bcm.c revision 558181089d69085101510906bd46e51ade9e20e9
1572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan/* Copyright (c) 2017, Google Inc. 2572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * 3572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * Permission to use, copy, modify, and/or distribute this software for any 4572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * purpose with or without fee is hereby granted, provided that the above 5572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * copyright notice and this permission notice appear in all copies. 6572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * 7572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 159254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#if !defined(_GNU_SOURCE) 168f860b133896bf655e4342ecefe692d52df81d48Robert Sloan#define _GNU_SOURCE // needed for syscall() on Linux. 179254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#endif 189254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 199254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/aead.h> 209254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/aes.h> 21572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include <openssl/base.h> 229254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/bn.h> 23572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include <openssl/crypto.h> 249254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/des.h> 259254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/ecdsa.h> 269254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/ec_key.h> 27572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include <openssl/hmac.h> 288ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include <openssl/nid.h> 299254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include <openssl/rsa.h> 308ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include <openssl/sha.h> 31572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 32572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "../internal.h" 339254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "rand/internal.h" 34572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 35572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "aes/aes.c" 36572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "aes/key_wrap.c" 37572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "aes/mode_wrappers.c" 388ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/add.c" 398ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/asm/x86_64-gcc.c" 408ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/bn.c" 418ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/bytes.c" 428ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/cmp.c" 438ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/ctx.c" 448ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/div.c" 458ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/exponentiation.c" 468ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/gcd.c" 478ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/generic.c" 488ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/jacobi.c" 498ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/montgomery.c" 508ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/montgomery_inv.c" 518ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/mul.c" 528ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/prime.c" 538ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/random.c" 548ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/rsaz_exp.c" 558ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/shift.c" 568ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "bn/sqrt.c" 578ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "cipher/aead.c" 588ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "cipher/cipher.c" 598ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "cipher/e_aes.c" 608ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "cipher/e_des.c" 618ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "des/des.c" 62572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "digest/digest.c" 63572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "digest/digests.c" 648ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ecdsa/ecdsa.c" 658ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/ec.c" 668ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/ec_key.c" 678ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/ec_montgomery.c" 688ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/oct.c" 698ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/p224-64.c" 70558181089d69085101510906bd46e51ade9e20e9Robert Sloan#include "../../third_party/fiat/p256.c" 718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/p256-x86_64.c" 728ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/simple.c" 73558181089d69085101510906bd46e51ade9e20e9Robert Sloan#include "ec/util.c" 748ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "ec/wnaf.c" 75572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "hmac/hmac.c" 76572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "md4/md4.c" 77572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "md5/md5.c" 789254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/cbc.c" 799254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/cfb.c" 809254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/ctr.c" 819254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/gcm.c" 829254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/ofb.c" 839254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "modes/polyval.c" 849254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "rand/ctrdrbg.c" 859254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "rand/rand.c" 869254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#include "rand/urandom.c" 878ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "rsa/blinding.c" 888ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "rsa/padding.c" 898ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "rsa/rsa.c" 908ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#include "rsa/rsa_impl.c" 91572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "sha/sha1-altivec.c" 92572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "sha/sha1.c" 93572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "sha/sha256.c" 94572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#include "sha/sha512.c" 95572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 96572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 97572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan#if defined(BORINGSSL_FIPS) 988ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 99572a4e2e687520da9e518528d7371b794b1decc0Robert Sloanstatic void hexdump(const uint8_t *in, size_t len) { 100572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan for (size_t i = 0; i < len; i++) { 101572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan printf("%02x", in[i]); 102572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan } 103572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan} 104572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 1059254e681d446a8105bd66f08bae1252d4d89a139Robert Sloanstatic int check_test(const void *expected, const void *actual, 1069254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan size_t expected_len, const char *name) { 1079254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (OPENSSL_memcmp(actual, expected, expected_len) != 0) { 1089254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan printf("%s failed.