/src/SymCrypt/lib/fips_selftest.c

Source (jump to first uncovered line)
//
// fips_selftest.c - Algorithm selftests for FIPS 140 compliance
//
// Copyright (c) Microsoft Corporation. Licensed under the MIT license.
//

#include "precomp.h"

// Takes values which are some bitwise OR combination of SYMCRYPT_SELFTEST_ALGORITHM values
UINT32 g_SymCryptFipsSelftestsPerformed = SYMCRYPT_SELFTEST_ALGORITHM_NONE;

// Simple accessor function so callers can inspect which selftests have run
UINT32
SYMCRYPT_CALL
SymCryptFipsGetSelftestsPerformed(void)
{
    return g_SymCryptFipsSelftestsPerformed;
}

//
// Convenience structs for selftest data
//

typedef struct _SYMCRYPT_SELFTEST_DLKEY_2048
{
    BYTE public[256];
    BYTE private[32];
} SYMCRYPT_SELFTEST_DLKEY_2048;

typedef struct _SYMCRYPT_SELFTEST_DLGROUP_2048
{
    BYTE primeP[256];
    BYTE primeQ[32];
    BYTE generator[256];
    BYTE seed[32];
    UINT32 counter;
} SYMCRYPT_SELFTEST_DLGROUP_2048;

typedef struct _SYMCRYPT_SELFTEST_ECKEY_P256
{
    BYTE Qxy[64]; // 32B of Qx followed by 32B of Qy
    BYTE d[32];
} SYMCRYPT_SELFTEST_ECKEY_P256;

typedef struct _SYMCRYPT_SELFTEST_RSAKEY_2048
{
    UINT64 publicExp;
    BYTE modulus[256];
    BYTE prime1[128];
    BYTE prime2[128];
} SYMCRYPT_SELFTEST_RSAKEY_2048;

typedef struct _SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512
{
    BYTE dkpke[768];
    BYTE ekpke[800];
    BYTE Hekpke[32];
    BYTE z[32];
} SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512;

//
// DL groups and keys for DH secret agreement selftest
//

// Keys generated from Oakley group 14 (IKE group mod p2048 from RFC 3526)
// aka SymCryptDlgroupDhSafePrimeParamsModp2048
const SYMCRYPT_SELFTEST_DLKEY_2048 dhKey1 =
{
    // Public key
    {
        0x7d, 0xca, 0xed, 0x67, 0x30, 0x4a, 0x28, 0xcb,
        0x6b, 0x18, 0x21, 0xb9, 0xdc, 0x82, 0xf5, 0xef,
        0xfe, 0x77, 0x35, 0xf2, 0xed, 0x91, 0x95, 0x9e,
        0x1f, 0xb6, 0xf9, 0x60, 0x84, 0x4f, 0x9f, 0xba,
        0x20, 0xc3, 0x1a, 0x66, 0xa2, 0x34, 0x42, 0x19,
        0x82, 0x52, 0xea, 0x53, 0x4f, 0x24, 0x93, 0x24,
        0xef, 0x4d, 0xba, 0x65, 0x49, 0x7f, 0x8d, 0x56,
        0x1c, 0x2f, 0xa6, 0x24, 0x26, 0x8c, 0xca, 0xad,
        0x28, 0x9d, 0x50, 0x2a, 0x41, 0xa0, 0x64, 0xfa,
        0xe6, 0x55, 0x43, 0xed, 0xdd, 0x6c, 0x3e, 0x45,
        0xad, 0xa4, 0x07, 0x8d, 0x71, 0x76, 0xc0, 0x99,
        0x85, 0x72, 0x33, 0x04, 0xdc, 0xee, 0x4e, 0xac,
        0x39, 0x8e, 0x49, 0x45, 0xbb, 0x50, 0xcb, 0x3e,
        0x03, 0xbc, 0x23, 0x6f, 0x63, 0x6f, 0xef, 0x9f,
        0xd8, 0xe4, 0x7f, 0xe7, 0x0f, 0x7d, 0x34, 0x0f,
        0x6a, 0xc3, 0x45, 0x3a, 0x5b, 0xa7, 0x07, 0x23,
        0xd5, 0x32, 0x28, 0xe4, 0x69, 0xa4, 0xd2, 0xdd,
        0x4a, 0x9e, 0x0f, 0xfa, 0x38, 0xeb, 0x8d, 0xbe,
        0xa9, 0x31, 0x39, 0x70, 0xdc, 0x1d, 0xf6, 0x0b,
        0x51, 0x0c, 0x6c, 0x27, 0x6c, 0x4a, 0x52, 0x6b,
        0x84, 0xc4, 0x57, 0xb8, 0x47, 0x0c, 0x4c, 0x80,
        0xb0, 0x2b, 0x2e, 0x83, 0x78, 0x83, 0x55, 0xe6,
        0x12, 0x94, 0x79, 0x9b, 0x13, 0x7d, 0xd1, 0x93,
        0x6a, 0xec, 0x76, 0x73, 0xba, 0x92, 0x44, 0xab,
        0x2b, 0xec, 0xc2, 0xbc, 0x77, 0xce, 0x20, 0xa3,
        0x21, 0x33, 0x06, 0x80, 0xf6, 0x1b, 0x2b, 0xe0,
        0x90, 0x23, 0xde, 0x74, 0x57, 0x04, 0xcc, 0x27,
        0xed, 0x4e, 0x3e, 0x7f, 0x0d, 0x7b, 0x48, 0xfa,
        0x45, 0x2f, 0x84, 0x67, 0xe8, 0x1c, 0x89, 0xaa,
        0xbd, 0x85, 0x53, 0x7f, 0xe6, 0xdf, 0x27, 0x75,
        0x92, 0x84, 0x0b, 0x6f, 0x9c, 0xfd, 0x95, 0x0d,
        0xb5, 0xdb, 0x17, 0x38, 0xc9, 0x78, 0xde, 0xa5
    },

    // Private key
    {
        0x17, 0xcd, 0x0e, 0x82, 0xa3, 0x2f, 0x0e, 0x38,
        0x4c, 0xec, 0x69, 0xb2, 0xec, 0x46, 0xc9, 0xaa,
        0xa3, 0xca, 0x41, 0x33, 0xcc, 0xb4, 0x1a, 0xac,
        0x3d, 0x66, 0x0c, 0xa5, 0xb7, 0x79, 0xa6, 0x6e
    }
};

const SYMCRYPT_SELFTEST_DLKEY_2048 dhKey2 =
{
    // Public key
    {
        0x51, 0x7f, 0x01, 0xa6, 0xe7, 0x95, 0x2c, 0xb7,
        0x0e, 0x3c, 0x09, 0x6e, 0x31, 0xfb, 0x14, 0x87,
        0xaa, 0x27, 0x7f, 0xe0, 0x61, 0xed, 0xd7, 0x09,
        0x07, 0xb4, 0x40, 0xb8, 0xdf, 0xff, 0x05, 0x64,
        0x36, 0xc6, 0x0e, 0x50, 0x11, 0xd6, 0xac, 0x3f,
        0xc2, 0x5d, 0x52, 0x39, 0x44, 0xec, 0xdf, 0x86,
        0xde, 0x32, 0x9c, 0xde, 0x4e, 0x43, 0x30, 0x46,
        0x32, 0x68, 0x5b, 0xb6, 0x2c, 0xda, 0x04, 0x13,
        0x75, 0xa9, 0x80, 0x7a, 0x30, 0xf0, 0x83, 0xc4,
        0x94, 0xf7, 0x59, 0x3e, 0x91, 0xd1, 0x53, 0x74,
        0xde, 0xa6, 0x9a, 0xdf, 0x1d, 0x0a, 0xc7, 0x20,
        0x9e, 0xef, 0x38, 0x0b, 0xd6, 0x20, 0x50, 0x6e,
        0x5b, 0x5e, 0x66, 0x3d, 0xda, 0xd8, 0xbe, 0xea,
        0x50, 0xee, 0x18, 0x54, 0xa9, 0x87, 0x3c, 0x1f,
        0x38, 0x95, 0x27, 0xfd, 0xe2, 0xb6, 0x98, 0x9f,
        0x50, 0x44, 0x7f, 0x66, 0x79, 0x17, 0x3f, 0x20,
        0x45, 0xba, 0x9c, 0x43, 0x74, 0x0c, 0xda, 0x89,
        0x80, 0x4b, 0x93, 0x02, 0x1b, 0x10, 0x1c, 0x3c,
        0x20, 0x80, 0x1e, 0xa2, 0xc4, 0x08, 0x10, 0xd3,
        0xda, 0xf3, 0x78, 0xc0, 0x06, 0x47, 0xed, 0x0d,
        0xa4, 0xf8, 0x14, 0xeb, 0xd2, 0xbc, 0xf5, 0xe2,
        0x56, 0x41, 0x48, 0x6a, 0xd5, 0x90, 0xb6, 0x15,
        0x5d, 0x47, 0xc0, 0xb8, 0x10, 0x8b, 0xd5, 0x56,
        0x8f, 0x95, 0xc2, 0xde, 0x8c, 0x9e, 0xc8, 0xa9,
        0x9f, 0xfd, 0x6b, 0xff, 0x3e, 0xe8, 0x71, 0xf1,
        0xb8, 0x01, 0xf0, 0x36, 0x07, 0x5b, 0xe5, 0x0a,
        0xfc, 0xe4, 0x42, 0xab, 0x11, 0xd3, 0x91, 0x68,
        0x5f, 0xba, 0x61, 0xa9, 0x2f, 0x69, 0x55, 0x15,
        0x1d, 0xde, 0x7c, 0x2c, 0xc1, 0x05, 0x34, 0x13,
        0x84, 0x48, 0xe0, 0xce, 0xfd, 0xa9, 0xfe, 0xd9,
        0x76, 0x94, 0x07, 0xde, 0x0f, 0xe4, 0x98, 0x46,
        0xbc, 0x32, 0x3b, 0xd7, 0xce, 0x16, 0xae, 0x71
    },

    // Private key
    {
        0xad, 0xcb, 0x1d, 0xab, 0xa7, 0xc3, 0x78, 0xdb,
        0x37, 0x0f, 0x0b, 0x9c, 0xcd, 0x4f, 0x05, 0x5f,
        0x0e, 0x2b, 0xc3, 0xee, 0xa9, 0xb4, 0xd3, 0xb9,
        0x77, 0xd8, 0x89, 0xbd, 0xf6, 0x0e, 0xd7, 0x18
    }
};

// Shared secret generated from the two above keys
const BYTE rgbDhKnownSecret[] =
{
    0xa8, 0xf4, 0x48, 0xa2, 0x9f, 0xe0, 0xae, 0x75,
    0xf1, 0xec, 0x1f, 0x65, 0x93, 0x72, 0x25, 0xf2,
    0x3d, 0x9f, 0x8b, 0x74, 0xee, 0x9c, 0x60, 0x1c,
    0xae, 0x8c, 0x8f, 0x61, 0x62, 0xa7, 0xa9, 0xa0,
    0xaa, 0xe3, 0x85, 0x11, 0xcc, 0xe4, 0x97, 0x3d,
    0xbc, 0x59, 0x74, 0x57, 0x70, 0x45, 0xe9, 0x1f,
    0x82, 0x14, 0x8f, 0xb1, 0x51, 0x3c, 0x79, 0x51,
    0x06, 0xe8, 0xed, 0xc0, 0xe9, 0xd0, 0xde, 0xb0,
    0xd2, 0x06, 0xf1, 0x15, 0x81, 0x7a, 0x26, 0x80,
    0x89, 0x26, 0x77, 0xda, 0x50, 0xdd, 0x86, 0x90,
    0x82, 0x06, 0x35, 0x81, 0x82, 0xfd, 0x19, 0x25,
    0xdf, 0x7f, 0xa2, 0xde, 0xd0, 0x40, 0x2c, 0x5c,
    0x74, 0x5e, 0x0c, 0xbc, 0xea, 0x65, 0x7a, 0x7e,
    0xbc, 0x93, 0xf3, 0xdd, 0x62, 0x10, 0x68, 0x0b,
    0xb3, 0x7e, 0x5c, 0xd0, 0xd0, 0x74, 0x7e, 0xa5,
    0xfc, 0xd4, 0xc8, 0xdc, 0x00, 0xde, 0x10, 0x53,
    0x9b, 0xa0, 0x26, 0x6b, 0x57, 0xe6, 0x50, 0x69,
    0x03, 0x18, 0xef, 0xe9, 0x3d, 0xc1, 0x08, 0x74,
    0xdb, 0x1e, 0x02, 0x9d, 0x6c, 0x03, 0x04, 0xdc,
    0x0c, 0xad, 0x68, 0x23, 0x08, 0x6e, 0x9c, 0x8a,
    0x2b, 0xb8, 0xa3, 0xca, 0xf1, 0x3e, 0x16, 0x17,
    0x43, 0xa4, 0x64, 0xf3, 0x64, 0x75, 0x54, 0xdd,
    0x25, 0x19, 0x37, 0xf4, 0x7b, 0x14, 0x12, 0xa7,
    0x62, 0xa7, 0xc5, 0x27, 0x46, 0xd6, 0xda, 0xe8,
    0x4e, 0xcb, 0xf4, 0x80, 0x7e, 0x8c, 0xa6, 0xb4,
    0x52, 0x0a, 0x1d, 0xf6, 0x24, 0xf2, 0x13, 0xe3,
    0x4a, 0xcc, 0x86, 0x27, 0x26, 0x57, 0x06, 0xfa,
    0xfa, 0x9d, 0xb2, 0x4c, 0x0c, 0xa4, 0xad, 0x07,
    0x47, 0x13, 0xbb, 0x80, 0x63, 0x37, 0x37, 0x6c,
    0xa4, 0x2e, 0xb7, 0xd5, 0x74, 0x37, 0xb7, 0x95,
    0xe1, 0xc4, 0xbe, 0x25, 0x33, 0xcc, 0x0e, 0xdf,
    0x53, 0xa6, 0xf9, 0x6f, 0xbc, 0x7b, 0xa6, 0x5c
};

