--- a/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h
+++ b/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h
@@ -3439,16 +3439,226 @@ static const std::vector<uint8_t> priv_k
0x31, 0x56, 0x3f, 0x08, 0x21, 0x85, 0x8c, 0x5d, 0xa0, 0x09, 0x5a, 0x98,
0x13, 0xc4, 0x5c, 0x11, 0xbb, 0xf2, 0xa4, 0x3b, 0xfc, 0x36, 0xeb, 0xd0,
0x36, 0xcd, 0x45, 0x48, 0xf4, 0x06, 0xa9, 0x33, 0x23, 0x5a, 0x5e, 0xa7,
0x1a, 0xab, 0xe2, 0x9c, 0xa5, 0x36, 0xc5, 0xd8, 0xa3, 0x7f, 0xd1, 0x31,
0x0b, 0x43, 0xf0, 0xe1, 0xbc, 0xec, 0x13, 0xbb, 0xa1, 0xd6, 0xa9, 0x96,
0x8c, 0x71, 0x8b, 0xf9, 0x74, 0xf5, 0xb7, 0x3c, 0xcb, 0xd8, 0x08, 0xd1,
0x24, 0x8c, 0x8f, 0x5c, 0xae};
+/* 2048 bit key from Hubert's Bleichenbacher tests */
+static const std::vector<uint8_t> priv_key_1b{
+ 0x30, 0x82, 0x04, 0xbd, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+ 0x04, 0xa7, 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xc8, 0xcc, 0x83, 0x97, 0x14, 0x09, 0x8d, 0xa5, 0x6c, 0xaa,
+ 0x23, 0x64, 0x0f, 0x93, 0xdc, 0x89, 0x97, 0xc1, 0x63, 0x72, 0x96, 0x8f,
+ 0xc1, 0xb0, 0xc6, 0xdf, 0x51, 0x13, 0xc1, 0xc9, 0x4e, 0x8b, 0x21, 0xe4,
+ 0x8a, 0xd2, 0x29, 0x7e, 0x65, 0x41, 0x90, 0x11, 0xb4, 0xe6, 0xd8, 0xf5,
+ 0xe7, 0x3b, 0x1b, 0x78, 0xb2, 0x57, 0x40, 0x03, 0x21, 0xd1, 0xef, 0x6b,
+ 0x60, 0x2d, 0x4e, 0xc8, 0xce, 0x8d, 0x14, 0x1c, 0x94, 0x90, 0x5e, 0xb4,
+ 0xad, 0x30, 0x66, 0x39, 0xa4, 0x92, 0x06, 0x53, 0x4b, 0x6e, 0x7f, 0x26,
+ 0x07, 0x42, 0x3e, 0x97, 0xdf, 0xfd, 0x13, 0x3c, 0x88, 0xd7, 0x21, 0x39,
+ 0x9d, 0xef, 0xbc, 0x7e, 0x96, 0xcc, 0xdc, 0xbd, 0x7f, 0x3a, 0xae, 0x1f,
+ 0xe8, 0x92, 0x71, 0x2b, 0xfb, 0x49, 0x29, 0x81, 0x7d, 0x51, 0x16, 0x66,
+ 0x44, 0x0a, 0x1f, 0xac, 0xb7, 0xa2, 0x08, 0xf5, 0xea, 0x16, 0x59, 0x10,
+ 0xad, 0xd8, 0xa3, 0xf2, 0xd4, 0x97, 0x20, 0x23, 0x60, 0xcc, 0xb6, 0x32,
+ 0x02, 0x4f, 0x0d, 0x07, 0x16, 0x9c, 0x19, 0x18, 0xf3, 0x16, 0xf7, 0x94,
+ 0xb1, 0x43, 0xae, 0xf5, 0x4e, 0xc8, 0x75, 0x22, 0xa4, 0xc0, 0x29, 0x78,
+ 0xf9, 0x68, 0x99, 0x80, 0xbf, 0xfb, 0xf6, 0x49, 0xc3, 0x07, 0xe8, 0x18,
+ 0x19, 0xbf, 0xf8, 0x84, 0x09, 0x63, 0x8d, 0x48, 0xbd, 0x94, 0xbe, 0x15,
+ 0x2b, 0x59, 0xff, 0x64, 0x9f, 0xa0, 0xbd, 0x62, 0x9d, 0x0f, 0xfa, 0x18,
+ 0x13, 0xc3, 0xab, 0xf4, 0xb5, 0x6b, 0xd3, 0xc2, 0xea, 0x54, 0x65, 0xdf,
+ 0xfa, 0x14, 0x58, 0x92, 0x92, 0xa9, 0xd8, 0xa2, 0x4a, 0xd2, 0x6b, 0xe7,
+ 0xee, 0x05, 0x10, 0x74, 0x1b, 0x63, 0x82, 0xd4, 0x3c, 0x83, 0xd5, 0xbf,
+ 0xa4, 0x0a, 0x46, 0x61, 0x3d, 0x06, 0x2b, 0xe4, 0x45, 0x51, 0x7d, 0xbc,
+ 0xaf, 0x0c, 0xb4, 0xe1, 0xa7, 0x69, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x01, 0x00, 0x14, 0x55, 0x01, 0x0e, 0x0f, 0x2d, 0x58, 0x76, 0x63,
+ 0xa6, 0x66, 0xa6, 0xff, 0x1c, 0xcd, 0xbb, 0xf0, 0xed, 0xd8, 0x10, 0x06,
+ 0x46, 0xd0, 0x2a, 0x02, 0x39, 0x22, 0x90, 0x89, 0x92, 0xc4, 0xad, 0x39,
+ 0xe5, 0x56, 0x59, 0x29, 0x72, 0x6e, 0xf6, 0x50, 0x8c, 0x3a, 0x71, 0x15,
+ 0x8e, 0xf0, 0xb6, 0xff, 0x75, 0x1d, 0x39, 0xd0, 0x75, 0x80, 0xbb, 0x2d,
+ 0x2f, 0x06, 0x32, 0x10, 0x44, 0x2d, 0x06, 0x03, 0xff, 0x50, 0xdb, 0xbd,
+ 0x7b, 0x35, 0xfe, 0x2c, 0x9b, 0xb1, 0x9a, 0x47, 0xa1, 0xaf, 0x85, 0xa4,
+ 0xc2, 0x49, 0x01, 0xe0, 0x2c, 0xa8, 0xb5, 0x8b, 0x79, 0x19, 0xb2, 0x0e,
+ 0xdf, 0x32, 0xaa, 0xcf, 0xbf, 0x51, 0xad, 0xb4, 0xbc, 0x4b, 0x61, 0xb9,
+ 0xb7, 0xe9, 0x68, 0xca, 0xa4, 0xd5, 0x70, 0xf7, 0x0e, 0xf1, 0x8d, 0x80,
+ 0x63, 0x22, 0x88, 0x93, 0xe4, 0x7d, 0x43, 0x9e, 0xfc, 0xa7, 0x93, 0x25,
+ 0x9b, 0xcf, 0x2c, 0xd1, 0x08, 0xa3, 0xd8, 0x68, 0x8c, 0xdf, 0x07, 0x8e,
+ 0x7a, 0xc7, 0x99, 0x96, 0x9f, 0x23, 0x39, 0xd2, 0xc1, 0xf5, 0x22, 0xb9,
+ 0x69, 0x68, 0x46, 0x29, 0xa9, 0x33, 0xba, 0xae, 0xc2, 0x68, 0x16, 0x25,
+ 0xea, 0xb8, 0x4f, 0x4e, 0x56, 0xf4, 0x44, 0x7e, 0x9d, 0x88, 0xfb, 0x9a,
+ 0x19, 0x9c, 0xf7, 0x10, 0x23, 0xe0, 0xe2, 0x57, 0xb1, 0x44, 0x41, 0xb3,
+ 0x3c, 0x84, 0xd3, 0xbc, 0x67, 0xca, 0x80, 0x31, 0xd2, 0x61, 0x26, 0x18,
+ 0x10, 0x3a, 0x7a, 0x0a, 0x40, 0x84, 0x42, 0x62, 0xf7, 0x5d, 0x88, 0x90,
+ 0xcd, 0x61, 0x6e, 0x51, 0xf9, 0x03, 0x54, 0x88, 0xfd, 0x6e, 0x09, 0x9d,
+ 0xe8, 0xff, 0x6d, 0x65, 0xa4, 0xff, 0x11, 0x82, 0x54, 0x80, 0x7c, 0x9f,
+ 0x58, 0xd2, 0xfb, 0xba, 0x8b, 0xa1, 0x51, 0xdc, 0x8c, 0x68, 0xbe, 0x34,
+ 0x9c, 0x97, 0x7a, 0x20, 0x4e, 0x04, 0xc1, 0x02, 0x81, 0x81, 0x00, 0xf8,
+ 0xf5, 0xad, 0x6b, 0xa8, 0x28, 0x93, 0x1b, 0xea, 0x45, 0x9b, 0x8a, 0x3f,
+ 0x6d, 0xc0, 0x41, 0xd2, 0x34, 0x82, 0x40, 0x9c, 0x25, 0x71, 0xe9, 0x63,
+ 0xf3, 0x1f, 0x74, 0x86, 0x02, 0xa2, 0x56, 0x37, 0x1b, 0x38, 0x83, 0xed,
+ 0x45, 0x9e, 0xcf, 0x97, 0x05, 0x26, 0x45, 0x9e, 0xdd, 0x16, 0xe0, 0x55,
+ 0x22, 0xf5, 0xa4, 0x5d, 0x94, 0x75, 0x1b, 0x2e, 0xc2, 0xda, 0xf2, 0x72,
+ 0xc7, 0xf8, 0x81, 0x6a, 0x52, 0xc0, 0x0d, 0x18, 0x08, 0x01, 0x71, 0x63,
+ 0x4d, 0xa8, 0x99, 0xd7, 0x97, 0x32, 0x22, 0xf5, 0x1b, 0x93, 0x76, 0x30,
+ 0x54, 0x86, 0x96, 0xa9, 0xf7, 0xd8, 0xc2, 0x4a, 0x59, 0x49, 0x7c, 0x1e,
+ 0xfc, 0xd4, 0x55, 0xcf, 0xb9, 0x7e, 0xe8, 0x6d, 0x2b, 0x6d, 0x34, 0x97,
+ 0x2b, 0x33, 0x2f, 0xda, 0x30, 0x3f, 0x04, 0x99, 0x9b, 0x4e, 0xb6, 0xb5,
+ 0xcc, 0x0b, 0xb3, 0x3e, 0x77, 0x61, 0xdd, 0x02, 0x81, 0x81, 0x00, 0xce,
+ 0x7a, 0x2e, 0x3b, 0x49, 0xa9, 0x0b, 0x96, 0x33, 0x0a, 0x12, 0xdc, 0x68,
+ 0x2b, 0xdf, 0xbd, 0xfb, 0xae, 0x8d, 0xd6, 0xdc, 0x03, 0xb6, 0x14, 0x7a,
+ 0xef, 0xbd, 0x57, 0x57, 0x43, 0xf0, 0xf6, 0xda, 0x4d, 0x86, 0x23, 0x50,
+ 0x61, 0xb7, 0x1a, 0xfd, 0x9c, 0xad, 0x2d, 0x34, 0x02, 0x5e, 0x56, 0xac,
+ 0x86, 0xb0, 0xf7, 0x74, 0x3e, 0xb3, 0x5e, 0x1a, 0xcb, 0xca, 0x23, 0x78,
+ 0x95, 0x42, 0x44, 0x65, 0xb7, 0x06, 0xed, 0x22, 0x17, 0x5e, 0x57, 0x18,
+ 0xc8, 0xc7, 0x0b, 0x67, 0x03, 0xea, 0x8f, 0x6b, 0x51, 0x0f, 0x94, 0x5b,
+ 0xe4, 0x8e, 0x5a, 0x36, 0xbb, 0x3c, 0x3c, 0x91, 0x73, 0x2b, 0x58, 0x9d,
+ 0xfc, 0x05, 0xd7, 0x2d, 0x80, 0x90, 0x31, 0x94, 0x45, 0x2b, 0xda, 0x21,
+ 0x34, 0x86, 0x47, 0xec, 0x72, 0x94, 0x3f, 0x11, 0xa8, 0x46, 0xe6, 0x2f,
+ 0xae, 0xbe, 0x8e, 0xb5, 0x36, 0xb0, 0xfd, 0x02, 0x81, 0x80, 0x76, 0xfe,
+ 0x15, 0xf1, 0x8a, 0xe2, 0x39, 0xcd, 0xf1, 0xdf, 0x6b, 0x44, 0x5c, 0xa4,
+ 0xbc, 0x6b, 0xb9, 0x68, 0xd7, 0x88, 0xc2, 0x19, 0x33, 0xa4, 0xf5, 0xdc,
+ 0xd2, 0x80, 0x03, 0x3d, 0x67, 0x12, 0x06, 0x2c, 0xc0, 0x8a, 0x6d, 0xf2,
+ 0x04, 0xc1, 0xfb, 0xd0, 0xbe, 0x46, 0x30, 0x74, 0x43, 0xe6, 0xdd, 0x4a,
+ 0x64, 0x56, 0x37, 0x54, 0x29, 0xd4, 0xe0, 0x38, 0xca, 0x25, 0x6f, 0xaf,
+ 0x1c, 0x9b, 0xde, 0x91, 0xc6, 0xb1, 0x7b, 0x76, 0xf8, 0x19, 0x95, 0xf9,
+ 0x1c, 0x48, 0xcb, 0xbe, 0xbc, 0x7b, 0xf0, 0xe3, 0x49, 0x4c, 0x08, 0x35,
+ 0x9e, 0x4e, 0x8c, 0xd6, 0xa5, 0x87, 0xd7, 0xb9, 0x6d, 0x62, 0x21, 0xfd,
+ 0x7e, 0x0f, 0xb5, 0xc5, 0x57, 0x5f, 0x08, 0x2e, 0xe5, 0x77, 0x69, 0x79,
+ 0x80, 0x71, 0xb2, 0xbb, 0xb4, 0xa3, 0x22, 0x38, 0x15, 0x1b, 0x47, 0x31,
+ 0x4b, 0xb6, 0x54, 0x79, 0x03, 0x11, 0x02, 0x81, 0x81, 0x00, 0x99, 0x88,
+ 0x48, 0xb0, 0x55, 0x49, 0x9a, 0x10, 0x09, 0xcb, 0xc7, 0xd2, 0x94, 0xb3,
+ 0x6b, 0x1f, 0xfd, 0xf2, 0x02, 0x0e, 0x6e, 0x73, 0x64, 0x05, 0x3e, 0x94,
+ 0xde, 0x1a, 0x00, 0x0d, 0xc9, 0x34, 0x05, 0x87, 0xf7, 0xe2, 0x72, 0x76,
+ 0xf6, 0x8c, 0xdf, 0x60, 0x8d, 0x75, 0x3b, 0x63, 0x37, 0x7b, 0x03, 0xb6,
+ 0xf4, 0x08, 0x4d, 0x2c, 0x02, 0x7c, 0x4b, 0x38, 0x96, 0x0a, 0x62, 0x33,
+ 0xba, 0x9e, 0xd9, 0x73, 0x8b, 0x76, 0xf1, 0x0e, 0xa7, 0x5b, 0xe4, 0x56,
+ 0x07, 0x8b, 0xf7, 0x01, 0xf6, 0x7c, 0xc6, 0xb3, 0xf3, 0xfd, 0xc1, 0x86,
+ 0xe6, 0x43, 0x36, 0xc7, 0x6b, 0x37, 0x2e, 0x80, 0x91, 0x0e, 0xc8, 0x0b,
+ 0x0a, 0xdc, 0xc2, 0x3d, 0x02, 0xfb, 0x9a, 0xe1, 0x04, 0x86, 0xa2, 0x82,
+ 0x48, 0x07, 0x5b, 0x4e, 0xa7, 0xe5, 0x6d, 0xdf, 0xcf, 0x38, 0x82, 0xe4,
+ 0x51, 0x56, 0x14, 0x71, 0xa2, 0x91, 0x02, 0x81, 0x80, 0x64, 0x3b, 0xf7,
+ 0x46, 0x42, 0x9f, 0x7d, 0x83, 0x66, 0x7a, 0x06, 0x53, 0x02, 0x13, 0x47,
+ 0xef, 0xbf, 0xc0, 0x5e, 0x63, 0x51, 0xf8, 0x21, 0xa9, 0xde, 0xbb, 0x60,
+ 0xe0, 0xec, 0xcd, 0xe5, 0x00, 0x5a, 0xd9, 0xe9, 0xec, 0x31, 0xe5, 0x58,
+ 0xf7, 0xe9, 0x2c, 0x29, 0x32, 0x8e, 0x74, 0x56, 0x9d, 0x7c, 0xef, 0x7c,
+ 0x74, 0xca, 0xbc, 0x2b, 0x35, 0x5e, 0xd4, 0x01, 0xa1, 0xa0, 0x91, 0x4b,
+ 0x4e, 0x3c, 0xbb, 0x06, 0x48, 0x4e, 0x58, 0x19, 0x60, 0x51, 0x16, 0x9e,
+ 0xd1, 0x4c, 0xaa, 0x2e, 0xfa, 0x6e, 0xa0, 0x44, 0xe0, 0x54, 0xd2, 0x61,
+ 0x44, 0xcc, 0x16, 0x29, 0xc5, 0x50, 0x10, 0x55, 0x8a, 0x04, 0xe1, 0x33,
+ 0xf4, 0x4b, 0x7c, 0x24, 0x4d, 0xac, 0x25, 0xbf, 0x91, 0x3c, 0x57, 0xb8,
+ 0x90, 0xee, 0x49, 0xf5, 0x48, 0x25, 0x9c, 0xd6, 0x34, 0x04, 0xfe, 0xf6,
+ 0x85, 0x9d, 0xcf, 0x97, 0x5a};
+
+/* 2049 bit key from Hubert's Bleichenbacher tests */
+static const std::vector<uint8_t> priv_key_2b{
+ 0x30, 0x82, 0x04, 0xbf, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+ 0x04, 0xa9, 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x01, 0x55, 0xf8, 0x89, 0x55, 0x6a, 0x17, 0x75, 0xf1, 0xc7, 0xa7,
+ 0x78, 0x6a, 0x50, 0xb1, 0x8b, 0xc2, 0x8c, 0x9e, 0x98, 0x6e, 0xde, 0x56,
+ 0x67, 0xca, 0xb3, 0x9b, 0x84, 0x12, 0x4e, 0x90, 0xeb, 0xa7, 0x5c, 0x1d,
+ 0xb0, 0x83, 0xac, 0x3e, 0x44, 0x3b, 0xba, 0x94, 0xdc, 0x23, 0x56, 0x0f,
+ 0x75, 0xe3, 0xa8, 0x16, 0x93, 0xa2, 0xa4, 0x3b, 0xdc, 0x74, 0x26, 0xd8,
+ 0xc4, 0xea, 0xfe, 0x68, 0xc8, 0x5d, 0xe0, 0xfe, 0x75, 0x7f, 0x6e, 0x49,
+ 0xbb, 0x9e, 0xd4, 0x47, 0xe6, 0x02, 0x43, 0x08, 0x00, 0xdb, 0xb0, 0x4c,
+ 0xeb, 0x22, 0xe7, 0xfa, 0x57, 0xa1, 0x8d, 0x33, 0x8f, 0xb6, 0x60, 0x26,
+ 0xcd, 0xb4, 0x67, 0xe7, 0x0c, 0xc0, 0x40, 0xe7, 0xd3, 0x67, 0xef, 0x40,
+ 0x3c, 0x7b, 0xf1, 0xe3, 0xdf, 0x62, 0x46, 0x50, 0x09, 0x46, 0x31, 0xf2,
+ 0x1e, 0xaf, 0xd2, 0xfb, 0x5b, 0xc9, 0x15, 0xff, 0x04, 0x37, 0x9a, 0xcd,
+ 0x11, 0x12, 0xf7, 0x32, 0xc0, 0xb4, 0x66, 0x07, 0xc1, 0x78, 0xd3, 0x8a,
+ 0x20, 0xf5, 0x2e, 0xda, 0x50, 0x9f, 0x2f, 0x9c, 0x04, 0x05, 0xd5, 0x10,
+ 0x69, 0xe8, 0x0c, 0xcf, 0x94, 0x15, 0x54, 0xd0, 0x47, 0x04, 0x67, 0x50,
+ 0x5c, 0x3c, 0xf5, 0x41, 0xea, 0x08, 0x97, 0xdf, 0xc9, 0xf4, 0x00, 0xce,
+ 0xcb, 0x29, 0x8f, 0xfc, 0x75, 0x33, 0x72, 0xd9, 0xf6, 0x93, 0x3a, 0xf1,
+ 0x74, 0xcc, 0x40, 0xed, 0x96, 0xd4, 0x67, 0x03, 0x17, 0x33, 0xb9, 0x7f,
+ 0x8c, 0xdd, 0xd3, 0xf9, 0x2b, 0xc3, 0xa0, 0x3e, 0xa8, 0x57, 0x6c, 0x41,
+ 0x7f, 0x24, 0x00, 0x7b, 0x5e, 0x4f, 0x75, 0x01, 0x10, 0x5b, 0x54, 0x4d,
+ 0xe9, 0xfa, 0xdc, 0xdf, 0xfa, 0xdf, 0x98, 0xdf, 0xb4, 0xbb, 0x05, 0xb8,
+ 0x19, 0x9f, 0x3f, 0x85, 0xac, 0xfd, 0x91, 0xf7, 0xa9, 0xa0, 0x94, 0xb9,
+ 0xa3, 0x83, 0xf5, 0x04, 0x90, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x01, 0x01, 0x01, 0x19, 0xc2, 0xb3, 0xf5, 0x0a, 0x7a, 0xd6, 0x15,
+ 0x26, 0x79, 0xd7, 0xff, 0x51, 0x09, 0x58, 0xac, 0x2d, 0x8c, 0xa6, 0xf0,
+ 0x02, 0x85, 0x92, 0xf3, 0x32, 0xd5, 0x5a, 0x16, 0x73, 0x61, 0x78, 0xa8,
+ 0xe6, 0x7f, 0x17, 0xe7, 0x05, 0xce, 0x30, 0x0e, 0x3e, 0x87, 0x54, 0x72,
+ 0x51, 0x00, 0x60, 0x13, 0xf9, 0x74, 0xd0, 0xa3, 0xdb, 0x49, 0xef, 0x34,
+ 0x4c, 0xa5, 0xa2, 0x6a, 0x34, 0xc0, 0x45, 0x07, 0x04, 0xd0, 0xe4, 0x22,
+ 0xe0, 0xce, 0x23, 0xa6, 0x94, 0x25, 0xc1, 0x5f, 0xef, 0xb6, 0xf2, 0x6e,
+ 0x10, 0x6e, 0xef, 0xf6, 0x4c, 0xc8, 0xb9, 0xd7, 0x44, 0x2e, 0x4d, 0xa4,
+ 0xe8, 0xc8, 0x50, 0x08, 0xea, 0xeb, 0x36, 0x58, 0x59, 0xa2, 0x29, 0x4f,
+ 0xa3, 0x93, 0x7b, 0xc2, 0x6b, 0xe5, 0x63, 0x32, 0xe7, 0xd8, 0x1e, 0x2c,
+ 0x16, 0x0e, 0xf6, 0x35, 0xcc, 0x52, 0x8a, 0xa7, 0xbe, 0x55, 0xe6, 0x33,
+ 0xa7, 0x23, 0xdb, 0xc1, 0xe1, 0x6b, 0xa2, 0x9e, 0x52, 0xb2, 0x9a, 0xef,
+ 0x2f, 0x9e, 0x56, 0x54, 0xfd, 0xc0, 0x66, 0x6b, 0xb0, 0xfc, 0x25, 0x4a,
+ 0xcb, 0xe8, 0x0e, 0x63, 0x87, 0x4f, 0x0f, 0x5f, 0x02, 0x07, 0x82, 0xe3,
+ 0xc9, 0xdc, 0xfc, 0x25, 0x20, 0xd0, 0xc9, 0xc4, 0xa7, 0xb6, 0x34, 0xe4,
+ 0x50, 0x3f, 0xbb, 0x49, 0x3e, 0x1a, 0xaf, 0xee, 0xb3, 0xf8, 0x8b, 0xd7,
+ 0xa1, 0x33, 0x98, 0x72, 0x5d, 0xae, 0x6f, 0xe3, 0x99, 0xe7, 0x75, 0xcd,
+ 0x5d, 0x4c, 0xf0, 0x9f, 0xc8, 0x38, 0x34, 0x7c, 0x4c, 0x98, 0xda, 0xb1,
+ 0xa4, 0x88, 0x3c, 0xce, 0x62, 0x05, 0x13, 0x61, 0x5a, 0xfa, 0xa1, 0x0a,
+ 0x63, 0x36, 0x8e, 0x6d, 0x7b, 0x79, 0xdf, 0x41, 0x66, 0xab, 0x16, 0x27,
+ 0x39, 0xef, 0x51, 0x5a, 0x44, 0x02, 0xee, 0x1e, 0x06, 0x01, 0xc5, 0xa5,
+ 0x5b, 0xc7, 0x1d, 0xf0, 0xe3, 0x0e, 0xdf, 0x81, 0x02, 0x81, 0x81, 0x01,
+ 0x88, 0xf6, 0x93, 0x60, 0xf0, 0x1e, 0x18, 0xd9, 0xa2, 0xde, 0x29, 0x52,
+ 0x53, 0xd2, 0x52, 0xc3, 0x1e, 0x44, 0x76, 0xce, 0xa5, 0xff, 0x7b, 0xf8,
+ 0x41, 0x3d, 0xf7, 0xfd, 0xe3, 0x56, 0x52, 0x3c, 0xdc, 0x97, 0x68, 0x05,
+ 0xf8, 0x4f, 0xc0, 0xdd, 0xec, 0x77, 0x0d, 0xf0, 0x6c, 0xed, 0x06, 0x5c,
+ 0x81, 0x13, 0x48, 0x75, 0x4b, 0x34, 0x6a, 0xf1, 0x69, 0x75, 0x68, 0x77,
+ 0xfd, 0x3b, 0x3d, 0x56, 0x86, 0x82, 0xc8, 0x78, 0x7d, 0x0b, 0x31, 0x4e,
+ 0xf6, 0xac, 0x67, 0xd6, 0x5e, 0x81, 0x33, 0x39, 0x8b, 0x62, 0xa0, 0x83,
+ 0xc0, 0xf8, 0x76, 0x5c, 0x5a, 0xd4, 0x0d, 0x5a, 0x81, 0xf9, 0xbb, 0xdc,
+ 0xe2, 0x52, 0x7e, 0xd7, 0xe9, 0x50, 0x08, 0xcb, 0x10, 0x29, 0xcb, 0x4c,
+ 0xab, 0xd1, 0xf9, 0xe9, 0xbe, 0xdf, 0xc2, 0x86, 0xc9, 0x65, 0x52, 0x25,
+ 0x5d, 0xa7, 0xea, 0xb1, 0x92, 0x17, 0x8e, 0xf7, 0x02, 0x81, 0x81, 0x00,
+ 0xde, 0xc7, 0xcf, 0x11, 0xda, 0xde, 0x83, 0xa4, 0xc4, 0x3d, 0x2f, 0x80,
+ 0x19, 0x7f, 0x21, 0xfd, 0x5d, 0x46, 0xfd, 0x57, 0xb4, 0x31, 0xf4, 0x4f,
+ 0xe8, 0x1a, 0x1d, 0xe3, 0x7f, 0x6a, 0x09, 0x1f, 0xfc, 0x04, 0x64, 0xed,
+ 0x97, 0x1d, 0xc8, 0x50, 0x88, 0x35, 0xad, 0xe6, 0xcc, 0x5f, 0x56, 0x6f,
+ 0x39, 0x65, 0x61, 0x3a, 0x8b, 0x36, 0x79, 0x8c, 0x92, 0xe6, 0xe2, 0x3f,
+ 0x52, 0xef, 0x90, 0x7e, 0x95, 0x67, 0xe3, 0x41, 0xbe, 0xbc, 0x53, 0x37,
+ 0x18, 0x96, 0x25, 0xfb, 0xbe, 0xab, 0x1f, 0x3b, 0x7b, 0x3f, 0x92, 0xff,
+ 0xb2, 0x68, 0x1e, 0x6e, 0xf5, 0xa7, 0x84, 0xa8, 0xc2, 0xd7, 0x8f, 0x7c,
+ 0x2d, 0x89, 0xaa, 0xaa, 0x24, 0xd2, 0xce, 0xdb, 0xd0, 0x66, 0x81, 0xcf,
+ 0xe6, 0x5c, 0x36, 0xc7, 0xbf, 0xa3, 0xc5, 0xba, 0x13, 0x51, 0x62, 0x22,
+ 0x2e, 0xf5, 0xc2, 0xe9, 0x14, 0xc9, 0x83, 0x61, 0x02, 0x81, 0x80, 0x12,
+ 0x09, 0x3f, 0x3a, 0x73, 0xca, 0xed, 0xd9, 0x0f, 0x60, 0xa3, 0x04, 0xe4,
+ 0x54, 0x02, 0xf8, 0x71, 0xab, 0x32, 0xc8, 0xc9, 0x55, 0xb0, 0x9a, 0xf4,
+ 0x63, 0xa3, 0xbe, 0x43, 0x70, 0xf2, 0xd5, 0x58, 0x4a, 0x9a, 0xbb, 0xab,
+ 0x69, 0xfd, 0xb0, 0x31, 0xea, 0x44, 0xf9, 0x84, 0x06, 0x5d, 0x04, 0x61,
+ 0xe8, 0x40, 0xab, 0x21, 0x88, 0x86, 0x60, 0x0e, 0x37, 0x15, 0x54, 0x6c,
+ 0x8b, 0x0b, 0x85, 0xad, 0x26, 0xd3, 0x8c, 0xb4, 0x30, 0x8f, 0x52, 0xd0,
+ 0x7f, 0x99, 0x44, 0x7d, 0x91, 0xf0, 0x87, 0xf3, 0x9d, 0xd3, 0x40, 0x38,
+ 0xdb, 0x2e, 0x93, 0x8e, 0x97, 0xad, 0x05, 0x3a, 0x71, 0xfb, 0xed, 0x67,
+ 0x75, 0xe1, 0xdc, 0x87, 0x18, 0xe5, 0x4e, 0x6c, 0xaf, 0x7e, 0x65, 0x46,
+ 0x7d, 0x9c, 0xba, 0xdd, 0xc7, 0xe7, 0x65, 0xc8, 0x58, 0x9e, 0x2c, 0x98,
+ 0xdf, 0xdc, 0x25, 0xca, 0x4e, 0xca, 0x81, 0x02, 0x81, 0x81, 0x00, 0x8c,
+ 0xce, 0x61, 0x34, 0x79, 0xcf, 0x96, 0x08, 0xf7, 0xf7, 0x6c, 0x24, 0x5c,
+ 0xf9, 0x1b, 0xb4, 0x95, 0xd6, 0x1e, 0x9d, 0xe6, 0x48, 0x84, 0x90, 0x54,
+ 0xb4, 0xdd, 0x1b, 0x43, 0x16, 0xf3, 0xf9, 0x81, 0x42, 0x0d, 0xc0, 0x95,
+ 0x78, 0xbf, 0x79, 0x16, 0xfe, 0x46, 0x91, 0xcf, 0xae, 0x9a, 0x64, 0xe6,
+ 0x34, 0x0b, 0x86, 0x03, 0x23, 0x45, 0x23, 0xf2, 0x5d, 0x77, 0xb6, 0x6a,
+ 0x66, 0xfc, 0x3e, 0xe5, 0x93, 0xa9, 0xf1, 0x8d, 0xea, 0x5d, 0xf6, 0x3e,
+ 0xd5, 0xf7, 0xdf, 0xeb, 0x9d, 0x20, 0xba, 0x69, 0xa5, 0xbe, 0xf5, 0x59,
+ 0xff, 0xb0, 0xec, 0x94, 0xdb, 0x72, 0x5f, 0x6f, 0xf6, 0xea, 0xbb, 0xa3,
+ 0xd4, 0x95, 0x47, 0xc0, 0xca, 0x74, 0xf0, 0x3e, 0x01, 0xec, 0x1e, 0x49,
+ 0x0d, 0x13, 0x9a, 0xa0, 0xa7, 0x94, 0x7b, 0x8d, 0x66, 0x2c, 0xce, 0x4a,
+ 0x3c, 0x0f, 0x1b, 0x5e, 0x86, 0x17, 0x41, 0x02, 0x81, 0x81, 0x00, 0xf9,
+ 0x95, 0x9b, 0x34, 0xc4, 0xbc, 0xa8, 0xce, 0x48, 0x88, 0x78, 0x1b, 0x31,
+ 0xb1, 0xe9, 0xb5, 0xd8, 0xad, 0xf5, 0xd0, 0xd3, 0xe3, 0xed, 0x54, 0x5e,
+ 0x83, 0x67, 0xd3, 0xf8, 0x54, 0x5b, 0xa6, 0x44, 0x32, 0xb8, 0x87, 0x30,
+ 0x35, 0xef, 0x88, 0x1c, 0x2b, 0xcd, 0xe0, 0x0d, 0x18, 0x09, 0xf9, 0x2c,
+ 0x40, 0xd8, 0x78, 0x37, 0xb5, 0xc4, 0xf9, 0xac, 0xf4, 0x8b, 0x36, 0xb8,
+ 0xdc, 0x53, 0xa5, 0x95, 0x61, 0xa4, 0x56, 0x52, 0x34, 0x02, 0xd1, 0xe8,
+ 0xfa, 0x3a, 0xf3, 0x00, 0xe5, 0x4c, 0x91, 0xb6, 0x3e, 0x6c, 0xee, 0x06,
+ 0xfe, 0x6d, 0xe6, 0x66, 0xf3, 0x92, 0x95, 0x82, 0xa0, 0x3e, 0x1f, 0x45,
+ 0x4e, 0x77, 0x89, 0xfb, 0x07, 0x81, 0xa4, 0xd6, 0xfb, 0xb5, 0x26, 0xef,
+ 0x88, 0x16, 0x21, 0xfd, 0x1e, 0xac, 0xd2, 0x14, 0x66, 0xe4, 0xcd, 0xd9,
+ 0x8a, 0xed, 0x10, 0xf4, 0xe7, 0x6f, 0x79};
+
const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = {
// Comment:
// tcID: 1
{1,
{},
{0x59, 0x99, 0xcc, 0xb0, 0xcf, 0xdd, 0x58, 0x4a, 0x3f, 0xd9, 0xda, 0xf2,
0x47, 0xb9, 0xcd, 0x73, 0x14, 0x32, 0x3f, 0x8b, 0xba, 0x48, 0x64, 0x25,
@@ -3699,17 +3909,28 @@ const RsaDecryptTestVector kRsa2048Decry
0x04, 0xe7, 0xfc, 0x80, 0xb3, 0x6c, 0x39, 0x77, 0x45, 0x6e, 0x51, 0xeb,
0x64, 0xf4, 0xb6, 0x5f},
priv_key_0,
true},
// Comment: ps is all 0
// tcID: 9
{9,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x97, 0x93, 0xdd, 0x1a, 0x05, 0x70, 0x7a, 0xcb, 0xba, 0xf4, 0x2f, 0x86,
+ 0xa7, 0xbe, 0x25, 0x73, 0xc9, 0xc3, 0x9f, 0xde, 0x4a, 0xc1, 0x82, 0x9d,
+ 0x9e, 0x14, 0x0e, 0x66, 0x62, 0x7e, 0xb9, 0xbc, 0x10, 0x41, 0x31, 0x85,
+ 0x0c, 0x5a, 0x02, 0xbd, 0x58, 0x38, 0xb4, 0xd6, 0x34, 0x47, 0x7e, 0x0f,
+ 0x05, 0xde, 0x98, 0x76, 0x88, 0x5e, 0xc7, 0xfd, 0x9c, 0x12, 0x0f, 0x4e,
+ 0xbe, 0x40, 0xc9, 0xc3, 0xe0, 0xee, 0x94, 0x6e, 0x47, 0xa2, 0xc2, 0x4c,
+ 0xa2, 0xd6, 0xc9, 0x7f, 0xc1, 0x70, 0x08, 0x90, 0xce, 0xb2, 0x84, 0xb4,
+ 0x37, 0x38, 0xdc, 0xb3, 0x8b, 0xa1, 0xff, 0xdd, 0xd1, 0xbb, 0x8c, 0xf1,
+ 0x02, 0x77, 0x3d, 0x3a, 0xc3, 0xe2, 0x3b, 0x41, 0x58, 0x9d, 0x59, 0x0b,
+ 0x38, 0x77, 0x43, 0xf7, 0xcf, 0x3b, 0xf2, 0x57, 0xc6, 0x69, 0xae, 0xa4,
+ 0xea, 0x92, 0x6e, 0x78, 0xe5, 0x95},
{0x6e, 0x0d, 0x50, 0x7f, 0x66, 0xe1, 0x6d, 0x4b, 0x73, 0x73, 0xa5, 0x04,
0xc6, 0xd4, 0x86, 0x92, 0xaa, 0xa5, 0x41, 0xfd, 0xd5, 0x9e, 0xeb, 0x5d,
0x4a, 0x2c, 0xd9, 0x1f, 0x60, 0x00, 0xce, 0x9b, 0x57, 0x34, 0xa2, 0x32,
0xd6, 0x54, 0x1a, 0x78, 0x72, 0x9a, 0xc8, 0x21, 0x52, 0xd3, 0xa3, 0x0b,
0x51, 0x95, 0x0a, 0x24, 0xae, 0x37, 0x9a, 0x10, 0x8e, 0xd2, 0x0f, 0xa4,
0xec, 0x75, 0x42, 0xfe, 0x22, 0x81, 0xc2, 0xdd, 0x5d, 0xe6, 0x85, 0x56,
0x4d, 0x15, 0x18, 0x2f, 0x3c, 0x73, 0xe9, 0xc0, 0x13, 0x5e, 0xbc, 0x99,
0x3f, 0x5a, 0xcd, 0x24, 0x0a, 0x34, 0x3d, 0x32, 0x57, 0x99, 0x75, 0x82,
@@ -3723,17 +3944,17 @@ const RsaDecryptTestVector kRsa2048Decry
0xef, 0xc6, 0xd4, 0x90, 0x44, 0xbe, 0x71, 0x63, 0xe6, 0x4e, 0xd8, 0x4b,
0x5e, 0x79, 0x91, 0xec, 0xba, 0x27, 0x4a, 0x3a, 0x7e, 0xe4, 0xde, 0xfb,
0x84, 0x2a, 0x86, 0xac, 0x4c, 0xbf, 0x2d, 0x3b, 0xfc, 0x9c, 0xf8, 0x70,
0xae, 0x02, 0x5a, 0x3e, 0x2f, 0xbc, 0x77, 0x59, 0x16, 0xa5, 0x95, 0x79,
0x76, 0x3c, 0x06, 0xeb, 0x84, 0xad, 0x8e, 0xdd, 0x1d, 0x03, 0x78, 0x7e,
0x60, 0x9a, 0xd4, 0x46, 0xde, 0x43, 0xeb, 0xed, 0x16, 0x33, 0x0a, 0xb0,
0x67, 0x16, 0xfa, 0x73},
priv_key_0,
- false},
+ true},
// Comment: ps is all 1
// tcID: 10
{10,
{0x54, 0x65, 0x73, 0x74},
{0x63, 0x35, 0x46, 0x72, 0x3d, 0x13, 0xef, 0x27, 0x12, 0x56, 0x1a, 0xbf,
0xa5, 0xb4, 0x77, 0xa3, 0x6c, 0xe7, 0xc8, 0xdc, 0x5a, 0x9f, 0x43, 0x58,
0x9e, 0xa2, 0x89, 0xa1, 0x5f, 0x74, 0x9c, 0x89, 0xe4, 0xe3, 0xba, 0x3c,
@@ -3786,17 +4007,37 @@ const RsaDecryptTestVector kRsa2048Decry
0xa3, 0xd7, 0x01, 0x55, 0x17, 0x58, 0xfe, 0xb7, 0x9c, 0xcf, 0x87, 0x09,
0xcb, 0x61, 0xb7, 0x93},
priv_key_0,
true},
// Comment: byte 0 of ps is 0
// tcID: 12
{12,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x44, 0xe8, 0x82, 0x2f, 0x3a, 0x33, 0x61, 0x68, 0x34, 0xc3, 0x4a, 0x85,
+ 0x24, 0x74, 0x34, 0x57, 0x08, 0xc6, 0xd9, 0xa2, 0xe6, 0x65, 0xee, 0xe8,
+ 0xc9, 0x8d, 0xf4, 0x01, 0xb1, 0x7f, 0xb9, 0xfb, 0xbd, 0x2d, 0x34, 0x9e,
+ 0x76, 0x50, 0x5d, 0xb7, 0xb6, 0x14, 0x5c, 0x22, 0x39, 0x72, 0xc3, 0x82,
+ 0x0f, 0x6a, 0x3c, 0x68, 0xf0, 0xc9, 0xbd, 0x06, 0x17, 0xc2, 0x71, 0x3c,
+ 0xec, 0x22, 0x75, 0x79, 0x80, 0x85, 0x03, 0x36, 0x76, 0x90, 0x66, 0x80,
+ 0xd1, 0x51, 0x56, 0x88, 0x1e, 0xf2, 0xff, 0x43, 0x2e, 0xd9, 0xbe, 0x22,
+ 0xed, 0x92, 0xb8, 0xcf, 0xe7, 0xdd, 0x9f, 0xf0, 0x27, 0xc3, 0xf4, 0x49,
+ 0x6f, 0x36, 0x4c, 0x52, 0x2e, 0x04, 0x69, 0x9c, 0xe2, 0xb3, 0xe4, 0xbf,
+ 0x36, 0xc4, 0xbb, 0xc4, 0xa5, 0x2e, 0x77, 0xf9, 0xaa, 0x2a, 0x07, 0x2b,
+ 0x7e, 0x74, 0xaa, 0xd7, 0x08, 0xfd, 0x83, 0x82, 0x1c, 0x5f, 0xec, 0xd1,
+ 0x70, 0xe1, 0xeb, 0x2a, 0xb7, 0xfe, 0xd9, 0xdb, 0x8c, 0x2f, 0xec, 0xfc,
+ 0x8b, 0x5c, 0xc7, 0xf2, 0x12, 0x39, 0xb7, 0xde, 0x64, 0x68, 0x41, 0xd9,
+ 0xb2, 0x64, 0x8b, 0xd7, 0x14, 0x12, 0x86, 0xab, 0x57, 0x7b, 0xbd, 0x8d,
+ 0xd4, 0x13, 0x9f, 0x53, 0x3a, 0x8b, 0xb5, 0x6a, 0x61, 0x8e, 0x50, 0x61,
+ 0xc9, 0xfa, 0x9d, 0x87, 0xe2, 0x30, 0x1f, 0xa2, 0xe3, 0x81, 0xa2, 0x12,
+ 0x1a, 0x40, 0x5d, 0x5e, 0xb3, 0xee, 0x39, 0xc4, 0x0c, 0x39, 0xf2, 0xf7,
+ 0xfa, 0x41, 0xb9, 0x1f, 0x30, 0x5a, 0xe9, 0x7c, 0xab, 0x3e, 0x08, 0x42,
+ 0x0a, 0xa3, 0x48, 0x06, 0x6e, 0x23, 0xda, 0x48, 0xa0, 0xe1, 0x01, 0x3b,
+ 0x0e, 0x56},
{0x6a, 0x8b, 0x8c, 0x01, 0x24, 0x7d, 0x9d, 0x4d, 0x1c, 0x3b, 0xba, 0xac,
0x58, 0xe0, 0x77, 0xe3, 0x79, 0x26, 0x85, 0x4d, 0xc8, 0xbd, 0xb5, 0x8f,
0xb7, 0xb9, 0x89, 0x79, 0xba, 0x91, 0x02, 0x93, 0x44, 0x69, 0x83, 0x64,
0x80, 0xa0, 0xb9, 0x6a, 0x5b, 0x45, 0x2e, 0x54, 0xdf, 0xf5, 0x5e, 0x77,
0xb5, 0x2d, 0xc1, 0xcb, 0x93, 0x65, 0x6f, 0x68, 0x02, 0xb7, 0xfb, 0xe0,
0x6c, 0xa0, 0x92, 0x3e, 0x38, 0xe5, 0x49, 0xda, 0xbc, 0xdb, 0xce, 0x90,
0x9f, 0xdd, 0x10, 0xd6, 0x77, 0xd8, 0x96, 0x38, 0x4a, 0xf7, 0x5e, 0x71,
0x46, 0x79, 0x4b, 0xfa, 0x00, 0x9e, 0xbb, 0xb2, 0xd6, 0x89, 0x0b, 0x1c,
@@ -3810,22 +4051,31 @@ const RsaDecryptTestVector kRsa2048Decry
0x98, 0xe0, 0x6a, 0xb2, 0xdc, 0xc4, 0x93, 0x5d, 0xad, 0xaa, 0xe8, 0x66,
0x0a, 0xc8, 0xc6, 0x35, 0x6b, 0x87, 0x1e, 0x0b, 0x13, 0x97, 0xaf, 0x20,
0xd6, 0xfe, 0x93, 0x7c, 0x32, 0x11, 0xe2, 0x15, 0x59, 0xa3, 0xd0, 0xeb,
0x39, 0xc2, 0x94, 0x9a, 0x96, 0x61, 0x1b, 0x13, 0x74, 0x0a, 0xe0, 0xc2,
0x6c, 0xe6, 0x7c, 0x37, 0x3a, 0x92, 0x25, 0xa3, 0xc1, 0x77, 0x3e, 0xc6,
0x62, 0xca, 0x20, 0xde, 0xe6, 0x20, 0xc0, 0xac, 0xef, 0x14, 0x75, 0xb3,
0x62, 0xee, 0x9b, 0x9f},
priv_key_0,
- false},
+ true},
// Comment: byte 1 of ps is 0
// tcID: 13
{13,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xd7, 0x51, 0x04, 0x03, 0x67, 0x28, 0x32, 0x1a, 0x06, 0xca, 0x69, 0xcf,
+ 0x3d, 0xc5, 0xce, 0x9e, 0xa1, 0x59, 0x81, 0x91, 0xb9, 0x7e, 0x86, 0x92,
+ 0xe9, 0x2a, 0x49, 0x93, 0x88, 0x17, 0x32, 0xd1, 0x08, 0xfe, 0xd2, 0x9d,
+ 0xa1, 0xfe, 0xf5, 0x4f, 0x57, 0x98, 0x6c, 0xca, 0xa8, 0x60, 0xbd, 0xd5,
+ 0xe5, 0xba, 0xd1, 0x61, 0x5b, 0xef, 0xea, 0x98, 0x95, 0x36, 0x24, 0x86,
+ 0xd3, 0xb5, 0xee, 0x12, 0xbb, 0x28, 0x02, 0xf2, 0xfc, 0x68, 0xfd, 0x93,
+ 0xf6, 0x5c, 0x13, 0x95, 0x7a, 0x14, 0xef, 0x6a, 0x65, 0xb8, 0x85, 0xad,
+ 0xef, 0x29, 0xf5, 0x92, 0x43, 0xed, 0xb2, 0x65, 0xc9, 0xfe, 0x25, 0x55,
+ 0x69, 0x35, 0x31, 0xab, 0xfb, 0x87, 0x11, 0x55},
{0x84, 0xc1, 0x49, 0xc3, 0x78, 0xf3, 0xf1, 0x2c, 0xe2, 0x02, 0xbb, 0x56,
0x14, 0x56, 0x25, 0x70, 0x57, 0x70, 0x91, 0x14, 0xec, 0xba, 0xa4, 0xc3,
0xa7, 0xdb, 0xfb, 0xcb, 0xfa, 0xf2, 0xfe, 0x9a, 0x19, 0xce, 0xba, 0xbd,
0x72, 0xe3, 0x94, 0x74, 0xb6, 0xbd, 0x78, 0x71, 0xc3, 0xda, 0xe4, 0x1a,
0x9c, 0x87, 0xc5, 0xcb, 0x2f, 0xaf, 0xc2, 0xd0, 0x6d, 0x49, 0xc6, 0x0a,
0xc4, 0x01, 0xed, 0x1e, 0x12, 0x55, 0x22, 0xd0, 0x85, 0x4f, 0xe8, 0xfb,
0x86, 0x11, 0xf8, 0xef, 0xb9, 0x0d, 0x2b, 0x89, 0xa1, 0x4e, 0xae, 0xb6,
0xe9, 0x91, 0xf1, 0x93, 0x29, 0xdd, 0x7d, 0x18, 0x3e, 0xf7, 0x2c, 0xf0,
@@ -3839,22 +4089,23 @@ const RsaDecryptTestVector kRsa2048Decry
0xd6, 0x13, 0xb1, 0x51, 0xf9, 0x3c, 0xc5, 0x3c, 0x13, 0x07, 0xce, 0xf6,
0x8f, 0xeb, 0x5a, 0x67, 0xd3, 0x23, 0x37, 0xcf, 0x2f, 0xf9, 0x54, 0xbe,
0x7a, 0x55, 0x3d, 0x3f, 0x07, 0xc9, 0xf6, 0x57, 0xae, 0xbd, 0x9e, 0x8d,
0x4e, 0xe9, 0x9e, 0x87, 0x36, 0xc1, 0x52, 0x80, 0x42, 0x95, 0xf3, 0x66,
0xa4, 0xff, 0xaf, 0x2a, 0x72, 0xe2, 0x9c, 0x2f, 0x87, 0xb0, 0x3b, 0x28,
0xb9, 0x9d, 0xa1, 0xf6, 0xa7, 0xee, 0x0d, 0x93, 0x64, 0xef, 0x71, 0x1e,
0xda, 0x4f, 0x07, 0x93},
priv_key_0,
- false},
+ true},
// Comment: byte 7 of ps is 0
// tcID: 14
{14,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x56, 0xe4, 0x6b, 0xeb, 0x8b, 0x98, 0xc2},
{0x33, 0x07, 0x26, 0x4f, 0x64, 0xd4, 0xca, 0x8b, 0x62, 0xc4, 0xe7, 0xda,
0x4c, 0xac, 0x11, 0x72, 0x62, 0xe5, 0xd3, 0xa3, 0xdb, 0xc1, 0x9a, 0x52,
0x9a, 0xc5, 0x16, 0x7c, 0x19, 0x87, 0xbc, 0xe5, 0x6e, 0x35, 0x87, 0x26,
0xd0, 0xec, 0xfc, 0x6c, 0xb5, 0x91, 0xa1, 0x2b, 0xd5, 0xf7, 0x53, 0x1c,
0xd2, 0x24, 0x94, 0x39, 0x25, 0x4c, 0x36, 0x6a, 0xd3, 0xcb, 0x7a, 0x60,
0x8f, 0x84, 0x5e, 0x1e, 0xca, 0x93, 0x10, 0x18, 0x29, 0x52, 0x08, 0xba,
0x5c, 0x61, 0x98, 0x02, 0x7b, 0x22, 0x19, 0x12, 0x24, 0xc4, 0x56, 0x88,
0x56, 0xab, 0x33, 0x1e, 0x2a, 0xcf, 0x53, 0x0f, 0xc4, 0x34, 0x87, 0x08,
@@ -3868,22 +4119,43 @@ const RsaDecryptTestVector kRsa2048Decry
0xbe, 0x1d, 0xd6, 0xe6, 0x53, 0x5b, 0x5f, 0x66, 0x7c, 0xe9, 0x72, 0xf0,
0x0b, 0xa7, 0x73, 0xd4, 0xcf, 0x6a, 0x55, 0x6c, 0xcf, 0x65, 0xba, 0xcc,
0x1e, 0xca, 0x23, 0x12, 0x88, 0x1c, 0xaf, 0x6a, 0x89, 0xff, 0x5d, 0x83,
0x96, 0x08, 0x46, 0xa5, 0xd9, 0xdd, 0x31, 0x47, 0x7d, 0xcc, 0x9e, 0xe4,
0xae, 0x50, 0xab, 0x0c, 0xb2, 0xe5, 0x74, 0xa6, 0x85, 0xbd, 0x9d, 0x7b,
0x7a, 0x74, 0xc7, 0xca, 0x98, 0x76, 0xf0, 0x8f, 0xd6, 0x4d, 0x1d, 0x5f,
0x19, 0x67, 0x86, 0xbe},
priv_key_0,
- false},
+ true},
// Comment: ps truncated
// tcID: 15
{15,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x7e, 0xb6, 0xd0, 0x76, 0xcb, 0x3e, 0x91, 0x1f, 0xd5, 0x11, 0x31, 0x3e,
+ 0xd6, 0xe8, 0x72, 0x76, 0x0f, 0x33, 0xbb, 0x38, 0xde, 0x69, 0xae, 0x29,
+ 0xe1, 0xdf, 0x90, 0x94, 0x0c, 0x7a, 0x39, 0x3c, 0x46, 0xb2, 0x05, 0xd0,
+ 0x54, 0xa9, 0xe8, 0x54, 0x5d, 0xa1, 0x46, 0x86, 0x48, 0xab, 0x9c, 0x64,
+ 0x4c, 0xb9, 0xb6, 0x14, 0x75, 0x91, 0x03, 0x4b, 0xb1, 0xd2, 0x78, 0xcf,
+ 0x8c, 0x13, 0xf2, 0x9d, 0xfd, 0x88, 0x7b, 0xf2, 0x08, 0x66, 0x31, 0xde,
+ 0x6b, 0xce, 0x5a, 0x3a, 0x90, 0x2e, 0xbc, 0xd0, 0x75, 0xcf, 0xfd, 0xac,
+ 0x7c, 0x64, 0xc2, 0x0d, 0x70, 0x78, 0x0a, 0xc7, 0xa0, 0x1e, 0x51, 0xec,
+ 0xa2, 0x54, 0x2b, 0x5e, 0xac, 0xd8, 0x7e, 0x62, 0x1c, 0x72, 0x84, 0x9d,
+ 0x8e, 0xff, 0x75, 0x18, 0x54, 0x5a, 0x71, 0xb0, 0x40, 0xe6, 0x31, 0xeb,
+ 0x53, 0x68, 0xd8, 0xa9, 0x12, 0xa3, 0x54, 0x20, 0xc2, 0x0e, 0xf2, 0x80,
+ 0x15, 0x8c, 0x62, 0x96, 0xaa, 0x49, 0xfd, 0x09, 0xf3, 0xa4, 0x86, 0x3d,
+ 0x71, 0x2a, 0xe7, 0x25, 0x14, 0x8b, 0xa0, 0x25, 0xae, 0x8f, 0xfa, 0x14,
+ 0x6a, 0x09, 0x37, 0xd4, 0x61, 0x43, 0x1e, 0x11, 0x5e, 0x39, 0xa7, 0xc7,
+ 0x4d, 0xd0, 0xf4, 0xfc, 0x48, 0xfe, 0x58, 0x8f, 0x6c, 0x18, 0x8b, 0x96,
+ 0x6a, 0x74, 0x36, 0x8c, 0x4d, 0xbb, 0x60, 0xe3, 0xf5, 0xcc, 0xd5, 0x30,
+ 0xe1, 0xb2, 0xc3, 0x84, 0x86, 0x66, 0xde, 0x4c, 0x22, 0x04, 0x69, 0x75,
+ 0x8a, 0xca, 0x95, 0xa9, 0xfe, 0xae, 0xcd, 0x28, 0xbc, 0x3e, 0xf6, 0x4d,
+ 0x1a, 0xbb, 0x88, 0x5d, 0x96, 0xc9, 0x99, 0x3b, 0xab, 0x60, 0x1d, 0x08,
+ 0x7e, 0xfb, 0xc6, 0xc8, 0x73, 0xc6, 0x54, 0x7e, 0x5a, 0x86, 0x61, 0x11,
+ 0x29, 0x75, 0x41, 0x25, 0x31},
{0x16, 0xd5, 0x6b, 0x7a, 0x9e, 0x67, 0x2e, 0x38, 0x70, 0x16, 0xe8, 0xb1,
0xc9, 0xcf, 0xf4, 0x74, 0xd5, 0x60, 0xfa, 0xa8, 0xca, 0x14, 0xa5, 0x65,
0xfb, 0xa0, 0x86, 0x01, 0x5c, 0x5f, 0x9d, 0x53, 0xb2, 0x05, 0xc4, 0xcc,
0xfe, 0x77, 0xed, 0x5f, 0x3d, 0x10, 0xa0, 0x4a, 0x23, 0xbc, 0x03, 0x1d,
0x9c, 0x7f, 0xc8, 0x09, 0x66, 0x8c, 0xeb, 0x5c, 0x4e, 0x31, 0xba, 0x87,
0x60, 0x47, 0x5d, 0xe7, 0x13, 0x41, 0x3b, 0x1a, 0xe5, 0x66, 0x6e, 0x93,
0x08, 0x7e, 0x14, 0x6a, 0x26, 0x07, 0xc0, 0x0d, 0x64, 0x92, 0xed, 0x09,
0x59, 0x73, 0xc7, 0xcc, 0xd7, 0x99, 0x96, 0xaa, 0x26, 0x02, 0x3a, 0x2c,
@@ -3897,22 +4169,32 @@ const RsaDecryptTestVector kRsa2048Decry
0xa2, 0x8b, 0x3d, 0x2a, 0x72, 0x81, 0xd6, 0x73, 0x2f, 0x9d, 0xbc, 0x3c,
0x20, 0xee, 0xcb, 0x28, 0x0f, 0x2b, 0xa6, 0xf2, 0x5c, 0xd4, 0x9c, 0x93,
0x0d, 0xcc, 0x3a, 0x41, 0x39, 0x87, 0xab, 0x4d, 0xe0, 0xfe, 0x93, 0x14,
0xa6, 0x1e, 0x09, 0x2b, 0x37, 0x08, 0xc7, 0x5c, 0x9b, 0xf9, 0x68, 0x31,
0xdf, 0x05, 0xe4, 0xdb, 0xe3, 0x1f, 0x75, 0xb2, 0xdd, 0xaf, 0x3b, 0xde,
0x7f, 0x01, 0xc7, 0x94, 0x0e, 0xc6, 0x27, 0x58, 0x00, 0x6a, 0x65, 0x28,
0x71, 0xd7, 0x2b, 0x75},
priv_key_0,
- false},
+ true},
// Comment: ps missing
// tcID: 16
{16,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xbb, 0x17, 0x37, 0xae, 0x4e, 0xdd, 0x4e, 0x87, 0xc3, 0x61, 0x4f, 0x62,
+ 0xd7, 0x09, 0xcf, 0x27, 0xc4, 0x45, 0xc6, 0xfc, 0x1c, 0x00, 0x8f, 0x8c,
+ 0xab, 0xc5, 0x52, 0xdf, 0x0b, 0x5c, 0xac, 0x1a, 0xe8, 0x9a, 0x68, 0xe1,
+ 0xa7, 0xfc, 0xae, 0xe2, 0x48, 0xfe, 0xc5, 0x0c, 0x8e, 0x16, 0x4b, 0x86,
+ 0x7c, 0x0d, 0xe4, 0xda, 0x2c, 0x40, 0xf1, 0x80, 0xe0, 0x75, 0xb9, 0xb2,
+ 0x5b, 0x45, 0x56, 0x45, 0x10, 0x00, 0x0c, 0xb7, 0xda, 0x28, 0x96, 0xdf,
+ 0xc0, 0xb3, 0x54, 0x91, 0xa5, 0x1d, 0xb2, 0x34, 0xc0, 0x1e, 0xdd, 0xa0,
+ 0xec, 0xb3, 0x00, 0x69, 0x4c, 0xec, 0xdb, 0xa7, 0xb6, 0x4c, 0x9f, 0x8a,
+ 0xc4, 0xb1, 0x4b, 0xaa, 0x32, 0x7a, 0xa5, 0x42, 0xd2, 0x20, 0x45, 0xec,
+ 0x61, 0xcc, 0x0c, 0x01, 0xa3, 0xd4, 0xa5, 0x97, 0x04, 0x46},
{0x25, 0xf6, 0x7b, 0xc6, 0xc1, 0x32, 0x0a, 0x13, 0xfa, 0x91, 0xa2, 0x3d,
0x4d, 0x18, 0x01, 0xcc, 0x73, 0x59, 0x41, 0x61, 0xa7, 0xf3, 0x44, 0xff,
0xa1, 0x95, 0xd6, 0xdd, 0x18, 0x94, 0xc1, 0xe3, 0x9d, 0x6c, 0xd8, 0x18,
0x66, 0x46, 0x2d, 0x05, 0xe0, 0xe1, 0x6c, 0x02, 0x45, 0x9a, 0x3f, 0x1d,
0xc5, 0xf0, 0xec, 0xc5, 0x26, 0x57, 0xf7, 0x03, 0x85, 0xfd, 0x0b, 0x33,
0xde, 0x21, 0x42, 0x16, 0xa2, 0x29, 0x8b, 0x48, 0x14, 0x55, 0x0a, 0xf1,
0xec, 0xd9, 0x29, 0x17, 0x0b, 0xc6, 0x9b, 0x74, 0xe0, 0x82, 0x99, 0xbe,
0xa5, 0x0d, 0xe3, 0x30, 0x21, 0x46, 0x8f, 0x4f, 0xe2, 0xa2, 0xe4, 0xa4,
@@ -3926,22 +4208,32 @@ const RsaDecryptTestVector kRsa2048Decry
0xdf, 0x7f, 0x75, 0xbb, 0x43, 0x27, 0xd8, 0x73, 0xd0, 0xe8, 0xd7, 0xec,
0xab, 0x1b, 0x09, 0xb8, 0x77, 0x9c, 0xb8, 0x41, 0xe0, 0x02, 0xee, 0x45,
0xf8, 0xdb, 0xeb, 0xd2, 0xd4, 0x83, 0xde, 0x2d, 0x71, 0x36, 0xae, 0x7e,
0x35, 0x05, 0x80, 0xdc, 0x8a, 0x48, 0xbc, 0xd6, 0x35, 0x9a, 0x67, 0x7b,
0xcc, 0xd6, 0x89, 0xbb, 0xdf, 0x87, 0x9f, 0x25, 0x20, 0xd8, 0x97, 0x6f,
0xc2, 0xb9, 0x2e, 0x64, 0xdd, 0xa8, 0xe7, 0x39, 0x97, 0x19, 0xa1, 0x3b,
0x81, 0x82, 0xc7, 0x39},
priv_key_0,
- false},
+ true},
// Comment: Block type = 0
// tcID: 17
{17,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x0f, 0xa1, 0x46, 0x17, 0x1e, 0xdc, 0xaa, 0xd5, 0x8d, 0xce, 0x5c, 0x6b,
+ 0x76, 0x4b, 0x93, 0xbd, 0x87, 0xf7, 0x48, 0x0b, 0xd1, 0x41, 0x07, 0xde,
+ 0xda, 0x64, 0x35, 0x80, 0xfa, 0x8f, 0x6d, 0xa0, 0x56, 0x34, 0xc3, 0x0f,
+ 0x4a, 0x4c, 0x5d, 0x7b, 0xdb, 0x25, 0x0d, 0x19, 0xc3, 0x3b, 0xe4, 0x7c,
+ 0x77, 0xaf, 0x6e, 0x53, 0xe2, 0xd9, 0x4e, 0xd5, 0x15, 0x94, 0x4f, 0xe1,
+ 0x94, 0x43, 0x7e, 0xf1, 0x3f, 0x0d, 0x8f, 0x0e, 0x34, 0x5c, 0xd0, 0x43,
+ 0xe2, 0x86, 0x17, 0x54, 0x9f, 0xce, 0x19, 0x7a, 0x54, 0xef, 0x1b, 0xb9,
+ 0x1d, 0x2d, 0x6f, 0xda, 0x3d, 0x4b, 0x9b, 0xa9, 0x9e, 0x24, 0xbd, 0x8c,
+ 0x66, 0x7b, 0xc8, 0x5f, 0xb2, 0xb3, 0x5c, 0xd3, 0xd2, 0xe8, 0xcc, 0x6f,
+ 0x66, 0x6c, 0xb5},
{0x37, 0x1e, 0x28, 0x17, 0x30, 0xbb, 0xc2, 0x89, 0xcd, 0x77, 0xa6, 0x4a,
0xb4, 0x9b, 0x37, 0x0e, 0xd7, 0x90, 0x0c, 0x48, 0xf5, 0x62, 0x56, 0x15,
0xff, 0x28, 0xbe, 0xee, 0xea, 0xbc, 0x86, 0x0b, 0x46, 0x73, 0xab, 0x16,
0x00, 0x3f, 0xd5, 0xe1, 0x3c, 0x89, 0xc8, 0xb6, 0xa0, 0xe5, 0xc9, 0xb7,
0x32, 0x04, 0x49, 0x81, 0xdd, 0xf2, 0xbc, 0x45, 0xd4, 0x61, 0x3b, 0xf4,
0x09, 0xcb, 0x2e, 0x98, 0x12, 0x3c, 0xeb, 0x66, 0x1c, 0x10, 0x93, 0x77,
0x3d, 0x71, 0xc6, 0x7f, 0xd1, 0x98, 0x28, 0x8d, 0x6e, 0x9b, 0x83, 0x25,
0x96, 0x89, 0x48, 0x34, 0xc3, 0x95, 0x57, 0x99, 0xea, 0x20, 0xe2, 0x42,
@@ -3955,22 +4247,42 @@ const RsaDecryptTestVector kRsa2048Decry
0xaf, 0x69, 0xb0, 0x49, 0x1e, 0xdd, 0xa6, 0x37, 0xde, 0xa0, 0x98, 0x9e,
0x3a, 0x5d, 0xd0, 0xc3, 0xaa, 0xc2, 0x67, 0x07, 0x46, 0x62, 0x44, 0x3c,
0x37, 0xce, 0x1b, 0x3f, 0xd4, 0xb2, 0xe9, 0x74, 0x3f, 0xb0, 0xd0, 0x0d,
0xc1, 0x36, 0xd8, 0xdf, 0x10, 0xb6, 0xfd, 0x0b, 0x60, 0xd3, 0x0c, 0x13,
0x99, 0xab, 0x52, 0xd7, 0x5e, 0x2d, 0xb5, 0x59, 0xd8, 0xfa, 0xef, 0xc4,
0x50, 0x08, 0xc2, 0xd9, 0x10, 0x0e, 0xd0, 0x8c, 0xaa, 0x88, 0xbd, 0xc1,
0x1a, 0xea, 0x04, 0xdf},
priv_key_0,
- false},
+ true},
// Comment: Block type = 1
// tcID: 18
{18,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xa1, 0x3b, 0x3a, 0x52, 0x0f, 0xbf, 0xeb, 0xff, 0x1b, 0x23, 0x4f, 0xb5,
+ 0x11, 0xe3, 0x02, 0xf0, 0x33, 0x36, 0xc1, 0x14, 0x8f, 0x87, 0x3d, 0xd4,
+ 0x98, 0x64, 0x90, 0x3b, 0x6e, 0x6c, 0xc5, 0xba, 0x66, 0x1c, 0x27, 0x59,
+ 0x31, 0x9a, 0xc3, 0x88, 0xe0, 0x58, 0xaf, 0xf6, 0xef, 0x85, 0xd9, 0x75,
+ 0xdd, 0x49, 0xe7, 0x14, 0x6f, 0xa4, 0xea, 0xa8, 0x81, 0xe7, 0x81, 0x5e,
+ 0x22, 0xf0, 0xa8, 0x16, 0x30, 0x0b, 0xbb, 0x87, 0xd7, 0x9d, 0x52, 0x68,
+ 0x3e, 0xe2, 0xb9, 0x5a, 0x37, 0xfe, 0x27, 0xd6, 0xce, 0x7e, 0x74, 0x52,
+ 0x2e, 0x9d, 0x0d, 0x87, 0x8a, 0x2a, 0xed, 0xc0, 0xeb, 0xc2, 0x8d, 0xba,
+ 0xf0, 0x73, 0xbe, 0x91, 0x0a, 0x3b, 0xc9, 0x7b, 0x87, 0x2c, 0x6e, 0x38,
+ 0x35, 0x66, 0x47, 0x65, 0x9c, 0x50, 0x72, 0xcb, 0xc1, 0xaf, 0xa1, 0x1e,
+ 0x69, 0xab, 0x24, 0xd6, 0x9a, 0x95, 0x40, 0x49, 0xca, 0x7b, 0x48, 0x9b,
+ 0xe9, 0xb2, 0xc6, 0x4b, 0x66, 0xf9, 0x97, 0x84, 0xba, 0x57, 0xf4, 0x55,
+ 0x5e, 0x2c, 0x55, 0x1a, 0xe8, 0xc9, 0xb2, 0x6b, 0x1c, 0x25, 0x20, 0x63,
+ 0x61, 0x40, 0xa8, 0xb4, 0x76, 0xc3, 0x85, 0xaf, 0x07, 0x40, 0xd0, 0xf8,
+ 0x9c, 0x86, 0xd4, 0xde, 0x25, 0x51, 0x61, 0x31, 0xcb, 0xc9, 0x42, 0x7f,
+ 0xcd, 0xcf, 0x6c, 0x30, 0xc5, 0x10, 0xc3, 0xf4, 0x3f, 0x9b, 0xfe, 0x27,
+ 0x10, 0xda, 0xf2, 0x74, 0x70, 0xce, 0xf9, 0x87, 0x95, 0x4c, 0x14, 0xc9,
+ 0x42, 0x37, 0x6d, 0x0e, 0x95, 0x4d, 0x86, 0xf3, 0xa1, 0x54, 0x32, 0x94,
+ 0xc8, 0xf6, 0x3a, 0xa1, 0xa9, 0xc9, 0x44, 0x01, 0x17, 0x92, 0xea, 0x81,
+ 0x4a, 0xa6},
{0x92, 0x21, 0x0e, 0x5b, 0xbf, 0x24, 0xd2, 0xcd, 0x95, 0x27, 0xf6, 0xe2,
0x4f, 0xfa, 0xfa, 0xfd, 0xfe, 0xe2, 0x42, 0xb1, 0x46, 0x53, 0x9f, 0x37,
0x31, 0x71, 0x5f, 0xff, 0x42, 0x09, 0x2c, 0xc8, 0xf5, 0xa1, 0xa4, 0x91,
0x94, 0x17, 0xc9, 0xdf, 0x9a, 0x5a, 0x32, 0xe6, 0x12, 0x01, 0xf4, 0x35,
0x4a, 0x87, 0xab, 0x06, 0xe9, 0x7f, 0x82, 0x7f, 0x69, 0xe6, 0xcc, 0x13,
0xe7, 0xb9, 0xc7, 0x95, 0x15, 0x14, 0x5f, 0x21, 0x07, 0x13, 0x52, 0x3e,
0x6f, 0x64, 0xde, 0xf6, 0x97, 0x40, 0x6a, 0x49, 0x29, 0xb2, 0xe0, 0x9c,
0x31, 0x89, 0x0b, 0x69, 0x5b, 0x7b, 0x8b, 0xb8, 0x51, 0xa2, 0x2c, 0x7b,
@@ -3984,22 +4296,32 @@ const RsaDecryptTestVector kRsa2048Decry
0x47, 0x4e, 0x19, 0x21, 0x3a, 0x5e, 0x24, 0x29, 0x80, 0x71, 0x49, 0x5d,
0x18, 0xc6, 0xac, 0x77, 0xde, 0xce, 0x09, 0x4c, 0x56, 0xbb, 0x34, 0xed,
0x82, 0x74, 0xf5, 0xd7, 0x5f, 0x99, 0x16, 0x2a, 0x58, 0xdf, 0xc4, 0x24,
0x0f, 0x53, 0x93, 0xba, 0xae, 0x58, 0xf4, 0x84, 0xef, 0x0a, 0x02, 0x59,
0xb5, 0x6a, 0xd6, 0x47, 0xad, 0x81, 0xfe, 0x88, 0xc9, 0x1b, 0x75, 0xa3,
0x6b, 0x1a, 0xcc, 0x67, 0xa5, 0x6e, 0xc3, 0x79, 0xbb, 0xa0, 0x3a, 0x8b,
0xe9, 0x1d, 0xc0, 0xcd},
priv_key_0,
- false},
+ true},
// Comment: Block type = 0xff
// tcID: 19
{19,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x60, 0x05, 0x55, 0x0d, 0x8e, 0xad, 0x7e, 0x73, 0xb0, 0x47, 0x8a, 0xa3,
+ 0xd8, 0x5e, 0x4b, 0xa0, 0xa4, 0x9c, 0x24, 0x62, 0x5a, 0x37, 0xf5, 0x91,
+ 0x16, 0x3a, 0x93, 0x40, 0x91, 0x9c, 0x85, 0x45, 0xf7, 0xa5, 0xf1, 0x6a,
+ 0xd6, 0xda, 0x70, 0x6b, 0x4d, 0x58, 0x81, 0x93, 0xac, 0xfb, 0x28, 0xc7,
+ 0x48, 0x03, 0xea, 0x9c, 0xb7, 0xce, 0x93, 0xe5, 0xf6, 0x8c, 0x14, 0x72,
+ 0x27, 0x9c, 0xe7, 0x32, 0xea, 0x8a, 0xea, 0x7d, 0x10, 0xd0, 0xcb, 0x24,
+ 0xab, 0x36, 0x02, 0x11, 0xe5, 0xcf, 0x7d, 0xcb, 0xc0, 0xec, 0x04, 0xe8,
+ 0xef, 0xe8, 0x04, 0x19, 0x39, 0x32, 0x07, 0x70, 0x3c, 0x19, 0xcd, 0x21,
+ 0x19, 0x15, 0x95, 0x86, 0xdd, 0xcb, 0xf2, 0xa5, 0x79, 0x2d, 0xe4, 0xa2,
+ 0x9b, 0x07, 0xab, 0x7a, 0x6c, 0x1c, 0x65, 0x0a},
{0x6d, 0xbc, 0x27, 0xd3, 0x33, 0x71, 0xf8, 0xcb, 0x3c, 0x3a, 0x54, 0x18,
0x5a, 0x68, 0x7a, 0x66, 0xee, 0xa8, 0x11, 0x4f, 0x26, 0xcd, 0x23, 0x46,
0x17, 0xb2, 0xf5, 0x67, 0xd6, 0x01, 0x3e, 0x22, 0x2f, 0x33, 0xd7, 0xfe,
0x05, 0x29, 0x8b, 0x73, 0xf8, 0xbf, 0x20, 0x26, 0x64, 0x83, 0x57, 0x1a,
0x52, 0xb1, 0xda, 0x2c, 0x0b, 0x1a, 0x43, 0x1c, 0x25, 0x7c, 0x62, 0xed,
0x44, 0x12, 0x15, 0xf5, 0x7c, 0xd2, 0xa4, 0xaf, 0x46, 0x28, 0xee, 0xb2,
0x1a, 0x9c, 0xd6, 0x6a, 0x35, 0x0a, 0x16, 0x1c, 0xce, 0x44, 0x6f, 0x25,
0x22, 0x4a, 0x9a, 0xcb, 0xdc, 0xdd, 0x70, 0x9b, 0x14, 0xb8, 0x10, 0xfa,
@@ -4013,22 +4335,37 @@ const RsaDecryptTestVector kRsa2048Decry
0xc4, 0x3c, 0xed, 0x45, 0xe8, 0xdc, 0xe6, 0x56, 0x5c, 0x00, 0xbf, 0x0b,
0xe0, 0x06, 0x94, 0xc3, 0x39, 0xf7, 0xfd, 0xbe, 0x06, 0x4c, 0x60, 0xe0,
0x40, 0xa9, 0x5b, 0x5d, 0x5b, 0x4a, 0xf1, 0x5f, 0xb7, 0xf1, 0x4e, 0x00,