\nExpected: ", name); 1099254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan hexdump(expected, expected_len); 1109254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan printf("\nCalculated: "); 1119254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan hexdump(actual, expected_len); 1129254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan printf("\n"); 1139254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan return 0; 1149254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 1159254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan return 1; 1169254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan} 117572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 1188ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloanstatic int set_bignum(BIGNUM **out, const uint8_t *in, size_t len) { 1198ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan *out = BN_bin2bn(in, len, NULL); 1208ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan return *out != NULL; 1218ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan} 122572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 1238ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloanstatic RSA *self_test_rsa_key(void) { 1248ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kN[] = { 1258ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xd3, 0x3a, 0x62, 0x9f, 0x07, 0x77, 0xb0, 0x18, 0xf3, 0xff, 0xfe, 0xcc, 1268ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc9, 0xa2, 0xc2, 0x3a, 0xa6, 0x1d, 0xd8, 0xf0, 0x26, 0x5b, 0x38, 0x90, 1278ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x17, 0x48, 0x15, 0xce, 0x21, 0xcd, 0xd6, 0x62, 0x99, 0xe2, 0xd7, 0xda, 1288ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x40, 0x80, 0x3c, 0xad, 0x18, 0xb7, 0x26, 0xe9, 0x30, 0x8a, 0x23, 0x3f, 1298ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x68, 0x9a, 0x9c, 0x31, 0x34, 0x91, 0x99, 0x06, 0x11, 0x36, 0xb2, 0x9e, 1308ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x3a, 0xd0, 0xbc, 0xb9, 0x93, 0x4e, 0xb8, 0x72, 0xa1, 0x9f, 0xb6, 0x8c, 1318ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xd5, 0x17, 0x1f, 0x7e, 0xaa, 0x75, 0xbb, 0xdf, 0xa1, 0x70, 0x48, 0xc4, 1328ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xec, 0x9a, 0x51, 0xed, 0x41, 0xc9, 0x74, 0xc0, 0x3e, 0x1e, 0x85, 0x2f, 1338ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xbe, 0x34, 0xc7, 0x65, 0x34, 0x8b, 0x4d, 0x55, 0x4b, 0xe1, 0x45, 0x54, 1348ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0d, 0x75, 0x7e, 0x89, 0x4d, 0x0c, 0xf6, 0x33, 0xe5, 0xfc, 0xfb, 0x56, 1358ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x1b, 0xf2, 0x39, 0x9d, 0xe0, 0xff, 0x55, 0xcf, 0x02, 0x05, 0xb9, 0x74, 1368ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xd2, 0x91, 0xfc, 0x87, 0xe1, 0xbb, 0x97, 0x2a, 0xe4, 0xdd, 0x20, 0xc0, 1378ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x38, 0x47, 0xc0, 0x76, 0x3f, 0xa1, 0x9b, 0x5c, 0x20, 0xff, 0xff, 0xc7, 1388ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x49, 0x3b, 0x4c, 0xaf, 0x99, 0xa6, 0x3e, 0x82, 0x5c, 0x58, 0x27, 0xce, 1398ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x01, 0x03, 0xc3, 0x16, 0x35, 0x20, 0xe9, 0xf0, 0x15, 0x7a, 0x41, 0xd5, 1408ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x1f, 0x52, 0xea, 0xdf, 0xad, 0x4c, 0xbb, 0x0d, 0xcb, 0x04, 0x91, 0xb0, 1418ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x95, 0xa8, 0xce, 0x25, 0xfd, 0xd2, 0x62, 0x47, 0x77, 0xee, 0x13, 0xf1, 1428ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x48, 0x72, 0x9e, 0xd9, 0x2d, 0xe6, 0x5f, 0xa4, 0xc6, 0x9e, 0x5a, 0xb2, 1438ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc6, 0xa2, 0xf7, 0x0a, 0x16, 0x17, 0xae, 0x6b, 0x1c, 0x30, 0x7c, 0x63, 1448ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x08, 0x83, 0xe7, 0x43, 0xec, 0x54, 0x5e, 0x2c, 0x08, 0x0b, 0x5e, 0x46, 1458ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xa7, 0x10, 0x93, 0x43, 0x53, 0x4e, 0xe3, 0x16, 0x73, 0x55, 0xce, 0xf2, 1468ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x94, 0xc0, 0xbe, 0xb3, 1478ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 1488f860b133896bf655e4342ecefe692d52df81d48Robert Sloan static const uint8_t kE[] = {0x01, 0x00, 0x01}; // 65537 1498ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kD[] = { 1508ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x2f, 0x2c, 0x1e, 0xd2, 0x3d, 0x2c, 0xb1, 0x9b, 0x21, 0x02, 0xce, 0xb8, 1518ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x95, 0x5f, 0x4f, 0xd9, 0x21, 0x38, 0x11, 0x36, 0xb0, 0x9a, 0x36, 0xab, 1528ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x97, 0x47, 0x75, 0xf7, 0x2e, 0xfd, 0x75, 0x1f, 0x58, 0x16, 0x9c, 0xf6, 1538ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x14, 0xe9, 0x8e, 0xa3, 0x69, 0x9d, 0x9d, 0x86, 0xfe, 0x5c, 0x1b, 0x3b, 1548ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x11, 0xf5, 0x55, 0x64, 0x77, 0xc4, 0xfc, 0x53, 0xaa, 0x8c, 0x78, 0x9f, 1558ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x75, 0xab, 0x20, 0x3a, 0xa1, 0x77, 0x37, 0x22, 0x02, 0x8e, 0x54, 0x8a, 1568ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x67, 0x1c, 0x5e, 0xe0, 0x3e, 0xd9, 0x44, 0x37, 0xd1, 0x29, 0xee, 0x56, 1578ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x6c, 0x30, 0x9a, 0x93, 0x4d, 0xd9, 0xdb, 0xc5, 0x03, 0x1a, 0x75, 0xcc, 1588ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0f, 0xc2, 0x61, 0xb5, 0x6c, 0x62, 0x9f, 0xc6, 0xa8, 0xc7, 0x8a, 0x60, 1598ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x17, 0x11, 0x62, 0x4c, 0xef, 0x74, 0x31, 0x97, 0xad, 0x89, 0x2d, 0xe8, 1608ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x31, 0x1d, 0x8b, 0x58, 0x82, 0xe3, 0x03, 0x1a, 0x6b, 0xdf, 0x3f, 0x3e, 1618ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xa4, 0x27, 0x19, 0xef, 0x46, 0x7a, 0x90, 0xdf, 0xa7, 0xe7, 0xc9, 0x66, 1628ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xab, 0x41, 0x1d, 0x65, 0x78, 0x1c, 0x18, 0x40, 0x5c, 0xd6, 0x87, 0xb5, 1638ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xea, 0x29, 0x44, 0xb3, 0xf5, 0xb3, 0xd2, 0x4f, 0xce, 0x88, 0x78, 0x49, 1648ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x27, 0x4e, 0x0b, 0x30, 0x85, 0xfb, 0x73, 0xfd, 0x8b, 0x32, 0x15, 0xee, 1658ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x1f, 0xc9, 0x0e, 0x89, 0xb9, 0x43, 0x2f, 0xe9, 0x60, 0x8d, 0xda, 0xae, 1668ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x2b, 0x30, 0x99, 0xee, 0x88, 0x81, 0x20, 0x7b, 0x4a, 0xc3, 0x18, 0xf2, 1678ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x94, 0x02, 0x79, 0x94, 0xaa, 0x65, 0xd9, 0x1b, 0x45, 0x2a, 0xac, 0x6e, 1688ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x30, 0x48, 0x57, 0xea, 0xbe, 0x79, 0x7d, 0xfc, 0x67, 0xaa, 0x47, 0xc0, 1698ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf7, 0x52, 0xfd, 0x0b, 0x63, 0x4e, 0x3d, 0x2e, 0xcc, 0x36, 0xa0, 0xdb, 1708ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x92, 0x0b, 0xa9, 0x1b, 0xeb, 0xc2, 0xd5, 0x08, 0xd3, 0x85, 0x87, 0xf8, 1718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x5d, 0x1a, 0xf6, 0xc1, 1728ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 1738ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kP[] = { 1748ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf7, 0x06, 0xa3, 0x98, 0x8a, 0x52, 0xf8, 0x63, 0x68, 0x27, 0x4f, 0x68, 