//
// DL group and keys for DSA selftest
//

const SYMCRYPT_SELFTEST_DLGROUP_2048 dsaDlgroup =
{
    // Prime P
    {
        0x8a, 0x09, 0xf1, 0x3b, 0xb4, 0xce, 0xc7, 0xb9,
        0x73, 0x36, 0xae, 0xb2, 0x45, 0xee, 0x9d, 0x7d,
        0x3b, 0xef, 0xaf, 0x78, 0xb7, 0x8c, 0x62, 0xdb,
        0xd1, 0x86, 0x60, 0xac, 0xef, 0xa6, 0x3f, 0x14,
        0x19, 0xa8, 0x02, 0xf4, 0xf3, 0xaa, 0x44, 0x91,
        0x4a, 0xc9, 0xa8, 0xf8, 0x70, 0xb0, 0x95, 0x96,
        0xbc, 0x52, 0x6c, 0x0c, 0x46, 0x42, 0x2c, 0x4a,
        0x12, 0xce, 0xfb, 0x28, 0x3d, 0x3a, 0x0c, 0x53,
        0x48, 0x8b, 0x6c, 0x2a, 0x43, 0x55, 0x64, 0xb2,
        0x60, 0x5e, 0x54, 0xdc, 0x72, 0x35, 0x33, 0xec,
        0x1b, 0xd6, 0x6d, 0x8f, 0xd5, 0xaf, 0x6d, 0x12,
        0xf0, 0x26, 0xef, 0x1d, 0xd7, 0x49, 0xf5, 0x5c,
        0xf6, 0xd8, 0xc8, 0x39, 0xcd, 0xb3, 0xc8, 0xa6,
        0xb1, 0x9c, 0xac, 0x52, 0x89, 0xce, 0xe4, 0x54,
        0xf7, 0x0e, 0xe8, 0xdc, 0xbc, 0x32, 0x75, 0x53,
        0xcf, 0xe8, 0xe3, 0x29, 0x03, 0xbf, 0xa1, 0x56,
        0x0d, 0xce, 0xfa, 0xd1, 0x8b, 0x55, 0x0c, 0xdd,
        0x94, 0xe2, 0xfa, 0xf0, 0x52, 0xaf, 0x4b, 0xcb,
        0x38, 0xb3, 0x6a, 0xb9, 0x5a, 0x75, 0x6f, 0xf2,
        0xbb, 0x5d, 0xcb, 0x47, 0x8a, 0xb0, 0x86, 0x85,
        0xdd, 0x49, 0x47, 0xbc, 0xa9, 0xa5, 0x7b, 0xd2,
        0xba, 0x0e, 0x23, 0x41, 0xea, 0x12, 0xb6, 0x0f,
        0x5e, 0x0b, 0xb0, 0x07, 0x63, 0x34, 0x65, 0x66,
        0x07, 0x98, 0xa1, 0x9a, 0x12, 0x75, 0x25, 0x2f,
        0xd2, 0x3b, 0x1e, 0x89, 0xb8, 0x70, 0xfd, 0x89,
        0xfd, 0x95, 0x17, 0x9a, 0xe3, 0xb8, 0xbb, 0x1c,
        0x93, 0x87, 0x4a, 0x3b, 0x5f, 0xdf, 0xca, 0x09,
        0xd7, 0xc6, 0xca, 0xaf, 0x7b, 0xcf, 0x03, 0x58,
        0x89, 0xb1, 0x1e, 0x4d, 0x5d, 0x89, 0x10, 0xa8,
        0x53, 0xf4, 0x12, 0x56, 0x8b, 0x85, 0xe2, 0xcc,
        0x02, 0x86, 0x82, 0x77, 0x2e, 0x0f, 0x30, 0x86,
        0x1b, 0x6e, 0xd1, 0xda, 0x15, 0x05, 0x5f, 0x93
    },

    // Prime Q
    {
        0xb8, 0x0e, 0xd4, 0x3a, 0xe1, 0x2a, 0x6a, 0xb7,
        0xd5, 0x6d, 0x3f, 0x8c, 0x86, 0xb9, 0xb9, 0x9d,
        0xb4, 0x28, 0xa3, 0x96, 0x61, 0xab, 0x19, 0x8a,
        0x92, 0xe1, 0xc2, 0xaa, 0x7e, 0x10, 0x03, 0x13
    },

    // Generator
    {
        0x1a, 0xe8, 0x38, 0xbe, 0xe7, 0xd0, 0xc5, 0x52,
        0x89, 0x0d, 0x7a, 0x45, 0x31, 0x83, 0x9a, 0xed,
        0xa5, 0x4e, 0x13, 0x15, 0xba, 0xb7, 0x01, 0xa1,
        0xf5, 0x86, 0x6a, 0x43, 0x88, 0x75, 0xdb, 0xed,
        0xe9, 0xa3, 0xa3, 0x43, 0x78, 0x4c, 0x01, 0x18,
        0x4d, 0x56, 0x3a, 0x49, 0x3c, 0xa7, 0x10, 0xba,
        0x0b, 0x1b, 0x11, 0x11, 0xef, 0x2d, 0xee, 0x12,
        0x76, 0x8c, 0xc2, 0xa8, 0xe2, 0x9d, 0xc6, 0x3f,
        0xb5, 0xe5, 0x91, 0x76, 0x0f, 0xd8, 0xf6, 0xff,
        0x59, 0x06, 0xb7, 0x4e, 0xcc, 0xb3, 0x75, 0x50,
        0x47, 0x6c, 0x61, 0xf6, 0x3f, 0xe7, 0x9f, 0x80,
        0x4c, 0x04, 0x84, 0xac, 0xfd, 0xab, 0x63, 0xa3,
        0x99, 0x61, 0x62, 0x26, 0x5d, 0x1c, 0xc3, 0x11,
        0x31, 0x2e, 0x4c, 0xf1, 0x81, 0xc6, 0x45, 0xd4,
        0x3a, 0x3d, 0x17, 0x48, 0x8e, 0x84, 0x38, 0xde,
        0xc1, 0x55, 0x42, 0xca, 0xf8, 0xb0, 0x76, 0x54,
        0x90, 0xac, 0xf8, 0x0f, 0x38, 0xdd, 0x81, 0x70,
        0xa9, 0xb8, 0x6f, 0xcb, 0x3e, 0xba, 0xf7, 0x1e,
        0x5d, 0xaa, 0xa0, 0xcb, 0x7c, 0x37, 0xa1, 0x87,
        0xb0, 0x34, 0x6e, 0x78, 0x62, 0x7e, 0x17, 0xe6,
        0xae, 0xc3, 0x4e, 0x0c, 0xeb, 0x4f, 0x25, 0x76,
        0x4a, 0xb6, 0xe5, 0xc6, 0x23, 0x77, 0xfb, 0xa8,
        0xb2, 0x0c, 0xa1, 0xc0, 0x56, 0xe9, 0x22, 0x2d,
        0x3f, 0x44, 0x43, 0x31, 0xdf, 0x2f, 0x5f, 0x57,
        0x22, 0x6e, 0x8a, 0xf1, 0x64, 0xb1, 0x3c, 0xd3,
        0x22, 0x78, 0x8a, 0xe3, 0x12, 0xbd, 0x47, 0x20,
        0xd3, 0x19, 0x22, 0xb7, 0xc7, 0xc7, 0x6a, 0xb8,
        0x7e, 0x13, 0x34, 0x13, 0x41, 0x47, 0x56, 0xd4,
        0xff, 0x4f, 0x37, 0xd2, 0x8d, 0x58, 0x8f, 0xe3,
        0xea, 0x04, 0x0a, 0x13, 0x3f, 0x3b, 0x8f, 0x71,
        0x5a, 0xbe, 0xf8, 0x90, 0x8d, 0x3b, 0xd5, 0xeb,
        0x97, 0x6f, 0xeb, 0xb1, 0xe1, 0xed, 0x1c, 0x6f
    },

    // Seed
    {
        0xe7, 0x53, 0x59, 0xd5, 0xca, 0x3a, 0x7c, 0xe1,
        0x83, 0x68, 0x7a, 0x79, 0xff, 0x65, 0xad, 0x40,
        0x38, 0x69, 0x59, 0x10, 0x5a, 0x18, 0x4d, 0xc5,
        0x3a, 0xd2, 0x7e, 0x95, 0x23, 0xa3, 0x7b, 0x3d
    },

    // Counter
    3394
};

const SYMCRYPT_SELFTEST_DLKEY_2048 dsaKey =
{
    // Public key
    {
    0x24, 0xaa, 0x5c, 0x6a, 0x72, 0x54, 0x3a, 0x40,
    0x8a, 0xd7, 0xa4, 0xd2, 0x59, 0x7d, 0xfc, 0x9d,
    0x93, 0xc3, 0x9f, 0x84, 0x50, 0x4e, 0x03, 0x17,
    0x87, 0x19, 0x35, 0xf0, 0x17, 0x17, 0x22, 0xb8,
    0x08, 0xca, 0xe4, 0x22, 0xd3, 0xb5, 0x52, 0x92,
    0xf0, 0xa9, 0x83, 0x45, 0xe4, 0x2c, 0x1f, 0xa7,
    0xb1, 0x9f, 0x8e, 0x35, 0xfe, 0x26, 0x1f, 0xe0,
    0xda, 0x74, 0xe4, 0xa4, 0xa0, 0xf6, 0x17, 0x0b,
    0x04, 0x86, 0xc7, 0x5e, 0x2e, 0xc0, 0x52, 0xfe,
    0x29, 0x12, 0x48, 0x3a, 0x16, 0x12, 0xfb, 0xbe,
    0xd9, 0x71, 0xf2, 0x65, 0x44, 0xef, 0x41, 0xf4,
    0x67, 0x7c, 0x8b, 0xeb, 0xb8, 0xb6, 0x58, 0x5d,
    0xd0, 0xbb, 0x42, 0xf9, 0xc7, 0x32, 0xcc, 0x44,
    0x46, 0x93, 0x8f, 0x2e, 0xe2, 0xd7, 0x6c, 0xa6,
    0x53, 0x4d, 0xc9, 0x12, 0xbb, 0xc9, 0xee, 0xb2,
    0xba, 0xc0, 0x0e, 0xc2, 0x7e, 0x61, 0x61, 0x29,
    0x2d, 0x70, 0x70, 0x86, 0x10, 0xd8, 0x24, 0x6d,
    0x6e, 0x4c, 0x7d, 0xb2, 0xc9, 0x10, 0x0a, 0x3c,
    0xf8, 0x46, 0x91, 0xeb, 0xb7, 0xc2, 0x31, 0x32,
    0xf9, 0x5b, 0x29, 0x53, 0x38, 0x75, 0x27, 0x88,
    0x53, 0x2a, 0xe2, 0xae, 0x61, 0x7d, 0xe0, 0xd1,
    0xb1, 0x9a, 0x43, 0xcf, 0xf1, 0x91, 0x19, 0x11,
    0x4d, 0x7c, 0xf8, 0x5a, 0x37, 0x9c, 0x2b, 0x0c,
    0x40, 0x74, 0x40, 0xee, 0xef, 0x5b, 0x1f, 0x3b,
    0xa1, 0xb8, 0x06, 0x2e, 0x5d, 0x1d, 0x23, 0xd8,
    0x05, 0x08, 0xc4, 0x1a, 0x70, 0x96, 0x96, 0x29,
    0x6a, 0x12, 0x3a, 0x96, 0x68, 0x94, 0x8e, 0x3a,
    0xfe, 0x2d, 0x71, 0x0c, 0x54, 0x28, 0x67, 0xbf,
    0x95, 0x69, 0x68, 0x73, 0xee, 0xe6, 0x5d, 0x65,
    0x79, 0x57, 0xe5, 0x45, 0x08, 0xbd, 0xf1, 0x8c,
    0x59, 0x45, 0x97, 0xa9, 0x43, 0xd6, 0xbd, 0xb5,
    0x34, 0xf0, 0x6a, 0x0a, 0x52, 0x6e, 0x47, 0xa6
    },

    // Private key
    {
        0x0f, 0x3f, 0xab, 0x80, 0xf1, 0x29, 0x5d, 0x41,
        0xf7, 0xbb, 0xff, 0xa6, 0x0a, 0x28, 0x9d, 0x46,
        0x56, 0x28, 0x7c, 0x9b, 0x3e, 0x4a, 0x06, 0x95,
        0x7d, 0xea, 0x04, 0x1e, 0xab, 0x9a, 0x78, 0x17
    }
};

//
// ECDH/ECDSA keys
//

const SYMCRYPT_SELFTEST_ECKEY_P256 eckey1 =
{
    // Qxy
    {
        //Qx
        0xdd, 0xd5, 0x15, 0x20, 0x43, 0x8d, 0x41, 0xa9,
        0x18, 0xcf, 0x62, 0xc2, 0x13, 0xf7, 0xed, 0xb2,
        0xf9, 0x8f, 0x02, 0xa3, 0x78, 0x30, 0x7e, 0x22,
        0x8f, 0xc1, 0x44, 0xbe, 0xde, 0xc6, 0x65, 0x91,
        //Qy
        0x72, 0xad, 0x17, 0xad, 0x51, 0x8c, 0xd3, 0x60,
        0x0f, 0x54, 0xc0, 0xf4, 0xc3, 0x22, 0x5b, 0x44,
        0xab, 0xad, 0x28, 0xb5, 0x56, 0x8e, 0x78, 0x0a,
        0x6a, 0x09, 0x6b, 0x65, 0x81, 0x6d, 0x6f, 0x99
    },
    //d
    {
        0x07, 0x36, 0x9f, 0xb2, 0x35, 0xce, 0xe2, 0xd4,
        0x7e, 0x13, 0x35, 0x31, 0xae, 0xa5, 0x6e, 0x6c,
        0x96, 0xd3, 0x9f, 0x3b, 0xa7, 0x74, 0xae, 0xf9,
        0x7a, 0x56, 0x6e, 0xfe, 0x32, 0x3f, 0x43, 0xaa
    },
};

const SYMCRYPT_SELFTEST_ECKEY_P256 eckey2 =
{
    // Qxy
    {
        //Qx
        0x21, 0xf2, 0xf7, 0x08, 0x8c, 0x71, 0x59, 0xa7,
        0x0c, 0xe1, 0xb9, 0x1a, 0xe0, 0xed, 0x69, 0xbe,
        0x44, 0xeb, 0xa3, 0x51, 0xfd, 0x32, 0x4a, 0x90,
        0xdc, 0xde, 0xa4, 0x10, 0xe4, 0x44, 0x69, 0x29,
        //Qy
        0x74, 0xd0, 0xc6, 0xbd, 0xe5, 0x13, 0x68, 0x07,
        0x9f, 0x40, 0x5e, 0xbf, 0x9e, 0x61, 0x7c, 0x3f,
        0xc8, 0x16, 0xe2, 0xd5, 0x0e, 0xf8, 0x09, 0x15,
        0xf3, 0x30, 0xba, 0x45, 0x25, 0xab, 0x9a, 0xae
    },
    //d
    {
        0xd0, 0x93, 0xf2, 0x34, 0x82, 0x39, 0xa6, 0x5c,
        0xd7, 0xe5, 0x10, 0x27, 0x0f, 0xfc, 0x0a, 0x0d,
        0x89, 0x97, 0x10, 0xa7, 0x50, 0x5a, 0xc4, 0x1b,
        0x5d, 0x18, 0x03, 0x2f, 0x7d, 0x46, 0x58, 0x4d
    }
};