0xda, 0x6a, 0x59, 0x1f, 0x18, 0x72, 0x77, 0xe0, 0xc4, 0x53, 0xee, 0xf7,
0xff, 0xce, 0xf2, 0xa4, 0xef, 0xab, 0x93, 0xaf, 0xda, 0xa5, 0x8e, 0x0b,
0xc1, 0xbb, 0x25, 0x28, 0x6d, 0x9c, 0xe2, 0x02, 0x17, 0x6f, 0x39, 0x5e,
0x29, 0xf9, 0x21, 0x36},
priv_key_0,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 20
{20,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xee, 0xdb, 0x97, 0x9a, 0x9d, 0x20, 0xb0, 0x25, 0x90, 0xb9, 0x29, 0xc8,
+ 0x30, 0x40, 0x9d, 0x54, 0x55, 0xf7, 0xf0, 0x8d, 0x90, 0x99, 0x38, 0x2b,
+ 0x29, 0x46, 0x3e, 0x26, 0x48, 0x59, 0x1a, 0xc5, 0x12, 0x0e, 0x83, 0x1f,
+ 0x64, 0x61, 0x62, 0x04, 0x2c, 0x5c, 0x40, 0x7d, 0x49, 0x04, 0x47, 0xb4,
+ 0xfe, 0x90, 0x75, 0x13, 0x81, 0x22, 0x07, 0x3b, 0xe1, 0x2d, 0x33, 0x1f,
+ 0xa1, 0x46, 0x3a, 0x7a, 0x5a, 0x60, 0x03, 0x9a, 0x8e, 0x44, 0x93, 0x30,
+ 0x20, 0xc3, 0x33, 0x15, 0x69, 0x96, 0x57, 0xe8, 0x00, 0x18, 0x45, 0xd1,
+ 0x54, 0x41, 0x72, 0xc5, 0xde, 0x76, 0x79, 0xcf, 0x56, 0x26, 0x76, 0x49,
+ 0xc0, 0xa6, 0xa0, 0x1b, 0x9b, 0xc1, 0x69, 0x4e, 0x47, 0x95, 0x16, 0x17,
+ 0x70, 0x1d, 0xdc, 0x27, 0x04, 0x9d, 0x00, 0x14, 0x66, 0x36, 0xdd, 0xc2,
+ 0xe8, 0x72, 0xb7, 0x10, 0xb3, 0x6f, 0x02, 0x2f, 0x87, 0x4c, 0xd4, 0x76,
+ 0xc8, 0x42, 0x3b, 0x67, 0x86, 0xd4, 0x6e, 0xdf, 0xb2, 0xc2, 0xcc, 0x61,
+ 0xdd, 0xff, 0x93, 0xd6, 0x5f, 0xd6, 0xe8, 0xb9, 0x5c, 0xe9, 0xf4, 0x81,
+ 0x90, 0x20, 0xa9, 0xa2, 0xed, 0x3c, 0x9a, 0xc3, 0x49, 0x6c, 0x7a, 0xe8,
+ 0x2d, 0xdd, 0xb7, 0xf7, 0xbd, 0xc8},
{0x79, 0x4a, 0xb7, 0x24, 0xae, 0xb1, 0x76, 0xc4, 0x41, 0x5a, 0x59, 0x7e,
0x9d, 0x69, 0xcb, 0x56, 0x7c, 0xec, 0xe4, 0x47, 0x9e, 0x6e, 0x4c, 0x9c,
0x19, 0x53, 0x0b, 0x08, 0x77, 0xb5, 0x37, 0x19, 0xd7, 0xf6, 0x31, 0x8b,
0xe8, 0xe9, 0x70, 0x87, 0x4c, 0x4b, 0xe1, 0x99, 0x84, 0xc6, 0x32, 0x82,
0x5d, 0xee, 0x7a, 0x38, 0x56, 0x1a, 0x69, 0x04, 0xe2, 0x3c, 0x77, 0x6c,
0xcc, 0xe7, 0x11, 0x28, 0x84, 0x7c, 0x24, 0xd5, 0x60, 0x9e, 0x67, 0x90,
0xe3, 0xc9, 0x11, 0x23, 0x93, 0x66, 0x0f, 0xfd, 0x20, 0x87, 0x71, 0x91,
0x6d, 0x2e, 0x80, 0xd2, 0xc2, 0xfb, 0x35, 0xff, 0x79, 0x36, 0xba, 0xb6,
@@ -4042,22 +4379,41 @@ const RsaDecryptTestVector kRsa2048Decry
0xce, 0x41, 0x74, 0x53, 0x32, 0x4e, 0xb0, 0x15, 0xfd, 0x83, 0xca, 0x21,
0x47, 0x33, 0x1c, 0x02, 0xc7, 0x62, 0xc4, 0x57, 0xfc, 0x52, 0xca, 0x5f,
0x09, 0x76, 0x10, 0xc6, 0x04, 0x30, 0xb6, 0x9b, 0x6b, 0x0f, 0xc1, 0xc0,
0x87, 0x75, 0x13, 0xbd, 0xb5, 0x19, 0x23, 0xbc, 0xa0, 0x3e, 0x9a, 0xf9,
0x17, 0x4d, 0x30, 0x94, 0x53, 0x0a, 0x00, 0x72, 0x53, 0x95, 0x8b, 0xfe,
0xd0, 0x36, 0x06, 0xe6, 0xf7, 0x5c, 0xb5, 0x85, 0x44, 0x43, 0xea, 0xa3,
0x63, 0x61, 0x41, 0x16},
priv_key_0,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 21
{21,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x0e, 0x16, 0xc7, 0x0b, 0x13, 0x1b, 0xc2, 0x77, 0x6b, 0xf7, 0xcd, 0xdd,
+ 0xa5, 0xce, 0x15, 0x45, 0x10, 0xd1, 0xe9, 0x0c, 0x65, 0x07, 0x20, 0x1e,
+ 0x69, 0x4a, 0x96, 0xff, 0x8d, 0x78, 0x30, 0xf9, 0x47, 0x73, 0x4b, 0x0d,
+ 0x6e, 0x7b, 0xe7, 0x15, 0x2e, 0xf0, 0x25, 0xbd, 0x40, 0x83, 0x18, 0xa1,
+ 0x20, 0x97, 0x55, 0x68, 0x0f, 0x54, 0x28, 0x48, 0x69, 0x19, 0xb0, 0xf8,
+ 0x52, 0xb7, 0xc9, 0x0d, 0x3a, 0xe7, 0x92, 0x31, 0x97, 0xfc, 0x1b, 0x3f,
+ 0xc7, 0x5f, 0x0f, 0x78, 0xf9, 0xd2, 0x80, 0x2b, 0x32, 0x57, 0xbe, 0x5c,
+ 0x09, 0x5c, 0xb3, 0x31, 0x7e, 0x9f, 0xe6, 0xc1, 0xf1, 0xa9, 0x1a, 0xa2,
+ 0x6d, 0x01, 0x7c, 0x8e, 0x58, 0x24, 0x5f, 0x68, 0x25, 0xfa, 0xf7, 0xa8,
+ 0x97, 0x8e, 0x9c, 0x2b, 0xc4, 0x39, 0x00, 0x7c, 0xa8, 0x44, 0xcb, 0xde,
+ 0x93, 0x8a, 0x23, 0xf5, 0xdc, 0xc8, 0xa6, 0x6e, 0x67, 0xb3, 0x89, 0xd2,
+ 0xed, 0xb7, 0x06, 0x01, 0xe7, 0x4e, 0x57, 0x83, 0x1f, 0x9b, 0x36, 0x2d,
+ 0xff, 0x2b, 0x31, 0x22, 0xdb, 0x72, 0xda, 0x75, 0x4a, 0x14, 0xc5, 0xca,
+ 0xa9, 0x13, 0xe9, 0x29, 0x56, 0x28, 0x16, 0xc6, 0xb3, 0x24, 0x69, 0x5f,
+ 0x1c, 0xef, 0x9a, 0x6d, 0xc9, 0x1d, 0xff, 0x58, 0xb3, 0xa5, 0xd9, 0xea,
+ 0xfb, 0x72, 0xb5, 0xd5, 0x91, 0x17, 0xcd, 0x21, 0x48, 0x67, 0xd4, 0xf4,
+ 0x70, 0xfd, 0xdf, 0xc5, 0x66, 0xf5, 0x84, 0x19, 0x3d, 0x38, 0xb8, 0xcc,
+ 0xc1, 0xb6, 0x03, 0xc1, 0x34, 0xf3, 0xd6, 0xdd, 0xd8, 0x1f, 0x87, 0xab,
+ 0x3a, 0x69, 0x4c, 0x9a, 0x3a, 0xee, 0xc3, 0xe6, 0x90},
{0x8c, 0x7b, 0x80, 0x18, 0x88, 0x18, 0xf6, 0x3e, 0x6a, 0x01, 0x10, 0xcf,
0x94, 0xa1, 0x69, 0xc7, 0x8a, 0x0d, 0xb7, 0x59, 0x17, 0xca, 0xaf, 0x47,
0x40, 0x5e, 0x83, 0x84, 0xb7, 0x9a, 0x8f, 0x40, 0xde, 0x94, 0xf2, 0x8f,
0x74, 0x91, 0x86, 0xc4, 0xf1, 0x6a, 0xef, 0xfb, 0x66, 0x16, 0x8a, 0xc7,
0xc3, 0x19, 0xd4, 0x7d, 0xe6, 0x99, 0xcc, 0xae, 0x0e, 0xdc, 0xb5, 0x1a,
0x68, 0x22, 0xf8, 0x8e, 0x27, 0xe9, 0x9a, 0x1a, 0x0b, 0xb3, 0x9d, 0x29,
0x2e, 0x7d, 0x6e, 0x09, 0x22, 0xc1, 0xd2, 0xfd, 0x64, 0x93, 0x76, 0xd8,
0x11, 0x60, 0xd1, 0x5c, 0xce, 0x10, 0xfc, 0x70, 0x82, 0xb8, 0x8e, 0x8c,
@@ -4071,22 +4427,41 @@ const RsaDecryptTestVector kRsa2048Decry
0x26, 0x50, 0x49, 0xea, 0xc0, 0xd5, 0xb5, 0x49, 0x71, 0x33, 0x68, 0x70,
0x3a, 0xd0, 0x23, 0x11, 0x19, 0x3b, 0xa0, 0xd3, 0xda, 0xc6, 0x07, 0x3e,
0xb7, 0x99, 0x13, 0x92, 0x29, 0xa4, 0xaa, 0x0b, 0xfb, 0xc2, 0x5b, 0xd5,
0xe8, 0x86, 0xad, 0x21, 0x3d, 0xc3, 0x21, 0x13, 0x1e, 0xd1, 0x2c, 0xf1,
0x00, 0x8e, 0xe8, 0xaf, 0x3a, 0x15, 0x88, 0xd0, 0x6c, 0x75, 0xd7, 0xcf,
0x73, 0x75, 0x99, 0x8e, 0x5a, 0x03, 0xaf, 0x0e, 0xc8, 0xaa, 0x92, 0x27,
0x6b, 0xd5, 0x1b, 0x21},
priv_key_0,
- false},
+ true},
// Comment: signature padding
// tcID: 22
{22,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x72, 0x01, 0x1d, 0x4c, 0xc4, 0xf8, 0x00, 0x09, 0x58, 0x28, 0x9a, 0xb8,
+ 0x48, 0x47, 0x86, 0xe5, 0x6a, 0xb9, 0x12, 0xc7, 0x79, 0x3a, 0x06, 0x5a,
+ 0x76, 0x75, 0xfa, 0x09, 0xf2, 0x65, 0x06, 0x2b, 0x04, 0x2a, 0x87, 0x3c,
+ 0xe1, 0x5b, 0x08, 0xb5, 0xc2, 0x2d, 0xe8, 0x64, 0x1d, 0xac, 0xde, 0xfd,
+ 0x89, 0x0a, 0xcd, 0x09, 0x61, 0xd8, 0xab, 0x2a, 0xf0, 0xc7, 0x4e, 0xfb,
+ 0xed, 0xc5, 0xa0, 0xf5, 0xa3, 0xfe, 0xba, 0xb1, 0x71, 0x29, 0x65, 0xbb,
+ 0x5d, 0x83, 0x5a, 0x51, 0x5f, 0xb0, 0x1b, 0xa1, 0x09, 0x77, 0x5f, 0x69,
+ 0x1b, 0x71, 0x96, 0x1e, 0xb9, 0xac, 0x46, 0x56, 0x5c, 0xc8, 0xa0, 0x59,
+ 0x08, 0x1f, 0x17, 0x7e, 0x19, 0x67, 0xf9, 0xe0, 0x09, 0x87, 0x82, 0x23,
+ 0xb0, 0x79, 0x50, 0xd5, 0xfb, 0xbd, 0xa7, 0x5a, 0x85, 0x53, 0x0a, 0xb6,
+ 0x93, 0x68, 0xc1, 0x9f, 0xab, 0x1c, 0x6f, 0xe9, 0xd2, 0x9f, 0x76, 0x03,
+ 0x5b, 0xca, 0x30, 0x86, 0x9c, 0x8b, 0xa1, 0x7f, 0xa8, 0xf0, 0xa7, 0x9b,
+ 0x3c, 0xbf, 0x5f, 0x78, 0xf3, 0x26, 0xed, 0xf5, 0x7a, 0xe7, 0x06, 0x07,
+ 0xf4, 0xce, 0x34, 0xcd, 0xbe, 0x63, 0x09, 0x36, 0x25, 0x0b, 0x5b, 0x58,
+ 0x69, 0xc1, 0xe9, 0x47, 0x8c, 0x0a, 0x6c, 0xde, 0xa5, 0x78, 0x9d, 0x65,
+ 0x71, 0xb1, 0xed, 0x9b, 0x11, 0x5b, 0xeb, 0x4a, 0xa4, 0xb6, 0xdc, 0x18,
+ 0x56, 0xdf, 0xd1, 0xbc, 0xa1, 0xec, 0xac, 0xcd, 0x27, 0x0f, 0x4a, 0x73,
+ 0xca, 0x35, 0xf4, 0x1a, 0x85, 0x4d, 0x5e, 0xa0, 0xaf, 0xe1, 0xe6, 0x73,
+ 0x19, 0x3a, 0xed, 0x83, 0xca, 0x08, 0xf1, 0x86, 0x5a, 0x36, 0x31, 0x03},
{0x34, 0xbc, 0x8b, 0x1a, 0x46, 0x46, 0xf2, 0xdb, 0x8b, 0x10, 0xfd, 0xae,
0x22, 0xd6, 0xb5, 0xcb, 0x30, 0x02, 0x29, 0x11, 0x40, 0x15, 0xf2, 0x52,
0x93, 0xd4, 0xb2, 0x8e, 0x8f, 0x58, 0x78, 0x3e, 0x1c, 0x5e, 0x68, 0x94,
0xda, 0x18, 0xde, 0xa5, 0x27, 0xe4, 0xd8, 0x43, 0xb5, 0x1c, 0xf9, 0x84,
0x17, 0x0d, 0x56, 0x85, 0x3e, 0x45, 0xf6, 0xac, 0x77, 0xb1, 0x17, 0x9e,
0xb0, 0xaa, 0x74, 0xfc, 0x55, 0x6c, 0xbd, 0x63, 0x2d, 0x57, 0x65, 0x24,
0xb8, 0x20, 0xa2, 0xc7, 0x4a, 0x4c, 0x81, 0x59, 0x88, 0x5f, 0xa0, 0x89,
0x37, 0xe9, 0xc7, 0x3c, 0xa0, 0x38, 0x5c, 0x7a, 0x19, 0x67, 0x6f, 0x27,
@@ -4100,22 +4475,36 @@ const RsaDecryptTestVector kRsa2048Decry
0xd4, 0xb9, 0xcb, 0xb5, 0x41, 0x79, 0x35, 0x67, 0x87, 0xbd, 0x4b, 0xd0,
0x20, 0x15, 0xcb, 0x3b, 0xbe, 0x02, 0x63, 0x37, 0x11, 0xf2, 0x66, 0xe9,
0x15, 0xa0, 0xb4, 0x59, 0x14, 0x15, 0x98, 0x36, 0x10, 0xa2, 0x71, 0x4a,
0xdc, 0xe1, 0xb0, 0x71, 0x66, 0x75, 0xb9, 0x58, 0x77, 0xbc, 0xef, 0x61,
0x87, 0x84, 0xf2, 0xb3, 0xcd, 0x23, 0xfc, 0xdd, 0x06, 0x36, 0xe5, 0x85,
0x6e, 0xdb, 0x96, 0x85, 0x2a, 0x32, 0xc9, 0x63, 0x2c, 0x2e, 0x6e, 0x4b,
0x9a, 0x6f, 0x88, 0x1e},
priv_key_0,
- false},
+ true},
// Comment: no zero after padding
// tcID: 23
{23,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x23, 0x12, 0x21, 0x07, 0xd3, 0x02, 0x52, 0xeb, 0x4c, 0x82, 0x74, 0xaa,
+ 0x02, 0x95, 0x99, 0xeb, 0xbc, 0x20, 0x32, 0xe7, 0x9b, 0xc1, 0x56, 0xf7,
+ 0x45, 0xfc, 0xd4, 0xb7, 0xaa, 0x67, 0x6f, 0x54, 0xf2, 0x09, 0x36, 0xed,
+ 0xf5, 0x27, 0xc1, 0xc3, 0xf9, 0x98, 0xad, 0x15, 0x2f, 0xb3, 0x99, 0x3d,
+ 0x0b, 0xfc, 0x91, 0xc0, 0x93, 0xdd, 0x3c, 0x7b, 0x76, 0x2e, 0xee, 0x84,
+ 0xab, 0x9a, 0xe4, 0x4f, 0x41, 0x9f, 0xe3, 0xc4, 0x66, 0xef, 0x15, 0x53,
+ 0x5e, 0x7b, 0x8a, 0x98, 0x2d, 0xd9, 0x5e, 0x14, 0x41, 0xfe, 0xc5, 0x1e,
+ 0x8a, 0x7a, 0x54, 0x65, 0xb8, 0xc4, 0x53, 0x3b, 0x1a, 0xca, 0xbc, 0xae,
+ 0xda, 0x0b, 0x34, 0xa1, 0x68, 0x07, 0xfa, 0x5b, 0x0e, 0x80, 0x09, 0x97,
+ 0xd6, 0x62, 0x14, 0x5e, 0xb0, 0xc0, 0xd4, 0xb1, 0x7f, 0x9f, 0xb6, 0x17,
+ 0xf0, 0x41, 0xa0, 0x5c, 0x38, 0xb2, 0xbe, 0xaf, 0xa0, 0xfe, 0x01, 0x7c,
+ 0xc0, 0x5d, 0x09, 0x89, 0x41, 0x8f, 0xfc, 0xf5, 0x2f, 0xdf, 0x00, 0x4f,
+ 0xf1, 0x27, 0xc1, 0x94, 0x15, 0xb8, 0x55, 0x65, 0x03, 0x9c, 0x2c, 0xb8,
+ 0xfa, 0xa8, 0xfc, 0xdc},
{0x46, 0x29, 0x02, 0x7b, 0xfd, 0xd6, 0xc3, 0x3a, 0xbd, 0xa0, 0x30, 0xf0,
0xcb, 0x3a, 0xc1, 0xb5, 0x5b, 0xdd, 0xdd, 0xd1, 0x12, 0x92, 0x52, 0x0f,
0x14, 0x22, 0x48, 0xbb, 0xd1, 0xef, 0xad, 0x14, 0xad, 0xcb, 0x7e, 0xc5,
0x0d, 0x27, 0x84, 0x71, 0xf4, 0xa9, 0x8d, 0xc9, 0xa6, 0x74, 0xc2, 0x02,
0xd8, 0x23, 0x67, 0x7d, 0x26, 0x06, 0xcd, 0x63, 0x9f, 0xda, 0x44, 0x3d,
0x7c, 0x14, 0xf0, 0xaa, 0x35, 0xf4, 0x72, 0x18, 0x9a, 0xbe, 0x1b, 0x63,
0x9f, 0x08, 0x56, 0x74, 0x32, 0x12, 0xaa, 0xb4, 0x6a, 0xe3, 0x51, 0x60,
0xab, 0x4e, 0x6c, 0x08, 0xa2, 0x0e, 0x5b, 0x82, 0x21, 0x0b, 0x07, 0xb6,
@@ -4129,22 +4518,39 @@ const RsaDecryptTestVector kRsa2048Decry
0x74, 0xb4, 0x08, 0x85, 0xb3, 0x00, 0x3e, 0xc7, 0x78, 0x1a, 0xa7, 0x10,
0xc8, 0x3f, 0xbf, 0x4d, 0x4b, 0xc1, 0x97, 0x63, 0x0b, 0x14, 0x55, 0x85,
0x3c, 0x4d, 0x6d, 0x60, 0x50, 0x01, 0x1a, 0x7f, 0x73, 0x77, 0xe9, 0x03,
0x4d, 0x29, 0xe4, 0x39, 0x6f, 0x52, 0xb2, 0x4e, 0xe6, 0x87, 0x5f, 0xee,
0xf8, 0x83, 0x27, 0x4c, 0xb0, 0x84, 0x2b, 0x4b, 0x17, 0x7d, 0x3f, 0xa3,
0xb4, 0x16, 0x09, 0x5c, 0x6f, 0xf9, 0x6f, 0x6d, 0xe0, 0xd9, 0x12, 0x3d,
0xd9, 0xce, 0x6d, 0x31},
priv_key_0,
- false},
+ true},
// Comment: no padding
// tcID: 24
{24,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xc4, 0x59, 0x75, 0xe3, 0x07, 0x51, 0xd5, 0x1b, 0x4a, 0x81, 0x93, 0x86,
+ 0xcc, 0x9f, 0x2a, 0x90, 0x20, 0xac, 0x1e, 0x07, 0x84, 0x4a, 0x19, 0xba,
+ 0x86, 0x92, 0x0d, 0xd9, 0xe7, 0x3e, 0x2d, 0x45, 0xb8, 0x16, 0x4a, 0xf0,
+ 0x84, 0x05, 0x46, 0x3f, 0xce, 0x7d, 0x63, 0x61, 0x8d, 0x15, 0xdc, 0x07,
+ 0xb8, 0x08, 0x70, 0xe8, 0x87, 0xe5, 0xc8, 0xbc, 0xec, 0xfd, 0x37, 0x85,
+ 0x5a, 0xee, 0x81, 0x81, 0x90, 0x58, 0x07, 0xf6, 0xbb, 0x30, 0x2e, 0xa4,
+ 0x15, 0xc9, 0x97, 0xfb, 0x6c, 0x39, 0x08, 0x6d, 0x39, 0xde, 0x08, 0xfb,
+ 0xee, 0x88, 0xbf, 0x8c, 0x04, 0x6a, 0xe8, 0x49, 0x41, 0x8d, 0xd1, 0x6c,
+ 0xfb, 0x1e, 0xe2, 0x23, 0x60, 0xbc, 0x87, 0xab, 0xba, 0xb9, 0x0d, 0x31,
+ 0x46, 0xe6, 0x00, 0xb5, 0x56, 0x29, 0xbf, 0x30, 0xf3, 0x6d, 0xe9, 0x71,
+ 0x09, 0x23, 0xb0, 0xeb, 0x93, 0xb1, 0xf6, 0x29, 0x8e, 0x55, 0x15, 0x33,
+ 0x13, 0xdf, 0xf7, 0xa3, 0x10, 0x34, 0x40, 0x40, 0x3f, 0xf5, 0xe7, 0x05,
+ 0xfe, 0xb9, 0xf4, 0xf2, 0x91, 0xae, 0x27, 0x85, 0x17, 0xd5, 0x3c, 0xb3,
+ 0x63, 0x8c, 0xed, 0x27, 0x95, 0x70, 0x58, 0x56, 0x62, 0xe7, 0xd6, 0xf7,
+ 0x97, 0x96, 0x83, 0x9b, 0xf0, 0x4f, 0x5e, 0x1b, 0x96, 0x2f, 0x69, 0x68,
+ 0x4a, 0x3e, 0xe8, 0x2b, 0x93, 0xdb, 0x14, 0x04, 0x31, 0x58, 0xa0, 0x2c,
+ 0x0c, 0x82, 0xcb, 0x9d, 0x8d, 0xf8, 0xfd, 0xd5, 0xea},
{0x91, 0x0a, 0xd4, 0x0a, 0xe0, 0xd8, 0xaf, 0x15, 0x1f, 0x51, 0x23, 0x54,
0xe1, 0xcf, 0x12, 0xaf, 0x7c, 0x48, 0x51, 0xcf, 0xf0, 0xb6, 0x59, 0x02,
0x6e, 0x90, 0xa9, 0xec, 0x4d, 0xea, 0x6c, 0x1e, 0x4b, 0x2b, 0x33, 0xcb,
0xe8, 0x26, 0x05, 0x01, 0x49, 0x3d, 0xf2, 0xe7, 0xfa, 0x2c, 0xd7, 0x7f,
0x02, 0x0a, 0x7c, 0xfa, 0xc1, 0xca, 0x37, 0x9e, 0xed, 0x3f, 0xe6, 0xd0,
0x03, 0x33, 0x56, 0x53, 0xa5, 0xf0, 0x22, 0xf6, 0xbf, 0x50, 0x10, 0xe5,
0xf5, 0x8c, 0x41, 0xfc, 0x91, 0x25, 0x3d, 0x75, 0xea, 0xc2, 0x07, 0x24,
0x79, 0xd4, 0xbb, 0x35, 0x09, 0xe1, 0x35, 0x1a, 0x66, 0xf7, 0x00, 0xff,
@@ -4158,22 +4564,39 @@ const RsaDecryptTestVector kRsa2048Decry
0x9f, 0x70, 0x79, 0x32, 0x04, 0x75, 0x3d, 0x7b, 0x20, 0x7f, 0xbc, 0xe2,
0xd0, 0xbf, 0xba, 0xb1, 0x1d, 0x3d, 0x61, 0x4b, 0x99, 0xbf, 0x87, 0xbc,
0xc9, 0xa3, 0x4d, 0xb6, 0x39, 0xfd, 0x20, 0x3c, 0x9c, 0x08, 0x1d, 0xde,
0xec, 0xb9, 0xc8, 0x52, 0x21, 0xe0, 0x3c, 0xb9, 0x17, 0x16, 0x85, 0xda,
0xfc, 0xfe, 0xab, 0xa4, 0x70, 0xc5, 0xf1, 0x92, 0x1a, 0x6f, 0xe0, 0x16,
0xba, 0x4b, 0x81, 0x6a, 0x23, 0x28, 0xee, 0xe9, 0x85, 0x3f, 0xa6, 0x99,
0x4e, 0xc3, 0x13, 0xd8},
priv_key_0,
- false},
+ true},
// Comment: m = 2
// tcID: 25
{25,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x9e, 0x7c, 0xf0, 0xec, 0x30, 0x99, 0xfa, 0x06, 0x92, 0xbf, 0xd1, 0xef,
+ 0x09, 0x46, 0xd0, 0x40, 0x06, 0xe3, 0xdb, 0x42, 0xcb, 0x9f, 0x14, 0x17,
+ 0x04, 0x5e, 0x23, 0x98, 0x6a, 0x95, 0x4c, 0xca, 0xb3, 0xa1, 0x8c, 0xcc,
+ 0x6d, 0x93, 0x03, 0x67, 0x50, 0xab, 0x6b, 0x1b, 0x61, 0xc7, 0x46, 0xe3,
+ 0x30, 0x0c, 0x75, 0x98, 0xc7, 0xe9, 0xd5, 0x28, 0x22, 0xe0, 0xd2, 0x30,
+ 0x2d, 0xa7, 0xea, 0xfb, 0x87, 0xa8, 0x4e, 0x5c, 0x9a, 0xf5, 0x74, 0xde,
+ 0xe3, 0x34, 0xcb, 0x7d, 0xfb, 0xd5, 0xe6, 0xc1, 0x00, 0x6a, 0xa5, 0x15,
+ 0xc0, 0x42, 0x59, 0xeb, 0x3d, 0x06, 0xa1, 0xa9, 0x48, 0x85, 0x2c, 0x7f,
+ 0xd1, 0x26, 0xd1, 0x5e, 0x80, 0xe3, 0x2d, 0x7f, 0xc8, 0xee, 0xd9, 0x41,
+ 0x85, 0xb3, 0x20, 0x95, 0xe3, 0x7f, 0x2f, 0x6a, 0x56, 0x41, 0x23, 0xce,
+ 0x05, 0x2f, 0xb3, 0x5c, 0x52, 0xc7, 0x08, 0xd7, 0x3c, 0x3d, 0x6f, 0x4f,
+ 0x4c, 0xa5, 0x9d, 0x91, 0xf4, 0x63, 0x01, 0x51, 0x17, 0x33, 0x3d, 0xb5,
+ 0xf7, 0x01, 0x44, 0x4c, 0x08, 0x6f, 0x1e, 0xd0, 0x5a, 0xca, 0x05, 0x89,
+ 0xe4, 0xa1, 0x64, 0x33, 0xad, 0x00, 0x90, 0x38, 0x12, 0xb3, 0xd0, 0xae,
+ 0x13, 0x28, 0x9a, 0xab, 0xca, 0xdc, 0x31, 0xab, 0x6e, 0x00, 0x1c, 0x8b,
+ 0x5c, 0x03, 0x09, 0x1b, 0xc7, 0x89, 0x9a, 0xed, 0x0a, 0x78, 0x1b, 0x0a,
+ 0xba, 0xfe, 0x57, 0x22, 0x6a, 0x24, 0xe1, 0xb5, 0xa4, 0x75, 0xda},
{0x62, 0x94, 0xdd, 0xf0, 0xfc, 0xd1, 0x37, 0x39, 0x0c, 0xb2, 0x19, 0x3e,
0x05, 0x0b, 0x5f, 0x61, 0xbf, 0x01, 0x83, 0x97, 0x29, 0x12, 0xdc, 0xa8,
0x8d, 0xdc, 0xef, 0x7d, 0x54, 0x38, 0x86, 0x65, 0xa7, 0xff, 0x9b, 0xe1,
0xf0, 0x74, 0xb5, 0xe3, 0x3b, 0x55, 0xdb, 0xf7, 0xc4, 0x21, 0x25, 0x54,
0xa4, 0xe6, 0x24, 0x3d, 0x39, 0x74, 0xae, 0xf4, 0xd9, 0x57, 0x94, 0xdc,
0x72, 0x26, 0x18, 0x83, 0xa4, 0x58, 0x42, 0xda, 0x69, 0x49, 0x7a, 0x36,
0xed, 0x22, 0xc3, 0x59, 0x0b, 0x01, 0x10, 0xe8, 0x57, 0xbd, 0x0f, 0xc7,
0x29, 0x66, 0x3d, 0xf5, 0x3c, 0x83, 0x18, 0x36, 0xf8, 0x90, 0xb2, 0xb2,
@@ -4187,22 +4610,23 @@ const RsaDecryptTestVector kRsa2048Decry
0xb9, 0x7b, 0x21, 0xff, 0x3f, 0xeb, 0x22, 0xf3, 0x7c, 0x1a, 0x35, 0x82,
0x15, 0x46, 0x7d, 0x0a, 0x02, 0x23, 0xd4, 0x37, 0x92, 0xf4, 0x94, 0x7a,
0xa3, 0x0c, 0x38, 0xf1, 0x42, 0x46, 0xd1, 0xdb, 0x99, 0x18, 0xc9, 0x46,
0x00, 0xe7, 0xd0, 0xa3, 0x93, 0x07, 0x9d, 0xec, 0x2d, 0x9a, 0xd3, 0x68,
0xef, 0x37, 0x8b, 0x2f, 0xff, 0x72, 0xcd, 0xd7, 0xc5, 0x72, 0xf1, 0x10,
0x74, 0xca, 0xca, 0x09, 0x95, 0xca, 0x3e, 0x57, 0x64, 0x28, 0xf6, 0x51,
0xe1, 0xcf, 0x37, 0x64},
priv_key_0,
- false},
+ true},
// Comment: m = n-2
// tcID: 26
{26,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x6a, 0xbd, 0xa8, 0xd0, 0x70, 0xf3, 0xae, 0x3e, 0x17, 0x5b, 0xb7},
{0x50, 0xbc, 0x2c, 0x3a, 0xd0, 0x7b, 0xaf, 0x0b, 0xb9, 0x03, 0x7b, 0x70,
0x4b, 0x4e, 0x81, 0xc9, 0x70, 0x03, 0xc7, 0xce, 0x64, 0x4a, 0xc8, 0xed,
0x0c, 0x52, 0xef, 0x9b, 0x1d, 0x7f, 0x82, 0x56, 0x95, 0xf4, 0x4a, 0x46,
0xe2, 0x04, 0x78, 0x6e, 0x6f, 0x7f, 0xe5, 0x2c, 0xf0, 0x1a, 0xb4, 0xf0,
0x98, 0xe4, 0x38, 0xa1, 0x12, 0x5a, 0x79, 0xf2, 0xe3, 0xf7, 0x6a, 0xdd,
0x9a, 0x8e, 0x9e, 0xbf, 0x17, 0x5e, 0x92, 0xc5, 0xaa, 0x81, 0xe9, 0x9a,
0xbd, 0x17, 0xc6, 0x87, 0x1b, 0x26, 0xde, 0x6b, 0x40, 0xf8, 0x1c, 0x45,
0xd4, 0x31, 0x94, 0x13, 0x6f, 0x68, 0x75, 0x45, 0xa3, 0x3d, 0x59, 0x0c,
@@ -4216,22 +4640,37 @@ const RsaDecryptTestVector kRsa2048Decry
0x1d, 0x40, 0xa8, 0x81, 0x19, 0xfa, 0x4d, 0x7b, 0x21, 0xe4, 0xa3, 0x72,
0x70, 0x1d, 0xe8, 0xf5, 0xa4, 0xef, 0x18, 0xe3, 0x0e, 0x99, 0xf4, 0x12,
0x6f, 0xd0, 0x31, 0xaf, 0x5a, 0xa2, 0x8c, 0xf4, 0x31, 0x6b, 0x03, 0x15,
0x0a, 0x2e, 0x0a, 0x66, 0x35, 0x5c, 0xe1, 0x71, 0x24, 0xb1, 0x3b, 0xc5,
0x86, 0xe9, 0x18, 0x11, 0x6c, 0x23, 0x55, 0xf3, 0x16, 0x9c, 0x18, 0x6a,
0x80, 0xa8, 0x5c, 0x13, 0x02, 0xfe, 0x01, 0xb3, 0x3d, 0x01, 0xfd, 0x3c,
0x61, 0xfb, 0xa0, 0xe9},
priv_key_0,
- false},
+ true},
// Comment: c = 0
// tcID: 27
{27,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xfc, 0xd3, 0x37, 0xc9, 0x64, 0x1f, 0xb9, 0x1d, 0x66, 0x0d, 0xb0, 0x8d,
+ 0x19, 0xb2, 0x47, 0x7e, 0x31, 0xd3, 0xf1, 0xd5, 0x69, 0x8b, 0x7f, 0xa3,
+ 0x04, 0xa5, 0x92, 0x73, 0xe9, 0xea, 0xfe, 0x53, 0x88, 0xfe, 0xa0, 0xa0,
+ 0x60, 0x4d, 0x7e, 0x03, 0x02, 0xce, 0xf4, 0x62, 0xb8, 0x27, 0x5c, 0x74,
+ 0xa3, 0xdb, 0xb1, 0xf8, 0x0f, 0x44, 0x96, 0xc9, 0xf2, 0x48, 0x0d, 0x4e,
+ 0x03, 0x89, 0x3a, 0x1a, 0x0b, 0xcd, 0xf0, 0x75, 0x04, 0xef, 0x3b, 0x3e,
+ 0x22, 0xb9, 0x25, 0x16, 0x0c, 0xc1, 0x45, 0xf6, 0x98, 0xee, 0xfc, 0x4b,
+ 0x82, 0xa7, 0x23, 0x3b, 0x8b, 0x46, 0x27, 0x0e, 0xd1, 0x2b, 0x35, 0x31,
+ 0x5c, 0x3b, 0x4c, 0x93, 0x79, 0x4f, 0xf1, 0xa9, 0x7d, 0x94, 0xb2, 0xaa,
+ 0x9a, 0x15, 0x2d, 0x58, 0x79, 0x87, 0x50, 0x7c, 0xb0, 0xea, 0x05, 0xa3,
+ 0xf0, 0xdf, 0x71, 0x73, 0xe7, 0x4d, 0xb4, 0x06, 0x9e, 0x59, 0xe3, 0x61,
+ 0x14, 0x52, 0xa8, 0x9b, 0xbb, 0x79, 0xe7, 0xe2, 0xef, 0x60, 0x34, 0x32,
+ 0xd3, 0x5c, 0xfb, 0xa4, 0x2a, 0xd0, 0xcc, 0x96, 0x34, 0x73, 0x1f, 0x04,
+ 0x8f, 0x4a, 0xf0, 0x93, 0xa2, 0xe7, 0xe6, 0x14, 0xce, 0xdf, 0xa9, 0x2d,
+ 0x61, 0x05, 0x1e, 0x91, 0xbb, 0x3d, 0x05, 0x37, 0x90},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -4245,22 +4684,39 @@ const RsaDecryptTestVector kRsa2048Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00},
priv_key_0,
- false},
+ true},
// Comment: c = 1
// tcID: 28
{28,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x70, 0xbb, 0x62, 0xae, 0x7b, 0x3c, 0x55, 0x94, 0xa6, 0x57, 0x2f, 0x55,
+ 0x08, 0x4b, 0x6f, 0x50, 0xa6, 0x77, 0x74, 0x7c, 0x60, 0x73, 0xe2, 0xb3,
+ 0x2b, 0xa9, 0x1b, 0x67, 0x3c, 0x93, 0x1d, 0x21, 0x17, 0x1a, 0xcf, 0x3e,
+ 0x65, 0xf2, 0xdb, 0xca, 0xc8, 0xac, 0xb0, 0x7f, 0xfe, 0xde, 0xf5, 0x4c,
+ 0xef, 0xc6, 0x1a, 0x44, 0xda, 0x88, 0x50, 0xf6, 0xbf, 0x42, 0x0c, 0xf5,
+ 0xbf, 0x96, 0xcc, 0x35, 0x84, 0x0b, 0x26, 0xd2, 0x6c, 0xbd, 0x8b, 0x92,
+ 0xa8, 0x9e, 0xdf, 0x23, 0xdf, 0xbc, 0x69, 0xc7, 0x5e, 0x69, 0x30, 0xca,
+ 0x4a, 0xe2, 0x94, 0x90, 0x26, 0x82, 0x57, 0x7c, 0xe6, 0x88, 0xe8, 0x8f,
+ 0xf3, 0xa2, 0x04, 0xc2, 0xa4, 0xdd, 0x45, 0x01, 0x4e, 0x31, 0x4d, 0xea,
+ 0x1e, 0xcf, 0xc8, 0xc5, 0xb1, 0x1d, 0x0c, 0x59, 0x27, 0xa0, 0xd3, 0x92,
+ 0x41, 0x6b, 0xee, 0x34, 0xcc, 0x7d, 0xfb, 0x5c, 0x3f, 0xc6, 0x74, 0x09,
+ 0x6e, 0xc9, 0xe8, 0x15, 0xad, 0xa3, 0x63, 0x15, 0x0a, 0x78, 0xe1, 0xe7,
+ 0xf4, 0x52, 0xe4, 0x2f, 0xb8, 0x21, 0x65, 0x44, 0xba, 0x02, 0x6f, 0xca,
+ 0xf1, 0x59, 0x4b, 0xdb, 0x63, 0x73, 0x51, 0x64, 0xe9, 0x2c, 0x14, 0x9b,
+ 0xe6, 0xae, 0xfd, 0xdb, 0xe0, 0x79, 0x8e, 0x07, 0x37, 0x1e, 0x39, 0xde,
+ 0x23, 0x0b, 0xc5, 0x18, 0x9e, 0x42, 0x58, 0xa2, 0xf4, 0x64, 0x64, 0xa9,
+ 0xca, 0xde, 0x6b, 0x61},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -4274,22 +4730,30 @@ const RsaDecryptTestVector kRsa2048Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01},
priv_key_0,
- false},
+ true},
// Comment: c = n-1
// tcID: 29
{29,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xff, 0xdc, 0x34, 0xe8, 0x0e, 0x24, 0x05, 0xda, 0xc7, 0x1b, 0xd0,
+ 0xee, 0x39, 0xfd, 0xfa, 0x65, 0x49, 0xc5, 0x82, 0x46, 0xac, 0x0d,
+ 0x34, 0x03, 0xe3, 0x79, 0x68, 0x8b, 0x30, 0xce, 0x4a, 0x51, 0xe5,
+ 0x3b, 0x88, 0x24, 0xb0, 0x9b, 0x5e, 0xdd, 0x7d, 0xbb, 0xc4, 0xfb,
+ 0xbf, 0x9d, 0xca, 0xbe, 0x3f, 0x29, 0x90, 0x39, 0x43, 0xaa, 0xf1,
+ 0x8d, 0xf5, 0xb4, 0xce, 0xe5, 0xed, 0x58, 0xc3, 0x8f, 0x4f, 0x38,
+ 0x07, 0x2c, 0x85, 0x4d, 0x3c, 0xe2, 0x57, 0x2b, 0x2d, 0xcf, 0xcd,
+ 0x84, 0x1f, 0xa4, 0x7f, 0xc5, 0x97, 0x60, 0x7a, 0x1d},
{0xb3, 0x51, 0x0a, 0x2b, 0xcd, 0x4c, 0xe6, 0x44, 0xc5, 0xb5, 0x94, 0xae,
0x50, 0x59, 0xe1, 0x2b, 0x2f, 0x05, 0x4b, 0x65, 0x8d, 0x5d, 0xa5, 0x95,
0x9a, 0x2f, 0xdf, 0x18, 0x71, 0xb8, 0x08, 0xbc, 0x3d, 0xf3, 0xe6, 0x28,
0xd2, 0x79, 0x2e, 0x51, 0xaa, 0xd5, 0xc1, 0x24, 0xb4, 0x3b, 0xda, 0x45,
0x3d, 0xca, 0x5c, 0xde, 0x4b, 0xcf, 0x28, 0xe7, 0xbd, 0x4e, 0xff, 0xba,
0x0c, 0xb4, 0xb7, 0x42, 0xbb, 0xb6, 0xd5, 0xa0, 0x13, 0xcb, 0x63, 0xd1,
0xaa, 0x3a, 0x89, 0xe0, 0x26, 0x27, 0xef, 0x53, 0x98, 0xb5, 0x2c, 0x0c,
0xfd, 0x97, 0xd2, 0x08, 0xab, 0xeb, 0x8d, 0x7c, 0x9b, 0xce, 0x0b, 0xbe,
@@ -4303,17 +4767,17 @@ const RsaDecryptTestVector kRsa2048Decry
0xd6, 0xbb, 0xca, 0x80, 0x59, 0xe5, 0x70, 0x6e, 0x9d, 0xfe, 0xd8, 0xf4,
0x85, 0x64, 0x65, 0xff, 0xa7, 0x12, 0xed, 0x1a, 0xa1, 0x8e, 0x88, 0x8d,
0x12, 0xdc, 0x6a, 0xa0, 0x9c, 0xe9, 0x5e, 0xcf, 0xca, 0x83, 0xcc, 0x5b,
0x0b, 0x15, 0xdb, 0x09, 0xc8, 0x64, 0x7f, 0x5d, 0x52, 0x4c, 0x0f, 0x2e,
0x76, 0x20, 0xa3, 0x41, 0x6b, 0x96, 0x23, 0xca, 0xdc, 0x0f, 0x09, 0x7a,
0xf5, 0x73, 0x26, 0x1c, 0x98, 0xc8, 0x40, 0x0a, 0xa1, 0x2a, 0xf3, 0x8e,
0x43, 0xca, 0xd8, 0x4c},
priv_key_0,
- false},
+ true},
// Comment: ciphertext is empty
// tcID: 30
{30, {0x54, 0x65, 0x73, 0x74}, {}, priv_key_0, false},
// Comment: prepended bytes to ciphertext
// tcID: 31
{31,
@@ -5666,11 +6130,741 @@ const RsaDecryptTestVector kRsa2048Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00},
priv_key_32,
+ true},
+
+ // Hubert Bleichenbacher vectors.
+ // test 1 positive test.
+ // tcId: 66
+ {66,
+ // lorem ipsum dolor sit amet
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73,
+ 0x75, 0x6d, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x20,
+ 0x73, 0x69, 0x74, 0x20, 0x61, 0x6d, 0x65, 0x74},
+ {0x8b, 0xfe, 0x26, 0x4e, 0x85, 0xd3, 0xbd, 0xea, 0xa6, 0xb8, 0x85, 0x1b,
+ 0x8e, 0x3b, 0x95, 0x6e, 0xe3, 0xd2, 0x26, 0xfd, 0x3f, 0x69, 0x06, 0x3a,
+ 0x86, 0x88, 0x01, 0x73, 0xa2, 0x73, 0xd9, 0xf2, 0x83, 0xb2, 0xee, 0xbd,
+ 0xd1, 0xed, 0x35, 0xf7, 0xe0, 0x2d, 0x91, 0xc5, 0x71, 0x98, 0x1b, 0x67,
+ 0x37, 0xd5, 0x32, 0x0b, 0xd8, 0x39, 0x6b, 0x0f, 0x3a, 0xd5, 0xb0, 0x19,
+ 0xda, 0xec, 0x1b, 0x0a, 0xab, 0x3c, 0xbb, 0xc0, 0x26, 0x39, 0x5f, 0x4f,
+ 0xd1, 0x4f, 0x13, 0x67, 0x3f, 0x2d, 0xfc, 0x81, 0xf9, 0xb6, 0x60, 0xec,
+ 0x26, 0xac, 0x38, 0x1e, 0x6d, 0xb3, 0x29, 0x9b, 0x4e, 0x46, 0x0b, 0x43,
+ 0xfa, 0xb9, 0x95, 0x5d, 0xf2, 0xb3, 0xcf, 0xaa, 0x20, 0xe9, 0x00, 0xe1,
+ 0x9c, 0x85, 0x62, 0x38, 0xfd, 0x37, 0x18, 0x99, 0xc2, 0xbf, 0x2c, 0xe8,
+ 0xc8, 0x68, 0xb7, 0x67, 0x54, 0xe5, 0xdb, 0x3b, 0x03, 0x65, 0x33, 0xfd,
+ 0x60, 0x37, 0x46, 0xbe, 0x13, 0xc1, 0x0d, 0x4e, 0x3e, 0x60, 0x22, 0xeb,
+ 0xc9, 0x05, 0xd2, 0x0c, 0x2a, 0x7f, 0x32, 0xb2, 0x15, 0xa4, 0xcd, 0x53,
+ 0xb3, 0xf4, 0x4c, 0xa1, 0xc3, 0x27, 0xd2, 0xc2, 0xb6, 0x51, 0x14, 0x58,
+ 0x21, 0xc0, 0x83, 0x96, 0xc8, 0x90, 0x71, 0xf6, 0x65, 0x34, 0x9c, 0x25,
+ 0xe4, 0x4d, 0x27, 0x33, 0xcd, 0x93, 0x05, 0x98, 0x5c, 0xee, 0xf6, 0x43,
+ 0x0c, 0x3c, 0xf5, 0x7a, 0xf5, 0xfa, 0x22, 0x40, 0x89, 0x22, 0x12, 0x18,
+ 0xfa, 0x34, 0x73, 0x7c, 0x79, 0xc4, 0x46, 0xd2, 0x8a, 0x94, 0xc4, 0x1c,
+ 0x96, 0xe4, 0xe9, 0x2a, 0xc5, 0x3f, 0xbc, 0xf3, 0x84, 0xde, 0xa8, 0x41,
+ 0x9e, 0xa0, 0x89, 0xf8, 0x78, 0x44, 0x45, 0xa4, 0x92, 0xc8, 0x12, 0xeb,
+ 0x0d, 0x40, 0x94, 0x67, 0xf7, 0x5a, 0xfd, 0x7d, 0x4d, 0x10, 0x78, 0x88,
+ 0x62, 0x05, 0xa0, 0x66},
+ priv_key_1b,
+ true},
+
+ // Invalid Empty Message
+ {67,
+ {},
+ {0x20, 0xaa, 0xa8, 0xad, 0xbb, 0xc5, 0x93, 0xa9, 0x24, 0xba, 0x1c, 0x5c,
+ 0x79, 0x90, 0xb5, 0xc2, 0x24, 0x2a, 0xe4, 0xb9, 0x9d, 0x0f, 0xe6, 0x36,
+ 0xa1, 0x9a, 0x4c, 0xf7, 0x54, 0xed, 0xbc, 0xee, 0x77, 0x4e, 0x47, 0x2f,
+ 0xe0, 0x28, 0x16, 0x0e, 0xd4, 0x26, 0x34, 0xf8, 0x86, 0x49, 0x00, 0xcb,
+ 0x51, 0x40, 0x06, 0xda, 0x64, 0x2c, 0xae, 0x6a, 0xe8, 0xc7, 0xd0, 0x87,
+ 0xca, 0xeb, 0xcf, 0xa6, 0xda, 0xd1, 0x55, 0x13, 0x01, 0xe1, 0x30, 0x34,
+ 0x49, 0x89, 0xa1, 0xd4, 0x62, 0xd4, 0x16, 0x45, 0x05, 0xf6, 0x39, 0x39,
+ 0x33, 0x45, 0x0c, 0x67, 0xbc, 0x6d, 0x39, 0xd8, 0xf5, 0x16, 0x09, 0x07,
+ 0xca, 0xbc, 0x25, 0x1b, 0x73, 0x79, 0x25, 0xa1, 0xcf, 0x21, 0xe5, 0xc6,
+ 0xaa, 0x57, 0x81, 0xb7, 0x76, 0x9f, 0x6a, 0x2a, 0x58, 0x3d, 0x97, 0xcc,
+ 0xe0, 0x08, 0xc0, 0xf8, 0xb6, 0xad, 0xd5, 0xf0, 0xb2, 0xbd, 0x80, 0xbe,
+ 0xe6, 0x02, 0x37, 0xaa, 0x39, 0xbb, 0x20, 0x71, 0x9f, 0xe7, 0x57, 0x49,
+ 0xf4, 0xbc, 0x4e, 0x42, 0x46, 0x6e, 0xf5, 0xa8, 0x61, 0xae, 0x3a, 0x92,
+ 0x39, 0x5c, 0x7d, 0x85, 0x8d, 0x43, 0x0b, 0xfe, 0x38, 0x04, 0x0f, 0x44,
+ 0x5e, 0xa9, 0x3f, 0xa2, 0x95, 0x8b, 0x50, 0x35, 0x39, 0x80, 0x0f, 0xfa,
+ 0x5c, 0xe5, 0xf8, 0xcf, 0x51, 0xfa, 0x81, 0x71, 0xa9, 0x1f, 0x36, 0xcb,
+ 0x4f, 0x45, 0x75, 0xe8, 0xde, 0x6b, 0x4d, 0x3f, 0x09, 0x6e, 0xe1, 0x40,
+ 0xb9, 0x38, 0xfd, 0x2f, 0x50, 0xee, 0x13, 0xf0, 0xd0, 0x50, 0x22, 0x2e,
+ 0x2a, 0x72, 0xb0, 0xa3, 0x06, 0x9f, 0xf3, 0xa6, 0x73, 0x8e, 0x82, 0xc8,
+ 0x70, 0x90, 0xca, 0xa5, 0xae, 0xd4, 0xfc, 0xbe, 0x88, 0x2c, 0x49, 0x64,
+ 0x6a, 0xa2, 0x50, 0xb9, 0x8f, 0x12, 0xf8, 0x3c, 0x8d, 0x52, 0x81, 0x13,
+ 0x61, 0x4a, 0x29, 0xe7},
+ priv_key_1b,
+ true},
+
+ // Invalid Max Nessage
+ {68,
+ {0x22, 0xd8, 0x50, 0x13, 0x7b, 0x9e, 0xeb, 0xe0, 0x92, 0xb2, 0x4f, 0x60,
+ 0x2d, 0xc5, 0xbb, 0x79, 0x18, 0xc1, 0x6b, 0xd8, 0x9d, 0xdb, 0xf2, 0x04,
+ 0x67, 0xb1, 0x19, 0xd2, 0x05, 0xf9, 0xc2, 0xe4, 0xbd, 0x7d, 0x25, 0x92,
+ 0xcf, 0x1e, 0x53, 0x21, 0x06, 0xe0, 0xf3, 0x35, 0x57, 0x56, 0x59, 0x23,
+ 0xc7, 0x3a, 0x02, 0xd4, 0xf0, 0x9c, 0x0c, 0x22, 0xbe, 0xa8, 0x91, 0x48,
+ 0x18, 0x3e, 0x60, 0x31, 0x7f, 0x70, 0x28, 0xb3, 0xaa, 0x1f, 0x26, 0x1f,
+ 0x91, 0xc9, 0x79, 0x39, 0x31, 0x01, 0xd7, 0xe1, 0x5f, 0x40, 0x67, 0xe6,
+ 0x39, 0x79, 0xb3, 0x27, 0x51, 0x65, 0x8e, 0xf7, 0x69, 0x61, 0x0f, 0xe9,
+ 0x7c, 0xf9, 0xce, 0xf3, 0x27, 0x8b, 0x31, 0x17, 0xd3, 0x84, 0x05, 0x1c,
+ 0x3b, 0x1d, 0x82, 0xc2, 0x51, 0xc2, 0x30, 0x54, 0x18, 0xc8, 0xf6, 0x84,
+ 0x05, 0x30, 0xe6, 0x31, 0xaa, 0xd6, 0x3e, 0x70, 0xe2, 0x0e, 0x02, 0x5b,
+ 0xcd, 0x8e, 0xfb, 0x54, 0xc9, 0x2e, 0xc6, 0xd3, 0xb1, 0x06, 0xa2, 0xf8,
+ 0xe6, 0x4e, 0xef, 0xf7, 0xd3, 0x84, 0x95, 0xb0, 0xfc, 0x50, 0xc9, 0x71,
+ 0x38, 0xaf, 0x4b, 0x1c, 0x0a, 0x67, 0xa1, 0xc4, 0xe2, 0x7b, 0x07, 0x7b,
+ 0x84, 0x39, 0x33, 0x2e, 0xdf, 0xa8, 0x60, 0x8d, 0xfe, 0xae, 0x65, 0x3c,
+ 0xd6, 0xa6, 0x28, 0xac, 0x55, 0x03, 0x95, 0xf7, 0xe7, 0x43, 0x90, 0xe4,
+ 0x2c, 0x11, 0x68, 0x22, 0x34, 0x87, 0x09, 0x25, 0xee, 0xaa, 0x1f, 0xa7,
+ 0x1b, 0x76, 0xcf, 0x1f, 0x2e, 0xe3, 0xbd, 0xa6, 0x9f, 0x67, 0x17, 0x03,
+ 0x3f, 0xf8, 0xb7, 0xc9, 0x5c, 0x97, 0x99, 0xe7, 0xa3, 0xbe, 0xa5, 0xe7,
+ 0xe4, 0xa1, 0xc3, 0x59, 0x77, 0x2f, 0xb6, 0xb1, 0xc6, 0xe6, 0xc5, 0x16,
+ 0x66, 0x1d, 0xfe, 0x30, 0xc3},
+ {0x48, 0xcc, 0xea, 0xb1, 0x0f, 0x39, 0xa4, 0xdb, 0x32, 0xf6, 0x00, 0x74,
+ 0xfe, 0xea, 0x47, 0x3c, 0xbc, 0xdb, 0x7a, 0xcc, 0xf9, 0x2e, 0x15, 0x04,
+ 0x17, 0xf7, 0x6b, 0x44, 0x75, 0x6b, 0x19, 0x0e, 0x84, 0x3e, 0x79, 0xec,
+ 0x12, 0xaa, 0x85, 0x08, 0x3a, 0x21, 0xf5, 0x43, 0x7e, 0x7b, 0xad, 0x0a,
+ 0x60, 0x48, 0x2e, 0x60, 0x11, 0x98, 0xf9, 0xd8, 0x69, 0x23, 0x23, 0x9c,
+ 0x87, 0x86, 0xee, 0x72, 0x82, 0x85, 0xaf, 0xd0, 0x93, 0x7f, 0x7d, 0xde,
+ 0x12, 0x71, 0x7f, 0x28, 0x38, 0x98, 0x43, 0xd7, 0x37, 0x59, 0x12, 0xb0,
+ 0x7b, 0x99, 0x1f, 0x4f, 0xdb, 0x01, 0x90, 0xfc, 0xed, 0x8b, 0xa6, 0x65,
+ 0x31, 0x43, 0x67, 0xe8, 0xc5, 0xf9, 0xd2, 0x98, 0x1d, 0x0f, 0x51, 0x28,
+ 0xfe, 0xeb, 0x46, 0xcb, 0x50, 0xfc, 0x23, 0x7e, 0x64, 0x43, 0x8a, 0x86,
+ 0xdf, 0x19, 0x8d, 0xd0, 0x20, 0x93, 0x64, 0xae, 0x3a, 0x84, 0x2d, 0x77,
+ 0x53, 0x2b, 0x66, 0xb7, 0xef, 0x26, 0x3b, 0x83, 0xb1, 0x54, 0x1e, 0xd6,
+ 0x71, 0xb1, 0x20, 0xdf, 0xd6, 0x60, 0x46, 0x2e, 0x21, 0x07, 0xa4, 0xee,
+ 0x7b, 0x96, 0x4e, 0x73, 0x4a, 0x7b, 0xd6, 0x8d, 0x90, 0xdd, 0xa6, 0x17,
+ 0x70, 0x65, 0x8a, 0x3c, 0x24, 0x29, 0x48, 0x53, 0x2d, 0xa3, 0x26, 0x48,
+ 0x68, 0x7e, 0x03, 0x18, 0x28, 0x64, 0x73, 0xf6, 0x75, 0xb4, 0x12, 0xd6,
+ 0x46, 0x8f, 0x01, 0x3f, 0x14, 0xd7, 0x60, 0xa3, 0x58, 0xdf, 0xca, 0xd3,
+ 0xcd, 0xa2, 0xaf, 0xee, 0xc5, 0xe2, 0x68, 0xa3, 0x7d, 0x25, 0x0c, 0x37,
+ 0xf7, 0x22, 0xf4, 0x68, 0xa7, 0x0d, 0xfd, 0x92, 0xd7, 0x29, 0x4c, 0x3c,
+ 0x1e, 0xe1, 0xe7, 0xf8, 0x84, 0x3b, 0x7d, 0x16, 0xf9, 0xf3, 0x7e, 0xf3,
+ 0x57, 0x48, 0xc3, 0xae, 0x93, 0xaa, 0x15, 0x5c, 0xdc, 0xdf, 0xeb, 0x4e,
+ 0x78, 0x56, 0x73, 0x03},
+ priv_key_1b,
+ true},
+
+ // invalid the last value from the PRF is 246, which is longer than the max
+ // allowed length: 245, so it needs to select second to last: 2
+ {69,
+ {0x0f, 0x9b},
+ {0x14, 0x39, 0xe0, 0x8c, 0x3f, 0x84, 0xc1, 0xa7, 0xfe, 0xc7, 0x4c, 0xe0,
+ 0x76, 0x14, 0xb2, 0x0e, 0x01, 0xf6, 0xfa, 0x4e, 0x8c, 0x2a, 0x6c, 0xff,
+ 0xdc, 0x35, 0x20, 0xd8, 0x88, 0x9e, 0x5d, 0x9a, 0x95, 0x0c, 0x64, 0x25,
+ 0x79, 0x8f, 0x85, 0xd4, 0xbe, 0x38, 0xd3, 0x00, 0xea, 0x56, 0x95, 0xf1,
+ 0x3e, 0xcd, 0x4c, 0xb3, 0x89, 0xd1, 0xff, 0x5b, 0x82, 0x48, 0x4b, 0x49,
+ 0x4d, 0x62, 0x80, 0xab, 0x7f, 0xa7, 0x8e, 0x64, 0x59, 0x33, 0x98, 0x1c,
+ 0xb9, 0x34, 0xcc, 0xe8, 0xbf, 0xcd, 0x11, 0x4c, 0xc0, 0xe6, 0x81, 0x1e,
+ 0xef, 0xa4, 0x7a, 0xae, 0x20, 0xaf, 0x63, 0x8a, 0x1c, 0xd1, 0x63, 0xd2,
+ 0xd3, 0x36, 0x61, 0x86, 0xd0, 0xa0, 0x7d, 0xf0, 0xc8, 0x1f, 0x6c, 0x9f,
+ 0x31, 0x71, 0xcf, 0x35, 0x61, 0x47, 0x2e, 0x98, 0xa6, 0x00, 0x6b, 0xf7,
+ 0x5d, 0xdb, 0x45, 0x7b, 0xed, 0x03, 0x6d, 0xcc, 0xe1, 0x99, 0x36, 0x9d,
+ 0xe7, 0xd9, 0x4e, 0xf2, 0xc6, 0x8e, 0x84, 0x67, 0xee, 0x06, 0x04, 0xee,
+ 0xa2, 0xb3, 0x00, 0x94, 0x79, 0x16, 0x2a, 0x78, 0x91, 0xba, 0x5c, 0x40,
+ 0xca, 0xb1, 0x7f, 0x49, 0xe1, 0xc4, 0x38, 0xcb, 0x6e, 0xae, 0xa4, 0xf7,
+ 0x6c, 0xe2, 0x3c, 0xce, 0x0e, 0x48, 0x3f, 0xf0, 0xe9, 0x6f, 0xa7, 0x90,
+ 0xea, 0x15, 0xbe, 0x67, 0x67, 0x18, 0x14, 0x34, 0x2d, 0x0a, 0x23, 0xf4,
+ 0xa2, 0x02, 0x62, 0xb6, 0x18, 0x2e, 0x72, 0xf3, 0xa6, 0x7c, 0xd2, 0x89,
+ 0x71, 0x15, 0x03, 0xc8, 0x55, 0x16, 0xa9, 0xed, 0x22, 0x54, 0x22, 0xf9,
+ 0x8b, 0x11, 0x6f, 0x1a, 0xb0, 0x80, 0xa8, 0x0a, 0xbd, 0x6f, 0x02, 0x16,
+ 0xdf, 0x88, 0xd8, 0xcf, 0xd6, 0x7c, 0x13, 0x92, 0x43, 0xbe, 0x8d, 0xd7,
+ 0x85, 0x02, 0xa7, 0xaa, 0xf6, 0xbc, 0x99, 0xd7, 0xda, 0x71, 0xbc, 0xdf,
+ 0x62, 0x7e, 0x73, 0x54},
+ priv_key_1b,
+ true},
+ // Invalid: the last three numbers from prf are: 2, 247, 255, so we need to
+ // pick 2, the third one from the end
+ {70,
+ {0x4f, 0x02},
+ {0x16, 0x90, 0xeb, 0xcc, 0xee, 0xce, 0x2c, 0xe0, 0x24, 0xf3, 0x82, 0xe4,
+ 0x67, 0xcf, 0x85, 0x10, 0xe7, 0x45, 0x14, 0x12, 0x09, 0x37, 0x97, 0x85,
+ 0x76, 0xca, 0xf6, 0x84, 0xd4, 0xa0, 0x2a, 0xd5, 0x69, 0xe8, 0xd7, 0x6c,
+ 0xbe, 0x36, 0x5a, 0x06, 0x0e, 0x00, 0x77, 0x9d, 0xe2, 0xf0, 0x86, 0x5c,
+ 0xcf, 0x0d, 0x92, 0x3d, 0xe3, 0xb4, 0x78, 0x3a, 0x4e, 0x2c, 0x74, 0xf4,
+ 0x22, 0xe2, 0xf3, 0x26, 0x08, 0x6c, 0x39, 0x0b, 0x65, 0x8b, 0xa4, 0x7f,
+ 0x31, 0xab, 0x01, 0x3a, 0xa8, 0x0f, 0x46, 0x8c, 0x71, 0x25, 0x6e, 0x5f,
+ 0xa5, 0x67, 0x9b, 0x24, 0xe8, 0x3c, 0xd8, 0x2c, 0x3d, 0x1e, 0x05, 0xe3,
+ 0x98, 0x20, 0x81, 0x55, 0xde, 0x22, 0x12, 0x99, 0x3c, 0xd2, 0xb8, 0xba,
+ 0xb6, 0x98, 0x7c, 0xf4, 0xcc, 0x12, 0x93, 0xf1, 0x99, 0x09, 0x21, 0x94,
+ 0x39, 0xd7, 0x41, 0x27, 0x54, 0x5e, 0x9e, 0xd8, 0xa7, 0x06, 0x96, 0x1b,
+ 0x8e, 0xe2, 0x11, 0x9f, 0x6b, 0xfa, 0xca, 0xfb, 0xef, 0x91, 0xb7, 0x5a,
+ 0x78, 0x9b, 0xa6, 0x5b, 0x8b, 0x83, 0x3b, 0xc6, 0x14, 0x9c, 0xf4, 0x9b,
+ 0x5c, 0x4d, 0x2c, 0x63, 0x59, 0xf6, 0x28, 0x08, 0x65, 0x9b, 0xa6, 0x54,
+ 0x1e, 0x1c, 0xd2, 0x4b, 0xf7, 0xf7, 0x41, 0x04, 0x86, 0xb5, 0x10, 0x3f,
+ 0x6c, 0x0e, 0xa2, 0x93, 0x34, 0xea, 0x6f, 0x49, 0x75, 0xb1, 0x73, 0x87,
+ 0x47, 0x4f, 0xe9, 0x20, 0x71, 0x0e, 0xa6, 0x15, 0x68, 0xd7, 0xb7, 0xc0,
+ 0xa7, 0x91, 0x6a, 0xcf, 0x21, 0x66, 0x5a, 0xd5, 0xa3, 0x1c, 0x4e, 0xab,
+ 0xcd, 0xe4, 0x4f, 0x8f, 0xb6, 0x12, 0x0d, 0x84, 0x57, 0xaf, 0xa1, 0xf3,
+ 0xc8, 0x5d, 0x51, 0x7c, 0xda, 0x36, 0x4a, 0xf6, 0x20, 0x11, 0x3a, 0xe5,
+ 0xa3, 0xc5, 0x2a, 0x04, 0x88, 0x21, 0x73, 0x19, 0x22, 0x73, 0x73, 0x07,
+ 0xf7, 0x7a, 0x10, 0x81},
+ priv_key_1b,
+ true},
+
+ // ciphertext that generates a fake 11 byte plaintext, but decrypts
+ // to real 11 byte long plaintext
+ {71,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x62, 0x13, 0x63, 0x45, 0x93, 0x33, 0x2c, 0x48, 0x5c, 0xef, 0x78, 0x3e,
+ 0xa2, 0x84, 0x6e, 0x3d, 0x6e, 0x8b, 0x0e, 0x00, 0x5c, 0xd8, 0x29, 0x3e,
+ 0xae, 0xbb, 0xaa, 0x50, 0x79, 0x71, 0x2f, 0xd6, 0x81, 0x57, 0x9b, 0xdf,
+ 0xbb, 0xda, 0x13, 0x8a, 0xe4, 0xd9, 0xd9, 0x52, 0x91, 0x7a, 0x03, 0xc9,
+ 0x23, 0x98, 0xec, 0x0c, 0xb2, 0xbb, 0x0c, 0x6b, 0x5a, 0x8d, 0x55, 0x06,
+ 0x1f, 0xed, 0x0d, 0x0d, 0x8d, 0x72, 0x47, 0x35, 0x63, 0x15, 0x26, 0x48,
+ 0xcf, 0xe6, 0x40, 0xb3, 0x35, 0xdc, 0x95, 0x33, 0x1c, 0x21, 0xcb, 0x13,
+ 0x3a, 0x91, 0x79, 0x0f, 0xa9, 0x3a, 0xe4, 0x44, 0x97, 0xc1, 0x28, 0x70,
+ 0x89, 0x70, 0xd2, 0xbe, 0xeb, 0x77, 0xe8, 0x72, 0x1b, 0x06, 0x1b, 0x1c,
+ 0x44, 0x03, 0x41, 0x43, 0x73, 0x4a, 0x77, 0xbe, 0x82, 0x20, 0x87, 0x74,
+ 0x15, 0xa6, 0xdb, 0xa0, 0x73, 0xc3, 0x87, 0x16, 0x05, 0x38, 0x05, 0x42,
+ 0xa9, 0xf2, 0x52, 0x52, 0xa4, 0xba, 0xbe, 0x83, 0x31, 0xcd, 0xd5, 0x3c,
+ 0xf8, 0x28, 0x42, 0x3f, 0x3c, 0xc7, 0x0b, 0x56, 0x06, 0x24, 0xd0, 0x58,
+ 0x1f, 0xb1, 0x26, 0xb2, 0xed, 0x4f, 0x4e, 0xd3, 0x58, 0xf0, 0xeb, 0x80,
+ 0x65, 0xcf, 0x17, 0x63, 0x99, 0xac, 0x1a, 0x84, 0x6a, 0x31, 0x05, 0x5f,
+ 0x9a, 0xe8, 0xc9, 0xc2, 0x4a, 0x1b, 0xa0, 0x50, 0xbc, 0x20, 0x84, 0x21,
+ 0x25, 0xbc, 0x17, 0x53, 0x15, 0x8f, 0x80, 0x65, 0xf3, 0xad, 0xb9, 0xcc,
+ 0x16, 0xbf, 0xdf, 0x83, 0x81, 0x6b, 0xdf, 0x38, 0xb6, 0x24, 0xf1, 0x20,
+ 0x22, 0xc5, 0xa6, 0xfb, 0xfe, 0x29, 0xbc, 0x91, 0x54, 0x2b, 0xe8, 0xc0,
+ 0x20, 0x8a, 0x77, 0x0b, 0xcd, 0x67, 0x7d, 0xc5, 0x97, 0xf5, 0x55, 0x7d,
+ 0xc2, 0xce, 0x28, 0xa1, 0x1b, 0xf3, 0xe3, 0x85, 0x7f, 0x15, 0x87, 0x17,
+ 0xa3, 0x3f, 0x65, 0x92},
+ priv_key_1b,
+ true},
+
+ // ciphertext that starts with a null byte, decrypts to real 11 byte
+ // long plaintext
+ {72,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x00, 0xa2, 0xe8, 0xf1, 0x14, 0xea, 0x8d, 0x05, 0xd1, 0x2d, 0xc8, 0x43,
+ 0xe3, 0xcc, 0x3b, 0x2e, 0xdc, 0x82, 0x29, 0xff, 0x2a, 0x02, 0x8b, 0xda,
+ 0x29, 0xba, 0x9d, 0x55, 0xe3, 0xcd, 0x02, 0x91, 0x19, 0x02, 0xfe, 0xf1,
+ 0xf4, 0x2a, 0x07, 0x5b, 0xf0, 0x5e, 0x80, 0x16, 0xe8, 0x56, 0x72, 0x13,
+ 0xd6, 0xf2, 0x60, 0xfa, 0x49, 0xe3, 0x60, 0x77, 0x9d, 0xd8, 0x1a, 0xee,
+ 0xa3, 0xe0, 0x4c, 0x2c, 0xb5, 0x67, 0xe0, 0xd7, 0x2b, 0x98, 0xbf, 0x75,
+ 0x40, 0x14, 0x56, 0x1b, 0x75, 0x11, 0xe0, 0x83, 0xd2, 0x0e, 0x0b, 0xfb,
+ 0x9c, 0xd2, 0x3f, 0x8a, 0x0d, 0x3c, 0x88, 0x90, 0x0c, 0x49, 0xd2, 0xfc,
+ 0xd5, 0x84, 0x3f, 0xf0, 0x76, 0x56, 0x07, 0xb2, 0x02, 0x6f, 0x28, 0x20,
+ 0x2a, 0x87, 0xaa, 0x94, 0x67, 0x8a, 0xed, 0x22, 0xa0, 0xc2, 0x07, 0x24,
+ 0x54, 0x13, 0x94, 0xcd, 0x8f, 0x44, 0xe3, 0x73, 0xeb, 0xa1, 0xd2, 0xba,
+ 0xe9, 0x8f, 0x51, 0x6c, 0x1e, 0x2b, 0xa3, 0xd8, 0x68, 0x52, 0xd0, 0x64,
+ 0xf8, 0x56, 0xb1, 0xda, 0xf2, 0x47, 0x95, 0xe7, 0x67, 0xa2, 0xb9, 0x03,
+ 0x96, 0xe5, 0x07, 0x43, 0xe3, 0x15, 0x06, 0x64, 0xaf, 0xab, 0x13, 0x1f,
+ 0xe4, 0x0e, 0xa4, 0x05, 0xdc, 0xf5, 0x72, 0xdd, 0x10, 0x79, 0xaf, 0x1d,
+ 0x3f, 0x03, 0x92, 0xcc, 0xad, 0xcc, 0xa0, 0xa1, 0x27, 0x40, 0xdb, 0xb2,
+ 0x13, 0xb9, 0x25, 0xca, 0x2a, 0x06, 0xb1, 0xbc, 0x13, 0x83, 0xe8, 0x3a,
+ 0x65, 0x8c, 0x82, 0xba, 0x2e, 0x74, 0x27, 0x34, 0x23, 0x79, 0x08, 0x4d,
+ 0x5f, 0x66, 0xb5, 0x44, 0x57, 0x9f, 0x07, 0x66, 0x4c, 0xb2, 0x6e, 0xdd,
+ 0x4f, 0x10, 0xfd, 0x91, 0x3f, 0xdb, 0xc0, 0xde, 0x05, 0xef, 0x88, 0x7d,
+ 0x4d, 0x1e, 0xc1, 0xac, 0x95, 0x65, 0x23, 0x97, 0xea, 0x7f, 0xd4, 0xe4,
+ 0x75, 0x9f, 0xda, 0x8b},
+ priv_key_1b,
+ true},
+
+ // ciphertext that starts with two null bytes, decrypts to real 11 byte
+ // long plaintext
+ {73,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x00, 0x00, 0x1f, 0x71, 0x87, 0x9b, 0x42, 0x61, 0x27, 0xf7, 0xde, 0xad,
+ 0x62, 0x1f, 0x73, 0x80, 0xa7, 0x09, 0x8c, 0xf7, 0xd2, 0x21, 0x73, 0xaa,
