diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:37 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:53:35 +0100 |
| commit | 1c4b392a5b2badf05e86478da7370fef55b11329 (patch) | |
| tree | 004082e4053fa6e0bfebe0f098f43a85a5c9f7c0 | |
| parent | 43b59d13239e0d9593649b77bdea3651150f6132 (diff) | |
| parent | fde0c763b6c1066d206dad3d09920e8e900f6f18 (diff) | |
| download | strongswan-1c4b392a5b2badf05e86478da7370fef55b11329.tar.bz2 strongswan-1c4b392a5b2badf05e86478da7370fef55b11329.tar.xz | |
Merge branch 'rsassa-pss'
This adds support for RSASSA-PSS signatures in IKEv2 digital signature
authentication (RFC 7427), certificates and CRLs etc., and when signing
credentials via pki tool. For interoperability with older versions, the
default is to use classic PKCS#1 signatures. To use PSS padding either enable
rsa_pss via strongswan.conf or explicitly use it either via ike:rsa/pss...
auth token or the --rsa-padding option of the pki tool.
References #2427.
116 files changed, 8494 insertions, 593 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 900b9b46b..161ebb724 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -341,6 +341,9 @@ charon.routing_table charon.routing_table_prio Priority of the routing table. +charon.rsa_pss = no + Whether to use RSA with PSS padding instead of PKCS#1 padding by default. + charon.send_delay = 0 Delay in ms for sending packets, to simulate larger RTT. diff --git a/configure.ac b/configure.ac index 6bafe5fbb..104069c67 100644 --- a/configure.ac +++ b/configure.ac @@ -487,7 +487,7 @@ if test x$aikgen = xtrue; then tss_trousers=true fi -if test x$ntru = xtrue -o x$bliss = xtrue; then +if test x$gmp = xtrue -o x$ntru = xtrue -o x$bliss = xtrue; then mgf1=true fi diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 85340f2da..774df75ac 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in .BR strongswan.conf (5). +To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. +.BR ike:rsa/pss-sha256 . +If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures +will only be used/accepted if enabled in +.BR strongswan.conf (5). + For .BR eap , an optional EAP method can be appended. Currently defined methods are diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c index 66279ada3..2928772b8 100644 --- a/scripts/pubkey_speed.c +++ b/scripts/pubkey_speed.c @@ -118,7 +118,7 @@ int main(int argc, char *argv[]) start_timing(&timing); for (round = 0; round < rounds; round++) { - if (!private->sign(private, scheme, data, &sigs[round])) + if (!private->sign(private, scheme, NULL, data, &sigs[round])) { printf("creating signature failed\n"); exit(1); @@ -135,7 +135,7 @@ int main(int argc, char *argv[]) start_timing(&timing); for (round = 0; round < rounds; round++) { - if (!public->verify(public, scheme, data, sigs[round])) + if (!public->verify(public, scheme, NULL, data, sigs[round])) { printf("signature verification failed\n"); exit(1); diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c index db57ec1c7..891b579ee 100644 --- a/src/charon-tkm/src/tkm/tkm_private_key.c +++ b/src/charon-tkm/src/tkm/tkm_private_key.c @@ -14,6 +14,7 @@ * for more details. */ +#include <library.h> #include <utils/debug.h> #include <tkm/constants.h> #include <tkm/client.h> @@ -58,7 +59,7 @@ METHOD(private_key_t, get_type, key_type_t, } METHOD(private_key_t, sign, bool, - private_tkm_private_key_t *this, signature_scheme_t scheme, + private_tkm_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { signature_type sig; diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c index 9ebdc29e6..2a14a9bdd 100644 --- a/src/charon-tkm/src/tkm/tkm_public_key.c +++ b/src/charon-tkm/src/tkm/tkm_public_key.c @@ -14,6 +14,7 @@ * for more details. */ +#include <library.h> #include <utils/debug.h> #include "tkm_public_key.h" @@ -53,7 +54,7 @@ METHOD(public_key_t, get_type, key_type_t, } METHOD(public_key_t, verify, bool, - private_tkm_public_key_t *this, signature_scheme_t scheme, + private_tkm_public_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t signature) { return TRUE; diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index d80196ed6..4be6f45db 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -244,7 +244,7 @@ static bool build_auth(private_pretend_auth_t *this, private->destroy(private); return FALSE; } - if (!private->sign(private, scheme, octets, &auth_data)) + if (!private->sign(private, scheme, NULL, octets, &auth_data)) { chunk_free(&octets); private->destroy(private); diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index b2df278a5..bc20292a1 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -143,7 +143,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, id->destroy(id); return FALSE; } - if (!private->sign(private, scheme, octets, &auth_data)) + if (!private->sign(private, scheme, NULL, octets, &auth_data)) { chunk_free(&octets); private->destroy(private); diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c index d1f1bcb4e..21043f6f4 100644 --- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c +++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2012-2014 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2012-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,6 +18,7 @@ #include "../android_jni.h" #include <utils/debug.h> #include <asn1/asn1.h> +#include <credentials/keys/signature_params.h> typedef struct private_private_key_t private_private_key_t; @@ -52,13 +53,121 @@ struct private_private_key_t { refcount_t ref; }; +/** + * Get the Java name for the given hash algorithm + */ +static jstring hash_name(JNIEnv *env, hash_algorithm_t alg) +{ + const char *hash = NULL; + + switch (alg) + { + case HASH_SHA1: + hash = "SHA-1"; + break; + case HASH_SHA224: + hash = "SHA-224"; + break; + case HASH_SHA256: + hash = "SHA-256"; + break; + case HASH_SHA384: + hash = "SHA-384"; + break; + case HASH_SHA512: + hash = "SHA-512"; + break; + default: + return NULL; + } + return (*env)->NewStringUTF(env, hash); +} + +/** + * Set PSSParameterSpec on Signature object + */ +static bool set_pss_params(private_private_key_t *this, JNIEnv *env, + jobject jsignature, rsa_pss_params_t *pss) +{ + jmethodID method_id; + jclass cls; + jstring jhash, jmgf1; + jobject obj; + int slen; + + /* create MGF1ParameterSpec instance */ + cls = (*env)->FindClass(env, "java/security/spec/MGF1ParameterSpec"); + if (!cls) + { + return FALSE; + } + method_id = (*env)->GetMethodID(env, cls, "<init>", "(Ljava/lang/String;)V"); + if (!method_id) + { + return FALSE; + } + jhash = hash_name(env, pss->mgf1_hash); + if (!jhash) + { + return FALSE; + } + obj = (*env)->NewObject(env, cls, method_id, jhash); + if (!obj) + { + return FALSE; + } + /* create PSSParameterSpec instance */ + cls = (*env)->FindClass(env, "java/security/spec/PSSParameterSpec"); + if (!cls) + { + return FALSE; + } + method_id = (*env)->GetMethodID(env, cls, "<init>", + "(Ljava/lang/String;Ljava/lang/String;" + "Ljava/security/spec/AlgorithmParameterSpec;II)V"); + if (!method_id) + { + return FALSE; + } + jhash = hash_name(env, pss->hash); + jmgf1 = (*env)->NewStringUTF(env, "MGF1"); + if (!jhash || !jmgf1) + { + return FALSE; + } + slen = hasher_hash_size(pss->hash); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + obj = (*env)->NewObject(env, cls, method_id, jhash, jmgf1, obj, slen, 1); + if (!obj) + { + return FALSE; + } + /* update Signature instance */ + method_id = (*env)->GetMethodID(env, this->signature_class, "setParameter", + "(Ljava/security/spec/AlgorithmParameterSpec;)V"); + if (!method_id) + { + return FALSE; + } + (*env)->CallVoidMethod(env, jsignature, method_id, obj); + if (androidjni_exception_occurred(env)) + { + return FALSE; + } + return TRUE; +} + METHOD(private_key_t, sign, bool, - private_private_key_t *this, signature_scheme_t scheme, + private_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { JNIEnv *env; jmethodID method_id; const char *method = NULL; + rsa_pss_params_t *pss = NULL; jstring jmethod; jobject jsignature; jbyteArray jdata, jsigarray; @@ -89,6 +198,33 @@ METHOD(private_key_t, sign, bool, case SIGN_RSA_EMSA_PKCS1_SHA2_512: method = "SHA512withRSA"; break; + case SIGN_RSA_EMSA_PSS: + if (!params) + { + return FALSE; + } + pss = params; + switch (pss->hash) + { + case HASH_SHA1: + method = "SHA1withRSA/PSS"; + break; + case HASH_SHA224: + method = "SHA224withRSA/PSS"; + break; + case HASH_SHA256: + method = "SHA256withRSA/PSS"; + break; + case HASH_SHA384: + method = "SHA384withRSA/PSS"; + break; + case HASH_SHA512: + method = "SHA512withRSA/PSS"; + break; + default: + break; + } + break; default: break; } @@ -145,6 +281,10 @@ METHOD(private_key_t, sign, bool, { goto failed; } + if (pss && !set_pss_params(this, env, jsignature, pss)) + { + goto failed; + } method_id = (*env)->GetMethodID(env, this->signature_class, "initSign", "(Ljava/security/PrivateKey;)V"); if (!method_id) diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c index 344c1bf5d..41be15a08 100644 --- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c @@ -110,7 +110,7 @@ METHOD(authenticator_t, build, status_t, } free(dh.ptr); - if (private->sign(private, scheme, hash, &sig)) + if (private->sign(private, scheme, NULL, hash, &sig)) { sig_payload = hash_payload_create(PLV1_SIGNATURE); sig_payload->set_hash(sig_payload, sig); @@ -176,7 +176,7 @@ METHOD(authenticator_t, process, status_t, id, auth, TRUE); while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { - if (public->verify(public, scheme, hash, sig)) + if (public->verify(public, scheme, NULL, hash, sig)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id, signature_scheme_names, scheme); diff --git a/src/libcharon/sa/ikev1/iv_manager.c b/src/libcharon/sa/ikev1/iv_manager.c index c9f737ccd..2a6e5c04f 100644 --- a/src/libcharon/sa/ikev1/iv_manager.c +++ b/src/libcharon/sa/ikev1/iv_manager.c @@ -15,6 +15,7 @@ #include "iv_manager.h" +#include <library.h> #include <collections/linked_list.h> /** diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index b2b1ef289..578a32902 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -61,10 +61,9 @@ struct private_pubkey_authenticator_t { * Parse authentication data used for Signature Authentication as per RFC 7427 */ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, - signature_scheme_t *scheme) + signature_params_t *params) { uint8_t len; - int oid; if (!auth_data->len) { @@ -72,14 +71,11 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, } len = auth_data->ptr[0]; *auth_data = chunk_skip(*auth_data, 1); - /* we currently don't support schemes that require parameters */ - oid = asn1_parse_algorithmIdentifier(*auth_data, 1, NULL); - *scheme = signature_scheme_from_oid(oid); - if (*scheme == SIGN_UNKNOWN) + if (!signature_params_parse(*auth_data, 1, params)) { return FALSE; } - *key_type = key_type_from_signature_scheme(*scheme); + *key_type = key_type_from_signature_scheme(params->scheme); *auth_data = chunk_skip(*auth_data, len); return TRUE; } @@ -88,18 +84,16 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, * Build authentication data used for Signature Authentication as per RFC 7427 */ static bool build_signature_auth_data(chunk_t *auth_data, - signature_scheme_t scheme) + signature_params_t *params) { chunk_t data; uint8_t len; - int oid; - oid = signature_scheme_to_oid(scheme); - if (oid == OID_UNKNOWN) + if (!signature_params_build(params, &data)) { + chunk_free(auth_data); return FALSE; } - data = asn1_algorithmIdentifier(oid); len = data.len; *auth_data = chunk_cat("cmm", chunk_from_thing(len), data, *auth_data); return TRUE; @@ -114,13 +108,13 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, { enumerator_t *enumerator; signature_scheme_t scheme; - uintptr_t config; + signature_params_t *config; auth_rule_t rule; key_type_t key_type; bool have_config = FALSE; array_t *selected; - selected = array_create(sizeof(signature_scheme_t), 0); + selected = array_create(0, 0); key_type = private->get_type(private); enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &rule, &config)) @@ -130,12 +124,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, continue; } have_config = TRUE; - if (key_type == key_type_from_signature_scheme(config) && + if (key_type == key_type_from_signature_scheme(config->scheme) && keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(config))) + hasher_from_signature_scheme(config->scheme, + config->params))) { - scheme = config; - array_insert(selected, ARRAY_TAIL, &scheme); + array_insert(selected, ARRAY_TAIL, signature_params_clone(config)); } } enumerator->destroy(enumerator); @@ -146,12 +140,20 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, * and supported by the other peer */ enumerator = signature_schemes_for_key(key_type, private->get_keysize(private)); - while (enumerator->enumerate(enumerator, &scheme)) + while (enumerator->enumerate(enumerator, &config)) { + if (config->scheme == SIGN_RSA_EMSA_PSS && + !lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns)) + { + continue; + } if (keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(scheme))) + hasher_from_signature_scheme(config->scheme, + config->params))) { - array_insert(selected, ARRAY_TAIL, &scheme); + array_insert(selected, ARRAY_TAIL, + signature_params_clone(config)); } } enumerator->destroy(enumerator); @@ -180,9 +182,13 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, } } if (!found && keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(scheme))) + hasher_from_signature_scheme(scheme, + NULL))) { - array_insert(selected, ARRAY_TAIL, &scheme); + INIT(config, + .scheme = scheme, + ) + array_insert(selected, ARRAY_TAIL, config); } } } @@ -190,6 +196,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, return selected; } +CALLBACK(destroy_scheme, void, + signature_params_t *params, int idx, void *user) +{ + signature_params_destroy(params); +} + /** * Create a signature using RFC 7427 signature authentication */ @@ -199,7 +211,8 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, { enumerator_t *enumerator; keymat_v2_t *keymat; - signature_scheme_t scheme = SIGN_UNKNOWN, *schemep; + signature_scheme_t scheme = SIGN_UNKNOWN; + signature_params_t *params; array_t *schemes; chunk_t octets = chunk_empty; status_t status = FAILED; @@ -219,11 +232,12 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, schemes)) { enumerator = array_create_enumerator(schemes); - while (enumerator->enumerate(enumerator, &schemep)) + while (enumerator->enumerate(enumerator, ¶ms)) { - scheme = *schemep; - if (private->sign(private, scheme, octets, auth_data) && - build_signature_auth_data(auth_data, scheme)) + scheme = params->scheme; + if (private->sign(private, scheme, params->params, octets, + auth_data) && + build_signature_auth_data(auth_data, params)) { status = SUCCESS; break; @@ -240,7 +254,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id, signature_scheme_names, scheme, status == SUCCESS ? "successful" : "failed"); - array_destroy(schemes); + array_destroy_function(schemes, destroy_scheme, NULL); chunk_free(&octets); return status; } @@ -251,23 +265,27 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this, */ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this, bool verify, identification_t *id, - chunk_t *octets, signature_scheme_t *scheme) + chunk_t *octets, signature_params_t **scheme) { keymat_v2_t *keymat; array_t *schemes; bool success = FALSE; - schemes = array_create(sizeof(signature_scheme_t), 0); - array_insert(schemes, ARRAY_TAIL, scheme); + schemes = array_create(0, 0); + array_insert(schemes, ARRAY_TAIL, *scheme); keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa); if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce, id, this->reserved, octets, schemes) && - array_get(schemes, 0, &scheme)) + array_remove(schemes, 0, scheme)) { success = TRUE; } - array_destroy(schemes); + else + { + *scheme = NULL; + } + array_destroy_function(schemes, destroy_scheme, NULL); return success; } @@ -280,6 +298,7 @@ static status_t sign_classic(private_pubkey_authenticator_t *this, chunk_t *auth_data) { signature_scheme_t scheme; + signature_params_t *params; chunk_t octets = chunk_empty; status_t status = FAILED; @@ -317,11 +336,18 @@ static status_t sign_classic(private_pubkey_authenticator_t *this, return FAILED; } - if (get_auth_octets_scheme(this, FALSE, id, &octets, &scheme) && - private->sign(private, scheme, octets, auth_data)) + INIT(params, + .scheme = scheme, + ); + if (get_auth_octets_scheme(this, FALSE, id, &octets, ¶ms) && + private->sign(private, params->scheme, NULL, octets, auth_data)) { status = SUCCESS; } + if (params) + { + signature_params_destroy(params); + } DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id, auth_method_names, *auth_method, status == SUCCESS ? "successful" : "failed"); @@ -383,7 +409,7 @@ METHOD(authenticator_t, process, status_t, auth_cfg_t *auth, *current_auth; enumerator_t *enumerator; key_type_t key_type = KEY_ECDSA; - signature_scheme_t scheme; + signature_params_t *params; status_t status = NOT_FOUND; const char *reason = "unsupported"; bool online; @@ -393,25 +419,26 @@ METHOD(authenticator_t, process, status_t, { return FAILED; } + INIT(params); auth_method = auth_payload->get_auth_method(auth_payload); auth_data = auth_payload->get_data(auth_payload); switch (auth_method) { case AUTH_RSA: key_type = KEY_RSA; - scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + params->scheme = SIGN_RSA_EMSA_PKCS1_SHA1; break; case AUTH_ECDSA_256: - scheme = SIGN_ECDSA_256; + params->scheme = SIGN_ECDSA_256; break; case AUTH_ECDSA_384: - scheme = SIGN_ECDSA_384; + params->scheme = SIGN_ECDSA_384; break; case AUTH_ECDSA_521: - scheme = SIGN_ECDSA_521; + params->scheme = SIGN_ECDSA_521; break; case AUTH_DS: - if (parse_signature_auth_data(&auth_data, &key_type, &scheme)) + if (parse_signature_auth_data(&auth_data, &key_type, params)) { break; } @@ -420,10 +447,11 @@ METHOD(authenticator_t, process, status_t, default: DBG1(DBG_IKE, "%N authentication %s", auth_method_names, auth_method, reason); + signature_params_destroy(params); return INVALID_ARG; } id = this->ike_sa->get_other_id(this->ike_sa); - if (!get_auth_octets_scheme(this, TRUE, id, &octets, &scheme)) + if (!get_auth_octets_scheme(this, TRUE, id, &octets, ¶ms)) { return FAILED; } @@ -434,15 +462,17 @@ METHOD(authenticator_t, process, status_t, key_type, id, auth, online); while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { - if (public->verify(public, scheme, octets, auth_data)) + if (public->verify(public, params->scheme, params->params, octets, + auth_data)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", id, auth_method == AUTH_DS ? signature_scheme_names : auth_method_names, - auth_method == AUTH_DS ? scheme : auth_method); + auth_method == AUTH_DS ? params->scheme : auth_method); status = SUCCESS; auth->merge(auth, current_auth, FALSE); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); - auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, (uintptr_t)scheme); + auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, + signature_params_clone(params)); if (!online) { auth->add(auth, AUTH_RULE_CERT_VALIDATION_SUSPENDED, TRUE); @@ -457,6 +487,7 @@ METHOD(authenticator_t, process, status_t, } enumerator->destroy(enumerator); chunk_free(&octets); + signature_params_destroy(params); if (status == NOT_FOUND) { DBG1(DBG_IKE, "no trusted %N public key found for '%Y'", diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h index 36bf149fe..084ed40f0 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.h +++ b/src/libcharon/sa/ikev2/keymat_v2.h @@ -101,8 +101,9 @@ struct keymat_v2_t { * @param id identity * @param reserved reserved bytes of id_payload * @param octests chunk receiving allocated auth octets - * @param schemes array containing signature schemes in case they - * need to be modified by the keymat implementation + * @param schemes array containing signature schemes + * (signature_params_t*) in case they need to be + * modified by the keymat implementation * @return TRUE if octets created successfully */ bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index f974b9f58..d75d21715 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -158,7 +158,7 @@ static void send_supported_hash_algorithms(private_ike_init_t *this, peer_cfg_t *peer; auth_cfg_t *auth; auth_rule_t rule; - uintptr_t config; + signature_params_t *config; int written; size_t len = BUF_LEN; char buf[len]; @@ -177,7 +177,8 @@ static void send_supported_hash_algorithms(private_ike_init_t *this, { if (rule == AUTH_RULE_IKE_SIGNATURE_SCHEME) { - hash = hasher_from_signature_scheme(config); + hash = hasher_from_signature_scheme(config->scheme, + config->params); if (hasher_algorithm_for_ikev2(hash)) { algos->add(algos, hash); diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index d771d07ed..09ffd7160 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -762,7 +762,7 @@ METHOD(pts_t, verify_quote_signature, bool, return FALSE; } - if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature)) + if (!aik_pubkey->verify(aik_pubkey, scheme, NULL, digest, signature)) { DBG1(DBG_PTS, "signature verification failed for TPM Quote Info"); DESTROY_IF(aik_pubkey); diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index afca13428..0247add96 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -20,6 +20,7 @@ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ +credentials/keys/signature_params.c \ credentials/certificates/certificate.c credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c credentials/certificates/x509.c \ credentials/certificates/certificate_printer.c \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index ef1250862..a9759aeee 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -18,6 +18,7 @@ crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ credentials/keys/public_key.c credentials/keys/shared_key.c \ +credentials/keys/signature_params.c \ credentials/certificates/certificate.c credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c credentials/certificates/x509.c \ credentials/certificates/certificate_printer.c \ @@ -79,6 +80,7 @@ crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \ credentials/credential_factory.h credentials/builder.h \ credentials/cred_encoding.h credentials/keys/private_key.h \ credentials/keys/public_key.h credentials/keys/shared_key.h \ +credentials/keys/signature_params.h \ credentials/certificates/certificate.h credentials/certificates/x509.h \ credentials/certificates/ac.h credentials/certificates/crl.h \ credentials/certificates/pkcs10.h credentials/certificates/ocsp_request.h \ diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 8b9dc1c48..3f3a5c587 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -33,7 +33,15 @@ const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01); const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02); /* - * Defined in header. + * Described in header + */ +chunk_t asn1_algorithmIdentifier_params(int oid, chunk_t params) +{ + return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), params); +} + +/* + * Described in header */ chunk_t asn1_algorithmIdentifier(int oid) { @@ -55,7 +63,7 @@ chunk_t asn1_algorithmIdentifier(int oid) parameters = asn1_simple_object(ASN1_NULL, chunk_empty); break; } - return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters); + return asn1_algorithmIdentifier_params(oid, parameters); } /* @@ -609,6 +617,26 @@ uint64_t asn1_parse_integer_uint64(chunk_t blob) return val; } +/* + * Described in header + */ +chunk_t asn1_integer_from_uint64(uint64_t val) +{ + u_char buf[sizeof(val)]; + chunk_t enc = chunk_empty; + + if (val < 0x100) + { + buf[0] = (u_char)val; + return chunk_clone(chunk_create(buf, 1)); + } + for (enc.ptr = buf + sizeof(val); val; enc.len++, val >>= 8) + { /* fill the buffer from the end */ + *(--enc.ptr) = val & 0xff; + } + return chunk_clone(enc); +} + /** * ASN.1 definition of an algorithmIdentifier */ diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index f0b3e17e8..3c7389e5c 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -1,8 +1,8 @@ /* + * Copyright (C) 2011-2017 Tobias Brunner * Copyright (C) 2006 Martin Will * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -92,14 +92,23 @@ extern const chunk_t ASN1_INTEGER_2; /** Some ASN.1 analysis functions */ /** - * Build an algorithmIdentifier from a known OID. + * Build an algorithmIdentifier from a known OID with empty parameters. * * @param oid known OID index - * @return body of the corresponding OID, allocated + * @return body of the corresponding ASN.1 structure, allocated */ chunk_t asn1_algorithmIdentifier(int oid); /** + * Build an algorithmIdentifier from a known OID and the given prameters. + * + * @param oid known OID index + * @param params parameters to encode in the algorithmIdentifier (adopted) + * @return body of the corresponding ASN.1 structure, allocated + */ +chunk_t asn1_algorithmIdentifier_params(int oid, chunk_t params); + +/** * Converts an ASN.1 OID into a known OID index * * @param object body of an OID @@ -181,6 +190,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level0, uint64_t asn1_parse_integer_uint64(chunk_t blob); /** + * Converts an uint64_t to an ASN.1 INTEGER object. + * + * @param val integer to convert + * @return body of an ASN.1 coded integer object + */ +chunk_t asn1_integer_from_uint64(uint64_t val); + +/** * Print the value of an ASN.1 simple object * * @param object ASN.1 object to be printed diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index e4dffa857..9583baa5e 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -98,8 +98,9 @@ 0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA 0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA 0x07 "id-RSAES-OAEP" OID_RSAES_OAEP - 0x08 "id-mgf1" + 0x08 "id-mgf1" OID_MGF1 0x09 "id-pSpecified" + 0x0A "RSASSA-PSS" OID_RSASSA_PSS 0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA 0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA 0x0D "sha512WithRSAEncryption" OID_SHA512_WITH_RSA diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 07da596e4..d1be7b401 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2016 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil @@ -216,8 +216,6 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args) case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: /* integer type */ this->value = (void*)(uintptr_t)va_arg(args, u_int); @@ -232,6 +230,8 @@ static void init_entry(entry_t *this, auth_rule_t type, va_list args) case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: case AUTH_RULE_CERT_POLICY: + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: @@ -267,8 +267,6 @@ static bool entry_equals(entry_t *e1, entry_t *e2) case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: { return e1->value == e2->value; @@ -301,6 +299,11 @@ static bool entry_equals(entry_t *e1, entry_t *e2) return id1->equals(id1, id2); } + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: + { + return signature_params_equal(e1->value, e2->value); + } case AUTH_RULE_CERT_POLICY: case AUTH_RULE_XAUTH_BACKEND: case AUTH_HELPER_IM_HASH_URL: @@ -351,6 +354,12 @@ static void destroy_entry_value(entry_t *entry) free(entry->value); break; } + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: + { + signature_params_destroy(entry->value); + break; + } case AUTH_RULE_IDENTITY_LOOSE: case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: @@ -360,8 +369,6 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: case AUTH_RULE_MAX: break; @@ -394,8 +401,6 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); @@ -410,6 +415,8 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: case AUTH_RULE_CERT_POLICY: + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: @@ -472,9 +479,6 @@ METHOD(auth_cfg_t, get, void*, case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: return (void*)0; - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: - return (void*)HASH_UNKNOWN; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: return (void*)VALIDATION_FAILED; @@ -491,6 +495,8 @@ METHOD(auth_cfg_t, get, void*, case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: case AUTH_RULE_CERT_POLICY: + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: @@ -526,18 +532,46 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) } } +/** + * Create a constraint for RSA/PSS signatures + */ +static signature_params_t *create_rsa_pss_constraint(char *token) +{ + signature_params_t *params = NULL; + hash_algorithm_t hash; + + if (enum_from_name(hash_algorithm_short_names, token, &hash)) + { + rsa_pss_params_t pss = { + .hash = hash, + .mgf1_hash = hash, + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, + }; + signature_params_t pss_params = { + .scheme = SIGN_RSA_EMSA_PSS, + .params = &pss, + }; + params = signature_params_clone(&pss_params); + } + return params; +} + METHOD(auth_cfg_t, add_pubkey_constraints, void, private_auth_cfg_t *this, char* constraints, bool ike) { enumerator_t *enumerator; - bool is_ike = FALSE, ike_added = FALSE; + bool ike_added = FALSE, rsa_pss; key_type_t expected_type = -1; auth_rule_t expected_strength = AUTH_RULE_MAX; + signature_params_t *params; int strength; - char *token; + char *token, *key_token = NULL; auth_rule_t type; void *value; + rsa_pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); + enumerator = enumerator_create_token(constraints, "-", ""); while (enumerator->enumerate(enumerator, &token)) { @@ -583,67 +617,117 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } if (streq(token, "rsa") || streq(token, "ike:rsa")) { + key_token = token; + expected_type = KEY_RSA; + expected_strength = AUTH_RULE_RSA_STRENGTH; + continue; + } + if (streq(token, "rsa/pss") || streq(token, "ike:rsa/pss")) + { + key_token = token; expected_type = KEY_RSA; expected_strength = AUTH_RULE_RSA_STRENGTH; - is_ike = strpfx(token, "ike:"); continue; } if (streq(token, "ecdsa") || streq(token, "ike:ecdsa")) { + key_token = token; expected_type = KEY_ECDSA; expected_strength = AUTH_RULE_ECDSA_STRENGTH; - is_ike = strpfx(token, "ike:"); continue; } if (streq(token, "ed25519") || streq(token, "ike:ed25519")) { + key_token = token; expected_type = KEY_ED25519; - is_ike = strpfx(token, "ike:"); continue; } if (streq(token, "ed448") || streq(token, "ike:ed448")) { + key_token = token; expected_type = KEY_ED448; - is_ike = strpfx(token, "ike:"); continue; } if (streq(token, "bliss") || streq(token, "ike:bliss")) { + key_token = token; expected_type = KEY_BLISS; expected_strength = AUTH_RULE_BLISS_STRENGTH; - is_ike = strpfx(token, "ike:"); continue; } if (streq(token, "pubkey") || streq(token, "ike:pubkey")) { + key_token = token; expected_type = KEY_ANY; - is_ike = strpfx(token, "ike:"); continue; } - if (is_ike && !ike) + if (key_token && strpfx(key_token, "ike:") && !ike) { continue; } - for (i = 0; i < countof(schemes); i++) + if (key_token && streq(key_token + strlen(key_token) - 3, "pss")) + { + params = create_rsa_pss_constraint(token); + if (params) + { + if (strpfx(key_token, "ike:")) + { + add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params); + ike_added = TRUE; + } + else + { + add(this, AUTH_RULE_SIGNATURE_SCHEME, params); + } + found = TRUE; + } + } + else { - if (streq(schemes[i].name, token)) + if (rsa_pss) { - if (expected_type == KEY_ANY || expected_type == schemes[i].key) + if (expected_type == KEY_ANY || + expected_type == KEY_RSA) { - if (is_ike) + params = create_rsa_pss_constraint(token); + if (params) { - add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, - (uintptr_t)schemes[i].scheme); - ike_added = TRUE; + if (strpfx(key_token, "ike:")) + { + add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params); + ike_added = TRUE; + } + else + { + add(this, AUTH_RULE_SIGNATURE_SCHEME, params); + } + found = TRUE; } - else + } + } + for (i = 0; i < countof(schemes); i++) + { + if (streq(schemes[i].name, token)) + { + if (expected_type == KEY_ANY || + expected_type == schemes[i].key) { - add(this, AUTH_RULE_SIGNATURE_SCHEME, - (uintptr_t)schemes[i].scheme); + INIT(params, + .scheme = schemes[i].scheme, + ); + if (strpfx(key_token, "ike:")) + { + add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params); + ike_added = TRUE; + } + else + { + add(this, AUTH_RULE_SIGNATURE_SCHEME, params); + } } + found = TRUE; } - found = TRUE; } } if (!found) @@ -666,7 +750,7 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, if (type == AUTH_RULE_SIGNATURE_SCHEME) { add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, - (uintptr_t)value); + signature_params_clone(value)); } } enumerator->destroy(enumerator); @@ -681,20 +765,20 @@ static bool complies_scheme(private_auth_cfg_t *this, auth_cfg_t *constraints, { enumerator_t *e1, *e2; auth_rule_t t1, t2; - signature_scheme_t scheme; - void *value; + signature_params_t *params, *constraint; bool success = TRUE; e2 = create_enumerator(this); - while (e2->enumerate(e2, &t2, &scheme)) + while (e2->enumerate(e2, &t2, ¶ms)) { if (t2 == type) { success = FALSE; e1 = constraints->create_enumerator(constraints); - while (e1->enumerate(e1, &t1, &value)) + while (e1->enumerate(e1, &t1, &constraint)) { - if (t1 == type && (uintptr_t)value == scheme) + if (t1 == type && + signature_params_comply(constraint, params)) { success = TRUE; break; @@ -707,7 +791,7 @@ static bool complies_scheme(private_auth_cfg_t *this, auth_cfg_t *constraints, { DBG1(DBG_CFG, "%s signature scheme %N not acceptable", AUTH_RULE_SIGNATURE_SCHEME == type ? "X.509" : "IKE", - signature_scheme_names, (int)scheme); + signature_scheme_names, params->scheme); } break; } @@ -725,7 +809,7 @@ METHOD(auth_cfg_t, complies, bool, bool ca_match = FALSE, cert_match = FALSE; identification_t *require_group = NULL; certificate_t *require_ca = NULL, *require_cert = NULL; - signature_scheme_t ike_scheme = SIGN_UNKNOWN, scheme = SIGN_UNKNOWN; + signature_params_t *ike_scheme = NULL, *scheme = NULL; u_int strength = 0; auth_rule_t t1, t2; char *key_type; @@ -928,12 +1012,12 @@ METHOD(auth_cfg_t, complies, bool, } case AUTH_RULE_IKE_SIGNATURE_SCHEME: { - ike_scheme = (uintptr_t)value; + ike_scheme = value; break; } case AUTH_RULE_SIGNATURE_SCHEME: { - scheme = (uintptr_t)value; + scheme = value; break; } case AUTH_RULE_CERT_POLICY: @@ -983,12 +1067,12 @@ METHOD(auth_cfg_t, complies, bool, /* Check if we have a matching constraint (or none at all) for used * signature schemes. */ - if (success && scheme != SIGN_UNKNOWN) + if (success && scheme) { success = complies_scheme(this, constraints, AUTH_RULE_SIGNATURE_SCHEME, log_error); } - if (success && ike_scheme != SIGN_UNKNOWN) + if (success && ike_scheme) { success = complies_scheme(this, constraints, AUTH_RULE_IKE_SIGNATURE_SCHEME, log_error); @@ -1114,8 +1198,6 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: { add(this, type, (uintptr_t)value); @@ -1132,6 +1214,12 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: + { + add(this, type, signature_params_clone(value)); + break; + } case AUTH_RULE_XAUTH_BACKEND: case AUTH_RULE_CERT_POLICY: case AUTH_HELPER_IM_HASH_URL: @@ -1286,11 +1374,15 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*, case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: case AUTH_RULE_BLISS_STRENGTH: - case AUTH_RULE_SIGNATURE_SCHEME: - case AUTH_RULE_IKE_SIGNATURE_SCHEME: case AUTH_RULE_CERT_VALIDATION_SUSPENDED: clone->add(clone, type, (uintptr_t)value); break; + case AUTH_RULE_SIGNATURE_SCHEME: + case AUTH_RULE_IKE_SIGNATURE_SCHEME: + { + clone->add(clone, type, signature_params_clone(value)); + break; + } case AUTH_RULE_MAX: break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 7191dc1bc..2eb448546 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -106,9 +106,9 @@ enum auth_rule_t { AUTH_RULE_ECDSA_STRENGTH, /** required BLISS public key strength, u_int in bits */ AUTH_RULE_BLISS_STRENGTH, - /** required signature scheme, signature_scheme_t */ + /** required signature scheme, signature_params_t* */ AUTH_RULE_SIGNATURE_SCHEME, - /** required signature scheme for IKE authentication, signature_scheme_t */ + /** required signature scheme for IKE authentication, signature_params_t* */ AUTH_RULE_IKE_SIGNATURE_SCHEME, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index baa17c47d..0239ee17e 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -37,6 +37,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_NOT_BEFORE_TIME", "BUILD_NOT_AFTER_TIME", "BUILD_SERIAL", + "BUILD_SIGNATURE_SCHEME", "BUILD_DIGEST_ALG", "BUILD_ENCRYPTION_ALG", "BUILD_AC_GROUP_STRINGS", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 1c6f5001b..7928ef487 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -56,7 +56,7 @@ enum builder_part_t { BUILD_BLOB_PEM, /** OpenPGP key blob, chunk_t */ BUILD_BLOB_PGP, - /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */ + /** DNS public key blob (RFC 4034, RSA specific RFC 3110), chunk_t */ BUILD_BLOB_DNSKEY, /** SSH public key blob (RFC 4253), chunk_t */ BUILD_BLOB_SSHKEY, @@ -84,6 +84,8 @@ enum builder_part_t { BUILD_NOT_AFTER_TIME, /** a serial number in binary form, chunk_t */ BUILD_SERIAL, + /** signature scheme and parameters for signature, signature_params_t* */ + BUILD_SIGNATURE_SCHEME, /** digest algorithm to be used for signature, hash_algorithm_t */ BUILD_DIGEST_ALG, /** encryption algorithm to use, encryption_algorithm_t */ diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index d59126bd5..6dc5c7694 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -25,9 +25,9 @@ typedef struct certificate_t certificate_t; typedef enum certificate_type_t certificate_type_t; typedef enum cert_validation_t cert_validation_t; -#include <library.h> #include <utils/identification.h> #include <credentials/keys/public_key.h> +#include <credentials/keys/signature_params.h> #include <credentials/cred_encoding.h> /** @@ -139,11 +139,12 @@ struct certificate_t { * Check if this certificate is issued and signed by a specific issuer. * * @param issuer issuer's certificate - * @param scheme receives signature scheme used during verification + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if certificate issued by issuer and trusted */ bool (*issued_by)(certificate_t *this, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Get the public key associated to this certificate. diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 9e7815d04..8cc6a6c63 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -15,6 +15,7 @@ #include "pkcs12.h" +#include <library.h> #include <utils/debug.h> /** diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h index 0b6536430..1129357ba 100644 --- a/src/libstrongswan/credentials/cred_encoding.h +++ b/src/libstrongswan/credentials/cred_encoding.h @@ -25,7 +25,7 @@ typedef struct cred_encoding_t cred_encoding_t; typedef enum cred_encoding_type_t cred_encoding_type_t; typedef enum cred_encoding_part_t cred_encoding_part_t; -#include <library.h> +#include <utils/chunk.h> /** * Credential encoder function implementing encoding/fingerprinting. diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 9be7407ef..21b23f543 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -488,7 +488,7 @@ METHOD(credential_manager_t, remove_local_set, void, METHOD(credential_manager_t, issued_by, bool, private_credential_manager_t *this, certificate_t *subject, - certificate_t *issuer, signature_scheme_t *scheme) + certificate_t *issuer, signature_params_t **scheme) { if (this->cache) { @@ -661,7 +661,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this, */ static certificate_t *get_issuer_cert(private_credential_manager_t *this, certificate_t *subject, bool trusted, - signature_scheme_t *scheme) + signature_params_t **scheme) { enumerator_t *enumerator; certificate_t *issuer = NULL, *candidate; @@ -723,7 +723,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, { certificate_t *current, *issuer; auth_cfg_t *auth; - signature_scheme_t scheme; + signature_params_t *scheme; int pathlen; auth = auth_cfg_create(); diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h index 022ca566c..d99f29b85 100644 --- a/src/libstrongswan/credentials/credential_manager.h +++ b/src/libstrongswan/credentials/credential_manager.h @@ -241,12 +241,13 @@ struct credential_manager_t { * * @param subject subject certificate to check * @param issuer issuer certificate that potentially has signed subject - * @param scheme receives used signature scheme, if given + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if issuer signed subject */ bool (*issued_by)(credential_manager_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Register a credential set to the manager. diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index b9f7dad55..d7cfdd74d 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -42,11 +43,12 @@ struct private_key_t { * Create a signature over a chunk of data. * * @param scheme signature scheme to use + * @param params optional parameters required by the specified scheme * @param data chunk of data to sign * @param signature where to allocate created signature * @return TRUE if signature created */ - bool (*sign)(private_key_t *this, signature_scheme_t scheme, + bool (*sign)(private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature); /** * Decrypt a chunk of data. diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 87f7e6664..89fa9b348 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2015 Tobias Brunner - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2015-2017 Tobias Brunner * Copyright (C) 2014-2016 Andreas Steffen + * Copyright (C) 2007 Martin Willi * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,6 +18,7 @@ #include <asn1/oid.h> #include "public_key.h" +#include "signature_params.h" ENUM(key_type_names, KEY_ANY, KEY_BLISS, "ANY", @@ -42,6 +43,7 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512, "RSA_EMSA_PKCS1_SHA3_256", "RSA_EMSA_PKCS1_SHA3_384", "RSA_EMSA_PKCS1_SHA3_512", + "RSA_EMSA_PSS", "ECDSA_WITH_SHA1_DER", "ECDSA_WITH_SHA256_DER", "ECDSA_WITH_SHA384_DER", @@ -146,6 +148,8 @@ signature_scheme_t signature_scheme_from_oid(int oid) return SIGN_RSA_EMSA_PKCS1_SHA3_384; case OID_RSASSA_PKCS1V15_WITH_SHA3_512: return SIGN_RSA_EMSA_PKCS1_SHA3_512; + case OID_RSASSA_PSS: + return SIGN_RSA_EMSA_PSS; case OID_ECDSA_WITH_SHA1: case OID_EC_PUBLICKEY: return SIGN_ECDSA_WITH_SHA1_DER; @@ -210,6 +214,8 @@ int signature_scheme_to_oid(signature_scheme_t scheme) return OID_RSASSA_PKCS1V15_WITH_SHA3_384; case SIGN_RSA_EMSA_PKCS1_SHA3_512: return OID_RSASSA_PKCS1V15_WITH_SHA3_384; + case SIGN_RSA_EMSA_PSS: + return OID_RSASSA_PSS; case SIGN_ECDSA_WITH_SHA1_DER: return OID_ECDSA_WITH_SHA1; case SIGN_ECDSA_WITH_SHA256_DER: @@ -239,26 +245,42 @@ int signature_scheme_to_oid(signature_scheme_t scheme) } /** + * Parameters for RSA/PSS signature schemes + */ +#define PSS_PARAMS(bits) static rsa_pss_params_t pss_params_sha##bits = { \ + .hash = HASH_SHA##bits, \ + .mgf1_hash = HASH_SHA##bits, \ + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, \ +} + +PSS_PARAMS(256); +PSS_PARAMS(384); +PSS_PARAMS(512); + +/** * Map for signature schemes to the key type and maximum key size allowed. * We only cover schemes with hash algorithms supported by IKEv2 signature * authentication. */ static struct { - signature_scheme_t scheme; key_type_t type; int max_keysize; + signature_params_t params; } scheme_map[] = { - { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, - { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, - { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, - { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, - { SIGN_ED25519, KEY_ED25519, 0 }, - { SIGN_ED448, KEY_ED448, 0 }, - { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 }, - { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 }, - { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 } + { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, }}, + { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, }}, + { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, }}, + { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }}, + { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384 }}, + { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512 }}, + { KEY_ECDSA, 256, { .scheme = SIGN_ECDSA_WITH_SHA256_DER }}, + { KEY_ECDSA, 384, { .scheme = SIGN_ECDSA_WITH_SHA384_DER }}, + { KEY_ECDSA, 0, { .scheme = SIGN_ECDSA_WITH_SHA512_DER }}, + { KEY_ED25519, 0, { .scheme = SIGN_ED25519 }}, + { KEY_ED448, 0, { .scheme = SIGN_ED448 }}, + { KEY_BLISS, 128, { .scheme = SIGN_BLISS_WITH_SHA2_256 }}, + { KEY_BLISS, 192, { .scheme = SIGN_BLISS_WITH_SHA2_384 }}, + { KEY_BLISS, 0, { .scheme = SIGN_BLISS_WITH_SHA2_512 }}, }; /** @@ -274,9 +296,9 @@ typedef struct { METHOD(enumerator_t, signature_schemes_enumerate, bool, private_enumerator_t *this, va_list args) { - signature_scheme_t *scheme; + signature_params_t **params; - VA_ARGS_VGET(args, scheme); + VA_ARGS_VGET(args, params); while (++this->index < countof(scheme_map)) { @@ -284,7 +306,7 @@ METHOD(enumerator_t, signature_schemes_enumerate, bool, (this->size <= scheme_map[this->index].max_keysize || !scheme_map[this->index].max_keysize)) { - *scheme = scheme_map[this->index].scheme; + *params = &scheme_map[this->index].params; return TRUE; } } @@ -332,6 +354,7 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_SHA3_256: case SIGN_RSA_EMSA_PKCS1_SHA3_384: case SIGN_RSA_EMSA_PKCS1_SHA3_512: + case SIGN_RSA_EMSA_PSS: return KEY_RSA; case SIGN_ECDSA_WITH_SHA1_DER: case SIGN_ECDSA_WITH_SHA256_DER: diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 06c1aa488..877ed20a2 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2015 Tobias Brunner - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2015-2017 Tobias Brunner * Copyright (C) 2014-2017 Andreas Steffen + * Copyright (C) 2007 Martin Willi * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,7 +28,6 @@ typedef enum key_type_t key_type_t; typedef enum signature_scheme_t signature_scheme_t; typedef enum encryption_scheme_t encryption_scheme_t; -#include <library.h> #include <utils/identification.h> #include <credentials/cred_encoding.h> @@ -89,6 +88,8 @@ enum signature_scheme_t { SIGN_RSA_EMSA_PKCS1_SHA3_384, /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */ SIGN_RSA_EMSA_PKCS1_SHA3_512, + /** EMSA-PSS signature as in PKCS#1 using RSA */ + SIGN_RSA_EMSA_PSS, /** ECDSA with SHA-1 using DER encoding as in RFC 3279 */ SIGN_ECDSA_WITH_SHA1_DER, /** ECDSA with SHA-256 using DER encoding as in RFC 3279 */ @@ -168,12 +169,13 @@ struct public_key_t { /** * Verifies a signature against a chunk of data. * - * @param scheme signature scheme to use for verification, may be default + * @param scheme signature scheme to use for verification + * @param params optional parameters required by the specified scheme * @param data data to check signature against * @param signature signature to check * @return TRUE if signature matches */ - bool (*verify)(public_key_t *this, signature_scheme_t scheme, + bool (*verify)(public_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t signature); /** @@ -279,11 +281,11 @@ int signature_scheme_to_oid(signature_scheme_t scheme); /** * Enumerate signature schemes that are appropriate for a key of the given type - * and size|strength. + * and size|strength ordered by increasing strength. * * @param type type of the key * @param size size or strength of the key - * @return enumerator over signature_scheme_t (increasing strength) + * @return enumerator over signature_params_t* (by strength) */ enumerator_t *signature_schemes_for_key(key_type_t type, int size); diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c new file mode 100644 index 000000000..6b4d22e7b --- /dev/null +++ b/src/libstrongswan/credentials/keys/signature_params.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "signature_params.h" + +#include <asn1/oid.h> +#include <asn1/asn1_parser.h> + +/** + * Determine the salt length in case it is not configured + */ +static ssize_t rsa_pss_salt_length(rsa_pss_params_t *pss) +{ + ssize_t salt_len = pss->salt_len; + + if (salt_len <= RSA_PSS_SALT_LEN_DEFAULT) + { + salt_len = hasher_hash_size(pss->hash); + if (!salt_len) + { + return -1; + } + } + return salt_len; +} + +/** + * Compare two signature schemes and their parameters + */ +static bool compare_params(signature_params_t *a, signature_params_t *b, + bool strict) +{ + if (!a && !b) + { + return TRUE; + } + if (!a || !b) + { + return FALSE; + } + if (a->scheme != b->scheme) + { + return FALSE; + } + if (!a->params && !b->params) + { + return TRUE; + } + if (a->params && b->params) + { + switch (a->scheme) + { + case SIGN_RSA_EMSA_PSS: + { + rsa_pss_params_t *pss_a = a->params, *pss_b = b->params; + + return pss_a->hash == pss_b->hash && + pss_a->mgf1_hash == pss_b->mgf1_hash && + (!strict || + rsa_pss_salt_length(pss_a) == rsa_pss_salt_length(pss_b)); + } + default: + break; + } + } + return FALSE; +} + +/* + * Described in header + */ +bool signature_params_equal(signature_params_t *a, signature_params_t *b) +{ + return compare_params(a, b, TRUE); +} + +/* + * Described in header + */ +bool signature_params_comply(signature_params_t *c, signature_params_t *s) +{ /* the salt is variable, so it does not necessarily have to be the same */ + return compare_params(c, s, FALSE); +} + +/* + * Described in header + */ +signature_params_t *signature_params_clone(signature_params_t *this) +{ + signature_params_t *clone; + + if (!this) + { + return NULL; + } + + INIT(clone, + .scheme = this->scheme, + ); + if (this->params) + { + switch (this->scheme) + { + case SIGN_RSA_EMSA_PSS: + { + rsa_pss_params_t *pss, *pss_clone; + + pss = this->params; + INIT(pss_clone, + .hash = pss->hash, + .mgf1_hash = pss->mgf1_hash, + .salt_len = pss->salt_len, + /* ignore salt as only used for unit tests */ + ); + clone->params = pss_clone; + break; + } + default: + break; + } + } + return clone; +} + +/* + * Described in header + */ +void signature_params_destroy(signature_params_t *this) +{ + if (this) + { + free(this->params); + free(this); + } +} + +/* + * Described in header + */ +void signature_params_clear(signature_params_t *this) +{ + if (this) + { + free(this->params); + this->params = NULL; + this->scheme = SIGN_UNKNOWN; + } +} + +/* + * Described in header + */ +bool signature_params_parse(chunk_t asn1, int level0, + signature_params_t *params) +{ + chunk_t parameters = chunk_empty; + int oid; + + oid = asn1_parse_algorithmIdentifier(asn1, level0, ¶meters); + params->scheme = signature_scheme_from_oid(oid); + switch (params->scheme) + { + case SIGN_UNKNOWN: + return FALSE; + case SIGN_RSA_EMSA_PSS: + { + rsa_pss_params_t *pss = malloc_thing(rsa_pss_params_t); + + if (!rsa_pss_params_parse(parameters, level0+1, pss)) + { + DBG1(DBG_IKE, "failed parsing RSASSA-PSS parameters"); + free(pss); + return FALSE; + } + params->params = pss; + break; + } + default: + params->params = NULL; + break; + } + return TRUE; +} + +/* + * Described in header + */ +bool signature_params_build(signature_params_t *params, chunk_t *asn1) +{ + chunk_t parameters = chunk_empty; + int oid; + + oid = signature_scheme_to_oid(params->scheme); + if (oid == OID_UNKNOWN) + { + return FALSE; + } + if (params->scheme == SIGN_RSA_EMSA_PSS && + !rsa_pss_params_build(params->params, ¶meters)) + { + return FALSE; + } + if (parameters.len) + { + *asn1 = asn1_algorithmIdentifier_params(oid, parameters); + } + else + { + *asn1 = asn1_algorithmIdentifier(oid); + } + return TRUE; +} + +/** + * ASN.1 definition of RSASSA-PSS-params + */ +static const asn1Object_t RSASSAPSSParamsObjects[] = { + { 0, "RSASSA-PSS-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "DEFAULT SHA-1", ASN1_CONTEXT_C_0, ASN1_DEF }, /* 1 */ + { 2, "hashAlgorithm", ASN1_EOC, ASN1_RAW }, /* 2 */ + { 1, "DEFAULT MGF1SHA1", ASN1_CONTEXT_C_1, ASN1_DEF }, /* 3 */ + { 2, "maskGenAlgorithm",ASN1_EOC, ASN1_RAW }, /* 4 */ + { 1, "DEFAULT 20", ASN1_CONTEXT_C_2, ASN1_DEF }, /* 5 */ + { 2, "saltLength", ASN1_INTEGER, ASN1_BODY }, /* 6 */ + { 1, "DEFAULT 1", ASN1_CONTEXT_C_3, ASN1_DEF }, /* 7 */ + { 2, "trailerField", ASN1_INTEGER, ASN1_BODY }, /* 8 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define RSASSA_PSS_PARAMS_HASH_ALG 2 +#define RSASSA_PSS_PARAMS_MGF_ALG 4 +#define RSASSA_PSS_PARAMS_SALT_LEN 6 +#define RSASSA_PSS_PARAMS_TRAILER 8 + +/* + * Described in header + */ +bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID, alg; + bool success = FALSE; + + params->hash = HASH_SHA1; + params->mgf1_hash = HASH_SHA1; + params->salt_len = HASH_SIZE_SHA1; + + parser = asn1_parser_create(RSASSAPSSParamsObjects, asn1); + parser->set_top_level(parser, level0); + + while (parser->iterate(parser, &objectID, &object)) + { + u_int level = parser->get_level(parser)+1; + + switch (objectID) + { + case RSASSA_PSS_PARAMS_HASH_ALG: + if (object.len) + { + alg = asn1_parse_algorithmIdentifier(object, level, NULL); + params->hash = hasher_algorithm_from_oid(alg); + if (params->hash == HASH_UNKNOWN) + { + goto end; + } + } + break; + case RSASSA_PSS_PARAMS_MGF_ALG: + if (object.len) + { + chunk_t hash; + + alg = asn1_parse_algorithmIdentifier(object, level, &hash); + if (alg != OID_MGF1) + { + goto end; + } + alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL); + params->mgf1_hash = hasher_algorithm_from_oid(alg); + if (params->mgf1_hash == HASH_UNKNOWN) + { + goto end; + } + } + break; + case RSASSA_PSS_PARAMS_SALT_LEN: + if (object.len) + { + params->salt_len = (size_t)asn1_parse_integer_uint64(object); + } + break; + case RSASSA_PSS_PARAMS_TRAILER: + if (object.len && (object.len != 1 || *object.ptr != 1)) + { + goto end; + } + break; + default: + break; + } + } + success = parser->success(parser); + +end: + parser->destroy(parser); + return success; +} + +/* + * Described in header + */ +bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1) +{ + chunk_t hash = chunk_empty, mgf = chunk_empty, slen = chunk_empty; + ssize_t salt_len; + int alg; + + if (params->hash != HASH_SHA1) + { /* with SHA-1 we MUST omit the field */ + alg = hasher_algorithm_to_oid(params->hash); + if (alg == OID_UNKNOWN) + { + return FALSE; + } + hash = asn1_algorithmIdentifier(alg); + } + if (params->mgf1_hash != HASH_SHA1) + { /* with MGF1-SHA1 we MUST omit the field */ + alg = hasher_algorithm_to_oid(params->mgf1_hash); + if (alg == OID_UNKNOWN) + { + chunk_free(&hash); + return FALSE; + } + mgf = asn1_algorithmIdentifier_params(OID_MGF1, + asn1_algorithmIdentifier(alg)); + } + salt_len = rsa_pss_salt_length(params); + if (salt_len < 0) + { + chunk_free(&hash); + chunk_free(&mgf); + return FALSE; + } + else if (salt_len != HASH_SIZE_SHA1) + { + slen = asn1_integer("m", asn1_integer_from_uint64(salt_len)); + } + *asn1 = asn1_wrap(ASN1_SEQUENCE, "mmm", + hash.len ? asn1_wrap(ASN1_CONTEXT_C_0, "m", hash) : chunk_empty, + mgf.len ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf) : chunk_empty, + slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty); + return TRUE; +} diff --git a/src/libstrongswan/credentials/keys/signature_params.h b/src/libstrongswan/credentials/keys/signature_params.h new file mode 100644 index 000000000..6934c5e88 --- /dev/null +++ b/src/libstrongswan/credentials/keys/signature_params.h @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup signature_params signature_params + * @{ @ingroup keys + */ + +#ifndef SIGNATURE_PARAMS_H_ +#define SIGNATURE_PARAMS_H_ + +typedef struct signature_params_t signature_params_t; +typedef struct rsa_pss_params_t rsa_pss_params_t; + +#include <crypto/hashers/hasher.h> + +/** + * Signature scheme with parameters + */ +struct signature_params_t { + /** Signature scheme */ + signature_scheme_t scheme; + /** Parameters, depending on scheme */ + void *params; +}; + +/** + * Compare two signature schemes and their parameters + * + * @param a first scheme + * @param b second scheme + * @return TRUE if schemes and parameters are equal + */ +bool signature_params_equal(signature_params_t *a, signature_params_t *b); + +/** + * Compare two signature schemes and their parameters + * + * @param c constraint + * @param s scheme + * @return TRUE if scheme complies to constraint + */ +bool signature_params_comply(signature_params_t *c, signature_params_t *s); + +/** + * Clone the given scheme and parameters, if any + * + * @return cloned object + */ +signature_params_t *signature_params_clone(signature_params_t *this); + +/** + * Destroy the given scheme and parameters, if any + */ +void signature_params_destroy(signature_params_t *this); + +/** + * Clear the given parameters, if any, sets the scheme to SIGN_UNKNOWN + */ +void signature_params_clear(signature_params_t *this); + +/** + * Parse an ASN.1 algorithmIdentifier with parameters denoting a signature + * scheme. + * + * @param asn1 ASN.1 encoded RSASSA-PSS-params + * @param level0 current level of the ASN.1 parser + * @param params parsed parameters + * @return TRUE if successfully parsed + */ +bool signature_params_parse(chunk_t asn1, int level0, + signature_params_t *params); + +/** + * Build ASN.1 algorithmIdentifier with parameters denoting a signature scheme. + * + * @param params signature scheme and parameters to encode + * @param asn1 ASN.1 encoded algorithmIdentifier (allocated) + * @return TRUE if successfully built + */ +bool signature_params_build(signature_params_t *params, chunk_t *asn1); + +/** + * Parameters for SIGN_RSA_EMSA_PSS signature scheme + */ +struct rsa_pss_params_t { + /** Hash algorithm */ + hash_algorithm_t hash; + /** Hash for the MGF1 function */ + hash_algorithm_t mgf1_hash; + /** Salt length, use RSA_PSS_SALT_LEN_DEFAULT for length equal to hash */ + ssize_t salt_len; + /** Salt value, for unit tests (not all implementations support this) */ + chunk_t salt; +#define RSA_PSS_SALT_LEN_DEFAULT -1 +}; + +/** + * Parse the given ASN.1 algorithm identifier params + * + * @param asn1 ASN.1 encoded RSASSA-PSS-params + * @param level0 current level of the ASN.1 parser + * @param params parsed parameters + * @return TRUE if successfully parsed + */ +bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params); + +/** + * Build ASN.1 algorithm identifier params + * + * @param params parameters to encode + * @param asn1 ASN.1 encoded RSASSA-PSS-params (allocated) + * @return TRUE if successfully built + */ +bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1); + +#endif /** SIGNATURE_PARAMS_H_ @}*/ diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 92d5efdc6..0e64f0350 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -48,9 +48,9 @@ struct relation_t { certificate_t *issuer; /** - * Signature scheme used to sign this relation + * Signature scheme and parameters used to sign this relation */ - signature_scheme_t scheme; + signature_params_t *scheme; /** * Cache hits @@ -84,7 +84,7 @@ struct private_cert_cache_t { */ static void cache(private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t scheme) + signature_params_t *scheme) { relation_t *rel; int i, offset, try; @@ -118,7 +118,8 @@ static void cache(private_cert_cache_t *this, { rel->subject->destroy(rel->subject); rel->subject = subject->get_ref(subject); - rel->scheme = scheme; + signature_params_destroy(rel->scheme); + rel->scheme = signature_params_clone(scheme); return rel->lock->unlock(rel->lock); } } @@ -139,7 +140,7 @@ static void cache(private_cert_cache_t *this, { rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); - rel->scheme = scheme; + rel->scheme = signature_params_clone(scheme); return rel->lock->unlock(rel->lock); } rel->lock->unlock(rel->lock); @@ -165,10 +166,11 @@ static void cache(private_cert_cache_t *this, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); } rel->subject = subject->get_ref(subject); rel->issuer = issuer->get_ref(issuer); - rel->scheme = scheme; + rel->scheme = signature_params_clone(scheme); rel->hits = 0; return rel->lock->unlock(rel->lock); } @@ -180,11 +182,11 @@ static void cache(private_cert_cache_t *this, METHOD(cert_cache_t, issued_by, bool, private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **schemep) { certificate_t *cached_issuer = NULL; relation_t *found = NULL, *current; - signature_scheme_t scheme; + signature_params_t *scheme; int i; for (i = 0; i < CACHE_SIZE; i++) @@ -202,7 +204,7 @@ METHOD(cert_cache_t, issued_by, bool, found = current; if (schemep) { - *schemep = current->scheme; + *schemep = signature_params_clone(current->scheme); } } else if (!cached_issuer) @@ -225,6 +227,10 @@ METHOD(cert_cache_t, issued_by, bool, { *schemep = scheme; } + else + { + signature_params_destroy(scheme); + } DESTROY_IF(cached_issuer); return TRUE; } @@ -383,8 +389,10 @@ METHOD(cert_cache_t, flush, void, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); rel->subject = NULL; rel->issuer = NULL; + rel->scheme = NULL; rel->hits = 0; } } @@ -405,6 +413,7 @@ METHOD(cert_cache_t, destroy, void, { rel->subject->destroy(rel->subject); rel->issuer->destroy(rel->issuer); + signature_params_destroy(rel->scheme); } rel->lock->destroy(rel->lock); } @@ -438,6 +447,7 @@ cert_cache_t *cert_cache_create() { this->relations[i].subject = NULL; this->relations[i].issuer = NULL; + this->relations[i].scheme = NULL; this->relations[i].hits = 0; this->relations[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); } diff --git a/src/libstrongswan/credentials/sets/cert_cache.h b/src/libstrongswan/credentials/sets/cert_cache.h index 2bcdbe464..2235bc30d 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.h +++ b/src/libstrongswan/credentials/sets/cert_cache.h @@ -45,12 +45,13 @@ struct cert_cache_t { * * @param subject certificate to verify * @param issuer issuing certificate to verify subject - * @param scheme receives used signature scheme, if given + * @param scheme receives used signature scheme and parameters, if + * given (allocated) * @return TRUE if subject issued by issuer */ bool (*issued_by)(cert_cache_t *this, certificate_t *subject, certificate_t *issuer, - signature_scheme_t *scheme); + signature_params_t **scheme); /** * Flush the certificate cache. diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 6b5c05c46..713d7beb3 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -19,6 +19,7 @@ #include "hasher.h" #include <asn1/oid.h> +#include <credentials/keys/signature_params.h> ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY, "HASH_SHA1", @@ -57,6 +58,44 @@ ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY ENUM_END(hash_algorithm_short_names, HASH_SHA3_512); /* + * Described in header + */ +size_t hasher_hash_size(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return HASH_SIZE_SHA1; + case HASH_SHA256: + return HASH_SIZE_SHA256; + case HASH_SHA384: + return HASH_SIZE_SHA384; + case HASH_SHA512: + return HASH_SIZE_SHA512; + case HASH_MD2: + return HASH_SIZE_MD2; + case HASH_MD4: + return HASH_SIZE_MD4; + case HASH_MD5: + return HASH_SIZE_MD5; + case HASH_SHA224: + return HASH_SIZE_SHA224; + case HASH_SHA3_224: + return HASH_SIZE_SHA224; + case HASH_SHA3_256: + return HASH_SIZE_SHA256; + case HASH_SHA3_384: + return HASH_SIZE_SHA384; + case HASH_SHA3_512: + return HASH_SIZE_SHA512; + case HASH_IDENTITY: + case HASH_UNKNOWN: + break; + } + return 0; +} + +/* * Described in header. */ hash_algorithm_t hasher_algorithm_from_oid(int oid) @@ -445,7 +484,8 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) /* * Defined in header. */ -hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) +hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme, + void *params) { switch (scheme) { @@ -453,6 +493,13 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_NULL: case SIGN_ECDSA_WITH_NULL: break; + case SIGN_RSA_EMSA_PSS: + if (params) + { + rsa_pss_params_t *pss = params; + return pss->hash; + } + break; case SIGN_ED25519: case SIGN_ED448: return HASH_IDENTITY; diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index ec0c6320b..d1f11fa1c 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -27,7 +27,6 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; -#include <library.h> #include <crypto/prfs/prf.h> #include <crypto/signers/signer.h> #include <credentials/keys/public_key.h> @@ -131,6 +130,14 @@ struct hasher_t { }; /** + * Returns the size of the hash for the given algorithm. + * + * @param alg hash algorithm + * @return size of hash or 0 if unknown + */ +size_t hasher_hash_size(hash_algorithm_t alg); + +/** * Conversion of ASN.1 OID to hash algorithm. * * @param oid ASN.1 OID @@ -199,8 +206,10 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key); * Determine the hash algorithm associated with a given signature scheme. * * @param scheme signature scheme + * @param params optional parameters * @return hash algorithm (could be HASH_UNKNOWN) */ -hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme); +hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme, + void *params); #endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index bf443e5f4..fe9ffc2dd 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -25,7 +25,8 @@ typedef enum pseudo_random_function_t pseudo_random_function_t; typedef struct prf_t prf_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Pseudo random function, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 01b702da1..8958e66e9 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -25,7 +25,8 @@ typedef enum integrity_algorithm_t integrity_algorithm_t; typedef struct signer_t signer_t; -#include <library.h> +#include <utils/utils.h> +#include <utils/chunk.h> /** * Integrity algorithm, as in IKEv2 RFC 3.3.2. diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c index 1e9c2834b..2b866ae5b 100644 --- a/src/libstrongswan/crypto/xofs/xof.c +++ b/src/libstrongswan/crypto/xofs/xof.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -18,10 +19,42 @@ ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20, "XOF_UNDEFINED", "XOF_MGF1_SHA1", + "XOF_MGF1_SHA224", "XOF_MGF1_SHA256", + "XOF_MGF1_SHA384", "XOF_MGF1_SHA512", "XOF_SHAKE128", "XOF_SHAKE256", "XOF_CHACHA20" ); +/* + * Described in header + */ +ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return XOF_MGF1_SHA1; + case HASH_SHA224: + return XOF_MGF1_SHA224; + case HASH_SHA256: + return XOF_MGF1_SHA256; + case HASH_SHA384: + return XOF_MGF1_SHA384; + case HASH_SHA512: + return XOF_MGF1_SHA512; + case HASH_IDENTITY: + case HASH_UNKNOWN: + case HASH_MD2: + case HASH_MD4: + case HASH_MD5: + case HASH_SHA3_224: + case HASH_SHA3_256: + case HASH_SHA3_384: + case HASH_SHA3_512: + break; + } + return XOF_UNDEFINED; +} diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h index 8c9ae0131..934a1ee35 100644 --- a/src/libstrongswan/crypto/xofs/xof.h +++ b/src/libstrongswan/crypto/xofs/xof.