1758ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x7f, 0x34, 0xec, 0x8e, 0x5d, 0xf8, 0x30, 0x92, 0xb3, 0x62, 0x4c, 0xeb, 1768ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xdb, 0x19, 0x6b, 0x09, 0xc5, 0xa3, 0xf0, 0xbb, 0xff, 0x0f, 0xc2, 0xd4, 1778ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x9b, 0xc9, 0x54, 0x4f, 0xb9, 0xf9, 0xe1, 0x4c, 0xf0, 0xe3, 0x4c, 0x90, 1788ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xda, 0x7a, 0x01, 0xc2, 0x9f, 0xc4, 0xc8, 0x8e, 0xb1, 0x1e, 0x93, 0x75, 1798ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x75, 0xc6, 0x13, 0x25, 0xc3, 0xee, 0x3b, 0xcc, 0xb8, 0x72, 0x6c, 0x49, 1808ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xb0, 0x09, 0xfb, 0xab, 0x44, 0xeb, 0x4d, 0x40, 0xf0, 0x61, 0x6b, 0xe5, 1818ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xe6, 0xfe, 0x3e, 0x0a, 0x77, 0x26, 0x39, 0x76, 0x3d, 0x4c, 0x3e, 0x9b, 1828ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x5b, 0xc0, 0xaf, 0xa2, 0x58, 0x76, 0xb0, 0xe9, 0xda, 0x7f, 0x0e, 0x78, 1838ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc9, 0x76, 0x49, 0x5c, 0xfa, 0xb3, 0xb0, 0x15, 0x4b, 0x41, 0xc7, 0x27, 1848ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xa4, 0x75, 0x28, 0x5c, 0x30, 0x69, 0x50, 0x29, 1858ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 1868ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kQ[] = { 1878ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xda, 0xe6, 0xd2, 0xbb, 0x44, 0xff, 0x4f, 0xdf, 0x57, 0xc1, 0x11, 0xa3, 1888ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x51, 0xba, 0x17, 0x89, 0x4c, 0x01, 0xc0, 0x0c, 0x97, 0x34, 0x50, 0xcf, 1898ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x32, 0x1e, 0xc0, 0xbd, 0x7b, 0x35, 0xb5, 0x6a, 0x26, 0xcc, 0xea, 0x4c, 1908ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x8e, 0x87, 0x4a, 0x67, 0x8b, 0xd3, 0xe5, 0x4f, 0x3a, 0x60, 0x48, 0x59, 1918ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x04, 0x93, 0x39, 0xd7, 0x7c, 0xfb, 0x19, 0x1a, 0x34, 0xd5, 0xe8, 0xaf, 1928ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xe7, 0x22, 0x2c, 0x0d, 0xc2, 0x91, 0x69, 0xb6, 0xe9, 0x2a, 0xe9, 0x1c, 1938ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x4c, 0x6e, 0x8f, 0x40, 0xf5, 0xa8, 0x3e, 0x82, 0x69, 0x69, 0xbe, 0x9f, 1948ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x7d, 0x5c, 0x7f, 0x92, 0x78, 0x17, 0xa3, 0x6d, 0x41, 0x2d, 0x72, 0xed, 1958ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x3f, 0x71, 0xfa, 0x97, 0xb4, 0x63, 0xe4, 0x4f, 0xd9, 0x46, 0x03, 0xfb, 1968ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00, 0xeb, 0x30, 0x70, 0xb9, 0x51, 0xd9, 0x0a, 0xd2, 0xf8, 0x50, 0xd4, 1978ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xfb, 0x43, 0x84, 0xf8, 0xac, 0x58, 0xc3, 0x7b, 1988ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 1998ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kDModPMinusOne[] = { 2008ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf5, 0x50, 0x8f, 0x88, 0x7d, 0xdd, 0xb5, 0xb4, 0x2a, 0x8b, 0xd7, 0x4d, 2018ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x23, 0xfe, 0xaf, 0xe9, 0x16, 0x22, 0xd2, 0x41, 0xed, 0x88, 0xf2, 0x70, 2028ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xcb, 0x4d, 0xeb, 0xc1, 0x71, 0x97, 0xc4, 0x0b, 0x3e, 0x5a, 0x2d, 0x96, 2038ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xab, 0xfa, 0xfd, 0x12, 0x8b, 0xd3, 0x3e, 0x4e, 0x05, 0x6f, 0x04, 0xeb, 2048ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x59, 0x3c, 0x0e, 0xa1, 0x73, 0xbe, 0x9d, 0x99, 0x2f, 0x05, 0xf9, 0x54, 2058ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x8d, 0x98, 0x1e, 0x0d, 0xc4, 0x0c, 0xc3, 0x30, 0x23, 0xff, 0xe5, 0xd0, 2068ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x2b, 0xd5, 0x4e, 0x2b, 0xa0, 0xae, 0xb8, 0x32, 0x84, 0x45, 0x8b, 0x3c, 2078ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x6d, 0xf0, 0x10, 0x36, 0x9e, 0x6a, 0xc4, 0x67, 0xca, 0xa9, 0xfc, 0x06, 2088ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x96, 0xd0, 0xbc, 0xda, 0xd1, 0x55, 0x55, 0x8d, 0x77, 0x21, 0xf4, 0x82, 2098ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x39, 0x37, 0x91, 0xd5, 0x97, 0x56, 0x78, 0xc8, 0x3c, 0xcb, 0x5e, 0xf6, 2108ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xdc, 0x58, 0x48, 0xb3, 0x7c, 0x94, 0x29, 0x39, 2118ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2128ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kDModQMinusOne[] = { 2138ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x64, 0x65, 0xbd, 0x7d, 0x1a, 0x96, 0x26, 0xa1, 0xfe, 0xf3, 0x94, 0x0d, 2148ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x5d, 0xec, 0x85, 0xe2, 0xf8, 0xb3, 0x4c, 0xcb, 0xf9, 0x85, 0x8b, 0x12, 2158ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x9c, 0xa0, 0x32, 0x32, 0x35, 0x92, 0x5a, 0x94, 0x47, 0x1b, 0x70, 0xd2, 2168ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x90, 0x04, 0x49, 0x01, 0xd8, 0xc5, 0xe4, 0xc4, 0x43, 0xb7, 0xe9, 0x36, 2178ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xba, 0xbc, 0x73, 0xa8, 0xfb, 0xaf, 0x86, 0xc1, 0xd8, 0x3d, 0xcb, 0xac, 2188ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf1, 0xcb, 0x60, 0x7d, 0x27, 0x21, 0xde, 0x64, 0x7f, 0xe8, 0xa8, 0x65, 2198ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xcc, 0x40, 0x60, 0xff, 0xa0, 0x2b, 0xfc, 0x0f, 0x80, 0x1d, 0x79, 0xca, 2208ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x58, 0x8a, 0xd6, 0x0f, 0xed, 0x78, 0x9a, 0x02, 0x00, 0x04, 0xc2, 0x53, 2218ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x41, 0xe8, 0x1a, 0xd0, 0xfd, 0x71, 0x5b, 0x43, 0xac, 0x19, 0x4a, 0xb6, 2228ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x12, 0xa3, 0xcb, 0xe1, 0xc7, 0x7d, 0x5c, 0x98, 0x74, 0x4e, 0x63, 0x74, 2238ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x6b, 0x91, 0x7a, 0x29, 0x3b, 0x92, 0xb2, 0x85, 2248ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2258ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kQInverseModP[] = { 2268ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xd0, 0xde, 0x19, 0xda, 0x1e, 0xa2, 0xd8, 0x8f, 0x1c, 0x92, 0x73, 0xb0, 2278ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc9, 0x90, 0xc7, 0xf5, 0xec, 0xc5, 0x89, 0x01, 0x05, 0x78, 0x11, 0x2d, 2288ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x74, 0x34, 0x44, 0xad, 0xd5, 0xf7, 0xa4, 0xfe, 0x9f, 0x25, 0x4d, 0x0b, 2298ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x92, 0xe3, 0xb8, 0x7d, 0xd3, 0xfd, 0xa5, 0xca, 0x95, 0x60, 0xa3, 0xf9, 2308ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x55, 0x42, 0x14, 0xb2, 0x45, 0x51, 0x9f, 0x73, 0x88, 0x43, 0x8a, 0xd1, 2318ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x65, 0x9e, 0xd1, 0xf7, 0x82, 0x2a, 0x2a, 0x8d, 0x70, 0x56, 0xe3, 0xef, 2328ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc9, 0x0e, 0x2a, 0x2c, 0x15, 0xaf, 0x7f, 0x97, 0x81, 0x66, 0xf3, 0xb5, 2338ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00, 0xa9, 0x26, 0xcc, 0x1e, 0xc2, 0x98, 0xdd, 0xd3, 0x37, 0x06, 0x79, 2348ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xb3, 0x60, 0x58, 0x79, 0x99, 0x3f, 0xa3, 0x15, 0x1f, 0x31, 0xe3, 0x11, 2358ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x88, 0x4c, 0x35, 0x57, 0xfa, 0x79, 0xd7, 0xd8, 0x72, 0xee, 0x73, 0x95, 2368ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x89, 0x29, 0xc7, 0x05, 0x27, 0x68, 0x90, 0x15, 2378ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2388ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 2398ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan RSA *rsa = RSA_new(); 