+ 0x27, 0x99, 0x1b, 0x14, 0x3c, 0x46, 0xd5, 0x33, 0x83, 0xc2, 0x09, 0xbd,
+ 0x0c, 0x9c, 0x00, 0xd8, 0x40, 0x78, 0x03, 0x7e, 0x71, 0x5f, 0x6b, 0x98,
+ 0xc6, 0x50, 0x05, 0xa7, 0x71, 0x20, 0x07, 0x05, 0x22, 0xed, 0xe5, 0x1d,
+ 0x47, 0x2c, 0x87, 0xef, 0x94, 0xb9, 0x4e, 0xad, 0x4c, 0x54, 0x28, 0xee,
+ 0x10, 0x8a, 0x34, 0x55, 0x61, 0x65, 0x83, 0x01, 0x91, 0x1e, 0xc5, 0xa8,
+ 0xf7, 0xdd, 0x43, 0xed, 0x4a, 0x39, 0x57, 0xfd, 0x29, 0xfb, 0x02, 0xa3,
+ 0x52, 0x9b, 0xf6, 0x3f, 0x80, 0x40, 0xd3, 0x95, 0x34, 0x90, 0x93, 0x9b,
+ 0xd8, 0xf7, 0x8b, 0x2a, 0x34, 0x04, 0xb6, 0xfb, 0x5f, 0xf7, 0x0a, 0x4b,
+ 0xfd, 0xaa, 0xc5, 0xc5, 0x41, 0xd6, 0xbc, 0xce, 0x49, 0xc9, 0x77, 0x8c,
+ 0xc3, 0x90, 0xbe, 0x24, 0xcb, 0xef, 0x1d, 0x1e, 0xca, 0x7e, 0x87, 0x04,
+ 0x57, 0x24, 0x1d, 0x3f, 0xf7, 0x2c, 0xa4, 0x4f, 0x9f, 0x56, 0xbd, 0xf3,
+ 0x1a, 0x89, 0x0f, 0xa5, 0xeb, 0x3a, 0x91, 0x07, 0xb6, 0x03, 0xcc, 0xc9,
+ 0xd0, 0x6a, 0x5d, 0xd9, 0x11, 0xa6, 0x64, 0xc8, 0x2b, 0x6a, 0xbd, 0x4f,
+ 0xe0, 0x36, 0xf8, 0xdb, 0x8d, 0x5a, 0x07, 0x0c, 0x2d, 0x86, 0x38, 0x6a,
+ 0xe1, 0x8d, 0x97, 0xad, 0xc1, 0x84, 0x76, 0x40, 0xc2, 0x11, 0xd9, 0x1f,
+ 0xf5, 0xc3, 0x38, 0x75, 0x74, 0xa2, 0x6f, 0x8e, 0xf2, 0x7c, 0xa7, 0xf4,
+ 0x8d, 0x2d, 0xd1, 0xf0, 0xc7, 0xf1, 0x4b, 0x81, 0xcc, 0x9d, 0x33, 0xee,
+ 0x68, 0x53, 0x03, 0x1d, 0x3e, 0xcf, 0x10, 0xa9, 0x14, 0xff, 0xd9, 0x09,
+ 0x47, 0x90, 0x9c, 0x80, 0x11, 0xfd, 0x30, 0x24, 0x92, 0x19, 0x34, 0x8e,
+ 0xbf, 0xf7, 0x6b, 0xfc},
+ priv_key_1b,
+ true},
+
+ // valid ciphertext that generates a zero length fake plaintext
+ {74,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0xb5, 0xe4, 0x93, 0x08, 0xf6, 0xe9, 0x59, 0x00, 0x14, 0xff, 0xaf, 0xfc,
+ 0x5b, 0x85, 0x60, 0x75, 0x57, 0x39, 0xdd, 0x50, 0x1f, 0x1d, 0x4e, 0x92,
+ 0x27, 0xa7, 0xd2, 0x91, 0x40, 0x8c, 0xf4, 0xb7, 0x53, 0xf2, 0x92, 0x32,
+ 0x2f, 0xf8, 0xbe, 0xad, 0x61, 0x3b, 0xf2, 0xca, 0xa1, 0x81, 0xb2, 0x21,
+ 0xbc, 0x38, 0xca, 0xf6, 0x39, 0x2d, 0xea, 0xfb, 0x28, 0xeb, 0x21, 0xad,
+ 0x60, 0x93, 0x08, 0x41, 0xed, 0x02, 0xfd, 0x62, 0x25, 0xcc, 0x9c, 0x46,
+ 0x34, 0x09, 0xad, 0xbe, 0x7d, 0x8f, 0x32, 0x44, 0x02, 0x12, 0xfb, 0xe3,
+ 0x88, 0x1c, 0x51, 0x37, 0x5b, 0xb0, 0x95, 0x65, 0xef, 0xb2, 0x2e, 0x62,
+ 0xb0, 0x71, 0x47, 0x2f, 0xb3, 0x86, 0x76, 0xe5, 0xb4, 0xe2, 0x3a, 0x06,
+ 0x17, 0xdb, 0x5d, 0x14, 0xd9, 0x35, 0x19, 0xac, 0x00, 0x07, 0xa3, 0x0a,
+ 0x9c, 0x82, 0x2e, 0xb3, 0x1c, 0x38, 0xb5, 0x7f, 0xcb, 0x1b, 0xe2, 0x96,
+ 0x08, 0xfc, 0xf1, 0xca, 0x2a, 0xbd, 0xca, 0xf5, 0xd5, 0x75, 0x2b, 0xbc,
+ 0x2b, 0x5a, 0xc7, 0xdb, 0xa5, 0xaf, 0xcf, 0xf4, 0xa5, 0x64, 0x1d, 0xa3,
+ 0x60, 0xdd, 0x01, 0xf7, 0x11, 0x25, 0x39, 0xb1, 0xed, 0x46, 0xcd, 0xb5,
+ 0x50, 0xa3, 0xb1, 0x00, 0x65, 0x59, 0xb9, 0xfe, 0x18, 0x91, 0x03, 0x0e,
+ 0xc8, 0x0f, 0x07, 0x27, 0xc4, 0x24, 0x01, 0xdd, 0xd6, 0xcb, 0xb5, 0xe3,
+ 0xc8, 0x0f, 0x31, 0x2d, 0xf6, 0xec, 0x89, 0x39, 0x4c, 0x5a, 0x71, 0x18,
+ 0xf5, 0x73, 0x10, 0x5e, 0x7a, 0xb0, 0x0f, 0xe5, 0x78, 0x33, 0xc1, 0x26,
+ 0x14, 0x1b, 0x50, 0xa9, 0x35, 0x22, 0x48, 0x42, 0xad, 0xdf, 0xb4, 0x79,
+ 0xf7, 0x51, 0x60, 0x65, 0x9b, 0xa2, 0x88, 0x77, 0xb5, 0x12, 0xbb, 0x9a,
+ 0x93, 0x08, 0x4a, 0xd8, 0xbe, 0xc5, 0x40, 0xf9, 0x26, 0x40, 0xf6, 0x3a,
+ 0x11, 0xa0, 0x10, 0xe0},
+ priv_key_1b,
+ true},
+
+ // valid ciphertext that generates a 245 byte long fake plaintext
+ {75,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x1e, 0xa0, 0xb5, 0x0c, 0xa6, 0x52, 0x03, 0xd0, 0xa0, 0x92, 0x80, 0xd3,
+ 0x97, 0x04, 0xb2, 0x4f, 0xe6, 0xe4, 0x78, 0x00, 0x18, 0x9d, 0xb5, 0x03,
+ 0x3f, 0x20, 0x27, 0x61, 0xa7, 0x8b, 0xaf, 0xb2, 0x70, 0xc5, 0xe2, 0x5a,
+ 0xbd, 0x1f, 0x7e, 0xcc, 0x6e, 0x7a, 0xbc, 0x4f, 0x26, 0xd1, 0xb0, 0xcd,
+ 0x9b, 0x8c, 0x64, 0x8d, 0x52, 0x94, 0x16, 0xee, 0x64, 0xcc, 0xbd, 0xd7,
+ 0xaa, 0x72, 0xa7, 0x71, 0xd0, 0x35, 0x32, 0x62, 0xb5, 0x43, 0xf0, 0xe4,
+ 0x36, 0x07, 0x6f, 0x40, 0xa1, 0x09, 0x5f, 0x5c, 0x7d, 0xfd, 0x10, 0xdc,
+ 0xf0, 0x05, 0x9c, 0xcb, 0x30, 0xe9, 0x2d, 0xfa, 0x5e, 0x01, 0x56, 0x61,
+ 0x82, 0x15, 0xf1, 0xc3, 0xff, 0x3a, 0xa9, 0x97, 0xa9, 0xd9, 0x99, 0xe5,
+ 0x06, 0x92, 0x4f, 0x52, 0x89, 0xe3, 0xac, 0x72, 0xe5, 0xe2, 0x08, 0x6c,
+ 0xc7, 0xb4, 0x99, 0xd7, 0x15, 0x83, 0xed, 0x56, 0x10, 0x28, 0x67, 0x11,
+ 0x55, 0xdb, 0x40, 0x05, 0xbe, 0xe0, 0x18, 0x00, 0xa7, 0xcd, 0xbd, 0xae,
+ 0x78, 0x1d, 0xd3, 0x21, 0x99, 0xb8, 0x91, 0x4b, 0x5d, 0x40, 0x11, 0xdd,
+ 0x6f, 0xf1, 0x1c, 0xd2, 0x6d, 0x46, 0xaa, 0xd5, 0x49, 0x34, 0xd2, 0x93,
+ 0xb0, 0xbc, 0x40, 0x3d, 0xd2, 0x11, 0xbf, 0x13, 0xb5, 0xa5, 0xc6, 0x83,
+ 0x6a, 0x5e, 0x76, 0x99, 0x30, 0xf4, 0x37, 0xff, 0xd8, 0x63, 0x4f, 0xb7,
+ 0x37, 0x17, 0x76, 0xf4, 0xbc, 0x88, 0xfa, 0x6c, 0x27, 0x1d, 0x8a, 0xa6,
+ 0x01, 0x3d, 0xf8, 0x9a, 0xe6, 0x47, 0x01, 0x54, 0x49, 0x7c, 0x4a, 0xc8,
+ 0x61, 0xbe, 0x2a, 0x1c, 0x65, 0xeb, 0xff, 0xec, 0x13, 0x9b, 0xf7, 0xaa,
+ 0xba, 0x3a, 0x81, 0xc7, 0xc5, 0xcd, 0xd8, 0x4d, 0xa9, 0xaf, 0x5d, 0x3e,
+ 0xdf, 0xb9, 0x57, 0x84, 0x80, 0x74, 0x68, 0x6b, 0x58, 0x37, 0xec, 0xbc,
+ 0xb6, 0xa4, 0x1c, 0x50},
+ priv_key_1b,
+ true},
+
+ // a random ciphertext that generates a fake 11 byte plaintext
+ // and fails padding check
+ {76,
+ {0xaf, 0x9a, 0xc7, 0x01, 0x91, 0xc9, 0x24, 0x13, 0xcb, 0x9f, 0x2d},
+ {0x5f, 0x02, 0xf4, 0xb1, 0xf4, 0x69, 0x35, 0xc7, 0x42, 0xeb, 0xe6, 0x2b,
+ 0x6f, 0x05, 0xaa, 0x0a, 0x32, 0x86, 0xaa, 0xb9, 0x1a, 0x49, 0xb3, 0x47,
+ 0x80, 0xad, 0xde, 0x64, 0x10, 0xab, 0x46, 0xf7, 0x38, 0x6e, 0x05, 0x74,
+ 0x83, 0x31, 0x86, 0x4a, 0xc9, 0x8e, 0x1d, 0xa6, 0x36, 0x86, 0xe4, 0xba,
+ 0xbe, 0x3a, 0x19, 0xed, 0x40, 0xa7, 0xf5, 0xce, 0xef, 0xb8, 0x91, 0x79,
+ 0x59, 0x6a, 0xab, 0x07, 0xab, 0x10, 0x15, 0xe0, 0x3b, 0x8f, 0x82, 0x50,
+ 0x84, 0xda, 0xb0, 0x28, 0xb6, 0x73, 0x12, 0x88, 0xf2, 0xe5, 0x11, 0xa4,
+ 0xb3, 0x14, 0xb6, 0xea, 0x39, 0x97, 0xd2, 0xe8, 0xfe, 0x28, 0x25, 0xce,
+ 0xf8, 0x89, 0x7c, 0xbb, 0xdf, 0xb6, 0xc9, 0x39, 0xd4, 0x41, 0xd6, 0xe0,
+ 0x49, 0x48, 0x41, 0x4b, 0xb6, 0x9e, 0x68, 0x29, 0x27, 0xef, 0x85, 0x76,
+ 0xc9, 0xa7, 0x09, 0x0d, 0x4a, 0xad, 0x0e, 0x74, 0xc5, 0x20, 0xd6, 0xd5,
+ 0xce, 0x63, 0xa1, 0x54, 0x72, 0x0f, 0x00, 0xb7, 0x6d, 0xe8, 0xcc, 0x55,
+ 0x0b, 0x1a, 0xa1, 0x4f, 0x01, 0x6d, 0x63, 0xa7, 0xb6, 0xd6, 0xea, 0xa1,
+ 0xf7, 0xdb, 0xe9, 0xe5, 0x02, 0x00, 0xd3, 0x15, 0x9b, 0x3d, 0x09, 0x9c,
+ 0x90, 0x01, 0x16, 0xbf, 0x4e, 0xba, 0x3b, 0x94, 0x20, 0x4f, 0x18, 0xb1,
+ 0x31, 0x7b, 0x07, 0x52, 0x97, 0x51, 0xab, 0xf6, 0x4a, 0x26, 0xb0, 0xa0,
+ 0xbf, 0x1c, 0x8c, 0xe7, 0x57, 0x33, 0x3b, 0x3d, 0x67, 0x32, 0x11, 0xb6,
+ 0x7c, 0xc0, 0x65, 0x3f, 0x2f, 0xe2, 0x62, 0x0d, 0x57, 0xc8, 0xb6, 0xee,
+ 0x57, 0x4a, 0x03, 0x23, 0xa1, 0x67, 0xea, 0xb1, 0x10, 0x6d, 0x9b, 0xc7,
+ 0xfd, 0x90, 0xd4, 0x15, 0xbe, 0x5f, 0x1e, 0x98, 0x91, 0xa0, 0xe6, 0xc7,
+ 0x09, 0xf4, 0xfc, 0x04, 0x04, 0xe8, 0x22, 0x6f, 0x84, 0x77, 0xb4, 0xe9,
+ 0x39, 0xb3, 0x6e, 0xb2},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong first byte
+ // (0x01 instead of 0x00), generates a random 11 byte long plaintext
+ {77,
+ {0xa1, 0xf8, 0xc9, 0x25, 0x5c, 0x35, 0xcf, 0xba, 0x40, 0x3c, 0xcc},
+ {0x9b, 0x2e, 0xc9, 0xc0, 0xc9, 0x17, 0xc9, 0x8f, 0x1a, 0xd3, 0xd0, 0x11,
+ 0x9a, 0xec, 0x6b, 0xe5, 0x1a, 0xe3, 0x10, 0x6e, 0x9a, 0xf1, 0x91, 0x4d,
+ 0x48, 0x60, 0x0a, 0xb6, 0xa2, 0xc0, 0xc0, 0xc8, 0xae, 0x02, 0xa2, 0xdc,
+ 0x30, 0x39, 0x90, 0x6f, 0xf3, 0xaa, 0xc9, 0x04, 0xaf, 0x32, 0xec, 0x79,
+ 0x8f, 0xd6, 0x5f, 0x3a, 0xd1, 0xaf, 0xa2, 0xe6, 0x94, 0x00, 0xe7, 0xc1,
+ 0xde, 0x81, 0xf5, 0x72, 0x8f, 0x3b, 0x32, 0x91, 0xf3, 0x82, 0x63, 0xbc,
+ 0x7a, 0x90, 0xa0, 0x56, 0x3e, 0x43, 0xce, 0x7a, 0x0d, 0x4e, 0xe9, 0xc0,
+ 0xd8, 0xa7, 0x16, 0x62, 0x1c, 0xa5, 0xd3, 0xd0, 0x81, 0x18, 0x87, 0x69,
+ 0xce, 0x1b, 0x13, 0x1a, 0xf7, 0xd3, 0x5b, 0x13, 0xde, 0xa9, 0x91, 0x53,
+ 0x57, 0x9c, 0x86, 0xdb, 0x31, 0xfe, 0x07, 0xd5, 0xa2, 0xc1, 0x4d, 0x62,
+ 0x1b, 0x77, 0x85, 0x4e, 0x48, 0xa8, 0xdf, 0x41, 0xb5, 0x79, 0x85, 0x63,
+ 0xaf, 0x48, 0x9a, 0x29, 0x1e, 0x41, 0x7b, 0x6a, 0x33, 0x4c, 0x63, 0x22,
+ 0x26, 0x27, 0x37, 0x61, 0x18, 0xc0, 0x2c, 0x53, 0xb6, 0xe8, 0x63, 0x10,
+ 0xf7, 0x28, 0x73, 0x4f, 0xfc, 0x86, 0xef, 0x9d, 0x7c, 0x8b, 0xf5, 0x6c,
+ 0x0c, 0x84, 0x1b, 0x24, 0xb8, 0x2b, 0x59, 0xf5, 0x1a, 0xee, 0x45, 0x26,
+ 0xba, 0x1c, 0x42, 0x68, 0x50, 0x6d, 0x30, 0x1e, 0x4e, 0xbc, 0x49, 0x8c,
+ 0x6a, 0xeb, 0xb6, 0xfd, 0x52, 0x58, 0xc8, 0x76, 0xbf, 0x90, 0x0b, 0xac,
+ 0x8c, 0xa4, 0xd3, 0x09, 0xdd, 0x52, 0x2f, 0x6a, 0x63, 0x43, 0x59, 0x9a,
+ 0x8b, 0xc3, 0x76, 0x0f, 0x42, 0x2c, 0x10, 0xc7, 0x2d, 0x0a, 0xd5, 0x27,
+ 0xce, 0x4a, 0xf1, 0x87, 0x41, 0x24, 0xac, 0xe3, 0xd9, 0x9b, 0xb7, 0x4d,
+ 0xb8, 0xd6, 0x9d, 0x25, 0x28, 0xdb, 0x22, 0xc3, 0xa3, 0x76, 0x44, 0x64,
+ 0x0f, 0x95, 0xc0, 0x5f},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong second byte
+ // (0x01 instead of 0x02), generates a random 11 byte long plaintext
+ {78,
+ {0xe6, 0xd7, 0x00, 0x30, 0x9c, 0xa0, 0xed, 0x62, 0x45, 0x22, 0x54},
+ {0x78, 0x2c, 0x2b, 0x59, 0xa2, 0x1a, 0x51, 0x12, 0x43, 0x82, 0x0a, 0xce,
+ 0xdd, 0x56, 0x7c, 0x13, 0x6f, 0x6d, 0x30, 0x90, 0xc1, 0x15, 0x23, 0x2a,
+ 0x82, 0xa5, 0xef, 0xb0, 0xb1, 0x78, 0x28, 0x5f, 0x55, 0xb5, 0xec, 0x2d,
+ 0x2b, 0xac, 0x96, 0xbf, 0x00, 0xd6, 0x59, 0x2e, 0xa7, 0xcd, 0xc3, 0x34,
+ 0x16, 0x10, 0xc8, 0xfb, 0x07, 0xe5, 0x27, 0xe5, 0xe2, 0xd2, 0x0c, 0xfa,
+ 0xf2, 0xc7, 0xf2, 0x3e, 0x37, 0x54, 0x31, 0xf4, 0x5e, 0x99, 0x89, 0x29,
+ 0xa0, 0x2f, 0x25, 0xfd, 0x95, 0x35, 0x4c, 0x33, 0x83, 0x80, 0x90, 0xbc,
+ 0xa8, 0x38, 0x50, 0x22, 0x59, 0xe9, 0x2d, 0x86, 0xd5, 0x68, 0xbc, 0x2c,
+ 0xdb, 0x13, 0x2f, 0xab, 0x2a, 0x39, 0x95, 0x93, 0xca, 0x60, 0xa0, 0x15,
+ 0xdc, 0x2b, 0xb1, 0xaf, 0xcd, 0x64, 0xfe, 0xf8, 0xa3, 0x83, 0x4e, 0x17,
+ 0xe5, 0x35, 0x8d, 0x82, 0x29, 0x80, 0xdc, 0x44, 0x6e, 0x84, 0x5b, 0x3a,
+ 0xb4, 0x70, 0x2b, 0x1e, 0xe4, 0x1f, 0xe5, 0xdb, 0x71, 0x6d, 0x92, 0x34,
+ 0x8d, 0x50, 0x91, 0xc1, 0x5d, 0x35, 0xa1, 0x10, 0x55, 0x5a, 0x35, 0xde,
+ 0xb4, 0x65, 0x0a, 0x5a, 0x1d, 0x2c, 0x98, 0x02, 0x5d, 0x42, 0xd4, 0x54,
+ 0x4f, 0x8b, 0x32, 0xaa, 0x6a, 0x5e, 0x02, 0xdc, 0x02, 0xde, 0xae, 0xd9,
+ 0xa7, 0x31, 0x3b, 0x73, 0xb4, 0x9b, 0x0d, 0x47, 0x72, 0xa3, 0x76, 0x8b,
+ 0x0e, 0xa0, 0xdb, 0x58, 0x46, 0xac, 0xe6, 0x56, 0x9c, 0xae, 0x67, 0x7b,
+ 0xf6, 0x7f, 0xb0, 0xac, 0xf3, 0xc2, 0x55, 0xdc, 0x01, 0xec, 0x84, 0x00,
+ 0xc9, 0x63, 0xb6, 0xe4, 0x9b, 0x10, 0x67, 0x72, 0x8b, 0x4e, 0x56, 0x3d,
+ 0x7e, 0x1e, 0x15, 0x15, 0x66, 0x43, 0x47, 0xb9, 0x2e, 0xe6, 0x4d, 0xb7,
+ 0xef, 0xb5, 0x45, 0x23, 0x57, 0xa0, 0x2f, 0xff, 0x7f, 0xcb, 0x74, 0x37,
+ 0xab, 0xc2, 0xe5, 0x79},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong second byte
+ // (0x00 instead of 0x02), and a 0x02 on third position, generates a
+ // random 11 byte long plaintext
+ {79,
+ {0x3d, 0x4a, 0x05, 0x4d, 0x93, 0x58, 0x20, 0x9e, 0x9c, 0xbb, 0xb9},
+ {0x17, 0x86, 0x55, 0x0c, 0xe8, 0xd8, 0x43, 0x30, 0x52, 0xe0, 0x1e, 0xcb,
+ 0xa8, 0xb7, 0x6d, 0x30, 0x19, 0xf1, 0x35, 0x5b, 0x21, 0x2a, 0xc9, 0xd0,
+ 0xf5, 0x19, 0x1b, 0x02, 0x33, 0x25, 0xa7, 0xe7, 0x71, 0x4b, 0x78, 0x02,
+ 0xf8, 0xe9, 0xa1, 0x7c, 0x4c, 0xb3, 0xcd, 0x3a, 0x84, 0x04, 0x18, 0x91,
+ 0x47, 0x1b, 0x10, 0xca, 0x1f, 0xcf, 0xb5, 0xd0, 0x41, 0xd3, 0x4c, 0x82,
+ 0xe6, 0xd0, 0x01, 0x1c, 0xf4, 0xdc, 0x76, 0xb9, 0x0e, 0x9c, 0x2e, 0x07,
+ 0x43, 0x59, 0x05, 0x79, 0xd5, 0x5b, 0xcd, 0x78, 0x57, 0x05, 0x71, 0x52,
+ 0xc4, 0xa8, 0x04, 0x03, 0x61, 0x34, 0x3d, 0x1d, 0x22, 0xba, 0x67, 0x7d,
+ 0x62, 0xb0, 0x11, 0x40, 0x7c, 0x65, 0x2e, 0x23, 0x4b, 0x1d, 0x66, 0x3a,
+ 0xf2, 0x5e, 0x23, 0x86, 0x25, 0x1d, 0x74, 0x09, 0x19, 0x0f, 0x19, 0xfc,
+ 0x8e, 0xc3, 0xf9, 0x37, 0x4f, 0xdf, 0x12, 0x54, 0x63, 0x38, 0x74, 0xce,
+ 0x2e, 0xc2, 0xbf, 0xf4, 0x0a, 0xd0, 0xcb, 0x47, 0x3f, 0x97, 0x61, 0xec,
+ 0x7b, 0x68, 0xda, 0x45, 0xa4, 0xbd, 0x5e, 0x33, 0xf5, 0xd7, 0xda, 0xc9,
+ 0xb9, 0xa2, 0x08, 0x21, 0xdf, 0x94, 0x06, 0xb6, 0x53, 0xf7, 0x8a, 0x95,
+ 0xa6, 0xc0, 0xea, 0x0a, 0x4d, 0x57, 0xf8, 0x67, 0xe4, 0xdb, 0x22, 0xc1,
+ 0x7b, 0xf9, 0xa1, 0x2c, 0x15, 0x0f, 0x80, 0x9a, 0x7b, 0x72, 0xb6, 0xdb,
+ 0x86, 0xc2, 0x2a, 0x87, 0x32, 0x24, 0x1e, 0xbf, 0x3c, 0x6a, 0x4f, 0x2c,
+ 0xf8, 0x26, 0x71, 0xd9, 0x17, 0xab, 0xa8, 0xbc, 0x61, 0x05, 0x2b, 0x40,
+ 0xcc, 0xdd, 0xd7, 0x43, 0xa9, 0x4e, 0xa9, 0xb5, 0x38, 0x17, 0x51, 0x06,
+ 0x20, 0x19, 0x71, 0xcc, 0xa9, 0xd1, 0x36, 0xd2, 0x50, 0x81, 0x73, 0x9a,
+ 0xaf, 0x6c, 0xd1, 0x8b, 0x2a, 0xec, 0xf9, 0xad, 0x32, 0x0e, 0xa3, 0xf8,
+ 0x95, 0x02, 0xf9, 0x55},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with a null byte on third
+ // position (first byte of padding), generates a random 11 byte
+ // long payload
+ {80,
+ {0x1f, 0x03, 0x7d, 0xd7, 0x17, 0xb0, 0x7d, 0x3e, 0x7f, 0x73, 0x59},
+ {0x17, 0x95, 0x98, 0x82, 0x38, 0x12, 0xd2, 0xc5, 0x8a, 0x7e, 0xb5, 0x05,
+ 0x21, 0x15, 0x0a, 0x48, 0xbc, 0xca, 0x8b, 0x4e, 0xb5, 0x34, 0x14, 0x01,
+ 0x8b, 0x6b, 0xca, 0x19, 0xf4, 0x80, 0x14, 0x56, 0xc5, 0xe3, 0x6a, 0x94,
+ 0x00, 0x37, 0xac, 0x51, 0x6b, 0x0d, 0x64, 0x12, 0xba, 0x44, 0xec, 0x6b,
+ 0x4f, 0x26, 0x8a, 0x55, 0xef, 0x1c, 0x5f, 0xfb, 0xf1, 0x8a, 0x2f, 0x4e,
+ 0x35, 0x22, 0xbb, 0x7b, 0x6e, 0xd8, 0x97, 0x74, 0xb7, 0x9b, 0xff, 0xa2,
+ 0x2f, 0x7d, 0x31, 0x02, 0x16, 0x55, 0x65, 0x64, 0x2d, 0xe0, 0xd4, 0x3a,
+ 0x95, 0x5e, 0x96, 0xa1, 0xf2, 0xe8, 0x0e, 0x54, 0x30, 0x67, 0x1d, 0x72,
+ 0x66, 0xeb, 0x4f, 0x90, 0x5d, 0xc8, 0xff, 0x5e, 0x10, 0x6d, 0xc5, 0x58,
+ 0x8e, 0x5b, 0x02, 0x89, 0xe4, 0x9a, 0x49, 0x13, 0x94, 0x0e, 0x39, 0x2a,
+ 0x97, 0x06, 0x26, 0x16, 0xd2, 0xbd, 0xa3, 0x81, 0x55, 0x47, 0x1b, 0x7d,
+ 0x36, 0x0c, 0xfb, 0x94, 0x68, 0x1c, 0x70, 0x2f, 0x60, 0xed, 0x2d, 0x4d,
+ 0xe6, 0x14, 0xea, 0x72, 0xbf, 0x1c, 0x53, 0x16, 0x0e, 0x63, 0x17, 0x9f,
+ 0x6c, 0x5b, 0x89, 0x7b, 0x59, 0x49, 0x2b, 0xee, 0x21, 0x91, 0x08, 0x30,
+ 0x9f, 0x0b, 0x7b, 0x8c, 0xb2, 0xb1, 0x36, 0xc3, 0x46, 0xa5, 0xe9, 0x8b,
+ 0x8b, 0x4b, 0x84, 0x15, 0xfb, 0x1d, 0x71, 0x3b, 0xae, 0x06, 0x79, 0x11,
+ 0xe3, 0x05, 0x7f, 0x1c, 0x33, 0x5b, 0x4b, 0x7e, 0x39, 0x10, 0x1e, 0xaf,
+ 0xd5, 0xd2, 0x8f, 0x01, 0x89, 0x03, 0x7e, 0x43, 0x34, 0xf4, 0xfd, 0xb9,
+ 0x03, 0x84, 0x27, 0xb1, 0xd1, 0x19, 0xa6, 0x70, 0x2a, 0xa8, 0x23, 0x33,
+ 0x19, 0xcc, 0x97, 0xd4, 0x96, 0xcc, 0x28, 0x9a, 0xe8, 0xc9, 0x56, 0xdd,
+ 0xc8, 0x40, 0x42, 0x65, 0x9a, 0x2d, 0x43, 0xd6, 0xaa, 0x22, 0xf1, 0x2b,
+ 0x81, 0xab, 0x88, 0x4e},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with a null byte on tenth
+ // position (eight byte of padding), generates a random 11 byte long
+ // plaintext
+ {81,
+ {0x63, 0xcb, 0x0b, 0xf6, 0x5f, 0xc8, 0x25, 0x5d, 0xd2, 0x9e, 0x17},
+ {0xa7, 0xa3, 0x40, 0x67, 0x5a, 0x82, 0xc3, 0x0e, 0x22, 0x21, 0x9a, 0x55,
+ 0xbc, 0x07, 0xcd, 0xf3, 0x6d, 0x47, 0xd0, 0x18, 0x34, 0xc1, 0x83, 0x4f,
+ 0x91, 0x7f, 0x18, 0xb5, 0x17, 0x41, 0x9c, 0xe9, 0xde, 0x2a, 0x96, 0x46,
+ 0x0e, 0x74, 0x50, 0x24, 0x43, 0x64, 0x70, 0xed, 0x85, 0xe9, 0x42, 0x97,
+ 0xb2, 0x83, 0x53, 0x7d, 0x52, 0x18, 0x9c, 0x40, 0x6a, 0x3f, 0x53, 0x3c,
+ 0xb4, 0x05, 0xcc, 0x6a, 0x9d, 0xba, 0x46, 0xb4, 0x82, 0xce, 0x98, 0xb6,
+ 0xe3, 0xdd, 0x52, 0xd8, 0xfc, 0xe2, 0x23, 0x74, 0x25, 0x61, 0x7e, 0x38,
+ 0xc1, 0x1f, 0xbc, 0x46, 0xb6, 0x18, 0x97, 0xef, 0x20, 0x0d, 0x01, 0xe4,
+ 0xf2, 0x5f, 0x5f, 0x6c, 0x4c, 0x5b, 0x38, 0xcd, 0x0d, 0xe3, 0x8b, 0xa1,
+ 0x19, 0x08, 0xb8, 0x65, 0x95, 0xa8, 0x03, 0x6a, 0x08, 0xa4, 0x2a, 0x3d,
+ 0x05, 0xb7, 0x96, 0x00, 0xa9, 0x7a, 0xc1, 0x8b, 0xa3, 0x68, 0xa0, 0x8d,
+ 0x6c, 0xf6, 0xcc, 0xb6, 0x24, 0xf6, 0xe8, 0x00, 0x2a, 0xfc, 0x75, 0x59,
+ 0x9f, 0xba, 0x4d, 0xe3, 0xd4, 0xf3, 0xba, 0x7d, 0x20, 0x83, 0x91, 0xeb,
+ 0xe8, 0xd2, 0x1f, 0x82, 0x82, 0xb1, 0x8e, 0x2c, 0x10, 0x86, 0x9e, 0xb2,
+ 0x70, 0x2e, 0x68, 0xf9, 0x17, 0x6b, 0x42, 0xb0, 0xdd, 0xc9, 0xd7, 0x63,
+ 0xf0, 0xc8, 0x6b, 0xa0, 0xff, 0x92, 0xc9, 0x57, 0xaa, 0xea, 0xb7, 0x6d,
+ 0x9a, 0xb8, 0xda, 0x52, 0xea, 0x29, 0x7e, 0xc1, 0x1d, 0x92, 0xd7, 0x70,
+ 0x14, 0x6f, 0xaa, 0x1b, 0x30, 0x0e, 0x0f, 0x91, 0xef, 0x96, 0x9b, 0x53,
+ 0xe7, 0xd2, 0x90, 0x7f, 0xfc, 0x98, 0x4e, 0x9a, 0x9c, 0x9d, 0x11, 0xfb,
+ 0x7d, 0x6c, 0xba, 0x91, 0x97, 0x20, 0x59, 0xb4, 0x65, 0x06, 0xb0, 0x35,
+ 0xef, 0xec, 0x65, 0x75, 0xc4, 0x6d, 0x71, 0x14, 0xa6, 0xb9, 0x35, 0x86,
+ 0x48, 0x58, 0x44, 0x5f},
+ priv_key_1b,
+ true},
+
+ // an otherwise correct plaintext, but with missing zero separator
+ // decrypts to 11 byte random synthethic plaintext
+ {82,
+ {0x6f, 0x09, 0xa0, 0xb6, 0x26, 0x99, 0x33, 0x7c, 0x49, 0x7b, 0x0b},
+ {0x3d, 0x1b, 0x97, 0xe7, 0xaa, 0x34, 0xea, 0xf1, 0xf4, 0xfc, 0x17, 0x1c,
+ 0xeb, 0x11, 0xdc, 0xff, 0xfd, 0x9a, 0x46, 0xa5, 0xb6, 0x96, 0x12, 0x05,
+ 0xb1, 0x0b, 0x30, 0x28, 0x18, 0xc1, 0xfc, 0xc9, 0xf4, 0xec, 0x78, 0xbf,
+ 0x18, 0xea, 0x0c, 0xee, 0x7e, 0x9f, 0xa5, 0xb1, 0x6f, 0xb4, 0xc6, 0x11,
+ 0x46, 0x3b, 0x36, 0x8b, 0x33, 0x12, 0xac, 0x11, 0xcf, 0x9c, 0x06, 0xb7,
+ 0xcf, 0x72, 0xb5, 0x4e, 0x28, 0x48, 0x48, 0xa5, 0x08, 0xd3, 0xf0, 0x23,
+ 0x28, 0xc6, 0x2c, 0x29, 0x99, 0xd0, 0xfb, 0x60, 0x92, 0x9f, 0x81, 0x78,
+ 0x3c, 0x7a, 0x25, 0x68, 0x91, 0xbc, 0x2f, 0xf4, 0xd9, 0x1d, 0xf2, 0xaf,
+ 0x96, 0xa2, 0x4f, 0xc5, 0x70, 0x1a, 0x18, 0x23, 0xaf, 0x93, 0x9c, 0xe6,
+ 0xdb, 0xdc, 0x51, 0x06, 0x08, 0xe3, 0xd4, 0x1e, 0xec, 0x17, 0x2a, 0xd2,
+ 0xd5, 0x1b, 0x9f, 0xc6, 0x1b, 0x42, 0x17, 0xc9, 0x23, 0xca, 0xdc, 0xf5,
+ 0xba, 0xc3, 0x21, 0x35, 0x5e, 0xf8, 0xbe, 0x5e, 0x5f, 0x09, 0x0c, 0xdc,
+ 0x2b, 0xd0, 0xc6, 0x97, 0xd9, 0x05, 0x82, 0x47, 0xdb, 0x3a, 0xd6, 0x13,
+ 0xfd, 0xce, 0x87, 0xd2, 0x95, 0x5a, 0x6d, 0x1c, 0x94, 0x8a, 0x51, 0x60,
+ 0xf9, 0x3d, 0xa2, 0x1f, 0x73, 0x1d, 0x74, 0x13, 0x7f, 0x5d, 0x1f, 0x53,
+ 0xa1, 0x92, 0x3a, 0xdb, 0x51, 0x3d, 0x2e, 0x6e, 0x15, 0x89, 0xd4, 0x4c,
+ 0xc0, 0x79, 0xf4, 0xc6, 0xdd, 0xd4, 0x71, 0xd3, 0x8a, 0xc8, 0x2d, 0x20,
+ 0xd8, 0xb1, 0xd2, 0x1f, 0x8d, 0x65, 0xf3, 0xb6, 0x90, 0x70, 0x86, 0x80,
+ 0x9f, 0x41, 0x23, 0xe0, 0x8d, 0x86, 0xfb, 0x38, 0x72, 0x95, 0x85, 0xde,
+ 0x02, 0x6a, 0x48, 0x5d, 0x8f, 0x0e, 0x70, 0x3f, 0xd4, 0x77, 0x2f, 0x66,
+ 0x68, 0xfe, 0xbf, 0x67, 0xdf, 0x94, 0x7b, 0x82, 0x19, 0x5f, 0xa3, 0x86,
+ 0x7e, 0x3a, 0x30, 0x65},
+ priv_key_1b,
+ true},
+
+ //
+ // Bleichenbacher 2049 keys
+ // malformed plaintext that generates a fake plaintext of length
+ // specified by 3rd length from the end of PRF output
+ {83,
+ {0x42},
+ {0x00, 0xb2, 0x6f, 0x64, 0x04, 0xb8, 0x26, 0x49, 0x62, 0x9f, 0x27, 0x04,
+ 0x49, 0x42, 0x82, 0x44, 0x37, 0x76, 0x92, 0x91, 0x22, 0xe2, 0x79, 0xa9,
+ 0xcf, 0x30, 0xb0, 0xc6, 0xfe, 0x81, 0x22, 0xa0, 0xa9, 0x04, 0x28, 0x70,
+ 0xd9, 0x7c, 0xc8, 0xef, 0x65, 0x49, 0x0f, 0xe5, 0x8f, 0x03, 0x1e, 0xb2,
+ 0x44, 0x23, 0x52, 0x19, 0x1f, 0x5f, 0xbc, 0x31, 0x10, 0x26, 0xb5, 0x14,
+ 0x7d, 0x32, 0xdf, 0x91, 0x45, 0x99, 0xf3, 0x8b, 0x82, 0x5e, 0xbb, 0x82,
+ 0x4a, 0xf0, 0xd6, 0x3f, 0x2d, 0x54, 0x1a, 0x24, 0x5c, 0x57, 0x75, 0xd1,
+ 0xc4, 0xb7, 0x86, 0x30, 0xe4, 0x99, 0x6c, 0xc5, 0xfe, 0x41, 0x3d, 0x38,
+ 0x45, 0x5a, 0x77, 0x6c, 0xf4, 0xed, 0xcc, 0x0a, 0xa7, 0xfc, 0xcb, 0x31,
+ 0xc5, 0x84, 0xd6, 0x05, 0x02, 0xed, 0x2b, 0x77, 0x39, 0x8f, 0x53, 0x6e,
+ 0x13, 0x7f, 0xf7, 0xba, 0x64, 0x30, 0xe9, 0x25, 0x8e, 0x21, 0xc2, 0xdb,
+ 0x5b, 0x82, 0xf5, 0x38, 0x0f, 0x56, 0x68, 0x76, 0x11, 0x0a, 0xc4, 0xc7,
+ 0x59, 0x17, 0x89, 0x00, 0xfb, 0xad, 0x7a, 0xb7, 0x0e, 0xa0, 0x7b, 0x1d,
+ 0xaf, 0x7a, 0x16, 0x39, 0xcb, 0xb4, 0x19, 0x65, 0x43, 0xa6, 0xcb, 0xe8,
+ 0x27, 0x1f, 0x35, 0xdd, 0xdb, 0x81, 0x20, 0x30, 0x4f, 0x6e, 0xef, 0x83,
+ 0x05, 0x9e, 0x1c, 0x5c, 0x56, 0x78, 0x71, 0x0f, 0x90, 0x4a, 0x6d, 0x76,
+ 0x0c, 0x4d, 0x1d, 0x8a, 0xd0, 0x76, 0xbe, 0x17, 0x90, 0x4b, 0x9e, 0x69,
+ 0x91, 0x00, 0x40, 0xb4, 0x79, 0x14, 0xa0, 0x17, 0x6f, 0xb7, 0xee, 0xa0,
+ 0xc0, 0x64, 0x44, 0xa6, 0xc4, 0xb8, 0x6d, 0x67, 0x4d, 0x19, 0xa5, 0x56,
+ 0xa1, 0xde, 0x54, 0x90, 0x37, 0x3c, 0xb0, 0x1c, 0xe3, 0x1b, 0xbd, 0x15,
+ 0xa5, 0x63, 0x33, 0x62, 0xd3, 0xd2, 0xcd, 0x7d, 0x4a, 0xf1, 0xb4, 0xc5,
+ 0x12, 0x12, 0x88, 0xb8, 0x94},
+ priv_key_2b,
+ true},
+
+ // a valid ciphertext that starts with a null byte, decrypts to 11 byte
+ // long value
+ {84,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x01, 0x33, 0x00, 0xed, 0xbf, 0x0b, 0xb3, 0x57, 0x1e, 0x59, 0x88, 0x9f,
+ 0x7e, 0xd7, 0x69, 0x70, 0xbf, 0x6d, 0x57, 0xe1, 0xc8, 0x9b, 0xbb, 0x6d,
+ 0x1c, 0x39, 0x91, 0xd9, 0xdf, 0x8e, 0x65, 0xed, 0x54, 0xb5, 0x56, 0xd9,
+ 0x28, 0xda, 0x7d, 0x76, 0x8f, 0xac, 0xb3, 0x95, 0xbb, 0xcc, 0x81, 0xe9,
+ 0xf8, 0x57, 0x3b, 0x45, 0xcf, 0x81, 0x95, 0xdb, 0xd8, 0x5d, 0x83, 0xa5,
+ 0x92, 0x81, 0xcd, 0xdf, 0x41, 0x63, 0xae, 0xc1, 0x1b, 0x53, 0xb4, 0x14,
+ 0x00, 0x53, 0xe3, 0xbd, 0x10, 0x9f, 0x78, 0x7a, 0x7c, 0x3c, 0xec, 0x31,
+ 0xd5, 0x35, 0xaf, 0x1f, 0x50, 0xe0, 0x59, 0x8d, 0x85, 0xd9, 0x6d, 0x91,
+ 0xea, 0x01, 0x91, 0x3d, 0x07, 0x09, 0x7d, 0x25, 0xaf, 0x99, 0xc6, 0x74,
+ 0x64, 0xeb, 0xf2, 0xbb, 0x39, 0x6f, 0xb2, 0x8a, 0x92, 0x33, 0xe5, 0x6f,
+ 0x31, 0xf7, 0xe1, 0x05, 0xd7, 0x1a, 0x23, 0xe9, 0xef, 0x3b, 0x73, 0x6d,
+ 0x1e, 0x80, 0xe7, 0x13, 0xd1, 0x69, 0x17, 0x13, 0xdf, 0x97, 0x33, 0x47,
+ 0x79, 0x55, 0x2f, 0xc9, 0x4b, 0x40, 0xdd, 0x73, 0x3c, 0x72, 0x51, 0xbc,
+ 0x52, 0x2b, 0x67, 0x3d, 0x3e, 0xc9, 0x35, 0x4a, 0xf3, 0xdd, 0x4a, 0xd4,
+ 0x4f, 0xa7, 0x1c, 0x06, 0x62, 0x21, 0x3a, 0x57, 0xad, 0xa1, 0xd7, 0x51,
+ 0x49, 0x69, 0x7d, 0x0e, 0xb5, 0x5c, 0x05, 0x3a, 0xae, 0xd5, 0xff, 0xd0,
+ 0xb8, 0x15, 0x83, 0x2f, 0x45, 0x41, 0x79, 0x51, 0x9d, 0x37, 0x36, 0xfb,
+ 0x4f, 0xaf, 0x80, 0x84, 0x16, 0x07, 0x1d, 0xb0, 0xd0, 0xf8, 0x01, 0xac,
+ 0xa8, 0x54, 0x83, 0x11, 0xee, 0x70, 0x8c, 0x13, 0x1f, 0x4b, 0xe6, 0x58,
+ 0xb1, 0x5f, 0x6b, 0x54, 0x25, 0x68, 0x72, 0xc2, 0x90, 0x3a, 0xc7, 0x08,
+ 0xbd, 0x43, 0xb0, 0x17, 0xb0, 0x73, 0xb5, 0x70, 0x7b, 0xc8, 0x4c, 0x2c,
+ 0xd9, 0xda, 0x70, 0xe9, 0x67},
+ priv_key_2b,
+ true},
+
+ // a valid ciphertext that starts with a null byte, decrypts to 11 byte
+ // long value
+ {85,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x00, 0x02, 0xaa, 0xdf, 0x84, 0x6a, 0x32, 0x9f, 0xad, 0xc6, 0x76, 0x09,
+ 0x80, 0x30, 0x3d, 0xbd, 0x87, 0xbf, 0xad, 0xfa, 0x78, 0xc2, 0x01, 0x5c,
+ 0xe4, 0xd6, 0xc5, 0x78, 0x2f, 0xd9, 0xd3, 0xf1, 0x07, 0x8b, 0xd3, 0xc0,
+ 0xa2, 0xc5, 0xbf, 0xbd, 0xd1, 0xc0, 0x24, 0x55, 0x2e, 0x50, 0x54, 0xd9,
+ 0x8b, 0x5b, 0xcd, 0xc9, 0x4e, 0x47, 0x6d, 0xd2, 0x80, 0xe6, 0x4d, 0x65,
+ 0x00, 0x89, 0x32, 0x65, 0x42, 0xce, 0x7c, 0x61, 0xd4, 0xf1, 0xab, 0x40,
+ 0x00, 0x4c, 0x2e, 0x6a, 0x88, 0xa8, 0x83, 0x61, 0x35, 0x68, 0x55, 0x6a,
+ 0x10, 0xf3, 0xf9, 0xed, 0xea, 0xb6, 0x7a, 0xe8, 0xdd, 0xdc, 0x1e, 0x6b,
+ 0x08, 0x31, 0xc2, 0x79, 0x3d, 0x27, 0x15, 0xde, 0x94, 0x3f, 0x7c, 0xe3,
+ 0x4c, 0x5c, 0x05, 0xd1, 0xb0, 0x9f, 0x14, 0x43, 0x1f, 0xde, 0x56, 0x6d,
+ 0x17, 0xe7, 0x6c, 0x9f, 0xee, 0xe9, 0x0d, 0x86, 0xa2, 0xc1, 0x58, 0x61,
+ 0x6e, 0xc8, 0x1d, 0xda, 0x0c, 0x64, 0x2f, 0x58, 0xc0, 0xba, 0x8f, 0xa4,
+ 0x49, 0x58, 0x43, 0x12, 0x4a, 0x72, 0x35, 0xd4, 0x6f, 0xb4, 0x06, 0x97,
+ 0x15, 0xa5, 0x1b, 0xf7, 0x10, 0xfd, 0x02, 0x42, 0x59, 0x13, 0x1b, 0xa9,
+ 0x4d, 0xa7, 0x35, 0x97, 0xac, 0xe4, 0x94, 0x85, 0x6c, 0x94, 0xe7, 0xa3,
+ 0xec, 0x26, 0x15, 0x45, 0x79, 0x3b, 0x09, 0x90, 0x27, 0x9b, 0x15, 0xfa,
+ 0x91, 0xc7, 0xfd, 0x13, 0xdb, 0xfb, 0x1d, 0xf2, 0xf2, 0x21, 0xda, 0xb9,
+ 0xfa, 0x9f, 0x7c, 0x1d, 0x21, 0xe4, 0x8a, 0xa4, 0x9f, 0x6a, 0xae, 0xcb,
+ 0xab, 0xf5, 0xee, 0x76, 0xdc, 0x6c, 0x2a, 0xf2, 0x31, 0x7f, 0xfb, 0x4e,
+ 0x30, 0x31, 0x15, 0x38, 0x6a, 0x97, 0xf8, 0x72, 0x9a, 0xfc, 0x3d, 0x0c,
+ 0x89, 0x41, 0x96, 0x69, 0x23, 0x5f, 0x1a, 0x3a, 0x69, 0x57, 0x0e, 0x08,
+ 0x36, 0xc7, 0x9f, 0xc1, 0x62},
+ priv_key_2b,
+ true},
+
+ // a valid ciphertext that starts with two null bytes, decrypts to
+ // 11 byte long value
+ {86,
+ // lorem ipsum
+ {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d},
+ {0x00, 0x00, 0xf3, 0x6d, 0xa3, 0xb7, 0x2d, 0x8f, 0xf6, 0xde, 0xd7, 0x4e,
+ 0x7e, 0xfd, 0x08, 0xc0, 0x19, 0x08, 0xf3, 0xf5, 0xf0, 0xde, 0x7b, 0x55,
+ 0xea, 0xb9, 0x2b, 0x5f, 0x87, 0x51, 0x90, 0x80, 0x9c, 0x39, 0xd4, 0x16,
+ 0x2e, 0x1e, 0x66, 0x49, 0x61, 0x8f, 0x85, 0x4f, 0xd8, 0x4a, 0xea, 0xb0,
+ 0x39, 0x70, 0xd1, 0x6b, 0xb8, 0x14, 0xe9, 0x99, 0x85, 0x2c, 0x06, 0xde,
+ 0x38, 0xd8, 0x2b, 0x95, 0xc0, 0xf3, 0x2e, 0x2a, 0x7b, 0x57, 0x14, 0x02,
+ 0x1f, 0xe3, 0x03, 0x38, 0x9b, 0xe9, 0xc0, 0xea, 0xc2, 0x4c, 0x90, 0xa6,
+ 0xb7, 0x21, 0x0f, 0x92, 0x9d, 0x39, 0x0f, 0xab, 0xf9, 0x03, 0xd4, 0x4e,
+ 0x04, 0x11, 0x0b, 0xb7, 0xa7, 0xfd, 0x6c, 0x38, 0x3c, 0x27, 0x58, 0x04,
+ 0x72, 0x1e, 0xfa, 0x6d, 0x7c, 0x93, 0xaa, 0x64, 0xc0, 0xbb, 0x2b, 0x18,
+ 0xd9, 0x7c, 0x52, 0x20, 0xa8, 0x46, 0xc6, 0x6a, 0x48, 0x95, 0xae, 0x52,
+ 0xad, 0xdd, 0xbe, 0x2a, 0x99, 0x96, 0x82, 0x5e, 0x01, 0x35, 0x85, 0xad,
+ 0xce, 0xc4, 0xb3, 0x2b, 0xa6, 0x1d, 0x78, 0x27, 0x37, 0xbd, 0x34, 0x3e,
+ 0x5f, 0xab, 0xd6, 0x8e, 0x8a, 0x95, 0xb8, 0xb1, 0x34, 0x03, 0x18, 0x55,
+ 0x98, 0x60, 0x79, 0x2d, 0xd7, 0x0d, 0xff, 0xbe, 0x05, 0xa1, 0x05, 0x2b,
+ 0x54, 0xcb, 0xfb, 0x48, 0xcf, 0xa7, 0xbb, 0x3c, 0x19, 0xce, 0xa5, 0x20,
+ 0x76, 0xbd, 0xda, 0xc5, 0xc2, 0x5e, 0xe2, 0x76, 0xf1, 0x53, 0xa6, 0x10,
+ 0xf6, 0xd0, 0x6e, 0xd6, 0x96, 0xd1, 0x92, 0xd8, 0xae, 0x45, 0x07, 0xff,
+ 0xae, 0x4e, 0x5b, 0xdd, 0xa1, 0x0a, 0x62, 0x5d, 0x6b, 0x67, 0xf3, 0x2f,
+ 0x7c, 0xff, 0xcd, 0x48, 0xde, 0xe2, 0x43, 0x1f, 0xe6, 0x6f, 0x61, 0x05,
+ 0xf9, 0xd1, 0x7e, 0x61, 0x1c, 0xdc, 0xc6, 0x74, 0x86, 0x8e, 0x81, 0x69,
+ 0x2a, 0x36, 0x0f, 0x40, 0x52},
+ priv_key_2b,
+ true},
+
+ // a random ciphertext that generates a fake 11 byte plaintext
+ // and fails the padding check
+ {87,
+ {0x11, 0x89, 0xb6, 0xf5, 0x49, 0x8f, 0xd6, 0xdf, 0x53, 0x2b, 0x00},
+ {0x00, 0xf9, 0x10, 0x20, 0x08, 0x30, 0xfc, 0x8f, 0xff, 0x47, 0x8e, 0x99,
+ 0xe1, 0x45, 0xf1, 0x47, 0x4b, 0x31, 0x2e, 0x25, 0x12, 0xd0, 0xf9, 0x0b,
+ 0x8c, 0xef, 0x77, 0xf8, 0x00, 0x1d, 0x09, 0x86, 0x16, 0x88, 0xc1, 0x56,
+ 0xd1, 0xcb, 0xaf, 0x8a, 0x89, 0x57, 0xf7, 0xeb, 0xf3, 0x5f, 0x72, 0x44,
+ 0x66, 0x95, 0x2d, 0x05, 0x24, 0xca, 0xd4, 0x8a, 0xad, 0x4f, 0xba, 0x1e,
+ 0x45, 0xce, 0x8e, 0xa2, 0x7e, 0x8f, 0x3b, 0xa4, 0x41, 0x31, 0xb7, 0x83,
+ 0x1b, 0x62, 0xd6, 0x0c, 0x07, 0x62, 0x66, 0x1f, 0x4c, 0x1d, 0x1a, 0x88,
+ 0xcd, 0x06, 0x26, 0x3a, 0x25, 0x9a, 0xbf, 0x1b, 0xa9, 0xe6, 0xb0, 0xb1,
+ 0x72, 0x06, 0x9a, 0xfb, 0x86, 0xa7, 0xe8, 0x83, 0x87, 0x72, 0x6f, 0x8a,
+ 0xb3, 0xad, 0xb3, 0x0b, 0xfd, 0x6b, 0x3f, 0x6b, 0xe6, 0xd8, 0x5d, 0x5d,
+ 0xfd, 0x04, 0x4e, 0x7e, 0xf0, 0x52, 0x39, 0x54, 0x74, 0xa9, 0xcb, 0xb1,
+ 0xc3, 0x66, 0x7a, 0x92, 0x78, 0x0b, 0x43, 0xa2, 0x26, 0x93, 0x01, 0x5a,
+ 0xf6, 0xc5, 0x13, 0x04, 0x1b, 0xda, 0xf8, 0x7d, 0x43, 0xb2, 0x4d, 0xdd,
+ 0x24, 0x4e, 0x79, 0x1e, 0xea, 0xea, 0x10, 0x66, 0xe1, 0xf4, 0x91, 0x71,
+ 0x17, 0xb3, 0xa4, 0x68, 0xe2, 0x2e, 0x0f, 0x73, 0x58, 0x85, 0x2b, 0xb9,
+ 0x81, 0x24, 0x8d, 0xe4, 0xd7, 0x20, 0xad, 0xd2, 0xd1, 0x5d, 0xcc, 0xba,
+ 0x62, 0x80, 0x35, 0x59, 0x35, 0xb6, 0x7c, 0x96, 0xf9, 0xdc, 0xb6, 0xc4,
+ 0x19, 0xcc, 0x38, 0xab, 0x9f, 0x6f, 0xba, 0x2d, 0x64, 0x9e, 0xf2, 0x06,
+ 0x6e, 0x0c, 0x34, 0xc9, 0xf7, 0x88, 0xae, 0x49, 0xba, 0xbd, 0x90, 0x25,
+ 0xfa, 0x85, 0xb2, 0x11, 0x13, 0xe5, 0x6c, 0xe4, 0xf4, 0x3a, 0xa1, 0x34,
+ 0xc5, 0x12, 0xb0, 0x30, 0xdd, 0x7a, 0xc7, 0xce, 0x82, 0xe7, 0x6f, 0x0b,
+ 0xe9, 0xce, 0x09, 0xeb, 0xca},
+ priv_key_2b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong first byte
+ // (0x01 instead of 0x00), generates a random 11 byte long plaintext
+ {88,
+ {0xf6, 0xd0, 0xf5, 0xb7, 0x80, 0x82, 0xfe, 0x61, 0xc0, 0x46, 0x74},
+ {
+ 0x00, 0x2c, 0x9d, 0xdc, 0x36, 0xba, 0x4c, 0xf0, 0x03, 0x86, 0x92, 0xb2,
+ 0xd3, 0xa1, 0xc6, 0x1a, 0x4b, 0xb3, 0x78, 0x6a, 0x97, 0xce, 0x2e, 0x46,
+ 0xa3, 0xba, 0x74, 0xd0, 0x31, 0x58, 0xae, 0xef, 0x45, 0x6c, 0xe0, 0xf4,
+ 0xdb, 0x04, 0xdd, 0xa3, 0xfe, 0x06, 0x22, 0x68, 0xa1, 0x71, 0x12, 0x50,
+ 0xa1, 0x8c, 0x69, 0x77, 0x8a, 0x62, 0x80, 0xd8, 0x8e, 0x13, 0x3a, 0x16,
+ 0x25, 0x4e, 0x1f, 0x0e, 0x30, 0xce, 0x8d, 0xac, 0x9b, 0x57, 0xd2, 0xe3,
+ 0x9a, 0x2f, 0x7d, 0x7b, 0xe3, 0xee, 0x4e, 0x08, 0xae, 0xc2, 0xfd, 0xbe,
+ 0x8d, 0xad, 0xad, 0x7f, 0xdb, 0xf4, 0x42, 0xa2, 0x9a, 0x8f, 0xb4, 0x08,
+ 0x57, 0x40, 0x7b, 0xf6, 0xbe, 0x35, 0x59, 0x6b, 0x8e, 0xef, 0xb5, 0xc2,
+ 0xb3, 0xf5, 0x8b, 0x89, 0x44, 0x52, 0xc2, 0xdc, 0x54, 0xa6, 0x12, 0x3a,
+ 0x1a, 0x38, 0xd6, 0x42, 0xe2, 0x37, 0x51, 0x74, 0x65, 0x97, 0xe0, 0x8d,
+ 0x71, 0xac, 0x92, 0x70, 0x4a, 0xdc, 0x17, 0x80, 0x3b, 0x19, 0xe1, 0x31,
+ 0xb4, 0xd1, 0x92, 0x78, 0x81, 0xf4, 0x3b, 0x02, 0x00, 0xe6, 0xf9, 0x56,
+ 0x58, 0xf5, 0x59, 0xf9, 0x12, 0xc8, 0x89, 0xb4, 0xcd, 0x51, 0x86, 0x27,
+ 0x84, 0x36, 0x48, 0x96, 0xcd, 0x6e, 0x86, 0x18, 0xf4, 0x85, 0xa9, 0x92,
+ 0xf8, 0x29, 0x97, 0xad, 0x6a, 0x09, 0x17, 0xe3, 0x2a, 0xe5, 0x87, 0x2e,
+ 0xaf, 0x85, 0x00, 0x92, 0xb2, 0xd6, 0xc7, 0x82, 0xad, 0x35, 0xf4, 0x87,
+ 0xb7, 0x96, 0x82, 0x33, 0x3c, 0x17, 0x50, 0xc6, 0x85, 0xd7, 0xd3, 0x2a,
+ 0xb3, 0xe1, 0x53, 0x8f, 0x31, 0xdc, 0xaa, 0x5e, 0x7d, 0x5d, 0x28, 0x25,
+ 0x87, 0x52, 0x42, 0xc8, 0x39, 0x47, 0x30, 0x8d, 0xcf, 0x63, 0xba, 0x4b,
+ 0xff, 0xf2, 0x03, 0x34, 0xc9, 0xc1, 0x40, 0xc8, 0x37, 0xdb, 0xdb, 0xae,
+ 0x7a, 0x8d, 0xee, 0x72, 0xff,
+ },
+ priv_key_2b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong second byte
+ // (0x01 instead of 0x02), generates a random 11 byte long plaintext
+ {89,
+ {0x1a, 0xb2, 0x87, 0xfc, 0xef, 0x3f, 0xf1, 0x70, 0x67, 0x91, 0x4d},
+ {0x00, 0xc5, 0xd7, 0x78, 0x26, 0xc1, 0xab, 0x7a, 0x34, 0xd6, 0x39, 0x0f,
+ 0x9d, 0x34, 0x2d, 0x5d, 0xbe, 0x84, 0x89, 0x42, 0xe2, 0x61, 0x82, 0x87,
+ 0x95, 0x2b, 0xa0, 0x35, 0x0d, 0x7d, 0xe6, 0x72, 0x61, 0x12, 0xe9, 0xce,
+ 0xbc, 0x39, 0x1a, 0x0f, 0xae, 0x18, 0x39, 0xe2, 0xbf, 0x16, 0x82, 0x29,
+ 0xe3, 0xe0, 0xd7, 0x1d, 0x41, 0x61, 0x80, 0x15, 0x09, 0xf1, 0xf2, 0x8f,
+ 0x6e, 0x14, 0x87, 0xca, 0x52, 0xdf, 0x05, 0xc4, 0x66, 0xb6, 0xb0, 0xa6,
+ 0xfb, 0xbe, 0x57, 0xa3, 0x26, 0x8a, 0x97, 0x06, 0x10, 0xec, 0x0b, 0xea,
+ 0xc3, 0x9e, 0xc0, 0xfa, 0x67, 0xba, 0xbc, 0xe1, 0xef, 0x2a, 0x86, 0xbf,
+ 0x77, 0x46, 0x6d, 0xc1, 0x27, 0xd7, 0xd0, 0xd2, 0x96, 0x2c, 0x20, 0xe6,
+ 0x65, 0x93, 0x12, 0x6f, 0x27, 0x68, 0x63, 0xcd, 0x38, 0xdc, 0x63, 0x51,
+ 0x42, 0x8f, 0x88, 0x4c, 0x13, 0x84, 0xf6, 0x7c, 0xad, 0x0a, 0x0f, 0xfd,
+ 0xbc, 0x2a, 0xf1, 0x67, 0x11, 0xfb, 0x68, 0xdc, 0x55, 0x9b, 0x96, 0xb3,
+ 0x7b, 0x4f, 0x04, 0xcd, 0x13, 0x3f, 0xfc, 0x7d, 0x79, 0xc4, 0x3c, 0x42,
+ 0xca, 0x49, 0x48, 0xfa, 0x89, 0x5b, 0x9d, 0xae, 0xb8, 0x53, 0x15, 0x0c,
+ 0x8a, 0x51, 0x69, 0x84, 0x9b, 0x73, 0x0c, 0xc7, 0x7d, 0x68, 0xb0, 0x21,
+ 0x7d, 0x6c, 0x0e, 0x3d, 0xbf, 0x38, 0xd7, 0x51, 0xa1, 0x99, 0x81, 0x86,
+ 0x63, 0x34, 0x18, 0x36, 0x7e, 0x75, 0x76, 0x53, 0x05, 0x66, 0xc2, 0x3d,
+ 0x6d, 0x4e, 0x0d, 0xa9, 0xb0, 0x38, 0xd0, 0xbb, 0x51, 0x69, 0xce, 0x40,
+ 0x13, 0x3e, 0xa0, 0x76, 0x47, 0x2d, 0x05, 0x50, 0x01, 0xf0, 0x13, 0x56,
+ 0x45, 0x94, 0x0f, 0xd0, 0x8e, 0xa4, 0x42, 0x69, 0xaf, 0x26, 0x04, 0xc8,
+ 0xb1, 0xba, 0x22, 0x50, 0x53, 0xd6, 0xdb, 0x9a, 0xb4, 0x35, 0x77, 0x68,
+ 0x94, 0x01, 0xbd, 0xc0, 0xf3},
+ priv_key_2b,
true}};
#endif // rsa_pkcs1_2048_vectors_h__--- a/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h
+++ b/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h
@@ -5023,16 +5023,169 @@ static const std::vector<uint8_t> priv_k
0x5d, 0xe1, 0xe7, 0x58, 0x2d, 0x45, 0xdb, 0xee, 0x86, 0x8f, 0xed, 0xb5,
0x2b, 0x4d, 0xe3, 0xb2, 0x77, 0x96, 0x50, 0xff, 0xc9, 0x77, 0x66, 0x3d,
0xc7, 0xfc, 0xbf, 0x0d, 0xa6, 0x0e, 0xff, 0x97, 0xbd, 0xb3, 0x25, 0x7d,
0x07, 0x39, 0xb2, 0x27, 0x38, 0xa6, 0x8e, 0x31, 0xa8, 0x19, 0xf0, 0x90,
0xa9, 0x6d, 0x3a, 0x79, 0xe9, 0xeb, 0xfe, 0xdd, 0x99, 0xb6, 0x77, 0xe9,
0x3b, 0xcc, 0xfd, 0x41, 0x12, 0xe4, 0xf4, 0x08, 0x43, 0x32, 0x47, 0x03,
0xee, 0xae, 0x57, 0xb3, 0xf5, 0x08, 0x9d};
+/* 3072 bit key from Hubert's Bleichenbacher tests */
+static const std::vector<uint8_t> priv_key_3b{
+ 0x30, 0x82, 0x06, 0xfe, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+ 0x06, 0xe8, 0x30, 0x82, 0x06, 0xe4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x81, 0x00, 0xaf, 0xd7, 0x1c, 0xaa, 0xd5, 0xe9, 0xf5, 0xb8, 0xc6, 0xc3,
+ 0x67, 0x07, 0x0a, 0x47, 0xf1, 0x9d, 0x7e, 0x66, 0xae, 0xde, 0x18, 0xa5,
+ 0xb2, 0x74, 0x1f, 0xb3, 0xc4, 0xd3, 0x34, 0x34, 0x56, 0x06, 0x92, 0xa2,
+ 0xd9, 0x09, 0xef, 0x68, 0x88, 0xec, 0x60, 0x2f, 0xf6, 0xb9, 0x3a, 0xf2,
+ 0x58, 0xee, 0x74, 0x30, 0x3c, 0x30, 0x1a, 0xfc, 0xd4, 0xed, 0xbe, 0xc4,
+ 0x33, 0x11, 0xdd, 0xc8, 0xdd, 0xbf, 0x00, 0xdd, 0xbb, 0xe3, 0x86, 0xd3,
+ 0x3b, 0x8d, 0x0e, 0x22, 0xb1, 0xb4, 0x49, 0x36, 0xdc, 0x48, 0x98, 0x71,
+ 0xb8, 0x52, 0x37, 0xb3, 0x4c, 0xe7, 0x47, 0xad, 0x8f, 0xdb, 0x0c, 0x4e,
+ 0x4d, 0x1d, 0xaa, 0x7a, 0xad, 0xf0, 0x73, 0x85, 0xc5, 0xc8, 0x73, 0x2c,
+ 0xcb, 0x7d, 0x5a, 0x49, 0xe2, 0xe5, 0x0c, 0x88, 0x3c, 0x7d, 0x7a, 0xc1,
+ 0x0e, 0xd6, 0xa7, 0x4d, 0x9a, 0xc9, 0x0d, 0xf9, 0x12, 0x99, 0x05, 0xa1,
+ 0x7d, 0x4a, 0x08, 0x72, 0x10, 0xfc, 0x78, 0xb6, 0xd0, 0x4b, 0x1e, 0xb9,
+ 0x69, 0x48, 0x2c, 0x11, 0xa6, 0xee, 0xb7, 0x9c, 0x50, 0xe5, 0xb1, 0x6f,
+ 0x3f, 0x25, 0x4f, 0x75, 0x71, 0x52, 0x8b, 0x2f, 0x17, 0x16, 0xab, 0x81,
+ 0x6d, 0x6e, 0xca, 0x07, 0x27, 0xbd, 0xea, 0x98, 0x05, 0x93, 0x29, 0x73,
+ 0x0e, 0xb8, 0xc3, 0x3c, 0xe7, 0x1d, 0x61, 0xdd, 0x4a, 0xc3, 0x93, 0xb6,
+ 0x25, 0x6e, 0x07, 0xac, 0x1d, 0x12, 0x4f, 0x02, 0x00, 0xd1, 0xc3, 0xe0,
+ 0x5a, 0x4c, 0x1b, 0xc7, 0xf1, 0xed, 0x2f, 0xc8, 0x3e, 0x57, 0x19, 0x9c,
+ 0xfe, 0x59, 0x08, 0xb1, 0x00, 0x87, 0xe2, 0x7f, 0xbd, 0x97, 0xd2, 0xc2,
+ 0x42, 0x14, 0x61, 0x9c, 0x71, 0x47, 0xc8, 0xfb, 0xef, 0xca, 0x39, 0xbc,
+ 0x25, 0x67, 0x62, 0xa6, 0x82, 0x35, 0x31, 0xf7, 0xe2, 0x34, 0xd6, 0x8e,
+ 0xae, 0x7a, 0x0d, 0x9f, 0xaf, 0x10, 0xdd, 0x15, 0xe9, 0x52, 0x37, 0x80,
+ 0xc7, 0xd5, 0xae, 0x58, 0x09, 0x4a, 0xd5, 0x25, 0xa9, 0x06, 0x3b, 0x4c,
+ 0x33, 0xf9, 0x5e, 0x10, 0x06, 0xda, 0x2e, 0xb1, 0x2d, 0x37, 0x43, 0x68,
+ 0x94, 0x95, 0xc1, 0xf2, 0x02, 0x3e, 0x40, 0x73, 0x53, 0xc5, 0xeb, 0x3e,
+ 0x4c, 0xa1, 0xc4, 0x8c, 0xff, 0x81, 0xa1, 0x09, 0x00, 0xd1, 0x48, 0x20,
+ 0xeb, 0x80, 0x1a, 0xf4, 0xf1, 0xa5, 0x96, 0xc4, 0xb9, 0xce, 0x9a, 0x53,
+ 0x1f, 0xcf, 0x8a, 0x54, 0xd9, 0xff, 0xd7, 0x24, 0x25, 0x8b, 0x6e, 0xec,
+ 0x20, 0x10, 0x8d, 0xf6, 0xfd, 0xfd, 0x76, 0xd4, 0xae, 0x03, 0xba, 0x7e,
+ 0xa5, 0x98, 0xdc, 0xb0, 0xe4, 0xa2, 0x80, 0x84, 0x95, 0x87, 0x28, 0x6f,
+ 0x4d, 0x7f, 0x25, 0x6c, 0xe8, 0x5e, 0x5e, 0xb5, 0x67, 0x9b, 0x1d, 0xac,
+ 0xc1, 0xf9, 0x09, 0x56, 0x49, 0xb7, 0x2e, 0x5f, 0xa0, 0x72, 0xae, 0xb0,
+ 0x03, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x80, 0x25,
+ 0x17, 0xea, 0xcb, 0x3a, 0xfe, 0xf4, 0xbf, 0xfa, 0xe6, 0x03, 0x98, 0xdf,
+ 0x99, 0x57, 0xa5, 0xd2, 0xa1, 0x54, 0xa8, 0x33, 0x68, 0xd8, 0xe1, 0x58,
+ 0x42, 0xb2, 0xf5, 0x9e, 0xe0, 0x9f, 0x79, 0x19, 0x7b, 0xd2, 0xef, 0x1e,
+ 0x9a, 0xdd, 0xaf, 0x87, 0x86, 0xf6, 0xb4, 0x12, 0x74, 0x47, 0x40, 0x5e,
+ 0x30, 0x42, 0xb2, 0x1f, 0x2f, 0x50, 0xb7, 0xaa, 0x73, 0x77, 0x16, 0x80,
+ 0xc3, 0xbb, 0xcb, 0x6c, 0x22, 0x5a, 0x5d, 0x5f, 0xf6, 0xb5, 0x6c, 0x47,
+ 0x1c, 0x18, 0x82, 0xa0, 0xa3, 0x3b, 0x0a, 0xf1, 0x65, 0xa3, 0xed, 0x6c,
+ 0x24, 0x9d, 0xc7, 0x78, 0x3e, 0x6b, 0xc7, 0x58, 0xac, 0x37, 0xe6, 0x57,
+ 0x2d, 0x33, 0xfe, 0x32, 0x50, 0x78, 0xed, 0x95, 0x26, 0x50, 0xf2, 0xeb,
+ 0x96, 0x04, 0x90, 0x2e, 0xf9, 0x9a, 0x51, 0x1a, 0x11, 0x19, 0xd1, 0x3c,
+ 0x4f, 0xc9, 0xa4, 0x3a, 0x17, 0x5d, 0xcd, 0xfb, 0xfb, 0x1a, 0x14, 0x00,
+ 0xfe, 0x17, 0x09, 0x3b, 0x69, 0xcd, 0x3c, 0xdb, 0x89, 0x5f, 0x65, 0x43,
+ 0x2e, 0xa2, 0x19, 0x5f, 0x90, 0x51, 0x1c, 0x73, 0x36, 0xb5, 0x8a, 0x68,
+ 0x5d, 0xac, 0xff, 0x2d, 0xaf, 0x4c, 0x5e, 0x92, 0xe5, 0x65, 0xb1, 0x66,
+ 0x5a, 0xe6, 0x0e, 0x51, 0x2b, 0xaa, 0x99, 0x65, 0xb8, 0x08, 0xd5, 0xff,
+ 0x11, 0x9c, 0xeb, 0x7c, 0xd6, 0x92, 0xcb, 0xf9, 0x20, 0x06, 0x7a, 0xfa,
+ 0xcd, 0x80, 0x9f, 0x66, 0xbe, 0x70, 0x6d, 0xa2, 0x68, 0x10, 0xac, 0x79,
+ 0x0d, 0xb1, 0x56, 0xc9, 0x48, 0xe6, 0xfe, 0x58, 0x1b, 0xc9, 0x84, 0x91,
+ 0x57, 0xf4, 0xda, 0x49, 0x3f, 0x3a, 0x64, 0xb0, 0xc6, 0xe1, 0x19, 0xe0,
+ 0x31, 0xb1, 0x07, 0xf8, 0x43, 0x6c, 0xe2, 0x91, 0x60, 0xb4, 0x58, 0xb8,
+ 0xf9, 0xf1, 0x09, 0x5f, 0xde, 0xb1, 0x92, 0x63, 0x38, 0x4f, 0xf5, 0x38,
+ 0x75, 0x57, 0xbc, 0x4f, 0x10, 0xb4, 0x03, 0x4d, 0xe8, 0x41, 0x70, 0x3b,
+ 0xad, 0x2c, 0x1e, 0x76, 0x9c, 0x23, 0x85, 0x3e, 0xb6, 0x30, 0xa3, 0x6d,
+ 0x10, 0x61, 0xdd, 0x46, 0xe2, 0xa6, 0xbb, 0xaf, 0x74, 0x3a, 0x97, 0xf0,
