Coverage Report

Created: 2024-11-21 07:03

/src/SymCrypt/lib/fips_selftest.c
Line
Count
Source (jump to first uncovered line)
1
//
2
// fips_selftest.c - Algorithm selftests for FIPS 140 compliance
3
//
4
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
5
//
6
7
#include "precomp.h"
8
9
// Takes values which are some bitwise OR combination of SYMCRYPT_SELFTEST_ALGORITHM values
10
UINT32 g_SymCryptFipsSelftestsPerformed = SYMCRYPT_SELFTEST_ALGORITHM_NONE;
11
12
// Simple accessor function so callers can inspect which selftests have run
13
UINT32
14
SYMCRYPT_CALL
15
SymCryptFipsGetSelftestsPerformed(void)
16
0
{
17
0
    return g_SymCryptFipsSelftestsPerformed;
18
0
}
19
20
//
21
// Convenience structs for selftest data
22
//
23
24
typedef struct _SYMCRYPT_SELFTEST_DLKEY_2048
25
{
26
    BYTE public[256];
27
    BYTE private[32];
28
} SYMCRYPT_SELFTEST_DLKEY_2048;
29
30
typedef struct _SYMCRYPT_SELFTEST_DLGROUP_2048
31
{
32
    BYTE primeP[256];
33
    BYTE primeQ[32];
34
    BYTE generator[256];
35
    BYTE seed[32];
36
    UINT32 counter;
37
} SYMCRYPT_SELFTEST_DLGROUP_2048;
38
39
typedef struct _SYMCRYPT_SELFTEST_ECKEY_P256
40
{
41
    BYTE Qxy[64]; // 32B of Qx followed by 32B of Qy
42
    BYTE d[32];
43
} SYMCRYPT_SELFTEST_ECKEY_P256;
44
45
typedef struct _SYMCRYPT_SELFTEST_RSAKEY_2048
46
{
47
    UINT64 publicExp;
48
    BYTE modulus[256];
49
    BYTE prime1[128];
50
    BYTE prime2[128];
51
} SYMCRYPT_SELFTEST_RSAKEY_2048;
52
53
typedef struct _SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512
54
{
55
    BYTE dkpke[768];
56
    BYTE ekpke[800];
57
    BYTE Hekpke[32];
58
    BYTE z[32];
59
} SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512;
60
61
//
62
// DL groups and keys for DH secret agreement selftest
63
//
64
65
// Keys generated from Oakley group 14 (IKE group mod p2048 from RFC 3526)
66
// aka SymCryptDlgroupDhSafePrimeParamsModp2048
67
const SYMCRYPT_SELFTEST_DLKEY_2048 dhKey1 =
68
{
69
    // Public key
70
    {
71
        0x7d, 0xca, 0xed, 0x67, 0x30, 0x4a, 0x28, 0xcb,
72
        0x6b, 0x18, 0x21, 0xb9, 0xdc, 0x82, 0xf5, 0xef,
73
        0xfe, 0x77, 0x35, 0xf2, 0xed, 0x91, 0x95, 0x9e,
74
        0x1f, 0xb6, 0xf9, 0x60, 0x84, 0x4f, 0x9f, 0xba,
75
        0x20, 0xc3, 0x1a, 0x66, 0xa2, 0x34, 0x42, 0x19,
76
        0x82, 0x52, 0xea, 0x53, 0x4f, 0x24, 0x93, 0x24,
77
        0xef, 0x4d, 0xba, 0x65, 0x49, 0x7f, 0x8d, 0x56,
78
        0x1c, 0x2f, 0xa6, 0x24, 0x26, 0x8c, 0xca, 0xad,
79
        0x28, 0x9d, 0x50, 0x2a, 0x41, 0xa0, 0x64, 0xfa,
80
        0xe6, 0x55, 0x43, 0xed, 0xdd, 0x6c, 0x3e, 0x45,
81
        0xad, 0xa4, 0x07, 0x8d, 0x71, 0x76, 0xc0, 0x99,
82
        0x85, 0x72, 0x33, 0x04, 0xdc, 0xee, 0x4e, 0xac,
83
        0x39, 0x8e, 0x49, 0x45, 0xbb, 0x50, 0xcb, 0x3e,
84
        0x03, 0xbc, 0x23, 0x6f, 0x63, 0x6f, 0xef, 0x9f,
85
        0xd8, 0xe4, 0x7f, 0xe7, 0x0f, 0x7d, 0x34, 0x0f,
86
        0x6a, 0xc3, 0x45, 0x3a, 0x5b, 0xa7, 0x07, 0x23,
87
        0xd5, 0x32, 0x28, 0xe4, 0x69, 0xa4, 0xd2, 0xdd,
88
        0x4a, 0x9e, 0x0f, 0xfa, 0x38, 0xeb, 0x8d, 0xbe,
89
        0xa9, 0x31, 0x39, 0x70, 0xdc, 0x1d, 0xf6, 0x0b,
90
        0x51, 0x0c, 0x6c, 0x27, 0x6c, 0x4a, 0x52, 0x6b,
91
        0x84, 0xc4, 0x57, 0xb8, 0x47, 0x0c, 0x4c, 0x80,
92
        0xb0, 0x2b, 0x2e, 0x83, 0x78, 0x83, 0x55, 0xe6,
93
        0x12, 0x94, 0x79, 0x9b, 0x13, 0x7d, 0xd1, 0x93,
94
        0x6a, 0xec, 0x76, 0x73, 0xba, 0x92, 0x44, 0xab,
95
        0x2b, 0xec, 0xc2, 0xbc, 0x77, 0xce, 0x20, 0xa3,
96
        0x21, 0x33, 0x06, 0x80, 0xf6, 0x1b, 0x2b, 0xe0,
97
        0x90, 0x23, 0xde, 0x74, 0x57, 0x04, 0xcc, 0x27,
98
        0xed, 0x4e, 0x3e, 0x7f, 0x0d, 0x7b, 0x48, 0xfa,
99
        0x45, 0x2f, 0x84, 0x67, 0xe8, 0x1c, 0x89, 0xaa,
100
        0xbd, 0x85, 0x53, 0x7f, 0xe6, 0xdf, 0x27, 0x75,
101
        0x92, 0x84, 0x0b, 0x6f, 0x9c, 0xfd, 0x95, 0x0d,
102
        0xb5, 0xdb, 0x17, 0x38, 0xc9, 0x78, 0xde, 0xa5
103
    },
104
105
    // Private key
106
    {
107
        0x17, 0xcd, 0x0e, 0x82, 0xa3, 0x2f, 0x0e, 0x38,
108
        0x4c, 0xec, 0x69, 0xb2, 0xec, 0x46, 0xc9, 0xaa,
109
        0xa3, 0xca, 0x41, 0x33, 0xcc, 0xb4, 0x1a, 0xac,
110
        0x3d, 0x66, 0x0c, 0xa5, 0xb7, 0x79, 0xa6, 0x6e
111
    }
112
};
113
114
const SYMCRYPT_SELFTEST_DLKEY_2048 dhKey2 =
115
{
116
    // Public key
117
    {
118
        0x51, 0x7f, 0x01, 0xa6, 0xe7, 0x95, 0x2c, 0xb7,
119
        0x0e, 0x3c, 0x09, 0x6e, 0x31, 0xfb, 0x14, 0x87,
120
        0xaa, 0x27, 0x7f, 0xe0, 0x61, 0xed, 0xd7, 0x09,
121
        0x07, 0xb4, 0x40, 0xb8, 0xdf, 0xff, 0x05, 0x64,
122
        0x36, 0xc6, 0x0e, 0x50, 0x11, 0xd6, 0xac, 0x3f,
123
        0xc2, 0x5d, 0x52, 0x39, 0x44, 0xec, 0xdf, 0x86,
124
        0xde, 0x32, 0x9c, 0xde, 0x4e, 0x43, 0x30, 0x46,
125
        0x32, 0x68, 0x5b, 0xb6, 0x2c, 0xda, 0x04, 0x13,
126
        0x75, 0xa9, 0x80, 0x7a, 0x30, 0xf0, 0x83, 0xc4,
127
        0x94, 0xf7, 0x59, 0x3e, 0x91, 0xd1, 0x53, 0x74,
128
        0xde, 0xa6, 0x9a, 0xdf, 0x1d, 0x0a, 0xc7, 0x20,
129
        0x9e, 0xef, 0x38, 0x0b, 0xd6, 0x20, 0x50, 0x6e,
130
        0x5b, 0x5e, 0x66, 0x3d, 0xda, 0xd8, 0xbe, 0xea,
131
        0x50, 0xee, 0x18, 0x54, 0xa9, 0x87, 0x3c, 0x1f,
132
        0x38, 0x95, 0x27, 0xfd, 0xe2, 0xb6, 0x98, 0x9f,
133
        0x50, 0x44, 0x7f, 0x66, 0x79, 0x17, 0x3f, 0x20,
134
        0x45, 0xba, 0x9c, 0x43, 0x74, 0x0c, 0xda, 0x89,
135
        0x80, 0x4b, 0x93, 0x02, 0x1b, 0x10, 0x1c, 0x3c,
136
        0x20, 0x80, 0x1e, 0xa2, 0xc4, 0x08, 0x10, 0xd3,
137
        0xda, 0xf3, 0x78, 0xc0, 0x06, 0x47, 0xed, 0x0d,
138
        0xa4, 0xf8, 0x14, 0xeb, 0xd2, 0xbc, 0xf5, 0xe2,
139
        0x56, 0x41, 0x48, 0x6a, 0xd5, 0x90, 0xb6, 0x15,
140
        0x5d, 0x47, 0xc0, 0xb8, 0x10, 0x8b, 0xd5, 0x56,
141
        0x8f, 0x95, 0xc2, 0xde, 0x8c, 0x9e, 0xc8, 0xa9,
142
        0x9f, 0xfd, 0x6b, 0xff, 0x3e, 0xe8, 0x71, 0xf1,
143
        0xb8, 0x01, 0xf0, 0x36, 0x07, 0x5b, 0xe5, 0x0a,
144
        0xfc, 0xe4, 0x42, 0xab, 0x11, 0xd3, 0x91, 0x68,
145
        0x5f, 0xba, 0x61, 0xa9, 0x2f, 0x69, 0x55, 0x15,
146
        0x1d, 0xde, 0x7c, 0x2c, 0xc1, 0x05, 0x34, 0x13,
147
        0x84, 0x48, 0xe0, 0xce, 0xfd, 0xa9, 0xfe, 0xd9,
148
        0x76, 0x94, 0x07, 0xde, 0x0f, 0xe4, 0x98, 0x46,
149
        0xbc, 0x32, 0x3b, 0xd7, 0xce, 0x16, 0xae, 0x71
150
    },
151
152
    // Private key
153
    {
154
        0xad, 0xcb, 0x1d, 0xab, 0xa7, 0xc3, 0x78, 0xdb,
155
        0x37, 0x0f, 0x0b, 0x9c, 0xcd, 0x4f, 0x05, 0x5f,
156
        0x0e, 0x2b, 0xc3, 0xee, 0xa9, 0xb4, 0xd3, 0xb9,
157
        0x77, 0xd8, 0x89, 0xbd, 0xf6, 0x0e, 0xd7, 0x18
158
    }
159
};
160
161
// Shared secret generated from the two above keys
162
const BYTE rgbDhKnownSecret[] =
163
{
164
    0xa8, 0xf4, 0x48, 0xa2, 0x9f, 0xe0, 0xae, 0x75,
165
    0xf1, 0xec, 0x1f, 0x65, 0x93, 0x72, 0x25, 0xf2,
166
    0x3d, 0x9f, 0x8b, 0x74, 0xee, 0x9c, 0x60, 0x1c,
167
    0xae, 0x8c, 0x8f, 0x61, 0x62, 0xa7, 0xa9, 0xa0,
168
    0xaa, 0xe3, 0x85, 0x11, 0xcc, 0xe4, 0x97, 0x3d,
169
    0xbc, 0x59, 0x74, 0x57, 0x70, 0x45, 0xe9, 0x1f,
170
    0x82, 0x14, 0x8f, 0xb1, 0x51, 0x3c, 0x79, 0x51,
171
    0x06, 0xe8, 0xed, 0xc0, 0xe9, 0xd0, 0xde, 0xb0,
172
    0xd2, 0x06, 0xf1, 0x15, 0x81, 0x7a, 0x26, 0x80,
173
    0x89, 0x26, 0x77, 0xda, 0x50, 0xdd, 0x86, 0x90,
174
    0x82, 0x06, 0x35, 0x81, 0x82, 0xfd, 0x19, 0x25,
175
    0xdf, 0x7f, 0xa2, 0xde, 0xd0, 0x40, 0x2c, 0x5c,
176
    0x74, 0x5e, 0x0c, 0xbc, 0xea, 0x65, 0x7a, 0x7e,
177
    0xbc, 0x93, 0xf3, 0xdd, 0x62, 0x10, 0x68, 0x0b,
178
    0xb3, 0x7e, 0x5c, 0xd0, 0xd0, 0x74, 0x7e, 0xa5,
179
    0xfc, 0xd4, 0xc8, 0xdc, 0x00, 0xde, 0x10, 0x53,
180
    0x9b, 0xa0, 0x26, 0x6b, 0x57, 0xe6, 0x50, 0x69,
181
    0x03, 0x18, 0xef, 0xe9, 0x3d, 0xc1, 0x08, 0x74,
182
    0xdb, 0x1e, 0x02, 0x9d, 0x6c, 0x03, 0x04, 0xdc,
183
    0x0c, 0xad, 0x68, 0x23, 0x08, 0x6e, 0x9c, 0x8a,
184
    0x2b, 0xb8, 0xa3, 0xca, 0xf1, 0x3e, 0x16, 0x17,
185
    0x43, 0xa4, 0x64, 0xf3, 0x64, 0x75, 0x54, 0xdd,
186
    0x25, 0x19, 0x37, 0xf4, 0x7b, 0x14, 0x12, 0xa7,
187
    0x62, 0xa7, 0xc5, 0x27, 0x46, 0xd6, 0xda, 0xe8,
188
    0x4e, 0xcb, 0xf4, 0x80, 0x7e, 0x8c, 0xa6, 0xb4,
189
    0x52, 0x0a, 0x1d, 0xf6, 0x24, 0xf2, 0x13, 0xe3,
190
    0x4a, 0xcc, 0x86, 0x27, 0x26, 0x57, 0x06, 0xfa,
191
    0xfa, 0x9d, 0xb2, 0x4c, 0x0c, 0xa4, 0xad, 0x07,
192
    0x47, 0x13, 0xbb, 0x80, 0x63, 0x37, 0x37, 0x6c,
193
    0xa4, 0x2e, 0xb7, 0xd5, 0x74, 0x37, 0xb7, 0x95,
194
    0xe1, 0xc4, 0xbe, 0x25, 0x33, 0xcc, 0x0e, 0xdf,
195
    0x53, 0xa6, 0xf9, 0x6f, 0xbc, 0x7b, 0xa6, 0x5c
196
};
197
198
//
199
// DL group and keys for DSA selftest
200
//
201
202
const SYMCRYPT_SELFTEST_DLGROUP_2048 dsaDlgroup =
203
{
204
    // Prime P
205
    {
206
        0x8a, 0x09, 0xf1, 0x3b, 0xb4, 0xce, 0xc7, 0xb9,
207
        0x73, 0x36, 0xae, 0xb2, 0x45, 0xee, 0x9d, 0x7d,
208
        0x3b, 0xef, 0xaf, 0x78, 0xb7, 0x8c, 0x62, 0xdb,
