PolarSSL v1.2.5
test_suite_pkcs1_v21.c
Go to the documentation of this file.
1 #include "fct.h"
2 
3 #include <polarssl/rsa.h>
4 #include <polarssl/md.h>
5 #include <polarssl/md2.h>
6 #include <polarssl/md4.h>
7 #include <polarssl/md5.h>
8 #include <polarssl/sha1.h>
9 #include <polarssl/sha2.h>
10 #include <polarssl/sha4.h>
11 
12 #include <polarssl/config.h>
13 
14 #ifdef _MSC_VER
15 #include <basetsd.h>
16 typedef UINT32 uint32_t;
17 #else
18 #include <inttypes.h>
19 #endif
20 
21 /*
22  * 32-bit integer manipulation macros (big endian)
23  */
24 #ifndef GET_UINT32_BE
25 #define GET_UINT32_BE(n,b,i) \
26 { \
27  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
28  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
29  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
30  | ( (uint32_t) (b)[(i) + 3] ); \
31 }
32 #endif
33 
34 #ifndef PUT_UINT32_BE
35 #define PUT_UINT32_BE(n,b,i) \
36 { \
37  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
38  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
39  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
40  (b)[(i) + 3] = (unsigned char) ( (n) ); \
41 }
42 #endif
43 
44 int unhexify(unsigned char *obuf, const char *ibuf)
45 {
46  unsigned char c, c2;
47  int len = strlen(ibuf) / 2;
48  assert(!(strlen(ibuf) %1)); // must be even number of bytes
49 
50  while (*ibuf != 0)
51  {
52  c = *ibuf++;
53  if( c >= '0' && c <= '9' )
54  c -= '0';
55  else if( c >= 'a' && c <= 'f' )
56  c -= 'a' - 10;
57  else if( c >= 'A' && c <= 'F' )
58  c -= 'A' - 10;
59  else
60  assert( 0 );
61 
62  c2 = *ibuf++;
63  if( c2 >= '0' && c2 <= '9' )
64  c2 -= '0';
65  else if( c2 >= 'a' && c2 <= 'f' )
66  c2 -= 'a' - 10;
67  else if( c2 >= 'A' && c2 <= 'F' )
68  c2 -= 'A' - 10;
69  else
70  assert( 0 );
71 
72  *obuf++ = ( c << 4 ) | c2;
73  }
74 
75  return len;
76 }
77 
78 void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
79 {
80  unsigned char l, h;
81 
82  while (len != 0)
83  {
84  h = (*ibuf) / 16;
85  l = (*ibuf) % 16;
86 
87  if( h < 10 )
88  *obuf++ = '0' + h;
89  else
90  *obuf++ = 'a' + h - 10;
91 
92  if( l < 10 )
93  *obuf++ = '0' + l;
94  else
95  *obuf++ = 'a' + l - 10;
96 
97  ++ibuf;
98  len--;
99  }
100 }
101 
111 static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
112 {
113  size_t i;
114 
115  if( rng_state != NULL )
116  rng_state = NULL;
117 
118  for( i = 0; i < len; ++i )
119  output[i] = rand();
120 
121  return( 0 );
122 }
123 
129 static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
130 {
131  if( rng_state != NULL )
132  rng_state = NULL;
133 
134  memset( output, 0, len );
135 
136  return( 0 );
137 }
138 
139 typedef struct
140 {
141  unsigned char *buf;
142  size_t length;
143 } rnd_buf_info;
144 
156 static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
157 {
158  rnd_buf_info *info = (rnd_buf_info *) rng_state;
159  size_t use_len;
160 
161  if( rng_state == NULL )
162  return( rnd_std_rand( NULL, output, len ) );
163 
164  use_len = len;
165  if( len > info->length )
166  use_len = info->length;
167 
168  if( use_len )
169  {
170  memcpy( output, info->buf, use_len );
171  info->buf += use_len;
172  info->length -= use_len;
173  }
174 
175  if( len - use_len > 0 )
176  return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
177 
178  return( 0 );
179 }
180 
188 typedef struct
189 {
190  uint32_t key[16];
191  uint32_t v0, v1;
193 
202 static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
203 {
204  rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
205  uint32_t i, *k, sum, delta=0x9E3779B9;
206  unsigned char result[4];
207 
208  if( rng_state == NULL )
209  return( rnd_std_rand( NULL, output, len ) );
210 
211  k = info->key;
212 
213  while( len > 0 )
214  {
215  size_t use_len = ( len > 4 ) ? 4 : len;
216  sum = 0;
217 
218  for( i = 0; i < 32; i++ )
219  {
220  info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
221  sum += delta;
222  info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
223  }
224 
225  PUT_UINT32_BE( info->v0, result, 0 );
226  memcpy( output, result, use_len );
227  len -= use_len;
228  }
229 
230  return( 0 );
231 }
232 
233 
235 {
236 #ifdef POLARSSL_PKCS1_V21
237 #ifdef POLARSSL_RSA_C
238 #ifdef POLARSSL_BIGNUM_C
239 #ifdef POLARSSL_SHA1_C
240 #ifdef POLARSSL_GENPRIME
241 
242 
243  FCT_SUITE_BGN(test_suite_pkcs1_v21)
244  {
245 
246  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_int)
247  {
248  unsigned char message_str[1000];
249  unsigned char output[1000];
250  unsigned char output_str[1000];
251  unsigned char rnd_buf[1000];
252  rsa_context ctx;
253  size_t msg_len;
254  rnd_buf_info info;
255 
256  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
257  info.buf = rnd_buf;
258 
260  memset( message_str, 0x00, 1000 );
261  memset( output, 0x00, 1000 );
262  memset( output_str, 0x00, 1000 );
263 
264  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
265  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
266  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
267 
268  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
269 
270  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49" );
271 
272  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
273  if( 0 == 0 )
274  {
275  hexify( output_str, output, ctx.len );
276 
277  fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
278  }
279 
280  rsa_free( &ctx );
281  }
282  FCT_TEST_END();
283 
284 
285  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_data_just_fits)
286  {
287  unsigned char message_str[1000];
288  unsigned char output[1000];
289  unsigned char output_str[1000];
290  unsigned char rnd_buf[1000];
291  rsa_context ctx;
292  size_t msg_len;
293  rnd_buf_info info;
294 
295  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
296  info.buf = rnd_buf;
297 
299  memset( message_str, 0x00, 1000 );
300  memset( output, 0x00, 1000 );
301  memset( output_str, 0x00, 1000 );
302 
303  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
304  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
305  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
306 
307  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
308 
309  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd" );
310 
311  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
312  if( 0 == 0 )
313  {
314  hexify( output_str, output, ctx.len );
315 
316  fct_chk( strcasecmp( (char *) output_str, "3082f2288fff275213d53168f0a272573cff81837c249dc1f380a12ac124c8f217b700708a1ce7dce154265f31a126ebdd9ed3ef9145ae29124a25f4e65aa52c5a9ff34f6cf4de9ba937ae406dc7d1f277af4f6fb7ea73bfbab2bd397b6b2c53570e173ffcf3b9f0bb96837623a4f87bd81b41446c59e681a2f3da81239e9bdf" ) == 0 );
317  }
318 
319  rsa_free( &ctx );
320  }
321  FCT_TEST_END();
322 
323 
324  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_data_too_long)
325  {
326  unsigned char message_str[1000];
327  unsigned char output[1000];
328  unsigned char output_str[1000];
329  unsigned char rnd_buf[1000];
330  rsa_context ctx;
331  size_t msg_len;
332  rnd_buf_info info;
333 
334  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
335  info.buf = rnd_buf;
336 
338  memset( message_str, 0x00, 1000 );
339  memset( output, 0x00, 1000 );
340  memset( output_str, 0x00, 1000 );
341 
342  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
343  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
344  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
345 
346  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
347 
348  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00" );
349 
350  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == POLARSSL_ERR_RSA_BAD_INPUT_DATA );
352  {
353  hexify( output_str, output, ctx.len );
354 
355  fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
356  }
357 
358  rsa_free( &ctx );
359  }
360  FCT_TEST_END();
361 
362 
363  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_1)
364  {
365  unsigned char message_str[1000];
366  unsigned char output[1000];
367  unsigned char output_str[1000];
368  unsigned char rnd_buf[1000];
369  rsa_context ctx;
370  size_t msg_len;
371  rnd_buf_info info;
372 
373  info.length = unhexify( rnd_buf, "18b776ea21069d69776a33e96bad48e1dda0a5ef" );
374  info.buf = rnd_buf;
375 
377  memset( message_str, 0x00, 1000 );
378  memset( output, 0x00, 1000 );
379  memset( output_str, 0x00, 1000 );
380 
381  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
382  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
383  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
384 
385  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
386 
387  msg_len = unhexify( message_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" );
388 
389  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
390  if( 0 == 0 )
391  {
392  hexify( output_str, output, ctx.len );
393 
394  fct_chk( strcasecmp( (char *) output_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" ) == 0 );
395  }
396 
397  rsa_free( &ctx );
398  }
399  FCT_TEST_END();
400 
401 
402  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_2)
403  {
404  unsigned char message_str[1000];
405  unsigned char output[1000];
406  unsigned char output_str[1000];
407  unsigned char rnd_buf[1000];
408  rsa_context ctx;
409  size_t msg_len;
410  rnd_buf_info info;
411 
412  info.length = unhexify( rnd_buf, "0cc742ce4a9b7f32f951bcb251efd925fe4fe35f" );
413  info.buf = rnd_buf;
414 
416  memset( message_str, 0x00, 1000 );
417  memset( output, 0x00, 1000 );
418  memset( output_str, 0x00, 1000 );
419 
420  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
421  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
422  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
423 
424  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
425 
426  msg_len = unhexify( message_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" );
427 
428  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
429  if( 0 == 0 )
430  {
431  hexify( output_str, output, ctx.len );
432 
433  fct_chk( strcasecmp( (char *) output_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" ) == 0 );
434  }
435 
436  rsa_free( &ctx );
437  }
438  FCT_TEST_END();
439 
440 
441  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_3)
442  {
443  unsigned char message_str[1000];
444  unsigned char output[1000];
445  unsigned char output_str[1000];
446  unsigned char rnd_buf[1000];
447  rsa_context ctx;
448  size_t msg_len;
449  rnd_buf_info info;
450 
451  info.length = unhexify( rnd_buf, "2514df4695755a67b288eaf4905c36eec66fd2fd" );
452  info.buf = rnd_buf;
453 
455  memset( message_str, 0x00, 1000 );
456  memset( output, 0x00, 1000 );
457  memset( output_str, 0x00, 1000 );
458 
459  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
460  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
461  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
462 
463  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
464 
465  msg_len = unhexify( message_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" );
466 
467  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
468  if( 0 == 0 )
469  {
470  hexify( output_str, output, ctx.len );
471 
472  fct_chk( strcasecmp( (char *) output_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" ) == 0 );
473  }
474 
475  rsa_free( &ctx );
476  }
477  FCT_TEST_END();
478 
479 
480  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_4)
481  {
482  unsigned char message_str[1000];
483  unsigned char output[1000];
484  unsigned char output_str[1000];
485  unsigned char rnd_buf[1000];
486  rsa_context ctx;
487  size_t msg_len;
488  rnd_buf_info info;
489 
490  info.length = unhexify( rnd_buf, "c4435a3e1a18a68b6820436290a37cefb85db3fb" );
491  info.buf = rnd_buf;
492 
494  memset( message_str, 0x00, 1000 );
495  memset( output, 0x00, 1000 );
496  memset( output_str, 0x00, 1000 );
497 
498  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
499  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
500  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
501 
502  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
503 
504  msg_len = unhexify( message_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" );
505 
506  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
507  if( 0 == 0 )
508  {
509  hexify( output_str, output, ctx.len );
510 
511  fct_chk( strcasecmp( (char *) output_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" ) == 0 );
512  }
513 
514  rsa_free( &ctx );
515  }
516  FCT_TEST_END();
517 
518 
519  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_5)
520  {
521  unsigned char message_str[1000];
522  unsigned char output[1000];
523  unsigned char output_str[1000];
524  unsigned char rnd_buf[1000];
525  rsa_context ctx;
526  size_t msg_len;
527  rnd_buf_info info;
528 
529  info.length = unhexify( rnd_buf, "b318c42df3be0f83fea823f5a7b47ed5e425a3b5" );
530  info.buf = rnd_buf;
531 
533  memset( message_str, 0x00, 1000 );
534  memset( output, 0x00, 1000 );
535  memset( output_str, 0x00, 1000 );
536 
537  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
538  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
539  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
540 
541  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
542 
543  msg_len = unhexify( message_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802" );
544 
545  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
546  if( 0 == 0 )
547  {
548  hexify( output_str, output, ctx.len );
549 
550  fct_chk( strcasecmp( (char *) output_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" ) == 0 );
551  }
552 
553  rsa_free( &ctx );
554  }
555  FCT_TEST_END();
556 
557 
558  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_6)
559  {
560  unsigned char message_str[1000];
561  unsigned char output[1000];
562  unsigned char output_str[1000];
563  unsigned char rnd_buf[1000];
564  rsa_context ctx;
565  size_t msg_len;
566  rnd_buf_info info;
567 
568  info.length = unhexify( rnd_buf, "e4ec0982c2336f3a677f6a356174eb0ce887abc2" );
569  info.buf = rnd_buf;
570 
572  memset( message_str, 0x00, 1000 );
573  memset( output, 0x00, 1000 );
574  memset( output_str, 0x00, 1000 );
575 
576  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
577  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
578  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
579 
580  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
581 
582  msg_len = unhexify( message_str, "26521050844271" );
583 
584  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
585  if( 0 == 0 )
586  {
587  hexify( output_str, output, ctx.len );
588 
589  fct_chk( strcasecmp( (char *) output_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" ) == 0 );
590  }
591 
592  rsa_free( &ctx );
593  }
594  FCT_TEST_END();
595 
596 
597  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_1)
598  {
599  unsigned char message_str[1000];
600  unsigned char output[1000];
601  unsigned char output_str[1000];
602  unsigned char rnd_buf[1000];
603  rsa_context ctx;
604  size_t msg_len;
605  rnd_buf_info info;
606 
607  info.length = unhexify( rnd_buf, "8c407b5ec2899e5099c53e8ce793bf94e71b1782" );
608  info.buf = rnd_buf;
609 
611  memset( message_str, 0x00, 1000 );
612  memset( output, 0x00, 1000 );
613  memset( output_str, 0x00, 1000 );
614 
615  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
616  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
617  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
618 
619  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
620 
621  msg_len = unhexify( message_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" );
622 
623  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
624  if( 0 == 0 )
625  {
626  hexify( output_str, output, ctx.len );
627 
628  fct_chk( strcasecmp( (char *) output_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" ) == 0 );
629  }
630 
631  rsa_free( &ctx );
632  }
633  FCT_TEST_END();
634 
635 
636  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_2)
637  {
638  unsigned char message_str[1000];
639  unsigned char output[1000];
640  unsigned char output_str[1000];
641  unsigned char rnd_buf[1000];
642  rsa_context ctx;
643  size_t msg_len;
644  rnd_buf_info info;
645 
646  info.length = unhexify( rnd_buf, "b600cf3c2e506d7f16778c910d3a8b003eee61d5" );
647  info.buf = rnd_buf;
648 
650  memset( message_str, 0x00, 1000 );
651  memset( output, 0x00, 1000 );
652  memset( output_str, 0x00, 1000 );
653 
654  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
655  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
656  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
657 
658  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
659 
660  msg_len = unhexify( message_str, "2d" );
661 
662  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
663  if( 0 == 0 )
664  {
665  hexify( output_str, output, ctx.len );
666 
667  fct_chk( strcasecmp( (char *) output_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" ) == 0 );
668  }
669 
670  rsa_free( &ctx );
671  }
672  FCT_TEST_END();
673 
674 
675  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_3)
676  {
677  unsigned char message_str[1000];
678  unsigned char output[1000];
679  unsigned char output_str[1000];
680  unsigned char rnd_buf[1000];
681  rsa_context ctx;
682  size_t msg_len;
683  rnd_buf_info info;
684 
685  info.length = unhexify( rnd_buf, "a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3" );
686  info.buf = rnd_buf;
687 
689  memset( message_str, 0x00, 1000 );
690  memset( output, 0x00, 1000 );
691  memset( output_str, 0x00, 1000 );
692 
693  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
694  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
695  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
696 
697  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
698 
699  msg_len = unhexify( message_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" );
700 
701  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
702  if( 0 == 0 )
703  {
704  hexify( output_str, output, ctx.len );
705 
706  fct_chk( strcasecmp( (char *) output_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" ) == 0 );
707  }
708 
709  rsa_free( &ctx );
710  }
711  FCT_TEST_END();
712 
713 
714  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_4)
715  {
716  unsigned char message_str[1000];
717  unsigned char output[1000];
718  unsigned char output_str[1000];
719  unsigned char rnd_buf[1000];
720  rsa_context ctx;
721  size_t msg_len;
722  rnd_buf_info info;
723 
724  info.length = unhexify( rnd_buf, "9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156" );
725  info.buf = rnd_buf;
726 
728  memset( message_str, 0x00, 1000 );
729  memset( output, 0x00, 1000 );
730  memset( output_str, 0x00, 1000 );
731 
732  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
733  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
734  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
735 
736  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
737 
738  msg_len = unhexify( message_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" );
739 
740  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
741  if( 0 == 0 )
742  {
743  hexify( output_str, output, ctx.len );
744 
745  fct_chk( strcasecmp( (char *) output_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" ) == 0 );
746  }
747 
748  rsa_free( &ctx );
749  }
750  FCT_TEST_END();
751 
752 
753  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_5)
754  {
755  unsigned char message_str[1000];
756  unsigned char output[1000];
757  unsigned char output_str[1000];
758  unsigned char rnd_buf[1000];
759  rsa_context ctx;
760  size_t msg_len;
761  rnd_buf_info info;
762 
763  info.length = unhexify( rnd_buf, "eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3" );
764  info.buf = rnd_buf;
765 
767  memset( message_str, 0x00, 1000 );
768  memset( output, 0x00, 1000 );
769  memset( output_str, 0x00, 1000 );
770 
771  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
772  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
773  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
774 
775  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
776 
777  msg_len = unhexify( message_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" );
778 
779  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
780  if( 0 == 0 )
781  {
782  hexify( output_str, output, ctx.len );
783 
784  fct_chk( strcasecmp( (char *) output_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" ) == 0 );
785  }
786 
787  rsa_free( &ctx );
788  }
789  FCT_TEST_END();
790 
791 
792  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_6)
793  {
794  unsigned char message_str[1000];
795  unsigned char output[1000];
796  unsigned char output_str[1000];
797  unsigned char rnd_buf[1000];
798  rsa_context ctx;
799  size_t msg_len;
800  rnd_buf_info info;
801 
802  info.length = unhexify( rnd_buf, "4c45cf4d57c98e3d6d2095adc51c489eb50dff84" );
803  info.buf = rnd_buf;
804 
806  memset( message_str, 0x00, 1000 );
807  memset( output, 0x00, 1000 );
808  memset( output_str, 0x00, 1000 );
809 
810  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
811  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
812  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
813 
814  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
815 
816  msg_len = unhexify( message_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" );
817 
818  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
819  if( 0 == 0 )
820  {
821  hexify( output_str, output, ctx.len );
822 
823  fct_chk( strcasecmp( (char *) output_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" ) == 0 );
824  }
825 
826  rsa_free( &ctx );
827  }
828  FCT_TEST_END();
829 
830 
831  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_1)
832  {
833  unsigned char message_str[1000];
834  unsigned char output[1000];
835  unsigned char output_str[1000];
836  unsigned char rnd_buf[1000];
837  rsa_context ctx;
838  size_t msg_len;
839  rnd_buf_info info;
840 
841  info.length = unhexify( rnd_buf, "8ced6b196290805790e909074015e6a20b0c4894" );
842  info.buf = rnd_buf;
843 
845  memset( message_str, 0x00, 1000 );
846  memset( output, 0x00, 1000 );
847  memset( output_str, 0x00, 1000 );
848 
849  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
850  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
851  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
852 
853  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
854 
855  msg_len = unhexify( message_str, "087820b569e8fa8d" );
856 
857  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
858  if( 0 == 0 )
859  {
860  hexify( output_str, output, ctx.len );
861 
862  fct_chk( strcasecmp( (char *) output_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" ) == 0 );
863  }
864 
865  rsa_free( &ctx );
866  }
867  FCT_TEST_END();
868 
869 
870  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_2)
871  {
872  unsigned char message_str[1000];
873  unsigned char output[1000];
874  unsigned char output_str[1000];
875  unsigned char rnd_buf[1000];
876  rsa_context ctx;
877  size_t msg_len;
878  rnd_buf_info info;
879 
880  info.length = unhexify( rnd_buf, "b4291d6567550848cc156967c809baab6ca507f0" );
881  info.buf = rnd_buf;
882 
884  memset( message_str, 0x00, 1000 );
885  memset( output, 0x00, 1000 );
886  memset( output_str, 0x00, 1000 );
887 
888  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
889  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
890  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
891 
892  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
893 
894  msg_len = unhexify( message_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" );
895 
896  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
897  if( 0 == 0 )
898  {
899  hexify( output_str, output, ctx.len );
900 
901  fct_chk( strcasecmp( (char *) output_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" ) == 0 );
902  }
903 
904  rsa_free( &ctx );
905  }
906  FCT_TEST_END();
907 
908 
909  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_3)
910  {
911  unsigned char message_str[1000];
912  unsigned char output[1000];
913  unsigned char output_str[1000];
914  unsigned char rnd_buf[1000];
915  rsa_context ctx;
916  size_t msg_len;
917  rnd_buf_info info;
918 
919  info.length = unhexify( rnd_buf, "ce8928f6059558254008badd9794fadcd2fd1f65" );
920  info.buf = rnd_buf;
921 
923  memset( message_str, 0x00, 1000 );
924  memset( output, 0x00, 1000 );
925  memset( output_str, 0x00, 1000 );
926 
927  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
928  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
929  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
930 
931  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
932 
933  msg_len = unhexify( message_str, "d94cd0e08fa404ed89" );
934 
935  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
936  if( 0 == 0 )
937  {
938  hexify( output_str, output, ctx.len );
939 
940  fct_chk( strcasecmp( (char *) output_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" ) == 0 );
941  }
942 
943  rsa_free( &ctx );
944  }
945  FCT_TEST_END();
946 
947 
948  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_4)
949  {
950  unsigned char message_str[1000];
951  unsigned char output[1000];
952  unsigned char output_str[1000];
953  unsigned char rnd_buf[1000];
954  rsa_context ctx;
955  size_t msg_len;
956  rnd_buf_info info;
957 
958  info.length = unhexify( rnd_buf, "6e2979f52d6814a57d83b090054888f119a5b9a3" );
959  info.buf = rnd_buf;
960 
962  memset( message_str, 0x00, 1000 );
963  memset( output, 0x00, 1000 );
964  memset( output_str, 0x00, 1000 );
965 
966  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
967  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
968  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
969 
970  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
971 
972  msg_len = unhexify( message_str, "6cc641b6b61e6f963974dad23a9013284ef1" );
973 
974  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
975  if( 0 == 0 )
976  {
977  hexify( output_str, output, ctx.len );
978 
979  fct_chk( strcasecmp( (char *) output_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" ) == 0 );
980  }
981 
982  rsa_free( &ctx );
983  }
984  FCT_TEST_END();
985 
986 
987  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_5)
988  {
989  unsigned char message_str[1000];
990  unsigned char output[1000];
991  unsigned char output_str[1000];
992  unsigned char rnd_buf[1000];
993  rsa_context ctx;
994  size_t msg_len;
995  rnd_buf_info info;
996 
997  info.length = unhexify( rnd_buf, "2d760bfe38c59de34cdc8b8c78a38e66284a2d27" );
998  info.buf = rnd_buf;
999 
1001  memset( message_str, 0x00, 1000 );
1002  memset( output, 0x00, 1000 );
1003  memset( output_str, 0x00, 1000 );
1004 
1005  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
1006  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
1007  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1008 
1009  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1010 
1011  msg_len = unhexify( message_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" );
1012 
1013  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1014  if( 0 == 0 )
1015  {
1016  hexify( output_str, output, ctx.len );
1017 
1018  fct_chk( strcasecmp( (char *) output_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" ) == 0 );
1019  }
1020 
1021  rsa_free( &ctx );
1022  }
1023  FCT_TEST_END();
1024 
1025 
1026  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_6)
1027  {
1028  unsigned char message_str[1000];
1029  unsigned char output[1000];
1030  unsigned char output_str[1000];
1031  unsigned char rnd_buf[1000];
1032  rsa_context ctx;
1033  size_t msg_len;
1034  rnd_buf_info info;
1035 
1036  info.length = unhexify( rnd_buf, "f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e" );
1037  info.buf = rnd_buf;
1038 
1040  memset( message_str, 0x00, 1000 );
1041  memset( output, 0x00, 1000 );
1042  memset( output_str, 0x00, 1000 );
1043 
1044  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
1045  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
1046  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1047 
1048  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1049 
1050  msg_len = unhexify( message_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" );
1051 
1052  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1053  if( 0 == 0 )
1054  {
1055  hexify( output_str, output, ctx.len );
1056 
1057  fct_chk( strcasecmp( (char *) output_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" ) == 0 );
1058  }
1059 
1060  rsa_free( &ctx );
1061  }
1062  FCT_TEST_END();
1063 
1064 
1065  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_1)
1066  {
1067  unsigned char message_str[1000];
1068  unsigned char output[1000];
1069  unsigned char output_str[1000];
1070  unsigned char rnd_buf[1000];
1071  rsa_context ctx;
1072  size_t msg_len;
1073  rnd_buf_info info;
1074 
1075  info.length = unhexify( rnd_buf, "1cac19ce993def55f98203f6852896c95ccca1f3" );
1076  info.buf = rnd_buf;
1077 
1079  memset( message_str, 0x00, 1000 );
1080  memset( output, 0x00, 1000 );
1081  memset( output_str, 0x00, 1000 );
1082 
1083  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1084  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1085  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1086 
1087  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1088 
1089  msg_len = unhexify( message_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" );
1090 
1091  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1092  if( 0 == 0 )
1093  {
1094  hexify( output_str, output, ctx.len );
1095 
1096  fct_chk( strcasecmp( (char *) output_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" ) == 0 );
1097  }
1098 
1099  rsa_free( &ctx );
1100  }
1101  FCT_TEST_END();
1102 
1103 
1104  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_2)
1105  {
1106  unsigned char message_str[1000];
1107  unsigned char output[1000];
1108  unsigned char output_str[1000];
1109  unsigned char rnd_buf[1000];
1110  rsa_context ctx;
1111  size_t msg_len;
1112  rnd_buf_info info;
1113 
1114  info.length = unhexify( rnd_buf, "f545d5897585e3db71aa0cb8da76c51d032ae963" );
1115  info.buf = rnd_buf;
1116 
1118  memset( message_str, 0x00, 1000 );
1119  memset( output, 0x00, 1000 );
1120  memset( output_str, 0x00, 1000 );
1121 
1122  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1123  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1124  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1125 
1126  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1127 
1128  msg_len = unhexify( message_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" );
1129 
1130  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1131  if( 0 == 0 )
1132  {
1133  hexify( output_str, output, ctx.len );
1134 
1135  fct_chk( strcasecmp( (char *) output_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" ) == 0 );
1136  }
1137 
1138  rsa_free( &ctx );
1139  }
1140  FCT_TEST_END();
1141 
1142 
1143  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_3)
1144  {
1145  unsigned char message_str[1000];
1146  unsigned char output[1000];
1147  unsigned char output_str[1000];
1148  unsigned char rnd_buf[1000];
1149  rsa_context ctx;
1150  size_t msg_len;
1151  rnd_buf_info info;
1152 
1153  info.length = unhexify( rnd_buf, "ad997feef730d6ea7be60d0dc52e72eacbfdd275" );
1154  info.buf = rnd_buf;
1155 
1157  memset( message_str, 0x00, 1000 );
1158  memset( output, 0x00, 1000 );
1159  memset( output_str, 0x00, 1000 );
1160 
1161  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1162  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1163  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1164 
1165  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1166 
1167  msg_len = unhexify( message_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" );
1168 
1169  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1170  if( 0 == 0 )
1171  {
1172  hexify( output_str, output, ctx.len );
1173 
1174  fct_chk( strcasecmp( (char *) output_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" ) == 0 );
1175  }
1176 
1177  rsa_free( &ctx );
1178  }
1179  FCT_TEST_END();
1180 
1181 
1182  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_4)
1183  {
1184  unsigned char message_str[1000];
1185  unsigned char output[1000];
1186  unsigned char output_str[1000];
1187  unsigned char rnd_buf[1000];
1188  rsa_context ctx;
1189  size_t msg_len;
1190  rnd_buf_info info;
1191 
1192  info.length = unhexify( rnd_buf, "136454df5730f73c807a7e40d8c1a312ac5b9dd3" );
1193  info.buf = rnd_buf;
1194 
1196  memset( message_str, 0x00, 1000 );
1197  memset( output, 0x00, 1000 );
1198  memset( output_str, 0x00, 1000 );
1199 
1200  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1201  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1202  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1203 
1204  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1205 
1206  msg_len = unhexify( message_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" );
1207 
1208  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1209  if( 0 == 0 )
1210  {
1211  hexify( output_str, output, ctx.len );
1212 
1213  fct_chk( strcasecmp( (char *) output_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" ) == 0 );
1214  }
1215 
1216  rsa_free( &ctx );
1217  }
1218  FCT_TEST_END();
1219 
1220 
1221  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_5)
1222  {
1223  unsigned char message_str[1000];
1224  unsigned char output[1000];
1225  unsigned char output_str[1000];
1226  unsigned char rnd_buf[1000];
1227  rsa_context ctx;
1228  size_t msg_len;
1229  rnd_buf_info info;
1230 
1231  info.length = unhexify( rnd_buf, "bca8057f824b2ea257f2861407eef63d33208681" );
1232  info.buf = rnd_buf;
1233 
1235  memset( message_str, 0x00, 1000 );
1236  memset( output, 0x00, 1000 );
1237  memset( output_str, 0x00, 1000 );
1238 
1239  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1240  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1241  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1242 
1243  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1244 
1245  msg_len = unhexify( message_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" );
1246 
1247  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1248  if( 0 == 0 )
1249  {
1250  hexify( output_str, output, ctx.len );
1251 
1252  fct_chk( strcasecmp( (char *) output_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" ) == 0 );
1253  }
1254 
1255  rsa_free( &ctx );
1256  }
1257  FCT_TEST_END();
1258 
1259 
1260  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_6)
1261  {
1262  unsigned char message_str[1000];
1263  unsigned char output[1000];
1264  unsigned char output_str[1000];
1265  unsigned char rnd_buf[1000];
1266  rsa_context ctx;
1267  size_t msg_len;
1268  rnd_buf_info info;
1269 
1270  info.length = unhexify( rnd_buf, "2e7e1e17f647b5ddd033e15472f90f6812f3ac4e" );
1271  info.buf = rnd_buf;
1272 
1274  memset( message_str, 0x00, 1000 );
1275  memset( output, 0x00, 1000 );
1276  memset( output_str, 0x00, 1000 );
1277 
1278  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1279  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1280  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1281 
1282  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1283 
1284  msg_len = unhexify( message_str, "f22242751ec6b1" );
1285 
1286  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1287  if( 0 == 0 )
1288  {
1289  hexify( output_str, output, ctx.len );
1290 
1291  fct_chk( strcasecmp( (char *) output_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" ) == 0 );
1292  }
1293 
1294  rsa_free( &ctx );
1295  }
1296  FCT_TEST_END();
1297 
1298 
1299  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_1)
1300  {
1301  unsigned char message_str[1000];
1302  unsigned char output[1000];
1303  unsigned char output_str[1000];
1304  unsigned char rnd_buf[1000];
1305  rsa_context ctx;
1306  size_t msg_len;
1307  rnd_buf_info info;
1308 
1309  info.length = unhexify( rnd_buf, "44c92e283f77b9499c603d963660c87d2f939461" );
1310  info.buf = rnd_buf;
1311 
1313  memset( message_str, 0x00, 1000 );
1314  memset( output, 0x00, 1000 );
1315  memset( output_str, 0x00, 1000 );
1316 
1317  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1318  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1319  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1320 
1321  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1322 
1323  msg_len = unhexify( message_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" );
1324 
1325  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1326  if( 0 == 0 )
1327  {
1328  hexify( output_str, output, ctx.len );
1329 
1330  fct_chk( strcasecmp( (char *) output_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" ) == 0 );
1331  }
1332 
1333  rsa_free( &ctx );
1334  }
1335  FCT_TEST_END();
1336 
1337 
1338  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_2)
1339  {
1340  unsigned char message_str[1000];
1341  unsigned char output[1000];
1342  unsigned char output_str[1000];
1343  unsigned char rnd_buf[1000];
1344  rsa_context ctx;
1345  size_t msg_len;
1346  rnd_buf_info info;
1347 
1348  info.length = unhexify( rnd_buf, "cb28f5860659fceee49c3eeafce625a70803bd32" );
1349  info.buf = rnd_buf;
1350 
1352  memset( message_str, 0x00, 1000 );
1353  memset( output, 0x00, 1000 );
1354  memset( output_str, 0x00, 1000 );
1355 
1356  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1357  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1358  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1359 
1360  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1361 
1362  msg_len = unhexify( message_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" );
1363 
1364  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1365  if( 0 == 0 )
1366  {
1367  hexify( output_str, output, ctx.len );
1368 
1369  fct_chk( strcasecmp( (char *) output_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" ) == 0 );
1370  }
1371 
1372  rsa_free( &ctx );
1373  }
1374  FCT_TEST_END();
1375 
1376 
1377  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_3)
1378  {
1379  unsigned char message_str[1000];
1380  unsigned char output[1000];
1381  unsigned char output_str[1000];
1382  unsigned char rnd_buf[1000];
1383  rsa_context ctx;
1384  size_t msg_len;
1385  rnd_buf_info info;
1386 
1387  info.length = unhexify( rnd_buf, "2285f40d770482f9a9efa2c72cb3ac55716dc0ca" );
1388  info.buf = rnd_buf;
1389 
1391  memset( message_str, 0x00, 1000 );
1392  memset( output, 0x00, 1000 );
1393  memset( output_str, 0x00, 1000 );
1394 
1395  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1396  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1397  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1398 
1399  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1400 
1401  msg_len = unhexify( message_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" );
1402 
1403  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1404  if( 0 == 0 )
1405  {
1406  hexify( output_str, output, ctx.len );
1407 
1408  fct_chk( strcasecmp( (char *) output_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" ) == 0 );
1409  }
1410 
1411  rsa_free( &ctx );
1412  }
1413  FCT_TEST_END();
1414 
1415 
1416  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_4)
1417  {
1418  unsigned char message_str[1000];
1419  unsigned char output[1000];
1420  unsigned char output_str[1000];
1421  unsigned char rnd_buf[1000];
1422  rsa_context ctx;
1423  size_t msg_len;
1424  rnd_buf_info info;
1425 
1426  info.length = unhexify( rnd_buf, "49fa45d3a78dd10dfd577399d1eb00af7eed5513" );
1427  info.buf = rnd_buf;
1428 
1430  memset( message_str, 0x00, 1000 );
1431  memset( output, 0x00, 1000 );
1432  memset( output_str, 0x00, 1000 );
1433 
1434  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1435  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1436  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1437 
1438  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1439 
1440  msg_len = unhexify( message_str, "15c5b9ee1185" );
1441 
1442  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1443  if( 0 == 0 )
1444  {
1445  hexify( output_str, output, ctx.len );
1446 
1447  fct_chk( strcasecmp( (char *) output_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" ) == 0 );
1448  }
1449 
1450  rsa_free( &ctx );
1451  }
1452  FCT_TEST_END();
1453 
1454 
1455  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_5)
1456  {
1457  unsigned char message_str[1000];
1458  unsigned char output[1000];
1459  unsigned char output_str[1000];
1460  unsigned char rnd_buf[1000];
1461  rsa_context ctx;
1462  size_t msg_len;
1463  rnd_buf_info info;
1464 
1465  info.length = unhexify( rnd_buf, "f0287413234cc5034724a094c4586b87aff133fc" );
1466  info.buf = rnd_buf;
1467 
1469  memset( message_str, 0x00, 1000 );
1470  memset( output, 0x00, 1000 );
1471  memset( output_str, 0x00, 1000 );
1472 
1473  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1474  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1475  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1476 
1477  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1478 
1479  msg_len = unhexify( message_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" );
1480 
1481  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1482  if( 0 == 0 )
1483  {
1484  hexify( output_str, output, ctx.len );
1485 
1486  fct_chk( strcasecmp( (char *) output_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" ) == 0 );
1487  }
1488 
1489  rsa_free( &ctx );
1490  }
1491  FCT_TEST_END();
1492 
1493 
1494  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_6)
1495  {
1496  unsigned char message_str[1000];
1497  unsigned char output[1000];
1498  unsigned char output_str[1000];
1499  unsigned char rnd_buf[1000];
1500  rsa_context ctx;
1501  size_t msg_len;
1502  rnd_buf_info info;
1503 
1504  info.length = unhexify( rnd_buf, "d9fba45c96f21e6e26d29eb2cdcb6585be9cb341" );
1505  info.buf = rnd_buf;
1506 
1508  memset( message_str, 0x00, 1000 );
1509  memset( output, 0x00, 1000 );
1510  memset( output_str, 0x00, 1000 );
1511 
1512  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1513  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1514  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1515 
1516  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1517 
1518  msg_len = unhexify( message_str, "541e37b68b6c8872b84c02" );
1519 
1520  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1521  if( 0 == 0 )
1522  {
1523  hexify( output_str, output, ctx.len );
1524 
1525  fct_chk( strcasecmp( (char *) output_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" ) == 0 );
1526  }
1527 
1528  rsa_free( &ctx );
1529  }
1530  FCT_TEST_END();
1531 
1532 
1533  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_1)
1534  {
1535  unsigned char message_str[1000];