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * @@ -31,11 +32,15 @@ typedef struct xof_t xof_t; */ enum ext_out_function_t { XOF_UNDEFINED, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA1, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ + XOF_MGF1_SHA224, + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA256, - /** RFC 2437 PKCS#1 */ + /** RFC 8017 PKCS#1 */ + XOF_MGF1_SHA384, + /** RFC 8017 PKCS#1 */ XOF_MGF1_SHA512, /** FIPS 202 */ XOF_SHAKE_128, @@ -111,4 +116,12 @@ struct xof_t { void (*destroy)(xof_t *this); }; +/** + * Determine an MGF1 XOF type for the given hash algorithm. + * + * @param alg hash algorithm to map + * @return MGF1 XOF type if available, XOF_UNDEFINED otherwise + */ +ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg); + #endif /** XOF_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index bb55c45c0..cf2c5ea85 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -233,7 +233,7 @@ static bool scheme_supported(private_agent_private_key_t *this, } METHOD(private_key_t, sign, bool, - private_agent_private_key_t *this, signature_scheme_t scheme, + private_agent_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { uint32_t len, flags; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 25253ed37..964edcd93 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -512,7 +512,7 @@ end: } METHOD(private_key_t, sign, bool, - private_bliss_private_key_t *this, signature_scheme_t scheme, + private_bliss_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { switch (scheme) diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index f7ddbbfd2..945840cdc 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -194,7 +194,7 @@ end: } METHOD(public_key_t, verify, bool, - private_bliss_public_key_t *this, signature_scheme_t scheme, + private_bliss_public_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t signature) { switch (scheme) diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c index d871068da..908ea910d 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c @@ -118,9 +118,9 @@ START_TEST(test_bliss_sign_all) /* generate and verify 1000 BLISS signatures */ while (verify_count--) { - ck_assert(privkey->sign(privkey, signature_scheme, msg, + ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg, &signature)); - ck_assert(pubkey->verify(pubkey, signature_scheme, msg, + ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg, signature)); free(signature.ptr); } @@ -172,18 +172,18 @@ START_TEST(test_bliss_sign_fail) ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL)); /* sign with invalid signature scheme */ - ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, msg, &signature)); + ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature)); /* generate valid signature */ msg = chunk_from_str("Hello Dolly!"); - ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature)); + ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature)); /* verify with invalid signature scheme */ - ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature)); + ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature)); /* corrupt signature */ signature.ptr[signature.len - 1] ^= 0x80; - ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature)); + ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, signature)); free(signature.ptr); privkey->destroy(privkey); diff --git a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c index 2a7303c4b..878be4ca5 100644 --- a/src/libstrongswan/plugins/curve25519/curve25519_private_key.c +++ b/src/libstrongswan/plugins/curve25519/curve25519_private_key.c @@ -63,7 +63,7 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, sign, bool, private_curve25519_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) + void *params, chunk_t data, chunk_t *signature) { uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512]; hasher_t *hasher; diff --git a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c index d07776354..1d4dec565 100644 --- a/src/libstrongswan/plugins/curve25519/curve25519_public_key.c +++ b/src/libstrongswan/plugins/curve25519/curve25519_public_key.c @@ -50,7 +50,7 @@ METHOD(public_key_t, get_type, key_type_t, METHOD(public_key_t, verify, bool, private_curve25519_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) + void *params, chunk_t data, chunk_t signature) { hasher_t *hasher; uint8_t d = 0, k[HASH_SIZE_SHA512], r[32], *sig; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 7ecba8fa9..8a3de1e01 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -118,6 +118,28 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE), PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + /* signature schemes, private */ +#if GCRYPT_VERSION_NUMBER >= 0x010700 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), +#endif + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), + /* signature verification schemes */ +#if GCRYPT_VERSION_NUMBER >= 0x010700 + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), +#endif + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), /* random numbers */ PLUGIN_REGISTER(RNG, gcrypt_rng_create), PLUGIN_PROVIDE(RNG, RNG_WEAK), diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 15b876b3f..c06f43348 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +22,7 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> +#include <credentials/keys/signature_params.h> typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t; @@ -147,51 +149,100 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, } /** - * Sign a chunk of data using hashing and PKCS#1 encoding + * Sign a chunk of data using hashing and PKCS#1v1.5/EMSA-PSS encoding */ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, - hash_algorithm_t hash_algorithm, char *hash_name, + hash_algorithm_t hash_algorithm, rsa_pss_params_t *pss, chunk_t data, chunk_t *signature) { hasher_t *hasher; chunk_t hash; gcry_error_t err; gcry_sexp_t in, out; - int hash_oid; + char *hash_name = enum_to_name(hash_algorithm_short_names, hash_algorithm); - hash_oid = hasher_algorithm_to_oid(hash_algorithm); - if (hash_oid == OID_UNKNOWN) + hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); + if (!hasher) { + DBG1(DBG_LIB, "hash algorithm %N not supported", + hash_algorithm_names, hash_algorithm); return FALSE; } - hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) + if (!hasher->allocate_hash(hasher, data, &hash)) { - DESTROY_IF(hasher); + hasher->destroy(hasher); return FALSE; } hasher->destroy(hasher); - err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", - hash_name, hash.len, hash.ptr); + if (pss) + { + if (pss->salt.len) + { + err = gcry_sexp_build(&in, NULL, + "(data(flags pss)(salt-length %u)" + "(random-override %b)(hash %s %b))", + pss->salt.len, pss->salt.len, pss->salt.ptr, + hash_name, hash.len, hash.ptr); + } + else + { + u_int slen = hasher_hash_size(hash_algorithm); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + err = gcry_sexp_build(&in, NULL, + "(data(flags pss)(salt-length %u)(hash %s %b))", + slen, hash_name, hash.len, hash.ptr); + } + } + else + { + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", + hash_name, hash.len, hash.ptr); + } chunk_free(&hash); if (err) { - DBG1(DBG_LIB, "building signature S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building signature S-expression failed: %s", + gpg_strerror(err)); return FALSE; } err = gcry_pk_sign(&out, in, this->key); gcry_sexp_release(in); if (err) { - DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", + gpg_strerror(err)); return FALSE; } + *signature = gcrypt_rsa_find_token(out, "s", this->key); gcry_sexp_release(out); return !!signature->len; } +#if GCRYPT_VERSION_NUMBER >= 0x010700 +/** + * Sign a chunk of data using hashing and EMSA-PSS encoding + */ +static bool sign_pss(private_gcrypt_rsa_private_key_t *this, + rsa_pss_params_t *params, chunk_t data, chunk_t *signature) +{ + if (!params) + { + return FALSE; + } + if (params->mgf1_hash != params->hash) + { + DBG1(DBG_LIB, "unable to use a different MGF1 hash for RSA-PSS"); + return FALSE; + } + return sign_pkcs1(this, params->hash, params, data, signature); +} +#endif + METHOD(private_key_t, get_type, key_type_t, private_gcrypt_rsa_private_key_t *this) { @@ -200,24 +251,28 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, sign, bool, private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *sig) + void *params, chunk_t data, chunk_t *sig) { switch (scheme) { case SIGN_RSA_EMSA_PKCS1_NULL: return sign_raw(this, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA2_224: - return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig); + return sign_pkcs1(this, HASH_SHA224, NULL, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA2_256: - return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig); + return sign_pkcs1(this, HASH_SHA256, NULL, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA2_384: - return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig); + return sign_pkcs1(this, HASH_SHA384, NULL, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA2_512: - return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig); + return sign_pkcs1(this, HASH_SHA512, NULL, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA1: - return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); + return sign_pkcs1(this, HASH_SHA1, NULL, data, sig); case SIGN_RSA_EMSA_PKCS1_MD5: - return sign_pkcs1(this, HASH_MD5, "md5", data, sig); + return sign_pkcs1(this, HASH_MD5, NULL, data, sig); +#if GCRYPT_VERSION_NUMBER >= 0x010700 + case SIGN_RSA_EMSA_PSS: + return sign_pss(this, params, data, sig); +#endif default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); @@ -498,16 +553,131 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, } /** + * Recover the primes from n, e and d using the algorithm described in + * Appendix C of NIST SP 800-56B. + */ +static bool calculate_pqu(chunk_t cn, chunk_t ce, chunk_t cd, chunk_t *cp, + chunk_t *cq, chunk_t *cu) +{ + gcry_mpi_t n, e, d, p, q, u, k, r, g, y, n1, x, two; + int i, t, j; + gcry_error_t err; + bool success = FALSE; + + n = e = d = p = q = u = k = r = g = y = n1 = x = two = NULL; + err = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, cn.ptr, cn.len, NULL) + | gcry_mpi_scan(&e, GCRYMPI_FMT_USG, ce.ptr, ce.len, NULL) + | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL); + if (err) + { + goto error; + } + /* k = (d * e) - 1 */ + k = gcry_mpi_new(gcry_mpi_get_nbits(n)); + gcry_mpi_mul(k, d, e); + gcry_mpi_sub_ui(k, k, 1); + if (gcry_mpi_test_bit(k, 0)) + { + goto error; + } + /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ + r = gcry_mpi_copy(k); + for (t = 0; !gcry_mpi_test_bit(r, 0); t++) + { /* r = r/2 */ + gcry_mpi_rshift(r, r, 1); + } + /* we need n-1 below */ + n1 = gcry_mpi_new(gcry_mpi_get_nbits(n)); + gcry_mpi_sub_ui(n1, n, 1); + y = gcry_mpi_new(gcry_mpi_get_nbits(n)); + g = gcry_mpi_new(gcry_mpi_get_nbits(n)); + x = gcry_mpi_new(gcry_mpi_get_nbits(n)); + two = gcry_mpi_set_ui(NULL, 2); + for (i = 0; i < 100; i++) + { /* generate random integer g in [0, n-1] */ + do + { + gcry_mpi_randomize(g, gcry_mpi_get_nbits(n), GCRY_WEAK_RANDOM); + } + while (gcry_mpi_cmp(n, g) <= 0); + /* y = g^r mod n */ + gcry_mpi_powm(y, g, r, n); + /* try again if y == 1 or y == n-1 */ + if (gcry_mpi_cmp_ui(y, 1) == 0 || gcry_mpi_cmp(y, n1) == 0) + { + continue; + } + for (j = 0; j < t; j++) + { /* x = y^2 mod n */ + gcry_mpi_powm(x, y, two, n); + /* stop if x == 1 */ + if (gcry_mpi_cmp_ui(x, 1) == 0) + { + goto done; + } + /* retry with new g if x = n-1 */ + if (gcry_mpi_cmp(x, n1) == 0) + { + break; + } + /* y = x */ + gcry_mpi_set(y, x); + } + } + goto error; + +done: + /* p = gcd(y-1, n) */ + gcry_mpi_sub_ui(y, y, 1); + p = gcry_mpi_new(gcry_mpi_get_nbits(n)); + gcry_mpi_gcd(p, y, n); + /* q = n/p */ + q = gcry_mpi_new(gcry_mpi_get_nbits(n)); + gcry_mpi_div(q, NULL, n, p, 0); + if (gcry_mpi_cmp(p, q) > 0) + { /* gcrypt expects q < p */ + gcry_mpi_swap(p, q); + } + /* u = q^-1 mod p */ + u = gcry_mpi_new(gcry_mpi_get_nbits(n)); + gcry_mpi_invm(u, p, q); + err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cp->ptr, &cp->len, p) + | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cq->ptr, &cq->len, q) + | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cu->ptr, &cu->len, u); + if (err) + { + goto error; + } + success = TRUE; + +error: + gcry_mpi_release(n); + gcry_mpi_release(e); + gcry_mpi_release(d); + gcry_mpi_release(p); + gcry_mpi_release(q); + gcry_mpi_release(u); + gcry_mpi_release(k); + gcry_mpi_release(r); + gcry_mpi_release(g); + gcry_mpi_release(y); + gcry_mpi_release(n1); + gcry_mpi_release(x); + gcry_mpi_release(two); + return success; +} + +/** * See header. */ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, va_list args) { private_gcrypt_rsa_private_key_t *this; - chunk_t n, e, d, p, q, u; + chunk_t n, e, d, p, q, u, np, nq, nu; gcry_error_t err; - n = e = d = p = q = u = chunk_empty; + n = e = d = p = q = u = np = nq = nu = chunk_empty; while (TRUE) { switch (va_arg(args, builder_part_t)) @@ -543,12 +713,25 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, } break; } - + if (!p.len || !q.len || !u.len) + { + if (!calculate_pqu(n, e, d, &np, &nq, &nu)) + { + return NULL; + } + p = np; + q = nq; + u = nu; + } this = create_empty(); err = gcry_sexp_build(&this->key, NULL, "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", n.len, n.ptr, e.len, e.ptr, d.len, d.ptr, p.len, p.ptr, q.len, q.ptr, u.len, u.ptr); + + chunk_clear(&np); + chunk_clear(&nq); + chunk_clear(&nu); if (err) { DBG1(DBG_LIB, "loading private key failed: %s", gpg_strerror(err)); diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 90829e052..9e2ac1287 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -22,6 +23,7 @@ #include <asn1/asn1.h> #include <asn1/asn1_parser.h> #include <crypto/hashers/hasher.h> +#include <credentials/keys/signature_params.h> typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; @@ -109,27 +111,48 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, } /** - * Verification of an EMSA PKCS1 signature described in PKCS#1 + * Verification of an EMSA PKCS1v1.5 / EMSA-PSS signature described in PKCS#1 */ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, - hash_algorithm_t algorithm, char *hash_name, + hash_algorithm_t algorithm, rsa_pss_params_t *pss, chunk_t data, chunk_t signature) { hasher_t *hasher; chunk_t hash; gcry_error_t err; gcry_sexp_t in, sig; + char *hash_name = enum_to_name(hash_algorithm_short_names, algorithm); hasher = lib->crypto->create_hasher(lib->crypto, algorithm); - if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) + if (!hasher) { - DESTROY_IF(hasher); + DBG1(DBG_LIB, "hash algorithm %N not supported", + hash_algorithm_names, algorithm); + return FALSE; + } + if (!hasher->allocate_hash(hasher, data, &hash)) + { + hasher->destroy(hasher); return FALSE; } hasher->destroy(hasher); - err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", - hash_name, hash.len, hash.ptr); + if (pss) + { + u_int slen = hasher_hash_size(algorithm); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + err = gcry_sexp_build(&in, NULL, + "(data(flags pss)(salt-length %u)(hash %s %b))", + slen, hash_name, hash.len, hash.ptr); + } + else + { + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", + hash_name, hash.len, hash.ptr); + } chunk_free(&hash); if (err) { @@ -159,6 +182,26 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, return TRUE; } +#if GCRYPT_VERSION_NUMBER >= 0x010700 +/** + * Verification of an EMSA-PSS signature described in PKCS#1 + */ +static bool verify_pss(private_gcrypt_rsa_public_key_t *this, + rsa_pss_params_t *params, chunk_t data, chunk_t sig) +{ + if (!params) + { + return FALSE; + } + if (params->mgf1_hash != params->hash) + { + DBG1(DBG_LIB, "unable to use a different MGF1 hash for RSA-PSS"); + return FALSE; + } + return verify_pkcs1(this, params->hash, params, data, sig); +} +#endif + METHOD(public_key_t, get_type, key_type_t, private_gcrypt_rsa_public_key_t *this) { @@ -167,24 +210,28 @@ METHOD(public_key_t, get_type, key_type_t, METHOD(public_key_t, verify, bool, private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) + void *params, chunk_t data, chunk_t signature) { switch (scheme) { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_raw(this, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_224: - return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature); + return verify_pkcs1(this, HASH_SHA224, NULL, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_256: - return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature); + return verify_pkcs1(this, HASH_SHA256, NULL, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_384: - return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature); + return verify_pkcs1(this, HASH_SHA384, NULL, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: - return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature); + return verify_pkcs1(this, HASH_SHA512, NULL, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); + return verify_pkcs1(this, HASH_SHA1, NULL, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: - return verify_pkcs1(this, HASH_MD5, "md5", data, signature); + return verify_pkcs1(this, HASH_MD5, NULL, data, signature); +#if GCRYPT_VERSION_NUMBER >= 0x010700 + case SIGN_RSA_EMSA_PSS: + return verify_pss(this, params, data, signature); +#endif default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index c75975301..700e29bf6 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -79,6 +79,14 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PUBKEY, gmp_rsa_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_RSA), /* signature schemes, private */ + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), + PLUGIN_SDEPEND(HASHER, HASH_SHA1), + PLUGIN_SDEPEND(HASHER, HASH_SHA256), + PLUGIN_SDEPEND(HASHER, HASH_SHA512), + PLUGIN_SDEPEND(RNG, RNG_STRONG), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), @@ -101,6 +109,13 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), PLUGIN_DEPENDS(HASHER, HASH_MD5), /* signature verification schemes */ + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), + PLUGIN_SDEPEND(HASHER, HASH_SHA1), + PLUGIN_SDEPEND(HASHER, HASH_SHA256), + PLUGIN_SDEPEND(HASHER, HASH_SHA512), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256), + PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA512), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), PLUGIN_DEPENDS(HASHER, HASH_SHA224), diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 21b420866..aca232c86 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2005 Jan Hutter * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2012 Andreas Steffen @@ -27,6 +28,7 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> +#include <credentials/keys/signature_params.h> #ifdef HAVE_MPZ_POWM_SEC # undef mpz_powm @@ -333,6 +335,120 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, return TRUE; } +/** + * Build a signature using the PKCS#1 EMSA PSS scheme + */ +static bool build_emsa_pss_signature(private_gmp_rsa_private_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t *signature) +{ + ext_out_function_t xof; + hasher_t *hasher = NULL; + rng_t *rng = NULL; + xof_t *mgf = NULL; + chunk_t hash, salt = chunk_empty, m, ps, db, dbmask, em; + size_t embits, emlen, maskbits; + bool success = FALSE; + + if (!params) + { + return FALSE; + } + xof = xof_mgf1_from_hash_algorithm(params->mgf1_hash); + if (xof == XOF_UNDEFINED) + { + DBG1(DBG_LIB, "%N is not supported for MGF1", hash_algorithm_names, + params->mgf1_hash); + return FALSE; + } + /* emBits = modBits - 1 */ + embits = mpz_sizeinbase(this->n, 2) - 1; + /* emLen = ceil(emBits/8) */ + emlen = (embits + 7) / BITS_PER_BYTE; + /* mHash = Hash(M) */ + hasher = lib->crypto->create_hasher(lib->crypto, params->hash); + if (!hasher) + { + DBG1(DBG_LIB, "hash algorithm %N not supported", + hash_algorithm_names, params->hash); + return FALSE; + } + hash = chunk_alloca(hasher->get_hash_size(hasher)); + if (!hasher->get_hash(hasher, data, hash.ptr)) + { + goto error; + } + + salt.len = hash.len; + if (params->salt.len) + { + salt = params->salt; + } + else if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + salt.len = params->salt_len; + } + if (emlen < (hash.len + salt.len + 2)) + { /* too long */ + goto error; + } + if (salt.len && !params->salt.len) + { + salt = chunk_alloca(salt.len); + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng || !rng->get_bytes(rng, salt.len, salt.ptr)) + { + goto error; + } + } + /* M' = 0x0000000000000000 | mHash | salt */ + m = chunk_cata("ccc", + chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), + hash, salt); + /* H = Hash(M') */ + if (!hasher->get_hash(hasher, m, hash.ptr)) + { + goto error; + } + /* PS = 00...<padding depending on hash and salt length> */ + ps = chunk_alloca(emlen - salt.len - hash.len - 2); + memset(ps.ptr, 0, ps.len); + /* DB = PS | 0x01 | salt */ + db = chunk_cata("ccc", ps, chunk_from_chars(0x01), salt); + /* dbMask = MGF(H, emLen - hLen - 1) */ + mgf = lib->crypto->create_xof(lib->crypto, xof); + dbmask = chunk_alloca(db.len); + if (!mgf) + { + DBG1(DBG_LIB, "%N not supported", ext_out_function_names, xof); + goto error; + } + if (!mgf->set_seed(mgf, hash) || + !mgf->get_bytes(mgf, dbmask.len, dbmask.ptr)) + { + goto error; + } + /* maskedDB = DB xor dbMask */ + memxor(db.ptr, dbmask.ptr, db.len); + /* zero out unused bits */ + maskbits = (8 * emlen) - embits; + if (maskbits) + { + db.ptr[0] &= (0xff >> maskbits); + } + /* EM = maskedDB | H | 0xbc */ + em = chunk_cata("ccc", db, hash, chunk_from_chars(0xbc)); + /* S = RSASP1(K, EM) */ + *signature = rsasp1(this, em); + success = TRUE; + +error: + DESTROY_IF(hasher); + DESTROY_IF(rng); + DESTROY_IF(mgf); + return success; +} + METHOD(private_key_t, get_type, key_type_t, private_gmp_rsa_private_key_t *this) { @@ -341,7 +457,7 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, sign, bool, private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) + void *params, chunk_t data, chunk_t *signature) { switch (scheme) { @@ -367,6 +483,8 @@ METHOD(private_key_t, sign, bool, return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature); + case SIGN_RSA_EMSA_PSS: + return build_emsa_pss_signature(this, params, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); @@ -807,6 +925,82 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) } /** + * Recover the primes from n, e and d using the algorithm described in + * Appendix C of NIST SP 800-56B. + */ +static bool calculate_pq(private_gmp_rsa_private_key_t *this) +{ + gmp_randstate_t rstate; + mpz_t k, r, g, y, n1, x; + int i, t, j; + bool success = FALSE; + + gmp_randinit_default(rstate); + mpz_inits(k, r, g, y, n1, x, NULL); + /* k = (d * e) - 1 */ + mpz_mul(k, *this->d, this->e); + mpz_sub_ui(k, k, 1); + if (mpz_odd_p(k)) + { + goto error; + } + /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ + mpz_set(r, k); + for (t = 0; !mpz_odd_p(r); t++) + { /* r = r/2 */ + mpz_divexact_ui(r, r, 2); + } + /* we need n-1 below */ + mpz_sub_ui(n1, this->n, 1); + for (i = 0; i < 100; i++) + { /* generate random integer g in [0, n-1] */ + mpz_urandomm(g, rstate, this->n); + /* y = g^r mod n */ + mpz_powm_sec(y, g, r, this->n); + /* try again if y == 1 or y == n-1 */ + if (mpz_cmp_ui(y, 1) == 0 || mpz_cmp(y, n1) == 0) + { + continue; + } + for (j = 0; j < t; j++) + { /* x = y^2 mod n */ + mpz_powm_ui(x, y, 2, this->n); + /* stop if x == 1 */ + if (mpz_cmp_ui(x, 1) == 0) + { + goto done; + } + /* retry with new g if x = n-1 */ + if (mpz_cmp(x, n1) == 0) + { + break; + } + /* y = x */ + mpz_set(y, x); + } + } + goto error; + +done: + /* p = gcd(y-1, n) */ + mpz_sub_ui(y, y, 1); + mpz_gcd(this->p, y, this->n); + /* q = n/p */ + mpz_divexact(this->q, this->n, this->p); + success = TRUE; + +error: + mpz_clear_sensitive(k); + mpz_clear_sensitive(r); + mpz_clear_sensitive(g); + mpz_clear_sensitive(y); + mpz_clear_sensitive(x); + mpz_clear(n1); + gmp_randclear(rstate); + return success; +} + +/** * See header. */ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) @@ -868,9 +1062,30 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); mpz_import(*this->d, d.len, 1, 1, 1, 0, d.ptr); - mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); - mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr); - mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr); + if (p.len) + { + mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); + } + if (q.len) + { + mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr); + } + if (!p.len && !q.len) + { /* p and q missing in key, recalculate from n, e and d */ + if (!calculate_pq(this)) + { + destroy(this); + return NULL; + } + } + else if (!p.len) + { /* p missing in key, recalculate: p = n / q */ + mpz_divexact(this->p, this->n, this->q); + } + else if (!q.len) + { /* q missing in key, recalculate: q = n / p */ + mpz_divexact(this->q, this->n, this->p); + } if (!exp1.len) { /* exp1 missing in key, recalculate: exp1 = d mod (p-1) */ mpz_sub_ui(this->exp1, this->p, 1); @@ -889,6 +1104,14 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) { mpz_import(this->exp2, exp2.len, 1, 1, 1, 0, exp2.ptr); } + if (!coeff.len) + { /* coeff missing in key, recalculate: coeff = q^-1 mod p */ + mpz_invert(this->coeff, this->q, this->p); + } + else + { + mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr); + } this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; if (check(this) != SUCCESS) { @@ -897,4 +1120,3 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) } return &this->public; } - diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 065c88903..52bc9fb38 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -27,6 +28,7 @@ #include <asn1/asn1.h> #include <asn1/asn1_parser.h> #include <crypto/hashers/hasher.h> +#include <credentials/keys/signature_params.h> #ifdef HAVE_MPZ_POWM_SEC # undef mpz_powm @@ -126,7 +128,7 @@ static const asn1Object_t digestInfoObjects[] = { #define DIGEST_INFO_DIGEST 2 /** - * Verification of an EMPSA PKCS1 signature described in PKCS#1 + * Verification of an EMSA PKCS1 signature described in PKCS#1 */ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hash_algorithm_t algorithm, @@ -283,6 +285,124 @@ end: return success; } +/** + * Verification of an EMSA PSS signature described in PKCS#1 + */ +static bool verify_emsa_pss_signature(private_gmp_rsa_public_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t signature) +{ + ext_out_function_t xof; + hasher_t *hasher = NULL; + xof_t *mgf = NULL; + chunk_t em, hash, salt, db, h, dbmask, m; + size_t embits, maskbits; + int i; + bool success = FALSE; + + if (!params) + { + return FALSE; + } + xof = xof_mgf1_from_hash_algorithm(params->mgf1_hash); + if (xof == XOF_UNDEFINED) + { + DBG1(DBG_LIB, "%N is not supported for MGF1", hash_algorithm_names, + params->mgf1_hash); + return FALSE; + } + chunk_skip_zero(signature); + if (signature.len == 0 || signature.len > this->k) + { + return FALSE; + } + /* EM = RSAVP1((n, e), S) */ + em = rsavp1(this, signature); + if (!em.len) + { + goto error; + } + /* emBits = modBits - 1 */ + embits = mpz_sizeinbase(this->n, 2) - 1; + /* mHash = Hash(M) */ + hasher = lib->crypto->create_hasher(lib->crypto, params->hash); + if (!hasher) + { + DBG1(DBG_LIB, "hash algorithm %N not supported", + hash_algorithm_names, params->hash); + goto error; + } + hash = chunk_alloca(hasher->get_hash_size(hasher)); + if (!hasher->get_hash(hasher, data, hash.ptr)) + { + goto error; + } + /* determine salt length */ + salt.len = hash.len; + if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + salt.len = params->salt_len; + } + /* verify general structure of EM */ + maskbits = (8 * em.len) - embits; + if (em.len < (hash.len + salt.len + 2) || em.ptr[em.len-1] != 0xbc || + (em.ptr[0] & (0xff << (8-maskbits)))) + { /* inconsistent */ + goto error; + } + /* split EM in maskedDB and H */ + db = chunk_create(em.ptr, em.len - hash.len - 1); + h = chunk_create(em.ptr + db.len, hash.len); + /* dbMask = MGF(H, emLen - hLen - 1) */ + mgf = lib->crypto->create_xof(lib->crypto, xof); + if (!mgf) + { + DBG1(DBG_LIB, "%N not supported", ext_out_function_names, xof); + goto error; + } + dbmask = chunk_alloca(db.len); + if (!mgf->set_seed(mgf, h) || + !mgf->get_bytes(mgf, dbmask.len, dbmask.ptr)) + { + DBG1(DBG_LIB, "%N not supported or failed", ext_out_function_names, xof); + goto error; + } + /* DB = maskedDB xor dbMask */ + memxor(db.ptr, dbmask.ptr, db.len); + if (maskbits) + { + db.ptr[0] &= (0xff >> maskbits); + } + /* check DB = PS | 0x01 | salt */ + for (i = 0; i < (db.len - salt.len - 1); i++) + { + if (db.ptr[i]) + { /* padding not 0 */ + goto error; + } + } + if (db.ptr[i++] != 0x01) + { /* 0x01 not found */ + goto error; + } + salt.ptr = &db.ptr[i]; + /* M' = 0x0000000000000000 | mHash | salt */ + m = chunk_cata("ccc", + chunk_from_chars(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), + hash, salt); + if (!hasher->get_hash(hasher, m, hash.ptr)) + { + goto error; + } + success = memeq_const(h.ptr, hash.ptr, hash.len); + +error: + DESTROY_IF(hasher); + DESTROY_IF(mgf); + free(em.ptr); + return success; +} + METHOD(public_key_t, get_type, key_type_t, private_gmp_rsa_public_key_t *this) { @@ -290,7 +410,7 @@ METHOD(public_key_t, get_type, key_type_t, } METHOD(public_key_t, verify, bool, - private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, + private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t signature) { switch (scheme) @@ -317,6 +437,8 @@ METHOD(public_key_t, verify, bool, return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature); + case SIGN_RSA_EMSA_PSS: + return verify_emsa_pss_signature(this, params, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c index 8df3ac261..a78d2f254 100644 --- a/src/libstrongswan/plugins/mgf1/mgf1_plugin.c +++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c @@ -44,8 +44,12 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(XOF, mgf1_xof_create), PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1), PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA224), + PLUGIN_DEPENDS(HASHER, HASH_SHA224), PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), }; diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.c b/src/libstrongswan/plugins/mgf1/mgf1_xof.c index 0f5fda952..8f5a18f87 100644 --- a/src/libstrongswan/plugins/mgf1/mgf1_xof.c +++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.c @@ -244,9 +244,15 @@ mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm) case XOF_MGF1_SHA1: hash_alg = HASH_SHA1; break; + case XOF_MGF1_SHA224: + hash_alg = HASH_SHA224; + break; case XOF_MGF1_SHA256: hash_alg = HASH_SHA256; break; + case XOF_MGF1_SHA384: + hash_alg = HASH_SHA384; + break; case XOF_MGF1_SHA512: hash_alg = HASH_SHA512; break; @@ -261,7 +267,7 @@ mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm) hash_algorithm_names, hash_alg); return NULL; } - + INIT(this, .public = { .mgf1_interface = { diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 503f7bf27..88f7a67c2 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -57,7 +57,6 @@ static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING #define X509_REVOKED_get0_serialNumber(r) ({ (r)->serialNumber; }) #define X509_REVOKED_get0_revocationDate(r) ({ (r)->revocationDate; }) #define X509_CRL_get0_extensions(c) ({ (c)->crl->extensions; }) -#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) #endif typedef struct private_openssl_crl_t private_openssl_crl_t; @@ -120,7 +119,7 @@ struct private_openssl_crl_t { /** * Signature scheme used in this CRL */ - signature_scheme_t scheme; + signature_params_t *scheme; /** * References to this CRL @@ -284,7 +283,7 @@ METHOD(certificate_t, has_subject_or_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_openssl_crl_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { chunk_t fingerprint, tbs; public_key_t *key; @@ -321,10 +320,6 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } } - if (this->scheme == SIGN_UNKNOWN) - { - return FALSE; - } /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); @@ -332,12 +327,13 @@ METHOD(certificate_t, issued_by, bool, tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); #endif X509_CRL_get0_signature(this->crl, &sig, NULL); - valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs, + openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); if (valid && scheme) { - *scheme = this->scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -417,6 +413,7 @@ METHOD(certificate_t, destroy, void, { X509_CRL_free(this->crl); } + signature_params_destroy(this->scheme); this->crl_uris->destroy_function(this->crl_uris, (void*)x509_cdp_destroy); DESTROY_IF(this->issuer); @@ -566,7 +563,7 @@ static bool parse_extensions(private_openssl_crl_t *this) static bool parse_crl(private_openssl_crl_t *this) { const unsigned char *ptr = this->encoding.ptr; - ASN1_OBJECT *oid; + chunk_t sig_scheme; X509_ALGOR *alg; this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len); @@ -576,27 +573,15 @@ static bool parse_crl(private_openssl_crl_t *this) } X509_CRL_get0_signature(this->crl, NULL, &alg); - X509_ALGOR_get0(&oid, NULL, NULL, alg); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!chunk_equals( - openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm), - openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm))) + sig_scheme = openssl_i2chunk(X509_ALGOR, alg); + INIT(this->scheme); + if (!signature_params_parse(sig_scheme, 0, this->scheme)) { + DBG1(DBG_ASN, "unable to parse signature algorithm"); + free(sig_scheme.ptr); return FALSE; } -#elif 0 - /* FIXME: we currently can't do this if X509_CRL is opaque (>= 1.1.0) as - * X509_CRL_get0_tbs_sigalg() does not exist and there does not seem to be - * another easy way to get the algorithm from the tbsCertList of the CRL */ - alg = X509_CRL_get0_tbs_sigalg(this->crl); - X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); - if (!chunk_equals(openssl_asn1_obj2chunk(oid), - openssl_asn1_obj2chunk(oid_tbs))) - { - return FALSE; - } -#endif - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); + free(sig_scheme.ptr); this->issuer = openssl_x509_name2id(X509_CRL_get_issuer(this->crl)); if (!this->issuer) diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index d187c06ed..364190758 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -151,7 +151,7 @@ static bool build_der_signature(private_openssl_ec_private_key_t *this, METHOD(private_key_t, sign, bool, private_openssl_ec_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) + void *params, chunk_t data, chunk_t *signature) { switch (scheme) { diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index a1e56fc5e..faa940839 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -151,7 +151,7 @@ METHOD(public_key_t, get_type, key_type_t, METHOD(public_key_t, verify, bool, private_openssl_ec_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) + void *params, chunk_t data, chunk_t signature) { switch (scheme) { diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 96ee230c9..eb6c50508 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -91,16 +91,24 @@ METHOD(hasher_t, destroy, void, /* * Described in header */ -openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) +const EVP_MD *openssl_get_md(hash_algorithm_t hash) { - private_openssl_hasher_t *this; - char* name; + char *name; - name = enum_to_name(hash_algorithm_short_names, algo); + name = enum_to_name(hash_algorithm_short_names, hash); if (!name) { return NULL; } + return EVP_get_digestbyname(name); +} + +/* + * Described in header + */ +openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) +{ + private_openssl_hasher_t *this; INIT(this, .public = { @@ -114,7 +122,7 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo) }, ); - this->hasher = EVP_get_digestbyname(name); + this->hasher = openssl_get_md(algo); if (!this->hasher) { /* OpenSSL does not support the requested algo */ diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h index b03f6891b..66b9b505e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.h +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +25,8 @@ typedef struct openssl_hasher_t openssl_hasher_t; #include <crypto/hashers/hasher.h> +#include <openssl/evp.h> + /** * Implementation of hashers using OpenSSL. */ @@ -37,6 +39,14 @@ struct openssl_hasher_t { }; /** + * Determine EVP_MD for the given hash algorithm + * + * @param hash hash algorithm + * @return EVP_MD or NULL if not found/supported + */ +const EVP_MD *openssl_get_md(hash_algorithm_t hash); + +/** * Constructor to create openssl_hasher_t. * * @param algo algorithm diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 83ac8df5b..f94767cf5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -256,7 +256,7 @@ static auth_cfg_t *verify_signature(CMS_SignerInfo *si, int hash_oid) key = cert->get_public_key(cert); if (key) { - if (key->verify(key, signature_scheme_from_oid(hash_oid), + if (key->verify(key, signature_scheme_from_oid(hash_oid), NULL, attrs, sig)) { found = auth->clone(auth); diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 2f05b2b3d..8b0a7c5c7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -624,6 +624,10 @@ METHOD(plugin_t, get_features, int, /* signature/encryption schemes */ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), +#endif #ifndef OPENSSL_NO_SHA1 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index fd624e6a3..401a51a0b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2016 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -20,9 +20,11 @@ #include "openssl_rsa_private_key.h" #include "openssl_rsa_public_key.h" +#include "openssl_hasher.h" #include "openssl_util.h" #include <utils/debug.h> +#include <credentials/keys/signature_params.h> #include <openssl/bn.h> #include <openssl/evp.h> @@ -37,6 +39,7 @@ OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) OPENSSL_KEY_FALLBACK(RSA, factors, p, q) OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +#define BN_secure_new() BN_new() #endif typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; @@ -69,8 +72,126 @@ struct private_openssl_rsa_private_key_t { /* implemented in rsa public key */ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp); +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + +/** + * Build RSA signature + */ +static bool build_signature(private_openssl_rsa_private_key_t *this, + const EVP_MD *md, rsa_pss_params_t *pss, + chunk_t data, chunk_t *sig) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY *key; + bool success = FALSE; + + mctx = EVP_MD_CTX_create(); + key = EVP_PKEY_new(); + if (!mctx || !key) + { + goto error; + } + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, key) <= 0) + { + goto error; + } + if (pss) + { + const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash); + int slen = EVP_MD_size(md); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || + EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, slen) <= 0 || + EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0) + { + goto error; + } + } + if (EVP_DigestSignUpdate(mctx, data.ptr, data.len) <= 0) + { + goto error; + } + success = (EVP_DigestSignFinal(mctx, sig->ptr, &sig->len) == 1); + +error: + if (key) + { + EVP_PKEY_free(key); + } + if (mctx) + { + EVP_MD_CTX_destroy(mctx); + } + return success; +} + +/** + * Build an EMSA PKCS1 signature described in PKCS#1 + */ +static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, + int type, chunk_t data, chunk_t *sig) +{ + const EVP_MD *md; + + *sig = chunk_alloc(RSA_size(this->rsa)); + + if (type == NID_undef) + { + if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa, + RSA_PKCS1_PADDING) == sig->len) + { + return TRUE; + } + } + else + { + md = EVP_get_digestbynid(type); + if (md && build_signature(this, md, NULL, data, sig)) + { + return TRUE; + } + } + chunk_free(sig); + return FALSE; +} + +/** + * Build an EMSA PSS signature described in PKCS#1 + */ +static bool build_emsa_pss_signature(private_openssl_rsa_private_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t *sig) +{ + const EVP_MD *md; + + if (!params) + { + return FALSE; + } + + *sig = chunk_alloc(RSA_size(this->rsa)); + + md = openssl_get_md(params->hash); + if (md && build_signature(this, md, params, data, sig)) + { + return TRUE; + } + chunk_free(sig); + return FALSE; +} + +#else /* OPENSSL_VERSION_NUMBER < 1.0 */ + /** - * Build an EMPSA PKCS1 signature described in PKCS#1 + * Build an EMSA PKCS1 signature described in PKCS#1 */ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, int type, chunk_t data, chunk_t *sig) @@ -89,15 +210,15 @@ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, } else { - EVP_MD_CTX *ctx; - EVP_PKEY *key; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *key = NULL; const EVP_MD *hasher; u_int len; hasher = EVP_get_digestbynid(type); if (!hasher) { - return FALSE; + goto error; } ctx = EVP_MD_CTX_create(); @@ -139,7 +260,7 @@ error: } return success; } - +#endif /* OPENSSL_VERSION_NUMBER < 1.0 */ METHOD(private_key_t, get_type, key_type_t, private_openssl_rsa_private_key_t *this) @@ -149,7 +270,7 @@ METHOD(private_key_t, get_type, key_type_t, METHOD(private_key_t, sign, bool, private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) + void *params, chunk_t data, chunk_t *signature) { switch (scheme) { @@ -167,6 +288,10 @@ METHOD(private_key_t, sign, bool, return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + case SIGN_RSA_EMSA_PSS: + return build_emsa_pss_signature(this, params, data, signature); +#endif default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); @@ -400,6 +525,195 @@ private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key, bool engine) return &this->public.key; } +/** + * Recover the primes from n, e and d using the algorithm described in + * Appendix C of NIST SP 800-56B. + */ +static bool calculate_pq(BIGNUM *n, BIGNUM *e, BIGNUM *d, + BIGNUM **p, BIGNUM **q) +{ + BN_CTX *ctx; + BIGNUM *k, *r, *g, *y, *n1, *x; + int i, t, j; + bool success = FALSE; + + ctx = BN_CTX_new(); + if (!ctx) + { + return FALSE; + } + BN_CTX_start(ctx); + k = BN_CTX_get(ctx); + r = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + n1 = BN_CTX_get(ctx); + x = BN_CTX_get(ctx); + if (!x) + { + goto error; + } + /* k = (d * e) - 1 */ + if (!BN_mul(k, d, e, ctx) || !BN_sub(k, k, BN_value_one())) + { + goto error; + } + /* k must be even */ + if (BN_is_odd(k)) + { + goto error; + } + /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ + if (!BN_copy(r, k)) + { + goto error; + } + for (t = 0; !BN_is_odd(r); t++) + { /* r = r/2 */ + if (!BN_rshift(r, r, 1)) + { + goto error; + } + } + /* we need n-1 below */ + if (!BN_sub(n1, n, BN_value_one())) + { + goto error; + } + for (i = 0; i < 100; i++) + { /* generate random integer g in [0, n-1] */ + if (!BN_pseudo_rand_range(g, n)) + { + goto error; + } + /* y = g^r mod n */ + if (!BN_mod_exp(y, g, r, n, ctx)) + { + goto error; + } + /* try again if y == 1 or y == n-1 */ + if (BN_is_one(y) || BN_cmp(y, n1) == 0) + { + continue; + } + for (j = 0; j < t; j++) + { /* x = y^2 mod n */ + if (!BN_mod_sqr(x, y, n, ctx)) + { + goto error; + } + /* stop if x == 1 */ + if (BN_is_one(x)) + { + goto done; + } + /* retry with new g if x = n-1 */ + if (BN_cmp(x, n1) == 0) + { + break; + } + /* y = x */ + if (!BN_copy(y, x)) + { + goto error; + } + } + } + goto error; + +done: + /* p = gcd(y-1, n) */ + if (!BN_sub(y, y, BN_value_one())) + { + goto error; + } + *p = BN_secure_new(); + if (!BN_gcd(*p, y, n, ctx)) + { + BN_clear_free(*p); + goto error; + } + /* q = n/p */ + *q = BN_secure_new(); + if (!BN_div(*q, NULL, n, *p, ctx)) + { + BN_clear_free(*p); + BN_clear_free(*q); + goto error; + } + success = TRUE; + +error: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return success; +} + +/** + * Calculates dp = d (mod p-1) or dq = d (mod q-1) for the Chinese remainder + * algorithm. + */ +static BIGNUM *dmodpq1(BIGNUM *d, BIGNUM *pq) +{ + BN_CTX *ctx; + BIGNUM *res = NULL, *pq1; + + ctx = BN_CTX_new(); + if (!ctx) + { + return NULL; + } + BN_CTX_start(ctx); + pq1 = BN_CTX_get(ctx); + /* p|q - 1 */ + if (!BN_sub(pq1, pq, BN_value_one())) + { + goto error; + } + /* d (mod p|q -1) */ + res = BN_secure_new(); + if (!BN_mod(res, d, pq1, ctx)) + { + BN_clear_free(res); + res = NULL; + goto error; + } + +error: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return res; +} + +/** + * Calculates qinv = q^-1 (mod p) for the Chinese remainder algorithm. + */ +static BIGNUM *qinv(BIGNUM *q, BIGNUM *p) +{ + BN_CTX *ctx; + BIGNUM *res = NULL; + + ctx = BN_CTX_new(); + if (!ctx) + { + return NULL; + } + BN_CTX_start(ctx); + /* q^-1 (mod p) */ + res = BN_secure_new(); + if (!BN_mod_inverse(res, q, p, ctx)) + { + BN_clear_free(res); + res = NULL; + goto error; + } + +error: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return res; +} + /* * See header */ @@ -458,7 +772,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, return &this->public; } } - else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) + else if (n.ptr && e.ptr && d.ptr) { BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q; BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; @@ -470,32 +784,56 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d)) { - destroy(this); - return NULL; + goto error; } - bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); - bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (p.ptr && q.ptr) + { + bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + } + else + { + if (!calculate_pq(bn_n, bn_e, bn_d, &bn_p, &bn_q)) + { + goto error; + } + } if (!RSA_set0_factors(this->rsa, bn_p, bn_q)) { - destroy(this); - return NULL; + goto error; } if (exp1.ptr) { dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); } + else + { + dmp1 = dmodpq1(bn_d, bn_p); + } if (exp2.ptr) { dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); } - iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + else + { + dmq1 = dmodpq1(bn_d, bn_q); + } + if (coeff.ptr) + { + iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + } + else + { + iqmp = qinv(bn_q, bn_p); + } if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) && RSA_check_key(this->rsa) == 1) { return &this->public; } } +error: destroy(this); return NULL; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index d3a644f72..20bf30ae9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2008-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -19,9 +19,11 @@ #ifndef OPENSSL_NO_RSA #include "openssl_rsa_public_key.h" +#include "openssl_hasher.h" #include "openssl_util.h" #include <utils/debug.h> +#include <credentials/keys/signature_params.h> #include <openssl/bn.h> #include <openssl/evp.h> @@ -54,8 +56,138 @@ struct private_openssl_rsa_public_key_t { refcount_t ref; }; + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + +/** + * Verify RSA signature + */ +static bool verify_signature(private_openssl_rsa_public_key_t *this, + const EVP_MD *md, rsa_pss_params_t *pss, + chunk_t data, chunk_t signature) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY *key; + int rsa_size = RSA_size(this->rsa); + bool valid = FALSE; + + /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */ + if (signature.len > rsa_size) + { + signature = chunk_skip(signature, signature.len - rsa_size); + } + + mctx = EVP_MD_CTX_create(); + key = EVP_PKEY_new(); + if (!mctx || !key) + { + goto error; + } + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, key) <= 0) + { + goto error; + } + if (pss) + { + const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash); + int slen = EVP_MD_size(md); + if (pss->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + slen = pss->salt_len; + } + if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || + EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, slen) <= 0 || + EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0) + { + goto error; + } + } + if (EVP_DigestVerifyUpdate(mctx, data.ptr, data.len) <= 0) + { + goto error; + } + valid = (EVP_DigestVerifyFinal(mctx, signature.ptr, signature.len) == 1); + +error: + if (key) + { + EVP_PKEY_free(key); + } + if (mctx) + { + EVP_MD_CTX_destroy(mctx); + } + return valid; +} + /** - * Verification of an EMPSA PKCS1 signature described in PKCS#1 + * Verification of a signature without hashing + */ +static bool verify_plain_signature(private_openssl_rsa_public_key_t *this, + chunk_t data, chunk_t signature) +{ + char *buf; + int len, rsa_size = RSA_size(this->rsa); + bool valid = FALSE; + + /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */ + if (signature.len > rsa_size) + { + signature = chunk_skip(signature, signature.len - rsa_size); + } + buf = malloc(rsa_size); + len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa, + RSA_PKCS1_PADDING); + if (len != -1) + { + valid = chunk_equals_const(data, chunk_create(buf, len)); + } + free(buf); + return valid; +} + +/** + * Verification of an EMSA PKCS1 signature described in PKCS#1 + */ +static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this, + int type, chunk_t data, chunk_t signature) +{ + const EVP_MD *md; + + if (type == NID_undef) + { + return verify_plain_signature(this, data, signature); + } + md = EVP_get_digestbynid(type); + return md && verify_signature(this, md, NULL, data, signature); +} + +/** + * Verification of an EMSA PSS signature described in PKCS#1 + */ +static bool verify_emsa_pss_signature(private_openssl_rsa_public_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t signature) +{ + const EVP_MD *md; + + if (!params) + { + return FALSE; + } + md = openssl_get_md(params->hash); + return md && verify_signature(this, md, params, data, signature); +} + +#else /* OPENSSL_VERSION_NUMBER < 1.0 */ + +/** + * Verification of an EMSA PKCS1 signature described in PKCS#1 */ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this, int type, chunk_t data, chunk_t signature) @@ -129,6 +261,8 @@ error: return valid; } +#endif /* OPENSSL_VERSION_NUMBER < 1.0 */ + METHOD(public_key_t, get_type, key_type_t, private_openssl_rsa_public_key_t *this) { @@ -137,7 +271,7 @@ METHOD(public_key_t, get_type, key_type_t, METHOD(public_key_t, verify, bool, private_openssl_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) + void *params, chunk_t data, chunk_t signature) { switch (scheme) { @@ -155,6 +289,10 @@ METHOD(public_key_t, verify, bool, return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, NID_md5, data, signature); +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + case SIGN_RSA_EMSA_PSS: + return verify_emsa_pss_signature(this, params, data, signature); +#endif default: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index f6df03f12..3a6d2f193 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -20,6 +20,7 @@ #include "openssl_sha1_prf.h" #include <openssl/sha.h> +#include <crypto/hashers/hasher.h> typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t; diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 0d0b997ac..60c08770b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2011 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2011-2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -154,7 +154,7 @@ struct private_openssl_x509_t { /** * Signature scheme of the certificate */ - signature_scheme_t scheme; + signature_params_t *scheme; /** * subjectAltNames @@ -384,7 +384,7 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_openssl_x509_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { public_key_t *key; bool valid; @@ -396,7 +396,8 @@ METHOD(certificate_t, issued_by, bool, { if (this->flags & X509_SELF_SIGNED) { - return TRUE; + valid = TRUE; + goto out; } } else @@ -414,10 +415,6 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } } - if (this->scheme == SIGN_UNKNOWN) - { - return FALSE; - } key = issuer->get_public_key(issuer); if (!key) { @@ -430,12 +427,15 @@ METHOD(certificate_t, issued_by, bool, tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info); #endif X509_get0_signature(&sig, NULL, this->x509); - valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs, + openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); + +out: if (valid && scheme) { - *scheme = this->scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -528,6 +528,7 @@ METHOD(certificate_t, destroy, void, { X509_free(this->x509); } + signature_params_destroy(this->scheme); DESTROY_IF(this->subject); DESTROY_IF(this->issuer); DESTROY_IF(this->pubkey); @@ -1063,8 +1064,8 @@ static bool parse_certificate(private_openssl_x509_t *this) { const unsigned char *ptr = this->encoding.ptr; hasher_t *hasher; - chunk_t chunk; - ASN1_OBJECT *oid, *oid_tbs; + chunk_t chunk, sig_scheme, sig_scheme_tbs; + ASN1_OBJECT *oid; X509_ALGOR *alg; this->x509 = d2i_X509(NULL, &ptr, this->encoding.len); @@ -1089,6 +1090,10 @@ static bool parse_certificate(private_openssl_x509_t *this) } switch (openssl_asn1_known_oid(oid)) { + case OID_RSASSA_PSS: + /* TODO: we should treat such keys special and use the params as + * restrictions regarding the use of this key (or rather the + * associated private key) */ case OID_RSA_ENCRYPTION: this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, @@ -1119,15 +1124,25 @@ static bool parse_certificate(private_openssl_x509_t *this) /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL * versions, at least on Ubuntu 14.04 it is not actually defined */ X509_get0_signature(NULL, &alg, this->x509); - X509_ALGOR_get0(&oid, NULL, NULL, alg); + sig_scheme = openssl_i2chunk(X509_ALGOR, alg); alg = X509_get0_tbs_sigalg(this->x509); - X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); - if (!chunk_equals(openssl_asn1_obj2chunk(oid), - openssl_asn1_obj2chunk(oid_tbs))) + sig_scheme_tbs = openssl_i2chunk(X509_ALGOR, alg); + if (!chunk_equals(sig_scheme, sig_scheme_tbs)) + { + free(sig_scheme_tbs.ptr); + free(sig_scheme.ptr); + return FALSE; + } + free(sig_scheme_tbs.ptr); + + INIT(this->scheme); + if (!signature_params_parse(sig_scheme, 0, this->scheme)) { + DBG1(DBG_ASN, "unable to parse signature algorithm"); + free(sig_scheme.ptr); return FALSE; } - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); + free(sig_scheme.ptr); if (!parse_extensions(this)) { diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 76b0b7b40..8c6c5dae7 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -15,6 +15,8 @@ #include "pem_encoder.h" +#include <library.h> + #define BYTES_PER_LINE 48 /** diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index fe0be45d9..e8f5c5ddf 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -116,21 +116,17 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) BUILD_END); } -/** - * Implementation of private_key_t.sign for encryption-only keys - */ -static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign_not_allowed, bool, + private_key_t *this, signature_scheme_t scheme, void *params, + chunk_t data, chunk_t *signature) { DBG1(DBG_LIB, "signing failed - decryption only key"); return FALSE; } -/** - * Implementation of private_key_t.decrypt for signature-only keys - */ -static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme, - chunk_t crypto, chunk_t *plain) +METHOD(private_key_t, decrypt_not_allowed, bool, + private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { DBG1(DBG_LIB, "decryption failed - signature only key"); return FALSE; @@ -186,7 +182,7 @@ static private_key_t *parse_private_key(chunk_t blob) BUILD_BLOB_PGP, packet, BUILD_END); if (key) { - key->sign = sign_not_allowed; + key->sign = _sign_not_allowed; } return key; case PGP_PUBKEY_ALG_RSA_SIGN_ONLY: @@ -194,7 +190,7 @@ static private_key_t *parse_private_key(chunk_t blob) BUILD_BLOB_PGP, packet, BUILD_END); if (key) { - key->decrypt = decrypt_not_allowed; + key->decrypt = _decrypt_not_allowed; } return key; case PGP_PUBKEY_ALG_ECDSA: diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 0ffce4cfc..392ef5440 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -114,7 +114,7 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by,bool, - private_pgp_cert_t *this, certificate_t *issuer, signature_scheme_t *scheme) + private_pgp_cert_t *this, certificate_t *issuer, signature_params_t **scheme) { /* TODO: check signature blobs for a valid signature */ return FALSE; diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c index 100f3ef33..eba936b83 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.c +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -15,6 +15,7 @@ #include "pgp_encoder.h" +#include <library.h> #include <utils/debug.h> /** diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index f64294783..967e501d1 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -57,8 +57,13 @@ static public_key_t *parse_public_key(chunk_t blob) int oid = asn1_parse_algorithmIdentifier(object, parser->get_level(parser)+1, NULL); - if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP) + if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP || + oid == OID_RSASSA_PSS) { + /* TODO: we should parse parameters for PSS and pass them + * (and the type), or the complete subjectPublicKeyInfo, + * along so we can treat these as restrictions when + * generating signatures with the associated private key */ type = KEY_RSA; } else if (oid == OID_EC_PUBLICKEY) diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 1d1016911..6158f6d25 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -243,7 +243,7 @@ static bool reauth(private_pkcs11_private_key_t *this, } METHOD(private_key_t, sign, bool, - private_pkcs11_private_key_t *this, signature_scheme_t scheme, + private_pkcs11_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { CK_MECHANISM_PTR mechanism; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index 384777610..36029fa30 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -201,7 +201,7 @@ METHOD(public_key_t, get_keysize, int, } METHOD(public_key_t, verify, bool, - private_pkcs11_public_key_t *this, signature_scheme_t scheme, + private_pkcs11_public_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t sig) { CK_MECHANISM_PTR mechanism; diff --git a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c index 413c3fff5..9b6d3a808 100644 --- a/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c +++ b/src/libstrongswan/plugins/pkcs7/pkcs7_signed_data.c @@ -227,7 +227,8 @@ METHOD(enumerator_t, enumerate, bool, if (key) { chunk = info->attributes->get_encoding(info->attributes); - if (key->verify(key, scheme, chunk, info->encrypted_digest)) + if (key->verify(key, scheme, NULL, chunk, + info->encrypted_digest)) { this->auth = auth->clone(auth); key->destroy(key); @@ -563,7 +564,7 @@ static bool generate(private_pkcs7_signed_data_t *this, private_key_t *key, attributes = pkcs9->get_encoding(pkcs9); - if (!key->sign(key, scheme, attributes, &encryptedDigest)) + if (!key->sign(key, scheme, NULL, attributes, &encryptedDigest)) { free(data.ptr); return FALSE; diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c index beb8866f8..9c1c03dfe 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c @@ -63,6 +63,16 @@ static private_key_t *parse_private_key(chunk_t blob) switch (oid) { + case OID_RSASSA_PSS: + /* TODO: parameters associated with such keys should be + * treated as restrictions later when signing (the type + * itself is already a restriction). However, the + * builders currently don't expect any parameters for + * RSA keys (we also only pass along the params, not the + * exact type, so we'd have to guess that params + * indicate RSA/PSS, but they are optional so that won't + * work for keys without specific restrictions) */ + params = chunk_empty; case OID_RSA_ENCRYPTION: type = KEY_RSA; break; diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index 0631a6857..81dad65b7 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -137,13 +137,16 @@ METHOD(certificate_t, equals, bool, METHOD(certificate_t, issued_by, bool, private_pubkey_cert_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { - if (scheme) + bool valid = equals(this, issuer); + if (valid && scheme) { - *scheme = SIGN_UNKNOWN; + INIT(*scheme, + .scheme = SIGN_UNKNOWN, + ); } - return equals(this, issuer); + return valid; } METHOD(certificate_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index ba459288b..8e2b4c1e3 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler * Copyright (C) 2003 Martin Berner, Lukas Suter * Copyright (C) 2002-2017 Andreas Steffen @@ -116,9 +117,9 @@ struct private_x509_ac_t { bool noRevAvail; /** - * Signature algorithm + * Signature scheme */ - int algorithm; + signature_params_t *scheme; /** * Signature @@ -425,7 +426,7 @@ static bool parse_certificate(private_x509_ac_t *this) int objectID; int type = OID_UNKNOWN; int extn_oid = OID_UNKNOWN; - int sig_alg = OID_UNKNOWN; + signature_params_t sig_alg; bool success = FALSE; bool critical; @@ -476,7 +477,11 @@ static bool parse_certificate(private_x509_ac_t *this) } break; case AC_OBJ_SIG_ALG: - sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL); + if (!signature_params_parse(object, level, &sig_alg)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } break; case AC_OBJ_SERIAL_NUMBER: this->serialNumber = chunk_clone(object); @@ -550,12 +555,15 @@ static bool parse_certificate(private_x509_ac_t *this) break; } case AC_OBJ_ALGORITHM: - this->algorithm = asn1_parse_algorithmIdentifier(object, level, - NULL); - if (this->algorithm != sig_alg) + INIT(this->scheme); + if (!signature_params_parse(object, level, this->scheme)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } + if (!signature_params_equal(this->scheme, &sig_alg)) { DBG1(DBG_ASN, " signature algorithms do not agree"); - success = FALSE; goto end; } break; @@ -570,6 +578,7 @@ static bool parse_certificate(private_x509_ac_t *this) end: parser->destroy(parser); + signature_params_clear(&sig_alg); return success; } @@ -742,13 +751,13 @@ static chunk_t build_extensions(private_x509_ac_t *this) /** * build attributeCertificateInfo */ -static chunk_t build_attr_cert_info(private_x509_ac_t *this) +static chunk_t build_attr_cert_info(private_x509_ac_t *this, chunk_t sig_scheme) { - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm", + return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm", ASN1_INTEGER_1, build_holder(this), build_v2_form(this), - asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), + sig_scheme, asn1_simple_object(ASN1_INTEGER, this->serialNumber), build_attr_cert_validity(this), build_attributes(this), @@ -758,20 +767,39 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) /** * build an X.509 attribute certificate */ -static bool build_ac(private_x509_ac_t *this) +static bool build_ac(private_x509_ac_t *this, hash_algorithm_t digest_alg) { - chunk_t signatureValue, attributeCertificateInfo; + chunk_t signatureValue, attributeCertificateInfo, sig_scheme; + private_key_t *key = this->signerKey; - attributeCertificateInfo = build_attr_cert_info(this); - if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, - attributeCertificateInfo, &signatureValue)) + if (!this->scheme) + { + INIT(this->scheme, + .scheme = signature_scheme_from_oid( + hasher_signature_algorithm_to_oid(digest_alg, + key->get_type(key))), + ); + } + if (this->scheme->scheme == SIGN_UNKNOWN) + { + return FALSE; + } + if (!signature_params_build(this->scheme, &sig_scheme)) + { + return FALSE; + } + + attributeCertificateInfo = build_attr_cert_info(this, sig_scheme); + if (!key->sign(key, this->scheme->scheme, this->scheme->params, + attributeCertificateInfo, &signatureValue)) { free(attributeCertificateInfo.ptr); + free(sig_scheme.ptr); return FALSE; } this->encoding = asn1_wrap(ASN1_SEQUENCE, "mmm", attributeCertificateInfo, - asn1_algorithmIdentifier(OID_SHA1_WITH_RSA), + sig_scheme, asn1_bitstring("m", signatureValue)); return TRUE; } @@ -886,10 +914,10 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by, bool, - private_x509_ac_t *this, certificate_t *issuer, signature_scheme_t *schemep) + private_x509_ac_t *this, certificate_t *issuer, + signature_params_t **scheme) { public_key_t *key; - signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; @@ -926,18 +954,16 @@ METHOD(certificate_t, issued_by, bool, } } - /* determine signature scheme */ - scheme = signature_scheme_from_oid(this->algorithm); - - if (scheme == SIGN_UNKNOWN || key == NULL) + if (!key) { return FALSE; } - valid = key->verify(key, scheme, this->certificateInfo, this->signature); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, + this->certificateInfo, this->signature); key->destroy(key); - if (valid && schemep) + if (valid && scheme) { - *schemep = scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -1020,6 +1046,7 @@ METHOD(certificate_t, destroy, void, DESTROY_IF(this->signerCert); DESTROY_IF(this->signerKey); this->groups->destroy_function(this->groups, (void*)group_destroy); + signature_params_destroy(this->scheme); free(this->serialNumber.ptr); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); @@ -1126,6 +1153,7 @@ static void add_groups_from_list(private_x509_ac_t *this, linked_list_t *list) */ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) { + hash_algorithm_t digest_alg = HASH_SHA1; private_x509_ac_t *ac; ac = create_empty(); @@ -1157,6 +1185,13 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->signerKey = va_arg(args, private_key_t*); ac->signerKey->get_ref(ac->signerKey); continue; + case BUILD_SIGNATURE_SCHEME: + ac->scheme = va_arg(args, signature_params_t*); + ac->scheme = signature_params_clone(ac->scheme); + continue; + case BUILD_DIGEST_ALG: + digest_alg = va_arg(args, int); + continue; case BUILD_END: break; default: @@ -1170,7 +1205,7 @@ x509_ac_t *x509_ac_gen(certificate_type_t type, va_list args) ac->holderCert->get_type(ac->holderCert) == CERT_X509 && ac->signerCert->get_type(ac->signerCert) == CERT_X509) { - if (build_ac(ac)) + if (build_ac(ac, digest_alg)) { return &ac->public; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index dea2c7041..d1f9d9aac 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -4,7 +4,7 @@ * Copyright (C) 2002 Mario Strasser * Copyright (C) 2000-2017 Andreas Steffen * Copyright (C) 2006-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2017 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -197,9 +197,9 @@ struct private_x509_cert_t { x509_flag_t flags; /** - * Signature algorithm + * Signature scheme */ - int algorithm; + signature_params_t *scheme; /** * Signature @@ -1375,7 +1375,7 @@ static bool parse_certificate(private_x509_cert_t *this) chunk_t object; int objectID; int extn_oid = OID_UNKNOWN; - int sig_alg = OID_UNKNOWN; + signature_params_t sig_alg = {}; bool success = FALSE; bool critical = FALSE; @@ -1406,7 +1406,11 @@ static bool parse_certificate(private_x509_cert_t *this) this->serialNumber = object; break; case X509_OBJ_SIG_ALG: - sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL); + if (!signature_params_parse(object, level, &sig_alg)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } break; case X509_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); @@ -1560,8 +1564,13 @@ static bool parse_certificate(private_x509_cert_t *this) break; } case X509_OBJ_ALGORITHM: - this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); - if (this->algorithm != sig_alg) + INIT(this->scheme); + if (!signature_params_parse(object, level, this->scheme)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } + if (!signature_params_equal(this->scheme, &sig_alg)) { DBG1(DBG_ASN, " signature algorithms do not agree"); goto end; @@ -1578,6 +1587,7 @@ static bool parse_certificate(private_x509_cert_t *this) end: parser->destroy(parser); + signature_params_clear(&sig_alg); if (success) { hasher_t *hasher; @@ -1677,10 +1687,9 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **scheme) { public_key_t *key; - signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; @@ -1688,6 +1697,10 @@ METHOD(certificate_t, issued_by, bool, { if (this->flags & X509_SELF_SIGNED) { + if (scheme) + { + *scheme = signature_params_clone(this->scheme); + } return TRUE; } } @@ -1707,23 +1720,18 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } - /* determine signature scheme */ - scheme = signature_scheme_from_oid(this->algorithm); - if (scheme == SIGN_UNKNOWN) - { - return FALSE; - } /* get the public key of the issuer */ key = issuer->get_public_key(issuer); if (!key) { return FALSE; } - valid = key->verify(key, scheme, this->tbsCertificate, this->signature); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, + this->tbsCertificate, this->signature); key->destroy(key); - if (valid && schemep) + if (valid && scheme) { - *schemep = scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -1923,6 +1931,7 @@ METHOD(certificate_t, destroy, void, (void*)cert_policy_destroy); this->policy_mappings->destroy_function(this->policy_mappings, (void*)policy_mapping_destroy); + signature_params_destroy(this->scheme); DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); @@ -2178,10 +2187,9 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty; chunk_t ikeIntermediate = chunk_empty, msSmartcardLogon = chunk_empty; - chunk_t ipAddrBlocks = chunk_empty; + chunk_t ipAddrBlocks = chunk_empty, sig_scheme = chunk_empty; identification_t *issuer, *subject; chunk_t key_info; - signature_scheme_t scheme; hasher_t *hasher; enumerator_t *enumerator; char *uri; @@ -2214,18 +2222,28 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, cert->notAfter = cert->notBefore + 60 * 60 * 24 * 365; } - /* select signature scheme */ - cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, - sign_key->get_type(sign_key)); - if (cert->algorithm == OID_UNKNOWN) + /* select signature scheme, if not already specified */ + if (!cert->scheme) + { + INIT(cert->scheme, + .scheme = signature_scheme_from_oid( + hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key))), + ); + } + if (cert->scheme->scheme == SIGN_UNKNOWN) + { + return FALSE; + } + if (!signature_params_build(cert->scheme, &sig_scheme)) { return FALSE; } - scheme = signature_scheme_from_oid(cert->algorithm); if (!cert->public_key->get_encoding(cert->public_key, PUBKEY_SPKI_ASN1_DER, &key_info)) { + chunk_free(&sig_scheme); return FALSE; } @@ -2550,10 +2568,10 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, ipAddrBlocks)); } - cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", + cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2), asn1_integer("c", cert->serialNumber), - asn1_algorithmIdentifier(cert->algorithm), + sig_scheme, issuer->get_encoding(issuer), asn1_wrap(ASN1_SEQUENCE, "mm", asn1_from_time(&cert->notBefore, ASN1_UTCTIME), @@ -2561,12 +2579,14 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, subject->get_encoding(subject), key_info, extensions); - if (!sign_key->sign(sign_key, scheme, cert->tbsCertificate, &cert->signature)) + if (!sign_key->sign(sign_key, cert->scheme->scheme, cert->scheme->params, + cert->tbsCertificate, &cert->signature)) { + chunk_free(&sig_scheme); return FALSE; } cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", cert->tbsCertificate, - asn1_algorithmIdentifier(cert->algorithm), + sig_scheme, asn1_bitstring("c", cert->signature)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -2630,7 +2650,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) private_x509_cert_t *cert; certificate_t *sign_cert = NULL; private_key_t *sign_key = NULL; - hash_algorithm_t digest_alg = HASH_SHA1; + hash_algorithm_t digest_alg = HASH_SHA256; u_int constraint; cert = create_empty(); @@ -2822,6 +2842,10 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) case BUILD_SERIAL: cert->serialNumber = chunk_clone(va_arg(args, chunk_t)); continue; + case BUILD_SIGNATURE_SCHEME: + cert->scheme = va_arg(args, signature_params_t*); + cert->scheme = signature_params_clone(cert->scheme); + continue; case BUILD_DIGEST_ALG: digest_alg = va_arg(args, int); continue; diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 6d18ea544..699ac5a39 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2014-2017 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2017 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil @@ -121,9 +122,9 @@ struct private_x509_crl_t { chunk_t baseCrlNumber; /** - * Signature algorithm + * Signature scheme */ - int algorithm; + signature_params_t *scheme; /** * Signature @@ -225,7 +226,7 @@ static bool parse(private_x509_crl_t *this) chunk_t extnID = chunk_empty; chunk_t userCertificate = chunk_empty; int objectID; - int sig_alg = OID_UNKNOWN; + signature_params_t sig_alg = {}; bool success = FALSE; bool critical = FALSE; revoked_t *revoked = NULL; @@ -246,7 +247,11 @@ static bool parse(private_x509_crl_t *this) DBG2(DBG_ASN, " v%d", this->version); break; case CRL_OBJ_SIG_ALG: - sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL); + if (!signature_params_parse(object, level, &sig_alg)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } break; case CRL_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); @@ -342,8 +347,13 @@ static bool parse(private_x509_crl_t *this) } case CRL_OBJ_ALGORITHM: { - this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); - if (this->algorithm != sig_alg) + INIT(this->scheme); + if (!signature_params_parse(object, level, this->scheme)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } + if (!signature_params_equal(this->scheme, &sig_alg)) { DBG1(DBG_ASN, " signature algorithms do not agree"); goto end; @@ -361,6 +371,7 @@ static bool parse(private_x509_crl_t *this) end: parser->destroy(parser); + signature_params_clear(&sig_alg); return success; } @@ -457,10 +468,10 @@ METHOD(certificate_t, has_issuer, id_match_t, } METHOD(certificate_t, issued_by, bool, - private_x509_crl_t *this, certificate_t *issuer, signature_scheme_t *schemep) + private_x509_crl_t *this, certificate_t *issuer, + signature_params_t **scheme) { public_key_t *key; - signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; chunk_t keyid = chunk_empty; @@ -492,21 +503,17 @@ METHOD(certificate_t, issued_by, bool, } } - scheme = signature_scheme_from_oid(this->algorithm); - if (scheme == SIGN_UNKNOWN) - { - return FALSE; - } key = issuer->get_public_key(issuer); if (!key) { return FALSE; } - valid = key->verify(key, scheme, this->tbsCertList, this->signature); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, + this->tbsCertList, this->signature); key->destroy(key); - if (valid && schemep) + if (valid && scheme) { - *schemep = scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -593,6 +600,7 @@ METHOD(certificate_t, destroy, void, this->revoked->destroy_function(this->revoked, (void*)revoked_destroy); this->crl_uris->destroy_function(this->crl_uris, (void*)x509_cdp_destroy); + signature_params_destroy(this->scheme); DESTROY_IF(this->issuer); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); @@ -709,6 +717,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, { chunk_t extensions = chunk_empty, certList = chunk_empty, serial; chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty; + chunk_t sig_scheme = chunk_empty; enumerator_t *enumerator; crl_reason_t reason; time_t date; @@ -721,10 +730,20 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509)); - /* select signature scheme */ - this->algorithm = hasher_signature_algorithm_to_oid(digest_alg, - key->get_type(key)); - if (this->algorithm == OID_UNKNOWN) + /* select signature scheme, if not already specified */ + if (!this->scheme) + { + INIT(this->scheme, + .scheme = signature_scheme_from_oid( + hasher_signature_algorithm_to_oid(digest_alg, + key->get_type(key))), + ); + } + if (this->scheme->scheme == SIGN_UNKNOWN) + { + return FALSE; + } + if (!signature_params_build(this->scheme, &sig_scheme)) { return FALSE; } @@ -778,23 +797,24 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, asn1_integer("c", this->crlNumber))), crlDistributionPoints, baseCrlNumber)); - this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm", + this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cccmmmm", ASN1_INTEGER_1, - asn1_algorithmIdentifier(this->algorithm), + sig_scheme, this->issuer->get_encoding(this->issuer), asn1_from_time(&this->thisUpdate, ASN1_UTCTIME), asn1_from_time(&this->nextUpdate, ASN1_UTCTIME), asn1_wrap(ASN1_SEQUENCE, "m", certList), extensions); - if (!key->sign(key, signature_scheme_from_oid(this->algorithm), + if (!key->sign(key, this->scheme->scheme, this->scheme->params, this->tbsCertList, &this->signature)) { + chunk_free(&sig_scheme); return FALSE; } this->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", this->tbsCertList, - asn1_algorithmIdentifier(this->algorithm), + sig_scheme, asn1_bitstring("c", this->signature)); return TRUE; } @@ -833,6 +853,10 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) crl->crlNumber = va_arg(args, chunk_t); crl->crlNumber = chunk_clone(crl->crlNumber); continue; + case BUILD_SIGNATURE_SCHEME: + crl->scheme = va_arg(args, signature_params_t*); + crl->scheme = signature_params_clone(crl->scheme); + continue; case BUILD_DIGEST_ALG: digest_alg = va_arg(args, int); continue; diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index aef76af32..de22ab6be 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -276,7 +276,7 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, return chunk_empty; } - if (!this->key->sign(this->key, scheme, tbsRequest, &signature)) + if (!this->key->sign(this->key, scheme, NULL, tbsRequest, &signature)) { DBG1(DBG_LIB, "creating OCSP signature failed, skipped"); return chunk_empty; @@ -372,7 +372,7 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_ocsp_request_t *this, certificate_t *issuer, - signature_scheme_t *scheme) + signature_params_t **scheme) { DBG1(DBG_LIB, "OCSP request validation not implemented!"); return FALSE; diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 140e9bfa9..aa4999cbd 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -1,4 +1,5 @@ -/** +/* + * Copyright (C) 2017 Tobias Brunner * Copyright (C) 2008-2009 Martin Willi * Copyright (C) 2007-2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil @@ -63,9 +64,9 @@ struct private_x509_ocsp_response_t { chunk_t tbsResponseData; /** - * signature algorithm (OID) + * signature scheme */ - int signatureAlgorithm; + signature_params_t *scheme; /** * signature @@ -576,8 +577,13 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, } break; case BASIC_RESPONSE_ALGORITHM: - this->signatureAlgorithm = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); + INIT(this->scheme); + if (!signature_params_parse(object, parser->get_level(parser)+1, + this->scheme)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } break; case BASIC_RESPONSE_SIGNATURE: this->signature = chunk_skip(object, 1); @@ -703,10 +709,9 @@ METHOD(certificate_t, has_issuer, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_ocsp_response_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **scheme) { public_key_t *key; - signature_scheme_t scheme; bool valid; x509_t *x509 = (x509_t*)issuer; @@ -743,21 +748,17 @@ METHOD(certificate_t, issued_by, bool, return FALSE; } - /* get the public key of the issuer */ key = issuer->get_public_key(issuer); - - /* determine signature scheme */ - scheme = signature_scheme_from_oid(this->signatureAlgorithm); - - if (scheme == SIGN_UNKNOWN || key == NULL) + if (!key) { return FALSE; } - valid = key->verify(key, scheme, this->tbsResponseData, this->signature); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, + this->tbsResponseData, this->signature); key->destroy(key); - if (valid && schemep) + if (valid && scheme) { - *schemep = scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -839,6 +840,7 @@ METHOD(certificate_t, destroy, void, { this->certs->destroy_offset(this->certs, offsetof(certificate_t, destroy)); this->responses->destroy_function(this->responses, free); + signature_params_destroy(this->scheme); DESTROY_IF(this->responderId); free(this->encoding.ptr); free(this); @@ -879,7 +881,6 @@ static x509_ocsp_response_t *load(chunk_t blob) .producedAt = UNDEFINED_TIME, .usableUntil = UNDEFINED_TIME, .responses = linked_list_create(), - .signatureAlgorithm = OID_UNKNOWN, .certs = linked_list_create(), ); diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index e39e24bff..587fbd5d6 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -72,9 +72,9 @@ struct private_x509_pkcs10_t { chunk_t challengePassword; /** - * Signature algorithm + * Signature scheme */ - int algorithm; + signature_params_t *scheme; /** * Signature @@ -124,10 +124,9 @@ METHOD(certificate_t, has_subject, id_match_t, METHOD(certificate_t, issued_by, bool, private_x509_pkcs10_t *this, certificate_t *issuer, - signature_scheme_t *schemep) + signature_params_t **scheme) { public_key_t *key; - signature_scheme_t scheme; bool valid; if (&this->public.interface.interface != issuer) @@ -136,27 +135,22 @@ METHOD(certificate_t, issued_by, bool, } if (this->self_signed) { - return TRUE; + valid = TRUE; } - - /* determine signature scheme */ - scheme = signature_scheme_from_oid(this->algorithm); - if (scheme == SIGN_UNKNOWN) + else { - return FALSE; - } - - /* get the public key contained in the certificate request */ - key = this->public_key; - if (!key) - { - return FALSE; + /* get the public key contained in the certificate request */ + key = this->public_key; + if (!key) + { + return FALSE; + } + valid = key->verify(key, this->scheme->scheme, this->scheme->params, + this->certificationRequestInfo, this->signature); } - valid = key->verify(key, scheme, this->certificationRequestInfo, - this->signature); - if (valid && schemep) + if (valid && scheme) { - *schemep = scheme; + *scheme = signature_params_clone(this->scheme); } return valid; } @@ -410,7 +404,7 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this) case PKCS10_SUBJECT_PUBLIC_KEY_INFO: this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); - if (this->public_key == NULL) + if (!this->public_key) { goto end; } @@ -438,7 +432,12 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this) } break; case PKCS10_ALGORITHM: - this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); + INIT(this->scheme); + if (!signature_params_parse(object, level, this->scheme)) + { + DBG1(DBG_ASN, " unable to parse signature algorithm"); + goto end; + } break; case PKCS10_SIGNATURE: this->signature = chunk_skip(object, 1); @@ -474,6 +473,7 @@ METHOD(certificate_t, destroy, void, { this->subjectAltNames->destroy_offset(this->subjectAltNames, offsetof(identification_t, destroy)); + signature_params_destroy(this->scheme); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); chunk_free(&this->encoding); @@ -530,25 +530,34 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key, { chunk_t key_info, subjectAltNames, attributes; chunk_t extensionRequest = chunk_empty; - chunk_t challengePassword = chunk_empty; - signature_scheme_t scheme; + chunk_t challengePassword = chunk_empty, sig_scheme = chunk_empty; identification_t *subject; subject = cert->subject; cert->public_key = sign_key->get_public_key(sign_key); - /* select signature scheme */ - cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, - sign_key->get_type(sign_key)); - if (cert->algorithm == OID_UNKNOWN) + /* select signature scheme, if not already specified */ + if (!cert->scheme) + { + INIT(cert->scheme, + .scheme = signature_scheme_from_oid( + hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key))), + ); + } + if (cert->scheme->scheme == SIGN_UNKNOWN) + { + return FALSE; + } + if (!signature_params_build(cert->scheme, &sig_scheme)) { return FALSE; } - scheme = signature_scheme_from_oid(cert->algorithm); if (!cert->public_key->get_encoding(cert->public_key, PUBKEY_SPKI_ASN1_DER, &key_info)) { + chunk_free(&sig_scheme); return FALSE; } @@ -584,15 +593,16 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key, key_info, attributes); - if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo, - &cert->signature)) + if (!sign_key->sign(sign_key, cert->scheme->scheme, cert->scheme->params, + cert->certificationRequestInfo, &cert->signature)) { + chunk_free(&sig_scheme); return FALSE; } cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm", cert->certificationRequestInfo, - asn1_algorithmIdentifier(cert->algorithm), + sig_scheme, asn1_bitstring("c", cert->signature)); return TRUE; } @@ -674,6 +684,10 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args) case BUILD_CHALLENGE_PWD: cert->challengePassword = chunk_clone(va_arg(args, chunk_t)); continue; + case BUILD_SIGNATURE_SCHEME: + cert->scheme = va_arg(args, signature_params_t*); + cert->scheme = signature_params_clone(cert->scheme); + continue; case BUILD_DIGEST_ALG: digest_alg = va_arg(args, int); continue; diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index 0231c1c14..d764a6a9e 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -56,7 +56,8 @@ tests_SOURCES = tests.h tests.c \ suites/test_test_rng.c \ suites/test_mgf1.c \ suites/test_ntru.c \ - suites/test_ed25519.c + suites/test_ed25519.c \ + suites/test_signature_params.c tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c index fa02df9ca..d7fb7c2a9 100644 --- a/src/libstrongswan/tests/suites/test_asn1.c +++ b/src/libstrongswan/tests/suites/test_asn1.c @@ -758,13 +758,10 @@ END_TEST START_TEST(test_asn1_parse_integer_uint64) { - typedef struct { + struct { uint64_t n; chunk_t chunk; - } testdata_t; - - - testdata_t test[] = { + } test[] = { { 67305985ULL, chunk_from_chars( 0x04, 0x03, 0x02, 0x01) }, { 578437695752307201ULL, chunk_from_chars( @@ -782,6 +779,37 @@ START_TEST(test_asn1_parse_integer_uint64) } END_TEST +/******************************************************************************* + * integer_from_uint64 + */ + +START_TEST(test_asn1_integer_from_uint64) +{ + struct { + uint64_t n; + chunk_t chunk; + } test[] = { + { 0ULL, chunk_from_chars(0x00) }, + { 255ULL, chunk_from_chars(0xff) }, + { 256ULL, chunk_from_chars(0x01, 0x00) }, + { 67305985ULL, chunk_from_chars(0x04, 0x03, 0x02, 0x01) }, + { 578437695752307201ULL, chunk_from_chars( + 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01) }, + { 18446744073709551615ULL, chunk_from_chars( + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff) }, + }; + chunk_t asn; + int i; + + for (i = 0; i < countof(test); i++) + { + asn = asn1_integer_from_uint64(test[i].n); + ck_assert_chunk_eq(test[i].chunk, asn); + chunk_free(&asn); + } +} +END_TEST + Suite *asn1_suite_create() { Suite *s; @@ -861,8 +889,9 @@ Suite *asn1_suite_create() tcase_add_test(tc, test_asn1_integer); suite_add_tcase(s, tc); - tc = tcase_create("parse_integer_uint64"); + tc = tcase_create("integer_uint64"); tcase_add_test(tc, test_asn1_parse_integer_uint64); + tcase_add_test(tc, test_asn1_integer_from_uint64); suite_add_tcase(s, tc); return s; diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c index 139b73021..d0fa8a045 100644 --- a/src/libstrongswan/tests/suites/test_auth_cfg.c +++ b/src/libstrongswan/tests/suites/test_auth_cfg.c @@ -45,7 +45,7 @@ static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type, { enumerator_t *enumerator; auth_rule_t t; - void *value; + signature_params_t *value; int i = 0; enumerator = cfg->create_enumerator(cfg); @@ -54,7 +54,7 @@ static void check_sig_constraints(auth_cfg_t *cfg, auth_rule_t type, if (t == type) { ck_assert(expected[i]); - ck_assert_int_eq(expected[i], (signature_scheme_t)value); + ck_assert_int_eq(expected[i], value->scheme); i++; } } @@ -106,6 +106,102 @@ START_TEST(test_ike_contraints_fallback) } END_TEST +typedef union { + rsa_pss_params_t pss; +} signature_param_types_t; + +struct { + char *constraints; + signature_scheme_t sig[5]; + signature_param_types_t p[5]; +} sig_constraints_params_tests[] = { + { "rsa/pss-sha256", { SIGN_RSA_EMSA_PSS, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}}, + { "rsa/pss-sha256-sha384", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, + { .pss = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, .salt_len = HASH_SIZE_SHA384, }}}}, + { "rsa/pss-sha256-rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}}, + { "rsa-sha256-rsa/pss-sha256", { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PSS, 0 }, { + {}, + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}}}, + { "rsa/pss", { 0 }, {}}, +}; + +static void check_sig_constraints_params(auth_cfg_t *cfg, auth_rule_t type, + signature_scheme_t scheme[], + signature_param_types_t p[]) +{ + enumerator_t *enumerator; + auth_rule_t t; + signature_params_t *value; + int i = 0; + + enumerator = cfg->create_enumerator(cfg); + while (enumerator->enumerate(enumerator, &t, &value)) + { + if (t == type) + { + if (scheme[i] == SIGN_RSA_EMSA_PSS) + { + signature_params_t expected = { + .scheme = scheme[i], + .params = &p[i].pss, + }; + ck_assert(signature_params_equal(value, &expected)); + } + else + { + ck_assert(scheme[i]); + ck_assert(!value->params); + ck_assert_int_eq(scheme[i], value->scheme); + } + i++; + } + } + enumerator->destroy(enumerator); + ck_assert(!scheme[i]); +} + +START_TEST(test_sig_contraints_params) +{ + auth_cfg_t *cfg; + + cfg = auth_cfg_create(); + cfg->add_pubkey_constraints(cfg, sig_constraints_params_tests[_i].constraints, TRUE); + check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, + sig_constraints_params_tests[_i].sig, + sig_constraints_params_tests[_i].p); + cfg->destroy(cfg); +} +END_TEST + +struct { + char *constraints; + signature_scheme_t sig[6]; + signature_param_types_t p[6]; +} sig_constraints_rsa_pss_tests[] = { + { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}}, + { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}}, +}; + +START_TEST(test_sig_contraints_rsa_pss) +{ + auth_cfg_t *cfg; + + lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns); + + cfg = auth_cfg_create(); + cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE); + check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, + sig_constraints_rsa_pss_tests[_i].sig, + sig_constraints_rsa_pss_tests[_i].p); + cfg->destroy(cfg); +} +END_TEST + Suite *auth_cfg_suite_create() { Suite *s; @@ -118,5 +214,10 @@ Suite *auth_cfg_suite_create() tcase_add_loop_test(tc, test_ike_contraints_fallback, 0, countof(sig_constraints_tests)); suite_add_tcase(s, tc); + tc = tcase_create("add_pubkey_constraints parameters"); + tcase_add_loop_test(tc, test_sig_contraints_params, 0, countof(sig_constraints_params_tests)); + tcase_add_loop_test(tc, test_sig_contraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests)); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c index 3c842996d..6edae81ae 100644 --- a/src/libstrongswan/tests/suites/test_ecdsa.c +++ b/src/libstrongswan/tests/suites/test_ecdsa.c @@ -57,9 +57,9 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey) { continue; } - fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig), + fail_unless(privkey->sign(privkey, schemes[i].scheme, NULL, data, &sig), "sign %N", signature_scheme_names, schemes[i].scheme); - fail_unless(pubkey->verify(pubkey, schemes[i].scheme, data, sig), + fail_unless(pubkey->verify(pubkey, schemes[i].scheme, NULL, data, sig), "verify %N", signature_scheme_names, schemes[i].scheme); free(sig.ptr); } @@ -121,7 +121,8 @@ static void test_bad_sigs(public_key_t *pubkey) for (i = 0; i < countof(invalid_sigs); i++) { fail_if( - pubkey->verify(pubkey, schemes[s].scheme, data, invalid_sigs[i]), + pubkey->verify(pubkey, schemes[s].scheme, NULL, data, + invalid_sigs[i]), "bad %N sig accepted %B", signature_scheme_names, schemes[s].scheme, &invalid_sigs[i]); diff --git a/src/libstrongswan/tests/suites/test_ed25519.c b/src/libstrongswan/tests/suites/test_ed25519.c index 00842628d..86cbb1bc0 100644 --- a/src/libstrongswan/tests/suites/test_ed25519.c +++ b/src/libstrongswan/tests/suites/test_ed25519.c @@ -297,13 +297,13 @@ START_TEST(test_ed25519_sign) ck_assert(public->equals(public, pubkey)); /* sign */ - ck_assert(key->sign(key, SIGN_ED25519, sig_tests[_i].msg, &sig)); + ck_assert(key->sign(key, SIGN_ED25519, NULL, sig_tests[_i].msg, &sig)); ck_assert(sig.len == 64); ck_assert(chunk_equals(sig, sig_tests[_i].sig)); /* verify */ - ck_assert(pubkey->verify(pubkey, SIGN_ED25519, sig_tests[_i].msg, - sig_tests[_i].sig)); + ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[_i].msg, + sig_tests[_i].sig)); /* cleanup */ key->destroy(key); @@ -340,10 +340,10 @@ START_TEST(test_ed25519_gen) ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL)); /* wrong signature scheme */ - ck_assert(!key->sign(key, SIGN_ED448, msg, &sig)); + ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig)); /* correct signature scheme*/ - ck_assert(key->sign(key, SIGN_ED25519, msg, &sig)); + ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig)); /* export public key */ pubkey = key->get_public_key(key); @@ -375,10 +375,10 @@ START_TEST(test_ed25519_gen) ck_assert(!pubkey->encrypt(pubkey, ENCRYPT_UNKNOWN, msg, NULL)); /* verify with wrong signature scheme */ - ck_assert(!pubkey->verify(pubkey, SIGN_ED448, msg, sig)); + ck_assert(!pubkey->verify(pubkey, SIGN_ED448, NULL, msg, sig)); /* verify with correct signature scheme */ - ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig)); + ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig)); /* cleanup */ key->destroy(key); @@ -404,10 +404,10 @@ START_TEST(test_ed25519_speed) key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519, BUILD_KEY_SIZE, 256, BUILD_END); ck_assert(key != NULL); - ck_assert(key->sign(key, SIGN_ED25519, msg, &sig)); + ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig)); pubkey = key->get_public_key(key); ck_assert(pubkey != NULL); - ck_assert(pubkey->verify(pubkey, SIGN_ED25519, msg, sig)); + ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig)); key->destroy(key); pubkey->destroy(pubkey); chunk_free(&sig); @@ -476,25 +476,29 @@ START_TEST(test_ed25519_fail) BUILD_BLOB_ASN1_DER, sig_tests[0].pubkey, BUILD_END); ck_assert(pubkey != NULL); - ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, chunk_empty, chunk_empty)); + ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, chunk_empty, + chunk_empty)); /* malformed signature */ sig = chunk_create(sig1, 64); memcpy(sig1, sig_tests[0].sig.ptr, 64); sig1[63] |= 0xe0; - ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig)); + ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg, + sig)); /* wrong signature */ memcpy(sig1, sig_tests[0].sig.ptr, 64); sig1[0] = 0xe4; - ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig)); + ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg, + sig)); /* detect all-zeroes public key */ pubkey->destroy(pubkey); pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ED25519, BUILD_BLOB_ASN1_DER, zero_pk, BUILD_END); ck_assert(pubkey != NULL); - ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, sig_tests[0].msg, sig)); + ck_assert(!pubkey->verify(pubkey, SIGN_ED25519, NULL, sig_tests[0].msg, + sig)); pubkey->destroy(pubkey); } END_TEST diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c index 9f7741969..7bf527329 100644 --- a/src/libstrongswan/tests/suites/test_hasher.c +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -90,12 +90,10 @@ START_TEST(test_hasher_sig_to_oid) } END_TEST -typedef struct { +static struct { signature_scheme_t scheme; hash_algorithm_t alg; -}hasher_sig_scheme_t; - -static hasher_sig_scheme_t sig_schemes[] = { +} sig_schemes[] = { { SIGN_UNKNOWN, HASH_UNKNOWN }, { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, @@ -108,6 +106,7 @@ static hasher_sig_scheme_t sig_schemes[] = { { SIGN_RSA_EMSA_PKCS1_SHA3_256, HASH_SHA3_256 }, { SIGN_RSA_EMSA_PKCS1_SHA3_384, HASH_SHA3_384 }, { SIGN_RSA_EMSA_PKCS1_SHA3_512, HASH_SHA3_512 }, + { SIGN_RSA_EMSA_PSS, HASH_UNKNOWN }, { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, @@ -124,16 +123,35 @@ static hasher_sig_scheme_t sig_schemes[] = { { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, { SIGN_ED25519, HASH_IDENTITY }, { SIGN_ED448, HASH_IDENTITY }, - { 30, HASH_UNKNOWN } + { 30, HASH_UNKNOWN }, }; START_TEST(test_hasher_from_sig_scheme) { - ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme) == + ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme, NULL) == sig_schemes[_i].alg); } END_TEST +static struct { + signature_scheme_t scheme; + union { + rsa_pss_params_t pss; + } p; + hash_algorithm_t alg; +} sig_schemes_params[] = { + { SIGN_RSA_EMSA_PSS, .p.pss = { .hash = HASH_SHA256 }, HASH_SHA256 }, + { SIGN_RSA_EMSA_PSS, .p.pss = { .hash = HASH_SHA512 }, HASH_SHA512 }, + { SIGN_RSA_EMSA_PKCS1_SHA2_256, .p.pss = { .hash = HASH_SHA512 }, HASH_SHA256 }, +}; + +START_TEST(test_hasher_from_sig_scheme_params) +{ + ck_assert(hasher_from_signature_scheme(sig_schemes_params[_i].scheme, + &sig_schemes_params[_i].p) == sig_schemes_params[_i].alg); +} +END_TEST + typedef struct { pseudo_random_function_t prf; hash_algorithm_t alg; @@ -269,6 +287,7 @@ Suite *hasher_suite_create() tc = tcase_create("from_sig_scheme"); tcase_add_loop_test(tc, test_hasher_from_sig_scheme, 0, countof(sig_schemes)); + tcase_add_loop_test(tc, test_hasher_from_sig_scheme_params, 0, countof(sig_schemes_params)); suite_add_tcase(s, tc); tc = tcase_create("from_prf"); diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 41e783521..3f6353404 100644 --- a/src/libstrongswan/tests/suites/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * @@ -16,6 +19,7 @@ #include "test_suite.h" #include <plugins/plugin_feature.h> +#include <credentials/keys/signature_params.h> /** * Signature schemes to test @@ -28,6 +32,15 @@ static signature_scheme_t schemes[] = { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_RSA_EMSA_PSS, +}; +/** + * Default parameters for RSA PSS signatures + */ +static rsa_pss_params_t default_pss_params = { + .hash = HASH_SHA256, + .mgf1_hash = HASH_SHA256, + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }; /** @@ -40,16 +53,24 @@ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey) for (i = 0; i < countof(schemes); i++) { + rsa_pss_params_t *params = NULL; + if (!lib->plugins->has_feature(lib->plugins, PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) || !lib->plugins->has_feature(lib->plugins, PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i]))) { + warn("%N not supported, skip scheme", signature_scheme_names, + schemes[i]); continue; } - fail_unless(privkey->sign(privkey, schemes[i], data, &sig), + if (schemes[i] == SIGN_RSA_EMSA_PSS) + { + params = &default_pss_params; + } + fail_unless(privkey->sign(privkey, schemes[i], params, data, &sig), "sign %N", signature_scheme_names, schemes[i]); - fail_unless(pubkey->verify(pubkey, schemes[i], data, sig), + fail_unless(pubkey->verify(pubkey, schemes[i], params, data, sig), "verify %N", signature_scheme_names, schemes[i]); free(sig.ptr); } @@ -98,15 +119,23 @@ static void test_bad_sigs(public_key_t *pubkey) for (s = 0; s < countof(schemes); s++) { - if (!lib->plugins->has_feature(lib->plugins, - PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s]))) - { - continue; - } + rsa_pss_params_t *params = NULL; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s]))) + { + warn("%N not supported, skip scheme", signature_scheme_names, + schemes[s]); + continue; + } + if (schemes[s] == SIGN_RSA_EMSA_PSS) + { + params = &default_pss_params; + } for (i = 0; i < countof(invalid_sigs); i++) { fail_if( - pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]), + pubkey->verify(pubkey, schemes[s], params, data, invalid_sigs[i]), "bad %N sig accepted %B", signature_scheme_names, schemes[s], &invalid_sigs[i]); } @@ -373,6 +402,4770 @@ START_TEST(test_load) } END_TEST +/** + * Keys for the FIPS 186-4 SigGen PKCS#1 Ver1.5 test vectors + */ +static private_key_t *privkey_2048, *privkey_3072; +static public_key_t *pubkey_2048, *pubkey_3072; + +static void create_key(chunk_t n, chunk_t e, chunk_t d, private_key_t **privkey, + public_key_t **pubkey) +{ + *privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, + BUILD_RSA_PRIV_EXP, d, BUILD_END); + ck_assert(*privkey != NULL); + *pubkey = (*privkey)->get_public_key(*privkey); + ck_assert(*pubkey != NULL); +} + +START_SETUP(setup_keys) +{ + create_key(chunk_from_chars( + 0xce,0xa8,0x04,0x75,0x32,0x4c,0x1d,0xc8,0x34,0x78,0x27,0x81,0x8d,0xa5,0x8b,0xac, + 0x06,0x9d,0x34,0x19,0xc6,0x14,0xa6,0xea,0x1a,0xc6,0xa3,0xb5,0x10,0xdc,0xd7,0x2c, + 0xc5,0x16,0x95,0x49,0x05,0xe9,0xfe,0xf9,0x08,0xd4,0x5e,0x13,0x00,0x6a,0xdf,0x27, + 0xd4,0x67,0xa7,0xd8,0x3c,0x11,0x1d,0x1a,0x5d,0xf1,0x5e,0xf2,0x93,0x77,0x1a,0xef, + 0xb9,0x20,0x03,0x2a,0x5b,0xb9,0x89,0xf8,0xe4,0xf5,0xe1,0xb0,0x50,0x93,0xd3,0xf1, + 0x30,0xf9,0x84,0xc0,0x7a,0x77,0x2a,0x36,0x83,0xf4,0xdc,0x6f,0xb2,0x8a,0x96,0x81, + 0x5b,0x32,0x12,0x3c,0xcd,0xd1,0x39,0x54,0xf1,0x9d,0x5b,0x8b,0x24,0xa1,0x03,0xe7, + 0x71,0xa3,0x4c,0x32,0x87,0x55,0xc6,0x5e,0xd6,0x4e,0x19,0x24,0xff,0xd0,0x4d,0x30, + 0xb2,0x14,0x2c,0xc2,0x62,0xf6,0xe0,0x04,0x8f,0xef,0x6d,0xbc,0x65,0x2f,0x21,0x47, + 0x9e,0xa1,0xc4,0xb1,0xd6,0x6d,0x28,0xf4,0xd4,0x6e,0xf7,0x18,0x5e,0x39,0x0c,0xbf, + 0xa2,0xe0,0x23,0x80,0x58,0x2f,0x31,0x88,0xbb,0x94,0xeb,0xbf,0x05,0xd3,0x14,0x87, + 0xa0,0x9a,0xff,0x01,0xfc,0xbb,0x4c,0xd4,0xbf,0xd1,0xf0,0xa8,0x33,0xb3,0x8c,0x11, + 0x81,0x3c,0x84,0x36,0x0b,0xb5,0x3c,0x7d,0x44,0x81,0x03,0x1c,0x40,0xba,0xd8,0x71, + 0x3b,0xb6,0xb8,0x35,0xcb,0x08,0x09,0x8e,0xd1,0x5b,0xa3,0x1e,0xe4,0xba,0x72,0x8a, + 0x8c,0x8e,0x10,0xf7,0x29,0x4e,0x1b,0x41,0x63,0xb7,0xae,0xe5,0x72,0x77,0xbf,0xd8, + 0x81,0xa6,0xf9,0xd4,0x3e,0x02,0xc6,0x92,0x5a,0xa3,0xa0,0x43,0xfb,0x7f,0xb7,0x8d), + chunk_from_chars( + 0x26,0x04,0x45), + chunk_from_chars( + 0x09,0x97,0x63,0x4c,0x47,0x7c,0x1a,0x03,0x9d,0x44,0xc8,0x10,0xb2,0xaa,0xa3,0xc7, + 0x86,0x2b,0x0b,0x88,0xd3,0x70,0x82,0x72,0xe1,0xe1,0x5f,0x66,0xfc,0x93,0x89,0x70, + 0x9f,0x8a,0x11,0xf3,0xea,0x6a,0x5a,0xf7,0xef,0xfa,0x2d,0x01,0xc1,0x89,0xc5,0x0f, + 0x0d,0x5b,0xcb,0xe3,0xfa,0x27,0x2e,0x56,0xcf,0xc4,0xa4,0xe1,0xd3,0x88,0xa9,0xdc, + 0xd6,0x5d,0xf8,0x62,0x89,0x02,0x55,0x6c,0x8b,0x6b,0xb6,0xa6,0x41,0x70,0x9b,0x5a, + 0x35,0xdd,0x26,0x22,0xc7,0x3d,0x46,0x40,0xbf,0xa1,0x35,0x9d,0x0e,0x76,0xe1,0xf2, + 0x19,0xf8,0xe3,0x3e,0xb9,0xbd,0x0b,0x59,0xec,0x19,0x8e,0xb2,0xfc,0xca,0xae,0x03, + 0x46,0xbd,0x8b,0x40,0x1e,0x12,0xe3,0xc6,0x7c,0xb6,0x29,0x56,0x9c,0x18,0x5a,0x2e, + 0x0f,0x35,0xa2,0xf7,0x41,0x64,0x4c,0x1c,0xca,0x5e,0xbb,0x13,0x9d,0x77,0xa8,0x9a, + 0x29,0x53,0xfc,0x5e,0x30,0x04,0x8c,0x0e,0x61,0x9f,0x07,0xc8,0xd2,0x1d,0x1e,0x56, + 0xb8,0xaf,0x07,0x19,0x3d,0x0f,0xdf,0x3f,0x49,0xcd,0x49,0xf2,0xef,0x31,0x38,0xb5, + 0x13,0x88,0x62,0xf1,0x47,0x0b,0xd2,0xd1,0x6e,0x34,0xa2,0xb9,0xe7,0x77,0x7a,0x6c, + 0x8c,0x8d,0x4c,0xb9,0x4b,0x4e,0x8b,0x5d,0x61,0x6c,0xd5,0x39,0x37,0x53,0xe7,0xb0, + 0xf3,0x1c,0xc7,0xda,0x55,0x9b,0xa8,0xe9,0x8d,0x88,0x89,0x14,0xe3,0x34,0x77,0x3b, + 0xaf,0x49,0x8a,0xd8,0x8d,0x96,0x31,0xeb,0x5f,0xe3,0x2e,0x53,0xa4,0x14,0x5b,0xf0, + 0xba,0x54,0x8b,0xf2,0xb0,0xa5,0x0c,0x63,0xf6,0x7b,0x14,0xe3,0x98,0xa3,0x4b,0x0d), + &privkey_2048, &pubkey_2048); + + create_key(chunk_from_chars( + 0xdc,0xa9,0x83,0x04,0xb7,0x29,0xe8,0x19,0xb3,0x40,0xe2,0x6c,0xec,0xb7,0x30,0xae, + 0xcb,0xd8,0x93,0x0e,0x33,0x4c,0x73,0x14,0x93,0xb1,0x80,0xde,0x97,0x0e,0x6d,0x3b, + 0xc5,0x79,0xf8,0x6c,0x8d,0x5d,0x03,0x2f,0x8c,0xd3,0x3c,0x43,0x97,0xee,0x7f,0xfd, + 0x01,0x9d,0x51,0xb0,0xa7,0xdb,0xe4,0xf5,0x25,0x05,0xa1,0xa3,0x4a,0xe3,0x5d,0x23, + 0xcf,0xaa,0xf5,0x94,0x41,0x9d,0x50,0x9f,0x46,0x9b,0x13,0x69,0x58,0x9f,0x9c,0x86, + 0x16,0xa7,0xd6,0x98,0x51,0x3b,0xc1,0xd4,0x23,0xd7,0x00,0x70,0xd3,0xd7,0x2b,0x99, + 0x6c,0x23,0xab,0xe6,0x8b,0x22,0xcc,0xc3,0x9a,0xab,0xd1,0x65,0x07,0x12,0x40,0x42, + 0xc8,0x8d,0x4d,0xa6,0xa7,0x45,0x12,0x88,0xec,0x87,0xc9,0x24,0x4b,0xe2,0x26,0xaa, + 0xc0,0x2d,0x18,0x17,0x68,0x2f,0x80,0xcc,0x34,0xc6,0xea,0xf3,0x7e,0xc8,0x4d,0x24, + 0x7a,0xae,0xde,0xbb,0x56,0xc3,0xbb,0xca,0xff,0xb5,0xcf,0x42,0xf6,0x1f,0xe1,0xb7, + 0xf3,0xfc,0x89,0x74,0x8e,0x21,0x39,0x73,0xbf,0x5f,0x67,0x9d,0x8b,0x8b,0x42,0xa4, + 0x7a,0xc4,0xaf,0xd9,0xe5,0x1e,0x1d,0x12,0x14,0xdf,0xe1,0xa7,0xe1,0x16,0x90,0x80, + 0xbd,0x9a,0xd9,0x17,0x58,0xf6,0xc0,0xf9,0xb2,0x2a,0xe4,0x0a,0xf6,0xb4,0x14,0x03, + 0xd8,0xf2,0xd9,0x6d,0xb5,0xa0,0x88,0xda,0xa5,0xef,0x86,0x83,0xf8,0x6f,0x50,0x1f, + 0x7a,0xd3,0xf3,0x58,0xb6,0x33,0x7d,0xa5,0x5c,0x6c,0xfc,0x00,0x31,0x97,0x42,0x0c, + 0x1c,0x75,0xab,0xdb,0x7b,0xe1,0x40,0x3e,0xa4,0xf3,0xe6,0x42,0x59,0xf5,0xc6,0xda, + 0x33,0x25,0xbb,0x87,0xd6,0x05,0xb6,0xe1,0x4b,0x53,0x50,0xe6,0xe1,0x45,0x5c,0x9d, + 0x49,0x7d,0x81,0x04,0x66,0x08,0xe3,0x87,0x95,0xdc,0x85,0xab,0xa4,0x06,0xc9,0xde, + 0x1f,0x4f,0x99,0x90,0xd5,0x15,0x3b,0x98,0xbb,0xab,0xbd,0xcb,0xd6,0xbb,0x18,0x85, + 0x43,0x12,0xb2,0xda,0x48,0xb4,0x11,0xe8,0x38,0xf2,0x6a,0xe3,0x10,0x9f,0x10,0x4d, + 0xfd,0x16,0x19,0xf9,0x91,0x82,0x4e,0xc8,0x19,0x86,0x1e,0x51,0x99,0xf2,0x6b,0xb9, + 0xb3,0xb2,0x99,0xbf,0xa9,0xec,0x2f,0xd6,0x91,0x27,0x1b,0x58,0xa8,0xad,0xec,0xbf, + 0x0f,0xf6,0x27,0xb5,0x43,0x36,0xf3,0xdf,0x70,0x03,0xd7,0x0e,0x37,0xd1,0x1d,0xdb, + 0xd9,0x30,0xd9,0xab,0xa7,0xe8,0x8e,0xd4,0x01,0xac,0xb4,0x40,0x92,0xfd,0x53,0xd5), + chunk_from_chars( + 0xea,0xf0,0x5d), + chunk_from_chars( + 0x2d,0x6d,0xb9,0x1e,0xb3,0x2e,0x36,0xe5,0xd5,0x12,0x7d,0xeb,0x03,0x4d,0x14,0x07, + 0x2f,0xe6,0x0c,0x1c,0xd1,0x3c,0x8c,0x3d,0xd9,0xad,0xbc,0x87,0x14,0x0b,0x5e,0x71, + 0x36,0xf4,0xf8,0x9e,0x61,0xbb,0xee,0x78,0x26,0xf4,0x5a,0xc1,0xd9,0x91,0x94,0xfb, + 0xaa,0x8c,0x5a,0x0b,0xb9,0x4d,0xb3,0x1d,0x93,0x72,0x3b,0x51,0x41,0x9d,0x9c,0x6f, + 0x6e,0xeb,0x5f,0x36,0x10,0xb6,0x7f,0x4b,0x4e,0x2a,0xde,0x05,0xcc,0x6b,0x89,0x90, + 0xe8,0x83,0x2c,0xf4,0xcd,0x40,0xf2,0xdf,0x03,0x88,0xc9,0xa5,0x20,0x72,0xe2,0x7e, + 0xfe,0xba,0xe2,0x0b,0x4a,0xd5,0x95,0x1f,0x4d,0x20,0xdd,0x18,0x94,0x3e,0x58,0xb7, + 0x86,0xd8,0x79,0x76,0x52,0xb2,0xbb,0x75,0x9c,0x31,0x9d,0x2b,0x00,0x46,0xdb,0xf6, + 0x9c,0x53,0xc0,0x75,0xd0,0x0c,0x28,0x7b,0x87,0x60,0x42,0xfa,0xfa,0x23,0xfe,0x4d, + 0xd7,0x05,0xe4,0xe4,0x23,0x27,0x7c,0x90,0x00,0x31,0x1e,0x94,0xea,0x3f,0x74,0x56, + 0xe3,0x2f,0xd1,0x2a,0xfe,0x4a,0x2b,0xde,0x35,0x8a,0x65,0x82,0x4f,0x10,0x55,0x06, + 0x48,0x23,0xc8,0x93,0xfc,0x93,0xbe,0x3b,0x8c,0x65,0x8b,0xb4,0x41,0xd7,0xf0,0xb0, + 0x0a,0xc2,0x46,0xbf,0x04,0x3a,0x9c,0x00,0x53,0xd3,0x19,0xf0,0x03,0xef,0x5a,0x55, + 0x33,0xf7,0x4d,0x63,0x0d,0x8c,0xe9,0x3b,0xab,0x41,0x6a,0x82,0x95,0x1e,0x05,0xb8, + 0x2c,0x60,0x36,0x59,0x3e,0xca,0x89,0xf0,0xeb,0xac,0xd7,0xd5,0x1e,0xd9,0x61,0x0a, + 0xf4,0x35,0x37,0xfc,0xd2,0x66,0xe5,0xe4,0x7c,0x0d,0x25,0xfe,0xda,0xd6,0xd0,0x47, + 0xa1,0xa1,0xee,0x3e,0xb4,0x44,0x36,0x7e,0x3e,0xff,0x7c,0x75,0x20,0xca,0x4f,0x77, + 0x9f,0x20,0x27,0xfe,0x45,0x03,0x62,0x04,0x16,0x84,0x54,0xdf,0x49,0x18,0xb5,0x47, + 0xa4,0xd1,0x9e,0x93,0x8f,0x3c,0x6d,0xb6,0xca,0x27,0x02,0xad,0x9b,0xbd,0xa1,0x26, + 0x1c,0x64,0xd0,0x0b,0x57,0x82,0x85,0xbd,0xcf,0xc9,0x85,0x1f,0x96,0xa4,0xf2,0xcd, + 0x14,0xd6,0x6b,0x9c,0x1f,0x65,0x74,0x2a,0x13,0x44,0x94,0x8c,0x9f,0x1d,0xa8,0xd3, + 0x38,0xed,0x4e,0x3d,0xeb,0x1e,0xba,0xdf,0x11,0xf8,0xc2,0x81,0x94,0x4e,0x88,0x49, + 0x82,0x34,0x96,0xf8,0x61,0x11,0xf3,0x78,0xbd,0xd0,0x84,0xc9,0x9f,0x65,0xfb,0x9b, + 0x4e,0xe6,0x27,0x1b,0x1d,0x1b,0xe4,0x24,0xc2,0x94,0xd1,0x85,0xd9,0xfd,0x9c,0xdf), + &privkey_3072, &pubkey_3072); +} +END_SETUP + +START_TEARDOWN(teardown_keys) +{ + pubkey_2048->destroy(pubkey_2048); + privkey_2048->destroy(privkey_2048); + pubkey_3072->destroy(pubkey_3072); + privkey_3072->destroy(privkey_3072); +} +END_TEARDOWN + +/** + * Test vectors from FIPS 186-4 + */ +static struct { + signature_scheme_t scheme; + chunk_t m; + chunk_t s; +} pkcs15_2048[] = { + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x5a,0xf2,0x83,0xb1,0xb7,0x6a,0xb2,0xa6,0x95,0xd7,0x94,0xc2,0x3b,0x35,0xca,0x73, + 0x71,0xfc,0x77,0x9e,0x92,0xeb,0xf5,0x89,0xe3,0x04,0xc7,0xf9,0x23,0xd8,0xcf,0x97, + 0x63,0x04,0xc1,0x98,0x18,0xfc,0xd8,0x9d,0x6f,0x07,0xc8,0xd8,0xe0,0x8b,0xf3,0x71, + 0x06,0x8b,0xdf,0x28,0xae,0x6e,0xe8,0x3b,0x2e,0x02,0x32,0x8a,0xf8,0xc0,0xe2,0xf9, + 0x6e,0x52,0x8e,0x16,0xf8,0x52,0xf1,0xfc,0x54,0x55,0xe4,0x77,0x2e,0x28,0x8a,0x68, + 0xf1,0x59,0xca,0x6b,0xdc,0xf9,0x02,0xb8,0x58,0xa1,0xf9,0x47,0x89,0xb3,0x16,0x38, + 0x23,0xe2,0xd0,0x71,0x7f,0xf5,0x66,0x89,0xee,0xc7,0xd0,0xe5,0x4d,0x93,0xf5,0x20, + 0xd9,0x6e,0x1e,0xb0,0x45,0x15,0xab,0xc7,0x0a,0xe9,0x05,0x78,0xff,0x38,0xd3,0x1b), + .s = chunk_from_chars( + 0x6b,0x8b,0xe9,0x7d,0x9e,0x51,0x8a,0x2e,0xde,0x74,0x6f,0xf4,0xa7,0xd9,0x1a,0x84, + 0xa1,0xfc,0x66,0x5b,0x52,0xf1,0x54,0xa9,0x27,0x65,0x0d,0xb6,0xe7,0x34,0x8c,0x69, + 0xf8,0xc8,0x88,0x1f,0x7b,0xcf,0x9b,0x1a,0x6d,0x33,0x66,0xee,0xd3,0x0c,0x3a,0xed, + 0x4e,0x93,0xc2,0x03,0xc4,0x3f,0x55,0x28,0xa4,0x5d,0xe7,0x91,0x89,0x57,0x47,0xad, + 0xe9,0xc5,0xfa,0x5e,0xee,0x81,0x42,0x7e,0xde,0xe0,0x20,0x82,0x14,0x7a,0xa3,0x11, + 0x71,0x2a,0x6a,0xd5,0xfb,0x17,0x32,0xe9,0x3b,0x3d,0x6c,0xd2,0x3f,0xfd,0x46,0xa0, + 0xb3,0xca,0xf6,0x2a,0x8b,0x69,0x95,0x7c,0xc6,0x8a,0xe3,0x9f,0x99,0x93,0xc1,0xa7, + 0x79,0x59,0x9c,0xdd,0xa9,0x49,0xbd,0xaa,0xba,0xbb,0x77,0xf2,0x48,0xfc,0xfe,0xaa, + 0x44,0x05,0x9b,0xe5,0x45,0x9f,0xb9,0xb8,0x99,0x27,0x8e,0x92,0x95,0x28,0xee,0x13, + 0x0f,0xac,0xd5,0x33,0x72,0xec,0xbc,0x42,0xf3,0xe8,0xde,0x29,0x98,0x42,0x58,0x60, + 0x40,0x64,0x40,0xf2,0x48,0xd8,0x17,0x43,0x2d,0xe6,0x87,0x11,0x2e,0x50,0x4d,0x73, + 0x40,0x28,0xe6,0xc5,0x62,0x0f,0xa2,0x82,0xca,0x07,0x64,0x70,0x06,0xcf,0x0a,0x2f, + 0xf8,0x3e,0x19,0xa9,0x16,0x55,0x4c,0xc6,0x18,0x10,0xc2,0xe8,0x55,0x30,0x5d,0xb4, + 0xe5,0xcf,0x89,0x3a,0x6a,0x96,0x76,0x73,0x65,0x79,0x45,0x56,0xff,0x03,0x33,0x59, + 0x08,0x4d,0x7e,0x38,0xa8,0x45,0x6e,0x68,0xe2,0x11,0x55,0xb7,0x61,0x51,0x31,0x4a, + 0x29,0x87,0x5f,0xee,0xe0,0x95,0x57,0x16,0x1c,0xbc,0x65,0x45,0x41,0xe8,0x9e,0x42), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xc4,0x30,0x11,0xf3,0xee,0x88,0xc9,0xc9,0xad,0xca,0xc8,0xbf,0x37,0x22,0x1a,0xfa, + 0x31,0x76,0x9d,0x34,0x7d,0xec,0x70,0x5e,0x53,0xac,0xa9,0x89,0x93,0xe7,0x46,0x06, + 0x59,0x18,0x67,0xcc,0xd2,0x89,0xba,0x1b,0x4f,0x19,0x36,0x5f,0x98,0x3e,0x0c,0x57, + 0x83,0x46,0xda,0x76,0xc5,0xe2,0x22,0x8a,0x07,0xe4,0xfc,0x9b,0x3d,0x48,0x07,0x16, + 0x33,0x71,0xa5,0x2b,0x68,0xb6,0x68,0x73,0x20,0x1d,0xc7,0xd6,0xb5,0x66,0x16,0xac, + 0x2e,0x4c,0xb5,0x22,0x12,0x07,0x87,0xdf,0x7f,0x15,0xa5,0xe8,0x76,0x3a,0x54,0xc1, + 0x79,0xc6,0x35,0xd6,0x58,0x16,0xbc,0x19,0x48,0x5d,0xe3,0xeb,0x35,0xa5,0x20,0x40, + 0x59,0x10,0x94,0xfe,0x0e,0x64,0x85,0xa7,0xe0,0xc6,0x0e,0x38,0xe7,0xc6,0x15,0x51), + .s = chunk_from_chars( + 0xaa,0x3a,0x4e,0x12,0xeb,0x87,0x59,0x6c,0x71,0x1c,0x9a,0x22,0xbc,0xab,0xcb,0x9d, + 0xad,0xff,0xca,0xbc,0xec,0xbd,0x16,0x22,0x88,0x89,0xe9,0xbb,0x45,0x7d,0x5d,0x22, + 0x57,0x1a,0x72,0xf0,0x34,0xbe,0x47,0x83,0x38,0x4f,0x43,0xce,0x6f,0xff,0xc6,0x05, + 0x34,0xb8,0x33,0x1c,0xdd,0x5d,0x7c,0x77,0xf4,0x91,0x80,0xbf,0xd1,0x94,0xb5,0xfd, + 0x43,0xa5,0x08,0xc6,0x6d,0x78,0x6c,0x55,0x88,0x76,0x73,0x58,0x94,0xe6,0xa9,0x30, + 0x09,0x52,0xde,0x79,0x2f,0x74,0x70,0x45,0xe7,0x4d,0x87,0xfd,0x50,0x98,0x02,0x30, + 0x70,0x7a,0x34,0xa4,0xdf,0x01,0x3c,0xe0,0x50,0xbb,0xff,0x0d,0x6f,0x57,0x08,0x85, + 0xc9,0xc7,0xbf,0x8d,0xc4,0x99,0x13,0x2c,0xae,0xe0,0x71,0xb4,0x1d,0x81,0xff,0x91, + 0xb8,0xce,0x21,0xaa,0x2f,0x28,0x2c,0xbf,0x52,0x38,0x9f,0x23,0x9a,0xfe,0x14,0x90, + 0x89,0x0b,0xe2,0x1f,0x9d,0x80,0x8b,0x3d,0x70,0xb9,0x7e,0xfd,0x59,0xc0,0xb6,0x0e, + 0x46,0x60,0x88,0xbb,0x42,0x71,0x4f,0x21,0x2b,0xc9,0x0d,0xb7,0xe9,0x42,0xeb,0xce, + 0xe6,0x0e,0x7b,0x10,0x7f,0xff,0x44,0xfb,0x35,0x64,0xff,0x07,0xd6,0xd0,0x28,0x50, + 0x21,0x5f,0xd3,0x57,0xd8,0x97,0xc4,0xd3,0x2b,0xef,0x86,0x61,0x68,0x9f,0x2d,0x84, + 0xff,0x89,0x76,0x37,0xfb,0x6d,0x55,0x68,0xa7,0x27,0x0e,0x78,0x34,0x26,0xb7,0x4b, + 0x70,0x37,0x49,0x3e,0x51,0x55,0xfd,0x7c,0xb3,0xdd,0xdd,0xfd,0x36,0xbd,0x8a,0x9c, + 0x87,0x7d,0x71,0xd2,0xa9,0x66,0x05,0x7c,0x08,0x26,0x3d,0x29,0x39,0xc8,0x49,0x87), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x61,0xd7,0xb3,0x15,0x01,0x31,0x35,0x1e,0x7b,0x4c,0x8e,0x56,0x45,0xd3,0x8b,0xe9, + 0x33,0x5b,0x40,0x28,0x9a,0xf3,0x4c,0xc6,0xb6,0xfc,0x5e,0x48,0x49,0x3b,0xf8,0xb7, + 0x85,0x2c,0x73,0x98,0x2c,0x99,0x44,0x1e,0xf6,0x6c,0x7d,0x9d,0x33,0xc2,0x97,0x42, + 0xb1,0x40,0x6e,0x02,0xe0,0xaa,0x8d,0xd0,0x34,0xb1,0xac,0x13,0xcb,0x0d,0x77,0x57, + 0x50,0xcc,0x91,0x42,0x1f,0xea,0xd9,0xca,0xa9,0x21,0xec,0xa6,0x1a,0x02,0xeb,0x02, + 0x3a,0x45,0x7e,0x77,0x91,0x5e,0x18,0x3a,0xcf,0x51,0x7d,0x94,0x6b,0xc6,0x82,0x92, + 0x89,0x60,0x14,0xfd,0x21,0x4b,0x7c,0x8c,0x5e,0x14,0xe1,0x59,0x44,0xbe,0x0f,0x92, + 0x96,0x12,0x77,0x71,0xf7,0x36,0x76,0x6e,0x4f,0x81,0xda,0xb3,0x70,0x8e,0xa2,0xd0), + .s = chunk_from_chars( + 0x84,0xe9,0x2a,0x14,0x5a,0xe6,0xbe,0x1f,0xf9,0x24,0x2d,0x9e,0xd2,0xd6,0x8d,0xe6, + 0x68,0xe8,0x02,0x52,0x4e,0x8a,0xc0,0xa7,0x9d,0xe6,0x2f,0xe7,0x40,0x48,0xc3,0x54, + 0x91,0xfd,0x2f,0xfd,0xb1,0x85,0x05,0x7e,0x66,0x6d,0xbf,0xaa,0xc8,0x4c,0x34,0xfd, + 0xe7,0x89,0x12,0x63,0xf8,0xb2,0xbc,0x74,0x74,0x62,0x30,0x32,0x0f,0x67,0xa7,0xbd, + 0x73,0x19,0xc9,0xb9,0xde,0x41,0x90,0x54,0x70,0x14,0xe2,0xd7,0xa2,0xa5,0x06,0x0d, + 0x62,0x00,0xaa,0xdc,0x3a,0x44,0xba,0xc0,0x29,0xff,0x39,0x92,0xed,0xd3,0x0e,0xc5, + 0x3a,0xb0,0xd9,0x12,0x3e,0xaa,0x6b,0x14,0x73,0x52,0xa0,0x73,0xa9,0x81,0x61,0xe6, + 0x4f,0x39,0x4b,0xb9,0x94,0x92,0xc6,0x97,0x7e,0x24,0xf4,0x45,0xc7,0x12,0x5b,0xfb, + 0x90,0xf8,0x7f,0xaf,0x26,0x22,0x72,0x13,0x4a,0xcb,0x18,0x82,0x3a,0x99,0xa5,0x22, + 0x8d,0x14,0x95,0x46,0x32,0x97,0xfd,0x77,0x48,0x77,0xfb,0x63,0xd4,0x91,0x81,0x06, + 0x34,0x7e,0x6f,0x29,0x31,0x5e,0x48,0x36,0x3f,0x39,0xb3,0x32,0x99,0xea,0xa3,0x2d, + 0x8d,0xa7,0x1b,0x22,0x9d,0x8f,0xfe,0xe5,0xf6,0x6f,0x72,0x2a,0xd3,0xaa,0x41,0x75, + 0xd3,0xf8,0x4e,0xce,0x9c,0xc8,0xec,0xa8,0xd6,0xf2,0xf3,0x56,0xa8,0x5c,0x15,0x24, + 0x89,0x6c,0x18,0xf7,0xb5,0xc8,0xf9,0xbc,0xde,0xf4,0x5c,0x49,0x6d,0x53,0x91,0x79, + 0x89,0x1d,0xdc,0x76,0xe5,0x20,0x8a,0xd8,0x35,0x3d,0x48,0xc6,0x24,0x05,0x4f,0x34, + 0x40,0xee,0xba,0x44,0x32,0xa1,0x06,0x54,0xa1,0x1e,0xf5,0x37,0x83,0xbd,0x11,0x6f), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xb6,0x77,0x1a,0xb0,0xe1,0x28,0xb4,0x1b,0x32,0xb8,0xb0,0x5e,0x05,0xad,0xd2,0x3c, + 0xe0,0xfb,0x87,0x7b,0x40,0xbf,0xcc,0x3b,0x99,0x2f,0x4c,0x86,0x98,0xd1,0xc8,0x28, + 0xab,0xec,0xbc,0xc1,0xc3,0x3d,0x40,0x18,0x59,0xea,0x2c,0xb2,0xaf,0xbc,0x7f,0xa4, + 0x58,0x88,0x02,0xa5,0xfa,0xee,0x28,0x67,0x53,0x46,0x39,0x28,0x7a,0xd8,0xaf,0x84, + 0x67,0x4b,0xe1,0x8d,0xb6,0x61,0xde,0x1d,0xa8,0xe1,0x9c,0x6b,0x6b,0xd4,0x52,0xdd, + 0x9b,0xf3,0x22,0x1d,0x08,0x61,0xfb,0x6f,0xba,0x96,0xbe,0x42,0x32,0x9b,0x9f,0x04, + 0xf3,0x7d,0xcf,0x3b,0x41,0xfc,0x58,0xd2,0x29,0x83,0x48,0xb0,0xc1,0x5d,0x11,0x90, + 0xb1,0x25,0x30,0x0c,0xf2,0x7e,0x0d,0xfa,0xd6,0x05,0x22,0xfc,0x49,0x84,0x60,0x53), + .s = chunk_from_chars( + 0x62,0x76,0x92,0x55,0x68,0x62,0x6f,0x0c,0xbe,0x6f,0x51,0x50,0xb0,0x50,0xe1,0x70, + 0x25,0x82,0xf8,0xda,0xf9,0x9a,0x6f,0x88,0x0e,0xf7,0x5c,0xd9,0x6c,0x2d,0x42,0x08, + 0xfb,0x6e,0x91,0xb0,0x1b,0xa6,0xab,0xa2,0xa8,0x16,0xb2,0xd3,0xcb,0x97,0x5d,0xf8, + 0x50,0xb1,0xd2,0x68,0xc4,0x66,0x2d,0xd1,0xea,0x3a,0x30,0x0c,0x1d,0x71,0x71,0xc6, + 0x33,0xdd,0x2e,0xfb,0xac,0x30,0x00,0xc5,0x6a,0xb8,0x0f,0x98,0x9d,0xbc,0x18,0x24, + 0x3e,0x63,0x6b,0xa5,0xd4,0xd2,0x6a,0x7d,0x3f,0x19,0x65,0xad,0x3c,0xb0,0xf1,0xa8, + 0x51,0x3f,0x99,0x80,0x03,0xf7,0xb6,0x7e,0x2a,0xc5,0xc7,0x18,0xcb,0x68,0x8b,0x32, + 0x01,0xd5,0x6e,0x68,0xf0,0xb9,0xf8,0x62,0x57,0xb8,0x47,0x94,0xcd,0xff,0xbc,0x1f, + 0xe3,0xea,0x24,0xb7,0xbb,0x6e,0x9e,0xf0,0x53,0x9b,0xd4,0xfb,0xc1,0xaf,0xb5,0x5b, + 0xc1,0xdc,0xa3,0x99,0x96,0xea,0x8a,0x63,0x76,0x9f,0x6e,0x22,0x57,0x07,0xf6,0x90, + 0x47,0x55,0x5e,0x1a,0x4e,0xf3,0xc6,0x39,0xc5,0xf2,0xa4,0x97,0xb8,0x89,0x42,0x4a, + 0x90,0x14,0x86,0x39,0xbb,0x64,0xdf,0x0a,0x06,0xe0,0xb7,0xf0,0xe8,0xed,0x46,0x6a, + 0x97,0x7b,0xac,0xa3,0x2f,0x48,0x23,0x37,0xb2,0xab,0xe3,0x98,0x3e,0xae,0xc3,0xfe, + 0x10,0x75,0x01,0x6e,0x58,0x67,0x52,0x17,0x60,0xfd,0x06,0x07,0xd7,0x99,0xf1,0x76, + 0x6b,0x3f,0xf6,0xe2,0xae,0x15,0x5d,0x69,0x25,0x0f,0x8b,0xf0,0x8c,0x8e,0xdc,0xa0, + 0xb4,0xf3,0x1d,0x0f,0x83,0x8c,0xfd,0x29,0x8c,0xb7,0x31,0x2d,0xf9,0x3f,0x09,0x97), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x6a,0x81,0xcb,0x6c,0x7b,0x26,0x8f,0x4b,0x9f,0xb9,0x17,0x2a,0xdb,0xbb,0x36,0xa2, + 0x37,0xa0,0xdc,0xf1,0xc3,0xc8,0x3a,0x95,0xdc,0xb0,0x27,0x1a,0xac,0x6a,0xc3,0x30, + 0xf0,0x4a,0x5a,0x00,0xfe,0xe3,0x8b,0xc0,0x06,0x31,0xa9,0x85,0x98,0x18,0x61,0x59, + 0x66,0x0d,0x9d,0x8e,0x4c,0x14,0xa9,0x52,0x8d,0xea,0x94,0x83,0x60,0x83,0xda,0xc4, + 0xab,0xb7,0x3f,0xd0,0x0e,0x38,0xfe,0x0e,0x23,0xc7,0x23,0x66,0x04,0xa7,0x36,0x54, + 0x0e,0x52,0x19,0x3a,0xe5,0x6c,0x33,0xfb,0xb8,0xf5,0xcf,0xc5,0xc7,0xc2,0xbe,0x2e, + 0x22,0x2e,0x44,0x83,0xb3,0x0d,0x32,0x5c,0x7e,0xe1,0x4f,0x74,0x28,0x51,0xfc,0xb8, + 0xb6,0xd6,0x18,0x9e,0x98,0xb8,0x22,0xb8,0xe6,0x39,0x9d,0x89,0xe9,0x0f,0xb9,0x97), + .s = chunk_from_chars( + 0xb6,0x79,0x91,0x05,0x0c,0x08,0x3e,0x64,0x50,0x97,0xdb,0x03,0xff,0xf3,0x47,0x58, + 0x86,0x8b,0xeb,0x19,0xe9,0xc0,0xc4,0x84,0x75,0xf0,0xf9,0x13,0x36,0x1e,0x71,0xd3, + 0xd6,0xf2,0x7a,0x8c,0x4f,0x0b,0x26,0x9b,0x49,0xe8,0x53,0x40,0x39,0xe5,0x3a,0xd3, + 0xba,0xb9,0xa3,0xe6,0x2a,0xbe,0x07,0x8e,0xe7,0x5e,0x7f,0xb5,0x95,0x90,0x06,0xfb, + 0xfb,0x01,0x4c,0xa7,0xb8,0x1b,0x3d,0x5a,0xfe,0x0e,0xe5,0xf6,0xfc,0x2d,0xfb,0xc4, + 0x50,0xf2,0x83,0x95,0x43,0x00,0x2f,0x33,0xf4,0xf3,0x54,0xf8,0x27,0x27,0x8c,0x76, + 0xc0,0x41,0x68,0x6e,0xea,0x78,0x86,0xeb,0xb2,0xa7,0xaf,0xa5,0x99,0x5c,0x6c,0xdd, + 0xb1,0xc0,0xb5,0x80,0x66,0xdd,0xb8,0xdc,0x54,0xa6,0x92,0x7c,0x14,0x6c,0x3b,0x2a, + 0x0f,0xa7,0xce,0xf2,0x89,0x03,0xc6,0xc6,0x72,0xbc,0x20,0xef,0x68,0xff,0xbf,0xab, + 0x24,0x7e,0xb6,0x88,0xab,0x4b,0xde,0x71,0x06,0xd9,0xc5,0x9d,0x21,0x53,0x09,0x6d, + 0xc9,0xe5,0x20,0x72,0x67,0x03,0x8d,0x88,0xe2,0x17,0x4e,0x76,0xad,0xc1,0x50,0x8a, + 0xe2,0x4e,0xb6,0x02,0x33,0x2e,0x53,0xc0,0xc2,0xe3,0x31,0x54,0xa6,0x6a,0x97,0xa0, + 0xf1,0x2f,0x66,0xc6,0x12,0x58,0xc7,0xbf,0x6b,0xbf,0x3f,0x1d,0xcb,0xe9,0xca,0xf2, + 0xfd,0x30,0xec,0x68,0xc0,0xa9,0xd0,0x9f,0x4f,0xd7,0x76,0x30,0x4b,0x54,0x0e,0x62, + 0xfc,0x85,0x12,0xbe,0xaa,0xbc,0x4b,0xe2,0x10,0x7a,0x1e,0xc1,0x8e,0x87,0xf6,0x1f, + 0x9d,0xb2,0x5e,0x87,0x1d,0xc0,0x69,0x3c,0xef,0x17,0xc2,0xa6,0x87,0xfc,0x85,0x4f), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x05,0x6c,0x1e,0x46,0x44,0x59,0x9e,0x31,0x83,0xdd,0x8d,0x2f,0x64,0xe4,0xbb,0x23, + 0x52,0xff,0x00,0xd0,0x12,0xab,0x76,0x3f,0x9a,0xd6,0xe5,0x60,0x27,0x9f,0x7f,0xf3, + 0x8a,0x5e,0xce,0xa9,0xc2,0xe4,0xea,0x87,0xd0,0x04,0xef,0x8c,0xc7,0x52,0xae,0x93, + 0x23,0x2a,0xa3,0x7b,0x5b,0xf4,0x28,0x84,0xba,0xa7,0xe7,0xfc,0x6a,0x8c,0x95,0x1c, + 0xd2,0x45,0xde,0x2d,0x22,0x0d,0x9b,0xee,0x2b,0x41,0x4b,0x3a,0x75,0x20,0xc1,0xe6, + 0x8b,0xcf,0x1a,0xe9,0x9a,0x9f,0xf2,0xbf,0x3a,0x93,0xd8,0x0f,0x8c,0x1d,0xfe,0x8b, + 0x85,0x29,0x35,0x17,0x89,0x5c,0x19,0x2e,0x3c,0x9e,0x89,0x82,0x95,0xd6,0x5b,0xe3, + 0x34,0xf4,0x4d,0x62,0xf5,0x35,0x3e,0xb6,0xc5,0xa2,0x9e,0xdf,0xb4,0xdb,0x23,0x09), + .s = chunk_from_chars( + 0xae,0x05,0x20,0x4e,0x40,0x9d,0x72,0x7e,0xb9,0xe4,0xdc,0x24,0xbe,0x8f,0x86,0x33, + 0x28,0xc2,0x81,0x3d,0xa4,0xfc,0xef,0x28,0x86,0x6e,0x21,0xa5,0xda,0xb2,0x1a,0x48, + 0x53,0x21,0xb7,0x35,0x27,0x4a,0xf0,0x6b,0xf1,0x7e,0x27,0x15,0x18,0xe1,0x11,0x64, + 0xd7,0x22,0xab,0x07,0x35,0x48,0xf0,0x2e,0x1b,0x44,0x19,0x23,0xdb,0x6f,0x1c,0xee, + 0x65,0xa0,0x17,0xed,0xfb,0xaf,0x33,0x61,0xc6,0x7f,0xbc,0x2b,0x39,0xfe,0x03,0x8c, + 0xb5,0xcb,0x65,0xa6,0x40,0xf9,0x58,0x87,0x38,0x9c,0xe8,0xa5,0xad,0x2e,0xc6,0xe6, + 0x9d,0x3d,0x60,0x35,0x05,0xb0,0x25,0xf6,0xd6,0x33,0x0c,0x8b,0x64,0x88,0x02,0xca, + 0xf7,0xe6,0xfa,0x3f,0xe7,0xb3,0x81,0x41,0x65,0x99,0x86,0xcb,0x89,0xe6,0x23,0x2f, + 0x10,0x62,0x22,0x56,0x4d,0x5e,0x51,0x95,0xed,0xa6,0xa2,0x5f,0x99,0x06,0x85,0x72, + 0xc2,0xfa,0xfe,0x97,0xf1,0x47,0xf7,0xf2,0xf4,0x11,0x9f,0x21,0x38,0x5a,0xf1,0xfc, + 0xed,0x97,0xf7,0x86,0x32,0xd8,0xbf,0x4f,0xd9,0xa9,0x05,0x4d,0x8b,0x9a,0xa2,0xa9, + 0xf4,0xde,0xd5,0x87,0x84,0x7a,0x91,0xd4,0x2c,0x63,0x91,0x12,0x5f,0x10,0x3a,0xe2, + 0x88,0x54,0x7e,0x84,0x89,0x69,0x3a,0xe8,0x68,0x6b,0x84,0x89,0x1b,0x77,0x2b,0x10, + 0xc4,0x79,0x68,0x83,0xf6,0x6c,0xd4,0x59,0xa8,0xc1,0xa6,0xa4,0x18,0x7b,0xd6,0xb3, + 0x87,0xd3,0x49,0xe9,0x2d,0x7b,0x60,0x49,0x53,0x72,0x7c,0x9e,0x9f,0xdc,0x44,0x9e, + 0x73,0x45,0xe7,0xca,0x6b,0x33,0x9e,0x26,0xb0,0x86,0xf5,0x54,0x88,0x98,0xcb,0xe9), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xce,0xc5,0xc9,0xb6,0xf8,0x44,0x97,0xac,0x32,0x7f,0x68,0xef,0x88,0x66,0x41,0xfe, + 0xc9,0x95,0x17,0x8b,0x30,0x71,0x92,0x30,0x43,0x74,0x11,0x5e,0xfc,0xc5,0xee,0x96, + 0x27,0x0c,0x03,0xdb,0x0b,0x84,0x6d,0x67,0x4c,0x52,0x8f,0x9d,0x10,0x15,0x5a,0x3f, + 0x61,0xbe,0xcc,0xe1,0xd3,0xa2,0xb7,0x9d,0x66,0xcd,0xc4,0x09,0xad,0x99,0xb7,0x66, + 0x30,0x80,0xf5,0x1a,0x10,0x2f,0x43,0x61,0xe9,0xdb,0xd0,0x3f,0xfc,0xd8,0x76,0xb9, + 0x8e,0x68,0x3d,0x44,0x8b,0xd1,0x21,0x7e,0x6f,0xb2,0x15,0x1c,0x66,0x96,0x47,0x23, + 0xb2,0xca,0xa6,0x5c,0x4e,0x6c,0xa2,0x01,0xd1,0xc5,0x32,0xbd,0x94,0xd9,0x1c,0xd4, + 0x17,0x3b,0x71,0x9d,0xa1,0x26,0x56,0x39,0x27,0xca,0x0a,0x7f,0x6f,0xe4,0x25,0x36), + .s = chunk_from_chars( + 0xc4,0x8a,0x8e,0x01,0xd4,0xbb,0xfe,0x0f,0x2f,0x05,0x65,0x93,0x37,0xea,0x71,0xd2, + 0x1f,0x38,0xd7,0xf7,0xa1,0x0b,0x00,0xb0,0x6e,0x1f,0x89,0x9e,0xaf,0x40,0xa8,0xe9, + 0x7e,0xad,0x64,0xbc,0xa3,0x7f,0x13,0xa5,0x5e,0xf1,0xcf,0x3f,0xb5,0x2c,0xee,0x27, + 0x9c,0xdc,0xb0,0x96,0x08,0x5a,0x46,0x7a,0xfa,0x97,0xb0,0x3d,0x78,0xd6,0x07,0x6e, + 0x47,0x2b,0x12,0xd6,0xbe,0x96,0x47,0xce,0xc3,0x2d,0x8d,0x91,0xa2,0x62,0x47,0x69, + 0x37,0x71,0x68,0x74,0x60,0xba,0x52,0x69,0xde,0x18,0xe1,0xed,0xef,0x60,0x22,0x53, + 0x3a,0x95,0x79,0xf9,0x1d,0x58,0x4f,0x9e,0x0c,0xee,0x11,0x00,0xc4,0x47,0xb7,0x75, + 0x76,0xb1,0xb4,0xee,0x16,0x3e,0xd4,0x70,0x01,0x47,0xa9,0xaa,0x61,0xbd,0xc4,0xe2, + 0x31,0x6d,0x2d,0x81,0x8c,0x10,0x28,0xed,0x1c,0x3e,0x37,0x2c,0x9f,0x6a,0x17,0x45, + 0x57,0x24,0x44,0x63,0x72,0x48,0x09,0x1b,0x83,0xf7,0xb5,0x39,0xf9,0xbd,0x58,0xb7, + 0x67,0x56,0x76,0x03,0x4c,0x20,0xe4,0xca,0x11,0x9b,0x91,0xc4,0xca,0x5d,0xc7,0x6a, + 0xcb,0xff,0x3d,0x04,0x62,0x89,0x83,0x52,0xc5,0x91,0xc2,0xca,0x6f,0x2d,0x8b,0x09, + 0xe2,0xe6,0x33,0x8a,0x84,0x33,0x6e,0x06,0xf0,0xcc,0x02,0x0e,0x9e,0xb8,0xda,0x78, + 0x58,0x89,0xb4,0x97,0xf3,0xb9,0x8e,0x82,0x7e,0xe7,0xa7,0xd3,0xf1,0xb0,0xb7,0x3c, + 0x19,0x58,0xe1,0x6a,0xa9,0x78,0x61,0xe6,0x67,0x59,0x70,0xce,0x31,0xd9,0xd1,0x19, + 0xbb,0x34,0x0b,0xe8,0x0f,0xd0,0xf4,0x3c,0x3d,0xbe,0x64,0xf2,0xa5,0x9d,0x62,0x9d), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x91,0x93,0xf8,0xb9,0x14,0xdf,0xe0,0xe6,0x25,0x21,0xf3,0x5a,0xfa,0x4f,0xa5,0xd4, + 0x28,0x35,0xe1,0x98,0xaf,0x67,0x38,0x09,0x37,0x7a,0x3e,0x7a,0x99,0x73,0x31,0x42, + 0xa1,0x80,0xdc,0x0e,0x13,0xe6,0xbb,0x7c,0xeb,0x3b,0x60,0xe5,0xe9,0xd5,0x15,0x79, + 0x4d,0x82,0xc3,0x92,0xe0,0x79,0x13,0x42,0x33,0x91,0xd2,0x2e,0x2b,0xb1,0x9a,0xa0, + 0xbd,0x88,0xaf,0xd7,0xf7,0x7e,0x27,0xa2,0x40,0xea,0x4e,0x2d,0xe0,0x85,0x48,0x1a, + 0xc3,0x1f,0xf8,0xd3,0x79,0x90,0x21,0x1f,0x82,0xf2,0xcb,0xf4,0xc9,0x0d,0xe9,0x8d, + 0x6e,0x13,0x38,0xbb,0xc8,0x8e,0x6a,0x80,0xab,0x96,0x84,0xda,0xe6,0x47,0x85,0xdd, + 0x10,0x72,0x48,0x04,0x85,0x93,0xab,0xc9,0xab,0x03,0xf1,0x73,0x7a,0x6f,0x65,0x30), + .s = chunk_from_chars( + 0x5c,0x2f,0xe4,0x53,0xa8,0xb0,0x8c,0x90,0xb0,0x2e,0xb2,0xc9,0x99,0x42,0x42,0xd5, + 0x18,0xf3,0xf2,0x1b,0x36,0x88,0x95,0xcf,0xfd,0x62,0x40,0x50,0xe4,0x8a,0xa7,0x14, + 0x00,0x5a,0xe6,0x75,0xfe,0x79,0xaa,0x3c,0xad,0xd4,0xdf,0x55,0xbd,0xf1,0x2b,0xec, + 0x5b,0xe8,0xa4,0x1d,0x87,0x53,0x8f,0x7e,0x03,0x1b,0x78,0x2e,0x34,0xd3,0x92,0x46, + 0x8e,0x5f,0x14,0xbc,0x61,0x3b,0x8f,0x4d,0x28,0xc8,0xfb,0x79,0xa2,0x53,0x7e,0x1e, + 0x60,0x10,0x31,0xda,0x72,0x0a,0xcd,0x7b,0x2c,0x8d,0xcb,0xe9,0x85,0x86,0x24,0xa7, + 0xa9,0xa9,0x2a,0x06,0xf9,0x18,0x45,0xf7,0x32,0x37,0x0d,0x67,0x36,0x5c,0x64,0x64, + 0xf7,0xb6,0x8f,0x22,0xeb,0x3e,0xdf,0xee,0xc9,0x7e,0x32,0x85,0x02,0x4d,0x7f,0x69, + 0x43,0xb6,0xd5,0x0a,0x16,0xcc,0x96,0xd6,0x0f,0x68,0x03,0x51,0xde,0xaa,0x25,0xf0, + 0xbc,0x86,0x89,0x48,0x60,0x7a,0x6b,0xa7,0xf1,0x94,0x9b,0x85,0x94,0x3c,0x6a,0x92, + 0xbd,0x61,0x72,0xe8,0x1b,0xcc,0x05,0x50,0x14,0xb7,0x8a,0x73,0x39,0x72,0xe3,0xf3, + 0x9d,0x14,0x09,0x9d,0x16,0x07,0xa2,0x0f,0xf8,0x68,0x1c,0x29,0xae,0x1e,0xf9,0x9e, + 0xf1,0x15,0xed,0x6a,0x10,0x84,0xb5,0x14,0xb8,0x1a,0x69,0xd4,0xa1,0x5c,0xe1,0xe2, + 0x57,0x6f,0xdc,0xf2,0xb2,0xaf,0x61,0x5b,0x52,0xfe,0xc7,0x01,0x32,0x11,0x2d,0xcc, + 0x5b,0xc1,0x9e,0xc1,0x7f,0x32,0x28,0x14,0x60,0x62,0x34,0x20,0x31,0x73,0x53,0xe8, + 0xa2,0x55,0xfd,0xa5,0x02,0xbd,0x1f,0xb1,0x1a,0x58,0x83,0x2a,0xe2,0xc0,0x4f,0x9a), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x0e,0x57,0xef,0x40,0xb0,0x21,0xbf,0x87,0xf6,0x42,0xc5,0x75,0x6b,0x65,0x15,0xa0, + 0xe0,0x6c,0x15,0xa0,0x18,0x56,0xd7,0x16,0xc5,0x66,0xa6,0xed,0xb3,0x81,0xdf,0xdf, + 0x44,0xd9,0x03,0x3b,0x1c,0xc8,0x09,0xe6,0x1d,0xfe,0xf9,0xa0,0x96,0xdf,0xb6,0x89, + 0xb7,0x27,0x1b,0xe4,0x49,0xd0,0x4a,0x1a,0x9c,0x35,0x41,0x02,0xc0,0x77,0xaf,0x5f, + 0xf7,0x20,0x05,0xab,0x6b,0x06,0xcf,0x13,0x1d,0x73,0x45,0xc2,0x1e,0x82,0x1d,0x62, + 0x01,0xcc,0xa4,0xe0,0x90,0x44,0x0d,0x70,0xbe,0x60,0x09,0xd2,0xdd,0x7a,0x98,0xd3, + 0x11,0x75,0x1e,0x16,0x05,0xa3,0xb9,0x14,0xdc,0xe6,0xd2,0x62,0x6b,0x16,0xf2,0x33, + 0xa5,0xa3,0xd7,0x1d,0x56,0x7c,0xc8,0x20,0x15,0x2f,0x25,0xe4,0x73,0x51,0x42,0x42), + .s = chunk_from_chars( + 0x76,0x43,0xaa,0x3f,0xe6,0x3e,0x66,0xf7,0x9d,0x6b,0x40,0x9d,0x14,0x5e,0xa8,0x20, + 0xc9,0xf7,0x35,0x6f,0x71,0xb4,0xac,0xdc,0xbd,0x43,0xfe,0x1e,0x99,0xf8,0x80,0x2c, + 0xd1,0x66,0x2b,0x16,0x24,0x0f,0x5c,0xfd,0x94,0xa7,0x69,0xb0,0xb3,0xf2,0xcb,0x0b, + 0x11,0x88,0x7e,0x88,0x6e,0x5b,0xa4,0x37,0x33,0x36,0x74,0x90,0xb3,0xfc,0x18,0x8f, + 0x2f,0xb3,0xa0,0xc0,0xc8,0xa6,0x8b,0x5d,0x27,0x26,0xc8,0xf7,0xa3,0x19,0x02,0xb6, + 0xb8,0x6c,0xd4,0x02,0x28,0x7d,0x38,0x5c,0x3e,0x3c,0x06,0x50,0x3c,0xe1,0x7f,0xd6, + 0xe5,0x4e,0x58,0x2f,0x4a,0x90,0x7a,0x91,0xf9,0x52,0xd2,0xa3,0x60,0xe2,0xfb,0xa0, + 0x00,0x28,0xe4,0xd3,0xb0,0x2a,0xab,0xf7,0xd2,0x20,0xb3,0x1d,0x1f,0x8e,0xe7,0xfa, + 0xa0,0x70,0x14,0x76,0x82,0xcc,0xc8,0xbc,0xc7,0x56,0xca,0x6a,0x68,0xfc,0x20,0x95, + 0x45,0x50,0xc3,0x17,0xe8,0x79,0x18,0x78,0x1a,0x3d,0x1f,0x19,0x23,0x50,0x30,0x91, + 0x09,0x0c,0x3c,0x60,0xca,0x1c,0x0b,0x1c,0x69,0x99,0x06,0xfb,0xf8,0x5a,0xa7,0x0a, + 0xd9,0xae,0x48,0x70,0x9f,0xf7,0x43,0xb8,0x2d,0xcc,0x31,0x07,0x4c,0xfc,0xea,0x62, + 0x3e,0xa4,0x5e,0x48,0x64,0x4b,0x19,0xa2,0x17,0x72,0xca,0x10,0x7e,0xd6,0x42,0x39, + 0xc5,0x65,0x74,0xa0,0x87,0xf1,0xa6,0xaa,0xdf,0x0f,0x4b,0x00,0xff,0xe5,0x81,0xc1, + 0x41,0x02,0x74,0xc8,0x75,0xe4,0x59,0x90,0x63,0xe4,0x6e,0x51,0x68,0x80,0x3f,0x0d, + 0x28,0xd2,0x1f,0xcd,0x35,0x09,0xb4,0xc6,0x22,0x29,0x95,0xad,0xd7,0x75,0x3b,0xf3), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x0c,0x84,0x91,0xfc,0x34,0x8d,0x34,0x1f,0xe8,0x5c,0x46,0xa5,0x61,0x15,0xf2,0x60, + 0x35,0xc5,0x9e,0x6a,0x2b,0xe7,0x65,0xc4,0x4e,0x2e,0xc8,0x3d,0x40,0x7e,0xa0,0x96, + 0xd1,0x3b,0x57,0xe3,0xd0,0xc7,0x58,0x34,0x22,0x46,0xc4,0x75,0x10,0xa5,0x67,0x93, + 0xe5,0xda,0xea,0xe1,0xb9,0x6d,0x4a,0xb9,0x88,0x37,0x89,0x66,0x87,0x6a,0xa3,0x41, + 0xb7,0xd1,0xc3,0x1b,0xba,0x59,0xb7,0xdb,0xe6,0xd1,0xa1,0x68,0x98,0xee,0xf0,0xca, + 0xca,0x92,0x8f,0x8c,0xe8,0x4d,0x5c,0x64,0xe0,0x25,0xdc,0x16,0x79,0x92,0x2d,0x95, + 0xe5,0xcd,0x3c,0x6b,0x99,0x4a,0x38,0x5c,0x5c,0x83,0x46,0x46,0x9e,0xf8,0x76,0x4c, + 0x0c,0x74,0xf5,0x33,0x61,0x91,0x85,0x0c,0x7f,0x7e,0x2b,0x14,0xbe,0x00,0x27,0xd8), + .s = chunk_from_chars( + 0xca,0xcc,0x8d,0x9f,0x5e,0xcd,0x34,0xc1,0x43,0x48,0x84,0x61,0x13,0x5c,0x49,0x51, + 0x67,0x61,0x45,0xc6,0xe4,0x72,0xb9,0x2f,0x12,0xf7,0x58,0x04,0x6f,0x17,0x21,0x42, + 0xfa,0x38,0x8f,0x28,0x5f,0x3f,0xff,0x06,0x82,0x42,0x02,0x88,0x29,0x04,0x7e,0x24, + 0x80,0x59,0xed,0x4f,0xd3,0x9d,0x2c,0x5a,0xde,0x46,0x9d,0xc7,0xc3,0x93,0x45,0xe5, + 0x11,0x49,0x50,0xd2,0x03,0x1c,0xc7,0x46,0x5f,0xe7,0x12,0xc4,0x04,0x1d,0x05,0xc7, + 0x56,0xd3,0xf2,0xd8,0x8a,0x46,0xce,0xb9,0x9f,0x2e,0x24,0xa5,0x2e,0x95,0x8a,0x03, + 0xcd,0x25,0x19,0xa9,0xb1,0x37,0xe6,0x2d,0x5c,0xa2,0xb3,0x53,0xf7,0xb0,0x47,0xb6, + 0x25,0xc3,0x60,0x23,0x13,0xfd,0xb5,0x3c,0x8d,0xb2,0x3d,0x83,0x95,0x1a,0x59,0x9d, + 0xb3,0x28,0xfe,0xdc,0x4a,0xe0,0x6d,0xa8,0x9c,0xe7,0xf5,0x62,0x59,0xb5,0xc8,0x22, + 0x2f,0x7b,0xd3,0xd9,0x74,0x04,0x78,0xfd,0x28,0xe5,0x81,0x0d,0xb7,0x8a,0xee,0x86, + 0x23,0xfd,0xd3,0x9f,0x60,0x3f,0x8d,0xdf,0x98,0x08,0x1d,0x78,0x73,0x98,0x0c,0x4e, + 0xb0,0xe2,0x2a,0x9c,0xd4,0x08,0xf7,0xc4,0x13,0x4c,0x12,0xd2,0x04,0x9a,0x2d,0x12, + 0x0f,0x4b,0x62,0xe6,0xb3,0x82,0xb9,0x97,0xfc,0x37,0x5e,0xf7,0xac,0x95,0x5f,0xcf, + 0x80,0xb0,0x45,0xc3,0xd6,0x38,0x5f,0xf4,0x22,0xda,0xd3,0x50,0xc6,0x88,0x70,0x53, + 0x90,0x68,0xa1,0x62,0xa2,0xed,0xbb,0x93,0xce,0xef,0xed,0x96,0x77,0x93,0x9b,0x90, + 0xbd,0x3d,0xfa,0x0d,0xc0,0x53,0x46,0x0b,0x4e,0x23,0x32,0xef,0xa6,0x92,0x17,0x9a), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x6c,0xd5,0x9f,0xdd,0x3e,0xfd,0x89,0x3d,0x09,0x1a,0xfd,0xc3,0x15,0x5d,0x35,0x4f, + 0x10,0xd6,0xd8,0x81,0x67,0x42,0x7a,0x2c,0xf7,0x24,0x62,0x07,0xe5,0x17,0x91,0xa6, + 0xca,0x62,0x00,0xa9,0x14,0xcd,0x28,0x34,0xa9,0xb3,0xc7,0x9f,0xcd,0x59,0xe2,0x6e, + 0x45,0x7e,0x06,0x83,0xbc,0x33,0xd4,0x92,0x67,0xed,0xbd,0xd6,0xe5,0xd9,0x09,0x02, + 0x69,0x6f,0x1e,0x7b,0x1a,0x4a,0xff,0xc4,0xba,0x37,0x13,0x39,0x86,0x8c,0x28,0x01, + 0x5e,0xbb,0xb7,0x3e,0x26,0x26,0x69,0x86,0x6c,0x35,0xdb,0x97,0x4b,0xa6,0x9e,0x46, + 0x8f,0x25,0x83,0xb9,0x19,0x1d,0x15,0xd6,0x86,0xcd,0x66,0xfb,0x0b,0x9e,0x0f,0xf0, + 0xa3,0xb4,0x72,0x1a,0x6d,0xc3,0x42,0xf1,0x4f,0x24,0x46,0xb4,0xe0,0x28,0x59,0x5b), + .s = chunk_from_chars( + 0x39,0x74,0x90,0x0b,0xec,0x3f,0xcb,0x08,0x1f,0x0e,0x5a,0x29,0x9a,0xdf,0x30,0xd0, + 0x87,0xaa,0xba,0xa6,0x33,0x91,0x14,0x10,0xe8,0x7a,0x49,0x79,0xbb,0xe3,0xfa,0x80, + 0xc3,0xab,0xcf,0x22,0x16,0x86,0x39,0x9a,0x49,0xbc,0x2f,0x1e,0x5a,0xc4,0x0c,0x35, + 0xdf,0x17,0x00,0xe4,0xb9,0xcb,0x7c,0x80,0x5a,0x89,0x66,0x46,0x57,0x3f,0x4a,0x57, + 0x0a,0x97,0x04,0xd2,0xa2,0xe6,0xba,0xee,0x4b,0x43,0xd9,0x16,0x90,0x68,0x84,0xad, + 0x3c,0xf2,0x83,0x52,0x9e,0xa2,0x65,0xe8,0xfc,0xb5,0xcc,0x1b,0xdf,0x7b,0x7d,0xee, + 0x85,0x94,0x1e,0x4b,0x4f,0xb2,0x5c,0x1f,0xc7,0xb9,0x51,0xfb,0x12,0x9a,0xb3,0x93, + 0xcb,0x06,0x9b,0xe2,0x71,0xc1,0xd9,0x54,0xda,0x3c,0x43,0x67,0x43,0x09,0xf1,0xd2, + 0x12,0x82,0x6f,0xab,0xb8,0xe8,0x12,0xde,0x2d,0x53,0xd1,0x25,0x97,0xde,0x04,0x0d, + 0x32,0xcb,0x28,0xc9,0xf8,0x13,0x15,0x9c,0xb1,0x8c,0x1b,0x51,0xf7,0xa8,0x74,0xcb, + 0xf2,0x29,0xcc,0x22,0x2c,0xae,0xb9,0x8e,0x35,0xec,0x5e,0x4b,0xf5,0xc5,0xe2,0x2c, + 0xc8,0x52,0x86,0x31,0xf1,0x51,0x17,0xe8,0xc2,0xbe,0x6e,0xac,0x91,0xf4,0x07,0x0e, + 0xec,0xdd,0x07,0xec,0xc6,0xdb,0x6c,0x46,0xea,0xa6,0x5f,0x47,0x2f,0x20,0x06,0x98, + 0x8e,0xfe,0xf0,0xb5,0x1c,0x53,0x8c,0x6e,0x04,0xd7,0x51,0x9c,0x8e,0x3d,0xa4,0xb1, + 0x72,0xb1,0xe2,0x76,0x10,0x89,0xed,0x3a,0xd1,0x19,0x79,0x92,0xef,0x37,0xc1,0x68, + 0xdc,0x88,0x1c,0x8b,0x5f,0x8b,0xbf,0xee,0x91,0x9f,0x7c,0x7a,0xfd,0x25,0xb8,0xfc), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xac,0xb3,0x0b,0xe9,0x09,0x2b,0x2f,0x18,0xf2,0x59,0x34,0xa0,0xd6,0x78,0xb6,0xbc, + 0xd6,0xb6,0x7c,0x2b,0x88,0xe7,0x58,0x84,0xf4,0x7b,0x4f,0xca,0xe3,0xad,0xfa,0x40, + 0x5a,0xfe,0x2c,0x7e,0x61,0xe2,0xd6,0xc5,0x08,0xb9,0x27,0x90,0xac,0x00,0xf7,0x6b, + 0x77,0xc9,0x65,0x08,0x26,0x68,0xbf,0x90,0x0f,0x70,0xa3,0x37,0x62,0xde,0x64,0x13, + 0xaf,0x93,0xaf,0x2e,0xa8,0x08,0x6f,0xda,0x29,0x3d,0xed,0x44,0x75,0xf2,0x3c,0x4c, + 0xc3,0x1a,0xd4,0x94,0xf9,0x8d,0x7d,0xd7,0xb7,0xfd,0x6f,0x7d,0x97,0x2b,0xb7,0x6c, + 0xb3,0x5a,0xdc,0x20,0x68,0x04,0xc3,0xfe,0x5a,0xcd,0xd0,0xe5,0xb8,0xb5,0x4e,0x07, + 0xc2,0x91,0x11,0xf7,0x88,0xbc,0x59,0x02,0xf4,0x0a,0xfa,0xc3,0x0a,0xfd,0xba,0xf2), + .s = chunk_from_chars( + 0xb5,0xc6,0x0d,0x8d,0xa9,0xb3,0x94,0x38,0x78,0xcb,0x23,0x59,0xcf,0x65,0xe4,0x81, + 0x7c,0x07,0x94,0xf9,0x50,0x45,0x3c,0xa7,0x7c,0x81,0xa5,0xa1,0xc1,0x58,0x55,0x91, + 0xaa,0x50,0xa6,0x74,0x68,0xe3,0xb3,0x99,0xe4,0xfa,0xf1,0xd6,0x06,0xbe,0xa0,0xd9, + 0xe6,0xcc,0x1d,0x2d,0x70,0xdb,0x80,0x63,0x73,0x9e,0x0c,0x27,0xd3,0xdc,0x9f,0x9a, + 0xfe,0x88,0xde,0xa5,0x2e,0x73,0x29,0x8a,0x07,0xd0,0x5c,0x7d,0x97,0x07,0x00,0x2e, + 0xfa,0x53,0x7c,0x38,0x9e,0x38,0xbd,0x37,0xbc,0xa7,0x4e,0xb0,0xaf,0x62,0x61,0xa5, + 0xda,0x06,0x13,0x62,0x02,0xc8,0xad,0x48,0x7e,0xeb,0xd5,0x0b,0xef,0x74,0x76,0x70, + 0x89,0xc7,0x08,0x70,0xbe,0x1d,0x8f,0xab,0x91,0x56,0xf9,0xfd,0xbc,0x2f,0x2e,0x9c, + 0xc3,0x30,0xa9,0x50,0x18,0xce,0x79,0x43,0x98,0x4b,0xec,0xc2,0x56,0x21,0xbf,0xa6, + 0x60,0x18,0xef,0x83,0x20,0xb6,0x00,0x59,0xf9,0x41,0x15,0x6e,0x9c,0xdd,0x87,0xff, + 0x0d,0x82,0xcf,0x7b,0xe7,0x74,0x65,0xe0,0x20,0x3e,0x71,0x20,0xaa,0xec,0xed,0x84, + 0xab,0xd8,0x18,0x69,0x47,0xd4,0xac,0x3d,0xaf,0x3f,0x99,0x39,0x02,0xae,0xc4,0x7c, + 0x30,0x90,0x47,0x5c,0x85,0x7b,0x5d,0x35,0x9f,0x0a,0x55,0x72,0xd4,0x68,0x8e,0x5a, + 0x76,0xa4,0x65,0x38,0x68,0xff,0x54,0xce,0x9f,0x99,0x9e,0x6b,0xb5,0x59,0xd1,0xc1, + 0x1c,0x67,0xc1,0x5b,0xe9,0xd7,0xfe,0x5f,0x8c,0x17,0x04,0x30,0x1d,0x05,0x5f,0x3d, + 0x29,0x07,0x72,0x27,0x79,0xd6,0x01,0x20,0x36,0x08,0x4e,0x95,0x0d,0xe3,0x6f,0x4f), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x60,0x1a,0x6a,0xad,0x3f,0xaa,0x79,0x88,0xd5,0xae,0x52,0x8a,0x69,0x69,0x03,0x1b, + 0x10,0xa6,0xf3,0x92,0x16,0x94,0x6a,0xa8,0x9f,0xd4,0x53,0x2c,0x8e,0xd1,0x41,0xf9, + 0xa6,0x50,0xb1,0x26,0xef,0x48,0x8f,0x7c,0x5c,0xf3,0xfb,0x2d,0xaa,0x25,0x4c,0xc2, + 0x8b,0xdd,0x55,0x56,0x04,0x19,0xe8,0x02,0x14,0xef,0x99,0x98,0x96,0xda,0xc4,0x94, + 0x68,0x52,0xd2,0x4f,0xcd,0x9f,0xb7,0x76,0x10,0xee,0xbf,0xbb,0x6b,0xa5,0x8b,0xca, + 0x26,0xf4,0x56,0x7f,0x03,0xac,0x7e,0x56,0xda,0x55,0x3f,0x23,0x81,0x7b,0xc1,0x03, + 0xee,0x48,0x55,0x92,0xa0,0x58,0xfb,0x5e,0x3b,0xc8,0x29,0x9c,0x72,0x90,0xc7,0x1a, + 0x29,0x13,0x7e,0x75,0xdb,0xf5,0x32,0x8c,0x3a,0x2d,0xcd,0x34,0x16,0x5b,0x3f,0x2e), + .s = chunk_from_chars( + 0x30,0x1d,0x60,0xd5,0x65,0x76,0xf3,0x66,0x3a,0x7f,0xbe,0x80,0x36,0xbb,0xe4,0xfb, + 0xc0,0xfb,0xd8,0x2c,0xd6,0xa4,0x2e,0x36,0xd7,0xbb,0xc8,0xb2,0x06,0x54,0x3d,0xc2, + 0xd5,0x6d,0x31,0x98,0xe7,0x91,0x1a,0xd1,0x38,0xca,0xd2,0x22,0xdd,0x99,0x05,0x0d, + 0xd1,0xf8,0x5f,0xe1,0x9c,0x8a,0x88,0xbf,0x67,0x13,0x5e,0x7f,0x8f,0x11,0xb5,0xf5, + 0xe4,0x85,0xc9,0x1f,0xc7,0xd4,0x78,0x06,0x9b,0x72,0xf4,0x6e,0xbc,0xdc,0xf2,0xd2, + 0xae,0x7d,0xe6,0xac,0x8f,0xe5,0x3b,0xb6,0xc0,0x49,0x11,0xd1,0x22,0xcc,0x23,0x1d, + 0xc2,0x10,0xb2,0x14,0x7e,0xbe,0x8b,0x05,0x2e,0x8b,0x2c,0xcc,0x09,0xf3,0x38,0xb3, + 0x49,0xde,0x20,0x25,0xcc,0x87,0xb2,0x61,0x9a,0x7b,0x16,0x33,0x47,0xca,0x66,0xa3, + 0x47,0x91,0xa2,0xe4,0x6b,0x4e,0x2a,0xc5,0x7e,0xb9,0xf6,0x02,0x9c,0xdb,0xe0,0x24, + 0xe8,0x96,0xd5,0x7f,0x7d,0x04,0x91,0xf7,0x78,0x33,0x12,0xf8,0xf0,0x6c,0x79,0x07, + 0x70,0x15,0x0c,0xd1,0x39,0xf6,0x1f,0xd2,0xb3,0xe7,0x04,0x1b,0x37,0x26,0x1c,0x6e, + 0x7e,0xa8,0x6d,0x4e,0x06,0xd9,0x30,0x0b,0x1a,0x56,0x67,0xcb,0x02,0x88,0xc5,0x50, + 0xb2,0xaf,0xb3,0x55,0x94,0x48,0x34,0xb4,0x61,0xce,0xad,0x13,0x79,0x42,0x76,0xbb, + 0x46,0xe5,0xe2,0x0a,0xec,0x7b,0x63,0xaa,0xca,0x4d,0x49,0x1a,0x50,0x0f,0xac,0xd5, + 0x9a,0x37,0xc5,0x27,0x79,0xcf,0x46,0x7d,0x74,0xaf,0x1e,0x62,0xb1,0xeb,0xe0,0xfd, + 0x0b,0xe1,0xca,0xcb,0x7c,0xe6,0xd0,0x50,0xd8,0x6e,0x4e,0xb7,0x6c,0xde,0x06,0x93), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x44,0xd3,0xe0,0xfc,0x90,0x10,0x0a,0x1c,0x93,0x16,0x06,0x3f,0x26,0xb1,0x80,0x32, + 0x6c,0xc2,0xe3,0x83,0x4c,0xe5,0x6e,0x43,0x24,0x52,0x8a,0x0b,0xbb,0x01,0x5b,0x3d, + 0x78,0x12,0x95,0x8c,0xd2,0x6b,0x91,0xbf,0x08,0xa3,0xa0,0xb1,0x12,0x1f,0x9f,0x9d, + 0xd7,0x7a,0xcb,0x98,0xa0,0x2a,0xd7,0x5f,0xcd,0x61,0x3c,0x53,0xc7,0x32,0xd1,0xc2, + 0x35,0xf5,0x9b,0x68,0x73,0xec,0xe6,0x36,0x3f,0x27,0x94,0x52,0xb6,0xa4,0xb6,0x5e, + 0x80,0xbb,0x59,0xfd,0x47,0xb9,0xa2,0x93,0x6d,0xcc,0x1e,0x4d,0xfe,0x1f,0x53,0x62, + 0xe3,0x45,0x9b,0x98,0x59,0xdb,0x32,0x09,0xa2,0x69,0x8d,0x27,0xfa,0x8a,0xed,0xfe, + 0xcd,0x4d,0x35,0xb9,0x27,0xda,0xf8,0x68,0x6c,0x59,0xd7,0x00,0x49,0x0f,0x0a,0xa3), + .s = chunk_from_chars( + 0xaf,0x22,0x29,0xe9,0x4a,0x85,0x7b,0x89,0xe0,0xe8,0x90,0xda,0xca,0x3a,0x8f,0xe1, + 0x2e,0xbd,0xba,0x04,0x94,0x8d,0x18,0x83,0xa7,0xd7,0x81,0x6a,0x3b,0x68,0x2f,0x7d, + 0xa3,0x03,0x25,0x40,0xa8,0x76,0x9f,0x9c,0xca,0xc9,0x58,0x6c,0xf2,0x4e,0x8c,0x20, + 0x4b,0x45,0xb8,0x5d,0x1b,0xdc,0xc5,0xa5,0x45,0x0a,0x21,0x5b,0x40,0x48,0xea,0x42, + 0x98,0x3b,0x34,0x56,0xfa,0x8c,0x76,0xc6,0x78,0x6e,0x02,0x4f,0x70,0x5e,0x08,0x8d, + 0x69,0x45,0x59,0xd6,0x68,0xca,0xa8,0x68,0x4c,0xad,0x0f,0xc5,0x78,0x50,0xfc,0xaf, + 0x34,0xe4,0x58,0xae,0xe8,0xfa,0xd4,0xe0,0x9e,0x6f,0x19,0x65,0x57,0xd4,0xe8,0x86, + 0x02,0x84,0xd9,0x82,0xc0,0x10,0x5d,0x98,0xce,0x49,0x12,0xe9,0x6c,0x35,0x50,0xe2, + 0xa0,0xc7,0xe8,0xba,0xd5,0xab,0xc2,0x9a,0x9a,0x54,0x2f,0x57,0xa8,0xc6,0x05,0x79, + 0x03,0x80,0x67,0xb3,0xd5,0x39,0x1a,0xbc,0x21,0xb4,0xf9,0xde,0xb0,0x24,0xca,0x58, + 0xf9,0xb0,0xc3,0x8c,0x0d,0x1f,0x82,0x37,0x3f,0x52,0x8e,0x93,0x9b,0xd7,0x3a,0x24, + 0xd5,0x01,0xc5,0x91,0x16,0x88,0x14,0xc8,0x72,0xc5,0x25,0xdb,0x0e,0x56,0xca,0xe4, + 0x7d,0xf0,0x0f,0xa3,0x72,0x8d,0xc3,0xa0,0x97,0x69,0x65,0x32,0x3c,0xe8,0xd2,0xde, + 0xe2,0xb1,0x38,0xb5,0x0a,0xb7,0xaf,0xd4,0x84,0x95,0x11,0x46,0x73,0xe9,0x1b,0xb3, + 0xed,0x22,0x05,0xe2,0x6a,0x84,0x55,0x47,0x4c,0x3d,0x4e,0xc8,0x73,0x9b,0xbf,0xf6, + 0xdf,0x39,0xb2,0xb7,0x2e,0xe0,0x50,0x41,0x09,0x30,0x42,0x3b,0x14,0x72,0xb6,0xed), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x5a,0xf0,0x90,0x77,0xa1,0xf5,0x34,0xb8,0x98,0x22,0xb2,0x6c,0x32,0x72,0xad,0xf8, + 0x50,0x0d,0x3c,0x6b,0xd9,0x0f,0x9b,0x5e,0x0d,0x8b,0x21,0x1f,0x16,0xd0,0x72,0x0e, + 0xe0,0xea,0xf6,0x46,0x2b,0x6c,0x8a,0x80,0xdf,0x6d,0x75,0x35,0x9f,0xd1,0x9d,0x03, + 0xa0,0xca,0xfb,0x52,0xbc,0x9d,0x4c,0x37,0xc2,0xaa,0x09,0x99,0x11,0xa7,0x9a,0x92, + 0x65,0x2c,0xc7,0x17,0xf0,0x74,0x6f,0xdc,0xad,0x62,0x7c,0x72,0xf1,0xc2,0x16,0xb2, + 0x43,0xd2,0x17,0x5f,0x6d,0x00,0xbf,0x07,0xd3,0xf6,0xaa,0x2a,0x04,0xd4,0xfe,0x9f, + 0x8f,0xbc,0xe9,0x32,0x18,0x94,0x4b,0x92,0xaa,0x07,0xaf,0x6b,0x4f,0xcd,0x80,0xcf, + 0xde,0x2d,0x7a,0xda,0x15,0xc0,0x5e,0x96,0xe7,0x77,0xea,0x1c,0x17,0xdf,0x08,0xfc), + .s = chunk_from_chars( + 0xa5,0x68,0x23,0xfa,0x57,0x7e,0x89,0x46,0xf1,0xd2,0xf6,0xe3,0x51,0xb7,0x38,0xb5, + 0x35,0x92,0x54,0x43,0x58,0x52,0x8a,0xf8,0x88,0x07,0xea,0x4f,0x19,0x01,0x7d,0xfe, + 0x81,0xa3,0xd6,0x9f,0x62,0xfb,0xff,0x64,0x95,0x50,0xd9,0xb3,0x10,0xfa,0xf2,0x7a, + 0x04,0x1f,0xe6,0x24,0xf0,0xa0,0x2b,0xdc,0xdd,0xb7,0x9b,0xfb,0x0a,0x46,0x57,0x39, + 0xec,0x8b,0x64,0xb7,0x48,0xcc,0x29,0xe5,0xa0,0x2c,0x77,0x7e,0x18,0x26,0xd3,0xe2, + 0xf1,0xee,0xe6,0xfe,0x2e,0xde,0xe4,0xa8,0xbc,0xac,0x51,0x9c,0x7c,0x7c,0xa5,0xc0, + 0x39,0xe7,0x6d,0x63,0x06,0x68,0x94,0x5a,0x1e,0x5e,0x86,0x18,0xe2,0x35,0x86,0x45, + 0x61,0xa4,0x40,0xe7,0x3e,0x39,0xf6,0xd6,0x84,0x2a,0xd7,0xda,0x64,0xef,0x5b,0x0c, + 0xe1,0xc4,0xab,0x88,0xdb,0x15,0x7b,0x68,0x10,0x71,0x74,0xad,0x7d,0x5c,0x9a,0x60, + 0x65,0x06,0x87,0x68,0xc1,0x1c,0x4c,0x96,0xff,0x67,0x05,0x0b,0x5d,0x07,0xb8,0xcd, + 0x02,0x7f,0xcd,0x0d,0x34,0x7e,0xc7,0x9a,0x19,0x7c,0xf4,0x34,0x35,0x98,0x5b,0xc1, + 0xae,0xb4,0x79,0xdb,0x00,0x22,0x28,0x9e,0x8d,0xd3,0xb3,0x1b,0xb7,0xc6,0x2d,0x88, + 0x31,0xcf,0xe6,0x95,0x2f,0x41,0xd2,0x4f,0x89,0xd7,0x53,0x78,0x95,0x35,0xf9,0x18, + 0xff,0x68,0xb3,0x69,0x50,0xaf,0x6f,0xd3,0x1d,0xee,0x1a,0xc4,0x76,0xa0,0xcf,0x93, + 