diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2020-12-18 09:24:50 -0800 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2020-12-18 09:24:50 -0800 |
| commit | 12aee4d4646e475f3d3e795a1a3f0690520a8723 (patch) | |
| tree | 25ee67508d59209dc5ce0a3fa19296070892b4e8 /gtests/common | |
| parent | dc15f1596ab13dd1372a9bf2b08826b05b3e7d88 (diff) | |
| download | nss-hg-12aee4d4646e475f3d3e795a1a3f0690520a8723.tar.gz | |
Bug 1651411 New tlsfuzzer code can still detect timing issues in RSA operations.
This patch defeats Bleichenbacher by not trying to hide the size of the
decrypted text, but to hide if the text succeeded for failed. This is done
by generating a fake returned text that's based on the key and the cipher text,
so the fake data is always the same for the same key and cipher text. Both the
length and the plain text are generated with a prf.
Here's the proposed spec the patch codes to:
1. Use SHA-256 to hash the private exponent encoded as a big-endian integer to a string the same length as the public modulus. Keep this value secret. (this is just an optimisation so that the implementation doesn't have to serialise the key over and over again)
2. Check the length of input according to step one of https://tools.ietf.org/html/rfc8017#section-7.2.2
3. When provided with a ciphertext, use SHA-256 HMAC(key=hash_from_step1, text=ciphertext) to generate the key derivation key
4. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "length" with the big-endian representation of 2048 (0x0800) as the bit length of the generated string.
- Iterate this PRF 8 times to generate a 256 byte string
5. initialise the length of synthetic message to 0
6. split the PRF output into 2 byte strings, convert into big-endian integers, zero-out high-order bits so that they have the same bit length as the octet length of the maximum acceptable message size (k-11), select the last integer that is no larger than (k-11) or remain at 0 if no integer is smaller than (k-11); this selection needs to be performed using a side-channel free operators
7. Use SHA-256 HMAC with key derivation key as the key and a two-byte big-endian iterator concatenated with byte string "message" with the big-endian representation of k*8
- use this PRF to generate k bytes of output (right-truncate last HMAC call if the number of generated bytes is not a multiple of SHA-256 output size)
8. perform the RSA decryption as described in step 2 of section 7.2.2 of rfc8017
9. Verify the EM message padding as described in step 3 of section 7.2.2 of rfc8017, but instead of outputting "decryption error", return the last l bytes of the "message" PRF, when l is the selected synthetic message length using the "length" PRF, make this decision and copy using side-channel free operation
Differential Revision: https://phabricator.services.mozilla.com/D99843
Diffstat (limited to 'gtests/common')
| -rw-r--r-- | gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h | 1270 | ||||
| -rw-r--r-- | gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h | 1231 | ||||
| -rw-r--r-- | gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h | 527 |
3 files changed, 2837 insertions, 191 deletions
diff --git a/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h b/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h index a375b943b..3c93312f5 100644 --- a/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h +++ b/gtests/common/testvectors/rsa_pkcs1_2048_test-vectors.h @@ -3444,6 +3444,216 @@ static const std::vector<uint8_t> priv_key_32{ 0x8c, 0x71, 0x8b, 0xf9, 0x74, 0xf5, 0xb7, 0x3c, 0xcb, 0xd8, 0x08, 0xd1, 0x24, 0x8c, 0x8f, 0x5c, 0xae}; +/* 2048 bit key from Hubert's Bleichenbacher tests */ +static const std::vector<uint8_t> priv_key_1b{ + 0x30, 0x82, 0x04, 0xbd, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x04, 0xa7, 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xc8, 0xcc, 0x83, 0x97, 0x14, 0x09, 0x8d, 0xa5, 0x6c, 0xaa, + 0x23, 0x64, 0x0f, 0x93, 0xdc, 0x89, 0x97, 0xc1, 0x63, 0x72, 0x96, 0x8f, + 0xc1, 0xb0, 0xc6, 0xdf, 0x51, 0x13, 0xc1, 0xc9, 0x4e, 0x8b, 0x21, 0xe4, + 0x8a, 0xd2, 0x29, 0x7e, 0x65, 0x41, 0x90, 0x11, 0xb4, 0xe6, 0xd8, 0xf5, + 0xe7, 0x3b, 0x1b, 0x78, 0xb2, 0x57, 0x40, 0x03, 0x21, 0xd1, 0xef, 0x6b, + 0x60, 0x2d, 0x4e, 0xc8, 0xce, 0x8d, 0x14, 0x1c, 0x94, 0x90, 0x5e, 0xb4, + 0xad, 0x30, 0x66, 0x39, 0xa4, 0x92, 0x06, 0x53, 0x4b, 0x6e, 0x7f, 0x26, + 0x07, 0x42, 0x3e, 0x97, 0xdf, 0xfd, 0x13, 0x3c, 0x88, 0xd7, 0x21, 0x39, + 0x9d, 0xef, 0xbc, 0x7e, 0x96, 0xcc, 0xdc, 0xbd, 0x7f, 0x3a, 0xae, 0x1f, + 0xe8, 0x92, 0x71, 0x2b, 0xfb, 0x49, 0x29, 0x81, 0x7d, 0x51, 0x16, 0x66, + 0x44, 0x0a, 0x1f, 0xac, 0xb7, 0xa2, 0x08, 0xf5, 0xea, 0x16, 0x59, 0x10, + 0xad, 0xd8, 0xa3, 0xf2, 0xd4, 0x97, 0x20, 0x23, 0x60, 0xcc, 0xb6, 0x32, + 0x02, 0x4f, 0x0d, 0x07, 0x16, 0x9c, 0x19, 0x18, 0xf3, 0x16, 0xf7, 0x94, + 0xb1, 0x43, 0xae, 0xf5, 0x4e, 0xc8, 0x75, 0x22, 0xa4, 0xc0, 0x29, 0x78, + 0xf9, 0x68, 0x99, 0x80, 0xbf, 0xfb, 0xf6, 0x49, 0xc3, 0x07, 0xe8, 0x18, + 0x19, 0xbf, 0xf8, 0x84, 0x09, 0x63, 0x8d, 0x48, 0xbd, 0x94, 0xbe, 0x15, + 0x2b, 0x59, 0xff, 0x64, 0x9f, 0xa0, 0xbd, 0x62, 0x9d, 0x0f, 0xfa, 0x18, + 0x13, 0xc3, 0xab, 0xf4, 0xb5, 0x6b, 0xd3, 0xc2, 0xea, 0x54, 0x65, 0xdf, + 0xfa, 0x14, 0x58, 0x92, 0x92, 0xa9, 0xd8, 0xa2, 0x4a, 0xd2, 0x6b, 0xe7, + 0xee, 0x05, 0x10, 0x74, 0x1b, 0x63, 0x82, 0xd4, 0x3c, 0x83, 0xd5, 0xbf, + 0xa4, 0x0a, 0x46, 0x61, 0x3d, 0x06, 0x2b, 0xe4, 0x45, 0x51, 0x7d, 0xbc, + 0xaf, 0x0c, 0xb4, 0xe1, 0xa7, 0x69, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, + 0x82, 0x01, 0x00, 0x14, 0x55, 0x01, 0x0e, 0x0f, 0x2d, 0x58, 0x76, 0x63, + 0xa6, 0x66, 0xa6, 0xff, 0x1c, 0xcd, 0xbb, 0xf0, 0xed, 0xd8, 0x10, 0x06, + 0x46, 0xd0, 0x2a, 0x02, 0x39, 0x22, 0x90, 0x89, 0x92, 0xc4, 0xad, 0x39, + 0xe5, 0x56, 0x59, 0x29, 0x72, 0x6e, 0xf6, 0x50, 0x8c, 0x3a, 0x71, 0x15, + 0x8e, 0xf0, 0xb6, 0xff, 0x75, 0x1d, 0x39, 0xd0, 0x75, 0x80, 0xbb, 0x2d, + 0x2f, 0x06, 0x32, 0x10, 0x44, 0x2d, 0x06, 0x03, 0xff, 0x50, 0xdb, 0xbd, + 0x7b, 0x35, 0xfe, 0x2c, 0x9b, 0xb1, 0x9a, 0x47, 0xa1, 0xaf, 0x85, 0xa4, + 0xc2, 0x49, 0x01, 0xe0, 0x2c, 0xa8, 0xb5, 0x8b, 0x79, 0x19, 0xb2, 0x0e, + 0xdf, 0x32, 0xaa, 0xcf, 0xbf, 0x51, 0xad, 0xb4, 0xbc, 0x4b, 0x61, 0xb9, + 0xb7, 0xe9, 0x68, 0xca, 0xa4, 0xd5, 0x70, 0xf7, 0x0e, 0xf1, 0x8d, 0x80, + 0x63, 0x22, 0x88, 0x93, 0xe4, 0x7d, 0x43, 0x9e, 0xfc, 0xa7, 0x93, 0x25, + 0x9b, 0xcf, 0x2c, 0xd1, 0x08, 0xa3, 0xd8, 0x68, 0x8c, 0xdf, 0x07, 0x8e, + 0x7a, 0xc7, 0x99, 0x96, 0x9f, 0x23, 0x39, 0xd2, 0xc1, 0xf5, 0x22, 0xb9, + 0x69, 0x68, 0x46, 0x29, 0xa9, 0x33, 0xba, 0xae, 0xc2, 0x68, 0x16, 0x25, + 0xea, 0xb8, 0x4f, 0x4e, 0x56, 0xf4, 0x44, 0x7e, 0x9d, 0x88, 0xfb, 0x9a, + 0x19, 0x9c, 0xf7, 0x10, 0x23, 0xe0, 0xe2, 0x57, 0xb1, 0x44, 0x41, 0xb3, + 0x3c, 0x84, 0xd3, 0xbc, 0x67, 0xca, 0x80, 0x31, 0xd2, 0x61, 0x26, 0x18, + 0x10, 0x3a, 0x7a, 0x0a, 0x40, 0x84, 0x42, 0x62, 0xf7, 0x5d, 0x88, 0x90, + 0xcd, 0x61, 0x6e, 0x51, 0xf9, 0x03, 0x54, 0x88, 0xfd, 0x6e, 0x09, 0x9d, + 0xe8, 0xff, 0x6d, 0x65, 0xa4, 0xff, 0x11, 0x82, 0x54, 0x80, 0x7c, 0x9f, + 0x58, 0xd2, 0xfb, 0xba, 0x8b, 0xa1, 0x51, 0xdc, 0x8c, 0x68, 0xbe, 0x34, + 0x9c, 0x97, 0x7a, 0x20, 0x4e, 0x04, 0xc1, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xf5, 0xad, 0x6b, 0xa8, 0x28, 0x93, 0x1b, 0xea, 0x45, 0x9b, 0x8a, 0x3f, + 0x6d, 0xc0, 0x41, 0xd2, 0x34, 0x82, 0x40, 0x9c, 0x25, 0x71, 0xe9, 0x63, + 0xf3, 0x1f, 0x74, 0x86, 0x02, 0xa2, 0x56, 0x37, 0x1b, 0x38, 0x83, 0xed, + 0x45, 0x9e, 0xcf, 0x97, 0x05, 0x26, 0x45, 0x9e, 0xdd, 0x16, 0xe0, 0x55, + 0x22, 0xf5, 0xa4, 0x5d, 0x94, 0x75, 0x1b, 0x2e, 0xc2, 0xda, 0xf2, 0x72, + 0xc7, 0xf8, 0x81, 0x6a, 0x52, 0xc0, 0x0d, 0x18, 0x08, 0x01, 0x71, 0x63, + 0x4d, 0xa8, 0x99, 0xd7, 0x97, 0x32, 0x22, 0xf5, 0x1b, 0x93, 0x76, 0x30, + 0x54, 0x86, 0x96, 0xa9, 0xf7, 0xd8, 0xc2, 0x4a, 0x59, 0x49, 0x7c, 0x1e, + 0xfc, 0xd4, 0x55, 0xcf, 0xb9, 0x7e, 0xe8, 0x6d, 0x2b, 0x6d, 0x34, 0x97, + 0x2b, 0x33, 0x2f, 0xda, 0x30, 0x3f, 0x04, 0x99, 0x9b, 0x4e, 0xb6, 0xb5, + 0xcc, 0x0b, 0xb3, 0x3e, 0x77, 0x61, 0xdd, 0x02, 0x81, 0x81, 0x00, 0xce, + 0x7a, 0x2e, 0x3b, 0x49, 0xa9, 0x0b, 0x96, 0x33, 0x0a, 0x12, 0xdc, 0x68, + 0x2b, 0xdf, 0xbd, 0xfb, 0xae, 0x8d, 0xd6, 0xdc, 0x03, 0xb6, 0x14, 0x7a, + 0xef, 0xbd, 0x57, 0x57, 0x43, 0xf0, 0xf6, 0xda, 0x4d, 0x86, 0x23, 0x50, + 0x61, 0xb7, 0x1a, 0xfd, 0x9c, 0xad, 0x2d, 0x34, 0x02, 0x5e, 0x56, 0xac, + 0x86, 0xb0, 0xf7, 0x74, 0x3e, 0xb3, 0x5e, 0x1a, 0xcb, 0xca, 0x23, 0x78, + 0x95, 0x42, 0x44, 0x65, 0xb7, 0x06, 0xed, 0x22, 0x17, 0x5e, 0x57, 0x18, + 0xc8, 0xc7, 0x0b, 0x67, 0x03, 0xea, 0x8f, 0x6b, 0x51, 0x0f, 0x94, 0x5b, + 0xe4, 0x8e, 0x5a, 0x36, 0xbb, 0x3c, 0x3c, 0x91, 0x73, 0x2b, 0x58, 0x9d, + 0xfc, 0x05, 0xd7, 0x2d, 0x80, 0x90, 0x31, 0x94, 0x45, 0x2b, 0xda, 0x21, + 0x34, 0x86, 0x47, 0xec, 0x72, 0x94, 0x3f, 0x11, 0xa8, 0x46, 0xe6, 0x2f, + 0xae, 0xbe, 0x8e, 0xb5, 0x36, 0xb0, 0xfd, 0x02, 0x81, 0x80, 0x76, 0xfe, + 0x15, 0xf1, 0x8a, 0xe2, 0x39, 0xcd, 0xf1, 0xdf, 0x6b, 0x44, 0x5c, 0xa4, + 0xbc, 0x6b, 0xb9, 0x68, 0xd7, 0x88, 0xc2, 0x19, 0x33, 0xa4, 0xf5, 0xdc, + 0xd2, 0x80, 0x03, 0x3d, 0x67, 0x12, 0x06, 0x2c, 0xc0, 0x8a, 0x6d, 0xf2, + 0x04, 0xc1, 0xfb, 0xd0, 0xbe, 0x46, 0x30, 0x74, 0x43, 0xe6, 0xdd, 0x4a, + 0x64, 0x56, 0x37, 0x54, 0x29, 0xd4, 0xe0, 0x38, 0xca, 0x25, 0x6f, 0xaf, + 0x1c, 0x9b, 0xde, 0x91, 0xc6, 0xb1, 0x7b, 0x76, 0xf8, 0x19, 0x95, 0xf9, + 0x1c, 0x48, 0xcb, 0xbe, 0xbc, 0x7b, 0xf0, 0xe3, 0x49, 0x4c, 0x08, 0x35, + 0x9e, 0x4e, 0x8c, 0xd6, 0xa5, 0x87, 0xd7, 0xb9, 0x6d, 0x62, 0x21, 0xfd, + 0x7e, 0x0f, 0xb5, 0xc5, 0x57, 0x5f, 0x08, 0x2e, 0xe5, 0x77, 0x69, 0x79, + 0x80, 0x71, 0xb2, 0xbb, 0xb4, 0xa3, 0x22, 0x38, 0x15, 0x1b, 0x47, 0x31, + 0x4b, 0xb6, 0x54, 0x79, 0x03, 0x11, 0x02, 0x81, 0x81, 0x00, 0x99, 0x88, + 0x48, 0xb0, 0x55, 0x49, 0x9a, 0x10, 0x09, 0xcb, 0xc7, 0xd2, 0x94, 0xb3, + 0x6b, 0x1f, 0xfd, 0xf2, 0x02, 0x0e, 0x6e, 0x73, 0x64, 0x05, 0x3e, 0x94, + 0xde, 0x1a, 0x00, 0x0d, 0xc9, 0x34, 0x05, 0x87, 0xf7, 0xe2, 0x72, 0x76, + 0xf6, 0x8c, 0xdf, 0x60, 0x8d, 0x75, 0x3b, 0x63, 0x37, 0x7b, 0x03, 0xb6, + 0xf4, 0x08, 0x4d, 0x2c, 0x02, 0x7c, 0x4b, 0x38, 0x96, 0x0a, 0x62, 0x33, + 0xba, 0x9e, 0xd9, 0x73, 0x8b, 0x76, 0xf1, 0x0e, 0xa7, 0x5b, 0xe4, 0x56, + 0x07, 0x8b, 0xf7, 0x01, 0xf6, 0x7c, 0xc6, 0xb3, 0xf3, 0xfd, 0xc1, 0x86, + 0xe6, 0x43, 0x36, 0xc7, 0x6b, 0x37, 0x2e, 0x80, 0x91, 0x0e, 0xc8, 0x0b, + 0x0a, 0xdc, 0xc2, 0x3d, 0x02, 0xfb, 0x9a, 0xe1, 0x04, 0x86, 0xa2, 0x82, + 0x48, 0x07, 0x5b, 0x4e, 0xa7, 0xe5, 0x6d, 0xdf, 0xcf, 0x38, 0x82, 0xe4, + 0x51, 0x56, 0x14, 0x71, 0xa2, 0x91, 0x02, 0x81, 0x80, 0x64, 0x3b, 0xf7, + 0x46, 0x42, 0x9f, 0x7d, 0x83, 0x66, 0x7a, 0x06, 0x53, 0x02, 0x13, 0x47, + 0xef, 0xbf, 0xc0, 0x5e, 0x63, 0x51, 0xf8, 0x21, 0xa9, 0xde, 0xbb, 0x60, + 0xe0, 0xec, 0xcd, 0xe5, 0x00, 0x5a, 0xd9, 0xe9, 0xec, 0x31, 0xe5, 0x58, + 0xf7, 0xe9, 0x2c, 0x29, 0x32, 0x8e, 0x74, 0x56, 0x9d, 0x7c, 0xef, 0x7c, + 0x74, 0xca, 0xbc, 0x2b, 0x35, 0x5e, 0xd4, 0x01, 0xa1, 0xa0, 0x91, 0x4b, + 0x4e, 0x3c, 0xbb, 0x06, 0x48, 0x4e, 0x58, 0x19, 0x60, 0x51, 0x16, 0x9e, + 0xd1, 0x4c, 0xaa, 0x2e, 0xfa, 0x6e, 0xa0, 0x44, 0xe0, 0x54, 0xd2, 0x61, + 0x44, 0xcc, 0x16, 0x29, 0xc5, 0x50, 0x10, 0x55, 0x8a, 0x04, 0xe1, 0x33, + 0xf4, 0x4b, 0x7c, 0x24, 0x4d, 0xac, 0x25, 0xbf, 0x91, 0x3c, 0x57, 0xb8, + 0x90, 0xee, 0x49, 0xf5, 0x48, 0x25, 0x9c, 0xd6, 0x34, 0x04, 0xfe, 0xf6, + 0x85, 0x9d, 0xcf, 0x97, 0x5a}; + +/* 2049 bit key from Hubert's Bleichenbacher tests */ +static const std::vector<uint8_t> priv_key_2b{ + 0x30, 0x82, 0x04, 0xbf, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x04, 0xa9, 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x01, 0x01, 0x55, 0xf8, 0x89, 0x55, 0x6a, 0x17, 0x75, 0xf1, 0xc7, 0xa7, + 0x78, 0x6a, 0x50, 0xb1, 0x8b, 0xc2, 0x8c, 0x9e, 0x98, 0x6e, 0xde, 0x56, + 0x67, 0xca, 0xb3, 0x9b, 0x84, 0x12, 0x4e, 0x90, 0xeb, 0xa7, 0x5c, 0x1d, + 0xb0, 0x83, 0xac, 0x3e, 0x44, 0x3b, 0xba, 0x94, 0xdc, 0x23, 0x56, 0x0f, + 0x75, 0xe3, 0xa8, 0x16, 0x93, 0xa2, 0xa4, 0x3b, 0xdc, 0x74, 0x26, 0xd8, + 0xc4, 0xea, 0xfe, 0x68, 0xc8, 0x5d, 0xe0, 0xfe, 0x75, 0x7f, 0x6e, 0x49, + 0xbb, 0x9e, 0xd4, 0x47, 0xe6, 0x02, 0x43, 0x08, 0x00, 0xdb, 0xb0, 0x4c, + 0xeb, 0x22, 0xe7, 0xfa, 0x57, 0xa1, 0x8d, 0x33, 0x8f, 0xb6, 0x60, 0x26, + 0xcd, 0xb4, 0x67, 0xe7, 0x0c, 0xc0, 0x40, 0xe7, 0xd3, 0x67, 0xef, 0x40, + 0x3c, 0x7b, 0xf1, 0xe3, 0xdf, 0x62, 0x46, 0x50, 0x09, 0x46, 0x31, 0xf2, + 0x1e, 0xaf, 0xd2, 0xfb, 0x5b, 0xc9, 0x15, 0xff, 0x04, 0x37, 0x9a, 0xcd, + 0x11, 0x12, 0xf7, 0x32, 0xc0, 0xb4, 0x66, 0x07, 0xc1, 0x78, 0xd3, 0x8a, + 0x20, 0xf5, 0x2e, 0xda, 0x50, 0x9f, 0x2f, 0x9c, 0x04, 0x05, 0xd5, 0x10, + 0x69, 0xe8, 0x0c, 0xcf, 0x94, 0x15, 0x54, 0xd0, 0x47, 0x04, 0x67, 0x50, + 0x5c, 0x3c, 0xf5, 0x41, 0xea, 0x08, 0x97, 0xdf, 0xc9, 0xf4, 0x00, 0xce, + 0xcb, 0x29, 0x8f, 0xfc, 0x75, 0x33, 0x72, 0xd9, 0xf6, 0x93, 0x3a, 0xf1, + 0x74, 0xcc, 0x40, 0xed, 0x96, 0xd4, 0x67, 0x03, 0x17, 0x33, 0xb9, 0x7f, + 0x8c, 0xdd, 0xd3, 0xf9, 0x2b, 0xc3, 0xa0, 0x3e, 0xa8, 0x57, 0x6c, 0x41, + 0x7f, 0x24, 0x00, 0x7b, 0x5e, 0x4f, 0x75, 0x01, 0x10, 0x5b, 0x54, 0x4d, + 0xe9, 0xfa, 0xdc, 0xdf, 0xfa, 0xdf, 0x98, 0xdf, 0xb4, 0xbb, 0x05, 0xb8, + 0x19, 0x9f, 0x3f, 0x85, 0xac, 0xfd, 0x91, 0xf7, 0xa9, 0xa0, 0x94, 0xb9, + 0xa3, 0x83, 0xf5, 0x04, 0x90, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, + 0x82, 0x01, 0x01, 0x01, 0x19, 0xc2, 0xb3, 0xf5, 0x0a, 0x7a, 0xd6, 0x15, + 0x26, 0x79, 0xd7, 0xff, 0x51, 0x09, 0x58, 0xac, 0x2d, 0x8c, 0xa6, 0xf0, + 0x02, 0x85, 0x92, 0xf3, 0x32, 0xd5, 0x5a, 0x16, 0x73, 0x61, 0x78, 0xa8, + 0xe6, 0x7f, 0x17, 0xe7, 0x05, 0xce, 0x30, 0x0e, 0x3e, 0x87, 0x54, 0x72, + 0x51, 0x00, 0x60, 0x13, 0xf9, 0x74, 0xd0, 0xa3, 0xdb, 0x49, 0xef, 0x34, + 0x4c, 0xa5, 0xa2, 0x6a, 0x34, 0xc0, 0x45, 0x07, 0x04, 0xd0, 0xe4, 0x22, + 0xe0, 0xce, 0x23, 0xa6, 0x94, 0x25, 0xc1, 0x5f, 0xef, 0xb6, 0xf2, 0x6e, + 0x10, 0x6e, 0xef, 0xf6, 0x4c, 0xc8, 0xb9, 0xd7, 0x44, 0x2e, 0x4d, 0xa4, + 0xe8, 0xc8, 0x50, 0x08, 0xea, 0xeb, 0x36, 0x58, 0x59, 0xa2, 0x29, 0x4f, + 0xa3, 0x93, 0x7b, 0xc2, 0x6b, 0xe5, 0x63, 0x32, 0xe7, 0xd8, 0x1e, 0x2c, + 0x16, 0x0e, 0xf6, 0x35, 0xcc, 0x52, 0x8a, 0xa7, 0xbe, 0x55, 0xe6, 0x33, + 0xa7, 0x23, 0xdb, 0xc1, 0xe1, 0x6b, 0xa2, 0x9e, 0x52, 0xb2, 0x9a, 0xef, + 0x2f, 0x9e, 0x56, 0x54, 0xfd, 0xc0, 0x66, 0x6b, 0xb0, 0xfc, 0x25, 0x4a, + 0xcb, 0xe8, 0x0e, 0x63, 0x87, 0x4f, 0x0f, 0x5f, 0x02, 0x07, 0x82, 0xe3, + 0xc9, 0xdc, 0xfc, 0x25, 0x20, 0xd0, 0xc9, 0xc4, 0xa7, 0xb6, 0x34, 0xe4, + 0x50, 0x3f, 0xbb, 0x49, 0x3e, 0x1a, 0xaf, 0xee, 0xb3, 0xf8, 0x8b, 0xd7, + 0xa1, 0x33, 0x98, 0x72, 0x5d, 0xae, 0x6f, 0xe3, 0x99, 0xe7, 0x75, 0xcd, + 0x5d, 0x4c, 0xf0, 0x9f, 0xc8, 0x38, 0x34, 0x7c, 0x4c, 0x98, 0xda, 0xb1, + 0xa4, 0x88, 0x3c, 0xce, 0x62, 0x05, 0x13, 0x61, 0x5a, 0xfa, 0xa1, 0x0a, + 0x63, 0x36, 0x8e, 0x6d, 0x7b, 0x79, 0xdf, 0x41, 0x66, 0xab, 0x16, 0x27, + 0x39, 0xef, 0x51, 0x5a, 0x44, 0x02, 0xee, 0x1e, 0x06, 0x01, 0xc5, 0xa5, + 0x5b, 0xc7, 0x1d, 0xf0, 0xe3, 0x0e, 0xdf, 0x81, 0x02, 0x81, 0x81, 0x01, + 0x88, 0xf6, 0x93, 0x60, 0xf0, 0x1e, 0x18, 0xd9, 0xa2, 0xde, 0x29, 0x52, + 0x53, 0xd2, 0x52, 0xc3, 0x1e, 0x44, 0x76, 0xce, 0xa5, 0xff, 0x7b, 0xf8, + 0x41, 0x3d, 0xf7, 0xfd, 0xe3, 0x56, 0x52, 0x3c, 0xdc, 0x97, 0x68, 0x05, + 0xf8, 0x4f, 0xc0, 0xdd, 0xec, 0x77, 0x0d, 0xf0, 0x6c, 0xed, 0x06, 0x5c, + 0x81, 0x13, 0x48, 0x75, 0x4b, 0x34, 0x6a, 0xf1, 0x69, 0x75, 0x68, 0x77, + 0xfd, 0x3b, 0x3d, 0x56, 0x86, 0x82, 0xc8, 0x78, 0x7d, 0x0b, 0x31, 0x4e, + 0xf6, 0xac, 0x67, 0xd6, 0x5e, 0x81, 0x33, 0x39, 0x8b, 0x62, 0xa0, 0x83, + 0xc0, 0xf8, 0x76, 0x5c, 0x5a, 0xd4, 0x0d, 0x5a, 0x81, 0xf9, 0xbb, 0xdc, + 0xe2, 0x52, 0x7e, 0xd7, 0xe9, 0x50, 0x08, 0xcb, 0x10, 0x29, 0xcb, 0x4c, + 0xab, 0xd1, 0xf9, 0xe9, 0xbe, 0xdf, 0xc2, 0x86, 0xc9, 0x65, 0x52, 0x25, + 0x5d, 0xa7, 0xea, 0xb1, 0x92, 0x17, 0x8e, 0xf7, 0x02, 0x81, 0x81, 0x00, + 0xde, 0xc7, 0xcf, 0x11, 0xda, 0xde, 0x83, 0xa4, 0xc4, 0x3d, 0x2f, 0x80, + 0x19, 0x7f, 0x21, 0xfd, 0x5d, 0x46, 0xfd, 0x57, 0xb4, 0x31, 0xf4, 0x4f, + 0xe8, 0x1a, 0x1d, 0xe3, 0x7f, 0x6a, 0x09, 0x1f, 0xfc, 0x04, 0x64, 0xed, + 0x97, 0x1d, 0xc8, 0x50, 0x88, 0x35, 0xad, 0xe6, 0xcc, 0x5f, 0x56, 0x6f, + 0x39, 0x65, 0x61, 0x3a, 0x8b, 0x36, 0x79, 0x8c, 0x92, 0xe6, 0xe2, 0x3f, + 0x52, 0xef, 0x90, 0x7e, 0x95, 0x67, 0xe3, 0x41, 0xbe, 0xbc, 0x53, 0x37, + 0x18, 0x96, 0x25, 0xfb, 0xbe, 0xab, 0x1f, 0x3b, 0x7b, 0x3f, 0x92, 0xff, + 0xb2, 0x68, 0x1e, 0x6e, 0xf5, 0xa7, 0x84, 0xa8, 0xc2, 0xd7, 0x8f, 0x7c, + 0x2d, 0x89, 0xaa, 0xaa, 0x24, 0xd2, 0xce, 0xdb, 0xd0, 0x66, 0x81, 0xcf, + 0xe6, 0x5c, 0x36, 0xc7, 0xbf, 0xa3, 0xc5, 0xba, 0x13, 0x51, 0x62, 0x22, + 0x2e, 0xf5, 0xc2, 0xe9, 0x14, 0xc9, 0x83, 0x61, 0x02, 0x81, 0x80, 0x12, + 0x09, 0x3f, 0x3a, 0x73, 0xca, 0xed, 0xd9, 0x0f, 0x60, 0xa3, 0x04, 0xe4, + 0x54, 0x02, 0xf8, 0x71, 0xab, 0x32, 0xc8, 0xc9, 0x55, 0xb0, 0x9a, 0xf4, + 0x63, 0xa3, 0xbe, 0x43, 0x70, 0xf2, 0xd5, 0x58, 0x4a, 0x9a, 0xbb, 0xab, + 0x69, 0xfd, 0xb0, 0x31, 0xea, 0x44, 0xf9, 0x84, 0x06, 0x5d, 0x04, 0x61, + 0xe8, 0x40, 0xab, 0x21, 0x88, 0x86, 0x60, 0x0e, 0x37, 0x15, 0x54, 0x6c, + 0x8b, 0x0b, 0x85, 0xad, 0x26, 0xd3, 0x8c, 0xb4, 0x30, 0x8f, 0x52, 0xd0, + 0x7f, 0x99, 0x44, 0x7d, 0x91, 0xf0, 0x87, 0xf3, 0x9d, 0xd3, 0x40, 0x38, + 0xdb, 0x2e, 0x93, 0x8e, 0x97, 0xad, 0x05, 0x3a, 0x71, 0xfb, 0xed, 0x67, + 0x75, 0xe1, 0xdc, 0x87, 0x18, 0xe5, 0x4e, 0x6c, 0xaf, 0x7e, 0x65, 0x46, + 0x7d, 0x9c, 0xba, 0xdd, 0xc7, 0xe7, 0x65, 0xc8, 0x58, 0x9e, 0x2c, 0x98, + 0xdf, 0xdc, 0x25, 0xca, 0x4e, 0xca, 0x81, 0x02, 0x81, 0x81, 0x00, 0x8c, + 0xce, 0x61, 0x34, 0x79, 0xcf, 0x96, 0x08, 0xf7, 0xf7, 0x6c, 0x24, 0x5c, + 0xf9, 0x1b, 0xb4, 0x95, 0xd6, 0x1e, 0x9d, 0xe6, 0x48, 0x84, 0x90, 0x54, + 0xb4, 0xdd, 0x1b, 0x43, 0x16, 0xf3, 0xf9, 0x81, 0x42, 0x0d, 0xc0, 0x95, + 0x78, 0xbf, 0x79, 0x16, 0xfe, 0x46, 0x91, 0xcf, 0xae, 0x9a, 0x64, 0xe6, + 0x34, 0x0b, 0x86, 0x03, 0x23, 0x45, 0x23, 0xf2, 0x5d, 0x77, 0xb6, 0x6a, + 0x66, 0xfc, 0x3e, 0xe5, 0x93, 0xa9, 0xf1, 0x8d, 0xea, 0x5d, 0xf6, 0x3e, + 0xd5, 0xf7, 0xdf, 0xeb, 0x9d, 0x20, 0xba, 0x69, 0xa5, 0xbe, 0xf5, 0x59, + 0xff, 0xb0, 0xec, 0x94, 0xdb, 0x72, 0x5f, 0x6f, 0xf6, 0xea, 0xbb, 0xa3, + 0xd4, 0x95, 0x47, 0xc0, 0xca, 0x74, 0xf0, 0x3e, 0x01, 0xec, 0x1e, 0x49, + 0x0d, 0x13, 0x9a, 0xa0, 0xa7, 0x94, 0x7b, 0x8d, 0x66, 0x2c, 0xce, 0x4a, + 0x3c, 0x0f, 0x1b, 0x5e, 0x86, 0x17, 0x41, 0x02, 0x81, 0x81, 0x00, 0xf9, + 0x95, 0x9b, 0x34, 0xc4, 0xbc, 0xa8, 0xce, 0x48, 0x88, 0x78, 0x1b, 0x31, + 0xb1, 0xe9, 0xb5, 0xd8, 0xad, 0xf5, 0xd0, 0xd3, 0xe3, 0xed, 0x54, 0x5e, + 0x83, 0x67, 0xd3, 0xf8, 0x54, 0x5b, 0xa6, 0x44, 0x32, 0xb8, 0x87, 0x30, + 0x35, 0xef, 0x88, 0x1c, 0x2b, 0xcd, 0xe0, 0x0d, 0x18, 0x09, 0xf9, 0x2c, + 0x40, 0xd8, 0x78, 0x37, 0xb5, 0xc4, 0xf9, 0xac, 0xf4, 0x8b, 0x36, 0xb8, + 0xdc, 0x53, 0xa5, 0x95, 0x61, 0xa4, 0x56, 0x52, 0x34, 0x02, 0xd1, 0xe8, + 0xfa, 0x3a, 0xf3, 0x00, 0xe5, 0x4c, 0x91, 0xb6, 0x3e, 0x6c, 0xee, 0x06, + 0xfe, 0x6d, 0xe6, 0x66, 0xf3, 0x92, 0x95, 0x82, 0xa0, 0x3e, 0x1f, 0x45, + 0x4e, 0x77, 0x89, 0xfb, 0x07, 0x81, 0xa4, 0xd6, 0xfb, 0xb5, 0x26, 0xef, + 0x88, 0x16, 0x21, 0xfd, 0x1e, 0xac, 0xd2, 0x14, 0x66, 0xe4, 0xcd, 0xd9, + 0x8a, 0xed, 0x10, 0xf4, 0xe7, 0x6f, 0x79}; + const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { // Comment: @@ -3704,7 +3914,18 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { // Comment: ps is all 0 // tcID: 9 {9, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x97, 0x93, 0xdd, 0x1a, 0x05, 0x70, 0x7a, 0xcb, 0xba, 0xf4, 0x2f, 0x86, + 0xa7, 0xbe, 0x25, 0x73, 0xc9, 0xc3, 0x9f, 0xde, 0x4a, 0xc1, 0x82, 0x9d, + 0x9e, 0x14, 0x0e, 0x66, 0x62, 0x7e, 0xb9, 0xbc, 0x10, 0x41, 0x31, 0x85, + 0x0c, 0x5a, 0x02, 0xbd, 0x58, 0x38, 0xb4, 0xd6, 0x34, 0x47, 0x7e, 0x0f, + 0x05, 0xde, 0x98, 0x76, 0x88, 0x5e, 0xc7, 0xfd, 0x9c, 0x12, 0x0f, 0x4e, + 0xbe, 0x40, 0xc9, 0xc3, 0xe0, 0xee, 0x94, 0x6e, 0x47, 0xa2, 0xc2, 0x4c, + 0xa2, 0xd6, 0xc9, 0x7f, 0xc1, 0x70, 0x08, 0x90, 0xce, 0xb2, 0x84, 0xb4, + 0x37, 0x38, 0xdc, 0xb3, 0x8b, 0xa1, 0xff, 0xdd, 0xd1, 0xbb, 0x8c, 0xf1, + 0x02, 0x77, 0x3d, 0x3a, 0xc3, 0xe2, 0x3b, 0x41, 0x58, 0x9d, 0x59, 0x0b, + 0x38, 0x77, 0x43, 0xf7, 0xcf, 0x3b, 0xf2, 0x57, 0xc6, 0x69, 0xae, 0xa4, + 0xea, 0x92, 0x6e, 0x78, 0xe5, 0x95}, {0x6e, 0x0d, 0x50, 0x7f, 0x66, 0xe1, 0x6d, 0x4b, 0x73, 0x73, 0xa5, 0x04, 0xc6, 0xd4, 0x86, 0x92, 0xaa, 0xa5, 0x41, 0xfd, 0xd5, 0x9e, 0xeb, 0x5d, 0x4a, 0x2c, 0xd9, 0x1f, 0x60, 0x00, 0xce, 0x9b, 0x57, 0x34, 0xa2, 0x32, @@ -3728,7 +3949,7 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x60, 0x9a, 0xd4, 0x46, 0xde, 0x43, 0xeb, 0xed, 0x16, 0x33, 0x0a, 0xb0, 0x67, 0x16, 0xfa, 0x73}, priv_key_0, - false}, + true}, // Comment: ps is all 1 // tcID: 10 @@ -3791,7 +4012,27 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { // Comment: byte 0 of ps is 0 // tcID: 12 {12, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x44, 0xe8, 0x82, 0x2f, 0x3a, 0x33, 0x61, 0x68, 0x34, 0xc3, 0x4a, 0x85, + 0x24, 0x74, 0x34, 0x57, 0x08, 0xc6, 0xd9, 0xa2, 0xe6, 0x65, 0xee, 0xe8, + 0xc9, 0x8d, 0xf4, 0x01, 0xb1, 0x7f, 0xb9, 0xfb, 0xbd, 0x2d, 0x34, 0x9e, + 0x76, 0x50, 0x5d, 0xb7, 0xb6, 0x14, 0x5c, 0x22, 0x39, 0x72, 0xc3, 0x82, + 0x0f, 0x6a, 0x3c, 0x68, 0xf0, 0xc9, 0xbd, 0x06, 0x17, 0xc2, 0x71, 0x3c, + 0xec, 0x22, 0x75, 0x79, 0x80, 0x85, 0x03, 0x36, 0x76, 0x90, 0x66, 0x80, + 0xd1, 0x51, 0x56, 0x88, 0x1e, 0xf2, 0xff, 0x43, 0x2e, 0xd9, 0xbe, 0x22, + 0xed, 0x92, 0xb8, 0xcf, 0xe7, 0xdd, 0x9f, 0xf0, 0x27, 0xc3, 0xf4, 0x49, + 0x6f, 0x36, 0x4c, 0x52, 0x2e, 0x04, 0x69, 0x9c, 0xe2, 0xb3, 0xe4, 0xbf, + 0x36, 0xc4, 0xbb, 0xc4, 0xa5, 0x2e, 0x77, 0xf9, 0xaa, 0x2a, 0x07, 0x2b, + 0x7e, 0x74, 0xaa, 0xd7, 0x08, 0xfd, 0x83, 0x82, 0x1c, 0x5f, 0xec, 0xd1, + 0x70, 0xe1, 0xeb, 0x2a, 0xb7, 0xfe, 0xd9, 0xdb, 0x8c, 0x2f, 0xec, 0xfc, + 0x8b, 0x5c, 0xc7, 0xf2, 0x12, 0x39, 0xb7, 0xde, 0x64, 0x68, 0x41, 0xd9, + 0xb2, 0x64, 0x8b, 0xd7, 0x14, 0x12, 0x86, 0xab, 0x57, 0x7b, 0xbd, 0x8d, + 0xd4, 0x13, 0x9f, 0x53, 0x3a, 0x8b, 0xb5, 0x6a, 0x61, 0x8e, 0x50, 0x61, + 0xc9, 0xfa, 0x9d, 0x87, 0xe2, 0x30, 0x1f, 0xa2, 0xe3, 0x81, 0xa2, 0x12, + 0x1a, 0x40, 0x5d, 0x5e, 0xb3, 0xee, 0x39, 0xc4, 0x0c, 0x39, 0xf2, 0xf7, + 0xfa, 0x41, 0xb9, 0x1f, 0x30, 0x5a, 0xe9, 0x7c, 0xab, 0x3e, 0x08, 0x42, + 0x0a, 0xa3, 0x48, 0x06, 0x6e, 0x23, 0xda, 0x48, 0xa0, 0xe1, 0x01, 0x3b, + 0x0e, 0x56}, {0x6a, 0x8b, 0x8c, 0x01, 0x24, 0x7d, 0x9d, 0x4d, 0x1c, 0x3b, 0xba, 0xac, 0x58, 0xe0, 0x77, 0xe3, 0x79, 0x26, 0x85, 0x4d, 0xc8, 0xbd, 0xb5, 0x8f, 0xb7, 0xb9, 0x89, 0x79, 0xba, 0x91, 0x02, 0x93, 0x44, 0x69, 0x83, 0x64, @@ -3815,12 +4056,21 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x62, 0xca, 0x20, 0xde, 0xe6, 0x20, 0xc0, 0xac, 0xef, 0x14, 0x75, 0xb3, 0x62, 0xee, 0x9b, 0x9f}, priv_key_0, - false}, + true}, // Comment: byte 1 of ps is 0 // tcID: 13 {13, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xd7, 0x51, 0x04, 0x03, 0x67, 0x28, 0x32, 0x1a, 0x06, 0xca, 0x69, 0xcf, + 0x3d, 0xc5, 0xce, 0x9e, 0xa1, 0x59, 0x81, 0x91, 0xb9, 0x7e, 0x86, 0x92, + 0xe9, 0x2a, 0x49, 0x93, 0x88, 0x17, 0x32, 0xd1, 0x08, 0xfe, 0xd2, 0x9d, + 0xa1, 0xfe, 0xf5, 0x4f, 0x57, 0x98, 0x6c, 0xca, 0xa8, 0x60, 0xbd, 0xd5, + 0xe5, 0xba, 0xd1, 0x61, 0x5b, 0xef, 0xea, 0x98, 0x95, 0x36, 0x24, 0x86, + 0xd3, 0xb5, 0xee, 0x12, 0xbb, 0x28, 0x02, 0xf2, 0xfc, 0x68, 0xfd, 0x93, + 0xf6, 0x5c, 0x13, 0x95, 0x7a, 0x14, 0xef, 0x6a, 0x65, 0xb8, 0x85, 0xad, + 0xef, 0x29, 0xf5, 0x92, 0x43, 0xed, 0xb2, 0x65, 0xc9, 0xfe, 0x25, 0x55, + 0x69, 0x35, 0x31, 0xab, 0xfb, 0x87, 0x11, 0x55}, {0x84, 0xc1, 0x49, 0xc3, 0x78, 0xf3, 0xf1, 0x2c, 0xe2, 0x02, 0xbb, 0x56, 0x14, 0x56, 0x25, 0x70, 0x57, 0x70, 0x91, 0x14, 0xec, 0xba, 0xa4, 0xc3, 0xa7, 0xdb, 0xfb, 0xcb, 0xfa, 0xf2, 0xfe, 0x9a, 0x19, 0xce, 0xba, 0xbd, @@ -3844,12 +4094,13 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xb9, 0x9d, 0xa1, 0xf6, 0xa7, 0xee, 0x0d, 0x93, 0x64, 0xef, 0x71, 0x1e, 0xda, 0x4f, 0x07, 0x93}, priv_key_0, - false}, + true}, // Comment: byte 7 of ps is 0 // tcID: 14 {14, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x56, 0xe4, 0x6b, 0xeb, 0x8b, 0x98, 0xc2}, {0x33, 0x07, 0x26, 0x4f, 0x64, 0xd4, 0xca, 0x8b, 0x62, 0xc4, 0xe7, 0xda, 0x4c, 0xac, 0x11, 0x72, 0x62, 0xe5, 0xd3, 0xa3, 0xdb, 0xc1, 0x9a, 0x52, 0x9a, 0xc5, 0x16, 0x7c, 0x19, 0x87, 0xbc, 0xe5, 0x6e, 0x35, 0x87, 0x26, @@ -3873,12 +4124,33 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x7a, 0x74, 0xc7, 0xca, 0x98, 0x76, 0xf0, 0x8f, 0xd6, 0x4d, 0x1d, 0x5f, 0x19, 0x67, 0x86, 0xbe}, priv_key_0, - false}, + true}, // Comment: ps truncated // tcID: 15 {15, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x7e, 0xb6, 0xd0, 0x76, 0xcb, 0x3e, 0x91, 0x1f, 0xd5, 0x11, 0x31, 0x3e, + 0xd6, 0xe8, 0x72, 0x76, 0x0f, 0x33, 0xbb, 0x38, 0xde, 0x69, 0xae, 0x29, + 0xe1, 0xdf, 0x90, 0x94, 0x0c, 0x7a, 0x39, 0x3c, 0x46, 0xb2, 0x05, 0xd0, + 0x54, 0xa9, 0xe8, 0x54, 0x5d, 0xa1, 0x46, 0x86, 0x48, 0xab, 0x9c, 0x64, + 0x4c, 0xb9, 0xb6, 0x14, 0x75, 0x91, 0x03, 0x4b, 0xb1, 0xd2, 0x78, 0xcf, + 0x8c, 0x13, 0xf2, 0x9d, 0xfd, 0x88, 0x7b, 0xf2, 0x08, 0x66, 0x31, 0xde, + 0x6b, 0xce, 0x5a, 0x3a, 0x90, 0x2e, 0xbc, 0xd0, 0x75, 0xcf, 0xfd, 0xac, + 0x7c, 0x64, 0xc2, 0x0d, 0x70, 0x78, 0x0a, 0xc7, 0xa0, 0x1e, 0x51, 0xec, + 0xa2, 0x54, 0x2b, 0x5e, 0xac, 0xd8, 0x7e, 0x62, 0x1c, 0x72, 0x84, 0x9d, + 0x8e, 0xff, 0x75, 0x18, 0x54, 0x5a, 0x71, 0xb0, 0x40, 0xe6, 0x31, 0xeb, + 0x53, 0x68, 0xd8, 0xa9, 0x12, 0xa3, 0x54, 0x20, 0xc2, 0x0e, 0xf2, 0x80, + 0x15, 0x8c, 0x62, 0x96, 0xaa, 0x49, 0xfd, 0x09, 0xf3, 0xa4, 0x86, 0x3d, + 0x71, 0x2a, 0xe7, 0x25, 0x14, 0x8b, 0xa0, 0x25, 0xae, 0x8f, 0xfa, 0x14, + 0x6a, 0x09, 0x37, 0xd4, 0x61, 0x43, 0x1e, 0x11, 0x5e, 0x39, 0xa7, 0xc7, + 0x4d, 0xd0, 0xf4, 0xfc, 0x48, 0xfe, 0x58, 0x8f, 0x6c, 0x18, 0x8b, 0x96, + 0x6a, 0x74, 0x36, 0x8c, 0x4d, 0xbb, 0x60, 0xe3, 0xf5, 0xcc, 0xd5, 0x30, + 0xe1, 0xb2, 0xc3, 0x84, 0x86, 0x66, 0xde, 0x4c, 0x22, 0x04, 0x69, 0x75, + 0x8a, 0xca, 0x95, 0xa9, 0xfe, 0xae, 0xcd, 0x28, 0xbc, 0x3e, 0xf6, 0x4d, + 0x1a, 0xbb, 0x88, 0x5d, 0x96, 0xc9, 0x99, 0x3b, 0xab, 0x60, 0x1d, 0x08, + 0x7e, 0xfb, 0xc6, 0xc8, 0x73, 0xc6, 0x54, 0x7e, 0x5a, 0x86, 0x61, 0x11, + 0x29, 0x75, 0x41, 0x25, 0x31}, {0x16, 0xd5, 0x6b, 0x7a, 0x9e, 0x67, 0x2e, 0x38, 0x70, 0x16, 0xe8, 0xb1, 0xc9, 0xcf, 0xf4, 0x74, 0xd5, 0x60, 0xfa, 0xa8, 0xca, 0x14, 0xa5, 0x65, 0xfb, 0xa0, 0x86, 0x01, 0x5c, 0x5f, 0x9d, 0x53, 0xb2, 0x05, 0xc4, 0xcc, @@ -3902,12 +4174,22 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x7f, 0x01, 0xc7, 0x94, 0x0e, 0xc6, 0x27, 0x58, 0x00, 0x6a, 0x65, 0x28, 0x71, 0xd7, 0x2b, 0x75}, priv_key_0, - false}, + true}, // Comment: ps missing // tcID: 16 {16, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xbb, 0x17, 0x37, 0xae, 0x4e, 0xdd, 0x4e, 0x87, 0xc3, 0x61, 0x4f, 0x62, + 0xd7, 0x09, 0xcf, 0x27, 0xc4, 0x45, 0xc6, 0xfc, 0x1c, 0x00, 0x8f, 0x8c, + 0xab, 0xc5, 0x52, 0xdf, 0x0b, 0x5c, 0xac, 0x1a, 0xe8, 0x9a, 0x68, 0xe1, + 0xa7, 0xfc, 0xae, 0xe2, 0x48, 0xfe, 0xc5, 0x0c, 0x8e, 0x16, 0x4b, 0x86, + 0x7c, 0x0d, 0xe4, 0xda, 0x2c, 0x40, 0xf1, 0x80, 0xe0, 0x75, 0xb9, 0xb2, + 0x5b, 0x45, 0x56, 0x45, 0x10, 0x00, 0x0c, 0xb7, 0xda, 0x28, 0x96, 0xdf, + 0xc0, 0xb3, 0x54, 0x91, 0xa5, 0x1d, 0xb2, 0x34, 0xc0, 0x1e, 0xdd, 0xa0, + 0xec, 0xb3, 0x00, 0x69, 0x4c, 0xec, 0xdb, 0xa7, 0xb6, 0x4c, 0x9f, 0x8a, + 0xc4, 0xb1, 0x4b, 0xaa, 0x32, 0x7a, 0xa5, 0x42, 0xd2, 0x20, 0x45, 0xec, + 0x61, 0xcc, 0x0c, 0x01, 0xa3, 0xd4, 0xa5, 0x97, 0x04, 0x46}, {0x25, 0xf6, 0x7b, 0xc6, 0xc1, 0x32, 0x0a, 0x13, 0xfa, 0x91, 0xa2, 0x3d, 0x4d, 0x18, 0x01, 0xcc, 0x73, 0x59, 0x41, 0x61, 0xa7, 0xf3, 0x44, 0xff, 0xa1, 0x95, 0xd6, 0xdd, 0x18, 0x94, 0xc1, 0xe3, 0x9d, 0x6c, 0xd8, 0x18, @@ -3931,12 +4213,22 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xc2, 0xb9, 0x2e, 0x64, 0xdd, 0xa8, 0xe7, 0x39, 0x97, 0x19, 0xa1, 0x3b, 0x81, 0x82, 0xc7, 0x39}, priv_key_0, - false}, + true}, // Comment: Block type = 0 // tcID: 17 {17, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x0f, 0xa1, 0x46, 0x17, 0x1e, 0xdc, 0xaa, 0xd5, 0x8d, 0xce, 0x5c, 0x6b, + 0x76, 0x4b, 0x93, 0xbd, 0x87, 0xf7, 0x48, 0x0b, 0xd1, 0x41, 0x07, 0xde, + 0xda, 0x64, 0x35, 0x80, 0xfa, 0x8f, 0x6d, 0xa0, 0x56, 0x34, 0xc3, 0x0f, + 0x4a, 0x4c, 0x5d, 0x7b, 0xdb, 0x25, 0x0d, 0x19, 0xc3, 0x3b, 0xe4, 0x7c, + 0x77, 0xaf, 0x6e, 0x53, 0xe2, 0xd9, 0x4e, 0xd5, 0x15, 0x94, 0x4f, 0xe1, + 0x94, 0x43, 0x7e, 0xf1, 0x3f, 0x0d, 0x8f, 0x0e, 0x34, 0x5c, 0xd0, 0x43, + 0xe2, 0x86, 0x17, 0x54, 0x9f, 0xce, 0x19, 0x7a, 0x54, 0xef, 0x1b, 0xb9, + 0x1d, 0x2d, 0x6f, 0xda, 0x3d, 0x4b, 0x9b, 0xa9, 0x9e, 0x24, 0xbd, 0x8c, + 0x66, 0x7b, 0xc8, 0x5f, 0xb2, 0xb3, 0x5c, 0xd3, 0xd2, 0xe8, 0xcc, 0x6f, + 0x66, 0x6c, 0xb5}, {0x37, 0x1e, 0x28, 0x17, 0x30, 0xbb, 0xc2, 0x89, 0xcd, 0x77, 0xa6, 0x4a, 0xb4, 0x9b, 0x37, 0x0e, 0xd7, 0x90, 0x0c, 0x48, 0xf5, 0x62, 0x56, 