1536  unsigned char output[1000];
1537  unsigned char output_str[1000];
1538  unsigned char rnd_buf[1000];
1539  rsa_context ctx;
1540  size_t msg_len;
1541  rnd_buf_info info;
1542 
1543  info.length = unhexify( rnd_buf, "dd0f6cfe415e88e5a469a51fbba6dfd40adb4384" );
1544  info.buf = rnd_buf;
1545 
1547  memset( message_str, 0x00, 1000 );
1548  memset( output, 0x00, 1000 );
1549  memset( output_str, 0x00, 1000 );
1550 
1551  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1552  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1553  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1554 
1555  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1556 
1557  msg_len = unhexify( message_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" );
1558 
1559  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1560  if( 0 == 0 )
1561  {
1562  hexify( output_str, output, ctx.len );
1563 
1564  fct_chk( strcasecmp( (char *) output_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" ) == 0 );
1565  }
1566 
1567  rsa_free( &ctx );
1568  }
1569  FCT_TEST_END();
1570 
1571 
1572  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_2)
1573  {
1574  unsigned char message_str[1000];
1575  unsigned char output[1000];
1576  unsigned char output_str[1000];
1577  unsigned char rnd_buf[1000];
1578  rsa_context ctx;
1579  size_t msg_len;
1580  rnd_buf_info info;
1581 
1582  info.length = unhexify( rnd_buf, "8d14bd946a1351148f5cae2ed9a0c653e85ebd85" );
1583  info.buf = rnd_buf;
1584 
1586  memset( message_str, 0x00, 1000 );
1587  memset( output, 0x00, 1000 );
1588  memset( output_str, 0x00, 1000 );
1589 
1590  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1591  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1592  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1593 
1594  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1595 
1596  msg_len = unhexify( message_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" );
1597 
1598  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1599  if( 0 == 0 )
1600  {
1601  hexify( output_str, output, ctx.len );
1602 
1603  fct_chk( strcasecmp( (char *) output_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" ) == 0 );
1604  }
1605 
1606  rsa_free( &ctx );
1607  }
1608  FCT_TEST_END();
1609 
1610 
1611  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_3)
1612  {
1613  unsigned char message_str[1000];
1614  unsigned char output[1000];
1615  unsigned char output_str[1000];
1616  unsigned char rnd_buf[1000];
1617  rsa_context ctx;
1618  size_t msg_len;
1619  rnd_buf_info info;
1620 
1621  info.length = unhexify( rnd_buf, "6c075bc45520f165c0bf5ea4c5df191bc9ef0e44" );
1622  info.buf = rnd_buf;
1623 
1625  memset( message_str, 0x00, 1000 );
1626  memset( output, 0x00, 1000 );
1627  memset( output_str, 0x00, 1000 );
1628 
1629  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1630  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1631  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1632 
1633  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1634 
1635  msg_len = unhexify( message_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" );
1636 
1637  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1638  if( 0 == 0 )
1639  {
1640  hexify( output_str, output, ctx.len );
1641 
1642  fct_chk( strcasecmp( (char *) output_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" ) == 0 );
1643  }
1644 
1645  rsa_free( &ctx );
1646  }
1647  FCT_TEST_END();
1648 
1649 
1650  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_4)
1651  {
1652  unsigned char message_str[1000];
1653  unsigned char output[1000];
1654  unsigned char output_str[1000];
1655  unsigned char rnd_buf[1000];
1656  rsa_context ctx;
1657  size_t msg_len;
1658  rnd_buf_info info;
1659 
1660  info.length = unhexify( rnd_buf, "3bbc3bd6637dfe12846901029bf5b0c07103439c" );
1661  info.buf = rnd_buf;
1662 
1664  memset( message_str, 0x00, 1000 );
1665  memset( output, 0x00, 1000 );
1666  memset( output_str, 0x00, 1000 );
1667 
1668  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1669  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1670  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1671 
1672  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1673 
1674  msg_len = unhexify( message_str, "684e3038c5c041f7" );
1675 
1676  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1677  if( 0 == 0 )
1678  {
1679  hexify( output_str, output, ctx.len );
1680 
1681  fct_chk( strcasecmp( (char *) output_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" ) == 0 );
1682  }
1683 
1684  rsa_free( &ctx );
1685  }
1686  FCT_TEST_END();
1687 
1688 
1689  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_5)
1690  {
1691  unsigned char message_str[1000];
1692  unsigned char output[1000];
1693  unsigned char output_str[1000];
1694  unsigned char rnd_buf[1000];
1695  rsa_context ctx;
1696  size_t msg_len;
1697  rnd_buf_info info;
1698 
1699  info.length = unhexify( rnd_buf, "b46b41893e8bef326f6759383a83071dae7fcabc" );
1700  info.buf = rnd_buf;
1701 
1703  memset( message_str, 0x00, 1000 );
1704  memset( output, 0x00, 1000 );
1705  memset( output_str, 0x00, 1000 );
1706 
1707  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1708  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1709  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1710 
1711  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1712 
1713  msg_len = unhexify( message_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" );
1714 
1715  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1716  if( 0 == 0 )
1717  {
1718  hexify( output_str, output, ctx.len );
1719 
1720  fct_chk( strcasecmp( (char *) output_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" ) == 0 );
1721  }
1722 
1723  rsa_free( &ctx );
1724  }
1725  FCT_TEST_END();
1726 
1727 
1728  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_6)
1729  {
1730  unsigned char message_str[1000];
1731  unsigned char output[1000];
1732  unsigned char output_str[1000];
1733  unsigned char rnd_buf[1000];
1734  rsa_context ctx;
1735  size_t msg_len;
1736  rnd_buf_info info;
1737 
1738  info.length = unhexify( rnd_buf, "0a2403312a41e3d52f060fbc13a67de5cf7609a7" );
1739  info.buf = rnd_buf;
1740 
1742  memset( message_str, 0x00, 1000 );
1743  memset( output, 0x00, 1000 );
1744  memset( output_str, 0x00, 1000 );
1745 
1746  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1747  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1748  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1749 
1750  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1751 
1752  msg_len = unhexify( message_str, "50ba14be8462720279c306ba" );
1753 
1754  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1755  if( 0 == 0 )
1756  {
1757  hexify( output_str, output, ctx.len );
1758 
1759  fct_chk( strcasecmp( (char *) output_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" ) == 0 );
1760  }
1761 
1762  rsa_free( &ctx );
1763  }
1764  FCT_TEST_END();
1765 
1766 
1767  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_1)
1768  {
1769  unsigned char message_str[1000];
1770  unsigned char output[1000];
1771  unsigned char output_str[1000];
1772  unsigned char rnd_buf[1000];
1773  rsa_context ctx;
1774  size_t msg_len;
1775  rnd_buf_info info;
1776 
1777  info.length = unhexify( rnd_buf, "43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f" );
1778  info.buf = rnd_buf;
1779 
1781  memset( message_str, 0x00, 1000 );
1782  memset( output, 0x00, 1000 );
1783  memset( output_str, 0x00, 1000 );
1784 
1785  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1786  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1787  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1788 
1789  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1790 
1791  msg_len = unhexify( message_str, "47aae909" );
1792 
1793  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1794  if( 0 == 0 )
1795  {
1796  hexify( output_str, output, ctx.len );
1797 
1798  fct_chk( strcasecmp( (char *) output_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" ) == 0 );
1799  }
1800 
1801  rsa_free( &ctx );
1802  }
1803  FCT_TEST_END();
1804 
1805 
1806  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_2)
1807  {
1808  unsigned char message_str[1000];
1809  unsigned char output[1000];
1810  unsigned char output_str[1000];
1811  unsigned char rnd_buf[1000];
1812  rsa_context ctx;
1813  size_t msg_len;
1814  rnd_buf_info info;
1815 
1816  info.length = unhexify( rnd_buf, "3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b" );
1817  info.buf = rnd_buf;
1818 
1820  memset( message_str, 0x00, 1000 );
1821  memset( output, 0x00, 1000 );
1822  memset( output_str, 0x00, 1000 );
1823 
1824  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1825  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1826  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1827 
1828  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1829 
1830  msg_len = unhexify( message_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" );
1831 
1832  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1833  if( 0 == 0 )
1834  {
1835  hexify( output_str, output, ctx.len );
1836 
1837  fct_chk( strcasecmp( (char *) output_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" ) == 0 );
1838  }
1839 
1840  rsa_free( &ctx );
1841  }
1842  FCT_TEST_END();
1843 
1844 
1845  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_3)
1846  {
1847  unsigned char message_str[1000];
1848  unsigned char output[1000];
1849  unsigned char output_str[1000];
1850  unsigned char rnd_buf[1000];
1851  rsa_context ctx;
1852  size_t msg_len;
1853  rnd_buf_info info;
1854 
1855  info.length = unhexify( rnd_buf, "76a75e5b6157a556cf8884bb2e45c293dd545cf5" );
1856  info.buf = rnd_buf;
1857 
1859  memset( message_str, 0x00, 1000 );
1860  memset( output, 0x00, 1000 );
1861  memset( output_str, 0x00, 1000 );
1862 
1863  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1864  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1865  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1866 
1867  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1868 
1869  msg_len = unhexify( message_str, "d976fc" );
1870 
1871  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1872  if( 0 == 0 )
1873  {
1874  hexify( output_str, output, ctx.len );
1875 
1876  fct_chk( strcasecmp( (char *) output_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" ) == 0 );
1877  }
1878 
1879  rsa_free( &ctx );
1880  }
1881  FCT_TEST_END();
1882 
1883 
1884  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_4)
1885  {
1886  unsigned char message_str[1000];
1887  unsigned char output[1000];
1888  unsigned char output_str[1000];
1889  unsigned char rnd_buf[1000];
1890  rsa_context ctx;
1891  size_t msg_len;
1892  rnd_buf_info info;
1893 
1894  info.length = unhexify( rnd_buf, "7866314a6ad6f2b250a35941db28f5864b585859" );
1895  info.buf = rnd_buf;
1896 
1898  memset( message_str, 0x00, 1000 );
1899  memset( output, 0x00, 1000 );
1900  memset( output_str, 0x00, 1000 );
1901 
1902  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1903  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1904  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1905 
1906  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1907 
1908  msg_len = unhexify( message_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" );
1909 
1910  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1911  if( 0 == 0 )
1912  {
1913  hexify( output_str, output, ctx.len );
1914 
1915  fct_chk( strcasecmp( (char *) output_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" ) == 0 );
1916  }
1917 
1918  rsa_free( &ctx );
1919  }
1920  FCT_TEST_END();
1921 
1922 
1923  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_5)
1924  {
1925  unsigned char message_str[1000];
1926  unsigned char output[1000];
1927  unsigned char output_str[1000];
1928  unsigned char rnd_buf[1000];
1929  rsa_context ctx;
1930  size_t msg_len;
1931  rnd_buf_info info;
1932 
1933  info.length = unhexify( rnd_buf, "b2166ed472d58db10cab2c6b000cccf10a7dc509" );
1934  info.buf = rnd_buf;
1935 
1937  memset( message_str, 0x00, 1000 );
1938  memset( output, 0x00, 1000 );
1939  memset( output_str, 0x00, 1000 );
1940 
1941  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1942  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1943  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1944 
1945  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1946 
1947  msg_len = unhexify( message_str, "bb47231ca5ea1d3ad46c99345d9a8a61" );
1948 
1949  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1950  if( 0 == 0 )
1951  {
1952  hexify( output_str, output, ctx.len );
1953 
1954  fct_chk( strcasecmp( (char *) output_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" ) == 0 );
1955  }
1956 
1957  rsa_free( &ctx );
1958  }
1959  FCT_TEST_END();
1960 
1961 
1962  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_6)
1963  {
1964  unsigned char message_str[1000];
1965  unsigned char output[1000];
1966  unsigned char output_str[1000];
1967  unsigned char rnd_buf[1000];
1968  rsa_context ctx;
1969  size_t msg_len;
1970  rnd_buf_info info;
1971 
1972  info.length = unhexify( rnd_buf, "52673bde2ca166c2aa46131ac1dc808d67d7d3b1" );
1973  info.buf = rnd_buf;
1974 
1976  memset( message_str, 0x00, 1000 );
1977  memset( output, 0x00, 1000 );
1978  memset( output_str, 0x00, 1000 );
1979 
1980  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1981  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1982  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1983 
1984  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1985 
1986  msg_len = unhexify( message_str, "2184827095d35c3f86f600e8e59754013296" );
1987 
1988  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1989  if( 0 == 0 )
1990  {
1991  hexify( output_str, output, ctx.len );
1992 
1993  fct_chk( strcasecmp( (char *) output_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" ) == 0 );
1994  }
1995 
1996  rsa_free( &ctx );
1997  }
1998  FCT_TEST_END();
1999 
2000 
2001  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_1)
2002  {
2003  unsigned char message_str[1000];
2004  unsigned char output[1000];
2005  unsigned char output_str[1000];
2006  unsigned char rnd_buf[1000];
2007  rsa_context ctx;
2008  size_t msg_len;
2009  rnd_buf_info info;
2010 
2011  info.length = unhexify( rnd_buf, "7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125" );
2012  info.buf = rnd_buf;
2013 
2015  memset( message_str, 0x00, 1000 );
2016  memset( output, 0x00, 1000 );
2017  memset( output_str, 0x00, 1000 );
2018 
2019  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2020  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2021  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2022 
2023  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2024 
2025  msg_len = unhexify( message_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" );
2026 
2027  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2028  if( 0 == 0 )
2029  {
2030  hexify( output_str, output, ctx.len );
2031 
2032  fct_chk( strcasecmp( (char *) output_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" ) == 0 );
2033  }
2034 
2035  rsa_free( &ctx );
2036  }
2037  FCT_TEST_END();
2038 
2039 
2040  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_2)
2041  {
2042  unsigned char message_str[1000];
2043  unsigned char output[1000];
2044  unsigned char output_str[1000];
2045  unsigned char rnd_buf[1000];
2046  rsa_context ctx;
2047  size_t msg_len;
2048  rnd_buf_info info;
2049 
2050  info.length = unhexify( rnd_buf, "a3717da143b4dcffbc742665a8fa950585548343" );
2051  info.buf = rnd_buf;
2052 
2054  memset( message_str, 0x00, 1000 );
2055  memset( output, 0x00, 1000 );
2056  memset( output_str, 0x00, 1000 );
2057 
2058  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2059  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2060  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2061 
2062  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2063 
2064  msg_len = unhexify( message_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" );
2065 
2066  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2067  if( 0 == 0 )
2068  {
2069  hexify( output_str, output, ctx.len );
2070 
2071  fct_chk( strcasecmp( (char *) output_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" ) == 0 );
2072  }
2073 
2074  rsa_free( &ctx );
2075  }
2076  FCT_TEST_END();
2077 
2078 
2079  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_3)
2080  {
2081  unsigned char message_str[1000];
2082  unsigned char output[1000];
2083  unsigned char output_str[1000];
2084  unsigned char rnd_buf[1000];
2085  rsa_context ctx;
2086  size_t msg_len;
2087  rnd_buf_info info;
2088 
2089  info.length = unhexify( rnd_buf, "ee06209073cca026bb264e5185bf8c68b7739f86" );
2090  info.buf = rnd_buf;
2091 
2093  memset( message_str, 0x00, 1000 );
2094  memset( output, 0x00, 1000 );
2095  memset( output_str, 0x00, 1000 );
2096 
2097  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2098  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2099  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2100 
2101  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2102 
2103  msg_len = unhexify( message_str, "8604ac56328c1ab5ad917861" );
2104 
2105  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2106  if( 0 == 0 )
2107  {
2108  hexify( output_str, output, ctx.len );
2109 
2110  fct_chk( strcasecmp( (char *) output_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" ) == 0 );
2111  }
2112 
2113  rsa_free( &ctx );
2114  }
2115  FCT_TEST_END();
2116 
2117 
2118  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_4)
2119  {
2120  unsigned char message_str[1000];
2121  unsigned char output[1000];
2122  unsigned char output_str[1000];
2123  unsigned char rnd_buf[1000];
2124  rsa_context ctx;
2125  size_t msg_len;
2126  rnd_buf_info info;
2127 
2128  info.length = unhexify( rnd_buf, "990ad573dc48a973235b6d82543618f2e955105d" );
2129  info.buf = rnd_buf;
2130 
2132  memset( message_str, 0x00, 1000 );
2133  memset( output, 0x00, 1000 );
2134  memset( output_str, 0x00, 1000 );
2135 
2136  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2137  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2138  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2139 
2140  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2141 
2142  msg_len = unhexify( message_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" );
2143 
2144  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2145  if( 0 == 0 )
2146  {
2147  hexify( output_str, output, ctx.len );
2148 
2149  fct_chk( strcasecmp( (char *) output_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" ) == 0 );
2150  }
2151 
2152  rsa_free( &ctx );
2153  }
2154  FCT_TEST_END();
2155 
2156 
2157  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_5)
2158  {
2159  unsigned char message_str[1000];
2160  unsigned char output[1000];
2161  unsigned char output_str[1000];
2162  unsigned char rnd_buf[1000];
2163  rsa_context ctx;
2164  size_t msg_len;
2165  rnd_buf_info info;
2166 
2167  info.length = unhexify( rnd_buf, "ecc63b28f0756f22f52ac8e6ec1251a6ec304718" );
2168  info.buf = rnd_buf;
2169 
2171  memset( message_str, 0x00, 1000 );
2172  memset( output, 0x00, 1000 );
2173  memset( output_str, 0x00, 1000 );
2174 
2175  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2176  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2177  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2178 
2179  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2180 
2181  msg_len = unhexify( message_str, "4a5f4914bee25de3c69341de07" );
2182 
2183  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2184  if( 0 == 0 )
2185  {
2186  hexify( output_str, output, ctx.len );
2187 
2188  fct_chk( strcasecmp( (char *) output_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" ) == 0 );
2189  }
2190 
2191  rsa_free( &ctx );
2192  }
2193  FCT_TEST_END();
2194 
2195 
2196  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_6)
2197  {
2198  unsigned char message_str[1000];
2199  unsigned char output[1000];
2200  unsigned char output_str[1000];
2201  unsigned char rnd_buf[1000];
2202  rsa_context ctx;
2203  size_t msg_len;
2204  rnd_buf_info info;
2205 
2206  info.length = unhexify( rnd_buf, "3925c71b362d40a0a6de42145579ba1e7dd459fc" );
2207  info.buf = rnd_buf;
2208 
2210  memset( message_str, 0x00, 1000 );
2211  memset( output, 0x00, 1000 );
2212  memset( output_str, 0x00, 1000 );
2213 
2214  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2215  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2216  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2217 
2218  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2219 
2220  msg_len = unhexify( message_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" );
2221 
2222  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2223  if( 0 == 0 )
2224  {
2225  hexify( output_str, output, ctx.len );
2226 
2227  fct_chk( strcasecmp( (char *) output_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" ) == 0 );
2228  }
2229 
2230  rsa_free( &ctx );
2231  }
2232  FCT_TEST_END();
2233 
2234 
2235  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_1)
2236  {
2237  unsigned char message_str[1000];
2238  unsigned char output[1000];
2239  unsigned char output_str[1000];
2240  unsigned char rnd_buf[1000];
2241  rsa_context ctx;
2242  size_t msg_len;
2243  rnd_buf_info info;
2244 
2245  info.length = unhexify( rnd_buf, "8ec965f134a3ec9931e92a1ca0dc8169d5ea705c" );
2246  info.buf = rnd_buf;
2247 
2249  memset( message_str, 0x00, 1000 );
2250  memset( output, 0x00, 1000 );
2251  memset( output_str, 0x00, 1000 );
2252 
2253  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2254  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2255  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2256 
2257  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2258 
2259  msg_len = unhexify( message_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" );
2260 
2261  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2262  if( 0 == 0 )
2263  {
2264  hexify( output_str, output, ctx.len );
2265 
2266  fct_chk( strcasecmp( (char *) output_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" ) == 0 );
2267  }
2268 
2269  rsa_free( &ctx );
2270  }
2271  FCT_TEST_END();
2272 
2273 
2274  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_2)
2275  {
2276  unsigned char message_str[1000];
2277  unsigned char output[1000];
2278  unsigned char output_str[1000];
2279  unsigned char rnd_buf[1000];
2280  rsa_context ctx;
2281  size_t msg_len;
2282  rnd_buf_info info;
2283 
2284  info.length = unhexify( rnd_buf, "ecb1b8b25fa50cdab08e56042867f4af5826d16c" );
2285  info.buf = rnd_buf;
2286 
2288  memset( message_str, 0x00, 1000 );
2289  memset( output, 0x00, 1000 );
2290  memset( output_str, 0x00, 1000 );
2291 
2292  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2293  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2294  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2295 
2296  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2297 
2298  msg_len = unhexify( message_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" );
2299 
2300  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2301  if( 0 == 0 )
2302  {
2303  hexify( output_str, output, ctx.len );
2304 
2305  fct_chk( strcasecmp( (char *) output_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" ) == 0 );
2306  }
2307 
2308  rsa_free( &ctx );
2309  }
2310  FCT_TEST_END();
2311 
2312 
2313  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_3)
2314  {
2315  unsigned char message_str[1000];
2316  unsigned char output[1000];
2317  unsigned char output_str[1000];
2318  unsigned char rnd_buf[1000];
2319  rsa_context ctx;
2320  size_t msg_len;
2321  rnd_buf_info info;
2322 
2323  info.length = unhexify( rnd_buf, "e89bb032c6ce622cbdb53bc9466014ea77f777c0" );
2324  info.buf = rnd_buf;
2325 
2327  memset( message_str, 0x00, 1000 );
2328  memset( output, 0x00, 1000 );
2329  memset( output_str, 0x00, 1000 );
2330 
2331  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2332  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2333  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2334 
2335  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2336 
2337  msg_len = unhexify( message_str, "fd326429df9b890e09b54b18b8f34f1e24" );
2338 
2339  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2340  if( 0 == 0 )
2341  {
2342  hexify( output_str, output, ctx.len );
2343 
2344  fct_chk( strcasecmp( (char *) output_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" ) == 0 );
2345  }
2346 
2347  rsa_free( &ctx );
2348  }
2349  FCT_TEST_END();
2350 
2351 
2352  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_4)
2353  {
2354  unsigned char message_str[1000];
2355  unsigned char output[1000];
2356  unsigned char output_str[1000];
2357  unsigned char rnd_buf[1000];
2358  rsa_context ctx;
2359  size_t msg_len;
2360  rnd_buf_info info;
2361 
2362  info.length = unhexify( rnd_buf, "606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc" );
2363  info.buf = rnd_buf;
2364 
2366  memset( message_str, 0x00, 1000 );
2367  memset( output, 0x00, 1000 );
2368  memset( output_str, 0x00, 1000 );
2369 
2370  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2371  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2372  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2373 
2374  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2375 
2376  msg_len = unhexify( message_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" );
2377 
2378  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2379  if( 0 == 0 )
2380  {
2381  hexify( output_str, output, ctx.len );
2382 
2383  fct_chk( strcasecmp( (char *) output_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" ) == 0 );
2384  }
2385 
2386  rsa_free( &ctx );
2387  }
2388  FCT_TEST_END();
2389 
2390 
2391  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_5)
2392  {
2393  unsigned char message_str[1000];
2394  unsigned char output[1000];
2395  unsigned char output_str[1000];
2396  unsigned char rnd_buf[1000];
2397  rsa_context ctx;
2398  size_t msg_len;
2399  rnd_buf_info info;
2400 
2401  info.length = unhexify( rnd_buf, "fcbc421402e9ecabc6082afa40ba5f26522c840e" );
2402  info.buf = rnd_buf;
2403 
2405  memset( message_str, 0x00, 1000 );
2406  memset( output, 0x00, 1000 );
2407  memset( output_str, 0x00, 1000 );
2408 
2409  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2410  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2411  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2412 
2413  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2414 
2415  msg_len = unhexify( message_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" );
2416 
2417  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2418  if( 0 == 0 )
2419  {
2420  hexify( output_str, output, ctx.len );
2421 
2422  fct_chk( strcasecmp( (char *) output_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" ) == 0 );
2423  }
2424 
2425  rsa_free( &ctx );
2426  }
2427  FCT_TEST_END();
2428 
2429 
2430  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_6)
2431  {
2432  unsigned char message_str[1000];
2433  unsigned char output[1000];
2434  unsigned char output_str[1000];
2435  unsigned char rnd_buf[1000];
2436  rsa_context ctx;
2437  size_t msg_len;
2438  rnd_buf_info info;
2439 
2440  info.length = unhexify( rnd_buf, "23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2" );
2441  info.buf = rnd_buf;
2442 
2444  memset( message_str, 0x00, 1000 );
2445  memset( output, 0x00, 1000 );
2446  memset( output_str, 0x00, 1000 );
2447 
2448  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2449  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2450  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2451 
2452  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2453 
2454  msg_len = unhexify( message_str, "b6b28ea2198d0c1008bc64" );
2455 
2456  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2457  if( 0 == 0 )
2458  {
2459  hexify( output_str, output, ctx.len );
2460 
2461  fct_chk( strcasecmp( (char *) output_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" ) == 0 );
2462  }
2463 
2464  rsa_free( &ctx );
2465  }
2466  FCT_TEST_END();
2467 
2468 
2469  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_1)
2470  {
2471  unsigned char message_str[1000];
2472  unsigned char output[1000];
2473  unsigned char output_str[1000];
2474  unsigned char rnd_buf[1000];
2475  rsa_context ctx;
2476  size_t msg_len;
2477  rnd_buf_info info;
2478 
2479  info.length = unhexify( rnd_buf, "47e1ab7119fee56c95ee5eaad86f40d0aa63bd33" );
2480  info.buf = rnd_buf;
2481 
2483  memset( message_str, 0x00, 1000 );
2484  memset( output, 0x00, 1000 );
2485  memset( output_str, 0x00, 1000 );
2486 
2487  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2488  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2489  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2490 
2491  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2492 
2493  msg_len = unhexify( message_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" );
2494 
2495  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2496  if( 0 == 0 )
2497  {
2498  hexify( output_str, output, ctx.len );
2499 
2500  fct_chk( strcasecmp( (char *) output_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" ) == 0 );
2501  }
2502 
2503  rsa_free( &ctx );
2504  }
2505  FCT_TEST_END();
2506 
2507 
2508  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_2)
2509  {
2510  unsigned char message_str[1000];
2511  unsigned char output[1000];
2512  unsigned char output_str[1000];
2513  unsigned char rnd_buf[1000];
2514  rsa_context ctx;
2515  size_t msg_len;
2516  rnd_buf_info info;
2517 
2518  info.length = unhexify( rnd_buf, "6d17f5b4c1ffac351d195bf7b09d09f09a4079cf" );
2519  info.buf = rnd_buf;
2520 
2522  memset( message_str, 0x00, 1000 );
2523  memset( output, 0x00, 1000 );
2524  memset( output_str, 0x00, 1000 );
2525 
2526  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2527  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2528  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2529 
2530  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2531 
2532  msg_len = unhexify( message_str, "e6ad181f053b58a904f2457510373e57" );
2533 
2534  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2535  if( 0 == 0 )
2536  {
2537  hexify( output_str, output, ctx.len );
2538 
2539  fct_chk( strcasecmp( (char *) output_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" ) == 0 );
2540  }
2541 
2542  rsa_free( &ctx );
2543  }
2544  FCT_TEST_END();
2545 
2546 
2547  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_3)
2548  {
2549  unsigned char message_str[1000];
2550  unsigned char output[1000];
2551  unsigned char output_str[1000];
2552  unsigned char rnd_buf[1000];
2553  rsa_context ctx;
2554  size_t msg_len;
2555  rnd_buf_info info;
2556 
2557  info.length = unhexify( rnd_buf, "385387514deccc7c740dd8cdf9daee49a1cbfd54" );
2558  info.buf = rnd_buf;
2559 
2561  memset( message_str, 0x00, 1000 );
2562  memset( output, 0x00, 1000 );
2563  memset( output_str, 0x00, 1000 );
2564 
2565  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2566  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2567  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2568 
2569  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2570 
2571  msg_len = unhexify( message_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" );
2572 
2573  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2574  if( 0 == 0 )
2575  {
2576  hexify( output_str, output, ctx.len );
2577 
2578  fct_chk( strcasecmp( (char *) output_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" ) == 0 );
2579  }
2580 
2581  rsa_free( &ctx );
2582  }
2583  FCT_TEST_END();
2584 
2585 
2586  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_4)
2587  {
2588  unsigned char message_str[1000];
2589  unsigned char output[1000];
2590  unsigned char output_str[1000];
2591  unsigned char rnd_buf[1000];
2592  rsa_context ctx;
2593  size_t msg_len;
2594  rnd_buf_info info;
2595 
2596  info.length = unhexify( rnd_buf, "5caca6a0f764161a9684f85d92b6e0ef37ca8b65" );
2597  info.buf = rnd_buf;
2598 
2600  memset( message_str, 0x00, 1000 );
2601  memset( output, 0x00, 1000 );
2602  memset( output_str, 0x00, 1000 );
2603 
2604  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2605  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2606  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2607 
2608  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2609 
2610  msg_len = unhexify( message_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" );
2611 
2612  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2613  if( 0 == 0 )
2614  {
2615  hexify( output_str, output, ctx.len );
2616 
2617  fct_chk( strcasecmp( (char *) output_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" ) == 0 );
2618  }
2619 
2620  rsa_free( &ctx );
2621  }
2622  FCT_TEST_END();
2623 
2624 
2625  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_5)
2626  {
2627  unsigned char message_str[1000];
2628  unsigned char output[1000];
2629  unsigned char output_str[1000];
2630  unsigned char rnd_buf[1000];
2631  rsa_context ctx;
2632  size_t msg_len;
2633  rnd_buf_info info;
2634 
2635  info.length = unhexify( rnd_buf, "95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4" );
2636  info.buf = rnd_buf;
2637 
2639  memset( message_str, 0x00, 1000 );
2640  memset( output, 0x00, 1000 );
2641  memset( output_str, 0x00, 1000 );
2642 
2643  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2644  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2645  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2646 
2647  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2648 
2649  msg_len = unhexify( message_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" );
2650 
2651  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2652  if( 0 == 0 )
2653  {
2654  hexify( output_str, output, ctx.len );
2655 
2656  fct_chk( strcasecmp( (char *) output_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" ) == 0 );
2657  }
2658 
2659  rsa_free( &ctx );
2660  }
2661  FCT_TEST_END();
2662 
2663 
2664  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_6)
2665  {
2666  unsigned char message_str[1000];
2667  unsigned char output[1000];
2668  unsigned char output_str[1000];
2669  unsigned char rnd_buf[1000];
2670  rsa_context ctx;
2671  size_t msg_len;
2672  rnd_buf_info info;
2673 
2674  info.length = unhexify( rnd_buf, "9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32" );
2675  info.buf = rnd_buf;
2676 
2678  memset( message_str, 0x00, 1000 );
2679  memset( output, 0x00, 1000 );
2680  memset( output_str, 0x00, 1000 );
2681 
2682  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2683  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2684  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2685 
2686  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2687 
2688  msg_len = unhexify( message_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" );
2689 
2690  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2691  if( 0 == 0 )
2692  {
2693  hexify( output_str, output, ctx.len );
2694 
2695  fct_chk( strcasecmp( (char *) output_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" ) == 0 );
2696  }
2697 
2698  rsa_free( &ctx );
2699  }
2700  FCT_TEST_END();
2701 
2702 
2703  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_int)
2704  {
2705  unsigned char message_str[1000];
2706  unsigned char output[1000];
2707  unsigned char output_str[1000];
2708  rsa_context ctx;
2709  mpi P1, Q1, H, G;
2710  size_t output_len;
2711 
2712  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2714 
2715  memset( message_str, 0x00, 1000 );
2716  memset( output, 0x00, 1000 );
2717  memset( output_str, 0x00, 1000 );
2718 
2719  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2720  fct_chk( mpi_read_string( &ctx.P, 16, "eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599" ) == 0 );
2721  fct_chk( mpi_read_string( &ctx.Q, 16, "c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503" ) == 0 );
2722  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
2723  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
2724 
2725  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2726  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2727  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2728  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2729  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2730  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2731  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2732  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2733 
2734  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2735 
2736  unhexify( message_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" );
2737 
2738  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2739  if( 0 == 0 )
2740  {
2741  hexify( output_str, output, ctx.len );
2742 
2743  fct_chk( strncasecmp( (char *) output_str, "d436e99569fd32a7c8a05bbc90d32c49", strlen( "d436e99569fd32a7c8a05bbc90d32c49" ) ) == 0 );
2744  }
2745 
2746  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2747  rsa_free( &ctx );
2748  }
2749  FCT_TEST_END();
2750 
2751 
2752  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_1)
2753  {
2754  unsigned char message_str[1000];
2755  unsigned char output[1000];
2756  unsigned char output_str[1000];
2757  rsa_context ctx;
2758  mpi P1, Q1, H, G;
2759  size_t output_len;
2760 
2761  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2763 
2764  memset( message_str, 0x00, 1000 );
2765  memset( output, 0x00, 1000 );
2766  memset( output_str, 0x00, 1000 );
2767 
2768  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2769  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2770  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2771  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2772  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2773 
2774  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2775  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2776  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2777  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2778  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2779  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2780  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2781  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2782 
2783  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2784 
2785  unhexify( message_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" );
2786 
2787  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2788  if( 0 == 0 )
2789  {
2790  hexify( output_str, output, ctx.len );
2791 
2792  fct_chk( strncasecmp( (char *) output_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34", strlen( "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" ) ) == 0 );
2793  }
2794 
2795  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2796  rsa_free( &ctx );
2797  }
2798  FCT_TEST_END();
2799 
2800 
2801  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_2)
2802  {
2803  unsigned char message_str[1000];
2804  unsigned char output[1000];
2805  unsigned char output_str[1000];
2806  rsa_context ctx;
2807  mpi P1, Q1, H, G;
2808  size_t output_len;
2809 
2810  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2812 
2813  memset( message_str, 0x00, 1000 );
2814  memset( output, 0x00, 1000 );
2815  memset( output_str, 0x00, 1000 );
2816 
2817  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2818  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2819  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2820  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2821  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2822 
2823  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2824  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2825  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2826  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2827  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2828  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2829  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2830  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2831 
2832  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2833 
2834  unhexify( message_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" );
2835 
2836  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2837  if( 0 == 0 )
2838  {
2839  hexify( output_str, output, ctx.len );
2840 
2841  fct_chk( strncasecmp( (char *) output_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5", strlen( "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" ) ) == 0 );
2842  }
2843 
2844  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2845  rsa_free( &ctx );
2846  }
2847  FCT_TEST_END();
2848 
2849 
2850  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_3)
2851  {
2852  unsigned char message_str[1000];
2853  unsigned char output[1000];
2854  unsigned char output_str[1000];
2855  rsa_context ctx;
2856  mpi P1, Q1, H, G;
2857  size_t output_len;
2858 
2859  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2861 
2862  memset( message_str, 0x00, 1000 );
2863  memset( output, 0x00, 1000 );
2864  memset( output_str, 0x00, 1000 );
2865 
2866  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2867  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2868  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2869  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2870  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2871 
2872  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2873  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2874  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2875  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2876  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2877  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2878  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2879  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2880 
2881  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2882 
2883  unhexify( message_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" );
2884 
2885  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2886  if( 0 == 0 )
2887  {
2888  hexify( output_str, output, ctx.len );
2889 
2890  fct_chk( strncasecmp( (char *) output_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051", strlen( "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" ) ) == 0 );
2891  }
2892 
2893  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2894  rsa_free( &ctx );
2895  }
2896  FCT_TEST_END();
2897 
2898 
2899  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_4)
2900  {
2901  unsigned char message_str[1000];
2902  unsigned char output[1000];