// Shared secret generated from the two keys above
const BYTE rgbEcdhKnownSecret[] =
{
    0x16, 0x94, 0xc8, 0xb3, 0xe9, 0xbe, 0x65, 0x41,
    0x75, 0xba, 0x71, 0x5d, 0x0a, 0xab, 0x6f, 0x6d,
    0xeb, 0xdb, 0x70, 0x75, 0xd1, 0x9e, 0x90, 0x7f,
    0xb6, 0x08, 0x32, 0x29, 0x34, 0x40, 0x1e, 0xd4
};

//
// Key from http://csrc.nist.gov/cryptval/dss/RSAExample.zip.
//
const SYMCRYPT_SELFTEST_RSAKEY_2048 rsakey =
{
    // publicExp
    0x3,
    // modulus
    {
        0x8f, 0xf3, 0x13, 0xb3, 0xad, 0xd8, 0x83, 0xd8,
        0x82, 0x2f, 0x46, 0xe1, 0x5e, 0x43, 0x6e, 0x38,
        0x7d, 0xa7, 0x84, 0xd3, 0x5e, 0xb4, 0x91, 0x2b,
        0x87, 0x89, 0x95, 0x30, 0x0b, 0x04, 0xdd, 0xe7,
        0x21, 0x6d, 0x24, 0xaf, 0xbe, 0x57, 0x0a, 0x0d,
        0x6a, 0x10, 0xd9, 0xa1, 0xf6, 0x02, 0x03, 0xd1,
        0x7e, 0x4d, 0xdb, 0xda, 0xa4, 0x96, 0x4c, 0x61,
        0x41, 0xfb, 0xbd, 0xc7, 0x2c, 0xd9, 0x30, 0xdb,
        0x0a, 0x43, 0x6d, 0x41, 0xce, 0x28, 0xad, 0xaf,
        0xbe, 0x94, 0x55, 0x39, 0x95, 0x94, 0xfc, 0x9a,
        0x8b, 0x80, 0x25, 0x4b, 0xf7, 0xdc, 0x8c, 0xfb,
        0xce, 0x92, 0xcf, 0x7a, 0xd7, 0x5e, 0x0f, 0x12,
        0x5d, 0xca, 0x5a, 0xaf, 0x94, 0xcf, 0x13, 0x99,
        0x7c, 0xb2, 0x71, 0x81, 0x73, 0x4c, 0xbd, 0x56,
        0x7c, 0x55, 0xc3, 0x73, 0xa4, 0x74, 0xac, 0xb8,
        0xb5, 0x6f, 0xdd, 0x54, 0x3b, 0x97, 0x8a, 0x3a,
        0x72, 0xe0, 0xb3, 0x8d, 0x5a, 0xb4, 0xd8, 0x54,
        0x3d, 0xc1, 0x9f, 0x69, 0x7f, 0xc0, 0x30, 0x1e,
        0xd6, 0xb5, 0x4f, 0xcd, 0xe5, 0xdd, 0x68, 0x08,
        0x93, 0x92, 0x1f, 0x9f, 0xe3, 0x23, 0x84, 0x12,
        0xc9, 0xbb, 0xa5, 0xb8, 0x53, 0x14, 0x8b, 0xe0,
        0xa4, 0x93, 0x97, 0x89, 0x05, 0x16, 0xb2, 0xc8,
        0x70, 0x2a, 0xc8, 0x46, 0xcd, 0x92, 0x43, 0xad,
        0x6a, 0x35, 0x3e, 0x84, 0xcc, 0xbf, 0xa7, 0xfe,
        0x79, 0x9e, 0xf4, 0xc3, 0x7d, 0xde, 0x97, 0xa0,
        0x25, 0x7f, 0x93, 0x9c, 0xbc, 0x14, 0xce, 0xd6,
        0xd8, 0x6c, 0x47, 0x0f, 0xc9, 0x88, 0xd4, 0x35,
        0x05, 0x87, 0x83, 0xf8, 0xcb, 0xd8, 0xa6, 0x7e,
        0xd2, 0xd8, 0xcd, 0xe7, 0x1c, 0x6e, 0x74, 0xdd,
        0xc6, 0x49, 0xe5, 0x6f, 0x51, 0xc6, 0x29, 0x2a,
        0x15, 0xc1, 0xff, 0xbd, 0x85, 0x6e, 0xe1, 0x5f,
        0x49, 0xda, 0xcc, 0xbb, 0x74, 0x2a, 0x8a, 0xb9
    },
    // prime1
    {
        0xc8, 0x23, 0xbd, 0x5e, 0x64, 0x04, 0xba, 0xc4,
        0x51, 0x1d, 0x15, 0x05, 0xdc, 0xd1, 0x33, 0x3c,
        0xc3, 0xbe, 0xca, 0x9a, 0x7f, 0x43, 0x50, 0x0b,
        0x61, 0x3f, 0xb4, 0x16, 0xe0, 0x1c, 0x4b, 0x05,
        0x32, 0x0d, 0x0d, 0x47, 0x19, 0x93, 0x01, 0x12,
        0x00, 0x46, 0xf6, 0x4d, 0x46, 0xd2, 0x74, 0xac,
        0xda, 0x40, 0xf2, 0x1d, 0x08, 0x77, 0x49, 0x63,
        0x92, 0x02, 0x69, 0x00, 0x03, 0x13, 0x4b, 0x59,
        0x40, 0xc8, 0x27, 0x15, 0x60, 0xae, 0xe6, 0xc6,
        0xbd, 0x84, 0xda, 0xcb, 0x4b, 0x41, 0xad, 0x75,
        0x29, 0x58, 0x97, 0x68, 0x76, 0x3a, 0xd4, 0x44,
        0x66, 0x1c, 0x56, 0x85, 0x95, 0xfb, 0xb7, 0xa8,
        0x9b, 0xde, 0x71, 0x90, 0xe0, 0x63, 0x64, 0xdf,
        0xff, 0xc6, 0xe5, 0x2d, 0x5d, 0x87, 0x73, 0x94,
        0x61, 0x89, 0x23, 0x3b, 0x8f, 0x38, 0xdf, 0x67,
        0x14, 0x2b, 0x0a, 0x79, 0x61, 0x2d, 0xed, 0x0f
    },
    // prime2
    {
        0xb8, 0x20, 0x79, 0xad, 0x07, 0x09, 0x04, 0x80,
        0x78, 0x39, 0x24, 0x4a, 0xd8, 0x1f, 0xa3, 0x82,
        0x51, 0x8c, 0x18, 0x31, 0x5e, 0x5c, 0x00, 0xae,
        0x82, 0x58, 0x10, 0xac, 0x3a, 0x5b, 0xca, 0x77,
        0x30, 0xb4, 0x4f, 0x7b, 0xb1, 0xcc, 0x74, 0x06,
        0x61, 0x09, 0x17, 0x4f, 0x2e, 0xf1, 0xb4, 0xb6,
        0x82, 0x93, 0x33, 0x4d, 0xbd, 0x22, 0x04, 0x98,
        0xe2, 0xe4, 0x6e, 0x91, 0x90, 0x4a, 0x24, 0xef,
        0x35, 0x61, 0x1a, 0xa8, 0x7e, 0x69, 0x96, 0xb5,
        0x12, 0xc2, 0x8a, 0x15, 0x7f, 0x10, 0x21, 0x14,
        0x74, 0x97, 0x98, 0xcd, 0x32, 0xe7, 0x4f, 0xee,
        0x3d, 0xbe, 0x20, 0xbb, 0x57, 0x2a, 0xef, 0x56,
        0xae, 0xee, 0x82, 0x3d, 0x55, 0x35, 0xb3, 0x87,
        0x46, 0x96, 0x01, 0xd7, 0x83, 0x40, 0xfd, 0x94,
        0x0d, 0x2f, 0xe3, 0xe0, 0x92, 0x42, 0x02, 0xe7,
        0xbf, 0x02, 0xc1, 0x0f, 0xd1, 0x52, 0x9b, 0xb7
    }
};

// RSA-2048 PKCS1 signature on rgbSha256Hash generated with rsakey
const BYTE rgbRsaPkcs1Sig[] = {
    0x8c, 0x01, 0x48, 0x38, 0x1a, 0x8f, 0xa9, 0xae, 0x55, 0xa6, 0xad, 0x04, 0x5f, 0x78, 0x1a, 0xf5,
    0xae, 0xf4, 0x09, 0x5d, 0x9c, 0x3a, 0xe2, 0x13, 0xf2, 0x04, 0xd8, 0x8a, 0xf7, 0x58, 0x4f, 0xe5,
    0xb0, 0xcc, 0xea, 0xd8, 0xd0, 0xc4, 0x57, 0xd1, 0x9e, 0x61, 0xa8, 0x62, 0xb3, 0x39, 0x03, 0xf6,
    0x13, 0x45, 0x6f, 0x88, 0x1a, 0x14, 0x33, 0x07, 0x20, 0x17, 0xab, 0xe1, 0x00, 0x93, 0x69, 0x03,
    0x37, 0x69, 0xbb, 0x0e, 0x0f, 0x63, 0x57, 0xed, 0xb7, 0x56, 0x3a, 0x5d, 0xf1, 0x93, 0xd3, 0x76,
    0x90, 0xf3, 0xed, 0x25, 0x6f, 0xc5, 0xc8, 0xcb, 0x1a, 0xd7, 0xce, 0x02, 0x80, 0x28, 0xa3, 0x5f,
    0x02, 0x6b, 0xf1, 0xfa, 0x94, 0x08, 0xbb, 0x79, 0xfd, 0x51, 0x37, 0xf1, 0x48, 0xe9, 0x55, 0xaa,
    0x0f, 0xb0, 0xaf, 0x5d, 0x5f, 0xe9, 0x28, 0x7f, 0xb2, 0x67, 0x96, 0x6d, 0x91, 0x7c, 0x98, 0x0d,
    0x60, 0x27, 0xea, 0x62, 0xf5, 0x22, 0x60, 0x0a, 0xbd, 0xfe, 0x9d, 0xd5, 0x96, 0xa6, 0x02, 0xbb,
    0x6c, 0x51, 0x36, 0x74, 0x92, 0x23, 0xb9, 0x4b, 0x87, 0xf4, 0xef, 0x2b, 0x00, 0x34, 0xe3, 0xfb,
    0x10, 0x1b, 0xcc, 0xab, 0xc4, 0xe5, 0xda, 0x27, 0xf5, 0xf2, 0x55, 0x18, 0x65, 0x59, 0x8b, 0xed,
    0x8e, 0x52, 0x78, 0x5a, 0xc7, 0x4b, 0x6b, 0x1b, 0x66, 0x67, 0xe6, 0xc0, 0xd7, 0x5a, 0x2a, 0xab,
    0xce, 0x1d, 0xf2, 0xdf, 0x92, 0xe0, 0xdb, 0xf7, 0x34, 0xe3, 0x05, 0x10, 0xe4, 0x13, 0x7b, 0x29,
    0x14, 0xa5, 0x41, 0xcb, 0x6e, 0x81, 0x33, 0xd0, 0xf9, 0x93, 0xa8, 0x85, 0xd1, 0xf4, 0xea, 0xfc,
    0xaf, 0x5d, 0x7b, 0xc7, 0xf4, 0xff, 0x6c, 0x1e, 0x76, 0x18, 0xc6, 0x09, 0xe9, 0x8a, 0xa4, 0x57,
    0xe6, 0x6b, 0x3e, 0x32, 0x36, 0xb4, 0xfd, 0x6a, 0xea, 0x87, 0xe0, 0xe6, 0x42, 0x3e, 0xdc, 0x58
};

// SHA256 hash for DSA, ECDSA, RSA sign/verify tests
// Hashed from: { 0x61, 0x62, 0x63 }
const BYTE rgbSha256Hash[] =
{
    0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
    0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
    0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
    0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
};


// XMSS-SHA2_10_192 public-key and signature for message "abc"
const BYTE rgbXmssSha2_10_192Pubkey[] =
{
    // Algorithm ID
    0x00, 0x00, 0x00, 0x0d,
    
    // Root
    0x7e, 0x63, 0xd5, 0x1d, 0xdf, 0x92, 0x0f, 0x10,
    0x63, 0x52, 0x82, 0x38, 0xdf, 0x15, 0x0e, 0x83,
    0x5c, 0x74, 0x0a, 0x25, 0x10, 0xc8, 0x3b, 0xdc,
    
    // Seed
    0x75, 0x78, 0x08, 0x77, 0xb0, 0x90, 0x02, 0x63,
    0x45, 0x4b, 0xf9, 0xad, 0xee, 0x52, 0x04, 0x75,
    0x45, 0x13, 0x99, 0xdd, 0x9f, 0xbb, 0xc7, 0x43,
};

const BYTE rgbXmssSha2_10_192Signature[] =
{
    // Idx
    0x00, 0x00, 0x00, 0x03,

    // Randomness
    0xf8, 0xbe, 0x24, 0x0e, 0x21, 0x1f, 0x9b, 0x7f, 0x3a, 0x81, 0x82, 0x32, 0x79, 0xe2, 0x2f, 0x42,
    0xa5, 0x5a, 0xea, 0x32, 0x75, 0x58, 0x47, 0x8a,
    