209
        0xd1, 0x86, 0x60, 0xac, 0xef, 0xa6, 0x3f, 0x14,
210
        0x19, 0xa8, 0x02, 0xf4, 0xf3, 0xaa, 0x44, 0x91,
211
        0x4a, 0xc9, 0xa8, 0xf8, 0x70, 0xb0, 0x95, 0x96,
212
        0xbc, 0x52, 0x6c, 0x0c, 0x46, 0x42, 0x2c, 0x4a,
213
        0x12, 0xce, 0xfb, 0x28, 0x3d, 0x3a, 0x0c, 0x53,
214
        0x48, 0x8b, 0x6c, 0x2a, 0x43, 0x55, 0x64, 0xb2,
215
        0x60, 0x5e, 0x54, 0xdc, 0x72, 0x35, 0x33, 0xec,
216
        0x1b, 0xd6, 0x6d, 0x8f, 0xd5, 0xaf, 0x6d, 0x12,
217
        0xf0, 0x26, 0xef, 0x1d, 0xd7, 0x49, 0xf5, 0x5c,
218
        0xf6, 0xd8, 0xc8, 0x39, 0xcd, 0xb3, 0xc8, 0xa6,
219
        0xb1, 0x9c, 0xac, 0x52, 0x89, 0xce, 0xe4, 0x54,
220
        0xf7, 0x0e, 0xe8, 0xdc, 0xbc, 0x32, 0x75, 0x53,
221
        0xcf, 0xe8, 0xe3, 0x29, 0x03, 0xbf, 0xa1, 0x56,
222
        0x0d, 0xce, 0xfa, 0xd1, 0x8b, 0x55, 0x0c, 0xdd,
223
        0x94, 0xe2, 0xfa, 0xf0, 0x52, 0xaf, 0x4b, 0xcb,
224
        0x38, 0xb3, 0x6a, 0xb9, 0x5a, 0x75, 0x6f, 0xf2,
225
        0xbb, 0x5d, 0xcb, 0x47, 0x8a, 0xb0, 0x86, 0x85,
226
        0xdd, 0x49, 0x47, 0xbc, 0xa9, 0xa5, 0x7b, 0xd2,
227
        0xba, 0x0e, 0x23, 0x41, 0xea, 0x12, 0xb6, 0x0f,
228
        0x5e, 0x0b, 0xb0, 0x07, 0x63, 0x34, 0x65, 0x66,
229
        0x07, 0x98, 0xa1, 0x9a, 0x12, 0x75, 0x25, 0x2f,
230
        0xd2, 0x3b, 0x1e, 0x89, 0xb8, 0x70, 0xfd, 0x89,
231
        0xfd, 0x95, 0x17, 0x9a, 0xe3, 0xb8, 0xbb, 0x1c,
232
        0x93, 0x87, 0x4a, 0x3b, 0x5f, 0xdf, 0xca, 0x09,
233
        0xd7, 0xc6, 0xca, 0xaf, 0x7b, 0xcf, 0x03, 0x58,
234
        0x89, 0xb1, 0x1e, 0x4d, 0x5d, 0x89, 0x10, 0xa8,
235
        0x53, 0xf4, 0x12, 0x56, 0x8b, 0x85, 0xe2, 0xcc,
236
        0x02, 0x86, 0x82, 0x77, 0x2e, 0x0f, 0x30, 0x86,
237
        0x1b, 0x6e, 0xd1, 0xda, 0x15, 0x05, 0x5f, 0x93
238
    },
239
240
    // Prime Q
241
    {
242
        0xb8, 0x0e, 0xd4, 0x3a, 0xe1, 0x2a, 0x6a, 0xb7,
243
        0xd5, 0x6d, 0x3f, 0x8c, 0x86, 0xb9, 0xb9, 0x9d,
244
        0xb4, 0x28, 0xa3, 0x96, 0x61, 0xab, 0x19, 0x8a,
245
        0x92, 0xe1, 0xc2, 0xaa, 0x7e, 0x10, 0x03, 0x13
246
    },
247
248
    // Generator
249
    {
250
        0x1a, 0xe8, 0x38, 0xbe, 0xe7, 0xd0, 0xc5, 0x52,
251
        0x89, 0x0d, 0x7a, 0x45, 0x31, 0x83, 0x9a, 0xed,
252
        0xa5, 0x4e, 0x13, 0x15, 0xba, 0xb7, 0x01, 0xa1,
253
        0xf5, 0x86, 0x6a, 0x43, 0x88, 0x75, 0xdb, 0xed,
254
        0xe9, 0xa3, 0xa3, 0x43, 0x78, 0x4c, 0x01, 0x18,
255
        0x4d, 0x56, 0x3a, 0x49, 0x3c, 0xa7, 0x10, 0xba,
256
        0x0b, 0x1b, 0x11, 0x11, 0xef, 0x2d, 0xee, 0x12,
257
        0x76, 0x8c, 0xc2, 0xa8, 0xe2, 0x9d, 0xc6, 0x3f,
258
        0xb5, 0xe5, 0x91, 0x76, 0x0f, 0xd8, 0xf6, 0xff,
259
        0x59, 0x06, 0xb7, 0x4e, 0xcc, 0xb3, 0x75, 0x50,
260
        0x47, 0x6c, 0x61, 0xf6, 0x3f, 0xe7, 0x9f, 0x80,
261
        0x4c, 0x04, 0x84, 0xac, 0xfd, 0xab, 0x63, 0xa3,
262
        0x99, 0x61, 0x62, 0x26, 0x5d, 0x1c, 0xc3, 0x11,
263
        0x31, 0x2e, 0x4c, 0xf1, 0x81, 0xc6, 0x45, 0xd4,
264
        0x3a, 0x3d, 0x17, 0x48, 0x8e, 0x84, 0x38, 0xde,
265
        0xc1, 0x55, 0x42, 0xca, 0xf8, 0xb0, 0x76, 0x54,
266
        0x90, 0xac, 0xf8, 0x0f, 0x38, 0xdd, 0x81, 0x70,
267
        0xa9, 0xb8, 0x6f, 0xcb, 0x3e, 0xba, 0xf7, 0x1e,
268
        0x5d, 0xaa, 0xa0, 0xcb, 0x7c, 0x37, 0xa1, 0x87,
269
        0xb0, 0x34, 0x6e, 0x78, 0x62, 0x7e, 0x17, 0xe6,
270
        0xae, 0xc3, 0x4e, 0x0c, 0xeb, 0x4f, 0x25, 0x76,
271
        0x4a, 0xb6, 0xe5, 0xc6, 0x23, 0x77, 0xfb, 0xa8,
272
        0xb2, 0x0c, 0xa1, 0xc0, 0x56, 0xe9, 0x22, 0x2d,
273
        0x3f, 0x44, 0x43, 0x31, 0xdf, 0x2f, 0x5f, 0x57,
274
        0x22, 0x6e, 0x8a, 0xf1, 0x64, 0xb1, 0x3c, 0xd3,
275
        0x22, 0x78, 0x8a, 0xe3, 0x12, 0xbd, 0x47, 0x20,
276
        0xd3, 0x19, 0x22, 0xb7, 0xc7, 0xc7, 0x6a, 0xb8,
277
        0x7e, 0x13, 0x34, 0x13, 0x41, 0x47, 0x56, 0xd4,
278
        0xff, 0x4f, 0x37, 0xd2, 0x8d, 0x58, 0x8f, 0xe3,
279
        0xea, 0x04, 0x0a, 0x13, 0x3f, 0x3b, 0x8f, 0x71,
280
        0x5a, 0xbe, 0xf8, 0x90, 0x8d, 0x3b, 0xd5, 0xeb,
281
        0x97, 0x6f, 0xeb, 0xb1, 0xe1, 0xed, 0x1c, 0x6f
282
    },
283
284
    // Seed
285
    {
286
        0xe7, 0x53, 0x59, 0xd5, 0xca, 0x3a, 0x7c, 0xe1,
287
        0x83, 0x68, 0x7a, 0x79, 0xff, 0x65, 0xad, 0x40,
288
        0x38, 0x69, 0x59, 0x10, 0x5a, 0x18, 0x4d, 0xc5,
289
        0x3a, 0xd2, 0x7e, 0x95, 0x23, 0xa3, 0x7b, 0x3d
290
    },
291
292
    // Counter
293
    3394
294
};
295
296
const SYMCRYPT_SELFTEST_DLKEY_2048 dsaKey =
297
{
298
    // Public key
299
    {
300
    0x24, 0xaa, 0x5c, 0x6a, 0x72, 0x54, 0x3a, 0x40,
301
    0x8a, 0xd7, 0xa4, 0xd2, 0x59, 0x7d, 0xfc, 0x9d,
302
    0x93, 0xc3, 0x9f, 0x84, 0x50, 0x4e, 0x03, 0x17,
303
    0x87, 0x19, 0x35, 0xf0, 0x17, 0x17, 0x22, 0xb8,
304
    0x08, 0xca, 0xe4, 0x22, 0xd3, 0xb5, 0x52, 0x92,
305
    0xf0, 0xa9, 0x83, 0x45, 0xe4, 0x2c, 0x1f, 0xa7,
306
    0xb1, 0x9f, 0x8e, 0x35, 0xfe, 0x26, 0x1f, 0xe0,
307
    0xda, 0x74, 0xe4, 0xa4, 0xa0, 0xf6, 0x17, 0x0b,
308
    0x04, 0x86, 0xc7, 0x5e, 0x2e, 0xc0, 0x52, 0xfe,
309
    0x29, 0x12, 0x48, 0x3a, 0x16, 0x12, 0xfb, 0xbe,
310
    0xd9, 0x71, 0xf2, 0x65, 0x44, 0xef, 0x41, 0xf4,
311
    0x67, 0x7c, 0x8b, 0xeb, 0xb8, 0xb6, 0x58, 0x5d,
312
    0xd0, 0xbb, 0x42, 0xf9, 0xc7, 0x32, 0xcc, 0x44,
313
    0x46, 0x93, 0x8f, 0x2e, 0xe2, 0xd7, 0x6c, 0xa6,
314
    0x53, 0x4d, 0xc9, 0x12, 0xbb, 0xc9, 0xee, 0xb2,
315
    0xba, 0xc0, 0x0e, 0xc2, 0x7e, 0x61, 0x61, 0x29,
316
    0x2d, 0x70, 0x70, 0x86, 0x10, 0xd8, 0x24, 0x6d,
317
    0x6e, 0x4c, 0x7d, 0xb2, 0xc9, 0x10, 0x0a, 0x3c,
318
    0xf8, 0x46, 0x91, 0xeb, 0xb7, 0xc2, 0x31, 0x32,
319
    0xf9, 0x5b, 0x29, 0x53, 0x38, 0x75, 0x27, 0x88,
320
    0x53, 0x2a, 0xe2, 0xae, 0x61, 0x7d, 0xe0, 0xd1,
321
    0xb1, 0x9a, 0x43, 0xcf, 0xf1, 0x91, 0x19, 0x11,
322
    0x4d, 0x7c, 0xf8, 0x5a, 0x37, 0x9c, 0x2b, 0x0c,
323
    0x40, 0x74, 0x40, 0xee, 0xef, 0x5b, 0x1f, 0x3b,
324
    0xa1, 0xb8, 0x06, 0x2e, 0x5d, 0x1d, 0x23, 0xd8,
325
    0x05, 0x08, 0xc4, 0x1a, 0x70, 0x96, 0x96, 0x29,
326
    0x6a, 0x12, 0x3a, 0x96, 0x68, 0x94, 0x8e, 0x3a,
327
    0xfe, 0x2d, 0x71, 0x0c, 0x54, 0x28, 0x67, 0xbf,
328
    0x95, 0x69, 0x68, 0x73, 0xee, 0xe6, 0x5d, 0x65,
329
    0x79, 0x57, 0xe5, 0x45, 0x08, 0xbd, 0xf1, 0x8c,
330
    0x59, 0x45, 0x97, 0xa9, 0x43, 0xd6, 0xbd, 0xb5,
331
    0x34, 0xf0, 0x6a, 0x0a, 0x52, 0x6e, 0x47, 0xa6
332
    },
333
334
    // Private key
335
    {
336
        0x0f, 0x3f, 0xab, 0x80, 0xf1, 0x29, 0x5d, 0x41,
337
        0xf7, 0xbb, 0xff, 0xa6, 0x0a, 0x28, 0x9d, 0x46,
338
        0x56, 0x28, 0x7c, 0x9b, 0x3e, 0x4a, 0x06, 0x95,
339
        0x7d, 0xea, 0x04, 0x1e, 0xab, 0x9a, 0x78, 0x17
340
    }
341
};
342
343
//
344
// ECDH/ECDSA keys
345
//
346
347
const SYMCRYPT_SELFTEST_ECKEY_P256 eckey1 =
348
{
349
    // Qxy
350
    {
351
        //Qx
352
        0xdd, 0xd5, 0x15, 0x20, 0x43, 0x8d, 0x41, 0xa9,
353
        0x18, 0xcf, 0x62, 0xc2, 0x13, 0xf7, 0xed, 0xb2,
354
        0xf9, 0x8f, 0x02, 0xa3, 0x78, 0x30, 0x7e, 0x22,
355
        0x8f, 0xc1, 0x44, 0xbe, 0xde, 0xc6, 0x65, 0x91,
356
        //Qy
357
        0x72, 0xad, 0x17, 0xad, 0x51, 0x8c, 0xd3, 0x60,
358
        0x0f, 0x54, 0xc0, 0xf4, 0xc3, 0x22, 0x5b, 0x44,
359
        0xab, 0xad, 0x28, 0xb5, 0x56, 0x8e, 0x78, 0x0a,
360
        0x6a, 0x09, 0x6b, 0x65, 0x81, 0x6d, 0x6f, 0x99
361
    },
362
    //d
363
    {
364
        0x07, 0x36, 0x9f, 0xb2, 0x35, 0xce, 0xe2, 0xd4,
365
        0x7e, 0x13, 0x35, 0x31, 0xae, 0xa5, 0x6e, 0x6c,
366
        0x96, 0xd3, 0x9f, 0x3b, 0xa7, 0x74, 0xae, 0xf9,
367
        0x7a, 0x56, 0x6e, 0xfe, 0x32, 0x3f, 0x43, 0xaa
368
    },
369
};
370
371
const SYMCRYPT_SELFTEST_ECKEY_P256 eckey2 =
372
{
373
    // Qxy
374
    {
375
        //Qx
376
        0x21, 0xf2, 0xf7, 0x08, 0x8c, 0x71, 0x59, 0xa7,
377
        0x0c, 0xe1, 0xb9, 0x1a, 0xe0, 0xed, 0x69, 0xbe,
378
        0x44, 0xeb, 0xa3, 0x51, 0xfd, 0x32, 0x4a, 0x90,
379
        0xdc, 0xde, 0xa4, 0x10, 0xe4, 0x44, 0x69, 0x29,
380
        //Qy
381
        0x74, 0xd0, 0xc6, 0xbd, 0xe5, 0x13, 0x68, 0x07,
382
        0x9f, 0x40, 0x5e, 0xbf, 0x9e, 0x61, 0x7c, 0x3f,
383
        0xc8, 0x16, 0xe2, 0xd5, 0x0e, 0xf8, 0x09, 0x15,
384
        0xf3, 0x30, 0xba, 0x45, 0x25, 0xab, 0x9a, 0xae
385
    },
386
    //d
387
    {
388
        0xd0, 0x93, 0xf2, 0x34, 0x82, 0x39, 0xa6, 0x5c,
389
        0xd7, 0xe5, 0x10, 0x27, 0x0f, 0xfc, 0x0a, 0x0d,
390
        0x89, 0x97, 0x10, 0xa7, 0x50, 0x5a, 0xc4, 0x1b,
391
        0x5d, 0x18, 0x03, 0x2f, 0x7d, 0x46, 0x58, 0x4d
392
    }
393
};
394
395
// Shared secret generated from the two keys above
396
const BYTE rgbEcdhKnownSecret[] =
397
{
398
    0x16, 0x94, 0xc8, 0xb3, 0xe9, 0xbe, 0x65, 0x41,
399
    0x75, 0xba, 0x71, 0x5d, 0x0a, 0xab, 0x6f, 0x6d,
400
    0xeb, 0xdb, 0x70, 0x75, 0xd1, 0x9e, 0x90, 0x7f,
401
    0xb6, 0x08, 0x32, 0x29, 0x34, 0x40, 0x1e, 0xd4
402
};
403
404
//
405
// Key from http://csrc.nist.gov/cryptval/dss/RSAExample.zip.