2903  unsigned char output_str[1000];
2904  rsa_context ctx;
2905  mpi P1, Q1, H, G;
2906  size_t output_len;
2907 
2908  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2910 
2911  memset( message_str, 0x00, 1000 );
2912  memset( output, 0x00, 1000 );
2913  memset( output_str, 0x00, 1000 );
2914 
2915  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2916  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2917  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2918  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2919  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2920 
2921  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2922  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2923  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2924  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2925  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2926  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2927  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2928  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2929 
2930  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2931 
2932  unhexify( message_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" );
2933 
2934  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2935  if( 0 == 0 )
2936  {
2937  hexify( output_str, output, ctx.len );
2938 
2939  fct_chk( strncasecmp( (char *) output_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85", strlen( "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" ) ) == 0 );
2940  }
2941 
2942  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2943  rsa_free( &ctx );
2944  }
2945  FCT_TEST_END();
2946 
2947 
2948  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_5)
2949  {
2950  unsigned char message_str[1000];
2951  unsigned char output[1000];
2952  unsigned char output_str[1000];
2953  rsa_context ctx;
2954  mpi P1, Q1, H, G;
2955  size_t output_len;
2956 
2957  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2959 
2960  memset( message_str, 0x00, 1000 );
2961  memset( output, 0x00, 1000 );
2962  memset( output_str, 0x00, 1000 );
2963 
2964  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2965  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2966  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2967  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2968  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2969 
2970  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2971  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2972  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2973  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2974  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2975  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2976  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2977  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2978 
2979  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2980 
2981  unhexify( message_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" );
2982 
2983  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2984  if( 0 == 0 )
2985  {
2986  hexify( output_str, output, ctx.len );
2987 
2988  fct_chk( strncasecmp( (char *) output_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802", strlen( "8da89fd9e5f974a29feffb462b49180f6cf9e802" ) ) == 0 );
2989  }
2990 
2991  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2992  rsa_free( &ctx );
2993  }
2994  FCT_TEST_END();
2995 
2996 
2997  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_6)
2998  {
2999  unsigned char message_str[1000];
3000  unsigned char output[1000];
3001  unsigned char output_str[1000];
3002  rsa_context ctx;
3003  mpi P1, Q1, H, G;
3004  size_t output_len;
3005 
3006  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3008 
3009  memset( message_str, 0x00, 1000 );
3010  memset( output, 0x00, 1000 );
3011  memset( output_str, 0x00, 1000 );
3012 
3013  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
3014  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
3015  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
3016  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
3017  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3018 
3019  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3020  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3021  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3022  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3023  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3024  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3025  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3026  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3027 
3028  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3029 
3030  unhexify( message_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" );
3031 
3032  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3033  if( 0 == 0 )
3034  {
3035  hexify( output_str, output, ctx.len );
3036 
3037  fct_chk( strncasecmp( (char *) output_str, "26521050844271", strlen( "26521050844271" ) ) == 0 );
3038  }
3039 
3040  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3041  rsa_free( &ctx );
3042  }
3043  FCT_TEST_END();
3044 
3045 
3046  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_1)
3047  {
3048  unsigned char message_str[1000];
3049  unsigned char output[1000];
3050  unsigned char output_str[1000];
3051  rsa_context ctx;
3052  mpi P1, Q1, H, G;
3053  size_t output_len;
3054 
3055  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3057 
3058  memset( message_str, 0x00, 1000 );
3059  memset( output, 0x00, 1000 );
3060  memset( output_str, 0x00, 1000 );
3061 
3062  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3063  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3064  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3065  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3066  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3067 
3068  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3069  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3070  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3071  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3072  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3073  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3074  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3075  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3076 
3077  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3078 
3079  unhexify( message_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" );
3080 
3081  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3082  if( 0 == 0 )
3083  {
3084  hexify( output_str, output, ctx.len );
3085 
3086  fct_chk( strncasecmp( (char *) output_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7", strlen( "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" ) ) == 0 );
3087  }
3088 
3089  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3090  rsa_free( &ctx );
3091  }
3092  FCT_TEST_END();
3093 
3094 
3095  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_2)
3096  {
3097  unsigned char message_str[1000];
3098  unsigned char output[1000];
3099  unsigned char output_str[1000];
3100  rsa_context ctx;
3101  mpi P1, Q1, H, G;
3102  size_t output_len;
3103 
3104  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3106 
3107  memset( message_str, 0x00, 1000 );
3108  memset( output, 0x00, 1000 );
3109  memset( output_str, 0x00, 1000 );
3110 
3111  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3112  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3113  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3114  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3115  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3116 
3117  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3118  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3119  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3120  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3121  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3122  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3123  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3124  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3125 
3126  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3127 
3128  unhexify( message_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" );
3129 
3130  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3131  if( 0 == 0 )
3132  {
3133  hexify( output_str, output, ctx.len );
3134 
3135  fct_chk( strncasecmp( (char *) output_str, "2d", strlen( "2d" ) ) == 0 );
3136  }
3137 
3138  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3139  rsa_free( &ctx );
3140  }
3141  FCT_TEST_END();
3142 
3143 
3144  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_3)
3145  {
3146  unsigned char message_str[1000];
3147  unsigned char output[1000];
3148  unsigned char output_str[1000];
3149  rsa_context ctx;
3150  mpi P1, Q1, H, G;
3151  size_t output_len;
3152 
3153  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3155 
3156  memset( message_str, 0x00, 1000 );
3157  memset( output, 0x00, 1000 );
3158  memset( output_str, 0x00, 1000 );
3159 
3160  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3161  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3162  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3163  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3164  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3165 
3166  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3167  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3168  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3169  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3170  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3171  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3172  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3173  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3174 
3175  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3176 
3177  unhexify( message_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" );
3178 
3179  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3180  if( 0 == 0 )
3181  {
3182  hexify( output_str, output, ctx.len );
3183 
3184  fct_chk( strncasecmp( (char *) output_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e", strlen( "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" ) ) == 0 );
3185  }
3186 
3187  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3188  rsa_free( &ctx );
3189  }
3190  FCT_TEST_END();
3191 
3192 
3193  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_4)
3194  {
3195  unsigned char message_str[1000];
3196  unsigned char output[1000];
3197  unsigned char output_str[1000];
3198  rsa_context ctx;
3199  mpi P1, Q1, H, G;
3200  size_t output_len;
3201 
3202  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3204 
3205  memset( message_str, 0x00, 1000 );
3206  memset( output, 0x00, 1000 );
3207  memset( output_str, 0x00, 1000 );
3208 
3209  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3210  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3211  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3212  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3213  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3214 
3215  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3216  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3217  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3218  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3219  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3220  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3221  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3222  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3223 
3224  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3225 
3226  unhexify( message_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" );
3227 
3228  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3229  if( 0 == 0 )
3230  {
3231  hexify( output_str, output, ctx.len );
3232 
3233  fct_chk( strncasecmp( (char *) output_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a", strlen( "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" ) ) == 0 );
3234  }
3235 
3236  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3237  rsa_free( &ctx );
3238  }
3239  FCT_TEST_END();
3240 
3241 
3242  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_5)
3243  {
3244  unsigned char message_str[1000];
3245  unsigned char output[1000];
3246  unsigned char output_str[1000];
3247  rsa_context ctx;
3248  mpi P1, Q1, H, G;
3249  size_t output_len;
3250 
3251  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3253 
3254  memset( message_str, 0x00, 1000 );
3255  memset( output, 0x00, 1000 );
3256  memset( output_str, 0x00, 1000 );
3257 
3258  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3259  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3260  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3261  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3262  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3263 
3264  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3265  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3266  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3267  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3268  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3269  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3270  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3271  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3272 
3273  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3274 
3275  unhexify( message_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" );
3276 
3277  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3278  if( 0 == 0 )
3279  {
3280  hexify( output_str, output, ctx.len );
3281 
3282  fct_chk( strncasecmp( (char *) output_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c", strlen( "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" ) ) == 0 );
3283  }
3284 
3285  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3286  rsa_free( &ctx );
3287  }
3288  FCT_TEST_END();
3289 
3290 
3291  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_6)
3292  {
3293  unsigned char message_str[1000];
3294  unsigned char output[1000];
3295  unsigned char output_str[1000];
3296  rsa_context ctx;
3297  mpi P1, Q1, H, G;
3298  size_t output_len;
3299 
3300  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3302 
3303  memset( message_str, 0x00, 1000 );
3304  memset( output, 0x00, 1000 );
3305  memset( output_str, 0x00, 1000 );
3306 
3307  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3308  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3309  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3310  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3311  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3312 
3313  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3314  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3315  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3316  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3317  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3318  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3319  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3320  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3321 
3322  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3323 
3324  unhexify( message_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" );
3325 
3326  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3327  if( 0 == 0 )
3328  {
3329  hexify( output_str, output, ctx.len );
3330 
3331  fct_chk( strncasecmp( (char *) output_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0", strlen( "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" ) ) == 0 );
3332  }
3333 
3334  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3335  rsa_free( &ctx );
3336  }
3337  FCT_TEST_END();
3338 
3339 
3340  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_1)
3341  {
3342  unsigned char message_str[1000];
3343  unsigned char output[1000];
3344  unsigned char output_str[1000];
3345  rsa_context ctx;
3346  mpi P1, Q1, H, G;
3347  size_t output_len;
3348 
3349  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3351 
3352  memset( message_str, 0x00, 1000 );
3353  memset( output, 0x00, 1000 );
3354  memset( output_str, 0x00, 1000 );
3355 
3356  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3357  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3358  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3359  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3360  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3361 
3362  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3363  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3364  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3365  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3366  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3367  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3368  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3369  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3370 
3371  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3372 
3373  unhexify( message_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" );
3374 
3375  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3376  if( 0 == 0 )
3377  {
3378  hexify( output_str, output, ctx.len );
3379 
3380  fct_chk( strncasecmp( (char *) output_str, "087820b569e8fa8d", strlen( "087820b569e8fa8d" ) ) == 0 );
3381  }
3382 
3383  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3384  rsa_free( &ctx );
3385  }
3386  FCT_TEST_END();
3387 
3388 
3389  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_2)
3390  {
3391  unsigned char message_str[1000];
3392  unsigned char output[1000];
3393  unsigned char output_str[1000];
3394  rsa_context ctx;
3395  mpi P1, Q1, H, G;
3396  size_t output_len;
3397 
3398  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3400 
3401  memset( message_str, 0x00, 1000 );
3402  memset( output, 0x00, 1000 );
3403  memset( output_str, 0x00, 1000 );
3404 
3405  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3406  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3407  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3408  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3409  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3410 
3411  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3412  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3413  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3414  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3415  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3416  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3417  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3418  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3419 
3420  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3421 
3422  unhexify( message_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" );
3423 
3424  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3425  if( 0 == 0 )
3426  {
3427  hexify( output_str, output, ctx.len );
3428 
3429  fct_chk( strncasecmp( (char *) output_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04", strlen( "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" ) ) == 0 );
3430  }
3431 
3432  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3433  rsa_free( &ctx );
3434  }
3435  FCT_TEST_END();
3436 
3437 
3438  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_3)
3439  {
3440  unsigned char message_str[1000];
3441  unsigned char output[1000];
3442  unsigned char output_str[1000];
3443  rsa_context ctx;
3444  mpi P1, Q1, H, G;
3445  size_t output_len;
3446 
3447  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3449 
3450  memset( message_str, 0x00, 1000 );
3451  memset( output, 0x00, 1000 );
3452  memset( output_str, 0x00, 1000 );
3453 
3454  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3455  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3456  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3457  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3458  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3459 
3460  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3461  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3462  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3463  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3464  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3465  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3466  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3467  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3468 
3469  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3470 
3471  unhexify( message_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" );
3472 
3473  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3474  if( 0 == 0 )
3475  {
3476  hexify( output_str, output, ctx.len );
3477 
3478  fct_chk( strncasecmp( (char *) output_str, "d94cd0e08fa404ed89", strlen( "d94cd0e08fa404ed89" ) ) == 0 );
3479  }
3480 
3481  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3482  rsa_free( &ctx );
3483  }
3484  FCT_TEST_END();
3485 
3486 
3487  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_4)
3488  {
3489  unsigned char message_str[1000];
3490  unsigned char output[1000];
3491  unsigned char output_str[1000];
3492  rsa_context ctx;
3493  mpi P1, Q1, H, G;
3494  size_t output_len;
3495 
3496  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3498 
3499  memset( message_str, 0x00, 1000 );
3500  memset( output, 0x00, 1000 );
3501  memset( output_str, 0x00, 1000 );
3502 
3503  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3504  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3505  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3506  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3507  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3508 
3509  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3510  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3511  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3512  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3513  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3514  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3515  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3516  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3517 
3518  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3519 
3520  unhexify( message_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" );
3521 
3522  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3523  if( 0 == 0 )
3524  {
3525  hexify( output_str, output, ctx.len );
3526 
3527  fct_chk( strncasecmp( (char *) output_str, "6cc641b6b61e6f963974dad23a9013284ef1", strlen( "6cc641b6b61e6f963974dad23a9013284ef1" ) ) == 0 );
3528  }
3529 
3530  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3531  rsa_free( &ctx );
3532  }
3533  FCT_TEST_END();
3534 
3535 
3536  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_5)
3537  {
3538  unsigned char message_str[1000];
3539  unsigned char output[1000];
3540  unsigned char output_str[1000];
3541  rsa_context ctx;
3542  mpi P1, Q1, H, G;
3543  size_t output_len;
3544 
3545  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3547 
3548  memset( message_str, 0x00, 1000 );
3549  memset( output, 0x00, 1000 );
3550  memset( output_str, 0x00, 1000 );
3551 
3552  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3553  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3554  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3555  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3556  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3557 
3558  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3559  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3560  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3561  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3562  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3563  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3564  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3565  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3566 
3567  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3568 
3569  unhexify( message_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" );
3570 
3571  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3572  if( 0 == 0 )
3573  {
3574  hexify( output_str, output, ctx.len );
3575 
3576  fct_chk( strncasecmp( (char *) output_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223", strlen( "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" ) ) == 0 );
3577  }
3578 
3579  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3580  rsa_free( &ctx );
3581  }
3582  FCT_TEST_END();
3583 
3584 
3585  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_6)
3586  {
3587  unsigned char message_str[1000];
3588  unsigned char output[1000];
3589  unsigned char output_str[1000];
3590  rsa_context ctx;
3591  mpi P1, Q1, H, G;
3592  size_t output_len;
3593 
3594  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3596 
3597  memset( message_str, 0x00, 1000 );
3598  memset( output, 0x00, 1000 );
3599  memset( output_str, 0x00, 1000 );
3600 
3601  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3602  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3603  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3604  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3605  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3606 
3607  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3608  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3609  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3610  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3611  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3612  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3613  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3614  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3615 
3616  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3617 
3618  unhexify( message_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" );
3619 
3620  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3621  if( 0 == 0 )
3622  {
3623  hexify( output_str, output, ctx.len );
3624 
3625  fct_chk( strncasecmp( (char *) output_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1", strlen( "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" ) ) == 0 );
3626  }
3627 
3628  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3629  rsa_free( &ctx );
3630  }
3631  FCT_TEST_END();
3632 
3633 
3634  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_1)
3635  {
3636  unsigned char message_str[1000];
3637  unsigned char output[1000];
3638  unsigned char output_str[1000];
3639  rsa_context ctx;
3640  mpi P1, Q1, H, G;
3641  size_t output_len;
3642 
3643  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3645 
3646  memset( message_str, 0x00, 1000 );
3647  memset( output, 0x00, 1000 );
3648  memset( output_str, 0x00, 1000 );
3649 
3650  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3651  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3652  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3653  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3654  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3655 
3656  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3657  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3658  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3659  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3660  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3661  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3662  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3663  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3664 
3665  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3666 
3667  unhexify( message_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" );
3668 
3669  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3670  if( 0 == 0 )
3671  {
3672  hexify( output_str, output, ctx.len );
3673 
3674  fct_chk( strncasecmp( (char *) output_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2", strlen( "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" ) ) == 0 );
3675  }
3676 
3677  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3678  rsa_free( &ctx );
3679  }
3680  FCT_TEST_END();
3681 
3682 
3683  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_2)
3684  {
3685  unsigned char message_str[1000];
3686  unsigned char output[1000];
3687  unsigned char output_str[1000];
3688  rsa_context ctx;
3689  mpi P1, Q1, H, G;
3690  size_t output_len;
3691 
3692  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3694 
3695  memset( message_str, 0x00, 1000 );
3696  memset( output, 0x00, 1000 );
3697  memset( output_str, 0x00, 1000 );
3698 
3699  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3700  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3701  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3702  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3703  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3704 
3705  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3706  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3707  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3708  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3709  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3710  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3711  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3712  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3713 
3714  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3715 
3716  unhexify( message_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" );
3717 
3718  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3719  if( 0 == 0 )
3720  {
3721  hexify( output_str, output, ctx.len );
3722 
3723  fct_chk( strncasecmp( (char *) output_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8", strlen( "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" ) ) == 0 );
3724  }
3725 
3726  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3727  rsa_free( &ctx );
3728  }
3729  FCT_TEST_END();
3730 
3731 
3732  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_3)
3733  {
3734  unsigned char message_str[1000];
3735  unsigned char output[1000];
3736  unsigned char output_str[1000];
3737  rsa_context ctx;
3738  mpi P1, Q1, H, G;
3739  size_t output_len;
3740 
3741  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3743 
3744  memset( message_str, 0x00, 1000 );
3745  memset( output, 0x00, 1000 );
3746  memset( output_str, 0x00, 1000 );
3747 
3748  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3749  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3750  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3751  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3752  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3753 
3754  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3755  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3756  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3757  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3758  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3759  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3760  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3761  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3762 
3763  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3764 
3765  unhexify( message_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" );
3766 
3767  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3768  if( 0 == 0 )
3769  {
3770  hexify( output_str, output, ctx.len );
3771 
3772  fct_chk( strncasecmp( (char *) output_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99", strlen( "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" ) ) == 0 );
3773  }
3774 
3775  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3776  rsa_free( &ctx );
3777  }
3778  FCT_TEST_END();
3779 
3780 
3781  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_4)
3782  {
3783  unsigned char message_str[1000];
3784  unsigned char output[1000];
3785  unsigned char output_str[1000];
3786  rsa_context ctx;
3787  mpi P1, Q1, H, G;
3788  size_t output_len;
3789 
3790  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3792 
3793  memset( message_str, 0x00, 1000 );
3794  memset( output, 0x00, 1000 );
3795  memset( output_str, 0x00, 1000 );
3796 
3797  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3798  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3799  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3800  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3801  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3802 
3803  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3804  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3805  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3806  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3807  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3808  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3809  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3810  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3811 
3812  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3813 
3814  unhexify( message_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" );
3815 
3816  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3817  if( 0 == 0 )
3818  {
3819  hexify( output_str, output, ctx.len );
3820 
3821  fct_chk( strncasecmp( (char *) output_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e", strlen( "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" ) ) == 0 );
3822  }
3823 
3824  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3825  rsa_free( &ctx );
3826  }
3827  FCT_TEST_END();
3828 
3829 
3830  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_5)
3831  {
3832  unsigned char message_str[1000];
3833  unsigned char output[1000];
3834  unsigned char output_str[1000];
3835  rsa_context ctx;
3836  mpi P1, Q1, H, G;
3837  size_t output_len;
3838 
3839  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3841 
3842  memset( message_str, 0x00, 1000 );
3843  memset( output, 0x00, 1000 );
3844  memset( output_str, 0x00, 1000 );
3845 
3846  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3847  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3848  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3849  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3850  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3851 
3852  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3853  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3854  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3855  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3856  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3857  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3858  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3859  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3860 
3861  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3862 
3863  unhexify( message_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" );
3864 
3865  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3866  if( 0 == 0 )
3867  {
3868  hexify( output_str, output, ctx.len );
3869 
3870  fct_chk( strncasecmp( (char *) output_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284", strlen( "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" ) ) == 0 );
3871  }
3872 
3873  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3874  rsa_free( &ctx );
3875  }
3876  FCT_TEST_END();
3877 
3878 
3879  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_6)
3880  {
3881  unsigned char message_str[1000];
3882  unsigned char output[1000];
3883  unsigned char output_str[1000];
3884  rsa_context ctx;
3885  mpi P1, Q1, H, G;
3886  size_t output_len;
3887 
3888  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3890 
3891  memset( message_str, 0x00, 1000 );
3892  memset( output, 0x00, 1000 );
3893  memset( output_str, 0x00, 1000 );
3894 
3895  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3896  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3897  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3898  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3899  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3900 
3901  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3902  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3903  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3904  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3905  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3906  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3907  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3908  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3909 
3910  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3911 
3912  unhexify( message_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" );
3913 
3914  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3915  if( 0 == 0 )
3916  {
3917  hexify( output_str, output, ctx.len );
3918 
3919  fct_chk( strncasecmp( (char *) output_str, "f22242751ec6b1", strlen( "f22242751ec6b1" ) ) == 0 );
3920  }
3921 
3922  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3923  rsa_free( &ctx );
3924  }
3925  FCT_TEST_END();
3926 
3927 
3928  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_1)
3929  {
3930  unsigned char message_str[1000];
3931  unsigned char output[1000];
3932  unsigned char output_str[1000];
3933  rsa_context ctx;
3934  mpi P1, Q1, H, G;
3935  size_t output_len;
3936 
3937  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3939 
3940  memset( message_str, 0x00, 1000 );
3941  memset( output, 0x00, 1000 );
3942  memset( output_str, 0x00, 1000 );
3943 
3944  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3945  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3946  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3947  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3948  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3949 
3950  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3951  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3952  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3953  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3954  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3955  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3956  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3957  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3958 
3959  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3960 
3961  unhexify( message_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" );
3962 
3963  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3964  if( 0 == 0 )
3965  {
3966  hexify( output_str, output, ctx.len );
3967 
3968  fct_chk( strncasecmp( (char *) output_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8", strlen( "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" ) ) == 0 );
3969  }
3970 
3971  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3972  rsa_free( &ctx );
3973  }
3974  FCT_TEST_END();
3975 
3976 
3977  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_2)
3978  {
3979  unsigned char message_str[1000];
3980  unsigned char output[1000];
3981  unsigned char output_str[1000];
3982  rsa_context ctx;
3983  mpi P1, Q1, H, G;
3984  size_t output_len;
3985 
3986  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3988 
3989  memset( message_str, 0x00, 1000 );
3990  memset( output, 0x00, 1000 );
3991  memset( output_str, 0x00, 1000 );
3992 
3993  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3994  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3995  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3996  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3997  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3998 
3999  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4000  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4001  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4002  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4003  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4004  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4005  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4006  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4007 
4008  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4009 
4010  unhexify( message_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" );
4011 
4012  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4013  if( 0 == 0 )
4014  {
4015  hexify( output_str, output, ctx.len );
4016 
4017  fct_chk( strncasecmp( (char *) output_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399", strlen( "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" ) ) == 0 );
4018  }
4019 
4020  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4021  rsa_free( &ctx );
4022  }
4023  FCT_TEST_END();
4024 
4025 
4026  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_3)
4027  {
4028  unsigned char message_str[1000];
4029  unsigned char output[1000];
4030  unsigned char output_str[1000];
4031  rsa_context ctx;
4032  mpi P1, Q1, H, G;
4033  size_t output_len;
4034 
4035  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4037 
4038  memset( message_str, 0x00, 1000 );
4039  memset( output, 0x00, 1000 );
4040  memset( output_str, 0x00, 1000 );
4041 
4042  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4043  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4044  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4045  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4046  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4047 
4048  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4049  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4050  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4051  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4052  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4053  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4054  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4055  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4056 
4057  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4058 
4059  unhexify( message_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" );
4060 
4061  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4062  if( 0 == 0 )
4063  {
4064  hexify( output_str, output, ctx.len );
4065 
4066  fct_chk( strncasecmp( (char *) output_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7", strlen( "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" ) ) == 0 );
4067  }
4068 
4069  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4070  rsa_free( &ctx );
4071  }
4072  FCT_TEST_END();
4073 