0x15, 0xff, 0x28, 0xbe, 0xee, 0xea, 0xbc, 0x86, 0x0b, 0x46, 0x73, 0xab, 0x16, @@ -3960,12 +4252,32 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x50, 0x08, 0xc2, 0xd9, 0x10, 0x0e, 0xd0, 0x8c, 0xaa, 0x88, 0xbd, 0xc1, 0x1a, 0xea, 0x04, 0xdf}, priv_key_0, - false}, + true}, // Comment: Block type = 1 // tcID: 18 {18, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xa1, 0x3b, 0x3a, 0x52, 0x0f, 0xbf, 0xeb, 0xff, 0x1b, 0x23, 0x4f, 0xb5, + 0x11, 0xe3, 0x02, 0xf0, 0x33, 0x36, 0xc1, 0x14, 0x8f, 0x87, 0x3d, 0xd4, + 0x98, 0x64, 0x90, 0x3b, 0x6e, 0x6c, 0xc5, 0xba, 0x66, 0x1c, 0x27, 0x59, + 0x31, 0x9a, 0xc3, 0x88, 0xe0, 0x58, 0xaf, 0xf6, 0xef, 0x85, 0xd9, 0x75, + 0xdd, 0x49, 0xe7, 0x14, 0x6f, 0xa4, 0xea, 0xa8, 0x81, 0xe7, 0x81, 0x5e, + 0x22, 0xf0, 0xa8, 0x16, 0x30, 0x0b, 0xbb, 0x87, 0xd7, 0x9d, 0x52, 0x68, + 0x3e, 0xe2, 0xb9, 0x5a, 0x37, 0xfe, 0x27, 0xd6, 0xce, 0x7e, 0x74, 0x52, + 0x2e, 0x9d, 0x0d, 0x87, 0x8a, 0x2a, 0xed, 0xc0, 0xeb, 0xc2, 0x8d, 0xba, + 0xf0, 0x73, 0xbe, 0x91, 0x0a, 0x3b, 0xc9, 0x7b, 0x87, 0x2c, 0x6e, 0x38, + 0x35, 0x66, 0x47, 0x65, 0x9c, 0x50, 0x72, 0xcb, 0xc1, 0xaf, 0xa1, 0x1e, + 0x69, 0xab, 0x24, 0xd6, 0x9a, 0x95, 0x40, 0x49, 0xca, 0x7b, 0x48, 0x9b, + 0xe9, 0xb2, 0xc6, 0x4b, 0x66, 0xf9, 0x97, 0x84, 0xba, 0x57, 0xf4, 0x55, + 0x5e, 0x2c, 0x55, 0x1a, 0xe8, 0xc9, 0xb2, 0x6b, 0x1c, 0x25, 0x20, 0x63, + 0x61, 0x40, 0xa8, 0xb4, 0x76, 0xc3, 0x85, 0xaf, 0x07, 0x40, 0xd0, 0xf8, + 0x9c, 0x86, 0xd4, 0xde, 0x25, 0x51, 0x61, 0x31, 0xcb, 0xc9, 0x42, 0x7f, + 0xcd, 0xcf, 0x6c, 0x30, 0xc5, 0x10, 0xc3, 0xf4, 0x3f, 0x9b, 0xfe, 0x27, + 0x10, 0xda, 0xf2, 0x74, 0x70, 0xce, 0xf9, 0x87, 0x95, 0x4c, 0x14, 0xc9, + 0x42, 0x37, 0x6d, 0x0e, 0x95, 0x4d, 0x86, 0xf3, 0xa1, 0x54, 0x32, 0x94, + 0xc8, 0xf6, 0x3a, 0xa1, 0xa9, 0xc9, 0x44, 0x01, 0x17, 0x92, 0xea, 0x81, + 0x4a, 0xa6}, {0x92, 0x21, 0x0e, 0x5b, 0xbf, 0x24, 0xd2, 0xcd, 0x95, 0x27, 0xf6, 0xe2, 0x4f, 0xfa, 0xfa, 0xfd, 0xfe, 0xe2, 0x42, 0xb1, 0x46, 0x53, 0x9f, 0x37, 0x31, 0x71, 0x5f, 0xff, 0x42, 0x09, 0x2c, 0xc8, 0xf5, 0xa1, 0xa4, 0x91, @@ -3989,12 +4301,22 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x6b, 0x1a, 0xcc, 0x67, 0xa5, 0x6e, 0xc3, 0x79, 0xbb, 0xa0, 0x3a, 0x8b, 0xe9, 0x1d, 0xc0, 0xcd}, priv_key_0, - false}, + true}, // Comment: Block type = 0xff // tcID: 19 {19, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x60, 0x05, 0x55, 0x0d, 0x8e, 0xad, 0x7e, 0x73, 0xb0, 0x47, 0x8a, 0xa3, + 0xd8, 0x5e, 0x4b, 0xa0, 0xa4, 0x9c, 0x24, 0x62, 0x5a, 0x37, 0xf5, 0x91, + 0x16, 0x3a, 0x93, 0x40, 0x91, 0x9c, 0x85, 0x45, 0xf7, 0xa5, 0xf1, 0x6a, + 0xd6, 0xda, 0x70, 0x6b, 0x4d, 0x58, 0x81, 0x93, 0xac, 0xfb, 0x28, 0xc7, + 0x48, 0x03, 0xea, 0x9c, 0xb7, 0xce, 0x93, 0xe5, 0xf6, 0x8c, 0x14, 0x72, + 0x27, 0x9c, 0xe7, 0x32, 0xea, 0x8a, 0xea, 0x7d, 0x10, 0xd0, 0xcb, 0x24, + 0xab, 0x36, 0x02, 0x11, 0xe5, 0xcf, 0x7d, 0xcb, 0xc0, 0xec, 0x04, 0xe8, + 0xef, 0xe8, 0x04, 0x19, 0x39, 0x32, 0x07, 0x70, 0x3c, 0x19, 0xcd, 0x21, + 0x19, 0x15, 0x95, 0x86, 0xdd, 0xcb, 0xf2, 0xa5, 0x79, 0x2d, 0xe4, 0xa2, + 0x9b, 0x07, 0xab, 0x7a, 0x6c, 0x1c, 0x65, 0x0a}, {0x6d, 0xbc, 0x27, 0xd3, 0x33, 0x71, 0xf8, 0xcb, 0x3c, 0x3a, 0x54, 0x18, 0x5a, 0x68, 0x7a, 0x66, 0xee, 0xa8, 0x11, 0x4f, 0x26, 0xcd, 0x23, 0x46, 0x17, 0xb2, 0xf5, 0x67, 0xd6, 0x01, 0x3e, 0x22, 0x2f, 0x33, 0xd7, 0xfe, @@ -4018,12 +4340,27 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xc1, 0xbb, 0x25, 0x28, 0x6d, 0x9c, 0xe2, 0x02, 0x17, 0x6f, 0x39, 0x5e, 0x29, 0xf9, 0x21, 0x36}, priv_key_0, - false}, + true}, // Comment: First byte is not zero // tcID: 20 {20, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xee, 0xdb, 0x97, 0x9a, 0x9d, 0x20, 0xb0, 0x25, 0x90, 0xb9, 0x29, 0xc8, + 0x30, 0x40, 0x9d, 0x54, 0x55, 0xf7, 0xf0, 0x8d, 0x90, 0x99, 0x38, 0x2b, + 0x29, 0x46, 0x3e, 0x26, 0x48, 0x59, 0x1a, 0xc5, 0x12, 0x0e, 0x83, 0x1f, + 0x64, 0x61, 0x62, 0x04, 0x2c, 0x5c, 0x40, 0x7d, 0x49, 0x04, 0x47, 0xb4, + 0xfe, 0x90, 0x75, 0x13, 0x81, 0x22, 0x07, 0x3b, 0xe1, 0x2d, 0x33, 0x1f, + 0xa1, 0x46, 0x3a, 0x7a, 0x5a, 0x60, 0x03, 0x9a, 0x8e, 0x44, 0x93, 0x30, + 0x20, 0xc3, 0x33, 0x15, 0x69, 0x96, 0x57, 0xe8, 0x00, 0x18, 0x45, 0xd1, + 0x54, 0x41, 0x72, 0xc5, 0xde, 0x76, 0x79, 0xcf, 0x56, 0x26, 0x76, 0x49, + 0xc0, 0xa6, 0xa0, 0x1b, 0x9b, 0xc1, 0x69, 0x4e, 0x47, 0x95, 0x16, 0x17, + 0x70, 0x1d, 0xdc, 0x27, 0x04, 0x9d, 0x00, 0x14, 0x66, 0x36, 0xdd, 0xc2, + 0xe8, 0x72, 0xb7, 0x10, 0xb3, 0x6f, 0x02, 0x2f, 0x87, 0x4c, 0xd4, 0x76, + 0xc8, 0x42, 0x3b, 0x67, 0x86, 0xd4, 0x6e, 0xdf, 0xb2, 0xc2, 0xcc, 0x61, + 0xdd, 0xff, 0x93, 0xd6, 0x5f, 0xd6, 0xe8, 0xb9, 0x5c, 0xe9, 0xf4, 0x81, + 0x90, 0x20, 0xa9, 0xa2, 0xed, 0x3c, 0x9a, 0xc3, 0x49, 0x6c, 0x7a, 0xe8, + 0x2d, 0xdd, 0xb7, 0xf7, 0xbd, 0xc8}, {0x79, 0x4a, 0xb7, 0x24, 0xae, 0xb1, 0x76, 0xc4, 0x41, 0x5a, 0x59, 0x7e, 0x9d, 0x69, 0xcb, 0x56, 0x7c, 0xec, 0xe4, 0x47, 0x9e, 0x6e, 0x4c, 0x9c, 0x19, 0x53, 0x0b, 0x08, 0x77, 0xb5, 0x37, 0x19, 0xd7, 0xf6, 0x31, 0x8b, @@ -4047,12 +4384,31 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xd0, 0x36, 0x06, 0xe6, 0xf7, 0x5c, 0xb5, 0x85, 0x44, 0x43, 0xea, 0xa3, 0x63, 0x61, 0x41, 0x16}, priv_key_0, - false}, + true}, // Comment: First byte is not zero // tcID: 21 {21, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x0e, 0x16, 0xc7, 0x0b, 0x13, 0x1b, 0xc2, 0x77, 0x6b, 0xf7, 0xcd, 0xdd, + 0xa5, 0xce, 0x15, 0x45, 0x10, 0xd1, 0xe9, 0x0c, 0x65, 0x07, 0x20, 0x1e, + 0x69, 0x4a, 0x96, 0xff, 0x8d, 0x78, 0x30, 0xf9, 0x47, 0x73, 0x4b, 0x0d, + 0x6e, 0x7b, 0xe7, 0x15, 0x2e, 0xf0, 0x25, 0xbd, 0x40, 0x83, 0x18, 0xa1, + 0x20, 0x97, 0x55, 0x68, 0x0f, 0x54, 0x28, 0x48, 0x69, 0x19, 0xb0, 0xf8, + 0x52, 0xb7, 0xc9, 0x0d, 0x3a, 0xe7, 0x92, 0x31, 0x97, 0xfc, 0x1b, 0x3f, + 0xc7, 0x5f, 0x0f, 0x78, 0xf9, 0xd2, 0x80, 0x2b, 0x32, 0x57, 0xbe, 0x5c, + 0x09, 0x5c, 0xb3, 0x31, 0x7e, 0x9f, 0xe6, 0xc1, 0xf1, 0xa9, 0x1a, 0xa2, + 0x6d, 0x01, 0x7c, 0x8e, 0x58, 0x24, 0x5f, 0x68, 0x25, 0xfa, 0xf7, 0xa8, + 0x97, 0x8e, 0x9c, 0x2b, 0xc4, 0x39, 0x00, 0x7c, 0xa8, 0x44, 0xcb, 0xde, + 0x93, 0x8a, 0x23, 0xf5, 0xdc, 0xc8, 0xa6, 0x6e, 0x67, 0xb3, 0x89, 0xd2, + 0xed, 0xb7, 0x06, 0x01, 0xe7, 0x4e, 0x57, 0x83, 0x1f, 0x9b, 0x36, 0x2d, + 0xff, 0x2b, 0x31, 0x22, 0xdb, 0x72, 0xda, 0x75, 0x4a, 0x14, 0xc5, 0xca, + 0xa9, 0x13, 0xe9, 0x29, 0x56, 0x28, 0x16, 0xc6, 0xb3, 0x24, 0x69, 0x5f, + 0x1c, 0xef, 0x9a, 0x6d, 0xc9, 0x1d, 0xff, 0x58, 0xb3, 0xa5, 0xd9, 0xea, + 0xfb, 0x72, 0xb5, 0xd5, 0x91, 0x17, 0xcd, 0x21, 0x48, 0x67, 0xd4, 0xf4, + 0x70, 0xfd, 0xdf, 0xc5, 0x66, 0xf5, 0x84, 0x19, 0x3d, 0x38, 0xb8, 0xcc, + 0xc1, 0xb6, 0x03, 0xc1, 0x34, 0xf3, 0xd6, 0xdd, 0xd8, 0x1f, 0x87, 0xab, + 0x3a, 0x69, 0x4c, 0x9a, 0x3a, 0xee, 0xc3, 0xe6, 0x90}, {0x8c, 0x7b, 0x80, 0x18, 0x88, 0x18, 0xf6, 0x3e, 0x6a, 0x01, 0x10, 0xcf, 0x94, 0xa1, 0x69, 0xc7, 0x8a, 0x0d, 0xb7, 0x59, 0x17, 0xca, 0xaf, 0x47, 0x40, 0x5e, 0x83, 0x84, 0xb7, 0x9a, 0x8f, 0x40, 0xde, 0x94, 0xf2, 0x8f, @@ -4076,12 +4432,31 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x73, 0x75, 0x99, 0x8e, 0x5a, 0x03, 0xaf, 0x0e, 0xc8, 0xaa, 0x92, 0x27, 0x6b, 0xd5, 0x1b, 0x21}, priv_key_0, - false}, + true}, // Comment: signature padding // tcID: 22 {22, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x72, 0x01, 0x1d, 0x4c, 0xc4, 0xf8, 0x00, 0x09, 0x58, 0x28, 0x9a, 0xb8, + 0x48, 0x47, 0x86, 0xe5, 0x6a, 0xb9, 0x12, 0xc7, 0x79, 0x3a, 0x06, 0x5a, + 0x76, 0x75, 0xfa, 0x09, 0xf2, 0x65, 0x06, 0x2b, 0x04, 0x2a, 0x87, 0x3c, + 0xe1, 0x5b, 0x08, 0xb5, 0xc2, 0x2d, 0xe8, 0x64, 0x1d, 0xac, 0xde, 0xfd, + 0x89, 0x0a, 0xcd, 0x09, 0x61, 0xd8, 0xab, 0x2a, 0xf0, 0xc7, 0x4e, 0xfb, + 0xed, 0xc5, 0xa0, 0xf5, 0xa3, 0xfe, 0xba, 0xb1, 0x71, 0x29, 0x65, 0xbb, + 0x5d, 0x83, 0x5a, 0x51, 0x5f, 0xb0, 0x1b, 0xa1, 0x09, 0x77, 0x5f, 0x69, + 0x1b, 0x71, 0x96, 0x1e, 0xb9, 0xac, 0x46, 0x56, 0x5c, 0xc8, 0xa0, 0x59, + 0x08, 0x1f, 0x17, 0x7e, 0x19, 0x67, 0xf9, 0xe0, 0x09, 0x87, 0x82, 0x23, + 0xb0, 0x79, 0x50, 0xd5, 0xfb, 0xbd, 0xa7, 0x5a, 0x85, 0x53, 0x0a, 0xb6, + 0x93, 0x68, 0xc1, 0x9f, 0xab, 0x1c, 0x6f, 0xe9, 0xd2, 0x9f, 0x76, 0x03, + 0x5b, 0xca, 0x30, 0x86, 0x9c, 0x8b, 0xa1, 0x7f, 0xa8, 0xf0, 0xa7, 0x9b, + 0x3c, 0xbf, 0x5f, 0x78, 0xf3, 0x26, 0xed, 0xf5, 0x7a, 0xe7, 0x06, 0x07, + 0xf4, 0xce, 0x34, 0xcd, 0xbe, 0x63, 0x09, 0x36, 0x25, 0x0b, 0x5b, 0x58, + 0x69, 0xc1, 0xe9, 0x47, 0x8c, 0x0a, 0x6c, 0xde, 0xa5, 0x78, 0x9d, 0x65, + 0x71, 0xb1, 0xed, 0x9b, 0x11, 0x5b, 0xeb, 0x4a, 0xa4, 0xb6, 0xdc, 0x18, + 0x56, 0xdf, 0xd1, 0xbc, 0xa1, 0xec, 0xac, 0xcd, 0x27, 0x0f, 0x4a, 0x73, + 0xca, 0x35, 0xf4, 0x1a, 0x85, 0x4d, 0x5e, 0xa0, 0xaf, 0xe1, 0xe6, 0x73, + 0x19, 0x3a, 0xed, 0x83, 0xca, 0x08, 0xf1, 0x86, 0x5a, 0x36, 0x31, 0x03}, {0x34, 0xbc, 0x8b, 0x1a, 0x46, 0x46, 0xf2, 0xdb, 0x8b, 0x10, 0xfd, 0xae, 0x22, 0xd6, 0xb5, 0xcb, 0x30, 0x02, 0x29, 0x11, 0x40, 0x15, 0xf2, 0x52, 0x93, 0xd4, 0xb2, 0x8e, 0x8f, 0x58, 0x78, 0x3e, 0x1c, 0x5e, 0x68, 0x94, @@ -4105,12 +4480,26 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x6e, 0xdb, 0x96, 0x85, 0x2a, 0x32, 0xc9, 0x63, 0x2c, 0x2e, 0x6e, 0x4b, 0x9a, 0x6f, 0x88, 0x1e}, priv_key_0, - false}, + true}, // Comment: no zero after padding // tcID: 23 {23, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x23, 0x12, 0x21, 0x07, 0xd3, 0x02, 0x52, 0xeb, 0x4c, 0x82, 0x74, 0xaa, + 0x02, 0x95, 0x99, 0xeb, 0xbc, 0x20, 0x32, 0xe7, 0x9b, 0xc1, 0x56, 0xf7, + 0x45, 0xfc, 0xd4, 0xb7, 0xaa, 0x67, 0x6f, 0x54, 0xf2, 0x09, 0x36, 0xed, + 0xf5, 0x27, 0xc1, 0xc3, 0xf9, 0x98, 0xad, 0x15, 0x2f, 0xb3, 0x99, 0x3d, + 0x0b, 0xfc, 0x91, 0xc0, 0x93, 0xdd, 0x3c, 0x7b, 0x76, 0x2e, 0xee, 0x84, + 0xab, 0x9a, 0xe4, 0x4f, 0x41, 0x9f, 0xe3, 0xc4, 0x66, 0xef, 0x15, 0x53, + 0x5e, 0x7b, 0x8a, 0x98, 0x2d, 0xd9, 0x5e, 0x14, 0x41, 0xfe, 0xc5, 0x1e, + 0x8a, 0x7a, 0x54, 0x65, 0xb8, 0xc4, 0x53, 0x3b, 0x1a, 0xca, 0xbc, 0xae, + 0xda, 0x0b, 0x34, 0xa1, 0x68, 0x07, 0xfa, 0x5b, 0x0e, 0x80, 0x09, 0x97, + 0xd6, 0x62, 0x14, 0x5e, 0xb0, 0xc0, 0xd4, 0xb1, 0x7f, 0x9f, 0xb6, 0x17, + 0xf0, 0x41, 0xa0, 0x5c, 0x38, 0xb2, 0xbe, 0xaf, 0xa0, 0xfe, 0x01, 0x7c, + 0xc0, 0x5d, 0x09, 0x89, 0x41, 0x8f, 0xfc, 0xf5, 0x2f, 0xdf, 0x00, 0x4f, + 0xf1, 0x27, 0xc1, 0x94, 0x15, 0xb8, 0x55, 0x65, 0x03, 0x9c, 0x2c, 0xb8, + 0xfa, 0xa8, 0xfc, 0xdc}, {0x46, 0x29, 0x02, 0x7b, 0xfd, 0xd6, 0xc3, 0x3a, 0xbd, 0xa0, 0x30, 0xf0, 0xcb, 0x3a, 0xc1, 0xb5, 0x5b, 0xdd, 0xdd, 0xd1, 0x12, 0x92, 0x52, 0x0f, 0x14, 0x22, 0x48, 0xbb, 0xd1, 0xef, 0xad, 0x14, 0xad, 0xcb, 0x7e, 0xc5, @@ -4134,12 +4523,29 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xb4, 0x16, 0x09, 0x5c, 0x6f, 0xf9, 0x6f, 0x6d, 0xe0, 0xd9, 0x12, 0x3d, 0xd9, 0xce, 0x6d, 0x31}, priv_key_0, - false}, + true}, // Comment: no padding // tcID: 24 {24, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xc4, 0x59, 0x75, 0xe3, 0x07, 0x51, 0xd5, 0x1b, 0x4a, 0x81, 0x93, 0x86, + 0xcc, 0x9f, 0x2a, 0x90, 0x20, 0xac, 0x1e, 0x07, 0x84, 0x4a, 0x19, 0xba, + 0x86, 0x92, 0x0d, 0xd9, 0xe7, 0x3e, 0x2d, 0x45, 0xb8, 0x16, 0x4a, 0xf0, + 0x84, 0x05, 0x46, 0x3f, 0xce, 0x7d, 0x63, 0x61, 0x8d, 0x15, 0xdc, 0x07, + 0xb8, 0x08, 0x70, 0xe8, 0x87, 0xe5, 0xc8, 0xbc, 0xec, 0xfd, 0x37, 0x85, + 0x5a, 0xee, 0x81, 0x81, 0x90, 0x58, 0x07, 0xf6, 0xbb, 0x30, 0x2e, 0xa4, + 0x15, 0xc9, 0x97, 0xfb, 0x6c, 0x39, 0x08, 0x6d, 0x39, 0xde, 0x08, 0xfb, + 0xee, 0x88, 0xbf, 0x8c, 0x04, 0x6a, 0xe8, 0x49, 0x41, 0x8d, 0xd1, 0x6c, + 0xfb, 0x1e, 0xe2, 0x23, 0x60, 0xbc, 0x87, 0xab, 0xba, 0xb9, 0x0d, 0x31, + 0x46, 0xe6, 0x00, 0xb5, 0x56, 0x29, 0xbf, 0x30, 0xf3, 0x6d, 0xe9, 0x71, + 0x09, 0x23, 0xb0, 0xeb, 0x93, 0xb1, 0xf6, 0x29, 0x8e, 0x55, 0x15, 0x33, + 0x13, 0xdf, 0xf7, 0xa3, 0x10, 0x34, 0x40, 0x40, 0x3f, 0xf5, 0xe7, 0x05, + 0xfe, 0xb9, 0xf4, 0xf2, 0x91, 0xae, 0x27, 0x85, 0x17, 0xd5, 0x3c, 0xb3, + 0x63, 0x8c, 0xed, 0x27, 0x95, 0x70, 0x58, 0x56, 0x62, 0xe7, 0xd6, 0xf7, + 0x97, 0x96, 0x83, 0x9b, 0xf0, 0x4f, 0x5e, 0x1b, 0x96, 0x2f, 0x69, 0x68, + 0x4a, 0x3e, 0xe8, 0x2b, 0x93, 0xdb, 0x14, 0x04, 0x31, 0x58, 0xa0, 0x2c, + 0x0c, 0x82, 0xcb, 0x9d, 0x8d, 0xf8, 0xfd, 0xd5, 0xea}, {0x91, 0x0a, 0xd4, 0x0a, 0xe0, 0xd8, 0xaf, 0x15, 0x1f, 0x51, 0x23, 0x54, 0xe1, 0xcf, 0x12, 0xaf, 0x7c, 0x48, 0x51, 0xcf, 0xf0, 0xb6, 0x59, 0x02, 0x6e, 0x90, 0xa9, 0xec, 0x4d, 0xea, 0x6c, 0x1e, 0x4b, 0x2b, 0x33, 0xcb, @@ -4163,12 +4569,29 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xba, 0x4b, 0x81, 0x6a, 0x23, 0x28, 0xee, 0xe9, 0x85, 0x3f, 0xa6, 0x99, 0x4e, 0xc3, 0x13, 0xd8}, priv_key_0, - false}, + true}, // Comment: m = 2 // tcID: 25 {25, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x9e, 0x7c, 0xf0, 0xec, 0x30, 0x99, 0xfa, 0x06, 0x92, 0xbf, 0xd1, 0xef, + 0x09, 0x46, 0xd0, 0x40, 0x06, 0xe3, 0xdb, 0x42, 0xcb, 0x9f, 0x14, 0x17, + 0x04, 0x5e, 0x23, 0x98, 0x6a, 0x95, 0x4c, 0xca, 0xb3, 0xa1, 0x8c, 0xcc, + 0x6d, 0x93, 0x03, 0x67, 0x50, 0xab, 0x6b, 0x1b, 0x61, 0xc7, 0x46, 0xe3, + 0x30, 0x0c, 0x75, 0x98, 0xc7, 0xe9, 0xd5, 0x28, 0x22, 0xe0, 0xd2, 0x30, + 0x2d, 0xa7, 0xea, 0xfb, 0x87, 0xa8, 0x4e, 0x5c, 0x9a, 0xf5, 0x74, 0xde, + 0xe3, 0x34, 0xcb, 0x7d, 0xfb, 0xd5, 0xe6, 0xc1, 0x00, 0x6a, 0xa5, 0x15, + 0xc0, 0x42, 0x59, 0xeb, 0x3d, 0x06, 0xa1, 0xa9, 0x48, 0x85, 0x2c, 0x7f, + 0xd1, 0x26, 0xd1, 0x5e, 0x80, 0xe3, 0x2d, 0x7f, 0xc8, 0xee, 0xd9, 0x41, + 0x85, 0xb3, 0x20, 0x95, 0xe3, 0x7f, 0x2f, 0x6a, 0x56, 0x41, 0x23, 0xce, + 0x05, 0x2f, 0xb3, 0x5c, 0x52, 0xc7, 0x08, 0xd7, 0x3c, 0x3d, 0x6f, 0x4f, + 0x4c, 0xa5, 0x9d, 0x91, 0xf4, 0x63, 0x01, 0x51, 0x17, 0x33, 0x3d, 0xb5, + 0xf7, 0x01, 0x44, 0x4c, 0x08, 0x6f, 0x1e, 0xd0, 0x5a, 0xca, 0x05, 0x89, + 0xe4, 0xa1, 0x64, 0x33, 0xad, 0x00, 0x90, 0x38, 0x12, 0xb3, 0xd0, 0xae, + 0x13, 0x28, 0x9a, 0xab, 0xca, 0xdc, 0x31, 0xab, 0x6e, 0x00, 0x1c, 0x8b, + 0x5c, 0x03, 0x09, 0x1b, 0xc7, 0x89, 0x9a, 0xed, 0x0a, 0x78, 0x1b, 0x0a, + 0xba, 0xfe, 0x57, 0x22, 0x6a, 0x24, 0xe1, 0xb5, 0xa4, 0x75, 0xda}, {0x62, 0x94, 0xdd, 0xf0, 0xfc, 0xd1, 0x37, 0x39, 0x0c, 0xb2, 0x19, 0x3e, 0x05, 0x0b, 0x5f, 0x61, 0xbf, 0x01, 0x83, 0x97, 0x29, 0x12, 0xdc, 0xa8, 0x8d, 0xdc, 0xef, 0x7d, 0x54, 0x38, 0x86, 0x65, 0xa7, 0xff, 0x9b, 0xe1, @@ -4192,12 +4615,13 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x74, 0xca, 0xca, 0x09, 0x95, 0xca, 0x3e, 0x57, 0x64, 0x28, 0xf6, 0x51, 0xe1, 0xcf, 0x37, 0x64}, priv_key_0, - false}, + true}, // Comment: m = n-2 // tcID: 26 {26, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x6a, 0xbd, 0xa8, 0xd0, 0x70, 0xf3, 0xae, 0x3e, 0x17, 0x5b, 0xb7}, {0x50, 0xbc, 0x2c, 0x3a, 0xd0, 0x7b, 0xaf, 0x0b, 0xb9, 0x03, 0x7b, 0x70, 0x4b, 0x4e, 0x81, 0xc9, 0x70, 0x03, 0xc7, 0xce, 0x64, 0x4a, 0xc8, 0xed, 0x0c, 0x52, 0xef, 0x9b, 0x1d, 0x7f, 0x82, 0x56, 0x95, 0xf4, 0x4a, 0x46, @@ -4221,12 +4645,27 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x80, 0xa8, 0x5c, 0x13, 0x02, 0xfe, 0x01, 0xb3, 0x3d, 0x01, 0xfd, 0x3c, 0x61, 0xfb, 0xa0, 0xe9}, priv_key_0, - false}, + true}, // Comment: c = 0 // tcID: 27 {27, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xfc, 0xd3, 0x37, 0xc9, 0x64, 0x1f, 0xb9, 0x1d, 0x66, 0x0d, 0xb0, 0x8d, + 0x19, 0xb2, 0x47, 0x7e, 0x31, 0xd3, 0xf1, 0xd5, 0x69, 0x8b, 0x7f, 0xa3, + 0x04, 0xa5, 0x92, 0x73, 0xe9, 0xea, 0xfe, 0x53, 0x88, 0xfe, 0xa0, 0xa0, + 0x60, 0x4d, 0x7e, 0x03, 0x02, 0xce, 0xf4, 0x62, 0xb8, 0x27, 0x5c, 0x74, + 0xa3, 0xdb, 0xb1, 0xf8, 0x0f, 0x44, 0x96, 0xc9, 0xf2, 0x48, 0x0d, 0x4e, + 0x03, 0x89, 0x3a, 0x1a, 0x0b, 0xcd, 0xf0, 0x75, 0x04, 0xef, 0x3b, 0x3e, + 0x22, 0xb9, 0x25, 0x16, 0x0c, 0xc1, 0x45, 0xf6, 0x98, 0xee, 0xfc, 0x4b, + 0x82, 0xa7, 0x23, 0x3b, 0x8b, 0x46, 0x27, 0x0e, 0xd1, 0x2b, 0x35, 0x31, + 0x5c, 0x3b, 0x4c, 0x93, 0x79, 0x4f, 0xf1, 0xa9, 0x7d, 0x94, 0xb2, 0xaa, + 0x9a, 0x15, 0x2d, 0x58, 0x79, 0x87, 0x50, 0x7c, 0xb0, 0xea, 0x05, 0xa3, + 0xf0, 0xdf, 0x71, 0x73, 0xe7, 0x4d, 0xb4, 0x06, 0x9e, 0x59, 0xe3, 0x61, + 0x14, 0x52, 0xa8, 0x9b, 0xbb, 0x79, 0xe7, 0xe2, 0xef, 0x60, 0x34, 0x32, + 0xd3, 0x5c, 0xfb, 0xa4, 0x2a, 0xd0, 0xcc, 0x96, 0x34, 0x73, 0x1f, 0x04, + 0x8f, 0x4a, 0xf0, 0x93, 0xa2, 0xe7, 0xe6, 0x14, 0xce, 0xdf, 0xa9, 0x2d, + 0x61, 0x05, 0x1e, 0x91, 0xbb, 0x3d, 0x05, 0x37, 0x90}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -4250,12 +4689,29 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, priv_key_0, - false}, + true}, // Comment: c = 1 // tcID: 28 {28, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x70, 0xbb, 0x62, 0xae, 0x7b, 0x3c, 0x55, 0x94, 0xa6, 0x57, 0x2f, 0x55, + 0x08, 0x4b, 0x6f, 0x50, 0xa6, 0x77, 0x74, 0x7c, 0x60, 0x73, 0xe2, 0xb3, + 0x2b, 0xa9, 0x1b, 0x67, 0x3c, 0x93, 0x1d, 0x21, 0x17, 0x1a, 0xcf, 0x3e, + 0x65, 0xf2, 0xdb, 0xca, 0xc8, 0xac, 0xb0, 0x7f, 0xfe, 0xde, 0xf5, 0x4c, + 0xef, 0xc6, 0x1a, 0x44, 0xda, 0x88, 0x50, 0xf6, 0xbf, 0x42, 0x0c, 0xf5, + 0xbf, 0x96, 0xcc, 0x35, 0x84, 0x0b, 0x26, 0xd2, 0x6c, 0xbd, 0x8b, 0x92, + 0xa8, 0x9e, 0xdf, 0x23, 0xdf, 0xbc, 0x69, 0xc7, 0x5e, 0x69, 0x30, 0xca, + 0x4a, 0xe2, 0x94, 0x90, 0x26, 0x82, 0x57, 0x7c, 0xe6, 0x88, 0xe8, 0x8f, + 0xf3, 0xa2, 0x04, 0xc2, 0xa4, 0xdd, 0x45, 0x01, 0x4e, 0x31, 0x4d, 0xea, + 0x1e, 0xcf, 0xc8, 0xc5, 0xb1, 0x1d, 0x0c, 0x59, 0x27, 0xa0, 0xd3, 0x92, + 0x41, 0x6b, 0xee, 0x34, 0xcc, 0x7d, 0xfb, 0x5c, 0x3f, 0xc6, 0x74, 0x09, + 0x6e, 0xc9, 0xe8, 0x15, 0xad, 0xa3, 0x63, 0x15, 0x0a, 0x78, 0xe1, 0xe7, + 0xf4, 0x52, 0xe4, 0x2f, 0xb8, 0x21, 0x65, 0x44, 0xba, 0x02, 0x6f, 0xca, + 0xf1, 0x59, 0x4b, 0xdb, 0x63, 0x73, 0x51, 0x64, 0xe9, 0x2c, 0x14, 0x9b, + 0xe6, 0xae, 0xfd, 0xdb, 0xe0, 0x79, 0x8e, 0x07, 0x37, 0x1e, 0x39, 0xde, + 0x23, 0x0b, 0xc5, 0x18, 0x9e, 0x42, 0x58, 0xa2, 0xf4, 0x64, 0x64, 0xa9, + 0xca, 0xde, 0x6b, 0x61}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -4279,12 +4735,20 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, priv_key_0, - false}, + true}, // Comment: c = n-1 // tcID: 29 {29, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xff, 0xdc, 0x34, 0xe8, 0x0e, 0x24, 0x05, 0xda, 0xc7, 0x1b, 0xd0, + 0xee, 0x39, 0xfd, 0xfa, 0x65, 0x49, 0xc5, 0x82, 0x46, 0xac, 0x0d, + 0x34, 0x03, 0xe3, 0x79, 0x68, 0x8b, 0x30, 0xce, 0x4a, 0x51, 0xe5, + 0x3b, 0x88, 0x24, 0xb0, 0x9b, 0x5e, 0xdd, 0x7d, 0xbb, 0xc4, 0xfb, + 0xbf, 0x9d, 0xca, 0xbe, 0x3f, 0x29, 0x90, 0x39, 0x43, 0xaa, 0xf1, + 0x8d, 0xf5, 0xb4, 0xce, 0xe5, 0xed, 0x58, 0xc3, 0x8f, 0x4f, 0x38, + 0x07, 0x2c, 0x85, 0x4d, 0x3c, 0xe2, 0x57, 0x2b, 0x2d, 0xcf, 0xcd, + 0x84, 0x1f, 0xa4, 0x7f, 0xc5, 0x97, 0x60, 0x7a, 0x1d}, {0xb3, 0x51, 0x0a, 0x2b, 0xcd, 0x4c, 0xe6, 0x44, 0xc5, 0xb5, 0x94, 0xae, 0x50, 0x59, 0xe1, 0x2b, 0x2f, 0x05, 0x4b, 0x65, 0x8d, 0x5d, 0xa5, 0x95, 0x9a, 0x2f, 0xdf, 0x18, 0x71, 0xb8, 0x08, 0xbc, 0x3d, 0xf3, 0xe6, 0x28, @@ -4308,7 +4772,7 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0xf5, 0x73, 0x26, 0x1c, 0x98, 0xc8, 0x40, 0x0a, 0xa1, 0x2a, 0xf3, 0x8e, 0x43, 0xca, 0xd8, 0x4c}, priv_key_0, - false}, + true}, // Comment: ciphertext is empty // tcID: 30 @@ -5671,6 +6135,736 @@ const RsaDecryptTestVector kRsa2048DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, priv_key_32, + true}, + + // Hubert Bleichenbacher vectors. + // test 1 positive test. + // tcId: 66 + {66, + // lorem ipsum dolor sit amet + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, + 0x75, 0x6d, 0x20, 0x64, 0x6f, 0x6c, 0x6f, 0x72, 0x20, + 0x73, 0x69, 0x74, 0x20, 0x61, 0x6d, 0x65, 0x74}, + {0x8b, 0xfe, 0x26, 0x4e, 0x85, 0xd3, 0xbd, 0xea, 0xa6, 0xb8, 0x85, 0x1b, + 0x8e, 0x3b, 0x95, 0x6e, 0xe3, 0xd2, 0x26, 0xfd, 0x3f, 0x69, 0x06, 0x3a, + 0x86, 0x88, 0x01, 0x73, 0xa2, 0x73, 0xd9, 0xf2, 0x83, 0xb2, 0xee, 0xbd, + 0xd1, 0xed, 0x35, 0xf7, 0xe0, 0x2d, 0x91, 0xc5, 0x71, 0x98, 0x1b, 0x67, + 0x37, 0xd5, 0x32, 0x0b, 0xd8, 0x39, 0x6b, 0x0f, 0x3a, 0xd5, 0xb0, 0x19, + 0xda, 0xec, 0x1b, 0x0a, 0xab, 0x3c, 0xbb, 0xc0, 0x26, 0x39, 0x5f, 0x4f, + 0xd1, 0x4f, 0x13, 0x67, 0x3f, 0x2d, 0xfc, 0x81, 0xf9, 0xb6, 0x60, 0xec, + 0x26, 0xac, 0x38, 0x1e, 0x6d, 0xb3, 0x29, 0x9b, 0x4e, 0x46, 0x0b, 0x43, + 0xfa, 0xb9, 0x95, 0x5d, 0xf2, 0xb3, 0xcf, 0xaa, 0x20, 0xe9, 0x00, 0xe1, + 0x9c, 0x85, 0x62, 0x38, 0xfd, 0x37, 0x18, 0x99, 0xc2, 0xbf, 0x2c, 0xe8, + 0xc8, 0x68, 0xb7, 0x67, 0x54, 0xe5, 0xdb, 0x3b, 0x03, 0x65, 0x33, 0xfd, + 0x60, 0x37, 0x46, 0xbe, 0x13, 0xc1, 0x0d, 0x4e, 0x3e, 0x60, 0x22, 0xeb, + 0xc9, 0x05, 0xd2, 0x0c, 0x2a, 0x7f, 0x32, 0xb2, 0x15, 0xa4, 0xcd, 0x53, + 0xb3, 0xf4, 0x4c, 0xa1, 0xc3, 0x27, 0xd2, 0xc2, 0xb6, 0x51, 0x14, 0x58, + 0x21, 0xc0, 0x83, 0x96, 0xc8, 0x90, 0x71, 0xf6, 0x65, 0x34, 0x9c, 0x25, + 0xe4, 0x4d, 0x27, 0x33, 0xcd, 0x93, 0x05, 0x98, 0x5c, 0xee, 0xf6, 0x43, + 0x0c, 0x3c, 0xf5, 0x7a, 0xf5, 0xfa, 0x22, 0x40, 0x89, 0x22, 0x12, 0x18, + 0xfa, 0x34, 0x73, 0x7c, 0x79, 0xc4, 0x46, 0xd2, 0x8a, 0x94, 0xc4, 0x1c, + 0x96, 0xe4, 0xe9, 0x2a, 0xc5, 0x3f, 0xbc, 0xf3, 0x84, 0xde, 0xa8, 0x41, + 0x9e, 0xa0, 0x89, 0xf8, 0x78, 0x44, 0x45, 0xa4, 0x92, 0xc8, 0x12, 0xeb, + 0x0d, 0x40, 0x94, 0x67, 0xf7, 0x5a, 0xfd, 0x7d, 0x4d, 0x10, 0x78, 0x88, + 0x62, 0x05, 0xa0, 0x66}, + priv_key_1b, + true}, + + // Invalid Empty Message + {67, + {}, + {0x20, 0xaa, 0xa8, 0xad, 0xbb, 0xc5, 0x93, 0xa9, 0x24, 0xba, 0x1c, 0x5c, + 0x79, 0x90, 0xb5, 0xc2, 0x24, 0x2a, 0xe4, 0xb9, 0x9d, 0x0f, 0xe6, 0x36, + 0xa1, 0x9a, 0x4c, 0xf7, 0x54, 0xed, 0xbc, 0xee, 0x77, 0x4e, 0x47, 0x2f, + 0xe0, 0x28, 0x16, 0x0e, 0xd4, 0x26, 0x34, 0xf8, 0x86, 0x49, 0x00, 0xcb, + 0x51, 0x40, 0x06, 0xda, 0x64, 0x2c, 0xae, 0x6a, 0xe8, 0xc7, 0xd0, 0x87, + 0xca, 0xeb, 0xcf, 0xa6, 0xda, 0xd1, 0x55, 0x13, 0x01, 0xe1, 0x30, 0x34, + 0x49, 0x89, 0xa1, 0xd4, 0x62, 0xd4, 0x16, 0x45, 0x05, 0xf6, 0x39, 0x39, + 0x33, 0x45, 0x0c, 0x67, 0xbc, 0x6d, 0x39, 0xd8, 0xf5, 0x16, 0x09, 0x07, + 0xca, 0xbc, 0x25, 0x1b, 0x73, 0x79, 0x25, 0xa1, 0xcf, 0x21, 0xe5, 0xc6, + 0xaa, 0x57, 0x81, 0xb7, 0x76, 0x9f, 0x6a, 0x2a, 0x58, 0x3d, 0x97, 0xcc, + 0xe0, 0x08, 0xc0, 0xf8, 0xb6, 0xad, 0xd5, 0xf0, 0xb2, 0xbd, 0x80, 0xbe, + 0xe6, 0x02, 0x37, 0xaa, 0x39, 0xbb, 0x20, 0x71, 0x9f, 0xe7, 0x57, 0x49, + 0xf4, 0xbc, 0x4e, 0x42, 0x46, 0x6e, 0xf5, 0xa8, 0x61, 0xae, 0x3a, 0x92, + 0x39, 0x5c, 0x7d, 0x85, 0x8d, 0x43, 0x0b, 0xfe, 0x38, 0x04, 0x0f, 0x44, + 0x5e, 0xa9, 0x3f, 0xa2, 0x95, 0x8b, 0x50, 0x35, 0x39, 0x80, 0x0f, 0xfa, + 0x5c, 0xe5, 0xf8, 0xcf, 0x51, 0xfa, 0x81, 0x71, 0xa9, 0x1f, 0x36, 0xcb, + 0x4f, 0x45, 0x75, 0xe8, 0xde, 0x6b, 0x4d, 0x3f, 0x09, 0x6e, 0xe1, 0x40, + 0xb9, 0x38, 0xfd, 0x2f, 0x50, 0xee, 0x13, 0xf0, 0xd0, 0x50, 0x22, 0x2e, + 0x2a, 0x72, 0xb0, 0xa3, 0x06, 0x9f, 0xf3, 0xa6, 0x73, 0x8e, 0x82, 0xc8, + 0x70, 0x90, 0xca, 0xa5, 0xae, 0xd4, 0xfc, 0xbe, 0x88, 0x2c, 0x49, 0x64, + 0x6a, 0xa2, 0x50, 0xb9, 0x8f, 0x12, 0xf8, 0x3c, 0x8d, 0x52, 0x81, 0x13, + 0x61, 0x4a, 0x29, 0xe7}, + priv_key_1b, + true}, + + // Invalid Max Nessage + {68, + {0x22, 0xd8, 0x50, 0x13, 0x7b, 0x9e, 0xeb, 0xe0, 0x92, 0xb2, 0x4f, 0x60, + 0x2d, 0xc5, 0xbb, 0x79, 0x18, 0xc1, 0x6b, 0xd8, 0x9d, 0xdb, 0xf2, 0x04, + 0x67, 0xb1, 0x19, 0xd2, 0x05, 0xf9, 0xc2, 0xe4, 0xbd, 0x7d, 0x25, 0x92, + 0xcf, 0x1e, 0x53, 0x21, 0x06, 0xe0, 0xf3, 0x35, 0x57, 0x56, 0x59, 0x23, + 0xc7, 0x3a, 0x02, 0xd4, 0xf0, 0x9c, 0x0c, 0x22, 0xbe, 0xa8, 0x91, 0x48, + 0x18, 0x3e, 0x60, 0x31, 0x7f, 0x70, 0x28, 0xb3, 0xaa, 0x1f, 0x26, 0x1f, + 0x91, 0xc9, 0x79, 0x39, 0x31, 0x01, 0xd7, 0xe1, 0x5f, 0x40, 0x67, 0xe6, + 0x39, 0x79, 0xb3, 0x27, 0x51, 0x65, 0x8e, 0xf7, 0x69, 0x61, 0x0f, 0xe9, + 0x7c, 0xf9, 0xce, 0xf3, 0x27, 0x8b, 0x31, 0x17, 0xd3, 0x84, 0x05, 0x1c, + 0x3b, 0x1d, 0x82, 0xc2, 0x51, 0xc2, 0x30, 0x54, 0x18, 0xc8, 0xf6, 0x84, + 0x05, 0x30, 0xe6, 0x31, 0xaa, 0xd6, 0x3e, 0x70, 0xe2, 0x0e, 0x02, 0x5b, + 0xcd, 0x8e, 0xfb, 0x54, 0xc9, 0x2e, 0xc6, 0xd3, 0xb1, 0x06, 0xa2, 0xf8, + 0xe6, 0x4e, 0xef, 0xf7, 0xd3, 0x84, 0x95, 0xb0, 0xfc, 0x50, 0xc9, 0x71, + 0x38, 0xaf, 0x4b, 0x1c, 0x0a, 0x67, 0xa1, 0xc4, 0xe2, 0x7b, 0x07, 0x7b, + 0x84, 0x39, 0x33, 0x2e, 0xdf, 0xa8, 0x60, 0x8d, 0xfe, 0xae, 0x65, 0x3c, + 0xd6, 0xa6, 0x28, 0xac, 0x55, 0x03, 0x95, 0xf7, 0xe7, 0x43, 0x90, 0xe4, + 0x2c, 0x11, 0x68, 0x22, 0x34, 0x87, 0x09, 0x25, 0xee, 0xaa, 0x1f, 0xa7, + 0x1b, 0x76, 0xcf, 0x1f, 0x2e, 0xe3, 0xbd, 0xa6, 0x9f, 0x67, 0x17, 0x03, + 0x3f, 0xf8, 0xb7, 0xc9, 0x5c, 0x97, 0x99, 0xe7, 0xa3, 0xbe, 0xa5, 0xe7, + 0xe4, 0xa1, 0xc3, 0x59, 0x77, 0x2f, 0xb6, 0xb1, 0xc6, 0xe6, 0xc5, 0x16, + 0x66, 0x1d, 0xfe, 0x30, 0xc3}, + {0x48, 0xcc, 0xea, 0xb1, 0x0f, 0x39, 0xa4, 0xdb, 0x32, 0xf6, 0x00, 0x74, + 0xfe, 0xea, 0x47, 0x3c, 0xbc, 0xdb, 0x7a, 0xcc, 0xf9, 0x2e, 0x15, 0x04, + 0x17, 0xf7, 0x6b, 0x44, 0x75, 0x6b, 0x19, 0x0e, 0x84, 0x3e, 0x79, 0xec, + 0x12, 0xaa, 0x85, 0x08, 0x3a, 0x21, 0xf5, 0x43, 0x7e, 0x7b, 0xad, 0x0a, + 0x60, 0x48, 0x2e, 0x60, 0x11, 0x98, 0xf9, 0xd8, 0x69, 0x23, 0x23, 0x9c, + 0x87, 0x86, 0xee, 0x72, 0x82, 0x85, 0xaf, 0xd0, 0x93, 0x7f, 0x7d, 0xde, + 0x12, 0x71, 0x7f, 0x28, 0x38, 0x98, 0x43, 0xd7, 0x37, 0x59, 0x12, 0xb0, + 0x7b, 0x99, 0x1f, 0x4f, 0xdb, 0x01, 0x90, 0xfc, 0xed, 0x8b, 0xa6, 0x65, + 0x31, 0x43, 0x67, 0xe8, 0xc5, 0xf9, 0xd2, 0x98, 0x1d, 0x0f, 0x51, 0x28, + 0xfe, 0xeb, 0x46, 0xcb, 0x50, 0xfc, 0x23, 0x7e, 0x64, 0x43, 0x8a, 0x86, + 0xdf, 0x19, 0x8d, 0xd0, 0x20, 0x93, 0x64, 0xae, 0x3a, 0x84, 0x2d, 0x77, + 0x53, 0x2b, 0x66, 0xb7, 0xef, 0x26, 0x3b, 0x83, 0xb1, 0x54, 0x1e, 0xd6, + 0x71, 0xb1, 0x20, 0xdf, 0xd6, 0x60, 0x46, 0x2e, 0x21, 0x07, 0xa4, 0xee, + 0x7b, 0x96, 0x4e, 0x73, 0x4a, 0x7b, 0xd6, 0x8d, 0x90, 0xdd, 0xa6, 0x17, + 0x70, 0x65, 0x8a, 0x3c, 0x24, 0x29, 0x48, 0x53, 0x2d, 0xa3, 0x26, 0x48, + 0x68, 0x7e, 0x03, 0x18, 0x28, 0x64, 0x73, 0xf6, 0x75, 0xb4, 0x12, 0xd6, + 0x46, 0x8f, 0x01, 0x3f, 0x14, 0xd7, 0x60, 0xa3, 0x58, 0xdf, 0xca, 0xd3, + 0xcd, 0xa2, 0xaf, 0xee, 0xc5, 0xe2, 0x68, 0xa3, 0x7d, 0x25, 0x0c, 0x37, + 0xf7, 0x22, 0xf4, 0x68, 0xa7, 0x0d, 0xfd, 0x92, 0xd7, 0x29, 0x4c, 0x3c, + 0x1e, 0xe1, 0xe7, 0xf8, 0x84, 0x3b, 0x7d, 0x16, 0xf9, 0xf3, 0x7e, 0xf3, + 0x57, 0x48, 0xc3, 0xae, 0x93, 0xaa, 0x15, 0x5c, 0xdc, 0xdf, 0xeb, 0x4e, + 0x78, 0x56, 0x73, 0x03}, + priv_key_1b, + true}, + + // invalid the last value from the PRF is 246, which is longer than the max + // allowed length: 245, so it needs to select second to last: 2 + {69, + {0x0f, 0x9b}, + {0x14, 0x39, 0xe0, 0x8c, 0x3f, 0x84, 0xc1, 0xa7, 0xfe, 0xc7, 0x4c, 0xe0, + 0x76, 0x14, 0xb2, 0x0e, 0x01, 0xf6, 0xfa, 0x4e, 0x8c, 0x2a, 0x6c, 0xff, + 0xdc, 0x35, 0x20, 0xd8, 0x88, 0x9e, 0x5d, 0x9a, 0x95, 0x0c, 0x64, 0x25, + 0x79, 0x8f, 0x85, 0xd4, 0xbe, 0x38, 0xd3, 0x00, 0xea, 0x56, 0x95, 0xf1, + 0x3e, 0xcd, 0x4c, 0xb3, 0x89, 0xd1, 0xff, 0x5b, 0x82, 0x48, 0x4b, 0x49, + 0x4d, 0x62, 0x80, 0xab, 0x7f, 0xa7, 0x8e, 0x64, 0x59, 0x33, 0x98, 0x1c, + 0xb9, 0x34, 0xcc, 0xe8, 0xbf, 0xcd, 0x11, 0x4c, 0xc0, 0xe6, 0x81, 0x1e, + 0xef, 0xa4, 0x7a, 0xae, 0x20, 0xaf, 0x63, 0x8a, 0x1c, 0xd1, 0x63, 0xd2, + 0xd3, 0x36, 0x61, 0x86, 0xd0, 0xa0, 0x7d, 0xf0, 0xc8, 0x1f, 0x6c, 0x9f, + 0x31, 0x71, 0xcf, 0x35, 0x61, 0x47, 0x2e, 0x98, 0xa6, 0x00, 0x6b, 0xf7, + 0x5d, 0xdb, 0x45, 0x7b, 0xed, 0x03, 0x6d, 0xcc, 0xe1, 0x99, 0x36, 0x9d, + 0xe7, 0xd9, 0x4e, 0xf2, 0xc6, 0x8e, 0x84, 0x67, 0xee, 0x06, 0x04, 0xee, + 0xa2, 0xb3, 0x00, 0x94, 0x79, 0x16, 0x2a, 0x78, 0x91, 0xba, 0x5c, 0x40, + 0xca, 0xb1, 0x7f, 0x49, 0xe1, 0xc4, 0x38, 0xcb, 0x6e, 0xae, 0xa4, 0xf7, + 0x6c, 0xe2, 0x3c, 0xce, 0x0e, 0x48, 0x3f, 0xf0, 0xe9, 0x6f, 0xa7, 0x90, + 0xea, 0x15, 0xbe, 0x67, 0x67, 0x18, 0x14, 0x34, 0x2d, 0x0a, 0x23, 0xf4, + 0xa2, 0x02, 0x62, 0xb6, 0x18, 0x2e, 0x72, 0xf3, 0xa6, 0x7c, 0xd2, 0x89, + 0x71, 0x15, 0x03, 0xc8, 0x55, 0x16, 0xa9, 0xed, 0x22, 0x54, 0x22, 0xf9, + 0x8b, 0x11, 0x6f, 0x1a, 0xb0, 0x80, 0xa8, 0x0a, 0xbd, 0x6f, 0x02, 0x16, + 0xdf, 0x88, 0xd8, 0xcf, 0xd6, 0x7c, 0x13, 0x92, 0x43, 0xbe, 0x8d, 0xd7, + 0x85, 0x02, 0xa7, 0xaa, 0xf6, 0xbc, 0x99, 0xd7, 0xda, 0x71, 0xbc, 0xdf, + 0x62, 0x7e, 0x73, 0x54}, + priv_key_1b, + true}, + // Invalid: the last three numbers from prf are: 2, 247, 255, so we need to + // pick 2, the third one from the end + {70, + {0x4f, 0x02}, + {0x16, 0x90, 0xeb, 0xcc, 0xee, 0xce, 0x2c, 0xe0, 0x24, 0xf3, 0x82, 0xe4, + 0x67, 0xcf, 0x85, 0x10, 0xe7, 0x45, 0x14, 0x12, 0x09, 0x37, 0x97, 0x85, + 0x76, 0xca, 0xf6, 0x84, 0xd4, 0xa0, 0x2a, 0xd5, 0x69, 0xe8, 0xd7, 0x6c, + 0xbe, 0x36, 0x5a, 0x06, 0x0e, 0x00, 0x77, 0x9d, 0xe2, 0xf0, 0x86, 0x5c, + 0xcf, 0x0d, 0x92, 0x3d, 0xe3, 0xb4, 0x78, 0x3a, 0x4e, 0x2c, 0x74, 0xf4, + 0x22, 0xe2, 0xf3, 0x26, 0x08, 0x6c, 0x39, 0x0b, 0x65, 0x8b, 0xa4, 0x7f, + 0x31, 0xab, 0x01, 0x3a, 0xa8, 0x0f, 0x46, 0x8c, 0x71, 0x25, 0x6e, 0x5f, + 0xa5, 0x67, 0x9b, 0x24, 0xe8, 0x3c, 0xd8, 0x2c, 0x3d, 0x1e, 0x05, 0xe3, + 0x98, 0x20, 0x81, 0x55, 0xde, 0x22, 0x12, 0x99, 0x3c, 0xd2, 0xb8, 0xba, + 0xb6, 0x98, 0x7c, 0xf4, 0xcc, 0x12, 0x93, 0xf1, 0x99, 0x09, 0x21, 0x94, + 0x39, 0xd7, 0x41, 0x27, 0x54, 0x5e, 0x9e, 0xd8, 0xa7, 0x06, 0x96, 0x1b, + 0x8e, 0xe2, 0x11, 0x9f, 0x6b, 0xfa, 0xca, 0xfb, 0xef, 0x91, 0xb7, 0x5a, + 0x78, 0x9b, 0xa6, 0x5b, 0x8b, 0x83, 0x3b, 0xc6, 0x14, 0x9c, 0xf4, 0x9b, + 0x5c, 0x4d, 0x2c, 0x63, 0x59, 0xf6, 0x28, 0x08, 0x65, 0x9b, 0xa6, 0x54, + 0x1e, 0x1c, 0xd2, 0x4b, 0xf7, 