    // WOTSP signature
    0x2d, 0xaa, 0x55, 0xc6, 0xdb, 0xa4, 0x46, 0x83, 0xda, 0x62, 0xba, 0x67, 0x1a, 0xa2, 0x53, 0x4a,
    0xbf, 0xf4, 0x0c, 0x4e, 0x8d, 0xa6, 0x3b, 0xdf, 0x92, 0x1c, 0x80, 0xb7, 0xe6, 0x58, 0x66, 0xf3,
    0x5d, 0x01, 0xd7, 0x31, 0x70, 0x7e, 0x22, 0x04, 0x73, 0xb0, 0xaa, 0x7a, 0x64, 0xf9, 0xba, 0xf5,
    0x37, 0x58, 0x98, 0x7e, 0x9c, 0x81, 0xd4, 0xa5, 0xe0, 0x2e, 0xed, 0x6b, 0x61, 0x57, 0xe5, 0x73,
    0x80, 0x42, 0x79, 0xe2, 0x30, 0x9d, 0xa8, 0x9c, 0x0c, 0x10, 0x1f, 0xb9, 0xf5, 0xa0, 0x17, 0x0e,
    0xa0, 0x99, 0xa4, 0xd8, 0x42, 0xea, 0x90, 0xa3, 0xb0, 0x20, 0x89, 0x02, 0x35, 0xfe, 0x86, 0x2e,
    0x9a, 0x72, 0x41, 0x72, 0x77, 0xb6, 0xbd, 0x30, 0x05, 0xb0, 0xfa, 0xb4, 0x43, 0xc9, 0xfe, 0x54,
    0x3f, 0x78, 0x83, 0x87, 0x1a, 0x10, 0xeb, 0x8a, 0xf3, 0xbe, 0x59, 0x67, 0x86, 0x26, 0x6e, 0xa2,
    0xff, 0xaa, 0xb1, 0xa4, 0xb3, 0xcb, 0xfd, 0xe5, 0x31, 0xb3, 0xd4, 0x2a, 0x02, 0x5e, 0xea, 0xfb,
    0xea, 0x95, 0x70, 0xa2, 0x56, 0xe9, 0x9e, 0xd1, 0x84, 0x0b, 0xd4, 0xc8, 0xa3, 0xee, 0x46, 0x48,
    0x96, 0x1f, 0x30, 0x7d, 0x86, 0x63, 0x47, 0x18, 0xb2, 0xe2, 0x3b, 0xe3, 0x89, 0x28, 0x5b, 0x6f,
    0x5d, 0x2a, 0xe4, 0xe5, 0x3e, 0xb2, 0x2a, 0x97, 0x00, 0x04, 0xe7, 0xe3, 0x87, 0xa3, 0x6b, 0x73,
    0xe3, 0xcd, 0x99, 0x5a, 0x8b, 0x93, 0x6a, 0x28, 0x53, 0x66, 0x5b, 0x21, 0x0b, 0x88, 0x2f, 0x01,
    0x31, 0x37, 0x03, 0x21, 0xf9, 0xd6, 0x47, 0x99, 0x75, 0x81, 0x27, 0x7b, 0x24, 0xa4, 0x23, 0x32,
    0x33, 0x6b, 0x3b, 0x8f, 0xe3, 0x5b, 0x38, 0xcc, 0xa5, 0x53, 0xb0, 0x15, 0xd3, 0xc8, 0x42, 0x75,
    0x2d, 0x73, 0x5a, 0x80, 0x01, 0x10, 0x66, 0x48, 0xf6, 0x3e, 0x36, 0x84, 0xc8, 0xc0, 0x7a, 0xf6,
    0xfb, 0xe1, 0xe8, 0x15, 0x3e, 0x9e, 0x0c, 0xd0, 0x0c, 0x45, 0x82, 0xa3, 0xfa, 0x8a, 0x0b, 0x6f,
    0x84, 0x0b, 0x98, 0xf9, 0x58, 0x88, 0xb8, 0x13, 0xc7, 0xd7, 0x4e, 0x91, 0x89, 0x2f, 0xc0, 0x6f,
    0x00, 0xf1, 0x6d, 0x67, 0xea, 0xb8, 0xae, 0xbb, 0xa9, 0x12, 0xcb, 0xe6, 0x69, 0xd6, 0x0e, 0xb3,
    0xfb, 0xa8, 0xb0, 0x42, 0x06, 0x64, 0x25, 0x07, 0xcc, 0xb7, 0xa8, 0x05, 0x51, 0xc2, 0x9f, 0xe9,
    0xed, 0x59, 0xb9, 0xb0, 0x9d, 0x4c, 0x56, 0x8e, 0xc2, 0x48, 0xf6, 0x4a, 0x8b, 0x71, 0x90, 0xa1,
    0x3c, 0xd2, 0xf5, 0xab, 0x74, 0xca, 0xaf, 0x1c, 0x31, 0xa6, 0x45, 0x30, 0x89, 0xb4, 0xe1, 0x4a,
    0x82, 0x08, 0x75, 0x46, 0x16, 0xd8, 0x1e, 0x8a, 0x42, 0x6c, 0xa0, 0x63, 0x71, 0x41, 0x4f, 0x50,
    0xa8, 0xa2, 0x61, 0xcf, 0xb7, 0xd7, 0x4d, 0x91, 0x55, 0xf2, 0xf2, 0xdf, 0xf6, 0xe2, 0xac, 0xb3,
    0x6f, 0x54, 0x32, 0xb9, 0xf0, 0x3d, 0x8e, 0xf3, 0x04, 0xae, 0xdd, 0x8f, 0x53, 0xb9, 0x8b, 0xe3,
    0xcc, 0x3d, 0xbc, 0x54, 0xe4, 0xc4, 0x7c, 0x6d, 0x10, 0xfe, 0xd6, 0xeb, 0x12, 0xeb, 0xd1, 0xb1,
    0x0a, 0x74, 0x56, 0x81, 0x3a, 0x05, 0x45, 0x65, 0x37, 0x0e, 0x8c, 0x0c, 0x0d, 0xad, 0x3e, 0x91,
    0xc7, 0x9a, 0x3c, 0xe6, 0xd7, 0x3a, 0xfb, 0x9f, 0x54, 0x66, 0x03, 0x0d, 0x9e, 0x18, 0xe5, 0xa2,
    0x19, 0xca, 0x3a, 0xaa, 0x99, 0x6f, 0xe8, 0x15, 0xe3, 0x47, 0x4b, 0x90, 0x93, 0x17, 0x89, 0xda,
    0x13, 0xff, 0xe5, 0xad, 0x8b, 0xd5, 0xe8, 0xeb, 0x25, 0x3e, 0x10, 0x66, 0x8e, 0x13, 0x01, 0x4d,
    0xc1, 0xc9, 0x17, 0x56, 0x4e, 0x23, 0xef, 0x34, 0x22, 0xed, 0x8d, 0x84, 0x7c, 0xd8, 0x42, 0x7b,
    0x72, 0x3d, 0x45, 0x1f, 0x23, 0x60, 0x46, 0x1d, 0x60, 0xb4, 0xaf, 0x6d, 0xb9, 0xc3, 0xe3, 0xd4,
    0x05, 0xee, 0x24, 0xb7, 0x1e, 0xbe, 0x37, 0x3d, 0x62, 0xc5, 0xe1, 0x6c, 0xd7, 0xc3, 0x43, 0xf4,
    0x1c, 0x8b, 0x95, 0xb8, 0x31, 0x0d, 0x6f, 0x51, 0x0b, 0xb8, 0xf0, 0x87, 0xf2, 0x94, 0x5c, 0x25,
    0x2d, 0x84, 0x9a, 0x3b, 0x6b, 0x13, 0x61, 0xd6, 0x94, 0xa9, 0x53, 0x30, 0xd1, 0x00, 0x82, 0xb1,
    0x04, 0x29, 0x78, 0x43, 0x60, 0x92, 0x39, 0xf0, 0x9a, 0xfe, 0xfb, 0x5c, 0x7c, 0x5e, 0x5e, 0x54,
    0xcc, 0x9e, 0xf7, 0x67, 0x1c, 0x15, 0x6b, 0xa4, 0x5d, 0x90, 0xdd, 0x5c, 0x82, 0xef, 0x12, 0xca,
    0x0f, 0x42, 0xc7, 0x54, 0x0b, 0xfb, 0x8a, 0xc5, 0xfe, 0x6f, 0xdc, 0x95, 0x09, 0xd9, 0x7c, 0x19,
    0xc6, 0x66, 0x8a, 0xff, 0x45, 0x2d, 0x59, 0xd1, 0x82, 0xdd, 0x56, 0xaa, 0x65, 0xf7, 0x37, 0x76,
    0x66, 0xc4, 0x4d, 0x70, 0x4b, 0xc8, 0x3f, 0x47, 0xc2, 0xe8, 0xd3, 0xb6, 0xe4, 0x4e, 0xa7, 0xc3,
    0x0a, 0x29, 0x69, 0x57, 0xba, 0x64, 0x23, 0xd4, 0x75, 0x74, 0x12, 0x85, 0xf8, 0x42, 0x1d, 0xc9,
    0xd0, 0x65, 0x5a, 0x8f, 0xed, 0x49, 0xbb, 0x3d, 0x2e, 0xe5, 0xee, 0x14, 0x95, 0xc1, 0x92, 0xf6,
    0xf7, 0xac, 0xe1, 0x07, 0x00, 0x6c, 0x9b, 0xd9, 0xa8, 0x41, 0x96, 0xdc, 0x8b, 0x07, 0x05, 0xb8,
    0x16, 0x54, 0x34, 0x29, 0xf9, 0x3e, 0x5a, 0x86, 0x82, 0x93, 0xa2, 0x5f, 0xf8, 0x4b, 0x3c, 0x52,
    0xf8, 0x5a, 0x62, 0x0e, 0x01, 0xe0, 0x26, 0xcd, 0x3b, 0x04, 0xa8, 0xe1, 0x00, 0xc9, 0x06, 0x16,
    0x51, 0x79, 0xaa, 0xb4, 0x56, 0x44, 0x08, 0x20, 0x17, 0xc1, 0x2f, 0x17, 0xc5, 0x8c, 0xbb, 0xad,
    0x8c, 0x28, 0x53, 0x29, 0x1c, 0xde, 0xf1, 0xa3, 0xa1, 0x04, 0x1d, 0x01, 0x7f, 0xe5, 0xa8, 0xb2,
    0xea, 0xb6, 0x4b, 0x7b, 0x3e, 0x3b, 0x50, 0x6b, 0x2a, 0x72, 0x5a, 0x5e, 0xd7, 0x9b, 0xf4, 0x16,
    0x1f, 0xec, 0x18, 0x2f, 0xc7, 0xa0, 0xb2, 0xb5, 0x25, 0xd0, 0x34, 0x64, 0x89, 0x00, 0x00, 0x85,
    0xab, 0x6e, 0x90, 0x31, 0x3f, 0x91, 0x59, 0x35, 0x5c, 0x88, 0x25, 0xe6, 0xc3, 0x79, 0xde, 0x27,
    0x8a, 0xab, 0x40, 0x4f, 0x17, 0xba, 0x04, 0xc7, 0x1a, 0xd9, 0x36, 0x92, 0x9c, 0x6a, 0x3c, 0xc8,
    0x28, 0x6b, 0x2d, 0x15, 0x86, 0x6c, 0xe4, 0x4d, 0x48, 0x70, 0xbb, 0x09, 0xeb, 0xa9, 0x69, 0xef,
    0xff, 0xee, 0xed, 0xbf, 0x82, 0x61, 0xb3, 0x3d, 0x63, 0x70, 0xfb, 0x4c, 0x8c, 0x1d, 0xca, 0xf4,
    0x6f, 0x10, 0x36, 0x3b, 0x00, 0x65, 0x0c, 0x40, 0x47, 0x4c, 0xbb, 0x9f, 0x7a, 0x53, 0x72, 0x91,
    0x6d, 0x4a, 0xe0, 0xf4, 0x89, 0xeb, 0x53, 0x99, 0x1a, 0x1a, 0xf3, 0xee, 0xc3, 0x93, 0xc7, 0x30,
    0x3f, 0x61, 0xb6, 0xab, 0x6f, 0x0a, 0xab, 0xa8, 0xbf, 0x33, 0x69, 0x82, 0xda, 0x12, 0xc8, 0xab,
    0x8f, 0x01, 0x84, 0x30, 0x51, 0xf3, 0x12, 0xc5, 0xe2, 0x1c, 0xb7, 0x63, 0xb8, 0x14, 0x33, 0x5f,
    0x7b, 0x9a, 0x68, 0x4f, 0x27, 0xf9, 0x40, 0xa0, 0xad, 0x23, 0xf5, 0xf2, 0xf4, 0x78, 0xc4, 0x93,
    0x2d, 0xfc, 0xe8, 0xea, 0x5c, 0x00, 0x2a, 0x13, 0x4f, 0x2b, 0x5b, 0x26, 0x39, 0x50, 0xaf, 0x52,
    0x33, 0xdd, 0xcd, 0xf3, 0x86, 0x53, 0x8f, 0xc6, 0xfe, 0x87, 0x2e, 0x73, 0xab, 0x34, 0xcb, 0xd4,
    0xc8, 0x76, 0x9d, 0x00, 0xd7, 0x98, 0x5b, 0x85, 0x95, 0x75, 0xcd, 0xb0, 0x07, 0xa6, 0xaf, 0xa8,
    0xf5, 0x58, 0x2e, 0xc8, 0xd0, 0x50, 0x7c, 0xc2, 0x1e, 0x71, 0x86, 0x86, 0xdb, 0x72, 0xcc, 0x68,
    0x78, 0x51, 0x6d, 0xe1, 0x13, 0xdc, 0x6c, 0x89, 0xa6, 0x4a, 0xf5, 0x43, 0xf3, 0x29, 0x31, 0xbe,
    0x16, 0xab, 0x8b, 0xdf, 0x52, 0x0a, 0xc1, 0x7d, 0x04, 0x57, 0x39, 0xbb, 0x9a, 0x8d, 0x64, 0x7f,
    0xf1, 0x64, 0x9e, 0xfc, 0x12, 0x8b, 0x84, 0x85, 0x5e, 0x93, 0x35, 0xa6, 0x18, 0xcb, 0xbb, 0x1f,
    0x37, 0xda, 0xc2, 0x19, 0xa3, 0x6e, 0x31, 0x8a, 0xa5, 0x50, 0xea, 0x70, 0xe1, 0x72, 0x20, 0x35,
    0x09, 0x47, 0xa3, 0xc8, 0xbc, 0x23, 0xdf, 0x9c, 0x26, 0x36, 0x1b, 0x5a, 0x1f, 0x5f, 0x33, 0x81,
    0xd6, 0xbd, 0x94, 0x84, 0x06, 0x81, 0x80, 0x1a, 0xbd, 0x01, 0x9f, 0x4c, 0x66, 0x79, 0xc1, 0x2f,
    0x84, 0x3a, 0xbb, 0x30, 0x68, 0xce, 0xd3, 0x94, 0xec, 0x92, 0xee, 0xd2, 0xe5, 0x28, 0x3f, 0xdd,
    0x3f, 0xf1, 0x8d, 0x71, 0x5a, 0x56, 0xe3, 0x88, 0x2c, 0x6e, 0x6f, 0xd7, 0x41, 0x41, 0xa4, 0xa6,
    0xcb, 0x38, 0xfd, 0x8e, 0x18, 0xde, 0x7c, 0xd2, 0x9d, 0xec, 0xae, 0xac, 0xce, 0x5b, 0x20, 0x6f,
    0x43, 0x06, 0x70, 0x1b, 0x1a, 0x10, 0xfd, 0x1c, 0x24, 0x8a, 0x99, 0xa2, 0x6e, 0xde, 0x2c, 0xfe,
    0xd2, 0x49, 0xe7, 0xa3, 0x4b, 0x76, 0x1a, 0xf1, 0xee, 0xee, 0xd3, 0xb5, 0x1c, 0xb1, 0xdc, 0x20,
    0xe5, 0x5c, 0x8d, 0x83, 0xa6, 0xf8, 0x12, 0x2e, 0x6c, 0x6a, 0x2e, 0x16, 0x23, 0xed, 0x3c, 0x96,
    0x52, 0x9c, 0x51, 0x0f, 0x2d, 0xbe, 0x1b, 0x3d, 0x6a, 0xd2, 0xf5, 0x43, 0xde, 0x7a, 0x5c, 0x07,
    0x85, 0x42, 0x89, 0x49, 0xa6, 0x08, 0x82, 0x13, 0xcd, 0xa1, 0xd5, 0x7d, 0x86, 0x51, 0x9b, 0x20,
    0x44, 0x59, 0x71, 0x24, 0x72, 0xcc, 0xf0, 0x69,
    