0xaf,0xe9,0xf4,0xa7,0x66,0xf3,0xc4,0xd2,0xc0,0xc3,0xf9,0x28,0x25,0xd5,0x57,0x2e, + 0xb2,0xeb,0x8a,0x2b,0x64,0x4e,0x32,0x9e,0xea,0x16,0x83,0xf9,0x08,0x10,0xed,0x77), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xf6,0x0a,0x3a,0x54,0x37,0x68,0xfa,0xbe,0x37,0xf0,0x03,0x00,0x9a,0x8c,0x26,0xf7, + 0xdc,0x91,0xf1,0x42,0x2d,0x44,0x29,0xed,0x7f,0x9d,0x74,0x4c,0xdd,0x4b,0x55,0x2a, + 0xfe,0xf7,0x5d,0x24,0x1a,0xcd,0xa0,0x4f,0xfc,0x39,0x67,0x21,0x59,0xee,0x24,0x8e, + 0x60,0x2d,0xab,0x71,0x92,0x44,0x9e,0x2e,0xd4,0x55,0x29,0x95,0xc2,0x58,0xf0,0x0a, + 0x47,0x63,0x46,0xe3,0x6a,0x29,0xa0,0x12,0x6b,0xc2,0x49,0x04,0x0f,0xaa,0x57,0xc9, + 0x38,0x0b,0xdd,0x74,0xb8,0x3f,0x62,0xc5,0x67,0x90,0x92,0x05,0x74,0x43,0x34,0x32, + 0xf8,0xd6,0x5c,0x5c,0xd1,0x85,0xe2,0x4f,0xad,0x13,0x12,0x72,0x65,0xc6,0xa5,0xef, + 0x8d,0xb4,0xf1,0x14,0x49,0x3d,0x5c,0xfa,0x61,0xd9,0x16,0x64,0x98,0x14,0x08,0xe9), + .s = chunk_from_chars( + 0x08,0xd3,0x96,0x48,0x1d,0xee,0xf1,0x8c,0xb0,0xbe,0xf7,0xc3,0xe8,0x26,0xfe,0x6e, + 0x5c,0x9e,0xcc,0x85,0xe5,0x23,0x0d,0x35,0xd6,0x67,0x72,0xb8,0xd2,0xd0,0x15,0xd4, + 0xe5,0xf5,0x79,0x4f,0xbe,0x05,0x50,0xdf,0x2f,0x74,0x57,0x30,0xd6,0xf8,0xd1,0xd3, + 0xb8,0x50,0xd1,0x64,0xfc,0xe4,0x63,0x08,0x05,0xe7,0x11,0xb5,0x93,0x08,0xf8,0x60, + 0x85,0x06,0xb7,0xe0,0x1e,0x8e,0x92,0x94,0xed,0x8b,0x7e,0x75,0x82,0x16,0x56,0x77, + 0xf1,0x80,0xe9,0x65,0x16,0x9d,0xca,0x81,0xb3,0xda,0xf2,0x4d,0x7b,0x92,0xfe,0x32, + 0xd6,0xa9,0xac,0x63,0x82,0x1d,0x48,0xb1,0xa0,0xa1,0x44,0xfc,0x7a,0x04,0xb0,0xbf, + 0xc6,0x3a,0x3b,0xc1,0x6a,0x0f,0xd8,0x37,0xb0,0x20,0x37,0xed,0x76,0xe5,0x0d,0x46, + 0xcb,0xfa,0x38,0x57,0xe6,0x58,0xe3,0x70,0xc5,0x86,0xab,0x1e,0xed,0x82,0x50,0x76, + 0x32,0x1a,0xc8,0xe8,0x2b,0xe3,0x74,0xba,0xcb,0x29,0x5e,0x4d,0x34,0x08,0xf0,0xcc, + 0x1f,0xc4,0xc3,0x00,0xb8,0x42,0x75,0xa5,0x1c,0x35,0x73,0xe9,0xca,0xbf,0xdb,0xe3, + 0xdc,0x51,0xe4,0xa6,0xf5,0x81,0x1d,0x86,0x0d,0x72,0x5a,0xaf,0x8f,0xd0,0xaf,0x19, + 0xa2,0x43,0x7b,0x0f,0x1c,0x80,0xf5,0xac,0x22,0x2f,0x6b,0x25,0xf1,0xfa,0x09,0xe9, + 0x33,0x99,0xa6,0x97,0x6b,0x1b,0x3c,0xa7,0x6a,0xfe,0x60,0x86,0xe9,0xb2,0x32,0xaa, + 0xe6,0xc7,0xb8,0x18,0x25,0x5b,0xf9,0x63,0xf3,0x1c,0x04,0xae,0x3f,0xa2,0x13,0x6c, + 0x0a,0x44,0x29,0x97,0xd4,0xcf,0x12,0xf3,0x95,0xfb,0x80,0x4a,0x47,0x55,0xb5,0x6b), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x2c,0x07,0xa8,0x1d,0xe5,0x89,0x55,0xb6,0x76,0xfe,0xc0,0x57,0x2d,0x48,0xd1,0x95, + 0x5b,0x48,0x75,0xff,0x62,0xa4,0x4b,0x00,0x10,0xc7,0xa1,0x07,0x2b,0x29,0x9e,0xe4, + 0x4d,0xd0,0xc0,0x76,0xf2,0x17,0x8a,0x83,0xd0,0xae,0x76,0xe7,0x67,0xe2,0x31,0xf1, + 0xd8,0x1e,0x07,0x0a,0xfa,0xb2,0x9c,0x97,0xab,0xd4,0xde,0x21,0x64,0xe4,0x37,0xb3, + 0x11,0xf5,0x07,0x84,0x1f,0x88,0x51,0xd6,0xd6,0x9a,0xb5,0x1e,0xe9,0xe2,0x9e,0x65, + 0x4b,0x54,0xbc,0xee,0x45,0xe9,0xb5,0x19,0xc6,0xa2,0x17,0x87,0xfa,0xcb,0x92,0x7f, + 0x1d,0x7d,0x64,0x91,0x92,0x66,0x14,0x79,0x2f,0xcc,0x63,0x46,0xdc,0xd0,0x80,0xbb, + 0x5c,0xf0,0x7b,0xf5,0x6a,0xd0,0xfc,0x4e,0x08,0x3a,0x35,0x82,0x14,0x63,0x15,0x10), + .s = chunk_from_chars( + 0x9a,0xa3,0x91,0xe7,0xc2,0xf0,0xe9,0x20,0xaa,0xc2,0x7e,0xd9,0xfc,0x20,0x81,0xd3, + 0xc9,0xca,0xa3,0x73,0x58,0x83,0xd0,0x1a,0xd7,0xa7,0xe3,0xb1,0x18,0x67,0xd0,0xad, + 0x62,0x41,0x56,0x47,0x7b,0xbb,0xdd,0xe6,0x59,0xf4,0x74,0x68,0x2d,0x0d,0x77,0x44, + 0x89,0xe2,0xb5,0xb0,0x39,0xd1,0xeb,0x35,0x45,0x4c,0x9e,0x3e,0xed,0x78,0xcf,0xf9, + 0xc4,0x26,0x2e,0x3a,0xec,0xfc,0xa1,0xd8,0x17,0x54,0x2b,0x48,0x60,0x96,0x59,0x8e, + 0x11,0x14,0xbf,0xc0,0x3f,0x20,0xa4,0x5d,0xe3,0x6f,0x6d,0xf7,0x0d,0x14,0x4d,0x01, + 0xdc,0x48,0x66,0xa0,0xf8,0x33,0x19,0xe7,0xc2,0xb8,0x53,0x0f,0x8c,0x27,0xa4,0x1b, + 0x7a,0xdd,0x9f,0x69,0x2d,0x8a,0x8e,0x64,0x64,0x55,0xb6,0x7c,0x9e,0xc4,0x7a,0x4d, + 0x2c,0xe3,0xdf,0xe3,0x5d,0x6a,0x2e,0x89,0xd9,0xbe,0x50,0xc5,0xb6,0xda,0x39,0xbb, + 0x02,0x54,0xbd,0x23,0xa8,0x09,0xab,0x97,0xb2,0xb4,0x8a,0x06,0x8a,0x87,0xab,0xde, + 0x6b,0x6a,0x6e,0x35,0x95,0x5f,0xc9,0x2a,0x96,0x26,0xf9,0x60,0x7d,0x5b,0x3f,0x40, + 0x15,0x17,0x27,0x15,0x94,0xbe,0xf7,0x38,0x59,0x81,0x2b,0x6a,0x62,0x1e,0xd6,0xbd, + 0xaf,0x3c,0x5f,0x2a,0x90,0xb1,0xe1,0x68,0x0f,0x68,0xdc,0xfc,0xca,0xcb,0x65,0xe0, + 0x08,0x1f,0x1c,0xcb,0x6a,0x20,0x73,0x70,0x9d,0x1b,0xa0,0x67,0x06,0x50,0x16,0xed, + 0x73,0xeb,0xd7,0xeb,0xe9,0xe7,0xa7,0xb6,0x0c,0x8c,0x9d,0xd0,0x4a,0x56,0xfa,0xb3, + 0x07,0x02,0xc8,0xa6,0xdf,0x6a,0x35,0x3a,0x30,0x10,0x47,0xdf,0x4c,0x7a,0xff,0x62), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x35,0xec,0x92,0xaf,0xdb,0xc2,0xfc,0xef,0xe4,0x8f,0x1e,0x2f,0x6e,0x48,0x29,0xae, + 0x53,0xb3,0xda,0x04,0x59,0xcc,0x4e,0xa8,0xa9,0x68,0x18,0xb5,0x83,0x18,0x91,0xee, + 0x2f,0x50,0x6f,0xff,0x37,0xc8,0x99,0x06,0xd3,0x23,0x3a,0x51,0xa5,0xcf,0x14,0x69, + 0xa6,0x2c,0x18,0x50,0x61,0xf0,0x33,0x08,0x5f,0xca,0x6a,0x54,0xe2,0x45,0x29,0xc3, + 0xd6,0xf0,0xd8,0xe9,0x04,0xbc,0xb0,0xf0,0x89,0xa5,0xcd,0x50,0x86,0x94,0x84,0xda, + 0x1a,0x84,0xf6,0xfb,0x8d,0xe4,0xe5,0x3f,0xce,0x3d,0xc7,0x14,0x20,0x15,0x19,0xd1, + 0x10,0x13,0xf6,0xf6,0xaa,0x64,0xe8,0xb5,0xec,0x5c,0xfe,0xb2,0x7b,0x61,0x1f,0x08, + 0x95,0x05,0x9d,0x8c,0x47,0x72,0x0d,0x55,0xe0,0x0b,0x57,0x7c,0xa5,0x50,0x09,0x20), + .s = chunk_from_chars( + 0x6b,0x0f,0x5b,0x50,0xe6,0x78,0xda,0x08,0x3e,0xd0,0xf1,0xb6,0x4e,0x94,0x3e,0x8c, + 0x62,0x79,0xc7,0x24,0x6a,0xf5,0xad,0x07,0x9c,0xdb,0xf2,0x23,0xe4,0x2a,0x0d,0x47, + 0x1e,0x56,0x31,0x4b,0xc0,0xd5,0x8f,0x20,0x2a,0xa6,0xc5,0xe1,0xe5,0x25,0x59,0x85, + 0xb0,0x79,0x5d,0x48,0xeb,0x3d,0x4b,0x8e,0x3f,0xc9,0x22,0x40,0xae,0x02,0xb4,0x08, + 0x8c,0x6c,0xe8,0xab,0x0e,0x8c,0x79,0xc6,0x8d,0xfd,0xc4,0x86,0x57,0xd6,0xa2,0x82, + 0x95,0x39,0x1b,0x9a,0x5a,0x5f,0x35,0x25,0x51,0x26,0xbf,0x8c,0xa5,0x3c,0xbc,0xc0, + 0x08,0x2e,0xab,0x52,0xec,0x10,0x9d,0x22,0xa1,0x18,0x5f,0x6d,0xc7,0x92,0xfc,0x29, + 0x0a,0xa8,0xdb,0xae,0xbb,0x2f,0xbe,0x40,0x4f,0x1d,0x03,0x9a,0xa6,0x34,0x3c,0xd7, + 0xaf,0x9f,0xcb,0x2d,0x1e,0x05,0xde,0xf4,0x80,0x96,0xc2,0x37,0xe1,0x0d,0xaa,0x7c, + 0xfa,0xc5,0xae,0x9b,0x3b,0x30,0x22,0x00,0x5d,0x0d,0x2d,0x5c,0x9c,0x5c,0x50,0x2b, + 0x2f,0x23,0x59,0x4e,0x80,0xd1,0x60,0x4b,0xbb,0x8f,0x5d,0xec,0x07,0xcd,0x3a,0xfe, + 0x1f,0x77,0x77,0x43,0xb0,0xb5,0x8a,0x4e,0x0e,0x4e,0x5c,0xaa,0x14,0x88,0x30,0xee, + 0xe0,0x47,0x96,0x8e,0x7f,0x40,0x66,0x1f,0x9f,0x1a,0x02,0xe1,0xa7,0xfd,0x2b,0x6c, + 0xaf,0x19,0x32,0x6a,0x75,0xe9,0x56,0x5e,0xfd,0xc0,0x11,0x4b,0xce,0xcb,0x14,0xdd, + 0xa0,0x6c,0x32,0x9c,0xf3,0x22,0xa5,0xbd,0x3e,0x6a,0xb4,0x8d,0x95,0xf2,0xd2,0xa9, + 0xc1,0xc1,0x23,0x3a,0x0a,0xa0,0x15,0xa7,0x38,0xf9,0x01,0xf1,0x31,0x48,0xb4,0x54), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x80,0xc9,0xde,0xbd,0xf9,0x31,0x74,0xd7,0x57,0x50,0xa6,0xcf,0x09,0xaf,0x71,0xfc, + 0x18,0xfd,0x51,0x3b,0xff,0x9c,0xb4,0x91,0xbe,0x60,0xaf,0x11,0x2a,0x93,0xf0,0x00, + 0x87,0x3c,0xf4,0x38,0x58,0xa0,0x7a,0xca,0x76,0x0a,0x37,0xe7,0x60,0xc8,0xcb,0x01, + 0xd2,0x76,0xf4,0x2d,0x99,0x7f,0x01,0xcc,0xa5,0xe0,0x8a,0x6a,0x60,0x2f,0x5f,0xe6, + 0x3e,0xdc,0xbe,0xd3,0x95,0xb8,0xc9,0x1f,0xb0,0xb3,0x36,0xf2,0x1f,0xea,0x49,0xd9, + 0x50,0xe1,0xff,0x24,0x64,0x0c,0x8d,0x8d,0x3b,0x95,0x08,0x1a,0xd1,0x59,0x66,0x44, + 0xce,0x34,0xa5,0x58,0x58,0x7e,0x4a,0x1e,0x2c,0xd5,0x0d,0xb9,0xed,0x1d,0xd3,0xce, + 0xbb,0xc6,0xdc,0xe8,0x08,0x4d,0x3e,0x1b,0xa7,0x06,0x92,0xe8,0x26,0x18,0xed,0x61), + .s = chunk_from_chars( + 0x4a,0x15,0xa7,0x83,0xad,0xbf,0x27,0x46,0x22,0xd5,0xa6,0x10,0xbb,0x6f,0xc7,0x33, + 0x37,0x99,0x9e,0x44,0x5d,0xc2,0x13,0x3a,0xcc,0xb7,0x88,0xd6,0x20,0x3d,0x70,0xf3, + 0xcd,0xc6,0x3e,0x67,0xda,0xa4,0x17,0x1a,0x79,0x52,0xa4,0x98,0x64,0x56,0xfa,0xb3, + 0xc0,0x77,0xa8,0x94,0x1f,0xb2,0x59,0xe3,0x7a,0x5c,0x0c,0xbb,0x20,0xc4,0x08,0xfa, + 0x24,0xad,0x0e,0xc8,0x50,0xe9,0xbf,0x02,0x8c,0x36,0x04,0x60,0x99,0x41,0xf5,0xae, + 0x2f,0x18,0xbf,0x1a,0xc3,0x7a,0x24,0xf7,0x55,0xab,0xb9,0xc8,0x5d,0xdc,0xd0,0xbf, + 0x4a,0x12,0xfa,0xbd,0x9d,0x25,0x30,0x29,0xe0,0x81,0xf6,0x28,0xe2,0xbb,0xe9,0xf9, + 0xaf,0xe9,0x22,0x49,0x54,0xd8,0x31,0x5d,0xb8,0x6c,0x21,0x25,0x51,0x2b,0xb9,0x8c, + 0xe9,0xb3,0x69,0x30,0x99,0x4b,0x09,0x1a,0x8a,0x1d,0x7d,0x4e,0x2f,0x4a,0x0e,0x58, + 0xd0,0xa3,0x58,0x76,0xad,0xad,0x14,0x30,0x05,0x30,0xb3,0x9c,0x8d,0xc1,0x1d,0xed, + 0x3e,0xf2,0xfa,0x95,0xd5,0xf2,0x2e,0x67,0xca,0xe3,0x4c,0xc2,0x1a,0xd5,0xe2,0x3f, + 0x91,0x22,0xb5,0x3d,0xfb,0x79,0xf1,0xa2,0xac,0x63,0xc1,0x84,0x4e,0x9e,0xf0,0x69, + 0xa2,0xe4,0x1f,0x17,0x8d,0x6d,0xce,0xdc,0x51,0x8a,0xaf,0xcf,0x81,0xe0,0xeb,0xd8, + 0x82,0x55,0x6e,0x73,0x1c,0xb0,0xab,0x41,0xd9,0x57,0x27,0x4a,0x3f,0xbb,0xb7,0xce, + 0xf2,0x60,0x87,0x91,0x00,0x0c,0x6b,0x86,0x08,0x68,0xcb,0x73,0x93,0xe7,0xd0,0x3d, + 0x94,0x56,0x89,0xff,0xb7,0x75,0x55,0xef,0xe0,0x8f,0x46,0x14,0x51,0xd3,0x3c,0x11), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x31,0x39,0x5c,0xef,0x34,0x95,0x51,0x34,0x3a,0x49,0x27,0x1a,0x8d,0x81,0x2b,0x4c, + 0x7b,0x65,0xb4,0x55,0xb7,0xed,0xa8,0x11,0xfc,0xf7,0x41,0x61,0xf3,0x97,0x11,0x23, + 0x57,0xae,0x44,0x62,0x57,0xbe,0x26,0xc9,0x3c,0xfc,0xe5,0x5e,0x4b,0xa7,0x97,0x6d, + 0xed,0x99,0x7e,0xc1,0x0d,0x1c,0x8b,0x1a,0xc2,0xfe,0x22,0xdc,0x2e,0xe8,0x1d,0x05, + 0xa6,0xeb,0x13,0x61,0x12,0x5c,0xda,0x01,0x97,0xe2,0x4a,0xe9,0x74,0xcd,0x44,0x09, + 0x2a,0xa9,0xf3,0x6f,0xe0,0x13,0x52,0xba,0x05,0xcc,0xef,0xd2,0x37,0x0c,0xee,0xd6, + 0x64,0x19,0x50,0x56,0x2f,0x17,0x76,0xc3,0x95,0x22,0xe0,0x23,0xd0,0x9a,0x3b,0x09, + 0x7b,0xbe,0x9b,0xc5,0xf8,0x7d,0x05,0xd8,0x0f,0x88,0x30,0xab,0xd7,0xac,0x8c,0x80), + .s = chunk_from_chars( + 0x16,0x2f,0x38,0x76,0x95,0xcf,0x9d,0x82,0xdd,0xa8,0x9c,0x74,0x93,0x18,0xe4,0x6c, + 0x9b,0xe8,0x95,0xec,0x36,0x4e,0xa4,0xae,0xce,0x97,0xcc,0xfa,0x63,0x92,0x5a,0xf3, + 0x71,0x08,0x94,0xda,0x2b,0x7b,0x59,0x67,0xe4,0x6f,0x4e,0xfa,0x80,0xca,0x25,0xd2, + 0xa9,0x65,0xa7,0xe1,0x5f,0x75,0xe0,0xaa,0x1b,0xd4,0x25,0x0f,0x8f,0x41,0x09,0x9e, + 0x6e,0x97,0x14,0xc3,0xfc,0x43,0x11,0x07,0x7a,0xe9,0xbd,0xdf,0xe3,0x5b,0xa4,0x72, + 0x75,0x31,0x52,0x9c,0x23,0x9d,0x54,0x6a,0xb1,0xc2,0x98,0x18,0x7f,0x16,0x5f,0x70, + 0x8c,0xcc,0x0a,0xe3,0x97,0x9a,0x8d,0xa1,0x93,0xe3,0x48,0x59,0xa5,0x9c,0x2c,0x3b, + 0xc4,0x22,0x53,0xc8,0x34,0x66,0x88,0xe6,0xbb,0xa6,0xfb,0x1b,0x01,0xb1,0x0c,0x1e, + 0xc2,0xc6,0x49,0x3d,0xed,0xcc,0x26,0x96,0x26,0x9d,0x85,0x1b,0xde,0x63,0xe2,0x7e, + 0x37,0xbe,0xd3,0x57,0x45,0x5c,0x8f,0xee,0x56,0x29,0xf9,0x4a,0xfa,0x7a,0x98,0x66, + 0x95,0xcf,0xd5,0xb9,0x92,0x12,0x65,0x7a,0x6c,0x88,0x46,0x44,0x59,0x60,0x86,0xb8, + 0x9e,0x0c,0x7c,0x05,0xe8,0x19,0xfa,0xeb,0xeb,0xef,0x74,0x5f,0xd2,0x95,0xaf,0x88, + 0x66,0xe0,0x75,0x0f,0x54,0x79,0xba,0xed,0x50,0xcb,0xb3,0xd0,0x59,0xf8,0xa5,0xeb, + 0x7e,0x0e,0x61,0xe2,0x73,0x3a,0xe5,0x0f,0x0c,0x1e,0xc4,0x2b,0xe7,0x1f,0x5d,0xff, + 0x32,0x41,0x95,0xcb,0x4f,0x0e,0x94,0x1a,0x21,0x56,0x15,0x13,0xc3,0x03,0x7d,0xb9, + 0x2f,0xec,0x95,0x56,0xb7,0x72,0xcc,0xab,0x23,0x9e,0x34,0xb1,0x87,0x6c,0x56,0xb1), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xa7,0xc3,0x09,0xd4,0x4a,0x57,0x18,0x8b,0xbd,0x7b,0x72,0x6b,0x98,0xb9,0x8c,0xe1, + 0x25,0x82,0x22,0x8e,0x14,0x15,0x86,0x48,0x70,0xa2,0x39,0x61,0xd2,0xaf,0xb8,0x2c, + 0xd5,0xbc,0x98,0xbe,0xc9,0x22,0xd5,0xf2,0xac,0x41,0x68,0xb0,0x56,0xda,0x17,0x6e, + 0xf3,0xba,0x91,0xf6,0xb6,0x99,0xba,0x6a,0xcc,0x41,0x44,0x86,0x8f,0xf3,0x7f,0x26, + 0xfd,0x06,0x72,0x08,0x68,0xd1,0x2a,0xd2,0x6e,0xcb,0x52,0x57,0x2c,0xf1,0x04,0x16, + 0xaf,0x68,0xdf,0x03,0xab,0x64,0x5a,0x8b,0x70,0x48,0x57,0xd2,0x19,0x0f,0xfc,0x3f, + 0x07,0xea,0xbe,0x3a,0x8e,0x2a,0xbe,0x34,0xed,0x61,0x59,0xe8,0x84,0xc4,0xfa,0xe1, + 0x41,0xd4,0x33,0x3d,0x5c,0x3e,0x0d,0xb0,0x44,0xff,0x9c,0xcc,0xd9,0xcb,0xd6,0x7f), + .s = chunk_from_chars( + 0x14,0x8a,0xf6,0x1e,0xd5,0xea,0x8a,0x87,0xa0,0x8b,0x3f,0x40,0x39,0x29,0xbf,0x80, + 0x31,0xdb,0x4f,0xd3,0x99,0x9b,0x64,0x40,0x9b,0xa4,0x89,0xf9,0x7a,0x3e,0xe5,0x20, + 0x8e,0xa4,0x20,0x2d,0x2e,0xc1,0x87,0x34,0xf6,0x15,0x00,0x3a,0x51,0xf7,0x74,0x41, + 0x08,0x5b,0xe6,0xac,0x0f,0x11,0x81,0x0f,0xfa,0x2d,0xad,0x58,0xf0,0xe1,0x86,0xd5, + 0x52,0x0a,0xc2,0xb8,0xa5,0xd3,0x96,0x6e,0x8d,0x2a,0xbb,0x80,0x74,0xe1,0x3b,0x50, + 0xa4,0xe7,0xde,0x83,0xbe,0x10,0xa6,0x6f,0xdc,0x7c,0xa1,0x81,0x18,0xc5,0x77,0x4f, + 0x78,0x12,0x12,0xde,0x9e,0xfe,0xbc,0x63,0x76,0xfc,0xdd,0xdc,0x65,0xa3,0xb1,0xb8, + 0xf1,0xab,0x31,0x49,0x2f,0xe4,0x78,0x25,0x9c,0xe7,0x19,0xb3,0xdb,0x58,0x74,0x98, + 0xd8,0x79,0xa0,0x1d,0xec,0x96,0xe8,0xea,0xbe,0xb0,0x7f,0xf7,0x07,0x3f,0x3f,0x3e, + 0xb4,0x46,0x08,0x49,0x55,0xca,0x26,0x32,0x9a,0x79,0x13,0x15,0xa2,0xc2,0x59,0xd2, + 0x25,0xe2,0x6b,0x21,0x54,0xb2,0x04,0x7b,0x21,0xfa,0xba,0x68,0x11,0x5b,0xfd,0x96, + 0x2e,0x5e,0x24,0xec,0x52,0xd7,0xc5,0xd2,0x31,0xe3,0x04,0x4c,0xbc,0xd8,0xc8,0x80, + 0x48,0x55,0x70,0x3c,0xba,0xa6,0x22,0xb1,0x5b,0x6e,0xf7,0x8c,0x74,0x21,0xa3,0x67, + 0x16,0x6f,0x1b,0x02,0x57,0x6c,0x87,0x36,0x05,0x93,0xda,0x75,0xb7,0x18,0x9e,0xfa, + 0xfd,0x10,0x82,0xbd,0x59,0xf6,0x85,0x7f,0x17,0x01,0xf6,0x46,0xc2,0x4d,0x70,0xc9, + 0x52,0x73,0xc4,0x9d,0x5b,0x11,0xe6,0xaf,0xe2,0x58,0x82,0x1b,0x55,0xc1,0x68,0x0c), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xca,0x50,0x5d,0x45,0x91,0x12,0x16,0x64,0x99,0x07,0x47,0xd9,0x5d,0x95,0x55,0xcc, + 0x75,0xbf,0xc3,0xfd,0xae,0xec,0xee,0xaa,0x60,0xea,0xfa,0xb3,0xfc,0x32,0x0c,0xfc, + 0xe5,0x6e,0xb9,0x13,0x81,0x38,0xbf,0x13,0x8f,0x25,0xf3,0xc8,0xbb,0x02,0x7b,0x13, + 0x6f,0x5d,0x3d,0x90,0xed,0x48,0x97,0x77,0x9b,0x59,0x51,0xc0,0x9d,0xf5,0xd0,0x8b, + 0xa9,0xce,0x8c,0xbe,0x17,0xab,0xc4,0xf0,0x38,0x68,0x70,0x86,0xe9,0x3d,0x77,0x1b, + 0x68,0x43,0x22,0x26,0x66,0x33,0xd0,0xd6,0x5d,0x71,0xec,0x41,0x23,0x4a,0x1d,0xbe, + 0xc0,0x7a,0xbc,0x8f,0x7d,0xf2,0x8b,0xc4,0x3d,0xd8,0xa4,0x5b,0x10,0xce,0xaf,0xac, + 0x06,0x77,0x58,0x05,0x41,0x37,0x01,0x91,0x4e,0x3b,0xb3,0x7e,0xb6,0xba,0x5b,0x5e), + .s = chunk_from_chars( + 0x58,0x9c,0xcd,0x4e,0xbf,0x97,0x64,0xf8,0x7e,0x6a,0xfa,0x7f,0x13,0xc4,0x06,0x25, + 0x79,0xb0,0x22,0x28,0x11,0x7b,0x15,0xa8,0x73,0x8a,0xb3,0x9c,0xd6,0x44,0x77,0x06, + 0x9c,0xb4,0xf5,0x2c,0xd8,0xd5,0xf4,0x57,0x4c,0x65,0x7b,0x45,0x38,0x35,0xca,0x3c, + 0xed,0xb8,0x24,0xf0,0x3b,0x92,0xa5,0x73,0xd6,0xd3,0xd9,0x13,0x61,0x31,0x3f,0x11, + 0xbd,0xcb,0x34,0xd2,0x05,0x9f,0xe2,0xe6,0xce,0x2b,0x85,0x44,0x61,0xaf,0x58,0xa9, + 0x29,0x4c,0x88,0xcb,0xfb,0x2a,0x63,0x99,0x76,0xb5,0x6e,0x47,0x48,0x02,0x6f,0x30, + 0x40,0xe2,0xfd,0x71,0x12,0xd6,0xad,0x44,0x50,0x06,0x89,0xac,0x77,0x7c,0x07,0x1d, + 0x17,0x39,0x19,0x69,0x76,0x2e,0x18,0x64,0x17,0xc4,0x40,0x0a,0xbd,0xda,0x5c,0x16, + 0xdc,0xe0,0x07,0x76,0x42,0xf1,0xfc,0x13,0x54,0xe0,0xe8,0xc1,0x4e,0x55,0x8c,0x92, + 0x3c,0x1b,0xfb,0x85,0x48,0x8b,0x83,0x50,0xf4,0x15,0x86,0x6a,0x60,0x87,0x1e,0xd7, + 0x15,0x1f,0x5f,0xbc,0x5b,0x88,0x05,0x00,0x01,0x19,0x77,0xc7,0x78,0xe1,0x7f,0xe8, + 0x91,0x8c,0x5d,0x34,0x3f,0x70,0xb0,0x0d,0x58,0xf7,0x18,0x95,0x61,0x25,0xfe,0x28, + 0xb3,0xa5,0xe2,0xd0,0x76,0x04,0xa2,0xb8,0xa8,0x77,0x20,0x44,0x34,0xce,0x90,0x3b, + 0x35,0xa0,0x30,0x93,0x6b,0xc7,0x19,0x51,0xca,0x59,0x3d,0xf9,0x7d,0x24,0xe8,0xe8, + 0xad,0x8f,0x2d,0xc9,0xb7,0x8f,0x76,0xef,0x13,0xa1,0xd3,0x86,0xca,0x85,0x7c,0xed, + 0x48,0xf1,0x9f,0x3e,0xbe,0x39,0x10,0x8f,0x9b,0x33,0xff,0x59,0xeb,0x05,0x56,0xb1), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x23,0x7a,0x7e,0x44,0xb0,0xa6,0xc2,0x68,0xbb,0x63,0x36,0x4b,0x95,0x8a,0xe0,0x2b, + 0x95,0xe7,0xee,0xd3,0x6b,0x3e,0xa5,0xbf,0xb1,0x8b,0x9b,0x81,0xc3,0x8e,0x26,0x63, + 0xd1,0x87,0x14,0x4e,0x32,0x3f,0x9c,0xea,0xfb,0x47,0x95,0x07,0xd1,0x84,0xe6,0x3c, + 0xfb,0xec,0x3e,0xcd,0xbb,0x8a,0x05,0xd2,0xdf,0xc8,0x92,0x96,0x93,0xed,0x9e,0x3e, + 0x79,0xe5,0xf8,0xab,0xfc,0x41,0x7b,0xa1,0xe1,0x7e,0x3e,0x28,0x1e,0x8a,0x0a,0x32, + 0xf0,0x84,0x11,0x7f,0x28,0xc3,0xdc,0xbe,0xc5,0x1b,0x86,0xf5,0xc8,0x5b,0x28,0x22, + 0x44,0x1a,0x94,0x23,0xb5,0xb4,0x46,0xd3,0x92,0x8f,0x97,0x76,0x26,0xa3,0x34,0x57, + 0x9b,0x39,0xcf,0xaf,0x58,0xf2,0x14,0xc9,0x8d,0x0c,0xdf,0x64,0x0b,0xe1,0xac,0x59), + .s = chunk_from_chars( + 0xaf,0x07,0x6b,0xc2,0x13,0xca,0xf7,0x56,0x19,0xf4,0xbd,0x1d,0x78,0x7c,0xc1,0x98, + 0xf7,0xdf,0x33,0x24,0xa0,0xdd,0x87,0xa8,0x84,0x16,0xe0,0xa4,0xb8,0x1c,0x2f,0xb9, + 0xa9,0xdb,0x5f,0x98,0xae,0xd4,0x3b,0xc1,0x5f,0xe2,0x35,0x71,0x43,0xa6,0xe4,0xff, + 0x70,0x1d,0x9c,0x48,0xf5,0x1d,0xe9,0xeb,0x80,0x36,0x70,0xbb,0xc4,0xb0,0xae,0xa7, + 0x22,0x0b,0xe2,0xf8,0x4b,0x83,0x00,0x31,0x8c,0x77,0xa9,0xf6,0x15,0x98,0x6c,0x49, + 0x80,0xab,0xda,0x85,0xe3,0xad,0x00,0x89,0x56,0x4d,0xba,0xf7,0xf4,0x4d,0x81,0xb6, + 0x66,0x4e,0xec,0x03,0x11,0xad,0xb1,0x94,0xd4,0x6d,0xe9,0x6b,0xb1,0x7d,0x5a,0x5d, + 0x47,0x42,0x68,0x45,0x80,0x2c,0xa0,0xf4,0x9a,0x16,0x9e,0xb8,0x2b,0x75,0xaf,0xa1, + 0x91,0x02,0x7a,0x0c,0xc8,0xfc,0xe9,0xdd,0x16,0x05,0x53,0x50,0xdf,0x97,0x45,0xfc, + 0x72,0x00,0xff,0x9f,0x4e,0xa3,0xcf,0xbf,0xc6,0x6c,0x42,0x84,0x81,0x13,0xe3,0xbe, + 0x32,0x93,0xd5,0x10,0x38,0x2d,0x09,0x99,0xf0,0x32,0x51,0x55,0x27,0xbd,0x99,0xf6, + 0x6e,0xfa,0x2a,0x75,0x5e,0x01,0x12,0x47,0xb2,0x23,0xa6,0x8e,0x51,0x25,0x8b,0x6b, + 0xc3,0x19,0xa7,0xcd,0xef,0x4a,0xec,0x53,0x3e,0x9d,0xcd,0x8a,0xe2,0x6e,0x34,0x9e, + 0x5b,0x33,0xc7,0x91,0x21,0x90,0x7d,0xe5,0x09,0xa1,0xcb,0x83,0xc2,0xe5,0x9a,0x47, + 0xc1,0xa8,0x84,0xbf,0x68,0xe7,0x22,0x93,0x16,0xa6,0x2e,0x3c,0x49,0xd1,0xf5,0x42, + 0xeb,0xe7,0x10,0x5c,0xfc,0x27,0x09,0x92,0x68,0x12,0x0a,0x77,0x43,0x90,0x84,0x71), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xab,0x18,0x93,0x92,0x30,0xb0,0x96,0x64,0x6a,0x37,0xa7,0x81,0x62,0x9f,0xbd,0x92, + 0x70,0xf3,0x89,0x1a,0x5c,0xea,0xb4,0xa8,0xc3,0xbc,0x68,0x51,0xbc,0x34,0x11,0x5d, + 0xbc,0x06,0x65,0x41,0xb7,0x64,0xa2,0xce,0x88,0xcc,0x16,0xa7,0x93,0x24,0xe5,0xf8, + 0xa9,0x08,0x07,0x65,0x2c,0x63,0x90,0x41,0x73,0x3c,0x34,0x01,0x6f,0xd3,0x0a,0xf0, + 0x8f,0xed,0x90,0x24,0xe2,0x6c,0xf0,0xb0,0x7c,0x22,0x81,0x1b,0x1a,0xe7,0x91,0x11, + 0x09,0xe9,0x62,0x59,0x43,0x44,0x72,0x07,0xdc,0xd3,0xff,0xf3,0x9c,0x45,0xcb,0x69, + 0xee,0x73,0x1d,0x22,0xf8,0xf0,0x08,0x73,0x0c,0xe2,0xef,0xc5,0x3f,0x11,0x49,0x45, + 0x57,0x3e,0xa2,0xdd,0xeb,0xb6,0xe2,0x62,0xc5,0x27,0xd2,0x0f,0x8b,0xb1,0xdc,0x32), + .s = chunk_from_chars( + 0x95,0xbd,0x0b,0xf2,0x36,0x2f,0x34,0xb2,0xe0,0x40,0x75,0xb2,0x93,0x4f,0x40,0x47, + 0x98,0x70,0x3e,0xa4,0x72,0xb8,0x1a,0xc3,0xcc,0x22,0x3a,0xec,0x48,0x6e,0x4c,0x3d, + 0x9c,0x5d,0x1c,0x2f,0x9e,0xe2,0x24,0x17,0x13,0x29,0x64,0xed,0x58,0xe4,0x99,0x37, + 0xf5,0xb2,0x57,0xd3,0x16,0xca,0x7f,0xff,0xe2,0x90,0xb1,0x9f,0x5b,0x58,0x10,0x38, + 0x36,0x81,0x2b,0xef,0x30,0xca,0x03,0x27,0x03,0x9d,0x8b,0x9e,0xa9,0x12,0x95,0x39, + 0x2f,0xc3,0x94,0xb8,0x81,0xe2,0xd2,0xac,0x9e,0x30,0xc5,0xa4,0x42,0x56,0x70,0x0f, + 0xc9,0xde,0x0d,0xba,0x29,0x82,0x73,0xae,0xc3,0x0c,0x4f,0x77,0x8d,0x2e,0x71,0x27, + 0xe8,0xb8,0xa8,0x8b,0x02,0x74,0xfc,0xe0,0x40,0x81,0xcc,0x13,0xad,0xbe,0xfe,0x55, + 0x50,0x14,0xe1,0xb5,0xd5,0xdc,0xf6,0x22,0x4c,0x5a,0xe2,0x77,0x54,0x23,0xa6,0x6c, + 0x81,0x81,0x8e,0xec,0x01,0x4a,0x3f,0xaf,0x9e,0xe7,0x5a,0x3f,0x6c,0x3e,0x51,0xc5, + 0x56,0xb0,0xa2,0x88,0xe8,0xc2,0x62,0x94,0x66,0x84,0xeb,0x62,0x8b,0x88,0xe3,0xf8, + 0x75,0xe6,0x2e,0xf6,0xe8,0x01,0xca,0xe7,0x5f,0x61,0xce,0xe4,0x04,0x97,0x1c,0x39, + 0xd2,0x4a,0x97,0x12,0xeb,0x34,0x2d,0xdc,0x66,0x35,0x15,0xde,0xc1,0x03,0xb1,0x8d, + 0x97,0xd7,0x8e,0xd6,0x82,0x12,0xf2,0x79,0x00,0xe7,0x7c,0x04,0x9b,0x60,0xc8,0x53, + 0x00,0x2b,0x08,0x02,0x2d,0xf5,0x6f,0x70,0x7e,0xfa,0x71,0x02,0x75,0x89,0xe1,0xa3, + 0xca,0x6e,0x41,0x5b,0xa5,0xf4,0x43,0x7e,0x97,0x8b,0x07,0xaf,0x3b,0x73,0xba,0x0d), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xa2,0x80,0xe8,0x9c,0xeb,0x2c,0x8c,0xf2,0x62,0x97,0x19,0x1b,0xaf,0x9a,0x95,0x5d, + 0x0d,0x52,0x37,0x5d,0xa0,0x23,0x63,0x3e,0x0a,0xfc,0xdb,0x0d,0x39,0xdc,0x33,0x5d, + 0x82,0x95,0x85,0x2e,0xf4,0xd0,0x67,0x14,0xe6,0x51,0x1a,0x95,0xd3,0x7c,0x04,0xd2, + 0x68,0x18,0x60,0x6a,0xda,0x54,0x35,0x9b,0x7d,0x07,0x84,0xaa,0x93,0x3c,0xc6,0x85, + 0x61,0xee,0x96,0xa8,0x89,0x10,0xaa,0x3d,0x93,0xd1,0x07,0x87,0xcd,0x1d,0x75,0x80, + 0x55,0x67,0x31,0xc1,0x74,0xa6,0xe3,0xa3,0x2d,0x9d,0xcf,0xa4,0x16,0x60,0x4f,0x0c, + 0x67,0x14,0x81,0xd0,0x51,0xf6,0x3d,0xb6,0x91,0x9f,0x4a,0xba,0x44,0x86,0xd1,0xb0, + 0xfd,0xc6,0x11,0x2c,0x15,0x21,0x55,0x9f,0x42,0x45,0x23,0xc2,0x6b,0x4f,0xb7,0x38), + .s = chunk_from_chars( + 0xcd,0x60,0xde,0x3b,0x4a,0x12,0x89,0xa8,0x4c,0xa7,0x61,0xf9,0x0f,0xa6,0x3f,0x4d, + 0x56,0x88,0xbd,0x88,0x5f,0x4b,0x53,0x1c,0x85,0x15,0xad,0xd2,0xde,0x12,0x51,0xf9, + 0x93,0xff,0x7f,0x98,0x6b,0xef,0x3f,0xba,0x69,0x2e,0xcd,0xeb,0xc8,0x19,0x42,0xd7, + 0x42,0x9c,0x7a,0x59,0xc5,0xd3,0xf1,0xfb,0x87,0x2f,0xc1,0xda,0x19,0x15,0xe9,0x45, + 0x86,0xa5,0xc3,0xd9,0x63,0x60,0x36,0x19,0x00,0x8f,0x7e,0xfe,0xde,0xd1,0xd7,0x0b, + 0x0a,0x11,0xce,0x2c,0xd8,0x1b,0x5b,0x0d,0x86,0xb3,0x76,0x0c,0x94,0x83,0x67,0x4f, + 0x55,0xe9,0xfa,0x47,0xf2,0xf3,0x10,0xd5,0x88,0xfb,0x21,0x60,0xe8,0xb5,0xc3,0x2b, + 0xe4,0xe7,0xa9,0x68,0xd5,0xa8,0xd4,0xac,0x65,0x76,0xb7,0x1a,0x2b,0x91,0xcd,0x6a, + 0xf0,0x01,0x6c,0xbc,0x81,0x6d,0x4a,0xae,0x8c,0x70,0x64,0x9e,0x08,0xdc,0xe9,0x0b, + 0x3c,0xe5,0x2a,0xb4,0x9c,0xe2,0xcb,0x5b,0x0e,0xd8,0xa4,0x5e,0x33,0xd9,0x4c,0xf2, + 0xd4,0xcf,0xde,0xe1,0x15,0x12,0x70,0xb2,0x07,0x3a,0xef,0xfe,0xaf,0x71,0x7d,0x39, + 0xe0,0x41,0x92,0xb8,0xb6,0x93,0xc5,0x3f,0x21,0xa6,0x12,0x38,0x13,0x28,0x08,0x06, + 0x92,0x0b,0x7d,0xc5,0x82,0x20,0x1c,0x9d,0x11,0x70,0x50,0x32,0x06,0x71,0xe8,0x61, + 0x39,0xa0,0x27,0x97,0x6b,0x7e,0xcf,0x41,0x33,0x69,0xa9,0xfc,0x28,0xe0,0xbd,0x71, + 0x9c,0xeb,0x5e,0x10,0x7d,0xe7,0x99,0xf1,0xbc,0x2e,0x25,0x5a,0x9f,0x29,0x47,0x6d, + 0x45,0x74,0xd1,0x33,0x2f,0x66,0x46,0x8a,0xfb,0x90,0x04,0xff,0x7b,0x53,0x53,0x02), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x85,0xed,0x1e,0x3d,0xfc,0xd5,0xbc,0xa2,0x4c,0xad,0x1d,0x01,0xeb,0xe1,0x92,0xb7, + 0xd0,0x59,0xec,0x9b,0x88,0x44,0x36,0xe1,0x87,0x14,0xa4,0x3f,0xbc,0xc9,0xc6,0x4f, + 0x68,0x73,0x01,0x35,0x2f,0xf2,0x40,0x81,0x70,0x01,0xe7,0x57,0xd2,0x73,0x09,0xcd, + 0x1f,0xbb,0xda,0x94,0x56,0xb2,0x67,0xdb,0xfb,0x95,0x84,0x70,0xb2,0x4d,0x06,0x28, + 0x0c,0xf4,0x33,0x82,0xa1,0x94,0x77,0x87,0x5f,0x32,0x59,0xf4,0x21,0x0b,0xac,0x9b, + 0x83,0x1d,0x0a,0x07,0xf5,0xe9,0x7e,0x5f,0x0f,0x78,0x81,0x8c,0x25,0x9c,0x28,0x9e, + 0x1a,0x78,0x9b,0x6c,0x79,0x42,0xc9,0x7b,0xc1,0x48,0x5a,0x22,0x01,0x31,0xe5,0xeb, + 0xa5,0x86,0x64,0x3b,0x90,0x71,0xe5,0x36,0x6b,0xc4,0x82,0xdd,0x3c,0x3c,0x92,0x79), + .s = chunk_from_chars( + 0x13,0x81,0x34,0xbb,0xec,0xef,0xaf,0xc7,0xca,0x8b,0x10,0x2c,0xbe,0x87,0xb0,0x12, + 0xf8,0xaa,0xda,0x88,0x78,0x99,0x50,0x02,0xcf,0x18,0x87,0x69,0x4b,0x5b,0xe3,0xb8, + 0xf0,0xbb,0x61,0x6b,0xc6,0xe0,0x79,0x62,0xd5,0x48,0x2d,0x3a,0x52,0xc5,0x2a,0xb9, + 0x1b,0x3e,0xe0,0x06,0x4d,0x24,0x55,0x8e,0x13,0xc7,0x5c,0x80,0xf6,0xa9,0x5b,0x7d, + 0xc4,0x98,0x44,0x28,0x79,0xd5,0xba,0xf8,0xff,0xa7,0xe2,0xf6,0x38,0x80,0x8b,0x97, + 0xff,0x70,0x13,0x6b,0xb6,0x45,0xe3,0x09,0x44,0xdd,0x97,0xa9,0x97,0xa0,0x20,0x51, + 0x69,0x55,0x3a,0x5b,0x9e,0x87,0x4c,0x5a,0x94,0x41,0xe1,0x8c,0x15,0xeb,0xed,0x76, + 0x04,0x3b,0x63,0x9d,0xfd,0x64,0xdb,0x79,0xe1,0x74,0x84,0x7a,0x10,0x27,0x24,0xa2, + 0xa0,0x5c,0x64,0x94,0x73,0xcc,0x7d,0xac,0xd3,0x9e,0x2e,0x1d,0x56,0x66,0xbb,0xb5, + 0xf0,0x12,0x46,0x74,0x70,0x48,0xff,0xfc,0xdf,0xcd,0xdf,0x78,0x2d,0xa2,0x4a,0x6d, + 0xcc,0x02,0x2b,0x26,0x95,0xf7,0x07,0x81,0xbd,0x9f,0x8f,0xf7,0xd0,0x3b,0xe2,0x2e, + 0xb8,0xfc,0x79,0x3f,0x5c,0x07,0x1a,0x66,0xd9,0xa6,0xea,0x46,0xc6,0xa2,0xcf,0x05, + 0x56,0x52,0x6b,0xa8,0xb0,0x85,0x07,0x35,0x46,0x44,0x80,0x81,0x73,0x2a,0xc1,0x5f, + 0x12,0x83,0x3c,0x1d,0xb1,0x70,0x1f,0xf7,0xf6,0x83,0x44,0xca,0x65,0xdf,0xf8,0x62, + 0x11,0xa0,0x03,0xad,0xbf,0x51,0x89,0xcf,0xae,0x79,0xea,0xa8,0xc8,0xb7,0x14,0x1e, + 0xa3,0x78,0xe4,0x4c,0xc9,0xc5,0xbf,0x02,0x4d,0x2c,0x71,0x0f,0xf5,0xcd,0x68,0xaf), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x0b,0xdb,0xa3,0x4e,0x35,0xfc,0xa6,0x5a,0x17,0x81,0xd4,0xd7,0xc9,0x33,0xa5,0xf2, + 0x10,0xd3,0xa5,0x94,0x83,0xae,0xbc,0x95,0xec,0x71,0xb3,0x2d,0xf1,0x3f,0xf4,0xab, + 0xf4,0x01,0x91,0x69,0x37,0xfd,0x88,0xff,0x44,0xab,0x46,0xb7,0x8c,0xc3,0x69,0x41, + 0x4e,0x9b,0xca,0xa8,0xba,0xb0,0xbb,0x85,0x57,0x82,0x8d,0x73,0xa2,0xa6,0x56,0xc2, + 0xf8,0x16,0xf0,0x70,0xb5,0xcb,0x45,0x54,0x9e,0x8e,0xca,0x9d,0x7c,0x0b,0x4a,0x7b, + 0x0a,0x27,0xe5,0x1c,0x11,0x93,0x58,0xda,0xd2,0xa1,0x7f,0xb3,0xa4,0x57,0x18,0xf9, + 0xde,0xc3,0xc9,0x4a,0xf7,0x8d,0x65,0xc3,0xec,0xd3,0x6b,0x71,0xe2,0x30,0xcf,0x08, + 0x0d,0x1e,0xfd,0xd8,0xd0,0x7f,0x1c,0xfc,0x26,0x76,0x8f,0xd5,0x40,0x7b,0xc2,0xb7), + .s = chunk_from_chars( + 0x9f,0x48,0xde,0xb9,0x6b,0xec,0x0b,0x72,0xfb,0xc4,0xf1,0x2f,0x08,0xaf,0xb4,0x6b, + 0xcc,0xf1,0x9d,0x9e,0x0c,0xd0,0x36,0x8e,0xbe,0xb3,0x12,0xd8,0x38,0x72,0x62,0x63, + 0x80,0xac,0x92,0x8b,0x61,0x2c,0x5c,0xd7,0x74,0x38,0xd4,0x7a,0xa9,0xce,0xea,0x90, + 0x5a,0x9d,0xe7,0x18,0x2c,0x8e,0xf7,0x6e,0x8a,0x7a,0x03,0xd6,0xef,0xec,0x84,0x00, + 0xb6,0x49,0x63,0x62,0xbf,0x6a,0x30,0xce,0xb1,0xce,0xd2,0x18,0x5f,0xc7,0xc2,0x11, + 0x7b,0x6a,0x6d,0x88,0x8a,0xc2,0x0c,0x16,0x87,0xb0,0xf2,0xaa,0x9b,0x76,0x70,0x5f, + 0xd3,0x15,0x48,0x89,0xb6,0xac,0xaf,0x4e,0x63,0xbe,0x25,0x88,0x0c,0x71,0xe6,0xc2, + 0x39,0xec,0xfb,0x96,0x50,0x04,0xcd,0x63,0x21,0x25,0x7f,0x84,0x6a,0xfd,0x2a,0x65, + 0x90,0xc7,0x2a,0xd8,0x31,0x46,0xee,0xfc,0x7b,0x0d,0xc4,0x79,0x63,0x39,0xa7,0xf6, + 0x4d,0xa0,0xfb,0xe3,0x59,0xf9,0x4a,0xce,0x1f,0xd1,0x51,0xc5,0xac,0x7b,0xb5,0x70, + 0x7b,0x32,0xea,0xcf,0x56,0x4f,0xe1,0x62,0x2e,0x66,0xe1,0x84,0x4e,0x63,0x96,0x02, + 0xca,0x36,0x27,0x4a,0xe0,0x1f,0x93,0xe6,0xb2,0xbd,0x1e,0xff,0xd3,0x4a,0xb6,0x3d, + 0x85,0x2c,0xc9,0xca,0xf3,0xce,0x84,0x46,0xc2,0x9c,0x8a,0xe3,0xc6,0x11,0x0f,0xb7, + 0x53,0x8c,0xc8,0x37,0x1c,0x2a,0x39,0x81,0x24,0x9c,0xdc,0x1b,0xe2,0xb2,0x4b,0x6a, + 0x0c,0x95,0x17,0x64,0xd0,0xb7,0xef,0xa9,0x2a,0x22,0xcd,0x8e,0xd1,0x65,0xe1,0x82, + 0x86,0x35,0x79,0x37,0x79,0x97,0xa9,0xee,0x50,0xc8,0xac,0x3a,0xa4,0xdf,0x1a,0xca), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x9a,0xee,0xd8,0x5b,0x40,0xba,0x7f,0x86,0xa2,0x28,0xb5,0xa1,0x51,0x5b,0xa1,0x90, + 0xb2,0xef,0xff,0x66,0x99,0x3a,0x5e,0xce,0x19,0xd1,0x8b,0xaa,0x9b,0x4e,0x4d,0xf9, + 0x2e,0x51,0x52,0xfe,0x1e,0xc5,0x6a,0x9f,0xc8,0x65,0xf3,0x0b,0xac,0x7e,0x94,0x9f, + 0xc4,0xf6,0x2f,0x0b,0x15,0x8d,0x10,0xb0,0x83,0x63,0x6b,0x4d,0xe9,0xbb,0x05,0xdb, + 0x69,0xfe,0x31,0xb5,0x01,0x03,0xfe,0xfc,0x5f,0x8d,0xaf,0x3a,0xf7,0x15,0x6b,0x45, + 0x52,0xca,0x36,0x67,0xa9,0xd7,0x20,0xbb,0xb2,0xe4,0xbc,0xda,0xba,0xdf,0xd4,0xb7, + 0xf4,0xfc,0x5b,0xc8,0x11,0xfa,0xa3,0x67,0x10,0xa9,0xd1,0x77,0x58,0xa9,0x8d,0x4a, + 0x04,0x74,0xfe,0xc2,0x7e,0x9e,0xf5,0xb7,0x4f,0x5c,0x68,0x99,0x35,0x44,0x23,0x57), + .s = chunk_from_chars( + 0x9e,0xec,0xdb,0xd7,0xfb,0xf6,0x18,0xdd,0xdd,0xfb,0x6e,0x75,0xd6,0x44,0x40,0xf6, + 0x04,0x45,0xb8,0x53,0xc5,0x42,0xfe,0x0f,0xba,0xaa,0x6a,0x43,0x12,0x94,0xe6,0xcb, + 0x66,0x83,0xae,0x1a,0x71,0xea,0x05,0x5e,0xb4,0x9c,0xd2,0xa3,0xcb,0x51,0x54,0xdc, + 0x93,0xd9,0xaa,0x16,0x63,0x99,0xf4,0xe6,0x29,0x4f,0x0e,0xb0,0x65,0x28,0x00,0xd7, + 0x1e,0x04,0x1c,0x1c,0xe1,0xad,0x84,0x9c,0x03,0xc9,0x63,0xbc,0x09,0x29,0xdc,0xdd, + 0x11,0xbe,0x5d,0x67,0xa0,0x50,0xd0,0x2b,0x64,0xb2,0x9e,0xab,0xa6,0x55,0x64,0x2b, + 0x64,0x36,0xfb,0xfb,0x16,0x36,0x90,0xbf,0x43,0x2f,0xdc,0xee,0xdd,0x10,0x6c,0x2f, + 0x49,0x72,0xec,0xbf,0x30,0x77,0xed,0x8b,0x75,0x3b,0xb6,0x05,0xec,0x1e,0xa0,0x30, + 0x20,0x83,0x9a,0x31,0x8a,0x24,0xf8,0xd4,0xc1,0xd7,0xd8,0xdf,0x99,0xa7,0xf0,0x01, + 0x0a,0xe4,0x1a,0x8b,0x06,0x8e,0x28,0x88,0x53,0x10,0x56,0xa7,0xda,0xbb,0xe9,0x21, + 0x87,0x8d,0xcd,0x3c,0x7d,0x69,0x41,0x68,0x67,0xf4,0x01,0x2a,0x60,0x6a,0xe8,0x68, + 0x55,0xf1,0x5a,0xed,0x0d,0xa1,0x25,0x0e,0x59,0x68,0x77,0x06,0xe8,0x9c,0x94,0x94, + 0xba,0xf3,0x7f,0x61,0xfb,0x17,0x03,0xb7,0x99,0x28,0x79,0x5f,0x90,0xcc,0xbe,0x29, + 0x3a,0x1e,0x94,0x72,0xf6,0xe0,0xf4,0xb8,0x90,0xfd,0xda,0x3e,0xa2,0x52,0x2e,0x3d, + 0x11,0xd5,0xab,0xdf,0x00,0x69,0x51,0x94,0x24,0xd1,0x47,0xb5,0x64,0x6a,0x5a,0x60, + 0x1f,0x19,0xec,0x89,0x72,0x9a,0x8b,0x48,0x46,0x1e,0x71,0xc0,0x8b,0xbe,0x9c,0xda), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x65,0x4e,0x18,0x9f,0x06,0xc7,0xd4,0x2d,0x55,0x39,0xa5,0x87,0x21,0x84,0xf8,0x33, + 0x6c,0xf1,0x00,0x69,0x1f,0x19,0x08,0x18,0xfd,0x02,0x08,0x2a,0xd6,0x8a,0x76,0x09, + 0xfd,0x09,0x5e,0x62,0xfc,0x32,0xb5,0x29,0x85,0x3a,0xeb,0xdd,0xac,0x3d,0xbf,0x0d, + 0x54,0xdd,0x57,0x1b,0xe7,0x2c,0x90,0x40,0x4b,0xcc,0x93,0xd0,0x11,0x54,0xa9,0xbf, + 0xef,0xf6,0x50,0x65,0x70,0x5f,0x8e,0x7e,0xea,0xdf,0x85,0x75,0xb1,0xca,0x48,0xe2, + 0x8a,0x1e,0xed,0x51,0x62,0x65,0xe3,0x45,0x40,0xdd,0x86,0x7c,0x79,0xd7,0xf1,0x75, + 0x23,0x5d,0x13,0x30,0xcb,0x17,0x06,0x35,0x6b,0x70,0x9b,0xd7,0x96,0xf4,0x3a,0xba, + 0xf6,0xfc,0xe9,0x93,0xf8,0x8e,0xaa,0x2f,0xc6,0x7f,0x0a,0xb7,0x76,0xda,0xf7,0x32), + .s = chunk_from_chars( + 0xaf,0x90,0x29,0x8b,0xce,0xf6,0x15,0x30,0x9f,0x23,0x5d,0x5c,0x33,0x60,0xf0,0xdf, + 0x11,0xf5,0xfb,0x98,0x87,0x89,0xf2,0x13,0xd4,0xc4,0x61,0x34,0xfe,0xe5,0xeb,0x10, + 0x4a,0xa1,0xfa,0xbb,0x13,0x07,0xc9,0xa9,0x04,0x70,0x9d,0xe8,0x86,0x73,0xed,0x99, + 0x51,0xcb,0xa9,0x31,0x67,0xc6,0x7c,0x09,0xd8,0x27,0x02,0x1b,0x08,0xa2,0x2c,0x05, + 0x05,0x82,0x8a,0xb4,0xbe,0xb4,0x2e,0x59,0xa3,0x88,0x32,0xcb,0x4d,0xa2,0x4e,0xcf, + 0x91,0xf4,0x70,0xa3,0xb4,0x12,0xc0,0x71,0x2a,0x8a,0x59,0xf6,0xf2,0x73,0x9d,0x4e, + 0x9e,0xb4,0xcc,0x58,0xd2,0xc5,0x25,0x92,0xf1,0x45,0x2d,0xc6,0x57,0x59,0xab,0xe4, + 0x3e,0x8d,0x2b,0xc8,0x04,0xe2,0xef,0xb3,0xef,0xc9,0xb2,0x3c,0xc1,0x73,0x4f,0xf7, + 0xca,0xef,0xa4,0x6b,0x03,0xba,0x4b,0x39,0x7d,0x07,0x14,0xcd,0xb8,0x50,0x1a,0x81, + 0x2c,0x1b,0x9f,0x47,0x41,0x1c,0x91,0xcb,0xa5,0x3a,0x3d,0x3b,0x13,0x9e,0xdb,0xd7, + 0xcb,0xb5,0x43,0xf5,0xbf,0x38,0x29,0xba,0x7f,0x5f,0xaf,0xd8,0xa7,0x12,0xc0,0xb1, + 0x11,0x94,0x3f,0x53,0x20,0x93,0x53,0xaf,0xab,0xa1,0x76,0xb3,0xf5,0xdc,0x06,0x03, + 0x39,0xd0,0x9b,0x1f,0xb3,0xc2,0x13,0xda,0xe5,0xd0,0xf0,0x04,0xd3,0x02,0x82,0x85, + 0x60,0xfb,0x5d,0xeb,0xf9,0xfe,0x49,0x1e,0xaa,0x66,0xf5,0x97,0xaa,0x4d,0xe2,0x3e, + 0xee,0xf9,0x17,0x63,0x58,0x75,0x5c,0x95,0x2e,0xf9,0x6e,0x36,0x72,0x58,0x3b,0x6e, + 0xcd,0x95,0xa0,0x2e,0x8c,0xa7,0xb2,0x1d,0x7c,0x20,0xcb,0xb7,0xa7,0x57,0xaf,0x71), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x12,0x1f,0x80,0xb4,0x3f,0x97,0x57,0xb3,0xfa,0x80,0x90,0x6a,0xea,0xb2,0x32,0x19, + 0x5f,0x0e,0x2c,0x41,0xe5,0xbf,0x8c,0x09,0x1a,0xc0,0xf1,0xe0,0xbc,0x9e,0x43,0x64, + 0x06,0x80,0xa1,0x82,0x3d,0x64,0x9b,0xdf,0x86,0xab,0xa2,0x77,0xfa,0xd8,0xbc,0x85, + 0xfc,0x95,0x7d,0xa2,0xca,0xf7,0x32,0x30,0x53,0x02,0x5f,0xf9,0x49,0x70,0x6c,0x14, + 0x76,0xae,0x9b,0x09,0x53,0x28,0x3d,0x34,0xd7,0xc6,0x26,0x6f,0x8d,0xb6,0x5e,0xeb, + 0xe9,0x6d,0x19,0x5f,0xdc,0xe8,0xe9,0x65,0xa6,0x38,0x33,0x20,0xec,0x3d,0xe0,0x23, + 0x0a,0xb2,0x54,0x8e,0xaa,0x69,0xa4,0x7a,0x96,0xd8,0x03,0x98,0xca,0xd5,0x7e,0x14, + 0xce,0x9e,0xea,0xc0,0x42,0x1c,0x1a,0x6e,0xba,0x69,0x55,0x9d,0xcd,0x8f,0x06,0x59), + .s = chunk_from_chars( + 0x06,0xa2,0xd7,0x45,0x85,0xf1,0x2e,0xa7,0xa8,0x05,0x27,0xb8,0xc6,0x35,0xa2,0x1c, + 0xc1,0x1b,0x45,0xdb,0xb0,0x88,0x5a,0x12,0x72,0x21,0x26,0x81,0x1d,0xd2,0x5d,0x65, + 0x7b,0xfa,0x9f,0xda,0x77,0x43,0x01,0xca,0x34,0x98,0xd0,0x5d,0xfd,0xfb,0x78,0xa6, + 0xaa,0x16,0xa9,0xf8,0xa9,0x5f,0x40,0xf1,0xf0,0x4b,0xd3,0x54,0xa5,0x22,0xf6,0xa2, + 0xd6,0x2b,0x32,0x4e,0xfa,0x3c,0x00,0x6c,0x22,0xc2,0x31,0x4b,0x01,0xfa,0x0e,0x91, + 0xa3,0xdb,0xa4,0x9a,0xa3,0x5b,0x46,0xb1,0x98,0x04,0xb0,0x7a,0xd9,0x8f,0xe4,0xbc, + 0x99,0x03,0x93,0xa4,0xa2,0x73,0xce,0x8f,0x1c,0x85,0xfc,0x19,0xcd,0x5e,0xae,0x9a, + 0xf0,0xb7,0xd1,0x95,0x7b,0xb2,0x34,0x09,0x77,0x8a,0x01,0x0b,0x00,0xc6,0x95,0x9e, + 0x1b,0x67,0x06,0x6f,0xdb,0x9f,0x84,0x95,0xb4,0xde,0x4d,0xcb,0xb9,0x87,0x35,0x81, + 0x45,0xb1,0xff,0x6a,0x39,0xef,0x6f,0xc5,0x88,0xcd,0xa1,0x74,0x4e,0x0a,0xb9,0xe7, + 0xeb,0x00,0x2c,0x29,0xa7,0x85,0x31,0xd2,0x51,0x57,0xc5,0xc2,0xcd,0x64,0x70,0x55, + 0x15,0x60,0xa0,0x28,0x45,0xdb,0x6d,0xbe,0xe2,0x42,0xf9,0x65,0xa2,0x55,0x40,0x6f, + 0x6e,0xf4,0x7b,0x32,0x21,0xa5,0x11,0x0e,0xdb,0x44,0xd3,0x8b,0x94,0x19,0x1a,0xea, + 0xf4,0x33,0xc0,0xec,0xe3,0x48,0x0b,0x9d,0x1b,0x06,0xd8,0xb8,0xb6,0xc0,0xa2,0x32, + 0xa0,0x4c,0x56,0x78,0x88,0xe6,0x37,0x2f,0x2e,0x94,0xbc,0x2b,0xe6,0xb8,0x27,0xf8, + 0x71,0x2a,0xf4,0x8c,0x6f,0x1e,0x4f,0x22,0x3f,0x55,0x28,0xfc,0xf3,0x48,0x79,0x9d), + }, +}; + +START_TEST(test_sign_pkcs15_2048) +{ + signature_scheme_t scheme = pkcs15_2048[_i].scheme; + chunk_t sig; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme)) || + !lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, scheme))) + { + warn("%N not supported, skip test", signature_scheme_names, scheme); + return; + } + fail_unless(privkey_2048->sign(privkey_2048, scheme, NULL, pkcs15_2048[_i].m, &sig), + "sign %N", signature_scheme_names, scheme); + ck_assert_chunk_eq(pkcs15_2048[_i].s, sig); + fail_unless(pubkey_2048->verify(pubkey_2048, scheme, NULL, pkcs15_2048[_i].m, sig), + "verify %N", signature_scheme_names, scheme); + free(sig.ptr); +} +END_TEST + +/** + * Test vectors from FIPS 186-4 + */ +static struct { + signature_scheme_t scheme; + chunk_t m; + chunk_t s; +} pkcs15_3072[] = { + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xbc,0xf6,0x07,0x43,0x33,0xa7,0xed,0xe5,0x92,0xff,0xc9,0xec,0xf1,0xc5,0x11,0x81, + 0x28,0x7e,0x0a,0x69,0x36,0x3f,0x46,0x7d,0xe4,0xbf,0x6b,0x5a,0xa5,0xb0,0x37,0x59, + 0xc1,0x50,0xc1,0xc2,0xb2,0x3b,0x02,0x3c,0xce,0x83,0x93,0x88,0x27,0x02,0xb8,0x6f, + 0xb0,0xef,0x9e,0xf9,0xa1,0xb0,0xe1,0xe0,0x1c,0xef,0x51,0x44,0x10,0xf0,0xf6,0xa0, + 0x5e,0x22,0x52,0xfd,0x3a,0xf4,0xe5,0x66,0xd4,0xe9,0xf7,0x9b,0x38,0xef,0x91,0x0a, + 0x73,0xed,0xcd,0xfa,0xf8,0x9b,0x4f,0x0a,0x42,0x96,0x14,0xda,0xba,0xb4,0x6b,0x08, + 0xda,0x94,0x40,0x5e,0x93,0x7a,0xa0,0x49,0xec,0x5a,0x7a,0x8d,0xed,0x33,0xa3,0x38, + 0xbb,0x9f,0x1d,0xd4,0x04,0xa7,0x99,0xe1,0x9d,0xdb,0x3a,0x83,0x6a,0xa3,0x9c,0x77), + .s = chunk_from_chars( + 0xd1,0xd2,0x1b,0x8d,0xfa,0x55,0xf0,0x68,0x1e,0x8f,0xa8,0x61,0x35,0xcf,0x29,0x2d, + 0x71,0xb7,0x66,0x97,0x13,0xc2,0x91,0xd8,0xf8,0xdc,0x24,0x64,0x64,0xde,0x3b,0xbb, + 0x96,0x1b,0x59,0x6d,0xfc,0x8f,0xda,0x6c,0x82,0x3c,0x38,0x40,0x08,0xd0,0x5b,0xcb, + 0x3d,0xcc,0xc3,0x6a,0xcc,0xf1,0xb2,0xbe,0xde,0x1a,0x95,0xe5,0x22,0x58,0xd7,0xd1, + 0xbd,0xf1,0xfc,0x44,0xe1,0x80,0x72,0xab,0xd4,0x5c,0x13,0x92,0x01,0x5e,0xe7,0x16, + 0x92,0x69,0x0e,0xf8,0xcd,0xaa,0xed,0x33,0x7d,0xd8,0x54,0x67,0x83,0xf9,0x61,0xbb, + 0x96,0x20,0xeb,0x5c,0x7b,0x8b,0x67,0x16,0xe8,0xc6,0x00,0x35,0x1f,0xab,0x77,0x65, + 0xee,0x38,0xa1,0x5d,0x32,0xd8,0xa2,0xc0,0x94,0x98,0x25,0xc4,0x9a,0x7f,0x25,0xee, + 0xdd,0x9b,0xe7,0xb8,0x07,0xbb,0xfd,0x51,0x79,0x13,0x78,0x66,0x20,0xd2,0x49,0x82, + 0x3d,0xae,0x6f,0xe2,0xfd,0x39,0xac,0x63,0x9d,0xd7,0x48,0x21,0xb0,0xc1,0x20,0xb4, + 0x2f,0x31,0xc2,0xc6,0x39,0xd2,0xc6,0x1b,0x39,0x5f,0x09,0xf8,0x68,0x51,0xbc,0x80, + 0x9b,0x34,0xc4,0x98,0x1a,0xc6,0x5c,0xf2,0x5b,0x2e,0x8a,0xdc,0xbc,0xe1,0x90,0xef, + 0x2e,0xf6,0x7a,0x01,0x89,0x03,0x9c,0x91,0x10,0xf2,0x67,0x01,0xc3,0xee,0xd7,0x31, + 0xc8,0xd9,0xea,0xd1,0x78,0x22,0x0f,0xfc,0xac,0x7f,0x0f,0x67,0x8a,0xa2,0x22,0x68, + 0xe1,0xd0,0x19,0x42,0xec,0x51,0xe8,0x0e,0xef,0x06,0xe2,0x11,0x28,0x30,0x85,0x5e, + 0x87,0xba,0xfe,0x8c,0xc9,0xc2,0x2f,0xd7,0x37,0xc7,0xab,0xbc,0xa5,0xeb,0x7a,0x22, + 0x1d,0x38,0x35,0xa8,0x66,0x10,0xd2,0x4b,0x50,0x7b,0x5d,0xcb,0x46,0x18,0xaa,0x42, + 0x1f,0x63,0xa5,0x60,0x9e,0xf5,0xd6,0x8f,0x57,0x60,0xfd,0xdf,0x97,0x01,0x35,0x60, + 0x2e,0xfa,0xd0,0x85,0x1b,0xbf,0xf9,0x8f,0xe8,0x7f,0xa5,0x8b,0xc3,0x65,0xf3,0x8e, + 0xe7,0xec,0x8e,0xf5,0xaa,0xb1,0x7f,0xd1,0x1d,0x89,0xd9,0x1e,0xf4,0xc6,0x04,0xe0, + 0xd1,0xf0,0x01,0xd0,0xe0,0x88,0x69,0xdf,0x92,0x25,0xe3,0xb4,0xce,0xf5,0x2f,0xf8, + 0x68,0x15,0xe1,0x3b,0x3e,0xfd,0xf4,0x57,0x76,0xf9,0x35,0x37,0x69,0xa8,0xa5,0x1f, + 0xe7,0xd8,0x91,0xa7,0xef,0x70,0x35,0xee,0xcf,0xa2,0x59,0x84,0x87,0x38,0x37,0x68, + 0x86,0xed,0xc9,0x1c,0xc7,0x8f,0x6d,0xa3,0x1c,0x2f,0x07,0xee,0x36,0x2c,0x3d,0x82), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x2b,0xca,0xd6,0xe7,0x44,0xf2,0x49,0x0b,0xa6,0xa6,0xe0,0x72,0x28,0x32,0x41,0x7e, + 0xbd,0x91,0x0f,0x91,0x46,0xeb,0x62,0xba,0xaa,0x5c,0x74,0x95,0x29,0xf7,0x9d,0x6c, + 0xed,0x0b,0x81,0xa2,0xe2,0xa4,0x88,0x52,0xc8,0x55,0x8e,0x33,0x87,0x35,0xdc,0xbf, + 0xc2,0x28,0x57,0x94,0xae,0x60,0xf8,0x1a,0x25,0x23,0x7c,0x66,0xf6,0xce,0x5d,0x5e, + 0x80,0x1a,0x00,0x1e,0x7f,0x9e,0x30,0x9b,0x25,0x95,0xcb,0x86,0x6d,0xe2,0xbb,0x74, + 0xac,0x51,0x28,0x3b,0x68,0x20,0xec,0x9f,0x6e,0xbe,0x48,0x2e,0x1f,0xd2,0xd5,0x68, + 0x0b,0x7f,0xbd,0x23,0xc1,0xe6,0x2a,0x2e,0xe4,0xed,0xff,0x35,0x82,0x3f,0xc7,0xe4, + 0xa2,0x95,0xea,0x4f,0x1c,0x33,0x27,0x92,0xae,0xb5,0x3e,0xb4,0x4b,0x0b,0xed,0xd2), + .s = chunk_from_chars( + 0x37,0xd9,0x60,0xfe,0x39,0x12,0x98,0xbb,0xdc,0x22,0x3f,0xa1,0xeb,0x1d,0x3c,0xd9, + 0xa4,0x6b,0xa8,0xc6,0x2e,0x1d,0xa8,0xc5,0x63,0xc8,0x9a,0x8f,0x0e,0x67,0xb8,0x64, + 0xfc,0x89,0x83,0x7f,0xfc,0x08,0xaa,0xb7,0x12,0x2b,0x84,0xc4,0x35,0xc7,0xf9,0x40, + 0x6e,0x16,0x5a,0x10,0x29,0x85,0x7c,0x1e,0x4d,0xea,0x65,0x35,0x69,0x27,0x72,0x73, + 0xb1,0xd9,0xb0,0xa9,0xf5,0xb0,0xdc,0x24,0xaf,0xdd,0x21,0x44,0x76,0xd4,0x72,0x08, + 0xad,0x52,0x21,0xa7,0xd7,0x93,0xca,0xb8,0x06,0x71,0xfb,0x49,0x87,0xc8,0x6b,0xd6, + 0x14,0x48,0x80,0xc5,0x9d,0x24,0x87,0x14,0x00,0xf6,0x4b,0xdc,0x6d,0x49,0x6d,0xbd, + 0x49,0x7f,0x3d,0xbf,0x64,0x28,0x64,0xfe,0x49,0xaf,0x3e,0x21,0x51,0x5e,0x62,0xd6, + 0x0f,0x00,0x71,0xdb,0x48,0x84,0xf4,0x96,0x70,0xea,0xa9,0xe4,0xe4,0x98,0x2f,0x26, + 0x9a,0xbe,0x72,0x42,0x44,0x28,0x88,0x59,0xc2,0xad,0xf6,0x0a,0x09,0xfa,0xaa,0xbb, + 0x07,0x99,0x0e,0x09,0xe5,0x6d,0xe2,0x54,0xba,0xbb,0xee,0x14,0xbe,0x7e,0xb6,0xed, + 0xa0,0xcd,0xb2,0x2f,0x3d,0x0d,0xe8,0x72,0x48,0x04,0x67,0x3f,0xb9,0x9f,0x86,0xef, + 0xb4,0x26,0x3d,0xcc,0x50,0x17,0xab,0xc9,0x1b,0xd9,0xcd,0x83,0x36,0x79,0x47,0x5b, + 0xfa,0xc5,0x0a,0x2b,0xe8,0xdb,0x86,0x29,0x6b,0xbf,0x80,0x17,0x88,0x93,0x57,0x37, + 0x13,0x14,0x60,0x4e,0x83,0xd6,0x8b,0x6e,0xfe,0xcd,0x4b,0x79,0xf0,0xa8,0xaf,0xa0, + 0xdf,0xfa,0x44,0x8f,0xb7,0xfc,0xe6,0xd3,0x44,0x70,0x9a,0x67,0x0e,0x0c,0xff,0x43, + 0x2c,0x3e,0x18,0x7b,0xcf,0xf7,0xfd,0xc4,0xf4,0xe9,0xab,0xe1,0x09,0x5c,0x46,0xb0, + 0x1d,0x88,0xb6,0x04,0x4b,0xb9,0x50,0xe9,0x28,0x59,0x01,0x0d,0x9a,0x0e,0x3b,0x2d, + 0x1f,0x27,0xa0,0x96,0xea,0xca,0xa2,0x42,0x63,0xa2,0xa0,0x52,0x3d,0x6e,0x0d,0xa1, + 0xfb,0xa8,0xaf,0x76,0x81,0x96,0xf7,0xa5,0x1f,0x92,0xfd,0xf1,0x52,0xbe,0xf0,0x62, + 0xdd,0x1f,0x83,0x27,0xce,0xe1,0xd3,0x44,0xc2,0x00,0xc2,0x11,0x5a,0xc6,0xec,0x1d, + 0xd8,0x51,0x4c,0xef,0x9e,0x36,0xd0,0xce,0x8c,0x32,0xe5,0x87,0x83,0xc4,0xfc,0xba, + 0x90,0x1a,0xa7,0x0c,0x2b,0x42,0x96,0x64,0x88,0x00,0x2f,0xf1,0x71,0xd3,0x64,0x14, + 0xa1,0x44,0xbf,0x46,0x77,0x51,0x83,0xa8,0x81,0x5d,0xe9,0xee,0x3e,0x81,0xf3,0x1b), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xc3,0x97,0x8b,0xd0,0x50,0xd4,0x6d,0xa4,0xa7,0x92,0x27,0xd8,0x27,0x0a,0x22,0x02, + 0x95,0x34,0x82,0x87,0x59,0x30,0xfb,0x1a,0xea,0xe4,0xe6,0x7f,0x87,0xe7,0x94,0x95, + 0x28,0x9d,0xe2,0x93,0xb4,0xa4,0x0d,0x92,0x74,0x6f,0xc8,0x4c,0xc8,0x31,0x8c,0x23, + 0x18,0xfd,0x30,0x65,0x0e,0x2b,0xb9,0xce,0x02,0xfd,0x73,0x4e,0xb6,0x83,0x41,0x0d, + 0x44,0xbb,0x31,0xad,0x54,0xfd,0x53,0xcf,0x92,0x96,0xcc,0xd8,0x60,0xb4,0x26,0xf5, + 0xc7,0x82,0xea,0x5c,0xb4,0x93,0x71,0xd5,0x61,0x84,0xf7,0x79,0x11,0xdd,0xf1,0xba, + 0x00,0x39,0xa0,0xa4,0x9a,0xa7,0xe7,0x63,0xeb,0x4f,0x5a,0x04,0x57,0x59,0x97,0x80, + 0x8b,0x0a,0xd9,0xf6,0xb3,0x30,0xca,0x38,0xed,0xc1,0x99,0x89,0xfe,0xbf,0x4d,0xa5), + .s = chunk_from_chars( + 0x9a,0xed,0x20,0xa8,0xbd,0xaf,0x26,0xf1,0xf1,0x19,0x02,0x0d,0x8f,0x3e,0xa6,0xce, + 0x91,0x51,0x38,0xd4,0xc8,0x7d,0xce,0x02,0x5e,0x7f,0x4e,0x49,0x53,0x6c,0x8e,0xc0, + 0x79,0xed,0xc6,0xca,0xf0,0xd6,0x03,0xbf,0x42,0xbd,0x6a,0x45,0x4a,0x6d,0x52,0xd0, + 0xd9,0x9f,0xd0,0xf5,0x9f,0xfb,0x3b,0x22,0xe9,0xe6,0x7b,0x3d,0x0b,0xb2,0xd2,0x75, + 0xd9,0xae,0xdc,0x6d,0xa9,0x6a,0x72,0xcb,0xff,0x35,0xc4,0x3e,0x7f,0x39,0xa9,0x96, + 0xfa,0x8a,0x6d,0x33,0x8a,0x07,0x25,0xf7,0x85,0x25,0x4f,0xe9,0x1a,0x20,0x83,0x4b, + 0xa5,0x57,0xfe,0xdf,0xe7,0x15,0x2b,0x99,0x56,0xfe,0xdd,0xfd,0x94,0x17,0x41,0xef, + 0xf9,0x17,0x7c,0x2f,0xbb,0x55,0xe2,0x00,0xbb,0xe4,0x21,0x62,0xb3,0x2a,0x94,0x0c, + 0xc3,0x00,0xab,0x37,0x55,0x57,0xdf,0xfd,0x48,0xdf,0xa5,0x39,0xf5,0x0e,0xdd,0x52, + 0xdf,0x15,0x8d,0x90,0x72,0xd1,0x49,0x82,0xe9,0x63,0x03,0xbc,0x61,0x2c,0x2c,0x25, + 0x06,0xdb,0xca,0x3a,0x93,0x9d,0x62,0x6d,0x2e,0x7f,0xb4,0x44,0xc6,0xad,0x7d,0x8d, + 0x9f,0x3b,0xba,0x82,0x10,0xb2,0xac,0x2f,0x69,0x67,0x83,0xc3,0x49,0xfc,0x52,0x80, + 0xc1,0x05,0x40,0x2a,0x4b,0x3d,0x86,0xbe,0xf5,0x02,0x6c,0x3d,0xd9,0x99,0xe3,0xb2, + 0x23,0x80,0xf9,0xdc,0xce,0x40,0xe3,0xa9,0xcc,0x9f,0x1d,0x7b,0xc3,0x8e,0xf3,0xdd, + 0x7e,0x94,0x13,0xbb,0x57,0x98,0x00,0xc0,0xe6,0xc3,0xe9,0xab,0x91,0x2d,0xa8,0xfe, + 0xc1,0xa4,0xab,0x21,0x39,0x8e,0x96,0x80,0xba,0x0d,0x04,0xf3,0xb4,0xc8,0xd5,0x3c, + 0x02,0xf0,0x5c,0x7a,0xe4,0x9b,0x70,0xa5,0x61,0x1c,0xf8,0x2e,0x38,0xde,0x84,0xaa, + 0x8c,0x24,0x26,0xf0,0xb6,0x3e,0xa0,0x1b,0x28,0x9f,0x20,0x1d,0x3a,0xf4,0x0d,0xad, + 0x5d,0x6e,0x5b,0xcc,0xc7,0x5b,0x99,0x59,0xe5,0xc9,0x75,0x8e,0x79,0x10,0x5a,0xf7, + 0xa9,0xaf,0xb1,0x2a,0xee,0x57,0x7c,0xb3,0x99,0x18,0x79,0xdb,0x0f,0xd8,0x66,0x2c, + 0x5b,0xc4,0x90,0x22,0x75,0x24,0x98,0xa3,0x01,0xd9,0x5f,0x4b,0x1d,0x08,0xc0,0x1e, + 0xbc,0x31,0x3f,0x89,0xc0,0x0b,0x1e,0xc2,0x73,0x5a,0x07,0x98,0x3f,0xd5,0x28,0xe6, + 0x38,0x82,0x45,0x03,0x6f,0x0e,0xd4,0xa2,0xdb,0xb6,0x5d,0xd3,0x3a,0xb7,0xf1,0x24, + 0xc0,0x14,0xec,0x16,0x79,0xf1,0xc2,0xf1,0x1e,0xdf,0xfb,0x93,0xfa,0x2d,0x1d,0x73), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x0c,0x11,0x95,0x02,0xc2,0xa0,0x19,0x20,0xa0,0x90,0xe4,0x33,0x57,0xe7,0xb2,0x8e, + 0x33,0xc7,0xee,0x85,0x8b,0x43,0x30,0xe0,0x5c,0x71,0x04,0x89,0x31,0xc0,0xed,0x88, + 0x46,0x8c,0xa9,0x31,0xec,0xf0,0xb7,0x9c,0x2f,0xdc,0x17,0x56,0xb7,0x67,0x51,0x56, + 0xec,0x66,0xb8,0x33,0x5e,0x3d,0xf0,0x94,0x63,0xf5,0xae,0xe7,0x02,0x8f,0xbf,0x56, + 0x0f,0x98,0x4c,0xf6,0x98,0xfe,0x5c,0x42,0x80,0x22,0x9a,0xc9,0x6a,0x2e,0x59,0x23, + 0xd8,0xa9,0xd5,0x29,0x94,0x49,0xbb,0x66,0x50,0x08,0xec,0xc8,0x89,0x79,0x7e,0x9b, + 0xb1,0x5d,0x04,0xb8,0x8c,0x72,0x10,0xfa,0xdb,0x8b,0xf6,0xf2,0x38,0xe5,0xd2,0xdc, + 0x41,0xb9,0xcc,0xd1,0xf8,0x0e,0x9a,0x3e,0x6a,0xd1,0x47,0x94,0x8f,0x27,0x33,0x41), + .s = chunk_from_chars( + 0x8a,0xbf,0x2a,0x30,0x77,0x4e,0x6e,0x73,0x38,0xec,0xa0,0x9c,0xcc,0xac,0xa3,0x68, + 0x43,0x99,0x94,0x04,0x92,0xfb,0x94,0xb2,0x3b,0x5a,0xd6,0x2c,0xe3,0xe1,0x1d,0x2d, + 0xbe,0xf8,0x96,0x6b,0xa5,0x26,0x99,0x79,0xeb,0x96,0x53,0xba,0xad,0x71,0x95,0x16, + 0xd3,0xe8,0x39,0x90,0x79,0xa2,0xf6,0x70,0x27,0x5a,0x2e,0xd4,0x2c,0x82,0x0a,0x9a, + 0x31,0xfc,0xd7,0x03,0xa7,0x66,0x37,0xe0,0xd7,0x13,0xf3,0x2d,0x79,0x2b,0x9a,0xe3, + 0x6d,0x72,0x88,0xf6,0x0c,0x2d,0x1a,0xe5,0x26,0x83,0xbb,0x15,0x94,0x1b,0x1c,0xd8, + 0x90,0xd2,0xcd,0x64,0x99,0x8b,0x77,0x25,0x85,0xe7,0x60,0x32,0xa1,0x70,0x2e,0x06, + 0x52,0xcb,0xf2,0x59,0xa1,0xce,0xae,0x69,0x5d,0x40,0xcf,0x2f,0x4f,0x6d,0x81,0x34, + 0x1c,0x8b,0xc9,0x08,0x2c,0xb9,0x6c,0x75,0x2c,0x35,0x5d,0xfb,0xe2,0x96,0xdd,0x21, + 0xd6,0x98,0x46,0xfa,0x37,0x61,0x3e,0x73,0x81,0x7b,0x2a,0x07,0x04,0x66,0x58,0xc9, + 0xe3,0xfc,0x6d,0x09,0x1e,0x17,0x59,0x1b,0xb1,0xa4,0xfb,0x6e,0x2a,0xc0,0x0a,0x31, + 0x94,0xc1,0x48,0x8e,0x16,0xa9,0xd2,0x90,0x37,0x86,0xdb,0x86,0xae,0x90,0xe9,0x6a, + 0xcb,0x4d,0xe9,0x90,0x1a,0xaf,0x1b,0x06,0x51,0xfb,0x76,0xa5,0x8d,0xcb,0x3d,0xb4, + 0x73,0xef,0xbf,0xb8,0x31,0xef,0x8e,0x30,0xf8,0x99,0x67,0xdd,0xd3,0xa6,0xc2,0xf1, + 0x89,0x79,0xa0,0x45,0x06,0x57,0xcd,0xae,0xef,0x6e,0x59,0x37,0x7c,0x6d,0xb1,0xec, + 0x46,0x06,0x5f,0x61,0x40,0x24,0xa6,0x9c,0x51,0x8a,0x55,0x99,0x42,0x59,0x4a,0x46, + 0x26,0x6e,0x0d,0x3c,0xa1,0x33,0x42,0x96,0xb9,0x68,0xa2,0x3a,0x4b,0x11,0xc6,0x3a, + 0x97,0xe2,0x9e,0xb1,0x6b,0x24,0xc0,0x2d,0x54,0x5d,0x5b,0x42,0x7e,0x6a,0xa5,0x85, + 0x33,0x33,0x18,0xe6,0x3a,0x20,0x45,0x24,0xe0,0xe4,0x2a,0xc1,0xed,0xb7,0x0d,0x34, + 0x56,0x78,0x0d,0xbe,0xad,0x31,0xf7,0x85,0xf0,0xb2,0xa7,0x7f,0xfe,0xb0,0xd3,0x73, + 0x84,0xcb,0x5f,0x65,0xb4,0xe3,0x6c,0xa2,0x41,0xf3,0xb2,0xb0,0x59,0x10,0x5f,0xaa, + 0xa3,0x22,0x2d,0x6c,0x13,0x5e,0xa5,0xa3,0x66,0x51,0xae,0xa3,0x96,0xd2,0x2f,0xc4, + 0xea,0x1b,0x40,0x4d,0x7e,0x83,0x4b,0x6d,0xf1,0xfb,0x83,0x8b,0xb5,0xba,0x0d,0x78, + 0x4a,0x96,0xe2,0xae,0x28,0x43,0xdb,0x3e,0xee,0xa4,0x96,0xc7,0xad,0x2b,0x42,0x41), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xdd,0xbd,0x84,0x68,0xbd,0xb0,0x36,0xf4,0x79,0x9f,0x42,0x8b,0xc8,0xb4,0x37,0x4e, + 0xd9,0xb7,0xcd,0xe5,0x41,0x33,0x7a,0xc4,0x39,0xd4,0x41,0xac,0x06,0x14,0xcb,0x75, + 0xb8,0x16,0xb8,0x0c,0x17,0xd2,0x37,0xb8,0xdb,0x73,0xd4,0xa1,0x1b,0xfd,0x92,0x92, + 0x08,0x33,0x3a,0xfe,0xdb,0xb8,0xf2,0x41,0x0c,0x74,0x11,0x29,0xc5,0x39,0x32,0xb5, + 0x96,0xa7,0x88,0x1c,0x6a,0x4d,0x71,0x11,0xba,0x10,0x4d,0x46,0x00,0xd1,0x90,0x2f, + 0x6f,0x4a,0x16,0x08,0xe1,0x39,0xb7,0x19,0x11,0xc1,0x1c,0x39,0x0a,0x0d,0xd0,0x91, + 0xdf,0x36,0x9a,0xa2,0x9d,0x67,0x0b,0x8a,0x7e,0x3f,0x53,0x82,0x5f,0x76,0x59,0xac, + 0x74,0xc4,0x0a,0x0c,0x3b,0xfe,0xf0,0xd3,0xae,0x83,0x07,0xe4,0xbd,0xd6,0xcd,0x91), + .s = chunk_from_chars( + 0x4e,0x37,0x7e,0x24,0x59,0x81,0x5d,0x5b,0x33,0x91,0x5f,0xa6,0x3c,0xd4,0x77,0xb5, + 0xbe,0x7c,0x6b,0x7f,0x78,0x14,0xd1,0x35,0x00,0x34,0xce,0x71,0x0b,0xe6,0x7e,0xd6, + 0x91,0x39,0xdb,0x62,0x2e,0xf6,0x0e,0xc6,0xb7,0x63,0x8e,0x94,0xb2,0x02,0x36,0x8b, + 0xac,0x63,0x1e,0x05,0x77,0x02,0xb0,0xe6,0x48,0x7b,0x32,0x4a,0x6b,0x98,0xed,0x7e, + 0x03,0xd1,0xf3,0xf2,0x0a,0x98,0x14,0xb0,0x0e,0x21,0x7a,0x46,0x48,0xe4,0xbb,0xc4, + 0x49,0xa2,0xaf,0x40,0x5c,0xa4,0xb5,0x9f,0x84,0x38,0xdd,0xfd,0x75,0xd3,0x4d,0x10, + 0x64,0xe5,0x8b,0xfb,0x32,0x5c,0x55,0xbd,0x54,0xea,0x6c,0xdf,0x77,0x12,0xba,0x80, + 0x7c,0x3e,0x4c,0x66,0x5d,0x62,0x0c,0xd5,0x95,0x13,0xd7,0xbc,0x08,0x55,0x24,0x7e, + 0xb6,0x70,0xec,0xc2,0x92,0x50,0x96,0x61,0x81,0x27,0x02,0x70,0x32,0x75,0xd9,0xb2, + 0xf8,0x7e,0xf2,0x79,0xd7,0x70,0x0e,0x69,0xd9,0x95,0xdb,0x98,0x14,0x4a,0x14,0xc8, + 0x17,0x74,0xa4,0xcd,0x89,0x0e,0xc0,0x3d,0x13,0xf8,0x58,0xf3,0x76,0x9e,0x50,0x48, + 0xed,0x55,0xca,0xa8,0x12,0x01,0xe8,0x78,0x5d,0x37,0x71,0xce,0x6d,0xa5,0x11,0x75, + 0xd0,0x17,0xd2,0x11,0xfa,0x70,0x37,0x94,0x41,0x6f,0x46,0x9b,0x11,0x29,0xd7,0x31, + 0xab,0xde,0x74,0x4d,0xa5,0xb2,0xfa,0xcd,0x7a,0x9b,0x09,0x3d,0x6c,0x97,0x43,0x50, + 0x9b,0x01,0x03,0xba,0xb9,0xc8,0x1c,0x6e,0x5f,0x38,0xbc,0x97,0x18,0xe3,0xe4,0xfa, + 0xa8,0x64,0x75,0xd1,0x37,0x25,0xa8,0x29,0xac,0x61,0xdf,0x8d,0x15,0xf0,0xb2,0x7c, + 0xb4,0x0d,0x0e,0xba,0x0b,0x24,0x6b,0x9c,0x36,0x0b,0x56,0x9b,0x81,0xb3,0xab,0xf3, + 0x80,0xee,0xc2,0x74,0x92,0x31,0x6b,0xc2,0x92,0xe5,0x15,0x0e,0xe0,0x60,0x72,0x19, + 0xa2,0xbd,0x80,0xba,0x98,0x4c,0x7e,0x3f,0x19,0x89,0xbc,0x51,0xe4,0xc5,0xda,0x3a, + 0xe5,0x07,0x06,0x76,0xe0,0xc1,0x50,0xd0,0x37,0xa8,0x6a,0x0f,0x91,0xbf,0xc0,0x7c, + 0xde,0x64,0xc1,0x9f,0x9c,0x7a,0x7a,0xf4,0x4d,0x69,0x29,0x97,0x00,0x41,0x44,0x8d, + 0x3b,0x17,0xc2,0x49,0xd5,0xe0,0xb5,0x86,0x2e,0x9a,0x25,0x20,0x9e,0x8f,0x97,0xd7, + 0xa0,0xf0,0x30,0x18,0x15,0x04,0xfe,0xad,0x22,0x66,0xc8,0x73,0xfd,0x23,0x59,0x83, + 0xdf,0x3d,0x06,0x57,0xb9,0x20,0x96,0xe2,0xb4,0x90,0xdf,0x33,0xca,0x11,0x57,0x33), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xf9,0x96,0xf3,0xad,0xc2,0xab,0xa5,0x05,0xad,0x4a,0xe5,0x2b,0xc5,0xa4,0x33,0x71, + 0xa3,0x3d,0x0f,0x28,0xe1,0x95,0x0b,0x66,0xd2,0x08,0x24,0x06,0x70,0xf3,0x52,0xef, + 0x96,0x18,0x5e,0x9a,0x70,0x44,0xf4,0xce,0x2f,0x2f,0xf9,0xae,0x01,0xa3,0x1e,0xf6, + 0x40,0xe0,0xb6,0x82,0xe9,0x40,0xc5,0x10,0x51,0x17,0x59,0x46,0x13,0xdd,0x1d,0xf7, + 0x4d,0x8f,0x2b,0xa2,0x0c,0x52,0x22,0x3b,0x04,0x5a,0x78,0x2e,0x85,0x0a,0x12,0xa2, + 0xaa,0x5c,0x12,0xfa,0xd4,0x84,0xf1,0xa2,0x56,0xd0,0xcd,0x08,0x72,0xd3,0x04,0xe8, + 0x85,0xc2,0x01,0xcd,0x7e,0x1e,0x56,0xd5,0x94,0x93,0x0b,0xb4,0x39,0x21,0x36,0xfb, + 0x49,0x79,0xcc,0x9b,0x88,0xaa,0xb7,0xa4,0x4b,0xfc,0x29,0x53,0x75,0x1c,0x2f,0x4c), + .s = chunk_from_chars( + 0x30,0xb3,0x48,0x62,0x4f,0xaa,0x99,0x85,0xfc,0xd9,0x5f,0x9c,0x7e,0xad,0x3a,0xfe, + 0x64,0x56,0xba,0xdf,0x8c,0x0f,0xed,0xbd,0xad,0xb3,0xa9,0x00,0x3a,0x67,0x02,0x97, + 0x3a,0xcd,0xb4,0xe8,0x66,0x52,0x36,0x7d,0xb2,0x3e,0x0a,0x81,0x41,0x88,0x0d,0x66, + 0x31,0x83,0x4f,0x9f,0x17,0x1c,0x94,0xa8,0xfe,0x9c,0x31,0x5b,0xcb,0x86,0x80,0xec, + 0xfb,0x5a,0x4f,0x59,0xb4,0x5d,0x4e,0x4c,0x3c,0x05,0x82,0x8b,0x7f,0xaa,0xa8,0xe4, + 0x23,0x4a,0xad,0xa4,0xe7,0x66,0x64,0x6c,0xc5,0x10,0xd0,0x7b,0x42,0xbd,0x38,0x83, + 0xa8,0x3b,0x5b,0xcb,0x92,0xd9,0xe7,0xcc,0x1d,0xdf,0x59,0x0a,0x69,0x01,0x11,0xbf, + 0xc6,0x2a,0x51,0xaf,0x7e,0x55,0x54,0x3e,0xa5,0x18,0x8c,0x92,0x45,0x3d,0x41,0xd3, + 0xe8,0xfd,0xab,0xee,0x3e,0x1d,0xef,0xa9,0xd0,0xaf,0xdb,0x85,0xc8,0x15,0x3a,0x50, + 0x19,0xae,0x45,0x56,0x3e,0xa3,0x08,0x0a,0x30,0x22,0x66,0x81,0x68,0xf0,0xc2,0x73, + 0xa6,0xdb,0x1a,0xfa,0xdc,0xd5,0xed,0xbc,0xa5,0x02,0x1c,0x2e,0x53,0xf4,0xd9,0x51, + 0xc6,0x04,0x20,0x6a,0xe1,0x0f,0x28,0x7f,0x45,0x18,0x67,0x27,0x1d,0x37,0x04,0x82, + 0x79,0x1c,0xdf,0xdc,0xb6,0xa4,0x01,0x0f,0x6b,0x3d,0x9b,0x92,0x85,0x63,0xd1,0x68, + 0xda,0x19,0xf1,0xc1,0xe5,0x70,0xf8,0xc1,0x58,0xf3,0xd4,0x90,0xb2,0x9a,0xa2,0x3a, + 0xbd,0x1f,0xfd,0xf2,0x08,0x66,0xc3,0x4c,0x6e,0x63,0xb9,0xe8,0xa9,0xa0,0x2d,0x7a, + 0x1b,0x19,0x6d,0x05,0x5f,0x4c,0x53,0xce,0x82,0xb4,0x00,0xe4,0xab,0x9e,0x1b,0x9d, + 0x70,0xd0,0x04,0x9d,0x6d,0x57,0xcf,0x0a,0x49,0x49,0xcf,0xc6,0x8d,0x63,0x38,0x82, + 0x88,0x2d,0xcf,0xdf,0xc5,0x0c,0xf4,0x49,0xdf,0x10,0xac,0xf2,0x03,0x05,0xc2,0xaa, + 0x43,0xbd,0xa1,0x0f,0xd8,0xa1,0x0b,0x4e,0xca,0xa2,0x31,0x00,0xaa,0x47,0xe9,0x29, + 0x36,0xdc,0xe1,0xbf,0xb8,0xd6,0x59,0x52,0x35,0xbb,0xfe,0x2c,0x85,0x85,0xcb,0x16, + 0x47,0xb2,0xbe,0xac,0xb1,0xe1,0xd4,0xb6,0xce,0xf7,0x58,0x81,0x1a,0x68,0x33,0x0f, + 0xa9,0xc3,0xa8,0x25,0x73,0xc0,0x8f,0xa2,0xcd,0xa5,0xa0,0x3f,0x34,0x25,0x55,0x4e, + 0x45,0xd9,0x8c,0x16,0x45,0xc5,0xbd,0x27,0xd1,0x2e,0x6c,0x20,0xb2,0xc4,0x62,0xa7, + 0x46,0xe8,0x82,0xa3,0x42,0x1a,0x7b,0x1b,0x1e,0x25,0xb4,0xc3,0x6c,0x8b,0x16,0xa1), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x6a,0xce,0x05,0x2d,0x7e,0x99,0xcd,0x97,0x3b,0xb5,0xc9,0xf6,0x67,0x9b,0x1c,0x30, + 0x5e,0x07,0x20,0x89,0x65,0xfe,0x58,0xc6,0x3b,0x10,0xa6,0x92,0xf1,0xdb,0xbe,0x22, + 0xfc,0xd0,0xdb,0x15,0x89,0x3a,0xb1,0x9e,0x10,0x7b,0xa2,0xe4,0x2c,0x99,0x34,0xa9, + 0xaa,0xfa,0xc3,0x2a,0xdf,0x6c,0x73,0x47,0x3f,0x69,0x69,0xe4,0x2c,0x98,0x3b,0x8f, + 0x0c,0x96,0xa4,0x63,0x9e,0xf7,0x7d,0x2c,0x8e,0x88,0xe8,0xcc,0x47,0xd7,0xcf,0xdd, + 0x08,0xf6,0x8d,0x97,0x3a,0x7b,0xea,0xf4,0x01,0xcb,0x4d,0x13,0x11,0x99,0x2d,0xda, + 0xc3,0xa9,0xc9,0xe0,0x67,0xda,0x19,0x8a,0xdc,0x63,0x04,0x74,0x5f,0x5d,0xd3,0x12, + 0xa1,0x82,0xe6,0x97,0x1c,0x34,0xa5,0x15,0xa6,0xc1,0xba,0xe6,0x47,0xe5,0x7e,0x4c), + .s = chunk_from_chars( + 0x5f,0x0e,0x74,0xf4,0x54,0x75,0x4a,0x30,0x74,0xfa,0xaf,0xc6,0x05,0xf3,0xc9,0xaf, + 0x47,0x60,0x4a,0x89,0x83,0x65,0x0a,0x9b,0x62,0x11,0xfb,0x19,0x1d,0x9a,0xfa,0x53, + 0x15,0xdf,0x4d,0xb4,0x50,0x1f,0xd4,0xf0,0x4c,0x74,0x1d,0x76,0x46,0x56,0xd4,0xa5, + 0xd0,0x06,0x38,0x8a,0xd8,0xfd,0xb2,0x19,0xec,0x6b,0x75,0x69,0x08,0xe2,0x3b,0x30, + 0xcb,0x63,0x9f,0xfa,0x7b,0xbf,0x28,0x74,0x71,0x3b,0xfd,0x5a,0x10,0x62,0xc1,0x9d, + 0x04,0xe0,0xe4,0xa7,0x4b,0x14,0x44,0x6a,0x7f,0xdf,0x5c,0xb8,0x12,0xe9,0xac,0x7b, + 0x60,0x12,0xd9,0xae,0x99,0x1c,0x47,0x65,0x6d,0x2a,0xde,0xd2,0x40,0x74,0xbb,0x8a, + 0x38,0xb1,0xa8,0x8b,0x1c,0x2b,0x13,0x1e,0x5b,0x09,0xc9,0x37,0x57,0xfd,0xb2,0xd6, + 0xb6,0x9a,0xa8,0x26,0x5a,0x43,0x5f,0xba,0x00,0xae,0xb3,0x6a,0x1f,0x62,0x9b,0xc3, + 0x4b,0x87,0x60,0x89,0xd2,0x8a,0x94,0x8d,0xd6,0xab,0x4c,0x89,0x94,0x30,0xda,0x60, + 0xa2,0x6f,0x6c,0x13,0x60,0x3f,0xc8,0x89,0xc7,0xb2,0x93,0x6c,0xa3,0xc5,0x15,0x6b, + 0xd7,0xfa,0x6e,0x34,0xea,0xc9,0xe0,0x48,0x00,0x83,0x3e,0xf0,0xcb,0x9b,0x6e,0xef, + 0x78,0x8c,0x0e,0xf0,0x02,0x1a,0x45,0x36,0xfb,0x83,0x71,0xfa,0x3e,0x2c,0x8b,0xb8, + 0xbe,0xfa,0xc1,0x6e,0x80,0x92,0xd6,0x9c,0x57,0x1c,0x1e,0x15,0xfd,0x25,0x5e,0xc0, + 0xa0,0x7a,0xcf,0x9a,0xe9,0x95,0x38,0x31,0xef,0xd3,0xdc,0xbe,0xf4,0x4e,0x0f,0xcc, + 0xeb,0xb1,0xaf,0x95,0x9d,0x71,0xf5,0x01,0x30,0xe8,0xac,0xb4,0xfa,0x23,0x19,0x26, + 0x1f,0xba,0x12,0xf2,0x71,0x5d,0xef,0x82,0xbf,0xaf,0xbf,0x40,0xe3,0x45,0xec,0x5d, + 0xcd,0xab,0x5c,0x1b,0xf5,0xf6,0x6b,0x1d,0x0e,0x9f,0x7a,0x9c,0x62,0xc9,0x37,0x57, + 0x46,0xe1,0xae,0x0c,0x8f,0x14,0xa4,0x89,0x18,0x43,0x83,0xe8,0x1d,0xce,0x20,0x70, + 0xad,0x4b,0x52,0x5d,0xf7,0x6b,0x44,0x6b,0x1f,0x22,0x92,0x1d,0x42,0x4d,0x9b,0xa3, + 0xce,0x21,0x57,0x75,0x01,0xdf,0x62,0x80,0xfd,0xc6,0x9f,0x02,0x39,0xae,0x11,0x27, + 0xb6,0x99,0x50,0x75,0x9d,0x5f,0x0b,0x69,0x3f,0x54,0xe8,0x7e,0x07,0x63,0x62,0x3b, + 0xf5,0xd3,0xff,0x69,0x43,0x00,0x81,0xb9,0xc9,0xe2,0x44,0x5a,0x05,0xe1,0x15,0x67, + 0x5e,0x09,0x0b,0xca,0xb2,0xaa,0x1d,0x75,0xce,0xee,0x2a,0xd6,0x19,0xec,0x8b,0x80), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x0e,0x49,0x74,0x0f,0xdc,0xca,0x6b,0xfc,0xe2,0x94,0xc1,0x1f,0x45,0x40,0x78,0x05, + 0xb3,0xda,0x41,0x2b,0x01,0xef,0x3f,0xb5,0x13,0xe7,0x0e,0x62,0xfd,0x95,0x04,0xc0, + 0x67,0x0d,0xb6,0x9c,0x36,0xb6,0xbe,0xbd,0x69,0xa0,0xbc,0xd2,0x40,0x17,0x9b,0xa8, + 0xa4,0x78,0x16,0xa0,0xc3,0x43,0x7a,0x61,0xfb,0x72,0xad,0xca,0xf9,0x09,0x6f,0x2a, + 0x22,0xef,0xe0,0xb4,0x31,0xfc,0x42,0x2d,0x22,0x53,0x01,0xe8,0x50,0xf2,0xf0,0xf4, + 0xda,0x87,0xd6,0x94,0x4a,0x85,0x29,0xef,0x79,0x78,0x19,0x09,0xad,0x96,0xd1,0xf2, + 0x05,0x96,0xf9,0x3e,0x17,0xc5,0x7f,0xb4,0xd7,0x56,0x97,0x4b,0xbb,0xf9,0x00,0x52, + 0x1c,0xb0,0x89,0xee,0xe0,0xde,0xd5,0xc9,0x56,0xa1,0x5b,0x09,0x61,0x62,0xb0,0x7f), + .s = chunk_from_chars( + 0x7b,0xbb,0x3d,0xdd,0x17,0xa4,0x2b,0xe7,0xcc,0x4e,0x7e,0xaf,0x45,0x65,0x09,0xa4, + 0xba,0x58,0xd4,0x0c,0x49,0xa3,0xd9,0x95,0x73,0xb7,0x33,0xe1,0x94,0x2f,0x9f,0xca, + 0x20,0xba,0x8b,0x91,0x07,0x08,0xd6,0xe7,0x50,0x36,0x7e,0x84,0x73,0x02,0xfc,0x60, + 0x3b,0x80,0x63,0xc1,0x9a,0xf8,0x83,0xe7,0x50,0x7f,0xb0,0xd9,0xcc,0x2b,0xe3,0x74, + 0x79,0xa3,0x7c,0xca,0x25,0xb8,0xc7,0xc4,0x6f,0x6b,0xf6,0x61,0xdc,0x6a,0x32,0x32, + 0xf8,0x8b,0x48,0x3f,0x1b,0x8f,0x41,0xb4,0x6d,0x49,0xba,0x3f,0x17,0x95,0xd6,0x8e, + 0xaa,0xd4,0xa2,0x55,0x6f,0xb5,0xd7,0x87,0x3b,0xbb,0x65,0x01,0xec,0xf0,0x6a,0xc5, + 0x58,0x23,0x5e,0xd1,0x39,0x90,0xb0,0xe1,0x6f,0x67,0x96,0x5b,0x09,0x36,0x6b,0xcb, + 0x36,0x2c,0xfc,0x6f,0xb9,0x78,0xf4,0xf6,0x8d,0x81,0x46,0xdc,0x8b,0x81,0x98,0x04, + 0xdf,0x42,0x4e,0x8c,0xa5,0xb6,0x3c,0xf1,0xfc,0xf9,0x7b,0xbf,0x30,0x0d,0x0b,0x99, + 0x88,0x60,0x79,0x8a,0x63,0x42,0x43,0x83,0xfc,0xd8,0x1d,0x37,0x77,0x3d,0x59,0xbb, + 0x13,0xb4,0xfa,0x5d,0x46,0x8c,0xd1,0x28,0xbb,0xab,0x18,0xa8,0xce,0x51,0x73,0xbe, + 0x5d,0x9d,0x54,0xd3,0x17,0x7f,0x02,0x45,0x78,0x84,0x09,0x97,0x3d,0xf4,0xa9,0x01, + 0x6b,0x94,0x4b,0xae,0xfb,0xf3,0xbf,0x11,0x46,0xa9,0x39,0x3d,0x22,0xe3,0x5e,0xc2, + 0xbe,0x0a,0xe6,0xf4,0xc3,0x1d,0xc4,0x98,0x1f,0x40,0xfc,0x1b,0xaf,0x38,0x26,0x00, + 0x69,0x9e,0xaf,0xce,0xa9,0x2c,0xbe,0x24,0xe2,0x6e,0xe8,0x46,0xfa,0x23,0xbc,0x19, + 0x3b,0x6e,0x72,0x14,0x01,0xb7,0xac,0x3f,0x5f,0x4e,0xbe,0xb6,0x33,0x97,0x9f,0x8e, + 0xf3,0x5f,0x4a,0xb1,0x11,0x7a,0x86,0x9d,0x5b,0x9d,0xbb,0x74,0x82,0xf0,0xd5,0xa5, + 0x9e,0x41,0x63,0x54,0x8d,0x25,0x12,0xae,0x06,0x72,0x05,0xb5,0x7d,0x03,0x0c,0x48, + 0x3f,0x72,0x0d,0x2c,0x44,0x35,0x04,0x28,0xf5,0x26,0x89,0x43,0xfc,0x5f,0x6e,0xa1, + 0xc8,0x8e,0x2e,0xc1,0x3a,0xb3,0xdc,0x14,0x56,0xe9,0x6a,0x3b,0x8e,0x7c,0x12,0x1a, + 0xf4,0xd6,0xa5,0xfe,0x4e,0xe5,0x5e,0x99,0xfb,0xc3,0x59,0x2a,0x48,0x7c,0x19,0x4b, + 0xc2,0xf2,0xbf,0x6e,0x79,0xfb,0x79,0xc2,0x87,0x6c,0xf3,0x36,0x5e,0x07,0x5b,0xee, + 0xac,0xc7,0xdb,0x4d,0xb7,0xee,0x69,0xe7,0xf1,0xfe,0x12,0xa3,0x27,0xe6,0xcb,0x0f), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0x0e,0x67,0x5d,0xac,0x9a,0xec,0x91,0x01,0x06,0xa6,0xab,0x21,0x9b,0x4c,0xce,0xb5, + 0x2d,0xed,0x25,0x49,0xe8,0x99,0xc9,0xa2,0x4d,0x5e,0xe5,0x51,0x77,0x76,0x18,0x88, + 0xa3,0xbe,0x1a,0x2d,0xef,0x6a,0xa3,0x2d,0x62,0xf7,0x88,0x13,0x2d,0x62,0x27,0xd9, + 0x30,0x98,0x06,0xfd,0xc0,0x2d,0xb7,0xd8,0xa8,0x50,0xff,0x2c,0x6d,0xff,0x37,0xfc, + 0xd7,0x77,0xf1,0xa0,0xac,0xef,0xdf,0x18,0xbf,0x85,0xf1,0xa1,0x29,0x79,0xbe,0x86, + 0xd7,0x99,0x25,0x39,0x45,0xfc,0x34,0xa2,0x88,0xf3,0x48,0xb7,0x92,0x3d,0x76,0x4d, + 0xb2,0x7a,0x2a,0x2d,0x5a,0xe2,0x0e,0x6b,0x25,0x37,0x2e,0xf3,0x18,0xf8,0x59,0x65, + 0x29,0xd8,0xca,0x23,0xfd,0x6f,0x08,0xa8,0xf6,0x2e,0x0a,0x1b,0x6d,0x98,0x9f,0x23), + .s = chunk_from_chars( + 0x80,0x52,0xd9,0x5f,0x12,0xce,0x0e,0x6e,0x53,0xa5,0xa3,0x56,0xa0,0xeb,0x35,0x3b, + 0xdc,0xc1,0xa6,0x65,0x14,0xd6,0xcf,0xb3,0xa3,0xd9,0x61,0x55,0x31,0x0b,0xdd,0xa0, + 0xa0,0xd1,0x79,0x5f,0x97,0x64,0x3f,0x3a,0x44,0x96,0x63,0x4f,0x2d,0xd9,0xb9,0x5a, + 0x21,0x38,0xee,0x39,0x0e,0x1e,0x74,0xbe,0x31,0x34,0xf3,0xf4,0x7a,0x91,0x9e,0xe7, + 0xb5,0x9f,0x8e,0xcd,0x27,0x2a,0xb8,0x8c,0x82,0xcb,0xce,0x7c,0x21,0x7e,0x5f,0x92, + 0xd0,0x57,0xa5,0xb0,0x0f,0xbf,0x05,0x75,0xcd,0xae,0xcd,0x7d,0xc2,0x85,0xa4,0x21, + 0x8c,0x8a,0x95,0x52,0x16,0x59,0x8f,0x07,0x42,0x67,0x1e,0x01,0x8e,0x8e,0x4e,0x76, + 0x83,0x9a,0x57,0x5f,0x50,0xb2,0x10,0x2a,0x8b,0x77,0xd1,0xb8,0x4f,0x6d,0xce,0x98, + 0xd7,0x8e,0x57,0x58,0xe0,0xa6,0xf9,0x2b,0xf3,0x5d,0x6a,0x2f,0x18,0xad,0x40,0x09, + 0x25,0xd7,0x88,0x0f,0x9e,0xfc,0x77,0x4a,0x8c,0x7e,0xbf,0x64,0x88,0x5c,0xd2,0xf6, + 0xf6,0x29,0xb5,0x4a,0x7c,0x12,0xec,0x91,0xd3,0x9b,0x3c,0x25,0x18,0x24,0x1f,0xdc, + 0x32,0x2d,0x9b,0x23,0x5a,0x8e,0xa4,0x4f,0x77,0xe8,0x2f,0x3d,0xc4,0xf7,0x28,0xf6, + 0x20,0xc0,0x7d,0x1e,0x7f,0xf4,0x09,0x4f,0x29,0xc6,0x74,0xab,0x0f,0x08,0x02,0xef, + 0xa1,0xc9,0xe6,0x48,0x1e,0xbb,0x84,0xe0,0xbf,0x13,0xef,0x46,0x8d,0x8c,0xca,0x11, + 0x45,0x70,0xb9,0xed,0xcd,0xdf,0x98,0xac,0x4a,0x83,0x4f,0xe7,0xa0,0xd5,0xc6,0xfa, + 0xe8,0xa6,0x0a,0x48,0x39,0x9f,0x3c,0x8a,0xf4,0x2f,0xf4,0x02,0x6e,0x42,0xa8,0x1a, + 0xac,0x36,0x11,0x4f,0xfc,0x05,0x3f,0x3f,0x72,0x9b,0x7c,0xf9,0xa9,0x7a,0x56,0x84, + 0x8e,0xbe,0xa0,0x11,0x5a,0xa8,0x29,0x83,0x41,0xaa,0x22,0x69,0x63,0xeb,0xdf,0x57, + 0xab,0x2d,0x8e,0x4b,0x90,0x00,0xdd,0x05,0x1a,0x6c,0x5d,0x69,0xf6,0x0e,0x1d,0xc1, + 0xb3,0x3f,0x20,0x94,0xfd,0xbf,0x8e,0x5b,0x62,0x7b,0xc0,0x76,0x4d,0xb9,0x52,0x2c, + 0xbb,0xc0,0x81,0xdb,0xf3,0x8c,0x21,0xb1,0x3f,0x98,0x08,0x13,0xbd,0x2b,0x00,0xc7, + 0x57,0xeb,0xb8,0xc0,0xb2,0x12,0x13,0x15,0x2e,0x69,0x40,0x39,0xf3,0x06,0xf7,0x34, + 0x28,0x57,0x65,0x1f,0x72,0x2b,0xdd,0xa0,0x12,0x12,0xa8,0x55,0x27,0x99,0xbd,0xa6, + 0xef,0x07,0xc5,0x20,0x7d,0xc7,0x44,0xef,0x79,0x69,0xaf,0xd5,0xaf,0x2e,0x6f,0x12), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .m = chunk_from_chars( + 0xf6,0xa7,0xa6,0xe5,0x26,0x59,0x12,0x5f,0xbb,0xc8,0x72,0x74,0x17,0x28,0x3b,0x9a, + 0x64,0x44,0x1f,0x87,0x12,0x1e,0x27,0xf3,0x86,0xd5,0x01,0x9f,0x10,0xcc,0x9b,0x96, + 0x1e,0x09,0xf1,0xb3,0xb0,0xdb,0x23,0x63,0x0c,0xc0,0xca,0xac,0xb3,0x85,0x8c,0x6f, + 0x93,0xaf,0xee,0xea,0x7e,0x1a,0x6a,0x80,0xdb,0xe0,0xc2,0xbd,0x9c,0x7c,0x93,0x95, + 0x70,0x30,0x2d,0xec,0x39,0xa4,0xa2,0x5c,0xc0,0xcf,0x1d,0x32,0xa7,0x1a,0x75,0xb9, + 0xa0,0xc3,0x02,0xbc,0xdd,0x80,0xb0,0x46,0xc8,0x66,0x51,0xac,0xf3,0x08,0x38,0xcd, + 0x52,0xe3,0x03,0x99,0xa8,0xfa,0xb8,0xd0,0x3f,0xbd,0x14,0x0c,0xdc,0x2f,0x1f,0x02, + 0xf2,0x48,0x04,0x05,0x16,0x98,0x20,0xcc,0xb3,0x2e,0x59,0x74,0xff,0xb8,0xb1,0xc8), + .s = chunk_from_chars( + 0x84,0x60,0x3a,0xcb,0xfe,0x1f,0x2f,0x76,0x9f,0x1a,0x62,0xb0,0xf2,0x87,0xf3,0x06, + 0x94,0x0b,0x22,0x54,0x76,0x71,0x4a,0x4b,0x68,0x27,0xc0,0x2d,0x7b,0xd0,0x52,0xf3, + 0x03,0xf3,0x0a,0x5f,0xa6,0xda,0x83,0xe6,0x06,0x15,0x30,0x56,0x69,0xca,0x9e,0xc1, + 0x77,0xc5,0xb3,0x2b,0x14,0x15,0xee,0xbe,0xf7,0x86,0x20,0x29,0x6e,0xba,0xd6,0xdb, + 0xbd,0x52,0x08,0x39,0xd3,0xaa,0xcc,0x97,0x81,0xac,0x86,0x02,0xdd,0xce,0x07,0x36, + 0xdc,0xfa,0x72,0x90,0xb4,0x5f,0x15,0x5b,0x8e,0x92,0x4d,0x0a,0xfd,0xf7,0xdf,0xc8, + 0xd1,0x99,0xbf,0x09,0x50,0x9d,0x01,0x76,0xa6,0x8b,0x14,0x57,0x56,0xee,0xf5,0x3d, + 0xe4,0x56,0xe1,0x70,0x78,0x85,0x98,0x49,0xa3,0x52,0xa5,0xbb,0x65,0x42,0x39,0xd8, + 0xeb,0xaf,0x88,0x00,0xca,0x82,0x63,0xd3,0x4a,0x86,0x8d,0x52,0xbf,0x8f,0x22,0x64, + 0x4d,0xd9,0xf3,0xc0,0x5b,0xd8,0x91,0xcd,0x92,0xf2,0x63,0x53,0x0c,0x58,0x96,0x02, + 0x3c,0x6b,0x21,0x3d,0xdb,0x64,0xed,0xe1,0x77,0x0f,0xf1,0x68,0x6c,0x34,0x03,0x6e, + 0x28,0x1e,0x91,0x1d,0x9d,0xc9,0x60,0x35,0x4f,0xd8,0x44,0xcb,0x7b,0x22,0xdc,0x0c, + 0xd8,0x1a,0x96,0x20,0x3b,0xa8,0x18,0x40,0x1c,0xcc,0x22,0x5f,0x85,0x7e,0x59,0xa5, + 0xcb,0x7b,0xa6,0xdf,0xc7,0xf5,0x13,0x5e,0xa3,0x27,0x81,0xe6,0x3d,0xaa,0x14,0xfb, + 0xda,0x1b,0xac,0xc1,0x8e,0xbc,0x50,0x82,0x4d,0x40,0x28,0xb8,0xfd,0xec,0xda,0x49, + 0xe8,0x10,0xba,0xe5,0xac,0xc8,0xad,0xc0,0xdc,0xa2,0xe2,0x36,0xfc,0x83,0x2a,0x97, + 0x33,0x0a,0x12,0x14,0xfa,0x0a,0xed,0x15,0xcd,0x10,0xc0,0x49,0xef,0xb6,0x5c,0xe8, + 0x55,0xc0,0x60,0xf0,0x5b,0xef,0xb3,0x17,0xb8,0x06,0x58,0x43,0xc4,0xeb,0x5a,0x03, + 0x71,0xfc,0x6f,0x20,0x9f,0x6f,0xfb,0x94,0x8c,0x88,0x1f,0x2f,0x20,0x91,0xca,0xf0, + 0xf5,0x9f,0x60,0xb7,0x2c,0x5f,0x67,0x27,0x1b,0xae,0x96,0xb9,0x13,0xfd,0x21,0xfa, + 0x1d,0xfa,0x97,0x5d,0x5e,0xcd,0x62,0xb0,0xd5,0x08,0x73,0xb6,0x86,0xd2,0x9c,0x88, + 0x0d,0x36,0xed,0xca,0xd3,0x3e,0xc3,0xe2,0x21,0x6c,0x9c,0xfc,0xfb,0x4f,0x98,0x4c, + 0x23,0xfd,0xe8,0x15,0xe2,0x80,0xa8,0x02,0x42,0x86,0x08,0xbe,0xd3,0x73,0x9a,0xf9, + 0x20,0x0d,0xe1,0xf8,0x5e,0xde,0xe2,0x83,0x4c,0x04,0x94,0x2c,0x06,0x8a,0xac,0xd2), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xbb,0x29,0x4b,0x95,0xd9,0x13,0x00,0x5b,0x11,0x09,0x87,0xcd,0xe4,0x58,0x87,0x48, + 0x4a,0xe6,0xdf,0x79,0x48,0x73,0xdf,0xc5,0xc4,0x1f,0xb7,0xe8,0x99,0x2c,0x2f,0xdc, + 0xe7,0x06,0x99,0xfc,0xac,0x80,0x04,0x69,0x99,0x61,0xb3,0xad,0x1e,0x1f,0xce,0x9e, + 0xc8,0xea,0x56,0x85,0xcc,0xec,0x5e,0x80,0xe4,0xd0,0x79,0x25,0x59,0x81,0x6f,0x68, + 0x61,0x34,0x34,0xbf,0xac,0xa8,0x1a,0x84,0x3a,0xac,0x45,0x9a,0x6f,0xe3,0x5f,0x53, + 0x69,0xc4,0x8e,0x91,0x91,0xe4,0xa3,0x2c,0x70,0x78,0x95,0x94,0xc5,0x15,0x2d,0xb8, + 0xd4,0xbb,0x02,0x26,0x00,0x12,0xa8,0x73,0x9c,0xf3,0x25,0xdd,0xff,0x2a,0xa4,0x2f, + 0xd6,0x7b,0x6e,0xe5,0xbf,0xe3,0x15,0x91,0x13,0x1f,0xf2,0x7d,0x02,0x73,0xd2,0x92), + .s = chunk_from_chars( + 0x32,0x63,0x7c,0x60,0x79,0x8b,0x45,0x0b,0xff,0x10,0x0b,0xff,0x12,0x83,0x83,0x57, + 0xde,0xff,0x28,0x1d,0x5b,0x31,0xe4,0xf4,0xc2,0xcf,0xc9,0x6e,0xb7,0x79,0xce,0x6d, + 0x31,0xb1,0xce,0x8b,0xd7,0xaa,0x7f,0xa8,0x8d,0xdc,0x42,0x79,0xc8,0xc3,0x28,0x06, + 0x04,0xb0,0x18,0xcc,0xf4,0x52,0x00,0x4a,0x14,0x88,0xed,0x47,0x50,0x18,0x1c,0x50, + 0x25,0x63,0x65,0x11,0xac,0x67,0x24,0xfe,0x51,0x76,0x1c,0x27,0xd7,0xcf,0x9a,0x0c, + 0x87,0x82,0xea,0x22,0x31,0x26,0x88,0x53,0xc4,0xb1,0xf7,0xac,0xb0,0x00,0x5e,0x56, + 0x87,0xc8,0xf3,0xdf,0x16,0xc9,0x62,0xf0,0x2c,0xe5,0x6b,0x23,0xd3,0x87,0xa2,0xba, + 0xad,0xc8,0xbe,0xc9,0x42,0x29,0xc3,0x55,0x75,0x26,0xe6,0x17,0x07,0xa8,0xb5,0x92, + 0x93,0xa9,0x76,0xe3,0x2c,0x7f,0xa1,0x33,0x28,0x50,0x88,0xf3,0xce,0x3e,0x67,0x77, + 0x88,0xaa,0xa9,0x47,0xe7,0x62,0x2c,0x75,0x7e,0x84,0x4b,0x11,0x75,0x92,0xbe,0x99, + 0xfe,0x45,0x37,0x6f,0x8b,0x30,0x13,0xe8,0x77,0x2e,0xc9,0x2c,0x5b,0xb0,0xb9,0xfa, + 0x30,0x1b,0x95,0x54,0x45,0x99,0x69,0x0a,0xd9,0x36,0x68,0xd8,0x3b,0x2d,0xaa,0x7d, + 0xf0,0x5c,0x66,0x21,0x4e,0x27,0x50,0x14,0x78,0x0a,0x91,0x2d,0x8b,0x19,0x32,0xd7, + 0xa6,0x55,0x05,0x8e,0x74,0x3f,0x50,0xb0,0x74,0xb1,0xd9,0x69,0x1c,0xa2,0x3a,0x2f, + 0x95,0xf6,0xaf,0xfb,0xd5,0x16,0xd6,0x4c,0xcb,0x2a,0xa4,0x3c,0x23,0x6e,0xb9,0x5d, + 0x36,0xd2,0x72,0x54,0x5e,0x3b,0xeb,0x8f,0xf5,0xaa,0xcd,0x95,0xb3,0x0f,0x7f,0x1d, + 0x64,0x18,0xaf,0x04,0x2c,0xd9,0xa0,0xcf,0x01,0x89,0x84,0x62,0x62,0x32,0x2a,0x18, + 0x87,0x5a,0xe4,0xc3,0xe6,0x8e,0x4e,0x8f,0xfa,0xa0,0x27,0x6c,0xdd,0x99,0xa0,0x04, + 0x7c,0x86,0xc0,0xf7,0x1d,0x2d,0xee,0xfd,0x50,0x64,0x2d,0x29,0xc1,0x95,0xe6,0xd1, + 0x4f,0xb4,0x6f,0xba,0xc3,0x3a,0x50,0x8c,0x1f,0x03,0xa2,0x32,0xde,0x08,0xaa,0xe0, + 0x9f,0xaf,0x1d,0xa8,0xed,0x2b,0xa2,0xae,0x84,0xbc,0xca,0x88,0xb7,0x8d,0xcc,0xbd, + 0xe9,0xaf,0xde,0x08,0xa3,0xbe,0xb3,0x22,0xdc,0x79,0x35,0x6b,0x29,0xc8,0x48,0x41, + 0x69,0x89,0x14,0xb0,0x50,0xbe,0xb7,0x5a,0x7b,0x2f,0x67,0x01,0xaa,0x81,0x01,0xa5, + 0xa4,0x95,0x5e,0xe2,0x7b,0xaf,0xe8,0x1b,0x21,0xd0,0x3b,0x43,0xe3,0xc7,0x73,0x98), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xf9,0x46,0xc6,0xbd,0x5e,0x1d,0x6b,0x89,0x09,0x2f,0x3c,0x48,0x7c,0x05,0x68,0xfa, + 0x07,0xc3,0x56,0xfa,0xe9,0xb8,0xe8,0x31,0xb8,0x32,0x02,0x89,0x03,0x97,0x46,0xa4, + 0x35,0xb1,0x22,0xcf,0xbc,0x4a,0x0d,0x31,0x6b,0xf9,0x0d,0x48,0x1d,0x3b,0x7d,0x97, + 0x9c,0xc5,0x0d,0x98,0xc1,0x19,0x0a,0xf8,0xdc,0x58,0xe0,0x03,0x55,0x57,0xdd,0x5e, + 0x94,0xf4,0x37,0xf4,0x1f,0xab,0x51,0x32,0x02,0x64,0x3a,0x77,0x74,0x8f,0x76,0xc6, + 0xb7,0x73,0x02,0xbf,0x40,0xc3,0x92,0xcd,0x18,0x73,0x1d,0xa0,0x82,0xc9,0x9b,0xde, + 0xde,0xb7,0x0e,0x15,0xcd,0x68,0xbf,0xf5,0x96,0x19,0xca,0xbc,0xc9,0x2a,0xdc,0xf1, + 0x22,0x75,0x3c,0x55,0xaf,0xde,0x08,0x17,0x35,0x2b,0xc2,0x47,0xd1,0x17,0x0b,0x8d), + .s = chunk_from_chars( + 0x50,0x70,0x6b,0xa4,0x9d,0x9a,0x31,0x66,0x88,0xa3,0xee,0x80,0xa0,0xbd,0x98,0x67, + 0x57,0xd4,0x3e,0xc8,0x32,0x85,0xaf,0x9e,0x78,0x19,0x6b,0xd5,0x2c,0x90,0x0d,0x40, + 0xb2,0x80,0xfa,0x0d,0xe5,0x4e,0x35,0xac,0xe7,0xd6,0x66,0x00,0x12,0xf1,0xa6,0x62, + 0x04,0x09,0x2f,0x0e,0x63,0x4b,0x97,0xe0,0xe5,0x16,0x65,0xb4,0x07,0x5e,0x36,0xf1, + 0x42,0x22,0x66,0xc7,0xca,0xd7,0xb2,0xd9,0x98,0x1b,0x91,0x3d,0xf3,0xfa,0x3e,0x6a, + 0x5a,0x1c,0xad,0xfc,0x63,0x78,0xa8,0x54,0x0e,0x0f,0xaa,0x26,0xf1,0xcc,0x6f,0xb2, + 0xfb,0x49,0x2a,0x80,0xd0,0xa6,0x94,0x5b,0xce,0x5b,0xbc,0x23,0xdd,0xb3,0xb1,0x07, + 0x01,0xf0,0x24,0x9b,0x27,0x40,0x7a,0x67,0x00,0x80,0x2e,0x88,0x42,0xef,0x3c,0xc7, + 0x61,0xc4,0x82,0x3a,0xcb,0x5d,0x14,0x53,0x50,0x8d,0xcd,0xbb,0x97,0x9e,0x7b,0xd8, + 0xd0,0x01,0x28,0xe6,0x0a,0x9b,0x37,0x89,0x16,0x7c,0x91,0x41,0x7d,0x93,0xf0,0xe9, + 0xfb,0xb0,0x0c,0x9a,0xf1,0x49,0x8e,0x09,0xeb,0x64,0x85,0xeb,0x94,0xce,0xa4,0x88, + 0x3f,0x6a,0x25,0x6e,0xab,0x2c,0xaa,0x82,0x6d,0xe4,0xfd,0xac,0x01,0xba,0xca,0x3a, + 0x21,0x6e,0x3d,0x20,0x4a,0x3d,0x83,0x7f,0xfd,0x4d,0x0b,0xe2,0xb2,0xce,0xf7,0x11, + 0x90,0x90,0x54,0xc4,0xda,0x1d,0x5b,0x93,0xa8,0xf9,0x84,0x51,0xc7,0x00,0x2a,0xe8, + 0x4a,0x5e,0x70,0x80,0xd9,0x86,0x71,0xc5,0x0e,0x3c,0x91,0xc4,0x08,0x7d,0x04,0x77, + 0xb1,0x04,0xf9,0x16,0x01,0x0e,0x74,0x2f,0x2d,0x20,0x7f,0xb4,0x0d,0x12,0x2d,0x8f, + 0x21,0x1a,0xf6,0xd7,0xc5,0xec,0xa4,0x95,0x42,0xd9,0xac,0xb0,0xf1,0x66,0xe3,0x6a, + 0xbc,0x37,0x15,0x50,0x70,0xc1,0x2e,0x9f,0x28,0xb9,0x07,0xd6,0x7a,0x2c,0xa7,0x0b, + 0xfc,0xe5,0x54,0xe1,0xc4,0x4c,0x91,0x52,0x0e,0x98,0xfc,0x9a,0xd0,0xc0,0xee,0x47, + 0x7f,0x75,0x05,0x16,0x47,0x6a,0x94,0x16,0x80,0x66,0xce,0x47,0x00,0x00,0x30,0xa9, + 0x9c,0x23,0xe2,0xc3,0x87,0x55,0xde,0x94,0x6d,0x5e,0xdf,0x0d,0x6a,0xa9,0x42,0x12, + 0xf9,0x92,0x31,0x5b,0x24,0x8c,0x1f,0x82,0x72,0x3b,0x29,0xc4,0x22,0x16,0xc7,0x8c, + 0xdc,0xb6,0x68,0xf1,0x12,0x78,0x26,0x1c,0xee,0x92,0x52,0xc8,0xfd,0x0e,0xd3,0x7d, + 0x0a,0x85,0x80,0xca,0x9b,0x9f,0xde,0x75,0x05,0x61,0x59,0x43,0x71,0x2d,0xa1,0x9a), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x9a,0x33,0x7d,0x4c,0x0b,0xb9,0xa0,0x05,0xb4,0x7f,0x47,0x65,0xd6,0x96,0xd1,0x9d, + 0xec,0x58,0xbc,0x84,0x82,0xf2,0x17,0x3a,0x4a,0x20,0x3a,0x0b,0x6d,0x38,0xb4,0x96, + 0x1f,0x6a,0x85,0x2e,0x76,0x46,0x8e,0x80,0x7c,0x7e,0x45,0x76,0x83,0xee,0xad,0x5c, + 0xb8,0xd9,0x86,0x42,0xfb,0x76,0xc0,0xa1,0xee,0xab,0x36,0x41,0x4c,0x18,0x99,0x59, + 0x7d,0x57,0xaa,0xf9,0x67,0x82,0xad,0xa5,0x86,0xf6,0x1a,0x42,0x3f,0x57,0x95,0x37, + 0x71,0xd5,0x20,0xcc,0x4e,0xad,0x90,0xd5,0x69,0xf2,0x3d,0x95,0x0f,0x8d,0xfe,0xdd, + 0xdb,0x83,0x55,0x74,0x85,0x76,0xe6,0xbb,0xfb,0x6f,0x2e,0x91,0xb3,0xda,0x71,0x75, + 0x3f,0xd2,0xf4,0xea,0x22,0x9f,0x6d,0x20,0xe2,0x7d,0xb8,0xd0,0x5e,0x9f,0xcb,0x68), + .s = chunk_from_chars( + 0xcf,0xf7,0xaa,0x7f,0x87,0x56,0x42,0xfb,0x93,0x43,0xe0,0x7e,0xf5,0xe7,0x30,0x3b, + 0xbf,0x5f,0x06,0x9b,0x44,0xc1,0x9f,0xbf,0x83,0xe5,0x9d,0x42,0x2e,0x25,0x26,0x7e, + 0xf9,0x30,0x74,0x14,0xb6,0xb1,0xef,0x61,0x71,0x1e,0xd0,0x01,0x32,0x76,0xd1,0xa2, + 0xad,0x98,0x39,0x04,0x74,0x02,0x7a,0x0a,0x70,0x3b,0xfe,0x8a,0x6e,0x87,0x70,0x60, + 0x59,0xd8,0x9c,0x06,0x09,0x80,0xc9,0xc9,0xe6,0x0d,0xc7,0xe1,0xfb,0x9f,0x77,0x7a, + 0x41,0x78,0x5a,0xb4,0xd2,0xb6,0x63,0xba,0x0e,0x3c,0x19,0x21,0x54,0x5c,0x47,0x9c, + 0x2a,0x38,0x3a,0x50,0xda,0x8e,0x48,0x9c,0xb2,0x2b,0x71,0x10,0x1d,0x0e,0xc1,0x48, + 0xac,0x70,0x92,0x87,0x32,0xa7,0x72,0x19,0x5a,0x14,0x0d,0x08,0x01,0x52,0x76,0x2a, + 0x9c,0x40,0x80,0x3a,0x39,0xfa,0x2a,0x69,0x78,0xc2,0xa7,0x5a,0xc4,0xd8,0xbd,0x1b, + 0xcc,0xaa,0x1f,0x42,0x04,0xba,0x65,0xed,0xdd,0xf3,0x2f,0xed,0xf2,0xd9,0xd0,0xa3, + 0xae,0xd9,0xb0,0x6c,0x47,0xe7,0x17,0x73,0x3c,0x57,0x78,0x12,0xd7,0x23,0xdb,0xa7, + 0x4a,0x85,0x2b,0x29,0x05,0x23,0x5c,0x81,0x2d,0xc5,0xf1,0xd0,0xdf,0x0f,0x0d,0xe7, + 0x3d,0xfb,0x86,0x22,0x1c,0x6f,0xfd,0xd1,0xed,0xa1,0x19,0xbb,0xe9,0x8d,0x14,0x8a, + 0xdd,0x36,0xa4,0xfe,0x50,0x48,0x9b,0x06,0xaa,0xee,0xfc,0xb5,0xc2,0x06,0x6d,0x90, + 0xfa,0x79,0x73,0x87,0x06,0xcd,0x18,0xe4,0x74,0xd6,0x96,0x09,0xff,0x12,0x10,0xc7, + 0x7d,0xe7,0xcd,0x23,0xba,0x2a,0x77,0x5a,0x43,0x29,0xcb,0x27,0x1a,0x82,0x6d,0x60, + 0x2c,0x40,0x1a,0x71,0x43,0x90,0x19,0xce,0xc1,0x0c,0xd9,0xf1,0x84,0xc4,0xd0,0x45, + 0x84,0x21,0x18,0x27,0xb1,0x9e,0xad,0xac,0x32,0x58,0xd8,0xa0,0xf2,0x63,0x16,0x13, + 0xf0,0x51,0xaa,0xe0,0xc6,0x13,0x05,0x0c,0xb2,0x44,0x42,0xf1,0x5e,0xd4,0xfe,0x0d, + 0xbd,0x29,0x0e,0x42,0x62,0x91,0x41,0xbd,0x2c,0xd5,0x6d,0x20,0x58,0x4a,0x1d,0x10, + 0xe1,0xf2,0xc2,0xa9,0xec,0x73,0x14,0x33,0xd5,0xbc,0xd1,0xd3,0x18,0xbe,0xd5,0x24, + 0x3b,0x4b,0x7d,0x0f,0x9a,0x79,0x82,0x06,0x1c,0x55,0xdf,0xaa,0x86,0xb2,0xc0,0x18, + 0x45,0xc0,0x21,0xfd,0xd2,0xa9,0x78,0xd4,0x20,0x34,0x21,0x2f,0x43,0xb3,0x35,0x1b, + 0x6a,0xde,0xb0,0x3b,0xdd,0x6c,0xaf,0x7d,0xe0,0x59,0x50,0x2f,0x16,0xd7,0x73,0x48), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x32,0xfd,0x45,0xe7,0x3f,0x6f,0x69,0x49,0xf2,0x0c,0xab,0x78,0xc0,0xcc,0x31,0xd8, + 0x14,0xba,0xea,0x63,0x89,0x54,0x6a,0x36,0x5d,0x35,0xf5,0x4f,0x23,0xf1,0xd9,0x95, + 0xb7,0x41,0x01,0x18,0x77,0x60,0xc8,0x9b,0xb0,0xb4,0x0b,0x50,0x57,0xb1,0x82,0xe2, + 0xfa,0xfb,0x50,0xb8,0xf5,0xca,0xd8,0x79,0xe9,0x93,0xd3,0xcb,0x6a,0xe5,0x9f,0x61, + 0xf8,0x91,0xda,0x34,0x31,0x0d,0x30,0x10,0x44,0x1a,0x71,0x53,0xa9,0xa5,0xe7,0xf2, + 0x10,0xeb,0xe6,0xbc,0x97,0xe1,0xa4,0xe3,0x3f,0xd3,0x4b,0xb8,0xa1,0x4b,0x4d,0xb6, + 0xdd,0x34,0xf8,0xc2,0xd4,0x3f,0x4a,0xb1,0x97,0x86,0x06,0x0b,0x1e,0x70,0x07,0x0e, + 0x3e,0xd4,0xd5,0xf6,0xd5,0x61,0x76,0x7c,0x48,0x3d,0x87,0x9d,0x2f,0xec,0x8b,0x9c), + .s = chunk_from_chars( + 0xc3,0x89,0x61,0x37,0x17,0xec,0x74,0x76,0xec,0xda,0x21,0x44,0xd0,0xe8,0xc8,0xf9, + 0xd6,0x6f,0xb4,0x69,0xc1,0x67,0xc4,0x20,0x9e,0xc0,0xbd,0xee,0xbf,0xb4,0x71,0x66, + 