0xf7, 0x41, 0x04, 0x86, 0xb5, 0x10, 0x3f, + 0x6c, 0x0e, 0xa2, 0x93, 0x34, 0xea, 0x6f, 0x49, 0x75, 0xb1, 0x73, 0x87, + 0x47, 0x4f, 0xe9, 0x20, 0x71, 0x0e, 0xa6, 0x15, 0x68, 0xd7, 0xb7, 0xc0, + 0xa7, 0x91, 0x6a, 0xcf, 0x21, 0x66, 0x5a, 0xd5, 0xa3, 0x1c, 0x4e, 0xab, + 0xcd, 0xe4, 0x4f, 0x8f, 0xb6, 0x12, 0x0d, 0x84, 0x57, 0xaf, 0xa1, 0xf3, + 0xc8, 0x5d, 0x51, 0x7c, 0xda, 0x36, 0x4a, 0xf6, 0x20, 0x11, 0x3a, 0xe5, + 0xa3, 0xc5, 0x2a, 0x04, 0x88, 0x21, 0x73, 0x19, 0x22, 0x73, 0x73, 0x07, + 0xf7, 0x7a, 0x10, 0x81}, + priv_key_1b, + true}, + + // ciphertext that generates a fake 11 byte plaintext, but decrypts + // to real 11 byte long plaintext + {71, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x62, 0x13, 0x63, 0x45, 0x93, 0x33, 0x2c, 0x48, 0x5c, 0xef, 0x78, 0x3e, + 0xa2, 0x84, 0x6e, 0x3d, 0x6e, 0x8b, 0x0e, 0x00, 0x5c, 0xd8, 0x29, 0x3e, + 0xae, 0xbb, 0xaa, 0x50, 0x79, 0x71, 0x2f, 0xd6, 0x81, 0x57, 0x9b, 0xdf, + 0xbb, 0xda, 0x13, 0x8a, 0xe4, 0xd9, 0xd9, 0x52, 0x91, 0x7a, 0x03, 0xc9, + 0x23, 0x98, 0xec, 0x0c, 0xb2, 0xbb, 0x0c, 0x6b, 0x5a, 0x8d, 0x55, 0x06, + 0x1f, 0xed, 0x0d, 0x0d, 0x8d, 0x72, 0x47, 0x35, 0x63, 0x15, 0x26, 0x48, + 0xcf, 0xe6, 0x40, 0xb3, 0x35, 0xdc, 0x95, 0x33, 0x1c, 0x21, 0xcb, 0x13, + 0x3a, 0x91, 0x79, 0x0f, 0xa9, 0x3a, 0xe4, 0x44, 0x97, 0xc1, 0x28, 0x70, + 0x89, 0x70, 0xd2, 0xbe, 0xeb, 0x77, 0xe8, 0x72, 0x1b, 0x06, 0x1b, 0x1c, + 0x44, 0x03, 0x41, 0x43, 0x73, 0x4a, 0x77, 0xbe, 0x82, 0x20, 0x87, 0x74, + 0x15, 0xa6, 0xdb, 0xa0, 0x73, 0xc3, 0x87, 0x16, 0x05, 0x38, 0x05, 0x42, + 0xa9, 0xf2, 0x52, 0x52, 0xa4, 0xba, 0xbe, 0x83, 0x31, 0xcd, 0xd5, 0x3c, + 0xf8, 0x28, 0x42, 0x3f, 0x3c, 0xc7, 0x0b, 0x56, 0x06, 0x24, 0xd0, 0x58, + 0x1f, 0xb1, 0x26, 0xb2, 0xed, 0x4f, 0x4e, 0xd3, 0x58, 0xf0, 0xeb, 0x80, + 0x65, 0xcf, 0x17, 0x63, 0x99, 0xac, 0x1a, 0x84, 0x6a, 0x31, 0x05, 0x5f, + 0x9a, 0xe8, 0xc9, 0xc2, 0x4a, 0x1b, 0xa0, 0x50, 0xbc, 0x20, 0x84, 0x21, + 0x25, 0xbc, 0x17, 0x53, 0x15, 0x8f, 0x80, 0x65, 0xf3, 0xad, 0xb9, 0xcc, + 0x16, 0xbf, 0xdf, 0x83, 0x81, 0x6b, 0xdf, 0x38, 0xb6, 0x24, 0xf1, 0x20, + 0x22, 0xc5, 0xa6, 0xfb, 0xfe, 0x29, 0xbc, 0x91, 0x54, 0x2b, 0xe8, 0xc0, + 0x20, 0x8a, 0x77, 0x0b, 0xcd, 0x67, 0x7d, 0xc5, 0x97, 0xf5, 0x55, 0x7d, + 0xc2, 0xce, 0x28, 0xa1, 0x1b, 0xf3, 0xe3, 0x85, 0x7f, 0x15, 0x87, 0x17, + 0xa3, 0x3f, 0x65, 0x92}, + priv_key_1b, + true}, + + // ciphertext that starts with a null byte, decrypts to real 11 byte + // long plaintext + {72, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x00, 0xa2, 0xe8, 0xf1, 0x14, 0xea, 0x8d, 0x05, 0xd1, 0x2d, 0xc8, 0x43, + 0xe3, 0xcc, 0x3b, 0x2e, 0xdc, 0x82, 0x29, 0xff, 0x2a, 0x02, 0x8b, 0xda, + 0x29, 0xba, 0x9d, 0x55, 0xe3, 0xcd, 0x02, 0x91, 0x19, 0x02, 0xfe, 0xf1, + 0xf4, 0x2a, 0x07, 0x5b, 0xf0, 0x5e, 0x80, 0x16, 0xe8, 0x56, 0x72, 0x13, + 0xd6, 0xf2, 0x60, 0xfa, 0x49, 0xe3, 0x60, 0x77, 0x9d, 0xd8, 0x1a, 0xee, + 0xa3, 0xe0, 0x4c, 0x2c, 0xb5, 0x67, 0xe0, 0xd7, 0x2b, 0x98, 0xbf, 0x75, + 0x40, 0x14, 0x56, 0x1b, 0x75, 0x11, 0xe0, 0x83, 0xd2, 0x0e, 0x0b, 0xfb, + 0x9c, 0xd2, 0x3f, 0x8a, 0x0d, 0x3c, 0x88, 0x90, 0x0c, 0x49, 0xd2, 0xfc, + 0xd5, 0x84, 0x3f, 0xf0, 0x76, 0x56, 0x07, 0xb2, 0x02, 0x6f, 0x28, 0x20, + 0x2a, 0x87, 0xaa, 0x94, 0x67, 0x8a, 0xed, 0x22, 0xa0, 0xc2, 0x07, 0x24, + 0x54, 0x13, 0x94, 0xcd, 0x8f, 0x44, 0xe3, 0x73, 0xeb, 0xa1, 0xd2, 0xba, + 0xe9, 0x8f, 0x51, 0x6c, 0x1e, 0x2b, 0xa3, 0xd8, 0x68, 0x52, 0xd0, 0x64, + 0xf8, 0x56, 0xb1, 0xda, 0xf2, 0x47, 0x95, 0xe7, 0x67, 0xa2, 0xb9, 0x03, + 0x96, 0xe5, 0x07, 0x43, 0xe3, 0x15, 0x06, 0x64, 0xaf, 0xab, 0x13, 0x1f, + 0xe4, 0x0e, 0xa4, 0x05, 0xdc, 0xf5, 0x72, 0xdd, 0x10, 0x79, 0xaf, 0x1d, + 0x3f, 0x03, 0x92, 0xcc, 0xad, 0xcc, 0xa0, 0xa1, 0x27, 0x40, 0xdb, 0xb2, + 0x13, 0xb9, 0x25, 0xca, 0x2a, 0x06, 0xb1, 0xbc, 0x13, 0x83, 0xe8, 0x3a, + 0x65, 0x8c, 0x82, 0xba, 0x2e, 0x74, 0x27, 0x34, 0x23, 0x79, 0x08, 0x4d, + 0x5f, 0x66, 0xb5, 0x44, 0x57, 0x9f, 0x07, 0x66, 0x4c, 0xb2, 0x6e, 0xdd, + 0x4f, 0x10, 0xfd, 0x91, 0x3f, 0xdb, 0xc0, 0xde, 0x05, 0xef, 0x88, 0x7d, + 0x4d, 0x1e, 0xc1, 0xac, 0x95, 0x65, 0x23, 0x97, 0xea, 0x7f, 0xd4, 0xe4, + 0x75, 0x9f, 0xda, 0x8b}, + priv_key_1b, + true}, + + // ciphertext that starts with two null bytes, decrypts to real 11 byte + // long plaintext + {73, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x00, 0x00, 0x1f, 0x71, 0x87, 0x9b, 0x42, 0x61, 0x27, 0xf7, 0xde, 0xad, + 0x62, 0x1f, 0x73, 0x80, 0xa7, 0x09, 0x8c, 0xf7, 0xd2, 0x21, 0x73, 0xaa, + 0x27, 0x99, 0x1b, 0x14, 0x3c, 0x46, 0xd5, 0x33, 0x83, 0xc2, 0x09, 0xbd, + 0x0c, 0x9c, 0x00, 0xd8, 0x40, 0x78, 0x03, 0x7e, 0x71, 0x5f, 0x6b, 0x98, + 0xc6, 0x50, 0x05, 0xa7, 0x71, 0x20, 0x07, 0x05, 0x22, 0xed, 0xe5, 0x1d, + 0x47, 0x2c, 0x87, 0xef, 0x94, 0xb9, 0x4e, 0xad, 0x4c, 0x54, 0x28, 0xee, + 0x10, 0x8a, 0x34, 0x55, 0x61, 0x65, 0x83, 0x01, 0x91, 0x1e, 0xc5, 0xa8, + 0xf7, 0xdd, 0x43, 0xed, 0x4a, 0x39, 0x57, 0xfd, 0x29, 0xfb, 0x02, 0xa3, + 0x52, 0x9b, 0xf6, 0x3f, 0x80, 0x40, 0xd3, 0x95, 0x34, 0x90, 0x93, 0x9b, + 0xd8, 0xf7, 0x8b, 0x2a, 0x34, 0x04, 0xb6, 0xfb, 0x5f, 0xf7, 0x0a, 0x4b, + 0xfd, 0xaa, 0xc5, 0xc5, 0x41, 0xd6, 0xbc, 0xce, 0x49, 0xc9, 0x77, 0x8c, + 0xc3, 0x90, 0xbe, 0x24, 0xcb, 0xef, 0x1d, 0x1e, 0xca, 0x7e, 0x87, 0x04, + 0x57, 0x24, 0x1d, 0x3f, 0xf7, 0x2c, 0xa4, 0x4f, 0x9f, 0x56, 0xbd, 0xf3, + 0x1a, 0x89, 0x0f, 0xa5, 0xeb, 0x3a, 0x91, 0x07, 0xb6, 0x03, 0xcc, 0xc9, + 0xd0, 0x6a, 0x5d, 0xd9, 0x11, 0xa6, 0x64, 0xc8, 0x2b, 0x6a, 0xbd, 0x4f, + 0xe0, 0x36, 0xf8, 0xdb, 0x8d, 0x5a, 0x07, 0x0c, 0x2d, 0x86, 0x38, 0x6a, + 0xe1, 0x8d, 0x97, 0xad, 0xc1, 0x84, 0x76, 0x40, 0xc2, 0x11, 0xd9, 0x1f, + 0xf5, 0xc3, 0x38, 0x75, 0x74, 0xa2, 0x6f, 0x8e, 0xf2, 0x7c, 0xa7, 0xf4, + 0x8d, 0x2d, 0xd1, 0xf0, 0xc7, 0xf1, 0x4b, 0x81, 0xcc, 0x9d, 0x33, 0xee, + 0x68, 0x53, 0x03, 0x1d, 0x3e, 0xcf, 0x10, 0xa9, 0x14, 0xff, 0xd9, 0x09, + 0x47, 0x90, 0x9c, 0x80, 0x11, 0xfd, 0x30, 0x24, 0x92, 0x19, 0x34, 0x8e, + 0xbf, 0xf7, 0x6b, 0xfc}, + priv_key_1b, + true}, + + // valid ciphertext that generates a zero length fake plaintext + {74, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0xb5, 0xe4, 0x93, 0x08, 0xf6, 0xe9, 0x59, 0x00, 0x14, 0xff, 0xaf, 0xfc, + 0x5b, 0x85, 0x60, 0x75, 0x57, 0x39, 0xdd, 0x50, 0x1f, 0x1d, 0x4e, 0x92, + 0x27, 0xa7, 0xd2, 0x91, 0x40, 0x8c, 0xf4, 0xb7, 0x53, 0xf2, 0x92, 0x32, + 0x2f, 0xf8, 0xbe, 0xad, 0x61, 0x3b, 0xf2, 0xca, 0xa1, 0x81, 0xb2, 0x21, + 0xbc, 0x38, 0xca, 0xf6, 0x39, 0x2d, 0xea, 0xfb, 0x28, 0xeb, 0x21, 0xad, + 0x60, 0x93, 0x08, 0x41, 0xed, 0x02, 0xfd, 0x62, 0x25, 0xcc, 0x9c, 0x46, + 0x34, 0x09, 0xad, 0xbe, 0x7d, 0x8f, 0x32, 0x44, 0x02, 0x12, 0xfb, 0xe3, + 0x88, 0x1c, 0x51, 0x37, 0x5b, 0xb0, 0x95, 0x65, 0xef, 0xb2, 0x2e, 0x62, + 0xb0, 0x71, 0x47, 0x2f, 0xb3, 0x86, 0x76, 0xe5, 0xb4, 0xe2, 0x3a, 0x06, + 0x17, 0xdb, 0x5d, 0x14, 0xd9, 0x35, 0x19, 0xac, 0x00, 0x07, 0xa3, 0x0a, + 0x9c, 0x82, 0x2e, 0xb3, 0x1c, 0x38, 0xb5, 0x7f, 0xcb, 0x1b, 0xe2, 0x96, + 0x08, 0xfc, 0xf1, 0xca, 0x2a, 0xbd, 0xca, 0xf5, 0xd5, 0x75, 0x2b, 0xbc, + 0x2b, 0x5a, 0xc7, 0xdb, 0xa5, 0xaf, 0xcf, 0xf4, 0xa5, 0x64, 0x1d, 0xa3, + 0x60, 0xdd, 0x01, 0xf7, 0x11, 0x25, 0x39, 0xb1, 0xed, 0x46, 0xcd, 0xb5, + 0x50, 0xa3, 0xb1, 0x00, 0x65, 0x59, 0xb9, 0xfe, 0x18, 0x91, 0x03, 0x0e, + 0xc8, 0x0f, 0x07, 0x27, 0xc4, 0x24, 0x01, 0xdd, 0xd6, 0xcb, 0xb5, 0xe3, + 0xc8, 0x0f, 0x31, 0x2d, 0xf6, 0xec, 0x89, 0x39, 0x4c, 0x5a, 0x71, 0x18, + 0xf5, 0x73, 0x10, 0x5e, 0x7a, 0xb0, 0x0f, 0xe5, 0x78, 0x33, 0xc1, 0x26, + 0x14, 0x1b, 0x50, 0xa9, 0x35, 0x22, 0x48, 0x42, 0xad, 0xdf, 0xb4, 0x79, + 0xf7, 0x51, 0x60, 0x65, 0x9b, 0xa2, 0x88, 0x77, 0xb5, 0x12, 0xbb, 0x9a, + 0x93, 0x08, 0x4a, 0xd8, 0xbe, 0xc5, 0x40, 0xf9, 0x26, 0x40, 0xf6, 0x3a, + 0x11, 0xa0, 0x10, 0xe0}, + priv_key_1b, + true}, + + // valid ciphertext that generates a 245 byte long fake plaintext + {75, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x1e, 0xa0, 0xb5, 0x0c, 0xa6, 0x52, 0x03, 0xd0, 0xa0, 0x92, 0x80, 0xd3, + 0x97, 0x04, 0xb2, 0x4f, 0xe6, 0xe4, 0x78, 0x00, 0x18, 0x9d, 0xb5, 0x03, + 0x3f, 0x20, 0x27, 0x61, 0xa7, 0x8b, 0xaf, 0xb2, 0x70, 0xc5, 0xe2, 0x5a, + 0xbd, 0x1f, 0x7e, 0xcc, 0x6e, 0x7a, 0xbc, 0x4f, 0x26, 0xd1, 0xb0, 0xcd, + 0x9b, 0x8c, 0x64, 0x8d, 0x52, 0x94, 0x16, 0xee, 0x64, 0xcc, 0xbd, 0xd7, + 0xaa, 0x72, 0xa7, 0x71, 0xd0, 0x35, 0x32, 0x62, 0xb5, 0x43, 0xf0, 0xe4, + 0x36, 0x07, 0x6f, 0x40, 0xa1, 0x09, 0x5f, 0x5c, 0x7d, 0xfd, 0x10, 0xdc, + 0xf0, 0x05, 0x9c, 0xcb, 0x30, 0xe9, 0x2d, 0xfa, 0x5e, 0x01, 0x56, 0x61, + 0x82, 0x15, 0xf1, 0xc3, 0xff, 0x3a, 0xa9, 0x97, 0xa9, 0xd9, 0x99, 0xe5, + 0x06, 0x92, 0x4f, 0x52, 0x89, 0xe3, 0xac, 0x72, 0xe5, 0xe2, 0x08, 0x6c, + 0xc7, 0xb4, 0x99, 0xd7, 0x15, 0x83, 0xed, 0x56, 0x10, 0x28, 0x67, 0x11, + 0x55, 0xdb, 0x40, 0x05, 0xbe, 0xe0, 0x18, 0x00, 0xa7, 0xcd, 0xbd, 0xae, + 0x78, 0x1d, 0xd3, 0x21, 0x99, 0xb8, 0x91, 0x4b, 0x5d, 0x40, 0x11, 0xdd, + 0x6f, 0xf1, 0x1c, 0xd2, 0x6d, 0x46, 0xaa, 0xd5, 0x49, 0x34, 0xd2, 0x93, + 0xb0, 0xbc, 0x40, 0x3d, 0xd2, 0x11, 0xbf, 0x13, 0xb5, 0xa5, 0xc6, 0x83, + 0x6a, 0x5e, 0x76, 0x99, 0x30, 0xf4, 0x37, 0xff, 0xd8, 0x63, 0x4f, 0xb7, + 0x37, 0x17, 0x76, 0xf4, 0xbc, 0x88, 0xfa, 0x6c, 0x27, 0x1d, 0x8a, 0xa6, + 0x01, 0x3d, 0xf8, 0x9a, 0xe6, 0x47, 0x01, 0x54, 0x49, 0x7c, 0x4a, 0xc8, + 0x61, 0xbe, 0x2a, 0x1c, 0x65, 0xeb, 0xff, 0xec, 0x13, 0x9b, 0xf7, 0xaa, + 0xba, 0x3a, 0x81, 0xc7, 0xc5, 0xcd, 0xd8, 0x4d, 0xa9, 0xaf, 0x5d, 0x3e, + 0xdf, 0xb9, 0x57, 0x84, 0x80, 0x74, 0x68, 0x6b, 0x58, 0x37, 0xec, 0xbc, + 0xb6, 0xa4, 0x1c, 0x50}, + priv_key_1b, + true}, + + // a random ciphertext that generates a fake 11 byte plaintext + // and fails padding check + {76, + {0xaf, 0x9a, 0xc7, 0x01, 0x91, 0xc9, 0x24, 0x13, 0xcb, 0x9f, 0x2d}, + {0x5f, 0x02, 0xf4, 0xb1, 0xf4, 0x69, 0x35, 0xc7, 0x42, 0xeb, 0xe6, 0x2b, + 0x6f, 0x05, 0xaa, 0x0a, 0x32, 0x86, 0xaa, 0xb9, 0x1a, 0x49, 0xb3, 0x47, + 0x80, 0xad, 0xde, 0x64, 0x10, 0xab, 0x46, 0xf7, 0x38, 0x6e, 0x05, 0x74, + 0x83, 0x31, 0x86, 0x4a, 0xc9, 0x8e, 0x1d, 0xa6, 0x36, 0x86, 0xe4, 0xba, + 0xbe, 0x3a, 0x19, 0xed, 0x40, 0xa7, 0xf5, 0xce, 0xef, 0xb8, 0x91, 0x79, + 0x59, 0x6a, 0xab, 0x07, 0xab, 0x10, 0x15, 0xe0, 0x3b, 0x8f, 0x82, 0x50, + 0x84, 0xda, 0xb0, 0x28, 0xb6, 0x73, 0x12, 0x88, 0xf2, 0xe5, 0x11, 0xa4, + 0xb3, 0x14, 0xb6, 0xea, 0x39, 0x97, 0xd2, 0xe8, 0xfe, 0x28, 0x25, 0xce, + 0xf8, 0x89, 0x7c, 0xbb, 0xdf, 0xb6, 0xc9, 0x39, 0xd4, 0x41, 0xd6, 0xe0, + 0x49, 0x48, 0x41, 0x4b, 0xb6, 0x9e, 0x68, 0x29, 0x27, 0xef, 0x85, 0x76, + 0xc9, 0xa7, 0x09, 0x0d, 0x4a, 0xad, 0x0e, 0x74, 0xc5, 0x20, 0xd6, 0xd5, + 0xce, 0x63, 0xa1, 0x54, 0x72, 0x0f, 0x00, 0xb7, 0x6d, 0xe8, 0xcc, 0x55, + 0x0b, 0x1a, 0xa1, 0x4f, 0x01, 0x6d, 0x63, 0xa7, 0xb6, 0xd6, 0xea, 0xa1, + 0xf7, 0xdb, 0xe9, 0xe5, 0x02, 0x00, 0xd3, 0x15, 0x9b, 0x3d, 0x09, 0x9c, + 0x90, 0x01, 0x16, 0xbf, 0x4e, 0xba, 0x3b, 0x94, 0x20, 0x4f, 0x18, 0xb1, + 0x31, 0x7b, 0x07, 0x52, 0x97, 0x51, 0xab, 0xf6, 0x4a, 0x26, 0xb0, 0xa0, + 0xbf, 0x1c, 0x8c, 0xe7, 0x57, 0x33, 0x3b, 0x3d, 0x67, 0x32, 0x11, 0xb6, + 0x7c, 0xc0, 0x65, 0x3f, 0x2f, 0xe2, 0x62, 0x0d, 0x57, 0xc8, 0xb6, 0xee, + 0x57, 0x4a, 0x03, 0x23, 0xa1, 0x67, 0xea, 0xb1, 0x10, 0x6d, 0x9b, 0xc7, + 0xfd, 0x90, 0xd4, 0x15, 0xbe, 0x5f, 0x1e, 0x98, 0x91, 0xa0, 0xe6, 0xc7, + 0x09, 0xf4, 0xfc, 0x04, 0x04, 0xe8, 0x22, 0x6f, 0x84, 0x77, 0xb4, 0xe9, + 0x39, 0xb3, 0x6e, 0xb2}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with wrong first byte + // (0x01 instead of 0x00), generates a random 11 byte long plaintext + {77, + {0xa1, 0xf8, 0xc9, 0x25, 0x5c, 0x35, 0xcf, 0xba, 0x40, 0x3c, 0xcc}, + {0x9b, 0x2e, 0xc9, 0xc0, 0xc9, 0x17, 0xc9, 0x8f, 0x1a, 0xd3, 0xd0, 0x11, + 0x9a, 0xec, 0x6b, 0xe5, 0x1a, 0xe3, 0x10, 0x6e, 0x9a, 0xf1, 0x91, 0x4d, + 0x48, 0x60, 0x0a, 0xb6, 0xa2, 0xc0, 0xc0, 0xc8, 0xae, 0x02, 0xa2, 0xdc, + 0x30, 0x39, 0x90, 0x6f, 0xf3, 0xaa, 0xc9, 0x04, 0xaf, 0x32, 0xec, 0x79, + 0x8f, 0xd6, 0x5f, 0x3a, 0xd1, 0xaf, 0xa2, 0xe6, 0x94, 0x00, 0xe7, 0xc1, + 0xde, 0x81, 0xf5, 0x72, 0x8f, 0x3b, 0x32, 0x91, 0xf3, 0x82, 0x63, 0xbc, + 0x7a, 0x90, 0xa0, 0x56, 0x3e, 0x43, 0xce, 0x7a, 0x0d, 0x4e, 0xe9, 0xc0, + 0xd8, 0xa7, 0x16, 0x62, 0x1c, 0xa5, 0xd3, 0xd0, 0x81, 0x18, 0x87, 0x69, + 0xce, 0x1b, 0x13, 0x1a, 0xf7, 0xd3, 0x5b, 0x13, 0xde, 0xa9, 0x91, 0x53, + 0x57, 0x9c, 0x86, 0xdb, 0x31, 0xfe, 0x07, 0xd5, 0xa2, 0xc1, 0x4d, 0x62, + 0x1b, 0x77, 0x85, 0x4e, 0x48, 0xa8, 0xdf, 0x41, 0xb5, 0x79, 0x85, 0x63, + 0xaf, 0x48, 0x9a, 0x29, 0x1e, 0x41, 0x7b, 0x6a, 0x33, 0x4c, 0x63, 0x22, + 0x26, 0x27, 0x37, 0x61, 0x18, 0xc0, 0x2c, 0x53, 0xb6, 0xe8, 0x63, 0x10, + 0xf7, 0x28, 0x73, 0x4f, 0xfc, 0x86, 0xef, 0x9d, 0x7c, 0x8b, 0xf5, 0x6c, + 0x0c, 0x84, 0x1b, 0x24, 0xb8, 0x2b, 0x59, 0xf5, 0x1a, 0xee, 0x45, 0x26, + 0xba, 0x1c, 0x42, 0x68, 0x50, 0x6d, 0x30, 0x1e, 0x4e, 0xbc, 0x49, 0x8c, + 0x6a, 0xeb, 0xb6, 0xfd, 0x52, 0x58, 0xc8, 0x76, 0xbf, 0x90, 0x0b, 0xac, + 0x8c, 0xa4, 0xd3, 0x09, 0xdd, 0x52, 0x2f, 0x6a, 0x63, 0x43, 0x59, 0x9a, + 0x8b, 0xc3, 0x76, 0x0f, 0x42, 0x2c, 0x10, 0xc7, 0x2d, 0x0a, 0xd5, 0x27, + 0xce, 0x4a, 0xf1, 0x87, 0x41, 0x24, 0xac, 0xe3, 0xd9, 0x9b, 0xb7, 0x4d, + 0xb8, 0xd6, 0x9d, 0x25, 0x28, 0xdb, 0x22, 0xc3, 0xa3, 0x76, 0x44, 0x64, + 0x0f, 0x95, 0xc0, 0x5f}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with wrong second byte + // (0x01 instead of 0x02), generates a random 11 byte long plaintext + {78, + {0xe6, 0xd7, 0x00, 0x30, 0x9c, 0xa0, 0xed, 0x62, 0x45, 0x22, 0x54}, + {0x78, 0x2c, 0x2b, 0x59, 0xa2, 0x1a, 0x51, 0x12, 0x43, 0x82, 0x0a, 0xce, + 0xdd, 0x56, 0x7c, 0x13, 0x6f, 0x6d, 0x30, 0x90, 0xc1, 0x15, 0x23, 0x2a, + 0x82, 0xa5, 0xef, 0xb0, 0xb1, 0x78, 0x28, 0x5f, 0x55, 0xb5, 0xec, 0x2d, + 0x2b, 0xac, 0x96, 0xbf, 0x00, 0xd6, 0x59, 0x2e, 0xa7, 0xcd, 0xc3, 0x34, + 0x16, 0x10, 0xc8, 0xfb, 0x07, 0xe5, 0x27, 0xe5, 0xe2, 0xd2, 0x0c, 0xfa, + 0xf2, 0xc7, 0xf2, 0x3e, 0x37, 0x54, 0x31, 0xf4, 0x5e, 0x99, 0x89, 0x29, + 0xa0, 0x2f, 0x25, 0xfd, 0x95, 0x35, 0x4c, 0x33, 0x83, 0x80, 0x90, 0xbc, + 0xa8, 0x38, 0x50, 0x22, 0x59, 0xe9, 0x2d, 0x86, 0xd5, 0x68, 0xbc, 0x2c, + 0xdb, 0x13, 0x2f, 0xab, 0x2a, 0x39, 0x95, 0x93, 0xca, 0x60, 0xa0, 0x15, + 0xdc, 0x2b, 0xb1, 0xaf, 0xcd, 0x64, 0xfe, 0xf8, 0xa3, 0x83, 0x4e, 0x17, + 0xe5, 0x35, 0x8d, 0x82, 0x29, 0x80, 0xdc, 0x44, 0x6e, 0x84, 0x5b, 0x3a, + 0xb4, 0x70, 0x2b, 0x1e, 0xe4, 0x1f, 0xe5, 0xdb, 0x71, 0x6d, 0x92, 0x34, + 0x8d, 0x50, 0x91, 0xc1, 0x5d, 0x35, 0xa1, 0x10, 0x55, 0x5a, 0x35, 0xde, + 0xb4, 0x65, 0x0a, 0x5a, 0x1d, 0x2c, 0x98, 0x02, 0x5d, 0x42, 0xd4, 0x54, + 0x4f, 0x8b, 0x32, 0xaa, 0x6a, 0x5e, 0x02, 0xdc, 0x02, 0xde, 0xae, 0xd9, + 0xa7, 0x31, 0x3b, 0x73, 0xb4, 0x9b, 0x0d, 0x47, 0x72, 0xa3, 0x76, 0x8b, + 0x0e, 0xa0, 0xdb, 0x58, 0x46, 0xac, 0xe6, 0x56, 0x9c, 0xae, 0x67, 0x7b, + 0xf6, 0x7f, 0xb0, 0xac, 0xf3, 0xc2, 0x55, 0xdc, 0x01, 0xec, 0x84, 0x00, + 0xc9, 0x63, 0xb6, 0xe4, 0x9b, 0x10, 0x67, 0x72, 0x8b, 0x4e, 0x56, 0x3d, + 0x7e, 0x1e, 0x15, 0x15, 0x66, 0x43, 0x47, 0xb9, 0x2e, 0xe6, 0x4d, 0xb7, + 0xef, 0xb5, 0x45, 0x23, 0x57, 0xa0, 0x2f, 0xff, 0x7f, 0xcb, 0x74, 0x37, + 0xab, 0xc2, 0xe5, 0x79}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with wrong second byte + // (0x00 instead of 0x02), and a 0x02 on third position, generates a + // random 11 byte long plaintext + {79, + {0x3d, 0x4a, 0x05, 0x4d, 0x93, 0x58, 0x20, 0x9e, 0x9c, 0xbb, 0xb9}, + {0x17, 0x86, 0x55, 0x0c, 0xe8, 0xd8, 0x43, 0x30, 0x52, 0xe0, 0x1e, 0xcb, + 0xa8, 0xb7, 0x6d, 0x30, 0x19, 0xf1, 0x35, 0x5b, 0x21, 0x2a, 0xc9, 0xd0, + 0xf5, 0x19, 0x1b, 0x02, 0x33, 0x25, 0xa7, 0xe7, 0x71, 0x4b, 0x78, 0x02, + 0xf8, 0xe9, 0xa1, 0x7c, 0x4c, 0xb3, 0xcd, 0x3a, 0x84, 0x04, 0x18, 0x91, + 0x47, 0x1b, 0x10, 0xca, 0x1f, 0xcf, 0xb5, 0xd0, 0x41, 0xd3, 0x4c, 0x82, + 0xe6, 0xd0, 0x01, 0x1c, 0xf4, 0xdc, 0x76, 0xb9, 0x0e, 0x9c, 0x2e, 0x07, + 0x43, 0x59, 0x05, 0x79, 0xd5, 0x5b, 0xcd, 0x78, 0x57, 0x05, 0x71, 0x52, + 0xc4, 0xa8, 0x04, 0x03, 0x61, 0x34, 0x3d, 0x1d, 0x22, 0xba, 0x67, 0x7d, + 0x62, 0xb0, 0x11, 0x40, 0x7c, 0x65, 0x2e, 0x23, 0x4b, 0x1d, 0x66, 0x3a, + 0xf2, 0x5e, 0x23, 0x86, 0x25, 0x1d, 0x74, 0x09, 0x19, 0x0f, 0x19, 0xfc, + 0x8e, 0xc3, 0xf9, 0x37, 0x4f, 0xdf, 0x12, 0x54, 0x63, 0x38, 0x74, 0xce, + 0x2e, 0xc2, 0xbf, 0xf4, 0x0a, 0xd0, 0xcb, 0x47, 0x3f, 0x97, 0x61, 0xec, + 0x7b, 0x68, 0xda, 0x45, 0xa4, 0xbd, 0x5e, 0x33, 0xf5, 0xd7, 0xda, 0xc9, + 0xb9, 0xa2, 0x08, 0x21, 0xdf, 0x94, 0x06, 0xb6, 0x53, 0xf7, 0x8a, 0x95, + 0xa6, 0xc0, 0xea, 0x0a, 0x4d, 0x57, 0xf8, 0x67, 0xe4, 0xdb, 0x22, 0xc1, + 0x7b, 0xf9, 0xa1, 0x2c, 0x15, 0x0f, 0x80, 0x9a, 0x7b, 0x72, 0xb6, 0xdb, + 0x86, 0xc2, 0x2a, 0x87, 0x32, 0x24, 0x1e, 0xbf, 0x3c, 0x6a, 0x4f, 0x2c, + 0xf8, 0x26, 0x71, 0xd9, 0x17, 0xab, 0xa8, 0xbc, 0x61, 0x05, 0x2b, 0x40, + 0xcc, 0xdd, 0xd7, 0x43, 0xa9, 0x4e, 0xa9, 0xb5, 0x38, 0x17, 0x51, 0x06, + 0x20, 0x19, 0x71, 0xcc, 0xa9, 0xd1, 0x36, 0xd2, 0x50, 0x81, 0x73, 0x9a, + 0xaf, 0x6c, 0xd1, 0x8b, 0x2a, 0xec, 0xf9, 0xad, 0x32, 0x0e, 0xa3, 0xf8, + 0x95, 0x02, 0xf9, 0x55}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with a null byte on third + // position (first byte of padding), generates a random 11 byte + // long payload + {80, + {0x1f, 0x03, 0x7d, 0xd7, 0x17, 0xb0, 0x7d, 0x3e, 0x7f, 0x73, 0x59}, + {0x17, 0x95, 0x98, 0x82, 0x38, 0x12, 0xd2, 0xc5, 0x8a, 0x7e, 0xb5, 0x05, + 0x21, 0x15, 0x0a, 0x48, 0xbc, 0xca, 0x8b, 0x4e, 0xb5, 0x34, 0x14, 0x01, + 0x8b, 0x6b, 0xca, 0x19, 0xf4, 0x80, 0x14, 0x56, 0xc5, 0xe3, 0x6a, 0x94, + 0x00, 0x37, 0xac, 0x51, 0x6b, 0x0d, 0x64, 0x12, 0xba, 0x44, 0xec, 0x6b, + 0x4f, 0x26, 0x8a, 0x55, 0xef, 0x1c, 0x5f, 0xfb, 0xf1, 0x8a, 0x2f, 0x4e, + 0x35, 0x22, 0xbb, 0x7b, 0x6e, 0xd8, 0x97, 0x74, 0xb7, 0x9b, 0xff, 0xa2, + 0x2f, 0x7d, 0x31, 0x02, 0x16, 0x55, 0x65, 0x64, 0x2d, 0xe0, 0xd4, 0x3a, + 0x95, 0x5e, 0x96, 0xa1, 0xf2, 0xe8, 0x0e, 0x54, 0x30, 0x67, 0x1d, 0x72, + 0x66, 0xeb, 0x4f, 0x90, 0x5d, 0xc8, 0xff, 0x5e, 0x10, 0x6d, 0xc5, 0x58, + 0x8e, 0x5b, 0x02, 0x89, 0xe4, 0x9a, 0x49, 0x13, 0x94, 0x0e, 0x39, 0x2a, + 0x97, 0x06, 0x26, 0x16, 0xd2, 0xbd, 0xa3, 0x81, 0x55, 0x47, 0x1b, 0x7d, + 0x36, 0x0c, 0xfb, 0x94, 0x68, 0x1c, 0x70, 0x2f, 0x60, 0xed, 0x2d, 0x4d, + 0xe6, 0x14, 0xea, 0x72, 0xbf, 0x1c, 0x53, 0x16, 0x0e, 0x63, 0x17, 0x9f, + 0x6c, 0x5b, 0x89, 0x7b, 0x59, 0x49, 0x2b, 0xee, 0x21, 0x91, 0x08, 0x30, + 0x9f, 0x0b, 0x7b, 0x8c, 0xb2, 0xb1, 0x36, 0xc3, 0x46, 0xa5, 0xe9, 0x8b, + 0x8b, 0x4b, 0x84, 0x15, 0xfb, 0x1d, 0x71, 0x3b, 0xae, 0x06, 0x79, 0x11, + 0xe3, 0x05, 0x7f, 0x1c, 0x33, 0x5b, 0x4b, 0x7e, 0x39, 0x10, 0x1e, 0xaf, + 0xd5, 0xd2, 0x8f, 0x01, 0x89, 0x03, 0x7e, 0x43, 0x34, 0xf4, 0xfd, 0xb9, + 0x03, 0x84, 0x27, 0xb1, 0xd1, 0x19, 0xa6, 0x70, 0x2a, 0xa8, 0x23, 0x33, + 0x19, 0xcc, 0x97, 0xd4, 0x96, 0xcc, 0x28, 0x9a, 0xe8, 0xc9, 0x56, 0xdd, + 0xc8, 0x40, 0x42, 0x65, 0x9a, 0x2d, 0x43, 0xd6, 0xaa, 0x22, 0xf1, 0x2b, + 0x81, 0xab, 0x88, 0x4e}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with a null byte on tenth + // position (eight byte of padding), generates a random 11 byte long + // plaintext + {81, + {0x63, 0xcb, 0x0b, 0xf6, 0x5f, 0xc8, 0x25, 0x5d, 0xd2, 0x9e, 0x17}, + {0xa7, 0xa3, 0x40, 0x67, 0x5a, 0x82, 0xc3, 0x0e, 0x22, 0x21, 0x9a, 0x55, + 0xbc, 0x07, 0xcd, 0xf3, 0x6d, 0x47, 0xd0, 0x18, 0x34, 0xc1, 0x83, 0x4f, + 0x91, 0x7f, 0x18, 0xb5, 0x17, 0x41, 0x9c, 0xe9, 0xde, 0x2a, 0x96, 0x46, + 0x0e, 0x74, 0x50, 0x24, 0x43, 0x64, 0x70, 0xed, 0x85, 0xe9, 0x42, 0x97, + 0xb2, 0x83, 0x53, 0x7d, 0x52, 0x18, 0x9c, 0x40, 0x6a, 0x3f, 0x53, 0x3c, + 0xb4, 0x05, 0xcc, 0x6a, 0x9d, 0xba, 0x46, 0xb4, 0x82, 0xce, 0x98, 0xb6, + 0xe3, 0xdd, 0x52, 0xd8, 0xfc, 0xe2, 0x23, 0x74, 0x25, 0x61, 0x7e, 0x38, + 0xc1, 0x1f, 0xbc, 0x46, 0xb6, 0x18, 0x97, 0xef, 0x20, 0x0d, 0x01, 0xe4, + 0xf2, 0x5f, 0x5f, 0x6c, 0x4c, 0x5b, 0x38, 0xcd, 0x0d, 0xe3, 0x8b, 0xa1, + 0x19, 0x08, 0xb8, 0x65, 0x95, 0xa8, 0x03, 0x6a, 0x08, 0xa4, 0x2a, 0x3d, + 0x05, 0xb7, 0x96, 0x00, 0xa9, 0x7a, 0xc1, 0x8b, 0xa3, 0x68, 0xa0, 0x8d, + 0x6c, 0xf6, 0xcc, 0xb6, 0x24, 0xf6, 0xe8, 0x00, 0x2a, 0xfc, 0x75, 0x59, + 0x9f, 0xba, 0x4d, 0xe3, 0xd4, 0xf3, 0xba, 0x7d, 0x20, 0x83, 0x91, 0xeb, + 0xe8, 0xd2, 0x1f, 0x82, 0x82, 0xb1, 0x8e, 0x2c, 0x10, 0x86, 0x9e, 0xb2, + 0x70, 0x2e, 0x68, 0xf9, 0x17, 0x6b, 0x42, 0xb0, 0xdd, 0xc9, 0xd7, 0x63, + 0xf0, 0xc8, 0x6b, 0xa0, 0xff, 0x92, 0xc9, 0x57, 0xaa, 0xea, 0xb7, 0x6d, + 0x9a, 0xb8, 0xda, 0x52, 0xea, 0x29, 0x7e, 0xc1, 0x1d, 0x92, 0xd7, 0x70, + 0x14, 0x6f, 0xaa, 0x1b, 0x30, 0x0e, 0x0f, 0x91, 0xef, 0x96, 0x9b, 0x53, + 0xe7, 0xd2, 0x90, 0x7f, 0xfc, 0x98, 0x4e, 0x9a, 0x9c, 0x9d, 0x11, 0xfb, + 0x7d, 0x6c, 0xba, 0x91, 0x97, 0x20, 0x59, 0xb4, 0x65, 0x06, 0xb0, 0x35, + 0xef, 0xec, 0x65, 0x75, 0xc4, 0x6d, 0x71, 0x14, 0xa6, 0xb9, 0x35, 0x86, + 0x48, 0x58, 0x44, 0x5f}, + priv_key_1b, + true}, + + // an otherwise correct plaintext, but with missing zero separator + // decrypts to 11 byte random synthethic plaintext + {82, + {0x6f, 0x09, 0xa0, 0xb6, 0x26, 0x99, 0x33, 0x7c, 0x49, 0x7b, 0x0b}, + {0x3d, 0x1b, 0x97, 0xe7, 0xaa, 0x34, 0xea, 0xf1, 0xf4, 0xfc, 0x17, 0x1c, + 0xeb, 0x11, 0xdc, 0xff, 0xfd, 0x9a, 0x46, 0xa5, 0xb6, 0x96, 0x12, 0x05, + 0xb1, 0x0b, 0x30, 0x28, 0x18, 0xc1, 0xfc, 0xc9, 0xf4, 0xec, 0x78, 0xbf, + 0x18, 0xea, 0x0c, 0xee, 0x7e, 0x9f, 0xa5, 0xb1, 0x6f, 0xb4, 0xc6, 0x11, + 0x46, 0x3b, 0x36, 0x8b, 0x33, 0x12, 0xac, 0x11, 0xcf, 0x9c, 0x06, 0xb7, + 0xcf, 0x72, 0xb5, 0x4e, 0x28, 0x48, 0x48, 0xa5, 0x08, 0xd3, 0xf0, 0x23, + 0x28, 0xc6, 0x2c, 0x29, 0x99, 0xd0, 0xfb, 0x60, 0x92, 0x9f, 0x81, 0x78, + 0x3c, 0x7a, 0x25, 0x68, 0x91, 0xbc, 0x2f, 0xf4, 0xd9, 0x1d, 0xf2, 0xaf, + 0x96, 0xa2, 0x4f, 0xc5, 0x70, 0x1a, 0x18, 0x23, 0xaf, 0x93, 0x9c, 0xe6, + 0xdb, 0xdc, 0x51, 0x06, 0x08, 0xe3, 0xd4, 0x1e, 0xec, 0x17, 0x2a, 0xd2, + 0xd5, 0x1b, 0x9f, 0xc6, 0x1b, 0x42, 0x17, 0xc9, 0x23, 0xca, 0xdc, 0xf5, + 0xba, 0xc3, 0x21, 0x35, 0x5e, 0xf8, 0xbe, 0x5e, 0x5f, 0x09, 0x0c, 0xdc, + 0x2b, 0xd0, 0xc6, 0x97, 0xd9, 0x05, 0x82, 0x47, 0xdb, 0x3a, 0xd6, 0x13, + 0xfd, 0xce, 0x87, 0xd2, 0x95, 0x5a, 0x6d, 0x1c, 0x94, 0x8a, 0x51, 0x60, + 0xf9, 0x3d, 0xa2, 0x1f, 0x73, 0x1d, 0x74, 0x13, 0x7f, 0x5d, 0x1f, 0x53, + 0xa1, 0x92, 0x3a, 0xdb, 0x51, 0x3d, 0x2e, 0x6e, 0x15, 0x89, 0xd4, 0x4c, + 0xc0, 0x79, 0xf4, 0xc6, 0xdd, 0xd4, 0x71, 0xd3, 0x8a, 0xc8, 0x2d, 0x20, + 0xd8, 0xb1, 0xd2, 0x1f, 0x8d, 0x65, 0xf3, 0xb6, 0x90, 0x70, 0x86, 0x80, + 0x9f, 0x41, 0x23, 0xe0, 0x8d, 0x86, 0xfb, 0x38, 0x72, 0x95, 0x85, 0xde, + 0x02, 0x6a, 0x48, 0x5d, 0x8f, 0x0e, 0x70, 0x3f, 0xd4, 0x77, 0x2f, 0x66, + 0x68, 0xfe, 0xbf, 0x67, 0xdf, 0x94, 0x7b, 0x82, 0x19, 0x5f, 0xa3, 0x86, + 0x7e, 0x3a, 0x30, 0x65}, + priv_key_1b, + true}, + + // + // Bleichenbacher 2049 keys + // malformed plaintext that generates a fake plaintext of length + // specified by 3rd length from the end of PRF output + {83, + {0x42}, + {0x00, 0xb2, 0x6f, 0x64, 0x04, 0xb8, 0x26, 0x49, 0x62, 0x9f, 0x27, 0x04, + 0x49, 0x42, 0x82, 0x44, 0x37, 0x76, 0x92, 0x91, 0x22, 0xe2, 0x79, 0xa9, + 0xcf, 0x30, 0xb0, 0xc6, 0xfe, 0x81, 0x22, 0xa0, 0xa9, 0x04, 0x28, 0x70, + 0xd9, 0x7c, 0xc8, 0xef, 0x65, 0x49, 0x0f, 0xe5, 0x8f, 0x03, 0x1e, 0xb2, + 0x44, 0x23, 0x52, 0x19, 0x1f, 0x5f, 0xbc, 0x31, 0x10, 0x26, 0xb5, 0x14, + 0x7d, 0x32, 0xdf, 0x91, 0x45, 0x99, 0xf3, 0x8b, 0x82, 0x5e, 0xbb, 0x82, + 0x4a, 0xf0, 0xd6, 0x3f, 0x2d, 0x54, 0x1a, 0x24, 0x5c, 0x57, 0x75, 0xd1, + 0xc4, 0xb7, 0x86, 0x30, 0xe4, 0x99, 0x6c, 0xc5, 0xfe, 0x41, 0x3d, 0x38, + 0x45, 0x5a, 0x77, 0x6c, 0xf4, 0xed, 0xcc, 0x0a, 0xa7, 0xfc, 0xcb, 0x31, + 0xc5, 0x84, 0xd6, 0x05, 0x02, 0xed, 0x2b, 0x77, 0x39, 0x8f, 0x53, 0x6e, + 0x13, 0x7f, 0xf7, 0xba, 0x64, 0x30, 0xe9, 0x25, 0x8e, 0x21, 0xc2, 0xdb, + 0x5b, 0x82, 0xf5, 0x38, 0x0f, 0x56, 0x68, 0x76, 0x11, 0x0a, 0xc4, 0xc7, + 0x59, 0x17, 0x89, 0x00, 0xfb, 0xad, 0x7a, 0xb7, 0x0e, 0xa0, 0x7b, 0x1d, + 0xaf, 0x7a, 0x16, 0x39, 0xcb, 0xb4, 0x19, 0x65, 0x43, 0xa6, 0xcb, 0xe8, + 0x27, 0x1f, 0x35, 0xdd, 0xdb, 0x81, 0x20, 0x30, 0x4f, 0x6e, 0xef, 0x83, + 0x05, 0x9e, 0x1c, 0x5c, 0x56, 0x78, 0x71, 0x0f, 0x90, 0x4a, 0x6d, 0x76, + 0x0c, 0x4d, 0x1d, 0x8a, 0xd0, 0x76, 0xbe, 0x17, 0x90, 0x4b, 0x9e, 0x69, + 0x91, 0x00, 0x40, 0xb4, 0x79, 0x14, 0xa0, 0x17, 0x6f, 0xb7, 0xee, 0xa0, + 0xc0, 0x64, 0x44, 0xa6, 0xc4, 0xb8, 0x6d, 0x67, 0x4d, 0x19, 0xa5, 0x56, + 0xa1, 0xde, 0x54, 0x90, 0x37, 0x3c, 0xb0, 0x1c, 0xe3, 0x1b, 0xbd, 0x15, + 0xa5, 0x63, 0x33, 0x62, 0xd3, 0xd2, 0xcd, 0x7d, 0x4a, 0xf1, 0xb4, 0xc5, + 0x12, 0x12, 0x88, 0xb8, 0x94}, + priv_key_2b, + true}, + + // a valid ciphertext that starts with a null byte, decrypts to 11 byte + // long value + {84, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x01, 0x33, 0x00, 0xed, 0xbf, 0x0b, 0xb3, 0x57, 0x1e, 0x59, 0x88, 0x9f, + 0x7e, 0xd7, 0x69, 0x70, 0xbf, 0x6d, 0x57, 0xe1, 0xc8, 0x9b, 0xbb, 0x6d, + 0x1c, 0x39, 0x91, 0xd9, 0xdf, 0x8e, 0x65, 0xed, 0x54, 0xb5, 0x56, 0xd9, + 0x28, 0xda, 0x7d, 0x76, 0x8f, 0xac, 0xb3, 0x95, 0xbb, 0xcc, 0x81, 0xe9, + 0xf8, 0x57, 0x3b, 0x45, 0xcf, 0x81, 0x95, 0xdb, 0xd8, 0x5d, 0x83, 0xa5, + 0x92, 0x81, 0xcd, 0xdf, 0x41, 0x63, 0xae, 0xc1, 0x1b, 0x53, 0xb4, 0x14, + 0x00, 0x53, 0xe3, 0xbd, 0x10, 0x9f, 0x78, 0x7a, 0x7c, 0x3c, 0xec, 0x31, + 0xd5, 0x35, 0xaf, 0x1f, 0x50, 0xe0, 0x59, 0x8d, 0x85, 0xd9, 0x6d, 0x91, + 0xea, 0x01, 0x91, 0x3d, 0x07, 0x09, 0x7d, 0x25, 0xaf, 0x99, 0xc6, 0x74, + 0x64, 0xeb, 0xf2, 0xbb, 0x39, 0x6f, 0xb2, 0x8a, 0x92, 0x33, 0xe5, 0x6f, + 0x31, 0xf7, 0xe1, 0x05, 0xd7, 0x1a, 0x23, 0xe9, 0xef, 0x3b, 0x73, 0x6d, + 0x1e, 0x80, 0xe7, 0x13, 0xd1, 0x69, 0x17, 0x13, 0xdf, 0x97, 0x33, 0x47, + 0x79, 0x55, 0x2f, 0xc9, 0x4b, 0x40, 0xdd, 0x73, 0x3c, 0x72, 0x51, 0xbc, + 0x52, 0x2b, 0x67, 0x3d, 0x3e, 0xc9, 0x35, 0x4a, 0xf3, 0xdd, 0x4a, 0xd4, + 0x4f, 0xa7, 0x1c, 0x06, 0x62, 0x21, 0x3a, 0x57, 0xad, 0xa1, 0xd7, 0x51, + 0x49, 0x69, 0x7d, 0x0e, 0xb5, 0x5c, 0x05, 0x3a, 0xae, 0xd5, 0xff, 0xd0, + 0xb8, 0x15, 0x83, 0x2f, 0x45, 0x41, 0x79, 0x51, 0x9d, 0x37, 0x36, 0xfb, + 0x4f, 0xaf, 0x80, 0x84, 0x16, 0x07, 0x1d, 0xb0, 0xd0, 0xf8, 0x01, 0xac, + 0xa8, 0x54, 0x83, 0x11, 0xee, 0x70, 0x8c, 0x13, 0x1f, 0x4b, 0xe6, 0x58, + 0xb1, 0x5f, 0x6b, 0x54, 0x25, 0x68, 0x72, 0xc2, 0x90, 0x3a, 0xc7, 0x08, + 0xbd, 0x43, 0xb0, 0x17, 0xb0, 0x73, 0xb5, 0x70, 0x7b, 0xc8, 0x4c, 0x2c, + 0xd9, 0xda, 0x70, 0xe9, 0x67}, + priv_key_2b, + true}, + + // a valid ciphertext that starts with a null byte, decrypts to 11 byte + // long value + {85, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x00, 0x02, 0xaa, 0xdf, 0x84, 0x6a, 0x32, 0x9f, 0xad, 0xc6, 0x76, 0x09, + 0x80, 0x30, 0x3d, 0xbd, 0x87, 0xbf, 0xad, 0xfa, 0x78, 0xc2, 0x01, 0x5c, + 0xe4, 0xd6, 0xc5, 0x78, 0x2f, 0xd9, 0xd3, 0xf1, 0x07, 0x8b, 0xd3, 0xc0, + 0xa2, 0xc5, 0xbf, 0xbd, 0xd1, 0xc0, 0x24, 0x55, 0x2e, 0x50, 0x54, 0xd9, + 0x8b, 0x5b, 0xcd, 0xc9, 0x4e, 0x47, 0x6d, 0xd2, 0x80, 0xe6, 0x4d, 0x65, + 0x00, 0x89, 0x32, 0x65, 0x42, 0xce, 0x7c, 0x61, 0xd4, 0xf1, 0xab, 0x40, + 0x00, 0x4c, 0x2e, 0x6a, 0x88, 0xa8, 0x83, 0x61, 0x35, 0x68, 0x55, 0x6a, + 0x10, 0xf3, 0xf9, 0xed, 0xea, 0xb6, 0x7a, 0xe8, 0xdd, 0xdc, 0x1e, 0x6b, + 0x08, 0x31, 0xc2, 0x79, 0x3d, 0x27, 0x15, 0xde, 0x94, 0x3f, 0x7c, 0xe3, + 0x4c, 0x5c, 0x05, 0xd1, 0xb0, 0x9f, 0x14, 0x43, 0x1f, 0xde, 0x56, 0x6d, + 0x17, 0xe7, 0x6c, 0x9f, 0xee, 0xe9, 0x0d, 0x86, 0xa2, 0xc1, 0x58, 0x61, + 0x6e, 0xc8, 0x1d, 0xda, 0x0c, 0x64, 0x2f, 0x58, 0xc0, 0xba, 0x8f, 0xa4, + 0x49, 0x58, 0x43, 0x12, 0x4a, 0x72, 0x35, 0xd4, 0x6f, 0xb4, 0x06, 0x97, + 0x15, 0xa5, 0x1b, 0xf7, 0x10, 0xfd, 0x02, 0x42, 0x59, 0x13, 0x1b, 0xa9, + 0x4d, 0xa7, 0x35, 0x97, 0xac, 0xe4, 0x94, 0x85, 0x6c, 0x94, 0xe7, 0xa3, + 0xec, 0x26, 0x15, 0x45, 0x79, 0x3b, 0x09, 0x90, 0x27, 0x9b, 0x15, 0xfa, + 0x91, 0xc7, 0xfd, 0x13, 0xdb, 0xfb, 0x1d, 0xf2, 0xf2, 0x21, 0xda, 0xb9, + 0xfa, 0x9f, 0x7c, 0x1d, 0x21, 0xe4, 0x8a, 0xa4, 0x9f, 0x6a, 0xae, 0xcb, + 0xab, 0xf5, 0xee, 0x76, 0xdc, 0x6c, 0x2a, 0xf2, 0x31, 0x7f, 0xfb, 0x4e, + 0x30, 0x31, 0x15, 0x38, 0x6a, 0x97, 0xf8, 0x72, 0x9a, 0xfc, 0x3d, 0x0c, + 0x89, 0x41, 0x96, 0x69, 0x23, 0x5f, 0x1a, 0x3a, 0x69, 0x57, 0x0e, 0x08, + 0x36, 0xc7, 0x9f, 0xc1, 0x62}, + priv_key_2b, + true}, + + // a valid ciphertext that starts with two null bytes, decrypts to + // 11 byte long value + {86, + // lorem ipsum + {0x6c, 0x6f, 0x72, 0x65, 0x6d, 0x20, 0x69, 0x70, 0x73, 0x75, 0x6d}, + {0x00, 0x00, 0xf3, 0x6d, 0xa3, 0xb7, 0x2d, 0x8f, 0xf6, 0xde, 0xd7, 0x4e, + 0x7e, 0xfd, 0x08, 0xc0, 0x19, 0x08, 0xf3, 0xf5, 0xf0, 0xde, 0x7b, 0x55, + 0xea, 0xb9, 0x2b, 0x5f, 0x87, 0x51, 0x90, 0x80, 0x9c, 0x39, 0xd4, 0x16, + 0x2e, 0x1e, 0x66, 0x49, 0x61, 0x8f, 0x85, 0x4f, 0xd8, 0x4a, 0xea, 0xb0, + 0x39, 0x70, 0xd1, 0x6b, 0xb8, 0x14, 0xe9, 0x99, 0x85, 0x2c, 0x06, 0xde, + 0x38, 0xd8, 0x2b, 0x95, 0xc0, 0xf3, 0x2e, 0x2a, 0x7b, 0x57, 0x14, 0x02, + 0x1f, 0xe3, 0x03, 0x38, 0x9b, 0xe9, 0xc0, 0xea, 0xc2, 0x4c, 0x90, 0xa6, + 0xb7, 0x21, 0x0f, 0x92, 0x9d, 0x39, 0x0f, 0xab, 0xf9, 0x03, 0xd4, 0x4e, + 0x04, 0x11, 0x0b, 0xb7, 0xa7, 0xfd, 0x6c, 0x38, 0x3c, 0x27, 0x58, 0x04, + 