg" : "35", + "ct" : "54", + "tag" : "7c1e4ae88bb27e5638343cb9fd3f6337", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 5, + "comment" : "", + "key" : "cae31cd9f55526eb038241fc44cac1e5", + "iv" : "b5e006ded553110e6dc56529", + "aad" : "", + "msg" : "d10989f2c52e94ad", + "ct" : "a036ead03193903f", + "tag" : "3b626940e0e9f0cbea8e18c437fd6011", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 6, + "comment" : "", + "key" : "dd6197cd63c963919cf0c273ef6b28bf", + "iv" : "ecb0c42f7000ef0e6f95f24d", + "aad" : "", + "msg" : "4dcc1485365866e25ac3f2ca6aba97", + "ct" : "8a9992388e735f80ee18f4a63c10ad", + "tag" : "1486a91cccf92c9a5b00f7b0e034891c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "", + "key" : "ffdf4228361ea1f8165852136b3480f7", + "iv" : "0e1666f2dc652f7708fb8f0d", + "aad" : "", + "msg" : "25b12e28ac0ef6ead0226a3b2288c800", + "ct" : "f7bd379d130477176b8bb3cb23dbbbaa", + "tag" : "1ee6513ce30c7873f59dd4350a588f42", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "", + "key" : "c15ed227dd2e237ecd087eaaaad19ea4", + "iv" : "965ff6643116ac1443a2dec7", + "aad" : "", + "msg" : "fee62fde973fe025ad6b322dcdf3c63fc7", + "ct" : "0de51fe4f7f2d1f0f917569f5c6d1b009c", + "tag" : "6cd8521422c0177e83ef1b7a845d97db", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "", + "key" : "a8ee11b26d7ceb7f17eaa1e4b83a2cf6", + "iv" : "fbbc04fd6e025b7193eb57f6", + "aad" : "", + "msg" : "c08f085e6a9e0ef3636280c11ecfadf0c1e72919ffc17eaf", + "ct" : "7cd9f4e4f365704fff3b9900aa93ba54b672bac554275650", + "tag" : "f4eb193241226db017b32ec38ca47217", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "", + "key" : "28ff3def08179311e2734c6d1c4e2871", + "iv" : "32bcb9b569e3b852d37c766a", + "aad" : "c3", + "msg" : "dfc61a20df8505b53e3cd59f25770d5018add3d6", + "ct" : "f58d453212c2c8a436e9283672f579f119122978", + "tag" : "5901131d0760c8715901d881fdfd3bc0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "", + "key" : "e63a43216c08867210e248859eb5e99c", + "iv" : "9c3a4263d983456658aad4b1", + "aad" : "834afdc5c737186b", + "msg" : "b14da56b0462dc05b871fc815273ff4810f92f4b", + "ct" : "bf864616c2347509ca9b10446379b9bdbb3b8f64", + "tag" : "a97d25b490390b53c5db91f6ee2a15b8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "", + "key" : "38449890234eb8afab0bbf82e2385454", + "iv" : "33e90658416e7c1a7c005f11", + "aad" : "4020855c66ac4595058395f367201c4c", + "msg" : "f762776bf83163b323ca63a6b3adeac1e1357262", + "ct" : "a6f2ef3c7ef74a126dd2d5f6673964e27d5b34b6", + "tag" : "b8bbdc4f5014bc752c8b4e9b87f650a3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "", + "key" : "6a68671dfe323d419894381f85eb63fd", + "iv" : "9f0d85b605711f34cd2a35ba", + "aad" : "76eb5f147250fa3c12bff0a6e3934a0b16860cf11646773b", + "msg" : "0fc67899c3f1bbe196d90f1eca3797389230aa37", + "ct" : "bd64802cfebaeb487d3a8f76ce943a37b3472dd5", + "tag" : "fce9a5b530c7d7af718be1ec0ae9ed4d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "000000000000000000000000", + "aad" : "", + "msg" : "ebd4a3e10cf6d41c50aeae007563b072", + "ct" : "f62d84d649e56bc8cfedc5d74a51e2f7", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "ffffffffffffffffffffffff", + "aad" : "", + "msg" : "d593c4d8224f1b100c35e4f6c4006543", + "ct" : "431f31e6840931fd95f94bf88296ff69", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "Flipped bit 0 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d9847dbc326a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "Flipped bit 1 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "da847dbc326a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "Flipped bit 7 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "58847dbc326a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "Flipped bit 8 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8857dbc326a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "Flipped bit 31 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847d3c326a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "Flipped bit 32 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc336a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "Flipped bit 33 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc306a06e988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "Flipped bit 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a066988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "Flipped bit 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e989c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "Flipped bit 71 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e908c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "Flipped bit 77 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988e77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "Flipped bit 80 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77bd3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "Flipped bit 96 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3873e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "Flipped bit 97 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3843e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "Flipped bit 103 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3063e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "Flipped bit 120 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3863e6082", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "Flipped bit 121 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3863e6081", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "Flipped bit 126 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3863e60c3", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "Flipped bit 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a06e988c77ad3863e6003", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "Flipped bits 0 and 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d9847dbc326a06e989c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "Flipped bits 31 and 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847d3c326a066988c77ad3863e6083", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "Flipped bits 63 and 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d8847dbc326a066988c77ad3863e6003", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "all bits of tag flipped", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "277b8243cd95f9167738852c79c19f7c", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "Tag changed to all zero", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "tag changed to all 1", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "msbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "5804fd3cb2ea86690847fa5306bee003", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "lsbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "eb156d081ed6b6b55f4612f021d87b39", + "tag" : "d9857cbd336b07e889c67bd2873f6182", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 64, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 43, + "comment" : "", + "key" : "aa023d0478dcb2b2312498293d9a9129", + "iv" : "0432bc49ac344120", + "aad" : "aac39231129872a2", + "msg" : "2035af313d1346ab00154fea78322105", + "ct" : "64c36bb3b732034e3a7d04efc5197785", + "tag" : "b7d0dd70b00d65b97cfd080ff4b819d1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "unusual IV size", + "key" : "25dd4d6cad5a4604957847c8c6d3fc4e", + "iv" : "68cbeafe8f9e8a66", + "aad" : "", + "msg" : "5c347835b3fa61c2ce253e5a", + "ct" : "9a078a04d14938918e004358", + "tag" : "5452843e32c13c3e35ed8230fe3446c0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 128, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 45, + "comment" : "", + "key" : "2034a82547276c83dd3212a813572bce", + "iv" : "3254202d854734812398127a3d134421", + "aad" : "1a0293d8f90219058902139013908190bc490890d3ff12a3", + "msg" : "02efd2e5782312827ed5d230189a2a342b277ce048462193", + "ct" : "64069c2d58690561f27ee199e6b479b6369eec688672bde9", + "tag" : "9b7abadd6e69c1d9ec925786534f5075", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "", + "key" : "209e6dbf2ad26a105445fc0207cd9e9a", + "iv" : "9477849d6ccdfca112d92e53fae4a7ca", + "aad" : "", + "msg" : "01", + "ct" : "fd", + "tag" : "032df7bba5d8ea1a14f16f70bd0e14ec", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "", + "key" : "a549442e35154032d07c8666006aa6a2", + "iv" : "5171524568e81d97e8c4de4ba56c10a0", + "aad" : "", + "msg" : "1182e93596cac5608946400bc73f3a", + "ct" : "2f333087bdca58219f9bfc273e45cc", + "tag" : "e06d1ef473132957ad37eaef29733ca0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "", + "key" : "cfb4c26f126f6a0acb8e4e220f6c56cd", + "iv" : "1275115499ae722268515bf0c164b49c", + "aad" : "", + "msg" : "09dfd7f080275257cf97e76f966b1ad9", + "ct" : "a780bd01c80885156c88a973264c8ee5", + "tag" : "2adeffa682c8d8a81fada7d9fcdd2ee2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "", + "key" : "0b11ef3a08c02970f74281c860691c75", + "iv" : "95c1dd8c0f1705ece68937901f7add7b", + "aad" : "", + "msg" : "f693d4edd825dbb0618d91113128880dbebb23e25d00ed1f077d870be9cc7536", + "ct" : "7e47e10fe3c6fbfa381770eaf5d48d1482e71e0c44dff1e30ca6f95d92052084", + "tag" : "d01444fa5d9c499629d174ff3927a1ac", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "J0:000102030405060708090a0b0c0d0e0f", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "f95fde4a751913202aeeee32a0b55753", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "00078d109d92143fcd5df56721b884fac64ac7762cc09eea2a3c68e92a17bdb575f87bda18be564e", + "tag" : "152a65045fe674f97627427af5be22da", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 51, + "comment" : "J0:00000000000000000000000000000000", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "7b95b8c356810a84711d68150a1b7750", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "84d4c9c08b4f482861e3a9c6c35bc4d91df927374513bfd49f436bd73f325285daef4ff7e13d46a6", + "tag" : "213a3cb93855d18e69337eee66aeec07", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 52, + "comment" : "J0:ffffffffffffffffffffffffffffffff", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "1a552e67cdc4dc1a33b824874ebf0bed", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc3c60ad5a949886de968cf53ea6462aed", + "tag" : "99b381bfa2af9751c39d1b6e86d1be6a", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 53, + "comment" : "J0:fffffffffffffffffffffffffffffffe", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "dd9d0b4a0c3d681524bffca31d907661", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "64b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e88aeffb1c598f3607007702417ea0e0bc", + "tag" : "5281efc7f13ac8e14ccf5dca7bfbfdd1", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 54, + "comment" : "J0:fffffffffffffffffffffffffffffffd", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "57c5643c4e37b4041db794cfe8e1f0f4", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "2bb69c3e5d1f91815c6b87a0d5bbea7164b19314c31af45accdf7e3c4db79f0d948ca37a8e6649e8", + "tag" : "a3ea2c09ee4f8c8a12f45cddf9aeff81", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 55, + "comment" : "J0:000102030405060708090a0bffffffff", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "99821c2dd5daecded07300f577f7aff1", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4af37d0fe9af033052bd537c4ae978f60", + "tag" : "07eb2fe4a958f8434d40684899507c7c", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 56, + "comment" : "J0:000102030405060708090a0bfffffffe", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "5e4a3900142358d1c774d8d124d8d27d", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57bb11a2847c7c2d3d8f938f40f877e0c4", + "tag" : "f145c2dcaf339eede427be934357eac0", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 57, + "comment" : "J0:000102030405060708090a0bfffffffd", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "d4125676562984c0fe7cb0bdd1a954e8", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "f0c6ffc18bd46df5569185a9afd169eb0cf6ae47156b14dce03c8a07a2e172b1127af9b39ecdfc57", + "tag" : "facd0bfe8701b7b4a2ba96d98af52bd9", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 58, + "comment" : "J0:000102030405060708090a0b7fffffff", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "b97ec62a5e5900ccf9e4be332e336091", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "d6928e094c06e0a7c4db42184cf7529e95de88b767edebe9b343000be3dab47ea08b744293eed698", + "tag" : "a03e729dcfd7a03155655fece8affd7e", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 59, + "comment" : "J0:000102030405060708090a0b7ffffffe", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "7eb6e3079fa0b4c3eee366177d1c1d1d", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "d82ce58771bf6487116bf8e96421877ed6928e094c06e0a7c4db42184cf7529e95de88b767edebe9", + "tag" : "1e43926828bc9a1614c7b1639096c195", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 60, + "comment" : "J0:000102030405060708090a0bffff7fff", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "0314fcd10fdd675d3c612962c931f635", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "a197a37a5d79697078536bc27fe46cd8d475526d9044aa94f088a054f8e380c64f79414795c61480", + "tag" : "f08baddf0b5285c91fc06a67fe4708ca", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 61, + "comment" : "J0:000102030405060708090a0bffff7ffe", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "c4dcd9fcce24d3522b66f1469a1e8bb9", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "149fde9abbd3a43c2548575e0db9fb84a197a37a5d79697078536bc27fe46cd8d475526d9044aa94", + "tag" : "62a4b6875c288345d6a454399eac1afa", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 62, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "00000000000000000000000000000000", + "aad" : "", + "msg" : "bec6fa05c1718b9b84c47345bbed7dcb", + "ct" : "45a3f89d02918bfd0c8161658ccc9795", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff", + "iv" : "ffffffffffffffffffffffffffffffff", + "aad" : "", + "msg" : "4d82639c39d3f3490ee903dd0be7afcf", + "ct" : "1cd5a06214235ceb044d4bad7b047312", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 96, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 64, + "comment" : "", + "key" : "92ace3e348cd821092cd921aa3546374299ab46209691bc28b8752d17f123c20", + "iv" : "00112233445566778899aabb", + "aad" : "00000000ffffffff", + "msg" : "00010203040506070809", + "ct" : "e27abdd2d2a53d2f136b", + "tag" : "9a4a2579529301bcfb71c78d4060f52c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "", + "key" : "29d3a44f8723dc640239100c365423a312934ac80239212ac3df3421a2098123", + "iv" : "00112233445566778899aabb", + "aad" : "aabbccddeeff", + "msg" : "", + "ct" : "", + "tag" : "2a7d77fa526b8250cb296078926b5020", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "", + "key" : "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "iv" : "99e23ec48985bccdeeab60f1", + "aad" : "", + "msg" : "2a", + "ct" : "06", + "tag" : "633c1e9703ef744ffffb40edf9d14355", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "", + "key" : "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "iv" : "4f07afedfdc3b6c2361823d3", + "aad" : "", + "msg" : "be3308f72a2c6aed", + "ct" : "cf332a12fdee800b", + "tag" : "602e8d7c4799d62c140c9bb834876b09", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "", + "key" : "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "iv" : "68ab7fdbf61901dad461d23c", + "aad" : "", + "msg" : "51f8c1f731ea14acdb210a6d973e07", + "ct" : "43fc101bff4b32bfadd3daf57a590e", + "tag" : "ec04aacb7148a8b8be44cb7eaf4efa69", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "", + "key" : "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "iv" : "2fcb1b38a99e71b84740ad9b", + "aad" : "", + "msg" : "549b365af913f3b081131ccb6b825588", + "ct" : "f58c16690122d75356907fd96b570fca", + "tag" : "28752c20153092818faba2a334640d6e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "", + "key" : "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "iv" : "45aaa3e5d16d2d42dc03445d", + "aad" : "", + "msg" : "3ff1514b1c503915918f0c0c31094a6e1f", + "ct" : "73a6b6f45f6ccc5131e07f2caa1f2e2f56", + "tag" : "2d7379ec1db5952d4e95d30c340b1b1d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 71, + "comment" : "", + "key" : "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "iv" : "e6b1adf2fd58a8762c65f31b", + "aad" : "", + "msg" : "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", + "ct" : "0843fff52d934fc7a071ea62c0bd351ce85678cde3ea2c9e", + "tag" : "7355fde599006715053813ce696237a8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "", + "key" : "b279f57e19c8f53f2f963f5f2519fdb7c1779be2ca2b3ae8e1128b7d6c627fc4", + "iv" : "98bc2c7438d5cd7665d76f6e", + "aad" : "c0", + "msg" : "fcc515b294408c8645c9183e3f4ecee5127846d1", + "ct" : "eb5500e3825952866d911253f8de860c00831c81", + "tag" : "ecb660e1fb0541ec41e8d68a64141b3a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "", + "key" : "cdccfe3f46d782ef47df4e72f0c02d9c7f774def970d23486f11a57f54247f17", + "iv" : "376187894605a8d45e30de51", + "aad" : "956846a209e087ed", + "msg" : "e28e0e9f9d22463ac0e42639b530f42102fded75", + "ct" : "feca44952447015b5df1f456df8ca4bb4eee2ce2", + "tag" : "082e91924deeb77880e1b1c84f9b8d30", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "", + "key" : "f32364b1d339d82e4f132d8f4a0ec1ff7e746517fa07ef1a7f422f4e25a48194", + "iv" : "5a86a50a0e8a179c734b996d", + "aad" : "ab2ac7c44c60bdf8228c7884adb20184", + "msg" : "43891bccb522b1e72a6b53cf31c074e9d6c2df8e", + "ct" : "43dda832e942e286da314daa99bef5071d9d2c78", + "tag" : "c3922583476ced575404ddb85dd8cd44", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "", + "key" : "ff0089ee870a4a39f645b0a5da774f7a5911e9696fc9cad646452c2aa8595a12", + "iv" : "bc2a7757d0ce2d8b1f14ccd9", + "aad" : "972ab4e06390caae8f99dd6e2187be6c7ff2c08a24be16ef", + "msg" : "748b28031621d95ee61812b4b4f47d04c6fc2ff3", + "ct" : "a929ee7e67c7a2f91bbcec6389a3caf43ab49305", + "tag" : "ebec6774b955e789591c822dab739e12", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "000000000000000000000000", + "aad" : "", + "msg" : "561008fa07a68f5c61285cd013464eaf", + "ct" : "23293e9b07ca7d1b0cae7cc489a973b3", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "ffffffffffffffffffffffff", + "aad" : "", + "msg" : "c6152244cea1978d3e0bc274cf8c0b3b", + "ct" : "7cb6fc7c6abc009efe9551a99f36a421", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "Flipped bit 0 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9de8fef6d8ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "Flipped bit 1 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ee8fef6d8ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "Flipped bit 7 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "1ce8fef6d8ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "Flipped bit 8 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce9fef6d8ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "Flipped bit 31 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fe76d8ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "Flipped bit 32 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d9ab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "Flipped bit 33 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6daab1bf1bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "Flipped bit 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1b71bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "Flipped bit 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1be887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "Flipped bit 71 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf13f887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "Flipped bit 77 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bfa87232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "Flipped bit 80 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887332eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "Flipped bit 96 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232ebb590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "Flipped bit 97 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232e8b590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "Flipped bit 103 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf8872326ab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "Flipped bit 120 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232eab590dc", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "Flipped bit 121 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232eab590df", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "Flipped bit 126 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232eab5909d", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 96, + "comment" : "Flipped bit 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1bf1bf887232eab5905d", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 97, + "comment" : "Flipped bits 0 and 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9de8fef6d8ab1bf1be887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "Flipped bits 31 and 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fe76d8ab1b71bf887232eab590dd", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "Flipped bits 63 and 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9ce8fef6d8ab1b71bf887232eab5905d", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "all bits of tag flipped", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "631701092754e40e40778dcd154a6f22", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "Tag changed to all zero", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "tag changed to all 1", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "msbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "1c687e76582b9b713f08f2b26a35105d", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "lsbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "b2061457c0759fc1749f174ee1ccadfa", + "tag" : "9de9fff7d9aa1af0be897333ebb491dc", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 128, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 105, + "comment" : "J0:000102030405060708090a0b0c0d0e0f", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "029e0e777db092b12535d043012f09ba", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "f83cee467336e1a09b75f24e9b4385c99c13e6af722256a66129ece961fe803b167bad206f5017fb", + "tag" : "09338a42f0acc14f97c064f52f5f1688", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 106, + "comment" : "J0:00000000000000000000000000000000", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "f1be3b06b7feac07e7eab629f556047b", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "0b32b648a2c28e9edd7cee08eeeb900034cae7215e5ab1e201bd2eed1032c5a97866ba582a3458a4", + "tag" : "90be3606de58bd778fa5beff4a4102bd", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 107, + "comment" : "J0:ffffffffffffffffffffffffffffffff", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "de9eb63b1daed321a11b7547cc9e223c", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d8d23434de2cd07733be49d62ac1ae085", + "tag" : "6e4d6396125a10df5443bd0cbc8566d1", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 108, + "comment" : "J0:fffffffffffffffffffffffffffffffe", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "40bb0abebc483ff6d5671241ff5d66c6", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "2a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d4e80830d0d859ad9e42c29c4a68d8d9d", + "tag" : "dc481f172545268eff63ab0490403dc3", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 109, + "comment" : "J0:fffffffffffffffffffffffffffffffd", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "20d5cf305e630a8f49e3bb4bab18abc9", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "96d36b795f8e7edf6a8e0dbcd20d6c072a818888d1f09f32aa7beedd2869b446575e2ecec2b3c72d", + "tag" : "8a3a22bf2592958b930292aa47f590e8", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 110, + "comment" : "J0:000102030405060708090a0bffffffff", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "255358a71a0e5731f6dd6ce28e158ae6", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "cfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f41303c46d5c7bf9ca4c2c45a8f1e6656", + "tag" : "2db9dc1b7fd315df1c95432432fcf474", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 111, + "comment" : "J0:000102030405060708090a0bfffffffe", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "bb76e422bbe8bbe682a10be4bdd6ce1c", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "69a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0bb49a751955b236d1b887baefd25c47f", + "tag" : "82ad967f7ac19084354f69a751443fb2", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 112, + "comment" : "J0:000102030405060708090a0bfffffffd", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "db1821ac59c38e9f1e25a2eee9930313", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "4e4417a83beac1eb7e24456a05f6ba5569a24169792e9a07f6e6f4736fa972dccfce3d920f0e01f0", + "tag" : "472d5dd582dc05ef5fc496b612023cb2", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 113, + "comment" : "J0:000102030405060708090a0b7fffffff", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "f7a02ecca03064b2ef3cce9feab79f07", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "6f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3d20062009848044eef8f31f7d2fead05", + "tag" : "caff723826df150934aee3201ba175e7", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 114, + "comment" : "J0:000102030405060708090a0b7ffffffe", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "6985924901d688659b40a999d974dbfd", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "af193090ce3d43a388a1d294a09616906f8e174efca3097299f784efd4caff0bf168c3e5165b9ad3", + "tag" : "3b08958be1286c2b4acba02b3674adb2", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 115, + "comment" : "J0:000102030405060708090a0bffff7fff", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "3f1188546c65ed0fc55e75032c68ee44", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "5deccf838b2cf5f869c90d2a611160b1e578ab8121b93735cba4a1930647b8c4c84bf776333ee45a", + "tag" : "c14d52208f0f51b816a48971eaf8ff7e", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 116, + "comment" : "J0:000102030405060708090a0bffff7ffe", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "a13434d1cd8301d8b12212051fabaabe", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "d2cae1684aa407a13a2e2da5357e29f55deccf838b2cf5f869c90d2a611160b1e578ab8121b93735", + "tag" : "ea2d018099cd7925c507cef0ceddb0ae", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 117, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "00000000000000000000000000000000", + "aad" : "", + "msg" : "5c7d3f81d4b5055ed6f8db53614587a4", + "ct" : "541b835dc828d541073f7d7d7504ebf5", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 118, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "ffffffffffffffffffffffffffffffff", + "aad" : "", + "msg" : "6a347ad1190e72ede611044e7475f0eb", + "ct" : "a3f36154331c196624564bc395e49c3b", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "", + "key" : "cee9abbc26b63e169f0ced621fe21d95904e75b881d93e6b", + "iv" : "1e8259e0a43e571068f701cd2064fc0c", + "aad" : "", + "msg" : "46", + "ct" : "dc", + "tag" : "af1f5535b125b34fc466902ea40cb3a2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 120, + "comment" : "", + "key" : "189f0bd390ba40632586a45c39735c2b87113329c800f394", + "iv" : "c84442d6975f0359737de0fa828f958e", + "aad" : "", + "msg" : "b4bcd7b8eeca3050dd17682c6a914e", + "ct" : "2aab5c87dcb4a4dae4e975ddb65aab", + "tag" : "6b03b7557c7131e2352e495d54e61aef", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "", + "key" : "b0724f15df5b792c2f49bc51df0ac5aad69be0030981613c", + "iv" : "13cd526ec77b58f62d48d03f8b88f2b8", + "aad" : "", + "msg" : "8da3ab9c3d195b04df452ad23953da4d", + "ct" : "d127fd2e67c0887d90eb92b91f357d97", + "tag" : "eb05bda937faeed27f8833295d4ba559", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "", + "key" : "998750ba784841e40a7c5b03985732b6397e5459a3843954", + "iv" : "1d3d62eccd8ac5e896f2654a7f606fc9", + "aad" : "", + "msg" : "2f60ca3494a958dc3e6ebeb5d0b4e6dda0d0c4331ab9c957f6422a5100878ebf", + "ct" : "344c2cea17b06cb3da272e22a22a3a71ee0eaa1959a7facfff464660ddccedd1", + "tag" : "bab7fbf499ff06aad5f757b1c1a4fcc0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 96, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 123, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "000000000000000000000000", + "aad" : "", + "msg" : "0b4dbbba8982e0f649f8ba85f3aa061b", + "ct" : "3f875c9bd7d8511448459468e398c3b2", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff1021324354657687", + "iv" : "ffffffffffffffffffffffff", + "aad" : "", + "msg" : "1ae93688ef7e2650a9342ad4718b2780", + "ct" : "210dabea4364c6d5b3429e7743322936", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "", + "key" : "21218af790428f8024d3e7e1428c9fcf578c216636d60e73", + "iv" : "34047bc39b9c608384dff5b8", + "aad" : "", + "msg" : "e3", + "ct" : "fe", + "tag" : "2e982e24b81cd120d35a70fe6935e665", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "", + "key" : "3a8bf543c480925632118245bcbf5d01522b987a31a33da3", + "iv" : "4ebc13cf4636cc7c45e560a7", + "aad" : "", + "msg" : "53fc72e71b59eeb3", + "ct" : "99f2ff1c8a44e5f2", + "tag" : "6870f104ddc514477b400336fb01860e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "", + "key" : "92f4d2672fceec43963ccffb17e6ea7578b11418b06a3b82", + "iv" : "6e7ff7f0797685cfc44b05ff", + "aad" : "", + "msg" : "c3ec16adb184affa8ae9738bffb916", + "ct" : "afe8ef41591bfcc00db3c880ceb186", + "tag" : "29fff7f285768645c9c8bf7a471c9393", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "", + "key" : "bcb6bc5ee6743df1396a34639327b25809ec9c81dd6a0c0e", + "iv" : "be0326d23bdc2c64648d13f4", + "aad" : "", + "msg" : "80474a3a3b809560eee2ce7a7a33ea07", + "ct" : "90339dca02ef717f1603994aee6cf6d2", + "tag" : "e3d33e01ce64f271783147de226228bc", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "", + "key" : "5e1d28213e092536525bbae09e214af4c891e202b2b4fa4f", + "iv" : "b6be6cd0681235d826aa28ea", + "aad" : "", + "msg" : "53d59433a7db7f41b31ccb6d4a2d789965", + "ct" : "b98ed6321679941a3e521834296686ad98", + "tag" : "9f50c03e055e519712c582ec9db3235b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "", + "key" : "7f672d85e151aa490bc0eec8f66b5e5bee74af11642be3ff", + "iv" : "b022067048505b20946216ef", + "aad" : "", + "msg" : "ef6412c72b03c643fa02565a0ae2378a9311c11a84065f80", + "ct" : "addd303651119e52f6170dfc7a915064253d57532987b9ab", + "tag" : "fa0484f8baa95f5b7a31c56d1b34c58b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "", + "key" : "969fed5068541d65418c2c1de8fe1f845e036030496e1272", + "iv" : "817fe51c31f2879141a34335", + "aad" : "cb", + "msg" : "3d8233191a2823bf767e99167b1d4af4f4848458", + "ct" : "0d2c3a3c0cc4b40e70ed45e188e356a0e1533b31", + "tag" : "92909a80e90540e1878ab59ef300072b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "", + "key" : "fa5b9b41f93f8b682c04ba816c3fecc24eec095b04dd7497", + "iv" : "62b9cf1e923bc1138d05d205", + "aad" : "2ed8487153e21b12", + "msg" : "18159841813a69fc0f8f4229e1678da7c9016711", + "ct" : "c7c1cbb85ce2a0a3f32cb9ef01ad45ec1118b66d", + "tag" : "253317f98bdab87531ece20475cd9ebb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "", + "key" : "fbfb395662787e2d25a2e7510f818e825936a35114e237c9", + "iv" : "3f1a1e02e90a4ba7a1db9df2", + "aad" : "74318d8876528243f1944b73eb77e96e", + "msg" : "2952a3d64107d5cbb9602239d05a5c5c222cf72b", + "ct" : "ecf5e403f19c007c8da7a456caf0a6d75762829b", + "tag" : "e0877a100f9dd9d6795f0e74c56a9fab", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "", + "key" : "5d8e9c2222316c9ed5ff94513cc957436ae447a6e1a73a29", + "iv" : "0802ae86c75a73bf79561521", + "aad" : "5ca354a4cb8e4fc9798aa209ad4f739dc7c232fdd1f22584", + "msg" : "42b4439e1d2116f834b91c516a26299df279956b", + "ct" : "94d844d98b9467daa7e8dde7f4290037354d7fb2", + "tag" : "62196638590cef429d6b1d1a59839c02", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "Flipped bit 0 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b5e44c5b2fe90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "Flipped bit 1 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b6e44c5b2fe90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "Flipped bit 7 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "34e44c5b2fe90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "Flipped bit 8 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e54c5b2fe90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "Flipped bit 31 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44cdb2fe90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "Flipped bit 32 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2ee90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "Flipped bit 33 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2de90e4c78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "Flipped bit 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90ecc78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "Flipped bit 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c79f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "Flipped bit 71 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4cf8f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 145, + "comment" : "Flipped bit 77 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78d358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 146, + "comment" : "Flipped bit 80 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f359da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 147, + "comment" : "Flipped bit 96 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0c99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 148, + "comment" : "Flipped bit 97 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0f99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 149, + "comment" : "Flipped bit 103 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da8d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 150, + "comment" : "Flipped bit 120 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0d99cb65", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 151, + "comment" : "Flipped bit 121 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0d99cb66", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 152, + "comment" : "Flipped bit 126 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0d99cb24", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 153, + "comment" : "Flipped bit 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90e4c78f358da0d99cbe4", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 154, + "comment" : "Flipped bits 0 and 64 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b5e44c5b2fe90e4c79f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 155, + "comment" : "Flipped bits 31 and 63 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44cdb2fe90ecc78f358da0d99cb64", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 156, + "comment" : "Flipped bits 63 and 127 in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b4e44c5b2fe90ecc78f358da0d99cbe4", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 157, + "comment" : "all bits of tag flipped", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "4b1bb3a4d016f1b3870ca725f266349b", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 158, + "comment" : "Tag changed to all zero", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 159, + "comment" : "tag changed to all 1", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 160, + "comment" : "msbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "3464ccdbaf698eccf873d85a8d194be4", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 161, + "comment" : "lsbs changed in tag", + "key" : "000102030405060708090a0b0c0d0e0f1011121314151617", + "iv" : "505152535455565758595a5b", + "aad" : "", + "msg" : "202122232425262728292a2b2c2d2e2f", + "ct" : "458256842dfd297f30bd2f8f15c92db0", + "tag" : "b5e54d5a2ee80f4d79f259db0c98ca65", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 128, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 162, + "comment" : "J0:000102030405060708090a0b0c0d0e0f", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "5c2ea9b695fcf6e264b96074d6bfa572", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "28e1c5232f4ee8161dbe4c036309e0b3254e9212bef0a93431ce5e5604c8f6a73c18a3183018b770", + "tag" : "d5808a1bd11a01129bf3c6919aff2339", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 163, + "comment" : "J0:00000000000000000000000000000000", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "57b3a81f2c36b6b06577ca0fbab8fa8e", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "cceebeb4fe4cd90c514e52d2327a2ecd75393661006cf2476d8620149aef3d1cdce491fff3e7a7a3", + "tag" : "8132e865b69d64ef37db261f80cbbe24", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 164, + "comment" : "J0:ffffffffffffffffffffffffffffffff", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "ce20a7e870696a5e68533c465bad2ba1", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "4f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e2af7bfe1a8aadaa0baa3de38a41d9713", + "tag" : "155da6441ec071ef2d8e6cffbacc1c7c", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 165, + "comment" : "J0:fffffffffffffffffffffffffffffffe", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "918e3c19dbdfee2db18156c5b93f3d75", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "8316a53167b6de1a7575700693ffef274f4350565d91d9aa8c5f4048550492ad6d6fdabf66da5d1e", + "tag" : "6c574aa6a2490cc3b2f2f8f0ffbc56c4", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 166, + "comment" : "J0:fffffffffffffffffffffffffffffffd", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "717d900b270462b9dbf7e9419e890609", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "5175927513e751eb309f45bc2ef225f28316a53167b6de1a7575700693ffef274f4350565d91d9aa", + "tag" : "8082a761e1d755344bf29622144e7d39", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 167, + "comment" : "J0:000102030405060708090a0bffffffff", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "ecd52120af240e9b4bf3b9d1eeb49434", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "36b3fbecd09178d04527fb37544f5579d20d60a41266f685c48098e1a52804ca387d90709d3268dd", + "tag" : "033e0ef2953ebfd8425737c7d393f89a", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 168, + "comment" : "J0:000102030405060708090a0bfffffffe", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "b37bbad104928ae89221d3520c2682e0", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "16929b773051f12b0adac95f65e21a7f36b3fbecd09178d04527fb37544f5579d20d60a41266f685", + "tag" : "ca448bb7e52e897eca234ef343d057d0", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 169, + "comment" : "J0:000102030405060708090a0bfffffffd", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "538816c3f849067cf8576cd62b90b99c", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "6d3faefaf691d58163846f8d4b9ffd5916929b773051f12b0adac95f65e21a7f36b3fbecd09178d0", + "tag" : "84f49740e6757f63dd0df7cb7656d0ef", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 170, + "comment" : "J0:000102030405060708090a0b7fffffff", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "d10e631943cd3bdababab2bbd13951c0", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "d60196c2d14fcf30c0991d2721ddc52d385f407a16691dade82c9023c855fd8e2e8fbb562102f018", + "tag" : "877e15d9889e69a99fcc6d727465c391", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 171, + "comment" : "J0:000102030405060708090a0b7ffffffe", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "8ea0f8e8e87bbfa96368d83833ab4714", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "948fbceca12a6e4fabb79b6d965e336fd60196c2d14fcf30c0991d2721ddc52d385f407a16691dad", + "tag" : "cd5757626945976ba9f0264bd6bee894", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 172, + "comment" : "J0:000102030405060708090a0bffff7fff", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "7b2df4fbed1de2727eb24898e5deabb9", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d8857d84e6e183a1dea6ee85a7da84fbc35d", + "tag" : "b015d72da62c81cb4d267253b20db9e5", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 173, + "comment" : "J0:000102030405060708090a0bffff7ffe", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "24836f0a46ab6601a760221b074cbd6d", + "aad" : "", + "msg" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000", + "ct" : "5e3434b45edbf0d1f6e02d1144dbf867a1a0120660ff52e6b1700b12c54d2d33b94b00cd7882d885", + "tag" : "ee74ccb30d649ebf6916d05a7dbe5696", + "result" : "valid", + "flags" : [ + "ConstructedIv" + ] + }, + { + "tcId" : 174, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "00000000000000000000000000000000", + "aad" : "", + "msg" : "8d74f1c97243d362577ff376c393d2dc", + "ct" : "265c42e2b96ea1de9c24f7182e337390", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 175, + "comment" : "special case", + "key" : "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "iv" : "ffffffffffffffffffffffffffffffff", + "aad" : "", + "msg" : "884df0e76f3ce227bf9595d103825a46", + "ct" : "988f47668ea650cbaa6714711abe268d", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 176, + "comment" : "", + "key" : "b7797eb0c1a6089ad5452d81fdb14828c040ddc4589c32b565aad8cb4de3e4a0", + "iv" : "0ad570d8863918fe89124e09d125a271", + "aad" : "", + "msg" : "ed", + "ct" : "3f", + "tag" : "fd8f593b83314e33c5a72efbeb7095e8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 177, + "comment" : "", + "key" : "4c010d9561c7234c308c01cea3040c925a9f324dc958ff904ae39b37e60e1e03", + "iv" : "2a55caa137c5b0b66cf3809eb8f730c4", + "aad" : "", + "msg" : "2a093c9ed72b8ff4994201e9f9e010", + "ct" : "041341078f0439e50b43c991635117", + "tag" : "5b8a2f2da20ef657c903da88ef5f57bb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 178, + "comment" : "", + "key" : "e7f7a48df99edd92b81f508618aa96526b279debd9ddb292d385ddbae80b2259", + "iv" : "7ee376910f08f497aa6c3aa7113697fd", + "aad" : "", + "msg" : "5e51dbbb861b5ec60751c0996e00527f", + "ct" : "469478d448f7e97d755541aa09ad95b0", + "tag" : "254ada5cf662d90c5e11b2bd9c4db4c4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 179, + "comment" : "", + "key" : "4f84782bfbb64a973c3de3dcfa3430367fd68bc0b4c3b31e5d7c8141ba3e6a67", + "iv" : "5d1bde6fa0994b33efd8f23f531248a7", + "aad" : "", + "msg" : "78cb6650a1908a842101ea85804fed00cc56fbdafafba0ef4d1ca607dcae57b6", + "ct" : "cb960201fa5ad41d41d1c2c8037c71d52b72e76b16b589d71b976627c9734c9d", + "tag" : "8dfce16467c3a6ebb3e7242c9a551962", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 120, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 180, + "comment" : "unusual IV size", + "key" : "34c74e28182948e03af02a01f46eb4f7", + "iv" : "b0a73119a97d623806b49d45ddf4c7", + "aad" : "", + "msg" : "fe82ba66cf2e265741f2c86c", + "ct" : "2bc3ef8e7402b4631f48e9be", + "tag" : "4b6f6f5be291a90b9e93a8a82ddbc8d8", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 160, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 181, + "comment" : "unusual IV size", + "key" : "55cb7cac77efe18a1ea3b30c65f3f346", + "iv" : "e22b6b144ab26b5781316e7a42a76202ac4b2278", + "aad" : "", + "msg" : "2f3d11ea32bf5bc72cbe2b8d", + "ct" : "4fe13ef29f118f85a63188f8", + "tag" : "05975b175316df8045889f43e0c857e0", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 64, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 182, + "comment" : "unusual IV size", + "key" : "f6a4bf8c4e15034699ce5801cbbac7509cd3f94cf28d8307", + "iv" : "60d6bfca67f5d810", + "aad" : "", + "msg" : "de8eaa41e5e6a590c3cfbf61", + "ct" : "a2966fb189f8d9d391503857", + "tag" : "e370e7dd328655929bd4691f396a1033", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 120, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 183, + "comment" : "unusual IV size", + "key" : "66f75acbd8d3acf7af47d13e8384c2809d6b91503a7f294b", + "iv" : "edf93e16294f15eded83808f09320e", + "aad" : "", + "msg" : "a900c86b6b7e0e5563f8f826", + "ct" : "9af1a022c61c4315aa0e923e", + "tag" : "20529bff3c59222ec33353af337b1d40", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 160, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 184, + "comment" : "unusual IV size", + "key" : "ef2e299dd4ecd7e3b9cc62780922cc2c89f78840564d1276", + "iv" : "130c14c839e35b7d56b3350b194b0da342e6b65d", + "aad" : "", + "msg" : "03f59579b14437199583270e", + "ct" : "073a5291b11df379f31b4f16", + "tag" : "17205999491bd4c1d6c7ec3e56779c32", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 64, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 185, + "comment" : "unusual IV size", + "key" : "df64c84ae52d9ca820a47421bed6e96f7165369fc4c1b65f8f6307b17ce1006c", + "iv" : "c0c568a400b7194f", + "aad" : "", + "msg" : "f5fafdded54a86a4edab44bd", + "ct" : "99313a220d1fcb6658876283", + "tag" : "00955d7d27f66868cfec734bf59c5e6d", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 120, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 186, + "comment" : "unusual IV size", + "key" : "e98b0669a645eb14cd06df6968fc5f10edc9f54feed264e3d410cdc61b72ef51", + "iv" : "17ca250fb733877556263223eadde1", + "aad" : "", + "msg" : "f384b3ed7b274641f5db60cf", + "ct" : "fc213602aa423b87d7c2a874", + "tag" : "36b15bab6923b17218fe1c24048e2391", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 160, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 187, + "comment" : "unusual IV size", + "key" : "849b3e6b8cdd85bdcfb8eb701aa5522ae2340fbe5214e389622cef76979225c4", + "iv" : "0f9d6ed7eef362dfa4a7dfa5c0f74c5b27bd4ebf", + "aad" : "", + "msg" : "8c5564e53051c0de273199b4", + "ct" : "c1d76233e8c5042e92bf8d32", + "tag" : "7cf036d235d3b2dd349a8c804b65144a", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 0, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 188, + "comment" : "0 size IV is not valid", + "key" : "8f3f52e3c75c58f5cb261f518f4ad30a", + "iv" : "", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "cf71978ffcc778f3c85ac9c31b6fe191", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + }, + { + "tcId" : 189, + "comment" : "0 size IV is not valid", + "key" : "2a4bf90e56b70fdd8649d775c089de3b", + "iv" : "", + "aad" : "", + "msg" : "324ced6cd15ecc5b3741541e22c18ad9", + "ct" : "00a29f0a5e2e7490279d1faf8b881c7b", + "tag" : "a2c7e8d7a19b884f742dfec3e76c75ee", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + } + ] + }, + { + "ivSize" : 0, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 190, + "comment" : "0 size IV is not valid", + "key" : "0b18d21337035c7baa08211b702fa780ac7c09be8f9ed11f", + "iv" : "", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "ca69a2eb3a096ea36b1015d5dffff532", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + }, + { + "tcId" : 191, + "comment" : "0 size IV is not valid", + "key" : "ba76d594a6df915bb7ab7e6d1a8d024b2796336c1b8328a9", + "iv" : "", + "aad" : "", + "msg" : "d62f302742d61d823ea991b93430d589", + "ct" : "509b0658d09f7a5bb9db43b70c8387f7", + "tag" : "2c9488d53a0b2b5308c2757dfac7219f", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + } + ] + }, + { + "ivSize" : 0, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 192, + "comment" : "0 size IV is not valid", + "key" : "3f8ca47b9a940582644e8ecf9c2d44e8138377a8379c5c11aafe7fec19856cf1", + "iv" : "", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "1726aa695fbaa21a1db88455c670a4b0", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + }, + { + "tcId" : 193, + "comment" : "0 size IV is not valid", + "key" : "7660d10966c6503903a552dde2a809ede9da490e5e5cc3e349da999671809883", + "iv" : "", + "aad" : "", + "msg" : "c314235341debfafa1526bb61044a7f1", + "ct" : "7772ea358901f571d3d35c19497639d9", + "tag" : "8fe0520ad744a11f0ccfd228454363fa", + "result" : "invalid", + "flags" : [ + "ZeroLengthIv" + ] + } + ] + }, + { + "ivSize" : 8, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 194, + "comment" : "small IV sizes", + "key" : "59a284f50aedd8d3e2a91637d3815579", + "iv" : "80", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "af498f701d2470695f6e7c8327a2398b", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 195, + "comment" : "small IV sizes", + "key" : "fec58aa8cf06bfe05de829f27ec77693", + "iv" : "9d", + "aad" : "", + "msg" : "f2d99a9f893378e0757d27c2e3a3101b", + "ct" : "0a24612a9d1cbe967dbfe804bf8440e5", + "tag" : "96e6fd2cdc707e3ee0a1c90d34c9c36c", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 16, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 196, + "comment" : "small IV sizes", + "key" : "88a972cce9eaf5a7813ce8149d0c1d0e", + "iv" : "0f2f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "4ccf1efb4da05b4ae4452aea42f5424b", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 197, + "comment" : "small IV sizes", + "key" : "b43967ee933e4632bd6562ba1201bf83", + "iv" : "8760", + "aad" : "", + "msg" : "5a6ad6db70591d1e520b0122f05021a0", + "ct" : "ba3e7f8b2999995c7fc4006ca4f475ff", + "tag" : "98f47a5279cebbcac214515710f6cd8a", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 32, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 198, + "comment" : "small IV sizes", + "key" : "4e9a97d3ed54c7b54610793ab05052e1", + "iv" : "cc851957", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "e574b355bda2980e047e584feb1676ca", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 199, + "comment" : "small IV sizes", + "key" : "d83c1d7a97c43f182409a4aa5609c1b1", + "iv" : "7b5faeb2", + "aad" : "", + "msg" : "c8f07ba1d65554a9bd40390c30c5529c", + "ct" : "1b84baea9df1e65bee7b49e4a8cda1ec", + "tag" : "5c0bb79d8240041edce0f94bd4bb384f", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 48, + "keySize" : 128, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 200, + "comment" : "small IV sizes", + "key" : "c6a705677affb49e276d9511caa46145", + "iv" : "4ad80c2854fb", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "1e2ed72af590cafb8647d185865f5463", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 201, + "comment" : "small IV sizes", + "key" : "eba7699b56cc0aa2f66a2a5be9944413", + "iv" : "d1dafc8de3e3", + "aad" : "", + "msg" : "d021e53d9098a2df3d6b903cdad0cd9c", + "ct" : "18291aa8dc7b07448aa8f71bb8e380bf", + "tag" : "9c0e22e5c41b1039ff5661ffaefa8e0f", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 8, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 202, + "comment" : "small IV sizes", + "key" : "c70ce38e84e5f53ed41c3f0d2ca493412ad32cb04c6e2efa", + "iv" : "cb", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "08d96edb5e22874cd10cb2256ca04bc6", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 203, + "comment" : "small IV sizes", + "key" : "74c816b83dfd287210a3e2c6da8d3053bbfbd9b156d3fdd8", + "iv" : "0f", + "aad" : "", + "msg" : "f2b7b2c9b312cf2af78f003df15c8e19", + "ct" : "6c5e796ba9a3ddc64f401e68d135101d", + "tag" : "96a132ed43924e98feb888ff682bdaef", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 16, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 204, + "comment" : "small IV sizes", + "key" : "cbf45ba488932aea1a10e5862f92e4a7e277bda9f34af6d0", + "iv" : "75e5", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "1f0d23070fcd748e25bf6454f5c9136e", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 205, + "comment" : "small IV sizes", + "key" : "e1c0446f11ae6aa4fa254f9a846fc6e13e45e537e47f2042", + "iv" : "8989", + "aad" : "", + "msg" : "3a2f5ad0eb216e546e0bcaa377b6cbc7", + "ct" : "550b48a43e821fd76f49f0f1a897aead", + "tag" : "f6e0a979481f9957ddad0f21a777a73a", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 32, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 206, + "comment" : "small IV sizes", + "key" : "567563bf4cf154902275a53bc57cd6dd7b370d27011bdac8", + "iv" : "68d7fc38", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "1475563e3212f3b5e40062569afd71e3", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 207, + "comment" : "small IV sizes", + "key" : "834d0bb601170865a78139428a1503695a6a291ebd747cd1", + "iv" : "bb9d2aa3", + "aad" : "", + "msg" : "6f79e18b4acd5a03d3a5f7e1a8d0f183", + "ct" : "309133e76159fe8a41b20843486511ab", + "tag" : "03ab26993b701910a2e8ecccd2ba9e52", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 48, + "keySize" : 192, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 208, + "comment" : "small IV sizes", + "key" : "99fb18f5ba430bb9ea942968ecb799b43406e1af4b6425a1", + "iv" : "a984bdcdcae2", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "d7b9a6b58a97982916e83219fbf71b1e", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 209, + "comment" : "small IV sizes", + "key" : "b77b242aa0d51c92fda013e0cb0ef2437399ace5d3f507e4", + "iv" : "52aa01e0d0d6", + "aad" : "", + "msg" : "4ba541a9914729216153801340ab1779", + "ct" : "e08261e46eaf90d978ea8f7889bccd4f", + "tag" : "c052a55df3926a50990a532efe3d80ec", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 8, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 210, + "comment" : "small IV sizes", + "key" : "8f9a38c1014966e4d9ae736139c5e79b99345874f42d4c7d2c81aa6797c417c0", + "iv" : "a9", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "2a268bf3a75fd7b00ba230b904bbb014", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 211, + "comment" : "small IV sizes", + "key" : "144cd8279229e8bb2de99d24e615306663913fe9177fcd270fafec493d43bca1", + "iv" : "b3", + "aad" : "", + "msg" : "976229f5538f9636476d69f0c328e29d", + "ct" : "7bea30ecc2f73f8e121263b37966954c", + "tag" : "8bbad4adc54b37a2b2f0f6e8617548c9", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 16, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 212, + "comment" : "small IV sizes", + "key" : "7d31861f9d3536e14016a3216b1042e0d2f7d4614314268b6f834ec7f38bbb65", + "iv" : "c332", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "1d978a693120c11f6d51a3ed88cd4ace", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 213, + "comment" : "small IV sizes", + "key" : "22b35fe9623ee11f8b60b6d22db3765b666ed972fa7ccd92b45f22deee02cab1", + "iv" : "da6c", + "aad" : "", + "msg" : "5341c78e4ce5bf8fbc3e077d1990dd5d", + "ct" : "9c39f5b110361e9a770cc5e8b0f444bb", + "tag" : "b63ff43c12073ec5572b1be70f17e231", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 32, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 214, + "comment" : "small IV sizes", + "key" : "c224e0bba3d7a99165f7996b67a0fce3e12f2c01179b197b69b7e628bca92096", + "iv" : "6b30145e", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "ae6f7c9a29f0d8204ca50b14a1e0dcf2", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 215, + "comment" : "small IV sizes", + "key" : "093eb12343537ee8e91c1f715b862603f8daf9d4e1d7d67212a9d68e5aac9358", + "iv" : "5110604c", + "aad" : "", + "msg" : "33efb58c91e8c70271870ec00fe2e202", + "ct" : "f73f72f976a296ba3ca94bc6eb08cd46", + "tag" : "b824c33c13f289429659aa017c632f71", + "result" : "acceptable", + "flags" : [] + } + ] + }, + { + "ivSize" : 48, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 216, + "comment" : "small IV sizes", + "key" : "98e6f8ab673e804e865e32403a6551bf807a959343c60d34559360bc295ecb5b", + "iv" : "d4d857510888", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "3db16725fafc828d414ab61c16a6c38f", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 217, + "comment" : "small IV sizes", + "key" : "0bd0e8e7781166e1d876dec8fad34ba95b032a27cac0551595116091005947b7", + "iv" : "1bdcd44b663e", + "aad" : "", + "msg" : "91222263b12cf5616a049cbe29ab9b5b", + "ct" : "ed463f4f43336af3f4d7e08770201145", + "tag" : "c8fc39906aca0c64e14a43ff750abd8a", + "result" : "acceptable", + "flags" : [] + } + ] + } + ] +} diff --git a/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json b/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json new file mode 100644 index 000000000..f4d72ecc1 --- /dev/null +++ b/security/nss/gtests/common/wycheproof/source_vectors/chacha20_poly1305_test.json @@ -0,0 +1,1868 @@ +{ + "algorithm" : "CHACHA20-POLY1305", + "generatorVersion" : "0.4.12", + "numberOfTests" : 151, + "header" : [], + "testGroups" : [ + { + "ivSize" : 96, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 1, + "comment" : "rfc7539", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "070000004041424344454647", + "aad" : "50515253c0c1c2c3c4c5c6c7", + "msg" : "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e", + "ct" : "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116", + "tag" : "1ae10b594f09e26a7e902ecbd0600691", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "", + "key" : "80ba3192c803ce965ea371d5ff073cf0f43b6a2ab576b208426e11409c09b9b0", + "iv" : "4da5bf8dfd5852c1ea12379d", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "76acb342cf3166a5b63c0c0ea1383c8d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 3, + "comment" : "", + "key" : "7a4cd759172e02eb204db2c3f5c746227df584fc1345196391dbb9577a250742", + "iv" : "a92ef0ac991dd516a3c6f689", + "aad" : "bd506764f2d2c410", + "msg" : "", + "ct" : "", + "tag" : "906fa6284b52f87b7359cbaa7563c709", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 4, + "comment" : "", + "key" : "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "iv" : "99e23ec48985bccdeeab60f1", + "aad" : "", + "msg" : "2a", + "ct" : "3a", + "tag" : "cac27dec0968801e9f6eded69d807522", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 5, + "comment" : "", + "key" : "46f0254965f769d52bdb4a70b443199f8ef207520d1220c55e4b70f0fda620ee", + "iv" : "ab0dca716ee051d2782f4403", + "aad" : "91ca6c592cbcca53", + "msg" : "51", + "ct" : "c4", + "tag" : "168310ca45b1f7c66cad4e99e43f72b9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 6, + "comment" : "", + "key" : "2f7f7e4f592bb389194989743507bf3ee9cbde1786b6695fe6c025fd9ba4c100", + "iv" : "461af122e9f2e0347e03f2db", + "aad" : "", + "msg" : "5c60", + "ct" : "4d13", + "tag" : "91e8b61efb39c122195453077b22e5e2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 7, + "comment" : "", + "key" : "c8833dce5ea9f248aa2030eacfe72bffe69a620caf793344e5718fe0d7ab1a58", + "iv" : "61546ba5f1720590b6040ac6", + "aad" : "88364fc8060518bf", + "msg" : "ddf2", + "ct" : "b60d", + "tag" : "ead0fd4697ec2e5558237719d02437a2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 8, + "comment" : "", + "key" : "55568158d3a6483f1f7021eab69b703f614251cadc1af5d34a374fdbfc5adac7", + "iv" : "3c4e654d663fa4596dc55bb7", + "aad" : "", + "msg" : "ab85e9c1571731", + "ct" : "5dfe3440dbb3c3", + "tag" : "ed7a434e2602d394281e0afa9fb7aa42", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 9, + "comment" : "", + "key" : "e3c09e7fab1aefb516da6a33022a1dd4eb272c80d540c5da52a730f34d840d7f", + "iv" : "58389375c69ee398de948396", + "aad" : "84e46be8c0919053", + "msg" : "4ee5cda20d4290", + "ct" : "4bd47212941ce3", + "tag" : "185f1408ee7fbf18f5abad6e2253a1ba", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 10, + "comment" : "", + "key" : "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "iv" : "4f07afedfdc3b6c2361823d3", + "aad" : "", + "msg" : "be3308f72a2c6aed", + "ct" : "8e9439a56eeec817", + "tag" : "fbe8a6ed8fabb1937539dd6c00e90021", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 11, + "comment" : "", + "key" : "1131c1418577a054de7a4ac551950f1a053f9ae46e5b75fe4abd5608d7cddadd", + "iv" : "b4ea666ee119563366484a78", + "aad" : "66c0ae70076cb14d", + "msg" : "a4c9c2801b71f7df", + "ct" : "b9b910433af052b0", + "tag" : "4530f51aeee024e0a445a6328fa67a18", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 12, + "comment" : "", + "key" : "99b62bd5afbe3fb015bde93f0abf483957a1c3eb3ca59cb50b39f7f8a9cc51be", + "iv" : "9a59fce26df0005e07538656", + "aad" : "", + "msg" : "42baae5978feaf5c368d14e0", + "ct" : "ff7dc203b26c467a6b50db33", + "tag" : "578c0f2758c2e14e36d4fc106dcb29b4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 13, + "comment" : "", + "key" : "85f35b6282cff440bc1020c8136ff27031110fa63ec16f1e825118b006b91257", + "iv" : "58dbd4ad2c4ad35dd906e9ce", + "aad" : "a506e1a5c69093f9", + "msg" : "fdc85b94a4b2a6b759b1a0da", + "ct" : "9f8816de0994e938d9e53f95", + "tag" : "d086fc6c9d8fa915fd8423a7cf05072f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 14, + "comment" : "", + "key" : "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "iv" : "68ab7fdbf61901dad461d23c", + "aad" : "", + "msg" : "51f8c1f731ea14acdb210a6d973e07", + "ct" : "0b29638e1fbdd6df53970be2210042", + "tag" : "2a9134087d67a46e79178d0a93f5e1d2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 15, + "comment" : "", + "key" : "e6f1118d41e4b43fb58221b7ed79673834e0d8ac5c4fa60bbc8bc4893a58894d", + "iv" : "d95b3243afaef714c5035b6a", + "aad" : "6453a53384632212", + "msg" : "97469da667d6110f9cbda1d1a20673", + "ct" : "32db66c4a3819d81557455e5980fed", + "tag" : "feae30dec94e6ad3a9eea06a0d703917", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 16, + "comment" : "", + "key" : "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "iv" : "2fcb1b38a99e71b84740ad9b", + "aad" : "", + "msg" : "549b365af913f3b081131ccb6b825588", + "ct" : "e9110e9f56ab3ca483500ceabab67a13", + "tag" : "836ccabf15a6a22a51c1071cfa68fa0c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "", + "key" : "b907a45075513fe8a8019edee3f2591487b2a030b03c6e1d771c862571d2ea1e", + "iv" : "118a6964c2d3e380071f5266", + "aad" : "034585621af8d7ff", + "msg" : "55a465644f5b650928cbee7c063214d6", + "ct" : "e4b113cb775945f3d3a8ae9ec141c00c", + "tag" : "7c43f16ce096d0dc27c95849dc383b7d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "", + "key" : "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "iv" : "45aaa3e5d16d2d42dc03445d", + "aad" : "", + "msg" : "3ff1514b1c503915918f0c0c31094a6e1f", + "ct" : "02cc3acb5ee1fcdd12a03bb857976474d3", + "tag" : "d83b7463a2c3800fe958c28eaa290813", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "", + "key" : "f60c6a1b625725f76c7037b48fe3577fa7f7b87b1bd5a982176d182306ffb870", + "iv" : "f0384fb876121410633d993d", + "aad" : "9aaf299eeea78f79", + "msg" : "63858ca3e2ce69887b578a3c167b421c9c", + "ct" : "35766488d2bc7c2b8d17cbbb9abfad9e6d", + "tag" : "1f391e657b2738dda08448cba2811ceb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "", + "key" : "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "iv" : "e6b1adf2fd58a8762c65f31b", + "aad" : "", + "msg" : "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", + "ct" : "42f26c56cb4be21d9d8d0c80fc99dde00d75f38074bfe764", + "tag" : "54aa7e13d48fff7d7557039457040a3a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "", + "key" : "c5bc09565646e7edda954f1f739223dada20b95c44ab033d0fae4b0283d18be3", + "iv" : "6b282ebecc541bcd7834ed55", + "aad" : "3e8bc5ade182ff08", + "msg" : "9222f9018e54fd6de1200806a9ee8e4cc904d29f25cba193", + "ct" : "123032437b4bfd6920e8f7e7e0087ae4889ebe7a0ad0e900", + "tag" : "3cf68f179550da63d3b96c2d55411865", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "", + "key" : "2eb51c469aa8eb9e6c54a8349bae50a20f0e382711bba1152c424f03b6671d71", + "iv" : "04a9be03508a5f31371a6fd2", + "aad" : "", + "msg" : "b053999286a2824f42cc8c203ab24e2c97a685adcc2ad32662558e55a5c729", + "ct" : "45c7d6b53acad4abb68876a6e96a48fb59524d2c92c9d8a189c9fd2db91746", + "tag" : "566d3ca10e311b695f3eae1551652493", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "", + "key" : "7f5b74c07ed1b40fd14358fe2ff2a740c116c7706510e6a437f19ea49911cec4", + "iv" : "470a339ecb3219b8b81a1f8b", + "aad" : "374618a06ea98a48", + "msg" : "f45206abc25552b2abc9ab7fa243035fedaaddc3b2293956f1ea6e7156e7eb", + "ct" : "46a80c4187024720084627580080dde5a3f4a11093a7076ed6f3d326bc7b70", + "tag" : "534d4aa2835a52e72d14df0e4f47f25f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 24, + "comment" : "", + "key" : "e1731d5854e1b70cb3ffe8b786a2b3ebf0994370954757b9dc8c7bc5354634a3", + "iv" : "72cfd90ef3026ca22b7e6e6a", + "aad" : "", + "msg" : "b9c554cbc36ac18ae897df7beecac1dbeb4eafa156bb60ce2e5d48f05715e678", + "ct" : "ea29afa49d36e8760f5fe19723b9811ed5d519934a440f5081ac430b953b0e21", + "tag" : "222541af46b86533c6b68d2ff108a7ea", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 25, + "comment" : "", + "key" : "27d860631b0485a410702fea61bc873f3442260caded4abde25b786a2d97f145", + "iv" : "262880d475f3dac5340dd1b8", + "aad" : "2333e5ce0f93b059", + "msg" : "6b2604996cd30c14a13a5257ed6cffd3bc5e29d6b97eb1799eb335e281ea451e", + "ct" : "6dad637897544d8bf6be9507ed4d1bb2e954bc427e5de729daf50762846ff2f4", + "tag" : "7b997d93c982189d7095dc794c746232", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 26, + "comment" : "", + "key" : "cf0d40a4644e5f51815165d5301b22631f4544c49a1878e3a0a5e8e1aae0f264", + "iv" : "e74a515e7e2102b90bef55d2", + "aad" : "", + "msg" : "973d0c753826bae466cf9abb3493152e9de7819e2bd0c71171346b4d2cebf8041aa3cedc0dfd7b467e26228bc86c9a", + "ct" : "fba78ae4f9d808a62e3da40be2cb7700c3613d9eb2c529c652e76a432c658d27095f0eb8f940c324981ea935e507f9", + "tag" : "8f046956db3a512908bd7afc8f2ab0a9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 27, + "comment" : "", + "key" : "6cbfd71c645d184cf5d23c402bdb0d25ec54898c8a0273d42eb5be109fdcb2ac", + "iv" : "d4d807341683825b31cd4d95", + "aad" : "b3e4064683b02d84", + "msg" : "a98995504df16f748bfb7785ff91eeb3b660ea9ed3450c3d5e7b0e79ef653659a9978d75542ef91c456762215640b9", + "ct" : "a1ffed80761829ecce242e0e88b138049016bca018da2b6e19986b3e318cae8d806198fb4c527cc39350ebddeac573", + "tag" : "c4cbf0befda0b70242c640d7cd02d7a3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 28, + "comment" : "", + "key" : "5b1d1035c0b17ee0b0444767f80a25b8c1b741f4b50a4d3052226baa1c6fb701", + "iv" : "d61040a313ed492823cc065b", + "aad" : "", + "msg" : "d096803181beef9e008ff85d5ddc38ddacf0f09ee5f7e07f1e4079cb64d0dc8f5e6711cd4921a7887de76e2678fdc67618f1185586bfea9d4c685d50e4bb9a82", + "ct" : "9a4ef22b181677b5755c08f747c0f8d8e8d4c18a9cc2405c12bb51bb1872c8e8b877678bec442cfcbb0ff464a64b74332cf072898c7e0eddf6232ea6e27efe50", + "tag" : "9ff3427a0f32fa566d9ca0a78aefc013", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 29, + "comment" : "", + "key" : "97d635c4f47574d9998a90875da1d3a284b755b2d39297a5725235190e10a97e", + "iv" : "d31c21aba175b70de4ebb19c", + "aad" : "7193f623663321a2", + "msg" : "94ee166d6d6ecf8832437136b4ae805d428864359586d9193a25016293edba443c58e07e7b7195ec5bd84582a9d56c8d4a108c7d7ce34e6c6f8ea1bec0567317", + "ct" : "5fbbdecc34be201614f636031eeb42f1cace3c79a12cffd871ee8e73820c829749f1abb4294367849fb6c2aa56bda8a3078f723d7c1c852024b017b58973fb1e", + "tag" : "09263da7b4cb921452f97dca40f580ec", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 30, + "comment" : "", + "key" : "fe6e55bdaed1f7284ca5fc0f8c5f2b8df56dc0f49e8ca66a41995e783351f901", + "iv" : "17c86a8abbb7e003acde2799", + "aad" : "", + "msg" : "b429eb80fb8fe8baeda0c85b9c333458e7c2992e558475069d12d45c22217564121588032297eff56783742a5fc22d7410ffb29d66098661d76f126c3c27689e43b37267cac5a3a6d3ab49e391da29cd3054a5692e2807e4c3ea46c8761d50f592", + "ct" : "d0102f6c258bf49742cec34cf2d0fedf23d105fb4c84cf98515e1bc9a64f8ad5be8f0721bde50645d00083c3a263a31053b760245f52ae2866a5ec83b19f61be1d30d5c5d9fecc4cbbe08fd385813a2aa39a00ff9c10f7f23702add1e4b2ffa31c", + "tag" : "41865fc71de12b19612127ce49993bb0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 31, + "comment" : "", + "key" : "aabc063474e65c4c3e9bdc480dea97b45110c8618846ff6b15bdd2a4a5682c4e", + "iv" : "46362f45d6379e63e5229460", + "aad" : "a11c40b603767330", + "msg" : "ceb534ce50dc23ff638ace3ef63ab2cc2973eeada80785fc165d06c2f5100ff5e8ab2882c475afcd05ccd49f2e7d8f55ef3a72e3dc51d6852b8e6b9e7aece57be6556b0b6d9413e33fc5fc24a9a205ad59574bb39d944a92dc47970d84a6ad3176", + "ct" : "7545391b51de01d5c53dfaca777909063e58edee4bb1227e7110ac4d2620c2aec2f848f56deeb037a8dced75afa8a6c890e2dee42f950bb33d9e2424d08a505d899563973ed38870f3de6ee2adc7fe072c366c14e2cf7ca62fb3d36bee11685461", + "tag" : "b70d44ef8c66c5c7bbf10dcadd7facf6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 32, + "comment" : "", + "key" : "7d00b48095adfa3272050607b264185002ba99957c498be022770f2ce2f3143c", + "iv" : "87345f1055fd9e2102d50656", + "aad" : "02", + "msg" : "e5ccaa441bc814688f8f6e8f28b500b2", + "ct" : "7e72f5a185af16a611921b438f749f0b", + "tag" : "1242c670732334029adfe1c5001651e4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 33, + "comment" : "", + "key" : "6432717f1db85e41ac7836bce25185a080d5762b9e2b18444b6ec72c3bd8e4dc", + "iv" : "87a3163ec0598ad95b3aa713", + "aad" : "b648", + "msg" : "02cde168fba3f544bbd0332f7adeada8", + "ct" : "85f29a719557cdd14d1f8fffab6d9e60", + "tag" : "732ca32becd515a1ed353f542e999858", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 34, + "comment" : "", + "key" : "8e34cf73d245a1082a920b86364eb896c4946467bcb3d58929fcb36690e6394f", + "iv" : "6f573aa86baa492ba46596df", + "aad" : "bd4cd02fc7502bbdbdf6c9a3cbe8f0", + "msg" : "16ddd23ff53f3d23c06334487040eb47", + "ct" : "c1b295936d56fadac03e5f742bff73a1", + "tag" : "39c457dbab66382babb3b55800cda5b8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 35, + "comment" : "", + "key" : "cb5575f5c7c45c91cf320b139fb594237560d0a3e6f865a67d4f633f2c08f016", + "iv" : "1a6518f02ede1da6809266d9", + "aad" : "89cce9fb47441d07e0245a66fe8b778b", + "msg" : "623b7850c321e2cf0c6fbcc8dfd1aff2", + "ct" : "c84c9bb7c61c1bcb17772a1c500c5095", + "tag" : "dbadf7a5138ca03459a2cd65831e092f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "", + "key" : "a5569e729a69b24ba6e0ff15c4627897436824c941e9d00b2e93fddc4ba77657", + "iv" : "564dee49ab00d240fc1068c3", + "aad" : "d19f2d989095f7ab03a5fde84416e00c0e", + "msg" : "87b3a4d7b26d8d3203a0de1d64ef82e3", + "ct" : "94bc80621ed1e71b1fd2b5c3a15e3568", + "tag" : "333511861796978401598b963722f5b3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "", + "key" : "56207465b4e48e6d04630f4a42f35cfc163ab289c22a2b4784f6f9290330bee0", + "iv" : "df8713e87ec3dbcfad14d53e", + "aad" : "5e6470facd99c1d81e37cd44015fe19480a2a4d3352a4ff560c0640fdbda", + "msg" : "e601b38557797da2f8a4106a089d1da6", + "ct" : "299b5d3f3d03c087209a16e285143111", + "tag" : "4b454ed198de117e83ec49fa8d8508d6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "", + "key" : "3937986af86dafc1ba0c4672d8abc46c207062682d9c264ab06d6c5807205130", + "iv" : "8df4b15a888c33286a7b7651", + "aad" : "ba446f6f9a0ced22450feb10737d9007fd69abc19b1d4d9049a5551e86ec2b37", + "msg" : "dc9e9eaf11e314182df6a4eba17aec9c", + "ct" : "605bbf90aeb974f6602bc778056f0dca", + "tag" : "38ea23d99054b46b42ffe004129d2204", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "", + "key" : "36372abcdb78e0279646ac3d176b9674e9154eecf0d5469c651ec7e16b4c1199", + "iv" : "be40e5f1a11817a0a8fa8949", + "aad" : "d41a828d5e71829247021905402ea257dccbc3b80fcd5675056b68bb59e62e8873", + "msg" : "81ce84ede9b35859cc8c49a8f6be7dc6", + "ct" : "7b7ce0d824809a70de32562ccf2c2bbd", + "tag" : "15d44a00ce0d19b4231f921e22bc0a43", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "", + "key" : "9f1479ed097d7fe529c11f2f5add9aaff4a1ca0b68997a2cb7f79749bd90aaf4", + "iv" : "84c87dae4eee27730ec35d12", + "aad" : "3f2dd49bbf09d69a78a3d80ea2566614fc379474196c1aae84583da73d7ff85c6f42ca42056a9792cc1b9fb3c7d261", + "msg" : "a66747c89e857af3a18e2c79500087ed", + "ct" : "ca82bff3e2f310ccc976672c4415e69b", + "tag" : "57638c62a5d85ded774f913c813ea032", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000000000000000000000000000", + "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329be", + "ct" : "0000000000000000000000000000000000000000000000000000000000000000", + "tag" : "e6d3d7324a1cbba777bbb0ecdda37807", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000000000000000000000000000", + "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd", + "ct" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "062de6795f274fd2a305d76980bc9cce", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 43, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000000000000000000000000000", + "msg" : "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd7ada44424269bffa5527f270acf68502b74c5ae2e60c0580981a4938459392c49bb2f284b646efc7f3f0b1361dc348ed77d30bc57692ed38fbac0188380488c7", + "ct" : "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "tag" : "d8b47902baaeafb34203051529af282e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffffffffffffffffffffffffffff", + "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd641", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "b3891c849cb52c27747edfcf31213bb6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffffffffffffffffffffffffffff", + "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4e121030174325e495ea373d4f796002d13a1d91aac484dd801780242", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "f0c12d26ef03029b62c008da27c5dc68", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffffffffffffffffffffffffffff", + "msg" : "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4e121030174325e495ea373d4f796002d13a1d91aac484dd8017802428525bbbdbd964005aad80d8f53097afd48b3a51d19f3fa7f67e5b6c7ba6c6d3b644d0d7b49b910380c0f4ec9e23cb712882cf43a896d12c70453fe77c7fb7738", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "ee65783001c25691fa28d0f5f1c1d762", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000080000000800000008000000080", + "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293e", + "ct" : "0000008000000080000000800000008000000080000000800000008000000080", + "tag" : "79ba7a29f5a7bb75797af87a610129a4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000080000000800000008000000080", + "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d", + "ct" : "00000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080", + "tag" : "36b1743819e1b9ba1551e8ed922a959a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000080000000800000008000000080", + "msg" : "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d7ada44c24269bf7a5527f2f0acf68582b74c5a62e60c0500981a49b8459392449bb2f204b646ef47f3f0b1b61dc3486d77d30b457692edb8fbac010838048847", + "ct" : "0000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080000000800000008000000080", + "tag" : "feac4955554e806f3a1902e24432c08a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffff7fffffff7fffffff7fffffff7f", + "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c1", + "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f", + "tag" : "20a3798df1292c5972bf9741aec38a19", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffff7fffffff7fffffff7fffffff7f", + "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c2", + "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f", + "tag" : "c03d9f67354a97b2f074f7551557e49c", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffff7fffffff7fffffff7fffffff7f", + "msg" : "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c28525bb3dbd964085aad80d0f53097a7d48b3a59d19f3faff67e5b647ba6c6dbb644d0dfb49b910b80c0f4e49e23cb792882cf4ba896d12470453fef7c7fb77b8", + "ct" : "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f", + "tag" : "c86da8dd652286d50213d328d63e4006", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "7fffffff7fffffff7fffffff7fffffff", + "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd641", + "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff", + "tag" : "bede9083ceb36ddfe5fa811f95471c67", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "7fffffff7fffffff7fffffff7fffffff", + "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a461210301f4325e49dea373d47796002d93a1d91a2c484dd881780242", + "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff", + "tag" : "300874bb0692b689dead9ae15b067390", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "7fffffff7fffffff7fffffff7fffffff", + "msg" : "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a461210301f4325e49dea373d47796002d93a1d91a2c484dd8817802420525bbbd3d9640052ad80d8fd3097afdc8b3a51d99f3fa7fe7e5b6c73a6c6d3be44d0d7bc9b910388c0f4ec9623cb712082cf43a096d12c78453fe7747fb7738", + "ct" : "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff", + "tag" : "99cad85f45ca40942d0d4d5e950ade22", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000ffffffff00000000ffffffff", + "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641", + "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "tag" : "8bbe145272e7c2d9a1891a3ab0983d9d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 57, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000ffffffff00000000ffffffff", + "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5be12103018bcda1b65ea373d40869ffd213a1d91a53b7b22701780242", + "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "tag" : "3b41861913a8f6de7f61e225631bc382", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "00000000ffffffff00000000ffffffff", + "msg" : "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5be12103018bcda1b65ea373d40869ffd213a1d91a53b7b227017802427ada4442bd9640055527f27053097afdb74c5ae219f3fa7f981a4938ba6c6d3b9bb2f28449b91038f3f0b136e23cb71277d30bc5896d12c7fbac0188c7fb7738", + "ct" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "tag" : "8428bcf023ec6bf31fd9efb203ff0871", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffff00000000ffffffff00000000", + "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be", + "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "tag" : "139fdf6474ea24f549b075825f2c7620", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffff00000000ffffffff00000000", + "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a41edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd", + "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "tag" : "bbad8d863b835a8e8664fd1d4566b6b4", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000000000000000001ee3200", + "aad" : "ffffffff00000000ffffffff00000000", + "msg" : "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a41edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd8525bbbd4269bffaaad80d8facf6850248b3a51de60c058067e5b6c7459392c4644d0d7bb646efc70c0f4ec91dc348ed882cf43a7692ed380453fe77380488c7", + "ct" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "tag" : "42f2354297849a511d53e5571772f71f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "Flipped bit 0 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a2e3fdf9fba6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "Flipped bit 1 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a1e3fdf9fba6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "Flipped bit 7 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "23e3fdf9fba6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "Flipped bit 8 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e2fdf9fba6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "Flipped bit 31 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fd79fba6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "Flipped bit 32 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9faa6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 68, + "comment" : "Flipped bit 33 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9f9a6861b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "Flipped bit 63 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6869b5ad2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "Flipped bit 64 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5bd2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 71, + "comment" : "Flipped bit 77 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5af2607f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "Flipped bit 80 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2617f40b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 73, + "comment" : "Flipped bit 96 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f41b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "Flipped bit 97 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f42b7f447", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "Flipped bit 120 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f40b7f446", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 76, + "comment" : "Flipped bit 121 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f40b7f445", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 77, + "comment" : "Flipped bit 126 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f40b7f407", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "Flipped bit 127 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6861b5ad2607f40b7f4c7", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 79, + "comment" : "Flipped bit 63 and 127 in tag expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "a3e3fdf9fba6869b5ad2607f40b7f4c7", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 80, + "comment" : "Tag changed to all zero expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 81, + "comment" : "tag change to all 1 expected tag:a3e3fdf9fba6861b5ad2607f40b7f447", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "", + "ct" : "", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "Flipped bit 0 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "26da374f17b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "Flipped bit 1 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "25da374f17b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "Flipped bit 7 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "a7da374f17b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "Flipped bit 8 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27db374f17b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "Flipped bit 31 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da37cf17b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "Flipped bit 32 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f16b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 88, + "comment" : "Flipped bit 33 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f15b7f1b23844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 89, + "comment" : "Flipped bit 63 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1323844a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 90, + "comment" : "Flipped bit 64 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23944a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 91, + "comment" : "Flipped bit 77 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23864a5490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 92, + "comment" : "Flipped bit 80 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a4490bfc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 93, + "comment" : "Flipped bit 96 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a5490afc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 94, + "comment" : "Flipped bit 97 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a54909fc4001", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 95, + "comment" : "Flipped bit 120 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a5490bfc4000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 96, + "comment" : "Flipped bit 121 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a5490bfc4003", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 97, + "comment" : "Flipped bit 126 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a5490bfc4041", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 98, + "comment" : "Flipped bit 127 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1b23844a5490bfc4081", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 99, + "comment" : "Flipped bit 63 and 127 in tag expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "27da374f17b7f1323844a5490bfc4081", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 100, + "comment" : "Tag changed to all zero expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "00000000000000000000000000000000", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 101, + "comment" : "tag change to all 1 expected tag:27da374f17b7f1b23844a5490bfc4001", + "key" : "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "iv" : "000102030405060708090a0b", + "aad" : "616164", + "msg" : "00000000000000000000000000000000", + "ct" : "2cf8ae525fc86025268a4e1d88bead19", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "invalid", + "flags" : [] + }, + { + "tcId" : 102, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "30303030303030300002506e", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "d4500bf009493551c380adf52c573a69df7e8b762463330facc16a5726be7190c63c5a1c926584a096756828dcdc64acdf963d931bf1dae238f3f157224ac4b542d785b0dd84db6be3bc5a3663e84149ffbed09e54f78f16a8223b24cb019f58b21b0e551e7aa07327629551376ccbc3937671a0629bd95c9915c78555771e7a", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "0b300d8da56c2185755279553c4c82ca", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 103, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "3030303030303030000318a5", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "7de87f6729945275d0655da4c7fde4569e16f111b5eb26c22d859e3ff822eced3a6dd9a60f22957f7b7c857e8822eb9fe0b8d7022141f2d0b48f4b5612d322a88dd0fe0b4d9179324f7c6c9e990efbd80e5ed6775826498b1efe0f71a0f3ec5b29cb28c2540a7dcd51b7daaee0ff4a7f3ac1ee54c29ee4c170de408f66692194", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "c578e2aa44d309b7b6a5193bdc6118f5", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 104, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "00000000000000000007b4f0", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "1b996f9a3ccc6785de22ff5b8add9502ce03a0faf5992a09522cdd1206d220b8f8bd07d1f1f5a1bd9a71d11c7f579b855818c08d4de036393183b7f590b335aed8de5b57b13c5fede2441c3e184aa9d46e61598506b3e11c43c62cbcaceced33190875b012218b1930fb7c38ec45ac11c353d0cf938dccb9efad8fedbe46daa5", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "4b0bda8ad043830d8319ab82c50c7663", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 105, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "00000000000000000020fb66", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "86cbacae4d3f74ae01213e0551cc15160ea1be8408e3d5d74f01464995a69e6176cb9e02b2247ed299892f9182a45caf4c69405611766edfafdc285519ea30480c44f05e781eacf8fcecc7090abb28fa5fd585ac8cda7e8772e594e4ce6c883281932e0f89f877a1f04d9c32b06cf90b0e762b430c4d517c97107068f498ef7f", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "4bc98f72c494c2a43c2b15a1043f1cfa", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 106, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "00000000000000000038bb90", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "fab1cddf4fe198ef63add881d6ead6c57637bbe92018ca7c0b96fba0871e932db1fbf90761be25df8dfaf931ce5757e617b3d7a9f0bf0ffe5d591a33c143b8f53fd0b5a19609fd62e5c251a4281a200cfdc34f281710406f4e37625446ff6ef224913deb0d89af337128e3d155d16d3ec3246041432143e9ab3a6d2ccc2f4d62", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "f7e9e151b02533c74658bfc7737c680d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 107, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "00000000000000000070484a", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "227202be7f3515e9d1c02eea2f1950b6481b048a4c91506cb40d504e6c949f82d197c25ad17dc721651125782ac7a71247feaef32f1f250ce4bb8f79acaa179d45a7b0545f0924325efa87d5e441d28478c61f2223ee67c3b41f4394535e2a24369a2e16613c459490c14fb1d755fe53fbe1ee45b1b21f7162e2fcaa742abefd", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "795bcff647c553c2e4eb6e0eafd9e04e", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 108, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "000000000000000000932f40", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "fae58345c16cb0f5cc537f2b1b3469c969463b3ea71bcf6b98d669a8e60e04fc08d5fd069c362638e3400ef4cb242e27e2245e68cb9ec583da5340b12edf423b7326ad20feeb57daca2e0467a32899b42df8e56d84e006bc8a7acc731e7c1f6becb5719f7077f0d4f4c61ab11ebac1001801ce33c4e4a77d831d3ce34e8410e1", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "1946d653960f947a74d3e8093cf48502", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 109, + "comment" : "checking for int overflows", + "key" : "3030303030303030303030303030303030303030303030303030303030303030", + "iv" : "000000000000000000e29335", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "ebb216ddd7ca709215f503df9ce63c5cd2194e7d9099e8a90b2afaad5eba35069925a603fdbc341aaed41505b10941fa3856a7e247b1040709746cfc2096caa631b2fff41c250506d889c1c90671ade853ee6394c19192a5cf3710d1073099e5bc946582fc0fab9f543c716ae2486a8683fdca39d2e14f23d00a582664f4ecb1", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "36c3002985dd21baf895d633573f12c0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 110, + "comment" : "checking for int overflows", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000000ef7d5", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "408ae6ef1c7ef0fb2c2d610816fc7849efa58f78273f5f166ea65f81b575747d035b3040fede1eb9459788669788408e00413b3e376d152d204aa2b7a83558fcd48a0ef7a26b1cd6d35d23b3f5dfe0ca77a4ce32b94abf83da2aefcaf068380879e89fb0a3829595cf44c3852ae2cc662b689f9355d9c183801f6acc313f8907", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "6514518e0a264142e0b7351f967fc2ae", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 111, + "comment" : "checking for int overflows", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000003dfce4", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "0a0a24499bcade58cf1576c312aca984718cb4cc7e0153f5a9015810859644dfc021174e0b060a397448de8b484a8603be680a6934c0906f30dd17eae2d4c5faa777f8ca53370e08331b88c342bac959787bbb33930e3b56be86da7f2a6eb1f94089d1d181074d4302f8e0552d0de1fab306a21b42d4c3ba6e6f0cbcc81e877a", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "4c194da6a99fd65b40e9cad798f44b19", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 112, + "comment" : "checking for int overflows", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000018486a8", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "4a0aaff8494729188691701340f3ce2b8a78eed3a0f065994b72484e7991d25c29aa075eb1fc16de93fe069058112ab284a3ed18780326d1258a47222fa633d8b29f3bd9150b239b1546c2bb9b9f410febead396000ee477701532c3d0f5fbf895d280196d2f737c5e9fec50d92bb0df5d7e513be5b8ea971310d5bf16ba7aee", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "c8ae7788cd2874abc138541e11fd0587", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 113, + "comment" : "checking for int overflows", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "msg" : "ff9428d079351f665cd001354319875c783d35f613e6d9093d38e975c38fe3b89f7aed35cb5a2fcaa0346efb936554649cf6378171eae4396ea15dc240d1abf4472d9096524fa1b2b023b8b288222773d4d206616f9293f65b45dbbc74e7c2edfbcbbf1cfb679bb739a5862de2bcb937f74d5bf8671c5a8a5092f61d54c9aa5b", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "933a5163c7f62368327b3fbc1036c943", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 114, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "85ffffffffffffffffffffffffffffffa6902fcbc883bbc180b256ae34ad7f00", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "000102030405060708090a0b0c0d0e0f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 115, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "ffffffffffffffffffffffffffffffff247e50642a1c0a2f8f77219609dba958", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "00000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 116, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "7cffffffffffffffffffffffffffffffd9e72c064ac8961f3fa585e0e2abd600", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "ffffffffffffffffffffffffffffffff", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 117, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "65ffffffffffffffffffffffffffffff95af0f4d0b686eaeccca4307d596f502", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "00000080000000800000008000000080", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 118, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "ffffffffffffffffffffffffffffffff8540b464357707be3a39d55c34f8bcb3", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "ffffff7fffffff7fffffff7fffffff7f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 119, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "4fffffffffffffffffffffffffffffff6623d990b898d830d212af2383330701", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "01000000010000000100000001000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 120, + "comment" : "special case tag", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "000102030405060708090a0b", + "aad" : "83ffffffffffffffffffffffffffffff5f16d09f17787211b7d484e024f89701", + "msg" : "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd0176704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ct" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "tag" : "ffffffff000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 121, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "005235d2a919f28d3db7664a34ae6b444d3d35f613e6d9093d38e975c38fe3b85b8b94509e2b74a36d346e33d572659ba9f6378171eae4396ea15dc240d1abf483dce9f3073efadb7d23b87ace35168c", + "ct" : "0039e2fd2fd312149e989880884813e7caffffffffffffffffffffffffffffff3b0e869aaa8ea49632ffff37b9e8ce00caffffffffffffffffffffffffffffff3b0e869aaa8ea49632ffff37b9e8ce00", + "tag" : "a519ac1a35b4a57787510af78d8d200a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 122, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "d39428d079351f665cd001354319875ce5da78766fa19290c031f75208506745ae7aed35cb5a2fcaa0346efb93655464496ddeb05509c6efffab75eb2df4ab09762d9096524fa1b2b023b8b2882227730149ef504b71b120ca4ff39519c2c210", + "ct" : "d3ffffffffffffffffffffffffffffff6218b27f83b8b46602f6e1d834207b02ceffffffffffffffffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02ceffffffffffffffffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02", + "tag" : "302fe82ab0a09af64400d015ae83d9cc", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 123, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "e99428d079351f665cd001354319875c6df1394edc539b5b3a0957be0fb85946807aed35cb5a2fcaa0346efb93655464d1769fe806bbfeb6f590950f2eac9e0a582d9096524fa1b2b023b8b2882227739952ae0818c38979c07413711a9af713", + "ct" : "e9ffffffffffffffffffffffffffffffea33f347304abdadf8ce413433c84501e0ffffffffffffffffffffffffffffffb27f579688aee57064ce37329182ca01e0ffffffffffffffffffffffffffffffb27f579688aee57064ce37329182ca01", + "tag" : "98a7e836e0ee4d023500d0557ec2cbe0", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 124, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875c64f90f5b2692b860d4596ff4b3402c5c00b9bb53707aa667d356fe50c7199694033561e7caca6d941dc3cd6914ad6904", + "ct" : "ffffffffffffffffffffffffffffffffe33bc552ca8b9e96169e797e8f30301b603ca99944df76528c9d6f54ab833d0f603ca99944df76528c9d6f54ab833d0f", + "tag" : "6ab8dce2c59da4737130b0252f68a8d8", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 125, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "689428d079351f665cd001354319875cb08f25675b9bcbf6e38407de2ec75a479f7aed35cb5a2fcaa0346efb936554642d2af7cd6b080501d31ba54fb2eb7596472d9096524fa1b2b023b8b288222773650ec62d757072cee6ff233186dd1c8f", + "ct" : "68ffffffffffffffffffffffffffffff374def6eb782ed002143115412b74600ffffffffffffffffffffffffffffffff4e233fb3e51d1ec7424507720dc5219dffffffffffffffffffffffffffffffff4e233fb3e51d1ec7424507720dc5219d", + "tag" : "044dea608880412bfdffcf35579e9b26", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 126, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "6d9428d079351f665cd001354319875ca161b5ab040900629efeff78d7d86b459f7aed35cb5a2fcaa0346efb93655464c6f8078cc8ef12a0ff657d6d08db10b8472d9096524fa1b2b023b8b2882227738edc366cd697656fca81fb133ced79a1", + "ct" : "6dffffffffffffffffffffffffffffff26a37fa2e81026945c39e9f2eba87702ffffffffffffffffffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3ffffffffffffffffffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3", + "tag" : "1e6bea6314542e2ef9ffcf450b2e982b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 127, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875cfc01b891e5f0f9128d7d1c579192b69863414415b69968959a7291b7a5af134860cd9ea10c29a36654e7a28e761becd8", + "ct" : "ffffffffffffffffffffffffffffffff7bc3729809e9dfe44fba0addade2aadf03c456df823cb8a0c5b900b3c935b8d303c456df823cb8a0c5b900b3c935b8d3", + "tag" : "ed2017c8dba4775629049d786e3bceb1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 128, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875c6b6dc9d21a819e70b577f44137d3d6bd1335f5eb44494077b26449a54b6c7c7510b92f5ffef98b847cf17a9c98d883e5", + "ct" : "ffffffffffffffffffffffffffffffffecaf03dbf698b88677b0e2cb0ba3cafa73b0e72170ec9042edafd8a127f6d7ee73b0e72170ec9042edafd8a127f6d7ee", + "tag" : "073f17cb6778645925049d8822cbcab6", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 129, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ffcb2b1106f8234c5e99d4db4c7048de323d35f613e6d9093d38e975c38fe3b816e9884a114f0e9266cea3885fe36b9fd6f6378171eae4396ea15dc240d1abf4cebef5e9885a80ea76d975c144a41888", + "ct" : "ffa0fc3e8032c3d5fdb62a11f096307db5ffffffffffffffffffffffffffffff766c9a8025eadea73905328c3379c004b5ffffffffffffffffffffffffffffff766c9a8025eadea73905328c3379c004", + "tag" : "8b9bb4b4861289658c696a8340150405", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 130, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "6f9e70ed3b8baca026e46a5a0943158d213d35f613e6d9093d38e975c38fe3b80c612c5e8d89a873dbcaad5b7346429bc5f6378171eae4396ea15dc240d1abf4d43651fd149c260bcbdd7b126801318c", + "ct" : "6ff5a7c2bd414c3985cb9490b5a56d2ea6ffffffffffffffffffffffffffffff6ce43e94b92c784684013c5f1fdce900a6ffffffffffffffffffffffffffffff6ce43e94b92c784684013c5f1fdce900", + "tag" : "8b3bbd51644459568d81ca1fa72ce404", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 131, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "412b080a3e19c10d44a1af1eabdeb4ce353d35f613e6d9093d38e975c38fe3b86b8394330921486ca11d291c3e97ee9ad1f6378171eae4396ea15dc240d1abf4b3d4e9909034c614b10aff5525d09d8d", + "ct" : "4140df25b8d32194e78e51d41738cc6db2ffffffffffffffffffffffffffffff0b0686f93d849859fed6b818520d4501b2ffffffffffffffffffffffffffffff0b0686f93d849859fed6b818520d4501", + "tag" : "86fbab2b4a94f47aa56f0aea65d11008", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 132, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "b247a74723491aacacaad709c91e932b313d35f613e6d9093d38e975c38fe3b89ade04e75bb701d9660601b34765de98d5f6378171eae4396ea15dc240d1abf442897944c2a28fa17611d7fa5c22ad8f", + "ct" : "b22c7068a583fa350f8529c375f8eb88b6fffffffffffffffffffffffffffffffa5b162d6f12d1ec39cd90b72bff7503b6fffffffffffffffffffffffffffffffa5b162d6f12d1ec39cd90b72bff7503", + "tag" : "a019ac2ed667e17da16f0afa19610d0d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 133, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "740f9e49f610efa585b659ca6ed8b4992d3d35f613e6d9093d38e975c38fe3b8412d96afbe80ec3e79d451b00a2db29ac9f6378171eae4396ea15dc240d1abf4997aeb0c2795624669c387f9116ac18d", + "ct" : "7464496670da0f3c2699a700d23ecc3aaaffffffffffffffffffffffffffffff21a884658a253c0b261fc0b466b71901aaffffffffffffffffffffffffffffff21a884658a253c0b261fc0b466b71901", + "tag" : "736e18181696a5889c3159faabab20fd", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 134, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "adba5d105bc8aa062c2336cb889ddbd5373d35f613e6d9093d38e975c38fe3b8177c5ffe2875f468f6c2965748f3599ad3f6378171eae4396ea15dc240d1abf4cf2b225db1607a10e6d5401e53b42a8d", + "ct" : "add18a3fdd024a9f8f0cc801347ba376b0ffffffffffffffffffffffffffffff77f94d341cd0245da90907532469f201b0ffffffffffffffffffffffffffffff77f94d341cd0245da90907532469f201", + "tag" : "bad58f10a91e6a889aba32fd17d8331a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 135, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "fe9428d079351f665cd001354319875cc001edc5da442e719bce9abe273af144b47aed35cb5a2fcaa0346efb9365546448025f41fa4e336c786957a2a7c4930a6c2d9096524fa1b2b023b8b28822277300266ea1e43644a34d8dd1dc93f2fa13", + "ct" : "feffffffffffffffffffffffffffffff47c327cc365d088759098c341b4aed03d4ffffffffffffffffffffffffffffff2b0b973f745b28aae937f59f18eac701d4ffffffffffffffffffffffffffffff2b0b973f745b28aae937f59f18eac701", + "tag" : "d68ce174079add028dd05cf814630488", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 136, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "b513b06ab9ac14435acb8aa3a37afdb6543d35f613e6d9093d38e975c38fe3b861950193b1bf0311ff117989aed9a999b0f6378171eae4396ea15dc240d1abf4b9c27c3028aa8d69ef06afc0b59eda8e", + "ct" : "b57867453f66f4daf9e474691f9c8515d3ffffffffffffffffffffffffffffff01101359851ad324a0dae88dc2430202d3ffffffffffffffffffffffffffffff01101359851ad324a0dae88dc2430202", + "tag" : "aa48a3887d4b059699c2fdf9c6787e0a", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 137, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875cd4f109e814cea85a08c011d850dd1dcbcf7aed35cb5a2fcaa0346efb936554645340b85a9aa08296b77a5fc3961f660f172d9096524fa1b2b023b8b2882227731b6489ba84d8f559829ed9bda2290f16", + "ct" : "ffffffffffffffffffffffffffffffff5333c3e1f8d78eacca0707526cad018cafffffffffffffffffffffffffffffff3049702414b599502624fdfe29313204afffffffffffffffffffffffffffffff3049702414b599502624fdfe29313204", + "tag" : "b936a817f2211af129e2cf160fd42bcb", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 138, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875cdf4c62032d4119b588477e99925a56d9d67aed35cb5a2fcaa0346efb93655464fa84f0645536421b2bb9246ec219ed0b0e2d9096524fa1b2b023b8b288222773b2a0c1844b4e35d41e5da210f62f8412", + "ct" : "ffffffffffffffffffffffffffffffff588ea80ac1583f434a806813ae2a4a9eb6ffffffffffffffffffffffffffffff998d381adb2359ddbae786537d37b900b6ffffffffffffffffffffffffffffff998d381adb2359ddbae786537d37b900", + "tag" : "9f7ac4351f6b91e63097a713115d05be", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 139, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875c13f80a006dc1bbdad639a92fc7eca655f77aed35cb5a2fcaa0346efb936554646348b8fd29bf96d563a517e27d7bfc0f2f2d9096524fa1b2b023b8b2882227732b6c891d37c7e11a5641919c494d9516", + "ct" : "ffffffffffffffffffffffffffffffff943ac00981d89d2c14febfa5fb9cba1297ffffffffffffffffffffffffffffff00417083a7aa8d13f2fbb5dfc255a80497ffffffffffffffffffffffffffffff00417083a7aa8d13f2fbb5dfc255a804", + "tag" : "9a18a828070269f44700d009e7171cc9", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 140, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875c82e59b4582915038f933811e652dc66afc7aed35cb5a2fcaa0346efb93655464b671c8cac270c265a0ac2f535799880a242d9096524fa1b2b023b8b288222773fe55f92adc08b5aa9548a92d63afe113", + "ct" : "ffffffffffffffffffffffffffffffff0527514c6e8876ce3bf49794595dda2d9cffffffffffffffffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc019cffffffffffffffffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc01", + "tag" : "b436a82b93d555f74300d0199ba718ce", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 141, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "ff9428d079351f665cd001354319875cf1d12887b7216986a12d79098b6de60fc07aed35cb5a2fcaa0346efb93655464a7c75899f3e60af1fcb6c7307d87590f182d9096524fa1b2b023b8b288222773efe36979ed9e7d3ec952414e49b13016", + "ct" : "ffffffffffffffffffffffffffffffff7613e28e5b384f7063ea6f83b71dfa48a0ffffffffffffffffffffffffffffffc4ce90e77df311376de8650dc2a90d04a0ffffffffffffffffffffffffffffffc4ce90e77df311376de8650dc2a90d04", + "tag" : "ce54a82e1fa942fa3f00d0294f3715d3", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 142, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "cbf1da9e0ba9377374e69e1c0e600cfc343d35f613e6d9093d38e975c38fe3b8be3fa66b6ce7808aa3e45949f944649fd0f6378171eae4396ea15dc240d1abf46668dbc8f5f20ef2b3f38f00e2031788", + "ct" : "cb9a0db18d63d7ead7c960d6b286745fb3ffffffffffffffffffffffffffffffdebab4a1584250bffc2fc84d95decf04b3ffffffffffffffffffffffffffffffdebab4a1584250bffc2fc84d95decf04", + "tag" : "2383ab0b799205699b510aa709bf31f1", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 143, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "8f278694c4e9daebd58d3e5b966e8b68423d35f613e6d9093d38e975c38fe3b80653e7a331718833acc3b9adff1c3198a6f6378171eae4396ea15dc240d1abf4de049a00a864064bbcd46fe4e45b428f", + "ct" : "8f4c51bb42233a7276a2c0912a88f3cbc5ffffffffffffffffffffffffffffff66d6f56905d45806f30828a993869a03c5ffffffffffffffffffffffffffffff66d6f56905d45806f30828a993869a03", + "tag" : "8bfbab17a9e0b8748b510ae7d9fd2305", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 144, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "d59428d079351f665cd001354319875c9a22d70a48e24fddcdd4419de64c8f44fc7aed35cb5a2fcaa0346efb9365546477b5c907d9c9e1ea51851a204aad9f0a242d9096524fa1b2b023b8b2882227733f91f8e7c7b1962564619c5e7e9bf613", + "ct" : "d5ffffffffffffffffffffffffffffff1de01d03a4fb692b0f135717da3c93039cffffffffffffffffffffffffffffff14bc017957dcfa2cc0dbb81df583cb019cffffffffffffffffffffffffffffff14bc017957dcfa2cc0dbb81df583cb01", + "tag" : "49bc6e9fc51c4d503036644d842773d2", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 145, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "db9428d079351f665cd001354319875c75d5643aa5af934d8cce392cc3eedb47c07aed35cb5a2fcaa0346efb93655464601b5ad2067f28066a8f3281715ba808182d9096524fa1b2b023b8b288222773283f6b3218075fc95f6bb4ff456dc111", + "ct" : "dbfffffffffffffffffffffffffffffff217ae3349b6b5bb4e092fa6ff9ec700a0ffffffffffffffffffffffffffffff031292ac886a33c0fbd190bcce75fc03a0ffffffffffffffffffffffffffffff031292ac886a33c0fbd190bcce75fc03", + "tag" : "63da6ea251f039532c36645d38b76fd7", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 146, + "comment" : "edge case intermediate sums in poly1305", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "0000000000000000064c2d52", + "aad" : "ffffffff", + "msg" : "939428d079351f665cd001354319875c624839604216e403ebcc6af559ec8b43977aed35cb5a2fcaa0346efb93655464d8c8c3fa1a9e474abe52d02c8187e90f4f2d9096524fa1b2b023b8b28822277390ecf21a04e630858bb65652b5b18016", + "ct" : "93ffffffffffffffffffffffffffffffe58af369ae0fc2f5290b7c7f659c9704f7ffffffffffffffffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04f7ffffffffffffffffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04", + "tag" : "73eb2724b5c405f04d00d0f15840a1c1", + "result" : "valid", + "flags" : [] + } + ] + }, + { + "ivSize" : 64, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 147, + "comment" : "invalid nonce size", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "5f5f5f5f5f5f5f5f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 80, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 148, + "comment" : "invalid nonce size", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "5f5f5f5f5f5f5f5f5f5f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 88, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 149, + "comment" : "invalid nonce size", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "5f5f5f5f5f5f5f5f5f5f5f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 112, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 150, + "comment" : "invalid nonce size", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "5f5f5f5f5f5f5f5f5f5f5f5f5f5f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "", + "result" : "invalid", + "flags" : [] + } + ] + }, + { + "ivSize" : 128, + "keySize" : 256, + "tagSize" : 128, + "type" : "AeadTest", + "tests" : [ + { + "tcId" : 151, + "comment" : "invalid nonce size", + "key" : "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "iv" : "5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f5f", + "aad" : "", + "msg" : "", + "ct" : "", + "tag" : "", + "result" : "invalid", + "flags" : [] + } + ] + } + ] +} diff --git a/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json b/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json new file mode 100644 index 000000000..f6694876e --- /dev/null +++ b/security/nss/gtests/common/wycheproof/source_vectors/x25519_test.json @@ -0,0 +1,956 @@ +{ + "algorithm" : "X25519", + "generatorVersion" : "0.4.12", + "notes" : { + "LowOrderPublic" : "Curve25519 or its twist contains some points of low order. This test vector contains a public key with such a point. While many libraries reject such public keys, doing so is not a strict requirement according to RFC 7748.", + "Small public key" : "The public key is insecure and does not belong to a valid private key. Some libraries reject such keys.", + "Twist" : "Public keys are either points on curve25519 or points on its twist. Implementations may either reject such keys or compute X25519 using the twist. If a point multiplication is performed then it is important that the result is correct, since otherwise attacks with invalid keys are possible." + }, + "numberOfTests" : 87, + "header" : [], + "testGroups" : [ + { + "curve" : "curve25519", + "tests" : [ + { + "tcId" : 1, + "comment" : "normal case", + "curve" : "curve25519", + "public" : "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", + "private" : "4852834d9d6b77dadeabaaf2e11dca66d19fe74993a7bec36c6e16a0983feaba", + "shared" : "87b7f212b627f7a54ca5e0bcdaddd5389d9de6156cdbcf8ebe14ffbcfb436551", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 2, + "comment" : "normal case", + "curve" : "curve25519", + "public" : "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "4b82bd8650ea9b81a42181840926a4ffa16434d1bf298de1db87efb5b0a9e34e", + "result" : "valid", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 3, + "comment" : "public key on twist", + "curve" : "curve25519", + "public" : "63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733", + "private" : "588c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211998a8", + "shared" : "b1a707519495ffffb298ff941716b06dfab87cf8d91123fe2be9a233dda22212", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 4, + "comment" : "public key on twist", + "curve" : "curve25519", + "public" : "0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779", + "private" : "b05bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6960ba8", + "shared" : "67dd4a6e165533534c0e3f172e4ab8576bca923a5f07b2c069b4c310ff2e935b", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 5, + "comment" : "public key on twist", + "curve" : "curve25519", + "public" : "0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a", + "private" : "70e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210bed19c", + "shared" : "4a0638cfaa9ef1933b47f8939296a6b25be541ef7f70e844c0bcc00b134de64a", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 6, + "comment" : "public key on twist", + "curve" : "curve25519", + "public" : "343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c", + "private" : "68c1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad458d", + "shared" : "399491fce8dfab73b4f9f611de8ea0b27b28f85994250b0f475d585d042ac207", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 7, + "comment" : "public key on twist", + "curve" : "curve25519", + "public" : "fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142", + "private" : "d877b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69ea0b2", + "shared" : "2c4fe11d490a53861776b13b4354abd4cf5a97699db6e6c68c1626d07662f758", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 8, + "comment" : "public key = 0", + "curve" : "curve25519", + "public" : "0000000000000000000000000000000000000000000000000000000000000000", + "private" : "207494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd4debc", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "Small public key" + ] + }, + { + "tcId" : 9, + "comment" : "public key = 1", + "curve" : "curve25519", + "public" : "0100000000000000000000000000000000000000000000000000000000000000", + "private" : "202e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e4818cfab", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "Small public key" + ] + }, + { + "tcId" : 10, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "0200000000000000000000000000000000000000000000000000000000000000", + "private" : "38dde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f84", + "shared" : "9a2cfe84ff9c4a9739625cae4a3b82a906877a441946f8d7b3d795fe8f5d1639", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 11, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "0300000000000000000000000000000000000000000000000000000000000000", + "private" : "9857a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6aa5", + "shared" : "4da4e0aa072c232ee2f0fa4e519ae50b52c1edd08a534d4ef346c2e106d21d60", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 12, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000", + "private" : "48e2130d723305ed05e6e5894d398a5e33367a8c6aac8fcdf0a88e4b42820db7", + "shared" : "9ed10c53747f647f82f45125d3de15a1e6b824496ab40410ffcc3cfe95760f3b", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 13, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f", + "private" : "28f41011691851b3a62b641553b30d0dfddcb8fffcf53700a7be2f6a872e9fb0", + "shared" : "cf72b4aa6aa1c9f894f4165b86109aa468517648e1f0cc70e1ab08460176506b", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 14, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f", + "private" : "18a93b6499b9f6b3225ca02fef410e0adec23532321d2d8ef1a6d602a8c65b83", + "shared" : "5d50b62836bb69579410386cf7bb811c14bf85b1c7b17e5924c7ffea91ef9e12", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 15, + "comment" : "edge case on twist", + "curve" : "curve25519", + "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "c01d1305a1338a1fcac2ba7e2e032b427e0b04903165aca957d8d0553d8717b0", + "shared" : "19230eb148d5d67c3c22ab1daeff80a57eae4265ce2872657b2c8099fc698e50", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 16, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "0400000000000000000000000000000000000000000000000000000000000000", + "private" : "386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e21abe", + "shared" : "0fcab5d842a078d7a71fc59b57bfb4ca0be6873b49dcdb9f44e14ae8fbdfa542", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 17, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "private" : "e023a289bd5e90fa2804ddc019a05ef3e79d434bb6ea2f522ecb643a75296e95", + "shared" : "54ce8f2275c077e3b1306a3939c5e03eef6bbb88060544758d9fef59b0bc3e4f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 18, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", + "private" : "68f010d62ee8d926053a361c3a75c6ea4ebdc8606ab285003a6f8f4076b01e83", + "shared" : "f136775c5beb0af8110af10b20372332043cab752419678775a223df57c9d30d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 19, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "fffffffbfffffbffffdfffffdffffffffefffffefffff7fffff7ffffbfffff3f", + "private" : "58ebcb35b0f8845caf1ec630f96576b62c4b7b6c36b29deb2cb0084651755c96", + "shared" : "bf9affd06b844085586460962ef2146ff3d4533d9444aab006eb88cc3054407d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 20, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "private" : "188c4bc5b9c44b38bb658b9b2ae82d5b01015e093184b17cb7863503a783e1bb", + "shared" : "d480de04f699cb3be0684a9cc2e31281ea0bc5a9dcc157d3d20158d46ca5246d", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 21, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f", + "private" : "e06c11bb2e13ce3dc7673f67f5482242909423a9ae95ee986a988d98faee23a2", + "shared" : "4c4401cce6b51e4cb18f2790246c9bf914db667750a1cb89069092af07292276", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 22, + "comment" : "edge case for public key", + "curve" : "curve25519", + "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "c0658c46dde18129293877535b1162b6f9f5414a23cf4d2cbc140a4d99da2b8f", + "shared" : "578ba8cc2dbdc575afcf9df2b3ee6189f5337d6854c79b4ce165ea12293b3a0f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 23, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", + "private" : "10255c9230a97a30a458ca284a629669293a31890cda9d147febc7d1e22d6bb1", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 24, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", + "private" : "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 25, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "a0a05a3e8f9f44204d5f8059a94ac7dfc39a49ac016dd743dbfa43c5d671fd88", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 26, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "d0dbb3ed1906663f15420af31f4eaf6509d9a9949723500605ad7c1c6e7450a9", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 27, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "c0b1d0eb22b244fe3291140072cdd9d989b5f0ecd96c100feb5bca241c1d9f8f", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 28, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0000000000000000000000000000000000000000000000000000000000000080", + "private" : "480bf45f594942a8bc0f3353c6e8b8853d77f351f1c2ca6c2d1abf8a00b4229c", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 29, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0100000000000000000000000000000000000000000000000000000000000080", + "private" : "30f993fcf8514fc89bd8db14cd43ba0d4b2530e73c4276a05e1b145d420cedb4", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 30, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", + "private" : "c04974b758380e2a5b5df6eb09bb2f6b3434f982722a8e676d3da251d1b3de83", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 31, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", + "private" : "502a31373db32446842fe5add3e024022ea54f274182afc3d9f1bb3d39534eb5", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 32, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "90fa6417b0e37030fd6e43eff2abaef14c6793117a039cf621318ba90f4e98be", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 33, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "78ad3f26027f1c9fdd975a1613b947779bad2cf2b741ade01840885a30bb979c", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 34, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "98e23de7b1e0926ed9c87e7b14baf55f497a1d7096f93977680e44dc1c7b7b8b", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "LowOrderPublic" + ] + }, + { + "tcId" : 35, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0000000000000000000000000000000000000000000000000000000000000000", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 36, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0100000000000000000000000000000000000000000000000000000000000000", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 37, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 38, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 39, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 40, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 41, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 42, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0000000000000000000000000000000000000000000000000000000000000080", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 43, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "0100000000000000000000000000000000000000000000000000000000000080", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 44, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 45, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 46, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 47, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 48, + "comment" : "public key with low order", + "curve" : "curve25519", + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 49, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "f01e48dafac9d7bcf589cbc382c878d18bda3550589ffb5d50b523bebe329dae", + "shared" : "bd36a0790eb883098c988b21786773de0b3a4df162282cf110de18dd484ce74b", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 50, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d", + "shared" : "b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 51, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "98df845f6651bf1138221f119041f72b6dbc3c4ace7143d99fd55ad867480da8", + "shared" : "6fdf6c37611dbd5304dc0f2eb7c9517eb3c50e12fd050ac6dec27071d4bfc034", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 52, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "private" : "f09498e46f02f878829e78b803d316a2ed695d0498a08abdf8276930e24edcb0", + "shared" : "4c8fc4b1c6ab88fb21f18f6d4c810240d4e94651ba44f7a2c863cec7dc56602d", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 53, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "0200000000000000000000000000000000000000000000000000000000000080", + "private" : "1813c10a5c7f21f96e17f288c0cc37607c04c5f5aea2db134f9e2ffc66bd9db8", + "shared" : "1cd0b28267dc541c642d6d7dca44a8b38a63736eef5c4e6501ffbbb1780c033c", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 54, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "0300000000000000000000000000000000000000000000000000000000000080", + "private" : "7857fb808653645a0beb138a64f5f4d733a45ea84c3cda11a9c06f7e7139149e", + "shared" : "8755be01c60a7e825cff3e0e78cb3aa4333861516aa59b1c51a8b2a543dfa822", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 55, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "0400000000000000000000000000000000000000000000000000000000000080", + "private" : "e03aa842e2abc56e81e87b8b9f417b2a1e5913c723eed28d752f8d47a59f498f", + "shared" : "54c9a1ed95e546d27822a360931dda60a1df049da6f904253c0612bbdc087476", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 56, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "f8f707b7999b18cb0d6b96124f2045972ca274bfc154ad0c87038c24c6d0d4b2", + "shared" : "cc1f40d743cdc2230e1043daba8b75e810f1fbab7f255269bd9ebb29e6bf494f", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 57, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "a034f684fa631e1a348118c1ce4c98231f2d9eec9ba5365b4a05d69a785b0796", + "shared" : "54998ee43a5b007bf499f078e736524400a8b5c7e9b9b43771748c7cdf880412", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 58, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "30b6c6a0f2ffa680768f992ba89e152d5bc9893d38c9119be4f767bfab6e0ca5", + "shared" : "ead9b38efdd723637934e55ab717a7ae09eb86a21dc36a3feeb88b759e391e09", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 59, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "901b9dcf881e01e027575035d40b43bdc1c5242e030847495b0c7286469b6591", + "shared" : "602ff40789b54b41805915fe2a6221f07a50ffc2c3fc94cf61f13d7904e88e0e", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 60, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "8046677c28fd82c9a1bdb71a1a1a34faba1225e2507fe3f54d10bd5b0d865f8e", + "shared" : "e00ae8b143471247ba24f12c885536c3cb981b58e1e56b2baf35c12ae1f79c26", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 61, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "602f7e2f68a846b82cc269b1d48e939886ae54fd636c1fe074d710127d472491", + "shared" : "98cb9b50dd3fc2b0d4f2d2bf7c5cfdd10c8fcd31fc40af1ad44f47c131376362", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 62, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d", + "shared" : "38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 63, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "78d31dfa854497d72d8def8a1b7fb006cec2d8c4924647c93814ae56faeda495", + "shared" : "786cd54996f014a5a031ec14db812ed08355061fdb5de680a800ac521f318e23", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 64, + "comment" : "public key >= p", + "curve" : "curve25519", + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "private" : "c04c5baefa8302ddded6a4bb957761b4eb97aefa4fc3b8043085f96a5659b3a5", + "shared" : "29ae8bc73e9b10a08b4f681c43c3e0ac1a171d31b38f1a48efba29ae639ea134", + "result" : "acceptable", + "flags" : [] + }, + { + "tcId" : 65, + "comment" : "RFC 7748", + "curve" : "curve25519", + "public" : "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c", + "private" : "a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44", + "shared" : "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 66, + "comment" : "RFC 7748", + "curve" : "curve25519", + "public" : "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413", + "private" : "4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d", + "shared" : "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 67, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "0200000000000000000000000000000000000000000000000000000000000000", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 68, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "0900000000000000000000000000000000000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 69, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "1000000000000000000000000000000000000000000000000000000000000000", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 70, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "63e5b1fe9601fe84385d8866b0421262f78fbfa5aff9585e626679b18547d959", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 71, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "e428f3dac17809f827a522ce32355058d07369364aa78902ee10139b9f9dd653", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 72, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "b3b50e3ed3a407b95de942ef74575b5ab8a10c09ee103544d60bdfed8138ab2b", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 73, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "213fffe93d5ea8cd242e462844029922c43c77c9e3e42f562f485d24c501a20b", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 74, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "91b232a178b3cd530932441e6139418f72172292f1da4c1834fc5ebfefb51e3f", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 75, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "045c6e11c5d332556c7822fe94ebf89b56a3878dc27ca079103058849fabcb4f", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 76, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "1ca2190b71163539063c35773bda0c9c928e9136f0620aeb093f099197b7f74e", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 77, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "f76e9010ac33c5043b2d3b76a842171000c4916222e9e85897a0aec7f6350b3c", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 78, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "bb72688d8f8aa7a39cd6060cd5c8093cdec6fe341937c3886a99346cd07faa55", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 79, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "88fddea193391c6a5933ef9b71901549447205aae9da928a6b91a352ba10f41f", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "0000000000000000000000000000000000000000000000000000000000000002", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 80, + "comment" : "edge case for shared secret", + "curve" : "curve25519", + "public" : "303b392f153116cad9cc682a00ccc44c95ff0d3bbe568beb6c4e739bafdc2c68", + "private" : "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "shared" : "0000000000000000000000000000000000000000000000000000000000008000", + "result" : "acceptable", + "flags" : [ + "Twist" + ] + }, + { + "tcId" : 81, + "comment" : "checking for overflow", + "curve" : "curve25519", + "public" : "fd300aeb40e1fa582518412b49b208a7842b1e1f056a040178ea4141534f652d", + "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "shared" : "b734105dc257585d73b566ccb76f062795ccbec89128e52b02f3e59639f13c46", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 82, + "comment" : "checking for overflow", + "curve" : "curve25519", + "public" : "c8ef79b514d7682677bc7931e06ee5c27c9b392b4ae9484473f554e6678ecc2e", + "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "shared" : "647a46b6fc3f40d62141ee3cee706b4d7a9271593a7b143e8e2e2279883e4550", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 83, + "comment" : "checking for overflow", + "curve" : "curve25519", + "public" : "64aeac2504144861532b7bbcb6c87d67dd4c1f07ebc2e06effb95aecc6170b2c", + "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "shared" : "4ff03d5fb43cd8657a3cf37c138cadcecce509e4eba089d0ef40b4e4fb946155", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 84, + "comment" : "checking for overflow", + "curve" : "curve25519", + "public" : "bf68e35e9bdb7eee1b50570221860f5dcdad8acbab031b14974cc49013c49831", + "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "shared" : "21cee52efdbc812e1d021a4af1e1d8bc4db3c400e4d2a2c56a3926db4d99c65b", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 85, + "comment" : "checking for overflow", + "curve" : "curve25519", + "public" : "5347c491331a64b43ddc683034e677f53dc32b52a52a577c15a83bf298e99f19", + "private" : "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "shared" : "18cb89e4e20c0c2bd324305245266c9327690bbe79acb88f5b8fb3f74eca3e52", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 86, + "comment" : "private key == -1 (mod order)", + "curve" : "curve25519", + "public" : "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", + "private" : "a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050", + "shared" : "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", + "result" : "valid", + "flags" : [] + }, + { + "tcId" : 87, + "comment" : "private key == 1 (mod order) on twist", + "curve" : "curve25519", + "public" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", + "private" : "58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f", + "shared" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", + "result" : "acceptable", + "flags" : [] + } + ] + } + ] +} diff --git a/security/nss/gtests/der_gtest/der_quickder_unittest.cc b/security/nss/gtests/der_gtest/der_quickder_unittest.cc index 944117909..a5301f15c 100644 --- a/security/nss/gtests/der_gtest/der_quickder_unittest.cc +++ b/security/nss/gtests/der_gtest/der_quickder_unittest.cc @@ -16,17 +16,35 @@ #include "secerr.h" #include "secitem.h" -const SEC_ASN1Template mySEC_NullTemplate[] = { - {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}}; - namespace nss_test { +struct TemplateAndInput { + const SEC_ASN1Template* t; + SECItem input; +}; + class QuickDERTest : public ::testing::Test, - public ::testing::WithParamInterface<SECItem> {}; + public ::testing::WithParamInterface<TemplateAndInput> {}; +static const uint8_t kBitstringTag = 0x03; static const uint8_t kNullTag = 0x05; static const uint8_t kLongLength = 0x80; +const SEC_ASN1Template kBitstringTemplate[] = { + {SEC_ASN1_BIT_STRING, 0, NULL, sizeof(SECItem)}, {0}}; + +// Empty bitstring with unused bits. +static uint8_t kEmptyBitstringUnused[] = {kBitstringTag, 1, 1}; + +// Bitstring with 8 unused bits. +static uint8_t kBitstring8Unused[] = {kBitstringTag, 3, 8, 0xff, 0x00}; + +// Bitstring with >8 unused bits. +static uint8_t kBitstring9Unused[] = {kBitstringTag, 3, 9, 0xff, 0x80}; + +const SEC_ASN1Template kNullTemplate[] = { + {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}, {0}}; + // Length of zero wrongly encoded as 0x80 instead of 0x00. static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0}; @@ -53,14 +71,22 @@ static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10, 0x00, 0x00, 0x00, 0x00}; -static const SECItem kInvalidDER[] = { - {siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)}, - {siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)}, - {siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)}, +#define TI(t, x) \ + { \ + t, { siBuffer, x, sizeof(x) } \ + } +static const TemplateAndInput kInvalidDER[] = { + TI(kBitstringTemplate, kEmptyBitstringUnused), + TI(kBitstringTemplate, kBitstring8Unused), + TI(kBitstringTemplate, kBitstring9Unused), + TI(kNullTemplate, kOverlongLength_0_0), + TI(kNullTemplate, kOverlongLength_1_0), + TI(kNullTemplate, kOverlongLength_16_0), }; +#undef TI TEST_P(QuickDERTest, InvalidLengths) { - const SECItem& original_input(GetParam()); + const SECItem& original_input(GetParam().input); ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U)); ASSERT_TRUE(copy_of_input); @@ -69,11 +95,10 @@ TEST_P(QuickDERTest, InvalidLengths) { PORTCheapArenaPool pool; PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE); - ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U)); - ASSERT_TRUE(parsed_value); + StackSECItem parsed_value; ASSERT_EQ(SECFailure, - SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(), - mySEC_NullTemplate, copy_of_input.get())); + SEC_QuickDERDecodeItem(&pool.arena, &parsed_value, GetParam().t, + copy_of_input.get())); ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); PORT_DestroyCheapArena(&pool); } diff --git a/security/nss/gtests/freebl_gtest/cmac_unittests.cc b/security/nss/gtests/freebl_gtest/cmac_unittests.cc new file mode 100644 index 000000000..40088dcaf --- /dev/null +++ b/security/nss/gtests/freebl_gtest/cmac_unittests.cc @@ -0,0 +1,187 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this file, +// You can obtain one at http://mozilla.org/MPL/2.0/. + +#include "gtest/gtest.h" + +#include <stdint.h> +#include <memory> + +#include "blapi.h" +#include "secitem.h" +#include "freebl_scoped_ptrs.h" + +class CmacAesTest : public ::testing::Test { + protected: + bool Compare(const uint8_t *actual, const uint8_t *expected, + unsigned int length) { + return strncmp((const char *)actual, (const char *)expected, length) == 0; + } +}; + +TEST_F(CmacAesTest, CreateInvalidSize) { + uint8_t key[1] = {0x00}; + ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, sizeof(key))); + ASSERT_EQ(ctx, nullptr); +} + +TEST_F(CmacAesTest, CreateRightSize) { + uint8_t *key = PORT_NewArray(uint8_t, AES_128_KEY_LENGTH); + ScopedCMACContext ctx(CMAC_Create(CMAC_AES, key, AES_128_KEY_LENGTH)); + + ASSERT_NE(ctx, nullptr); + PORT_Free(key); +} + +// The following tests were taken from NIST's Cryptographic Standards and +// Guidelines page for AES-CMAC Examples with Intermediate Values. These same +// test vectors for AES-128 can be found in RFC 4493, Section 4. + +static const uint8_t kNistKeys[][AES_256_KEY_LENGTH] = { + {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, + 0x88, 0x09, 0xCF, 0x4F, 0x3C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, 0xC8, 0x10, 0xF3, + 0x2B, 0x80, 0x90, 0x79, 0xE5, 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, + 0x6B, 0x7B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, 0x2B, 0x73, 0xAE, + 0xF0, 0x85, 0x7D, 0x77, 0x81, 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, + 0x08, 0xD7, 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4}}; +static const size_t kNistKeyLengthsCount = PR_ARRAY_SIZE(kNistKeys); +static const unsigned int kNistKeyLengths[kNistKeyLengthsCount] = { + AES_128_KEY_LENGTH, AES_192_KEY_LENGTH, AES_256_KEY_LENGTH}; + +static const uint8_t kNistPlaintext[64] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, + 0x11, 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, + 0xAC, 0x9C, 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, 0x30, + 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, 0xE5, 0xFB, 0xC1, 0x19, + 0x1A, 0x0A, 0x52, 0xEF, 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, + 0x17, 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10}; +static const unsigned int kNistPlaintextLengths[] = {0, 16, 20, 64}; +static const size_t kNistPlaintextLengthsCount = + PR_ARRAY_SIZE(kNistPlaintextLengths); + +// This table contains the result of a CMAC over kNistPlaintext using keys from +// kNistKeys. For each key, there are kNistPlaintextLengthsCount answers, all +// listed one after the other as the input is truncated to the different sizes +// in kNistPlaintextLengths. +static const uint8_t kNistKnown[][AES_BLOCK_SIZE] = { + {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59, 0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12, + 0x9B, 0x75, 0x67, 0x46}, + {0x07, 0x0A, 0x16, 0xB4, 0x6B, 0x4D, 0x41, 0x44, 0xF7, 0x9B, 0xDD, 0x9D, + 0xD0, 0x4A, 0x28, 0x7C}, + {0x7D, 0x85, 0x44, 0x9E, 0xA6, 0xEA, 0x19, 0xC8, 0x23, 0xA7, 0xBF, 0x78, + 0x83, 0x7D, 0xFA, 0xDE}, + {0x51, 0xF0, 0xBE, 0xBF, 0x7E, 0x3B, 0x9D, 0x92, 0xFC, 0x49, 0x74, 0x17, + 0x79, 0x36, 0x3C, 0xFE}, + {0xD1, 0x7D, 0xDF, 0x46, 0xAD, 0xAA, 0xCD, 0xE5, 0x31, 0xCA, 0xC4, 0x83, + 0xDE, 0x7A, 0x93, 0x67}, + {0x9E, 0x99, 0xA7, 0xBF, 0x31, 0xE7, 0x10, 0x90, 0x06, 0x62, 0xF6, 0x5E, + 0x61, 0x7C, 0x51, 0x84}, + {0x3D, 0x75, 0xC1, 0x94, 0xED, 0x96, 0x07, 0x04, 0x44, 0xA9, 0xFA, 0x7E, + 0xC7, 0x40, 0xEC, 0xF8}, + {0xA1, 0xD5, 0xDF, 0x0E, 0xED, 0x79, 0x0F, 0x79, 0x4D, 0x77, 0x58, 0x96, + 0x59, 0xF3, 0x9A, 0x11}, + {0x02, 0x89, 0x62, 0xF6, 0x1B, 0x7B, 0xF8, 0x9E, 0xFC, 0x6B, 0x55, 0x1F, + 0x46, 0x67, 0xD9, 0x83}, + {0x28, 0xA7, 0x02, 0x3F, 0x45, 0x2E, 0x8F, 0x82, 0xBD, 0x4B, 0xF2, 0x8D, + 0x8C, 0x37, 0xC3, 0x5C}, + {0x15, 0x67, 0x27, 0xDC, 0x08, 0x78, 0x94, 0x4A, 0x02, 0x3C, 0x1F, 0xE0, + 0x3B, 0xAD, 0x6D, 0x93}, + {0xE1, 0x99, 0x21, 0x90, 0x54, 0x9F, 0x6E, 0xD5, 0x69, 0x6A, 0x2C, 0x05, + 0x6C, 0x31, 0x54, 0x10}}; +PR_STATIC_ASSERT(PR_ARRAY_SIZE(kNistKnown) == + kNistKeyLengthsCount * kNistPlaintextLengthsCount); + +TEST_F(CmacAesTest, AesNistAligned) { + for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount; + key_index++) { + ScopedCMACContext ctx(CMAC_Create(CMAC_AES, kNistKeys[key_index], + kNistKeyLengths[key_index])); + ASSERT_NE(ctx, nullptr); + + for (unsigned int plaintext_index = 0; + plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) { + CMAC_Begin(ctx.get()); + + unsigned int known_index = + (key_index * kNistPlaintextLengthsCount) + plaintext_index; + CMAC_Update(ctx.get(), kNistPlaintext, + kNistPlaintextLengths[plaintext_index]); + + uint8_t output[AES_BLOCK_SIZE]; + CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE); + + ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE)); + } + } +} + +TEST_F(CmacAesTest, AesNistUnaligned) { + for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount; + key_index++) { + unsigned int key_length = kNistKeyLengths[key_index]; + ScopedCMACContext ctx( + CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length)); + ASSERT_NE(ctx, nullptr); + + // Skip the zero-length test. + for (unsigned int plaintext_index = 1; + plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) { + unsigned int known_index = + (key_index * kNistPlaintextLengthsCount) + plaintext_index; + unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index]; + + // Test all possible offsets and make sure that misaligned updates + // produce the desired result. That is, do two updates: + // 0 ... offset + // offset ... len - offset + // and ensure the result is the same as doing one update. + for (unsigned int offset = 1; offset < plaintext_length; offset++) { + CMAC_Begin(ctx.get()); + + CMAC_Update(ctx.get(), kNistPlaintext, offset); + CMAC_Update(ctx.get(), kNistPlaintext + offset, + plaintext_length - offset); + + uint8_t output[AES_BLOCK_SIZE]; + CMAC_Finish(ctx.get(), output, NULL, AES_BLOCK_SIZE); + + ASSERT_TRUE(Compare(output, kNistKnown[known_index], AES_BLOCK_SIZE)); + } + } + } +} + +TEST_F(CmacAesTest, AesNistTruncated) { + for (unsigned int key_index = 0; key_index < kNistKeyLengthsCount; + key_index++) { + unsigned int key_length = kNistKeyLengths[key_index]; + ScopedCMACContext ctx( + CMAC_Create(CMAC_AES, kNistKeys[key_index], key_length)); + ASSERT_TRUE(ctx != nullptr); + + // Skip the zero-length test. + for (unsigned int plaintext_index = 1; + plaintext_index < kNistPlaintextLengthsCount; plaintext_index++) { + unsigned int known_index = + (key_index * kNistPlaintextLengthsCount) + plaintext_index; + unsigned int plaintext_length = kNistPlaintextLengths[plaintext_index]; + + // Test truncated outputs to ensure that we always get the desired values. + for (unsigned int out_len = 1; out_len < AES_BLOCK_SIZE; out_len++) { + CMAC_Begin(ctx.get()); + + CMAC_Update(ctx.get(), kNistPlaintext, plaintext_length); + + unsigned int actual_out_len = 0; + uint8_t output[AES_BLOCK_SIZE]; + CMAC_Finish(ctx.get(), output, &actual_out_len, out_len); + + ASSERT_TRUE(actual_out_len == out_len); + ASSERT_TRUE(Compare(output, kNistKnown[known_index], out_len)); + } + } + } +} diff --git a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp index 21a87c557..c19db414e 100644 --- a/security/nss/gtests/freebl_gtest/freebl_gtest.gyp +++ b/security/nss/gtests/freebl_gtest/freebl_gtest.gyp @@ -23,6 +23,7 @@ '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/ssl/ssl.gyp:ssl', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], }, { @@ -34,12 +35,20 @@ 'ecl_unittest.cc', 'ghash_unittest.cc', 'rsa_unittest.cc', + 'cmac_unittests.cc', '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ 'freebl_gtest_deps', '<(DEPTH)/exports.gyp:nss_exports', ], + 'conditions': [ + [ 'cc_is_gcc==1 and (target_arch=="ia32" or target_arch=="x64")', { + 'cflags_cc': [ + '-msse2', + ], + }], + ], }, { 'target_name': 'prng_gtest', @@ -78,7 +87,7 @@ 'defines': [ 'NSS_USE_STATIC_LIBS', ], - # For test builds we have to set MPI defines. + # For static builds we have to set MPI defines. 