2408ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (rsa == NULL || 2418ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->n, kN, sizeof(kN)) || 2428ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->e, kE, sizeof(kE)) || 2438ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->d, kD, sizeof(kD)) || 2448ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->p, kP, sizeof(kP)) || 2458ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->q, kQ, sizeof(kQ)) || 2468ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->dmp1, kDModPMinusOne, sizeof(kDModPMinusOne)) || 2478ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->dmq1, kDModQMinusOne, sizeof(kDModQMinusOne)) || 2488ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !set_bignum(&rsa->iqmp, kQInverseModP, sizeof(kQInverseModP))) { 2498ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan RSA_free(rsa); 2508ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan return NULL; 2518ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan } 2529254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 2538ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan return rsa; 2548ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan} 2558ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 2568ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloanstatic EC_KEY *self_test_ecdsa_key(void) { 2578ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kQx[] = { 2588ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc8, 0x15, 0x61, 0xec, 0xf2, 0xe5, 0x4e, 0xde, 0xfe, 0x66, 0x17, 2598ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xdb, 0x1c, 0x7a, 0x34, 0xa7, 0x07, 0x44, 0xdd, 0xb2, 0x61, 0xf2, 2608ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x69, 0xb8, 0x3d, 0xac, 0xfc, 0xd2, 0xad, 0xe5, 0xa6, 0x81, 2618ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2628ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kQy[] = { 2638ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xe0, 0xe2, 0xaf, 0xa3, 0xf9, 0xb6, 0xab, 0xe4, 0xc6, 0x98, 0xef, 2648ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x64, 0x95, 0xf1, 0xbe, 0x49, 0xa3, 0x19, 0x6c, 0x50, 0x56, 0xac, 2658ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xb3, 0x76, 0x3f, 0xe4, 0x50, 0x7e, 0xec, 0x59, 0x6e, 0x88, 2668ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2678ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kD[] = { 2688ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xc6, 0xc1, 0xaa, 0xda, 0x15, 0xb0, 0x76, 0x61, 0xf8, 0x14, 0x2c, 2698ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x6c, 0xaf, 0x0f, 0xdb, 0x24, 0x1a, 0xff, 0x2e, 0xfe, 0x46, 0xc0, 2708ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x93, 0x8b, 0x74, 0xf2, 0xbc, 0xc5, 0x30, 0x52, 0xb0, 0x77, 2718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 2728ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 2738ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2748ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BIGNUM *qx = BN_bin2bn(kQx, sizeof(kQx), NULL); 2758ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BIGNUM *qy = BN_bin2bn(kQy, sizeof(kQy), NULL); 2768ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BIGNUM *d = BN_bin2bn(kD, sizeof(kD), NULL); 2778ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (ec_key == NULL || qx == NULL || qy == NULL || d == NULL || 2788ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !EC_KEY_set_public_key_affine_coordinates(ec_key, qx, qy) || 2798ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !EC_KEY_set_private_key(ec_key, d)) { 2808ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan EC_KEY_free(ec_key); 2818ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan ec_key = NULL; 2828ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan } 2838ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 2848ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BN_free(qx); 2858ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BN_free(qy); 2868ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BN_free(d); 2878ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan return ec_key; 2888ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan} 2898ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 2908ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(OPENSSL_ASAN) 2918f860b133896bf655e4342ecefe692d52df81d48Robert Sloan// These symbols are filled in by delocate.go. They point to the start and end 2928f860b133896bf655e4342ecefe692d52df81d48Robert Sloan// of the module, and the location of the integrity hash, respectively. 2939254e681d446a8105bd66f08bae1252d4d89a139Robert Sloanextern const uint8_t BORINGSSL_bcm_text_start[]; 2949254e681d446a8105bd66f08bae1252d4d89a139Robert Sloanextern const uint8_t BORINGSSL_bcm_text_end[]; 2959254e681d446a8105bd66f08bae1252d4d89a139Robert Sloanextern const uint8_t BORINGSSL_bcm_text_hash[]; 2969254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#endif 2979254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 2988ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloanstatic void __attribute__((constructor)) 2998ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert SloanBORINGSSL_bcm_power_on_self_test(void) { 3009254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan CRYPTO_library_init(); 3019254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 3028ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(OPENSSL_ASAN) 3038f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // Integrity tests cannot run under ASAN because it involves reading the full 3048f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // .text section, which triggers the global-buffer overflow detection. 3059254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t *const start = BORINGSSL_bcm_text_start; 3069254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t *const end = BORINGSSL_bcm_text_end; 307572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 3088ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan static const uint8_t kHMACKey[64] = {0}; 3098ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan uint8_t result[SHA512_DIGEST_LENGTH]; 310572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 311572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan unsigned result_len; 3128ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (!HMAC(EVP_sha512(), kHMACKey, sizeof(kHMACKey), start, end - start, 313572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan result, &result_len) || 314572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan result_len != sizeof(result)) { 315572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan goto err; 316572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan } 317572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 3189254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t *expected = BORINGSSL_bcm_text_hash; 319572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 3209254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) { 321572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan goto err; 322572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan } 3239254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan#endif 3249254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 3259254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kAESKey[16] = "BoringCrypto Key"; 3269254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kAESIV[16] = {0}; 