0x5d,0x33,0xda,0xd4,0x7b,0x8f,0x3c,0x31,0x9a,0x76,0xfe,0x8a,0x8a,0x9f,0x66,0x2b, + 0x6c,0x69,0x0b,0x74,0x90,0x3d,0x17,0xf6,0x1e,0x23,0x14,0xe5,0xea,0x8d,0x26,0x67, + 0x0e,0xe4,0xdb,0x4d,0xad,0x29,0x5b,0x27,0x7c,0xa0,0x8a,0xde,0x88,0x0d,0xe2,0xe4, + 0x2d,0x12,0xb9,0x29,0x52,0x76,0x4c,0x1d,0xc8,0x08,0xc2,0x66,0xdb,0xbe,0xdb,0x67, + 0x01,0x58,0xee,0xf3,0x6e,0x89,0x6f,0x55,0xa2,0x03,0xfb,0x99,0x55,0x6d,0xed,0x05, + 0x97,0x41,0x0b,0xa3,0x74,0x86,0xb1,0xd8,0x41,0xf3,0xd6,0xd5,0xc0,0xb3,0x9f,0x2f, + 0x49,0xf0,0xc5,0x79,0x48,0x24,0xfb,0xa9,0x4a,0x8e,0xc7,0xc2,0xb2,0xc9,0x1e,0xad, + 0xd5,0xc8,0xcb,0xe4,0x48,0x95,0xfe,0x3b,0xe3,0xbc,0x17,0x27,0xd6,0xfc,0x0e,0x53, + 0x64,0xf5,0x35,0x78,0x63,0x9d,0x3b,0x3a,0xf6,0x96,0xb7,0x50,0xa0,0x78,0x53,0x69, + 0x4f,0xfe,0x14,0x5a,0x28,0xc0,0x36,0x20,0xc7,0x8d,0xd7,0x37,0x7d,0x09,0x4d,0x92, + 0xc3,0xe0,0x95,0x46,0x88,0x3d,0x47,0x03,0xe6,0x2a,0x98,0xdd,0xf8,0x1f,0xd0,0x1f, + 0xcd,0xf3,0xc4,0xb2,0x15,0x22,0x4f,0xe2,0xb1,0xb4,0x99,0x2a,0xbf,0x31,0xf2,0x0d, + 0x12,0xaf,0xa8,0x68,0x20,0x23,0x90,0xde,0x33,0x4a,0x84,0x6b,0x2d,0x58,0xb2,0x53, + 0xea,0x8a,0xb3,0xc5,0x26,0x5d,0x84,0x77,0x3a,0x65,0x9e,0x8b,0xac,0x7a,0xf4,0x41, + 0x23,0xd9,0xea,0x15,0x06,0x2e,0x65,0xd4,0xd4,0x19,0xcf,0x2d,0x97,0x07,0x7d,0x06, + 0x24,0xf8,0xe5,0xc3,0x6f,0x2c,0x7b,0x35,0xcc,0xf9,0x54,0x35,0xd5,0xc3,0x68,0x86, + 0xff,0x91,0x05,0xa6,0xc1,0xea,0x22,0x5e,0x15,0xea,0x8c,0xbc,0x7b,0x6b,0xf6,0x85, + 0x61,0x51,0xcd,0x76,0xfb,0xb7,0x5b,0x5b,0x98,0xf0,0xe3,0xdb,0x51,0x6a,0x8e,0x21, + 0x81,0x89,0xfc,0xb1,0xcd,0x5d,0xe3,0xca,0xfe,0xaa,0x33,0xef,0x13,0x5c,0x5d,0x8b, + 0x8a,0xa5,0xf8,0x81,0xaf,0xaa,0xca,0xf4,0xc0,0x8b,0xd7,0x28,0x12,0x55,0xbc,0x2a, + 0x33,0xb7,0x6d,0x4a,0x36,0xe0,0xb1,0x70,0xc4,0x55,0x88,0x23,0x9e,0x5b,0x38,0xc6, + 0x79,0xb0,0x8c,0xf8,0x02,0xaf,0x73,0xb6,0xd7,0x9b,0x39,0x35,0x94,0x94,0x61,0xe7), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xab,0x66,0xcc,0x48,0x7e,0xc9,0x51,0xf2,0x11,0x9d,0x6e,0x0f,0xa1,0x7a,0x6d,0x8f, + 0xeb,0x7d,0x07,0x14,0x9b,0xec,0x7d,0xb2,0x07,0x18,0xe4,0xf3,0x1d,0x88,0xc0,0x1f, + 0x9a,0x53,0xd5,0xba,0x7e,0xce,0x3a,0x4d,0xbc,0x67,0xaf,0x6a,0x35,0xd1,0x30,0xea, + 0xe7,0x62,0xcb,0x79,0x62,0xb9,0xae,0x55,0x7c,0xa3,0x84,0x52,0x46,0x40,0x02,0x22, + 0x3f,0x61,0xbc,0xd3,0xc7,0x35,0x3e,0x99,0xd6,0x25,0x58,0xce,0xed,0xfc,0xb9,0x37, + 0x4d,0x4b,0xbf,0x89,0x68,0x0c,0x8e,0x2b,0x95,0x85,0x60,0x3e,0x07,0x6f,0x1c,0xdb, + 0x00,0x58,0x29,0x9b,0x42,0x46,0x84,0x5d,0xc7,0x9d,0x10,0x43,0xb1,0x42,0x2e,0xfe, + 0x84,0x01,0x8e,0x4c,0x93,0x2c,0x45,0xbe,0xb8,0x85,0x1f,0xbf,0x48,0x5e,0x36,0xd2), + .s = chunk_from_chars( + 0xb5,0x13,0x31,0x55,0x2b,0x08,0xbe,0x35,0xa1,0x69,0x8a,0xa6,0x20,0x3d,0x84,0xdb, + 0xff,0xf9,0x00,0x1e,0xd5,0xdd,0x77,0x6f,0x2b,0xe4,0xdd,0xfc,0x07,0xdd,0x46,0x20, + 0xe9,0x65,0x4e,0x82,0xa3,0x34,0x65,0xbd,0x20,0xf1,0x18,0x63,0xc0,0xed,0x02,0xa0, + 0xae,0xa2,0x7a,0x44,0xd4,0x14,0xc3,0x28,0xa9,0x38,0xbf,0x87,0x7e,0x15,0x83,0x8a, + 0xb9,0x9d,0x67,0x0d,0x01,0x41,0x42,0x62,0xe8,0x86,0x5d,0xc1,0xd9,0xfc,0x30,0xfd, + 0x08,0x12,0x69,0x9f,0xa6,0x90,0xc3,0x4f,0x30,0x2f,0x63,0x7e,0xc8,0x02,0xcd,0x40, + 0xac,0x85,0x91,0xe9,0x76,0xc0,0xb8,0xbc,0xcb,0x1b,0x01,0x37,0xaf,0x64,0xa2,0x87, + 0x02,0x10,0xe8,0xfa,0x3d,0xc4,0x31,0xfe,0x09,0x56,0xb8,0xad,0xdf,0xf1,0xe4,0xb1, + 0x8c,0xf0,0x7e,0x07,0x8a,0xa9,0x3a,0xf8,0x1b,0xb3,0x02,0x3c,0x9e,0x59,0x4e,0x66, + 0x59,0x5f,0xd9,0x2b,0x10,0x22,0x6e,0xa1,0x26,0x00,0x5f,0x47,0x24,0x42,0x73,0x52, + 0xc3,0x8e,0x9e,0x85,0xfc,0x2e,0x07,0x23,0xf8,0x0a,0xf1,0xf6,0x15,0x99,0x55,0x0b, + 0x5e,0xf5,0x4c,0x5b,0x38,0xca,0x40,0x57,0x38,0x01,0x7b,0x89,0xcb,0x94,0x68,0xd9, + 0x74,0x1c,0xd6,0xbd,0xf7,0x11,0x21,0x62,0x25,0x1b,0xa1,0xd0,0x83,0xcc,0x37,0x0a, + 0x4a,0x82,0x61,0xc3,0x9b,0x6b,0x94,0xbf,0x21,0xa5,0x3b,0x75,0x64,0x53,0x1a,0xe9, + 0xeb,0xc4,0xcc,0xea,0x7e,0xbb,0x8b,0xd3,0x14,0xb2,0xe1,0x3b,0x58,0xed,0x10,0x18, + 0xae,0x5b,0x41,0x5e,0x0f,0x9e,0x3e,0x19,0xa5,0xea,0xd3,0xa4,0x46,0x03,0xf9,0x06, + 0x74,0xa1,0x90,0xfe,0xbd,0xe2,0x5f,0x8a,0xd8,0x77,0x8a,0xee,0xad,0x4d,0x0f,0x64, + 0xfb,0xae,0x37,0x16,0x6a,0x54,0xe3,0xa7,0x63,0xe3,0x55,0x59,0xbf,0x8c,0x3f,0x17, + 0x3f,0x19,0xff,0x7b,0xab,0x98,0xf3,0xef,0x80,0x3d,0xd5,0x6c,0x07,0x62,0x83,0x99, + 0xaf,0xf8,0x74,0x85,0xee,0x73,0xdb,0xc3,0xdb,0x34,0xec,0xc7,0xbf,0xf3,0xa5,0x32, + 0x26,0xcf,0x87,0xbc,0x81,0xd2,0x56,0xe8,0x0c,0x09,0x52,0x0c,0x8f,0x38,0xe9,0xbc, + 0xda,0x09,0x5e,0x36,0x35,0x12,0x8e,0x1b,0xed,0xd9,0x97,0x06,0x00,0x54,0x6a,0x75, + 0x1e,0xb1,0x1d,0xab,0x42,0xe2,0x89,0xd6,0xfd,0xfe,0xa0,0x4b,0xd5,0x8d,0x45,0x71, + 0xa7,0x9d,0x24,0xbc,0xe4,0x50,0x8c,0x54,0xe1,0xec,0x4c,0xf7,0x5b,0x98,0x5f,0xd3), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xfe,0xf7,0xfe,0x89,0xb9,0xa5,0x99,0x02,0xa7,0x0a,0x1d,0x9c,0xaa,0xd0,0x9c,0xed, + 0x8b,0xee,0x41,0x45,0xed,0xcb,0xe3,0xef,0x7f,0xa6,0xda,0xb3,0x76,0x35,0x12,0x9f, + 0x3b,0x8c,0x5e,0x08,0x60,0x41,0x0e,0xcb,0xd9,0xce,0xc3,0xd8,0x69,0x36,0x82,0xf2, + 0x5a,0xec,0x08,0xb0,0x71,0xf0,0x5d,0xc8,0x21,0x3b,0xac,0x8c,0xff,0x5d,0x52,0xb5, + 0x76,0x65,0x35,0x60,0xbc,0x01,0x57,0x56,0x04,0xe6,0xab,0x90,0xf6,0x72,0x27,0xfb, + 0x5c,0x90,0x1a,0x78,0x1e,0xdd,0xc0,0x27,0x70,0x09,0x13,0xe5,0x4a,0x7f,0xe5,0x13, + 0x18,0x48,0x2c,0x9a,0xb4,0x2c,0x9d,0x2b,0x91,0x1b,0x7c,0xcc,0x39,0xcc,0xb2,0x90, + 0xf9,0xa4,0x20,0xa5,0xda,0xd9,0x33,0x94,0xd4,0xd7,0xb8,0xc5,0x3f,0xe3,0xf2,0x42), + .s = chunk_from_chars( + 0x45,0x06,0x8c,0xa6,0xd8,0x2f,0x2c,0x12,0x39,0x25,0xcd,0xe1,0x19,0x71,0x21,0x5d, + 0x8f,0xa4,0xa4,0xdf,0x68,0x48,0xbb,0x76,0x54,0x86,0x87,0x00,0x97,0x87,0x64,0x85, + 0x46,0x38,0x92,0x1b,0xea,0x58,0x69,0x28,0x0d,0xc6,0xad,0x95,0x81,0xab,0x43,0xff, + 0x70,0x12,0x96,0x99,0x48,0xa5,0x67,0x7f,0xa0,0xa6,0x61,0x36,0xa3,0x16,0xa4,0xbf, + 0xec,0xb8,0x9a,0xdf,0x41,0x31,0xb5,0xbe,0xdf,0x3d,0x46,0x93,0xb7,0x80,0xd1,0x33, + 0xaf,0x9b,0xf9,0xc1,0x33,0x30,0x5b,0xe7,0x83,0x74,0xaf,0xda,0x3b,0xa3,0x85,0x42, + 0x03,0x32,0x44,0x81,0xa9,0xd1,0x0b,0x9c,0xa9,0xb9,0x2d,0xc7,0xd7,0x4d,0xf5,0x31, + 0x87,0x2d,0xdf,0xc7,0x6c,0xaa,0x82,0xde,0x02,0x0e,0x2c,0x41,0x56,0x43,0xcb,0xcc, + 0x42,0x80,0xe6,0xd2,0xf4,0x37,0x1f,0xda,0x7d,0x92,0x49,0x31,0x4a,0x8f,0x43,0x76, + 0x48,0x99,0x1a,0x9b,0x03,0xd7,0x1b,0x58,0x39,0xad,0x38,0xa1,0x55,0x5a,0xd3,0x45, + 0x26,0x99,0x4b,0xa5,0x68,0x70,0xb6,0xea,0x18,0x01,0x12,0x95,0xf2,0xca,0x2b,0x07, + 0x13,0xb2,0xe9,0x2a,0xd7,0x76,0x80,0xc0,0xdc,0x5b,0xed,0x8d,0x3b,0x9b,0x31,0xac, + 0x14,0xdf,0x76,0x99,0x49,0xc4,0xa4,0x3e,0xa6,0x7f,0x6d,0xee,0xb3,0xdc,0x9e,0xd5, + 0x89,0xea,0x4e,0x8a,0x2c,0xf6,0x69,0x5d,0xf4,0x6f,0x94,0x6f,0x14,0x67,0xb2,0x8e, + 0x87,0x54,0x77,0xae,0x4e,0x64,0x50,0x80,0xfa,0xfd,0xa6,0xdd,0x55,0x1d,0x2c,0x02, + 0xfd,0x6b,0x2b,0x19,0x4f,0xc0,0xbd,0xb0,0x50,0xe0,0x6d,0x4c,0x78,0x41,0x05,0xf5, + 0xa3,0x3b,0x53,0xe7,0x30,0x98,0x05,0x59,0x63,0x07,0x1e,0xfc,0x1b,0xf3,0x97,0xfd, + 0x32,0x5f,0x3a,0x6f,0x4e,0x10,0xd7,0x6f,0x04,0x11,0xa0,0x01,0xe6,0x2e,0xc7,0x37, + 0x29,0x01,0x83,0x16,0xf5,0x63,0x10,0xf8,0x93,0xa5,0x93,0x63,0xd1,0xf6,0xfe,0x5c, + 0x17,0x44,0x4b,0x6c,0x72,0x8a,0x49,0x33,0xb7,0x52,0x12,0xfd,0xfa,0x25,0x8e,0x40, + 0x18,0xb7,0x76,0x39,0x51,0xab,0x4e,0x50,0x96,0x41,0x1d,0xf9,0xe5,0xbc,0x16,0xdf, + 0x38,0x96,0xe4,0x6c,0x97,0x3d,0x32,0xac,0x92,0x76,0xa4,0xe2,0xb5,0xb8,0x0e,0x3d, + 0x8d,0x79,0x8d,0xc0,0x47,0x0b,0x45,0x09,0x6b,0x4d,0x73,0x86,0x69,0xce,0x05,0x2e, + 0xd8,0x18,0xe5,0x60,0xaf,0x1e,0x92,0xc9,0x15,0x18,0x7d,0x66,0xcc,0x30,0x8b,0x70), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x82,0xb3,0x84,0x0e,0xeb,0x95,0xc9,0xc5,0x77,0x24,0xc7,0x0f,0x11,0x2b,0x6c,0x2d, + 0xc6,0x17,0xc3,0x17,0x85,0xac,0xd0,0xc8,0x23,0xf8,0xbc,0xdd,0xa2,0x85,0x32,0x5e, + 0xb3,0xd3,0x08,0xdc,0x79,0x05,0x22,0xbc,0x90,0xdb,0x93,0xd2,0x4e,0xe0,0x06,0x32, + 0x49,0xe5,0x5d,0x42,0x19,0xad,0x97,0x14,0x5f,0xea,0xf7,0xf3,0x06,0x68,0x62,0x3c, + 0xc8,0x89,0x0a,0x70,0xf4,0xf1,0x49,0x86,0x6f,0x82,0xcf,0x86,0xf9,0x8b,0x00,0x53, + 0xb2,0x3c,0x98,0xc8,0xdd,0x5e,0x91,0x07,0xe3,0x41,0x46,0x0e,0x9b,0xf5,0xd8,0x8c, + 0xc8,0xbc,0xd1,0xf2,0xe4,0xc0,0x07,0xcc,0x1c,0x02,0xc4,0x52,0x9b,0x93,0x23,0x3a, + 0x0b,0x06,0xbd,0xd1,0x59,0x25,0x85,0x4a,0xb9,0xe3,0xf1,0x56,0xeb,0x92,0x5b,0xf5), + .s = chunk_from_chars( + 0x05,0x93,0xb9,0xfd,0x44,0x21,0x45,0x23,0x76,0xd2,0x7b,0xc7,0xa2,0x80,0x10,0x1c, + 0xfd,0x6e,0x88,0xa6,0x72,0x7d,0x7d,0x77,0xcf,0x65,0xce,0xb7,0x23,0xec,0xd2,0x57, + 0xf3,0x2f,0xe1,0x02,0x77,0xe8,0x57,0x98,0xe0,0xda,0x75,0x91,0x77,0x36,0xda,0x1a, + 0x3b,0xfc,0x22,0xad,0xc7,0x65,0x8f,0xbb,0x84,0xda,0x6e,0xbe,0xa0,0xb0,0x7d,0x1c, + 0xc4,0x05,0x73,0x2f,0xb0,0x40,0xb5,0x85,0xc1,0xb6,0x3c,0x80,0x34,0x06,0x9b,0xff, + 0xb8,0x22,0x06,0x56,0xf1,0xac,0x54,0xce,0x69,0x37,0x20,0xd6,0xfb,0x1b,0x5a,0xec, + 0x67,0xb0,0x3c,0x88,0x7c,0x80,0x77,0xda,0x14,0x8d,0x10,0xf4,0x8a,0xf7,0xc0,0x28, + 0xf9,0x92,0xb1,0x8f,0x13,0xc0,0xe5,0x75,0x30,0xc0,0x86,0xd7,0x75,0x48,0x3d,0xa5, + 0xf6,0x6f,0x3a,0x6a,0x19,0x18,0x78,0x68,0x34,0x0a,0xc6,0x3c,0x62,0x12,0xbc,0xbd, + 0x6c,0xbb,0x7b,0xed,0xa8,0x62,0x0a,0xfd,0x9b,0x66,0xde,0x47,0x47,0x3e,0xf2,0x4d, + 0x1b,0x6a,0x36,0xf4,0xec,0xe9,0xad,0xd4,0x95,0x14,0xfd,0xf1,0xd8,0x4c,0x7a,0x78, + 0x5b,0x7f,0x0e,0x00,0xf3,0x82,0x23,0x58,0x99,0x79,0x0f,0x47,0x2d,0x13,0xf4,0x85, + 0x58,0xa4,0x31,0x47,0x42,0xf3,0x76,0x80,0x8d,0xec,0x96,0xed,0xd2,0xe2,0x29,0xe9, + 0x43,0xf7,0xb9,0x83,0xbe,0xa5,0xec,0x6e,0xdf,0xa5,0xe9,0xbb,0x37,0xf5,0x88,0xe5, + 0x5e,0xf6,0x2e,0xbc,0x92,0x14,0xbe,0xaf,0x9d,0xa5,0x02,0x43,0x4e,0x10,0x88,0xdf, + 0x27,0x2c,0x6c,0x77,0xc1,0xe1,0xd8,0x97,0xc4,0x7b,0xea,0xb7,0x7e,0x3b,0xbe,0x31, + 0x7f,0x8d,0x43,0xd2,0x1f,0xd7,0xe9,0x43,0x37,0xc7,0xe2,0x63,0xe2,0x86,0x7b,0xf5, + 0x80,0xa2,0xa8,0xec,0xb9,0xe3,0x6a,0xb7,0xd3,0xe1,0xd5,0xcf,0x9a,0x23,0x23,0x09, + 0x53,0xd5,0x9d,0xf0,0xd7,0xe2,0x35,0x58,0xfb,0x61,0x2b,0x79,0x18,0xab,0xba,0x31, + 0xb1,0x64,0xce,0x17,0x88,0x18,0xa1,0xa9,0xe6,0xb6,0x68,0x7f,0x4d,0xe6,0x85,0xd7, + 0x0e,0x16,0xbe,0xf6,0xe1,0x92,0xfa,0xed,0xfe,0x0b,0x2b,0x95,0x47,0x7d,0x37,0xb0, + 0xa3,0xa2,0xd0,0x02,0xf3,0x3e,0xf4,0x32,0x1c,0xb9,0x05,0x04,0x0c,0xe0,0x6f,0xda, + 0x1c,0x98,0xa0,0x08,0x76,0x7f,0xbc,0x78,0x1a,0x1e,0xaf,0x33,0x75,0xda,0xb8,0x66, + 0x4b,0x59,0x03,0x36,0xb9,0x9e,0x15,0x7b,0x86,0x87,0xa6,0x60,0x2f,0xef,0x6a,0x3b), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0xe1,0x53,0xcc,0xa4,0x43,0x1e,0xd9,0x71,0x3f,0x47,0x44,0xba,0x05,0x4f,0x5f,0x19, + 0x1c,0xb3,0x7b,0x28,0x01,0x08,0xae,0x3a,0x11,0x4a,0xd3,0x49,0xa8,0x72,0xd1,0x30, + 0x8b,0x46,0x21,0x1a,0x83,0x75,0x8a,0x3b,0x4b,0xe3,0x2f,0xbe,0xac,0x42,0xcc,0xfe, + 0xe7,0xe2,0x3d,0xf8,0x53,0xca,0x40,0x01,0x47,0x07,0x7b,0xb4,0x3a,0x44,0xc1,0x2f, + 0x29,0x9b,0x91,0x7f,0x3a,0xab,0xdf,0x58,0x9e,0xeb,0x17,0x09,0xbb,0x3d,0x60,0xb0, + 0x8b,0xc7,0x1e,0xaa,0x3f,0xfe,0xba,0x4e,0x29,0x03,0xa5,0xdb,0xd8,0x33,0x9a,0xae, + 0x85,0xfa,0x24,0xb9,0xae,0xe7,0x61,0x30,0x00,0x06,0x05,0x85,0x7a,0x6a,0xa1,0x97, + 0xd0,0x09,0x26,0x27,0x0d,0xcd,0xa5,0x8b,0x7d,0xe7,0x58,0xa6,0xca,0x67,0xe6,0x17), + .s = chunk_from_chars( + 0xa8,0x35,0xcd,0x41,0x46,0xbe,0xf4,0x65,0x64,0x2d,0x49,0x49,0x36,0x26,0x8a,0x31, + 0x1a,0x54,0x90,0xd2,0xc9,0xf9,0x16,0x6c,0x6c,0xe9,0x82,0x16,0xa9,0xa2,0x3a,0x64, + 0x35,0x97,0x30,0x0a,0x00,0x50,0xe6,0x44,0x5a,0xbd,0x5a,0x9b,0xfc,0x7a,0x2d,0x9b, + 0x70,0x72,0x6c,0x82,0x4c,0x38,0x3b,0xf5,0xac,0xad,0xdd,0xdc,0x34,0xd4,0x34,0xa3, + 0x1e,0x53,0x14,0xd2,0x5f,0xb5,0x8e,0x25,0x8f,0x51,0x88,0x66,0xc1,0x36,0xe5,0x28, + 0x55,0xc1,0x6f,0xe6,0x4f,0xf8,0xf1,0xc4,0xd6,0x6c,0x4e,0x9e,0x39,0xb8,0xcb,0x11, + 0x96,0xd8,0x09,0x44,0xd0,0x74,0x6c,0x0a,0x3e,0x17,0x69,0xcd,0x41,0x67,0xdf,0x72, + 0xab,0x5e,0x4c,0x9d,0xba,0xe9,0xcb,0x35,0xf4,0x82,0x8e,0x12,0x09,0x9f,0x9b,0x36, + 0xa5,0xa7,0x0c,0x48,0xd4,0xae,0xc9,0x87,0x2d,0x7b,0x19,0xe1,0x29,0x1b,0x33,0xcb, + 0xdf,0x08,0xa2,0x26,0x3d,0x50,0x0c,0x0a,0x83,0xb5,0x23,0x7e,0xf6,0xce,0x92,0xde, + 0x34,0x4b,0x3b,0x41,0xd0,0xd0,0x74,0x04,0xfc,0xd5,0x46,0x7b,0x04,0x6b,0x52,0xb8, + 0xf8,0x5f,0xc6,0xb5,0xd7,0xaf,0xc4,0x37,0xf1,0xee,0x9e,0x78,0x39,0x0c,0xa9,0xbb, + 0x6c,0xec,0x61,0x88,0x85,0xec,0xe2,0x97,0x58,0xf2,0xfd,0x6f,0x4e,0x5f,0x4f,0x89, + 0x69,0x35,0xde,0x5f,0x67,0xcc,0x04,0x05,0x5a,0x4c,0x4c,0x0f,0xba,0x5d,0xef,0x8d, + 0x2c,0xaa,0x17,0x93,0x31,0xa8,0x55,0x01,0xed,0x25,0x82,0x2a,0xe7,0x9d,0xa9,0xbc, + 0x81,0x5c,0xc3,0x9c,0x6a,0x97,0x92,0x11,0x08,0x3e,0x86,0x83,0x13,0x6c,0x94,0x2e, + 0x1e,0x17,0xe9,0xeb,0x8f,0x84,0xaa,0xcf,0x09,0x1a,0xa1,0xe5,0x16,0x65,0xfa,0xe4, + 0x46,0xbc,0x48,0xc3,0x04,0xaf,0x65,0x39,0x1f,0x27,0x9a,0xfb,0x98,0xb9,0x2e,0x04, + 0xc2,0xb7,0x3d,0x9d,0x94,0xe9,0x91,0x19,0x8f,0xe7,0x78,0x1f,0x0f,0x96,0x96,0xfc, + 0xba,0x2c,0x03,0x48,0x5f,0x76,0xe6,0xde,0x30,0xb9,0x53,0x5c,0xf3,0x90,0x3d,0xb2, + 0xf3,0xaf,0xa8,0x51,0xa4,0x7b,0xcd,0xe7,0x2d,0x4e,0xd2,0xe8,0xfa,0xbf,0x9b,0xb7, + 0xd4,0x69,0x6c,0xb4,0xab,0x8c,0x28,0x9b,0x0c,0x21,0xe1,0xf9,0x79,0xeb,0xc5,0x32, + 0xe2,0x80,0xcd,0x90,0x10,0xdf,0x4e,0xe7,0x2f,0x84,0xbb,0x9e,0x82,0x75,0x28,0x28, + 0xf1,0x67,0x03,0x0c,0x0f,0xe3,0x48,0xeb,0xc3,0x1e,0xc1,0x7b,0x8f,0x07,0xd9,0x4b), + },{ + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x9c,0x63,0x89,0x9d,0xfc,0x7b,0xdc,0x0d,0xb3,0x84,0x72,0x72,0x44,0xca,0xf7,0x1e, + 0xcf,0xb9,0xb8,0x79,0x2b,0x9f,0x57,0xe9,0x36,0xb3,0xc2,0xf5,0x69,0x55,0x65,0xa9, + 0xb0,0x97,0x9f,0x3c,0x78,0xfd,0x73,0xf0,0x09,0x81,0x81,0x3a,0x16,0xda,0x34,0x23, + 0x92,0xfe,0x3c,0xee,0xc6,0xe6,0x3f,0xfb,0xa1,0x91,0xcb,0xeb,0x4f,0x4b,0x90,0x05, + 0x0d,0x2f,0xcc,0xd8,0x3b,0xeb,0x06,0x22,0xb2,0xc3,0xff,0xf1,0x59,0xd9,0xe6,0x08, + 0xf3,0xab,0xcb,0x84,0x3b,0xdd,0x56,0xc0,0x33,0x39,0xb9,0x75,0xb9,0xf4,0xe3,0x26, + 0x5b,0x32,0xf6,0xbb,0x6c,0xcd,0xfc,0x6c,0x57,0x52,0xd6,0xe0,0x34,0x4d,0x74,0x96, + 0x99,0xc7,0x4c,0x85,0xb3,0x0c,0x04,0xff,0x95,0xb2,0x72,0xdb,0xcf,0xd6,0xc7,0xd3), + .s = chunk_from_chars( + 0x4d,0x38,0xa2,0x97,0x30,0x2a,0xd0,0x77,0x0d,0x97,0x29,0xce,0x5b,0x72,0x12,0xee, + 0xf2,0x87,0xce,0x02,0x50,0xf4,0x03,0xe3,0x2b,0x4a,0xcc,0x36,0x17,0xdc,0x0d,0x2e, + 0xdc,0xcc,0xc2,0xd5,0x80,0xdd,0xbd,0xbc,0xa5,0x72,0x2b,0x70,0x70,0x40,0x58,0xa3, + 0xb8,0x07,0xf5,0x92,0xe4,0x00,0xbd,0x56,0x3f,0xca,0xa8,0xb0,0x66,0xa6,0x14,0xb4, + 0x90,0x6f,0x14,0x33,0x96,0x8e,0xd2,0xf5,0x20,0xa2,0xf6,0xb0,0x34,0xd4,0xb2,0xd6, + 0x89,0x0a,0x24,0x1a,0xfd,0x1a,0xdb,0x86,0x39,0xa6,0xca,0xd9,0xdb,0xfd,0x2e,0x27, + 0x8d,0xfe,0xbf,0x79,0x74,0x0d,0x75,0xf2,0x95,0x75,0x9d,0x29,0x13,0x0b,0x19,0xab, + 0x19,0x98,0x3d,0xd6,0x8f,0x77,0x9d,0xe4,0x1f,0xfe,0xfd,0x4e,0x82,0xb5,0xe6,0x2f, + 0x72,0xf9,0x0e,0xfb,0x73,0x43,0x7f,0x08,0xa2,0x50,0x3d,0xd9,0x81,0x9d,0xae,0x20, + 0xba,0x97,0x06,0xc1,0x99,0xde,0x9c,0xf8,0x84,0x43,0x3e,0xeb,0x75,0x62,0x86,0xa8, + 0x5e,0xae,0x14,0xbf,0x9f,0x6d,0xbe,0xb7,0x05,0x46,0x1d,0x91,0x82,0x22,0x82,0xf1, + 0x8e,0xfb,0xb1,0x05,0x89,0xa5,0x78,0xf2,0xc9,0xc3,0x45,0xb0,0x79,0xa7,0xe9,0xdd, + 0x07,0xfd,0x4b,0x34,0x05,0x1b,0x27,0x11,0x97,0x29,0x90,0x6c,0x77,0xdf,0xb7,0xd2, + 0xf8,0xfa,0x6b,0xdd,0x5f,0xaa,0x1e,0x13,0x2b,0xfb,0xa9,0xd3,0x91,0xe6,0x63,0x95, + 0xe6,0x7f,0x01,0x35,0x3f,0xa2,0x75,0xea,0xce,0x8b,0x53,0xaa,0x91,0xcb,0x6f,0xb6, + 0x93,0xe1,0x91,0x91,0xd4,0x2a,0x4c,0x1a,0x85,0xa0,0xc5,0x04,0xb1,0xc8,0x5f,0x49, + 0xa4,0xd6,0x09,0x36,0xde,0xe4,0x64,0x6a,0xca,0x62,0xa9,0x4a,0xa4,0xbc,0x78,0x28, + 0xc1,0xff,0xaf,0xde,0x8b,0xe6,0x56,0x31,0x7d,0x50,0x6a,0xbe,0xc1,0x79,0xcc,0x90, + 0x19,0x1d,0x12,0x35,0x6f,0xf5,0x06,0x44,0xd3,0xe0,0x1a,0xa5,0xbc,0xfd,0xd7,0x1d, + 0x3c,0x82,0x8d,0xc3,0x53,0x9d,0xc0,0xcf,0x3f,0xe8,0xb9,0xb9,0x1e,0x0c,0x25,0x24, + 0xf6,0xa3,0x71,0x03,0x79,0xc9,0x0a,0xff,0xd0,0xd0,0xa5,0x0d,0x74,0x38,0x7f,0x9c, + 0xa8,0x8b,0x46,0x46,0x3e,0xf1,0xbd,0xba,0x58,0xcc,0x9a,0x36,0xe5,0xc2,0xc4,0x35, + 0xa2,0x0d,0x96,0x83,0x50,0xd1,0x5d,0x94,0x1c,0x32,0x12,0xcd,0xce,0x81,0x55,0x92, + 0xb3,0x10,0xd2,0x59,0x86,0x0d,0xe1,0xdc,0x1a,0x3d,0x70,0xac,0x22,0x30,0x2a,0x51), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384, + .m = chunk_from_chars( + 0x04,0x84,0x6c,0x2e,0x67,0x6a,0xc7,0x31,0x60,0xbf,0x4e,0x45,0x65,0x2b,0xdc,0x6c, + 0xc4,0xd4,0xc9,0x28,0x45,0x77,0xb4,0x32,0x0a,0xb7,0x7f,0x6e,0xbb,0xb5,0x9a,0x1f, + 0xe0,0xe0,0x85,0x58,0x8e,0x0f,0x90,0xb3,0x46,0xcd,0xe6,0x44,0x1a,0xf3,0xc9,0xd0, + 0x11,0x7d,0x1f,0x3b,0xcd,0x96,0x2e,0x40,0x6b,0xf5,0xa4,0x65,0xab,0x6c,0xda,0x2d, + 0x51,0xbe,0x59,0x8f,0xcb,0xb2,0x9e,0xa7,0x13,0x65,0x1a,0xac,0xd7,0xe4,0x7d,0x22, + 0xd8,0xfa,0x34,0x50,0x90,0x47,0x30,0xf5,0x17,0x92,0xea,0x37,0x47,0x61,0xa4,0xdc, + 0x1f,0xc6,0xf1,0xbc,0x65,0x7b,0x77,0x76,0x8f,0x31,0xf4,0x63,0xe4,0x26,0x7f,0xc8, + 0xdf,0xf6,0x11,0x50,0xd4,0xb3,0x43,0xb9,0xd5,0x37,0x59,0xcd,0xd7,0xb9,0x80,0x94), + .s = chunk_from_chars( + 0x10,0x3b,0xee,0x57,0xe2,0x5b,0xe8,0xc3,0xa2,0xf7,0x74,0xe7,0x39,0xb4,0x7f,0x93, + 0x43,0x5e,0x41,0x49,0x32,0xc0,0x49,0x4b,0x6b,0x6a,0xa2,0x47,0x5b,0xf7,0xc9,0x30, + 0x5c,0x73,0x74,0x7e,0x0a,0xdf,0x82,0xc2,0x03,0x20,0x07,0xb3,0xf7,0x5a,0x69,0xc9, + 0x31,0x12,0x61,0x7a,0x62,0x56,0x6c,0x5a,0x2d,0xea,0xa2,0x5f,0xb9,0x52,0x09,0xda, + 0x49,0xfe,0x9c,0x16,0x1c,0xb2,0xff,0xa4,0x0f,0xd9,0xd7,0x7f,0x1f,0xf6,0x60,0xc8, + 0xb6,0xcd,0x3b,0x54,0xe3,0xe7,0x9a,0x75,0x9c,0x57,0xc5,0x71,0x98,0x02,0xc9,0x31, + 0x1d,0xb7,0x04,0xba,0x3c,0x67,0xb4,0xa3,0x11,0x37,0x54,0xa4,0x1b,0x8d,0xa5,0x9c, + 0x64,0x5b,0xe3,0x90,0x9e,0x7d,0xb7,0xe7,0xcf,0x72,0x94,0xda,0xb4,0x4f,0x74,0x24, + 0x0f,0x81,0xa2,0x81,0xee,0xcd,0x6e,0xf3,0x1c,0x7c,0xf1,0x8b,0x1a,0x19,0xc7,0xd0, + 0x2a,0x31,0x2b,0x91,0xd6,0xed,0xfa,0xa9,0x54,0x46,0x2d,0x34,0x74,0x0a,0xf5,0xab, + 0x70,0x8d,0xb5,0xa1,0x0b,0x00,0xc5,0x42,0xbe,0x82,0xfa,0x2b,0x20,0x26,0xb0,0x9e, + 0xf3,0x8a,0x40,0x01,0x45,0x7e,0x27,0xa6,0x02,0x37,0x70,0xe4,0xb4,0xd5,0x00,0x32, + 0x67,0xc8,0x5c,0x9e,0xea,0x1d,0x5f,0x8d,0x77,0x0b,0xd4,0x0b,0x55,0x4d,0x5b,0x4d, + 0xaf,0x14,0x6d,0xcc,0xab,0xac,0x3e,0xa8,0xa1,0x3a,0x05,0xc3,0xbd,0xdf,0xc9,0x71, + 0xc5,0x15,0x8f,0xac,0x02,0x7c,0xa1,0x9b,0x72,0x32,0x62,0x1e,0x9d,0x2e,0x37,0xb6, + 0xa6,0x55,0xaf,0x54,0x5e,0x44,0xa2,0x98,0xbe,0x78,0xcd,0x47,0x5c,0x22,0xa4,0x8b, + 0xff,0x7c,0x34,0x94,0xa5,0xf8,0xa6,0xab,0xdf,0x1a,0x46,0xf9,0xde,0x08,0x2e,0x37, + 0x4f,0xd5,0x98,0x86,0x7d,0x61,0xe4,0xd5,0x1d,0xae,0xd8,0x41,0x52,0xe4,0x3c,0xc6, + 0xa2,0xaf,0xfa,0xe2,0x05,0xed,0xc5,0x26,0x13,0x48,0x0d,0x41,0x1a,0xba,0x84,0xfc, + 0xc9,0xb6,0x9d,0x1c,0x28,0xf1,0x6f,0x76,0x83,0x69,0x01,0xa7,0xc5,0xb3,0xeb,0x2f, + 0x2c,0x94,0x0d,0x0a,0x3f,0xad,0x38,0xa8,0xef,0xab,0x96,0x8a,0x0c,0x85,0xeb,0x22, + 0xe1,0x1d,0x3d,0x08,0x61,0x13,0x6c,0xed,0x5f,0x06,0x73,0x4f,0xdf,0x8d,0x4f,0x15, + 0x1d,0x23,0x86,0x1b,0x1c,0xba,0x9b,0x9c,0x58,0x0d,0x33,0x50,0xc7,0x6d,0x4d,0xc8, + 0x08,0x46,0x1d,0x5f,0x87,0x2e,0xc5,0x48,0xb2,0xb4,0x27,0xdf,0xf7,0x4b,0x1d,0x1a), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xdb,0x6c,0x9d,0x4b,0xad,0xb1,0xd9,0xb7,0x4d,0x68,0x34,0x64,0x48,0xb4,0xd5,0x34, + 0x06,0x31,0x78,0x3b,0x5a,0x35,0xac,0x24,0x58,0x56,0x3e,0xd0,0x67,0x2c,0xf5,0x41, + 0x97,0x58,0x7f,0xb7,0x34,0xc4,0xac,0x18,0x9b,0x2d,0xda,0x95,0x4c,0xdf,0xb1,0x8b, + 0x41,0xc0,0x10,0xa7,0x7e,0x90,0x46,0x4e,0xea,0x6f,0x86,0x3c,0x5d,0xa0,0x95,0x6b, + 0xfa,0x8c,0xc6,0x36,0xbf,0x0a,0x28,0xbe,0x5a,0xdd,0xfe,0x8d,0x3e,0x7e,0x6f,0x79, + 0xf7,0x1d,0x7f,0xcb,0xba,0xe2,0x3e,0xa1,0x41,0x78,0x3f,0x91,0xd6,0xcc,0x4c,0x8f, + 0xad,0x12,0x58,0x11,0x76,0x0a,0xb5,0x71,0x33,0x81,0x88,0x92,0x47,0x1a,0x79,0xc6, + 0xd0,0x4e,0xaf,0xef,0x37,0xb2,0xfb,0xe5,0x06,0x78,0x53,0x18,0xf9,0x39,0x83,0x77), + .s = chunk_from_chars( + 0xd4,0x80,0xd5,0xa9,0x79,0xad,0x1a,0x0c,0x4c,0xa3,0x29,0xeb,0xd8,0x8a,0x4a,0xa6, + 0x94,0x8a,0x8c,0xf6,0x6a,0x3c,0x0b,0xfe,0xe2,0x25,0x44,0x09,0xc5,0x30,0x54,0xd6, + 0xff,0xf5,0x9f,0x72,0xa4,0x6f,0x02,0xc6,0x68,0x14,0x6a,0x14,0x4f,0x8f,0x2b,0xa7, + 0xc4,0xe6,0xb4,0xde,0x31,0x40,0x0e,0xba,0x00,0xae,0x3e,0xe8,0x75,0x89,0xdc,0xb6, + 0xea,0x13,0x9e,0x70,0xf7,0x70,0x4f,0x69,0x1b,0xc3,0x7d,0x72,0x2f,0x62,0xbb,0x3b, + 0x2c,0xd3,0x03,0xa3,0x4d,0x92,0xfd,0xe4,0xde,0xb5,0x4a,0x64,0xdd,0x39,0x18,0x43, + 0x82,0xd5,0x9c,0xca,0xf0,0xc0,0x7a,0x7e,0xa4,0x10,0x7d,0x08,0x08,0x26,0x0e,0xd8, + 0xd4,0x21,0xcb,0x8b,0x14,0x07,0xcd,0xf9,0xe9,0x15,0x15,0x92,0x82,0xb9,0xf7,0xbf, + 0xfd,0xbf,0x40,0xd8,0x77,0x88,0x5d,0xa7,0x39,0x9e,0xde,0xbd,0x30,0x0a,0x7e,0x77, + 0xa9,0x08,0xf7,0x56,0x65,0x9a,0x18,0x24,0xf9,0x5c,0x8a,0x81,0x2a,0xa5,0x40,0xeb, + 0xaa,0x64,0xab,0x54,0xa2,0x33,0x72,0x3d,0xb5,0x5c,0xaa,0x8b,0x44,0x66,0xea,0x9a, + 0xe6,0x61,0x4a,0xd1,0xbb,0x86,0x9e,0x9d,0x8e,0x0d,0x03,0x2f,0x39,0x01,0x67,0x1e, + 0x94,0xc0,0xb6,0x73,0xbe,0x65,0x37,0xcd,0x54,0x27,0x8e,0xd3,0xda,0x2e,0x1e,0xdb, + 0xc0,0x4e,0xe3,0xa9,0xe8,0x07,0x0d,0x73,0xba,0x0f,0xfb,0x93,0xe6,0x0f,0x30,0xb8, + 0x7f,0xf3,0x86,0x2e,0x9c,0x53,0x90,0x8f,0x2c,0x8e,0x99,0x91,0x56,0x68,0xc1,0xf4, + 0x66,0x35,0xe0,0x5b,0xf7,0x16,0x30,0x51,0xff,0x9d,0x92,0xbc,0x71,0xa6,0x26,0x55, + 0x3c,0x69,0xdf,0xdd,0x06,0xa4,0x9f,0x7f,0xf1,0xed,0x51,0xe9,0x18,0xf3,0xed,0x80, + 0x1d,0xae,0x62,0xca,0x27,0x6d,0x70,0x63,0xd7,0x2a,0x6e,0xbc,0x13,0x6b,0xa0,0x6c, + 0xfe,0xdf,0x5a,0xa2,0x32,0x77,0xe8,0x10,0x08,0xc6,0x3b,0x2e,0x00,0x83,0xd0,0xfd, + 0x68,0x14,0xf6,0xd4,0xb4,0xb4,0x0a,0x42,0xe8,0xc0,0x20,0x6f,0x3c,0x35,0x6a,0x5e, + 0xc7,0x09,0xb7,0xc8,0xa4,0xb7,0x4b,0x7b,0x48,0xd5,0x3c,0x9d,0x86,0x94,0xd2,0x73, + 0x59,0xc2,0xc7,0x70,0x19,0x38,0xd2,0xf0,0x16,0x17,0x21,0xa5,0x73,0x13,0xbb,0x1a, + 0x2e,0x11,0xda,0x21,0x58,0x72,0x49,0x81,0x82,0x49,0x3d,0x85,0x17,0x04,0x3b,0x4c, + 0x03,0xf9,0x34,0x46,0xaa,0xc9,0x38,0x30,0x27,0x65,0x42,0x02,0x6c,0xe8,0x30,0x55), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xd5,0xdd,0x3b,0x6c,0xe9,0x77,0x2d,0x9a,0x97,0xfe,0x21,0x64,0x84,0x97,0x78,0x3b, + 0xac,0x5b,0xb5,0x25,0x4a,0xad,0x82,0xb6,0xf7,0xcb,0xf4,0x3b,0x15,0xa4,0x0f,0x38, + 0x6e,0xea,0x8d,0x15,0x19,0x67,0xdb,0x14,0x9e,0x94,0x65,0x86,0x59,0x68,0x13,0x3f, + 0x24,0x6e,0x13,0x47,0x30,0x1a,0xda,0xd2,0x34,0x5d,0x65,0x72,0xca,0x77,0xc5,0x8c, + 0x15,0x0d,0xda,0x09,0xa8,0x7b,0x5f,0x4d,0xa3,0x6b,0x26,0x6d,0x1f,0xa7,0xa5,0x9c, + 0xcd,0x2b,0xb2,0xe7,0xd9,0x7f,0x8b,0x23,0x15,0x43,0x19,0x23,0x53,0x0b,0x76,0x2e, + 0x12,0x6e,0xac,0xaf,0x5e,0x5a,0xc0,0x2f,0xf1,0xaa,0xef,0x81,0x9e,0xfb,0x37,0x3c, + 0xf0,0xbb,0x19,0x6f,0x0e,0x82,0x9e,0x8f,0xe1,0xa6,0x98,0xb4,0x79,0x0a,0x2a,0x05), + .s = chunk_from_chars( + 0xbf,0x9e,0x8b,0x4f,0x2a,0xe5,0x13,0xf7,0x3d,0x78,0x89,0x58,0x00,0x37,0x33,0xdb, + 0xe2,0x09,0x57,0xb1,0x47,0xb1,0x7c,0x3f,0x4f,0xd6,0xd0,0x24,0xe8,0xe8,0x3f,0x07, + 0xb6,0x5d,0x9f,0x3d,0xbc,0x3b,0x1f,0xe8,0x4d,0xa0,0x21,0xce,0xab,0xfc,0xcd,0x8c, + 0x57,0xa0,0x14,0xfb,0xe5,0xa2,0xbc,0xe3,0xe4,0x05,0x1b,0x7d,0x03,0xe0,0x9f,0xc0, + 0x35,0x0b,0x6a,0x21,0xfa,0xd2,0x14,0xae,0x7a,0x07,0x32,0x77,0xc7,0x7a,0x40,0xdc, + 0x44,0xa5,0xae,0xea,0x51,0x94,0xa7,0x56,0xb6,0x9c,0x93,0x97,0x7b,0x69,0xee,0x92, + 0x94,0x36,0x0e,0xaa,0x73,0xa5,0x74,0x54,0x8f,0xa6,0xa9,0x74,0xa7,0xcd,0x5a,0x6a, + 0xdc,0xf0,0x9e,0x80,0x63,0x11,0x56,0xaf,0x85,0xa8,0xe5,0xc5,0x31,0x7e,0x18,0x9e, + 0xea,0xd4,0x7e,0x2e,0xad,0x65,0xc3,0x81,0x39,0x6b,0x5c,0xac,0xde,0x26,0x0e,0x93, + 0x72,0x84,0xa8,0xe9,0x0e,0xff,0x2c,0xbc,0xb9,0xde,0xe2,0x29,0x25,0xf2,0xf7,0x25, + 0x6f,0x74,0xc6,0x7c,0xf3,0xff,0xc7,0xb8,0xce,0x65,0x7e,0x8d,0x13,0x5f,0x0f,0x37, + 0x6d,0x9d,0x93,0x6a,0x79,0x79,0x2c,0x98,0x16,0x14,0xd9,0x8e,0x3f,0x7d,0x66,0x2a, + 0x4f,0xd4,0x6d,0xcd,0xa9,0x69,0x16,0xb3,0x2f,0x36,0x6e,0xd2,0x7d,0xab,0x18,0x8f, + 0x18,0x4b,0x98,0x4d,0xf0,0xb5,0x59,0x71,0x0d,0x8f,0xf2,0x04,0x0b,0xe4,0x62,0xf9, + 0x19,0x43,0x50,0x1b,0xda,0x48,0x40,0xfd,0xd5,0xc8,0xec,0x15,0xd1,0x89,0x06,0x4d, + 0xef,0x75,0x6e,0x54,0x5d,0xb3,0x19,0xe0,0x07,0xc4,0x33,0xf0,0x46,0x8a,0x67,0x23, + 0x35,0x7b,0xa4,0x7d,0x15,0x6a,0xb7,0x65,0x2b,0x06,0xae,0x2b,0x18,0x87,0x4f,0x07, + 0x71,0xc6,0x26,0x46,0x6d,0xbd,0x64,0x23,0xe6,0xcb,0xc5,0x18,0xb5,0xe4,0xae,0x7b, + 0x8f,0x15,0xe0,0xf2,0xd0,0x47,0x1a,0x95,0x16,0xdf,0xa9,0x59,0x16,0x97,0xf7,0x42, + 0x86,0x23,0x24,0xd8,0xd1,0x03,0xfb,0x63,0x1d,0x6c,0x20,0x73,0xd4,0x06,0xb6,0x5c, + 0xde,0xe7,0xbd,0xa5,0x43,0xe2,0xe9,0xeb,0xff,0x99,0x06,0x98,0x5d,0x1c,0xb3,0x65, + 0x17,0x2e,0xa6,0x23,0xed,0x7a,0xa4,0xc7,0xa3,0x22,0xf0,0x98,0x46,0x80,0xe3,0x4e, + 0x99,0xbc,0x62,0x31,0xb0,0x2e,0x3d,0x14,0x58,0x16,0x08,0xbc,0x55,0xbc,0xa7,0xfb, + 0xe2,0x2d,0x7f,0x03,0xe9,0x04,0xda,0x45,0x52,0xe0,0x09,0xe5,0x60,0x7f,0x04,0x18), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x59,0x16,0x52,0xb6,0xeb,0x1b,0x52,0xc9,0xbe,0xbd,0x58,0x32,0x56,0xc2,0x22,0x86, + 0x80,0x11,0x0b,0x87,0x89,0x17,0xde,0xa5,0xad,0x69,0xe8,0xc5,0xd2,0xab,0x51,0x42, + 0x77,0xb0,0xac,0x31,0xe7,0xe2,0xcc,0xea,0xb2,0xe5,0xd9,0xc4,0x5d,0x77,0xa4,0x1f, + 0x59,0x9b,0x38,0xa8,0x32,0xf6,0xb2,0xd8,0x09,0x79,0x52,0xbe,0x44,0x40,0xd1,0xff, + 0x84,0xba,0xf5,0x1b,0xd7,0x0b,0x64,0xf1,0x30,0xae,0xb6,0x86,0x14,0x5f,0xcd,0x02, + 0x95,0x38,0x69,0xfb,0x84,0x1a,0xf7,0xf6,0xe3,0x4e,0xaa,0x2b,0x99,0x6c,0xcd,0x89, + 0x69,0x7c,0x58,0xfa,0x25,0x5c,0xc1,0xe8,0x1f,0x62,0x14,0x00,0xe1,0x41,0x46,0x36, + 0x1e,0x31,0xc7,0x09,0xe8,0x4a,0x56,0x08,0x22,0x31,0x19,0x95,0x39,0xf7,0xed,0xe9), + .s = chunk_from_chars( + 0x1d,0xe7,0x9d,0x72,0x16,0xdd,0xe1,0x25,0xde,0xb7,0x7c,0x34,0xd9,0x0a,0xb3,0x21, + 0xa4,0xde,0x5f,0xb1,0x1c,0x29,0x66,0x56,0xad,0x9b,0xf9,0xa2,0x46,0x53,0x59,0x11, + 0x17,0xac,0xe4,0x15,0xe1,0x8e,0xad,0xce,0x92,0x82,0x3f,0x31,0xaf,0xe5,0x6f,0xc8, + 0xe2,0x94,0x94,0xe3,0x7c,0xf2,0xba,0x85,0xab,0xc3,0xba,0xc6,0x6e,0x01,0x95,0x84, + 0x79,0x9a,0xee,0x23,0x4a,0xd5,0x55,0x9e,0x21,0xc7,0xfd,0x4f,0xfd,0x24,0xd8,0x26, + 0x49,0xf6,0x79,0xb4,0xc0,0x5d,0x8c,0x15,0xd3,0xd4,0x57,0x4a,0x2e,0x76,0xb1,0xf3, + 0xee,0x9f,0x8d,0xec,0x0a,0xf6,0x0b,0x0c,0xed,0x1b,0xe8,0xa1,0x9c,0x2f,0xa7,0x1b, + 0xcb,0xc1,0xfb,0x19,0x08,0x99,0xec,0x85,0x56,0x95,0x8e,0x07,0x82,0xac,0xe7,0x19, + 0x6b,0x36,0x65,0x86,0x56,0xcf,0x36,0x4d,0x37,0x73,0xde,0x86,0x26,0x0f,0xd8,0x98, + 0x76,0x04,0xef,0x35,0xea,0xe8,0xf3,0x8e,0xc2,0xcb,0x0d,0xa8,0x64,0xcc,0xa7,0x19, + 0x21,0x9c,0x2a,0xd7,0x1c,0x08,0x50,0x6c,0x41,0x2e,0xc7,0x79,0x95,0xf3,0x74,0x39, + 0xc8,0x56,0x97,0x7b,0x71,0xdf,0xb9,0x64,0x79,0x90,0xef,0x70,0xfa,0xf4,0x32,0x73, + 0xae,0x60,0x83,0x9c,0xd0,0x67,0x9e,0xc9,0xaa,0x42,0xbf,0x91,0x4e,0x42,0x1b,0x79, + 0x7c,0xba,0x21,0x8a,0x40,0x0f,0xf9,0xdb,0xaa,0x20,0x6c,0xb9,0xc2,0xb0,0x59,0x6c, + 0x70,0x9a,0x32,0x2b,0x73,0xcb,0x82,0x72,0x1d,0x79,0xf9,0xdb,0x24,0x21,0x1b,0xf0, + 0x75,0xa1,0xce,0xf7,0x4e,0x8f,0x6d,0x2b,0xa0,0x7f,0xe0,0xdc,0x8a,0x60,0xf4,0x8a, + 0xf5,0x11,0xad,0x46,0x9d,0xcd,0x06,0xe0,0x7a,0x4c,0xe6,0x80,0x72,0x13,0x9c,0x46, + 0xd8,0xbe,0x5e,0x72,0x12,0x53,0xc3,0xb1,0x8b,0x3c,0x94,0x48,0x5c,0xe5,0x5c,0x0e, + 0x7c,0x1c,0xbc,0x39,0xb7,0x7b,0xc6,0xbb,0x7e,0x5e,0x9f,0x42,0xb1,0x53,0x9e,0x44, + 0x2d,0xa8,0x57,0x65,0x8c,0x9e,0x77,0x1c,0xcb,0x86,0xbe,0x73,0x97,0x64,0x7e,0xfb, + 0xc0,0xcc,0xb2,0xc3,0xad,0x31,0xac,0x4e,0x32,0xbf,0x24,0x8c,0xc0,0xce,0xd3,0xa4, + 0xf0,0x94,0x52,0x6b,0x25,0x63,0x1c,0xb5,0x02,0x47,0x09,0x61,0x29,0xb0,0x8a,0x9c, + 0x2c,0xdf,0xb7,0x75,0x97,0x8b,0x0f,0xee,0xe2,0x65,0xa6,0xc4,0x19,0x91,0xc1,0xdc, + 0x44,0x52,0x61,0x5b,0x78,0xc9,0x06,0xc7,0xed,0x1b,0xd2,0x07,0x96,0x9d,0x98,0xd0), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x8d,0xff,0xaa,0x91,0x51,0x27,0x1a,0xd2,0x26,0x22,0xf2,0x28,0xc8,0x92,0xe1,0xd9, + 0x74,0x8b,0x3c,0x39,0x43,0x97,0xf2,0xcb,0xb6,0xfe,0xbe,0xaa,0x92,0x44,0xa0,0x27, + 0xee,0xf2,0x8d,0xb4,0x8a,0x9a,0x66,0x01,0x62,0x15,0x27,0x64,0x83,0x0f,0x61,0x7e, + 0x1e,0xc6,0xea,0x1c,0xdb,0x0e,0xd2,0x5b,0x6f,0x99,0x9a,0x10,0x71,0x75,0xa1,0x66, + 0x69,0xd6,0xdf,0xc9,0x2b,0x16,0xd5,0x03,0x63,0xfa,0xc4,0xa5,0x70,0x37,0x1e,0xa9, + 0x76,0x34,0x3a,0x55,0xae,0x12,0x4b,0x63,0x01,0xea,0x93,0x5e,0xd6,0x55,0xd4,0x4f, + 0x28,0x32,0x08,0x99,0xdb,0xa3,0x51,0x22,0x50,0x59,0x33,0xb3,0x37,0x12,0x01,0xa2, + 0xa4,0x5f,0x95,0xae,0x65,0xab,0x44,0x2a,0x94,0x79,0x12,0x5e,0x68,0xed,0x21,0x2a), + .s = chunk_from_chars( + 0xb3,0x29,0xae,0xf8,0x3a,0x56,0xdd,0xc5,0x7c,0xd9,0xa0,0xe1,0x5e,0xb0,0xb0,0xb7, + 0xae,0xa7,0xd7,0x8d,0x5e,0x8c,0xa3,0x98,0x2b,0xd3,0x1c,0xc8,0x25,0xa0,0xcd,0x1c, + 0x44,0x4d,0x9f,0x7b,0xea,0x9e,0x7a,0x27,0xf3,0xbb,0xb3,0x76,0x10,0x60,0xff,0x95, + 0xfe,0xe1,0xa3,0xe8,0x64,0xd2,0x10,0x8f,0xc4,0x0b,0x64,0x78,0x6a,0x96,0xa6,0xd6, + 0x2d,0x20,0x12,0x17,0xe0,0x3a,0x8b,0xa2,0xc0,0x7e,0xe9,0x4c,0x26,0x71,0x49,0xd1, + 0xe7,0x2c,0xc5,0x77,0x9b,0x73,0x7e,0x85,0x47,0xac,0xd6,0xaa,0x4b,0xba,0x3f,0xf3, + 0x8b,0xf9,0x68,0x7e,0x9e,0x82,0xf5,0x11,0xb5,0x97,0xad,0x7e,0xc1,0xd7,0x95,0xc3, + 0x6a,0x98,0xbf,0x83,0xa9,0x0f,0xc8,0x6b,0x0c,0xad,0x41,0x95,0x33,0x60,0x73,0x89, + 0x21,0x93,0x6a,0x45,0x86,0x74,0xb2,0xe9,0xa7,0x01,0x2a,0xc3,0x02,0x9f,0xdb,0x0a, + 0x9d,0x12,0x31,0x82,0x02,0xd2,0x54,0x4a,0x0d,0x97,0x6e,0xe5,0x36,0xe0,0x3b,0x7e, + 0x8d,0x89,0x4b,0x3b,0x9c,0x76,0x2d,0xab,0x01,0x10,0x84,0x9c,0xc1,0xea,0xad,0x74, + 0x7e,0x3d,0x88,0xd7,0xdc,0xf4,0x9f,0x82,0x4d,0xf0,0x27,0xe6,0x45,0xc0,0xb9,0x29, + 0x4e,0x65,0x5d,0x9f,0xc9,0xe1,0xef,0x95,0xeb,0x53,0xaa,0xff,0x57,0x75,0xc3,0x49, + 0x48,0x6d,0x4b,0x5d,0x67,0xdb,0xa2,0x9b,0x62,0x17,0xf8,0xb9,0x97,0x66,0x12,0xb5, + 0x7e,0x16,0xfc,0x1f,0x99,0x98,0x3f,0x2a,0xf0,0x45,0x79,0x93,0x86,0x06,0x87,0x9b, + 0x7c,0x72,0x53,0xe8,0x70,0x71,0x4b,0x4f,0x0f,0x24,0xe2,0x6d,0xc8,0xc7,0xa6,0xfc, + 0xef,0xfb,0x5f,0x98,0xe3,0xb2,0xfb,0x5d,0xb9,0x49,0xd2,0xf9,0x8c,0xd1,0xae,0x1a, + 0xa5,0x52,0x69,0x6b,0x48,0xc3,0x9f,0x67,0x8e,0x15,0x43,0x51,0xcc,0x75,0x6d,0x3e, + 0x9a,0x97,0xf7,0x92,0x79,0x85,0x3e,0xbd,0x0d,0xb9,0xae,0x68,0x59,0xfb,0x2d,0x57, + 0x21,0x38,0x5d,0x06,0xf5,0x56,0x5a,0x3a,0x8f,0xf0,0x99,0x2d,0x51,0x7a,0xcd,0xa1, + 0xaf,0x69,0xa9,0x28,0x54,0xa1,0xb3,0x2a,0x79,0xcb,0x9e,0x44,0x2a,0x90,0xb0,0x55, + 0xbb,0x2e,0xc3,0xaf,0x8d,0x99,0x26,0xa0,0xd8,0x57,0xe3,0xcb,0x1e,0x7e,0x4a,0x73, + 0x00,0xd1,0xac,0xcb,0x94,0x92,0xec,0x78,0x32,0xaf,0x45,0x35,0x29,0xff,0x0f,0x4a, + 0x6a,0xd3,0x25,0x97,0x57,0xf7,0x07,0xf7,0x13,0xaa,0xa5,0xdf,0x23,0x1f,0x74,0x87), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x71,0xd4,0x16,0x3e,0x70,0x8c,0x12,0x1e,0x93,0x1b,0xb9,0x69,0x2b,0x21,0x7d,0xdd, + 0xd3,0x5c,0x73,0x46,0xf6,0x1c,0xfc,0x95,0x91,0xf7,0xa4,0x31,0x3a,0xbd,0x4a,0x92, + 0x62,0xaf,0x82,0x0b,0xd7,0xeb,0x37,0xe7,0x8c,0x2b,0x95,0xb8,0x9d,0xaf,0x25,0xec, + 0x8e,0x78,0x3a,0xa1,0xd4,0xb7,0x8d,0xbb,0x96,0x85,0x24,0x33,0xb4,0xd4,0x78,0xb1, + 0x09,0xa6,0xd6,0x5e,0xed,0x7d,0x06,0xf3,0xfe,0x12,0x2b,0x17,0x21,0x49,0xea,0xe7, + 0xc3,0x65,0xce,0xd6,0x65,0x78,0xeb,0xb7,0x57,0x1e,0xc2,0x18,0xc3,0x6b,0x65,0xd2, + 0xee,0x22,0xdc,0xde,0xbb,0x28,0xc6,0x6a,0x71,0x38,0x43,0x2c,0xbd,0xd7,0x12,0xf7, + 0xfb,0x8b,0xf7,0x8c,0xb1,0x48,0x60,0xb2,0x5c,0x2b,0x47,0x89,0x70,0x6b,0x5a,0x1b), + .s = chunk_from_chars( + 0x25,0x22,0xee,0x3b,0xda,0x30,0xc0,0x43,0x4e,0x54,0xb1,0x99,0xda,0x8c,0x97,0x33, + 0x96,0x4f,0xd4,0x02,0xb7,0x07,0xf5,0xb3,0x30,0xf4,0xf7,0x54,0xa0,0x50,0x2c,0x7a, + 0x71,0x3c,0x78,0x14,0xf0,0xe8,0x51,0xa4,0xa4,0xdb,0x72,0x69,0x0d,0xb9,0x6e,0xa8, + 0xb8,0x81,0x3b,0xd8,0x62,0x9a,0x94,0x8b,0xb3,0x0c,0x1b,0x82,0x72,0xa8,0x16,0xb3, + 0x0a,0x75,0x5f,0xc6,0xfb,0x17,0x54,0x16,0x7c,0x3e,0xb1,0xf1,0x94,0x39,0x59,0x07, + 0xa5,0x6c,0xf5,0xa7,0x3b,0x41,0x54,0x38,0x3a,0x05,0xb7,0x8b,0x73,0x1f,0xed,0xd9, + 0x07,0x7f,0x3c,0x22,0x67,0xa5,0xcf,0x92,0x66,0x97,0x87,0x1f,0xe0,0xa4,0xbe,0xd9, + 0xc2,0x19,0x55,0x2d,0xd1,0xc8,0x7a,0xff,0x50,0x61,0x30,0x94,0xbc,0xaa,0x2d,0xec, + 0x42,0xa3,0x53,0x80,0xa6,0xba,0xc6,0x73,0xda,0x25,0x94,0xf8,0x24,0xa8,0xf3,0x2f, + 0x21,0xd7,0x59,0x3a,0x3e,0x49,0xc7,0x8e,0xe2,0x80,0x19,0x3a,0x47,0x86,0x21,0xd3, + 0xb0,0x95,0xc1,0x6d,0xce,0x72,0x93,0x53,0x14,0xd4,0xa2,0x32,0x3e,0xeb,0xe7,0x85, + 0x5c,0xa4,0x73,0x8a,0x19,0xb5,0xa3,0x1a,0x5f,0x95,0xab,0x91,0xfb,0xe1,0x28,0x9c, + 0x02,0xfe,0xa7,0xa6,0x5b,0x91,0x32,0x7b,0x7b,0x97,0x90,0x55,0x62,0x89,0xe1,0xb9, + 0x88,0xe4,0x5d,0x50,0xeb,0x8c,0xea,0x15,0x81,0xde,0x5d,0x5d,0xfd,0x21,0x00,0x1c, + 0x73,0xb4,0x39,0x21,0xd8,0xb2,0x1b,0x96,0x44,0xb0,0xf2,0xb9,0x6e,0xe6,0xb0,0x9d, + 0x73,0x70,0x9c,0x33,0x33,0x81,0x43,0xd6,0xa2,0xfe,0xc5,0x59,0xa4,0x36,0xc5,0xec, + 0x86,0x5d,0x3a,0xcc,0xa5,0xfe,0xe6,0x54,0xf1,0x32,0x5a,0xe5,0x72,0x55,0xdf,0xd4, + 0x21,0x88,0xc8,0x4d,0xcb,0x1f,0x7c,0x1e,0x86,0x02,0x8a,0x74,0xe3,0x1d,0x73,0x60, + 0x78,0x74,0x1e,0xe9,0x7c,0x39,0xa5,0x6e,0x4d,0xe0,0x0f,0xc1,0x2b,0x80,0x51,0x83, + 0x5b,0xbd,0x0d,0x8f,0xca,0xe7,0x37,0x32,0x20,0x99,0xad,0xc1,0x01,0x71,0x07,0x02, + 0x2d,0xd1,0x5c,0x11,0x4d,0xa5,0x7e,0x78,0xb9,0x56,0x81,0xba,0x99,0x45,0x61,0x5b, + 0x59,0xda,0x90,0xf5,0xa2,0xa9,0x9a,0x25,0x2e,0xb4,0x2b,0x20,0x06,0xee,0xdd,0x6e, + 0x78,0x47,0x6c,0x29,0x05,0x47,0x3e,0xe6,0xb4,0xf2,0x3c,0x1c,0x5c,0xf0,0xb8,0x04, + 0x51,0xc5,0x42,0x6e,0xa0,0x09,0x14,0x1c,0xb3,0xfc,0xb0,0xdf,0x2d,0xed,0x92,0xbe), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xd0,0x0e,0x15,0x29,0x22,0x8c,0x79,0xa2,0x0a,0x1c,0x36,0x68,0xff,0xa4,0xa5,0x41, + 0x40,0xbb,0x17,0x0b,0xc5,0xc6,0x69,0xfd,0x75,0x60,0xd9,0x30,0x99,0x00,0x17,0x5e, + 0x91,0xd5,0xa0,0xe9,0xc5,0xf5,0x47,0x1f,0xdf,0xb7,0x14,0xbc,0x38,0x5d,0x52,0xb0, + 0x8f,0xf7,0xe4,0x23,0x01,0x84,0xd8,0xb7,0x35,0x59,0x3f,0x0d,0xd8,0xc7,0x3b,0x8a, + 0x49,0xf8,0x59,0x5b,0x95,0x1a,0x21,0xb6,0xa5,0xbf,0xec,0x63,0xb6,0x84,0xf6,0x7c, + 0x0a,0xf1,0xb4,0x71,0xdd,0xa1,0x68,0x4e,0x9b,0xa3,0xf2,0x41,0x50,0x1f,0xe9,0x57, + 0x60,0x3d,0xea,0x86,0x78,0x42,0x30,0xf0,0xc4,0xfd,0x65,0x66,0x63,0x61,0xb8,0x2b, + 0x18,0x73,0x30,0xfb,0x42,0x67,0x40,0x4c,0x0e,0x05,0x9b,0xd4,0xeb,0x52,0x49,0x4b), + .s = chunk_from_chars( + 0x18,0x35,0xdd,0x97,0xe5,0x09,0x3a,0x33,0xce,0x1e,0x62,0xd6,0x83,0x86,0x3f,0x6b, + 0x35,0x07,0xf3,0x58,0xa6,0x2f,0xc8,0x79,0xb5,0x24,0x35,0x0f,0xbc,0x73,0x30,0x68, + 0x1c,0xb0,0xc6,0x82,0xee,0xf4,0x33,0x04,0x19,0xca,0xf8,0x54,0x3b,0xd9,0x26,0x9b, + 0x6d,0x91,0xd8,0xe1,0x07,0xec,0x38,0xb6,0xe9,0xc6,0xea,0xab,0xf9,0x06,0x45,0x72, + 0x05,0xd5,0x2a,0x90,0x0e,0x05,0x57,0x9a,0xa1,0x1f,0xc5,0x81,0x37,0x52,0x64,0xe6, + 0x9a,0x92,0x57,0x98,0xe5,0xa3,0x48,0xe5,0xa1,0x6f,0x15,0x67,0xd5,0xd0,0xe4,0x08, + 0x53,0x38,0x0b,0x34,0xde,0xac,0x93,0xad,0x73,0x77,0xaa,0xe8,0xa2,0x7b,0x09,0x0d, + 0x0d,0x3a,0x92,0xbf,0x7a,0x82,0x4d,0x92,0x6e,0x2e,0x35,0xa0,0xc3,0xbd,0x0e,0x99, + 0x0b,0x59,0x11,0x20,0xd7,0x4d,0xd9,0xb0,0x52,0xa7,0x35,0x68,0xe3,0xc3,0xf2,0x9c, + 0x5a,0x77,0xfb,0x1c,0x92,0x1b,0xce,0x9c,0x1e,0x7f,0x76,0x4a,0xa6,0x7b,0xac,0x11, + 0x9f,0x58,0x39,0xa5,0x30,0x38,0x60,0xed,0xeb,0x63,0x48,0x14,0xc2,0x38,0x6c,0x83, + 0x1f,0xee,0x62,0x00,0xcf,0x55,0xb6,0xbf,0xea,0x05,0x8b,0x79,0x5a,0x0f,0xcf,0x26, + 0xeb,0x72,0x16,0xae,0x1b,0x75,0x87,0xc8,0x2e,0x56,0x85,0xe5,0x84,0x17,0x0c,0xbd, + 0xdc,0x89,0xa7,0x7e,0x09,0x89,0xd4,0xce,0x5c,0x3c,0x7f,0xdb,0x66,0x4a,0xae,0xaa, + 0xdb,0xce,0x1f,0x23,0x1e,0x64,0x79,0x8f,0x6f,0x9a,0x85,0x45,0x6b,0x5a,0x93,0xa5, + 0x02,0x12,0x6a,0x80,0xe2,0xd2,0x1f,0x46,0x92,0x1c,0xc3,0x60,0x1f,0x5e,0xcd,0xbd, + 0x56,0x99,0x8a,0x63,0xb8,0x65,0xfc,0xe7,0xeb,0x29,0x9f,0x76,0xaf,0x40,0xe9,0x12, + 0x81,0xbf,0xc0,0x19,0xf4,0x0e,0x0d,0x46,0x81,0x1e,0x38,0x36,0x91,0xe4,0x02,0x4c, + 0x94,0x56,0x6f,0x18,0x02,0x4f,0xf2,0xb2,0x2a,0xa7,0xe1,0x27,0x02,0x33,0xff,0x16, + 0xe9,0x2f,0x89,0xc6,0x85,0x09,0xea,0x0b,0xe2,0xd3,0x45,0x11,0x58,0x1d,0x47,0x22, + 0x07,0xd1,0xb6,0x5f,0x7e,0xde,0x45,0x13,0x3d,0xe8,0x7a,0x5f,0xfb,0x92,0x62,0xc1, + 0xff,0x84,0x08,0x8f,0xf0,0x4c,0x01,0x83,0xf4,0x84,0x67,0x99,0x6a,0x94,0xd8,0x2b, + 0xa7,0x51,0x0c,0xb0,0xb3,0x6c,0xf2,0x54,0x82,0x09,0xa5,0x06,0x03,0x37,0x5c,0xb8, + 0x2e,0x67,0x8f,0x51,0x49,0x33,0x45,0xca,0x33,0xf9,0x34,0x5f,0xfd,0xf5,0x4b,0xe9), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xa3,0x59,0x26,0x68,0x55,0x61,0xf0,0x9f,0x30,0x92,0x5e,0x94,0xd7,0x4e,0x56,0x61, + 0x89,0x2a,0x2d,0xdd,0x52,0x4f,0x75,0x1f,0x83,0x21,0x16,0x3d,0x61,0x1e,0xa1,0x59, + 0x1a,0x08,0xe0,0xdf,0xfd,0x46,0xb2,0x08,0xe9,0x88,0x15,0xa3,0x06,0xaa,0x85,0x14, + 0xb4,0xdb,0x85,0x9d,0xc1,0xfe,0x7b,0xdc,0xdf,0x50,0xc0,0x95,0x55,0x4b,0xf8,0xb2, + 0xf4,0xcb,0x9f,0x88,0x4d,0x70,0xe5,0x5c,0x21,0x43,0xbc,0x26,0x19,0x9c,0x2f,0x94, + 0xb7,0x43,0xf5,0x52,0x8d,0xd5,0x46,0x89,0xad,0x69,0xed,0xa6,0x60,0x74,0x9f,0x5c, + 0x1b,0xea,0x8b,0xec,0xae,0xa6,0x32,0xa4,0xbf,0x0c,0x79,0xa5,0x77,0xed,0xfc,0xea, + 0x7b,0xaa,0xa6,0x86,0x1e,0x9d,0x7f,0x2d,0xd5,0xb4,0xc4,0xf6,0xeb,0x5f,0x3d,0x5f), + .s = chunk_from_chars( + 0xb1,0xa9,0xc4,0x5a,0x26,0x4d,0x2c,0x9a,0xf4,0x41,0xa7,0xb2,0xd3,0x30,0xdd,0x78, + 0x80,0x89,0xcc,0xef,0x20,0x5d,0x5d,0x66,0x6b,0xfe,0x86,0x43,0x67,0xbe,0x97,0x38, + 0x12,0x4e,0x9d,0x74,0x64,0x8a,0xd9,0x91,0x60,0xbd,0x3a,0xf8,0x1a,0x81,0x85,0x8b, + 0xab,0xe6,0x67,0xa5,0xd9,0x5c,0x98,0x0f,0xe2,0xf6,0xac,0x34,0x86,0x1e,0xb2,0xec, + 0x9b,0x4b,0x4e,0x8b,0x64,0x2e,0xf3,0x82,0x0f,0x56,0xca,0x38,0x8a,0x55,0x65,0x30, + 0xd4,0x27,0x54,0xc4,0x72,0x12,0xe9,0xb2,0xf2,0x52,0x38,0xa1,0xef,0x5a,0xfe,0x29, + 0xbe,0x63,0x40,0x8c,0xf3,0x8c,0xaa,0x2d,0x23,0xa7,0x88,0x24,0xae,0x0b,0x92,0x59, + 0x75,0xd3,0xe9,0x83,0x55,0x8d,0xf6,0xd2,0xe9,0xb1,0xd3,0x4a,0x18,0xb1,0xd9,0x73, + 0xff,0xac,0xcc,0x74,0x5e,0x52,0x7c,0xe7,0x6c,0x66,0x3e,0x90,0x37,0x19,0x35,0x5e, + 0x45,0xcd,0x6d,0x11,0x8e,0xd0,0xb8,0x5b,0x70,0xcb,0xb8,0xe4,0x96,0x41,0x13,0x53, + 0xf8,0x4f,0x88,0x66,0xa0,0x1f,0xad,0xc8,0x19,0xca,0x0f,0xf9,0x5b,0xbe,0x2c,0xc6, + 0x8c,0x8c,0xf7,0x8d,0xa5,0x58,0x1b,0xec,0xc9,0x62,0x47,0xb9,0x11,0xd1,0x85,0xed, + 0x1f,0xae,0x36,0xc4,0xca,0xd2,0x62,0x08,0xeb,0x80,0x88,0x3f,0x42,0xa0,0x81,0x23, + 0xda,0xc6,0x8d,0x88,0xf2,0xf9,0x89,0x3c,0xde,0x02,0xef,0x5a,0x57,0x66,0x1d,0xb2, + 0xb3,0xe1,0xe9,0x26,0x9c,0xbb,0x0e,0x15,0xc4,0x07,0xbc,0xf5,0x5d,0x92,0xe6,0x79, + 0x38,0x3c,0x90,0x80,0x2c,0xd0,0xbf,0xfd,0x46,0x96,0x46,0xdc,0xb6,0x0c,0xa0,0x1a, + 0x1d,0xea,0xd4,0x32,0x28,0x93,0x40,0x18,0x39,0x1d,0xd8,0x1f,0x8b,0x7e,0x79,0x7e, + 0x52,0x7f,0xbe,0x18,0x15,0xb9,0x1b,0xf3,0xcd,0x6a,0x1f,0x2f,0xfb,0xf5,0xdd,0x16, + 0x6a,0xcd,0x55,0x26,0x76,0x1c,0xa8,0xba,0xb5,0xd4,0x63,0xfb,0x9f,0xb8,0x20,0x65, + 0x9f,0x5c,0xd5,0x0f,0x81,0x50,0xf1,0x2f,0x7e,0x8d,0x52,0xe7,0x77,0x73,0xc1,0xe6, + 0x48,0x0c,0x2c,0xc1,0x84,0xd4,0x11,0xd6,0x41,0xf7,0x1a,0x9d,0xed,0xc2,0xc5,0xfc, + 0x2e,0xc3,0x7a,0x27,0x70,0xa9,0x38,0x3b,0xfb,0xf6,0xa4,0x89,0xcf,0x32,0xb5,0x6a, + 0x12,0xcf,0x99,0x37,0x8e,0x39,0xb5,0x0b,0xda,0xdb,0x9f,0x05,0x91,0xb2,0x06,0x5f, + 0x9d,0x44,0xe5,0x11,0xc9,0xdf,0xb6,0x15,0x8f,0xdd,0xdd,0xd1,0xbc,0x2c,0xec,0xe6), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x12,0x71,0xa0,0xdd,0xb9,0x9a,0x0e,0x1e,0x9a,0x50,0x1c,0xa3,0x3c,0x13,0x1b,0x0a, + 0x1c,0x78,0x20,0xa3,0x97,0x79,0x08,0x69,0x09,0x0f,0xba,0x37,0x37,0x03,0xac,0x38, + 0xea,0x00,0xa9,0xa0,0xdd,0xee,0xd1,0x99,0xd9,0x7b,0xe1,0x80,0x1f,0xfa,0xb4,0x52, + 0x06,0x71,0x0a,0x61,0xe5,0xed,0x89,0x4c,0x33,0x19,0x01,0x2d,0xed,0x0f,0xf4,0x14, + 0x38,0x6e,0x56,0xb5,0x48,0xad,0x91,0x5d,0x80,0xaf,0xcc,0x2b,0xdb,0x97,0x6d,0x7c, + 0x8a,0xdd,0xdc,0xa7,0xdf,0xa2,0x8a,0xeb,0x69,0x40,0x33,0xa5,0x61,0x26,0x60,0xc6, + 0x44,0xe3,0x2f,0x85,0xc2,0x80,0x56,0x51,0xd7,0x13,0x66,0x0a,0x38,0x91,0x4d,0x70, + 0xf0,0xe4,0x1f,0xdc,0x4b,0x3d,0x16,0x2e,0xf3,0xac,0xd7,0x06,0x59,0xee,0xf6,0x37), + .s = chunk_from_chars( + 0xbf,0xfd,0x01,0x0b,0x2e,0xc4,0xe4,0xa3,0x27,0x77,0xb7,0x76,0x19,0xb8,0x76,0x22, + 0xf8,0x92,0x1d,0xab,0x56,0xe1,0x02,0xc8,0xd8,0x24,0xfe,0x52,0xb5,0xdf,0x7a,0x20, + 0x3f,0xe7,0x17,0x99,0xee,0xaf,0xdc,0xc0,0xc8,0x87,0x2d,0xba,0x6a,0x37,0x44,0x07, + 0xb5,0x63,0x9a,0xeb,0x5a,0x30,0xa9,0x04,0x71,0x2f,0x15,0x09,0x7d,0xba,0x0f,0x2d, + 0x62,0xe8,0x45,0x41,0x23,0x95,0xcf,0x09,0x54,0x0a,0xbd,0x6e,0x10,0xc1,0xa2,0xe2, + 0x3d,0xbf,0x2f,0xe1,0xdf,0xd2,0xb0,0x2a,0xf4,0xee,0xa4,0x75,0x15,0x95,0x7f,0xa3, + 0x73,0x8b,0x06,0x41,0x1a,0x55,0x1f,0x8f,0x8d,0xc4,0xb8,0x5e,0xa7,0xf5,0xa3,0xa1, + 0xe2,0x6c,0xcc,0x44,0x98,0xbd,0x64,0xaf,0x80,0x38,0xc1,0xda,0x5c,0xbd,0x8e,0x80, + 0xb3,0xcb,0xac,0xde,0xf1,0xa4,0x1e,0xc5,0xaf,0x20,0x55,0x66,0xc8,0xdd,0x80,0xb2, + 0xea,0xda,0xf9,0x7d,0xd0,0xaa,0x98,0x33,0xba,0x3f,0xd0,0xe4,0xb6,0x73,0xe2,0xf8, + 0x96,0x0b,0x04,0xed,0xa7,0x61,0x61,0x64,0x39,0x14,0x24,0x2b,0x96,0x1e,0x74,0xde, + 0xae,0x49,0x7c,0xaf,0x00,0x5b,0x00,0x51,0x5d,0x78,0x49,0x2e,0xc2,0xc2,0xde,0xb6, + 0x0a,0x57,0xb9,0xdc,0xe3,0x6e,0x68,0xdd,0x82,0x00,0x7d,0x94,0x2a,0xe7,0xc0,0x23, + 0xe1,0x21,0x0f,0x0b,0xe8,0xa3,0xeb,0x3f,0x00,0x48,0x24,0x07,0x4b,0x8f,0x72,0x5e, + 0xaf,0x8a,0xc7,0x73,0xe6,0x0f,0xbb,0xb7,0xcb,0xa9,0x63,0x0e,0x88,0xb6,0x9c,0x8b, + 0xcb,0x2d,0x74,0xdb,0xdb,0x29,0xbf,0xff,0x8b,0x22,0x54,0x5b,0x80,0xbb,0x63,0x4e, + 0x4c,0x05,0xf7,0x3e,0x00,0x2a,0x92,0x8e,0xfd,0x5a,0x6a,0xa4,0x56,0x21,0xce,0x1b, + 0x03,0x2a,0x22,0x44,0xde,0x48,0xf4,0xdf,0x43,0x58,0x15,0x66,0x78,0xcb,0xe0,0x39, + 0xc9,0xeb,0xe4,0xce,0xe9,0x45,0xa2,0x5b,0x90,0x38,0x46,0x9f,0xe0,0x0c,0x30,0x92, + 0x93,0x6a,0x8c,0xff,0x93,0x69,0x04,0x5f,0x90,0x67,0x33,0xa9,0xd2,0xab,0x36,0x60, + 0x18,0x20,0x69,0xb1,0x57,0xca,0x8f,0x9b,0x99,0xa7,0x1f,0xc1,0x53,0xc6,0x83,0x01, + 0xe9,0x7a,0x38,0xfc,0x3a,0x87,0xae,0x2b,0x6f,0x03,0x75,0x4e,0x6d,0xa8,0x2d,0x0b, + 0x07,0x26,0xe0,0x70,0x39,0x79,0xc9,0x32,0x02,0x89,0xfe,0xef,0xbc,0xdd,0xcd,0x9d, + 0x70,0x6b,0x71,0xb5,0x1e,0x9a,0x1b,0x9d,0xc1,0x41,0x2e,0x6e,0xd4,0xb5,0x66,0x76), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0xf3,0x0c,0x78,0x3b,0x4e,0xae,0xb4,0x65,0x76,0x7f,0xa1,0xb9,0x6d,0x0a,0xf5,0x24, + 0x35,0xd8,0x5f,0xab,0x91,0x2b,0x6a,0xba,0x10,0xef,0xa5,0xb9,0x46,0xed,0x01,0xe1, + 0x5d,0x42,0x7a,0x4e,0xcd,0x0f,0xf9,0x55,0x67,0x73,0x79,0x17,0x98,0xb6,0x69,0x56, + 0xec,0xc7,0x52,0x88,0xd1,0xe9,0xba,0x2a,0x9e,0xa9,0x48,0x57,0xd3,0x13,0x29,0x99, + 0xa2,0x25,0xb1,0xff,0xaf,0x84,0x46,0x70,0x15,0x6e,0x7a,0x3e,0xa9,0xf0,0x77,0xfe, + 0x82,0x59,0xa0,0x98,0xb9,0xee,0x75,0x9a,0x6d,0xdf,0xb7,0xd2,0x0a,0x7a,0xcd,0x1b, + 0xcb,0x9f,0x67,0x77,0x7e,0x74,0x61,0x5e,0x88,0x59,0xea,0x56,0x28,0x1f,0xe5,0xc4, + 0x00,0x74,0x8f,0x02,0xd1,0xa2,0x63,0xb1,0x86,0x7a,0x3b,0x51,0x74,0x8a,0xb7,0x0f), + .s = chunk_from_chars( + 0x34,0x5e,0x2f,0x60,0xf7,0xc8,0x2c,0x89,0xef,0x7d,0xfd,0x7d,0xff,0x2b,0xc2,0x34, + 0x8b,0xab,0x02,0x04,0x79,0x33,0x08,0x99,0xd4,0x41,0x02,0x13,0xb3,0x5e,0x98,0xd9, + 0xba,0xc9,0x2f,0xd8,0xae,0x80,0x6b,0x5b,0xce,0x8a,0x6c,0x4b,0xd8,0x27,0x5b,0x0f, + 0xac,0xb4,0xdd,0x13,0xf9,0xd6,0x8b,0xa6,0x71,0x41,0xfa,0x50,0x85,0x26,0x4d,0xa6, + 0xdd,0x68,0x5a,0x6d,0x21,0x21,0x70,0xa2,0xc9,0xcb,0xf2,0xcf,0x59,0x30,0x18,0x0e, + 0xff,0xc2,0x50,0x86,0x8c,0x98,0x4b,0xf5,0x0f,0xf6,0x9d,0x60,0x69,0xea,0x28,0xf5, + 0xbc,0x1b,0x63,0x70,0x5d,0x07,0x32,0x41,0x6f,0xd8,0x29,0xa5,0xf5,0xd6,0x21,0x74, + 0x62,0xc2,0x2a,0x33,0xfd,0x46,0x52,0xf7,0xc1,0xd1,0x98,0x79,0x46,0x46,0xc0,0x84, + 0x06,0x02,0x4e,0x81,0x63,0xa7,0xeb,0xe3,0x9c,0xfb,0x51,0x4c,0x54,0x43,0x89,0x7b, + 0x58,0x94,0xdd,0x19,0xa2,0x13,0xe0,0x37,0xf2,0x7e,0x0f,0xfb,0xd6,0xc5,0x44,0x7a, + 0x80,0x5a,0x54,0xdf,0xdf,0x4f,0x65,0x81,0x9d,0x4e,0x0f,0xbe,0xe2,0x5e,0x3d,0xac, + 0x47,0xfb,0x6b,0x63,0x6e,0x8d,0xe6,0x19,0x0a,0xdc,0xcb,0xce,0xe9,0x37,0xd0,0x97, + 0x7b,0x35,0xb9,0x73,0x60,0x6b,0x0c,0xa3,0x48,0x75,0x8b,0x50,0xcd,0xbb,0xa0,0x28, + 0xb7,0x3d,0x0e,0xf0,0x1c,0x56,0x01,0x4c,0x03,0x1c,0x59,0x8f,0xe8,0xdb,0x87,0xd2, + 0xca,0x46,0x44,0x77,0x0a,0xaa,0x04,0x51,0xc3,0x76,0xde,0xd8,0x2f,0xf5,0xc6,0xb8, + 0xe7,0xd2,0xed,0x9d,0x1c,0x8a,0x17,0xc3,0x12,0x2c,0x12,0x82,0x73,0xc6,0x0f,0xd1, + 0xb0,0x08,0x8d,0xfb,0xc9,0xc9,0x27,0xf1,0x62,0xe4,0x38,0x79,0x40,0x59,0x64,0xcb, + 0x11,0xef,0x78,0x99,0x12,0x3f,0xeb,0x8f,0x88,0xdd,0x27,0x34,0xdf,0x98,0xaa,0x69, + 0x6d,0x93,0x6a,0x8d,0xf0,0x70,0x00,0xe8,0x4a,0xf9,0x01,0x01,0xf7,0x00,0x6a,0x9b, + 0xd2,0x54,0x9f,0xdd,0x0a,0xd3,0xf9,0xde,0x09,0x30,0x12,0xd3,0x2d,0x2a,0xfa,0xa8, + 0x28,0x01,0x7e,0xe9,0xc6,0x07,0xcb,0xf5,0xb5,0x4f,0x22,0x36,0x66,0xd4,0xb5,0xf3, + 0xe2,0x6e,0x0d,0xfe,0xc0,0x03,0x96,0x1b,0x83,0xd8,0x3d,0xe3,0x9f,0xf6,0xa0,0xe8, + 0x1e,0x18,0x83,0xc1,0xdb,0x4a,0xaa,0xf0,0x82,0xfe,0xc5,0xaa,0x30,0xa7,0xe5,0x78, + 0x55,0x3d,0x89,0x77,0x4c,0x67,0x90,0x77,0x90,0xc9,0x6d,0xc4,0xf5,0xbe,0x4c,0x8c), + }, + { + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512, + .m = chunk_from_chars( + 0x13,0x2c,0xf5,0x0c,0x66,0xac,0x4c,0xc5,0x43,0x39,0x75,0x1a,0x0e,0xbb,0x86,0x5e, + 0x1d,0x3d,0x32,0x05,0x62,0xfc,0x90,0x5c,0x4a,0xbd,0x1e,0x78,0xe4,0x64,0x06,0x6c, + 0x46,0xc3,0xa0,0xc0,0x2d,0xb0,0x37,0x1e,0xe3,0x5a,0x10,0x4d,0x66,0xdd,0xa8,0x64, + 0xc6,0x13,0x3e,0x37,0xcf,0xad,0x91,0x16,0xe8,0x83,0xeb,0xb7,0x3b,0x29,0x5e,0x70, + 0x16,0xc3,0x4e,0xa9,0x91,0x1a,0x30,0x92,0x72,0xef,0x90,0x11,0x4d,0x8f,0x59,0xff, + 0xf0,0xa7,0x51,0x93,0xfe,0x5a,0xe3,0x1e,0xd9,0x91,0x21,0xf9,0xc5,0x92,0x09,0xbc, + 0x4b,0xd5,0x07,0xb1,0xdc,0x12,0xbc,0x89,0xb7,0x9f,0xfe,0x4d,0x0d,0xf9,0x20,0x97, + 0x62,0xa1,0x73,0x01,0x36,0x29,0x0c,0xde,0xe5,0x8e,0xc8,0x28,0xcc,0xc8,0x8e,0xba), + .s = chunk_from_chars( + 0xb1,0x25,0x03,0xb7,0xb2,0xf7,0x83,0x61,0x88,0x84,0x17,0x4b,0xcb,0x9b,0xe1,0x08, + 0x77,0x96,0x04,0x31,0xed,0x63,0x63,0xc8,0x07,0xe1,0x2d,0xb7,0x1b,0x8b,0x6b,0xd9, + 0xd6,0x40,0x1d,0x06,0x4e,0x25,0x37,0x40,0x15,0x8e,0x8b,0x90,0x01,0x52,0xd3,0x7f, + 0xaf,0x20,0x33,0x3a,0x7d,0x80,0xb3,0xd4,0x7c,0x7c,0x7a,0x3f,0xa1,0x20,0x91,0xce, + 0x31,0xcd,0x8a,0xae,0x27,0x2a,0x4d,0xa1,0x5f,0xe2,0xcb,0x5c,0xfd,0xea,0x54,0x11, + 0x95,0xa4,0x69,0xc9,0x6b,0xcf,0x69,0x5e,0x0b,0x52,0x6d,0xfa,0x48,0xa5,0x90,0x03, + 0xc6,0x76,0x3a,0xf8,0x13,0x63,0x92,0xc4,0xb8,0xd2,0x4d,0xb3,0x14,0x74,0x6f,0x42, + 0xac,0xa5,0x50,0xac,0xc6,0x5e,0x07,0x49,0x13,0xab,0x82,0x23,0x2e,0xb8,0x59,0x35, + 0x09,0x15,0x8a,0x8b,0xa3,0x4b,0xc0,0xf0,0xe3,0x12,0x5a,0x83,0x4a,0x3e,0xd2,0xd6, + 0xa8,0xcb,0x1d,0x08,0x5f,0x23,0x4a,0xe8,0x68,0xb8,0x6a,0xea,0x8d,0x6f,0x82,0xe1, + 0x3a,0x08,0x84,0x24,0x85,0x06,0x6e,0x48,0xaa,0xe4,0x83,0x78,0x73,0x15,0x0f,0x44, + 0x47,0x5e,0x12,0x60,0x2b,0x55,0x2d,0xcb,0x34,0xd1,0xf9,0xfd,0xaa,0xdb,0xc6,0xbf, + 0xf5,0x13,0x4c,0x6f,0xc7,0x62,0x63,0x88,0x8b,0xe6,0x7e,0xfe,0x63,0xee,0x18,0x40, + 0xfa,0x08,0xc4,0x99,0x38,0x85,0x8a,0x9d,0x48,0xb1,0x05,0x8d,0x18,0x97,0x6b,0xf2, + 0xe3,0xbf,0xc6,0x25,0x55,0x2f,0x75,0xb3,0xea,0x44,0xeb,0x91,0xdd,0x36,0x68,0x65, + 0xf2,0x40,0xa0,0xc3,0x36,0xa0,0x11,0x0e,0x0f,0xa0,0x9d,0x09,0xcd,0x94,0xc7,0x0c, + 0xbc,0x88,0x95,0xae,0x3d,0x44,0xae,0x3d,0xff,0x54,0x5f,0x0e,0x8c,0x8c,0xc6,0x62, + 0xec,0xd4,0x0f,0x90,0x99,0xa9,0x52,0x49,0x43,0x96,0xc6,0xb4,0x23,0xeb,0xb4,0x63, + 0x40,0x99,0x69,0x28,0x1c,0xdd,0x54,0xad,0x87,0xa3,0x08,0xe4,0x87,0xce,0x19,0x74, + 0x5b,0x30,0xd5,0xda,0x76,0xb9,0x8d,0x2a,0xa9,0xa0,0x07,0xa5,0x57,0x83,0xb3,0x03, + 0x7e,0x5b,0x86,0x62,0x32,0x28,0x10,0xbd,0xd1,0x1d,0x86,0xdc,0x3f,0x61,0x45,0x11, + 0x49,0x39,0x1f,0xb2,0xf1,0x4e,0xd9,0xc1,0x7c,0x75,0x16,0x23,0xa4,0x04,0x2c,0xe7, + 0xed,0xb8,0x75,0xee,0x27,0xbc,0xd1,0xf1,0x9d,0x6d,0xc9,0x28,0x3a,0xd0,0x6d,0x15, + 0xe0,0x97,0xe2,0xb0,0xb1,0x5a,0x7e,0xb7,0x12,0x8a,0xdb,0xca,0x0a,0xa6,0xad,0xcc), + }, +}; + +START_TEST(test_sign_pkcs15_3072) +{ + signature_scheme_t scheme = pkcs15_3072[_i].scheme; + chunk_t sig; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme)) || + !lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, scheme))) + { + warn("%N not supported, skip test", signature_scheme_names, scheme); + return; + } + fail_unless(privkey_3072->sign(privkey_3072, scheme, NULL, pkcs15_3072[_i].m, &sig), + "sign %N", signature_scheme_names, scheme); + ck_assert_chunk_eq(pkcs15_3072[_i].s, sig); + fail_unless(pubkey_3072->verify(pubkey_3072, scheme, NULL, pkcs15_3072[_i].m, sig), + "verify %N", signature_scheme_names, scheme); + free(sig.ptr); +} +END_TEST + +/** + * Keys for the FIPS 186-4 SigGen RSASSA-PSS test vectors + */ +static private_key_t *privpss_2048, *privpss_3072; +static public_key_t *pubpss_2048, *pubpss_3072; +static bool pss_salt_supported; + +static void pss_salt_test() +{ + chunk_t sig_salt = chunk_from_chars( + 0x3c,0x34,0xa4,0x56,0xdb,0x84,0x7b,0x7b,0xbb,0xbb,0xb0,0x15,0x5c,0xe2,0xe2,0x26, + 0xde,0xa9,0x27,0xb8,0x71,0x1b,0x28,0x0d,0xe3,0xe4,0xc2,0x6b,0x44,0x39,0xae,0x78, + 0x3a,0x93,0x68,0x6c,0xa0,0x91,0x19,0xd3,0x15,0x3b,0x93,0x15,0x92,0x13,0xaa,0x22, + 0x76,0x18,0xfd,0xbf,0x53,0x7f,0x2c,0xa7,0x24,0x5d,0xfa,0x93,0x78,0xff,0xdf,0x25, + 0x25,0x6c,0x65,0x2d,0xc1,0x6c,0xfd,0x43,0x87,0x3c,0x83,0x5b,0xe0,0x76,0xaf,0x99, + 0xa7,0xe4,0x11,0x3d,0xa6,0xa7,0xa4,0x50,0x0c,0xb8,0x4b,0x9b,0xd7,0x29,0xa6,0x6c, + 0x39,0x15,0xef,0xd9,0x46,0x5d,0x64,0x7e,0xf9,0x90,0x4a,0x7e,0x53,0xeb,0xfd,0x2f, + 0x32,0xdc,0x38,0xdf,0x3d,0xef,0xf7,0xa5,0x87,0xf0,0x5c,0x33,0x78,0x61,0x40,0x36, + 0x8d,0x16,0x14,0xf3,0xeb,0xfb,0x58,0x99,0x06,0xe9,0x48,0x67,0x93,0xe7,0x84,0x3c, + 0x6c,0x4a,0x3c,0x7e,0x0b,0xcc,0x62,0xcf,0xdb,0x7b,0x85,0xff,0x6c,0x3d,0x9f,0x7c, + 0x22,0x9e,0x0a,0x83,0x0b,0x3a,0x6a,0xe9,0xc2,0xbe,0x2f,0xd2,0xab,0x66,0xcb,0x1a, + 0x52,0x27,0x71,0x72,0x46,0xbf,0xed,0x8d,0xaa,0x47,0xaf,0x88,0x3a,0xf2,0xc2,0x6d, + 0xf4,0x24,0x01,0x4c,0x21,0xa1,0x40,0x63,0x93,0xeb,0xd9,0x56,0xf5,0xd2,0x74,0xe6, + 0x16,0x94,0x89,0x74,0x31,0x71,0xba,0xbd,0x6a,0x89,0x4a,0x52,0x9a,0x79,0x07,0x68, + 0x34,0x24,0x54,0xfd,0x21,0x54,0x7d,0xbe,0x3a,0x46,0xa6,0x28,0xa5,0xbc,0xea,0x30, + 0xb6,0x85,0xda,0x7e,0x45,0x24,0xc9,0xba,0x5f,0x0d,0xee,0xea,0x1b,0x54,0x67,0xc6); + chunk_t sig_zero = chunk_from_chars( + 0xb0,0x7e,0x08,0xf4,0xb7,0x02,0xf7,0x91,0x7a,0x81,0x65,0xc3,0x87,0x39,0xe7,0x67, + 0xfa,0x28,0x4d,0xe5,0x65,0xe3,0x95,0x94,0xfd,0x30,0x1d,0x94,0x98,0x81,0xce,0x0c, + 0x0e,0x8d,0x40,0xc1,0x37,0x43,0x9b,0xbd,0x81,0x0e,0x19,0x8c,0xee,0xd8,0xd9,0x7a, + 0x95,0x96,0x76,0x57,0x0b,0x86,0xc5,0x69,0xe9,0x4d,0x9a,0x82,0x80,0xd5,0xf7,0x95, + 0x15,0x7c,0xfc,0x82,0xe6,0x0a,0x1a,0x13,0x84,0xb3,0xbc,0xe6,0xe3,0xc0,0xd4,0x84, + 0xcf,0xd4,0xdd,0xbd,0x5a,0x53,0x49,0x1f,0x72,0x47,0xbf,0x93,0x59,0xf4,0xf2,0xfb, + 0xcf,0xf8,0x42,0xb6,0xdb,0xb4,0xfb,0xea,0xa6,0x2e,0xdc,0xb5,0x3c,0x41,0x73,0xaa, + 0xba,0x0a,0xb3,0x7b,0x23,0x03,0x0a,0x71,0x7f,0x49,0xba,0x17,0xaa,0x35,0x15,0xeb, + 0xd0,0xea,0xae,0xb2,0x7a,0xf2,0xed,0x58,0x74,0xb0,0xe5,0xa8,0x1e,0x59,0x10,0x88, + 0xe6,0xe6,0xf7,0xc6,0x41,0x78,0xf5,0x88,0x35,0x03,0xf9,0x82,0x42,0xb5,0x42,0x43, + 0xc6,0x4f,0xeb,0xbf,0xa0,0x3b,0xef,0x61,0x35,0x80,0x2c,0xcb,0x3f,0x3a,0x3e,0x3d, + 0x7a,0x75,0x5e,0x0b,0xdb,0xc8,0xdf,0xc1,0x2f,0x73,0x55,0xec,0x2b,0x20,0xd0,0xf3, + 0xa3,0x8a,0xaf,0x3a,0xb3,0xe5,0xad,0xa2,0x9c,0x4f,0x6b,0x64,0x6b,0xb0,0x54,0x38, + 0x96,0xaa,0xb6,0x9c,0x8b,0xe9,0x7d,0x41,0xa5,0x0a,0xde,0x24,0x4d,0x5a,0x37,0xe6, + 0xe3,0xbd,0xbb,0x1c,0x00,0x8a,0x22,0xd5,0x51,0x70,0x18,0xaf,0x13,0x05,0x6e,0x32, + 0xf7,0xef,0xc3,0xe5,0x4b,0x6f,0x94,0xa0,0x59,0xa8,0xf8,0x7f,0x42,0x08,0x3b,0x51); + chunk_t sig; + rsa_pss_params_t params = { + .hash = HASH_SHA256, + .mgf1_hash = HASH_SHA256, + .salt = chunk_from_chars(0x01,0x02,0x03,0x04), + }; + + pss_salt_supported = FALSE; + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS))) + { + return; + } + /* we should get one of two signatures, either one without a salt or + * one with the configured salt */ + fail_unless(privpss_2048->sign(privpss_2048, SIGN_RSA_EMSA_PSS, + ¶ms, chunk_from_chars(0x04,0x03,0x02,0x01), &sig), + "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + + if (chunk_equals(sig, sig_salt)) + { /* matches signature with passed salt */ + pss_salt_supported = TRUE; + } + else if (!chunk_equals(sig, sig_zero)) + { /* does not match signature without salt */ + fail("unexpected signature received: %B", &sig); + } + free(sig.ptr); +} + +START_SETUP(setup_keys_pss) +{ + create_key(chunk_from_chars( + 0xc5,0x06,0x2b,0x58,0xd8,0x53,0x9c,0x76,0x5e,0x1e,0x5d,0xba,0xf1,0x4c,0xf7,0x5d, + 0xd5,0x6c,0x2e,0x13,0x10,0x5f,0xec,0xfd,0x1a,0x93,0x0b,0xbb,0x59,0x48,0xff,0x32, + 0x8f,0x12,0x6a,0xbe,0x77,0x93,0x59,0xca,0x59,0xbc,0xa7,0x52,0xc3,0x08,0xd2,0x81, + 0x57,0x3b,0xc6,0x17,0x8b,0x6c,0x0f,0xef,0x7d,0xc4,0x45,0xe4,0xf8,0x26,0x43,0x04, + 0x37,0xb9,0xf9,0xd7,0x90,0x58,0x1d,0xe5,0x74,0x9c,0x2c,0xb9,0xcb,0x26,0xd4,0x2b, + 0x2f,0xee,0x15,0xb6,0xb2,0x6f,0x09,0xc9,0x96,0x70,0x33,0x64,0x23,0xb8,0x6b,0xc5, + 0xbe,0xc7,0x11,0x13,0x15,0x7b,0xe2,0xd9,0x44,0xd7,0xff,0x3e,0xeb,0xff,0xb2,0x84, + 0x13,0x14,0x3e,0xa3,0x67,0x55,0xdb,0x0a,0xe6,0x2f,0xf5,0xb7,0x24,0xee,0xcb,0x3d, + 0x31,0x6b,0x6b,0xac,0x67,0xe8,0x9c,0xac,0xd8,0x17,0x19,0x37,0xe2,0xab,0x19,0xbd, + 0x35,0x3a,0x89,0xac,0xea,0x8c,0x36,0xf8,0x1c,0x89,0xa6,0x20,0xd5,0xfd,0x2e,0xff, + 0xea,0x89,0x66,0x01,0xc7,0xf9,0xda,0xca,0x7f,0x03,0x3f,0x63,0x5a,0x3a,0x94,0x33, + 0x31,0xd1,0xb1,0xb4,0xf5,0x28,0x87,0x90,0xb5,0x3a,0xf3,0x52,0xf1,0x12,0x1c,0xa1, + 0xbe,0xf2,0x05,0xf4,0x0d,0xc0,0x12,0xc4,0x12,0xb4,0x0b,0xdd,0x27,0x58,0x5b,0x94, + 0x64,0x66,0xd7,0x5f,0x7e,0xe0,0xa7,0xf9,0xd5,0x49,0xb4,0xbe,0xce,0x6f,0x43,0xac, + 0x3e,0xe6,0x5f,0xe7,0xfd,0x37,0x12,0x33,0x59,0xd9,0xf1,0xa8,0x50,0xad,0x45,0x0a, + 0xaf,0x5c,0x94,0xeb,0x11,0xde,0xa3,0xfc,0x0f,0xc6,0xe9,0x85,0x6b,0x18,0x05,0xef), + chunk_from_chars( + 0x86,0xc9,0x4f), + chunk_from_chars( + 0x49,0xe5,0x78,0x6b,0xb4,0xd3,0x32,0xf9,0x45,0x86,0x32,0x7b,0xde,0x08,0x88,0x75, + 0x37,0x9b,0x75,0xd1,0x28,0x48,0x8f,0x08,0xe5,0x74,0xab,0x47,0x15,0x30,0x2a,0x87, + 0xee,0xa5,0x2d,0x4c,0x4a,0x23,0xd8,0xb9,0x7a,0xf7,0x94,0x48,0x04,0x33,0x7c,0x5f, + 0x55,0xe1,0x6b,0xa9,0xff,0xaf,0xc0,0xc9,0xfd,0x9b,0x88,0xec,0xa4,0x43,0xf3,0x9b, + 0x79,0x67,0x17,0x0d,0xdb,0x8c,0xe7,0xdd,0xb9,0x3c,0x60,0x87,0xc8,0x06,0x6c,0x4a, + 0x95,0x53,0x8a,0x44,0x1b,0x9d,0xc8,0x0d,0xc9,0xf7,0x81,0x00,0x54,0xfd,0x1e,0x5c, + 0x9d,0x02,0x50,0xc9,0x78,0xbb,0x2d,0x74,0x8a,0xbe,0x1e,0x94,0x65,0xd7,0x1a,0x81, + 0x65,0xd3,0x12,0x6d,0xce,0x5d,0xb2,0xad,0xac,0xc0,0x03,0xe9,0x06,0x2b,0xa3,0x7a, + 0x54,0xb6,0x3e,0x5f,0x49,0xa4,0xea,0xfe,0xbd,0x7e,0x4b,0xf5,0xb0,0xa7,0x96,0xc2, + 0xb3,0xa9,0x50,0xfa,0x09,0xc7,0x98,0xd3,0xfa,0x3e,0x86,0xc4,0xb6,0x2c,0x33,0xba, + 0x93,0x65,0xed,0xa0,0x54,0xe5,0xfe,0x74,0xa4,0x1f,0x21,0xb5,0x95,0x02,0x6a,0xcf, + 0x10,0x93,0xc9,0x0a,0x8c,0x71,0x72,0x2f,0x91,0xaf,0x1e,0xd2,0x9a,0x41,0xa2,0x44, + 0x9a,0x32,0x0f,0xc7,0xba,0x31,0x20,0xe3,0xe8,0xc3,0xe4,0x24,0x0c,0x04,0x92,0x5c, + 0xc6,0x98,0xec,0xd6,0x6c,0x7c,0x90,0x6b,0xdf,0x24,0x0a,0xda,0xd9,0x72,0xb4,0xdf, + 0xf4,0x86,0x9d,0x40,0x0b,0x5d,0x13,0xe3,0x3e,0xeb,0xa3,0x8e,0x07,0x5e,0x87,0x2b, + 0x0e,0xd3,0xe9,0x1c,0xc9,0xc2,0x83,0x86,0x7a,0x4f,0xfc,0x39,0x01,0xd2,0x06,0x9f), + &privpss_2048, &pubpss_2048); + + create_key(chunk_from_chars( + 0xa7,0xa1,0x88,0x2a,0x7f,0xb8,0x96,0x78,0x60,0x34,0xd0,0x7f,0xb1,0xb9,0xf6,0x32, + 0x7c,0x27,0xbd,0xd7,0xce,0x6f,0xe3,0x9c,0x28,0x5a,0xe3,0xb6,0xc3,0x42,0x59,0xad, + 0xc0,0xdc,0x4f,0x7b,0x9c,0x7d,0xec,0x3c,0xa4,0xa2,0x0d,0x34,0x07,0x33,0x9e,0xed, + 0xd7,0xa1,0x2a,0x42,0x1d,0xa1,0x8f,0x59,0x54,0x67,0x3c,0xac,0x2f,0xf0,0x59,0x15, + 0x6e,0xcc,0x73,0xc6,0x86,0x1e,0xc7,0x61,0xe6,0xa0,0xf2,0xa5,0xa0,0x33,0xa6,0x76, + 0x8c,0x6a,0x42,0xd8,0xb4,0x59,0xe1,0xb4,0x93,0x23,0x49,0xe8,0x4e,0xfd,0x92,0xdf, + 0x59,0xb4,0x59,0x35,0xf3,0xd0,0xe3,0x08,0x17,0xc6,0x62,0x01,0xaa,0x99,0xd0,0x7a, + 0xe3,0x6c,0x5d,0x74,0xf4,0x08,0xd6,0x9c,0xc0,0x8f,0x04,0x41,0x51,0xff,0x49,0x60, + 0xe5,0x31,0x36,0x0c,0xb1,0x90,0x77,0x83,0x3a,0xdf,0x7b,0xce,0x77,0xec,0xfa,0xa1, + 0x33,0xc0,0xcc,0xc6,0x3c,0x93,0xb8,0x56,0x81,0x45,0x69,0xe0,0xb9,0x88,0x4e,0xe5, + 0x54,0x06,0x1b,0x9a,0x20,0xab,0x46,0xc3,0x82,0x63,0xc0,0x94,0xda,0xe7,0x91,0xaa, + 0x61,0xa1,0x7f,0x8d,0x16,0xf0,0xe8,0x5b,0x7e,0x5c,0xe3,0xb0,0x67,0xec,0xe8,0x9e, + 0x20,0xbc,0x4e,0x8f,0x1a,0xe8,0x14,0xb2,0x76,0xd2,0x34,0xe0,0x4f,0x4e,0x76,0x6f, + 0x50,0x1d,0xa7,0x4e,0xa7,0xe3,0x81,0x7c,0x24,0xea,0x35,0xd0,0x16,0x67,0x6c,0xec, + 0xe6,0x52,0xb8,0x23,0xb0,0x51,0x62,0x55,0x73,0xca,0x92,0x75,0x7f,0xc7,0x20,0xd2, + 0x54,0xec,0xf1,0xdc,0xbb,0xfd,0x21,0xd9,0x83,0x07,0x56,0x1e,0xca,0xab,0x54,0x54, + 0x80,0xc7,0xc5,0x2a,0xd7,0xe9,0xfa,0x6b,0x59,0x7f,0x5f,0xe5,0x50,0x55,0x9c,0x2f, + 0xe9,0x23,0x20,0x5a,0xc1,0x76,0x1a,0x99,0x73,0x7c,0xa0,0x2d,0x7b,0x19,0x82,0x2e, + 0x00,0x8a,0x89,0x69,0x34,0x9c,0x87,0xfb,0x87,0x4c,0x81,0x62,0x0e,0x38,0xf6,0x13, + 0xc8,0x52,0x1f,0x03,0x81,0xfe,0x5b,0xa5,0x5b,0x74,0x82,0x7d,0xad,0x3e,0x1c,0xf2, + 0xaa,0x29,0xc6,0x93,0x36,0x29,0xf2,0xb2,0x86,0xad,0x11,0xbe,0x88,0xfa,0x64,0x36, + 0xe7,0xe3,0xf6,0x4a,0x75,0xe3,0x59,0x52,0x90,0xdc,0x0d,0x1c,0xd5,0xee,0xe7,0xaa, + 0xac,0x54,0x95,0x9c,0xc5,0x3b,0xd5,0xa9,0x34,0xa3,0x65,0xe7,0x2d,0xd8,0x1a,0x2b, + 0xd4,0xfb,0x9a,0x67,0x82,0x1b,0xff,0xed,0xf2,0xef,0x2b,0xd9,0x49,0x13,0xde,0x8b), + chunk_from_chars( + 0x14,0x15,0xa7), + chunk_from_chars( + 0x07,0x3a,0x5f,0xc4,0xcd,0x64,0x2f,0x61,0x13,0xdf,0xfc,0x4f,0x84,0x03,0x5c,0xee, + 0x3a,0x2b,0x8a,0xcc,0x54,0x97,0x03,0x75,0x1a,0x1d,0x6a,0x5e,0xaa,0x13,0x48,0x72, + 0x29,0xa5,0x8e,0xf7,0xd7,0xa5,0x22,0xbb,0x9f,0x4f,0x25,0x51,0x0f,0x1a,0xa0,0xf7, + 0x4c,0x6a,0x8f,0xc8,0xa5,0xc5,0xbe,0x8b,0x91,0xa6,0x74,0xed,0xe5,0x0e,0x92,0xf7, + 0xe3,0x4a,0x90,0xa3,0xc9,0xda,0x99,0x9f,0xff,0xb1,0xd6,0x95,0xe4,0x58,0x8f,0x45, + 0x12,0x56,0xc1,0x63,0x48,0x4c,0x15,0x13,0x50,0xcb,0x9c,0x78,0x25,0xa7,0xd9,0x10, + 0x84,0x5e,0xe5,0xcf,0x82,0x6f,0xec,0xf9,0xa7,0xc0,0xfb,0xbb,0xba,0x22,0xbb,0x4a, + 0x53,0x1c,0x13,0x1d,0x2e,0x77,0x61,0xba,0x89,0x8f,0x00,0x2e,0xbe,0xf8,0xab,0x87, + 0x21,0x85,0x11,0xf8,0x1d,0x32,0x66,0xe1,0xec,0x07,0xa7,0xca,0x86,0x22,0x51,0x4c, + 0x6d,0xfd,0xc8,0x6c,0x67,0x67,0x9a,0x2c,0x8f,0x5f,0x03,0x1d,0xe9,0xa0,0xc2,0x2b, + 0x5a,0x88,0x06,0x0b,0x46,0xee,0x0c,0x64,0xd3,0xb9,0xaf,0x3c,0x0a,0x37,0x9b,0xcd, + 0x9c,0x6a,0x1b,0x51,0xcf,0x64,0x80,0x45,0x6d,0x3f,0xd6,0xde,0xf9,0x4c,0xd2,0xa6, + 0xc1,0x71,0xdd,0x3f,0x01,0x0e,0x3c,0x9d,0x66,0x2b,0xc8,0x57,0x20,0x82,0x48,0xc9, + 0x4e,0xbc,0xb9,0xfd,0x99,0x7b,0x9f,0xf4,0xa7,0xe5,0xfd,0x95,0x55,0x85,0x69,0x90, + 0x65,0x25,0xe7,0x41,0xd7,0x83,0x44,0xf6,0xf6,0xcf,0xdb,0xd5,0x9d,0x4f,0xaa,0x52, + 0xee,0x3f,0xa9,0x64,0xfb,0x7c,0xcc,0xb2,0xd6,0xbe,0x19,0x35,0xd2,0x11,0xfe,0x14, + 0x98,0x21,0x77,0x16,0x27,0x39,0x39,0xa9,0x46,0x08,0x1f,0xd8,0x50,0x99,0x13,0xfd, + 0x47,0x74,0x7c,0x5c,0x2f,0x03,0xef,0xd4,0xd6,0xfc,0x9c,0x6f,0xcf,0xd8,0x40,0x2e, + 0x9f,0x40,0xa0,0xa5,0xb3,0xde,0x3c,0xa2,0xb3,0xc0,0xfa,0xc9,0x45,0x69,0x38,0xfa, + 0xa6,0xcf,0x2c,0x20,0xe3,0x91,0x2e,0x59,0x81,0xc9,0x87,0x6d,0x8c,0xa1,0xff,0x29, + 0xb8,0x7a,0x15,0xee,0xae,0x0c,0xcc,0xe3,0xf8,0xa8,0xf1,0xe4,0x05,0x09,0x1c,0x08, + 0x3b,0x98,0xbc,0xc5,0xfe,0x0d,0x0d,0xea,0xae,0x33,0xc6,0x7c,0x03,0x94,0x43,0x7f, + 0x0e,0xcc,0xb3,0x85,0xb7,0xef,0xb1,0x7a,0xee,0xbb,0xa8,0xaf,0xae,0xcc,0xa3,0x0a, + 0x2f,0x63,0xea,0xc8,0xf0,0xac,0x8f,0x1e,0xac,0xad,0x85,0xbb,0xca,0xf3,0x96,0x0b), + &privpss_3072, &pubpss_3072); + + pss_salt_test(); +} +END_SETUP + +START_TEARDOWN(teardown_keys_pss) +{ + pubpss_2048->destroy(pubpss_2048); + privpss_2048->destroy(privpss_2048); + pubpss_3072->destroy(pubpss_3072); + privpss_3072->destroy(privpss_3072); +} +END_TEARDOWN + +/** + * SigGen test vectors from FIPS 186-4 (first two for each hash algo) + */ +static struct { + rsa_pss_params_t params; + chunk_t m; + chunk_t s; +} pss_sign_2048[] = { + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, + .salt_len = 20, + .salt = chunk_from_chars( + 0xe1,0x25,0x6f,0xc1,0xee,0xef,0x81,0x77,0x3f,0xdd,0x54,0x65,0x7e,0x40,0x07,0xfd, + 0xe6,0xbc,0xb9,0xb1), + }, + .m = chunk_from_chars( + 0xdf,0xc2,0x26,0x04,0xb9,0x5d,0x15,0x32,0x80,0x59,0x74,0x5c,0x6c,0x98,0xeb,0x9d, + 0xfb,0x34,0x7c,0xf9,0xf1,0x70,0xaf,0xf1,0x9d,0xee,0xec,0x55,0x5f,0x22,0x28,0x5a, + 0x67,0x06,0xc4,0xec,0xbf,0x0f,0xb1,0x45,0x8c,0x60,0xd9,0xbf,0x91,0x3f,0xba,0xe6, + 0xf4,0xc5,0x54,0xd2,0x45,0xd9,0x46,0xb4,0xbc,0x5f,0x34,0xae,0xc2,0xac,0x6b,0xe8, + 0xb3,0x3d,0xc8,0xe0,0xe3,0xa9,0xd6,0x01,0xdf,0xd5,0x36,0x78,0xf5,0x67,0x44,0x43, + 0xf6,0x7d,0xf7,0x8a,0x3a,0x9e,0x09,0x33,0xe5,0xf1,0x58,0xb1,0x69,0xac,0x8d,0x1c, + 0x4c,0xd0,0xfb,0x87,0x2c,0x14,0xca,0x8e,0x00,0x1e,0x54,0x2e,0xa0,0xf9,0xcf,0xda, + 0x88,0xc4,0x2d,0xca,0xd8,0xa7,0x40,0x97,0xa0,0x0c,0x22,0x05,0x5b,0x0b,0xd4,0x1f), + .s = chunk_from_chars( + 0x8b,0x46,0xf2,0xc8,0x89,0xd8,0x19,0xf8,0x60,0xaf,0x0a,0x6c,0x4c,0x88,0x9e,0x4d, + 0x14,0x36,0xc6,0xca,0x17,0x44,0x64,0xd2,0x2a,0xe1,0x1b,0x9c,0xcc,0x26,0x5d,0x74, + 0x3c,0x67,0xe5,0x69,0xac,0xcb,0xc5,0xa8,0x0d,0x4d,0xd5,0xf1,0xbf,0x40,0x39,0xe2, + 0x3d,0xe5,0x2a,0xec,0xe4,0x02,0x91,0xc7,0x5f,0x89,0x36,0xc5,0x8c,0x9a,0x2f,0x77, + 0xa7,0x80,0xbb,0xe7,0xad,0x31,0xeb,0x76,0x74,0x2f,0x7b,0x2b,0x8b,0x14,0xca,0x1a, + 0x71,0x96,0xaf,0x7e,0x67,0x3a,0x3c,0xfc,0x23,0x7d,0x50,0xf6,0x15,0xb7,0x5c,0xf4, + 0xa7,0xea,0x78,0xa9,0x48,0xbe,0xda,0xf9,0x24,0x24,0x94,0xb4,0x1e,0x1d,0xb5,0x1f, + 0x43,0x7f,0x15,0xfd,0x25,0x51,0xbb,0x5d,0x24,0xee,0xfb,0x1c,0x3e,0x60,0xf0,0x36, + 0x94,0xd0,0x03,0x3a,0x1e,0x0a,0x9b,0x9f,0x5e,0x4a,0xb9,0x7d,0x45,0x7d,0xff,0x9b, + 0x9d,0xa5,0x16,0xdc,0x22,0x6d,0x6d,0x65,0x29,0x50,0x03,0x08,0xed,0x74,0xa2,0xe6, + 0xd9,0xf3,0xc1,0x05,0x95,0x78,0x8a,0x52,0xa1,0xbc,0x06,0x64,0xae,0xdf,0x33,0xef, + 0xc8,0xba,0xdd,0x03,0x7e,0xb7,0xb8,0x80,0x77,0x2b,0xdb,0x04,0xa6,0x04,0x6e,0x9e, + 0xde,0xee,0x41,0x97,0xc2,0x55,0x07,0xfb,0x0f,0x11,0xab,0x1c,0x9f,0x63,0xf5,0x3c, + 0x88,0x20,0xea,0x84,0x05,0xcf,0xd7,0x72,0x16,0x92,0x47,0x5b,0x4d,0x72,0x35,0x5f, + 0xa9,0xa3,0x80,0x4f,0x29,0xe6,0xb6,0xa7,0xb0,0x59,0xc4,0x44,0x1d,0x54,0xb2,0x8e, + 0x4e,0xed,0x25,0x29,0xc6,0x10,0x3b,0x54,0x32,0xc7,0x13,0x32,0xce,0x74,0x2b,0xcc), + }, + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, + .salt_len = 20, + .salt = chunk_from_chars( + 0xe1,0x25,0x6f,0xc1,0xee,0xef,0x81,0x77,0x3f,0xdd,0x54,0x65,0x7e,0x40,0x07,0xfd, + 0xe6,0xbc,0xb9,0xb1), + }, + .m = chunk_from_chars( + 0xfd,0x6a,0x06,0x3e,0x61,0xc2,0xb3,0x54,0xfe,0x8c,0xb3,0x7a,0x5f,0x37,0x88,0xb5, + 0xc0,0x1f,0xf1,0x5a,0x72,0x5f,0x6b,0x81,0x81,0xe6,0xf6,0xb7,0x95,0xce,0x1c,0xf3, + 0x16,0xe9,0x30,0xcc,0x93,0x9c,0xd4,0xe8,0x65,0xf0,0xbd,0xb8,0x8f,0xe6,0xbb,0x62, + 0xe9,0x0b,0xf3,0xff,0x7e,0x4d,0x6f,0x07,0x32,0x0d,0xda,0x09,0xa8,0x75,0x84,0xa0, + 0x62,0x0c,0xad,0xa2,0x2a,0x87,0xff,0x9a,0xb1,0xe3,0x5c,0x79,0x77,0xb0,0xda,0x88, + 0xea,0xb0,0x0c,0xa1,0xd2,0xa0,0x84,0x9f,0xec,0x56,0x95,0x13,0xd5,0x0c,0x5e,0x39, + 0x2a,0xfc,0x03,0x2a,0xee,0x2d,0x3e,0x52,0x2c,0x8c,0x17,0x25,0xdd,0x3e,0xef,0x0e, + 0x0b,0x35,0xc3,0xa8,0x37,0x01,0xaf,0x31,0xf9,0xe9,0xb1,0x3c,0xe6,0x3b,0xb0,0xa5), + .s = chunk_from_chars( + 0x49,0x2b,0x6f,0x68,0x84,0xdf,0x46,0x1f,0xe1,0x05,0x16,0xb6,0xb8,0xcc,0x20,0x53, + 0x85,0xc2,0x01,0x08,0xec,0x47,0xd5,0xdb,0x69,0x28,0x3f,0x4a,0x76,0x88,0xe3,0x18, + 0xcf,0xdc,0x3c,0x49,0x1f,0xb2,0x92,0x25,0x32,0x5a,0xeb,0x46,0xef,0xc7,0x5e,0x85, + 0x58,0x40,0x91,0x0b,0xba,0xf0,0xd1,0xc8,0xd4,0x78,0x45,0x42,0xb9,0x70,0x75,0x4a, + 0xaa,0x84,0xbf,0xe4,0x7c,0x77,0xb3,0xa1,0xb5,0x03,0x7d,0x4d,0x79,0x75,0x94,0x71, + 0xe9,0x6c,0xc7,0xa5,0x27,0xa0,0xed,0x06,0x7e,0x21,0x70,0x9e,0xf7,0xf4,0xc4,0x11, + 0x1b,0x60,0xb8,0xc0,0x80,0x82,0xc8,0x18,0x0c,0x7c,0x96,0xb6,0x1c,0x0f,0x71,0x02, + 0xed,0x9b,0x90,0xe2,0x4d,0xe1,0x1e,0x62,0x98,0xbb,0x24,0x45,0x18,0xf9,0xb4,0x46, + 0xce,0x64,0x1f,0xe9,0x95,0xe9,0xcc,0x29,0x9e,0xd4,0x11,0xb6,0x5e,0xb2,0x5e,0xaa, + 0xe9,0xe5,0x53,0x48,0x4a,0x0a,0x7e,0x95,0x6e,0xad,0xf0,0x84,0x08,0x88,0xc7,0x0e, + 0x5c,0xa6,0xeb,0xc3,0xe4,0x79,0xf8,0xc6,0x9c,0x53,0xcf,0x31,0x37,0x0a,0xb3,0x85, + 0xe8,0xb6,0x73,0xdc,0x45,0xa0,0xc1,0x96,0x4e,0xc4,0x94,0x68,0xd1,0x82,0x46,0x21, + 0x3a,0x8f,0x93,0xa2,0xa9,0x6a,0xad,0x5a,0x27,0x01,0xc1,0x91,0xa1,0x4a,0x31,0x51, + 0x9e,0x4f,0x36,0x54,0x4d,0x66,0x87,0x08,0xff,0x37,0xbe,0x54,0x81,0xcb,0x0f,0xfa, + 0x2b,0x0e,0x1f,0x14,0x5e,0x29,0xf8,0x57,0x5d,0xfa,0x9e,0xc3,0x0c,0x6c,0xb4,0x1c, + 0x39,0x34,0x39,0x29,0x22,0x10,0xea,0x80,0x6a,0x50,0x55,0x98,0xeb,0xdf,0x08,0x33), + }, + { + .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, + .salt_len = 25, + .salt = chunk_from_chars( + 0xb7,0x50,0x58,0x76,0x71,0xaf,0xd7,0x68,0x86,0xe8,0xff,0xb7,0x86,0x5e,0x78,0xf7, + 0x06,0x64,0x1b,0x2e,0x42,0x51,0xb4,0x87,0x06), + }, + .m = chunk_from_chars( + 0x83,0x3a,0xa2,0xb1,0xdc,0xc7,0x76,0x07,0xa4,0x4e,0x80,0x4e,0xe7,0x7d,0x45,0x40, + 0x85,0x86,0xc5,0x36,0x86,0x1f,0x66,0x48,0xad,0xcd,0x2f,0xb6,0x50,0x63,0x36,0x87, + 0x67,0xc5,0x5c,0x6f,0xe2,0xf2,0x37,0xf6,0x40,0x42,0x50,0xd7,0x5d,0xec,0x8f,0xa6, + 0x8b,0xca,0xf3,0xb6,0xe5,0x61,0x86,0x3a,0xe0,0x1c,0x91,0xaa,0x23,0xd8,0x0c,0x69, + 0x99,0xa5,0x58,0xa4,0xc4,0xcb,0x31,0x7d,0x54,0x0c,0xde,0x69,0xf8,0x29,0xaa,0xd6, + 0x74,0xa8,0x98,0x12,0xf4,0xd3,0x53,0x68,0x9f,0x04,0x64,0x8c,0x70,0x20,0xa7,0x39, + 0x41,0x62,0x00,0x18,0x29,0x5a,0x4a,0xe4,0x08,0x35,0x90,0xcc,0x60,0x3e,0x80,0x18, + 0x67,0xa5,0x1c,0x10,0x5a,0x7f,0xb3,0x19,0x13,0x0f,0x10,0x22,0xde,0x44,0xf1,0x3e), + .s = chunk_from_chars( + 0x2c,0xa3,0x7a,0x3d,0x6a,0xbd,0x28,0xc1,0xea,0xf9,0xbd,0xe5,0xe7,0xac,0x17,0xf1, + 0xfa,0x79,0x9c,0xe1,0xb4,0xb8,0x99,0xd1,0x99,0x85,0xc2,0xff,0x7c,0x8b,0xa9,0x59, + 0xfe,0x54,0xe5,0xaf,0xb8,0xbc,0x40,0x21,0xa1,0xf1,0xc6,0x87,0xee,0xbb,0x8c,0xba, + 0x80,0x0d,0x1c,0x51,0x63,0x6b,0x1f,0x68,0xdc,0x3e,0x48,0xf6,0x3e,0x2d,0xa6,0xbc, + 0x6d,0x09,0xc6,0x66,0x8f,0x68,0xe5,0x08,0xc5,0xd8,0xc1,0x9b,0xef,0x15,0x47,0x59, + 0xe2,0xf8,0x9a,0xde,0x15,0x27,0x17,0x37,0x0a,0x89,0x44,0xf5,0x37,0x57,0x82,0x96, + 0x38,0x0d,0x1f,0xe6,0xbe,0x80,0x9e,0x8b,0x11,0x3d,0x2b,0x9d,0x89,0xe6,0xa4,0x6f, + 0x5c,0x33,0x3d,0x4f,0xd4,0x87,0x70,0xfc,0x1e,0xa1,0xc5,0x48,0x10,0x45,0x75,0xb8, + 0x4c,0xf0,0x71,0x04,0x2b,0xfe,0x5a,0xcf,0x49,0x63,0x92,0xbe,0x83,0x51,0xa4,0x1c, + 0x46,0xa2,0xca,0xb0,0x86,0x4c,0x4c,0x1c,0x5b,0x5e,0x0c,0x7b,0x27,0xe7,0xb8,0x8c, + 0x69,0xf3,0x7f,0xfa,0x7e,0x1a,0x8c,0xd9,0x8f,0x34,0x3a,0xc8,0x4a,0x4a,0xd6,0x70, + 0x25,0xa4,0x0e,0xd8,0xf6,0x64,0xe9,0xd6,0x30,0x33,0x7d,0xe6,0xe4,0x8b,0xb2,0x12, + 0x5e,0x25,0x52,0x12,0x36,0x09,0x49,0x1f,0x18,0x3a,0xfd,0x92,0x63,0x44,0x87,0xf0, + 0xb2,0xcf,0x97,0x1f,0x26,0x26,0xe8,0x88,0x58,0x87,0x9d,0x45,0xa2,0x9b,0x0f,0xef, + 0xb6,0x6c,0xd4,0x1b,0x2e,0x4e,0x96,0x83,0x85,0xbd,0x9f,0xc8,0xc7,0x21,0x19,0x76, + 0xbc,0x6b,0xd3,0xe1,0xad,0x6d,0xf6,0x08,0x56,0x98,0x5a,0x82,0x5f,0x47,0x26,0xd2), + }, + { + .