0x72, 0x1e, 0xfa, 0x6d, 0x7c, 0x93, 0xaa, 0x64, 0xc0, 0xbb, 0x2b, 0x18, + 0xd9, 0x7c, 0x52, 0x20, 0xa8, 0x46, 0xc6, 0x6a, 0x48, 0x95, 0xae, 0x52, + 0xad, 0xdd, 0xbe, 0x2a, 0x99, 0x96, 0x82, 0x5e, 0x01, 0x35, 0x85, 0xad, + 0xce, 0xc4, 0xb3, 0x2b, 0xa6, 0x1d, 0x78, 0x27, 0x37, 0xbd, 0x34, 0x3e, + 0x5f, 0xab, 0xd6, 0x8e, 0x8a, 0x95, 0xb8, 0xb1, 0x34, 0x03, 0x18, 0x55, + 0x98, 0x60, 0x79, 0x2d, 0xd7, 0x0d, 0xff, 0xbe, 0x05, 0xa1, 0x05, 0x2b, + 0x54, 0xcb, 0xfb, 0x48, 0xcf, 0xa7, 0xbb, 0x3c, 0x19, 0xce, 0xa5, 0x20, + 0x76, 0xbd, 0xda, 0xc5, 0xc2, 0x5e, 0xe2, 0x76, 0xf1, 0x53, 0xa6, 0x10, + 0xf6, 0xd0, 0x6e, 0xd6, 0x96, 0xd1, 0x92, 0xd8, 0xae, 0x45, 0x07, 0xff, + 0xae, 0x4e, 0x5b, 0xdd, 0xa1, 0x0a, 0x62, 0x5d, 0x6b, 0x67, 0xf3, 0x2f, + 0x7c, 0xff, 0xcd, 0x48, 0xde, 0xe2, 0x43, 0x1f, 0xe6, 0x6f, 0x61, 0x05, + 0xf9, 0xd1, 0x7e, 0x61, 0x1c, 0xdc, 0xc6, 0x74, 0x86, 0x8e, 0x81, 0x69, + 0x2a, 0x36, 0x0f, 0x40, 0x52}, + priv_key_2b, + true}, + + // a random ciphertext that generates a fake 11 byte plaintext + // and fails the padding check + {87, + {0x11, 0x89, 0xb6, 0xf5, 0x49, 0x8f, 0xd6, 0xdf, 0x53, 0x2b, 0x00}, + {0x00, 0xf9, 0x10, 0x20, 0x08, 0x30, 0xfc, 0x8f, 0xff, 0x47, 0x8e, 0x99, + 0xe1, 0x45, 0xf1, 0x47, 0x4b, 0x31, 0x2e, 0x25, 0x12, 0xd0, 0xf9, 0x0b, + 0x8c, 0xef, 0x77, 0xf8, 0x00, 0x1d, 0x09, 0x86, 0x16, 0x88, 0xc1, 0x56, + 0xd1, 0xcb, 0xaf, 0x8a, 0x89, 0x57, 0xf7, 0xeb, 0xf3, 0x5f, 0x72, 0x44, + 0x66, 0x95, 0x2d, 0x05, 0x24, 0xca, 0xd4, 0x8a, 0xad, 0x4f, 0xba, 0x1e, + 0x45, 0xce, 0x8e, 0xa2, 0x7e, 0x8f, 0x3b, 0xa4, 0x41, 0x31, 0xb7, 0x83, + 0x1b, 0x62, 0xd6, 0x0c, 0x07, 0x62, 0x66, 0x1f, 0x4c, 0x1d, 0x1a, 0x88, + 0xcd, 0x06, 0x26, 0x3a, 0x25, 0x9a, 0xbf, 0x1b, 0xa9, 0xe6, 0xb0, 0xb1, + 0x72, 0x06, 0x9a, 0xfb, 0x86, 0xa7, 0xe8, 0x83, 0x87, 0x72, 0x6f, 0x8a, + 0xb3, 0xad, 0xb3, 0x0b, 0xfd, 0x6b, 0x3f, 0x6b, 0xe6, 0xd8, 0x5d, 0x5d, + 0xfd, 0x04, 0x4e, 0x7e, 0xf0, 0x52, 0x39, 0x54, 0x74, 0xa9, 0xcb, 0xb1, + 0xc3, 0x66, 0x7a, 0x92, 0x78, 0x0b, 0x43, 0xa2, 0x26, 0x93, 0x01, 0x5a, + 0xf6, 0xc5, 0x13, 0x04, 0x1b, 0xda, 0xf8, 0x7d, 0x43, 0xb2, 0x4d, 0xdd, + 0x24, 0x4e, 0x79, 0x1e, 0xea, 0xea, 0x10, 0x66, 0xe1, 0xf4, 0x91, 0x71, + 0x17, 0xb3, 0xa4, 0x68, 0xe2, 0x2e, 0x0f, 0x73, 0x58, 0x85, 0x2b, 0xb9, + 0x81, 0x24, 0x8d, 0xe4, 0xd7, 0x20, 0xad, 0xd2, 0xd1, 0x5d, 0xcc, 0xba, + 0x62, 0x80, 0x35, 0x59, 0x35, 0xb6, 0x7c, 0x96, 0xf9, 0xdc, 0xb6, 0xc4, + 0x19, 0xcc, 0x38, 0xab, 0x9f, 0x6f, 0xba, 0x2d, 0x64, 0x9e, 0xf2, 0x06, + 0x6e, 0x0c, 0x34, 0xc9, 0xf7, 0x88, 0xae, 0x49, 0xba, 0xbd, 0x90, 0x25, + 0xfa, 0x85, 0xb2, 0x11, 0x13, 0xe5, 0x6c, 0xe4, 0xf4, 0x3a, 0xa1, 0x34, + 0xc5, 0x12, 0xb0, 0x30, 0xdd, 0x7a, 0xc7, 0xce, 0x82, 0xe7, 0x6f, 0x0b, + 0xe9, 0xce, 0x09, 0xeb, 0xca}, + priv_key_2b, + true}, + + // an otherwise correct plaintext, but with wrong first byte + // (0x01 instead of 0x00), generates a random 11 byte long plaintext + {88, + {0xf6, 0xd0, 0xf5, 0xb7, 0x80, 0x82, 0xfe, 0x61, 0xc0, 0x46, 0x74}, + { + 0x00, 0x2c, 0x9d, 0xdc, 0x36, 0xba, 0x4c, 0xf0, 0x03, 0x86, 0x92, 0xb2, + 0xd3, 0xa1, 0xc6, 0x1a, 0x4b, 0xb3, 0x78, 0x6a, 0x97, 0xce, 0x2e, 0x46, + 0xa3, 0xba, 0x74, 0xd0, 0x31, 0x58, 0xae, 0xef, 0x45, 0x6c, 0xe0, 0xf4, + 0xdb, 0x04, 0xdd, 0xa3, 0xfe, 0x06, 0x22, 0x68, 0xa1, 0x71, 0x12, 0x50, + 0xa1, 0x8c, 0x69, 0x77, 0x8a, 0x62, 0x80, 0xd8, 0x8e, 0x13, 0x3a, 0x16, + 0x25, 0x4e, 0x1f, 0x0e, 0x30, 0xce, 0x8d, 0xac, 0x9b, 0x57, 0xd2, 0xe3, + 0x9a, 0x2f, 0x7d, 0x7b, 0xe3, 0xee, 0x4e, 0x08, 0xae, 0xc2, 0xfd, 0xbe, + 0x8d, 0xad, 0xad, 0x7f, 0xdb, 0xf4, 0x42, 0xa2, 0x9a, 0x8f, 0xb4, 0x08, + 0x57, 0x40, 0x7b, 0xf6, 0xbe, 0x35, 0x59, 0x6b, 0x8e, 0xef, 0xb5, 0xc2, + 0xb3, 0xf5, 0x8b, 0x89, 0x44, 0x52, 0xc2, 0xdc, 0x54, 0xa6, 0x12, 0x3a, + 0x1a, 0x38, 0xd6, 0x42, 0xe2, 0x37, 0x51, 0x74, 0x65, 0x97, 0xe0, 0x8d, + 0x71, 0xac, 0x92, 0x70, 0x4a, 0xdc, 0x17, 0x80, 0x3b, 0x19, 0xe1, 0x31, + 0xb4, 0xd1, 0x92, 0x78, 0x81, 0xf4, 0x3b, 0x02, 0x00, 0xe6, 0xf9, 0x56, + 0x58, 0xf5, 0x59, 0xf9, 0x12, 0xc8, 0x89, 0xb4, 0xcd, 0x51, 0x86, 0x27, + 0x84, 0x36, 0x48, 0x96, 0xcd, 0x6e, 0x86, 0x18, 0xf4, 0x85, 0xa9, 0x92, + 0xf8, 0x29, 0x97, 0xad, 0x6a, 0x09, 0x17, 0xe3, 0x2a, 0xe5, 0x87, 0x2e, + 0xaf, 0x85, 0x00, 0x92, 0xb2, 0xd6, 0xc7, 0x82, 0xad, 0x35, 0xf4, 0x87, + 0xb7, 0x96, 0x82, 0x33, 0x3c, 0x17, 0x50, 0xc6, 0x85, 0xd7, 0xd3, 0x2a, + 0xb3, 0xe1, 0x53, 0x8f, 0x31, 0xdc, 0xaa, 0x5e, 0x7d, 0x5d, 0x28, 0x25, + 0x87, 0x52, 0x42, 0xc8, 0x39, 0x47, 0x30, 0x8d, 0xcf, 0x63, 0xba, 0x4b, + 0xff, 0xf2, 0x03, 0x34, 0xc9, 0xc1, 0x40, 0xc8, 0x37, 0xdb, 0xdb, 0xae, + 0x7a, 0x8d, 0xee, 0x72, 0xff, + }, + priv_key_2b, + true}, + + // an otherwise correct plaintext, but with wrong second byte + // (0x01 instead of 0x02), generates a random 11 byte long plaintext + {89, + {0x1a, 0xb2, 0x87, 0xfc, 0xef, 0x3f, 0xf1, 0x70, 0x67, 0x91, 0x4d}, + {0x00, 0xc5, 0xd7, 0x78, 0x26, 0xc1, 0xab, 0x7a, 0x34, 0xd6, 0x39, 0x0f, + 0x9d, 0x34, 0x2d, 0x5d, 0xbe, 0x84, 0x89, 0x42, 0xe2, 0x61, 0x82, 0x87, + 0x95, 0x2b, 0xa0, 0x35, 0x0d, 0x7d, 0xe6, 0x72, 0x61, 0x12, 0xe9, 0xce, + 0xbc, 0x39, 0x1a, 0x0f, 0xae, 0x18, 0x39, 0xe2, 0xbf, 0x16, 0x82, 0x29, + 0xe3, 0xe0, 0xd7, 0x1d, 0x41, 0x61, 0x80, 0x15, 0x09, 0xf1, 0xf2, 0x8f, + 0x6e, 0x14, 0x87, 0xca, 0x52, 0xdf, 0x05, 0xc4, 0x66, 0xb6, 0xb0, 0xa6, + 0xfb, 0xbe, 0x57, 0xa3, 0x26, 0x8a, 0x97, 0x06, 0x10, 0xec, 0x0b, 0xea, + 0xc3, 0x9e, 0xc0, 0xfa, 0x67, 0xba, 0xbc, 0xe1, 0xef, 0x2a, 0x86, 0xbf, + 0x77, 0x46, 0x6d, 0xc1, 0x27, 0xd7, 0xd0, 0xd2, 0x96, 0x2c, 0x20, 0xe6, + 0x65, 0x93, 0x12, 0x6f, 0x27, 0x68, 0x63, 0xcd, 0x38, 0xdc, 0x63, 0x51, + 0x42, 0x8f, 0x88, 0x4c, 0x13, 0x84, 0xf6, 0x7c, 0xad, 0x0a, 0x0f, 0xfd, + 0xbc, 0x2a, 0xf1, 0x67, 0x11, 0xfb, 0x68, 0xdc, 0x55, 0x9b, 0x96, 0xb3, + 0x7b, 0x4f, 0x04, 0xcd, 0x13, 0x3f, 0xfc, 0x7d, 0x79, 0xc4, 0x3c, 0x42, + 0xca, 0x49, 0x48, 0xfa, 0x89, 0x5b, 0x9d, 0xae, 0xb8, 0x53, 0x15, 0x0c, + 0x8a, 0x51, 0x69, 0x84, 0x9b, 0x73, 0x0c, 0xc7, 0x7d, 0x68, 0xb0, 0x21, + 0x7d, 0x6c, 0x0e, 0x3d, 0xbf, 0x38, 0xd7, 0x51, 0xa1, 0x99, 0x81, 0x86, + 0x63, 0x34, 0x18, 0x36, 0x7e, 0x75, 0x76, 0x53, 0x05, 0x66, 0xc2, 0x3d, + 0x6d, 0x4e, 0x0d, 0xa9, 0xb0, 0x38, 0xd0, 0xbb, 0x51, 0x69, 0xce, 0x40, + 0x13, 0x3e, 0xa0, 0x76, 0x47, 0x2d, 0x05, 0x50, 0x01, 0xf0, 0x13, 0x56, + 0x45, 0x94, 0x0f, 0xd0, 0x8e, 0xa4, 0x42, 0x69, 0xaf, 0x26, 0x04, 0xc8, + 0xb1, 0xba, 0x22, 0x50, 0x53, 0xd6, 0xdb, 0x9a, 0xb4, 0x35, 0x77, 0x68, + 0x94, 0x01, 0xbd, 0xc0, 0xf3}, + priv_key_2b, true}}; #endif // rsa_pkcs1_2048_vectors_h__ diff --git a/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h b/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h index b0f183089..c52cd8c55 100644 --- a/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h +++ b/gtests/common/testvectors/rsa_pkcs1_3072_test-vectors.h @@ -5028,6 +5028,159 @@ static const std::vector<uint8_t> priv_key_65{ 0x3b, 0xcc, 0xfd, 0x41, 0x12, 0xe4, 0xf4, 0x08, 0x43, 0x32, 0x47, 0x03, 0xee, 0xae, 0x57, 0xb3, 0xf5, 0x08, 0x9d}; +/* 3072 bit key from Hubert's Bleichenbacher tests */ +static const std::vector<uint8_t> priv_key_3b{ + 0x30, 0x82, 0x06, 0xfe, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x06, 0xe8, 0x30, 0x82, 0x06, 0xe4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, + 0x81, 0x00, 0xaf, 0xd7, 0x1c, 0xaa, 0xd5, 0xe9, 0xf5, 0xb8, 0xc6, 0xc3, + 0x67, 0x07, 0x0a, 0x47, 0xf1, 0x9d, 0x7e, 0x66, 0xae, 0xde, 0x18, 0xa5, + 0xb2, 0x74, 0x1f, 0xb3, 0xc4, 0xd3, 0x34, 0x34, 0x56, 0x06, 0x92, 0xa2, + 0xd9, 0x09, 0xef, 0x68, 0x88, 0xec, 0x60, 0x2f, 0xf6, 0xb9, 0x3a, 0xf2, + 0x58, 0xee, 0x74, 0x30, 0x3c, 0x30, 0x1a, 0xfc, 0xd4, 0xed, 0xbe, 0xc4, + 0x33, 0x11, 0xdd, 0xc8, 0xdd, 0xbf, 0x00, 0xdd, 0xbb, 0xe3, 0x86, 0xd3, + 0x3b, 0x8d, 0x0e, 0x22, 0xb1, 0xb4, 0x49, 0x36, 0xdc, 0x48, 0x98, 0x71, + 0xb8, 0x52, 0x37, 0xb3, 0x4c, 0xe7, 0x47, 0xad, 0x8f, 0xdb, 0x0c, 0x4e, + 0x4d, 0x1d, 0xaa, 0x7a, 0xad, 0xf0, 0x73, 0x85, 0xc5, 0xc8, 0x73, 0x2c, + 0xcb, 0x7d, 0x5a, 0x49, 0xe2, 0xe5, 0x0c, 0x88, 0x3c, 0x7d, 0x7a, 0xc1, + 0x0e, 0xd6, 0xa7, 0x4d, 0x9a, 0xc9, 0x0d, 0xf9, 0x12, 0x99, 0x05, 0xa1, + 0x7d, 0x4a, 0x08, 0x72, 0x10, 0xfc, 0x78, 0xb6, 0xd0, 0x4b, 0x1e, 0xb9, + 0x69, 0x48, 0x2c, 0x11, 0xa6, 0xee, 0xb7, 0x9c, 0x50, 0xe5, 0xb1, 0x6f, + 0x3f, 0x25, 0x4f, 0x75, 0x71, 0x52, 0x8b, 0x2f, 0x17, 0x16, 0xab, 0x81, + 0x6d, 0x6e, 0xca, 0x07, 0x27, 0xbd, 0xea, 0x98, 0x05, 0x93, 0x29, 0x73, + 0x0e, 0xb8, 0xc3, 0x3c, 0xe7, 0x1d, 0x61, 0xdd, 0x4a, 0xc3, 0x93, 0xb6, + 0x25, 0x6e, 0x07, 0xac, 0x1d, 0x12, 0x4f, 0x02, 0x00, 0xd1, 0xc3, 0xe0, + 0x5a, 0x4c, 0x1b, 0xc7, 0xf1, 0xed, 0x2f, 0xc8, 0x3e, 0x57, 0x19, 0x9c, + 0xfe, 0x59, 0x08, 0xb1, 0x00, 0x87, 0xe2, 0x7f, 0xbd, 0x97, 0xd2, 0xc2, + 0x42, 0x14, 0x61, 0x9c, 0x71, 0x47, 0xc8, 0xfb, 0xef, 0xca, 0x39, 0xbc, + 0x25, 0x67, 0x62, 0xa6, 0x82, 0x35, 0x31, 0xf7, 0xe2, 0x34, 0xd6, 0x8e, + 0xae, 0x7a, 0x0d, 0x9f, 0xaf, 0x10, 0xdd, 0x15, 0xe9, 0x52, 0x37, 0x80, + 0xc7, 0xd5, 0xae, 0x58, 0x09, 0x4a, 0xd5, 0x25, 0xa9, 0x06, 0x3b, 0x4c, + 0x33, 0xf9, 0x5e, 0x10, 0x06, 0xda, 0x2e, 0xb1, 0x2d, 0x37, 0x43, 0x68, + 0x94, 0x95, 0xc1, 0xf2, 0x02, 0x3e, 0x40, 0x73, 0x53, 0xc5, 0xeb, 0x3e, + 0x4c, 0xa1, 0xc4, 0x8c, 0xff, 0x81, 0xa1, 0x09, 0x00, 0xd1, 0x48, 0x20, + 0xeb, 0x80, 0x1a, 0xf4, 0xf1, 0xa5, 0x96, 0xc4, 0xb9, 0xce, 0x9a, 0x53, + 0x1f, 0xcf, 0x8a, 0x54, 0xd9, 0xff, 0xd7, 0x24, 0x25, 0x8b, 0x6e, 0xec, + 0x20, 0x10, 0x8d, 0xf6, 0xfd, 0xfd, 0x76, 0xd4, 0xae, 0x03, 0xba, 0x7e, + 0xa5, 0x98, 0xdc, 0xb0, 0xe4, 0xa2, 0x80, 0x84, 0x95, 0x87, 0x28, 0x6f, + 0x4d, 0x7f, 0x25, 0x6c, 0xe8, 0x5e, 0x5e, 0xb5, 0x67, 0x9b, 0x1d, 0xac, + 0xc1, 0xf9, 0x09, 0x56, 0x49, 0xb7, 0x2e, 0x5f, 0xa0, 0x72, 0xae, 0xb0, + 0x03, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x80, 0x25, + 0x17, 0xea, 0xcb, 0x3a, 0xfe, 0xf4, 0xbf, 0xfa, 0xe6, 0x03, 0x98, 0xdf, + 0x99, 0x57, 0xa5, 0xd2, 0xa1, 0x54, 0xa8, 0x33, 0x68, 0xd8, 0xe1, 0x58, + 0x42, 0xb2, 0xf5, 0x9e, 0xe0, 0x9f, 0x79, 0x19, 0x7b, 0xd2, 0xef, 0x1e, + 0x9a, 0xdd, 0xaf, 0x87, 0x86, 0xf6, 0xb4, 0x12, 0x74, 0x47, 0x40, 0x5e, + 0x30, 0x42, 0xb2, 0x1f, 0x2f, 0x50, 0xb7, 0xaa, 0x73, 0x77, 0x16, 0x80, + 0xc3, 0xbb, 0xcb, 0x6c, 0x22, 0x5a, 0x5d, 0x5f, 0xf6, 0xb5, 0x6c, 0x47, + 0x1c, 0x18, 0x82, 0xa0, 0xa3, 0x3b, 0x0a, 0xf1, 0x65, 0xa3, 0xed, 0x6c, + 0x24, 0x9d, 0xc7, 0x78, 0x3e, 0x6b, 0xc7, 0x58, 0xac, 0x37, 0xe6, 0x57, + 0x2d, 0x33, 0xfe, 0x32, 0x50, 0x78, 0xed, 0x95, 0x26, 0x50, 0xf2, 0xeb, + 0x96, 0x04, 0x90, 0x2e, 0xf9, 0x9a, 0x51, 0x1a, 0x11, 0x19, 0xd1, 0x3c, + 0x4f, 0xc9, 0xa4, 0x3a, 0x17, 0x5d, 0xcd, 0xfb, 0xfb, 0x1a, 0x14, 0x00, + 0xfe, 0x17, 0x09, 0x3b, 0x69, 0xcd, 0x3c, 0xdb, 0x89, 0x5f, 0x65, 0x43, + 0x2e, 0xa2, 0x19, 0x5f, 0x90, 0x51, 0x1c, 0x73, 0x36, 0xb5, 0x8a, 0x68, + 0x5d, 0xac, 0xff, 0x2d, 0xaf, 0x4c, 0x5e, 0x92, 0xe5, 0x65, 0xb1, 0x66, + 0x5a, 0xe6, 0x0e, 0x51, 0x2b, 0xaa, 0x99, 0x65, 0xb8, 0x08, 0xd5, 0xff, + 0x11, 0x9c, 0xeb, 0x7c, 0xd6, 0x92, 0xcb, 0xf9, 0x20, 0x06, 0x7a, 0xfa, + 0xcd, 0x80, 0x9f, 0x66, 0xbe, 0x70, 0x6d, 0xa2, 0x68, 0x10, 0xac, 0x79, + 0x0d, 0xb1, 0x56, 0xc9, 0x48, 0xe6, 0xfe, 0x58, 0x1b, 0xc9, 0x84, 0x91, + 0x57, 0xf4, 0xda, 0x49, 0x3f, 0x3a, 0x64, 0xb0, 0xc6, 0xe1, 0x19, 0xe0, + 0x31, 0xb1, 0x07, 0xf8, 0x43, 0x6c, 0xe2, 0x91, 0x60, 0xb4, 0x58, 0xb8, + 0xf9, 0xf1, 0x09, 0x5f, 0xde, 0xb1, 0x92, 0x63, 0x38, 0x4f, 0xf5, 0x38, + 0x75, 0x57, 0xbc, 0x4f, 0x10, 0xb4, 0x03, 0x4d, 0xe8, 0x41, 0x70, 0x3b, + 0xad, 0x2c, 0x1e, 0x76, 0x9c, 0x23, 0x85, 0x3e, 0xb6, 0x30, 0xa3, 0x6d, + 0x10, 0x61, 0xdd, 0x46, 0xe2, 0xa6, 0xbb, 0xaf, 0x74, 0x3a, 0x97, 0xf0, + 0xb3, 0x2c, 0x36, 0xf5, 0x0c, 0x1a, 0x37, 0x22, 0xde, 0xf3, 0xa3, 0x94, + 0xd9, 0x1c, 0x2e, 0x07, 0x8b, 0xf0, 0x9d, 0x79, 0x5e, 0xcd, 0xe5, 0xe5, + 0x6b, 0x82, 0x02, 0xf9, 0x74, 0x02, 0x6f, 0x75, 0xfc, 0x56, 0xe9, 0xa0, + 0xdd, 0x6a, 0x88, 0xf2, 0xe7, 0xcb, 0x78, 0xef, 0x12, 0x98, 0xcc, 0x6c, + 0x65, 0x20, 0x7c, 0xa4, 0x5b, 0xd3, 0x71, 0x88, 0x80, 0x7b, 0x4f, 0xcd, + 0xb1, 0xe6, 0x0d, 0xd8, 0xe5, 0xb8, 0x56, 0x48, 0xfb, 0x7e, 0xfa, 0x8b, + 0x6f, 0xdd, 0x44, 0x8f, 0x39, 0x74, 0x1a, 0x8d, 0x98, 0x09, 0xfe, 0x16, + 0x3a, 0xf3, 0xde, 0x45, 0xba, 0xc2, 0x4a, 0x5a, 0x84, 0x1c, 0x81, 0x02, + 0x81, 0xc1, 0x00, 0xe4, 0xa3, 0xd8, 0x30, 0xd7, 0x3e, 0x8b, 0x31, 0xc6, + 0x82, 0xe2, 0x74, 0xff, 0xc9, 0xfd, 0x12, 0xac, 0x31, 0x3d, 0x2d, 0xd0, + 0x51, 0x3d, 0x50, 0x57, 0x0d, 0xb7, 0xeb, 0x47, 0x62, 0xfe, 0xa1, 0x93, + 0xe7, 0xbb, 0x54, 0x0b, 0x94, 0xa9, 0x4a, 0x5d, 0xdd, 0x74, 0x2a, 0xcf, + 0x73, 0xf5, 0xde, 0xb9, 0xca, 0xe3, 0x1b, 0xd2, 0x3a, 0xc5, 0x60, 0xbb, + 0x27, 0x94, 0xfd, 0x68, 0x26, 0x1f, 0x82, 0x03, 0xf5, 0x71, 0x92, 0x82, + 0x90, 0x4f, 0x46, 0x1e, 0xac, 0xee, 0x2c, 0xe7, 0xe0, 0xa0, 0x09, 0x7a, + 0xa7, 0xc8, 0xdb, 0xab, 0xd3, 0x3f, 0x1b, 0xf2, 0x69, 0x91, 0x2a, 0x07, + 0x82, 0x71, 0x4f, 0xa9, 0x3b, 0x49, 0xea, 0xc4, 0x36, 0xeb, 0x3d, 0xe7, + 0x34, 0xa7, 0xd6, 0xff, 0xdf, 0xd8, 0xc2, 0xc1, 0x43, 0x5e, 0x84, 0x3f, + 0xc7, 0x09, 0xf9, 0x04, 0x8e, 0x54, 0x2a, 0x19, 0x7c, 0x48, 0x54, 0x2b, + 0xeb, 0x2b, 0x85, 0xea, 0xd0, 0xf5, 0xe6, 0x4a, 0xa6, 0x3d, 0x0e, 0xc0, + 0x15, 0x2b, 0x3f, 0x85, 0x61, 0x2d, 0xdc, 0xa6, 0xbf, 0xde, 0xab, 0xf3, + 0x17, 0x5d, 0x59, 0x7d, 0x40, 0x56, 0x3e, 0x0e, 0x06, 0x2d, 0x91, 0xcb, + 0x02, 0x88, 0x80, 0x08, 0x2f, 0xe9, 0xf8, 0xf0, 0x91, 0xbd, 0xbd, 0xda, + 0x31, 0x6e, 0xeb, 0x1e, 0x85, 0x8c, 0xa4, 0x4d, 0x2b, 0x02, 0x8a, 0xe9, + 0xcd, 0xe3, 0xa9, 0x02, 0x81, 0xc1, 0x00, 0xc4, 0xe1, 0xcd, 0x0e, 0xcf, + 0x42, 0x98, 0x61, 0x5e, 0x1f, 0x78, 0x9b, 0xa7, 0xde, 0x22, 0xfd, 0x50, + 0x94, 0xaf, 0x4a, 0xd1, 0xac, 0x29, 0x50, 0xee, 0x96, 0x30, 0x38, 0x5a, + 0x20, 0x40, 0x9a, 0x28, 0x0c, 0x65, 0x38, 0xa2, 0xfe, 0xed, 0x03, 0x14, + 0x48, 0xe2, 0x6e, 0x22, 0xd6, 0x70, 0x93, 0xa7, 0x1f, 0x9d, 0xc7, 0x4e, + 0xbd, 0x1a, 0xbc, 0x0e, 0x9c, 0xe8, 0x3d, 0x67, 0x0b, 0x02, 0x76, 0xab, + 0x1c, 0x85, 0xac, 0x73, 0x4d, 0xd8, 0xbf, 0x9c, 0x74, 0xcc, 0x7f, 0xec, + 0xbd, 0x73, 0x2d, 0x1d, 0x75, 0xf8, 0x89, 0xef, 0x46, 0x0a, 0x48, 0x19, + 0xba, 0x5e, 0x1b, 0x01, 0xde, 0x23, 0x32, 0x55, 0x51, 0x81, 0xb7, 0x6f, + 0xa9, 0x65, 0x44, 0x93, 0x19, 0x8a, 0x60, 0x6f, 0x00, 0xca, 0xfd, 0x8a, + 0x93, 0x35, 0x6e, 0x45, 0x6f, 0x22, 0x3b, 0x75, 0x1b, 0xd5, 0xb5, 0xca, + 0x97, 0xae, 0x2b, 0x39, 0xba, 0x77, 0xfb, 0x7c, 0x17, 0x4c, 0x82, 0xec, + 0x02, 0x18, 0x65, 0x60, 0xd5, 0xe2, 0x7b, 0xf1, 0x8a, 0x26, 0x3c, 0xc2, + 0x12, 0xd9, 0xcc, 0x66, 0xb0, 0x1d, 0x1d, 0xa2, 0x67, 0x3f, 0x29, 0x7d, + 0x4c, 0x1b, 0xed, 0x44, 0x5b, 0x4e, 0xfc, 0x5d, 0xb0, 0x61, 0x36, 0xec, + 0xaa, 0xbd, 0x82, 0xcb, 0x54, 0xd0, 0xfc, 0xc4, 0x26, 0x99, 0xd4, 0xd6, + 0x0a, 0x02, 0x27, 0xbf, 0xe0, 0x03, 0x51, 0x02, 0x81, 0xc0, 0x40, 0xf3, + 0x0e, 0x41, 0xe9, 0x93, 0x39, 0xc5, 0x5d, 0x07, 0xe7, 0x3e, 0xa7, 0x3f, + 0x00, 0xe6, 0x22, 0x06, 0x26, 0xc3, 0xf1, 0xee, 0x72, 0x05, 0x75, 0x85, + 0x4f, 0x1e, 0xc5, 0xfb, 0xa8, 0x2b, 0xcc, 0x31, 0x42, 0xf4, 0xc0, 0x09, + 0x6e, 0x01, 0xd3, 0x22, 0x4a, 0x92, 0xb2, 0xb5, 0xd5, 0x3d, 0x7c, 0xf7, + 0xd6, 0x86, 0x1b, 0xb5, 0x58, 0x46, 0x7f, 0x43, 0xe2, 0x3e, 0x0e, 0x2c, + 0xee, 0x3c, 0x67, 0xd5, 0x7c, 0x7a, 0xcb, 0x1e, 0x25, 0x76, 0xdc, 0xd5, + 0xf1, 0x1e, 0xce, 0x8b, 0xef, 0xca, 0x61, 0x8e, 0x72, 0x2f, 0x7c, 0xe3, + 0x18, 0x85, 0x5e, 0xda, 0x80, 0x43, 0x39, 0x38, 0xe3, 0xe9, 0x66, 0x40, + 0x92, 0x61, 0xdf, 0x75, 0x5e, 0x64, 0x0a, 0x5e, 0xd9, 0xe2, 0xe8, 0x72, + 0xf5, 0x47, 0x75, 0xd1, 0x26, 0x73, 0x59, 0x0e, 0xb8, 0x95, 0x85, 0xa6, + 0xcc, 0xdf, 0xdc, 0xb7, 0x82, 0x70, 0x6e, 0xbd, 0x72, 0x72, 0xab, 0x5e, + 0xca, 0xcb, 0xad, 0x9f, 0x05, 0xaf, 0x3f, 0xff, 0x83, 0x76, 0x9a, 0xf4, + 0x1d, 0x2c, 0x16, 0x2e, 0x61, 0x19, 0xe5, 0x87, 0x58, 0x9c, 0x48, 0x49, + 0x53, 0x76, 0x73, 0x53, 0x6b, 0xf4, 0x83, 0x7f, 0xe7, 0xb8, 0xbf, 0x1a, + 0xa5, 0x53, 0x73, 0x3b, 0x63, 0x74, 0x20, 0x1c, 0x74, 0xce, 0xd3, 0xaf, + 0xca, 0x61, 0x0e, 0x0e, 0xce, 0xbd, 0x19, 0x67, 0xc4, 0x69, 0x02, 0x81, + 0xc1, 0x00, 0xb9, 0x88, 0x4c, 0x14, 0x1b, 0xae, 0x97, 0x28, 0x92, 0x69, + 0x37, 0xdf, 0xff, 0x76, 0x6f, 0x24, 0xa6, 0x0e, 0x27, 0x8e, 0x6b, 0x3e, + 0x41, 0x05, 0x1a, 0x80, 0xff, 0xd9, 0xea, 0xdc, 0x9f, 0xe4, 0x65, 0xbf, + 0x20, 0x98, 0x19, 0xca, 0x00, 0x12, 0x39, 0xc8, 0x61, 0x51, 0x06, 0x95, + 0x6c, 0x2b, 0x48, 0x7f, 0x9b, 0xd0, 0xd9, 0x5b, 0x8d, 0x59, 0x10, 0xb0, + 0x3e, 0x8e, 0xb6, 0x8f, 0x02, 0x78, 0x4f, 0xd1, 0xa6, 0x0a, 0x97, 0xf2, + 0x11, 0x42, 0xa8, 0x2e, 0xcd, 0x13, 0xf4, 0x45, 0xa7, 0xc7, 0x29, 0x0f, + 0x25, 0xf2, 0xde, 0x3f, 0xf3, 0xaa, 0x74, 0x4c, 0x53, 0x28, 0x42, 0x3f, + 0x52, 0x8d, 0xb9, 0x27, 0x01, 0x05, 0x9b, 0x3d, 0x57, 0xc8, 0x22, 0x93, + 0x1b, 0xfa, 0xba, 0x40, 0x56, 0x0a, 0x4d, 0xcf, 0x61, 0xb7, 0x93, 0xc9, + 0x21, 0xca, 0x44, 0x16, 0xc1, 0xf2, 0xf9, 0x82, 0xac, 0xc7, 0xe1, 0x33, + 0xde, 0xa3, 0x68, 0x12, 0x10, 0xb1, 0x03, 0xb5, 0x09, 0xc6, 0x67, 0x55, + 0xc7, 0x83, 0xa3, 0x5f, 0xdb, 0x9e, 0xc0, 0x08, 0xc1, 0xa4, 0x44, 0x54, + 0xcc, 0x6b, 0x43, 0xc2, 0xe6, 0x1b, 0xb4, 0x0e, 0xc7, 0xf6, 0x74, 0xc7, + 0x53, 0x0c, 0xb1, 0x41, 0x68, 0xab, 0x38, 0xa5, 0xc1, 0xc7, 0x02, 0xd3, + 0xdf, 0xc9, 0x83, 0x13, 0x19, 0x3e, 0x1f, 0xa1, 0xf8, 0xdb, 0xfa, 0x8e, + 0x20, 0xb1, 0x02, 0x81, 0xc1, 0x00, 0xe1, 0x2a, 0x42, 0x01, 0x40, 0x7d, + 0x27, 0x51, 0xc9, 0xae, 0xb4, 0x2c, 0xb1, 0xf9, 0xe6, 0xaf, 0x34, 0xdc, + 0xd4, 0x45, 0x31, 0xa9, 0xae, 0x2a, 0x23, 0xdb, 0x54, 0x92, 0xf3, 0xc2, + 0x22, 0x9f, 0x6e, 0x33, 0xa2, 0x8a, 0x8a, 0x66, 0x40, 0xe4, 0xbf, 0x2f, + 0x1c, 0x6a, 0x23, 0x37, 0x8c, 0x5e, 0x56, 0x15, 0xe0, 0xeb, 0x12, 0xbf, + 0x14, 0xe8, 0x1b, 0xb9, 0x9c, 0x4c, 0xe1, 0x51, 0xb5, 0x4e, 0x61, 0x28, + 0x22, 0xbe, 0xb7, 0xca, 0x9e, 0x41, 0x0a, 0x5a, 0xfd, 0xdb, 0x0c, 0xa6, + 0x21, 0xe5, 0x97, 0x00, 0x2b, 0x9d, 0x1c, 0x81, 0x8c, 0x85, 0x60, 0x2f, + 0x99, 0x45, 0x29, 0x1a, 0x47, 0x50, 0x62, 0xec, 0x6a, 0xf5, 0x3f, 0x4f, + 0x52, 0x07, 0x9a, 0xd8, 0x1a, 0xc5, 0x9a, 0x37, 0xd9, 0xd5, 0xef, 0x70, + 0x08, 0x75, 0xfa, 0x77, 0x42, 0x1d, 0x50, 0x70, 0x6c, 0x74, 0xce, 0x17, + 0x87, 0x28, 0x9c, 0x0f, 0xa0, 0xf9, 0x4b, 0x29, 0xe1, 0xb6, 0x52, 0x49, + 0x69, 0xf9, 0x9d, 0x4e, 0x28, 0x22, 0x2c, 0xef, 0x49, 0x5a, 0x46, 0xed, + 0x21, 0x9e, 0xd0, 0x69, 0xe0, 0x77, 0x11, 0xfd, 0x52, 0xc7, 0x6a, 0x6e, + 0xfc, 0xdc, 0x8a, 0x9d, 0x44, 0x29, 0xe1, 0xd1, 0x4d, 0x9a, 0xc7, 0x20, + 0x46, 0x26, 0x07, 0xec, 0x74, 0x2d, 0xa4, 0x48, 0x07, 0x77, 0x70, 0x64, + 0xd8, 0x9d, 0x2b, 0x74, 0xe4, 0x2b}; + const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { // Comment: @@ -5379,7 +5532,10 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { // Comment: ps is all 0 // tcID: 9 {9, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x34, 0xf9, 0xf6, 0x88, 0xfe, 0x27, 0x31, 0x97, 0xf4, + 0xed, 0x30, 0x7a, 0xfb, 0x1b, 0x3c, 0xd7, 0xa3, 0xc6, + 0xf7, 0x6f, 0xe4, 0xde, 0x60, 0x0b, 0x2e, 0x6e}, {0x88, 0xa6, 0x58, 0x47, 0x54, 0xad, 0x31, 0xf2, 0x8a, 0x05, 0x57, 0x5d, 0xd8, 0x09, 0xbe, 0x25, 0x23, 0x1d, 0x07, 0x8d, 0x1c, 0x1e, 0x46, 0xb7, 0x24, 0x0c, 0x1c, 0x40, 0x26, 0x45, 0xb7, 0x10, 0xeb, 0x2d, 0x2b, 0xc1, @@ -5413,7 +5569,7 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xd3, 0x67, 0x1b, 0x0c, 0xfd, 0xf7, 0xf0, 0x5b, 0xf0, 0x77, 0x2d, 0xfe, 0x1c, 0x83, 0x0f, 0xf8, 0xf0, 0x91, 0xed, 0x49, 0xe7, 0x3f, 0x60, 0xc8}, priv_key_33, - false}, + true}, // Comment: ps is all 1 // tcID: 10 @@ -5496,7 +5652,38 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { // Comment: byte 0 of ps is 0 // tcID: 12 {12, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x8b, 0x18, 0x5b, 0x57, 0xa2, 0xd6, 0x27, 0x7c, 0xad, 0xa2, 0x86, 0x26, + 0x19, 0x8b, 0x1d, 0x90, 0x82, 0xe9, 0x2b, 0x16, 0x86, 0x7f, 0x75, 0xc2, + 0x5a, 0x27, 0x6d, 0x9e, 0x2f, 0x31, 0xf5, 0x16, 0x82, 0x11, 0x3b, 0x55, + 0xf1, 0xe8, 0x55, 0x70, 0x27, 0x5b, 0xc8, 0x04, 0x2c, 0x43, 0x44, 0x04, + 0x24, 0x21, 0x78, 0xcf, 0x8b, 0x2d, 0xc1, 0xe0, 0x3e, 0xde, 0x80, 0xf3, + 0x02, 0x66, 0xf5, 0xca, 0xa2, 0x6d, 0x94, 0x36, 0xe6, 0x6e, 0xcd, 0xdf, + 0xdf, 0xff, 0x76, 0x65, 0x00, 0xb5, 0xd4, 0x7a, 0x14, 0x2f, 0x54, 0x93, + 0x5f, 0x9a, 0xdc, 0x81, 0x5a, 0xdc, 0x40, 0x60, 0xe5, 0xaf, 0x15, 0x45, + 0xf2, 0x1e, 0xdd, 0x65, 0x1e, 0x5f, 0x5e, 0x07, 0x69, 0x87, 0x2c, 0x31, + 0xe6, 0xa3, 0x31, 0x7b, 0xc4, 0xd3, 0x93, 0x2f, 0xf9, 0xc4, 0xb0, 0xb6, + 0x5c, 0x5e, 0x60, 0x43, 0x76, 0xae, 0xc5, 0xc9, 0x6c, 0xe7, 0x5b, 0x05, + 0x5b, 0x70, 0x1e, 0x83, 0x74, 0x34, 0x04, 0x83, 0xca, 0x0c, 0x0e, 0x89, + 0x88, 0xb5, 0xbc, 0x3c, 0xbf, 0xba, 0xc9, 0xa8, 0xbf, 0x6e, 0x78, 0xbb, + 0x84, 0xbf, 0x48, 0xf5, 0x70, 0x43, 0xe8, 0x5d, 0x76, 0x25, 0x1a, 0x34, + 0x22, 0x28, 0x4d, 0x10, 0x70, 0xf4, 0xb9, 0xad, 0xa8, 0x5f, 0xf6, 0xb8, + 0xd6, 0x9c, 0x39, 0x5d, 0xaf, 0x09, 0xb0, 0x6e, 0x69, 0xff, 0xab, 0x1c, + 0xc7, 0xb7, 0xfb, 0xc0, 0x29, 0x2e, 0xb4, 0xae, 0xd8, 0x87, 0x01, 0xf2, + 0x7f, 0x8b, 0xfb, 0x65, 0x43, 0x4f, 0xc1, 0x15, 0x1c, 0x7d, 0x7e, 0x7c, + 0xe1, 0xc8, 0xfc, 0x27, 0x3e, 0x09, 0xc6, 0x6e, 0xc7, 0xe8, 0x3d, 0x9c, + 0xbf, 0xb1, 0xbf, 0x62, 0xde, 0x58, 0xbe, 0xb5, 0xe7, 0xd3, 0x5e, 0xa6, + 0x39, 0x11, 0x51, 0xa1, 0xb0, 0x06, 0x24, 0x25, 0x65, 0x68, 0xc4, 0x98, + 0x7d, 0x0a, 0x09, 0x46, 0x27, 0xb0, 0x4a, 0xf5, 0x8f, 0xa8, 0x29, 0x09, + 0xdb, 0x5a, 0x7f, 0xd0, 0x44, 0x7e, 0xd9, 0x2e, 0x2d, 0x4d, 0x54, 0xb1, + 0xf4, 0xd9, 0xe6, 0x11, 0x74, 0x6a, 0x49, 0x04, 0xfa, 0x6a, 0x65, 0xa2, + 0xd0, 0x9a, 0xe2, 0x0b, 0x8a, 0x6c, 0xbf, 0x2f, 0x8e, 0x28, 0x10, 0xa8, + 0xef, 0x2f, 0x6e, 0x43, 0xdf, 0x1b, 0xe7, 0x0a, 0xa2, 0x99, 0x46, 0x11, + 0xf6, 0x4d, 0xac, 0x2c, 0x97, 0x1a, 0xaf, 0xe1, 0x4e, 0xc7, 0xe8, 0xfc, + 0x5e, 0x63, 0xa1, 0x15, 0x5a, 0x98, 0x48, 0xad, 0xa6, 0x99, 0x02, 0x6d, + 0xef, 0xc5, 0xd9, 0x72, 0x20, 0x88, 0xf4, 0xf4, 0xa8, 0x9a, 0x67, 0xb3, + 0x3e, 0x76, 0xec, 0x13, 0x2e, 0xb4, 0x48, 0x4e, 0x97, 0x4c, 0x76, 0x95, + 0x3c, 0xa9, 0x49, 0xcc, 0x4e, 0x73, 0x06, 0x73, 0x67, 0x03}, {0xd7, 0x23, 0xaa, 0xad, 0x7a, 0xed, 0x7f, 0xe2, 0x22, 0x77, 0xd0, 0x57, 0xc7, 0x01, 0x13, 0x53, 0x11, 0x22, 0x78, 0x1e, 0x8e, 0x46, 0xce, 0xcd, 0x03, 0x5a, 0x9d, 0x26, 0xe9, 0x80, 0xa7, 0x71, 0x65, 0x3d, 0x78, 0x0c, @@ -5530,12 +5717,43 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xd1, 0x6e, 0x05, 0x67, 0x40, 0xbe, 0x32, 0x3d, 0xe0, 0x3d, 0xd0, 0x9d, 0x2b, 0xa3, 0x0c, 0x91, 0x3f, 0x28, 0x9d, 0x31, 0x2d, 0xd5, 0x92, 0x5e}, priv_key_33, - false}, + true}, // Comment: byte 1 of ps is 0 // tcID: 13 {13, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x4b, 0x59, 0xa7, 0xcf, 0xcd, 0x10, 0x0f, 0x80, 0xb1, 0x95, 0x76, 0x01, + 0xc3, 0x7e, 0x7f, 0x09, 0xfa, 0x3f, 0x32, 0x6e, 0xff, 0x95, 0x38, 0xbe, + 0xaa, 0x5d, 0xd7, 0x11, 0x13, 0x14, 0xbe, 0x3f, 0x73, 0x6e, 0x40, 0x5e, + 0x41, 0x5f, 0x1e, 0xec, 0x89, 0x7c, 0x0e, 0xbc, 0x36, 0x77, 0x72, 0x78, + 0x65, 0x8e, 0x06, 0xa8, 0x12, 0x8e, 0x5a, 0xc9, 0xe1, 0x77, 0x5a, 0x12, + 0x5d, 0xe6, 0xec, 0xf0, 0x16, 0xe3, 0x14, 0xbd, 0xbc, 0xbb, 0x11, 0x48, + 0xd3, 0xa5, 0x2f, 0xde, 0x76, 0x6d, 0xc8, 0x02, 0xa6, 0x01, 0x31, 0xf9, + 0x7b, 0x6e, 0x11, 0x31, 0xc5, 0x40, 0x6d, 0x4a, 0x78, 0x5a, 0x48, 0xa7, + 0x59, 0x26, 0xc6, 0x87, 0x61, 0x78, 0x89, 0x06, 0xb3, 0xd1, 0xf3, 0x6f, + 0x09, 0xf2, 0xee, 0xfe, 0x7b, 0xfa, 0x8d, 0x7d, 0x03, 0x41, 0x4e, 0x7d, + 0x73, 0xef, 0x64, 0xe4, 0x12, 0x19, 0x1d, 0x53, 0x1c, 0x96, 0x5e, 0xc3, + 0xcc, 0x76, 0xf2, 0x8a, 0xb3, 0xc2, 0x7d, 0xa3, 0xee, 0x74, 0x5f, 0xba, + 0x57, 0xc8, 0x57, 0x4d, 0xec, 0xcc, 0xe0, 0x4c, 0x66, 0x9f, 0x32, 0x1e, + 0xae, 0x07, 0x44, 0x5b, 0xfe, 0x13, 0x42, 0x0b, 0x59, 0x8c, 0x16, 0xd4, + 0x50, 0x25, 0x9b, 0x45, 0x62, 0xa5, 0xf4, 0x5c, 0xb5, 0xab, 0xff, 0xf0, + 0xf6, 0x6e, 0x2b, 0xad, 0x42, 0xd7, 0xc6, 0x21, 0xd0, 0xba, 0x12, 0x08, + 0x48, 0xc5, 0x3c, 0xe1, 0xce, 0x14, 0x0d, 0x9c, 0xca, 0xd9, 0xe7, 0x51, + 0x12, 0x86, 0xbb, 0xd5, 0x2e, 0x64, 0xa1, 0x1f, 0x9c, 0x62, 0xd3, 0x65, + 0xa2, 0x94, 0x7c, 0xb1, 0x0c, 0xa3, 0xe1, 0xff, 0x30, 0x6b, 0x73, 0xfa, + 0x92, 0x79, 0x5c, 0x47, 0xdc, 0x99, 0x30, 0xbe, 0x92, 0x03, 0xcc, 0x64, + 0x43, 0x6b, 0x27, 0x8f, 0xbb, 0x6c, 0xe9, 0xd5, 0x56, 0xd3, 0x84, 0x3c, + 0x83, 0x4c, 0xa6, 0x4d, 0x2a, 0xbd, 0x58, 0x36, 0xbc, 0x47, 0x19, 0x8b, + 0xfc, 0xfd, 0xdd, 0xa5, 0x30, 0x5f, 0x7a, 0x45, 0xd9, 0x89, 0x31, 0x10, + 0x21, 0x16, 0x08, 0xa3, 0xc6, 0x27, 0xdb, 0x19, 0x26, 0x9c, 0x16, 0xa6, + 0xa8, 0x1d, 0x67, 0x77, 0xbe, 0xba, 0x4c, 0xc9, 0xbe, 0x65, 0x80, 0x4c, + 0xac, 0x2c, 0xa9, 0x7b, 0x11, 0xff, 0x67, 0xb2, 0x76, 0x54, 0x3c, 0xa6, + 0x93, 0xd1, 0x3e, 0xf6, 0x2d, 0x79, 0x7d, 0xab, 0xd6, 0x4d, 0xad, 0xfc, + 0x38, 0xab, 0x46, 0xb5, 0x53, 0xe2, 0x83, 0x05, 0xa2, 0x39, 0x1b, 0x77, + 0xec, 0xfd, 0x3e, 0x88, 0xbb, 0x07, 0xdc, 0xa0, 0x9d, 0xe1, 0xa8, 0xbe, + 0xee, 0xb7, 0x88, 0xaa, 0xd6, 0x24, 0xbc, 0xd8, 0xa7, 0x89, 0x9c, 0x67, + 0xa2, 0x31, 0x35}, {0x5b, 0x68, 0xc3, 0xc4, 0x63, 0xfd, 0x8f, 0xfe, 0xda, 0x06, 0xc0, 0x9f, 0xdd, 0xcc, 0xbc, 0x52, 0x84, 0x01, 0x7f, 0x75, 0x3f, 0xf8, 0x1e, 0x1d, 0xb2, 0x55, 0xec, 0xc8, 0xc3, 0x2b, 0x7c, 0x11, 0xe7, 0xf9, 0x2d, 0xdc, @@ -5569,12 +5787,42 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xa4, 0x90, 0xbc, 0xdf, 0xd7, 0x00, 0x0f, 0x52, 0x9c, 0x48, 0x60, 0x8c, 0x2e, 0xfd, 0x62, 0x40, 0xed, 0x7e, 0x84, 0xfc, 0x1b, 0x04, 0xf0, 0xcc}, priv_key_33, - false}, + true}, // Comment: byte 7 of ps is 0 // tcID: 14 {14, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x25, 0x1c, 0xa3, 0x2f, 0x3c, 0x78, 0xa2, 0x31, 0x6a, 0x98, 0xb2, 0x7c, + 0x9a, 0x82, 0xd4, 0x2d, 0x1b, 0xfb, 0x65, 0x41, 0xde, 0xee, 0x2e, 0x7f, + 0xd3, 0x84, 0x4c, 0x96, 0x91, 0x05, 0x4f, 0xe1, 0x54, 0xb7, 0x01, 0xa5, + 0xd6, 0xa3, 0xf9, 0xe7, 0xd4, 0xdd, 0x83, 0xa8, 0xe4, 0xb0, 0xe0, 0x05, + 0xa7, 0x23, 0x5a, 0x24, 0x2d, 0x6c, 0xd9, 0x39, 0xb1, 0x53, 0x5a, 0x79, + 0xd8, 0xb9, 0x53, 0xee, 0x36, 0x48, 0x3b, 0x5e, 0x0b, 0x24, 0xb8, 0xb0, + 0x1b, 0x57, 0xc5, 0xbc, 0x64, 0x15, 0xe1, 0xec, 0xe2, 0x39, 0x76, 0xe3, + 0xe9, 0x52, 0x0b, 0xcc, 0x98, 0x73, 0xac, 0xae, 0x26, 0x10, 0x7e, 0xf3, + 0x07, 0xfb, 0xdc, 0x0f, 0x89, 0xa5, 0x36, 0x9b, 0xa0, 0x93, 0xab, 0x96, + 0x42, 0x78, 0xd8, 0x6e, 0x4b, 0xc1, 0x33, 0x5e, 0x4c, 0x20, 0x7e, 0xcb, + 0x75, 0x11, 0x87, 0x7e, 0xbc, 0x37, 0x96, 0x76, 0x6a, 0x76, 0x92, 0xef, + 0x5d, 0x4f, 0x27, 0xd8, 0x6b, 0x44, 0xce, 0x87, 0xfc, 0x5f, 0x4b, 0xe9, + 0x86, 0xf4, 0xd0, 0xa3, 0xe3, 0x1a, 0xe2, 0xe2, 0x1e, 0xe5, 0x48, 0x4f, + 0x3b, 0x6f, 0xf2, 0xa3, 0x0e, 0x45, 0xba, 0x42, 0xc1, 0x6b, 0x84, 0x63, + 0x8f, 0x1a, 0xa7, 0x66, 0x42, 0xb2, 0x55, 0xf7, 0x66, 0x28, 0x6f, 0xa4, + 0x53, 0x38, 0xb8, 0x0d, 0x39, 0x33, 0xde, 0x80, 0x3a, 0x0d, 0x20, 0x69, + 0x41, 0x18, 0x3f, 0x0c, 0xd9, 0x3c, 0xdb, 0x80, 0x58, 0x74, 0xfd, 0xef, + 0xac, 0xfc, 0x0a, 0xc2, 0x3e, 0xe2, 0xfc, 0x2d, 0xd9, 0xf0, 0x9e, 0x2f, + 0x61, 0xe2, 0x46, 0x94, 0xbf, 0xd9, 0x31, 0xf9, 0xcd, 0x25, 0xfb, 0x7c, + 0x16, 0x3b, 0xcc, 0x66, 0x11, 0x9b, 0xd9, 0x5a, 0x19, 0xe8, 0x07, 0xf2, + 0xd0, 0x87, 0x57, 0x72, 0x5e, 0xc9, 0x28, 0x23, 0x4f, 0x5c, 0xcd, 0xbb, + 0xb8, 0x99, 0x5d, 0x4f, 0xf3, 0x96, 0xd8, 0x11, 0x00, 0xf1, 0xae, 0xb4, + 0x12, 0x1b, 0xea, 0xb6, 0xb3, 0xc5, 0x06, 0x2b, 0xff, 0xa3, 0x8f, 0x0b, + 0xc8, 0x31, 0x91, 0x6f, 0xb4, 0xe4, 0xb8, 0xb2, 0x04, 0x2b, 0x9a, 0xf5, + 0xc1, 0x45, 0xe0, 0xe3, 0x16, 0xfe, 0xd2, 0xbf, 0x5c, 0x07, 0xbe, 0x9f, + 0x47, 0x78, 0xc4, 0xbd, 0x6e, 0x9d, 0x17, 0xfb, 0x72, 0x1f, 0x42, 0x16, + 0xc5, 0x5d, 0xd6, 0xbb, 0xd3, 0x5b, 0xef, 0x5f, 0x0d, 0x96, 0xef, 0x78, + 0xce, 0x80, 0xad, 0xe8, 0x3f, 0x48, 0x59, 0x92, 0xe3, 0xe5, 0x6e, 0x02, + 0xba, 0xaf, 0xbd, 0xcc, 0x65, 0x07, 0xda, 0x44, 0x19, 0x3a, 0xc2, 0xac, + 0x26, 0x96, 0x41, 0xa4, 0x13, 0x2c, 0x11, 0xf6, 0xae, 0x8d}, {0x01, 0xaf, 0x89, 0xa4, 0xd3, 0x7a, 0x04, 0x28, 0x0b, 0x78, 0x62, 0x82, 0x61, 0x96, 0x4c, 0xd3, 0xfe, 0x67, 0xd0, 0x62, 0xb7, 0x4c, 0x35, 0xe8, 0x51, 0xf6, 0x8b, 0x9f, 0x8f, 0xaf, 0x74, 0x54, 0xa2, 0x2d, 0xf1, 0xc8, @@ -5608,12 +5856,38 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x03, 0x56, 0x3c, 0x27, 0x1c, 0x48, 0x50, 0x56, 0x15, 0x3e, 0xfc, 0x36, 0x25, 0x15, 0x92, 0x9e, 0xd6, 0x17, 0x3a, 0x4f, 0xdc, 0xfc, 0xb0, 0xfd}, priv_key_33, - false}, + true}, // Comment: ps truncated // tcID: 15 {15, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xdc, 0xcf, 0x39, 0x12, 0xda, 0xf1, 0x52, 0x57, 0xa9, 0xe2, 0xbc, 0xf3, + 0x8b, 0xc6, 0x3c, 0x65, 0x41, 0x38, 0x81, 0x22, 0xdb, 0x4e, 0x97, 0xcc, + 0xe2, 0x46, 0x71, 0x53, 0x4f, 0x28, 0x95, 0x12, 0x28, 0xf5, 0x9e, 0x47, + 0x77, 0x99, 0x24, 0x83, 0xa1, 0xb5, 0xcf, 0x1d, 0x0e, 0x6b, 0xcd, 0x0f, + 0xad, 0xf7, 0x4c, 0xfe, 0x68, 0x95, 0x15, 0xcd, 0xba, 0x0c, 0x15, 0x67, + 0x2b, 0x40, 0x8b, 0x0d, 0xf0, 0x87, 0x70, 0x2d, 0xd4, 0xf0, 0x8d, 0x93, + 0xb5, 0xa1, 0xc2, 0xdc, 0xfc, 0xfa, 0xe9, 0xc3, 0x9f, 0x3f, 0xd5, 0xac, + 0x49, 0x86, 0xed, 0xf2, 0x07, 0x3a, 0xee, 0xbf, 0x63, 0xcc, 0xac, 0xda, + 0x21, 0x8b, 0x29, 0xaa, 0x79, 0x04, 