4074 
4075  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_4)
4076  {
4077  unsigned char message_str[1000];
4078  unsigned char output[1000];
4079  unsigned char output_str[1000];
4080  rsa_context ctx;
4081  mpi P1, Q1, H, G;
4082  size_t output_len;
4083 
4084  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4086 
4087  memset( message_str, 0x00, 1000 );
4088  memset( output, 0x00, 1000 );
4089  memset( output_str, 0x00, 1000 );
4090 
4091  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4092  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4093  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4094  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4095  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4096 
4097  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4098  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4099  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4100  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4101  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4102  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4103  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4104  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4105 
4106  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4107 
4108  unhexify( message_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" );
4109 
4110  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4111  if( 0 == 0 )
4112  {
4113  hexify( output_str, output, ctx.len );
4114 
4115  fct_chk( strncasecmp( (char *) output_str, "15c5b9ee1185", strlen( "15c5b9ee1185" ) ) == 0 );
4116  }
4117 
4118  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4119  rsa_free( &ctx );
4120  }
4121  FCT_TEST_END();
4122 
4123 
4124  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_5)
4125  {
4126  unsigned char message_str[1000];
4127  unsigned char output[1000];
4128  unsigned char output_str[1000];
4129  rsa_context ctx;
4130  mpi P1, Q1, H, G;
4131  size_t output_len;
4132 
4133  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4135 
4136  memset( message_str, 0x00, 1000 );
4137  memset( output, 0x00, 1000 );
4138  memset( output_str, 0x00, 1000 );
4139 
4140  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4141  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4142  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4143  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4144  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4145 
4146  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4147  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4148  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4149  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4150  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4151  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4152  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4153  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4154 
4155  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4156 
4157  unhexify( message_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" );
4158 
4159  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4160  if( 0 == 0 )
4161  {
4162  hexify( output_str, output, ctx.len );
4163 
4164  fct_chk( strncasecmp( (char *) output_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a", strlen( "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" ) ) == 0 );
4165  }
4166 
4167  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4168  rsa_free( &ctx );
4169  }
4170  FCT_TEST_END();
4171 
4172 
4173  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_6)
4174  {
4175  unsigned char message_str[1000];
4176  unsigned char output[1000];
4177  unsigned char output_str[1000];
4178  rsa_context ctx;
4179  mpi P1, Q1, H, G;
4180  size_t output_len;
4181 
4182  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4184 
4185  memset( message_str, 0x00, 1000 );
4186  memset( output, 0x00, 1000 );
4187  memset( output_str, 0x00, 1000 );
4188 
4189  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4190  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4191  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4192  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4193  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4194 
4195  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4196  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4197  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4198  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4199  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4200  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4201  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4202  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4203 
4204  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4205 
4206  unhexify( message_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" );
4207 
4208  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4209  if( 0 == 0 )
4210  {
4211  hexify( output_str, output, ctx.len );
4212 
4213  fct_chk( strncasecmp( (char *) output_str, "541e37b68b6c8872b84c02", strlen( "541e37b68b6c8872b84c02" ) ) == 0 );
4214  }
4215 
4216  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4217  rsa_free( &ctx );
4218  }
4219  FCT_TEST_END();
4220 
4221 
4222  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_1)
4223  {
4224  unsigned char message_str[1000];
4225  unsigned char output[1000];
4226  unsigned char output_str[1000];
4227  rsa_context ctx;
4228  mpi P1, Q1, H, G;
4229  size_t output_len;
4230 
4231  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4233 
4234  memset( message_str, 0x00, 1000 );
4235  memset( output, 0x00, 1000 );
4236  memset( output_str, 0x00, 1000 );
4237 
4238  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4239  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4240  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4241  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4242  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4243 
4244  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4245  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4246  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4247  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4248  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4249  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4250  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4251  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4252 
4253  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4254 
4255  unhexify( message_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" );
4256 
4257  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4258  if( 0 == 0 )
4259  {
4260  hexify( output_str, output, ctx.len );
4261 
4262  fct_chk( strncasecmp( (char *) output_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4", strlen( "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" ) ) == 0 );
4263  }
4264 
4265  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4266  rsa_free( &ctx );
4267  }
4268  FCT_TEST_END();
4269 
4270 
4271  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_2)
4272  {
4273  unsigned char message_str[1000];
4274  unsigned char output[1000];
4275  unsigned char output_str[1000];
4276  rsa_context ctx;
4277  mpi P1, Q1, H, G;
4278  size_t output_len;
4279 
4280  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4282 
4283  memset( message_str, 0x00, 1000 );
4284  memset( output, 0x00, 1000 );
4285  memset( output_str, 0x00, 1000 );
4286 
4287  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4288  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4289  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4290  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4291  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4292 
4293  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4294  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4295  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4296  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4297  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4298  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4299  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4300  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4301 
4302  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4303 
4304  unhexify( message_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" );
4305 
4306  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4307  if( 0 == 0 )
4308  {
4309  hexify( output_str, output, ctx.len );
4310 
4311  fct_chk( strncasecmp( (char *) output_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7", strlen( "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" ) ) == 0 );
4312  }
4313 
4314  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4315  rsa_free( &ctx );
4316  }
4317  FCT_TEST_END();
4318 
4319 
4320  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_3)
4321  {
4322  unsigned char message_str[1000];
4323  unsigned char output[1000];
4324  unsigned char output_str[1000];
4325  rsa_context ctx;
4326  mpi P1, Q1, H, G;
4327  size_t output_len;
4328 
4329  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4331 
4332  memset( message_str, 0x00, 1000 );
4333  memset( output, 0x00, 1000 );
4334  memset( output_str, 0x00, 1000 );
4335 
4336  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4337  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4338  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4339  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4340  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4341 
4342  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4343  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4344  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4345  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4346  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4347  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4348  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4349  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4350 
4351  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4352 
4353  unhexify( message_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" );
4354 
4355  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4356  if( 0 == 0 )
4357  {
4358  hexify( output_str, output, ctx.len );
4359 
4360  fct_chk( strncasecmp( (char *) output_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c", strlen( "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" ) ) == 0 );
4361  }
4362 
4363  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4364  rsa_free( &ctx );
4365  }
4366  FCT_TEST_END();
4367 
4368 
4369  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_4)
4370  {
4371  unsigned char message_str[1000];
4372  unsigned char output[1000];
4373  unsigned char output_str[1000];
4374  rsa_context ctx;
4375  mpi P1, Q1, H, G;
4376  size_t output_len;
4377 
4378  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4380 
4381  memset( message_str, 0x00, 1000 );
4382  memset( output, 0x00, 1000 );
4383  memset( output_str, 0x00, 1000 );
4384 
4385  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4386  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4387  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4388  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4389  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4390 
4391  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4392  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4393  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4394  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4395  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4396  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4397  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4398  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4399 
4400  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4401 
4402  unhexify( message_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" );
4403 
4404  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4405  if( 0 == 0 )
4406  {
4407  hexify( output_str, output, ctx.len );
4408 
4409  fct_chk( strncasecmp( (char *) output_str, "684e3038c5c041f7", strlen( "684e3038c5c041f7" ) ) == 0 );
4410  }
4411 
4412  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4413  rsa_free( &ctx );
4414  }
4415  FCT_TEST_END();
4416 
4417 
4418  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_5)
4419  {
4420  unsigned char message_str[1000];
4421  unsigned char output[1000];
4422  unsigned char output_str[1000];
4423  rsa_context ctx;
4424  mpi P1, Q1, H, G;
4425  size_t output_len;
4426 
4427  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4429 
4430  memset( message_str, 0x00, 1000 );
4431  memset( output, 0x00, 1000 );
4432  memset( output_str, 0x00, 1000 );
4433 
4434  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4435  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4436  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4437  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4438  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4439 
4440  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4441  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4442  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4443  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4444  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4445  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4446  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4447  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4448 
4449  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4450 
4451  unhexify( message_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" );
4452 
4453  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4454  if( 0 == 0 )
4455  {
4456  hexify( output_str, output, ctx.len );
4457 
4458  fct_chk( strncasecmp( (char *) output_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693", strlen( "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" ) ) == 0 );
4459  }
4460 
4461  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4462  rsa_free( &ctx );
4463  }
4464  FCT_TEST_END();
4465 
4466 
4467  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_6)
4468  {
4469  unsigned char message_str[1000];
4470  unsigned char output[1000];
4471  unsigned char output_str[1000];
4472  rsa_context ctx;
4473  mpi P1, Q1, H, G;
4474  size_t output_len;
4475 
4476  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4478 
4479  memset( message_str, 0x00, 1000 );
4480  memset( output, 0x00, 1000 );
4481  memset( output_str, 0x00, 1000 );
4482 
4483  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4484  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4485  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4486  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4487  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4488 
4489  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4490  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4491  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4492  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4493  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4494  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4495  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4496  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4497 
4498  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4499 
4500  unhexify( message_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" );
4501 
4502  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4503  if( 0 == 0 )
4504  {
4505  hexify( output_str, output, ctx.len );
4506 
4507  fct_chk( strncasecmp( (char *) output_str, "50ba14be8462720279c306ba", strlen( "50ba14be8462720279c306ba" ) ) == 0 );
4508  }
4509 
4510  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4511  rsa_free( &ctx );
4512  }
4513  FCT_TEST_END();
4514 
4515 
4516  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_1)
4517  {
4518  unsigned char message_str[1000];
4519  unsigned char output[1000];
4520  unsigned char output_str[1000];
4521  rsa_context ctx;
4522  mpi P1, Q1, H, G;
4523  size_t output_len;
4524 
4525  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4527 
4528  memset( message_str, 0x00, 1000 );
4529  memset( output, 0x00, 1000 );
4530  memset( output_str, 0x00, 1000 );
4531 
4532  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4533  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4534  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4535  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4536  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4537 
4538  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4539  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4540  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4541  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4542  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4543  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4544  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4545  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4546 
4547  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4548 
4549  unhexify( message_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" );
4550 
4551  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4552  if( 0 == 0 )
4553  {
4554  hexify( output_str, output, ctx.len );
4555 
4556  fct_chk( strncasecmp( (char *) output_str, "47aae909", strlen( "47aae909" ) ) == 0 );
4557  }
4558 
4559  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4560  rsa_free( &ctx );
4561  }
4562  FCT_TEST_END();
4563 
4564 
4565  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_2)
4566  {
4567  unsigned char message_str[1000];
4568  unsigned char output[1000];
4569  unsigned char output_str[1000];
4570  rsa_context ctx;
4571  mpi P1, Q1, H, G;
4572  size_t output_len;
4573 
4574  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4576 
4577  memset( message_str, 0x00, 1000 );
4578  memset( output, 0x00, 1000 );
4579  memset( output_str, 0x00, 1000 );
4580 
4581  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4582  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4583  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4584  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4585  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4586 
4587  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4588  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4589  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4590  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4591  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4592  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4593  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4594  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4595 
4596  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4597 
4598  unhexify( message_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" );
4599 
4600  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4601  if( 0 == 0 )
4602  {
4603  hexify( output_str, output, ctx.len );
4604 
4605  fct_chk( strncasecmp( (char *) output_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7", strlen( "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" ) ) == 0 );
4606  }
4607 
4608  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4609  rsa_free( &ctx );
4610  }
4611  FCT_TEST_END();
4612 
4613 
4614  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_3)
4615  {
4616  unsigned char message_str[1000];
4617  unsigned char output[1000];
4618  unsigned char output_str[1000];
4619  rsa_context ctx;
4620  mpi P1, Q1, H, G;
4621  size_t output_len;
4622 
4623  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4625 
4626  memset( message_str, 0x00, 1000 );
4627  memset( output, 0x00, 1000 );
4628  memset( output_str, 0x00, 1000 );
4629 
4630  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4631  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4632  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4633  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4634  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4635 
4636  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4637  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4638  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4639  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4640  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4641  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4642  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4643  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4644 
4645  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4646 
4647  unhexify( message_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" );
4648 
4649  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4650  if( 0 == 0 )
4651  {
4652  hexify( output_str, output, ctx.len );
4653 
4654  fct_chk( strncasecmp( (char *) output_str, "d976fc", strlen( "d976fc" ) ) == 0 );
4655  }
4656 
4657  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4658  rsa_free( &ctx );
4659  }
4660  FCT_TEST_END();
4661 
4662 
4663  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_4)
4664  {
4665  unsigned char message_str[1000];
4666  unsigned char output[1000];
4667  unsigned char output_str[1000];
4668  rsa_context ctx;
4669  mpi P1, Q1, H, G;
4670  size_t output_len;
4671 
4672  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4674 
4675  memset( message_str, 0x00, 1000 );
4676  memset( output, 0x00, 1000 );
4677  memset( output_str, 0x00, 1000 );
4678 
4679  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4680  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4681  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4682  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4683  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4684 
4685  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4686  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4687  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4688  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4689  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4690  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4691  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4692  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4693 
4694  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4695 
4696  unhexify( message_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" );
4697 
4698  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4699  if( 0 == 0 )
4700  {
4701  hexify( output_str, output, ctx.len );
4702 
4703  fct_chk( strncasecmp( (char *) output_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb", strlen( "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" ) ) == 0 );
4704  }
4705 
4706  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4707  rsa_free( &ctx );
4708  }
4709  FCT_TEST_END();
4710 
4711 
4712  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_5)
4713  {
4714  unsigned char message_str[1000];
4715  unsigned char output[1000];
4716  unsigned char output_str[1000];
4717  rsa_context ctx;
4718  mpi P1, Q1, H, G;
4719  size_t output_len;
4720 
4721  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4723 
4724  memset( message_str, 0x00, 1000 );
4725  memset( output, 0x00, 1000 );
4726  memset( output_str, 0x00, 1000 );
4727 
4728  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4729  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4730  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4731  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4732  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4733 
4734  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4735  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4736  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4737  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4738  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4739  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4740  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4741  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4742 
4743  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4744 
4745  unhexify( message_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" );
4746 
4747  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4748  if( 0 == 0 )
4749  {
4750  hexify( output_str, output, ctx.len );
4751 
4752  fct_chk( strncasecmp( (char *) output_str, "bb47231ca5ea1d3ad46c99345d9a8a61", strlen( "bb47231ca5ea1d3ad46c99345d9a8a61" ) ) == 0 );
4753  }
4754 
4755  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4756  rsa_free( &ctx );
4757  }
4758  FCT_TEST_END();
4759 
4760 
4761  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_6)
4762  {
4763  unsigned char message_str[1000];
4764  unsigned char output[1000];
4765  unsigned char output_str[1000];
4766  rsa_context ctx;
4767  mpi P1, Q1, H, G;
4768  size_t output_len;
4769 
4770  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4772 
4773  memset( message_str, 0x00, 1000 );
4774  memset( output, 0x00, 1000 );
4775  memset( output_str, 0x00, 1000 );
4776 
4777  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4778  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4779  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4780  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4781  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4782 
4783  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4784  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4785  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4786  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4787  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4788  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4789  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4790  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4791 
4792  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4793 
4794  unhexify( message_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" );
4795 
4796  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4797  if( 0 == 0 )
4798  {
4799  hexify( output_str, output, ctx.len );
4800 
4801  fct_chk( strncasecmp( (char *) output_str, "2184827095d35c3f86f600e8e59754013296", strlen( "2184827095d35c3f86f600e8e59754013296" ) ) == 0 );
4802  }
4803 
4804  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4805  rsa_free( &ctx );
4806  }
4807  FCT_TEST_END();
4808 
4809 
4810  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_1)
4811  {
4812  unsigned char message_str[1000];
4813  unsigned char output[1000];
4814  unsigned char output_str[1000];
4815  rsa_context ctx;
4816  mpi P1, Q1, H, G;
4817  size_t output_len;
4818 
4819  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4821 
4822  memset( message_str, 0x00, 1000 );
4823  memset( output, 0x00, 1000 );
4824  memset( output_str, 0x00, 1000 );
4825 
4826  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4827  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4828  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4829  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4830  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4831 
4832  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4833  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4834  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4835  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4836  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4837  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4838  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4839  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4840 
4841  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4842 
4843  unhexify( message_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" );
4844 
4845  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4846  if( 0 == 0 )
4847  {
4848  hexify( output_str, output, ctx.len );
4849 
4850  fct_chk( strncasecmp( (char *) output_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967", strlen( "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" ) ) == 0 );
4851  }
4852 
4853  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4854  rsa_free( &ctx );
4855  }
4856  FCT_TEST_END();
4857 
4858 
4859  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_2)
4860  {
4861  unsigned char message_str[1000];
4862  unsigned char output[1000];
4863  unsigned char output_str[1000];
4864  rsa_context ctx;
4865  mpi P1, Q1, H, G;
4866  size_t output_len;
4867 
4868  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4870 
4871  memset( message_str, 0x00, 1000 );
4872  memset( output, 0x00, 1000 );
4873  memset( output_str, 0x00, 1000 );
4874 
4875  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4876  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4877  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4878  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4879  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4880 
4881  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4882  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4883  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4884  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4885  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4886  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4887  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4888  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4889 
4890  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4891 
4892  unhexify( message_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" );
4893 
4894  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4895  if( 0 == 0 )
4896  {
4897  hexify( output_str, output, ctx.len );
4898 
4899  fct_chk( strncasecmp( (char *) output_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc", strlen( "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" ) ) == 0 );
4900  }
4901 
4902  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4903  rsa_free( &ctx );
4904  }
4905  FCT_TEST_END();
4906 
4907 
4908  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_3)
4909  {
4910  unsigned char message_str[1000];
4911  unsigned char output[1000];
4912  unsigned char output_str[1000];
4913  rsa_context ctx;
4914  mpi P1, Q1, H, G;
4915  size_t output_len;
4916 
4917  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4919 
4920  memset( message_str, 0x00, 1000 );
4921  memset( output, 0x00, 1000 );
4922  memset( output_str, 0x00, 1000 );
4923 
4924  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4925  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4926  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4927  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4928  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4929 
4930  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4931  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4932  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4933  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4934  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4935  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4936  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4937  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4938 
4939  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4940 
4941  unhexify( message_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" );
4942 
4943  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4944  if( 0 == 0 )
4945  {
4946  hexify( output_str, output, ctx.len );
4947 
4948  fct_chk( strncasecmp( (char *) output_str, "8604ac56328c1ab5ad917861", strlen( "8604ac56328c1ab5ad917861" ) ) == 0 );
4949  }
4950 
4951  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4952  rsa_free( &ctx );
4953  }
4954  FCT_TEST_END();
4955 
4956 
4957  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_4)
4958  {
4959  unsigned char message_str[1000];
4960  unsigned char output[1000];
4961  unsigned char output_str[1000];
4962  rsa_context ctx;
4963  mpi P1, Q1, H, G;
4964  size_t output_len;
4965 
4966  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4968 
4969  memset( message_str, 0x00, 1000 );
4970  memset( output, 0x00, 1000 );
4971  memset( output_str, 0x00, 1000 );
4972 
4973  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4974  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4975  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4976  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4977  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4978 
4979  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4980  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4981  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4982  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4983  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4984  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4985  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4986  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4987 
4988  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4989 
4990  unhexify( message_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" );
4991 
4992  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4993  if( 0 == 0 )
4994  {
4995  hexify( output_str, output, ctx.len );
4996 
4997  fct_chk( strncasecmp( (char *) output_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc", strlen( "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" ) ) == 0 );
4998  }
4999 
5000  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5001  rsa_free( &ctx );
5002  }
5003  FCT_TEST_END();
5004 
5005 
5006  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_5)
5007  {
5008  unsigned char message_str[1000];
5009  unsigned char output[1000];
5010  unsigned char output_str[1000];
5011  rsa_context ctx;
5012  mpi P1, Q1, H, G;
5013  size_t output_len;
5014 
5015  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5017 
5018  memset( message_str, 0x00, 1000 );
5019  memset( output, 0x00, 1000 );
5020  memset( output_str, 0x00, 1000 );
5021 
5022  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
5023  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
5024  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
5025  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
5026  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5027 
5028  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5029  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5030  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5031  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5032  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5033  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5034  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5035  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5036 
5037  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5038 
5039  unhexify( message_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" );
5040 
5041  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5042  if( 0 == 0 )
5043  {
5044  hexify( output_str, output, ctx.len );
5045 
5046  fct_chk( strncasecmp( (char *) output_str, "4a5f4914bee25de3c69341de07", strlen( "4a5f4914bee25de3c69341de07" ) ) == 0 );
5047  }
5048 
5049  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5050  rsa_free( &ctx );
5051  }
5052  FCT_TEST_END();
5053 
5054 
5055  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_6)
5056  {
5057  unsigned char message_str[1000];
5058  unsigned char output[1000];
5059  unsigned char output_str[1000];
5060  rsa_context ctx;
5061  mpi P1, Q1, H, G;
5062  size_t output_len;
5063 
5064  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5066 
5067  memset( message_str, 0x00, 1000 );
5068  memset( output, 0x00, 1000 );
5069  memset( output_str, 0x00, 1000 );
5070 
5071  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
5072  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
5073  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
5074  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
5075  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5076 
5077  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5078  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5079  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5080  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5081  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5082  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5083  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5084  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5085 
5086  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5087 
5088  unhexify( message_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" );
5089 
5090  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5091  if( 0 == 0 )
5092  {
5093  hexify( output_str, output, ctx.len );
5094 
5095  fct_chk( strncasecmp( (char *) output_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be", strlen( "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" ) ) == 0 );
5096  }
5097 
5098  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5099  rsa_free( &ctx );
5100  }
5101  FCT_TEST_END();
5102 
5103 
5104  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_1)
5105  {
5106  unsigned char message_str[1000];
5107  unsigned char output[1000];
5108  unsigned char output_str[1000];
5109  rsa_context ctx;
5110  mpi P1, Q1, H, G;
5111  size_t output_len;
5112 
5113  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5115 
5116  memset( message_str, 0x00, 1000 );
5117  memset( output, 0x00, 1000 );
5118  memset( output_str, 0x00, 1000 );
5119 
5120  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5121  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5122  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5123  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5124  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5125 
5126  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5127  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5128  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5129  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5130  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5131  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5132  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5133  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5134 
5135  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5136 
5137  unhexify( message_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" );
5138 
5139  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5140  if( 0 == 0 )
5141  {
5142  hexify( output_str, output, ctx.len );
5143 
5144  fct_chk( strncasecmp( (char *) output_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6", strlen( "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" ) ) == 0 );
5145  }
5146 
5147  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5148  rsa_free( &ctx );
5149  }
5150  FCT_TEST_END();
5151 
5152 
5153  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_2)
5154  {
5155  unsigned char message_str[1000];
5156  unsigned char output[1000];
5157  unsigned char output_str[1000];
5158  rsa_context ctx;
5159  mpi P1, Q1, H, G;
5160  size_t output_len;
5161 
5162  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5164 
5165  memset( message_str, 0x00, 1000 );
5166  memset( output, 0x00, 1000 );
5167  memset( output_str, 0x00, 1000 );
5168 
5169  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5170  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5171  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5172  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5173  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5174 
5175  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5176  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5177  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5178  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5179  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5180  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5181  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5182  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5183 
5184  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5185 
5186  unhexify( message_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" );
5187 
5188  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5189  if( 0 == 0 )
5190  {
5191  hexify( output_str, output, ctx.len );
5192 
5193  fct_chk( strncasecmp( (char *) output_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659", strlen( "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" ) ) == 0 );
5194  }
5195 
5196  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5197  rsa_free( &ctx );
5198  }
5199  FCT_TEST_END();
5200 
5201 
5202  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_3)
5203  {
5204  unsigned char message_str[1000];
5205  unsigned char output[1000];
5206  unsigned char output_str[1000];
5207  rsa_context ctx;
5208  mpi P1, Q1, H, G;
5209  size_t output_len;
5210 
5211  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5213 
5214  memset( message_str, 0x00, 1000 );
5215  memset( output, 0x00, 1000 );
5216  memset( output_str, 0x00, 1000 );
5217 
5218  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5219  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5220  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5221  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5222  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5223 
5224  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5225  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5226  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5227  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5228  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5229  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5230  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5231  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5232 
5233  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5234 
5235  unhexify( message_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" );
5236 
5237  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5238  if( 0 == 0 )
5239  {
5240  hexify( output_str, output, ctx.len );
5241 
5242  fct_chk( strncasecmp( (char *) output_str, "fd326429df9b890e09b54b18b8f34f1e24", strlen( "fd326429df9b890e09b54b18b8f34f1e24" ) ) == 0 );
5243  }
5244 
5245  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5246  rsa_free( &ctx );
5247  }
5248  FCT_TEST_END();
5249 
5250 
5251  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_4)