    // Authentication nodes
    0x51, 0x4f, 0x87, 0x42, 0xee, 0x41, 0x95, 0x4d, 0x7c, 0x77, 0x36, 0x33, 0x58, 0x8c, 0xaa, 0x8e,
    0x24, 0x53, 0xaf, 0x69, 0xdc, 0x0a, 0xd9, 0x62, 0x5b, 0x42, 0xf1, 0x46, 0xcd, 0x85, 0x59, 0x18,
    0x85, 0x48, 0xd3, 0x4c, 0xbe, 0xd6, 0xb3, 0x36, 0x3f, 0x1f, 0x2b, 0x30, 0x13, 0x87, 0x2b, 0xd5,
    0xcd, 0xb7, 0x6b, 0x19, 0x68, 0x16, 0x91, 0x25, 0xc2, 0x0e, 0xbe, 0xb6, 0xbb, 0x6d, 0xe1, 0x37,
    0x4d, 0x4c, 0x0a, 0x80, 0x02, 0x01, 0xdd, 0xfb, 0x0e, 0xb3, 0xaa, 0xf9, 0x83, 0x0d, 0x44, 0x72,
    0x64, 0x5b, 0xec, 0xbf, 0xe0, 0x98, 0xd7, 0x4f, 0x09, 0x85, 0xf9, 0x99, 0x88, 0x78, 0xa7, 0xad,
    0x6b, 0xce, 0xa3, 0xa0, 0x74, 0x72, 0xe1, 0x3a, 0x39, 0x29, 0x3f, 0x1b, 0xcd, 0xfe, 0x60, 0x54,
    0xf5, 0xdb, 0xa3, 0xd6, 0x21, 0xde, 0x8c, 0x6f, 0x33, 0x52, 0x0c, 0xfb, 0x61, 0x60, 0x88, 0xb3,
    0x17, 0x8a, 0xe5, 0x4a, 0xaa, 0x5b, 0x64, 0x01, 0x33, 0x57, 0x46, 0x91, 0x61, 0x95, 0x93, 0x08,
    0xe8, 0x0d, 0xba, 0xda, 0x0c, 0xeb, 0x96, 0x7b, 0x73, 0xa5, 0x79, 0xe4, 0x0b, 0x93, 0x51, 0x28,
    0xa3, 0x44, 0x76, 0x62, 0xe6, 0xbe, 0xca, 0x0e, 0x37, 0x7b, 0xf6, 0xfb, 0xbd, 0x6c, 0xd7, 0x8f,
    0xba, 0x75, 0xd5, 0x6b, 0xc1, 0xc2, 0x04, 0xfa, 0xf8, 0xe3, 0x07, 0x10, 0x6f, 0xb4, 0x97, 0xf1,
    0xd7, 0xa8, 0x83, 0xa9, 0x9f, 0x20, 0x9c, 0xfc, 0xa7, 0x45, 0x71, 0x36, 0xeb, 0x26, 0xc7, 0x1d,
    0x8a, 0x3c, 0x66, 0x78, 0x02, 0xc5, 0x76, 0xa1, 0xd5, 0xc2, 0x15, 0x86, 0x2e, 0x8a, 0x46, 0xde,
    0x45, 0xcf, 0xaf, 0xdd, 0xe3, 0xbe, 0xb6, 0x5e, 0x88, 0x1f, 0x9e, 0x63, 0xa6, 0xca, 0x89, 0x8b,
};

const BYTE rgbDsaKnownAnswerTestSignature[64] = {
    0x93, 0xa5, 0xe2, 0x73, 0xd0, 0x00, 0xd4, 0x9a, 0x12, 0x24, 0x2f, 0x0f, 0xcf, 0x03, 0xe2, 0x10,
    0x05, 0x47, 0xd8, 0x84, 0x09, 0x8c, 0xc4, 0xde, 0xed, 0x83, 0xac, 0x10, 0xa8, 0x46, 0x57, 0x31,
    0x64, 0x65, 0xe3, 0x18, 0xa3, 0xbe, 0x99, 0x1d, 0x88, 0x06, 0x19, 0x7f, 0x76, 0xd3, 0x0b, 0x3f,
    0xf4, 0xb0, 0x19, 0xbe, 0x3c, 0x26, 0xd1, 0xd6, 0x98, 0xa1, 0x1d, 0xf4, 0x0b, 0x67, 0xc6, 0xc5
};

const BYTE rgbEcDsaKnownAnswerTestK[32] = {
    0x0a, 0xdc, 0xe3, 0x27, 0xd4, 0x62, 0x95, 0x3b, 0x3a, 0x4e, 0xfd, 0xa5, 0x07, 0x32, 0x6f, 0x3b,
    0xda, 0xaa, 0x52, 0x4c, 0xad, 0x2d, 0xf6, 0x23, 0x8a, 0x93, 0x87, 0xdd, 0xd0, 0x25, 0x91, 0x00
};

const BYTE rgbEcDsaKnownAnswerTestSignature[64] = {
    0x95, 0xc5, 0xd8, 0xce, 0xe6, 0xcf, 0x79, 0xd3, 0x13, 0x03, 0xf3, 0x96, 0x86, 0x0c, 0x4b, 0x0c,
    0xe4, 0xdd, 0x61, 0x3d, 0x78, 0x24, 0x7a, 0x05, 0x56, 0x7e, 0x02, 0xaf, 0xdd, 0x57, 0x40, 0xd4,
    0x7b, 0xeb, 0xae, 0xf3, 0x8a, 0x12, 0x16, 0xf6, 0x2b, 0x15, 0x6e, 0x98, 0x74, 0x32, 0xbd, 0x6b,
    0x07, 0x09, 0xe2, 0x55, 0xeb, 0xfb, 0x0c, 0x18, 0xaf, 0xc3, 0xc2, 0x39, 0x78, 0x4e, 0x59, 0x40
};

const BYTE rgbMlKemKeyPrivateSeed[64] = { 0 };
const BYTE rgbMlKemSelfTestEncapsRandomness[32] = { 0 };

const BYTE rgbMlKemSelfTestAgreedSecret[32] =
{
    0x4A, 0xD5, 0x3A, 0x06, 0xB2, 0x9F, 0x12, 0x56,
    0x84, 0x21, 0xA5, 0x52, 0xC0, 0x81, 0x95, 0xB5,
    0x86, 0x73, 0xC8, 0x2F, 0x87, 0x0C, 0xC1, 0xCC,
    0xD6, 0x5A, 0x08, 0xE4, 0x32, 0x5F, 0xEB, 0x27, 
};

const BYTE rgbMlKemSelfTestImplicitRejectionSecret[32] =
{
    0x94, 0x96, 0x60, 0xA2, 0x4D, 0xA1, 0xE9, 0x8E,
    0x71, 0xB5, 0x72, 0x66, 0x07, 0x0A, 0x0C, 0x51,
    0xB3, 0x24, 0x29, 0xD1, 0x70, 0xA3, 0x16, 0x4E,
    0x4B, 0x41, 0xE0, 0xDE, 0x13, 0x49, 0xCD, 0x75,
};