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, + .salt_len = 25, + .salt = chunk_from_chars( + 0xb7,0x50,0x58,0x76,0x71,0xaf,0xd7,0x68,0x86,0xe8,0xff,0xb7,0x86,0x5e,0x78,0xf7, + 0x06,0x64,0x1b,0x2e,0x42,0x51,0xb4,0x87,0x06), + }, + .m = chunk_from_chars( + 0x89,0x25,0xb8,0x7e,0x9d,0x1d,0x73,0x9d,0x8f,0x97,0x54,0x50,0xb7,0x9d,0x09,0x19, + 0xdd,0xe6,0x3e,0x8a,0x9e,0xaa,0x1c,0xb5,0x11,0xb4,0x0f,0xe3,0xab,0xb9,0xcd,0x89, + 0x60,0xe8,0x94,0x77,0x0b,0xc2,0xb2,0x53,0x10,0x2c,0x4b,0x46,0x40,0xc3,0x57,0xf5, + 0xfd,0x6f,0xea,0xb3,0x9e,0x3b,0xb8,0xf4,0x15,0x64,0xd8,0x05,0xce,0xaf,0xc8,0xfb, + 0xdb,0x00,0xb2,0xea,0x4f,0x29,0xed,0x57,0xe7,0x00,0xc7,0xef,0xf0,0xb4,0x82,0x79, + 0x64,0x61,0x9c,0x09,0x57,0xe1,0x54,0x76,0x91,0xe6,0x69,0x0f,0x7d,0x45,0x25,0x8a, + 0x42,0x95,0x9a,0x3d,0x2f,0xf9,0x2c,0x91,0x5c,0x3a,0x4f,0xb3,0x8e,0x19,0x92,0x8c, + 0x5c,0xe3,0xdd,0xf4,0x90,0x45,0xf6,0x22,0xd0,0x62,0x4a,0x67,0x7e,0x23,0xeb,0x1d), + .s = chunk_from_chars( + 0x43,0xef,0x93,0xd1,0x4e,0x89,0xb0,0x5d,0x5e,0x0d,0xb2,0xdb,0xd5,0x7a,0x12,0x40, + 0x39,0x10,0x64,0x6b,0x4b,0x0a,0x24,0xd9,0xb8,0x0d,0x94,0x79,0x54,0x59,0x1a,0xfa, + 0x6e,0x98,0x09,0xe9,0x6d,0x7d,0x3e,0x71,0x10,0x03,0xee,0x0a,0x91,0x86,0xab,0x3d, + 0x8e,0x0b,0x4d,0x34,0x25,0xc6,0xda,0x4b,0x5f,0x78,0x99,0x53,0x7e,0x73,0x7b,0x71, + 0xdf,0x9e,0xd6,0x35,0x55,0x29,0xaa,0xce,0x77,0xa7,0xcb,0xa9,0x6b,0x5b,0x0a,0x86, + 0x39,0x92,0x52,0xf1,0x28,0x6a,0x6f,0xca,0xb1,0x80,0xb5,0x98,0x45,0x5d,0xfe,0x1d, + 0xe4,0xb8,0x04,0x70,0xd0,0x63,0x18,0xd5,0xf7,0xa5,0x2e,0x45,0xb6,0xd0,0xbc,0xc0, + 0x0b,0xd3,0x65,0x81,0x9a,0x4a,0x14,0x2b,0x83,0x07,0x27,0x75,0xf4,0x85,0xf6,0x3c, + 0x80,0x04,0xf5,0x33,0x78,0xa9,0xa0,0xd2,0x34,0x5d,0x07,0xb1,0xb3,0x26,0x23,0x8e, + 0xd0,0x70,0xd1,0xe6,0x9f,0xc0,0xb5,0xcf,0x85,0x3a,0x80,0x7c,0xfb,0x72,0x35,0x62, + 0xd1,0xf5,0x68,0x24,0x82,0xe8,0xa4,0x84,0x05,0x88,0xbc,0xc7,0x15,0x4c,0xe0,0x74, + 0x0c,0x76,0x86,0x16,0xcf,0x04,0xd7,0xaa,0x10,0x36,0x42,0x91,0x7e,0xc5,0xb4,0xb5, + 0x14,0xa3,0x73,0x4d,0x9e,0x0c,0x58,0x42,0x7c,0xff,0x42,0xf2,0x7f,0x43,0xfd,0xfc, + 0x85,0x99,0x1e,0x04,0x5a,0xcd,0x17,0xaf,0x6f,0xba,0x7b,0xda,0xb8,0x18,0xe9,0x0e, + 0xb4,0x11,0x76,0x84,0xe8,0x9f,0x91,0x63,0xdf,0xf7,0xb9,0x8b,0x82,0xa0,0x8b,0xaa, + 0x2b,0x49,0xac,0xde,0x48,0x0c,0x57,0x02,0xc3,0x35,0x23,0x7d,0x1b,0xe7,0x71,0xb7), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, + .salt_len = 30, + .salt = chunk_from_chars( + 0xaa,0x10,0xfe,0xc3,0xf8,0x3b,0x7a,0x97,0xe0,0x92,0x87,0x7a,0x5b,0xf9,0x08,0x12, + 0x83,0xf5,0x02,0xa0,0xa4,0x6b,0x50,0xe3,0x95,0xab,0x98,0x3a,0x49,0xac), + }, + .m = chunk_from_chars( + 0x5f,0x0f,0xe2,0xaf,0xa6,0x1b,0x62,0x8c,0x43,0xea,0x3b,0x6b,0xa6,0x05,0x67,0xb1, + 0xae,0x95,0xf6,0x82,0x07,0x6f,0x01,0xdf,0xb6,0x4d,0xe0,0x11,0xf2,0x5e,0x9c,0x4b, + 0x36,0x02,0xa7,0x8b,0x94,0xce,0xcb,0xc1,0x4c,0xd7,0x61,0x33,0x9d,0x2d,0xc3,0x20, + 0xdb,0xa5,0x04,0xa3,0xc2,0xdc,0xde,0xdb,0x0a,0x78,0xeb,0x49,0x3b,0xb1,0x18,0x79, + 0xc3,0x11,0x58,0xe5,0x46,0x77,0x95,0x16,0x35,0x62,0xec,0x0c,0xa2,0x6c,0x19,0xe0, + 0x53,0x15,0x30,0xa8,0x15,0xc2,0x8f,0x9b,0x52,0x06,0x10,0x76,0xe6,0x1f,0x83,0x1e, + 0x2f,0xc4,0x5b,0x86,0x63,0x1e,0xa7,0xd3,0x27,0x14,0x44,0xbe,0x5d,0xcb,0x51,0x3a, + 0x3d,0x6d,0xe4,0x57,0xa7,0x2a,0xfb,0x67,0xb7,0x7d,0xb6,0x5f,0x9b,0xb1,0xc3,0x80), + .s = chunk_from_chars( + 0x5e,0x07,0x12,0xbb,0x36,0x3e,0x50,0x34,0xef,0x6b,0x23,0xc1,0x19,0xe3,0xb4,0x98, + 0x64,0x44,0x45,0xfa,0xab,0x5a,0x4c,0x0b,0x4e,0x21,0x7e,0x4c,0x83,0x2a,0xb3,0x4c, + 0x14,0x2d,0x7f,0x81,0xdb,0xf8,0xaf,0xfd,0xb2,0xda,0xce,0xfa,0xbb,0x2f,0x83,0x52, + 0x4c,0x5a,0xa8,0x83,0xfc,0x5f,0x06,0xe5,0x28,0xb2,0x32,0xd9,0x0f,0xbe,0xa9,0xca, + 0x08,0xae,0x5a,0xc1,0x80,0xd4,0x77,0xea,0xed,0x27,0xd1,0x37,0xe2,0xb5,0x1b,0xd6, + 0x13,0xb6,0x9c,0x54,0x3d,0x55,0x5b,0xfc,0x7c,0xd8,0x1a,0x4f,0x79,0x57,0x53,0xc8, + 0xc6,0x4c,0x6b,0x5d,0x2a,0xcd,0x9e,0x26,0xd6,0x22,0x5f,0x5b,0x26,0xe4,0xe6,0x6a, + 0x94,0x5f,0xd6,0x47,0x7a,0x27,0x7b,0x58,0x0d,0xbe,0xaa,0x46,0xd0,0xbe,0x49,0x8d, + 0xf9,0xa0,0x93,0x39,0x29,0x26,0xc9,0x05,0x64,0x19,0x45,0xec,0x5b,0x95,0x97,0x52, + 0x5e,0x44,0x9a,0xf3,0x74,0x3f,0x80,0x55,0x47,0x88,0xfc,0x35,0x8b,0xc0,0x40,0x1a, + 0x96,0x8f,0xf9,0x8a,0xaf,0x34,0xe5,0x0b,0x35,0x27,0x51,0xf3,0x22,0x74,0x75,0x0f, + 0xf5,0xc1,0xfb,0xa5,0x03,0x05,0x02,0x04,0xce,0xc9,0xc7,0x7d,0xee,0xde,0x7f,0x8f, + 0xa2,0x08,0x45,0xd9,0x5f,0x51,0x77,0x03,0x0b,0xc9,0x1d,0x51,0xf2,0x6f,0x29,0xd2, + 0xa6,0x5b,0x87,0x0d,0xc7,0x2b,0x81,0xe5,0xef,0x9e,0xee,0xf9,0x90,0xd7,0xc7,0x14, + 0x5b,0xbf,0x1a,0x3b,0xc7,0xae,0xdd,0x19,0xfa,0x7c,0xbb,0x02,0x07,0x56,0x52,0x5f, + 0x18,0x02,0x21,0x6c,0x13,0x29,0x6f,0xd6,0xaa,0xc1,0x1b,0xf2,0xd2,0xd9,0x04,0x94), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, + .salt_len = 30, + .salt = chunk_from_chars( + 0xaa,0x10,0xfe,0xc3,0xf8,0x3b,0x7a,0x97,0xe0,0x92,0x87,0x7a,0x5b,0xf9,0x08,0x12, + 0x83,0xf5,0x02,0xa0,0xa4,0x6b,0x50,0xe3,0x95,0xab,0x98,0x3a,0x49,0xac), + }, + .m = chunk_from_chars( + 0x9e,0x88,0x0c,0xe5,0x9f,0x54,0x7d,0x59,0x2c,0x30,0x9c,0x22,0xa2,0x97,0x4b,0xa5, + 0xa5,0x2c,0xf1,0xc1,0x64,0xf2,0xd8,0xa8,0x1e,0xbb,0xd4,0xed,0xe6,0xe3,0x26,0xde, + 0xa3,0x3d,0x9f,0x13,0x5a,0x4e,0x09,0x47,0xb0,0xb9,0xc2,0x67,0xaa,0xfb,0xaa,0xe9, + 0xb8,0x58,0x3f,0x5f,0xf2,0x15,0x07,0x4c,0xa1,0xe8,0x2f,0x36,0x01,0xad,0x71,0xfc, + 0x45,0x5a,0x3b,0x6a,0xdc,0x35,0x0d,0x0b,0xf3,0x45,0x22,0x3e,0x3b,0x06,0x54,0x8c, + 0xec,0x61,0x3a,0x39,0x0a,0xda,0x93,0x19,0xe7,0x0c,0xe7,0xa5,0xe9,0x52,0x6b,0x4e, + 0x8d,0xc8,0x26,0x12,0xac,0x72,0x52,0x4c,0xfd,0xba,0x05,0xd0,0xdc,0x20,0x10,0x37, + 0x49,0x2d,0x27,0x78,0x34,0xa8,0x43,0xb9,0xf8,0x0d,0x45,0x64,0x25,0x3b,0xdc,0x7c), + .s = chunk_from_chars( + 0x8c,0x4f,0x81,0x9e,0x68,0x20,0x81,0xbb,0x16,0xdd,0xd4,0x59,0x66,0x2a,0x80,0x78, + 0xbc,0xa4,0x79,0x3e,0x18,0x11,0x00,0x33,0x53,0x94,0x60,0xb4,0x08,0xc0,0xaf,0x74, + 0x7e,0xa5,0xd9,0x41,0xf7,0x12,0x69,0x1f,0x5d,0x9d,0xdb,0x64,0x31,0x66,0xfd,0x96, + 0x5f,0x5b,0x51,0xb8,0x19,0xd5,0x51,0x41,0xd6,0x7c,0x15,0x53,0xb2,0x7a,0x46,0x82, + 0xe6,0x7d,0x55,0x55,0xb6,0x4d,0x7c,0xd3,0xdb,0x7f,0xc5,0xc2,0xe7,0x01,0xdd,0x26, + 0xe4,0x22,0xaf,0x8a,0x1f,0xb5,0x2c,0xd5,0xf5,0xa0,0x9e,0x0d,0x6d,0xb9,0x00,0xa9, + 0x92,0xf3,0x18,0xde,0xeb,0x6f,0x6e,0x39,0xdf,0xd6,0xaf,0x44,0xcb,0x21,0x7c,0x68, + 0x54,0x08,0x9c,0xea,0xa1,0x6e,0x3f,0x9b,0x10,0x0e,0xf8,0xe7,0x8f,0x6b,0x45,0x34, + 0x58,0xb8,0xef,0x6d,0x71,0x49,0x3e,0x7c,0x6e,0x45,0x28,0x2c,0x61,0x7f,0xa8,0x7c, + 0xcd,0xd4,0xa0,0xf2,0xf9,0xf7,0x16,0x62,0x81,0x80,0x6f,0xb4,0x1d,0x0f,0xe1,0x88, + 0xe0,0x0c,0x40,0xaf,0xea,0xa0,0x7d,0x2d,0xa0,0x9a,0x2c,0xd7,0x80,0x52,0xf8,0xd5, + 0x6b,0x7a,0xf4,0x0d,0x4c,0x73,0x14,0xcc,0xf0,0x2e,0x49,0x0d,0x5e,0x21,0x23,0xbf, + 0x67,0x6f,0x2b,0xcb,0xda,0xbe,0xff,0xcf,0x58,0x79,0x29,0x98,0xdd,0x0f,0x67,0xed, + 0x24,0xe4,0x83,0xd8,0x97,0x6b,0x00,0xd6,0x15,0x1a,0x6e,0x0b,0xa7,0x40,0xbd,0xb5, + 0x7c,0x9b,0xc2,0x7f,0xe5,0xdf,0x91,0x26,0xa4,0x70,0x20,0x07,0x5e,0xb2,0x22,0xd5, + 0xca,0x24,0x70,0x72,0x44,0x60,0xc5,0xad,0xf0,0x67,0xb5,0x75,0x02,0x87,0xcd,0x00), + }, +}; + +START_TEST(test_sign_pss_2048) +{ + chunk_t sig; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) || + !lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS))) + { + warn("%N not supported, skip test", signature_scheme_names, + SIGN_RSA_EMSA_PSS); + return; + } + if (!pss_salt_supported) + { + warn("static salt for %N not supported, skip test", + signature_scheme_names, SIGN_RSA_EMSA_PSS); + return; + } + fail_unless(privpss_2048->sign(privpss_2048, SIGN_RSA_EMSA_PSS, + &pss_sign_2048[_i].params, pss_sign_2048[_i].m, &sig), + "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + ck_assert_chunk_eq(pss_sign_2048[_i].s, sig); + fail_unless(pubpss_2048->verify(pubpss_2048, SIGN_RSA_EMSA_PSS, + &pss_sign_2048[_i].params, pss_sign_2048[_i].m, sig), + "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + free(sig.ptr); +} +END_TEST + +/** + * SigGen test vectors from FIPS 186-4 (first two for each hash algo) + */ +static struct { + rsa_pss_params_t params; + chunk_t m; + chunk_t s; +} pss_sign_3072[] = { + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, + .salt_len = 32, + .salt = chunk_from_chars( + 0x3e,0x07,0xad,0xe7,0x2a,0x3f,0x52,0x53,0x0f,0x53,0x13,0x5a,0x5d,0x7d,0x93,0x21, + 0x74,0x35,0xba,0x00,0x1e,0xa5,0x5a,0x8f,0x5d,0x5d,0x13,0x04,0x68,0x48,0x74,0xbc), + }, + .m = chunk_from_chars( + 0xc1,0x64,0x99,0x11,0x0e,0xd5,0x77,0x20,0x2a,0xed,0x2d,0x3e,0x4d,0x51,0xde,0xd6, + 0xc6,0x63,0x73,0xfa,0xef,0x65,0x33,0xa8,0x60,0xe1,0x93,0x4c,0x63,0x48,0x4f,0x87, + 0xa8,0xd9,0xb9,0x2f,0x3a,0xc4,0x51,0x97,0xb2,0x90,0x97,0x10,0xab,0xba,0x1d,0xaf, + 0x75,0x9f,0xe0,0x51,0x0e,0x9b,0xd8,0xdd,0x4d,0x73,0xce,0xc9,0x61,0xf0,0x6e,0xe0, + 0x7a,0xcd,0x9d,0x42,0xc6,0xd4,0x0d,0xac,0x9f,0x43,0x0e,0xf9,0x03,0x74,0xa7,0xe9, + 0x44,0xbd,0xe5,0x22,0x00,0x96,0x73,0x74,0x54,0xf9,0x6b,0x61,0x4d,0x0f,0x6c,0xdd, + 0x9f,0x08,0xed,0x52,0x9a,0x4a,0xd0,0xe7,0x59,0xcf,0x3a,0x02,0x3d,0xc8,0xa3,0x0b, + 0x9a,0x87,0x29,0x74,0xaf,0x9b,0x2a,0xf6,0xdc,0x3d,0x11,0x1d,0x0f,0xeb,0x70,0x06), + .s = chunk_from_chars( + 0x43,0x35,0x70,0x7d,0xa7,0x35,0xcf,0xd1,0x04,0x11,0xc9,0xc0,0x48,0xca,0x9b,0x60, + 0xbb,0x46,0xe2,0xfe,0x36,0x1e,0x51,0xfb,0xe3,0x36,0xf9,0x50,0x8d,0xc9,0x45,0xaf, + 0xe0,0x75,0x50,0x3d,0x24,0xf8,0x36,0x61,0x0f,0x21,0x78,0x99,0x6b,0x52,0xc4,0x11, + 0x69,0x30,0x52,0xd5,0xd7,0xae,0xd9,0x76,0x54,0xa4,0x00,0x74,0xed,0x20,0xed,0x66, + 0x89,0xc0,0x50,0x1b,0x7f,0xba,0xc2,0x1d,0xc4,0x6b,0x66,0x5a,0xc0,0x79,0x76,0x00, + 0x86,0x41,0x44,0x06,0xcd,0x66,0xf8,0x53,0x7d,0x1e,0xbf,0x0d,0xce,0x4c,0xf0,0xc9, + 0x8d,0x4c,0x30,0xc7,0x1d,0xa3,0x59,0xe9,0xcd,0x40,0x1f,0xf4,0x97,0x18,0xfd,0xd4, + 0xd0,0xf9,0x9e,0xfe,0x70,0xad,0x8d,0xd8,0xba,0x13,0x04,0xce,0xfb,0x88,0xf2,0x4b, + 0x0e,0xed,0xf7,0x01,0x16,0xda,0x15,0x93,0x2c,0x76,0xf0,0x06,0x95,0x51,0xa2,0x45, + 0xb5,0xfc,0x3b,0x91,0xec,0x10,0x1f,0x1d,0x63,0xb9,0x85,0x3b,0x59,0x8c,0x6f,0xa1, + 0xc1,0xac,0xdb,0xac,0xf9,0x62,0x63,0x56,0xc7,0x60,0x11,0x9b,0xe0,0x95,0x56,0x44, + 0x30,0x18,0x96,0xd9,0xd0,0xd3,0xea,0x5e,0x64,0x43,0xcb,0x72,0xca,0x29,0xf4,0xd4, + 0x52,0x46,0xd1,0x6d,0x74,0xd0,0x05,0x68,0xc2,0x19,0x18,0x2f,0xeb,0x19,0x11,0x79, + 0xe4,0x59,0x3d,0xc1,0x52,0xc6,0x08,0xfd,0x80,0x53,0x63,0x29,0xa5,0x33,0xb3,0xa6, + 0x31,0x56,0x68,0x14,0xcd,0x65,0x4f,0x58,0x7c,0x2d,0x8c,0xe6,0x96,0x08,0x5e,0x6e, + 0xd1,0xb0,0xb0,0x27,0x8e,0x60,0xa0,0x49,0xec,0x7a,0x39,0x9f,0x94,0xfc,0xca,0xe6, + 0x46,0x23,0x71,0xa6,0x96,0x95,0xef,0x52,0x5e,0x00,0x93,0x6f,0xa7,0xd9,0x78,0x1f, + 0x9e,0xe2,0x89,0xd4,0x10,0x5e,0xe8,0x27,0xa2,0x79,0x96,0x58,0x30,0x33,0xce,0xdb, + 0x2f,0x29,0x7e,0x7b,0x49,0x26,0xd9,0x06,0xce,0x0d,0x09,0xd8,0x41,0x28,0x40,0x6a, + 0xb3,0x3d,0x7d,0xa0,0xf8,0xa1,0xd4,0xd2,0xf6,0x66,0x56,0x86,0x86,0xc3,0x94,0xd1, + 0x39,0xb0,0xe5,0xe9,0x93,0x37,0x75,0x8d,0xe8,0x59,0x10,0xa5,0xfa,0x25,0xca,0x2a, + 0xa6,0xd8,0xfb,0x1c,0x77,0x72,0x44,0xe7,0xd9,0x8d,0xe4,0xc7,0x9b,0xbd,0x42,0x6a, + 0x5e,0x6f,0x65,0x7e,0x37,0x47,0x7e,0x01,0x24,0x74,0x32,0xf8,0x37,0x97,0xfb,0xf3, + 0x1b,0x50,0xd0,0x2b,0x83,0xf6,0x9d,0xed,0x26,0xd4,0x94,0x5b,0x2b,0xc3,0xf8,0x6e), + }, + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, + .salt_len = 32, + .salt = chunk_from_chars( + 0x3e,0x07,0xad,0xe7,0x2a,0x3f,0x52,0x53,0x0f,0x53,0x13,0x5a,0x5d,0x7d,0x93,0x21, + 0x74,0x35,0xba,0x00,0x1e,0xa5,0x5a,0x8f,0x5d,0x5d,0x13,0x04,0x68,0x48,0x74,0xbc), + }, + .m = chunk_from_chars( + 0x60,0x40,0x2d,0xed,0x89,0xd0,0x97,0x9a,0xfb,0x49,0xf8,0x50,0x8e,0xb9,0x78,0xa8, + 0x41,0xab,0xc2,0xae,0xc5,0x9c,0xac,0xef,0x40,0xb3,0x1a,0xd3,0x4b,0xac,0x1f,0x2d, + 0x3c,0x16,0x66,0x11,0xab,0xbe,0xd1,0xe6,0x2f,0x6b,0x5f,0xbb,0x69,0xcb,0x53,0xdf, + 0x44,0xae,0x93,0xab,0x7a,0x72,0x4e,0xa3,0x5b,0xbe,0xe1,0xbe,0xca,0x74,0xfc,0x01, + 0x88,0xe0,0x00,0x52,0xb5,0x36,0xac,0x8c,0x93,0x3b,0xf9,0xcf,0x8e,0x42,0x42,0x1a, + 0x79,0x5a,0xa8,0x1b,0x1b,0xc6,0xb5,0x45,0xea,0xad,0x40,0x24,0x16,0x13,0x90,0xed, + 0xc9,0x08,0xc4,0x5a,0xae,0x1f,0x71,0xb4,0xb0,0x22,0x8e,0x31,0x04,0x04,0x8d,0x81, + 0x69,0x17,0xcb,0xa4,0xae,0x7f,0x2a,0xfe,0x75,0xe7,0xfc,0xad,0x38,0x73,0x24,0x1a), + .s = chunk_from_chars( + 0x5f,0x18,0x30,0x09,0x70,0x8b,0x37,0x96,0x37,0xda,0xc2,0xb1,0x42,0x93,0x70,0x9a, + 0xa6,0xd7,0xe8,0x6c,0x26,0x7a,0x0b,0x69,0x0a,0x3c,0x27,0x50,0x31,0x13,0x98,0x91, + 0x26,0x7c,0x64,0xe5,0xed,0xec,0xdf,0xf1,0x4c,0x2c,0xc2,0xf2,0xd9,0x85,0xb6,0x2f, + 0x90,0x0a,0xee,0x6e,0x04,0xca,0x51,0xa7,0x0a,0x5f,0x94,0x64,0x63,0x69,0x1c,0xf1, + 0x6c,0x2d,0x45,0x54,0x7c,0x53,0x74,0xf1,0x5b,0xdb,0x88,0x81,0x64,0x1d,0x30,0x40, + 0xef,0x57,0x80,0x75,0x32,0xcf,0x5b,0x2c,0xed,0x07,0x62,0x3d,0x0f,0x63,0x8b,0x39, + 0xeb,0xc2,0xf2,0xce,0x28,0x3e,0xea,0x22,0x47,0xe1,0xdf,0x3a,0xf5,0x43,0x05,0x54, + 0xd1,0xd4,0xb8,0x8b,0x7b,0x21,0x62,0x29,0x93,0x41,0x99,0x71,0xb7,0xd0,0xd5,0x44, + 0x91,0x22,0xa1,0x0f,0xc3,0x1b,0x2d,0xdc,0xc5,0x3f,0xf7,0x51,0xff,0x4b,0xf4,0xd3, + 0x36,0xfa,0xc6,0x67,0xb6,0x46,0x78,0x02,0x72,0xdb,0x89,0xa3,0xea,0x42,0x26,0xaf, + 0xa2,0x08,0x77,0xbf,0xb8,0x6b,0xa3,0xff,0x42,0x04,0xe5,0xcd,0x56,0xe1,0x3a,0x1d, + 0xc9,0xd5,0x3f,0x5c,0x94,0x65,0xb9,0x7a,0x18,0x2b,0x2b,0xf6,0x71,0x51,0x2e,0xf8, + 0x9e,0x6c,0x39,0x69,0xf9,0x73,0x07,0xa3,0xe4,0xbe,0xba,0x39,0xa7,0x8e,0x0a,0xd1, + 0xbb,0x97,0x99,0xcd,0xa9,0x29,0x76,0xca,0x39,0xd9,0x9d,0xb4,0xac,0x14,0x9c,0x84, + 0xbb,0x9b,0xc8,0x99,0x7e,0x8d,0x5e,0x05,0x6d,0x67,0xca,0x23,0xfe,0x4b,0xe2,0x8e, + 0x66,0xc4,0xbc,0x00,0xa2,0x5d,0x65,0xbb,0x9d,0x7d,0x62,0x3f,0xea,0x2d,0x3b,0x9c, + 0xf8,0x59,0xdf,0xd9,0xef,0xa9,0xe5,0x22,0x68,0xbf,0xa2,0x97,0xaf,0xb1,0xcc,0x28, + 0x83,0xdb,0x0c,0x9c,0x42,0xfc,0x04,0x18,0x0e,0x2e,0xc6,0xf4,0x96,0x57,0xc7,0x00, + 0x8e,0x40,0x25,0x06,0x1f,0x89,0x68,0x86,0x61,0x38,0x95,0xa3,0x5b,0xc2,0xd3,0x65, + 0x5a,0x8f,0x50,0xa9,0xfc,0xa2,0xac,0x64,0x8f,0x35,0x2e,0xb0,0x6b,0xfb,0xa2,0xfc, + 0x34,0x0a,0xae,0xea,0xd4,0xa8,0x45,0x7c,0x65,0xe2,0xe8,0xfd,0xba,0x56,0x8c,0x60, + 0xa6,0xd8,0xd3,0x81,0xf5,0xd9,0xca,0xa3,0x01,0x27,0x77,0x1f,0x4a,0x94,0xfd,0xb8, + 0xcd,0xe7,0xbe,0x4f,0xa7,0xb4,0xf8,0x9f,0xe3,0x79,0xdd,0x3e,0x1c,0xa6,0x6a,0xe1, + 0xfd,0xd6,0x3b,0xeb,0xdc,0x00,0x15,0x44,0x8e,0x61,0xef,0x16,0x66,0x59,0x4b,0x8f), + }, + { + .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, + .salt_len = 48, + .salt = chunk_from_chars( + 0x61,0xa7,0x62,0xf8,0x96,0x8d,0x5f,0x36,0x7e,0x2d,0xbc,0xac,0xb4,0x02,0x16,0x53, + 0xdc,0x75,0x43,0x7d,0x90,0x00,0xe3,0x16,0x9d,0x94,0x37,0x29,0x70,0x38,0x37,0xa5, + 0xcb,0xf4,0xde,0x62,0xbd,0xed,0xc9,0x5f,0xd0,0xd1,0x00,0x4e,0x84,0x75,0x14,0x52), + }, + .m = chunk_from_chars( + 0x92,0x21,0xf0,0xfe,0x91,0x15,0x84,0x35,0x54,0xd5,0x68,0x5d,0x9f,0xe6,0x9d,0xc4, + 0x9e,0x95,0xce,0xb5,0x79,0x39,0x86,0xe4,0x28,0xb8,0xa1,0x0b,0x89,0x4c,0x01,0xd6, + 0xaf,0x87,0x82,0xfd,0x7d,0x95,0x2f,0xaf,0x74,0xc2,0xb6,0x37,0xca,0x3b,0x19,0xda, + 0xbc,0x19,0xa7,0xfe,0x25,0x9b,0x2b,0x92,0x4e,0xb3,0x63,0xa9,0x08,0xc5,0xb3,0x68, + 0xf8,0xab,0x1b,0x23,0x33,0xfc,0x67,0xc3,0x0b,0x8e,0xa5,0x6b,0x28,0x39,0xdc,0x5b, + 0xda,0xde,0xfb,0x14,0xad,0xa8,0x10,0xbc,0x3e,0x92,0xba,0xc5,0x4e,0x2a,0xe1,0xca, + 0x15,0x94,0xa4,0xb9,0xd8,0xd1,0x93,0x37,0xbe,0x42,0x1f,0x40,0xe0,0x67,0x4e,0x0e, + 0x9f,0xed,0xb4,0x3d,0x3a,0xe8,0x9e,0x2c,0xa0,0x5d,0x90,0xa6,0x82,0x03,0xf2,0xc2), + .s = chunk_from_chars( + 0x96,0x87,0x11,0x5b,0xe4,0x78,0xe4,0xb6,0x42,0xcd,0x36,0x93,0x92,0xb9,0xdd,0x0f, + 0x35,0x76,0xe7,0x04,0xaf,0x72,0x18,0xb1,0xf9,0x4d,0x7f,0x8f,0xe7,0xf0,0x70,0x73, + 0xe3,0xe8,0xe1,0x18,0x6f,0xa7,0x68,0x97,0x7d,0x6b,0x51,0x4e,0x51,0x34,0x59,0xf2, + 0x37,0x3d,0xf6,0xec,0x52,0xe3,0xde,0x9b,0xd8,0x3f,0xcc,0x5c,0xc3,0xe6,0xb9,0x7f, + 0x8b,0x3f,0xb5,0x34,0x16,0x3c,0x64,0xf5,0x26,0x76,0x20,0x70,0x0e,0x9d,0x8c,0x52, + 0xb3,0xdf,0x61,0xa7,0xc3,0x74,0x8e,0xf1,0x59,0xd6,0xb3,0x90,0x89,0x5a,0xfa,0x3a, + 0xf5,0x91,0x09,0xa5,0x47,0x8d,0x01,0x6d,0x96,0xc4,0x9f,0x68,0xdf,0xc7,0x35,0xba, + 0x2a,0xaf,0xd5,0x01,0x2c,0x13,0x51,0x5e,0xd6,0x64,0x4f,0x0d,0x41,0x09,0xc4,0x55, + 0x56,0xe1,0x4a,0x38,0x21,0xe1,0xaa,0x24,0xbe,0xb8,0xa8,0x1a,0x48,0xda,0x27,0xf1, + 0x31,0xde,0x84,0xf7,0xba,0x51,0x58,0x1d,0x81,0xb8,0xff,0x31,0xba,0x92,0xb8,0xa1, + 0xfd,0xe8,0x67,0xf0,0x7e,0x32,0xe6,0xc2,0x70,0x92,0x53,0x44,0x81,0x74,0xdd,0x31, + 0x32,0x4d,0xbc,0x32,0xb0,0x5f,0x07,0x58,0x7f,0x76,0xa9,0x99,0x7d,0xec,0xb8,0x0f, + 0x38,0xd8,0xc1,0x3d,0x0f,0x6e,0xb3,0xc1,0x0e,0x3d,0x96,0xa2,0x29,0x3f,0x74,0x64, + 0xf1,0xe0,0x46,0x02,0xef,0x6e,0x84,0xc2,0xd0,0x24,0x5d,0x7d,0xb2,0x56,0xa6,0x7d, + 0x13,0x2a,0x47,0xca,0xe9,0xab,0xe0,0x6b,0x61,0xa8,0x96,0x8f,0x50,0xa1,0x74,0x99, + 0x95,0xdc,0x15,0xef,0x0d,0xcb,0x1d,0x5f,0x59,0x59,0xe4,0xd4,0x54,0xc8,0x54,0x7b, + 0xbb,0x4d,0x19,0x56,0x98,0xf4,0x84,0x61,0x7b,0xfd,0x12,0x2a,0xca,0xae,0x2d,0x0e, + 0x8c,0x76,0xd2,0x8b,0x24,0x00,0x5a,0xb0,0x3c,0xaa,0x78,0x1e,0xa9,0x7b,0x1c,0x4d, + 0x93,0x96,0xa1,0x6f,0x79,0x98,0xee,0xe7,0xdd,0xd9,0xde,0x4c,0xab,0xe5,0x70,0x32, + 0xd9,0x43,0x8a,0x5d,0x99,0xc6,0xb3,0x4a,0x95,0x61,0x22,0x35,0x02,0x63,0xc7,0xe9, + 0x98,0xbc,0x61,0xde,0xc9,0x13,0x81,0x01,0x2e,0x68,0x6d,0x07,0x9e,0x39,0xe9,0x6b, + 0x1e,0xa4,0xbf,0xdb,0x7c,0xdf,0x63,0x0d,0xdb,0x42,0x2c,0x6b,0x58,0x0e,0x55,0x06, + 0xc9,0xcc,0x3d,0x6c,0x10,0x0f,0x20,0x41,0xd1,0x7c,0xea,0xaa,0xa5,0x45,0x89,0x24, + 0x9f,0x04,0xa1,0x37,0x0f,0xfa,0x3b,0xf3,0xff,0x1a,0xde,0xb8,0x90,0x68,0x86,0x98), + }, + { + .params = { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA384, + .salt_len = 48, + .salt = chunk_from_chars( + 0x61,0xa7,0x62,0xf8,0x96,0x8d,0x5f,0x36,0x7e,0x2d,0xbc,0xac,0xb4,0x02,0x16,0x53, + 0xdc,0x75,0x43,0x7d,0x90,0x00,0xe3,0x16,0x9d,0x94,0x37,0x29,0x70,0x38,0x37,0xa5, + 0xcb,0xf4,0xde,0x62,0xbd,0xed,0xc9,0x5f,0xd0,0xd1,0x00,0x4e,0x84,0x75,0x14,0x52), + }, + .m = chunk_from_chars( + 0x75,0x2a,0x99,0x16,0xf4,0x49,0xae,0xbf,0x81,0x4c,0xe5,0x9c,0xa6,0xe8,0x2f,0xa8, + 0x03,0x8e,0x46,0x85,0x41,0x92,0x41,0xc1,0x48,0x8c,0x66,0x59,0xb2,0xff,0x3f,0x7b, + 0x7f,0x38,0xf0,0x90,0x0a,0x79,0xc7,0x7a,0x3b,0x57,0x15,0x1a,0xff,0x61,0x3c,0x16, + 0xf5,0x02,0x0a,0xd9,0x6b,0xa9,0x45,0xdb,0x88,0x26,0x87,0x22,0xca,0x58,0x4c,0x09, + 0xb4,0x05,0x4a,0x40,0xc0,0x09,0x01,0x14,0x9b,0xb3,0x92,0xf0,0x91,0x6c,0xd4,0x24, + 0x46,0x99,0xa5,0xe6,0xa8,0xc3,0x7e,0x96,0x21,0xf5,0x4b,0x47,0x11,0x66,0x79,0x7a, + 0x7b,0x58,0x50,0x2c,0xff,0x40,0x83,0x14,0x08,0x27,0x05,0x26,0x46,0x50,0x1f,0x5b, + 0x5f,0x1b,0xc0,0xb4,0xe1,0x29,0x14,0x7d,0x7c,0xc1,0x57,0xcf,0x6e,0x73,0xec,0x58), + .s = chunk_from_chars( + 0x66,0x46,0xa8,0x8e,0xe4,0xb8,0x45,0xda,0x49,0x31,0x27,0x4c,0x23,0x84,0x0d,0xad, + 0xa6,0x14,0x5f,0xe0,0xaf,0x95,0x48,0x29,0xd1,0xd5,0x66,0x61,0x54,0x6a,0x25,0xe4, + 0x63,0x16,0xe2,0x16,0xbb,0x6b,0x94,0x46,0xb3,0x68,0x88,0x4b,0xa1,0x49,0x69,0xa6, + 0xf6,0x8c,0xcb,0xc1,0xcf,0x5b,0x4e,0x7a,0x6d,0x3a,0xab,0xec,0x67,0xf6,0x49,0x63, + 0xf6,0x3b,0x08,0x8f,0xa8,0x17,0xc8,0x55,0xd7,0x76,0xdd,0xca,0xda,0x57,0xe5,0xda, + 0xa5,0x0f,0xc1,0xc8,0x77,0x38,0x9c,0x3c,0xb9,0xd9,0x90,0x95,0xa8,0x69,0xa9,0x63, + 0xbc,0x91,0xec,0x24,0xb2,0x42,0x2e,0xf6,0xb8,0xdd,0x18,0xfd,0x20,0xd2,0xb2,0x15, + 0xfe,0xe6,0xe9,0x8c,0xda,0x41,0x5a,0xe4,0x4d,0x2d,0x26,0x16,0xfe,0x17,0x08,0x29, + 0x2a,0x3e,0xf5,0x0a,0x07,0x51,0x70,0xb3,0xa7,0xeb,0xab,0x02,0x91,0x8a,0xb0,0x30, + 0x17,0x94,0xc1,0x7f,0xb3,0x5e,0x20,0x38,0xf3,0x69,0xd9,0x4d,0xd4,0x95,0x69,0xc0, + 0x66,0xf7,0xc3,0x92,0x88,0x9d,0xc4,0xb8,0x78,0xc5,0x0c,0x7e,0x52,0x58,0x6b,0x50, + 0x81,0x11,0x4d,0x20,0x23,0x38,0xd2,0x33,0x04,0xf1,0x6f,0x91,0x2d,0x51,0x9a,0x9a, + 0xd2,0x1b,0xaf,0xf0,0xe3,0xd2,0x17,0x61,0xf3,0x73,0xd0,0x84,0x21,0xe1,0x01,0x08, + 0xa9,0x83,0x04,0x8f,0xcb,0x90,0xeb,0x2a,0xdc,0x7c,0x7f,0x12,0xff,0xa1,0x57,0x1b, + 0x09,0x1c,0x78,0x1b,0x25,0x5a,0x77,0xa8,0x80,0xe9,0x79,0x75,0xf1,0x4f,0x42,0xba, + 0xf5,0xaa,0x28,0x5e,0xcc,0x14,0x21,0x57,0xc3,0xe1,0xad,0xdd,0x6a,0xa0,0xc0,0x92, + 0x53,0xa1,0x1c,0x59,0x14,0x4a,0xbd,0x3b,0x1e,0x21,0x2d,0x89,0xe2,0x7e,0xd9,0x6f, + 0xb7,0x57,0x56,0xaf,0xc2,0x0e,0xc6,0x74,0x23,0xb1,0x51,0x19,0x4c,0xb0,0xb0,0x64, + 0x8c,0x65,0x99,0x87,0xa5,0x58,0x3c,0xb7,0x75,0x77,0x79,0xd8,0xa3,0x9e,0x20,0x5e, + 0x71,0x01,0xa5,0x35,0x1c,0xe1,0xaf,0x2c,0x9c,0x6b,0x08,0x47,0xcc,0xa5,0x7a,0xf5, + 0x25,0x93,0x32,0x39,0x05,0xe3,0xd2,0x29,0x7c,0x0d,0x54,0x54,0x1a,0x01,0x25,0x62, + 0x16,0x40,0xfe,0x1d,0xee,0xf1,0x3e,0x75,0x9f,0x8f,0x6c,0x56,0xa2,0xec,0x2a,0x94, + 0x83,0x1a,0xc2,0xc6,0x14,0xb9,0x11,0xe7,0x9e,0xdd,0x54,0x2f,0xef,0x65,0x1f,0x5a, + 0x82,0x7f,0x48,0x05,0x75,0xae,0x22,0x0c,0x49,0x5f,0x2a,0x28,0x42,0xf9,0x9e,0xc4), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, + .salt_len = 62, + .salt = chunk_from_chars( + 0x2d,0x0c,0x49,0xb2,0x07,0x89,0xf3,0x95,0x02,0xee,0xfd,0x09,0x2a,0x2b,0x6a,0x9b, + 0x27,0x57,0xc1,0x45,0x61,0x47,0x56,0x9a,0x68,0x5f,0xca,0x44,0x92,0xa8,0xd5,0xb0, + 0xe6,0x23,0x43,0x08,0x38,0x5d,0x3d,0x62,0x96,0x44,0xca,0x37,0xe3,0x39,0x96,0x16, + 0xc2,0x66,0xf1,0x99,0xb6,0x52,0x1a,0x99,0x87,0xb2,0xbe,0x9e,0xe7,0x83), + }, + .m = chunk_from_chars( + 0x44,0x24,0x0c,0xe5,0x19,0xf0,0x02,0x39,0xbd,0x66,0xba,0x03,0xc8,0x4d,0x31,0x60, + 0xb1,0xce,0x39,0xe3,0x93,0x28,0x66,0xe5,0x31,0xa6,0x2b,0x1c,0x37,0xcf,0x41,0x70, + 0xc3,0xdc,0x48,0x09,0x23,0x6f,0xb1,0xad,0xe1,0x81,0xdb,0x49,0xfc,0x9c,0x7c,0xcd, + 0x79,0x4b,0x43,0x3d,0x1a,0xd0,0xbc,0x05,0x6e,0x14,0x73,0x8e,0x0a,0xe4,0x5c,0x0e, + 0x15,0x59,0x72,0xa4,0x0a,0x98,0x9f,0xa4,0xb9,0xbc,0xdc,0x30,0x8f,0x11,0x99,0x08, + 0x18,0x83,0x5f,0xa2,0xc2,0x56,0xb4,0x7e,0xe4,0x17,0x3f,0xb4,0xfe,0xd2,0x2c,0xcf, + 0x43,0x85,0xd2,0xdd,0x54,0xd5,0x93,0xc7,0x4f,0x00,0x04,0xdf,0x08,0x13,0x4e,0xb8, + 0x96,0x5d,0xd5,0x3a,0x12,0x23,0x17,0xf5,0x9b,0x95,0xd6,0xb6,0x9d,0x01,0x79,0x58), + .s = chunk_from_chars( + 0x8f,0x47,0xab,0xc2,0x32,0x6e,0x22,0xcf,0x62,0x40,0x45,0x08,0xb4,0x42,0xe8,0x1a, + 0xd4,0x5a,0xff,0xf7,0x27,0x40,0x96,0xb9,0xa1,0x3e,0x47,0x8c,0xdd,0x0a,0x72,0xf9, + 0x9a,0x76,0xbf,0x51,0x7f,0x1b,0xb0,0xf8,0x72,0xa5,0x23,0xd8,0xc5,0x88,0xd4,0x40, + 0x25,0x69,0xe9,0x48,0xfd,0x6a,0x10,0x8a,0xe1,0xa4,0x5c,0x65,0x83,0x08,0x28,0xa1, + 0x0e,0x94,0xd4,0x32,0x76,0x53,0x14,0xba,0x82,0xea,0xd3,0x10,0xfc,0x87,0xac,0x99, + 0xa5,0xb3,0x9f,0x30,0xab,0x88,0x20,0xbf,0x69,0xe6,0x93,0x4a,0x9c,0x1c,0x91,0x5c, + 0x19,0xf3,0x6e,0xa7,0x71,0x7e,0xaf,0xf7,0xaf,0x67,0xb4,0x99,0x13,0x15,0xb1,0x87, + 0x3b,0xa9,0x29,0xbe,0xdf,0x18,0xa9,0x75,0xbe,0x80,0x8e,0x7a,0xa1,0x4a,0x67,0x26, + 0x12,0x6c,0x79,0xcc,0x93,0xf6,0x95,0x41,0xc5,0xce,0xfd,0xeb,0x5b,0x67,0xec,0x27, + 0x9d,0x8f,0x5a,0x44,0x65,0x83,0xe4,0xb4,0xfa,0xed,0x16,0x85,0x14,0x0e,0xe4,0xb3, + 0xb7,0x57,0xc8,0xff,0x4a,0x1e,0xf9,0xcd,0x76,0xa8,0x8e,0x05,0x31,0x9e,0xe6,0x20, + 0x03,0xd2,0xd7,0x72,0x90,0xc9,0x4c,0x57,0x9b,0x0c,0xa2,0xab,0x0d,0xeb,0x31,0x76, + 0xef,0x10,0xa3,0xfd,0xb8,0x5c,0x80,0xff,0xbc,0x9e,0x2a,0x66,0x5a,0x23,0x74,0x4f, + 0xc8,0x36,0xf9,0xa9,0xa1,0x03,0xcd,0x9f,0xb7,0x56,0x95,0x23,0x56,0xa2,0xf1,0xac, + 0xdd,0x68,0xa6,0x45,0xe2,0x01,0x79,0x00,0x65,0x58,0xb5,0xd4,0xd0,0xb9,0xb0,0xbd, + 0x3a,0xdf,0x5e,0x29,0x0f,0x49,0xda,0xe6,0x0b,0x9d,0x19,0x92,0x09,0x53,0xea,0x8b, + 0xb2,0x37,0xd5,0xb3,0xdc,0xfe,0x14,0x9a,0x60,0xf1,0x2a,0x4e,0xe3,0xa8,0x89,0xb3, + 0x3b,0xcd,0x3a,0x3b,0x75,0x3d,0x61,0x07,0x57,0xcb,0xcd,0x09,0x3d,0xd5,0xa7,0x34, + 0x25,0x53,0x33,0x68,0x96,0x95,0xab,0x63,0x69,0x63,0xe3,0xd2,0x15,0xa8,0xe7,0x7f, + 0xf3,0x19,0x73,0x71,0x8a,0x49,0x44,0xa1,0xe9,0xe4,0x4f,0x45,0x75,0x4d,0x39,0xf6, + 0xfa,0x43,0x1c,0x53,0xf9,0xa2,0xef,0x36,0xe1,0x6a,0x5f,0x70,0x63,0x6e,0xb5,0xfb, + 0xa5,0x4e,0x15,0xc2,0x0a,0x71,0x4f,0x28,0x09,0xa7,0xcf,0xf4,0xb8,0xdc,0x11,0x65, + 0xf8,0x36,0x60,0x7e,0xb5,0xa5,0xa3,0xbb,0x0c,0x45,0x67,0xee,0xe2,0x69,0x41,0xfe, + 0xf4,0x6f,0xb4,0x1e,0x73,0xb5,0x65,0xc0,0xcf,0x8c,0x72,0xe4,0x04,0x22,0x12,0x64), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, + .salt_len = 62, + .salt = chunk_from_chars( + 0x2d,0x0c,0x49,0xb2,0x07,0x89,0xf3,0x95,0x02,0xee,0xfd,0x09,0x2a,0x2b,0x6a,0x9b, + 0x27,0x57,0xc1,0x45,0x61,0x47,0x56,0x9a,0x68,0x5f,0xca,0x44,0x92,0xa8,0xd5,0xb0, + 0xe6,0x23,0x43,0x08,0x38,0x5d,0x3d,0x62,0x96,0x44,0xca,0x37,0xe3,0x39,0x96,0x16, + 0xc2,0x66,0xf1,0x99,0xb6,0x52,0x1a,0x99,0x87,0xb2,0xbe,0x9e,0xe7,0x83), + }, + .m = chunk_from_chars( + 0x06,0xd5,0x53,0x4b,0x77,0x69,0x25,0x6e,0x8c,0xf6,0x5c,0x6c,0xe5,0x2a,0x3e,0x86, + 0x96,0x5a,0x1f,0xd1,0x2c,0x75,0x82,0xd2,0xeb,0x36,0x82,0x4a,0x5a,0x9d,0x70,0x53, + 0x02,0x9f,0xbe,0xac,0x72,0x1d,0x1b,0x52,0x86,0x13,0xe0,0x50,0xe9,0x12,0xab,0xd7, + 0xd9,0xf0,0x49,0x91,0x2a,0xbe,0xda,0x33,0x8e,0xfa,0x2f,0x52,0x13,0x06,0x77,0x77, + 0xed,0xd9,0x1b,0x75,0x76,0xf5,0xe6,0xfa,0x73,0x98,0x69,0x65,0x99,0x37,0x9e,0xd7, + 0x50,0x28,0xcb,0x8d,0xb6,0x9f,0xa9,0x6d,0xe7,0xdb,0xc6,0xde,0x7c,0xa1,0x28,0xdd, + 0x51,0xea,0x33,0x4e,0x8c,0xd9,0xcd,0x8f,0xda,0xef,0xbf,0x53,0xfc,0x82,0x5e,0xae, + 0x83,0x6b,0x6c,0x6c,0xd7,0x00,0x39,0xa7,0x7e,0x42,0x0d,0x99,0x9b,0x57,0xca,0xae), + .s = chunk_from_chars( + 0x91,0x3f,0xc1,0x18,0xd5,0xac,0x1e,0xdf,0xfb,0x4b,0x8f,0xcf,0xa4,0xe8,0x59,0x86, + 0xb4,0x62,0x31,0xce,0xf3,0xda,0xd9,0x11,0xd5,0xe9,0x53,0x4c,0xc8,0x82,0x61,0xf6, + 0xb6,0x96,0x9b,0x75,0xa3,0xf2,0x5d,0x83,0xec,0xe7,0xec,0x20,0x34,0xb0,0x1d,0x3b, + 0x2b,0xe6,0xc5,0xbd,0x95,0x8c,0xc4,0xaf,0xcd,0x44,0x83,0x9e,0x39,0x53,0xf0,0x1e, + 0x4a,0x15,0xea,0x5e,0xf6,0xe1,0xb4,0xb0,0xe8,0xae,0x90,0xbd,0xfd,0x40,0x41,0x99, + 0xe8,0xf8,0x65,0x47,0xf6,0x7f,0xf6,0xb8,0x4f,0x21,0x62,0xc4,0x31,0x1c,0xc9,0xee, + 0xe0,0x6b,0xfb,0x2f,0xe4,0x61,0x98,0xaf,0xb9,0x74,0x5d,0x9c,0x44,0x38,0x33,0xbf, + 0x23,0x87,0xeb,0x92,0x40,0x6a,0x63,0x39,0x52,0x13,0x96,0xf2,0xcb,0xda,0x55,0xd9, + 0x8f,0xe6,0x40,0x74,0xd2,0xf2,0xe2,0x7b,0x8b,0xc6,0xa7,0x9b,0xe3,0xd1,0xcc,0x56, + 0x88,0x69,0xb0,0xb5,0x0f,0xcb,0xf7,0x02,0xb0,0x83,0x16,0x68,0xfb,0xfd,0xed,0xc2, + 0xd1,0xb5,0x49,0x1e,0x8e,0xc6,0x23,0xed,0xeb,0x60,0xac,0x87,0x0e,0x6e,0x8d,0x05, + 0x85,0x93,0xfb,0xbc,0x93,0x8f,0xbf,0x74,0x17,0x00,0xef,0xc2,0xb2,0x46,0x7e,0x7e, + 0xb2,0x54,0xae,0x00,0x85,0x09,0xe9,0x16,0x07,0xf8,0xe5,0x0a,0xa1,0x6a,0x4e,0x85, + 0x1a,0xbc,0xa7,0xc8,0xd2,0x0c,0x6f,0xf6,0x1c,0xfe,0xe6,0xc1,0xfb,0x67,0x60,0x98, + 0xe5,0xcd,0xf1,0x27,0xc9,0xb7,0x95,0x38,0xfd,0x1e,0x6c,0x01,0x41,0x61,0x05,0x4c, + 0xaf,0x43,0xb7,0x34,0xfa,0x69,0xfe,0x06,0xa0,0x0d,0x76,0xf7,0x10,0xac,0xc1,0x98, + 0xf3,0xda,0x90,0x6a,0x7d,0x2e,0x73,0xa2,0xca,0x88,0x25,0x26,0xcc,0x35,0x4d,0xd7, + 0x63,0x0a,0x30,0x3d,0x8f,0x32,0xc6,0x55,0xb5,0xb3,0x3c,0xf7,0x88,0x59,0xbe,0xea, + 0xba,0x3f,0x9a,0xe0,0x52,0xc8,0xd7,0x47,0x1c,0xd2,0xbd,0x9e,0xdf,0x42,0xfd,0x8f, + 0x70,0xc3,0xb0,0xaa,0x79,0xc0,0x76,0x92,0x80,0x68,0xca,0x97,0x70,0x95,0x9a,0xfa, + 0x63,0x2c,0xa6,0xaa,0xba,0x66,0x79,0xe4,0x5d,0x68,0x88,0xc5,0x01,0x25,0xa7,0x3b, + 0x9d,0xeb,0x00,0xd4,0x2a,0x12,0x5f,0x25,0xdf,0x54,0x34,0xbe,0xff,0x0d,0x5b,0x0e, + 0xe1,0x3a,0x16,0xb1,0x70,0x45,0xce,0xce,0x0f,0x2d,0xa7,0x57,0x7d,0x79,0xd7,0xcd, + 0x75,0xa4,0xb6,0xc5,0xbc,0x34,0x5f,0x46,0x0a,0x17,0x34,0x87,0xb5,0x1b,0xc6,0xa6), + }, +}; + +START_TEST(test_sign_pss_3072) +{ + chunk_t sig; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) || + !lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS))) + { + warn("%N not supported, skip test", signature_scheme_names, + SIGN_RSA_EMSA_PSS); + return; + } + if (!pss_salt_supported) + { + warn("static salt for %N not supported, skip test", + signature_scheme_names, SIGN_RSA_EMSA_PSS); + return; + } + fail_unless(privpss_3072->sign(privpss_3072, SIGN_RSA_EMSA_PSS, + &pss_sign_3072[_i].params, pss_sign_3072[_i].m, &sig), + "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + ck_assert_chunk_eq(pss_sign_3072[_i].s, sig); + fail_unless(pubpss_3072->verify(pubpss_3072, SIGN_RSA_EMSA_PSS, + &pss_sign_3072[_i].params, pss_sign_3072[_i].m, sig), + "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + free(sig.ptr); +} +END_TEST + +/** + * Test vectors from FIPS 186-4 (those with 0 salt are 3072-bit verify vectors) + */ +static struct { + rsa_pss_params_t params; + chunk_t n; + chunk_t d; + chunk_t e; + chunk_t m; + chunk_t s; +} pss_sign_ns[] = { + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, }, + .n = chunk_from_chars( + 0xce,0x49,0x24,0xff,0x47,0x0f,0xb9,0x9d,0x17,0xf6,0x65,0x95,0x56,0x1a,0x74,0xde, + 0xd2,0x20,0x92,0xd1,0xdc,0x27,0x12,0x2a,0xe1,0x5c,0xa8,0xca,0xc4,0xbf,0xae,0x11, + 0xda,0xa9,0xe3,0x7a,0x94,0x14,0x30,0xdd,0x1b,0x81,0xaa,0xf4,0x72,0xf3,0x20,0x83, + 0x5e,0xe2,0xfe,0x74,0x4c,0x83,0xf1,0x32,0x08,0x82,0xa8,0xa0,0x23,0x16,0xce,0xb3, + 0x75,0xf5,0xc4,0x90,0x92,0x32,0xbb,0x2c,0x65,0x20,0xb2,0x49,0xc8,0x8b,0xe4,0xf4, + 0x7b,0x8b,0x86,0xfd,0xd9,0x36,0x78,0xc6,0x9e,0x64,0xf5,0x00,0x89,0xe9,0x07,0xa5, + 0x50,0x4f,0xdd,0x43,0xf0,0xca,0xd2,0x4a,0xaa,0x9e,0x31,0x7e,0xf2,0xec,0xad,0xe3, + 0xb5,0xc1,0xfd,0x31,0xf3,0xc3,0x27,0xd7,0x0a,0x0e,0x2d,0x48,0x67,0xe6,0xfe,0x3f, + 0x26,0x27,0x2e,0x8b,0x6a,0x3c,0xce,0x17,0x84,0x3e,0x35,0x9b,0x82,0xeb,0x7a,0x4c, + 0xad,0x8c,0x42,0x46,0x01,0x79,0xcb,0x6c,0x07,0xfa,0x25,0x2e,0xfa,0xec,0x42,0x8f, + 0xd5,0xca,0xe5,0x20,0x8b,0x29,0x8b,0x25,0x51,0x09,0x02,0x6e,0x21,0x27,0x24,0x24, + 0xec,0x0c,0x52,0xe1,0xe5,0xf7,0x2c,0x5a,0xb0,0x6f,0x5d,0x2a,0x05,0xe7,0x7c,0x19, + 0x3b,0x64,0x7e,0xc9,0x48,0xbb,0x84,0x4e,0x0c,0x2e,0xf1,0x30,0x7f,0x53,0xcb,0x80, + 0x0d,0x4f,0x55,0x52,0x3d,0x86,0x03,0x8b,0xb9,0xe2,0x10,0x99,0xa8,0x61,0xb6,0xb9, + 0xbc,0xc9,0x69,0xe5,0xdd,0xdb,0xdf,0x71,0x71,0xb3,0x7d,0x61,0x63,0x81,0xb7,0x8c, + 0x3b,0x22,0xef,0x66,0x51,0x0b,0x27,0x65,0xd9,0x61,0x75,0x56,0xb1,0x75,0x59,0x98, + 0x79,0xd8,0x55,0x81,0x00,0xad,0x90,0xb8,0x30,0xe8,0x7a,0xd4,0x60,0xa2,0x21,0x08, + 0xba,0xa5,0xed,0x0f,0x2b,0xa9,0xdf,0xc0,0x51,0x67,0xf8,0xab,0x61,0xfc,0x9f,0x8a, + 0xe0,0x16,0x03,0xf9,0xdd,0x5e,0x66,0xce,0x1e,0x64,0x2b,0x60,0x4b,0xca,0x92,0x94, + 0xb5,0x7f,0xb7,0xc0,0xd8,0x3f,0x05,0x4b,0xac,0xf4,0x45,0x4c,0x29,0x8a,0x27,0x2c, + 0x44,0xbc,0x71,0x8f,0x54,0x60,0x5b,0x91,0xe0,0xbf,0xaf,0xd7,0x72,0xae,0xba,0xf3, + 0x82,0x88,0x46,0xc9,0x30,0x18,0xf9,0x8e,0x31,0x57,0x08,0xd5,0x0b,0xe8,0x40,0x1e, + 0xb9,0xa8,0x77,0x8d,0xcb,0xd0,0xd6,0xdb,0x93,0x70,0x86,0x04,0x11,0xb0,0x04,0xcd, + 0x37,0xfb,0xb8,0xb5,0xdf,0x87,0xed,0xee,0x7a,0xae,0x94,0x9f,0xff,0x34,0x60,0x7b), + .d = chunk_from_chars( + 0x25,0x8f,0x08,0x40,0x36,0xb7,0xff,0xda,0x1d,0x0a,0xa0,0x37,0x3a,0x50,0x01,0x1d, + 0xd9,0x76,0xb7,0xfd,0x0e,0xe4,0xb8,0x89,0x65,0x4b,0x04,0x4a,0xb2,0x41,0xfb,0x75, + 0x46,0x75,0x46,0x69,0x09,0x42,0x9b,0x1a,0xcb,0xa9,0xd9,0xc1,0xab,0xf2,0xe9,0xbb, + 0x49,0x4c,0xea,0x81,0xc4,0xba,0x10,0xdc,0xd1,0x03,0x6f,0x36,0xea,0x81,0xdc,0x24, + 0xce,0x98,0x3e,0x3a,0xe7,0xda,0x7c,0xf8,0x10,0xdd,0xc0,0x5c,0x96,0xf9,0xcc,0x3a, + 0x90,0x46,0xfd,0xf5,0x8c,0x99,0x02,0x17,0x2c,0x7e,0x53,0xa1,0xbc,0xed,0x1b,0x78, + 0x84,0xf7,0x28,0x13,0x3b,0xe9,0xb4,0xa9,0x11,0x02,0x3e,0x31,0x59,0xd5,0xf2,0x52, + 0xf4,0x07,0xa8,0x08,0x0c,0x88,0xf1,0x22,0xcf,0x4a,0x9e,0x53,0xf1,0x03,0xae,0xcb, + 0x41,0x2c,0xd4,0x4d,0x9d,0x53,0xc1,0x45,0x75,0x7b,0x14,0xeb,0x85,0xa5,0xb0,0xd7, + 0xf8,0xbe,0x88,0xc5,0x6b,0xb0,0x0e,0x73,0x57,0xd4,0x3d,0x6a,0x82,0x89,0x53,0xf9, + 0x31,0x24,0xd1,0xb3,0x9c,0x0c,0xc1,0x37,0xdf,0xf2,0x97,0x2a,0x40,0x2e,0xbf,0xe2, + 0x9e,0xb6,0x14,0xc6,0x57,0x8e,0x10,0x2c,0x61,0xa6,0x00,0x18,0x33,0x32,0x3d,0x4b, + 0x79,0xbe,0xe1,0x01,0xe7,0x6a,0x9c,0x59,0xa3,0x58,0x47,0x1b,0x62,0x25,0x68,0x85, + 0x84,0xfb,0xdd,0x79,0x0a,0x1e,0x38,0xa6,0x0a,0x5f,0x8b,0xf6,0x47,0xf7,0x37,0x46, + 0x80,0xaa,0x1d,0x6c,0xc0,0x37,0x2f,0xd1,0x2e,0xf2,0x33,0xbf,0x6b,0xf7,0x26,0xfa, + 0x4a,0xf4,0x5e,0x1e,0xad,0x9b,0x58,0xdf,0x08,0xf6,0x2a,0xa7,0x6f,0xe9,0xfd,0x9b, + 0xb1,0xa9,0x75,0xbb,0x1c,0x4d,0xdb,0x9b,0x00,0x54,0x53,0xf9,0x57,0xdf,0xe4,0x14, + 0x8d,0x26,0x44,0xc1,0xc4,0x90,0x87,0x74,0x31,0xb6,0x7e,0x97,0x5c,0x5e,0x02,0xb2, + 0xdc,0x40,0x8d,0xe0,0x9e,0x53,0x1c,0x05,0xc0,0x51,0x73,0x11,0xa5,0xcf,0xeb,0x41, + 0x65,0xb5,0xf4,0x40,0x60,0xbb,0x34,0x33,0xff,0xf6,0xee,0x8f,0x0a,0xd3,0xf5,0x59, + 0xb8,0x45,0x8f,0x20,0xcb,0xdc,0xa8,0x46,0x49,0xf0,0xc8,0xa3,0xb6,0x98,0x9f,0x67, + 0x6b,0xc0,0xfe,0x46,0x91,0x03,0x2d,0x2a,0x08,0x97,0x8f,0x90,0x53,0xab,0xf2,0x1c, + 0x1d,0x08,0x1f,0x8e,0xc3,0x27,0x35,0xdd,0x1f,0xf0,0x40,0x7c,0x33,0x02,0xbf,0x55, + 0xd1,0x67,0x19,0x7d,0xbe,0x92,0xc6,0x78,0x29,0x4d,0x5f,0x1f,0x83,0x2d,0xa5,0xbb), + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0x08,0x97,0xd4,0x0e,0x7c,0x0f,0x2d,0xfc,0x07,0xb0,0xc7,0xfd,0xda,0xf5,0xfd,0x8f, + 0xcc,0x6a,0xf9,0xc1,0xfd,0xc1,0x7b,0xeb,0xb9,0x23,0xd5,0x9c,0x9f,0xc4,0x3b,0xd4, + 0x02,0xba,0x39,0x73,0x8f,0x0f,0x85,0xf2,0x30,0x15,0xf7,0x51,0x31,0xf9,0xd6,0x50, + 0xa2,0x9b,0x55,0xe2,0xfc,0x9d,0x5d,0xdf,0x07,0xbb,0x8d,0xf9,0xfa,0x5a,0x80,0xf1, + 0xe4,0x63,0x4e,0x0b,0x4c,0x51,0x55,0xbf,0x14,0x89,0x39,0xb1,0xa4,0xea,0x29,0xe3, + 0x44,0xa6,0x64,0x29,0xc8,0x50,0xfc,0xde,0x73,0x36,0xda,0xd6,0x16,0xf0,0x03,0x93, + 0x78,0x39,0x1a,0xbc,0xfa,0xfe,0x25,0xca,0x7b,0xb5,0x94,0x05,0x7a,0xf0,0x7f,0xaf, + 0x7a,0x32,0x2f,0x7f,0xab,0x01,0xe0,0x51,0xc6,0x3c,0xc5,0x1b,0x39,0xaf,0x4d,0x23), + .s = chunk_from_chars( + 0x8e,0xbe,0xd0,0x02,0xd4,0xf5,0x4d,0xe5,0x89,0x8a,0x5f,0x2e,0x69,0xd7,0x70,0xed, + 0x5a,0x5c,0xe1,0xd4,0x5a,0xd6,0xdd,0x9c,0xe5,0xf1,0x17,0x9d,0x1c,0x46,0xda,0xa4, + 0xd0,0x39,0x4e,0x21,0xa9,0x9d,0x80,0x33,0x58,0xd9,0xab,0xfd,0x23,0xbb,0x53,0x16, + 0x63,0x94,0xf9,0x97,0xb9,0x09,0xe6,0x75,0x66,0x20,0x66,0x32,0x4c,0xa1,0xf2,0xb7, + 0x31,0xde,0xba,0x17,0x05,0x25,0xc4,0xee,0x8f,0xa7,0x52,0xd2,0xd7,0xf2,0x01,0xb1, + 0x02,0x19,0x48,0x9f,0x57,0x84,0xe3,0x99,0xd9,0x16,0x30,0x2f,0xd4,0xb7,0xad,0xf8, + 0x84,0x90,0xdf,0x87,0x65,0x01,0xc4,0x67,0x42,0xa9,0x3c,0xfb,0x3a,0xaa,0xb9,0x60, + 0x2e,0x65,0xd7,0xe6,0x0d,0x7c,0x4c,0xea,0xdb,0x7e,0xb6,0x7e,0x42,0x1d,0x18,0x03, + 0x23,0xa6,0xd3,0x8f,0x38,0xb9,0xf9,0x99,0x21,0x3e,0xbf,0xcc,0xc7,0xe0,0x4f,0x06, + 0x0f,0xbd,0xb7,0xc2,0x10,0x20,0x65,0x22,0xb4,0x94,0xe1,0x99,0xe9,0x8c,0x6c,0x24, + 0xe4,0x57,0xf8,0x69,0x66,0x44,0xfd,0xca,0xeb,0xc1,0xb9,0x03,0x1c,0x81,0x83,0x22, + 0xc2,0x9d,0x13,0x5e,0x11,0x72,0xfa,0x0f,0xdf,0x7b,0xe1,0x00,0x7d,0xab,0xca,0xab, + 0x49,0x66,0x33,0x2e,0x7e,0xa1,0x45,0x6b,0x6c,0xe8,0x79,0xcd,0x91,0x0c,0x91,0x10, + 0x10,0x4f,0xc7,0xd3,0xdc,0xab,0x07,0x6f,0x2b,0xd1,0x82,0xbb,0x83,0x27,0xa8,0x63, + 0x25,0x45,0x70,0xcd,0xf2,0xab,0x38,0xe0,0xcd,0xa3,0x17,0x79,0xde,0xaa,0xd6,0x16, + 0xe3,0x43,0x7e,0xd6,0x59,0xd7,0x4e,0x5a,0x4e,0x04,0x5a,0x70,0x13,0x38,0x90,0xb8, + 0x1b,0xc4,0xf2,0x4a,0xb6,0xda,0x67,0xa2,0xee,0x0c,0xe1,0x5b,0xab,0xa3,0x37,0xd0, + 0x91,0xcb,0x5a,0x1c,0x44,0xda,0x69,0x0f,0x81,0x14,0x5b,0x02,0x52,0xa6,0x54,0x9b, + 0xbb,0x20,0xcd,0x5c,0xc4,0x7a,0xfe,0xc7,0x55,0xeb,0x37,0xfe,0xd5,0x5a,0x9a,0x33, + 0xd3,0x65,0x57,0x42,0x45,0x03,0xd8,0x05,0xa0,0xa1,0x20,0xb7,0x69,0x41,0xf4,0x15, + 0x0d,0x89,0x34,0x2d,0x7a,0x7f,0xa3,0xa2,0xb0,0x8c,0x51,0x5e,0x6f,0x68,0x42,0x9c, + 0xf7,0xaf,0xd1,0xa3,0xfc,0xe0,0xf4,0x28,0x35,0x1a,0x6f,0x9e,0xda,0x3a,0xb2,0x4a, + 0x7e,0xf5,0x91,0x99,0x4c,0x21,0xfb,0xf1,0x00,0x1f,0x99,0x23,0x9e,0x88,0x34,0x0f, + 0x9b,0x35,0x9e,0xc7,0x2e,0x8a,0x21,0x2a,0x19,0x20,0xe6,0xcf,0x99,0x3f,0xf8,0x48), + }, + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, }, + .n = chunk_from_chars( + 0x9c,0x21,0x3e,0xa3,0x73,0x63,0x1f,0x57,0x2e,0x5e,0x46,0x22,0x5b,0x95,0xa0,0xf5, + 0xea,0x8a,0xb0,0xa5,0xec,0x70,0x90,0xa3,0xb0,0x18,0x1c,0x59,0x06,0xdc,0x22,0xfd, + 0x1b,0xd7,0x3d,0x11,0x47,0x12,0x42,0xa2,0xed,0x18,0x24,0xe6,0x01,0x01,0x7f,0x5b, + 0x53,0x54,0xb9,0x2f,0xdb,0x43,0xd4,0xda,0x00,0xa8,0x24,0x27,0xd0,0x53,0x66,0xa4, + 0xd5,0x52,0xc4,0x0d,0x69,0xd2,0x00,0x48,0x5d,0x5d,0x5d,0xb8,0x3c,0xf5,0x23,0xe6, + 0x1a,0x83,0x4b,0x40,0xcc,0xd4,0x01,0x08,0x7f,0xbb,0x93,0xd8,0x1d,0xbe,0xd7,0xb2, + 0xee,0x23,0x81,0xa1,0x24,0x1a,0xc6,0x8f,0x2a,0xfc,0x02,0x15,0x7e,0xe0,0xc7,0x3c, + 0xc6,0x6c,0x02,0xa6,0xc6,0xeb,0x2d,0xc3,0x51,0x45,0xae,0x55,0xd7,0x70,0x84,0x12, + 0xa3,0x41,0x0f,0x20,0x4c,0x49,0x23,0x76,0xd6,0x31,0x5c,0xed,0xf2,0x53,0xaf,0x91, + 0xf3,0x1d,0xca,0xb3,0x4f,0x72,0xc2,0x06,0xad,0x81,0xe8,0x00,0x50,0x98,0x64,0xfe, + 0x92,0x55,0xd0,0x46,0xac,0x25,0xdb,0xdf,0x49,0x54,0xd2,0x35,0x03,0x24,0x72,0x2e, + 0x73,0xc1,0xf2,0x5d,0x08,0x9f,0x87,0x54,0x2a,0xd9,0x07,0xfb,0x37,0xec,0xea,0xef, + 0xb3,0x30,0xf4,0x32,0x5e,0x97,0xf5,0xea,0xbc,0x04,0x09,0x6a,0x8f,0xab,0xba,0x97, + 0x85,0x89,0xe3,0x55,0x44,0x5d,0x95,0x43,0x27,0x4c,0x1c,0x38,0xff,0x84,0x9b,0xa8, + 0xc2,0x91,0x1f,0x07,0x03,0x06,0x34,0xc1,0x32,0xcc,0xaf,0x4e,0x4f,0x57,0xa5,0xad, + 0x92,0x44,0xf5,0xdf,0x0e,0xe2,0x5a,0xf8,0xef,0x2f,0xc7,0xb2,0x9f,0xdf,0x7c,0xc1, + 0x84,0x04,0xe2,0x0e,0xfa,0xaf,0xfa,0x45,0x1e,0xc4,0x1a,0xb8,0x38,0xd5,0x94,0x90, + 0x6f,0xf2,0xca,0xd5,0x2d,0xcb,0xd0,0xe9,0xa6,0x8e,0xf7,0xb0,0x6c,0x25,0x37,0x10, + 0xe1,0x31,0x8d,0x09,0xad,0x07,0x01,0x27,0x67,0xa8,0x91,0x24,0x17,0x7d,0xf5,0x0d, + 0x16,0x84,0x67,0x9e,0x14,0x30,0x68,0x89,0xd9,0xa7,0xac,0x51,0x43,0xd4,0x86,0x1b, + 0x7d,0x6a,0xe7,0x79,0x92,0xef,0xa7,0x3e,0x0a,0xba,0x9d,0xa0,0xad,0x9a,0x68,0x88, + 0xbc,0x80,0x4d,0xbd,0x07,0xbc,0x26,0xa8,0xa5,0xdf,0xbd,0x29,0x2a,0x0e,0xfa,0x96, + 0x86,0x7f,0xdb,0x92,0xe8,0x45,0xc3,0x6e,0x34,0x33,0xcf,0x29,0x2e,0x0e,0x31,0x66, + 0x24,0x80,0x25,0x7f,0xcf,0x46,0x6f,0x7f,0x65,0xd8,0x14,0xbb,0x3e,0x33,0x99,0x2f), + .d = chunk_from_chars( + 0x3e,0xac,0x18,0x66,0xe2,0x35,0xd6,0x4b,0x9a,0x04,0xd7,0x3c,0x3f,0x49,0x70,0x7f, + 0x53,0x06,0xef,0x23,0x6f,0xcd,0xdb,0x7d,0xec,0x19,0x14,0x8a,0x4b,0xf3,0x48,0x28, + 0xc2,0x9b,0xc5,0x0e,0x75,0xa0,0xdc,0x38,0xd2,0x67,0x1b,0x50,0x28,0x59,0x61,0x8b, + 0xf3,0xf7,0xe5,0xf8,0x71,0x30,0x5a,0xd1,0xdf,0x49,0x72,0x75,0xb6,0x2d,0x36,0x03, + 0x1d,0xf6,0xc9,0x5c,0x9b,0x9d,0x68,0x73,0xa4,0x20,0x66,0x40,0x48,0x26,0x40,0x78, + 0x80,0x19,0x4c,0x61,0x13,0x2c,0x03,0x3c,0x76,0xac,0x16,0x9a,0xd4,0x01,0xcb,0x6e, + 0xd7,0x16,0xe7,0x02,0xbb,0xe3,0x16,0x11,0x72,0x9f,0x3a,0xca,0x1f,0x54,0x38,0xc6, + 0xb7,0x25,0xd9,0x01,0x17,0xca,0x53,0xe2,0x59,0xce,0x65,0xad,0x2f,0xbc,0x8a,0x1a, + 0x30,0xfa,0xa6,0x06,0xc3,0xb9,0x7f,0x1a,0xba,0xc5,0xa9,0x01,0x0f,0xa0,0x78,0x8e, + 0x9d,0x74,0x04,0xfd,0xcf,0xdc,0x55,0xf9,0xec,0x8e,0x91,0xaa,0x5f,0xdd,0x54,0xec, + 0x93,0x25,0xf0,0x21,0x48,0xc7,0xc5,0xdb,0x18,0xfe,0x52,0xed,0x62,0x75,0x8f,0xcd, + 0xb9,0x63,0x72,0x69,0x3f,0x99,0x8b,0x53,0x46,0x5a,0x97,0xca,0xcb,0x3b,0xbd,0x4d, + 0x0b,0xc3,0xd8,0x73,0x16,0x18,0xa2,0x78,0xe8,0x42,0x26,0x0e,0xaa,0xe8,0xdf,0x65, + 0xbe,0x8b,0xb9,0xf6,0xf0,0x85,0x22,0x0a,0x06,0x2a,0x11,0x77,0xf1,0x09,0x2a,0x9e, + 0xbd,0x46,0x71,0x35,0x0f,0xb0,0x5d,0x0c,0x89,0x3c,0x07,0xd8,0x36,0xe3,0x7e,0x73, + 0xc0,0x92,0xac,0x42,0x6e,0x63,0x0e,0x9b,0x6c,0xde,0xf3,0x6d,0x32,0x6c,0xd3,0x0e, + 0x5e,0xd8,0xff,0x37,0xce,0xd3,0x5c,0x4a,0xc4,0x7c,0xf0,0x12,0x61,0x61,0x6e,0xdd, + 0xb1,0x91,0x95,0x7e,0xaa,0x38,0xb2,0x60,0x0e,0x08,0xe7,0x84,0xb2,0x18,0x92,0x48, + 0xcf,0x40,0xf9,0xde,0xe6,0x5f,0x06,0x6a,0x8f,0x1e,0xe1,0x02,0x8d,0xe6,0x01,0xb6, + 0xbc,0x29,0x91,0x5b,0x9c,0xba,0xee,0xc2,0xdc,0x4f,0xe7,0xb1,0x3b,0x84,0x0c,0xf7, + 0x9a,0x4d,0x93,0xb0,0xc9,0xf4,0x7b,0x64,0x47,0xc3,0xf1,0xf8,0x32,0xdc,0x8c,0xf7, + 0xe5,0xf9,0x8f,0x68,0xf9,0x7c,0xc5,0xd9,0x93,0x46,0xb1,0x24,0x23,0x52,0xf7,0x4d, + 0x94,0xa7,0x27,0xa5,0x30,0x3b,0x99,0x67,0x0b,0xb8,0x34,0x19,0x25,0x5a,0xc5,0x12, + 0x70,0xbb,0xe5,0xd8,0x13,0x28,0x40,0x26,0x14,0xba,0xe1,0xc8,0x23,0x64,0x08,0xd9), + .e = chunk_from_chars(0xef,0xab,0xb9), + .m = chunk_from_chars( + 0x3a,0xbd,0x43,0xf1,0xd7,0x41,0xdd,0xf0,0xb7,0x52,0xdd,0x94,0x19,0x7a,0xb6,0x56, + 0x28,0x8f,0xf4,0x65,0xe5,0xdb,0xcc,0xec,0x61,0x79,0xf8,0x93,0x2f,0x02,0xc2,0x48, + 0x19,0x6a,0x5e,0x3f,0x12,0x24,0x7c,0x37,0x6c,0x8d,0x1e,0x00,0x4b,0x87,0xa7,0x3a, + 0x5a,0x64,0x35,0x5f,0xbc,0x07,0x31,0x04,0x46,0x45,0x25,0x5b,0xeb,0x91,0xcd,0xfd, + 0x77,0xd9,0x70,0xe6,0x81,0xab,0x70,0xc1,0x9a,0x9c,0x21,0x67,0xcb,0xea,0xd7,0xa2, + 0x3f,0x60,0x43,0x36,0x3c,0x7a,0xff,0x22,0x58,0xca,0x67,0x23,0xe9,0x9a,0xab,0x7a, + 0xbd,0xd3,0x22,0xef,0x0b,0x1e,0xe1,0x16,0xaa,0x48,0x8d,0xd1,0x81,0xeb,0x6d,0x16, + 0x3f,0x4b,0xc3,0xf2,0x4c,0x7e,0x5d,0xce,0xff,0xd0,0x67,0xf2,0x11,0x65,0x83,0x47), + .s = chunk_from_chars( + 0x47,0x40,0x11,0x5f,0x25,0x1b,0x35,0xcf,0xe1,0x9d,0x38,0x16,0xcc,0x1f,0xbf,0x02, + 0xb9,0xa4,0xd9,0x47,0x0d,0xc6,0x2b,0x41,0xcd,0xb7,0x22,0x84,0xc3,0x0f,0xff,0xd3, + 0x4e,0x70,0x57,0x55,0x9a,0x73,0xb4,0x4a,0xc4,0x9f,0xa7,0x28,0x5f,0x3e,0x9a,0x68, + 0x0b,0xf1,0x94,0x95,0x62,0xa4,0x7f,0x01,0xbf,0xc5,0x5e,0xb7,0xbd,0xa9,0xe2,0x91, + 0xc9,0xa5,0xce,0x1a,0x5d,0x7b,0x61,0x95,0x90,0xc0,0xe1,0xbd,0x36,0x94,0x3f,0xa4, + 0x1b,0x9c,0xc9,0xb2,0xa3,0xa7,0x42,0xc2,0x94,0x2c,0x53,0xec,0x3e,0x45,0xc7,0x71, + 0x76,0xe4,0xbf,0x32,0xb7,0x10,0x1a,0xb4,0xb0,0x5a,0x99,0x6a,0x21,0xfe,0x12,0x92, + 0x18,0x41,0xf8,0xf0,0xfa,0xd1,0xe7,0x1b,0xde,0xff,0x5a,0x7f,0x53,0xe8,0x76,0x63, + 0x67,0x31,0x1a,0x98,0xb9,0xd8,0x61,0x8a,0x61,0x98,0xaa,0x16,0x62,0xe5,0x87,0x33, + 0x2c,0x24,0x28,0x3f,0x9e,0xcf,0x2b,0xb2,0xd8,0x25,0xf5,0x97,0xd1,0x82,0x56,0xce, + 0x9c,0x58,0x64,0xf1,0xff,0xca,0x37,0xc4,0xec,0x8d,0xf4,0xf9,0x45,0xcf,0x22,0xc9, + 0x74,0xf5,0xef,0x3d,0xbb,0x9f,0x17,0x0b,0x39,0x78,0xbd,0xdc,0xc9,0x1b,0x13,0xb9, + 0xe8,0x55,0x0b,0xfc,0xdb,0x74,0xac,0x73,0x49,0xd5,0x31,0xe1,0xe3,0x28,0x0f,0xc0, + 0x05,0xac,0x34,0xc0,0x36,0x08,0x99,0x3b,0x78,0x76,0xca,0xf2,0x7c,0x8b,0xd5,0xa9, + 0x73,0x06,0x29,0x20,0x82,0xf7,0x7d,0x91,0x44,0x00,0x5b,0xcd,0x10,0x46,0xf2,0x73, + 0x03,0x18,0x5b,0x6a,0x7c,0xac,0x53,0x9f,0x1e,0x05,0x80,0x5e,0xe8,0xd0,0x77,0x2f, + 0x37,0xac,0xc3,0xe7,0xfa,0x09,0x20,0x17,0x1c,0x19,0xec,0x92,0x66,0xc4,0xdd,0x6d, + 0x9e,0x51,0x76,0x6c,0x44,0x33,0xa2,0x83,0x1c,0x3e,0x5f,0xb7,0xd8,0x43,0x41,0x62, + 0x4e,0xa9,0xa2,0x5e,0x1a,0x2e,0xb2,0x7e,0xf2,0xc7,0xe8,0xde,0x49,0x1d,0x94,0xd8, + 0xa8,0xa3,0x19,0x19,0xbd,0xd7,0xcd,0xf6,0x07,0x3a,0x1d,0x88,0xf4,0x52,0xff,0x8d, + 0x15,0xe5,0x7c,0xf6,0x50,0x4a,0x81,0x84,0x3c,0x24,0x35,0x1c,0x61,0xa3,0x73,0xb7, + 0x3a,0xcd,0x84,0xc7,0x6d,0xe9,0x16,0xf2,0x90,0xe0,0xe9,0xbd,0xf5,0x1d,0x8f,0xfa, + 0x63,0xf8,0x67,0xaf,0x58,0x7b,0x5c,0x75,0x91,0x11,0x67,0x10,0x79,0xea,0x28,0x84, + 0x64,0x66,0xcc,0x33,0xdf,0x76,0x83,0x63,0x9d,0x01,0x83,0x37,0xeb,0xe1,0x3c,0xb8), + }, + { + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, }, + .n = chunk_from_chars( + 0xcd,0x61,0x41,0xe4,0xc8,0xdc,0x69,0x97,0xfc,0x65,0x30,0x0a,0x6e,0x2c,0x74,0x6f, + 0x39,0x10,0x22,0xf1,0x56,0x61,0x23,0x1a,0x83,0x2b,0xe9,0x66,0xaa,0x49,0x8e,0x67, + 0x87,0x77,0x76,0x69,0x44,0xdb,0x54,0xa5,0x99,0xcd,0x6d,0xdb,0xda,0xf7,0x53,0x3f, + 0x42,0x9e,0x6e,0x11,0x97,0xb7,0xeb,0x06,0x19,0x13,0xf5,0x0b,0x09,0xbe,0x04,0xab, + 0x70,0xb1,0xb7,0x02,0xfc,0xe9,0xad,0xa2,0x79,0xea,0x80,0x89,0x67,0x7a,0x37,0x70, + 0x1e,0x64,0x19,0x0f,0x24,0x3d,0xfa,0xbe,0x7c,0xc2,0x54,0xf0,0x8a,0x61,0x43,0xc9, + 0xc5,0x89,0xac,0x4a,0x90,0x88,0x1c,0x0d,0x2b,0x62,0xe9,0x80,0x13,0xe9,0x2d,0x04, + 0x9e,0xe9,0xca,0x11,0xa4,0x25,0xad,0x45,0x0e,0xc5,0xa6,0x99,0xae,0x17,0x67,0x2d, + 0x86,0xef,0xde,0x3f,0xbc,0x81,0x20,0x3f,0x2b,0x50,0x0e,0xf4,0x17,0x46,0xb9,0xe9, + 0xaf,0x26,0x42,0xb3,0x0c,0xbf,0x75,0xe7,0x88,0x9e,0x50,0x08,0x36,0xd6,0xdd,0x32, + 0xbc,0xc5,0xd8,0xb6,0x90,0x21,0xb7,0x64,0xa5,0x91,0xd6,0x85,0x07,0x76,0xcd,0xdf, + 0x0b,0x72,0x40,0xc7,0x5d,0xda,0x9e,0x2d,0x19,0x7f,0x2c,0xd9,0xc6,0x78,0x7b,0x16, + 0x44,0x5b,0x55,0xea,0xec,0xcd,0xfd,0xd1,0x7f,0xb7,0x2d,0x7f,0xe5,0x18,0x9a,0xa1, + 0xa2,0xa6,0xad,0x06,0xb4,0xf2,0xbf,0xc8,0xf6,0xc9,0x1c,0x3a,0x2a,0x80,0xa8,0x3a, + 0x31,0x13,0xe0,0xb4,0x20,0xb7,0x06,0x54,0xd6,0xa5,0x07,0x5d,0x38,0xd9,0xa1,0x2d, + 0x1e,0x0f,0xdd,0xd2,0xcb,0x23,0xb7,0xf3,0xef,0x94,0x99,0x91,0xbf,0x49,0x04,0x8d, + 0xc4,0x00,0x20,0xdc,0xf0,0x42,0xca,0xf0,0x08,0x83,0x36,0x35,0x91,0xdd,0x6a,0x90, + 0x78,0x9a,0xc2,0x12,0xa0,0xce,0xd9,0x5f,0xb4,0x0b,0xca,0xda,0xac,0x2c,0x97,0xee, + 0x7f,0xf3,0x02,0xc3,0x7c,0xf2,0xaa,0x72,0x98,0x31,0x1d,0xb8,0x5a,0x2d,0x4d,0x1b, + 0x9f,0x03,0x70,0x23,0xc2,0x1b,0xf2,0xe9,0xb9,0xab,0xec,0xc7,0x80,0xa7,0x0c,0xf2, + 0xa5,0x40,0x02,0x63,0x42,0x72,0xd7,0xdc,0xf2,0x5e,0xe4,0xc7,0xdb,0xb0,0x44,0x37, + 0xf3,0x0f,0x50,0xbd,0xcf,0x49,0x62,0xd4,0x32,0x48,0x4a,0x5d,0xab,0x7b,0x60,0xb3, + 0x1d,0x80,0x25,0xb9,0x84,0xc8,0x21,0xfa,0xdb,0xf2,0xb6,0x23,0xf2,0xf9,0x2a,0x65, + 0x31,0xdc,0xe1,0x1a,0x1f,0x25,0x2e,0x60,0x30,0x16,0x07,0x8f,0x39,0x86,0xe0,0x81), + .d = chunk_from_chars( + 0x1c,0xc4,0x40,0x8e,0x92,0xd1,0xae,0xd2,0x2f,0x6c,0x04,0x3d,0x82,0x14,0x03,0x04, + 0xe7,0x82,0x5e,0x74,0xeb,0xaa,0x10,0x40,0x8d,0x33,0x95,0x46,0x30,0xb6,0x3b,0x02, + 0x3a,0xc2,0x13,0x6e,0xaf,0x45,0x16,0xd7,0x3a,0xe5,0x4f,0x7f,0xf6,0xf8,0xeb,0x34, + 0x1f,0x1d,0x39,0xae,0xd5,0xc9,0x8d,0x92,0xf1,0x85,0x8a,0xe4,0x11,0xb9,0xe0,0xe2, + 0x06,0xe0,0xe2,0xb2,0x25,0x19,0xbc,0x20,0xd3,0x04,0xbc,0xb4,0x7d,0x81,0xc4,0xf4, + 0x9e,0x59,0x9b,0x86,0x95,0x26,0xb7,0x58,0x88,0xb0,0x2f,0x29,0xdc,0x59,0x58,0xe8, + 0x21,0x6f,0x6a,0xe4,0x75,0xbf,0xf7,0x15,0xa7,0x41,0x63,0x32,0x04,0xbf,0xed,0x27, + 0xbd,0xc6,0x25,0x22,0x60,0x99,0x9f,0xf1,0x77,0xf1,0xa4,0xf7,0xa0,0x60,0x57,0x18, + 0xe9,0xad,0x45,0xb8,0x99,0x2b,0x59,0x46,0x6c,0x11,0xb4,0xda,0x7e,0x0e,0x1a,0x97, + 0x4c,0x28,0xc0,0xe1,0x54,0xe0,0x78,0x68,0xa0,0x1e,0x3f,0xa7,0x4e,0x6c,0xde,0x47, + 0x95,0x26,0xc4,0x6b,0x73,0x18,0xed,0x5f,0x12,0xe7,0xa2,0x27,0x01,0xf7,0x39,0xa3, + 0x10,0xec,0xcd,0x59,0x94,0xd4,0xbc,0x7f,0x8d,0xf6,0xe1,0x5e,0x3b,0x84,0xe1,0x83, + 0x93,0x64,0x62,0x32,0xfe,0x6e,0xc4,0x8b,0xe9,0xed,0x26,0xca,0xb8,0x74,0x96,0x00, + 0x9d,0x25,0xa5,0xbb,0x3c,0xdd,0xbd,0x32,0xb1,0xda,0x3f,0x07,0x03,0x8f,0xfc,0x78, + 0x14,0xdf,0x10,0x33,0xff,0xda,0x30,0xab,0x05,0xf0,0x75,0x5e,0x33,0x00,0x22,0xc9, + 0xcb,0x6b,0x78,0xdf,0xb4,0x75,0x02,0xb6,0x29,0xeb,0x4b,0xad,0xaf,0xf3,0x44,0x25, + 0x96,0x28,0x9f,0xa3,0x29,0xd5,0x08,0x7b,0xf7,0x0f,0x53,0x4f,0x50,0xff,0xa6,0x5e, + 0xeb,0x64,0x14,0x1d,0x0d,0xb4,0x31,0xa4,0x15,0x9d,0x39,0x0f,0x82,0x33,0x98,0x12, + 0x71,0xf4,0x8c,0x66,0x6c,0x50,0xab,0x7f,0xa4,0xf1,0xe7,0xe3,0x96,0x34,0x71,0x84, + 0xe1,0xd9,0x77,0xa0,0x8d,0xae,0xb2,0xfa,0xbe,0x8d,0xca,0x0c,0x2f,0xb9,0x41,0xd3, + 0xe5,0x39,0x8a,0x0d,0x1d,0xb9,0x18,0xee,0x59,0x3c,0x4b,0x4d,0xc9,0x67,0x13,0x1a, + 0x4b,0xc1,0x80,0x80,0xad,0x57,0xa9,0x42,0x8e,0x72,0x69,0x1b,0x0d,0xd6,0xb1,0xd5, + 0x66,0xe0,0x2a,0xd4,0x5f,0x30,0x8b,0xe8,0xbc,0x37,0xf3,0xfe,0xd6,0xc8,0x8d,0x28, + 0x38,0x56,0x67,0x33,0x57,0x04,0xa4,0xa5,0x50,0xf8,0x70,0xea,0x59,0xca,0x18,0x4f), + .e = chunk_from_chars(0x2c,0xc9,0x2f), + .m = chunk_from_chars( + 0xd1,0xac,0xd4,0xa6,0x03,0x5f,0x23,0xbf,0xe6,0x70,0x06,0x13,0x2a,0x1c,0xd4,0x74, + 0xef,0x58,0xc0,0x11,0x36,0x70,0xf5,0x3c,0x95,0xee,0xe5,0x70,0x30,0xbd,0xdd,0x92, + 0xe4,0x8e,0xdd,0x77,0xc5,0x7b,0xa8,0xa7,0xcb,0xea,0x17,0x60,0xc8,0xb5,0xb2,0xde, + 0x9d,0x88,0x81,0xda,0xae,0x8a,0x20,0x51,0x93,0x3f,0x12,0x86,0x11,0xad,0x57,0x4a, + 0x48,0xbd,0x41,0x7b,0x2d,0xe5,0x83,0xcb,0x3b,0x04,0x8b,0xc2,0x66,0x8d,0x12,0x07, + 0x51,0xe8,0xf1,0xdb,0xc0,0x15,0x36,0xe6,0x50,0x93,0x77,0x36,0x66,0x80,0x66,0x85, + 0x65,0x01,0xa6,0xba,0x24,0xe4,0xdd,0xb3,0x9f,0x84,0x0b,0x42,0xec,0xed,0x1a,0x75, + 0x71,0x41,0xb6,0x1b,0x55,0x5b,0x5e,0x83,0x34,0xb1,0xbb,0x87,0x17,0x7f,0x31,0xc9), + .s = chunk_from_chars( + 0x55,0x61,0x3f,0x64,0x33,0x1a,0xbd,0x97,0x1e,0x82,0x2c,0xc3,0xd9,0x72,0xf6,0x7e, + 0x78,0x2b,0x6a,0xf8,0x1a,0xac,0x0b,0x80,0xe2,0xf6,0x32,0x4d,0xa6,0xd9,0xf3,0x3c, + 0x46,0xf8,0xb7,0xe2,0x4c,0x94,0xde,0xee,0x7e,0x98,0x52,0x5a,0xaf,0x4c,0xa6,0x84, + 0x37,0x53,0xdf,0x3d,0x44,0x4e,0x1e,0x05,0x40,0xf9,0xc1,0x96,0xff,0xbb,0xcb,0x4f, + 0xca,0x7a,0xad,0x4b,0xa9,0x42,0x88,0xf9,0x11,0x65,0x0e,0x3c,0xaf,0x6d,0xd2,0x2f, + 0x87,0x92,0x3f,0xa4,0xb1,0x2e,0x2d,0x6b,0x11,0x5f,0x2f,0xe7,0x73,0xaf,0x25,0x63, + 0xcc,0x76,0x0d,0xe8,0x8c,0xfa,0x6e,0x16,0x87,0x8d,0xd9,0xc0,0x7f,0x0d,0x45,0xb1, + 0x0a,0x22,0x4d,0x1a,0x7e,0xe1,0xd2,0x6f,0xfa,0xdf,0xd3,0x8b,0x78,0x00,0x4a,0x20, + 0x45,0xb3,0x5d,0x9c,0xb9,0xfc,0xcd,0xc7,0x15,0x66,0x8a,0x74,0x01,0xdb,0x7a,0xde, + 0xf1,0x09,0xeb,0xca,0xaf,0xc5,0x26,0x9d,0x37,0x7c,0x1e,0x8f,0x7d,0x42,0x92,0x45, + 0x9c,0x80,0x1a,0x93,0xc4,0xd0,0x7e,0xf4,0x77,0xf8,0x71,0x75,0xaa,0x35,0xe0,0x02, + 0xa0,0x3c,0x20,0x51,0x98,0x5f,0xcb,0x69,0x63,0xe9,0xbf,0x96,0xe2,0x8e,0x55,0xeb, + 0x52,0xa3,0x55,0x44,0x75,0xf9,0x09,0x5f,0x24,0xa9,0xe4,0x22,0xfa,0x84,0xb6,0x05, + 0x90,0xe8,0xb8,0xd6,0xec,0x91,0xdc,0xf6,0xa5,0x84,0xcc,0x8a,0x93,0x4e,0x55,0x1b, + 0xef,0xee,0xdc,0x0f,0x0f,0x48,0xda,0xdf,0x29,0x3f,0x0f,0x92,0x60,0xee,0x22,0xd7, + 0x2e,0xa4,0x6e,0x27,0x10,0x45,0xb6,0x65,0x16,0xb2,0xbe,0xbe,0xed,0x52,0x72,0x2a, + 0xec,0x5f,0x08,0x40,0x85,0xf8,0xfa,0xa6,0x89,0x30,0x8b,0xc1,0x3f,0xa5,0xb9,0xe5, + 0xb0,0xaa,0xdf,0x27,0x66,0x25,0x8e,0x01,0xd4,0xb8,0xdd,0xbe,0x0d,0x32,0x8a,0xa1, + 0x12,0x23,0x7e,0xc1,0x0b,0x11,0x5b,0xe8,0x3f,0xae,0x8a,0x01,0x13,0xf8,0x89,0x0e, + 0xda,0xb7,0x9d,0x04,0x63,0xc9,0xec,0x6e,0x2d,0xb4,0x50,0x46,0x93,0x53,0x5d,0xcf, + 0x76,0x95,0xf8,0x44,0x25,0xe9,0xf7,0xb7,0x3e,0x4f,0x18,0xbc,0x07,0x2f,0x51,0x31, + 0x98,0x9b,0x0c,0xdb,0x07,0xf4,0x96,0xf1,0x5e,0x56,0x2d,0x07,0xf0,0x71,0x1c,0xf9, + 0x79,0xf1,0xaa,0x4d,0x14,0x0d,0x97,0x83,0xef,0xd6,0xf9,0x6c,0x41,0xfe,0x5f,0xb7, + 0x9e,0x5d,0x5d,0x68,0x9d,0xd5,0xa7,0x05,0xf1,0xff,0x83,0x77,0x54,0x03,0x1a,0x39), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, }, + .n = chunk_from_chars( + 0x99,0xa5,0xc8,0xd0,0x94,0xa5,0xf9,0x17,0x03,0x46,0x67,0xa0,0x40,0x8b,0x7e,0xcf, + 0xca,0xac,0xc3,0xf9,0x78,0x44,0x44,0xe2,0x17,0x73,0xc3,0x46,0x1e,0xc3,0x55,0xf0, + 0xd0,0xf5,0x2a,0x5d,0xb0,0x56,0x8a,0x71,0xd3,0x88,0x69,0x67,0x88,0xef,0x66,0xae, + 0x73,0x40,0xc6,0xb2,0x8d,0xbf,0x92,0x5f,0xe8,0x35,0x57,0x98,0x65,0x75,0xf7,0x9c, + 0xca,0x69,0x21,0x72,0x21,0x39,0x7e,0xd5,0x80,0x8a,0x26,0xf7,0xe7,0xe7,0x14,0xc9, + 0x32,0x35,0xf9,0x14,0xd4,0x5c,0x4a,0x9a,0xf4,0x61,0x9b,0x20,0xf5,0x11,0xad,0x64, + 0x4b,0xd3,0x41,0x2d,0xfd,0xf0,0xff,0x71,0x7f,0x7a,0xac,0x74,0x6f,0x31,0x0b,0xfa, + 0x9a,0x14,0x1a,0xc3,0xdb,0xf0,0x1c,0x1f,0xc7,0x4f,0xeb,0xd1,0x97,0x93,0x84,0x19, + 0xc2,0x62,0x29,0x35,0x05,0xc3,0x5f,0x40,0x2f,0x90,0x53,0xad,0x13,0xc5,0x1a,0x59, + 0x60,0xec,0xde,0x55,0xec,0x82,0x9e,0x95,0x3f,0x94,0x1a,0xf7,0x33,0xe5,0x87,0x05, + 0x91,0x37,0x67,0xe7,0xa7,0x20,0x0d,0x1d,0x09,0xe7,0xe7,0xe2,0xd2,0x69,0xfa,0x29, + 0xa5,0x58,0xbb,0x16,0x30,0x4b,0x05,0x9f,0x13,0xf4,0xca,0x56,0x0a,0x81,0x01,0xfe, + 0x37,0x20,0xb4,0xa7,0x79,0xec,0x12,0x64,0x27,0x32,0x6c,0xaa,0x13,0x2a,0x3d,0x36, + 0x11,0xd7,0xdb,0xc5,0x03,0x36,0xfa,0xc7,0x89,0xec,0x40,0x6b,0x39,0x7e,0x1e,0x36, + 0xd7,0xda,0xf9,0xb6,0x24,0xbf,0x63,0x9c,0x82,0xb8,0x59,0x28,0x87,0x47,0x69,0x0c, + 0x73,0x0c,0x98,0x0b,0x2f,0x5a,0x23,0x9d,0xd9,0x5a,0xd5,0x38,0x9a,0x2e,0xc9,0x0c, + 0x57,0x78,0x60,0x47,0x13,0x71,0x03,0x83,0xae,0x55,0xd4,0xd2,0x8c,0x06,0xd4,0xac, + 0x26,0xf0,0xd1,0x23,0x1f,0x1d,0x67,0x62,0xc8,0xe0,0xd9,0x18,0x11,0x81,0x56,0xbc, + 0x63,0x77,0x60,0xda,0xea,0x18,0x47,0x46,0xb8,0xdc,0xf6,0xf6,0x1d,0xb2,0x74,0xa7, + 0xdd,0xce,0xaa,0x07,0x49,0x37,0xab,0xab,0xad,0x45,0x49,0xb9,0x7a,0xb9,0x92,0x49, + 0x4a,0x80,0x72,0x08,0xab,0xd7,0x89,0x82,0x3f,0x5d,0x75,0xc4,0xb9,0x94,0x08,0x9c, + 0x80,0x72,0xcf,0xc2,0x54,0xe0,0xd8,0x20,0x2f,0xd8,0x96,0x47,0x6e,0x96,0xad,0x9d, + 0x30,0x9a,0x0e,0x8e,0x73,0x01,0x28,0x2f,0x07,0xeb,0x2a,0xe8,0xed,0xef,0xb7,0xdb, + 0xbe,0x13,0xb9,0x6e,0x8b,0x40,0x24,0xc6,0xb8,0x4d,0xe0,0xa0,0x5e,0x15,0x02,0x85), + .d = chunk_from_chars( + 0x03,0xb1,0x90,0x5b,0x88,0x3e,0xa9,0xd3,0x2a,0x37,0x96,0x4c,0xf2,0xb3,0x19,0x9c, + 0xb1,0xee,0x5f,0x61,0x1f,0xf2,0xaa,0x16,0x32,0x69,0x94,0x2b,0x35,0x43,0x6a,0x4a, + 0x70,0x8e,0x73,0x71,0x85,0x7b,0x60,0x3f,0xe8,0x4e,0x43,0x7f,0xea,0x0f,0xb9,0xc1, + 0x9c,0xb0,0x9b,0x3c,0x39,0xac,0x82,0xfa,0xf7,0x3f,0x12,0x0a,0xb2,0xdd,0x49,0x57, + 0x0e,0xd9,0xc4,0x3c,0x70,0xf4,0x30,0x20,0x4f,0x77,0x74,0x3b,0x29,0x51,0x23,0x21, + 0x8a,0x5b,0x12,0x83,0xda,0xdf,0x93,0xcf,0xe3,0x73,0x75,0x00,0x0f,0xbe,0x64,0xa5, + 0x3f,0xa4,0xe4,0x0f,0x9a,0x8e,0x40,0x37,0x3f,0x75,0x92,0x35,0x66,0x5a,0xb1,0xf8, + 0x4d,0xd2,0xc8,0xa8,0x0a,0x8c,0x18,0x30,0xe7,0xd6,0x82,0xbd,0xba,0xbc,0xed,0xf3, + 0x22,0xe6,0xc7,0x87,0xcd,0x20,0x84,0xab,0x75,0x27,0x04,0x0e,0x78,0x5a,0x8e,0xf8, + 0x62,0xe0,0x25,0x66,0x99,0x5e,0x3a,0x3c,0x1d,0xb9,0xff,0x04,0x60,0xee,0xdf,0x80, + 0x78,0x39,0xb8,0x01,0x70,0xfd,0x4f,0xcb,0xd0,0x85,0x04,0x24,0x90,0x7d,0x8f,0x28, + 0x65,0x2c,0xb7,0xe9,0xd3,0x7e,0x1b,0xda,0x2e,0xad,0xb8,0x89,0xe5,0x55,0x0f,0x3c, + 0x49,0x01,0xdb,0x4d,0xb5,0x77,0x5d,0xd9,0xd1,0xe8,0x63,0xda,0xc1,0xe5,0xd9,0x47, + 0xef,0x0b,0x7b,0xcf,0x74,0x6c,0xbf,0xd3,0xe6,0x00,0x0f,0x40,0x92,0xb0,0xb1,0xee, + 0xa7,0x3d,0x15,0x43,0x11,0xb5,0x1b,0xde,0x7e,0x4d,0xff,0x4a,0x5f,0xcd,0x89,0xb8, + 0x28,0x53,0x45,0x65,0x4c,0x4f,0xc6,0x97,0x53,0x4c,0x79,0x41,0x35,0xfd,0x85,0xe8, + 0x73,0x65,0x6e,0xfe,0x2d,0x90,0x28,0xc7,0x36,0xb4,0x6c,0x59,0x1f,0x4d,0x5b,0xa1, + 0x3b,0x44,0xba,0xce,0x0b,0x39,0x7c,0xc1,0x7f,0x5d,0x77,0x93,0x95,0x05,0x9c,0x59, + 0xd3,0x64,0x52,0x93,0xab,0x0d,0x63,0xca,0xe4,0x39,0x20,0x23,0x61,0x9e,0xc5,0x7d, + 0xc4,0x33,0x93,0x23,0x94,0xa9,0xf5,0x9a,0x69,0x0c,0x0d,0xd1,0xe1,0x1c,0xf0,0x92, + 0xba,0x54,0x1c,0x55,0xf3,0xfa,0x89,0x24,0xd2,0x55,0xa1,0x68,0xc3,0xad,0x26,0xe6, + 0xb4,0xe5,0xe0,0x50,0x02,0x6f,0x65,0x0a,0x2a,0xcb,0xb1,0xee,0xc5,0x74,0xcc,0x8b, + 0x14,0x47,0x0b,0x7d,0x3b,0x12,0x2b,0x00,0x95,0x72,0x0f,0x97,0xc6,0x17,0x5c,0x53, + 0xe7,0x60,0x36,0xd5,0xe9,0xb6,0xa2,0xaa,0xba,0x76,0x31,0xab,0x3b,0x7b,0x8a,0xe9), + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0xcc,0x21,0x59,0x3a,0x6a,0x0f,0x73,0x7e,0x29,0x70,0xb7,0xc0,0x79,0x84,0xb0,0x70, + 0xd7,0x61,0x72,0x62,0x96,0xa0,0x7e,0x24,0xe0,0x56,0xe6,0x8f,0xf8,0x46,0xb2,0x9c, + 0xc1,0x54,0x81,0x79,0x84,0x3d,0x74,0xdc,0xee,0x86,0x47,0x98,0x58,0xb2,0xc1,0x6e, + 0x4c,0xb8,0x4f,0x25,0x44,0xb4,0xec,0xdc,0xb4,0xdd,0x43,0xa0,0x4b,0xb7,0x18,0x3a, + 0x76,0x8a,0xe4,0x4a,0x27,0x12,0xbf,0x9a,0xd4,0x78,0x83,0xac,0xc2,0x81,0x2f,0x95, + 0x83,0x06,0x89,0x0e,0xbe,0xa4,0x08,0xc9,0x2e,0xb4,0xf0,0x01,0xed,0x7d,0xbf,0x55, + 0xf3,0xa9,0xc8,0xd6,0xd9,0xf6,0x1e,0x5f,0xe3,0x2e,0xb3,0x25,0x3e,0x59,0xc1,0x8e, + 0x86,0x31,0x69,0x47,0x8c,0xd6,0x9b,0x91,0x55,0xc3,0x35,0xdb,0x66,0x01,0x6f,0x96), + .s = chunk_from_chars( + 0x0a,0xa5,0x72,0xa6,0x84,0x5b,0x87,0x0b,0x89,0x09,0xa6,0x83,0xbb,0x7e,0x6e,0x76, + 0x16,0xf7,0x7b,0xef,0xf2,0x87,0x46,0x11,0x6d,0x8b,0xc4,0xb7,0x33,0x55,0x46,0xb5, + 0x1e,0x80,0x06,0xed,0x0f,0xc9,0xa0,0xd6,0x6f,0x63,0xce,0x0b,0x9e,0xbf,0x79,0x2d, + 0x7e,0xfd,0x43,0x05,0xd7,0x62,0x4d,0x54,0x54,0x00,0xa5,0xfd,0x6a,0x06,0xb7,0x8f, + 0x17,0x4b,0x86,0x80,0x3f,0x7c,0xd1,0xcc,0x93,0xe3,0xa9,0x72,0x86,0xf0,0xea,0x59, + 0x0e,0x40,0xff,0x26,0x19,0x5a,0xa2,0x19,0xfe,0x15,0x10,0xa0,0x16,0x78,0x52,0x23, + 0x60,0x6d,0x93,0x11,0xa1,0x6c,0x59,0xa8,0xfe,0x4a,0x6d,0xa6,0xec,0xd0,0xc1,0xd7, + 0x77,0x50,0x39,0x29,0x0c,0x2a,0xaa,0x17,0xed,0x1e,0xb1,0xb5,0x43,0x74,0xf7,0xe5, + 0x72,0xdb,0x13,0xcc,0xa3,0xa6,0x38,0x57,0x5f,0x80,0x04,0xaa,0x54,0xa2,0xfa,0x98, + 0x42,0x2f,0xc0,0x7e,0x43,0xad,0x3a,0x20,0xdd,0x93,0x00,0x14,0x93,0x44,0x26,0x77, + 0xd8,0x83,0x91,0x4d,0xc7,0x4e,0xc1,0xcb,0xeb,0xbb,0xd3,0xd2,0xb6,0xba,0xd4,0x66, + 0x6d,0x91,0x45,0x7b,0x69,0xb4,0x6a,0x1a,0x61,0xf2,0x12,0x98,0xf1,0xa6,0x79,0x42, + 0xec,0x86,0xc8,0x76,0x32,0x2d,0xd3,0x66,0xed,0x16,0x78,0x14,0xe9,0xc8,0xfc,0x90, + 0x40,0xc5,0xb4,0xb7,0xa8,0x59,0xbb,0xd8,0x80,0xcb,0x6b,0xc2,0x41,0xb9,0xe3,0x27, + 0xce,0x77,0x9e,0x07,0x83,0xb1,0xcf,0x44,0x5e,0x0b,0x2f,0x57,0x71,0xb3,0xf5,0x82, + 0x2a,0x13,0x64,0x39,0x1c,0x15,0x4d,0xc5,0x06,0xff,0xf1,0xfb,0x9d,0x9a,0x35,0xf8, + 0x01,0x99,0xa6,0xb3,0x0b,0x4b,0x92,0xb9,0x26,0x19,0xa4,0x0e,0x21,0xae,0xa1,0x92, + 0x84,0x01,0x58,0x63,0xc4,0x48,0x66,0xc6,0x1e,0xd9,0x04,0xa7,0xad,0x19,0xee,0x04, + 0xd9,0x66,0xc0,0xaa,0xe3,0x90,0x63,0x62,0x43,0x56,0x55,0x81,0xff,0x20,0xbd,0x6e, + 0x3c,0xfb,0x6e,0x31,0xf5,0xaf,0xba,0x96,0x4b,0x31,0x1d,0xc2,0xd0,0x23,0xa2,0x19, + 0x98,0xc8,0xdd,0x50,0xca,0x45,0x36,0x99,0x19,0x0b,0xd4,0x67,0x42,0x9e,0x2f,0x88, + 0xac,0xe2,0x9c,0x4d,0x1d,0xa4,0xda,0x61,0xaa,0xc1,0xed,0xa2,0x38,0x02,0x30,0xaa, + 0x8d,0xbb,0x63,0xc7,0x5a,0x3c,0x1e,0xc0,0x4d,0xa3,0xa1,0xf8,0x80,0xc9,0xc7,0x47, + 0xac,0xdb,0x74,0xa8,0x39,0x5a,0xf5,0x8f,0x5f,0x04,0x40,0x15,0xcc,0xaf,0x6e,0x94), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, }, + .n = chunk_from_chars( + 0xb4,0x3d,0x4a,0x44,0x6d,0xe4,0x5a,0xa8,0xf3,0x36,0xb9,0x3a,0x4c,0x59,0x23,0xf3, + 0xa5,0x38,0x6e,0xf8,0xdd,0x1e,0x94,0xc4,0x23,0x00,0xde,0x08,0x80,0xe9,0xbd,0x08, + 0x28,0xfb,0x32,0xe3,0x6e,0x4c,0x50,0xcb,0xf6,0x66,0x03,0x7a,0x8f,0x2e,0x05,0xf4, + 0x57,0x73,0x89,0x6c,0x10,0xae,0xa9,0x75,0xb3,0xdb,0xf4,0xc4,0xcd,0xfc,0x24,0xa0, + 0x38,0xc5,0xc0,0x6d,0x36,0x1b,0xaf,0x84,0xc3,0x8f,0xc2,0x2c,0x03,0xa3,0x6b,0x9d, + 0xce,0x38,0xe0,0x90,0x11,0x1d,0x9c,0x13,0x23,0xd7,0xa7,0x7d,0x3e,0x04,0xb7,0x13, + 0xfa,0xf7,0x40,0x96,0x5a,0x9e,0x18,0x83,0xee,0x37,0x75,0x48,0x9a,0xb5,0x14,0xce, + 0x48,0x07,0x86,0xf9,0xeb,0x74,0x1c,0x60,0xab,0x89,0x6a,0x9d,0x6e,0xae,0x3a,0x53, + 0xed,0x92,0x68,0x76,0x8c,0x21,0xf7,0x9e,0x30,0x75,0x9e,0x0b,0x01,0xab,0x7f,0xa2, + 0x24,0xea,0x82,0x29,0xc2,0x93,0x78,0x00,0x58,0xf2,0x58,0xe9,0x22,0x6d,0x73,0x74, + 0xac,0x42,0x5e,0xf1,0xd2,0xb6,0xe0,0x6e,0x5b,0x26,0x3d,0xf0,0xc6,0xd6,0x6c,0x00, + 0xed,0x26,0xcb,0xf2,0x46,0xa5,0xaf,0x0a,0x01,0x63,0x33,0x68,0x86,0xef,0x8d,0x92, + 0x9b,0x37,0x74,0x9a,0x08,0xf0,0xec,0x1d,0xb0,0x59,0x73,0xa8,0xaf,0xc8,0x17,0x78, + 0xb6,0xcc,0x91,0x06,0xf9,0x2b,0x14,0x53,0xf1,0x52,0x86,0x97,0xb1,0xdc,0x8d,0xd0, + 0xb2,0x55,0xe8,0x01,0x06,0x0f,0xe1,0x79,0xb2,0xd1,0x0a,0x9c,0x4c,0x3e,0x13,0xf3, + 0xc5,0x6f,0xa6,0xd5,0x51,0x66,0xf6,0x46,0x1a,0xf4,0xaa,0xf4,0xf4,0x16,0x8f,0xd5, + 0xea,0x6d,0xad,0xed,0xaa,0x3f,0x9f,0x1d,0xe4,0xde,0x99,0x3d,0x88,0x44,0x35,0x7c, + 0x0a,0xf7,0x9a,0x09,0x0e,0xcc,0x80,0x57,0x0c,0x64,0x15,0x45,0xbe,0xb4,0x2a,0x12, + 0x48,0xa5,0x2d,0xe6,0x12,0xf2,0xe0,0xf8,0x83,0x44,0x96,0x33,0x1a,0x73,0x54,0xf7, + 0xeb,0x91,0xa1,0x94,0x3b,0x5c,0xb3,0xb6,0xcf,0x19,0x84,0x51,0x73,0x5f,0xb5,0x54, + 0x92,0x2f,0x04,0xf0,0x09,0xa5,0x2a,0x15,0xd9,0x93,0x69,0xad,0xc2,0xe4,0x6b,0x09, + 0xbb,0x87,0x1f,0x4f,0x3e,0xc1,0x90,0x5a,0xcd,0x79,0x2b,0x8c,0x81,0xa3,0xd7,0x4b, + 0x31,0x6f,0xf9,0xd2,0x0b,0x93,0xf4,0x88,0x17,0xae,0x61,0x86,0x77,0xdc,0x94,0x51, + 0xf5,0x82,0xec,0x99,0x95,0xf4,0x45,0x52,0xf4,0x24,0x49,0x53,0xcd,0xe8,0x3f,0x11), + .d = chunk_from_chars( + 0x05,0x50,0x8e,0x4a,0xec,0x1e,0x7e,0xad,0xdd,0x40,0x20,0x4c,0x8a,0x3a,0x38,0x90, + 0x48,0x79,0x2b,0x4d,0x1f,0x15,0x0d,0xc5,0x3a,0x10,0x9a,0xc8,0x05,0x5f,0xa9,0x49, + 0x22,0x78,0x2c,0x43,0xc3,0x07,0x12,0x36,0x65,0x8b,0x1c,0x7b,0x5d,0x07,0xb2,0xef, + 0xae,0xef,0x39,0x44,0x9e,0x02,0x80,0x97,0x98,0x0b,0x0a,0x3a,0x20,0x40,0x68,0x47, + 0xed,0x3f,0x79,0x5d,0x03,0xd5,0xfc,0xed,0x2a,0x39,0x08,0x24,0x58,0x9f,0x57,0x1f, + 0x5d,0xbb,0x79,0x5d,0x97,0x7e,0x8b,0x76,0x9a,0xdd,0x7f,0x4e,0xe7,0x65,0x82,0x9d, + 0x59,0xb4,0xb5,0xb5,0x8e,0xf0,0xda,0xa6,0xc8,0x68,0x2f,0x13,0x84,0x49,0xd8,0x7a, + 0xd4,0x30,0x7f,0xc0,0x46,0xcc,0xf6,0x36,0x03,0xef,0xf9,0xee,0xb1,0x48,0x2d,0xd7, + 0x4d,0xa2,0x55,0x98,0x4f,0x2b,0xd3,0x00,0xab,0xa6,0xb9,0x54,0x9d,0x5d,0x6e,0xab, + 0x02,0x7f,0x73,0xa8,0xf9,0x69,0x5a,0x81,0x40,0xdd,0x6c,0x83,0x9e,0xd6,0xf0,0x48, + 0x19,0xc3,0x8e,0xac,0xd8,0x75,0x3b,0xbb,0xbd,0x66,0xf3,0x4d,0xd1,0x6d,0xa4,0x04, + 0x4f,0x93,0xa5,0x00,0xc4,0x80,0x3f,0x33,0xf6,0xbc,0x20,0xbe,0x75,0xd1,0x30,0x25, + 0x46,0x1f,0xc5,0xb7,0x83,0xd9,0xc7,0x64,0x64,0xe8,0x95,0xaa,0x82,0x3f,0x18,0xd7, + 0xfe,0x7b,0xac,0xd8,0x91,0xe7,0xf9,0x60,0xfe,0xd6,0xf7,0xe8,0x77,0x41,0x3d,0x46, + 0x0a,0x1d,0xdc,0x4e,0x47,0xe7,0xde,0xcb,0x3f,0xae,0xf4,0x1c,0x34,0x74,0xfc,0x9b, + 0xb4,0x33,0x03,0xb8,0x02,0x71,0x30,0xb4,0x86,0x21,0x58,0xd0,0x17,0xf0,0x57,0x0b, + 0x51,0x9b,0x3f,0x87,0x55,0xe6,0x8b,0xba,0x10,0x38,0xca,0x25,0x0a,0x1c,0x7c,0xda, + 0x22,0xc3,0xbd,0xa9,0xaa,0xca,0x24,0xa5,0x0a,0x56,0x8c,0xca,0x52,0xab,0x72,0x21, + 0x41,0xbf,0x8b,0xdc,0x07,0x77,0x0e,0x69,0x32,0x96,0x64,0x52,0x72,0x58,0x25,0x90, + 0x32,0x8e,0x4f,0x11,0x69,0xac,0x57,0xab,0xa7,0x74,0xa9,0x81,0x89,0x89,0xc4,0xa0, + 0x69,0x10,0x4a,0x9d,0xcc,0xe8,0x72,0xea,0x45,0xb2,0x39,0x2a,0xf7,0x56,0xd9,0x72, + 0x06,0xac,0x90,0x7c,0x6f,0xde,0x9c,0xe5,0x33,0x08,0x3f,0x54,0x68,0xc3,0x04,0xff, + 0x2e,0x4d,0xef,0xca,0xfb,0xd5,0xe2,0x35,0xa2,0x41,0x56,0xee,0xf6,0x05,0x94,0xe9, + 0xf2,0xf4,0x97,0x40,0xa6,0x0f,0xf3,0x62,0x37,0xc1,0x7e,0x93,0x7c,0x27,0x51,0xf5), + .e = chunk_from_chars(0x09,0x8f,0xfb), + .m = chunk_from_chars( + 0xdd,0xdb,0x05,0xcb,0x9b,0xf1,0x0c,0x14,0xe7,0xdd,0x1e,0x9f,0x3b,0x3d,0x2b,0x32, + 0x9a,0x17,0xf3,0x16,0x76,0x28,0x10,0x11,0xd2,0x78,0x37,0x94,0xa4,0x32,0xbb,0x34, + 0x7d,0xb3,0x52,0x5e,0x6b,0xe1,0x1c,0x47,0x1f,0xbe,0xe1,0x23,0x4b,0x3d,0x9b,0x97, + 0x4e,0x54,0x34,0x70,0x13,0x52,0x90,0x95,0x36,0x73,0xce,0x3a,0x69,0xb1,0xcb,0x57, + 0x17,0xde,0xe8,0x59,0x47,0xf0,0x0e,0x17,0xc2,0x9c,0xef,0x07,0x78,0x26,0x8e,0xb2, + 0x20,0x77,0x01,0x65,0x1f,0x70,0x75,0x2a,0xab,0x7e,0x74,0xf6,0x30,0x6e,0x63,0x24, + 0xf2,0x83,0x4f,0x22,0xf5,0xc6,0xe9,0x6b,0x1a,0x9e,0xce,0xb5,0x8a,0xa0,0x0c,0x6b, + 0x57,0xa8,0xe2,0x5d,0x61,0x29,0xc8,0xb7,0x77,0xc1,0xaf,0x2f,0xbf,0x11,0x8a,0x83), + .s = chunk_from_chars( + 0x11,0x10,0x7c,0x6d,0xa7,0xa7,0x6d,0xba,0x8c,0xe8,0xde,0x3d,0x5c,0x90,0xc6,0xbc, + 0xca,0xf3,0x3f,0xb9,0xa7,0xec,0x4d,0x40,0xa9,0x7f,0xbc,0xde,0xba,0xf6,0xe6,0x5c, + 0x09,0x5b,0x67,0xdf,0xa1,0x71,0xc5,0x4a,0x33,0x64,0xa6,0xde,0xd7,0x18,0xe1,0xbe, + 0xbb,0xb4,0x97,0xd1,0x5f,0x1d,0xe1,0x33,0xb5,0x82,0x97,0xe0,0x8c,0x1b,0x20,0x0f, + 0x84,0x66,0x57,0x9c,0xb8,0xe9,0xc3,0xdb,0xe5,0xf7,0x24,0x28,0x2e,0x5b,0xb2,0x85, + 0x70,0xa4,0x1d,0x8d,0x35,0xad,0x6e,0x13,0x1e,0xb2,0xa1,0xd3,0x29,0xd8,0xb0,0x8d, + 0x10,0xfa,0xf7,0x6f,0xdb,0xe7,0x42,0x17,0xa2,0x76,0x93,0x6b,0x15,0x93,0xb1,0xd3, + 0xa1,0x18,0x91,0xd1,0x86,0x41,0xc0,0xbe,0xe0,0xc3,0x7e,0x68,0xbf,0x75,0xad,0xd9, + 0xe7,0xdc,0xf3,0xb9,0xb4,0x41,0x3f,0xa3,0xec,0x90,0x67,0x60,0x38,0x16,0x1f,0x68, + 0xfe,0x3a,0xf6,0x4d,0x69,0xa1,0x6f,0xc2,0x2c,0x8e,0xa7,0xc0,0x6f,0x86,0xbc,0xbb, + 0xa6,0x67,0x9b,0x6f,0xa4,0x58,0x58,0xc8,0x7e,0xc2,0xda,0x88,0x96,0x92,0x0d,0xfd, + 0x77,0xfd,0x16,0xd9,0x53,0xe9,0x84,0x62,0x42,0x03,0xcc,0x21,0x78,0xd2,0x20,0xfa, + 0x47,0xba,0x9a,0x6d,0xdb,0xe7,0x59,0xdb,0x3d,0xc4,0x22,0x4c,0x7c,0xcb,0x09,0xb2, + 0x9e,0x20,0x07,0x22,0xa7,0x45,0xd3,0x32,0x92,0x09,0x32,0x3a,0x08,0x2a,0x3f,0x7a, + 0x2c,0x62,0x4b,0x40,0x53,0xfa,0x42,0x18,0x3d,0xd2,0x2b,0x7f,0x49,0xc4,0x56,0x9f, + 0x8c,0x3d,0x49,0x51,0x57,0x53,0xb9,0x93,0xef,0x81,0x22,0xc3,0x69,0x85,0xe9,0x6a, + 0x32,0x89,0xaf,0x8d,0x6e,0x22,0x93,0x4b,0xbc,0xf7,0x55,0x1b,0x15,0x70,0x92,0x31, + 0x58,0xd1,0xb5,0x54,0xc1,0x3f,0x4f,0xe0,0x8f,0xaf,0xf4,0x89,0x8b,0xe9,0x2f,0x6e, + 0x66,0xff,0x74,0xa8,0x0b,0x13,0x70,0x3e,0x0d,0x26,0x65,0xdb,0x71,0x5c,0x55,0x9e, + 0x68,0xbe,0xad,0x6f,0x6b,0x75,0x93,0xf0,0x2e,0xfb,0xd6,0x8c,0x67,0x62,0x56,0xae, + 0x86,0x95,0xa5,0x1d,0xab,0x90,0xe3,0x29,0x86,0x69,0x7f,0x4e,0xde,0x07,0x66,0x28, + 0x17,0x6c,0xa6,0xb6,0x51,0x91,0x8d,0x74,0x9f,0xd0,0x1a,0x16,0xa8,0x7a,0xda,0xad, + 0x4a,0xae,0x93,0xb8,0xc0,0x5d,0x92,0x56,0x5e,0xc6,0x82,0x17,0xaa,0xab,0x96,0x76, + 0x23,0xda,0x3e,0x5a,0x50,0x95,0x64,0x2c,0xc1,0x7d,0x73,0x0a,0x6d,0x95,0x9c,0xfa), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, }, + .n = chunk_from_chars( + 0xb4,0x3d,0x4a,0x44,0x6d,0xe4,0x5a,0xa8,0xf3,0x36,0xb9,0x3a,0x4c,0x59,0x23,0xf3, + 0xa5,0x38,0x6e,0xf8,0xdd,0x1e,0x94,0xc4,0x23,0x00,0xde,0x08,0x80,0xe9,0xbd,0x08, + 0x28,0xfb,0x32,0xe3,0x6e,0x4c,0x50,0xcb,0xf6,0x66,0x03,0x7a,0x8f,0x2e,0x05,0xf4, + 0x57,0x73,0x89,0x6c,0x10,0xae,0xa9,0x75,0xb3,0xdb,0xf4,0xc4,0xcd,0xfc,0x24,0xa0, + 0x38,0xc5,0xc0,0x6d,0x36,0x1b,0xaf,0x84,0xc3,0x8f,0xc2,0x2c,0x03,0xa3,0x6b,0x9d, + 0xce,0x38,0xe0,0x90,0x11,0x1d,0x9c,0x13,0x23,0xd7,0xa7,0x7d,0x3e,0x04,0xb7,0x13, + 0xfa,0xf7,0x40,0x96,0x5a,0x9e,0x18,0x83,0xee,0x37,0x75,0x48,0x9a,0xb5,0x14,0xce, + 0x48,0x07,0x86,0xf9,0xeb,0x74,0x1c,0x60,0xab,0x89,0x6a,0x9d,0x6e,0xae,0x3a,0x53, + 0xed,0x92,0x68,0x76,0x8c,0x21,0xf7,0x9e,0x30,0x75,0x9e,0x0b,0x01,0xab,0x7f,0xa2, + 0x24,0xea,0x82,0x29,0xc2,0x93,0x78,0x00,0x58,0xf2,0x58,0xe9,0x22,0x6d,0x73,0x74, + 0xac,0x42,0x5e,0xf1,0xd2,0xb6,0xe0,0x6e,0x5b,0x26,0x3d,0xf0,0xc6,0xd6,0x6c,0x00, + 0xed,0x26,0xcb,0xf2,0x46,0xa5,0xaf,0x0a,0x01,0x63,0x33,0x68,0x86,0xef,0x8d,0x92, + 0x9b,0x37,0x74,0x9a,0x08,0xf0,0xec,0x1d,0xb0,0x59,0x73,0xa8,0xaf,0xc8,0x17,0x78, + 0xb6,0xcc,0x91,0x06,0xf9,0x2b,0x14,0x53,0xf1,0x52,0x86,0x97,0xb1,0xdc,0x8d,0xd0, + 0xb2,0x55,0xe8,0x01,0x06,0x0f,0xe1,0x79,0xb2,0xd1,0x0a,0x9c,0x4c,0x3e,0x13,0xf3, + 0xc5,0x6f,0xa6,0xd5,0x51,0x66,0xf6,0x46,0x1a,0xf4,0xaa,0xf4,0xf4,0x16,0x8f,0xd5, + 0xea,0x6d,0xad,0xed,0xaa,0x3f,0x9f,0x1d,0xe4,0xde,0x99,0x3d,0x88,0x44,0x35,0x7c, + 0x0a,0xf7,0x9a,0x09,0x0e,0xcc,0x80,0x57,0x0c,0x64,0x15,0x45,0xbe,0xb4,0x2a,0x12, + 0x48,0xa5,0x2d,0xe6,0x12,0xf2,0xe0,0xf8,0x83,0x44,0x96,0x33,0x1a,0x73,0x54,0xf7, + 0xeb,0x91,0xa1,0x94,0x3b,0x5c,0xb3,0xb6,0xcf,0x19,0x84,0x51,0x73,0x5f,0xb5,0x54, + 0x92,0x2f,0x04,0xf0,0x09,0xa5,0x2a,0x15,0xd9,0x93,0x69,0xad,0xc2,0xe4,0x6b,0x09, + 0xbb,0x87,0x1f,0x4f,0x3e,0xc1,0x90,0x5a,0xcd,0x79,0x2b,0x8c,0x81,0xa3,0xd7,0x4b, + 0x31,0x6f,0xf9,0xd2,0x0b,0x93,0xf4,0x88,0x17,0xae,0x61,0x86,0x77,0xdc,0x94,0x51, + 0xf5,0x82,0xec,0x99,0x95,0xf4,0x45,0x52,0xf4,0x24,0x49,0x53,0xcd,0xe8,0x3f,0x11), + .d = chunk_from_chars( + 0x05,0x50,0x8e,0x4a,0xec,0x1e,0x7e,0xad,0xdd,0x40,0x20,0x4c,0x8a,0x3a,0x38,0x90, + 0x48,0x79,0x2b,0x4d,0x1f,0x15,0x0d,0xc5,0x3a,0x10,0x9a,0xc8,0x05,0x5f,0xa9,0x49, + 0x22,0x78,0x2c,0x43,0xc3,0x07,0x12,0x36,0x65,0x8b,0x1c,0x7b,0x5d,0x07,0xb2,0xef, + 0xae,0xef,0x39,0x44,0x9e,0x02,0x80,0x97,0x98,0x0b,0x0a,0x3a,0x20,0x40,0x68,0x47, + 0xed,0x3f,0x79,0x5d,0x03,0xd5,0xfc,0xed,0x2a,0x39,0x08,0x24,0x58,0x9f,0x57,0x1f, + 0x5d,0xbb,0x79,0x5d,0x97,0x7e,0x8b,0x76,0x9a,0xdd,0x7f,0x4e,0xe7,0x65,0x82,0x9d, + 0x59,0xb4,0xb5,0xb5,0x8e,0xf0,0xda,0xa6,0xc8,0x68,0x2f,0x13,0x84,0x49,0xd8,0x7a, + 0xd4,0x30,0x7f,0xc0,0x46,0xcc,0xf6,0x36,0x03,0xef,0xf9,0xee,0xb1,0x48,0x2d,0xd7, + 0x4d,0xa2,0x55,0x98,0x4f,0x2b,0xd3,0x00,0xab,0xa6,0xb9,0x54,0x9d,0x5d,0x6e,0xab, + 0x02,0x7f,0x73,0xa8,0xf9,0x69,0x5a,0x81,0x40,0xdd,0x6c,0x83,0x9e,0xd6,0xf0,0x48, + 0x19,0xc3,0x8e,0xac,0xd8,0x75,0x3b,0xbb,0xbd,0x66,0xf3,0x4d,0xd1,0x6d,0xa4,0x04, + 0x4f,0x93,0xa5,0x00,0xc4,0x80,0x3f,0x33,0xf6,0xbc,0x20,0xbe,0x75,0xd1,0x30,0x25, + 0x46,0x1f,0xc5,0xb7,0x83,0xd9,0xc7,0x64,0x64,0xe8,0x95,0xaa,0x82,0x3f,0x18,0xd7, + 0xfe,0x7b,0xac,0xd8,0x91,0xe7,0xf9,0x60,0xfe,0xd6,0xf7,0xe8,0x77,0x41,0x3d,0x46, + 0x0a,0x1d,0xdc,0x4e,0x47,0xe7,0xde,0xcb,0x3f,0xae,0xf4,0x1c,0x34,0x74,0xfc,0x9b, + 0xb4,0x33,0x03,0xb8,0x02,0x71,0x30,0xb4,0x86,0x21,0x58,0xd0,0x17,0xf0,0x57,0x0b, + 0x51,0x9b,0x3f,0x87,0x55,0xe6,0x8b,0xba,0x10,0x38,0xca,0x25,0x0a,0x1c,0x7c,0xda, + 0x22,0xc3,0xbd,0xa9,0xaa,0xca,0x24,0xa5,0x0a,0x56,0x8c,0xca,0x52,0xab,0x72,0x21, + 0x41,0xbf,0x8b,0xdc,0x07,0x77,0x0e,0x69,0x32,0x96,0x64,0x52,0x72,0x58,0x25,0x90, + 0x32,0x8e,0x4f,0x11,0x69,0xac,0x57,0xab,0xa7,0x74,0xa9,0x81,0x89,0x89,0xc4,0xa0, + 0x69,0x10,0x4a,0x9d,0xcc,0xe8,0x72,0xea,0x45,0xb2,0x39,0x2a,0xf7,0x56,0xd9,0x72, + 0x06,0xac,0x90,0x7c,0x6f,0xde,0x9c,0xe5,0x33,0x08,0x3f,0x54,0x68,0xc3,0x04,0xff, + 0x2e,0x4d,0xef,0xca,0xfb,0xd5,0xe2,0x35,0xa2,0x41,0x56,0xee,0xf6,0x05,0x94,0xe9, + 0xf2,0xf4,0x97,0x40,0xa6,0x0f,0xf3,0x62,0x37,0xc1,0x7e,0x93,0x7c,0x27,0x51,0xf5), + .e = chunk_from_chars(0x09,0x8f,0xfb), + .m = chunk_from_chars( + 0xdd,0xdb,0x05,0xcb,0x9b,0xf1,0x0c,0x14,0xe7,0xdd,0x1e,0x9f,0x3b,0x3d,0x2b,0x32, + 0x9a,0x17,0xf3,0x16,0x76,0x28,0x10,0x11,0xd2,0x78,0x37,0x94,0xa4,0x32,0xbb,0x34, + 0x7d,0xb3,0x52,0x5e,0x6b,0xe1,0x1c,0x47,0x1f,0xbe,0xe1,0x23,0x4b,0x3d,0x9b,0x97, + 0x4e,0x54,0x34,0x70,0x13,0x52,0x90,0x95,0x36,0x73,0xce,0x3a,0x69,0xb1,0xcb,0x57, + 0x17,0xde,0xe8,0x59,0x47,0xf0,0x0e,0x17,0xc2,0x9c,0xef,0x07,0x78,0x26,0x8e,0xb2, + 0x20,0x77,0x01,0x65,0x1f,0x70,0x75,0x2a,0xab,0x7e,0x74,0xf6,0x30,0x6e,0x63,0x24, + 0xf2,0x83,0x4f,0x22,0xf5,0xc6,0xe9,0x6b,0x1a,0x9e,0xce,0xb5,0x8a,0xa0,0x0c,0x6b, + 0x57,0xa8,0xe2,0x5d,0x61,0x29,0xc8,0xb7,0x77,0xc1,0xaf,0x2f,0xbf,0x11,0x8a,0x83), + .s = chunk_from_chars( + 0x11,0x10,0x7c,0x6d,0xa7,0xa7,0x6d,0xba,0x8c,0xe8,0xde,0x3d,0x5c,0x90,0xc6,0xbc, + 0xca,0xf3,0x3f,0xb9,0xa7,0xec,0x4d,0x40,0xa9,0x7f,0xbc,0xde,0xba,0xf6,0xe6,0x5c, + 0x09,0x5b,0x67,0xdf,0xa1,0x71,0xc5,0x4a,0x33,0x64,0xa6,0xde,0xd7,0x18,0xe1,0xbe, + 0xbb,0xb4,0x97,0xd1,0x5f,0x1d,0xe1,0x33,0xb5,0x82,0x97,0xe0,0x8c,0x1b,0x20,0x0f, + 0x84,0x66,0x57,0x9c,0xb8,0xe9,0xc3,0xdb,0xe5,0xf7,0x24,0x28,0x2e,0x5b,0xb2,0x85, + 0x70,0xa4,0x1d,0x8d,0x35,0xad,0x6e,0x13,0x1e,0xb2,0xa1,0xd3,0x29,0xd8,0xb0,0x8d, + 0x10,0xfa,0xf7,0x6f,0xdb,0xe7,0x42,0x17,0xa2,0x76,0x93,0x6b,0x15,0x93,0xb1,0xd3, + 0xa1,0x18,0x91,0xd1,0x86,0x41,0xc0,0xbe,0xe0,0xc3,0x7e,0x68,0xbf,0x75,0xad,0xd9, + 0xe7,0xdc,0xf3,0xb9,0xb4,0x41,0x3f,0xa3,0xec,0x90,0x67,0x60,0x38,0x16,0x1f,0x68, + 0xfe,0x3a,0xf6,0x4d,0x69,0xa1,0x6f,0xc2,0x2c,0x8e,0xa7,0xc0,0x6f,0x86,0xbc,0xbb, + 0xa6,0x67,0x9b,0x6f,0xa4,0x58,0x58,0xc8,0x7e,0xc2,0xda,0x88,0x96,0x92,0x0d,0xfd, + 0x77,0xfd,0x16,0xd9,0x53,0xe9,0x84,0x62,0x42,0x03,0xcc,0x21,0x78,0xd2,0x20,0xfa, + 0x47,0xba,0x9a,0x6d,0xdb,0xe7,0x59,0xdb,0x3d,0xc4,0x22,0x4c,0x7c,0xcb,0x09,0xb2, + 0x9e,0x20,0x07,0x22,0xa7,0x45,0xd3,0x32,0x92,0x09,0x32,0x3a,0x08,0x2a,0x3f,0x7a, + 0x2c,0x62,0x4b,0x40,0x53,0xfa,0x42,0x18,0x3d,0xd2,0x2b,0x7f,0x49,0xc4,0x56,0x9f, + 0x8c,0x3d,0x49,0x51,0x57,0x53,0xb9,0x93,0xef,0x81,0x22,0xc3,0x69,0x85,0xe9,0x6a, + 0x32,0x89,0xaf,0x8d,0x6e,0x22,0x93,0x4b,0xbc,0xf7,0x55,0x1b,0x15,0x70,0x92,0x31, + 0x58,0xd1,0xb5,0x54,0xc1,0x3f,0x4f,0xe0,0x8f,0xaf,0xf4,0x89,0x8b,0xe9,0x2f,0x6e, + 0x66,0xff,0x74,0xa8,0x0b,0x13,0x70,0x3e,0x0d,0x26,0x65,0xdb,0x71,0x5c,0x55,0x9e, + 0x68,0xbe,0xad,0x6f,0x6b,0x75,0x93,0xf0,0x2e,0xfb,0xd6,0x8c,0x67,0x62,0x56,0xae, + 0x86,0x95,0xa5,0x1d,0xab,0x90,0xe3,0x29,0x86,0x69,0x7f,0x4e,0xde,0x07,0x66,0x28, + 0x17,0x6c,0xa6,0xb6,0x51,0x91,0x8d,0x74,0x9f,0xd0,0x1a,0x16,0xa8,0x7a,0xda,0xad, + 0x4a,0xae,0x93,0xb8,0xc0,0x5d,0x92,0x56,0x5e,0xc6,0x82,0x17,0xaa,0xab,0x96,0x76, + 0x23,0xda,0x3e,0x5a,0x50,0x95,0x64,0x2c,0xc1,0x7d,0x73,0x0a,0x6d,0x95,0x9c,0xfa), + }, + { + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, }, + .n = chunk_from_chars( + 0xa3,0xf2,0x23,0x5a,0xd2,0x05,0x3b,0x4c,0x83,0xfa,0x38,0xf8,0x28,0x4e,0xd8,0x05, + 0x42,0x16,0x21,0xfe,0x98,0x84,0x5f,0xb0,0x1b,0x68,0x9f,0x5b,0x82,0xb3,0x25,0x11, + 0xb6,0xd1,0x61,0x73,0xe7,0xb4,0x0a,0x66,0xa3,0xa9,0x99,0xc1,0x89,0xbe,0xb9,0xe0, + 0x68,0x22,0x15,0x0a,0xc8,0xbe,0x67,0x71,0x86,0x37,0x0c,0x82,0x3b,0x52,0x77,0xd9, + 0x09,0xde,0x07,0x56,0x4e,0x28,0x1c,0xca,0x2f,0x13,0x87,0x3d,0x9d,0x07,0xb7,0xbd, + 0x85,0xa2,0xb9,0xac,0x66,0xf4,0xce,0x4f,0x5e,0x38,0xb8,0xe9,0xee,0xbe,0xc0,0x4c, + 0x8c,0xaf,0x31,0x1e,0x37,0x5d,0x69,0xe8,0x08,0x51,0xd5,0x59,0xb8,0xe9,0x0e,0x85, + 0xba,0x6b,0x96,0x47,0x67,0x90,0xf7,0x27,0xc2,0x5a,0xa8,0x16,0x30,0x62,0xec,0x85, + 0x43,0xfc,0xc7,0x75,0x9b,0xe6,0x2c,0x77,0x68,0xec,0xc3,0x7f,0x34,0x0b,0xb0,0x61, + 0x02,0x76,0x2b,0xf0,0x44,0x1c,0xa1,0xaa,0x2c,0x7a,0x81,0xbf,0x37,0xdc,0x8b,0x27, + 0x43,0x9d,0x3a,0xbb,0xa9,0x38,0x12,0xc9,0xbb,0x44,0xfe,0x4d,0x6a,0x94,0xba,0xae, + 0x70,0x93,0x79,0xf5,0xce,0x5d,0x0c,0x8f,0x81,0xd0,0x00,0x86,0xb9,0xca,0xa3,0x02, + 0x68,0x19,0x58,0x8f,0x49,0x1b,0x52,0x58,0x07,0x89,0x9c,0xda,0xb3,0x3d,0x8e,0x99, + 0x21,0x50,0xd2,0xb1,0x05,0xd3,0xaa,0xb6,0x15,0x21,0x7c,0x6a,0x3d,0x74,0x08,0x31, + 0xc7,0xdc,0x76,0xfa,0xab,0xd9,0xc9,0xb9,0x81,0x7e,0xad,0x0b,0x49,0x45,0x66,0xde, + 0x14,0x33,0xff,0xf5,0xba,0x46,0x04,0xc6,0xb8,0x44,0x6f,0x6f,0xc3,0x5e,0x74,0x6a, + 0xff,0x84,0xff,0x8b,0xd7,0x50,0x04,0x10,0xd1,0x0e,0x82,0xbf,0x4c,0x90,0x36,0x48, + 0x9d,0xe4,0x7d,0xee,0x9a,0x32,0x7a,0x5c,0x45,0x10,0xd8,0x56,0x13,0x21,0xb9,0x1d, + 0x55,0x55,0x9a,0x4c,0xba,0x85,0xe0,0xc3,0x61,0x76,0x70,0x84,0xb2,0x52,0x17,0xe8, + 0xa6,0x3c,0x4e,0x15,0x1a,0x1e,0x88,0x68,0x9f,0xee,0xcf,0xfd,0x16,0xfa,0x0a,0x65, + 0xae,0x41,0xd2,0xba,0xbc,0xa9,0x9c,0xf1,0xb9,0x59,0xc3,0xc0,0x76,0xc0,0xf7,0x59, + 0x74,0x14,0x6f,0x2c,0xc4,0x94,0x12,0x6f,0xbe,0xca,0xd4,0x21,0x7b,0x9a,0xaa,0x00, + 0xf1,0x69,0xfa,0x51,0x25,0x27,0xff,0x5a,0x0b,0x50,0xda,0x46,0xd6,0xbe,0x87,0x0e, + 0xce,0xf2,0xaf,0x7a,0x1e,0x6c,0x45,0x56,0xf6,0xf7,0xa0,0xa0,0x0b,0x9f,0x47,0xcb), + .d = chunk_from_chars( + 0x3c,0x27,0x68,0x73,0x67,0xeb,0xd2,0x14,0x0b,0x4f,0x4f,0x20,0x24,0xae,0x38,0xe3, + 0xac,0xde,0xe1,0xfa,0x8a,0xb7,0xce,0xa9,0x91,0x4e,0xec,0xb5,0x80,0x11,0x30,0x15, + 0x1b,0x87,0x9f,0x7d,0xd9,0xc8,0xc5,0x23,0xfb,0xeb,0x16,0xea,0x4c,0x35,0x8b,0xfb, + 0x2b,0x6e,0x49,0x2b,0x46,0x66,0xb4,0xff,0x3f,0x2d,0xce,0xae,0x50,0xc3,0x3e,0xd5, + 0xb2,0x84,0x45,0x40,0x52,0x15,0xb6,0x4d,0xd8,0xd9,0x20,0x06,0xe6,0x81,0xa4,0x5f, + 0x78,0x98,0x34,0x31,0xc0,0xdb,0x66,0x4a,0x78,0x75,0x59,0x47,0x9a,0x3a,0x27,0x9b, + 0xd6,0xab,0x71,0xf9,0xd1,0x5f,0x01,0x09,0x37,0x05,0x47,0xcb,0x12,0xb7,0xaa,0x90, + 0xa8,0x4c,0x1d,0x16,0x51,0xb9,0xbe,0xe5,0xd2,0xe6,0x22,0x60,0x11,0x49,0x18,0x97, + 0xeb,0xf8,0x91,0xfa,0x67,0xcd,0x19,0xfa,0x4f,0xed,0x77,0xcc,0xd5,0xf9,0x63,0x43, + 0x74,0x3d,0x8b,0xd2,0x2e,0x46,0xda,0xbd,0xab,0x46,0x9a,0xdc,0x46,0x4a,0xcf,0x29, + 0xc3,0xa0,0x8f,0x57,0x48,0xf4,0xb0,0x0b,0xb1,0x55,0x87,0xee,0x44,0x4b,0x76,0x5c, + 0x06,0x9d,0xe3,0xe7,0x1d,0x09,0xe2,0x4a,0x69,0xb6,0x27,0xac,0x6f,0xc3,0x49,0x7d, + 0x9d,0x32,0xd7,0x97,0x1f,0xc4,0x47,0x1d,0x5d,0xd4,0x39,0x65,0x2d,0x73,0x93,0xfa, + 0x3b,0x43,0x4b,0x52,0x54,0xa4,0xcb,0x10,0x64,0xde,0xa1,0xd1,0xba,0x41,0x18,0x1a, + 0x6c,0x36,0x72,0xe3,0xe0,0xf6,0xa2,0x84,0xf2,0x31,0x21,0xdc,0x7a,0x14,0xa4,0xc7, + 0xa7,0x6e,0xbc,0x2b,0xfd,0x09,0xcb,0x69,0x84,0x1c,0xa9,0x59,0x07,0xcc,0x30,0xc9, + 0x4e,0x69,0x27,0x51,0x1c,0x72,0xe9,0x7d,0xd3,0x33,0x0b,0xb4,0x56,0x48,0x8d,0x91, + 0x9f,0xaf,0xd6,0xd8,0xf1,0x97,0x59,0xab,0x4c,0x37,0x46,0x63,0x14,0x75,0x1e,0x53, + 0xab,0x13,0x92,0x72,0xe8,0xd6,0x7c,0x0d,0xc0,0x42,0x49,0xd3,0x00,0xee,0x63,0x5a, + 0x20,0xa4,0xf6,0x5e,0xd7,0xcf,0xb3,0x0d,0x18,0x13,0xd0,0xb7,0x58,0x58,0xf2,0xf8, + 0xf9,0x10,0xc0,0x5b,0xcc,0x20,0x13,0xba,0x5c,0x93,0x21,0xc4,0x95,0xe1,0x41,0xa6, + 0x17,0xfa,0x73,0x18,0x19,0x18,0x90,0x9d,0xab,0xc3,0xf9,0xde,0x59,0x4a,0x19,0x33, + 0x12,0xe1,0x47,0x72,0xb4,0xa5,0x9b,0x4f,0xb7,0x2e,0x73,0x15,0xc0,0x55,0x23,0x6a, + 0x78,0x9e,0xb4,0xd2,0x24,0x60,0x97,0x45,0x72,0x1e,0x73,0x03,0x1c,0x91,0x13,0xe7), + .e = chunk_from_chars(0xb3,0xf5,0x7f), + .m = chunk_from_chars( + 0xbe,0x2f,0x3e,0x1d,0xc8,0xa3,0x71,0x15,0x70,0x40,0x1b,0xd5,0x35,0x18,0x54,0x26, + 0x94,0x4d,0x09,0x4e,0x84,0x81,0xa1,0x2a,0x43,0x8d,0xe0,0x7d,0x54,0x76,0x0c,0x88, + 0xc9,0x9d,0x4f,0xdb,0xbe,0x35,0x5d,0x6a,0x26,0xfa,0x56,0xe3,0xca,0x20,0xee,0x3f, + 0x8e,0x8a,0xcb,0x98,0xf6,0x3d,0x2f,0x3a,0xea,0x14,0xd6,0xfc,0xb6,0xb5,0x22,0xd1, + 0x55,0xc3,0x75,0x9a,0xef,0x56,0xde,0x3e,0xa0,0xa8,0xf9,0xfd,0x7b,0x11,0x10,0x01, + 0xcf,0x35,0x86,0x36,0xa8,0x7c,0x76,0x5c,0x99,0xc2,0x97,0x5b,0xb9,0x50,0x63,0xd6, + 0xec,0x0b,0x78,0x02,0x64,0xec,0x3e,0xb9,0x67,0xb0,0xca,0xca,0x52,0xd1,0x02,0x94, + 0xde,0xb4,0x02,0xd3,0xa2,0x24,0xbf,0xb9,0xd9,0xff,0xea,0x41,0x66,0x2f,0x18,0xc0), + .s = chunk_from_chars( + 0x78,0x7c,0xdd,0x6e,0x1d,0x4f,0xdf,0x9a,0x0d,0x9f,0x96,0x5e,0xb8,0x57,0x25,0x23, + 0x2a,0x9e,0xfc,0xc1,0x2a,0xbf,0xa1,0xef,0x25,0xa8,0x1e,0x09,0x83,0x11,0x1d,0x90, + 0x00,0xd4,0x94,0xfc,0x7d,0x32,0x01,0xeb,0x3b,0xba,0x32,0x73,0x02,0x72,0x7f,0x70, + 0x86,0x14,0x7a,0x75,0x5b,0x48,0x27,0x03,0x0c,0x72,0x76,0x53,0x6f,0x42,0x55,0x93, + 0xab,0x2e,0x91,0x27,0xa1,0x49,0xe7,0x54,0xde,0x7a,0xd7,0x7f,0x8c,0x20,0x43,0x26, + 0x7d,0xb4,0x9f,0x8a,0x35,0x03,0x1d,0x83,0xf1,0x3d,0x14,0x0d,0x5d,0xf4,0xd4,0x24, + 0xb4,0x74,0x54,0x04,0x1a,0x23,0xb9,0x2f,0xf6,0x81,0x8e,0x74,0x9d,0x65,0xd0,0x1f, + 0xc5,0x0b,0xeb,0xf6,0x91,0x52,0xf3,0xf5,0xfc,0xb4,0x87,0x3b,0x10,0x36,0x21,0x9e, + 0x22,0xb1,0xe7,0x4f,0x83,0x68,0xc8,0xc5,0x01,0xce,0x65,0xf2,0xc9,0x29,0xd9,0x0a, + 0x8e,0xc8,0x99,0x63,0x0e,0x80,0x25,0x47,0xa7,0xca,0x6e,0xf1,0x8a,0xb3,0xcb,0x3e, + 0xb4,0xa6,0x91,0xee,0x68,0xae,0xbe,0xaf,0x1b,0x9c,0x05,0x5a,0xd1,0x22,0x18,0x03, + 0x9c,0xf4,0x80,0xcd,0x8d,0x29,0x43,0x32,0xc5,0xe1,0x6e,0xbb,0xe6,0xaf,0x11,0xf8, + 0xf4,0xbf,0x49,0xf9,0xb4,0xed,0x2f,0x51,0x11,0x26,0xae,0x78,0x0a,0x3b,0x78,0x4b, + 0xe8,0xf4,0x42,0x6a,0xbd,0x17,0xf8,0x60,0x00,0x74,0x48,0x3f,0x2a,0xf3,0xb7,0x1a, + 0x89,0x64,0xc6,0xe0,0xfa,0x00,0x04,0x9a,0x1d,0x94,0x0d,0x34,0xcc,0x08,0x83,0x9e, + 0x0c,0x59,0x25,0x3d,0x99,0xe9,0x0d,0x17,0x87,0x1d,0x48,0x96,0x74,0x69,0x56,0x63, + 0x62,0x61,0x66,0xd3,0x6f,0xf9,0x1d,0x8c,0x22,0x99,0xa2,0xf0,0x51,0xea,0xe2,0xd6, + 0x0e,0x8e,0xd0,0xbc,0x3f,0xac,0x1e,0x49,0x0b,0x47,0x0c,0x12,0xf3,0xd6,0x97,0xf6, + 0xfb,0xfd,0x88,0x0d,0xe2,0xe9,0x0e,0x9f,0xcb,0xd4,0x85,0xfa,0x33,0x93,0x19,0x83, + 0x72,0xfb,0x01,0xe4,0xce,0xc5,0xc1,0x59,0x17,0xec,0xdd,0x42,0xe5,0x7c,0x43,0xec, + 0xf5,0x5a,0x8c,0x0e,0xcb,0xdc,0xef,0x1b,0xce,0x4e,0x36,0xd9,0x6d,0x46,0xb1,0x12, + 0x57,0x0b,0x53,0xf8,0x2f,0x3d,0x20,0x64,0xb0,0x8a,0xc7,0x86,0x13,0x67,0x0a,0x28, + 0xea,0x69,0xd7,0x9c,0x71,0x7e,0xb1,0xc2,0x94,0x09,0x0d,0xbd,0x56,0x1f,0xa6,0xe5, + 0x04,0xd0,0x9d,0x26,0x57,0x24,0xe3,0x7a,0x2d,0xc6,0xf4,0x45,0xf6,0xf5,0x28,0xc9), + }, +}; + +START_TEST(test_sign_pss_no_salt) +{ + private_key_t *privkey; + public_key_t *pubkey; + chunk_t sig; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS)) || + !lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS))) + { + warn("%N not supported, skip test", signature_scheme_names, + SIGN_RSA_EMSA_PSS); + return; + } + privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + BUILD_RSA_MODULUS, pss_sign_ns[_i].n, + BUILD_RSA_PUB_EXP, pss_sign_ns[_i].e, + BUILD_RSA_PRIV_EXP, pss_sign_ns[_i].d, BUILD_END); + ck_assert(privkey != NULL); + pubkey = privkey->get_public_key(privkey); + ck_assert(pubkey != NULL); + fail_unless(privkey->sign(privkey, SIGN_RSA_EMSA_PSS, + &pss_sign_ns[_i].params, pss_sign_ns[_i].m, &sig), + "sign %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + ck_assert_chunk_eq(pss_sign_ns[_i].s, sig); + fail_unless(pubkey->verify(pubkey, SIGN_RSA_EMSA_PSS, + &pss_sign_ns[_i].params, pss_sign_ns[_i].m, sig), + "verify %N", signature_scheme_names, SIGN_RSA_EMSA_PSS); + free(sig.ptr); + pubkey->destroy(pubkey); + privkey->destroy(privkey); +} +END_TEST + +/** + * Test vectors from FIPS 186-4 (only SHA-256) + */ +static struct { + signature_scheme_t scheme; + chunk_t n; + struct { + bool exp; + chunk_t e; + chunk_t m; + chunk_t s; + } tests[6]; +} pkcs15_verify[] = { +{ + .