5252  {
5253  unsigned char message_str[1000];
5254  unsigned char output[1000];
5255  unsigned char output_str[1000];
5256  rsa_context ctx;
5257  mpi P1, Q1, H, G;
5258  size_t output_len;
5259 
5260  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5262 
5263  memset( message_str, 0x00, 1000 );
5264  memset( output, 0x00, 1000 );
5265  memset( output_str, 0x00, 1000 );
5266 
5267  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5268  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5269  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5270  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5271  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5272 
5273  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5274  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5275  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5276  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5277  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5278  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5279  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5280  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5281 
5282  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5283 
5284  unhexify( message_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" );
5285 
5286  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5287  if( 0 == 0 )
5288  {
5289  hexify( output_str, output, ctx.len );
5290 
5291  fct_chk( strncasecmp( (char *) output_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e", strlen( "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" ) ) == 0 );
5292  }
5293 
5294  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5295  rsa_free( &ctx );
5296  }
5297  FCT_TEST_END();
5298 
5299 
5300  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_5)
5301  {
5302  unsigned char message_str[1000];
5303  unsigned char output[1000];
5304  unsigned char output_str[1000];
5305  rsa_context ctx;
5306  mpi P1, Q1, H, G;
5307  size_t output_len;
5308 
5309  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5311 
5312  memset( message_str, 0x00, 1000 );
5313  memset( output, 0x00, 1000 );
5314  memset( output_str, 0x00, 1000 );
5315 
5316  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5317  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5318  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5319  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5320  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5321 
5322  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5323  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5324  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5325  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5326  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5327  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5328  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5329  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5330 
5331  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5332 
5333  unhexify( message_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" );
5334 
5335  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5336  if( 0 == 0 )
5337  {
5338  hexify( output_str, output, ctx.len );
5339 
5340  fct_chk( strncasecmp( (char *) output_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d", strlen( "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" ) ) == 0 );
5341  }
5342 
5343  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5344  rsa_free( &ctx );
5345  }
5346  FCT_TEST_END();
5347 
5348 
5349  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_6)
5350  {
5351  unsigned char message_str[1000];
5352  unsigned char output[1000];
5353  unsigned char output_str[1000];
5354  rsa_context ctx;
5355  mpi P1, Q1, H, G;
5356  size_t output_len;
5357 
5358  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5360 
5361  memset( message_str, 0x00, 1000 );
5362  memset( output, 0x00, 1000 );
5363  memset( output_str, 0x00, 1000 );
5364 
5365  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5366  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5367  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5368  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5369  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5370 
5371  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5372  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5373  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5374  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5375  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5376  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5377  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5378  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5379 
5380  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5381 
5382  unhexify( message_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" );
5383 
5384  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5385  if( 0 == 0 )
5386  {
5387  hexify( output_str, output, ctx.len );
5388 
5389  fct_chk( strncasecmp( (char *) output_str, "b6b28ea2198d0c1008bc64", strlen( "b6b28ea2198d0c1008bc64" ) ) == 0 );
5390  }
5391 
5392  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5393  rsa_free( &ctx );
5394  }
5395  FCT_TEST_END();
5396 
5397 
5398  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_1)
5399  {
5400  unsigned char message_str[1000];
5401  unsigned char output[1000];
5402  unsigned char output_str[1000];
5403  rsa_context ctx;
5404  mpi P1, Q1, H, G;
5405  size_t output_len;
5406 
5407  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5409 
5410  memset( message_str, 0x00, 1000 );
5411  memset( output, 0x00, 1000 );
5412  memset( output_str, 0x00, 1000 );
5413 
5414  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5415  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5416  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5417  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5418  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5419 
5420  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5421  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5422  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5423  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5424  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5425  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5426  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5427  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5428 
5429  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5430 
5431  unhexify( message_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" );
5432 
5433  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5434  if( 0 == 0 )
5435  {
5436  hexify( output_str, output, ctx.len );
5437 
5438  fct_chk( strncasecmp( (char *) output_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee", strlen( "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" ) ) == 0 );
5439  }
5440 
5441  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5442  rsa_free( &ctx );
5443  }
5444  FCT_TEST_END();
5445 
5446 
5447  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_2)
5448  {
5449  unsigned char message_str[1000];
5450  unsigned char output[1000];
5451  unsigned char output_str[1000];
5452  rsa_context ctx;
5453  mpi P1, Q1, H, G;
5454  size_t output_len;
5455 
5456  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5458 
5459  memset( message_str, 0x00, 1000 );
5460  memset( output, 0x00, 1000 );
5461  memset( output_str, 0x00, 1000 );
5462 
5463  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5464  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5465  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5466  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5467  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5468 
5469  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5470  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5471  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5472  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5473  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5474  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5475  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5476  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5477 
5478  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5479 
5480  unhexify( message_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" );
5481 
5482  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5483  if( 0 == 0 )
5484  {
5485  hexify( output_str, output, ctx.len );
5486 
5487  fct_chk( strncasecmp( (char *) output_str, "e6ad181f053b58a904f2457510373e57", strlen( "e6ad181f053b58a904f2457510373e57" ) ) == 0 );
5488  }
5489 
5490  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5491  rsa_free( &ctx );
5492  }
5493  FCT_TEST_END();
5494 
5495 
5496  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_3)
5497  {
5498  unsigned char message_str[1000];
5499  unsigned char output[1000];
5500  unsigned char output_str[1000];
5501  rsa_context ctx;
5502  mpi P1, Q1, H, G;
5503  size_t output_len;
5504 
5505  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5507 
5508  memset( message_str, 0x00, 1000 );
5509  memset( output, 0x00, 1000 );
5510  memset( output_str, 0x00, 1000 );
5511 
5512  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5513  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5514  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5515  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5516  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5517 
5518  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5519  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5520  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5521  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5522  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5523  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5524  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5525  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5526 
5527  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5528 
5529  unhexify( message_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" );
5530 
5531  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5532  if( 0 == 0 )
5533  {
5534  hexify( output_str, output, ctx.len );
5535 
5536  fct_chk( strncasecmp( (char *) output_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124", strlen( "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" ) ) == 0 );
5537  }
5538 
5539  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5540  rsa_free( &ctx );
5541  }
5542  FCT_TEST_END();
5543 
5544 
5545  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_4)
5546  {
5547  unsigned char message_str[1000];
5548  unsigned char output[1000];
5549  unsigned char output_str[1000];
5550  rsa_context ctx;
5551  mpi P1, Q1, H, G;
5552  size_t output_len;
5553 
5554  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5556 
5557  memset( message_str, 0x00, 1000 );
5558  memset( output, 0x00, 1000 );
5559  memset( output_str, 0x00, 1000 );
5560 
5561  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5562  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5563  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5564  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5565  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5566 
5567  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5568  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5569  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5570  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5571  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5572  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5573  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5574  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5575 
5576  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5577 
5578  unhexify( message_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" );
5579 
5580  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5581  if( 0 == 0 )
5582  {
5583  hexify( output_str, output, ctx.len );
5584 
5585  fct_chk( strncasecmp( (char *) output_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9", strlen( "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" ) ) == 0 );
5586  }
5587 
5588  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5589  rsa_free( &ctx );
5590  }
5591  FCT_TEST_END();
5592 
5593 
5594  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_5)
5595  {
5596  unsigned char message_str[1000];
5597  unsigned char output[1000];
5598  unsigned char output_str[1000];
5599  rsa_context ctx;
5600  mpi P1, Q1, H, G;
5601  size_t output_len;
5602 
5603  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5605 
5606  memset( message_str, 0x00, 1000 );
5607  memset( output, 0x00, 1000 );
5608  memset( output_str, 0x00, 1000 );
5609 
5610  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5611  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5612  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5613  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5614  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5615 
5616  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5617  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5618  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5619  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5620  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5621  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5622  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5623  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5624 
5625  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5626 
5627  unhexify( message_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" );
5628 
5629  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5630  if( 0 == 0 )
5631  {
5632  hexify( output_str, output, ctx.len );
5633 
5634  fct_chk( strncasecmp( (char *) output_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9", strlen( "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" ) ) == 0 );
5635  }
5636 
5637  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5638  rsa_free( &ctx );
5639  }
5640  FCT_TEST_END();
5641 
5642 
5643  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_6)
5644  {
5645  unsigned char message_str[1000];
5646  unsigned char output[1000];
5647  unsigned char output_str[1000];
5648  rsa_context ctx;
5649  mpi P1, Q1, H, G;
5650  size_t output_len;
5651 
5652  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5654 
5655  memset( message_str, 0x00, 1000 );
5656  memset( output, 0x00, 1000 );
5657  memset( output_str, 0x00, 1000 );
5658 
5659  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5660  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5661  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5662  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5663  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5664 
5665  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5666  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5667  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5668  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5669  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5670  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5671  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5672  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5673 
5674  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5675 
5676  unhexify( message_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" );
5677 
5678  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5679  if( 0 == 0 )
5680  {
5681  hexify( output_str, output, ctx.len );
5682 
5683  fct_chk( strncasecmp( (char *) output_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac", strlen( "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" ) ) == 0 );
5684  }
5685 
5686  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5687  rsa_free( &ctx );
5688  }
5689  FCT_TEST_END();
5690 
5691 
5692  FCT_TEST_BGN(rsassa_pss_signing_test_vector_int)
5693  {
5694  unsigned char message_str[1000];
5695  unsigned char hash_result[1000];
5696  unsigned char output[1000];
5697  unsigned char output_str[1000];
5698  unsigned char rnd_buf[1000];
5699  rsa_context ctx;
5700  mpi P1, Q1, H, G;
5701  size_t msg_len;
5702  rnd_buf_info info;
5703 
5704  info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
5705  info.buf = rnd_buf;
5706 
5707  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5709 
5710  memset( message_str, 0x00, 1000 );
5711  memset( hash_result, 0x00, 1000 );
5712  memset( output, 0x00, 1000 );
5713  memset( output_str, 0x00, 1000 );
5714 
5715  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5716  fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
5717  fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
5718  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5719  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5720 
5721  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5722  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5723  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5724  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5725  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5726  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5727  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5728  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5729 
5730  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5731 
5732  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5733 
5734  switch( SIG_RSA_SHA1 )
5735  {
5736  #ifdef POLARSSL_MD2_C
5737  case SIG_RSA_MD2:
5738  md2( message_str, msg_len, hash_result );
5739  break;
5740  #endif
5741  #ifdef POLARSSL_MD4_C
5742  case SIG_RSA_MD4:
5743  md4( message_str, msg_len, hash_result );
5744  break;
5745  #endif
5746  #ifdef POLARSSL_MD5_C
5747  case SIG_RSA_MD5:
5748  md5( message_str, msg_len, hash_result );
5749  break;
5750  #endif
5751  #ifdef POLARSSL_SHA1_C
5752  case SIG_RSA_SHA1:
5753  sha1( message_str, msg_len, hash_result );
5754  break;
5755  #endif
5756  #ifdef POLARSSL_SHA2_C
5757  case SIG_RSA_SHA224:
5758  sha2( message_str, msg_len, hash_result, 1 );
5759  break;
5760  case SIG_RSA_SHA256:
5761  sha2( message_str, msg_len, hash_result, 0 );
5762  break;
5763  #endif
5764  #ifdef POLARSSL_SHA4_C
5765  case SIG_RSA_SHA384:
5766  sha4( message_str, msg_len, hash_result, 1 );
5767  break;
5768  case SIG_RSA_SHA512:
5769  sha4( message_str, msg_len, hash_result, 0 );
5770  break;
5771  #endif
5772  }
5773 
5774  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
5775  if( 0 == 0 )
5776  {
5777  hexify( output_str, output, ctx.len);
5778 
5779  fct_chk( strcasecmp( (char *) output_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" ) == 0 );
5780  }
5781 
5782  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5783  rsa_free( &ctx );
5784  }
5785  FCT_TEST_END();
5786 
5787 
5788  FCT_TEST_BGN(rsassa_pss_verification_test_vector_int)
5789  {
5790  unsigned char message_str[1000];
5791  unsigned char hash_result[1000];
5792  unsigned char result_str[1000];
5793  rsa_context ctx;
5794  size_t msg_len;
5795 
5797  memset( message_str, 0x00, 1000 );
5798  memset( hash_result, 0x00, 1000 );
5799  memset( result_str, 0x00, 1000 );
5800 
5801  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5802  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5803  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5804 
5805  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
5806 
5807  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5808  unhexify( result_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" );
5809 
5810  switch( SIG_RSA_SHA1 )
5811  {
5812  #ifdef POLARSSL_MD2_C
5813  case SIG_RSA_MD2:
5814  md2( message_str, msg_len, hash_result );
5815  break;
5816  #endif
5817  #ifdef POLARSSL_MD4_C
5818  case SIG_RSA_MD4:
5819  md4( message_str, msg_len, hash_result );
5820  break;
5821  #endif
5822  #ifdef POLARSSL_MD5_C
5823  case SIG_RSA_MD5:
5824  md5( message_str, msg_len, hash_result );
5825  break;
5826  #endif
5827  #ifdef POLARSSL_SHA1_C
5828  case SIG_RSA_SHA1:
5829  sha1( message_str, msg_len, hash_result );
5830  break;
5831  #endif
5832  #ifdef POLARSSL_SHA2_C
5833  case SIG_RSA_SHA224:
5834  sha2( message_str, msg_len, hash_result, 1 );
5835  break;
5836  case SIG_RSA_SHA256:
5837  sha2( message_str, msg_len, hash_result, 0 );
5838  break;
5839  #endif
5840  #ifdef POLARSSL_SHA4_C
5841  case SIG_RSA_SHA384:
5842  sha4( message_str, msg_len, hash_result, 1 );
5843  break;
5844  case SIG_RSA_SHA512:
5845  sha4( message_str, msg_len, hash_result, 0 );
5846  break;
5847  #endif
5848  }
5849 
5850  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
5851 
5852  rsa_free( &ctx );
5853  }
5854  FCT_TEST_END();
5855 
5856 
5857  FCT_TEST_BGN(rsassa_pss_signing_test_vector_hash_too_large)
5858  {
5859  unsigned char message_str[1000];
5860  unsigned char hash_result[1000];
5861  unsigned char output[1000];
5862  unsigned char output_str[1000];
5863  unsigned char rnd_buf[1000];
5864  rsa_context ctx;
5865  mpi P1, Q1, H, G;
5866  size_t msg_len;
5867  rnd_buf_info info;
5868 
5869  info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
5870  info.buf = rnd_buf;
5871 
5872  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5874 
5875  memset( message_str, 0x00, 1000 );
5876  memset( hash_result, 0x00, 1000 );
5877  memset( output, 0x00, 1000 );
5878  memset( output_str, 0x00, 1000 );
5879 
5880  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5881  fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
5882  fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
5883  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5884  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5885 
5886  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5887  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5888  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5889  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5890  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5891  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5892  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5893  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5894 
5895  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5896 
5897  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00" );
5898 
5899  switch( SIG_RSA_SHA1 )
5900  {
5901  #ifdef POLARSSL_MD2_C
5902  case SIG_RSA_MD2:
5903  md2( message_str, msg_len, hash_result );
5904  break;
5905  #endif
5906  #ifdef POLARSSL_MD4_C
5907  case SIG_RSA_MD4:
5908  md4( message_str, msg_len, hash_result );
5909  break;
5910  #endif
5911  #ifdef POLARSSL_MD5_C
5912  case SIG_RSA_MD5:
5913  md5( message_str, msg_len, hash_result );
5914  break;
5915  #endif
5916  #ifdef POLARSSL_SHA1_C
5917  case SIG_RSA_SHA1:
5918  sha1( message_str, msg_len, hash_result );
5919  break;
5920  #endif
5921  #ifdef POLARSSL_SHA2_C
5922  case SIG_RSA_SHA224:
5923  sha2( message_str, msg_len, hash_result, 1 );
5924  break;
5925  case SIG_RSA_SHA256:
5926  sha2( message_str, msg_len, hash_result, 0 );
5927  break;
5928  #endif
5929  #ifdef POLARSSL_SHA4_C
5930  case SIG_RSA_SHA384:
5931  sha4( message_str, msg_len, hash_result, 1 );
5932  break;
5933  case SIG_RSA_SHA512:
5934  sha4( message_str, msg_len, hash_result, 0 );
5935  break;
5936  #endif
5937  }
5938 
5939  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == POLARSSL_ERR_RSA_BAD_INPUT_DATA );
5941  {
5942  hexify( output_str, output, ctx.len);
5943 
5944  fct_chk( strcasecmp( (char *) output_str, "" ) == 0 );
5945  }
5946 
5947  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5948  rsa_free( &ctx );
5949  }
5950  FCT_TEST_END();
5951 
5952 
5953  FCT_TEST_BGN(rsassa_pss_signature_example_1_1)
5954  {
5955  unsigned char message_str[1000];
5956  unsigned char hash_result[1000];
5957  unsigned char output[1000];
5958  unsigned char output_str[1000];
5959  unsigned char rnd_buf[1000];
5960  rsa_context ctx;
5961  mpi P1, Q1, H, G;
5962  size_t msg_len;
5963  rnd_buf_info info;
5964 
5965  info.length = unhexify( rnd_buf, "dee959c7e06411361420ff80185ed57f3e6776af" );
5966  info.buf = rnd_buf;
5967 
5968  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5970 
5971  memset( message_str, 0x00, 1000 );
5972  memset( hash_result, 0x00, 1000 );
5973  memset( output, 0x00, 1000 );
5974  memset( output_str, 0x00, 1000 );
5975 
5976  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5977  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
5978  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
5979  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5980  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5981 
5982  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5983  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5984  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5985  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5986  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5987  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5988  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5989  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5990 
5991  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5992 
5993  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
5994 
5995  switch( SIG_RSA_SHA1 )
5996  {
5997  #ifdef POLARSSL_MD2_C
5998  case SIG_RSA_MD2:
5999  md2( message_str, msg_len, hash_result );
6000  break;
6001  #endif
6002  #ifdef POLARSSL_MD4_C
6003  case SIG_RSA_MD4:
6004  md4( message_str, msg_len, hash_result );
6005  break;
6006  #endif
6007  #ifdef POLARSSL_MD5_C
6008  case SIG_RSA_MD5:
6009  md5( message_str, msg_len, hash_result );
6010  break;
6011  #endif
6012  #ifdef POLARSSL_SHA1_C
6013  case SIG_RSA_SHA1:
6014  sha1( message_str, msg_len, hash_result );
6015  break;
6016  #endif
6017  #ifdef POLARSSL_SHA2_C
6018  case SIG_RSA_SHA224:
6019  sha2( message_str, msg_len, hash_result, 1 );
6020  break;
6021  case SIG_RSA_SHA256:
6022  sha2( message_str, msg_len, hash_result, 0 );
6023  break;
6024  #endif
6025  #ifdef POLARSSL_SHA4_C
6026  case SIG_RSA_SHA384:
6027  sha4( message_str, msg_len, hash_result, 1 );
6028  break;
6029  case SIG_RSA_SHA512:
6030  sha4( message_str, msg_len, hash_result, 0 );
6031  break;
6032  #endif
6033  }
6034 
6035  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6036  if( 0 == 0 )
6037  {
6038  hexify( output_str, output, ctx.len);
6039 
6040  fct_chk( strcasecmp( (char *) output_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" ) == 0 );
6041  }
6042 
6043  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6044  rsa_free( &ctx );
6045  }
6046  FCT_TEST_END();
6047 
6048 
6049  FCT_TEST_BGN(rsassa_pss_signature_example_1_1_verify)
6050  {
6051  unsigned char message_str[1000];
6052  unsigned char hash_result[1000];
6053  unsigned char result_str[1000];
6054  rsa_context ctx;
6055  size_t msg_len;
6056 
6058  memset( message_str, 0x00, 1000 );
6059  memset( hash_result, 0x00, 1000 );
6060  memset( result_str, 0x00, 1000 );
6061 
6062  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6063  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6064  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6065 
6066  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6067 
6068  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
6069  unhexify( result_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" );
6070 
6071  switch( SIG_RSA_SHA1 )
6072  {
6073  #ifdef POLARSSL_MD2_C
6074  case SIG_RSA_MD2:
6075  md2( message_str, msg_len, hash_result );
6076  break;
6077  #endif
6078  #ifdef POLARSSL_MD4_C
6079  case SIG_RSA_MD4:
6080  md4( message_str, msg_len, hash_result );
6081  break;
6082  #endif
6083  #ifdef POLARSSL_MD5_C
6084  case SIG_RSA_MD5:
6085  md5( message_str, msg_len, hash_result );
6086  break;
6087  #endif
6088  #ifdef POLARSSL_SHA1_C
6089  case SIG_RSA_SHA1:
6090  sha1( message_str, msg_len, hash_result );
6091  break;
6092  #endif
6093  #ifdef POLARSSL_SHA2_C
6094  case SIG_RSA_SHA224:
6095  sha2( message_str, msg_len, hash_result, 1 );
6096  break;
6097  case SIG_RSA_SHA256:
6098  sha2( message_str, msg_len, hash_result, 0 );
6099  break;
6100  #endif
6101  #ifdef POLARSSL_SHA4_C
6102  case SIG_RSA_SHA384:
6103  sha4( message_str, msg_len, hash_result, 1 );
6104  break;
6105  case SIG_RSA_SHA512:
6106  sha4( message_str, msg_len, hash_result, 0 );
6107  break;
6108  #endif
6109  }
6110 
6111  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6112 
6113  rsa_free( &ctx );
6114  }
6115  FCT_TEST_END();
6116 
6117 
6118  FCT_TEST_BGN(rsassa_pss_signature_example_1_2)
6119  {
6120  unsigned char message_str[1000];
6121  unsigned char hash_result[1000];
6122  unsigned char output[1000];
6123  unsigned char output_str[1000];
6124  unsigned char rnd_buf[1000];
6125  rsa_context ctx;
6126  mpi P1, Q1, H, G;
6127  size_t msg_len;
6128  rnd_buf_info info;
6129 
6130  info.length = unhexify( rnd_buf, "ef2869fa40c346cb183dab3d7bffc98fd56df42d" );
6131  info.buf = rnd_buf;
6132 
6133  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6135 
6136  memset( message_str, 0x00, 1000 );
6137  memset( hash_result, 0x00, 1000 );
6138  memset( output, 0x00, 1000 );
6139  memset( output_str, 0x00, 1000 );
6140 
6141  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6142  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6143  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6144  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6145  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6146 
6147  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6148  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6149  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6150  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6151  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6152  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6153  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6154  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6155 
6156  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6157 
6158  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
6159 
6160  switch( SIG_RSA_SHA1 )
6161  {
6162  #ifdef POLARSSL_MD2_C
6163  case SIG_RSA_MD2:
6164  md2( message_str, msg_len, hash_result );
6165  break;
6166  #endif
6167  #ifdef POLARSSL_MD4_C
6168  case SIG_RSA_MD4:
6169  md4( message_str, msg_len, hash_result );
6170  break;
6171  #endif
6172  #ifdef POLARSSL_MD5_C
6173  case SIG_RSA_MD5:
6174  md5( message_str, msg_len, hash_result );
6175  break;
6176  #endif
6177  #ifdef POLARSSL_SHA1_C
6178  case SIG_RSA_SHA1:
6179  sha1( message_str, msg_len, hash_result );
6180  break;
6181  #endif
6182  #ifdef POLARSSL_SHA2_C
6183  case SIG_RSA_SHA224:
6184  sha2( message_str, msg_len, hash_result, 1 );
6185  break;
6186  case SIG_RSA_SHA256:
6187  sha2( message_str, msg_len, hash_result, 0 );
6188  break;
6189  #endif
6190  #ifdef POLARSSL_SHA4_C
6191  case SIG_RSA_SHA384:
6192  sha4( message_str, msg_len, hash_result, 1 );
6193  break;
6194  case SIG_RSA_SHA512:
6195  sha4( message_str, msg_len, hash_result, 0 );
6196  break;
6197  #endif
6198  }
6199 
6200  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6201  if( 0 == 0 )
6202  {
6203  hexify( output_str, output, ctx.len);
6204 
6205  fct_chk( strcasecmp( (char *) output_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" ) == 0 );
6206  }
6207 
6208  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6209  rsa_free( &ctx );
6210  }
6211  FCT_TEST_END();
6212 
6213 
6214  FCT_TEST_BGN(rsassa_pss_signature_example_1_2_verify)
6215  {
6216  unsigned char message_str[1000];
6217  unsigned char hash_result[1000];
6218  unsigned char result_str[1000];
6219  rsa_context ctx;
6220  size_t msg_len;
6221 
6223  memset( message_str, 0x00, 1000 );
6224  memset( hash_result, 0x00, 1000 );
6225  memset( result_str, 0x00, 1000 );
6226 
6227  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6228  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6229  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6230 
6231  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6232 
6233  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
6234  unhexify( result_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" );
6235 
6236  switch( SIG_RSA_SHA1 )
6237  {
6238  #ifdef POLARSSL_MD2_C
6239  case SIG_RSA_MD2:
6240  md2( message_str, msg_len, hash_result );
6241  break;
6242  #endif
6243  #ifdef POLARSSL_MD4_C
6244  case SIG_RSA_MD4:
6245  md4( message_str, msg_len, hash_result );
6246  break;
6247  #endif
6248  #ifdef POLARSSL_MD5_C
6249  case SIG_RSA_MD5:
6250  md5( message_str, msg_len, hash_result );
6251  break;
6252  #endif
6253  #ifdef POLARSSL_SHA1_C
6254  case SIG_RSA_SHA1:
6255  sha1( message_str, msg_len, hash_result );
6256  break;
6257  #endif
6258  #ifdef POLARSSL_SHA2_C
6259  case SIG_RSA_SHA224:
6260  sha2( message_str, msg_len, hash_result, 1 );
6261  break;
6262  case SIG_RSA_SHA256:
6263  sha2( message_str, msg_len, hash_result, 0 );
6264  break;
6265  #endif
6266  #ifdef POLARSSL_SHA4_C
6267  case SIG_RSA_SHA384:
6268  sha4( message_str, msg_len, hash_result, 1 );
6269  break;
6270  case SIG_RSA_SHA512:
6271  sha4( message_str, msg_len, hash_result, 0 );
6272  break;
6273  #endif
6274  }
6275 
6276  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6277 
6278  rsa_free( &ctx );
6279  }
6280  FCT_TEST_END();
6281 
6282 
6283  FCT_TEST_BGN(rsassa_pss_signature_example_1_3)
6284  {
6285  unsigned char message_str[1000];
6286  unsigned char hash_result[1000];
6287  unsigned char output[1000];
6288  unsigned char output_str[1000];
6289  unsigned char rnd_buf[1000];
6290  rsa_context ctx;
6291  mpi P1, Q1, H, G;
6292  size_t msg_len;
6293  rnd_buf_info info;
6294 
6295  info.length = unhexify( rnd_buf, "710b9c4747d800d4de87f12afdce6df18107cc77" );
6296  info.buf = rnd_buf;
6297 
6298  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6300 
6301  memset( message_str, 0x00, 1000 );
6302  memset( hash_result, 0x00, 1000 );
6303  memset( output, 0x00, 1000 );
6304  memset( output_str, 0x00, 1000 );
6305 
6306  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6307  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6308  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6309  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6310  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6311 
6312  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6313  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6314  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6315  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6316  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6317  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6318  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6319  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6320 
6321  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6322 
6323  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
6324 
6325  switch( SIG_RSA_SHA1 )
6326  {
6327  #ifdef POLARSSL_MD2_C
6328  case SIG_RSA_MD2:
6329  md2( message_str, msg_len, hash_result );
6330  break;
6331  #endif
6332  #ifdef POLARSSL_MD4_C
6333  case SIG_RSA_MD4:
6334  md4( message_str, msg_len, hash_result );
6335  break;
6336  #endif
6337  #ifdef POLARSSL_MD5_C
6338  case SIG_RSA_MD5:
6339  md5( message_str, msg_len, hash_result );
6340  break;
6341  #endif
6342  #ifdef POLARSSL_SHA1_C
6343  case SIG_RSA_SHA1:
6344  sha1( message_str, msg_len, hash_result );
6345  break;
6346  #endif
6347  #ifdef POLARSSL_SHA2_C
6348  case SIG_RSA_SHA224:
6349  sha2( message_str, msg_len, hash_result, 1 );
6350  break;
6351  case SIG_RSA_SHA256:
6352  sha2( message_str, msg_len, hash_result, 0 );
6353  break;
6354  #endif
6355  #ifdef POLARSSL_SHA4_C
6356  case SIG_RSA_SHA384:
6357  sha4( message_str, msg_len, hash_result, 1 );
6358  break;
6359  case SIG_RSA_SHA512:
6360  sha4( message_str, msg_len, hash_result, 0 );
6361  break;
6362  #endif
6363  }
6364 
6365  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6366  if( 0 == 0 )
6367  {
6368  hexify( output_str, output, ctx.len);
6369 
6370  fct_chk( strcasecmp( (char *) output_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" ) == 0 );
6371  }
6372 
6373  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6374  rsa_free( &ctx );
6375  }
6376  FCT_TEST_END();
6377 
6378 
6379  FCT_TEST_BGN(rsassa_pss_signature_example_1_3_verify)
6380  {
6381  unsigned char message_str[1000];
6382  unsigned char hash_result[1000];
6383  unsigned char result_str[1000];
6384  rsa_context ctx;
6385  size_t msg_len;
6386 
6388  memset( message_str, 0x00, 1000 );
6389  memset( hash_result, 0x00, 1000 );
6390  memset( result_str, 0x00, 1000 );
6391 
6392  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6393  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6394  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6395 
6396  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6397 
6398  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
6399  unhexify( result_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" );
6400 
6401  switch( SIG_RSA_SHA1 )
6402  {
6403  #ifdef POLARSSL_MD2_C
6404  case SIG_RSA_MD2:
6405  md2( message_str, msg_len, hash_result );
6406  break;
6407  #endif
6408  #ifdef POLARSSL_MD4_C
6409  case SIG_RSA_MD4:
6410  md4( message_str, msg_len, hash_result );
6411  break;
6412  #endif
6413  #ifdef POLARSSL_MD5_C
6414  case SIG_RSA_MD5:
6415  md5( message_str, msg_len, hash_result );
6416  break;
6417  #endif
6418  #ifdef POLARSSL_SHA1_C
6419  case SIG_RSA_SHA1:
6420  sha1( message_str, msg_len, hash_result );
6421  break;
6422  #endif
6423  #ifdef POLARSSL_SHA2_C
6424  case SIG_RSA_SHA224:
6425  sha2( message_str, msg_len, hash_result, 1 );
6426  break;
6427  case SIG_RSA_SHA256:
6428  sha2( message_str, msg_len, hash_result, 0 );
6429  break;
6430  #endif
6431  #ifdef POLARSSL_SHA4_C
6432  case SIG_RSA_SHA384:
6433  sha4( message_str, msg_len, hash_result, 1 );
6434  break;
6435  case SIG_RSA_SHA512:
6436  sha4( message_str, msg_len, hash_result, 0 );
6437  break;
6438  #endif
6439  }
6440 
6441  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6442 
6443  rsa_free( &ctx );
6444  }
6445  FCT_TEST_END();
6446 
6447 
6448  FCT_TEST_BGN(rsassa_pss_signature_example_1_4)
6449  {
6450  unsigned char message_str[1000];
6451  unsigned char hash_result[1000];
6452  unsigned char output[1000];
6453  unsigned char output_str[1000];
6454  unsigned char rnd_buf[1000];
6455  rsa_context ctx;
6456  mpi P1, Q1, H, G;
6457  size_t msg_len;
6458  rnd_buf_info info;
6459 
6460  info.length = unhexify( rnd_buf, "056f00985de14d8ef5cea9e82f8c27bef720335e" );
6461  info.buf = rnd_buf;
6462 
6463  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6465 
6466  memset( message_str, 0x00, 1000 );
6467  memset( hash_result, 0x00, 1000 );
6468  memset( output, 0x00, 1000 );
6469  memset( output_str, 0x00, 1000 );
6470 
6471  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6472  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6473  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6474  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6475  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6476 
6477  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6478  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6479  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6480  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6481  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6482  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6483  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6484  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6485 
6486  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6487 
6488  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6489 
6490  switch( SIG_RSA_SHA1 )
6491  {
6492  #ifdef POLARSSL_MD2_C
6493  case SIG_RSA_MD2:
6494  md2( message_str, msg_len, hash_result );
6495  break;
6496  #endif
6497  #ifdef POLARSSL_MD4_C
6498  case SIG_RSA_MD4:
6499  md4( message_str, msg_len, hash_result );
6500  break;
6501  #endif
6502  #ifdef POLARSSL_MD5_C
6503  case SIG_RSA_MD5:
6504  md5( message_str, msg_len, hash_result );
6505  break;
6506  #endif
6507  #ifdef POLARSSL_SHA1_C
6508  case SIG_RSA_SHA1:
6509  sha1( message_str, msg_len, hash_result );
6510  break;
6511  #endif
6512  #ifdef POLARSSL_SHA2_C
6513  case SIG_RSA_SHA224:
6514  sha2( message_str, msg_len, hash_result, 1 );
6515  break;
6516  case SIG_RSA_SHA256:
6517  sha2( message_str, msg_len, hash_result, 0 );
6518  break;
6519  #endif
6520  #ifdef POLARSSL_SHA4_C
6521  case SIG_RSA_SHA384:
6522  sha4( message_str, msg_len, hash_result, 1 );
6523  break;
6524  case SIG_RSA_SHA512:
6525  sha4( message_str, msg_len, hash_result, 0 );
6526  break;
6527  #endif
6528  }
6529 
6530  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6531  if( 0 == 0 )
6532  {
6533  hexify( output_str, output, ctx.len);
6534 
6535  fct_chk( strcasecmp( (char *) output_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" ) == 0 );
6536  }
6537 
6538  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6539  rsa_free( &ctx );
6540  }
6541  FCT_TEST_END();
6542 
6543 
6544  FCT_TEST_BGN(rsassa_pss_signature_example_1_4_verify)
6545  {
6546  unsigned char message_str[1000];
6547  unsigned char hash_result[1000];
6548  unsigned char result_str[1000];
6549  rsa_context ctx;
6550  size_t msg_len;
6551 
6553  memset( message_str, 0x00, 1000 );
6554  memset( hash_result, 0x00, 1000 );
6555  memset( result_str, 0x00, 1000 );
6556 
6557  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6558  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6559  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6560 
6561  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6562 
6563  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6564  unhexify( result_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" );
6565 
6566  switch( SIG_RSA_SHA1 )
6567  {
6568  #ifdef POLARSSL_MD2_C
6569  case SIG_RSA_MD2:
6570  md2( message_str, msg_len, hash_result );
6571  break;
6572  #endif
6573  #ifdef POLARSSL_MD4_C
6574  case SIG_RSA_MD4:
6575  md4( message_str, msg_len, hash_result );
6576  break;
6577  #endif
6578  #ifdef POLARSSL_MD5_C
6579  case SIG_RSA_MD5:
6580  md5( message_str, msg_len, hash_result );
6581  break;
6582  #endif
6583  #ifdef POLARSSL_SHA1_C
6584  case SIG_RSA_SHA1:
6585  sha1( message_str, msg_len, hash_result );
6586  break;
6587  #endif
6588  #ifdef POLARSSL_SHA2_C
6589  case SIG_RSA_SHA224:
6590  sha2( message_str, msg_len, hash_result, 1 );
6591  break;
6592  case SIG_RSA_SHA256:
6593  sha2( message_str, msg_len, hash_result, 0 );
6594  break;
6595  #endif