+ 0xb3, 0x2c, 0x36, 0xf5, 0x0c, 0x1a, 0x37, 0x22, 0xde, 0xf3, 0xa3, 0x94,
+ 0xd9, 0x1c, 0x2e, 0x07, 0x8b, 0xf0, 0x9d, 0x79, 0x5e, 0xcd, 0xe5, 0xe5,
+ 0x6b, 0x82, 0x02, 0xf9, 0x74, 0x02, 0x6f, 0x75, 0xfc, 0x56, 0xe9, 0xa0,
+ 0xdd, 0x6a, 0x88, 0xf2, 0xe7, 0xcb, 0x78, 0xef, 0x12, 0x98, 0xcc, 0x6c,
+ 0x65, 0x20, 0x7c, 0xa4, 0x5b, 0xd3, 0x71, 0x88, 0x80, 0x7b, 0x4f, 0xcd,
+ 0xb1, 0xe6, 0x0d, 0xd8, 0xe5, 0xb8, 0x56, 0x48, 0xfb, 0x7e, 0xfa, 0x8b,
+ 0x6f, 0xdd, 0x44, 0x8f, 0x39, 0x74, 0x1a, 0x8d, 0x98, 0x09, 0xfe, 0x16,
+ 0x3a, 0xf3, 0xde, 0x45, 0xba, 0xc2, 0x4a, 0x5a, 0x84, 0x1c, 0x81, 0x02,
+ 0x81, 0xc1, 0x00, 0xe4, 0xa3, 0xd8, 0x30, 0xd7, 0x3e, 0x8b, 0x31, 0xc6,
+ 0x82, 0xe2, 0x74, 0xff, 0xc9, 0xfd, 0x12, 0xac, 0x31, 0x3d, 0x2d, 0xd0,
+ 0x51, 0x3d, 0x50, 0x57, 0x0d, 0xb7, 0xeb, 0x47, 0x62, 0xfe, 0xa1, 0x93,
+ 0xe7, 0xbb, 0x54, 0x0b, 0x94, 0xa9, 0x4a, 0x5d, 0xdd, 0x74, 0x2a, 0xcf,
+ 0x73, 0xf5, 0xde, 0xb9, 0xca, 0xe3, 0x1b, 0xd2, 0x3a, 0xc5, 0x60, 0xbb,
+ 0x27, 0x94, 0xfd, 0x68, 0x26, 0x1f, 0x82, 0x03, 0xf5, 0x71, 0x92, 0x82,
+ 0x90, 0x4f, 0x46, 0x1e, 0xac, 0xee, 0x2c, 0xe7, 0xe0, 0xa0, 0x09, 0x7a,
+ 0xa7, 0xc8, 0xdb, 0xab, 0xd3, 0x3f, 0x1b, 0xf2, 0x69, 0x91, 0x2a, 0x07,
+ 0x82, 0x71, 0x4f, 0xa9, 0x3b, 0x49, 0xea, 0xc4, 0x36, 0xeb, 0x3d, 0xe7,
+ 0x34, 0xa7, 0xd6, 0xff, 0xdf, 0xd8, 0xc2, 0xc1, 0x43, 0x5e, 0x84, 0x3f,
+ 0xc7, 0x09, 0xf9, 0x04, 0x8e, 0x54, 0x2a, 0x19, 0x7c, 0x48, 0x54, 0x2b,
+ 0xeb, 0x2b, 0x85, 0xea, 0xd0, 0xf5, 0xe6, 0x4a, 0xa6, 0x3d, 0x0e, 0xc0,
+ 0x15, 0x2b, 0x3f, 0x85, 0x61, 0x2d, 0xdc, 0xa6, 0xbf, 0xde, 0xab, 0xf3,
+ 0x17, 0x5d, 0x59, 0x7d, 0x40, 0x56, 0x3e, 0x0e, 0x06, 0x2d, 0x91, 0xcb,
+ 0x02, 0x88, 0x80, 0x08, 0x2f, 0xe9, 0xf8, 0xf0, 0x91, 0xbd, 0xbd, 0xda,
+ 0x31, 0x6e, 0xeb, 0x1e, 0x85, 0x8c, 0xa4, 0x4d, 0x2b, 0x02, 0x8a, 0xe9,
+ 0xcd, 0xe3, 0xa9, 0x02, 0x81, 0xc1, 0x00, 0xc4, 0xe1, 0xcd, 0x0e, 0xcf,
+ 0x42, 0x98, 0x61, 0x5e, 0x1f, 0x78, 0x9b, 0xa7, 0xde, 0x22, 0xfd, 0x50,
+ 0x94, 0xaf, 0x4a, 0xd1, 0xac, 0x29, 0x50, 0xee, 0x96, 0x30, 0x38, 0x5a,
+ 0x20, 0x40, 0x9a, 0x28, 0x0c, 0x65, 0x38, 0xa2, 0xfe, 0xed, 0x03, 0x14,
+ 0x48, 0xe2, 0x6e, 0x22, 0xd6, 0x70, 0x93, 0xa7, 0x1f, 0x9d, 0xc7, 0x4e,
+ 0xbd, 0x1a, 0xbc, 0x0e, 0x9c, 0xe8, 0x3d, 0x67, 0x0b, 0x02, 0x76, 0xab,
+ 0x1c, 0x85, 0xac, 0x73, 0x4d, 0xd8, 0xbf, 0x9c, 0x74, 0xcc, 0x7f, 0xec,
+ 0xbd, 0x73, 0x2d, 0x1d, 0x75, 0xf8, 0x89, 0xef, 0x46, 0x0a, 0x48, 0x19,
+ 0xba, 0x5e, 0x1b, 0x01, 0xde, 0x23, 0x32, 0x55, 0x51, 0x81, 0xb7, 0x6f,
+ 0xa9, 0x65, 0x44, 0x93, 0x19, 0x8a, 0x60, 0x6f, 0x00, 0xca, 0xfd, 0x8a,
+ 0x93, 0x35, 0x6e, 0x45, 0x6f, 0x22, 0x3b, 0x75, 0x1b, 0xd5, 0xb5, 0xca,
+ 0x97, 0xae, 0x2b, 0x39, 0xba, 0x77, 0xfb, 0x7c, 0x17, 0x4c, 0x82, 0xec,
+ 0x02, 0x18, 0x65, 0x60, 0xd5, 0xe2, 0x7b, 0xf1, 0x8a, 0x26, 0x3c, 0xc2,
+ 0x12, 0xd9, 0xcc, 0x66, 0xb0, 0x1d, 0x1d, 0xa2, 0x67, 0x3f, 0x29, 0x7d,
+ 0x4c, 0x1b, 0xed, 0x44, 0x5b, 0x4e, 0xfc, 0x5d, 0xb0, 0x61, 0x36, 0xec,
+ 0xaa, 0xbd, 0x82, 0xcb, 0x54, 0xd0, 0xfc, 0xc4, 0x26, 0x99, 0xd4, 0xd6,
+ 0x0a, 0x02, 0x27, 0xbf, 0xe0, 0x03, 0x51, 0x02, 0x81, 0xc0, 0x40, 0xf3,
+ 0x0e, 0x41, 0xe9, 0x93, 0x39, 0xc5, 0x5d, 0x07, 0xe7, 0x3e, 0xa7, 0x3f,
+ 0x00, 0xe6, 0x22, 0x06, 0x26, 0xc3, 0xf1, 0xee, 0x72, 0x05, 0x75, 0x85,
+ 0x4f, 0x1e, 0xc5, 0xfb, 0xa8, 0x2b, 0xcc, 0x31, 0x42, 0xf4, 0xc0, 0x09,
+ 0x6e, 0x01, 0xd3, 0x22, 0x4a, 0x92, 0xb2, 0xb5, 0xd5, 0x3d, 0x7c, 0xf7,
+ 0xd6, 0x86, 0x1b, 0xb5, 0x58, 0x46, 0x7f, 0x43, 0xe2, 0x3e, 0x0e, 0x2c,
+ 0xee, 0x3c, 0x67, 0xd5, 0x7c, 0x7a, 0xcb, 0x1e, 0x25, 0x76, 0xdc, 0xd5,
+ 0xf1, 0x1e, 0xce, 0x8b, 0xef, 0xca, 0x61, 0x8e, 0x72, 0x2f, 0x7c, 0xe3,
+ 0x18, 0x85, 0x5e, 0xda, 0x80, 0x43, 0x39, 0x38, 0xe3, 0xe9, 0x66, 0x40,
+ 0x92, 0x61, 0xdf, 0x75, 0x5e, 0x64, 0x0a, 0x5e, 0xd9, 0xe2, 0xe8, 0x72,
+ 0xf5, 0x47, 0x75, 0xd1, 0x26, 0x73, 0x59, 0x0e, 0xb8, 0x95, 0x85, 0xa6,
+ 0xcc, 0xdf, 0xdc, 0xb7, 0x82, 0x70, 0x6e, 0xbd, 0x72, 0x72, 0xab, 0x5e,
+ 0xca, 0xcb, 0xad, 0x9f, 0x05, 0xaf, 0x3f, 0xff, 0x83, 0x76, 0x9a, 0xf4,
+ 0x1d, 0x2c, 0x16, 0x2e, 0x61, 0x19, 0xe5, 0x87, 0x58, 0x9c, 0x48, 0x49,
+ 0x53, 0x76, 0x73, 0x53, 0x6b, 0xf4, 0x83, 0x7f, 0xe7, 0xb8, 0xbf, 0x1a,
+ 0xa5, 0x53, 0x73, 0x3b, 0x63, 0x74, 0x20, 0x1c, 0x74, 0xce, 0xd3, 0xaf,
+ 0xca, 0x61, 0x0e, 0x0e, 0xce, 0xbd, 0x19, 0x67, 0xc4, 0x69, 0x02, 0x81,
+ 0xc1, 0x00, 0xb9, 0x88, 0x4c, 0x14, 0x1b, 0xae, 0x97, 0x28, 0x92, 0x69,
+ 0x37, 0xdf, 0xff, 0x76, 0x6f, 0x24, 0xa6, 0x0e, 0x27, 0x8e, 0x6b, 0x3e,
+ 0x41, 0x05, 0x1a, 0x80, 0xff, 0xd9, 0xea, 0xdc, 0x9f, 0xe4, 0x65, 0xbf,
+ 0x20, 0x98, 0x19, 0xca, 0x00, 0x12, 0x39, 0xc8, 0x61, 0x51, 0x06, 0x95,
+ 0x6c, 0x2b, 0x48, 0x7f, 0x9b, 0xd0, 0xd9, 0x5b, 0x8d, 0x59, 0x10, 0xb0,
+ 0x3e, 0x8e, 0xb6, 0x8f, 0x02, 0x78, 0x4f, 0xd1, 0xa6, 0x0a, 0x97, 0xf2,
+ 0x11, 0x42, 0xa8, 0x2e, 0xcd, 0x13, 0xf4, 0x45, 0xa7, 0xc7, 0x29, 0x0f,
+ 0x25, 0xf2, 0xde, 0x3f, 0xf3, 0xaa, 0x74, 0x4c, 0x53, 0x28, 0x42, 0x3f,
+ 0x52, 0x8d, 0xb9, 0x27, 0x01, 0x05, 0x9b, 0x3d, 0x57, 0xc8, 0x22, 0x93,
+ 0x1b, 0xfa, 0xba, 0x40, 0x56, 0x0a, 0x4d, 0xcf, 0x61, 0xb7, 0x93, 0xc9,
+ 0x21, 0xca, 0x44, 0x16, 0xc1, 0xf2, 0xf9, 0x82, 0xac, 0xc7, 0xe1, 0x33,
+ 0xde, 0xa3, 0x68, 0x12, 0x10, 0xb1, 0x03, 0xb5, 0x09, 0xc6, 0x67, 0x55,
+ 0xc7, 0x83, 0xa3, 0x5f, 0xdb, 0x9e, 0xc0, 0x08, 0xc1, 0xa4, 0x44, 0x54,
+ 0xcc, 0x6b, 0x43, 0xc2, 0xe6, 0x1b, 0xb4, 0x0e, 0xc7, 0xf6, 0x74, 0xc7,
+ 0x53, 0x0c, 0xb1, 0x41, 0x68, 0xab, 0x38, 0xa5, 0xc1, 0xc7, 0x02, 0xd3,
+ 0xdf, 0xc9, 0x83, 0x13, 0x19, 0x3e, 0x1f, 0xa1, 0xf8, 0xdb, 0xfa, 0x8e,
+ 0x20, 0xb1, 0x02, 0x81, 0xc1, 0x00, 0xe1, 0x2a, 0x42, 0x01, 0x40, 0x7d,
+ 0x27, 0x51, 0xc9, 0xae, 0xb4, 0x2c, 0xb1, 0xf9, 0xe6, 0xaf, 0x34, 0xdc,
+ 0xd4, 0x45, 0x31, 0xa9, 0xae, 0x2a, 0x23, 0xdb, 0x54, 0x92, 0xf3, 0xc2,
+ 0x22, 0x9f, 0x6e, 0x33, 0xa2, 0x8a, 0x8a, 0x66, 0x40, 0xe4, 0xbf, 0x2f,
+ 0x1c, 0x6a, 0x23, 0x37, 0x8c, 0x5e, 0x56, 0x15, 0xe0, 0xeb, 0x12, 0xbf,
+ 0x14, 0xe8, 0x1b, 0xb9, 0x9c, 0x4c, 0xe1, 0x51, 0xb5, 0x4e, 0x61, 0x28,
+ 0x22, 0xbe, 0xb7, 0xca, 0x9e, 0x41, 0x0a, 0x5a, 0xfd, 0xdb, 0x0c, 0xa6,
+ 0x21, 0xe5, 0x97, 0x00, 0x2b, 0x9d, 0x1c, 0x81, 0x8c, 0x85, 0x60, 0x2f,
+ 0x99, 0x45, 0x29, 0x1a, 0x47, 0x50, 0x62, 0xec, 0x6a, 0xf5, 0x3f, 0x4f,
+ 0x52, 0x07, 0x9a, 0xd8, 0x1a, 0xc5, 0x9a, 0x37, 0xd9, 0xd5, 0xef, 0x70,
+ 0x08, 0x75, 0xfa, 0x77, 0x42, 0x1d, 0x50, 0x70, 0x6c, 0x74, 0xce, 0x17,
+ 0x87, 0x28, 0x9c, 0x0f, 0xa0, 0xf9, 0x4b, 0x29, 0xe1, 0xb6, 0x52, 0x49,
+ 0x69, 0xf9, 0x9d, 0x4e, 0x28, 0x22, 0x2c, 0xef, 0x49, 0x5a, 0x46, 0xed,
+ 0x21, 0x9e, 0xd0, 0x69, 0xe0, 0x77, 0x11, 0xfd, 0x52, 0xc7, 0x6a, 0x6e,
+ 0xfc, 0xdc, 0x8a, 0x9d, 0x44, 0x29, 0xe1, 0xd1, 0x4d, 0x9a, 0xc7, 0x20,
+ 0x46, 0x26, 0x07, 0xec, 0x74, 0x2d, 0xa4, 0x48, 0x07, 0x77, 0x70, 0x64,
+ 0xd8, 0x9d, 0x2b, 0x74, 0xe4, 0x2b};
+
const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = {
// Comment:
// tcID: 1
{1,
{},
{0x14, 0x2b, 0x27, 0xc7, 0x95, 0xe6, 0xd7, 0x45, 0x1d, 0xb5, 0x75, 0xc9,
0x0a, 0x38, 0x48, 0x87, 0x57, 0xa5, 0xc0, 0x77, 0x60, 0xce, 0x10, 0xe2,
@@ -5374,17 +5527,20 @@ const RsaDecryptTestVector kRsa3072Decry
0xbd, 0xac, 0x3e, 0xb4, 0x6a, 0xc4, 0xdd, 0xa2, 0xeb, 0x7d, 0x1e, 0x9d,
0x08, 0xe7, 0x82, 0x07, 0x56, 0x69, 0x43, 0x6b, 0xf5, 0xc0, 0x94, 0xc7},
priv_key_33,
true},
// Comment: ps is all 0
// tcID: 9
{9,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x34, 0xf9, 0xf6, 0x88, 0xfe, 0x27, 0x31, 0x97, 0xf4,
+ 0xed, 0x30, 0x7a, 0xfb, 0x1b, 0x3c, 0xd7, 0xa3, 0xc6,
+ 0xf7, 0x6f, 0xe4, 0xde, 0x60, 0x0b, 0x2e, 0x6e},
{0x88, 0xa6, 0x58, 0x47, 0x54, 0xad, 0x31, 0xf2, 0x8a, 0x05, 0x57, 0x5d,
0xd8, 0x09, 0xbe, 0x25, 0x23, 0x1d, 0x07, 0x8d, 0x1c, 0x1e, 0x46, 0xb7,
0x24, 0x0c, 0x1c, 0x40, 0x26, 0x45, 0xb7, 0x10, 0xeb, 0x2d, 0x2b, 0xc1,
0x89, 0xdb, 0xc1, 0x6d, 0x82, 0xd9, 0xad, 0x7b, 0xc5, 0xcc, 0x1d, 0xf3,
0x31, 0x8f, 0xc3, 0x1b, 0xae, 0x54, 0xd8, 0x8b, 0x25, 0x81, 0x9f, 0x2b,
0x41, 0x7f, 0x4d, 0xa8, 0x5d, 0xd1, 0x13, 0x30, 0xcb, 0x8b, 0xa5, 0x8b,
0xbf, 0x76, 0x6b, 0xfe, 0x42, 0x1a, 0xf8, 0x4f, 0x2b, 0x55, 0xa2, 0x98,
0xca, 0x08, 0x73, 0xfb, 0xc7, 0x23, 0x17, 0x74, 0x8c, 0x04, 0x37, 0xcf,
@@ -5408,17 +5564,17 @@ const RsaDecryptTestVector kRsa3072Decry
0xc9, 0x71, 0x49, 0xc4, 0x71, 0x24, 0xc8, 0xff, 0xc7, 0xfb, 0x55, 0x37,
0x65, 0x46, 0xb7, 0xd9, 0xf1, 0x73, 0xc5, 0x1b, 0x89, 0x9a, 0x15, 0x6c,
0x7d, 0x4d, 0x5d, 0x8d, 0x0a, 0xa8, 0xd3, 0xb5, 0xce, 0x26, 0x24, 0xcd,
0x24, 0xfe, 0x34, 0xfe, 0xd4, 0xbd, 0x57, 0xb0, 0x8a, 0x4c, 0x46, 0x4f,
0x71, 0x9b, 0xf6, 0x73, 0x27, 0xfa, 0xe5, 0x80, 0x5d, 0x71, 0x92, 0x76,
0xd3, 0x67, 0x1b, 0x0c, 0xfd, 0xf7, 0xf0, 0x5b, 0xf0, 0x77, 0x2d, 0xfe,
0x1c, 0x83, 0x0f, 0xf8, 0xf0, 0x91, 0xed, 0x49, 0xe7, 0x3f, 0x60, 0xc8},
priv_key_33,
- false},
+ true},
// Comment: ps is all 1
// tcID: 10
{10,
{0x54, 0x65, 0x73, 0x74},
{0xc2, 0x45, 0x9f, 0xbb, 0x04, 0xd6, 0x40, 0x47, 0x7c, 0x76, 0x95, 0x8c,
0x8d, 0x5c, 0xb9, 0x49, 0xac, 0x55, 0x2d, 0x18, 0x85, 0x02, 0x55, 0x3f,
0x01, 0xe6, 0xb3, 0xec, 0x65, 0x4b, 0xc7, 0x0c, 0x55, 0x04, 0x5b, 0x01,
@@ -5491,17 +5647,48 @@ const RsaDecryptTestVector kRsa3072Decry
0x58, 0x56, 0xde, 0x97, 0xfe, 0x8c, 0xc2, 0x47, 0x1a, 0x06, 0x28, 0x40,
0x75, 0xdc, 0xf0, 0x0d, 0x3f, 0xb5, 0x7a, 0x93, 0x8c, 0x7d, 0xcc, 0xbb},
priv_key_33,
true},
// Comment: byte 0 of ps is 0
// tcID: 12
{12,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x8b, 0x18, 0x5b, 0x57, 0xa2, 0xd6, 0x27, 0x7c, 0xad, 0xa2, 0x86, 0x26,
+ 0x19, 0x8b, 0x1d, 0x90, 0x82, 0xe9, 0x2b, 0x16, 0x86, 0x7f, 0x75, 0xc2,
+ 0x5a, 0x27, 0x6d, 0x9e, 0x2f, 0x31, 0xf5, 0x16, 0x82, 0x11, 0x3b, 0x55,
+ 0xf1, 0xe8, 0x55, 0x70, 0x27, 0x5b, 0xc8, 0x04, 0x2c, 0x43, 0x44, 0x04,
+ 0x24, 0x21, 0x78, 0xcf, 0x8b, 0x2d, 0xc1, 0xe0, 0x3e, 0xde, 0x80, 0xf3,
+ 0x02, 0x66, 0xf5, 0xca, 0xa2, 0x6d, 0x94, 0x36, 0xe6, 0x6e, 0xcd, 0xdf,
+ 0xdf, 0xff, 0x76, 0x65, 0x00, 0xb5, 0xd4, 0x7a, 0x14, 0x2f, 0x54, 0x93,
+ 0x5f, 0x9a, 0xdc, 0x81, 0x5a, 0xdc, 0x40, 0x60, 0xe5, 0xaf, 0x15, 0x45,
+ 0xf2, 0x1e, 0xdd, 0x65, 0x1e, 0x5f, 0x5e, 0x07, 0x69, 0x87, 0x2c, 0x31,
+ 0xe6, 0xa3, 0x31, 0x7b, 0xc4, 0xd3, 0x93, 0x2f, 0xf9, 0xc4, 0xb0, 0xb6,
+ 0x5c, 0x5e, 0x60, 0x43, 0x76, 0xae, 0xc5, 0xc9, 0x6c, 0xe7, 0x5b, 0x05,
+ 0x5b, 0x70, 0x1e, 0x83, 0x74, 0x34, 0x04, 0x83, 0xca, 0x0c, 0x0e, 0x89,
+ 0x88, 0xb5, 0xbc, 0x3c, 0xbf, 0xba, 0xc9, 0xa8, 0xbf, 0x6e, 0x78, 0xbb,
+ 0x84, 0xbf, 0x48, 0xf5, 0x70, 0x43, 0xe8, 0x5d, 0x76, 0x25, 0x1a, 0x34,
+ 0x22, 0x28, 0x4d, 0x10, 0x70, 0xf4, 0xb9, 0xad, 0xa8, 0x5f, 0xf6, 0xb8,
+ 0xd6, 0x9c, 0x39, 0x5d, 0xaf, 0x09, 0xb0, 0x6e, 0x69, 0xff, 0xab, 0x1c,
+ 0xc7, 0xb7, 0xfb, 0xc0, 0x29, 0x2e, 0xb4, 0xae, 0xd8, 0x87, 0x01, 0xf2,
+ 0x7f, 0x8b, 0xfb, 0x65, 0x43, 0x4f, 0xc1, 0x15, 0x1c, 0x7d, 0x7e, 0x7c,
+ 0xe1, 0xc8, 0xfc, 0x27, 0x3e, 0x09, 0xc6, 0x6e, 0xc7, 0xe8, 0x3d, 0x9c,
+ 0xbf, 0xb1, 0xbf, 0x62, 0xde, 0x58, 0xbe, 0xb5, 0xe7, 0xd3, 0x5e, 0xa6,
+ 0x39, 0x11, 0x51, 0xa1, 0xb0, 0x06, 0x24, 0x25, 0x65, 0x68, 0xc4, 0x98,
+ 0x7d, 0x0a, 0x09, 0x46, 0x27, 0xb0, 0x4a, 0xf5, 0x8f, 0xa8, 0x29, 0x09,
+ 0xdb, 0x5a, 0x7f, 0xd0, 0x44, 0x7e, 0xd9, 0x2e, 0x2d, 0x4d, 0x54, 0xb1,
+ 0xf4, 0xd9, 0xe6, 0x11, 0x74, 0x6a, 0x49, 0x04, 0xfa, 0x6a, 0x65, 0xa2,
+ 0xd0, 0x9a, 0xe2, 0x0b, 0x8a, 0x6c, 0xbf, 0x2f, 0x8e, 0x28, 0x10, 0xa8,
+ 0xef, 0x2f, 0x6e, 0x43, 0xdf, 0x1b, 0xe7, 0x0a, 0xa2, 0x99, 0x46, 0x11,
+ 0xf6, 0x4d, 0xac, 0x2c, 0x97, 0x1a, 0xaf, 0xe1, 0x4e, 0xc7, 0xe8, 0xfc,
+ 0x5e, 0x63, 0xa1, 0x15, 0x5a, 0x98, 0x48, 0xad, 0xa6, 0x99, 0x02, 0x6d,
+ 0xef, 0xc5, 0xd9, 0x72, 0x20, 0x88, 0xf4, 0xf4, 0xa8, 0x9a, 0x67, 0xb3,
+ 0x3e, 0x76, 0xec, 0x13, 0x2e, 0xb4, 0x48, 0x4e, 0x97, 0x4c, 0x76, 0x95,
+ 0x3c, 0xa9, 0x49, 0xcc, 0x4e, 0x73, 0x06, 0x73, 0x67, 0x03},
{0xd7, 0x23, 0xaa, 0xad, 0x7a, 0xed, 0x7f, 0xe2, 0x22, 0x77, 0xd0, 0x57,
0xc7, 0x01, 0x13, 0x53, 0x11, 0x22, 0x78, 0x1e, 0x8e, 0x46, 0xce, 0xcd,
0x03, 0x5a, 0x9d, 0x26, 0xe9, 0x80, 0xa7, 0x71, 0x65, 0x3d, 0x78, 0x0c,
0xbb, 0x21, 0xd7, 0x0d, 0xb0, 0x1a, 0xad, 0xc4, 0xa8, 0xb1, 0x3b, 0x51,
0x38, 0x0c, 0xc0, 0x15, 0x32, 0x6f, 0x56, 0x55, 0xe4, 0xac, 0xd5, 0xfb,
0x8e, 0x61, 0x75, 0x99, 0x9e, 0xfe, 0xa7, 0x29, 0xf0, 0xe1, 0xdd, 0xeb,
0x03, 0x69, 0xaa, 0xce, 0x87, 0xd7, 0x3d, 0x2d, 0x6c, 0x97, 0xed, 0xf3,
0xe6, 0x5a, 0xc5, 0x1a, 0x4b, 0x0e, 0xdd, 0x0f, 0xf0, 0xbf, 0x10, 0x21,
@@ -5525,22 +5712,53 @@ const RsaDecryptTestVector kRsa3072Decry
0xb4, 0xff, 0x49, 0xb4, 0x75, 0x45, 0xf9, 0x51, 0x01, 0xf6, 0xe0, 0xc1,
0x00, 0xc7, 0x95, 0xeb, 0xaf, 0xac, 0x15, 0xa3, 0x86, 0xa4, 0x02, 0x00,
0x43, 0x3f, 0x02, 0x3d, 0x63, 0x3b, 0x45, 0xc5, 0xb1, 0x6a, 0x07, 0x27,
0xbf, 0x56, 0x48, 0x89, 0x34, 0xa6, 0x32, 0x8a, 0x35, 0x27, 0x93, 0xa3,
0x9d, 0x3b, 0x1d, 0x77, 0xb1, 0xa6, 0x70, 0xef, 0x6d, 0x02, 0xc7, 0x6c,
0xd1, 0x6e, 0x05, 0x67, 0x40, 0xbe, 0x32, 0x3d, 0xe0, 0x3d, 0xd0, 0x9d,
0x2b, 0xa3, 0x0c, 0x91, 0x3f, 0x28, 0x9d, 0x31, 0x2d, 0xd5, 0x92, 0x5e},
priv_key_33,
- false},
+ true},
// Comment: byte 1 of ps is 0
// tcID: 13
{13,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x4b, 0x59, 0xa7, 0xcf, 0xcd, 0x10, 0x0f, 0x80, 0xb1, 0x95, 0x76, 0x01,
+ 0xc3, 0x7e, 0x7f, 0x09, 0xfa, 0x3f, 0x32, 0x6e, 0xff, 0x95, 0x38, 0xbe,
+ 0xaa, 0x5d, 0xd7, 0x11, 0x13, 0x14, 0xbe, 0x3f, 0x73, 0x6e, 0x40, 0x5e,
+ 0x41, 0x5f, 0x1e, 0xec, 0x89, 0x7c, 0x0e, 0xbc, 0x36, 0x77, 0x72, 0x78,
+ 0x65, 0x8e, 0x06, 0xa8, 0x12, 0x8e, 0x5a, 0xc9, 0xe1, 0x77, 0x5a, 0x12,
+ 0x5d, 0xe6, 0xec, 0xf0, 0x16, 0xe3, 0x14, 0xbd, 0xbc, 0xbb, 0x11, 0x48,
+ 0xd3, 0xa5, 0x2f, 0xde, 0x76, 0x6d, 0xc8, 0x02, 0xa6, 0x01, 0x31, 0xf9,
+ 0x7b, 0x6e, 0x11, 0x31, 0xc5, 0x40, 0x6d, 0x4a, 0x78, 0x5a, 0x48, 0xa7,
+ 0x59, 0x26, 0xc6, 0x87, 0x61, 0x78, 0x89, 0x06, 0xb3, 0xd1, 0xf3, 0x6f,
+ 0x09, 0xf2, 0xee, 0xfe, 0x7b, 0xfa, 0x8d, 0x7d, 0x03, 0x41, 0x4e, 0x7d,
+ 0x73, 0xef, 0x64, 0xe4, 0x12, 0x19, 0x1d, 0x53, 0x1c, 0x96, 0x5e, 0xc3,
+ 0xcc, 0x76, 0xf2, 0x8a, 0xb3, 0xc2, 0x7d, 0xa3, 0xee, 0x74, 0x5f, 0xba,
+ 0x57, 0xc8, 0x57, 0x4d, 0xec, 0xcc, 0xe0, 0x4c, 0x66, 0x9f, 0x32, 0x1e,
+ 0xae, 0x07, 0x44, 0x5b, 0xfe, 0x13, 0x42, 0x0b, 0x59, 0x8c, 0x16, 0xd4,
+ 0x50, 0x25, 0x9b, 0x45, 0x62, 0xa5, 0xf4, 0x5c, 0xb5, 0xab, 0xff, 0xf0,
+ 0xf6, 0x6e, 0x2b, 0xad, 0x42, 0xd7, 0xc6, 0x21, 0xd0, 0xba, 0x12, 0x08,
+ 0x48, 0xc5, 0x3c, 0xe1, 0xce, 0x14, 0x0d, 0x9c, 0xca, 0xd9, 0xe7, 0x51,
+ 0x12, 0x86, 0xbb, 0xd5, 0x2e, 0x64, 0xa1, 0x1f, 0x9c, 0x62, 0xd3, 0x65,
+ 0xa2, 0x94, 0x7c, 0xb1, 0x0c, 0xa3, 0xe1, 0xff, 0x30, 0x6b, 0x73, 0xfa,
+ 0x92, 0x79, 0x5c, 0x47, 0xdc, 0x99, 0x30, 0xbe, 0x92, 0x03, 0xcc, 0x64,
+ 0x43, 0x6b, 0x27, 0x8f, 0xbb, 0x6c, 0xe9, 0xd5, 0x56, 0xd3, 0x84, 0x3c,
+ 0x83, 0x4c, 0xa6, 0x4d, 0x2a, 0xbd, 0x58, 0x36, 0xbc, 0x47, 0x19, 0x8b,
+ 0xfc, 0xfd, 0xdd, 0xa5, 0x30, 0x5f, 0x7a, 0x45, 0xd9, 0x89, 0x31, 0x10,
+ 0x21, 0x16, 0x08, 0xa3, 0xc6, 0x27, 0xdb, 0x19, 0x26, 0x9c, 0x16, 0xa6,
+ 0xa8, 0x1d, 0x67, 0x77, 0xbe, 0xba, 0x4c, 0xc9, 0xbe, 0x65, 0x80, 0x4c,
+ 0xac, 0x2c, 0xa9, 0x7b, 0x11, 0xff, 0x67, 0xb2, 0x76, 0x54, 0x3c, 0xa6,
+ 0x93, 0xd1, 0x3e, 0xf6, 0x2d, 0x79, 0x7d, 0xab, 0xd6, 0x4d, 0xad, 0xfc,
+ 0x38, 0xab, 0x46, 0xb5, 0x53, 0xe2, 0x83, 0x05, 0xa2, 0x39, 0x1b, 0x77,
+ 0xec, 0xfd, 0x3e, 0x88, 0xbb, 0x07, 0xdc, 0xa0, 0x9d, 0xe1, 0xa8, 0xbe,
+ 0xee, 0xb7, 0x88, 0xaa, 0xd6, 0x24, 0xbc, 0xd8, 0xa7, 0x89, 0x9c, 0x67,
+ 0xa2, 0x31, 0x35},
{0x5b, 0x68, 0xc3, 0xc4, 0x63, 0xfd, 0x8f, 0xfe, 0xda, 0x06, 0xc0, 0x9f,
0xdd, 0xcc, 0xbc, 0x52, 0x84, 0x01, 0x7f, 0x75, 0x3f, 0xf8, 0x1e, 0x1d,
0xb2, 0x55, 0xec, 0xc8, 0xc3, 0x2b, 0x7c, 0x11, 0xe7, 0xf9, 0x2d, 0xdc,
0x17, 0x0f, 0xd5, 0x78, 0xf6, 0xd0, 0xe8, 0x21, 0x8a, 0xcd, 0x1b, 0x04,
0xbb, 0xf5, 0xbf, 0x54, 0x0c, 0x11, 0x67, 0x98, 0x4d, 0xc6, 0x3a, 0xbb,
0xc5, 0x79, 0x92, 0x84, 0xa7, 0xc2, 0x8a, 0x20, 0xce, 0x4f, 0x6b, 0x95,
0xe1, 0x42, 0x57, 0x1f, 0x57, 0x19, 0x8a, 0x6b, 0x0b, 0xb9, 0x48, 0x8f,
0x45, 0x5f, 0xbe, 0xa0, 0x76, 0xe5, 0x20, 0x85, 0x3b, 0x92, 0xe8, 0x48,
@@ -5564,22 +5782,52 @@ const RsaDecryptTestVector kRsa3072Decry
0x64, 0x09, 0xd3, 0xac, 0xa1, 0x65, 0xc8, 0x17, 0x46, 0xd4, 0xc9, 0x56,
0xeb, 0xf8, 0xfb, 0x5b, 0x7b, 0x31, 0xbc, 0x31, 0xc8, 0xa0, 0x50, 0x9c,
0xf0, 0x68, 0x79, 0x4a, 0xb0, 0xbd, 0x68, 0x7d, 0xc1, 0xed, 0x84, 0xea,
0x6b, 0x17, 0xe7, 0xf9, 0x8d, 0x23, 0x5e, 0x75, 0x41, 0xbf, 0xa6, 0xe6,
0x49, 0x16, 0xcb, 0x02, 0xf6, 0xc2, 0x89, 0x2c, 0x56, 0x78, 0x7c, 0x1b,
0xa4, 0x90, 0xbc, 0xdf, 0xd7, 0x00, 0x0f, 0x52, 0x9c, 0x48, 0x60, 0x8c,
0x2e, 0xfd, 0x62, 0x40, 0xed, 0x7e, 0x84, 0xfc, 0x1b, 0x04, 0xf0, 0xcc},
priv_key_33,
- false},
+ true},
// Comment: byte 7 of ps is 0
// tcID: 14
{14,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x25, 0x1c, 0xa3, 0x2f, 0x3c, 0x78, 0xa2, 0x31, 0x6a, 0x98, 0xb2, 0x7c,
+ 0x9a, 0x82, 0xd4, 0x2d, 0x1b, 0xfb, 0x65, 0x41, 0xde, 0xee, 0x2e, 0x7f,
+ 0xd3, 0x84, 0x4c, 0x96, 0x91, 0x05, 0x4f, 0xe1, 0x54, 0xb7, 0x01, 0xa5,
+ 0xd6, 0xa3, 0xf9, 0xe7, 0xd4, 0xdd, 0x83, 0xa8, 0xe4, 0xb0, 0xe0, 0x05,
+ 0xa7, 0x23, 0x5a, 0x24, 0x2d, 0x6c, 0xd9, 0x39, 0xb1, 0x53, 0x5a, 0x79,
+ 0xd8, 0xb9, 0x53, 0xee, 0x36, 0x48, 0x3b, 0x5e, 0x0b, 0x24, 0xb8, 0xb0,
+ 0x1b, 0x57, 0xc5, 0xbc, 0x64, 0x15, 0xe1, 0xec, 0xe2, 0x39, 0x76, 0xe3,
+ 0xe9, 0x52, 0x0b, 0xcc, 0x98, 0x73, 0xac, 0xae, 0x26, 0x10, 0x7e, 0xf3,
+ 0x07, 0xfb, 0xdc, 0x0f, 0x89, 0xa5, 0x36, 0x9b, 0xa0, 0x93, 0xab, 0x96,
+ 0x42, 0x78, 0xd8, 0x6e, 0x4b, 0xc1, 0x33, 0x5e, 0x4c, 0x20, 0x7e, 0xcb,
+ 0x75, 0x11, 0x87, 0x7e, 0xbc, 0x37, 0x96, 0x76, 0x6a, 0x76, 0x92, 0xef,
+ 0x5d, 0x4f, 0x27, 0xd8, 0x6b, 0x44, 0xce, 0x87, 0xfc, 0x5f, 0x4b, 0xe9,
+ 0x86, 0xf4, 0xd0, 0xa3, 0xe3, 0x1a, 0xe2, 0xe2, 0x1e, 0xe5, 0x48, 0x4f,
+ 0x3b, 0x6f, 0xf2, 0xa3, 0x0e, 0x45, 0xba, 0x42, 0xc1, 0x6b, 0x84, 0x63,
+ 0x8f, 0x1a, 0xa7, 0x66, 0x42, 0xb2, 0x55, 0xf7, 0x66, 0x28, 0x6f, 0xa4,
+ 0x53, 0x38, 0xb8, 0x0d, 0x39, 0x33, 0xde, 0x80, 0x3a, 0x0d, 0x20, 0x69,
+ 0x41, 0x18, 0x3f, 0x0c, 0xd9, 0x3c, 0xdb, 0x80, 0x58, 0x74, 0xfd, 0xef,
+ 0xac, 0xfc, 0x0a, 0xc2, 0x3e, 0xe2, 0xfc, 0x2d, 0xd9, 0xf0, 0x9e, 0x2f,
+ 0x61, 0xe2, 0x46, 0x94, 0xbf, 0xd9, 0x31, 0xf9, 0xcd, 0x25, 0xfb, 0x7c,
+ 0x16, 0x3b, 0xcc, 0x66, 0x11, 0x9b, 0xd9, 0x5a, 0x19, 0xe8, 0x07, 0xf2,
+ 0xd0, 0x87, 0x57, 0x72, 0x5e, 0xc9, 0x28, 0x23, 0x4f, 0x5c, 0xcd, 0xbb,
+ 0xb8, 0x99, 0x5d, 0x4f, 0xf3, 0x96, 0xd8, 0x11, 0x00, 0xf1, 0xae, 0xb4,
+ 0x12, 0x1b, 0xea, 0xb6, 0xb3, 0xc5, 0x06, 0x2b, 0xff, 0xa3, 0x8f, 0x0b,
+ 0xc8, 0x31, 0x91, 0x6f, 0xb4, 0xe4, 0xb8, 0xb2, 0x04, 0x2b, 0x9a, 0xf5,
+ 0xc1, 0x45, 0xe0, 0xe3, 0x16, 0xfe, 0xd2, 0xbf, 0x5c, 0x07, 0xbe, 0x9f,
+ 0x47, 0x78, 0xc4, 0xbd, 0x6e, 0x9d, 0x17, 0xfb, 0x72, 0x1f, 0x42, 0x16,
+ 0xc5, 0x5d, 0xd6, 0xbb, 0xd3, 0x5b, 0xef, 0x5f, 0x0d, 0x96, 0xef, 0x78,
+ 0xce, 0x80, 0xad, 0xe8, 0x3f, 0x48, 0x59, 0x92, 0xe3, 0xe5, 0x6e, 0x02,
+ 0xba, 0xaf, 0xbd, 0xcc, 0x65, 0x07, 0xda, 0x44, 0x19, 0x3a, 0xc2, 0xac,
+ 0x26, 0x96, 0x41, 0xa4, 0x13, 0x2c, 0x11, 0xf6, 0xae, 0x8d},
{0x01, 0xaf, 0x89, 0xa4, 0xd3, 0x7a, 0x04, 0x28, 0x0b, 0x78, 0x62, 0x82,
0x61, 0x96, 0x4c, 0xd3, 0xfe, 0x67, 0xd0, 0x62, 0xb7, 0x4c, 0x35, 0xe8,
0x51, 0xf6, 0x8b, 0x9f, 0x8f, 0xaf, 0x74, 0x54, 0xa2, 0x2d, 0xf1, 0xc8,
0x4c, 0x64, 0xf6, 0x25, 0x51, 0x5b, 0x16, 0xb9, 0x0d, 0x29, 0x8d, 0x11,
0x23, 0xc3, 0x01, 0x0d, 0x84, 0x5b, 0x86, 0xc7, 0xbb, 0xe5, 0x16, 0xe4,
0x43, 0x4f, 0x1f, 0xea, 0xf3, 0xd8, 0x38, 0x29, 0xd6, 0x65, 0x8d, 0x51,
0x28, 0x06, 0x9b, 0xf4, 0xa3, 0xfd, 0x5e, 0x08, 0x70, 0x90, 0x3a, 0xc3,
0x13, 0xf7, 0x43, 0xb9, 0xc7, 0xa8, 0xf3, 0xa7, 0xea, 0x4e, 0x9f, 0x72,
@@ -5603,22 +5851,48 @@ const RsaDecryptTestVector kRsa3072Decry
0x9f, 0x6d, 0x86, 0xbb, 0xdd, 0x46, 0xc1, 0x75, 0x21, 0x45, 0x14, 0xb2,
0x80, 0x1f, 0xfa, 0xe4, 0x49, 0x02, 0x9a, 0xb0, 0x98, 0x7d, 0xd2, 0xae,
0x49, 0xa6, 0x19, 0xe6, 0x71, 0x7a, 0xbb, 0xc2, 0x39, 0x5c, 0xbd, 0x02,
0xb2, 0xb0, 0xee, 0x40, 0x23, 0xdc, 0x85, 0x8e, 0x10, 0xfb, 0x08, 0xaf,
0x57, 0x97, 0x20, 0xa5, 0x1b, 0x7a, 0xa5, 0x1e, 0x5b, 0x36, 0x6b, 0x55,
0x03, 0x56, 0x3c, 0x27, 0x1c, 0x48, 0x50, 0x56, 0x15, 0x3e, 0xfc, 0x36,
0x25, 0x15, 0x92, 0x9e, 0xd6, 0x17, 0x3a, 0x4f, 0xdc, 0xfc, 0xb0, 0xfd},
priv_key_33,
- false},
+ true},
// Comment: ps truncated
// tcID: 15
{15,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xdc, 0xcf, 0x39, 0x12, 0xda, 0xf1, 0x52, 0x57, 0xa9, 0xe2, 0xbc, 0xf3,
+ 0x8b, 0xc6, 0x3c, 0x65, 0x41, 0x38, 0x81, 0x22, 0xdb, 0x4e, 0x97, 0xcc,
+ 0xe2, 0x46, 0x71, 0x53, 0x4f, 0x28, 0x95, 0x12, 0x28, 0xf5, 0x9e, 0x47,
+ 0x77, 0x99, 0x24, 0x83, 0xa1, 0xb5, 0xcf, 0x1d, 0x0e, 0x6b, 0xcd, 0x0f,
+ 0xad, 0xf7, 0x4c, 0xfe, 0x68, 0x95, 0x15, 0xcd, 0xba, 0x0c, 0x15, 0x67,
+ 0x2b, 0x40, 0x8b, 0x0d, 0xf0, 0x87, 0x70, 0x2d, 0xd4, 0xf0, 0x8d, 0x93,
+ 0xb5, 0xa1, 0xc2, 0xdc, 0xfc, 0xfa, 0xe9, 0xc3, 0x9f, 0x3f, 0xd5, 0xac,
+ 0x49, 0x86, 0xed, 0xf2, 0x07, 0x3a, 0xee, 0xbf, 0x63, 0xcc, 0xac, 0xda,
+ 0x21, 0x8b, 0x29, 0xaa, 0x79, 0x04, 0x37, 0xbb, 0x11, 0x5e, 0x9c, 0xa6,
+ 0x18, 0x72, 0x62, 0xcd, 0xf5, 0xc4, 0xa9, 0xac, 0xa5, 0x59, 0xc6, 0x51,
+ 0xe1, 0xec, 0x17, 0x1d, 0x9d, 0xab, 0xf8, 0x21, 0xc8, 0xe6, 0x5a, 0x2d,
+ 0x9e, 0x36, 0xb8, 0x32, 0x31, 0x20, 0xf1, 0x38, 0xca, 0xa8, 0x5d, 0x6d,
+ 0x7c, 0x60, 0x90, 0x09, 0x32, 0xcf, 0x08, 0x1b, 0xb4, 0x2b, 0xa9, 0x54,
+ 0xc9, 0xea, 0xe8, 0xf0, 0x13, 0x2b, 0x2a, 0x4b, 0xad, 0x99, 0x54, 0x82,
+ 0x93, 0xf5, 0xc1, 0xcb, 0x2c, 0xe3, 0x86, 0x25, 0x26, 0x11, 0x4b, 0xe5,
+ 0x3d, 0x82, 0xdf, 0xc5, 0x87, 0x4a, 0x6b, 0xd9, 0xe1, 0x99, 0x97, 0x07,
+ 0x9e, 0x5e, 0x99, 0x8c, 0xef, 0xbb, 0xd5, 0x9b, 0x74, 0x6f, 0x78, 0xd9,
+ 0xbf, 0xbe, 0x90, 0xa0, 0x26, 0x74, 0xb6, 0x2d, 0x70, 0xfb, 0xbe, 0x97,
+ 0x11, 0xdd, 0xb3, 0xf0, 0x9a, 0x7f, 0x23, 0xa9, 0x05, 0xf0, 0x31, 0x67,
+ 0x0c, 0x84, 0x58, 0xe1, 0xf8, 0x8b, 0x99, 0xb0, 0x68, 0xea, 0xb3, 0x1c,
+ 0x60, 0x9a, 0xe4, 0x61, 0x46, 0x10, 0xe5, 0xab, 0x36, 0xb9, 0xff, 0x55,
+ 0xf5, 0x36, 0x34, 0x53, 0x5b, 0xd6, 0xb9, 0xb9, 0x05, 0x13, 0x37, 0x43,
+ 0xc2, 0x28, 0xac, 0x28, 0x5f, 0x4c, 0x33, 0x80, 0x39, 0xd4, 0x90, 0x64,
+ 0xa1, 0x05, 0x41, 0xfc, 0xae, 0xe9, 0x16, 0xf5, 0xe3, 0x5a, 0x78, 0x77,
+ 0xca, 0x52, 0x32, 0xe1, 0x66, 0xf0, 0x73, 0x0c, 0xfa, 0x4d, 0x65, 0xea,
+ 0x91, 0xeb, 0xc6},
{0x70, 0x0d, 0x40, 0xcf, 0xb0, 0x98, 0x1f, 0x7b, 0x86, 0x26, 0x0e, 0x36,
0x71, 0x2a, 0x46, 0x3d, 0x2d, 0x2f, 0xaf, 0x1f, 0x9d, 0xa3, 0xbf, 0x76,
0x2c, 0x3f, 0x99, 0x33, 0x71, 0xb4, 0x41, 0xd9, 0xe3, 0x74, 0x7f, 0x12,
0x6d, 0xfe, 0x2c, 0xa3, 0xb6, 0xd5, 0x38, 0xa2, 0xc5, 0x31, 0x47, 0xe7,
0xba, 0xe6, 0x0b, 0x64, 0x05, 0x23, 0x8f, 0x0d, 0x76, 0xcf, 0xf5, 0xf4,
0x20, 0xf8, 0xb6, 0x41, 0xcc, 0xbb, 0xe9, 0xdb, 0x0f, 0x0b, 0x2e, 0xaa,
0xc8, 0x73, 0x35, 0xce, 0x99, 0xce, 0x8a, 0x2e, 0xec, 0x1b, 0xec, 0x4d,
0x56, 0x9f, 0xe8, 0x1c, 0xd5, 0x80, 0xf6, 0x49, 0x0e, 0x3a, 0xe2, 0x72,
@@ -5642,22 +5916,53 @@ const RsaDecryptTestVector kRsa3072Decry
0xd2, 0x39, 0xad, 0xd7, 0xfb, 0x99, 0xf2, 0x4a, 0x48, 0x67, 0xa8, 0x5a,
0x8e, 0x29, 0xba, 0x66, 0x8c, 0x7c, 0x1b, 0x59, 0x48, 0xd7, 0x9b, 0x2f,
0x41, 0x29, 0x98, 0x42, 0x2b, 0xc3, 0x54, 0x57, 0xbd, 0x05, 0xa4, 0xe5,
0x37, 0x3e, 0xc6, 0x71, 0xa8, 0x8b, 0xc1, 0x5e, 0xb7, 0xa4, 0xfa, 0xb7,
0x39, 0x4e, 0x38, 0x54, 0x1f, 0xe8, 0xd4, 0xd2, 0xdb, 0xc7, 0x09, 0x4b,
0xe0, 0x69, 0x93, 0x3a, 0xdd, 0xed, 0x25, 0x0d, 0xaf, 0xd8, 0x09, 0x1d,
0xcc, 0x53, 0xba, 0x08, 0x30, 0x1e, 0x64, 0xd4, 0x9a, 0x49, 0x60, 0xc9},
priv_key_33,
- false},
+ true},
// Comment: ps missing
// tcID: 16
{16,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x55, 0x93, 0xd2, 0xbb, 0x19, 0xdd, 0x30, 0x22, 0xb0, 0x69, 0xe5, 0xcc,
+ 0x40, 0x77, 0x98, 0x4b, 0x55, 0x0a, 0xe3, 0x03, 0x48, 0x80, 0x7e, 0xab,
+ 0x83, 0x23, 0x51, 0xd9, 0xd7, 0x01, 0x5f, 0x5b, 0x58, 0xc5, 0x3c, 0xc6,
+ 0x8d, 0xa6, 0x3c, 0xf2, 0x8c, 0xae, 0xa7, 0xf5, 0x60, 0xa5, 0x7c, 0xe4,
+ 0xc4, 0x4f, 0xda, 0xa3, 0xcd, 0xfb, 0x89, 0x31, 0xf2, 0x49, 0xea, 0xb8,
+ 0xd3, 0xe0, 0x56, 0x52, 0x64, 0x02, 0x56, 0x71, 0x10, 0xf2, 0x42, 0x6e,
+ 0x9b, 0x6d, 0x1f, 0xcc, 0x23, 0xb1, 0x25, 0xf6, 0xb8, 0x05, 0x0e, 0xae,
+ 0xa1, 0x13, 0xbf, 0x5b, 0x35, 0x58, 0x98, 0x52, 0xc2, 0x76, 0xb2, 0x56,
+ 0x5b, 0xca, 0x2b, 0xca, 0xf7, 0xea, 0x64, 0x55, 0xa0, 0xfa, 0x95, 0x16,
+ 0x4b, 0x86, 0x2c, 0x66, 0xe0, 0xe9, 0xef, 0x3f, 0xd4, 0x45, 0x68, 0xa2,
+ 0x4f, 0x63, 0x08, 0xb6, 0x36, 0xe1, 0x29, 0x76, 0xe9, 0x8d, 0xa5, 0xd1,
+ 0xc3, 0x22, 0x0b, 0xca, 0x78, 0x22, 0x0b, 0x2c, 0xcd, 0x7b, 0x82, 0x05,
+ 0x72, 0x4d, 0x4a, 0xd5, 0xee, 0x65, 0xb9, 0xe3, 0xf8, 0x10, 0x67, 0x29,
+ 0xc6, 0xb7, 0xc2, 0x56, 0xce, 0xde, 0xff, 0x23, 0xae, 0x18, 0x78, 0x76,
+ 0xb4, 0x71, 0x38, 0x6f, 0x1c, 0x71, 0xc0, 0x5d, 0x69, 0x23, 0xf6, 0xae,
+ 0xc4, 0xe2, 0x0c, 0x8b, 0x48, 0x6b, 0x4e, 0x45, 0xf6, 0xf8, 0xc9, 0xb9,
+ 0x71, 0x9e, 0xba, 0xee, 0x8a, 0x50, 0x58, 0x14, 0xca, 0xea, 0xea, 0x5d,
+ 0xe0, 0x6d, 0x3c, 0x83, 0xbd, 0x3d, 0xde, 0x2e, 0xfc, 0xce, 0x55, 0x4a,
+ 0xe9, 0x39, 0xd4, 0xc3, 0x6a, 0xce, 0x17, 0x38, 0x83, 0x56, 0x7f, 0x3b,
+ 0x03, 0xd5, 0xca, 0xad, 0xcf, 0x66, 0xfd, 0x02, 0xa9, 0x0a, 0x9f, 0x57,
+ 0xa6, 0xb4, 0x3b, 0xde, 0x29, 0xf1, 0xe7, 0x6f, 0x25, 0x3e, 0xba, 0x7f,
+ 0x4a, 0x03, 0xf5, 0x91, 0x0c, 0xa6, 0x8f, 0xe1, 0xad, 0xfa, 0xac, 0x24,
+ 0x89, 0x51, 0xd3, 0x49, 0xcf, 0x06, 0x62, 0x3c, 0x7d, 0xb3, 0x23, 0x36,
+ 0x65, 0xcd, 0x1f, 0x6f, 0x18, 0x90, 0xc5, 0x9e, 0x83, 0xa4, 0x8e, 0x7f,
+ 0xb9, 0x78, 0x96, 0x4a, 0x2d, 0x63, 0xc3, 0xc7, 0x24, 0x94, 0xee, 0x43,
+ 0xc0, 0x80, 0x46, 0xe3, 0x68, 0xe8, 0x4e, 0x0d, 0x7e, 0x14, 0xb4, 0xca,
+ 0x58, 0x7b, 0xf2, 0xd8, 0xc6, 0xc5, 0x3d, 0x7b, 0x2d, 0xab, 0x9b, 0xe4,
+ 0xb0, 0x08, 0x25, 0xb5, 0x0d, 0x3d, 0x8b, 0x33, 0xc1, 0xa6, 0x8f, 0x07,
+ 0xcb, 0x2a, 0x56, 0x94, 0xa3, 0x14, 0x89, 0x46, 0x2b, 0xae, 0x4c, 0x90,
+ 0xd7, 0xf2, 0xcb, 0x13, 0xe6, 0x75, 0x21, 0xf7, 0xd0, 0xef, 0xad, 0x3e,
+ 0x55, 0x85, 0x55, 0x6c},
{0x5a, 0x76, 0x25, 0x90, 0x27, 0x08, 0x9e, 0xdb, 0x01, 0x9b, 0x04, 0x78,
0x8c, 0xb7, 0x02, 0xe5, 0xe0, 0x6b, 0x13, 0xb9, 0x82, 0x6d, 0x57, 0x35,
0x16, 0x94, 0xd2, 0x0f, 0x59, 0x84, 0xba, 0xdd, 0x49, 0x60, 0xbd, 0xc4,
0x9b, 0x90, 0x0c, 0x90, 0x32, 0x55, 0xff, 0xc6, 0x89, 0x67, 0x60, 0x44,
0xce, 0x09, 0x90, 0x44, 0x7f, 0xa4, 0xc6, 0x74, 0xe7, 0x80, 0xb2, 0x4c,
0x14, 0x2e, 0x39, 0xd1, 0x57, 0xbd, 0x64, 0x99, 0x95, 0xc2, 0x32, 0x09,
0xb6, 0x97, 0xf4, 0x44, 0xa8, 0xd1, 0x4f, 0x96, 0x03, 0x37, 0x07, 0xc6,
0x36, 0xc3, 0x12, 0xb0, 0x19, 0x78, 0x3b, 0x19, 0x85, 0xdb, 0xae, 0x4b,
@@ -5681,22 +5986,36 @@ const RsaDecryptTestVector kRsa3072Decry
0x99, 0xe1, 0x0f, 0x65, 0x29, 0x7d, 0xc6, 0xe7, 0x0f, 0x8c, 0x76, 0x23,
0x31, 0x2f, 0x72, 0x05, 0xcf, 0xab, 0xa7, 0x59, 0xa9, 0x66, 0x39, 0x54,
0xca, 0x3c, 0xd4, 0x39, 0x0e, 0x7b, 0xe3, 0x3e, 0x0e, 0xcb, 0x9d, 0x3a,
0x54, 0x93, 0xc0, 0x32, 0x9e, 0x6c, 0x07, 0xd0, 0x48, 0xc9, 0x3f, 0xf2,
0x85, 0xd2, 0x8e, 0x33, 0x8d, 0xb5, 0x59, 0x5c, 0x5d, 0xfd, 0x6d, 0x31,
0xe9, 0x20, 0xe4, 0x94, 0x27, 0xc0, 0x62, 0x3c, 0x01, 0xd4, 0x98, 0xbe,
0xc7, 0xea, 0x2f, 0x19, 0x77, 0xa3, 0xd6, 0xa1, 0xed, 0x79, 0x43, 0xf0},
priv_key_33,
- false},
+ true},
// Comment: Block type = 0
// tcID: 17
{17,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xff, 0xb7, 0xb4, 0x8f, 0x15, 0x83, 0x3f, 0x1e, 0x06, 0x8d, 0xd4, 0x6f,
+ 0xba, 0x45, 0x6f, 0x45, 0x78, 0xb3, 0x31, 0xa3, 0x01, 0xe3, 0x97, 0xcc,
+ 0x01, 0xa4, 0x6c, 0x3a, 0x4b, 0x0b, 0xf4, 0x4a, 0x44, 0xa3, 0x8c, 0x7e,
+ 0x7f, 0x19, 0xe5, 0x5b, 0x0a, 0x65, 0x5b, 0x1e, 0x8e, 0xc5, 0x55, 0x91,
+ 0x8e, 0x49, 0x82, 0x00, 0x5f, 0x14, 0x81, 0xd1, 0x8c, 0x56, 0xb1, 0x8d,
+ 0x30, 0x51, 0xe6, 0x29, 0x18, 0x05, 0xeb, 0xec, 0xa6, 0x22, 0x3c, 0xf1,
+ 0x36, 0x86, 0x4f, 0x2b, 0x61, 0x89, 0xe4, 0xaa, 0xe6, 0xd0, 0x7c, 0x95,
+ 0xdf, 0xc2, 0x85, 0xb5, 0xe2, 0xb3, 0x5a, 0x4c, 0xa7, 0x05, 0xd3, 0x96,
+ 0xa8, 0x64, 0x8b, 0x14, 0xc9, 0x38, 0x5b, 0x99, 0x54, 0xe1, 0x6f, 0x7f,
+ 0xa4, 0xba, 0xb3, 0xaa, 0xd8, 0xe4, 0x5f, 0xe5, 0x7c, 0x62, 0x4e, 0x1d,
+ 0xcd, 0xc2, 0x8b, 0xb5, 0x15, 0x37, 0x04, 0xfb, 0xdd, 0xb2, 0xee, 0xef,
+ 0xd3, 0x1d, 0xbb, 0x79, 0x0c, 0x93, 0x10, 0x29, 0xfb, 0xec, 0x41, 0xaf,
+ 0xea, 0x82, 0x48, 0x47, 0x53, 0xc3, 0x79, 0xfd, 0x18, 0x1a, 0x62, 0xb1,
+ 0xe7, 0x7c, 0x6b, 0x92, 0x21, 0x03, 0xc1, 0xc6, 0x3e, 0xa1, 0xeb},
{0x09, 0x46, 0x36, 0x1a, 0xcb, 0x9a, 0x12, 0x45, 0x2e, 0x37, 0x0d, 0x04,
0xab, 0xbb, 0x2f, 0x64, 0xde, 0x06, 0x51, 0xce, 0x5d, 0x6e, 0x81, 0x3b,
0x4d, 0x25, 0x64, 0x76, 0x00, 0x3c, 0xfb, 0x17, 0x00, 0x48, 0x28, 0x44,
0x25, 0xc1, 0x50, 0xdd, 0x94, 0x30, 0xdd, 0x53, 0xa2, 0xca, 0x6f, 0xb8,
0xe8, 0x6f, 0x13, 0x75, 0xeb, 0xab, 0xe8, 0x66, 0x03, 0xaf, 0x28, 0xb3,
0x56, 0x1f, 0xc7, 0xdf, 0x1c, 0xfa, 0x22, 0xfd, 0xd5, 0xd9, 0x20, 0x18,
0xdc, 0xc4, 0xe2, 0x08, 0xec, 0x75, 0x72, 0x3d, 0x55, 0x70, 0x63, 0x51,
0xd0, 0x0c, 0x8a, 0xb8, 0x01, 0x7d, 0x70, 0x3a, 0x0e, 0xd1, 0xeb, 0x5a,
@@ -5720,22 +6039,37 @@ const RsaDecryptTestVector kRsa3072Decry
0x3a, 0xc7, 0xce, 0xaf, 0x95, 0xb5, 0x46, 0x38, 0xf8, 0x82, 0x3b, 0x6e,
0xc5, 0x10, 0x29, 0x3f, 0x1d, 0x72, 0x21, 0xc2, 0x52, 0x4f, 0x3b, 0x90,
0x11, 0xbe, 0x4f, 0xc0, 0x17, 0xce, 0x60, 0x0f, 0x6d, 0x0f, 0x77, 0xb2,
0x71, 0xbf, 0xbd, 0x23, 0x25, 0xed, 0x58, 0xe5, 0x97, 0x5c, 0x41, 0xdb,
0xbc, 0xdf, 0x75, 0x2e, 0x8c, 0x1b, 0xc4, 0x0a, 0x09, 0x6a, 0xf1, 0xcc,
0xf5, 0x01, 0x6b, 0x77, 0x22, 0x9a, 0x4b, 0x08, 0x1f, 0xa7, 0x71, 0xf2,
0x49, 0x69, 0x5d, 0xa0, 0xbf, 0x14, 0xe7, 0xbe, 0x77, 0x0e, 0xe0, 0x10},
priv_key_33,
- false},
+ true},
// Comment: Block type = 1
// tcID: 18
{18,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x4a, 0x05, 0x15, 0xcf, 0x08, 0xd4, 0x5d, 0xc2, 0x0e, 0x95, 0x89, 0x84,
+ 0x39, 0x3b, 0x8c, 0x58, 0x46, 0x26, 0x61, 0xea, 0xc2, 0xc6, 0x07, 0x34,
+ 0x9b, 0x69, 0xa5, 0xda, 0x78, 0x14, 0x61, 0xea, 0x62, 0xf3, 0x3a, 0xe7,
+ 0x0b, 0x54, 0x37, 0x86, 0xba, 0x32, 0x4a, 0x98, 0xf8, 0x70, 0x34, 0x71,
+ 0x02, 0xfe, 0xd5, 0x11, 0xf8, 0xfa, 0x19, 0x0f, 0x87, 0x21, 0xfb, 0x5d,
+ 0x79, 0x4d, 0x2c, 0x7a, 0x15, 0xbe, 0xf0, 0xdb, 0x63, 0x9b, 0x99, 0xbf,
+ 0xaf, 0x51, 0x27, 0xfa, 0x3f, 0x3a, 0x5f, 0x25, 0x54, 0x83, 0xf0, 0x27,
+ 0x60, 0x1b, 0x45, 0xc4, 0xa9, 0x5b, 0xe7, 0xc2, 0xb0, 0xdf, 0x3c, 0x16,
+ 0x17, 0x50, 0x0c, 0x04, 0x97, 0x26, 0x03, 0x99, 0x2a, 0x28, 0xf6, 0xb7,
+ 0xc3, 0xff, 0xf0, 0xbb, 0xfb, 0x2a, 0xff, 0x8b, 0x70, 0x99, 0xbe, 0x09,
+ 0x90, 0x1b, 0xb7, 0x02, 0xd4, 0x5d, 0x49, 0x29, 0x63, 0xce, 0x7d, 0xbb,
+ 0xa6, 0x07, 0xcc, 0xce, 0xc1, 0x16, 0x0a, 0xba, 0x35, 0x2f, 0xd8, 0xb7,
+ 0x37, 0xae, 0x13, 0x32, 0x39, 0xca, 0xea, 0xab, 0xbc, 0x6e, 0x13, 0xb1,
+ 0xc4, 0x7b, 0xc0, 0x1a, 0x06, 0x89, 0x65, 0x8c, 0x61, 0xed, 0xe3, 0x3e,
+ 0x3b, 0x32, 0x85, 0xfc, 0x7d, 0x71, 0xeb, 0xba, 0x08, 0xe4, 0x61, 0x2d},
{0x84, 0x9e, 0xb2, 0x49, 0xb9, 0xb5, 0x90, 0x4f, 0x72, 0x6c, 0xb7, 0xdb,
0x32, 0x4f, 0x55, 0x79, 0xd3, 0x31, 0x89, 0x5b, 0xd3, 0xce, 0x51, 0x38,
0xed, 0xaa, 0x2d, 0x28, 0x33, 0x60, 0xfe, 0xda, 0x0b, 0xd3, 0xeb, 0xd9,
0x74, 0x68, 0xba, 0x98, 0xf3, 0xa5, 0x06, 0x0e, 0xbf, 0xee, 0x43, 0xe4,
0x95, 0xbf, 0x75, 0xdb, 0x59, 0x2f, 0x81, 0x6b, 0xb9, 0x29, 0x7f, 0xd1,
0xbd, 0x26, 0x0d, 0x6f, 0x8f, 0xf7, 0x9d, 0xda, 0xee, 0x11, 0x00, 0xe0,
0x13, 0xf1, 0x3e, 0x48, 0x12, 0xca, 0xa3, 0xa8, 0xdb, 0x29, 0x0b, 0x4a,
0xe7, 0xdc, 0xb3, 0x47, 0x01, 0xa2, 0xde, 0xcf, 0x98, 0x34, 0xc5, 0x3a,
@@ -5759,22 +6093,47 @@ const RsaDecryptTestVector kRsa3072Decry
0x02, 0xeb, 0x9e, 0x18, 0x29, 0xfb, 0xaa, 0xfe, 0xfb, 0xec, 0x28, 0x71,
0x0d, 0x58, 0xa0, 0xea, 0xb6, 0x3e, 0xe4, 0x9a, 0x5d, 0x1f, 0x0c, 0x2e,
0xa4, 0x9b, 0x73, 0xf3, 0x31, 0xab, 0x27, 0x17, 0x0f, 0xec, 0x36, 0x8d,
0xc2, 0x47, 0x3d, 0x1d, 0xc0, 0xba, 0x7b, 0xf7, 0xb7, 0x0b, 0x7e, 0xca,
0xe3, 0x15, 0xe6, 0x7b, 0x32, 0x3c, 0xe2, 0x67, 0xd5, 0xfa, 0x6b, 0x9f,
0xc8, 0x3b, 0x20, 0x78, 0x3a, 0xe2, 0x0d, 0x75, 0x51, 0x27, 0xb5, 0x65,
0x42, 0x72, 0xb7, 0x6c, 0x88, 0xfa, 0x36, 0x29, 0x60, 0xf6, 0x64, 0x66},
priv_key_33,
- false},
+ true},
// Comment: Block type = 0xff
// tcID: 19
{19,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x2a, 0x53, 0x07, 0x95, 0x8e, 0xeb, 0x98, 0x7c, 0x01, 0xfa, 0x1f, 0x58,
+ 0x85, 0xab, 0x29, 0x83, 0xee, 0x53, 0x73, 0x0f, 0x74, 0xf5, 0x63, 0x8e,
+ 0x4d, 0x72, 0x97, 0x54, 0x4b, 0xca, 0x83, 0x84, 0x48, 0x3d, 0x6b, 0xf1,
+ 0x75, 0xd8, 0x78, 0xba, 0xf9, 0x90, 0x6f, 0xa6, 0x4a, 0xcf, 0x5b, 0xe3,
+ 0x26, 0x2e, 0x7c, 0xd8, 0x7e, 0x71, 0xf1, 0xa1, 0xce, 0xa4, 0xfe, 0x5b,
+ 0xcc, 0x1b, 0x23, 0xcf, 0x84, 0x1a, 0xfb, 0x64, 0xb5, 0xd6, 0x68, 0x81,
+ 0x64, 0xad, 0x75, 0x1e, 0x06, 0x01, 0x2c, 0x82, 0x23, 0x46, 0x63, 0xa7,
+ 0x06, 0x9b, 0xd9, 0x2d, 0x1a, 0xa9, 0xb5, 0xbc, 0x85, 0x40, 0xe9, 0x60,
+ 0xa0, 0xcc, 0x1e, 0xc6, 0x2a, 0x7d, 0x20, 0xcc, 0x28, 0x1d, 0x3b, 0x00,
+ 0x62, 0x85, 0xc7, 0x6f, 0xf4, 0x58, 0x4e, 0x6c, 0x13, 0xd6, 0x65, 0x5c,
+ 0xe7, 0x4b, 0x1c, 0x46, 0x5e, 0x68, 0xaf, 0x31, 0x2c, 0x00, 0x40, 0xe3,
+ 0x7b, 0x52, 0x66, 0x48, 0xb5, 0x98, 0x5b, 0x54, 0x56, 0x42, 0xef, 0x77,
+ 0x6e, 0x35, 0xb2, 0x62, 0xbc, 0xb8, 0x8b, 0xd8, 0x78, 0x8c, 0xe5, 0x07,
+ 0x37, 0x85, 0x96, 0x2c, 0x92, 0xc8, 0x2e, 0x65, 0x8a, 0x56, 0x73, 0xaa,
+ 0x70, 0x0f, 0xa0, 0x2c, 0x63, 0x84, 0xff, 0xd9, 0xf4, 0x17, 0x7a, 0xee,
+ 0x35, 0x7d, 0x8d, 0xfd, 0x78, 0xd4, 0x0b, 0x3a, 0x16, 0xcd, 0x25, 0xde,
+ 0xa7, 0x18, 0x41, 0x2a, 0x61, 0xc5, 0x63, 0x89, 0xd7, 0xff, 0x53, 0x25,
+ 0xaa, 0xa6, 0xca, 0x58, 0x6e, 0x1a, 0xe8, 0x5d, 0x3a, 0x60, 0xcb, 0xfd,
+ 0x2d, 0xe5, 0x28, 0x8e, 0x31, 0x36, 0xcc, 0xe6, 0x76, 0x8f, 0x3d, 0x3b,
+ 0x12, 0xdd, 0x54, 0x62, 0x9c, 0x8d, 0xd2, 0x04, 0x09, 0x02, 0xc2, 0x4d,
+ 0xed, 0xa1, 0xcb, 0x5f, 0x0d, 0xe4, 0x18, 0x9e, 0xb6, 0xc3, 0x58, 0x7e,
+ 0x0d, 0xd4, 0x3e, 0xa5, 0x65, 0x40, 0x45, 0x24, 0x19, 0x3c, 0x1e, 0x64,
+ 0x6b, 0xb4, 0xb5, 0x99, 0x24, 0xa1, 0xba, 0x06, 0x30, 0x74, 0xdf, 0xf2,
+ 0x51, 0x57, 0xd4, 0x54, 0x6e, 0xa2, 0xa2, 0x4a, 0x36, 0x99, 0x47, 0x1d,
+ 0x71, 0x40},
{0x99, 0xae, 0xa1, 0x5a, 0xfd, 0xe0, 0xb4, 0x0c, 0x12, 0x96, 0x0c, 0xce,
0x59, 0x8c, 0x11, 0xd6, 0x18, 0xb3, 0xe4, 0xa0, 0x50, 0x2e, 0xb9, 0x76,
0x4c, 0xc1, 0x14, 0xee, 0xd7, 0x04, 0x11, 0x3f, 0x0d, 0x13, 0xd9, 0xc1,
0x18, 0x13, 0x24, 0xc1, 0x86, 0x69, 0xf6, 0x38, 0x5b, 0x5f, 0x6b, 0x1e,
0x0e, 0xff, 0x71, 0x57, 0x69, 0xe5, 0xb3, 0x23, 0x6a, 0x53, 0xd7, 0x63,
0x8b, 0x1b, 0x27, 0xfe, 0x1b, 0x6b, 0xf2, 0x08, 0x9e, 0x97, 0xe0, 0xbf,
0x6b, 0x58, 0x7f, 0xf2, 0xee, 0x42, 0xc7, 0x08, 0xac, 0x45, 0xeb, 0xfe,
0xa8, 0x8d, 0x05, 0x7b, 0x6f, 0xdd, 0xb6, 0xaf, 0x2f, 0x8b, 0xa0, 0xd0,
@@ -5798,22 +6157,40 @@ const RsaDecryptTestVector kRsa3072Decry
0xcd, 0x68, 0xe3, 0xb5, 0x52, 0x1a, 0x0b, 0x22, 0xf8, 0x9c, 0xbb, 0xbd,
0x02, 0x1f, 0xbb, 0x87, 0x23, 0xf5, 0x02, 0x0e, 0x2e, 0x72, 0x05, 0xbb,
0x07, 0x1d, 0xd7, 0x92, 0xc6, 0xc5, 0xab, 0x29, 0x3f, 0x8c, 0xe1, 0xc5,
0xb8, 0x37, 0xb6, 0xa8, 0x96, 0x6a, 0x95, 0x60, 0xa3, 0x8d, 0x52, 0xdd,
0x65, 0x18, 0xe6, 0x36, 0xb6, 0x9f, 0xfb, 0xb4, 0x30, 0x35, 0xeb, 0xa8,
0x05, 0x31, 0xcd, 0x10, 0x77, 0xd7, 0xd1, 0x64, 0x6c, 0xd1, 0xa4, 0x58,
0xcb, 0xd4, 0xe8, 0x8a, 0x42, 0xea, 0x2a, 0xb6, 0x29, 0x06, 0xf2, 0xdd},
priv_key_33,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 20
{20,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x50, 0x69, 0x02, 0x80, 0xb4, 0x43, 0xb5, 0xdc, 0xf3, 0xd2, 0x8d, 0xc7,
+ 0xc1, 0xcc, 0xf5, 0x90, 0xeb, 0xbe, 0xb8, 0xd7, 0x03, 0xc4, 0x85, 0x79,
+ 0x8d, 0xc0, 0xe5, 0x6b, 0xd1, 0x88, 0x36, 0xb4, 0xe8, 0x6f, 0xee, 0x7c,
+ 0x89, 0x5c, 0xd0, 0xa9, 0x2a, 0x86, 0x40, 0x1e, 0xbc, 0x4b, 0x28, 0xd2,
+ 0x7a, 0x2b, 0x69, 0x26, 0xce, 0x77, 0x49, 0x02, 0x34, 0x2d, 0x03, 0x19,
+ 0xe0, 0x92, 0x10, 0x48, 0xde, 0xbd, 0x63, 0xf8, 0xaa, 0x62, 0x04, 0xbe,
+ 0xab, 0xb8, 0x65, 0x95, 0xfa, 0x1a, 0x1c, 0x0b, 0x05, 0xbd, 0x5c, 0x64,
+ 0x8b, 0x09, 0x2e, 0x67, 0x53, 0x7c, 0x35, 0x4f, 0x4a, 0x11, 0x91, 0xe0,
+ 0xd3, 0x95, 0x16, 0xa0, 0x9d, 0x86, 0x7b, 0xcb, 0x1e, 0xaa, 0x26, 0x5c,
+ 0x93, 0x06, 0x46, 0xee, 0x24, 0xaf, 0x76, 0x32, 0xdc, 0xc4, 0x3f, 0xef,
+ 0xb4, 0x83, 0xd0, 0xfa, 0x4a, 0x8b, 0xe9, 0x10, 0x3c, 0x24, 0xd8, 0x57,
+ 0x36, 0x7a, 0x9e, 0xef, 0x44, 0x57, 0x4c, 0x4e, 0x89, 0x7f, 0xf1, 0x39,
+ 0x8d, 0x98, 0xae, 0x63, 0xfd, 0xe0, 0x2f, 0x81, 0x68, 0x66, 0x7e, 0x78,
+ 0x6d, 0x6f, 0x38, 0x1e, 0x2f, 0xf2, 0x75, 0x22, 0xda, 0xaa, 0x83, 0x92,
+ 0x9e, 0x75, 0xbb, 0x4a, 0x8e, 0x57, 0x2f, 0xbe, 0x67, 0xe8, 0x11, 0x63,
+ 0x65, 0x73, 0xd2, 0x70, 0x0d, 0x1b, 0x87, 0xd6, 0xe8, 0x32, 0x39, 0x41,