3279254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kPlaintext[64] = 3289254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext!"; 3299254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kAESCBCCiphertext[64] = { 3309254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x87, 0x2d, 0x98, 0xc2, 0xcc, 0x31, 0x5b, 0x41, 0xe0, 0xfa, 0x7b, 3319254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x0a, 0x71, 0xc0, 0x42, 0xbf, 0x4f, 0x61, 0xd0, 0x0d, 0x58, 0x8c, 3329254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xf7, 0x05, 0xfb, 0x94, 0x89, 0xd3, 0xbc, 0xaa, 0x1a, 0x50, 0x45, 3339254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x1f, 0xc3, 0x8c, 0xb8, 0x98, 0x86, 0xa3, 0xe3, 0x6c, 0xfc, 0xad, 3349254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x3a, 0xb5, 0x59, 0x27, 0x7d, 0x21, 0x07, 0xca, 0x4c, 0x1d, 0x55, 3358ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x34, 0xdd, 0x5a, 0x2d, 0xc4, 0xb4, 0xf5, 0xa8, 3368ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_AES_CBC) 3378ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x35 3388ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 3398ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 3408ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 3419254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 3429254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kAESGCMCiphertext[80] = { 3439254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x4a, 0xd8, 0xe7, 0x7d, 0x78, 0xd7, 0x7d, 0x5e, 0xb2, 0x11, 0xb6, 0xc9, 3449254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xa4, 0xbc, 0xb2, 0xae, 0xbe, 0x93, 0xd1, 0xb7, 0xfe, 0x65, 0xc1, 0x82, 3459254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x2a, 0xb6, 0x71, 0x5f, 0x1a, 0x7c, 0xe0, 0x1b, 0x2b, 0xe2, 0x53, 0xfa, 3469254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xa0, 0x47, 0xfa, 0xd7, 0x8f, 0xb1, 0x4a, 0xc4, 0xdc, 0x89, 0xf9, 0xb4, 3479254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x14, 0x4d, 0xde, 0x95, 0xea, 0x29, 0x69, 0x76, 0x81, 0xa3, 0x5c, 0x33, 3489254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xd8, 0x37, 0xd8, 0xfa, 0x47, 0x19, 0x46, 0x2f, 0xf1, 0x90, 0xb7, 0x61, 3498ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x8f, 0x6f, 0xdd, 0x31, 0x3f, 0x6a, 0x64, 3508ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_AES_GCM) 3518ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0d 3528ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 3538ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 3548ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 3559254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 3569254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const DES_cblock kDESKey1 = {"BCMDESK1"}; 3579254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const DES_cblock kDESKey2 = {"BCMDESK2"}; 3589254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const DES_cblock kDESKey3 = {"BCMDESK3"}; 3599254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const DES_cblock kDESIV = {"BCMDESIV"}; 3609254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kDESCiphertext[64] = { 3619254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xa4, 0x30, 0x7a, 0x4c, 0x1f, 0x60, 0x16, 0xd7, 0x4f, 0x41, 0xe1, 3629254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xbb, 0x27, 0xc4, 0x27, 0x37, 0xd4, 0x7f, 0xb9, 0x10, 0xf8, 0xbc, 3639254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xaf, 0x93, 0x91, 0xb8, 0x88, 0x24, 0xb1, 0xf6, 0xf8, 0xbd, 0x31, 3649254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x96, 0x06, 0x76, 0xde, 0x32, 0xcd, 0x29, 0x29, 0xba, 0x70, 0x5f, 3659254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xea, 0xc0, 0xcb, 0xde, 0xc7, 0x75, 0x90, 0xe0, 0x0f, 0x5e, 0x2c, 3668ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0d, 0x49, 0x20, 0xd5, 0x30, 0x83, 0xf8, 0x08, 3678ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_DES) 3688ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x5a 3698ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 3708ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 3718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 3729254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 3739254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kPlaintextSHA1[20] = { 3749254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xc6, 0xf8, 0xc9, 0x63, 0x1c, 0x14, 0x23, 0x62, 0x9b, 0xbd, 3758ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x55, 0x82, 0xf4, 0xd6, 0x1d, 0xf2, 0xab, 0x7d, 0xc8, 3768ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_SHA_1) 3778ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x28 3788ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 3798ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 3808ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 3819254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 3829254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kPlaintextSHA256[32] = { 3839254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb, 3849254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb, 3858ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce, 3868ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_SHA_256) 3878ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0f 3888ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 3898ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 3908ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 3919254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 3929254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kPlaintextSHA512[64] = { 3939254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x08, 0x6a, 0x1c, 0x84, 0x61, 0x9d, 0x8e, 0xb3, 0xc0, 0x97, 0x4e, 3949254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xa1, 0x9f, 0x9c, 0xdc, 0xaf, 0x3b, 0x5c, 0x31, 0xf0, 0xf2, 0x74, 3959254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xc3, 0xbd, 0x6e, 0xd6, 0x1e, 0xb2, 0xbb, 0x34, 0x74, 0x72, 0x5c, 3969254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x51, 0x29, 0x8b, 0x87, 0x3a, 0xa3, 0xf2, 0x25, 0x23, 0xd4, 0x1c, 3979254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x82, 0x1b, 0xfe, 0xd3, 0xc6, 0xee, 0xb5, 0xd6, 0xaf, 0x07, 0x7b, 3988ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x98, 0xca, 0xa7, 0x01, 0xf3, 0x94, 0xf3, 0x68, 3998ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_SHA_512) 4008ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x14 4018ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 4028ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 4038ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 4049254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 4059254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan static const uint8_t kRSASignature[256] = { 4068ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x62, 0x66, 0x4b, 0xe3, 0xb1, 0xd2, 0x83, 0xf1, 0xa8, 0x56, 0x2b, 0x33, 4078ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x60, 0x1e, 0xdb, 0x1e, 0x06, 0xf7, 0xa7, 0x1e, 0xa8, 0xef, 0x03, 0x4d, 4088ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0c, 0xf6, 0x83, 0x75, 0x7a, 0xf0, 0x14, 0xc7, 0xe2, 0x94, 0x3a, 0xb5, 4098ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x67, 0x56, 0xa5, 0x48, 0x7f, 0x3a, 0xa5, 0xbf, 0xf7, 0x1d, 0x44, 0xa6, 4108ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x34, 0xed, 0x9b, 0xd6, 0x51, 0xaa, 0x2c, 0x4e, 0xce, 0x60, 0x5f, 0xe9, 