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, + .n = chunk_from_chars( + 0xc4,0x7a,0xba,0xcc,0x2a,0x84,0xd5,0x6f,0x36,0x14,0xd9,0x2f,0xd6,0x2e,0xd3,0x6d, + 0xdd,0xe4,0x59,0x66,0x4b,0x93,0x01,0xdc,0xd1,0xd6,0x17,0x81,0xcf,0xcc,0x02,0x6b, + 0xcb,0x23,0x99,0xbe,0xe7,0xe7,0x56,0x81,0xa8,0x0b,0x7b,0xf5,0x00,0xe2,0xd0,0x8c, + 0xea,0xe1,0xc4,0x2e,0xc0,0xb7,0x07,0x92,0x7f,0x2b,0x2f,0xe9,0x2a,0xe8,0x52,0x08, + 0x7d,0x25,0xf1,0xd2,0x60,0xcc,0x74,0x90,0x5e,0xe5,0xf9,0xb2,0x54,0xed,0x05,0x49, + 0x4a,0x9f,0xe0,0x67,0x32,0xc3,0x68,0x09,0x92,0xdd,0x6f,0x0d,0xc6,0x34,0x56,0x8d, + 0x11,0x54,0x2a,0x70,0x5f,0x83,0xae,0x96,0xd2,0xa4,0x97,0x63,0xd5,0xfb,0xb2,0x43, + 0x98,0xed,0xf3,0x70,0x2b,0xc9,0x4b,0xc1,0x68,0x19,0x01,0x66,0x49,0x2b,0x86,0x71, + 0xde,0x87,0x4b,0xb9,0xce,0xcb,0x05,0x8c,0x6c,0x83,0x44,0xaa,0x8c,0x93,0x75,0x4d, + 0x6e,0xff,0xcd,0x44,0xa4,0x1e,0xd7,0xde,0x0a,0x9d,0xcd,0x91,0x44,0x43,0x7f,0x21, + 0x2b,0x18,0x88,0x1d,0x04,0x2d,0x33,0x1a,0x46,0x18,0xa9,0xe6,0x30,0xef,0x9b,0xb6, + 0x63,0x05,0xe4,0xfd,0xf8,0xf0,0x39,0x1b,0x3b,0x23,0x13,0xfe,0x54,0x9f,0x01,0x89, + 0xff,0x96,0x8b,0x92,0xf3,0x3c,0x26,0x6a,0x4b,0xc2,0xcf,0xfc,0x89,0x7d,0x19,0x37, + 0xee,0xb9,0xe4,0x06,0xf5,0xd0,0xea,0xa7,0xa1,0x47,0x82,0xe7,0x6a,0xf3,0xfc,0xe9, + 0x8f,0x54,0xed,0x23,0x7b,0x4a,0x04,0xa4,0x15,0x9a,0x5f,0x62,0x50,0xa2,0x96,0xa9, + 0x02,0x88,0x02,0x04,0xe6,0x1d,0x89,0x1c,0x4d,0xa2,0x9f,0x2d,0x65,0xf3,0x4c,0xbb), + .tests = { + { + .exp = TRUE, + .e = chunk_from_chars(0x49,0xd2,0xa1), + .m = chunk_from_chars( + 0x95,0x12,0x3c,0x8d,0x1b,0x23,0x65,0x40,0xb8,0x69,0x76,0xa1,0x1c,0xea,0x31,0xf8, + 0xbd,0x4e,0x6c,0x54,0xc2,0x35,0x14,0x7d,0x20,0xce,0x72,0x2b,0x03,0xa6,0xad,0x75, + 0x6f,0xbd,0x91,0x8c,0x27,0xdf,0x8e,0xa9,0xce,0x31,0x04,0x44,0x4c,0x0b,0xbe,0x87, + 0x73,0x05,0xbc,0x02,0xe3,0x55,0x35,0xa0,0x2a,0x58,0xdc,0xda,0x30,0x6e,0x63,0x2a, + 0xd3,0x0b,0x3d,0xc3,0xce,0x0b,0xa9,0x7f,0xdf,0x46,0xec,0x19,0x29,0x65,0xdd,0x9c, + 0xd7,0xf4,0xa7,0x1b,0x02,0xb8,0xcb,0xa3,0xd4,0x42,0x64,0x6e,0xee,0xc4,0xaf,0x59, + 0x08,0x24,0xca,0x98,0xd7,0x4f,0xbc,0xa9,0x34,0xd0,0xb6,0x86,0x7a,0xa1,0x99,0x1f, + 0x30,0x40,0xb7,0x07,0xe8,0x06,0xde,0x6e,0x66,0xb5,0x93,0x4f,0x05,0x50,0x9b,0xea), + .s = chunk_from_chars( + 0x51,0x26,0x5d,0x96,0xf1,0x1a,0xb3,0x38,0x76,0x28,0x91,0xcb,0x29,0xbf,0x3f,0x1d, + 0x2b,0x33,0x05,0x10,0x70,0x63,0xf5,0xf3,0x24,0x5a,0xf3,0x76,0xdf,0xcc,0x70,0x27, + 0xd3,0x93,0x65,0xde,0x70,0xa3,0x1d,0xb0,0x5e,0x9e,0x10,0xeb,0x61,0x48,0xcb,0x7f, + 0x64,0x25,0xf0,0xc9,0x3c,0x4f,0xb0,0xe2,0x29,0x1a,0xdb,0xd2,0x2c,0x77,0x65,0x6a, + 0xfc,0x19,0x68,0x58,0xa1,0x1e,0x1c,0x67,0x0d,0x9e,0xeb,0x59,0x26,0x13,0xe6,0x9e, + 0xb4,0xf3,0xaa,0x50,0x17,0x30,0x74,0x3a,0xc4,0x46,0x44,0x86,0xc7,0xae,0x68,0xfd, + 0x50,0x9e,0x89,0x6f,0x63,0x88,0x4e,0x94,0x24,0xf6,0x9c,0x1c,0x53,0x97,0x95,0x9f, + 0x1e,0x52,0xa3,0x68,0x66,0x7a,0x59,0x8a,0x1f,0xc9,0x01,0x25,0x27,0x3d,0x93,0x41, + 0x29,0x5d,0x2f,0x8e,0x1c,0xc4,0x96,0x9b,0xf2,0x28,0xc8,0x60,0xe0,0x7a,0x35,0x46, + 0xbe,0x2e,0xed,0xa1,0xcd,0xe4,0x8e,0xe9,0x4d,0x06,0x28,0x01,0xfe,0x66,0x6e,0x4a, + 0x7a,0xe8,0xcb,0x9c,0xd7,0x92,0x62,0xc0,0x17,0xb0,0x81,0xaf,0x87,0x4f,0xf0,0x04, + 0x53,0xca,0x43,0xe3,0x4e,0xfd,0xb4,0x3f,0xff,0xb0,0xbb,0x42,0xa4,0xe2,0xd3,0x2a, + 0x5e,0x5c,0xc9,0xe8,0x54,0x6a,0x22,0x1f,0xe9,0x30,0x25,0x0e,0x5f,0x53,0x33,0xe0, + 0xef,0xe5,0x8f,0xfe,0xbf,0x19,0x36,0x9a,0x3b,0x8a,0xe5,0xa6,0x7f,0x6a,0x04,0x8b, + 0xc9,0xef,0x91,0x5b,0xda,0x25,0x16,0x07,0x29,0xb5,0x08,0x66,0x7a,0xda,0x84,0xa0, + 0xc2,0x7e,0x7e,0x26,0xcf,0x2a,0xbc,0xa4,0x13,0xe5,0xe4,0x69,0x3f,0x4a,0x94,0x05), + }, + { + .exp = FALSE, + .e = chunk_from_chars(0x49,0xd2,0xa1), + .m = chunk_from_chars( + 0xf8,0x9f,0xd2,0xf6,0xc4,0x5a,0x8b,0x50,0x66,0xa6,0x51,0x41,0x0b,0x8e,0x53,0x4b, + 0xfe,0xc0,0xd9,0xa3,0x6f,0x3e,0x2b,0x88,0x74,0x57,0xaf,0xd4,0x4d,0xd6,0x51,0xd1, + 0xec,0x79,0x27,0x4d,0xb5,0xa4,0x55,0xf1,0x82,0x57,0x2f,0xce,0xea,0x5e,0x9e,0x39, + 0xc3,0xc7,0xc5,0xd9,0xe5,0x99,0xe4,0xfe,0x31,0xc3,0x7c,0x34,0xd2,0x53,0xb4,0x19, + 0xc3,0xe8,0xfb,0x6b,0x91,0x6a,0xef,0x65,0x63,0xf8,0x7d,0x4c,0x37,0x22,0x4a,0x45, + 0x6e,0x59,0x52,0x69,0x8b,0xa3,0xd0,0x1b,0x38,0x94,0x5d,0x99,0x8a,0x79,0x5b,0xd2, + 0x85,0xd6,0x94,0x78,0xe3,0x13,0x1f,0x55,0x11,0x72,0x84,0xe2,0x7b,0x44,0x1f,0x16, + 0x09,0x5d,0xca,0x7c,0xe9,0xc5,0xb6,0x88,0x90,0xb0,0x9a,0x2b,0xfb,0xb0,0x10,0xa5), + .s = chunk_from_chars( + 0xba,0x48,0x53,0x87,0x08,0x51,0x2d,0x45,0xc0,0xed,0xca,0xc5,0x7a,0x9b,0x4f,0xb6, + 0x37,0xe9,0x72,0x1f,0x72,0x00,0x3c,0x60,0xf1,0x3f,0x5c,0x9a,0x36,0xc9,0x68,0xce, + 0xf9,0xbe,0x8f,0x54,0x66,0x54,0x18,0x14,0x1c,0x3d,0x9e,0xcc,0x02,0xa5,0xbf,0x95, + 0x2c,0xfc,0x05,0x5f,0xb5,0x1e,0x18,0x70,0x5e,0x9d,0x88,0x50,0xf4,0xe1,0xf5,0xa3, + 0x44,0xaf,0x55,0x0d,0xe8,0x4f,0xfd,0x08,0x05,0xe2,0x7e,0x55,0x7f,0x6a,0xa5,0x0d, + 0x26,0x45,0x31,0x4c,0x64,0xc1,0xc7,0x1a,0xa6,0xbb,0x44,0xfa,0xf8,0xf2,0x9c,0xa6, + 0x57,0x8e,0x24,0x41,0xd4,0x51,0x0e,0x36,0x05,0x2f,0x46,0x55,0x1d,0xf3,0x41,0xb2, + 0xdc,0xf4,0x3f,0x76,0x1f,0x08,0xb9,0x46,0xca,0x0b,0x70,0x81,0xda,0xdb,0xb8,0x8e, + 0x95,0x5e,0x82,0x0f,0xd7,0xf6,0x57,0xc4,0xdd,0x9f,0x45,0x54,0xd1,0x67,0xdd,0x7c, + 0x9a,0x48,0x7e,0xd4,0x1c,0xed,0x2b,0x40,0x06,0x80,0x98,0xde,0xed,0xc9,0x51,0x06, + 0x0f,0xaf,0x7e,0x15,0xb1,0xf0,0xf8,0x0a,0xe6,0x7f,0xf2,0xee,0x28,0xa2,0x38,0xd8, + 0x0b,0xf7,0x2d,0xd7,0x1c,0x8d,0x95,0xc7,0x9b,0xc1,0x56,0x11,0x4e,0xce,0x8e,0xc8, + 0x37,0x57,0x3a,0x4b,0x66,0x89,0x8d,0x45,0xb4,0x5a,0x5e,0xac,0xd0,0xb0,0xe4,0x14, + 0x47,0xd8,0xfa,0x08,0xa3,0x67,0xf4,0x37,0x64,0x5e,0x50,0xc9,0x92,0x0b,0x88,0xa1, + 0x6b,0xc0,0x88,0x01,0x47,0xac,0xfb,0x9a,0x79,0xde,0x9e,0x35,0x1b,0x3f,0xa0,0x0b, + 0x3f,0x4e,0x9f,0x18,0x2f,0x45,0x55,0x3d,0xff,0xca,0x55,0xe3,0x93,0xc5,0xea,0xb6), + }, + { + .exp = FALSE, + .e = chunk_from_chars(0x49,0xd2,0xa1), + .m = chunk_from_chars( + 0x91,0x5c,0x5e,0x4c,0x16,0xac,0xfa,0x0f,0x49,0xde,0x43,0xd6,0x49,0x1f,0x00,0x60, + 0xa9,0x44,0x03,0x44,0x75,0xba,0x51,0x85,0x72,0xc0,0x83,0x66,0xa8,0xd3,0x6c,0x7f, + 0x1e,0x6a,0xfc,0x11,0xe5,0xe4,0x64,0x97,0x57,0xbf,0x7b,0x9d,0xa1,0x0a,0x61,0xd5, + 0x7f,0x1d,0x62,0x68,0x47,0x87,0x1d,0x8a,0x29,0x48,0xe5,0x51,0xb5,0x41,0x67,0xc7, + 0x9d,0xe8,0x8d,0x3e,0xbd,0x40,0xa3,0xe3,0x58,0x09,0xb9,0x96,0xa5,0x33,0x48,0xf9, + 0x8a,0x99,0x18,0xc7,0xa7,0xec,0x60,0x68,0x96,0xed,0x30,0xc2,0x71,0xe0,0x0c,0x51, + 0x95,0x3d,0xd9,0x7a,0xa6,0xa8,0xfe,0x1c,0xd4,0x23,0xc3,0x69,0x5c,0x83,0xfc,0xf4, + 0x51,0x20,0xec,0x0a,0x9c,0xd1,0x64,0x46,0x42,0x18,0x2b,0x60,0xe5,0x99,0xa2,0x46), + .s = chunk_from_chars( + 0x3d,0x57,0xea,0x59,0x61,0xdb,0x8f,0xc1,0x44,0x30,0x1c,0xa4,0x27,0x8f,0x79,0x99, + 0x11,0x22,0x9d,0x86,0x5e,0xa3,0xe9,0x92,0xc7,0xfb,0xc4,0xd0,0x3c,0x65,0x51,0x72, + 0x9e,0x26,0x03,0x4e,0x95,0xdd,0x71,0xda,0x31,0x23,0x40,0xe4,0x05,0x1c,0x9d,0xd9, + 0xb1,0x2f,0x77,0x00,0xa8,0x21,0xfe,0x3b,0x7c,0x37,0x78,0x5d,0x51,0x06,0x35,0x0b, + 0x66,0x7a,0xc2,0x55,0xa5,0x7c,0x13,0xda,0x58,0x42,0xd9,0x0b,0xca,0xde,0xa9,0xe6, + 0xb1,0xf7,0x20,0xc6,0x07,0xd6,0x89,0x3a,0x2c,0xaa,0x3c,0x5f,0x3c,0x40,0x74,0xe9, + 0x14,0x45,0x1a,0x45,0x38,0x0a,0x76,0x7c,0x29,0x1a,0x67,0xca,0xc3,0xf1,0xca,0xb1, + 0xfb,0xd0,0x5a,0xdc,0x37,0x03,0x68,0x56,0xa8,0x40,0x4e,0x7c,0xea,0x36,0x54,0x01, + 0x94,0x66,0xde,0x44,0x9a,0xd6,0xe9,0x2b,0x27,0x25,0x4f,0x3d,0x25,0x94,0x9b,0x1b, + 0x86,0x00,0x65,0x40,0x64,0x55,0xa1,0x3d,0xb7,0xc5,0xfe,0x25,0xd1,0xaf,0x7a,0x84, + 0xcd,0xdf,0x77,0x92,0xc6,0x4e,0x16,0x26,0x0c,0x95,0x0d,0x60,0xbd,0x86,0xd0,0x05, + 0x92,0x41,0x48,0xad,0x09,0x7c,0x12,0x6b,0x84,0x94,0x7a,0xb6,0xe8,0x9d,0x48,0xf6, + 0x1e,0x71,0x1d,0x62,0x52,0x2b,0x6e,0x48,0xf1,0x61,0x86,0xd1,0x33,0x9e,0x6a,0xb3, + 0xf5,0x8c,0x35,0x9e,0xb2,0x4c,0xb6,0x80,0x43,0x73,0x75,0x91,0xcd,0x7d,0x93,0x90, + 0xa4,0x68,0xc0,0x02,0x2b,0x3b,0x25,0x3b,0xe5,0x2f,0x1a,0x7f,0xc4,0x08,0xf8,0x4e, + 0x9f,0xfb,0x4c,0x34,0xfa,0x9e,0x01,0x60,0x58,0x51,0xd6,0x58,0x3a,0xa1,0x30,0x32), + }, + { + .exp = FALSE, + .e = chunk_from_chars(0x07,0x48,0x5b), + .m = chunk_from_chars( + 0x03,0xd2,0xf0,0x69,0x35,0x17,0xcf,0xfb,0x2b,0x72,0x4c,0x1f,0x30,0x50,0x2c,0x53, + 0x59,0xc0,0x51,0xc1,0xbc,0xd8,0x8d,0xc1,0xdd,0x54,0xb8,0x9e,0x69,0x81,0x00,0x9d, + 0x27,0x5a,0x81,0x3b,0x2b,0xf0,0x16,0xb7,0x4d,0x0f,0x6e,0xd0,0xd9,0x1e,0x62,0xd0, + 0x88,0x47,0x85,0xc9,0xaf,0xd8,0xfd,0x1f,0xb7,0xe9,0x92,0x46,0xcd,0x40,0x05,0xcd, + 0xda,0x71,0xa3,0x9c,0xb6,0x49,0x19,0x7a,0x99,0x6d,0x8a,0xd2,0xd2,0x3f,0xdf,0xb6, + 0xbb,0x01,0x5f,0x24,0xec,0x3d,0x7f,0x88,0xaf,0x64,0xfb,0x83,0xb4,0xb5,0x25,0xeb, + 0x06,0x60,0x7d,0x13,0x3e,0xec,0x83,0x4c,0xf7,0xd6,0xc9,0xab,0x81,0x7b,0x4c,0x0d, + 0xda,0x37,0x04,0x59,0xd9,0xcf,0xba,0x05,0xad,0x0c,0x1a,0xdc,0x86,0xa9,0x09,0xfe), + .s = chunk_from_chars( + 0x51,0x1a,0xbd,0x82,0x21,0x8c,0xab,0x34,0x49,0x79,0xb2,0x88,0x7b,0x02,0x60,0x0d, + 0x24,0x27,0xf1,0xeb,0x12,0xac,0x01,0xd9,0x76,0x84,0xc2,0xa4,0x43,0xa9,0x27,0x28, + 0x34,0xc3,0xf7,0x9c,0xde,0xd0,0x7a,0x39,0xdb,0xee,0x37,0x70,0xdd,0xe8,0x27,0xa7, + 0x4d,0xc9,0x94,0xb1,0x7b,0xfd,0x8a,0x26,0xd0,0x7b,0x23,0x9d,0x26,0xd5,0x8c,0x42, + 0xf7,0x9d,0x56,0x02,0x64,0xc3,0x1b,0x7e,0x1c,0x3d,0xdd,0xef,0x6d,0x75,0x56,0xf2, + 0x28,0xc3,0x94,0x41,0x4f,0x4c,0xec,0x56,0x1c,0x3d,0xa2,0x68,0x6a,0x8e,0xeb,0xec, + 0x77,0x02,0xf3,0x28,0x50,0x80,0x9a,0x93,0xde,0xeb,0x84,0xb2,0xa0,0x2f,0xcd,0xba, + 0x22,0x4d,0x2f,0xd9,0xef,0xb8,0xe0,0x56,0xe7,0x96,0xf4,0x9b,0x57,0xd5,0x6e,0x9f, + 0x3e,0x90,0xd0,0xb4,0x9b,0x08,0xbd,0xee,0x93,0xa2,0xe1,0x2e,0x67,0x6f,0xb4,0xd4, + 0xfa,0x83,0x8c,0x5b,0xd8,0x8e,0xda,0x00,0x8f,0x1b,0x59,0x2a,0x72,0x46,0x55,0x87, + 0xbe,0x0a,0xe1,0x7d,0x9b,0x15,0x6b,0x90,0x4f,0x44,0xa7,0xe0,0x4d,0x3b,0x58,0xd2, + 0x4a,0xd6,0x7b,0x71,0xb0,0xf4,0xc6,0x99,0xfa,0x51,0x63,0x95,0x46,0xb6,0x2b,0x9f, + 0x83,0x59,0x7f,0xf0,0x3d,0x46,0x5f,0x1b,0xb3,0x96,0xae,0x15,0xe9,0x2d,0x0e,0x92, + 0xe8,0x56,0x47,0xd5,0xdf,0x11,0x3e,0x2c,0x75,0x18,0xd0,0xe3,0xad,0x2e,0x7a,0xa7, + 0xda,0xc7,0x20,0xc9,0x83,0x47,0xaa,0x15,0x1e,0x4f,0x37,0xfe,0xa0,0x81,0xdb,0xed, + 0x35,0x0c,0xc9,0xc9,0x3f,0x60,0x6b,0x38,0xf2,0x1a,0x3e,0x5d,0xe6,0xd1,0x40,0xd2), + }, + { + .exp = FALSE, + .e = chunk_from_chars(0x49,0xd2,0xa1), + .m = chunk_from_chars( + 0xdf,0xfe,0x42,0xbf,0xda,0x88,0x6e,0x1a,0x73,0xfe,0x8a,0x8d,0xfc,0xf7,0x1c,0x9f, + 0xb4,0x4d,0xeb,0x05,0x45,0x88,0xa9,0xbb,0x91,0x99,0xd5,0x54,0xae,0xcc,0xe0,0x8f, + 0x2f,0xf8,0x8f,0x2a,0xa6,0xf8,0xa0,0xfb,0x67,0x5f,0xb0,0x3c,0x8e,0x68,0x5c,0x27, + 0x43,0x2c,0xa7,0xc3,0x3c,0x18,0x9b,0xfd,0x84,0x9d,0x34,0xfa,0x7b,0x29,0x79,0xac, + 0x1f,0x57,0xec,0xa3,0x89,0x63,0x24,0x26,0xba,0xe0,0xb9,0x83,0x98,0xad,0x60,0xa3, + 0x34,0x25,0x57,0xe1,0x4e,0x96,0x04,0x1c,0x1b,0xf4,0xd9,0x0b,0x46,0xcf,0x7a,0xd1, + 0x34,0x83,0x22,0xd2,0x8c,0xaf,0x43,0xc4,0xf7,0xe8,0x6c,0x09,0x24,0xae,0x70,0x3c, + 0x10,0x9e,0xc5,0x0a,0x84,0xea,0x2a,0x43,0xdf,0x07,0x8c,0x30,0x15,0xa5,0x2b,0x28), + .s = chunk_from_chars( + 0x8f,0x4d,0xd4,0x79,0x23,0x9f,0x2d,0x08,0xdc,0x05,0xd7,0xd4,0x05,0x39,0x28,0x8b, + 0x67,0xc4,0xd7,0x72,0x10,0xec,0xb1,0x6b,0xe7,0x6f,0x0b,0x19,0x25,0xe8,0xb0,0x88, + 0x57,0x08,0x31,0xe3,0x61,0xa1,0xca,0x57,0x89,0x31,0x35,0xf8,0xaf,0x64,0xb8,0xe2, + 0x99,0x6b,0x8d,0x63,0x58,0x99,0xda,0x4e,0x04,0xc6,0x8a,0xcb,0x9b,0x1b,0x38,0x13, + 0x69,0x7d,0x57,0xda,0x90,0xc5,0x7f,0x18,0x50,0x9e,0x0a,0xb6,0x70,0x5c,0x70,0x4f, + 0xeb,0x44,0x8c,0xca,0x5c,0x07,0xd2,0x58,0xec,0xd8,0x84,0xab,0x93,0xf5,0x08,0xce, + 0xfd,0xb2,0x5f,0x2b,0xc3,0x06,0x1c,0x40,0x06,0x09,0x9e,0x2e,0x33,0xb2,0x79,0x72, + 0xc3,0xed,0xb0,0xa0,0xa3,0x31,0x14,0xd3,0x81,0xc8,0x2a,0xb5,0x06,0xd0,0x41,0xff, + 0x68,0x0a,0xf5,0x95,0xef,0x34,0x00,0xa8,0xbb,0x67,0x74,0x03,0x0d,0x2e,0x38,0xdd, + 0x30,0x42,0x72,0x09,0x2b,0xd3,0x2a,0x55,0x30,0x17,0xf7,0xbd,0xa4,0xb9,0x98,0xb2, + 0x7a,0xa8,0xac,0xa1,0x2d,0xef,0x32,0x7b,0x1f,0x11,0x06,0x3a,0x53,0x42,0xb0,0xd5, + 0x57,0x38,0x18,0x34,0x17,0xd3,0x21,0xc5,0x68,0x2f,0xc4,0xab,0x64,0xe7,0x91,0x74, + 0x21,0x6f,0xee,0xbb,0x98,0x95,0x21,0xe1,0xe3,0xd8,0x27,0x64,0x70,0x68,0x00,0x3b, + 0xe3,0x4f,0xe1,0xd0,0x93,0x96,0x4d,0x28,0xf4,0x87,0x7c,0x49,0xb4,0x06,0x56,0x72, + 0x44,0x85,0x97,0xa8,0x9b,0x91,0x91,0x9c,0xfb,0x55,0xca,0x13,0x83,0x6e,0x7e,0x6f, + 0x3b,0x3f,0xd0,0x4f,0x41,0x7c,0xf1,0xc1,0x6d,0x98,0x72,0x53,0x8b,0xf4,0xe8,0x7a), + }, + { + .exp = FALSE, + .e = chunk_from_chars(0x49,0xd2,0xa1), + .m = chunk_from_chars( + 0xcf,0xe9,0x97,0x88,0xf5,0x5e,0xc6,0x94,0x49,0x42,0xbd,0x0a,0x18,0x7d,0x51,0xb8, + 0x0f,0xd8,0xbd,0x40,0x51,0xbd,0x4f,0x07,0xc7,0x3e,0x61,0x4e,0xb7,0x5a,0x8b,0x9f, + 0x99,0x7b,0x17,0x6b,0x26,0x42,0xb5,0xf1,0xb1,0x87,0x70,0x61,0xba,0x9c,0xe1,0x42, + 0xc1,0xd2,0xa3,0x11,0x58,0x3f,0x07,0x2b,0x7c,0xbe,0x08,0xed,0x25,0x36,0x81,0x19, + 0x1c,0x20,0x9d,0x7b,0x0d,0x43,0x8f,0xcd,0xdd,0xc2,0x84,0xd9,0x3d,0x59,0xd6,0xdd, + 0x80,0xe4,0x83,0x33,0xa9,0x21,0xdd,0x31,0xc9,0xb6,0x83,0x4f,0x88,0x76,0x8f,0x87, + 0x01,0xe0,0x11,0x02,0xd3,0xe8,0xbd,0xf0,0x74,0xfb,0xe0,0xb8,0xc9,0x3d,0x99,0x51, + 0xf4,0x15,0x45,0xef,0x6e,0xeb,0x3b,0xe3,0x55,0x30,0xba,0xbc,0x07,0x9f,0x1f,0xb3), + .s = chunk_from_chars( + 0x9f,0xd6,0xf6,0x10,0x7e,0x83,0x81,0x07,0xf9,0x06,0xc2,0x6c,0xb2,0x91,0x07,0x04, + 0x59,0x9f,0x17,0x5b,0x6a,0x84,0xdb,0x48,0x5f,0xbc,0x30,0x77,0x6e,0xb7,0xfd,0x53, + 0xbf,0xe2,0x0c,0x38,0xc5,0x37,0xb1,0x54,0xa3,0xe5,0x19,0xb6,0x62,0xbd,0x9f,0xdc, + 0x8e,0x30,0x45,0xe2,0x1f,0x6e,0x5a,0xe9,0x7d,0x0f,0xf6,0xa9,0xd8,0x63,0x28,0x25, + 0x54,0x45,0x25,0xd8,0x4f,0x99,0xf8,0x0e,0x3e,0xd4,0xe6,0x9d,0xc5,0xe2,0x19,0xd5, + 0x9c,0xcf,0xbb,0x37,0xc2,0x3c,0x84,0xfe,0x3b,0x3e,0x6f,0xb2,0x2f,0x40,0x2f,0x94, + 0xe5,0x22,0x5c,0x63,0x87,0xfd,0xf8,0xbc,0xdb,0x35,0x08,0xf8,0x83,0x29,0x08,0xfe, + 0x05,0x77,0x15,0x21,0xe9,0x22,0x34,0x34,0x80,0x04,0xe8,0xfe,0x19,0xa8,0xf2,0x4b, + 0xeb,0xca,0xb9,0xf0,0x74,0x32,0x7c,0x88,0xd0,0x66,0xbc,0x12,0x08,0x17,0x48,0xd6, + 0x96,0xbe,0x61,0x35,0xc6,0xae,0xa3,0x22,0x20,0xea,0x78,0x6e,0xbd,0x78,0x00,0xe6, + 0x93,0x63,0x65,0xff,0x25,0x83,0x1c,0x28,0xcb,0x6c,0x8a,0x59,0x23,0x7f,0xf8,0x4f, + 0x5c,0xf8,0x90,0x36,0xcf,0xf1,0x88,0xee,0x0f,0x9a,0x61,0x95,0xf2,0xb1,0xac,0xa2, + 0xe4,0x44,0x2a,0xf8,0x36,0x9f,0x1b,0x49,0x32,0x2f,0xa2,0xf8,0x91,0xb8,0x3a,0x14, + 0xa9,0x7b,0x60,0xc6,0xae,0xaf,0xd6,0xc2,0x92,0x80,0x47,0xaf,0xfd,0xa9,0xc8,0xd8, + 0x69,0xff,0x52,0x94,0xbb,0x59,0x43,0xad,0x14,0xa6,0xd6,0x4e,0x78,0x4d,0x12,0x6c, + 0x46,0x9d,0x51,0xe2,0x92,0xb9,0xce,0x33,0xe1,0xd8,0x37,0x1b,0xa5,0xf4,0x67,0xb3), + }, + }, +}, +}; + +START_TEST(test_verify_pkcs15) +{ + signature_scheme_t scheme = pkcs15_verify[_i].scheme; + public_key_t *pubkey; + bool result; + int i; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, scheme))) + { + warn("%N not supported, skip test", signature_scheme_names, scheme); + return; + } + for (i = 0; i < countof(pkcs15_verify[_i].tests); i++) + { + pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, pkcs15_verify[_i].n, + BUILD_RSA_PUB_EXP, pkcs15_verify[_i].tests[i].e, + BUILD_END); + ck_assert(pubkey != NULL); + result = pubkey->verify(pubkey, scheme, NULL, + pkcs15_verify[_i].tests[i].m, + pkcs15_verify[_i].tests[i].s); + fail_unless(result == pkcs15_verify[_i].tests[i].exp, + "verify %N [%d]", signature_scheme_names, scheme, i); + pubkey->destroy(pubkey); + } +} +END_TEST + +/** + * Test vectors from FIPS 186-4 + */ +static struct { + rsa_pss_params_t params; + chunk_t n; + struct { + bool exp; + chunk_t e; + chunk_t m; + chunk_t s; + } tests[6]; +} pss_verify[] = { +{ + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 32, }, + .n = chunk_from_chars( + 0xa4,0x7d,0x04,0xe7,0xca,0xcd,0xba,0x4e,0xa2,0x6e,0xca,0x8a,0x4c,0x6e,0x14,0x56, + 0x3c,0x2c,0xe0,0x3b,0x62,0x3b,0x76,0x8c,0x0d,0x49,0x86,0x8a,0x57,0x12,0x13,0x01, + 0xdb,0xf7,0x83,0xd8,0x2f,0x4c,0x05,0x5e,0x73,0x96,0x0e,0x70,0x55,0x01,0x87,0xd0, + 0xaf,0x62,0xac,0x34,0x96,0xf0,0xa3,0xd9,0x10,0x3c,0x2e,0xb7,0x91,0x9a,0x72,0x75, + 0x2f,0xa7,0xce,0x8c,0x68,0x8d,0x81,0xe3,0xae,0xe9,0x94,0x68,0x88,0x7a,0x15,0x28, + 0x8a,0xfb,0xb7,0xac,0xb8,0x45,0xb7,0xc5,0x22,0xb5,0xc6,0x4e,0x67,0x8f,0xcd,0x3d, + 0x22,0xfe,0xb8,0x4b,0x44,0x27,0x27,0x00,0xbe,0x52,0x7d,0x2b,0x20,0x25,0xa3,0xf8, + 0x3c,0x23,0x83,0xbf,0x6a,0x39,0xcf,0x5b,0x4e,0x48,0xb3,0xcf,0x2f,0x56,0xee,0xf0, + 0xdf,0xff,0x18,0x55,0x5e,0x31,0x03,0x7b,0x91,0x52,0x48,0x69,0x48,0x76,0xf3,0x04, + 0x78,0x14,0x41,0x51,0x64,0xf2,0xc6,0x60,0x88,0x1e,0x69,0x4b,0x58,0xc2,0x80,0x38, + 0xa0,0x32,0xad,0x25,0x63,0x4a,0xad,0x7b,0x39,0x17,0x1d,0xee,0x36,0x8e,0x3d,0x59, + 0xbf,0xb7,0x29,0x9e,0x46,0x01,0xd4,0x58,0x7e,0x68,0xca,0xaf,0x8d,0xb4,0x57,0xb7, + 0x5a,0xf4,0x2f,0xc0,0xcf,0x1a,0xe7,0xca,0xce,0xd2,0x86,0xd7,0x7f,0xac,0x6c,0xed, + 0xb0,0x3a,0xd9,0x4f,0x14,0x33,0xd2,0xc9,0x4d,0x08,0xe6,0x0b,0xc1,0xfd,0xef,0x05, + 0x43,0xcd,0x29,0x51,0xe7,0x65,0xb3,0x82,0x30,0xfd,0xd1,0x8d,0xe5,0xd2,0xca,0x62, + 0x7d,0xdc,0x03,0x2f,0xe0,0x5b,0xbd,0x2f,0xf2,0x1e,0x2d,0xb1,0xc2,0xf9,0x4d,0x8b), + .tests = { + { /* Format of the EM is incorrect - hash moved to left */ + .exp = FALSE, + .e = chunk_from_chars(0x10,0xe4,0x3f), + .m = chunk_from_chars( + 0x75,0x18,0xc8,0x5b,0x67,0xe7,0xae,0xf7,0xf2,0x6b,0xf0,0x06,0x89,0x9f,0xae,0xf7, + 0x6e,0x07,0x6f,0x0c,0x6c,0x94,0x6e,0x5d,0xc9,0xc8,0x35,0x21,0x77,0x1a,0x6d,0x29, + 0x8a,0x9c,0xf5,0xad,0xef,0xdb,0x31,0x4b,0x5a,0x07,0xa5,0x4d,0x80,0x54,0xc2,0x2b, + 0x87,0x9f,0xff,0x50,0xba,0x55,0x2c,0x21,0x82,0x91,0x03,0x3c,0x91,0x84,0x01,0xfd, + 0x61,0x1a,0x74,0x47,0xdd,0xda,0xd4,0x81,0x5e,0x0f,0x56,0xde,0xd8,0x25,0xbf,0xe2, + 0x56,0x55,0x76,0x22,0xa3,0x85,0xde,0x4b,0x4a,0x69,0xe2,0x65,0xc1,0xef,0xd2,0x59, + 0xe2,0xda,0x6d,0xb1,0x9a,0xac,0x3f,0xa0,0xe5,0xca,0x2d,0x42,0xfa,0xdb,0x4e,0x24, + 0xc2,0x71,0xfc,0x07,0x8f,0xeb,0x2b,0xe1,0x0b,0x9a,0xfa,0x25,0x6f,0x22,0x88,0x44), + .s = chunk_from_chars( + 0x99,0x2d,0x48,0xb2,0x1b,0xb3,0xd2,0x21,0x9b,0x44,0xe8,0xfc,0xc8,0x63,0x3c,0xf3, + 0xae,0xb5,0x91,0xde,0x90,0xf4,0x38,0x64,0x96,0xac,0x7e,0xcd,0x28,0x4c,0xb6,0x3d, + 0x7d,0xff,0x81,0xa5,0x0b,0x8c,0x4f,0xed,0x9f,0x2e,0xf7,0x37,0x69,0x2e,0xa6,0xbe, + 0x05,0x24,0x8c,0xa1,0x38,0x94,0x7b,0x49,0xb4,0xe7,0xf3,0xcc,0xe6,0x64,0x0e,0x04, + 0x9a,0xc2,0x15,0x4c,0x40,0xf5,0x7e,0x22,0xfa,0x14,0xf9,0x7e,0x7a,0x95,0x07,0xe1, + 0xdc,0x98,0xb2,0x06,0xce,0x6e,0xa0,0xe1,0x80,0x03,0x91,0x99,0xd1,0xbe,0x0a,0x15, + 0xd1,0xf5,0x09,0x3a,0x45,0x9e,0x51,0x01,0xaa,0xca,0x2a,0x23,0xcb,0x1f,0x59,0xca, + 0xd2,0xf1,0xfb,0x99,0xdc,0x95,0x6b,0x9d,0x43,0x44,0xba,0xd2,0xc1,0x12,0x1d,0x63, + 0xb9,0x15,0x00,0x4a,0xcb,0xfc,0x7a,0xc6,0x0a,0xc9,0xa7,0xb0,0xb1,0xc6,0x81,0x2b, + 0x30,0xbf,0xe0,0x87,0xf7,0xf0,0xc7,0xd1,0x62,0x5f,0x9c,0x4f,0x45,0x85,0x15,0xe1, + 0x14,0x78,0xe3,0x60,0x4a,0xa3,0x9d,0x14,0xd0,0x8b,0xea,0x30,0xb0,0x1f,0xcd,0x61, + 0x89,0xe6,0xf9,0xb7,0x01,0xd3,0x60,0xe4,0x71,0x4d,0x45,0x55,0x6b,0x29,0x81,0x5c, + 0x8d,0x8f,0xa8,0xe4,0x6e,0x10,0x74,0x9b,0xa5,0xe8,0xd4,0x45,0xa4,0xc0,0xf4,0x87, + 0xe7,0x0a,0xb5,0x89,0x0b,0x7c,0xcc,0x16,0x51,0x28,0x2a,0x54,0xe8,0x7e,0x7d,0xb4, + 0xbb,0x2f,0x7d,0x4a,0x67,0x1e,0x71,0xc4,0x3c,0x55,0xcf,0x64,0x86,0x41,0x6f,0x17, + 0x1d,0x19,0x55,0x03,0x74,0x74,0xd0,0x6a,0x71,0xdd,0x07,0x87,0x67,0x84,0x8e,0x5d), + }, + { + .exp = TRUE, + .e = chunk_from_chars(0x10,0xe4,0x3f), + .m = chunk_from_chars( + 0xe0,0x02,0x37,0x7a,0xff,0xb0,0x4f,0x0f,0xe4,0x59,0x8d,0xe9,0xd9,0x2d,0x31,0xd6, + 0xc7,0x86,0x04,0x0d,0x57,0x76,0x97,0x65,0x56,0xa2,0xcf,0xc5,0x5e,0x54,0xa1,0xdc, + 0xb3,0xcb,0x1b,0x12,0x6b,0xd6,0xa4,0xbe,0xd2,0xa1,0x84,0x99,0x0c,0xce,0xa7,0x73, + 0xfc,0xc7,0x9d,0x24,0x65,0x53,0xe6,0xc6,0x4f,0x68,0x6d,0x21,0xad,0x41,0x52,0x67, + 0x3c,0xaf,0xec,0x22,0xae,0xb4,0x0f,0x6a,0x08,0x4e,0x8a,0x5b,0x49,0x91,0xf4,0xc6, + 0x4c,0xf8,0xa9,0x27,0xef,0xfd,0x0f,0xd7,0x75,0xe7,0x1e,0x83,0x29,0xe4,0x1f,0xdd, + 0x44,0x57,0xb3,0x91,0x11,0x73,0x18,0x7b,0x4f,0x09,0xa8,0x17,0xd7,0x9e,0xa2,0x39, + 0x7f,0xc1,0x2d,0xfe,0x3d,0x9c,0x9a,0x02,0x90,0xc8,0xea,0xd3,0x1b,0x66,0x90,0xa6), + .s = chunk_from_chars( + 0x4f,0x9b,0x42,0x5c,0x20,0x58,0x46,0x0e,0x4a,0xb2,0xf5,0xc9,0x63,0x84,0xda,0x23, + 0x27,0xfd,0x29,0x15,0x0f,0x01,0x95,0x5a,0x76,0xb4,0xef,0xe9,0x56,0xaf,0x06,0xdc, + 0x08,0x77,0x9a,0x37,0x4e,0xe4,0x60,0x7e,0xab,0x61,0xa9,0x3a,0xdc,0x56,0x08,0xf4, + 0xec,0x36,0xe4,0x7f,0x2a,0x0f,0x75,0x4e,0x8f,0xf8,0x39,0xa8,0xa1,0x9b,0x1d,0xb1, + 0xe8,0x84,0xea,0x4c,0xf3,0x48,0xcd,0x45,0x50,0x69,0xeb,0x87,0xaf,0xd5,0x36,0x45, + 0xb4,0x4e,0x28,0xa0,0xa5,0x68,0x08,0xf5,0x03,0x1d,0xa5,0xba,0x91,0x12,0x76,0x8d, + 0xfb,0xfc,0xa4,0x4e,0xbe,0x63,0xa0,0xc0,0x57,0x2b,0x73,0x1d,0x66,0x12,0x2f,0xb7, + 0x16,0x09,0xbe,0x14,0x80,0xfa,0xa4,0xe4,0xf7,0x5e,0x43,0x95,0x51,0x59,0xd7,0x0f, + 0x08,0x1e,0x2a,0x32,0xfb,0xb1,0x9a,0x48,0xb9,0xf1,0x62,0xcf,0x6b,0x2f,0xb4,0x45, + 0xd2,0xd6,0x99,0x4b,0xc5,0x89,0x10,0xa2,0x6b,0x59,0x43,0x47,0x78,0x03,0xcd,0xaa, + 0xa1,0xbd,0x74,0xb0,0xda,0x0a,0x5d,0x05,0x3d,0x8b,0x1d,0xc5,0x93,0x09,0x1d,0xb5, + 0x38,0x83,0x83,0xc2,0x60,0x79,0xf3,0x44,0xe2,0xae,0xa6,0x00,0xd0,0xe3,0x24,0x16, + 0x4b,0x45,0x0f,0x7b,0x9b,0x46,0x51,0x11,0xb7,0x26,0x5f,0x3b,0x1b,0x06,0x30,0x89, + 0xae,0x7e,0x26,0x23,0xfc,0x0f,0xda,0x80,0x52,0xcf,0x4b,0xf3,0x37,0x91,0x02,0xfb, + 0xf7,0x1d,0x7c,0x98,0xe8,0x25,0x86,0x64,0xce,0xed,0x63,0x7d,0x20,0xf9,0x5f,0xf0, + 0x11,0x18,0x81,0xe6,0x50,0xce,0x61,0xf2,0x51,0xd9,0xc3,0xa6,0x29,0xef,0x22,0x2d), + }, + { /* Message changed */ + .exp = FALSE, + .e = chunk_from_chars(0x10,0xe4,0x3f), + .m = chunk_from_chars( + 0xa3,0xbf,0x44,0xca,0xe8,0xaa,0x83,0x47,0xfd,0x07,0xd8,0x4a,0x33,0xee,0xc5,0xdb, + 0xbd,0xd7,0xb6,0x43,0x13,0x68,0x88,0x7c,0x98,0x8c,0x4b,0xe7,0x79,0xc5,0x47,0x3d, + 0xd8,0xc3,0x3e,0xc8,0x2a,0x35,0xf1,0xd3,0xdd,0xdf,0xe5,0x5f,0x3e,0xed,0x67,0x17, + 0x9b,0x87,0xce,0x86,0xa4,0xa5,0x00,0x88,0x17,0x25,0x38,0xfe,0x9d,0x1b,0x06,0xc6, + 0xef,0x68,0x97,0xeb,0x3c,0x8e,0x36,0x18,0xcf,0xc2,0x13,0x53,0xed,0x43,0x43,0xe7, + 0xfc,0xeb,0x09,0xa2,0xeb,0x03,0x54,0x41,0xcd,0x5c,0x88,0x29,0xc7,0x9b,0x81,0x58, + 0x2d,0xd5,0xd6,0x9a,0xe8,0x5c,0x5a,0x00,0x1b,0xd8,0xe9,0x8e,0x06,0x99,0x61,0x34, + 0x2a,0x2b,0xee,0x00,0xad,0x2b,0x8b,0x91,0x01,0x5a,0xc5,0xcf,0xc1,0xf0,0xc2,0xd9), + .s = chunk_from_chars( + 0x87,0x7f,0x20,0xee,0xd6,0x0f,0x8c,0xe2,0x86,0x10,0x8a,0x5d,0xde,0x9b,0x68,0x28, + 0xb3,0x7e,0x3f,0xbd,0xb0,0x8f,0xe1,0x53,0xe5,0x91,0x51,0x38,0x97,0x44,0x0f,0x21, + 0xf8,0x12,0x14,0x59,0x8f,0xba,0x08,0xea,0x07,0x73,0x94,0xba,0x8c,0x2a,0x44,0xaa, + 0x4f,0x0d,0x8f,0x3a,0x5f,0xba,0xec,0x3d,0xc6,0x9b,0x3b,0xdd,0xfb,0xe2,0x83,0x97, + 0xc9,0x0a,0xdf,0x35,0xd0,0x8e,0xa7,0x71,0xc7,0xaa,0xa3,0x1e,0xb0,0x64,0x13,0xc1, + 0xc6,0x2b,0x77,0x61,0x8a,0xf9,0x40,0xf4,0xc7,0x18,0x59,0xfa,0x43,0x84,0xd2,0x9b, + 0x48,0xe5,0xcf,0xc9,0x41,0xd6,0x9b,0xf0,0xa3,0x80,0x4d,0x20,0x08,0xe7,0x58,0x74, + 0x2b,0x8e,0xd6,0x87,0x54,0xbc,0x71,0xd2,0x31,0x62,0x3d,0x18,0x13,0x47,0xc3,0x68, + 0x33,0xa7,0xd7,0x16,0x0f,0x74,0x2a,0x37,0xce,0x7d,0x43,0x2d,0x74,0x8e,0x51,0x4a, + 0xa7,0xd8,0x15,0x6b,0x50,0xc5,0x32,0x15,0x13,0x90,0xd0,0x86,0xcd,0xcf,0x9d,0x59, + 0xf1,0x22,0xc6,0xd9,0x7f,0x4c,0xcb,0x73,0x72,0x89,0xf7,0xb0,0x0a,0x23,0x7c,0xb6, + 0xb4,0xaa,0xe6,0xba,0x79,0xd4,0x1f,0xf7,0x3d,0x01,0x9a,0x26,0xb5,0x9a,0xde,0x04, + 0xc9,0x67,0x35,0x6e,0x2a,0xad,0x52,0xf1,0x15,0x35,0x7f,0xfb,0x76,0x76,0xf1,0x90, + 0xdb,0x38,0xdc,0xfc,0x98,0x66,0x6e,0x5b,0x25,0x85,0x59,0xc8,0xc8,0x5f,0xa3,0x29, + 0x42,0xcb,0xcb,0x99,0xd7,0x57,0xe8,0x84,0x7e,0x56,0xa1,0x68,0x7b,0x33,0x02,0x41, + 0x56,0x98,0x70,0x81,0x91,0xb1,0x36,0xd9,0x23,0x34,0x9b,0x02,0xfe,0x38,0xb6,0xbe), + }, + { /* Signature changed */ + .exp = FALSE, + .e = chunk_from_chars(0x10,0xe4,0x3f), + .m = chunk_from_chars( + 0xe1,0xc4,0x6c,0x30,0x9b,0x63,0x66,0xfb,0x4d,0x56,0xac,0x08,0xc9,0x39,0x3c,0xee, + 0x9a,0x7c,0x95,0xbb,0xe7,0xb7,0xc0,0xe7,0x9a,0x3d,0x91,0x87,0xc0,0xf4,0x2b,0xc3, + 0x33,0x64,0xc2,0x8a,0x77,0x0d,0xa5,0x85,0xe3,0xfe,0x7b,0x49,0x01,0xa3,0xcc,0xd0, + 0x37,0xdf,0xc4,0x2a,0xa6,0x5a,0x34,0x70,0x52,0x1d,0xda,0xfa,0x83,0x5c,0xe2,0xd1, + 0x6c,0x92,0xac,0x67,0x0b,0xd4,0xd0,0x86,0x50,0x5e,0x60,0x87,0x81,0x73,0x6d,0xc4, + 0xdd,0x64,0xcc,0x50,0x80,0xee,0x19,0xe5,0x86,0xc8,0xfd,0x1d,0x73,0x7d,0xad,0xe5, + 0xd3,0x78,0xb3,0x2f,0x1d,0x5d,0xf1,0xe8,0xdd,0xa0,0xe3,0x2a,0x12,0x50,0x24,0xb2, + 0xd5,0x33,0x34,0x94,0x3c,0x18,0x78,0x2d,0x7e,0x69,0x82,0x5a,0x58,0x00,0x93,0xe7), + .s = chunk_from_chars( + 0x8e,0xd1,0xf2,0x8f,0xd1,0x6d,0x45,0xd4,0x16,0xa2,0x15,0x54,0xe1,0x04,0xc0,0x06, + 0xfd,0x78,0x68,0xe5,0x89,0x5e,0x8b,0x99,0x83,0x1a,0xe0,0x93,0x81,0x35,0xb5,0x43, + 0x61,0x0d,0xf6,0x4a,0x8c,0x35,0x74,0xd0,0x81,0x18,0xbf,0xe3,0x96,0xf9,0xa5,0x60, + 0x9a,0x8d,0xbd,0xa2,0x1b,0x9a,0x85,0x30,0xff,0x0b,0xa9,0x0e,0x62,0x9d,0x6a,0xbe, + 0x30,0xd2,0xc1,0xb5,0x90,0x60,0x0d,0xb9,0x71,0xfc,0xda,0x80,0xe6,0xea,0xa8,0x40, + 0x17,0xe2,0x09,0xb9,0xbd,0x3b,0x64,0x1f,0x3c,0x81,0xd5,0xd2,0x7f,0x84,0x2b,0xec, + 0x80,0x19,0x79,0x0e,0xd9,0x9a,0x0e,0x5d,0xb4,0xae,0xdc,0x1c,0x07,0x0b,0x04,0x7c, + 0x19,0x41,0x0c,0xbc,0x56,0xe9,0xa0,0xff,0x12,0xd8,0xf6,0xe5,0xd7,0x37,0x1b,0x10, + 0x11,0xec,0xfe,0xcf,0x7b,0xe7,0xa7,0x4f,0x94,0x40,0x35,0x90,0xa5,0x2f,0x95,0x23, + 0x8d,0xd6,0x9e,0x0b,0x5f,0x4c,0x1f,0xcd,0xe9,0x7e,0xcf,0xdb,0x1a,0xcc,0x38,0x03, + 0xe5,0x9a,0xd8,0xb3,0x08,0x8b,0x2b,0xc5,0x09,0xe3,0xdd,0x12,0xd4,0x0d,0x87,0x56, + 0x25,0xdc,0x83,0x62,0xc5,0x79,0x17,0x67,0x99,0xc7,0x5e,0x4f,0xad,0xcd,0xb3,0x92, + 0xc6,0x8f,0x40,0x1f,0x68,0xd8,0x54,0xe4,0x63,0x77,0xf0,0x84,0xc0,0x81,0xf9,0xd8, + 0x37,0x43,0x03,0x9f,0x69,0x34,0x72,0x2e,0x30,0xef,0x3f,0x02,0x26,0xbc,0x84,0x1d, + 0x79,0xa4,0xeb,0x68,0xc5,0xcc,0xcb,0xb6,0xae,0x0e,0x92,0x00,0x44,0x4e,0x50,0xff, + 0x0d,0x09,0x53,0x04,0x7e,0xf9,0x55,0xd2,0xd3,0x9a,0x70,0xc3,0xb8,0x37,0xc5,0xf4), + }, + { /* Format of the EM is incorrect - 00 on end of pad removed */ + .exp = FALSE, + .e = chunk_from_chars(0x10,0xe4,0x3f), + .m = chunk_from_chars( + 0x92,0x5d,0x59,0xf9,0x53,0xcb,0x3f,0xfb,0x6d,0x5a,0x3a,0x55,0xc0,0x79,0xcb,0x10, + 0x83,0x99,0x75,0x36,0xe3,0x3d,0x7c,0x8a,0xed,0x50,0xed,0x76,0xae,0xbc,0xde,0x45, + 0x99,0x38,0xf7,0x92,0x29,0x61,0x32,0x00,0xc7,0x0d,0xde,0x2c,0xed,0xdc,0xea,0xe0, + 0x8c,0x10,0x60,0x8a,0xab,0x9e,0x30,0xec,0x51,0x84,0x2f,0x14,0xa6,0x5e,0x5f,0x8f, + 0x55,0x34,0x71,0xda,0x34,0x97,0x88,0x19,0x27,0xec,0x40,0x0b,0x42,0x07,0xef,0x3e, + 0x2d,0xfc,0x2b,0x7f,0xcd,0x31,0x8c,0x95,0x20,0xb8,0xb2,0x2f,0x69,0xdc,0x8a,0x1a, + 0x8e,0xfa,0xce,0xb7,0xbe,0x93,0xcb,0xad,0x56,0x9e,0x67,0xdb,0x06,0x23,0x62,0x91, + 0x30,0x05,0xdc,0xff,0x90,0x20,0x18,0xed,0x22,0x93,0x7f,0xad,0x40,0x5f,0xe8,0x4e), + .s = chunk_from_chars( + 0x62,0xb0,0x7f,0x6d,0x1b,0x8f,0x13,0x65,0x1d,0x7f,0x22,0xce,0x2c,0xe0,0x10,0x61, + 0x09,0x00,0x29,0xdb,0x5a,0xf7,0xdc,0xec,0xfe,0xaf,0xef,0x20,0x62,0x1d,0xd9,0xe2, + 0x54,0xa0,0xfb,0x91,0x4f,0x76,0xa3,0xd7,0x96,0x62,0x25,0x74,0x89,0xcb,0x81,0x22, + 0x70,0x85,0x83,0xd3,0x07,0x78,0x79,0x1a,0x77,0xda,0x83,0xc7,0xbe,0xa8,0x11,0x40, + 0xc6,0x1e,0x4d,0x04,0x84,0x80,0x6e,0x20,0xfb,0x85,0xf2,0x4d,0x1b,0xbf,0x77,0x4e, + 0xf2,0xed,0x38,0x80,0x9c,0x9b,0x14,0xf2,0xa5,0x8c,0x6e,0x86,0x49,0xb7,0x60,0xba, + 0xa9,0x01,0x54,0x45,0x22,0xed,0x94,0xbd,0x40,0x5c,0x77,0x20,0x1d,0x07,0xc8,0xd1, + 0x28,0x64,0xa8,0xd1,0xe9,0x7a,0x4d,0x32,0x2c,0x29,0x99,0x4b,0x21,0x4f,0xc8,0x3c, + 0x2e,0xcd,0x5c,0x95,0x5b,0x9b,0xde,0xc4,0x24,0xe7,0xca,0x5a,0x13,0x25,0xec,0x0a, + 0xae,0x4a,0xb0,0xc2,0x02,0xb9,0x80,0xa2,0x18,0x7f,0x09,0x6a,0xaa,0xaa,0x5e,0x85, + 0x55,0x0e,0xbd,0x32,0x57,0x99,0xf4,0xf3,0x0e,0xf2,0xea,0xd0,0x7e,0x79,0xc7,0xa4, + 0x75,0x66,0x7f,0x59,0x65,0xe6,0xb5,0x02,0x69,0x51,0x36,0x59,0xab,0x59,0x62,0xa3, + 0x91,0xc4,0x3c,0xbc,0x3a,0x3d,0xa3,0x4c,0x0f,0xdd,0x15,0x46,0xc4,0x0e,0xa7,0xe2, + 0xeb,0x53,0x52,0xce,0x6a,0x06,0xce,0x6a,0x63,0x85,0xca,0x0d,0xdd,0x5d,0x16,0x2c, + 0x13,0x78,0x36,0xdf,0x9e,0xa1,0xf8,0x9c,0xfa,0x00,0xc3,0xeb,0x16,0x71,0xa4,0x3b, + 0xd6,0x25,0x52,0x6f,0x3b,0x6b,0xa8,0xe4,0x8a,0x7a,0x2d,0x56,0xfb,0x4f,0x01,0xc6), + }, + { /* Public Key e changed */ + .exp = FALSE, + .e = chunk_from_chars(0x3c,0x6c,0xd1), + .m = chunk_from_chars( + 0x08,0xd3,0xac,0x24,0xa5,0x95,0xda,0x81,0x1c,0xc9,0xbb,0xa7,0x88,0x28,0xf1,0x45, + 0x2f,0xf3,0x90,0xae,0x65,0x3f,0x22,0xd1,0xad,0x91,0xef,0x6b,0x22,0xaa,0x7b,0x7b, + 0x15,0xa4,0x4f,0xf7,0xf8,0x3e,0xfc,0xbd,0x7a,0x75,0x5e,0xcc,0xf4,0x54,0x1e,0xb4, + 0x04,0x0c,0x7a,0x4b,0x77,0x47,0x49,0xa2,0x6d,0xba,0x39,0x37,0xb7,0xf9,0x5c,0x6c, + 0x84,0x90,0xe3,0x38,0x3d,0x4f,0x29,0x1d,0xad,0xe5,0xf3,0x5a,0x65,0xb1,0xf6,0x61, + 0x5f,0xd4,0x99,0x8b,0xe1,0x8b,0xfd,0x0b,0xa4,0xbc,0x3a,0x21,0x36,0xce,0xec,0x90, + 0x9d,0xbe,0xef,0x51,0x3d,0x6f,0x66,0x89,0xfc,0x42,0x02,0xb9,0xa3,0xe7,0x81,0x34, + 0x87,0x73,0x74,0xd7,0x6a,0xb2,0x46,0xf4,0x9c,0xbe,0x7a,0x8f,0x65,0xd0,0x34,0xcd), + .s = chunk_from_chars( + 0x72,0xea,0x7d,0x66,0x9a,0xc6,0x99,0xa1,0x49,0xc1,0x3a,0xa1,0x68,0xeb,0x3e,0x14, + 0x8f,0x59,0x0b,0xbc,0x04,0x24,0x95,0x1f,0x1c,0x31,0x44,0xc5,0x41,0x91,0x55,0x73, + 0xec,0xf0,0x5c,0xab,0xb5,0x27,0x54,0x88,0xc9,0x8d,0x0e,0xbe,0x55,0xb1,0xf1,0xaf, + 0x49,0xef,0x8c,0xc7,0x2c,0xf0,0x0e,0x84,0x98,0x97,0xc6,0xaf,0xa5,0x38,0x33,0xca, + 0xf9,0xff,0xc0,0x0e,0xb8,0x4c,0xfe,0x55,0xb8,0x27,0x7e,0x93,0xa6,0xac,0x3e,0x04, + 0xb1,0x11,0xc9,0xd0,0x7a,0xd6,0x20,0x82,0xca,0x32,0x85,0x4c,0x40,0xde,0x1e,0x09, + 0x56,0xa1,0x8f,0x84,0x60,0x43,0x84,0x84,0x40,0x3a,0xbb,0x91,0xe6,0xfa,0xd1,0x2b, + 0x28,0xf1,0x14,0x15,0x7f,0x1b,0x6e,0xf5,0x63,0xd2,0xfa,0x43,0x8c,0xcb,0x8a,0x16, + 0xaa,0x3a,0xfe,0x6e,0xc5,0xe9,0x83,0x65,0xc3,0x0d,0x9a,0x35,0x5e,0x7e,0x14,0xb0, + 0x39,0xbb,0xde,0xcf,0x59,0xf9,0x12,0x48,0xd0,0xf1,0xe3,0x17,0xd2,0xe3,0xc8,0x19, + 0x09,0x6e,0xd6,0x8c,0xf9,0x83,0x61,0xd7,0xf9,0x31,0x0b,0x35,0x4f,0x4f,0x45,0xe2, + 0xf7,0xc4,0xdf,0xb8,0x2c,0x21,0x8c,0xd4,0x38,0xf3,0x17,0x4a,0x6f,0x01,0x7f,0x0f, + 0x14,0x8a,0x71,0xc4,0x0a,0xd5,0xb7,0xe2,0xc8,0x08,0x1d,0xdb,0xae,0xaa,0x76,0x4d, + 0x60,0x1b,0xb2,0xe0,0x75,0xeb,0x36,0x18,0xaa,0xba,0xa4,0xb5,0x06,0x00,0x22,0xc6, + 0xd2,0x3e,0xf0,0x72,0x64,0x36,0x86,0xa7,0x59,0x22,0x7d,0xae,0xf0,0x33,0x1b,0x28, + 0xee,0x76,0xda,0x4a,0xb3,0xb5,0xad,0x5d,0xda,0x89,0x91,0xb9,0x93,0x7d,0x1a,0x59), + }, + }, +},{ + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = 64, }, + .n = chunk_from_chars( + 0xa6,0x77,0x52,0x5e,0x1a,0x69,0x54,0x6a,0x96,0xdc,0x7b,0x11,0x23,0x50,0xd5,0xe4, + 0x86,0x4f,0x0f,0x82,0xe9,0x99,0xa7,0x14,0xfa,0x9f,0x43,0xac,0x68,0x15,0x17,0xd3, + 0x97,0x59,0x10,0xc2,0xd8,0x06,0xbb,0x3e,0xe6,0xdb,0xf5,0xdb,0xa1,0xd9,0x69,0xb3, + 0x88,0x89,0xe1,0x13,0xc2,0xda,0x76,0xee,0xf4,0x41,0x2a,0x60,0xcb,0xd8,0x9f,0xaf, + 0x35,0xb2,0xbd,0xcb,0x0d,0xe3,0x6a,0x2c,0xb7,0x62,0xcd,0x8f,0x2f,0x29,0xae,0xd9, + 0x98,0x2a,0x9a,0xb6,0x08,0x86,0xcc,0x8f,0xbf,0xee,0x9b,0x2a,0xe0,0x9c,0x88,0x16, + 0x1e,0x91,0x59,0xd4,0xfc,0x83,0x3a,0xdc,0x4f,0x80,0xe4,0xbf,0x62,0x9d,0x5a,0x95, + 0x51,0xac,0xce,0x7a,0x39,0x38,0x63,0x0c,0x2b,0xf9,0x95,0x60,0x97,0x64,0x2e,0x3b, + 0xc6,0x0a,0xc6,0x52,0x20,0x17,0x84,0x1b,0x65,0xc7,0xa2,0x51,0x97,0x86,0x5e,0x69, + 0x77,0x53,0xb0,0x81,0x69,0x85,0x36,0x81,0x91,0x14,0x43,0xa2,0xb2,0x5f,0x1b,0x7c, + 0x46,0x96,0xf9,0x46,0x15,0x5b,0x26,0x64,0xb6,0x7b,0x40,0x87,0x8d,0x3b,0x45,0xc3, + 0xe0,0xd7,0x03,0x4d,0x5b,0x5e,0xe6,0xf5,0xba,0x8f,0xb3,0xca,0xe7,0x79,0x7e,0x85, + 0x78,0x99,0x02,0xcf,0x8f,0x9f,0x86,0xed,0x3e,0xf2,0x5a,0xe0,0x73,0x61,0x78,0xaa, + 0xe2,0x60,0xfe,0x87,0x5b,0xfe,0xf5,0xbc,0xde,0x9e,0xc0,0x5f,0x11,0xe1,0x8f,0xc7, + 0x37,0x5e,0xdc,0xd4,0xa5,0x53,0x36,0x18,0xe6,0xf9,0x91,0xdd,0x48,0xaa,0x30,0x62, + 0xe6,0x03,0x1e,0x29,0x1d,0xfc,0xdc,0x6e,0x7f,0xc1,0x4e,0xc6,0x0e,0x53,0x9f,0xcb), + .tests = { + { /* Public Key e changed */ + .exp = FALSE, + .e = chunk_from_chars(0xea,0xc8,0x39), + .m = chunk_from_chars( + 0x9c,0x3d,0x5d,0x23,0xd2,0x74,0x6d,0x15,0xd6,0x16,0xbe,0xbf,0x3c,0xf7,0x20,0xc6, + 0xe6,0x01,0x2a,0x71,0xca,0xe2,0x20,0x02,0xf5,0x02,0x1a,0x47,0xd0,0xb8,0x63,0x6c, + 0xa3,0xbd,0x20,0x13,0x57,0xe1,0x32,0xa6,0x80,0xfc,0x5d,0xec,0x9b,0x28,0xa9,0xdb, + 0x93,0x2d,0x08,0xae,0x8b,0x3d,0x3a,0x37,0xd7,0xe2,0xee,0x75,0x4b,0x34,0x2a,0x69, + 0xb9,0x4f,0xec,0x26,0xb5,0x04,0x12,0x28,0x9b,0xcf,0x77,0xe6,0xd4,0x09,0x5f,0xaa, + 0x54,0x5f,0x15,0xa1,0x67,0x83,0xd2,0x2e,0xae,0x21,0xe1,0x84,0x64,0x15,0x01,0x74, + 0xe6,0xdb,0x0b,0x83,0x73,0x47,0xd4,0x40,0x30,0x76,0x55,0xd5,0x6f,0x04,0x09,0xdb, + 0x30,0x7f,0x97,0x73,0xe8,0x1c,0xb1,0x92,0x82,0xa9,0x3c,0x9c,0xa4,0xc3,0xb1,0x35), + .s = chunk_from_chars( + 0x98,0x65,0x7f,0xd8,0x16,0x39,0x67,0xfa,0x7d,0x26,0x3b,0xd4,0x5b,0xb8,0x90,0x03, + 0x5a,0xdb,0xcd,0xd1,0x64,0x5f,0xd4,0x8b,0x28,0xfe,0xbf,0xb9,0xb4,0xe1,0x51,0x72, + 0x54,0x0e,0x38,0xb7,0xc2,0xf6,0x73,0xc4,0x0a,0x20,0x5f,0xd4,0x0b,0x08,0xb6,0x0b, + 0x4b,0x81,0xed,0x6e,0x23,0x6c,0xdf,0x08,0xf0,0xd6,0xb1,0x1f,0x50,0xdc,0x74,0xc6, + 0x0d,0xc4,0x66,0xac,0x37,0x2e,0x0f,0x46,0x78,0x83,0xaa,0x9a,0x39,0x8f,0x4a,0xee, + 0xf8,0x7b,0x04,0x0e,0x14,0xa5,0x15,0x02,0xdd,0x46,0x7e,0x8e,0x8d,0xd8,0x98,0x12, + 0xdf,0xaf,0x6b,0x1d,0xc1,0xc2,0xf6,0xc2,0x84,0x48,0xaf,0x08,0x45,0x90,0xc0,0x5a, + 0xec,0x49,0x9d,0xd3,0xb1,0x48,0xe6,0x6f,0x3d,0x71,0xcf,0x75,0xe2,0x39,0xdb,0x6d, + 0x21,0xf4,0x07,0x4b,0x8b,0xd9,0xa6,0xbd,0xe5,0xca,0x66,0x86,0x34,0xbd,0x47,0x95, + 0x32,0x76,0xff,0x2d,0x0e,0xbb,0xe0,0x1a,0xfc,0xfe,0x0e,0x38,0x19,0x03,0x73,0x6d, + 0x6a,0x6c,0x67,0x2a,0x45,0xfb,0xa4,0xee,0x32,0x6e,0x34,0x2d,0xc5,0x92,0x51,0x69, + 0x51,0x7c,0x5f,0x57,0xe9,0x29,0x07,0x24,0x57,0x6a,0x22,0x5b,0xa8,0x9c,0xb4,0xdd, + 0x09,0x1f,0x4e,0x65,0x13,0xbe,0x10,0xdd,0x41,0x81,0x85,0x5b,0xb4,0x04,0x5d,0x6e, + 0xf6,0x43,0x7c,0x16,0xd3,0xb5,0x58,0x9e,0xf9,0xd6,0x83,0x66,0x82,0x71,0x1c,0x7d, + 0x66,0x02,0x5a,0xe3,0x7b,0x52,0x55,0x80,0xf0,0xdf,0xcf,0x3d,0xb7,0xfe,0x57,0xd7, + 0xc6,0xb1,0x57,0x77,0xcc,0x41,0x60,0x03,0x07,0xe5,0x8a,0x17,0x21,0xb6,0xf7,0xbc), + }, + { /* Format of the EM is incorrect - hash moved to left */ + .exp = FALSE, + .e = chunk_from_chars(0x8d,0x88,0x53), + .m = chunk_from_chars( + 0x77,0x59,0x42,0x0c,0x8d,0x1a,0x39,0xba,0x0e,0x3e,0x16,0x81,0xd9,0xb7,0x57,0xfc, + 0xf3,0x0c,0xb4,0x0d,0x84,0x4f,0x4a,0x71,0x22,0x4f,0xf9,0x98,0x52,0x0e,0x0b,0xb4, + 0x4c,0x76,0x16,0x11,0xff,0x47,0x23,0xa4,0x55,0x54,0x0f,0xe6,0xb8,0xef,0x32,0xe3, + 0xd5,0xa2,0x3f,0x8d,0xa0,0x20,0x6b,0x57,0x98,0x7a,0xd2,0xff,0x4c,0x96,0x16,0xab, + 0x1e,0xde,0x49,0x38,0x47,0x35,0x0d,0xcf,0x1b,0x2f,0xf9,0xb9,0x8e,0x81,0x3f,0x74, + 0xf8,0xb6,0x8c,0x06,0x15,0x24,0x30,0x91,0x50,0x1f,0x7f,0x28,0x41,0x6c,0x77,0xe1, + 0x74,0xf8,0xa3,0x2b,0x6c,0xca,0x3e,0x62,0xe7,0x37,0x9c,0xa1,0x64,0x55,0xc6,0xd8, + 0xe3,0xb2,0x65,0x1e,0xec,0x45,0xe1,0x48,0xd2,0xa4,0xc9,0xba,0x39,0x78,0x76,0x7d), + .s = chunk_from_chars( + 0x91,0xce,0x8e,0x92,0x1f,0x85,0xde,0x84,0x5b,0x9b,0xf7,0x50,0x3d,0xc6,0x5a,0x32, + 0x82,0x24,0xd1,0x5b,0x23,0xe8,0xea,0x65,0xdc,0x3d,0xa6,0xd8,0x04,0xfb,0xef,0x19, + 0x6c,0x30,0x5e,0x0f,0xba,0x05,0x9a,0x7d,0x84,0x2c,0x8c,0x0f,0x58,0x08,0x60,0xcc, + 0xe7,0x76,0x52,0xd4,0xdc,0x77,0x90,0x73,0xd6,0xa3,0xb0,0xa9,0x2b,0xf2,0xdd,0x3e, + 0xc6,0xc0,0x61,0x8d,0xa1,0x48,0x50,0x36,0xfd,0x59,0x4b,0xd9,0x62,0xf7,0xb5,0xa1, + 0xc6,0x1d,0x53,0xf1,0x62,0x69,0x12,0xc7,0xe3,0x12,0xaa,0x83,0xeb,0x43,0x26,0x28, + 0x8a,0x52,0x43,0x7c,0x73,0x87,0x91,0x6b,0xcb,0x11,0x08,0x4a,0x40,0xc2,0x19,0xc8, + 0x4c,0xab,0x2f,0xf6,0x6e,0x83,0x14,0x3f,0x85,0x86,0x47,0xf2,0xdc,0x91,0x4d,0xa0, + 0xc7,0x85,0x8b,0xa3,0x9a,0xa8,0xad,0x81,0x47,0xea,0x5c,0x9c,0x52,0x06,0x9e,0xb2, + 0xb2,0xca,0x94,0x1d,0x8a,0x50,0x23,0x74,0x8d,0xc4,0x01,0xe7,0x66,0x45,0x00,0x84, + 0x6c,0x85,0xca,0xdf,0x02,0x87,0xe3,0x9b,0x8b,0x8b,0x46,0x79,0x4a,0x82,0xbf,0xff, + 0xa7,0x52,0x96,0x0a,0xb3,0xb9,0xea,0xa0,0x25,0x30,0xb5,0x90,0x3c,0x24,0xae,0xfa, + 0x10,0x8f,0x10,0xae,0xe3,0x5b,0x6a,0x8a,0x3c,0xdf,0x87,0x95,0xa1,0x82,0xe5,0xc0, + 0x4e,0xd3,0x6b,0xb6,0x8c,0x18,0x78,0x56,0x23,0xb4,0x2f,0x09,0x79,0xff,0xf3,0x19, + 0x11,0x2e,0x15,0x14,0xce,0xe5,0x1d,0xb4,0x37,0xee,0x32,0x28,0x9f,0x61,0xde,0xd6, + 0x11,0x86,0xc6,0xed,0x44,0xad,0x72,0x2d,0x18,0xd5,0x56,0x82,0x1f,0x88,0x82,0x21), + }, + { /* Message changed */ + .exp = FALSE, + .e = chunk_from_chars(0x8d,0x88,0x53), + .m = chunk_from_chars( + 0x86,0x4f,0x4f,0x58,0x90,0xa0,0x36,0x53,0xd0,0x8d,0xaa,0x83,0xd9,0xe2,0x99,0x2f, + 0xab,0x33,0x93,0xb7,0xee,0x15,0x2d,0x6f,0x7b,0x8e,0xa3,0xad,0x1e,0xc9,0xc1,0x21, + 0x9a,0x0e,0x03,0x65,0xee,0xf2,0xfb,0xd5,0xd7,0xcb,0xf3,0xa1,0x96,0x67,0xd4,0x21, + 0xf3,0xfe,0x46,0x68,0x82,0x64,0x19,0x1b,0x25,0x83,0xe4,0x84,0xd2,0x09,0xeb,0xe2, + 0x97,0x5e,0x46,0x03,0xdb,0xd9,0x40,0x15,0xe6,0x33,0xfe,0xba,0xa4,0x3c,0x61,0x5a, + 0xa5,0xcc,0x2c,0xbd,0x69,0xfd,0x6a,0xd9,0xdb,0x97,0x0a,0xe8,0x1b,0xcc,0xcd,0xbe, + 0x80,0x26,0x62,0x5a,0xde,0xbd,0xcf,0xbb,0x04,0xad,0x12,0xf5,0x89,0xc7,0x08,0x83, + 0xc9,0x87,0x8f,0xdf,0x2a,0x46,0xe7,0x50,0xa4,0xb1,0x5f,0x03,0x80,0x7a,0x2d,0x5e), + .s = chunk_from_chars( + 0x24,0x5f,0xda,0x2e,0x66,0xd2,0xba,0xb1,0x02,0xd0,0xda,0x40,0x98,0xd7,0x51,0x65, + 0x0f,0x5e,0xf4,0x73,0x8d,0x14,0xda,0xbe,0x86,0x6c,0x78,0x20,0x09,0xea,0xd9,0xd6, + 0xd0,0x5d,0x43,0xac,0x0a,0x30,0x14,0xa3,0x82,0xd6,0x2a,0xc9,0x71,0xee,0x19,0x79, + 0x8f,0x3b,0x8e,0xf4,0x9f,0x9b,0xc2,0x47,0xfa,0x07,0xb3,0x68,0xac,0x2d,0x0e,0x8a, + 0x4f,0xb2,0x10,0xaf,0x5a,0xcd,0x87,0xb6,0xb5,0x12,0xe1,0x35,0x86,0x1b,0x30,0x10, + 0x34,0x03,0x30,0x47,0x32,0xa1,0x0b,0x75,0xc9,0xa1,0x49,0x55,0x2d,0x1c,0xcf,0x0f, + 0x99,0x12,0x96,0x8c,0x64,0x31,0x39,0x8b,0x7d,0x48,0xdf,0xf4,0x8c,0xc7,0xcb,0x71, + 0x84,0xe7,0x6a,0x0a,0xb9,0x4a,0xc9,0xa6,0xb0,0x03,0x5b,0x91,0xb3,0xee,0xb2,0xd1, + 0x32,0x6e,0xbd,0xdf,0xc1,0x32,0x50,0x22,0x45,0x38,0xc1,0x43,0xfc,0x0d,0xfa,0x39, + 0x95,0x92,0x64,0x15,0xa6,0x58,0xdb,0x8e,0x66,0x91,0x50,0x40,0x50,0xa1,0xa3,0x0e, + 0x34,0xb2,0x1a,0xf8,0xd1,0x27,0x07,0xbc,0x44,0x54,0xf1,0x74,0x38,0x5c,0xd8,0x4c, + 0x72,0x9e,0x2d,0xdf,0xc5,0xcc,0x91,0x78,0x81,0x20,0x59,0xb5,0xda,0x4a,0x1a,0x60, + 0x5a,0x2a,0x81,0x64,0x2c,0xcc,0x1b,0xc5,0xcf,0x95,0x39,0x65,0xf7,0x05,0x67,0x3b, + 0x12,0xc5,0xb4,0x6a,0xc8,0xc1,0xa0,0x3c,0x10,0x01,0xae,0x4d,0xf1,0xc3,0x9c,0xc8, + 0x3c,0xb5,0x4b,0x10,0xcb,0x7d,0x33,0xcd,0x51,0x08,0x03,0x3c,0x26,0x8c,0xee,0xeb, + 0xba,0x6c,0x6a,0xda,0x92,0x88,0x2f,0x46,0x56,0x2d,0xc6,0x58,0xd3,0x52,0x55,0x74), + }, + { /* Signature changed */ + .exp = FALSE, + .e = chunk_from_chars(0x8d,0x88,0x53), + .m = chunk_from_chars( + 0x71,0xab,0xf8,0x95,0xe5,0x6b,0xa8,0xf6,0xae,0x8d,0x0e,0x9e,0x66,0x90,0xc0,0x9c, + 0x75,0x92,0x70,0xa7,0x3d,0xb8,0xc1,0xaa,0x95,0xd0,0x59,0x80,0x79,0x35,0x37,0xfb, + 0xff,0xf3,0x47,0x2c,0x8d,0x2c,0x34,0xde,0x4a,0xbb,0x7e,0x64,0xd2,0x16,0xcc,0x95, + 0x2e,0x79,0x83,0x14,0x03,0x41,0x97,0xd5,0x09,0x96,0xa2,0xdc,0xbf,0x4c,0x33,0x48, + 0x5e,0x0b,0x68,0x91,0x0b,0xae,0xbf,0x0e,0x50,0xea,0x29,0xba,0xcd,0x30,0x60,0x37, + 0x2b,0xd4,0x7b,0x13,0x52,0x6e,0xc0,0x4b,0xdc,0x81,0xb9,0x0d,0xc9,0x5a,0x8a,0xc2, + 0x74,0x3b,0x81,0x4c,0xc5,0xb9,0xef,0x8c,0xa9,0x63,0x36,0x28,0xbf,0xa4,0x24,0x8b, + 0x55,0xeb,0x7f,0x2d,0x92,0x08,0xe1,0x14,0xf4,0xda,0xc6,0x9b,0xfe,0x27,0xe4,0x72), + .s = chunk_from_chars( + 0x24,0x3c,0x57,0x0c,0xd1,0xbd,0x85,0x52,0x2e,0x64,0x81,0x73,0x61,0xcb,0xb9,0x49, + 0xc8,0x38,0x76,0xd7,0xa3,0x60,0x95,0x13,0xae,0xbf,0x50,0x6f,0xc0,0x67,0x50,0xba, + 0x38,0xe8,0x20,0x23,0x2c,0x98,0xac,0xbe,0x00,0xff,0xa5,0x0b,0x36,0xc5,0x38,0x56, + 0x00,0x69,0xfd,0x13,0x99,0x2c,0xa0,0xdf,0x7d,0x9f,0x6d,0x95,0x6b,0x88,0x33,0x34, + 0xf1,0xc3,0xaf,0x8a,0x74,0xad,0xee,0xd5,0xbe,0x15,0xb0,0x33,0xd8,0x5b,0x20,0x7b, + 0xe2,0xfe,0x60,0x0a,0x99,0x02,0xd6,0x99,0xcc,0xef,0x1f,0x4a,0x8d,0x58,0x86,0x72, + 0xc4,0x46,0x40,0x1e,0xb3,0x90,0xd1,0x74,0xd5,0x72,0xb9,0x18,0xf9,0xb3,0x49,0xe2, + 0xe7,0x04,0x77,0x53,0x00,0x02,0x38,0x50,0xa5,0x34,0xcd,0x14,0xe0,0x04,0x6e,0x38, + 0x51,0x81,0xd3,0x45,0xa0,0x1d,0xbd,0x23,0x0c,0x79,0x65,0xff,0xfd,0x71,0xd4,0xe9, + 0xf9,0xbd,0x27,0x4d,0x2e,0xf4,0x6c,0x55,0x6c,0x73,0x32,0x12,0x13,0x62,0xe7,0x17, + 0x06,0xc3,0x9f,0x08,0x91,0x9e,0xfa,0x3a,0x4f,0x2f,0x14,0x21,0x50,0xc8,0xce,0xf4, + 0xb3,0x0e,0xf7,0x88,0xf6,0xff,0xfc,0x2e,0xd2,0xac,0xa0,0x26,0x2e,0xba,0x87,0x3a, + 0x25,0x17,0x95,0x84,0x5d,0xa5,0x26,0xb7,0x8e,0x2b,0x24,0xd6,0x6f,0x21,0xd4,0x0d, + 0x5f,0xcb,0xe5,0x54,0x2a,0x75,0x53,0xa9,0x17,0x8b,0xe5,0xa9,0x80,0x5b,0xb5,0x35, + 0x79,0xbd,0x10,0x8c,0xff,0x73,0x3b,0x37,0x64,0x07,0x89,0x31,0x8d,0xb6,0x20,0xa6, + 0xa9,0x44,0x44,0xe9,0x20,0x39,0x23,0xae,0x32,0x55,0x00,0xb6,0x76,0xb1,0x47,0x98), + }, + { /* Format of the EM is incorrect - 00 on end of pad removed */ + .exp = FALSE, + .e = chunk_from_chars(0x8d,0x88,0x53), + .m = chunk_from_chars( + 0x4b,0x64,0x8d,0xe2,0xe3,0x90,0x67,0x7c,0xe1,0x72,0x71,0x91,0x49,0x8b,0x76,0xd2, + 0xd2,0x43,0x8d,0x0c,0xed,0xdf,0x3d,0xb5,0x02,0xad,0xe5,0xc5,0xfd,0x81,0x5b,0xc7, + 0x09,0x65,0xd4,0x2f,0x9b,0x8d,0x04,0xee,0xb3,0x89,0x86,0x44,0x5f,0xbe,0x7d,0xd5, + 0x80,0x17,0x7c,0x00,0xd0,0xf8,0xa3,0x6c,0x24,0x74,0x0b,0xe3,0xef,0xbf,0x65,0x64, + 0x08,0xe6,0xdd,0x73,0xad,0xbd,0x45,0xb4,0xc7,0x19,0x6f,0xb8,0x6f,0x40,0xda,0x17, + 0xb2,0x9e,0x91,0xbf,0x91,0xba,0x51,0x8b,0x4c,0x68,0xea,0x18,0xe1,0x3f,0xe7,0xd4, + 0xcf,0x4d,0x71,0x57,0x1f,0x0a,0x71,0xf7,0xa5,0x8b,0xf5,0x96,0x84,0xf8,0xd5,0xbf, + 0xf0,0x40,0x96,0xf2,0x38,0x0b,0x8e,0x3b,0x03,0xf1,0x49,0x09,0xd9,0xe9,0x2c,0x3e), + .s = chunk_from_chars( + 0x27,0x7f,0xe8,0x1a,0x15,0x40,0x34,0x1c,0x9c,0x04,0xfb,0x5d,0x3c,0x8f,0x70,0xc1, + 0xe7,0x2f,0x87,0xfa,0x7d,0x04,0xb9,0x3e,0xe5,0x4d,0x56,0xd1,0x18,0x4c,0x14,0x1e, + 0xc4,0xe1,0x25,0xe2,0xe5,0xcf,0xd0,0xac,0xff,0x10,0x55,0xc7,0x66,0x97,0xa1,0xc3, + 0x07,0x9c,0x37,0x1c,0xce,0x0b,0xd8,0x4e,0xe4,0x43,0x7b,0xfa,0x18,0x06,0xaa,0x76, + 0xdf,0x29,0x55,0x93,0x53,0x31,0x91,0x5f,0xff,0x87,0x9d,0x87,0xc7,0x37,0x2e,0x75, + 0xe5,0xe8,0xfe,0xcc,0x90,0x6f,0x9d,0x34,0xa5,0xad,0xc0,0xb7,0x54,0x09,0xa8,0x7f, + 0xb6,0x41,0x1e,0x29,0x90,0xcd,0x23,0x7a,0xc8,0x22,0x3f,0x72,0x23,0x44,0x4f,0x5d, + 0x52,0x7a,0x11,0x5c,0x85,0xb9,0xba,0x10,0x28,0x7f,0x3e,0x82,0x5e,0x1d,0xc5,0x8e, + 0xb3,0x7c,0x8a,0x9c,0xa0,0x55,0x15,0x5f,0xf6,0xa5,0xaa,0xa6,0x56,0x56,0x90,0xdc, + 0xee,0xf6,0xf6,0x47,0x72,0x9d,0x07,0x1c,0xdd,0x9f,0x06,0x88,0xc7,0xfe,0xe8,0xf9, + 0x29,0x3a,0xbe,0x65,0x8d,0x0e,0x1e,0xf8,0x55,0xc8,0x6a,0x28,0xd8,0xd0,0xf8,0xf8, + 0x2f,0x72,0x17,0x31,0x86,0x35,0x30,0x80,0xb8,0x4f,0x14,0x2f,0x96,0x59,0x07,0x37, + 0x71,0x78,0xfc,0x1e,0xa0,0x08,0x19,0xd8,0x1a,0xfc,0x24,0x74,0xbe,0xcf,0x79,0xe1, + 0xe3,0xb7,0x0c,0x7c,0x2a,0x84,0x07,0xd5,0x07,0x95,0xc3,0x13,0x1b,0xb6,0xdf,0x78, + 0x72,0x0c,0x31,0xb2,0xf8,0xc4,0x3f,0x70,0x54,0x64,0xd8,0x98,0x20,0x43,0xc4,0x5f, + 0x04,0xe3,0x39,0xaa,0x1c,0x6f,0x4e,0x26,0xaa,0x70,0x92,0xb3,0xe6,0x26,0x12,0x99), + }, + { + .exp = TRUE, + .e = chunk_from_chars(0x8d,0x88,0x53), + .m = chunk_from_chars( + 0x78,0x11,0xa4,0x07,0xfe,0x65,0x3a,0xd2,0x34,0x3d,0x83,0xc0,0x49,0x9f,0xc1,0x1e, + 0x29,0x51,0xef,0x0a,0x47,0x91,0xa3,0xcd,0x9a,0x06,0x39,0x6b,0xe5,0xf7,0x2e,0x78, + 0x3c,0xbb,0xca,0x2c,0xc4,0x70,0x02,0xba,0xba,0xf0,0x9c,0xde,0xb7,0x01,0x94,0xb5, + 0x32,0xcc,0xbf,0xd2,0x46,0x91,0xae,0x8e,0xb5,0x98,0xd5,0x9f,0x2e,0x6b,0xec,0xed, + 0xcb,0x42,0x96,0xa1,0xde,0xbf,0x41,0x7e,0xed,0xdb,0x4d,0x74,0xfb,0x21,0x70,0x72, + 0x09,0x1a,0x59,0x7d,0xdd,0x08,0x93,0xff,0x02,0xd6,0xad,0x61,0x10,0x50,0x98,0xdb, + 0x2e,0x90,0x50,0x8b,0xd4,0xb8,0xbe,0xc5,0xd6,0xe7,0xde,0xab,0x9e,0x65,0x1d,0xfd, + 0xb8,0x21,0x05,0x32,0x95,0x5e,0x1b,0xc7,0x88,0xa9,0x08,0xd7,0x15,0x0e,0xf8,0xec), + .s = chunk_from_chars( + 0x3a,0xd1,0xf0,0xfa,0xa9,0xa3,0x65,0x86,0x15,0x4a,0x38,0x2a,0x1f,0x2c,0x10,0xe8, + 0x19,0xdc,0x31,0x8a,0x68,0xbe,0x35,0xf5,0x4f,0x95,0x40,0x1b,0x0e,0xf2,0xba,0x5c, + 0xc8,0x95,0xf0,0xd6,0xbd,0xe2,0x8c,0x8d,0x3b,0x36,0x4f,0x60,0xde,0x03,0xce,0x75, + 0xa7,0xaf,0x29,0xe5,0x80,0x7c,0x1e,0xec,0x4c,0xd7,0x06,0x24,0x75,0x6e,0x26,0x31, + 0xeb,0x46,0xaf,0x01,0x0c,0xa8,0xcf,0x93,0xee,0x7d,0x86,0xa4,0xaf,0x3c,0xed,0x5d, + 0xd2,0xa8,0xa4,0x1c,0x1f,0xee,0xe6,0xb4,0x57,0x20,0x70,0x87,0x39,0x39,0xae,0x7a, + 0x2c,0xe7,0x51,0x93,0x94,0x59,0x37,0x46,0x1d,0x00,0x64,0xee,0xba,0x07,0x76,0x0c, + 0x49,0x5c,0x5c,0x70,0xbd,0xb0,0x4d,0x89,0x95,0x1d,0xe3,0xf9,0x65,0x25,0xf8,0xe4, + 0x46,0x12,0x49,0x3d,0x49,0x07,0x31,0xe7,0xef,0x76,0x79,0xa2,0x4b,0x0b,0x1e,0x2b, + 0x24,0xc8,0x00,0x3c,0x2f,0x94,0x11,0x4e,0x41,0x93,0xd6,0xe5,0x4c,0x0a,0xf9,0xe8, + 0x70,0x53,0x0b,0x00,0x85,0x30,0x21,0x0a,0xc0,0xb0,0xe4,0xc7,0xc7,0x9f,0x37,0x93, + 0x84,0xe1,0xbb,0x31,0x9b,0x5f,0x2a,0x0b,0x62,0x25,0x17,0xae,0x5d,0x27,0xf0,0xea, + 0xaf,0x79,0x58,0xcb,0x0b,0x41,0x84,0x91,0x26,0x07,0x50,0x92,0xe8,0x6e,0x7e,0x7b, + 0xe5,0xee,0xac,0xef,0x9a,0x8e,0x3e,0xc5,0x95,0x43,0x2e,0xf6,0x19,0x85,0x8f,0xe0, + 0xd0,0x51,0x78,0x71,0xb8,0xb4,0x95,0xc0,0x1a,0xf6,0xf1,0x8d,0x4e,0x6d,0x25,0x0d, + 0xbd,0x19,0x28,0x0e,0xf4,0xf8,0xa3,0x7d,0x1b,0x59,0xa4,0x8f,0xa4,0x1b,0x83,0x1d), + }, + }, +}, +{ + .params = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, }, + .n = chunk_from_chars( + 0xce,0x49,0x24,0xff,0x47,0x0f,0xb9,0x9d,0x17,0xf6,0x65,0x95,0x56,0x1a,0x74,0xde, + 0xd2,0x20,0x92,0xd1,0xdc,0x27,0x12,0x2a,0xe1,0x5c,0xa8,0xca,0xc4,0xbf,0xae,0x11, + 0xda,0xa9,0xe3,0x7a,0x94,0x14,0x30,0xdd,0x1b,0x81,0xaa,0xf4,0x72,0xf3,0x20,0x83, + 0x5e,0xe2,0xfe,0x74,0x4c,0x83,0xf1,0x32,0x08,0x82,0xa8,0xa0,0x23,0x16,0xce,0xb3, + 0x75,0xf5,0xc4,0x90,0x92,0x32,0xbb,0x2c,0x65,0x20,0xb2,0x49,0xc8,0x8b,0xe4,0xf4, + 0x7b,0x8b,0x86,0xfd,0xd9,0x36,0x78,0xc6,0x9e,0x64,0xf5,0x00,0x89,0xe9,0x07,0xa5, + 0x50,0x4f,0xdd,0x43,0xf0,0xca,0xd2,0x4a,0xaa,0x9e,0x31,0x7e,0xf2,0xec,0xad,0xe3, + 0xb5,0xc1,0xfd,0x31,0xf3,0xc3,0x27,0xd7,0x0a,0x0e,0x2d,0x48,0x67,0xe6,0xfe,0x3f, + 0x26,0x27,0x2e,0x8b,0x6a,0x3c,0xce,0x17,0x84,0x3e,0x35,0x9b,0x82,0xeb,0x7a,0x4c, + 0xad,0x8c,0x42,0x46,0x01,0x79,0xcb,0x6c,0x07,0xfa,0x25,0x2e,0xfa,0xec,0x42,0x8f, + 0xd5,0xca,0xe5,0x20,0x8b,0x29,0x8b,0x25,0x51,0x09,0x02,0x6e,0x21,0x27,0x24,0x24, + 0xec,0x0c,0x52,0xe1,0xe5,0xf7,0x2c,0x5a,0xb0,0x6f,0x5d,0x2a,0x05,0xe7,0x7c,0x19, + 0x3b,0x64,0x7e,0xc9,0x48,0xbb,0x84,0x4e,0x0c,0x2e,0xf1,0x30,0x7f,0x53,0xcb,0x80, + 0x0d,0x4f,0x55,0x52,0x3d,0x86,0x03,0x8b,0xb9,0xe2,0x10,0x99,0xa8,0x61,0xb6,0xb9, + 0xbc,0xc9,0x69,0xe5,0xdd,0xdb,0xdf,0x71,0x71,0xb3,0x7d,0x61,0x63,0x81,0xb7,0x8c, + 0x3b,0x22,0xef,0x66,0x51,0x0b,0x27,0x65,0xd9,0x61,0x75,0x56,0xb1,0x75,0x59,0x98, + 0x79,0xd8,0x55,0x81,0x00,0xad,0x90,0xb8,0x30,0xe8,0x7a,0xd4,0x60,0xa2,0x21,0x08, + 0xba,0xa5,0xed,0x0f,0x2b,0xa9,0xdf,0xc0,0x51,0x67,0xf8,0xab,0x61,0xfc,0x9f,0x8a, + 0xe0,0x16,0x03,0xf9,0xdd,0x5e,0x66,0xce,0x1e,0x64,0x2b,0x60,0x4b,0xca,0x92,0x94, + 0xb5,0x7f,0xb7,0xc0,0xd8,0x3f,0x05,0x4b,0xac,0xf4,0x45,0x4c,0x29,0x8a,0x27,0x2c, + 0x44,0xbc,0x71,0x8f,0x54,0x60,0x5b,0x91,0xe0,0xbf,0xaf,0xd7,0x72,0xae,0xba,0xf3, + 0x82,0x88,0x46,0xc9,0x30,0x18,0xf9,0x8e,0x31,0x57,0x08,0xd5,0x0b,0xe8,0x40,0x1e, + 0xb9,0xa8,0x77,0x8d,0xcb,0xd0,0xd6,0xdb,0x93,0x70,0x86,0x04,0x11,0xb0,0x04,0xcd, + 0x37,0xfb,0xb8,0xb5,0xdf,0x87,0xed,0xee,0x7a,0xae,0x94,0x9f,0xff,0x34,0x60,0x7b), + .tests = { + { /* Public Key e changed */ + .exp = FALSE, + .e = chunk_from_chars(0xfe,0x30,0x79), + .m = chunk_from_chars( + 0xe4,0x9f,0x58,0x5e,0xec,0xcf,0x2b,0xf7,0x26,0x56,0x41,0xfb,0x8c,0x0f,0x94,0xc7, + 0x17,0xe2,0xff,0x1d,0x90,0x45,0xae,0xca,0xa3,0x02,0xd2,0x85,0x35,0x3b,0x99,0x1b, + 0xf7,0xac,0x5d,0xc9,0x3b,0x31,0x1c,0xe9,0x07,0x88,0x28,0xd2,0x68,0x57,0x1f,0xf9, + 0x09,0x71,0x1e,0x5c,0x04,0x55,0x32,0x20,0xf8,0xf8,0x0f,0x78,0x5c,0xc4,0x05,0xca, + 0x13,0xe0,0x2f,0x0d,0x40,0xb2,0xee,0x76,0x5b,0xa2,0x95,0x53,0x85,0x21,0x66,0x37, + 0x18,0xea,0xbe,0x57,0x83,0x88,0x8c,0x34,0x55,0x19,0x07,0x7a,0x97,0x51,0xa1,0x28, + 0x5f,0xc2,0x36,0xf2,0xa2,0x5a,0x8a,0xe4,0x4a,0x2d,0xf2,0x47,0x88,0x74,0x51,0xc8, + 0x6c,0xd6,0x46,0xd7,0xb3,0xe7,0xa4,0x4e,0xe0,0xef,0x23,0x53,0x8e,0xec,0x55,0x7f), + .s = chunk_from_chars( + 0x4e,0x85,0xf6,0x8a,0x5b,0x06,0xb0,0x6a,0x17,0xd0,0xf3,0xf2,0x7b,0x3a,0x5a,0x11, + 0x9e,0x7d,0xb0,0x2a,0xbc,0x2d,0x9b,0x4a,0xfc,0x69,0x82,0x20,0xda,0x11,0x52,0x4a, + 0x88,0x5f,0x33,0xcd,0x7a,0x10,0xae,0x89,0xc9,0x8b,0x02,0x7b,0x69,0x22,0x4a,0xce, + 0xf4,0x71,0x3a,0x14,0x63,0xf1,0x68,0xc8,0xbe,0xf5,0x51,0xef,0x8f,0xed,0xb2,0x19, + 0xb6,0xad,0x0b,0x3e,0x99,0xd6,0x21,0x66,0x43,0xe5,0x8a,0x51,0xbb,0x2a,0xe9,0x3b, + 0xbe,0xf7,0x69,0x61,0x49,0x14,0xea,0xb1,0x37,0xc1,0x99,0x3b,0x14,0x91,0x71,0xb8, + 0x63,0x3f,0x4a,0x31,0x8f,0x69,0x77,0x29,0x96,0xef,0x7d,0xc3,0xf7,0x74,0x8f,0x37, + 0x56,0xd5,0x8e,0xcd,0xc3,0x93,0x76,0x32,0x71,0x7f,0xb4,0x0c,0xb7,0xed,0x6e,0x5c, + 0x72,0xe1,0x72,0xac,0x58,0xec,0x01,0xf4,0xe3,0x2f,0xff,0xc4,0x45,0xb6,0x0f,0x98, + 0xa6,0x28,0xfc,0x1b,0x0f,0xa4,0xcf,0xb6,0x68,0x6d,0xeb,0x12,0x59,0x50,0xb8,0x62, + 0xf3,0x47,0xe9,0xeb,0x81,0x20,0xfb,0x2b,0x5a,0xa2,0x3d,0x6d,0x86,0xea,0xf1,0xed, + 0xeb,0xeb,0x13,0x37,0x93,0x54,0x1c,0x4d,0xbe,0xa0,0xf1,0x4a,0x9f,0x74,0x73,0x3d, + 0xa4,0xed,0x11,0xd1,0x27,0x4d,0x46,0x4e,0x09,0xa5,0x78,0x08,0x43,0xd6,0x75,0x0b, + 0xac,0xe0,0xe9,0x70,0x29,0x30,0x82,0x87,0xdd,0x39,0x6e,0xfa,0x0f,0x32,0x62,0x81, + 0x71,0xfc,0x5e,0xc2,0x0d,0x3c,0x82,0x61,0x9b,0x78,0x4e,0x4c,0xdb,0x66,0xcb,0xdb, + 0x28,0xcd,0xd2,0x63,0xa4,0x6a,0x3e,0xc6,0x3e,0x1c,0xad,0x76,0x59,0xdc,0x3b,0x33, + 0x80,0x14,0x32,0xd2,0xb5,0xb5,0xe1,0x0a,0x77,0x00,0x83,0xb9,0x33,0xa8,0x05,0xa9, + 0xc7,0x6c,0xc2,0x6c,0x91,0x2f,0x95,0x2c,0xec,0x5f,0xd8,0x41,0x3a,0x8c,0x1a,0xda, + 0xee,0x80,0x14,0x9f,0xa1,0x98,0x55,0x31,0x50,0x75,0x82,0x52,0x92,0xdb,0x24,0xde, + 0x32,0x5f,0xa6,0xbf,0x3b,0x4c,0x06,0x65,0x2f,0xc8,0x32,0x0d,0xef,0x42,0x36,0xc0, + 0x88,0xdd,0x5a,0xe4,0x33,0x15,0xe0,0x36,0x72,0xfb,0x99,0x9c,0x35,0x4e,0xf6,0x1a, + 0xc3,0x80,0xb1,0xb1,0xc9,0x6d,0x71,0x1f,0xc7,0x77,0xe3,0x45,0xcc,0xb9,0x45,0x36, + 0x35,0x5a,0x32,0x14,0x66,0xee,0xdc,0xf2,0x35,0x5d,0xd5,0x1f,0x68,0x80,0x23,0xd6, + 0xb5,0x99,0x39,0x0f,0x3a,0xff,0x62,0x01,0x36,0x9d,0x81,0x03,0xaf,0x92,0x6c,0x83), + }, + { /* Message changed */ + .exp = FALSE, + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0x46,0x21,0xb1,0x7c,0xd9,0xf5,0xb6,0x23,0xfe,0x73,0xb5,0xfe,0x28,0x0c,0xe9,0xac, + 0x84,0x08,0x05,0x60,0x8a,0xcd,0x6e,0x41,0xd5,0x5e,0xa7,0x11,0x32,0x22,0x0c,0x0d, + 0xf7,0xe7,0xc4,0x15,0x96,0x26,0xf1,0x0d,0x71,0x88,0x29,0x83,0xf0,0xaa,0x2a,0x92, + 0xd1,0x1d,0xc9,0x06,0xc0,0xb2,0x2c,0xc0,0x28,0xf4,0x39,0x5d,0x48,0xf5,0x4e,0x12, + 0x89,0x4e,0x33,0xda,0x0f,0x61,0x4d,0xd4,0x8e,0xe1,0x14,0xe6,0x5f,0x95,0xc7,0xa7, + 0xd3,0x58,0x5e,0x7c,0xc7,0x65,0xc0,0x01,0x78,0xd1,0x36,0xaa,0x99,0x59,0x1f,0xaa, + 0xa3,0x5e,0xe6,0x13,0x6d,0x2e,0x32,0x3f,0xfc,0x85,0x5c,0x70,0x9c,0x54,0x26,0xb3, + 0x2f,0xc0,0xaa,0x0a,0xc6,0x6e,0x90,0xc9,0x6e,0xfe,0x84,0x41,0x4d,0xd5,0xe7,0x9c), + .s = chunk_from_chars( + 0xb6,0x0a,0x4d,0xd6,0x29,0xd6,0x03,0x0f,0xe6,0x52,0x2f,0x6b,0x75,0x4f,0x0e,0x75, + 0x1d,0xe4,0xb2,0x55,0x2c,0x60,0x7e,0xfc,0xcb,0x2f,0x90,0xda,0x91,0x78,0x75,0x83, + 0xb6,0xfc,0x51,0xbc,0xb6,0x0a,0xb2,0x19,0x38,0xa4,0x8c,0xa6,0xab,0x3e,0xf8,0xab, + 0x75,0xb5,0x6a,0xbb,0x9d,0xf1,0xfa,0xa4,0xdb,0xd8,0x4b,0x41,0x20,0x66,0xf3,0xf9, + 0x2b,0xff,0x77,0x8a,0x89,0xf7,0xdf,0x4f,0x55,0x31,0x7c,0xbc,0x40,0xa7,0x80,0xfb, + 0x87,0xf0,0xc8,0x44,0xc2,0xd6,0x4e,0x23,0x24,0x74,0xa3,0xe9,0x31,0xc1,0x68,0xb3, + 0x30,0x86,0x65,0x79,0x68,0x5c,0x51,0xa5,0x93,0x7a,0x2e,0x80,0xea,0x2c,0x6e,0xd0, + 0x0f,0xe1,0x23,0xf1,0x4b,0xbe,0xf5,0x5c,0x97,0x74,0xbd,0x62,0x0e,0x1e,0x82,0x1e, + 0x01,0x28,0xcf,0x49,0xda,0xb6,0xf8,0x85,0x3c,0x08,0x80,0x1c,0x8a,0x00,0x91,0x9a, + 0x6c,0x01,0x3c,0x3a,0x83,0xf9,0x99,0xc6,0x6a,0x5c,0xb4,0x9c,0x91,0x86,0x5d,0xf6, + 0x0d,0xb8,0xbe,0x81,0x3b,0xc3,0xd8,0xb3,0x5d,0x85,0xd7,0x9c,0xf0,0x1a,0xbe,0xd2, + 0xf6,0x0f,0x60,0xed,0xc9,0x71,0x53,0x78,0x0c,0x0c,0x12,0xfe,0x45,0xe5,0xe4,0x87, + 0xfd,0x95,0x93,0x93,0x07,0x9d,0xbe,0xe5,0xaf,0x46,0xc0,0xa7,0xc4,0x21,0x4f,0xab, + 0x75,0xc5,0xb5,0xdd,0xd6,0xf0,0x28,0x86,0x69,0xe0,0xa9,0xbe,0x33,0xf4,0xb5,0x78, + 0x25,0x24,0xe8,0x38,0x31,0x5c,0xc0,0x31,0xd9,0x7b,0xeb,0x15,0x96,0x02,0x6f,0x12, + 0x9a,0x21,0xe9,0x61,0xdd,0xe6,0xbc,0x34,0xc4,0x92,0xf3,0x02,0x6a,0xf7,0xf5,0x03, + 0xb8,0xff,0x87,0xb7,0x77,0x56,0x19,0xf8,0xd1,0xe1,0x7f,0x97,0x2c,0x85,0x94,0x0a, + 0xff,0xbb,0x64,0xd3,0x31,0x0f,0xb9,0xf7,0x4d,0x9d,0x16,0xae,0xb0,0x77,0xb8,0xb9, + 0x97,0xb1,0x80,0x20,0xeb,0x99,0x2a,0xb6,0x13,0x22,0x84,0x7f,0xe6,0xcb,0x62,0xf7, + 0x3d,0x0a,0xbd,0x81,0x63,0x3a,0xc5,0xc5,0xbe,0x65,0x19,0xdd,0xbc,0x93,0x34,0xbb, + 0x56,0x44,0x9b,0xdf,0x96,0x93,0x0d,0x65,0xd8,0x06,0x1d,0xb8,0x91,0x1d,0x4e,0xd6, + 0xa5,0x9a,0xe8,0xd2,0x27,0x6d,0x04,0x59,0x6a,0x38,0x8e,0x75,0x2c,0xf9,0x9c,0xbd, + 0x39,0x5b,0x83,0x7e,0x7c,0x5a,0xee,0x27,0x8a,0x7c,0x4b,0x43,0xc7,0x8d,0x3d,0x74, + 0xc8,0x8f,0x49,0xcb,0xc8,0xd8,0x16,0xf5,0x3c,0xca,0x15,0x69,0x27,0xfb,0x92,0xd4), + }, + { + .exp = TRUE, + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0x08,0x97,0xd4,0x0e,0x7c,0x0f,0x2d,0xfc,0x07,0xb0,0xc7,0xfd,0xda,0xf5,0xfd,0x8f, + 0xcc,0x6a,0xf9,0xc1,0xfd,0xc1,0x7b,0xeb,0xb9,0x23,0xd5,0x9c,0x9f,0xc4,0x3b,0xd4, + 0x02,0xba,0x39,0x73,0x8f,0x0f,0x85,0xf2,0x30,0x15,0xf7,0x51,0x31,0xf9,0xd6,0x50, + 0xa2,0x9b,0x55,0xe2,0xfc,0x9d,0x5d,0xdf,0x07,0xbb,0x8d,0xf9,0xfa,0x5a,0x80,0xf1, + 0xe4,0x63,0x4e,0x0b,0x4c,0x51,0x55,0xbf,0x14,0x89,0x39,0xb1,0xa4,0xea,0x29,0xe3, + 0x44,0xa6,0x64,0x29,0xc8,0x50,0xfc,0xde,0x73,0x36,0xda,0xd6,0x16,0xf0,0x03,0x93, + 0x78,0x39,0x1a,0xbc,0xfa,0xfe,0x25,0xca,0x7b,0xb5,0x94,0x05,0x7a,0xf0,0x7f,0xaf, + 0x7a,0x32,0x2f,0x7f,0xab,0x01,0xe0,0x51,0xc6,0x3c,0xc5,0x1b,0x39,0xaf,0x4d,0x23), + .s = chunk_from_chars( + 0x8e,0xbe,0xd0,0x02,0xd4,0xf5,0x4d,0xe5,0x89,0x8a,0x5f,0x2e,0x69,0xd7,0x70,0xed, + 0x5a,0x5c,0xe1,0xd4,0x5a,0xd6,0xdd,0x9c,0xe5,0xf1,0x17,0x9d,0x1c,0x46,0xda,0xa4, + 0xd0,0x39,0x4e,0x21,0xa9,0x9d,0x80,0x33,0x58,0xd9,0xab,0xfd,0x23,0xbb,0x53,0x16, + 0x63,0x94,0xf9,0x97,0xb9,0x09,0xe6,0x75,0x66,0x20,0x66,0x32,0x4c,0xa1,0xf2,0xb7, + 0x31,0xde,0xba,0x17,0x05,0x25,0xc4,0xee,0x8f,0xa7,0x52,0xd2,0xd7,0xf2,0x01,0xb1, + 0x02,0x19,0x48,0x9f,0x57,0x84,0xe3,0x99,0xd9,0x16,0x30,0x2f,0xd4,0xb7,0xad,0xf8, + 0x84,0x90,0xdf,0x87,0x65,0x01,0xc4,0x67,0x42,0xa9,0x3c,0xfb,0x3a,0xaa,0xb9,0x60, + 0x2e,0x65,0xd7,0xe6,0x0d,0x7c,0x4c,0xea,0xdb,0x7e,0xb6,0x7e,0x42,0x1d,0x18,0x03, + 0x23,0xa6,0xd3,0x8f,0x38,0xb9,0xf9,0x99,0x21,0x3e,0xbf,0xcc,0xc7,0xe0,0x4f,0x06, + 0x0f,0xbd,0xb7,0xc2,0x10,0x20,0x65,0x22,0xb4,0x94,0xe1,0x99,0xe9,0x8c,0x6c,0x24, + 0xe4,0x57,0xf8,0x69,0x66,0x44,0xfd,0xca,0xeb,0xc1,0xb9,0x03,0x1c,0x81,0x83,0x22, + 0xc2,0x9d,0x13,0x5e,0x11,0x72,0xfa,0x0f,0xdf,0x7b,0xe1,0x00,0x7d,0xab,0xca,0xab, + 0x49,0x66,0x33,0x2e,0x7e,0xa1,0x45,0x6b,0x6c,0xe8,0x79,0xcd,0x91,0x0c,0x91,0x10, + 0x10,0x4f,0xc7,0xd3,0xdc,0xab,0x07,0x6f,0x2b,0xd1,0x82,0xbb,0x83,0x27,0xa8,0x63, + 0x25,0x45,0x70,0xcd,0xf2,0xab,0x38,0xe0,0xcd,0xa3,0x17,0x79,0xde,0xaa,0xd6,0x16, + 0xe3,0x43,0x7e,0xd6,0x59,0xd7,0x4e,0x5a,0x4e,0x04,0x5a,0x70,0x13,0x38,0x90,0xb8, + 0x1b,0xc4,0xf2,0x4a,0xb6,0xda,0x67,0xa2,0xee,0x0c,0xe1,0x5b,0xab,0xa3,0x37,0xd0, + 0x91,0xcb,0x5a,0x1c,0x44,0xda,0x69,0x0f,0x81,0x14,0x5b,0x02,0x52,0xa6,0x54,0x9b, + 0xbb,0x20,0xcd,0x5c,0xc4,0x7a,0xfe,0xc7,0x55,0xeb,0x37,0xfe,0xd5,0x5a,0x9a,0x33, + 0xd3,0x65,0x57,0x42,0x45,0x03,0xd8,0x05,0xa0,0xa1,0x20,0xb7,0x69,0x41,0xf4,0x15, + 0x0d,0x89,0x34,0x2d,0x7a,0x7f,0xa3,0xa2,0xb0,0x8c,0x51,0x5e,0x6f,0x68,0x42,0x9c, + 0xf7,0xaf,0xd1,0xa3,0xfc,0xe0,0xf4,0x28,0x35,0x1a,0x6f,0x9e,0xda,0x3a,0xb2,0x4a, + 0x7e,0xf5,0x91,0x99,0x4c,0x21,0xfb,0xf1,0x00,0x1f,0x99,0x23,0x9e,0x88,0x34,0x0f, + 0x9b,0x35,0x9e,0xc7,0x2e,0x8a,0x21,0x2a,0x19,0x20,0xe6,0xcf,0x99,0x3f,0xf8,0x48), + }, + { /* Format of the EM is incorrect - 00 on end of pad removed */ + .exp = FALSE, + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0x78,0x67,0xb6,0x5e,0xd9,0x82,0xed,0x6c,0xdd,0x2d,0x06,0x11,0x57,0xbe,0x90,0xf8, + 0x5b,0xcd,0x58,0x03,0x50,0xf1,0x25,0x31,0x45,0xcb,0xa5,0xc5,0x89,0x46,0xa8,0xa5, + 0x75,0x1c,0x8c,0x00,0x8d,0x9d,0xf8,0x33,0xc8,0xac,0xce,0xee,0x2b,0x0a,0x5a,0x92, + 0x9c,0xd7,0xd0,0xde,0xf6,0x55,0xf5,0xcb,0x59,0xf0,0x1c,0xb4,0xc4,0x7b,0x54,0xba, + 0xe5,0xbd,0xe0,0x67,0x2f,0x2c,0xe7,0x92,0x2e,0xf8,0x6d,0x82,0x17,0x4b,0x82,0x56, + 0xa4,0xd0,0xb9,0xa3,0x1e,0x72,0xdc,0x60,0xbb,0x66,0xde,0xff,0x2b,0x6b,0x11,0xdd, + 0x6e,0x50,0x99,0xdc,0xe8,0xb7,0x21,0x4e,0xb7,0x1a,0xcd,0x16,0x44,0x0b,0x6f,0x09, + 0x18,0xc0,0xfd,0x9b,0xf2,0xce,0x43,0xb7,0x16,0x35,0xd5,0xee,0xe7,0x9d,0x48,0xd4), + .s = chunk_from_chars( + 0x0a,0x61,0x70,0x81,0xdd,0x97,0x94,0xc9,0x37,0xe4,0xc7,0x16,0x3e,0x28,0x65,0x43, + 0x95,0x58,0xd4,0x1e,0x68,0x8b,0x23,0x0c,0x20,0xa1,0xea,0x71,0x84,0x66,0x43,0xb8, + 0x32,0x1d,0x77,0xca,0xd5,0x82,0xec,0x9a,0x70,0xf4,0x0d,0x7a,0x8e,0xd9,0xf7,0x22, + 0xc5,0xb9,0x01,0x2f,0x43,0x6c,0x7a,0x61,0x7d,0xed,0x2a,0xd1,0x86,0x43,0x45,0x7b, + 0x6f,0xd3,0x30,0x35,0xfc,0x2a,0x2c,0xbd,0x52,0xf3,0xda,0x41,0x58,0x01,0x5e,0x01, + 0xfa,0xb5,0x5b,0x4e,0x26,0xe2,0xde,0x96,0x02,0x10,0x1d,0xdb,0x86,0xe8,0xd2,0xae, + 0xb8,0x9b,0xf4,0x00,0x69,0x33,0xa1,0x1b,0x5f,0xbc,0xe2,0xbd,0x09,0xe3,0x1f,0xda, + 0x18,0xa8,0x2e,0xc4,0x05,0x91,0x0d,0xd3,0xd1,0xcf,0x1e,0x46,0x5c,0x17,0x68,0x72, + 0xda,0x3d,0xb1,0xc2,0xb3,0x08,0x9b,0x48,0xe7,0x68,0xef,0x15,0x5a,0xd5,0xf5,0x64, + 0x17,0x49,0x7a,0x64,0x8e,0xd0,0x42,0x7d,0x45,0xec,0xdd,0x03,0x8d,0x3c,0xc8,0xc8, + 0x7c,0xe9,0x9a,0x92,0xf0,0x8c,0x76,0x41,0xf7,0xfa,0x39,0xce,0xb4,0xec,0x83,0xec, + 0xe0,0x99,0x4a,0xc6,0x84,0x8b,0xb6,0xef,0xb4,0xe7,0x93,0x27,0x14,0x5e,0x53,0x96, + 0xb1,0x0f,0xaa,0x1a,0xc3,0xa6,0x3e,0xcd,0x4a,0x4a,0x2c,0x9c,0xba,0x94,0x6b,0x0e, + 0x5f,0x18,0x5b,0x2c,0xd1,0xa0,0x42,0x93,0xee,0x46,0x39,0x3d,0x37,0x4d,0xb8,0xbe, + 0x0a,0x84,0x93,0x77,0xeb,0x11,0x06,0x7e,0xad,0x3b,0x76,0xe5,0x14,0x55,0x1d,0x48, + 0x4d,0x5c,0x51,0x54,0x4a,0x1d,0x0d,0xa9,0x6c,0x17,0xb5,0xb2,0xef,0x95,0x3d,0xcd, + 0xc1,0xc6,0xd5,0x92,0x03,0x0e,0x46,0x8e,0xb8,0x18,0x6a,0x5b,0xf6,0x60,0xb7,0x1d, + 0xa5,0xd9,0x82,0xbc,0x54,0x24,0xcf,0x1a,0x4f,0x8c,0xe9,0x52,0xbc,0x76,0x3b,0x4e, + 0xaa,0xdb,0x2a,0x3f,0x78,0x7c,0x8a,0xf0,0x1d,0xf2,0xf4,0x3d,0xb5,0xe0,0xad,0x71, + 0x18,0x24,0xac,0xec,0xe2,0xd9,0x9d,0x5b,0xf9,0xfd,0xee,0x0f,0xdf,0x1f,0xdd,0x37, + 0x0e,0xc7,0x91,0xa9,0x46,0xa4,0xb6,0xaf,0x20,0xb2,0x77,0x47,0x9a,0x83,0x87,0x76, + 0xe9,0xc0,0x92,0x30,0xc3,0x63,0x25,0xb8,0xc8,0xef,0x84,0xdb,0x28,0x2f,0xe8,0x9c, + 0xed,0x24,0xb0,0xd7,0x86,0x9b,0x5d,0x24,0x6f,0xb3,0xc6,0x0f,0xcb,0x26,0x13,0x09, + 0x89,0x77,0x14,0xe8,0x70,0x19,0x5b,0x9b,0xee,0xd0,0xb2,0x65,0x80,0x0f,0xc6,0xe6), + }, + { /* Format of the EM is incorrect - hash moved to left */ + .exp = FALSE, + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0x4d,0x36,0xeb,0x2c,0x3a,0xd2,0x33,0x43,0x69,0x23,0xe5,0x80,0xfa,0xdd,0xb4,0x5a, + 0xd3,0x59,0x67,0x10,0x8b,0xe8,0xd9,0x9a,0x87,0x67,0x45,0xdf,0x62,0x13,0xc0,0x28, + 0x92,0x9f,0x07,0xd5,0x49,0x84,0x7b,0x4f,0x9a,0x99,0x6a,0x3d,0xdd,0xe3,0x90,0xfb, + 0x54,0xae,0xde,0x47,0x0f,0xdc,0x7a,0x3e,0x0c,0x7e,0x06,0x88,0xa3,0xa1,0x25,0xcf, + 0x21,0x6a,0x3b,0x75,0xb4,0x66,0x75,0x86,0x87,0x1b,0x0a,0xeb,0x2d,0xe3,0xc0,0xe1, + 0x43,0xfa,0xb1,0xaa,0x51,0xd5,0x4f,0x82,0xf2,0xb5,0xa6,0xd5,0x35,0x7d,0xe1,0xaf, + 0x42,0xc0,0x10,0x74,0x41,0x1f,0x28,0xd1,0x77,0xd2,0x4b,0xf2,0xb2,0x84,0x4a,0xf6, + 0xe8,0x64,0x69,0xa0,0x1b,0x79,0x62,0x4f,0x7f,0x35,0xac,0x30,0xdf,0x4e,0xfc,0xb2), + .s = chunk_from_chars( + 0x81,0x38,0x92,0x2f,0xd1,0xa8,0x73,0x33,0xf1,0x31,0x6e,0x20,0x7e,0x58,0x51,0xaf, + 0x65,0xf2,0x7d,0x9f,0x5c,0xda,0x0f,0x7b,0x7c,0xab,0x00,0x54,0xa2,0xde,0xab,0x0a, + 0x5c,0x24,0x6f,0x18,0x34,0xb8,0xfa,0x0a,0x9a,0xe7,0x55,0xb6,0xad,0xd3,0xb6,0xdd, + 0x93,0xc6,0x94,0xfa,0x49,0xbe,0xa2,0x8a,0x56,0x35,0xe5,0x6d,0x98,0x41,0xd2,0x83, + 0x32,0x0e,0x7a,0x6f,0x98,0x12,0xc1,0x02,0xa6,0x0f,0xc2,0x50,0x5a,0x08,0x1e,0xe3, + 0x84,0x9f,0x81,0x51,0x91,0xb9,0xd7,0xa6,0xc4,0x1d,0xb6,0x7a,0xa1,0xa0,0x53,0xf2, + 0x2d,0x15,0x14,0x22,0x6a,0xad,0x39,0x22,0xcb,0x0b,0x5b,0xe7,0xdc,0x86,0xd6,0xcd, + 0x5d,0xaf,0x28,0xba,0xda,0x17,0x9f,0xbe,0xda,0x50,0x37,0x2b,0xce,0xe5,0xfd,0x8b, + 0x56,0x7c,0xa1,0x82,0x6b,0x08,0x1c,0xc0,0xe6,0xcf,0x58,0xcd,0x7e,0xd9,0x35,0xc6, + 0x92,0x2b,0x92,0x4b,0xed,0xd7,0xe4,0xf3,0xd4,0x8f,0x19,0x95,0xa5,0x6b,0xb1,0xd8, + 0xaf,0xf5,0x50,0x5e,0xa9,0x7c,0x56,0xcd,0xcb,0xaa,0x8e,0x93,0x25,0x4e,0x8c,0x6a, + 0x39,0xdb,0x12,0x76,0xc6,0xf5,0x3a,0x65,0x51,0xf1,0x62,0xf4,0x03,0x18,0x2b,0x4b, + 0xca,0x89,0x2a,0x6c,0xf5,0x27,0xc4,0xf9,0x62,0x96,0xb2,0xce,0x17,0xff,0xdf,0xa0, + 0x34,0x7d,0x52,0x90,0x94,0x0d,0x81,0xed,0x99,0xa3,0xe8,0xb0,0x0e,0x85,0x9d,0xc0, + 0xbc,0xb8,0x3e,0x90,0xe9,0xcd,0x9a,0x5b,0x64,0xcb,0x9d,0xb1,0xf3,0xf0,0x1d,0x26, + 0xd0,0x88,0x35,0xff,0xdf,0xe4,0x05,0x3d,0x9c,0x79,0x20,0x96,0x3b,0x07,0xfb,0x19, + 0x9e,0x5c,0x01,0xd4,0x4d,0x41,0x82,0x58,0x61,0x04,0x85,0x02,0x13,0xf8,0xca,0x60, + 0xc0,0x08,0x1e,0x62,0xb5,0xfe,0xcb,0xad,0x7e,0xce,0xd9,0x3c,0x35,0xa1,0x37,0x4d, + 0x27,0xb6,0x71,0x50,0xdd,0xfb,0x44,0xac,0x68,0xf6,0xaa,0x00,0xb5,0x5e,0x38,0xe6, + 0x81,0xb4,0x56,0xe6,0x06,0x55,0x26,0x1d,0x8d,0xae,0x04,0x7d,0x67,0xa4,0xee,0x2c, + 0x55,0xec,0xf2,0x13,0x57,0x1d,0xa1,0xdf,0x54,0x9a,0x48,0x89,0xea,0x3a,0x28,0x5b, + 0x5b,0x2f,0xe0,0x70,0x7d,0x74,0xd4,0x70,0xc7,0xec,0xe3,0xa2,0x15,0x26,0xf5,0xd4, + 0xaf,0x70,0x85,0xdd,0x11,0xe6,0xaf,0x40,0x51,0x52,0xa0,0x51,0x10,0xfc,0xd6,0xaa, + 0x06,0xce,0x93,0xf1,0xd2,0xba,0xba,0x3e,0xd5,0xdb,0x73,0x29,0x3f,0x97,0x7e,0xf1), + }, + { /* Signature changed */ + .exp = FALSE, + .e = chunk_from_chars(0x73,0xb1,0x93), + .m = chunk_from_chars( + 0xe2,0xa9,0x2b,0x14,0x3c,0x8a,0x00,0x6c,0xee,0x8a,0xfe,0xbb,0x66,0x31,0x19,0x74, + 0x5d,0x26,0xf4,0xff,0xac,0xaa,0x53,0x5c,0x61,0x65,0xd3,0x0a,0x12,0x65,0xd9,0x27, + 0x71,0x64,0xc8,0xd8,0x21,0x49,0x77,0xeb,0xc8,0xf2,0xe2,0xbb,0x66,0x31,0x1f,0x54, + 0xe5,0x14,0x94,0xd8,0xf1,0x6a,0x68,0x22,0x09,0x82,0x37,0xa8,0xd6,0x36,0x0a,0xa6, + 0xbc,0x28,0x86,0x79,0xb0,0x4c,0x63,0x48,0x49,0xa7,0x20,0xea,0x19,0x56,0xf5,0x04, + 0x3d,0xd1,0x0a,0x72,0x33,0x71,0xe6,0xe9,0xec,0x30,0x2a,0xda,0x22,0xb1,0x7f,0x99, + 0xec,0x80,0xcd,0xbe,0x90,0x9a,0xae,0xcc,0x98,0x30,0x22,0x10,0x28,0xa8,0x84,0xcc, + 0x8e,0xe5,0xbc,0x95,0x1b,0xc8,0xb7,0xfa,0x31,0xf6,0x14,0x66,0x9e,0xdc,0x20,0x48), + .s = chunk_from_chars( + 0xc8,0x1a,0xc3,0x94,0xf8,0x2c,0xb2,0x7d,0x75,0x95,0x07,0x59,0x22,0x4b,0x17,0x87, + 0xf8,0x72,0x25,0xae,0x55,0x49,0xbe,0x13,0xdc,0x1f,0x74,0x32,0x6e,0xb6,0x68,0xe5, + 0xe0,0x9d,0x03,0xe0,0x3e,0xcf,0x03,0x9f,0xd0,0x8d,0xc3,0x01,0xe7,0x0b,0xd0,0x79, + 0x92,0xb2,0x0a,0x27,0x57,0xb5,0x76,0x6b,0xf6,0x22,0x05,0x2d,0x69,0xfb,0xfb,0xfa, + 0xca,0x96,0x4d,0xa3,0x3a,0xf7,0x1c,0x87,0x87,0xeb,0xa9,0xed,0x5c,0xaf,0x1b,0xf8, + 0x6e,0x48,0x58,0x7d,0x26,0xb2,0x1f,0x9f,0x1b,0xe6,0x01,0x24,0x6e,0x1d,0x9c,0xdc, + 0xea,0x9a,0xf7,0x79,0x6a,0xe3,0x0d,0xd6,0xbc,0xbf,0x1b,0x25,0x73,0x4f,0x89,0xe8, + 0x6a,0xe9,0x05,0x1c,0x7a,0x2c,0xf3,0x73,0x09,0x14,0x40,0x6f,0x15,0x41,0xbe,0xed, + 0x81,0x2a,0xc6,0xc9,0xe1,0x8c,0xfd,0x5b,0xf2,0x65,0x52,0x33,0x60,0x01,0x88,0x60, + 0x14,0x1b,0xcf,0xc5,0x1c,0x89,0xef,0x87,0x96,0x36,0xae,0x2d,0x7f,0x7e,0x41,0xe3, + 0x13,0x37,0xf7,0xaf,0xc3,0xe2,0x01,0xc6,0x80,0x5a,0x76,0xaf,0x89,0xdc,0x9e,0xa7, + 0x74,0x13,0xbe,0x1f,0x13,0x38,0xe8,0x45,0xe9,0xd1,0x6c,0xf8,0x6e,0x5e,0x04,0xa5, + 0x2d,0x8b,0x57,0x94,0x21,0x29,0x6f,0xa7,0x02,0xad,0x07,0xec,0xbf,0xa0,0x23,0x7a, + 0xc9,0x96,0xee,0x2e,0x91,0xee,0xac,0x8e,0xf4,0x89,0x02,0xa7,0x6c,0x94,0x7b,0x50, + 0x1e,0x26,0x5c,0x4b,0x3f,0xbd,0x0c,0x51,0x6a,0x04,0x16,0xea,0x13,0xc7,0x9b,0x7e, + 0x5d,0x5b,0x94,0x35,0xae,0xf3,0xf3,0x71,0xd3,0x8f,0xf9,0xdf,0x8f,0xdd,0xed,0x2f, + 0x26,0x5b,0x27,0xda,0x5a,0x84,0xfe,0x54,0x43,0x63,0x5e,0x26,0x08,0x07,0xdb,0x9a, + 0x15,0x51,0x38,0x7e,0x6c,0x9c,0x59,0x64,0x98,0xd2,0x80,0xd9,0x17,0x0d,0xaa,0x62, + 0x95,0x4e,0xd3,0x2b,0x14,0xd0,0x44,0x98,0x0e,0xca,0x76,0xa8,0xdb,0x63,0x48,0x3d, + 0x8c,0x4c,0xbf,0xa6,0x69,0xec,0x14,0x0e,0x7c,0x4a,0x30,0x4c,0xc1,0x5e,0x46,0x8d, + 0x96,0xff,0xf3,0x4d,0x77,0x69,0x25,0x81,0xb1,0x0e,0x7d,0x25,0xef,0x07,0x5d,0x65, + 0x27,0x58,0xf5,0x0e,0x9a,0xc4,0xcf,0x98,0x48,0x46,0x63,0x88,0x05,0x15,0x18,0xcf, + 0x93,0xe1,0x83,0xf9,0x10,0xa4,0xf5,0x03,0xfb,0xeb,0x65,0x4f,0x4b,0x94,0x24,0xdb, + 0xad,0xf6,0x1d,0x2d,0x50,0xf6,0x0f,0x8f,0x02,0xb4,0xea,0x0e,0x7b,0xc3,0xb3,0x98), + }, + }, +}, +{ + .params = { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, }, + .n = chunk_from_chars( + 0x99,0xa5,0xc8,0xd0,0x94,0xa5,0xf9,0x17,0x03,0x46,0x67,0xa0,0x40,0x8b,0x7e,0xcf, + 0xca,0xac,0xc3,0xf9,0x78,0x44,0x44,0xe2,0x17,0x73,0xc3,0x46,0x1e,0xc3,0x55,0xf0, + 0xd0,0xf5,0x2a,0x5d,0xb0,0x56,0x8a,0x71,0xd3,0x88,0x69,0x67,0x88,0xef,0x66,0xae, + 0x73,0x40,0xc6,0xb2,0x8d,0xbf,0x92,0x5f,0xe8,0x35,0x57,0x98,0x65,0x75,0xf7,0x9c, + 0xca,0x69,0x21,0x72,0x21,0x39,0x7e,0xd5,0x80,0x8a,0x26,0xf7,0xe7,0xe7,0x14,0xc9, + 0x32,0x35,0xf9,0x14,0xd4,0x5c,0x4a,0x9a,0xf4,0x61,0x9b,0x20,0xf5,0x11,0xad,0x64, + 0x4b,0xd3,0x41,0x2d,0xfd,0xf0,0xff,0x71,0x7f,0x7a,0xac,0x74,0x6f,0x31,0x0b,0xfa, + 0x9a,0x14,0x1a,0xc3,0xdb,0xf0,0x1c,0x1f,0xc7,0x4f,0xeb,0xd1,0x97,0x93,0x84,0x19, + 0xc2,0x62,0x29,0x35,0x05,0xc3,0x5f,0x40,0x2f,0x90,0x53,0xad,0x13,0xc5,0x1a,0x59, + 0x60,0xec,0xde,0x55,0xec,0x82,0x9e,0x95,0x3f,0x94,0x1a,0xf7,0x33,0xe5,0x87,0x05, + 0x91,0x37,0x67,0xe7,0xa7,0x20,0x0d,0x1d,0x09,0xe7,0xe7,0xe2,0xd2,0x69,0xfa,0x29, + 0xa5,0x58,0xbb,0x16,0x30,0x4b,0x05,0x9f,0x13,0xf4,0xca,0x56,0x0a,0x81,0x01,0xfe, + 0x37,0x20,0xb4,0xa7,0x79,0xec,0x12,0x64,0x27,0x32,0x6c,0xaa,0x13,0x2a,0x3d,0x36, + 0x11,0xd7,0xdb,0xc5,0x03,0x36,0xfa,0xc7,0x89,0xec,0x40,0x6b,0x39,0x7e,0x1e,0x36, + 0xd7,0xda,0xf9,0xb6,0x24,0xbf,0x63,0x9c,0x82,0xb8,0x59,0x28,0x87,0x47,0x69,0x0c, + 0x73,0x0c,0x98,0x0b,0x2f,0x5a,0x23,0x9d,0xd9,0x5a,0xd5,0x38,0x9a,0x2e,0xc9,0x0c, + 0x57,0x78,0x60,0x47,0x13,0x71,0x03,0x83,0xae,0x55,0xd4,0xd2,0x8c,0x06,0xd4,0xac, + 0x26,0xf0,0xd1,0x23,0x1f,0x1d,0x67,0x62,0xc8,0xe0,0xd9,0x18,0x11,0x81,0x56,0xbc, + 0x63,0x77,0x60,0xda,0xea,0x18,0x47,0x46,0xb8,0xdc,0xf6,0xf6,0x1d,0xb2,0x74,0xa7, + 