+ 0xb0, 0xa1, 0xbf, 0x68, 0xde, 0xf5, 0x12, 0xda, 0x15, 0x7f, 0x8e, 0x79,
+ 0x7e, 0x9d, 0xd2, 0xb5, 0x93, 0x35, 0xd2},
{0xa2, 0x25, 0xdb, 0x92, 0xd6, 0x85, 0x3b, 0x70, 0x8d, 0xd7, 0x2c, 0xbf,
0xd0, 0x81, 0xc0, 0x6c, 0xe3, 0xd6, 0xc4, 0x57, 0x9d, 0xef, 0x7e, 0x6b,
0xd8, 0xb4, 0x50, 0x90, 0xcc, 0x0b, 0x9f, 0x51, 0xd4, 0x21, 0x7d, 0x32,
0x75, 0x40, 0x2d, 0x5e, 0xc9, 0x0b, 0xe8, 0x2e, 0x92, 0x0c, 0xef, 0x6f,
0x9b, 0xfa, 0xea, 0xe5, 0x8a, 0xc4, 0x61, 0xa6, 0x1b, 0x3c, 0xf5, 0x68,
0x18, 0x6c, 0x6f, 0xa2, 0xf3, 0xa1, 0x4d, 0xb4, 0xd3, 0x49, 0xe5, 0x5c,
0xdf, 0xe5, 0x63, 0x3a, 0x53, 0x0b, 0xb6, 0x17, 0x8a, 0xb1, 0xc7, 0xd1,
0x26, 0x68, 0x6d, 0x32, 0x97, 0xc4, 0x87, 0x1f, 0x19, 0xe0, 0x65, 0xf1,
@@ -5837,22 +6214,27 @@ const RsaDecryptTestVector kRsa3072Decry
0xd6, 0x9f, 0xab, 0x70, 0x83, 0x2d, 0xcf, 0x69, 0x82, 0x25, 0x88, 0x73,
0x77, 0xc6, 0x15, 0xaf, 0xfc, 0x0d, 0xf7, 0x08, 0xde, 0xa8, 0x45, 0x11,
0xb4, 0x49, 0x05, 0x71, 0x1e, 0x68, 0xa1, 0xdd, 0x3c, 0x0c, 0x62, 0x47,
0xf3, 0x5c, 0x99, 0x82, 0x99, 0xb8, 0x2f, 0x15, 0x11, 0x16, 0x8a, 0x79,
0xf4, 0x0f, 0x50, 0xf7, 0x57, 0x6e, 0xb4, 0xc9, 0x63, 0xe0, 0x05, 0x76,
0xce, 0xc7, 0x0d, 0xc0, 0xc3, 0x01, 0x67, 0x93, 0xc4, 0x4a, 0xa9, 0xc8,
0xd9, 0xf7, 0xc9, 0xd3, 0x49, 0x07, 0x52, 0x36, 0x13, 0xd4, 0xbd, 0x84},
priv_key_33,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 21
{21,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xab, 0xd7, 0xeb, 0xfb, 0x98, 0x03, 0x02, 0x9f, 0x72, 0x8d, 0x5d,
+ 0x43, 0x21, 0x1c, 0xeb, 0x07, 0x09, 0x34, 0x2f, 0x6d, 0x79, 0xc6,
+ 0xa7, 0x45, 0x4c, 0x87, 0x7e, 0xd0, 0x95, 0x42, 0xf9, 0x29, 0x22,
+ 0x15, 0x59, 0xda, 0x9b, 0x67, 0xdc, 0xec, 0x6c, 0x83, 0x54, 0xb2,
+ 0xd3, 0x0b, 0x48, 0xfa, 0x7f, 0x7d, 0x34, 0xf8},
{0x85, 0x42, 0x19, 0x77, 0x73, 0x0b, 0x0f, 0x2c, 0xa7, 0xac, 0x9e, 0x69,
0x32, 0x8c, 0x09, 0x85, 0x3d, 0x07, 0xe6, 0x8f, 0x0c, 0x12, 0x39, 0x60,
0x11, 0xa8, 0x8e, 0x1b, 0x3d, 0x0d, 0x86, 0x75, 0xc7, 0x23, 0xc3, 0xc7,
0x81, 0x8b, 0x1b, 0x3b, 0xa6, 0xe4, 0x6d, 0x19, 0x02, 0xed, 0xdc, 0xf0,
0x5e, 0xab, 0x8f, 0x2f, 0x96, 0x4e, 0x5b, 0x17, 0xe9, 0xbf, 0x02, 0x35,
0xc1, 0x18, 0x33, 0x6a, 0x25, 0xdc, 0x99, 0x46, 0x9b, 0x6b, 0xe3, 0xb9,
0x39, 0x09, 0x02, 0x79, 0xf0, 0x43, 0x5f, 0x28, 0xe7, 0xb8, 0x13, 0x44,
0x4b, 0x1e, 0xb6, 0x3a, 0x67, 0xac, 0xa7, 0x91, 0x53, 0xc6, 0x7a, 0xdd,
@@ -5876,22 +6258,42 @@ const RsaDecryptTestVector kRsa3072Decry
0x57, 0x40, 0x24, 0x7a, 0x03, 0xb7, 0xdd, 0x7a, 0xa6, 0xcc, 0x2b, 0x71,
0x0e, 0x1f, 0xbf, 0x74, 0xd7, 0xd9, 0x14, 0xc9, 0x58, 0x88, 0x77, 0xe8,
0xe5, 0x2e, 0xcc, 0x3e, 0xb8, 0xe5, 0xcd, 0x5b, 0x9c, 0x77, 0x2a, 0x1a,
0xa3, 0xac, 0xbd, 0x2c, 0xe8, 0x61, 0x68, 0x45, 0x1d, 0xea, 0x1f, 0x53,
0x9f, 0xb7, 0x40, 0xfa, 0x4f, 0xd9, 0x66, 0xbc, 0x7d, 0x12, 0x4b, 0x09,
0x8e, 0xe4, 0xdb, 0xcb, 0x86, 0xec, 0x32, 0x6a, 0x54, 0x66, 0x57, 0x52,
0xa9, 0x05, 0x0f, 0x80, 0xb9, 0x0a, 0xc3, 0x4d, 0xd5, 0x1f, 0x1f, 0x11},
priv_key_33,
- false},
+ true},
// Comment: signature padding
// tcID: 22
{22,
- {0x54, 0x65, 0x73, 0x74},
+ {0xc1, 0x4d, 0x31, 0x46, 0x5b, 0xe0, 0xcd, 0xf4, 0x14, 0xe4, 0xa5, 0xab,
+ 0x44, 0xf3, 0x5f, 0x0e, 0x6a, 0x22, 0x43, 0x4f, 0x57, 0xb4, 0x5f, 0x94,
+ 0x0c, 0xdc, 0x33, 0xbe, 0x85, 0x6b, 0x48, 0x71, 0xa6, 0x6e, 0x80, 0xf7,
+ 0x6b, 0xa7, 0xa5, 0xe8, 0xac, 0x9c, 0x23, 0x56, 0x16, 0x8c, 0x33, 0x60,
+ 0x2c, 0xee, 0x8f, 0x09, 0xa6, 0xba, 0x07, 0x77, 0x3a, 0xb6, 0xdd, 0xfd,
+ 0x46, 0xf7, 0x2c, 0x5a, 0xd9, 0xa1, 0x27, 0x68, 0x4c, 0xf4, 0x24, 0x05,
+ 0xc0, 0x71, 0x1c, 0xd5, 0xdc, 0x60, 0xfa, 0x2d, 0xbe, 0x93, 0xab, 0xd1,
+ 0xa3, 0xc1, 0x84, 0xa8, 0xb3, 0x55, 0x76, 0x48, 0xb3, 0xdc, 0x7d, 0x4c,
+ 0x3c, 0xf4, 0x38, 0x1d, 0x06, 0x7b, 0x8f, 0x3e, 0xae, 0xa3, 0xff, 0x42,
+ 0xc6, 0xa1, 0x86, 0x6d, 0xf6, 0x13, 0x78, 0x97, 0xa4, 0x84, 0x71, 0x9f,
+ 0xbf, 0xeb, 0x3f, 0xac, 0xbb, 0x32, 0x0d, 0x0f, 0xe6, 0x05, 0x52, 0x41,
+ 0xfc, 0xa3, 0x34, 0x70, 0x9f, 0xf4, 0xae, 0x87, 0x25, 0x62, 0x99, 0xe5,
+ 0x76, 0xac, 0x1b, 0x88, 0x17, 0xb7, 0xcb, 0xf8, 0xa0, 0x37, 0x72, 0x51,
+ 0x72, 0x98, 0xea, 0x7f, 0x45, 0xa4, 0x68, 0xee, 0xba, 0xbf, 0x9f, 0xea,
+ 0x22, 0x08, 0xad, 0x01, 0xb7, 0x33, 0xa0, 0x33, 0xea, 0x6b, 0xec, 0x33,
+ 0x2d, 0xbb, 0xfb, 0xff, 0x49, 0x70, 0xde, 0x7c, 0xa8, 0x9f, 0x63, 0x3c,
+ 0x70, 0x35, 0x43, 0xa7, 0xd8, 0x8c, 0x39, 0x82, 0xf9, 0xbb, 0xcf, 0x6a,
+ 0x9c, 0x5f, 0x6d, 0xe9, 0x63, 0xf5, 0x32, 0xdb, 0x6e, 0xd8, 0x49, 0xfa,
+ 0x87, 0xa3, 0x8f, 0x08, 0x41, 0x9b, 0x42, 0xd3, 0x28, 0xc5, 0xa7, 0x33,
+ 0x76, 0x22, 0x8a, 0x44, 0x4b, 0x91, 0x68, 0xc7, 0xb1, 0xd9, 0x0d, 0x59,
+ 0x2f, 0xcb, 0x81, 0x63, 0xf6, 0x74, 0x2b, 0x81},
{0x50, 0x9c, 0x69, 0xe8, 0x02, 0xc2, 0xab, 0x81, 0x2f, 0xea, 0x8c, 0x77,
0xf8, 0x9d, 0xd3, 0x21, 0xc0, 0xed, 0xfd, 0x27, 0x9b, 0x20, 0x0e, 0x93,
0xaa, 0xf4, 0x65, 0x91, 0x88, 0x61, 0x48, 0x72, 0x2b, 0x06, 0x58, 0x4f,
0xc8, 0x74, 0x5e, 0x93, 0x8d, 0x06, 0x9c, 0xd4, 0xc1, 0x00, 0xf0, 0x7c,
0x48, 0xc2, 0xf8, 0x1b, 0x7f, 0x94, 0xd4, 0x7f, 0x83, 0x52, 0x44, 0xbd,
0xf9, 0xc9, 0xeb, 0x08, 0xaf, 0x68, 0x8f, 0xf6, 0x90, 0x8e, 0xa2, 0xb6,
0xb9, 0x38, 0xb9, 0x26, 0x5f, 0xbe, 0xe0, 0xf4, 0x21, 0xa3, 0x50, 0x86,
0x22, 0x33, 0x80, 0xa9, 0x92, 0x5b, 0x35, 0x70, 0xb3, 0xc0, 0xea, 0xeb,
@@ -5915,22 +6317,39 @@ const RsaDecryptTestVector kRsa3072Decry
0xfe, 0xc7, 0x85, 0xd9, 0x94, 0x48, 0x5d, 0x2d, 0xc3, 0x27, 0xaa, 0x46,
0x90, 0xfa, 0xe2, 0x06, 0x5f, 0xd1, 0x05, 0x04, 0x8a, 0xcc, 0x84, 0xd7,
0x29, 0xf1, 0x25, 0xf3, 0xbc, 0xbf, 0xb5, 0x51, 0xb6, 0x74, 0x71, 0x44,
0xb8, 0x1c, 0x75, 0x49, 0x74, 0x71, 0x9f, 0xfa, 0x4c, 0xfb, 0x55, 0xef,
0x9c, 0x8b, 0x74, 0xb1, 0x57, 0xe1, 0xbc, 0x61, 0xc1, 0x9a, 0xa6, 0x00,
0x2d, 0x34, 0x9e, 0x54, 0x42, 0x45, 0xca, 0x71, 0x5c, 0xb9, 0x64, 0xf0,
0xbe, 0x18, 0x55, 0x22, 0x9a, 0x9a, 0x6e, 0x9e, 0x6e, 0xa2, 0x0e, 0x63},
priv_key_33,
- false},
+ true},
// Comment: no zero after padding
// tcID: 23
{23,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xe5, 0xdb, 0x5e, 0x79, 0xd1, 0x92, 0x5c, 0x09, 0x00, 0x41, 0xee, 0x90,
+ 0x2b, 0x99, 0xc6, 0xbf, 0x88, 0x31, 0x5f, 0xa5, 0xd6, 0xe4, 0xe6, 0x02,
+ 0x40, 0x05, 0x87, 0xe2, 0x46, 0xe0, 0x49, 0x6f, 0x63, 0xf2, 0x15, 0x33,
+ 0x2a, 0x99, 0x6a, 0x93, 0x1a, 0x2f, 0x35, 0x3b, 0x84, 0x18, 0xa5, 0x85,
+ 0x69, 0xe7, 0x43, 0x1f, 0xe8, 0x8a, 0x7d, 0xde, 0xca, 0xcf, 0x1c, 0xd2,
+ 0xb0, 0xe3, 0x16, 0x09, 0xfd, 0xf1, 0x33, 0x39, 0x93, 0x96, 0x40, 0xb2,
+ 0xae, 0x5a, 0x7a, 0x57, 0xf4, 0x65, 0x9d, 0x37, 0x32, 0x7e, 0x54, 0xa8,
+ 0xe2, 0x8a, 0x85, 0x4a, 0x0e, 0x72, 0xec, 0xa8, 0x5e, 0x9a, 0x49, 0xb7,
+ 0xd0, 0xff, 0xbc, 0xf6, 0x2a, 0x58, 0xbf, 0x81, 0xcd, 0xf8, 0x0c, 0xca,
+ 0x3e, 0x21, 0x34, 0x98, 0x95, 0x47, 0xd1, 0x30, 0x8f, 0x8a, 0xb2, 0xd1,
+ 0xab, 0x72, 0x0c, 0xed, 0xf1, 0x9b, 0x62, 0x05, 0xdc, 0x2e, 0x5e, 0xc1,
+ 0xd5, 0x6e, 0xac, 0x40, 0x28, 0x5a, 0x15, 0xfd, 0xb7, 0x0c, 0x21, 0x41,
+ 0xd6, 0x2e, 0x3a, 0x05, 0x35, 0x26, 0x69, 0x7b, 0x4a, 0xdd, 0x21, 0xdf,
+ 0xfa, 0x60, 0x64, 0xc0, 0xee, 0x92, 0x36, 0x7a, 0x5d, 0x12, 0xbd, 0xe8,
+ 0x77, 0x85, 0xb5, 0x59, 0x1f, 0x05, 0xf7, 0xbf, 0x20, 0x69, 0x87, 0xcd,
+ 0x6d, 0x0a, 0x78, 0x51, 0x86, 0x73, 0xde, 0x26, 0x09, 0xf3, 0x86, 0x99,
+ 0xc3, 0x86, 0x73, 0x4e, 0x29, 0xbe, 0x37, 0xcd, 0x67, 0x99},
{0x9a, 0xc9, 0xda, 0x6b, 0x29, 0xf1, 0xde, 0x85, 0x99, 0xfe, 0x88, 0xbd,
0xb7, 0x01, 0x2c, 0xb0, 0xce, 0x48, 0x17, 0xfb, 0xca, 0xcc, 0x39, 0xb2,
0x73, 0xc5, 0x57, 0xbb, 0x22, 0xd2, 0xc0, 0x19, 0xb8, 0xc5, 0xcd, 0x55,
0x92, 0xe1, 0x08, 0x33, 0x4d, 0x57, 0x2d, 0x87, 0x82, 0xea, 0xa9, 0x70,
0x12, 0x28, 0x01, 0xe0, 0x74, 0x1a, 0x3e, 0xff, 0xea, 0x02, 0x8b, 0x09,
0x11, 0xbd, 0x1a, 0x0c, 0x72, 0x28, 0x52, 0x9e, 0x8a, 0xe5, 0x34, 0xd8,
0xc0, 0xfa, 0x10, 0x19, 0x32, 0x9d, 0xd5, 0xe0, 0xde, 0x14, 0x56, 0x02,
0x0d, 0xb9, 0x24, 0x12, 0x98, 0xc2, 0x6a, 0xa5, 0x10, 0xe9, 0x7e, 0x31,
@@ -5954,22 +6373,30 @@ const RsaDecryptTestVector kRsa3072Decry
0x3a, 0x4a, 0x75, 0x3e, 0x8c, 0xfa, 0x18, 0xb5, 0x20, 0x87, 0x50, 0xd9,
0xf8, 0x6c, 0x83, 0xd5, 0x16, 0x41, 0xc0, 0x27, 0x69, 0xd2, 0x8e, 0xc9,
0xcb, 0xdd, 0x34, 0xeb, 0x67, 0xaf, 0x50, 0x43, 0xd5, 0x0d, 0xfe, 0x45,
0xf1, 0xf6, 0xbd, 0x0e, 0x0f, 0x45, 0xe4, 0x66, 0x59, 0x51, 0x97, 0x7b,
0x42, 0x08, 0xcd, 0x76, 0x09, 0x5b, 0x44, 0x3f, 0xe8, 0x81, 0xdc, 0x9e,
0x24, 0x7e, 0xd9, 0x61, 0xcd, 0xf0, 0x20, 0x5f, 0xa8, 0xaa, 0xde, 0x1f,
0x42, 0xd8, 0x8d, 0xcc, 0xf9, 0x75, 0x19, 0x4e, 0xe0, 0x93, 0x69, 0x72},
priv_key_33,
- false},
+ true},
// Comment: no padding
// tcID: 24
{24,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xf8, 0x76, 0xca, 0x14, 0x87, 0xfe, 0xa6, 0x54, 0x9a, 0x0f, 0x2b, 0x8a,
+ 0x92, 0xe1, 0xf0, 0x86, 0x5c, 0x70, 0x49, 0x0b, 0x8c, 0x15, 0x4f, 0x4e,
+ 0xd6, 0x31, 0x16, 0x7d, 0x6e, 0x54, 0x44, 0x29, 0x8f, 0xc9, 0x32, 0x3f,
+ 0x51, 0x0f, 0xe2, 0x71, 0x9f, 0x03, 0x46, 0x69, 0xb5, 0x50, 0xdc, 0xb3,
+ 0xc1, 0xc0, 0x3c, 0x93, 0x41, 0x5d, 0x1c, 0x2a, 0x1c, 0xa2, 0x6c, 0x1a,
+ 0xbc, 0xb1, 0x36, 0x02, 0xbb, 0xfd, 0xb0, 0xa9, 0xc1, 0x29, 0x45, 0x41,
+ 0x26, 0xe4, 0xc5, 0xcc, 0xb1, 0xb3, 0xbd, 0xf7, 0x4a, 0x49, 0x31, 0xc3,
+ 0xd7, 0x87, 0x52, 0xe5, 0x64, 0x97},
{0x50, 0xe9, 0x74, 0xb2, 0xbf, 0xca, 0x62, 0x3e, 0xdd, 0x2d, 0x79, 0x7e,
0x4e, 0x58, 0x8d, 0xe2, 0x24, 0x78, 0xd5, 0xa8, 0xe5, 0x7c, 0x74, 0xc4,
0x48, 0x44, 0x98, 0x53, 0xba, 0x84, 0xfb, 0x1d, 0x00, 0x73, 0xc1, 0xce,
0xc0, 0x62, 0x11, 0x43, 0x85, 0x75, 0xa6, 0xdb, 0xaf, 0x89, 0x3e, 0x15,
0x47, 0xe4, 0xa2, 0x47, 0x8a, 0x44, 0x54, 0x99, 0x14, 0xbc, 0x3a, 0x9b,
0x8a, 0x88, 0xa5, 0xbc, 0xc8, 0x00, 0xf6, 0xfc, 0x09, 0x5c, 0x71, 0xac,
0x12, 0x9c, 0x2c, 0xc3, 0x5c, 0x7c, 0xf1, 0x6d, 0x89, 0x1b, 0x8a, 0x43,
0x5a, 0x3d, 0x44, 0x15, 0x26, 0x2a, 0x8f, 0xb9, 0xf3, 0xc8, 0x2c, 0xaa,
@@ -5993,22 +6420,41 @@ const RsaDecryptTestVector kRsa3072Decry
0x58, 0xea, 0x4f, 0xcc, 0xcc, 0x7e, 0x5f, 0xd6, 0xab, 0x3b, 0xc7, 0x43,
0xf9, 0x0f, 0x87, 0x79, 0xc5, 0x41, 0xfa, 0xc2, 0xaa, 0x7b, 0x3c, 0x98,
0x29, 0x59, 0x77, 0x25, 0xb8, 0x7c, 0x89, 0x05, 0x6c, 0xef, 0x50, 0x2c,
0x86, 0x18, 0xf1, 0x4e, 0x27, 0xe1, 0x38, 0x15, 0x35, 0x5f, 0x3c, 0xb4,
0xdc, 0x16, 0xcc, 0x96, 0x13, 0x66, 0x25, 0xc0, 0x92, 0x34, 0xfd, 0x82,
0x99, 0xd2, 0xcf, 0x38, 0xd3, 0x9d, 0xa3, 0x7f, 0xa1, 0xc7, 0x56, 0x63,
0x6b, 0xfd, 0x57, 0x6e, 0x7d, 0xe0, 0xf2, 0x6a, 0x10, 0x80, 0x30, 0xb5},
priv_key_33,
- false},
+ true},
// Comment: m = 2
// tcID: 25
{25,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x60, 0x24, 0x6b, 0xf3, 0xdb, 0x24, 0x1f, 0xa5, 0x89, 0xa1, 0x16, 0x93,
+ 0x67, 0xc7, 0x38, 0x07, 0x9a, 0x3d, 0x5d, 0xe2, 0x2d, 0xce, 0xe2, 0x7d,
+ 0xeb, 0x5e, 0x72, 0x90, 0xb5, 0x22, 0x21, 0xf5, 0xe6, 0xd7, 0xb6, 0x25,
+ 0xcb, 0x8a, 0x2b, 0xa5, 0x10, 0x82, 0x06, 0x5d, 0xaf, 0xec, 0x99, 0x07,
+ 0x53, 0xb8, 0x99, 0xb6, 0xc0, 0xe2, 0xe8, 0xb3, 0xc4, 0x8d, 0xec, 0xb8,
+ 0x56, 0xd6, 0x36, 0xe3, 0xb3, 0x12, 0x2a, 0xc7, 0xaf, 0x54, 0xef, 0xc8,
+ 0x96, 0x77, 0x13, 0x8f, 0x13, 0x42, 0xa3, 0xdf, 0xd0, 0x24, 0xdc, 0xcd,
+ 0xdb, 0x46, 0x34, 0xf7, 0x4d, 0x3e, 0xd3, 0x65, 0xa0, 0x90, 0x54, 0xa0,
+ 0x28, 0x60, 0x0d, 0x2c, 0xb8, 0x36, 0x0b, 0x7c, 0xf0, 0x24, 0xfa, 0x4e,
+ 0x43, 0x5c, 0xc6, 0xc7, 0xb0, 0xe4, 0xda, 0x54, 0xc9, 0x60, 0xad, 0xae,
+ 0xbc, 0xb0, 0xd7, 0x80, 0xa7, 0x2e, 0xf3, 0x97, 0x35, 0x19, 0xa4, 0xf5,
+ 0xf3, 0x76, 0x2e, 0x07, 0x00, 0xc4, 0xad, 0xce, 0x6e, 0xba, 0x94, 0xa9,
+ 0xee, 0x2e, 0xd4, 0x9b, 0x86, 0xf0, 0xc8, 0xcd, 0x53, 0xfc, 0x8b, 0xe1,
+ 0xe1, 0x1f, 0xd7, 0x60, 0xa1, 0x5d, 0x6c, 0x4c, 0x65, 0x2f, 0x87, 0x47,
+ 0x41, 0xfd, 0x66, 0x59, 0x25, 0xa1, 0xd4, 0x71, 0xc6, 0x95, 0xa9, 0xd4,
+ 0x17, 0x06, 0xa5, 0xe2, 0x3b, 0xce, 0x47, 0xe3, 0x0f, 0xbd, 0xdb, 0x47,
+ 0xe3, 0x7d, 0x06, 0xac, 0x55, 0x2b, 0x65, 0xd4, 0x99, 0xfd, 0x3a, 0xfb,
+ 0xba, 0xe5, 0xcb, 0x69, 0x01, 0x12, 0x6f, 0x44, 0x37, 0xa8, 0x0c, 0xbb,
+ 0xbf, 0xba, 0xdf, 0x98, 0xd0},
{0xab, 0x95, 0x7d, 0x59, 0x86, 0x55, 0x13, 0xc0, 0x59, 0xa7, 0xae, 0x69,
0x14, 0xb3, 0x4e, 0x8e, 0x3e, 0x4a, 0xb9, 0x6c, 0xb6, 0x60, 0x69, 0xe0,
0x14, 0xaa, 0x31, 0x5e, 0x67, 0xb2, 0xad, 0xda, 0xe2, 0xb3, 0xb7, 0x59,
0x3d, 0xeb, 0xe8, 0xc1, 0xa3, 0xd8, 0xfe, 0x34, 0xc9, 0x81, 0xae, 0xb2,
0x41, 0xd6, 0x3c, 0xc8, 0x50, 0xf6, 0xd6, 0x29, 0xc2, 0x54, 0x71, 0x0e,
0xee, 0xd8, 0xac, 0xc9, 0x06, 0x42, 0x97, 0xb0, 0x19, 0x38, 0x7a, 0x67,
0xbd, 0xd1, 0xa6, 0x08, 0x78, 0xc6, 0x00, 0xe2, 0xd2, 0xb2, 0xc8, 0xed,
0x3c, 0x2e, 0xcc, 0x3b, 0xc4, 0x31, 0x9f, 0xbf, 0x3c, 0x1b, 0x89, 0x19,
@@ -6032,22 +6478,48 @@ const RsaDecryptTestVector kRsa3072Decry
0x70, 0x66, 0x92, 0x75, 0x89, 0xbc, 0xd0, 0xca, 0xff, 0x79, 0xc2, 0x8a,
0x88, 0xfb, 0xe7, 0x92, 0xa1, 0x23, 0x7c, 0x1a, 0x07, 0x4a, 0x42, 0x38,
0x1e, 0x96, 0x1f, 0xaf, 0xc5, 0x18, 0x1f, 0x72, 0x46, 0x3f, 0x77, 0xdd,
0xa4, 0x53, 0x9a, 0x23, 0x59, 0xa7, 0x2f, 0x1c, 0x1d, 0x0b, 0x90, 0x51,
0x96, 0xf4, 0xe7, 0xed, 0xb8, 0xd0, 0xd9, 0x57, 0x61, 0xa1, 0xd4, 0xe8,
0xdc, 0x71, 0x14, 0x6c, 0x7c, 0xef, 0xa0, 0x77, 0x5c, 0x40, 0x5f, 0x3f,
0xaa, 0xf5, 0x9e, 0x8d, 0x9c, 0xed, 0xbc, 0xca, 0xbf, 0x18, 0x74, 0xbf},
priv_key_33,
- false},
+ true},
// Comment: m = n-2
// tcID: 26
{26,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x03, 0x5b, 0x0a, 0x59, 0xfd, 0xcf, 0x4c, 0x68, 0x4e, 0x8f, 0x03, 0xa5,
+ 0x06, 0x0a, 0x21, 0x3f, 0x72, 0x92, 0xd7, 0xd9, 0x01, 0x4e, 0xf4, 0xcd,
+ 0xa7, 0x4b, 0x4d, 0xff, 0xd2, 0x81, 0x1e, 0xce, 0x1f, 0xf4, 0x9a, 0x4c,
+ 0x91, 0x28, 0xe5, 0xe4, 0x51, 0x20, 0x15, 0xfa, 0x4f, 0x6c, 0xb6, 0xd4,
+ 0x34, 0xa4, 0x6d, 0x37, 0xfa, 0x30, 0x53, 0x07, 0xc1, 0xf5, 0xa9, 0x3f,
+ 0xff, 0xe8, 0xd6, 0x22, 0x84, 0x01, 0xab, 0x22, 0x35, 0xfc, 0xbb, 0xa6,
+ 0xe4, 0x62, 0x93, 0x48, 0xe1, 0xb5, 0x83, 0xd9, 0xff, 0xbc, 0xf8, 0x41,
+ 0xcf, 0x20, 0xe7, 0x27, 0xbb, 0x92, 0xa9, 0x8a, 0x47, 0x6e, 0xa2, 0x1f,
+ 0x47, 0x75, 0xbf, 0x66, 0x05, 0xcc, 0x79, 0x3f, 0xe9, 0xc7, 0xd9, 0x0b,
+ 0xf3, 0x4b, 0xd6, 0xb9, 0xfc, 0x56, 0x16, 0x00, 0x37, 0x9a, 0x00, 0xab,
+ 0xae, 0xc1, 0x55, 0x6d, 0x32, 0xaa, 0x9d, 0x3a, 0x2a, 0xe5, 0x3c, 0x22,
+ 0x14, 0x64, 0xe4, 0xcd, 0x96, 0xdc, 0x37, 0x4c, 0xdc, 0xcd, 0xf5, 0x30,
+ 0xe8, 0xfd, 0x3e, 0xd6, 0x69, 0xa5, 0x5c, 0x52, 0x5c, 0x1d, 0xa1, 0xe6,
+ 0x7f, 0xc7, 0xf3, 0x98, 0x14, 0xc0, 0x47, 0x89, 0xa5, 0x10, 0xac, 0x20,
+ 0x44, 0x8d, 0x29, 0xde, 0x7e, 0x67, 0x03, 0xa3, 0xb2, 0x87, 0xb0, 0x66,
+ 0xb8, 0xfa, 0x43, 0x1f, 0xd6, 0xa9, 0x68, 0xf5, 0x3a, 0xc8, 0x44, 0x20,
+ 0x76, 0xb3, 0x07, 0x54, 0x82, 0xdc, 0xa4, 0x50, 0x32, 0xfe, 0xc9, 0xe8,
+ 0x52, 0x6f, 0x22, 0xe0, 0xd6, 0x9e, 0xd0, 0xaf, 0xe3, 0x0b, 0x0a, 0xaf,
+ 0xfa, 0x8a, 0x1e, 0xe5, 0x42, 0xfd, 0x94, 0x17, 0xf5, 0xe8, 0xca, 0x5c,
+ 0x12, 0x04, 0x58, 0x18, 0xa5, 0x3c, 0x4d, 0x42, 0xcf, 0x0f, 0xc3, 0x08,
+ 0x7e, 0x17, 0xff, 0x31, 0x34, 0x90, 0x14, 0x08, 0x58, 0x89, 0xaf, 0x6e,
+ 0x5c, 0x10, 0x4e, 0x5e, 0xc0, 0xcf, 0x7a, 0x68, 0x6b, 0xba, 0xe6, 0xb8,
+ 0x73, 0x4a, 0xe1, 0x1d, 0xdb, 0xa5, 0xa1, 0x97, 0x69, 0x70, 0xcf, 0x56,
+ 0x4f, 0x16, 0x50, 0xff, 0x6c, 0xac, 0x77, 0x0f, 0x99, 0x6f, 0xbd, 0x14,
+ 0x25, 0x76, 0x5e, 0x79, 0x29, 0xc7, 0x0c, 0xdd, 0xa6, 0x5d, 0xa9, 0x46,
+ 0x0e, 0x52, 0xb2, 0x02, 0x96, 0xa6, 0x3c, 0x4c, 0xca, 0xd6, 0xe7, 0x94},
{0x30, 0xf9, 0xfb, 0x26, 0xe0, 0xd9, 0xf9, 0x39, 0x7c, 0x8e, 0x69, 0x3f,
0x90, 0xd8, 0x8e, 0x98, 0xdb, 0xc5, 0xe2, 0x41, 0x23, 0xaf, 0x3e, 0x46,
0xe4, 0xa1, 0x59, 0x1a, 0xed, 0x74, 0x08, 0xc9, 0xb7, 0xcc, 0x9e, 0xf3,
0x8c, 0xce, 0xa1, 0xd2, 0xed, 0xd0, 0x37, 0x70, 0x75, 0x5c, 0xff, 0x6b,
0x58, 0xa5, 0x17, 0x9b, 0x88, 0xec, 0x19, 0x15, 0x1e, 0x7a, 0x0a, 0xf0,
0x6e, 0x72, 0xbf, 0xb8, 0x41, 0x73, 0x28, 0xc3, 0xa9, 0xb9, 0xa5, 0xe9,
0x9f, 0x81, 0x77, 0x4d, 0x2a, 0xa0, 0x86, 0xc4, 0x0b, 0x89, 0x6b, 0x8a,
0x20, 0x00, 0x48, 0xdd, 0x56, 0x8f, 0x07, 0x83, 0x9b, 0x18, 0x99, 0x0f,
@@ -6071,22 +6543,54 @@ const RsaDecryptTestVector kRsa3072Decry
0xdc, 0xfd, 0xf4, 0xf3, 0xd3, 0xfc, 0xd1, 0x9e, 0x8c, 0xed, 0x68, 0xa3,
0xf9, 0x38, 0x29, 0x49, 0x4d, 0xfa, 0x17, 0xe4, 0x39, 0x7f, 0x91, 0x1f,
0xd0, 0x09, 0xa7, 0xcf, 0xbf, 0x85, 0xc1, 0xa1, 0x1d, 0xb6, 0x0b, 0xd1,
0xe8, 0x7b, 0xb7, 0x5e, 0x70, 0x73, 0xbc, 0x78, 0x2f, 0x36, 0x94, 0xc5,
0x34, 0x4b, 0x36, 0xa7, 0x50, 0x53, 0x0b, 0x66, 0x26, 0x72, 0x65, 0x11,
0x34, 0x22, 0xb3, 0x09, 0x05, 0xd0, 0x41, 0x34, 0xfd, 0x53, 0x08, 0x07,
0x55, 0xc0, 0xa4, 0xb5, 0x9c, 0xf2, 0x67, 0x88, 0x56, 0xbf, 0xfb, 0x0c},
priv_key_33,
- false},
+ true},
// Comment: c = 0
// tcID: 27
{27,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x71, 0x7f, 0xee, 0xde, 0x76, 0x08, 0x18, 0xb0, 0x1c, 0x7a, 0x1c, 0x66,
+ 0x0e, 0x40, 0xdc, 0x23, 0xa8, 0x53, 0xec, 0x41, 0x2a, 0x79, 0x2f, 0x23,
+ 0xc1, 0x6b, 0x27, 0x00, 0xe2, 0xca, 0xbc, 0xc1, 0x01, 0x59, 0xb6, 0x6c,
+ 0x66, 0x42, 0x88, 0x38, 0x9e, 0xf5, 0x26, 0x5a, 0xe7, 0x44, 0x9c, 0x22,
+ 0x0d, 0xb9, 0x86, 0xfb, 0xb4, 0xae, 0xa6, 0xa7, 0xb4, 0xcc, 0xbc, 0x32,
+ 0x31, 0x26, 0x0b, 0xe6, 0xe2, 0x50, 0xc2, 0x27, 0xdf, 0x63, 0x20, 0x9c,
+ 0xec, 0x2e, 0x68, 0x25, 0x87, 0x4c, 0xb5, 0x28, 0x3e, 0xef, 0x43, 0x41,
+ 0x27, 0x7c, 0x14, 0xfb, 0xf2, 0x7b, 0xbd, 0x3d, 0xd9, 0x08, 0x7c, 0xaa,
+ 0xa3, 0x2c, 0xd3, 0x83, 0xde, 0xac, 0x69, 0xc7, 0x8a, 0xbf, 0x5d, 0xa2,
+ 0x83, 0x07, 0x0b, 0x07, 0x9c, 0xa3, 0xdb, 0xdb, 0x12, 0x85, 0x95, 0x44,
+ 0xa6, 0xde, 0x19, 0x2c, 0xf6, 0x78, 0x7a, 0xea, 0xbc, 0xa1, 0x0a, 0xec,
+ 0xd0, 0x3f, 0x70, 0x2b, 0x71, 0xfe, 0xef, 0x8f, 0xbc, 0x49, 0x09, 0x6b,
+ 0x47, 0x2c, 0xe0, 0x68, 0xa5, 0x88, 0xfc, 0x40, 0x56, 0xdf, 0xcb, 0xf0,
+ 0x78, 0x66, 0xff, 0xf7, 0xac, 0xf3, 0x8f, 0xc2, 0x01, 0x4a, 0x63, 0xe2,
+ 0x70, 0xe3, 0xbb, 0x6b, 0x60, 0x74, 0xde, 0x60, 0xa5, 0xa7, 0xe0, 0x37,
+ 0x20, 0xcf, 0xb3, 0xcd, 0xbd, 0x2a, 0xb1, 0xd6, 0x58, 0xaf, 0xdd, 0xdf,
+ 0x09, 0xd7, 0x40, 0x80, 0x4d, 0xbc, 0x8b, 0xb8, 0xd9, 0x07, 0xf6, 0xe0,
+ 0xe3, 0x8c, 0x81, 0x55, 0x14, 0x75, 0x8a, 0xc5, 0x96, 0xe3, 0xb1, 0x92,
+ 0x67, 0xfc, 0x5b, 0x44, 0x01, 0xc8, 0xa6, 0x0e, 0xbc, 0xb8, 0x92, 0xae,
+ 0x55, 0xd7, 0xf0, 0x7a, 0xc9, 0x9e, 0x65, 0x3b, 0xda, 0xdf, 0xc3, 0x4f,
+ 0x11, 0x06, 0x11, 0x49, 0xae, 0xdf, 0xc0, 0x82, 0x36, 0x13, 0x0f, 0x36,
+ 0xf0, 0x47, 0xe2, 0xea, 0x8e, 0x78, 0x84, 0x01, 0x7a, 0xc8, 0x6c, 0x71,
+ 0x09, 0xda, 0xd7, 0xa3, 0xa3, 0xfc, 0x7f, 0x9d, 0x3e, 0x53, 0x37, 0xe3,
+ 0x4f, 0x88, 0x43, 0xc1, 0x62, 0x5e, 0xcd, 0xe3, 0xcd, 0x72, 0xb1, 0x46,
+ 0x44, 0x3f, 0x0d, 0xc6, 0x58, 0xf7, 0xbd, 0xd4, 0x27, 0x8f, 0xc3, 0xcf,
+ 0xaa, 0x8e, 0x3c, 0x7b, 0x63, 0x87, 0xe0, 0x39, 0x2c, 0x2a, 0xc9, 0x8d,
+ 0x59, 0xa2, 0xe7, 0x7a, 0x3a, 0x7e, 0xde, 0x66, 0x9e, 0xb5, 0x61, 0x03,
+ 0x4a, 0x06, 0xa4, 0xec, 0xf8, 0xf6, 0x1d, 0x18, 0xd3, 0xc3, 0x20, 0x86,
+ 0xcc, 0x4b, 0xf8, 0x75, 0x21, 0x78, 0x42, 0x4e, 0x36, 0x0e, 0x5b, 0xa4,
+ 0xe6, 0xc7, 0xb8, 0x11, 0xbb, 0xaa, 0xff, 0x14, 0xbd, 0x27, 0x34, 0xd4,
+ 0xa4, 0x7a, 0xac, 0xef, 0xe1, 0x6f, 0x1d, 0x31, 0xae, 0xa9, 0x50, 0xef,
+ 0x12},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -6110,22 +6614,24 @@ const RsaDecryptTestVector kRsa3072Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
priv_key_33,
- false},
+ true},
// Comment: c = 1
// tcID: 28
{28,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x4f, 0x7a, 0xe4, 0x9f, 0x5c, 0x41, 0xaf, 0xec, 0x9c, 0xdc, 0xa8,
+ 0x0e, 0x10, 0x75, 0xec, 0xda, 0xbe, 0x3e, 0x44, 0xb8, 0x76, 0xeb},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -6149,22 +6655,31 @@ const RsaDecryptTestVector kRsa3072Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
priv_key_33,
- false},
+ true},
// Comment: c = n-1
// tcID: 29
{29,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x3c, 0xe0, 0x96, 0x42, 0x5b, 0x21, 0xc9, 0x4f, 0xc5, 0x53, 0x96, 0xa9,
+ 0x1a, 0x6a, 0x37, 0xcf, 0x8e, 0x55, 0xac, 0x32, 0x34, 0xee, 0xa9, 0xba,
+ 0x85, 0x76, 0x10, 0x1f, 0x0c, 0x80, 0x37, 0xf5, 0x5c, 0x0e, 0xe0, 0x3c,
+ 0xdc, 0xf7, 0xf3, 0xe8, 0x3e, 0xe7, 0x74, 0x70, 0xe6, 0x19, 0x92, 0x75,
+ 0xc9, 0x76, 0x4c, 0x36, 0x18, 0x47, 0x1b, 0xf6, 0x39, 0x4e, 0xde, 0x9a,
+ 0x69, 0x0a, 0x46, 0xa6, 0x61, 0xcf, 0x9c, 0xfb, 0x6c, 0xe2, 0xdc, 0xdc,
+ 0x54, 0x96, 0x40, 0x8c, 0xf4, 0xee, 0x9f, 0x0a, 0xff, 0x10, 0x63, 0x09,
+ 0xb5, 0xe1, 0xc3, 0x96, 0xbb, 0x92, 0xdd, 0xc3, 0xb6, 0x44, 0xb7, 0xe8,
+ 0xef, 0xa0, 0x99, 0xd3, 0xe2, 0x1d, 0x7c, 0x4c, 0x04, 0x24, 0x0b, 0x7b},
{0xdc, 0x8f, 0x78, 0x80, 0x67, 0x2f, 0x0c, 0xf9, 0xd6, 0x36, 0x17, 0xa8,
0xa5, 0x8b, 0xdd, 0x27, 0x1a, 0x10, 0x9b, 0xad, 0xda, 0x0f, 0xa8, 0x26,
0xf9, 0x4b, 0x8a, 0x79, 0x55, 0x26, 0xb6, 0xa4, 0x9a, 0x80, 0x56, 0x4c,
0xca, 0xba, 0x8a, 0x94, 0x91, 0xa9, 0x35, 0xa5, 0x3e, 0xde, 0xae, 0x1d,
0x9a, 0x7b, 0x54, 0x63, 0xd9, 0xe2, 0xef, 0x3e, 0xe0, 0xce, 0x7b, 0xff,
0x5d, 0x4b, 0x6c, 0x81, 0x47, 0xb5, 0xc0, 0x73, 0xc2, 0xf2, 0x20, 0x51,
0x5d, 0x53, 0x1d, 0x55, 0xa3, 0x66, 0x87, 0xa6, 0xde, 0x3c, 0x34, 0x77,
0x5c, 0x2f, 0x15, 0x19, 0x1a, 0xc0, 0xa7, 0x42, 0xd7, 0x34, 0x22, 0x28,
@@ -6188,17 +6703,17 @@ const RsaDecryptTestVector kRsa3072Decry
0x4d, 0x64, 0x87, 0x69, 0x5d, 0xb9, 0xa2, 0x69, 0x8c, 0x67, 0x2b, 0x2e,
0x82, 0x34, 0x10, 0xdb, 0xef, 0x1d, 0x93, 0xfe, 0x40, 0xc9, 0xd3, 0x57,
0xee, 0x9f, 0xc7, 0x7f, 0x84, 0x9d, 0xe1, 0x13, 0x63, 0xf5, 0x83, 0xaf,
0x8c, 0xcf, 0x51, 0x81, 0xca, 0x1a, 0xeb, 0x94, 0x4c, 0x42, 0x25, 0x16,
0xcb, 0x40, 0x1e, 0x95, 0x09, 0x23, 0xe4, 0xbd, 0x88, 0x14, 0x39, 0xfa,
0x10, 0x93, 0xc7, 0x75, 0x82, 0xbf, 0xe1, 0xac, 0x59, 0x93, 0x67, 0x47,
0x00, 0xb6, 0x43, 0x43, 0x39, 0xe0, 0x24, 0x53, 0x15, 0xd8, 0x6f, 0xca},
priv_key_33,
- false},
+ true},
// Comment: ciphertext is empty
// tcID: 30
{30, {0x54, 0x65, 0x73, 0x74}, {}, priv_key_33, false},
// Comment: prepended bytes to ciphertext
// tcID: 31
{31,
@@ -7628,48 +8143,41 @@ const RsaDecryptTestVector kRsa3072Decry
0x98, 0x27, 0x3f, 0x01, 0x77, 0xca, 0x84, 0xf2, 0x3e, 0xdc, 0x41, 0x83,
0x54, 0x48, 0x14, 0x27, 0x05, 0x94, 0x4a, 0x2a, 0xd2, 0xa0, 0x63, 0x85},
priv_key_55,
true},
// Comment: edge case for montgomery reduction with special primes
// tcID: 56
{56,
- {0x62, 0x92, 0x16, 0xbe, 0x33, 0x3c, 0x6a, 0x51, 0x7f, 0xb3, 0x42, 0x7d,
- 0x03, 0x94, 0x51, 0x1f, 0xa3, 0xc2, 0x4a, 0x71, 0x11, 0x3f, 0x12, 0x34,
- 0xbe, 0xa7, 0xfd, 0x4e, 0x07, 0x28, 0xf6, 0xc6, 0x58, 0x72, 0x41, 0x50,
- 0x29, 0xfd, 0x0a, 0xaa, 0xf1, 0xac, 0x7d, 0xae, 0x14, 0xd3, 0x85, 0x03,
- 0xdb, 0x27, 0x1d, 0xb4, 0x72, 0xbb, 0xb2, 0x12, 0xbe, 0x45, 0x3c, 0xea,
- 0xc6, 0xab, 0x62, 0x2e, 0x75, 0xd5, 0xe3, 0x23, 0xf6, 0x35, 0x3c, 0xe8,
- 0xb5, 0xe7, 0x99, 0x3b, 0x6b, 0xe3, 0x9c, 0x30, 0x08, 0x8d, 0x2b, 0x94,
- 0xe8, 0x56, 0x33, 0xbe, 0x10, 0x3c, 0xa5, 0xd9, 0xcc, 0xfd, 0xc2, 0x3c,
- 0x5a, 0xd2, 0x1a, 0x1a, 0x13, 0xcf, 0x19, 0xc3, 0x90, 0x1f, 0xe8, 0x84,
- 0x55, 0x72, 0x60, 0x0c, 0xc7, 0xe5, 0xdf, 0x31, 0x6f, 0x62, 0xe2, 0x23,
- 0x7e, 0x22, 0x4b, 0x4e, 0x01, 0xed, 0xb3, 0x2c, 0x81, 0x9f, 0x36, 0x4f,
- 0x0c, 0x9f, 0xdc, 0x1f, 0x28, 0xda, 0xd2, 0xb6, 0x92, 0x1c, 0x79, 0x52,
- 0xa2, 0x5a, 0x03, 0xe5, 0x9e, 0xf8, 0xd6, 0xc3, 0xa6, 0x1a, 0x54, 0xc4,
- 0x6c, 0xfb, 0xad, 0x22, 0xe1, 0x86, 0x20, 0x1e, 0x59, 0xe1, 0x22, 0x01,
- 0x8d, 0xc9, 0xbb, 0xc7, 0x44, 0xc5, 0x6c, 0xe6, 0x31, 0xcc, 0x11, 0xf9,
- 0x52, 0x3f, 0x79, 0xb4, 0x1f, 0xf7, 0x97, 0x11, 0xee, 0xa6, 0x33, 0x37,
- 0xc2, 0x4b, 0xfa, 0x37, 0x91, 0x0f, 0x91, 0x78, 0x3b, 0x78, 0xa4, 0xfe,
- 0x22, 0xb8, 0x0e, 0x52, 0xe3, 0xe1, 0x03, 0x4f, 0xcb, 0x33, 0x6d, 0xae,
- 0x90, 0x12, 0x24, 0x23, 0x66, 0x92, 0x30, 0xcd, 0x46, 0xfe, 0x54, 0x3c,
- 0x1e, 0x0e, 0xd8, 0x09, 0x48, 0xd5, 0x0b, 0x7e, 0xcc, 0xf6, 0xc2, 0x22,
- 0xbf, 0xcd, 0xb6, 0x1f, 0x84, 0xc9, 0x20, 0xd2, 0xe4, 0xdc, 0x9d, 0x5e,
- 0xaa, 0xa1, 0x41, 0x5b, 0x13, 0xc7, 0x4f, 0x18, 0xb9, 0x41, 0x82, 0x05,
- 0x6e, 0x10, 0x35, 0x62, 0xdc, 0x03, 0x32, 0x09, 0x30, 0xc2, 0x02, 0x66,
- 0xbd, 0xec, 0xff, 0x56, 0xaa, 0xfb, 0xb5, 0xbd, 0x3a, 0x0a, 0xc6, 0x8b,
- 0x66, 0x9b, 0xfe, 0x70, 0xe3, 0x29, 0xeb, 0xfe, 0x8e, 0xc8, 0x7c, 0xea,
- 0x99, 0xff, 0x0b, 0x51, 0xce, 0x7d, 0xd0, 0x69, 0x4f, 0x07, 0x50, 0x98,
- 0xa6, 0x77, 0xa4, 0x74, 0x3e, 0x10, 0xd3, 0xe3, 0x7f, 0x1f, 0xab, 0x84,
- 0x9d, 0xba, 0x39, 0xa9, 0xc7, 0x39, 0xf1, 0xed, 0x15, 0x0f, 0xe7, 0x95,
- 0x2b, 0x35, 0x20, 0x2f, 0xb6, 0x13, 0x8d, 0x24, 0xb2, 0xbf, 0x55, 0xe4,
- 0x9b, 0xc7, 0x00, 0x6c, 0xf7, 0x8e, 0xa8, 0x05, 0x13, 0x59, 0x83, 0x10,
- 0xc8, 0xb0, 0x21, 0x3b, 0xc8, 0x52, 0x5b, 0x92, 0x9e, 0x58, 0x12, 0x94,
- 0xc4, 0x96},
+ // This is a Bleichenbacher synthetic generated result
+ {0x74, 0x81, 0xb5, 0xd5, 0x98, 0xf1, 0xd8, 0x0d, 0x5b, 0x30, 0xae, 0x89,
+ 0x41, 0x91, 0x27, 0x44, 0x18, 0x76, 0x54, 0xca, 0x56, 0x23, 0x17, 0xc6,
+ 0x64, 0xdc, 0x2d, 0x0a, 0x4c, 0xe0, 0xdc, 0x3d, 0x0d, 0x05, 0x52, 0x05,
+ 0x5b, 0xc5, 0x7e, 0xd0, 0x26, 0x36, 0x5e, 0x13, 0xf8, 0x63, 0xa3, 0x7d,
+ 0x7c, 0x84, 0xbc, 0x90, 0x61, 0x88, 0xd3, 0xe7, 0xd6, 0x3b, 0xf1, 0x54,
+ 0x58, 0x42, 0xdc, 0xa3, 0x75, 0x51, 0x18, 0xdb, 0xfe, 0x26, 0xc7, 0x8d,
+ 0x24, 0x0f, 0x67, 0x63, 0x71, 0xab, 0xb4, 0xca, 0x29, 0x9f, 0x27, 0x63,
+ 0x7a, 0x0a, 0x18, 0xe9, 0xa6, 0x79, 0x10, 0xce, 0x2d, 0x21, 0x76, 0x05,
+ 0x60, 0x36, 0x04, 0x2f, 0x19, 0x7d, 0xf4, 0x4e, 0xfd, 0x59, 0x41, 0xbc,
+ 0x05, 0xcf, 0xd2, 0xca, 0xf8, 0xa3, 0xe4, 0x28, 0x34, 0x75, 0x99, 0x94,
+ 0xee, 0xd4, 0xa5, 0x25, 0x01, 0x8d, 0xd3, 0xb0, 0xc3, 0x24, 0x71, 0x7f,
+ 0xa2, 0x7c, 0x9e, 0x98, 0x01, 0x99, 0xc1, 0xfa, 0x0f, 0x09, 0xa2, 0xdc,
+ 0x0c, 0x3d, 0x67, 0x92, 0x27, 0xb7, 0xb0, 0x42, 0xf6, 0x76, 0x55, 0x4c,
+ 0xff, 0x6f, 0x70, 0x0a, 0x02, 0x6d, 0x58, 0x3c, 0xad, 0x1c, 0x49, 0xe6,
+ 0x0a, 0x2a, 0xcb, 0x61, 0xc9, 0x5e, 0x8e, 0x23, 0xb4, 0x37, 0xb6, 0x9a,
+ 0xe8, 0x00, 0x24, 0xb6, 0x95, 0x0c, 0x44, 0x00, 0xa0, 0x34, 0xaf, 0xfa,
+ 0xe9, 0x16, 0xf1, 0x2c, 0x2e, 0x23, 0xa3, 0xc7, 0xd3, 0x61, 0x31, 0xb7,
+ 0xfe, 0xfd, 0xab, 0x8f, 0x36, 0xaf, 0x8e, 0xd5, 0xbe, 0x4d, 0x4a, 0xc4,
+ 0x1c, 0xb6, 0x20, 0x6d, 0x0f, 0x3a, 0x01, 0x04, 0x62, 0x5f, 0x28, 0xb2,
+ 0xfb, 0x57, 0xa1, 0xd3, 0x31, 0x60, 0x51, 0xf2, 0x24, 0x2e, 0xf5, 0x3a,
+ 0x15, 0xef, 0x84, 0x1d, 0x76, 0x17, 0xee, 0xf4, 0xc0, 0x14, 0x88, 0x9a,
+ 0xde, 0x84, 0x1c, 0xbf, 0x9f, 0x5b, 0x7e, 0x63, 0x92, 0x38, 0x9e, 0xeb,
+ 0xf0, 0x0c, 0x2c, 0xba, 0xae, 0xe7, 0x33, 0x74, 0x21, 0x70, 0x64, 0x38,
+ 0x54, 0x22, 0x49},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -7693,17 +8201,17 @@ const RsaDecryptTestVector kRsa3072Decry
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
priv_key_56,
- false},
+ true},
// Comment: edge case for montgomery reduction with special primes
// tcID: 57
{57,
{0x92, 0x08, 0xae, 0x26, 0x4a, 0x9a, 0x82, 0x68, 0xb2, 0xa3, 0x4d, 0x01,
0xcf, 0x52, 0x0e, 0x33, 0x8e, 0x6a, 0x73, 0xf6, 0x44, 0x88, 0x49, 0x1a,
0x61, 0xa2, 0xa0, 0xc2, 0x1b, 0x5e, 0x82, 0x39, 0xe9, 0x6e, 0x9b, 0xc1,
0xaf, 0x2e, 0x59, 0xdd, 0x45, 0x18, 0xb5, 0xaf, 0x46, 0xc5, 0x6f, 0xe7,
@@ -8207,11 +8715,590 @@ const RsaDecryptTestVector kRsa3072Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
priv_key_65,
+ true},
+
+ // and invalid ciphertext that generates a synthethic plaintext
+ // that's zero bytes in length
+ {66,
+ {},
+ {0x5e, 0x95, 0x6c, 0xd9, 0x65, 0x2f, 0x4a, 0x2e, 0xce, 0x90, 0x29, 0x31,
+ 0x01, 0x3e, 0x09, 0x66, 0x2b, 0x6a, 0x92, 0x57, 0xad, 0x1e, 0x98, 0x7f,
+ 0xb7, 0x5f, 0x73, 0xa0, 0x60, 0x6d, 0xf2, 0xa4, 0xb0, 0x47, 0x89, 0x77,
+ 0x08, 0x20, 0xc2, 0xe0, 0x23, 0x22, 0xc4, 0xe8, 0x26, 0xf7, 0x67, 0xbd,
+ 0x89, 0x57, 0x34, 0xa0, 0x1e, 0x20, 0x60, 0x9c, 0x3b, 0xe4, 0x51, 0x7a,
+ 0x7a, 0x2a, 0x58, 0x9e, 0xa1, 0xcd, 0xc1, 0x37, 0xbe, 0xb7, 0x3e, 0xb3,
+ 0x8d, 0xac, 0x78, 0x1b, 0x52, 0xe8, 0x63, 0xde, 0x96, 0x20, 0xf7, 0x9f,
+ 0x9b, 0x90, 0xfd, 0x5b, 0x95, 0x36, 0x51, 0xfc, 0xbf, 0xef, 0x4a, 0x9f,
+ 0x1c, 0xc0, 0x74, 0x21, 0xd5, 0x11, 0xa8, 0x7d, 0xd6, 0x94, 0x2c, 0xaa,
+ 0xb6, 0xa5, 0xa0, 0xf4, 0xdf, 0x47, 0x3e, 0x62, 0xde, 0xfb, 0x52, 0x9a,
+ 0x7d, 0xe1, 0x50, 0x9a, 0xb9, 0x9c, 0x59, 0x6e, 0x1d, 0xff, 0x13, 0x20,
+ 0x40, 0x22, 0x98, 0xd8, 0xbe, 0x73, 0xa8, 0x96, 0xcc, 0x86, 0xc3, 0x8a,
+ 0xe3, 0xf2, 0xf5, 0x76, 0xe9, 0xea, 0x70, 0xcc, 0x28, 0xad, 0x57, 0x5c,
+ 0xb0, 0xf8, 0x54, 0xf0, 0xbe, 0x43, 0x18, 0x6b, 0xaa, 0x9c, 0x18, 0xe2,
+ 0x9c, 0x47, 0xc6, 0xca, 0x77, 0x13, 0x5d, 0xb7, 0x9c, 0x81, 0x12, 0x31,
+ 0xb7, 0xc1, 0x73, 0x09, 0x55, 0x88, 0x7d, 0x32, 0x1f, 0xdc, 0x06, 0x56,
+ 0x83, 0x82, 0xb8, 0x66, 0x43, 0xcf, 0x08, 0x9b, 0x10, 0xe3, 0x5a, 0xb2,
+ 0x3e, 0x82, 0x7d, 0x2e, 0x5a, 0xa7, 0xb4, 0xe9, 0x9f, 0xf2, 0xe9, 0x14,
+ 0xf3, 0x02, 0x35, 0x18, 0x19, 0xeb, 0x4d, 0x16, 0x93, 0x24, 0x3b, 0x35,
+ 0xf8, 0xbf, 0x1d, 0x42, 0xd0, 0x8f, 0x8e, 0xc4, 0xac, 0xaf, 0xa3, 0x5f,
+ 0x74, 0x7a, 0x4a, 0x97, 0x5a, 0x28, 0x64, 0x3e, 0xc6, 0x30, 0xd8, 0xe4,
+ 0xfa, 0x5b, 0xe5, 0x9d, 0x81, 0x99, 0x56, 0x60, 0xa1, 0x4b, 0xb6, 0x4c,
+ 0x1f, 0xea, 0x51, 0x46, 0xd6, 0xb1, 0x1f, 0x92, 0xda, 0x6a, 0x39, 0x56,
+ 0xdd, 0x5c, 0xb5, 0xe0, 0xd7, 0x47, 0xcf, 0x2e, 0xa2, 0x3f, 0x81, 0x61,
+ 0x77, 0x69, 0x18, 0x53, 0x36, 0x26, 0x3d, 0x46, 0xef, 0x4c, 0x14, 0x4b,
+ 0x75, 0x4d, 0xe6, 0x2a, 0x63, 0x37, 0x34, 0x2d, 0x6c, 0x85, 0xa9, 0x5f,
+ 0x19, 0xf0, 0x15, 0x72, 0x45, 0x46, 0xee, 0x3f, 0xc4, 0x82, 0x3e, 0xca,
+ 0x60, 0x3d, 0xbc, 0x1d, 0xc0, 0x1c, 0x2d, 0x5e, 0xd5, 0x0b, 0xd7, 0x2d,
+ 0x8e, 0x96, 0xdf, 0x2d, 0xc0, 0x48, 0xed, 0xde, 0x00, 0x81, 0x28, 0x40,
+ 0x68, 0x28, 0x3f, 0xc5, 0xe7, 0x3a, 0x61, 0x39, 0x85, 0x1a, 0xbf, 0x2f,
+ 0x29, 0x97, 0x7d, 0x0b, 0x3d, 0x16, 0x0c, 0x88, 0x3a, 0x42, 0xa3, 0x7e,
+ 0xfb, 0xa1, 0xbe, 0x05, 0xc1, 0xa0, 0xb1, 0x74, 0x1d, 0x7d, 0xdf, 0x59},
+ priv_key_3b,
+ true},
+
+ // an invalid ciphertext that generates last length that's one byte
+ // too long for the key size, so the second to last value needs to get
+ // used
+ {67,
+ {0x56, 0xa3, 0xbe, 0xa0, 0x54, 0xe0, 0x13, 0x38, 0xbe, 0x9b, 0x7d, 0x79,
+ 0x57, 0x53, 0x9c},
+ {0x7d, 0xb0, 0x39, 0x0d, 0x75, 0xfc, 0xf9, 0xd4, 0xc5, 0x9c, 0xf2, 0x7b,
+ 0x26, 0x41, 0x90, 0xd8, 0x56, 0xda, 0x9a, 0xbd, 0x11, 0xe9, 0x23, 0x34,
+ 0xd0, 0xe5, 0xf7, 0x10, 0x05, 0xcf, 0xed, 0x86, 0x5a, 0x71, 0x1d, 0xfa,
+ 0x28, 0xb7, 0x91, 0x18, 0x83, 0x74, 0xb6, 0x19, 0x16, 0xdb, 0xc1, 0x13,
+ 0x39, 0xbf, 0x14, 0xb0, 0x6f, 0x5f, 0x3f, 0x68, 0xc2, 0x06, 0xc5, 0x60,
+ 0x73, 0x80, 0xe1, 0x3d, 0xa3, 0x12, 0x9b, 0xfb, 0x74, 0x41, 0x57, 0xe1,
+ 0x52, 0x7d, 0xd6, 0xfd, 0xf6, 0x65, 0x12, 0x48, 0xb0, 0x28, 0xa4, 0x96,
+ 0xae, 0x1b, 0x97, 0x70, 0x2d, 0x44, 0x70, 0x60, 0x43, 0xcd, 0xaa, 0x7a,
+ 0x59, 0xc0, 0xf4, 0x13, 0x67, 0x30, 0x3f, 0x21, 0xf2, 0x68, 0x96, 0x8b,
+ 0xf3, 0xbd, 0x29, 0x04, 0xdb, 0x3a, 0xe5, 0x23, 0x9b, 0x55, 0xf8, 0xb4,
+ 0x38, 0xd9, 0x3d, 0x7d, 0xb9, 0xd1, 0x66, 0x6c, 0x07, 0x1c, 0x08, 0x57,
+ 0xe2, 0xec, 0x37, 0x75, 0x74, 0x63, 0x76, 0x9c, 0x54, 0xe5, 0x1f, 0x05,
+ 0x2b, 0x2a, 0x71, 0xb0, 0x4c, 0x28, 0x69, 0xe9, 0xe7, 0x04, 0x9a, 0x10,
+ 0x37, 0xb8, 0x42, 0x92, 0x06, 0xc9, 0x97, 0x26, 0xf0, 0x72, 0x89, 0xba,
+ 0xc1, 0x83, 0x63, 0xe7, 0xeb, 0x2a, 0x5b, 0x41, 0x7f, 0x47, 0xc3, 0x7a,
+ 0x55, 0x09, 0x0c, 0xda, 0x67, 0x65, 0x17, 0xb3, 0x54, 0x9c, 0x87, 0x3f,
+ 0x2f, 0xe9, 0x5d, 0xa9, 0x68, 0x17, 0x52, 0xec, 0x98, 0x64, 0xb0, 0x69,
+ 0x08, 0x9a, 0x2e, 0xd2, 0xf3, 0x40, 0xc8, 0xb0, 0x4e, 0xe0, 0x00, 0x79,
+ 0x05, 0x5a, 0x81, 0x7a, 0x33, 0x55, 0xb4, 0x6a, 0xc7, 0xdc, 0x00, 0xd1,
+ 0x7f, 0x45, 0x04, 0xcc, 0xfb, 0xcf, 0xca, 0xdb, 0x0c, 0x04, 0xcb, 0x6b,
+ 0x22, 0x06, 0x9e, 0x17, 0x93, 0x85, 0xae, 0x1e, 0xaf, 0xab, 0xad, 0x55,
+ 0x21, 0xba, 0xc2, 0xb8, 0xa8, 0xee, 0x1d, 0xff, 0xf5, 0x9a, 0x22, 0xeb,
+ 0x3f, 0xda, 0xcf, 0xc8, 0x71, 0x75, 0xd1, 0x0d, 0x78, 0x94, 0xcf, 0xd8,
+ 0x69, 0xd0, 0x56, 0x05, 0x7d, 0xd9, 0x94, 0x4b, 0x86, 0x9c, 0x17, 0x84,
+ 0xfc, 0xc2, 0x7f, 0x73, 0x1b, 0xc4, 0x61, 0x71, 0xd3, 0x95, 0x70, 0xfb,
+ 0xff, 0xba, 0xdf, 0x08, 0x2d, 0x33, 0xf6, 0x35, 0x2e, 0xcf, 0x44, 0xac,
+ 0xa8, 0xd9, 0x47, 0x8e, 0x53, 0xf5, 0xa5, 0xb7, 0xc8, 0x52, 0xb4, 0x01,
+ 0xe8, 0xf5, 0xf7, 0x4d, 0xa4, 0x9d, 0xa9, 0x1e, 0x65, 0xbd, 0xc9, 0x77,
+ 0x65, 0xa9, 0x52, 0x3b, 0x7a, 0x08, 0x85, 0xa6, 0xf8, 0xaf, 0xe5, 0x75,
+ 0x9d, 0x58, 0x00, 0x9f, 0xbf, 0xa8, 0x37, 0x47, 0x2a, 0x96, 0x8e, 0x6a,
+ 0xe9, 0x20, 0x26, 0xa5, 0xe0, 0x20, 0x2a, 0x39, 0x54, 0x83, 0x09, 0x53,
+ 0x02, 0xd6, 0xc3, 0x98, 0x5b, 0x5f, 0x58, 0x31, 0xc5, 0x21, 0xa2, 0x71},
+ priv_key_3b,
+ true},
+
+ // an invalid ciphertext that generates a plaintext of maximum size
+ // for this key size
+ {68,
+ {0x7b, 0x03, 0x6f, 0xcd, 0x62, 0x43, 0x90, 0x0e, 0x42, 0x36, 0xc8, 0x94,
+ 0xe2, 0x46, 0x2c, 0x17, 0x73, 0x8a, 0xcc, 0x87, 0xe0, 0x1a, 0x76, 0xf4,
+ 0xd9, 0x5c, 0xb9, 0xa3, 0x28, 0xd9, 0xac, 0xde, 0x81, 0x65, 0x02, 0x83,
+ 0xb8, 0xe8, 0xf6, 0x0a, 0x21, 0x7e, 0x3b, 0xde, 0xe8, 0x35, 0xc7, 0xb2,
+ 0x22, 0xad, 0x4c, 0x85, 0xd0, 0xac, 0xdb, 0x9a, 0x30, 0x9b, 0xd2, 0xa7,
+ 0x54, 0x60, 0x9a, 0x65, 0xde, 0xc5, 0x0f, 0x3a, 0xa0, 0x4c, 0x6d, 0x58,
+ 0x91, 0x03, 0x45, 0x66, 0xb9, 0x56, 0x3d, 0x42, 0x66, 0x8e, 0xde, 0x1f,
+ 0x89, 0x92, 0xb1, 0x77, 0x53, 0xa2, 0x13, 0x2e, 0x28, 0x97, 0x05, 0x84,
+ 0xe2, 0x55, 0xef, 0xc8, 0xb4, 0x5a, 0x41, 0xc5, 0xdb, 0xd7, 0x56, 0x7f,
+ 0x01, 0x4a, 0xce, 0xc5, 0xfe, 0x6f, 0xdb, 0x6d, 0x48, 0x47, 0x90, 0x36,
+ 0x0a, 0x91, 0x3e, 0xbb, 0x9d, 0xef, 0xcd, 0x74, 0xff, 0x37, 0x7f, 0x2a,
+ 0x8b, 0xa4, 0x6d, 0x2e, 0xd8, 0x5f, 0x73, 0x3c, 0x9a, 0x3d, 0xa0, 0x8e,
+ 0xb5, 0x7e, 0xce, 0xdf, 0xaf, 0xda, 0x80, 0x67, 0x78, 0xf0, 0x3c, 0x66,
+ 0xb2, 0xc5, 0xd2, 0x87, 0x4c, 0xec, 0x1c, 0x29, 0x1b, 0x2d, 0x49, 0xeb,
+ 0x19, 0x4c, 0x7b, 0x5d, 0x0d, 0xd2, 0x90, 0x8a, 0xe9, 0x0f, 0x48, 0x43,
+ 0x26, 0x8a, 0x2c, 0x45, 0x56, 0x30, 0x92, 0xad, 0xe0, 0x8a, 0xcb, 0x6a,
+ 0xb4, 0x81, 0xa0, 0x81, 0x76, 0x10, 0x2f, 0xc8, 0x03, 0xfb, 0xb2, 0xf8,
+ 0xad, 0x11, 0xb0, 0xe1, 0x53, 0x1b, 0xd3, 0x7d, 0xf5, 0x43, 0x49, 0x8d,
+ 0xaf, 0x18, 0x0b, 0x12, 0x01, 0x7f, 0x4d, 0x4d, 0x42, 0x6c, 0xa2, 0x9b,
+ 0x41, 0x61, 0x07, 0x55, 0x34, 0xbf, 0xb9, 0x14, 0x96, 0x80, 0x88, 0xa9,
+ 0xd1, 0x37, 0x85, 0xd0, 0xad, 0xc0, 0xe2, 0x58, 0x0d, 0x35, 0x48, 0x49,
+ 0x4b, 0x2a, 0x9e, 0x91, 0x60, 0x5f, 0x2b, 0x27, 0xe6, 0xcc, 0x70, 0x1c,
+ 0x79, 0x6f, 0x0d, 0xe7, 0xc6, 0xf4, 0x71, 0xf6, 0xab, 0x6c, 0xb9, 0x27,
+ 0x2a, 0x1e, 0xd6, 0x37, 0xca, 0x32, 0xa6, 0x0d, 0x11, 0x75, 0x05, 0xd8,
+ 0x2a, 0xf3, 0xc1, 0x33, 0x61, 0x04, 0xaf, 0xb5, 0x37, 0xd0, 0x1a, 0x8f,
+ 0x70, 0xb5, 0x10, 0xe1, 0xee, 0xbf, 0x48, 0x69, 0xcb, 0x97, 0x6c, 0x41,
+ 0x94, 0x73, 0x79, 0x5a, 0x66, 0xc7, 0xf5, 0xe6, 0xe2, 0x0a, 0x80, 0x94,
+ 0xb1, 0xbb, 0x60, 0x3a, 0x74, 0x33, 0x0c, 0x53, 0x7c, 0x5c, 0x06, 0x98,
+ 0xc3, 0x15, 0x38, 0xbd, 0x2e, 0x13, 0x8c, 0x12, 0x75, 0xa1, 0xbd, 0xf2,
+ 0x4c, 0x5f, 0xa8, 0xab, 0x3b, 0x7b, 0x52, 0x63, 0x24, 0xe7, 0x91, 0x8a,
+ 0x38, 0x2d, 0x13, 0x63, 0xb3, 0xd4, 0x63, 0x76, 0x42, 0x22, 0x15, 0x0e,
+ 0x04},
+ {0x17, 0x15, 0x06, 0x53, 0x22, 0x52, 0x2d, 0xff, 0x85, 0x04, 0x98, 0x00,
+ 0xf6, 0xa2, 0x9a, 0xb5, 0xf9, 0x8c, 0x46, 0x50, 0x20, 0x46, 0x74, 0x14,
+ 0xb2, 0xa4, 0x41, 0x27, 0xfe, 0x94, 0x46, 0xda, 0x47, 0xfa, 0x18, 0x04,
+ 0x79, 0x00, 0xf9, 0x9a, 0xfe, 0x67, 0xc2, 0xdf, 0x6f, 0x50, 0x16, 0x0b,
+ 0xb8, 0xe9, 0x0b, 0xff, 0x29, 0x66, 0x10, 0xfd, 0xe6, 0x32, 0xb3, 0x85,
+ 0x9d, 0x4d, 0x0d, 0x2e, 0x64, 0x4f, 0x23, 0x83, 0x50, 0x28, 0xc4, 0x6c,
+ 0xca, 0x01, 0xb8, 0x4b, 0x88, 0x23, 0x1d, 0x7e, 0x03, 0x15, 0x4e, 0xde,
+ 0xc6, 0x62, 0x7b, 0xcb, 0xa2, 0x3d, 0xe7, 0x67, 0x40, 0xd8, 0x39, 0x85,
+ 0x1f, 0xa1, 0x2d, 0x74, 0xc8, 0xf9, 0x2e, 0x54, 0x0c, 0x73, 0xfe, 0x83,
+ 0x7b, 0x91, 0xb7, 0xd6, 0x99, 0xb3, 0x11, 0x99, 0x7d, 0x5f, 0x0f, 0x78,
+ 0x64, 0xc4, 0x86, 0xd4, 0x99, 0xc3, 0xa7, 0x9c, 0x11, 0x1f, 0xaa, 0xac,
+ 0xbe, 0x47, 0x99, 0x59, 0x7a, 0x25, 0x06, 0x6c, 0x62, 0x00, 0x21, 0x5c,
+ 0x3d, 0x15, 0x8f, 0x38, 0x17, 0xc1, 0xaa, 0x57, 0xf1, 0x8b, 0xda, 0xad,
+ 0x0b, 0xe1, 0x65, 0x8d, 0xa9, 0xda, 0x93, 0xf5, 0xcc, 0x6c, 0x3c, 0x4d,
+ 0xd7, 0x27, 0x88, 0xaf, 0x57, 0xad, 0xbb, 0x6a, 0x0c, 0x26, 0xf4, 0x2d,
+ 0x32, 0xd9, 0x5b, 0x8a, 0x4f, 0x95, 0xe8, 0xc6, 0xfe, 0xb2, 0xf8, 0xa5,
+ 0xd5, 0x3b, 0x19, 0xa5, 0x0a, 0x0b, 0x7c, 0xbc, 0x25, 0xe0, 0x55, 0xad,
+ 0x03, 0xe5, 0xac, 0xe8, 0xf3, 0xf7, 0xdb, 0x13, 0xe5, 0x77, 0x59, 0xf6,
+ 0x7b, 0x65, 0xd1, 0x43, 0xf0, 0x8c, 0xca, 0x15, 0x99, 0x2c, 0x6b, 0x2a,
+ 0xae, 0x64, 0x33, 0x90, 0x48, 0x3d, 0xe1, 0x11, 0xc2, 0x98, 0x8d, 0x4e,
+ 0x76, 0xb4, 0x25, 0x96, 0x26, 0x60, 0x05, 0x10, 0x3c, 0x8d, 0xe6, 0x04,
+ 0x4f, 0xb7, 0x39, 0x8e, 0xb3, 0xc2, 0x8a, 0x86, 0x4f, 0xa6, 0x72, 0xde,