'conditions': [ [ 'ct_verif==1', { 'defines': [ diff --git a/security/nss/gtests/freebl_gtest/ghash_unittest.cc b/security/nss/gtests/freebl_gtest/ghash_unittest.cc index 3c9045bec..327c2bcb3 100644 --- a/security/nss/gtests/freebl_gtest/ghash_unittest.cc +++ b/security/nss/gtests/freebl_gtest/ghash_unittest.cc @@ -2,7 +2,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this file, // You can obtain one at http://mozilla.org/MPL/2.0/. -#include "gcm-vectors.h" +#include "testvectors/gcm-vectors.h" #include "gtest/gtest.h" #include "util.h" diff --git a/security/nss/gtests/freebl_gtest/mpi_unittest.cc b/security/nss/gtests/freebl_gtest/mpi_unittest.cc index 2ccb8c351..56b7454dc 100644 --- a/security/nss/gtests/freebl_gtest/mpi_unittest.cc +++ b/security/nss/gtests/freebl_gtest/mpi_unittest.cc @@ -6,6 +6,7 @@ #include <stdint.h> #include <string.h> +#include <memory> #ifdef __MACH__ #include <mach/clock.h> @@ -27,7 +28,7 @@ void gettime(struct timespec* tp) { tp->tv_sec = mts.tv_sec; tp->tv_nsec = mts.tv_nsec; #else - clock_gettime(CLOCK_MONOTONIC, tp); + ASSERT_NE(0, timespec_get(tp, TIME_UTC)); #endif } @@ -84,8 +85,9 @@ class MPITest : public ::testing::Test { mp_int a; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size())); - uint8_t buf[len]; - ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf, len)); + std::unique_ptr<uint8_t[]> buf(new uint8_t[len]); + ASSERT_NE(buf, nullptr); + ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf.get(), len)); size_t compare; if (len > ref.size()) { for (size_t i = 0; i < len - ref.size(); ++i) { @@ -96,9 +98,9 @@ class MPITest : public ::testing::Test { compare = len; } dump("value", ref.data(), ref.size()); - dump("output", buf, len); - ASSERT_EQ(0, memcmp(buf + len - compare, ref.data() + ref.size() - compare, - compare)) + dump("output", buf.get(), len); + ASSERT_EQ(0, memcmp(buf.get() + len - compare, + ref.data() + ref.size() - compare, compare)) << "comparing " << compare << " octets"; mp_clear(&a); } @@ -146,6 +148,41 @@ TEST_F(MPITest, MpiCmpUnalignedTest) { } #endif +// The two follow tests ensure very similar mp_set_* functions are ok. +TEST_F(MPITest, MpiSetUlong) { + mp_int a, b, c; + MP_DIGITS(&a) = 0; + MP_DIGITS(&b) = 0; + MP_DIGITS(&c) = 0; + ASSERT_EQ(MP_OKAY, mp_init(&a)); + ASSERT_EQ(MP_OKAY, mp_init(&b)); + ASSERT_EQ(MP_OKAY, mp_init(&c)); + EXPECT_EQ(MP_OKAY, mp_set_ulong(&a, 1)); + EXPECT_EQ(MP_OKAY, mp_set_ulong(&b, 0)); + EXPECT_EQ(MP_OKAY, mp_set_ulong(&c, -1)); + + mp_clear(&a); + mp_clear(&b); + mp_clear(&c); +} + +TEST_F(MPITest, MpiSetInt) { + mp_int a, b, c; + MP_DIGITS(&a) = 0; + MP_DIGITS(&b) = 0; + MP_DIGITS(&c) = 0; + ASSERT_EQ(MP_OKAY, mp_init(&a)); + ASSERT_EQ(MP_OKAY, mp_init(&b)); + ASSERT_EQ(MP_OKAY, mp_init(&c)); + EXPECT_EQ(MP_OKAY, mp_set_int(&a, 1)); + EXPECT_EQ(MP_OKAY, mp_set_int(&b, 0)); + EXPECT_EQ(MP_OKAY, mp_set_int(&c, -1)); + + mp_clear(&a); + mp_clear(&b); + mp_clear(&c); +} + TEST_F(MPITest, MpiFixlenOctetsZero) { std::vector<uint8_t> zero = {0}; TestToFixedOctets(zero, 1); @@ -253,4 +290,4 @@ TEST_F(DISABLED_MPITest, MpiCmpConstTest) { mp_clear(&c); } -} // nss_test +} // namespace nss_test diff --git a/security/nss/gtests/freebl_gtest/rsa_unittest.cc b/security/nss/gtests/freebl_gtest/rsa_unittest.cc index a1453168f..9a6a9c11f 100644 --- a/security/nss/gtests/freebl_gtest/rsa_unittest.cc +++ b/security/nss/gtests/freebl_gtest/rsa_unittest.cc @@ -5,6 +5,7 @@ #include "gtest/gtest.h" #include <stdint.h> +#include <memory> #include "blapi.h" #include "secitem.h" diff --git a/security/nss/gtests/manifest.mn b/security/nss/gtests/manifest.mn index 13048f037..1d97da3dd 100644 --- a/security/nss/gtests/manifest.mn +++ b/security/nss/gtests/manifest.mn @@ -24,9 +24,12 @@ NSS_SRCDIRS = \ cryptohi_gtest \ der_gtest \ pk11_gtest \ + smime_gtest \ softoken_gtest \ ssl_gtest \ + $(SYSINIT_GTEST) \ nss_bogo_shim \ + pkcs11testmodule \ $(NULL) endif endif diff --git a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp index 899b849fc..1623d76bb 100644 --- a/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp +++ b/security/nss/gtests/mozpkix_gtest/mozpkix_gtest.gyp @@ -43,6 +43,7 @@ '<(DEPTH)/lib/base/base.gyp:nssb', '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix', '<(DEPTH)/lib/mozpkix/mozpkix.gyp:mozpkix-testlib', ], diff --git a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp index e17321075..c1c81b3a7 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixbuild_tests.cpp @@ -152,10 +152,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -301,10 +305,14 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -321,7 +329,7 @@ public: { } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { @@ -442,10 +450,14 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -665,10 +677,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } @@ -723,7 +739,7 @@ class RevokedEndEntityTrustDomain final : public MultiplePathTrustDomain { public: Result CheckRevocation(EndEntityOrCA endEntityOrCA, const CertID&, Time, - Duration, /*optional*/ const Input*, + Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { if (endEntityOrCA == EndEntityOrCA::MustBeEndEntity) { @@ -828,10 +844,14 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, + Time validityBeginning, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { + // All of the certificates in this test for which this is called have a + // validity period that begins "one day before now". + EXPECT_EQ(TimeFromEpochInSeconds(oneDayBeforeNow), validityBeginning); return Success; } diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp index 762fac146..71399a26b 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcert_extension_tests.cpp @@ -70,7 +70,7 @@ private: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp index 00ccffb04..54e19fc3d 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcert_signature_algorithm_tests.cpp @@ -92,7 +92,7 @@ private: return checker.Check(issuerCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp index 0aef3d5c1..9fd1e52f1 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckExtendedKeyUsage_tests.cpp @@ -558,7 +558,7 @@ private: return checker.Check(derCert, nullptr, keepGoing); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, const Input*, const Input*) override { return Success; diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp index 136f8719a..b87f0a772 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp @@ -166,8 +166,8 @@ void ASSERT_SimpleCase(uint8_t unusedBits, uint8_t bits, KeyUsage usage) // Test that none of the other non-padding bits are mistaken for the given // key usage in the single-byte value case. - NAMED_SIMPLE_KU(notGood, unusedBits, - static_cast<uint8_t>((~bits >> unusedBits) << unusedBits)); + uint8_t paddingBits = (static_cast<uint8_t>(~bits) >> unusedBits) << unusedBits; + NAMED_SIMPLE_KU(notGood, unusedBits, paddingBits); ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, ¬Good, usage)); ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, ¬Good, usage)); diff --git a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp index 70e6fd410..e1f35e5b4 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixcheck_CheckSignatureAlgorithm_tests.cpp @@ -302,7 +302,7 @@ public: return Success; } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp index cf91fa2c6..c66f06e6a 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixder_input_tests.cpp @@ -191,8 +191,10 @@ TEST_F(pkixder_input_tests, ReadByteWrapAroundPointer) // a null pointer is undefined behavior according to the C++ language spec., // but this should catch the problem on at least some compilers, if not all of // them. - const uint8_t* der = nullptr; - --der; + uintptr_t derint = -1; + auto der = reinterpret_cast<const uint8_t*>(derint); + ASSERT_EQ(sizeof(der), sizeof(derint)) + << "underflow of pointer might not work"; Input buf; ASSERT_EQ(Success, buf.Init(der, 0)); Reader input(buf); @@ -359,6 +361,7 @@ TEST_F(pkixder_input_tests, Skip_WrapAroundPointer) // but this should catch the problem on at least some compilers, if not all of // them. const uint8_t* der = nullptr; + // coverity[FORWARD_NULL] --der; Input buf; ASSERT_EQ(Success, buf.Init(der, 0)); diff --git a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp index 260c735ec..0dc8555d9 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp +++ b/security/nss/gtests/mozpkix_gtest/pkixder_universal_types_tests.cpp @@ -1224,3 +1224,53 @@ TEST_F(pkixder_universal_types_tests, OID) ASSERT_EQ(Success, OID(reader, expectedOID)); } + +TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTag) +{ + const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = { + 0x81, + 0x04, + 0x00, + 0x0A, + 0x0B, + 0x0C, + }; + Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1)); + ASSERT_TRUE(reader.AtEnd()); +} + +TEST_F(pkixder_universal_types_tests, SkipOptionalImplicitPrimitiveTagMismatch) +{ + const uint8_t DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1[] = { + 0x81, + 0x04, + 0x00, + 0x0A, + 0x0B, + 0x0C, + }; + Input input(DER_IMPLICIT_BIT_STRING_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 2)); + ASSERT_FALSE(reader.AtEnd()); +} + +TEST_F(pkixder_universal_types_tests, NoSkipOptionalImplicitConstructedTag) +{ + const uint8_t DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1[] = { + 0xA1, + 0x03, + 0x05, + 0x01, + 0x00, + }; + Input input(DER_IMPLICIT_SEQUENCE_WITH_CLASS_NUMBER_1); + Reader reader(input); + + ASSERT_EQ(Success, SkipOptionalImplicitPrimitiveTag(reader, 1)); + ASSERT_FALSE(reader.AtEnd()); +} diff --git a/security/nss/gtests/mozpkix_gtest/pkixgtest.h b/security/nss/gtests/mozpkix_gtest/pkixgtest.h index bb3491d44..0a203c5e1 100644 --- a/security/nss/gtests/mozpkix_gtest/pkixgtest.h +++ b/security/nss/gtests/mozpkix_gtest/pkixgtest.h @@ -100,7 +100,7 @@ class EverythingFailsByDefaultTrustDomain : public TrustDomain { Result::FATAL_ERROR_LIBRARY_FAILURE); } - Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Duration, + Result CheckRevocation(EndEntityOrCA, const CertID&, Time, Time, Duration, /*optional*/ const Input*, /*optional*/ const Input*) override { ADD_FAILURE(); diff --git a/security/nss/gtests/pk11_gtest/manifest.mn b/security/nss/gtests/pk11_gtest/manifest.mn index ea7b43a2b..1c0ae6921 100644 --- a/security/nss/gtests/pk11_gtest/manifest.mn +++ b/security/nss/gtests/pk11_gtest/manifest.mn @@ -7,20 +7,32 @@ DEPTH = ../.. MODULE = nss CPPSRCS = \ + pk11_aes_gcm_unittest.cc \ pk11_aeskeywrap_unittest.cc \ + pk11_aeskeywrappad_unittest.cc \ + pk11_cbc_unittest.cc \ pk11_chacha20poly1305_unittest.cc \ pk11_curve25519_unittest.cc \ + pk11_der_private_key_import_unittest.cc \ + pk11_des_unittest.cc \ pk11_ecdsa_unittest.cc \ pk11_encrypt_derive_unittest.cc \ pk11_export_unittest.cc \ + pk11_find_certs_unittest.cc \ + pk11_import_unittest.cc \ + pk11_keygen.cc \ + pk11_key_unittest.cc \ + pk11_module_unittest.cc \ pk11_pbkdf2_unittest.cc \ pk11_prf_unittest.cc \ pk11_prng_unittest.cc \ pk11_rsapkcs1_unittest.cc \ pk11_rsapss_unittest.cc \ - pk11_der_private_key_import_unittest.cc \ + pk11_seed_cbc_unittest.cc \ $(NULL) +DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" + INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ -I$(CORE_DEPTH)/gtests/common \ -I$(CORE_DEPTH)/cpputil @@ -33,4 +45,3 @@ EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ $(NULL) - diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc new file mode 100644 index 000000000..c520fffd1 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_aes_cmac_unittest.cc @@ -0,0 +1,91 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" +#include "sechash.h" + +#include "blapi.h" + +#include "gtest/gtest.h" +#include "nss_scoped_ptrs.h" +#include "util.h" + +namespace nss_test { + +class Pkcs11AesCmacTest : public ::testing::Test { + protected: + ScopedPK11SymKey ImportKey(CK_MECHANISM_TYPE mech, SECItem *key_item) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + if (!slot) { + ADD_FAILURE() << "Can't get slot"; + return nullptr; + } + + ScopedPK11SymKey result(PK11_ImportSymKey( + slot.get(), mech, PK11_OriginUnwrap, CKA_SIGN, key_item, nullptr)); + + return result; + } + + void RunTest(uint8_t *key, unsigned int key_len, uint8_t *data, + unsigned int data_len, uint8_t *expected, + unsigned int expected_len, CK_ULONG mechanism) { + // Create SECItems for everything... + std::vector<uint8_t> output(expected_len); + SECItem key_item = {siBuffer, key, key_len}; + SECItem output_item = {siBuffer, output.data(), expected_len}; + SECItem data_item = {siBuffer, data, data_len}; + SECItem expected_item = {siBuffer, expected, expected_len}; + + // Do the PKCS #11 stuff... + ScopedPK11SymKey p11_key = ImportKey(mechanism, &key_item); + ASSERT_NE(nullptr, p11_key.get()); + + SECStatus ret = PK11_SignWithSymKey(p11_key.get(), CKM_AES_CMAC, NULL, + &output_item, &data_item); + + // Verify the result... + ASSERT_EQ(SECSuccess, ret); + ASSERT_EQ(0, SECITEM_CompareItem(&output_item, &expected_item)); + } +}; + +// Sanity check of the PKCS #11 API only. Extensive tests for correctness of +// underling CMAC implementation conducted in the following file: +// gtests/freebl_gtest/cmac_unittests.cc + +TEST_F(Pkcs11AesCmacTest, Aes128NistExample1) { + uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, + 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, + 0x09, 0xCF, 0x4F, 0x3C}; + uint8_t known[AES_BLOCK_SIZE] = {0xBB, 0x1D, 0x69, 0x29, 0xE9, 0x59, + 0x37, 0x28, 0x7F, 0xA3, 0x7D, 0x12, + 0x9B, 0x75, 0x67, 0x46}; + + RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, AES_BLOCK_SIZE, + CKM_AES_CMAC); +} + +TEST_F(Pkcs11AesCmacTest, General) { + uint8_t key[AES_128_KEY_LENGTH] = {0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, + 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, + 0x09, 0xCF, 0x4F, 0x3C}; + uint8_t known[4] = {0xBB, 0x1D, 0x69, 0x29}; + + RunTest(key, AES_128_KEY_LENGTH, NULL, 0, known, 4, CKM_AES_CMAC_GENERAL); +} + +TEST_F(Pkcs11AesCmacTest, InvalidKeySize) { + uint8_t key[4] = {0x00, 0x00, 0x00, 0x00}; + SECItem key_item = {siBuffer, key, 4}; + + ScopedPK11SymKey result = ImportKey(CKM_AES_CMAC, &key_item); + ASSERT_EQ(nullptr, result.get()); +} +} diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc index 4072cf2b7..2c58063d4 100644 --- a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc @@ -12,7 +12,7 @@ #include "nss_scoped_ptrs.h" -#include "gcm-vectors.h" +#include "testvectors/gcm-vectors.h" #include "gtest/gtest.h" #include "util.h" @@ -26,87 +26,120 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> { std::vector<uint8_t> plaintext = hex_string_to_bytes(val.plaintext); std::vector<uint8_t> aad = hex_string_to_bytes(val.additional_data); std::vector<uint8_t> result = hex_string_to_bytes(val.result); - + bool invalid_ct = val.invalid_ct; + bool invalid_iv = val.invalid_iv; + std::stringstream s; + s << "Test #" << val.test_id << " failed."; + std::string msg = s.str(); // Ignore GHASH-only vectors. if (key.empty()) { return; } // Prepare AEAD params. - CK_GCM_PARAMS gcmParams; - gcmParams.pIv = iv.data(); - gcmParams.ulIvLen = iv.size(); - gcmParams.pAAD = aad.data(); - gcmParams.ulAADLen = aad.size(); - gcmParams.ulTagBits = 128; + CK_GCM_PARAMS gcm_params; + gcm_params.pIv = iv.data(); + gcm_params.ulIvLen = iv.size(); + gcm_params.pAAD = aad.data(); + gcm_params.ulAADLen = aad.size(); + gcm_params.ulTagBits = 128; - SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams), - sizeof(gcmParams)}; + SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params), + sizeof(gcm_params)}; ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - SECItem keyItem = {siBuffer, key.data(), - static_cast<unsigned int>(key.size())}; + SECItem key_item = {siBuffer, key.data(), + static_cast<unsigned int>(key.size())}; // Import key. - ScopedPK11SymKey symKey(PK11_ImportSymKey( - slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr)); - EXPECT_TRUE(!!symKey); + ScopedPK11SymKey sym_key(PK11_ImportSymKey( + slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, nullptr)); + ASSERT_TRUE(!!sym_key) << msg; + + // Encrypt with bogus parameters. + unsigned int output_len = 0; + std::vector<uint8_t> output(plaintext.size() + gcm_params.ulTagBits / 8); + // "maxout" must be at least "inlen + tagBytes", or, in this case: + // "output.size()" must be at least "plaintext.size() + tagBytes" + gcm_params.ulTagBits = 128; + SECStatus rv = + PK11_Encrypt(sym_key.get(), mech, ¶ms, output.data(), &output_len, + output.size() - 10, plaintext.data(), plaintext.size()); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, output_len); + + // The valid values for tag size in AES_GCM are: + // 32, 64, 96, 104, 112, 120 and 128. + gcm_params.ulTagBits = 110; + rv = PK11_Encrypt(sym_key.get(), mech, ¶ms, output.data(), &output_len, + output.size(), plaintext.data(), plaintext.size()); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, output_len); // Encrypt. - unsigned int outputLen = 0; - std::vector<uint8_t> output(plaintext.size() + gcmParams.ulTagBits / 8); - SECStatus rv = - PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen, - output.size(), plaintext.data(), plaintext.size()); - EXPECT_EQ(rv, SECSuccess); - ASSERT_EQ(outputLen, output.size()); + gcm_params.ulTagBits = 128; + rv = PK11_Encrypt(sym_key.get(), mech, ¶ms, output.data(), &output_len, + output.size(), plaintext.data(), plaintext.size()); + if (invalid_iv) { + EXPECT_EQ(SECFailure, rv) << msg; + EXPECT_EQ(0U, output_len); + return; + } + EXPECT_EQ(SECSuccess, rv) << msg; + + ASSERT_EQ(output_len, output.size()) << msg; // Check ciphertext and tag. - EXPECT_EQ(result, output); + if (invalid_ct) { + EXPECT_NE(result, output) << msg; + } else { + EXPECT_EQ(result, output) << msg; + } // Decrypt. - unsigned int decryptedLen = 0; + unsigned int decrypted_len = 0; // The PK11 AES API is stupid, it expects an explicit IV and thus wants // a block more of available output memory. std::vector<uint8_t> decrypted(output.size()); - rv = - PK11_Decrypt(symKey.get(), mech, ¶ms, decrypted.data(), - &decryptedLen, decrypted.size(), output.data(), outputLen); - EXPECT_EQ(rv, SECSuccess); - ASSERT_EQ(decryptedLen, plaintext.size()); + rv = PK11_Decrypt(sym_key.get(), mech, ¶ms, decrypted.data(), + &decrypted_len, decrypted.size(), output.data(), + output_len); + EXPECT_EQ(SECSuccess, rv) << msg; + ASSERT_EQ(decrypted_len, plaintext.size()) << msg; // Check the plaintext. EXPECT_EQ(plaintext, std::vector<uint8_t>(decrypted.begin(), - decrypted.begin() + decryptedLen)); + decrypted.begin() + decrypted_len)) + << msg; } SECStatus EncryptWithIV(std::vector<uint8_t>& iv) { // Generate a random key. ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ScopedPK11SymKey symKey( + ScopedPK11SymKey sym_key( PK11_KeyGen(slot.get(), mech, nullptr, 16, nullptr)); - EXPECT_TRUE(!!symKey); + EXPECT_TRUE(!!sym_key); std::vector<uint8_t> data(17); std::vector<uint8_t> output(33); std::vector<uint8_t> aad(0); // Prepare AEAD params. - CK_GCM_PARAMS gcmParams; - gcmParams.pIv = iv.data(); - gcmParams.ulIvLen = iv.size(); - gcmParams.pAAD = aad.data(); - gcmParams.ulAADLen = aad.size(); - gcmParams.ulTagBits = 128; + CK_GCM_PARAMS gcm_params; + gcm_params.pIv = iv.data(); + gcm_params.ulIvLen = iv.size(); + gcm_params.pAAD = aad.data(); + gcm_params.ulAADLen = aad.size(); + gcm_params.ulTagBits = 128; - SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcmParams), - sizeof(gcmParams)}; + SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&gcm_params), + sizeof(gcm_params)}; // Try to encrypt. - unsigned int outputLen = 0; - return PK11_Encrypt(symKey.get(), mech, ¶ms, output.data(), &outputLen, - output.size(), data.data(), data.size()); + unsigned int output_len = 0; + return PK11_Encrypt(sym_key.get(), mech, ¶ms, output.data(), + &output_len, output.size(), data.data(), data.size()); } const CK_MECHANISM_TYPE mech = CKM_AES_GCM; @@ -117,19 +150,22 @@ TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); } INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest, ::testing::ValuesIn(kGcmKatValues)); +INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11AesGcmTest, + ::testing::ValuesIn(kGcmWycheproofVectors)); + TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) { std::vector<uint8_t> iv(0); - EXPECT_EQ(EncryptWithIV(iv), SECFailure); + EXPECT_EQ(SECFailure, EncryptWithIV(iv)); } TEST_F(Pkcs11AesGcmTest, AllZeroIV) { std::vector<uint8_t> iv(16, 0); - EXPECT_EQ(EncryptWithIV(iv), SECSuccess); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv)); } TEST_F(Pkcs11AesGcmTest, TwelveByteZeroIV) { std::vector<uint8_t> iv(12, 0); - EXPECT_EQ(EncryptWithIV(iv), SECSuccess); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv)); } } // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc index 4d4250a5e..0aa711dc8 100644 --- a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc @@ -8,125 +8,115 @@ #include "nss.h" #include "pk11pub.h" +#include "testvectors/kw-vectors.h" #include "gtest/gtest.h" #include "nss_scoped_ptrs.h" namespace nss_test { -// Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6 -unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; - -unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}; - -unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, - 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, - 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5}; - -unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}; - -unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, - 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, - 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D}; - -unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - -unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, - 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, - 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7}; - -unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; - -unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, - 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, - 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, - 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2}; - -unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, - 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, - 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, - 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1}; - -unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; - -unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, - 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, - 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, - 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, - 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21}; - -class Pkcs11AESKeyWrapTest : public ::testing::Test { +class Pkcs11AESKeyWrapTest : public ::testing::TestWithParam<keywrap_vector> { protected: CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP; - void WrapUnwrap(unsigned char* kek, unsigned int kekLen, - unsigned char* keyData, unsigned int keyDataLen, - unsigned char* expectedCiphertext) { - unsigned char wrappedKey[40]; - unsigned int wrappedKeyLen; - unsigned char unwrappedKey[40]; - unsigned int unwrappedKeyLen = 0; + void WrapUnwrap(unsigned char* kek_data, unsigned int kek_len, + unsigned char* key_data, unsigned int key_data_len, + unsigned char* expected_ciphertext, + unsigned int expected_ciphertext_len, + std::map<Action, Result> tests, uint32_t test_id) { + std::vector<unsigned char> wrapped_key(PR_MAX(1U, expected_ciphertext_len)); + std::vector<unsigned char> unwrapped_key(PR_MAX(1U, key_data_len)); + std::vector<unsigned char> zeros(PR_MAX(1U, expected_ciphertext_len)); + std::fill(zeros.begin(), zeros.end(), 0); + unsigned int wrapped_key_len = 0; + unsigned int unwrapped_key_len = 0; SECStatus rv; + std::stringstream s; + s << "Test with original ID #" << test_id << " failed." << std::endl; + std::string msg = s.str(); + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ASSERT_NE(nullptr, slot); + ASSERT_NE(nullptr, slot) << msg; // Import encryption key. - SECItem keyItem = {siBuffer, kek, kekLen}; - ScopedPK11SymKey encryptionKey( - PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap, - CKA_ENCRYPT, &keyItem, nullptr)); - EXPECT_TRUE(!!encryptionKey); + SECItem kek_item = {siBuffer, kek_data, kek_len}; + ScopedPK11SymKey kek(PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, + PK11_OriginUnwrap, CKA_ENCRYPT, + &kek_item, nullptr)); + EXPECT_TRUE(!!kek) << msg; // Wrap key - rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */, - wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData, - keyDataLen); - EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed"; - EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen)); + Action test = WRAP; + if (tests.count(test)) { + rv = PK11_Encrypt(kek.get(), mechanism, nullptr /* param */, + wrapped_key.data(), &wrapped_key_len, + wrapped_key.size(), key_data, key_data_len); + ASSERT_EQ(rv, tests[test].expect_rv) << msg; + + // If we failed, check that output was not produced. + if (rv == SECFailure) { + EXPECT_TRUE(wrapped_key_len == 0); + EXPECT_TRUE(!memcmp(wrapped_key.data(), zeros.data(), wrapped_key_len)); + } + + if (tests[test].output_match) { + EXPECT_EQ(expected_ciphertext_len, wrapped_key_len) << msg; + EXPECT_TRUE(!memcmp(expected_ciphertext, wrapped_key.data(), + expected_ciphertext_len)) + << msg; + } else { + // If we produced output, verify that it doesn't match the vector + if (wrapped_key_len) { + EXPECT_FALSE(wrapped_key_len == expected_ciphertext_len && + !memcmp(wrapped_key.data(), expected_ciphertext, + expected_ciphertext_len)) + << msg; + } + } + } // Unwrap key - rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */, - unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey), - wrappedKey, wrappedKeyLen); - EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n"; - EXPECT_TRUE(!memcmp(keyData, unwrappedKey, unwrappedKeyLen)); + test = UNWRAP; + if (tests.count(test)) { + rv = PK11_Decrypt(kek.get(), mechanism, nullptr /* param */, + unwrapped_key.data(), &unwrapped_key_len, + unwrapped_key.size(), expected_ciphertext, + expected_ciphertext_len); + ASSERT_EQ(rv, tests[test].expect_rv) << msg; + + // If we failed, check that output was not produced. + if (rv == SECFailure) { + EXPECT_TRUE(unwrapped_key_len == 0); + EXPECT_TRUE( + !memcmp(unwrapped_key.data(), zeros.data(), unwrapped_key_len)); + } + + if (tests[test].output_match) { + EXPECT_EQ(unwrapped_key_len, key_data_len) << msg; + EXPECT_TRUE(!memcmp(key_data, unwrapped_key.data(), key_data_len)) + << msg; + } else { + // If we produced output, verify that it doesn't match the vector + if (unwrapped_key_len) { + EXPECT_FALSE( + unwrapped_key_len == expected_ciphertext_len && + !memcmp(unwrapped_key.data(), key_data, unwrapped_key_len)) + << msg; + } + } + } } -}; - -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest1) { - WrapUnwrap(kKEK1, sizeof(kKEK1), kKD1, sizeof(kKD1), kC1); -} -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest2) { - WrapUnwrap(kKEK2, sizeof(kKEK2), kKD1, sizeof(kKD1), kC2); -} - -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest3) { - WrapUnwrap(kKEK3, sizeof(kKEK3), kKD1, sizeof(kKD1), kC3); -} - -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest4) { - WrapUnwrap(kKEK2, sizeof(kKEK2), kKD4, sizeof(kKD4), kC4); -} - -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest5) { - WrapUnwrap(kKEK3, sizeof(kKEK3), kKD4, sizeof(kKD4), kC5); -} + void WrapUnwrap(keywrap_vector testvector) { + WrapUnwrap(testvector.key.data(), testvector.key.size(), + testvector.msg.data(), testvector.msg.size(), + testvector.ct.data(), testvector.ct.size(), testvector.tests, + testvector.test_id); + } +}; -TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest6) { - WrapUnwrap(kKEK3, sizeof(kKEK3), kKD6, sizeof(kKD6), kC6); -} +TEST_P(Pkcs11AESKeyWrapTest, TestVectors) { WrapUnwrap(GetParam()); } +INSTANTIATE_TEST_CASE_P(Pkcs11WycheproofAESKWTest, Pkcs11AESKeyWrapTest, + ::testing::ValuesIn(kWycheproofAesKWVectors)); } /* nss_test */ diff --git a/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc new file mode 100644 index 000000000..0f79abed5 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_aeskeywrappad_unittest.cc @@ -0,0 +1,415 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "gtest/gtest.h" +#include "nss.h" +#include "nss_scoped_ptrs.h" +#include "pk11pub.h" + +namespace nss_test { + +class Pkcs11AESKeyWrapPadTest : public ::testing::Test {}; + +// Encrypt an ephemeral EC key (U2F use case) +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapECKey) { + const uint32_t kwrappedBufLen = 256; + const uint32_t kPublicKeyLen = 65; + const uint32_t kOidLen = 65; + unsigned char param_buf[kOidLen]; + unsigned char unwrap_buf[kPublicKeyLen]; + + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + + SECItem ecdsa_params = {siBuffer, param_buf, sizeof(param_buf)}; + SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1); + ASSERT_NE(oid_data, nullptr); + ecdsa_params.data[0] = SEC_ASN1_OBJECT_ID; + ecdsa_params.data[1] = oid_data->oid.len; + memcpy(ecdsa_params.data + 2, oid_data->oid.data, oid_data->oid.len); + ecdsa_params.len = oid_data->oid.len + 2; + + SECKEYPublicKey* pub_tmp; + ScopedSECKEYPublicKey pub_key; + ScopedSECKEYPrivateKey priv_key( + PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &ecdsa_params, + &pub_tmp, PR_FALSE, PR_TRUE, nullptr)); + ASSERT_NE(nullptr, priv_key); + ASSERT_NE(nullptr, pub_tmp); + pub_key.reset(pub_tmp); + + // Generate a KEK. + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + ScopedSECItem wrapped(::SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen)); + ScopedSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, nullptr)); + + SECStatus rv = PK11_WrapPrivKey(slot.get(), kek.get(), priv_key.get(), + CKM_NSS_AES_KEY_WRAP_PAD, param.get(), + wrapped.get(), nullptr); + ASSERT_EQ(rv, SECSuccess); + + SECItem pubKey = {siBuffer, unwrap_buf, kPublicKeyLen}; + CK_ATTRIBUTE_TYPE usages[] = {CKA_SIGN}; + int usageCount = 1; + + ScopedSECKEYPrivateKey unwrapped( + PK11_UnwrapPrivKey(slot.get(), kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, + param.get(), wrapped.get(), nullptr, &pubKey, false, + true, CKK_EC, usages, usageCount, nullptr)); + ASSERT_EQ(0, PORT_GetError()); + ASSERT_TRUE(!!unwrapped); +} + +// Encrypt an ephemeral RSA key +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRsaKey) { + const uint32_t kwrappedBufLen = 648; + unsigned char unwrap_buf[kwrappedBufLen]; + + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + + PK11RSAGenParams rsa_param; + rsa_param.keySizeInBits = 1024; + rsa_param.pe = 65537L; + + SECKEYPublicKey* pub_tmp; + ScopedSECKEYPublicKey pub_key; + ScopedSECKEYPrivateKey priv_key( + PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsa_param, + &pub_tmp, PR_FALSE, PR_FALSE, nullptr)); + ASSERT_NE(nullptr, priv_key); + ASSERT_NE(nullptr, pub_tmp); + pub_key.reset(pub_tmp); + + // Generate a KEK. + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + ScopedSECItem wrapped(::SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen)); + ScopedSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD, nullptr)); + + SECStatus rv = PK11_WrapPrivKey(slot.get(), kek.get(), priv_key.get(), + CKM_NSS_AES_KEY_WRAP_PAD, param.get(), + wrapped.get(), nullptr); + ASSERT_EQ(rv, SECSuccess); + + SECItem pubKey = {siBuffer, unwrap_buf, kwrappedBufLen}; + CK_ATTRIBUTE_TYPE usages[] = {CKA_SIGN}; + int usageCount = 1; + + ScopedSECKEYPrivateKey unwrapped( + PK11_UnwrapPrivKey(slot.get(), kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, + param.get(), wrapped.get(), nullptr, &pubKey, false, + false, CKK_EC, usages, usageCount, nullptr)); + ASSERT_EQ(0, PORT_GetError()); + ASSERT_TRUE(!!unwrapped); + + ScopedSECItem priv_key_data( + PK11_ExportDERPrivateKeyInfo(priv_key.get(), nullptr)); + ScopedSECItem unwrapped_data( + PK11_ExportDERPrivateKeyInfo(unwrapped.get(), nullptr)); + EXPECT_TRUE(!!priv_key_data); + EXPECT_TRUE(!!unwrapped_data); + ASSERT_EQ(priv_key_data->len, unwrapped_data->len); + ASSERT_EQ( + 0, memcmp(priv_key_data->data, unwrapped_data->data, priv_key_data->len)); +} + +// Wrap a random that's a multiple of the block size, and compare the unwrap +// result. +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_EvenBlock) { + const uint32_t kInputKeyLen = 128; + uint32_t out_len = 0; + std::vector<unsigned char> input_key(kInputKeyLen); + std::vector<unsigned char> wrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + std::vector<unsigned char> unwrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + + // Generate input key material + SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size()); + EXPECT_EQ(SECSuccess, rv); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + wrapped_key.data(), &out_len, + static_cast<unsigned int>(wrapped_key.size()), + input_key.data(), + static_cast<unsigned int>(input_key.size())); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(input_key.size(), out_len); + ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len)); +} + +// Wrap a random that's NOT a multiple of the block size, and compare the unwrap +// result. +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_OddBlock1) { + const uint32_t kInputKeyLen = 65; + uint32_t out_len = 0; + std::vector<unsigned char> input_key(kInputKeyLen); + std::vector<unsigned char> wrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + std::vector<unsigned char> unwrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + + // Generate input key material + SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size()); + EXPECT_EQ(SECSuccess, rv); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + wrapped_key.data(), &out_len, + static_cast<unsigned int>(wrapped_key.size()), + input_key.data(), + static_cast<unsigned int>(input_key.size())); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(input_key.size(), out_len); + ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len)); +} + +// Wrap a random that's NOT a multiple of the block size, and compare the unwrap +// result. +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_OddBlock2) { + const uint32_t kInputKeyLen = 63; + uint32_t out_len = 0; + std::vector<unsigned char> input_key(kInputKeyLen); + std::vector<unsigned char> wrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + std::vector<unsigned char> unwrapped_key( + kInputKeyLen + AES_BLOCK_SIZE); // One block of padding + + // Generate input key material + SECStatus rv = PK11_GenerateRandom(input_key.data(), input_key.size()); + EXPECT_EQ(SECSuccess, rv); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + rv = PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + wrapped_key.data(), &out_len, wrapped_key.size(), + input_key.data(), input_key.size()); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(input_key.size(), out_len); + ASSERT_EQ(0, memcmp(input_key.data(), unwrapped_key.data(), out_len)); +} + +// Invalid long padding (over the block size, but otherwise valid) +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_PaddingTooLong) { + const uint32_t kInputKeyLen = 32; + uint32_t out_len = 0; + + // Apply our own padding + const unsigned char buf[32] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20}; + std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + SECStatus rv = + PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding + /* param */ nullptr, wrapped_key.data(), &out_len, + wrapped_key.size(), buf, sizeof(buf)); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECFailure, rv); +} + +// Invalid 0-length padding (there should be a full block if the message doesn't +// need to be padded) +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_NoPadding) { + const uint32_t kInputKeyLen = 32; + uint32_t out_len = 0; + + // Apply our own padding + const unsigned char buf[32] = {0}; + std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + SECStatus rv = + PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding + /* param */ nullptr, wrapped_key.data(), &out_len, + wrapped_key.size(), buf, sizeof(buf)); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECFailure, rv); +} + +// Invalid padding +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_BadPadding1) { + const uint32_t kInputKeyLen = 32; + uint32_t out_len = 0; + + // Apply our own padding + const unsigned char buf[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x08, 0x08, 0x08, + 0x08, 0x08, 0x08, 0x08}; // Check all 8 bytes + std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + SECStatus rv = + PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding + /* param */ nullptr, wrapped_key.data(), &out_len, + wrapped_key.size(), buf, sizeof(buf)); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECFailure, rv); +} + +// Invalid padding +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_BadPadding2) { + const uint32_t kInputKeyLen = 32; + uint32_t out_len = 0; + + // Apply our own padding + const unsigned char + buf[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x02}; // Check first loop repeat + std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + SECStatus rv = + PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding + /* param */ nullptr, wrapped_key.data(), &out_len, + wrapped_key.size(), buf, sizeof(buf)); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECFailure, rv); +} + +// Minimum valid padding +TEST_F(Pkcs11AESKeyWrapPadTest, WrapUnwrapRandom_ShortValidPadding) { + const uint32_t kInputKeyLen = 32; + uint32_t out_len = 0; + + // Apply our own padding + const unsigned char buf[kInputKeyLen] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; // Minimum + std::vector<unsigned char> wrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + std::vector<unsigned char> unwrapped_key(kInputKeyLen + AES_BLOCK_SIZE); + + // Generate a KEK. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey kek( + PK11_KeyGen(slot.get(), CKM_AES_CBC, nullptr, 16, nullptr)); + ASSERT_NE(nullptr, kek); + + // Wrap the key + SECStatus rv = + PK11_Encrypt(kek.get(), CKM_NSS_AES_KEY_WRAP, // Don't apply more padding + /* param */ nullptr, wrapped_key.data(), &out_len, + wrapped_key.size(), buf, sizeof(buf)); + ASSERT_EQ(SECSuccess, rv); + + rv = PK11_Decrypt(kek.get(), CKM_NSS_AES_KEY_WRAP_PAD, /* param */ nullptr, + unwrapped_key.data(), &out_len, + static_cast<unsigned int>(unwrapped_key.size()), + wrapped_key.data(), out_len); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(kInputKeyLen - 1, out_len); + ASSERT_EQ(0, memcmp(buf, unwrapped_key.data(), out_len)); +} + +} /* nss_test */ diff --git a/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc new file mode 100644 index 000000000..ecc705ad4 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_cbc_unittest.cc @@ -0,0 +1,558 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" + +#include "nss_scoped_ptrs.h" +#include "gtest/gtest.h" + +namespace nss_test { + +static const uint8_t kInput[99] = {1, 2, 3}; +static const uint8_t kKeyData[24] = {'K', 'E', 'Y'}; + +static SECItem* GetIv() { + static const uint8_t kIvData[16] = {'I', 'V'}; + static const SECItem kIv = {siBuffer, const_cast<uint8_t*>(kIvData), + static_cast<unsigned int>(sizeof(kIvData))}; + return const_cast<SECItem*>(&kIv); +} + +class Pkcs11CbcPadTest : public ::testing::TestWithParam<CK_MECHANISM_TYPE> { + protected: + bool is_padded() const { + switch (GetParam()) { + case CKM_AES_CBC_PAD: + case CKM_DES3_CBC_PAD: + return true; + + case CKM_AES_CBC: + case CKM_DES3_CBC: + return false; + + default: + ADD_FAILURE() << "Unknown mechanism " << GetParam(); + } + return false; + } + + uint32_t GetUnpaddedMechanism() const { + switch (GetParam()) { + case CKM_AES_CBC_PAD: + return CKM_AES_CBC; + case CKM_DES3_CBC_PAD: + return CKM_DES3_CBC; + default: + ADD_FAILURE() << "Unknown padded mechanism " << GetParam(); + } + return 0; + } + + size_t block_size() const { + return static_cast<size_t>(PK11_GetBlockSize(GetParam(), nullptr)); + } + + size_t GetInputLen(CK_ATTRIBUTE_TYPE op) const { + if (is_padded() && op == CKA_ENCRYPT) { + // Anything goes for encryption when padded. + return sizeof(kInput); + } + + // Otherwise, use a strict multiple of the block size. + size_t block_count = sizeof(kInput) / block_size(); + EXPECT_LT(1U, block_count) << "need 2 blocks for tests"; + return block_count * block_size(); + } + + ScopedPK11SymKey MakeKey(CK_ATTRIBUTE_TYPE op) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + EXPECT_NE(nullptr, slot); + if (!slot) { + return nullptr; + } + + unsigned int key_len = 0; + switch (GetParam()) { + case CKM_AES_CBC_PAD: + case CKM_AES_CBC: + key_len = 16; // This doesn't do AES-256 to keep it simple. + break; + + case CKM_DES3_CBC_PAD: + case CKM_DES3_CBC: + key_len = 24; + break; + + default: + ADD_FAILURE() << "Unknown mechanism " << GetParam(); + return nullptr; + } + + SECItem key_item = {siBuffer, const_cast<uint8_t*>(kKeyData), key_len}; + PK11SymKey* p = PK11_ImportSymKey(slot.get(), GetParam(), PK11_OriginUnwrap, + op, &key_item, nullptr); + EXPECT_NE(nullptr, p); + return ScopedPK11SymKey(p); + } + + ScopedPK11Context MakeContext(CK_ATTRIBUTE_TYPE op) { + ScopedPK11SymKey k = MakeKey(op); + PK11Context* ctx = + PK11_CreateContextBySymKey(GetParam(), op, k.get(), GetIv()); + EXPECT_NE(nullptr, ctx); + return ScopedPK11Context(ctx); + } +}; + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt) { + uint8_t encrypted[sizeof(kInput) + 64]; // Allow for padding and expansion. + size_t input_len = GetInputLen(CKA_ENCRYPT); + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + unsigned int encrypted_len = 0; + SECStatus rv = + PK11_Encrypt(ek.get(), GetParam(), GetIv(), encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + ASSERT_EQ(SECSuccess, rv); + EXPECT_LE(input_len, static_cast<size_t>(encrypted_len)); + + // Though the decrypted result can't be larger than the input we provided, + // NSS needs extra space to put the padding in. + uint8_t decrypted[sizeof(kInput) + 64]; + unsigned int decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted, &decrypted_len, + sizeof(decrypted), encrypted, encrypted_len); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len)); + EXPECT_EQ(0, memcmp(kInput, decrypted, input_len)); +} + +TEST_P(Pkcs11CbcPadTest, ContextEncryptDecrypt) { + uint8_t encrypted[sizeof(kInput) + 64]; // Allow for padding and expansion. + size_t input_len = GetInputLen(CKA_ENCRYPT); + + ScopedPK11Context ectx = MakeContext(CKA_ENCRYPT); + int encrypted_len = 0; + SECStatus rv = PK11_CipherOp(ectx.get(), encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + ASSERT_EQ(SECSuccess, rv); + EXPECT_LE(0, encrypted_len); // Stupid signed parameters. + + unsigned int final_len = 0; + rv = PK11_CipherFinal(ectx.get(), encrypted + encrypted_len, &final_len, + sizeof(encrypted) - encrypted_len); + ASSERT_EQ(SECSuccess, rv); + encrypted_len += final_len; + EXPECT_LE(input_len, static_cast<size_t>(encrypted_len)); + + uint8_t decrypted[sizeof(kInput) + 64]; + int decrypted_len = 0; + ScopedPK11Context dctx = MakeContext(CKA_DECRYPT); + rv = PK11_CipherOp(dctx.get(), decrypted, &decrypted_len, sizeof(decrypted), + encrypted, encrypted_len); + ASSERT_EQ(SECSuccess, rv); + EXPECT_LE(0, decrypted_len); + + rv = PK11_CipherFinal(dctx.get(), decrypted + decrypted_len, &final_len, + sizeof(decrypted) - decrypted_len); + ASSERT_EQ(SECSuccess, rv); + decrypted_len += final_len; + EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len)); + EXPECT_EQ(0, memcmp(kInput, decrypted, input_len)); +} + +TEST_P(Pkcs11CbcPadTest, ContextEncryptDecryptTwoParts) { + uint8_t encrypted[sizeof(kInput) + 64]; + size_t input_len = GetInputLen(CKA_ENCRYPT); + + ScopedPK11Context ectx = MakeContext(CKA_ENCRYPT); + int first_len = 0; + SECStatus rv = PK11_CipherOp(ectx.get(), encrypted, &first_len, + sizeof(encrypted), kInput, block_size()); + ASSERT_EQ(SECSuccess, rv); + ASSERT_LE(0, first_len); + + int second_len = 0; + rv = PK11_CipherOp(ectx.get(), encrypted + first_len, &second_len, + sizeof(encrypted) - first_len, kInput + block_size(), + input_len - block_size()); + ASSERT_EQ(SECSuccess, rv); + ASSERT_LE(0, second_len); + + unsigned int final_len = 0; + rv = PK11_CipherFinal(ectx.get(), encrypted + first_len + second_len, + &final_len, sizeof(encrypted) - first_len - second_len); + ASSERT_EQ(SECSuccess, rv); + unsigned int encrypted_len = first_len + second_len + final_len; + ASSERT_LE(input_len, static_cast<size_t>(encrypted_len)); + + // Now decrypt this in a similar fashion. + uint8_t decrypted[sizeof(kInput) + 64]; + ScopedPK11Context dctx = MakeContext(CKA_DECRYPT); + rv = PK11_CipherOp(dctx.get(), decrypted, &first_len, sizeof(decrypted), + encrypted, block_size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_LE(0, first_len); + + rv = PK11_CipherOp(dctx.get(), decrypted + first_len, &second_len, + sizeof(decrypted) - first_len, encrypted + block_size(), + encrypted_len - block_size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_LE(0, second_len); + + unsigned int decrypted_len = 0; + rv = PK11_CipherFinal(dctx.get(), decrypted + first_len + second_len, + &decrypted_len, + sizeof(decrypted) - first_len - second_len); + ASSERT_EQ(SECSuccess, rv); + decrypted_len += first_len + second_len; + EXPECT_EQ(input_len, static_cast<size_t>(decrypted_len)); + EXPECT_EQ(0, memcmp(kInput, decrypted, input_len)); +} + +TEST_P(Pkcs11CbcPadTest, FailDecryptSimple) { + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + uint8_t output[sizeof(kInput) + 64]; + unsigned int output_len = 999; + SECStatus rv = + PK11_Decrypt(dk.get(), GetParam(), GetIv(), output, &output_len, + sizeof(output), kInput, GetInputLen(CKA_DECRYPT)); + if (is_padded()) { + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(999U, output_len); + } else { + // Unpadded decryption can't really fail. + EXPECT_EQ(SECSuccess, rv); + } +} + +TEST_P(Pkcs11CbcPadTest, FailEncryptSimple) { + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + uint8_t output[3]; // Too small for anything. + unsigned int output_len = 333; + + SECStatus rv = + PK11_Encrypt(ek.get(), GetParam(), GetIv(), output, &output_len, + sizeof(output), kInput, GetInputLen(CKA_ENCRYPT)); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(333U, output_len); +} + +// It's a bit of a lie to put this in pk11_cbc_unittest, since we +// also test bounds checking in other modes. There doesn't seem +// to be an appropriately-generic place elsewhere. +TEST_F(Pkcs11CbcPadTest, FailEncryptShortParam) { + SECStatus rv = SECFailure; + uint8_t encrypted[sizeof(kInput)]; + unsigned int encrypted_len = 0; + size_t input_len = AES_BLOCK_SIZE; + + // CK_GCM_PARAMS is the largest param struct used across AES modes + uint8_t param_buf[sizeof(CK_GCM_PARAMS)]; + SECItem param = {siBuffer, param_buf, sizeof(param_buf)}; + SECItem key_item = {siBuffer, const_cast<uint8_t*>(kKeyData), 16}; + + // Setup (we use the ECB key for other modes) + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_NE(nullptr, slot); + ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), CKM_AES_ECB, + PK11_OriginUnwrap, CKA_ENCRYPT, + &key_item, nullptr)); + ASSERT_TRUE(key.get()); + + // CTR should have a CK_AES_CTR_PARAMS + param.len = sizeof(CK_AES_CTR_PARAMS) - 1; + rv = PK11_Encrypt(key.get(), CKM_AES_CTR, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECFailure, rv); + + param.len++; + reinterpret_cast<CK_AES_CTR_PARAMS*>(param.data)->ulCounterBits = 32; + rv = PK11_Encrypt(key.get(), CKM_AES_CTR, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECSuccess, rv); + + // GCM should have a CK_GCM_PARAMS + param.len = sizeof(CK_GCM_PARAMS) - 1; + rv = PK11_Encrypt(key.get(), CKM_AES_GCM, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECFailure, rv); + + param.len++; + reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pIv = param_buf; + reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulIvLen = 12; + reinterpret_cast<CK_GCM_PARAMS*>(param.data)->pAAD = nullptr; + reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulAADLen = 0; + reinterpret_cast<CK_GCM_PARAMS*>(param.data)->ulTagBits = 128; + rv = PK11_Encrypt(key.get(), CKM_AES_GCM, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECSuccess, rv); + + // CBC should have a 16B IV + param.len = AES_BLOCK_SIZE - 1; + rv = PK11_Encrypt(key.get(), CKM_AES_CBC, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECFailure, rv); + + param.len++; + rv = PK11_Encrypt(key.get(), CKM_AES_CBC, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECSuccess, rv); + + // CTS + param.len = AES_BLOCK_SIZE - 1; + rv = PK11_Encrypt(key.get(), CKM_AES_CTS, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECFailure, rv); + + param.len++; + rv = PK11_Encrypt(key.get(), CKM_AES_CTS, ¶m, encrypted, &encrypted_len, + sizeof(encrypted), kInput, input_len); + EXPECT_EQ(SECSuccess, rv); +} + +TEST_P(Pkcs11CbcPadTest, ContextFailDecryptSimple) { + ScopedPK11Context dctx = MakeContext(CKA_DECRYPT); + uint8_t output[sizeof(kInput) + 64]; + int output_len = 77; + + SECStatus rv = PK11_CipherOp(dctx.get(), output, &output_len, sizeof(output), + kInput, GetInputLen(CKA_DECRYPT)); + EXPECT_EQ(SECSuccess, rv); + EXPECT_LE(0, output_len) << "this is not an AEAD, so content leaks"; + + unsigned int final_len = 88; + rv = PK11_CipherFinal(dctx.get(), output, &final_len, sizeof(output)); + if (is_padded()) { + EXPECT_EQ(SECFailure, rv); + ASSERT_EQ(88U, final_len) << "final_len should be untouched"; + } else { + // Unpadded decryption can't really fail. + EXPECT_EQ(SECSuccess, rv); + } +} + +TEST_P(Pkcs11CbcPadTest, ContextFailDecryptInvalidBlockSize) { + ScopedPK11Context dctx = MakeContext(CKA_DECRYPT); + uint8_t output[sizeof(kInput) + 64]; + int output_len = 888; + + SECStatus rv = PK11_CipherOp(dctx.get(), output, &output_len, sizeof(output), + kInput, GetInputLen(CKA_DECRYPT) - 1); + EXPECT_EQ(SECFailure, rv); + // Because PK11_CipherOp is partial, it can return data on failure. + // This means that it needs to reset its output length to 0 when it starts. + EXPECT_EQ(0, output_len) << "output_len is reset"; +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_PaddingTooLong) { + if (!is_padded()) { + return; + } + + // Padding that's over the block size + const std::vector<uint8_t> input = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, decrypted_len); +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding1) { + if (!is_padded()) { + return; + } + + // Padding that's one byte short + const std::vector<uint8_t> input = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, decrypted_len); +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortPadding2) { + if (!is_padded()) { + return; + } + + // Padding that's one byte short + const std::vector<uint8_t> input = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, decrypted_len); +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ZeroLengthPadding) { + if (!is_padded()) { + return; + } + + // Padding of length zero + const std::vector<uint8_t> input = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, decrypted_len); +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_OverflowPadding) { + if (!is_padded()) { + return; + } + + // Padding that's much longer than block size + const std::vector<uint8_t> input = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, decrypted_len); +} + +TEST_P(Pkcs11CbcPadTest, EncryptDecrypt_ShortValidPadding) { + if (!is_padded()) { + return; + } + + // Minimal valid padding + const std::vector<uint8_t> input = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; + std::vector<uint8_t> encrypted(input.size()); + uint32_t encrypted_len = 0; + + ScopedPK11SymKey ek = MakeKey(CKA_ENCRYPT); + SECStatus rv = PK11_Encrypt(ek.get(), GetUnpaddedMechanism(), GetIv(), + encrypted.data(), &encrypted_len, + encrypted.size(), input.data(), input.size()); + ASSERT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size(), encrypted_len); + + std::vector<uint8_t> decrypted(input.size()); + uint32_t decrypted_len = 0; + ScopedPK11SymKey dk = MakeKey(CKA_DECRYPT); + rv = PK11_Decrypt(dk.get(), GetParam(), GetIv(), decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted_len); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(input.size() - 1, decrypted_len); + EXPECT_EQ(0, memcmp(decrypted.data(), input.data(), decrypted_len)); +} + +INSTANTIATE_TEST_CASE_P(EncryptDecrypt, Pkcs11CbcPadTest, + ::testing::Values(CKM_AES_CBC_PAD, CKM_AES_CBC, + CKM_DES3_CBC_PAD, CKM_DES3_CBC)); + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc index 07bc91ee6..882f1f0d2 100644 --- a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc @@ -8,114 +8,31 @@ #include "nss.h" #include "pk11pub.h" #include "sechash.h" +#include "secerr.h" #include "cpputil.h" #include "nss_scoped_ptrs.h" +#include "testvectors/chachapoly-vectors.h" #include "gtest/gtest.h" namespace nss_test { -// ChaCha20/Poly1305 Test Vector 1, RFC 7539 -// <http://tools.ietf.org/html/rfc7539#section-2.8.2> -const uint8_t kTestVector1Data[] = { - 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, - 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, - 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, - 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, - 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, - 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, - 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e}; -const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, - 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7}; -const uint8_t kTestVector1Key[] = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, - 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, - 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f}; -const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41, - 0x42, 0x43, 0x44, 0x45, 0x46, 0x47}; -const uint8_t kTestVector1CT[] = { - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, - 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, - 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, - 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, - 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, - 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, - 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91}; - -// ChaCha20/Poly1305 Test Vector 2, RFC 7539 -// <http://tools.ietf.org/html/rfc7539#appendix-A.5> -const uint8_t kTestVector2Data[] = { - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, - 0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, - 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, - 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, - 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, - 0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, - 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, - 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c, - 0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, - 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20, - 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, - 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70, - 0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, - 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, - 0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, - 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74, - 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, - 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20, - 0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, - 0x9d}; -const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91}; -const uint8_t kTestVector2Key[] = { - 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, - 0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, - 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0}; -const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02, - 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; -const uint8_t kTestVector2CT[] = { - 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, - 0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, - 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18, - 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, - 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, - 0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, - 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e, - 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, - 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e, - 0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, - 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76, - 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, - 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0, - 0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, - 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04, - 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, - 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, - 0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, - 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9, - 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, - 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d, - 0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, - 0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36, - 0xfe, 0xa1, 0x85, 0x1f, 0x38}; - -class Pkcs11ChaCha20Poly1305Test : public ::testing::Test { +static const CK_MECHANISM_TYPE kMech = CKM_NSS_CHACHA20_POLY1305; +static const CK_MECHANISM_TYPE kMechXor = CKM_NSS_CHACHA20_CTR; +// Some test data for simple tests. +static const uint8_t kKeyData[32] = {'k'}; +static const uint8_t kCtrNonce[16] = {'c', 0, 0, 0, 'n'}; +static const uint8_t kData[16] = {'d'}; + +class Pkcs11ChaCha20Poly1305Test + : public ::testing::TestWithParam<chaChaTestVector> { public: - void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len, - const uint8_t* aad, size_t aad_len, const uint8_t* iv, - size_t iv_len, const uint8_t* ct = nullptr, - size_t ct_len = 0) { + void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv, + const bool invalid_tag, const uint8_t* data, + size_t data_len, const uint8_t* aad, size_t aad_len, + const uint8_t* iv, size_t iv_len, + const uint8_t* ct = nullptr, size_t ct_len = 0) { // Prepare AEAD params. CK_NSS_AEAD_PARAMS aead_params; aead_params.pNonce = toUcharPtr(iv); @@ -127,135 +44,261 @@ class Pkcs11ChaCha20Poly1305Test : public ::testing::Test { SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params), sizeof(aead_params)}; + // Encrypt with bad parameters. + unsigned int encrypted_len = 0; + std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen); + aead_params.ulTagLen = 158072; + SECStatus rv = + PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(0U, encrypted_len); + aead_params.ulTagLen = 16; + // Encrypt. - unsigned int outputLen = 0; - std::vector<uint8_t> output(data_len + aead_params.ulTagLen); - SECStatus rv = PK11_Encrypt(symKey, mech, ¶ms, &output[0], &outputLen, - output.size(), data, data_len); + rv = PK11_Encrypt(key.get(), kMech, ¶ms, encrypted.data(), + &encrypted_len, encrypted.size(), data, data_len); + + // Return if encryption failure was expected due to invalid IV. + // Without valid ciphertext, all further tests can be skipped. + if (invalid_iv) { + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, encrypted_len) + << "encrypted_len is unmodified after failure"; + return; + } + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(encrypted.size(), static_cast<size_t>(encrypted_len)); // Check ciphertext and tag. if (ct) { - EXPECT_TRUE(!memcmp(ct, &output[0], outputLen)); + ASSERT_EQ(ct_len, encrypted_len); + EXPECT_TRUE(!memcmp(ct, encrypted.data(), encrypted.size()) != + invalid_tag); } - // Decrypt. - unsigned int decryptedLen = 0; - std::vector<uint8_t> decrypted(data_len); - rv = PK11_Decrypt(symKey, mech, ¶ms, &decrypted[0], &decryptedLen, - decrypted.size(), &output[0], outputLen); + // Get the *estimated* plaintext length. This value should + // never be zero as it could lead to a NULL outPtr being + // passed to a subsequent decryption call (for AEAD we + // must authenticate even when the pt is zero-length). + unsigned int decrypt_bytes_needed = 0; + rv = PK11_Decrypt(key.get(), kMech, ¶ms, nullptr, &decrypt_bytes_needed, + 0, encrypted.data(), encrypted_len); + EXPECT_EQ(rv, SECSuccess); + EXPECT_GT(decrypt_bytes_needed, data_len); + + // Now decrypt it + std::vector<uint8_t> decrypted(decrypt_bytes_needed); + unsigned int decrypted_len = 0; + rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), + &decrypted_len, decrypted.size(), encrypted.data(), + encrypted.size()); EXPECT_EQ(rv, SECSuccess); // Check the plaintext. - EXPECT_TRUE(!memcmp(data, &decrypted[0], decryptedLen)); + ASSERT_EQ(data_len, decrypted_len); + EXPECT_TRUE(!memcmp(data, decrypted.data(), decrypted_len)); // Decrypt with bogus data. - { - std::vector<uint8_t> bogusCiphertext(output); - bogusCiphertext[0] ^= 0xff; - rv = PK11_Decrypt(symKey, mech, ¶ms, &decrypted[0], &decryptedLen, - decrypted.size(), &bogusCiphertext[0], outputLen); - EXPECT_NE(rv, SECSuccess); + // Skip if there's no data to modify. + if (encrypted_len > 0) { + decrypted_len = 0; + std::vector<uint8_t> bogus_ciphertext(encrypted); + bogus_ciphertext[0] ^= 0xff; + rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), + &decrypted_len, decrypted.size(), + bogus_ciphertext.data(), encrypted_len); + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, decrypted_len); } // Decrypt with bogus tag. - { - std::vector<uint8_t> bogusTag(output); - bogusTag[outputLen - 1] ^= 0xff; - rv = PK11_Decrypt(symKey, mech, ¶ms, &decrypted[0], &decryptedLen, - decrypted.size(), &bogusTag[0], outputLen); - EXPECT_NE(rv, SECSuccess); + // Skip if there's no tag to modify. + if (encrypted_len > 0) { + decrypted_len = 0; + std::vector<uint8_t> bogus_tag(encrypted); + bogus_tag[encrypted_len - 1] ^= 0xff; + rv = PK11_Decrypt(key.get(), kMech, ¶ms, decrypted.data(), + &decrypted_len, decrypted.size(), bogus_tag.data(), + encrypted_len); + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, decrypted_len); } // Decrypt with bogus IV. - { - SECItem bogusParams(params); + // iv_len == 0 is invalid and should be caught earlier. + // Still skip, if there's no IV to modify. + if (iv_len != 0) { + decrypted_len = 0; + SECItem bogus_params(params); CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params); - bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams); + bogus_params.data = reinterpret_cast<unsigned char*>(&bogusAeadParams); std::vector<uint8_t> bogusIV(iv, iv + iv_len); - bogusAeadParams.pNonce = toUcharPtr(&bogusIV[0]); + bogusAeadParams.pNonce = toUcharPtr(bogusIV.data()); bogusIV[0] ^= 0xff; - rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0], - &decryptedLen, data_len, &output[0], outputLen); - EXPECT_NE(rv, SECSuccess); + rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(), + &decrypted_len, data_len, encrypted.data(), + encrypted.size()); + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, decrypted_len); } // Decrypt with bogus additional data. - { - SECItem bogusParams(params); - CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params); - bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams); - - std::vector<uint8_t> bogusAAD(aad, aad + aad_len); - bogusAeadParams.pAAD = toUcharPtr(&bogusAAD[0]); - bogusAAD[0] ^= 0xff; - - rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0], - &decryptedLen, data_len, &output[0], outputLen); - EXPECT_NE(rv, SECSuccess); + // Skip when AAD was empty and can't be modified. + // Alternatively we could generate random aad. + if (aad_len != 0) { + decrypted_len = 0; + SECItem bogus_params(params); + CK_NSS_AEAD_PARAMS bogus_aead_params(aead_params); + bogus_params.data = reinterpret_cast<unsigned char*>(&bogus_aead_params); + + std::vector<uint8_t> bogus_aad(aad, aad + aad_len); + bogus_aead_params.pAAD = toUcharPtr(bogus_aad.data()); + bogus_aad[0] ^= 0xff; + + rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(), + &decrypted_len, data_len, encrypted.data(), + encrypted.size()); + EXPECT_EQ(rv, SECFailure); + EXPECT_EQ(0U, decrypted_len); } } - void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data, - size_t data_len, const uint8_t* aad, size_t aad_len, - const uint8_t* iv, size_t iv_len, const uint8_t* ct, - size_t ct_len) { + void EncryptDecrypt(const chaChaTestVector testvector) { ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - SECItem keyItem = {siBuffer, toUcharPtr(key), - static_cast<unsigned int>(key_len)}; + SECItem keyItem = {siBuffer, toUcharPtr(testvector.Key.data()), + static_cast<unsigned int>(testvector.Key.size())}; // Import key. - ScopedPK11SymKey symKey(PK11_ImportSymKey( - slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr)); - EXPECT_TRUE(!!symKey); + ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), kMech, PK11_OriginUnwrap, + CKA_ENCRYPT, &keyItem, nullptr)); + EXPECT_TRUE(!!key); // Check. - EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct, - ct_len); + EncryptDecrypt(key, testvector.invalidIV, testvector.invalidTag, + testvector.Data.data(), testvector.Data.size(), + testvector.AAD.data(), testvector.AAD.size(), + testvector.IV.data(), testvector.IV.size(), + testvector.CT.data(), testvector.CT.size()); } protected: - CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305; }; -#define ENCRYPT_DECRYPT(v) \ - EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \ - sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT)); - TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) { // Generate a random key. ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr)); - EXPECT_TRUE(!!symKey); + ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr)); + EXPECT_TRUE(!!key); // Generate random data. - std::vector<uint8_t> data(512); - SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), &data[0], data.size()); + std::vector<uint8_t> input(512); + SECStatus rv = + PK11_GenerateRandomOnSlot(slot.get(), input.data(), input.size()); EXPECT_EQ(rv, SECSuccess); // Generate random AAD. std::vector<uint8_t> aad(16); - rv = PK11_GenerateRandomOnSlot(slot.get(), &aad[0], aad.size()); + rv = PK11_GenerateRandomOnSlot(slot.get(), aad.data(), aad.size()); EXPECT_EQ(rv, SECSuccess); // Generate random IV. std::vector<uint8_t> iv(12); - rv = PK11_GenerateRandomOnSlot(slot.get(), &iv[0], iv.size()); + rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size()); EXPECT_EQ(rv, SECSuccess); // Check. - EncryptDecrypt(symKey.get(), &data[0], data.size(), &aad[0], aad.size(), - &iv[0], iv.size()); + EncryptDecrypt(key, false, false, input.data(), input.size(), aad.data(), + aad.size(), iv.data(), iv.size()); +} + +TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) { + static const uint8_t kExpected[sizeof(kData)] = { + 0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a, + 0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51}; + + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + SECItem keyItem = {siBuffer, toUcharPtr(kKeyData), + static_cast<unsigned int>(sizeof(kKeyData))}; + ScopedPK11SymKey key(PK11_ImportSymKey( + slot.get(), kMechXor, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr)); + EXPECT_TRUE(!!key); + + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast<unsigned int>(sizeof(kCtrNonce))}; + uint8_t encrypted[sizeof(kData)]; + unsigned int encrypted_len = 88; // This should be overwritten. + SECStatus rv = + PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kData, sizeof(kData)); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len)); + EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected))); + + // Decrypting has the same effect. + rv = PK11_Decrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kData, sizeof(kData)); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len)); + EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected))); + + // Operating in reverse too. + rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kExpected, + sizeof(kExpected)); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len)); + EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData))); } -TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector1) { - ENCRYPT_DECRYPT(kTestVector1); +// This test just ensures that a key can be generated for use with the XOR +// function. The result is random and therefore cannot be checked. +TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXor) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr)); + EXPECT_TRUE(!!key); + + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast<unsigned int>(sizeof(kCtrNonce))}; + uint8_t encrypted[sizeof(kData)]; + unsigned int encrypted_len = 88; // This should be overwritten. + SECStatus rv = + PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kData, sizeof(kData)); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len)); } -TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) { - ENCRYPT_DECRYPT(kTestVector2); +TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr)); + EXPECT_TRUE(!!key); + + SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce), + static_cast<unsigned int>(sizeof(kCtrNonce)) - 1}; + uint8_t encrypted[sizeof(kData)]; + unsigned int encrypted_len = 88; + SECStatus rv = + PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kData, sizeof(kData)); + EXPECT_EQ(SECFailure, rv); + + ctrNonceItem.data = nullptr; + rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted, + &encrypted_len, sizeof(encrypted), kData, sizeof(kData)); + EXPECT_EQ(SECFailure, rv); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); } +TEST_P(Pkcs11ChaCha20Poly1305Test, TestVectors) { EncryptDecrypt(GetParam()); } + +INSTANTIATE_TEST_CASE_P(NSSTestVector, Pkcs11ChaCha20Poly1305Test, + ::testing::ValuesIn(kChaCha20Vectors)); + +INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11ChaCha20Poly1305Test, + ::testing::ValuesIn(kChaCha20WycheproofVectors)); + } // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc index 009c44fce..647e3a706 100644 --- a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc @@ -5,111 +5,122 @@ #include <memory> #include "nss.h" #include "pk11pub.h" - +#include "prerror.h" #include "cpputil.h" #include "nss_scoped_ptrs.h" +#include "testvectors/curve25519-vectors.h" #include "gtest/gtest.h" namespace nss_test { -// <https://tools.ietf.org/html/rfc7748#section-6.1> -const uint8_t kPkcs8[] = { - 0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, - 0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, - 0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20, - 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, - 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, - 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21, - 0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, - 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, - 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a}; -const uint8_t kSpki[] = { - 0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, - 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, - 0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, - 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, - 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}; -const uint8_t kSecret[] = {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, - 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25, - 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33, - 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42}; - -// A public key that's too short (31 bytes). -const uint8_t kSpkiShort[] = { - 0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, - 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, - 0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, - 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, - 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f}; - -// A public key that's too long (33 bytes). -const uint8_t kSpkiLong[] = { - 0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, - 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01, - 0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, - 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, - 0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34}; - -class Pkcs11Curve25519Test : public ::testing::Test { +class Pkcs11Curve25519Test + : public ::testing::TestWithParam<curve25519_testvector> { protected: void Derive(const uint8_t* pkcs8, size_t pkcs8_len, const uint8_t* spki, size_t spki_len, const uint8_t* secret, size_t secret_len, bool expect_success) { - ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); ASSERT_TRUE(slot); - SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8), - static_cast<unsigned int>(pkcs8_len)}; + SECItem pkcs8_item = {siBuffer, toUcharPtr(pkcs8), + static_cast<unsigned int>(pkcs8_len)}; SECKEYPrivateKey* key = nullptr; SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( - slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key, + slot.get(), &pkcs8_item, nullptr, nullptr, false, false, KU_ALL, &key, nullptr); EXPECT_EQ(SECSuccess, rv); - ScopedSECKEYPrivateKey privKey(key); - ASSERT_TRUE(privKey); + ScopedSECKEYPrivateKey priv_key_sess(key); + ASSERT_TRUE(priv_key_sess); - SECItem spkiItem = {siBuffer, toUcharPtr(spki), - static_cast<unsigned int>(spki_len)}; + SECItem spki_item = {siBuffer, toUcharPtr(spki), + static_cast<unsigned int>(spki_len)}; - ScopedCERTSubjectPublicKeyInfo certSpki( - SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem)); - ASSERT_TRUE(certSpki); + ScopedCERTSubjectPublicKeyInfo cert_spki( + SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item)); + if (!expect_success && !cert_spki) { + return; + } + ASSERT_TRUE(cert_spki); - ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get())); - ASSERT_TRUE(pubKey); + ScopedSECKEYPublicKey pub_key_remote( + SECKEY_ExtractPublicKey(cert_spki.get())); + ASSERT_TRUE(pub_key_remote); - ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF( - privKey.get(), pubKey.get(), false, nullptr, nullptr, CKM_ECDH1_DERIVE, - CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr)); - EXPECT_EQ(expect_success, !!symKey); + // sym_key_sess = ECDH(session_import(private_test), public_test) + ScopedPK11SymKey sym_key_sess(PK11_PubDeriveWithKDF( + priv_key_sess.get(), pub_key_remote.get(), false, nullptr, nullptr, + CKM_ECDH1_DERIVE, CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, + nullptr)); + ASSERT_EQ(expect_success, !!sym_key_sess); if (expect_success) { - rv = PK11_ExtractKeyValue(symKey.get()); + rv = PK11_ExtractKeyValue(sym_key_sess.get()); EXPECT_EQ(SECSuccess, rv); - SECItem* keyData = PK11_GetKeyData(symKey.get()); - EXPECT_EQ(secret_len, keyData->len); - EXPECT_EQ(memcmp(keyData->data, secret, secret_len), 0); + SECItem* key_data = PK11_GetKeyData(sym_key_sess.get()); + EXPECT_EQ(secret_len, key_data->len); + EXPECT_EQ(memcmp(key_data->data, secret, secret_len), 0); + + // Perform wrapped export on the imported private, import it as + // permanent, and verify we derive the same shared secret + static const uint8_t pw[] = "pw"; + SECItem pwItem = {siBuffer, toUcharPtr(pw), sizeof(pw)}; + ScopedSECKEYEncryptedPrivateKeyInfo epki(PK11_ExportEncryptedPrivKeyInfo( + slot.get(), SEC_OID_AES_256_CBC, &pwItem, priv_key_sess.get(), 1, + nullptr)); + ASSERT_NE(nullptr, epki) << "PK11_ExportEncryptedPrivKeyInfo failed: " + << PORT_ErrorToName(PORT_GetError()); + + ScopedSECKEYPublicKey pub_key_local( + SECKEY_ConvertToPublicKey(priv_key_sess.get())); + + SECKEYPrivateKey* priv_key_tok = nullptr; + rv = PK11_ImportEncryptedPrivateKeyInfoAndReturnKey( + slot.get(), epki.get(), &pwItem, nullptr, + &pub_key_local->u.ec.publicValue, PR_TRUE, PR_TRUE, ecKey, 0, + &priv_key_tok, nullptr); + ASSERT_EQ(SECSuccess, rv) << "PK11_ImportEncryptedPrivateKeyInfo failed " + << PORT_ErrorToName(PORT_GetError()); + ASSERT_TRUE(priv_key_tok); + + // sym_key_tok = ECDH(token_import(export(private_test)), + // public_test) + ScopedPK11SymKey sym_key_tok(PK11_PubDeriveWithKDF( + priv_key_tok, pub_key_remote.get(), false, nullptr, nullptr, + CKM_ECDH1_DERIVE, CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, + nullptr)); + EXPECT_TRUE(sym_key_tok); + + if (sym_key_tok) { + rv = PK11_ExtractKeyValue(sym_key_tok.get()); + EXPECT_EQ(SECSuccess, rv); + + key_data = PK11_GetKeyData(sym_key_tok.get()); + EXPECT_EQ(secret_len, key_data->len); + EXPECT_EQ(memcmp(key_data->data, secret, secret_len), 0); + } + rv = PK11_DeleteTokenPrivateKey(priv_key_tok, true); + EXPECT_EQ(SECSuccess, rv); } - } + }; + + void Derive(const curve25519_testvector testvector) { + Derive(testvector.private_key.data(), testvector.private_key.size(), + testvector.public_key.data(), testvector.public_key.size(), + testvector.secret.data(), testvector.secret.size(), + testvector.valid); + }; }; -TEST_F(Pkcs11Curve25519Test, DeriveSharedSecret) { - Derive(kPkcs8, sizeof(kPkcs8), kSpki, sizeof(kSpki), kSecret, sizeof(kSecret), - true); -} +TEST_P(Pkcs11Curve25519Test, TestVectors) { Derive(GetParam()); } -TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretShort) { - Derive(kPkcs8, sizeof(kPkcs8), kSpkiShort, sizeof(kSpkiShort), nullptr, 0, - false); -} +INSTANTIATE_TEST_CASE_P(NSSTestVector, Pkcs11Curve25519Test, + ::testing::ValuesIn(kCurve25519Vectors)); -TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretLong) { - Derive(kPkcs8, sizeof(kPkcs8), kSpkiLong, sizeof(kSpkiLong), nullptr, 0, - false); -} +INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11Curve25519Test, + ::testing::ValuesIn(kCurve25519WycheproofVectors)); } // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc index 88c283317..449e7728b 100644 --- a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc @@ -15,6 +15,20 @@ namespace nss_test { +const std::vector<uint8_t> kValidP256Key = { + 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, + 0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57, + 0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12, + 0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42, + 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61, + 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61, + 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03, + 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28, + 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3, + 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99}; + const std::vector<uint8_t> kValidRSAKey = { // 512-bit RSA private key (PKCS#8) 0x30, 0x82, 0x01, 0x54, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, @@ -73,38 +87,76 @@ const std::vector<uint8_t> kInvalidZeroLengthKey = { class DERPrivateKeyImportTest : public ::testing::Test { public: - bool ParsePrivateKey(const std::vector<uint8_t>& data) { - ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - EXPECT_TRUE(slot); - + bool ParsePrivateKey(const std::vector<uint8_t>& data, bool expect_success) { SECKEYPrivateKey* key = nullptr; + SECStatus rv = SECFailure; + std::string nick_str = + ::testing::UnitTest::GetInstance()->current_test_info()->name() + + std::to_string(rand()); SECItem item = {siBuffer, const_cast<unsigned char*>(data.data()), - (unsigned int)data.size()}; + static_cast<unsigned int>(data.size())}; + SECItem nick = {siBuffer, reinterpret_cast<unsigned char*>( + const_cast<char*>(nick_str.data())), + static_cast<unsigned int>(nick_str.length())}; + + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + EXPECT_TRUE(slot); + if (!slot) { + return false; + } - SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( - slot.get(), &item, nullptr, nullptr, false, false, KU_ALL, &key, - nullptr); + if (PK11_NeedUserInit(slot.get())) { + if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) { + EXPECT_EQ(rv, SECSuccess) << "PK11_InitPin failed"; + } + } + rv = PK11_Authenticate(slot.get(), PR_TRUE, nullptr); + EXPECT_EQ(rv, SECSuccess); + rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( + slot.get(), &item, &nick, nullptr, true, false, KU_ALL, &key, nullptr); EXPECT_EQ(rv == SECSuccess, key != nullptr); - SECKEY_DestroyPrivateKey(key); + + if (expect_success) { + // Try to find the key via its label + ScopedSECKEYPrivateKeyList list(PK11_ListPrivKeysInSlot( + slot.get(), const_cast<char*>(nick_str.c_str()), nullptr)); + EXPECT_FALSE(!list); + } + + if (key) { + rv = PK11_DeleteTokenPrivateKey(key, true); + EXPECT_EQ(SECSuccess, rv); + + // PK11_DeleteTokenPrivateKey leaves an errorCode set when there's + // no cert. This is expected, so clear it. + if (PORT_GetError() == SSL_ERROR_NO_CERTIFICATE) { + PORT_SetError(0); + } + } return rv == SECSuccess; } }; TEST_F(DERPrivateKeyImportTest, ImportPrivateRSAKey) { - EXPECT_TRUE(ParsePrivateKey(kValidRSAKey)); - EXPECT_FALSE(PORT_GetError()); + EXPECT_TRUE(ParsePrivateKey(kValidRSAKey, true)); + EXPECT_FALSE(PORT_GetError()) << PORT_GetError(); +} + +TEST_F(DERPrivateKeyImportTest, ImportEcdsaKey) { + EXPECT_TRUE(ParsePrivateKey(kValidP256Key, true)); + EXPECT_FALSE(PORT_GetError()) << PORT_GetError(); } TEST_F(DERPrivateKeyImportTest, ImportInvalidPrivateKey) { - EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey)); - EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER); + EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey, false)); + EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER) << PORT_GetError(); } TEST_F(DERPrivateKeyImportTest, ImportZeroLengthPrivateKey) { - EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey)); - EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY); + EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey, false)); + EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY) << PORT_GetError(); } } // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc new file mode 100644 index 000000000..30f1afb8d --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_des_unittest.cc @@ -0,0 +1,65 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" + +#include "nss_scoped_ptrs.h" + +#include "gtest/gtest.h" + +namespace nss_test { + +class Pkcs11DesTest : public ::testing::Test { + protected: + SECStatus EncryptWithIV(std::vector<uint8_t>& iv, + const CK_MECHANISM_TYPE mech) { + // Generate a random key. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_KeyGen(slot.get(), mech, nullptr, 8, nullptr)); + EXPECT_TRUE(!!sym_key); + + std::vector<uint8_t> data(16); + std::vector<uint8_t> output(16); + + SECItem params = {siBuffer, iv.data(), + static_cast<unsigned int>(iv.size())}; + + // Try to encrypt. + unsigned int output_len = 0; + return PK11_Encrypt(sym_key.get(), mech, ¶ms, output.data(), + &output_len, output.size(), data.data(), data.size()); + } +}; + +TEST_F(Pkcs11DesTest, ZeroLengthIV) { + std::vector<uint8_t> iv(0); + EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES_CBC)); + EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES3_CBC)); +} + +TEST_F(Pkcs11DesTest, IVTooShort) { + std::vector<uint8_t> iv(7); + EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES_CBC)); + EXPECT_EQ(SECFailure, EncryptWithIV(iv, CKM_DES3_CBC)); +} + +TEST_F(Pkcs11DesTest, WrongLengthIV) { + // We tolerate IVs > 8 + std::vector<uint8_t> iv(15, 0); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES_CBC)); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES3_CBC)); +} + +TEST_F(Pkcs11DesTest, AllGood) { + std::vector<uint8_t> iv(8, 0); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES_CBC)); + EXPECT_EQ(SECSuccess, EncryptWithIV(iv, CKM_DES3_CBC)); +} + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc index e905f7835..1816e3c9c 100644 --- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc @@ -45,6 +45,11 @@ static const Pkcs11EcdsaTestParams kEcdsaVectors[] = { DataBuffer(kP256Spki, sizeof(kP256Spki)), DataBuffer(kP256Data, sizeof(kP256Data)), DataBuffer(kP256Signature, sizeof(kP256Signature))}}, + {SEC_OID_SHA256, + {DataBuffer(kP256Pkcs8ZeroPad, sizeof(kP256Pkcs8ZeroPad)), + DataBuffer(kP256SpkiZeroPad, sizeof(kP256SpkiZeroPad)), + DataBuffer(kP256DataZeroPad, sizeof(kP256DataZeroPad)), + DataBuffer(kP256SignatureZeroPad, sizeof(kP256SignatureZeroPad))}}, {SEC_OID_SHA384, {DataBuffer(kP384Pkcs8, sizeof(kP384Pkcs8)), DataBuffer(kP384Spki, sizeof(kP384Spki)), diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h b/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h index 1dd2c8728..9f625dd08 100644 --- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h +++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h @@ -130,6 +130,38 @@ const uint8_t kP521Signature[] = { 0xd8, 0xb8, 0xc3, 0x7f, 0xf0, 0x77, 0x7b, 0x1a, 0x20, 0xf8, 0xcc, 0xb1, 0xdc, 0xcc, 0x43, 0x99, 0x7f, 0x1e, 0xe0, 0xe4, 0x4d, 0xa4, 0xa6, 0x7a}; +// ECDSA P256 test case with a leading zero in the private key +const uint8_t kP256Pkcs8ZeroPad[] = { + 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x00, 0x16, 0x40, 0x71, 0x99, 0xe3, 0x07, 0xaa, 0xdc, 0x98, 0x0b, 0x21, + 0x62, 0xce, 0x66, 0x1f, 0xe4, 0x1a, 0x86, 0x9a, 0x23, 0x33, 0xf6, 0x72, + 0xb4, 0xa3, 0xdc, 0x3b, 0x50, 0xba, 0x20, 0xce, 0xa1, 0x44, 0x03, 0x42, + 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6, 0xf8, + 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63, 0x2e, + 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba, 0xd6, + 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85, 0xbd, + 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e, 0xd3, + 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02}; +const uint8_t kP256SpkiZeroPad[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6, + 0xf8, 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63, + 0x2e, 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba, + 0xd6, 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85, + 0xbd, 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e, + 0xd3, 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02}; +const uint8_t kP256DataZeroPad[] = {'s', 'a', 'm', 'p', 'l', 'e'}; +const uint8_t kP256SignatureZeroPad[] = { + 0xa6, 0xf4, 0xe4, 0xa8, 0x3f, 0x03, 0x59, 0x89, 0x60, 0x53, 0xe7, + 0xdc, 0xb5, 0xbe, 0x78, 0xaf, 0xc1, 0xca, 0xc0, 0x65, 0xba, 0xa4, + 0x3c, 0xf1, 0xe4, 0xae, 0xe3, 0xba, 0x22, 0x3d, 0xac, 0x9d, 0x6d, + 0x1b, 0x26, 0x00, 0xcf, 0x47, 0xa1, 0xe1, 0x04, 0x21, 0x8d, 0x0b, + 0xbb, 0x16, 0xfa, 0x3e, 0x59, 0x32, 0x01, 0xb0, 0x45, 0x3e, 0x27, + 0xa4, 0xc4, 0xfd, 0x31, 0xc9, 0x1a, 0x8e, 0x74, 0xd8}; + // ECDSA test vectors, SPKI and PKCS#8 edge cases. const uint8_t kP256Pkcs8NoCurveOIDOrAlgorithmParams[] = { 0x30, 0x7d, 0x02, 0x01, 0x00, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48, diff --git a/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc new file mode 100644 index 000000000..5958b2367 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_find_certs_unittest.cc @@ -0,0 +1,547 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* vim: set ts=4 et sw=4 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <string.h> + +#include "nss.h" +#include "pk11pub.h" +#include "prenv.h" +#include "prerror.h" +#include "secmod.h" + +#include "gtest/gtest.h" +#include "nss_scoped_ptrs.h" +#include "util.h" + +namespace nss_test { + +// These test certificates were generated using pycert/pykey from +// mozilla-central (https://hg.mozilla.org/mozilla-central/file/ ... +// 9968319230a74eb8c1953444a0e6973c7500a9f8/security/manager/ssl/ ... +// tests/unit/pycert.py). + +// issuer:test cert +// subject:test cert +// issuerKey:secp256r1 +// subjectKey:secp256r1 +// serialNumber:1 +const std::vector<uint8_t> kTestCert1DER = { + 0x30, 0x82, 0x01, 0x1D, 0x30, 0x81, 0xC2, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, + 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65, + 0x72, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8, + 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B, + 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45, + 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07, + 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B, + 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13, + 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91, + 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80, + 0x0A, 0x70, 0xE6, 0x02, 0x20, 0x11, 0xFA, 0xA2, 0xCA, 0x06, 0xF3, 0xBC, + 0x5F, 0x8A, 0xCA, 0x17, 0x63, 0x36, 0x87, 0xCF, 0x8D, 0x5C, 0xA0, 0x56, + 0x84, 0x44, 0x61, 0xB2, 0x33, 0x42, 0x07, 0x58, 0x9F, 0x0C, 0x9E, 0x49, + 0x83, +}; + +// issuer:test cert +// subject:test cert +// issuerKey:secp256r1 +// subjectKey:secp256r1 +// serialNumber:2 +const std::vector<uint8_t> kTestCert2DER = { + 0x30, 0x82, 0x01, 0x1E, 0x30, 0x81, 0xC2, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, + 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65, + 0x72, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, + 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8, + 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B, + 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45, + 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07, + 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B, + 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13, + 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91, + 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80, + 0x0A, 0x70, 0xE6, 0x02, 0x21, 0x00, 0xF6, 0x5E, 0x42, 0xC7, 0x54, 0x40, + 0x81, 0xE9, 0x4C, 0x16, 0x48, 0xB1, 0x39, 0x0A, 0xA0, 0xE2, 0x8C, 0x23, + 0xAA, 0xC5, 0xBB, 0xAC, 0xEB, 0x9B, 0x15, 0x0B, 0x2F, 0xB7, 0xF5, 0x85, + 0xB2, 0x54, +}; + +const std::vector<uint8_t> kTestCertSubjectDER = { + 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x65, 0x72, 0x74, +}; + +// issuer:test cert +// subject:unrelated subject DN +// issuerKey:secp256r1 +// subjectKey:secp256r1 +// serialNumber:3 +const std::vector<uint8_t> kUnrelatedTestCertDER = { + 0x30, 0x82, 0x01, 0x28, 0x30, 0x81, 0xCD, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, + 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x14, 0x75, 0x6E, 0x72, 0x65, 0x6C, 0x61, 0x74, + 0x65, 0x64, 0x20, 0x73, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x44, + 0x4E, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, 0xBB, 0x61, 0xE0, 0xF8, 0xF9, + 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, 0xE2, 0xEC, 0x05, 0x0B, 0x42, + 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, 0x4F, 0x79, 0x4B, 0x45, 0x5C, + 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, 0xC4, 0x11, 0x9D, 0x07, 0x06, + 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, 0xD7, 0x99, 0x1B, 0x7B, 0x2D, + 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, 0xC0, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, + 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C, 0x75, 0x51, 0x9F, 0x13, 0x11, + 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, 0xBC, 0x06, 0x30, 0x91, 0xFF, + 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, 0xFD, 0xCB, 0x42, 0x80, 0x0A, + 0x70, 0xE6, 0x02, 0x20, 0x0F, 0x1A, 0x04, 0xC2, 0xF8, 0xBA, 0xC2, 0x94, + 0x26, 0x6E, 0xBC, 0x91, 0x7D, 0xDB, 0x75, 0x7B, 0xE8, 0xA3, 0x4F, 0x69, + 0x1B, 0xF3, 0x1F, 0x2C, 0xCE, 0x82, 0x67, 0xC9, 0x5B, 0xBB, 0xBA, 0x0A, +}; + +class PK11FindCertsTestBase : public ::testing::Test { + protected: + PK11FindCertsTestBase() + : m_slot(nullptr), test_cert_db_dir_("PK11FindCertsTestBase-") {} + + virtual void SetUp() { + std::string test_cert_db_path(test_cert_db_dir_.GetPath()); + const char* test_name = + ::testing::UnitTest::GetInstance()->current_test_info()->name(); + std::string mod_spec = "configDir='sql:"; + mod_spec.append(test_cert_db_path); + mod_spec.append("' tokenDescription='"); + mod_spec.append(test_name); + mod_spec.append("'"); + m_slot = SECMOD_OpenUserDB(mod_spec.c_str()); + ASSERT_NE(m_slot, nullptr); + } + + virtual void TearDown() { + ASSERT_EQ(SECMOD_CloseUserDB(m_slot), SECSuccess); + PK11_FreeSlot(m_slot); + std::string test_cert_db_path(test_cert_db_dir_.GetPath()); + ASSERT_EQ(0, unlink((test_cert_db_path + "/cert9.db").c_str())); + ASSERT_EQ(0, unlink((test_cert_db_path + "/key4.db").c_str())); + } + + PK11SlotInfo* m_slot; + ScopedUniqueDirectory test_cert_db_dir_; +}; + +class PK11FindRawCertsBySubjectTest : public PK11FindCertsTestBase {}; + +// If we don't have any certificates, we shouldn't get any when we search for +// them. +TEST_F(PK11FindRawCertsBySubjectTest, TestNoCertsImportedNoCertsFound) { + SECItem subject_item = { + siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()), + (unsigned int)kTestCertSubjectDER.size()}; + CERTCertificateList* certificates = nullptr; + SECStatus rv = + PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates); + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(certificates, nullptr); +} + +// If we have one certificate but it has an unrelated subject DN, we shouldn't +// get it when we search. +TEST_F(PK11FindRawCertsBySubjectTest, TestOneCertImportedNoCertsFound) { + char cert_nickname[] = "Unrelated Cert"; + SECItem cert_item = {siBuffer, + const_cast<unsigned char*>(kUnrelatedTestCertDER.data()), + (unsigned int)kUnrelatedTestCertDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE, + cert_nickname, false), + SECSuccess); + + SECItem subject_item = { + siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()), + (unsigned int)kTestCertSubjectDER.size()}; + CERTCertificateList* certificates = nullptr; + SECStatus rv = + PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates); + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(certificates, nullptr); +} + +TEST_F(PK11FindRawCertsBySubjectTest, TestMultipleMatchingCertsFound) { + char cert1_nickname[] = "Test Cert 1"; + SECItem cert1_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE, + cert1_nickname, false), + SECSuccess); + char cert2_nickname[] = "Test Cert 2"; + SECItem cert2_item = {siBuffer, + const_cast<unsigned char*>(kTestCert2DER.data()), + (unsigned int)kTestCert2DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert2_item, CK_INVALID_HANDLE, + cert2_nickname, false), + SECSuccess); + char unrelated_cert_nickname[] = "Unrelated Test Cert"; + SECItem unrelated_cert_item = { + siBuffer, const_cast<unsigned char*>(kUnrelatedTestCertDER.data()), + (unsigned int)kUnrelatedTestCertDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &unrelated_cert_item, CK_INVALID_HANDLE, + unrelated_cert_nickname, false), + SECSuccess); + + CERTCertificateList* certificates = nullptr; + SECItem subject_item = { + siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()), + (unsigned int)kTestCertSubjectDER.size()}; + SECStatus rv = + PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates); + EXPECT_EQ(rv, SECSuccess); + ASSERT_NE(certificates, nullptr); + ScopedCERTCertificateList scoped_certificates(certificates); + ASSERT_EQ(scoped_certificates->len, 2); + + std::vector<uint8_t> found_cert1( + scoped_certificates->certs[0].data, + scoped_certificates->certs[0].data + scoped_certificates->certs[0].len); + std::vector<uint8_t> found_cert2( + scoped_certificates->certs[1].data, + scoped_certificates->certs[1].data + scoped_certificates->certs[1].len); + EXPECT_TRUE(found_cert1 == kTestCert1DER || found_cert1 == kTestCert2DER); + EXPECT_TRUE(found_cert2 == kTestCert1DER || found_cert2 == kTestCert2DER); + EXPECT_TRUE(found_cert1 != found_cert2); +} + +// If we try to search the internal slots, we won't find the certificate we just +// imported (because it's on a different slot). +TEST_F(PK11FindRawCertsBySubjectTest, TestNoCertsOnInternalSlots) { + char cert1_nickname[] = "Test Cert 1"; + SECItem cert1_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE, + cert1_nickname, false), + SECSuccess); + + SECItem subject_item = { + siBuffer, const_cast<unsigned char*>(kTestCertSubjectDER.data()), + (unsigned int)kTestCertSubjectDER.size()}; + CERTCertificateList* internal_key_slot_certificates = nullptr; + ScopedPK11SlotInfo internal_key_slot(PK11_GetInternalKeySlot()); + SECStatus rv = PK11_FindRawCertsWithSubject( + internal_key_slot.get(), &subject_item, &internal_key_slot_certificates); + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(internal_key_slot_certificates, nullptr); + + CERTCertificateList* internal_slot_certificates = nullptr; + ScopedPK11SlotInfo internal_slot(PK11_GetInternalSlot()); + rv = PK11_FindRawCertsWithSubject(internal_slot.get(), &subject_item, + &internal_slot_certificates); + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(internal_slot_certificates, nullptr); +} + +// issuer:test cert +// subject:(empty - this had to be done by hand as pycert doesn't support this) +// issuerKey:secp256r1 +// subjectKey:secp256r1 +// serialNumber:4 +const std::vector<uint8_t> kEmptySubjectCertDER = { + 0x30, 0x82, 0x01, 0x09, 0x30, 0x81, 0xAE, 0xA0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x04, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x09, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x30, 0x22, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, + 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x18, + 0x0F, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, 0x35, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x5A, 0x30, 0x00, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x4F, 0xBF, 0xBB, + 0xBB, 0x61, 0xE0, 0xF8, 0xF9, 0xB1, 0xA6, 0x0A, 0x59, 0xAC, 0x87, 0x04, + 0xE2, 0xEC, 0x05, 0x0B, 0x42, 0x3E, 0x3C, 0xF7, 0x2E, 0x92, 0x3F, 0x2C, + 0x4F, 0x79, 0x4B, 0x45, 0x5C, 0x2A, 0x69, 0xD2, 0x33, 0x45, 0x6C, 0x36, + 0xC4, 0x11, 0x9D, 0x07, 0x06, 0xE0, 0x0E, 0xED, 0xC8, 0xD1, 0x93, 0x90, + 0xD7, 0x99, 0x1B, 0x7B, 0x2D, 0x07, 0xA3, 0x04, 0xEA, 0xA0, 0x4A, 0xA6, + 0xC0, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x0B, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x5C, + 0x75, 0x51, 0x9F, 0x13, 0x11, 0x50, 0xCD, 0x5D, 0x8A, 0xDE, 0x20, 0xA3, + 0xBC, 0x06, 0x30, 0x91, 0xFF, 0xB2, 0x73, 0x75, 0x5F, 0x31, 0x64, 0xEC, + 0xFD, 0xCB, 0x42, 0x80, 0x0A, 0x70, 0xE6, 0x02, 0x20, 0x31, 0x1B, 0x92, + 0xAA, 0xA8, 0xB7, 0x51, 0x52, 0x7B, 0x64, 0xD6, 0xF7, 0x2F, 0x0C, 0xFB, + 0xBB, 0xD5, 0xDF, 0x86, 0xA3, 0x97, 0x96, 0x60, 0x42, 0xDA, 0xD4, 0xA8, + 0x5F, 0x2F, 0xA4, 0xDE, 0x7C}; + +std::vector<uint8_t> kEmptySubjectDER = {0x30, 0x00}; + +// This certificate has the smallest possible subject. Finding it should work. +TEST_F(PK11FindRawCertsBySubjectTest, TestFindEmptySubject) { + char empty_subject_cert_nickname[] = "Empty Subject Cert"; + SECItem empty_subject_cert_item = { + siBuffer, const_cast<unsigned char*>(kEmptySubjectCertDER.data()), + (unsigned int)kEmptySubjectCertDER.size()}; + ASSERT_EQ( + PK11_ImportDERCert(m_slot, &empty_subject_cert_item, CK_INVALID_HANDLE, + empty_subject_cert_nickname, false), + SECSuccess); + + SECItem subject_item = {siBuffer, + const_cast<unsigned char*>(kEmptySubjectDER.data()), + (unsigned int)kEmptySubjectDER.size()}; + CERTCertificateList* certificates = nullptr; + SECStatus rv = + PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates); + EXPECT_EQ(rv, SECSuccess); + ASSERT_NE(certificates, nullptr); + ScopedCERTCertificateList scoped_certificates(certificates); + ASSERT_EQ(scoped_certificates->len, 1); + + std::vector<uint8_t> found_cert( + scoped_certificates->certs[0].data, + scoped_certificates->certs[0].data + scoped_certificates->certs[0].len); + EXPECT_EQ(found_cert, kEmptySubjectCertDER); +} + +// Searching for a zero-length subject doesn't make sense (the minimum subject +// is the SEQUENCE tag followed by a length byte of 0), but it shouldn't cause +// problems. +TEST_F(PK11FindRawCertsBySubjectTest, TestSearchForNullSubject) { + char cert1_nickname[] = "Test Cert 1"; + SECItem cert1_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE, + cert1_nickname, false), + SECSuccess); + + SECItem subject_item = {siBuffer, nullptr, 0}; + CERTCertificateList* certificates = nullptr; + SECStatus rv = + PK11_FindRawCertsWithSubject(m_slot, &subject_item, &certificates); + EXPECT_EQ(rv, SECSuccess); + EXPECT_EQ(certificates, nullptr); +} + +class PK11GetCertsMatchingPrivateKeyTest : public PK11FindCertsTestBase {}; + +// This is the private secp256r1 key corresponding to the above test +// certificates. +const std::vector<uint8_t> kTestPrivateKeyInfoDER = { + 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x21, 0x91, 0x40, 0x3d, 0x57, 0x10, 0xbf, 0x15, 0xa2, 0x65, 0x81, 0x8c, + 0xd4, 0x2e, 0xd6, 0xfe, 0xdf, 0x09, 0xad, 0xd9, 0x2d, 0x78, 0xb1, 0x8e, + 0x7a, 0x1e, 0x9f, 0xeb, 0x95, 0x52, 0x47, 0x02, 0xa1, 0x44, 0x03, 0x42, + 0x00, 0x04, 0x4f, 0xbf, 0xbb, 0xbb, 0x61, 0xe0, 0xf8, 0xf9, 0xb1, 0xa6, + 0x0a, 0x59, 0xac, 0x87, 0x04, 0xe2, 0xec, 0x05, 0x0b, 0x42, 0x3e, 0x3c, + 0xf7, 0x2e, 0x92, 0x3f, 0x2c, 0x4f, 0x79, 0x4b, 0x45, 0x5c, 0x2a, 0x69, + 0xd2, 0x33, 0x45, 0x6c, 0x36, 0xc4, 0x11, 0x9d, 0x07, 0x06, 0xe0, 0x0e, + 0xed, 0xc8, 0xd1, 0x93, 0x90, 0xd7, 0x99, 0x1b, 0x7b, 0x2d, 0x07, 0xa3, + 0x04, 0xea, 0xa0, 0x4a, 0xa6, 0xc0, +}; + +// issuer:test cert (different key) +// subject:test cert (different key) +// issuerKey:secp256k1 +// subjectKey:secp256k1 +// serialNumber:1 +const std::vector<uint8_t> kTestCertWithOtherKeyDER = { + 0x30, 0x82, 0x01, 0x3a, 0x30, 0x81, 0xdf, 0xa0, 0x03, 0x02, 0x01, 0x02, + 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x24, 0x31, 0x22, 0x30, 0x20, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x74, 0x65, 0x73, 0x74, 0x20, + 0x63, 0x65, 0x72, 0x74, 0x20, 0x28, 0x64, 0x69, 0x66, 0x66, 0x65, 0x72, + 0x65, 0x6e, 0x74, 0x20, 0x6b, 0x65, 0x79, 0x29, 0x30, 0x22, 0x18, 0x0f, + 0x32, 0x30, 0x31, 0x37, 0x31, 0x31, 0x32, 0x37, 0x30, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x30, 0x30, 0x32, 0x30, + 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x24, 0x31, 0x22, + 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x74, 0x65, 0x73, + 0x74, 0x20, 0x63, 0x65, 0x72, 0x74, 0x20, 0x28, 0x64, 0x69, 0x66, 0x66, + 0x65, 0x72, 0x65, 0x6e, 0x74, 0x20, 0x6b, 0x65, 0x79, 0x29, 0x30, 0x56, + 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, + 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, 0x03, 0x42, 0x00, 0x04, 0x35, 0xee, + 0x7c, 0x72, 0x89, 0xd8, 0xfe, 0xf7, 0xa8, 0x6a, 0xfe, 0x5d, 0xa6, 0x6d, + 0x8b, 0xc2, 0xeb, 0xb6, 0xa8, 0x54, 0x3f, 0xd2, 0xfe, 0xad, 0x08, 0x9f, + 0x45, 0xce, 0x7a, 0xcd, 0x0f, 0xa6, 0x43, 0x82, 0xa9, 0x50, 0x0c, 0x41, + 0xda, 0xd7, 0x70, 0xff, 0xd4, 0xb5, 0x11, 0xbf, 0x4b, 0x49, 0x2e, 0xb1, + 0x23, 0x88, 0x00, 0xc3, 0x2c, 0x4f, 0x76, 0xc7, 0x3a, 0x3f, 0x32, 0x94, + 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, + 0x63, 0x59, 0x02, 0x01, 0x89, 0xd7, 0x3e, 0x5b, 0xff, 0xd1, 0x16, 0x4e, + 0xe3, 0xe2, 0x0a, 0xe0, 0x4a, 0xd8, 0x75, 0xaf, 0x77, 0x5c, 0x93, 0x60, + 0xba, 0x10, 0x1f, 0x97, 0xdd, 0x27, 0x2d, 0x24, 0x02, 0x20, 0x1e, 0xa0, + 0x7b, 0xee, 0x90, 0x9b, 0x5f, 0x2c, 0x49, 0xd6, 0x61, 0xda, 0x31, 0x14, + 0xb1, 0xa4, 0x0d, 0x2d, 0x90, 0x2b, 0x70, 0xd8, 0x6b, 0x07, 0x64, 0x27, + 0xa5, 0x2e, 0xfe, 0xca, 0x6e, 0xe6, +}; + +// If there are no certs at all, we'll get back a null list. +TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestNoCertsAtAll) { + SECItem private_key_info = { + siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()), + (unsigned int)kTestPrivateKeyInfoDER.size(), + }; + SECKEYPrivateKey* priv_key = nullptr; + ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey( + m_slot, &private_key_info, nullptr, nullptr, false, false, + KU_ALL, &priv_key, nullptr), + SECSuccess); + ASSERT_NE(priv_key, nullptr); + ScopedSECKEYPrivateKey scoped_priv_key(priv_key); + ScopedCERTCertList certs( + PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get())); + ASSERT_TRUE(CERT_LIST_EMPTY(certs)); +} + +// If there are no certs for the private key, we'll get back a null list. +TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestNoCertsForKey) { + SECItem private_key_info = { + siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()), + (unsigned int)kTestPrivateKeyInfoDER.size(), + }; + SECKEYPrivateKey* priv_key = nullptr; + ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey( + m_slot, &private_key_info, nullptr, nullptr, false, false, + KU_ALL, &priv_key, nullptr), + SECSuccess); + ASSERT_NE(priv_key, nullptr); + ScopedSECKEYPrivateKey scoped_priv_key(priv_key); + + char cert_nickname[] = "Test Cert With Other Key"; + SECItem cert_item = { + siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()), + (unsigned int)kTestCertWithOtherKeyDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE, + cert_nickname, false), + SECSuccess); + + ScopedCERTCertList certs( + PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get())); + ASSERT_TRUE(CERT_LIST_EMPTY(certs)); +} + +void CheckCertListForSubjects( + ScopedCERTCertList& list, + const std::vector<const char*>& expected_subjects) { + ASSERT_NE(list.get(), nullptr); + ASSERT_NE(expected_subjects.size(), 0ul); + for (const auto& expected_subject : expected_subjects) { + size_t list_length = 0; + bool found = false; + for (CERTCertListNode* n = CERT_LIST_HEAD(list); !CERT_LIST_END(n, list); + n = CERT_LIST_NEXT(n)) { + list_length++; + if (strcmp(n->cert->subjectName, expected_subject) == 0) { + ASSERT_FALSE(found); + found = true; + } + } + ASSERT_TRUE(found); + ASSERT_EQ(list_length, expected_subjects.size()); + } +} + +// We should only get back certs that actually match the private key. +TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestOneCertForKey) { + SECItem private_key_info = { + siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()), + (unsigned int)kTestPrivateKeyInfoDER.size(), + }; + SECKEYPrivateKey* priv_key = nullptr; + ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey( + m_slot, &private_key_info, nullptr, nullptr, false, false, + KU_ALL, &priv_key, nullptr), + SECSuccess); + ASSERT_NE(priv_key, nullptr); + ScopedSECKEYPrivateKey scoped_priv_key(priv_key); + + char cert1_nickname[] = "Test Cert 1"; + SECItem cert1_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE, + cert1_nickname, false), + SECSuccess); + + char cert_nickname[] = "Test Cert With Other Key"; + SECItem cert_item = { + siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()), + (unsigned int)kTestCertWithOtherKeyDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE, + cert_nickname, false), + SECSuccess); + + ScopedCERTCertList certs( + PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get())); + CheckCertListForSubjects(certs, {"CN=test cert"}); +} + +// We should be able to get back all certs that match the private key. +TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestTwoCertsForKey) { + SECItem private_key_info = { + siBuffer, const_cast<unsigned char*>(kTestPrivateKeyInfoDER.data()), + (unsigned int)kTestPrivateKeyInfoDER.size(), + }; + SECKEYPrivateKey* priv_key = nullptr; + ASSERT_EQ(PK11_ImportDERPrivateKeyInfoAndReturnKey( + m_slot, &private_key_info, nullptr, nullptr, false, false, + KU_ALL, &priv_key, nullptr), + SECSuccess); + ASSERT_NE(priv_key, nullptr); + ScopedSECKEYPrivateKey scoped_priv_key(priv_key); + + char cert1_nickname[] = "Test Cert 1"; + SECItem cert1_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert1_item, CK_INVALID_HANDLE, + cert1_nickname, false), + SECSuccess); + char cert2_nickname[] = "Test Cert 2 (same key, different subject)"; + SECItem cert2_item = { + siBuffer, const_cast<unsigned char*>(kUnrelatedTestCertDER.data()), + (unsigned int)kUnrelatedTestCertDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert2_item, CK_INVALID_HANDLE, + cert2_nickname, false), + SECSuccess); + + char cert_nickname[] = "Test Cert With Other Key"; + SECItem cert_item = { + siBuffer, const_cast<unsigned char*>(kTestCertWithOtherKeyDER.data()), + (unsigned int)kTestCertWithOtherKeyDER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE, + cert_nickname, false), + SECSuccess); + + ScopedCERTCertList certs( + PK11_GetCertsMatchingPrivateKey(scoped_priv_key.get())); + CheckCertListForSubjects(certs, {"CN=test cert", "CN=unrelated subject DN"}); +} + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp index c73139b05..b521687fb 100644 --- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp +++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp @@ -11,39 +11,50 @@ 'target_name': 'pk11_gtest', 'type': 'executable', 'sources': [ - 'pk11_aeskeywrap_unittest.cc', + 'pk11_aes_cmac_unittest.cc', 'pk11_aes_gcm_unittest.cc', + 'pk11_aeskeywrap_unittest.cc', + 'pk11_aeskeywrappad_unittest.cc', + 'pk11_cbc_unittest.cc', 'pk11_chacha20poly1305_unittest.cc', 'pk11_cipherop_unittest.cc', 'pk11_curve25519_unittest.cc', + 'pk11_der_private_key_import_unittest.cc', + 'pk11_des_unittest.cc', 'pk11_ecdsa_unittest.cc', 'pk11_encrypt_derive_unittest.cc', + 'pk11_find_certs_unittest.cc', + 'pk11_import_unittest.cc', + 'pk11_keygen.cc', + 'pk11_key_unittest.cc', + 'pk11_module_unittest.cc', 'pk11_pbkdf2_unittest.cc', 'pk11_prf_unittest.cc', 'pk11_prng_unittest.cc', 'pk11_rsapkcs1_unittest.cc', 'pk11_rsapss_unittest.cc', - 'pk11_der_private_key_import_unittest.cc', + 'pk11_seed_cbc_unittest.cc', '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', - '<(DEPTH)/lib/util/util.gyp:nssutil3', '<(DEPTH)/cpputil/cpputil.gyp:cpputil', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/util/util.gyp:nssutil3', ], 'conditions': [ - [ 'test_build==1', { + [ 'static_libs==1', { 'dependencies': [ - '<(DEPTH)/lib/nss/nss.gyp:nss_static', - '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', - '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', - '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', - '<(DEPTH)/lib/certdb/certdb.gyp:certdb', '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/ssl/ssl.gyp:ssl', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], }, { 'dependencies': [ @@ -54,6 +65,12 @@ ], } ], + 'target_defaults': { + 'defines': [ + 'DLL_PREFIX=\"<(dll_prefix)\"', + 'DLL_SUFFIX=\"<(dll_suffix)\"' + ] + }, 'variables': { 'module': 'nss' } diff --git a/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc new file mode 100644 index 000000000..19ecb94a2 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_import_unittest.cc @@ -0,0 +1,281 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "pk11pqg.h" +#include "prerror.h" +#include "secoid.h" + +#include "cpputil.h" +#include "nss_scoped_ptrs.h" +#include "gtest/gtest.h" +#include "databuffer.h" +#include "pk11_keygen.h" + +namespace nss_test { + +// This deleter deletes a set of objects, unlike the deleter on +// ScopedPK11GenericObject, which only deletes one. +struct PK11GenericObjectsDeleter { + void operator()(PK11GenericObject* objs) { + if (objs) { + PK11_DestroyGenericObjects(objs); + } + } +}; + +class Pk11KeyImportTestBase : public ::testing::Test { + public: + Pk11KeyImportTestBase() = default; + virtual ~Pk11KeyImportTestBase() = default; + + void SetUp() override { + slot_.reset(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot_); + + static const uint8_t pw[] = "pw"; + SECItem pwItem = {siBuffer, toUcharPtr(pw), sizeof(pw)}; + password_.reset(SECITEM_DupItem(&pwItem)); + } + + void Test(const Pkcs11KeyPairGenerator& generator) { + // Generate a key and export it. + KeyType key_type = nullKey; + ScopedSECKEYEncryptedPrivateKeyInfo key_info; + ScopedSECItem public_value; + GenerateAndExport(generator, &key_type, &key_info, &public_value); + + // Note: NSS is currently unable export wrapped DH keys, so this doesn't + // test those beyond generate and verify. + if (key_type == dhKey) { + return; + } + ASSERT_NE(nullptr, public_value); + ASSERT_NE(nullptr, key_info); + + // Now import the encrypted key. + static const uint8_t nick[] = "nick"; + SECItem nickname = {siBuffer, toUcharPtr(nick), sizeof(nick)}; + SECKEYPrivateKey* priv_tmp; + SECStatus rv = PK11_ImportEncryptedPrivateKeyInfoAndReturnKey( + slot_.get(), key_info.get(), password_.get(), &nickname, + public_value.get(), PR_TRUE, PR_TRUE, key_type, 0, &priv_tmp, NULL); + ASSERT_EQ(SECSuccess, rv) << "PK11_ImportEncryptedPrivateKeyInfo failed " + << PORT_ErrorToName(PORT_GetError()); + ScopedSECKEYPrivateKey priv_key(priv_tmp); + ASSERT_NE(nullptr, priv_key); + + CheckForPublicKey(priv_key, public_value.get()); + } + + private: + SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) { + SECItem null = {siBuffer, NULL, 0}; + switch (SECKEY_GetPublicKeyType(pub_key.get())) { + case rsaKey: + case rsaPssKey: + case rsaOaepKey: + return pub_key->u.rsa.modulus; + case keaKey: + return pub_key->u.kea.publicValue; + case dsaKey: + return pub_key->u.dsa.publicValue; + case dhKey: + return pub_key->u.dh.publicValue; + case ecKey: + return pub_key->u.ec.publicValue; + case fortezzaKey: /* depricated */ + case nullKey: + /* didn't use default here so we can catch new key types at compile time + */ + break; + } + return null; + } + void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key, + const SECItem* expected_public) { + // Verify the public key exists. + StackSECItem priv_id; + KeyType type = SECKEY_GetPrivateKeyType(priv_key.get()); + SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(), + CKA_ID, &priv_id); + ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: " + << PORT_ErrorToName(PORT_GetError()); + + CK_ATTRIBUTE_TYPE value_type = CKA_VALUE; + switch (type) { + case rsaKey: + value_type = CKA_MODULUS; + break; + + case dhKey: + case dsaKey: + value_type = CKA_VALUE; + break; + + case ecKey: + value_type = CKA_EC_POINT; + break; + + default: + FAIL() << "unknown key type"; + } + + // Scan public key objects until we find one with the same CKA_ID as + // priv_key + std::unique_ptr<PK11GenericObject, PK11GenericObjectsDeleter> objs( + PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY)); + ASSERT_NE(nullptr, objs); + for (PK11GenericObject* obj = objs.get(); obj != nullptr; + obj = PK11_GetNextGenericObject(obj)) { + StackSECItem pub_id; + rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, CKA_ID, &pub_id); + if (rv != SECSuccess) { + // Can't read CKA_ID from object. + continue; + } + if (!SECITEM_ItemsAreEqual(&priv_id, &pub_id)) { + // This isn't the object we're looking for. + continue; + } + + StackSECItem token; + rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, CKA_TOKEN, &token); + ASSERT_EQ(SECSuccess, rv); + ASSERT_EQ(1U, token.len); + ASSERT_NE(0, token.data[0]); + + StackSECItem raw_value; + SECItem decoded_value; + rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value); + ASSERT_EQ(SECSuccess, rv); + SECItem value = raw_value; + + // Decode the EC_POINT and check the output against expected. + // CKA_EC_POINT isn't stable, see Bug 1520649. + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + ASSERT_TRUE(arena); + if (value_type == CKA_EC_POINT) { + // If this fails due to the noted inconsistency, we may need to + // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag + rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value, + SEC_ASN1_GET(SEC_OctetStringTemplate), + &raw_value); + ASSERT_EQ(SECSuccess, rv); + value = decoded_value; + } + ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value)) + << "expected: " + << DataBuffer(expected_public->data, expected_public->len) + << std::endl + << "actual: " << DataBuffer(value.data, value.len) << std::endl; + + // Finally, convert the private to public and ensure it matches. + ScopedSECKEYPublicKey pub_key(SECKEY_ConvertToPublicKey(priv_key.get())); + ASSERT_TRUE(pub_key); + SECItem converted_public = GetPublicComponent(pub_key); + ASSERT_TRUE(converted_public.len != 0); + + ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public)) + << "expected: " + << DataBuffer(expected_public->data, expected_public->len) + << std::endl + << "actual: " + << DataBuffer(converted_public.data, converted_public.len) + << std::endl; + } + } + + void GenerateAndExport(const Pkcs11KeyPairGenerator& generator, + KeyType* key_type, + ScopedSECKEYEncryptedPrivateKeyInfo* key_info, + ScopedSECItem* public_value) { + ScopedSECKEYPrivateKey priv_key; + ScopedSECKEYPublicKey pub_key; + generator.GenerateKey(&priv_key, &pub_key); + ASSERT_TRUE(priv_key); + + // Save the public value, which we will need on import */ + SECItem* pub_val; + KeyType t = SECKEY_GetPublicKeyType(pub_key.get()); + switch (t) { + case rsaKey: + pub_val = &pub_key->u.rsa.modulus; + break; + case dhKey: + pub_val = &pub_key->u.dh.publicValue; + break; + case dsaKey: + pub_val = &pub_key->u.dsa.publicValue; + break; + case ecKey: + pub_val = &pub_key->u.ec.publicValue; + break; + default: + FAIL() << "Unknown key type"; + } + + CheckForPublicKey(priv_key, pub_val); + + *key_type = t; + // Note: NSS is currently unable export wrapped DH keys, so this doesn't + // test those beyond generate and verify. + if (t == dhKey) { + return; + } + public_value->reset(SECITEM_DupItem(pub_val)); + + // Wrap and export the key. + ScopedSECKEYEncryptedPrivateKeyInfo epki(PK11_ExportEncryptedPrivKeyInfo( + slot_.get(), SEC_OID_AES_256_CBC, password_.get(), priv_key.get(), 1, + nullptr)); + ASSERT_NE(nullptr, epki) << "PK11_ExportEncryptedPrivKeyInfo failed: " + << PORT_ErrorToName(PORT_GetError()); + + key_info->swap(epki); + } + + ScopedPK11SlotInfo slot_; + ScopedSECItem password_; +}; + +class Pk11KeyImportTest + : public Pk11KeyImportTestBase, + public ::testing::WithParamInterface<CK_MECHANISM_TYPE> { + public: + Pk11KeyImportTest() = default; + virtual ~Pk11KeyImportTest() = default; +}; + +TEST_P(Pk11KeyImportTest, GenerateExportImport) { + Test(Pkcs11KeyPairGenerator(GetParam())); +} + +INSTANTIATE_TEST_CASE_P(Pk11KeyImportTest, Pk11KeyImportTest, + ::testing::Values(CKM_RSA_PKCS_KEY_PAIR_GEN, + CKM_DSA_KEY_PAIR_GEN, + CKM_DH_PKCS_KEY_PAIR_GEN)); + +class Pk11KeyImportTestEC : public Pk11KeyImportTestBase, + public ::testing::WithParamInterface<SECOidTag> { + public: + Pk11KeyImportTestEC() = default; + virtual ~Pk11KeyImportTestEC() = default; +}; + +TEST_P(Pk11KeyImportTestEC, GenerateExportImport) { + Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam())); +} + +INSTANTIATE_TEST_CASE_P(Pk11KeyImportTestEC, Pk11KeyImportTestEC, + ::testing::Values(SEC_OID_SECG_EC_SECP256R1, + SEC_OID_SECG_EC_SECP384R1, + SEC_OID_SECG_EC_SECP521R1, + SEC_OID_CURVE25519)); + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc new file mode 100644 index 000000000..1351b53de --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_key_unittest.cc @@ -0,0 +1,80 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "pk11pqg.h" +#include "prerror.h" +#include "secoid.h" + +#include "gtest/gtest.h" +#include "nss_scoped_ptrs.h" +#include "pk11_keygen.h" + +namespace nss_test { + +class Pkcs11NullKeyTestBase : public ::testing::Test { + protected: + // This constructs a key pair, then erases the public value from the public + // key. NSS should reject this. + void Test(const Pkcs11KeyPairGenerator& generator, + CK_MECHANISM_TYPE dh_mech) { + ScopedSECKEYPrivateKey priv; + ScopedSECKEYPublicKey pub; + generator.GenerateKey(&priv, &pub); + ASSERT_TRUE(priv); + + // These don't leak because they are allocated to the arena associated with + // the public key. + SECItem* pub_val = nullptr; + switch (SECKEY_GetPublicKeyType(pub.get())) { + case rsaKey: + pub_val = &pub->u.rsa.modulus; + break; + + case dsaKey: + pub_val = &pub->u.dsa.publicValue; + break; + + case dhKey: + pub_val = &pub->u.dh.publicValue; + break; + + case ecKey: + pub_val = &pub->u.ec.publicValue; + break; + + default: + FAIL() << "Unknown key type " << SECKEY_GetPublicKeyType(pub.get()); + } + pub_val->data = nullptr; + pub_val->len = 0; + + ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF( + priv.get(), pub.get(), false, nullptr, nullptr, dh_mech, + CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr)); + ASSERT_FALSE(symKey); + } +}; + +class Pkcs11DhNullKeyTest : public Pkcs11NullKeyTestBase {}; +TEST_F(Pkcs11DhNullKeyTest, UseNullPublicValue) { + Test(Pkcs11KeyPairGenerator(CKM_DH_PKCS_KEY_PAIR_GEN), CKM_DH_PKCS_DERIVE); +} + +class Pkcs11EcdhNullKeyTest : public Pkcs11NullKeyTestBase, + public ::testing::WithParamInterface<SECOidTag> { +}; +TEST_P(Pkcs11EcdhNullKeyTest, UseNullPublicValue) { + Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam()), + CKM_ECDH1_DERIVE); +} +INSTANTIATE_TEST_CASE_P(Pkcs11EcdhNullKeyTest, Pkcs11EcdhNullKeyTest, + ::testing::Values(SEC_OID_SECG_EC_SECP256R1, + SEC_OID_SECG_EC_SECP384R1, + SEC_OID_SECG_EC_SECP521R1, + SEC_OID_CURVE25519)); + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_keygen.cc b/security/nss/gtests/pk11_gtest/pk11_keygen.cc new file mode 100644 index 000000000..d96cd38f6 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_keygen.cc @@ -0,0 +1,143 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "pk11_keygen.h" + +#include "pk11pub.h" +#include "pk11pqg.h" +#include "prerror.h" + +#include "gtest/gtest.h" + +namespace nss_test { + +class ParamHolder { + public: + virtual void* get() = 0; + virtual ~ParamHolder() = default; + + protected: + ParamHolder() = default; +}; + +void Pkcs11KeyPairGenerator::GenerateKey(ScopedSECKEYPrivateKey* priv_key, + ScopedSECKEYPublicKey* pub_key) const { + // This function returns if an assertion fails, so don't leak anything. + priv_key->reset(nullptr); + pub_key->reset(nullptr); + + auto params = MakeParams(); + ASSERT_NE(nullptr, params); + + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot); + + SECKEYPublicKey* pub_tmp; + ScopedSECKEYPrivateKey priv_tmp(PK11_GenerateKeyPair( + slot.get(), mech_, params->get(), &pub_tmp, PR_FALSE, PR_TRUE, nullptr)); + ASSERT_NE(nullptr, priv_tmp) << "PK11_GenerateKeyPair failed: " + << PORT_ErrorToName(PORT_GetError()); + ASSERT_NE(nullptr, pub_tmp); + + priv_key->swap(priv_tmp); + pub_key->reset(pub_tmp); +} + +class RsaParamHolder : public ParamHolder { + public: + RsaParamHolder() : params_({1024, 0x010001}) {} + ~RsaParamHolder() = default; + + void* get() override { return ¶ms_; } + + private: + PK11RSAGenParams params_; +}; + +class PqgParamHolder : public ParamHolder { + public: + PqgParamHolder(PQGParams* params) : params_(params) {} + ~PqgParamHolder() = default; + + void* get() override { return params_.get(); } + + private: + ScopedPQGParams params_; +}; + +class DhParamHolder : public PqgParamHolder { + public: + DhParamHolder(PQGParams* params) + : PqgParamHolder(params), + params_({nullptr, params->prime, params->base}) {} + ~DhParamHolder() = default; + + void* get() override { return ¶ms_; } + + private: + SECKEYDHParams params_; +}; + +class EcParamHolder : public ParamHolder { + public: + EcParamHolder(SECOidTag curve_oid) { + SECOidData* curve = SECOID_FindOIDByTag(curve_oid); + EXPECT_NE(nullptr, curve); + + size_t plen = curve->oid.len + 2; + extra_.reset(new uint8_t[plen]); + extra_[0] = SEC_ASN1_OBJECT_ID; + extra_[1] = static_cast<uint8_t>(curve->oid.len); + memcpy(&extra_[2], curve->oid.data, curve->oid.len); + + ec_params_ = {siBuffer, extra_.get(), static_cast<unsigned int>(plen)}; + } + ~EcParamHolder() = default; + + void* get() override { return &ec_params_; } + + private: + SECKEYECParams ec_params_; + std::unique_ptr<uint8_t[]> extra_; +}; + +std::unique_ptr<ParamHolder> Pkcs11KeyPairGenerator::MakeParams() const { + switch (mech_) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + std::cerr << "Generate RSA pair" << std::endl; + return std::unique_ptr<ParamHolder>(new RsaParamHolder()); + + case CKM_DSA_KEY_PAIR_GEN: + case CKM_DH_PKCS_KEY_PAIR_GEN: { + PQGParams* pqg_params = nullptr; + PQGVerify* pqg_verify = nullptr; + const unsigned int key_size = 1024; + SECStatus rv = PK11_PQG_ParamGenV2(key_size, 0, key_size / 16, + &pqg_params, &pqg_verify); + if (rv != SECSuccess) { + ADD_FAILURE() << "PK11_PQG_ParamGenV2 failed"; + return nullptr; + } + EXPECT_NE(nullptr, pqg_verify); + EXPECT_NE(nullptr, pqg_params); + PK11_PQG_DestroyVerify(pqg_verify); + if (mech_ == CKM_DSA_KEY_PAIR_GEN) { + std::cerr << "Generate DSA pair" << std::endl; + return std::unique_ptr<ParamHolder>(new PqgParamHolder(pqg_params)); + } + std::cerr << "Generate DH pair" << std::endl; + return std::unique_ptr<ParamHolder>(new DhParamHolder(pqg_params)); + } + + case CKM_EC_KEY_PAIR_GEN: + std::cerr << "Generate EC pair on " << curve_ << std::endl; + return std::unique_ptr<ParamHolder>(new EcParamHolder(curve_)); + + default: + ADD_FAILURE() << "unknown OID " << mech_; + } + return nullptr; +} + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_keygen.h b/security/nss/gtests/pk11_gtest/pk11_keygen.h new file mode 100644 index 000000000..05ff97210 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_keygen.h @@ -0,0 +1,34 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nss.h" +#include "secoid.h" + +#include "nss_scoped_ptrs.h" + +namespace nss_test { + +class ParamHolder; + +class Pkcs11KeyPairGenerator { + public: + Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech, SECOidTag curve_oid) + : mech_(mech), curve_(curve_oid) {} + Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech) + : Pkcs11KeyPairGenerator(mech, SEC_OID_UNKNOWN) {} + + CK_MECHANISM_TYPE mechanism() const { return mech_; } + SECOidTag curve() const { return curve_; } + + void GenerateKey(ScopedSECKEYPrivateKey* priv_key, + ScopedSECKEYPublicKey* pub_key) const; + + private: + std::unique_ptr<ParamHolder> MakeParams() const; + + CK_MECHANISM_TYPE mech_; + SECOidTag curve_; +}; + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc new file mode 100644 index 000000000..9627c823e --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_module_unittest.cc @@ -0,0 +1,84 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "prerror.h" +#include "prsystem.h" +#include "secoid.h" + +#include "nss_scoped_ptrs.h" +#include "gtest/gtest.h" +#include "databuffer.h" + +namespace nss_test { + +class Pkcs11ModuleTest : public ::testing::Test { + public: + Pkcs11ModuleTest() {} + + void SetUp() override { + ASSERT_EQ(SECSuccess, SECMOD_AddNewModule("Pkcs11ModuleTest", DLL_PREFIX + "pkcs11testmodule." DLL_SUFFIX, + 0, 0)) + << PORT_ErrorToName(PORT_GetError()); + } + + void TearDown() override { + int type; + ASSERT_EQ(SECSuccess, SECMOD_DeleteModule("Pkcs11ModuleTest", &type)); + ASSERT_EQ(SECMOD_EXTERNAL, type); + } +}; + +TEST_F(Pkcs11ModuleTest, LoadUnload) { + ScopedSECMODModule module(SECMOD_FindModule("Pkcs11ModuleTest")); + EXPECT_NE(nullptr, module); +} + +TEST_F(Pkcs11ModuleTest, ListSlots) { + ScopedPK11SlotList slots( + PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, nullptr)); + EXPECT_NE(nullptr, slots); + + PK11SlotListElement* element = PK11_GetFirstSafe(slots.get()); + EXPECT_NE(nullptr, element); + + // These tokens are always present. + const std::vector<std::string> kSlotsWithToken = { + "NSS Internal Cryptographic Services", + "NSS User Private Key and Certificate Services", + "Test PKCS11 Public Certs Slot", "Test PKCS11 Slot 二"}; + std::vector<std::string> foundSlots; + + do { + std::string name = PK11_GetSlotName(element->slot); + foundSlots.push_back(name); + std::cerr << "loaded slot: " << name << std::endl; + } while ((element = PK11_GetNextSafe(slots.get(), element, PR_FALSE)) != + nullptr); + + std::sort(foundSlots.begin(), foundSlots.end()); + EXPECT_TRUE(std::equal(kSlotsWithToken.begin(), kSlotsWithToken.end(), + foundSlots.begin())); +} + +TEST_F(Pkcs11ModuleTest, PublicCertificatesToken) { + const std::string kRegularToken = "Test PKCS11 Tokeñ 2 Label"; + const std::string kPublicCertificatesToken = "Test PKCS11 Public Certs Token"; + + ScopedPK11SlotInfo slot1(PK11_FindSlotByName(kRegularToken.c_str())); + EXPECT_NE(nullptr, slot1); + EXPECT_FALSE(PK11_IsFriendly(slot1.get())); + + ScopedPK11SlotInfo slot2( + PK11_FindSlotByName(kPublicCertificatesToken.c_str())); + EXPECT_NE(nullptr, slot2); + EXPECT_TRUE(PK11_IsFriendly(slot2.get())); +} + +} // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc index fc055f400..58684fc77 100644 --- a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc @@ -22,53 +22,102 @@ class Pkcs11Pbkdf2Test : public ::testing::Test { public: void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) { // Shared between test vectors. - const unsigned int iterations = 4096; + const unsigned int kIterations = 4096; std::string pass("passwordPASSWORDpassword"); std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt"); // Derivation must succeed with the right values. - EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations)); + EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, kIterations)); // Derivation must fail when the password is bogus. - std::string bogusPass("PasswordPASSWORDpassword"); - EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations)); + std::string bogus_pass("PasswordPASSWORDpassword"); + EXPECT_FALSE(DeriveBytes(bogus_pass, salt, derived, hash_alg, kIterations)); // Derivation must fail when the salt is bogus. - std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt"); - EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations)); + std::string bogus_salt("SaltSALTsaltSALTsaltSALTsaltSALTsalt"); + EXPECT_FALSE(DeriveBytes(pass, bogus_salt, derived, hash_alg, kIterations)); // Derivation must fail when using the wrong hash function. SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1); - EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations)); + EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, kIterations)); - // Derivation must fail when using the wrong number of iterations. - EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1)); + // Derivation must fail when using the wrong number of kIterations. + EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, kIterations + 1)); + } + + void KeySizes(SECOidTag hash_alg) { + // These tests will only validate the controls around the key sizes. + // The resulting key is tested above, with valid key sizes. + const unsigned int kIterations = 10; + std::string pass("passwordPASSWORDpassword"); + std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt"); + + // Derivation must fail when using key sizes bigger than MAX_KEY_LEN. + const int big_key_size = 768; + EXPECT_FALSE(KeySizeParam(pass, salt, big_key_size, hash_alg, kIterations)); + + // Zero is acceptable as key size and will be managed internally. + const int zero_key_size = 0; + EXPECT_TRUE(KeySizeParam(pass, salt, zero_key_size, hash_alg, kIterations)); + + // -1 will be set to 0 internally and this means that the key size will be + // obtained from the template. If the template doesn't have this defined, + // it must fail. + const int minus_key_size = -1; + EXPECT_FALSE( + KeySizeParam(pass, salt, minus_key_size, hash_alg, kIterations)); + + // Lower than -1 is not allowed, as -1 means no keyLen defined. + const int negative_key_size = -10; + EXPECT_FALSE( + KeySizeParam(pass, salt, negative_key_size, hash_alg, kIterations)); } private: bool DeriveBytes(std::string& pass, std::string& salt, std::vector<uint8_t>& derived, SECOidTag hash_alg, - unsigned int iterations) { - SECItem passItem = {siBuffer, ToUcharPtr(pass), - static_cast<unsigned int>(pass.length())}; - SECItem saltItem = {siBuffer, ToUcharPtr(salt), - static_cast<unsigned int>(salt.length())}; + unsigned int kIterations) { + SECItem pass_item = {siBuffer, ToUcharPtr(pass), + static_cast<unsigned int>(pass.length())}; + SECItem salt_item = {siBuffer, ToUcharPtr(salt), + static_cast<unsigned int>(salt.length())}; // Set up PBKDF2 params. ScopedSECAlgorithmID alg_id( PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg, - derived.size(), iterations, &saltItem)); + derived.size(), kIterations, &salt_item)); // Derive. ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ScopedPK11SymKey symKey( - PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr)); + ScopedPK11SymKey sym_key( + PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr)); - SECStatus rv = PK11_ExtractKeyValue(symKey.get()); + SECStatus rv = PK11_ExtractKeyValue(sym_key.get()); EXPECT_EQ(rv, SECSuccess); - SECItem* keyData = PK11_GetKeyData(symKey.get()); - return !memcmp(&derived[0], keyData->data, keyData->len); + SECItem* key_data = PK11_GetKeyData(sym_key.get()); + return !memcmp(&derived[0], key_data->data, key_data->len); + } + + bool KeySizeParam(std::string& pass, std::string& salt, const int key_size, + SECOidTag hash_alg, unsigned int kIterations) { + SECItem pass_item = {siBuffer, ToUcharPtr(pass), + static_cast<unsigned int>(pass.length())}; + SECItem salt_item = {siBuffer, ToUcharPtr(salt), + static_cast<unsigned int>(salt.length())}; + + // Set up PBKDF2 params. + ScopedSECAlgorithmID alg_id( + PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg, + key_size, kIterations, &salt_item)); + + // Try to generate a key with the defined params. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_PBEKeyGen(slot.get(), alg_id.get(), &pass_item, false, nullptr)); + + // Should be nullptr if fail. + return sym_key.get(); } }; @@ -93,4 +142,9 @@ TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) { Derive(derived, SEC_OID_HMAC_SHA256); } +TEST_F(Pkcs11Pbkdf2Test, KeyLenSizes) { + // The size controls are regardless of the algorithms. + KeySizes(SEC_OID_HMAC_SHA256); +} + } // namespace nss_test diff --git a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc index ed0573027..2024a525f 100644 --- a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc +++ b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc @@ -93,6 +93,20 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) { EXPECT_EQ(rv, SECFailure); } +TEST_F(Pkcs11RsaPssTest, NoLeakWithInvalidExponent) { + // Attempt to generate an RSA key with a public exponent of 1. This should + // fail, but it shouldn't leak memory. + PK11RSAGenParams rsaGenParams = {1024, 0x01}; + + // Generate RSA key pair. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + SECKEYPublicKey* pubKey = nullptr; + SECKEYPrivateKey* privKey = + PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams, + &pubKey, false, false, nullptr); + EXPECT_FALSE(privKey); + EXPECT_FALSE(pubKey); +} class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest, public ::testing::WithParamInterface<Pkcs11SignatureTestParams> {}; diff --git a/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc new file mode 100644 index 000000000..dd90b7853 --- /dev/null +++ b/security/nss/gtests/pk11_gtest/pk11_seed_cbc_unittest.cc @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" + +#include "nss_scoped_ptrs.h" +#include "gtest/gtest.h" +#include "util.h" + +namespace nss_test { +class Pkcs11SeedCbcTest : public ::testing::Test { + protected: + enum class Action { Encrypt, Decrypt }; + + SECStatus EncryptDecryptSeed(Action action, unsigned int input_size, + unsigned int output_size) { + // Generate a random key. + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ScopedPK11SymKey sym_key( + PK11_KeyGen(slot.get(), kMech, nullptr, 16, nullptr)); + EXPECT_TRUE(!!sym_key); + + std::vector<uint8_t> data(input_size); + std::vector<uint8_t> init_vector(16); + std::vector<uint8_t> output(output_size); + SECItem params = {siBuffer, init_vector.data(), + (unsigned int)init_vector.size()}; + + // Try to encrypt/decrypt. + unsigned int output_len = 0; + if (action == Action::Encrypt) { + return PK11_Encrypt(sym_key.get(), kMech, ¶ms, output.data(), + &output_len, output_size, data.data(), data.size()); + } else { + return PK11_Decrypt(sym_key.get(), kMech, ¶ms, output.data(), + &output_len, output_size, data.data(), data.size()); + } + } + const CK_MECHANISM_TYPE kMech = CKM_SEED_CBC; +}; + +// The intention here is to test the arguments of these functions +// The resulted content is already tested in EncryptDeriveTests. +// SEED_CBC needs an IV of 16 bytes. +// The input data size must be multiple of 16. +// If not, some padding should be added. +// The output size must be at least the size of input data. +TEST_F(Pkcs11SeedCbcTest, SeedCBC_ValidArgs) { + EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Encrypt, 16, 16)); + EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Decrypt, 16, 16)); + // No problem if maxLen is bigger than input data. + EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Encrypt, 16, 32)); + EXPECT_EQ(SECSuccess, EncryptDecryptSeed(Action::Decrypt, 16, 32)); +} + +TEST_F(Pkcs11SeedCbcTest, SeedCBC_InvalidArgs) { + // maxLen lower than input data. + EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Encrypt, 16, 10)); + EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Decrypt, 16, 10)); + // input data not multiple of SEED_BLOCK_SIZE (16) + EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Encrypt, 17, 32)); + EXPECT_EQ(SECFailure, EncryptDecryptSeed(Action::Decrypt, 17, 32)); +} + +} // namespace nss_test