6596  #ifdef POLARSSL_SHA4_C
6597  case SIG_RSA_SHA384:
6598  sha4( message_str, msg_len, hash_result, 1 );
6599  break;
6600  case SIG_RSA_SHA512:
6601  sha4( message_str, msg_len, hash_result, 0 );
6602  break;
6603  #endif
6604  }
6605 
6606  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6607 
6608  rsa_free( &ctx );
6609  }
6610  FCT_TEST_END();
6611 
6612 
6613  FCT_TEST_BGN(rsassa_pss_signature_example_1_5)
6614  {
6615  unsigned char message_str[1000];
6616  unsigned char hash_result[1000];
6617  unsigned char output[1000];
6618  unsigned char output_str[1000];
6619  unsigned char rnd_buf[1000];
6620  rsa_context ctx;
6621  mpi P1, Q1, H, G;
6622  size_t msg_len;
6623  rnd_buf_info info;
6624 
6625  info.length = unhexify( rnd_buf, "80e70ff86a08de3ec60972b39b4fbfdcea67ae8e" );
6626  info.buf = rnd_buf;
6627 
6628  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6630 
6631  memset( message_str, 0x00, 1000 );
6632  memset( hash_result, 0x00, 1000 );
6633  memset( output, 0x00, 1000 );
6634  memset( output_str, 0x00, 1000 );
6635 
6636  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6637  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6638  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6639  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6640  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6641 
6642  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6643  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6644  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6645  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6646  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6647  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6648  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6649  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6650 
6651  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6652 
6653  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6654 
6655  switch( SIG_RSA_SHA1 )
6656  {
6657  #ifdef POLARSSL_MD2_C
6658  case SIG_RSA_MD2:
6659  md2( message_str, msg_len, hash_result );
6660  break;
6661  #endif
6662  #ifdef POLARSSL_MD4_C
6663  case SIG_RSA_MD4:
6664  md4( message_str, msg_len, hash_result );
6665  break;
6666  #endif
6667  #ifdef POLARSSL_MD5_C
6668  case SIG_RSA_MD5:
6669  md5( message_str, msg_len, hash_result );
6670  break;
6671  #endif
6672  #ifdef POLARSSL_SHA1_C
6673  case SIG_RSA_SHA1:
6674  sha1( message_str, msg_len, hash_result );
6675  break;
6676  #endif
6677  #ifdef POLARSSL_SHA2_C
6678  case SIG_RSA_SHA224:
6679  sha2( message_str, msg_len, hash_result, 1 );
6680  break;
6681  case SIG_RSA_SHA256:
6682  sha2( message_str, msg_len, hash_result, 0 );
6683  break;
6684  #endif
6685  #ifdef POLARSSL_SHA4_C
6686  case SIG_RSA_SHA384:
6687  sha4( message_str, msg_len, hash_result, 1 );
6688  break;
6689  case SIG_RSA_SHA512:
6690  sha4( message_str, msg_len, hash_result, 0 );
6691  break;
6692  #endif
6693  }
6694 
6695  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6696  if( 0 == 0 )
6697  {
6698  hexify( output_str, output, ctx.len);
6699 
6700  fct_chk( strcasecmp( (char *) output_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" ) == 0 );
6701  }
6702 
6703  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6704  rsa_free( &ctx );
6705  }
6706  FCT_TEST_END();
6707 
6708 
6709  FCT_TEST_BGN(rsassa_pss_signature_example_1_5_verify)
6710  {
6711  unsigned char message_str[1000];
6712  unsigned char hash_result[1000];
6713  unsigned char result_str[1000];
6714  rsa_context ctx;
6715  size_t msg_len;
6716 
6718  memset( message_str, 0x00, 1000 );
6719  memset( hash_result, 0x00, 1000 );
6720  memset( result_str, 0x00, 1000 );
6721 
6722  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6723  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6724  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6725 
6726  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6727 
6728  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6729  unhexify( result_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" );
6730 
6731  switch( SIG_RSA_SHA1 )
6732  {
6733  #ifdef POLARSSL_MD2_C
6734  case SIG_RSA_MD2:
6735  md2( message_str, msg_len, hash_result );
6736  break;
6737  #endif
6738  #ifdef POLARSSL_MD4_C
6739  case SIG_RSA_MD4:
6740  md4( message_str, msg_len, hash_result );
6741  break;
6742  #endif
6743  #ifdef POLARSSL_MD5_C
6744  case SIG_RSA_MD5:
6745  md5( message_str, msg_len, hash_result );
6746  break;
6747  #endif
6748  #ifdef POLARSSL_SHA1_C
6749  case SIG_RSA_SHA1:
6750  sha1( message_str, msg_len, hash_result );
6751  break;
6752  #endif
6753  #ifdef POLARSSL_SHA2_C
6754  case SIG_RSA_SHA224:
6755  sha2( message_str, msg_len, hash_result, 1 );
6756  break;
6757  case SIG_RSA_SHA256:
6758  sha2( message_str, msg_len, hash_result, 0 );
6759  break;
6760  #endif
6761  #ifdef POLARSSL_SHA4_C
6762  case SIG_RSA_SHA384:
6763  sha4( message_str, msg_len, hash_result, 1 );
6764  break;
6765  case SIG_RSA_SHA512:
6766  sha4( message_str, msg_len, hash_result, 0 );
6767  break;
6768  #endif
6769  }
6770 
6771  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6772 
6773  rsa_free( &ctx );
6774  }
6775  FCT_TEST_END();
6776 
6777 
6778  FCT_TEST_BGN(rsassa_pss_signature_example_1_6)
6779  {
6780  unsigned char message_str[1000];
6781  unsigned char hash_result[1000];
6782  unsigned char output[1000];
6783  unsigned char output_str[1000];
6784  unsigned char rnd_buf[1000];
6785  rsa_context ctx;
6786  mpi P1, Q1, H, G;
6787  size_t msg_len;
6788  rnd_buf_info info;
6789 
6790  info.length = unhexify( rnd_buf, "a8ab69dd801f0074c2a1fc60649836c616d99681" );
6791  info.buf = rnd_buf;
6792 
6793  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6795 
6796  memset( message_str, 0x00, 1000 );
6797  memset( hash_result, 0x00, 1000 );
6798  memset( output, 0x00, 1000 );
6799  memset( output_str, 0x00, 1000 );
6800 
6801  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6802  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6803  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6804  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6805  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6806 
6807  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6808  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6809  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6810  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6811  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6812  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6813  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6814  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6815 
6816  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6817 
6818  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6819 
6820  switch( SIG_RSA_SHA1 )
6821  {
6822  #ifdef POLARSSL_MD2_C
6823  case SIG_RSA_MD2:
6824  md2( message_str, msg_len, hash_result );
6825  break;
6826  #endif
6827  #ifdef POLARSSL_MD4_C
6828  case SIG_RSA_MD4:
6829  md4( message_str, msg_len, hash_result );
6830  break;
6831  #endif
6832  #ifdef POLARSSL_MD5_C
6833  case SIG_RSA_MD5:
6834  md5( message_str, msg_len, hash_result );
6835  break;
6836  #endif
6837  #ifdef POLARSSL_SHA1_C
6838  case SIG_RSA_SHA1:
6839  sha1( message_str, msg_len, hash_result );
6840  break;
6841  #endif
6842  #ifdef POLARSSL_SHA2_C
6843  case SIG_RSA_SHA224:
6844  sha2( message_str, msg_len, hash_result, 1 );
6845  break;
6846  case SIG_RSA_SHA256:
6847  sha2( message_str, msg_len, hash_result, 0 );
6848  break;
6849  #endif
6850  #ifdef POLARSSL_SHA4_C
6851  case SIG_RSA_SHA384:
6852  sha4( message_str, msg_len, hash_result, 1 );
6853  break;
6854  case SIG_RSA_SHA512:
6855  sha4( message_str, msg_len, hash_result, 0 );
6856  break;
6857  #endif
6858  }
6859 
6860  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6861  if( 0 == 0 )
6862  {
6863  hexify( output_str, output, ctx.len);
6864 
6865  fct_chk( strcasecmp( (char *) output_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" ) == 0 );
6866  }
6867 
6868  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6869  rsa_free( &ctx );
6870  }
6871  FCT_TEST_END();
6872 
6873 
6874  FCT_TEST_BGN(rsassa_pss_signature_example_1_6_verify)
6875  {
6876  unsigned char message_str[1000];
6877  unsigned char hash_result[1000];
6878  unsigned char result_str[1000];
6879  rsa_context ctx;
6880  size_t msg_len;
6881 
6883  memset( message_str, 0x00, 1000 );
6884  memset( hash_result, 0x00, 1000 );
6885  memset( result_str, 0x00, 1000 );
6886 
6887  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6888  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6889  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6890 
6891  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6892 
6893  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6894  unhexify( result_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" );
6895 
6896  switch( SIG_RSA_SHA1 )
6897  {
6898  #ifdef POLARSSL_MD2_C
6899  case SIG_RSA_MD2:
6900  md2( message_str, msg_len, hash_result );
6901  break;
6902  #endif
6903  #ifdef POLARSSL_MD4_C
6904  case SIG_RSA_MD4:
6905  md4( message_str, msg_len, hash_result );
6906  break;
6907  #endif
6908  #ifdef POLARSSL_MD5_C
6909  case SIG_RSA_MD5:
6910  md5( message_str, msg_len, hash_result );
6911  break;
6912  #endif
6913  #ifdef POLARSSL_SHA1_C
6914  case SIG_RSA_SHA1:
6915  sha1( message_str, msg_len, hash_result );
6916  break;
6917  #endif
6918  #ifdef POLARSSL_SHA2_C
6919  case SIG_RSA_SHA224:
6920  sha2( message_str, msg_len, hash_result, 1 );
6921  break;
6922  case SIG_RSA_SHA256:
6923  sha2( message_str, msg_len, hash_result, 0 );
6924  break;
6925  #endif
6926  #ifdef POLARSSL_SHA4_C
6927  case SIG_RSA_SHA384:
6928  sha4( message_str, msg_len, hash_result, 1 );
6929  break;
6930  case SIG_RSA_SHA512:
6931  sha4( message_str, msg_len, hash_result, 0 );
6932  break;
6933  #endif
6934  }
6935 
6936  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6937 
6938  rsa_free( &ctx );
6939  }
6940  FCT_TEST_END();
6941 
6942 
6943  FCT_TEST_BGN(rsassa_pss_signature_example_2_1)
6944  {
6945  unsigned char message_str[1000];
6946  unsigned char hash_result[1000];
6947  unsigned char output[1000];
6948  unsigned char output_str[1000];
6949  unsigned char rnd_buf[1000];
6950  rsa_context ctx;
6951  mpi P1, Q1, H, G;
6952  size_t msg_len;
6953  rnd_buf_info info;
6954 
6955  info.length = unhexify( rnd_buf, "57bf160bcb02bb1dc7280cf0458530b7d2832ff7" );
6956  info.buf = rnd_buf;
6957 
6958  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6960 
6961  memset( message_str, 0x00, 1000 );
6962  memset( hash_result, 0x00, 1000 );
6963  memset( output, 0x00, 1000 );
6964  memset( output_str, 0x00, 1000 );
6965 
6966  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6967  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
6968  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
6969  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6970  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6971 
6972  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6973  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6974  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6975  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6976  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6977  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6978  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6979  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6980 
6981  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6982 
6983  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
6984 
6985  switch( SIG_RSA_SHA1 )
6986  {
6987  #ifdef POLARSSL_MD2_C
6988  case SIG_RSA_MD2:
6989  md2( message_str, msg_len, hash_result );
6990  break;
6991  #endif
6992  #ifdef POLARSSL_MD4_C
6993  case SIG_RSA_MD4:
6994  md4( message_str, msg_len, hash_result );
6995  break;
6996  #endif
6997  #ifdef POLARSSL_MD5_C
6998  case SIG_RSA_MD5:
6999  md5( message_str, msg_len, hash_result );
7000  break;
7001  #endif
7002  #ifdef POLARSSL_SHA1_C
7003  case SIG_RSA_SHA1:
7004  sha1( message_str, msg_len, hash_result );
7005  break;
7006  #endif
7007  #ifdef POLARSSL_SHA2_C
7008  case SIG_RSA_SHA224:
7009  sha2( message_str, msg_len, hash_result, 1 );
7010  break;
7011  case SIG_RSA_SHA256:
7012  sha2( message_str, msg_len, hash_result, 0 );
7013  break;
7014  #endif
7015  #ifdef POLARSSL_SHA4_C
7016  case SIG_RSA_SHA384:
7017  sha4( message_str, msg_len, hash_result, 1 );
7018  break;
7019  case SIG_RSA_SHA512:
7020  sha4( message_str, msg_len, hash_result, 0 );
7021  break;
7022  #endif
7023  }
7024 
7025  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7026  if( 0 == 0 )
7027  {
7028  hexify( output_str, output, ctx.len);
7029 
7030  fct_chk( strcasecmp( (char *) output_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" ) == 0 );
7031  }
7032 
7033  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7034  rsa_free( &ctx );
7035  }
7036  FCT_TEST_END();
7037 
7038 
7039  FCT_TEST_BGN(rsassa_pss_signature_example_2_1_verify)
7040  {
7041  unsigned char message_str[1000];
7042  unsigned char hash_result[1000];
7043  unsigned char result_str[1000];
7044  rsa_context ctx;
7045  size_t msg_len;
7046 
7048  memset( message_str, 0x00, 1000 );
7049  memset( hash_result, 0x00, 1000 );
7050  memset( result_str, 0x00, 1000 );
7051 
7052  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7053  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7054  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7055 
7056  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7057 
7058  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
7059  unhexify( result_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" );
7060 
7061  switch( SIG_RSA_SHA1 )
7062  {
7063  #ifdef POLARSSL_MD2_C
7064  case SIG_RSA_MD2:
7065  md2( message_str, msg_len, hash_result );
7066  break;
7067  #endif
7068  #ifdef POLARSSL_MD4_C
7069  case SIG_RSA_MD4:
7070  md4( message_str, msg_len, hash_result );
7071  break;
7072  #endif
7073  #ifdef POLARSSL_MD5_C
7074  case SIG_RSA_MD5:
7075  md5( message_str, msg_len, hash_result );
7076  break;
7077  #endif
7078  #ifdef POLARSSL_SHA1_C
7079  case SIG_RSA_SHA1:
7080  sha1( message_str, msg_len, hash_result );
7081  break;
7082  #endif
7083  #ifdef POLARSSL_SHA2_C
7084  case SIG_RSA_SHA224:
7085  sha2( message_str, msg_len, hash_result, 1 );
7086  break;
7087  case SIG_RSA_SHA256:
7088  sha2( message_str, msg_len, hash_result, 0 );
7089  break;
7090  #endif
7091  #ifdef POLARSSL_SHA4_C
7092  case SIG_RSA_SHA384:
7093  sha4( message_str, msg_len, hash_result, 1 );
7094  break;
7095  case SIG_RSA_SHA512:
7096  sha4( message_str, msg_len, hash_result, 0 );
7097  break;
7098  #endif
7099  }
7100 
7101  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7102 
7103  rsa_free( &ctx );
7104  }
7105  FCT_TEST_END();
7106 
7107 
7108  FCT_TEST_BGN(rsassa_pss_signature_example_2_2)
7109  {
7110  unsigned char message_str[1000];
7111  unsigned char hash_result[1000];
7112  unsigned char output[1000];
7113  unsigned char output_str[1000];
7114  unsigned char rnd_buf[1000];
7115  rsa_context ctx;
7116  mpi P1, Q1, H, G;
7117  size_t msg_len;
7118  rnd_buf_info info;
7119 
7120  info.length = unhexify( rnd_buf, "7f6dd359e604e60870e898e47b19bf2e5a7b2a90" );
7121  info.buf = rnd_buf;
7122 
7123  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7125 
7126  memset( message_str, 0x00, 1000 );
7127  memset( hash_result, 0x00, 1000 );
7128  memset( output, 0x00, 1000 );
7129  memset( output_str, 0x00, 1000 );
7130 
7131  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7132  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7133  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7134  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7135  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7136 
7137  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7138  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7139  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7140  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7141  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7142  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7143  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7144  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7145 
7146  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7147 
7148  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
7149 
7150  switch( SIG_RSA_SHA1 )
7151  {
7152  #ifdef POLARSSL_MD2_C
7153  case SIG_RSA_MD2:
7154  md2( message_str, msg_len, hash_result );
7155  break;
7156  #endif
7157  #ifdef POLARSSL_MD4_C
7158  case SIG_RSA_MD4:
7159  md4( message_str, msg_len, hash_result );
7160  break;
7161  #endif
7162  #ifdef POLARSSL_MD5_C
7163  case SIG_RSA_MD5:
7164  md5( message_str, msg_len, hash_result );
7165  break;
7166  #endif
7167  #ifdef POLARSSL_SHA1_C
7168  case SIG_RSA_SHA1:
7169  sha1( message_str, msg_len, hash_result );
7170  break;
7171  #endif
7172  #ifdef POLARSSL_SHA2_C
7173  case SIG_RSA_SHA224:
7174  sha2( message_str, msg_len, hash_result, 1 );
7175  break;
7176  case SIG_RSA_SHA256:
7177  sha2( message_str, msg_len, hash_result, 0 );
7178  break;
7179  #endif
7180  #ifdef POLARSSL_SHA4_C
7181  case SIG_RSA_SHA384:
7182  sha4( message_str, msg_len, hash_result, 1 );
7183  break;
7184  case SIG_RSA_SHA512:
7185  sha4( message_str, msg_len, hash_result, 0 );
7186  break;
7187  #endif
7188  }
7189 
7190  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7191  if( 0 == 0 )
7192  {
7193  hexify( output_str, output, ctx.len);
7194 
7195  fct_chk( strcasecmp( (char *) output_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" ) == 0 );
7196  }
7197 
7198  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7199  rsa_free( &ctx );
7200  }
7201  FCT_TEST_END();
7202 
7203 
7204  FCT_TEST_BGN(rsassa_pss_signature_example_2_2_verify)
7205  {
7206  unsigned char message_str[1000];
7207  unsigned char hash_result[1000];
7208  unsigned char result_str[1000];
7209  rsa_context ctx;
7210  size_t msg_len;
7211 
7213  memset( message_str, 0x00, 1000 );
7214  memset( hash_result, 0x00, 1000 );
7215  memset( result_str, 0x00, 1000 );
7216 
7217  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7218  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7219  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7220 
7221  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7222 
7223  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
7224  unhexify( result_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" );
7225 
7226  switch( SIG_RSA_SHA1 )
7227  {
7228  #ifdef POLARSSL_MD2_C
7229  case SIG_RSA_MD2:
7230  md2( message_str, msg_len, hash_result );
7231  break;
7232  #endif
7233  #ifdef POLARSSL_MD4_C
7234  case SIG_RSA_MD4:
7235  md4( message_str, msg_len, hash_result );
7236  break;
7237  #endif
7238  #ifdef POLARSSL_MD5_C
7239  case SIG_RSA_MD5:
7240  md5( message_str, msg_len, hash_result );
7241  break;
7242  #endif
7243  #ifdef POLARSSL_SHA1_C
7244  case SIG_RSA_SHA1:
7245  sha1( message_str, msg_len, hash_result );
7246  break;
7247  #endif
7248  #ifdef POLARSSL_SHA2_C
7249  case SIG_RSA_SHA224:
7250  sha2( message_str, msg_len, hash_result, 1 );
7251  break;
7252  case SIG_RSA_SHA256:
7253  sha2( message_str, msg_len, hash_result, 0 );
7254  break;
7255  #endif
7256  #ifdef POLARSSL_SHA4_C
7257  case SIG_RSA_SHA384:
7258  sha4( message_str, msg_len, hash_result, 1 );
7259  break;
7260  case SIG_RSA_SHA512:
7261  sha4( message_str, msg_len, hash_result, 0 );
7262  break;
7263  #endif
7264  }
7265 
7266  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7267 
7268  rsa_free( &ctx );
7269  }
7270  FCT_TEST_END();
7271 
7272 
7273  FCT_TEST_BGN(rsassa_pss_signature_example_2_3)
7274  {
7275  unsigned char message_str[1000];
7276  unsigned char hash_result[1000];
7277  unsigned char output[1000];
7278  unsigned char output_str[1000];
7279  unsigned char rnd_buf[1000];
7280  rsa_context ctx;
7281  mpi P1, Q1, H, G;
7282  size_t msg_len;
7283  rnd_buf_info info;
7284 
7285  info.length = unhexify( rnd_buf, "fca862068bce2246724b708a0519da17e648688c" );
7286  info.buf = rnd_buf;
7287 
7288  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7290 
7291  memset( message_str, 0x00, 1000 );
7292  memset( hash_result, 0x00, 1000 );
7293  memset( output, 0x00, 1000 );
7294  memset( output_str, 0x00, 1000 );
7295 
7296  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7297  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7298  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7299  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7300  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7301 
7302  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7303  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7304  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7305  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7306  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7307  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7308  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7309  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7310 
7311  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7312 
7313  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
7314 
7315  switch( SIG_RSA_SHA1 )
7316  {
7317  #ifdef POLARSSL_MD2_C
7318  case SIG_RSA_MD2:
7319  md2( message_str, msg_len, hash_result );
7320  break;
7321  #endif
7322  #ifdef POLARSSL_MD4_C
7323  case SIG_RSA_MD4:
7324  md4( message_str, msg_len, hash_result );
7325  break;
7326  #endif
7327  #ifdef POLARSSL_MD5_C
7328  case SIG_RSA_MD5:
7329  md5( message_str, msg_len, hash_result );
7330  break;
7331  #endif
7332  #ifdef POLARSSL_SHA1_C
7333  case SIG_RSA_SHA1:
7334  sha1( message_str, msg_len, hash_result );
7335  break;
7336  #endif
7337  #ifdef POLARSSL_SHA2_C
7338  case SIG_RSA_SHA224:
7339  sha2( message_str, msg_len, hash_result, 1 );
7340  break;
7341  case SIG_RSA_SHA256:
7342  sha2( message_str, msg_len, hash_result, 0 );
7343  break;
7344  #endif
7345  #ifdef POLARSSL_SHA4_C
7346  case SIG_RSA_SHA384:
7347  sha4( message_str, msg_len, hash_result, 1 );
7348  break;
7349  case SIG_RSA_SHA512:
7350  sha4( message_str, msg_len, hash_result, 0 );
7351  break;
7352  #endif
7353  }
7354 
7355  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7356  if( 0 == 0 )
7357  {
7358  hexify( output_str, output, ctx.len);
7359 
7360  fct_chk( strcasecmp( (char *) output_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" ) == 0 );
7361  }
7362 
7363  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7364  rsa_free( &ctx );
7365  }
7366  FCT_TEST_END();
7367 
7368 
7369  FCT_TEST_BGN(rsassa_pss_signature_example_2_3_verify)
7370  {
7371  unsigned char message_str[1000];
7372  unsigned char hash_result[1000];
7373  unsigned char result_str[1000];
7374  rsa_context ctx;
7375  size_t msg_len;
7376 
7378  memset( message_str, 0x00, 1000 );
7379  memset( hash_result, 0x00, 1000 );
7380  memset( result_str, 0x00, 1000 );
7381 
7382  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7383  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7384  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7385 
7386  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7387 
7388  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
7389  unhexify( result_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" );
7390 
7391  switch( SIG_RSA_SHA1 )
7392  {
7393  #ifdef POLARSSL_MD2_C
7394  case SIG_RSA_MD2:
7395  md2( message_str, msg_len, hash_result );
7396  break;
7397  #endif
7398  #ifdef POLARSSL_MD4_C
7399  case SIG_RSA_MD4:
7400  md4( message_str, msg_len, hash_result );
7401  break;
7402  #endif
7403  #ifdef POLARSSL_MD5_C
7404  case SIG_RSA_MD5:
7405  md5( message_str, msg_len, hash_result );
7406  break;
7407  #endif
7408  #ifdef POLARSSL_SHA1_C
7409  case SIG_RSA_SHA1:
7410  sha1( message_str, msg_len, hash_result );
7411  break;
7412  #endif
7413  #ifdef POLARSSL_SHA2_C
7414  case SIG_RSA_SHA224:
7415  sha2( message_str, msg_len, hash_result, 1 );
7416  break;
7417  case SIG_RSA_SHA256:
7418  sha2( message_str, msg_len, hash_result, 0 );
7419  break;
7420  #endif
7421  #ifdef POLARSSL_SHA4_C
7422  case SIG_RSA_SHA384:
7423  sha4( message_str, msg_len, hash_result, 1 );
7424  break;
7425  case SIG_RSA_SHA512:
7426  sha4( message_str, msg_len, hash_result, 0 );
7427  break;
7428  #endif
7429  }
7430 
7431  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7432 
7433  rsa_free( &ctx );
7434  }
7435  FCT_TEST_END();
7436 
7437 
7438  FCT_TEST_BGN(rsassa_pss_signature_example_2_4)
7439  {
7440  unsigned char message_str[1000];
7441  unsigned char hash_result[1000];
7442  unsigned char output[1000];
7443  unsigned char output_str[1000];
7444  unsigned char rnd_buf[1000];
7445  rsa_context ctx;
7446  mpi P1, Q1, H, G;
7447  size_t msg_len;
7448  rnd_buf_info info;
7449 
7450  info.length = unhexify( rnd_buf, "8070ef2de945c02387684ba0d33096732235d440" );
7451  info.buf = rnd_buf;
7452 
7453  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7455 
7456  memset( message_str, 0x00, 1000 );
7457  memset( hash_result, 0x00, 1000 );
7458  memset( output, 0x00, 1000 );
7459  memset( output_str, 0x00, 1000 );
7460 
7461  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7462  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7463  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7464  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7465  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7466 
7467  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7468  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7469  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7470  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7471  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7472  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7473  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7474  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7475 
7476  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7477 
7478  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7479 
7480  switch( SIG_RSA_SHA1 )
7481  {
7482  #ifdef POLARSSL_MD2_C
7483  case SIG_RSA_MD2:
7484  md2( message_str, msg_len, hash_result );
7485  break;
7486  #endif
7487  #ifdef POLARSSL_MD4_C
7488  case SIG_RSA_MD4:
7489  md4( message_str, msg_len, hash_result );
7490  break;
7491  #endif
7492  #ifdef POLARSSL_MD5_C
7493  case SIG_RSA_MD5:
7494  md5( message_str, msg_len, hash_result );
7495  break;
7496  #endif
7497  #ifdef POLARSSL_SHA1_C
7498  case SIG_RSA_SHA1:
7499  sha1( message_str, msg_len, hash_result );
7500  break;
7501  #endif
7502  #ifdef POLARSSL_SHA2_C
7503  case SIG_RSA_SHA224:
7504  sha2( message_str, msg_len, hash_result, 1 );
7505  break;
7506  case SIG_RSA_SHA256:
7507  sha2( message_str, msg_len, hash_result, 0 );
7508  break;
7509  #endif
7510  #ifdef POLARSSL_SHA4_C
7511  case SIG_RSA_SHA384:
7512  sha4( message_str, msg_len, hash_result, 1 );
7513  break;
7514  case SIG_RSA_SHA512:
7515  sha4( message_str, msg_len, hash_result, 0 );
7516  break;
7517  #endif
7518  }
7519 
7520  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7521  if( 0 == 0 )
7522  {
7523  hexify( output_str, output, ctx.len);
7524 
7525  fct_chk( strcasecmp( (char *) output_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" ) == 0 );
7526  }
7527 
7528  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7529  rsa_free( &ctx );
7530  }
7531  FCT_TEST_END();
7532 
7533 
7534  FCT_TEST_BGN(rsassa_pss_signature_example_2_4_verify)
7535  {
7536  unsigned char message_str[1000];
7537  unsigned char hash_result[1000];
7538  unsigned char result_str[1000];
7539  rsa_context ctx;
7540  size_t msg_len;
7541 
7543  memset( message_str, 0x00, 1000 );
7544  memset( hash_result, 0x00, 1000 );
7545  memset( result_str, 0x00, 1000 );
7546 
7547  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7548  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7549  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7550 
7551  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7552 
7553  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7554  unhexify( result_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" );
7555 
7556  switch( SIG_RSA_SHA1 )
7557  {
7558  #ifdef POLARSSL_MD2_C
7559  case SIG_RSA_MD2:
7560  md2( message_str, msg_len, hash_result );
7561  break;
7562  #endif
7563  #ifdef POLARSSL_MD4_C
7564  case SIG_RSA_MD4:
7565  md4( message_str, msg_len, hash_result );
7566  break;
7567  #endif
7568  #ifdef POLARSSL_MD5_C
7569  case SIG_RSA_MD5:
7570  md5( message_str, msg_len, hash_result );
7571  break;
7572  #endif
7573  #ifdef POLARSSL_SHA1_C
7574  case SIG_RSA_SHA1:
7575  sha1( message_str, msg_len, hash_result );
7576  break;
7577  #endif
7578  #ifdef POLARSSL_SHA2_C
7579  case SIG_RSA_SHA224:
7580  sha2( message_str, msg_len, hash_result, 1 );
7581  break;
7582  case SIG_RSA_SHA256:
7583  sha2( message_str, msg_len, hash_result, 0 );
7584  break;
7585  #endif
7586  #ifdef POLARSSL_SHA4_C
7587  case SIG_RSA_SHA384:
7588  sha4( message_str, msg_len, hash_result, 1 );
7589  break;
7590  case SIG_RSA_SHA512:
7591  sha4( message_str, msg_len, hash_result, 0 );
7592  break;
7593  #endif
7594  }
7595 
7596  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7597 
7598  rsa_free( &ctx );
7599  }
7600  FCT_TEST_END();
7601 
7602 
7603  FCT_TEST_BGN(rsassa_pss_signature_example_2_5)
7604  {
7605  unsigned char message_str[1000];
7606  unsigned char hash_result[1000];
7607  unsigned char output[1000];
7608  unsigned char output_str[1000];
7609  unsigned char rnd_buf[1000];
7610  rsa_context ctx;
7611  mpi P1, Q1, H, G;
7612  size_t msg_len;
7613  rnd_buf_info info;
7614 
7615  info.length = unhexify( rnd_buf, "17639a4e88d722c4fca24d079a8b29c32433b0c9" );
7616  info.buf = rnd_buf;
7617 
7618  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7620 
7621  memset( message_str, 0x00, 1000 );
7622  memset( hash_result, 0x00, 1000 );
7623  memset( output, 0x00, 1000 );
7624  memset( output_str, 0x00, 1000 );
7625 
7626  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7627  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7628  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7629  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7630  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7631 
7632  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7633  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7634  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7635  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7636  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7637  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7638  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7639  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7640 
7641  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7642 
7643  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7644 
7645  switch( SIG_RSA_SHA1 )
7646  {
7647  #ifdef POLARSSL_MD2_C
7648  case SIG_RSA_MD2:
7649  md2( message_str, msg_len, hash_result );
7650  break;
7651  #endif
7652  #ifdef POLARSSL_MD4_C
7653  case SIG_RSA_MD4:
7654  md4( message_str, msg_len, hash_result );
7655  break;
7656  #endif
7657  #ifdef POLARSSL_MD5_C
7658  case SIG_RSA_MD5:
7659  md5( message_str, msg_len, hash_result );
7660  break;
7661  #endif
7662  #ifdef POLARSSL_SHA1_C
7663  case SIG_RSA_SHA1:
7664  sha1( message_str, msg_len, hash_result );
7665  break;
7666  #endif
7667  #ifdef POLARSSL_SHA2_C
7668  case SIG_RSA_SHA224:
7669  sha2( message_str, msg_len, hash_result, 1 );
7670  break;
7671  case SIG_RSA_SHA256:
7672  sha2( message_str, msg_len, hash_result, 0 );
7673  break;
7674  #endif
7675  #ifdef POLARSSL_SHA4_C
7676  case SIG_RSA_SHA384:
7677  sha4( message_str, msg_len, hash_result, 1 );
7678  break;
7679  case SIG_RSA_SHA512:
7680  sha4( message_str, msg_len, hash_result, 0 );
7681  break;
7682  #endif
7683  }
7684 
7685  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7686  if( 0 == 0 )
7687  {
7688  hexify( output_str, output, ctx.len);
7689 
7690  fct_chk( strcasecmp( (char *) output_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" ) == 0 );
7691  }
7692 
7693  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7694  rsa_free( &ctx );
7695  }
7696  FCT_TEST_END();
7697 
7698 
7699  FCT_TEST_BGN(rsassa_pss_signature_example_2_5_verify)
7700  {
7701  unsigned char message_str[1000];
7702  unsigned char hash_result[1000];
7703  unsigned char result_str[1000];
7704  rsa_context ctx;
7705  size_t msg_len;
7706 
7708  memset( message_str, 0x00, 1000 );
7709  memset( hash_result, 0x00, 1000 );
7710  memset( result_str, 0x00, 1000 );
7711 
7712  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7713  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7714  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7715 
7716  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7717 
7718  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7719  unhexify( result_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" );
7720 
7721  switch( SIG_RSA_SHA1 )
7722  {
7723  #ifdef POLARSSL_MD2_C
7724  case SIG_RSA_MD2:
7725  md2( message_str, msg_len, hash_result );
7726  break;
7727  #endif
7728  #ifdef POLARSSL_MD4_C
7729  case SIG_RSA_MD4:
7730  md4( message_str, msg_len, hash_result );
7731  break;
7732  #endif
7733  #ifdef POLARSSL_MD5_C
7734  case SIG_RSA_MD5:
7735  md5( message_str, msg_len, hash_result );
7736  break;
7737  #endif
7738  #ifdef POLARSSL_SHA1_C
7739  case SIG_RSA_SHA1:
7740  sha1( message_str, msg_len, hash_result );
7741  break;
7742  #endif
7743  #ifdef POLARSSL_SHA2_C
7744  case SIG_RSA_SHA224:
7745  sha2( message_str, msg_len, hash_result, 1 );
7746  break;
7747  case SIG_RSA_SHA256:
7748  sha2( message_str, msg_len, hash_result, 0 );
7749  break;
7750  #endif
7751  #ifdef POLARSSL_SHA4_C
7752  case SIG_RSA_SHA384:
7753  sha4( message_str, msg_len, hash_result, 1 );
7754  break;
7755  case SIG_RSA_SHA512:
7756  sha4( message_str, msg_len, hash_result, 0 );
7757  break;
7758  #endif
7759  }
7760 
7761  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7762 
7763  rsa_free( &ctx );
7764  }
7765  FCT_TEST_END();
7766 
7767 
7768  FCT_TEST_BGN(rsassa_pss_signature_example_2_6)
7769  {
7770  unsigned char message_str[1000];
7771  unsigned char hash_result[1000];
7772  unsigned char output[1000];
7773  unsigned char output_str[1000];
7774  unsigned char rnd_buf[1000];
7775  rsa_context ctx;
7776  mpi P1, Q1, H, G;
7777  size_t msg_len;
7778  rnd_buf_info info;
7779 
7780  info.length = unhexify( rnd_buf, "37810def1055ed922b063df798de5d0aabf886ee" );
7781  info.buf = rnd_buf;
7782 
7783  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7785 
7786  memset( message_str, 0x00, 1000 );
7787  memset( hash_result, 0x00, 1000 );
7788  memset( output, 0x00, 1000 );
7789  memset( output_str, 0x00, 1000 );
7790 
7791  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7792  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7793  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7794  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7795  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7796 
7797  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7798  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7799  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7800  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7801  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7802  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7803  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7804  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7805 
7806  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7807 
7808  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7809 
7810  switch( SIG_RSA_SHA1 )
7811  {
7812  #ifdef POLARSSL_MD2_C
7813  case SIG_RSA_MD2:
7814  md2( message_str, msg_len, hash_result );
7815  break;
7816  #endif
7817  #ifdef POLARSSL_MD4_C
7818  case SIG_RSA_MD4:
7819  md4( message_str, msg_len, hash_result );
7820  break;
7821  #endif
7822  #ifdef POLARSSL_MD5_C
7823  case SIG_RSA_MD5:
7824  md5( message_str, msg_len, hash_result );
7825  break;
7826  #endif
7827  #ifdef POLARSSL_SHA1_C
7828  case SIG_RSA_SHA1:
7829  sha1( message_str, msg_len, hash_result );
7830  break;
7831  #endif
7832  #ifdef POLARSSL_SHA2_C
7833  case SIG_RSA_SHA224:
7834  sha2( message_str, msg_len, hash_result, 1 );
7835  break;
7836  case SIG_RSA_SHA256:
7837  sha2( message_str, msg_len, hash_result, 0 );
7838  break;
7839  #endif
7840  #ifdef POLARSSL_SHA4_C
7841  case SIG_RSA_SHA384:
7842  sha4( message_str, msg_len, hash_result, 1 );
7843  break;
7844  case SIG_RSA_SHA512:
7845  sha4( message_str, msg_len, hash_result, 0 );
7846  break;
7847  #endif
7848  }
7849 
7850  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7851  if( 0 == 0 )
7852  {
7853  hexify( output_str, output, ctx.len);
7854 
7855  fct_chk( strcasecmp( (char *) output_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" ) == 0 );
7856  }
7857 
7858  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7859  rsa_free( &ctx );
7860  }
7861  FCT_TEST_END();
7862 
7863 
7864  FCT_TEST_BGN(rsassa_pss_signature_example_2_6_verify)
7865  {
7866  unsigned char message_str[1000];
7867  unsigned char hash_result[1000];
7868  unsigned char result_str[1000];
7869  rsa_context ctx;
7870  size_t msg_len;
7871 
7873  memset( message_str, 0x00, 1000 );
7874  memset( hash_result, 0x00, 1000 );
7875  memset( result_str, 0x00, 1000 );
7876 
7877  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7878  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7879  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7880 
7881  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7882 
7883  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7884  unhexify( result_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" );
7885 
7886  switch( SIG_RSA_SHA1 )
7887  {
7888  #ifdef POLARSSL_MD2_C
7889  case SIG_RSA_MD2:
7890  md2( message_str, msg_len, hash_result );
7891  break;
7892  #endif
7893  #ifdef POLARSSL_MD4_C
7894  case SIG_RSA_MD4:
7895  md4( message_str, msg_len, hash_result );
7896  break;
7897  #endif
7898  #ifdef POLARSSL_MD5_C
7899  case SIG_RSA_MD5:
7900  md5( message_str, msg_len, hash_result );
7901  break;
7902  #endif
7903  #ifdef POLARSSL_SHA1_C
7904  case SIG_RSA_SHA1:
7905  sha1( message_str, msg_len, hash_result );
7906  break;
7907  #endif
7908  #ifdef POLARSSL_SHA2_C
7909  case SIG_RSA_SHA224:
7910  sha2( message_str, msg_len, hash_result, 1 );
7911  break;
7912  case SIG_RSA_SHA256:
7913  sha2( message_str, msg_len, hash_result, 0 );
7914  break;
7915  #endif
7916  #ifdef POLARSSL_SHA4_C
7917  case SIG_RSA_SHA384:
7918  sha4( message_str, msg_len, hash_result, 1 );
7919  break;
7920  case SIG_RSA_SHA512:
7921  sha4( message_str, msg_len, hash_result, 0 );
7922  break;
7923  #endif
7924  }
7925 
7926  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7927 
7928  rsa_free( &ctx );
7929  }
7930  FCT_TEST_END();
7931 
7932 
7933  FCT_TEST_BGN(rsassa_pss_signature_example_3_1)
7934  {
7935  unsigned char message_str[1000];
7936  unsigned char hash_result[1000];
7937  unsigned char output[1000];
7938  unsigned char output_str[1000];
7939  unsigned char rnd_buf[1000];
7940  rsa_context ctx;
7941  mpi P1, Q1, H, G;
7942  size_t msg_len;
7943  rnd_buf_info info;
7944 
7945  info.length = unhexify( rnd_buf, "f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa" );
7946  info.buf = rnd_buf;
7947 
7948  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7950 
7951  memset( message_str, 0x00, 1000 );
7952  memset( hash_result, 0x00, 1000 );
7953  memset( output, 0x00, 1000 );
7954  memset( output_str, 0x00, 1000 );
7955 
7956  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7957  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
7958  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
7959  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7960  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7961 
7962  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7963  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7964  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7965  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7966  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7967  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7968  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7969  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7970 
7971  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7972 
7973  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
7974 
7975  switch( SIG_RSA_SHA1 )
7976  {
7977  #ifdef POLARSSL_MD2_C
7978  case SIG_RSA_MD2:
7979  md2( message_str, msg_len, hash_result );
7980  break;
7981  #endif
7982  #ifdef POLARSSL_MD4_C
7983  case SIG_RSA_MD4:
7984  md4( message_str, msg_len, hash_result );
7985  break;
7986  #endif
7987  #ifdef POLARSSL_MD5_C
7988  case SIG_RSA_MD5:
7989  md5( message_str, msg_len, hash_result );
7990  break;
7991  #endif
7992  #ifdef POLARSSL_SHA1_C
7993  case SIG_RSA_SHA1:
7994  sha1( message_str, msg_len, hash_result );
7995  break;
7996  #endif
7997  #ifdef POLARSSL_SHA2_C
7998  case SIG_RSA_SHA224:
7999  sha2( message_str, msg_len, hash_result, 1 );
8000  break;
8001  case SIG_RSA_SHA256:
8002  sha2( message_str, msg_len, hash_result, 0 );
8003  break;
8004  #endif
8005  #ifdef POLARSSL_SHA4_C
8006  case SIG_RSA_SHA384:
8007  sha4( message_str, msg_len, hash_result, 1 );
8008  break;
8009  case SIG_RSA_SHA512:
8010  sha4( message_str, msg_len, hash_result, 0 );
8011  break;
8012  #endif
8013  }
8014 
8015  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8016  if( 0 == 0 )
8017  {
8018  hexify( output_str, output, ctx.len);
8019 
8020  fct_chk( strcasecmp( (char *) output_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" ) == 0 );
8021  }
8022 
8023  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8024  rsa_free( &ctx );
8025  }
8026  FCT_TEST_END();
8027 
8028 
8029  FCT_TEST_BGN(rsassa_pss_signature_example_3_1_verify)
8030  {
8031  unsigned char message_str[1000];
8032  unsigned char hash_result[1000];
8033  unsigned char result_str[1000];
8034  rsa_context ctx;
8035  size_t msg_len;
8036 
8038  memset( message_str, 0x00, 1000 );
8039  memset( hash_result, 0x00, 1000 );
8040  memset( result_str, 0x00, 1000 );
8041 
8042  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8043  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8044  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8045 
8046  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8047 
8048  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
8049  unhexify( result_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" );
8050 
8051  switch( SIG_RSA_SHA1 )
8052  {
8053  #ifdef POLARSSL_MD2_C
8054  case SIG_RSA_MD2:
8055  md2( message_str, msg_len, hash_result );