0x37, 0xbb, 0x11, 0x5e, 0x9c, 0xa6, + 0x18, 0x72, 0x62, 0xcd, 0xf5, 0xc4, 0xa9, 0xac, 0xa5, 0x59, 0xc6, 0x51, + 0xe1, 0xec, 0x17, 0x1d, 0x9d, 0xab, 0xf8, 0x21, 0xc8, 0xe6, 0x5a, 0x2d, + 0x9e, 0x36, 0xb8, 0x32, 0x31, 0x20, 0xf1, 0x38, 0xca, 0xa8, 0x5d, 0x6d, + 0x7c, 0x60, 0x90, 0x09, 0x32, 0xcf, 0x08, 0x1b, 0xb4, 0x2b, 0xa9, 0x54, + 0xc9, 0xea, 0xe8, 0xf0, 0x13, 0x2b, 0x2a, 0x4b, 0xad, 0x99, 0x54, 0x82, + 0x93, 0xf5, 0xc1, 0xcb, 0x2c, 0xe3, 0x86, 0x25, 0x26, 0x11, 0x4b, 0xe5, + 0x3d, 0x82, 0xdf, 0xc5, 0x87, 0x4a, 0x6b, 0xd9, 0xe1, 0x99, 0x97, 0x07, + 0x9e, 0x5e, 0x99, 0x8c, 0xef, 0xbb, 0xd5, 0x9b, 0x74, 0x6f, 0x78, 0xd9, + 0xbf, 0xbe, 0x90, 0xa0, 0x26, 0x74, 0xb6, 0x2d, 0x70, 0xfb, 0xbe, 0x97, + 0x11, 0xdd, 0xb3, 0xf0, 0x9a, 0x7f, 0x23, 0xa9, 0x05, 0xf0, 0x31, 0x67, + 0x0c, 0x84, 0x58, 0xe1, 0xf8, 0x8b, 0x99, 0xb0, 0x68, 0xea, 0xb3, 0x1c, + 0x60, 0x9a, 0xe4, 0x61, 0x46, 0x10, 0xe5, 0xab, 0x36, 0xb9, 0xff, 0x55, + 0xf5, 0x36, 0x34, 0x53, 0x5b, 0xd6, 0xb9, 0xb9, 0x05, 0x13, 0x37, 0x43, + 0xc2, 0x28, 0xac, 0x28, 0x5f, 0x4c, 0x33, 0x80, 0x39, 0xd4, 0x90, 0x64, + 0xa1, 0x05, 0x41, 0xfc, 0xae, 0xe9, 0x16, 0xf5, 0xe3, 0x5a, 0x78, 0x77, + 0xca, 0x52, 0x32, 0xe1, 0x66, 0xf0, 0x73, 0x0c, 0xfa, 0x4d, 0x65, 0xea, + 0x91, 0xeb, 0xc6}, {0x70, 0x0d, 0x40, 0xcf, 0xb0, 0x98, 0x1f, 0x7b, 0x86, 0x26, 0x0e, 0x36, 0x71, 0x2a, 0x46, 0x3d, 0x2d, 0x2f, 0xaf, 0x1f, 0x9d, 0xa3, 0xbf, 0x76, 0x2c, 0x3f, 0x99, 0x33, 0x71, 0xb4, 0x41, 0xd9, 0xe3, 0x74, 0x7f, 0x12, @@ -5647,12 +5921,43 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xe0, 0x69, 0x93, 0x3a, 0xdd, 0xed, 0x25, 0x0d, 0xaf, 0xd8, 0x09, 0x1d, 0xcc, 0x53, 0xba, 0x08, 0x30, 0x1e, 0x64, 0xd4, 0x9a, 0x49, 0x60, 0xc9}, priv_key_33, - false}, + true}, // Comment: ps missing // tcID: 16 {16, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x55, 0x93, 0xd2, 0xbb, 0x19, 0xdd, 0x30, 0x22, 0xb0, 0x69, 0xe5, 0xcc, + 0x40, 0x77, 0x98, 0x4b, 0x55, 0x0a, 0xe3, 0x03, 0x48, 0x80, 0x7e, 0xab, + 0x83, 0x23, 0x51, 0xd9, 0xd7, 0x01, 0x5f, 0x5b, 0x58, 0xc5, 0x3c, 0xc6, + 0x8d, 0xa6, 0x3c, 0xf2, 0x8c, 0xae, 0xa7, 0xf5, 0x60, 0xa5, 0x7c, 0xe4, + 0xc4, 0x4f, 0xda, 0xa3, 0xcd, 0xfb, 0x89, 0x31, 0xf2, 0x49, 0xea, 0xb8, + 0xd3, 0xe0, 0x56, 0x52, 0x64, 0x02, 0x56, 0x71, 0x10, 0xf2, 0x42, 0x6e, + 0x9b, 0x6d, 0x1f, 0xcc, 0x23, 0xb1, 0x25, 0xf6, 0xb8, 0x05, 0x0e, 0xae, + 0xa1, 0x13, 0xbf, 0x5b, 0x35, 0x58, 0x98, 0x52, 0xc2, 0x76, 0xb2, 0x56, + 0x5b, 0xca, 0x2b, 0xca, 0xf7, 0xea, 0x64, 0x55, 0xa0, 0xfa, 0x95, 0x16, + 0x4b, 0x86, 0x2c, 0x66, 0xe0, 0xe9, 0xef, 0x3f, 0xd4, 0x45, 0x68, 0xa2, + 0x4f, 0x63, 0x08, 0xb6, 0x36, 0xe1, 0x29, 0x76, 0xe9, 0x8d, 0xa5, 0xd1, + 0xc3, 0x22, 0x0b, 0xca, 0x78, 0x22, 0x0b, 0x2c, 0xcd, 0x7b, 0x82, 0x05, + 0x72, 0x4d, 0x4a, 0xd5, 0xee, 0x65, 0xb9, 0xe3, 0xf8, 0x10, 0x67, 0x29, + 0xc6, 0xb7, 0xc2, 0x56, 0xce, 0xde, 0xff, 0x23, 0xae, 0x18, 0x78, 0x76, + 0xb4, 0x71, 0x38, 0x6f, 0x1c, 0x71, 0xc0, 0x5d, 0x69, 0x23, 0xf6, 0xae, + 0xc4, 0xe2, 0x0c, 0x8b, 0x48, 0x6b, 0x4e, 0x45, 0xf6, 0xf8, 0xc9, 0xb9, + 0x71, 0x9e, 0xba, 0xee, 0x8a, 0x50, 0x58, 0x14, 0xca, 0xea, 0xea, 0x5d, + 0xe0, 0x6d, 0x3c, 0x83, 0xbd, 0x3d, 0xde, 0x2e, 0xfc, 0xce, 0x55, 0x4a, + 0xe9, 0x39, 0xd4, 0xc3, 0x6a, 0xce, 0x17, 0x38, 0x83, 0x56, 0x7f, 0x3b, + 0x03, 0xd5, 0xca, 0xad, 0xcf, 0x66, 0xfd, 0x02, 0xa9, 0x0a, 0x9f, 0x57, + 0xa6, 0xb4, 0x3b, 0xde, 0x29, 0xf1, 0xe7, 0x6f, 0x25, 0x3e, 0xba, 0x7f, + 0x4a, 0x03, 0xf5, 0x91, 0x0c, 0xa6, 0x8f, 0xe1, 0xad, 0xfa, 0xac, 0x24, + 0x89, 0x51, 0xd3, 0x49, 0xcf, 0x06, 0x62, 0x3c, 0x7d, 0xb3, 0x23, 0x36, + 0x65, 0xcd, 0x1f, 0x6f, 0x18, 0x90, 0xc5, 0x9e, 0x83, 0xa4, 0x8e, 0x7f, + 0xb9, 0x78, 0x96, 0x4a, 0x2d, 0x63, 0xc3, 0xc7, 0x24, 0x94, 0xee, 0x43, + 0xc0, 0x80, 0x46, 0xe3, 0x68, 0xe8, 0x4e, 0x0d, 0x7e, 0x14, 0xb4, 0xca, + 0x58, 0x7b, 0xf2, 0xd8, 0xc6, 0xc5, 0x3d, 0x7b, 0x2d, 0xab, 0x9b, 0xe4, + 0xb0, 0x08, 0x25, 0xb5, 0x0d, 0x3d, 0x8b, 0x33, 0xc1, 0xa6, 0x8f, 0x07, + 0xcb, 0x2a, 0x56, 0x94, 0xa3, 0x14, 0x89, 0x46, 0x2b, 0xae, 0x4c, 0x90, + 0xd7, 0xf2, 0xcb, 0x13, 0xe6, 0x75, 0x21, 0xf7, 0xd0, 0xef, 0xad, 0x3e, + 0x55, 0x85, 0x55, 0x6c}, {0x5a, 0x76, 0x25, 0x90, 0x27, 0x08, 0x9e, 0xdb, 0x01, 0x9b, 0x04, 0x78, 0x8c, 0xb7, 0x02, 0xe5, 0xe0, 0x6b, 0x13, 0xb9, 0x82, 0x6d, 0x57, 0x35, 0x16, 0x94, 0xd2, 0x0f, 0x59, 0x84, 0xba, 0xdd, 0x49, 0x60, 0xbd, 0xc4, @@ -5686,12 +5991,26 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xe9, 0x20, 0xe4, 0x94, 0x27, 0xc0, 0x62, 0x3c, 0x01, 0xd4, 0x98, 0xbe, 0xc7, 0xea, 0x2f, 0x19, 0x77, 0xa3, 0xd6, 0xa1, 0xed, 0x79, 0x43, 0xf0}, priv_key_33, - false}, + true}, // Comment: Block type = 0 // tcID: 17 {17, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xff, 0xb7, 0xb4, 0x8f, 0x15, 0x83, 0x3f, 0x1e, 0x06, 0x8d, 0xd4, 0x6f, + 0xba, 0x45, 0x6f, 0x45, 0x78, 0xb3, 0x31, 0xa3, 0x01, 0xe3, 0x97, 0xcc, + 0x01, 0xa4, 0x6c, 0x3a, 0x4b, 0x0b, 0xf4, 0x4a, 0x44, 0xa3, 0x8c, 0x7e, + 0x7f, 0x19, 0xe5, 0x5b, 0x0a, 0x65, 0x5b, 0x1e, 0x8e, 0xc5, 0x55, 0x91, + 0x8e, 0x49, 0x82, 0x00, 0x5f, 0x14, 0x81, 0xd1, 0x8c, 0x56, 0xb1, 0x8d, + 0x30, 0x51, 0xe6, 0x29, 0x18, 0x05, 0xeb, 0xec, 0xa6, 0x22, 0x3c, 0xf1, + 0x36, 0x86, 0x4f, 0x2b, 0x61, 0x89, 0xe4, 0xaa, 0xe6, 0xd0, 0x7c, 0x95, + 0xdf, 0xc2, 0x85, 0xb5, 0xe2, 0xb3, 0x5a, 0x4c, 0xa7, 0x05, 0xd3, 0x96, + 0xa8, 0x64, 0x8b, 0x14, 0xc9, 0x38, 0x5b, 0x99, 0x54, 0xe1, 0x6f, 0x7f, + 0xa4, 0xba, 0xb3, 0xaa, 0xd8, 0xe4, 0x5f, 0xe5, 0x7c, 0x62, 0x4e, 0x1d, + 0xcd, 0xc2, 0x8b, 0xb5, 0x15, 0x37, 0x04, 0xfb, 0xdd, 0xb2, 0xee, 0xef, + 0xd3, 0x1d, 0xbb, 0x79, 0x0c, 0x93, 0x10, 0x29, 0xfb, 0xec, 0x41, 0xaf, + 0xea, 0x82, 0x48, 0x47, 0x53, 0xc3, 0x79, 0xfd, 0x18, 0x1a, 0x62, 0xb1, + 0xe7, 0x7c, 0x6b, 0x92, 0x21, 0x03, 0xc1, 0xc6, 0x3e, 0xa1, 0xeb}, {0x09, 0x46, 0x36, 0x1a, 0xcb, 0x9a, 0x12, 0x45, 0x2e, 0x37, 0x0d, 0x04, 0xab, 0xbb, 0x2f, 0x64, 0xde, 0x06, 0x51, 0xce, 0x5d, 0x6e, 0x81, 0x3b, 0x4d, 0x25, 0x64, 0x76, 0x00, 0x3c, 0xfb, 0x17, 0x00, 0x48, 0x28, 0x44, @@ -5725,12 +6044,27 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xf5, 0x01, 0x6b, 0x77, 0x22, 0x9a, 0x4b, 0x08, 0x1f, 0xa7, 0x71, 0xf2, 0x49, 0x69, 0x5d, 0xa0, 0xbf, 0x14, 0xe7, 0xbe, 0x77, 0x0e, 0xe0, 0x10}, priv_key_33, - false}, + true}, // Comment: Block type = 1 // tcID: 18 {18, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x4a, 0x05, 0x15, 0xcf, 0x08, 0xd4, 0x5d, 0xc2, 0x0e, 0x95, 0x89, 0x84, + 0x39, 0x3b, 0x8c, 0x58, 0x46, 0x26, 0x61, 0xea, 0xc2, 0xc6, 0x07, 0x34, + 0x9b, 0x69, 0xa5, 0xda, 0x78, 0x14, 0x61, 0xea, 0x62, 0xf3, 0x3a, 0xe7, + 0x0b, 0x54, 0x37, 0x86, 0xba, 0x32, 0x4a, 0x98, 0xf8, 0x70, 0x34, 0x71, + 0x02, 0xfe, 0xd5, 0x11, 0xf8, 0xfa, 0x19, 0x0f, 0x87, 0x21, 0xfb, 0x5d, + 0x79, 0x4d, 0x2c, 0x7a, 0x15, 0xbe, 0xf0, 0xdb, 0x63, 0x9b, 0x99, 0xbf, + 0xaf, 0x51, 0x27, 0xfa, 0x3f, 0x3a, 0x5f, 0x25, 0x54, 0x83, 0xf0, 0x27, + 0x60, 0x1b, 0x45, 0xc4, 0xa9, 0x5b, 0xe7, 0xc2, 0xb0, 0xdf, 0x3c, 0x16, + 0x17, 0x50, 0x0c, 0x04, 0x97, 0x26, 0x03, 0x99, 0x2a, 0x28, 0xf6, 0xb7, + 0xc3, 0xff, 0xf0, 0xbb, 0xfb, 0x2a, 0xff, 0x8b, 0x70, 0x99, 0xbe, 0x09, + 0x90, 0x1b, 0xb7, 0x02, 0xd4, 0x5d, 0x49, 0x29, 0x63, 0xce, 0x7d, 0xbb, + 0xa6, 0x07, 0xcc, 0xce, 0xc1, 0x16, 0x0a, 0xba, 0x35, 0x2f, 0xd8, 0xb7, + 0x37, 0xae, 0x13, 0x32, 0x39, 0xca, 0xea, 0xab, 0xbc, 0x6e, 0x13, 0xb1, + 0xc4, 0x7b, 0xc0, 0x1a, 0x06, 0x89, 0x65, 0x8c, 0x61, 0xed, 0xe3, 0x3e, + 0x3b, 0x32, 0x85, 0xfc, 0x7d, 0x71, 0xeb, 0xba, 0x08, 0xe4, 0x61, 0x2d}, {0x84, 0x9e, 0xb2, 0x49, 0xb9, 0xb5, 0x90, 0x4f, 0x72, 0x6c, 0xb7, 0xdb, 0x32, 0x4f, 0x55, 0x79, 0xd3, 0x31, 0x89, 0x5b, 0xd3, 0xce, 0x51, 0x38, 0xed, 0xaa, 0x2d, 0x28, 0x33, 0x60, 0xfe, 0xda, 0x0b, 0xd3, 0xeb, 0xd9, @@ -5764,12 +6098,37 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xc8, 0x3b, 0x20, 0x78, 0x3a, 0xe2, 0x0d, 0x75, 0x51, 0x27, 0xb5, 0x65, 0x42, 0x72, 0xb7, 0x6c, 0x88, 0xfa, 0x36, 0x29, 0x60, 0xf6, 0x64, 0x66}, priv_key_33, - false}, + true}, // Comment: Block type = 0xff // tcID: 19 {19, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x2a, 0x53, 0x07, 0x95, 0x8e, 0xeb, 0x98, 0x7c, 0x01, 0xfa, 0x1f, 0x58, + 0x85, 0xab, 0x29, 0x83, 0xee, 0x53, 0x73, 0x0f, 0x74, 0xf5, 0x63, 0x8e, + 0x4d, 0x72, 0x97, 0x54, 0x4b, 0xca, 0x83, 0x84, 0x48, 0x3d, 0x6b, 0xf1, + 0x75, 0xd8, 0x78, 0xba, 0xf9, 0x90, 0x6f, 0xa6, 0x4a, 0xcf, 0x5b, 0xe3, + 0x26, 0x2e, 0x7c, 0xd8, 0x7e, 0x71, 0xf1, 0xa1, 0xce, 0xa4, 0xfe, 0x5b, + 0xcc, 0x1b, 0x23, 0xcf, 0x84, 0x1a, 0xfb, 0x64, 0xb5, 0xd6, 0x68, 0x81, + 0x64, 0xad, 0x75, 0x1e, 0x06, 0x01, 0x2c, 0x82, 0x23, 0x46, 0x63, 0xa7, + 0x06, 0x9b, 0xd9, 0x2d, 0x1a, 0xa9, 0xb5, 0xbc, 0x85, 0x40, 0xe9, 0x60, + 0xa0, 0xcc, 0x1e, 0xc6, 0x2a, 0x7d, 0x20, 0xcc, 0x28, 0x1d, 0x3b, 0x00, + 0x62, 0x85, 0xc7, 0x6f, 0xf4, 0x58, 0x4e, 0x6c, 0x13, 0xd6, 0x65, 0x5c, + 0xe7, 0x4b, 0x1c, 0x46, 0x5e, 0x68, 0xaf, 0x31, 0x2c, 0x00, 0x40, 0xe3, + 0x7b, 0x52, 0x66, 0x48, 0xb5, 0x98, 0x5b, 0x54, 0x56, 0x42, 0xef, 0x77, + 0x6e, 0x35, 0xb2, 0x62, 0xbc, 0xb8, 0x8b, 0xd8, 0x78, 0x8c, 0xe5, 0x07, + 0x37, 0x85, 0x96, 0x2c, 0x92, 0xc8, 0x2e, 0x65, 0x8a, 0x56, 0x73, 0xaa, + 0x70, 0x0f, 0xa0, 0x2c, 0x63, 0x84, 0xff, 0xd9, 0xf4, 0x17, 0x7a, 0xee, + 0x35, 0x7d, 0x8d, 0xfd, 0x78, 0xd4, 0x0b, 0x3a, 0x16, 0xcd, 0x25, 0xde, + 0xa7, 0x18, 0x41, 0x2a, 0x61, 0xc5, 0x63, 0x89, 0xd7, 0xff, 0x53, 0x25, + 0xaa, 0xa6, 0xca, 0x58, 0x6e, 0x1a, 0xe8, 0x5d, 0x3a, 0x60, 0xcb, 0xfd, + 0x2d, 0xe5, 0x28, 0x8e, 0x31, 0x36, 0xcc, 0xe6, 0x76, 0x8f, 0x3d, 0x3b, + 0x12, 0xdd, 0x54, 0x62, 0x9c, 0x8d, 0xd2, 0x04, 0x09, 0x02, 0xc2, 0x4d, + 0xed, 0xa1, 0xcb, 0x5f, 0x0d, 0xe4, 0x18, 0x9e, 0xb6, 0xc3, 0x58, 0x7e, + 0x0d, 0xd4, 0x3e, 0xa5, 0x65, 0x40, 0x45, 0x24, 0x19, 0x3c, 0x1e, 0x64, + 0x6b, 0xb4, 0xb5, 0x99, 0x24, 0xa1, 0xba, 0x06, 0x30, 0x74, 0xdf, 0xf2, + 0x51, 0x57, 0xd4, 0x54, 0x6e, 0xa2, 0xa2, 0x4a, 0x36, 0x99, 0x47, 0x1d, + 0x71, 0x40}, {0x99, 0xae, 0xa1, 0x5a, 0xfd, 0xe0, 0xb4, 0x0c, 0x12, 0x96, 0x0c, 0xce, 0x59, 0x8c, 0x11, 0xd6, 0x18, 0xb3, 0xe4, 0xa0, 0x50, 0x2e, 0xb9, 0x76, 0x4c, 0xc1, 0x14, 0xee, 0xd7, 0x04, 0x11, 0x3f, 0x0d, 0x13, 0xd9, 0xc1, @@ -5803,12 +6162,30 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x05, 0x31, 0xcd, 0x10, 0x77, 0xd7, 0xd1, 0x64, 0x6c, 0xd1, 0xa4, 0x58, 0xcb, 0xd4, 0xe8, 0x8a, 0x42, 0xea, 0x2a, 0xb6, 0x29, 0x06, 0xf2, 0xdd}, priv_key_33, - false}, + true}, // Comment: First byte is not zero // tcID: 20 {20, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x50, 0x69, 0x02, 0x80, 0xb4, 0x43, 0xb5, 0xdc, 0xf3, 0xd2, 0x8d, 0xc7, + 0xc1, 0xcc, 0xf5, 0x90, 0xeb, 0xbe, 0xb8, 0xd7, 0x03, 0xc4, 0x85, 0x79, + 0x8d, 0xc0, 0xe5, 0x6b, 0xd1, 0x88, 0x36, 0xb4, 0xe8, 0x6f, 0xee, 0x7c, + 0x89, 0x5c, 0xd0, 0xa9, 0x2a, 0x86, 0x40, 0x1e, 0xbc, 0x4b, 0x28, 0xd2, + 0x7a, 0x2b, 0x69, 0x26, 0xce, 0x77, 0x49, 0x02, 0x34, 0x2d, 0x03, 0x19, + 0xe0, 0x92, 0x10, 0x48, 0xde, 0xbd, 0x63, 0xf8, 0xaa, 0x62, 0x04, 0xbe, + 0xab, 0xb8, 0x65, 0x95, 0xfa, 0x1a, 0x1c, 0x0b, 0x05, 0xbd, 0x5c, 0x64, + 0x8b, 0x09, 0x2e, 0x67, 0x53, 0x7c, 0x35, 0x4f, 0x4a, 0x11, 0x91, 0xe0, + 0xd3, 0x95, 0x16, 0xa0, 0x9d, 0x86, 0x7b, 0xcb, 0x1e, 0xaa, 0x26, 0x5c, + 0x93, 0x06, 0x46, 0xee, 0x24, 0xaf, 0x76, 0x32, 0xdc, 0xc4, 0x3f, 0xef, + 0xb4, 0x83, 0xd0, 0xfa, 0x4a, 0x8b, 0xe9, 0x10, 0x3c, 0x24, 0xd8, 0x57, + 0x36, 0x7a, 0x9e, 0xef, 0x44, 0x57, 0x4c, 0x4e, 0x89, 0x7f, 0xf1, 0x39, + 0x8d, 0x98, 0xae, 0x63, 0xfd, 0xe0, 0x2f, 0x81, 0x68, 0x66, 0x7e, 0x78, + 0x6d, 0x6f, 0x38, 0x1e, 0x2f, 0xf2, 0x75, 0x22, 0xda, 0xaa, 0x83, 0x92, + 0x9e, 0x75, 0xbb, 0x4a, 0x8e, 0x57, 0x2f, 0xbe, 0x67, 0xe8, 0x11, 0x63, + 0x65, 0x73, 0xd2, 0x70, 0x0d, 0x1b, 0x87, 0xd6, 0xe8, 0x32, 0x39, 0x41, + 0xb0, 0xa1, 0xbf, 0x68, 0xde, 0xf5, 0x12, 0xda, 0x15, 0x7f, 0x8e, 0x79, + 0x7e, 0x9d, 0xd2, 0xb5, 0x93, 0x35, 0xd2}, {0xa2, 0x25, 0xdb, 0x92, 0xd6, 0x85, 0x3b, 0x70, 0x8d, 0xd7, 0x2c, 0xbf, 0xd0, 0x81, 0xc0, 0x6c, 0xe3, 0xd6, 0xc4, 0x57, 0x9d, 0xef, 0x7e, 0x6b, 0xd8, 0xb4, 0x50, 0x90, 0xcc, 0x0b, 0x9f, 0x51, 0xd4, 0x21, 0x7d, 0x32, @@ -5842,12 +6219,17 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xce, 0xc7, 0x0d, 0xc0, 0xc3, 0x01, 0x67, 0x93, 0xc4, 0x4a, 0xa9, 0xc8, 0xd9, 0xf7, 0xc9, 0xd3, 0x49, 0x07, 0x52, 0x36, 0x13, 0xd4, 0xbd, 0x84}, priv_key_33, - false}, + true}, // Comment: First byte is not zero // tcID: 21 {21, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xab, 0xd7, 0xeb, 0xfb, 0x98, 0x03, 0x02, 0x9f, 0x72, 0x8d, 0x5d, + 0x43, 0x21, 0x1c, 0xeb, 0x07, 0x09, 0x34, 0x2f, 0x6d, 0x79, 0xc6, + 0xa7, 0x45, 0x4c, 0x87, 0x7e, 0xd0, 0x95, 0x42, 0xf9, 0x29, 0x22, + 0x15, 0x59, 0xda, 0x9b, 0x67, 0xdc, 0xec, 0x6c, 0x83, 0x54, 0xb2, + 0xd3, 0x0b, 0x48, 0xfa, 0x7f, 0x7d, 0x34, 0xf8}, {0x85, 0x42, 0x19, 0x77, 0x73, 0x0b, 0x0f, 0x2c, 0xa7, 0xac, 0x9e, 0x69, 0x32, 0x8c, 0x09, 0x85, 0x3d, 0x07, 0xe6, 0x8f, 0x0c, 0x12, 0x39, 0x60, 0x11, 0xa8, 0x8e, 0x1b, 0x3d, 0x0d, 0x86, 0x75, 0xc7, 0x23, 0xc3, 0xc7, @@ -5881,12 +6263,32 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x8e, 0xe4, 0xdb, 0xcb, 0x86, 0xec, 0x32, 0x6a, 0x54, 0x66, 0x57, 0x52, 0xa9, 0x05, 0x0f, 0x80, 0xb9, 0x0a, 0xc3, 0x4d, 0xd5, 0x1f, 0x1f, 0x11}, priv_key_33, - false}, + true}, // Comment: signature padding // tcID: 22 {22, - {0x54, 0x65, 0x73, 0x74}, + {0xc1, 0x4d, 0x31, 0x46, 0x5b, 0xe0, 0xcd, 0xf4, 0x14, 0xe4, 0xa5, 0xab, + 0x44, 0xf3, 0x5f, 0x0e, 0x6a, 0x22, 0x43, 0x4f, 0x57, 0xb4, 0x5f, 0x94, + 0x0c, 0xdc, 0x33, 0xbe, 0x85, 0x6b, 0x48, 0x71, 0xa6, 0x6e, 0x80, 0xf7, + 0x6b, 0xa7, 0xa5, 0xe8, 0xac, 0x9c, 0x23, 0x56, 0x16, 0x8c, 0x33, 0x60, + 0x2c, 0xee, 0x8f, 0x09, 0xa6, 0xba, 0x07, 0x77, 0x3a, 0xb6, 0xdd, 0xfd, + 0x46, 0xf7, 0x2c, 0x5a, 0xd9, 0xa1, 0x27, 0x68, 0x4c, 0xf4, 0x24, 0x05, + 0xc0, 0x71, 0x1c, 0xd5, 0xdc, 0x60, 0xfa, 0x2d, 0xbe, 0x93, 0xab, 0xd1, + 0xa3, 0xc1, 0x84, 0xa8, 0xb3, 0x55, 0x76, 0x48, 0xb3, 0xdc, 0x7d, 0x4c, + 0x3c, 0xf4, 0x38, 0x1d, 0x06, 0x7b, 0x8f, 0x3e, 0xae, 0xa3, 0xff, 0x42, + 0xc6, 0xa1, 0x86, 0x6d, 0xf6, 0x13, 0x78, 0x97, 0xa4, 0x84, 0x71, 0x9f, + 0xbf, 0xeb, 0x3f, 0xac, 0xbb, 0x32, 0x0d, 0x0f, 0xe6, 0x05, 0x52, 0x41, + 0xfc, 0xa3, 0x34, 0x70, 0x9f, 0xf4, 0xae, 0x87, 0x25, 0x62, 0x99, 0xe5, + 0x76, 0xac, 0x1b, 0x88, 0x17, 0xb7, 0xcb, 0xf8, 0xa0, 0x37, 0x72, 0x51, + 0x72, 0x98, 0xea, 0x7f, 0x45, 0xa4, 0x68, 0xee, 0xba, 0xbf, 0x9f, 0xea, + 0x22, 0x08, 0xad, 0x01, 0xb7, 0x33, 0xa0, 0x33, 0xea, 0x6b, 0xec, 0x33, + 0x2d, 0xbb, 0xfb, 0xff, 0x49, 0x70, 0xde, 0x7c, 0xa8, 0x9f, 0x63, 0x3c, + 0x70, 0x35, 0x43, 0xa7, 0xd8, 0x8c, 0x39, 0x82, 0xf9, 0xbb, 0xcf, 0x6a, + 0x9c, 0x5f, 0x6d, 0xe9, 0x63, 0xf5, 0x32, 0xdb, 0x6e, 0xd8, 0x49, 0xfa, + 0x87, 0xa3, 0x8f, 0x08, 0x41, 0x9b, 0x42, 0xd3, 0x28, 0xc5, 0xa7, 0x33, + 0x76, 0x22, 0x8a, 0x44, 0x4b, 0x91, 0x68, 0xc7, 0xb1, 0xd9, 0x0d, 0x59, + 0x2f, 0xcb, 0x81, 0x63, 0xf6, 0x74, 0x2b, 0x81}, {0x50, 0x9c, 0x69, 0xe8, 0x02, 0xc2, 0xab, 0x81, 0x2f, 0xea, 0x8c, 0x77, 0xf8, 0x9d, 0xd3, 0x21, 0xc0, 0xed, 0xfd, 0x27, 0x9b, 0x20, 0x0e, 0x93, 0xaa, 0xf4, 0x65, 0x91, 0x88, 0x61, 0x48, 0x72, 0x2b, 0x06, 0x58, 0x4f, @@ -5920,12 +6322,29 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x2d, 0x34, 0x9e, 0x54, 0x42, 0x45, 0xca, 0x71, 0x5c, 0xb9, 0x64, 0xf0, 0xbe, 0x18, 0x55, 0x22, 0x9a, 0x9a, 0x6e, 0x9e, 0x6e, 0xa2, 0x0e, 0x63}, priv_key_33, - false}, + true}, // Comment: no zero after padding // tcID: 23 {23, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xe5, 0xdb, 0x5e, 0x79, 0xd1, 0x92, 0x5c, 0x09, 0x00, 0x41, 0xee, 0x90, + 0x2b, 0x99, 0xc6, 0xbf, 0x88, 0x31, 0x5f, 0xa5, 0xd6, 0xe4, 0xe6, 0x02, + 0x40, 0x05, 0x87, 0xe2, 0x46, 0xe0, 0x49, 0x6f, 0x63, 0xf2, 0x15, 0x33, + 0x2a, 0x99, 0x6a, 0x93, 0x1a, 0x2f, 0x35, 0x3b, 0x84, 0x18, 0xa5, 0x85, + 0x69, 0xe7, 0x43, 0x1f, 0xe8, 0x8a, 0x7d, 0xde, 0xca, 0xcf, 0x1c, 0xd2, + 0xb0, 0xe3, 0x16, 0x09, 0xfd, 0xf1, 0x33, 0x39, 0x93, 0x96, 0x40, 0xb2, + 0xae, 0x5a, 0x7a, 0x57, 0xf4, 0x65, 0x9d, 0x37, 0x32, 0x7e, 0x54, 0xa8, + 0xe2, 0x8a, 0x85, 0x4a, 0x0e, 0x72, 0xec, 0xa8, 0x5e, 0x9a, 0x49, 0xb7, + 0xd0, 0xff, 0xbc, 0xf6, 0x2a, 0x58, 0xbf, 0x81, 0xcd, 0xf8, 0x0c, 0xca, + 0x3e, 0x21, 0x34, 0x98, 0x95, 0x47, 0xd1, 0x30, 0x8f, 0x8a, 0xb2, 0xd1, + 0xab, 0x72, 0x0c, 0xed, 0xf1, 0x9b, 0x62, 0x05, 0xdc, 0x2e, 0x5e, 0xc1, + 0xd5, 0x6e, 0xac, 0x40, 0x28, 0x5a, 0x15, 0xfd, 0xb7, 0x0c, 0x21, 0x41, + 0xd6, 0x2e, 0x3a, 0x05, 0x35, 0x26, 0x69, 0x7b, 0x4a, 0xdd, 0x21, 0xdf, + 0xfa, 0x60, 0x64, 0xc0, 0xee, 0x92, 0x36, 0x7a, 0x5d, 0x12, 0xbd, 0xe8, + 0x77, 0x85, 0xb5, 0x59, 0x1f, 0x05, 0xf7, 0xbf, 0x20, 0x69, 0x87, 0xcd, + 0x6d, 0x0a, 0x78, 0x51, 0x86, 0x73, 0xde, 0x26, 0x09, 0xf3, 0x86, 0x99, + 0xc3, 0x86, 0x73, 0x4e, 0x29, 0xbe, 0x37, 0xcd, 0x67, 0x99}, {0x9a, 0xc9, 0xda, 0x6b, 0x29, 0xf1, 0xde, 0x85, 0x99, 0xfe, 0x88, 0xbd, 0xb7, 0x01, 0x2c, 0xb0, 0xce, 0x48, 0x17, 0xfb, 0xca, 0xcc, 0x39, 0xb2, 0x73, 0xc5, 0x57, 0xbb, 0x22, 0xd2, 0xc0, 0x19, 0xb8, 0xc5, 0xcd, 0x55, @@ -5959,12 +6378,20 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x24, 0x7e, 0xd9, 0x61, 0xcd, 0xf0, 0x20, 0x5f, 0xa8, 0xaa, 0xde, 0x1f, 0x42, 0xd8, 0x8d, 0xcc, 0xf9, 0x75, 0x19, 0x4e, 0xe0, 0x93, 0x69, 0x72}, priv_key_33, - false}, + true}, // Comment: no padding // tcID: 24 {24, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xf8, 0x76, 0xca, 0x14, 0x87, 0xfe, 0xa6, 0x54, 0x9a, 0x0f, 0x2b, 0x8a, + 0x92, 0xe1, 0xf0, 0x86, 0x5c, 0x70, 0x49, 0x0b, 0x8c, 0x15, 0x4f, 0x4e, + 0xd6, 0x31, 0x16, 0x7d, 0x6e, 0x54, 0x44, 0x29, 0x8f, 0xc9, 0x32, 0x3f, + 0x51, 0x0f, 0xe2, 0x71, 0x9f, 0x03, 0x46, 0x69, 0xb5, 0x50, 0xdc, 0xb3, + 0xc1, 0xc0, 0x3c, 0x93, 0x41, 0x5d, 0x1c, 0x2a, 0x1c, 0xa2, 0x6c, 0x1a, + 0xbc, 0xb1, 0x36, 0x02, 0xbb, 0xfd, 0xb0, 0xa9, 0xc1, 0x29, 0x45, 0x41, + 0x26, 0xe4, 0xc5, 0xcc, 0xb1, 0xb3, 0xbd, 0xf7, 0x4a, 0x49, 0x31, 0xc3, + 0xd7, 0x87, 0x52, 0xe5, 0x64, 0x97}, {0x50, 0xe9, 0x74, 0xb2, 0xbf, 0xca, 0x62, 0x3e, 0xdd, 0x2d, 0x79, 0x7e, 0x4e, 0x58, 0x8d, 0xe2, 0x24, 0x78, 0xd5, 0xa8, 0xe5, 0x7c, 0x74, 0xc4, 0x48, 0x44, 0x98, 0x53, 0xba, 0x84, 0xfb, 0x1d, 0x00, 0x73, 0xc1, 0xce, @@ -5998,12 +6425,31 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x99, 0xd2, 0xcf, 0x38, 0xd3, 0x9d, 0xa3, 0x7f, 0xa1, 0xc7, 0x56, 0x63, 0x6b, 0xfd, 0x57, 0x6e, 0x7d, 0xe0, 0xf2, 0x6a, 0x10, 0x80, 0x30, 0xb5}, priv_key_33, - false}, + true}, // Comment: m = 2 // tcID: 25 {25, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x60, 0x24, 0x6b, 0xf3, 0xdb, 0x24, 0x1f, 0xa5, 0x89, 0xa1, 0x16, 0x93, + 0x67, 0xc7, 0x38, 0x07, 0x9a, 0x3d, 0x5d, 0xe2, 0x2d, 0xce, 0xe2, 0x7d, + 0xeb, 0x5e, 0x72, 0x90, 0xb5, 0x22, 0x21, 0xf5, 0xe6, 0xd7, 0xb6, 0x25, + 0xcb, 0x8a, 0x2b, 0xa5, 0x10, 0x82, 0x06, 0x5d, 0xaf, 0xec, 0x99, 0x07, + 0x53, 0xb8, 0x99, 0xb6, 0xc0, 0xe2, 0xe8, 0xb3, 0xc4, 0x8d, 0xec, 0xb8, + 0x56, 0xd6, 0x36, 0xe3, 0xb3, 0x12, 0x2a, 0xc7, 0xaf, 0x54, 0xef, 0xc8, + 0x96, 0x77, 0x13, 0x8f, 0x13, 0x42, 0xa3, 0xdf, 0xd0, 0x24, 0xdc, 0xcd, + 0xdb, 0x46, 0x34, 0xf7, 0x4d, 0x3e, 0xd3, 0x65, 0xa0, 0x90, 0x54, 0xa0, + 0x28, 0x60, 0x0d, 0x2c, 0xb8, 0x36, 0x0b, 0x7c, 0xf0, 0x24, 0xfa, 0x4e, + 0x43, 0x5c, 0xc6, 0xc7, 0xb0, 0xe4, 0xda, 0x54, 0xc9, 0x60, 0xad, 0xae, + 0xbc, 0xb0, 0xd7, 0x80, 0xa7, 0x2e, 0xf3, 0x97, 0x35, 0x19, 0xa4, 0xf5, + 0xf3, 0x76, 0x2e, 0x07, 0x00, 0xc4, 0xad, 0xce, 0x6e, 0xba, 0x94, 0xa9, + 0xee, 0x2e, 0xd4, 0x9b, 0x86, 0xf0, 0xc8, 0xcd, 0x53, 0xfc, 0x8b, 0xe1, + 0xe1, 0x1f, 0xd7, 0x60, 0xa1, 0x5d, 0x6c, 0x4c, 0x65, 0x2f, 0x87, 0x47, + 0x41, 0xfd, 0x66, 0x59, 0x25, 0xa1, 0xd4, 0x71, 0xc6, 0x95, 0xa9, 0xd4, + 0x17, 0x06, 0xa5, 0xe2, 0x3b, 0xce, 0x47, 0xe3, 0x0f, 0xbd, 0xdb, 0x47, + 0xe3, 0x7d, 0x06, 0xac, 0x55, 0x2b, 0x65, 0xd4, 0x99, 0xfd, 0x3a, 0xfb, + 0xba, 0xe5, 0xcb, 0x69, 0x01, 0x12, 0x6f, 0x44, 0x37, 0xa8, 0x0c, 0xbb, + 0xbf, 0xba, 0xdf, 0x98, 0xd0}, {0xab, 0x95, 0x7d, 0x59, 0x86, 0x55, 0x13, 0xc0, 0x59, 0xa7, 0xae, 0x69, 0x14, 0xb3, 0x4e, 0x8e, 0x3e, 0x4a, 0xb9, 0x6c, 0xb6, 0x60, 0x69, 0xe0, 0x14, 0xaa, 0x31, 0x5e, 0x67, 0xb2, 0xad, 0xda, 0xe2, 0xb3, 0xb7, 0x59, @@ -6037,12 +6483,38 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xdc, 0x71, 0x14, 0x6c, 0x7c, 0xef, 0xa0, 0x77, 0x5c, 0x40, 0x5f, 0x3f, 0xaa, 0xf5, 0x9e, 0x8d, 0x9c, 0xed, 0xbc, 0xca, 0xbf, 0x18, 0x74, 0xbf}, priv_key_33, - false}, + true}, // Comment: m = n-2 // tcID: 26 {26, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x03, 0x5b, 0x0a, 0x59, 0xfd, 0xcf, 0x4c, 0x68, 0x4e, 0x8f, 0x03, 0xa5, + 0x06, 0x0a, 0x21, 0x3f, 0x72, 0x92, 0xd7, 0xd9, 0x01, 0x4e, 0xf4, 0xcd, + 0xa7, 0x4b, 0x4d, 0xff, 0xd2, 0x81, 0x1e, 0xce, 0x1f, 0xf4, 0x9a, 0x4c, + 0x91, 0x28, 0xe5, 0xe4, 0x51, 0x20, 0x15, 0xfa, 0x4f, 0x6c, 0xb6, 0xd4, + 0x34, 0xa4, 0x6d, 0x37, 0xfa, 0x30, 0x53, 0x07, 0xc1, 0xf5, 0xa9, 0x3f, + 0xff, 0xe8, 0xd6, 0x22, 0x84, 0x01, 0xab, 0x22, 0x35, 0xfc, 0xbb, 0xa6, + 0xe4, 0x62, 0x93, 0x48, 0xe1, 0xb5, 0x83, 0xd9, 0xff, 0xbc, 0xf8, 0x41, + 0xcf, 0x20, 0xe7, 0x27, 0xbb, 0x92, 0xa9, 0x8a, 0x47, 0x6e, 0xa2, 0x1f, + 0x47, 0x75, 0xbf, 0x66, 0x05, 0xcc, 0x79, 0x3f, 0xe9, 0xc7, 0xd9, 0x0b, + 0xf3, 0x4b, 0xd6, 0xb9, 0xfc, 0x56, 0x16, 0x00, 0x37, 0x9a, 0x00, 0xab, + 0xae, 0xc1, 0x55, 0x6d, 0x32, 0xaa, 0x9d, 0x3a, 0x2a, 0xe5, 0x3c, 0x22, + 0x14, 0x64, 0xe4, 0xcd, 0x96, 0xdc, 0x37, 0x4c, 0xdc, 0xcd, 0xf5, 0x30, + 0xe8, 0xfd, 0x3e, 0xd6, 0x69, 0xa5, 0x5c, 0x52, 0x5c, 0x1d, 0xa1, 0xe6, + 0x7f, 0xc7, 0xf3, 0x98, 0x14, 0xc0, 0x47, 0x89, 0xa5, 0x10, 0xac, 0x20, + 0x44, 0x8d, 0x29, 0xde, 0x7e, 0x67, 0x03, 0xa3, 0xb2, 0x87, 0xb0, 0x66, + 0xb8, 0xfa, 0x43, 0x1f, 0xd6, 0xa9, 0x68, 0xf5, 0x3a, 0xc8, 0x44, 0x20, + 0x76, 0xb3, 0x07, 0x54, 0x82, 0xdc, 0xa4, 0x50, 0x32, 0xfe, 0xc9, 0xe8, + 0x52, 0x6f, 0x22, 0xe0, 0xd6, 0x9e, 0xd0, 0xaf, 0xe3, 0x0b, 0x0a, 0xaf, + 0xfa, 0x8a, 0x1e, 0xe5, 0x42, 0xfd, 0x94, 0x17, 0xf5, 0xe8, 0xca, 0x5c, + 0x12, 0x04, 0x58, 0x18, 0xa5, 0x3c, 0x4d, 0x42, 0xcf, 0x0f, 0xc3, 0x08, + 0x7e, 0x17, 0xff, 0x31, 0x34, 0x90, 0x14, 0x08, 0x58, 0x89, 0xaf, 0x6e, + 0x5c, 0x10, 0x4e, 0x5e, 0xc0, 0xcf, 0x7a, 0x68, 0x6b, 0xba, 0xe6, 0xb8, + 0x73, 0x4a, 0xe1, 0x1d, 0xdb, 0xa5, 0xa1, 0x97, 0x69, 0x70, 0xcf, 0x56, + 0x4f, 0x16, 0x50, 0xff, 0x6c, 0xac, 0x77, 0x0f, 0x99, 0x6f, 0xbd, 0x14, + 0x25, 0x76, 0x5e, 0x79, 0x29, 0xc7, 0x0c, 0xdd, 0xa6, 0x5d, 0xa9, 0x46, + 0x0e, 0x52, 0xb2, 0x02, 0x96, 0xa6, 0x3c, 0x4c, 0xca, 0xd6, 0xe7, 0x94}, {0x30, 0xf9, 0xfb, 0x26, 0xe0, 0xd9, 0xf9, 0x39, 0x7c, 0x8e, 0x69, 0x3f, 0x90, 0xd8, 0x8e, 0x98, 0xdb, 0xc5, 0xe2, 0x41, 0x23, 0xaf, 0x3e, 0x46, 0xe4, 0xa1, 0x59, 0x1a, 0xed, 0x74, 0x08, 0xc9, 0xb7, 0xcc, 0x9e, 0xf3, @@ -6076,12 +6548,44 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x34, 0x22, 0xb3, 0x09, 0x05, 0xd0, 0x41, 0x34, 0xfd, 0x53, 0x08, 0x07, 0x55, 0xc0, 0xa4, 0xb5, 0x9c, 0xf2, 0x67, 0x88, 0x56, 0xbf, 0xfb, 0x0c}, priv_key_33, - false}, + true}, // Comment: c = 0 // tcID: 27 {27, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x71, 0x7f, 0xee, 0xde, 0x76, 0x08, 0x18, 0xb0, 0x1c, 0x7a, 0x1c, 0x66, + 0x0e, 0x40, 0xdc, 0x23, 0xa8, 0x53, 0xec, 0x41, 0x2a, 0x79, 0x2f, 0x23, + 0xc1, 0x6b, 0x27, 0x00, 0xe2, 0xca, 0xbc, 0xc1, 0x01, 0x59, 0xb6, 0x6c, + 0x66, 0x42, 0x88, 0x38, 0x9e, 0xf5, 0x26, 0x5a, 0xe7, 0x44, 0x9c, 0x22, + 0x0d, 0xb9, 0x86, 0xfb, 0xb4, 0xae, 0xa6, 0xa7, 0xb4, 0xcc, 0xbc, 0x32, + 0x31, 0x26, 0x0b, 0xe6, 0xe2, 0x50, 0xc2, 0x27, 0xdf, 0x63, 0x20, 0x9c, + 0xec, 0x2e, 0x68, 0x25, 0x87, 0x4c, 0xb5, 0x28, 0x3e, 0xef, 0x43, 0x41, + 0x27, 0x7c, 0x14, 0xfb, 0xf2, 0x7b, 0xbd, 0x3d, 0xd9, 0x08, 0x7c, 0xaa, + 0xa3, 0x2c, 0xd3, 0x83, 0xde, 0xac, 0x69, 0xc7, 0x8a, 0xbf, 0x5d, 0xa2, + 0x83, 0x07, 0x0b, 0x07, 0x9c, 0xa3, 0xdb, 0xdb, 0x12, 0x85, 0x95, 0x44, + 0xa6, 0xde, 0x19, 0x2c, 0xf6, 0x78, 0x7a, 0xea, 0xbc, 0xa1, 0x0a, 0xec, + 0xd0, 0x3f, 0x70, 0x2b, 0x71, 0xfe, 0xef, 0x8f, 0xbc, 0x49, 0x09, 0x6b, + 0x47, 0x2c, 0xe0, 0x68, 0xa5, 0x88, 0xfc, 0x40, 0x56, 0xdf, 0xcb, 0xf0, + 0x78, 0x66, 0xff, 0xf7, 0xac, 0xf3, 0x8f, 0xc2, 0x01, 0x4a, 0x63, 0xe2, + 0x70, 0xe3, 0xbb, 0x6b, 0x60, 0x74, 0xde, 0x60, 0xa5, 0xa7, 0xe0, 0x37, + 0x20, 0xcf, 0xb3, 0xcd, 0xbd, 0x2a, 0xb1, 0xd6, 0x58, 0xaf, 0xdd, 0xdf, + 0x09, 0xd7, 0x40, 0x80, 0x4d, 0xbc, 0x8b, 0xb8, 0xd9, 0x07, 0xf6, 0xe0, + 0xe3, 0x8c, 0x81, 0x55, 0x14, 0x75, 0x8a, 0xc5, 0x96, 0xe3, 0xb1, 0x92, + 0x67, 0xfc, 0x5b, 0x44, 0x01, 0xc8, 0xa6, 0x0e, 0xbc, 0xb8, 0x92, 0xae, + 0x55, 0xd7, 0xf0, 0x7a, 0xc9, 0x9e, 0x65, 0x3b, 0xda, 0xdf, 0xc3, 0x4f, + 0x11, 0x06, 0x11, 0x49, 0xae, 0xdf, 0xc0, 0x82, 0x36, 0x13, 0x0f, 0x36, + 0xf0, 0x47, 0xe2, 0xea, 0x8e, 0x78, 0x84, 0x01, 0x7a, 0xc8, 0x6c, 0x71, + 0x09, 0xda, 0xd7, 0xa3, 0xa3, 0xfc, 0x7f, 0x9d, 0x3e, 0x53, 0x37, 0xe3, + 0x4f, 0x88, 0x43, 0xc1, 0x62, 0x5e, 0xcd, 0xe3, 0xcd, 0x72, 0xb1, 0x46, + 0x44, 0x3f, 0x0d, 0xc6, 0x58, 0xf7, 0xbd, 0xd4, 0x27, 0x8f, 0xc3, 0xcf, + 0xaa, 0x8e, 0x3c, 0x7b, 0x63, 0x87, 0xe0, 0x39, 0x2c, 0x2a, 0xc9, 0x8d, + 0x59, 0xa2, 0xe7, 0x7a, 0x3a, 0x7e, 0xde, 0x66, 0x9e, 0xb5, 0x61, 0x03, + 0x4a, 0x06, 0xa4, 0xec, 0xf8, 0xf6, 0x1d, 0x18, 0xd3, 0xc3, 0x20, 0x86, + 0xcc, 0x4b, 0xf8, 0x75, 0x21, 0x78, 0x42, 0x4e, 0x36, 0x0e, 0x5b, 0xa4, + 0xe6, 0xc7, 0xb8, 0x11, 0xbb, 0xaa, 0xff, 0x14, 0xbd, 0x27, 0x34, 0xd4, + 0xa4, 0x7a, 0xac, 0xef, 0xe1, 0x6f, 0x1d, 0x31, 0xae, 0xa9, 0x50, 0xef, + 0x12}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -6115,12 +6619,14 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, priv_key_33, - false}, + true}, // Comment: c = 1 // tcID: 28 {28, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x4f, 0x7a, 0xe4, 0x9f, 0x5c, 0x41, 0xaf, 0xec, 0x9c, 0xdc, 0xa8, + 0x0e, 0x10, 0x75, 0xec, 0xda, 0xbe, 0x3e, 0x44, 0xb8, 0x76, 0xeb}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -6154,12 +6660,21 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, priv_key_33, - false}, + true}, // Comment: c = n-1 // tcID: 29 {29, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x3c, 0xe0, 0x96, 0x42, 0x5b, 0x21, 0xc9, 0x4f, 0xc5, 0x53, 0x96, 0xa9, + 0x1a, 0x6a, 0x37, 0xcf, 0x8e, 0x55, 0xac, 0x32, 0x34, 0xee, 0xa9, 0xba, + 0x85, 0x76, 0x10, 0x1f, 0x0c, 0x80, 0x37, 0xf5, 0x5c, 0x0e, 0xe0, 0x3c, + 0xdc, 0xf7, 0xf3, 0xe8, 0x3e, 0xe7, 0x74, 0x70, 0xe6, 0x19, 0x92, 0x75, + 0xc9, 0x76, 0x4c, 0x36, 0x18, 0x47, 0x1b, 0xf6, 0x39, 0x4e, 0xde, 0x9a, + 0x69, 0x0a, 0x46, 0xa6, 0x61, 0xcf, 0x9c, 0xfb, 0x6c, 0xe2, 0xdc, 0xdc, + 0x54, 0x96, 0x40, 0x8c, 0xf4, 0xee, 0x9f, 0x0a, 0xff, 0x10, 0x63, 0x09, + 0xb5, 0xe1, 0xc3, 0x96, 0xbb, 0x92, 0xdd, 0xc3, 0xb6, 0x44, 0xb7, 0xe8, + 0xef, 0xa0, 0x99, 0xd3, 0xe2, 0x1d, 0x7c, 0x4c, 0x04, 0x24, 0x0b, 0x7b}, {0xdc, 0x8f, 0x78, 0x80, 0x67, 0x2f, 0x0c, 0xf9, 0xd6, 0x36, 0x17, 0xa8, 0xa5, 0x8b, 0xdd, 0x27, 0x1a, 0x10, 0x9b, 0xad, 0xda, 0x0f, 0xa8, 0x26, 0xf9, 0x4b, 0x8a, 0x79, 0x55, 0x26, 0xb6, 0xa4, 0x9a, 0x80, 0x56, 0x4c, @@ -6193,7 +6708,7 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x10, 0x93, 0xc7, 0x75, 0x82, 0xbf, 0xe1, 0xac, 0x59, 0x93, 0x67, 0x47, 0x00, 0xb6, 0x43, 0x43, 0x39, 0xe0, 0x24, 0x53, 0x15, 0xd8, 0x6f, 0xca}, priv_key_33, - false}, + true}, // Comment: ciphertext is empty // tcID: 30 @@ -7633,38 +8148,31 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { // Comment: edge case for montgomery reduction with special primes // tcID: 56 {56, - {0x62, 0x92, 0x16, 0xbe, 0x33, 0x3c, 0x6a, 0x51, 0x7f, 0xb3, 0x42, 0x7d, - 0x03, 0x94, 0x51, 0x1f, 0xa3, 0xc2, 0x4a, 0x71, 0x11, 0x3f, 0x12, 0x34, - 0xbe, 0xa7, 0xfd, 0x4e, 0x07, 0x28, 0xf6, 0xc6, 0x58, 0x72, 0x41, 0x50, - 0x29, 0xfd, 0x0a, 0xaa, 0xf1, 0xac, 0x7d, 0xae, 0x14, 0xd3, 0x85, 0x03, - 0xdb, 0x27, 0x1d, 0xb4, 0x72, 0xbb, 0xb2, 0x12, 0xbe, 0x45, 0x3c, 0xea, - 0xc6, 0xab, 0x62, 0x2e, 0x75, 0xd5, 0xe3, 0x23, 0xf6, 0x35, 0x3c, 0xe8, - 0xb5, 0xe7, 0x99, 0x3b, 0x6b, 0xe3, 0x9c, 0x30, 0x08, 0x8d, 0x2b, 0x94, - 0xe8, 0x56, 0x33, 0xbe, 0x10, 0x3c, 0xa5, 0xd9, 0xcc, 0xfd, 0xc2, 0x3c, - 0x5a, 0xd2, 0x1a, 0x1a, 0x13, 0xcf, 0x19, 0xc3, 0x90, 0x1f, 0xe8, 0x84, - 0x55, 0x72, 0x60, 0x0c, 0xc7, 0xe5, 0xdf, 0x31, 0x6f, 0x62, 0xe2, 0x23, - 0x7e, 0x22, 0x4b, 0x4e, 0x01, 0xed, 0xb3, 0x2c, 0x81, 0x9f, 0x36, 0x4f, - 0x0c, 0x9f, 0xdc, 0x1f, 0x28, 0xda, 0xd2, 0xb6, 0x92, 0x1c, 0x79, 0x52, - 0xa2, 0x5a, 0x03, 0xe5, 0x9e, 0xf8, 0xd6, 0xc3, 0xa6, 0x1a, 0x54, 0xc4, - 0x6c, 0xfb, 0xad, 0x22, 0xe1, 0x86, 0x20, 0x1e, 0x59, 0xe1, 0x22, 0x01, - 0x8d, 0xc9, 0xbb, 0xc7, 0x44, 0xc5, 0x6c, 0xe6, 0x31, 0xcc, 0x11, 0xf9, - 0x52, 0x3f, 0x79, 0xb4, 0x1f, 0xf7, 0x97, 0x11, 0xee, 0xa6, 0x33, 0x37, - 0xc2, 0x4b, 0xfa, 0x37, 0x91, 0x0f, 0x91, 0x78, 0x3b, 0x78, 0xa4, 0xfe, - 0x22, 0xb8, 0x0e, 0x52, 0xe3, 0xe1, 0x03, 0x4f, 0xcb, 0x33, 0x6d, 0xae, - 0x90, 0x12, 0x24, 0x23, 0x66, 0x92, 0x30, 0xcd, 0x46, 0xfe, 0x54, 0x3c, - 0x1e, 0x0e, 0xd8, 0x09, 0x48, 0xd5, 0x0b, 0x7e, 0xcc, 0xf6, 0xc2, 0x22, - 0xbf, 0xcd, 