\ No newline at end of file diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h index 0526fea55..cd46f17d7 100644 --- a/security/nss/gtests/pk11_gtest/pk11_signature_test.h +++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h @@ -59,6 +59,9 @@ class Pk11SignatureTest : public ::testing::Test { ScopedCERTSubjectPublicKeyInfo certSpki( SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem)); + if (!certSpki) { + return nullptr; + } return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get())); } diff --git a/security/nss/gtests/pkcs11testmodule/Makefile b/security/nss/gtests/pkcs11testmodule/Makefile new file mode 100644 index 000000000..6635aabc3 --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/Makefile @@ -0,0 +1,45 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include config.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +export:: private_export diff --git a/security/nss/gtests/pkcs11testmodule/config.mk b/security/nss/gtests/pkcs11testmodule/config.mk new file mode 100644 index 000000000..a1e2df79d --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/config.mk @@ -0,0 +1,16 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# can't do this in manifest.mn because OS_TARGET isn't defined there. +ifeq (,$(filter-out WIN%,$(OS_TARGET))) + +# don't want the 32 in the shared library name +SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) +IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX) + +RES = $(OBJDIR)/$(LIBRARY_NAME).res +RESNAME = $(LIBRARY_NAME).rc + +endif diff --git a/security/nss/gtests/pkcs11testmodule/manifest.mn b/security/nss/gtests/pkcs11testmodule/manifest.mn new file mode 100644 index 000000000..3c0e40778 --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + pkcs11testmodule.cpp \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/cpputil + +REQUIRES = cpputil + +MAPFILE = $(OBJDIR)/pkcs11testmodule.def + +LIBRARY_NAME = pkcs11testmodule + +EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \ + $(NULL) diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp new file mode 100644 index 000000000..dbb574442 --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.cpp @@ -0,0 +1,658 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This is a testing PKCS #11 module that simulates a token being inserted and +// removed from a slot every 50ms. This is achieved mainly in +// Test_C_WaitForSlotEvent. If the application that loaded this module calls +// C_WaitForSlotEvent, this module waits for 50ms and returns, having changed +// its internal state to report that the token has either been inserted or +// removed, as appropriate. +// This module also provides an alternate token that is always present for tests +// that don't want the cyclic behavior described above. + +#include <assert.h> +#include <string.h> + +#ifdef _WIN32 +# include <windows.h> // for Sleep +#else +# include <unistd.h> // for usleep +#endif + +#include "pkcs11t.h" + +#undef CK_DECLARE_FUNCTION + +#ifdef _WIN32 +#define CK_DECLARE_FUNCTION(rtype, func) extern rtype __declspec(dllexport) func +#else +#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func +#endif + +#include "pkcs11.h" + +#if __cplusplus < 201103L +# include <prtypes.h> +# define static_assert(condition, message) PR_STATIC_ASSERT(condition) +#endif + +CK_RV Test_C_Initialize(CK_VOID_PTR) { return CKR_OK; } + +CK_RV Test_C_Finalize(CK_VOID_PTR) { return CKR_OK; } + +static const CK_VERSION CryptokiVersion = {2, 2}; +static const CK_VERSION TestLibraryVersion = {0, 0}; +static const char TestLibraryDescription[] = "Test PKCS11 Library"; +static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID"; + +/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs. + * Those buffers are padded with spaces. DestSize corresponds to the declared + * size for those buffers (e.g. 32 for `char foo[32]`). + * The src buffer is a string literal. SrcSize includes the string + * termination character (e.g. 4 for `const char foo[] = "foo"` */ +template <size_t DestSize, size_t SrcSize> +void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize]) { + static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1"); + memcpy(dest, src, SrcSize - 1); + memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1); +} + +CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo) { + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + pInfo->cryptokiVersion = CryptokiVersion; + CopyString(pInfo->manufacturerID, TestManufacturerID); + pInfo->flags = 0; // must be 0 + CopyString(pInfo->libraryDescription, TestLibraryDescription); + pInfo->libraryVersion = TestLibraryVersion; + return CKR_OK; +} + +CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR) { return CKR_OK; } + +static int tokenPresent = 0; + +// The token in slot 4 has 2 objects. Both of them are profile object +// and identified by object ID 1 or 2. +static bool readingProfile = false; +static const CK_PROFILE_ID profiles[] = {CKP_PUBLIC_CERTIFICATES_TOKEN, + CKP_BASELINE_PROVIDER}; +static int profileIndex = 0; + +CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent, + CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) { + if (!pulCount) { + return CKR_ARGUMENTS_BAD; + } + + CK_SLOT_ID slots[4]; + CK_ULONG slotCount = 0; + + // We always return slot 2 and 4. + slots[slotCount++] = 2; + slots[slotCount++] = 4; + + // Slot 1 is a removable slot where a token is present if + // tokenPresent = CK_TRUE. + if (tokenPresent || !limitToTokensPresent) { + slots[slotCount++] = 1; + } + + // Slot 3 is a removable slot which never has a token. + if (!limitToTokensPresent) { + slots[slotCount++] = 3; + } + + if (pSlotList) { + if (*pulCount < slotCount) { + return CKR_BUFFER_TOO_SMALL; + } + memcpy(pSlotList, slots, sizeof(CK_SLOT_ID) * slotCount); + } + + *pulCount = slotCount; + return CKR_OK; +} + +static const char TestSlotDescription[] = "Test PKCS11 Slot"; +static const char TestSlot2Description[] = "Test PKCS11 Slot 二"; +static const char TestSlot3Description[] = "Empty PKCS11 Slot"; +static const char TestSlot4Description[] = "Test PKCS11 Public Certs Slot"; + +CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) { + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (slotID) { + case 1: + CopyString(pInfo->slotDescription, TestSlotDescription); + pInfo->flags = + (tokenPresent ? CKF_TOKEN_PRESENT : 0) | CKF_REMOVABLE_DEVICE; + break; + case 2: + CopyString(pInfo->slotDescription, TestSlot2Description); + pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE; + break; + case 3: + CopyString(pInfo->slotDescription, TestSlot3Description); + pInfo->flags = CKF_REMOVABLE_DEVICE; + break; + case 4: + CopyString(pInfo->slotDescription, TestSlot4Description); + pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + CopyString(pInfo->manufacturerID, TestManufacturerID); + pInfo->hardwareVersion = TestLibraryVersion; + pInfo->firmwareVersion = TestLibraryVersion; + return CKR_OK; +} + +// Deliberately include énye to ensure we're handling encoding correctly. +// The PKCS #11 base specification v2.20 specifies that strings be encoded +// as UTF-8. +static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label"; +static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label"; +static const char TestToken4Label[] = "Test PKCS11 Public Certs Token"; +static const char TestTokenModel[] = "Test Model"; + +CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) { + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (slotID) { + case 1: + CopyString(pInfo->label, TestTokenLabel); + break; + case 2: + CopyString(pInfo->label, TestToken2Label); + break; + case 4: + CopyString(pInfo->label, TestToken4Label); + break; + default: + return CKR_ARGUMENTS_BAD; + } + + CopyString(pInfo->manufacturerID, TestManufacturerID); + CopyString(pInfo->model, TestTokenModel); + memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber)); + pInfo->flags = CKF_TOKEN_INITIALIZED; + pInfo->ulMaxSessionCount = 1; + pInfo->ulSessionCount = 0; + pInfo->ulMaxRwSessionCount = 1; + pInfo->ulRwSessionCount = 0; + pInfo->ulMaxPinLen = 4; + pInfo->ulMinPinLen = 4; + pInfo->ulTotalPublicMemory = 1024; + pInfo->ulFreePublicMemory = 1024; + pInfo->ulTotalPrivateMemory = 1024; + pInfo->ulFreePrivateMemory = 1024; + pInfo->hardwareVersion = TestLibraryVersion; + pInfo->firmwareVersion = TestLibraryVersion; + memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime)); + return CKR_OK; +} + +CK_RV Test_C_GetMechanismList(CK_SLOT_ID, CK_MECHANISM_TYPE_PTR, + CK_ULONG_PTR pulCount) { + if (!pulCount) { + return CKR_ARGUMENTS_BAD; + } + + *pulCount = 0; + return CKR_OK; +} + +CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE, + CK_MECHANISM_INFO_PTR) { + return CKR_OK; +} + +CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR) { + return CKR_OK; +} + +CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG, + CK_UTF8CHAR_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY, + CK_SESSION_HANDLE_PTR phSession) { + switch (slotID) { + case 1: + *phSession = 1; + break; + case 2: + *phSession = 2; + break; + case 4: + *phSession = 4; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + return CKR_OK; +} + +CK_RV Test_C_CloseSession(CK_SESSION_HANDLE) { return CKR_OK; } + +CK_RV Test_C_CloseAllSessions(CK_SLOT_ID) { return CKR_OK; } + +CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo) { + if (!pInfo) { + return CKR_ARGUMENTS_BAD; + } + + switch (hSession) { + case 1: + pInfo->slotID = 1; + break; + case 2: + pInfo->slotID = 2; + break; + case 4: + pInfo->slotID = 4; + break; + default: + return CKR_ARGUMENTS_BAD; + } + + pInfo->state = CKS_RO_PUBLIC_SESSION; + pInfo->flags = CKF_SERIAL_SESSION; + return CKR_OK; +} + +CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE, CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Logout(CK_SESSION_HANDLE) { return CKR_FUNCTION_NOT_SUPPORTED; } + +CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) { + if (hSession == 4) { + assert(hObject >= 1 && + hObject - 1 < sizeof(profiles) / sizeof(profiles[0])); + for (CK_ULONG count = 0; count < ulCount; count++) { + if (pTemplate[count].type == CKA_PROFILE_ID) { + if (pTemplate[count].pValue) { + assert(pTemplate[count].ulValueLen == sizeof(CK_ULONG)); + CK_ULONG value = profiles[hObject - 1]; + memcpy(pTemplate[count].pValue, &value, sizeof(value)); + } else { + pTemplate[count].ulValueLen = sizeof(CK_ULONG); + } + } else { + pTemplate[count].ulValueLen = (CK_ULONG)-1; + } + } + return CKR_OK; + } + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) { + // Slot 4 + if (hSession == 4) { + for (CK_ULONG count = 0; count < ulCount; count++) { + CK_ATTRIBUTE attribute = pTemplate[count]; + if (attribute.type == CKA_CLASS) { + assert(attribute.ulValueLen == sizeof(CK_ULONG)); + + CK_ULONG value; + memcpy(&value, attribute.pValue, attribute.ulValueLen); + if (value == CKO_PROFILE) { + readingProfile = true; + profileIndex = 0; + break; + } + } + } + } + return CKR_OK; +} + +CK_RV Test_C_FindObjects(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount) { + if (readingProfile) { + assert(hSession == 4); + CK_ULONG count = ulMaxObjectCount; + size_t remaining = sizeof(profiles) / sizeof(profiles[0]) - profileIndex; + if (count > remaining) { + count = remaining; + } + for (CK_ULONG i = 0; i < count; i++) { + phObject[i] = i + 1; + } + profileIndex += count; + *pulObjectCount = count; + } else { + *pulObjectCount = 0; + } + return CKR_OK; +} + +CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE hSession) { + readingProfile = false; + return CKR_OK; +} + +CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, + CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_OBJECT_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, + CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, + CK_ULONG, CK_OBJECT_HANDLE_PTR, + CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG, + CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE) { + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR) { +#ifdef _WIN32 + Sleep(50); // Sleep takes the duration argument as milliseconds +#else + usleep(50000); // usleep takes the duration argument as microseconds +#endif + *pSlot = 1; + tokenPresent = !tokenPresent; + return CKR_OK; +} + +static CK_FUNCTION_LIST FunctionList = {{2, 2}, + Test_C_Initialize, + Test_C_Finalize, + Test_C_GetInfo, + Test_C_GetFunctionList, + Test_C_GetSlotList, + Test_C_GetSlotInfo, + Test_C_GetTokenInfo, + Test_C_GetMechanismList, + Test_C_GetMechanismInfo, + Test_C_InitToken, + Test_C_InitPIN, + Test_C_SetPIN, + Test_C_OpenSession, + Test_C_CloseSession, + Test_C_CloseAllSessions, + Test_C_GetSessionInfo, + Test_C_GetOperationState, + Test_C_SetOperationState, + Test_C_Login, + Test_C_Logout, + Test_C_CreateObject, + Test_C_CopyObject, + Test_C_DestroyObject, + Test_C_GetObjectSize, + Test_C_GetAttributeValue, + Test_C_SetAttributeValue, + Test_C_FindObjectsInit, + Test_C_FindObjects, + Test_C_FindObjectsFinal, + Test_C_EncryptInit, + Test_C_Encrypt, + Test_C_EncryptUpdate, + Test_C_EncryptFinal, + Test_C_DecryptInit, + Test_C_Decrypt, + Test_C_DecryptUpdate, + Test_C_DecryptFinal, + Test_C_DigestInit, + Test_C_Digest, + Test_C_DigestUpdate, + Test_C_DigestKey, + Test_C_DigestFinal, + Test_C_SignInit, + Test_C_Sign, + Test_C_SignUpdate, + Test_C_SignFinal, + Test_C_SignRecoverInit, + Test_C_SignRecover, + Test_C_VerifyInit, + Test_C_Verify, + Test_C_VerifyUpdate, + Test_C_VerifyFinal, + Test_C_VerifyRecoverInit, + Test_C_VerifyRecover, + Test_C_DigestEncryptUpdate, + Test_C_DecryptDigestUpdate, + Test_C_SignEncryptUpdate, + Test_C_DecryptVerifyUpdate, + Test_C_GenerateKey, + Test_C_GenerateKeyPair, + Test_C_WrapKey, + Test_C_UnwrapKey, + Test_C_DeriveKey, + Test_C_SeedRandom, + Test_C_GenerateRandom, + Test_C_GetFunctionStatus, + Test_C_CancelFunction, + Test_C_WaitForSlotEvent}; + +#ifdef _WIN32 +__declspec(dllexport) +#endif + +CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) { + *ppFunctionList = &FunctionList; + return CKR_OK; +} diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def new file mode 100644 index 000000000..e03b39e5f --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.def @@ -0,0 +1,8 @@ +;+NSS_3.48 { # NSS 3.48 release +;+ global: +LIBRARY pkcs11testmodule ;- +EXPORTS ;- +C_GetFunctionList; +;+ local: +;+ *; +;+}; diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp new file mode 100644 index 000000000..00e449186 --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.gyp @@ -0,0 +1,25 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../common/gtest.gypi', + ], + 'targets': [ + { + 'target_name': 'pkcs11testmodule', + 'type': 'shared_library', + 'sources': [ + 'pkcs11testmodule.cpp', + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/cpputil/cpputil.gyp:cpputil', + ], + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc new file mode 100644 index 000000000..5baaa1d84 --- /dev/null +++ b/security/nss/gtests/pkcs11testmodule/pkcs11testmodule.rc @@ -0,0 +1,60 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <winver.h> + +#define MY_LIBNAME "pkcs11testmodule" +#define MY_FILEDESCRIPTION "NSS PKCS #11 Test Module" + +#ifdef _DEBUG +#define MY_DEBUG_STR " (debug)" +#define MY_FILEFLAGS_1 VS_FF_DEBUG +#else +#define MY_DEBUG_STR "" +#define MY_FILEFLAGS_1 0x0L +#endif +#define MY_FILEFLAGS_2 MY_FILEFLAGS_1 + +#ifdef WINNT +#define MY_FILEOS VOS_NT_WINDOWS32 +#else +#define MY_FILEOS VOS__WINDOWS32 +#endif + +#define MY_INTERNAL_NAME MY_LIBNAME +#define MY_VERSION "0" + +///////////////////////////////////////////////////////////////////////////// +// +// Version-information resource +// + +VS_VERSION_INFO VERSIONINFO + FILEVERSION 0,0,0,0 + PRODUCTVERSION 0,0,0,0 + FILEFLAGSMASK VS_FFI_FILEFLAGSMASK + FILEFLAGS MY_FILEFLAGS_2 + FILEOS MY_FILEOS + FILETYPE VFT_DLL + FILESUBTYPE 0x0L // not used + +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904B0" // Lang=US English, CharSet=Unicode + BEGIN + VALUE "CompanyName", "Mozilla Foundation\0" + VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0" + VALUE "FileVersion", MY_VERSION "\0" + VALUE "InternalName", MY_INTERNAL_NAME "\0" + VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0" + VALUE "ProductName", "Network Security Services\0" + VALUE "ProductVersion", MY_VERSION "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 1200 + END +END diff --git a/security/nss/gtests/smime_gtest/Makefile b/security/nss/gtests/smime_gtest/Makefile new file mode 100644 index 000000000..0d547e080 --- /dev/null +++ b/security/nss/gtests/smime_gtest/Makefile @@ -0,0 +1,43 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../common/gtest.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/security/nss/gtests/smime_gtest/manifest.mn b/security/nss/gtests/smime_gtest/manifest.mn new file mode 100644 index 000000000..d3e982cca --- /dev/null +++ b/security/nss/gtests/smime_gtest/manifest.mn @@ -0,0 +1,22 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. +MODULE = nss + +CPPSRCS = \ + smime_unittest.cc \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common \ + -I$(CORE_DEPTH)/cpputil + +REQUIRES = nspr gtest + +PROGRAM = smime_gtest + +EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \ + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) diff --git a/security/nss/gtests/smime_gtest/smime_gtest.gyp b/security/nss/gtests/smime_gtest/smime_gtest.gyp new file mode 100644 index 000000000..0ff2804f8 --- /dev/null +++ b/security/nss/gtests/smime_gtest/smime_gtest.gyp @@ -0,0 +1,30 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../common/gtest.gypi', + ], + 'targets': [ + { + 'target_name': 'smime_gtest', + 'type': 'executable', + 'sources': [ + 'smime_unittest.cc', + '<(DEPTH)/gtests/common/gtests.cc' + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/nss/nss.gyp:nss3', + '<(DEPTH)/lib/smime/smime.gyp:smime', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', + ] + } + ], + 'variables': { + 'module': 'nss' + } +} diff --git a/security/nss/gtests/smime_gtest/smime_unittest.cc b/security/nss/gtests/smime_gtest/smime_unittest.cc new file mode 100644 index 000000000..385e19a97 --- /dev/null +++ b/security/nss/gtests/smime_gtest/smime_unittest.cc @@ -0,0 +1,137 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License v. 2.0. If a copy of the MPL was not distributed with this file + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <string> + +#include "gtest/gtest.h" + +#include "scoped_ptrs_smime.h" +#include "smime.h" + +namespace nss_test { + +// See bug 1507174; this is a CMS serialization (RFC 5652) that claims to be +// 12336 bytes long, which ensures CMS validates the streaming decoder's +// incorrect length. +static const unsigned char kHugeLenAsn1[] = { + 0x30, 0x82, 0x30, 0x30, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x02, 0x30, 0x30, 0x30, 0x02, + 0x01, 0x30, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x30, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x00, 0x30, 0x0B, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05}; + +// secp256r1 signature with no certs and no attrs +static unsigned char kValidSignature[] = { + 0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02, + 0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20, + 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, + 0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97, + 0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD, + 0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB, + 0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1, + 0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87, + 0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E, + 0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05, + 0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC, + 0x2B, 0x73, 0x80, 0x4A, 0x1A}; + +// See bug 1507135; this is a CMS signature that contains only the OID +static unsigned char kTruncatedSignature[] = {0x30, 0x0B, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x02}; + +// secp256r1 signature that's truncated by one byte. +static unsigned char kSlightlyTruncatedSignature[] = { + 0x30, 0x81, 0xFE, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x07, 0x02, 0xA0, 0x81, 0xF0, 0x30, 0x81, 0xED, 0x02, 0x01, 0x01, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x31, 0x81, 0xC9, 0x30, 0x81, 0xC6, 0x02, + 0x01, 0x01, 0x30, 0x5D, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, + 0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20, + 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, + 0x4C, 0x74, 0x64, 0x02, 0x14, 0x6B, 0x22, 0xCA, 0x91, 0xE0, 0x71, 0x97, + 0xEB, 0x45, 0x0D, 0x68, 0xC0, 0xD4, 0xB6, 0xE9, 0x45, 0x38, 0x4C, 0xDD, + 0xA3, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x04, 0x03, 0x02, 0x04, 0x47, 0x30, 0x45, 0x02, 0x20, 0x48, 0xEB, + 0xE6, 0xBA, 0xFC, 0xFD, 0x83, 0xB3, 0xA2, 0xB5, 0x59, 0x35, 0x0C, 0xA1, + 0x31, 0x0E, 0x2F, 0xE3, 0x8D, 0x81, 0xD8, 0xF5, 0x33, 0xE4, 0x83, 0x87, + 0xB1, 0xFD, 0x43, 0x9D, 0x95, 0x7D, 0x02, 0x21, 0x00, 0xD0, 0x05, 0x0E, + 0x05, 0xA6, 0x80, 0x3C, 0x1A, 0xFE, 0x51, 0xFC, 0x4D, 0x1A, 0x25, 0x05, + 0x78, 0xB5, 0x42, 0xF5, 0xDE, 0x4E, 0x8A, 0xF8, 0xE3, 0xD8, 0x52, 0xDC, + 0x2B, 0x73, 0x80, 0x4A}; + +class SMimeTest : public ::testing::Test {}; + +TEST_F(SMimeTest, InvalidDER) { + PK11SymKey* bulk_key = nullptr; + NSSCMSDecoderContext* dcx = + NSS_CMSDecoder_Start(nullptr, nullptr, nullptr, /* content callback */ + nullptr, nullptr, /* password callback */ + nullptr, /* key callback */ + bulk_key); + ASSERT_NE(nullptr, dcx); + EXPECT_EQ(SECSuccess, NSS_CMSDecoder_Update( + dcx, reinterpret_cast<const char*>(kHugeLenAsn1), + sizeof(kHugeLenAsn1))); + EXPECT_EQ(nullptr, bulk_key); + ASSERT_FALSE(NSS_CMSDecoder_Finish(dcx)); +} + +TEST_F(SMimeTest, IsSignedValid) { + SECItem sig_der_item = {siBuffer, kValidSignature, sizeof(kValidSignature)}; + + ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER( + &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr)); + + ASSERT_TRUE(cms_msg); + + ASSERT_TRUE(NSS_CMSMessage_IsSigned(cms_msg.get())); +} + +TEST_F(SMimeTest, TruncatedCmsSignature) { + SECItem sig_der_item = {siBuffer, kTruncatedSignature, + sizeof(kTruncatedSignature)}; + + ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER( + &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr)); + + ASSERT_TRUE(cms_msg); + + ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get())); +} + +TEST_F(SMimeTest, SlightlyTruncatedCmsSignature) { + SECItem sig_der_item = {siBuffer, kSlightlyTruncatedSignature, + sizeof(kSlightlyTruncatedSignature)}; + + ScopedNSSCMSMessage cms_msg(NSS_CMSMessage_CreateFromDER( + &sig_der_item, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr)); + + ASSERT_FALSE(cms_msg); + + ASSERT_FALSE(NSS_CMSMessage_IsSigned(cms_msg.get())); +} + +TEST_F(SMimeTest, IsSignedNull) { + ASSERT_FALSE(NSS_CMSMessage_IsSigned(nullptr)); +} + +} // namespace nss_test diff --git a/security/nss/gtests/softoken_gtest/manifest.mn b/security/nss/gtests/softoken_gtest/manifest.mn index 4b34c099f..8a533c56b 100644 --- a/security/nss/gtests/softoken_gtest/manifest.mn +++ b/security/nss/gtests/softoken_gtest/manifest.mn @@ -6,12 +6,22 @@ CORE_DEPTH = ../.. DEPTH = ../.. MODULE = nss +DEFINES += -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" -DDLL_PREFIX=\"$(DLL_PREFIX)\" + +include $(CORE_DEPTH)/coreconf/arch.mk +ifneq ($(OS_ARCH),WINNT) +DB_TESTS = \ + softoken_nssckbi_testlib_gtest.cc +endif + CPPSRCS = \ softoken_gtest.cc \ + $(DB_TESTS) \ $(NULL) INCLUDES += \ -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common \ -I$(CORE_DEPTH)/cpputil \ $(NULL) diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.cc b/security/nss/gtests/softoken_gtest/softoken_gtest.cc index 5e2a497b8..17949800a 100644 --- a/security/nss/gtests/softoken_gtest/softoken_gtest.cc +++ b/security/nss/gtests/softoken_gtest/softoken_gtest.cc @@ -1,104 +1,20 @@ -#include <cstdlib> -#if defined(_WIN32) -#include <windows.h> -#include <codecvt> -#endif - #include "cert.h" #include "certdb.h" #include "nspr.h" #include "nss.h" #include "pk11pub.h" +#include "secmod.h" #include "secerr.h" #include "nss_scoped_ptrs.h" +#include "util.h" #define GTEST_HAS_RTTI 0 #include "gtest/gtest.h" +#include <fstream> namespace nss_test { -// Given a prefix, attempts to create a unique directory that the user can do -// work in without impacting other tests. For example, if given the prefix -// "scratch", a directory like "scratch05c17b25" will be created in the current -// working directory (or the location specified by NSS_GTEST_WORKDIR, if -// defined). -// Upon destruction, the implementation will attempt to delete the directory. -// However, no attempt is made to first remove files in the directory - the -// user is responsible for this. If the directory is not empty, deleting it will -// fail. -// Statistically, it is technically possible to fail to create a unique -// directory name, but this is extremely unlikely given the expected workload of -// this implementation. -class ScopedUniqueDirectory { - public: - explicit ScopedUniqueDirectory(const std::string &prefix); - - // NB: the directory must be empty upon destruction - ~ScopedUniqueDirectory() { assert(rmdir(mPath.c_str()) == 0); } - - const std::string &GetPath() { return mPath; } - const std::string &GetUTF8Path() { return mUTF8Path; } - - private: - static const int RETRY_LIMIT = 5; - static void GenerateRandomName(/*in/out*/ std::string &prefix); - static bool TryMakingDirectory(/*in/out*/ std::string &prefix); - - std::string mPath; - std::string mUTF8Path; -}; - -ScopedUniqueDirectory::ScopedUniqueDirectory(const std::string &prefix) { - std::string path; - const char *workingDirectory = PR_GetEnvSecure("NSS_GTEST_WORKDIR"); - if (workingDirectory) { - path.assign(workingDirectory); - } - path.append(prefix); - for (int i = 0; i < RETRY_LIMIT; i++) { - std::string pathCopy(path); - // TryMakingDirectory will modify its input. If it fails, we want to throw - // away the modified result. - if (TryMakingDirectory(pathCopy)) { - mPath.assign(pathCopy); - break; - } - } - assert(mPath.length() > 0); -#if defined(_WIN32) - // sqldb always uses UTF-8 regardless of the current system locale. - DWORD len = - MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), nullptr, 0); - std::vector<wchar_t> buf(len, L'\0'); - MultiByteToWideChar(CP_ACP, 0, mPath.data(), mPath.size(), buf.data(), - buf.size()); - std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter; - mUTF8Path = converter.to_bytes(std::wstring(buf.begin(), buf.end())); -#else - mUTF8Path = mPath; -#endif -} - -void ScopedUniqueDirectory::GenerateRandomName(std::string &prefix) { - std::stringstream ss; - ss << prefix; - // RAND_MAX is at least 32767. - ss << std::setfill('0') << std::setw(4) << std::hex << rand() << rand(); - // This will overwrite the value of prefix. This is a little inefficient, but - // at least it makes the code simple. - ss >> prefix; -} - -bool ScopedUniqueDirectory::TryMakingDirectory(std::string &prefix) { - GenerateRandomName(prefix); -#if defined(_WIN32) - return _mkdir(prefix.c_str()) == 0; -#else - return mkdir(prefix.c_str(), 0777) == 0; -#endif -} - class SoftokenTest : public ::testing::Test { protected: SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {} @@ -205,6 +121,27 @@ TEST_F(SoftokenTest, CreateObjectChangePassword) { EXPECT_EQ(nullptr, obj); } +// The size limit for a password is 500 characters as defined in pkcs11i.h +TEST_F(SoftokenTest, CreateObjectChangeToBigPassword) { + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot); + EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr)); + EXPECT_EQ( + SECSuccess, + PK11_ChangePW(slot.get(), "", + "rUIFIFr2bxKnbJbitsfkyqttpk6vCJzlYMNxcxXcaN37gSZKbLk763X7iR" + "yeVNWZHQ02lSF69HYjzTyPW3318ZD0DBFMMbALZ8ZPZP73CIo5uIQlaowV" + "IbP8eOhRYtGUqoLGlcIFNEYogV8Q3GN58VeBMs0KxrIOvPQ9s8SnYYkqvt" + "zzgntmAvCgvk64x6eQf0okHwegd5wi6m0WVJytEepWXkP9J629FSa5kNT8" + "FvL3jvslkiImzTNuTvl32fQDXXMSc8vVk5Q3mH7trMZM0VDdwHWYERjHbz" + "kGxFgp0VhediHx7p9kkz6H6ac4et9sW4UkTnN7xhYc1Zr17wRSk2heQtcX" + "oZJGwuzhiKm8A8wkuVxms6zO56P4JORIk8oaUW6lyNTLo2kWWnTA")); + EXPECT_EQ(SECSuccess, PK11_Logout(slot.get())); + ScopedPK11GenericObject obj(PK11_CreateGenericObject( + slot.get(), attributes, PR_ARRAY_SIZE(attributes), true)); + EXPECT_EQ(nullptr, obj); +} + TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) { ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); ASSERT_TRUE(slot); @@ -221,6 +158,76 @@ TEST_F(SoftokenTest, CreateObjectChangeToEmptyPassword) { EXPECT_NE(nullptr, obj); } +// We should be able to read CRLF, LF and CR. +// During the Initialization of the NSS Database, is called a function to load +// PKCS11 modules defined in pkcs11.txt. This file is read to get the +// specifications, parse them and load the modules. Here we are ensuring that +// the parsing will work correctly, independent of the breaking line format of +// pkcs11.txt file, which could vary depending where it was created. +// If the parsing is not well interpreted, the database cannot initialize. +TEST_F(SoftokenTest, CreateObjectReadBreakLine) { + const std::string path = mNSSDBDir.GetPath(); + const std::string dbname_in = path + "/pkcs11.txt"; + const std::string dbname_out_cr = path + "/pkcs11_cr.txt"; + const std::string dbname_out_crlf = path + "/pkcs11_crlf.txt"; + const std::string dbname_out_lf = path + "/pkcs11_lf.txt"; + + std::ifstream in(dbname_in); + ASSERT_TRUE(in); + std::ofstream out_cr(dbname_out_cr); + ASSERT_TRUE(out_cr); + std::ofstream out_crlf(dbname_out_crlf); + ASSERT_TRUE(out_crlf); + std::ofstream out_lf(dbname_out_lf); + ASSERT_TRUE(out_lf); + + // Database should be correctly initialized by Setup() + ASSERT_TRUE(NSS_IsInitialized()); + ASSERT_EQ(SECSuccess, NSS_Shutdown()); + + // Prepare the file formats with CR, CRLF and LF + for (std::string line; getline(in, line);) { + out_cr << line << "\r"; + out_crlf << line << "\r\n"; + out_lf << line << "\n"; + } + in.close(); + out_cr.close(); + out_crlf.close(); + out_lf.close(); + + // Change the pkcs11.txt to CR format. + ASSERT_TRUE(!remove(dbname_in.c_str())); + ASSERT_TRUE(!rename(dbname_out_cr.c_str(), dbname_in.c_str())); + + // Try to initialize with CR format. + std::string nssInitArg("sql:"); + nssInitArg.append(mNSSDBDir.GetUTF8Path()); + ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB, + NSS_INIT_NOROOTINIT)); + ASSERT_TRUE(NSS_IsInitialized()); + ASSERT_EQ(SECSuccess, NSS_Shutdown()); + + // Change the pkcs11.txt to CRLF format. + ASSERT_TRUE(!remove(dbname_in.c_str())); + ASSERT_TRUE(!rename(dbname_out_crlf.c_str(), dbname_in.c_str())); + + // Try to initialize with CRLF format. + ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB, + NSS_INIT_NOROOTINIT)); + ASSERT_TRUE(NSS_IsInitialized()); + ASSERT_EQ(SECSuccess, NSS_Shutdown()); + + // Change the pkcs11.txt to LF format. + ASSERT_TRUE(!remove(dbname_in.c_str())); + ASSERT_TRUE(!rename(dbname_out_lf.c_str(), dbname_in.c_str())); + + // Try to initialize with LF format. + ASSERT_EQ(SECSuccess, NSS_Initialize(nssInitArg.c_str(), "", "", SECMOD_DB, + NSS_INIT_NOROOTINIT)); + ASSERT_TRUE(NSS_IsInitialized()); +} + class SoftokenNonAsciiTest : public SoftokenTest { protected: SoftokenNonAsciiTest() : SoftokenTest("SoftokenTest.\xF7-") {} @@ -351,6 +358,100 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoDB) { ASSERT_EQ(SECSuccess, NSS_Shutdown()); } +#ifndef NSS_FIPS_DISABLED + +class SoftokenFipsTest : public SoftokenTest { + protected: + SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {} + + virtual void SetUp() { + SoftokenTest::SetUp(); + + // Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c) + char *internal_name; + ASSERT_FALSE(PK11_IsFIPS()); + internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); + ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name)); + PR_smprintf_free(internal_name); + ASSERT_TRUE(PK11_IsFIPS()); + } +}; + +const std::vector<std::string> kFipsPasswordCases[] = { + // FIPS level1 -> level1 -> level1 + {"", "", ""}, + // FIPS level1 -> level1 -> level2 + {"", "", "strong-_123"}, + // FIXME: this should work: FIPS level1 -> level2 -> level2 + // {"", "strong-_123", "strong-_456"}, + // FIPS level2 -> level2 -> level2 + {"strong-_123", "strong-_456", "strong-_123"}}; + +const std::vector<std::string> kFipsPasswordBadCases[] = { + // FIPS level1 -> level2 -> level1 + {"", "strong-_123", ""}, + // FIPS level2 -> level1 -> level1 + {"strong-_123", ""}, + // FIPS level2 -> level2 -> level1 + {"strong-_123", "strong-_456", ""}, + // initialize with a weak password + {"weak"}, + // FIPS level1 -> weak password + {"", "weak"}, + // FIPS level2 -> weak password + {"strong-_123", "weak"}}; + +class SoftokenFipsPasswordTest + : public SoftokenFipsTest, + public ::testing::WithParamInterface<std::vector<std::string>> {}; + +class SoftokenFipsBadPasswordTest + : public SoftokenFipsTest, + public ::testing::WithParamInterface<std::vector<std::string>> {}; + +TEST_P(SoftokenFipsPasswordTest, SetPassword) { + const std::vector<std::string> &passwords = GetParam(); + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot); + + auto it = passwords.begin(); + auto prev_it = it; + EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, (*it).c_str())); + for (it++; it != passwords.end(); it++, prev_it++) { + EXPECT_EQ(SECSuccess, + PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str())); + } +} + +TEST_P(SoftokenFipsBadPasswordTest, SetBadPassword) { + const std::vector<std::string> &passwords = GetParam(); + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot); + + auto it = passwords.begin(); + auto prev_it = it; + SECStatus rv = PK11_InitPin(slot.get(), nullptr, (*it).c_str()); + if (it + 1 == passwords.end()) + EXPECT_EQ(SECFailure, rv); + else + EXPECT_EQ(SECSuccess, rv); + for (it++; it != passwords.end(); it++, prev_it++) { + rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str()); + if (it + 1 == passwords.end()) + EXPECT_EQ(SECFailure, rv); + else + EXPECT_EQ(SECSuccess, rv); + } +} + +INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest, + ::testing::ValuesIn(kFipsPasswordCases)); + +INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest, + ::testing::ValuesIn(kFipsPasswordBadCases)); + +#endif + } // namespace nss_test int main(int argc, char **argv) { diff --git a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp index cff0ea414..3d9b8dba9 100644 --- a/security/nss/gtests/softoken_gtest/softoken_gtest.gyp +++ b/security/nss/gtests/softoken_gtest/softoken_gtest.gyp @@ -12,6 +12,7 @@ 'type': 'executable', 'sources': [ 'softoken_gtest.cc', + 'softoken_nssckbi_testlib_gtest.cc', ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', @@ -19,7 +20,7 @@ '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', ], 'conditions': [ - [ 'test_build==1', { + [ 'static_libs==1', { 'dependencies': [ '<(DEPTH)/lib/nss/nss.gyp:nss_static', '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', @@ -30,6 +31,7 @@ '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/ssl/ssl.gyp:ssl', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], }, { 'dependencies': [ @@ -43,6 +45,10 @@ 'target_defaults': { 'include_dirs': [ '../../lib/util' + ], + 'defines': [ + 'DLL_PREFIX=\"<(dll_prefix)\"', + 'DLL_SUFFIX=\"<(dll_suffix)\"' ] }, 'variables': { diff --git a/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc b/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc new file mode 100644 index 000000000..e7d6bc28b --- /dev/null +++ b/security/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc @@ -0,0 +1,124 @@ +#include "cert.h" +#include "certdb.h" +#include "nspr.h" +#include "nss.h" +#include "pk11pub.h" +#include "secerr.h" + +#include "nss_scoped_ptrs.h" +#include "util.h" + +#define GTEST_HAS_RTTI 0 +#include "gtest/gtest.h" + +namespace nss_test { + +class SoftokenBuiltinsTest : public ::testing::Test { + protected: + SoftokenBuiltinsTest() : nss_db_dir_("SoftokenBuiltinsTest.d-") {} + SoftokenBuiltinsTest(const std::string &prefix) : nss_db_dir_(prefix) {} + + virtual void SetUp() { + std::string nss_init_arg("sql:"); + nss_init_arg.append(nss_db_dir_.GetUTF8Path()); + ASSERT_EQ(SECSuccess, NSS_Initialize(nss_init_arg.c_str(), "", "", + SECMOD_DB, NSS_INIT_NOROOTINIT)); + } + + virtual void TearDown() { + ASSERT_EQ(SECSuccess, NSS_Shutdown()); + const std::string &nss_db_dir_path = nss_db_dir_.GetPath(); + ASSERT_EQ(0, unlink((nss_db_dir_path + "/cert9.db").c_str())); + ASSERT_EQ(0, unlink((nss_db_dir_path + "/key4.db").c_str())); + ASSERT_EQ(0, unlink((nss_db_dir_path + "/pkcs11.txt").c_str())); + } + + virtual void LoadModule() { + ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot()); + ASSERT_TRUE(slot); + EXPECT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, nullptr)); + SECStatus result = SECMOD_AddNewModule( + "Builtins-testlib", DLL_PREFIX "nssckbi-testlib." DLL_SUFFIX, 0, 0); + ASSERT_EQ(result, SECSuccess); + } + + ScopedUniqueDirectory nss_db_dir_; +}; + +// The next tests in this class are used to test the Distrust Fields. +// More details about these fields in lib/ckfw/builtins/README. +TEST_F(SoftokenBuiltinsTest, CheckNoDistrustFields) { + const char *kCertNickname = + "Builtin Object Token:Distrust Fields Test - no_distrust"; + LoadModule(); + + CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB(); + ASSERT_TRUE(cert_handle); + ScopedCERTCertificate cert( + CERT_FindCertByNickname(cert_handle, kCertNickname)); + ASSERT_TRUE(cert); + + EXPECT_EQ(PR_FALSE, + PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, + CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE)); + EXPECT_EQ(PR_FALSE, + PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, + CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE)); + ASSERT_FALSE(cert->distrust); +} + +TEST_F(SoftokenBuiltinsTest, CheckOkDistrustFields) { + const char *kCertNickname = + "Builtin Object Token:Distrust Fields Test - ok_distrust"; + LoadModule(); + + CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB(); + ASSERT_TRUE(cert_handle); + ScopedCERTCertificate cert( + CERT_FindCertByNickname(cert_handle, kCertNickname)); + ASSERT_TRUE(cert); + + const char *kExpectedDERValueServer = "200617000000Z"; + const char *kExpectedDERValueEmail = "071014085320Z"; + // When a valid timestamp is encoded, the result length is exactly 13. + const unsigned int kDistrustFieldSize = 13; + + ASSERT_TRUE(cert->distrust); + ASSERT_EQ(kDistrustFieldSize, cert->distrust->serverDistrustAfter.len); + ASSERT_NE(nullptr, cert->distrust->serverDistrustAfter.data); + EXPECT_TRUE(!memcmp(kExpectedDERValueServer, + cert->distrust->serverDistrustAfter.data, + kDistrustFieldSize)); + + ASSERT_EQ(kDistrustFieldSize, cert->distrust->emailDistrustAfter.len); + ASSERT_NE(nullptr, cert->distrust->emailDistrustAfter.data); + EXPECT_TRUE(!memcmp(kExpectedDERValueEmail, + cert->distrust->emailDistrustAfter.data, + kDistrustFieldSize)); +} + +TEST_F(SoftokenBuiltinsTest, CheckInvalidDistrustFields) { + const char *kCertNickname = + "Builtin Object Token:Distrust Fields Test - err_distrust"; + LoadModule(); + + CERTCertDBHandle *cert_handle = CERT_GetDefaultCertDB(); + ASSERT_TRUE(cert_handle); + ScopedCERTCertificate cert( + CERT_FindCertByNickname(cert_handle, kCertNickname)); + ASSERT_TRUE(cert); + + // The field should never be set to TRUE in production, we are just + // testing if this field is readable, even if set to TRUE. + EXPECT_EQ(PR_TRUE, + PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, + CKA_NSS_SERVER_DISTRUST_AFTER, PR_FALSE)); + // If something other than CK_BBOOL CK_TRUE, it will be considered FALSE + // Here, there is an OCTAL value, but with unexpected content (1 digit less). + EXPECT_EQ(PR_FALSE, + PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, + CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE)); + ASSERT_FALSE(cert->distrust); +} + +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/Makefile b/security/nss/gtests/ssl_gtest/Makefile index 95c111aeb..46f030357 100644 --- a/security/nss/gtests/ssl_gtest/Makefile +++ b/security/nss/gtests/ssl_gtest/Makefile @@ -36,6 +36,12 @@ CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS)) CFLAGS += -DNSS_DISABLE_TLS_1_3 endif +ifdef NSS_ALLOW_SSLKEYLOGFILE +SSLKEYLOGFILE_FILES = ssl_keylog_unittest.cc +else +SSLKEYLOGFILE_FILES = $(NULL) +endif + ####################################################################### # (5) Execute "global" rules. (OPTIONAL) # ####################################################################### diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.c b/security/nss/gtests/ssl_gtest/libssl_internals.c index e43113de4..44eee9aa8 100644 --- a/security/nss/gtests/ssl_gtest/libssl_internals.c +++ b/security/nss/gtests/ssl_gtest/libssl_internals.c @@ -12,6 +12,48 @@ #include "seccomon.h" #include "selfencrypt.h" +SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits, + PRBool changeScheme) { + if (!fd) { + return SECFailure; + } + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + + // Just toggle so we'll always have a valid value. + if (changeScheme) { + ss->sec.signatureScheme = (ss->sec.signatureScheme == ssl_sig_ed25519) + ? ssl_sig_ecdsa_secp256r1_sha256 + : ssl_sig_ed25519; + } + if (changeAuthKeyBits) { + ss->sec.authKeyBits = ss->sec.authKeyBits ? ss->sec.authKeyBits * 2 : 384; + } + + return SECSuccess; +} + +SECStatus SSLInt_GetHandshakeRandoms(PRFileDesc *fd, SSL3Random client_random, + SSL3Random server_random) { + if (!fd) { + return SECFailure; + } + sslSocket *ss = ssl_FindSocket(fd); + if (!ss) { + return SECFailure; + } + + if (client_random) { + memcpy(client_random, ss->ssl3.hs.client_random, sizeof(SSL3Random)); + } + if (server_random) { + memcpy(server_random, ss->ssl3.hs.server_random, sizeof(SSL3Random)); + } + return SECSuccess; +} + SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) { sslSocket *ss = ssl_FindSocket(fd); if (!ss) { @@ -109,9 +151,10 @@ void SSLInt_PrintCipherSpecs(const char *label, PRFileDesc *fd) { } } -/* Force a timer expiry by backdating when all active timers were started. We - * could set the remaining time to 0 but then backoff would not work properly if - * we decide to test it. */ +/* DTLS timers are separate from the time that the rest of the stack uses. + * Force a timer expiry by backdating when all active timers were started. + * We could set the remaining time to 0 but then backoff would not work properly + * if we decide to test it. */ SECStatus SSLInt_ShiftDtlsTimers(PRFileDesc *fd, PRIntervalTime shift) { size_t i; sslSocket *ss = ssl_FindSocket(fd); @@ -297,42 +340,6 @@ SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group) { return groupDef->keaType; } -SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd, - sslCipherSpecChangedFunc func, - void *arg) { - sslSocket *ss; - - ss = ssl_FindSocket(fd); - if (!ss) { - return SECFailure; - } - - ss->ssl3.changedCipherSpecFunc = func; - ss->ssl3.changedCipherSpecArg = arg; - - return SECSuccess; -} - -PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec) { - return spec->keyMaterial.key; -} - -SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec) { - return spec->cipherDef->calg; -} - -const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec) { - return spec->keyMaterial.iv; -} - -PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec) { - return spec->epoch; -} - -void SSLInt_SetTicketLifetime(uint32_t lifetime) { - ssl_ticket_lifetime = lifetime; -} - SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size) { sslSocket *ss; @@ -356,20 +363,14 @@ SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size) { return SECSuccess; } -void SSLInt_RolloverAntiReplay(void) { - tls13_AntiReplayRollover(ssl_TimeUsec()); -} - -SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch, - PRUint16 *writeEpoch) { +SECStatus SSLInt_HasPendingHandshakeData(PRFileDesc *fd, PRBool *pending) { sslSocket *ss = ssl_FindSocket(fd); - if (!ss || !readEpoch || !writeEpoch) { + if (!ss) { return SECFailure; } - ssl_GetSpecReadLock(ss); - *readEpoch = ss->ssl3.crSpec->epoch; - *writeEpoch = ss->ssl3.cwSpec->epoch; - ssl_ReleaseSpecReadLock(ss); + ssl_GetSSL3HandshakeLock(ss); + *pending = ss->ssl3.hs.msg_body.len > 0; + ssl_ReleaseSSL3HandshakeLock(ss); return SECSuccess; } diff --git a/security/nss/gtests/ssl_gtest/libssl_internals.h b/security/nss/gtests/ssl_gtest/libssl_internals.h index 3efb362c2..a908c9ab1 100644 --- a/security/nss/gtests/ssl_gtest/libssl_internals.h +++ b/security/nss/gtests/ssl_gtest/libssl_internals.h @@ -20,7 +20,8 @@ SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd); SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd, size_t rnd_len, uint8_t *msg, size_t msg_len); - +SECStatus SSLInt_GetHandshakeRandoms(PRFileDesc *fd, SSL3Random client_random, + SSL3Random server_random); PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext); void SSLInt_ClearSelfEncryptKey(); void SSLInt_SetSelfEncryptMacKey(PK11SymKey *key); @@ -39,18 +40,9 @@ SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to); SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to); SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra); SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group); -SECStatus SSLInt_GetEpochs(PRFileDesc *fd, PRUint16 *readEpoch, - PRUint16 *writeEpoch); - -SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd, - sslCipherSpecChangedFunc func, - void *arg); -PRUint16 SSLInt_CipherSpecToEpoch(const ssl3CipherSpec *spec); -PK11SymKey *SSLInt_CipherSpecToKey(const ssl3CipherSpec *spec); -SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(const ssl3CipherSpec *spec); -const PRUint8 *SSLInt_CipherSpecToIv(const ssl3CipherSpec *spec); -void SSLInt_SetTicketLifetime(uint32_t lifetime); +SECStatus SSLInt_HasPendingHandshakeData(PRFileDesc *fd, PRBool *pending); SECStatus SSLInt_SetSocketMaxEarlyDataSize(PRFileDesc *fd, uint32_t size); -void SSLInt_RolloverAntiReplay(void); +SECStatus SSLInt_TweakChannelInfoForDC(PRFileDesc *fd, PRBool changeAuthKeyBits, + PRBool changeScheme); #endif // ndef libssl_internals_h_ diff --git a/security/nss/gtests/ssl_gtest/manifest.mn b/security/nss/gtests/ssl_gtest/manifest.mn index 7f4ee7953..ed1128f7c 100644 --- a/security/nss/gtests/ssl_gtest/manifest.mn +++ b/security/nss/gtests/ssl_gtest/manifest.mn @@ -17,9 +17,11 @@ CPPSRCS = \ ssl_agent_unittest.cc \ ssl_auth_unittest.cc \ ssl_cert_ext_unittest.cc \ + ssl_cipherorder_unittest.cc \ ssl_ciphersuite_unittest.cc \ ssl_custext_unittest.cc \ ssl_damage_unittest.cc \ + ssl_debug_env_unittest.cc \ ssl_dhe_unittest.cc \ ssl_drop_unittest.cc \ ssl_ecdh_unittest.cc \ @@ -31,11 +33,12 @@ CPPSRCS = \ ssl_gather_unittest.cc \ ssl_gtest.cc \ ssl_hrr_unittest.cc \ - ssl_keylog_unittest.cc \ ssl_keyupdate_unittest.cc \ ssl_loopback_unittest.cc \ ssl_misc_unittest.cc \ + ssl_primitive_unittest.cc \ ssl_record_unittest.cc \ + ssl_recordsep_unittest.cc \ ssl_recordsize_unittest.cc \ ssl_resumption_unittest.cc \ ssl_renegotiation_unittest.cc \ @@ -52,7 +55,9 @@ CPPSRCS = \ tls_hkdf_unittest.cc \ tls_filter.cc \ tls_protect.cc \ + tls_subcerts_unittest.cc \ tls_esni_unittest.cc \ + $(SSLKEYLOGFILE_FILES) \ $(NULL) INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ diff --git a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc index 07eadfbd1..928515067 100644 --- a/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc @@ -45,11 +45,40 @@ TEST_P(TlsConnectTls13, ZeroRttServerRejectByOption) { SendReceive(); } +TEST_P(TlsConnectTls13, ZeroRttApplicationReject) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + + auto reject_0rtt = [](PRBool firstHello, const PRUint8* clientToken, + unsigned int clientTokenLen, PRUint8* appToken, + unsigned int* appTokenLen, unsigned int appTokenMax, + void* arg) { + auto* called = reinterpret_cast<bool*>(arg); + *called = true; + + EXPECT_TRUE(firstHello); + EXPECT_EQ(0U, clientTokenLen); + return ssl_hello_retry_reject_0rtt; + }; + + bool cb_run = false; + EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(server_->ssl_fd(), + reject_0rtt, &cb_run)); + ZeroRttSendReceive(true, false); + Handshake(); + EXPECT_TRUE(cb_run); + CheckConnected(); + SendReceive(); +} + TEST_P(TlsConnectTls13, ZeroRttApparentReplayAfterRestart) { - // The test fixtures call SSL_SetupAntiReplay() in SetUp(). This results in - // 0-RTT being rejected until at least one window passes. SetupFor0Rtt() - // forces a rollover of the anti-replay filters, which clears this state. - // Here, we do the setup manually here without that forced rollover. + // The test fixtures enable anti-replay in SetUp(). This results in 0-RTT + // being rejected until at least one window passes. SetupFor0Rtt() forces a + // rollover of the anti-replay filters, which clears that state and allows + // 0-RTT to work. Make the first connection manually to avoid that rollover + // and cause 0-RTT to be rejected. ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); @@ -106,7 +135,7 @@ class TlsZeroRttReplayTest : public TlsConnectTls13 { SendReceive(); if (rollover) { - SSLInt_RolloverAntiReplay(); + RolloverAntiReplay(); } // Now replay that packet against the server. @@ -184,20 +213,21 @@ TEST_P(TlsConnectTls13, ZeroRttServerOnly) { CheckKeys(); } -// A small sleep after sending the ClientHello means that the ticket age that -// arrives at the server is too low. With a small tolerance for variation in -// ticket age (which is determined by the |window| parameter that is passed to -// SSL_SetupAntiReplay()), the server then rejects early data. +// Advancing time after sending the ClientHello means that the ticket age that +// arrives at the server is too low. The server then rejects early data if this +// delay exceeds half the anti-replay window. TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) { + static const PRTime kWindow = 10 * PR_USEC_PER_SEC; + ResetAntiReplay(kWindow); SetupForZeroRtt(); + + Reset(); + StartConnect(); client_->Set0RttEnabled(true); server_->Set0RttEnabled(true); - EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3)); - SSLInt_RolloverAntiReplay(); // Make sure to flush replay state. - SSLInt_RolloverAntiReplay(); ExpectResumption(RESUME_TICKET); - ZeroRttSendReceive(true, false, []() { - PR_Sleep(PR_MillisecondsToInterval(10)); + ZeroRttSendReceive(true, false, [this]() { + AdvanceTime(1 + kWindow / 2); return true; }); Handshake(); @@ -212,13 +242,15 @@ TEST_P(TlsConnectTls13, ZeroRttRejectOldTicket) { // small tolerance for variation in ticket age and the ticket will appear to // arrive prematurely, causing the server to reject early data. TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) { + static const PRTime kWindow = 10 * PR_USEC_PER_SEC; + ResetAntiReplay(kWindow); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); server_->Set0RttEnabled(true); StartConnect(); client_->Handshake(); // ClientHello server_->Handshake(); // ServerHello - PR_Sleep(PR_MillisecondsToInterval(10)); + AdvanceTime(1 + kWindow / 2); Handshake(); // Remainder of handshake CheckConnected(); SendReceive(); @@ -227,9 +259,6 @@ TEST_P(TlsConnectTls13, ZeroRttRejectPrematureTicket) { Reset(); client_->Set0RttEnabled(true); server_->Set0RttEnabled(true); - EXPECT_EQ(SECSuccess, SSL_SetupAntiReplay(1, 1, 3)); - SSLInt_RolloverAntiReplay(); // Make sure to flush replay state. - SSLInt_RolloverAntiReplay(); ExpectResumption(RESUME_TICKET); ExpectEarlyDataAccepted(false); StartConnect(); @@ -649,6 +678,351 @@ TEST_P(TlsConnectTls13, ZeroRttOrdering) { EXPECT_EQ(2U, step); } +// Early data remains available after the handshake completes for TLS. +TEST_F(TlsConnectStreamTls13, ZeroRttLateReadTls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. + const uint8_t data[] = {1, 2, 3, 4, 5, 6, 7, 8}; + PRInt32 rv = PR_Write(client_->ssl_fd(), data, sizeof(data)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), rv); + + // Consume the ClientHello and generate ServerHello..Finished. + server_->Handshake(); + + // Read some of the data. + std::vector<uint8_t> small_buffer(1 + sizeof(data) / 2); + rv = PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size()); + EXPECT_EQ(static_cast<PRInt32>(small_buffer.size()), rv); + EXPECT_EQ(0, memcmp(data, small_buffer.data(), small_buffer.size())); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); + + // After the handshake, it should be possible to read the remainder. + uint8_t big_buf[100]; + rv = PR_Read(server_->ssl_fd(), big_buf, sizeof(big_buf)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - small_buffer.size()), rv); + EXPECT_EQ(0, memcmp(&data[small_buffer.size()], big_buf, + sizeof(data) - small_buffer.size())); + + // And that's all there is to read. + rv = PR_Read(server_->ssl_fd(), big_buf, sizeof(big_buf)); + EXPECT_GT(0, rv); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); +} + +// Early data that arrives before the handshake can be read after the handshake +// is complete. +TEST_F(TlsConnectDatagram13, ZeroRttLateReadDtls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. + const uint8_t data[] = {1, 2, 3}; + PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); + + // Reading at the server should return the early data, which was buffered. + uint8_t buf[sizeof(data) + 1] = {0}; + PRInt32 read = PR_Read(server_->ssl_fd(), buf, sizeof(buf)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read); + EXPECT_EQ(0, memcmp(data, buf, sizeof(data))); +} + +class PacketHolder : public PacketFilter { + public: + PacketHolder() = default; + + virtual Action Filter(const DataBuffer& input, DataBuffer* output) { + packet_ = input; + Disable(); + return DROP; + } + + const DataBuffer& packet() const { return packet_; } + + private: + DataBuffer packet_; +}; + +// Early data that arrives late is discarded for DTLS. +TEST_F(TlsConnectDatagram13, ZeroRttLateArrivalDtls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. Twice, so that we can read bits of it. + const uint8_t data[] = {1, 2, 3}; + PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written); + + // Block and capture the next packet. + auto holder = std::make_shared<PacketHolder>(); + client_->SetFilter(holder); + written = PR_Write(client_->ssl_fd(), data, sizeof(data)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written); + EXPECT_FALSE(holder->enabled()) << "the filter should disable itself"; + + // Consume the ClientHello and generate ServerHello..Finished. + server_->Handshake(); + + // Read some of the data. + std::vector<uint8_t> small_buffer(sizeof(data)); + PRInt32 read = + PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size()); + + EXPECT_EQ(static_cast<PRInt32>(small_buffer.size()), read); + EXPECT_EQ(0, memcmp(data, small_buffer.data(), small_buffer.size())); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); + + server_->SendDirect(holder->packet()); + + // Reading now should return nothing, even though a valid packet was + // delivered. + read = PR_Read(server_->ssl_fd(), small_buffer.data(), small_buffer.size()); + EXPECT_GT(0, read); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); +} + +// Early data reads in TLS should be coalesced. +TEST_F(TlsConnectStreamTls13, ZeroRttCoalesceReadTls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. In two writes. + const uint8_t data[] = {1, 2, 3, 4, 5, 6}; + PRInt32 written = PR_Write(client_->ssl_fd(), data, 1); + EXPECT_EQ(1, written); + + written = PR_Write(client_->ssl_fd(), data + 1, sizeof(data) - 1); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), written); + + // Consume the ClientHello and generate ServerHello..Finished. + server_->Handshake(); + + // Read all of the data. + std::vector<uint8_t> buffer(sizeof(data)); + PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size()); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read); + EXPECT_EQ(0, memcmp(data, buffer.data(), sizeof(data))); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); +} + +// Early data reads in DTLS should not be coalesced. +TEST_F(TlsConnectDatagram13, ZeroRttNoCoalesceReadDtls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. In two writes. + const uint8_t data[] = {1, 2, 3, 4, 5, 6}; + PRInt32 written = PR_Write(client_->ssl_fd(), data, 1); + EXPECT_EQ(1, written); + + written = PR_Write(client_->ssl_fd(), data + 1, sizeof(data) - 1); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), written); + + // Consume the ClientHello and generate ServerHello..Finished. + server_->Handshake(); + + // Try to read all of the data. + std::vector<uint8_t> buffer(sizeof(data)); + PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size()); + EXPECT_EQ(1, read); + EXPECT_EQ(0, memcmp(data, buffer.data(), 1)); + + // Read the remainder. + read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size()); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data) - 1), read); + EXPECT_EQ(0, memcmp(data + 1, buffer.data(), sizeof(data) - 1)); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); +} + +// Early data reads in DTLS should fail if the buffer is too small. +TEST_F(TlsConnectDatagram13, ZeroRttShortReadDtls) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + client_->Handshake(); // ClientHello + + // Write some early data. In two writes. + const uint8_t data[] = {1, 2, 3, 4, 5, 6}; + PRInt32 written = PR_Write(client_->ssl_fd(), data, sizeof(data)); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), written); + + // Consume the ClientHello and generate ServerHello..Finished. + server_->Handshake(); + + // Try to read all of the data into a small buffer. + std::vector<uint8_t> buffer(sizeof(data)); + PRInt32 read = PR_Read(server_->ssl_fd(), buffer.data(), 1); + EXPECT_GT(0, read); + EXPECT_EQ(SSL_ERROR_RX_SHORT_DTLS_READ, PORT_GetError()); + + // Read again with more space. + read = PR_Read(server_->ssl_fd(), buffer.data(), buffer.size()); + EXPECT_EQ(static_cast<PRInt32>(sizeof(data)), read); + EXPECT_EQ(0, memcmp(data, buffer.data(), sizeof(data))); + + Handshake(); // Complete the handshake. + ExpectEarlyDataAccepted(true); + CheckConnected(); +} + +// There are few ways in which TLS uses the clock and most of those operate on +// timescales that would be ridiculous to wait for in a test. This is the one +// test we have that uses the real clock. It tests that time passes by checking +// that a small sleep results in rejection of early data. 0-RTT has a +// configurable timer, which makes it ideal for this. +TEST_F(TlsConnectStreamTls13, TimePassesByDefault) { + // Calling EnsureTlsSetup() replaces the time function on client and server, + // and sets up anti-replay, which we don't want, so initialize each directly. + client_->EnsureTlsSetup(); + server_->EnsureTlsSetup(); + // StartConnect() calls EnsureTlsSetup(), so avoid that too. + client_->StartConnect(); + server_->StartConnect(); + + // Set a tiny anti-replay window. This has to be at least 2 milliseconds to + // have any chance of being relevant as that is the smallest window that we + // can detect. Anything smaller rounds to zero. + static const unsigned int kTinyWindowMs = 5; + ResetAntiReplay(static_cast<PRTime>(kTinyWindowMs * PR_USEC_PER_MSEC)); + server_->SetAntiReplayContext(anti_replay_); + + ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); + server_->Set0RttEnabled(true); + Handshake(); + CheckConnected(); + SendReceive(); // Absorb a session ticket. + CheckKeys(); + + // Clear the first window. + PR_Sleep(PR_MillisecondsToInterval(kTinyWindowMs)); + + Reset(); + client_->EnsureTlsSetup(); + server_->EnsureTlsSetup(); + client_->StartConnect(); + server_->StartConnect(); + + // Early data is rejected by the server only if time passes for it as well. + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + ZeroRttSendReceive(true, false, []() { + // Sleep long enough that we minimize the risk of our RTT estimation being + // duped by stutters in test execution. This is very long to allow for + // flaky and low-end hardware, especially what our CI runs on. + PR_Sleep(PR_MillisecondsToInterval(1000)); + return true; + }); + Handshake(); + ExpectEarlyDataAccepted(false); + CheckConnected(); +} + +// Test that SSL_CreateAntiReplayContext doesn't pass bad inputs. +TEST_F(TlsConnectStreamTls13, BadAntiReplayArgs) { + SSLAntiReplayContext* p; + // Zero or negative window. + EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, -1, 1, 1, &p)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 0, 1, 1, &p)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + // Zero k. + EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 0, 1, &p)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + // Zero bits. + EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 0, &p)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + EXPECT_EQ(SECFailure, SSL_CreateAntiReplayContext(0, 1, 1, 1, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Prove that these parameters do work, even if they are useless.. + EXPECT_EQ(SECSuccess, SSL_CreateAntiReplayContext(0, 1, 1, 1, &p)); + ASSERT_NE(nullptr, p); + ScopedSSLAntiReplayContext ctx(p); + + // The socket isn't a client or server until later, so configuring a client + // should work OK. + client_->EnsureTlsSetup(); + EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), ctx.get())); + EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(client_->ssl_fd(), nullptr)); +} + +// See also TlsConnectGenericResumption.ResumeServerIncompatibleCipher +TEST_P(TlsConnectTls13, ZeroRttDifferentCompatibleCipher) { + EnsureTlsSetup(); + server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256); + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + // Change the ciphersuite. Resumption is OK because the hash is the same, but + // early data will be rejected. + server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256); + ExpectResumption(RESUME_TICKET); + + StartConnect(); + ZeroRttSendReceive(true, false); + + Handshake(); + ExpectEarlyDataAccepted(false); + CheckConnected(); + SendReceive(); +} + +// See also TlsConnectGenericResumption.ResumeServerIncompatibleCipher +TEST_P(TlsConnectTls13, ZeroRttDifferentIncompatibleCipher) { + EnsureTlsSetup(); + server_->EnableSingleCipher(TLS_AES_256_GCM_SHA384); + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + // Resumption is rejected because the hash is different. + server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256); + ExpectResumption(RESUME_NONE); + + StartConnect(); + ZeroRttSendReceive(true, false); + + Handshake(); + ExpectEarlyDataAccepted(false); + CheckConnected(); + SendReceive(); +} + #ifndef NSS_DISABLE_TLS_1_3 INSTANTIATE_TEST_CASE_P(Tls13ZeroRttReplayTest, TlsZeroRttReplayTest, TlsConnectTestBase::kTlsVariantsAll); diff --git a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc index 3a52ac20c..c1a810d04 100644 --- a/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc @@ -176,14 +176,434 @@ TEST_P(TlsConnectGeneric, ClientAuth) { CheckKeys(); } -// In TLS 1.3, the client sends its cert rejection on the -// second flight, and since it has already received the -// server's Finished, it transitions to complete and -// then gets an alert from the server. The test harness -// doesn't handle this right yet. -TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) { +class TlsCertificateRequestContextRecorder : public TlsHandshakeFilter { + public: + TlsCertificateRequestContextRecorder(const std::shared_ptr<TlsAgent>& a, + uint8_t handshake_type) + : TlsHandshakeFilter(a, {handshake_type}), buffer_(), filtered_(false) { + EnableDecryption(); + } + + bool filtered() const { return filtered_; } + const DataBuffer& buffer() const { return buffer_; } + + protected: + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) { + assert(1 < input.len()); + size_t len = input.data()[0]; + assert(len + 1 < input.len()); + buffer_.Assign(input.data() + 1, len); + filtered_ = true; + return KEEP; + } + + private: + DataBuffer buffer_; + bool filtered_; +}; + +// All stream only tests; DTLS isn't supported yet. + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuth) { + EnsureTlsSetup(); + auto capture_cert_req = MakeTlsFilter<TlsCertificateRequestContextRecorder>( + server_, kTlsHandshakeCertificateRequest); + auto capture_certificate = + MakeTlsFilter<TlsCertificateRequestContextRecorder>( + client_, kTlsHandshakeCertificate); + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + size_t called = 0; + server_->SetAuthCertificateCallback( + [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { + called++; + return SECSuccess; + }); + Connect(); + EXPECT_EQ(0U, called); + EXPECT_FALSE(capture_cert_req->filtered()); + EXPECT_FALSE(capture_certificate->filtered()); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + // Need to do a round-trip so that the post-handshake message is + // handled on both client and server. + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ReadBytes(50); + EXPECT_EQ(1U, called); + EXPECT_TRUE(capture_cert_req->filtered()); + EXPECT_TRUE(capture_certificate->filtered()); + // Check if a non-empty request context is generated and it is + // properly sent back. + EXPECT_LT(0U, capture_cert_req->buffer().len()); + EXPECT_EQ(capture_cert_req->buffer().len(), + capture_certificate->buffer().len()); + EXPECT_EQ(0, memcmp(capture_cert_req->buffer().data(), + capture_certificate->buffer().data(), + capture_cert_req->buffer().len())); + ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); + ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); +} + +static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd, + CERTDistNames* caNames, + CERTCertificate** clientCert, + SECKEYPrivateKey** clientKey) { + ScopedCERTCertificate cert; + ScopedSECKEYPrivateKey priv; + // use a different certificate than TlsAgent::kClient + if (!TlsAgent::LoadCertificate(TlsAgent::kRsa2048, &cert, &priv)) { + return SECFailure; + } + + *clientCert = cert.release(); + *clientKey = priv.release(); + return SECSuccess; +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthMultiple) { + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + size_t called = 0; + server_->SetAuthCertificateCallback( + [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { + called++; + return SECSuccess; + }); + Connect(); + EXPECT_EQ(0U, called); + EXPECT_EQ(nullptr, SSL_PeerCertificate(server_->ssl_fd())); + // Send 1st CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ReadBytes(50); + EXPECT_EQ(1U, called); + ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); + ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); + // Send 2nd CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook( + client_->ssl_fd(), GetClientAuthDataHook, nullptr)); + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ReadBytes(50); + EXPECT_EQ(2U, called); + ScopedCERTCertificate cert3(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert3.get()); + ScopedCERTCertificate cert4(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert4.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert4->derCert)); + EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert1->derCert)); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthConcurrent) { + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + Connect(); + // Send 1st CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + // Send 2nd CertificateRequest. + EXPECT_EQ(SECFailure, SSL_SendCertificateRequest(server_->ssl_fd())); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthBeforeKeyUpdate) { + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + Connect(); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + // Send KeyUpdate. + EXPECT_EQ(SECFailure, SSL_KeyUpdate(server_->ssl_fd(), PR_TRUE)); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthDuringClientKeyUpdate) { + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + Connect(); + CheckEpochs(3, 3); + // Send CertificateRequest from server. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + // Send KeyUpdate from client. + EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_TRUE)); + server_->SendData(50); // server sends CertificateRequest + client_->SendData(50); // client sends KeyUpdate + server_->ReadBytes(50); // server receives KeyUpdate and defers response + CheckEpochs(4, 3); + client_->ReadBytes(50); // client receives CertificateRequest + client_->SendData( + 50); // client sends Certificate, CertificateVerify, Finished + server_->ReadBytes( + 50); // server receives Certificate, CertificateVerify, Finished + client_->CheckEpochs(3, 4); + server_->CheckEpochs(4, 4); + server_->SendData(50); // server sends KeyUpdate + client_->ReadBytes(50); // client receives KeyUpdate + client_->CheckEpochs(4, 4); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthMissingExtension) { + client_->SetupClientAuth(); + Connect(); + // Send CertificateRequest, should fail due to missing + // post_handshake_auth extension. + EXPECT_EQ(SECFailure, SSL_SendCertificateRequest(server_->ssl_fd())); + EXPECT_EQ(SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION, PORT_GetError()); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthAfterClientAuth) { + client_->SetupClientAuth(); server_->RequestClientAuth(true); - ConnectExpectFail(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + size_t called = 0; + server_->SetAuthCertificateCallback( + [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { + called++; + return SECSuccess; + }); + Connect(); + EXPECT_EQ(1U, called); + ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); + ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook( + client_->ssl_fd(), GetClientAuthDataHook, nullptr)); + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ReadBytes(50); + EXPECT_EQ(2U, called); + ScopedCERTCertificate cert3(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert3.get()); + ScopedCERTCertificate cert4(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert4.