406
//
407
const SYMCRYPT_SELFTEST_RSAKEY_2048 rsakey =
408
{
409
    // publicExp
410
    0x3,
411
    // modulus
412
    {
413
        0x8f, 0xf3, 0x13, 0xb3, 0xad, 0xd8, 0x83, 0xd8,
414
        0x82, 0x2f, 0x46, 0xe1, 0x5e, 0x43, 0x6e, 0x38,
415
        0x7d, 0xa7, 0x84, 0xd3, 0x5e, 0xb4, 0x91, 0x2b,
416
        0x87, 0x89, 0x95, 0x30, 0x0b, 0x04, 0xdd, 0xe7,
417
        0x21, 0x6d, 0x24, 0xaf, 0xbe, 0x57, 0x0a, 0x0d,
418
        0x6a, 0x10, 0xd9, 0xa1, 0xf6, 0x02, 0x03, 0xd1,
419
        0x7e, 0x4d, 0xdb, 0xda, 0xa4, 0x96, 0x4c, 0x61,
420
        0x41, 0xfb, 0xbd, 0xc7, 0x2c, 0xd9, 0x30, 0xdb,
421
        0x0a, 0x43, 0x6d, 0x41, 0xce, 0x28, 0xad, 0xaf,
422
        0xbe, 0x94, 0x55, 0x39, 0x95, 0x94, 0xfc, 0x9a,
423
        0x8b, 0x80, 0x25, 0x4b, 0xf7, 0xdc, 0x8c, 0xfb,
424
        0xce, 0x92, 0xcf, 0x7a, 0xd7, 0x5e, 0x0f, 0x12,
425
        0x5d, 0xca, 0x5a, 0xaf, 0x94, 0xcf, 0x13, 0x99,
426
        0x7c, 0xb2, 0x71, 0x81, 0x73, 0x4c, 0xbd, 0x56,
427
        0x7c, 0x55, 0xc3, 0x73, 0xa4, 0x74, 0xac, 0xb8,
428
        0xb5, 0x6f, 0xdd, 0x54, 0x3b, 0x97, 0x8a, 0x3a,
429
        0x72, 0xe0, 0xb3, 0x8d, 0x5a, 0xb4, 0xd8, 0x54,
430
        0x3d, 0xc1, 0x9f, 0x69, 0x7f, 0xc0, 0x30, 0x1e,
431
        0xd6, 0xb5, 0x4f, 0xcd, 0xe5, 0xdd, 0x68, 0x08,
432
        0x93, 0x92, 0x1f, 0x9f, 0xe3, 0x23, 0x84, 0x12,
433
        0xc9, 0xbb, 0xa5, 0xb8, 0x53, 0x14, 0x8b, 0xe0,
434
        0xa4, 0x93, 0x97, 0x89, 0x05, 0x16, 0xb2, 0xc8,
435
        0x70, 0x2a, 0xc8, 0x46, 0xcd, 0x92, 0x43, 0xad,
436
        0x6a, 0x35, 0x3e, 0x84, 0xcc, 0xbf, 0xa7, 0xfe,
437
        0x79, 0x9e, 0xf4, 0xc3, 0x7d, 0xde, 0x97, 0xa0,
438
        0x25, 0x7f, 0x93, 0x9c, 0xbc, 0x14, 0xce, 0xd6,
439
        0xd8, 0x6c, 0x47, 0x0f, 0xc9, 0x88, 0xd4, 0x35,
440
        0x05, 0x87, 0x83, 0xf8, 0xcb, 0xd8, 0xa6, 0x7e,
441
        0xd2, 0xd8, 0xcd, 0xe7, 0x1c, 0x6e, 0x74, 0xdd,
442
        0xc6, 0x49, 0xe5, 0x6f, 0x51, 0xc6, 0x29, 0x2a,
443
        0x15, 0xc1, 0xff, 0xbd, 0x85, 0x6e, 0xe1, 0x5f,
444
        0x49, 0xda, 0xcc, 0xbb, 0x74, 0x2a, 0x8a, 0xb9
445
    },
446
    // prime1
447
    {
448
        0xc8, 0x23, 0xbd, 0x5e, 0x64, 0x04, 0xba, 0xc4,
449
        0x51, 0x1d, 0x15, 0x05, 0xdc, 0xd1, 0x33, 0x3c,
450
        0xc3, 0xbe, 0xca, 0x9a, 0x7f, 0x43, 0x50, 0x0b,
451
        0x61, 0x3f, 0xb4, 0x16, 0xe0, 0x1c, 0x4b, 0x05,
452
        0x32, 0x0d, 0x0d, 0x47, 0x19, 0x93, 0x01, 0x12,
453
        0x00, 0x46, 0xf6, 0x4d, 0x46, 0xd2, 0x74, 0xac,
454
        0xda, 0x40, 0xf2, 0x1d, 0x08, 0x77, 0x49, 0x63,
455
        0x92, 0x02, 0x69, 0x00, 0x03, 0x13, 0x4b, 0x59,
456
        0x40, 0xc8, 0x27, 0x15, 0x60, 0xae, 0xe6, 0xc6,
457
        0xbd, 0x84, 0xda, 0xcb, 0x4b, 0x41, 0xad, 0x75,
458
        0x29, 0x58, 0x97, 0x68, 0x76, 0x3a, 0xd4, 0x44,
459
        0x66, 0x1c, 0x56, 0x85, 0x95, 0xfb, 0xb7, 0xa8,
460
        0x9b, 0xde, 0x71, 0x90, 0xe0, 0x63, 0x64, 0xdf,
461
        0xff, 0xc6, 0xe5, 0x2d, 0x5d, 0x87, 0x73, 0x94,
462
        0x61, 0x89, 0x23, 0x3b, 0x8f, 0x38, 0xdf, 0x67,
463
        0x14, 0x2b, 0x0a, 0x79, 0x61, 0x2d, 0xed, 0x0f
464
    },
465
    // prime2
466
    {
467
        0xb8, 0x20, 0x79, 0xad, 0x07, 0x09, 0x04, 0x80,
468
        0x78, 0x39, 0x24, 0x4a, 0xd8, 0x1f, 0xa3, 0x82,
469
        0x51, 0x8c, 0x18, 0x31, 0x5e, 0x5c, 0x00, 0xae,
470
        0x82, 0x58, 0x10, 0xac, 0x3a, 0x5b, 0xca, 0x77,
471
        0x30, 0xb4, 0x4f, 0x7b, 0xb1, 0xcc, 0x74, 0x06,
472
        0x61, 0x09, 0x17, 0x4f, 0x2e, 0xf1, 0xb4, 0xb6,
473
        0x82, 0x93, 0x33, 0x4d, 0xbd, 0x22, 0x04, 0x98,
474
        0xe2, 0xe4, 0x6e, 0x91, 0x90, 0x4a, 0x24, 0xef,
475
        0x35, 0x61, 0x1a, 0xa8, 0x7e, 0x69, 0x96, 0xb5,
476
        0x12, 0xc2, 0x8a, 0x15, 0x7f, 0x10, 0x21, 0x14,
477
        0x74, 0x97, 0x98, 0xcd, 0x32, 0xe7, 0x4f, 0xee,
478
        0x3d, 0xbe, 0x20, 0xbb, 0x57, 0x2a, 0xef, 0x56,
479
        0xae, 0xee, 0x82, 0x3d, 0x55, 0x35, 0xb3, 0x87,
480
        0x46, 0x96, 0x01, 0xd7, 0x83, 0x40, 0xfd, 0x94,
481
        0x0d, 0x2f, 0xe3, 0xe0, 0x92, 0x42, 0x02, 0xe7,
482
        0xbf, 0x02, 0xc1, 0x0f, 0xd1, 0x52, 0x9b, 0xb7
483
    }
484
};
485
486
// RSA-2048 PKCS1 signature on rgbSha256Hash generated with rsakey
487
const BYTE rgbRsaPkcs1Sig[] = {
488
    0x8c, 0x01, 0x48, 0x38, 0x1a, 0x8f, 0xa9, 0xae, 0x55, 0xa6, 0xad, 0x04, 0x5f, 0x78, 0x1a, 0xf5,
489
    0xae, 0xf4, 0x09, 0x5d, 0x9c, 0x3a, 0xe2, 0x13, 0xf2, 0x04, 0xd8, 0x8a, 0xf7, 0x58, 0x4f, 0xe5,
490
    0xb0, 0xcc, 0xea, 0xd8, 0xd0, 0xc4, 0x57, 0xd1, 0x9e, 0x61, 0xa8, 0x62, 0xb3, 0x39, 0x03, 0xf6,
491
    0x13, 0x45, 0x6f, 0x88, 0x1a, 0x14, 0x33, 0x07, 0x20, 0x17, 0xab, 0xe1, 0x00, 0x93, 0x69, 0x03,
492
    0x37, 0x69, 0xbb, 0x0e, 0x0f, 0x63, 0x57, 0xed, 0xb7, 0x56, 0x3a, 0x5d, 0xf1, 0x93, 0xd3, 0x76,
493
    0x90, 0xf3, 0xed, 0x25, 0x6f, 0xc5, 0xc8, 0xcb, 0x1a, 0xd7, 0xce, 0x02, 0x80, 0x28, 0xa3, 0x5f,
494
    0x02, 0x6b, 0xf1, 0xfa, 0x94, 0x08, 0xbb, 0x79, 0xfd, 0x51, 0x37, 0xf1, 0x48, 0xe9, 0x55, 0xaa,
495
    0x0f, 0xb0, 0xaf, 0x5d, 0x5f, 0xe9, 0x28, 0x7f, 0xb2, 0x67, 0x96, 0x6d, 0x91, 0x7c, 0x98, 0x0d,
496
    0x60, 0x27, 0xea, 0x62, 0xf5, 0x22, 0x60, 0x0a, 0xbd, 0xfe, 0x9d, 0xd5, 0x96, 0xa6, 0x02, 0xbb,
497
    0x6c, 0x51, 0x36, 0x74, 0x92, 0x23, 0xb9, 0x4b, 0x87, 0xf4, 0xef, 0x2b, 0x00, 0x34, 0xe3, 0xfb,
498
    0x10, 0x1b, 0xcc, 0xab, 0xc4, 0xe5, 0xda, 0x27, 0xf5, 0xf2, 0x55, 0x18, 0x65, 0x59, 0x8b, 0xed,
499
    0x8e, 0x52, 0x78, 0x5a, 0xc7, 0x4b, 0x6b, 0x1b, 0x66, 0x67, 0xe6, 0xc0, 0xd7, 0x5a, 0x2a, 0xab,
500
    0xce, 0x1d, 0xf2, 0xdf, 0x92, 0xe0, 0xdb, 0xf7, 0x34, 0xe3, 0x05, 0x10, 0xe4, 0x13, 0x7b, 0x29,
501
    0x14, 0xa5, 0x41, 0xcb, 0x6e, 0x81, 0x33, 0xd0, 0xf9, 0x93, 0xa8, 0x85, 0xd1, 0xf4, 0xea, 0xfc,
502
    0xaf, 0x5d, 0x7b, 0xc7, 0xf4, 0xff, 0x6c, 0x1e, 0x76, 0x18, 0xc6, 0x09, 0xe9, 0x8a, 0xa4, 0x57,
503
    0xe6, 0x6b, 0x3e, 0x32, 0x36, 0xb4, 0xfd, 0x6a, 0xea, 0x87, 0xe0, 0xe6, 0x42, 0x3e, 0xdc, 0x58
504
};
505
506
// SHA256 hash for DSA, ECDSA, RSA sign/verify tests
507
// Hashed from: { 0x61, 0x62, 0x63 }
508
const BYTE rgbSha256Hash[] =
509
{
510
    0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
511
    0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
512
    0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
513
    0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
514
};
515
516
517
// XMSS-SHA2_10_192 public-key and signature for message "abc"
518
const BYTE rgbXmssSha2_10_192Pubkey[] =
519
{
520
    // Algorithm ID
521
    0x00, 0x00, 0x00, 0x0d,
522
    
523
    // Root
524
    0x7e, 0x63, 0xd5, 0x1d, 0xdf, 0x92, 0x0f, 0x10,
525
    0x63, 0x52, 0x82, 0x38, 0xdf, 0x15, 0x0e, 0x83,
526
    0x5c, 0x74, 0x0a, 0x25, 0x10, 0xc8, 0x3b, 0xdc,
527
    
528
    // Seed
529
    0x75, 0x78, 0x08, 0x77, 0xb0, 0x90, 0x02, 0x63,
530
    0x45, 0x4b, 0xf9, 0xad, 0xee, 0x52, 0x04, 0x75,
531
    0x45, 0x13, 0x99, 0xdd, 0x9f, 0xbb, 0xc7, 0x43,
532
};
533
534
const BYTE rgbXmssSha2_10_192Signature[] =
535
{
536
    // Idx
537
    0x00, 0x00, 0x00, 0x03,
538
539
    // Randomness
540
    0xf8, 0xbe, 0x24, 0x0e, 0x21, 0x1f, 0x9b, 0x7f, 0x3a, 0x81, 0x82, 0x32, 0x79, 0xe2, 0x2f, 0x42,
541
    0xa5, 0x5a, 0xea, 0x32, 0x75, 0x58, 0x47, 0x8a,
542
    
543
    // WOTSP signature
544
    0x2d, 0xaa, 0x55, 0xc6, 0xdb, 0xa4, 0x46, 0x83, 0xda, 0x62, 0xba, 0x67, 0x1a, 0xa2, 0x53, 0x4a,
545
    0xbf, 0xf4, 0x0c, 0x4e, 0x8d, 0xa6, 0x3b, 0xdf, 0x92, 0x1c, 0x80, 0xb7, 0xe6, 0x58, 0x66, 0xf3,
546
    0x5d, 0x01, 0xd7, 0x31, 0x70, 0x7e, 0x22, 0x04, 0x73, 0xb0, 0xaa, 0x7a, 0x64, 0xf9, 0xba, 0xf5,
547
    0x37, 0x58, 0x98, 0x7e, 0x9c, 0x81, 0xd4, 0xa5, 0xe0, 0x2e, 0xed, 0x6b, 0x61, 0x57, 0xe5, 0x73,
548
    0x80, 0x42, 0x79, 0xe2, 0x30, 0x9d, 0xa8, 0x9c, 0x0c, 0x10, 0x1f, 0xb9, 0xf5, 0xa0, 0x17, 0x0e,
549
    0xa0, 0x99, 0xa4, 0xd8, 0x42, 0xea, 0x90, 0xa3, 0xb0, 0x20, 0x89, 0x02, 0x35, 0xfe, 0x86, 0x2e,
550
    0x9a, 0x72, 0x41, 0x72, 0x77, 0xb6, 0xbd, 0x30, 0x05, 0xb0, 0xfa, 0xb4, 0x43, 0xc9, 0xfe, 0x54,
551
    0x3f, 0x78, 0x83, 0x87, 0x1a, 0x10, 0xeb, 0x8a, 0xf3, 0xbe, 0x59, 0x67, 0x86, 0x26, 0x6e, 0xa2,
552
    0xff, 0xaa, 0xb1, 0xa4, 0xb3, 0xcb, 0xfd, 0xe5, 0x31, 0xb3, 0xd4, 0x2a, 0x02, 0x5e, 0xea, 0xfb,
553
    0xea, 0x95, 0x70, 0xa2, 0x56, 0xe9, 0x9e, 0xd1, 0x84, 0x0b, 0xd4, 0xc8, 0xa3, 0xee, 0x46, 0x48,
554
    0x96, 0x1f, 0x30, 0x7d, 0x86, 0x63, 0x47, 0x18, 0xb2, 0xe2, 0x3b, 0xe3, 0x89, 0x28, 0x5b, 0x6f,
555
    0x5d, 0x2a, 0xe4, 0xe5, 0x3e, 0xb2, 0x2a, 0x97, 0x00, 0x04, 0xe7, 0xe3, 0x87, 0xa3, 0x6b, 0x73,
556
    0xe3, 0xcd, 0x99, 0x5a, 0x8b, 0x93, 0x6a, 0x28, 0x53, 0x66, 0x5b, 0x21, 0x0b, 0x88, 0x2f, 0x01,
557
    0x31, 0x37, 0x03, 0x21, 0xf9, 0xd6, 0x47, 0x99, 0x75, 0x81, 0x27, 0x7b, 0x24, 0xa4, 0x23, 0x32,
558
    0x33, 0x6b, 0x3b, 0x8f, 0xe3, 0x5b, 0x38, 0xcc, 0xa5, 0x53, 0xb0, 0x15, 0xd3, 0xc8, 0x42, 0x75,
559
    0x2d, 0x73, 0x5a, 0x80, 0x01, 0x10, 0x66, 0x48, 0xf6, 0x3e, 0x36, 0x84, 0xc8, 0xc0, 0x7a, 0xf6,
560
    0xfb, 0xe1, 0xe8, 0x15, 0x3e, 0x9e, 0x0c, 0xd0, 0x0c, 0x45, 0x82, 0xa3, 0xfa, 0x8a, 0x0b, 0x6f,