0xb6, 0x1f, 0x84, 0xc9, 0x20, 0xd2, 0xe4, 0xdc, 0x9d, 0x5e, - 0xaa, 0xa1, 0x41, 0x5b, 0x13, 0xc7, 0x4f, 0x18, 0xb9, 0x41, 0x82, 0x05, - 0x6e, 0x10, 0x35, 0x62, 0xdc, 0x03, 0x32, 0x09, 0x30, 0xc2, 0x02, 0x66, - 0xbd, 0xec, 0xff, 0x56, 0xaa, 0xfb, 0xb5, 0xbd, 0x3a, 0x0a, 0xc6, 0x8b, - 0x66, 0x9b, 0xfe, 0x70, 0xe3, 0x29, 0xeb, 0xfe, 0x8e, 0xc8, 0x7c, 0xea, - 0x99, 0xff, 0x0b, 0x51, 0xce, 0x7d, 0xd0, 0x69, 0x4f, 0x07, 0x50, 0x98, - 0xa6, 0x77, 0xa4, 0x74, 0x3e, 0x10, 0xd3, 0xe3, 0x7f, 0x1f, 0xab, 0x84, - 0x9d, 0xba, 0x39, 0xa9, 0xc7, 0x39, 0xf1, 0xed, 0x15, 0x0f, 0xe7, 0x95, - 0x2b, 0x35, 0x20, 0x2f, 0xb6, 0x13, 0x8d, 0x24, 0xb2, 0xbf, 0x55, 0xe4, - 0x9b, 0xc7, 0x00, 0x6c, 0xf7, 0x8e, 0xa8, 0x05, 0x13, 0x59, 0x83, 0x10, - 0xc8, 0xb0, 0x21, 0x3b, 0xc8, 0x52, 0x5b, 0x92, 0x9e, 0x58, 0x12, 0x94, - 0xc4, 0x96}, + // This is a Bleichenbacher synthetic generated result + {0x74, 0x81, 0xb5, 0xd5, 0x98, 0xf1, 0xd8, 0x0d, 0x5b, 0x30, 0xae, 0x89, + 0x41, 0x91, 0x27, 0x44, 0x18, 0x76, 0x54, 0xca, 0x56, 0x23, 0x17, 0xc6, + 0x64, 0xdc, 0x2d, 0x0a, 0x4c, 0xe0, 0xdc, 0x3d, 0x0d, 0x05, 0x52, 0x05, + 0x5b, 0xc5, 0x7e, 0xd0, 0x26, 0x36, 0x5e, 0x13, 0xf8, 0x63, 0xa3, 0x7d, + 0x7c, 0x84, 0xbc, 0x90, 0x61, 0x88, 0xd3, 0xe7, 0xd6, 0x3b, 0xf1, 0x54, + 0x58, 0x42, 0xdc, 0xa3, 0x75, 0x51, 0x18, 0xdb, 0xfe, 0x26, 0xc7, 0x8d, + 0x24, 0x0f, 0x67, 0x63, 0x71, 0xab, 0xb4, 0xca, 0x29, 0x9f, 0x27, 0x63, + 0x7a, 0x0a, 0x18, 0xe9, 0xa6, 0x79, 0x10, 0xce, 0x2d, 0x21, 0x76, 0x05, + 0x60, 0x36, 0x04, 0x2f, 0x19, 0x7d, 0xf4, 0x4e, 0xfd, 0x59, 0x41, 0xbc, + 0x05, 0xcf, 0xd2, 0xca, 0xf8, 0xa3, 0xe4, 0x28, 0x34, 0x75, 0x99, 0x94, + 0xee, 0xd4, 0xa5, 0x25, 0x01, 0x8d, 0xd3, 0xb0, 0xc3, 0x24, 0x71, 0x7f, + 0xa2, 0x7c, 0x9e, 0x98, 0x01, 0x99, 0xc1, 0xfa, 0x0f, 0x09, 0xa2, 0xdc, + 0x0c, 0x3d, 0x67, 0x92, 0x27, 0xb7, 0xb0, 0x42, 0xf6, 0x76, 0x55, 0x4c, + 0xff, 0x6f, 0x70, 0x0a, 0x02, 0x6d, 0x58, 0x3c, 0xad, 0x1c, 0x49, 0xe6, + 0x0a, 0x2a, 0xcb, 0x61, 0xc9, 0x5e, 0x8e, 0x23, 0xb4, 0x37, 0xb6, 0x9a, + 0xe8, 0x00, 0x24, 0xb6, 0x95, 0x0c, 0x44, 0x00, 0xa0, 0x34, 0xaf, 0xfa, + 0xe9, 0x16, 0xf1, 0x2c, 0x2e, 0x23, 0xa3, 0xc7, 0xd3, 0x61, 0x31, 0xb7, + 0xfe, 0xfd, 0xab, 0x8f, 0x36, 0xaf, 0x8e, 0xd5, 0xbe, 0x4d, 0x4a, 0xc4, + 0x1c, 0xb6, 0x20, 0x6d, 0x0f, 0x3a, 0x01, 0x04, 0x62, 0x5f, 0x28, 0xb2, + 0xfb, 0x57, 0xa1, 0xd3, 0x31, 0x60, 0x51, 0xf2, 0x24, 0x2e, 0xf5, 0x3a, + 0x15, 0xef, 0x84, 0x1d, 0x76, 0x17, 0xee, 0xf4, 0xc0, 0x14, 0x88, 0x9a, + 0xde, 0x84, 0x1c, 0xbf, 0x9f, 0x5b, 0x7e, 0x63, 0x92, 0x38, 0x9e, 0xeb, + 0xf0, 0x0c, 0x2c, 0xba, 0xae, 0xe7, 0x33, 0x74, 0x21, 0x70, 0x64, 0x38, + 0x54, 0x22, 0x49}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -7698,7 +8206,7 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, priv_key_56, - false}, + true}, // Comment: edge case for montgomery reduction with special primes // tcID: 57 @@ -8212,6 +8720,585 @@ const RsaDecryptTestVector kRsa3072DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, priv_key_65, - true}}; + true}, + + // and invalid ciphertext that generates a synthethic plaintext + // that's zero bytes in length + {66, + {}, + {0x5e, 0x95, 0x6c, 0xd9, 0x65, 0x2f, 0x4a, 0x2e, 0xce, 0x90, 0x29, 0x31, + 0x01, 0x3e, 0x09, 0x66, 0x2b, 0x6a, 0x92, 0x57, 0xad, 0x1e, 0x98, 0x7f, + 0xb7, 0x5f, 0x73, 0xa0, 0x60, 0x6d, 0xf2, 0xa4, 0xb0, 0x47, 0x89, 0x77, + 0x08, 0x20, 0xc2, 0xe0, 0x23, 0x22, 0xc4, 0xe8, 0x26, 0xf7, 0x67, 0xbd, + 0x89, 0x57, 0x34, 0xa0, 0x1e, 0x20, 0x60, 0x9c, 0x3b, 0xe4, 0x51, 0x7a, + 0x7a, 0x2a, 0x58, 0x9e, 0xa1, 0xcd, 0xc1, 0x37, 0xbe, 0xb7, 0x3e, 0xb3, + 0x8d, 0xac, 0x78, 0x1b, 0x52, 0xe8, 0x63, 0xde, 0x96, 0x20, 0xf7, 0x9f, + 0x9b, 0x90, 0xfd, 0x5b, 0x95, 0x36, 0x51, 0xfc, 0xbf, 0xef, 0x4a, 0x9f, + 0x1c, 0xc0, 0x74, 0x21, 0xd5, 0x11, 0xa8, 0x7d, 0xd6, 0x94, 0x2c, 0xaa, + 0xb6, 0xa5, 0xa0, 0xf4, 0xdf, 0x47, 0x3e, 0x62, 0xde, 0xfb, 0x52, 0x9a, + 0x7d, 0xe1, 0x50, 0x9a, 0xb9, 0x9c, 0x59, 0x6e, 0x1d, 0xff, 0x13, 0x20, + 0x40, 0x22, 0x98, 0xd8, 0xbe, 0x73, 0xa8, 0x96, 0xcc, 0x86, 0xc3, 0x8a, + 0xe3, 0xf2, 0xf5, 0x76, 0xe9, 0xea, 0x70, 0xcc, 0x28, 0xad, 0x57, 0x5c, + 0xb0, 0xf8, 0x54, 0xf0, 0xbe, 0x43, 0x18, 0x6b, 0xaa, 0x9c, 0x18, 0xe2, + 0x9c, 0x47, 0xc6, 0xca, 0x77, 0x13, 0x5d, 0xb7, 0x9c, 0x81, 0x12, 0x31, + 0xb7, 0xc1, 0x73, 0x09, 0x55, 0x88, 0x7d, 0x32, 0x1f, 0xdc, 0x06, 0x56, + 0x83, 0x82, 0xb8, 0x66, 0x43, 0xcf, 0x08, 0x9b, 0x10, 0xe3, 0x5a, 0xb2, + 0x3e, 0x82, 0x7d, 0x2e, 0x5a, 0xa7, 0xb4, 0xe9, 0x9f, 0xf2, 0xe9, 0x14, + 0xf3, 0x02, 0x35, 0x18, 0x19, 0xeb, 0x4d, 0x16, 0x93, 0x24, 0x3b, 0x35, + 0xf8, 0xbf, 0x1d, 0x42, 0xd0, 0x8f, 0x8e, 0xc4, 0xac, 0xaf, 0xa3, 0x5f, + 0x74, 0x7a, 0x4a, 0x97, 0x5a, 0x28, 0x64, 0x3e, 0xc6, 0x30, 0xd8, 0xe4, + 0xfa, 0x5b, 0xe5, 0x9d, 0x81, 0x99, 0x56, 0x60, 0xa1, 0x4b, 0xb6, 0x4c, + 0x1f, 0xea, 0x51, 0x46, 0xd6, 0xb1, 0x1f, 0x92, 0xda, 0x6a, 0x39, 0x56, + 0xdd, 0x5c, 0xb5, 0xe0, 0xd7, 0x47, 0xcf, 0x2e, 0xa2, 0x3f, 0x81, 0x61, + 0x77, 0x69, 0x18, 0x53, 0x36, 0x26, 0x3d, 0x46, 0xef, 0x4c, 0x14, 0x4b, + 0x75, 0x4d, 0xe6, 0x2a, 0x63, 0x37, 0x34, 0x2d, 0x6c, 0x85, 0xa9, 0x5f, + 0x19, 0xf0, 0x15, 0x72, 0x45, 0x46, 0xee, 0x3f, 0xc4, 0x82, 0x3e, 0xca, + 0x60, 0x3d, 0xbc, 0x1d, 0xc0, 0x1c, 0x2d, 0x5e, 0xd5, 0x0b, 0xd7, 0x2d, + 0x8e, 0x96, 0xdf, 0x2d, 0xc0, 0x48, 0xed, 0xde, 0x00, 0x81, 0x28, 0x40, + 0x68, 0x28, 0x3f, 0xc5, 0xe7, 0x3a, 0x61, 0x39, 0x85, 0x1a, 0xbf, 0x2f, + 0x29, 0x97, 0x7d, 0x0b, 0x3d, 0x16, 0x0c, 0x88, 0x3a, 0x42, 0xa3, 0x7e, + 0xfb, 0xa1, 0xbe, 0x05, 0xc1, 0xa0, 0xb1, 0x74, 0x1d, 0x7d, 0xdf, 0x59}, + priv_key_3b, + true}, + + // an invalid ciphertext that generates last length that's one byte + // too long for the key size, so the second to last value needs to get + // used + {67, + {0x56, 0xa3, 0xbe, 0xa0, 0x54, 0xe0, 0x13, 0x38, 0xbe, 0x9b, 0x7d, 0x79, + 0x57, 0x53, 0x9c}, + {0x7d, 0xb0, 0x39, 0x0d, 0x75, 0xfc, 0xf9, 0xd4, 0xc5, 0x9c, 0xf2, 0x7b, + 0x26, 0x41, 0x90, 0xd8, 0x56, 0xda, 0x9a, 0xbd, 0x11, 0xe9, 0x23, 0x34, + 0xd0, 0xe5, 0xf7, 0x10, 0x05, 0xcf, 0xed, 0x86, 0x5a, 0x71, 0x1d, 0xfa, + 0x28, 0xb7, 0x91, 0x18, 0x83, 0x74, 0xb6, 0x19, 0x16, 0xdb, 0xc1, 0x13, + 0x39, 0xbf, 0x14, 0xb0, 0x6f, 0x5f, 0x3f, 0x68, 0xc2, 0x06, 0xc5, 0x60, + 0x73, 0x80, 0xe1, 0x3d, 0xa3, 0x12, 0x9b, 0xfb, 0x74, 0x41, 0x57, 0xe1, + 0x52, 0x7d, 0xd6, 0xfd, 0xf6, 0x65, 0x12, 0x48, 0xb0, 0x28, 0xa4, 0x96, + 0xae, 0x1b, 0x97, 0x70, 0x2d, 0x44, 0x70, 0x60, 0x43, 0xcd, 0xaa, 0x7a, + 0x59, 0xc0, 0xf4, 0x13, 0x67, 0x30, 0x3f, 0x21, 0xf2, 0x68, 0x96, 0x8b, + 0xf3, 0xbd, 0x29, 0x04, 0xdb, 0x3a, 0xe5, 0x23, 0x9b, 0x55, 0xf8, 0xb4, + 0x38, 0xd9, 0x3d, 0x7d, 0xb9, 0xd1, 0x66, 0x6c, 0x07, 0x1c, 0x08, 0x57, + 0xe2, 0xec, 0x37, 0x75, 0x74, 0x63, 0x76, 0x9c, 0x54, 0xe5, 0x1f, 0x05, + 0x2b, 0x2a, 0x71, 0xb0, 0x4c, 0x28, 0x69, 0xe9, 0xe7, 0x04, 0x9a, 0x10, + 0x37, 0xb8, 0x42, 0x92, 0x06, 0xc9, 0x97, 0x26, 0xf0, 0x72, 0x89, 0xba, + 0xc1, 0x83, 0x63, 0xe7, 0xeb, 0x2a, 0x5b, 0x41, 0x7f, 0x47, 0xc3, 0x7a, + 0x55, 0x09, 0x0c, 0xda, 0x67, 0x65, 0x17, 0xb3, 0x54, 0x9c, 0x87, 0x3f, + 0x2f, 0xe9, 0x5d, 0xa9, 0x68, 0x17, 0x52, 0xec, 0x98, 0x64, 0xb0, 0x69, + 0x08, 0x9a, 0x2e, 0xd2, 0xf3, 0x40, 0xc8, 0xb0, 0x4e, 0xe0, 0x00, 0x79, + 0x05, 0x5a, 0x81, 0x7a, 0x33, 0x55, 0xb4, 0x6a, 0xc7, 0xdc, 0x00, 0xd1, + 0x7f, 0x45, 0x04, 0xcc, 0xfb, 0xcf, 0xca, 0xdb, 0x0c, 0x04, 0xcb, 0x6b, + 0x22, 0x06, 0x9e, 0x17, 0x93, 0x85, 0xae, 0x1e, 0xaf, 0xab, 0xad, 0x55, + 0x21, 0xba, 0xc2, 0xb8, 0xa8, 0xee, 0x1d, 0xff, 0xf5, 0x9a, 0x22, 0xeb, + 0x3f, 0xda, 0xcf, 0xc8, 0x71, 0x75, 0xd1, 0x0d, 0x78, 0x94, 0xcf, 0xd8, + 0x69, 0xd0, 0x56, 0x05, 0x7d, 0xd9, 0x94, 0x4b, 0x86, 0x9c, 0x17, 0x84, + 0xfc, 0xc2, 0x7f, 0x73, 0x1b, 0xc4, 0x61, 0x71, 0xd3, 0x95, 0x70, 0xfb, + 0xff, 0xba, 0xdf, 0x08, 0x2d, 0x33, 0xf6, 0x35, 0x2e, 0xcf, 0x44, 0xac, + 0xa8, 0xd9, 0x47, 0x8e, 0x53, 0xf5, 0xa5, 0xb7, 0xc8, 0x52, 0xb4, 0x01, + 0xe8, 0xf5, 0xf7, 0x4d, 0xa4, 0x9d, 0xa9, 0x1e, 0x65, 0xbd, 0xc9, 0x77, + 0x65, 0xa9, 0x52, 0x3b, 0x7a, 0x08, 0x85, 0xa6, 0xf8, 0xaf, 0xe5, 0x75, + 0x9d, 0x58, 0x00, 0x9f, 0xbf, 0xa8, 0x37, 0x47, 0x2a, 0x96, 0x8e, 0x6a, + 0xe9, 0x20, 0x26, 0xa5, 0xe0, 0x20, 0x2a, 0x39, 0x54, 0x83, 0x09, 0x53, + 0x02, 0xd6, 0xc3, 0x98, 0x5b, 0x5f, 0x58, 0x31, 0xc5, 0x21, 0xa2, 0x71}, + priv_key_3b, + true}, + // an invalid ciphertext that generates a plaintext of maximum size + // for this key size + {68, + {0x7b, 0x03, 0x6f, 0xcd, 0x62, 0x43, 0x90, 0x0e, 0x42, 0x36, 0xc8, 0x94, + 0xe2, 0x46, 0x2c, 0x17, 0x73, 0x8a, 0xcc, 0x87, 0xe0, 0x1a, 0x76, 0xf4, + 0xd9, 0x5c, 0xb9, 0xa3, 0x28, 0xd9, 0xac, 0xde, 0x81, 0x65, 0x02, 0x83, + 0xb8, 0xe8, 0xf6, 0x0a, 0x21, 0x7e, 0x3b, 0xde, 0xe8, 0x35, 0xc7, 0xb2, + 0x22, 0xad, 0x4c, 0x85, 0xd0, 0xac, 0xdb, 0x9a, 0x30, 0x9b, 0xd2, 0xa7, + 0x54, 0x60, 0x9a, 0x65, 0xde, 0xc5, 0x0f, 0x3a, 0xa0, 0x4c, 0x6d, 0x58, + 0x91, 0x03, 0x45, 0x66, 0xb9, 0x56, 0x3d, 0x42, 0x66, 0x8e, 0xde, 0x1f, + 0x89, 0x92, 0xb1, 0x77, 0x53, 0xa2, 0x13, 0x2e, 0x28, 0x97, 0x05, 0x84, + 0xe2, 0x55, 0xef, 0xc8, 0xb4, 0x5a, 0x41, 0xc5, 0xdb, 0xd7, 0x56, 0x7f, + 0x01, 0x4a, 0xce, 0xc5, 0xfe, 0x6f, 0xdb, 0x6d, 0x48, 0x47, 0x90, 0x36, + 0x0a, 0x91, 0x3e, 0xbb, 0x9d, 0xef, 0xcd, 0x74, 0xff, 0x37, 0x7f, 0x2a, + 0x8b, 0xa4, 0x6d, 0x2e, 0xd8, 0x5f, 0x73, 0x3c, 0x9a, 0x3d, 0xa0, 0x8e, + 0xb5, 0x7e, 0xce, 0xdf, 0xaf, 0xda, 0x80, 0x67, 0x78, 0xf0, 0x3c, 0x66, + 0xb2, 0xc5, 0xd2, 0x87, 0x4c, 0xec, 0x1c, 0x29, 0x1b, 0x2d, 0x49, 0xeb, + 0x19, 0x4c, 0x7b, 0x5d, 0x0d, 0xd2, 0x90, 0x8a, 0xe9, 0x0f, 0x48, 0x43, + 0x26, 0x8a, 0x2c, 0x45, 0x56, 0x30, 0x92, 0xad, 0xe0, 0x8a, 0xcb, 0x6a, + 0xb4, 0x81, 0xa0, 0x81, 0x76, 0x10, 0x2f, 0xc8, 0x03, 0xfb, 0xb2, 0xf8, + 0xad, 0x11, 0xb0, 0xe1, 0x53, 0x1b, 0xd3, 0x7d, 0xf5, 0x43, 0x49, 0x8d, + 0xaf, 0x18, 0x0b, 0x12, 0x01, 0x7f, 0x4d, 0x4d, 0x42, 0x6c, 0xa2, 0x9b, + 0x41, 0x61, 0x07, 0x55, 0x34, 0xbf, 0xb9, 0x14, 0x96, 0x80, 0x88, 0xa9, + 0xd1, 0x37, 0x85, 0xd0, 0xad, 0xc0, 0xe2, 0x58, 0x0d, 0x35, 0x48, 0x49, + 0x4b, 0x2a, 0x9e, 0x91, 0x60, 0x5f, 0x2b, 0x27, 0xe6, 0xcc, 0x70, 0x1c, + 0x79, 0x6f, 0x0d, 0xe7, 0xc6, 0xf4, 0x71, 0xf6, 0xab, 0x6c, 0xb9, 0x27, + 0x2a, 0x1e, 0xd6, 0x37, 0xca, 0x32, 0xa6, 0x0d, 0x11, 0x75, 0x05, 0xd8, + 0x2a, 0xf3, 0xc1, 0x33, 0x61, 0x04, 0xaf, 0xb5, 0x37, 0xd0, 0x1a, 0x8f, + 0x70, 0xb5, 0x10, 0xe1, 0xee, 0xbf, 0x48, 0x69, 0xcb, 0x97, 0x6c, 0x41, + 0x94, 0x73, 0x79, 0x5a, 0x66, 0xc7, 0xf5, 0xe6, 0xe2, 0x0a, 0x80, 0x94, + 0xb1, 0xbb, 0x60, 0x3a, 0x74, 0x33, 0x0c, 0x53, 0x7c, 0x5c, 0x06, 0x98, + 0xc3, 0x15, 0x38, 0xbd, 0x2e, 0x13, 0x8c, 0x12, 0x75, 0xa1, 0xbd, 0xf2, + 0x4c, 0x5f, 0xa8, 0xab, 0x3b, 0x7b, 0x52, 0x63, 0x24, 0xe7, 0x91, 0x8a, + 0x38, 0x2d, 0x13, 0x63, 0xb3, 0xd4, 0x63, 0x76, 0x42, 0x22, 0x15, 0x0e, + 0x04}, + {0x17, 0x15, 0x06, 0x53, 0x22, 0x52, 0x2d, 0xff, 0x85, 0x04, 0x98, 0x00, + 0xf6, 0xa2, 0x9a, 0xb5, 0xf9, 0x8c, 0x46, 0x50, 0x20, 0x46, 0x74, 0x14, + 0xb2, 0xa4, 0x41, 0x27, 0xfe, 0x94, 0x46, 0xda, 0x47, 0xfa, 0x18, 0x04, + 0x79, 0x00, 0xf9, 0x9a, 0xfe, 0x67, 0xc2, 0xdf, 0x6f, 0x50, 0x16, 0x0b, + 0xb8, 0xe9, 0x0b, 0xff, 0x29, 0x66, 0x10, 0xfd, 0xe6, 0x32, 0xb3, 0x85, + 0x9d, 0x4d, 0x0d, 0x2e, 0x64, 0x4f, 0x23, 0x83, 0x50, 0x28, 0xc4, 0x6c, + 0xca, 0x01, 0xb8, 0x4b, 0x88, 0x23, 0x1d, 0x7e, 0x03, 0x15, 0x4e, 0xde, + 0xc6, 0x62, 0x7b, 0xcb, 0xa2, 0x3d, 0xe7, 0x67, 0x40, 0xd8, 0x39, 0x85, + 0x1f, 0xa1, 0x2d, 0x74, 0xc8, 0xf9, 0x2e, 0x54, 0x0c, 0x73, 0xfe, 0x83, + 0x7b, 0x91, 0xb7, 0xd6, 0x99, 0xb3, 0x11, 0x99, 0x7d, 0x5f, 0x0f, 0x78, + 0x64, 0xc4, 0x86, 0xd4, 0x99, 0xc3, 0xa7, 0x9c, 0x11, 0x1f, 0xaa, 0xac, + 0xbe, 0x47, 0x99, 0x59, 0x7a, 0x25, 0x06, 0x6c, 0x62, 0x00, 0x21, 0x5c, + 0x3d, 0x15, 0x8f, 0x38, 0x17, 0xc1, 0xaa, 0x57, 0xf1, 0x8b, 0xda, 0xad, + 0x0b, 0xe1, 0x65, 0x8d, 0xa9, 0xda, 0x93, 0xf5, 0xcc, 0x6c, 0x3c, 0x4d, + 0xd7, 0x27, 0x88, 0xaf, 0x57, 0xad, 0xbb, 0x6a, 0x0c, 0x26, 0xf4, 0x2d, + 0x32, 0xd9, 0x5b, 0x8a, 0x4f, 0x95, 0xe8, 0xc6, 0xfe, 0xb2, 0xf8, 0xa5, + 0xd5, 0x3b, 0x19, 0xa5, 0x0a, 0x0b, 0x7c, 0xbc, 0x25, 0xe0, 0x55, 0xad, + 0x03, 0xe5, 0xac, 0xe8, 0xf3, 0xf7, 0xdb, 0x13, 0xe5, 0x77, 0x59, 0xf6, + 0x7b, 0x65, 0xd1, 0x43, 0xf0, 0x8c, 0xca, 0x15, 0x99, 0x2c, 0x6b, 0x2a, + 0xae, 0x64, 0x33, 0x90, 0x48, 0x3d, 0xe1, 0x11, 0xc2, 0x98, 0x8d, 0x4e, + 0x76, 0xb4, 0x25, 0x96, 0x26, 0x60, 0x05, 0x10, 0x3c, 0x8d, 0xe6, 0x04, + 0x4f, 0xb7, 0x39, 0x8e, 0xb3, 0xc2, 0x8a, 0x86, 0x4f, 0xa6, 0x72, 0xde, + 0x5f, 0xd8, 0x77, 0x45, 0x10, 0xff, 0x45, 0xe0, 0x59, 0x69, 0xa1, 0x1a, + 0x4c, 0x7d, 0x3f, 0x34, 0x3e, 0x33, 0x11, 0x90, 0xd2, 0xdc, 0xf2, 0x4f, + 0xb9, 0x15, 0x4b, 0xa9, 0x04, 0xdc, 0x94, 0xaf, 0x98, 0xaf, 0xc5, 0x77, + 0x4a, 0x96, 0x17, 0xd0, 0x41, 0x8f, 0xe6, 0xd1, 0x3f, 0x82, 0x45, 0xc7, + 0xd7, 0x62, 0x6c, 0x17, 0x61, 0x38, 0xdd, 0x69, 0x8a, 0x23, 0x54, 0x7c, + 0x25, 0xf2, 0x7c, 0x2b, 0x98, 0xea, 0x4d, 0x8a, 0x45, 0xc7, 0x84, 0x2b, + 0x81, 0x88, 0x8e, 0x4c, 0xc1, 0x4e, 0x5b, 0x72, 0xe9, 0xcf, 0x91, 0xf5, + 0x69, 0x56, 0xc9, 0x3d, 0xbf, 0x2e, 0x5f, 0x44, 0xa8, 0x28, 0x2a, 0x78, + 0x13, 0x15, 0x7f, 0xc4, 0x81, 0xff, 0x13, 0x71, 0xa0, 0xf6, 0x6b, 0x31, + 0x79, 0x7e, 0x81, 0xeb, 0xdb, 0x09, 0xa6, 0x73, 0xd4, 0xdb, 0x96, 0xd6}, + priv_key_3b, + true}, + + // test_positive_9_bytes_long + {69, + // 'forty two' + {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f}, + {0x6c, 0x60, 0x84, 0x5a, 0x85, 0x4b, 0x45, 0x71, 0xf6, 0x78, 0x94, 0x1a, + 0xe3, 0x5a, 0x2a, 0xc0, 0x3f, 0x67, 0xc2, 0x1e, 0x21, 0x14, 0x6f, 0x9d, + 0xb1, 0xf2, 0x30, 0x6b, 0xe9, 0xf1, 0x36, 0x45, 0x3b, 0x86, 0xad, 0x55, + 0x64, 0x7d, 0x4f, 0x7b, 0x5c, 0x9e, 0x62, 0x19, 0x7a, 0xaf, 0xf0, 0xc0, + 0xe4, 0x0a, 0x3b, 0x54, 0xc4, 0xcd, 0xe1, 0x4e, 0x77, 0x4b, 0x1c, 0x59, + 0x59, 0xb6, 0xc2, 0xa2, 0x30, 0x28, 0x96, 0xff, 0xae, 0x1f, 0x73, 0xb0, + 0x0b, 0x86, 0x2a, 0x20, 0xff, 0x43, 0x04, 0xfe, 0x06, 0xce, 0xa7, 0xff, + 0x30, 0xec, 0xb3, 0x77, 0x3c, 0xa9, 0xaf, 0x27, 0xa0, 0xb5, 0x45, 0x47, + 0x35, 0x0d, 0x7c, 0x07, 0xdf, 0xb0, 0xa3, 0x96, 0x29, 0xc7, 0xe7, 0x1e, + 0x83, 0xfc, 0x5a, 0xf9, 0xb2, 0xad, 0xba, 0xf8, 0x98, 0xe0, 0x37, 0xf1, + 0xde, 0x69, 0x6a, 0x3f, 0x32, 0x8c, 0xf4, 0x5a, 0xf7, 0xec, 0x9a, 0xff, + 0x71, 0x73, 0x85, 0x40, 0x87, 0xfb, 0x8f, 0xbf, 0x34, 0xbe, 0x98, 0x1e, + 0xfb, 0xd8, 0x49, 0x3f, 0x94, 0x38, 0xd1, 0xb2, 0xba, 0x2a, 0x86, 0xaf, + 0x08, 0x26, 0x62, 0xaa, 0x46, 0xae, 0x9a, 0xdf, 0xbe, 0xc5, 0x1e, 0x5f, + 0x3d, 0x95, 0x50, 0xa4, 0xdd, 0x1d, 0xcb, 0x7c, 0x89, 0x69, 0xc9, 0x58, + 0x7a, 0x6e, 0xdc, 0x82, 0xa8, 0xca, 0xbb, 0xc7, 0x85, 0xc4, 0x0d, 0x9f, + 0xbd, 0x12, 0x06, 0x45, 0x59, 0xfb, 0x76, 0x94, 0x50, 0xac, 0x3e, 0x47, + 0xe8, 0x7b, 0xc0, 0x46, 0x14, 0x81, 0x30, 0xd7, 0xea, 0xa8, 0x43, 0xe4, + 0xb3, 0xcc, 0xef, 0x36, 0x75, 0xd0, 0x63, 0x05, 0x00, 0x80, 0x3c, 0xb7, + 0xff, 0xee, 0x38, 0x82, 0x37, 0x8c, 0x1a, 0x40, 0x4e, 0x85, 0x0c, 0x3e, + 0x20, 0x70, 0x7b, 0xb7, 0x45, 0xe4, 0x2b, 0x13, 0xc1, 0x87, 0x86, 0xc4, + 0x97, 0x60, 0x76, 0xed, 0x9f, 0xa8, 0xfd, 0x0f, 0xf1, 0x5e, 0x57, 0x1b, + 0xef, 0x02, 0xcb, 0xbe, 0x2f, 0x90, 0xc9, 0x08, 0xac, 0x37, 0x34, 0xa4, + 0x33, 0xb7, 0x3e, 0x77, 0x8d, 0x4d, 0x17, 0xfc, 0xc2, 0x8f, 0x49, 0x18, + 0x5e, 0xbc, 0x6e, 0x85, 0x36, 0xa0, 0x6d, 0x29, 0x32, 0x02, 0xd9, 0x44, + 0x96, 0x45, 0x3b, 0xfd, 0xf1, 0xc2, 0xc7, 0x83, 0x3a, 0x3f, 0x99, 0xfa, + 0x38, 0xca, 0x8a, 0x81, 0xf4, 0x2e, 0xaa, 0x52, 0x9d, 0x60, 0x3b, 0x89, + 0x03, 0x08, 0xa3, 0x19, 0xc0, 0xab, 0x63, 0xa3, 0x5f, 0xf8, 0xeb, 0xac, + 0x96, 0x5f, 0x62, 0x78, 0xf5, 0xa7, 0xe5, 0xd6, 0x22, 0xbe, 0x5d, 0x5f, + 0xe5, 0x5f, 0x0c, 0xa3, 0xec, 0x99, 0x3d, 0x55, 0x43, 0x0d, 0x2b, 0xf5, + 0x9c, 0x5d, 0x3e, 0x86, 0x0e, 0x90, 0xc1, 0x6d, 0x91, 0xa0, 0x45, 0x96, + 0xf6, 0xfd, 0xf6, 0x0d, 0x89, 0xed, 0x95, 0xd8, 0x8c, 0x03, 0x6d, 0xde}, + priv_key_3b, + true}, + + // a valid ciphertext that starts with a null byte and decrypts to + // 9 byte long value + {70, + // 'forty two' + {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f}, + {0x00, 0xf4, 0xd5, 0x65, 0xa3, 0x28, 0x67, 0x84, 0xdb, 0xb8, 0x53, 0x27, + 0xdb, 0x88, 0x07, 0xae, 0x55, 0x7e, 0xad, 0x22, 0x9f, 0x92, 0xab, 0xa9, + 0x45, 0xce, 0xcd, 0xa5, 0x22, 0x5f, 0x60, 0x6a, 0x7d, 0x61, 0x30, 0xed, + 0xee, 0xb6, 0xf2, 0x67, 0x24, 0xd1, 0xef, 0xf1, 0x11, 0x0f, 0x9e, 0xb1, + 0x8d, 0xc3, 0x24, 0x81, 0x40, 0xee, 0x38, 0x37, 0xe6, 0x68, 0x83, 0x91, + 0xe7, 0x87, 0x96, 0xc5, 0x26, 0x79, 0x13, 0x84, 0xf0, 0x45, 0xe2, 0x1b, + 0x6b, 0x85, 0x3f, 0xb6, 0x34, 0x2a, 0x11, 0xf3, 0x09, 0xeb, 0x77, 0x96, + 0x2f, 0x37, 0xce, 0x23, 0x92, 0x5a, 0xf6, 0x00, 0x84, 0x7f, 0xbd, 0x30, + 0xe6, 0xe0, 0x7e, 0x57, 0xde, 0x50, 0xb6, 0x06, 0xe6, 0xb7, 0xf2, 0x88, + 0xcc, 0x77, 0x7c, 0x1a, 0x68, 0x34, 0xf2, 0x7e, 0x6e, 0xda, 0xce, 0x50, + 0x84, 0x52, 0x12, 0x89, 0x16, 0xee, 0xf7, 0x78, 0x8c, 0x8b, 0xb2, 0x27, + 0xe3, 0x54, 0x8c, 0x6a, 0x76, 0x1c, 0xc4, 0xe9, 0xdd, 0x1a, 0x35, 0x84, + 0x17, 0x6d, 0xc0, 0x53, 0xba, 0x35, 0x00, 0xad, 0xb1, 0xd5, 0xe1, 0x61, + 0x12, 0x91, 0x65, 0x4f, 0x12, 0xdf, 0xc5, 0x72, 0x28, 0x32, 0xf6, 0x35, + 0xdb, 0x30, 0x02, 0xd7, 0x3f, 0x9d, 0xef, 0xc3, 0x10, 0xac, 0xe6, 0x2c, + 0x63, 0x86, 0x8d, 0x34, 0x16, 0x19, 0xc7, 0xee, 0x15, 0xb2, 0x02, 0x43, + 0xb3, 0x37, 0x1e, 0x05, 0x07, 0x8e, 0x11, 0x21, 0x97, 0x70, 0xc7, 0x01, + 0xd9, 0xf3, 0x41, 0xaf, 0x35, 0xdf, 0x1b, 0xc7, 0x29, 0xde, 0x29, 0x48, + 0x25, 0xff, 0x2e, 0x41, 0x6a, 0xa1, 0x15, 0x26, 0x61, 0x28, 0x52, 0x77, + 0x7e, 0xb1, 0x31, 0xf9, 0xc4, 0x51, 0x51, 0xeb, 0x14, 0x49, 0x80, 0xd7, + 0x06, 0x08, 0xd2, 0xfc, 0x40, 0x43, 0x47, 0x73, 0x68, 0x36, 0x9a, 0xa0, + 0xfe, 0x48, 0x7a, 0x48, 0xbd, 0x57, 0xe6, 0x6b, 0x00, 0xc3, 0xc5, 0x8f, + 0x94, 0x15, 0x49, 0xf5, 0xec, 0x05, 0x0f, 0xca, 0x64, 0x44, 0x9d, 0xeb, + 0xe7, 0xa0, 0xc4, 0xac, 0x51, 0xe5, 0x5c, 0xb7, 0x16, 0x20, 0xa7, 0x03, + 0x12, 0xaa, 0x4b, 0xd8, 0x5f, 0xac, 0x14, 0x10, 0xc9, 0xc7, 0xf9, 0xd6, + 0xec, 0x61, 0x0b, 0x7d, 0x11, 0xbf, 0x8f, 0xae, 0xff, 0xa2, 0x02, 0x55, + 0xd1, 0xa1, 0xbe, 0xad, 0x92, 0x97, 0xd0, 0xaa, 0x87, 0x65, 0xcd, 0x28, + 0x05, 0x84, 0x7d, 0x63, 0x9b, 0xc4, 0x39, 0xf4, 0xa6, 0xc8, 0x96, 0xe2, + 0x00, 0x8f, 0x74, 0x6f, 0x95, 0x90, 0xff, 0x45, 0x96, 0xde, 0x5d, 0xdd, + 0xe0, 0x00, 0xed, 0x66, 0x6c, 0x45, 0x2c, 0x97, 0x80, 0x43, 0xff, 0x42, + 0x98, 0x46, 0x1e, 0xb5, 0xa2, 0x6d, 0x5e, 0x63, 0xd8, 0x21, 0x43, 0x86, + 0x27, 0xf9, 0x12, 0x01, 0x92, 0x4b, 0xf7, 0xf2, 0xae, 0xee, 0x17, 0x27}, + priv_key_3b, + true}, + + // a valid ciphertext that starts with two null bytes and decrypts to + // 9 byte long value + {71, + // 'forty two' + {0x66, 0x6f, 0x72, 0x74, 0x79, 0x20, 0x74, 0x77, 0x6f}, + {0x00, 0x00, 0x1e, 0xc9, 0x7a, 0xc9, 0x81, 0xdf, 0xd9, 0xdc, 0xc7, 0xa7, + 0x38, 0x9f, 0xdf, 0xa9, 0xd3, 0x61, 0x14, 0x1d, 0xac, 0x80, 0xc2, 0x3a, + 0x06, 0x04, 0x10, 0xd4, 0x72, 0xc1, 0x60, 0x94, 0xe6, 0xcd, 0xff, 0xc0, + 0xc3, 0x68, 0x4d, 0x84, 0xaa, 0x40, 0x2d, 0x70, 0x51, 0xdf, 0xcc, 0xb2, + 0xf6, 0xda, 0x33, 0xf6, 0x69, 0x85, 0xd2, 0xa2, 0x59, 0xf5, 0xb7, 0xfb, + 0xf3, 0x9a, 0xc5, 0x37, 0xe9, 0x5c, 0x5b, 0x70, 0x50, 0xeb, 0x18, 0x84, + 0x4a, 0x05, 0x13, 0xab, 0xef, 0x81, 0x2c, 0xc8, 0xe7, 0x4a, 0x3c, 0x52, + 0x40, 0x00, 0x9e, 0x6e, 0x80, 0x5d, 0xca, 0xdf, 0x53, 0x2b, 0xc1, 0xa2, + 0x70, 0x2d, 0x5a, 0xcc, 0x9e, 0x58, 0x5f, 0xad, 0x5b, 0x89, 0xd4, 0x61, + 0xfc, 0xc1, 0x39, 0x73, 0x51, 0xcd, 0xce, 0x35, 0x17, 0x15, 0x23, 0x75, + 0x8b, 0x17, 0x1d, 0xc0, 0x41, 0xf4, 0x12, 0xe4, 0x29, 0x66, 0xde, 0x7f, + 0x94, 0x85, 0x64, 0x77, 0x35, 0x6d, 0x06, 0xf2, 0xa6, 0xb4, 0x0e, 0x3f, + 0xf0, 0x54, 0x75, 0x62, 0xa4, 0xd9, 0x1b, 0xbf, 0x13, 0x38, 0xe9, 0xe0, + 0x49, 0xfa, 0xcb, 0xee, 0x8b, 0x20, 0x17, 0x11, 0x64, 0x50, 0x54, 0x68, + 0xcd, 0x30, 0x89, 0x97, 0x44, 0x7d, 0x3d, 0xc4, 0xb0, 0xac, 0xb4, 0x9e, + 0x7d, 0x36, 0x8f, 0xed, 0xd8, 0xc7, 0x34, 0x25, 0x1f, 0x30, 0xa8, 0x34, + 0x91, 0xd2, 0x50, 0x6f, 0x3f, 0x87, 0x31, 0x8c, 0xc1, 0x18, 0x82, 0x32, + 0x44, 0xa3, 0x93, 0xdc, 0x7c, 0x5c, 0x73, 0x9a, 0x27, 0x33, 0xd9, 0x3e, + 0x1b, 0x13, 0xdb, 0x68, 0x40, 0xa9, 0x42, 0x99, 0x47, 0x35, 0x7f, 0x47, + 0xb2, 0x3f, 0xbe, 0x39, 0xb7, 0xd2, 0xd6, 0x1e, 0x5e, 0xe2, 0x6f, 0x99, + 0x46, 0xc4, 0x63, 0x2f, 0x6c, 0x46, 0x99, 0xe4, 0x52, 0xf4, 0x12, 0xa2, + 0x66, 0x41, 0xd4, 0x75, 0x11, 0x35, 0x40, 0x07, 0x13, 0xcd, 0x56, 0xec, + 0x66, 0xf0, 0x37, 0x04, 0x23, 0xd5, 0x5d, 0x2a, 0xf7, 0x0f, 0x5e, 0x7a, + 0xd0, 0xad, 0xea, 0x8e, 0x4a, 0x0d, 0x90, 0x4a, 0x01, 0xe4, 0xac, 0x27, + 0x2e, 0xba, 0x4a, 0xf1, 0xa0, 0x29, 0xdd, 0x53, 0xeb, 0x71, 0xf1, 0x15, + 0xbf, 0x31, 0xf7, 0xa6, 0xc8, 0xb1, 0x9a, 0x65, 0x23, 0xad, 0xee, 0xcc, + 0x0d, 0x4c, 0x3c, 0x10, 0x75, 0x75, 0xe3, 0x85, 0x72, 0xa8, 0xf8, 0x47, + 0x4c, 0xca, 0xd1, 0x63, 0xe4, 0x6e, 0x2e, 0x8b, 0x08, 0x11, 0x11, 0x32, + 0xaa, 0x97, 0xa1, 0x6f, 0xb5, 0x88, 0xc9, 0xb7, 0xe3, 0x7b, 0x3b, 0x3d, + 0x74, 0x90, 0x38, 0x1f, 0x3c, 0x55, 0xd1, 0xa9, 0x86, 0x9a, 0x0f, 0xd4, + 0x2c, 0xd8, 0x6f, 0xed, 0x59, 0xec, 0xec, 0x78, 0xcb, 0x6b, 0x2d, 0xfd, + 0x06, 0xa4, 0x97, 0xf5, 0xaf, 0xe3, 0x41, 0x96, 0x91, 0x31, 0x4b, 0xa0}, + priv_key_3b, + true}, + + // test_negative_9_bytes_long + {72, + {0x25, 0x79, 0x06, 0xca, 0x6d, 0xe8, 0x30, 0x77, 0x28}, + {0x5c, 0x85, 0x55, 0xf5, 0xce, 0xf6, 0x27, 0xc1, 0x5d, 0x37, 0xf8, 0x5c, + 0x7f, 0x5f, 0xd6, 0xe4, 0x99, 0x26, 0x4e, 0xa4, 0xb8, 0xe3, 0xf9, 0x11, + 0x20, 0x23, 0xae, 0xb7, 0x22, 0xeb, 0x38, 0xd8, 0xea, 0xc2, 0xbe, 0x37, + 0x51, 0xfd, 0x5a, 0x37, 0x85, 0xab, 0x7f, 0x2d, 0x59, 0xfa, 0x37, 0x28, + 0xe5, 0xbe, 0x8c, 0x3d, 0xe7, 0x8a, 0x67, 0x46, 0x4e, 0x30, 0xb2, 0x1e, + 0xe2, 0x3b, 0x54, 0x84, 0xbb, 0x3c, 0xd0, 0x6d, 0x0e, 0x1c, 0x6a, 0xd2, + 0x56, 0x49, 0xc8, 0x51, 0x81, 0x65, 0x65, 0x3e, 0xb8, 0x04, 0x88, 0xbf, + 0xb4, 0x91, 0xb2, 0x0c, 0x04, 0x89, 0x7a, 0x67, 0x72, 0xf6, 0x92, 0x92, + 0x22, 0x2f, 0xc5, 0xef, 0x50, 0xb5, 0xcf, 0x9e, 0xfc, 0x6d, 0x60, 0x42, + 0x6a, 0x44, 0x9b, 0x6c, 0x48, 0x95, 0x69, 0xd4, 0x8c, 0x83, 0x48, 0x8d, + 0xf6, 0x29, 0xd6, 0x95, 0x65, 0x3d, 0x40, 0x9c, 0xe4, 0x9a, 0x79, 0x54, + 0x47, 0xfc, 0xec, 0x2c, 0x58, 0xa1, 0xa6, 0x72, 0xe4, 0xa3, 0x91, 0x40, + 0x1d, 0x42, 0x8b, 0xaa, 0xf7, 0x81, 0x51, 0x6e, 0x11, 0xe3, 0x23, 0xd3, + 0x02, 0xfc, 0xf2, 0x0f, 0x6e, 0xab, 0x2b, 0x2d, 0xbe, 0x53, 0xa4, 0x8c, + 0x98, 0x7e, 0x40, 0x7c, 0x4d, 0x7e, 0x1c, 0xb4, 0x11, 0x31, 0x32, 0x91, + 0x38, 0x31, 0x3d, 0x33, 0x02, 0x04, 0x17, 0x3a, 0x4f, 0x3f, 0xf0, 0x6c, + 0x6f, 0xad, 0xf9, 0x70, 0xf0, 0xed, 0x10, 0x05, 0xd0, 0xb2, 0x7e, 0x35, + 0xc3, 0xd1, 0x16, 0x93, 0xe0, 0x42, 0x9e, 0x27, 0x2d, 0x58, 0x3e, 0x57, + 0xb2, 0xc5, 0x8d, 0x24, 0x31, 0x5c, 0x39, 0x78, 0x56, 0xb3, 0x44, 0x85, + 0xdc, 0xb0, 0x77, 0x66, 0x55, 0x92, 0xb7, 0x47, 0xf8, 0x89, 0xd3, 0x4f, + 0xeb, 0xf2, 0xbe, 0x8f, 0xce, 0x66, 0xc2, 0x65, 0xfd, 0x9f, 0xc3, 0x57, + 0x5a, 0x62, 0x86, 0xa5, 0xce, 0x88, 0xb4, 0xb4, 0x13, 0xa0, 0x8e, 0xfc, + 0x57, 0xa0, 0x7a, 0x8f, 0x57, 0xa9, 0x99, 0x60, 0x5a, 0x83, 0x7b, 0x05, + 0x42, 0x69, 0x5c, 0x0d, 0x18, 0x9e, 0x67, 0x8b, 0x53, 0x66, 0x2e, 0xcf, + 0x7c, 0x3d, 0x37, 0xd9, 0xdb, 0xee, 0xa5, 0x85, 0xee, 0xbf, 0xaf, 0x79, + 0x14, 0x11, 0x18, 0xe0, 0x67, 0x62, 0xc2, 0x38, 0x1f, 0xe2, 0x7c, 0xa6, + 0x28, 0x8e, 0xdd, 0xdc, 0x19, 0xfd, 0x67, 0xcd, 0x64, 0xf1, 0x6b, 0x46, + 0xe0, 0x6d, 0x8a, 0x59, 0xac, 0x53, 0x0f, 0x22, 0xcd, 0x83, 0xcc, 0x0b, + 0xc4, 0xe3, 0x7f, 0xeb, 0x52, 0x01, 0x5c, 0xbb, 0x22, 0x83, 0x04, 0x3c, + 0xcf, 0x5e, 0x78, 0xa4, 0xeb, 0x71, 0x46, 0x82, 0x7d, 0x7a, 0x46, 0x6b, + 0x66, 0xc8, 0xa4, 0xa4, 0x82, 0x6c, 0x1b, 0xad, 0x68, 0x12, 0x3a, 0x7f, + 0x2d, 0x00, 0xfc, 0x17, 0x36, 0x52, 0x5f, 0xf9, 0x0c, 0x05, 0x8f, 0x56}, + priv_key_3b, + true}, + + // malformed plaintext that generates a fake plaintext of length + // specified by 2nd to last value from PRF + {73, + {0x04, 0x33, 0x83, 0xc9, 0x29, 0x06, 0x03, 0x74, 0xed}, + {0x75, 0x8c, 0x21, 0x5a, 0xa6, 0xac, 0xd6, 0x12, 0x48, 0x06, 0x2b, 0x88, + 0x28, 0x4b, 0xf4, 0x3c, 0x13, 0xcb, 0x3b, 0x3d, 0x02, 0x41, 0x0b, 0xe4, + 0x23, 0x86, 0x07, 0x44, 0x2f, 0x1c, 0x02, 0x16, 0x70, 0x6e, 0x21, 0xa0, + 0x3a, 0x2c, 0x10, 0xeb, 0x62, 0x4a, 0x63, 0x32, 0x2d, 0x85, 0x4d, 0xa1, + 0x95, 0xc0, 0x17, 0xb7, 0x6f, 0xea, 0x83, 0xe2, 0x74, 0xfa, 0x37, 0x18, + 0x34, 0xdc, 0xd2, 0xf3, 0xb7, 0xac, 0xcf, 0x43, 0x3f, 0xc2, 0x12, 0xad, + 0x76, 0xc0, 0xba, 0xc3, 0x66, 0xe1, 0xed, 0x32, 0xe2, 0x5b, 0x27, 0x9f, + 0x94, 0x12, 0x9b, 0xe7, 0xc6, 0x4d, 0x6e, 0x16, 0x2a, 0xdc, 0x08, 0xcc, + 0xeb, 0xc0, 0xcf, 0xe8, 0xe9, 0x26, 0xf0, 0x1c, 0x33, 0xab, 0x9c, 0x06, + 0x5f, 0x0e, 0x0a, 0xc8, 0x3a, 0xe5, 0x13, 0x7a, 0x4c, 0xb6, 0x67, 0x02, + 0x61, 0x5a, 0xd6, 0x8a, 0x35, 0x70, 0x7d, 0x86, 0x76, 0xd2, 0x74, 0x0d, + 0x7c, 0x1a, 0x95, 0x46, 0x80, 0xc8, 0x39, 0x80, 0xe1, 0x97, 0x78, 0xed, + 0x11, 0xee, 0xd3, 0xa7, 0xc2, 0xdb, 0xdf, 0xc4, 0x61, 0xa9, 0xbb, 0xef, + 0x67, 0x1c, 0x1b, 0xc0, 0x0c, 0x88, 0x2d, 0x36, 0x1d, 0x29, 0xd5, 0xf8, + 0x0c, 0x42, 0xbd, 0xf5, 0xef, 0xec, 0x88, 0x6c, 0x34, 0x13, 0x8f, 0x83, + 0x36, 0x9c, 0x69, 0x33, 0xb2, 0xac, 0x4e, 0x93, 0xe7, 0x64, 0x26, 0x53, + 0x51, 0xb4, 0xa0, 0x08, 0x3f, 0x04, 0x0e, 0x14, 0xf5, 0x11, 0xf0, 0x9b, + 0x22, 0xf9, 0x65, 0x66, 0x13, 0x88, 0x64, 0xe4, 0xe6, 0xff, 0x24, 0xda, + 0x48, 0x10, 0x09, 0x5d, 0xa9, 0x8e, 0x05, 0x85, 0x41, 0x09, 0x51, 0x53, + 0x8c, 0xed, 0x2f, 0x75, 0x7a, 0x27, 0x7f, 0xf8, 0xe1, 0x71, 0x72, 0xf0, + 0x65, 0x72, 0xc9, 0x02, 0x4e, 0xea, 0xe5, 0x03, 0xf1, 0x76, 0xfd, 0x46, + 0xeb, 0x6c, 0x5c, 0xd9, 0xba, 0x07, 0xaf, 0x11, 0xcd, 0xe3, 0x1d, 0xcc, + 0xac, 0x12, 0xeb, 0x3a, 0x42, 0x49, 0xa7, 0xbf, 0xd3, 0xb1, 0x97, 0x97, + 0xad, 0x16, 0x56, 0x98, 0x4b, 0xfc, 0xbf, 0x6f, 0x74, 0xe8, 0xf9, 0x9d, + 0x8f, 0x1a, 0xc4, 0x20, 0x81, 0x1f, 0x3d, 0x16, 0x6d, 0x87, 0xf9, 0x35, + 0xef, 0x15, 0xae, 0x85, 0x8c, 0xf9, 0xe7, 0x2c, 0x8e, 0x2b, 0x54, 0x7b, + 0xf1, 0x6c, 0x3f, 0xb0, 0x9a, 0x8c, 0x9b, 0xf8, 0x8f, 0xd2, 0xe5, 0xd3, + 0x8b, 0xf2, 0x4e, 0xd6, 0x10, 0x89, 0x61, 0x31, 0xa8, 0x4d, 0xf7, 0x6b, + 0x9f, 0x92, 0x0f, 0xe7, 0x6d, 0x71, 0xff, 0xf9, 0x38, 0xe9, 0x19, 0x9f, + 0x3b, 0x8c, 0xd0, 0xc1, 0x1f, 0xd0, 0x20, 0x1f, 0x91, 0x39, 0xd7, 0x67, + 0x3a, 0x87, 0x1a, 0x9e, 0x7d, 0x4a, 0xdc, 0x3b, 0xbe, 0x36, 0x0c, 0x88, + 0x13, 0x61, 0x7c, 0xd6, 0x0a, 0x90, 0x12, 0x8f, 0xbe, 0x34, 0xc9, 0xd5}, + priv_key_3b, + true}, + + // malformed plaintext that generates a fake plaintext of length + // specified by 3rd to last value from PRF + {74, + {0x70, 0x26, 0x3f, 0xa6, 0x05, 0x05, 0x34, 0xb9, 0xe0}, + {0x7b, 0x22, 0xd5, 0xe6, 0x2d, 0x28, 0x79, 0x68, 0xc6, 0x62, 0x21, 0x71, + 0xa1, 0xf7, 0x5d, 0xb4, 0xb0, 0xfd, 0x15, 0xcd, 0xf3, 0x13, 0x4a, 0x18, + 0x95, 0xd2, 0x35, 0xd5, 0x6f, 0x8d, 0x8f, 0xe6, 0x19, 0xf2, 0xbf, 0x48, + 0x68, 0x17, 0x4a, 0x91, 0xd7, 0x60, 0x1a, 0x82, 0x97, 0x5d, 0x22, 0x55, + 0x19, 0x0d, 0x28, 0xb8, 0x69, 0x14, 0x1d, 0x7c, 0x39, 0x5f, 0x0b, 0x8c, + 0x4e, 0x2b, 0xe2, 0xb2, 0xc1, 0xb4, 0xff, 0xc1, 0x2c, 0xe7, 0x49, 0xa6, + 0xf6, 0x80, 0x3d, 0x4c, 0xfe, 0x7f, 0xba, 0x0a, 0x8d, 0x69, 0x49, 0xc0, + 0x41, 0x51, 0xf9, 0x81, 0xc0, 0xd8, 0x45, 0x92, 0xaa, 0x2f, 0xf2, 0x5d, + 0x1b, 0xd3, 0xce, 0x5d, 0x10, 0xcb, 0x03, 0xda, 0xca, 0x6b, 0x49, 0x6c, + 0x6a, 0xd4, 0x0d, 0x30, 0xbf, 0xa8, 0xac, 0xdf, 0xd0, 0x2c, 0xdb, 0x93, + 0x26, 0xc4, 0xbd, 0xd9, 0x3b, 0x94, 0x9c, 0x9d, 0xc4, 0x6c, 0xaa, 0x8f, + 0x0e, 0x5f, 0x42, 0x97, 0x85, 0xbc, 0xe6, 0x41, 0x36, 0xa4, 0x29, 0xa3, + 0x69, 0x5e, 0xe6, 0x74, 0xb6, 0x47, 0x45, 0x2b, 0xea, 0x1b, 0x0c, 0x6d, + 0xe9, 0xc5, 0xf1, 0xe8, 0x76, 0x0d, 0x5e, 0xf6, 0xd5, 0xa9, 0xcf, 0xff, + 0x40, 0x45, 0x7b, 0x02, 0x3d, 0x3c, 0x23, 0x3c, 0x1d, 0xcb, 0x32, 0x3e, + 0x78, 0x08, 0x10, 0x3e, 0x73, 0x96, 0x3b, 0x2e, 0xaf, 0xc9, 0x28, 0xc9, + 0xee, 0xb0, 0xee, 0x32, 0x94, 0x95, 0x54, 0x15, 0xc1, 0xdd, 0xd9, 0xa1, + 0xbb, 0x7e, 0x13, 0x8f, 0xec, 0xd7, 0x9a, 0x3c, 0xb8, 0x9c, 0x57, 0xbd, + 0x23, 0x05, 0x52, 0x46, 0x24, 0x81, 0x4a, 0xaf, 0x0f, 0xd1, 0xac, 0xbf, + 0x37, 0x9f, 0x7f, 0x5b, 0x39, 0x42, 0x1f, 0x12, 0xf1, 0x15, 0xba, 0x48, + 0x8d, 0x38, 0x05, 0x86, 0x09, 0x5b, 0xb5, 0x3f, 0x17, 0x4f, 0xae, 0x42, + 0x4f, 0xa4, 0xc8, 0xe3, 0xb2, 0x99, 0x70, 0x9c, 0xd3, 0x44, 0xb9, 0xf9, + 0x49, 0xb1, 0xab, 0x57, 0xf1, 0xc6, 0x45, 0xd7, 0xed, 0x3c, 0x8f, 0x81, + 0xd5, 0x59, 0x41, 0x97, 0x35, 0x50, 0x29, 0xfe, 0xe8, 0x96, 0x09, 0x70, + 0xff, 0x59, 0x71, 0x0d, 0xc0, 0xe5, 0xeb, 0x50, 0xea, 0x6f, 0x4c, 0x39, + 0x38, 0xe3, 0xf8, 0x9e, 0xd7, 0x93, 0x30, 0x23, 0xa2, 0xc2, 0xdd, 0xff, + 0xab, 0xa0, 0x7b, 0xe1, 0x47, 0xf6, 0x86, 0x82, 0x8b, 0xd7, 0xd5, 0x20, + 0xf3, 0x00, 0x50, 0x7e, 0xd6, 0xe7, 0x1b, 0xda, 0xee, 0x05, 0x57, 0x0b, + 0x27, 0xbc, 0x92, 0x74, 0x11, 0x08, 0xac, 0x2e, 0xb4, 0x33, 0xf0, 0x28, + 0xe1, 0x38, 0xdd, 0x6d, 0x63, 0x06, 0x7b, 0xc2, 0x06, 0xea, 0x2d, 0x82, + 0x6a, 0x7f, 0x41, 0xc0, 0xd6, 0x13, 0xda, 0xed, 0x02, 0x0f, 