+ 0x5f, 0xd8, 0x77, 0x45, 0x10, 0xff, 0x45, 0xe0, 0x59, 0x69, 0xa1, 0x1a,
+ 0x4c, 0x7d, 0x3f, 0x34, 0x3e, 0x33, 0x11, 0x90, 0xd2, 0xdc, 0xf2, 0x4f,
+ 0xb9, 0x15, 0x4b, 0xa9, 0x04, 0xdc, 0x94, 0xaf, 0x98, 0xaf, 0xc5, 0x77,
+ 0x4a, 0x96, 0x17, 0xd0, 0x41, 0x8f, 0xe6, 0xd1, 0x3f, 0x82, 0x45, 0xc7,
+ 0xd7, 0x62, 0x6c, 0x17, 0x61, 0x38, 0xdd, 0x69, 0x8a, 0x23, 0x54, 0x7c,
+ 0x25, 0xf2, 0x7c, 0x2b, 0x98, 0xea, 0x4d, 0x8a, 0x45, 0xc7, 0x84, 0x2b,
+ 0x81, 0x88, 0x8e, 0x4c, 0xc1, 0x4e, 0x5b, 0x72, 0xe9, 0xcf, 0x91, 0xf5,
+ 0x69, 0x56, 0xc9, 0x3d, 0xbf, 0x2e, 0x5f, 0x44, 0xa8, 0x28, 0x2a, 0x78,
+ 0x13, 0x15, 0x7f, 0xc4, 0x81, 0xff, 0x13, 0x71, 0xa0, 0xf6, 0x6b, 0x31,
+ 0x79, 0x7e, 0x81, 0xeb, 0xdb, 0x09, 0xa6, 0x73, 0xd4, 0xdb, 0x96, 0xd6},
+ priv_key_3b,
+ true},
+
+ // test_positive_9_bytes_long
+ {69,
+ // 'forty two'
+ {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f},
+ {0x6c, 0x60, 0x84, 0x5a, 0x85, 0x4b, 0x45, 0x71, 0xf6, 0x78, 0x94, 0x1a,
+ 0xe3, 0x5a, 0x2a, 0xc0, 0x3f, 0x67, 0xc2, 0x1e, 0x21, 0x14, 0x6f, 0x9d,
+ 0xb1, 0xf2, 0x30, 0x6b, 0xe9, 0xf1, 0x36, 0x45, 0x3b, 0x86, 0xad, 0x55,
+ 0x64, 0x7d, 0x4f, 0x7b, 0x5c, 0x9e, 0x62, 0x19, 0x7a, 0xaf, 0xf0, 0xc0,
+ 0xe4, 0x0a, 0x3b, 0x54, 0xc4, 0xcd, 0xe1, 0x4e, 0x77, 0x4b, 0x1c, 0x59,
+ 0x59, 0xb6, 0xc2, 0xa2, 0x30, 0x28, 0x96, 0xff, 0xae, 0x1f, 0x73, 0xb0,
+ 0x0b, 0x86, 0x2a, 0x20, 0xff, 0x43, 0x04, 0xfe, 0x06, 0xce, 0xa7, 0xff,
+ 0x30, 0xec, 0xb3, 0x77, 0x3c, 0xa9, 0xaf, 0x27, 0xa0, 0xb5, 0x45, 0x47,
+ 0x35, 0x0d, 0x7c, 0x07, 0xdf, 0xb0, 0xa3, 0x96, 0x29, 0xc7, 0xe7, 0x1e,
+ 0x83, 0xfc, 0x5a, 0xf9, 0xb2, 0xad, 0xba, 0xf8, 0x98, 0xe0, 0x37, 0xf1,
+ 0xde, 0x69, 0x6a, 0x3f, 0x32, 0x8c, 0xf4, 0x5a, 0xf7, 0xec, 0x9a, 0xff,
+ 0x71, 0x73, 0x85, 0x40, 0x87, 0xfb, 0x8f, 0xbf, 0x34, 0xbe, 0x98, 0x1e,
+ 0xfb, 0xd8, 0x49, 0x3f, 0x94, 0x38, 0xd1, 0xb2, 0xba, 0x2a, 0x86, 0xaf,
+ 0x08, 0x26, 0x62, 0xaa, 0x46, 0xae, 0x9a, 0xdf, 0xbe, 0xc5, 0x1e, 0x5f,
+ 0x3d, 0x95, 0x50, 0xa4, 0xdd, 0x1d, 0xcb, 0x7c, 0x89, 0x69, 0xc9, 0x58,
+ 0x7a, 0x6e, 0xdc, 0x82, 0xa8, 0xca, 0xbb, 0xc7, 0x85, 0xc4, 0x0d, 0x9f,
+ 0xbd, 0x12, 0x06, 0x45, 0x59, 0xfb, 0x76, 0x94, 0x50, 0xac, 0x3e, 0x47,
+ 0xe8, 0x7b, 0xc0, 0x46, 0x14, 0x81, 0x30, 0xd7, 0xea, 0xa8, 0x43, 0xe4,
+ 0xb3, 0xcc, 0xef, 0x36, 0x75, 0xd0, 0x63, 0x05, 0x00, 0x80, 0x3c, 0xb7,
+ 0xff, 0xee, 0x38, 0x82, 0x37, 0x8c, 0x1a, 0x40, 0x4e, 0x85, 0x0c, 0x3e,
+ 0x20, 0x70, 0x7b, 0xb7, 0x45, 0xe4, 0x2b, 0x13, 0xc1, 0x87, 0x86, 0xc4,
+ 0x97, 0x60, 0x76, 0xed, 0x9f, 0xa8, 0xfd, 0x0f, 0xf1, 0x5e, 0x57, 0x1b,
+ 0xef, 0x02, 0xcb, 0xbe, 0x2f, 0x90, 0xc9, 0x08, 0xac, 0x37, 0x34, 0xa4,
+ 0x33, 0xb7, 0x3e, 0x77, 0x8d, 0x4d, 0x17, 0xfc, 0xc2, 0x8f, 0x49, 0x18,
+ 0x5e, 0xbc, 0x6e, 0x85, 0x36, 0xa0, 0x6d, 0x29, 0x32, 0x02, 0xd9, 0x44,
+ 0x96, 0x45, 0x3b, 0xfd, 0xf1, 0xc2, 0xc7, 0x83, 0x3a, 0x3f, 0x99, 0xfa,
+ 0x38, 0xca, 0x8a, 0x81, 0xf4, 0x2e, 0xaa, 0x52, 0x9d, 0x60, 0x3b, 0x89,
+ 0x03, 0x08, 0xa3, 0x19, 0xc0, 0xab, 0x63, 0xa3, 0x5f, 0xf8, 0xeb, 0xac,
+ 0x96, 0x5f, 0x62, 0x78, 0xf5, 0xa7, 0xe5, 0xd6, 0x22, 0xbe, 0x5d, 0x5f,
+ 0xe5, 0x5f, 0x0c, 0xa3, 0xec, 0x99, 0x3d, 0x55, 0x43, 0x0d, 0x2b, 0xf5,
+ 0x9c, 0x5d, 0x3e, 0x86, 0x0e, 0x90, 0xc1, 0x6d, 0x91, 0xa0, 0x45, 0x96,
+ 0xf6, 0xfd, 0xf6, 0x0d, 0x89, 0xed, 0x95, 0xd8, 0x8c, 0x03, 0x6d, 0xde},
+ priv_key_3b,
+ true},
+
+ // a valid ciphertext that starts with a null byte and decrypts to
+ // 9 byte long value
+ {70,
+ // 'forty two'
+ {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f},
+ {0x00, 0xf4, 0xd5, 0x65, 0xa3, 0x28, 0x67, 0x84, 0xdb, 0xb8, 0x53, 0x27,
+ 0xdb, 0x88, 0x07, 0xae, 0x55, 0x7e, 0xad, 0x22, 0x9f, 0x92, 0xab, 0xa9,
+ 0x45, 0xce, 0xcd, 0xa5, 0x22, 0x5f, 0x60, 0x6a, 0x7d, 0x61, 0x30, 0xed,
+ 0xee, 0xb6, 0xf2, 0x67, 0x24, 0xd1, 0xef, 0xf1, 0x11, 0x0f, 0x9e, 0xb1,
+ 0x8d, 0xc3, 0x24, 0x81, 0x40, 0xee, 0x38, 0x37, 0xe6, 0x68, 0x83, 0x91,
+ 0xe7, 0x87, 0x96, 0xc5, 0x26, 0x79, 0x13, 0x84, 0xf0, 0x45, 0xe2, 0x1b,
+ 0x6b, 0x85, 0x3f, 0xb6, 0x34, 0x2a, 0x11, 0xf3, 0x09, 0xeb, 0x77, 0x96,
+ 0x2f, 0x37, 0xce, 0x23, 0x92, 0x5a, 0xf6, 0x00, 0x84, 0x7f, 0xbd, 0x30,
+ 0xe6, 0xe0, 0x7e, 0x57, 0xde, 0x50, 0xb6, 0x06, 0xe6, 0xb7, 0xf2, 0x88,
+ 0xcc, 0x77, 0x7c, 0x1a, 0x68, 0x34, 0xf2, 0x7e, 0x6e, 0xda, 0xce, 0x50,
+ 0x84, 0x52, 0x12, 0x89, 0x16, 0xee, 0xf7, 0x78, 0x8c, 0x8b, 0xb2, 0x27,
+ 0xe3, 0x54, 0x8c, 0x6a, 0x76, 0x1c, 0xc4, 0xe9, 0xdd, 0x1a, 0x35, 0x84,
+ 0x17, 0x6d, 0xc0, 0x53, 0xba, 0x35, 0x00, 0xad, 0xb1, 0xd5, 0xe1, 0x61,
+ 0x12, 0x91, 0x65, 0x4f, 0x12, 0xdf, 0xc5, 0x72, 0x28, 0x32, 0xf6, 0x35,
+ 0xdb, 0x30, 0x02, 0xd7, 0x3f, 0x9d, 0xef, 0xc3, 0x10, 0xac, 0xe6, 0x2c,
+ 0x63, 0x86, 0x8d, 0x34, 0x16, 0x19, 0xc7, 0xee, 0x15, 0xb2, 0x02, 0x43,
+ 0xb3, 0x37, 0x1e, 0x05, 0x07, 0x8e, 0x11, 0x21, 0x97, 0x70, 0xc7, 0x01,
+ 0xd9, 0xf3, 0x41, 0xaf, 0x35, 0xdf, 0x1b, 0xc7, 0x29, 0xde, 0x29, 0x48,
+ 0x25, 0xff, 0x2e, 0x41, 0x6a, 0xa1, 0x15, 0x26, 0x61, 0x28, 0x52, 0x77,
+ 0x7e, 0xb1, 0x31, 0xf9, 0xc4, 0x51, 0x51, 0xeb, 0x14, 0x49, 0x80, 0xd7,
+ 0x06, 0x08, 0xd2, 0xfc, 0x40, 0x43, 0x47, 0x73, 0x68, 0x36, 0x9a, 0xa0,
+ 0xfe, 0x48, 0x7a, 0x48, 0xbd, 0x57, 0xe6, 0x6b, 0x00, 0xc3, 0xc5, 0x8f,
+ 0x94, 0x15, 0x49, 0xf5, 0xec, 0x05, 0x0f, 0xca, 0x64, 0x44, 0x9d, 0xeb,
+ 0xe7, 0xa0, 0xc4, 0xac, 0x51, 0xe5, 0x5c, 0xb7, 0x16, 0x20, 0xa7, 0x03,
+ 0x12, 0xaa, 0x4b, 0xd8, 0x5f, 0xac, 0x14, 0x10, 0xc9, 0xc7, 0xf9, 0xd6,
+ 0xec, 0x61, 0x0b, 0x7d, 0x11, 0xbf, 0x8f, 0xae, 0xff, 0xa2, 0x02, 0x55,
+ 0xd1, 0xa1, 0xbe, 0xad, 0x92, 0x97, 0xd0, 0xaa, 0x87, 0x65, 0xcd, 0x28,
+ 0x05, 0x84, 0x7d, 0x63, 0x9b, 0xc4, 0x39, 0xf4, 0xa6, 0xc8, 0x96, 0xe2,
+ 0x00, 0x8f, 0x74, 0x6f, 0x95, 0x90, 0xff, 0x45, 0x96, 0xde, 0x5d, 0xdd,
+ 0xe0, 0x00, 0xed, 0x66, 0x6c, 0x45, 0x2c, 0x97, 0x80, 0x43, 0xff, 0x42,
+ 0x98, 0x46, 0x1e, 0xb5, 0xa2, 0x6d, 0x5e, 0x63, 0xd8, 0x21, 0x43, 0x86,
+ 0x27, 0xf9, 0x12, 0x01, 0x92, 0x4b, 0xf7, 0xf2, 0xae, 0xee, 0x17, 0x27},
+ priv_key_3b,
+ true},
+
+ // a valid ciphertext that starts with two null bytes and decrypts to
+ // 9 byte long value
+ {71,
+ // 'forty two'
+ {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f},
+ {0x00, 0x00, 0x1e, 0xc9, 0x7a, 0xc9, 0x81, 0xdf, 0xd9, 0xdc, 0xc7, 0xa7,
+ 0x38, 0x9f, 0xdf, 0xa9, 0xd3, 0x61, 0x14, 0x1d, 0xac, 0x80, 0xc2, 0x3a,
+ 0x06, 0x04, 0x10, 0xd4, 0x72, 0xc1, 0x60, 0x94, 0xe6, 0xcd, 0xff, 0xc0,
+ 0xc3, 0x68, 0x4d, 0x84, 0xaa, 0x40, 0x2d, 0x70, 0x51, 0xdf, 0xcc, 0xb2,
+ 0xf6, 0xda, 0x33, 0xf6, 0x69, 0x85, 0xd2, 0xa2, 0x59, 0xf5, 0xb7, 0xfb,
+ 0xf3, 0x9a, 0xc5, 0x37, 0xe9, 0x5c, 0x5b, 0x70, 0x50, 0xeb, 0x18, 0x84,
+ 0x4a, 0x05, 0x13, 0xab, 0xef, 0x81, 0x2c, 0xc8, 0xe7, 0x4a, 0x3c, 0x52,
+ 0x40, 0x00, 0x9e, 0x6e, 0x80, 0x5d, 0xca, 0xdf, 0x53, 0x2b, 0xc1, 0xa2,
+ 0x70, 0x2d, 0x5a, 0xcc, 0x9e, 0x58, 0x5f, 0xad, 0x5b, 0x89, 0xd4, 0x61,
+ 0xfc, 0xc1, 0x39, 0x73, 0x51, 0xcd, 0xce, 0x35, 0x17, 0x15, 0x23, 0x75,
+ 0x8b, 0x17, 0x1d, 0xc0, 0x41, 0xf4, 0x12, 0xe4, 0x29, 0x66, 0xde, 0x7f,
+ 0x94, 0x85, 0x64, 0x77, 0x35, 0x6d, 0x06, 0xf2, 0xa6, 0xb4, 0x0e, 0x3f,
+ 0xf0, 0x54, 0x75, 0x62, 0xa4, 0xd9, 0x1b, 0xbf, 0x13, 0x38, 0xe9, 0xe0,
+ 0x49, 0xfa, 0xcb, 0xee, 0x8b, 0x20, 0x17, 0x11, 0x64, 0x50, 0x54, 0x68,
+ 0xcd, 0x30, 0x89, 0x97, 0x44, 0x7d, 0x3d, 0xc4, 0xb0, 0xac, 0xb4, 0x9e,
+ 0x7d, 0x36, 0x8f, 0xed, 0xd8, 0xc7, 0x34, 0x25, 0x1f, 0x30, 0xa8, 0x34,
+ 0x91, 0xd2, 0x50, 0x6f, 0x3f, 0x87, 0x31, 0x8c, 0xc1, 0x18, 0x82, 0x32,
+ 0x44, 0xa3, 0x93, 0xdc, 0x7c, 0x5c, 0x73, 0x9a, 0x27, 0x33, 0xd9, 0x3e,
+ 0x1b, 0x13, 0xdb, 0x68, 0x40, 0xa9, 0x42, 0x99, 0x47, 0x35, 0x7f, 0x47,
+ 0xb2, 0x3f, 0xbe, 0x39, 0xb7, 0xd2, 0xd6, 0x1e, 0x5e, 0xe2, 0x6f, 0x99,
+ 0x46, 0xc4, 0x63, 0x2f, 0x6c, 0x46, 0x99, 0xe4, 0x52, 0xf4, 0x12, 0xa2,
+ 0x66, 0x41, 0xd4, 0x75, 0x11, 0x35, 0x40, 0x07, 0x13, 0xcd, 0x56, 0xec,
+ 0x66, 0xf0, 0x37, 0x04, 0x23, 0xd5, 0x5d, 0x2a, 0xf7, 0x0f, 0x5e, 0x7a,
+ 0xd0, 0xad, 0xea, 0x8e, 0x4a, 0x0d, 0x90, 0x4a, 0x01, 0xe4, 0xac, 0x27,
+ 0x2e, 0xba, 0x4a, 0xf1, 0xa0, 0x29, 0xdd, 0x53, 0xeb, 0x71, 0xf1, 0x15,
+ 0xbf, 0x31, 0xf7, 0xa6, 0xc8, 0xb1, 0x9a, 0x65, 0x23, 0xad, 0xee, 0xcc,
+ 0x0d, 0x4c, 0x3c, 0x10, 0x75, 0x75, 0xe3, 0x85, 0x72, 0xa8, 0xf8, 0x47,
+ 0x4c, 0xca, 0xd1, 0x63, 0xe4, 0x6e, 0x2e, 0x8b, 0x08, 0x11, 0x11, 0x32,
+ 0xaa, 0x97, 0xa1, 0x6f, 0xb5, 0x88, 0xc9, 0xb7, 0xe3, 0x7b, 0x3b, 0x3d,
+ 0x74, 0x90, 0x38, 0x1f, 0x3c, 0x55, 0xd1, 0xa9, 0x86, 0x9a, 0x0f, 0xd4,
+ 0x2c, 0xd8, 0x6f, 0xed, 0x59, 0xec, 0xec, 0x78, 0xcb, 0x6b, 0x2d, 0xfd,
+ 0x06, 0xa4, 0x97, 0xf5, 0xaf, 0xe3, 0x41, 0x96, 0x91, 0x31, 0x4b, 0xa0},
+ priv_key_3b,
+ true},
+
+ // test_negative_9_bytes_long
+ {72,
+ {0x25, 0x79, 0x06, 0xca, 0x6d, 0xe8, 0x30, 0x77, 0x28},
+ {0x5c, 0x85, 0x55, 0xf5, 0xce, 0xf6, 0x27, 0xc1, 0x5d, 0x37, 0xf8, 0x5c,
+ 0x7f, 0x5f, 0xd6, 0xe4, 0x99, 0x26, 0x4e, 0xa4, 0xb8, 0xe3, 0xf9, 0x11,
+ 0x20, 0x23, 0xae, 0xb7, 0x22, 0xeb, 0x38, 0xd8, 0xea, 0xc2, 0xbe, 0x37,
+ 0x51, 0xfd, 0x5a, 0x37, 0x85, 0xab, 0x7f, 0x2d, 0x59, 0xfa, 0x37, 0x28,
+ 0xe5, 0xbe, 0x8c, 0x3d, 0xe7, 0x8a, 0x67, 0x46, 0x4e, 0x30, 0xb2, 0x1e,
+ 0xe2, 0x3b, 0x54, 0x84, 0xbb, 0x3c, 0xd0, 0x6d, 0x0e, 0x1c, 0x6a, 0xd2,
+ 0x56, 0x49, 0xc8, 0x51, 0x81, 0x65, 0x65, 0x3e, 0xb8, 0x04, 0x88, 0xbf,
+ 0xb4, 0x91, 0xb2, 0x0c, 0x04, 0x89, 0x7a, 0x67, 0x72, 0xf6, 0x92, 0x92,
+ 0x22, 0x2f, 0xc5, 0xef, 0x50, 0xb5, 0xcf, 0x9e, 0xfc, 0x6d, 0x60, 0x42,
+ 0x6a, 0x44, 0x9b, 0x6c, 0x48, 0x95, 0x69, 0xd4, 0x8c, 0x83, 0x48, 0x8d,
+ 0xf6, 0x29, 0xd6, 0x95, 0x65, 0x3d, 0x40, 0x9c, 0xe4, 0x9a, 0x79, 0x54,
+ 0x47, 0xfc, 0xec, 0x2c, 0x58, 0xa1, 0xa6, 0x72, 0xe4, 0xa3, 0x91, 0x40,
+ 0x1d, 0x42, 0x8b, 0xaa, 0xf7, 0x81, 0x51, 0x6e, 0x11, 0xe3, 0x23, 0xd3,
+ 0x02, 0xfc, 0xf2, 0x0f, 0x6e, 0xab, 0x2b, 0x2d, 0xbe, 0x53, 0xa4, 0x8c,
+ 0x98, 0x7e, 0x40, 0x7c, 0x4d, 0x7e, 0x1c, 0xb4, 0x11, 0x31, 0x32, 0x91,
+ 0x38, 0x31, 0x3d, 0x33, 0x02, 0x04, 0x17, 0x3a, 0x4f, 0x3f, 0xf0, 0x6c,
+ 0x6f, 0xad, 0xf9, 0x70, 0xf0, 0xed, 0x10, 0x05, 0xd0, 0xb2, 0x7e, 0x35,
+ 0xc3, 0xd1, 0x16, 0x93, 0xe0, 0x42, 0x9e, 0x27, 0x2d, 0x58, 0x3e, 0x57,
+ 0xb2, 0xc5, 0x8d, 0x24, 0x31, 0x5c, 0x39, 0x78, 0x56, 0xb3, 0x44, 0x85,
+ 0xdc, 0xb0, 0x77, 0x66, 0x55, 0x92, 0xb7, 0x47, 0xf8, 0x89, 0xd3, 0x4f,
+ 0xeb, 0xf2, 0xbe, 0x8f, 0xce, 0x66, 0xc2, 0x65, 0xfd, 0x9f, 0xc3, 0x57,
+ 0x5a, 0x62, 0x86, 0xa5, 0xce, 0x88, 0xb4, 0xb4, 0x13, 0xa0, 0x8e, 0xfc,
+ 0x57, 0xa0, 0x7a, 0x8f, 0x57, 0xa9, 0x99, 0x60, 0x5a, 0x83, 0x7b, 0x05,
+ 0x42, 0x69, 0x5c, 0x0d, 0x18, 0x9e, 0x67, 0x8b, 0x53, 0x66, 0x2e, 0xcf,
+ 0x7c, 0x3d, 0x37, 0xd9, 0xdb, 0xee, 0xa5, 0x85, 0xee, 0xbf, 0xaf, 0x79,
+ 0x14, 0x11, 0x18, 0xe0, 0x67, 0x62, 0xc2, 0x38, 0x1f, 0xe2, 0x7c, 0xa6,
+ 0x28, 0x8e, 0xdd, 0xdc, 0x19, 0xfd, 0x67, 0xcd, 0x64, 0xf1, 0x6b, 0x46,
+ 0xe0, 0x6d, 0x8a, 0x59, 0xac, 0x53, 0x0f, 0x22, 0xcd, 0x83, 0xcc, 0x0b,
+ 0xc4, 0xe3, 0x7f, 0xeb, 0x52, 0x01, 0x5c, 0xbb, 0x22, 0x83, 0x04, 0x3c,
+ 0xcf, 0x5e, 0x78, 0xa4, 0xeb, 0x71, 0x46, 0x82, 0x7d, 0x7a, 0x46, 0x6b,
+ 0x66, 0xc8, 0xa4, 0xa4, 0x82, 0x6c, 0x1b, 0xad, 0x68, 0x12, 0x3a, 0x7f,
+ 0x2d, 0x00, 0xfc, 0x17, 0x36, 0x52, 0x5f, 0xf9, 0x0c, 0x05, 0x8f, 0x56},
+ priv_key_3b,
+ true},
+
+ // malformed plaintext that generates a fake plaintext of length
+ // specified by 2nd to last value from PRF
+ {73,
+ {0x04, 0x33, 0x83, 0xc9, 0x29, 0x06, 0x03, 0x74, 0xed},
+ {0x75, 0x8c, 0x21, 0x5a, 0xa6, 0xac, 0xd6, 0x12, 0x48, 0x06, 0x2b, 0x88,
+ 0x28, 0x4b, 0xf4, 0x3c, 0x13, 0xcb, 0x3b, 0x3d, 0x02, 0x41, 0x0b, 0xe4,
+ 0x23, 0x86, 0x07, 0x44, 0x2f, 0x1c, 0x02, 0x16, 0x70, 0x6e, 0x21, 0xa0,
+ 0x3a, 0x2c, 0x10, 0xeb, 0x62, 0x4a, 0x63, 0x32, 0x2d, 0x85, 0x4d, 0xa1,
+ 0x95, 0xc0, 0x17, 0xb7, 0x6f, 0xea, 0x83, 0xe2, 0x74, 0xfa, 0x37, 0x18,
+ 0x34, 0xdc, 0xd2, 0xf3, 0xb7, 0xac, 0xcf, 0x43, 0x3f, 0xc2, 0x12, 0xad,
+ 0x76, 0xc0, 0xba, 0xc3, 0x66, 0xe1, 0xed, 0x32, 0xe2, 0x5b, 0x27, 0x9f,
+ 0x94, 0x12, 0x9b, 0xe7, 0xc6, 0x4d, 0x6e, 0x16, 0x2a, 0xdc, 0x08, 0xcc,
+ 0xeb, 0xc0, 0xcf, 0xe8, 0xe9, 0x26, 0xf0, 0x1c, 0x33, 0xab, 0x9c, 0x06,
+ 0x5f, 0x0e, 0x0a, 0xc8, 0x3a, 0xe5, 0x13, 0x7a, 0x4c, 0xb6, 0x67, 0x02,
+ 0x61, 0x5a, 0xd6, 0x8a, 0x35, 0x70, 0x7d, 0x86, 0x76, 0xd2, 0x74, 0x0d,
+ 0x7c, 0x1a, 0x95, 0x46, 0x80, 0xc8, 0x39, 0x80, 0xe1, 0x97, 0x78, 0xed,
+ 0x11, 0xee, 0xd3, 0xa7, 0xc2, 0xdb, 0xdf, 0xc4, 0x61, 0xa9, 0xbb, 0xef,
+ 0x67, 0x1c, 0x1b, 0xc0, 0x0c, 0x88, 0x2d, 0x36, 0x1d, 0x29, 0xd5, 0xf8,
+ 0x0c, 0x42, 0xbd, 0xf5, 0xef, 0xec, 0x88, 0x6c, 0x34, 0x13, 0x8f, 0x83,
+ 0x36, 0x9c, 0x69, 0x33, 0xb2, 0xac, 0x4e, 0x93, 0xe7, 0x64, 0x26, 0x53,
+ 0x51, 0xb4, 0xa0, 0x08, 0x3f, 0x04, 0x0e, 0x14, 0xf5, 0x11, 0xf0, 0x9b,
+ 0x22, 0xf9, 0x65, 0x66, 0x13, 0x88, 0x64, 0xe4, 0xe6, 0xff, 0x24, 0xda,
+ 0x48, 0x10, 0x09, 0x5d, 0xa9, 0x8e, 0x05, 0x85, 0x41, 0x09, 0x51, 0x53,
+ 0x8c, 0xed, 0x2f, 0x75, 0x7a, 0x27, 0x7f, 0xf8, 0xe1, 0x71, 0x72, 0xf0,
+ 0x65, 0x72, 0xc9, 0x02, 0x4e, 0xea, 0xe5, 0x03, 0xf1, 0x76, 0xfd, 0x46,
+ 0xeb, 0x6c, 0x5c, 0xd9, 0xba, 0x07, 0xaf, 0x11, 0xcd, 0xe3, 0x1d, 0xcc,
+ 0xac, 0x12, 0xeb, 0x3a, 0x42, 0x49, 0xa7, 0xbf, 0xd3, 0xb1, 0x97, 0x97,
+ 0xad, 0x16, 0x56, 0x98, 0x4b, 0xfc, 0xbf, 0x6f, 0x74, 0xe8, 0xf9, 0x9d,
+ 0x8f, 0x1a, 0xc4, 0x20, 0x81, 0x1f, 0x3d, 0x16, 0x6d, 0x87, 0xf9, 0x35,
+ 0xef, 0x15, 0xae, 0x85, 0x8c, 0xf9, 0xe7, 0x2c, 0x8e, 0x2b, 0x54, 0x7b,
+ 0xf1, 0x6c, 0x3f, 0xb0, 0x9a, 0x8c, 0x9b, 0xf8, 0x8f, 0xd2, 0xe5, 0xd3,
+ 0x8b, 0xf2, 0x4e, 0xd6, 0x10, 0x89, 0x61, 0x31, 0xa8, 0x4d, 0xf7, 0x6b,
+ 0x9f, 0x92, 0x0f, 0xe7, 0x6d, 0x71, 0xff, 0xf9, 0x38, 0xe9, 0x19, 0x9f,
+ 0x3b, 0x8c, 0xd0, 0xc1, 0x1f, 0xd0, 0x20, 0x1f, 0x91, 0x39, 0xd7, 0x67,
+ 0x3a, 0x87, 0x1a, 0x9e, 0x7d, 0x4a, 0xdc, 0x3b, 0xbe, 0x36, 0x0c, 0x88,
+ 0x13, 0x61, 0x7c, 0xd6, 0x0a, 0x90, 0x12, 0x8f, 0xbe, 0x34, 0xc9, 0xd5},
+ priv_key_3b,
+ true},
+
+ // malformed plaintext that generates a fake plaintext of length
+ // specified by 3rd to last value from PRF
+ {74,
+ {0x70, 0x26, 0x3f, 0xa6, 0x05, 0x05, 0x34, 0xb9, 0xe0},
+ {0x7b, 0x22, 0xd5, 0xe6, 0x2d, 0x28, 0x79, 0x68, 0xc6, 0x62, 0x21, 0x71,
+ 0xa1, 0xf7, 0x5d, 0xb4, 0xb0, 0xfd, 0x15, 0xcd, 0xf3, 0x13, 0x4a, 0x18,
+ 0x95, 0xd2, 0x35, 0xd5, 0x6f, 0x8d, 0x8f, 0xe6, 0x19, 0xf2, 0xbf, 0x48,
+ 0x68, 0x17, 0x4a, 0x91, 0xd7, 0x60, 0x1a, 0x82, 0x97, 0x5d, 0x22, 0x55,
+ 0x19, 0x0d, 0x28, 0xb8, 0x69, 0x14, 0x1d, 0x7c, 0x39, 0x5f, 0x0b, 0x8c,
+ 0x4e, 0x2b, 0xe2, 0xb2, 0xc1, 0xb4, 0xff, 0xc1, 0x2c, 0xe7, 0x49, 0xa6,
+ 0xf6, 0x80, 0x3d, 0x4c, 0xfe, 0x7f, 0xba, 0x0a, 0x8d, 0x69, 0x49, 0xc0,
+ 0x41, 0x51, 0xf9, 0x81, 0xc0, 0xd8, 0x45, 0x92, 0xaa, 0x2f, 0xf2, 0x5d,
+ 0x1b, 0xd3, 0xce, 0x5d, 0x10, 0xcb, 0x03, 0xda, 0xca, 0x6b, 0x49, 0x6c,
+ 0x6a, 0xd4, 0x0d, 0x30, 0xbf, 0xa8, 0xac, 0xdf, 0xd0, 0x2c, 0xdb, 0x93,
+ 0x26, 0xc4, 0xbd, 0xd9, 0x3b, 0x94, 0x9c, 0x9d, 0xc4, 0x6c, 0xaa, 0x8f,
+ 0x0e, 0x5f, 0x42, 0x97, 0x85, 0xbc, 0xe6, 0x41, 0x36, 0xa4, 0x29, 0xa3,
+ 0x69, 0x5e, 0xe6, 0x74, 0xb6, 0x47, 0x45, 0x2b, 0xea, 0x1b, 0x0c, 0x6d,
+ 0xe9, 0xc5, 0xf1, 0xe8, 0x76, 0x0d, 0x5e, 0xf6, 0xd5, 0xa9, 0xcf, 0xff,
+ 0x40, 0x45, 0x7b, 0x02, 0x3d, 0x3c, 0x23, 0x3c, 0x1d, 0xcb, 0x32, 0x3e,
+ 0x78, 0x08, 0x10, 0x3e, 0x73, 0x96, 0x3b, 0x2e, 0xaf, 0xc9, 0x28, 0xc9,
+ 0xee, 0xb0, 0xee, 0x32, 0x94, 0x95, 0x54, 0x15, 0xc1, 0xdd, 0xd9, 0xa1,
+ 0xbb, 0x7e, 0x13, 0x8f, 0xec, 0xd7, 0x9a, 0x3c, 0xb8, 0x9c, 0x57, 0xbd,
+ 0x23, 0x05, 0x52, 0x46, 0x24, 0x81, 0x4a, 0xaf, 0x0f, 0xd1, 0xac, 0xbf,
+ 0x37, 0x9f, 0x7f, 0x5b, 0x39, 0x42, 0x1f, 0x12, 0xf1, 0x15, 0xba, 0x48,
+ 0x8d, 0x38, 0x05, 0x86, 0x09, 0x5b, 0xb5, 0x3f, 0x17, 0x4f, 0xae, 0x42,
+ 0x4f, 0xa4, 0xc8, 0xe3, 0xb2, 0x99, 0x70, 0x9c, 0xd3, 0x44, 0xb9, 0xf9,
+ 0x49, 0xb1, 0xab, 0x57, 0xf1, 0xc6, 0x45, 0xd7, 0xed, 0x3c, 0x8f, 0x81,
+ 0xd5, 0x59, 0x41, 0x97, 0x35, 0x50, 0x29, 0xfe, 0xe8, 0x96, 0x09, 0x70,
+ 0xff, 0x59, 0x71, 0x0d, 0xc0, 0xe5, 0xeb, 0x50, 0xea, 0x6f, 0x4c, 0x39,
+ 0x38, 0xe3, 0xf8, 0x9e, 0xd7, 0x93, 0x30, 0x23, 0xa2, 0xc2, 0xdd, 0xff,
+ 0xab, 0xa0, 0x7b, 0xe1, 0x47, 0xf6, 0x86, 0x82, 0x8b, 0xd7, 0xd5, 0x20,
+ 0xf3, 0x00, 0x50, 0x7e, 0xd6, 0xe7, 0x1b, 0xda, 0xee, 0x05, 0x57, 0x0b,
+ 0x27, 0xbc, 0x92, 0x74, 0x11, 0x08, 0xac, 0x2e, 0xb4, 0x33, 0xf0, 0x28,
+ 0xe1, 0x38, 0xdd, 0x6d, 0x63, 0x06, 0x7b, 0xc2, 0x06, 0xea, 0x2d, 0x82,
+ 0x6a, 0x7f, 0x41, 0xc0, 0xd6, 0x13, 0xda, 0xed, 0x02, 0x0f, 0x0f, 0x30,
+ 0xf4, 0xe2, 0x72, 0xe9, 0x61, 0x8e, 0x0a, 0x8c, 0x39, 0x01, 0x8a, 0x83},
+ priv_key_3b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong first byte
+ // (0x01 instead of 0x00), generates a random 9 byte long plaintext
+ {75,
+ {0x6d, 0x8d, 0x3a, 0x09, 0x4f, 0xf3, 0xaf, 0xff, 0x4c},
+ {0x6d, 0xb8, 0x0a, 0xdb, 0x5f, 0xf0, 0xa7, 0x68, 0xca, 0xf1, 0x37, 0x8e,
+ 0xcc, 0x38, 0x2a, 0x69, 0x4e, 0x7d, 0x1b, 0xde, 0x2e, 0xff, 0x4b, 0xa1,
+ 0x2c, 0x48, 0xaa, 0xf7, 0x94, 0xde, 0xd7, 0xa9, 0x94, 0xa5, 0xb2, 0xb5,
+ 0x7a, 0xce, 0xc2, 0x0d, 0xbe, 0xc4, 0xae, 0x38, 0x5c, 0x9d, 0xd5, 0x31,
+ 0x94, 0x5c, 0x0f, 0x19, 0x7a, 0x54, 0x96, 0x90, 0x87, 0x25, 0xfc, 0x99,
+ 0xd8, 0x86, 0x01, 0xa1, 0x7d, 0x3b, 0xb0, 0xb2, 0xd3, 0x8d, 0x2c, 0x1c,
+ 0x31, 0x00, 0xf3, 0x99, 0x55, 0xa4, 0xcb, 0x3d, 0xbe, 0xd5, 0xa3, 0x8b,
+ 0xf9, 0x00, 0xf2, 0x3d, 0x91, 0xe1, 0x73, 0x64, 0x0e, 0x4e, 0xc6, 0x55,
+ 0xc8, 0x4f, 0xdf, 0xe7, 0x1f, 0xcd, 0xb1, 0x2a, 0x38, 0x61, 0x08, 0xfc,
+ 0xf7, 0x18, 0xc9, 0xb7, 0xaf, 0x37, 0xd3, 0x97, 0x03, 0xe8, 0x82, 0x43,
+ 0x62, 0x24, 0xc8, 0x77, 0xa2, 0x23, 0x5e, 0x83, 0x44, 0xfb, 0xa6, 0xc9,
+ 0x51, 0xeb, 0x7e, 0x2a, 0x4d, 0x1d, 0x1d, 0xe8, 0x1f, 0xb4, 0x63, 0xac,
+ 0x1b, 0x88, 0x0f, 0x6c, 0xc0, 0xe5, 0x9a, 0xde, 0x05, 0xc8, 0xce, 0x35,
+ 0x17, 0x9e, 0xcd, 0x09, 0x54, 0x67, 0x31, 0xfc, 0x07, 0xb1, 0x41, 0xd3,
+ 0xd6, 0xb3, 0x42, 0xa9, 0x7a, 0xe7, 0x47, 0xe6, 0x1a, 0x91, 0x30, 0xf7,
+ 0x2d, 0x37, 0xac, 0x5a, 0x2c, 0x30, 0x21, 0x5b, 0x6c, 0xbd, 0x66, 0xc7,
+ 0xdb, 0x89, 0x38, 0x10, 0xdf, 0x58, 0xb4, 0xc4, 0x57, 0xb4, 0xb5, 0x4f,
+ 0x34, 0x42, 0x82, 0x47, 0xd5, 0x84, 0xe0, 0xfa, 0x71, 0x06, 0x24, 0x46,
+ 0x21, 0x0d, 0xb0, 0x82, 0x54, 0xfb, 0x9e, 0xad, 0x1b, 0xa1, 0xa3, 0x93,
+ 0xc7, 0x24, 0xbd, 0x29, 0x1f, 0x0c, 0xf1, 0xa7, 0x14, 0x3f, 0x32, 0xdf,
+ 0x84, 0x90, 0x51, 0xdc, 0x89, 0x6d, 0x7d, 0x17, 0x6f, 0xef, 0x3b, 0x57,
+ 0xab, 0x6d, 0xff, 0xd6, 0x26, 0xd0, 0xc3, 0x04, 0x4e, 0x9e, 0xdb, 0x2e,
+ 0x3d, 0x01, 0x2a, 0xce, 0x20, 0x2d, 0x25, 0x81, 0xdf, 0x01, 0xbe, 0xc7,
+ 0xe9, 0xaa, 0x07, 0x27, 0xa6, 0x65, 0x0d, 0xd3, 0x73, 0xd3, 0x74, 0xf0,
+ 0xbc, 0x0f, 0x4a, 0x61, 0x1f, 0x81, 0x39, 0xdf, 0xe9, 0x7d, 0x63, 0xe7,
+ 0x0c, 0x61, 0x88, 0xf4, 0xdf, 0x5b, 0x67, 0x2e, 0x47, 0xc5, 0x1d, 0x8a,
+ 0xa5, 0x67, 0x09, 0x72, 0x93, 0xfb, 0xff, 0x12, 0x7c, 0x75, 0xec, 0x69,
+ 0x0b, 0x43, 0x40, 0x75, 0x78, 0xb7, 0x3c, 0x85, 0x45, 0x17, 0x10, 0xa0,
+ 0xce, 0xce, 0x58, 0xfd, 0x49, 0x7d, 0x7f, 0x7b, 0xd3, 0x6a, 0x8a, 0x92,
+ 0x78, 0x3e, 0xf7, 0xdc, 0x62, 0x65, 0xdf, 0xf5, 0x2a, 0xac, 0x8b, 0x70,
+ 0x34, 0x0b, 0x99, 0x65, 0x08, 0xd3, 0x92, 0x17, 0xf2, 0x78, 0x3c, 0xe6,
+ 0xfc, 0x91, 0xa1, 0xcc, 0x94, 0xbb, 0x2a, 0xc4, 0x87, 0xb8, 0x4f, 0x62},
+ priv_key_3b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong second byte
+ // (0x01 instead of 0x02), generates a random 9 byte long plaintext
+ {76,
+ {0xc6, 0xae, 0x80, 0xff, 0xa8, 0x0b, 0xc1, 0x84, 0xb0},
+ {0x41, 0x73, 0x28, 0xc0, 0x34, 0x45, 0x85, 0x63, 0x07, 0x9a, 0x40, 0x24,
+ 0x81, 0x7d, 0x01, 0x50, 0x34, 0x0c, 0x34, 0xe2, 0x5a, 0xe1, 0x6d, 0xca,
+ 0xd6, 0x90, 0x62, 0x3f, 0x70, 0x2e, 0x5c, 0x74, 0x8a, 0x6e, 0xbb, 0x34,
+ 0x19, 0xff, 0x48, 0xf4, 0x86, 0xf8, 0x3b, 0xa9, 0xdf, 0x35, 0xc0, 0x5e,
+ 0xfb, 0xd7, 0xf4, 0x06, 0x13, 0xf0, 0xfc, 0x99, 0x6c, 0x53, 0x70, 0x6c,
+ 0x30, 0xdf, 0x6b, 0xba, 0x6d, 0xcd, 0x4a, 0x40, 0x82, 0x5f, 0x96, 0x13,
+ 0x3f, 0x3c, 0x21, 0x63, 0x8a, 0x34, 0x2b, 0xd4, 0x66, 0x3d, 0xff, 0xbd,
+ 0x00, 0x73, 0x98, 0x0d, 0xac, 0x47, 0xf8, 0xc1, 0xdd, 0x8e, 0x97, 0xce,
+ 0x14, 0x12, 0xe4, 0xf9, 0x1f, 0x2a, 0x8a, 0xdb, 0x1a, 0xc2, 0xb1, 0x07,
+ 0x10, 0x66, 0xef, 0xe8, 0xd7, 0x18, 0xbb, 0xb8, 0x8c, 0xa4, 0xa5, 0x9b,
+ 0xd6, 0x15, 0x00, 0xe8, 0x26, 0xf2, 0x36, 0x52, 0x55, 0xa4, 0x09, 0xbe,
+ 0xce, 0x0f, 0x97, 0x2d, 0xf9, 0x7c, 0x3a, 0x55, 0xe0, 0x92, 0x89, 0xef,
+ 0x5f, 0xa8, 0x15, 0xa2, 0x35, 0x3e, 0xf3, 0x93, 0xfd, 0x1a, 0xec, 0xfc,
+ 0x88, 0x8d, 0x61, 0x1c, 0x16, 0xae, 0xc5, 0x32, 0xe5, 0x14, 0x8b, 0xe1,
+ 0x5e, 0xf1, 0xbf, 0x28, 0x34, 0xb8, 0xf7, 0x5b, 0xb2, 0x6d, 0xb0, 0x8b,
+ 0x66, 0xd2, 0xba, 0xad, 0x64, 0x64, 0xf8, 0x43, 0x9d, 0x19, 0x86, 0xb5,
+ 0x33, 0x81, 0x33, 0x21, 0xdb, 0xb1, 0x80, 0x08, 0x09, 0x10, 0xf2, 0x33,
+ 0xbc, 0xc4, 0xdd, 0x78, 0x4f, 0xb2, 0x18, 0x71, 0xae, 0xf4, 0x1b, 0xe0,
+ 0x8b, 0x7b, 0xfa, 0xd4, 0xec, 0xc3, 0xb6, 0x8f, 0x22, 0x8c, 0xb5, 0x31,
+ 0x7a, 0xc6, 0xec, 0x12, 0x27, 0xbc, 0x7d, 0x0e, 0x45, 0x20, 0x37, 0xba,
+ 0x91, 0x8e, 0xe1, 0xda, 0x9f, 0xdb, 0x83, 0x93, 0xae, 0x93, 0xb1, 0xe9,
+ 0x37, 0xa8, 0xd4, 0x69, 0x1a, 0x17, 0x87, 0x1d, 0x50, 0x92, 0xd2, 0x38,
+ 0x4b, 0x61, 0x90, 0xa5, 0x3d, 0xf8, 0x88, 0xf6, 0x5b, 0x95, 0x1b, 0x05,
+ 0xed, 0x4a, 0xd5, 0x7f, 0xe4, 0xb0, 0xc6, 0xa4, 0x7b, 0x5b, 0x22, 0xf3,
+ 0x2a, 0x7f, 0x23, 0xc1, 0xa2, 0x34, 0xc9, 0xfe, 0xb5, 0xd8, 0x71, 0x3d,
+ 0x94, 0x96, 0x86, 0x76, 0x06, 0x80, 0xda, 0x4d, 0xb4, 0x54, 0xf4, 0xac,
+ 0xad, 0x97, 0x24, 0x70, 0x03, 0x34, 0x72, 0xb9, 0x86, 0x4d, 0x63, 0xe8,
+ 0xd2, 0x3e, 0xef, 0xc8, 0x7e, 0xbc, 0xf4, 0x64, 0xec, 0xf3, 0x3f, 0x67,
+ 0xfb, 0xcd, 0xd4, 0x8e, 0xab, 0x38, 0xc5, 0x29, 0x25, 0x86, 0xb3, 0x6a,
+ 0xef, 0x59, 0x81, 0xed, 0x2f, 0xa0, 0x7b, 0x2f, 0x9e, 0x23, 0xfc, 0x57,
+ 0xd9, 0xeb, 0x71, 0xbf, 0xff, 0x41, 0x11, 0xc8, 0x57, 0xe9, 0xff, 0xf2,
+ 0x3c, 0xeb, 0x31, 0xe7, 0x25, 0x92, 0xe7, 0x0c, 0x87, 0x4b, 0x49, 0x36},
+ priv_key_3b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong third byte
+ // (0x00 instead of non-zero), generates a random 9 byte long plaintext
+ {77,
+ {0xa8, 0xa9, 0x30, 0x1d, 0xaa, 0x01, 0xbb, 0x25, 0xc7},
+ {0x85, 0x42, 0xc6, 0x26, 0xfe, 0x53, 0x34, 0x67, 0xac, 0xff, 0xcd, 0x4e,
+ 0x61, 0x76, 0x92, 0x24, 0x4c, 0x9b, 0x5a, 0x3b, 0xf0, 0xa2, 0x15, 0xc5,
+ 0xd6, 0x48, 0x91, 0xce, 0xd4, 0xbf, 0x4f, 0x95, 0x91, 0xb4, 0xb2, 0xae,
+ 0xdf, 0xf9, 0x84, 0x30, 0x57, 0x98, 0x6d, 0x81, 0x63, 0x1b, 0x0a, 0xcb,
+ 0x37, 0x04, 0xec, 0x21, 0x80, 0xe5, 0x69, 0x6e, 0x8b, 0xd1, 0x5b, 0x21,
+ 0x7a, 0x0e, 0xc3, 0x6d, 0x20, 0x61, 0xb0, 0xe2, 0x18, 0x2f, 0xaa, 0x3d,
+ 0x1c, 0x59, 0xbd, 0x3f, 0x90, 0x86, 0xa1, 0x00, 0x77, 0xa3, 0x33, 0x7a,
+ 0x3f, 0x5d, 0xa5, 0x03, 0xec, 0x37, 0x53, 0x53, 0x5f, 0xfd, 0x25, 0xb8,
+ 0x37, 0xa1, 0x2f, 0x25, 0x41, 0xaf, 0xef, 0xd0, 0xcf, 0xfb, 0x02, 0x24,
+ 0xb8, 0xf8, 0x74, 0xe4, 0xbe, 0xd1, 0x39, 0x49, 0xe1, 0x05, 0xc0, 0x75,
+ 0xed, 0x44, 0xe2, 0x87, 0xc5, 0xae, 0x03, 0xb1, 0x55, 0xe0, 0x6b, 0x90,
+ 0xed, 0x24, 0x7d, 0x2c, 0x07, 0xf1, 0xef, 0x33, 0x23, 0xe3, 0x50, 0x8c,
+ 0xce, 0x4e, 0x40, 0x74, 0x60, 0x6c, 0x54, 0x17, 0x2a, 0xd7, 0x4d, 0x12,
+ 0xf8, 0xc3, 0xa4, 0x7f, 0x65, 0x4a, 0xd6, 0x71, 0x10, 0x4b, 0xf7, 0x68,
+ 0x1e, 0x5b, 0x06, 0x18, 0x62, 0x74, 0x7d, 0x9a, 0xfd, 0x37, 0xe0, 0x7d,
+ 0x8e, 0x0e, 0x22, 0x91, 0xe0, 0x1f, 0x14, 0xa9, 0x5a, 0x1b, 0xb4, 0xcb,
+ 0xb4, 0x7c, 0x30, 0x4e, 0xf0, 0x67, 0x59, 0x5a, 0x39, 0x47, 0xee, 0x2d,
+ 0x72, 0x20, 0x67, 0xe3, 0x8a, 0x0f, 0x04, 0x6f, 0x43, 0xec, 0x29, 0xca,
+ 0xc6, 0xa8, 0x80, 0x1c, 0x6e, 0x3e, 0x9a, 0x23, 0x31, 0xb1, 0xd4, 0x5a,
+ 0x7a, 0xa2, 0xc6, 0xaf, 0x32, 0x05, 0xbe, 0x38, 0x2d, 0xd0, 0x26, 0xe3,
+ 0x89, 0x61, 0x4e, 0xe0, 0x95, 0x66, 0x5a, 0x61, 0x1a, 0xb2, 0xe8, 0xdc,
+ 0xed, 0x2e, 0xe1, 0xc9, 0xd0, 0x8a, 0xc9, 0xde, 0x11, 0xae, 0xf5, 0xb3,
+ 0x80, 0x3f, 0xc9, 0xa9, 0xce, 0x82, 0x31, 0xec, 0x87, 0xb5, 0xfe, 0xd3,
+ 0x86, 0xfb, 0x92, 0xee, 0x3d, 0xb9, 0x95, 0xa8, 0x93, 0x07, 0xbc, 0xba,
+ 0x84, 0x4b, 0xd0, 0xa6, 0x91, 0xc2, 0x9a, 0xe5, 0x12, 0x16, 0xe9, 0x49,
+ 0xdf, 0xc8, 0x13, 0x13, 0x3c, 0xb0, 0x6a, 0x07, 0x26, 0x5f, 0xd8, 0x07,
+ 0xbc, 0xb3, 0x37, 0x7f, 0x6a, 0xdb, 0x0a, 0x48, 0x1d, 0x9b, 0x7f, 0x44,
+ 0x20, 0x03, 0x11, 0x58, 0x95, 0x93, 0x97, 0x73, 0xe6, 0xb9, 0x53, 0x71,
+ 0xc4, 0xfe, 0xbe, 0xf2, 0x9e, 0xda, 0xe9, 0x46, 0xfa, 0x24, 0x5e, 0x7c,
+ 0x50, 0x72, 0x9e, 0x2e, 0x55, 0x8c, 0xfa, 0xad, 0x77, 0x3d, 0x1f, 0xd5,
+ 0xf6, 0x7b, 0x45, 0x7a, 0x6d, 0x9d, 0x17, 0xa8, 0x47, 0xc6, 0xfc, 0xbd,
+ 0xb1, 0x03, 0xa8, 0x6f, 0x35, 0xf2, 0x28, 0xce, 0xfc, 0x06, 0xce, 0xa0},
+ priv_key_3b,
+ true},
+
+ // an otherwise correct plaintext, but with wrong tenth byte
+ // (0x00 instead of non-zero), generates a random 9 byte long plaintext
+ {78,
+ {0x6c, 0x71, 0x6f, 0xe0, 0x1d, 0x44, 0x39, 0x80, 0x18},
+ {0x44, 0x9d, 0xfa, 0x23, 0x7a, 0x70, 0xa9, 0x9c, 0xb0, 0x35, 0x17, 0x93,
+ 0xec, 0x86, 0x77, 0x88, 0x20, 0x21, 0xc2, 0xaa, 0x74, 0x35, 0x80, 0xbf,
+ 0x6a, 0x0e, 0xa6, 0x72, 0x05, 0x5c, 0xff, 0xe8, 0x30, 0x3a, 0xc4, 0x28,
+ 0x55, 0xb1, 0xd1, 0xf3, 0x37, 0x3a, 0xae, 0x6a, 0xf0, 0x9c, 0xb9, 0x07,
+ 0x41, 0x80, 0xfc, 0x96, 0x3e, 0x9d, 0x14, 0x78, 0xa4, 0xf9, 0x8b, 0x3b,
+ 0x48, 0x61, 0xd3, 0xe7, 0xf0, 0xaa, 0x85, 0x60, 0xcf, 0x60, 0x37, 0x11,
+ 0xf1, 0x39, 0xdb, 0x77, 0x66, 0x7c, 0xa1, 0x4b, 0xa3, 0xa1, 0xac, 0xde,
+ 0xdf, 0xca, 0x9e, 0xf4, 0x60, 0x3d, 0x6d, 0x7e, 0xb0, 0x64, 0x5b, 0xfc,
+ 0x80, 0x53, 0x04, 0xf9, 0xad, 0x9d, 0x77, 0xd3, 0x47, 0x62, 0xce, 0x5c,
+ 0xd8, 0x4b, 0xd3, 0xec, 0x9d, 0x35, 0xc3, 0x0e, 0x3b, 0xe7, 0x2a, 0x1e,
+ 0x8d, 0x35, 0x5d, 0x56, 0x74, 0xa1, 0x41, 0xb5, 0x53, 0x06, 0x59, 0xad,
+ 0x64, 0xeb, 0xb6, 0x08, 0x2e, 0x6f, 0x73, 0xa8, 0x08, 0x32, 0xab, 0x63,
+ 0x88, 0x91, 0x25, 0x38, 0x91, 0x46, 0x54, 0xd3, 0x46, 0x02, 0xf4, 0xb3,
+ 0xb1, 0xc7, 0x85, 0x89, 0xb4, 0xa5, 0xd9, 0x64, 0xb2, 0xef, 0xcc, 0xa1,
+ 0xdc, 0x70, 0x04, 0xc4, 0x1f, 0x6c, 0xaf, 0xcb, 0x5a, 0x71, 0x59, 0xa7,
+ 0xfc, 0x7c, 0x03, 0x98, 0x60, 0x4d, 0x0e, 0xdb, 0xd4, 0xc8, 0xf4, 0xf0,
+ 0x40, 0x67, 0xda, 0x6a, 0x15, 0x3a, 0x05, 0xe7, 0xcb, 0xee, 0xa1, 0x3b,
+ 0x5e, 0xe4, 0x12, 0x40, 0x0e, 0xf7, 0xd4, 0xf3, 0x10, 0x6f, 0x47, 0x98,
+ 0xda, 0x70, 0x7e, 0xc3, 0x7a, 0x11, 0x28, 0x6d, 0xf2, 0xb7, 0xa2, 0x04,
+ 0x85, 0x6d, 0x5f, 0xf7, 0x73, 0x61, 0x3f, 0xd1, 0xe4, 0x53, 0xa7, 0x11,
+ 0x4b, 0x78, 0xe3, 0x47, 0xd3, 0xe8, 0x07, 0x8e, 0x1c, 0xb3, 0x27, 0x6b,
+ 0x35, 0x62, 0x48, 0x6b, 0xa6, 0x30, 0xbf, 0x71, 0x96, 0x97, 0xe0, 0x07,
+ 0x3a, 0x12, 0x3c, 0x3e, 0x60, 0xeb, 0xb5, 0xc7, 0xa1, 0xcc, 0xff, 0x42,
+ 0x79, 0xfa, 0xff, 0xa2, 0x40, 0x2b, 0xc1, 0x10, 0x9f, 0x8d, 0x55, 0x9d,
+ 0x67, 0x66, 0xe7, 0x35, 0x91, 0x94, 0x3d, 0xfc, 0xf2, 0x5b, 0xa1, 0x0c,
+ 0x37, 0x62, 0xf0, 0x2a, 0xf8, 0x51, 0x87, 0x79, 0x9b, 0x8b, 0x4b, 0x13,
+ 0x5c, 0x39, 0x90, 0x79, 0x3a, 0x6f, 0xd3, 0x26, 0x42, 0xf1, 0x55, 0x74,
+ 0x05, 0xba, 0x55, 0xcc, 0x7c, 0xf7, 0x33, 0x6a, 0x0e, 0x96, 0x70, 0x73,
+ 0xc5, 0xfa, 0x50, 0x74, 0x3f, 0x9c, 0xc5, 0xe3, 0x01, 0x7c, 0x17, 0x2d,
+ 0x98, 0x98, 0xd2, 0xaf, 0x83, 0x34, 0x5e, 0x71, 0xb3, 0xe0, 0xc2, 0x2a,
+ 0xb7, 0x91, 0xea, 0xcb, 0x64, 0x84, 0xa3, 0x2e, 0xc6, 0x0e, 0xbc, 0x22,
+ 0x6e, 0xc9, 0xde, 0xae, 0xe9, 0x1b, 0x1a, 0x05, 0x60, 0xc2, 0xb5, 0x71},
+ priv_key_3b,
+ true},
+
+ // an otherwise correct plaintext, but with the null byte specifying
+ // end of padding missing, generates a random 9 byte long plaintext
+ {79,
+ {0xaa, 0x2d, 0xe6, 0xcd, 0xe4, 0xe2, 0x44, 0x28, 0x84},
+ {0xa7, 0xa5, 0xc9, 0x9e, 0x50, 0xda, 0x48, 0x76, 0x9e, 0xcb, 0x77, 0x9d,
+ 0x9a, 0xbe, 0x86, 0xef, 0x9e, 0xc8, 0xc3, 0x8c, 0x6f, 0x43, 0xf1, 0x7c,
+ 0x7f, 0x2d, 0x7a, 0xf6, 0x08, 0xa4, 0xa1, 0xbd, 0x6c, 0xf6, 0x95, 0xb4,
+ 0x7e, 0x97, 0xc1, 0x91, 0xc6, 0x1f, 0xb5, 0xa2, 0x73, 0x18, 0xd0, 0x2f,
+ 0x49, 0x5a, 0x17, 0x6b, 0x9f, 0xae, 0x5a, 0x55, 0xb5, 0xd3, 0xfa, 0xbd,
+ 0x1d, 0x8a, 0xae, 0x49, 0x57, 0xe3, 0x87, 0x9c, 0xb0, 0xc6, 0x0f, 0x03,
+ 0x77, 0x24, 0xe1, 0x1b, 0xe5, 0xf3, 0x0f, 0x08, 0xfc, 0x51, 0xc0, 0x33,
+ 0x73, 0x1f, 0x14, 0xb4, 0x4b, 0x41, 0x4d, 0x11, 0x27, 0x8c, 0xd3, 0xdb,
+ 0xa7, 0xe1, 0xc8, 0xbf, 0xe2, 0x08, 0xd2, 0xb2, 0xbb, 0x7e, 0xc3, 0x63,
+ 0x66, 0xda, 0xcb, 0x6c, 0x88, 0xb2, 0x4c, 0xd7, 0x9a, 0xb3, 0x94, 0xad,
+ 0xf1, 0x9d, 0xbb, 0xc2, 0x1d, 0xfa, 0x57, 0x88, 0xba, 0xcb, 0xad, 0xc6,
+ 0xa6, 0x2f, 0x79, 0xcf, 0x54, 0xfd, 0x8c, 0xf5, 0x85, 0xc6, 0x15, 0xb5,
+ 0xc0, 0xeb, 0x94, 0xc3, 0x5a, 0xa9, 0xde, 0x25, 0x32, 0x1c, 0x8f, 0xfe,
+ 0xfb, 0x89, 0x16, 0xbb, 0xaa, 0x26, 0x97, 0xcb, 0x2d, 0xd8, 0x2e, 0xe9,
+ 0x89, 0x39, 0xdf, 0x9b, 0x67, 0x04, 0xce, 0xe7, 0x77, 0x93, 0xed, 0xd2,
+ 0xb4, 0x94, 0x7d, 0x82, 0xe0, 0x0e, 0x57, 0x49, 0x66, 0x49, 0x70, 0x73,
+ 0x6c, 0x59, 0xa8, 0x41, 0x97, 0xbd, 0x72, 0xb5, 0xc7, 0x1e, 0x36, 0xaa,
+ 0xe2, 0x9c, 0xd3, 0x9a, 0xf6, 0xac, 0x73, 0xa3, 0x68, 0xed, 0xbc, 0x1c,
+ 0xa7, 0x92, 0xe1, 0x30, 0x9f, 0x44, 0x2a, 0xaf, 0xcd, 0x77, 0xc9, 0x92,
+ 0xc8, 0x8f, 0x8e, 0x48, 0x63, 0x14, 0x9f, 0x22, 0x16, 0x95, 0xcb, 0x7b,
+ 0x02, 0x36, 0xe7, 0x5b, 0x23, 0x39, 0xa0, 0x2c, 0x4e, 0xa1, 0x14, 0x85,
+ 0x43, 0x72, 0xc3, 0x06, 0xb9, 0x41, 0x2d, 0x8e, 0xed, 0xb6, 0x00, 0xa3,
+ 0x15, 0x32, 0x00, 0x2f, 0x2c, 0xea, 0x07, 0xb4, 0xdf, 0x96, 0x3a, 0x09,
+ 0x31, 0x85, 0xe4, 0x60, 0x77, 0x32, 0xe4, 0x6d, 0x75, 0x3b, 0x54, 0x09,
+ 0x74, 0xfb, 0x5a, 0x5c, 0x3f, 0x94, 0x32, 0xdf, 0x22, 0xe8, 0x5b, 0xb1,
+ 0x76, 0x11, 0x37, 0x09, 0x66, 0xc5, 0x52, 0x2f, 0xd2, 0x3f, 0x2a, 0xd3,
+ 0x48, 0x43, 0x41, 0xba, 0x7f, 0xd8, 0x88, 0x5f, 0xc8, 0xe6, 0xd3, 0x79,
+ 0xa6, 0x11, 0xd1, 0x3a, 0x2a, 0xca, 0x78, 0x4f, 0xba, 0x20, 0x73, 0x20,
+ 0x8f, 0xaa, 0xd2, 0x13, 0x7b, 0xf1, 0x97, 0x9a, 0x0f, 0xa1, 0x46, 0xc1,
+ 0x88, 0x0d, 0x43, 0x37, 0xdb, 0x32, 0x74, 0x26, 0x94, 0x93, 0xba, 0xb4,
+ 0x4a, 0x1b, 0xcd, 0x06, 0x81, 0xf7, 0x22, 0x7f, 0xfd, 0xf5, 0x89, 0xc2,
+ 0xe9, 0x25, 0xed, 0x9d, 0x36, 0x30, 0x25, 0x09, 0xd1, 0x10, 0x9b, 0xa4},
+ priv_key_3b,
true}};
-
#endif // rsa_pkcs1_3072_vectors_h__--- a/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h
+++ b/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h
@@ -7056,17 +7056,52 @@ const RsaDecryptTestVector kRsa4096Decry
0x8d, 0x86, 0x7d, 0x5b, 0x74, 0x60, 0x61, 0xba, 0x71, 0xd5, 0x0c, 0x2d,
0x7a, 0xb4, 0xaf, 0x66, 0xdb, 0x6a, 0xfc, 0xb1},
priv_key_66,
true},
// Comment: ps is all 0
// tcID: 9
{9,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x27, 0xe1, 0x93, 0x04, 0xbd, 0xb4, 0xfe, 0xd3, 0x32, 0xa8, 0xdf, 0x6b,
+ 0x7f, 0x05, 0x58, 0x70, 0x4a, 0x96, 0x8c, 0xaa, 0x57, 0xf7, 0x31, 0x81,
+ 0x3c, 0x94, 0x39, 0x9b, 0xc9, 0x38, 0x1e, 0xc8, 0x6d, 0x7d, 0x92, 0x29,
+ 0x98, 0x5f, 0x46, 0xef, 0xec, 0x15, 0x40, 0x9c, 0x01, 0x58, 0x97, 0xbd,
+ 0xda, 0xf3, 0xea, 0xf2, 0x20, 0x12, 0x9d, 0x63, 0x6c, 0x2a, 0xd0, 0x1b,
+ 0xdf, 0xed, 0x28, 0x13, 0xc3, 0xab, 0x83, 0xd2, 0x41, 0xee, 0x0d, 0xb3,
+ 0x43, 0x8d, 0x11, 0xa1, 0x46, 0x18, 0x49, 0x05, 0x70, 0x6e, 0x77, 0xac,
+ 0xd1, 0xe4, 0x0b, 0xd4, 0x28, 0x7c, 0x8b, 0x16, 0xe7, 0xec, 0xb2, 0x7e,
+ 0x6b, 0x38, 0xcc, 0xeb, 0x59, 0x12, 0xb5, 0xf8, 0x36, 0xf7, 0xf9, 0x3b,
+ 0x42, 0x7a, 0x6e, 0xc5, 0x01, 0xbc, 0x14, 0x8e, 0x2d, 0xea, 0x44, 0xfe,
+ 0xfd, 0xee, 0xf4, 0xcb, 0xa2, 0x22, 0x88, 0x61, 0xd1, 0x33, 0xc2, 0xc3,
+ 0x61, 0x9b, 0x1f, 0x0d, 0xcf, 0x82, 0x13, 0x84, 0xd2, 0x4f, 0x60, 0xd8,
+ 0x16, 0xdc, 0xc8, 0xe8, 0x6c, 0x02, 0x82, 0x43, 0xfa, 0x9d, 0x79, 0x67,
+ 0xbb, 0x76, 0xa0, 0xae, 0x02, 0x18, 0xc8, 0x66, 0x0d, 0xab, 0x50, 0x7f,
+ 0xaf, 0x7d, 0x27, 0xf1, 0x48, 0x3d, 0xbb, 0xde, 0x0f, 0xe7, 0x90, 0x8d,
+ 0x53, 0x5d, 0x41, 0x56, 0xbc, 0xb4, 0x25, 0xb3, 0xba, 0xb8, 0xb4, 0x63,
+ 0x92, 0x49, 0xcc, 0x8d, 0xe0, 0x3d, 0x75, 0x67, 0xa5, 0xb4, 0x8f, 0x61,
+ 0x47, 0xc7, 0xa8, 0x65, 0x53, 0x7c, 0x52, 0x69, 0xb2, 0x35, 0x7a, 0xc5,
+ 0xf5, 0xa9, 0xc7, 0x49, 0x5d, 0xbb, 0x80, 0x9f, 0x35, 0xe6, 0xae, 0xa6,
+ 0x7e, 0xba, 0x0e, 0x9d, 0xbe, 0xca, 0xbf, 0x8e, 0x2c, 0xa9, 0xa6, 0x13,
+ 0x95, 0x06, 0x07, 0x73, 0xd3, 0xe0, 0xd0, 0xcf, 0x9b, 0x36, 0x6d, 0x4a,
+ 0xe5, 0xc2, 0xe7, 0x6a, 0xe0, 0xd7, 0x0b, 0x01, 0xf2, 0xf7, 0xf3, 0x4c,
+ 0xf1, 0x7b, 0x31, 0x14, 0x10, 0x9b, 0xb4, 0x0e, 0x1a, 0xce, 0x71, 0x3d,
+ 0xec, 0x0d, 0xee, 0xcc, 0xec, 0xee, 0x18, 0x4e, 0x88, 0xca, 0x80, 0x99,
+ 0xf2, 0x88, 0x7a, 0x5f, 0xdc, 0x86, 0x34, 0xdc, 0x93, 0xdb, 0x58, 0x31,
+ 0x44, 0xfa, 0x2a, 0x7b, 0x36, 0x8e, 0x4a, 0x50, 0x33, 0x7c, 0xba, 0x7a,
+ 0x85, 0xf3, 0xe5, 0x62, 0xe2, 0xe8, 0x65, 0x70, 0x57, 0xd6, 0x30, 0x6a,
+ 0x62, 0xdf, 0x07, 0x87, 0x1d, 0x07, 0x92, 0x92, 0x43, 0x65, 0xb2, 0x42,
+ 0x3a, 0xb3, 0x7e, 0x29, 0x61, 0xcb, 0x64, 0x03, 0x19, 0x3a, 0x88, 0x1a,
+ 0x35, 0xfa, 0x31, 0xaf, 0x00, 0xa1, 0xeb, 0x38, 0x58, 0xfb, 0xee, 0xe6,
+ 0x23, 0x17, 0x16, 0x89, 0x71, 0x76, 0xdb, 0x77, 0x34, 0x2b, 0x3e, 0x67,
+ 0x62, 0x58, 0x35, 0xcb, 0xff, 0xdb, 0x94, 0xd0, 0x2c, 0xaf, 0x9e, 0x75,
+ 0x11, 0x75, 0xd5, 0xab, 0x1b, 0x2f, 0xb2, 0xaf, 0xd3, 0xfe, 0x8b, 0x23,
+ 0xad, 0x8e, 0x0b, 0x32, 0x2e, 0x8e, 0xe9, 0xbd, 0x59, 0xc3, 0x1d, 0xbe,
+ 0xbb, 0xb1, 0x5e, 0x06, 0xe0, 0xa3, 0x9b, 0x00, 0xee, 0xc9, 0xd5, 0xa6},
{0x55, 0x6e, 0xa7, 0xb7, 0xb4, 0xca, 0x2c, 0xee, 0x4c, 0xb4, 0xa3, 0x86,
0x74, 0x4b, 0x99, 0xcc, 0x7f, 0xea, 0x3a, 0xd3, 0x59, 0xca, 0xc1, 0xf0,
0x8f, 0xac, 0x04, 0x17, 0xe0, 0x51, 0xac, 0x35, 0xa7, 0x04, 0xc0, 0x51,
0xa1, 0x4e, 0xb3, 0x03, 0x1b, 0xfb, 0x25, 0xbe, 0xd2, 0xc5, 0x1e, 0x19,
0x67, 0x06, 0x8b, 0x19, 0x27, 0xd5, 0x95, 0xd4, 0x0c, 0x6f, 0x9d, 0x5e,
0xe0, 0x29, 0xdb, 0x18, 0x79, 0x93, 0xbf, 0xfa, 0xcd, 0x77, 0x20, 0x75,
0xe9, 0xb1, 0x6f, 0x8b, 0xfc, 0x0d, 0xbd, 0x5a, 0x18, 0xff, 0x06, 0x5c,
0xb6, 0xf9, 0x9e, 0xd7, 0x59, 0xd2, 0x19, 0xf3, 0xe0, 0x3b, 0xaf, 0x53,
@@ -7101,17 +7136,17 @@ const RsaDecryptTestVector kRsa4096Decry
0xaf, 0xf9, 0x45, 0xcb, 0x03, 0x99, 0xf7, 0x42, 0xd2, 0x00, 0xbe, 0x70,
0x57, 0x37, 0x55, 0x38, 0x70, 0x1c, 0x3d, 0x51, 0x01, 0xfe, 0xee, 0x7b,
0x02, 0x15, 0x9d, 0xed, 0x18, 0x5e, 0xee, 0xaa, 0xed, 0xb7, 0x2c, 0xa1,
0xd4, 0x18, 0x9a, 0xd1, 0x65, 0xb2, 0x90, 0xb6, 0xb3, 0x26, 0x1b, 0x0c,
0xbf, 0x74, 0xa8, 0x7e, 0x17, 0x96, 0xc1, 0xb1, 0x28, 0xa7, 0xd8, 0xbd,
0xe8, 0x9e, 0x18, 0x99, 0x17, 0x21, 0x5c, 0xc0, 0x13, 0xad, 0xd1, 0xc0,
0x7f, 0x8e, 0xb1, 0xde, 0x06, 0x9c, 0xe0, 0x48},
priv_key_66,
- false},
+ true},
// Comment: ps is all 1
// tcID: 10
{10,
{0x54, 0x65, 0x73, 0x74},
{0x2e, 0x63, 0x09, 0x33, 0x4d, 0x66, 0xe1, 0x5e, 0x8c, 0xbe, 0x39, 0xa9,
0xcd, 0x2c, 0x3c, 0x6d, 0x8f, 0x19, 0xd4, 0x9f, 0x01, 0x7d, 0x87, 0xab,
0xb9, 0x9d, 0xd4, 0xb3, 0x21, 0x35, 0x96, 0x85, 0x86, 0x76, 0x6b, 0xea,
@@ -7206,17 +7241,36 @@ const RsaDecryptTestVector kRsa4096Decry
0x2a, 0x59, 0x95, 0x15, 0xe0, 0x8a, 0x96, 0xdc, 0xdf, 0xe2, 0xa8, 0xb8,
0xda, 0xbc, 0x0a, 0x4d, 0xca, 0xc4, 0xca, 0xbd},
priv_key_66,
true},
// Comment: byte 0 of ps is 0
// tcID: 12
{12,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x03, 0x7a, 0x7a, 0x13, 0x23, 0x93, 0x4e, 0xd8, 0x3a, 0xaa, 0x79, 0x21,
+ 0xb1, 0xaf, 0xb1, 0x0d, 0xa9, 0x33, 0x17, 0x1e, 0xe6, 0xcb, 0xe1, 0xd3,
+ 0x90, 0x3c, 0x5b, 0xff, 0xa7, 0x2d, 0x16, 0xa1, 0xed, 0x1d, 0x21, 0x75,
+ 0xb2, 0x88, 0x50, 0x5a, 0x28, 0x7b, 0x59, 0x42, 0x5e, 0xdf, 0xc0, 0xe3,
+ 0x99, 0x3c, 0x6c, 0x1d, 0x4a, 0xa0, 0x26, 0xc8, 0x2b, 0x91, 0xc2, 0x64,
+ 0xaa, 0xe0, 0xdf, 0x54, 0xbb, 0x11, 0x83, 0x49, 0x8b, 0xd6, 0x8b, 0x47,
+ 0x57, 0x99, 0x18, 0xf4, 0x0c, 0xec, 0x24, 0x1f, 0x71, 0x1e, 0xb2, 0x5d,
+ 0xe1, 0x14, 0xa8, 0x74, 0xf7, 0x0f, 0xeb, 0xec, 0x4f, 0x2d, 0x95, 0x5e,
+ 0x11, 0x6b, 0x43, 0x48, 0xc2, 0x8b, 0x87, 0x1c, 0xa2, 0xba, 0xd1, 0xdf,
+ 0xf4, 0x12, 0x86, 0x8d, 0x7e, 0xac, 0xf2, 0x1d, 0x70, 0x98, 0x37, 0xec,
+ 0xd7, 0x88, 0x25, 0x7f, 0x9b, 0xbd, 0xf4, 0xf7, 0x25, 0xb4, 0x09, 0x0a,
+ 0x64, 0xc6, 0x4e, 0x82, 0x5e, 0x01, 0x21, 0xd0, 0x4c, 0x75, 0xb9, 0x76,
+ 0xbc, 0xe6, 0x88, 0x57, 0x23, 0x4a, 0x8d, 0x6f, 0x74, 0x46, 0xfc, 0x9d,
+ 0x6d, 0x71, 0x74, 0x5e, 0xb6, 0x71, 0x51, 0x77, 0x1a, 0x16, 0x3e, 0x39,
+ 0xe9, 0x3b, 0xa6, 0xfe, 0xd7, 0x38, 0x8e, 0x68, 0x64, 0xf8, 0xb4, 0xf8,
+ 0x49, 0xd2, 0x89, 0xa9, 0xa1, 0x3e, 0x8f, 0x4e, 0xf9, 0xf2, 0xce, 0xc9,
+ 0xbc, 0xa2, 0xdc, 0x33, 0x5e, 0x28, 0x22, 0xf6, 0xf8, 0x22, 0xc4, 0x32,
+ 0x4b, 0xa9, 0x58, 0x5c, 0x28, 0xab, 0x58, 0xf5, 0xe5, 0x56, 0xd7, 0x2d,
+ 0x4d, 0xc4},
{0x4a, 0x7a, 0x03, 0x20, 0x2b, 0x98, 0x23, 0x09, 0xbc, 0xf2, 0xf9, 0x9d,