0xdd,0xce,0xaa,0x07,0x49,0x37,0xab,0xab,0xad,0x45,0x49,0xb9,0x7a,0xb9,0x92,0x49, + 0x4a,0x80,0x72,0x08,0xab,0xd7,0x89,0x82,0x3f,0x5d,0x75,0xc4,0xb9,0x94,0x08,0x9c, + 0x80,0x72,0xcf,0xc2,0x54,0xe0,0xd8,0x20,0x2f,0xd8,0x96,0x47,0x6e,0x96,0xad,0x9d, + 0x30,0x9a,0x0e,0x8e,0x73,0x01,0x28,0x2f,0x07,0xeb,0x2a,0xe8,0xed,0xef,0xb7,0xdb, + 0xbe,0x13,0xb9,0x6e,0x8b,0x40,0x24,0xc6,0xb8,0x4d,0xe0,0xa0,0x5e,0x15,0x02,0x85), + .tests = { + { /* Format of the EM is incorrect - hash moved to left */ + .exp = FALSE, + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0x4d,0x44,0x66,0x5e,0x0e,0x29,0x87,0xcf,0x7d,0xd1,0xe9,0xd6,0x20,0x01,0x51,0xf5, + 0x00,0xea,0x3b,0x85,0xa2,0x4f,0x72,0xfb,0x38,0xe5,0xdd,0x69,0x19,0xff,0x9c,0x48, + 0x6f,0x6a,0x54,0x74,0x2f,0x96,0xc6,0x78,0x4f,0xf7,0xa7,0x0c,0x33,0xab,0xab,0xdc, + 0x68,0x5d,0xe4,0x8b,0x94,0x69,0x4a,0xf8,0xad,0x41,0x9b,0xc0,0x6a,0x0f,0x65,0x04, + 0xf7,0x9c,0x60,0x6c,0xed,0x70,0x02,0x6b,0x81,0x3b,0x4e,0xc5,0xfc,0x73,0xed,0x4f, + 0x6b,0x3f,0x7f,0xf6,0x97,0x94,0x33,0x03,0x37,0x9d,0x95,0x9e,0x65,0x61,0xa8,0x90, + 0x4f,0xa0,0x35,0x4d,0x2f,0xfd,0x62,0x31,0x7d,0x63,0x86,0x0a,0x62,0xa1,0x3c,0xd7, + 0x71,0x57,0xb7,0xcf,0x92,0x16,0x55,0xa5,0x3e,0xc3,0x76,0x0b,0xf2,0x3c,0x8e,0x75), + .s = chunk_from_chars( + 0x4f,0x48,0xe5,0x1a,0x04,0x1e,0x40,0xa0,0x29,0xd5,0x86,0xcb,0x7a,0xfd,0x7e,0xc1, + 0x10,0x31,0xf8,0x6d,0x7b,0xee,0x58,0xfc,0x13,0xa9,0x22,0x7d,0xd2,0x09,0xf1,0xd7, + 0xbe,0xcf,0x32,0x09,0xcd,0x43,0x05,0x5e,0x93,0x16,0x5f,0x04,0xf2,0x32,0x76,0xd4, + 0x6b,0x0b,0x64,0x66,0x9b,0x88,0xc2,0xba,0x54,0xad,0x6b,0xcb,0x5e,0x9d,0xa8,0x18, + 0x10,0x01,0x4e,0x14,0x0e,0xd0,0xa1,0x42,0x34,0xb1,0xfc,0x0f,0xa4,0xcf,0xa4,0xf2, + 0x58,0xa7,0xb5,0xcf,0x73,0xa3,0x36,0x53,0x4f,0x37,0x58,0x0a,0x38,0x30,0x87,0x5f, + 0x31,0x19,0x09,0x2e,0x48,0x54,0xfa,0x80,0xd8,0x78,0x33,0xf7,0xe9,0x62,0x7a,0xb5, + 0x1e,0x05,0x6a,0x8d,0xef,0xf3,0xa4,0x51,0xe8,0xaa,0xd7,0x83,0x35,0x81,0x6b,0x53, + 0xae,0x0d,0x89,0x9b,0x06,0x07,0x40,0x3b,0xf0,0x8e,0x8c,0x32,0xe1,0xcf,0x0b,0xaa, + 0x8f,0xe0,0xd7,0x8d,0x1b,0x8d,0x72,0xf8,0x5f,0x17,0xc1,0xc5,0xb8,0x87,0x0c,0xec, + 0x49,0x94,0x97,0xb4,0x2d,0xe9,0x82,0x40,0x8f,0xba,0xdb,0xe3,0xb4,0x5a,0x13,0xb4, + 0xb5,0x37,0x1c,0xe2,0xa4,0xd9,0x60,0x0b,0x7d,0x14,0x01,0x16,0x25,0xcb,0xe7,0x3a, + 0x79,0x31,0x39,0x54,0xf4,0xf3,0xec,0x0b,0x3b,0xf6,0xdc,0x94,0x52,0x97,0x32,0x5e, + 0x3a,0xaf,0x5b,0xc8,0x9a,0x27,0x67,0x0f,0x5b,0x25,0x36,0xa5,0x4c,0xae,0xa3,0xbc, + 0x66,0x41,0xae,0x62,0x8a,0x9a,0x4d,0xa6,0x1d,0xe7,0x49,0x66,0x1a,0x93,0xb6,0xae, + 0x68,0x72,0x2d,0x10,0xd7,0x90,0x2b,0x39,0x1f,0x9e,0x9e,0xbf,0x3a,0xb9,0xc1,0x86, + 0x01,0x7b,0x52,0xea,0xc6,0xfd,0x44,0x2a,0x25,0x6f,0xe7,0xc9,0x50,0x01,0x65,0xe3, + 0xc7,0xa4,0x02,0xaa,0x01,0x74,0xe6,0xb6,0xf3,0x5e,0x4e,0x12,0xe3,0x5a,0x9d,0x42, + 0x9b,0x21,0xf6,0xcc,0x98,0xeb,0xa7,0x3c,0x80,0xed,0x8a,0xc3,0x3a,0xcd,0x79,0x48, + 0x8e,0x62,0x0b,0x27,0x49,0x23,0xe7,0x8c,0xe5,0xd9,0x1a,0x61,0x96,0xca,0x59,0x05, + 0x4f,0xa7,0x7c,0xd6,0x7e,0x0d,0x3f,0xc0,0x4d,0x71,0xb9,0x4b,0x0c,0xda,0x54,0x78, + 0xf1,0xb3,0xd6,0x91,0x50,0xf4,0x09,0x27,0xc1,0xab,0x39,0x20,0x36,0x58,0x36,0x09, + 0xd8,0xef,0xda,0x3f,0xe4,0x86,0x43,0xef,0x2f,0x75,0xf1,0x16,0x4e,0xa7,0xf2,0x55, + 0x89,0xb5,0xbb,0xb5,0x60,0xc9,0xa0,0x42,0x40,0x8f,0x85,0x94,0x4c,0xa0,0x8f,0x92), + }, + { /* Format of the EM is incorrect - 00 on end of pad removed */ + .exp = FALSE, + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0x1a,0xbc,0xa8,0xd8,0x1c,0xc9,0x8a,0x5d,0x50,0x20,0xe9,0x50,0x80,0xb5,0xfc,0xe5, + 0x9f,0xfe,0x70,0xdc,0xff,0x54,0x48,0x02,0xc4,0x9d,0xe7,0xfa,0x99,0x28,0x6b,0x3d, + 0xa1,0xd8,0x3d,0x60,0xb0,0x85,0xe6,0x96,0xbc,0x9f,0x25,0x75,0x8e,0x14,0x3e,0xfd, + 0xbd,0x74,0x94,0xd6,0xdd,0x54,0x7a,0xd9,0xf4,0xf0,0x47,0xd2,0x2d,0x14,0xa8,0x84, + 0xd1,0x3c,0x3b,0xee,0x72,0xfa,0x59,0xcd,0x6a,0x98,0x33,0x62,0x84,0xfe,0x20,0x75, + 0xf8,0xd7,0x35,0x9a,0x9d,0xf0,0x17,0xb3,0x5a,0xe0,0x0d,0xb6,0xdd,0xee,0x59,0xb1, + 0x90,0x2f,0xc9,0x0b,0xc9,0xef,0x89,0x0c,0x42,0x52,0x3b,0x9f,0xc8,0x3b,0x49,0x57, + 0x37,0x6d,0x7a,0xb1,0xa5,0xf1,0xc4,0x99,0xde,0xb7,0x62,0x2f,0x11,0x80,0x26,0xca), + .s = chunk_from_chars( + 0x85,0xe1,0x57,0x65,0xa4,0x01,0xc1,0x0d,0x86,0xac,0xf3,0xa0,0x5f,0xab,0x14,0xe0, + 0x54,0x87,0xb7,0x93,0x56,0x9a,0xe6,0x80,0xf7,0x7d,0x20,0xc2,0x5b,0x17,0x63,0xd1, + 0x84,0x63,0x4f,0xa0,0xb0,0x1d,0x97,0x9d,0xce,0x9d,0x80,0x36,0x70,0xd7,0xf9,0xf6, + 0xad,0xcd,0x59,0x47,0x6f,0xb1,0xc8,0xc3,0xaa,0xe5,0x12,0xf9,0x4a,0x9c,0xcf,0x6e, + 0x57,0x3a,0xee,0x6a,0x28,0xc0,0xdc,0xfd,0x2d,0xae,0x85,0x22,0x68,0x5f,0x03,0xec, + 0xec,0x8c,0x04,0x50,0x36,0xd1,0xcb,0x05,0x4a,0x08,0x64,0x54,0xa2,0x83,0x26,0xd5, + 0x31,0x9b,0xc7,0x00,0x4b,0xc8,0x7c,0x75,0x66,0xa5,0x68,0x52,0x55,0x8f,0x58,0x3a, + 0x38,0xa4,0xe7,0xe7,0xbe,0x79,0x81,0xdc,0xf3,0xec,0x41,0xc1,0x23,0x45,0xf8,0x45, + 0x40,0x97,0x92,0xed,0x87,0xb3,0xf1,0xb8,0xfc,0x89,0xc2,0x88,0xa2,0x96,0x8e,0x73, + 0x27,0x3a,0x36,0xf2,0xb6,0x72,0x58,0xfc,0x67,0xe8,0x88,0x60,0x85,0x66,0xa2,0x3a, + 0x6a,0x56,0x45,0x32,0x8f,0x1e,0xdd,0x8c,0x10,0x59,0x93,0xb4,0x86,0xeb,0x33,0x35, + 0x23,0x22,0x12,0xa1,0xdc,0xfd,0x5d,0xa4,0x0f,0xb3,0x90,0x2f,0xd2,0xcf,0xa8,0x6e, + 0x85,0x88,0xeb,0x3c,0x40,0xdf,0x8d,0x9e,0xdf,0x3c,0x41,0x93,0x4c,0xe9,0x1b,0x50, + 0xc0,0xd5,0xca,0x1a,0x38,0x40,0xca,0x40,0xe3,0xc8,0x41,0xb3,0x95,0x20,0xcb,0x5e, + 0x56,0x54,0xaf,0x39,0x61,0xec,0x94,0x08,0xd2,0x2e,0xdb,0x34,0x50,0x27,0xee,0xa7, + 0x11,0x9d,0xd5,0x52,0x65,0x63,0x42,0xe3,0x16,0xc6,0x0c,0x5f,0x5d,0xa0,0x28,0x30, + 0x8b,0x03,0x1b,0xac,0xc7,0x4d,0x1f,0xdd,0x69,0x07,0xbc,0x69,0x44,0xfb,0x85,0x60, + 0x82,0xcb,0x14,0xf1,0x2c,0xb5,0x09,0xca,0x4e,0xfb,0x51,0x6e,0xd0,0xc6,0x08,0x96, + 0x77,0x1b,0x47,0x84,0x42,0x02,0x69,0x13,0xe6,0x1a,0x32,0x61,0x1d,0xde,0x1a,0x88, + 0x07,0xf2,0xe1,0xcb,0x76,0xd0,0xc0,0xc6,0x9c,0x70,0x5b,0xeb,0x8f,0xe7,0x13,0xe8, + 0x48,0xcc,0x03,0xb1,0xef,0x89,0x65,0x26,0x7c,0xfc,0x3e,0xbd,0x43,0xf0,0x00,0x1b, + 0x33,0xb9,0xe9,0xad,0x41,0x8e,0xe0,0xd5,0x92,0xf1,0x84,0xd2,0x02,0x33,0x1d,0x4b, + 0x51,0xa9,0x6a,0x17,0xb0,0x14,0xd4,0x71,0x38,0xf2,0x8c,0xaa,0x39,0xd9,0xdf,0xbd, + 0xa6,0x08,0x94,0x95,0x6d,0x0c,0x04,0x3e,0x42,0x92,0x87,0x7f,0x04,0x4b,0x55,0xa2), + }, + { /* Signature changed */ + .exp = FALSE, + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0x20,0x85,0xe8,0xb9,0x46,0xd2,0x05,0x97,0x52,0xf8,0xf0,0xfe,0xe5,0x28,0xe7,0xc4, + 0xcc,0x0a,0xc1,0xfa,0x24,0x53,0x2c,0x1e,0xc2,0x9a,0x3a,0x92,0xd2,0x68,0x1c,0x4d, + 0xbd,0x8e,0x2d,0xd1,0x51,0xbb,0x32,0x5d,0x1c,0x4d,0xdf,0x63,0x18,0x68,0x9e,0x3c, + 0x8e,0x45,0x8d,0x1b,0x34,0xcd,0xc5,0x40,0x98,0x67,0xe2,0x6e,0xc2,0x0e,0xc0,0x9e, + 0x15,0xa6,0x82,0xf5,0x77,0x90,0xd9,0xf4,0xb2,0x7c,0x83,0xef,0x19,0x7e,0x11,0xc0, + 0x6e,0x65,0xee,0xbc,0x03,0x48,0x9d,0xe6,0x20,0x61,0x42,0x63,0xa5,0x1e,0x64,0x2e, + 0xf0,0x76,0xf1,0x0d,0x01,0x7a,0x82,0xc4,0xdc,0x2c,0xe1,0x88,0x2f,0x93,0xc9,0xb6, + 0x35,0x0f,0xec,0xc5,0xda,0xeb,0x3a,0x7a,0x20,0x31,0x61,0x5a,0xc1,0xc2,0x90,0x65), + .s = chunk_from_chars( + 0x65,0xbd,0x57,0xd4,0xa3,0x74,0x95,0xd5,0x4e,0xec,0x7f,0x63,0x21,0xf7,0x10,0x1a, + 0x46,0x43,0xd9,0x43,0x2a,0x2a,0xfc,0x8e,0xaa,0x14,0x7f,0xb2,0x9e,0x7a,0xb1,0x10, + 0x6e,0xb3,0x1a,0x6e,0xa7,0xae,0x3b,0x48,0xe4,0x0d,0xe6,0x3c,0xc3,0x68,0xe7,0xa6, + 0xdf,0x4c,0x99,0x82,0x59,0xc5,0x9c,0xe4,0x0b,0x8a,0xc2,0xf8,0x76,0x3b,0xee,0x91, + 0x92,0x41,0x7d,0x20,0x20,0xcb,0xe1,0x79,0xbb,0xa8,0xae,0xe9,0xbe,0x89,0x71,0x46, + 0x6f,0x5e,0x53,0xb3,0xf8,0x20,0x04,0xab,0x6a,0xa5,0x29,0xd0,0x85,0x45,0xbd,0x89, + 0x44,0x35,0xd8,0xdc,0xee,0xb3,0xa8,0xe9,0x05,0x91,0x6b,0xbd,0xb0,0x15,0xbf,0xf6, + 0x5e,0x9e,0x79,0x2a,0x88,0xe1,0xc8,0x44,0x9f,0x41,0x1e,0xda,0xcb,0xa5,0x04,0xcd, + 0x07,0x30,0x60,0x5d,0xc8,0x3f,0xee,0x64,0xf8,0xdd,0x17,0xf5,0x77,0x07,0x56,0x94, + 0x40,0x2f,0x18,0x62,0x79,0x0d,0x96,0x29,0xf9,0xfa,0x8a,0xc3,0xab,0x4e,0xe3,0x41, + 0xdd,0x39,0x79,0xeb,0x17,0x15,0xc4,0xf7,0x42,0xfb,0xd8,0x9b,0xa3,0xb9,0x05,0x65, + 0xea,0x45,0x87,0x43,0x85,0x62,0x49,0x3f,0x61,0x1d,0x5a,0xc9,0x98,0x9f,0xd4,0x05, + 0xa0,0x1d,0x23,0xb1,0x34,0x69,0xa2,0xa7,0xa8,0x5b,0x00,0x47,0x48,0x3a,0x66,0x5c, + 0xe3,0x89,0x9a,0x41,0x21,0x07,0xca,0xcc,0x11,0x08,0x7c,0xb2,0x60,0x7b,0xa9,0xd0, + 0x40,0x91,0xc4,0x18,0x24,0x72,0x42,0xcd,0x8d,0x81,0x9a,0xe1,0x7e,0x49,0xa2,0x1b, + 0xc4,0xf9,0x66,0xac,0x3d,0x37,0xd2,0xa6,0x1a,0x8b,0xfe,0xed,0xe0,0xf2,0xef,0x2d, + 0xa3,0xaa,0x32,0xbc,0x38,0xab,0xb6,0xa1,0x6a,0x44,0x75,0xe9,0x67,0x2c,0x4a,0xaa, + 0x31,0xd2,0xe8,0x27,0x7f,0x3d,0xd9,0x66,0x3f,0x39,0x60,0xf1,0x6c,0x01,0x99,0x8d, + 0x50,0xa9,0x9b,0xcc,0x68,0x1e,0xa0,0x2b,0x13,0x75,0x55,0xaf,0x2c,0xdd,0x28,0xea, + 0x43,0x28,0x15,0x88,0x06,0x6b,0xc5,0x5c,0x8f,0x7a,0xab,0x45,0xde,0xdf,0xa2,0xf6, + 0xbe,0xfb,0x5b,0x13,0x91,0x1c,0xb9,0xce,0xc2,0xb3,0xfb,0x07,0xbc,0x00,0xb2,0xda, + 0xca,0xff,0x82,0x37,0x20,0x1d,0x3e,0xbe,0xac,0x57,0x50,0x83,0x01,0x16,0x24,0xb4, + 0xbe,0x01,0x83,0x79,0x51,0x4d,0xec,0x97,0x20,0x9f,0xaa,0x29,0xb1,0xf9,0x3f,0xda, + 0x75,0xf0,0x77,0x0f,0x3c,0x73,0xe7,0x00,0xa2,0xe4,0x84,0x53,0x06,0x7c,0x90,0x9e), + }, + { + .exp = TRUE, + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0xcc,0x21,0x59,0x3a,0x6a,0x0f,0x73,0x7e,0x29,0x70,0xb7,0xc0,0x79,0x84,0xb0,0x70, + 0xd7,0x61,0x72,0x62,0x96,0xa0,0x7e,0x24,0xe0,0x56,0xe6,0x8f,0xf8,0x46,0xb2,0x9c, + 0xc1,0x54,0x81,0x79,0x84,0x3d,0x74,0xdc,0xee,0x86,0x47,0x98,0x58,0xb2,0xc1,0x6e, + 0x4c,0xb8,0x4f,0x25,0x44,0xb4,0xec,0xdc,0xb4,0xdd,0x43,0xa0,0x4b,0xb7,0x18,0x3a, + 0x76,0x8a,0xe4,0x4a,0x27,0x12,0xbf,0x9a,0xd4,0x78,0x83,0xac,0xc2,0x81,0x2f,0x95, + 0x83,0x06,0x89,0x0e,0xbe,0xa4,0x08,0xc9,0x2e,0xb4,0xf0,0x01,0xed,0x7d,0xbf,0x55, + 0xf3,0xa9,0xc8,0xd6,0xd9,0xf6,0x1e,0x5f,0xe3,0x2e,0xb3,0x25,0x3e,0x59,0xc1,0x8e, + 0x86,0x31,0x69,0x47,0x8c,0xd6,0x9b,0x91,0x55,0xc3,0x35,0xdb,0x66,0x01,0x6f,0x96), + .s = chunk_from_chars( + 0x0a,0xa5,0x72,0xa6,0x84,0x5b,0x87,0x0b,0x89,0x09,0xa6,0x83,0xbb,0x7e,0x6e,0x76, + 0x16,0xf7,0x7b,0xef,0xf2,0x87,0x46,0x11,0x6d,0x8b,0xc4,0xb7,0x33,0x55,0x46,0xb5, + 0x1e,0x80,0x06,0xed,0x0f,0xc9,0xa0,0xd6,0x6f,0x63,0xce,0x0b,0x9e,0xbf,0x79,0x2d, + 0x7e,0xfd,0x43,0x05,0xd7,0x62,0x4d,0x54,0x54,0x00,0xa5,0xfd,0x6a,0x06,0xb7,0x8f, + 0x17,0x4b,0x86,0x80,0x3f,0x7c,0xd1,0xcc,0x93,0xe3,0xa9,0x72,0x86,0xf0,0xea,0x59, + 0x0e,0x40,0xff,0x26,0x19,0x5a,0xa2,0x19,0xfe,0x15,0x10,0xa0,0x16,0x78,0x52,0x23, + 0x60,0x6d,0x93,0x11,0xa1,0x6c,0x59,0xa8,0xfe,0x4a,0x6d,0xa6,0xec,0xd0,0xc1,0xd7, + 0x77,0x50,0x39,0x29,0x0c,0x2a,0xaa,0x17,0xed,0x1e,0xb1,0xb5,0x43,0x74,0xf7,0xe5, + 0x72,0xdb,0x13,0xcc,0xa3,0xa6,0x38,0x57,0x5f,0x80,0x04,0xaa,0x54,0xa2,0xfa,0x98, + 0x42,0x2f,0xc0,0x7e,0x43,0xad,0x3a,0x20,0xdd,0x93,0x00,0x14,0x93,0x44,0x26,0x77, + 0xd8,0x83,0x91,0x4d,0xc7,0x4e,0xc1,0xcb,0xeb,0xbb,0xd3,0xd2,0xb6,0xba,0xd4,0x66, + 0x6d,0x91,0x45,0x7b,0x69,0xb4,0x6a,0x1a,0x61,0xf2,0x12,0x98,0xf1,0xa6,0x79,0x42, + 0xec,0x86,0xc8,0x76,0x32,0x2d,0xd3,0x66,0xed,0x16,0x78,0x14,0xe9,0xc8,0xfc,0x90, + 0x40,0xc5,0xb4,0xb7,0xa8,0x59,0xbb,0xd8,0x80,0xcb,0x6b,0xc2,0x41,0xb9,0xe3,0x27, + 0xce,0x77,0x9e,0x07,0x83,0xb1,0xcf,0x44,0x5e,0x0b,0x2f,0x57,0x71,0xb3,0xf5,0x82, + 0x2a,0x13,0x64,0x39,0x1c,0x15,0x4d,0xc5,0x06,0xff,0xf1,0xfb,0x9d,0x9a,0x35,0xf8, + 0x01,0x99,0xa6,0xb3,0x0b,0x4b,0x92,0xb9,0x26,0x19,0xa4,0x0e,0x21,0xae,0xa1,0x92, + 0x84,0x01,0x58,0x63,0xc4,0x48,0x66,0xc6,0x1e,0xd9,0x04,0xa7,0xad,0x19,0xee,0x04, + 0xd9,0x66,0xc0,0xaa,0xe3,0x90,0x63,0x62,0x43,0x56,0x55,0x81,0xff,0x20,0xbd,0x6e, + 0x3c,0xfb,0x6e,0x31,0xf5,0xaf,0xba,0x96,0x4b,0x31,0x1d,0xc2,0xd0,0x23,0xa2,0x19, + 0x98,0xc8,0xdd,0x50,0xca,0x45,0x36,0x99,0x19,0x0b,0xd4,0x67,0x42,0x9e,0x2f,0x88, + 0xac,0xe2,0x9c,0x4d,0x1d,0xa4,0xda,0x61,0xaa,0xc1,0xed,0xa2,0x38,0x02,0x30,0xaa, + 0x8d,0xbb,0x63,0xc7,0x5a,0x3c,0x1e,0xc0,0x4d,0xa3,0xa1,0xf8,0x80,0xc9,0xc7,0x47, + 0xac,0xdb,0x74,0xa8,0x39,0x5a,0xf5,0x8f,0x5f,0x04,0x40,0x15,0xcc,0xaf,0x6e,0x94), + }, + { /* Public Key e changed */ + .exp = FALSE, + .e = chunk_from_chars(0xa4,0x5b,0x6b), + .m = chunk_from_chars( + 0xa5,0x89,0xc8,0x78,0x8c,0x95,0x99,0x61,0xfe,0xf9,0x86,0x94,0xbb,0xfe,0xff,0xce, + 0x5d,0x69,0x07,0x18,0x99,0xad,0x96,0x9a,0xc2,0x5f,0x3c,0xb4,0x8e,0xea,0x08,0x4b, + 0x1d,0x84,0xa8,0x61,0x37,0x61,0xd1,0xe9,0xd6,0x26,0xe2,0xd9,0xe4,0xa0,0xc4,0x80, + 0x45,0xb6,0x14,0x1a,0x18,0x9c,0x84,0xa2,0x3a,0x4a,0x7e,0xe7,0x0c,0x2d,0x0b,0xe2, + 0x77,0x1c,0xf4,0x47,0x2d,0x8d,0x27,0x5a,0x31,0x09,0x5b,0x04,0x99,0xdd,0xf7,0x26, + 0x93,0x13,0x30,0x2d,0xa6,0xa0,0x72,0xe7,0x3a,0xdf,0x02,0x95,0x5b,0x3e,0xe1,0x41, + 0xba,0x38,0xf3,0x51,0xf4,0x83,0x60,0x5d,0x17,0x8a,0x3b,0x3e,0x63,0x1d,0x62,0x67, + 0x4d,0x67,0xa5,0x79,0xca,0x21,0x2a,0x11,0xc9,0x06,0x0f,0xe4,0x01,0x87,0x52,0x0f), + .s = chunk_from_chars( + 0x06,0x24,0x18,0x75,0x08,0x45,0xd3,0x29,0x1e,0x63,0x3e,0x47,0x40,0x64,0x80,0xe3, + 0x2f,0xa2,0x98,0x02,0x75,0xf2,0xe4,0xac,0x79,0xd2,0x84,0xad,0x83,0xed,0x11,0x19, + 0x0e,0x7b,0x85,0xbf,0xd6,0xed,0x9b,0xcf,0xf6,0x33,0x45,0x58,0x2f,0xcc,0xd8,0x8a, + 0x57,0x89,0x41,0xab,0xb9,0x87,0xd2,0xdc,0xb5,0x49,0xa0,0xac,0x2e,0xd5,0xfe,0x7c, + 0xe8,0x25,0x7b,0xb1,0xe6,0x28,0x81,0x55,0xff,0xf3,0xdc,0x9b,0xc1,0x14,0x0f,0x27, + 0x77,0xa8,0x45,0x75,0x98,0x63,0x60,0xd0,0x76,0x60,0x5e,0x65,0x5c,0x9d,0x73,0xf9, + 0xbf,0x01,0x0a,0x43,0x7e,0xb7,0xb2,0x80,0xd6,0x10,0x83,0x74,0xce,0x8d,0xa4,0xc7, + 0x02,0xf6,0x6a,0x9d,0x1d,0x01,0xb1,0x41,0xc6,0xa6,0x98,0x72,0x9d,0x0f,0xcd,0xb0, + 0x63,0x1b,0x21,0x57,0x8d,0xde,0xd7,0x21,0xef,0x5c,0x49,0x08,0x12,0x26,0x6c,0xf6, + 0xf0,0x12,0x70,0xa8,0xc6,0xc2,0xf0,0x84,0x66,0xc9,0xb3,0xc6,0x26,0xc0,0xf1,0xed, + 0xeb,0x5b,0x4f,0xb3,0x2e,0x95,0x8a,0x4a,0x38,0x8c,0x6c,0x6e,0x73,0xb5,0x3a,0x50, + 0x61,0x37,0x35,0x43,0x58,0xbd,0x00,0xbb,0xd2,0x05,0x8c,0x9c,0x12,0x79,0x04,0x10, + 0xa4,0x5f,0x43,0x48,0x75,0x48,0x44,0xb3,0x57,0xc4,0xe1,0x7f,0xb3,0x8c,0x8c,0xac, + 0x87,0xa6,0xbe,0x3c,0xd0,0x6a,0x08,0x94,0x3d,0xb0,0xe8,0xb8,0x67,0xd4,0x73,0xe7, + 0xd3,0x58,0x1e,0xd2,0xa3,0x2d,0x25,0xd7,0xb4,0x5e,0xec,0xf8,0xfe,0xa1,0x0d,0x0a, + 0xde,0x1c,0x88,0x85,0x91,0xc7,0x1f,0xc8,0x6a,0xbd,0x14,0x46,0xfa,0xdc,0xa2,0x88, + 0x1d,0xe8,0x7a,0x6d,0x05,0x56,0x6c,0x50,0x00,0xc1,0xe0,0x75,0xb0,0xc1,0xc5,0x48, + 0x1f,0xfb,0x6e,0x98,0x2a,0x3f,0x8f,0x44,0xfa,0x8a,0xd0,0xb6,0xa9,0x2f,0x1c,0xde, + 0xdd,0x9c,0x38,0xd3,0x26,0xa6,0xef,0xad,0x9d,0x03,0x59,0xa6,0x9a,0xf4,0x20,0x34, + 0xb7,0xa4,0xac,0x38,0x8f,0x9c,0x7d,0x35,0x6e,0xdf,0x4d,0x6e,0x45,0x50,0xad,0xde, + 0xcc,0x71,0x92,0x24,0x2b,0x3b,0x1f,0xc4,0x16,0x46,0x02,0x91,0x9d,0x34,0x11,0xed, + 0x43,0xe2,0xb3,0x94,0x86,0x7b,0xf8,0x40,0xea,0x61,0x75,0x0b,0xac,0x4f,0x1b,0x72, + 0xd2,0x8a,0xf3,0x5e,0xb0,0xb3,0xaa,0xf6,0xee,0xd6,0x54,0xd1,0xde,0x88,0x32,0x40, + 0xc0,0xe2,0x23,0x4e,0xa2,0xdd,0xf6,0xf8,0x93,0x4c,0xdc,0xac,0xea,0x80,0x2e,0x26), + }, + { /* Message changed */ + .exp = FALSE, + .e = chunk_from_chars(0x08,0xa6,0x49), + .m = chunk_from_chars( + 0x70,0xa4,0xa8,0x98,0x02,0x85,0x68,0x69,0x9c,0xcd,0x8a,0x53,0x28,0x8a,0x74,0x78, + 0x51,0x88,0x4d,0xb2,0x97,0x1a,0xb1,0x7a,0xa1,0x16,0xa9,0x09,0xd4,0x22,0xda,0xbc, + 0x24,0x2e,0xfc,0xbd,0x2a,0x42,0x8e,0xe0,0x77,0x7a,0xc8,0xcb,0x29,0x4f,0xd2,0x5a, + 0xbc,0x17,0x33,0x42,0x22,0xcf,0x8c,0xf4,0x15,0x19,0x86,0xc4,0xac,0x81,0x09,0x4a, + 0x2c,0x04,0xaf,0x08,0x21,0xd3,0x78,0x4e,0xae,0x54,0xbf,0x5b,0x22,0x6a,0x6c,0xc5, + 0xcb,0xf6,0x6c,0x1b,0x0f,0x9e,0x5e,0xc8,0xb8,0xcd,0x8f,0x3a,0x90,0xfa,0x29,0x44, + 0x2e,0x2e,0xa7,0xc1,0x0f,0xc0,0x8c,0x7b,0xe9,0x63,0x55,0x4b,0x3b,0x64,0xac,0x81, + 0x29,0x2c,0xde,0x85,0x87,0x0c,0x8f,0xbf,0x34,0x3a,0xad,0xb5,0xa9,0x16,0xa2,0x73), + .s = chunk_from_chars( + 0x07,0x88,0x43,0xb0,0x4c,0x98,0x55,0xe6,0x0b,0x09,0x65,0x97,0x0e,0x34,0x85,0xa8, + 0x51,0x70,0x33,0xef,0xb5,0x7b,0x77,0x31,0x50,0x48,0x3e,0x7d,0x79,0xa5,0x49,0xd2, + 0x17,0x15,0x9f,0xc1,0x94,0xc7,0x8d,0x1d,0x7e,0xb8,0x72,0xad,0xe2,0x31,0xd1,0xc9, + 0x5d,0xaf,0xcb,0x7d,0x52,0x92,0xd7,0xb1,0x13,0xa9,0x95,0x67,0xf4,0x92,0xcd,0x84, + 0x6f,0x88,0xcd,0xc1,0xd0,0x35,0xa0,0x4a,0xe6,0xa5,0xef,0x28,0xa8,0x67,0x33,0x87, + 0xa2,0x47,0x9c,0x3e,0x0c,0x5a,0x12,0x04,0xbf,0x13,0x60,0x2b,0x49,0x09,0x7f,0xd4, + 0xbe,0xc1,0x62,0x84,0x56,0x6c,0x36,0xe4,0x5e,0xa3,0x96,0x35,0x67,0xf3,0x6d,0xae, + 0xe1,0xee,0x86,0x69,0x71,0x37,0xcb,0x25,0x82,0x58,0xb5,0xc3,0x18,0x92,0x6f,0xed, + 0x50,0x5c,0xd6,0x78,0x4c,0xcc,0x95,0xde,0x4e,0xdc,0x20,0x34,0xe6,0x45,0x21,0x27, + 0x6f,0x90,0x55,0x82,0x44,0x79,0xb4,0xab,0xd5,0x1a,0x73,0x15,0xe8,0x1e,0x20,0x4d, + 0xc0,0x0f,0x4b,0x07,0x7f,0x26,0xea,0x0a,0x72,0x56,0xbc,0xfb,0x0e,0xdf,0x88,0x62, + 0x4c,0x4e,0x3a,0x05,0x99,0x14,0xb7,0x5d,0xdf,0xcf,0x94,0x5c,0x56,0x20,0xeb,0x6b, + 0x06,0xb3,0x01,0x1e,0x4b,0xab,0xc2,0x68,0x57,0xbd,0xd9,0xbb,0x06,0x5d,0xfd,0xe5, + 0x15,0xc3,0x7e,0xaa,0x6a,0xd8,0x35,0x90,0x53,0x75,0x66,0x68,0x0a,0xd1,0xd7,0x76, + 0x06,0x78,0x27,0x28,0x8c,0x80,0x49,0x7b,0x76,0xc4,0x89,0xcb,0x39,0x76,0x2d,0xc1, + 0x99,0x7f,0xaa,0x41,0x08,0x6b,0x1e,0x37,0x7d,0x3c,0x9c,0xb2,0x9e,0x45,0x99,0xde, + 0xa3,0xb1,0x23,0xd8,0x50,0x46,0x3e,0xd2,0x00,0x87,0xfa,0x74,0x4a,0x54,0x81,0xa4, + 0x53,0x7a,0x62,0x52,0xae,0xa0,0xbc,0x18,0xb2,0xbc,0x96,0x2d,0xeb,0x58,0x9a,0xe5, + 0x3a,0x88,0x23,0x9e,0xac,0x7e,0x79,0x06,0xf4,0xb1,0x6e,0x68,0xc0,0xe7,0xde,0x24, + 0x78,0xc4,0xe4,0xda,0x86,0x90,0x08,0xa6,0x54,0x55,0xc6,0x91,0x54,0x7b,0x16,0xa9, + 0xd9,0x64,0xfe,0x0f,0xaa,0xac,0x4a,0xbb,0x22,0x30,0x9e,0x07,0x53,0x40,0x8e,0x22, + 0xa8,0x66,0x8c,0x0e,0x96,0x68,0x1f,0x0f,0xed,0xf3,0xad,0xeb,0xd7,0xc3,0xc6,0xea, + 0x0b,0x45,0x2e,0x07,0xa6,0xd9,0x4d,0x94,0x37,0xe8,0xb0,0x3e,0x7b,0x26,0x20,0x3a, + 0xff,0x7c,0x17,0x06,0xb5,0x8a,0x20,0x56,0x86,0x42,0xa8,0x71,0x9b,0x98,0x38,0xf0), + }, + }, +}, +}; + +START_TEST(test_verify_pss) +{ + public_key_t *pubkey; + bool result; + int i; + + if (!lib->plugins->has_feature(lib->plugins, + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS))) + { + warn("%N not supported, skip test", signature_scheme_names, + SIGN_RSA_EMSA_PSS); + return; + } + for (i = 0; i < countof(pss_verify[_i].tests); i++) + { + pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, pss_verify[_i].n, + BUILD_RSA_PUB_EXP, pss_verify[_i].tests[i].e, + BUILD_END); + ck_assert(pubkey != NULL); + result = pubkey->verify(pubkey, SIGN_RSA_EMSA_PSS, + &pss_verify[_i].params, + pss_verify[_i].tests[i].m, + pss_verify[_i].tests[i].s); + fail_unless(result == pss_verify[_i].tests[i].exp, + "verify %N [%d]", signature_scheme_names, + SIGN_RSA_EMSA_PSS, i); + pubkey->destroy(pubkey); + } +} +END_TEST + Suite *rsa_suite_create() { Suite *s; @@ -395,5 +5188,23 @@ Suite *rsa_suite_create() tcase_add_loop_test(tc, test_load, 0, countof(keys)); suite_add_tcase(s, tc); + tc = tcase_create("sign"); + tcase_add_checked_fixture(tc, setup_keys, teardown_keys); + tcase_add_loop_test(tc, test_sign_pkcs15_2048, 0, countof(pkcs15_2048)); + tcase_add_loop_test(tc, test_sign_pkcs15_3072, 0, countof(pkcs15_3072)); + suite_add_tcase(s, tc); + + tc = tcase_create("sign pss"); + tcase_add_checked_fixture(tc, setup_keys_pss, teardown_keys_pss); + tcase_add_loop_test(tc, test_sign_pss_2048, 0, countof(pss_sign_2048)); + tcase_add_loop_test(tc, test_sign_pss_3072, 0, countof(pss_sign_3072)); + tcase_add_loop_test(tc, test_sign_pss_no_salt, 0, countof(pss_sign_ns)); + suite_add_tcase(s, tc); + + tc = tcase_create("verify"); + tcase_add_loop_test(tc, test_verify_pkcs15, 0, countof(pkcs15_verify)); + tcase_add_loop_test(tc, test_verify_pss, 0, countof(pss_verify)); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_signature_params.c b/src/libstrongswan/tests/suites/test_signature_params.c new file mode 100644 index 000000000..38cb5803f --- /dev/null +++ b/src/libstrongswan/tests/suites/test_signature_params.c @@ -0,0 +1,461 @@ +/* + * Copyright (C) 2017 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <credentials/keys/signature_params.h> + +static struct { + chunk_t aid; + rsa_pss_params_t params; +} rsa_pss_parse_tests[] = { + /* from RFC 7427, no parameters (empty sequence) */ + { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }}, + /* from RFC 7427, default parameters (SHA-1), would actually not be sent + * like this, as corrected in errata */ + { chunk_from_chars(0x30,0x3e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x31,0xa0, + 0x0b,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0xa1,0x18,0x30,0x16, + 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30,0x09,0x06,0x05,0x2b, + 0x0e,0x03,0x02,0x1a,0x05,0x00,0xa2,0x03,0x02,0x01,0x14,0xa3,0x03,0x02,0x01,0x01), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }}, + /* from RFC 7427, SHA-256 */ + { chunk_from_chars(0x30,0x46,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x39,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x20,0xa3,0x03,0x02,0x01,0x01), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, + /* from RFC 7427, SHA-256 (errata, without trailer, with len corrections) */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x20), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, + /* SHA-512 */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x40), + { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA512, }}, + /* SHA-256, no salt */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x00), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }}, + /* only hash specified */ + { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11, + 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, + 0x05,0x00), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }}, + /* only mgf specified */ + { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08, + 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }}, + /* only salt specified */ + { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2, + 0x03,0x02,0x01,0x20), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }}, +}; + +START_TEST(test_rsa_pss_params_parse) +{ + rsa_pss_params_t parsed; + chunk_t params; + int oid; + + oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_tests[_i].aid, 0, ¶ms); + ck_assert_int_eq(OID_RSASSA_PSS, oid); + ck_assert(rsa_pss_params_parse(params, 1, &parsed)); + ck_assert_int_eq(rsa_pss_parse_tests[_i].params.hash, parsed.hash); + ck_assert_int_eq(rsa_pss_parse_tests[_i].params.mgf1_hash, parsed.mgf1_hash); + ck_assert_int_eq(rsa_pss_parse_tests[_i].params.salt_len, parsed.salt_len); +} +END_TEST + +chunk_t rsa_pss_parse_invalid_tests[] = { + /* unknown hash */ + chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11, + 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00, + 0x05,0x00), + /* unknown mgf */ + chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x00, + 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00), + /* unknown mgf-1 hash */ + chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08, + 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x00,0x05,0x00), + /* incorrect trailer */ + chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05, + 0xa3,0x03,0x02,0x01,0x02), + /* too long trailer */ + chunk_from_chars(0x30,0x13,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x06, + 0xa3,0x04,0x02,0x02,0x01,0x01), +}; + +START_TEST(test_rsa_pss_params_parse_invalid) +{ + rsa_pss_params_t parsed; + chunk_t params; + int oid; + + oid = asn1_parse_algorithmIdentifier(rsa_pss_parse_invalid_tests[_i], 0, ¶ms); + ck_assert_int_eq(OID_RSASSA_PSS, oid); + ck_assert(!rsa_pss_params_parse(params, 1, &parsed)); +} +END_TEST + +static struct { + chunk_t aid; + rsa_pss_params_t params; +} rsa_pss_build_tests[] = { + /* default parameters -> empty sequence */ + { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }}, + /* SHA-256 */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x20), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }}, + /* default salt length: SHA-1 */ + { chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x00), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }}, + /* default salt length: SHA-224 */ + { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00, + 0xa2,0x03,0x02,0x01,0x1c), + { .hash = HASH_SHA224, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }}, + /* default salt length: SHA-384 */ + { chunk_from_chars(0x30,0x23,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x16,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00, + 0xa2,0x03,0x02,0x01,0x30), + { .hash = HASH_SHA384, .mgf1_hash = HASH_SHA1, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }}, + /* SHA-512 */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x40), + { .hash = HASH_SHA512, .mgf1_hash = HASH_SHA512, .salt_len = RSA_PSS_SALT_LEN_DEFAULT, }}, + /* SHA-256, no salt */ + { chunk_from_chars(0x30,0x41,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x34,0xa0, + 0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0xa2,0x03, + 0x02,0x01,0x00), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 0, }}, + /* SHA-256, rest default */ + { chunk_from_chars(0x30,0x1e,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x11, + 0xa0,0x0f,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, + 0x05,0x00), + { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }}, + /* MGF1-SHA-256, rest default */ + { chunk_from_chars(0x30,0x2b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x1e, + 0xa1,0x1c,0x30,0x1a,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08, + 0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA1, }}, + /* only salt specified */ + { chunk_from_chars(0x30,0x12,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a,0x30,0x05,0xa2, + 0x03,0x02,0x01,0x20), + { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA256, }}, +}; + +START_TEST(test_rsa_pss_params_build) +{ + chunk_t params, aid; + + ck_assert(rsa_pss_params_build(&rsa_pss_build_tests[_i].params, ¶ms)); + aid = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_RSASSA_PSS), + params); + ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid); + chunk_free(&aid); +} +END_TEST + +rsa_pss_params_t rsa_pss_build_invalid_tests[] = { + /* unknown hash */ + { .hash = HASH_UNKNOWN, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }, + /* invalid mgf */ + { .hash = HASH_SHA256, .mgf1_hash = HASH_UNKNOWN, .salt_len = HASH_SIZE_SHA256, }, +}; + +START_TEST(test_rsa_pss_params_build_invalid) +{ + chunk_t params; + + ck_assert(!rsa_pss_params_build(&rsa_pss_build_invalid_tests[_i], ¶ms)); +} +END_TEST + +static rsa_pss_params_t rsa_pss_params_sha1 = { .hash = HASH_SHA1, .mgf1_hash = HASH_SHA1, .salt_len = HASH_SIZE_SHA1, }; +static rsa_pss_params_t rsa_pss_params_sha256 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }; +static rsa_pss_params_t rsa_pss_params_sha256_mgf1 = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA512, .salt_len = HASH_SIZE_SHA256, }; +static rsa_pss_params_t rsa_pss_params_sha256_salt = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = 10, }; + +static struct { + bool equal; + bool complies; + signature_params_t a; + signature_params_t b; +} params_compare_tests[] = { + { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, }, + { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA1, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, }, + { TRUE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, }, + { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 }, }, + { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_mgf1 }, }, + { FALSE, TRUE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, }, + { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha1 }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, }, + { FALSE, FALSE, { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PSS, }, }, +}; + +START_TEST(test_params_compare) +{ + bool res; + + res = signature_params_equal(¶ms_compare_tests[_i].a, + ¶ms_compare_tests[_i].b); + ck_assert(res == params_compare_tests[_i].equal); + res = signature_params_comply(¶ms_compare_tests[_i].a, + ¶ms_compare_tests[_i].b); + ck_assert(res == params_compare_tests[_i].complies); + res = signature_params_comply(¶ms_compare_tests[_i].b, + ¶ms_compare_tests[_i].a); + ck_assert(res == params_compare_tests[_i].complies); +} +END_TEST + +START_TEST(test_params_compare_null) +{ + ck_assert(signature_params_equal(NULL, NULL)); + ck_assert(!signature_params_equal(¶ms_compare_tests[0].a, NULL)); + ck_assert(!signature_params_equal(NULL, ¶ms_compare_tests[0].a)); +} +END_TEST + +static struct { + signature_params_t src; + signature_params_t res; +} params_clone_tests[] = { + { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, }, + { { .scheme = SIGN_RSA_EMSA_PSS }, { .scheme = SIGN_RSA_EMSA_PSS }, }, + { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256 }, }, + { { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, + { .scheme = SIGN_RSA_EMSA_PSS, .params = &rsa_pss_params_sha256_salt }, }, + { { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, .params = &rsa_pss_params_sha256 }, + { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }, }, +}; + +START_TEST(test_params_clone) +{ + signature_params_t *clone = NULL; + + clone = signature_params_clone(¶ms_clone_tests[_i].src); + ck_assert(signature_params_equal(clone, ¶ms_clone_tests[_i].res)); + signature_params_destroy(clone); +} +END_TEST + +START_TEST(test_params_clone_null) +{ + signature_params_t *clone = NULL; + + clone = signature_params_clone(clone); + ck_assert(!clone); + signature_params_destroy(clone); +} +END_TEST + +START_TEST(test_params_clear) +{ + signature_params_t *clone; + + clone = signature_params_clone(¶ms_clone_tests[_i].src); + signature_params_clear(clone); + ck_assert_int_eq(clone->scheme, SIGN_UNKNOWN); + ck_assert(!clone->params); + free(clone); +} +END_TEST + +START_TEST(test_params_clear_null) +{ + signature_params_t *clone = NULL; + + signature_params_clear(clone); +} +END_TEST + +START_TEST(test_params_parse_rsa_pss) +{ + signature_params_t parsed, res = { .scheme = SIGN_RSA_EMSA_PSS, }; + + ck_assert(signature_params_parse(rsa_pss_parse_tests[_i].aid, 0, &parsed)); + res.params = &rsa_pss_parse_tests[_i].params; + ck_assert(signature_params_equal(&parsed, &res)); + signature_params_clear(&parsed); +} +END_TEST + +START_TEST(test_params_parse_rsa_pss_invalid) +{ + signature_params_t parsed; + + ck_assert(!signature_params_parse(rsa_pss_parse_invalid_tests[_i], 0, &parsed)); +} +END_TEST + +static struct { + bool valid; + chunk_t aid; + signature_params_t params; +} params_parse_tests[] = { + { TRUE, chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00), + { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }}, + { TRUE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02), + { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }}, + { FALSE, chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0xff), }, +}; + +START_TEST(test_params_parse_other) +{ + signature_params_t parsed; + + if (params_parse_tests[_i].valid) + { + ck_assert(signature_params_parse(params_parse_tests[_i].aid, 0, &parsed)); + ck_assert(signature_params_equal(&parsed, ¶ms_parse_tests[_i].params)); + signature_params_clear(&parsed); + } + else + { + ck_assert(!signature_params_parse(params_parse_tests[_i].aid, 0, &parsed)); + } +} +END_TEST + +START_TEST(test_params_build_rsa_pss) +{ + signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, }; + chunk_t aid; + + scheme.params = &rsa_pss_build_tests[_i].params; + ck_assert(signature_params_build(&scheme, &aid)); + ck_assert_chunk_eq(rsa_pss_build_tests[_i].aid, aid); + chunk_free(&aid); +} +END_TEST + +START_TEST(test_params_build_rsa_pss_invalid) +{ + signature_params_t scheme = { .scheme = SIGN_RSA_EMSA_PSS, }; + chunk_t aid; + + scheme.params = &rsa_pss_build_invalid_tests[_i]; + ck_assert(!signature_params_build(&scheme, &aid)); +} +END_TEST + +static struct { + bool valid; + signature_params_t params; + chunk_t aid; +} params_build_tests[] = { + { TRUE, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256, }, + chunk_from_chars(0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00), }, + { TRUE, { .scheme = SIGN_ECDSA_WITH_SHA256_DER, }, + chunk_from_chars(0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02), }, + { FALSE, { .scheme = SIGN_UNKNOWN, }, }, +}; + +START_TEST(test_params_build_other) +{ + chunk_t aid; + + if (params_build_tests[_i].valid) + { + ck_assert(signature_params_build(¶ms_build_tests[_i].params, &aid)); + ck_assert_chunk_eq(params_build_tests[_i].aid, aid); + chunk_free(&aid); + } + else + { + ck_assert(!signature_params_build(¶ms_build_tests[_i].params, &aid)); + } +} +END_TEST + +Suite *signature_params_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("signature params"); + + tc = tcase_create("rsa/pss parse"); + tcase_add_loop_test(tc, test_rsa_pss_params_parse, 0, countof(rsa_pss_parse_tests)); + tcase_add_loop_test(tc, test_rsa_pss_params_parse_invalid, 0, countof(rsa_pss_parse_invalid_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("rsa/pss build"); + tcase_add_loop_test(tc, test_rsa_pss_params_build, 0, countof(rsa_pss_build_tests)); + tcase_add_loop_test(tc, test_rsa_pss_params_build_invalid, 0, countof(rsa_pss_build_invalid_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("params compare"); + tcase_add_loop_test(tc, test_params_compare, 0, countof(params_compare_tests)); + tcase_add_test(tc, test_params_compare_null); + suite_add_tcase(s, tc); + + tc = tcase_create("params clone"); + tcase_add_loop_test(tc, test_params_clone, 0, countof(params_clone_tests)); + tcase_add_test(tc, test_params_clone_null); + suite_add_tcase(s, tc); + + tc = tcase_create("params clear"); + tcase_add_loop_test(tc, test_params_clear, 0, countof(params_clone_tests)); + tcase_add_test(tc, test_params_clear_null); + suite_add_tcase(s, tc); + + tc = tcase_create("parse"); + tcase_add_loop_test(tc, test_params_parse_rsa_pss, 0, countof(rsa_pss_parse_tests)); + tcase_add_loop_test(tc, test_params_parse_rsa_pss_invalid, 0, countof(rsa_pss_parse_invalid_tests)); + tcase_add_loop_test(tc, test_params_parse_other, 0, countof(params_parse_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("build"); + tcase_add_loop_test(tc, test_params_build_rsa_pss, 0, countof(rsa_pss_build_tests)); + tcase_add_loop_test(tc, test_params_build_rsa_pss_invalid, 0, countof(rsa_pss_build_invalid_tests)); + tcase_add_loop_test(tc, test_params_build_other, 0, countof(params_build_tests)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 3428f237f..353010aaf 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -904,15 +904,20 @@ END_TEST static struct { key_type_t type; int size; - signature_scheme_t expected[4]; + signature_scheme_t expected[7]; } scheme_data[] = { - {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + {KEY_RSA, 1024, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 2048, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 4096, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 8192, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, @@ -928,16 +933,16 @@ static struct { START_TEST(test_signature_schemes_for_key) { enumerator_t *enumerator; - signature_scheme_t scheme; + signature_params_t *params; int i; enumerator = signature_schemes_for_key(scheme_data[_i].type, scheme_data[_i].size); for (i = 0; scheme_data[_i].expected[i] != SIGN_UNKNOWN; i++) { - ck_assert(enumerator->enumerate(enumerator, &scheme)); - ck_assert_int_eq(scheme_data[_i].expected[i], scheme); + ck_assert(enumerator->enumerate(enumerator, ¶ms)); + ck_assert_int_eq(scheme_data[_i].expected[i], params->scheme); } - ck_assert(!enumerator->enumerate(enumerator, &scheme)); + ck_assert(!enumerator->enumerate(enumerator, ¶ms)); enumerator->destroy(enumerator); } END_TEST diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index ed77b3c86..b9a0fe6d6 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -386,9 +386,28 @@ static void collect_failure_info(array_t *failures, char *name, int i) } /** + * Collect warning information, add failure_t to array + */ +static bool collect_warning_info(array_t *warnings, char *name, int i) +{ + failure_t warning = { + .name = name, + .i = i, + }; + + warning.line = test_warning_get(warning.msg, sizeof(warning.msg), + &warning.file); + if (warning.line) + { + array_insert(warnings, -1, &warning); + } + return warning.line; +} + +/** * Print array of collected failure_t to stderr */ -static void print_failures(array_t *failures) +static void print_failures(array_t *failures, bool warnings) { failure_t failure; @@ -397,8 +416,16 @@ static void print_failures(array_t *failures) while (array_remove(failures, 0, &failure)) { - fprintf(stderr, " %sFailure in '%s': %s (", - TTY(RED), failure.name, failure.msg); + if (warnings) + { + fprintf(stderr, " %sWarning in '%s': %s (", + TTY(YELLOW), failure.name, failure.msg); + } + else + { + fprintf(stderr, " %sFailure in '%s': %s (", + TTY(RED), failure.name, failure.msg); + } if (failure.line) { fprintf(stderr, "%s:%d, ", failure.file, failure.line); @@ -423,9 +450,10 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg) enumerator_t *enumerator; test_function_t *tfun; int passed = 0; - array_t *failures; + array_t *failures, *warnings; failures = array_create(sizeof(failure_t), 0); + warnings = array_create(sizeof(failure_t), 0); fprintf(stderr, " Running case '%s': ", tcase->name); fflush(stderr); @@ -470,7 +498,14 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg) if (!leaks) { rounds++; - fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF)); + if (!collect_warning_info(warnings, tfun->name, i)) + { + fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF)); + } + else + { + fprintf(stderr, "%s~%s", TTY(YELLOW), TTY(DEF)); + } } } else @@ -497,8 +532,10 @@ static bool run_case(test_case_t *tcase, test_runner_init_t init, char *cfg) fprintf(stderr, "\n"); - print_failures(failures); + print_failures(warnings, TRUE); + print_failures(failures, FALSE); array_destroy(failures); + array_destroy(warnings); return passed == array_count(tcase->functions); } diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c index 8541cdaef..412d9fbf6 100644 --- a/src/libstrongswan/tests/test_suite.c +++ b/src/libstrongswan/tests/test_suite.c @@ -50,6 +50,21 @@ static backtrace_t *failure_backtrace; static bool worker_failed; /** + * Warning message buf + */ +static char warning_buf[4096]; + +/** + * Source file warning was issued + */ +static const char *warning_file; + +/** + * Line of source file warning was issued + */ +static int warning_line; + +/** * See header. */ test_suite_t* test_suite_create(const char *name) @@ -419,6 +434,21 @@ void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) test_failure(); } + +/** + * See header. + */ +void test_warn_msg(const char *file, int line, char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vsnprintf(warning_buf, sizeof(warning_buf), fmt, args); + warning_line = line; + warning_file = file; + va_end(args); +} + /** * See header. */ @@ -449,6 +479,25 @@ int test_failure_get(char *msg, int len, const char **file) /** * See header. */ +int test_warning_get(char *msg, int len, const char **file) +{ + int line = warning_line; + + if (!line) + { + return 0; + } + strncpy(msg, warning_buf, len - 1); + msg[len - 1] = 0; + *file = warning_file; + /* reset state */ + warning_line = 0; + return line; +} + +/** + * See header. + */ backtrace_t *test_failure_backtrace() { backtrace_t *bt; diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 97c1b42c1..9b9fcad85 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -220,6 +220,17 @@ void test_setup_timeout(int s); int test_failure_get(char *msg, int len, const char **file); /** + * Get info about a warning if one was issued during the test. Resets the + * warning state. + * + * @param msg buffer receiving warning + * @param len size of msg buffer + * @param file pointer receiving source code file + * @return source code line number, 0 if no warning issued + */ +int test_warning_get(char *msg, int len, const char **file); + +/** * Get a backtrace for a failure. * * @return allocated backtrace of test failure, if any @@ -247,6 +258,18 @@ void test_fail_vmsg(const char *file, int line, char *fmt, va_list args); void test_fail_msg(const char *file, int line, char *fmt, ...); /** + * Issue a warning for a particular test with a message using printf style + * arguments. This does not fail the test, and only the last warning for each + * test is kept. + * + * @param file source code file name + * @param line source code line number + * @param fmt printf format string + * @param ... arguments for fmt + */ +void test_warn_msg(const char *file, int line, char *fmt, ...); + +/** * Let a test fail if one of the worker threads has failed (only if called from * the main thread). */ @@ -345,6 +368,7 @@ void test_fail_if_worker_failed(); #define ck_assert_msg test_assert_msg #define ck_assert_str_eq test_str_eq #define ck_assert_chunk_eq test_chunk_eq +#define warn(fmt, ...) test_warn_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__) #define fail(fmt, ...) test_fail_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__) #define fail_if(x, fmt, ...) \ ({ \ diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h index c19cac25a..525bdeb94 100644 --- a/src/libstrongswan/tests/tests.h +++ b/src/libstrongswan/tests/tests.h @@ -51,4 +51,5 @@ TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256) TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT) TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519) +TEST_SUITE(signature_params_suite_create) diff --git a/src/libstrongswan/utils/debug.h b/src/libstrongswan/utils/debug.h index f1c8c70ab..3b554487c 100644 --- a/src/libstrongswan/utils/debug.h +++ b/src/libstrongswan/utils/debug.h @@ -24,9 +24,9 @@ typedef enum debug_t debug_t; typedef enum level_t level_t; -#include <stdio.h> - +#include <utils/printf_hook/printf_hook.h> #include <utils/utils.h> +#include <stdio.h> /** * Debug message group. diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 05ae62b49..7f7742e88 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1428,7 +1428,7 @@ METHOD(tls_crypto_t, sign, bool, { scheme = hashsig_to_scheme(key->get_type(key), hash, alg); if (scheme != SIGN_UNKNOWN && - key->sign(key, scheme, data, &sig)) + key->sign(key, scheme, NULL, data, &sig)) { done = TRUE; break; @@ -1460,7 +1460,8 @@ METHOD(tls_crypto_t, sign, bool, { return FALSE; } - done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig); + done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash, + &sig); free(hash.ptr); if (!done) { @@ -1469,7 +1470,7 @@ METHOD(tls_crypto_t, sign, bool, DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA"); break; case KEY_ECDSA: - if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig)) + if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig)) { return FALSE; } @@ -1509,7 +1510,7 @@ METHOD(tls_crypto_t, verify, bool, tls_signature_algorithm_names, alg); return FALSE; } - if (!key->verify(key, scheme, data, sig)) + if (!key->verify(key, scheme, NULL, data, sig)) { return FALSE; } @@ -1533,7 +1534,8 @@ METHOD(tls_crypto_t, verify, bool, { return FALSE; } - done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig); + done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash, + sig); free(hash.ptr); if (!done) { @@ -1542,7 +1544,8 @@ METHOD(tls_crypto_t, verify, bool, DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA"); break; case KEY_ECDSA: - if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig)) + if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, + sig)) { return FALSE; } diff --git a/src/libtls/tls_prf.c b/src/libtls/tls_prf.c index 918de1e50..f88dbc2b7 100644 --- a/src/libtls/tls_prf.c +++ b/src/libtls/tls_prf.c @@ -17,6 +17,8 @@ typedef struct private_tls_prf12_t private_tls_prf12_t; +#include <library.h> + /** * Private data of an tls_prf_t object. */ diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c index bd5a8baeb..0df5ee94c 100644 --- a/src/libtpmtss/plugins/tpm/tpm_private_key.c +++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c @@ -76,7 +76,7 @@ METHOD(private_key_t, get_keysize, int, } METHOD(private_key_t, sign, bool, - private_tpm_private_key_t *this, signature_scheme_t scheme, + private_tpm_private_key_t *this, signature_scheme_t scheme, void *params, chunk_t data, chunk_t *signature) { chunk_t pin = chunk_empty; @@ -191,7 +191,7 @@ tpm_private_key_t *tpm_private_key_connect(key_type_t type, va_list args) if (!tpm) { DBG1(DBG_LIB, "no TPM 2.0 found"); - return NULL; + return NULL; } INIT(this, diff --git a/src/pki/command.c b/src/pki/command.c index ce704dbb8..f425af7e8 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -191,7 +191,7 @@ void command_register(command_t command) int command_usage(char *error) { FILE *out = stdout; - int i; + int i, indent = 0; if (error) { @@ -221,12 +221,12 @@ int command_usage(char *error) { if (i == 0) { - fprintf(out, " pki --%s %s\n", - cmds[active].cmd, cmds[active].line[i]); + indent = fprintf(out, " pki --%s ", cmds[active].cmd); + fprintf(out, "%s\n", cmds[active].line[i]); } else { - fprintf(out, " %s\n", cmds[active].line[i]); + fprintf(out, "%*s%s\n", indent, "", cmds[active].line[i]); } } for (i = 0; cmds[active].options[i].name; i++) diff --git a/src/pki/command.h b/src/pki/command.h index 449252eb8..a7dade758 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -34,7 +34,7 @@ /** * Maximum number of usage summary lines (+1) */ -#define MAX_LINES 11 +#define MAX_LINES 12 typedef struct command_t command_t; typedef struct command_option_t command_option_t; diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 9e6e80938..d1ea5c65e 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -33,6 +33,7 @@ static int acert() { cred_encoding_type_t form = CERT_ASN1_DER; hash_algorithm_t digest = HASH_UNKNOWN; + signature_params_t *scheme = NULL; certificate_t *ac = NULL, *cert = NULL, *issuer =NULL; private_key_t *private = NULL; public_key_t *public = NULL; @@ -44,6 +45,8 @@ static int acert() char *datenb = NULL, *datena = NULL, *dateform = NULL; rng_t *rng; char *arg; + bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); groups = linked_list_create(); @@ -60,6 +63,17 @@ static int acert() goto usage; } continue; + case 'R': + if (streq(arg, "pss")) + { + pss = TRUE; + } + else if (!streq(arg, "pkcs1")) + { + error = "invalid RSA padding"; + goto usage; + } + continue; case 'i': file = arg; continue; @@ -162,10 +176,6 @@ static int acert() error = "loading issuer private key failed"; goto end; } - if (digest == HASH_UNKNOWN) - { - digest = get_default_digest(private); - } if (!private->belongs_to(private, public)) { error = "issuer private key does not match issuer certificate"; @@ -217,6 +227,7 @@ static int acert() error = "parsing user certificate failed"; goto end; } + scheme = get_signature_scheme(private, digest, pss); ac = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, @@ -227,6 +238,7 @@ static int acert() BUILD_AC_GROUP_STRINGS, groups, BUILD_SIGNING_CERT, issuer, BUILD_SIGNING_KEY, private, + BUILD_SIGNATURE_SCHEME, scheme, BUILD_END); if (!ac) { @@ -252,6 +264,7 @@ end: DESTROY_IF(public); DESTROY_IF(private); groups->destroy(groups); + signature_params_destroy(scheme); free(encoding.ptr); free(serial.ptr); @@ -279,6 +292,7 @@ static void __attribute__ ((constructor))reg() " --issuercert file [--serial hex] [--lifetime hours]", " [--not-before datetime] [--not-after datetime] [--dateform form]", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--rsa-padding pkcs1|pss]", "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, @@ -293,6 +307,7 @@ static void __attribute__ ((constructor))reg() {"not-after", 'T', 1, "date/time the validity of the AC ends"}, {"dateform", 'D', 1, "strptime(3) input format, default: %d.%m.%y %T"}, {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, + {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, } }); diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index 6f14b5276..203c76542 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -166,7 +166,7 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { gen, 'g', "gen", "generate a new private key", - {" [--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]", + {"[--type rsa|ecdsa|ed25519|bliss] [--size bits] [--safe-primes]", "[--shares n] [--threshold l] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index e41c56d08..1ccbca89f 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -61,6 +61,7 @@ static int issue() { cred_encoding_type_t form = CERT_ASN1_DER; hash_algorithm_t digest = HASH_UNKNOWN; + signature_params_t *scheme = NULL; certificate_t *cert_req = NULL, *cert = NULL, *ca =NULL; private_key_t *private = NULL; public_key_t *public = NULL; @@ -84,6 +85,8 @@ static int issue() x509_cert_policy_t *policy = NULL; traffic_selector_t *ts; char *arg; + bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); san = linked_list_create(); cdps = linked_list_create(); @@ -143,6 +146,17 @@ static int issue() goto usage; } continue; + case 'R': + if (streq(arg, "pss")) + { + pss = TRUE; + } + else if (!streq(arg, "pkcs1")) + { + error = "invalid RSA padding"; + goto usage; + } + continue; case 'i': file = arg; continue; @@ -396,10 +410,6 @@ static int issue() error = "loading CA private key failed"; goto end; } - if (digest == HASH_UNKNOWN) - { - digest = get_default_digest(private); - } if (!private->belongs_to(private, public)) { error = "CA private key does not match CA certificate"; @@ -525,11 +535,12 @@ static int issue() id = identification_create_from_encoding(ID_DER_ASN1_DN, chunk_from_chars(ASN1_SEQUENCE, 0)); } + scheme = get_signature_scheme(private, digest, pss); cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca, BUILD_PUBLIC_KEY, public, BUILD_SUBJECT, id, - BUILD_NOT_BEFORE_TIME, not_before, BUILD_DIGEST_ALG, digest, + BUILD_NOT_BEFORE_TIME, not_before, BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, BUILD_SUBJECT_ALTNAMES, san, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_ADDRBLOCKS, addrblocks, @@ -542,6 +553,7 @@ static int issue() BUILD_POLICY_REQUIRE_EXPLICIT, require_explicit, BUILD_POLICY_INHIBIT_MAPPING, inhibit_mapping, BUILD_POLICY_INHIBIT_ANY, inhibit_any, + BUILD_SIGNATURE_SCHEME, scheme, BUILD_END); if (!cert) { @@ -575,6 +587,7 @@ end: mappings->destroy_function(mappings, (void*)destroy_policy_mapping); cdps->destroy_function(cdps, (void*)destroy_cdp); ocsp->destroy(ocsp); + signature_params_destroy(scheme); free(encoding.ptr); free(serial.ptr); @@ -614,6 +627,7 @@ static void __attribute__ ((constructor))reg() "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--rsa-padding pkcs1|pss]", "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, @@ -646,6 +660,7 @@ static void __attribute__ ((constructor))reg() {"crlissuer", 'I', 1, "CRL Issuer for CRL at distribution point"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, + {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, } }); diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 7b87e6ca6..cfddbc455 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -30,6 +30,7 @@ static int req() cred_encoding_type_t form = CERT_ASN1_DER; key_type_t type = KEY_ANY; hash_algorithm_t digest = HASH_UNKNOWN; + signature_params_t *scheme = NULL; certificate_t *cert = NULL; private_key_t *private = NULL; char *file = NULL, *keyid = NULL, *dn = NULL, *error = NULL; @@ -38,6 +39,8 @@ static int req() chunk_t encoding = chunk_empty; chunk_t challenge_password = chunk_empty; char *arg; + bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); san = linked_list_create(); @@ -77,6 +80,17 @@ static int req() goto usage; } continue; + case 'R': + if (streq(arg, "pss")) + { + pss = TRUE; + } + else if (!streq(arg, "pkcs1")) + { + error = "invalid RSA padding"; + goto usage; + } + continue; case 'i': file = arg; continue; @@ -153,16 +167,14 @@ static int req() error = "parsing private key failed"; goto end; } - if (digest == HASH_UNKNOWN) - { - digest = get_default_digest(private); - } + scheme = get_signature_scheme(private, digest, pss); + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, BUILD_SIGNING_KEY, private, BUILD_SUBJECT, id, BUILD_SUBJECT_ALTNAMES, san, BUILD_CHALLENGE_PWD, challenge_password, - BUILD_DIGEST_ALG, digest, + BUILD_SIGNATURE_SCHEME, scheme, BUILD_END); if (!cert) { @@ -186,6 +198,7 @@ end: DESTROY_IF(cert); DESTROY_IF(private); san->destroy_offset(san, offsetof(identification_t, destroy)); + signature_params_destroy(scheme); free(encoding.ptr); if (error) @@ -208,20 +221,22 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { req, 'r', "req", "create a PKCS#10 certificate request", - {" [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name", + {"[--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name", "[--san subjectAltName]+ [--password challengePassword]", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--rsa-padding pkcs1|pss]", "[--outform der|pem]"}, { - {"help", 'h', 0, "show usage information"}, - {"in", 'i', 1, "private key input file, default: stdin"}, - {"keyid", 'x', 1, "smartcard or TPM private key object handle"}, - {"type", 't', 1, "type of input key, default: priv"}, - {"dn", 'd', 1, "subject distinguished name"}, - {"san", 'a', 1, "subjectAltName to include in cert request"}, - {"password",'p', 1, "challengePassword to include in cert request"}, - {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, - {"outform", 'f', 1, "encoding of generated request, default: der"}, + {"help", 'h', 0, "show usage information"}, + {"in", 'i', 1, "private key input file, default: stdin"}, + {"keyid", 'x', 1, "smartcard or TPM private key object handle"}, + {"type", 't', 1, "type of input key, default: priv"}, + {"dn", 'd', 1, "subject distinguished name"}, + {"san", 'a', 1, "subjectAltName to include in cert request"}, + {"password", 'p', 1, "challengePassword to include in cert request"}, + {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, + {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"}, + {"outform", 'f', 1, "encoding of generated request, default: der"}, } }); } diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index bdb22463e..6f7adef0f 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -52,6 +52,7 @@ static int self() cred_encoding_type_t form = CERT_ASN1_DER; key_type_t type = KEY_ANY; hash_algorithm_t digest = HASH_UNKNOWN; + signature_params_t *scheme = NULL; certificate_t *cert = NULL; private_key_t *private = NULL; public_key_t *public = NULL; @@ -70,6 +71,8 @@ static int self() x509_cert_policy_t *policy = NULL; traffic_selector_t *ts; char *arg; + bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); san = linked_list_create(); ocsp = linked_list_create(); @@ -119,6 +122,17 @@ static int self() goto usage; } continue; + case 'R': + if (streq(arg, "pss")) + { + pss = TRUE; + } + else if (!streq(arg, "pkcs1")) + { + error = "invalid RSA padding"; + goto usage; + } + continue; case 'i': file = arg; continue; @@ -335,10 +349,6 @@ static int self() error = "loading private key failed"; goto end; } - if (digest == HASH_UNKNOWN) - { - digest = get_default_digest(private); - } public = private->get_public_key(private); if (!public) { @@ -367,11 +377,13 @@ static int self() serial.ptr[0] &= 0x7F; rng->destroy(rng); } + scheme = get_signature_scheme(private, digest, pss); + cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public, BUILD_SUBJECT, id, BUILD_NOT_BEFORE_TIME, not_before, BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial, - BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags, + BUILD_SIGNATURE_SCHEME, scheme, BUILD_X509_FLAG, flags, BUILD_PATHLEN, pathlen, BUILD_SUBJECT_ALTNAMES, san, BUILD_ADDRBLOCKS, addrblocks, BUILD_OCSP_ACCESS_LOCATIONS, ocsp, @@ -412,6 +424,7 @@ end: policies->destroy_function(policies, (void*)destroy_cert_policy); mappings->destroy_function(mappings, (void*)destroy_policy_mapping); ocsp->destroy(ocsp); + signature_params_destroy(scheme); free(encoding.ptr); free(serial.ptr); @@ -441,7 +454,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { self, 's', "self", "create a self signed certificate", - {" [--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]", + {"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|bliss|priv]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+", @@ -450,6 +463,7 @@ static void __attribute__ ((constructor))reg() "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--rsa-padding pkcs1|pss]", "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, @@ -478,6 +492,7 @@ static void __attribute__ ((constructor))reg() {"flag", 'e', 1, "include extendedKeyUsage flag"}, {"ocsp", 'o', 1, "OCSP AuthorityInfoAccess URI to include"}, {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, + {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"}, {"outform", 'f', 1, "encoding of generated cert, default: der"}, } }); diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 4c2e6df71..50f939687 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -120,6 +120,7 @@ static int sign_crl() crl_t *lastcrl = NULL; x509_t *x509; hash_algorithm_t digest = HASH_UNKNOWN; + signature_params_t *scheme = NULL; char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL; char *basecrl = NULL; char serial[512], *keyid = NULL; @@ -133,6 +134,8 @@ static int sign_crl() x509_cdp_t *cdp; chunk_t crl_serial = chunk_empty, baseCrlNumber = chunk_empty; chunk_t encoding = chunk_empty; + bool pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); list = linked_list_create(); cdps = linked_list_create(); @@ -150,6 +153,17 @@ static int sign_crl() goto usage; } continue; + case 'R': + if (streq(arg, "pss")) + { + pss = TRUE; + } + else if (!streq(arg, "pkcs1")) + { + error = "invalid RSA padding"; + goto usage; + } + continue; case 'c': cacert = arg; continue; @@ -332,10 +346,6 @@ static int sign_crl() error = "loading CA private key failed"; goto error; } - if (digest == HASH_UNKNOWN) - { - digest = get_default_digest(private); - } if (!private->belongs_to(private, public)) { error = "CA private key does not match CA certificate"; @@ -390,6 +400,7 @@ static int sign_crl() /* increment the serial number by one */ chunk_increment(crl_serial); + scheme = get_signature_scheme(private, digest, pss); enumerator = enumerator_create_filter(list->create_enumerator(list), filter, NULL, NULL); crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, @@ -397,7 +408,7 @@ static int sign_crl() BUILD_SERIAL, crl_serial, BUILD_NOT_BEFORE_TIME, thisUpdate, BUILD_NOT_AFTER_TIME, nextUpdate, BUILD_REVOKED_ENUMERATOR, enumerator, - BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_DIGEST_ALG, digest, + BUILD_REVOKED_ENUMERATOR, lastenum, BUILD_SIGNATURE_SCHEME, scheme, BUILD_CRL_DISTRIBUTION_POINTS, cdps, BUILD_BASE_CRL, baseCrlNumber, BUILD_END); enumerator->destroy(enumerator); @@ -427,6 +438,7 @@ error: DESTROY_IF(private); DESTROY_IF(ca); DESTROY_IF(crl); + signature_params_destroy(scheme); free(encoding.ptr); free(baseCrlNumber.ptr); list->destroy_function(list, (void*)revoked_destroy); @@ -453,12 +465,13 @@ static void __attribute__ ((constructor))reg() sign_crl, 'c', "signcrl", "issue a CRL using a CA certificate and key", {"--cacert file --cakey file|--cakeyid hex [--lifetime days]", - " [--lastcrl crl] [--basecrl crl] [--crluri uri]+", - " [[--reason key-compromise|ca-compromise|affiliation-changed|", - " superseded|cessation-of-operation|certificate-hold]", - " [--date timestamp] --cert file|--serial hex]*", - " [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", - " [--outform der|pem]"}, + "[--lastcrl crl] [--basecrl crl] [--crluri uri]+", + "[[--reason key-compromise|ca-compromise|affiliation-changed|", + " superseded|cessation-of-operation|certificate-hold]", + " [--date timestamp] --cert file|--serial hex]*", + "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--rsa-padding pkcs1|pss]", + "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"cacert", 'c', 1, "CA certificate file"}, @@ -476,6 +489,7 @@ static void __attribute__ ((constructor))reg() {"reason", 'r', 1, "reason for certificate revocation"}, {"date", 'd', 1, "revocation date as unix timestamp, default: now"}, {"digest", 'g', 1, "digest for signature creation, default: key-specific"}, + {"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"}, {"outform", 'f', 1, "encoding of generated crl, default: der"}, } }); diff --git a/src/pki/man/pki---acert.1.in b/src/pki/man/pki---acert.1.in index c6ecbb989..6c574f273 100644 --- a/src/pki/man/pki---acert.1.in +++ b/src/pki/man/pki---acert.1.in @@ -16,6 +16,7 @@ pki \-\-acert \- Issue an attribute certificate .OP \-\-not-after datetime .OP \-\-serial hex .OP \-\-digest digest +.OP \-\-rsa\-padding padding .OP \-\-outform encoding .OP \-\-debug level .YS @@ -103,6 +104,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is determined based on the type and size of the signature key. .TP +.BI "\-R, \-\-rsa\-padding " padding +Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults +to \fIpkcs1\fR. +.TP .BI "\-f, \-\-outform " encoding Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or \fIpem\fR (Base64 PEM), defaults to \fIder\fR. diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 99cc64fa5..8aec65306 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -19,6 +19,7 @@ pki \-\-issue \- Issue a certificate using a CA certificate and key .OP \-\-serial hex .OP \-\-flag flag .OP \-\-digest digest +.OP \-\-rsa\-padding padding .OP \-\-ca .OP \-\-crl uri\ \fR[\fB\-\-crlissuer\ \fIissuer\fR] .OP \-\-ocsp uri @@ -129,6 +130,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is determined based on the type and size of the signature key. .TP +.BI "\-R, \-\-rsa\-padding " padding +Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults +to \fIpkcs1\fR. +.TP .BI "\-f, \-\-outform " encoding Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or \fIpem\fR (Base64 PEM), defaults to \fIder\fR. diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in index 09ef0862a..8f7de248c 100644 --- a/src/pki/man/pki---req.1.in +++ b/src/pki/man/pki---req.1.in @@ -15,6 +15,7 @@ pki \-\-req \- Create a PKCS#10 certificate request .OP \-\-san subjectAltName .OP \-\-password password .OP \-\-digest digest +.OP \-\-rsa\-padding padding .OP \-\-outform encoding .OP \-\-debug level .YS @@ -72,6 +73,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is determined based on the type and size of the signature key. .TP +.BI "\-R, \-\-rsa\-padding " padding +Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults +to \fIpkcs1\fR. +.TP .BI "\-f, \-\-outform " encoding Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or \fIpem\fR (Base64 PEM), defaults to \fIder\fR. diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in index aa7e6fabe..5f7e42108 100644 --- a/src/pki/man/pki---self.1.in +++ b/src/pki/man/pki---self.1.in @@ -19,6 +19,7 @@ pki \-\-self \- Create a self-signed certificate .OP \-\-serial hex .OP \-\-flag flag .OP \-\-digest digest +.OP \-\-rsa\-padding padding .OP \-\-ca .OP \-\-ocsp uri .OP \-\-pathlen len @@ -115,6 +116,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is determined based on the type and size of the signature key. .TP +.BI "\-R, \-\-rsa\-padding " padding +Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults +to \fIpkcs1\fR. +.TP .BI "\-f, \-\-outform " encoding Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or \fIpem\fR (Base64 PEM), defaults to \fIder\fR. diff --git a/src/pki/man/pki---signcrl.1.in b/src/pki/man/pki---signcrl.1.in index b901ad084..0abd166a9 100644 --- a/src/pki/man/pki---signcrl.1.in +++ b/src/pki/man/pki---signcrl.1.in @@ -16,6 +16,7 @@ pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certific .OP \-\-basecrl crl .OP \-\-crluri uri .OP \-\-digest digest +.OP \-\-rsa\-padding padding .OP \fR[\fB\-\-reason\ \fIreason\fR]\ \fR[\fB\-\-date\ \fIts\fR]\ \fB\-\-cert\ \fIfile\fB|\-\-serial\ \fIhex\fR .OP \-\-outform encoding .OP \-\-debug level @@ -102,6 +103,10 @@ Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is determined based on the type and size of the signature key. .TP +.BI "\-R, \-\-rsa\-padding " padding +Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults +to \fIpkcs1\fR. +.TP .BI "\-f, \-\-outform " encoding Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or \fIpem\fR (Base64 PEM), defaults to \fIder\fR. diff --git a/src/pki/pki.c b/src/pki/pki.c index 0fdab2aab..ec60f7d42 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2012-2014 Tobias Brunner + * Copyright (C) 2012-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -237,20 +237,20 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc) #endif } -/* - * Described in header +/** + * Determine a default hash algorithm for the given key */ -hash_algorithm_t get_default_digest(private_key_t *private) +static hash_algorithm_t get_default_digest(private_key_t *private) { enumerator_t *enumerator; - signature_scheme_t scheme; + signature_params_t *params; hash_algorithm_t alg = HASH_UNKNOWN; enumerator = signature_schemes_for_key(private->get_type(private), private->get_keysize(private)); - if (enumerator->enumerate(enumerator, &scheme)) + if (enumerator->enumerate(enumerator, ¶ms)) { - alg = hasher_from_signature_scheme(scheme); + alg = hasher_from_signature_scheme(params->scheme, params->params); } enumerator->destroy(enumerator); @@ -261,6 +261,42 @@ hash_algorithm_t get_default_digest(private_key_t *private) /* * Described in header */ +signature_params_t *get_signature_scheme(private_key_t *private, + hash_algorithm_t digest, bool pss) +{ + signature_params_t *scheme; + + if (digest == HASH_UNKNOWN) + { + digest = get_default_digest(private); + } + if (private->get_type(private) == KEY_RSA && pss) + { + rsa_pss_params_t pss_params = { + .hash = digest, + .mgf1_hash = digest, + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, + }; + signature_params_t pss_scheme = { + .scheme = SIGN_RSA_EMSA_PSS, + .params = &pss_params, + }; + scheme = signature_params_clone(&pss_scheme); + } + else + { + INIT(scheme, + .scheme = signature_scheme_from_oid( + hasher_signature_algorithm_to_oid(digest, + private->get_type(private))), + ); + } + return scheme; +} + +/* + * Described in header + */ traffic_selector_t* parse_ts(char *str) { ts_type_t type = TS_IPV4_ADDR_RANGE; diff --git a/src/pki/pki.h b/src/pki/pki.h index 54be59f8f..3f0793cfd 100644 --- a/src/pki/pki.h +++ b/src/pki/pki.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2015-2017 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -57,12 +58,17 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, void set_file_mode(FILE *stream, cred_encoding_type_t enc); /** - * Select default digest for signatures with the given key + * Determine the signature scheme and parameters for the given private key and + * hash algorithm and whether to use PSS padding for RSA. * * @param private private key - * @return hash algorithm + * @param digest hash algorithm (if HASH_UNKNOWN a default is determined + * based on the key) + * @param pss use PSS padding for RSA keys + * @return allocated signature scheme and parameters */ -hash_algorithm_t get_default_digest(private_key_t *private); +signature_params_t *get_signature_scheme(private_key_t *private, + hash_algorithm_t digest, bool pss); /** * Create a traffic selector from a CIDR or range string. diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index e5dbc921c..2dd9ea374 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -395,7 +395,11 @@ connections.<conn>.local<suffix>.auth = pubkey algorithm that matches or exceeds the strength of the signature key. If no constraints with _ike:_ prefix are configured any signature scheme constraint (without _ike:_ prefix) will also apply to IKEv2 authentication, - unless this is disabled in **strongswan.conf**(5). + unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS + signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. + _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured + RSASSA-PSS signatures will only be used if enabled in + **strongswan.conf**(5). connections.<conn>.local<suffix>.id = IKE identity to use for authentication round. @@ -589,7 +593,10 @@ connections.<conn>.remote<suffix>.auth = pubkey constraints are configured (refer to the description of the **local** section's **auth** keyword for details), such key types and hash algorithms are also applied as constraints against IKEv2 signature authentication - schemes used by the remote side. + schemes used by the remote side. To require RSASSA-PSS signatures use + _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If + _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only + be accepted if enabled in **strongswan.conf**(5). To specify trust chain constraints for EAP-(T)TLS, append a colon to the EAP method, followed by the key type/size and hash algorithm as discussed |