0x0f, 0x30, + 0xf4, 0xe2, 0x72, 0xe9, 0x61, 0x8e, 0x0a, 0x8c, 0x39, 0x01, 0x8a, 0x83}, + priv_key_3b, + true}, + + // an otherwise correct plaintext, but with wrong first byte + // (0x01 instead of 0x00), generates a random 9 byte long plaintext + {75, + {0x6d, 0x8d, 0x3a, 0x09, 0x4f, 0xf3, 0xaf, 0xff, 0x4c}, + {0x6d, 0xb8, 0x0a, 0xdb, 0x5f, 0xf0, 0xa7, 0x68, 0xca, 0xf1, 0x37, 0x8e, + 0xcc, 0x38, 0x2a, 0x69, 0x4e, 0x7d, 0x1b, 0xde, 0x2e, 0xff, 0x4b, 0xa1, + 0x2c, 0x48, 0xaa, 0xf7, 0x94, 0xde, 0xd7, 0xa9, 0x94, 0xa5, 0xb2, 0xb5, + 0x7a, 0xce, 0xc2, 0x0d, 0xbe, 0xc4, 0xae, 0x38, 0x5c, 0x9d, 0xd5, 0x31, + 0x94, 0x5c, 0x0f, 0x19, 0x7a, 0x54, 0x96, 0x90, 0x87, 0x25, 0xfc, 0x99, + 0xd8, 0x86, 0x01, 0xa1, 0x7d, 0x3b, 0xb0, 0xb2, 0xd3, 0x8d, 0x2c, 0x1c, + 0x31, 0x00, 0xf3, 0x99, 0x55, 0xa4, 0xcb, 0x3d, 0xbe, 0xd5, 0xa3, 0x8b, + 0xf9, 0x00, 0xf2, 0x3d, 0x91, 0xe1, 0x73, 0x64, 0x0e, 0x4e, 0xc6, 0x55, + 0xc8, 0x4f, 0xdf, 0xe7, 0x1f, 0xcd, 0xb1, 0x2a, 0x38, 0x61, 0x08, 0xfc, + 0xf7, 0x18, 0xc9, 0xb7, 0xaf, 0x37, 0xd3, 0x97, 0x03, 0xe8, 0x82, 0x43, + 0x62, 0x24, 0xc8, 0x77, 0xa2, 0x23, 0x5e, 0x83, 0x44, 0xfb, 0xa6, 0xc9, + 0x51, 0xeb, 0x7e, 0x2a, 0x4d, 0x1d, 0x1d, 0xe8, 0x1f, 0xb4, 0x63, 0xac, + 0x1b, 0x88, 0x0f, 0x6c, 0xc0, 0xe5, 0x9a, 0xde, 0x05, 0xc8, 0xce, 0x35, + 0x17, 0x9e, 0xcd, 0x09, 0x54, 0x67, 0x31, 0xfc, 0x07, 0xb1, 0x41, 0xd3, + 0xd6, 0xb3, 0x42, 0xa9, 0x7a, 0xe7, 0x47, 0xe6, 0x1a, 0x91, 0x30, 0xf7, + 0x2d, 0x37, 0xac, 0x5a, 0x2c, 0x30, 0x21, 0x5b, 0x6c, 0xbd, 0x66, 0xc7, + 0xdb, 0x89, 0x38, 0x10, 0xdf, 0x58, 0xb4, 0xc4, 0x57, 0xb4, 0xb5, 0x4f, + 0x34, 0x42, 0x82, 0x47, 0xd5, 0x84, 0xe0, 0xfa, 0x71, 0x06, 0x24, 0x46, + 0x21, 0x0d, 0xb0, 0x82, 0x54, 0xfb, 0x9e, 0xad, 0x1b, 0xa1, 0xa3, 0x93, + 0xc7, 0x24, 0xbd, 0x29, 0x1f, 0x0c, 0xf1, 0xa7, 0x14, 0x3f, 0x32, 0xdf, + 0x84, 0x90, 0x51, 0xdc, 0x89, 0x6d, 0x7d, 0x17, 0x6f, 0xef, 0x3b, 0x57, + 0xab, 0x6d, 0xff, 0xd6, 0x26, 0xd0, 0xc3, 0x04, 0x4e, 0x9e, 0xdb, 0x2e, + 0x3d, 0x01, 0x2a, 0xce, 0x20, 0x2d, 0x25, 0x81, 0xdf, 0x01, 0xbe, 0xc7, + 0xe9, 0xaa, 0x07, 0x27, 0xa6, 0x65, 0x0d, 0xd3, 0x73, 0xd3, 0x74, 0xf0, + 0xbc, 0x0f, 0x4a, 0x61, 0x1f, 0x81, 0x39, 0xdf, 0xe9, 0x7d, 0x63, 0xe7, + 0x0c, 0x61, 0x88, 0xf4, 0xdf, 0x5b, 0x67, 0x2e, 0x47, 0xc5, 0x1d, 0x8a, + 0xa5, 0x67, 0x09, 0x72, 0x93, 0xfb, 0xff, 0x12, 0x7c, 0x75, 0xec, 0x69, + 0x0b, 0x43, 0x40, 0x75, 0x78, 0xb7, 0x3c, 0x85, 0x45, 0x17, 0x10, 0xa0, + 0xce, 0xce, 0x58, 0xfd, 0x49, 0x7d, 0x7f, 0x7b, 0xd3, 0x6a, 0x8a, 0x92, + 0x78, 0x3e, 0xf7, 0xdc, 0x62, 0x65, 0xdf, 0xf5, 0x2a, 0xac, 0x8b, 0x70, + 0x34, 0x0b, 0x99, 0x65, 0x08, 0xd3, 0x92, 0x17, 0xf2, 0x78, 0x3c, 0xe6, + 0xfc, 0x91, 0xa1, 0xcc, 0x94, 0xbb, 0x2a, 0xc4, 0x87, 0xb8, 0x4f, 0x62}, + priv_key_3b, + true}, + + // an otherwise correct plaintext, but with wrong second byte + // (0x01 instead of 0x02), generates a random 9 byte long plaintext + {76, + {0xc6, 0xae, 0x80, 0xff, 0xa8, 0x0b, 0xc1, 0x84, 0xb0}, + {0x41, 0x73, 0x28, 0xc0, 0x34, 0x45, 0x85, 0x63, 0x07, 0x9a, 0x40, 0x24, + 0x81, 0x7d, 0x01, 0x50, 0x34, 0x0c, 0x34, 0xe2, 0x5a, 0xe1, 0x6d, 0xca, + 0xd6, 0x90, 0x62, 0x3f, 0x70, 0x2e, 0x5c, 0x74, 0x8a, 0x6e, 0xbb, 0x34, + 0x19, 0xff, 0x48, 0xf4, 0x86, 0xf8, 0x3b, 0xa9, 0xdf, 0x35, 0xc0, 0x5e, + 0xfb, 0xd7, 0xf4, 0x06, 0x13, 0xf0, 0xfc, 0x99, 0x6c, 0x53, 0x70, 0x6c, + 0x30, 0xdf, 0x6b, 0xba, 0x6d, 0xcd, 0x4a, 0x40, 0x82, 0x5f, 0x96, 0x13, + 0x3f, 0x3c, 0x21, 0x63, 0x8a, 0x34, 0x2b, 0xd4, 0x66, 0x3d, 0xff, 0xbd, + 0x00, 0x73, 0x98, 0x0d, 0xac, 0x47, 0xf8, 0xc1, 0xdd, 0x8e, 0x97, 0xce, + 0x14, 0x12, 0xe4, 0xf9, 0x1f, 0x2a, 0x8a, 0xdb, 0x1a, 0xc2, 0xb1, 0x07, + 0x10, 0x66, 0xef, 0xe8, 0xd7, 0x18, 0xbb, 0xb8, 0x8c, 0xa4, 0xa5, 0x9b, + 0xd6, 0x15, 0x00, 0xe8, 0x26, 0xf2, 0x36, 0x52, 0x55, 0xa4, 0x09, 0xbe, + 0xce, 0x0f, 0x97, 0x2d, 0xf9, 0x7c, 0x3a, 0x55, 0xe0, 0x92, 0x89, 0xef, + 0x5f, 0xa8, 0x15, 0xa2, 0x35, 0x3e, 0xf3, 0x93, 0xfd, 0x1a, 0xec, 0xfc, + 0x88, 0x8d, 0x61, 0x1c, 0x16, 0xae, 0xc5, 0x32, 0xe5, 0x14, 0x8b, 0xe1, + 0x5e, 0xf1, 0xbf, 0x28, 0x34, 0xb8, 0xf7, 0x5b, 0xb2, 0x6d, 0xb0, 0x8b, + 0x66, 0xd2, 0xba, 0xad, 0x64, 0x64, 0xf8, 0x43, 0x9d, 0x19, 0x86, 0xb5, + 0x33, 0x81, 0x33, 0x21, 0xdb, 0xb1, 0x80, 0x08, 0x09, 0x10, 0xf2, 0x33, + 0xbc, 0xc4, 0xdd, 0x78, 0x4f, 0xb2, 0x18, 0x71, 0xae, 0xf4, 0x1b, 0xe0, + 0x8b, 0x7b, 0xfa, 0xd4, 0xec, 0xc3, 0xb6, 0x8f, 0x22, 0x8c, 0xb5, 0x31, + 0x7a, 0xc6, 0xec, 0x12, 0x27, 0xbc, 0x7d, 0x0e, 0x45, 0x20, 0x37, 0xba, + 0x91, 0x8e, 0xe1, 0xda, 0x9f, 0xdb, 0x83, 0x93, 0xae, 0x93, 0xb1, 0xe9, + 0x37, 0xa8, 0xd4, 0x69, 0x1a, 0x17, 0x87, 0x1d, 0x50, 0x92, 0xd2, 0x38, + 0x4b, 0x61, 0x90, 0xa5, 0x3d, 0xf8, 0x88, 0xf6, 0x5b, 0x95, 0x1b, 0x05, + 0xed, 0x4a, 0xd5, 0x7f, 0xe4, 0xb0, 0xc6, 0xa4, 0x7b, 0x5b, 0x22, 0xf3, + 0x2a, 0x7f, 0x23, 0xc1, 0xa2, 0x34, 0xc9, 0xfe, 0xb5, 0xd8, 0x71, 0x3d, + 0x94, 0x96, 0x86, 0x76, 0x06, 0x80, 0xda, 0x4d, 0xb4, 0x54, 0xf4, 0xac, + 0xad, 0x97, 0x24, 0x70, 0x03, 0x34, 0x72, 0xb9, 0x86, 0x4d, 0x63, 0xe8, + 0xd2, 0x3e, 0xef, 0xc8, 0x7e, 0xbc, 0xf4, 0x64, 0xec, 0xf3, 0x3f, 0x67, + 0xfb, 0xcd, 0xd4, 0x8e, 0xab, 0x38, 0xc5, 0x29, 0x25, 0x86, 0xb3, 0x6a, + 0xef, 0x59, 0x81, 0xed, 0x2f, 0xa0, 0x7b, 0x2f, 0x9e, 0x23, 0xfc, 0x57, + 0xd9, 0xeb, 0x71, 0xbf, 0xff, 0x41, 0x11, 0xc8, 0x57, 0xe9, 0xff, 0xf2, + 0x3c, 0xeb, 0x31, 0xe7, 0x25, 0x92, 0xe7, 0x0c, 0x87, 0x4b, 0x49, 0x36}, + priv_key_3b, + true}, + + // an otherwise correct plaintext, but with wrong third byte + // (0x00 instead of non-zero), generates a random 9 byte long plaintext + {77, + {0xa8, 0xa9, 0x30, 0x1d, 0xaa, 0x01, 0xbb, 0x25, 0xc7}, + {0x85, 0x42, 0xc6, 0x26, 0xfe, 0x53, 0x34, 0x67, 0xac, 0xff, 0xcd, 0x4e, + 0x61, 0x76, 0x92, 0x24, 0x4c, 0x9b, 0x5a, 0x3b, 0xf0, 0xa2, 0x15, 0xc5, + 0xd6, 0x48, 0x91, 0xce, 0xd4, 0xbf, 0x4f, 0x95, 0x91, 0xb4, 0xb2, 0xae, + 0xdf, 0xf9, 0x84, 0x30, 0x57, 0x98, 0x6d, 0x81, 0x63, 0x1b, 0x0a, 0xcb, + 0x37, 0x04, 0xec, 0x21, 0x80, 0xe5, 0x69, 0x6e, 0x8b, 0xd1, 0x5b, 0x21, + 0x7a, 0x0e, 0xc3, 0x6d, 0x20, 0x61, 0xb0, 0xe2, 0x18, 0x2f, 0xaa, 0x3d, + 0x1c, 0x59, 0xbd, 0x3f, 0x90, 0x86, 0xa1, 0x00, 0x77, 0xa3, 0x33, 0x7a, + 0x3f, 0x5d, 0xa5, 0x03, 0xec, 0x37, 0x53, 0x53, 0x5f, 0xfd, 0x25, 0xb8, + 0x37, 0xa1, 0x2f, 0x25, 0x41, 0xaf, 0xef, 0xd0, 0xcf, 0xfb, 0x02, 0x24, + 0xb8, 0xf8, 0x74, 0xe4, 0xbe, 0xd1, 0x39, 0x49, 0xe1, 0x05, 0xc0, 0x75, + 0xed, 0x44, 0xe2, 0x87, 0xc5, 0xae, 0x03, 0xb1, 0x55, 0xe0, 0x6b, 0x90, + 0xed, 0x24, 0x7d, 0x2c, 0x07, 0xf1, 0xef, 0x33, 0x23, 0xe3, 0x50, 0x8c, + 0xce, 0x4e, 0x40, 0x74, 0x60, 0x6c, 0x54, 0x17, 0x2a, 0xd7, 0x4d, 0x12, + 0xf8, 0xc3, 0xa4, 0x7f, 0x65, 0x4a, 0xd6, 0x71, 0x10, 0x4b, 0xf7, 0x68, + 0x1e, 0x5b, 0x06, 0x18, 0x62, 0x74, 0x7d, 0x9a, 0xfd, 0x37, 0xe0, 0x7d, + 0x8e, 0x0e, 0x22, 0x91, 0xe0, 0x1f, 0x14, 0xa9, 0x5a, 0x1b, 0xb4, 0xcb, + 0xb4, 0x7c, 0x30, 0x4e, 0xf0, 0x67, 0x59, 0x5a, 0x39, 0x47, 0xee, 0x2d, + 0x72, 0x20, 0x67, 0xe3, 0x8a, 0x0f, 0x04, 0x6f, 0x43, 0xec, 0x29, 0xca, + 0xc6, 0xa8, 0x80, 0x1c, 0x6e, 0x3e, 0x9a, 0x23, 0x31, 0xb1, 0xd4, 0x5a, + 0x7a, 0xa2, 0xc6, 0xaf, 0x32, 0x05, 0xbe, 0x38, 0x2d, 0xd0, 0x26, 0xe3, + 0x89, 0x61, 0x4e, 0xe0, 0x95, 0x66, 0x5a, 0x61, 0x1a, 0xb2, 0xe8, 0xdc, + 0xed, 0x2e, 0xe1, 0xc9, 0xd0, 0x8a, 0xc9, 0xde, 0x11, 0xae, 0xf5, 0xb3, + 0x80, 0x3f, 0xc9, 0xa9, 0xce, 0x82, 0x31, 0xec, 0x87, 0xb5, 0xfe, 0xd3, + 0x86, 0xfb, 0x92, 0xee, 0x3d, 0xb9, 0x95, 0xa8, 0x93, 0x07, 0xbc, 0xba, + 0x84, 0x4b, 0xd0, 0xa6, 0x91, 0xc2, 0x9a, 0xe5, 0x12, 0x16, 0xe9, 0x49, + 0xdf, 0xc8, 0x13, 0x13, 0x3c, 0xb0, 0x6a, 0x07, 0x26, 0x5f, 0xd8, 0x07, + 0xbc, 0xb3, 0x37, 0x7f, 0x6a, 0xdb, 0x0a, 0x48, 0x1d, 0x9b, 0x7f, 0x44, + 0x20, 0x03, 0x11, 0x58, 0x95, 0x93, 0x97, 0x73, 0xe6, 0xb9, 0x53, 0x71, + 0xc4, 0xfe, 0xbe, 0xf2, 0x9e, 0xda, 0xe9, 0x46, 0xfa, 0x24, 0x5e, 0x7c, + 0x50, 0x72, 0x9e, 0x2e, 0x55, 0x8c, 0xfa, 0xad, 0x77, 0x3d, 0x1f, 0xd5, + 0xf6, 0x7b, 0x45, 0x7a, 0x6d, 0x9d, 0x17, 0xa8, 0x47, 0xc6, 0xfc, 0xbd, + 0xb1, 0x03, 0xa8, 0x6f, 0x35, 0xf2, 0x28, 0xce, 0xfc, 0x06, 0xce, 0xa0}, + priv_key_3b, + true}, + + // an otherwise correct plaintext, but with wrong tenth byte + // (0x00 instead of non-zero), generates a random 9 byte long plaintext + {78, + {0x6c, 0x71, 0x6f, 0xe0, 0x1d, 0x44, 0x39, 0x80, 0x18}, + {0x44, 0x9d, 0xfa, 0x23, 0x7a, 0x70, 0xa9, 0x9c, 0xb0, 0x35, 0x17, 0x93, + 0xec, 0x86, 0x77, 0x88, 0x20, 0x21, 0xc2, 0xaa, 0x74, 0x35, 0x80, 0xbf, + 0x6a, 0x0e, 0xa6, 0x72, 0x05, 0x5c, 0xff, 0xe8, 0x30, 0x3a, 0xc4, 0x28, + 0x55, 0xb1, 0xd1, 0xf3, 0x37, 0x3a, 0xae, 0x6a, 0xf0, 0x9c, 0xb9, 0x07, + 0x41, 0x80, 0xfc, 0x96, 0x3e, 0x9d, 0x14, 0x78, 0xa4, 0xf9, 0x8b, 0x3b, + 0x48, 0x61, 0xd3, 0xe7, 0xf0, 0xaa, 0x85, 0x60, 0xcf, 0x60, 0x37, 0x11, + 0xf1, 0x39, 0xdb, 0x77, 0x66, 0x7c, 0xa1, 0x4b, 0xa3, 0xa1, 0xac, 0xde, + 0xdf, 0xca, 0x9e, 0xf4, 0x60, 0x3d, 0x6d, 0x7e, 0xb0, 0x64, 0x5b, 0xfc, + 0x80, 0x53, 0x04, 0xf9, 0xad, 0x9d, 0x77, 0xd3, 0x47, 0x62, 0xce, 0x5c, + 0xd8, 0x4b, 0xd3, 0xec, 0x9d, 0x35, 0xc3, 0x0e, 0x3b, 0xe7, 0x2a, 0x1e, + 0x8d, 0x35, 0x5d, 0x56, 0x74, 0xa1, 0x41, 0xb5, 0x53, 0x06, 0x59, 0xad, + 0x64, 0xeb, 0xb6, 0x08, 0x2e, 0x6f, 0x73, 0xa8, 0x08, 0x32, 0xab, 0x63, + 0x88, 0x91, 0x25, 0x38, 0x91, 0x46, 0x54, 0xd3, 0x46, 0x02, 0xf4, 0xb3, + 0xb1, 0xc7, 0x85, 0x89, 0xb4, 0xa5, 0xd9, 0x64, 0xb2, 0xef, 0xcc, 0xa1, + 0xdc, 0x70, 0x04, 0xc4, 0x1f, 0x6c, 0xaf, 0xcb, 0x5a, 0x71, 0x59, 0xa7, + 0xfc, 0x7c, 0x03, 0x98, 0x60, 0x4d, 0x0e, 0xdb, 0xd4, 0xc8, 0xf4, 0xf0, + 0x40, 0x67, 0xda, 0x6a, 0x15, 0x3a, 0x05, 0xe7, 0xcb, 0xee, 0xa1, 0x3b, + 0x5e, 0xe4, 0x12, 0x40, 0x0e, 0xf7, 0xd4, 0xf3, 0x10, 0x6f, 0x47, 0x98, + 0xda, 0x70, 0x7e, 0xc3, 0x7a, 0x11, 0x28, 0x6d, 0xf2, 0xb7, 0xa2, 0x04, + 0x85, 0x6d, 0x5f, 0xf7, 0x73, 0x61, 0x3f, 0xd1, 0xe4, 0x53, 0xa7, 0x11, + 0x4b, 0x78, 0xe3, 0x47, 0xd3, 0xe8, 0x07, 0x8e, 0x1c, 0xb3, 0x27, 0x6b, + 0x35, 0x62, 0x48, 0x6b, 0xa6, 0x30, 0xbf, 0x71, 0x96, 0x97, 0xe0, 0x07, + 0x3a, 0x12, 0x3c, 0x3e, 0x60, 0xeb, 0xb5, 0xc7, 0xa1, 0xcc, 0xff, 0x42, + 0x79, 0xfa, 0xff, 0xa2, 0x40, 0x2b, 0xc1, 0x10, 0x9f, 0x8d, 0x55, 0x9d, + 0x67, 0x66, 0xe7, 0x35, 0x91, 0x94, 0x3d, 0xfc, 0xf2, 0x5b, 0xa1, 0x0c, + 0x37, 0x62, 0xf0, 0x2a, 0xf8, 0x51, 0x87, 0x79, 0x9b, 0x8b, 0x4b, 0x13, + 0x5c, 0x39, 0x90, 0x79, 0x3a, 0x6f, 0xd3, 0x26, 0x42, 0xf1, 0x55, 0x74, + 0x05, 0xba, 0x55, 0xcc, 0x7c, 0xf7, 0x33, 0x6a, 0x0e, 0x96, 0x70, 0x73, + 0xc5, 0xfa, 0x50, 0x74, 0x3f, 0x9c, 0xc5, 0xe3, 0x01, 0x7c, 0x17, 0x2d, + 0x98, 0x98, 0xd2, 0xaf, 0x83, 0x34, 0x5e, 0x71, 0xb3, 0xe0, 0xc2, 0x2a, + 0xb7, 0x91, 0xea, 0xcb, 0x64, 0x84, 0xa3, 0x2e, 0xc6, 0x0e, 0xbc, 0x22, + 0x6e, 0xc9, 0xde, 0xae, 0xe9, 0x1b, 0x1a, 0x05, 0x60, 0xc2, 0xb5, 0x71}, + priv_key_3b, + true}, + + // an otherwise correct plaintext, but with the null byte specifying + // end of padding missing, generates a random 9 byte long plaintext + {79, + {0xaa, 0x2d, 0xe6, 0xcd, 0xe4, 0xe2, 0x44, 0x28, 0x84}, + {0xa7, 0xa5, 0xc9, 0x9e, 0x50, 0xda, 0x48, 0x76, 0x9e, 0xcb, 0x77, 0x9d, + 0x9a, 0xbe, 0x86, 0xef, 0x9e, 0xc8, 0xc3, 0x8c, 0x6f, 0x43, 0xf1, 0x7c, + 0x7f, 0x2d, 0x7a, 0xf6, 0x08, 0xa4, 0xa1, 0xbd, 0x6c, 0xf6, 0x95, 0xb4, + 0x7e, 0x97, 0xc1, 0x91, 0xc6, 0x1f, 0xb5, 0xa2, 0x73, 0x18, 0xd0, 0x2f, + 0x49, 0x5a, 0x17, 0x6b, 0x9f, 0xae, 0x5a, 0x55, 0xb5, 0xd3, 0xfa, 0xbd, + 0x1d, 0x8a, 0xae, 0x49, 0x57, 0xe3, 0x87, 0x9c, 0xb0, 0xc6, 0x0f, 0x03, + 0x77, 0x24, 0xe1, 0x1b, 0xe5, 0xf3, 0x0f, 0x08, 0xfc, 0x51, 0xc0, 0x33, + 0x73, 0x1f, 0x14, 0xb4, 0x4b, 0x41, 0x4d, 0x11, 0x27, 0x8c, 0xd3, 0xdb, + 0xa7, 0xe1, 0xc8, 0xbf, 0xe2, 0x08, 0xd2, 0xb2, 0xbb, 0x7e, 0xc3, 0x63, + 0x66, 0xda, 0xcb, 0x6c, 0x88, 0xb2, 0x4c, 0xd7, 0x9a, 0xb3, 0x94, 0xad, + 0xf1, 0x9d, 0xbb, 0xc2, 0x1d, 0xfa, 0x57, 0x88, 0xba, 0xcb, 0xad, 0xc6, + 0xa6, 0x2f, 0x79, 0xcf, 0x54, 0xfd, 0x8c, 0xf5, 0x85, 0xc6, 0x15, 0xb5, + 0xc0, 0xeb, 0x94, 0xc3, 0x5a, 0xa9, 0xde, 0x25, 0x32, 0x1c, 0x8f, 0xfe, + 0xfb, 0x89, 0x16, 0xbb, 0xaa, 0x26, 0x97, 0xcb, 0x2d, 0xd8, 0x2e, 0xe9, + 0x89, 0x39, 0xdf, 0x9b, 0x67, 0x04, 0xce, 0xe7, 0x77, 0x93, 0xed, 0xd2, + 0xb4, 0x94, 0x7d, 0x82, 0xe0, 0x0e, 0x57, 0x49, 0x66, 0x49, 0x70, 0x73, + 0x6c, 0x59, 0xa8, 0x41, 0x97, 0xbd, 0x72, 0xb5, 0xc7, 0x1e, 0x36, 0xaa, + 0xe2, 0x9c, 0xd3, 0x9a, 0xf6, 0xac, 0x73, 0xa3, 0x68, 0xed, 0xbc, 0x1c, + 0xa7, 0x92, 0xe1, 0x30, 0x9f, 0x44, 0x2a, 0xaf, 0xcd, 0x77, 0xc9, 0x92, + 0xc8, 0x8f, 0x8e, 0x48, 0x63, 0x14, 0x9f, 0x22, 0x16, 0x95, 0xcb, 0x7b, + 0x02, 0x36, 0xe7, 0x5b, 0x23, 0x39, 0xa0, 0x2c, 0x4e, 0xa1, 0x14, 0x85, + 0x43, 0x72, 0xc3, 0x06, 0xb9, 0x41, 0x2d, 0x8e, 0xed, 0xb6, 0x00, 0xa3, + 0x15, 0x32, 0x00, 0x2f, 0x2c, 0xea, 0x07, 0xb4, 0xdf, 0x96, 0x3a, 0x09, + 0x31, 0x85, 0xe4, 0x60, 0x77, 0x32, 0xe4, 0x6d, 0x75, 0x3b, 0x54, 0x09, + 0x74, 0xfb, 0x5a, 0x5c, 0x3f, 0x94, 0x32, 0xdf, 0x22, 0xe8, 0x5b, 0xb1, + 0x76, 0x11, 0x37, 0x09, 0x66, 0xc5, 0x52, 0x2f, 0xd2, 0x3f, 0x2a, 0xd3, + 0x48, 0x43, 0x41, 0xba, 0x7f, 0xd8, 0x88, 0x5f, 0xc8, 0xe6, 0xd3, 0x79, + 0xa6, 0x11, 0xd1, 0x3a, 0x2a, 0xca, 0x78, 0x4f, 0xba, 0x20, 0x73, 0x20, + 0x8f, 0xaa, 0xd2, 0x13, 0x7b, 0xf1, 0x97, 0x9a, 0x0f, 0xa1, 0x46, 0xc1, + 0x88, 0x0d, 0x43, 0x37, 0xdb, 0x32, 0x74, 0x26, 0x94, 0x93, 0xba, 0xb4, + 0x4a, 0x1b, 0xcd, 0x06, 0x81, 0xf7, 0x22, 0x7f, 0xfd, 0xf5, 0x89, 0xc2, + 0xe9, 0x25, 0xed, 0x9d, 0x36, 0x30, 0x25, 0x09, 0xd1, 0x10, 0x9b, 0xa4}, + priv_key_3b, + true}}; #endif // rsa_pkcs1_3072_vectors_h__ diff --git a/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h b/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h index 08478859e..19d61a40a 100644 --- a/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h +++ b/gtests/common/testvectors/rsa_pkcs1_4096_test-vectors.h @@ -7061,7 +7061,42 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { // Comment: ps is all 0 // tcID: 9 {9, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x27, 0xe1, 0x93, 0x04, 0xbd, 0xb4, 0xfe, 0xd3, 0x32, 0xa8, 0xdf, 0x6b, + 0x7f, 0x05, 0x58, 0x70, 0x4a, 0x96, 0x8c, 0xaa, 0x57, 0xf7, 0x31, 0x81, + 0x3c, 0x94, 0x39, 0x9b, 0xc9, 0x38, 0x1e, 0xc8, 0x6d, 0x7d, 0x92, 0x29, + 0x98, 0x5f, 0x46, 0xef, 0xec, 0x15, 0x40, 0x9c, 0x01, 0x58, 0x97, 0xbd, + 0xda, 0xf3, 0xea, 0xf2, 0x20, 0x12, 0x9d, 0x63, 0x6c, 0x2a, 0xd0, 0x1b, + 0xdf, 0xed, 0x28, 0x13, 0xc3, 0xab, 0x83, 0xd2, 0x41, 0xee, 0x0d, 0xb3, + 0x43, 0x8d, 0x11, 0xa1, 0x46, 0x18, 0x49, 0x05, 0x70, 0x6e, 0x77, 0xac, + 0xd1, 0xe4, 0x0b, 0xd4, 0x28, 0x7c, 0x8b, 0x16, 0xe7, 0xec, 0xb2, 0x7e, + 0x6b, 0x38, 0xcc, 0xeb, 0x59, 0x12, 0xb5, 0xf8, 0x36, 0xf7, 0xf9, 0x3b, + 0x42, 0x7a, 0x6e, 0xc5, 0x01, 0xbc, 0x14, 0x8e, 0x2d, 0xea, 0x44, 0xfe, + 0xfd, 0xee, 0xf4, 0xcb, 0xa2, 0x22, 0x88, 0x61, 0xd1, 0x33, 0xc2, 0xc3, + 0x61, 0x9b, 0x1f, 0x0d, 0xcf, 0x82, 0x13, 0x84, 0xd2, 0x4f, 0x60, 0xd8, + 0x16, 0xdc, 0xc8, 0xe8, 0x6c, 0x02, 0x82, 0x43, 0xfa, 0x9d, 0x79, 0x67, + 0xbb, 0x76, 0xa0, 0xae, 0x02, 0x18, 0xc8, 0x66, 0x0d, 0xab, 0x50, 0x7f, + 0xaf, 0x7d, 0x27, 0xf1, 0x48, 0x3d, 0xbb, 0xde, 0x0f, 0xe7, 0x90, 0x8d, + 0x53, 0x5d, 0x41, 0x56, 0xbc, 0xb4, 0x25, 0xb3, 0xba, 0xb8, 0xb4, 0x63, + 0x92, 0x49, 0xcc, 0x8d, 0xe0, 0x3d, 0x75, 0x67, 0xa5, 0xb4, 0x8f, 0x61, + 0x47, 0xc7, 0xa8, 0x65, 0x53, 0x7c, 0x52, 0x69, 0xb2, 0x35, 0x7a, 0xc5, + 0xf5, 0xa9, 0xc7, 0x49, 0x5d, 0xbb, 0x80, 0x9f, 0x35, 0xe6, 0xae, 0xa6, + 0x7e, 0xba, 0x0e, 0x9d, 0xbe, 0xca, 0xbf, 0x8e, 0x2c, 0xa9, 0xa6, 0x13, + 0x95, 0x06, 0x07, 0x73, 0xd3, 0xe0, 0xd0, 0xcf, 0x9b, 0x36, 0x6d, 0x4a, + 0xe5, 0xc2, 0xe7, 0x6a, 0xe0, 0xd7, 0x0b, 0x01, 0xf2, 0xf7, 0xf3, 0x4c, + 0xf1, 0x7b, 0x31, 0x14, 0x10, 0x9b, 0xb4, 0x0e, 0x1a, 0xce, 0x71, 0x3d, + 0xec, 0x0d, 0xee, 0xcc, 0xec, 0xee, 0x18, 0x4e, 0x88, 0xca, 0x80, 0x99, + 0xf2, 0x88, 0x7a, 0x5f, 0xdc, 0x86, 0x34, 0xdc, 0x93, 0xdb, 0x58, 0x31, + 0x44, 0xfa, 0x2a, 0x7b, 0x36, 0x8e, 0x4a, 0x50, 0x33, 0x7c, 0xba, 0x7a, + 0x85, 0xf3, 0xe5, 0x62, 0xe2, 0xe8, 0x65, 0x70, 0x57, 0xd6, 0x30, 0x6a, + 0x62, 0xdf, 0x07, 0x87, 0x1d, 0x07, 0x92, 0x92, 0x43, 0x65, 0xb2, 0x42, + 0x3a, 0xb3, 0x7e, 0x29, 0x61, 0xcb, 0x64, 0x03, 0x19, 0x3a, 0x88, 0x1a, + 0x35, 0xfa, 0x31, 0xaf, 0x00, 0xa1, 0xeb, 0x38, 0x58, 0xfb, 0xee, 0xe6, + 0x23, 0x17, 0x16, 0x89, 0x71, 0x76, 0xdb, 0x77, 0x34, 0x2b, 0x3e, 0x67, + 0x62, 0x58, 0x35, 0xcb, 0xff, 0xdb, 0x94, 0xd0, 0x2c, 0xaf, 0x9e, 0x75, + 0x11, 0x75, 0xd5, 0xab, 0x1b, 0x2f, 0xb2, 0xaf, 0xd3, 0xfe, 0x8b, 0x23, + 0xad, 0x8e, 0x0b, 0x32, 0x2e, 0x8e, 0xe9, 0xbd, 0x59, 0xc3, 0x1d, 0xbe, + 0xbb, 0xb1, 0x5e, 0x06, 0xe0, 0xa3, 0x9b, 0x00, 0xee, 0xc9, 0xd5, 0xa6}, {0x55, 0x6e, 0xa7, 0xb7, 0xb4, 0xca, 0x2c, 0xee, 0x4c, 0xb4, 0xa3, 0x86, 0x74, 0x4b, 0x99, 0xcc, 0x7f, 0xea, 0x3a, 0xd3, 0x59, 0xca, 0xc1, 0xf0, 0x8f, 0xac, 0x04, 0x17, 0xe0, 0x51, 0xac, 0x35, 0xa7, 0x04, 0xc0, 0x51, @@ -7106,7 +7141,7 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0xe8, 0x9e, 0x18, 0x99, 0x17, 0x21, 0x5c, 0xc0, 0x13, 0xad, 0xd1, 0xc0, 0x7f, 0x8e, 0xb1, 0xde, 0x06, 0x9c, 0xe0, 0x48}, priv_key_66, - false}, + true}, // Comment: ps is all 1 // tcID: 10 @@ -7211,7 +7246,26 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { // Comment: byte 0 of ps is 0 // tcID: 12 {12, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x03, 0x7a, 0x7a, 0x13, 0x23, 0x93, 0x4e, 0xd8, 0x3a, 0xaa, 0x79, 0x21, + 0xb1, 0xaf, 0xb1, 0x0d, 0xa9, 0x33, 0x17, 0x1e, 0xe6, 0xcb, 0xe1, 0xd3, + 0x90, 0x3c, 0x5b, 0xff, 0xa7, 0x2d, 0x16, 0xa1, 0xed, 0x1d, 0x21, 0x75, + 0xb2, 0x88, 0x50, 0x5a, 0x28, 0x7b, 0x59, 0x42, 0x5e, 0xdf, 0xc0, 0xe3, + 0x99, 0x3c, 0x6c, 0x1d, 0x4a, 0xa0, 0x26, 0xc8, 0x2b, 0x91, 0xc2, 0x64, + 0xaa, 0xe0, 0xdf, 0x54, 0xbb, 0x11, 0x83, 0x49, 0x8b, 0xd6, 0x8b, 0x47, + 0x57, 0x99, 0x18, 0xf4, 0x0c, 0xec, 0x24, 0x1f, 0x71, 0x1e, 0xb2, 0x5d, + 0xe1, 0x14, 0xa8, 0x74, 0xf7, 0x0f, 0xeb, 0xec, 0x4f, 0x2d, 0x95, 0x5e, + 0x11, 0x6b, 0x43, 0x48, 0xc2, 0x8b, 0x87, 0x1c, 0xa2, 0xba, 0xd1, 0xdf, + 0xf4, 0x12, 0x86, 0x8d, 0x7e, 0xac, 0xf2, 0x1d, 0x70, 0x98, 0x37, 0xec, + 0xd7, 0x88, 0x25, 0x7f, 0x9b, 0xbd, 0xf4, 0xf7, 0x25, 0xb4, 0x09, 0x0a, + 0x64, 0xc6, 0x4e, 0x82, 0x5e, 0x01, 0x21, 0xd0, 0x4c, 0x75, 0xb9, 0x76, + 0xbc, 0xe6, 0x88, 0x57, 0x23, 0x4a, 0x8d, 0x6f, 0x74, 0x46, 0xfc, 0x9d, + 0x6d, 0x71, 0x74, 0x5e, 0xb6, 0x71, 0x51, 0x77, 0x1a, 0x16, 0x3e, 0x39, + 0xe9, 0x3b, 0xa6, 0xfe, 0xd7, 0x38, 0x8e, 0x68, 0x64, 0xf8, 0xb4, 0xf8, + 0x49, 0xd2, 0x89, 0xa9, 0xa1, 0x3e, 0x8f, 0x4e, 0xf9, 0xf2, 0xce, 0xc9, + 0xbc, 0xa2, 0xdc, 0x33, 0x5e, 0x28, 0x22, 0xf6, 0xf8, 0x22, 0xc4, 0x32, + 0x4b, 0xa9, 0x58, 0x5c, 0x28, 0xab, 0x58, 0xf5, 0xe5, 0x56, 0xd7, 0x2d, + 0x4d, 0xc4}, {0x4a, 0x7a, 0x03, 0x20, 0x2b, 0x98, 0x23, 0x09, 0xbc, 0xf2, 0xf9, 0x9d, 0x30, 0xcd, 0x0b, 0xeb, 0xe2, 0x4b, 0x43, 0x80, 0x0e, 0x3b, 0xef, 0x58, 0xab, 0xbc, 0x11, 0xe8, 0x65, 0xec, 0x2b, 0xce, 0xed, 0x4d, 0x25, 0xae, @@ -7256,12 +7310,16 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x2e, 0x08, 0x4b, 0xb6, 0xa1, 0x5f, 0x07, 0x0d, 0x40, 0x9d, 0xf7, 0xe7, 0xfc, 0x80, 0x2e, 0x0e, 0x6a, 0x98, 0x8a, 0x05}, priv_key_66, - false}, + true}, // Comment: byte 1 of ps is 0 // tcID: 13 {13, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x5a, 0x5f, 0x3c, 0xfa, 0xcb, 0x59, 0xe7, 0xaa, 0x7d, 0xad, + 0x3a, 0x79, 0x05, 0x25, 0x9c, 0x38, 0x13, 0x1f, 0x07, 0x10, + 0xdc, 0x75, 0xe5, 0x47, 0x2c, 0x2c, 0x28, 0xc8, 0x62, 0xe9, + 0x05, 0xa4, 0xb3, 0x0e, 0x65, 0x94, 0x64, 0xd8, 0xef, 0x5b}, {0x05, 0x25, 0x6d, 0xdf, 0x55, 0x99, 0x1c, 0xf3, 0xe7, 0x4b, 0x8f, 0xb8, 0xb3, 0x17, 0x2d, 0xb6, 0xe3, 0x27, 0xf1, 0x5c, 0x2c, 0xf1, 0x38, 0x30, 0xfd, 0x16, 0x97, 0x16, 0xf7, 0xe5, 0xe7, 0x17, 0x14, 0x7f, 0x91, 0x60, @@ -7306,12 +7364,15 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x51, 0x7e, 0xc2, 0x15, 0x7f, 0x57, 0xf4, 0xa3, 0x6c, 0xbf, 0xad, 0xab, 0x9b, 0xa6, 0xc8, 0x58, 0x9e, 0xb0, 0x33, 0x10}, priv_key_66, - false}, + true}, // Comment: byte 7 of ps is 0 // tcID: 14 {14, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x9c, 0x62, 0xf9, 0xf4, 0xc1, 0x35, 0x0b, 0x05, 0x0d, + 0x45, 0x25, 0x86, 0x0b, 0x52, 0xe7, 0x44, 0xc5, 0x53, + 0x31, 0x8f, 0xb1, 0x93, 0xbb, 0x2f, 0x7a}, {0x9e, 0xa6, 0x99, 0x11, 0x24, 0xc0, 0x47, 0x78, 0x8b, 0x4c, 0xe7, 0x68, 0x61, 0x4e, 0xdc, 0x52, 0xcb, 0x1b, 0xf8, 0x88, 0x65, 0xf8, 0x0a, 0x7b, 0x7b, 0xbb, 0xc4, 0x35, 0xc1, 0x38, 0x96, 0x25, 0xa0, 0x85, 0xa5, 0x03, @@ -7356,12 +7417,28 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x6a, 0x2f, 0xe8, 0x38, 0x6c, 0xdf, 0xe9, 0x97, 0x32, 0x31, 0x60, 0x26, 0xa2, 0xc6, 0x32, 0xaf, 0xe5, 0x08, 0x42, 0x97}, priv_key_66, - false}, + true}, // Comment: ps truncated // tcID: 15 {15, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x2f, 0x7f, 0x06, 0x4c, 0xaa, 0xd2, 0xdd, 0x14, 0xbe, 0x16, 0x80, 0xae, + 0x3b, 0x7d, 0x11, 0xca, 0x46, 0x1d, 0xec, 0x4b, 0x20, 0x6e, 0x7d, 0x33, + 0x94, 0x76, 0xb0, 0xc6, 0x9f, 0x7d, 0xb3, 0x27, 0xfc, 0x58, 0x84, 0xff, + 0x02, 0x50, 0x88, 0xd2, 0x34, 0x8c, 0xba, 0x80, 0x74, 0x4d, 0xba, 0xb7, + 0x04, 0x28, 0xaa, 0x56, 0x65, 0x2b, 0x84, 0xfe, 0xd2, 0x82, 0x06, 0xd0, + 0x6a, 0xb6, 0x1e, 0x58, 0x94, 0x3b, 0x6f, 0x68, 0x2c, 0x7c, 0x12, 0x42, + 0x44, 0xe0, 0x1f, 0x7e, 0xca, 0x48, 0x06, 0x07, 0x7b, 0x5d, 0xdd, 0x53, + 0xdd, 0xf3, 0xa2, 0x48, 0x7a, 0xb8, 0x79, 0x16, 0x5c, 0xbe, 0x02, 0x83, + 0xab, 0x1b, 0x7e, 0x1c, 0x10, 0x6b, 0x95, 0x82, 0x90, 0x34, 0x8e, 0xde, + 0x21, 0xbf, 0xdb, 0xbb, 0x3e, 0x5b, 0x26, 0xf7, 0x42, 0x7b, 0x0c, 0x41, + 0x19, 0xc6, 0x2f, 0x94, 0xbc, 0x0d, 0xda, 0x34, 0x8e, 0xfc, 0xb6, 0x56, + 0xf9, 0x66, 0x96, 0xaa, 0x15, 0xcc, 0x99, 0x9b, 0x4b, 0x53, 0xb9, 0xc3, + 0x91, 0xfb, 0x49, 0x3a, 0x4b, 0xdc, 0x9a, 0x2f, 0xe3, 0x9f, 0x85, 0x02, + 0x25, 0x96, 0xbf, 0x7c, 0x45, 0x84, 0xcb, 0x0a, 0x7e, 0x41, 0x99, 0x08, + 0x0a, 0x67, 0x0a, 0x77, 0x74, 0xa9, 0x72, 0xeb, 0xa8, 0x5e, 0x1d, 0xd2, + 0x9e, 0xd5, 0x00, 0x53, 0x77, 0x5d}, {0x14, 0x27, 0xb2, 0x36, 0x4d, 0xed, 0xf9, 0xb3, 0x3b, 0x1c, 0xf7, 0x0f, 0x88, 0x23, 0xb6, 0x0a, 0x26, 0x86, 0x52, 0x0f, 0x90, 0x4e, 0x89, 0x24, 0x7b, 0xc6, 0xb5, 0xb6, 0x82, 0x17, 0x0f, 0xd1, 0x52, 0x55, 0x4f, 0x86, @@ -7406,12 +7483,45 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x8f, 0x14, 0x2d, 0xf5, 0xf1, 0xcb, 0xbc, 0xf2, 0xa7, 0x13, 0x72, 0x9c, 0x2a, 0x01, 0x17, 0x78, 0x1f, 0x85, 0x09, 0xdf}, priv_key_66, - false}, + true}, // Comment: ps missing // tcID: 16 {16, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x77, 0x0a, 0xbf, 0xf4, 0x5b, 0xef, 0x4e, 0x24, 0xb7, 0xf5, 0xd2, 0x10, + 0x18, 0x64, 0x86, 0x86, 0x89, 0x01, 0xb2, 0x1e, 0x48, 0x15, 0x96, 0x2d, + 0x6d, 0xe9, 0xc1, 0x75, 0x95, 0xaa, 0x66, 0xba, 0x63, 0x40, 0xbc, 0xc7, + 0xe0, 0x11, 0x6f, 0x49, 0x77, 0x1d, 0xa6, 0xd7, 0xd9, 0x5c, 0x4f, 0x0b, + 0xb6, 0x35, 0xe9, 0x1f, 0x7f, 0x02, 0xc5, 0x43, 0x8c, 0xfe, 0xad, 0x2a, + 0xa3, 0xa5, 0xca, 0x58, 0x98, 0xac, 0xc5, 0x1b, 0x93, 0x86, 0xb4, 0xb3, + 0x9f, 0xc2, 0x01, 0x5c, 0x93, 0x33, 0x2b, 0x2c, 0x4c, 0x5d, 0xfe, 0x0d, + 0x87, 0x70, 0x55, 0x64, 0xff, 0x48, 0xcc, 0x8d, 0x6d, 0x0b, 0xbe, 0x64, + 0xa1, 0x45, 0x90, 0x5e, 0xd0, 0xc5, 0x69, 0x5a, 0x40, 0x27, 0xb2, 0x5a, + 0x61, 0x0d, 0x64, 0xba, 0xd6, 0xf0, 0xaa, 0xa7, 0x0f, 0x10, 0x01, 0xb6, + 0x3d, 0x57, 0xb3, 0x35, 0xf6, 0x6e, 0xf5, 0xb2, 0x3b, 0xea, 0x38, 0x69, + 0x74, 0x09, 0xca, 0x10, 0x31, 0x08, 0x4a, 0x88, 0x25, 0x58, 0x22, 0x56, + 0x0a, 0x7b, 0x63, 0x37, 0x52, 0x37, 0x6c, 0x30, 0xbc, 0x0b, 0x20, 0x0d, + 0x52, 0x37, 0x7a, 0x94, 0x14, 0x78, 0xa2, 0x44, 0x12, 0x9e, 0x04, 0x5b, + 0x8a, 0x40, 0x77, 0x32, 0xed, 0xbf, 0x1d, 0x68, 0xdf, 0xce, 0x07, 0x3a, + 0xd6, 0x81, 0x2f, 0x5c, 0x90, 0xde, 0xe9, 0xa9, 0xe6, 0x07, 0x9e, 0xa7, + 0xfb, 0xb5, 0x10, 0x00, 0xb9, 0x2e, 0xaa, 0x4f, 0x63, 0x19, 0x1b, 0x16, + 0xbd, 0xbf, 0x20, 0xbe, 0xa5, 0x64, 0xe8, 0x87, 0xcb, 0x71, 0x3f, 0x92, + 0x88, 0xc7, 0x9a, 0x16, 0x3c, 0x88, 0xf1, 0xe3, 0x08, 0x09, 0xff, 0xe3, + 0x89, 0x09, 0xf4, 0xaa, 0x78, 0x0c, 0xa8, 0x54, 0xc6, 0xd1, 0x10, 0xa9, + 0xfa, 0x54, 0x68, 0x3e, 0x53, 0x67, 0xc7, 0x8c, 0x2a, 0x8a, 0x25, 0x73, + 0x65, 0x71, 0x83, 0x79, 0xfc, 0x1b, 0x46, 0x3a, 0x6f, 0x97, 0x8a, 0x01, + 0xd8, 0x39, 0xcb, 0xd7, 0x5c, 0x49, 0xb2, 0x70, 0x51, 0xc6, 0x45, 0xaf, + 0xc8, 0x3e, 0x51, 0x7a, 0x4b, 0x3d, 0x8d, 0x96, 0x5c, 0x83, 0xec, 0x02, + 0x99, 0x8e, 0x98, 0xce, 0x15, 0x3a, 0xf0, 0xaf, 0x9b, 0x6e, 0xd4, 0xcc, + 0x8f, 0xe0, 0xb9, 0x84, 0x17, 0xed, 0x66, 0x1c, 0x75, 0x5f, 0x4d, 0xeb, + 0xfa, 0xc7, 0x24, 0x63, 0x65, 0x3c, 0x52, 0x0d, 0x4d, 0x6c, 0xc8, 0x5f, + 0x54, 0x2d, 0xec, 0xbe, 0x87, 0xb5, 0xc6, 0x7e, 0x74, 0xcb, 0x87, 0xe4, + 0xc1, 0x9a, 0x59, 0x13, 0x2e, 0x90, 0xb5, 0x79, 0x5f, 0x8c, 0xa1, 0x8b, + 0xa8, 0x0f, 0x50, 0x7f, 0xb9, 0xee, 0x84, 0xb9, 0xaf, 0x80, 0x3b, 0x30, + 0x4d, 0x65, 0x0b, 0x8d, 0x80, 0xaa, 0xb0, 0x35, 0x38, 0x18, 0x45, 0xb8, + 0x09, 0xfe, 0xe3, 0x7c, 0xf7, 0xb2, 0xd9, 0xae, 0x55, 0x74, 0x24, 0x4e, + 0xbe, 0x6a, 0x1a, 0xcf, 0xc3, 0xff, 0x26, 0x36}, {0xa4, 0xdf, 0xae, 0x87, 0x79, 0xa1, 0x1c, 0x42, 0x54, 0xa5, 0x9c, 0x7c, 0x5e, 0xb0, 0x8e, 0x2c, 0xcf, 0x9d, 0x28, 0x69, 0x2c, 0x2d, 0xf4, 0x90, 0x21, 0x84, 0xe6, 0x91, 0x46, 0xc5, 0x77, 0x24, 0xfa, 0x0a, 0x4b, 0x27, @@ -7456,12 +7566,22 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x58, 0x02, 0xc0, 0xbd, 0x55, 0xed, 0x1a, 0x1b, 0xd8, 0x9a, 0x29, 0x09, 0x2f, 0x1c, 0xe7, 0x50, 0xa2, 0x61, 0xa4, 0xb9}, priv_key_66, - false}, + true}, // Comment: Block type = 0 // tcID: 17 {17, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xbb, 0x28, 0xd2, 0x14, 0xe1, 0x25, 0x7a, 0xfe, 0xbc, 0xf6, 0x7e, 0x15, + 0x4f, 0x43, 0x1b, 0x20, 0x30, 0x85, 0x3d, 0x84, 0xfb, 0xb9, 0x22, 0x68, + 0x9d, 0x12, 0x7a, 0xc9, 0x8b, 0x9c, 0xf7, 0x35, 0xbc, 0xe1, 0x01, 0x9c, + 0x5f, 0x83, 0x15, 0xa8, 0x97, 0x20, 0x73, 0x8d, 0x3d, 0x4c, 0xdc, 0xd1, + 0x48, 0xc6, 0x35, 0x60, 0x65, 0xee, 0x41, 0x65, 0xe1, 0x08, 0xcf, 0xbe, + 0x4c, 0xc8, 0x19, 0xe7, 0xf7, 0x4e, 0x4a, 0x3d, 0xa7, 0x00, 0x66, 0x1c, + 0x5b, 0x42, 0xc6, 0x38, 0x78, 0x53, 0xdc, 0xff, 0xc2, 0x60, 0xab, 0x1b, + 0x84, 0xbe, 0x4f, 0x89, 0x17, 0x47, 0x11, 0x7e, 0xb9, 0xca, 0x03, 0x44, + 0x8f, 0xf8, 0xd2, 0x0d, 0x0a, 0x99, 0xdc, 0x71, 0xd2, 0x16, 0x91, 0x6b, + 0x55, 0xb9, 0x24, 0x6a, 0x3a, 0x00, 0x8d, 0x22, 0xaa}, {0x70, 0x7b, 0xba, 0x45, 0xb2, 0xe3, 0x45, 0x89, 0x5f, 0x4d, 0x6e, 0x5f, 0xf7, 0xdd, 0xfd, 0x52, 0x70, 0x35, 0x4f, 0x19, 0x40, 0xb4, 0xc5, 0x18, 0xa6, 0xec, 0x0e, 0x0b, 0x47, 0xd9, 0xb5, 0x2c, 0xfc, 0xac, 0x90, 0x8b, @@ -7506,12 +7626,35 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0xe9, 0x49, 0x23, 0x61, 0xe0, 0x93, 0x63, 0xfc, 0x7e, 0xea, 0x0d, 0x91, 0xff, 0x94, 0x17, 0x00, 0x2b, 0x79, 0xa5, 0x7f}, priv_key_66, - false}, + true}, // Comment: Block type = 1 // tcID: 18 {18, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x0a, 0x76, 0xe0, 0x54, 0x71, 0x20, 0x46, 0x74, 0xe5, 0x97, 0x30, 0xaa, + 0xc5, 0x7b, 0x5e, 0xc0, 0xcb, 0x3b, 0xb3, 0xdc, 0x62, 0x28, 0x3a, 0xc0, + 0x68, 0xfe, 0x2e, 0x81, 0x16, 0xbd, 0xcf, 0x3e, 0xf3, 0x22, 0x15, 0x8f, + 0xca, 0xa5, 0xc3, 0xa4, 0xcb, 0x91, 0x47, 0x83, 0x81, 0x2e, 0x19, 0x63, + 0x18, 0x91, 0xf6, 0xa9, 0x31, 0xf2, 0xd2, 0x28, 0x9d, 0x29, 0x51, 0x0f, + 0xa9, 0x86, 0xc0, 0x7d, 0x0e, 0x1a, 0xfb, 0x51, 0x4c, 0xfa, 0x2b, 0xdf, + 0x91, 0x80, 0x6d, 0x55, 0x03, 0xb5, 0x83, 0xbc, 0xb9, 0x4b, 0x8f, 0x49, + 0xba, 0x4e, 0x08, 0x2c, 0x3a, 0x25, 0xc7, 0x3f, 0x9c, 0xe5, 0x17, 0x2c, + 0xff, 0x83, 0x90, 0x92, 0x20, 0x16, 0x5c, 0x37, 0xde, 0xc8, 0xe4, 0x03, + 0x55, 0x45, 0x10, 0x29, 0x41, 0x5b, 0xd3, 0xfd, 0xca, 0x4f, 0x82, 0x31, + 0x8e, 0x94, 0x39, 0xb0, 0x8d, 0x70, 0x56, 0x6f, 0x5d, 0xd0, 0x89, 0xf0, + 0x66, 0xdf, 0xf4, 0x95, 0x80, 0x57, 0xce, 0x3c, 0x4b, 0xa3, 0x93, 0x52, + 0xe8, 0x72, 0xf9, 0x1d, 0x2b, 0xa7, 0x91, 0xcf, 0x2c, 0x1a, 0x62, 0xd0, + 0x1c, 0x4c, 0xa6, 0x90, 0xe8, 0xda, 0xc3, 0xe6, 0x9b, 0x33, 0x4b, 0xcb, + 0xd7, 0x35, 0xc2, 0x94, 0x48, 0x9f, 0xe4, 0x9a, 0x0e, 0x09, 0xd1, 0x85, + 0x17, 0x96, 0x3d, 0xf1, 0xac, 0x46, 0x84, 0xbf, 0x8a, 0x69, 0x78, 0xd7, + 0xcd, 0xce, 0x17, 0xd7, 0xb8, 0xea, 0xd9, 0xa5, 0xbe, 0xf8, 0x44, 0x53, + 0xe0, 0xfa, 0x6b, 0x6f, 0xb2, 0x47, 0xe5, 0xea, 0x97, 0x81, 0x24, 0x4a, + 0x34, 0x14, 0x03, 0x62, 0xf7, 0x3a, 0xf7, 0x00, 0x08, 0x5f, 0xf4, 0x1f, + 0x26, 0x61, 0x6b, 0x7c, 0xa7, 0x6a, 0x86, 0x56, 0x5b, 0x47, 0xf7, 0xc8, + 0x1f, 0xc1, 0xf8, 0x5c, 0xb4, 0xa4, 0x37, 0x5f, 0x11, 0xae, 0xc5, 0xec, + 0xe0, 0x92, 0xcf, 0xcd, 0xe2, 0xec, 0xf2, 0x4c, 0xb3, 0xd2, 0x50, 0x02, + 0x84, 0x61, 0x8f, 0xfe, 0x97, 0xe6, 0xda, 0x1c}, {0xdf, 0x0e, 0xab, 0x19, 0x82, 0xae, 0x5a, 0xb7, 0x97, 0x65, 0xbb, 0xcc, 0x8d, 0xaa, 0xf4, 0x3d, 0x46, 0x59, 0xe9, 0x0a, 0xee, 0x06, 0x02, 0x68, 0x88, 0x0a, 0x84, 0xe9, 0x41, 0x88, 0x19, 0x40, 0xbf, 0xe1, 0x6a, 0xb9, @@ -7556,12 +7699,52 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x83, 0xf5, 0x84, 0x5b, 0x59, 0xb7, 0x94, 0x87, 0x2a, 0x76, 0x78, 