8056  break;
8057  #endif
8058  #ifdef POLARSSL_MD4_C
8059  case SIG_RSA_MD4:
8060  md4( message_str, msg_len, hash_result );
8061  break;
8062  #endif
8063  #ifdef POLARSSL_MD5_C
8064  case SIG_RSA_MD5:
8065  md5( message_str, msg_len, hash_result );
8066  break;
8067  #endif
8068  #ifdef POLARSSL_SHA1_C
8069  case SIG_RSA_SHA1:
8070  sha1( message_str, msg_len, hash_result );
8071  break;
8072  #endif
8073  #ifdef POLARSSL_SHA2_C
8074  case SIG_RSA_SHA224:
8075  sha2( message_str, msg_len, hash_result, 1 );
8076  break;
8077  case SIG_RSA_SHA256:
8078  sha2( message_str, msg_len, hash_result, 0 );
8079  break;
8080  #endif
8081  #ifdef POLARSSL_SHA4_C
8082  case SIG_RSA_SHA384:
8083  sha4( message_str, msg_len, hash_result, 1 );
8084  break;
8085  case SIG_RSA_SHA512:
8086  sha4( message_str, msg_len, hash_result, 0 );
8087  break;
8088  #endif
8089  }
8090 
8091  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8092 
8093  rsa_free( &ctx );
8094  }
8095  FCT_TEST_END();
8096 
8097 
8098  FCT_TEST_BGN(rsassa_pss_signature_example_3_2)
8099  {
8100  unsigned char message_str[1000];
8101  unsigned char hash_result[1000];
8102  unsigned char output[1000];
8103  unsigned char output_str[1000];
8104  unsigned char rnd_buf[1000];
8105  rsa_context ctx;
8106  mpi P1, Q1, H, G;
8107  size_t msg_len;
8108  rnd_buf_info info;
8109 
8110  info.length = unhexify( rnd_buf, "fcf9f0e1f199a3d1d0da681c5b8606fc642939f7" );
8111  info.buf = rnd_buf;
8112 
8113  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8115 
8116  memset( message_str, 0x00, 1000 );
8117  memset( hash_result, 0x00, 1000 );
8118  memset( output, 0x00, 1000 );
8119  memset( output_str, 0x00, 1000 );
8120 
8121  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8122  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8123  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8124  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8125  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8126 
8127  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8128  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8129  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8130  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8131  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8132  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8133  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8134  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8135 
8136  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8137 
8138  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
8139 
8140  switch( SIG_RSA_SHA1 )
8141  {
8142  #ifdef POLARSSL_MD2_C
8143  case SIG_RSA_MD2:
8144  md2( message_str, msg_len, hash_result );
8145  break;
8146  #endif
8147  #ifdef POLARSSL_MD4_C
8148  case SIG_RSA_MD4:
8149  md4( message_str, msg_len, hash_result );
8150  break;
8151  #endif
8152  #ifdef POLARSSL_MD5_C
8153  case SIG_RSA_MD5:
8154  md5( message_str, msg_len, hash_result );
8155  break;
8156  #endif
8157  #ifdef POLARSSL_SHA1_C
8158  case SIG_RSA_SHA1:
8159  sha1( message_str, msg_len, hash_result );
8160  break;
8161  #endif
8162  #ifdef POLARSSL_SHA2_C
8163  case SIG_RSA_SHA224:
8164  sha2( message_str, msg_len, hash_result, 1 );
8165  break;
8166  case SIG_RSA_SHA256:
8167  sha2( message_str, msg_len, hash_result, 0 );
8168  break;
8169  #endif
8170  #ifdef POLARSSL_SHA4_C
8171  case SIG_RSA_SHA384:
8172  sha4( message_str, msg_len, hash_result, 1 );
8173  break;
8174  case SIG_RSA_SHA512:
8175  sha4( message_str, msg_len, hash_result, 0 );
8176  break;
8177  #endif
8178  }
8179 
8180  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8181  if( 0 == 0 )
8182  {
8183  hexify( output_str, output, ctx.len);
8184 
8185  fct_chk( strcasecmp( (char *) output_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" ) == 0 );
8186  }
8187 
8188  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8189  rsa_free( &ctx );
8190  }
8191  FCT_TEST_END();
8192 
8193 
8194  FCT_TEST_BGN(rsassa_pss_signature_example_3_2_verify)
8195  {
8196  unsigned char message_str[1000];
8197  unsigned char hash_result[1000];
8198  unsigned char result_str[1000];
8199  rsa_context ctx;
8200  size_t msg_len;
8201 
8203  memset( message_str, 0x00, 1000 );
8204  memset( hash_result, 0x00, 1000 );
8205  memset( result_str, 0x00, 1000 );
8206 
8207  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8208  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8209  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8210 
8211  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8212 
8213  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
8214  unhexify( result_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" );
8215 
8216  switch( SIG_RSA_SHA1 )
8217  {
8218  #ifdef POLARSSL_MD2_C
8219  case SIG_RSA_MD2:
8220  md2( message_str, msg_len, hash_result );
8221  break;
8222  #endif
8223  #ifdef POLARSSL_MD4_C
8224  case SIG_RSA_MD4:
8225  md4( message_str, msg_len, hash_result );
8226  break;
8227  #endif
8228  #ifdef POLARSSL_MD5_C
8229  case SIG_RSA_MD5:
8230  md5( message_str, msg_len, hash_result );
8231  break;
8232  #endif
8233  #ifdef POLARSSL_SHA1_C
8234  case SIG_RSA_SHA1:
8235  sha1( message_str, msg_len, hash_result );
8236  break;
8237  #endif
8238  #ifdef POLARSSL_SHA2_C
8239  case SIG_RSA_SHA224:
8240  sha2( message_str, msg_len, hash_result, 1 );
8241  break;
8242  case SIG_RSA_SHA256:
8243  sha2( message_str, msg_len, hash_result, 0 );
8244  break;
8245  #endif
8246  #ifdef POLARSSL_SHA4_C
8247  case SIG_RSA_SHA384:
8248  sha4( message_str, msg_len, hash_result, 1 );
8249  break;
8250  case SIG_RSA_SHA512:
8251  sha4( message_str, msg_len, hash_result, 0 );
8252  break;
8253  #endif
8254  }
8255 
8256  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8257 
8258  rsa_free( &ctx );
8259  }
8260  FCT_TEST_END();
8261 
8262 
8263  FCT_TEST_BGN(rsassa_pss_signature_example_3_3)
8264  {
8265  unsigned char message_str[1000];
8266  unsigned char hash_result[1000];
8267  unsigned char output[1000];
8268  unsigned char output_str[1000];
8269  unsigned char rnd_buf[1000];
8270  rsa_context ctx;
8271  mpi P1, Q1, H, G;
8272  size_t msg_len;
8273  rnd_buf_info info;
8274 
8275  info.length = unhexify( rnd_buf, "986e7c43dbb671bd41b9a7f4b6afc80e805f2423" );
8276  info.buf = rnd_buf;
8277 
8278  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8280 
8281  memset( message_str, 0x00, 1000 );
8282  memset( hash_result, 0x00, 1000 );
8283  memset( output, 0x00, 1000 );
8284  memset( output_str, 0x00, 1000 );
8285 
8286  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8287  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8288  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8289  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8290  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8291 
8292  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8293  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8294  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8295  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8296  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8297  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8298  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8299  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8300 
8301  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8302 
8303  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
8304 
8305  switch( SIG_RSA_SHA1 )
8306  {
8307  #ifdef POLARSSL_MD2_C
8308  case SIG_RSA_MD2:
8309  md2( message_str, msg_len, hash_result );
8310  break;
8311  #endif
8312  #ifdef POLARSSL_MD4_C
8313  case SIG_RSA_MD4:
8314  md4( message_str, msg_len, hash_result );
8315  break;
8316  #endif
8317  #ifdef POLARSSL_MD5_C
8318  case SIG_RSA_MD5:
8319  md5( message_str, msg_len, hash_result );
8320  break;
8321  #endif
8322  #ifdef POLARSSL_SHA1_C
8323  case SIG_RSA_SHA1:
8324  sha1( message_str, msg_len, hash_result );
8325  break;
8326  #endif
8327  #ifdef POLARSSL_SHA2_C
8328  case SIG_RSA_SHA224:
8329  sha2( message_str, msg_len, hash_result, 1 );
8330  break;
8331  case SIG_RSA_SHA256:
8332  sha2( message_str, msg_len, hash_result, 0 );
8333  break;
8334  #endif
8335  #ifdef POLARSSL_SHA4_C
8336  case SIG_RSA_SHA384:
8337  sha4( message_str, msg_len, hash_result, 1 );
8338  break;
8339  case SIG_RSA_SHA512:
8340  sha4( message_str, msg_len, hash_result, 0 );
8341  break;
8342  #endif
8343  }
8344 
8345  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8346  if( 0 == 0 )
8347  {
8348  hexify( output_str, output, ctx.len);
8349 
8350  fct_chk( strcasecmp( (char *) output_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" ) == 0 );
8351  }
8352 
8353  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8354  rsa_free( &ctx );
8355  }
8356  FCT_TEST_END();
8357 
8358 
8359  FCT_TEST_BGN(rsassa_pss_signature_example_3_3_verify)
8360  {
8361  unsigned char message_str[1000];
8362  unsigned char hash_result[1000];
8363  unsigned char result_str[1000];
8364  rsa_context ctx;
8365  size_t msg_len;
8366 
8368  memset( message_str, 0x00, 1000 );
8369  memset( hash_result, 0x00, 1000 );
8370  memset( result_str, 0x00, 1000 );
8371 
8372  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8373  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8374  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8375 
8376  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8377 
8378  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
8379  unhexify( result_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" );
8380 
8381  switch( SIG_RSA_SHA1 )
8382  {
8383  #ifdef POLARSSL_MD2_C
8384  case SIG_RSA_MD2:
8385  md2( message_str, msg_len, hash_result );
8386  break;
8387  #endif
8388  #ifdef POLARSSL_MD4_C
8389  case SIG_RSA_MD4:
8390  md4( message_str, msg_len, hash_result );
8391  break;
8392  #endif
8393  #ifdef POLARSSL_MD5_C
8394  case SIG_RSA_MD5:
8395  md5( message_str, msg_len, hash_result );
8396  break;
8397  #endif
8398  #ifdef POLARSSL_SHA1_C
8399  case SIG_RSA_SHA1:
8400  sha1( message_str, msg_len, hash_result );
8401  break;
8402  #endif
8403  #ifdef POLARSSL_SHA2_C
8404  case SIG_RSA_SHA224:
8405  sha2( message_str, msg_len, hash_result, 1 );
8406  break;
8407  case SIG_RSA_SHA256:
8408  sha2( message_str, msg_len, hash_result, 0 );
8409  break;
8410  #endif
8411  #ifdef POLARSSL_SHA4_C
8412  case SIG_RSA_SHA384:
8413  sha4( message_str, msg_len, hash_result, 1 );
8414  break;
8415  case SIG_RSA_SHA512:
8416  sha4( message_str, msg_len, hash_result, 0 );
8417  break;
8418  #endif
8419  }
8420 
8421  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8422 
8423  rsa_free( &ctx );
8424  }
8425  FCT_TEST_END();
8426 
8427 
8428  FCT_TEST_BGN(rsassa_pss_signature_example_3_4)
8429  {
8430  unsigned char message_str[1000];
8431  unsigned char hash_result[1000];
8432  unsigned char output[1000];
8433  unsigned char output_str[1000];
8434  unsigned char rnd_buf[1000];
8435  rsa_context ctx;
8436  mpi P1, Q1, H, G;
8437  size_t msg_len;
8438  rnd_buf_info info;
8439 
8440  info.length = unhexify( rnd_buf, "f8312d9c8eea13ec0a4c7b98120c87509087c478" );
8441  info.buf = rnd_buf;
8442 
8443  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8445 
8446  memset( message_str, 0x00, 1000 );
8447  memset( hash_result, 0x00, 1000 );
8448  memset( output, 0x00, 1000 );
8449  memset( output_str, 0x00, 1000 );
8450 
8451  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8452  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8453  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8454  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8455  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8456 
8457  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8458  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8459  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8460  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8461  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8462  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8463  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8464  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8465 
8466  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8467 
8468  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8469 
8470  switch( SIG_RSA_SHA1 )
8471  {
8472  #ifdef POLARSSL_MD2_C
8473  case SIG_RSA_MD2:
8474  md2( message_str, msg_len, hash_result );
8475  break;
8476  #endif
8477  #ifdef POLARSSL_MD4_C
8478  case SIG_RSA_MD4:
8479  md4( message_str, msg_len, hash_result );
8480  break;
8481  #endif
8482  #ifdef POLARSSL_MD5_C
8483  case SIG_RSA_MD5:
8484  md5( message_str, msg_len, hash_result );
8485  break;
8486  #endif
8487  #ifdef POLARSSL_SHA1_C
8488  case SIG_RSA_SHA1:
8489  sha1( message_str, msg_len, hash_result );
8490  break;
8491  #endif
8492  #ifdef POLARSSL_SHA2_C
8493  case SIG_RSA_SHA224:
8494  sha2( message_str, msg_len, hash_result, 1 );
8495  break;
8496  case SIG_RSA_SHA256:
8497  sha2( message_str, msg_len, hash_result, 0 );
8498  break;
8499  #endif
8500  #ifdef POLARSSL_SHA4_C
8501  case SIG_RSA_SHA384:
8502  sha4( message_str, msg_len, hash_result, 1 );
8503  break;
8504  case SIG_RSA_SHA512:
8505  sha4( message_str, msg_len, hash_result, 0 );
8506  break;
8507  #endif
8508  }
8509 
8510  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8511  if( 0 == 0 )
8512  {
8513  hexify( output_str, output, ctx.len);
8514 
8515  fct_chk( strcasecmp( (char *) output_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" ) == 0 );
8516  }
8517 
8518  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8519  rsa_free( &ctx );
8520  }
8521  FCT_TEST_END();
8522 
8523 
8524  FCT_TEST_BGN(rsassa_pss_signature_example_3_4_verify)
8525  {
8526  unsigned char message_str[1000];
8527  unsigned char hash_result[1000];
8528  unsigned char result_str[1000];
8529  rsa_context ctx;
8530  size_t msg_len;
8531 
8533  memset( message_str, 0x00, 1000 );
8534  memset( hash_result, 0x00, 1000 );
8535  memset( result_str, 0x00, 1000 );
8536 
8537  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8538  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8539  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8540 
8541  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8542 
8543  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8544  unhexify( result_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" );
8545 
8546  switch( SIG_RSA_SHA1 )
8547  {
8548  #ifdef POLARSSL_MD2_C
8549  case SIG_RSA_MD2:
8550  md2( message_str, msg_len, hash_result );
8551  break;
8552  #endif
8553  #ifdef POLARSSL_MD4_C
8554  case SIG_RSA_MD4:
8555  md4( message_str, msg_len, hash_result );
8556  break;
8557  #endif
8558  #ifdef POLARSSL_MD5_C
8559  case SIG_RSA_MD5:
8560  md5( message_str, msg_len, hash_result );
8561  break;
8562  #endif
8563  #ifdef POLARSSL_SHA1_C
8564  case SIG_RSA_SHA1:
8565  sha1( message_str, msg_len, hash_result );
8566  break;
8567  #endif
8568  #ifdef POLARSSL_SHA2_C
8569  case SIG_RSA_SHA224:
8570  sha2( message_str, msg_len, hash_result, 1 );
8571  break;
8572  case SIG_RSA_SHA256:
8573  sha2( message_str, msg_len, hash_result, 0 );
8574  break;
8575  #endif
8576  #ifdef POLARSSL_SHA4_C
8577  case SIG_RSA_SHA384:
8578  sha4( message_str, msg_len, hash_result, 1 );
8579  break;
8580  case SIG_RSA_SHA512:
8581  sha4( message_str, msg_len, hash_result, 0 );
8582  break;
8583  #endif
8584  }
8585 
8586  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8587 
8588  rsa_free( &ctx );
8589  }
8590  FCT_TEST_END();
8591 
8592 
8593  FCT_TEST_BGN(rsassa_pss_signature_example_3_5)
8594  {
8595  unsigned char message_str[1000];
8596  unsigned char hash_result[1000];
8597  unsigned char output[1000];
8598  unsigned char output_str[1000];
8599  unsigned char rnd_buf[1000];
8600  rsa_context ctx;
8601  mpi P1, Q1, H, G;
8602  size_t msg_len;
8603  rnd_buf_info info;
8604 
8605  info.length = unhexify( rnd_buf, "50327efec6292f98019fc67a2a6638563e9b6e2d" );
8606  info.buf = rnd_buf;
8607 
8608  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8610 
8611  memset( message_str, 0x00, 1000 );
8612  memset( hash_result, 0x00, 1000 );
8613  memset( output, 0x00, 1000 );
8614  memset( output_str, 0x00, 1000 );
8615 
8616  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8617  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8618  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8619  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8620  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8621 
8622  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8623  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8624  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8625  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8626  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8627  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8628  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8629  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8630 
8631  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8632 
8633  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8634 
8635  switch( SIG_RSA_SHA1 )
8636  {
8637  #ifdef POLARSSL_MD2_C
8638  case SIG_RSA_MD2:
8639  md2( message_str, msg_len, hash_result );
8640  break;
8641  #endif
8642  #ifdef POLARSSL_MD4_C
8643  case SIG_RSA_MD4:
8644  md4( message_str, msg_len, hash_result );
8645  break;
8646  #endif
8647  #ifdef POLARSSL_MD5_C
8648  case SIG_RSA_MD5:
8649  md5( message_str, msg_len, hash_result );
8650  break;
8651  #endif
8652  #ifdef POLARSSL_SHA1_C
8653  case SIG_RSA_SHA1:
8654  sha1( message_str, msg_len, hash_result );
8655  break;
8656  #endif
8657  #ifdef POLARSSL_SHA2_C
8658  case SIG_RSA_SHA224:
8659  sha2( message_str, msg_len, hash_result, 1 );
8660  break;
8661  case SIG_RSA_SHA256:
8662  sha2( message_str, msg_len, hash_result, 0 );
8663  break;
8664  #endif
8665  #ifdef POLARSSL_SHA4_C
8666  case SIG_RSA_SHA384:
8667  sha4( message_str, msg_len, hash_result, 1 );
8668  break;
8669  case SIG_RSA_SHA512:
8670  sha4( message_str, msg_len, hash_result, 0 );
8671  break;
8672  #endif
8673  }
8674 
8675  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8676  if( 0 == 0 )
8677  {
8678  hexify( output_str, output, ctx.len);
8679 
8680  fct_chk( strcasecmp( (char *) output_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" ) == 0 );
8681  }
8682 
8683  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8684  rsa_free( &ctx );
8685  }
8686  FCT_TEST_END();
8687 
8688 
8689  FCT_TEST_BGN(rsassa_pss_signature_example_3_5_verify)
8690  {
8691  unsigned char message_str[1000];
8692  unsigned char hash_result[1000];
8693  unsigned char result_str[1000];
8694  rsa_context ctx;
8695  size_t msg_len;
8696 
8698  memset( message_str, 0x00, 1000 );
8699  memset( hash_result, 0x00, 1000 );
8700  memset( result_str, 0x00, 1000 );
8701 
8702  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8703  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8704  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8705 
8706  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8707 
8708  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8709  unhexify( result_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" );
8710 
8711  switch( SIG_RSA_SHA1 )
8712  {
8713  #ifdef POLARSSL_MD2_C
8714  case SIG_RSA_MD2:
8715  md2( message_str, msg_len, hash_result );
8716  break;
8717  #endif
8718  #ifdef POLARSSL_MD4_C
8719  case SIG_RSA_MD4:
8720  md4( message_str, msg_len, hash_result );
8721  break;
8722  #endif
8723  #ifdef POLARSSL_MD5_C
8724  case SIG_RSA_MD5:
8725  md5( message_str, msg_len, hash_result );
8726  break;
8727  #endif
8728  #ifdef POLARSSL_SHA1_C
8729  case SIG_RSA_SHA1:
8730  sha1( message_str, msg_len, hash_result );
8731  break;
8732  #endif
8733  #ifdef POLARSSL_SHA2_C
8734  case SIG_RSA_SHA224:
8735  sha2( message_str, msg_len, hash_result, 1 );
8736  break;
8737  case SIG_RSA_SHA256:
8738  sha2( message_str, msg_len, hash_result, 0 );
8739  break;
8740  #endif
8741  #ifdef POLARSSL_SHA4_C
8742  case SIG_RSA_SHA384:
8743  sha4( message_str, msg_len, hash_result, 1 );
8744  break;
8745  case SIG_RSA_SHA512:
8746  sha4( message_str, msg_len, hash_result, 0 );
8747  break;
8748  #endif
8749  }
8750 
8751  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8752 
8753  rsa_free( &ctx );
8754  }
8755  FCT_TEST_END();
8756 
8757 
8758  FCT_TEST_BGN(rsassa_pss_signature_example_3_6)
8759  {
8760  unsigned char message_str[1000];
8761  unsigned char hash_result[1000];
8762  unsigned char output[1000];
8763  unsigned char output_str[1000];
8764  unsigned char rnd_buf[1000];
8765  rsa_context ctx;
8766  mpi P1, Q1, H, G;
8767  size_t msg_len;
8768  rnd_buf_info info;
8769 
8770  info.length = unhexify( rnd_buf, "b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3" );
8771  info.buf = rnd_buf;
8772 
8773  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8775 
8776  memset( message_str, 0x00, 1000 );
8777  memset( hash_result, 0x00, 1000 );
8778  memset( output, 0x00, 1000 );
8779  memset( output_str, 0x00, 1000 );
8780 
8781  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8782  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8783  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8784  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8785  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8786 
8787  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8788  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8789  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8790  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8791  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8792  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8793  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8794  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8795 
8796  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8797 
8798  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8799 
8800  switch( SIG_RSA_SHA1 )
8801  {
8802  #ifdef POLARSSL_MD2_C
8803  case SIG_RSA_MD2:
8804  md2( message_str, msg_len, hash_result );
8805  break;
8806  #endif
8807  #ifdef POLARSSL_MD4_C
8808  case SIG_RSA_MD4:
8809  md4( message_str, msg_len, hash_result );
8810  break;
8811  #endif
8812  #ifdef POLARSSL_MD5_C
8813  case SIG_RSA_MD5:
8814  md5( message_str, msg_len, hash_result );
8815  break;
8816  #endif
8817  #ifdef POLARSSL_SHA1_C
8818  case SIG_RSA_SHA1:
8819  sha1( message_str, msg_len, hash_result );
8820  break;
8821  #endif
8822  #ifdef POLARSSL_SHA2_C
8823  case SIG_RSA_SHA224:
8824  sha2( message_str, msg_len, hash_result, 1 );
8825  break;
8826  case SIG_RSA_SHA256:
8827  sha2( message_str, msg_len, hash_result, 0 );
8828  break;
8829  #endif
8830  #ifdef POLARSSL_SHA4_C
8831  case SIG_RSA_SHA384:
8832  sha4( message_str, msg_len, hash_result, 1 );
8833  break;
8834  case SIG_RSA_SHA512:
8835  sha4( message_str, msg_len, hash_result, 0 );
8836  break;
8837  #endif
8838  }
8839 
8840  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8841  if( 0 == 0 )
8842  {
8843  hexify( output_str, output, ctx.len);
8844 
8845  fct_chk( strcasecmp( (char *) output_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" ) == 0 );
8846  }
8847 
8848  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8849  rsa_free( &ctx );
8850  }
8851  FCT_TEST_END();
8852 
8853 
8854  FCT_TEST_BGN(rsassa_pss_signature_example_3_6_verify)
8855  {
8856  unsigned char message_str[1000];
8857  unsigned char hash_result[1000];
8858  unsigned char result_str[1000];
8859  rsa_context ctx;
8860  size_t msg_len;
8861 
8863  memset( message_str, 0x00, 1000 );
8864  memset( hash_result, 0x00, 1000 );
8865  memset( result_str, 0x00, 1000 );
8866 
8867  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8868  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8869  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8870 
8871  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8872 
8873  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8874  unhexify( result_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" );
8875 
8876  switch( SIG_RSA_SHA1 )
8877  {
8878  #ifdef POLARSSL_MD2_C
8879  case SIG_RSA_MD2:
8880  md2( message_str, msg_len, hash_result );
8881  break;
8882  #endif
8883  #ifdef POLARSSL_MD4_C
8884  case SIG_RSA_MD4:
8885  md4( message_str, msg_len, hash_result );
8886  break;
8887  #endif
8888  #ifdef POLARSSL_MD5_C
8889  case SIG_RSA_MD5:
8890  md5( message_str, msg_len, hash_result );
8891  break;
8892  #endif
8893  #ifdef POLARSSL_SHA1_C
8894  case SIG_RSA_SHA1:
8895  sha1( message_str, msg_len, hash_result );
8896  break;
8897  #endif
8898  #ifdef POLARSSL_SHA2_C
8899  case SIG_RSA_SHA224:
8900  sha2( message_str, msg_len, hash_result, 1 );
8901  break;
8902  case SIG_RSA_SHA256:
8903  sha2( message_str, msg_len, hash_result, 0 );
8904  break;
8905  #endif
8906  #ifdef POLARSSL_SHA4_C
8907  case SIG_RSA_SHA384:
8908  sha4( message_str, msg_len, hash_result, 1 );
8909  break;
8910  case SIG_RSA_SHA512:
8911  sha4( message_str, msg_len, hash_result, 0 );
8912  break;
8913  #endif
8914  }
8915 
8916  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8917 
8918  rsa_free( &ctx );
8919  }
8920  FCT_TEST_END();
8921 
8922 
8923  FCT_TEST_BGN(rsassa_pss_signature_example_4_1)
8924  {
8925  unsigned char message_str[1000];
8926  unsigned char hash_result[1000];
8927  unsigned char output[1000];
8928  unsigned char output_str[1000];
8929  unsigned char rnd_buf[1000];
8930  rsa_context ctx;
8931  mpi P1, Q1, H, G;
8932  size_t msg_len;
8933  rnd_buf_info info;
8934 
8935  info.length = unhexify( rnd_buf, "ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d" );
8936  info.buf = rnd_buf;
8937 
8938  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8940 
8941  memset( message_str, 0x00, 1000 );
8942  memset( hash_result, 0x00, 1000 );
8943  memset( output, 0x00, 1000 );
8944  memset( output_str, 0x00, 1000 );
8945 
8946  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8947  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
8948  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
8949  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8950  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8951 
8952  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8953  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8954  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8955  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8956  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8957  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8958  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8959  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8960 
8961  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8962 
8963  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
8964 
8965  switch( SIG_RSA_SHA1 )
8966  {
8967  #ifdef POLARSSL_MD2_C
8968  case SIG_RSA_MD2:
8969  md2( message_str, msg_len, hash_result );
8970  break;
8971  #endif
8972  #ifdef POLARSSL_MD4_C
8973  case SIG_RSA_MD4:
8974  md4( message_str, msg_len, hash_result );
8975  break;
8976  #endif
8977  #ifdef POLARSSL_MD5_C
8978  case SIG_RSA_MD5:
8979  md5( message_str, msg_len, hash_result );
8980  break;
8981  #endif
8982  #ifdef POLARSSL_SHA1_C
8983  case SIG_RSA_SHA1:
8984  sha1( message_str, msg_len, hash_result );
8985  break;
8986  #endif
8987  #ifdef POLARSSL_SHA2_C
8988  case SIG_RSA_SHA224:
8989  sha2( message_str, msg_len, hash_result, 1 );
8990  break;
8991  case SIG_RSA_SHA256:
8992  sha2( message_str, msg_len, hash_result, 0 );
8993  break;
8994  #endif
8995  #ifdef POLARSSL_SHA4_C
8996  case SIG_RSA_SHA384:
8997  sha4( message_str, msg_len, hash_result, 1 );
8998  break;
8999  case SIG_RSA_SHA512:
9000  sha4( message_str, msg_len, hash_result, 0 );
9001  break;
9002  #endif
9003  }
9004 
9005  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9006  if( 0 == 0 )
9007  {
9008  hexify( output_str, output, ctx.len);
9009 
9010  fct_chk( strcasecmp( (char *) output_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" ) == 0 );
9011  }
9012 
9013  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9014  rsa_free( &ctx );
9015  }
9016  FCT_TEST_END();
9017 
9018 
9019  FCT_TEST_BGN(rsassa_pss_signature_example_4_1_verify)
9020  {
9021  unsigned char message_str[1000];
9022  unsigned char hash_result[1000];
9023  unsigned char result_str[1000];
9024  rsa_context ctx;
9025  size_t msg_len;
9026 
9028  memset( message_str, 0x00, 1000 );
9029  memset( hash_result, 0x00, 1000 );
9030  memset( result_str, 0x00, 1000 );
9031 
9032  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9033  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9034  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9035 
9036  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9037 
9038  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
9039  unhexify( result_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" );
9040 
9041  switch( SIG_RSA_SHA1 )
9042  {
9043  #ifdef POLARSSL_MD2_C
9044  case SIG_RSA_MD2:
9045  md2( message_str, msg_len, hash_result );
9046  break;
9047  #endif
9048  #ifdef POLARSSL_MD4_C
9049  case SIG_RSA_MD4:
9050  md4( message_str, msg_len, hash_result );
9051  break;
9052  #endif
9053  #ifdef POLARSSL_MD5_C
9054  case SIG_RSA_MD5:
9055  md5( message_str, msg_len, hash_result );
9056  break;
9057  #endif
9058  #ifdef POLARSSL_SHA1_C
9059  case SIG_RSA_SHA1:
9060  sha1( message_str, msg_len, hash_result );
9061  break;
9062  #endif
9063  #ifdef POLARSSL_SHA2_C
9064  case SIG_RSA_SHA224:
9065  sha2( message_str, msg_len, hash_result, 1 );
9066  break;
9067  case SIG_RSA_SHA256:
9068  sha2( message_str, msg_len, hash_result, 0 );
9069  break;
9070  #endif
9071  #ifdef POLARSSL_SHA4_C
9072  case SIG_RSA_SHA384:
9073  sha4( message_str, msg_len, hash_result, 1 );
9074  break;
9075  case SIG_RSA_SHA512:
9076  sha4( message_str, msg_len, hash_result, 0 );
9077  break;
9078  #endif
9079  }
9080 
9081  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9082 
9083  rsa_free( &ctx );
9084  }
9085  FCT_TEST_END();
9086 
9087 
9088  FCT_TEST_BGN(rsassa_pss_signature_example_4_2)
9089  {
9090  unsigned char message_str[1000];
9091  unsigned char hash_result[1000];
9092  unsigned char output[1000];
9093  unsigned char output_str[1000];
9094  unsigned char rnd_buf[1000];
9095  rsa_context ctx;
9096  mpi P1, Q1, H, G;
9097  size_t msg_len;
9098  rnd_buf_info info;
9099 
9100  info.length = unhexify( rnd_buf, "22d71d54363a4217aa55113f059b3384e3e57e44" );
9101  info.buf = rnd_buf;
9102 
9103  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9105 
9106  memset( message_str, 0x00, 1000 );
9107  memset( hash_result, 0x00, 1000 );
9108  memset( output, 0x00, 1000 );
9109  memset( output_str, 0x00, 1000 );
9110 
9111  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9112  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9113  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9114  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9115  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9116 
9117  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9118  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9119  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9120  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9121  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9122  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9123  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9124  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9125 
9126  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9127 
9128  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
9129 
9130  switch( SIG_RSA_SHA1 )
9131  {
9132  #ifdef POLARSSL_MD2_C
9133  case SIG_RSA_MD2:
9134  md2( message_str, msg_len, hash_result );
9135  break;
9136  #endif
9137  #ifdef POLARSSL_MD4_C
9138  case SIG_RSA_MD4:
9139  md4( message_str, msg_len, hash_result );
9140  break;
9141  #endif
9142  #ifdef POLARSSL_MD5_C
9143  case SIG_RSA_MD5:
9144  md5( message_str, msg_len, hash_result );
9145  break;
9146  #endif
9147  #ifdef POLARSSL_SHA1_C
9148  case SIG_RSA_SHA1:
9149  sha1( message_str, msg_len, hash_result );
9150  break;
9151  #endif
9152  #ifdef POLARSSL_SHA2_C
9153  case SIG_RSA_SHA224:
9154  sha2( message_str, msg_len, hash_result, 1 );
9155  break;
9156  case SIG_RSA_SHA256:
9157  sha2( message_str, msg_len, hash_result, 0 );
9158  break;
9159  #endif
9160  #ifdef POLARSSL_SHA4_C
9161  case SIG_RSA_SHA384:
9162  sha4( message_str, msg_len, hash_result, 1 );
9163  break;
9164  case SIG_RSA_SHA512:
9165  sha4( message_str, msg_len, hash_result, 0 );
9166  break;
9167  #endif
9168  }
9169 
9170  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9171  if( 0 == 0 )
9172  {
9173  hexify( output_str, output, ctx.len);
9174 
9175  fct_chk( strcasecmp( (char *) output_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" ) == 0 );
9176  }
9177 
9178  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9179  rsa_free( &ctx );
9180  }
9181  FCT_TEST_END();
9182 
9183 
9184  FCT_TEST_BGN(rsassa_pss_signature_example_4_2_verify)
9185  {
9186  unsigned char message_str[1000];
9187  unsigned char hash_result[1000];
9188  unsigned char result_str[1000];
9189  rsa_context ctx;
9190  size_t msg_len;
9191 
9193  memset( message_str, 0x00, 1000 );
9194  memset( hash_result, 0x00, 1000 );
9195  memset( result_str, 0x00, 1000 );
9196 
9197  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9198  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9199  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9200 
9201  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9202 
9203  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
9204  unhexify( result_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" );
9205 
9206  switch( SIG_RSA_SHA1 )
9207  {
9208  #ifdef POLARSSL_MD2_C
9209  case SIG_RSA_MD2:
9210  md2( message_str, msg_len, hash_result );
9211  break;
9212  #endif
9213  #ifdef POLARSSL_MD4_C
9214  case SIG_RSA_MD4:
9215  md4( message_str, msg_len, hash_result );
9216  break;
9217  #endif
9218  #ifdef POLARSSL_MD5_C
9219  case SIG_RSA_MD5:
9220  md5( message_str, msg_len, hash_result );
9221  break;
9222  #endif
9223  #ifdef POLARSSL_SHA1_C
9224  case SIG_RSA_SHA1:
9225  sha1( message_str, msg_len, hash_result );
9226  break;
9227  #endif
9228  #ifdef POLARSSL_SHA2_C
9229  case SIG_RSA_SHA224:
9230  sha2( message_str, msg_len, hash_result, 1 );
9231  break;
9232  case SIG_RSA_SHA256:
9233  sha2( message_str, msg_len, hash_result, 0 );
9234  break;
9235  #endif
9236  #ifdef POLARSSL_SHA4_C
9237  case SIG_RSA_SHA384:
9238  sha4( message_str, msg_len, hash_result, 1 );
9239  break;
9240  case SIG_RSA_SHA512:
9241  sha4( message_str, msg_len, hash_result, 0 );
9242  break;
9243  #endif
9244  }
9245 
9246  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9247 
9248  rsa_free( &ctx );
9249  }
9250  FCT_TEST_END();
9251 
9252 
9253  FCT_TEST_BGN(rsassa_pss_signature_example_4_3)
9254  {
9255  unsigned char message_str[1000];
9256  unsigned char hash_result[1000];
9257  unsigned char output[1000];
9258  unsigned char output_str[1000];
9259  unsigned char rnd_buf[1000];
9260  rsa_context ctx;
9261  mpi P1, Q1, H, G;
9262  size_t msg_len;
9263  rnd_buf_info info;
9264 
9265  info.length = unhexify( rnd_buf, "4af870fbc6516012ca916c70ba862ac7e8243617" );
9266  info.buf = rnd_buf;
9267 
9268  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9270 
9271  memset( message_str, 0x00, 1000 );
9272  memset( hash_result, 0x00, 1000 );
9273  memset( output, 0x00, 1000 );
9274  memset( output_str, 0x00, 1000 );
9275 
9276  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9277  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9278  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9279  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9280  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9281 
9282  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9283  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9284  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9285  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9286  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9287  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9288  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9289  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9290 
9291  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9292 
9293  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
9294 
9295  switch( SIG_RSA_SHA1 )
9296  {
9297  #ifdef POLARSSL_MD2_C
9298  case SIG_RSA_MD2:
9299  md2( message_str, msg_len, hash_result );
9300  break;
9301  #endif
9302  #ifdef POLARSSL_MD4_C
9303  case SIG_RSA_MD4:
9304  md4( message_str, msg_len, hash_result );
9305  break;
9306  #endif
9307  #ifdef POLARSSL_MD5_C
9308  case SIG_RSA_MD5:
9309  md5( message_str, msg_len, hash_result );
9310  break;
9311  #endif
9312  #ifdef POLARSSL_SHA1_C
9313  case SIG_RSA_SHA1:
9314  sha1( message_str, msg_len, hash_result );
9315  break;
9316  #endif
9317  #ifdef POLARSSL_SHA2_C
9318  case SIG_RSA_SHA224:
9319  sha2( message_str, msg_len, hash_result, 1 );
9320  break;
9321  case SIG_RSA_SHA256:
9322  sha2( message_str, msg_len, hash_result, 0 );
9323  break;
9324  #endif
9325  #ifdef POLARSSL_SHA4_C
9326  case SIG_RSA_SHA384:
9327  sha4( message_str, msg_len, hash_result, 1 );
9328  break;
9329  case SIG_RSA_SHA512:
9330  sha4( message_str, msg_len, hash_result, 0 );
9331  break;
9332  #endif
9333  }
9334 
9335  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9336  if( 0 == 0 )
9337  {
9338  hexify( output_str, output, ctx.len);
9339 
9340  fct_chk( strcasecmp( (char *) output_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" ) == 0 );
9341  }
9342 
9343  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9344  rsa_free( &ctx );
9345  }
9346  FCT_TEST_END();
9347 
9348 
9349  FCT_TEST_BGN(rsassa_pss_signature_example_4_3_verify)
9350  {
9351  unsigned char message_str[1000];
9352  unsigned char hash_result[1000];
9353  unsigned char result_str[1000];
9354  rsa_context ctx;
9355  size_t msg_len;
9356 
9358  memset( message_str, 0x00, 1000 );
9359  memset( hash_result, 0x00, 1000 );
9360  memset( result_str, 0x00, 1000 );
9361 
9362  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9363  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9364  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9365 
9366  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9367 
9368  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
9369  unhexify( result_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" );
9370 
9371  switch( SIG_RSA_SHA1 )
9372  {
9373  #ifdef POLARSSL_MD2_C
9374  case SIG_RSA_MD2:
9375  md2( message_str, msg_len, hash_result );
9376  break;
9377  #endif
9378  #ifdef POLARSSL_MD4_C
9379  case SIG_RSA_MD4:
9380  md4( message_str, msg_len, hash_result );
9381  break;
9382  #endif
9383  #ifdef POLARSSL_MD5_C
9384  case SIG_RSA_MD5:
9385  md5( message_str, msg_len, hash_result );
9386  break;
9387  #endif
9388  #ifdef POLARSSL_SHA1_C
9389  case SIG_RSA_SHA1:
9390  sha1( message_str, msg_len, hash_result );
9391  break;
9392  #endif
9393  #ifdef POLARSSL_SHA2_C
9394  case SIG_RSA_SHA224:
9395  sha2( message_str, msg_len, hash_result, 1 );
9396  break;
9397  case SIG_RSA_SHA256:
9398  sha2( message_str, msg_len, hash_result, 0 );
9399  break;
9400  #endif
9401  #ifdef POLARSSL_SHA4_C
9402  case SIG_RSA_SHA384:
9403  sha4( message_str, msg_len, hash_result, 1 );
9404  break;
9405  case SIG_RSA_SHA512:
9406  sha4( message_str, msg_len, hash_result, 0 );
9407  break;
9408  #endif
9409  }
9410 
9411  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9412 
9413  rsa_free( &ctx );
9414  }
9415  FCT_TEST_END();
9416 
9417 
9418  FCT_TEST_BGN(rsassa_pss_signature_example_4_4)
9419  {
9420  unsigned char message_str[1000];
9421  unsigned char hash_result[1000];
9422  unsigned char output[1000];
9423  unsigned char output_str[1000];
9424  unsigned char rnd_buf[1000];
9425  rsa_context ctx;
9426  mpi P1, Q1, H, G;
9427  size_t msg_len;
9428  rnd_buf_info info;
9429 
9430  info.length = unhexify( rnd_buf, "40d2e180fae1eac439c190b56c2c0e14ddf9a226" );
9431  info.buf = rnd_buf;
9432 
9433  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9435 
9436  memset( message_str, 0x00, 1000 );
9437  memset( hash_result, 0x00, 1000 );
9438  memset( output, 0x00, 1000 );
9439  memset( output_str, 0x00, 1000 );
9440 
9441  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9442  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9443  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9444  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9445  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9446 
9447  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9448  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9449  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9450  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9451  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9452  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9453  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9454  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9455 
9456  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9457 
9458  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9459 
9460  switch( SIG_RSA_SHA1 )
9461  {
9462  #ifdef POLARSSL_MD2_C
9463  case SIG_RSA_MD2:
9464  md2( message_str, msg_len, hash_result );
9465  break;
9466  #endif
9467  #ifdef POLARSSL_MD4_C
9468  case SIG_RSA_MD4:
9469  md4( message_str, msg_len, hash_result );
9470  break;
9471  #endif
9472  #ifdef POLARSSL_MD5_C
9473  case SIG_RSA_MD5:
9474  md5( message_str, msg_len, hash_result );
9475  break;
9476  #endif
9477  #ifdef POLARSSL_SHA1_C
9478  case SIG_RSA_SHA1:
9479  sha1( message_str, msg_len, hash_result );
9480  break;
9481  #endif
9482  #ifdef POLARSSL_SHA2_C
9483  case SIG_RSA_SHA224:
9484  sha2( message_str, msg_len, hash_result, 1 );
9485  break;
9486  case SIG_RSA_SHA256:
9487  sha2( message_str, msg_len, hash_result, 0 );
9488  break;
9489  #endif
9490  #ifdef POLARSSL_SHA4_C
9491  case SIG_RSA_SHA384:
9492  sha4( message_str, msg_len, hash_result, 1 );
9493  break;
9494  case SIG_RSA_SHA512:
9495  sha4( message_str, msg_len, hash_result, 0 );
9496  break;
9497  #endif
9498  }
9499 
9500  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9501  if( 0 == 0 )
9502  {
9503  hexify( output_str, output, ctx.len);
9504 
9505  fct_chk( strcasecmp( (char *) output_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" ) == 0 );
9506  }
9507 
9508  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9509  rsa_free( &ctx );
9510  }
9511  FCT_TEST_END();
9512 
9513 
9514  FCT_TEST_BGN(rsassa_pss_signature_example_4_4_verify)
9515  {
9516  unsigned char message_str[1000];
9517  unsigned char hash_result[1000];
9518  unsigned char result_str[1000];
9519  rsa_context ctx;
9520  size_t msg_len;
9521 