561
    0x84, 0x0b, 0x98, 0xf9, 0x58, 0x88, 0xb8, 0x13, 0xc7, 0xd7, 0x4e, 0x91, 0x89, 0x2f, 0xc0, 0x6f,
562
    0x00, 0xf1, 0x6d, 0x67, 0xea, 0xb8, 0xae, 0xbb, 0xa9, 0x12, 0xcb, 0xe6, 0x69, 0xd6, 0x0e, 0xb3,
563
    0xfb, 0xa8, 0xb0, 0x42, 0x06, 0x64, 0x25, 0x07, 0xcc, 0xb7, 0xa8, 0x05, 0x51, 0xc2, 0x9f, 0xe9,
564
    0xed, 0x59, 0xb9, 0xb0, 0x9d, 0x4c, 0x56, 0x8e, 0xc2, 0x48, 0xf6, 0x4a, 0x8b, 0x71, 0x90, 0xa1,
565
    0x3c, 0xd2, 0xf5, 0xab, 0x74, 0xca, 0xaf, 0x1c, 0x31, 0xa6, 0x45, 0x30, 0x89, 0xb4, 0xe1, 0x4a,
566
    0x82, 0x08, 0x75, 0x46, 0x16, 0xd8, 0x1e, 0x8a, 0x42, 0x6c, 0xa0, 0x63, 0x71, 0x41, 0x4f, 0x50,
567
    0xa8, 0xa2, 0x61, 0xcf, 0xb7, 0xd7, 0x4d, 0x91, 0x55, 0xf2, 0xf2, 0xdf, 0xf6, 0xe2, 0xac, 0xb3,
568
    0x6f, 0x54, 0x32, 0xb9, 0xf0, 0x3d, 0x8e, 0xf3, 0x04, 0xae, 0xdd, 0x8f, 0x53, 0xb9, 0x8b, 0xe3,
569
    0xcc, 0x3d, 0xbc, 0x54, 0xe4, 0xc4, 0x7c, 0x6d, 0x10, 0xfe, 0xd6, 0xeb, 0x12, 0xeb, 0xd1, 0xb1,
570
    0x0a, 0x74, 0x56, 0x81, 0x3a, 0x05, 0x45, 0x65, 0x37, 0x0e, 0x8c, 0x0c, 0x0d, 0xad, 0x3e, 0x91,
571
    0xc7, 0x9a, 0x3c, 0xe6, 0xd7, 0x3a, 0xfb, 0x9f, 0x54, 0x66, 0x03, 0x0d, 0x9e, 0x18, 0xe5, 0xa2,
572
    0x19, 0xca, 0x3a, 0xaa, 0x99, 0x6f, 0xe8, 0x15, 0xe3, 0x47, 0x4b, 0x90, 0x93, 0x17, 0x89, 0xda,
573
    0x13, 0xff, 0xe5, 0xad, 0x8b, 0xd5, 0xe8, 0xeb, 0x25, 0x3e, 0x10, 0x66, 0x8e, 0x13, 0x01, 0x4d,
574
    0xc1, 0xc9, 0x17, 0x56, 0x4e, 0x23, 0xef, 0x34, 0x22, 0xed, 0x8d, 0x84, 0x7c, 0xd8, 0x42, 0x7b,
575
    0x72, 0x3d, 0x45, 0x1f, 0x23, 0x60, 0x46, 0x1d, 0x60, 0xb4, 0xaf, 0x6d, 0xb9, 0xc3, 0xe3, 0xd4,
576
    0x05, 0xee, 0x24, 0xb7, 0x1e, 0xbe, 0x37, 0x3d, 0x62, 0xc5, 0xe1, 0x6c, 0xd7, 0xc3, 0x43, 0xf4,
577
    0x1c, 0x8b, 0x95, 0xb8, 0x31, 0x0d, 0x6f, 0x51, 0x0b, 0xb8, 0xf0, 0x87, 0xf2, 0x94, 0x5c, 0x25,
578
    0x2d, 0x84, 0x9a, 0x3b, 0x6b, 0x13, 0x61, 0xd6, 0x94, 0xa9, 0x53, 0x30, 0xd1, 0x00, 0x82, 0xb1,
579
    0x04, 0x29, 0x78, 0x43, 0x60, 0x92, 0x39, 0xf0, 0x9a, 0xfe, 0xfb, 0x5c, 0x7c, 0x5e, 0x5e, 0x54,
580
    0xcc, 0x9e, 0xf7, 0x67, 0x1c, 0x15, 0x6b, 0xa4, 0x5d, 0x90, 0xdd, 0x5c, 0x82, 0xef, 0x12, 0xca,
581
    0x0f, 0x42, 0xc7, 0x54, 0x0b, 0xfb, 0x8a, 0xc5, 0xfe, 0x6f, 0xdc, 0x95, 0x09, 0xd9, 0x7c, 0x19,
582
    0xc6, 0x66, 0x8a, 0xff, 0x45, 0x2d, 0x59, 0xd1, 0x82, 0xdd, 0x56, 0xaa, 0x65, 0xf7, 0x37, 0x76,
583
    0x66, 0xc4, 0x4d, 0x70, 0x4b, 0xc8, 0x3f, 0x47, 0xc2, 0xe8, 0xd3, 0xb6, 0xe4, 0x4e, 0xa7, 0xc3,
584
    0x0a, 0x29, 0x69, 0x57, 0xba, 0x64, 0x23, 0xd4, 0x75, 0x74, 0x12, 0x85, 0xf8, 0x42, 0x1d, 0xc9,
585
    0xd0, 0x65, 0x5a, 0x8f, 0xed, 0x49, 0xbb, 0x3d, 0x2e, 0xe5, 0xee, 0x14, 0x95, 0xc1, 0x92, 0xf6,
586
    0xf7, 0xac, 0xe1, 0x07, 0x00, 0x6c, 0x9b, 0xd9, 0xa8, 0x41, 0x96, 0xdc, 0x8b, 0x07, 0x05, 0xb8,
587
    0x16, 0x54, 0x34, 0x29, 0xf9, 0x3e, 0x5a, 0x86, 0x82, 0x93, 0xa2, 0x5f, 0xf8, 0x4b, 0x3c, 0x52,
588
    0xf8, 0x5a, 0x62, 0x0e, 0x01, 0xe0, 0x26, 0xcd, 0x3b, 0x04, 0xa8, 0xe1, 0x00, 0xc9, 0x06, 0x16,
589
    0x51, 0x79, 0xaa, 0xb4, 0x56, 0x44, 0x08, 0x20, 0x17, 0xc1, 0x2f, 0x17, 0xc5, 0x8c, 0xbb, 0xad,
590
    0x8c, 0x28, 0x53, 0x29, 0x1c, 0xde, 0xf1, 0xa3, 0xa1, 0x04, 0x1d, 0x01, 0x7f, 0xe5, 0xa8, 0xb2,
591
    0xea, 0xb6, 0x4b, 0x7b, 0x3e, 0x3b, 0x50, 0x6b, 0x2a, 0x72, 0x5a, 0x5e, 0xd7, 0x9b, 0xf4, 0x16,
592
    0x1f, 0xec, 0x18, 0x2f, 0xc7, 0xa0, 0xb2, 0xb5, 0x25, 0xd0, 0x34, 0x64, 0x89, 0x00, 0x00, 0x85,
593
    0xab, 0x6e, 0x90, 0x31, 0x3f, 0x91, 0x59, 0x35, 0x5c, 0x88, 0x25, 0xe6, 0xc3, 0x79, 0xde, 0x27,
594
    0x8a, 0xab, 0x40, 0x4f, 0x17, 0xba, 0x04, 0xc7, 0x1a, 0xd9, 0x36, 0x92, 0x9c, 0x6a, 0x3c, 0xc8,
595
    0x28, 0x6b, 0x2d, 0x15, 0x86, 0x6c, 0xe4, 0x4d, 0x48, 0x70, 0xbb, 0x09, 0xeb, 0xa9, 0x69, 0xef,
596
    0xff, 0xee, 0xed, 0xbf, 0x82, 0x61, 0xb3, 0x3d, 0x63, 0x70, 0xfb, 0x4c, 0x8c, 0x1d, 0xca, 0xf4,
597
    0x6f, 0x10, 0x36, 0x3b, 0x00, 0x65, 0x0c, 0x40, 0x47, 0x4c, 0xbb, 0x9f, 0x7a, 0x53, 0x72, 0x91,
598
    0x6d, 0x4a, 0xe0, 0xf4, 0x89, 0xeb, 0x53, 0x99, 0x1a, 0x1a, 0xf3, 0xee, 0xc3, 0x93, 0xc7, 0x30,
599
    0x3f, 0x61, 0xb6, 0xab, 0x6f, 0x0a, 0xab, 0xa8, 0xbf, 0x33, 0x69, 0x82, 0xda, 0x12, 0xc8, 0xab,
600
    0x8f, 0x01, 0x84, 0x30, 0x51, 0xf3, 0x12, 0xc5, 0xe2, 0x1c, 0xb7, 0x63, 0xb8, 0x14, 0x33, 0x5f,
601
    0x7b, 0x9a, 0x68, 0x4f, 0x27, 0xf9, 0x40, 0xa0, 0xad, 0x23, 0xf5, 0xf2, 0xf4, 0x78, 0xc4, 0x93,
602
    0x2d, 0xfc, 0xe8, 0xea, 0x5c, 0x00, 0x2a, 0x13, 0x4f, 0x2b, 0x5b, 0x26, 0x39, 0x50, 0xaf, 0x52,
603
    0x33, 0xdd, 0xcd, 0xf3, 0x86, 0x53, 0x8f, 0xc6, 0xfe, 0x87, 0x2e, 0x73, 0xab, 0x34, 0xcb, 0xd4,
604
    0xc8, 0x76, 0x9d, 0x00, 0xd7, 0x98, 0x5b, 0x85, 0x95, 0x75, 0xcd, 0xb0, 0x07, 0xa6, 0xaf, 0xa8,
605
    0xf5, 0x58, 0x2e, 0xc8, 0xd0, 0x50, 0x7c, 0xc2, 0x1e, 0x71, 0x86, 0x86, 0xdb, 0x72, 0xcc, 0x68,
606
    0x78, 0x51, 0x6d, 0xe1, 0x13, 0xdc, 0x6c, 0x89, 0xa6, 0x4a, 0xf5, 0x43, 0xf3, 0x29, 0x31, 0xbe,
607
    0x16, 0xab, 0x8b, 0xdf, 0x52, 0x0a, 0xc1, 0x7d, 0x04, 0x57, 0x39, 0xbb, 0x9a, 0x8d, 0x64, 0x7f,
608
    0xf1, 0x64, 0x9e, 0xfc, 0x12, 0x8b, 0x84, 0x85, 0x5e, 0x93, 0x35, 0xa6, 0x18, 0xcb, 0xbb, 0x1f,
609
    0x37, 0xda, 0xc2, 0x19, 0xa3, 0x6e, 0x31, 0x8a, 0xa5, 0x50, 0xea, 0x70, 0xe1, 0x72, 0x20, 0x35,
610
    0x09, 0x47, 0xa3, 0xc8, 0xbc, 0x23, 0xdf, 0x9c, 0x26, 0x36, 0x1b, 0x5a, 0x1f, 0x5f, 0x33, 0x81,
611
    0xd6, 0xbd, 0x94, 0x84, 0x06, 0x81, 0x80, 0x1a, 0xbd, 0x01, 0x9f, 0x4c, 0x66, 0x79, 0xc1, 0x2f,
612
    0x84, 0x3a, 0xbb, 0x30, 0x68, 0xce, 0xd3, 0x94, 0xec, 0x92, 0xee, 0xd2, 0xe5, 0x28, 0x3f, 0xdd,
613
    0x3f, 0xf1, 0x8d, 0x71, 0x5a, 0x56, 0xe3, 0x88, 0x2c, 0x6e, 0x6f, 0xd7, 0x41, 0x41, 0xa4, 0xa6,
614
    0xcb, 0x38, 0xfd, 0x8e, 0x18, 0xde, 0x7c, 0xd2, 0x9d, 0xec, 0xae, 0xac, 0xce, 0x5b, 0x20, 0x6f,
615
    0x43, 0x06, 0x70, 0x1b, 0x1a, 0x10, 0xfd, 0x1c, 0x24, 0x8a, 0x99, 0xa2, 0x6e, 0xde, 0x2c, 0xfe,
616
    0xd2, 0x49, 0xe7, 0xa3, 0x4b, 0x76, 0x1a, 0xf1, 0xee, 0xee, 0xd3, 0xb5, 0x1c, 0xb1, 0xdc, 0x20,
617
    0xe5, 0x5c, 0x8d, 0x83, 0xa6, 0xf8, 0x12, 0x2e, 0x6c, 0x6a, 0x2e, 0x16, 0x23, 0xed, 0x3c, 0x96,
618
    0x52, 0x9c, 0x51, 0x0f, 0x2d, 0xbe, 0x1b, 0x3d, 0x6a, 0xd2, 0xf5, 0x43, 0xde, 0x7a, 0x5c, 0x07,
619
    0x85, 0x42, 0x89, 0x49, 0xa6, 0x08, 0x82, 0x13, 0xcd, 0xa1, 0xd5, 0x7d, 0x86, 0x51, 0x9b, 0x20,
620
    0x44, 0x59, 0x71, 0x24, 0x72, 0xcc, 0xf0, 0x69,
621
    
622
    // Authentication nodes
623
    0x51, 0x4f, 0x87, 0x42, 0xee, 0x41, 0x95, 0x4d, 0x7c, 0x77, 0x36, 0x33, 0x58, 0x8c, 0xaa, 0x8e,
624
    0x24, 0x53, 0xaf, 0x69, 0xdc, 0x0a, 0xd9, 0x62, 0x5b, 0x42, 0xf1, 0x46, 0xcd, 0x85, 0x59, 0x18,
625
    0x85, 0x48, 0xd3, 0x4c, 0xbe, 0xd6, 0xb3, 0x36, 0x3f, 0x1f, 0x2b, 0x30, 0x13, 0x87, 0x2b, 0xd5,
626
    0xcd, 0xb7, 0x6b, 0x19, 0x68, 0x16, 0x91, 0x25, 0xc2, 0x0e, 0xbe, 0xb6, 0xbb, 0x6d, 0xe1, 0x37,
627
    0x4d, 0x4c, 0x0a, 0x80, 0x02, 0x01, 0xdd, 0xfb, 0x0e, 0xb3, 0xaa, 0xf9, 0x83, 0x0d, 0x44, 0x72,
628
    0x64, 0x5b, 0xec, 0xbf, 0xe0, 0x98, 0xd7, 0x4f, 0x09, 0x85, 0xf9, 0x99, 0x88, 0x78, 0xa7, 0xad,
629
    0x6b, 0xce, 0xa3, 0xa0, 0x74, 0x72, 0xe1, 0x3a, 0x39, 0x29, 0x3f, 0x1b, 0xcd, 0xfe, 0x60, 0x54,
630
    0xf5, 0xdb, 0xa3, 0xd6, 0x21, 0xde, 0x8c, 0x6f, 0x33, 0x52, 0x0c, 0xfb, 0x61, 0x60, 0x88, 0xb3,
631
    0x17, 0x8a, 0xe5, 0x4a, 0xaa, 0x5b, 0x64, 0x01, 0x33, 0x57, 0x46, 0x91, 0x61, 0x95, 0x93, 0x08,
632
    0xe8, 0x0d, 0xba, 0xda, 0x0c, 0xeb, 0x96, 0x7b, 0x73, 0xa5, 0x79, 0xe4, 0x0b, 0x93, 0x51, 0x28,
633
    0xa3, 0x44, 0x76, 0x62, 0xe6, 0xbe, 0xca, 0x0e, 0x37, 0x7b, 0xf6, 0xfb, 0xbd, 0x6c, 0xd7, 0x8f,
634
    0xba, 0x75, 0xd5, 0x6b, 0xc1, 0xc2, 0x04, 0xfa, 0xf8, 0xe3, 0x07, 0x10, 0x6f, 0xb4, 0x97, 0xf1,
635
    0xd7, 0xa8, 0x83, 0xa9, 0x9f, 0x20, 0x9c, 0xfc, 0xa7, 0x45, 0x71, 0x36, 0xeb, 0x26, 0xc7, 0x1d,
636
    0x8a, 0x3c, 0x66, 0x78, 0x02, 0xc5, 0x76, 0xa1, 0xd5, 0xc2, 0x15, 0x86, 0x2e, 0x8a, 0x46, 0xde,
637
    0x45, 0xcf, 0xaf, 0xdd, 0xe3, 0xbe, 0xb6, 0x5e, 0x88, 0x1f, 0x9e, 0x63, 0xa6, 0xca, 0x89, 0x8b,
638
};
639
640
const BYTE rgbDsaKnownAnswerTestSignature[64] = {
641
    0x93, 0xa5, 0xe2, 0x73, 0xd0, 0x00, 0xd4, 0x9a, 0x12, 0x24, 0x2f, 0x0f, 0xcf, 0x03, 0xe2, 0x10,
642
    0x05, 0x47, 0xd8, 0x84, 0x09, 0x8c, 0xc4, 0xde, 0xed, 0x83, 0xac, 0x10, 0xa8, 0x46, 0x57, 0x31,
643
    0x64, 0x65, 0xe3, 0x18, 0xa3, 0xbe, 0x99, 0x1d, 0x88, 0x06, 0x19, 0x7f, 0x76, 0xd3, 0x0b, 0x3f,
644
    0xf4, 0xb0, 0x19, 0xbe, 0x3c, 0x26, 0xd1, 0xd6, 0x98, 0xa1, 0x1d, 0xf4, 0x0b, 0x67, 0xc6, 0xc5
645
};
646
647
const BYTE rgbEcDsaKnownAnswerTestK[32] = {
648
    0x0a, 0xdc, 0xe3, 0x27, 0xd4, 0x62, 0x95, 0x3b, 0x3a, 0x4e, 0xfd, 0xa5, 0x07, 0x32, 0x6f, 0x3b,
649
    0xda, 0xaa, 0x52, 0x4c, 0xad, 0x2d, 0xf6, 0x23, 0x8a, 0x93, 0x87, 0xdd, 0xd0, 0x25, 0x91, 0x00
650
};
651
652
const BYTE rgbEcDsaKnownAnswerTestSignature[64] = {
653
    0x95, 0xc5, 0xd8, 0xce, 0xe6, 0xcf, 0x79, 0xd3, 0x13, 0x03, 0xf3, 0x96, 0x86, 0x0c, 0x4b, 0x0c,
654
    0xe4, 0xdd, 0x61, 0x3d, 0x78, 0x24, 0x7a, 0x05, 0x56, 0x7e, 0x02, 0xaf, 0xdd, 0x57, 0x40, 0xd4,