const SYMCRYPT_SELFTEST_MLKEMKEY_DECAPS_512 mlKemDecapsKey =
{
    {
        0x87, 0xCA, 0x19, 0x93, 0xB6, 0x4D, 0x89, 0x32,
        0xAE, 0x3B, 0x22, 0x52, 0x82, 0xA1, 0xB3, 0xC1,
        0x37, 0x65, 0xDC, 0xC1, 0x22, 0x4C, 0x43, 0x77,
        0x33, 0x0A, 0x04, 0xEC, 0xEC, 0x0B, 0x25, 0x05,
        0x40, 0x07, 0x53, 0x82, 0xBE, 0x37, 0x52, 0x53,
        0x12, 0x87, 0x7D, 0x77, 0x69, 0xFD, 0x59, 0x4F,
        0xBD, 0x16, 0x42, 0x82, 0x58, 0x9D, 0xEE, 0x5C,
        0x0F, 0x2C, 0x14, 0x7F, 0xC6, 0x2A, 0x95, 0x42,
        0x10, 0x3C, 0x08, 0xBC, 0xCC, 0xA0, 0x05, 0x82,
        0xE9, 0xC5, 0x26, 0x81, 0xFA, 0xB8, 0x79, 0x78,
        0x5B, 0x3E, 0x79, 0x49, 0x68, 0x44, 0xB3, 0x7B,
        0xF5, 0x26, 0x62, 0x7A, 0x8A, 0x3C, 0xD8, 0x82,
        0x1F, 0x16, 0x1D, 0x92, 0x99, 0xAC, 0xC4, 0xA9,
        0xB9, 0x30, 0x32, 0x6B, 0x6B, 0x67, 0x3D, 0x16,
        0x13, 0x1D, 0xF0, 0x98, 0x94, 0x42, 0x90, 0x68,
        0xFC, 0x65, 0xA3, 0xE5, 0x16, 0x22, 0x09, 0x64,
        0xC0, 0x7D, 0x54, 0x03, 0x47, 0x89, 0xBE, 0xAE,
        0x61, 0x4B, 0x13, 0xA1, 0xCD, 0xAD, 0xBC, 0x20,
        0x5E, 0x36, 0x36, 0x34, 0x41, 0x1D, 0x5B, 0x3A,
        0x26, 0x91, 0x80, 0x75, 0xE0, 0x63, 0x9D, 0xD6,
        0x35, 0xC9, 0x28, 0x81, 0xA4, 0x6E, 0xFB, 0x95,
        0x01, 0x11, 0x8F, 0xCC, 0x18, 0xB3, 0x9A, 0x91,
        0x66, 0xA6, 0x37, 0x6C, 0xEB, 0x71, 0x42, 0x29,
        0xEC, 0x71, 0xA4, 0x99, 0x6D, 0x92, 0x97, 0x9D,
        0x94, 0x64, 0x6E, 0xC3, 0xF0, 0x5D, 0xA5, 0x49,
        0x8F, 0x66, 0xA5, 0x0A, 0x9A, 0xB9, 0xCF, 0x85,
        0x20, 0xA7, 0x28, 0xE1, 0xC2, 0x10, 0x08, 0x72,
        0x58, 0x71, 0x56, 0x3E, 0x7B, 0x47, 0x46, 0x81,
        0x7D, 0x74, 0xFA, 0xB2, 0xB6, 0xF2, 0xA0, 0xE3,
        0x4A, 0x0A, 0x5E, 0x95, 0x2B, 0x32, 0xF1, 0x07,
        0x2C, 0x30, 0x5E, 0x81, 0x84, 0x58, 0xF3, 0x42,
        0x34, 0xDB, 0xAA, 0xC4, 0x06, 0xCB, 0x63, 0x72,
        0xFA, 0x01, 0x86, 0xE8, 0xCA, 0xD7, 0x73, 0x1D,
        0xAC, 0xD8, 0x64, 0x60, 0x66, 0xB1, 0x19, 0xB1,
        0x59, 0xAC, 0x78, 0x21, 0xAB, 0x9A, 0x62, 0xBF,
        0xE8, 0x1B, 0xD1, 0xDC, 0x75, 0x08, 0xA4, 0x9E,
        0x22, 0x54, 0xA8, 0x36, 0x68, 0x4B, 0xB7, 0x22,
        0xA3, 0xBC, 0x04, 0x09, 0xE2, 0xE9, 0x4D, 0xCE,
        0xF5, 0x46, 0x69, 0x1A, 0x47, 0x80, 0xB2, 0xA5,
        0xA0, 0x24, 0xCF, 0x0D, 0x60, 0x95, 0x99, 0x33,
        0xAD, 0x6A, 0x58, 0x7A, 0x56, 0x53, 0x86, 0x44,
        0xA8, 0x3C, 0x1F, 0x92, 0x55, 0x3F, 0x3A, 0x3B,
        0x5F, 0x81, 0xAA, 0x0C, 0xC4, 0x4B, 0x1A, 0xE3,
        0x61, 0x8A, 0xD0, 0x5D, 0x29, 0x87, 0xB6, 0x7D,
        0x1C, 0x85, 0xA5, 0x14, 0xB0, 0xDE, 0x1C, 0x8D,
        0x5C, 0xC1, 0x5C, 0x04, 0xFC, 0x77, 0xAD, 0x03,
        0x55, 0x96, 0xE0, 0xA7, 0x43, 0xB5, 0x95, 0x9A,
        0xD5, 0x22, 0xEF, 0x13, 0x5F, 0x14, 0x9C, 0x0E,
        0x7E, 0x56, 0x89, 0x37, 0x33, 0xC9, 0x00, 0x54,
        0x7E, 0xEA, 0x32, 0x4F, 0x02, 0x85, 0xCD, 0xE5,
        0x9C, 0x25, 0x00, 0x3B, 0xAD, 0xC2, 0x72, 0x3A,
        0x38, 0x66, 0x95, 0xF9, 0xF4, 0x22, 0x1F, 0x50,
        0x19, 0x20, 0x6A, 0x31, 0x03, 0xF8, 0x97, 0x91,
        0xF0, 0x42, 0xBB, 0xC0, 0x86, 0xDE, 0x56, 0x93,
        0xF2, 0x78, 0x9B, 0xC9, 0x98, 0x16, 0x47, 0x83,
        0x67, 0x55, 0x92, 0x4E, 0x5A, 0xFA, 0x5D, 0x88,
        0xF9, 0xC8, 0xEF, 0xA8, 0x21, 0x34, 0x58, 0x5F,
        0xCA, 0xBB, 0x52, 0x98, 0xBC, 0x5C, 0xF5, 0xA7,
        0xAE, 0xC5, 0xFC, 0x78, 0xF9, 0xA5, 0x30, 0x16,
        0x68, 0x9D, 0x62, 0x17, 0x41, 0x7A, 0x95, 0xCF,
        0x27, 0xB6, 0x6D, 0xAE, 0x58, 0xA7, 0x28, 0x8C,
        0x8F, 0xC3, 0x28, 0xAC, 0x06, 0x79, 0x9D, 0x94,
        0xC4, 0x9D, 0xED, 0xB2, 0x61, 0xF4, 0x44, 0x86,
        0xEC, 0x12, 0xC3, 0x13, 0x97, 0xA7, 0x8B, 0x9A,
        0x63, 0x2E, 0xF1, 0x66, 0x08, 0x84, 0x32, 0xF6,
        0x15, 0x3B, 0x91, 0xCA, 0xCE, 0xF7, 0x40, 0x53,
        0xA9, 0x28, 0x11, 0x63, 0xA0, 0x23, 0x2E, 0xC4,
        0x44, 0x28, 0x05, 0x01, 0x02, 0x74, 0xCF, 0x9C,
        0x3A, 0x1A, 0xBC, 0x93, 0x8A, 0x2C, 0xE8, 0x9A,
        0xCA, 0xE1, 0x74, 0x62, 0x03, 0x88, 0xC7, 0x12,
        0x20, 0x96, 0x3C, 0x4D, 0x10, 0x79, 0x28, 0x6F,
        0x7B, 0xA8, 0x1B, 0xFB, 0x5E, 0x57, 0x17, 0xCC,
        0x6D, 0xD0, 0x72, 0x8A, 0xB2, 0x70, 0xA3, 0x0A,
        0x88, 0x03, 0x5B, 0x88, 0x5D, 0x35, 0x12, 0x8E,
        0xAC, 0xC1, 0x81, 0xCA, 0xB7, 0x2B, 0xB1, 0x96,
        0xF6, 0x35, 0xCE, 0xBB, 0x75, 0xAD, 0x0D, 0xD0,
        0xBA, 0x4E, 0x43, 0x5B, 0x31, 0x08, 0x93, 0x32,
        0x72, 0x63, 0x58, 0xC5, 0xA2, 0x70, 0x95, 0x12,
        0x8F, 0xF2, 0xC1, 0x61, 0xEB, 0x22, 0xE9, 0x4A,
        0x65, 0xA5, 0x48, 0x5D, 0x4C, 0x11, 0x78, 0x69,
        0x0B, 0x1F, 0x39, 0x2B, 0x7F, 0x63, 0x77, 0xAD,
        0x96, 0x6B, 0x67, 0x80, 0x90, 0x70, 0x57, 0x2B,
        0xBC, 0x68, 0x9C, 0xAA, 0xB2, 0xD8, 0x3C, 0xBF,
        0xD6, 0x4F, 0xC4, 0x28, 0x65, 0x74, 0x54, 0x84,
        0x43, 0x9A, 0x1C, 0x96, 0x50, 0x02, 0x97, 0xC6,
        0xCF, 0xB0, 0xB1, 0x1D, 0x98, 0x9A, 0x32, 0x94,
        0x73, 0x88, 0x94, 0x78, 0x2D, 0x5F, 0x25, 0x05,
        0x5F, 0xA6, 0x96, 0x7A, 0xC8, 0x3A, 0xDF, 0xA8,
        0x19, 0xB2, 0x53, 0x53, 0x05, 0xF9, 0x31, 0xDC,
        0x58, 0x6C, 0xD1, 0x3A, 0x9B, 0x47, 0x3B, 0x7D,
        0x87, 0xE5, 0xB4, 0xB2, 0xD9, 0x96, 0x2A, 0x59,
        0x90, 0x3C, 0xCC, 0xAD, 0xDC, 0xA2, 0x57, 0x87,
        0x71, 0xC6, 0x7E, 0x5A, 0x49, 0x98, 0xC8, 0x94,
        0x29, 0x30, 0x7B, 0x0E, 0x01, 0x97, 0x53, 0x18,
        0x32, 0x50, 0x73, 0x9E, 0x14, 0x47, 0x97, 0xBD,
        0xCC, 0x22, 0xAB, 0x02, 0x95, 0xD7, 0xC5, 0x32,
    },
    {
        0xDF, 0x17, 0x84, 0x86, 0x77, 0x41, 0x6E, 0x95,
        0x4D, 0x66, 0xF9, 0xB0, 0x9E, 0x12, 0x81, 0x53,
        0x2A, 0x2E, 0x8F, 0x0C, 0x6A, 0xBE, 0x00, 0x37,
        0xE7, 0xE8, 0x11, 0x90, 0x97, 0xC9, 0xEC, 0x84,
        0x5A, 0xA0, 0x69, 0x85, 0xC0, 0x88, 0x55, 0x2C,
        0x41, 0xB6, 0x15, 0x17, 0x36, 0x42, 0xC1, 0x02,
        0x51, 0xC0, 0x6E, 0x91, 0xA2, 0x5C, 0x24, 0x3C,
        0x02, 0x63, 0xB6, 0x75, 0xC7, 0x20, 0x7D, 0x58,
        0x70, 0x1D, 0x13, 0xA5, 0x2E, 0xAB, 0x92, 0x56,
        0x5E, 0xF1, 0xA1, 0xDE, 0xFB, 0xAE, 0xFE, 0x4C,
        0x0B, 0x03, 0xF5, 0x04, 0x44, 0xA3, 0xBE, 0x20,
        0xB1, 0x71, 0x31, 0x0B, 0xA3, 0xF2, 0x08, 0x52,
        0xF3, 0xA2, 0xA1, 0x8E, 0x72, 0x29, 0x40, 0x70,
        0x15, 0x64, 0x60, 0x52, 0xD2, 0xE7, 0x3A, 0xBE,
        0xE3, 0x18, 0xD7, 0x55, 0x89, 0x9C, 0x78, 0x4A,
        0x6F, 0xB5, 0xAA, 0xB1, 0x7C, 0x90, 0x2C, 0xB6,
        0x8A, 0xFA, 0x36, 0x57, 0xB9, 0x01, 0x2E, 0x1B,
        0xB8, 0xB6, 0xAA, 0xC2, 0x68, 0x9A, 0xA4, 0x8C,
        0x2D, 0x42, 0x62, 0xBB, 0x29, 0x63, 0xB0, 0x6A,
        0x24, 0x22, 0x82, 0x54, 0x1C, 0xF6, 0x14, 0x19,
        0xD9, 0x0E, 0x2B, 0xD3, 0x66, 0xBE, 0xE7, 0xA4,
        0x36, 0x9B, 0x72, 0x41, 0xA6, 0x6B, 0xF2, 0x64,
        0x5D, 0x8E, 0x90, 0x4C, 0x3F, 0x7B, 0x30, 0x0C,
        0x04, 0x1D, 0x56, 0x87, 0x39, 0x3D, 0x2C, 0xA9,
        0x29, 0x75, 0xCB, 0xFD, 0xC0, 0x18, 0xDD, 0xC6,
        0x0A, 0xF5, 0x62, 0x00, 0x9E, 0xB0, 0x88, 0x8E,
        0x5A, 0x05, 0x76, 0x24, 0x6A, 0xCE, 0x74, 0x5B,
        0xB1, 0x63, 0x40, 0x8B, 0x5A, 0x9A, 0xE3, 0xC1,
        0x94, 0xA8, 0x5C, 0x21, 0x90, 0x7B, 0x37, 0xB1,
        0x62, 0x8E, 0xCD, 0x9A, 0x15, 0xEC, 0x20, 0x24,
        0x87, 0x30, 0x27, 0x34, 0x44, 0xB0, 0xA2, 0xF4,
        0x54, 0xF9, 0xB4, 0x73, 0x0F, 0x33, 0x91, 0x50,
        0x47, 0x6E, 0xE0, 0x70, 0x98, 0xF6, 0xBC, 0x1B,
        0x97, 0xCC, 0x1B, 0xD3, 0xB8, 0xC1, 0xA2, 0xEB,
        0x0E, 0x50, 0xA7, 0x82, 0xF2, 0x11, 0x5D, 0xF6,
        0x17, 0x49, 0x6F, 0x6C, 0x6F, 0x8C, 0x09, 0xB0,
        0x5F, 0x88, 0x8D, 0x9E, 0x93, 0x3D, 0x28, 0x77,
        0x46, 0xC6, 0x31, 0xB3, 0x10, 0x87, 0x26, 0xB0,
        0xC4, 0xA7, 0xC8, 0x8B, 0x09, 0xC8, 0x60, 0xAC,
        0xD7, 0x52, 0x35, 0x70, 0xC8, 0x02, 0xBD, 0x38,
        0x72, 0x43, 0x16, 0x2D, 0x12, 0x8C, 0xA2, 0x29,
        0x4C, 0x83, 0x43, 0x18, 0xCC, 0x21, 0xFB, 0x14,
        0xD2, 0xAB, 0x37, 0x3F, 0x22, 0x4E, 0x3F, 0xD4,
        0x98, 0x43, 0x85, 0x95, 0x09, 0xF4, 0xCA, 0x1A,
        0x1A, 0x56, 0x6C, 0x05, 0x67, 0x88, 0xA3, 0xAA,
        0x48, 0x4A, 0xAA, 0xBD, 0xF1, 0xA0, 0x8F, 0x1B,
        0x44, 0xC7, 0x56, 0xAB, 0x2A, 0x0C, 0x8B, 0xC5,
        0x85, 0x1E, 0xE2, 0xEB, 0x23, 0x03, 0x4C, 0x2E,
        0xAA, 0x5A, 0xC1, 0x5F, 0x89, 0x75, 0x1B, 0xD5,
        0xCA, 0xE1, 0xD5, 0x90, 0x89, 0xD5, 0x00, 0x2B,
        0xB1, 0xB3, 0xBF, 0xCA, 0x4A, 0xDE, 0x09, 0x82,
        0xAD, 0x67, 0x83, 0xE9, 0xD3, 0x7F, 0xB3, 0xE3,
        0x20, 0xAC, 0x98, 0x55, 0xDF, 0x66, 0x6B, 0xFD,
        0x7C, 0x6B, 0x87, 0xA9, 0xA4, 0x6E, 0x25, 0x97,
        0x12, 0x56, 0x11, 0x61, 0x50, 0x7E, 0x17, 0x35,
        0x98, 0xF9, 0x88, 0xAC, 0xB6, 0xF9, 0xAB, 0x3A,
        0x10, 0x92, 0x63, 0x24, 0x46, 0x88, 0xC7, 0x08,
        0x78, 0x75, 0x8F, 0xF4, 0xD4, 0x31, 0x3B, 0x76,
        0x64, 0xF0, 0xF5, 0x10, 0xE9, 0x13, 0xCA, 0x01,
        0xC5, 0x2B, 0x3A, 0x1B, 0x46, 0x53, 0x51, 0x44,
        0xE2, 0xDB, 0x0C, 0xAC, 0xE8, 0xA6, 0x46, 0x66,
        0x00, 0xCF, 0x2A, 0x87, 0x83, 0x50, 0x07, 0xE1,
        0x6A, 0xA5, 0x07, 0x80, 0x1D, 0x86, 0xB7, 0x38,
        0x5E, 0x66, 0x9B, 0xFA, 0xF6, 0xBA, 0x1D, 0xF5,
        0x68, 0x31, 0x63, 0xC2, 0xD5, 0x70, 0x53, 0x2F,
        0xD7, 0x43, 0x90, 0x54, 0x64, 0x0F, 0x24, 0x4C,
        0x52, 0x87, 0x13, 0x59, 0xD2, 0x84, 0x2F, 0xC3,
        0x37, 0xA0, 0x60, 0x03, 0x3A, 0xF0, 0x5E, 0xAA,
        0x00, 0x1C, 0x34, 0xFC, 0x7B, 0xD8, 0xF9, 0x10,
        0x29, 0xE4, 0x6C, 0x29, 0x43, 0x36, 0x27, 0x64,
        0x5D, 0x67, 0x86, 0x64, 0x21, 0xD6, 0x61, 0xAF,
        0x25, 0x74, 0x80, 0x53, 0x2B, 0x88, 0x78, 0x50,
        0xDC, 0x49, 0x9F, 0xFE, 0xD5, 0xB1, 0x40, 0x98,
        0xA0, 0x33, 0x72, 0x5E, 0x82, 0x0A, 0x5B, 0xE1,
        0x40, 0x0A, 0x0C, 0xB7, 0x03, 0x74, 0x1C, 0xA7,
        0x4B, 0x47, 0x86, 0x73, 0xAA, 0xCF, 0x85, 0x16,
        0x6E, 0xE8, 0xA1, 0x84, 0xDB, 0x2C, 0x58, 0x54,
        0x9C, 0x22, 0x40, 0xB8, 0x30, 0x8C, 0x27, 0xBE,
        0xBA, 0x40, 0xC3, 0xB9, 0xD7, 0x29, 0xED, 0xB1,
        0x8C, 0xC2, 0x06, 0x8E, 0xCD, 0xB2, 0x7D, 0xA2,
        0x2B, 0x2C, 0xD3, 0xE7, 0xA0, 0xBA, 0xA5, 0x30,
        0xC5, 0x19, 0x3C, 0xD3, 0xC8, 0x6B, 0xF8, 0x6A,
        0x44, 0xF0, 0x79, 0x9E, 0x51, 0x55, 0xB0, 0x9B,
        0xE2, 0x50, 0x98, 0x85, 0x23, 0xB3, 0xA7, 0x31,
        0xDD, 0x89, 0x1B, 0xC2, 0x00, 0x60, 0x11, 0xA0,
        0x65, 0xC0, 0xAB, 0x57, 0xF1, 0xA6, 0xC1, 0x78,
        0x89, 0x55, 0xE0, 0x13, 0x5F, 0xA5, 0xCA, 0x8F,
        0x3E, 0x52, 0xC7, 0x5D, 0x37, 0x16, 0x97, 0x3A,
        0x2F, 0xB2, 0x2C, 0x0E, 0xB1, 0x7C, 0x1B, 0x32,
        0x85, 0x29, 0xD9, 0xFA, 0x76, 0x56, 0xD7, 0x4D,
        0xEA, 0x74, 0x0D, 0x9F, 0x07, 0x97, 0x77, 0xC3,
        0x6C, 0x17, 0xA1, 0x9C, 0x19, 0x58, 0x9E, 0x84,
        0xD2, 0xB8, 0xE4, 0xD1, 0xBC, 0x31, 0x07, 0xCB,
        0xD2, 0x78, 0x14, 0x22, 0x48, 0x35, 0x48, 0x44,
        0x6C, 0x89, 0x93, 0x14, 0x77, 0x44, 0xAA, 0x9E,
        0xC1, 0xC5, 0x93, 0xEC, 0x2D, 0x5B, 0xAA, 0xC8,
        0x6A, 0x0A, 0xF6, 0x4A, 0x85, 0xE9, 0x09, 0xDF,
        0x8E, 0x28, 0x16, 0x60, 0x5D, 0x20, 0xB4, 0xE3,
        0x82, 0xB3, 0x0B, 0xBB, 0x61, 0xBF, 0x3A, 0x5F,
        0x82, 0x1A, 0x0B, 0x5D, 0xBA, 0x9A, 0xD3, 0xE7,
    },
    {
        0xE5, 0xBD, 0x1B, 0x37, 0xA7, 0x5E, 0x0F, 0x09,
        0x29, 0x74, 0xE8, 0x46, 0xE8, 0xC3, 0x7C, 0x45,
        0x48, 0x7D, 0x60, 0x73, 0x9F, 0x99, 0x35, 0x17,
        0x19, 0xA5, 0x39, 0x47, 0x23, 0x26, 0x2B, 0x3B,
    },
    {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    },
};