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert4->derCert)); + EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert3->derCert, &cert1->derCert)); +} + +// Damages the request context in a CertificateRequest message. +// We don't modify a Certificate message instead, so that the client +// can compute CertificateVerify correctly. +class TlsDamageCertificateRequestContextFilter : public TlsHandshakeFilter { + public: + TlsDamageCertificateRequestContextFilter(const std::shared_ptr<TlsAgent>& a) + : TlsHandshakeFilter(a, {kTlsHandshakeCertificateRequest}) { + EnableDecryption(); + } + + protected: + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) { + *output = input; + assert(1 < output->len()); + // The request context has a 1 octet length. + output->data()[1] ^= 73; + return CHANGE; + } +}; + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthContextMismatch) { + EnsureTlsSetup(); + MakeTlsFilter<TlsDamageCertificateRequestContextFilter>(server_); + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + Connect(); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ExpectSendAlert(kTlsAlertIllegalParameter); + server_->ReadBytes(50); + EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CERTIFICATE, PORT_GetError()); + server_->ExpectReadWriteError(); + server_->SendData(50); + client_->ExpectReceiveAlert(kTlsAlertIllegalParameter); + client_->ReadBytes(50); + EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, PORT_GetError()); +} + +// Replaces signature in a CertificateVerify message. +class TlsDamageSignatureFilter : public TlsHandshakeFilter { + public: + TlsDamageSignatureFilter(const std::shared_ptr<TlsAgent>& a) + : TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}) { + EnableDecryption(); + } + + protected: + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) { + *output = input; + assert(2 < output->len()); + // The signature follows a 2-octet signature scheme. + output->data()[2] ^= 73; + return CHANGE; + } +}; + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthBadSignature) { + EnsureTlsSetup(); + MakeTlsFilter<TlsDamageSignatureFilter>(client_); + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + Connect(); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ExpectSendAlert(kTlsAlertDecodeError); + server_->ReadBytes(50); + EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, PORT_GetError()); +} + +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthDecline) { + EnsureTlsSetup(); + auto capture_cert_req = MakeTlsFilter<TlsCertificateRequestContextRecorder>( + server_, kTlsHandshakeCertificateRequest); + auto capture_certificate = + MakeTlsFilter<TlsCertificateRequestContextRecorder>( + client_, kTlsHandshakeCertificate); + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + EXPECT_EQ(SECSuccess, + SSL_OptionSet(server_->ssl_fd(), SSL_REQUIRE_CERTIFICATE, + SSL_REQUIRE_ALWAYS)); + // Client to decline the certificate request. + EXPECT_EQ(SECSuccess, + SSL_GetClientAuthDataHook( + client_->ssl_fd(), + [](void*, PRFileDesc*, CERTDistNames*, CERTCertificate**, + SECKEYPrivateKey**) -> SECStatus { return SECFailure; }, + nullptr)); + size_t called = 0; + server_->SetAuthCertificateCallback( + [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { + called++; + return SECSuccess; + }); + Connect(); + EXPECT_EQ(0U, called); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); // send Certificate Request + client_->ReadBytes(50); // read Certificate Request + client_->SendData(50); // send empty Certificate+Finished + server_->ExpectSendAlert(kTlsAlertCertificateRequired); + server_->ReadBytes(50); // read empty Certificate+Finished + server_->ExpectReadWriteError(); + server_->SendData(50); // send alert + // AuthCertificateCallback is not called, because the client sends + // an empty certificate_list. + EXPECT_EQ(0U, called); + EXPECT_TRUE(capture_cert_req->filtered()); + EXPECT_TRUE(capture_certificate->filtered()); + // Check if a non-empty request context is generated and it is + // properly sent back. + EXPECT_LT(0U, capture_cert_req->buffer().len()); + EXPECT_EQ(capture_cert_req->buffer().len(), + capture_certificate->buffer().len()); + EXPECT_EQ(0, memcmp(capture_cert_req->buffer().data(), + capture_certificate->buffer().data(), + capture_cert_req->buffer().len())); +} + +// Check if post-handshake auth still works when session tickets are enabled: +// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443 +TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) { + EnsureTlsSetup(); + client_->SetupClientAuth(); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); + EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), + SSL_ENABLE_SESSION_TICKETS, PR_TRUE)); + EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(), + SSL_ENABLE_SESSION_TICKETS, PR_TRUE)); + size_t called = 0; + server_->SetAuthCertificateCallback( + [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { + called++; + return SECSuccess; + }); + Connect(); + EXPECT_EQ(0U, called); + // Send CertificateRequest. + EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook( + client_->ssl_fd(), GetClientAuthDataHook, nullptr)); + EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) + << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); + server_->SendData(50); + client_->ReadBytes(50); + client_->SendData(50); + server_->ReadBytes(50); + EXPECT_EQ(1U, called); + ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); + ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); +} + +TEST_P(TlsConnectGenericPre13, ClientAuthRequiredRejected) { + server_->RequestClientAuth(true); + ConnectExpectAlert(server_, kTlsAlertBadCertificate); + client_->CheckErrorCode(SSL_ERROR_BAD_CERT_ALERT); + server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE); +} + +// In TLS 1.3, the client will claim that the connection is done and then +// receive the alert afterwards. So drive the handshake manually. +TEST_P(TlsConnectTls13, ClientAuthRequiredRejected) { + server_->RequestClientAuth(true); + StartConnect(); + client_->Handshake(); // CH + server_->Handshake(); // SH.. (no resumption) + client_->Handshake(); // Next message + ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + ExpectAlert(server_, kTlsAlertCertificateRequired); + server_->Handshake(); // Alert + server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE); + client_->Handshake(); // Receive Alert + client_->CheckErrorCode(SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT); } TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) { @@ -219,7 +639,9 @@ static void CheckSigScheme(std::shared_ptr<TlsHandshakeRecorder>& capture, EXPECT_EQ(expected_scheme, static_cast<uint16_t>(scheme)); ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd())); + ASSERT_NE(nullptr, remote_cert.get()); ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get())); + ASSERT_NE(nullptr, remote_key.get()); EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get())); } @@ -273,9 +695,7 @@ class TlsReplaceSignatureSchemeFilter : public TlsHandshakeFilter { TlsReplaceSignatureSchemeFilter(const std::shared_ptr<TlsAgent>& a, SSLSignatureScheme scheme) : TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}), - scheme_(scheme) { - EnableDecryption(); - } + scheme_(scheme) {} protected: virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, @@ -342,6 +762,59 @@ TEST_P(TlsConnectTls12, ClientAuthInconsistentPssSignatureScheme) { ConnectExpectAlert(server_, kTlsAlertIllegalParameter); } +TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) { + static const SSLSignatureScheme kSignatureScheme[] = { + ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256}; + + Reset(TlsAgent::kServerRsa, "rsa"); + client_->SetSignatureSchemes(kSignatureScheme, + PR_ARRAY_SIZE(kSignatureScheme)); + server_->SetSignatureSchemes(kSignatureScheme, + PR_ARRAY_SIZE(kSignatureScheme)); + client_->SetupClientAuth(); + server_->RequestClientAuth(true); + + auto capture_cert_verify = MakeTlsFilter<TlsHandshakeRecorder>( + client_, kTlsHandshakeCertificateVerify); + capture_cert_verify->EnableDecryption(); + + Connect(); + CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256, + 1024); +} + +// Client should refuse to connect without a usable signature scheme. +TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) { + static const SSLSignatureScheme kSignatureScheme[] = { + ssl_sig_rsa_pkcs1_sha256}; + + Reset(TlsAgent::kServerRsa, "rsa"); + client_->SetSignatureSchemes(kSignatureScheme, + PR_ARRAY_SIZE(kSignatureScheme)); + client_->SetupClientAuth(); + client_->StartConnect(); + client_->Handshake(); + EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state()); + client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); +} + +// Though the client has a usable signature scheme, when a certificate is +// requested, it can't produce one. +TEST_P(TlsConnectTls13, ClientAuthPkcs1AndEcdsaScheme) { + static const SSLSignatureScheme kSignatureScheme[] = { + ssl_sig_rsa_pkcs1_sha256, ssl_sig_ecdsa_secp256r1_sha256}; + + Reset(TlsAgent::kServerRsa, "rsa"); + client_->SetSignatureSchemes(kSignatureScheme, + PR_ARRAY_SIZE(kSignatureScheme)); + client_->SetupClientAuth(); + server_->RequestClientAuth(true); + + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); +} + class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter { public: TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a) @@ -552,7 +1025,9 @@ TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) { TEST_P(TlsConnectTls13, UnsupportedSignatureSchemeAlert) { EnsureTlsSetup(); - MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(server_, ssl_sig_none); + auto filter = + MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(server_, ssl_sig_none); + filter->EnableDecryption(); ConnectExpectAlert(client_, kTlsAlertIllegalParameter); server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); @@ -563,15 +1038,16 @@ TEST_P(TlsConnectTls13, InconsistentSignatureSchemeAlert) { EnsureTlsSetup(); // This won't work because we use an RSA cert by default. - MakeTlsFilter<TlsReplaceSignatureSchemeFilter>( + auto filter = MakeTlsFilter<TlsReplaceSignatureSchemeFilter>( server_, ssl_sig_ecdsa_secp256r1_sha256); + filter->EnableDecryption(); ConnectExpectAlert(client_, kTlsAlertIllegalParameter); server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); } -TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) { +TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) { server_->SetSignatureSchemes(kSignatureSchemeRsaSha384, PR_ARRAY_SIZE(kSignatureSchemeRsaSha384)); server_->RequestClientAuth(false); @@ -888,11 +1364,11 @@ TEST_P(TlsConnectGeneric, AuthFailImmediate) { } static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = { - ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr}; + ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr, nullptr, nullptr}; static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = { - ssl_auth_rsa_sign, nullptr, nullptr, nullptr}; + ssl_auth_rsa_sign, nullptr, nullptr, nullptr, nullptr, nullptr}; static const SSLExtraServerCertData ServerCertDataRsaPss = { - ssl_auth_rsa_pss, nullptr, nullptr, nullptr}; + ssl_auth_rsa_pss, nullptr, nullptr, nullptr, nullptr, nullptr}; // Test RSA cert with usage=[signature, encipherment]. TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) { @@ -972,6 +1448,109 @@ TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) { &ServerCertDataRsaPss)); } +// A server should refuse to even start a handshake with +// misconfigured certificate and signature scheme. +TEST_P(TlsConnectTls12Plus, MisconfiguredCertScheme) { + Reset(TlsAgent::kServerDsa); + static const SSLSignatureScheme kScheme[] = {ssl_sig_ecdsa_secp256r1_sha256}; + server_->SetSignatureSchemes(kScheme, PR_ARRAY_SIZE(kScheme)); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) { + // TLS 1.2 disables cipher suites, which leads to a different error. + server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); + } else { + server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + } + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); +} + +// In TLS 1.2, disabling an EC group causes ECDSA to be invalid. +TEST_P(TlsConnectTls12, Tls12CertDisabledGroup) { + Reset(TlsAgent::kServerEcdsa256); + static const std::vector<SSLNamedGroup> k25519 = {ssl_grp_ec_curve25519}; + server_->ConfigNamedGroups(k25519); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); +} + +// In TLS 1.3, ECDSA configuration only depends on the signature scheme. +TEST_P(TlsConnectTls13, Tls13CertDisabledGroup) { + Reset(TlsAgent::kServerEcdsa256); + static const std::vector<SSLNamedGroup> k25519 = {ssl_grp_ec_curve25519}; + server_->ConfigNamedGroups(k25519); + Connect(); +} + +// A client should refuse to even start a handshake with only DSA. +TEST_P(TlsConnectTls13, Tls13DsaOnlyClient) { + static const SSLSignatureScheme kDsa[] = {ssl_sig_dsa_sha256}; + client_->SetSignatureSchemes(kDsa, PR_ARRAY_SIZE(kDsa)); + client_->StartConnect(); + client_->Handshake(); + EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state()); + client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); +} + +TEST_P(TlsConnectTls13, Tls13DsaOnlyServer) { + Reset(TlsAgent::kServerDsa); + static const SSLSignatureScheme kDsa[] = {ssl_sig_dsa_sha256}; + server_->SetSignatureSchemes(kDsa, PR_ARRAY_SIZE(kDsa)); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); +} + +TEST_P(TlsConnectTls13, Tls13Pkcs1OnlyClient) { + static const SSLSignatureScheme kPkcs1[] = {ssl_sig_rsa_pkcs1_sha256}; + client_->SetSignatureSchemes(kPkcs1, PR_ARRAY_SIZE(kPkcs1)); + client_->StartConnect(); + client_->Handshake(); + EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state()); + client_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); +} + +TEST_P(TlsConnectTls13, Tls13Pkcs1OnlyServer) { + static const SSLSignatureScheme kPkcs1[] = {ssl_sig_rsa_pkcs1_sha256}; + server_->SetSignatureSchemes(kPkcs1, PR_ARRAY_SIZE(kPkcs1)); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + server_->CheckErrorCode(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); +} + +TEST_P(TlsConnectTls13, Tls13DsaIsNotAdvertisedClient) { + EnsureTlsSetup(); + static const SSLSignatureScheme kSchemes[] = {ssl_sig_dsa_sha256, + ssl_sig_rsa_pss_rsae_sha256}; + client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + auto capture = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn); + Connect(); + // We should only have the one signature algorithm advertised. + static const uint8_t kExpectedExt[] = {0, 2, ssl_sig_rsa_pss_rsae_sha256 >> 8, + ssl_sig_rsa_pss_rsae_sha256 & 0xff}; + ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)), + capture->extension()); +} + +TEST_P(TlsConnectTls13, Tls13DsaIsNotAdvertisedServer) { + EnsureTlsSetup(); + static const SSLSignatureScheme kSchemes[] = {ssl_sig_dsa_sha256, + ssl_sig_rsa_pss_rsae_sha256}; + server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + auto capture = MakeTlsFilter<TlsExtensionCapture>( + server_, ssl_signature_algorithms_xtn, true); + capture->SetHandshakeTypes({kTlsHandshakeCertificateRequest}); + capture->EnableDecryption(); + server_->RequestClientAuth(false); // So we get a CertificateRequest. + Connect(); + // We should only have the one signature algorithm advertised. + static const uint8_t kExpectedExt[] = {0, 2, ssl_sig_rsa_pss_rsae_sha256 >> 8, + ssl_sig_rsa_pss_rsae_sha256 & 0xff}; + ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)), + capture->extension()); +} + // variant, version, certificate, auth type, signature scheme typedef std::tuple<SSLProtocolVariant, uint16_t, std::string, SSLAuthType, SSLSignatureScheme> @@ -1033,12 +1612,21 @@ TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) { INSTANTIATE_TEST_CASE_P( SignatureSchemeRsa, TlsSignatureSchemeConfiguration, ::testing::Combine( - TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus, + TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12, ::testing::Values(TlsAgent::kServerRsaSign), ::testing::Values(ssl_auth_rsa_sign), ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384, ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384))); +// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3 +INSTANTIATE_TEST_CASE_P( + SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV13, + ::testing::Values(TlsAgent::kServerRsaSign), + ::testing::Values(ssl_auth_rsa_sign), + ::testing::Values(ssl_sig_rsa_pss_rsae_sha256, + ssl_sig_rsa_pss_rsae_sha384))); // PSS with SHA-512 needs a bigger key to work. INSTANTIATE_TEST_CASE_P( SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration, diff --git a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc index 573c69c75..26e5fb502 100644 --- a/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc @@ -43,10 +43,10 @@ class SignedCertificateTimestampsExtractor { } void assertTimestamps(const DataBuffer& timestamps) { - EXPECT_TRUE(auth_timestamps_); + ASSERT_NE(nullptr, auth_timestamps_); EXPECT_EQ(timestamps, *auth_timestamps_); - EXPECT_TRUE(handshake_timestamps_); + ASSERT_NE(nullptr, handshake_timestamps_); EXPECT_EQ(timestamps, *handshake_timestamps_); const SECItem* current = @@ -64,8 +64,8 @@ static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89}; static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue), sizeof(kSctValue)}; static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue)); -static const SSLExtraServerCertData kExtraSctData = {ssl_auth_null, nullptr, - nullptr, &kSctItem}; +static const SSLExtraServerCertData kExtraSctData = { + ssl_auth_null, nullptr, nullptr, &kSctItem, nullptr, nullptr}; // Test timestamps extraction during a successful handshake. TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsLegacy) { @@ -147,8 +147,8 @@ static const SECItem kOcspItems[] = { {siBuffer, const_cast<uint8_t*>(kOcspValue2), sizeof(kOcspValue2)}}; static const SECItemArray kOcspResponses = {const_cast<SECItem*>(kOcspItems), PR_ARRAY_SIZE(kOcspItems)}; -const static SSLExtraServerCertData kOcspExtraData = {ssl_auth_null, nullptr, - &kOcspResponses, nullptr}; +const static SSLExtraServerCertData kOcspExtraData = { + ssl_auth_null, nullptr, &kOcspResponses, nullptr, nullptr, nullptr}; TEST_P(TlsConnectGeneric, NoOcsp) { EnsureTlsSetup(); @@ -224,7 +224,7 @@ TEST_P(TlsConnectGeneric, OcspHugeSuccess) { const SECItemArray hugeOcspResponses = {const_cast<SECItem*>(hugeOcspItems), PR_ARRAY_SIZE(hugeOcspItems)}; const SSLExtraServerCertData hugeOcspExtraData = { - ssl_auth_null, nullptr, &hugeOcspResponses, nullptr}; + ssl_auth_null, nullptr, &hugeOcspResponses, nullptr, nullptr, nullptr}; // The value should be available during the AuthCertificateCallback client_->SetAuthCertificateCallback([&](TlsAgent* agent, bool checksig, diff --git a/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc new file mode 100644 index 000000000..1e4f817e9 --- /dev/null +++ b/security/nss/gtests/ssl_gtest/ssl_cipherorder_unittest.cc @@ -0,0 +1,241 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "ssl.h" +#include "sslerr.h" +#include "sslproto.h" + +#include <memory> + +#include "tls_connect.h" +#include "tls_filter.h" + +namespace nss_test { + +class TlsCipherOrderTest : public TlsConnectTestBase { + protected: + virtual void ConfigureTLS() { + EnsureTlsSetup(); + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); + } + + virtual SECStatus BuildTestLists(std::vector<uint16_t> &cs_initial_list, + std::vector<uint16_t> &cs_new_list) { + // This is the current CipherSuites order of enabled CipherSuites as defined + // in ssl3con.c + const PRUint16 *kCipherSuites = SSL_GetImplementedCiphers(); + + for (unsigned int i = 0; i < kNumImplementedCiphers; i++) { + PRBool pref = PR_FALSE, policy = PR_FALSE; + SECStatus rv; + rv = SSL_CipherPolicyGet(kCipherSuites[i], &policy); + if (rv != SECSuccess) { + return SECFailure; + } + rv = SSL_CipherPrefGetDefault(kCipherSuites[i], &pref); + if (rv != SECSuccess) { + return SECFailure; + } + if (pref && policy) { + cs_initial_list.push_back(kCipherSuites[i]); + } + } + + // We will test set function with the first 15 enabled ciphers. + const PRUint16 kNumCiphersToSet = 15; + for (unsigned int i = 0; i < kNumCiphersToSet; i++) { + cs_new_list.push_back(cs_initial_list[i]); + } + cs_new_list[0] = cs_initial_list[1]; + cs_new_list[1] = cs_initial_list[0]; + return SECSuccess; + } + + public: + TlsCipherOrderTest() : TlsConnectTestBase(ssl_variant_stream, 0) {} + const unsigned int kNumImplementedCiphers = SSL_GetNumImplementedCiphers(); +}; + +const PRUint16 kCSUnsupported[] = {20196, 10101}; +const PRUint16 kNumCSUnsupported = PR_ARRAY_SIZE(kCSUnsupported); +const PRUint16 kCSEmpty[] = {0}; + +// Get the active CipherSuites odered as they were compiled +TEST_F(TlsCipherOrderTest, CipherOrderGet) { + std::vector<uint16_t> initial_cs_order; + std::vector<uint16_t> new_cs_order; + SECStatus result = BuildTestLists(initial_cs_order, new_cs_order); + ASSERT_EQ(result, SECSuccess); + ConfigureTLS(); + + std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1); + unsigned int current_num_active_cs = 0; + result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, initial_cs_order.size()); + for (unsigned int i = 0; i < initial_cs_order.size(); i++) { + EXPECT_EQ(initial_cs_order[i], current_cs_order[i]); + } + // Get the chosen CipherSuite during the Handshake without any modification. + Connect(); + SSLChannelInfo channel; + result = SSL_GetChannelInfo(client_->ssl_fd(), &channel, sizeof channel); + ASSERT_EQ(result, SECSuccess); + EXPECT_EQ(channel.cipherSuite, initial_cs_order[0]); +} + +// The "server" used for gtests honor only its ciphersuites order. +// So, we apply the new set for the server instead of client. +// This is enough to test the effect of SSL_CipherSuiteOrderSet function. +TEST_F(TlsCipherOrderTest, CipherOrderSet) { + std::vector<uint16_t> initial_cs_order; + std::vector<uint16_t> new_cs_order; + SECStatus result = BuildTestLists(initial_cs_order, new_cs_order); + ASSERT_EQ(result, SECSuccess); + ConfigureTLS(); + + // change the server_ ciphersuites order. + result = SSL_CipherSuiteOrderSet(server_->ssl_fd(), new_cs_order.data(), + new_cs_order.size()); + ASSERT_EQ(result, SECSuccess); + + // The function expect an array. We are using vector for VStudio + // compatibility. + std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1); + unsigned int current_num_active_cs = 0; + result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, new_cs_order.size()); + for (unsigned int i = 0; i < new_cs_order.size(); i++) { + ASSERT_EQ(new_cs_order[i], current_cs_order[i]); + } + + Connect(); + SSLChannelInfo channel; + // changes in server_ order reflect in client chosen ciphersuite. + result = SSL_GetChannelInfo(client_->ssl_fd(), &channel, sizeof channel); + ASSERT_EQ(result, SECSuccess); + EXPECT_EQ(channel.cipherSuite, new_cs_order[0]); +} + +// Duplicate socket configuration from a model. +TEST_F(TlsCipherOrderTest, CipherOrderCopySocket) { + std::vector<uint16_t> initial_cs_order; + std::vector<uint16_t> new_cs_order; + SECStatus result = BuildTestLists(initial_cs_order, new_cs_order); + ASSERT_EQ(result, SECSuccess); + ConfigureTLS(); + + // Use the existing sockets for this test. + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(), + new_cs_order.size()); + ASSERT_EQ(result, SECSuccess); + + std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1); + unsigned int current_num_active_cs = 0; + result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, initial_cs_order.size()); + for (unsigned int i = 0; i < current_num_active_cs; i++) { + ASSERT_EQ(initial_cs_order[i], current_cs_order[i]); + } + + // Import/Duplicate configurations from client_ to server_ + PRFileDesc *rv = SSL_ImportFD(client_->ssl_fd(), server_->ssl_fd()); + EXPECT_NE(nullptr, rv); + + result = SSL_CipherSuiteOrderGet(server_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, new_cs_order.size()); + for (unsigned int i = 0; i < new_cs_order.size(); i++) { + EXPECT_EQ(new_cs_order.data()[i], current_cs_order[i]); + } +} + +// If the infomed num of elements is lower than the actual list size, only the +// first "informed num" elements will be considered. The rest is ignored. +TEST_F(TlsCipherOrderTest, CipherOrderSetLower) { + std::vector<uint16_t> initial_cs_order; + std::vector<uint16_t> new_cs_order; + SECStatus result = BuildTestLists(initial_cs_order, new_cs_order); + ASSERT_EQ(result, SECSuccess); + ConfigureTLS(); + + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(), + new_cs_order.size() - 1); + ASSERT_EQ(result, SECSuccess); + + std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1); + unsigned int current_num_active_cs = 0; + result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, new_cs_order.size() - 1); + for (unsigned int i = 0; i < new_cs_order.size() - 1; i++) { + ASSERT_EQ(new_cs_order.data()[i], current_cs_order[i]); + } +} + +// Testing Errors Controls +TEST_F(TlsCipherOrderTest, CipherOrderSetControls) { + std::vector<uint16_t> initial_cs_order; + std::vector<uint16_t> new_cs_order; + SECStatus result = BuildTestLists(initial_cs_order, new_cs_order); + ASSERT_EQ(result, SECSuccess); + ConfigureTLS(); + + // Create a new vector with diplicated entries + std::vector<uint16_t> repeated_cs_order(SSL_GetNumImplementedCiphers() + 1); + std::copy(initial_cs_order.begin(), initial_cs_order.end(), + repeated_cs_order.begin()); + repeated_cs_order[0] = repeated_cs_order[1]; + + // Repeated ciphersuites in the list + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), repeated_cs_order.data(), + initial_cs_order.size()); + EXPECT_EQ(result, SECFailure); + + // Zero size for the sent list + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(), 0); + EXPECT_EQ(result, SECFailure); + + // Wrong size, greater than actual + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), new_cs_order.data(), + SSL_GetNumImplementedCiphers() + 1); + EXPECT_EQ(result, SECFailure); + + // Wrong ciphersuites, not implemented + result = SSL_CipherSuiteOrderSet(client_->ssl_fd(), kCSUnsupported, + kNumCSUnsupported); + EXPECT_EQ(result, SECFailure); + + // Null list + result = + SSL_CipherSuiteOrderSet(client_->ssl_fd(), nullptr, new_cs_order.size()); + EXPECT_EQ(result, SECFailure); + + // Empty list + result = + SSL_CipherSuiteOrderSet(client_->ssl_fd(), kCSEmpty, new_cs_order.size()); + EXPECT_EQ(result, SECFailure); + + // Confirm that the controls are working, as the current ciphersuites + // remained untouched + std::vector<uint16_t> current_cs_order(SSL_GetNumImplementedCiphers() + 1); + unsigned int current_num_active_cs = 0; + result = SSL_CipherSuiteOrderGet(client_->ssl_fd(), current_cs_order.data(), + ¤t_num_active_cs); + ASSERT_EQ(result, SECSuccess); + ASSERT_EQ(current_num_active_cs, initial_cs_order.size()); + for (unsigned int i = 0; i < initial_cs_order.size(); i++) { + ASSERT_EQ(initial_cs_order[i], current_cs_order[i]); + } +} +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc index 194cbab47..7739fe76f 100644 --- a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc @@ -56,6 +56,9 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { std::vector<SSLNamedGroup> groups = {group_}; + if (cert_group_ != ssl_grp_none) { + groups.push_back(cert_group_); + } client_->ConfigNamedGroups(groups); server_->ConfigNamedGroups(groups); kea_type_ = SSLInt_GetKEAType(group_); @@ -68,41 +71,48 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { virtual void SetupCertificate() { if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { switch (sig_scheme_) { - case ssl_sig_rsa_pkcs1_sha256: - case ssl_sig_rsa_pkcs1_sha384: - case ssl_sig_rsa_pkcs1_sha512: + case ssl_sig_rsa_pss_rsae_sha256: + std::cerr << "Signature scheme: rsa_pss_rsae_sha256" << std::endl; Reset(TlsAgent::kServerRsaSign); auth_type_ = ssl_auth_rsa_sign; break; - case ssl_sig_rsa_pss_rsae_sha256: case ssl_sig_rsa_pss_rsae_sha384: + std::cerr << "Signature scheme: rsa_pss_rsae_sha384" << std::endl; Reset(TlsAgent::kServerRsaSign); auth_type_ = ssl_auth_rsa_sign; break; case ssl_sig_rsa_pss_rsae_sha512: // You can't fit SHA-512 PSS in a 1024-bit key. + std::cerr << "Signature scheme: rsa_pss_rsae_sha512" << std::endl; Reset(TlsAgent::kRsa2048); auth_type_ = ssl_auth_rsa_sign; break; case ssl_sig_rsa_pss_pss_sha256: + std::cerr << "Signature scheme: rsa_pss_pss_sha256" << std::endl; Reset(TlsAgent::kServerRsaPss); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_rsa_pss_pss_sha384: + std::cerr << "Signature scheme: rsa_pss_pss_sha384" << std::endl; Reset("rsa_pss384"); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_rsa_pss_pss_sha512: + std::cerr << "Signature scheme: rsa_pss_pss_sha512" << std::endl; Reset("rsa_pss512"); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_ecdsa_secp256r1_sha256: + std::cerr << "Signature scheme: ecdsa_secp256r1_sha256" << std::endl; Reset(TlsAgent::kServerEcdsa256); auth_type_ = ssl_auth_ecdsa; + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_sig_ecdsa_secp384r1_sha384: + std::cerr << "Signature scheme: ecdsa_secp384r1_sha384" << std::endl; Reset(TlsAgent::kServerEcdsa384); auth_type_ = ssl_auth_ecdsa; + cert_group_ = ssl_grp_ec_secp384r1; break; default: ADD_FAILURE() << "Unsupported signature scheme: " << sig_scheme_; @@ -118,9 +128,11 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { break; case ssl_auth_ecdsa: Reset(TlsAgent::kServerEcdsa256); + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_auth_ecdh_ecdsa: Reset(TlsAgent::kServerEcdhEcdsa); + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_auth_ecdh_rsa: Reset(TlsAgent::kServerEcdhRsa); @@ -198,6 +210,7 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { SSLAuthType auth_type_; SSLKEAType kea_type_; SSLNamedGroup group_; + SSLNamedGroup cert_group_ = ssl_grp_none; SSLSignatureScheme sig_scheme_; SSLCipherSuiteInfo csinfo_; }; @@ -330,6 +343,12 @@ static SSLSignatureScheme kSignatureSchemesParamsArr[] = { ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512}; +static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = { + ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384, + ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384, + ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256, + ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512}; + INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams, kDummySignatureSchemesParams, TLS_RSA_WITH_RC4_128_SHA, @@ -394,7 +413,7 @@ INSTANTIATE_CIPHER_TEST_P( #ifndef NSS_DISABLE_TLS_1_3 INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13, ::testing::ValuesIn(kFasterDHEGroups), - ::testing::ValuesIn(kSignatureSchemesParamsArr), + ::testing::ValuesIn(kSignatureSchemesParamsArrTls13), TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384); INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13, diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc index 0723c9bee..9cbe9566f 100644 --- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc @@ -62,7 +62,6 @@ TEST_P(TlsConnectGenericPre13, DamageServerSignature) { EnsureTlsSetup(); auto filter = MakeTlsFilter<TlsLastByteDamager>( server_, kTlsHandshakeServerKeyExchange); - filter->EnableDecryption(); ExpectAlert(client_, kTlsAlertDecryptError); ConnectExpectFail(); client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE); @@ -84,7 +83,9 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) { server_->RequestClientAuth(true); auto filter = MakeTlsFilter<TlsLastByteDamager>( client_, kTlsHandshakeCertificateVerify); - filter->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + filter->EnableDecryption(); + } server_->ExpectSendAlert(kTlsAlertDecryptError); // Do these handshakes by hand to avoid race condition on // the client processing the server's alert. diff --git a/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc new file mode 100644 index 000000000..59ec3d393 --- /dev/null +++ b/security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc @@ -0,0 +1,53 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <cstdlib> +#include <fstream> +#include <sstream> + +#include "gtest_utils.h" +#include "tls_connect.h" + +namespace nss_test { + +extern "C" { +extern FILE* ssl_trace_iob; + +#ifdef NSS_ALLOW_SSLKEYLOGFILE +extern FILE* ssl_keylog_iob; +#endif +} + +// These tests ensure that when the associated environment variables are unset +// that the lazily-initialized defaults are what they are supposed to be. + +#ifdef DEBUG +TEST_P(TlsConnectGeneric, DebugEnvTraceFileNotSet) { + char* ev = PR_GetEnvSecure("SSLDEBUGFILE"); + if (ev && ev[0]) { + // note: should use GTEST_SKIP when GTest gets updated to support it + return; + } + + Connect(); + EXPECT_EQ(stderr, ssl_trace_iob); +} +#endif + +#ifdef NSS_ALLOW_SSLKEYLOGFILE +TEST_P(TlsConnectGeneric, DebugEnvKeylogFileNotSet) { + char* ev = PR_GetEnvSecure("SSLKEYLOGFILE"); + if (ev && ev[0]) { + // note: should use GTEST_SKIP when GTest gets updated to support it + return; + } + + Connect(); + EXPECT_EQ(nullptr, ssl_keylog_iob); +} +#endif + +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc index f1ccc2864..0fe88ea88 100644 --- a/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc @@ -682,4 +682,100 @@ TEST_P(TlsConnectTls12, ConnectInconsistentSigAlgDHE) { ConnectExpectAlert(client_, kTlsAlertIllegalParameter); } +static void CheckSkeSigScheme( + std::shared_ptr<TlsHandshakeRecorder>& capture_ske, + uint16_t expected_scheme) { + TlsParser parser(capture_ske->buffer()); + EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_p"; + EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_q"; + EXPECT_TRUE(parser.SkipVariable(2)) << " read dh_Ys"; + + uint32_t tmp; + EXPECT_TRUE(parser.Read(&tmp, 2)) << " read sig_scheme"; + EXPECT_EQ(expected_scheme, static_cast<uint16_t>(tmp)); +} + +TEST_P(TlsConnectTls12, ConnectSigAlgEnabledByPolicyDhe) { + EnableOnlyDheCiphers(); + + const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1, + ssl_sig_rsa_pkcs1_sha384}; + + EnsureTlsSetup(); + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + server_->SetSignatureSchemes(schemes.data(), schemes.size()); + auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>( + server_, kTlsHandshakeServerKeyExchange); + + StartConnect(); + client_->Handshake(); // Send ClientHello + + // Enable SHA-1 by policy. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SSL_KX, 0); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Handshake(); // Remainder of handshake + // The server should now report that it is connected + EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); + + CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha1); +} + +TEST_P(TlsConnectTls12, ConnectSigAlgDisabledByPolicyDhe) { + EnableOnlyDheCiphers(); + + const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1, + ssl_sig_rsa_pkcs1_sha384}; + + EnsureTlsSetup(); + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + server_->SetSignatureSchemes(schemes.data(), schemes.size()); + auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>( + server_, kTlsHandshakeServerKeyExchange); + + StartConnect(); + client_->Handshake(); // Send ClientHello + + // Disable SHA-1 by policy after sending ClientHello so that CH + // includes SHA-1 signature scheme. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Handshake(); // Remainder of handshake + // The server should now report that it is connected + EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); + + CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha384); +} + +TEST_P(TlsConnectPre12, ConnectSigAlgDisabledByPolicyDhePre12) { + EnableOnlyDheCiphers(); + + EnsureTlsSetup(); + StartConnect(); + client_->Handshake(); // Send ClientHello + + // Disable SHA-1 by policy. This will cause the connection fail as + // TLS 1.1 or earlier uses combined SHA-1 + MD5 signature. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + server_->ExpectSendAlert(kTlsAlertHandshakeFailure); + client_->ExpectReceiveAlert(kTlsAlertHandshakeFailure); + + // Remainder of handshake + Handshake(); + + server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); +} + } // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc index f25efc77a..b441b5c10 100644 --- a/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc @@ -66,6 +66,38 @@ TEST_P(TlsConnectDatagramPre13, DropServerSecondFlightThrice) { Connect(); } +static void CheckAcks(const std::shared_ptr<TlsRecordRecorder>& acks, + size_t index, std::vector<uint64_t> expected) { + ASSERT_LT(index, acks->count()); + const DataBuffer& buf = acks->record(index).buffer; + size_t offset = 2; + uint64_t len; + + EXPECT_EQ(2 + expected.size() * 8, buf.len()); + ASSERT_TRUE(buf.Read(0, 2, &len)); + ASSERT_EQ(static_cast<size_t>(len + 2), buf.len()); + if ((2 + expected.size() * 8) != buf.len()) { + while (offset < buf.len()) { + uint64_t ack; + ASSERT_TRUE(buf.Read(offset, 8, &ack)); + offset += 8; + std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl; + } + return; + } + + for (size_t i = 0; i < expected.size(); ++i) { + uint64_t a = expected[i]; + uint64_t ack; + ASSERT_TRUE(buf.Read(offset, 8, &ack)); + offset += 8; + if (a != ack) { + ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a + << " got=0x" << ack << std::dec; + } + } +} + class TlsDropDatagram13 : public TlsConnectDatagram13, public ::testing::WithParamInterface<bool> { public: @@ -139,37 +171,6 @@ class TlsDropDatagram13 : public TlsConnectDatagram13, std::shared_ptr<PacketFilter> chain_; }; - void CheckAcks(const DropAckChain& chain, size_t index, - std::vector<uint64_t> acks) { - const DataBuffer& buf = chain.ack_->record(index).buffer; - size_t offset = 2; - uint64_t len; - - EXPECT_EQ(2 + acks.size() * 8, buf.len()); - ASSERT_TRUE(buf.Read(0, 2, &len)); - ASSERT_EQ(static_cast<size_t>(len + 2), buf.len()); - if ((2 + acks.size() * 8) != buf.len()) { - while (offset < buf.len()) { - uint64_t ack; - ASSERT_TRUE(buf.Read(offset, 8, &ack)); - offset += 8; - std::cerr << "Ack=0x" << std::hex << ack << std::dec << std::endl; - } - return; - } - - for (size_t i = 0; i < acks.size(); ++i) { - uint64_t a = acks[i]; - uint64_t ack; - ASSERT_TRUE(buf.Read(offset, 8, &ack)); - offset += 8; - if (a != ack) { - ADD_FAILURE() << "Wrong ack " << i << " expected=0x" << std::hex << a - << " got=0x" << ack << std::dec; - } - } - } - void CheckedHandshakeSendReceive() { Handshake(); CheckPostHandshake(); @@ -199,7 +200,7 @@ TEST_P(TlsDropDatagram13, DropClientFirstFlightOnce) { client_->Handshake(); server_->Handshake(); CheckedHandshakeSendReceive(); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } TEST_P(TlsDropDatagram13, DropServerFirstFlightOnce) { @@ -210,7 +211,7 @@ TEST_P(TlsDropDatagram13, DropServerFirstFlightOnce) { server_->Handshake(); server_filters_.drop_->Disable(); CheckedHandshakeSendReceive(); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // Dropping the server's first record also does not produce @@ -223,7 +224,7 @@ TEST_P(TlsDropDatagram13, DropServerFirstRecordOnce) { server_->Handshake(); Handshake(); CheckedHandshakeSendReceive(); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // Dropping the second packet of the server's flight should @@ -236,8 +237,8 @@ TEST_P(TlsDropDatagram13, DropServerSecondRecordOnce) { HandshakeAndAck(client_); expected_client_acks_ = 1; CheckedHandshakeSendReceive(); - CheckAcks(client_filters_, 0, {0}); // ServerHello - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(client_filters_.ack_, 0, {0}); // ServerHello + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // Drop the server ACK and verify that the client retransmits @@ -265,8 +266,8 @@ TEST_P(TlsDropDatagram13, DropServerAckOnce) { EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); CheckPostHandshake(); // There should be two copies of the finished ACK - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); - CheckAcks(server_filters_, 1, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 1, {0x0002000000000000ULL}); } // Drop the client certificate verify. @@ -281,10 +282,10 @@ TEST_P(TlsDropDatagram13, DropClientCertVerify) { expected_server_acks_ = 2; CheckedHandshakeSendReceive(); // Ack of the Cert. - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); // Ack of the whole client handshake. CheckAcks( - server_filters_, 1, + server_filters_.ack_, 1, {0x0002000000000000ULL, // CH (we drop everything after this on client) 0x0002000000000003ULL, // CT (2) 0x0002000000000004ULL}); // FIN (2) @@ -310,11 +311,11 @@ TEST_P(TlsDropDatagram13, DropFirstHalfOfServerCertificate) { // as the previous CT1). EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len()); CheckedHandshakeSendReceive(); - CheckAcks(client_filters_, 0, + CheckAcks(client_filters_.ack_, 0, {0, // SH 0x0002000000000000ULL, // EE 0x0002000000000002ULL}); // CT2 - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // Shrink the MTU down so that certs get split and drop the second piece. @@ -336,13 +337,13 @@ TEST_P(TlsDropDatagram13, DropSecondHalfOfServerCertificate) { // Check that the first record is CT1 EXPECT_EQ(ct1_size, server_filters_.record(0).buffer.len()); CheckedHandshakeSendReceive(); - CheckAcks(client_filters_, 0, + CheckAcks(client_filters_.ack_, 0, { 0, // SH 0x0002000000000000ULL, // EE 0x0002000000000001ULL, // CT1 }); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // In this test, the Certificate message is sent four times, we drop all or part @@ -392,18 +393,18 @@ class TlsFragmentationAndRecoveryTest : public TlsDropDatagram13 { 0, // SH 0x0002000000000000ULL // EE }; - CheckAcks(client_filters_, 0, client_acks); + CheckAcks(client_filters_.ack_, 0, client_acks); // And from the second attempt for the half was kept (we delayed this ACK). client_acks.push_back(0x0002000000000000ULL + second_flight_count + ~dropped_half % 2); - CheckAcks(client_filters_, 1, client_acks); + CheckAcks(client_filters_.ack_, 1, client_acks); // And the third attempt where the first and last thirds got through. client_acks.push_back(0x0002000000000000ULL + second_flight_count + third_flight_count - 1); client_acks.push_back(0x0002000000000000ULL + second_flight_count + third_flight_count + 1); - CheckAcks(client_filters_, 2, client_acks); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(client_filters_.ack_, 2, client_acks); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } private: @@ -548,7 +549,7 @@ TEST_P(TlsDropDatagram13, NoDropsDuringZeroRtt) { CheckConnected(); SendReceive(); EXPECT_EQ(0U, client_filters_.ack_->count()); - CheckAcks(server_filters_, 0, + CheckAcks(server_filters_.ack_, 0, {0x0001000000000001ULL, // EOED 0x0002000000000000ULL}); // Finished } @@ -567,8 +568,8 @@ TEST_P(TlsDropDatagram13, DropEEDuringZeroRtt) { ExpectEarlyDataAccepted(true); CheckConnected(); SendReceive(); - CheckAcks(client_filters_, 0, {0}); - CheckAcks(server_filters_, 0, + CheckAcks(client_filters_.ack_, 0, {0}); + CheckAcks(server_filters_.ack_, 0, {0x0001000000000002ULL, // EOED 0x0002000000000000ULL}); // Finished } @@ -608,22 +609,22 @@ TEST_P(TlsDropDatagram13, ReorderServerEE) { expected_client_acks_ = 1; HandshakeAndAck(client_); CheckedHandshakeSendReceive(); - CheckAcks(client_filters_, 0, + CheckAcks(client_filters_.ack_, 0, { 0, // SH 0x0002000000000000, // EE }); - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } // The client sends an out of order non-handshake message // but with the handshake key. class TlsSendCipherSpecCapturer { public: - TlsSendCipherSpecCapturer(std::shared_ptr<TlsAgent>& agent) - : send_cipher_specs_() { - SSLInt_SetCipherSpecChangeFunc(agent->ssl_fd(), CipherSpecChanged, - (void*)this); + TlsSendCipherSpecCapturer(const std::shared_ptr<TlsAgent>& agent) + : agent_(agent), send_cipher_specs_() { + EXPECT_EQ(SECSuccess, + SSL_SecretCallback(agent_->ssl_fd(), SecretCallback, this)); } std::shared_ptr<TlsCipherSpec> spec(size_t i) { @@ -634,28 +635,42 @@ class TlsSendCipherSpecCapturer { } private: - static void CipherSpecChanged(void* arg, PRBool sending, - ssl3CipherSpec* newSpec) { - if (!sending) { + static void SecretCallback(PRFileDesc* fd, PRUint16 epoch, + SSLSecretDirection dir, PK11SymKey* secret, + void* arg) { + auto self = static_cast<TlsSendCipherSpecCapturer*>(arg); + std::cerr << self->agent_->role_str() << ": capture " << dir + << " secret for epoch " << epoch << std::endl; + + if (dir == ssl_secret_read) { return; } - auto self = static_cast<TlsSendCipherSpecCapturer*>(arg); - - auto spec = std::make_shared<TlsCipherSpec>(); - bool ret = spec->Init(SSLInt_CipherSpecToEpoch(newSpec), - SSLInt_CipherSpecToAlgorithm(newSpec), - SSLInt_CipherSpecToKey(newSpec), - SSLInt_CipherSpecToIv(newSpec)); - EXPECT_EQ(true, ret); + SSLPreliminaryChannelInfo preinfo; + EXPECT_EQ(SECSuccess, + SSL_GetPreliminaryChannelInfo(self->agent_->ssl_fd(), &preinfo, + sizeof(preinfo))); + EXPECT_EQ(sizeof(preinfo), preinfo.length); + EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite); + + SSLCipherSuiteInfo cipherinfo; + EXPECT_EQ(SECSuccess, + SSL_GetCipherSuiteInfo(preinfo.cipherSuite, &cipherinfo, + sizeof(cipherinfo))); + EXPECT_EQ(sizeof(cipherinfo), cipherinfo.length); + + auto spec = std::make_shared<TlsCipherSpec>(true, epoch); + EXPECT_TRUE(spec->SetKeys(&cipherinfo, secret)); self->send_cipher_specs_.push_back(spec); } + std::shared_ptr<TlsAgent> agent_; std::vector<std::shared_ptr<TlsCipherSpec>> send_cipher_specs_; }; -TEST_P(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) { +TEST_F(TlsConnectDatagram13, SendOutOfOrderAppWithHandshakeKey) { StartConnect(); + // Capturing secrets means that we can't use decrypting filters on the client. TlsSendCipherSpecCapturer capturer(client_); client_->Handshake(); server_->Handshake(); @@ -680,9 +695,12 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderAppWithHandshakeKey) { EXPECT_EQ(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, PORT_GetError()); } -TEST_P(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) { +TEST_F(TlsConnectDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) { StartConnect(); TlsSendCipherSpecCapturer capturer(client_); + auto acks = MakeTlsFilter<TlsRecordRecorder>(server_, ssl_ct_ack); + acks->EnableDecryption(); + client_->Handshake(); server_->Handshake(); client_->Handshake(); @@ -699,10 +717,10 @@ TEST_P(TlsDropDatagram13, SendOutOfOrderHsNonsenseWithHandshakeKey) { ssl_ct_handshake, DataBuffer(buf, sizeof(buf)))); server_->Handshake(); - EXPECT_EQ(2UL, server_filters_.ack_->count()); + EXPECT_EQ(2UL, acks->count()); // The server acknowledges client Finished twice. - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); - CheckAcks(server_filters_, 1, {0x0002000000000000ULL}); + CheckAcks(acks, 0, {0x0002000000000000ULL}); + CheckAcks(acks, 1, {0x0002000000000000ULL}); } // Shrink the MTU down so that certs get split and then swap the first and @@ -726,7 +744,7 @@ TEST_P(TlsReorderDatagram13, ReorderServerCertificate) { ShiftDtlsTimers(); CheckedHandshakeSendReceive(); EXPECT_EQ(2UL, server_filters_.records_->count()); // ACK + Data - CheckAcks(server_filters_, 0, {0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, {0x0002000000000000ULL}); } TEST_P(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) { @@ -761,7 +779,8 @@ TEST_P(TlsReorderDatagram13, DataAfterEOEDDuringZeroRtt) { CheckConnected(); EXPECT_EQ(0U, client_filters_.ack_->count()); // Acknowledgements for EOED and Finished. - CheckAcks(server_filters_, 0, {0x0001000000000002ULL, 0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, + {0x0001000000000002ULL, 0x0002000000000000ULL}); uint8_t buf[8]; rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf)); EXPECT_EQ(-1, rv); @@ -800,7 +819,8 @@ TEST_P(TlsReorderDatagram13, DataAfterFinDuringZeroRtt) { CheckConnected(); EXPECT_EQ(0U, client_filters_.ack_->count()); // Acknowledgements for EOED and Finished. - CheckAcks(server_filters_, 0, {0x0001000000000002ULL, 0x0002000000000000ULL}); + CheckAcks(server_filters_.ack_, 0, + {0x0001000000000002ULL, 0x0002000000000000ULL}); uint8_t buf[8]; rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf)); EXPECT_EQ(-1, rv); diff --git a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc index f1cf1fabc..e62e002f3 100644 --- a/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc @@ -666,6 +666,80 @@ TEST_P(TlsConnectTls12, ConnectIncorrectSigAlg) { client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); } +static void CheckSkeSigScheme( + std::shared_ptr<TlsHandshakeRecorder> &capture_ske, + uint16_t expected_scheme) { + TlsParser parser(capture_ske->buffer()); + uint32_t tmp = 0; + EXPECT_TRUE(parser.Read(&tmp, 1)) << " read curve_type"; + EXPECT_EQ(3U, tmp) << "curve type has to be 3"; + EXPECT_TRUE(parser.Skip(2)) << " read namedcurve"; + EXPECT_TRUE(parser.SkipVariable(1)) << " read public"; + + EXPECT_TRUE(parser.Read(&tmp, 2)) << " read sig_scheme"; + EXPECT_EQ(expected_scheme, static_cast<uint16_t>(tmp)); +} + +TEST_P(TlsConnectTls12, ConnectSigAlgEnabledByPolicy) { + EnsureTlsSetup(); + client_->DisableAllCiphers(); + client_->EnableCiphersByKeyExchange(ssl_kea_ecdh); + + const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1, + ssl_sig_rsa_pkcs1_sha384}; + + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + server_->SetSignatureSchemes(schemes.data(), schemes.size()); + auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>( + server_, kTlsHandshakeServerKeyExchange); + + StartConnect(); + client_->Handshake(); // Send ClientHello + + // Enable SHA-1 by policy. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, NSS_USE_ALG_IN_SSL_KX, 0); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Handshake(); // Remainder of handshake + // The server should now report that it is connected + EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); + + CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha1); +} + +TEST_P(TlsConnectTls12, ConnectSigAlgDisabledByPolicy) { + EnsureTlsSetup(); + client_->DisableAllCiphers(); + client_->EnableCiphersByKeyExchange(ssl_kea_ecdh); + + const std::vector<SSLSignatureScheme> schemes = {ssl_sig_rsa_pkcs1_sha1, + ssl_sig_rsa_pkcs1_sha384}; + + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + server_->SetSignatureSchemes(schemes.data(), schemes.size()); + auto capture_ske = MakeTlsFilter<TlsHandshakeRecorder>( + server_, kTlsHandshakeServerKeyExchange); + + StartConnect(); + client_->Handshake(); // Send ClientHello + + // Disable SHA-1 by policy. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_SHA1, 0, NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Handshake(); // Remainder of handshake + // The server should now report that it is connected + EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); + + CheckSkeSigScheme(capture_ske, ssl_sig_rsa_pkcs1_sha384); +} + INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV11Plus)); diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc index 5819af746..d7f350c8c 100644 --- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc @@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) { } TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) { - // 31 unknown signature algorithms followed by sha-256, rsa + // 31 unknown signature algorithms followed by sha-256, rsa-pss const uint8_t val[] = { 0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01}; + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04}; DataBuffer extension(val, sizeof(val)); MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn, extension); @@ -482,6 +482,73 @@ TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) { client_, ssl_elliptic_curves_xtn, extension)); } +TEST_P(TlsExtensionTest12, SupportedCurvesDisableX25519) { + // Disable session resumption. + ConfigureSessionCache(RESUME_NONE, RESUME_NONE); + + // Ensure that we can enable its use in the key exchange. + SECStatus rv = + NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, NSS_USE_ALG_IN_SSL_KX, 0); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + auto capture1 = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_elliptic_curves_xtn); + Connect(); + + EXPECT_TRUE(capture1->captured()); + const DataBuffer& ext1 = capture1->extension(); + + uint32_t count; + ASSERT_TRUE(ext1.Read(0, 2, &count)); + + // Whether or not we've seen x25519 offered in this handshake. + bool seen1_x25519 = false; + for (size_t offset = 2; offset <= count; offset++) { + uint32_t val; + ASSERT_TRUE(ext1.Read(offset, 2, &val)); + if (val == ssl_grp_ec_curve25519) { + seen1_x25519 = true; + break; + } + } + ASSERT_TRUE(seen1_x25519); + + // Ensure that we can disable its use in the key exchange. + rv = NSS_SetAlgorithmPolicy(SEC_OID_CURVE25519, 0, NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + // Clean up after the last run. + Reset(); + auto capture2 = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_elliptic_curves_xtn); + Connect(); + + EXPECT_TRUE(capture2->captured()); + const DataBuffer& ext2 = capture2->extension(); + + ASSERT_TRUE(ext2.Read(0, 2, &count)); + + // Whether or not we've seen x25519 offered in this handshake. + bool seen2_x25519 = false; + for (size_t offset = 2; offset <= count; offset++) { + uint32_t val; + ASSERT_TRUE(ext2.Read(offset, 2, &val)); + + if (val == ssl_grp_ec_curve25519) { + seen2_x25519 = true; + break; + } + } + + ASSERT_FALSE(seen2_x25519); +} + TEST_P(TlsExtensionTestPre13, SupportedPointsEmpty) { const uint8_t val[] = {0x00}; DataBuffer extension(val, sizeof(val)); @@ -547,6 +614,56 @@ TEST_P(TlsExtensionTest12, SignatureAlgorithmConfiguration) { } } +// This only works on TLS 1.2, since it relies on DSA. +TEST_P(TlsExtensionTest12, SignatureAlgorithmDisableDSA) { + const std::vector<SSLSignatureScheme> schemes = { + ssl_sig_dsa_sha1, ssl_sig_dsa_sha256, ssl_sig_dsa_sha384, + ssl_sig_dsa_sha512, ssl_sig_rsa_pss_rsae_sha256}; + + // Connect with DSA enabled by policy. + SECStatus rv = NSS_SetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, + NSS_USE_ALG_IN_SSL_KX, 0); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Reset(TlsAgent::kServerDsa); + auto capture1 = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn); + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + Connect(); + + // Check if all the signature algorithms are advertised. + EXPECT_TRUE(capture1->captured()); + const DataBuffer& ext1 = capture1->extension(); + EXPECT_EQ(2U + 2U * schemes.size(), ext1.len()); + + // Connect with DSA disabled by policy. + rv = NSS_SetAlgorithmPolicy(SEC_OID_ANSIX9_DSA_SIGNATURE, 0, + NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, + 0); + ASSERT_EQ(SECSuccess, rv); + + Reset(TlsAgent::kServerDsa); + auto capture2 = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_signature_algorithms_xtn); + client_->SetSignatureSchemes(schemes.data(), schemes.size()); + ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); + server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); + client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); + + // Check if no DSA algorithms are advertised. + EXPECT_TRUE(capture2->captured()); + const DataBuffer& ext2 = capture2->extension(); + EXPECT_EQ(2U + 2U, ext2.len()); + uint32_t v = 0; + EXPECT_TRUE(ext2.Read(2, 2, &v)); + EXPECT_EQ(ssl_sig_rsa_pss_rsae_sha256, v); +} + // Temporary test to verify that we choke on an empty ClientKeyShare. // This test will fail when we implement HelloRetryRequest. TEST_P(TlsExtensionTest13, EmptyClientKeyShare) { @@ -1121,6 +1238,10 @@ INSTANTIATE_TEST_CASE_P( INSTANTIATE_TEST_CASE_P(ExtensionDatagramOnly, TlsExtensionTestDtls, TlsConnectTestBase::kTlsV11Plus); +INSTANTIATE_TEST_CASE_P(ExtensionTls12, TlsExtensionTest12, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, + TlsConnectTestBase::kTlsV12)); + INSTANTIATE_TEST_CASE_P(ExtensionTls12Plus, TlsExtensionTest12Plus, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus)); diff --git a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc index f033b7843..b222f15cb 100644 --- a/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc @@ -22,7 +22,7 @@ namespace nss_test { const uint8_t kShortEmptyFinished[8] = {0}; const uint8_t kLongEmptyFinished[128] = {0}; -class TlsFuzzTest : public ::testing::Test {}; +class TlsFuzzTest : public TlsConnectGeneric {}; // Record the application data stream. class TlsApplicationDataRecorder : public TlsRecordFilter { @@ -46,16 +46,9 @@ class TlsApplicationDataRecorder : public TlsRecordFilter { DataBuffer buffer_; }; -// Ensure that ssl_Time() returns a constant value. -FUZZ_F(TlsFuzzTest, SSL_Time_Constant) { - PRUint32 now = ssl_TimeSec(); - PR_Sleep(PR_SecondsToInterval(2)); - EXPECT_EQ(ssl_TimeSec(), now); -} - // Check that due to the deterministic PRNG we derive // the same master secret in two consecutive TLS sessions. -FUZZ_P(TlsConnectGeneric, DeterministicExporter) { +FUZZ_P(TlsFuzzTest, DeterministicExporter) { const char kLabel[] = "label"; std::vector<unsigned char> out1(32), out2(32); @@ -95,7 +88,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicExporter) { // Check that due to the deterministic RNG two consecutive // TLS sessions will have the exact same transcript. -FUZZ_P(TlsConnectGeneric, DeterministicTranscript) { +FUZZ_P(TlsFuzzTest, DeterministicTranscript) { // Make sure we have RSA blinding params. Connect(); @@ -130,9 +123,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicTranscript) { // with all supported TLS versions, STREAM and DGRAM. // Check that records are NOT encrypted. // Check that records don't have a MAC. -FUZZ_P(TlsConnectGeneric, ConnectSendReceive_NullCipher) { - EnsureTlsSetup(); - +FUZZ_P(TlsFuzzTest, ConnectSendReceive_NullCipher) { // Set up app data filters. auto client_recorder = MakeTlsFilter<TlsApplicationDataRecorder>(client_); auto server_recorder = MakeTlsFilter<TlsApplicationDataRecorder>(server_); @@ -157,7 +148,7 @@ FUZZ_P(TlsConnectGeneric, ConnectSendReceive_NullCipher) { } // Check that an invalid Finished message doesn't abort the connection. -FUZZ_P(TlsConnectGeneric, BogusClientFinished) { +FUZZ_P(TlsFuzzTest, BogusClientFinished) { EnsureTlsSetup(); MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>( @@ -168,7 +159,7 @@ FUZZ_P(TlsConnectGeneric, BogusClientFinished) { } // Check that an invalid Finished message doesn't abort the connection. -FUZZ_P(TlsConnectGeneric, BogusServerFinished) { +FUZZ_P(TlsFuzzTest, BogusServerFinished) { EnsureTlsSetup(); MakeTlsFilter<TlsInspectorReplaceHandshakeMessage>( @@ -179,7 +170,7 @@ FUZZ_P(TlsConnectGeneric, BogusServerFinished) { } // Check that an invalid server auth signature doesn't abort the connection. -FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) { +FUZZ_P(TlsFuzzTest, BogusServerAuthSignature) { EnsureTlsSetup(); uint8_t msg_type = version_ == SSL_LIBRARY_VERSION_TLS_1_3 ? kTlsHandshakeCertificateVerify @@ -190,7 +181,7 @@ FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) { } // Check that an invalid client auth signature doesn't abort the connection. -FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) { +FUZZ_P(TlsFuzzTest, BogusClientAuthSignature) { EnsureTlsSetup(); client_->SetupClientAuth(); server_->RequestClientAuth(true); @@ -199,7 +190,7 @@ FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) { } // Check that session ticket resumption works. -FUZZ_P(TlsConnectGeneric, SessionTicketResumption) { +FUZZ_P(TlsFuzzTest, SessionTicketResumption) { ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); Connect(); SendReceive(); @@ -212,7 +203,7 @@ FUZZ_P(TlsConnectGeneric, SessionTicketResumption) { } // Check that session tickets are not encrypted. -FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) { +FUZZ_P(TlsFuzzTest, UnencryptedSessionTickets) { ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET); auto filter = MakeTlsFilter<TlsHandshakeRecorder>( @@ -220,23 +211,45 @@ FUZZ_P(TlsConnectGeneric, UnencryptedSessionTickets) { Connect(); std::cerr << "ticket" << filter->buffer() << std::endl; - size_t offset = 4; /* lifetime */ + size_t offset = 4; // Skip lifetime. + if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) { - offset += 4; /* ticket_age_add */ + offset += 4; // Skip ticket_age_add. uint32_t nonce_len = 0; EXPECT_TRUE(filter->buffer().Read(offset, 1, &nonce_len)); offset += 1 + nonce_len; } - offset += 2 + /* ticket length */ - 2; /* TLS_EX_SESS_TICKET_VERSION */ + + offset += 2; // Skip the ticket length. + + // This bit parses the contents of the ticket, which would ordinarily be + // encrypted. Start by checking that we have the right version. This needs + // to be updated every time that TLS_EX_SESS_TICKET_VERSION is changed. But + // we don't use the #define. That way, any time that code is updated, this + // test will fail unless it is manually checked. + uint32_t ticket_version; + EXPECT_TRUE(filter->buffer().Read(offset, 2, &ticket_version)); + EXPECT_EQ(0x010aU, ticket_version); + offset += 2; + // Check the protocol version number. uint32_t tls_version = 0; EXPECT_TRUE(filter->buffer().Read(offset, sizeof(version_), &tls_version)); EXPECT_EQ(version_, static_cast<decltype(version_)>(tls_version)); + offset += sizeof(version_); // Check the cipher suite. uint32_t suite = 0; - EXPECT_TRUE(filter->buffer().Read(offset + sizeof(version_), 2, &suite)); + EXPECT_TRUE(filter->buffer().Read(offset, 2, &suite)); client_->CheckCipherSuite(static_cast<uint16_t>(suite)); } -} + +INSTANTIATE_TEST_CASE_P( + FuzzStream, TlsFuzzTest, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, + TlsConnectTestBase::kTlsVAll)); +INSTANTIATE_TEST_CASE_P( + FuzzDatagram, TlsFuzzTest, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram, + TlsConnectTestBase::kTlsV11Plus)); +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp index be1c4ea32..6cff0fc9d 100644 --- a/security/nss/gtests/ssl_gtest/ssl_gtest.gyp +++ b/security/nss/gtests/ssl_gtest/ssl_gtest.gyp @@ -18,9 +18,11 @@ 'ssl_agent_unittest.cc', 'ssl_auth_unittest.cc', 'ssl_cert_ext_unittest.cc', + 'ssl_cipherorder_unittest.cc', 'ssl_ciphersuite_unittest.cc', 'ssl_custext_unittest.cc', 'ssl_damage_unittest.cc', + 'ssl_debug_env_unittest.cc', 'ssl_dhe_unittest.cc', 'ssl_drop_unittest.cc', 'ssl_ecdh_unittest.cc', @@ -32,11 +34,12 @@ 'ssl_gather_unittest.cc', 'ssl_gtest.cc', 'ssl_hrr_unittest.cc', - 'ssl_keylog_unittest.cc', 'ssl_keyupdate_unittest.cc', 'ssl_loopback_unittest.cc', 'ssl_misc_unittest.cc', + 'ssl_primitive_unittest.cc', 'ssl_record_unittest.cc', + 'ssl_recordsep_unittest.cc', 'ssl_recordsize_unittest.cc', 'ssl_resumption_unittest.cc', 'ssl_renegotiation_unittest.cc', @@ -52,7 +55,8 @@ 'tls_filter.cc', 'tls_hkdf_unittest.cc', 'tls_esni_unittest.cc', - 'tls_protect.cc' + 'tls_protect.cc', + 'tls_subcerts_unittest.cc' ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', @@ -74,7 +78,7 @@ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], 'conditions': [ - [ 'test_build==1', { + [ 'static_libs==1', { 'dependencies': [ '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', ], @@ -91,6 +95,14 @@ '<(DEPTH)/lib/dbm/src/src.gyp:dbm', ], }], + [ 'enable_sslkeylogfile==1 and sanitizer_flags==0', { + 'sources': [ + 'ssl_keylog_unittest.cc', + ], + 'defines': [ + 'NSS_ALLOW_SSLKEYLOGFILE', + ], + }], ], } ], diff --git a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc index 322b64837..4713e52a2 100644 --- a/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc @@ -4,8 +4,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#ifdef NSS_ALLOW_SSLKEYLOGFILE - #include <cstdlib> #include <fstream> #include <sstream> @@ -15,20 +13,59 @@ namespace nss_test { -static const std::string keylog_file_path = "keylog.txt"; -static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path; +static const std::string kKeylogFilePath = "keylog.txt"; +static const std::string kKeylogBlankEnv = "SSLKEYLOGFILE="; +static const std::string kKeylogSetEnv = kKeylogBlankEnv + kKeylogFilePath; + +extern "C" { +extern FILE* ssl_keylog_iob; +} + +class KeyLogFileTestBase : public TlsConnectGeneric { + private: + std::string env_to_set_; -class KeyLogFileTest : public TlsConnectGeneric { public: + virtual void CheckKeyLog() = 0; + + KeyLogFileTestBase(std::string env) : env_to_set_(env) {} + void SetUp() override { TlsConnectGeneric::SetUp(); // Remove previous results (if any). - (void)remove(keylog_file_path.c_str()); - PR_SetEnv(keylog_env.c_str()); + (void)remove(kKeylogFilePath.c_str()); + PR_SetEnv(env_to_set_.c_str()); } - void CheckKeyLog() { - std::ifstream f(keylog_file_path); + void ConnectAndCheck() { + // This is a child process, ensure that error messages immediately + // propagate or else it will not be visible. + ::testing::GTEST_FLAG(throw_on_failure) = true; + + if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) { + SetupForZeroRtt(); + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + ZeroRttSendReceive(true, true); + Handshake(); + ExpectEarlyDataAccepted(true); + CheckConnected(); + SendReceive(); + } else { + Connect(); + } + CheckKeyLog(); + _exit(0); + } +}; + +class KeyLogFileTest : public KeyLogFileTestBase { + public: + KeyLogFileTest() : KeyLogFileTestBase(kKeylogSetEnv) {} + + void CheckKeyLog() override { + std::ifstream f(kKeylogFilePath); std::map<std::string, size_t> labels; std::set<std::string> client_randoms; for (std::string line; std::getline(f, line);) { @@ -65,28 +102,6 @@ class KeyLogFileTest : public TlsConnectGeneric { ASSERT_EQ(4U, labels["EXPORTER_SECRET"]); } } - - void ConnectAndCheck() { - // This is a child process, ensure that error messages immediately - // propagate or else it will not be visible. - ::testing::GTEST_FLAG(throw_on_failure) = true; - - if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) { - SetupForZeroRtt(); - client_->Set0RttEnabled(true); - server_->Set0RttEnabled(true); - ExpectResumption(RESUME_TICKET); - ZeroRttSendReceive(true, true); - Handshake(); - ExpectEarlyDataAccepted(true); - CheckConnected(); - SendReceive(); - } else { - Connect(); - } - CheckKeyLog(); - _exit(0); - } }; // Tests are run in a separate process to ensure that NSS is not initialized yet @@ -113,6 +128,37 @@ INSTANTIATE_TEST_CASE_P( TlsConnectTestBase::kTlsV13)); #endif -} // namespace nss_test +class KeyLogFileUnsetTest : public KeyLogFileTestBase { + public: + KeyLogFileUnsetTest() : KeyLogFileTestBase(kKeylogBlankEnv) {} + + void CheckKeyLog() override { + std::ifstream f(kKeylogFilePath); + EXPECT_FALSE(f.good()); + + EXPECT_EQ(nullptr, ssl_keylog_iob); + } +}; + +TEST_P(KeyLogFileUnsetTest, KeyLogFile) { + testing::GTEST_FLAG(death_test_style) = "threadsafe"; + + ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), ""); +} -#endif // NSS_ALLOW_SSLKEYLOGFILE +INSTANTIATE_TEST_CASE_P( + KeyLogFileDTLS12, KeyLogFileUnsetTest, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram, + TlsConnectTestBase::kTlsV11V12)); +INSTANTIATE_TEST_CASE_P( + KeyLogFileTLS12, KeyLogFileUnsetTest, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, + TlsConnectTestBase::kTlsV10ToV12)); +#ifndef NSS_DISABLE_TLS_1_3 +INSTANTIATE_TEST_CASE_P( + KeyLogFileTLS13, KeyLogFileUnsetTest, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, + TlsConnectTestBase::kTlsV13)); +#endif + +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc index d6ac99a58..b921d2c1e 100644 --- a/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_keyupdate_unittest.cc @@ -33,6 +33,37 @@ TEST_F(TlsConnectTest, KeyUpdateClient) { CheckEpochs(4, 3); } +TEST_F(TlsConnectStreamTls13, KeyUpdateTooEarly_Client) { + StartConnect(); + auto filter = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>( + server_, kTlsHandshakeFinished, kTlsHandshakeKeyUpdate); + filter->EnableDecryption(); + + client_->Handshake(); + server_->Handshake(); + ExpectAlert(client_, kTlsAlertUnexpectedMessage); + client_->Handshake(); + client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE); + server_->Handshake(); + server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); +} + +TEST_F(TlsConnectStreamTls13, KeyUpdateTooEarly_Server) { + StartConnect(); + auto filter = MakeTlsFilter<TlsEncryptedHandshakeMessageReplacer>( + client_, kTlsHandshakeFinished, kTlsHandshakeKeyUpdate); + filter->EnableDecryption(); + + client_->Handshake(); + server_->Handshake(); + client_->Handshake(); + ExpectAlert(server_, kTlsAlertUnexpectedMessage); + server_->Handshake(); + server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_KEY_UPDATE); + client_->Handshake(); + client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); +} + TEST_F(TlsConnectTest, KeyUpdateClientRequestUpdate) { ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); Connect(); diff --git a/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc new file mode 100644 index 000000000..66ecdeb12 --- /dev/null +++ b/security/nss/gtests/ssl_gtest/ssl_primitive_unittest.cc @@ -0,0 +1,218 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <memory> + +#include "keyhi.h" +#include "pk11pub.h" +#include "secerr.h" +#include "ssl.h" +#include "sslerr.h" +#include "sslexp.h" +#include "sslproto.h" + +#include "gtest_utils.h" +#include "nss_scoped_ptrs.h" +#include "scoped_ptrs_ssl.h" +#include "tls_connect.h" + +namespace nss_test { + +// From tls_hkdf_unittest.cc: +extern size_t GetHashLength(SSLHashType ht); + +class AeadTest : public ::testing::Test { + public: + AeadTest() : slot_(PK11_GetInternalSlot()) {} + + void InitSecret(SSLHashType hash_type) { + static const uint8_t kData[64] = {'s', 'e', 'c', 'r', 'e', 't'}; + SECItem key_item = {siBuffer, const_cast<uint8_t *>(kData), + static_cast<unsigned int>(GetHashLength(hash_type))}; + PK11SymKey *s = + PK11_ImportSymKey(slot_.get(), CKM_SSL3_MASTER_KEY_DERIVE, + PK11_OriginUnwrap, CKA_DERIVE, &key_item, NULL); + ASSERT_NE(nullptr, s); + secret_.reset(s); + } + + void SetUp() override { + InitSecret(ssl_hash_sha256); + PORT_SetError(0); + } + + protected: + static void EncryptDecrypt(const ScopedSSLAeadContext &ctx, + const uint8_t *ciphertext, size_t ciphertext_len) { + static const uint8_t kAad[] = {'a', 'a', 'd'}; + static const uint8_t kPlaintext[] = {'t', 'e', 'x', 't'}; + static const size_t kMaxSize = 32; + + ASSERT_GE(kMaxSize, ciphertext_len); + ASSERT_LT(0U, ciphertext_len); + + uint8_t output[kMaxSize]; + unsigned int output_len = 0; + EXPECT_EQ(SECSuccess, SSL_AeadEncrypt(ctx.get(), 0, kAad, sizeof(kAad), + kPlaintext, sizeof(kPlaintext), + output, &output_len, sizeof(output))); + ASSERT_EQ(ciphertext_len, static_cast<size_t>(output_len)); + EXPECT_EQ(0, memcmp(ciphertext, output, ciphertext_len)); + + memset(output, 0, sizeof(output)); + EXPECT_EQ(SECSuccess, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad), + ciphertext, ciphertext_len, output, + &output_len, sizeof(output))); + ASSERT_EQ(sizeof(kPlaintext), static_cast<size_t>(output_len)); + EXPECT_EQ(0, memcmp(kPlaintext, output, sizeof(kPlaintext))); + + // Now for some tests of decryption failure. + // Truncate the input. + EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad), + ciphertext, ciphertext_len - 1, + output, &output_len, sizeof(output))); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); + + // Skip the first byte of the AAD. + EXPECT_EQ( + SECFailure, + SSL_AeadDecrypt(ctx.get(), 0, kAad + 1, sizeof(kAad) - 1, ciphertext, + ciphertext_len, output, &output_len, sizeof(output))); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); + + uint8_t input[kMaxSize] = {0}; + // Toggle a byte of the input. + memcpy(input, ciphertext, ciphertext_len); + input[0] ^= 9; + EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad), + input, ciphertext_len, output, + &output_len, sizeof(output))); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); + + // Toggle the last byte (the auth tag). + memcpy(input, ciphertext, ciphertext_len); + input[ciphertext_len - 1] ^= 77; + EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, kAad, sizeof(kAad), + input, ciphertext_len, output, + &output_len, sizeof(output))); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); + + // Toggle some of the AAD. + memcpy(input, kAad, sizeof(kAad)); + input[1] ^= 23; + EXPECT_EQ(SECFailure, SSL_AeadDecrypt(ctx.get(), 0, input, sizeof(kAad), + ciphertext, ciphertext_len, output, + &output_len, sizeof(output))); + EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError()); + } + + protected: + ScopedPK11SymKey secret_; + + private: + ScopedPK11SlotInfo slot_; +}; + +// These tests all use fixed inputs: a fixed secret, a fixed label, and fixed +// inputs. So they have fixed outputs. +static const char *kLabel = "test "; +static const uint8_t kCiphertextAes128Gcm[] = { + 0x11, 0x14, 0xfc, 0x58, 0x4f, 0x44, 0xff, 0x8c, 0xb6, 0xd8, + 0x20, 0xb3, 0xfb, 0x50, 0xd9, 0x3b, 0xd4, 0xc6, 0xe1, 0x14}; +static const uint8_t kCiphertextAes256Gcm[] = { + 0xf7, 0x27, 0x35, 0x80, 0x88, 0xaf, 0x99, 0x85, 0xf2, 0x83, + 0xca, 0xbb, 0x95, 0x42, 0x09, 0x3f, 0x9c, 0xf3, 0x29, 0xf0}; +static const uint8_t kCiphertextChaCha20Poly1305[] = { + 0x4e, 0x89, 0x2c, 0xfa, 0xfc, 0x8c, 0x40, 0x55, 0x6d, 0x7e, + 0x99, 0xac, 0x8e, 0x54, 0x58, 0xb1, 0x18, 0xd2, 0x66, 0x22}; + +TEST_F(AeadTest, AeadBadVersion) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ(SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256, + secret_.get(), kLabel, strlen(kLabel), &ctx)); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadUnsupportedCipher) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ(SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_MD5, + secret_.get(), kLabel, strlen(kLabel), &ctx)); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadOlderCipher) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ( + SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_AES_128_CBC_SHA, + secret_.get(), kLabel, strlen(kLabel), &ctx)); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadNoLabel) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ(SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256, + secret_.get(), nullptr, 12, &ctx)); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadLongLabel) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ(SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256, + secret_.get(), "", 254, &ctx)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadNoPointer) { + SSLAeadContext *ctx = nullptr; + ASSERT_EQ(SECFailure, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256, + secret_.get(), kLabel, strlen(kLabel), nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + EXPECT_EQ(nullptr, ctx); +} + +TEST_F(AeadTest, AeadAes128Gcm) { + SSLAeadContext *ctxInit; + ASSERT_EQ(SECSuccess, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_128_GCM_SHA256, + secret_.get(), kLabel, strlen(kLabel), &ctxInit)); + ScopedSSLAeadContext ctx(ctxInit); + EXPECT_NE(nullptr, ctx); + + EncryptDecrypt(ctx, kCiphertextAes128Gcm, sizeof(kCiphertextAes128Gcm)); +} + +TEST_F(AeadTest, AeadAes256Gcm) { + SSLAeadContext *ctxInit = nullptr; + ASSERT_EQ(SECSuccess, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_AES_256_GCM_SHA384, + secret_.get(), kLabel, strlen(kLabel), &ctxInit)); + ScopedSSLAeadContext ctx(ctxInit); + EXPECT_NE(nullptr, ctx); + + EncryptDecrypt(ctx, kCiphertextAes256Gcm, sizeof(kCiphertextAes256Gcm)); +} + +TEST_F(AeadTest, AeadChaCha20Poly1305) { + SSLAeadContext *ctxInit; + ASSERT_EQ( + SECSuccess, + SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, TLS_CHACHA20_POLY1305_SHA256, + secret_.get(), kLabel, strlen(kLabel), &ctxInit)); + ScopedSSLAeadContext ctx(ctxInit); + EXPECT_NE(nullptr, ctx); + + EncryptDecrypt(ctx, kCiphertextChaCha20Poly1305, + sizeof(kCiphertextChaCha20Poly1305)); +} + +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc index f1e85e898..86783b86e 100644 --- a/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_record_unittest.cc @@ -205,6 +205,42 @@ TEST_F(TlsConnectDatagram13, ShortHeadersServer) { SendReceive(); } +TEST_F(TlsConnectStreamTls13, UnencryptedFinishedMessage) { + StartConnect(); + client_->Handshake(); // Send ClientHello + server_->Handshake(); // Send first server flight + + // Record and drop the first record, which is the Finished. + auto recorder = std::make_shared<TlsRecordRecorder>(client_); + recorder->EnableDecryption(); + auto dropper = std::make_shared<SelectiveDropFilter>(1); + client_->SetFilter(std::make_shared<ChainedPacketFilter>( + ChainedPacketFilterInit({recorder, dropper}))); + client_->Handshake(); // Save and drop CFIN. + EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + + ASSERT_EQ(1U, recorder->count()); + auto& finished = recorder->record(0); + + DataBuffer d; + size_t offset = d.Write(0, ssl_ct_handshake, 1); + offset = d.Write(offset, SSL_LIBRARY_VERSION_TLS_1_2, 2); + offset = d.Write(offset, finished.buffer.len(), 2); + d.Append(finished.buffer); + client_->SendDirect(d); + + // Now process the message. + ExpectAlert(server_, kTlsAlertUnexpectedMessage); + // The server should generate an alert. + server_->Handshake(); + EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state()); + server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_RECORD_TYPE); + // Have the client consume the alert. + client_->Handshake(); + EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state()); + client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); +} + const static size_t kContentSizesArr[] = { 1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288}; diff --git a/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc new file mode 100644 index 000000000..393b50ffd --- /dev/null +++ b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc @@ -0,0 +1,577 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "secerr.h" +#include "ssl.h" +#include "sslerr.h" +#include "sslproto.h" + +extern "C" { +// This is not something that should make you happy. +#include "libssl_internals.h" +} + +#include <queue> +#include "gtest_utils.h" +#include "nss_scoped_ptrs.h" +#include "tls_connect.h" +#include "tls_filter.h" +#include "tls_parser.h" + +namespace nss_test { + +class HandshakeSecretTracker { + public: + HandshakeSecretTracker(const std::shared_ptr<TlsAgent>& agent, + uint16_t first_read_epoch, uint16_t first_write_epoch) + : agent_(agent), + next_read_epoch_(first_read_epoch), + next_write_epoch_(first_write_epoch) { + EXPECT_EQ(SECSuccess, + SSL_SecretCallback(agent_->ssl_fd(), + HandshakeSecretTracker::SecretCb, this)); + } + + void CheckComplete() const { + EXPECT_EQ(0, next_read_epoch_); + EXPECT_EQ(0, next_write_epoch_); + } + + private: + static void SecretCb(PRFileDesc* fd, PRUint16 epoch, SSLSecretDirection dir, + PK11SymKey* secret, void* arg) { + HandshakeSecretTracker* t = reinterpret_cast<HandshakeSecretTracker*>(arg); + t->SecretUpdated(epoch, dir, secret); + } + + void SecretUpdated(PRUint16 epoch, SSLSecretDirection dir, + PK11SymKey* secret) { + if (g_ssl_gtest_verbose) { + std::cerr << agent_->role_str() << ": secret callback for " << dir + << " epoch " << epoch << std::endl; + } + + EXPECT_TRUE(secret); + uint16_t* p; + if (dir == ssl_secret_read) { + p = &next_read_epoch_; + } else { + ASSERT_EQ(ssl_secret_write, dir); + p = &next_write_epoch_; + } + EXPECT_EQ(*p, epoch); + switch (*p) { + case 1: // 1 == 0-RTT, next should be handshake. + case 2: // 2 == handshake, next should be application data. + (*p)++; + break; + + case 3: // 3 == application data, there should be no more. + // Use 0 as a sentinel value. + *p = 0; + break; + + default: + ADD_FAILURE() << "Unexpected next epoch: " << *p; + } + } + + std::shared_ptr<TlsAgent> agent_; + uint16_t next_read_epoch_; + uint16_t next_write_epoch_; +}; + +TEST_F(TlsConnectTest, HandshakeSecrets) { + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); + EnsureTlsSetup(); + + HandshakeSecretTracker c(client_, 2, 2); + HandshakeSecretTracker s(server_, 2, 2); + + Connect(); + SendReceive(); + + c.CheckComplete(); + s.CheckComplete(); +} + +TEST_F(TlsConnectTest, ZeroRttSecrets) { + SetupForZeroRtt(); + + HandshakeSecretTracker c(client_, 2, 1); + HandshakeSecretTracker s(server_, 1, 2); + + client_->Set0RttEnabled(true); + server_->Set0RttEnabled(true); + ExpectResumption(RESUME_TICKET); + ZeroRttSendReceive(true, true); + Handshake(); + ExpectEarlyDataAccepted(true); + CheckConnected(); + SendReceive(); + + c.CheckComplete(); + s.CheckComplete(); +} + +class KeyUpdateTracker { + public: + KeyUpdateTracker(const std::shared_ptr<TlsAgent>& agent, + bool expect_read_secret) + : agent_(agent), expect_read_secret_(expect_read_secret), called_(false) { + EXPECT_EQ(SECSuccess, SSL_SecretCallback(agent_->ssl_fd(), + KeyUpdateTracker::SecretCb, this)); + } + + void CheckCalled() const { EXPECT_TRUE(called_); } + + private: + static void SecretCb(PRFileDesc* fd, PRUint16 epoch, SSLSecretDirection dir, + PK11SymKey* secret, void* arg) { + KeyUpdateTracker* t = reinterpret_cast<KeyUpdateTracker*>(arg); + t->SecretUpdated(epoch, dir, secret); + } + + void SecretUpdated(PRUint16 epoch, SSLSecretDirection dir, + PK11SymKey* secret) { + EXPECT_EQ(4U, epoch); + EXPECT_EQ(expect_read_secret_, dir == ssl_secret_read); + EXPECT_TRUE(secret); + called_ = true; + } + + std::shared_ptr<TlsAgent> agent_; + bool expect_read_secret_; + bool called_; +}; + +TEST_F(TlsConnectTest, KeyUpdateSecrets) { + ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); + Connect(); + // The update is to the client write secret; the server read secret. + KeyUpdateTracker c(client_, false); + KeyUpdateTracker s(server_, true); + EXPECT_EQ(SECSuccess, SSL_KeyUpdate(client_->ssl_fd(), PR_FALSE)); + SendReceive(50); + SendReceive(60); + CheckEpochs(4, 3); + c.CheckCalled(); + s.CheckCalled(); +} + +// BadPrSocket is an instance of a PR IO layer that crashes the test if it is +// ever used for reading or writing. It does that by failing to overwrite any +// of the DummyIOLayerMethods, which all crash when invoked. +class BadPrSocket : public DummyIOLayerMethods { + public: + BadPrSocket(std::shared_ptr<TlsAgent>& agent) : DummyIOLayerMethods() { + static PRDescIdentity bad_identity = PR_GetUniqueIdentity("bad NSPR id"); + fd_ = DummyIOLayerMethods::CreateFD(bad_identity, this); + + // This is terrible, but NSPR doesn't provide an easy way to replace the + // bottom layer of an IO stack. Take the DummyPrSocket and replace its + // NSPR method vtable with the ones from this object. + dummy_layer_ = + PR_GetIdentitiesLayer(agent->ssl_fd(), DummyPrSocket::LayerId()); + EXPECT_TRUE(dummy_layer_); + original_methods_ = dummy_layer_->methods; + original_secret_ = dummy_layer_->secret; + dummy_layer_->methods = fd_->methods; + dummy_layer_->secret = reinterpret_cast<PRFilePrivate*>(this); + } + + // This will be destroyed before the agent, so we need to restore the state + // before we tampered with it. + virtual ~BadPrSocket() { + dummy_layer_->methods = original_methods_; + dummy_layer_->secret = original_secret_; + } + + private: + ScopedPRFileDesc fd_; + PRFileDesc* dummy_layer_; + const PRIOMethods* original_methods_; + PRFilePrivate* original_secret_; +}; + +class StagedRecords { + public: + StagedRecords(std::shared_ptr<TlsAgent>& agent) : agent_(agent), records_() { + EXPECT_EQ(SECSuccess, + SSL_RecordLayerWriteCallback( + agent_->ssl_fd(), StagedRecords::StageRecordData, this)); + } + + virtual ~StagedRecords() { + // Uninstall so that the callback doesn't fire during cleanup. + EXPECT_EQ(SECSuccess, + SSL_RecordLayerWriteCallback(agent_->ssl_fd(), nullptr, nullptr)); + } + + bool empty() const { return records_.empty(); } + + void ForwardAll(std::shared_ptr<TlsAgent>& peer) { + EXPECT_NE(agent_, peer) << "can't forward to self"; + for (auto r : records_) { + r.Forward(peer); + } + records_.clear(); + } + + // This forwards all saved data and checks the resulting state. + void ForwardAll(std::shared_ptr<TlsAgent>& peer, + TlsAgent::State expected_state) { + ForwardAll(peer); + switch (expected_state) { + case TlsAgent::STATE_CONNECTED: + // The handshake callback should have been called, so check that before + // checking that SSL_ForceHandshake succeeds. + EXPECT_EQ(expected_state, peer->state()); + EXPECT_EQ(SECSuccess, SSL_ForceHandshake(peer->ssl_fd())); + break; + + case TlsAgent::STATE_CONNECTING: + // Check that SSL_ForceHandshake() blocks. + EXPECT_EQ(SECFailure, SSL_ForceHandshake(peer->ssl_fd())); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()); + // Update and check the state. + peer->Handshake(); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, peer->state()); + break; + + default: + ADD_FAILURE() << "No idea how to handle this state"; + } + } + + void ForwardPartial(std::shared_ptr<TlsAgent>& peer) { + if (records_.empty()) { + ADD_FAILURE() << "No records to slice"; + return; + } + auto& last = records_.back(); + auto tail = last.SliceTail(); + ForwardAll(peer, TlsAgent::STATE_CONNECTING); + records_.push_back(tail); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, peer->state()); + } + + private: + // A single record. + class StagedRecord { + public: + StagedRecord(const std::string role, uint16_t epoch, SSLContentType ct, + const uint8_t* data, size_t len) + : role_(role), epoch_(epoch), content_type_(ct), data_(data, len) { + if (g_ssl_gtest_verbose) { + std::cerr << role_ << ": staged epoch " << epoch_ << " " + << content_type_ << ": " << data_ << std::endl; + } + } + + // This forwards staged data to the identified agent. + void Forward(std::shared_ptr<TlsAgent>& peer) { + // Now there should be staged data. + EXPECT_FALSE(data_.empty()); + if (g_ssl_gtest_verbose) { + std::cerr << role_ << ": forward " << data_ << std::endl; + } + EXPECT_EQ(SECSuccess, + SSL_RecordLayerData(peer->ssl_fd(), epoch_, content_type_, + data_.data(), + static_cast<unsigned int>(data_.len()))); + } + + // Slices the tail off this record and returns it. + StagedRecord SliceTail() { + size_t slice = 1; + if (data_.len() <= slice) { + ADD_FAILURE() << "record too small to slice in two"; + slice = 0; + } + size_t keep = data_.len() - slice; + StagedRecord tail(role_, epoch_, content_type_, data_.data() + keep, + slice); + data_.Truncate(keep); + return tail; + } + + private: + std::string role_; + uint16_t epoch_; + SSLContentType content_type_; + DataBuffer data_; + }; + + // This is an SSLRecordWriteCallback that stages data. + static SECStatus StageRecordData(PRFileDesc* fd, PRUint16 epoch, + SSLContentType content_type, + const PRUint8* data, unsigned int len, + void* arg) { + auto stage = reinterpret_cast<StagedRecords*>(arg); + stage->records_.push_back(StagedRecord(stage->agent_->role_str(), epoch, + content_type, data, + static_cast<size_t>(len))); + return SECSuccess; + } + + std::shared_ptr<TlsAgent>& agent_; + std::deque<StagedRecord> records_; +}; + +// Attempting to feed application data in before the handshake is complete +// should be caught. +static void RefuseApplicationData(std::shared_ptr<TlsAgent>& peer, + uint16_t epoch) { + static const uint8_t d[] = {1, 2, 3}; + EXPECT_EQ(SECFailure, + SSL_RecordLayerData(peer->ssl_fd(), epoch, ssl_ct_application_data, + d, static_cast<unsigned int>(sizeof(d)))); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} + +static void SendForwardReceive(std::shared_ptr<TlsAgent>& sender, + StagedRecords& sender_stage, + std::shared_ptr<TlsAgent>& receiver) { + const size_t count = 10; + sender->SendData(count, count); + sender_stage.ForwardAll(receiver); + receiver->ReadBytes(count); +} + +TEST_P(TlsConnectStream, ReplaceRecordLayer) { + StartConnect(); + client_->SetServerKeyBits(server_->server_key_bits()); + + // BadPrSocket installs an IO layer that crashes when the SSL layer attempts + // to read or write. + BadPrSocket bad_layer_client(client_); + BadPrSocket bad_layer_server(server_); + + // StagedRecords installs a handler for unprotected data from the socket, and + // captures that data. + StagedRecords client_stage(client_); + StagedRecords server_stage(server_); + + // Both peers should refuse application data from epoch 0. + RefuseApplicationData(client_, 0); + RefuseApplicationData(server_, 0); + + // This first call forwards nothing, but it causes the client to handshake, + // which starts things off. This stages the ClientHello as a result. + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + // This processes the ClientHello and stages the first server flight. + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING); + RefuseApplicationData(server_, 1); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + // Process the server flight and the client is done. + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + } else { + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + RefuseApplicationData(client_, 1); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + } + CheckKeys(); + + // Reading and writing application data should work. + SendForwardReceive(client_, client_stage, server_); + SendForwardReceive(server_, server_stage, client_); +} + +static SECStatus AuthCompleteBlock(TlsAgent*, PRBool, PRBool) { + return SECWouldBlock; +} + +TEST_P(TlsConnectStream, ReplaceRecordLayerAsyncLateAuth) { + StartConnect(); + client_->SetServerKeyBits(server_->server_key_bits()); + + BadPrSocket bad_layer_client(client_); + BadPrSocket bad_layer_server(server_); + StagedRecords client_stage(client_); + StagedRecords server_stage(server_); + + client_->SetAuthCertificateCallback(AuthCompleteBlock); + + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + + // Prior to TLS 1.3, the client sends its second flight immediately. But in + // TLS 1.3, a client won't send a Finished until it is happy with the server + // certificate. So blocking certificate validation causes the client to send + // nothing. + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + ASSERT_TRUE(client_stage.empty()); + + // Client should have stopped reading when it saw the Certificate message, + // so it will be reading handshake epoch, and writing cleartext. + client_->CheckEpochs(2, 0); + // Server should be reading handshake, and writing application data. + server_->CheckEpochs(2, 3); + + // Handshake again and the client will read the remainder of the server's + // flight, but it will remain blocked. + client_->Handshake(); + ASSERT_TRUE(client_stage.empty()); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state()); + } else { + // In prior versions, the client's second flight is always sent. + ASSERT_FALSE(client_stage.empty()); + } + + // Now declare the certificate good. + EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0)); + client_->Handshake(); + ASSERT_FALSE(client_stage.empty()); + + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + } else { + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + } + CheckKeys(); + + // Reading and writing application data should work. + SendForwardReceive(client_, client_stage, server_); +} + +TEST_F(TlsConnectStreamTls13, ReplaceRecordLayerAsyncPostHandshake) { + StartConnect(); + client_->SetServerKeyBits(server_->server_key_bits()); + + BadPrSocket bad_layer_client(client_); + BadPrSocket bad_layer_server(server_); + StagedRecords client_stage(client_); + StagedRecords server_stage(server_); + + client_->SetAuthCertificateCallback(AuthCompleteBlock); + + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + + ASSERT_TRUE(client_stage.empty()); + client_->Handshake(); + ASSERT_TRUE(client_stage.empty()); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state()); + + // Now declare the certificate good. + EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0)); + client_->Handshake(); + ASSERT_FALSE(client_stage.empty()); + + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + } else { + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + } + CheckKeys(); + + // Reading and writing application data should work. + SendForwardReceive(client_, client_stage, server_); + + // Post-handshake messages should work here. + EXPECT_EQ(SECSuccess, SSL_SendSessionTicket(server_->ssl_fd(), nullptr, 0)); + SendForwardReceive(server_, server_stage, client_); +} + +// This test ensures that data is correctly forwarded when the handshake is +// resumed after asynchronous server certificate authentication, when +// SSL_AuthCertificateComplete() is called. The logic for resuming the +// handshake involves a different code path than the usual one, so this test +// exercises that code fully. +TEST_F(TlsConnectStreamTls13, ReplaceRecordLayerAsyncEarlyAuth) { + StartConnect(); + client_->SetServerKeyBits(server_->server_key_bits()); + + BadPrSocket bad_layer_client(client_); + BadPrSocket bad_layer_server(server_); + StagedRecords client_stage(client_); + StagedRecords server_stage(server_); + + client_->SetAuthCertificateCallback(AuthCompleteBlock); + + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING); + + // Send a partial flight on to the client. + // This includes enough to trigger the certificate callback. + server_stage.ForwardPartial(client_); + EXPECT_TRUE(client_stage.empty()); + + // Declare the certificate good. + EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0)); + client_->Handshake(); + EXPECT_TRUE(client_stage.empty()); + + // Send the remainder of the server flight. + PRBool pending = PR_FALSE; + EXPECT_EQ(SECSuccess, + SSLInt_HasPendingHandshakeData(client_->ssl_fd(), &pending)); + EXPECT_EQ(PR_TRUE, pending); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state()); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + CheckKeys(); + + SendForwardReceive(server_, server_stage, client_); +} + +TEST_P(TlsConnectStream, ForwardDataFromWrongEpoch) { + const uint8_t data[] = {1}; + Connect(); + uint16_t next_epoch; + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + EXPECT_EQ(SECFailure, + SSL_RecordLayerData(client_->ssl_fd(), 2, ssl_ct_application_data, + data, sizeof(data))); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()) + << "Passing data from an old epoch is rejected"; + next_epoch = 4; + } else { + // Prior to TLS 1.3, the epoch is only updated once during the handshake. + next_epoch = 2; + } + EXPECT_EQ(SECFailure, + SSL_RecordLayerData(client_->ssl_fd(), next_epoch, + ssl_ct_application_data, data, sizeof(data))); + EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError()) + << "Passing data from a future epoch blocks"; +} + +TEST_F(TlsConnectStreamTls13, ForwardInvalidData) { + const uint8_t data[1] = {0}; + + EnsureTlsSetup(); + // Zero-length data. + EXPECT_EQ(SECFailure, SSL_RecordLayerData(client_->ssl_fd(), 0, + ssl_ct_application_data, data, 0)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // NULL data. + EXPECT_EQ(SECFailure, + SSL_RecordLayerData(client_->ssl_fd(), 0, ssl_ct_application_data, + nullptr, 1)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} + +TEST_F(TlsConnectDatagram13, ForwardDataDtls) { + EnsureTlsSetup(); + const uint8_t data[1] = {0}; + EXPECT_EQ(SECFailure, + SSL_RecordLayerData(client_->ssl_fd(), 0, ssl_ct_application_data, + data, sizeof(data))); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} + +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc index 0a54ae1a8..f2003a358 100644 --- a/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc @@ -123,9 +123,11 @@ TEST_P(TlsConnectGeneric, RecordSizeMaximum) { EnsureTlsSetup(); auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_); - client_max->EnableDecryption(); auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_); - server_max->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + client_max->EnableDecryption(); + server_max->EnableDecryption(); + } Connect(); client_->SendData(send_size, send_size); @@ -140,7 +142,9 @@ TEST_P(TlsConnectGeneric, RecordSizeMaximum) { TEST_P(TlsConnectGeneric, RecordSizeMinimumClient) { EnsureTlsSetup(); auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_); - server_max->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + server_max->EnableDecryption(); + } client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64); Connect(); @@ -152,7 +156,9 @@ TEST_P(TlsConnectGeneric, RecordSizeMinimumClient) { TEST_P(TlsConnectGeneric, RecordSizeMinimumServer) { EnsureTlsSetup(); auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_); - client_max->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + client_max->EnableDecryption(); + } server_->SetOption(SSL_RECORD_SIZE_LIMIT, 64); Connect(); @@ -164,9 +170,11 @@ TEST_P(TlsConnectGeneric, RecordSizeMinimumServer) { TEST_P(TlsConnectGeneric, RecordSizeAsymmetric) { EnsureTlsSetup(); auto client_max = MakeTlsFilter<TlsRecordMaximum>(client_); - client_max->EnableDecryption(); auto server_max = MakeTlsFilter<TlsRecordMaximum>(server_); - server_max->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + client_max->EnableDecryption(); + server_max->EnableDecryption(); + } client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64); server_->SetOption(SSL_RECORD_SIZE_LIMIT, 100); @@ -222,14 +230,15 @@ TEST_P(TlsConnectTls13, RecordSizePlaintextExceed) { // Tweak the ciphertext of server records so that they greatly exceed the limit. // This requires a much larger expansion than for plaintext to trigger the -// guard, which runs before decryption (current allowance is 304 octets). +// guard, which runs before decryption (current allowance is 320 octets, +// see MAX_EXPANSION in ssl3con.c). TEST_P(TlsConnectTls13, RecordSizeCiphertextExceed) { EnsureTlsSetup(); client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64); Connect(); - auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 320); + auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 336); server_->SendData(100); client_->ExpectReadWriteError(); @@ -256,9 +265,11 @@ class TlsRecordPadder : public TlsRecordFilter { return KEEP; } + uint16_t protection_epoch; uint8_t inner_content_type; DataBuffer plaintext; - if (!Unprotect(header, record, &inner_content_type, &plaintext)) { + if (!Unprotect(header, record, &protection_epoch, &inner_content_type, + &plaintext)) { return KEEP; } @@ -267,8 +278,8 @@ class TlsRecordPadder : public TlsRecordFilter { } DataBuffer ciphertext; - bool ok = - Protect(header, inner_content_type, plaintext, &ciphertext, padding_); + bool ok = Protect(spec(protection_epoch), header, inner_content_type, + plaintext, &ciphertext, padding_); EXPECT_TRUE(ok); if (!ok) { return KEEP; @@ -334,7 +345,9 @@ TEST_P(TlsConnectGeneric, RecordSizeCapExtensionClient) { client_->SetOption(SSL_RECORD_SIZE_LIMIT, 16385); auto capture = MakeTlsFilter<TlsExtensionCapture>(client_, ssl_record_size_limit_xtn); - capture->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + capture->EnableDecryption(); + } Connect(); uint64_t val = 0; @@ -352,7 +365,9 @@ TEST_P(TlsConnectGeneric, RecordSizeCapExtensionServer) { server_->SetOption(SSL_RECORD_SIZE_LIMIT, 16385); auto capture = MakeTlsFilter<TlsExtensionCapture>(server_, ssl_record_size_limit_xtn); - capture->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + capture->EnableDecryption(); + } Connect(); uint64_t val = 0; @@ -393,10 +408,24 @@ TEST_P(TlsConnectGeneric, RecordSizeServerExtensionInvalid) { static const uint8_t v[] = {0xf4, 0x1f}; auto replace = MakeTlsFilter<TlsExtensionReplacer>( server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v))); - replace->EnableDecryption(); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + replace->EnableDecryption(); + } ConnectExpectAlert(client_, kTlsAlertIllegalParameter); } +TEST_P(TlsConnectGeneric, RecordSizeServerExtensionExtra) { + EnsureTlsSetup(); + server_->SetOption(SSL_RECORD_SIZE_LIMIT, 1000); + static const uint8_t v[] = {0x01, 0x00, 0x00}; + auto replace = MakeTlsFilter<TlsExtensionReplacer>( + server_, ssl_record_size_limit_xtn, DataBuffer(v, sizeof(v))); + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + replace->EnableDecryption(); + } + ConnectExpectAlert(client_, kTlsAlertDecodeError); +} + class RecordSizeDefaultsTest : public ::testing::Test { public: void SetUp() { diff --git a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc index a902a5f7f..072a1836c 100644 --- a/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_renegotiation_unittest.cc @@ -11,6 +11,11 @@ #include "sslerr.h" #include "sslproto.h" +extern "C" { +// This is not something that should make you happy. +#include "libssl_internals.h" +} + #include "gtest_utils.h" #include "tls_connect.h" @@ -34,6 +39,24 @@ TEST_P(TlsConnectStreamPre13, RenegotiateServer) { CheckConnected(); } +TEST_P(TlsConnectStreamPre13, RenegotiateRandoms) { + SSL3Random crand1, crand2, srand1, srand2; + Connect(); + EXPECT_EQ(SECSuccess, + SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand1, srand1)); + + // Renegotiate and check that both randoms have changed. + client_->PrepareForRenegotiate(); + server_->StartRenegotiate(); + Handshake(); + CheckConnected(); + EXPECT_EQ(SECSuccess, + SSLInt_GetHandshakeRandoms(client_->ssl_fd(), crand2, srand2)); + + EXPECT_NE(0, memcmp(crand1, crand2, sizeof(SSL3Random))); + EXPECT_NE(0, memcmp(srand1, srand2, sizeof(SSL3Random))); +} + // The renegotiation options shouldn't cause an error if TLS 1.3 is chosen. TEST_F(TlsConnectTest, RenegotiationConfigTls13) { EnsureTlsSetup(); diff --git a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc index 264bde67f..bfc3ccfeb 100644 --- a/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc @@ -325,14 +325,17 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) { SendReceive(); } +// Tickets last two days maximum; this is a time longer than that. +static const PRTime kLongerThanTicketLifetime = + 3LL * 24 * 60 * 60 * PR_USEC_PER_SEC; + TEST_P(TlsConnectGenericResumption, ConnectWithExpiredTicketAtClient) { - SSLInt_SetTicketLifetime(1); // one second // This causes a ticket resumption. ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); Connect(); SendReceive(); - WAIT_(false, 1000); + AdvanceTime(kLongerThanTicketLifetime); Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); @@ -354,7 +357,6 @@ TEST_P(TlsConnectGenericResumption, ConnectWithExpiredTicketAtClient) { } TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) { - SSLInt_SetTicketLifetime(1); // one second // This causes a ticket resumption. ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); Connect(); @@ -373,7 +375,7 @@ TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) { EXPECT_TRUE(capture->captured()); EXPECT_LT(0U, capture->extension().len()); - WAIT_(false, 1000); // Let the ticket expire on the server. + AdvanceTime(kLongerThanTicketLifetime); Handshake(); CheckConnected(); @@ -421,6 +423,7 @@ static int32_t SwitchCertificates(TlsAgent* agent, const SECItem* srvNameArr, TEST_P(TlsConnectGeneric, ServerSNICertSwitch) { Connect(); ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); Reset(); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); @@ -429,6 +432,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertSwitch) { Connect(); ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); CheckKeys(); EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); } @@ -437,6 +441,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) { Reset(TlsAgent::kServerEcdsa256); Connect(); ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); Reset(); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); @@ -447,6 +452,7 @@ TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) { Connect(); ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa); EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); } @@ -531,6 +537,7 @@ TEST_P(TlsConnectTls13, TestTls13ResumeNoCertificateRequest) { Connect(); SendReceive(); // Need to read so that we absorb the session ticket. ScopedCERTCertificate cert1(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); @@ -546,6 +553,7 @@ TEST_P(TlsConnectTls13, TestTls13ResumeNoCertificateRequest) { // Sanity check whether the client certificate matches the one // decrypted from ticket. ScopedCERTCertificate cert2(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); } @@ -561,6 +569,7 @@ TEST_P(TlsConnectTls13, WriteBeforeHandshakeCompleteOnResumption) { Connect(); SendReceive(); // Absorb the session ticket. ScopedCERTCertificate cert1(SSL_LocalCertificate(client_->ssl_fd())); + ASSERT_NE(nullptr, cert1.get()); Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); @@ -577,6 +586,7 @@ TEST_P(TlsConnectTls13, WriteBeforeHandshakeCompleteOnResumption) { // Check whether the client certificate matches the one from the ticket. ScopedCERTCertificate cert2(SSL_PeerCertificate(server_->ssl_fd())); + ASSERT_NE(nullptr, cert2.get()); EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); } @@ -589,15 +599,17 @@ static uint16_t ChooseOneCipher(uint16_t version) { return TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; } -static uint16_t ChooseAnotherCipher(uint16_t version) { +static uint16_t ChooseIncompatibleCipher(uint16_t version) { if (version >= SSL_LIBRARY_VERSION_TLS_1_3) { return TLS_AES_256_GCM_SHA384; } return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; } -// Test that we don't resume when we can't negotiate the same cipher. -TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) { +// Test that we don't resume when we can't negotiate the same cipher. Note that +// for TLS 1.3, resumption is allowed between compatible ciphers, that is those +// with the same KDF hash, but we choose an incompatible one here. +TEST_P(TlsConnectGenericResumption, ResumeClientIncompatibleCipher) { ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); client_->EnableSingleCipher(ChooseOneCipher(version_)); Connect(); @@ -607,7 +619,7 @@ TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) { Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ExpectResumption(RESUME_NONE); - client_->EnableSingleCipher(ChooseAnotherCipher(version_)); + client_->EnableSingleCipher(ChooseIncompatibleCipher(version_)); uint16_t ticket_extension; if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { ticket_extension = ssl_tls13_pre_shared_key_xtn; @@ -622,24 +634,24 @@ TEST_P(TlsConnectGenericResumption, TestResumeClientDifferentCipher) { } // Test that we don't resume when we can't negotiate the same cipher. -TEST_P(TlsConnectGenericResumption, TestResumeServerDifferentCipher) { +TEST_P(TlsConnectGenericResumption, ResumeServerIncompatibleCipher) { ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); server_->EnableSingleCipher(ChooseOneCipher(version_)); Connect(); - SendReceive(); // Need to read so that we absorb the session ticket. + SendReceive(); // Absorb the session ticket. CheckKeys(); Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ExpectResumption(RESUME_NONE); - server_->EnableSingleCipher(ChooseAnotherCipher(version_)); + server_->EnableSingleCipher(ChooseIncompatibleCipher(version_)); Connect(); CheckKeys(); } // Test that the client doesn't tolerate the server picking a different cipher // suite for resumption. -TEST_P(TlsConnectStream, TestResumptionOverrideCipher) { +TEST_P(TlsConnectStream, ResumptionOverrideCipher) { ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); server_->EnableSingleCipher(ChooseOneCipher(version_)); Connect(); @@ -648,8 +660,8 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) { Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - MakeTlsFilter<SelectedCipherSuiteReplacer>(server_, - ChooseAnotherCipher(version_)); + MakeTlsFilter<SelectedCipherSuiteReplacer>( + server_, ChooseIncompatibleCipher(version_)); if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { client_->ExpectSendAlert(kTlsAlertIllegalParameter); @@ -668,6 +680,38 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) { } } +// In TLS 1.3, it is possible to resume with a different cipher if it has the +// same hash. +TEST_P(TlsConnectTls13, ResumeClientCompatibleCipher) { + ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); + client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256); + Connect(); + SendReceive(); // Absorb the session ticket. + CheckKeys(); + + Reset(); + ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); + ExpectResumption(RESUME_TICKET); + client_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256); + Connect(); + CheckKeys(); +} + +TEST_P(TlsConnectTls13, ResumeServerCompatibleCipher) { + ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); + server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256); + Connect(); + SendReceive(); // Absorb the session ticket. + CheckKeys(); + + Reset(); + ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); + ExpectResumption(RESUME_TICKET); + server_->EnableSingleCipher(TLS_CHACHA20_POLY1305_SHA256); + Connect(); + CheckKeys(); +} + class SelectedVersionReplacer : public TlsHandshakeFilter { public: SelectedVersionReplacer(const std::shared_ptr<TlsAgent>& a, uint16_t version) @@ -757,7 +801,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ASSERT_LT(0U, initialTicket.len()); ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd())); - ASSERT_TRUE(!!cert1.get()); + ASSERT_NE(nullptr, cert1.get()); Reset(); ClearStats(); @@ -773,7 +817,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ASSERT_LT(0U, c2->extension().len()); ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd())); - ASSERT_TRUE(!!cert2.get()); + ASSERT_NE(nullptr, cert2.get()); // Check that the cipher suite is reported the same on both sides, though in // TLS 1.3 resumption actually negotiates a different cipher suite. @@ -1109,7 +1153,7 @@ TEST_P(TlsConnectGenericResumption, ReConnectAgainTicket) { ssl_auth_rsa_sign, ssl_sig_rsa_pss_rsae_sha256); } -void CheckGetInfoResult(uint32_t alpnSize, uint32_t earlyDataSize, +void CheckGetInfoResult(PRTime now, uint32_t alpnSize, uint32_t earlyDataSize, ScopedCERTCertificate& cert, ScopedSSLResumptionTokenInfo& token) { ASSERT_TRUE(cert); @@ -1125,7 +1169,7 @@ void CheckGetInfoResult(uint32_t alpnSize, uint32_t earlyDataSize, ASSERT_EQ(earlyDataSize, token->maxEarlyDataSize); - ASSERT_LT(ssl_TimeUsec(), token->expirationTime); + ASSERT_LT(now, token->expirationTime); } // The client should generate a new, randomized session_id @@ -1174,8 +1218,9 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfo) { client_->GetTokenInfo(token); ScopedCERTCertificate cert( PK11_FindCertFromNickname(server_->name().c_str(), nullptr)); + ASSERT_NE(nullptr, cert.get()); - CheckGetInfoResult(0, 0, cert, token); + CheckGetInfoResult(now(), 0, 0, cert, token); Handshake(); CheckConnected(); @@ -1183,6 +1228,56 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfo) { SendReceive(); } +TEST_P(TlsConnectGenericResumptionToken, RefuseExpiredTicketClient) { + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + Connect(); + SendReceive(); + + // Move the clock to the expiration time of the ticket. + SSLResumptionTokenInfo tokenInfo = {0}; + ScopedSSLResumptionTokenInfo token(&tokenInfo); + client_->GetTokenInfo(token); + AdvanceTime(token->expirationTime - now()); + + Reset(); + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + ExpectResumption(RESUME_TICKET); + + StartConnect(); + ASSERT_EQ(SECFailure, + SSL_SetResumptionToken(client_->ssl_fd(), + client_->GetResumptionToken().data(), + client_->GetResumptionToken().size())); + EXPECT_EQ(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR, PORT_GetError()); +} + +TEST_P(TlsConnectGenericResumptionToken, RefuseExpiredTicketServer) { + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + Connect(); + SendReceive(); + + Reset(); + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + ExpectResumption(RESUME_NONE); + + // Start the handshake and send the ClientHello. + StartConnect(); + ASSERT_EQ(SECSuccess, + SSL_SetResumptionToken(client_->ssl_fd(), + client_->GetResumptionToken().data(), + client_->GetResumptionToken().size())); + client_->Handshake(); + + // Move the clock to the expiration time of the ticket. + SSLResumptionTokenInfo tokenInfo = {0}; + ScopedSSLResumptionTokenInfo token(&tokenInfo); + client_->GetTokenInfo(token); + AdvanceTime(token->expirationTime - now()); + + Handshake(); + CheckConnected(); +} + TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) { EnableAlpn(); ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); @@ -1204,8 +1299,9 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) { client_->GetTokenInfo(token); ScopedCERTCertificate cert( PK11_FindCertFromNickname(server_->name().c_str(), nullptr)); + ASSERT_NE(nullptr, cert.get()); - CheckGetInfoResult(1, 0, cert, token); + CheckGetInfoResult(now(), 1, 0, cert, token); Handshake(); CheckConnected(); @@ -1216,7 +1312,7 @@ TEST_P(TlsConnectGenericResumptionToken, ConnectResumeGetInfoAlpn) { TEST_P(TlsConnectTls13ResumptionToken, ConnectResumeGetInfoZeroRtt) { EnableAlpn(); - SSLInt_RolloverAntiReplay(); + RolloverAntiReplay(); ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); server_->Set0RttEnabled(true); Connect(); @@ -1239,8 +1335,8 @@ TEST_P(TlsConnectTls13ResumptionToken, ConnectResumeGetInfoZeroRtt) { client_->GetTokenInfo(token); ScopedCERTCertificate cert( PK11_FindCertFromNickname(server_->name().c_str(), nullptr)); - - CheckGetInfoResult(1, 1024, cert, token); + ASSERT_NE(nullptr, cert.get()); + CheckGetInfoResult(now(), 1, 1024, cert, token); ZeroRttSendReceive(true, true); Handshake(); @@ -1272,6 +1368,54 @@ TEST_P(TlsConnectGenericResumption, ConnectResumeClientAuth) { SendReceive(); } +// Check that resumption is blocked if the server requires client auth. +TEST_P(TlsConnectGenericResumption, ClientAuthRequiredOnResumption) { + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + server_->RequestClientAuth(false); + Connect(); + SendReceive(); + + Reset(); + client_->SetupClientAuth(); + server_->RequestClientAuth(true); + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + ExpectResumption(RESUME_NONE); + Connect(); + SendReceive(); +} + +// Check that resumption is blocked if the server requires client auth and +// the client fails to provide a certificate. +TEST_P(TlsConnectGenericResumption, ClientAuthRequiredOnResumptionNoCert) { + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + server_->RequestClientAuth(false); + Connect(); + SendReceive(); + + Reset(); + server_->RequestClientAuth(true); + ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); + // Drive handshake manually because TLS 1.3 needs it. + StartConnect(); + client_->Handshake(); // CH + server_->Handshake(); // SH.. (no resumption) + client_->Handshake(); // ... + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + // In TLS 1.3, the client thinks that everything is OK here. + ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + ExpectAlert(server_, kTlsAlertCertificateRequired); + server_->Handshake(); // Alert + client_->Handshake(); // Receive Alert + client_->CheckErrorCode(SSL_ERROR_RX_CERTIFICATE_REQUIRED_ALERT); + } else { + ExpectAlert(server_, kTlsAlertBadCertificate); + server_->Handshake(); // Alert + client_->Handshake(); // Receive Alert + client_->CheckErrorCode(SSL_ERROR_BAD_CERT_ALERT); + } + server_->CheckErrorCode(SSL_ERROR_NO_CERTIFICATE); +} + TEST_F(TlsConnectStreamTls13, ExternalTokenAfterHrr) { ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); Connect(); diff --git a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc index ffc0893e9..3255bd512 100644 --- a/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_version_unittest.cc @@ -55,6 +55,10 @@ TEST_P(TlsConnectGeneric, ServerNegotiateTls12) { // two validate that we can also detect fallback using the // SSL_SetDowngradeCheckVersion() API. TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) { + client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2); + server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, + SSL_LIBRARY_VERSION_TLS_1_2); client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE); MakeTlsFilter<TlsClientHelloVersionSetter>(client_, SSL_LIBRARY_VERSION_TLS_1_1); @@ -116,11 +120,11 @@ TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) { TEST_F(TlsConnectTest, TestFallbackFromTls12) { client_->SetOption(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, PR_TRUE); - client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_1); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_2); + client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2); ConnectExpectAlert(client_, kTlsAlertIllegalParameter); client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); @@ -269,4 +273,11 @@ TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) { ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), version); } +// Offer 1.3 but with ClientHello.legacy_version == SSL 3.0. This +// causes a protocol version alert. See RFC 8446 Appendix D.5. +TEST_F(TlsConnectStreamTls13, Ssl30ClientHelloWithSupportedVersions) { + MakeTlsFilter<TlsClientHelloVersionSetter>(client_, SSL_LIBRARY_VERSION_3_0); + ConnectExpectAlert(server_, kTlsAlertProtocolVersion); +} + } // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc index a75dbb7aa..44e685414 100644 --- a/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc @@ -214,12 +214,6 @@ class TestPolicyVersionRange ASSERT_EQ(SECSuccess, rv); rv = NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, saved_max_dtls_); ASSERT_EQ(SECSuccess, rv); - // If it wasn't set initially, clear the bit that we set. - if (!(saved_algorithm_policy_ & NSS_USE_POLICY_IN_SSL)) { - rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, 0, - NSS_USE_POLICY_IN_SSL); - ASSERT_EQ(SECSuccess, rv); - } } private: @@ -233,16 +227,12 @@ class TestPolicyVersionRange ASSERT_EQ(SECSuccess, rv); rv = NSS_OptionGet(NSS_DTLS_VERSION_MAX_POLICY, &saved_max_dtls_); ASSERT_EQ(SECSuccess, rv); - rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, - &saved_algorithm_policy_); - ASSERT_EQ(SECSuccess, rv); } int32_t saved_min_tls_; int32_t saved_max_tls_; int32_t saved_min_dtls_; int32_t saved_max_dtls_; - uint32_t saved_algorithm_policy_; }; VersionPolicy saved_version_policy_; diff --git a/security/nss/gtests/ssl_gtest/test_io.cc b/security/nss/gtests/ssl_gtest/test_io.cc index 6d792c520..4a7f91459 100644 --- a/security/nss/gtests/ssl_gtest/test_io.cc +++ b/security/nss/gtests/ssl_gtest/test_io.cc @@ -25,10 +25,13 @@ namespace nss_test { if (g_ssl_gtest_verbose) LOG(a); \ } while (false) +PRDescIdentity DummyPrSocket::LayerId() { + static PRDescIdentity id = PR_GetUniqueIdentity("dummysocket"); + return id; +} + ScopedPRFileDesc DummyPrSocket::CreateFD() { - static PRDescIdentity test_fd_identity = - PR_GetUniqueIdentity("testtransportadapter"); - return DummyIOLayerMethods::CreateFD(test_fd_identity, this); + return DummyIOLayerMethods::CreateFD(DummyPrSocket::LayerId(), this); } void DummyPrSocket::Reset() { @@ -136,19 +139,18 @@ int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) { DataBuffer filtered; PacketFilter::Action action = PacketFilter::KEEP; if (filter_) { + LOGV("Original packet: " << packet); action = filter_->Process(packet, &filtered); } switch (action) { case PacketFilter::CHANGE: - LOG("Original packet: " << packet); LOG("Filtered packet: " << filtered); dst->PacketReceived(filtered); break; case PacketFilter::DROP: - LOG("Droppped packet: " << packet); + LOG("Drop packet"); break; case PacketFilter::KEEP: - LOGV("Packet: " << packet); dst->PacketReceived(packet); break; } diff --git a/security/nss/gtests/ssl_gtest/test_io.h b/security/nss/gtests/ssl_gtest/test_io.h index 062ae86c8..e262fb123 100644 --- a/security/nss/gtests/ssl_gtest/test_io.h +++ b/security/nss/gtests/ssl_gtest/test_io.h @@ -33,9 +33,11 @@ class PacketFilter { CHANGE, // change the packet to a different value DROP // drop the packet }; - PacketFilter(bool enabled = true) : enabled_(enabled) {} + explicit PacketFilter(bool on = true) : enabled_(on) {} virtual ~PacketFilter() {} + bool enabled() const { return enabled_; } + virtual Action Process(const DataBuffer& input, DataBuffer* output) { if (!enabled_) { return KEEP; @@ -68,6 +70,8 @@ class DummyPrSocket : public DummyIOLayerMethods { write_error_(0) {} virtual ~DummyPrSocket() {} + static PRDescIdentity LayerId(); + // Create a file descriptor that will reference this object. The fd must not // live longer than this adapter; call PR_Close() before. ScopedPRFileDesc CreateFD(); diff --git a/security/nss/gtests/ssl_gtest/tls_agent.cc b/security/nss/gtests/ssl_gtest/tls_agent.cc index fb66196b5..88640481e 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.cc +++ b/security/nss/gtests/ssl_gtest/tls_agent.cc @@ -47,6 +47,8 @@ const std::string TlsAgent::kServerEcdsa521 = "ecdsa521"; const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa"; const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa"; const std::string TlsAgent::kServerDsa = "dsa"; +const std::string TlsAgent::kDelegatorEcdsa256 = "delegator_ecdsa256"; +const std::string TlsAgent::kDelegatorRsae2048 = "delegator_rsae2048"; static const uint8_t kCannedTls13ServerHello[] = { 0x03, 0x03, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3, @@ -127,16 +129,76 @@ void TlsAgent::SetState(State s) { ScopedCERTCertificate* cert, ScopedSECKEYPrivateKey* priv) { cert->reset(PK11_FindCertFromNickname(name.c_str(), nullptr)); + EXPECT_NE(nullptr, cert); + if (!cert) return false; EXPECT_NE(nullptr, cert->get()); if (!cert->get()) return false; priv->reset(PK11_FindKeyByAnyCert(cert->get(), nullptr)); + EXPECT_NE(nullptr, priv); + if (!priv) return false; EXPECT_NE(nullptr, priv->get()); if (!priv->get()) return false; return true; } +// Loads a key pair from the certificate identified by |id|. +/*static*/ bool TlsAgent::LoadKeyPairFromCert(const std::string& name, + ScopedSECKEYPublicKey* pub, + ScopedSECKEYPrivateKey* priv) { + ScopedCERTCertificate cert; + if (!TlsAgent::LoadCertificate(name, &cert, priv)) { + return false; + } + + pub->reset(SECKEY_ExtractPublicKey(&cert->subjectPublicKeyInfo)); + if (!pub->get()) { + return false; + } + + return true; +} + +void TlsAgent::DelegateCredential(const std::string& name, + const ScopedSECKEYPublicKey& dc_pub, + SSLSignatureScheme dc_cert_verify_alg, + PRUint32 dc_valid_for, PRTime now, + SECItem* dc) { + ScopedCERTCertificate cert; + ScopedSECKEYPrivateKey cert_priv; + EXPECT_TRUE(TlsAgent::LoadCertificate(name, &cert, &cert_priv)) + << "Could not load delegate certificate: " << name + << "; test db corrupt?"; + + EXPECT_EQ(SECSuccess, + SSL_DelegateCredential(cert.get(), cert_priv.get(), dc_pub.get(), + dc_cert_verify_alg, dc_valid_for, now, dc)); +} + +void TlsAgent::EnableDelegatedCredentials() { + ASSERT_TRUE(EnsureTlsSetup()); + SetOption(SSL_ENABLE_DELEGATED_CREDENTIALS, PR_TRUE); +} + +void TlsAgent::AddDelegatedCredential(const std::string& dc_name, + SSLSignatureScheme dc_cert_verify_alg, + PRUint32 dc_valid_for, PRTime now) { + ASSERT_TRUE(EnsureTlsSetup()); + + ScopedSECKEYPublicKey pub; + ScopedSECKEYPrivateKey priv; + EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(dc_name, &pub, &priv)); + + StackSECItem dc; + TlsAgent::DelegateCredential(name_, pub, dc_cert_verify_alg, dc_valid_for, + now, &dc); + + SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr, + nullptr, &dc, priv.get()}; + EXPECT_TRUE(ConfigServerCert(name_, true, &extra_data)); +} + bool TlsAgent::ConfigServerCert(const std::string& id, bool updateKeyBits, const SSLExtraServerCertData* serverCertData) { ScopedCERTCertificate cert; @@ -224,6 +286,9 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) { EXPECT_EQ(SECSuccess, rv); if (rv != SECSuccess) return false; + // All these tests depend on having this disabled to start with. + SetOption(SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_FALSE); + return true; } @@ -251,6 +316,10 @@ bool TlsAgent::MaybeSetResumptionToken() { return true; } +void TlsAgent::SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx) { + EXPECT_EQ(SECSuccess, SSL_SetAntiReplayContext(ssl_fd_.get(), ctx.get())); +} + void TlsAgent::SetupClientAuth() { EXPECT_TRUE(EnsureTlsSetup()); ASSERT_EQ(CLIENT, role_); @@ -279,7 +348,7 @@ SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd, ScopedCERTCertificate peerCert(SSL_PeerCertificate(agent->ssl_fd())); EXPECT_TRUE(peerCert) << "Client should be able to see the server cert"; - // See bug 1457716 + // See bug 1573945 // CheckCertReqAgainstDefaultCAs(caNames); ScopedCERTCertificate cert; @@ -640,6 +709,16 @@ void TlsAgent::CheckAlpn(SSLNextProtoState expected_state, } } +void TlsAgent::CheckEpochs(uint16_t expected_read, + uint16_t expected_write) const { + uint16_t read_epoch = 0; + uint16_t write_epoch = 0; + EXPECT_EQ(SECSuccess, + SSL_GetCurrentEpoch(ssl_fd(), &read_epoch, &write_epoch)); + EXPECT_EQ(expected_read, read_epoch) << role_str() << " read epoch"; + EXPECT_EQ(expected_write, write_epoch) << role_str() << " write epoch"; +} + void TlsAgent::EnableSrtp() { EXPECT_TRUE(EnsureTlsSetup()); const uint16_t ciphers[] = {SRTP_AES128_CM_HMAC_SHA1_80, @@ -715,26 +794,26 @@ void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const { } void TlsAgent::CheckPreliminaryInfo() { - SSLPreliminaryChannelInfo info; + SSLPreliminaryChannelInfo preinfo; EXPECT_EQ(SECSuccess, - SSL_GetPreliminaryChannelInfo(ssl_fd(), &info, sizeof(info))); - EXPECT_EQ(sizeof(info), info.length); - EXPECT_TRUE(info.valuesSet & ssl_preinfo_version); - EXPECT_TRUE(info.valuesSet & ssl_preinfo_cipher_suite); + SSL_GetPreliminaryChannelInfo(ssl_fd(), &preinfo, sizeof(preinfo))); + EXPECT_EQ(sizeof(preinfo), preinfo.length); + EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_version); + EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite); // A version of 0 is invalid and indicates no expectation. This value is // initialized to 0 so that tests that don't explicitly set an expected // version can negotiate a version. if (!expected_version_) { - expected_version_ = info.protocolVersion; + expected_version_ = preinfo.protocolVersion; } - EXPECT_EQ(expected_version_, info.protocolVersion); + EXPECT_EQ(expected_version_, preinfo.protocolVersion); // As with the version; 0 is the null cipher suite (and also invalid). if (!expected_cipher_suite_) { - expected_cipher_suite_ = info.cipherSuite; + expected_cipher_suite_ = preinfo.cipherSuite; } - EXPECT_EQ(expected_cipher_suite_, info.cipherSuite); + EXPECT_EQ(expected_cipher_suite_, preinfo.cipherSuite); } // Check that all the expected callbacks have been called. @@ -766,6 +845,13 @@ void TlsAgent::ResetPreliminaryInfo() { expected_cipher_suite_ = 0; } +void TlsAgent::UpdatePreliminaryChannelInfo() { + SECStatus rv = SSL_GetPreliminaryChannelInfo(ssl_fd_.get(), &pre_info_, + sizeof(pre_info_)); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(sizeof(pre_info_), pre_info_.length); +} + void TlsAgent::ValidateCipherSpecs() { PRInt32 cipherSpecs = SSLInt_CountCipherSpecs(ssl_fd()); // We use one ciphersuite in each direction. @@ -828,6 +914,7 @@ void TlsAgent::Connected() { // Preliminary values are exposed through callbacks during the handshake. // If either expected values were set or the callbacks were called, check // that the final values are correct. + UpdatePreliminaryChannelInfo(); EXPECT_EQ(expected_version_, info_.protocolVersion); EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite); diff --git a/security/nss/gtests/ssl_gtest/tls_agent.h b/security/nss/gtests/ssl_gtest/tls_agent.h index 020221868..4b6cce8e0 100644 --- a/security/nss/gtests/ssl_gtest/tls_agent.h +++ b/security/nss/gtests/ssl_gtest/tls_agent.h @@ -76,6 +76,8 @@ class TlsAgent : public PollTarget { static const std::string kServerEcdhEcdsa; static const std::string kServerEcdhRsa; static const std::string kServerDsa; + static const std::string kDelegatorEcdsa256; // draft-ietf-tls-subcerts + static const std::string kDelegatorRsae2048; // draft-ietf-tls-subcerts TlsAgent(const std::string& name, Role role, SSLProtocolVariant variant); virtual ~TlsAgent(); @@ -108,9 +110,32 @@ class TlsAgent : public PollTarget { void PrepareForRenegotiate(); // Prepares for renegotiation, then actually triggers it. void StartRenegotiate(); + void SetAntiReplayContext(ScopedSSLAntiReplayContext& ctx); + static bool LoadCertificate(const std::string& name, ScopedCERTCertificate* cert, ScopedSECKEYPrivateKey* priv); + static bool LoadKeyPairFromCert(const std::string& name, + ScopedSECKEYPublicKey* pub, + ScopedSECKEYPrivateKey* priv); + + // Delegated credentials. + // + // Generate a delegated credential and sign it using the certificate + // associated with |name|. + static void DelegateCredential(const std::string& name, + const ScopedSECKEYPublicKey& dcPub, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, PRTime now, SECItem* dc); + // Indicate support for the delegated credentials extension. + void EnableDelegatedCredentials(); + // Generate and configure a delegated credential to use in the handshake with + // clients that support this extension.. + void AddDelegatedCredential(const std::string& dc_name, + SSLSignatureScheme dcCertVerifyAlg, + PRUint32 dcValidFor, PRTime now); + void UpdatePreliminaryChannelInfo(); + bool ConfigServerCert(const std::string& name, bool updateKeyBits = false, const SSLExtraServerCertData* serverCertData = nullptr); bool ConfigServerCertWithChain(const std::string& name); @@ -139,6 +164,7 @@ class TlsAgent : public PollTarget { const std::string& expected = "") const; void EnableSrtp(); void CheckSrtp() const; + void CheckEpochs(uint16_t expected_read, uint16_t expected_write) const; void CheckErrorCode(int32_t expected) const; void WaitForErrorCode(int32_t expected, uint32_t delay) const; // Send data on the socket, encrypting it. @@ -199,16 +225,20 @@ class TlsAgent : public PollTarget { PRFileDesc* ssl_fd() const { return ssl_fd_.get(); } std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; } + const SSLChannelInfo& info() const { + EXPECT_EQ(STATE_CONNECTED, state_); + return info_; + } + + const SSLPreliminaryChannelInfo& pre_info() const { return pre_info_; } + bool is_compressed() const { - return info_.compressionMethod != ssl_compression_null; + return info().compressionMethod != ssl_compression_null; } uint16_t server_key_bits() const { return server_key_bits_; } uint16_t min_version() const { return vrange_.min; } uint16_t max_version() const { return vrange_.max; } - uint16_t version() const { - EXPECT_EQ(STATE_CONNECTED, state_); - return info_.protocolVersion; - } + uint16_t version() const { return info().protocolVersion; } bool cipher_suite(uint16_t* suite) const { if (state_ != STATE_CONNECTED) return false; @@ -399,6 +429,7 @@ class TlsAgent : public PollTarget { bool handshake_callback_called_; bool resumption_callback_called_; SSLChannelInfo info_; + SSLPreliminaryChannelInfo pre_info_; SSLCipherSuiteInfo csinfo_; SSLVersionRange vrange_; PRErrorCode error_code_; diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc index c48ae38ec..28165cf7f 100644 --- a/security/nss/gtests/ssl_gtest/tls_connect.cc +++ b/security/nss/gtests/ssl_gtest/tls_connect.cc @@ -106,6 +106,10 @@ std::string VersionString(uint16_t version) { } } +// The default anti-replay window for tests. Tests that rely on a different +// value call SSL_InitAntiReplay directly. +static PRTime kAntiReplayWindow = 100 * PR_USEC_PER_SEC; + TlsConnectTestBase::TlsConnectTestBase(SSLProtocolVariant variant, uint16_t version) : variant_(variant), @@ -167,18 +171,8 @@ void TlsConnectTestBase::CheckShares( void TlsConnectTestBase::CheckEpochs(uint16_t client_epoch, uint16_t server_epoch) const { - uint16_t read_epoch = 0; - uint16_t write_epoch = 0; - - EXPECT_EQ(SECSuccess, - SSLInt_GetEpochs(client_->ssl_fd(), &read_epoch, &write_epoch)); - EXPECT_EQ(server_epoch, read_epoch) << "client read epoch"; - EXPECT_EQ(client_epoch, write_epoch) << "client write epoch"; - - EXPECT_EQ(SECSuccess, - SSLInt_GetEpochs(server_->ssl_fd(), &read_epoch, &write_epoch)); - EXPECT_EQ(client_epoch, read_epoch) << "server read epoch"; - EXPECT_EQ(server_epoch, write_epoch) << "server write epoch"; + client_->CheckEpochs(server_epoch, client_epoch); + server_->CheckEpochs(client_epoch, server_epoch); } void TlsConnectTestBase::ClearStats() { @@ -193,12 +187,37 @@ void TlsConnectTestBase::ClearServerCache() { SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str()); } +void TlsConnectTestBase::SaveAlgorithmPolicy() { + saved_policies_.clear(); + for (auto it = algorithms_.begin(); it != algorithms_.end(); ++it) { + uint32_t policy; + SECStatus rv = NSS_GetAlgorithmPolicy(*it, &policy); + ASSERT_EQ(SECSuccess, rv); + saved_policies_.push_back(std::make_tuple(*it, policy)); + } +} + +void TlsConnectTestBase::RestoreAlgorithmPolicy() { + for (auto it = saved_policies_.begin(); it != saved_policies_.end(); ++it) { + auto algorithm = std::get<0>(*it); + auto policy = std::get<1>(*it); + SECStatus rv = NSS_SetAlgorithmPolicy( + algorithm, policy, NSS_USE_POLICY_IN_SSL | NSS_USE_ALG_IN_SSL_KX); + ASSERT_EQ(SECSuccess, rv); + } +} + +PRTime TlsConnectTestBase::TimeFunc(void* arg) { + return *reinterpret_cast<PRTime*>(arg); +} + void TlsConnectTestBase::SetUp() { SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str()); SSLInt_ClearSelfEncryptKey(); - SSLInt_SetTicketLifetime(30); - SSL_SetupAntiReplay(1 * PR_USEC_PER_SEC, 1, 3); + now_ = PR_Now(); + ResetAntiReplay(kAntiReplayWindow); ClearStats(); + SaveAlgorithmPolicy(); Init(); } @@ -209,6 +228,7 @@ void TlsConnectTestBase::TearDown() { SSL_ClearSessionCache(); SSLInt_ClearSelfEncryptKey(); SSL_ShutdownServerSessionIDCache(); + RestoreAlgorithmPolicy(); } void TlsConnectTestBase::Init() { @@ -220,6 +240,14 @@ void TlsConnectTestBase::Init() { } } +void TlsConnectTestBase::ResetAntiReplay(PRTime window) { + SSLAntiReplayContext* p_anti_replay = nullptr; + EXPECT_EQ(SECSuccess, + SSL_CreateAntiReplayContext(now_, window, 1, 3, &p_anti_replay)); + EXPECT_NE(nullptr, p_anti_replay); + anti_replay_.reset(p_anti_replay); +} + void TlsConnectTestBase::Reset() { // Take a copy of the names because they are about to disappear. std::string server_name = server_->name(); @@ -238,6 +266,8 @@ void TlsConnectTestBase::Reset(const std::string& server_name, server_->SkipVersionChecks(); } + std::cerr << "Reset server:" << server_name << ", client:" << client_name + << std::endl; Init(); } @@ -269,10 +299,14 @@ void TlsConnectTestBase::EnsureTlsSetup() { : nullptr)); EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd() : nullptr)); + server_->SetAntiReplayContext(anti_replay_); + EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(client_->ssl_fd(), + TlsConnectTestBase::TimeFunc, &now_)); + EXPECT_EQ(SECSuccess, SSL_SetTimeFunc(server_->ssl_fd(), + TlsConnectTestBase::TimeFunc, &now_)); } void TlsConnectTestBase::Handshake() { - EnsureTlsSetup(); client_->SetServerKeyBits(server_->server_key_bits()); client_->Handshake(); server_->Handshake(); @@ -289,16 +323,16 @@ void TlsConnectTestBase::EnableExtendedMasterSecret() { } void TlsConnectTestBase::Connect() { - server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr); - client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr); + StartConnect(); client_->MaybeSetResumptionToken(); Handshake(); CheckConnected(); } void TlsConnectTestBase::StartConnect() { - server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr); - client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr); + EnsureTlsSetup(); + server_->StartConnect(); + client_->StartConnect(); } void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) { @@ -666,8 +700,9 @@ void TlsConnectTestBase::SendReceive(size_t total) { // Do a first connection so we can do 0-RTT on the second one. void TlsConnectTestBase::SetupForZeroRtt() { + // Force rollover of the anti-replay window. // If we don't do this, then all 0-RTT attempts will be rejected. - SSLInt_RolloverAntiReplay(); + RolloverAntiReplay(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); @@ -779,12 +814,20 @@ void TlsConnectTestBase::ShiftDtlsTimers() { time_shift = time; } - if (time_shift == PR_INTERVAL_NO_TIMEOUT) { - return; + if (time_shift != PR_INTERVAL_NO_TIMEOUT) { + AdvanceTime(PR_IntervalToMicroseconds(time_shift)); + EXPECT_EQ(SECSuccess, + SSLInt_ShiftDtlsTimers(client_->ssl_fd(), time_shift)); + EXPECT_EQ(SECSuccess, + SSLInt_ShiftDtlsTimers(server_->ssl_fd(), time_shift)); } +} + +void TlsConnectTestBase::AdvanceTime(PRTime time_shift) { now_ += time_shift; } - EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(client_->ssl_fd(), time_shift)); - EXPECT_EQ(SECSuccess, SSLInt_ShiftDtlsTimers(server_->ssl_fd(), time_shift)); +// Advance time by a full anti-replay window. +void TlsConnectTestBase::RolloverAntiReplay() { + AdvanceTime(kAntiReplayWindow); } TlsConnectGeneric::TlsConnectGeneric() diff --git a/security/nss/gtests/ssl_gtest/tls_connect.h b/security/nss/gtests/ssl_gtest/tls_connect.h index 000494501..23c60bf4f 100644 --- a/security/nss/gtests/ssl_gtest/tls_connect.h +++ b/security/nss/gtests/ssl_gtest/tls_connect.h @@ -48,6 +48,8 @@ class TlsConnectTestBase : public ::testing::Test { virtual void SetUp(); virtual void TearDown(); + PRTime now() const { return now_; } + // Initialize client and server. void Init(); // Clear the statistics. @@ -131,6 +133,13 @@ class TlsConnectTestBase : public ::testing::Test { // Move the DTLS timers for both endpoints to pop the next timer. void ShiftDtlsTimers(); + void AdvanceTime(PRTime time_shift); + + void ResetAntiReplay(PRTime window); + void RolloverAntiReplay(); + + void SaveAlgorithmPolicy(); + void RestoreAlgorithmPolicy(); protected: SSLProtocolVariant variant_; @@ -142,6 +151,7 @@ class TlsConnectTestBase : public ::testing::Test { SessionResumptionMode expected_resumption_mode_; uint8_t expected_resumptions_; std::vector<std::vector<uint8_t>> session_ids_; + ScopedSSLAntiReplayContext anti_replay_; // A simple value of "a", "b". Note that the preferred value of "a" is placed // at the end, because the NSS API follows the now defunct NPN specification, @@ -149,14 +159,24 @@ class TlsConnectTestBase : public ::testing::Test { // NSS will move this final entry to the front when used with ALPN. const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61}; + // A list of algorithm IDs whose policies need to be preserved + // around test cases. In particular, DSA is checked in + // ssl_extension_unittest.cc. + const std::vector<SECOidTag> algorithms_ = {SEC_OID_APPLY_SSL_POLICY, + SEC_OID_ANSIX9_DSA_SIGNATURE, + SEC_OID_CURVE25519, SEC_OID_SHA1}; + std::vector<std::tuple<SECOidTag, uint32_t>> saved_policies_; + private: void CheckResumption(SessionResumptionMode expected); void CheckExtendedMasterSecret(); void CheckEarlyDataAccepted(); + static PRTime TimeFunc(void* arg); bool expect_extended_master_secret_; bool expect_early_data_accepted_; bool skip_version_checks_; + PRTime now_; // Track groups and make sure that there are no duplicates. class DuplicateGroupChecker { diff --git a/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc b/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc index 3c860a0b2..26275e0bc 100644 --- a/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc +++ b/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc @@ -4,8 +4,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <ctime> - #include "secerr.h" #include "ssl.h" @@ -57,7 +55,7 @@ static void UpdateEsniKeysChecksum(DataBuffer* buf) { buf->Write(2, sha256, 4); } -static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group, +static void GenerateEsniKey(PRTime now, SSLNamedGroup group, std::vector<uint16_t>& cipher_suites, DataBuffer* record, ScopedSECKEYPublicKey* pubKey = nullptr, @@ -70,11 +68,12 @@ static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group, ASSERT_NE(nullptr, priv); SECITEM_FreeItem(&ecParams, PR_FALSE); PRUint8 encoded[1024]; - unsigned int encoded_len; + unsigned int encoded_len = 0; SECStatus rv = SSL_EncodeESNIKeys( - &cipher_suites[0], cipher_suites.size(), group, pub, 100, windowStart, - windowStart + 10, encoded, &encoded_len, sizeof(encoded)); + &cipher_suites[0], cipher_suites.size(), group, pub, 100, + (now / PR_USEC_PER_SEC) - 1, (now / PR_USEC_PER_SEC) + 10, encoded, + &encoded_len, sizeof(encoded)); ASSERT_EQ(SECSuccess, rv); ASSERT_GT(encoded_len, 0U); @@ -92,15 +91,15 @@ static void GenerateEsniKey(time_t windowStart, SSLNamedGroup group, record->Write(0, encoded, encoded_len); } -static void SetupEsni(const std::shared_ptr<TlsAgent>& client, +static void SetupEsni(PRTime now, const std::shared_ptr<TlsAgent>& client, const std::shared_ptr<TlsAgent>& server, SSLNamedGroup group = ssl_grp_ec_curve25519) { ScopedSECKEYPublicKey pub; ScopedSECKEYPrivateKey priv; DataBuffer record; - GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record, - &pub, &priv); + GenerateEsniKey(now, ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub, + &priv); SECStatus rv = SSL_SetESNIKeyPair(server->ssl_fd(), priv.get(), record.data(), record.len()); ASSERT_EQ(SECSuccess, rv); @@ -124,77 +123,87 @@ static void CheckSniExtension(const DataBuffer& data) { ASSERT_EQ(expected, name); } -static void ClientInstallEsni(std::shared_ptr<TlsAgent>& agent, - const DataBuffer& record, PRErrorCode err = 0) { - SECStatus rv = - SSL_EnableESNI(agent->ssl_fd(), record.data(), record.len(), kDummySni); - if (err == 0) { - ASSERT_EQ(SECSuccess, rv); - } else { - ASSERT_EQ(SECFailure, rv); - ASSERT_EQ(err, PORT_GetError()); +class TlsAgentEsniTest : public TlsAgentTestClient13 { + public: + void SetUp() override { now_ = PR_Now(); } + + protected: + PRTime now() const { return now_; } + + void InstallEsni(const DataBuffer& record, PRErrorCode err = 0) { + SECStatus rv = SSL_EnableESNI(agent_->ssl_fd(), record.data(), record.len(), + kDummySni); + if (err == 0) { + ASSERT_EQ(SECSuccess, rv); + } else { + ASSERT_EQ(SECFailure, rv); + ASSERT_EQ(err, PORT_GetError()); + } } -} -TEST_P(TlsAgentTestClient13, EsniInstall) { + private: + PRTime now_ = 0; +}; + +TEST_P(TlsAgentEsniTest, EsniInstall) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); - ClientInstallEsni(agent_, record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); + InstallEsni(record); } // The next set of tests fail at setup time. -TEST_P(TlsAgentTestClient13, EsniInvalidHash) { +TEST_P(TlsAgentEsniTest, EsniInvalidHash) { EnsureInit(); DataBuffer record; GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.data()[2]++; - ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); + InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); } -TEST_P(TlsAgentTestClient13, EsniInvalidVersion) { +TEST_P(TlsAgentEsniTest, EsniInvalidVersion) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.Write(0, 0xffff, 2); - ClientInstallEsni(agent_, record, SSL_ERROR_UNSUPPORTED_VERSION); + InstallEsni(record, SSL_ERROR_UNSUPPORTED_VERSION); } -TEST_P(TlsAgentTestClient13, EsniShort) { +TEST_P(TlsAgentEsniTest, EsniShort) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.Truncate(record.len() - 1); UpdateEsniKeysChecksum(&record); - ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); + InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); } -TEST_P(TlsAgentTestClient13, EsniLong) { +TEST_P(TlsAgentEsniTest, EsniLong) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.Write(record.len(), 1, 1); UpdateEsniKeysChecksum(&record); - ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); + InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); } -TEST_P(TlsAgentTestClient13, EsniExtensionMismatch) { +TEST_P(TlsAgentEsniTest, EsniExtensionMismatch) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.Write(record.len() - 1, 1, 1); UpdateEsniKeysChecksum(&record); - ClientInstallEsni(agent_, record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); + InstallEsni(record, SSL_ERROR_RX_MALFORMED_ESNI_KEYS); } // The following tests fail by ignoring the Esni block. -TEST_P(TlsAgentTestClient13, EsniUnknownGroup) { +TEST_P(TlsAgentEsniTest, EsniUnknownGroup) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); record.Write(8, 0xffff, 2); // Fake group UpdateEsniKeysChecksum(&record); - ClientInstallEsni(agent_, record, 0); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); @@ -202,11 +211,11 @@ TEST_P(TlsAgentTestClient13, EsniUnknownGroup) { ASSERT_TRUE(!filter->captured()); } -TEST_P(TlsAgentTestClient13, EsniUnknownCS) { +TEST_P(TlsAgentEsniTest, EsniUnknownCS) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kBogusSuites, &record); - ClientInstallEsni(agent_, record, 0); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kBogusSuites, &record); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); @@ -214,12 +223,12 @@ TEST_P(TlsAgentTestClient13, EsniUnknownCS) { ASSERT_TRUE(!filter->captured()); } -TEST_P(TlsAgentTestClient13, EsniInvalidCS) { +TEST_P(TlsAgentEsniTest, EsniInvalidCS) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kTls12Suites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kTls12Suites, &record); UpdateEsniKeysChecksum(&record); - ClientInstallEsni(agent_, record, 0); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); @@ -227,36 +236,34 @@ TEST_P(TlsAgentTestClient13, EsniInvalidCS) { ASSERT_TRUE(!filter->captured()); } -TEST_P(TlsAgentTestClient13, EsniNotReady) { +TEST_P(TlsAgentEsniTest, EsniNotReady) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0) + 1000, ssl_grp_ec_curve25519, kDefaultSuites, - &record); - ClientInstallEsni(agent_, record, 0); + GenerateEsniKey(now() + 1000, ssl_grp_ec_curve25519, kDefaultSuites, &record); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); ASSERT_TRUE(!filter->captured()); } -TEST_P(TlsAgentTestClient13, EsniExpired) { +TEST_P(TlsAgentEsniTest, EsniExpired) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0) - 1000, ssl_grp_ec_curve25519, kDefaultSuites, - &record); - ClientInstallEsni(agent_, record, 0); + GenerateEsniKey(now() - 1000, ssl_grp_ec_curve25519, kDefaultSuites, &record); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); ASSERT_TRUE(!filter->captured()); } -TEST_P(TlsAgentTestClient13, NoSniSoNoEsni) { +TEST_P(TlsAgentEsniTest, NoSniSoNoEsni) { EnsureInit(); DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); SSL_SetURL(agent_->ssl_fd(), ""); - ClientInstallEsni(agent_, record, 0); + InstallEsni(record, 0); auto filter = MakeTlsFilter<TlsExtensionCapture>(agent_, ssl_tls13_encrypted_sni_xtn); agent_->Handshake(); @@ -275,7 +282,7 @@ static int32_t SniCallback(TlsAgent* agent, const SECItem* srvNameAddr, TEST_P(TlsConnectTls13, ConnectEsni) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); auto cFilterSni = MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn); auto cFilterEsni = @@ -300,16 +307,19 @@ TEST_P(TlsConnectTls13, ConnectEsniHrr) { EnsureTlsSetup(); const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1}; server_->ConfigNamedGroups(groups); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); auto hrr_capture = MakeTlsFilter<TlsHandshakeRecorder>( server_, kTlsHandshakeHelloRetryRequest); auto filter = MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn); - auto cfilter = - MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn); + auto filter2 = + MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn, true); + client_->SetFilter(std::make_shared<ChainedPacketFilter>( + ChainedPacketFilterInit({filter, filter2}))); server_->SetSniCallback(SniCallback); Connect(); - CheckSniExtension(cfilter->extension()); + CheckSniExtension(filter->extension()); + CheckSniExtension(filter2->extension()); EXPECT_NE(0UL, hrr_capture->buffer().len()); } @@ -319,8 +329,8 @@ TEST_P(TlsConnectTls13, ConnectEsniNoDummy) { ScopedSECKEYPrivateKey priv; DataBuffer record; - GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record, - &pub, &priv); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub, + &priv); SECStatus rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(), record.data(), record.len()); ASSERT_EQ(SECSuccess, rv); @@ -343,8 +353,8 @@ TEST_P(TlsConnectTls13, ConnectEsniNullDummy) { ScopedSECKEYPrivateKey priv; DataBuffer record; - GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record, - &pub, &priv); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub, + &priv); SECStatus rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(), record.data(), record.len()); ASSERT_EQ(SECSuccess, rv); @@ -369,14 +379,17 @@ TEST_P(TlsConnectTls13, ConnectEsniCSMismatch) { ScopedSECKEYPrivateKey priv; DataBuffer record; - GenerateEsniKey(time(nullptr), ssl_grp_ec_curve25519, kDefaultSuites, &record, - &pub, &priv); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record, &pub, + &priv); PRUint8 encoded[1024]; - unsigned int encoded_len; + unsigned int encoded_len = 0; SECStatus rv = SSL_EncodeESNIKeys( &kChaChaSuite[0], kChaChaSuite.size(), ssl_grp_ec_curve25519, pub.get(), - 100, time(0), time(0) + 10, encoded, &encoded_len, sizeof(encoded)); + 100, (now() / PR_USEC_PER_SEC) - 1, (now() / PR_USEC_PER_SEC) + 10, + encoded, &encoded_len, sizeof(encoded)); + ASSERT_EQ(SECSuccess, rv); + ASSERT_LT(0U, encoded_len); rv = SSL_SetESNIKeyPair(server_->ssl_fd(), priv.get(), encoded, encoded_len); ASSERT_EQ(SECSuccess, rv); rv = SSL_EnableESNI(client_->ssl_fd(), record.data(), record.len(), ""); @@ -387,7 +400,7 @@ TEST_P(TlsConnectTls13, ConnectEsniCSMismatch) { TEST_P(TlsConnectTls13, ConnectEsniP256) { EnsureTlsSetup(); - SetupEsni(client_, server_, ssl_grp_ec_secp256r1); + SetupEsni(now(), client_, server_, ssl_grp_ec_secp256r1); auto cfilter = MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn); auto sfilter = @@ -400,18 +413,21 @@ TEST_P(TlsConnectTls13, ConnectEsniP256) { TEST_P(TlsConnectTls13, ConnectMismatchedEsniKeys) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); // Now install a new set of keys on the client, so we have a mismatch. DataBuffer record; - GenerateEsniKey(time(0), ssl_grp_ec_curve25519, kDefaultSuites, &record); - ClientInstallEsni(client_, record, 0); + GenerateEsniKey(now(), ssl_grp_ec_curve25519, kDefaultSuites, &record); + + SECStatus rv = + SSL_EnableESNI(client_->ssl_fd(), record.data(), record.len(), kDummySni); + ASSERT_EQ(SECSuccess, rv); ConnectExpectAlert(server_, illegal_parameter); server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); } TEST_P(TlsConnectTls13, ConnectDamagedEsniExtensionCH) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); auto filter = MakeTlsFilter<TlsExtensionDamager>( client_, ssl_tls13_encrypted_sni_xtn, 50); // in the ciphertext ConnectExpectAlert(server_, illegal_parameter); @@ -420,7 +436,7 @@ TEST_P(TlsConnectTls13, ConnectDamagedEsniExtensionCH) { TEST_P(TlsConnectTls13, ConnectRemoveEsniExtensionEE) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); auto filter = MakeTlsFilter<TlsExtensionDropper>(server_, ssl_tls13_encrypted_sni_xtn); filter->EnableDecryption(); @@ -430,7 +446,7 @@ TEST_P(TlsConnectTls13, ConnectRemoveEsniExtensionEE) { TEST_P(TlsConnectTls13, ConnectShortEsniExtensionEE) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); DataBuffer shortNonce; auto filter = MakeTlsFilter<TlsExtensionReplacer>( server_, ssl_tls13_encrypted_sni_xtn, shortNonce); @@ -441,7 +457,7 @@ TEST_P(TlsConnectTls13, ConnectShortEsniExtensionEE) { TEST_P(TlsConnectTls13, ConnectBogusEsniExtensionEE) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); const uint8_t bogusNonceBuf[16] = {0}; DataBuffer bogusNonce(bogusNonceBuf, sizeof(bogusNonceBuf)); auto filter = MakeTlsFilter<TlsExtensionReplacer>( @@ -456,7 +472,7 @@ TEST_P(TlsConnectTls13, ConnectBogusEsniExtensionEE) { // The client then aborts when it sees the server did TLS 1.2. TEST_P(TlsConnectTls13, EsniButTLS12Server) { EnsureTlsSetup(); - SetupEsni(client_, server_); + SetupEsni(now(), client_, server_); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_3); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, @@ -467,4 +483,4 @@ TEST_P(TlsConnectTls13, EsniButTLS12Server) { ASSERT_FALSE(SSLInt_ExtensionNegotiated(server_->ssl_fd(), ssl_tls13_encrypted_sni_xtn)); } -} +} // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/tls_filter.cc b/security/nss/gtests/ssl_gtest/tls_filter.cc index 25ad606fc..b2917274b 100644 --- a/security/nss/gtests/ssl_gtest/tls_filter.cc +++ b/security/nss/gtests/ssl_gtest/tls_filter.cc @@ -45,40 +45,65 @@ void TlsVersioned::WriteStream(std::ostream& stream) const { } } +TlsRecordFilter::TlsRecordFilter(const std::shared_ptr<TlsAgent>& a) + : agent_(a) { + cipher_specs_.emplace_back(a->variant() == ssl_variant_datagram, 0); +} + void TlsRecordFilter::EnableDecryption() { - SSLInt_SetCipherSpecChangeFunc(agent()->ssl_fd(), CipherSpecChanged, - (void*)this); + EXPECT_EQ(SECSuccess, + SSL_SecretCallback(agent()->ssl_fd(), SecretCallback, this)); + decrypting_ = true; } -void TlsRecordFilter::CipherSpecChanged(void* arg, PRBool sending, - ssl3CipherSpec* newSpec) { +void TlsRecordFilter::SecretCallback(PRFileDesc* fd, PRUint16 epoch, + SSLSecretDirection dir, PK11SymKey* secret, + void* arg) { TlsRecordFilter* self = static_cast<TlsRecordFilter*>(arg); - PRBool isServer = self->agent()->role() == TlsAgent::SERVER; - if (g_ssl_gtest_verbose) { - std::cerr << (isServer ? "server" : "client") << ": " - << (sending ? "send" : "receive") - << " cipher spec changed: " << newSpec->epoch << " (" - << newSpec->phase << ")" << std::endl; + std::cerr << self->agent()->role_str() << ": " << dir + << " secret changed for epoch " << epoch << std::endl; } - if (!sending) { + + if (dir == ssl_secret_read) { return; } - uint64_t seq_no; - if (self->agent()->variant() == ssl_variant_datagram) { - seq_no = static_cast<uint64_t>(SSLInt_CipherSpecToEpoch(newSpec)) << 48; + for (auto& spec : self->cipher_specs_) { + ASSERT_NE(spec.epoch(), epoch) << "duplicate spec for epoch " << epoch; + } + + SSLPreliminaryChannelInfo preinfo; + EXPECT_EQ(SECSuccess, + SSL_GetPreliminaryChannelInfo(self->agent()->ssl_fd(), &preinfo, + sizeof(preinfo))); + EXPECT_EQ(sizeof(preinfo), preinfo.length); + + // Check the version. + if (preinfo.valuesSet & ssl_preinfo_version) { + EXPECT_EQ(SSL_LIBRARY_VERSION_TLS_1_3, preinfo.protocolVersion); + } else { + EXPECT_EQ(1U, epoch); + } + + uint16_t suite; + if (epoch == 1) { + // 0-RTT + EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_0rtt_cipher_suite); + suite = preinfo.zeroRttCipherSuite; } else { - seq_no = 0; + EXPECT_TRUE(preinfo.valuesSet & ssl_preinfo_cipher_suite); + suite = preinfo.cipherSuite; } - self->in_sequence_number_ = seq_no; - self->out_sequence_number_ = seq_no; - self->dropped_record_ = false; - self->cipher_spec_.reset(new TlsCipherSpec()); - bool ret = self->cipher_spec_->Init( - SSLInt_CipherSpecToEpoch(newSpec), SSLInt_CipherSpecToAlgorithm(newSpec), - SSLInt_CipherSpecToKey(newSpec), SSLInt_CipherSpecToIv(newSpec)); - EXPECT_EQ(true, ret); + + SSLCipherSuiteInfo cipherinfo; + EXPECT_EQ(SECSuccess, + SSL_GetCipherSuiteInfo(suite, &cipherinfo, sizeof(cipherinfo))); + EXPECT_EQ(sizeof(cipherinfo), cipherinfo.length); + + bool is_dtls = self->agent()->variant() == ssl_variant_datagram; + self->cipher_specs_.emplace_back(is_dtls, epoch); + EXPECT_TRUE(self->cipher_specs_.back().SetKeys(&cipherinfo, secret)); } bool TlsRecordFilter::is_dtls13() const { @@ -95,6 +120,23 @@ bool TlsRecordFilter::is_dtls13() const { info.canSendEarlyData; } +// Gets the cipher spec that matches the specified epoch. +TlsCipherSpec& TlsRecordFilter::spec(uint16_t write_epoch) { + for (auto& sp : cipher_specs_) { + if (sp.epoch() == write_epoch) { + return sp; + } + } + + // If we aren't decrypting, provide a cipher spec that does nothing other than + // count sequence numbers. + EXPECT_FALSE(decrypting_) << "No spec available for epoch " << write_epoch; + ; + bool is_dtls = agent()->variant() == ssl_variant_datagram; + cipher_specs_.emplace_back(is_dtls, write_epoch); + return cipher_specs_.back(); +} + PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input, DataBuffer* output) { // Disable during shutdown. @@ -108,34 +150,28 @@ PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input, output->Allocate(input.len()); TlsParser parser(input); + // This uses the current write spec for the purposes of parsing the epoch and + // sequence number from the header. This might be wrong because we can + // receive records from older specs, but guessing is good enough: + // - In DTLS, parsing the sequence number corrects any errors. + // - In TLS, we don't use the sequence number unless decrypting, where we use + // trial decryption to get the right epoch. + uint16_t write_epoch = 0; + SECStatus rv = SSL_GetCurrentEpoch(agent()->ssl_fd(), nullptr, &write_epoch); + if (rv != SECSuccess) { + ADD_FAILURE() << "unable to read epoch"; + return KEEP; + } + uint64_t guess_seqno = static_cast<uint64_t>(write_epoch) << 48; + while (parser.remaining()) { TlsRecordHeader header; DataBuffer record; - - if (!header.Parse(is_dtls13(), in_sequence_number_, &parser, &record)) { + if (!header.Parse(is_dtls13(), guess_seqno, &parser, &record)) { ADD_FAILURE() << "not a valid record"; return KEEP; } - // Track the sequence number, which is necessary for stream mode when - // decrypting and for TLS 1.3 datagram to recover the sequence number. - // - // We reset the counter when the cipher spec changes, but that notification - // appears before a record is sent. If multiple records are sent with - // different cipher specs, this would fail. This filters out cleartext - // records, so we don't get confused by handshake messages that are sent at - // the same time as encrypted records. Sequence numbers are therefore - // likely to be incorrect for cleartext records. - // - // This isn't perfectly robust: if there is a change from an active cipher - // spec to another active cipher spec (KeyUpdate for instance) AND writes - // are consolidated across that change, this code could use the wrong - // sequence numbers when re-encrypting records with the old keys. - if (header.content_type() == ssl_ct_application_data) { - in_sequence_number_ = - (std::max)(in_sequence_number_, header.sequence_number() + 1); - } - if (FilterRecord(header, record, &offset, output) != KEEP) { changed = true; } else { @@ -159,14 +195,16 @@ PacketFilter::Action TlsRecordFilter::FilterRecord( DataBuffer filtered; uint8_t inner_content_type; DataBuffer plaintext; + uint16_t protection_epoch = 0; - if (!Unprotect(header, record, &inner_content_type, &plaintext)) { - if (g_ssl_gtest_verbose) { - std::cerr << "unprotect failed: " << header << ":" << record << std::endl; - } + if (!Unprotect(header, record, &protection_epoch, &inner_content_type, + &plaintext)) { + std::cerr << agent()->role_str() << ": unprotect failed: " << header << ":" + << record << std::endl; return KEEP; } + auto& protection_spec = spec(protection_epoch); TlsRecordHeader real_header(header.variant(), header.version(), inner_content_type, header.sequence_number()); @@ -174,7 +212,9 @@ PacketFilter::Action TlsRecordFilter::FilterRecord( // In stream mode, even if something doesn't change we need to re-encrypt if // previous packets were dropped. if (action == KEEP) { - if (header.is_dtls() || !dropped_record_) { + if (header.is_dtls() || !protection_spec.record_dropped()) { + // Count every outgoing packet. + protection_spec.RecordProtected(); return KEEP; } filtered = plaintext; @@ -182,7 +222,7 @@ PacketFilter::Action TlsRecordFilter::FilterRecord( if (action == DROP) { std::cerr << "record drop: " << header << ":" << record << std::endl; - dropped_record_ = true; + protection_spec.RecordDropped(); return DROP; } @@ -192,19 +232,18 @@ PacketFilter::Action TlsRecordFilter::FilterRecord( std::cerr << "record new: " << filtered << std::endl; } - uint64_t seq_num; - if (header.is_dtls() || !cipher_spec_ || - header.content_type() != ssl_ct_application_data) { - seq_num = header.sequence_number(); - } else { - seq_num = out_sequence_number_++; + uint64_t seq_num = protection_spec.next_out_seqno(); + if (!decrypting_ && header.is_dtls()) { + // Copy over the epoch, which isn't tracked when not decrypting. + seq_num |= header.sequence_number() & (0xffffULL << 48); } + TlsRecordHeader out_header(header.variant(), header.version(), header.content_type(), seq_num); DataBuffer ciphertext; - bool rv = Protect(out_header, inner_content_type, filtered, &ciphertext); - EXPECT_TRUE(rv); + bool rv = Protect(protection_spec, out_header, inner_content_type, filtered, + &ciphertext); if (!rv) { return KEEP; } @@ -227,15 +266,20 @@ uint64_t TlsRecordHeader::RecoverSequenceNumber(uint64_t expected, uint32_t partial, size_t partial_bits) { EXPECT_GE(32U, partial_bits); - uint64_t mask = (1 << partial_bits) - 1; + uint64_t mask = (1ULL << partial_bits) - 1; // First we determine the highest possible value. This is half the - // expressible range above the expected value. - uint64_t cap = expected + (1ULL << (partial_bits - 1)); + // expressible range above the expected value, less 1. + // + // We subtract the extra 1 from the cap so that when given a choice between + // the equidistant expected+N and expected-N we want to chose the lower. With + // 0-RTT, we sometimes have to recover an epoch of 1 when we expect an epoch + // of 3 and with 2 partial bits, the alternative result of 5 is wrong. + uint64_t cap = expected + (1ULL << (partial_bits - 1)) - 1; // Add the partial piece in. e.g., xxxx789a and 1234 becomes xxxx1234. uint64_t seq_no = (cap & ~mask) | partial; // If the partial value is higher than the same partial piece from the cap, // then the real value has to be lower. e.g., xxxx1234 can't become xxxx5678. - if (partial > (cap & mask)) { + if (partial > (cap & mask) && (seq_no >= (1ULL << partial_bits))) { seq_no -= 1ULL << partial_bits; } return seq_no; @@ -375,16 +419,41 @@ size_t TlsRecordHeader::Write(DataBuffer* buffer, size_t offset, bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header, const DataBuffer& ciphertext, + uint16_t* protection_epoch, uint8_t* inner_content_type, DataBuffer* plaintext) { - if (!cipher_spec_ || header.content_type() != ssl_ct_application_data) { + if (!decrypting_ || header.content_type() != ssl_ct_application_data) { + // Maintain the epoch and sequence number for plaintext records. + uint16_t ep = 0; + if (agent()->variant() == ssl_variant_datagram) { + ep = static_cast<uint16_t>(header.sequence_number() >> 48); + } + spec(ep).RecordUnprotected(header.sequence_number()); + *protection_epoch = ep; *inner_content_type = header.content_type(); *plaintext = ciphertext; return true; } - if (!cipher_spec_->Unprotect(header, ciphertext, plaintext)) { - return false; + uint16_t ep = 0; + if (agent()->variant() == ssl_variant_datagram) { + ep = static_cast<uint16_t>(header.sequence_number() >> 48); + if (!spec(ep).Unprotect(header, ciphertext, plaintext)) { + return false; + } + } else { + // In TLS, records aren't clearly labelled with their epoch, and we + // can't just use the newest keys because the same flight of messages can + // contain multiple epochs. So... trial decrypt! + for (size_t i = cipher_specs_.size() - 1; i > 0; --i) { + if (cipher_specs_[i].Unprotect(header, ciphertext, plaintext)) { + ep = cipher_specs_[i].epoch(); + break; + } + } + if (!ep) { + return false; + } } size_t len = plaintext->len(); @@ -396,33 +465,45 @@ bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header, return false; } + *protection_epoch = ep; *inner_content_type = plaintext->data()[len - 1]; plaintext->Truncate(len - 1); if (g_ssl_gtest_verbose) { - std::cerr << "unprotect: " << std::hex << header.sequence_number() - << std::dec << " type=" << static_cast<int>(*inner_content_type) + std::cerr << agent()->role_str() << ": unprotect: epoch=" << ep + << " seq=" << std::hex << header.sequence_number() << std::dec << " " << *plaintext << std::endl; } return true; } -bool TlsRecordFilter::Protect(const TlsRecordHeader& header, +bool TlsRecordFilter::Protect(TlsCipherSpec& protection_spec, + const TlsRecordHeader& header, uint8_t inner_content_type, const DataBuffer& plaintext, DataBuffer* ciphertext, size_t padding) { - if (!cipher_spec_ || header.content_type() != ssl_ct_application_data) { + if (!protection_spec.is_protected()) { + // Not protected, just keep the sequence numbers updated. + protection_spec.RecordProtected(); *ciphertext = plaintext; return true; } - if (g_ssl_gtest_verbose) { - std::cerr << "protect: " << header.sequence_number() << std::endl; - } + DataBuffer padded; padded.Allocate(plaintext.len() + 1 + padding); size_t offset = padded.Write(0, plaintext.data(), plaintext.len()); padded.Write(offset, inner_content_type, 1); - return cipher_spec_->Protect(header, padded, ciphertext); + + bool ok = protection_spec.Protect(header, padded, ciphertext); + if (!ok) { + ADD_FAILURE() << "protect fail"; + } else if (g_ssl_gtest_verbose) { + std::cerr << agent()->role_str() + << ": protect: epoch=" << protection_spec.epoch() + << " seq=" << std::hex << header.sequence_number() << std::dec + << " " << *ciphertext << std::endl; + } + return ok; } bool IsHelloRetry(const DataBuffer& body) { diff --git a/security/nss/gtests/ssl_gtest/tls_filter.h b/security/nss/gtests/ssl_gtest/tls_filter.h index 2b6e88645..64ee71c89 100644 --- a/security/nss/gtests/ssl_gtest/tls_filter.h +++ b/security/nss/gtests/ssl_gtest/tls_filter.h @@ -97,13 +97,7 @@ inline std::shared_ptr<T> MakeTlsFilter(const std::shared_ptr<TlsAgent>& agent, // Abstract filter that operates on entire (D)TLS records. class TlsRecordFilter : public PacketFilter { public: - TlsRecordFilter(const std::shared_ptr<TlsAgent>& a) - : agent_(a), - count_(0), - cipher_spec_(), - dropped_record_(false), - in_sequence_number_(0), - out_sequence_number_(0) {} + TlsRecordFilter(const std::shared_ptr<TlsAgent>& a); std::shared_ptr<TlsAgent> agent() const { return agent_.lock(); } @@ -118,10 +112,11 @@ class TlsRecordFilter : public PacketFilter { // behavior. void EnableDecryption(); bool Unprotect(const TlsRecordHeader& header, const DataBuffer& cipherText, - uint8_t* inner_content_type, DataBuffer* plaintext); - bool Protect(const TlsRecordHeader& header, uint8_t inner_content_type, - const DataBuffer& plaintext, DataBuffer* ciphertext, - size_t padding = 0); + uint16_t* protection_epoch, uint8_t* inner_content_type, + DataBuffer* plaintext); + bool Protect(TlsCipherSpec& protection_spec, const TlsRecordHeader& header, + uint8_t inner_content_type, const DataBuffer& plaintext, + DataBuffer* ciphertext, size_t padding = 0); protected: // There are two filter functions which can be overriden. Both are @@ -146,20 +141,17 @@ class TlsRecordFilter : public PacketFilter { } bool is_dtls13() const; + TlsCipherSpec& spec(uint16_t epoch); private: - static void CipherSpecChanged(void* arg, PRBool sending, - ssl3CipherSpec* newSpec); + static void SecretCallback(PRFileDesc* fd, PRUint16 epoch, + SSLSecretDirection dir, PK11SymKey* secret, + void* arg); std::weak_ptr<TlsAgent> agent_; - size_t count_; - std::unique_ptr<TlsCipherSpec> cipher_spec_; - // Whether we dropped a record since the cipher spec changed. - bool dropped_record_; - // The sequence number we use for reading records as they are written. - uint64_t in_sequence_number_; - // The sequence number we use for writing modified records. - uint64_t out_sequence_number_; + size_t count_ = 0; + std::vector<TlsCipherSpec> cipher_specs_; + bool decrypting_ = false; }; inline std::ostream& operator<<(std::ostream& stream, const TlsVersioned& v) { @@ -449,6 +441,80 @@ class TlsExtensionDropper : public TlsExtensionFilter { uint16_t extension_; }; +class TlsHandshakeDropper : public TlsHandshakeFilter { + public: + TlsHandshakeDropper(const std::shared_ptr<TlsAgent>& a) + : TlsHandshakeFilter(a) {} + + protected: + PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) override { + return DROP; + } +}; + +class TlsEncryptedHandshakeMessageReplacer : public TlsRecordFilter { + public: + TlsEncryptedHandshakeMessageReplacer(const std::shared_ptr<TlsAgent>& a, + uint8_t old_ct, uint8_t new_ct) + : TlsRecordFilter(a), old_ct_(old_ct), new_ct_(new_ct) {} + + protected: + PacketFilter::Action FilterRecord(const TlsRecordHeader& header, + const DataBuffer& record, size_t* offset, + DataBuffer* output) override { + if (header.content_type() != ssl_ct_application_data) { + return KEEP; + } + + uint16_t protection_epoch = 0; + uint8_t inner_content_type; + DataBuffer plaintext; + if (!Unprotect(header, record, &protection_epoch, &inner_content_type, + &plaintext) || + !plaintext.len()) { + return KEEP; + } + + if (inner_content_type != ssl_ct_handshake) { + return KEEP; + } + + size_t off = 0; + uint32_t msg_len = 0; + uint32_t msg_type = 255; // Not a real message + do { + if (!plaintext.Read(off, 1, &msg_type) || msg_type == old_ct_) { + break; + } + + // Increment and check next messages + if (!plaintext.Read(++off, 3, &msg_len)) { + break; + } + off += 3 + msg_len; + } while (msg_type != old_ct_); + + if (msg_type == old_ct_) { + plaintext.Write(off, new_ct_, 1); + } + + DataBuffer ciphertext; + bool ok = Protect(spec(protection_epoch), header, inner_content_type, + plaintext, &ciphertext, 0); + if (!ok) { + return KEEP; + } + *offset = header.Write(output, *offset, ciphertext); + return CHANGE; + } + + private: + uint8_t old_ct_; + uint8_t new_ct_; +}; + class TlsExtensionInjector : public TlsHandshakeFilter { public: TlsExtensionInjector(const std::shared_ptr<TlsAgent>& a, uint16_t ext, @@ -557,9 +623,9 @@ class SelectiveDropFilter : public PacketFilter { class SelectiveRecordDropFilter : public TlsRecordFilter { public: SelectiveRecordDropFilter(const std::shared_ptr<TlsAgent>& a, - uint32_t pattern, bool enabled = true) + uint32_t pattern, bool on = true) : TlsRecordFilter(a), pattern_(pattern), counter_(0) { - if (!enabled) { + if (!on) { Disable(); } } diff --git a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc index 004da3b1c..e1ad9e9f0 100644 --- a/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc +++ b/security/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc @@ -7,6 +7,9 @@ #include <memory> #include "nss.h" #include "pk11pub.h" +#include "secerr.h" +#include "sslproto.h" +#include "sslexp.h" #include "tls13hkdf.h" #include "databuffer.h" @@ -56,6 +59,39 @@ const size_t kHashLength[] = { 64, /* ssl_hash_sha512 */ }; +size_t GetHashLength(SSLHashType hash) { + size_t i = static_cast<size_t>(hash); + if (i < PR_ARRAY_SIZE(kHashLength)) { + return kHashLength[i]; + } + ADD_FAILURE() << "Unknown hash: " << hash; + return 0; +} + +CK_MECHANISM_TYPE GetHkdfMech(SSLHashType hash) { + switch (hash) { + case ssl_hash_sha256: + return CKM_NSS_HKDF_SHA256; + case ssl_hash_sha384: + return CKM_NSS_HKDF_SHA384; + default: + ADD_FAILURE() << "Unknown hash: " << hash; + } + return CKM_INVALID_MECHANISM; +} + +PRUint16 GetSomeCipherSuiteForHash(SSLHashType hash) { + switch (hash) { + case ssl_hash_sha256: + return TLS_AES_128_GCM_SHA256; + case ssl_hash_sha384: + return TLS_AES_256_GCM_SHA384; + default: + ADD_FAILURE() << "Unknown hash: " << hash; + } + return 0; +} + const std::string kHashName[] = {"None", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"}; @@ -64,7 +100,7 @@ static void ImportKey(ScopedPK11SymKey* to, const DataBuffer& key, ASSERT_LT(hash_type, sizeof(kHashLength)); ASSERT_LE(kHashLength[hash_type], key.len()); SECItem key_item = {siBuffer, const_cast<uint8_t*>(key.data()), - static_cast<unsigned int>(kHashLength[hash_type])}; + static_cast<unsigned int>(GetHashLength(hash_type))}; PK11SymKey* inner = PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, PK11_OriginUnwrap, @@ -112,15 +148,19 @@ class TlsHkdfTest : public ::testing::Test, ImportKey(&k2_, kKey2, hash_type_, slot_.get()); } - void VerifyKey(const ScopedPK11SymKey& key, const DataBuffer& expected) { + void VerifyKey(const ScopedPK11SymKey& key, CK_MECHANISM_TYPE expected_mech, + const DataBuffer& expected_value) { + EXPECT_EQ(expected_mech, PK11_GetMechanism(key.get())); + SECStatus rv = PK11_ExtractKeyValue(key.get()); ASSERT_EQ(SECSuccess, rv); SECItem* key_data = PK11_GetKeyData(key.get()); ASSERT_NE(nullptr, key_data); - EXPECT_EQ(expected.len(), key_data->len); - EXPECT_EQ(0, memcmp(expected.data(), key_data->data, expected.len())); + EXPECT_EQ(expected_value.len(), key_data->len); + EXPECT_EQ( + 0, memcmp(expected_value.data(), key_data->data, expected_value.len())); } void HkdfExtract(const ScopedPK11SymKey& ikmk1, const ScopedPK11SymKey& ikmk2, @@ -133,7 +173,15 @@ class TlsHkdfTest : public ::testing::Test, ScopedPK11SymKey prkk(prk); DumpKey("Output", prkk); - VerifyKey(prkk, expected); + VerifyKey(prkk, GetHkdfMech(base_hash), expected); + + // Now test the public wrapper. + PRUint16 cs = GetSomeCipherSuiteForHash(base_hash); + rv = SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, cs, ikmk1.get(), + ikmk2.get(), &prk); + ASSERT_EQ(SECSuccess, rv); + ASSERT_NE(nullptr, prk); + VerifyKey(ScopedPK11SymKey(prk), GetHkdfMech(base_hash), expected); } void HkdfExpandLabel(ScopedPK11SymKey* prk, SSLHashType base_hash, @@ -150,6 +198,32 @@ class TlsHkdfTest : public ::testing::Test, ASSERT_EQ(SECSuccess, rv); DumpData("Output", &output[0], output.size()); EXPECT_EQ(0, memcmp(expected.data(), &output[0], expected.len())); + + // Verify that the public API produces the same result. + PRUint16 cs = GetSomeCipherSuiteForHash(base_hash); + PK11SymKey* secret; + rv = SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(), + session_hash, session_hash_len, label, label_len, + &secret); + EXPECT_EQ(SECSuccess, rv); + ASSERT_NE(nullptr, prk); + VerifyKey(ScopedPK11SymKey(secret), GetHkdfMech(base_hash), expected); + + // Verify that a key can be created with a different key type and size. + rv = SSL_HkdfExpandLabelWithMech( + SSL_LIBRARY_VERSION_TLS_1_3, cs, prk->get(), session_hash, + session_hash_len, label, label_len, CKM_DES3_CBC_PAD, 24, &secret); + EXPECT_EQ(SECSuccess, rv); + ASSERT_NE(nullptr, prk); + ScopedPK11SymKey with_mech(secret); + EXPECT_EQ(static_cast<CK_MECHANISM_TYPE>(CKM_DES3_CBC_PAD), + PK11_GetMechanism(with_mech.get())); + // Just verify that the key is the right size. + rv = PK11_ExtractKeyValue(with_mech.get()); + ASSERT_EQ(SECSuccess, rv); + SECItem* key_data = PK11_GetKeyData(with_mech.get()); + ASSERT_NE(nullptr, key_data); + EXPECT_EQ(24U, key_data->len); } protected: @@ -175,7 +249,7 @@ TEST_P(TlsHkdfTest, HkdfNullNull) { 0x10, 0xba, 0x18, 0xe2, 0x35, 0x7e, 0x71, 0x69, 0x71, 0xf9, 0x36, 0x2f, 0x2c, 0x2f, 0xe2, 0xa7, 0x6b, 0xfd, 0x78, 0xdf, 0xec, 0x4e, 0xa9, 0xb5}}; - const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]); + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); HkdfExtract(nullptr, nullptr, hash_type_, expected_data); } @@ -193,7 +267,7 @@ TEST_P(TlsHkdfTest, HkdfKey1Only) { 0x57, 0xc2, 0x76, 0x9f, 0x3f, 0x83, 0x45, 0x2f, 0xf6, 0xf3, 0x56, 0x1f, 0x58, 0x63, 0xdb, 0x88, 0xda, 0x40, 0xce, 0x63, 0x7d, 0x24, 0x37, 0xf3}}; - const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]); + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); HkdfExtract(k1_, nullptr, hash_type_, expected_data); } @@ -211,7 +285,7 @@ TEST_P(TlsHkdfTest, HkdfKey2Only) { 0xd4, 0x6a, 0xf6, 0xe5, 0xec, 0xea, 0xf8, 0x7d, 0x91, 0x71, 0x81, 0xf1, 0xdb, 0x3b, 0xaf, 0xbf, 0xde, 0x71, 0x61, 0x15, 0xeb, 0xb5, 0x5f, 0x68}}; - const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]); + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); HkdfExtract(nullptr, k2_, hash_type_, expected_data); } @@ -229,7 +303,7 @@ TEST_P(TlsHkdfTest, HkdfKey1Key2) { 0x1c, 0x5b, 0x98, 0x0b, 0x02, 0x92, 0x3f, 0xfd, 0x73, 0x5a, 0x6f, 0x2a, 0x95, 0xa3, 0xee, 0xf6, 0xd6, 0x8e, 0x6f, 0x86, 0xea, 0x63, 0xf8, 0x33}}; - const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]); + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); HkdfExtract(k1_, k2_, hash_type_, expected_data); } @@ -247,12 +321,122 @@ TEST_P(TlsHkdfTest, HkdfExpandLabel) { 0x74, 0xf7, 0x8b, 0x06, 0x38, 0x28, 0x06, 0x37, 0x75, 0x23, 0xa2, 0xb7, 0x34, 0xb1, 0x72, 0x2e, 0x59, 0x6d, 0x5a, 0x31, 0xf5, 0x53, 0xab, 0x99}}; - const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]); - HkdfExpandLabel(&k1_, hash_type_, kSessionHash, kHashLength[hash_type_], + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); + HkdfExpandLabel(&k1_, hash_type_, kSessionHash, GetHashLength(hash_type_), kLabelMasterSecret, strlen(kLabelMasterSecret), expected_data); } +TEST_P(TlsHkdfTest, HkdfExpandLabelNoHash) { + const uint8_t tv[][48] = { + {/* ssl_hash_none */}, + {/* ssl_hash_md5 */}, + {/* ssl_hash_sha1 */}, + {/* ssl_hash_sha224 */}, + {0xb7, 0x08, 0x00, 0xe3, 0x8e, 0x48, 0x68, 0x91, 0xb1, 0x0f, 0x5e, + 0x6f, 0x22, 0x53, 0x6b, 0x84, 0x69, 0x75, 0xaa, 0xa3, 0x2a, 0xe7, + 0xde, 0xaa, 0xc3, 0xd1, 0xb4, 0x05, 0x22, 0x5c, 0x68, 0xf5}, + {0x13, 0xd3, 0x36, 0x9f, 0x3c, 0x78, 0xa0, 0x32, 0x40, 0xee, 0x16, 0xe9, + 0x11, 0x12, 0x66, 0xc7, 0x51, 0xad, 0xd8, 0x3c, 0xa1, 0xa3, 0x97, 0x74, + 0xd7, 0x45, 0xff, 0xa7, 0x88, 0x9e, 0x52, 0x17, 0x2e, 0xaa, 0x3a, 0xd2, + 0x35, 0xd8, 0xd5, 0x35, 0xfd, 0x65, 0x70, 0x9f, 0xa9, 0xf9, 0xfa, 0x23}}; + + const DataBuffer expected_data(tv[hash_type_], GetHashLength(hash_type_)); + HkdfExpandLabel(&k1_, hash_type_, nullptr, 0, kLabelMasterSecret, + strlen(kLabelMasterSecret), expected_data); +} + +TEST_P(TlsHkdfTest, BadExtractWrapperInput) { + PK11SymKey* key = nullptr; + + // Bad version. + EXPECT_EQ(SECFailure, + SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256, + k1_.get(), k2_.get(), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Bad ciphersuite. + EXPECT_EQ(SECFailure, + SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_SHA, + k1_.get(), k2_.get(), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Old ciphersuite. + EXPECT_EQ(SECFailure, SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(), + k2_.get(), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // NULL outparam.. + EXPECT_EQ(SECFailure, SSL_HkdfExtract(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(), + k2_.get(), nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + EXPECT_EQ(nullptr, key); +} + +TEST_P(TlsHkdfTest, BadExpandLabelWrapperInput) { + PK11SymKey* key = nullptr; + static const char* kLabel = "label"; + + // Bad version. + EXPECT_EQ( + SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256, + k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Bad ciphersuite. + EXPECT_EQ( + SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, TLS_RSA_WITH_NULL_MD5, + k1_.get(), nullptr, 0, kLabel, strlen(kLabel), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Old ciphersuite. + EXPECT_EQ(SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_RSA_WITH_AES_128_CBC_SHA, k1_.get(), + nullptr, 0, kLabel, strlen(kLabel), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Null PRK. + EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel( + SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256, + nullptr, nullptr, 0, kLabel, strlen(kLabel), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Null, non-zero-length handshake hash. + EXPECT_EQ( + SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_2, TLS_AES_128_GCM_SHA256, + k1_.get(), nullptr, 2, kLabel, strlen(kLabel), &key)); + + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + // Null, non-zero-length label. + EXPECT_EQ(SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0, + nullptr, strlen(kLabel), &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Null, empty label. + EXPECT_EQ(SECFailure, SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_AES_128_GCM_SHA256, k1_.get(), + nullptr, 0, nullptr, 0, &key)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + // Null key pointer.. + EXPECT_EQ(SECFailure, + SSL_HkdfExpandLabel(SSL_LIBRARY_VERSION_TLS_1_3, + TLS_AES_128_GCM_SHA256, k1_.get(), nullptr, 0, + kLabel, strlen(kLabel), nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + EXPECT_EQ(nullptr, key); +} + static const SSLHashType kHashTypes[] = {ssl_hash_sha256, ssl_hash_sha384}; INSTANTIATE_TEST_CASE_P(AllHashFuncs, TlsHkdfTest, ::testing::ValuesIn(kHashTypes)); diff --git a/security/nss/gtests/ssl_gtest/tls_protect.cc b/security/nss/gtests/ssl_gtest/tls_protect.cc index c715a36a6..de91982f7 100644 --- a/security/nss/gtests/ssl_gtest/tls_protect.cc +++ b/security/nss/gtests/ssl_gtest/tls_protect.cc @@ -5,145 +5,98 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "tls_protect.h" +#include "sslproto.h" #include "tls_filter.h" namespace nss_test { -AeadCipher::~AeadCipher() { - if (key_) { - PK11_FreeSymKey(key_); +static uint64_t FirstSeqno(bool dtls, uint16_t epoc) { + if (dtls) { + return static_cast<uint64_t>(epoc) << 48; } + return 0; } -bool AeadCipher::Init(PK11SymKey *key, const uint8_t *iv) { - key_ = PK11_ReferenceSymKey(key); - if (!key_) return false; - - memcpy(iv_, iv, sizeof(iv_)); - return true; -} - -void AeadCipher::FormatNonce(uint64_t seq, uint8_t *nonce) { - memcpy(nonce, iv_, 12); - - for (size_t i = 0; i < 8; ++i) { - nonce[12 - (i + 1)] ^= seq & 0xff; - seq >>= 8; +TlsCipherSpec::TlsCipherSpec(bool dtls, uint16_t epoc) + : dtls_(dtls), + epoch_(epoc), + in_seqno_(FirstSeqno(dtls, epoc)), + out_seqno_(FirstSeqno(dtls, epoc)) {} + +bool TlsCipherSpec::SetKeys(SSLCipherSuiteInfo* cipherinfo, + PK11SymKey* secret) { + SSLAeadContext* ctx; + SECStatus rv = SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, + cipherinfo->cipherSuite, secret, "", + 0, // Use the default labels. + &ctx); + if (rv != SECSuccess) { + return false; } - - DataBuffer d(nonce, 12); -} - -bool AeadCipher::AeadInner(bool decrypt, void *params, size_t param_length, - const uint8_t *in, size_t inlen, uint8_t *out, - size_t *outlen, size_t maxlen) { - SECStatus rv; - unsigned int uoutlen = 0; - SECItem param = { - siBuffer, static_cast<unsigned char *>(params), - static_cast<unsigned int>(param_length), - }; - - if (decrypt) { - rv = PK11_Decrypt(key_, mech_, ¶m, out, &uoutlen, maxlen, in, inlen); - } else { - rv = PK11_Encrypt(key_, mech_, ¶m, out, &uoutlen, maxlen, in, inlen); - } - *outlen = (int)uoutlen; - - return rv == SECSuccess; -} - -bool AeadCipherAesGcm::Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, - uint64_t seq, const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen, size_t maxlen) { - CK_GCM_PARAMS aeadParams; - unsigned char nonce[12]; - - memset(&aeadParams, 0, sizeof(aeadParams)); - aeadParams.pIv = nonce; - aeadParams.ulIvLen = sizeof(nonce); - aeadParams.pAAD = const_cast<uint8_t *>(hdr); - aeadParams.ulAADLen = hdr_len; - aeadParams.ulTagBits = 128; - - FormatNonce(seq, nonce); - return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams), - in, inlen, out, outlen, maxlen); -} - -bool AeadCipherChacha20Poly1305::Aead(bool decrypt, const uint8_t *hdr, - size_t hdr_len, uint64_t seq, - const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen, - size_t maxlen) { - CK_NSS_AEAD_PARAMS aeadParams; - unsigned char nonce[12]; - - memset(&aeadParams, 0, sizeof(aeadParams)); - aeadParams.pNonce = nonce; - aeadParams.ulNonceLen = sizeof(nonce); - aeadParams.pAAD = const_cast<uint8_t *>(hdr); - aeadParams.ulAADLen = hdr_len; - aeadParams.ulTagLen = 16; - - FormatNonce(seq, nonce); - return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams), - in, inlen, out, outlen, maxlen); + aead_.reset(ctx); + return true; } -bool TlsCipherSpec::Init(uint16_t epoc, SSLCipherAlgorithm cipher, - PK11SymKey *key, const uint8_t *iv) { - epoch_ = epoc; - switch (cipher) { - case ssl_calg_aes_gcm: - aead_.reset(new AeadCipherAesGcm()); - break; - case ssl_calg_chacha20: - aead_.reset(new AeadCipherChacha20Poly1305()); - break; - default: - return false; +bool TlsCipherSpec::Unprotect(const TlsRecordHeader& header, + const DataBuffer& ciphertext, + DataBuffer* plaintext) { + if (aead_ == nullptr) { + return false; } - - return aead_->Init(key, iv); -} - -bool TlsCipherSpec::Unprotect(const TlsRecordHeader &header, - const DataBuffer &ciphertext, - DataBuffer *plaintext) { // Make space. plaintext->Allocate(ciphertext.len()); auto header_bytes = header.header(); - size_t len; - bool ret = - aead_->Aead(true, header_bytes.data(), header_bytes.len(), - header.sequence_number(), ciphertext.data(), ciphertext.len(), - plaintext->data(), &len, plaintext->len()); - if (!ret) return false; + unsigned int len; + uint64_t seqno; + if (dtls_) { + seqno = header.sequence_number(); + } else { + seqno = in_seqno_; + } + SECStatus rv = + SSL_AeadDecrypt(aead_.get(), seqno, header_bytes.data(), + header_bytes.len(), ciphertext.data(), ciphertext.len(), + plaintext->data(), &len, plaintext->len()); + if (rv != SECSuccess) { + return false; + } - plaintext->Truncate(len); + RecordUnprotected(seqno); + plaintext->Truncate(static_cast<size_t>(len)); return true; } -bool TlsCipherSpec::Protect(const TlsRecordHeader &header, - const DataBuffer &plaintext, - DataBuffer *ciphertext) { +bool TlsCipherSpec::Protect(const TlsRecordHeader& header, + const DataBuffer& plaintext, + DataBuffer* ciphertext) { + if (aead_ == nullptr) { + return false; + } // Make a padded buffer. - ciphertext->Allocate(plaintext.len() + 32); // Room for any plausible auth tag - size_t len; + unsigned int len; DataBuffer header_bytes; (void)header.WriteHeader(&header_bytes, 0, plaintext.len() + 16); - bool ret = - aead_->Aead(false, header_bytes.data(), header_bytes.len(), - header.sequence_number(), plaintext.data(), plaintext.len(), - ciphertext->data(), &len, ciphertext->len()); - if (!ret) return false; + uint64_t seqno; + if (dtls_) { + seqno = header.sequence_number(); + } else { + seqno = out_seqno_; + } + + SECStatus rv = + SSL_AeadEncrypt(aead_.get(), seqno, header_bytes.data(), + header_bytes.len(), plaintext.data(), plaintext.len(), + ciphertext->data(), &len, ciphertext->len()); + if (rv != SECSuccess) { + return false; + } + + RecordProtected(); ciphertext->Truncate(len); return true; diff --git a/security/nss/gtests/ssl_gtest/tls_protect.h b/security/nss/gtests/ssl_gtest/tls_protect.h index 6f129a4eb..b1febf887 100644 --- a/security/nss/gtests/ssl_gtest/tls_protect.h +++ b/security/nss/gtests/ssl_gtest/tls_protect.h @@ -10,71 +10,48 @@ #include <cstdint> #include <memory> -#include "databuffer.h" #include "pk11pub.h" #include "sslt.h" +#include "sslexp.h" + +#include "databuffer.h" +#include "scoped_ptrs_ssl.h" namespace nss_test { class TlsRecordHeader; -class AeadCipher { - public: - AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {} - virtual ~AeadCipher(); - - bool Init(PK11SymKey *key, const uint8_t *iv); - virtual bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, - uint64_t seq, const uint8_t *in, size_t inlen, uint8_t *out, - size_t *outlen, size_t maxlen) = 0; - - protected: - void FormatNonce(uint64_t seq, uint8_t *nonce); - bool AeadInner(bool decrypt, void *params, size_t param_length, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen, - size_t maxlen); - - CK_MECHANISM_TYPE mech_; - PK11SymKey *key_; - uint8_t iv_[12]; -}; - -class AeadCipherChacha20Poly1305 : public AeadCipher { - public: - AeadCipherChacha20Poly1305() : AeadCipher(CKM_NSS_CHACHA20_POLY1305) {} - - protected: - bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, uint64_t seq, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen, - size_t maxlen); -}; - -class AeadCipherAesGcm : public AeadCipher { - public: - AeadCipherAesGcm() : AeadCipher(CKM_AES_GCM) {} - - protected: - bool Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, uint64_t seq, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen, - size_t maxlen); -}; - // Our analog of ssl3CipherSpec class TlsCipherSpec { public: - TlsCipherSpec() : epoch_(0), aead_() {} + TlsCipherSpec(bool dtls, uint16_t epoc); + bool SetKeys(SSLCipherSuiteInfo* cipherinfo, PK11SymKey* secret); - bool Init(uint16_t epoch, SSLCipherAlgorithm cipher, PK11SymKey *key, - const uint8_t *iv); + bool Protect(const TlsRecordHeader& header, const DataBuffer& plaintext, + DataBuffer* ciphertext); + bool Unprotect(const TlsRecordHeader& header, const DataBuffer& ciphertext, + DataBuffer* plaintext); - bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext, - DataBuffer *ciphertext); - bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext, - DataBuffer *plaintext); uint16_t epoch() const { return epoch_; } + uint64_t next_in_seqno() const { return in_seqno_; } + void RecordUnprotected(uint64_t seqno) { + // Reordering happens, so don't let this go backwards. + in_seqno_ = (std::max)(in_seqno_, seqno + 1); + } + uint64_t next_out_seqno() { return out_seqno_; } + void RecordProtected() { out_seqno_++; } + + void RecordDropped() { record_dropped_ = true; } + bool record_dropped() const { return record_dropped_; } + + bool is_protected() const { return aead_ != nullptr; } private: + bool dtls_; uint16_t epoch_; - std::unique_ptr<AeadCipher> aead_; + uint64_t in_seqno_; + uint64_t out_seqno_; + bool record_dropped_ = false; + ScopedSSLAeadContext aead_; }; } // namespace nss_test diff --git a/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc b/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc new file mode 100644 index 000000000..0882ef7ef --- /dev/null +++ b/security/nss/gtests/ssl_gtest/tls_subcerts_unittest.cc @@ -0,0 +1,568 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include <ctime> + +#include "prtime.h" +#include "secerr.h" +#include "ssl.h" + +#include "gtest_utils.h" +#include "tls_agent.h" +#include "tls_connect.h" + +namespace nss_test { + +const std::string kEcdsaDelegatorId = TlsAgent::kDelegatorEcdsa256; +const std::string kRsaeDelegatorId = TlsAgent::kDelegatorRsae2048; +const std::string kDCId = TlsAgent::kServerEcdsa256; +const SSLSignatureScheme kDCScheme = ssl_sig_ecdsa_secp256r1_sha256; +const PRUint32 kDCValidFor = 60 * 60 * 24 * 7 /* 1 week (seconds */; + +static void CheckPreliminaryPeerDelegCred( + const std::shared_ptr<TlsAgent>& client, bool expected, + PRUint32 key_bits = 0, SSLSignatureScheme sig_scheme = ssl_sig_none) { + EXPECT_NE(0U, (client->pre_info().valuesSet & ssl_preinfo_peer_auth)); + EXPECT_EQ(expected, client->pre_info().peerDelegCred); + if (expected) { + EXPECT_EQ(key_bits, client->pre_info().authKeyBits); + EXPECT_EQ(sig_scheme, client->pre_info().signatureScheme); + } +} + +static void CheckPeerDelegCred(const std::shared_ptr<TlsAgent>& client, + bool expected, PRUint32 key_bits = 0) { + EXPECT_EQ(expected, client->info().peerDelegCred); + EXPECT_EQ(expected, client->pre_info().peerDelegCred); + if (expected) { + EXPECT_EQ(key_bits, client->info().authKeyBits); + EXPECT_EQ(key_bits, client->pre_info().authKeyBits); + EXPECT_EQ(client->info().signatureScheme, + client->pre_info().signatureScheme); + } +} + +// AuthCertificate callbacks to simulate DC validation +static SECStatus CheckPreliminaryDC(TlsAgent* agent, bool checksig, + bool isServer) { + agent->UpdatePreliminaryChannelInfo(); + EXPECT_EQ(PR_TRUE, agent->pre_info().peerDelegCred); + EXPECT_EQ(256U, agent->pre_info().authKeyBits); + EXPECT_EQ(ssl_sig_ecdsa_secp256r1_sha256, agent->pre_info().signatureScheme); + return SECSuccess; +} + +static SECStatus CheckPreliminaryNoDC(TlsAgent* agent, bool checksig, + bool isServer) { + agent->UpdatePreliminaryChannelInfo(); + EXPECT_EQ(PR_FALSE, agent->pre_info().peerDelegCred); + return SECSuccess; +} + +// AuthCertificate callbacks for modifying DC attributes. +// This allows testing tls13_CertificateVerify for rejection +// of DC attributes that have changed since AuthCertificateHook +// may have handled them. +static SECStatus ModifyDCAuthKeyBits(TlsAgent* agent, bool checksig, + bool isServer) { + return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(), + PR_TRUE, // Change authKeyBits + PR_FALSE); // Change scheme +} + +static SECStatus ModifyDCScheme(TlsAgent* agent, bool checksig, bool isServer) { + return SSLInt_TweakChannelInfoForDC(agent->ssl_fd(), + PR_FALSE, // Change authKeyBits + PR_TRUE); // Change scheme +} + +// Attempt to configure a DC when either the DC or DC private key is missing. +TEST_P(TlsConnectTls13, DCNotConfigured) { + // Load and delegate the credential. + ScopedSECKEYPublicKey pub; + ScopedSECKEYPrivateKey priv; + EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(kDCId, &pub, &priv)); + + StackSECItem dc; + TlsAgent::DelegateCredential(kEcdsaDelegatorId, pub, kDCScheme, kDCValidFor, + now(), &dc); + + // Attempt to install the certificate and DC with a missing DC private key. + EnsureTlsSetup(); + SSLExtraServerCertData extra_data_missing_dc_priv_key = { + ssl_auth_null, nullptr, nullptr, nullptr, &dc, nullptr}; + EXPECT_FALSE(server_->ConfigServerCert(kEcdsaDelegatorId, true, + &extra_data_missing_dc_priv_key)); + + // Attempt to install the certificate and with only the DC private key. + EnsureTlsSetup(); + SSLExtraServerCertData extra_data_missing_dc = { + ssl_auth_null, nullptr, nullptr, nullptr, nullptr, priv.get()}; + EXPECT_FALSE(server_->ConfigServerCert(kEcdsaDelegatorId, true, + &extra_data_missing_dc)); +} + +// Connected with ECDSA-P256. +TEST_P(TlsConnectTls13, DCConnectEcdsaP256) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256, + ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor, + now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, true, 256); + EXPECT_EQ(ssl_sig_ecdsa_secp256r1_sha256, client_->info().signatureScheme); +} + +// Connected with ECDSA-P521. +TEST_P(TlsConnectTls13, DCConnectEcdsaP521) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521, + ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor, + now()); + client_->EnableDelegatedCredentials(); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, true, 521); + EXPECT_EQ(ssl_sig_ecdsa_secp521r1_sha512, client_->info().signatureScheme); +} + +// Connected with RSA-PSS, using an RSAE DC SPKI. +TEST_P(TlsConnectTls13, DCConnectRsaPssRsae) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential( + TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, true, 1024); + EXPECT_EQ(ssl_sig_rsa_pss_rsae_sha256, client_->info().signatureScheme); +} + +// Connected with RSA-PSS, using a RSAE Delegator SPKI. +TEST_P(TlsConnectTls13, DCConnectRsaeDelegator) { + Reset(kRsaeDelegatorId); + + static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pss_rsae_sha256, + ssl_sig_rsa_pss_pss_sha256}; + client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential( + TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, true, 1024); + EXPECT_EQ(ssl_sig_rsa_pss_pss_sha256, client_->info().signatureScheme); +} + +// Connected with RSA-PSS, using a PSS SPKI. +TEST_P(TlsConnectTls13, DCConnectRsaPssPss) { + Reset(kEcdsaDelegatorId); + + // Need to enable PSS-PSS, which is not on by default. + static const SSLSignatureScheme kSchemes[] = {ssl_sig_ecdsa_secp256r1_sha256, + ssl_sig_rsa_pss_pss_sha256}; + client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); + + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential( + TlsAgent::kServerRsaPss, ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, true, 1024); + EXPECT_EQ(ssl_sig_rsa_pss_pss_sha256, client_->info().signatureScheme); +} + +// Generate a weak key. We can't do this in the fixture because certutil +// won't sign with such a tiny key. That's OK, because this is fast(ish). +static void GenerateWeakRsaKey(ScopedSECKEYPrivateKey& priv, + ScopedSECKEYPublicKey& pub) { + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + ASSERT_TRUE(slot); + PK11RSAGenParams rsaparams; + // The absolute minimum size of RSA key that we can use with SHA-256 is + // 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. + rsaparams.keySizeInBits = 528; + rsaparams.pe = 65537; + + // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient + // entropy to generate a random key. We can fake some. + for (int retry = 0; retry < 10; ++retry) { + SECKEYPublicKey* p_pub = nullptr; + priv.reset(PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, + &rsaparams, &p_pub, false, false, nullptr)); + pub.reset(p_pub); + if (priv) { + return; + } + + ASSERT_FALSE(pub); + if (PORT_GetError() != SEC_ERROR_PKCS11_FUNCTION_FAILED) { + break; + } + + // https://xkcd.com/221/ + static const uint8_t FRESH_ENTROPY[16] = {4}; + ASSERT_EQ( + SECSuccess, + PK11_RandomUpdate( + const_cast<void*>(reinterpret_cast<const void*>(FRESH_ENTROPY)), + sizeof(FRESH_ENTROPY))); + break; + } + ADD_FAILURE() << "Unable to generate an RSA key: " + << PORT_ErrorToName(PORT_GetError()); +} + +// Fail to connect with a weak RSA key. +TEST_P(TlsConnectTls13, DCWeakKey) { + Reset(kEcdsaDelegatorId); + EnsureTlsSetup(); + + ScopedSECKEYPrivateKey dc_priv; + ScopedSECKEYPublicKey dc_pub; + GenerateWeakRsaKey(dc_priv, dc_pub); + ASSERT_TRUE(dc_priv); + + // Construct a DC. + StackSECItem dc; + TlsAgent::DelegateCredential(kEcdsaDelegatorId, dc_pub, + ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, now(), + &dc); + + // Configure the DC on the server. + SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr, + nullptr, &dc, dc_priv.get()}; + EXPECT_TRUE(server_->ConfigServerCert(kEcdsaDelegatorId, true, &extra_data)); + + client_->EnableDelegatedCredentials(); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity); +} + +class ReplaceDCSigScheme : public TlsHandshakeFilter { + public: + ReplaceDCSigScheme(const std::shared_ptr<TlsAgent>& a) + : TlsHandshakeFilter(a, {ssl_hs_certificate_verify}) {} + + protected: + PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output) override { + *output = input; + output->Write(0, ssl_sig_ecdsa_secp384r1_sha384, 2); + return CHANGE; + } +}; + +// Aborted because of incorrect DC signature algorithm indication. +TEST_P(TlsConnectTls13, DCAbortBadExpectedCertVerifyAlg) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256, + ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor, + now()); + auto filter = MakeTlsFilter<ReplaceDCSigScheme>(server_); + filter->EnableDecryption(); + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); + client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH); + server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); +} + +// Aborted because of invalid DC signature. +TEST_P(TlsConnectTls13, DCAbortBadSignature) { + Reset(kEcdsaDelegatorId); + EnsureTlsSetup(); + client_->EnableDelegatedCredentials(); + + ScopedSECKEYPublicKey pub; + ScopedSECKEYPrivateKey priv; + EXPECT_TRUE(TlsAgent::LoadKeyPairFromCert(kDCId, &pub, &priv)); + + StackSECItem dc; + TlsAgent::DelegateCredential(kEcdsaDelegatorId, pub, kDCScheme, kDCValidFor, + now(), &dc); + ASSERT_TRUE(dc.data != nullptr); + + // Flip the first bit of the DC so that the signature is invalid. + dc.data[0] ^= 0x01; + + SSLExtraServerCertData extra_data = {ssl_auth_null, nullptr, nullptr, + nullptr, &dc, priv.get()}; + EXPECT_TRUE(server_->ConfigServerCert(kEcdsaDelegatorId, true, &extra_data)); + + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); + client_->CheckErrorCode(SSL_ERROR_DC_BAD_SIGNATURE); + server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); +} + +// Aborted because of expired DC. +TEST_P(TlsConnectTls13, DCAbortExpired) { + Reset(kEcdsaDelegatorId); + server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now()); + client_->EnableDelegatedCredentials(); + // When the client checks the time, it will be at least one second after the + // DC expired. + AdvanceTime((static_cast<PRTime>(kDCValidFor) + 1) * PR_USEC_PER_SEC); + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); + client_->CheckErrorCode(SSL_ERROR_DC_EXPIRED); + server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); +} + +// Aborted because of invalid key usage. +TEST_P(TlsConnectTls13, DCAbortBadKeyUsage) { + // The sever does not have the delegationUsage extension. + Reset(TlsAgent::kServerEcdsa256); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now()); + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); +} + +// Connected without DC because of no client indication. +TEST_P(TlsConnectTls13, DCConnectNoClientSupport) { + Reset(kEcdsaDelegatorId); + server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_FALSE(cfilter->captured()); + CheckPeerDelegCred(client_, false); +} + +// Connected without DC because of no server DC. +TEST_P(TlsConnectTls13, DCConnectNoServerSupport) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, false); +} + +// Connected without DC because client doesn't support TLS 1.3. +TEST_P(TlsConnectTls13, DCConnectClientNoTls13) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now()); + + client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, + SSL_LIBRARY_VERSION_TLS_1_2); + server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, + SSL_LIBRARY_VERSION_TLS_1_3); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + // Should fallback to TLS 1.2 and not negotiate a DC. + EXPECT_FALSE(cfilter->captured()); + CheckPeerDelegCred(client_, false); +} + +// Connected without DC because server doesn't support TLS 1.3. +TEST_P(TlsConnectTls13, DCConnectServerNoTls13) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(kDCId, kDCScheme, kDCValidFor, now()); + + client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, + SSL_LIBRARY_VERSION_TLS_1_3); + server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, + SSL_LIBRARY_VERSION_TLS_1_2); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + // Should fallback to TLS 1.2 and not negotiate a DC. The client will still + // send the indication because it supports 1.3. + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, false); +} + +// Connected without DC because client doesn't support the signature scheme. +TEST_P(TlsConnectTls13, DCConnectExpectedCertVerifyAlgNotSupported) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + static const SSLSignatureScheme kClientSchemes[] = { + ssl_sig_ecdsa_secp256r1_sha256, + }; + client_->SetSignatureSchemes(kClientSchemes, PR_ARRAY_SIZE(kClientSchemes)); + + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521, + ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor, + now()); + + auto cfilter = MakeTlsFilter<TlsExtensionCapture>( + client_, ssl_delegated_credentials_xtn); + Connect(); + + // Client sends indication, but the server doesn't send a DC. + EXPECT_TRUE(cfilter->captured()); + CheckPeerDelegCred(client_, false); +} + +// Check that preliminary channel info properly reflects the DC. +TEST_P(TlsConnectTls13, DCCheckPreliminaryInfo) { + Reset(kEcdsaDelegatorId); + EnsureTlsSetup(); + client_->EnableDelegatedCredentials(); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa256, + ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor, + now()); + + auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_); + filter->SetHandshakeTypes( + {kTlsHandshakeCertificateVerify, kTlsHandshakeFinished}); + filter->EnableDecryption(); + StartConnect(); + client_->Handshake(); // Send ClientHello + server_->Handshake(); // Send ServerHello + + client_->SetAuthCertificateCallback(CheckPreliminaryDC); + client_->Handshake(); // Process response + + client_->UpdatePreliminaryChannelInfo(); + CheckPreliminaryPeerDelegCred(client_, true, 256, + ssl_sig_ecdsa_secp256r1_sha256); +} + +// Check that preliminary channel info properly reflects a lack of DC. +TEST_P(TlsConnectTls13, DCCheckPreliminaryInfoNoDC) { + Reset(kEcdsaDelegatorId); + EnsureTlsSetup(); + client_->EnableDelegatedCredentials(); + auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_); + filter->SetHandshakeTypes( + {kTlsHandshakeCertificateVerify, kTlsHandshakeFinished}); + filter->EnableDecryption(); + StartConnect(); + client_->Handshake(); // Send ClientHello + server_->Handshake(); // Send ServerHello + + client_->SetAuthCertificateCallback(CheckPreliminaryNoDC); + client_->Handshake(); // Process response + + client_->UpdatePreliminaryChannelInfo(); + CheckPreliminaryPeerDelegCred(client_, false); +} + +// Tweak the scheme in between |Cert| and |CertVerify|. +TEST_P(TlsConnectTls13, DCRejectModifiedDCScheme) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + client_->SetAuthCertificateCallback(ModifyDCScheme); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521, + ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor, + now()); + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); + server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); + client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH); +} + +// Tweak the authKeyBits in between |Cert| and |CertVerify|. +TEST_P(TlsConnectTls13, DCRejectModifiedDCAuthKeyBits) { + Reset(kEcdsaDelegatorId); + client_->EnableDelegatedCredentials(); + client_->SetAuthCertificateCallback(ModifyDCAuthKeyBits); + server_->AddDelegatedCredential(TlsAgent::kServerEcdsa521, + ssl_sig_ecdsa_secp521r1_sha512, kDCValidFor, + now()); + ConnectExpectAlert(client_, kTlsAlertIllegalParameter); + server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT); + client_->CheckErrorCode(SSL_ERROR_DC_CERT_VERIFY_ALG_MISMATCH); +} + +class DCDelegation : public ::testing::Test {}; + +TEST_F(DCDelegation, DCDelegations) { + PRTime now = PR_Now(); + ScopedCERTCertificate cert; + ScopedSECKEYPrivateKey priv; + ASSERT_TRUE(TlsAgent::LoadCertificate(kEcdsaDelegatorId, &cert, &priv)); + + ScopedSECKEYPublicKey pub_rsa; + ScopedSECKEYPrivateKey priv_rsa; + ASSERT_TRUE( + TlsAgent::LoadKeyPairFromCert(TlsAgent::kServerRsa, &pub_rsa, &priv_rsa)); + + StackSECItem dc; + EXPECT_EQ(SECFailure, + SSL_DelegateCredential(cert.get(), priv.get(), pub_rsa.get(), + ssl_sig_ecdsa_secp256r1_sha256, kDCValidFor, + now, &dc)); + EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError()); + + // Using different PSS hashes should be OK. + EXPECT_EQ(SECSuccess, + SSL_DelegateCredential(cert.get(), priv.get(), pub_rsa.get(), + ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, + now, &dc)); + // Make sure to reset |dc| after each success. + dc.Reset(); + EXPECT_EQ(SECSuccess, SSL_DelegateCredential( + cert.get(), priv.get(), pub_rsa.get(), + ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now, &dc)); + dc.Reset(); + EXPECT_EQ(SECSuccess, SSL_DelegateCredential( + cert.get(), priv.get(), pub_rsa.get(), + ssl_sig_rsa_pss_pss_sha384, kDCValidFor, now, &dc)); + dc.Reset(); + + ScopedSECKEYPublicKey pub_ecdsa; + ScopedSECKEYPrivateKey priv_ecdsa; + ASSERT_TRUE(TlsAgent::LoadKeyPairFromCert(TlsAgent::kServerEcdsa256, + &pub_ecdsa, &priv_ecdsa)); + + EXPECT_EQ(SECFailure, + SSL_DelegateCredential(cert.get(), priv.get(), pub_ecdsa.get(), + ssl_sig_rsa_pss_rsae_sha256, kDCValidFor, + now, &dc)); + EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError()); + EXPECT_EQ(SECFailure, SSL_DelegateCredential( + cert.get(), priv.get(), pub_ecdsa.get(), + ssl_sig_rsa_pss_pss_sha256, kDCValidFor, now, &dc)); + EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError()); + EXPECT_EQ(SECFailure, + SSL_DelegateCredential(cert.get(), priv.get(), pub_ecdsa.get(), + ssl_sig_ecdsa_secp384r1_sha384, kDCValidFor, + now, &dc)); + EXPECT_EQ(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, PORT_GetError()); +} + +} // namespace nss_test diff --git a/security/nss/gtests/sysinit_gtest/Makefile b/security/nss/gtests/sysinit_gtest/Makefile new file mode 100644 index 000000000..0d547e080 --- /dev/null +++ b/security/nss/gtests/sysinit_gtest/Makefile @@ -0,0 +1,43 @@ +#! gmake +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include ../common/gtest.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### diff --git a/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc b/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc new file mode 100644 index 000000000..845b6e36e --- /dev/null +++ b/security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc @@ -0,0 +1,164 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "gtest/gtest.h" +#include "prenv.h" +#include "seccomon.h" + +#include <stdlib.h> +#include <string> +#include <unistd.h> +#include <sys/stat.h> + +namespace nss_test { + +// Return the path to user's NSS database. +extern "C" char *getUserDB(void); + +class Sysinit : public ::testing::Test { + protected: + void SetUp() { + home_var_ = PR_GetEnvSecure("HOME"); + if (home_var_) { + old_home_dir_ = home_var_; + } + xdg_data_home_var_ = PR_GetEnvSecure("XDG_DATA_HOME"); + if (xdg_data_home_var_) { + old_xdg_data_home_ = xdg_data_home_var_; + ASSERT_EQ(0, unsetenv("XDG_DATA_HOME")); + } + char tmp[] = "/tmp/nss-tmp.XXXXXX"; + tmp_home_ = mkdtemp(tmp); + ASSERT_EQ(0, setenv("HOME", tmp_home_.c_str(), 1)); + } + + void TearDown() { + // Set HOME back to original + if (home_var_) { + ASSERT_EQ(0, setenv("HOME", old_home_dir_.c_str(), 1)); + } else { + ASSERT_EQ(0, unsetenv("HOME")); + } + // Set XDG_DATA_HOME back to original + if (xdg_data_home_var_) { + ASSERT_EQ(0, setenv("XDG_DATA_HOME", old_xdg_data_home_.c_str(), 1)); + } + // Remove test dirs. + if (!nssdir_.empty()) { + ASSERT_EQ(0, RemoveEmptyDirsFromStart(nssdir_, tmp_home_)); + } + } + + // Remove all dirs within @start from @path containing only empty dirs. + // Assumes @start already exists. + // Upon successful completion, return 0. Otherwise, -1. + static int RemoveEmptyDirsFromStart(std::string path, std::string start) { + if (path.find(start) == std::string::npos) { + return -1; + } + std::string temp = path; + if (rmdir(temp.c_str())) { + return -1; + } + for (size_t i = temp.length() - 1; i > start.length(); --i) { + if (temp[i] == '/') { + temp[i] = '\0'; + if (rmdir(temp.c_str())) { + return -1; + } + } + } + if (rmdir(start.c_str())) { + return -1; + } + return 0; + } + + // Create empty dirs appending @path to @start with mode @mode. + // Assumes @start already exists. + // Upon successful completion, return the string @start + @path. + static std::string CreateEmptyDirsFromStart(std::string start, + std::string path, mode_t mode) { + std::string temp = start + "/"; + for (size_t i = 1; i < path.length(); ++i) { + if (path[i] == '/') { + EXPECT_EQ(0, mkdir(temp.c_str(), mode)); + } + temp += path[i]; + } + // We reach the end of string before the last dir is created + EXPECT_EQ(0, mkdir(temp.c_str(), mode)); + return temp; + } + + char *home_var_; + char *xdg_data_home_var_; + std::string old_home_dir_; + std::string old_xdg_data_home_; + std::string nssdir_; + std::string tmp_home_; +}; + +class SysinitSetXdgUserDataHome : public Sysinit { + protected: + void SetUp() { + Sysinit::SetUp(); + ASSERT_EQ(0, setenv("XDG_DATA_HOME", tmp_home_.c_str(), 1)); + } +}; + +class SysinitSetTrashXdgUserDataHome : public Sysinit { + protected: + void SetUp() { + Sysinit::SetUp(); + std::string trashPath = tmp_home_ + "/this/path/does/not/exist"; + ASSERT_EQ(0, setenv("XDG_DATA_HOME", trashPath.c_str(), 1)); + } + + void TearDown() { + ASSERT_EQ(0, rmdir(tmp_home_.c_str())); + Sysinit::TearDown(); + } +}; + +// Check if $HOME/.pki/nssdb is used if it exists +TEST_F(Sysinit, LegacyPath) { + nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.pki/nssdb", 0760); + char *nssdb = getUserDB(); + ASSERT_EQ(nssdir_, nssdb); + PORT_Free(nssdb); +} + +// Check if $HOME/.local/share/pki/nssdb is used if: +// - $HOME/.pki/nssdb does not exist; +// - XDG_DATA_HOME is not set. +TEST_F(Sysinit, XdgDefaultPath) { + nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.local/share", 0755); + nssdir_ = CreateEmptyDirsFromStart(nssdir_, "/pki/nssdb", 0760); + char *nssdb = getUserDB(); + ASSERT_EQ(nssdir_, nssdb); + PORT_Free(nssdb); +} + +// Check if ${XDG_DATA_HOME}/pki/nssdb is used if: +// - $HOME/.pki/nssdb does not exist; +// - XDG_DATA_HOME is set and the path exists. +TEST_F(SysinitSetXdgUserDataHome, XdgSetPath) { + // XDG_DATA_HOME is set to HOME + nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/pki/nssdb", 0760); + char *nssdb = getUserDB(); + ASSERT_EQ(nssdir_, nssdb); + PORT_Free(nssdb); +} + +// Check if it fails when: +// - XDG_DATA_HOME is set to a path that does not exist; +// - $HOME/.pki/nssdb also does not exist. */ +TEST_F(SysinitSetTrashXdgUserDataHome, XdgSetToTrashPath) { + char *nssdb = getUserDB(); + ASSERT_EQ(nullptr, nssdb); +} + +} // namespace nss_test diff --git a/security/nss/gtests/sysinit_gtest/manifest.mn b/security/nss/gtests/sysinit_gtest/manifest.mn new file mode 100644 index 000000000..2fb8167aa --- /dev/null +++ b/security/nss/gtests/sysinit_gtest/manifest.mn @@ -0,0 +1,27 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. +DEPTH = ../.. + +MODULE = nss + +CPPSRCS = \ + getUserDB_unittest.cc \ + sysinit_gtest.cc \ + $(NULL) + +INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common + +REQUIRES = nspr nss libdbm gtest + +PROGRAM = sysinit_gtest + +EXTRA_LIBS = \ + $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \ + $(DIST)/lib/$(LIB_PREFIX)nsssysinit.$(LIB_SUFFIX) \ + $(NULL) + +USE_STATIC_LIBS = 1 diff --git a/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc b/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc new file mode 100644 index 000000000..9f99e366d --- /dev/null +++ b/security/nss/gtests/sysinit_gtest/sysinit_gtest.cc @@ -0,0 +1,9 @@ +#define GTEST_HAS_RTTI 0 +#include "gtest/gtest.h" + +int main(int argc, char** argv) { + // Start the tests + ::testing::InitGoogleTest(&argc, argv); + int rv = RUN_ALL_TESTS(); + return rv; +} diff --git a/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp b/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp new file mode 100644 index 000000000..1fcacfe7f --- /dev/null +++ b/security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp @@ -0,0 +1,35 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'includes': [ + '../../coreconf/config.gypi', + '../common/gtest.gypi' + ], + 'targets': [ + { + 'target_name': 'sysinit_gtest', + 'type': 'executable', + 'sources': [ + 'sysinit_gtest.cc', + 'getUserDB_unittest.cc', + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/sysinit/sysinit.gyp:nsssysinit_static' + ] + } + ], + 'target_defaults': { + 'include_dirs': [ + '../../lib/sysinit' + ], + 'defines': [ + 'NSS_USE_STATIC_LIBS' + ] + }, + 'variables': { + 'module': 'nss' + } +} diff --git a/security/nss/gtests/util_gtest/manifest.mn b/security/nss/gtests/util_gtest/manifest.mn index a90e8431e..c09146c83 100644 --- a/security/nss/gtests/util_gtest/manifest.mn +++ b/security/nss/gtests/util_gtest/manifest.mn @@ -3,29 +3,30 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. CORE_DEPTH = ../.. -DEPTH = ../.. +DEPTH = ../.. MODULE = nss CPPSRCS = \ - util_utf8_unittest.cc \ - util_b64_unittest.cc \ - util_pkcs11uri_unittest.cc \ - util_aligned_malloc_unittest.cc \ - util_memcmpzero_unittest.cc \ - $(NULL) + util_aligned_malloc_unittest.cc \ + util_b64_unittest.cc \ + util_gtests.cc \ + util_memcmpzero_unittest.cc \ + util_pkcs11uri_unittest.cc \ + util_utf8_unittest.cc \ + $(NULL) INCLUDES += \ - -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ - -I$(CORE_DEPTH)/gtests/common \ - -I$(CORE_DEPTH)/cpputil \ - $(NULL) + -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ + -I$(CORE_DEPTH)/gtests/common \ + -I$(CORE_DEPTH)/cpputil \ + $(NULL) REQUIRES = nspr gtest PROGRAM = util_gtest EXTRA_LIBS = \ - $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ - $(NULL) + $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \ + $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ + $(NULL) diff --git a/security/nss/gtests/util_gtest/util_gtest.gyp b/security/nss/gtests/util_gtest/util_gtest.gyp index 1c54329b2..ab803b761 100644 --- a/security/nss/gtests/util_gtest/util_gtest.gyp +++ b/security/nss/gtests/util_gtest/util_gtest.gyp @@ -11,27 +11,17 @@ 'target_name': 'util_gtest', 'type': 'executable', 'sources': [ - 'util_utf8_unittest.cc', - 'util_b64_unittest.cc', - 'util_pkcs11uri_unittest.cc', 'util_aligned_malloc_unittest.cc', + 'util_b64_unittest.cc', + 'util_gtests.cc', 'util_memcmpzero_unittest.cc', - '<(DEPTH)/gtests/common/gtests.cc', + 'util_pkcs11uri_unittest.cc', + 'util_utf8_unittest.cc', ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', '<(DEPTH)/lib/util/util.gyp:nssutil', - '<(DEPTH)/lib/nss/nss.gyp:nss_static', - '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', - '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', - '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', - '<(DEPTH)/lib/certdb/certdb.gyp:certdb', - '<(DEPTH)/lib/base/base.gyp:nssb', - '<(DEPTH)/lib/dev/dev.gyp:nssdev', - '<(DEPTH)/lib/pki/pki.gyp:nsspki', - '<(DEPTH)/lib/ssl/ssl.gyp:ssl', - '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], 'conditions': [ [ 'OS=="win"', { diff --git a/security/nss/gtests/util_gtest/util_gtests.cc b/security/nss/gtests/util_gtest/util_gtests.cc new file mode 100644 index 000000000..77e663f3c --- /dev/null +++ b/security/nss/gtests/util_gtest/util_gtests.cc @@ -0,0 +1,9 @@ +#include <cstdlib> + +#define GTEST_HAS_RTTI 0 +#include "gtest/gtest.h" + +int main(int argc, char **argv) { + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} |