655
    0x7b, 0xeb, 0xae, 0xf3, 0x8a, 0x12, 0x16, 0xf6, 0x2b, 0x15, 0x6e, 0x98, 0x74, 0x32, 0xbd, 0x6b,
656
    0x07, 0x09, 0xe2, 0x55, 0xeb, 0xfb, 0x0c, 0x18, 0xaf, 0xc3, 0xc2, 0x39, 0x78, 0x4e, 0x59, 0x40
657
};
658
659
const BYTE rgbMlKemKeyPrivateSeed[64] = { 0 };
660
const BYTE rgbMlKemSelfTestEncapsRandomness[32] = { 0 };
661
662
const BYTE rgbMlKemSelfTestAgreedSecret[32] =
663
{
664
    0x4A, 0xD5, 0x3A, 0x06, 0xB2, 0x9F, 0x12, 0x56,
665
    0x84, 0x21, 0xA5, 0x52, 0xC0, 0x81, 0x95, 0xB5,
666
    0x86, 0x73, 0xC8, 0x2F, 0x87, 0x0C, 0xC1, 0xCC,
667
    0xD6, 0x5A, 0x08, 0xE4, 0x32, 0x5F, 0xEB, 0x27, 
668
};
669
670
const BYTE rgbMlKemSelfTestImplicitRejectionSecret[32] =
671
{
672
    0x94, 0x96, 0x60, 0xA2, 0x4D, 0xA1, 0xE9, 0x8E,
673
    0x71, 0xB5, 0x72, 0x66, 0x07, 0x0A, 0x0C, 0x51,
674
    0xB3, 0x24, 0x29, 0xD1, 0x70, 0xA3, 0x16, 0x4E,
675
    0x4B, 0x41, 0xE0, 0xDE, 0x13, 0x49, 0xCD, 0x75,
676
};
677
678
const SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512 mlKemDecapsKey =
679
{
680
    {
681
        0x87, 0xCA, 0x19, 0x93, 0xB6, 0x4D, 0x89, 0x32,
682
        0xAE, 0x3B, 0x22, 0x52, 0x82, 0xA1, 0xB3, 0xC1,
683
        0x37, 0x65, 0xDC, 0xC1, 0x22, 0x4C, 0x43, 0x77,
684
        0x33, 0x0A, 0x04, 0xEC, 0xEC, 0x0B, 0x25, 0x05,
685
        0x40, 0x07, 0x53, 0x82, 0xBE, 0x37, 0x52, 0x53,
686
        0x12, 0x87, 0x7D, 0x77, 0x69, 0xFD, 0x59, 0x4F,
687
        0xBD, 0x16, 0x42, 0x82, 0x58, 0x9D, 0xEE, 0x5C,
688
        0x0F, 0x2C, 0x14, 0x7F, 0xC6, 0x2A, 0x95, 0x42,
689
        0x10, 0x3C, 0x08, 0xBC, 0xCC, 0xA0, 0x05, 0x82,
690
        0xE9, 0xC5, 0x26, 0x81, 0xFA, 0xB8, 0x79, 0x78,
691
        0x5B, 0x3E, 0x79, 0x49, 0x68, 0x44, 0xB3, 0x7B,
692
        0xF5, 0x26, 0x62, 0x7A, 0x8A, 0x3C, 0xD8, 0x82,
693
        0x1F, 0x16, 0x1D, 0x92, 0x99, 0xAC, 0xC4, 0xA9,
694
        0xB9, 0x30, 0x32, 0x6B, 0x6B, 0x67, 0x3D, 0x16,
695
        0x13, 0x1D, 0xF0, 0x98, 0x94, 0x42, 0x90, 0x68,
696
        0xFC, 0x65, 0xA3, 0xE5, 0x16, 0x22, 0x09, 0x64,
697
        0xC0, 0x7D, 0x54, 0x03, 0x47, 0x89, 0xBE, 0xAE,
698
        0x61, 0x4B, 0x13, 0xA1, 0xCD, 0xAD, 0xBC, 0x20,
699
        0x5E, 0x36, 0x36, 0x34, 0x41, 0x1D, 0x5B, 0x3A,
700
        0x26, 0x91, 0x80, 0x75, 0xE0, 0x63, 0x9D, 0xD6,
701
        0x35, 0xC9, 0x28, 0x81, 0xA4, 0x6E, 0xFB, 0x95,
702
        0x01, 0x11, 0x8F, 0xCC, 0x18, 0xB3, 0x9A, 0x91,
703
        0x66, 0xA6, 0x37, 0x6C, 0xEB, 0x71, 0x42, 0x29,
704
        0xEC, 0x71, 0xA4, 0x99, 0x6D, 0x92, 0x97, 0x9D,
705
        0x94, 0x64, 0x6E, 0xC3, 0xF0, 0x5D, 0xA5, 0x49,
706
        0x8F, 0x66, 0xA5, 0x0A, 0x9A, 0xB9, 0xCF, 0x85,
707
        0x20, 0xA7, 0x28, 0xE1, 0xC2, 0x10, 0x08, 0x72,
708
        0x58, 0x71, 0x56, 0x3E, 0x7B, 0x47, 0x46, 0x81,
709
        0x7D, 0x74, 0xFA, 0xB2, 0xB6, 0xF2, 0xA0, 0xE3,
710
        0x4A, 0x0A, 0x5E, 0x95, 0x2B, 0x32, 0xF1, 0x07,
711
        0x2C, 0x30, 0x5E, 0x81, 0x84, 0x58, 0xF3, 0x42,
712
        0x34, 0xDB, 0xAA, 0xC4, 0x06, 0xCB, 0x63, 0x72,
713
        0xFA, 0x01, 0x86, 0xE8, 0xCA, 0xD7, 0x73, 0x1D,
714
        0xAC, 0xD8, 0x64, 0x60, 0x66, 0xB1, 0x19, 0xB1,
715
        0x59, 0xAC, 0x78, 0x21, 0xAB, 0x9A, 0x62, 0xBF,
716
        0xE8, 0x1B, 0xD1, 0xDC, 0x75, 0x08, 0xA4, 0x9E,
717
        0x22, 0x54, 0xA8, 0x36, 0x68, 0x4B, 0xB7, 0x22,
718
        0xA3, 0xBC, 0x04, 0x09, 0xE2, 0xE9, 0x4D, 0xCE,
719
        0xF5, 0x46, 0x69, 0x1A, 0x47, 0x80, 0xB2, 0xA5,
720
        0xA0, 0x24, 0xCF, 0x0D, 0x60, 0x95, 0x99, 0x33,
721
        0xAD, 0x6A, 0x58, 0x7A, 0x56, 0x53, 0x86, 0x44,
722
        0xA8, 0x3C, 0x1F, 0x92, 0x55, 0x3F, 0x3A, 0x3B,
723
        0x5F, 0x81, 0xAA, 0x0C, 0xC4, 0x4B, 0x1A, 0xE3,
724
        0x61, 0x8A, 0xD0, 0x5D, 0x29, 0x87, 0xB6, 0x7D,
725
        0x1C, 0x85, 0xA5, 0x14, 0xB0, 0xDE, 0x1C, 0x8D,
726
        0x5C, 0xC1, 0x5C, 0x04, 0xFC, 0x77, 0xAD, 0x03,
727
        0x55, 0x96, 0xE0, 0xA7, 0x43, 0xB5, 0x95, 0x9A,
728
        0xD5, 0x22, 0xEF, 0x13, 0x5F, 0x14, 0x9C, 0x0E,
729
        0x7E, 0x56, 0x89, 0x37, 0x33, 0xC9, 0x00, 0x54,
730
        0x7E, 0xEA, 0x32, 0x4F, 0x02, 0x85, 0xCD, 0xE5,
731
        0x9C, 0x25, 0x00, 0x3B, 0xAD, 0xC2, 0x72, 0x3A,
732
        0x38, 0x66, 0x95, 0xF9, 0xF4, 0x22, 0x1F, 0x50,
733
        0x19, 0x20, 0x6A, 0x31, 0x03, 0xF8, 0x97, 0x91,
734
        0xF0, 0x42, 0xBB, 0xC0, 0x86, 0xDE, 0x56, 0x93,
735
        0xF2, 0x78, 0x9B, 0xC9, 0x98, 0x16, 0x47, 0x83,
736
        0x67, 0x55, 0x92, 0x4E, 0x5A, 0xFA, 0x5D, 0x88,
737
        0xF9, 0xC8, 0xEF, 0xA8, 0x21, 0x34, 0x58, 0x5F,
738
        0xCA, 0xBB, 0x52, 0x98, 0xBC, 0x5C, 0xF5, 0xA7,
739
        0xAE, 0xC5, 0xFC, 0x78, 0xF9, 0xA5, 0x30, 0x16,
740
        0x68, 0x9D, 0x62, 0x17, 0x41, 0x7A, 0x95, 0xCF,
741
        0x27, 0xB6, 0x6D, 0xAE, 0x58, 0xA7, 0x28, 0x8C,
742
        0x8F, 0xC3, 0x28, 0xAC, 0x06, 0x79, 0x9D, 0x94,
743
        0xC4, 0x9D, 0xED, 0xB2, 0x61, 0xF4, 0x44, 0x86,
744
        0xEC, 0x12, 0xC3, 0x13, 0x97, 0xA7, 0x8B, 0x9A,
745
        0x63, 0x2E, 0xF1, 0x66, 0x08, 0x84, 0x32, 0xF6,
746
        0x15, 0x3B, 0x91, 0xCA, 0xCE, 0xF7, 0x40, 0x53,
747
        0xA9, 0x28, 0x11, 0x63, 0xA0, 0x23, 0x2E, 0xC4,
748
        0x44, 0x28, 0x05, 0x01, 0x02, 0x74, 0xCF, 0x9C,
749
        0x3A, 0x1A, 0xBC, 0x93, 0x8A, 0x2C, 0xE8, 0x9A,
750
        0xCA, 0xE1, 0x74, 0x62, 0x03, 0x88, 0xC7, 0x12,
751
        0x20, 0x96, 0x3C, 0x4D, 0x10, 0x79, 0x28, 0x6F,
752
        0x7B, 0xA8, 0x1B, 0xFB, 0x5E, 0x57, 0x17, 0xCC,
753
        0x6D, 0xD0, 0x72, 0x8A, 0xB2, 0x70, 0xA3, 0x0A,
754
        0x88, 0x03, 0x5B, 0x88, 0x5D, 0x35, 0x12, 0x8E,
755
        0xAC, 0xC1, 0x81, 0xCA, 0xB7, 0x2B, 0xB1, 0x96,
756
        0xF6, 0x35, 0xCE, 0xBB, 0x75, 0xAD, 0x0D, 0xD0,
757
        0xBA, 0x4E, 0x43, 0x5B, 0x31, 0x08, 0x93, 0x32,
758
        0x72, 0x63, 0x58, 0xC5, 0xA2, 0x70, 0x95, 0x12,
759
        0x8F, 0xF2, 0xC1, 0x61, 0xEB, 0x22, 0xE9, 0x4A,
760
        0x65, 0xA5, 0x48, 0x5D, 0x4C, 0x11, 0x78, 0x69,
761
        0x0B, 0x1F, 0x39, 0x2B, 0x7F, 0x63, 0x77, 0xAD,
762
        0x96, 0x6B, 0x67, 0x80, 0x90, 0x70, 0x57, 0x2B,
763
        0xBC, 0x68, 0x9C, 0xAA, 0xB2, 0xD8, 0x3C, 0xBF,
764
        0xD6, 0x4F, 0xC4, 0x28, 0x65, 0x74, 0x54, 0x84,
765
        0x43, 0x9A, 0x1C, 0x96, 0x50, 0x02, 0x97, 0xC6,
766
        0xCF, 0xB0, 0xB1, 0x1D, 0x98, 0x9A, 0x32, 0x94,
767
        0x73, 0x88, 0x94, 0x78, 0x2D, 0x5F, 0x25, 0x05,
768
        0x5F, 0xA6, 0x96, 0x7A, 0xC8, 0x3A, 0xDF, 0xA8,
769
        0x19, 0xB2, 0x53, 0x53, 0x05, 0xF9, 0x31, 0xDC,
770
        0x58, 0x6C, 0xD1, 0x3A, 0x9B, 0x47, 0x3B, 0x7D,
771
        0x87, 0xE5, 0xB4, 0xB2, 0xD9, 0x96, 0x2A, 0x59,
772
        0x90, 0x3C, 0xCC, 0xAD, 0xDC, 0xA2, 0x57, 0x87,
773
        0x71, 0xC6, 0x7E, 0x5A, 0x49, 0x98, 0xC8, 0x94,
774
        0x29, 0x30, 0x7B, 0x0E, 0x01, 0x97, 0x53, 0x18,
775
        0x32, 0x50, 0x73, 0x9E, 0x14, 0x47, 0x97, 0xBD,
776
        0xCC, 0x22, 0xAB, 0x02, 0x95, 0xD7, 0xC5, 0x32,
777
    },
778
    {
779
        0xDF, 0x17, 0x84, 0x86, 0x77, 0x41, 0x6E, 0x95,
780
        0x4D, 0x66, 0xF9, 0xB0, 0x9E, 0x12, 0x81, 0x53,
781
        0x2A, 0x2E, 0x8F, 0x0C, 0x6A, 0xBE, 0x00, 0x37,
782
        0xE7, 0xE8, 0x11, 0x90, 0x97, 0xC9, 0xEC, 0x84,
783
        0x5A, 0xA0, 0x69, 0x85, 0xC0, 0x88, 0x55, 0x2C,
784
        0x41, 0xB6, 0x15, 0x17, 0x36, 0x42, 0xC1, 0x02,
785
        0x51, 0xC0, 0x6E, 0x91, 0xA2, 0x5C, 0x24, 0x3C,
786
        0x02, 0x63, 0xB6, 0x75, 0xC7, 0x20, 0x7D, 0x58,
787
        0x70, 0x1D, 0x13, 0xA5, 0x2E, 0xAB, 0x92, 0x56,
788
        0x5E, 0xF1, 0xA1, 0xDE, 0xFB, 0xAE, 0xFE, 0x4C,
789
        0x0B, 0x03, 0xF5, 0x04, 0x44, 0xA3, 0xBE, 0x20,
790
        0xB1, 0x71, 0x31, 0x0B, 0xA3, 0xF2, 0x08, 0x52,
791
        0xF3, 0xA2, 0xA1, 0x8E, 0x72, 0x29, 0x40, 0x70,
792
        0x15, 0x64, 0x60, 0x52, 0xD2, 0xE7, 0x3A, 0xBE,
793
        0xE3, 0x18, 0xD7, 0x55, 0x89, 0x9C, 0x78, 0x4A,
794
        0x6F, 0xB5, 0xAA, 0xB1, 0x7C, 0x90, 0x2C, 0xB6,
795
        0x8A, 0xFA, 0x36, 0x57, 0xB9, 0x01, 0x2E, 0x1B,
796
        0xB8, 0xB6, 0xAA, 0xC2, 0x68, 0x9A, 0xA4, 0x8C,
797
        0x2D, 0x42, 0x62, 0xBB, 0x29, 0x63, 0xB0, 0x6A,
798
        0x24, 0x22, 0x82, 0x54, 0x1C, 0xF6, 0x14, 0x19,
799
        0xD9, 0x0E, 0x2B, 0xD3, 0x66, 0xBE, 0xE7, 0xA4,
800
        0x36, 0x9B, 0x72, 0x41, 0xA6, 0x6B, 0xF2, 0x64,
801
        0x5D, 0x8E, 0x90, 0x4C, 0x3F, 0x7B, 0x30, 0x0C,
802
        0x04, 0x1D, 0x56, 0x87, 0x39, 0x3D, 0x2C, 0xA9,
803
        0x29, 0x75, 0xCB, 0xFD, 0xC0, 0x18, 0xDD, 0xC6,
804
        0x0A, 0xF5, 0x62, 0x00, 0x9E, 0xB0, 0x88, 0x8E,
805
        0x5A, 0x05, 0x76, 0x24, 0x6A, 0xCE, 0x74, 0x5B,
806
        0xB1, 0x63, 0x40, 0x8B, 0x5A, 0x9A, 0xE3, 0xC1,
807
        0x94, 0xA8, 0x5C, 0x21, 0x90, 0x7B, 0x37, 0xB1,
808
        0x62, 0x8E, 0xCD, 0x9A, 0x15, 0xEC, 0x20, 0x24,
809
        0x87, 0x30, 0x27, 0x34, 0x44, 0xB0, 0xA2, 0xF4,
810
        0x54, 0xF9, 0xB4, 0x73, 0x0F, 0x33, 0x91, 0x50,
811
        0x47, 0x6E, 0xE0, 0x70, 0x98, 0xF6, 0xBC, 0x1B,
812
        0x97, 0xCC, 0x1B, 0xD3, 0xB8, 0xC1, 0xA2, 0xEB,
813