0xdf, 0x60, 0xd8, 0xb8, 0x3f, 0xc1, 0xd0, 0xe5, 0x97}, priv_key_66, - false}, + true}, // Comment: Block type = 0xff // tcID: 19 {19, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xd1, 0x5b, 0xcc, 0xb0, 0x44, 0x5f, 0xc0, 0x58, 0xc9, 0xe9, 0x91, 0xc1, + 0xc1, 0x3e, 0x2c, 0x0d, 0xb5, 0x61, 0x22, 0xab, 0xfe, 0x20, 0xf5, 0x5d, + 0xea, 0xba, 0x92, 0xc9, 0x40, 0x80, 0xb1, 0x4d, 0xf1, 0x2c, 0xed, 0xe3, + 0x65, 0xf2, 0xa3, 0x04, 0xed, 0xd9, 0x30, 0x85, 0x32, 0xed, 0x99, 0x54, + 0xbf, 0xce, 0xfe, 0x99, 0x89, 0x6e, 0x53, 0xd1, 0x9d, 0xa5, 0xe6, 0xc5, + 0x02, 0x00, 0x82, 0x1b, 0x56, 0x9b, 0x3f, 0xe4, 0x10, 0xbf, 0xe7, 0x1c, + 0x7b, 0xc3, 0x34, 0x91, 0x14, 0x2a, 0x10, 0xe5, 0x50, 0x5c, 0x64, 0x35, + 0x4f, 0x01, 0x88, 0xec, 0x8d, 0x24, 0xfa, 0x0f, 0xaf, 0x56, 0xc2, 0x8b, + 0xce, 0x83, 0xfd, 0x12, 0xef, 0xa7, 0x48, 0xe9, 0xc0, 0x53, 0x4c, 0xa2, + 0x64, 0x34, 0x24, 0x95, 0x46, 0x48, 0x8f, 0x20, 0x6e, 0xbb, 0x9c, 0xe4, + 0x38, 0x06, 0x3a, 0xd7, 0x43, 0x1f, 0xb4, 0x4b, 0xc6, 0x38, 0xc4, 0x1b, + 0xb7, 0x33, 0x41, 0x2b, 0x42, 0xf9, 0x1d, 0xf7, 0x8f, 0x4d, 0x01, 0x37, + 0x6e, 0x4d, 0xb5, 0x45, 0xa4, 0xfc, 0xc9, 0x4a, 0xdc, 0x52, 0x0e, 0x1b, + 0xdb, 0xfb, 0x6f, 0xef, 0x2a, 0x96, 0xdf, 0x3f, 0xf9, 0x3f, 0x95, 0x01, + 0x7c, 0xbe, 0xdf, 0xb3, 0x6f, 0xe5, 0xb5, 0x0a, 0x5c, 0xff, 0x1d, 0xb1, + 0x10, 0xfa, 0x1f, 0x03, 0xe3, 0xe6, 0x5a, 0xa2, 0x4b, 0x94, 0xa9, 0x6a, + 0xb1, 0xef, 0xe7, 0xce, 0xc9, 0xb5, 0x4d, 0x1d, 0xf2, 0x6b, 0x69, 0xde, + 0x87, 0x88, 0x21, 0xf1, 0xc0, 0xfc, 0x51, 0x15, 0x2f, 0xd2, 0x4b, 0xae, + 0x58, 0x10, 0xa7, 0xd6, 0xf1, 0xef, 0x86, 0x9b, 0x90, 0xcd, 0xd9, 0x6f, + 0x36, 0x56, 0xcb, 0xb3, 0x1a, 0x91, 0x1a, 0x5e, 0xde, 0xae, 0xca, 0x70, + 0x9d, 0x40, 0x49, 0x98, 0xc2, 0x9f, 0x40, 0x51, 0x5a, 0x6c, 0xf6, 0xc9, + 0x9b, 0xd8, 0xc8, 0xd8, 0xd5, 0x21, 0x8e, 0xa0, 0x1d, 0x3c, 0x5f, 0xaf, + 0x43, 0xb6, 0x1d, 0xa3, 0x01, 0x2b, 0x42, 0x14, 0xbb, 0x5f, 0x73, 0x3d, + 0xc8, 0x42, 0x89, 0xc2, 0x65, 0xff, 0xa4, 0x50, 0x84, 0xfa, 0x0e, 0x51, + 0x39, 0x17, 0xae, 0xdf, 0xac, 0x81, 0x6b, 0x8a, 0x2e, 0x5f, 0xbf, 0x89, + 0x3d, 0x9c, 0x51, 0x7f, 0xd0, 0xde, 0x13, 0x2f, 0x57, 0x14, 0x85, 0x3b, + 0x81, 0xcc, 0xd7, 0xa1, 0xc8, 0x45, 0xb1, 0xd3, 0x61, 0x0f, 0xf7, 0x66, + 0x77, 0x4e, 0xd6, 0xcc, 0x6a, 0xb7, 0x4d, 0x38, 0x35, 0xab, 0x93, 0x42, + 0x9b, 0x68, 0xed, 0x36, 0x7c, 0x32, 0x79, 0xe5, 0xf7, 0x3c, 0xa3, 0xa1, + 0x3f, 0xff, 0xd5, 0x2a, 0x41, 0x16, 0xba, 0xe3, 0x4d, 0xe5, 0xe5, 0xb8, + 0xac, 0x98, 0xf2, 0xcd, 0x56, 0x3f, 0x0b, 0x24, 0x6d, 0x0c, 0xa9, 0x56, + 0x23, 0x34, 0x71, 0x7d, 0x58, 0x29, 0xe3, 0x55, 0xd8, 0x22, 0xc7, 0xc1, + 0x10, 0x0f, 0xc1, 0x20, 0x72, 0xae, 0x42, 0xd9, 0x46, 0xd0, 0x45, 0xfd, + 0xbe, 0x6f, 0x33, 0xa5, 0x9c, 0xb2, 0x25, 0x40, 0x61, 0xa7, 0x14, 0xf7, + 0x81, 0x13, 0x31, 0x42, 0x85, 0x1a, 0x61, 0x17, 0x9a, 0xdb, 0xc5, 0x21, + 0xf4, 0x42, 0x63, 0xa3, 0x05, 0xaa, 0xdf, 0x1c, 0x8a, 0xb9, 0x30, 0x23, + 0xa4, 0x91, 0x8a, 0xfa, 0x9b, 0x5e, 0x72, 0x92, 0xd6, 0xae, 0x39, 0x64, + 0x5c, 0x73, 0xe5, 0x71, 0x2a, 0x8d, 0xf2, 0x31, 0x32, 0xdd, 0x0f, 0xfa, + 0x45, 0xae, 0xba, 0xb4, 0x30, 0x2d, 0xc6, 0xb5, 0xba, 0x6c, 0xd7, 0xa3, + 0xf3, 0x49, 0x4f, 0xd8, 0x99, 0x51, 0x30, 0x59, 0x8f}, {0xcf, 0x23, 0x55, 0x09, 0xad, 0xc3, 0xf7, 0x06, 0xff, 0x62, 0xe4, 0x22, 0x83, 0xe0, 0xfd, 0xc3, 0x7e, 0x68, 0xd2, 0xa5, 0x4d, 0xa8, 0x7d, 0x5f, 0x89, 0x5b, 0x99, 0x9f, 0x8d, 0xe6, 0x38, 0xbd, 0x3b, 0x11, 0x11, 0x59, @@ -7606,12 +7789,47 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x71, 0xf3, 0xae, 0x76, 0xf1, 0xc6, 0xe3, 0x2c, 0xee, 0x8a, 0x45, 0x88, 0x00, 0xe0, 0xe4, 0x08, 0x58, 0x31, 0x71, 0xf1}, priv_key_66, - false}, + true}, // Comment: First byte is not zero // tcID: 20 {20, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x42, 0x1b, 0x7a, 0x2d, 0x49, 0x34, 0x83, 0x8c, 0xf3, 0xb9, 0xc5, 0x44, + 0x54, 0xaa, 0xe2, 0xa9, 0x7d, 0x53, 0x99, 0xb1, 0x94, 0x79, 0x8e, 0x70, + 0xd1, 0x16, 0x1d, 0x01, 0x4e, 0xe8, 0xf4, 0x56, 0xde, 0xa5, 0x98, 0x2b, + 0x87, 0xe5, 0xd2, 0x76, 0xcb, 0x88, 0x19, 0x54, 0xc1, 0x0a, 0x09, 0xa6, + 0xf8, 0xfc, 0x93, 0xd0, 0x78, 0xb7, 0xf8, 0x65, 0xa9, 0x02, 0x77, 0xe1, + 0x1f, 0x4d, 0x90, 0x6e, 0x61, 0xdb, 0xff, 0x86, 0x51, 0xe1, 0x6f, 0x1b, + 0x60, 0xec, 0x94, 0xd8, 0xed, 0x7f, 0x01, 0xfc, 0x50, 0x30, 0xb6, 0x7d, + 0x70, 0x99, 0xf2, 0x25, 0x95, 0x81, 0x83, 0xe4, 0x4c, 0x22, 0xc3, 0xea, + 0x77, 0x19, 0x66, 0x44, 0x7e, 0x6d, 0x9a, 0xcf, 0x73, 0xfd, 0xab, 0x8e, + 0x6f, 0x30, 0xe0, 0xac, 0x67, 0x65, 0x95, 0x0b, 0xaf, 0xb4, 0x24, 0x46, + 0xec, 0x33, 0xa0, 0x1b, 0x50, 0x81, 0x04, 0x6d, 0x45, 0x8f, 0x90, 0xdb, + 0x41, 0x7f, 0x52, 0x2b, 0xea, 0xd7, 0x78, 0x17, 0xcd, 0x66, 0xa8, 0x48, + 0x90, 0x10, 0x55, 0x11, 0x10, 0xf7, 0xdc, 0xf0, 0x10, 0x6d, 0x3c, 0xac, + 0x33, 0x85, 0x6e, 0x9d, 0xfd, 0x1f, 0x7f, 0xb1, 0xab, 0xaf, 0xb8, 0x84, + 0xb7, 0xad, 0xe2, 0xa8, 0x98, 0x68, 0x92, 0x22, 0xd8, 0x19, 0xa2, 0x1e, + 0xc1, 0x91, 0xc5, 0x6f, 0x35, 0xea, 0x3f, 0xae, 0xa9, 0x71, 0xb5, 0x01, + 0xca, 0xbb, 0xb6, 0x55, 0x65, 0xc9, 0xc9, 0xd1, 0x57, 0x93, 0x50, 0x63, + 0x14, 0xdc, 0xa6, 0x1b, 0x23, 0x58, 0x74, 0x27, 0x31, 0x36, 0xa1, 0xf8, + 0x32, 0x2e, 0xb9, 0x45, 0x73, 0x41, 0xca, 0x03, 0xc8, 0xd6, 0x71, 0xf5, + 0x9a, 0xd2, 0x46, 0x23, 0x01, 0x61, 0xe1, 0xcb, 0xb0, 0xd1, 0x06, 0xbb, + 0x80, 0xc0, 0x68, 0x7e, 0xd5, 0xc5, 0xb9, 0x0f, 0xa3, 0x08, 0xce, 0x74, + 0xce, 0x7a, 0xaa, 0x86, 0xa6, 0x3b, 0x78, 0xe1, 0x4b, 0xde, 0x8b, 0xa8, + 0xa7, 0x11, 0xae, 0xdf, 0x13, 0x5a, 0xb4, 0xde, 0x1c, 0xde, 0x3d, 0x58, + 0x5a, 0xab, 0xb4, 0x7c, 0x24, 0xe1, 0x05, 0xb0, 0xd1, 0x95, 0x05, 0xbf, + 0x5d, 0xb8, 0xc5, 0x41, 0xb7, 0xc0, 0x20, 0x53, 0xbf, 0xd6, 0x25, 0x7c, + 0xce, 0x98, 0x35, 0x8e, 0xda, 0x38, 0x57, 0xc4, 0x70, 0x85, 0x27, 0xbe, + 0x6c, 0xfa, 0x2b, 0xa8, 0xf0, 0x93, 0x0c, 0x2e, 0xe7, 0xc4, 0xdb, 0xf5, + 0xb5, 0x38, 0x87, 0xc1, 0x58, 0x86, 0x0e, 0xd6, 0xc3, 0x49, 0x5f, 0xd4, + 0x1a, 0xe1, 0x29, 0xfe, 0x7e, 0x90, 0x7f, 0xf7, 0xb1, 0xf5, 0x46, 0x95, + 0x78, 0x55, 0x59, 0x0e, 0xd0, 0x3a, 0xfc, 0xd1, 0xe7, 0x07, 0x8c, 0xb7, + 0x2a, 0xae, 0x8b, 0x8f, 0xde, 0xec, 0xbe, 0x8c, 0x22, 0x93, 0xfd, 0x53, + 0x64, 0xee, 0x9f, 0xb1, 0xef, 0x79, 0x31, 0xaa, 0xbd, 0x39, 0x92, 0xec, + 0x23, 0x88, 0x3f, 0x0d, 0x07, 0x36, 0xd0, 0x1d, 0x6e, 0xb7, 0xf3, 0x01, + 0xc0, 0x4b, 0x3d, 0xe2, 0xe4, 0x9a, 0xa6, 0xaf, 0x18, 0xf8, 0xad, 0xf0, + 0x67, 0xcc, 0xda, 0x5d, 0x75, 0x24, 0x06, 0x9b, 0x7f}, {0x95, 0xe6, 0x86, 0xfa, 0x46, 0x9e, 0x35, 0x57, 0xda, 0x1f, 0x42, 0x7b, 0x01, 0xa3, 0x39, 0xcd, 0x50, 0xb6, 0xae, 0xf7, 0x26, 0x39, 0x5b, 0xab, 0x94, 0xb0, 0x6d, 0x43, 0x7e, 0x2c, 0xa5, 0x46, 0xf0, 0x1a, 0x2f, 0x2e, @@ -7656,12 +7874,25 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0xf2, 0x68, 0xe5, 0x21, 0x0a, 0xac, 0xdc, 0xf1, 0xb3, 0xfd, 0x41, 0xbf, 0xeb, 0x9d, 0xb1, 0x55, 0x0c, 0xed, 0xee, 0x6b}, priv_key_66, - false}, + true}, // Comment: First byte is not zero // tcID: 21 {21, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xa4, 0x6b, 0x87, 0xc0, 0x50, 0x3c, 0x0b, 0xc3, 0x7e, 0x30, 0x42, 0xf4, + 0x42, 0x1a, 0xca, 0xa9, 0x75, 0x3f, 0x07, 0x6d, 0xbf, 0xe9, 0x57, 0xc5, + 0xba, 0x9e, 0xba, 0xb4, 0x5e, 0xc2, 0x67, 0x64, 0xf2, 0xe3, 0xf8, 0x25, + 0x59, 0x04, 0xa3, 0x9f, 0xbb, 0xd5, 0xa3, 0x3f, 0xec, 0x28, 0x1d, 0x97, + 0x7e, 0x73, 0x63, 0x3d, 0x08, 0x0b, 0xb1, 0xe9, 0x5f, 0x1b, 0x90, 0x22, + 0x19, 0xed, 0x92, 0x3a, 0x2e, 0xd1, 0x3a, 0x14, 0x56, 0xc2, 0x8c, 0x58, + 0x82, 0x87, 0xbc, 0xb9, 0xe2, 0xb6, 0x2f, 0x90, 0xba, 0x07, 0x67, 0x4f, + 0x41, 0xf9, 0xc7, 0xb0, 0x80, 0xf9, 0x44, 0xa3, 0xb8, 0xa8, 0x88, 0xf9, + 0xbb, 0x9c, 0x6d, 0x00, 0x98, 0xf0, 0x24, 0x08, 0x44, 0xac, 0x68, 0xaa, + 0x9c, 0xa1, 0x27, 0x5d, 0xcf, 0x16, 0x55, 0xb5, 0x11, 0xf2, 0x1c, 0x0a, + 0x66, 0xf3, 0x99, 0x73, 0xa4, 0x2f, 0x54, 0x73, 0x43, 0xfc, 0x1b, 0x79, + 0x37, 0xce, 0x97, 0xa7, 0x7c, 0xac, 0x65, 0x29, 0x02, 0x60, 0x06, 0xcf, + 0x67, 0xeb}, {0x35, 0xbd, 0xd3, 0x34, 0x43, 0xb5, 0x80, 0x35, 0x5f, 0xc6, 0xb7, 0x02, 0x07, 0x14, 0x20, 0xb4, 0x86, 0x46, 0x12, 0xe0, 0x52, 0x67, 0x18, 0x9e, 0x46, 0xbf, 0xe0, 0x97, 0xfb, 0x82, 0xff, 0x1c, 0xee, 0x6f, 0xde, 0x5e, @@ -7706,12 +7937,53 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x20, 0x06, 0x22, 0x51, 0xe1, 0xa5, 0x70, 0xbe, 0x4a, 0x78, 0xe0, 0xcc, 0x59, 0x49, 0x57, 0x4d, 0xe7, 0x0b, 0xd4, 0x75}, priv_key_66, - false}, + true}, // Comment: signature padding // tcID: 22 {22, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xa8, 0xdc, 0x9d, 0xe7, 0xad, 0x8c, 0xc5, 0xee, 0x2c, 0xa7, 0x5b, 0x03, + 0xad, 0x27, 0xde, 0xdc, 0xfb, 0xc2, 0xa2, 0xed, 0x55, 0x3d, 0xe3, 0x63, + 0xa3, 0x73, 0x61, 0xb5, 0xcc, 0x4d, 0xbc, 0xd2, 0x16, 0xf1, 0x9c, 0x89, + 0xb6, 0xbb, 0x5b, 0x0d, 0x11, 0xb9, 0xef, 0xfb, 0x11, 0x13, 0xf7, 0x11, + 0xf7, 0xac, 0x57, 0x86, 0xb9, 0x86, 0x97, 0xea, 0xa5, 0xdb, 0x81, 0xa1, + 0x89, 0x46, 0xc3, 0xf2, 0xde, 0x5e, 0x09, 0xc3, 0x0d, 0xe4, 0x8d, 0x30, + 0x1d, 0xd8, 0xd0, 0xbf, 0x8d, 0xc6, 0x34, 0x77, 0xe2, 0x89, 0x9e, 0x5f, + 0x94, 0xf6, 0x1f, 0xbf, 0xb3, 0x7c, 0x6b, 0x3c, 0xc0, 0x19, 0x59, 0xcc, + 0xcb, 0xb5, 0xc3, 0x11, 0x46, 0x71, 0x48, 0xb3, 0x03, 0xe0, 0x89, 0x61, + 0x51, 0x18, 0x00, 0x03, 0xa6, 0x70, 0xb1, 0xf5, 0xb1, 0xe4, 0x26, 0x57, + 0x34, 0x17, 0x28, 0x54, 0xbc, 0x7a, 0x42, 0xf2, 0x41, 0x7a, 0x6d, 0x22, + 0x46, 0x1d, 0x3d, 0x77, 0xfb, 0x85, 0xf5, 0xf1, 0xdd, 0x1a, 0xbc, 0x29, + 0x6a, 0x8d, 0x73, 0x29, 0x74, 0x6d, 0x0b, 0x77, 0xf7, 0x06, 0xbe, 0xb2, + 0x40, 0xb7, 0x82, 0x90, 0x86, 0x3a, 0xa1, 0xa0, 0x5c, 0x80, 0xd1, 0x89, + 0x4b, 0x26, 0x05, 0xd1, 0x0e, 0xab, 0x4c, 0x67, 0x27, 0x49, 0xd1, 0xbd, + 0x63, 0x82, 0x74, 0x22, 0x4b, 0x75, 0xfa, 0x72, 0x99, 0x09, 0x53, 0xde, + 0xac, 0x75, 0x6a, 0x81, 0x42, 0x88, 0x95, 0xff, 0x2c, 0x34, 0x93, 0x5a, + 0xbe, 0x15, 0xe9, 0x09, 0x7c, 0x77, 0x49, 0x78, 0x27, 0xaf, 0x35, 0xdf, + 0x9a, 0x62, 0xd0, 0xd9, 0xae, 0x3f, 0xc3, 0x8a, 0x6b, 0x56, 0x42, 0x56, + 0x51, 0xea, 0xdd, 0xd2, 0x7e, 0xb4, 0x65, 0xcf, 0xec, 0x1c, 0x4b, 0x66, + 0xa8, 0xb5, 0xf3, 0x6b, 0x1a, 0xfb, 0xba, 0x01, 0x55, 0xec, 0xaf, 0x0a, + 0xb8, 0x8c, 0x99, 0x78, 0x22, 0x0c, 0x63, 0x8e, 0xdd, 0x8c, 0xcc, 0x84, + 0x78, 0xb2, 0xe1, 0x55, 0x47, 0x16, 0xe7, 0x8f, 0xe0, 0xf8, 0xca, 0xa7, + 0x6f, 0x44, 0xc5, 0x49, 0xc7, 0xed, 0x0a, 0xd7, 0x06, 0x68, 0x1c, 0xa8, + 0x53, 0xf5, 0x9f, 0xbe, 0xf0, 0x29, 0x2f, 0x3d, 0x4a, 0xf1, 0x9a, 0x22, + 0x83, 0x32, 0x11, 0xf3, 0x33, 0x21, 0x35, 0x25, 0xef, 0x15, 0xbb, 0xf2, + 0x3b, 0x0a, 0xf0, 0xd6, 0xfa, 0xea, 0xd4, 0xa3, 0x44, 0x64, 0x31, 0x66, + 0x8c, 0xa7, 0xd6, 0xc0, 0x9e, 0x5c, 0x7e, 0x07, 0x8f, 0x05, 0xe6, 0xd0, + 0xdf, 0x35, 0x44, 0x65, 0xca, 0xcb, 0xad, 0x60, 0x81, 0xe8, 0x22, 0xe1, + 0x75, 0x37, 0x27, 0xe3, 0xcd, 0xc0, 0xd9, 0x6c, 0x56, 0x43, 0xca, 0xd5, + 0xb5, 0x12, 0xec, 0x5e, 0xab, 0xff, 0xa3, 0x5f, 0x98, 0x8d, 0x37, 0x84, + 0x50, 0x98, 0x09, 0xa8, 0x90, 0x15, 0xef, 0x1b, 0x88, 0xbf, 0x82, 0x94, + 0x20, 0xd7, 0x07, 0x14, 0x9e, 0x2a, 0x41, 0x7c, 0x36, 0xe1, 0x27, 0xee, + 0x52, 0x6b, 0xec, 0x0a, 0x6d, 0x81, 0x66, 0x11, 0x3b, 0x2a, 0xe1, 0x2e, + 0x8c, 0x24, 0xee, 0x48, 0x93, 0x21, 0x72, 0xd1, 0xad, 0xa7, 0x43, 0xad, + 0x4f, 0x77, 0xfd, 0x83, 0x63, 0xee, 0x34, 0xa2, 0xca, 0x35, 0x52, 0x80, + 0xc8, 0xa0, 0x64, 0xb6, 0x88, 0x6c, 0xfe, 0xcc, 0x17, 0x84, 0xf1, 0x14, + 0x2e, 0x6a, 0x55, 0xff, 0x85, 0xd2, 0x65, 0xeb, 0x25, 0xf9, 0x79, 0x54, + 0x55, 0x77, 0x9a, 0x04, 0xc7, 0xe3, 0x81, 0x27, 0x87, 0xf8, 0xa5, 0x8b, + 0x84, 0x5e, 0xfe, 0x5e, 0xeb, 0x5c, 0x96, 0x77, 0xef, 0x8f, 0xf3, 0xaf, + 0xff, 0x78, 0xa5, 0x00, 0x07, 0x2c, 0x87, 0x37, 0x5d}, {0xc1, 0xea, 0x62, 0x89, 0x1d, 0xb6, 0x99, 0xa2, 0xa0, 0x8e, 0xa5, 0xd0, 0x11, 0x80, 0xaf, 0xb7, 0x32, 0xb2, 0xb0, 0xce, 0x09, 0xd3, 0xd0, 0xa5, 0x8a, 0x73, 0xbb, 0x2b, 0xf1, 0x4f, 0x6b, 0xb7, 0xad, 0xd6, 0x66, 0x29, @@ -7756,12 +8028,27 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x03, 0x0c, 0xf4, 0xfb, 0x3e, 0x72, 0xf4, 0x5a, 0xe7, 0xe4, 0xaf, 0x23, 0xec, 0x51, 0x65, 0x29, 0x52, 0x45, 0xda, 0x32}, priv_key_66, - false}, + true}, // Comment: no zero after padding // tcID: 23 {23, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x9d, 0x9a, 0x9a, 0x8b, 0x03, 0x17, 0x79, 0xc8, 0x54, 0xa7, 0x1c, 0xbb, + 0x80, 0xa6, 0x31, 0xf6, 0x9f, 0x56, 0x1a, 0x67, 0xcd, 0x5e, 0xb5, 0x7b, + 0xfa, 0xee, 0x51, 0xba, 0xfa, 0x67, 0xf2, 0x7a, 0x18, 0x3b, 0xb7, 0xf5, + 0x0d, 0xd8, 0xed, 0xf3, 0xbd, 0xf6, 0xe2, 0x1d, 0x58, 0x61, 0x93, 0x86, + 0x9e, 0x75, 0x60, 0x3a, 0xb6, 0x4c, 0x73, 0xb0, 0x65, 0x0a, 0x0f, 0xcd, + 0x66, 0x1f, 0x2e, 0x23, 0xfb, 0xc9, 0xd4, 0x7f, 0x95, 0xae, 0x7a, 0xfe, + 0xc3, 0xc6, 0xd9, 0x29, 0x14, 0xda, 0x2f, 0x89, 0x09, 0xab, 0x7c, 0x87, + 0x6a, 0xd5, 0x92, 0x64, 0xf9, 0x77, 0x42, 0x4e, 0x63, 0xdf, 0xb0, 0xac, + 0xdf, 0xf8, 0x3f, 0x8d, 0x38, 0xc5, 0x08, 0x85, 0xa7, 0x03, 0x05, 0x61, + 0x8b, 0x9f, 0x10, 0xdd, 0xcf, 0xad, 0x27, 0x74, 0xa1, 0x1d, 0xfc, 0xf3, + 0xe0, 0xb3, 0xc6, 0x88, 0x5c, 0x94, 0x40, 0x44, 0xba, 0x08, 0xc4, 0x22, + 0xcf, 0xc9, 0x09, 0x55, 0x85, 0x8c, 0xb1, 0x38, 0x8a, 0x2a, 0xc7, 0xf4, + 0xdb, 0x31, 0x33, 0x90, 0xec, 0x77, 0x96, 0x55, 0xc0, 0x91, 0x83, 0xd9, + 0xfa, 0x48, 0x49, 0xc5, 0xe3, 0xf2, 0x08, 0x29, 0xe9, 0x5e, 0x04, 0xf1, + 0xaa, 0x3a, 0x4f, 0x27}, {0x80, 0xbb, 0x96, 0x27, 0xf3, 0x7e, 0xf2, 0xec, 0xcf, 0x2a, 0x82, 0x3f, 0xce, 0x1d, 0x31, 0x73, 0x59, 0xc8, 0x5b, 0x15, 0x4d, 0x49, 0xe7, 0xa4, 0xbf, 0x71, 0x23, 0x54, 0x44, 0x99, 0x36, 0xe1, 0xba, 0xb0, 0x33, 0x2a, @@ -7806,12 +8093,32 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x8f, 0x50, 0xa8, 0x0e, 0x7d, 0x49, 0xa1, 0x9e, 0xbd, 0x9a, 0xbb, 0x23, 0x9f, 0x6d, 0xee, 0x93, 0xa1, 0x82, 0xbe, 0x92}, priv_key_66, - false}, + true}, // Comment: no padding // tcID: 24 {24, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xc6, 0x07, 0xd2, 0x16, 0x2d, 0xe7, 0x23, 0x94, 0x24, 0x69, 0xf1, 0xc8, + 0x08, 0x6a, 0x45, 0x52, 0xa5, 0xa4, 0x09, 0x44, 0x1a, 0xb8, 0x23, 0x3b, + 0xb3, 0x10, 0xec, 0x3b, 0x53, 0x82, 0x8f, 0x12, 0x3b, 0x2d, 0x1a, 0x92, + 0x33, 0x82, 0x7b, 0x03, 0xba, 0x6b, 0xf8, 0xef, 0x74, 0x24, 0xaf, 0x52, + 0xa7, 0x67, 0xc4, 0x41, 0x54, 0x30, 0x16, 0x64, 0xdd, 0xc8, 0xff, 0x22, + 0x09, 0x8f, 0xe1, 0xd5, 0x33, 0x31, 0xf5, 0x9e, 0xc5, 0x7e, 0x06, 0xd2, + 0x45, 0x38, 0xff, 0xad, 0xd2, 0x0c, 0x9e, 0x4c, 0xf9, 0x13, 0xe5, 0xcf, + 0x56, 0x8e, 0xb9, 0xb0, 0xc4, 0xa0, 0x19, 0x5d, 0xa8, 0xcf, 0x81, 0x32, + 0x44, 0x68, 0xf7, 0x04, 0x33, 0x7a, 0x5b, 0xb7, 0xef, 0x49, 0xbb, 0xe2, + 0x7d, 0xaf, 0xd0, 0x15, 0x29, 0x9a, 0xed, 0xa7, 0x79, 0x02, 0x48, 0x62, + 0x52, 0x2c, 0x01, 0x4a, 0x67, 0xd0, 0x9f, 0x38, 0xb6, 0x6f, 0x3e, 0x0a, + 0x98, 0x93, 0x52, 0x78, 0x0e, 0x93, 0x56, 0x7e, 0x80, 0x92, 0x5c, 0x23, + 0xce, 0x72, 0x94, 0x99, 0xbb, 0x2d, 0x4c, 0xdd, 0x83, 0xfc, 0x5d, 0x52, + 0xa8, 0xca, 0xcb, 0x1e, 0x79, 0xd5, 0xb2, 0xaf, 0x9a, 0xde, 0x39, 0x51, + 0x9d, 0x52, 0x25, 0x3f, 0xe0, 0x71, 0xbb, 0x3c, 0x34, 0xe9, 0x59, 0x9a, + 0xb5, 0x81, 0x22, 0x1f, 0x1d, 0x8e, 0xd0, 0x0f, 0xc7, 0x84, 0xe8, 0x90, + 0x8c, 0x6f, 0x01, 0x71, 0x89, 0x02, 0x12, 0x2c, 0x80, 0xa7, 0x78, 0xe5, + 0x9a, 0xc1, 0x26, 0xc2, 0x25, 0xb8, 0xed, 0xec, 0xdf, 0x10, 0xe9, 0x2a, + 0x34, 0xe5, 0x32, 0xc6, 0xe7, 0x5c, 0xb4, 0x41, 0x0d, 0x6d, 0xff, 0xe1, + 0xc4, 0x3c}, {0x91, 0x7f, 0x64, 0x04, 0xf9, 0xaa, 0xd2, 0x8b, 0x2e, 0x68, 0xc5, 0xa6, 0xd8, 0xd8, 0x9d, 0x31, 0xa5, 0xd9, 0x63, 0xf5, 0x5c, 0x5b, 0x30, 0xe2, 0xe2, 0x32, 0x11, 0x82, 0x55, 0x9b, 0x9b, 0x42, 0x3d, 0x5c, 0xca, 0xe8, @@ -7856,12 +8163,25 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x3f, 0x59, 0x45, 0xd2, 0x40, 0xb9, 0xb3, 0xb8, 0x58, 0x02, 0x83, 0x98, 0xb2, 0x71, 0xda, 0xd7, 0x15, 0xe7, 0xc7, 0x9e}, priv_key_66, - false}, + true}, // Comment: m = 2 // tcID: 25 {25, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x83, 0x11, 0x9b, 0x47, 0xb1, 0xce, 0xef, 0xa2, 0x99, 0xda, 0xa9, 0xc2, + 0x5f, 0x15, 0x2a, 0x4c, 0x28, 0x66, 0x6c, 0x70, 0x72, 0x7c, 0x71, 0x23, + 0x99, 0x06, 0xcd, 0xc1, 0xe9, 0xf3, 0x93, 0xc0, 0xec, 0x60, 0xfd, 0x2c, + 0x51, 0x10, 0xd7, 0x55, 0x70, 0x62, 0xa3, 0x99, 0x73, 0x59, 0xc4, 0x33, + 0x66, 0x2f, 0x9d, 0x8b, 0x6f, 0x4d, 0x4e, 0x47, 0xa6, 0xd2, 0x9d, 0x51, + 0xa5, 0xcf, 0x59, 0x86, 0x74, 0x31, 0xe8, 0xc2, 0x5a, 0xa3, 0xa4, 0x11, + 0x16, 0x0f, 0x99, 0xf3, 0x4f, 0x8e, 0x82, 0x08, 0xf3, 0x64, 0x46, 0xbb, + 0x0c, 0x8f, 0x7a, 0x58, 0xea, 0x54, 0xb2, 0xc3, 0x11, 0x89, 0xd4, 0xbe, + 0xcb, 0x51, 0xc3, 0x50, 0x72, 0x94, 0xca, 0xbb, 0xcd, 0xaa, 0x87, 0xbf, + 0x7f, 0xa1, 0x11, 0x0b, 0xa9, 0x5b, 0xe4, 0x7c, 0x83, 0x18, 0x76, 0xd8, + 0x43, 0x37, 0x91, 0xc1, 0x90, 0x23, 0x03, 0x67, 0x12, 0x28, 0x73, 0xc4, + 0x7c, 0xeb, 0x33, 0x26, 0x75, 0x8e, 0x1c, 0x29, 0x51, 0xbb, 0xbe, 0xb6, + 0xaa, 0x42, 0xe7, 0x0a, 0x49, 0x68, 0x65}, {0xe1, 0x14, 0xae, 0x9a, 0x71, 0x3e, 0x4c, 0xad, 0xce, 0x8b, 0xdc, 0x80, 0x66, 0x7f, 0x94, 0xaa, 0x59, 0x77, 0x88, 0xd8, 0xff, 0xef, 0x3b, 0xa7, 0x4e, 0xfc, 0xb8, 0xf8, 0xa2, 0x72, 0x20, 0x63, 0x94, 0x72, 0xe1, 0x57, @@ -7906,12 +8226,24 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x2d, 0x40, 0x86, 0xf1, 0xea, 0x8e, 0x22, 0xab, 0xa3, 0xa9, 0x30, 0x25, 0x88, 0x61, 0xcb, 0x8f, 0x26, 0x85, 0x3d, 0xba}, priv_key_66, - false}, + true}, // Comment: m = n-2 // tcID: 26 {26, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x46, 0x9e, 0xf3, 0x79, 0x73, 0x31, 0xba, 0xd6, 0x02, 0x6b, 0xc6, 0x5f, + 0xa5, 0x4a, 0x7a, 0xd7, 0x0b, 0xe3, 0x05, 0xbf, 0x23, 0x93, 0x75, 0xb9, + 0x51, 0x28, 0xf5, 0xca, 0xb2, 0xc7, 0x81, 0x8d, 0xda, 0x54, 0xdd, 0x15, + 0x54, 0x7c, 0xaa, 0x1b, 0x1f, 0x1a, 0xcc, 0x06, 0x00, 0x5d, 0xc8, 0x13, + 0xc6, 0x2f, 0x6c, 0x22, 0x9b, 0x6d, 0xff, 0x45, 0x01, 0xb1, 0xbe, 0x3d, + 0xc2, 0x89, 0x33, 0xec, 0x2c, 0x49, 0x6b, 0xdb, 0x23, 0xa2, 0xb0, 0xf4, + 0xa4, 0x49, 0x5f, 0x12, 0x93, 0x6b, 0x4b, 0x3b, 0x36, 0xd6, 0xef, 0x3b, + 0x00, 0xc8, 0x16, 0xcb, 0x90, 0xfa, 0x62, 0x0c, 0xa3, 0x1e, 0xc0, 0xaa, + 0xf6, 0x84, 0x79, 0x24, 0xc7, 0xc7, 0x87, 0x69, 0x02, 0xd8, 0xd8, 0x51, + 0xa5, 0xcf, 0x57, 0x20, 0xed, 0x92, 0x57, 0xbf, 0x8a, 0x4a, 0x5f, 0x0a, + 0x9b, 0xf0, 0x42, 0x5e, 0x17, 0x38, 0x73, 0x29, 0xb8, 0x8c, 0x6e, 0x69, + 0xa6, 0x2e, 0x67, 0x88, 0x04, 0x73}, {0x14, 0xed, 0x0f, 0x73, 0x5b, 0x91, 0xfd, 0xf6, 0x3c, 0x87, 0x17, 0x71, 0x2b, 0x2e, 0x83, 0x17, 0xa0, 0x51, 0x37, 0xdd, 0x8e, 0x8b, 0x3c, 0x39, 0xfc, 0xe5, 0xa3, 0x43, 0xd6, 0x95, 0xaa, 0xb9, 0x9f, 0x34, 0x0d, 0xea, @@ -7956,12 +8288,32 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x31, 0xfe, 0x47, 0x44, 0x0d, 0xaf, 0x40, 0xc2, 0x19, 0x2c, 0x7b, 0xce, 0xfc, 0xd8, 0x39, 0x8e, 0x92, 0xc8, 0x12, 0x8b}, priv_key_66, - false}, + true}, // Comment: c = 0 // tcID: 27 {27, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xff, 0xc3, 0xee, 0x0f, 0x71, 0x4b, 0xb1, 0x7e, 0x0e, 0x1a, 0x51, 0x99, + 0x32, 0xd8, 0x0f, 0xbf, 0x0a, 0x35, 0x4f, 0xdf, 0xb1, 0x55, 0xfe, 0xe5, + 0x35, 0x9d, 0xb1, 0x84, 0x95, 0x14, 0x79, 0x00, 0xdd, 0x0a, 0xd2, 0x93, + 0xe3, 0xb4, 0x4d, 0x58, 0x0c, 0x36, 0xd7, 0xd3, 0x40, 0x06, 0xeb, 0x3c, + 0x50, 0xf7, 0x88, 0x78, 0x52, 0x88, 0x74, 0xfc, 0xc0, 0x4f, 0x3d, 0x19, + 0xd5, 0x33, 0xbf, 0x11, 0xcb, 0xcf, 0xe7, 0x38, 0xc1, 0x89, 0xa4, 0xc2, + 0xb5, 0xce, 0x33, 0x2a, 0x26, 0xa3, 0xbc, 0x4a, 0x4f, 0xe9, 0xfd, 0x6d, + 0x35, 0x5b, 0xa2, 0x40, 0xf5, 0x88, 0x7c, 0xef, 0xd6, 0x68, 0xa3, 0x9f, + 0x44, 0x28, 0xef, 0x95, 0x6c, 0xc3, 0xb8, 0xe2, 0xfc, 0x21, 0xa2, 0x76, + 0xdb, 0x75, 0x91, 0x67, 0xa7, 0x8a, 0x3d, 0x06, 0x11, 0x23, 0x39, 0xd3, + 0xbd, 0xe5, 0x62, 0xb8, 0x2d, 0xf7, 0x8b, 0x7c, 0x51, 0xd1, 0x31, 0x41, + 0xba, 0x19, 0xa8, 0xa8, 0x83, 0x93, 0xb5, 0x22, 0x3e, 0x95, 0x2d, 0xdf, + 0xe8, 0x63, 0xb5, 0xee, 0x89, 0x19, 0xd0, 0x1d, 0xcf, 0x55, 0x63, 0x7b, + 0x84, 0x49, 0x6a, 0xf6, 0x5b, 0x35, 0xdf, 0xb7, 0x43, 0x75, 0xbf, 0xd9, + 0x3a, 0x7c, 0x56, 0x21, 0x06, 0x59, 0x25, 0x46, 0x6d, 0xd6, 0xf8, 0xb3, + 0x82, 0x0c, 0x66, 0x23, 0xda, 0x37, 0xa6, 0x3f, 0x79, 0x6a, 0xd6, 0x95, + 0xaa, 0xb0, 0x04, 0xff, 0x8e, 0x27, 0xa8, 0x6d, 0x89, 0xd1, 0xf4, 0x8e, + 0xc9, 0x9a, 0xb9, 0x87, 0x82, 0x13, 0xfe, 0x77, 0x1b, 0xd9, 0xdc, 0x80, + 0x48, 0x21, 0x00, 0x5d, 0xa8, 0x3e, 0x3c, 0x28, 0x13, 0x98, 0x2b, 0xf5, + 0x0e, 0x7f, 0x8d, 0x32}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -8006,12 +8358,23 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, priv_key_66, - false}, + true}, // Comment: c = 1 // tcID: 28 {28, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0x74, 0xb2, 0x05, 0x5d, 0x73, 0x55, 0x62, 0x2e, 0x93, 0xc7, 0x91, 0xf0, + 0xc3, 0x20, 0x00, 0x25, 0xb9, 0x12, 0x86, 0x16, 0xea, 0x3a, 0x95, 0x2e, + 0x41, 0xa4, 0xd6, 0x68, 0x6b, 0xfb, 0x0c, 0x70, 0xcc, 0x56, 0x80, 0xdf, + 0x7e, 0x7e, 0x22, 0x9f, 0x06, 0x39, 0x08, 0xec, 0xc3, 0x30, 0x07, 0x10, + 0x6f, 0x62, 0x8c, 0x05, 0x59, 0xa6, 0xfd, 0x87, 0xdc, 0xb3, 0xce, 0x7f, + 0x9d, 0xc1, 0xc1, 0x1a, 0xf7, 0xb3, 0x46, 0x9e, 0xac, 0xfe, 0x41, 0x50, + 0x0d, 0x06, 0xf6, 0x27, 0x67, 0x97, 0xde, 0x26, 0xe6, 0x17, 0x01, 0xf8, + 0x6c, 0x41, 0xe0, 0x66, 0xaa, 0xe9, 0x3b, 0x43, 0x61, 0xeb, 0xd0, 0xfd, + 0x0b, 0xab, 0x1c, 0x8e, 0x21, 0x50, 0xff, 0xc1, 0x7f, 0x33, 0xe0, 0x7b, + 0x7f, 0xec, 0xee, 0xa0, 0x86, 0x7a, 0x57, 0x63, 0x42, 0x30, 0xf6, 0xb9, + 0x3c, 0x82, 0x5b, 0x24, 0x65, 0x75, 0x4c, 0xfa}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -8056,12 +8419,38 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, priv_key_66, - false}, + true}, // Comment: c = n-1 // tcID: 29 {29, - {0x54, 0x65, 0x73, 0x74}, + // This is a Bleichenbacher synthetic generated result + {0xa2, 0xa6, 0x74, 0x8f, 0x27, 0x2c, 0x28, 0x3c, 0xb4, 0xe3, 0x39, 0x6b, + 0xc4, 0xd6, 0x55, 0x06, 0xbc, 0xdb, 0x8d, 0x25, 0x6a, 0x75, 0x8c, 0x0b, + 0xc0, 0xa5, 0xc9, 0x85, 0xba, 0x71, 0x62, 0x2f, 0x88, 0x9d, 0xd1, 0x1e, + 0x47, 0x03, 0xb5, 0x0e, 0xff, 0x43, 0x90, 0xda, 0xcd, 0x85, 0x7c, 0x30, + 0xad, 0xa1, 0x47, 0x0f, 0xbe, 0x07, 0x6e, 0xcd, 0xbc, 0x60, 0x88, 0xb3, + 0x1a, 0x2b, 0xce, 0x12, 0x30, 0x95, 0xea, 0x46, 0x91, 0x86, 0xee, 0x0f, + 0x8d, 0x39, 0x73, 0xb6, 0xbb, 0x2e, 0x67, 0x87, 0x73, 0x2c, 0x1b, 0x50, + 0x65, 0xa3, 0xbf, 0x32, 0x85, 0x2e, 0x2f, 0x5d, 0xd1, 0x93, 0xa8, 0x9c, + 0xc2, 0xe4, 0x32, 0x07, 0x9d, 0x1c, 0x85, 0xb2, 0x5b, 0x75, 0xd6, 0x52, + 0x9f, 0x64, 0x37, 0x50, 0xa2, 0x8a, 0x78, 0x88, 0x09, 0x0a, 0x19, 0xd5, + 0x6d, 0x33, 0x96, 0x01, 0x4e, 0xd9, 0x64, 0x06, 0xc7, 0xc6, 0x55, 0x51, + 0x4e, 0x93, 0x95, 0x05, 0x9a, 0xb3, 0xee, 0xeb, 0xe5, 0xe1, 0xea, 0xe4, + 0xe1, 0x82, 0x0a, 0xe3, 0xe1, 0x05, 0xd1, 0xf0, 0x9a, 0xe8, 0xc8, 0xe9, + 0xb6, 0x57, 0x78, 0x61, 0x3d, 0x2c, 0x53, 0x9c, 0x8e, 0x57, 0x21, 0x56, + 0xa3, 0x16, 0x26, 0x1a, 0x85, 0x9c, 0xa9, 0x7d, 0x80, 0x18, 0x80, 0xf4, + 0x0f, 0x60, 0x4d, 0xed, 0xdb, 0xfb, 0x0a, 0x4e, 0x6c, 0xd4, 0x51, 0x5b, + 0x9c, 0xfa, 0xa8, 0xb0, 0xda, 0x6a, 0x29, 0x39, 0xa1, 0x9c, 0xa5, 0xb0, + 0xc2, 0x86, 0xd3, 0xb0, 0x75, 0xa7, 0xaf, 0x9a, 0x2e, 0x38, 0x9a, 0x73, + 0xe3, 0x67, 0xab, 0xf2, 0xd5, 0x60, 0xd9, 0xcc, 0x50, 0x56, 0x58, 0x5d, + 0xce, 0x45, 0x48, 0x81, 0x30, 0x4e, 0x69, 0x45, 0x78, 0x8d, 0x9c, 0xa3, + 0xb1, 0x21, 0xac, 0x26, 0xf7, 0xe3, 0xca, 0xad, 0x8c, 0xb5, 0x8d, 0x64, + 0xbb, 0x6e, 0x4b, 0x75, 0x13, 0xf5, 0x1e, 0x5c, 0x75, 0x29, 0xaf, 0x30, + 0x23, 0x89, 0x5f, 0x03, 0x19, 0xba, 0xaf, 0x7c, 0x38, 0xd3, 0x64, 0x7c, + 0x9b, 0xbf, 0xa3, 0xce, 0x33, 0x29, 0xcb, 0x9c, 0x87, 0x7e, 0x59, 0xef, + 0x49, 0xe4, 0xde, 0x10, 0x4b, 0x20, 0xbe, 0xa0, 0xc8, 0x37, 0x67, 0x11, + 0xba, 0xa2, 0x7f, 0x6e, 0x0f, 0xb5}, {0xf6, 0x01, 0xbe, 0x0d, 0xcc, 0xd0, 0x4a, 0xa4, 0x0b, 0x12, 0xf3, 0xf1, 0x91, 0xae, 0x17, 0xc1, 0xf9, 0xc8, 0xc0, 0xb6, 0x8e, 0x7a, 0x77, 0xe1, 0x4b, 0xe2, 0x5c, 0x3c, 0x79, 0x07, 0xcb, 0x1d, 0x33, 0xa6, 0xef, 0x41, @@ -8106,7 +8495,7 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x5f, 0x3e, 0xce, 0x35, 0xf8, 0x3d, 0x63, 0x6d, 0xbc, 0xd5, 0xab, 0xf4, 0x85, 0x3a, 0x05, 0x1d, 0xb9, 0x4d, 0x50, 0x44}, priv_key_66, - false}, + true}, // Comment: ciphertext is empty // tcID: 30 @@ -10034,48 +10423,24 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { // Comment: edge case for montgomery reduction with special primes // tcID: 57 {57, - {0xe7, 0x6e, 0x5a, 0xfe, 0xd8, 0x6d, 0xf0, 0x19, 0x22, 0x63, 0x29, 0xb0, - 0x40, 0x16, 0xeb, 0x6b, 0x10, 0x1e, 0x9b, 0xcf, 0x2f, 0x7b, 0x34, 0xbe, - 0x04, 0xcf, 0xdb, 0x34, 0x38, 0x98, 0xd4, 0xf8, 0xa7, 0x3b, 0xb5, 0xdf, - 0xa6, 0xb9, 0xf6, 0xbc, 0xf1, 0xb8, 0x34, 0x74, 0xea, 0x1c, 0xf1, 0xc0, - 0x89, 0x13, 0x1d, 0x97, 0x6b, 0x90, 0x64, 0x71, 0x75, 0x49, 0x6a, 0x4c, - 0xf9, 0x4a, 0x75, 0xb0, 0x8a, 0x0b, 0x2f, 0xad, 0xe4, 0x57, 0x92, 0xd6, - 0x5b, 0x7a, 0x98, 0xb1, 0x65, 0x07, 0xc3, 0x3c, 0x10, 0x8a, 0xf2, 0x4b, - 0xde, 0x91, 0xb7, 0xdf, 0x28, 0x8b, 0x89, 0x93, 0x95, 0x1c, 0x34, 0x6e, - 0x25, 0x74, 0x86, 0x7c, 0xdb, 0x1c, 0xd5, 0xdb, 0x39, 0xf0, 0x04, 0x1e, - 0x0d, 0x09, 0x05, 0x43, 0xd5, 0x13, 0x18, 0xed, 0xb5, 0x2f, 0x3b, 0x92, - 0x26, 0x13, 0x48, 0xa2, 0x1b, 0x46, 0x50, 0xcb, 0x56, 0xf0, 0x05, 0xa3, - 0x2a, 0x3e, 0x39, 0xf5, 0x76, 0xc2, 0x47, 0x87, 0x39, 0xf9, 0x7c, 0xed, - 0xf7, 0x30, 0x1c, 0x39, 0xeb, 0xef, 0xbb, 0xe4, 0xd5, 0x10, 0xaa, 0x59, - 0x7f, 0x4b, 0x00, 0x49, 0xf8, 0xa5, 0xe8, 0x8b, 0xe7, 0xb6, 0x6b, 0x97, - 0x79, 0x65, 0x51, 0xdb, 0x30, 0xfb, 0x14, 0x64, 0x9a, 0x4a, 0x2d, 0x9d, - 0xce, 0x4a, 0x69, 0x31, 0x9f, 0x39, 0xe5, 0xab, 0x86, 0xdc, 0xd1, 0x0b, - 0x08, 0xcf, 0xee, 0x31, 0x2a, 0xb1, 0x7d, 0x59, 0xe2, 0x91, 0x8b, 0xe1, - 0x2c, 0xa1, 0x93, 0x9e, 0x44, 0x4c, 0xb2, 0x0d, 0x5a, 0xfa, 0x37, 0xaa, - 0x02, 0xd2, 0x3e, 0x54, 0x11, 0x03, 0xae, 0xd8, 0x0a, 0x76, 0xf2, 0xcc, - 0xff, 0x76, 0x36, 0xaa, 0x1d, 0xf8, 0x79, 0x8c, 0xa5, 0x7f, 0x2d, 0x11, - 0x07, 0x5b, 0x3f, 0xed, 0x23, 0x87, 0x87, 0x3e, 0x41, 0x80, 0xa6, 0xde, - 0x99, 0x14, 0xbd, 0xfa, 0xe3, 0x66, 0xca, 0xf8, 0x90, 0x37, 0x10, 0x5d, - 0x53, 0x21, 0x02, 0xa7, 0x10, 0x02, 0x68, 0xc8, 0x7e, 0x9f, 0x79, 0x19, - 0x86, 0x4c, 0x64, 0x04, 0xd4, 0x9c, 0x30, 0x8f, 0x53, 0xdd, 0x40, 0xc4, - 0xf2, 0xc4, 0x21, 0x6b, 0x5e, 0x0c, 0x13, 0x1f, 0x1a, 0x97, 0x8b, 0xac, - 0x16, 0xa2, 0xc7, 0xb3, 0xee, 0x62, 0x12, 0xfb, 0x17, 0xe4, 0x2e, 0xe6, - 0x9b, 0x33, 0x94, 0xe2, 0xc0, 0x72, 0x64, 0xda, 0x95, 0x4b, 0x32, 0x2d, - 0xf4, 0x2a, 0xac, 0x99, 0x9e, 0x50, 0x32, 0xba, 0xb4, 0xe2, 0x51, 0x18, - 0x58, 0xc8, 0x30, 0x95, 0x4e, 0x61, 0xcb, 0xa0, 0x87, 0xa0, 0x6c, 0x94, - 0xa9, 0x3e, 0x69, 0x30, 0x81, 0xa7, 0x06, 0xa4, 0xe0, 0xa2, 0xb9, 0xce, - 0xe5, 0xc3, 0x6f, 0x94, 0x18, 0x66, 0xdf, 0xe6, 0xd8, 0x01, 0xe9, 0x66, - 0x0e, 0x8b, 0xab, 0x8d, 0x6f, 0x17, 0x5a, 0x26, 0x37, 0x09, 0xa7, 0xed, - 0x26, 0x6f, 0xd1, 0x35, 0x0e, 0xf8, 0x8b, 0x4a, 0xb9, 0x13, 0xc1, 0x39, - 0x9d, 0x69, 0x3c, 0x8e, 0x79, 0xde, 0xca, 0x2c, 0xe3, 0x5d, 0xee, 0x6a, - 0xc1, 0xab, 0x1c, 0xe6, 0x6f, 0x8f, 0xd1, 0x2b, 0x62, 0xae, 0x98, 0x0e, - 0x2c, 0x8f, 0xf7, 0x52, 0x87, 0xcc, 0x0b, 0x5d, 0xe2, 0xda, 0x59, 0x2b, - 0xbe, 0x36, 0x74, 0x50, 0xab, 0x9c, 0x75, 0xee, 0xca, 0x6e, 0xeb, 0x2d, - 0xcf, 0xd2, 0x9f, 0x74, 0x86, 0x3c, 0xf8, 0xb9, 0x6e, 0x9c, 0x97, 0x9d, - 0xa7, 0xb2, 0x49, 0x82, 0x60, 0x8f, 0xcf, 0xb1, 0xbd, 0x7c, 0x20, 0x64, - 0xd1, 0x52, 0x04, 0xff, 0x67, 0x89, 0x79, 0xae, 0xcf, 0x68, 0x66, 0x0b, - 0x6c, 0x55, 0xaa, 0xbf, 0x06, 0xd4, 0xb3, 0x6d, 0xc2, 0xde, 0xac, 0x17, - 0x2c, 0xba, 0xe6, 0xc7, 0xb6, 0x8d, 0xa1, 0x08, 0xcf, 0x0b}, + // This is a Bleichenbacher synthetic generated result + {0x63, 0x3c, 0x2d, 0x5d, 0xb9, 0x4c, 0x7b, 0x8f, 0xc2, 0x91, 0x1d, 0xe0, + 0xbd, 0x85, 0x7d, 0x5e, 0x9a, 0xd8, 0xe6, 0x67, 0x3c, 0xf9, 0x88, 0x4a, + 0x68, 0x37, 0x92, 0x4f, 0x56, 0xf1, 0xec, 0x7f, 0x8c, 0x2a, 0xd0, 0xdd, + 0x30, 0xd9, 0x6f, 0x7f, 0x6b, 0x0e, 0xe8, 0x8b, 0x65, 0x65, 0x92, 0xba, + 0xa4, 0x38, 0xda, 0x60, 0x5a, 0x61, 0x38, 0x48, 0xd2, 0xda, 0x2a, 0xec, + 0x32, 0x99, 0x39, 0x5f, 0x4b, 0x9c, 0x70, 0xff, 0x63, 0x44, 0x5f, 0x83, + 0x07, 0x1e, 0xae, 0x8a, 0xc7, 0xe9, 0x22, 0x88, 0x6d, 0xeb, 0xca, 0x4c, + 0xb4, 0xf1, 0xfc, 0x05, 0x6d, 0x75, 0x7b, 0x4a, 0x04, 0x4e, 0xe1, 0xec, + 0x40, 0x26, 0x30, 0xc8, 0x4b, 0x2b, 0xad, 0x52, 0x02, 0x23, 0xd8, 0xd5, + 0x89, 0x1c, 0x4e, 0x88, 0xb4, 0xe0, 0x0a, 0x0f, 0x0b, 0xef, 0x44, 0x83, + 0x35, 0xda, 0x7d, 0xbc, 0xf8, 0xbb, 0x6d, 0x1c, 0x2a, 0xaf, 0x7f, 0xf2, + 0xe8, 0x22, 0x15, 0xef, 0xc2, 0x39, 0xcd, 0xaa, 0x77, 0xa9, 0x8a, 0x89, + 0x87, 0x8d, 0x37, 0xb7, 0xc0, 0xb9, 0x75, 0x2d, 0x03, 0x2f, 0x33, 0xe5, + 0x8b, 0x46, 0x59, 0xb8, 0x2a, 0x96, 0xc7, 0x21, 0xa6, 0xcb, 0xab, 0x5a, + 0xde, 0x1a, 0x6b, 0xc0, 0x20, 0xf2, 0xd0, 0xc8, 0xb5, 0x5c, 0xd4, 0x7a, + 0xbf, 0xcb, 0xb7, 0x6b, 0x11, 0xf7, 0x89, 0xa3, 0x65, 0xa3, 0x42, 0xce, + 0x59, 0x01, 0x75}, {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -10120,7 +10485,7 @@ const RsaDecryptTestVector kRsa4096DecryptWycheproofVectors[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, priv_key_90, - false}, + true}, // Comment: edge case for montgomery reduction with special primes // tcID: 58 |