const BYTE rgbMlKemSelfTestCiphertext[768] =
{
    0x6B, 0xC5, 0x04, 0x00, 0x27, 0x7A, 0xBB, 0x7E,
    0x6B, 0xF9, 0xFB, 0x56, 0x82, 0x01, 0x75, 0xEB,
    0xB7, 0xB9, 0xF4, 0xF2, 0x82, 0x2C, 0x6D, 0x0A,
    0xE0, 0x80, 0xA3, 0x49, 0x92, 0x0F, 0x6D, 0x00,
    0x8E, 0xBA, 0x35, 0xB5, 0x42, 0xB9, 0xD7, 0xED,
    0x89, 0xCB, 0xFD, 0x38, 0xD7, 0x9F, 0x55, 0x3B,
    0xF0, 0x8E, 0x63, 0x80, 0x95, 0xCF, 0x0D, 0x4F,
    0x50, 0x40, 0xAC, 0x1D, 0x1B, 0xDC, 0x24, 0x84,
    0x3B, 0x18, 0xC2, 0x77, 0x9F, 0x24, 0x11, 0x81,
    0xA6, 0xCC, 0xD8, 0xF4, 0xE8, 0x00, 0xDC, 0x26,
    0x61, 0x36, 0xD1, 0xB6, 0x5D, 0x9C, 0x12, 0x6D,
    0xF5, 0xE7, 0x93, 0xC8, 0x6D, 0xAC, 0xAF, 0x3C,
    0x78, 0x3F, 0xA9, 0xC1, 0x00, 0x6F, 0x08, 0x29,
    0x4F, 0x1A, 0x4D, 0x3B, 0xB4, 0x4B, 0x6F, 0xC2,
    0x09, 0x00, 0x4B, 0xC1, 0xF0, 0xE6, 0x7F, 0x48,
    0x48, 0x09, 0x40, 0xF2, 0x0A, 0x86, 0x18, 0xBF,
    0xC6, 0x4E, 0xB2, 0xB0, 0xAB, 0xFE, 0x1B, 0xEA,
    0x91, 0x58, 0x8C, 0x18, 0x6E, 0x30, 0xE8, 0x33,
    0x87, 0x29, 0x26, 0xEF, 0xE9, 0x0C, 0x3B, 0x8B,
    0x0C, 0x99, 0x40, 0x53, 0xB9, 0x30, 0xBA, 0x17,
    0xB3, 0x8A, 0x74, 0x59, 0x5D, 0x4C, 0x76, 0x1A,
    0xD3, 0x3F, 0xE4, 0xF7, 0xA3, 0x0F, 0x3A, 0x2C,
    0x85, 0xC1, 0x46, 0xF0, 0xA4, 0x91, 0xA3, 0x12,
    0xB2, 0xA4, 0x4B, 0x88, 0x8D, 0x1C, 0x85, 0xB1,
    0xE4, 0x41, 0x1F, 0x9D, 0xB7, 0x91, 0x2F, 0x60,
    0x98, 0xFD, 0xFC, 0x29, 0x89, 0x11, 0x7D, 0x16,
    0x09, 0x9E, 0x76, 0xF1, 0x9C, 0xB3, 0x50, 0xB9,
    0xD0, 0x02, 0xD2, 0xA2, 0x0D, 0xDD, 0xEE, 0x90,
    0x47, 0x0D, 0xB9, 0x4A, 0x53, 0x11, 0xA2, 0x4F,
    0x13, 0x5A, 0x40, 0xDC, 0xC6, 0xFE, 0xD7, 0x28,
    0x36, 0xEC, 0xA0, 0x5E, 0xAB, 0xC1, 0x7D, 0x19,
    0x33, 0x59, 0xE2, 0xE4, 0xEA, 0x26, 0x67, 0x2F,
    0xE5, 0x05, 0xD8, 0x34, 0x6E, 0x3C, 0xAB, 0x63,
    0x8B, 0x24, 0x16, 0xC7, 0x1B, 0x2A, 0x9B, 0xE5,
    0x04, 0x78, 0x98, 0x6C, 0x6C, 0x1E, 0x94, 0xE3,
    0x7F, 0x86, 0x52, 0xC0, 0x17, 0x56, 0x8D, 0x01,
    0x7A, 0x28, 0x81, 0x07, 0x3D, 0x61, 0x2A, 0xCD,
    0xC8, 0xB6, 0x7E, 0x5B, 0xAD, 0xA8, 0x90, 0xBD,
    0x0C, 0x95, 0xB5, 0x09, 0x9D, 0x7C, 0x34, 0x8C,
    0x74, 0x8F, 0x8E, 0x7C, 0x28, 0x6C, 0xE2, 0x2F,
    0xA2, 0x87, 0x7F, 0x80, 0x43, 0x46, 0x1C, 0xB2,
    0x1C, 0x5A, 0xD2, 0xEC, 0xAD, 0xF9, 0x55, 0xE3,
    0x6B, 0x19, 0x54, 0x08, 0x84, 0x1A, 0x34, 0x82,
    0xF4, 0x9C, 0xEC, 0x3D, 0x65, 0xF9, 0x78, 0x7F,
    0x37, 0x47, 0xCF, 0xF1, 0xCB, 0x15, 0xF2, 0xAC,
    0xFF, 0x3B, 0x8F, 0xA0, 0x8C, 0x25, 0x88, 0x5C,
    0x38, 0x23, 0x9A, 0x27, 0x16, 0x6A, 0xDF, 0xA3,
    0x98, 0x1D, 0x16, 0x33, 0x4B, 0x4F, 0xFB, 0x83,
    0x85, 0x66, 0x76, 0x03, 0xB9, 0xB5, 0x46, 0x21,
    0xB9, 0xF3, 0xF4, 0xF1, 0x3A, 0x85, 0xEC, 0x9E,
    0x56, 0x6A, 0xB6, 0x1D, 0xCC, 0xCA, 0xFB, 0x11,
    0xAE, 0x47, 0x7D, 0x93, 0xA5, 0xBC, 0x90, 0x32,
    0xDE, 0xA1, 0xA5, 0x1E, 0x5D, 0x52, 0x17, 0x98,
    0x0A, 0x8B, 0xC4, 0x1A, 0x28, 0x7C, 0x9C, 0x22,
    0x3E, 0x33, 0x06, 0x40, 0x77, 0xE5, 0x22, 0x49,
    0x86, 0xF9, 0x3C, 0xC5, 0xC1, 0xB9, 0x77, 0x25,
    0x53, 0x66, 0x5A, 0x18, 0x83, 0x5A, 0x2B, 0xBF,
    0xAC, 0x04, 0x70, 0x26, 0xE8, 0x2B, 0xB6, 0x0C,
    0xE8, 0x00, 0x95, 0xBB, 0x08, 0x75, 0xF3, 0x37,
    0x31, 0x2E, 0xEF, 0x28, 0x8D, 0x58, 0x92, 0xD4,
    0xFD, 0xD7, 0x02, 0xCE, 0x8F, 0x11, 0x83, 0x17,
    0x53, 0x19, 0x44, 0xD7, 0xD5, 0x6D, 0x44, 0x04,
    0x3A, 0x0A, 0x01, 0x46, 0xF2, 0xD2, 0xA5, 0x05,
    0x88, 0xA0, 0xD9, 0x0D, 0xE1, 0xA0, 0x7A, 0xF2,
    0x20, 0x2E, 0x5B, 0x05, 0xE4, 0x2B, 0x11, 0x3D,
    0xB3, 0x82, 0x64, 0x3B, 0xEF, 0xC1, 0x53, 0xBA,
    0x9F, 0x7F, 0x29, 0x59, 0x87, 0x39, 0x52, 0xDA,
    0x7B, 0xFF, 0xD7, 0xDD, 0xA1, 0xA9, 0x9F, 0xA1,
    0xE2, 0x38, 0x74, 0xB0, 0x94, 0xDC, 0xC5, 0xB5,
    0xF3, 0x61, 0xDF, 0x92, 0x62, 0xE1, 0x96, 0x87,
    0x6D, 0xB4, 0x2C, 0xC7, 0xF0, 0x38, 0xE9, 0x5E,
    0xFC, 0xFF, 0x4C, 0x01, 0xC7, 0x59, 0x39, 0xE5,
    0x9B, 0xFB, 0xF5, 0x2B, 0x1B, 0xE5, 0xF8, 0x25,
    0x06, 0x07, 0xC7, 0x82, 0x46, 0x2A, 0x99, 0xD0,
    0xA9, 0x67, 0x81, 0xD7, 0xA2, 0x29, 0x96, 0x1A,
    0x94, 0x8E, 0x7D, 0x51, 0x76, 0x99, 0xAD, 0x61,
    0xEC, 0xB6, 0xC0, 0x58, 0x8E, 0xD0, 0x9D, 0xFF,
    0x58, 0x57, 0x1B, 0x2E, 0xAD, 0x65, 0xD8, 0xDE,
    0xA5, 0xFA, 0x81, 0x4B, 0x2C, 0x06, 0x1B, 0xFE,
    0x49, 0x20, 0x4D, 0x5E, 0x1B, 0xB7, 0x40, 0x96,
    0xAA, 0x81, 0x25, 0xEB, 0x84, 0xDB, 0xEA, 0x5D,
    0x0B, 0xAF, 0xF9, 0x8E, 0x41, 0xA6, 0xDD, 0x91,
    0x3A, 0x68, 0x54, 0xB7, 0x2E, 0xB1, 0x74, 0xFF,
    0xF5, 0x0D, 0xA7, 0x3C, 0xC7, 0x30, 0x5B, 0x55,
    0xC6, 0x2D, 0xC8, 0x4C, 0xB4, 0xAD, 0xCC, 0xD0,
    0xA1, 0x1B, 0x41, 0xC7, 0x23, 0xE8, 0xDA, 0xFF,
    0xB7, 0x3A, 0x12, 0xC2, 0xDC, 0x39, 0x7C, 0xF4,
    0xB9, 0x50, 0x00, 0x53, 0x88, 0xC8, 0x77, 0x49,
    0xFD, 0x70, 0x3D, 0xE0, 0xAA, 0x0C, 0x28, 0xD4,
    0xA2, 0xEC, 0x82, 0x5D, 0xDA, 0xE8, 0x05, 0x2F,
    0xE8, 0x9C, 0x21, 0x39, 0x3A, 0x22, 0x2F, 0x0A,
    0x5C, 0x6D, 0x01, 0xDF, 0xC8, 0x9F, 0x46, 0xF7,
    0x15, 0x02, 0xAD, 0x19, 0x35, 0x63, 0x55, 0x58,
    0xF5, 0x7A, 0x46, 0xC9, 0x7A, 0xE6, 0x33, 0x84,
    0x48, 0x2B, 0xF0, 0xE7, 0xC5, 0x72, 0x98, 0x43,
    0x6A, 0x99, 0xBA, 0x00, 0x57, 0x4F, 0xAA, 0x0A,
};

VOID
SYMCRYPT_CALL
SymCryptDhSecretAgreementSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    PSYMCRYPT_DLGROUP pDlgroup = NULL;
    PSYMCRYPT_DLKEY pkKey1 = NULL;
    PSYMCRYPT_DLKEY pkKey2 = NULL;

    BYTE rgbSecret[ sizeof(rgbDhKnownSecret) ];

    pDlgroup = SymCryptDlgroupAllocate(
        SymCryptDlgroupDhSafePrimeParamsModp2048->nBitsOfP,
        0 );
    SYMCRYPT_FIPS_ASSERT( pDlgroup != NULL );

    scError = SymCryptDlgroupSetValueSafePrime(
        SYMCRYPT_DLGROUP_DH_SAFEPRIMETYPE_IKE_3526,
        pDlgroup );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    pkKey1 = SymCryptDlkeyAllocate( pDlgroup );
    SYMCRYPT_FIPS_ASSERT( pkKey1 != NULL );

    scError = SymCryptDlkeySetValue(
        dhKey1.private,
        sizeof(dhKey1.private),
        dhKey1.public,
        sizeof(dhKey1.public),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_FLAG_DLKEY_DH | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkKey1 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    pkKey2 = SymCryptDlkeyAllocate( pDlgroup );
    SYMCRYPT_FIPS_ASSERT( pkKey2 != NULL );

    scError = SymCryptDlkeySetValue(
        dhKey2.private,
        sizeof(dhKey2.private),
        dhKey2.public,
        sizeof(dhKey2.public),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_FLAG_DLKEY_DH | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkKey2 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    // Calculate secret using private key 1 and public key 2
    scError = SymCryptDhSecretAgreement(
        pkKey1,
        pkKey2,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0, // flags
        rgbSecret,
        sizeof(rgbSecret) );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( rgbSecret, sizeof(rgbSecret) );

    SYMCRYPT_FIPS_ASSERT( memcmp( rgbSecret, rgbDhKnownSecret, sizeof(rgbDhKnownSecret) ) == 0 );

    SymCryptDlkeyFree( pkKey2 );
    SymCryptDlkeyFree( pkKey1 );
    SymCryptDlgroupFree( pDlgroup );
}

VOID
SYMCRYPT_CALL
SymCryptEcDhSecretAgreementSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    PSYMCRYPT_ECURVE pCurve = NULL;
    PSYMCRYPT_ECKEY pkKey1 = NULL;
    PSYMCRYPT_ECKEY pkKey2 = NULL;

    BYTE rgbSecret[ sizeof(rgbEcdhKnownSecret) ];

    pCurve = SymCryptEcurveAllocate( SymCryptEcurveParamsNistP256, 0 );
    SYMCRYPT_FIPS_ASSERT( pCurve != NULL );

    pkKey1 = SymCryptEckeyAllocate( pCurve );
    SYMCRYPT_FIPS_ASSERT( pkKey1 != NULL );

    scError = SymCryptEckeySetValue(
        eckey1.d,
        sizeof(eckey1.d),
        eckey1.Qxy,
        sizeof(eckey1.Qxy),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_ECPOINT_FORMAT_XY,
        SYMCRYPT_FLAG_ECKEY_ECDH | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkKey1);
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    pkKey2 = SymCryptEckeyAllocate( pCurve );
    SYMCRYPT_FIPS_ASSERT( pkKey2 != NULL );

    scError = SymCryptEckeySetValue(
        eckey2.d,
        sizeof(eckey2.d),
        eckey2.Qxy,
        sizeof(eckey2.Qxy),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_ECPOINT_FORMAT_XY,
        SYMCRYPT_FLAG_ECKEY_ECDH | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkKey2);
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    // Calculate secret using private key 1 and public key 2
    scError = SymCryptEcDhSecretAgreement(
        pkKey1,
        pkKey2,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0,
        rgbSecret,
        sizeof(rgbSecret));
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( rgbSecret, sizeof(rgbSecret) );

    SYMCRYPT_FIPS_ASSERT( memcmp(rgbSecret, rgbEcdhKnownSecret, sizeof(rgbSecret)) == 0 );

    SymCryptEckeyFree( pkKey2 );
    SymCryptEckeyFree( pkKey1 );
    SymCryptEcurveFree( pCurve );
}