        0x0E, 0x50, 0xA7, 0x82, 0xF2, 0x11, 0x5D, 0xF6,
814
        0x17, 0x49, 0x6F, 0x6C, 0x6F, 0x8C, 0x09, 0xB0,
815
        0x5F, 0x88, 0x8D, 0x9E, 0x93, 0x3D, 0x28, 0x77,
816
        0x46, 0xC6, 0x31, 0xB3, 0x10, 0x87, 0x26, 0xB0,
817
        0xC4, 0xA7, 0xC8, 0x8B, 0x09, 0xC8, 0x60, 0xAC,
818
        0xD7, 0x52, 0x35, 0x70, 0xC8, 0x02, 0xBD, 0x38,
819
        0x72, 0x43, 0x16, 0x2D, 0x12, 0x8C, 0xA2, 0x29,
820
        0x4C, 0x83, 0x43, 0x18, 0xCC, 0x21, 0xFB, 0x14,
821
        0xD2, 0xAB, 0x37, 0x3F, 0x22, 0x4E, 0x3F, 0xD4,
822
        0x98, 0x43, 0x85, 0x95, 0x09, 0xF4, 0xCA, 0x1A,
823
        0x1A, 0x56, 0x6C, 0x05, 0x67, 0x88, 0xA3, 0xAA,
824
        0x48, 0x4A, 0xAA, 0xBD, 0xF1, 0xA0, 0x8F, 0x1B,
825
        0x44, 0xC7, 0x56, 0xAB, 0x2A, 0x0C, 0x8B, 0xC5,
826
        0x85, 0x1E, 0xE2, 0xEB, 0x23, 0x03, 0x4C, 0x2E,
827
        0xAA, 0x5A, 0xC1, 0x5F, 0x89, 0x75, 0x1B, 0xD5,
828
        0xCA, 0xE1, 0xD5, 0x90, 0x89, 0xD5, 0x00, 0x2B,
829
        0xB1, 0xB3, 0xBF, 0xCA, 0x4A, 0xDE, 0x09, 0x82,
830
        0xAD, 0x67, 0x83, 0xE9, 0xD3, 0x7F, 0xB3, 0xE3,
831
        0x20, 0xAC, 0x98, 0x55, 0xDF, 0x66, 0x6B, 0xFD,
832
        0x7C, 0x6B, 0x87, 0xA9, 0xA4, 0x6E, 0x25, 0x97,
833
        0x12, 0x56, 0x11, 0x61, 0x50, 0x7E, 0x17, 0x35,
834
        0x98, 0xF9, 0x88, 0xAC, 0xB6, 0xF9, 0xAB, 0x3A,
835
        0x10, 0x92, 0x63, 0x24, 0x46, 0x88, 0xC7, 0x08,
836
        0x78, 0x75, 0x8F, 0xF4, 0xD4, 0x31, 0x3B, 0x76,
837
        0x64, 0xF0, 0xF5, 0x10, 0xE9, 0x13, 0xCA, 0x01,
838
        0xC5, 0x2B, 0x3A, 0x1B, 0x46, 0x53, 0x51, 0x44,
839
        0xE2, 0xDB, 0x0C, 0xAC, 0xE8, 0xA6, 0x46, 0x66,
840
        0x00, 0xCF, 0x2A, 0x87, 0x83, 0x50, 0x07, 0xE1,
841
        0x6A, 0xA5, 0x07, 0x80, 0x1D, 0x86, 0xB7, 0x38,
842
        0x5E, 0x66, 0x9B, 0xFA, 0xF6, 0xBA, 0x1D, 0xF5,
843
        0x68, 0x31, 0x63, 0xC2, 0xD5, 0x70, 0x53, 0x2F,
844
        0xD7, 0x43, 0x90, 0x54, 0x64, 0x0F, 0x24, 0x4C,
845
        0x52, 0x87, 0x13, 0x59, 0xD2, 0x84, 0x2F, 0xC3,
846
        0x37, 0xA0, 0x60, 0x03, 0x3A, 0xF0, 0x5E, 0xAA,
847
        0x00, 0x1C, 0x34, 0xFC, 0x7B, 0xD8, 0xF9, 0x10,
848
        0x29, 0xE4, 0x6C, 0x29, 0x43, 0x36, 0x27, 0x64,
849
        0x5D, 0x67, 0x86, 0x64, 0x21, 0xD6, 0x61, 0xAF,
850
        0x25, 0x74, 0x80, 0x53, 0x2B, 0x88, 0x78, 0x50,
851
        0xDC, 0x49, 0x9F, 0xFE, 0xD5, 0xB1, 0x40, 0x98,
852
        0xA0, 0x33, 0x72, 0x5E, 0x82, 0x0A, 0x5B, 0xE1,
853
        0x40, 0x0A, 0x0C, 0xB7, 0x03, 0x74, 0x1C, 0xA7,
854
        0x4B, 0x47, 0x86, 0x73, 0xAA, 0xCF, 0x85, 0x16,
855
        0x6E, 0xE8, 0xA1, 0x84, 0xDB, 0x2C, 0x58, 0x54,
856
        0x9C, 0x22, 0x40, 0xB8, 0x30, 0x8C, 0x27, 0xBE,
857
        0xBA, 0x40, 0xC3, 0xB9, 0xD7, 0x29, 0xED, 0xB1,
858
        0x8C, 0xC2, 0x06, 0x8E, 0xCD, 0xB2, 0x7D, 0xA2,
859
        0x2B, 0x2C, 0xD3, 0xE7, 0xA0, 0xBA, 0xA5, 0x30,
860
        0xC5, 0x19, 0x3C, 0xD3, 0xC8, 0x6B, 0xF8, 0x6A,
861
        0x44, 0xF0, 0x79, 0x9E, 0x51, 0x55, 0xB0, 0x9B,
862
        0xE2, 0x50, 0x98, 0x85, 0x23, 0xB3, 0xA7, 0x31,
863
        0xDD, 0x89, 0x1B, 0xC2, 0x00, 0x60, 0x11, 0xA0,
864
        0x65, 0xC0, 0xAB, 0x57, 0xF1, 0xA6, 0xC1, 0x78,
865
        0x89, 0x55, 0xE0, 0x13, 0x5F, 0xA5, 0xCA, 0x8F,
866
        0x3E, 0x52, 0xC7, 0x5D, 0x37, 0x16, 0x97, 0x3A,
867
        0x2F, 0xB2, 0x2C, 0x0E, 0xB1, 0x7C, 0x1B, 0x32,
868
        0x85, 0x29, 0xD9, 0xFA, 0x76, 0x56, 0xD7, 0x4D,
869
        0xEA, 0x74, 0x0D, 0x9F, 0x07, 0x97, 0x77, 0xC3,
870
        0x6C, 0x17, 0xA1, 0x9C, 0x19, 0x58, 0x9E, 0x84,
871
        0xD2, 0xB8, 0xE4, 0xD1, 0xBC, 0x31, 0x07, 0xCB,
872
        0xD2, 0x78, 0x14, 0x22, 0x48, 0x35, 0x48, 0x44,
873
        0x6C, 0x89, 0x93, 0x14, 0x77, 0x44, 0xAA, 0x9E,
874
        0xC1, 0xC5, 0x93, 0xEC, 0x2D, 0x5B, 0xAA, 0xC8,
875
        0x6A, 0x0A, 0xF6, 0x4A, 0x85, 0xE9, 0x09, 0xDF,
876
        0x8E, 0x28, 0x16, 0x60, 0x5D, 0x20, 0xB4, 0xE3,
877
        0x82, 0xB3, 0x0B, 0xBB, 0x61, 0xBF, 0x3A, 0x5F,
878
        0x82, 0x1A, 0x0B, 0x5D, 0xBA, 0x9A, 0xD3, 0xE7,
879
    },
880
    {
881
        0xE5, 0xBD, 0x1B, 0x37, 0xA7, 0x5E, 0x0F, 0x09,
882
        0x29, 0x74, 0xE8, 0x46, 0xE8, 0xC3, 0x7C, 0x45,
883
        0x48, 0x7D, 0x60, 0x73, 0x9F, 0x99, 0x35, 0x17,
884
        0x19, 0xA5, 0x39, 0x47, 0x23, 0x26, 0x2B, 0x3B,
885
    },
886
    {
887
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
888
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
889
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
890
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
891
    },
892
};
893
894
const BYTE rgbMlKemSelfTestCiphertext[768] =
895
{
896
    0x6B, 0xC5, 0x04, 0x00, 0x27, 0x7A, 0xBB, 0x7E,
897
    0x6B, 0xF9, 0xFB, 0x56, 0x82, 0x01, 0x75, 0xEB,
898
    0xB7, 0xB9, 0xF4, 0xF2, 0x82, 0x2C, 0x6D, 0x0A,
899
    0xE0, 0x80, 0xA3, 0x49, 0x92, 0x0F, 0x6D, 0x00,
900
    0x8E, 0xBA, 0x35, 0xB5, 0x42, 0xB9, 0xD7, 0xED,
901
    0x89, 0xCB, 0xFD, 0x38, 0xD7, 0x9F, 0x55, 0x3B,
902
    0xF0, 0x8E, 0x63, 0x80, 0x95, 0xCF, 0x0D, 0x4F,
903
    0x50, 0x40, 0xAC, 0x1D, 0x1B, 0xDC, 0x24, 0x84,
904
    0x3B, 0x18, 0xC2, 0x77, 0x9F, 0x24, 0x11, 0x81,
905
    0xA6, 0xCC, 0xD8, 0xF4, 0xE8, 0x00, 0xDC, 0x26,
906
    0x61, 0x36, 0xD1, 0xB6, 0x5D, 0x9C, 0x12, 0x6D,
907
    0xF5, 0xE7, 0x93, 0xC8, 0x6D, 0xAC, 0xAF, 0x3C,
908
    0x78, 0x3F, 0xA9, 0xC1, 0x00, 0x6F, 0x08, 0x29,
909
    0x4F, 0x1A, 0x4D, 0x3B, 0xB4, 0x4B, 0x6F, 0xC2,
910
    0x09, 0x00, 0x4B, 0xC1, 0xF0, 0xE6, 0x7F, 0x48,
911
    0x48, 0x09, 0x40, 0xF2, 0x0A, 0x86, 0x18, 0xBF,
912
    0xC6, 0x4E, 0xB2, 0xB0, 0xAB, 0xFE, 0x1B, 0xEA,
913
    0x91, 0x58, 0x8C, 0x18, 0x6E, 0x30, 0xE8, 0x33,
914
    0x87, 0x29, 0x26, 0xEF, 0xE9, 0x0C, 0x3B, 0x8B,
915
    0x0C, 0x99, 0x40, 0x53, 0xB9, 0x30, 0xBA, 0x17,
916
    0xB3, 0x8A, 0x74, 0x59, 0x5D, 0x4C, 0x76, 0x1A,
917
    0xD3, 0x3F, 0xE4, 0xF7, 0xA3, 0x0F, 0x3A, 0x2C,
918
    0x85, 0xC1, 0x46, 0xF0, 0xA4, 0x91, 0xA3, 0x12,
919
    0xB2, 0xA4, 0x4B, 0x88, 0x8D, 0x1C, 0x85, 0xB1,
920
    0xE4, 0x41, 0x1F, 0x9D, 0xB7, 0x91, 0x2F, 0x60,
921
    0x98, 0xFD, 0xFC, 0x29, 0x89, 0x11, 0x7D, 0x16,
922
    0x09, 0x9E, 0x76, 0xF1, 0x9C, 0xB3, 0x50, 0xB9,
923
    0xD0, 0x02, 0xD2, 0xA2, 0x0D, 0xDD, 0xEE, 0x90,
924
    0x47, 0x0D, 0xB9, 0x4A, 0x53, 0x11, 0xA2, 0x4F,
925
    0x13, 0x5A, 0x40, 0xDC, 0xC6, 0xFE, 0xD7, 0x28,
926
    0x36, 0xEC, 0xA0, 0x5E, 0xAB, 0xC1, 0x7D, 0x19,
927
    0x33, 0x59, 0xE2, 0xE4, 0xEA, 0x26, 0x67, 0x2F,
928
    0xE5, 0x05, 0xD8, 0x34, 0x6E, 0x3C, 0xAB, 0x63,
929
    0x8B, 0x24, 0x16, 0xC7, 0x1B, 0x2A, 0x9B, 0xE5,
930
    0x04, 0x78, 0x98, 0x6C, 0x6C, 0x1E, 0x94, 0xE3,
931
    0x7F, 0x86, 0x52, 0xC0, 0x17, 0x56, 0x8D, 0x01,
932
    0x7A, 0x28, 0x81, 0x07, 0x3D, 0x61, 0x2A, 0xCD,
933
    0xC8, 0xB6, 0x7E, 0x5B, 0xAD, 0xA8, 0x90, 0xBD,
934
    0x0C, 0x95, 0xB5, 0x09, 0x9D, 0x7C, 0x34, 0x8C,
935
    0x74, 0x8F, 0x8E, 0x7C, 0x28, 0x6C, 0xE2, 0x2F,
936
    0xA2, 0x87, 0x7F, 0x80, 0x43, 0x46, 0x1C, 0xB2,
937
    0x1C, 0x5A, 0xD2, 0xEC, 0xAD, 0xF9, 0x55, 0xE3,
938
    0x6B, 0x19, 0x54, 0x08, 0x84, 0x1A, 0x34, 0x82,
939
    0xF4, 0x9C, 0xEC, 0x3D, 0x65, 0xF9, 0x78, 0x7F,
940
    0x37, 0x47, 0xCF, 0xF1, 0xCB, 0x15, 0xF2, 0xAC,
941
    0xFF, 0x3B, 0x8F, 0xA0, 0x8C, 0x25, 0x88, 0x5C,
942
    0x38, 0x23, 0x9A, 0x27, 0x16, 0x6A, 0xDF, 0xA3,
943
    0x98, 0x1D, 0x16, 0x33, 0x4B, 0x4F, 0xFB, 0x83,
944
    0x85, 0x66, 0x76, 0x03, 0xB9, 0xB5, 0x46, 0x21,
945
    0xB9, 0xF3, 0xF4, 0xF1, 0x3A, 0x85, 0xEC, 0x9E,
946
    0x56, 0x6A, 0xB6, 0x1D, 0xCC, 0xCA, 0xFB, 0x11,
947
    0xAE, 0x47, 0x7D, 0x93, 0xA5, 0xBC, 0x90, 0x32,
948
    0xDE, 0xA1, 0xA5, 0x1E, 0x5D, 0x52, 0x17, 0x98,
949
    0x0A, 0x8B, 0xC4, 0x1A, 0x28, 0x7C, 0x9C, 0x22,
950
    0x3E, 0x33, 0x06, 0x40, 0x77, 0xE5, 0x22, 0x49,
951
    0x86, 0xF9, 0x3C, 0xC5, 0xC1, 0xB9, 0x77, 0x25,
952
    0x53, 0x66, 0x5A, 0x18, 0x83, 0x5A, 0x2B, 0xBF,
953
    0xAC, 0x04, 0x70, 0x26, 0xE8, 0x2B, 0xB6, 0x0C,
954
    0xE8, 0x00, 0x95, 0xBB, 0x08, 0x75, 0xF3, 0x37,
955
    0x31, 0x2E, 0xEF, 0x28, 0x8D, 0x58, 0x92, 0xD4,
956
    0xFD, 0xD7, 0x02, 0xCE, 0x8F, 0x11, 0x83, 0x17,
957
    0x53, 0x19, 0x44, 0xD7, 0xD5, 0x6D, 0x44, 0x04,
958
    0x3A, 0x0A, 0x01, 0x46, 0xF2, 0xD2, 0xA5, 0x05,
959
    0x88, 0xA0, 0xD9, 0x0D, 0xE1, 0xA0, 0x7A, 0xF2,
960
    0x20, 0x2E, 0x5B, 0x05, 0xE4, 0x2B, 0x11, 0x3D,
961
    0xB3, 0x82, 0x64, 0x3B, 0xEF, 0xC1, 0x53, 0xBA,
962
    0x9F, 0x7F, 0x29, 0x59, 0x87, 0x39, 0x52, 0xDA,
963
    0x7B, 0xFF, 0xD7, 0xDD, 0xA1, 0xA9, 0x9F, 0xA1,
964
    0xE2, 0x38, 0x74, 0xB0, 0x94, 0xDC, 0xC5, 0xB5,
965
    0xF3, 0x61, 0xDF, 0x92, 0x62, 0xE1, 0x96, 0x87,
966
    0x6D, 0xB4, 0x2C, 0xC7, 0xF0, 0x38, 0xE9, 0x5E,
967
    0xFC, 0xFF, 0x4C, 0x01, 0xC7, 0x59, 0x39, 0xE5,
968
    0x9B, 0xFB, 0xF5, 0x2B, 0x1B, 0xE5, 0xF8, 0x25,
969
    0x06, 0x07, 0xC7, 0x82, 0x46, 0x2A, 0x99, 0xD0,
970
    0xA9, 0x67, 0x81, 0xD7, 0xA2, 0x29, 0x96, 0x1A,
971
    0x94, 0x8E, 0x7D, 0x51, 0x76, 0x99, 0xAD, 0x61,
972
    0xEC, 0xB6, 0xC0, 0x58, 0x8E, 0xD0, 0x9D, 0xFF,
973