0x30, 0xcd, 0x0b, 0xeb, 0xe2, 0x4b, 0x43, 0x80, 0x0e, 0x3b, 0xef, 0x58,
0xab, 0xbc, 0x11, 0xe8, 0x65, 0xec, 0x2b, 0xce, 0xed, 0x4d, 0x25, 0xae,
0x1a, 0xa9, 0x57, 0x50, 0xd2, 0x67, 0x23, 0x3c, 0x5d, 0xb0, 0x86, 0x0e,
0x48, 0x22, 0x8a, 0x4f, 0xd8, 0xc2, 0x95, 0x3f, 0xca, 0x6b, 0xc7, 0xae,
0xf9, 0x59, 0x72, 0x9a, 0x7d, 0x35, 0xc9, 0xaf, 0x48, 0x68, 0xfe, 0x63,
0x30, 0x3b, 0xa4, 0xf0, 0x0a, 0x8f, 0xef, 0x77, 0x7e, 0xec, 0xab, 0x7b,
0xae, 0xb5, 0xd9, 0xdb, 0x61, 0xc4, 0xa7, 0x58, 0x1e, 0xb0, 0xc1, 0x2c,
@@ -7251,22 +7305,26 @@ const RsaDecryptTestVector kRsa4096Decry
0x45, 0x9c, 0xd0, 0x72, 0x02, 0x94, 0x5b, 0x97, 0x87, 0x32, 0x28, 0xfb,
0x28, 0x0e, 0xf7, 0x70, 0xfd, 0x31, 0x7a, 0xd5, 0xb2, 0xd3, 0x69, 0x25,
0x82, 0x6d, 0x78, 0x6b, 0xdc, 0x9f, 0xbb, 0x76, 0x0d, 0x39, 0x07, 0xd3,
0xef, 0x82, 0x6a, 0x6e, 0xa4, 0x7b, 0x0e, 0xac, 0x1e, 0xf7, 0x09, 0xb7,
0xef, 0xac, 0xd4, 0x0a, 0xcf, 0x51, 0x33, 0x9e, 0xbe, 0x4b, 0x99, 0x70,
0x2e, 0x08, 0x4b, 0xb6, 0xa1, 0x5f, 0x07, 0x0d, 0x40, 0x9d, 0xf7, 0xe7,
0xfc, 0x80, 0x2e, 0x0e, 0x6a, 0x98, 0x8a, 0x05},
priv_key_66,
- false},
+ true},
// Comment: byte 1 of ps is 0
// tcID: 13
{13,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x5a, 0x5f, 0x3c, 0xfa, 0xcb, 0x59, 0xe7, 0xaa, 0x7d, 0xad,
+ 0x3a, 0x79, 0x05, 0x25, 0x9c, 0x38, 0x13, 0x1f, 0x07, 0x10,
+ 0xdc, 0x75, 0xe5, 0x47, 0x2c, 0x2c, 0x28, 0xc8, 0x62, 0xe9,
+ 0x05, 0xa4, 0xb3, 0x0e, 0x65, 0x94, 0x64, 0xd8, 0xef, 0x5b},
{0x05, 0x25, 0x6d, 0xdf, 0x55, 0x99, 0x1c, 0xf3, 0xe7, 0x4b, 0x8f, 0xb8,
0xb3, 0x17, 0x2d, 0xb6, 0xe3, 0x27, 0xf1, 0x5c, 0x2c, 0xf1, 0x38, 0x30,
0xfd, 0x16, 0x97, 0x16, 0xf7, 0xe5, 0xe7, 0x17, 0x14, 0x7f, 0x91, 0x60,
0x28, 0x14, 0xe4, 0xe7, 0xb3, 0x8e, 0xc9, 0xbb, 0x7f, 0xb5, 0xb5, 0xb6,
0x08, 0x95, 0xa8, 0x9a, 0x94, 0x9d, 0x83, 0x53, 0x98, 0xee, 0x67, 0x98,
0x85, 0x7e, 0x05, 0x85, 0x74, 0x38, 0xec, 0x27, 0xdc, 0xc8, 0x97, 0xa7,
0x77, 0xb8, 0x5d, 0x42, 0x01, 0x46, 0xe5, 0xa0, 0xf0, 0xff, 0x64, 0xb2,
0x39, 0x79, 0xb9, 0x62, 0x6b, 0xf6, 0xa3, 0x4a, 0x8e, 0x01, 0x65, 0x8f,
@@ -7301,22 +7359,25 @@ const RsaDecryptTestVector kRsa4096Decry
0xd8, 0x9c, 0x0d, 0x98, 0x6e, 0xb8, 0x8e, 0xcf, 0x57, 0x32, 0xa8, 0x7f,
0xb8, 0xa1, 0x0f, 0xb4, 0x49, 0xfb, 0x3f, 0x5d, 0xa7, 0x49, 0x52, 0x51,
0x1b, 0xf2, 0xce, 0x03, 0xbd, 0x74, 0xdb, 0x02, 0x6b, 0x76, 0xdf, 0x93,
0xb8, 0x16, 0xa6, 0x4b, 0x43, 0x72, 0xb3, 0x3e, 0x87, 0x32, 0x26, 0x68,
0x12, 0x04, 0x02, 0x2f, 0xc9, 0x45, 0xd9, 0xc2, 0x90, 0x99, 0x82, 0xe6,
0x51, 0x7e, 0xc2, 0x15, 0x7f, 0x57, 0xf4, 0xa3, 0x6c, 0xbf, 0xad, 0xab,
0x9b, 0xa6, 0xc8, 0x58, 0x9e, 0xb0, 0x33, 0x10},
priv_key_66,
- false},
+ true},
// Comment: byte 7 of ps is 0
// tcID: 14
{14,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x9c, 0x62, 0xf9, 0xf4, 0xc1, 0x35, 0x0b, 0x05, 0x0d,
+ 0x45, 0x25, 0x86, 0x0b, 0x52, 0xe7, 0x44, 0xc5, 0x53,
+ 0x31, 0x8f, 0xb1, 0x93, 0xbb, 0x2f, 0x7a},
{0x9e, 0xa6, 0x99, 0x11, 0x24, 0xc0, 0x47, 0x78, 0x8b, 0x4c, 0xe7, 0x68,
0x61, 0x4e, 0xdc, 0x52, 0xcb, 0x1b, 0xf8, 0x88, 0x65, 0xf8, 0x0a, 0x7b,
0x7b, 0xbb, 0xc4, 0x35, 0xc1, 0x38, 0x96, 0x25, 0xa0, 0x85, 0xa5, 0x03,
0x03, 0x38, 0x85, 0x65, 0x27, 0xd8, 0x6f, 0x0f, 0xa9, 0x36, 0x31, 0x01,
0xa7, 0x80, 0x0d, 0x7e, 0x61, 0xdb, 0xc0, 0x81, 0xd5, 0x83, 0x9b, 0xc6,
0x79, 0x72, 0x84, 0x03, 0xbf, 0x02, 0x8a, 0x22, 0xce, 0xbb, 0xfd, 0x2c,
0x99, 0x84, 0xd5, 0x81, 0xca, 0x79, 0xcb, 0xdd, 0x2e, 0x99, 0x62, 0xfa,
0xe6, 0x4a, 0x5b, 0xd3, 0xb2, 0xa8, 0xd4, 0x19, 0xcb, 0x39, 0xfb, 0xbe,
@@ -7351,22 +7412,38 @@ const RsaDecryptTestVector kRsa4096Decry
0xaa, 0xab, 0x87, 0x19, 0x02, 0xfa, 0x5f, 0x68, 0xc8, 0x52, 0x93, 0x1b,
0x4a, 0x01, 0x4e, 0x4f, 0xe3, 0x64, 0x48, 0x61, 0xf2, 0x76, 0xa6, 0xc1,
0x7a, 0xdb, 0xaf, 0xfa, 0xa7, 0xcd, 0x23, 0xc2, 0x23, 0xc4, 0xe5, 0x4e,
0x2b, 0x85, 0xb4, 0x62, 0x04, 0xb6, 0x6a, 0x3c, 0x44, 0x7b, 0x4d, 0xb7,
0x22, 0xe6, 0xa9, 0xdc, 0x0c, 0x61, 0xce, 0x29, 0x40, 0x7a, 0x4d, 0x24,
0x6a, 0x2f, 0xe8, 0x38, 0x6c, 0xdf, 0xe9, 0x97, 0x32, 0x31, 0x60, 0x26,
0xa2, 0xc6, 0x32, 0xaf, 0xe5, 0x08, 0x42, 0x97},
priv_key_66,
- false},
+ true},
// Comment: ps truncated
// tcID: 15
{15,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x2f, 0x7f, 0x06, 0x4c, 0xaa, 0xd2, 0xdd, 0x14, 0xbe, 0x16, 0x80, 0xae,
+ 0x3b, 0x7d, 0x11, 0xca, 0x46, 0x1d, 0xec, 0x4b, 0x20, 0x6e, 0x7d, 0x33,
+ 0x94, 0x76, 0xb0, 0xc6, 0x9f, 0x7d, 0xb3, 0x27, 0xfc, 0x58, 0x84, 0xff,
+ 0x02, 0x50, 0x88, 0xd2, 0x34, 0x8c, 0xba, 0x80, 0x74, 0x4d, 0xba, 0xb7,
+ 0x04, 0x28, 0xaa, 0x56, 0x65, 0x2b, 0x84, 0xfe, 0xd2, 0x82, 0x06, 0xd0,
+ 0x6a, 0xb6, 0x1e, 0x58, 0x94, 0x3b, 0x6f, 0x68, 0x2c, 0x7c, 0x12, 0x42,
+ 0x44, 0xe0, 0x1f, 0x7e, 0xca, 0x48, 0x06, 0x07, 0x7b, 0x5d, 0xdd, 0x53,
+ 0xdd, 0xf3, 0xa2, 0x48, 0x7a, 0xb8, 0x79, 0x16, 0x5c, 0xbe, 0x02, 0x83,
+ 0xab, 0x1b, 0x7e, 0x1c, 0x10, 0x6b, 0x95, 0x82, 0x90, 0x34, 0x8e, 0xde,
+ 0x21, 0xbf, 0xdb, 0xbb, 0x3e, 0x5b, 0x26, 0xf7, 0x42, 0x7b, 0x0c, 0x41,
+ 0x19, 0xc6, 0x2f, 0x94, 0xbc, 0x0d, 0xda, 0x34, 0x8e, 0xfc, 0xb6, 0x56,
+ 0xf9, 0x66, 0x96, 0xaa, 0x15, 0xcc, 0x99, 0x9b, 0x4b, 0x53, 0xb9, 0xc3,
+ 0x91, 0xfb, 0x49, 0x3a, 0x4b, 0xdc, 0x9a, 0x2f, 0xe3, 0x9f, 0x85, 0x02,
+ 0x25, 0x96, 0xbf, 0x7c, 0x45, 0x84, 0xcb, 0x0a, 0x7e, 0x41, 0x99, 0x08,
+ 0x0a, 0x67, 0x0a, 0x77, 0x74, 0xa9, 0x72, 0xeb, 0xa8, 0x5e, 0x1d, 0xd2,
+ 0x9e, 0xd5, 0x00, 0x53, 0x77, 0x5d},
{0x14, 0x27, 0xb2, 0x36, 0x4d, 0xed, 0xf9, 0xb3, 0x3b, 0x1c, 0xf7, 0x0f,
0x88, 0x23, 0xb6, 0x0a, 0x26, 0x86, 0x52, 0x0f, 0x90, 0x4e, 0x89, 0x24,
0x7b, 0xc6, 0xb5, 0xb6, 0x82, 0x17, 0x0f, 0xd1, 0x52, 0x55, 0x4f, 0x86,
0x2c, 0xa6, 0x42, 0x34, 0x34, 0x5b, 0xb8, 0x3b, 0x11, 0x85, 0x39, 0xea,
0xa4, 0xc0, 0xb7, 0xfc, 0x46, 0xe2, 0x1d, 0x2f, 0xbc, 0x7e, 0xb5, 0xbb,
0x26, 0xad, 0xe5, 0x46, 0x4a, 0x77, 0x23, 0xf8, 0xd4, 0x4c, 0x8d, 0x0a,
0x88, 0xe1, 0xd1, 0xd7, 0xfc, 0xa1, 0x71, 0x7a, 0xdc, 0xa7, 0x20, 0x7b,
0x55, 0xc5, 0xb5, 0x24, 0x57, 0xc8, 0xaa, 0x2c, 0x6d, 0x9a, 0x19, 0xe0,
@@ -7401,22 +7478,55 @@ const RsaDecryptTestVector kRsa4096Decry
0x30, 0xb1, 0x77, 0xe1, 0xbc, 0xd5, 0xce, 0xcb, 0x5e, 0x80, 0x4d, 0x1e,
0xe9, 0x6f, 0xc8, 0x23, 0xf7, 0xcf, 0x2b, 0xc3, 0x15, 0x93, 0x81, 0xc7,
0x8a, 0x49, 0x87, 0x94, 0x07, 0x19, 0x19, 0x98, 0xca, 0x75, 0x9c, 0xf3,
0x0e, 0xb5, 0x03, 0x78, 0x3f, 0x88, 0xea, 0x15, 0x79, 0x70, 0xdd, 0xc6,
0xba, 0x75, 0x69, 0xe1, 0x36, 0x2c, 0xbb, 0x99, 0xeb, 0x45, 0xb6, 0x57,
0x8f, 0x14, 0x2d, 0xf5, 0xf1, 0xcb, 0xbc, 0xf2, 0xa7, 0x13, 0x72, 0x9c,
0x2a, 0x01, 0x17, 0x78, 0x1f, 0x85, 0x09, 0xdf},
priv_key_66,
- false},
+ true},
// Comment: ps missing
// tcID: 16
{16,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x77, 0x0a, 0xbf, 0xf4, 0x5b, 0xef, 0x4e, 0x24, 0xb7, 0xf5, 0xd2, 0x10,
+ 0x18, 0x64, 0x86, 0x86, 0x89, 0x01, 0xb2, 0x1e, 0x48, 0x15, 0x96, 0x2d,
+ 0x6d, 0xe9, 0xc1, 0x75, 0x95, 0xaa, 0x66, 0xba, 0x63, 0x40, 0xbc, 0xc7,
+ 0xe0, 0x11, 0x6f, 0x49, 0x77, 0x1d, 0xa6, 0xd7, 0xd9, 0x5c, 0x4f, 0x0b,
+ 0xb6, 0x35, 0xe9, 0x1f, 0x7f, 0x02, 0xc5, 0x43, 0x8c, 0xfe, 0xad, 0x2a,
+ 0xa3, 0xa5, 0xca, 0x58, 0x98, 0xac, 0xc5, 0x1b, 0x93, 0x86, 0xb4, 0xb3,
+ 0x9f, 0xc2, 0x01, 0x5c, 0x93, 0x33, 0x2b, 0x2c, 0x4c, 0x5d, 0xfe, 0x0d,
+ 0x87, 0x70, 0x55, 0x64, 0xff, 0x48, 0xcc, 0x8d, 0x6d, 0x0b, 0xbe, 0x64,
+ 0xa1, 0x45, 0x90, 0x5e, 0xd0, 0xc5, 0x69, 0x5a, 0x40, 0x27, 0xb2, 0x5a,
+ 0x61, 0x0d, 0x64, 0xba, 0xd6, 0xf0, 0xaa, 0xa7, 0x0f, 0x10, 0x01, 0xb6,
+ 0x3d, 0x57, 0xb3, 0x35, 0xf6, 0x6e, 0xf5, 0xb2, 0x3b, 0xea, 0x38, 0x69,
+ 0x74, 0x09, 0xca, 0x10, 0x31, 0x08, 0x4a, 0x88, 0x25, 0x58, 0x22, 0x56,
+ 0x0a, 0x7b, 0x63, 0x37, 0x52, 0x37, 0x6c, 0x30, 0xbc, 0x0b, 0x20, 0x0d,
+ 0x52, 0x37, 0x7a, 0x94, 0x14, 0x78, 0xa2, 0x44, 0x12, 0x9e, 0x04, 0x5b,
+ 0x8a, 0x40, 0x77, 0x32, 0xed, 0xbf, 0x1d, 0x68, 0xdf, 0xce, 0x07, 0x3a,
+ 0xd6, 0x81, 0x2f, 0x5c, 0x90, 0xde, 0xe9, 0xa9, 0xe6, 0x07, 0x9e, 0xa7,
+ 0xfb, 0xb5, 0x10, 0x00, 0xb9, 0x2e, 0xaa, 0x4f, 0x63, 0x19, 0x1b, 0x16,
+ 0xbd, 0xbf, 0x20, 0xbe, 0xa5, 0x64, 0xe8, 0x87, 0xcb, 0x71, 0x3f, 0x92,
+ 0x88, 0xc7, 0x9a, 0x16, 0x3c, 0x88, 0xf1, 0xe3, 0x08, 0x09, 0xff, 0xe3,
+ 0x89, 0x09, 0xf4, 0xaa, 0x78, 0x0c, 0xa8, 0x54, 0xc6, 0xd1, 0x10, 0xa9,
+ 0xfa, 0x54, 0x68, 0x3e, 0x53, 0x67, 0xc7, 0x8c, 0x2a, 0x8a, 0x25, 0x73,
+ 0x65, 0x71, 0x83, 0x79, 0xfc, 0x1b, 0x46, 0x3a, 0x6f, 0x97, 0x8a, 0x01,
+ 0xd8, 0x39, 0xcb, 0xd7, 0x5c, 0x49, 0xb2, 0x70, 0x51, 0xc6, 0x45, 0xaf,
+ 0xc8, 0x3e, 0x51, 0x7a, 0x4b, 0x3d, 0x8d, 0x96, 0x5c, 0x83, 0xec, 0x02,
+ 0x99, 0x8e, 0x98, 0xce, 0x15, 0x3a, 0xf0, 0xaf, 0x9b, 0x6e, 0xd4, 0xcc,
+ 0x8f, 0xe0, 0xb9, 0x84, 0x17, 0xed, 0x66, 0x1c, 0x75, 0x5f, 0x4d, 0xeb,
+ 0xfa, 0xc7, 0x24, 0x63, 0x65, 0x3c, 0x52, 0x0d, 0x4d, 0x6c, 0xc8, 0x5f,
+ 0x54, 0x2d, 0xec, 0xbe, 0x87, 0xb5, 0xc6, 0x7e, 0x74, 0xcb, 0x87, 0xe4,
+ 0xc1, 0x9a, 0x59, 0x13, 0x2e, 0x90, 0xb5, 0x79, 0x5f, 0x8c, 0xa1, 0x8b,
+ 0xa8, 0x0f, 0x50, 0x7f, 0xb9, 0xee, 0x84, 0xb9, 0xaf, 0x80, 0x3b, 0x30,
+ 0x4d, 0x65, 0x0b, 0x8d, 0x80, 0xaa, 0xb0, 0x35, 0x38, 0x18, 0x45, 0xb8,
+ 0x09, 0xfe, 0xe3, 0x7c, 0xf7, 0xb2, 0xd9, 0xae, 0x55, 0x74, 0x24, 0x4e,
+ 0xbe, 0x6a, 0x1a, 0xcf, 0xc3, 0xff, 0x26, 0x36},
{0xa4, 0xdf, 0xae, 0x87, 0x79, 0xa1, 0x1c, 0x42, 0x54, 0xa5, 0x9c, 0x7c,
0x5e, 0xb0, 0x8e, 0x2c, 0xcf, 0x9d, 0x28, 0x69, 0x2c, 0x2d, 0xf4, 0x90,
0x21, 0x84, 0xe6, 0x91, 0x46, 0xc5, 0x77, 0x24, 0xfa, 0x0a, 0x4b, 0x27,
0x01, 0x43, 0x5f, 0xdb, 0x7d, 0xea, 0x14, 0xcd, 0x5b, 0xfd, 0xaf, 0xda,
0x49, 0x40, 0x03, 0x70, 0x36, 0x8f, 0x85, 0xd3, 0x92, 0x9b, 0x24, 0x3f,
0xbe, 0xbf, 0xcd, 0x71, 0xe5, 0xba, 0x5f, 0x1d, 0x3d, 0x45, 0xcb, 0x1e,
0x5c, 0xa5, 0x31, 0x94, 0xb4, 0xe5, 0xc9, 0x8f, 0x1a, 0x78, 0xae, 0xf3,
0xc4, 0x8c, 0x52, 0xa4, 0xd3, 0x6a, 0xb7, 0x88, 0x8b, 0x16, 0x1b, 0xb5,
@@ -7451,22 +7561,32 @@ const RsaDecryptTestVector kRsa4096Decry
0x28, 0x74, 0x27, 0xb5, 0xfd, 0x9b, 0x7e, 0xae, 0x36, 0xe8, 0x4e, 0x0b,
0x71, 0x83, 0x01, 0x30, 0x36, 0x38, 0x62, 0xa2, 0x69, 0x21, 0x7a, 0x0d,
0x7a, 0x10, 0xdc, 0x60, 0x2f, 0x5e, 0xac, 0x5b, 0x2d, 0x0f, 0x65, 0x5a,
0x84, 0x93, 0x79, 0x1e, 0xef, 0x41, 0xd4, 0x26, 0x5b, 0xa3, 0xaf, 0x34,
0x76, 0x26, 0x58, 0xe0, 0x85, 0xf1, 0xca, 0x82, 0xc7, 0x10, 0x72, 0x7c,
0x58, 0x02, 0xc0, 0xbd, 0x55, 0xed, 0x1a, 0x1b, 0xd8, 0x9a, 0x29, 0x09,
0x2f, 0x1c, 0xe7, 0x50, 0xa2, 0x61, 0xa4, 0xb9},
priv_key_66,
- false},
+ true},
// Comment: Block type = 0
// tcID: 17
{17,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xbb, 0x28, 0xd2, 0x14, 0xe1, 0x25, 0x7a, 0xfe, 0xbc, 0xf6, 0x7e, 0x15,
+ 0x4f, 0x43, 0x1b, 0x20, 0x30, 0x85, 0x3d, 0x84, 0xfb, 0xb9, 0x22, 0x68,
+ 0x9d, 0x12, 0x7a, 0xc9, 0x8b, 0x9c, 0xf7, 0x35, 0xbc, 0xe1, 0x01, 0x9c,
+ 0x5f, 0x83, 0x15, 0xa8, 0x97, 0x20, 0x73, 0x8d, 0x3d, 0x4c, 0xdc, 0xd1,
+ 0x48, 0xc6, 0x35, 0x60, 0x65, 0xee, 0x41, 0x65, 0xe1, 0x08, 0xcf, 0xbe,
+ 0x4c, 0xc8, 0x19, 0xe7, 0xf7, 0x4e, 0x4a, 0x3d, 0xa7, 0x00, 0x66, 0x1c,
+ 0x5b, 0x42, 0xc6, 0x38, 0x78, 0x53, 0xdc, 0xff, 0xc2, 0x60, 0xab, 0x1b,
+ 0x84, 0xbe, 0x4f, 0x89, 0x17, 0x47, 0x11, 0x7e, 0xb9, 0xca, 0x03, 0x44,
+ 0x8f, 0xf8, 0xd2, 0x0d, 0x0a, 0x99, 0xdc, 0x71, 0xd2, 0x16, 0x91, 0x6b,
+ 0x55, 0xb9, 0x24, 0x6a, 0x3a, 0x00, 0x8d, 0x22, 0xaa},
{0x70, 0x7b, 0xba, 0x45, 0xb2, 0xe3, 0x45, 0x89, 0x5f, 0x4d, 0x6e, 0x5f,
0xf7, 0xdd, 0xfd, 0x52, 0x70, 0x35, 0x4f, 0x19, 0x40, 0xb4, 0xc5, 0x18,
0xa6, 0xec, 0x0e, 0x0b, 0x47, 0xd9, 0xb5, 0x2c, 0xfc, 0xac, 0x90, 0x8b,
0xee, 0x3f, 0xc8, 0x16, 0x16, 0x34, 0x49, 0x27, 0x20, 0xf2, 0x11, 0x8c,
0x5e, 0x73, 0x2c, 0xad, 0xb6, 0xb4, 0x93, 0x8c, 0x9b, 0x28, 0x75, 0x41,
0x04, 0xab, 0xe2, 0x2d, 0x9e, 0x7d, 0x27, 0x94, 0x31, 0xd8, 0x33, 0xa8,
0xcf, 0x46, 0xe6, 0x68, 0x9d, 0x02, 0xef, 0x41, 0xdf, 0x19, 0xd8, 0xea,
0x80, 0x38, 0x50, 0x89, 0x9b, 0xb2, 0x2a, 0x64, 0x8c, 0xb8, 0xbd, 0x7b,
@@ -7501,22 +7621,45 @@ const RsaDecryptTestVector kRsa4096Decry
0x32, 0x0a, 0x79, 0x82, 0x18, 0xc1, 0xfd, 0xab, 0xeb, 0x49, 0x1c, 0xbc,
0x43, 0x8a, 0x82, 0x68, 0x1b, 0xd9, 0xf5, 0x40, 0x13, 0x44, 0x90, 0x9d,
0x2a, 0xa4, 0xae, 0x7a, 0x8d, 0x33, 0xfa, 0x1e, 0xae, 0xd4, 0x19, 0xd2,
0xa3, 0x7b, 0x36, 0x0e, 0x7f, 0x32, 0x02, 0x5d, 0x8c, 0xad, 0x01, 0x59,
0x8b, 0x88, 0x59, 0xb6, 0x34, 0x18, 0xb9, 0xbf, 0x09, 0xd1, 0xca, 0xbd,
0xe9, 0x49, 0x23, 0x61, 0xe0, 0x93, 0x63, 0xfc, 0x7e, 0xea, 0x0d, 0x91,
0xff, 0x94, 0x17, 0x00, 0x2b, 0x79, 0xa5, 0x7f},
priv_key_66,
- false},
+ true},
// Comment: Block type = 1
// tcID: 18
{18,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x0a, 0x76, 0xe0, 0x54, 0x71, 0x20, 0x46, 0x74, 0xe5, 0x97, 0x30, 0xaa,
+ 0xc5, 0x7b, 0x5e, 0xc0, 0xcb, 0x3b, 0xb3, 0xdc, 0x62, 0x28, 0x3a, 0xc0,
+ 0x68, 0xfe, 0x2e, 0x81, 0x16, 0xbd, 0xcf, 0x3e, 0xf3, 0x22, 0x15, 0x8f,
+ 0xca, 0xa5, 0xc3, 0xa4, 0xcb, 0x91, 0x47, 0x83, 0x81, 0x2e, 0x19, 0x63,
+ 0x18, 0x91, 0xf6, 0xa9, 0x31, 0xf2, 0xd2, 0x28, 0x9d, 0x29, 0x51, 0x0f,
+ 0xa9, 0x86, 0xc0, 0x7d, 0x0e, 0x1a, 0xfb, 0x51, 0x4c, 0xfa, 0x2b, 0xdf,
+ 0x91, 0x80, 0x6d, 0x55, 0x03, 0xb5, 0x83, 0xbc, 0xb9, 0x4b, 0x8f, 0x49,
+ 0xba, 0x4e, 0x08, 0x2c, 0x3a, 0x25, 0xc7, 0x3f, 0x9c, 0xe5, 0x17, 0x2c,
+ 0xff, 0x83, 0x90, 0x92, 0x20, 0x16, 0x5c, 0x37, 0xde, 0xc8, 0xe4, 0x03,
+ 0x55, 0x45, 0x10, 0x29, 0x41, 0x5b, 0xd3, 0xfd, 0xca, 0x4f, 0x82, 0x31,
+ 0x8e, 0x94, 0x39, 0xb0, 0x8d, 0x70, 0x56, 0x6f, 0x5d, 0xd0, 0x89, 0xf0,
+ 0x66, 0xdf, 0xf4, 0x95, 0x80, 0x57, 0xce, 0x3c, 0x4b, 0xa3, 0x93, 0x52,
+ 0xe8, 0x72, 0xf9, 0x1d, 0x2b, 0xa7, 0x91, 0xcf, 0x2c, 0x1a, 0x62, 0xd0,
+ 0x1c, 0x4c, 0xa6, 0x90, 0xe8, 0xda, 0xc3, 0xe6, 0x9b, 0x33, 0x4b, 0xcb,
+ 0xd7, 0x35, 0xc2, 0x94, 0x48, 0x9f, 0xe4, 0x9a, 0x0e, 0x09, 0xd1, 0x85,
+ 0x17, 0x96, 0x3d, 0xf1, 0xac, 0x46, 0x84, 0xbf, 0x8a, 0x69, 0x78, 0xd7,
+ 0xcd, 0xce, 0x17, 0xd7, 0xb8, 0xea, 0xd9, 0xa5, 0xbe, 0xf8, 0x44, 0x53,
+ 0xe0, 0xfa, 0x6b, 0x6f, 0xb2, 0x47, 0xe5, 0xea, 0x97, 0x81, 0x24, 0x4a,
+ 0x34, 0x14, 0x03, 0x62, 0xf7, 0x3a, 0xf7, 0x00, 0x08, 0x5f, 0xf4, 0x1f,
+ 0x26, 0x61, 0x6b, 0x7c, 0xa7, 0x6a, 0x86, 0x56, 0x5b, 0x47, 0xf7, 0xc8,
+ 0x1f, 0xc1, 0xf8, 0x5c, 0xb4, 0xa4, 0x37, 0x5f, 0x11, 0xae, 0xc5, 0xec,
+ 0xe0, 0x92, 0xcf, 0xcd, 0xe2, 0xec, 0xf2, 0x4c, 0xb3, 0xd2, 0x50, 0x02,
+ 0x84, 0x61, 0x8f, 0xfe, 0x97, 0xe6, 0xda, 0x1c},
{0xdf, 0x0e, 0xab, 0x19, 0x82, 0xae, 0x5a, 0xb7, 0x97, 0x65, 0xbb, 0xcc,
0x8d, 0xaa, 0xf4, 0x3d, 0x46, 0x59, 0xe9, 0x0a, 0xee, 0x06, 0x02, 0x68,
0x88, 0x0a, 0x84, 0xe9, 0x41, 0x88, 0x19, 0x40, 0xbf, 0xe1, 0x6a, 0xb9,
0x30, 0x91, 0xc9, 0x30, 0xb5, 0x70, 0x2f, 0x25, 0x32, 0x89, 0x68, 0x7f,
0x79, 0x88, 0xf0, 0x31, 0x3c, 0xfe, 0xea, 0xa8, 0xa8, 0x12, 0x96, 0x9b,
0x8d, 0x8e, 0xdb, 0x59, 0xfb, 0x58, 0x51, 0x38, 0xf8, 0xca, 0x28, 0xf2,
0xd3, 0x1f, 0xcf, 0xed, 0x2f, 0xf3, 0x0c, 0x98, 0x0b, 0xc2, 0xb7, 0xd2,
0x01, 0xbb, 0xe6, 0x3b, 0xb5, 0xba, 0xd0, 0x79, 0x3e, 0x3c, 0x12, 0x9f,
@@ -7551,22 +7694,62 @@ const RsaDecryptTestVector kRsa4096Decry
0x3c, 0x1a, 0xf6, 0xf5, 0x83, 0xdc, 0x80, 0x42, 0xfb, 0xcb, 0x8a, 0xb2,
0x3b, 0x7e, 0x2e, 0x2d, 0xc1, 0x31, 0x4f, 0x52, 0xa8, 0x92, 0x70, 0x72,
0x02, 0xb4, 0xe2, 0x55, 0x8b, 0x92, 0x77, 0x8c, 0xcd, 0x64, 0xdf, 0x2c,
0xa0, 0xde, 0x19, 0x0a, 0x5f, 0x0a, 0x33, 0xc1, 0x38, 0x2b, 0x96, 0x8b,
0xa6, 0xd2, 0x4e, 0x9b, 0xf9, 0xca, 0xa8, 0x90, 0xbc, 0x87, 0x74, 0x9f,
0x83, 0xf5, 0x84, 0x5b, 0x59, 0xb7, 0x94, 0x87, 0x2a, 0x76, 0x78, 0xdf,
0x60, 0xd8, 0xb8, 0x3f, 0xc1, 0xd0, 0xe5, 0x97},
priv_key_66,
- false},
+ true},
// Comment: Block type = 0xff
// tcID: 19
{19,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xd1, 0x5b, 0xcc, 0xb0, 0x44, 0x5f, 0xc0, 0x58, 0xc9, 0xe9, 0x91, 0xc1,
+ 0xc1, 0x3e, 0x2c, 0x0d, 0xb5, 0x61, 0x22, 0xab, 0xfe, 0x20, 0xf5, 0x5d,
+ 0xea, 0xba, 0x92, 0xc9, 0x40, 0x80, 0xb1, 0x4d, 0xf1, 0x2c, 0xed, 0xe3,
+ 0x65, 0xf2, 0xa3, 0x04, 0xed, 0xd9, 0x30, 0x85, 0x32, 0xed, 0x99, 0x54,
+ 0xbf, 0xce, 0xfe, 0x99, 0x89, 0x6e, 0x53, 0xd1, 0x9d, 0xa5, 0xe6, 0xc5,
+ 0x02, 0x00, 0x82, 0x1b, 0x56, 0x9b, 0x3f, 0xe4, 0x10, 0xbf, 0xe7, 0x1c,
+ 0x7b, 0xc3, 0x34, 0x91, 0x14, 0x2a, 0x10, 0xe5, 0x50, 0x5c, 0x64, 0x35,
+ 0x4f, 0x01, 0x88, 0xec, 0x8d, 0x24, 0xfa, 0x0f, 0xaf, 0x56, 0xc2, 0x8b,
+ 0xce, 0x83, 0xfd, 0x12, 0xef, 0xa7, 0x48, 0xe9, 0xc0, 0x53, 0x4c, 0xa2,
+ 0x64, 0x34, 0x24, 0x95, 0x46, 0x48, 0x8f, 0x20, 0x6e, 0xbb, 0x9c, 0xe4,
+ 0x38, 0x06, 0x3a, 0xd7, 0x43, 0x1f, 0xb4, 0x4b, 0xc6, 0x38, 0xc4, 0x1b,
+ 0xb7, 0x33, 0x41, 0x2b, 0x42, 0xf9, 0x1d, 0xf7, 0x8f, 0x4d, 0x01, 0x37,
+ 0x6e, 0x4d, 0xb5, 0x45, 0xa4, 0xfc, 0xc9, 0x4a, 0xdc, 0x52, 0x0e, 0x1b,
+ 0xdb, 0xfb, 0x6f, 0xef, 0x2a, 0x96, 0xdf, 0x3f, 0xf9, 0x3f, 0x95, 0x01,
+ 0x7c, 0xbe, 0xdf, 0xb3, 0x6f, 0xe5, 0xb5, 0x0a, 0x5c, 0xff, 0x1d, 0xb1,
+ 0x10, 0xfa, 0x1f, 0x03, 0xe3, 0xe6, 0x5a, 0xa2, 0x4b, 0x94, 0xa9, 0x6a,
+ 0xb1, 0xef, 0xe7, 0xce, 0xc9, 0xb5, 0x4d, 0x1d, 0xf2, 0x6b, 0x69, 0xde,
+ 0x87, 0x88, 0x21, 0xf1, 0xc0, 0xfc, 0x51, 0x15, 0x2f, 0xd2, 0x4b, 0xae,
+ 0x58, 0x10, 0xa7, 0xd6, 0xf1, 0xef, 0x86, 0x9b, 0x90, 0xcd, 0xd9, 0x6f,
+ 0x36, 0x56, 0xcb, 0xb3, 0x1a, 0x91, 0x1a, 0x5e, 0xde, 0xae, 0xca, 0x70,
+ 0x9d, 0x40, 0x49, 0x98, 0xc2, 0x9f, 0x40, 0x51, 0x5a, 0x6c, 0xf6, 0xc9,
+ 0x9b, 0xd8, 0xc8, 0xd8, 0xd5, 0x21, 0x8e, 0xa0, 0x1d, 0x3c, 0x5f, 0xaf,
+ 0x43, 0xb6, 0x1d, 0xa3, 0x01, 0x2b, 0x42, 0x14, 0xbb, 0x5f, 0x73, 0x3d,
+ 0xc8, 0x42, 0x89, 0xc2, 0x65, 0xff, 0xa4, 0x50, 0x84, 0xfa, 0x0e, 0x51,
+ 0x39, 0x17, 0xae, 0xdf, 0xac, 0x81, 0x6b, 0x8a, 0x2e, 0x5f, 0xbf, 0x89,
+ 0x3d, 0x9c, 0x51, 0x7f, 0xd0, 0xde, 0x13, 0x2f, 0x57, 0x14, 0x85, 0x3b,
+ 0x81, 0xcc, 0xd7, 0xa1, 0xc8, 0x45, 0xb1, 0xd3, 0x61, 0x0f, 0xf7, 0x66,
+ 0x77, 0x4e, 0xd6, 0xcc, 0x6a, 0xb7, 0x4d, 0x38, 0x35, 0xab, 0x93, 0x42,
+ 0x9b, 0x68, 0xed, 0x36, 0x7c, 0x32, 0x79, 0xe5, 0xf7, 0x3c, 0xa3, 0xa1,
+ 0x3f, 0xff, 0xd5, 0x2a, 0x41, 0x16, 0xba, 0xe3, 0x4d, 0xe5, 0xe5, 0xb8,
+ 0xac, 0x98, 0xf2, 0xcd, 0x56, 0x3f, 0x0b, 0x24, 0x6d, 0x0c, 0xa9, 0x56,
+ 0x23, 0x34, 0x71, 0x7d, 0x58, 0x29, 0xe3, 0x55, 0xd8, 0x22, 0xc7, 0xc1,
+ 0x10, 0x0f, 0xc1, 0x20, 0x72, 0xae, 0x42, 0xd9, 0x46, 0xd0, 0x45, 0xfd,
+ 0xbe, 0x6f, 0x33, 0xa5, 0x9c, 0xb2, 0x25, 0x40, 0x61, 0xa7, 0x14, 0xf7,
+ 0x81, 0x13, 0x31, 0x42, 0x85, 0x1a, 0x61, 0x17, 0x9a, 0xdb, 0xc5, 0x21,
+ 0xf4, 0x42, 0x63, 0xa3, 0x05, 0xaa, 0xdf, 0x1c, 0x8a, 0xb9, 0x30, 0x23,
+ 0xa4, 0x91, 0x8a, 0xfa, 0x9b, 0x5e, 0x72, 0x92, 0xd6, 0xae, 0x39, 0x64,
+ 0x5c, 0x73, 0xe5, 0x71, 0x2a, 0x8d, 0xf2, 0x31, 0x32, 0xdd, 0x0f, 0xfa,
+ 0x45, 0xae, 0xba, 0xb4, 0x30, 0x2d, 0xc6, 0xb5, 0xba, 0x6c, 0xd7, 0xa3,
+ 0xf3, 0x49, 0x4f, 0xd8, 0x99, 0x51, 0x30, 0x59, 0x8f},
{0xcf, 0x23, 0x55, 0x09, 0xad, 0xc3, 0xf7, 0x06, 0xff, 0x62, 0xe4, 0x22,
0x83, 0xe0, 0xfd, 0xc3, 0x7e, 0x68, 0xd2, 0xa5, 0x4d, 0xa8, 0x7d, 0x5f,
0x89, 0x5b, 0x99, 0x9f, 0x8d, 0xe6, 0x38, 0xbd, 0x3b, 0x11, 0x11, 0x59,
0xfd, 0x18, 0xa4, 0xed, 0x60, 0x69, 0x23, 0x2a, 0x09, 0x1e, 0xba, 0xad,
0xd7, 0x97, 0xca, 0x7f, 0xc2, 0xac, 0xa6, 0xaf, 0x70, 0x4f, 0x94, 0xf5,
0x03, 0x88, 0xf7, 0xd4, 0x93, 0xfb, 0x89, 0x56, 0x66, 0x28, 0x08, 0x42,
0x11, 0x60, 0xe2, 0x31, 0x49, 0x5f, 0xfa, 0xc5, 0x5d, 0x59, 0x88, 0x42,
0x6d, 0xf0, 0xb8, 0x39, 0x41, 0x1a, 0x60, 0xe3, 0x91, 0x0b, 0xaa, 0x40,
@@ -7601,22 +7784,57 @@ const RsaDecryptTestVector kRsa4096Decry
0x14, 0x09, 0x55, 0xe4, 0x49, 0x75, 0x3f, 0xb0, 0x19, 0x9e, 0x53, 0xc8,
0x80, 0x36, 0x1e, 0xeb, 0x12, 0x01, 0x36, 0xfd, 0xbf, 0xf1, 0x03, 0xe2,
0x73, 0xbe, 0x56, 0x4d, 0x7e, 0x41, 0x37, 0xd4, 0x65, 0x23, 0x51, 0xef,
0xae, 0xf7, 0x76, 0xb6, 0x6c, 0x32, 0xba, 0x7a, 0x44, 0x21, 0x11, 0x00,
0xc7, 0xb1, 0xa8, 0xc6, 0x1a, 0x31, 0xa8, 0x89, 0x0a, 0xb3, 0x76, 0x6d,
0x71, 0xf3, 0xae, 0x76, 0xf1, 0xc6, 0xe3, 0x2c, 0xee, 0x8a, 0x45, 0x88,
0x00, 0xe0, 0xe4, 0x08, 0x58, 0x31, 0x71, 0xf1},
priv_key_66,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 20
{20,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x42, 0x1b, 0x7a, 0x2d, 0x49, 0x34, 0x83, 0x8c, 0xf3, 0xb9, 0xc5, 0x44,
+ 0x54, 0xaa, 0xe2, 0xa9, 0x7d, 0x53, 0x99, 0xb1, 0x94, 0x79, 0x8e, 0x70,
+ 0xd1, 0x16, 0x1d, 0x01, 0x4e, 0xe8, 0xf4, 0x56, 0xde, 0xa5, 0x98, 0x2b,
+ 0x87, 0xe5, 0xd2, 0x76, 0xcb, 0x88, 0x19, 0x54, 0xc1, 0x0a, 0x09, 0xa6,
+ 0xf8, 0xfc, 0x93, 0xd0, 0x78, 0xb7, 0xf8, 0x65, 0xa9, 0x02, 0x77, 0xe1,
+ 0x1f, 0x4d, 0x90, 0x6e, 0x61, 0xdb, 0xff, 0x86, 0x51, 0xe1, 0x6f, 0x1b,
+ 0x60, 0xec, 0x94, 0xd8, 0xed, 0x7f, 0x01, 0xfc, 0x50, 0x30, 0xb6, 0x7d,
+ 0x70, 0x99, 0xf2, 0x25, 0x95, 0x81, 0x83, 0xe4, 0x4c, 0x22, 0xc3, 0xea,
+ 0x77, 0x19, 0x66, 0x44, 0x7e, 0x6d, 0x9a, 0xcf, 0x73, 0xfd, 0xab, 0x8e,
+ 0x6f, 0x30, 0xe0, 0xac, 0x67, 0x65, 0x95, 0x0b, 0xaf, 0xb4, 0x24, 0x46,
+ 0xec, 0x33, 0xa0, 0x1b, 0x50, 0x81, 0x04, 0x6d, 0x45, 0x8f, 0x90, 0xdb,
+ 0x41, 0x7f, 0x52, 0x2b, 0xea, 0xd7, 0x78, 0x17, 0xcd, 0x66, 0xa8, 0x48,
+ 0x90, 0x10, 0x55, 0x11, 0x10, 0xf7, 0xdc, 0xf0, 0x10, 0x6d, 0x3c, 0xac,
+ 0x33, 0x85, 0x6e, 0x9d, 0xfd, 0x1f, 0x7f, 0xb1, 0xab, 0xaf, 0xb8, 0x84,
+ 0xb7, 0xad, 0xe2, 0xa8, 0x98, 0x68, 0x92, 0x22, 0xd8, 0x19, 0xa2, 0x1e,
+ 0xc1, 0x91, 0xc5, 0x6f, 0x35, 0xea, 0x3f, 0xae, 0xa9, 0x71, 0xb5, 0x01,
+ 0xca, 0xbb, 0xb6, 0x55, 0x65, 0xc9, 0xc9, 0xd1, 0x57, 0x93, 0x50, 0x63,
+ 0x14, 0xdc, 0xa6, 0x1b, 0x23, 0x58, 0x74, 0x27, 0x31, 0x36, 0xa1, 0xf8,
+ 0x32, 0x2e, 0xb9, 0x45, 0x73, 0x41, 0xca, 0x03, 0xc8, 0xd6, 0x71, 0xf5,
+ 0x9a, 0xd2, 0x46, 0x23, 0x01, 0x61, 0xe1, 0xcb, 0xb0, 0xd1, 0x06, 0xbb,
+ 0x80, 0xc0, 0x68, 0x7e, 0xd5, 0xc5, 0xb9, 0x0f, 0xa3, 0x08, 0xce, 0x74,
+ 0xce, 0x7a, 0xaa, 0x86, 0xa6, 0x3b, 0x78, 0xe1, 0x4b, 0xde, 0x8b, 0xa8,
+ 0xa7, 0x11, 0xae, 0xdf, 0x13, 0x5a, 0xb4, 0xde, 0x1c, 0xde, 0x3d, 0x58,
+ 0x5a, 0xab, 0xb4, 0x7c, 0x24, 0xe1, 0x05, 0xb0, 0xd1, 0x95, 0x05, 0xbf,
+ 0x5d, 0xb8, 0xc5, 0x41, 0xb7, 0xc0, 0x20, 0x53, 0xbf, 0xd6, 0x25, 0x7c,
+ 0xce, 0x98, 0x35, 0x8e, 0xda, 0x38, 0x57, 0xc4, 0x70, 0x85, 0x27, 0xbe,
+ 0x6c, 0xfa, 0x2b, 0xa8, 0xf0, 0x93, 0x0c, 0x2e, 0xe7, 0xc4, 0xdb, 0xf5,
+ 0xb5, 0x38, 0x87, 0xc1, 0x58, 0x86, 0x0e, 0xd6, 0xc3, 0x49, 0x5f, 0xd4,
+ 0x1a, 0xe1, 0x29, 0xfe, 0x7e, 0x90, 0x7f, 0xf7, 0xb1, 0xf5, 0x46, 0x95,
+ 0x78, 0x55, 0x59, 0x0e, 0xd0, 0x3a, 0xfc, 0xd1, 0xe7, 0x07, 0x8c, 0xb7,
+ 0x2a, 0xae, 0x8b, 0x8f, 0xde, 0xec, 0xbe, 0x8c, 0x22, 0x93, 0xfd, 0x53,
+ 0x64, 0xee, 0x9f, 0xb1, 0xef, 0x79, 0x31, 0xaa, 0xbd, 0x39, 0x92, 0xec,
+ 0x23, 0x88, 0x3f, 0x0d, 0x07, 0x36, 0xd0, 0x1d, 0x6e, 0xb7, 0xf3, 0x01,
+ 0xc0, 0x4b, 0x3d, 0xe2, 0xe4, 0x9a, 0xa6, 0xaf, 0x18, 0xf8, 0xad, 0xf0,
+ 0x67, 0xcc, 0xda, 0x5d, 0x75, 0x24, 0x06, 0x9b, 0x7f},
{0x95, 0xe6, 0x86, 0xfa, 0x46, 0x9e, 0x35, 0x57, 0xda, 0x1f, 0x42, 0x7b,
0x01, 0xa3, 0x39, 0xcd, 0x50, 0xb6, 0xae, 0xf7, 0x26, 0x39, 0x5b, 0xab,
0x94, 0xb0, 0x6d, 0x43, 0x7e, 0x2c, 0xa5, 0x46, 0xf0, 0x1a, 0x2f, 0x2e,
0x86, 0xd7, 0x25, 0xea, 0xe2, 0x10, 0x3c, 0x2f, 0xdc, 0xaf, 0x11, 0x76,
0xc2, 0x7a, 0xf6, 0xa2, 0x70, 0x35, 0xf3, 0x58, 0x4d, 0xdf, 0x87, 0xca,
0x80, 0xbb, 0xb0, 0x50, 0xec, 0x15, 0xb7, 0x87, 0x22, 0x3e, 0xc6, 0xf3,
0x71, 0xe3, 0x33, 0x60, 0xdd, 0x7e, 0x95, 0xdc, 0x00, 0x76, 0x0a, 0x60,
0x1c, 0xb2, 0x00, 0x24, 0x73, 0x94, 0x6d, 0x39, 0xd1, 0x84, 0x96, 0x94,
@@ -7651,22 +7869,35 @@ const RsaDecryptTestVector kRsa4096Decry
0xb3, 0xbf, 0x87, 0xe1, 0x61, 0x50, 0x0f, 0x5b, 0xb8, 0x5e, 0xed, 0xa6,
0x97, 0x95, 0x00, 0x96, 0x33, 0x4e, 0xac, 0x21, 0xa6, 0x70, 0xa9, 0x0f,
0x87, 0x61, 0x96, 0x89, 0x9a, 0x4d, 0x75, 0xdc, 0xa3, 0x76, 0xd7, 0xae,
0x19, 0x76, 0xa2, 0xcf, 0x31, 0x5f, 0xa3, 0x78, 0xe1, 0x12, 0x51, 0x09,
0x0b, 0x2a, 0xee, 0xc3, 0x9d, 0xd1, 0x48, 0x87, 0x01, 0xdd, 0x6c, 0x44,
0xf2, 0x68, 0xe5, 0x21, 0x0a, 0xac, 0xdc, 0xf1, 0xb3, 0xfd, 0x41, 0xbf,
0xeb, 0x9d, 0xb1, 0x55, 0x0c, 0xed, 0xee, 0x6b},
priv_key_66,
- false},
+ true},
// Comment: First byte is not zero
// tcID: 21
{21,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xa4, 0x6b, 0x87, 0xc0, 0x50, 0x3c, 0x0b, 0xc3, 0x7e, 0x30, 0x42, 0xf4,
+ 0x42, 0x1a, 0xca, 0xa9, 0x75, 0x3f, 0x07, 0x6d, 0xbf, 0xe9, 0x57, 0xc5,
+ 0xba, 0x9e, 0xba, 0xb4, 0x5e, 0xc2, 0x67, 0x64, 0xf2, 0xe3, 0xf8, 0x25,
+ 0x59, 0x04, 0xa3, 0x9f, 0xbb, 0xd5, 0xa3, 0x3f, 0xec, 0x28, 0x1d, 0x97,
+ 0x7e, 0x73, 0x63, 0x3d, 0x08, 0x0b, 0xb1, 0xe9, 0x5f, 0x1b, 0x90, 0x22,
+ 0x19, 0xed, 0x92, 0x3a, 0x2e, 0xd1, 0x3a, 0x14, 0x56, 0xc2, 0x8c, 0x58,
+ 0x82, 0x87, 0xbc, 0xb9, 0xe2, 0xb6, 0x2f, 0x90, 0xba, 0x07, 0x67, 0x4f,
+ 0x41, 0xf9, 0xc7, 0xb0, 0x80, 0xf9, 0x44, 0xa3, 0xb8, 0xa8, 0x88, 0xf9,
+ 0xbb, 0x9c, 0x6d, 0x00, 0x98, 0xf0, 0x24, 0x08, 0x44, 0xac, 0x68, 0xaa,
+ 0x9c, 0xa1, 0x27, 0x5d, 0xcf, 0x16, 0x55, 0xb5, 0x11, 0xf2, 0x1c, 0x0a,
+ 0x66, 0xf3, 0x99, 0x73, 0xa4, 0x2f, 0x54, 0x73, 0x43, 0xfc, 0x1b, 0x79,
+ 0x37, 0xce, 0x97, 0xa7, 0x7c, 0xac, 0x65, 0x29, 0x02, 0x60, 0x06, 0xcf,
+ 0x67, 0xeb},
{0x35, 0xbd, 0xd3, 0x34, 0x43, 0xb5, 0x80, 0x35, 0x5f, 0xc6, 0xb7, 0x02,
0x07, 0x14, 0x20, 0xb4, 0x86, 0x46, 0x12, 0xe0, 0x52, 0x67, 0x18, 0x9e,
0x46, 0xbf, 0xe0, 0x97, 0xfb, 0x82, 0xff, 0x1c, 0xee, 0x6f, 0xde, 0x5e,
0x28, 0xd4, 0x07, 0x3c, 0x60, 0x86, 0x69, 0x3e, 0x71, 0xb0, 0xd3, 0xc2,
0x93, 0xc3, 0xbd, 0xfb, 0x92, 0x6b, 0xa0, 0x66, 0xcd, 0x96, 0x66, 0xae,
0xa3, 0xbd, 0xb1, 0xb3, 0x55, 0x03, 0x2a, 0xcf, 0x2c, 0xa1, 0x76, 0x24,
0xad, 0x23, 0x80, 0x03, 0xee, 0x95, 0x09, 0xa7, 0x07, 0x5e, 0x08, 0x11,
0xfb, 0xd6, 0xc4, 0xa9, 0x74, 0xc3, 0x64, 0x72, 0x50, 0xa5, 0x5f, 0x92,
@@ -7701,22 +7932,63 @@ const RsaDecryptTestVector kRsa4096Decry
0x1f, 0x52, 0x30, 0xea, 0x32, 0x71, 0x34, 0xf0, 0x03, 0xb3, 0x52, 0x04,
0xe0, 0x67, 0x8d, 0xd7, 0xf7, 0x41, 0x6c, 0x94, 0xe6, 0xd5, 0x97, 0xea,
0x03, 0x86, 0xd7, 0x4f, 0xb9, 0xa0, 0x1f, 0x5d, 0xa1, 0xfc, 0x86, 0x6b,
0xe9, 0x37, 0x65, 0x00, 0x55, 0x09, 0xe9, 0x9d, 0xc2, 0x68, 0xaa, 0xd4,
0xca, 0x51, 0x36, 0x8b, 0x76, 0xfc, 0x74, 0x73, 0x0f, 0x33, 0x89, 0xb1,
0x20, 0x06, 0x22, 0x51, 0xe1, 0xa5, 0x70, 0xbe, 0x4a, 0x78, 0xe0, 0xcc,
0x59, 0x49, 0x57, 0x4d, 0xe7, 0x0b, 0xd4, 0x75},
priv_key_66,
- false},
+ true},
// Comment: signature padding
// tcID: 22
{22,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xa8, 0xdc, 0x9d, 0xe7, 0xad, 0x8c, 0xc5, 0xee, 0x2c, 0xa7, 0x5b, 0x03,
+ 0xad, 0x27, 0xde, 0xdc, 0xfb, 0xc2, 0xa2, 0xed, 0x55, 0x3d, 0xe3, 0x63,
+ 0xa3, 0x73, 0x61, 0xb5, 0xcc, 0x4d, 0xbc, 0xd2, 0x16, 0xf1, 0x9c, 0x89,
+ 0xb6, 0xbb, 0x5b, 0x0d, 0x11, 0xb9, 0xef, 0xfb, 0x11, 0x13, 0xf7, 0x11,
+ 0xf7, 0xac, 0x57, 0x86, 0xb9, 0x86, 0x97, 0xea, 0xa5, 0xdb, 0x81, 0xa1,
+ 0x89, 0x46, 0xc3, 0xf2, 0xde, 0x5e, 0x09, 0xc3, 0x0d, 0xe4, 0x8d, 0x30,
+ 0x1d, 0xd8, 0xd0, 0xbf, 0x8d, 0xc6, 0x34, 0x77, 0xe2, 0x89, 0x9e, 0x5f,
+ 0x94, 0xf6, 0x1f, 0xbf, 0xb3, 0x7c, 0x6b, 0x3c, 0xc0, 0x19, 0x59, 0xcc,
+ 0xcb, 0xb5, 0xc3, 0x11, 0x46, 0x71, 0x48, 0xb3, 0x03, 0xe0, 0x89, 0x61,
+ 0x51, 0x18, 0x00, 0x03, 0xa6, 0x70, 0xb1, 0xf5, 0xb1, 0xe4, 0x26, 0x57,
+ 0x34, 0x17, 0x28, 0x54, 0xbc, 0x7a, 0x42, 0xf2, 0x41, 0x7a, 0x6d, 0x22,
+ 0x46, 0x1d, 0x3d, 0x77, 0xfb, 0x85, 0xf5, 0xf1, 0xdd, 0x1a, 0xbc, 0x29,
+ 0x6a, 0x8d, 0x73, 0x29, 0x74, 0x6d, 0x0b, 0x77, 0xf7, 0x06, 0xbe, 0xb2,
+ 0x40, 0xb7, 0x82, 0x90, 0x86, 0x3a, 0xa1, 0xa0, 0x5c, 0x80, 0xd1, 0x89,
+ 0x4b, 0x26, 0x05, 0xd1, 0x0e, 0xab, 0x4c, 0x67, 0x27, 0x49, 0xd1, 0xbd,
+ 0x63, 0x82, 0x74, 0x22, 0x4b, 0x75, 0xfa, 0x72, 0x99, 0x09, 0x53, 0xde,
+ 0xac, 0x75, 0x6a, 0x81, 0x42, 0x88, 0x95, 0xff, 0x2c, 0x34, 0x93, 0x5a,
+ 0xbe, 0x15, 0xe9, 0x09, 0x7c, 0x77, 0x49, 0x78, 0x27, 0xaf, 0x35, 0xdf,
+ 0x9a, 0x62, 0xd0, 0xd9, 0xae, 0x3f, 0xc3, 0x8a, 0x6b, 0x56, 0x42, 0x56,
+ 0x51, 0xea, 0xdd, 0xd2, 0x7e, 0xb4, 0x65, 0xcf, 0xec, 0x1c, 0x4b, 0x66,
+ 0xa8, 0xb5, 0xf3, 0x6b, 0x1a, 0xfb, 0xba, 0x01, 0x55, 0xec, 0xaf, 0x0a,
+ 0xb8, 0x8c, 0x99, 0x78, 0x22, 0x0c, 0x63, 0x8e, 0xdd, 0x8c, 0xcc, 0x84,
+ 0x78, 0xb2, 0xe1, 0x55, 0x47, 0x16, 0xe7, 0x8f, 0xe0, 0xf8, 0xca, 0xa7,
+ 0x6f, 0x44, 0xc5, 0x49, 0xc7, 0xed, 0x0a, 0xd7, 0x06, 0x68, 0x1c, 0xa8,
+ 0x53, 0xf5, 0x9f, 0xbe, 0xf0, 0x29, 0x2f, 0x3d, 0x4a, 0xf1, 0x9a, 0x22,
+ 0x83, 0x32, 0x11, 0xf3, 0x33, 0x21, 0x35, 0x25, 0xef, 0x15, 0xbb, 0xf2,
+ 0x3b, 0x0a, 0xf0, 0xd6, 0xfa, 0xea, 0xd4, 0xa3, 0x44, 0x64, 0x31, 0x66,
+ 0x8c, 0xa7, 0xd6, 0xc0, 0x9e, 0x5c, 0x7e, 0x07, 0x8f, 0x05, 0xe6, 0xd0,
+ 0xdf, 0x35, 0x44, 0x65, 0xca, 0xcb, 0xad, 0x60, 0x81, 0xe8, 0x22, 0xe1,
+ 0x75, 0x37, 0x27, 0xe3, 0xcd, 0xc0, 0xd9, 0x6c, 0x56, 0x43, 0xca, 0xd5,
+ 0xb5, 0x12, 0xec, 0x5e, 0xab, 0xff, 0xa3, 0x5f, 0x98, 0x8d, 0x37, 0x84,
+ 0x50, 0x98, 0x09, 0xa8, 0x90, 0x15, 0xef, 0x1b, 0x88, 0xbf, 0x82, 0x94,
+ 0x20, 0xd7, 0x07, 0x14, 0x9e, 0x2a, 0x41, 0x7c, 0x36, 0xe1, 0x27, 0xee,
+ 0x52, 0x6b, 0xec, 0x0a, 0x6d, 0x81, 0x66, 0x11, 0x3b, 0x2a, 0xe1, 0x2e,
+ 0x8c, 0x24, 0xee, 0x48, 0x93, 0x21, 0x72, 0xd1, 0xad, 0xa7, 0x43, 0xad,
+ 0x4f, 0x77, 0xfd, 0x83, 0x63, 0xee, 0x34, 0xa2, 0xca, 0x35, 0x52, 0x80,
+ 0xc8, 0xa0, 0x64, 0xb6, 0x88, 0x6c, 0xfe, 0xcc, 0x17, 0x84, 0xf1, 0x14,
+ 0x2e, 0x6a, 0x55, 0xff, 0x85, 0xd2, 0x65, 0xeb, 0x25, 0xf9, 0x79, 0x54,
+ 0x55, 0x77, 0x9a, 0x04, 0xc7, 0xe3, 0x81, 0x27, 0x87, 0xf8, 0xa5, 0x8b,
+ 0x84, 0x5e, 0xfe, 0x5e, 0xeb, 0x5c, 0x96, 0x77, 0xef, 0x8f, 0xf3, 0xaf,
+ 0xff, 0x78, 0xa5, 0x00, 0x07, 0x2c, 0x87, 0x37, 0x5d},
{0xc1, 0xea, 0x62, 0x89, 0x1d, 0xb6, 0x99, 0xa2, 0xa0, 0x8e, 0xa5, 0xd0,
0x11, 0x80, 0xaf, 0xb7, 0x32, 0xb2, 0xb0, 0xce, 0x09, 0xd3, 0xd0, 0xa5,
0x8a, 0x73, 0xbb, 0x2b, 0xf1, 0x4f, 0x6b, 0xb7, 0xad, 0xd6, 0x66, 0x29,
0xfe, 0x97, 0x10, 0x1a, 0x20, 0x57, 0x03, 0x0a, 0x6b, 0x7b, 0x78, 0xfa,
0x20, 0x67, 0x54, 0x86, 0x6d, 0xb2, 0xd3, 0x6b, 0x2a, 0x03, 0xa7, 0x61,
0x6c, 0x38, 0x54, 0xf8, 0xaa, 0xb9, 0xed, 0xee, 0x7a, 0x09, 0x73, 0x27,
0x4d, 0x7e, 0x15, 0xe7, 0xfc, 0x1b, 0xff, 0xa3, 0xd1, 0x82, 0xfb, 0xa6,
0x9f, 0x29, 0x39, 0x49, 0x20, 0x79, 0xf8, 0x50, 0x08, 0xb9, 0xfa, 0x4b,
@@ -7751,22 +8023,37 @@ const RsaDecryptTestVector kRsa4096Decry
0x1a, 0x56, 0x7b, 0x2c, 0xdc, 0x91, 0xe5, 0x6b, 0x3c, 0x63, 0x79, 0xd2,
0x96, 0x09, 0xb5, 0x67, 0x27, 0xa5, 0x20, 0x55, 0x28, 0x87, 0x7b, 0xc3,
0x1d, 0x91, 0x90, 0x9b, 0x72, 0x3e, 0x9a, 0x56, 0xad, 0x73, 0xba, 0x15,
0xc7, 0xbb, 0x4a, 0x37, 0xf8, 0x77, 0x7e, 0x53, 0xa9, 0x1f, 0x95, 0xe1,
0xa5, 0x32, 0xbd, 0x39, 0x3e, 0xb8, 0x92, 0xbd, 0xa8, 0x2f, 0x42, 0x22,
0x03, 0x0c, 0xf4, 0xfb, 0x3e, 0x72, 0xf4, 0x5a, 0xe7, 0xe4, 0xaf, 0x23,
0xec, 0x51, 0x65, 0x29, 0x52, 0x45, 0xda, 0x32},
priv_key_66,
- false},
+ true},
// Comment: no zero after padding
// tcID: 23
{23,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x9d, 0x9a, 0x9a, 0x8b, 0x03, 0x17, 0x79, 0xc8, 0x54, 0xa7, 0x1c, 0xbb,
+ 0x80, 0xa6, 0x31, 0xf6, 0x9f, 0x56, 0x1a, 0x67, 0xcd, 0x5e, 0xb5, 0x7b,
+ 0xfa, 0xee, 0x51, 0xba, 0xfa, 0x67, 0xf2, 0x7a, 0x18, 0x3b, 0xb7, 0xf5,
+ 0x0d, 0xd8, 0xed, 0xf3, 0xbd, 0xf6, 0xe2, 0x1d, 0x58, 0x61, 0x93, 0x86,
+ 0x9e, 0x75, 0x60, 0x3a, 0xb6, 0x4c, 0x73, 0xb0, 0x65, 0x0a, 0x0f, 0xcd,
+ 0x66, 0x1f, 0x2e, 0x23, 0xfb, 0xc9, 0xd4, 0x7f, 0x95, 0xae, 0x7a, 0xfe,
+ 0xc3, 0xc6, 0xd9, 0x29, 0x14, 0xda, 0x2f, 0x89, 0x09, 0xab, 0x7c, 0x87,
+ 0x6a, 0xd5, 0x92, 0x64, 0xf9, 0x77, 0x42, 0x4e, 0x63, 0xdf, 0xb0, 0xac,
+ 0xdf, 0xf8, 0x3f, 0x8d, 0x38, 0xc5, 0x08, 0x85, 0xa7, 0x03, 0x05, 0x61,
+ 0x8b, 0x9f, 0x10, 0xdd, 0xcf, 0xad, 0x27, 0x74, 0xa1, 0x1d, 0xfc, 0xf3,
+ 0xe0, 0xb3, 0xc6, 0x88, 0x5c, 0x94, 0x40, 0x44, 0xba, 0x08, 0xc4, 0x22,
+ 0xcf, 0xc9, 0x09, 0x55, 0x85, 0x8c, 0xb1, 0x38, 0x8a, 0x2a, 0xc7, 0xf4,
+ 0xdb, 0x31, 0x33, 0x90, 0xec, 0x77, 0x96, 0x55, 0xc0, 0x91, 0x83, 0xd9,
+ 0xfa, 0x48, 0x49, 0xc5, 0xe3, 0xf2, 0x08, 0x29, 0xe9, 0x5e, 0x04, 0xf1,
+ 0xaa, 0x3a, 0x4f, 0x27},
{0x80, 0xbb, 0x96, 0x27, 0xf3, 0x7e, 0xf2, 0xec, 0xcf, 0x2a, 0x82, 0x3f,
0xce, 0x1d, 0x31, 0x73, 0x59, 0xc8, 0x5b, 0x15, 0x4d, 0x49, 0xe7, 0xa4,
0xbf, 0x71, 0x23, 0x54, 0x44, 0x99, 0x36, 0xe1, 0xba, 0xb0, 0x33, 0x2a,
0xd6, 0xb3, 0x7e, 0x48, 0xfb, 0x1d, 0x34, 0x66, 0xaf, 0xde, 0x77, 0xba,
0x5c, 0xed, 0x23, 0xfa, 0x82, 0xe9, 0xa2, 0xc9, 0x66, 0xf0, 0x5a, 0xc1,
0x7b, 0x12, 0xc7, 0x6b, 0x13, 0x4d, 0x36, 0x4b, 0x61, 0xb8, 0x95, 0xf5,
0x04, 0x8c, 0xe3, 0x0d, 0xba, 0x4c, 0xe4, 0x77, 0xb5, 0x60, 0x66, 0x81,
0xd7, 0xb4, 0x3e, 0xf8, 0xdc, 0xc2, 0x88, 0x4d, 0xd0, 0xe8, 0x06, 0xa0,
@@ -7801,22 +8088,42 @@ const RsaDecryptTestVector kRsa4096Decry
0x8d, 0x7a, 0x37, 0x22, 0x52, 0xdb, 0x62, 0x11, 0x4e, 0xfa, 0xe4, 0xf2,
0x3b, 0x9c, 0x08, 0xa8, 0x62, 0x55, 0x45, 0x5e, 0xcf, 0xfa, 0x9e, 0xb0,
0xbd, 0x31, 0x89, 0xad, 0x67, 0x99, 0x0b, 0x36, 0x10, 0x22, 0x24, 0x8f,
0x4b, 0xba, 0xd2, 0x79, 0xf4, 0xf2, 0x1b, 0x1f, 0x33, 0x50, 0x6f, 0x44,
0x04, 0x2e, 0x5c, 0x1c, 0x13, 0xf4, 0x04, 0x6b, 0x69, 0x8f, 0xbb, 0xf9,
0x8f, 0x50, 0xa8, 0x0e, 0x7d, 0x49, 0xa1, 0x9e, 0xbd, 0x9a, 0xbb, 0x23,
0x9f, 0x6d, 0xee, 0x93, 0xa1, 0x82, 0xbe, 0x92},
priv_key_66,
- false},
+ true},
// Comment: no padding
// tcID: 24
{24,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xc6, 0x07, 0xd2, 0x16, 0x2d, 0xe7, 0x23, 0x94, 0x24, 0x69, 0xf1, 0xc8,
+ 0x08, 0x6a, 0x45, 0x52, 0xa5, 0xa4, 0x09, 0x44, 0x1a, 0xb8, 0x23, 0x3b,
+ 0xb3, 0x10, 0xec, 0x3b, 0x53, 0x82, 0x8f, 0x12, 0x3b, 0x2d, 0x1a, 0x92,
+ 0x33, 0x82, 0x7b, 0x03, 0xba, 0x6b, 0xf8, 0xef, 0x74, 0x24, 0xaf, 0x52,
+ 0xa7, 0x67, 0xc4, 0x41, 0x54, 0x30, 0x16, 0x64, 0xdd, 0xc8, 0xff, 0x22,
+ 0x09, 0x8f, 0xe1, 0xd5, 0x33, 0x31, 0xf5, 0x9e, 0xc5, 0x7e, 0x06, 0xd2,
+ 0x45, 0x38, 0xff, 0xad, 0xd2, 0x0c, 0x9e, 0x4c, 0xf9, 0x13, 0xe5, 0xcf,
+ 0x56, 0x8e, 0xb9, 0xb0, 0xc4, 0xa0, 0x19, 0x5d, 0xa8, 0xcf, 0x81, 0x32,
+ 0x44, 0x68, 0xf7, 0x04, 0x33, 0x7a, 0x5b, 0xb7, 0xef, 0x49, 0xbb, 0xe2,
+ 0x7d, 0xaf, 0xd0, 0x15, 0x29, 0x9a, 0xed, 0xa7, 0x79, 0x02, 0x48, 0x62,
+ 0x52, 0x2c, 0x01, 0x4a, 0x67, 0xd0, 0x9f, 0x38, 0xb6, 0x6f, 0x3e, 0x0a,
+ 0x98, 0x93, 0x52, 0x78, 0x0e, 0x93, 0x56, 0x7e, 0x80, 0x92, 0x5c, 0x23,
+ 0xce, 0x72, 0x94, 0x99, 0xbb, 0x2d, 0x4c, 0xdd, 0x83, 0xfc, 0x5d, 0x52,
+ 0xa8, 0xca, 0xcb, 0x1e, 0x79, 0xd5, 0xb2, 0xaf, 0x9a, 0xde, 0x39, 0x51,
+ 0x9d, 0x52, 0x25, 0x3f, 0xe0, 0x71, 0xbb, 0x3c, 0x34, 0xe9, 0x59, 0x9a,
+ 0xb5, 0x81, 0x22, 0x1f, 0x1d, 0x8e, 0xd0, 0x0f, 0xc7, 0x84, 0xe8, 0x90,
+ 0x8c, 0x6f, 0x01, 0x71, 0x89, 0x02, 0x12, 0x2c, 0x80, 0xa7, 0x78, 0xe5,
+ 0x9a, 0xc1, 0x26, 0xc2, 0x25, 0xb8, 0xed, 0xec, 0xdf, 0x10, 0xe9, 0x2a,
+ 0x34, 0xe5, 0x32, 0xc6, 0xe7, 0x5c, 0xb4, 0x41, 0x0d, 0x6d, 0xff, 0xe1,
+ 0xc4, 0x3c},
{0x91, 0x7f, 0x64, 0x04, 0xf9, 0xaa, 0xd2, 0x8b, 0x2e, 0x68, 0xc5, 0xa6,
0xd8, 0xd8, 0x9d, 0x31, 0xa5, 0xd9, 0x63, 0xf5, 0x5c, 0x5b, 0x30, 0xe2,
0xe2, 0x32, 0x11, 0x82, 0x55, 0x9b, 0x9b, 0x42, 0x3d, 0x5c, 0xca, 0xe8,
0x80, 0x48, 0x21, 0x8f, 0xac, 0xf4, 0x0f, 0x30, 0x8b, 0x73, 0x5d, 0x4f,
0x74, 0x5c, 0xe7, 0xe7, 0x32, 0xf1, 0x71, 0xab, 0x18, 0x0f, 0xb0, 0x32,
0xcf, 0x20, 0x93, 0xbb, 0xaf, 0x4b, 0x3f, 0xec, 0xf0, 0xed, 0x91, 0x00,
0x4d, 0x8b, 0xce, 0x09, 0x8e, 0x1d, 0xe2, 0x79, 0xa8, 0xa4, 0xd0, 0x61,
0x7a, 0x80, 0x4b, 0xcf, 0x8b, 0x51, 0xd3, 0x7e, 0xbd, 0x5b, 0x05, 0x68,
@@ -7851,22 +8158,35 @@ const RsaDecryptTestVector kRsa4096Decry
0xdc, 0x50, 0xe6, 0xe3, 0x1e, 0xcd, 0x94, 0x89, 0xea, 0xac, 0x6c, 0x20,
0x66, 0x8d, 0x8e, 0x62, 0x71, 0x72, 0x07, 0xc0, 0xe8, 0xe1, 0xe0, 0x75,
0x9e, 0xe4, 0x3d, 0x89, 0x95, 0x6e, 0x09, 0xdc, 0xb1, 0x0c, 0xe8, 0xe5,
0xce, 0x1b, 0xc8, 0xb5, 0x02, 0x82, 0xb8, 0xf5, 0x51, 0x70, 0xc4, 0x37,
0x9c, 0x1a, 0x23, 0xaa, 0xbf, 0x2c, 0x14, 0xe3, 0xe1, 0xc2, 0x9b, 0xaf,
0x3f, 0x59, 0x45, 0xd2, 0x40, 0xb9, 0xb3, 0xb8, 0x58, 0x02, 0x83, 0x98,
0xb2, 0x71, 0xda, 0xd7, 0x15, 0xe7, 0xc7, 0x9e},
priv_key_66,
- false},
+ true},
// Comment: m = 2
// tcID: 25
{25,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x83, 0x11, 0x9b, 0x47, 0xb1, 0xce, 0xef, 0xa2, 0x99, 0xda, 0xa9, 0xc2,
+ 0x5f, 0x15, 0x2a, 0x4c, 0x28, 0x66, 0x6c, 0x70, 0x72, 0x7c, 0x71, 0x23,
+ 0x99, 0x06, 0xcd, 0xc1, 0xe9, 0xf3, 0x93, 0xc0, 0xec, 0x60, 0xfd, 0x2c,
+ 0x51, 0x10, 0xd7, 0x55, 0x70, 0x62, 0xa3, 0x99, 0x73, 0x59, 0xc4, 0x33,
+ 0x66, 0x2f, 0x9d, 0x8b, 0x6f, 0x4d, 0x4e, 0x47, 0xa6, 0xd2, 0x9d, 0x51,
+ 0xa5, 0xcf, 0x59, 0x86, 0x74, 0x31, 0xe8, 0xc2, 0x5a, 0xa3, 0xa4, 0x11,
+ 0x16, 0x0f, 0x99, 0xf3, 0x4f, 0x8e, 0x82, 0x08, 0xf3, 0x64, 0x46, 0xbb,
+ 0x0c, 0x8f, 0x7a, 0x58, 0xea, 0x54, 0xb2, 0xc3, 0x11, 0x89, 0xd4, 0xbe,
+ 0xcb, 0x51, 0xc3, 0x50, 0x72, 0x94, 0xca, 0xbb, 0xcd, 0xaa, 0x87, 0xbf,
+ 0x7f, 0xa1, 0x11, 0x0b, 0xa9, 0x5b, 0xe4, 0x7c, 0x83, 0x18, 0x76, 0xd8,
+ 0x43, 0x37, 0x91, 0xc1, 0x90, 0x23, 0x03, 0x67, 0x12, 0x28, 0x73, 0xc4,