4118ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0e, 0xd5, 0xcd, 0xeb, 0x23, 0x27, 0xf8, 0xfb, 0x45, 0xe5, 0x34, 0x63, 4128ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x77, 0x7f, 0x2e, 0x80, 0xcf, 0x9d, 0x2e, 0xfc, 0xe2, 0x50, 0x75, 0x29, 4138ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x46, 0xf4, 0xaf, 0x91, 0xed, 0x36, 0xe1, 0x5e, 0xef, 0x66, 0xa1, 0xff, 4148ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x27, 0xfc, 0x87, 0x7e, 0x60, 0x84, 0x0f, 0x54, 0x51, 0x56, 0x0f, 0x68, 4158ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x99, 0xc0, 0x3f, 0xeb, 0xa5, 0xa0, 0x46, 0xb0, 0x86, 0x02, 0xb0, 0xc8, 4168ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xe8, 0x46, 0x13, 0x06, 0xcd, 0xb7, 0x8a, 0xd0, 0x3b, 0x46, 0xd0, 0x14, 4178ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x64, 0x53, 0x9b, 0x5b, 0x5e, 0x02, 0x45, 0xba, 0x6e, 0x7e, 0x0a, 0xb9, 4188ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x9e, 0x62, 0xb7, 0xd5, 0x7a, 0x87, 0xea, 0xd3, 0x24, 0xa5, 0xef, 0xb3, 4198ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xdc, 0x05, 0x9c, 0x04, 0x60, 0x4b, 0xde, 0xa8, 0x90, 0x08, 0x7b, 0x6a, 4208ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x5f, 0xb4, 0x3f, 0xda, 0xc5, 0x1f, 0x6e, 0xd6, 0x15, 0xde, 0x65, 0xa4, 4218ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x6e, 0x62, 0x9d, 0x8f, 0xa8, 0xbe, 0x86, 0xf6, 0x09, 0x90, 0x40, 0xa5, 4228ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf4, 0x23, 0xc5, 0xf6, 0x38, 0x86, 0x0d, 0x1c, 0xed, 0x4a, 0x0a, 0xae, 4238ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xa4, 0x26, 0xc2, 0x2e, 0xd3, 0x13, 0x66, 0x61, 0xea, 0x35, 0x01, 0x0e, 4248ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x13, 0xda, 0x78, 0x20, 0xae, 0x59, 0x5f, 0x9b, 0xa9, 0x6c, 0xf9, 0x1b, 4258ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xdf, 0x76, 0x53, 0xc8, 0xa7, 0xf5, 0x63, 0x6d, 0xf3, 0xff, 0xfd, 0xaf, 4268ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d, 4278ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xd2, 0x0c, 0xb1, 4288ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_RSA_SIG) 4298ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x64 4308ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 4318ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 4328ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 4339254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 4349254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGEntropy[48] = 4359254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "BCM Known Answer Test DBRG Initial Entropy "; 4369254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGPersonalization[18] = "BCMPersonalization"; 4379254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD "; 4389254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGOutput[64] = { 4399254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x1d, 0x63, 0xdf, 0x05, 0x51, 0x49, 0x22, 0x46, 0xcd, 0x9b, 0xc5, 4409254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xbb, 0xf1, 0x5d, 0x44, 0xae, 0x13, 0x78, 0xb1, 0xe4, 0x7c, 0xf1, 4419254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x96, 0x33, 0x3d, 0x60, 0xb6, 0x29, 0xd4, 0xbb, 0x6b, 0x44, 0xf9, 4429254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xef, 0xd9, 0xf4, 0xa2, 0xba, 0x48, 0xea, 0x39, 0x75, 0x59, 0x32, 4439254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xf7, 0x31, 0x2c, 0x98, 0x14, 0x2b, 0x49, 0xdf, 0x02, 0xb6, 0x5d, 4448ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x71, 0x09, 0x50, 0xdb, 0x23, 0xdb, 0xe5, 0x22, 4458ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_DRBG) 4468ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x95 4478ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 4488ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00 4498ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 4509254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 4519254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGEntropy2[48] = 4529254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "BCM Known Answer Test DBRG Reseed Entropy "; 4539254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan const uint8_t kDRBGReseedOutput[64] = { 4549254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xa4, 0x77, 0x05, 0xdb, 0x14, 0x11, 0x76, 0x71, 0x42, 0x5b, 0xd8, 4559254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xd7, 0xa5, 0x4f, 0x8b, 0x39, 0xf2, 0x10, 0x4a, 0x50, 0x5b, 0xa2, 4569254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xc8, 0xf0, 0xbb, 0x3e, 0xa1, 0xa5, 0x90, 0x7d, 0x54, 0xd9, 0xc6, 4579254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xb0, 0x96, 0xc0, 0x2b, 0x7e, 0x9b, 0xc9, 0xa1, 0xdd, 0x78, 0x2e, 4589254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0xd5, 0xa8, 0x66, 0x16, 0xbd, 0x18, 0x3c, 0xf2, 0xaa, 0x7a, 0x2b, 4599254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0x37, 0xf9, 0xab, 0x35, 0x64, 0x15, 0x01, 0x3f, 0xc4, 4609254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan }; 4618ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan const uint8_t kECDSASigR[32] = { 4628ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x67, 0x80, 0xc5, 0xfc, 0x70, 0x27, 0x5e, 0x2c, 0x70, 0x61, 0xa0, 4638ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xe7, 0x87, 0x7b, 0xb1, 0x74, 0xde, 0xad, 0xeb, 0x98, 0x87, 0x02, 4648ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5, 4658ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#if !defined(BORINGSSL_FIPS_BREAK_ECDSA_SIG) 4668ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x0c, 4678ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#else 4688ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0x00, 4698ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan#endif 4708ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 4718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan const uint8_t kECDSASigS[32] = { 4728ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xa5, 0x93, 0xe0, 0x23, 0x91, 0xe7, 0x4b, 0x8d, 0x77, 0x25, 0xa6, 4738ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xba, 0x4d, 0xd9, 0x86, 0x77, 0xda, 0x7d, 0x8f, 0xef, 0xc4, 0x1a, 4748ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 0xf0, 0xcc, 0x81, 0xe5, 0xea, 0x3f, 0xc2, 0x41, 0x7f, 0xd8, 4758ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan }; 476572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 4779254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan AES_KEY aes_key; 4789254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan uint8_t aes_iv[16]; 4799254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan uint8_t output[256]; 4809254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 4818f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // AES-CBC Encryption KAT 4829254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan memcpy(aes_iv, kAESIV, sizeof(kAESIV)); 4839254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) { 4849254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 4859254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 4869254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv, 4879254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan AES_ENCRYPT); 4889254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kAESCBCCiphertext, output, sizeof(kAESCBCCiphertext), 4899254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "AES-CBC Encryption KAT")) { 4909254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 