    0x58, 0x57, 0x1B, 0x2E, 0xAD, 0x65, 0xD8, 0xDE,
974
    0xA5, 0xFA, 0x81, 0x4B, 0x2C, 0x06, 0x1B, 0xFE,
975
    0x49, 0x20, 0x4D, 0x5E, 0x1B, 0xB7, 0x40, 0x96,
976
    0xAA, 0x81, 0x25, 0xEB, 0x84, 0xDB, 0xEA, 0x5D,
977
    0x0B, 0xAF, 0xF9, 0x8E, 0x41, 0xA6, 0xDD, 0x91,
978
    0x3A, 0x68, 0x54, 0xB7, 0x2E, 0xB1, 0x74, 0xFF,
979
    0xF5, 0x0D, 0xA7, 0x3C, 0xC7, 0x30, 0x5B, 0x55,
980
    0xC6, 0x2D, 0xC8, 0x4C, 0xB4, 0xAD, 0xCC, 0xD0,
981
    0xA1, 0x1B, 0x41, 0xC7, 0x23, 0xE8, 0xDA, 0xFF,
982
    0xB7, 0x3A, 0x12, 0xC2, 0xDC, 0x39, 0x7C, 0xF4,
983
    0xB9, 0x50, 0x00, 0x53, 0x88, 0xC8, 0x77, 0x49,
984
    0xFD, 0x70, 0x3D, 0xE0, 0xAA, 0x0C, 0x28, 0xD4,
985
    0xA2, 0xEC, 0x82, 0x5D, 0xDA, 0xE8, 0x05, 0x2F,
986
    0xE8, 0x9C, 0x21, 0x39, 0x3A, 0x22, 0x2F, 0x0A,
987
    0x5C, 0x6D, 0x01, 0xDF, 0xC8, 0x9F, 0x46, 0xF7,
988
    0x15, 0x02, 0xAD, 0x19, 0x35, 0x63, 0x55, 0x58,
989
    0xF5, 0x7A, 0x46, 0xC9, 0x7A, 0xE6, 0x33, 0x84,
990
    0x48, 0x2B, 0xF0, 0xE7, 0xC5, 0x72, 0x98, 0x43,
991
    0x6A, 0x99, 0xBA, 0x00, 0x57, 0x4F, 0xAA, 0x0A,
992
};
993
994
VOID
995
SYMCRYPT_CALL
996
SymCryptDhSecretAgreementSelftest(void)
997
0
{
998
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
999
1000
0
    PSYMCRYPT_DLGROUP pDlgroup = NULL;
1001
0
    PSYMCRYPT_DLKEY pkKey1 = NULL;
1002
0
    PSYMCRYPT_DLKEY pkKey2 = NULL;
1003
1004
0
    BYTE rgbSecret[ sizeof(rgbDhKnownSecret) ];
1005
1006
0
    pDlgroup = SymCryptDlgroupAllocate(
1007
0
        SymCryptDlgroupDhSafePrimeParamsModp2048->nBitsOfP,
1008
0
        0 );
1009
0
    SYMCRYPT_FIPS_ASSERT( pDlgroup != NULL );
1010
1011
0
    scError = SymCryptDlgroupSetValueSafePrime(
1012
0
        SYMCRYPT_DLGROUP_DH_SAFEPRIMETYPE_IKE_3526,
1013
0
        pDlgroup );
1014
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1015
1016
0
    pkKey1 = SymCryptDlkeyAllocate( pDlgroup );
1017
0
    SYMCRYPT_FIPS_ASSERT( pkKey1 != NULL );
1018
1019
0
    scError = SymCryptDlkeySetValue(
1020
0
        dhKey1.private,
1021
0
        sizeof(dhKey1.private),
1022
0
        dhKey1.public,
1023
0
        sizeof(dhKey1.public),
1024
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1025
0
        SYMCRYPT_FLAG_DLKEY_DH | SYMCRYPT_FLAG_KEY_NO_FIPS,
1026
0
        pkKey1 );
1027
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1028
1029
0
    pkKey2 = SymCryptDlkeyAllocate( pDlgroup );
1030
0
    SYMCRYPT_FIPS_ASSERT( pkKey2 != NULL );
1031
1032
0
    scError = SymCryptDlkeySetValue(
1033
0
        dhKey2.private,
1034
0
        sizeof(dhKey2.private),
1035
0
        dhKey2.public,
1036
0
        sizeof(dhKey2.public),
1037
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1038
0
        SYMCRYPT_FLAG_DLKEY_DH | SYMCRYPT_FLAG_KEY_NO_FIPS,
1039
0
        pkKey2 );
1040
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1041
1042
    // Calculate secret using private key 1 and public key 2
1043
0
    scError = SymCryptDhSecretAgreement(
1044
0
        pkKey1,
1045
0
        pkKey2,
1046
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1047
0
        0, // flags
1048
0
        rgbSecret,
1049
0
        sizeof(rgbSecret) );
1050
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1051
1052
0
    SymCryptInjectError( rgbSecret, sizeof(rgbSecret) );
1053
1054
0
    SYMCRYPT_FIPS_ASSERT( memcmp( rgbSecret, rgbDhKnownSecret, sizeof(rgbDhKnownSecret) ) == 0 );
1055
1056
0
    SymCryptDlkeyFree( pkKey2 );
1057
0
    SymCryptDlkeyFree( pkKey1 );
1058
0
    SymCryptDlgroupFree( pDlgroup );
1059
0
}
1060
1061
VOID
1062
SYMCRYPT_CALL
1063
SymCryptEcDhSecretAgreementSelftest(void)
1064
0
{
1065
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1066
1067
0
    PSYMCRYPT_ECURVE pCurve = NULL;
1068
0
    PSYMCRYPT_ECKEY pkKey1 = NULL;
1069
0
    PSYMCRYPT_ECKEY pkKey2 = NULL;
1070
1071
0
    BYTE rgbSecret[ sizeof(rgbEcdhKnownSecret) ];
1072
1073
0
    pCurve = SymCryptEcurveAllocate( SymCryptEcurveParamsNistP256, 0 );
1074
0
    SYMCRYPT_FIPS_ASSERT( pCurve != NULL );
1075
1076
0
    pkKey1 = SymCryptEckeyAllocate( pCurve );
1077
0
    SYMCRYPT_FIPS_ASSERT( pkKey1 != NULL );
1078
1079
0
    scError = SymCryptEckeySetValue(
1080
0
        eckey1.d,
1081
0
        sizeof(eckey1.d),
1082
0
        eckey1.Qxy,
1083
0
        sizeof(eckey1.Qxy),
1084
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1085
0
        SYMCRYPT_ECPOINT_FORMAT_XY,
1086
0
        SYMCRYPT_FLAG_ECKEY_ECDH | SYMCRYPT_FLAG_KEY_NO_FIPS,
1087
0
        pkKey1);
1088
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1089
1090
0
    pkKey2 = SymCryptEckeyAllocate( pCurve );
1091
0
    SYMCRYPT_FIPS_ASSERT( pkKey2 != NULL );
1092
1093
0
    scError = SymCryptEckeySetValue(
1094
0
        eckey2.d,
1095
0
        sizeof(eckey2.d),
1096
0
        eckey2.Qxy,
1097
0
        sizeof(eckey2.Qxy),
1098
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1099
0
        SYMCRYPT_ECPOINT_FORMAT_XY,
1100
0
        SYMCRYPT_FLAG_ECKEY_ECDH | SYMCRYPT_FLAG_KEY_NO_FIPS,
1101
0
        pkKey2);
1102
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1103
1104
    // Calculate secret using private key 1 and public key 2
1105
0
    scError = SymCryptEcDhSecretAgreement(
1106
0
        pkKey1,
1107
0
        pkKey2,
1108
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1109
0
        0,
1110
0
        rgbSecret,
1111
0
        sizeof(rgbSecret));
1112
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1113
1114
0
    SymCryptInjectError( rgbSecret, sizeof(rgbSecret) );
1115
1116
0
    SYMCRYPT_FIPS_ASSERT( memcmp(rgbSecret, rgbEcdhKnownSecret, sizeof(rgbSecret)) == 0 );
1117
1118
0
    SymCryptEckeyFree( pkKey2 );
1119
0
    SymCryptEckeyFree( pkKey1 );
1120
0
    SymCryptEcurveFree( pCurve );
1121
0
}
1122
1123
VOID
1124
SYMCRYPT_CALL
1125
SymCryptDsaPct( PCSYMCRYPT_DLKEY pkDlkey )
1126
0
{
1127
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1128
1129
0
    SIZE_T cbSignature = 2 * SYMCRYPT_BYTES_FROM_BITS(pkDlkey->nBitsPriv);
1130
0
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
1131
0
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );
1132
1133
0
    scError = SymCryptDsaSign(
1134
0
        pkDlkey,
1135
0
        rgbSha256Hash,
1136
0
        sizeof(rgbSha256Hash),
1137
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1138
0
        0,
1139
0
        pbSignature,
1140
0
        cbSignature );
1141
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1142
1143
0
    SymCryptInjectError( pbSignature, cbSignature );
1144
1145
0
    scError = SymCryptDsaVerify(
1146
0
        pkDlkey,
1147
0
        rgbSha256Hash,
1148
0
        sizeof(rgbSha256Hash),
1149
0
        pbSignature,
1150
0
        cbSignature,
1151
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1152
0
        0 );
1153
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1154
1155
0
    SymCryptWipe( pbSignature, cbSignature );
1156
0
    SymCryptCallbackFree( pbSignature );
1157
0
}
1158
1159
VOID
1160
SYMCRYPT_CALL
1161
SymCryptDsaSelftest(void)
1162
0
{
1163
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1164
1165
0
    PSYMCRYPT_DLGROUP pDlgroup = NULL;
1166
0
    PSYMCRYPT_DLKEY pkDlkey = NULL;
1167
1168
0
    BYTE rgbSignature[64];
1169
1170
0
    pDlgroup = SymCryptDlgroupAllocate(
1171
0
        sizeof(dsaDlgroup.primeP) * 8,
1172
0
        sizeof(dsaDlgroup.primeQ) * 8 );
1173
0
    SYMCRYPT_FIPS_ASSERT( pDlgroup != NULL );
1174
1175
0
    scError = SymCryptDlgroupSetValue(
1176
0
        dsaDlgroup.primeP,
1177
0
        sizeof(dsaDlgroup.primeP),
1178
0
        dsaDlgroup.primeQ,
1179
0
        sizeof(dsaDlgroup.primeQ),
1180
0
        dsaDlgroup.generator,
1181
0
        sizeof(dsaDlgroup.generator),
1182
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1183
0
        SymCryptSha256Algorithm,
1184
0
        dsaDlgroup.seed,
1185
0
        sizeof(dsaDlgroup.seed),
1186
0
        dsaDlgroup.counter,
1187
0
        SYMCRYPT_DLGROUP_FIPS_NONE,
1188
0
        pDlgroup );
1189
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1190
1191
0
    pkDlkey = SymCryptDlkeyAllocate( pDlgroup );
1192
0
    SYMCRYPT_FIPS_ASSERT( pkDlkey != NULL );
1193
1194
0
    scError = SymCryptDlkeySetValue(
1195
0
        dsaKey.private,
1196
0
        sizeof(dsaKey.private),
1197
0
        dsaKey.public,
1198
0
        sizeof(dsaKey.public),
1199
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1200
0
        SYMCRYPT_FLAG_DLKEY_DSA | SYMCRYPT_FLAG_KEY_NO_FIPS,
1201
0
        pkDlkey );
1202
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1203
1204
    // DSA is no longer an approved signing algorithm, so we don't need to perform a signature in
1205
    // the CAST. We can just verify the precalculated signature. But for the unit test
1206
    // infrastructure to exercise these self-tests, we also need to to inject errors and ensure
1207
    // that the verification fails when the signature is corrupted.