VOID
SYMCRYPT_CALL
SymCryptDsaPct( PCSYMCRYPT_DLKEY pkDlkey )
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    SIZE_T cbSignature = 2 * SYMCRYPT_BYTES_FROM_BITS(pkDlkey->nBitsPriv);
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );

    scError = SymCryptDsaSign(
        pkDlkey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0,
        pbSignature,
        cbSignature );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( pbSignature, cbSignature );

    scError = SymCryptDsaVerify(
        pkDlkey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        pbSignature,
        cbSignature,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptWipe( pbSignature, cbSignature );
    SymCryptCallbackFree( pbSignature );
}

VOID
SYMCRYPT_CALL
SymCryptDsaSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    PSYMCRYPT_DLGROUP pDlgroup = NULL;
    PSYMCRYPT_DLKEY pkDlkey = NULL;

    BYTE rgbSignature[64];

    pDlgroup = SymCryptDlgroupAllocate(
        sizeof(dsaDlgroup.primeP) * 8,
        sizeof(dsaDlgroup.primeQ) * 8 );
    SYMCRYPT_FIPS_ASSERT( pDlgroup != NULL );

    scError = SymCryptDlgroupSetValue(
        dsaDlgroup.primeP,
        sizeof(dsaDlgroup.primeP),
        dsaDlgroup.primeQ,
        sizeof(dsaDlgroup.primeQ),
        dsaDlgroup.generator,
        sizeof(dsaDlgroup.generator),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SymCryptSha256Algorithm,
        dsaDlgroup.seed,
        sizeof(dsaDlgroup.seed),
        dsaDlgroup.counter,
        SYMCRYPT_DLGROUP_FIPS_NONE,
        pDlgroup );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    pkDlkey = SymCryptDlkeyAllocate( pDlgroup );
    SYMCRYPT_FIPS_ASSERT( pkDlkey != NULL );

    scError = SymCryptDlkeySetValue(
        dsaKey.private,
        sizeof(dsaKey.private),
        dsaKey.public,
        sizeof(dsaKey.public),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_FLAG_DLKEY_DSA | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkDlkey );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    // DSA is no longer an approved signing algorithm, so we don't need to perform a signature in
    // the CAST. We can just verify the precalculated signature. But for the unit test
    // infrastructure to exercise these self-tests, we also need to to inject errors and ensure
    // that the verification fails when the signature is corrupted.
    C_ASSERT( sizeof(rgbDsaKnownAnswerTestSignature) == sizeof(rgbSignature) );
    memcpy( rgbSignature, rgbDsaKnownAnswerTestSignature, sizeof(rgbDsaKnownAnswerTestSignature) );
    SymCryptInjectError( rgbSignature, sizeof(rgbSignature) );

    scError = SymCryptDsaVerify(
        pkDlkey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        rgbSignature,
        sizeof(rgbSignature),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptDlkeyFree( pkDlkey );
    SymCryptDlgroupFree( pDlgroup );
}

VOID
SYMCRYPT_CALL
SymCryptEcDsaPct( PCSYMCRYPT_ECKEY pkEckey )
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    SIZE_T cbSignature = 2 * SymCryptEckeySizeofPrivateKey(pkEckey);
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );

    // Use SymCryptEcDsaSignEx to avoid infinite recursion in the PCT
    scError = SymCryptEcDsaSignEx(
        pkEckey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        NULL,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0,
        pbSignature,
        cbSignature );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( pbSignature, cbSignature );

    scError = SymCryptEcDsaVerify(
        pkEckey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        pbSignature,
        cbSignature,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptWipe( pbSignature, cbSignature );
    SymCryptCallbackFree( pbSignature );
}

VOID
SYMCRYPT_CALL
SymCryptEcDsaSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    PSYMCRYPT_ECURVE pCurve = NULL;
    PSYMCRYPT_ECKEY pkEckey = NULL;
    PSYMCRYPT_INT piK = NULL;

    BYTE rgbSignature[64];

    pCurve = SymCryptEcurveAllocate( SymCryptEcurveParamsNistP256, 0 );
    SYMCRYPT_FIPS_ASSERT( pCurve != NULL );

    pkEckey = SymCryptEckeyAllocate( pCurve );
    SYMCRYPT_FIPS_ASSERT( pkEckey != NULL );

    piK = SymCryptIntAllocate(
        SYMCRYPT_FDEF_DIGITS_FROM_BITS( sizeof(rgbEcDsaKnownAnswerTestK) * 8 ) );
    SYMCRYPT_FIPS_ASSERT( piK != NULL );

    scError = SymCryptIntSetValue(
        rgbEcDsaKnownAnswerTestK,
        sizeof(rgbEcDsaKnownAnswerTestK),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        piK );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    scError = SymCryptEckeySetValue(
        eckey1.d,
        sizeof(eckey1.d),
        eckey1.Qxy,
        sizeof(eckey1.Qxy),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_ECPOINT_FORMAT_XY,
        SYMCRYPT_FLAG_ECKEY_ECDSA | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkEckey);
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    scError = SymCryptEcDsaSignEx(
        pkEckey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        piK,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0,
        rgbSignature,
        sizeof(rgbSignature) );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SYMCRYPT_FIPS_ASSERT(
        memcmp( rgbSignature, rgbEcDsaKnownAnswerTestSignature, sizeof(rgbSignature) ) == 0 );

    SymCryptInjectError( rgbSignature, sizeof(rgbSignature) );

    scError = SymCryptEcDsaVerify(
        pkEckey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        rgbSignature,
        sizeof(rgbSignature),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        0 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptIntFree( piK );
    SymCryptEckeyFree( pkEckey );
    SymCryptEcurveFree( pCurve );
}

VOID
SYMCRYPT_CALL
SymCryptRsaSignVerifyPct( PCSYMCRYPT_RSAKEY pkRsakey )
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    SIZE_T cbSignature = SYMCRYPT_BYTES_FROM_BITS(pkRsakey->nBitsOfModulus);
    PBYTE pbSignature = SymCryptCallbackAlloc( cbSignature );
    SYMCRYPT_FIPS_ASSERT( pbSignature != NULL );

    scError = SymCryptRsaPkcs1Sign(
        pkRsakey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        SymCryptSha256OidList,
        SYMCRYPT_SHA256_OID_COUNT,
        0,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        pbSignature,
        cbSignature,
        &cbSignature );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( pbSignature, cbSignature );

    scError = SymCryptRsaPkcs1Verify(
        pkRsakey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        pbSignature,
        cbSignature,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SymCryptSha256OidList,
        SYMCRYPT_SHA256_OID_COUNT,
        0 );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptWipe( pbSignature, cbSignature );
    SymCryptCallbackFree( pbSignature );
}

VOID
SYMCRYPT_CALL
SymCryptRsaSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    PSYMCRYPT_RSAKEY pkRsakey = NULL;
    SYMCRYPT_RSA_PARAMS rsaParams = { 0 };

    SIZE_T cbSignature = sizeof(rgbRsaPkcs1Sig);
    PBYTE pbSignature = SymCryptCallbackAlloc(cbSignature);
    SYMCRYPT_FIPS_ASSERT(pbSignature != NULL);

    rsaParams.version = 1;
    rsaParams.nBitsOfModulus = sizeof(rsakey.modulus) * 8;
    rsaParams.nPrimes = 2;
    rsaParams.nPubExp = 1;

    PCBYTE pbPrimes[] = { rsakey.prime1, rsakey.prime2 };
    SIZE_T cbPrimes[] = { sizeof(rsakey.prime1), sizeof(rsakey.prime2) };

    pkRsakey = SymCryptRsakeyAllocate(&rsaParams, 0);
    SYMCRYPT_FIPS_ASSERT(pkRsakey != NULL);

    scError = SymCryptRsakeySetValue(
        rsakey.modulus,
        sizeof(rsakey.modulus),
        &rsakey.publicExp,
        1,
        pbPrimes,
        cbPrimes,
        sizeof(cbPrimes) / sizeof(cbPrimes[0]),
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkRsakey);
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);

    scError = SymCryptRsaPkcs1Sign(
        pkRsakey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        SymCryptSha256OidList,
        SYMCRYPT_SHA256_OID_COUNT,
        0,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        pbSignature,
        cbSignature,
        &cbSignature);
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);

    SYMCRYPT_FIPS_ASSERT(memcmp(pbSignature, rgbRsaPkcs1Sig, sizeof(rgbRsaPkcs1Sig)) == 0);

    SymCryptInjectError(pbSignature, cbSignature);

    scError = SymCryptRsaPkcs1Verify(
        pkRsakey,
        rgbSha256Hash,
        sizeof(rgbSha256Hash),
        pbSignature,
        cbSignature,
        SYMCRYPT_NUMBER_FORMAT_MSB_FIRST,
        SymCryptSha256OidList,
        SYMCRYPT_SHA256_OID_COUNT,
        0);
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);

    SymCryptRsakeyFree(pkRsakey);

    SymCryptWipe(pbSignature, cbSignature);
    SymCryptCallbackFree(pbSignature);
}

VOID
SYMCRYPT_CALL
SymCryptXmssVerifySelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;
    PSYMCRYPT_XMSS_KEY pKey = NULL;
    SYMCRYPT_XMSS_PARAMS params;
    PBYTE pbSignature;
    SIZE_T cbSignature = sizeof(rgbXmssSha2_10_192Signature);

    scError = SymCryptXmssParamsFromAlgId(SYMCRYPT_XMSS_SHA2_10_192, &params);
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);

    pKey = SymCryptXmsskeyAllocate(&params, 0);
    SYMCRYPT_FIPS_ASSERT(pKey != NULL);

    scError = SymCryptXmsskeySetValue(
        rgbXmssSha2_10_192Pubkey,
        sizeof(rgbXmssSha2_10_192Pubkey),
        SYMCRYPT_XMSSKEY_TYPE_PUBLIC,
        0, 
        pKey);

    // Make a copy of the signature so that we can inject errors in it
    pbSignature = SymCryptCallbackAlloc(cbSignature);
    SYMCRYPT_FIPS_ASSERT(pbSignature != NULL);
    memcpy(pbSignature, rgbXmssSha2_10_192Signature, cbSignature);

    SymCryptInjectError(pbSignature, cbSignature);

    scError = SymCryptXmssVerify(
        pKey,
        SymCryptTestMsg3,
        sizeof(SymCryptTestMsg3),
        0,
        pbSignature,
        cbSignature);
    SYMCRYPT_FIPS_ASSERT(scError == SYMCRYPT_NO_ERROR);

    SymCryptWipe(pbSignature, cbSignature);
    SymCryptCallbackFree(pbSignature);

    SymCryptXmsskeyFree(pKey);
}

VOID
SYMCRYPT_CALL
SymCryptXmssSelftest(void)
{
    // Perform only signature verification self-test
    SymCryptXmssVerifySelftest();
}

VOID
SYMCRYPT_CALL
SymCryptMlKemSelftest(void)
{
    SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR;

    const SIZE_T cbCiphertext = sizeof(rgbMlKemSelfTestCiphertext);
    const SIZE_T cbDecapsKeyBlob = sizeof(mlKemDecapsKey);
    const SIZE_T cbAlloc = cbCiphertext + cbDecapsKeyBlob;
    BYTE rgbComputedSecret[sizeof(rgbMlKemSelfTestAgreedSecret)];
    PSYMCRYPT_MLKEMKEY pkMlKemkey = NULL;

    PBYTE pbAlloc = SymCryptCallbackAlloc( cbAlloc );
    PBYTE pbCiphertext = pbAlloc;
    PBYTE pbDecapsKeyBlob = pbAlloc + cbCiphertext;
    SYMCRYPT_FIPS_ASSERT( pbAlloc != NULL );

    pkMlKemkey = SymCryptMlKemkeyAllocate( SYMCRYPT_MLKEM_PARAMS_MLKEM512 );
    SYMCRYPT_FIPS_ASSERT( pkMlKemkey != NULL );

    // ML-KEM KeyGen KAT
    scError = SymCryptMlKemkeySetValue(
        (PCBYTE) &rgbMlKemKeyPrivateSeed, sizeof(rgbMlKemKeyPrivateSeed),
        SYMCRYPT_MLKEMKEY_FORMAT_PRIVATE_SEED,
        SYMCRYPT_FLAG_KEY_NO_FIPS,
        pkMlKemkey );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    scError = SymCryptMlKemkeyGetValue(
        pkMlKemkey,
        pbDecapsKeyBlob, cbDecapsKeyBlob,
        SYMCRYPT_MLKEMKEY_FORMAT_DECAPSULATION_KEY,
        SYMCRYPT_FLAG_KEY_NO_FIPS );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( pbDecapsKeyBlob, cbDecapsKeyBlob );

    SYMCRYPT_FIPS_ASSERT( memcmp(pbDecapsKeyBlob, (PCBYTE) &mlKemDecapsKey, cbDecapsKeyBlob) == 0 );

    // ML-KEM Encaps KAT
    scError = SymCryptMlKemEncapsulateEx(
        pkMlKemkey,
        rgbMlKemSelfTestEncapsRandomness, sizeof(rgbMlKemSelfTestEncapsRandomness),
        rgbComputedSecret, sizeof(rgbComputedSecret),
        pbCiphertext, cbCiphertext );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );
    SymCryptInjectError( pbCiphertext, sizeof(rgbMlKemSelfTestCiphertext) );

    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestAgreedSecret, sizeof(rgbComputedSecret)) == 0 );
    SYMCRYPT_FIPS_ASSERT( memcmp(pbCiphertext, rgbMlKemSelfTestCiphertext, sizeof(rgbMlKemSelfTestCiphertext)) == 0 );

    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );

    // ML-KEM Successful Decaps KAT
    scError = SymCryptMlKemDecapsulate(
        pkMlKemkey,
        pbCiphertext, cbCiphertext,
        rgbComputedSecret, sizeof(rgbComputedSecret) );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );

    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestAgreedSecret, sizeof(rgbComputedSecret)) == 0 );

    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );

    // ML-KEM Implicit Rejection Decaps KAT
    pbCiphertext[0] ^= 1;

    scError = SymCryptMlKemDecapsulate(
        pkMlKemkey,
        pbCiphertext, cbCiphertext,
        rgbComputedSecret, sizeof(rgbComputedSecret) );
    SYMCRYPT_FIPS_ASSERT( scError == SYMCRYPT_NO_ERROR );

    SymCryptInjectError( rgbComputedSecret, sizeof(rgbComputedSecret) );

    SYMCRYPT_FIPS_ASSERT( memcmp(rgbComputedSecret, rgbMlKemSelfTestImplicitRejectionSecret, sizeof(rgbComputedSecret)) == 0 );
    
    SymCryptWipeKnownSize( rgbComputedSecret, sizeof(rgbComputedSecret) );

    SymCryptMlKemkeyFree( pkMlKemkey );
    SymCryptWipe( pbAlloc, cbAlloc );
    SymCryptCallbackFree( pbAlloc );
}

Coverage Report

Created: 2024-11-21 07:03