4919254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 4929254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 4938f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // AES-CBC Decryption KAT 4949254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan memcpy(aes_iv, kAESIV, sizeof(kAESIV)); 4959254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) { 4969254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 4979254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 4989254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan AES_cbc_encrypt(kAESCBCCiphertext, output, sizeof(kAESCBCCiphertext), 4999254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan &aes_key, aes_iv, AES_DECRYPT); 5009254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kPlaintext, output, sizeof(kPlaintext), 5019254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "AES-CBC Decryption KAT")) { 5029254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5039254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5049254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5059254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan size_t out_len; 5069254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; 5079254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan OPENSSL_memset(nonce, 0, sizeof(nonce)); 5089254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan EVP_AEAD_CTX aead_ctx; 5099254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey, 5109254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan sizeof(kAESKey), 0, NULL)) { 5119254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5129254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5139254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5148f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // AES-GCM Encryption KAT 5159254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce, 5169254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), 5179254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan kPlaintext, sizeof(kPlaintext), NULL, 0) || 5189254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !check_test(kAESGCMCiphertext, output, sizeof(kAESGCMCiphertext), 5199254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "AES-GCM Encryption KAT")) { 5209254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5219254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5229254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5238f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // AES-GCM Decryption KAT 5249254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce, 5259254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), 5269254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan kAESGCMCiphertext, sizeof(kAESGCMCiphertext), NULL, 5279254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 0) || 5289254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !check_test(kPlaintext, output, sizeof(kPlaintext), 5299254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "AES-GCM Decryption KAT")) { 5309254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5319254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5329254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5339254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan EVP_AEAD_CTX_cleanup(&aead_ctx); 5349254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5359254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_key_schedule des1, des2, des3; 5369254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_cblock des_iv; 5379254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_set_key(&kDESKey1, &des1); 5389254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_set_key(&kDESKey2, &des2); 5399254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_set_key(&kDESKey3, &des3); 5409254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5418f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // 3DES Encryption KAT 5429254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan memcpy(&des_iv, &kDESIV, sizeof(des_iv)); 5439254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2, 5449254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan &des3, &des_iv, DES_ENCRYPT); 5459254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kDESCiphertext, output, sizeof(kDESCiphertext), 5469254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "3DES Encryption KAT")) { 5479254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5489254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5499254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5508f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // 3DES Decryption KAT 5519254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan memcpy(&des_iv, &kDESIV, sizeof(des_iv)); 5529254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan DES_ede3_cbc_encrypt(kDESCiphertext, output, sizeof(kDESCiphertext), &des1, 5539254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan &des2, &des3, &des_iv, DES_DECRYPT); 5549254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kPlaintext, output, sizeof(kPlaintext), 5559254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "3DES Decryption KAT")) { 5569254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5579254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5589254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5598f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // SHA-1 KAT 5609254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan SHA1(kPlaintext, sizeof(kPlaintext), output); 5619254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kPlaintextSHA1, output, sizeof(kPlaintextSHA1), 5629254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "SHA-1 KAT")) { 5639254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5649254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5659254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5668f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // SHA-256 KAT 5679254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan SHA256(kPlaintext, sizeof(kPlaintext), output); 5689254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kPlaintextSHA256, output, sizeof(kPlaintextSHA256), 5699254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "SHA-256 KAT")) { 5709254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5719254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5729254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5738f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // SHA-512 KAT 5749254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan SHA512(kPlaintext, sizeof(kPlaintext), output); 5759254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512), 5769254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "SHA-512 KAT")) { 5779254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5789254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5799254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5808ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan RSA *rsa_key = self_test_rsa_key(); 5819254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (rsa_key == NULL) { 5828ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan printf("RSA KeyGen failed\n"); 5839254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5849254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5859254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 