1208
0
    C_ASSERT( sizeof(rgbDsaKnownAnswerTestSignature) == sizeof(rgbSignature) );
1209
0
    memcpy( rgbSignature, rgbDsaKnownAnswerTestSignature, sizeof(rgbDsaKnownAnswerTestSignature) );
1210
0
    SymCryptInjectError( rgbSignature, sizeof(rgbSignature) );
1211
1212
0
    scError = SymCryptDsaVerify(
1213
0
        pkDlkey,
1214
0
        rgbSha256Hash,
1215
0
        sizeof(rgbSha256Hash),
1216
0
        rgbSignature,
1217
0
        sizeof(rgbSignature),
1218
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1219
0
        0 );
1220
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1221
1222
0
    SymCryptDlkeyFree( pkDlkey );
1223
0
    SymCryptDlgroupFree( pDlgroup );
1224
0
}
1225
1226
VOID
1227
SYMCRYPT_CALL
1228
SymCryptEcDsaPct( PCSYMCRYPT_ECKEY pkEckey )
1229
0
{
1230
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1231
1232
0
    SIZE_T cbSignature = 2 * SymCryptEckeySizeofPrivateKey(pkEckey);
1233
0
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
1234
0
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );
1235
1236
    // Use SymCryptEcDsaSignEx to avoid infinite recursion in the PCT
1237
0
    scError = SymCryptEcDsaSignEx(
1238
0
        pkEckey,
1239
0
        rgbSha256Hash,
1240
0
        sizeof(rgbSha256Hash),
1241
0
        NULL,
1242
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1243
0
        0,
1244
0
        pbSignature,
1245
0
        cbSignature );
1246
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1247
1248
0
    SymCryptInjectError( pbSignature, cbSignature );
1249
1250
0
    scError = SymCryptEcDsaVerify(
1251
0
        pkEckey,
1252
0
        rgbSha256Hash,
1253
0
        sizeof(rgbSha256Hash),
1254
0
        pbSignature,
1255
0
        cbSignature,
1256
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1257
0
        0 );
1258
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1259
1260
0
    SymCryptWipe( pbSignature, cbSignature );
1261
0
    SymCryptCallbackFree( pbSignature );
1262
0
}
1263
1264
VOID
1265
SYMCRYPT_CALL
1266
SymCryptEcDsaSelftest(void)
1267
5
{
1268
5
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1269
1270
5
    PSYMCRYPT_ECURVE pCurve = NULL;
1271
5
    PSYMCRYPT_ECKEY pkEckey = NULL;
1272
5
    PSYMCRYPT_INT piK = NULL;
1273
1274
5
    BYTE rgbSignature[64];
1275
1276
5
    pCurve = SymCryptEcurveAllocate( SymCryptEcurveParamsNistP256, 0 );
1277
5
    SYMCRYPT_FIPS_ASSERT( pCurve != NULL );
1278
1279
5
    pkEckey = SymCryptEckeyAllocate( pCurve );
1280
5
    SYMCRYPT_FIPS_ASSERT( pkEckey != NULL );
1281
1282
5
    piK = SymCryptIntAllocate(
1283
5
        SYMCRYPT_FDEF_DIGITS_FROM_BITS( sizeof(rgbEcDsaKnownAnswerTestK) * 8 ) );
1284
5
    SYMCRYPT_FIPS_ASSERT( piK != NULL );
1285
1286
5
    scError = SymCryptIntSetValue(
1287
5
        rgbEcDsaKnownAnswerTestK,
1288
5
        sizeof(rgbEcDsaKnownAnswerTestK),
1289
5
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1290
5
        piK );
1291
5
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1292
1293
5
    scError = SymCryptEckeySetValue(
1294
5
        eckey1.d,
1295
5
        sizeof(eckey1.d),
1296
5
        eckey1.Qxy,
1297
5
        sizeof(eckey1.Qxy),
1298
5
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1299
5
        SYMCRYPT_ECPOINT_FORMAT_XY,
1300
5
        SYMCRYPT_FLAG_ECKEY_ECDSA | SYMCRYPT_FLAG_KEY_NO_FIPS,
1301
5
        pkEckey);
1302
5
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1303
1304
5
    scError = SymCryptEcDsaSignEx(
1305
5
        pkEckey,
1306
5
        rgbSha256Hash,
1307
5
        sizeof(rgbSha256Hash),
1308
5
        piK,
1309
5
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1310
5
        0,
1311
5
        rgbSignature,
1312
5
        sizeof(rgbSignature) );
1313
5
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1314
1315
5
    SYMCRYPT_FIPS_ASSERT(
1316
5
        memcmp( rgbSignature, rgbEcDsaKnownAnswerTestSignature, sizeof(rgbSignature) ) == 0 );
1317
1318
5
    SymCryptInjectError( rgbSignature, sizeof(rgbSignature) );
1319
1320
5
    scError = SymCryptEcDsaVerify(
1321
5
        pkEckey,
1322
5
        rgbSha256Hash,
1323
5
        sizeof(rgbSha256Hash),
1324
5
        rgbSignature,
1325
5
        sizeof(rgbSignature),
1326
5
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1327
5
        0 );
1328
5
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1329
1330
5
    SymCryptIntFree( piK );
1331
5
    SymCryptEckeyFree( pkEckey );
1332
5
    SymCryptEcurveFree( pCurve );
1333
5
}
1334
1335
VOID
1336
SYMCRYPT_CALL
1337
SymCryptRsaSignVerifyPct( PCSYMCRYPT_RSAKEY pkRsakey )
1338
0
{
1339
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1340
1341
0
    SIZE_T cbSignature = SYMCRYPT_BYTES_FROM_BITS(pkRsakey->nBitsOfModulus);
1342
0
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
1343
0
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );
1344
1345
0
    scError = SymCryptRsaPkcs1Sign(
1346
0
        pkRsakey,
1347
0
        rgbSha256Hash,
1348
0
        sizeof(rgbSha256Hash),
1349
0
        SymCryptSha256OidList,
1350
0
        SYMCRYPT_SHA256_OID_COUNT,
1351
0
        0,
1352
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1353
0
        pbSignature,
1354
0
        cbSignature,
1355
0
        &cbSignature );
1356
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1357
1358
0
    SymCryptInjectError( pbSignature, cbSignature );
1359
1360
0
    scError = SymCryptRsaPkcs1Verify(
1361
0
        pkRsakey,
1362
0
        rgbSha256Hash,
1363
0
        sizeof(rgbSha256Hash),
1364
0
        pbSignature,
1365
0
        cbSignature,
1366
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1367
0
        SymCryptSha256OidList,
1368
0
        SYMCRYPT_SHA256_OID_COUNT,
1369
0
        0 );
1370
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1371
1372
0
    SymCryptWipe( pbSignature, cbSignature );
1373
0
    SymCryptCallbackFree( pbSignature );
1374
0
}
1375
1376
VOID
1377
SYMCRYPT_CALL
1378
SymCryptRsaSelftest(void)
1379
0
{
1380
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1381
1382
0
    PSYMCRYPT_RSAKEY pkRsakey = NULL;
1383
0
    SYMCRYPT_RSA_PARAMS rsaParams = { 0 };
1384
1385
0
    SIZE_T cbSignature = sizeof(rgbRsaPkcs1Sig);
1386
0
    PBYTE pbSignature = SymCryptCallbackAlloc(cbSignature);
1387
0
    SYMCRYPT_FIPS_ASSERT(pbSignature != NULL);
1388
1389
0
    rsaParams.version = 1;
1390
0
    rsaParams.nBitsOfModulus = sizeof(rsakey.modulus) * 8;
1391
0
    rsaParams.nPrimes = 2;
1392
0
    rsaParams.nPubExp = 1;
1393
1394
0
    PCBYTE pbPrimes[] = { rsakey.prime1, rsakey.prime2 };
1395
0
    SIZE_T cbPrimes[] = { sizeof(rsakey.prime1), sizeof(rsakey.prime2) };
1396
1397
0
    pkRsakey = SymCryptRsakeyAllocate(&rsaParams, 0);
1398
0
    SYMCRYPT_FIPS_ASSERT(pkRsakey != NULL);
1399
1400
0
    scError = SymCryptRsakeySetValue(
1401
0
        rsakey.modulus,
1402
0
        sizeof(rsakey.modulus),
1403
0
        &rsakey.publicExp,
1404
0
        1,
1405
0
        pbPrimes,
1406
0
        cbPrimes,
1407
0
        sizeof(cbPrimes) / sizeof(cbPrimes[0]),
1408
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1409
0
        SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_KEY_NO_FIPS,
1410
0
        pkRsakey);
1411
0
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);
1412
1413
0
    scError = SymCryptRsaPkcs1Sign(
1414
0
        pkRsakey,
1415
0
        rgbSha256Hash,
1416
0
        sizeof(rgbSha256Hash),
1417
0
        SymCryptSha256OidList,
1418
0
        SYMCRYPT_SHA256_OID_COUNT,
1419
0
        0,
1420
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1421
0
        pbSignature,
1422
0
        cbSignature,
1423
0
        &cbSignature);
1424
0
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);
1425
1426
0
    SYMCRYPT_FIPS_ASSERT(memcmp(pbSignature, rgbRsaPkcs1Sig, sizeof(rgbRsaPkcs1Sig)) == 0);
1427
1428
0
    SymCryptInjectError(pbSignature, cbSignature);
1429
1430
0
    scError = SymCryptRsaPkcs1Verify(
1431
0
        pkRsakey,
1432
0
        rgbSha256Hash,
1433
0
        sizeof(rgbSha256Hash),
1434
0
        pbSignature,
1435
0
        cbSignature,
1436
0
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
1437
0
        SymCryptSha256OidList,
1438
0
        SYMCRYPT_SHA256_OID_COUNT,
1439
0
        0);
1440
0
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);
1441
1442
0
    SymCryptRsakeyFree(pkRsakey);
1443
1444
0
    SymCryptWipe(pbSignature, cbSignature);
1445
0
    SymCryptCallbackFree(pbSignature);
1446
0
}
1447
1448
VOID
1449
SYMCRYPT_CALL
1450
SymCryptXmssVerifySelftest(void)
1451
0
{
1452
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1453
0
    PSYMCRYPT_XMSS_KEY pKey = NULL;
1454
0
    SYMCRYPT_XMSS_PARAMS params;
1455
0
    PBYTE pbSignature;
1456
0
    SIZE_T cbSignature = sizeof(rgbXmssSha2_10_192Signature);
1457
1458
0
    scError = SymCryptXmssParamsFromAlgId(SYMCRYPT_XMSS_SHA2_10_192, &params);
1459
0
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);
1460
1461
0
    pKey = SymCryptXmsskeyAllocate(&params, 0);
1462
0
    SYMCRYPT_FIPS_ASSERT(pKey != NULL);
1463
1464
0
    scError = SymCryptXmsskeySetValue(
1465
0
        rgbXmssSha2_10_192Pubkey,
1466
0
        sizeof(rgbXmssSha2_10_192Pubkey),
1467
0
        SYMCRYPT_XMSSKEY_TYPE_PUBLIC,
1468
0
        0, 
1469
0
        pKey);
1470
1471
    // Make a copy of the signature so that we can inject errors in it
1472
0
    pbSignature = SymCryptCallbackAlloc(cbSignature);
1473
0
    SYMCRYPT_FIPS_ASSERT(pbSignature != NULL);
1474
0
    memcpy(pbSignature, rgbXmssSha2_10_192Signature, cbSignature);
1475
1476
0
    SymCryptInjectError(pbSignature, cbSignature);
1477
1478
0
    scError = SymCryptXmssVerify(
1479
0
        pKey,
1480
0
        SymCryptTestMsg3,
1481
0
        sizeof(SymCryptTestMsg3),
1482
0
        0,
1483
0
        pbSignature,
1484
0
        cbSignature);
1485
0
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);
1486
1487
0
    SymCryptWipe(pbSignature, cbSignature);
1488
0
    SymCryptCallbackFree(pbSignature);
1489
1490
0
    SymCryptXmsskeyFree(pKey);
1491
0
}
1492
1493
VOID
1494
SYMCRYPT_CALL
1495
SymCryptXmssSelftest(void)
1496
0
{
1497
    // Perform only signature verification self-test
1498
0
    SymCryptXmssVerifySelftest();
1499
0
}
1500
1501
VOID
1502
SYMCRYPT_CALL
1503
SymCryptMlKemSelftest(void)
1504
0
{
1505
0
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
1506
1507
0
    const SIZE_T cbCiphertext = sizeof(rgbMlKemSelfTestCiphertext);
1508
0
    const SIZE_T cbDecapsKeyBlob = sizeof(mlKemDecapsKey);
1509
0
    const SIZE_T cbAlloc = cbCiphertext + cbDecapsKeyBlob;
1510
0
    BYTE rgbComputedSecret[sizeof(rgbMlKemSelfTestAgreedSecret)];
1511
0
    PSYMCRYPT_MLKEMKEY pkMlKemkey = NULL;
1512
1513
0
    PBYTE pbAlloc = SymCryptCallbackAlloc( cbAlloc );
1514
0
    PBYTE pbCiphertext = pbAlloc;
1515
0
    PBYTE pbDecapsKeyBlob = pbAlloc + cbCiphertext;
1516
0
    SYMCRYPT_FIPS_ASSERT( pbAlloc != NULL );
1517
1518
0
    pkMlKemkey = SymCryptMlKemkeyAllocate( SYMCRYPT_MLKEM_PARAMS_MLKEM512 );
1519
0
    SYMCRYPT_FIPS_ASSERT( pkMlKemkey != NULL );
1520
1521
    // ML-KEM KeyGen KAT
1522
0
    scError = SymCryptMlKemkeySetValue(
1523
0
        (PCBYTE) &rgbMlKemKeyPrivateSeed, sizeof(rgbMlKemKeyPrivateSeed),
1524
0
        SYMCRYPT_MLKEMKEY_FORMAT_PRIVATE_SEED,
1525
0
        SYMCRYPT_FLAG_KEY_NO_FIPS,
1526
0
        pkMlKemkey );
1527
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1528
1529
0
    scError = SymCryptMlKemkeyGetValue(
1530
0
        pkMlKemkey,
1531
0
        pbDecapsKeyBlob, cbDecapsKeyBlob,
1532
0
        SYMCRYPT_MLKEMKEY_FORMAT_DECAPSULATION_KEY,
1533
0
        SYMCRYPT_FLAG_KEY_NO_FIPS );
1534
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1535
1536
0
    SymCryptInjectError( pbDecapsKeyBlob, cbDecapsKeyBlob );
1537
1538
0
    SYMCRYPT_FIPS_ASSERT( memcmp(pbDecapsKeyBlob, (PCBYTE) &mlKemDecapsKey, cbDecapsKeyBlob) == 0 );
1539
1540
    // ML-KEM Encaps KAT
1541
0
    scError = SymCryptMlKemEncapsulateEx(
1542
0
        pkMlKemkey,
1543
0
        rgbMlKemSelfTestEncapsRandomness, sizeof(rgbMlKemSelfTestEncapsRandomness),
1544
0
        rgbComputedSecret, sizeof(rgbComputedSecret),
1545
0
        pbCiphertext, cbCiphertext );
1546
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1547
1548
0
    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );
1549
0
    SymCryptInjectError( pbCiphertext, sizeof(rgbMlKemSelfTestCiphertext) );
1550
1551
0
    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestAgreedSecret, sizeof(rgbComputedSecret)) == 0 );
1552
0
    SYMCRYPT_FIPS_ASSERT( memcmp(pbCiphertext, rgbMlKemSelfTestCiphertext, sizeof(rgbMlKemSelfTestCiphertext)) == 0 );
1553
1554
0
    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );
1555
1556
    // ML-KEM Successful Decaps KAT
1557
0
    scError = SymCryptMlKemDecapsulate(
1558
0
        pkMlKemkey,
1559
0
        pbCiphertext, cbCiphertext,
1560
0
        rgbComputedSecret, sizeof(rgbComputedSecret) );
1561
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1562
1563
0
    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );
1564
1565
0
    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestAgreedSecret, sizeof(rgbComputedSecret)) == 0 );
1566
1567
0
    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );
1568
1569
    // ML-KEM Implicit Rejection Decaps KAT
1570
0
    pbCiphertext[0] ^= 1;
1571
1572
0
    scError = SymCryptMlKemDecapsulate(
1573
0
        pkMlKemkey,
1574
0
        pbCiphertext, cbCiphertext,
1575
0
        rgbComputedSecret, sizeof(rgbComputedSecret) );
1576
0
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );
1577
1578
0
    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );
1579
1580
0
    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestImplicitRejectionSecret, sizeof(rgbComputedSecret)) == 0 );
1581
    
1582
0
    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );
1583
1584
0
    SymCryptMlKemkeyFree( pkMlKemkey );
1585
0
    SymCryptWipe( pbAlloc, cbAlloc );
1586
0
    SymCryptCallbackFree( pbAlloc );
1587
0
}