+ 0x7c, 0xeb, 0x33, 0x26, 0x75, 0x8e, 0x1c, 0x29, 0x51, 0xbb, 0xbe, 0xb6,
+ 0xaa, 0x42, 0xe7, 0x0a, 0x49, 0x68, 0x65},
{0xe1, 0x14, 0xae, 0x9a, 0x71, 0x3e, 0x4c, 0xad, 0xce, 0x8b, 0xdc, 0x80,
0x66, 0x7f, 0x94, 0xaa, 0x59, 0x77, 0x88, 0xd8, 0xff, 0xef, 0x3b, 0xa7,
0x4e, 0xfc, 0xb8, 0xf8, 0xa2, 0x72, 0x20, 0x63, 0x94, 0x72, 0xe1, 0x57,
0x8a, 0x29, 0xcd, 0xd6, 0x30, 0x6c, 0x1a, 0xe9, 0xea, 0x46, 0x31, 0x2f,
0xd6, 0x92, 0x0f, 0xde, 0xa9, 0x04, 0xed, 0x8c, 0xed, 0xc4, 0xf2, 0x91,
0x69, 0xf0, 0x8b, 0x72, 0x89, 0xa1, 0x56, 0xbd, 0x55, 0x24, 0xb4, 0x36,
0x0f, 0x99, 0x0d, 0x87, 0xc4, 0xc8, 0x15, 0x1c, 0x3b, 0xba, 0xfd, 0x97,
0x0a, 0x50, 0x02, 0xc2, 0x27, 0x9c, 0x0d, 0xdc, 0x12, 0x6e, 0x38, 0xc5,
@@ -7901,22 +8221,34 @@ const RsaDecryptTestVector kRsa4096Decry
0x14, 0x19, 0x76, 0xec, 0x92, 0xd2, 0xf4, 0x84, 0x15, 0x2a, 0x33, 0x71,
0x3a, 0x1b, 0x40, 0x4f, 0x51, 0x52, 0x37, 0x70, 0xb0, 0xcd, 0xf7, 0x19,
0x56, 0xa1, 0x98, 0xf5, 0x11, 0xc4, 0xc2, 0xf4, 0xbb, 0xfb, 0x49, 0x62,
0x3e, 0x11, 0x3b, 0x83, 0x68, 0x1b, 0x56, 0xf6, 0xd6, 0x5d, 0xb6, 0xb9,
0x13, 0x81, 0xaf, 0xd5, 0xae, 0x12, 0x9a, 0xf4, 0xbb, 0xb6, 0xf5, 0xdd,
0x2d, 0x40, 0x86, 0xf1, 0xea, 0x8e, 0x22, 0xab, 0xa3, 0xa9, 0x30, 0x25,
0x88, 0x61, 0xcb, 0x8f, 0x26, 0x85, 0x3d, 0xba},
priv_key_66,
- false},
+ true},
// Comment: m = n-2
// tcID: 26
{26,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x46, 0x9e, 0xf3, 0x79, 0x73, 0x31, 0xba, 0xd6, 0x02, 0x6b, 0xc6, 0x5f,
+ 0xa5, 0x4a, 0x7a, 0xd7, 0x0b, 0xe3, 0x05, 0xbf, 0x23, 0x93, 0x75, 0xb9,
+ 0x51, 0x28, 0xf5, 0xca, 0xb2, 0xc7, 0x81, 0x8d, 0xda, 0x54, 0xdd, 0x15,
+ 0x54, 0x7c, 0xaa, 0x1b, 0x1f, 0x1a, 0xcc, 0x06, 0x00, 0x5d, 0xc8, 0x13,
+ 0xc6, 0x2f, 0x6c, 0x22, 0x9b, 0x6d, 0xff, 0x45, 0x01, 0xb1, 0xbe, 0x3d,
+ 0xc2, 0x89, 0x33, 0xec, 0x2c, 0x49, 0x6b, 0xdb, 0x23, 0xa2, 0xb0, 0xf4,
+ 0xa4, 0x49, 0x5f, 0x12, 0x93, 0x6b, 0x4b, 0x3b, 0x36, 0xd6, 0xef, 0x3b,
+ 0x00, 0xc8, 0x16, 0xcb, 0x90, 0xfa, 0x62, 0x0c, 0xa3, 0x1e, 0xc0, 0xaa,
+ 0xf6, 0x84, 0x79, 0x24, 0xc7, 0xc7, 0x87, 0x69, 0x02, 0xd8, 0xd8, 0x51,
+ 0xa5, 0xcf, 0x57, 0x20, 0xed, 0x92, 0x57, 0xbf, 0x8a, 0x4a, 0x5f, 0x0a,
+ 0x9b, 0xf0, 0x42, 0x5e, 0x17, 0x38, 0x73, 0x29, 0xb8, 0x8c, 0x6e, 0x69,
+ 0xa6, 0x2e, 0x67, 0x88, 0x04, 0x73},
{0x14, 0xed, 0x0f, 0x73, 0x5b, 0x91, 0xfd, 0xf6, 0x3c, 0x87, 0x17, 0x71,
0x2b, 0x2e, 0x83, 0x17, 0xa0, 0x51, 0x37, 0xdd, 0x8e, 0x8b, 0x3c, 0x39,
0xfc, 0xe5, 0xa3, 0x43, 0xd6, 0x95, 0xaa, 0xb9, 0x9f, 0x34, 0x0d, 0xea,
0x04, 0xca, 0x4a, 0x7c, 0xc2, 0xc0, 0x7d, 0x4f, 0x41, 0x7f, 0x98, 0x7f,
0x02, 0x8a, 0x0a, 0x36, 0x58, 0xc0, 0x16, 0x5d, 0xca, 0xd6, 0x4c, 0x55,
0x8b, 0x08, 0x5f, 0xbb, 0x86, 0x2e, 0x6d, 0x5e, 0x7b, 0x11, 0x55, 0x99,
0x5a, 0xf5, 0xa6, 0x22, 0xaa, 0x47, 0xa9, 0x06, 0xdc, 0xc0, 0x36, 0x44,
0x42, 0xe4, 0xb3, 0xaa, 0xea, 0xee, 0x7c, 0xdd, 0xf7, 0xbc, 0x86, 0x7b,
@@ -7951,22 +8283,42 @@ const RsaDecryptTestVector kRsa4096Decry
0xc7, 0xff, 0x10, 0x64, 0xcb, 0x80, 0xd9, 0x66, 0x43, 0x0a, 0x5e, 0xae,
0x58, 0x6a, 0xe9, 0x97, 0xf7, 0x9c, 0x99, 0x26, 0xfb, 0x72, 0x2d, 0xc9,
0x68, 0x83, 0xc4, 0x7b, 0x2f, 0x5a, 0xc4, 0x42, 0x7d, 0x4d, 0x86, 0x2c,
0x4c, 0x96, 0xb4, 0x76, 0xc2, 0xef, 0x5d, 0x86, 0x7b, 0x08, 0x52, 0x65,
0x07, 0x6c, 0x3c, 0x8a, 0xa8, 0x78, 0x7a, 0x67, 0x1e, 0x0b, 0x85, 0xe8,
0x31, 0xfe, 0x47, 0x44, 0x0d, 0xaf, 0x40, 0xc2, 0x19, 0x2c, 0x7b, 0xce,
0xfc, 0xd8, 0x39, 0x8e, 0x92, 0xc8, 0x12, 0x8b},
priv_key_66,
- false},
+ true},
// Comment: c = 0
// tcID: 27
{27,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xff, 0xc3, 0xee, 0x0f, 0x71, 0x4b, 0xb1, 0x7e, 0x0e, 0x1a, 0x51, 0x99,
+ 0x32, 0xd8, 0x0f, 0xbf, 0x0a, 0x35, 0x4f, 0xdf, 0xb1, 0x55, 0xfe, 0xe5,
+ 0x35, 0x9d, 0xb1, 0x84, 0x95, 0x14, 0x79, 0x00, 0xdd, 0x0a, 0xd2, 0x93,
+ 0xe3, 0xb4, 0x4d, 0x58, 0x0c, 0x36, 0xd7, 0xd3, 0x40, 0x06, 0xeb, 0x3c,
+ 0x50, 0xf7, 0x88, 0x78, 0x52, 0x88, 0x74, 0xfc, 0xc0, 0x4f, 0x3d, 0x19,
+ 0xd5, 0x33, 0xbf, 0x11, 0xcb, 0xcf, 0xe7, 0x38, 0xc1, 0x89, 0xa4, 0xc2,
+ 0xb5, 0xce, 0x33, 0x2a, 0x26, 0xa3, 0xbc, 0x4a, 0x4f, 0xe9, 0xfd, 0x6d,
+ 0x35, 0x5b, 0xa2, 0x40, 0xf5, 0x88, 0x7c, 0xef, 0xd6, 0x68, 0xa3, 0x9f,
+ 0x44, 0x28, 0xef, 0x95, 0x6c, 0xc3, 0xb8, 0xe2, 0xfc, 0x21, 0xa2, 0x76,
+ 0xdb, 0x75, 0x91, 0x67, 0xa7, 0x8a, 0x3d, 0x06, 0x11, 0x23, 0x39, 0xd3,
+ 0xbd, 0xe5, 0x62, 0xb8, 0x2d, 0xf7, 0x8b, 0x7c, 0x51, 0xd1, 0x31, 0x41,
+ 0xba, 0x19, 0xa8, 0xa8, 0x83, 0x93, 0xb5, 0x22, 0x3e, 0x95, 0x2d, 0xdf,
+ 0xe8, 0x63, 0xb5, 0xee, 0x89, 0x19, 0xd0, 0x1d, 0xcf, 0x55, 0x63, 0x7b,
+ 0x84, 0x49, 0x6a, 0xf6, 0x5b, 0x35, 0xdf, 0xb7, 0x43, 0x75, 0xbf, 0xd9,
+ 0x3a, 0x7c, 0x56, 0x21, 0x06, 0x59, 0x25, 0x46, 0x6d, 0xd6, 0xf8, 0xb3,
+ 0x82, 0x0c, 0x66, 0x23, 0xda, 0x37, 0xa6, 0x3f, 0x79, 0x6a, 0xd6, 0x95,
+ 0xaa, 0xb0, 0x04, 0xff, 0x8e, 0x27, 0xa8, 0x6d, 0x89, 0xd1, 0xf4, 0x8e,
+ 0xc9, 0x9a, 0xb9, 0x87, 0x82, 0x13, 0xfe, 0x77, 0x1b, 0xd9, 0xdc, 0x80,
+ 0x48, 0x21, 0x00, 0x5d, 0xa8, 0x3e, 0x3c, 0x28, 0x13, 0x98, 0x2b, 0xf5,
+ 0x0e, 0x7f, 0x8d, 0x32},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -8001,22 +8353,33 @@ const RsaDecryptTestVector kRsa4096Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
priv_key_66,
- false},
+ true},
// Comment: c = 1
// tcID: 28
{28,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0x74, 0xb2, 0x05, 0x5d, 0x73, 0x55, 0x62, 0x2e, 0x93, 0xc7, 0x91, 0xf0,
+ 0xc3, 0x20, 0x00, 0x25, 0xb9, 0x12, 0x86, 0x16, 0xea, 0x3a, 0x95, 0x2e,
+ 0x41, 0xa4, 0xd6, 0x68, 0x6b, 0xfb, 0x0c, 0x70, 0xcc, 0x56, 0x80, 0xdf,
+ 0x7e, 0x7e, 0x22, 0x9f, 0x06, 0x39, 0x08, 0xec, 0xc3, 0x30, 0x07, 0x10,
+ 0x6f, 0x62, 0x8c, 0x05, 0x59, 0xa6, 0xfd, 0x87, 0xdc, 0xb3, 0xce, 0x7f,
+ 0x9d, 0xc1, 0xc1, 0x1a, 0xf7, 0xb3, 0x46, 0x9e, 0xac, 0xfe, 0x41, 0x50,
+ 0x0d, 0x06, 0xf6, 0x27, 0x67, 0x97, 0xde, 0x26, 0xe6, 0x17, 0x01, 0xf8,
+ 0x6c, 0x41, 0xe0, 0x66, 0xaa, 0xe9, 0x3b, 0x43, 0x61, 0xeb, 0xd0, 0xfd,
+ 0x0b, 0xab, 0x1c, 0x8e, 0x21, 0x50, 0xff, 0xc1, 0x7f, 0x33, 0xe0, 0x7b,
+ 0x7f, 0xec, 0xee, 0xa0, 0x86, 0x7a, 0x57, 0x63, 0x42, 0x30, 0xf6, 0xb9,
+ 0x3c, 0x82, 0x5b, 0x24, 0x65, 0x75, 0x4c, 0xfa},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -8051,22 +8414,48 @@ const RsaDecryptTestVector kRsa4096Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
priv_key_66,
- false},
+ true},
// Comment: c = n-1
// tcID: 29
{29,
- {0x54, 0x65, 0x73, 0x74},
+ // This is a Bleichenbacher synthetic generated result
+ {0xa2, 0xa6, 0x74, 0x8f, 0x27, 0x2c, 0x28, 0x3c, 0xb4, 0xe3, 0x39, 0x6b,
+ 0xc4, 0xd6, 0x55, 0x06, 0xbc, 0xdb, 0x8d, 0x25, 0x6a, 0x75, 0x8c, 0x0b,
+ 0xc0, 0xa5, 0xc9, 0x85, 0xba, 0x71, 0x62, 0x2f, 0x88, 0x9d, 0xd1, 0x1e,
+ 0x47, 0x03, 0xb5, 0x0e, 0xff, 0x43, 0x90, 0xda, 0xcd, 0x85, 0x7c, 0x30,
+ 0xad, 0xa1, 0x47, 0x0f, 0xbe, 0x07, 0x6e, 0xcd, 0xbc, 0x60, 0x88, 0xb3,
+ 0x1a, 0x2b, 0xce, 0x12, 0x30, 0x95, 0xea, 0x46, 0x91, 0x86, 0xee, 0x0f,
+ 0x8d, 0x39, 0x73, 0xb6, 0xbb, 0x2e, 0x67, 0x87, 0x73, 0x2c, 0x1b, 0x50,
+ 0x65, 0xa3, 0xbf, 0x32, 0x85, 0x2e, 0x2f, 0x5d, 0xd1, 0x93, 0xa8, 0x9c,
+ 0xc2, 0xe4, 0x32, 0x07, 0x9d, 0x1c, 0x85, 0xb2, 0x5b, 0x75, 0xd6, 0x52,
+ 0x9f, 0x64, 0x37, 0x50, 0xa2, 0x8a, 0x78, 0x88, 0x09, 0x0a, 0x19, 0xd5,
+ 0x6d, 0x33, 0x96, 0x01, 0x4e, 0xd9, 0x64, 0x06, 0xc7, 0xc6, 0x55, 0x51,
+ 0x4e, 0x93, 0x95, 0x05, 0x9a, 0xb3, 0xee, 0xeb, 0xe5, 0xe1, 0xea, 0xe4,
+ 0xe1, 0x82, 0x0a, 0xe3, 0xe1, 0x05, 0xd1, 0xf0, 0x9a, 0xe8, 0xc8, 0xe9,
+ 0xb6, 0x57, 0x78, 0x61, 0x3d, 0x2c, 0x53, 0x9c, 0x8e, 0x57, 0x21, 0x56,
+ 0xa3, 0x16, 0x26, 0x1a, 0x85, 0x9c, 0xa9, 0x7d, 0x80, 0x18, 0x80, 0xf4,
+ 0x0f, 0x60, 0x4d, 0xed, 0xdb, 0xfb, 0x0a, 0x4e, 0x6c, 0xd4, 0x51, 0x5b,
+ 0x9c, 0xfa, 0xa8, 0xb0, 0xda, 0x6a, 0x29, 0x39, 0xa1, 0x9c, 0xa5, 0xb0,
+ 0xc2, 0x86, 0xd3, 0xb0, 0x75, 0xa7, 0xaf, 0x9a, 0x2e, 0x38, 0x9a, 0x73,
+ 0xe3, 0x67, 0xab, 0xf2, 0xd5, 0x60, 0xd9, 0xcc, 0x50, 0x56, 0x58, 0x5d,
+ 0xce, 0x45, 0x48, 0x81, 0x30, 0x4e, 0x69, 0x45, 0x78, 0x8d, 0x9c, 0xa3,
+ 0xb1, 0x21, 0xac, 0x26, 0xf7, 0xe3, 0xca, 0xad, 0x8c, 0xb5, 0x8d, 0x64,
+ 0xbb, 0x6e, 0x4b, 0x75, 0x13, 0xf5, 0x1e, 0x5c, 0x75, 0x29, 0xaf, 0x30,
+ 0x23, 0x89, 0x5f, 0x03, 0x19, 0xba, 0xaf, 0x7c, 0x38, 0xd3, 0x64, 0x7c,
+ 0x9b, 0xbf, 0xa3, 0xce, 0x33, 0x29, 0xcb, 0x9c, 0x87, 0x7e, 0x59, 0xef,
+ 0x49, 0xe4, 0xde, 0x10, 0x4b, 0x20, 0xbe, 0xa0, 0xc8, 0x37, 0x67, 0x11,
+ 0xba, 0xa2, 0x7f, 0x6e, 0x0f, 0xb5},
{0xf6, 0x01, 0xbe, 0x0d, 0xcc, 0xd0, 0x4a, 0xa4, 0x0b, 0x12, 0xf3, 0xf1,
0x91, 0xae, 0x17, 0xc1, 0xf9, 0xc8, 0xc0, 0xb6, 0x8e, 0x7a, 0x77, 0xe1,
0x4b, 0xe2, 0x5c, 0x3c, 0x79, 0x07, 0xcb, 0x1d, 0x33, 0xa6, 0xef, 0x41,
0x8e, 0xf4, 0x18, 0x52, 0xf3, 0x2c, 0x98, 0x39, 0x2b, 0xc5, 0xc9, 0xae,
0xd9, 0x1c, 0x1a, 0x15, 0x01, 0xc5, 0x03, 0xea, 0xb8, 0x9b, 0x3e, 0xe6,
0xf4, 0xf8, 0xeb, 0x2e, 0x0f, 0xcf, 0xc4, 0x1b, 0xd0, 0x36, 0x09, 0xcf,
0x6a, 0x8e, 0xb3, 0xaa, 0x6f, 0x0f, 0xbe, 0x23, 0x18, 0x7b, 0x33, 0xdb,
0x4d, 0x34, 0xb6, 0x6d, 0x12, 0x8a, 0x8a, 0xba, 0x0a, 0x2a, 0xbf, 0x40,
@@ -8101,17 +8490,17 @@ const RsaDecryptTestVector kRsa4096Decry
0xdc, 0x18, 0x87, 0x51, 0x5e, 0x53, 0xcd, 0xea, 0x58, 0x34, 0x92, 0x1f,
0x92, 0x86, 0x29, 0xe7, 0x48, 0xee, 0xd0, 0x97, 0xac, 0x40, 0x24, 0xe2,
0xbf, 0x25, 0x5d, 0x70, 0x41, 0x1f, 0x87, 0x37, 0x39, 0x48, 0xcf, 0x8e,
0x8a, 0xa7, 0xef, 0xfa, 0x2b, 0x0a, 0xb4, 0x7d, 0x51, 0x66, 0x09, 0x1e,
0x1a, 0xed, 0xec, 0x60, 0x56, 0x8b, 0x15, 0x5b, 0xd9, 0xc2, 0x7b, 0xc5,
0x5f, 0x3e, 0xce, 0x35, 0xf8, 0x3d, 0x63, 0x6d, 0xbc, 0xd5, 0xab, 0xf4,
0x85, 0x3a, 0x05, 0x1d, 0xb9, 0x4d, 0x50, 0x44},
priv_key_66,
- false},
+ true},
// Comment: ciphertext is empty
// tcID: 30
{30, {0x54, 0x65, 0x73, 0x74}, {}, priv_key_66, false},
// Comment: prepended bytes to ciphertext
// tcID: 31
{31,
@@ -10029,58 +10418,34 @@ const RsaDecryptTestVector kRsa4096Decry
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
priv_key_89,
true},
// Comment: edge case for montgomery reduction with special primes
// tcID: 57
{57,
- {0xe7, 0x6e, 0x5a, 0xfe, 0xd8, 0x6d, 0xf0, 0x19, 0x22, 0x63, 0x29, 0xb0,
- 0x40, 0x16, 0xeb, 0x6b, 0x10, 0x1e, 0x9b, 0xcf, 0x2f, 0x7b, 0x34, 0xbe,
- 0x04, 0xcf, 0xdb, 0x34, 0x38, 0x98, 0xd4, 0xf8, 0xa7, 0x3b, 0xb5, 0xdf,
- 0xa6, 0xb9, 0xf6, 0xbc, 0xf1, 0xb8, 0x34, 0x74, 0xea, 0x1c, 0xf1, 0xc0,
- 0x89, 0x13, 0x1d, 0x97, 0x6b, 0x90, 0x64, 0x71, 0x75, 0x49, 0x6a, 0x4c,
- 0xf9, 0x4a, 0x75, 0xb0, 0x8a, 0x0b, 0x2f, 0xad, 0xe4, 0x57, 0x92, 0xd6,
- 0x5b, 0x7a, 0x98, 0xb1, 0x65, 0x07, 0xc3, 0x3c, 0x10, 0x8a, 0xf2, 0x4b,
- 0xde, 0x91, 0xb7, 0xdf, 0x28, 0x8b, 0x89, 0x93, 0x95, 0x1c, 0x34, 0x6e,
- 0x25, 0x74, 0x86, 0x7c, 0xdb, 0x1c, 0xd5, 0xdb, 0x39, 0xf0, 0x04, 0x1e,
- 0x0d, 0x09, 0x05, 0x43, 0xd5, 0x13, 0x18, 0xed, 0xb5, 0x2f, 0x3b, 0x92,
- 0x26, 0x13, 0x48, 0xa2, 0x1b, 0x46, 0x50, 0xcb, 0x56, 0xf0, 0x05, 0xa3,
- 0x2a, 0x3e, 0x39, 0xf5, 0x76, 0xc2, 0x47, 0x87, 0x39, 0xf9, 0x7c, 0xed,
- 0xf7, 0x30, 0x1c, 0x39, 0xeb, 0xef, 0xbb, 0xe4, 0xd5, 0x10, 0xaa, 0x59,
- 0x7f, 0x4b, 0x00, 0x49, 0xf8, 0xa5, 0xe8, 0x8b, 0xe7, 0xb6, 0x6b, 0x97,
- 0x79, 0x65, 0x51, 0xdb, 0x30, 0xfb, 0x14, 0x64, 0x9a, 0x4a, 0x2d, 0x9d,
- 0xce, 0x4a, 0x69, 0x31, 0x9f, 0x39, 0xe5, 0xab, 0x86, 0xdc, 0xd1, 0x0b,
- 0x08, 0xcf, 0xee, 0x31, 0x2a, 0xb1, 0x7d, 0x59, 0xe2, 0x91, 0x8b, 0xe1,
- 0x2c, 0xa1, 0x93, 0x9e, 0x44, 0x4c, 0xb2, 0x0d, 0x5a, 0xfa, 0x37, 0xaa,
- 0x02, 0xd2, 0x3e, 0x54, 0x11, 0x03, 0xae, 0xd8, 0x0a, 0x76, 0xf2, 0xcc,
- 0xff, 0x76, 0x36, 0xaa, 0x1d, 0xf8, 0x79, 0x8c, 0xa5, 0x7f, 0x2d, 0x11,
- 0x07, 0x5b, 0x3f, 0xed, 0x23, 0x87, 0x87, 0x3e, 0x41, 0x80, 0xa6, 0xde,
- 0x99, 0x14, 0xbd, 0xfa, 0xe3, 0x66, 0xca, 0xf8, 0x90, 0x37, 0x10, 0x5d,
- 0x53, 0x21, 0x02, 0xa7, 0x10, 0x02, 0x68, 0xc8, 0x7e, 0x9f, 0x79, 0x19,
- 0x86, 0x4c, 0x64, 0x04, 0xd4, 0x9c, 0x30, 0x8f, 0x53, 0xdd, 0x40, 0xc4,
- 0xf2, 0xc4, 0x21, 0x6b, 0x5e, 0x0c, 0x13, 0x1f, 0x1a, 0x97, 0x8b, 0xac,
- 0x16, 0xa2, 0xc7, 0xb3, 0xee, 0x62, 0x12, 0xfb, 0x17, 0xe4, 0x2e, 0xe6,
- 0x9b, 0x33, 0x94, 0xe2, 0xc0, 0x72, 0x64, 0xda, 0x95, 0x4b, 0x32, 0x2d,
- 0xf4, 0x2a, 0xac, 0x99, 0x9e, 0x50, 0x32, 0xba, 0xb4, 0xe2, 0x51, 0x18,
- 0x58, 0xc8, 0x30, 0x95, 0x4e, 0x61, 0xcb, 0xa0, 0x87, 0xa0, 0x6c, 0x94,
- 0xa9, 0x3e, 0x69, 0x30, 0x81, 0xa7, 0x06, 0xa4, 0xe0, 0xa2, 0xb9, 0xce,
- 0xe5, 0xc3, 0x6f, 0x94, 0x18, 0x66, 0xdf, 0xe6, 0xd8, 0x01, 0xe9, 0x66,
- 0x0e, 0x8b, 0xab, 0x8d, 0x6f, 0x17, 0x5a, 0x26, 0x37, 0x09, 0xa7, 0xed,
- 0x26, 0x6f, 0xd1, 0x35, 0x0e, 0xf8, 0x8b, 0x4a, 0xb9, 0x13, 0xc1, 0x39,
- 0x9d, 0x69, 0x3c, 0x8e, 0x79, 0xde, 0xca, 0x2c, 0xe3, 0x5d, 0xee, 0x6a,
- 0xc1, 0xab, 0x1c, 0xe6, 0x6f, 0x8f, 0xd1, 0x2b, 0x62, 0xae, 0x98, 0x0e,
- 0x2c, 0x8f, 0xf7, 0x52, 0x87, 0xcc, 0x0b, 0x5d, 0xe2, 0xda, 0x59, 0x2b,
- 0xbe, 0x36, 0x74, 0x50, 0xab, 0x9c, 0x75, 0xee, 0xca, 0x6e, 0xeb, 0x2d,
- 0xcf, 0xd2, 0x9f, 0x74, 0x86, 0x3c, 0xf8, 0xb9, 0x6e, 0x9c, 0x97, 0x9d,
- 0xa7, 0xb2, 0x49, 0x82, 0x60, 0x8f, 0xcf, 0xb1, 0xbd, 0x7c, 0x20, 0x64,
- 0xd1, 0x52, 0x04, 0xff, 0x67, 0x89, 0x79, 0xae, 0xcf, 0x68, 0x66, 0x0b,
- 0x6c, 0x55, 0xaa, 0xbf, 0x06, 0xd4, 0xb3, 0x6d, 0xc2, 0xde, 0xac, 0x17,
- 0x2c, 0xba, 0xe6, 0xc7, 0xb6, 0x8d, 0xa1, 0x08, 0xcf, 0x0b},
+ // This is a Bleichenbacher synthetic generated result
+ {0x63, 0x3c, 0x2d, 0x5d, 0xb9, 0x4c, 0x7b, 0x8f, 0xc2, 0x91, 0x1d, 0xe0,
+ 0xbd, 0x85, 0x7d, 0x5e, 0x9a, 0xd8, 0xe6, 0x67, 0x3c, 0xf9, 0x88, 0x4a,
+ 0x68, 0x37, 0x92, 0x4f, 0x56, 0xf1, 0xec, 0x7f, 0x8c, 0x2a, 0xd0, 0xdd,
+ 0x30, 0xd9, 0x6f, 0x7f, 0x6b, 0x0e, 0xe8, 0x8b, 0x65, 0x65, 0x92, 0xba,
+ 0xa4, 0x38, 0xda, 0x60, 0x5a, 0x61, 0x38, 0x48, 0xd2, 0xda, 0x2a, 0xec,
+ 0x32, 0x99, 0x39, 0x5f, 0x4b, 0x9c, 0x70, 0xff, 0x63, 0x44, 0x5f, 0x83,
+ 0x07, 0x1e, 0xae, 0x8a, 0xc7, 0xe9, 0x22, 0x88, 0x6d, 0xeb, 0xca, 0x4c,
+ 0xb4, 0xf1, 0xfc, 0x05, 0x6d, 0x75, 0x7b, 0x4a, 0x04, 0x4e, 0xe1, 0xec,
+ 0x40, 0x26, 0x30, 0xc8, 0x4b, 0x2b, 0xad, 0x52, 0x02, 0x23, 0xd8, 0xd5,
+ 0x89, 0x1c, 0x4e, 0x88, 0xb4, 0xe0, 0x0a, 0x0f, 0x0b, 0xef, 0x44, 0x83,
+ 0x35, 0xda, 0x7d, 0xbc, 0xf8, 0xbb, 0x6d, 0x1c, 0x2a, 0xaf, 0x7f, 0xf2,
+ 0xe8, 0x22, 0x15, 0xef, 0xc2, 0x39, 0xcd, 0xaa, 0x77, 0xa9, 0x8a, 0x89,
+ 0x87, 0x8d, 0x37, 0xb7, 0xc0, 0xb9, 0x75, 0x2d, 0x03, 0x2f, 0x33, 0xe5,
+ 0x8b, 0x46, 0x59, 0xb8, 0x2a, 0x96, 0xc7, 0x21, 0xa6, 0xcb, 0xab, 0x5a,
+ 0xde, 0x1a, 0x6b, 0xc0, 0x20, 0xf2, 0xd0, 0xc8, 0xb5, 0x5c, 0xd4, 0x7a,
+ 0xbf, 0xcb, 0xb7, 0x6b, 0x11, 0xf7, 0x89, 0xa3, 0x65, 0xa3, 0x42, 0xce,
+ 0x59, 0x01, 0x75},
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -10115,17 +10480,17 @@ const RsaDecryptTestVector kRsa4096Decry
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
priv_key_90,
- false},
+ true},
// Comment: edge case for montgomery reduction with special primes
// tcID: 58
{58,
{0x49, 0x68, 0xaf, 0xfb, 0xa6, 0x21, 0xd9, 0x9a, 0x54, 0x6d, 0x86, 0xae,
0xa6, 0x0e, 0x00, 0xf6, 0x5d, 0x72, 0xfa, 0xda, 0xe9, 0x41, 0x62, 0xb0,
0x36, 0x63, 0xdf, 0x29, 0x6d, 0xdd, 0x98, 0xc4, 0x7e, 0x96, 0x04, 0x08,
0x96, 0x57, 0x99, 0x4b, 0x6b, 0x07, 0xb3, 0x9d, 0x42, 0x92, 0x5e, 0xe7,new file mode 100644
--- /dev/null
+++ b/gtests/freebl_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
new file mode 100644
--- /dev/null
+++ b/gtests/freebl_gtest/manifest.mn
@@ -0,0 +1,38 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+MODULE = nss
+
+# we'll need to figure out how to get these symbols linked
+# in before we include these tests:
+# mpi_unittest.cc
+# ghash_unittest.cc
+CPPSRCS = \
+ dh_unittest.cc \
+ ecl_unittest.cc \
+ rsa_unittest.cc \
+ cmac_unittests.cc \
+ $(NULL)
+
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/lib/freebl/ecl \
+ -I$(CORE_DEPTH)/lib/freebl/mpi \
+ -I$(CORE_DEPTH)/lib/freebl \
+ -I$(CORE_DEPTH)/gtests/common \
+ -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr nss libdbm gtest cpputil
+
+PROGRAM = freebl_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
+ $(NULL)
+
+USE_STATIC_LIBS=1
--- a/gtests/freebl_gtest/rsa_unittest.cc
+++ b/gtests/freebl_gtest/rsa_unittest.cc
@@ -73,26 +73,30 @@ TEST_F(RSATest, DecryptBlockTestErrors)
// This should fail because input the same size as the modulus (256).
SECStatus rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen,
in_small, sizeof(in_small));
EXPECT_EQ(SECFailure, rv);
uint8_t in[256] = {0};
// This should fail because the padding checks will fail.
+ // however, Bleichenbacher preventions means that failure would be
+ // a different output.
rv = RSA_DecryptBlock(key.get(), out, &outputLen, maxOutputLen, in,
sizeof(in));
- EXPECT_EQ(SECFailure, rv);
- // outputLen should be maxOutputLen.
- EXPECT_EQ(maxOutputLen, outputLen);
+ EXPECT_EQ(SECSuccess, rv);
+ // outputLen should <= 256-11=245.
+ EXPECT_LE(outputLen, 245u);
// This should fail because the padding checks will fail.
+ // however, Bleichenbacher preventions means that failure would be
+ // a different output.
uint8_t out_long[260] = {0};
maxOutputLen = sizeof(out_long);
rv = RSA_DecryptBlock(key.get(), out_long, &outputLen, maxOutputLen, in,
sizeof(in));
- EXPECT_EQ(SECFailure, rv);
+ EXPECT_EQ(SECSuccess, rv);
// outputLen should <= 256-11=245.
EXPECT_LE(outputLen, 245u);
// Everything over 256 must be 0 in the output.
uint8_t out_long_test[4] = {0};
EXPECT_EQ(0, memcmp(out_long_test, &out_long[256], 4));
}--- a/gtests/manifest.mn
+++ b/gtests/manifest.mn
@@ -22,16 +22,17 @@ endif
ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
ifneq ($(NSS_BUILD_UTIL_ONLY),1)
NSS_SRCDIRS = \
certdb_gtest \
certhigh_gtest \
cryptohi_gtest \
der_gtest \
+ freebl_gtest \
pk11_gtest \
smime_gtest \
softoken_gtest \
ssl_gtest \
$(SYSINIT_GTEST) \
nss_bogo_shim \
pkcs11testmodule \
$(NULL)
--- a/gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc
+++ b/gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc
@@ -8,16 +8,17 @@
#include "cpputil.h"
#include "cryptohi.h"
#include "gtest/gtest.h"
#include "limits.h"
#include "nss.h"
#include "nss_scoped_ptrs.h"
#include "pk11pub.h"
+#include "databuffer.h"
#include "testvectors/rsa_pkcs1_2048_test-vectors.h"
#include "testvectors/rsa_pkcs1_3072_test-vectors.h"
#include "testvectors/rsa_pkcs1_4096_test-vectors.h"
namespace nss_test {
class RsaDecryptWycheproofTest
@@ -39,23 +40,25 @@ class RsaDecryptWycheproofTest
ScopedSECKEYPrivateKey priv_key(key);
// Decrypt
std::vector<uint8_t> decrypted(PR_MAX(1, vec.ct.size()));
unsigned int decrypted_len = 0;
rv = PK11_PrivDecryptPKCS1(priv_key.get(), decrypted.data(), &decrypted_len,
decrypted.size(), vec.ct.data(), vec.ct.size());
- // RSA_DecryptBlock returns SECFailure with an empty message.
- if (vec.valid && vec.msg.size()) {
+ if (vec.valid) {
EXPECT_EQ(SECSuccess, rv);
decrypted.resize(decrypted_len);
EXPECT_EQ(vec.msg, decrypted);
} else {
- EXPECT_EQ(SECFailure, rv);
+ DataBuffer::SetLogLimit(512);
+ decrypted.resize(decrypted_len);
+ EXPECT_EQ(SECFailure, rv)
+ << "Returned:" << DataBuffer(decrypted.data(), decrypted.size());
}
};
};
TEST_P(RsaDecryptWycheproofTest, Pkcs1Decrypt) { TestDecrypt(GetParam()); }
INSTANTIATE_TEST_SUITE_P(WycheproofRsa2048DecryptTest, RsaDecryptWycheproofTest,
::testing::ValuesIn(kRsa2048DecryptWycheproofVectors));--- a/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
+++ b/gtests/pk11_gtest/pk11_rsaoaep_unittest.cc
@@ -152,36 +152,52 @@ TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwr
ScopedSECItem wrapped(SECITEM_AllocItem(nullptr, nullptr, kwrappedBufLen));
rv = PK11_PubWrapSymKeyWithMechanism(pub.get(), CKM_RSA_PKCS_OAEP, ¶m,
to_wrap.get(), wrapped.get());
ASSERT_EQ(rv, SECSuccess);
PK11SymKey* p_unwrapped_tmp = nullptr;
- // This fails because this method is broken and assumes CKM_RSA_PKCS and
- // doesn't understand OAEP.
+ // Extract key's value in order to validate decryption worked.
+ rv = PK11_ExtractKeyValue(to_wrap.get());
+ ASSERT_EQ(rv, SECSuccess);
+
+ // References owned by PKCS#11 layer; no need to scope and free.
+ SECItem* expectedItem = PK11_GetKeyData(to_wrap.get());
+
+ // This assumes CKM_RSA_PKCS and doesn't understand OAEP.
+ // CKM_RSA_PKCS cannot safely return errors, however, as it can lead
+ // to Blecheinbaucher-like attacks. To solve this there's a new definition
+ // that generates fake key material based on the message and private key.
+ // This returned key material will not be the key we were expecting, so
+ // make sure that's the case:
p_unwrapped_tmp = PK11_PubUnwrapSymKey(priv.get(), wrapped.get(), CKM_AES_CBC,
CKA_DECRYPT, 16);
- ASSERT_EQ(p_unwrapped_tmp, nullptr);
+ // as long as the wrapped data is legal RSA length of the key
+ // (which is should be), then CKM_RSA_PKCS should not fail.
+ ASSERT_NE(p_unwrapped_tmp, nullptr);
+ ScopedPK11SymKey fakeUnwrapped;
+ fakeUnwrapped.reset(p_unwrapped_tmp);
+ rv = PK11_ExtractKeyValue(fakeUnwrapped.get());
+ ASSERT_EQ(rv, SECSuccess);
+
+ // References owned by PKCS#11 layer; no need to scope and free.
+ SECItem* fakeItem = PK11_GetKeyData(fakeUnwrapped.get());
+ ASSERT_NE(SECITEM_CompareItem(fakeItem, expectedItem), 0);
ScopedPK11SymKey unwrapped;
p_unwrapped_tmp = PK11_PubUnwrapSymKeyWithMechanism(
priv.get(), CKM_RSA_PKCS_OAEP, ¶m, wrapped.get(), CKM_AES_CBC,
CKA_DECRYPT, 16);
ASSERT_NE(p_unwrapped_tmp, nullptr);
unwrapped.reset(p_unwrapped_tmp);
- // Extract key's value in order to validate decryption worked.
- rv = PK11_ExtractKeyValue(to_wrap.get());
- ASSERT_EQ(rv, SECSuccess);
-
rv = PK11_ExtractKeyValue(unwrapped.get());
ASSERT_EQ(rv, SECSuccess);
// References owned by PKCS#11 layer; no need to scope and free.
- SECItem* expectedItem = PK11_GetKeyData(to_wrap.get());
SECItem* actualItem = PK11_GetKeyData(unwrapped.get());
ASSERT_EQ(SECITEM_CompareItem(actualItem, expectedItem), 0);
}
} // namespace nss_test--- a/lib/freebl/alghmac.c
+++ b/lib/freebl/alghmac.c
@@ -32,37 +32,30 @@ HMAC_Destroy(HMACContext *cx, PRBool fre
if (cx->hash != NULL) {
cx->hashobj->destroy(cx->hash, PR_TRUE);
PORT_Memset(cx, 0, sizeof *cx);
}
if (freeit)
PORT_Free(cx);
}
-SECStatus
-HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
- const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+/* just setup the hmac key */
+static SECStatus
+hmac_initKey(HMACContext *cx, const unsigned char *secret,
+ unsigned int secret_len, PRBool isFIPS)
{
+
unsigned int i;
unsigned char hashed_secret[HASH_LENGTH_MAX];
/* required by FIPS 198 Section 3 */
- if (isFIPS && secret_len < hash_obj->length / 2) {
+ if (isFIPS && secret_len < cx->hashobj->length / 2) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- if (cx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
- }
- cx->wasAllocated = PR_FALSE;
- cx->hashobj = hash_obj;
- cx->hash = cx->hashobj->create();
- if (cx->hash == NULL)
- goto loser;
if (secret_len > cx->hashobj->blocklength) {
cx->hashobj->begin(cx->hash);
cx->hashobj->update(cx->hash, secret, secret_len);
PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
cx->hashobj->end(cx->hash, hashed_secret, &secret_len,
sizeof hashed_secret);
if (secret_len != cx->hashobj->length) {
@@ -80,16 +73,41 @@ HMAC_Init(HMACContext *cx, const SECHash
cx->ipad[i] ^= secret[i];
cx->opad[i] ^= secret[i];
}
PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
return SECSuccess;
loser:
PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+ return SECFailure;
+}
+
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+ SECStatus rv;
+
+ if (cx == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ cx->wasAllocated = PR_FALSE;
+ cx->hashobj = hash_obj;
+ cx->hash = cx->hashobj->create();
+ if (cx->hash == NULL)
+ goto loser;
+
+ rv = hmac_initKey(cx, secret, secret_len, isFIPS);
+ if (rv != SECSuccess)
+ goto loser;
+
+ return rv;
+loser:
if (cx->hash != NULL)
cx->hashobj->destroy(cx->hash, PR_TRUE);
return SECFailure;
}
HMACContext *
HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
unsigned int secret_len, PRBool isFIPS)
@@ -102,16 +120,44 @@ HMAC_Create(const SECHashObject *hash_ob
cx->wasAllocated = PR_TRUE;
if (rv != SECSuccess) {
PORT_Free(cx); /* contains no secret info */
cx = NULL;
}
return cx;
}
+/* this allows us to reuse an existing HMACContext with a new key and
+ * Hash function */
+SECStatus
+HMAC_ReInit(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+ PRBool wasAllocated;
+ SECStatus rv;
+
+ /* if we are using the same hash, keep the hash contexts and only
+ * init the key */
+ if ((cx->hashobj == hash_obj) && (cx->hash != NULL)) {
+ return hmac_initKey(cx, secret, secret_len, isFIPS);
+ }
+ /* otherwise we destroy the contents of the context and
+ * initalize it from scratch. We need to preseve the current state
+ * of wasAllocated to the final destroy works correctly */
+ wasAllocated = cx->wasAllocated;
+ cx->wasAllocated = PR_FALSE;
+ HMAC_Destroy(cx, PR_FALSE);
+ rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ cx->wasAllocated = wasAllocated;
+ return SECSuccess;
+}
+
void
HMAC_Begin(HMACContext *cx)
{
/* start inner hash */
cx->hashobj->begin(cx->hash);
cx->hashobj->update(cx->hash, cx->ipad, cx->hashobj->blocklength);
}
--- a/lib/freebl/alghmac.h
+++ b/lib/freebl/alghmac.h
@@ -25,16 +25,22 @@ extern HMACContext *
HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
unsigned int secret_len, PRBool isFIPS);
/* like HMAC_Create, except caller allocates HMACContext. */
SECStatus
HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
+/* like HMAC_Init, except caller passes in an existing context
+ * previously used by either HMAC_Create or HMAC_Init. */
+SECStatus
+HMAC_ReInit(HMACContext *cx, const SECHashObject *hash_obj,
+ const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
+
/* reset HMAC for a fresh round */
extern void
HMAC_Begin(HMACContext *cx);
/* update HMAC
* cx HMAC Context
* data the data to perform HMAC on
* data_len the length of the data to process--- a/lib/freebl/rsapkcs.c
+++ b/lib/freebl/rsapkcs.c
@@ -927,75 +927,295 @@ RSA_EncryptBlock(RSAPublicKey *key,
return SECSuccess;
failure:
if (formatted.data != NULL)
PORT_ZFree(formatted.data, modulusLen);
return SECFailure;
}
-/* XXX Doesn't set error code */
+static HMACContext *
+rsa_GetHMACContext(const SECHashObject *hash, RSAPrivateKey *key,
+ const unsigned char *input, unsigned int inputLen)
+{
+ unsigned char keyHash[HASH_LENGTH_MAX];
+ void *hashContext;
+ HMACContext *hmac = NULL;
+ unsigned int privKeyLen = key->privateExponent.len;
+ unsigned int keyLen;
+ SECStatus rv;
+
+ /* first get the key hash (should store in the key structure) */
+ PORT_Memset(keyHash, 0, sizeof(keyHash));
+ hashContext = (*hash->create)();
+ if (hashContext == NULL) {
+ return NULL;
+ }
+ (*hash->begin)(hashContext);
+ if (privKeyLen < inputLen) {
+ int padLen = inputLen - privKeyLen;
+ while (padLen > sizeof(keyHash)) {
+ (*hash->update)(hashContext, keyHash, sizeof(keyHash));
+ padLen -= sizeof(keyHash);
+ }
+ (*hash->update)(hashContext, keyHash, padLen);
+ }
+ (*hash->update)(hashContext, key->privateExponent.data, privKeyLen);
+ (*hash->end)(hashContext, keyHash, &keyLen, sizeof(keyHash));
+ (*hash->destroy)(hashContext, PR_TRUE);
+
+ /* now create the hmac key */
+ hmac = HMAC_Create(hash, keyHash, keyLen, PR_TRUE);
+ if (hmac == NULL) {
+ PORT_Memset(keyHash, 0, sizeof(keyHash));
+ return NULL;
+ }
+ HMAC_Begin(hmac);
+ HMAC_Update(hmac, input, inputLen);
+ rv = HMAC_Finish(hmac, keyHash, &keyLen, sizeof(keyHash));
+ if (rv != SECSuccess) {
+ PORT_Memset(keyHash, 0, sizeof(keyHash));
+ HMAC_Destroy(hmac, PR_TRUE);
+ return NULL;
+ }
+ /* Finally set the new key into the hash context. We
+ * reuse the original context allocated above so we don't
+ * need to allocate and free another one */
+ rv = HMAC_ReInit(hmac, hash, keyHash, keyLen, PR_TRUE);
+ PORT_Memset(keyHash, 0, sizeof(keyHash));
+ if (rv != SECSuccess) {
+ HMAC_Destroy(hmac, PR_TRUE);
+ return NULL;
+ }
+
+ return hmac;
+}
+
+static SECStatus
+rsa_HMACPrf(HMACContext *hmac, const char *label, int labelLen,
+ int hashLength, unsigned char *output, int length)
+{
+ unsigned char iterator[2] = { 0, 0 };
+ unsigned char encodedLen[2] = { 0, 0 };
+ unsigned char hmacLast[HASH_LENGTH_MAX];
+ unsigned int left = length;
+ unsigned int hashReturn;
+ SECStatus rv = SECSuccess;
+
+ /* encodedLen is in bits, length is in bytes, thus the shifts
+ * do an implied multiply by 8 */
+ encodedLen[0] = (length >> 5) & 0xff;
+ encodedLen[1] = (length << 3) & 0xff;
+
+ while (left > hashLength) {
+ HMAC_Begin(hmac);
+ HMAC_Update(hmac, iterator, 2);
+ HMAC_Update(hmac, (const unsigned char *)label, labelLen);
+ HMAC_Update(hmac, encodedLen, 2);
+ rv = HMAC_Finish(hmac, output, &hashReturn, hashLength);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ iterator[1]++;
+ if (iterator[1] == 0)
+ iterator[0]++;
+ left -= hashLength;
+ output += hashLength;
+ }
+ if (left) {
+ HMAC_Begin(hmac);
+ HMAC_Update(hmac, iterator, 2);
+ HMAC_Update(hmac, (const unsigned char *)label, labelLen);
+ HMAC_Update(hmac, encodedLen, 2);
+ rv = HMAC_Finish(hmac, hmacLast, &hashReturn, sizeof(hmacLast));
+ if (rv != SECSuccess) {
+ return rv;
+ }
+ PORT_Memcpy(output, hmacLast, left);
+ PORT_Memset(hmacLast, 0, sizeof(hmacLast));
+ }
+ return rv;
+}
+
+/* This function takes an input number and
+ * creates the smallest mask which covers
+ * the whole number. Examples:
+ * 0x81 -> 0xff
+ * 0x1af -> 0x1ff
+ * 0x4d1 -> 0x7ff
+ */
+static int
+makeMask16(int len)
+{
+ // or the high bit in each bit location
+ len |= (len >> 1);
+ len |= (len >> 2);
+ len |= (len >> 4);
+ len |= (len >> 8);
+ return len;
+}
+
+#define STRING_AND_LENGTH(s) s, sizeof(s) - 1
+static int
+rsa_GetErrorLength(HMACContext *hmac, int hashLen, int maxLegalLen)
+{
+ unsigned char out[128 * 2];
+ unsigned char *outp;
+ int outLength = 0;
+ int lengthMask;
+ SECStatus rv;
+
+ lengthMask = makeMask16(maxLegalLen);
+ rv = rsa_HMACPrf(hmac, STRING_AND_LENGTH("length"), hashLen,
+ out, sizeof(out));
+ if (rv != SECSuccess) {
+ return -1;
+ }
+ for (outp = out; outp < out + sizeof(out); outp += 2) {
+ int candidate = outp[0] << 8 | outp[1];
+ candidate = candidate & lengthMask;
+ outLength = PORT_CT_SEL(PORT_CT_LT(candidate, maxLegalLen),
+ candidate, outLength);
+ }
+ PORT_Memset(out, 0, sizeof(out));
+ return outLength;
+}
+
+/*
+ * This function can only fail in environmental cases: Programming errors
+ * and out of memory situations. It can't fail if the keys are valid and
+ * the inputs are the proper size. If the actual RSA decryption fails, then
+ * and generated return value is returned based on the key and input.
+ * Applications are expected to detect decryption failures based on the fact
+ * that the decrypted value (usually a key) doesn't validate. The prevents
+ * Blecheinbaucher style attacks against the key. */
SECStatus
RSA_DecryptBlock(RSAPrivateKey *key,
unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen)
{
- PRInt8 rv;
+ SECStatus rv;
+ PRUint32 fail;
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
unsigned int i;
unsigned char *buffer = NULL;
- unsigned int outLen = 0;
- unsigned int copyOutLen = modulusLen - 11;
+ unsigned char *errorBuffer = NULL;
+ unsigned char *bp = NULL;
+ unsigned char *ep = NULL;
+ unsigned int outLen = modulusLen;
+ unsigned int maxLegalLen = modulusLen - 10;
+ unsigned int errorLength;
+ const SECHashObject *hashObj;
+ HMACContext *hmac = NULL;
+ /* failures in the top section indicate failures in the environment
+ * (memory) or the library. OK to return errors in these cases because
+ * it doesn't provide any oracle information to attackers. */
if (inputLen != modulusLen || modulusLen < 10) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- if (copyOutLen > maxOutputLen) {
- copyOutLen = maxOutputLen;
+ /* Allocate enough space to decrypt */
+ buffer = PORT_ZAlloc(modulusLen);
+ if (!buffer) {
+ goto loser;
+ }
+ errorBuffer = PORT_ZAlloc(modulusLen);
+ if (!errorBuffer) {
+ goto loser;
+ }
+ hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
+ if (hashObj == NULL) {
+ goto loser;
}
- // Allocate enough space to decrypt + copyOutLen to allow copying outLen later.
- buffer = PORT_ZAlloc(modulusLen + 1 + copyOutLen);
- if (!buffer) {
- return SECFailure;
+ /* calculate the values to return in the error case rather than
+ * the actual returned values. This data is the same for the
+ * same input and private key. */
+ hmac = rsa_GetHMACContext(hashObj, key, input, inputLen);
+ if (hmac == NULL) {
+ goto loser;
+ }
+ errorLength = rsa_GetErrorLength(hmac, hashObj->length, maxLegalLen);
+ if (((int)errorLength) < 0) {
+ goto loser;
+ }
+ /* we always have to generate a full moduluslen error string. Otherwise
+ * we create a timing dependency on errorLength, which could be used to
+ * determine the difference between errorLength and outputLen and tell
+ * us that there was a pkcs1 decryption failure */
+ rv = rsa_HMACPrf(hmac, STRING_AND_LENGTH("message"),
+ hashObj->length, errorBuffer, modulusLen);
+ if (rv != SECSuccess) {
+ goto loser;
}
- // rv is 0 if everything is going well and 1 if an error occurs.
- rv = RSA_PrivateKeyOp(key, buffer, input) != SECSuccess;
- rv |= (buffer[0] != RSA_BLOCK_FIRST_OCTET) |
- (buffer[1] != (unsigned char)RSA_BlockPublic);
+ HMAC_Destroy(hmac, PR_TRUE);
+ hmac = NULL;
- // There have to be at least 8 bytes of padding.
+ /* From here on out, we will always return success. If there is
+ * an error, we will return deterministic output based on the key
+ * and the input data. */
+ rv = RSA_PrivateKeyOp(key, buffer, input);
+
+ fail = PORT_CT_NE(rv, SECSuccess);
+ fail |= PORT_CT_NE(buffer[0], RSA_BLOCK_FIRST_OCTET) | PORT_CT_NE(buffer[1], RSA_BlockPublic);
+
+ /* There have to be at least 8 bytes of padding. */
for (i = 2; i < 10; i++) {
- rv |= buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET;
+ fail |= PORT_CT_EQ(buffer[i], RSA_BLOCK_AFTER_PAD_OCTET);
}
for (i = 10; i < modulusLen; i++) {
unsigned int newLen = modulusLen - i - 1;
- unsigned int c = (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) & (outLen == 0);
- outLen = constantTimeCondition(c, newLen, outLen);
+ PRUint32 condition = PORT_CT_EQ(buffer[i], RSA_BLOCK_AFTER_PAD_OCTET) & PORT_CT_EQ(outLen, modulusLen);
+ outLen = PORT_CT_SEL(condition, newLen, outLen);
}
- rv |= outLen == 0;
- rv |= outLen > maxOutputLen;
+ // this can only happen if a zero wasn't found above
+ fail |= PORT_CT_GE(outLen, modulusLen);
+
+ outLen = PORT_CT_SEL(fail, errorLength, outLen);
+
+ /* index into the correct buffer. Do it before we truncate outLen if the
+ * application was asking for less data than we can return */
+ bp = buffer + modulusLen - outLen;
+ ep = errorBuffer + modulusLen - outLen;
- // Note that output is set even if SECFailure is returned.
- PORT_Memcpy(output, buffer + modulusLen - outLen, copyOutLen);
- *outputLen = constantTimeCondition(outLen > maxOutputLen, maxOutputLen,
- outLen);
+ /* at this point, outLen returns no information about decryption failures,
+ * no need to hide it's value. maxOutputLen is how much data the
+ * application is expecting, which is also not sensitive. */
+ if (outLen > maxOutputLen) {
+ outLen = maxOutputLen;
+ }
+
+ /* we can't use PORT_Memcpy because caching could create a time dependency
+ * on the status of fail. */
+ for (i = 0; i < outLen; i++) {
+ output[i] = PORT_CT_SEL(fail, ep[i], bp[i]);
+ }
+
+ *outputLen = outLen;
PORT_Free(buffer);
+ PORT_Free(errorBuffer);
- for (i = 1; i < sizeof(rv) * 8; i <<= 1) {
- rv |= rv << i;
+ return SECSuccess;
+
+loser:
+ if (hmac) {
+ HMAC_Destroy(hmac, PR_TRUE);
}
- return (SECStatus)rv;
+ PORT_Free(buffer);
+ PORT_Free(errorBuffer);
+
+ return SECFailure;
}
/*
* Encode a RSA-PSS signature.
* Described in RFC 3447, section 9.1.1.
* We use mHash instead of M as input.
* emBits from the RFC is just modBits - 1, see section 8.1.1.
* We only support MGF1 as the MGF.