5868f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // RSA Sign KAT 5879254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan unsigned sig_len; 5888ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 5898f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // Disable blinding for the power-on tests because it's not needed and 5908f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // triggers an entropy draw. 5918ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan rsa_key->flags |= RSA_FLAG_NO_BLINDING; 5928ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 5938ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output, 5949254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan &sig_len, rsa_key) || 5959254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !check_test(kRSASignature, output, sizeof(kRSASignature), 5969254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "RSA Sign KAT")) { 5979254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 5989254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 5999254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6008f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // RSA Verify KAT 6018ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), 6028ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan kRSASignature, sizeof(kRSASignature), rsa_key)) { 6039254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan printf("RSA Verify KAT failed.\n"); 6049254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 6059254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 6069254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6079254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan RSA_free(rsa_key); 6089254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6098ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan EC_KEY *ec_key = self_test_ecdsa_key(); 6109254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (ec_key == NULL) { 6118ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan printf("ECDSA KeyGen failed\n"); 6129254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 6139254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 6149254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6158f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // ECDSA Sign/Verify PWCT 6168ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 6178f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // The 'k' value for ECDSA is fixed to avoid an entropy draw. 6188ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan ec_key->fixed_k = BN_new(); 6198ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (ec_key->fixed_k == NULL || 6208ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !BN_set_word(ec_key->fixed_k, 42)) { 6218ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan printf("Out of memory\n"); 6229254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 6239254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 6249254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6258ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan ECDSA_SIG *sig = 6268ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key); 6278ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 6288ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan uint8_t ecdsa_r_bytes[sizeof(kECDSASigR)]; 6298ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan uint8_t ecdsa_s_bytes[sizeof(kECDSASigS)]; 6308ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan if (sig == NULL || 6318ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BN_num_bytes(sig->r) != sizeof(ecdsa_r_bytes) || 6328ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !BN_bn2bin(sig->r, ecdsa_r_bytes) || 6338ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BN_num_bytes(sig->s) != sizeof(ecdsa_s_bytes) || 6348ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !BN_bn2bin(sig->s, ecdsa_s_bytes) || 6358ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") || 6368ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan !check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) { 6378ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan printf("ECDSA KAT failed.\n"); 6388ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan goto err; 6398ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan } 6408ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 6418ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan ECDSA_SIG_free(sig); 6429254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan EC_KEY_free(ec_key); 6439254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6448f860b133896bf655e4342ecefe692d52df81d48Robert Sloan // DBRG KAT 6459254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan CTR_DRBG_STATE drbg; 6469254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization, 6479254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan sizeof(kDRBGPersonalization)) || 6489254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGOutput), kDRBGAD, 6499254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan sizeof(kDRBGAD)) || 6509254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !check_test(kDRBGOutput, output, sizeof(kDRBGOutput), 6519254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "DBRG Generate KAT") || 6529254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !CTR_DRBG_reseed(&drbg, kDRBGEntropy2, kDRBGAD, sizeof(kDRBGAD)) || 6539254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGReseedOutput), kDRBGAD, 6549254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan sizeof(kDRBGAD)) || 6559254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan !check_test(kDRBGReseedOutput, output, sizeof(kDRBGReseedOutput), 6569254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan "DRBG Reseed KAT")) { 6579254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 6589254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 6599254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan CTR_DRBG_clear(&drbg); 6609254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan 6619254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan CTR_DRBG_STATE kZeroDRBG; 6629254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan memset(&kZeroDRBG, 0, sizeof(kZeroDRBG)); 6639254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan if (!check_test(&kZeroDRBG, &drbg, sizeof(drbg), "DRBG Clear KAT")) { 6649254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan goto err; 6659254e681d446a8105bd66f08bae1252d4d89a139Robert Sloan } 666572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 667572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan return; 668572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan 669572a4e2e687520da9e518528d7371b794b1decc0Robert Sloanerr: 6708ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan BORINGSSL_FIPS_abort(); 6718ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan} 6728ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan 6738ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloanvoid BORINGSSL_FIPS_abort(void) { 674572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan for (;;) { 675572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan abort(); 6768ff035535f7cf2903f02bbe94d2fa10b7ab855f1Robert Sloan exit(1); 677572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan } 678572a4e2e687520da9e518528d7371b794b1decc0Robert Sloan} 6798f860b133896bf655e4342ecefe692d52df81d48Robert Sloan#endif // BORINGSSL_FIPS 680