9523  memset( message_str, 0x00, 1000 );
9524  memset( hash_result, 0x00, 1000 );
9525  memset( result_str, 0x00, 1000 );
9526 
9527  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9528  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9529  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9530 
9531  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9532 
9533  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9534  unhexify( result_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" );
9535 
9536  switch( SIG_RSA_SHA1 )
9537  {
9538  #ifdef POLARSSL_MD2_C
9539  case SIG_RSA_MD2:
9540  md2( message_str, msg_len, hash_result );
9541  break;
9542  #endif
9543  #ifdef POLARSSL_MD4_C
9544  case SIG_RSA_MD4:
9545  md4( message_str, msg_len, hash_result );
9546  break;
9547  #endif
9548  #ifdef POLARSSL_MD5_C
9549  case SIG_RSA_MD5:
9550  md5( message_str, msg_len, hash_result );
9551  break;
9552  #endif
9553  #ifdef POLARSSL_SHA1_C
9554  case SIG_RSA_SHA1:
9555  sha1( message_str, msg_len, hash_result );
9556  break;
9557  #endif
9558  #ifdef POLARSSL_SHA2_C
9559  case SIG_RSA_SHA224:
9560  sha2( message_str, msg_len, hash_result, 1 );
9561  break;
9562  case SIG_RSA_SHA256:
9563  sha2( message_str, msg_len, hash_result, 0 );
9564  break;
9565  #endif
9566  #ifdef POLARSSL_SHA4_C
9567  case SIG_RSA_SHA384:
9568  sha4( message_str, msg_len, hash_result, 1 );
9569  break;
9570  case SIG_RSA_SHA512:
9571  sha4( message_str, msg_len, hash_result, 0 );
9572  break;
9573  #endif
9574  }
9575 
9576  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9577 
9578  rsa_free( &ctx );
9579  }
9580  FCT_TEST_END();
9581 
9582 
9583  FCT_TEST_BGN(rsassa_pss_signature_example_4_5)
9584  {
9585  unsigned char message_str[1000];
9586  unsigned char hash_result[1000];
9587  unsigned char output[1000];
9588  unsigned char output_str[1000];
9589  unsigned char rnd_buf[1000];
9590  rsa_context ctx;
9591  mpi P1, Q1, H, G;
9592  size_t msg_len;
9593  rnd_buf_info info;
9594 
9595  info.length = unhexify( rnd_buf, "2497dc2b4615dfae5a663d49ffd56bf7efc11304" );
9596  info.buf = rnd_buf;
9597 
9598  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9600 
9601  memset( message_str, 0x00, 1000 );
9602  memset( hash_result, 0x00, 1000 );
9603  memset( output, 0x00, 1000 );
9604  memset( output_str, 0x00, 1000 );
9605 
9606  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9607  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9608  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9609  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9610  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9611 
9612  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9613  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9614  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9615  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9616  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9617  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9618  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9619  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9620 
9621  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9622 
9623  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9624 
9625  switch( SIG_RSA_SHA1 )
9626  {
9627  #ifdef POLARSSL_MD2_C
9628  case SIG_RSA_MD2:
9629  md2( message_str, msg_len, hash_result );
9630  break;
9631  #endif
9632  #ifdef POLARSSL_MD4_C
9633  case SIG_RSA_MD4:
9634  md4( message_str, msg_len, hash_result );
9635  break;
9636  #endif
9637  #ifdef POLARSSL_MD5_C
9638  case SIG_RSA_MD5:
9639  md5( message_str, msg_len, hash_result );
9640  break;
9641  #endif
9642  #ifdef POLARSSL_SHA1_C
9643  case SIG_RSA_SHA1:
9644  sha1( message_str, msg_len, hash_result );
9645  break;
9646  #endif
9647  #ifdef POLARSSL_SHA2_C
9648  case SIG_RSA_SHA224:
9649  sha2( message_str, msg_len, hash_result, 1 );
9650  break;
9651  case SIG_RSA_SHA256:
9652  sha2( message_str, msg_len, hash_result, 0 );
9653  break;
9654  #endif
9655  #ifdef POLARSSL_SHA4_C
9656  case SIG_RSA_SHA384:
9657  sha4( message_str, msg_len, hash_result, 1 );
9658  break;
9659  case SIG_RSA_SHA512:
9660  sha4( message_str, msg_len, hash_result, 0 );
9661  break;
9662  #endif
9663  }
9664 
9665  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9666  if( 0 == 0 )
9667  {
9668  hexify( output_str, output, ctx.len);
9669 
9670  fct_chk( strcasecmp( (char *) output_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" ) == 0 );
9671  }
9672 
9673  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9674  rsa_free( &ctx );
9675  }
9676  FCT_TEST_END();
9677 
9678 
9679  FCT_TEST_BGN(rsassa_pss_signature_example_4_5_verify)
9680  {
9681  unsigned char message_str[1000];
9682  unsigned char hash_result[1000];
9683  unsigned char result_str[1000];
9684  rsa_context ctx;
9685  size_t msg_len;
9686 
9688  memset( message_str, 0x00, 1000 );
9689  memset( hash_result, 0x00, 1000 );
9690  memset( result_str, 0x00, 1000 );
9691 
9692  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9693  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9694  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9695 
9696  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9697 
9698  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9699  unhexify( result_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" );
9700 
9701  switch( SIG_RSA_SHA1 )
9702  {
9703  #ifdef POLARSSL_MD2_C
9704  case SIG_RSA_MD2:
9705  md2( message_str, msg_len, hash_result );
9706  break;
9707  #endif
9708  #ifdef POLARSSL_MD4_C
9709  case SIG_RSA_MD4:
9710  md4( message_str, msg_len, hash_result );
9711  break;
9712  #endif
9713  #ifdef POLARSSL_MD5_C
9714  case SIG_RSA_MD5:
9715  md5( message_str, msg_len, hash_result );
9716  break;
9717  #endif
9718  #ifdef POLARSSL_SHA1_C
9719  case SIG_RSA_SHA1:
9720  sha1( message_str, msg_len, hash_result );
9721  break;
9722  #endif
9723  #ifdef POLARSSL_SHA2_C
9724  case SIG_RSA_SHA224:
9725  sha2( message_str, msg_len, hash_result, 1 );
9726  break;
9727  case SIG_RSA_SHA256:
9728  sha2( message_str, msg_len, hash_result, 0 );
9729  break;
9730  #endif
9731  #ifdef POLARSSL_SHA4_C
9732  case SIG_RSA_SHA384:
9733  sha4( message_str, msg_len, hash_result, 1 );
9734  break;
9735  case SIG_RSA_SHA512:
9736  sha4( message_str, msg_len, hash_result, 0 );
9737  break;
9738  #endif
9739  }
9740 
9741  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9742 
9743  rsa_free( &ctx );
9744  }
9745  FCT_TEST_END();
9746 
9747 
9748  FCT_TEST_BGN(rsassa_pss_signature_example_4_6)
9749  {
9750  unsigned char message_str[1000];
9751  unsigned char hash_result[1000];
9752  unsigned char output[1000];
9753  unsigned char output_str[1000];
9754  unsigned char rnd_buf[1000];
9755  rsa_context ctx;
9756  mpi P1, Q1, H, G;
9757  size_t msg_len;
9758  rnd_buf_info info;
9759 
9760  info.length = unhexify( rnd_buf, "a334db6faebf11081a04f87c2d621cdec7930b9b" );
9761  info.buf = rnd_buf;
9762 
9763  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9765 
9766  memset( message_str, 0x00, 1000 );
9767  memset( hash_result, 0x00, 1000 );
9768  memset( output, 0x00, 1000 );
9769  memset( output_str, 0x00, 1000 );
9770 
9771  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9772  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9773  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9774  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9775  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9776 
9777  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9778  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9779  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9780  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9781  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9782  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9783  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9784  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9785 
9786  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9787 
9788  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9789 
9790  switch( SIG_RSA_SHA1 )
9791  {
9792  #ifdef POLARSSL_MD2_C
9793  case SIG_RSA_MD2:
9794  md2( message_str, msg_len, hash_result );
9795  break;
9796  #endif
9797  #ifdef POLARSSL_MD4_C
9798  case SIG_RSA_MD4:
9799  md4( message_str, msg_len, hash_result );
9800  break;
9801  #endif
9802  #ifdef POLARSSL_MD5_C
9803  case SIG_RSA_MD5:
9804  md5( message_str, msg_len, hash_result );
9805  break;
9806  #endif
9807  #ifdef POLARSSL_SHA1_C
9808  case SIG_RSA_SHA1:
9809  sha1( message_str, msg_len, hash_result );
9810  break;
9811  #endif
9812  #ifdef POLARSSL_SHA2_C
9813  case SIG_RSA_SHA224:
9814  sha2( message_str, msg_len, hash_result, 1 );
9815  break;
9816  case SIG_RSA_SHA256:
9817  sha2( message_str, msg_len, hash_result, 0 );
9818  break;
9819  #endif
9820  #ifdef POLARSSL_SHA4_C
9821  case SIG_RSA_SHA384:
9822  sha4( message_str, msg_len, hash_result, 1 );
9823  break;
9824  case SIG_RSA_SHA512:
9825  sha4( message_str, msg_len, hash_result, 0 );
9826  break;
9827  #endif
9828  }
9829 
9830  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9831  if( 0 == 0 )
9832  {
9833  hexify( output_str, output, ctx.len);
9834 
9835  fct_chk( strcasecmp( (char *) output_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" ) == 0 );
9836  }
9837 
9838  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9839  rsa_free( &ctx );
9840  }
9841  FCT_TEST_END();
9842 
9843 
9844  FCT_TEST_BGN(rsassa_pss_signature_example_4_6_verify)
9845  {
9846  unsigned char message_str[1000];
9847  unsigned char hash_result[1000];
9848  unsigned char result_str[1000];
9849  rsa_context ctx;
9850  size_t msg_len;
9851 
9853  memset( message_str, 0x00, 1000 );
9854  memset( hash_result, 0x00, 1000 );
9855  memset( result_str, 0x00, 1000 );
9856 
9857  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9858  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9859  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9860 
9861  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9862 
9863  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9864  unhexify( result_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" );
9865 
9866  switch( SIG_RSA_SHA1 )
9867  {
9868  #ifdef POLARSSL_MD2_C
9869  case SIG_RSA_MD2:
9870  md2( message_str, msg_len, hash_result );
9871  break;
9872  #endif
9873  #ifdef POLARSSL_MD4_C
9874  case SIG_RSA_MD4:
9875  md4( message_str, msg_len, hash_result );
9876  break;
9877  #endif
9878  #ifdef POLARSSL_MD5_C
9879  case SIG_RSA_MD5:
9880  md5( message_str, msg_len, hash_result );
9881  break;
9882  #endif
9883  #ifdef POLARSSL_SHA1_C
9884  case SIG_RSA_SHA1:
9885  sha1( message_str, msg_len, hash_result );
9886  break;
9887  #endif
9888  #ifdef POLARSSL_SHA2_C
9889  case SIG_RSA_SHA224:
9890  sha2( message_str, msg_len, hash_result, 1 );
9891  break;
9892  case SIG_RSA_SHA256:
9893  sha2( message_str, msg_len, hash_result, 0 );
9894  break;
9895  #endif
9896  #ifdef POLARSSL_SHA4_C
9897  case SIG_RSA_SHA384:
9898  sha4( message_str, msg_len, hash_result, 1 );
9899  break;
9900  case SIG_RSA_SHA512:
9901  sha4( message_str, msg_len, hash_result, 0 );
9902  break;
9903  #endif
9904  }
9905 
9906  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9907 
9908  rsa_free( &ctx );
9909  }
9910  FCT_TEST_END();
9911 
9912 
9913  FCT_TEST_BGN(rsassa_pss_signature_example_5_1)
9914  {
9915  unsigned char message_str[1000];
9916  unsigned char hash_result[1000];
9917  unsigned char output[1000];
9918  unsigned char output_str[1000];
9919  unsigned char rnd_buf[1000];
9920  rsa_context ctx;
9921  mpi P1, Q1, H, G;
9922  size_t msg_len;
9923  rnd_buf_info info;
9924 
9925  info.length = unhexify( rnd_buf, "081b233b43567750bd6e78f396a88b9f6a445151" );
9926  info.buf = rnd_buf;
9927 
9928  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9930 
9931  memset( message_str, 0x00, 1000 );
9932  memset( hash_result, 0x00, 1000 );
9933  memset( output, 0x00, 1000 );
9934  memset( output_str, 0x00, 1000 );
9935 
9936  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9937  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9938  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9939  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9940  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9941 
9942  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9943  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9944  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9945  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9946  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9947  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9948  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9949  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9950 
9951  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9952 
9953  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
9954 
9955  switch( SIG_RSA_SHA1 )
9956  {
9957  #ifdef POLARSSL_MD2_C
9958  case SIG_RSA_MD2:
9959  md2( message_str, msg_len, hash_result );
9960  break;
9961  #endif
9962  #ifdef POLARSSL_MD4_C
9963  case SIG_RSA_MD4:
9964  md4( message_str, msg_len, hash_result );
9965  break;
9966  #endif
9967  #ifdef POLARSSL_MD5_C
9968  case SIG_RSA_MD5:
9969  md5( message_str, msg_len, hash_result );
9970  break;
9971  #endif
9972  #ifdef POLARSSL_SHA1_C
9973  case SIG_RSA_SHA1:
9974  sha1( message_str, msg_len, hash_result );
9975  break;
9976  #endif
9977  #ifdef POLARSSL_SHA2_C
9978  case SIG_RSA_SHA224:
9979  sha2( message_str, msg_len, hash_result, 1 );
9980  break;
9981  case SIG_RSA_SHA256:
9982  sha2( message_str, msg_len, hash_result, 0 );
9983  break;
9984  #endif
9985  #ifdef POLARSSL_SHA4_C
9986  case SIG_RSA_SHA384:
9987  sha4( message_str, msg_len, hash_result, 1 );
9988  break;
9989  case SIG_RSA_SHA512:
9990  sha4( message_str, msg_len, hash_result, 0 );
9991  break;
9992  #endif
9993  }
9994 
9995  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9996  if( 0 == 0 )
9997  {
9998  hexify( output_str, output, ctx.len);
9999 
10000  fct_chk( strcasecmp( (char *) output_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" ) == 0 );
10001  }
10002 
10003  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10004  rsa_free( &ctx );
10005  }
10006  FCT_TEST_END();
10007 
10008 
10009  FCT_TEST_BGN(rsassa_pss_signature_example_5_1_verify)
10010  {
10011  unsigned char message_str[1000];
10012  unsigned char hash_result[1000];
10013  unsigned char result_str[1000];
10014  rsa_context ctx;
10015  size_t msg_len;
10016 
10018  memset( message_str, 0x00, 1000 );
10019  memset( hash_result, 0x00, 1000 );
10020  memset( result_str, 0x00, 1000 );
10021 
10022  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10023  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10024  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10025 
10026  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10027 
10028  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
10029  unhexify( result_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" );
10030 
10031  switch( SIG_RSA_SHA1 )
10032  {
10033  #ifdef POLARSSL_MD2_C
10034  case SIG_RSA_MD2:
10035  md2( message_str, msg_len, hash_result );
10036  break;
10037  #endif
10038  #ifdef POLARSSL_MD4_C
10039  case SIG_RSA_MD4:
10040  md4( message_str, msg_len, hash_result );
10041  break;
10042  #endif
10043  #ifdef POLARSSL_MD5_C
10044  case SIG_RSA_MD5:
10045  md5( message_str, msg_len, hash_result );
10046  break;
10047  #endif
10048  #ifdef POLARSSL_SHA1_C
10049  case SIG_RSA_SHA1:
10050  sha1( message_str, msg_len, hash_result );
10051  break;
10052  #endif
10053  #ifdef POLARSSL_SHA2_C
10054  case SIG_RSA_SHA224:
10055  sha2( message_str, msg_len, hash_result, 1 );
10056  break;
10057  case SIG_RSA_SHA256:
10058  sha2( message_str, msg_len, hash_result, 0 );
10059  break;
10060  #endif
10061  #ifdef POLARSSL_SHA4_C
10062  case SIG_RSA_SHA384:
10063  sha4( message_str, msg_len, hash_result, 1 );
10064  break;
10065  case SIG_RSA_SHA512:
10066  sha4( message_str, msg_len, hash_result, 0 );
10067  break;
10068  #endif
10069  }
10070 
10071  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10072 
10073  rsa_free( &ctx );
10074  }
10075  FCT_TEST_END();
10076 
10077 
10078  FCT_TEST_BGN(rsassa_pss_signature_example_5_2)
10079  {
10080  unsigned char message_str[1000];
10081  unsigned char hash_result[1000];
10082  unsigned char output[1000];
10083  unsigned char output_str[1000];
10084  unsigned char rnd_buf[1000];
10085  rsa_context ctx;
10086  mpi P1, Q1, H, G;
10087  size_t msg_len;
10088  rnd_buf_info info;
10089 
10090  info.length = unhexify( rnd_buf, "bd0ce19549d0700120cbe51077dbbbb00a8d8b09" );
10091  info.buf = rnd_buf;
10092 
10093  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10095 
10096  memset( message_str, 0x00, 1000 );
10097  memset( hash_result, 0x00, 1000 );
10098  memset( output, 0x00, 1000 );
10099  memset( output_str, 0x00, 1000 );
10100 
10101  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10102  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10103  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10104  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10105  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10106 
10107  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10108  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10109  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10110  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10111  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10112  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10113  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10114  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10115 
10116  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10117 
10118  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
10119 
10120  switch( SIG_RSA_SHA1 )
10121  {
10122  #ifdef POLARSSL_MD2_C
10123  case SIG_RSA_MD2:
10124  md2( message_str, msg_len, hash_result );
10125  break;
10126  #endif
10127  #ifdef POLARSSL_MD4_C
10128  case SIG_RSA_MD4:
10129  md4( message_str, msg_len, hash_result );
10130  break;
10131  #endif
10132  #ifdef POLARSSL_MD5_C
10133  case SIG_RSA_MD5:
10134  md5( message_str, msg_len, hash_result );
10135  break;
10136  #endif
10137  #ifdef POLARSSL_SHA1_C
10138  case SIG_RSA_SHA1:
10139  sha1( message_str, msg_len, hash_result );
10140  break;
10141  #endif
10142  #ifdef POLARSSL_SHA2_C
10143  case SIG_RSA_SHA224:
10144  sha2( message_str, msg_len, hash_result, 1 );
10145  break;
10146  case SIG_RSA_SHA256:
10147  sha2( message_str, msg_len, hash_result, 0 );
10148  break;
10149  #endif
10150  #ifdef POLARSSL_SHA4_C
10151  case SIG_RSA_SHA384:
10152  sha4( message_str, msg_len, hash_result, 1 );
10153  break;
10154  case SIG_RSA_SHA512:
10155  sha4( message_str, msg_len, hash_result, 0 );
10156  break;
10157  #endif
10158  }
10159 
10160  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10161  if( 0 == 0 )
10162  {
10163  hexify( output_str, output, ctx.len);
10164 
10165  fct_chk( strcasecmp( (char *) output_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" ) == 0 );
10166  }
10167 
10168  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10169  rsa_free( &ctx );
10170  }
10171  FCT_TEST_END();
10172 
10173 
10174  FCT_TEST_BGN(rsassa_pss_signature_example_5_2_verify)
10175  {
10176  unsigned char message_str[1000];
10177  unsigned char hash_result[1000];
10178  unsigned char result_str[1000];
10179  rsa_context ctx;
10180  size_t msg_len;
10181 
10183  memset( message_str, 0x00, 1000 );
10184  memset( hash_result, 0x00, 1000 );
10185  memset( result_str, 0x00, 1000 );
10186 
10187  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10188  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10189  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10190 
10191  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10192 
10193  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
10194  unhexify( result_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" );
10195 
10196  switch( SIG_RSA_SHA1 )
10197  {
10198  #ifdef POLARSSL_MD2_C
10199  case SIG_RSA_MD2:
10200  md2( message_str, msg_len, hash_result );
10201  break;
10202  #endif
10203  #ifdef POLARSSL_MD4_C
10204  case SIG_RSA_MD4:
10205  md4( message_str, msg_len, hash_result );
10206  break;
10207  #endif
10208  #ifdef POLARSSL_MD5_C
10209  case SIG_RSA_MD5:
10210  md5( message_str, msg_len, hash_result );
10211  break;
10212  #endif
10213  #ifdef POLARSSL_SHA1_C
10214  case SIG_RSA_SHA1:
10215  sha1( message_str, msg_len, hash_result );
10216  break;
10217  #endif
10218  #ifdef POLARSSL_SHA2_C
10219  case SIG_RSA_SHA224:
10220  sha2( message_str, msg_len, hash_result, 1 );
10221  break;
10222  case SIG_RSA_SHA256:
10223  sha2( message_str, msg_len, hash_result, 0 );
10224  break;
10225  #endif
10226  #ifdef POLARSSL_SHA4_C
10227  case SIG_RSA_SHA384:
10228  sha4( message_str, msg_len, hash_result, 1 );
10229  break;
10230  case SIG_RSA_SHA512:
10231  sha4( message_str, msg_len, hash_result, 0 );
10232  break;
10233  #endif
10234  }
10235 
10236  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10237 
10238  rsa_free( &ctx );
10239  }
10240  FCT_TEST_END();
10241 
10242 
10243  FCT_TEST_BGN(rsassa_pss_signature_example_5_3)
10244  {
10245  unsigned char message_str[1000];
10246  unsigned char hash_result[1000];
10247  unsigned char output[1000];
10248  unsigned char output_str[1000];
10249  unsigned char rnd_buf[1000];
10250  rsa_context ctx;
10251  mpi P1, Q1, H, G;
10252  size_t msg_len;
10253  rnd_buf_info info;
10254 
10255  info.length = unhexify( rnd_buf, "815779a91b3a8bd049bf2aeb920142772222c9ca" );
10256  info.buf = rnd_buf;
10257 
10258  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10260 
10261  memset( message_str, 0x00, 1000 );
10262  memset( hash_result, 0x00, 1000 );
10263  memset( output, 0x00, 1000 );
10264  memset( output_str, 0x00, 1000 );
10265 
10266  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10267  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10268  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10269  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10270  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10271 
10272  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10273  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10274  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10275  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10276  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10277  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10278  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10279  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10280 
10281  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10282 
10283  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
10284 
10285  switch( SIG_RSA_SHA1 )
10286  {
10287  #ifdef POLARSSL_MD2_C
10288  case SIG_RSA_MD2:
10289  md2( message_str, msg_len, hash_result );
10290  break;
10291  #endif
10292  #ifdef POLARSSL_MD4_C
10293  case SIG_RSA_MD4:
10294  md4( message_str, msg_len, hash_result );
10295  break;
10296  #endif
10297  #ifdef POLARSSL_MD5_C
10298  case SIG_RSA_MD5:
10299  md5( message_str, msg_len, hash_result );
10300  break;
10301  #endif
10302  #ifdef POLARSSL_SHA1_C
10303  case SIG_RSA_SHA1:
10304  sha1( message_str, msg_len, hash_result );
10305  break;
10306  #endif
10307  #ifdef POLARSSL_SHA2_C
10308  case SIG_RSA_SHA224:
10309  sha2( message_str, msg_len, hash_result, 1 );
10310  break;
10311  case SIG_RSA_SHA256:
10312  sha2( message_str, msg_len, hash_result, 0 );
10313  break;
10314  #endif
10315  #ifdef POLARSSL_SHA4_C
10316  case SIG_RSA_SHA384:
10317  sha4( message_str, msg_len, hash_result, 1 );
10318  break;
10319  case SIG_RSA_SHA512:
10320  sha4( message_str, msg_len, hash_result, 0 );
10321  break;
10322  #endif
10323  }
10324 
10325  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10326  if( 0 == 0 )
10327  {
10328  hexify( output_str, output, ctx.len);
10329 
10330  fct_chk( strcasecmp( (char *) output_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" ) == 0 );
10331  }
10332 
10333  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10334  rsa_free( &ctx );
10335  }
10336  FCT_TEST_END();
10337 
10338 
10339  FCT_TEST_BGN(rsassa_pss_signature_example_5_3_verify)
10340  {
10341  unsigned char message_str[1000];
10342  unsigned char hash_result[1000];
10343  unsigned char result_str[1000];
10344  rsa_context ctx;
10345  size_t msg_len;
10346 
10348  memset( message_str, 0x00, 1000 );
10349  memset( hash_result, 0x00, 1000 );
10350  memset( result_str, 0x00, 1000 );
10351 
10352  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10353  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10354  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10355 
10356  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10357 
10358  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
10359  unhexify( result_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" );
10360 
10361  switch( SIG_RSA_SHA1 )
10362  {
10363  #ifdef POLARSSL_MD2_C
10364  case SIG_RSA_MD2:
10365  md2( message_str, msg_len, hash_result );
10366  break;
10367  #endif
10368  #ifdef POLARSSL_MD4_C
10369  case SIG_RSA_MD4:
10370  md4( message_str, msg_len, hash_result );
10371  break;
10372  #endif
10373  #ifdef POLARSSL_MD5_C
10374  case SIG_RSA_MD5:
10375  md5( message_str, msg_len, hash_result );
10376  break;
10377  #endif
10378  #ifdef POLARSSL_SHA1_C
10379  case SIG_RSA_SHA1:
10380  sha1( message_str, msg_len, hash_result );
10381  break;
10382  #endif
10383  #ifdef POLARSSL_SHA2_C
10384  case SIG_RSA_SHA224:
10385  sha2( message_str, msg_len, hash_result, 1 );
10386  break;
10387  case SIG_RSA_SHA256:
10388  sha2( message_str, msg_len, hash_result, 0 );
10389  break;
10390  #endif
10391  #ifdef POLARSSL_SHA4_C
10392  case SIG_RSA_SHA384:
10393  sha4( message_str, msg_len, hash_result, 1 );
10394  break;
10395  case SIG_RSA_SHA512:
10396  sha4( message_str, msg_len, hash_result, 0 );
10397  break;
10398  #endif
10399  }
10400 
10401  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10402 
10403  rsa_free( &ctx );
10404  }
10405  FCT_TEST_END();
10406 
10407 
10408  FCT_TEST_BGN(rsassa_pss_signature_example_5_4)
10409  {
10410  unsigned char message_str[1000];
10411  unsigned char hash_result[1000];
10412  unsigned char output[1000];
10413  unsigned char output_str[1000];
10414  unsigned char rnd_buf[1000];
10415  rsa_context ctx;
10416  mpi P1, Q1, H, G;
10417  size_t msg_len;
10418  rnd_buf_info info;
10419 
10420  info.length = unhexify( rnd_buf, "9aec4a7480d5bbc42920d7ca235db674989c9aac" );
10421  info.buf = rnd_buf;
10422 
10423  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10425 
10426  memset( message_str, 0x00, 1000 );
10427  memset( hash_result, 0x00, 1000 );
10428  memset( output, 0x00, 1000 );
10429  memset( output_str, 0x00, 1000 );
10430 
10431  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10432  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10433  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10434  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10435  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10436 
10437  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10438  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10439  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10440  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10441  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10442  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10443  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10444  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10445 
10446  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10447 
10448  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10449 
10450  switch( SIG_RSA_SHA1 )
10451  {
10452  #ifdef POLARSSL_MD2_C
10453  case SIG_RSA_MD2:
10454  md2( message_str, msg_len, hash_result );
10455  break;
10456  #endif
10457  #ifdef POLARSSL_MD4_C
10458  case SIG_RSA_MD4:
10459  md4( message_str, msg_len, hash_result );
10460  break;
10461  #endif
10462  #ifdef POLARSSL_MD5_C
10463  case SIG_RSA_MD5:
10464  md5( message_str, msg_len, hash_result );
10465  break;
10466  #endif
10467  #ifdef POLARSSL_SHA1_C
10468  case SIG_RSA_SHA1:
10469  sha1( message_str, msg_len, hash_result );
10470  break;
10471  #endif
10472  #ifdef POLARSSL_SHA2_C
10473  case SIG_RSA_SHA224:
10474  sha2( message_str, msg_len, hash_result, 1 );
10475  break;
10476  case SIG_RSA_SHA256:
10477  sha2( message_str, msg_len, hash_result, 0 );
10478  break;
10479  #endif
10480  #ifdef POLARSSL_SHA4_C
10481  case SIG_RSA_SHA384:
10482  sha4( message_str, msg_len, hash_result, 1 );
10483  break;
10484  case SIG_RSA_SHA512:
10485  sha4( message_str, msg_len, hash_result, 0 );
10486  break;
10487  #endif
10488  }
10489 
10490  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10491  if( 0 == 0 )
10492  {
10493  hexify( output_str, output, ctx.len);
10494 
10495  fct_chk( strcasecmp( (char *) output_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" ) == 0 );
10496  }
10497 
10498  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10499  rsa_free( &ctx );
10500  }
10501  FCT_TEST_END();
10502 
10503 
10504  FCT_TEST_BGN(rsassa_pss_signature_example_5_4_verify)
10505  {
10506  unsigned char message_str[1000];
10507  unsigned char hash_result[1000];
10508  unsigned char result_str[1000];
10509  rsa_context ctx;
10510  size_t msg_len;
10511 
10513  memset( message_str, 0x00, 1000 );
10514  memset( hash_result, 0x00, 1000 );
10515  memset( result_str, 0x00, 1000 );
10516 
10517  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10518  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10519  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10520 
10521  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10522 
10523  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10524  unhexify( result_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" );
10525 
10526  switch( SIG_RSA_SHA1 )
10527  {
10528  #ifdef POLARSSL_MD2_C
10529  case SIG_RSA_MD2:
10530  md2( message_str, msg_len, hash_result );
10531  break;
10532  #endif
10533  #ifdef POLARSSL_MD4_C
10534  case SIG_RSA_MD4:
10535  md4( message_str, msg_len, hash_result );
10536  break;
10537  #endif
10538  #ifdef POLARSSL_MD5_C
10539  case SIG_RSA_MD5:
10540  md5( message_str, msg_len, hash_result );
10541  break;
10542  #endif
10543  #ifdef POLARSSL_SHA1_C
10544  case SIG_RSA_SHA1:
10545  sha1( message_str, msg_len, hash_result );
10546  break;
10547  #endif
10548  #ifdef POLARSSL_SHA2_C
10549  case SIG_RSA_SHA224:
10550  sha2( message_str, msg_len, hash_result, 1 );
10551  break;
10552  case SIG_RSA_SHA256:
10553  sha2( message_str, msg_len, hash_result, 0 );
10554  break;
10555  #endif
10556  #ifdef POLARSSL_SHA4_C
10557  case SIG_RSA_SHA384:
10558  sha4( message_str, msg_len, hash_result, 1 );
10559  break;
10560  case SIG_RSA_SHA512:
10561  sha4( message_str, msg_len, hash_result, 0 );
10562  break;
10563  #endif
10564  }
10565 
10566  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10567 
10568  rsa_free( &ctx );
10569  }
10570  FCT_TEST_END();
10571 
10572 
10573  FCT_TEST_BGN(rsassa_pss_signature_example_5_5)
10574  {
10575  unsigned char message_str[1000];
10576  unsigned char hash_result[1000];
10577  unsigned char output[1000];
10578  unsigned char output_str[1000];
10579  unsigned char rnd_buf[1000];
10580  rsa_context ctx;
10581  mpi P1, Q1, H, G;
10582  size_t msg_len;
10583  rnd_buf_info info;
10584 
10585  info.length = unhexify( rnd_buf, "e20c1e9878512c39970f58375e1549a68b64f31d" );
10586  info.buf = rnd_buf;
10587 
10588  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10590 
10591  memset( message_str, 0x00, 1000 );
10592  memset( hash_result, 0x00, 1000 );
10593  memset( output, 0x00, 1000 );
10594  memset( output_str, 0x00, 1000 );
10595 
10596  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10597  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10598  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10599  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10600  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10601 
10602  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10603  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10604  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10605  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10606  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10607  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10608  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10609  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10610 
10611  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10612 
10613  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10614 
10615  switch( SIG_RSA_SHA1 )
10616  {
10617  #ifdef POLARSSL_MD2_C
10618  case SIG_RSA_MD2:
10619  md2( message_str, msg_len, hash_result );
10620  break;
10621  #endif
10622  #ifdef POLARSSL_MD4_C
10623  case SIG_RSA_MD4:
10624  md4( message_str, msg_len, hash_result );
10625  break;
10626  #endif
10627  #ifdef POLARSSL_MD5_C
10628  case SIG_RSA_MD5:
10629  md5( message_str, msg_len, hash_result );
10630  break;
10631  #endif
10632  #ifdef POLARSSL_SHA1_C
10633  case SIG_RSA_SHA1:
10634  sha1( message_str, msg_len, hash_result );
10635  break;
10636  #endif
10637  #ifdef POLARSSL_SHA2_C
10638  case SIG_RSA_SHA224:
10639  sha2( message_str, msg_len, hash_result, 1 );
10640  break;
10641  case SIG_RSA_SHA256:
10642  sha2( message_str, msg_len, hash_result, 0 );
10643  break;
10644  #endif
10645  #ifdef POLARSSL_SHA4_C
10646  case SIG_RSA_SHA384:
10647  sha4( message_str, msg_len, hash_result, 1 );
10648  break;
10649  case SIG_RSA_SHA512:
10650  sha4( message_str, msg_len, hash_result, 0 );
10651  break;
10652  #endif
10653  }
10654 
10655  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10656  if( 0 == 0 )
10657  {
10658  hexify( output_str, output, ctx.len);
10659 
10660  fct_chk( strcasecmp( (char *) output_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" ) == 0 );
10661  }
10662 
10663  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10664  rsa_free( &ctx );
10665  }
10666  FCT_TEST_END();
10667 
10668 
10669  FCT_TEST_BGN(rsassa_pss_signature_example_5_5_verify)
10670  {
10671  unsigned char message_str[1000];
10672  unsigned char hash_result[1000];
10673  unsigned char result_str[1000];
10674  rsa_context ctx;
10675  size_t msg_len;
10676 
10678  memset( message_str, 0x00, 1000 );
10679  memset( hash_result, 0x00, 1000 );
10680  memset( result_str, 0x00, 1000 );
10681 
10682  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10683  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10684  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10685 
10686  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10687 
10688  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10689  unhexify( result_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" );
10690 
10691  switch( SIG_RSA_SHA1 )
10692  {
10693  #ifdef POLARSSL_MD2_C
10694  case SIG_RSA_MD2:
10695  md2( message_str, msg_len, hash_result );
10696  break;
10697  #endif
10698  #ifdef POLARSSL_MD4_C
10699  case SIG_RSA_MD4:
10700  md4( message_str, msg_len, hash_result );
10701  break;
10702  #endif
10703  #ifdef POLARSSL_MD5_C
10704  case SIG_RSA_MD5:
10705  md5( message_str, msg_len, hash_result );
10706  break;
10707  #endif
10708  #ifdef POLARSSL_SHA1_C
10709  case SIG_RSA_SHA1:
10710  sha1( message_str, msg_len, hash_result );
10711  break;
10712  #endif
10713  #ifdef POLARSSL_SHA2_C
10714  case SIG_RSA_SHA224:
10715  sha2( message_str, msg_len, hash_result, 1 );
10716  break;
10717  case SIG_RSA_SHA256:
10718  sha2( message_str, msg_len, hash_result, 0 );
10719  break;
10720  #endif
10721  #ifdef POLARSSL_SHA4_C
10722  case SIG_RSA_SHA384:
10723  sha4( message_str, msg_len, hash_result, 1 );
10724  break;
10725  case SIG_RSA_SHA512:
10726  sha4( message_str, msg_len, hash_result, 0 );
10727  break;
10728  #endif
10729  }
10730 
10731  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10732 
10733  rsa_free( &ctx );
10734  }
10735  FCT_TEST_END();
10736 
10737 
10738  FCT_TEST_BGN(rsassa_pss_signature_example_5_6)
10739  {
10740  unsigned char message_str[1000];
10741  unsigned char hash_result[1000];
10742  unsigned char output[1000];
10743  unsigned char output_str[1000];
10744  unsigned char rnd_buf[1000];
10745  rsa_context ctx;
10746  mpi P1, Q1, H, G;
10747  size_t msg_len;
10748  rnd_buf_info info;
10749 
10750  info.length = unhexify( rnd_buf, "23291e4a3307e8bbb776623ab34e4a5f4cc8a8db" );
10751  info.buf = rnd_buf;
10752 
10753  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10755 
10756  memset( message_str, 0x00, 1000 );
10757  memset( hash_result, 0x00, 1000 );
10758  memset( output, 0x00, 1000 );
10759  memset( output_str, 0x00, 1000 );
10760 
10761  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10762  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10763  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10764  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10765  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10766 
10767  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10768  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10769  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10770  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10771  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10772  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10773  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10774  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10775 
10776  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10777 
10778  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10779 
10780  switch( SIG_RSA_SHA1 )
10781  {
10782  #ifdef POLARSSL_MD2_C
10783  case SIG_RSA_MD2:
10784  md2( message_str, msg_len, hash_result );
10785  break;
10786  #endif
10787  #ifdef POLARSSL_MD4_C
10788  case SIG_RSA_MD4:
10789  md4( message_str, msg_len, hash_result );
10790  break;
10791  #endif
10792  #ifdef POLARSSL_MD5_C
10793  case SIG_RSA_MD5:
10794  md5( message_str, msg_len, hash_result );
10795  break;
10796  #endif
10797  #ifdef POLARSSL_SHA1_C
10798  case SIG_RSA_SHA1:
10799  sha1( message_str, msg_len, hash_result );
10800  break;
10801  #endif
10802  #ifdef POLARSSL_SHA2_C
10803  case SIG_RSA_SHA224:
10804  sha2( message_str, msg_len, hash_result, 1 );
10805  break;
10806  case SIG_RSA_SHA256:
10807  sha2( message_str, msg_len, hash_result, 0 );
10808  break;
10809  #endif
10810  #ifdef POLARSSL_SHA4_C
10811  case SIG_RSA_SHA384:
10812  sha4( message_str, msg_len, hash_result, 1 );
10813  break;
10814  case SIG_RSA_SHA512:
10815  sha4( message_str, msg_len, hash_result, 0 );
10816  break;
10817  #endif
10818  }
10819 
10820  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10821  if( 0 == 0 )
10822  {
10823  hexify( output_str, output, ctx.len);
10824 
10825  fct_chk( strcasecmp( (char *) output_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" ) == 0 );
10826  }
10827 
10828  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10829  rsa_free( &ctx );
10830  }
10831  FCT_TEST_END();
10832 
10833 
10834  FCT_TEST_BGN(rsassa_pss_signature_example_5_6_verify)
10835  {
10836  unsigned char message_str[1000];
10837  unsigned char hash_result[1000];
10838  unsigned char result_str[1000];
10839  rsa_context ctx;
10840  size_t msg_len;
10841 
10843  memset( message_str, 0x00, 1000 );
10844  memset( hash_result, 0x00, 1000 );
10845  memset( result_str, 0x00, 1000 );
10846 
10847  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10848  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10849  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10850 
10851  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10852 
10853  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10854  unhexify( result_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" );
10855 
10856  switch( SIG_RSA_SHA1 )
10857  {
10858  #ifdef POLARSSL_MD2_C
10859  case SIG_RSA_MD2:
10860  md2( message_str, msg_len, hash_result );
10861  break;
10862  #endif
10863  #ifdef POLARSSL_MD4_C
10864  case SIG_RSA_MD4:
10865  md4( message_str, msg_len, hash_result );
10866  break;
10867  #endif
10868  #ifdef POLARSSL_MD5_C
10869  case SIG_RSA_MD5:
10870  md5( message_str, msg_len, hash_result );
10871  break;
10872  #endif
10873  #ifdef POLARSSL_SHA1_C
10874  case SIG_RSA_SHA1:
10875  sha1( message_str, msg_len, hash_result );
10876  break;
10877  #endif
10878  #ifdef POLARSSL_SHA2_C
10879  case SIG_RSA_SHA224:
10880  sha2( message_str, msg_len, hash_result, 1 );
10881  break;
10882  case SIG_RSA_SHA256:
10883  sha2( message_str, msg_len, hash_result, 0 );
10884  break;
10885  #endif
10886  #ifdef POLARSSL_SHA4_C
10887  case SIG_RSA_SHA384:
10888  sha4( message_str, msg_len, hash_result, 1 );
10889  break;
10890  case SIG_RSA_SHA512:
10891  sha4( message_str, msg_len, hash_result, 0 );
10892  break;
10893  #endif
10894  }
10895 
10896  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10897 
10898  rsa_free( &ctx );
10899  }
10900  FCT_TEST_END();
10901 
10902 
10903  FCT_TEST_BGN(rsassa_pss_signature_example_6_1)
10904  {
10905  unsigned char message_str[1000];
10906  unsigned char hash_result[1000];
10907  unsigned char output[1000];
10908  unsigned char output_str[1000];
10909  unsigned char rnd_buf[1000];
10910  rsa_context ctx;
10911  mpi P1, Q1, H, G;
10912  size_t msg_len;
10913  rnd_buf_info info;
10914 
10915  info.length = unhexify( rnd_buf, "5b4ea2ef629cc22f3b538e016904b47b1e40bfd5" );
10916  info.buf = rnd_buf;
10917 
10918  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10920 
10921  memset( message_str, 0x00, 1000 );
10922  memset( hash_result, 0x00, 1000 );
10923  memset( output, 0x00, 1000 );
10924  memset( output_str, 0x00, 1000 );
10925 
10926  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10927  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10928  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10929  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10930  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10931 
10932  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10933  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10934  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10935  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10936  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10937  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10938  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10939  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10940 
10941  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10942 
10943  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10944 
10945  switch( SIG_RSA_SHA1 )
10946  {
10947  #ifdef POLARSSL_MD2_C
10948  case SIG_RSA_MD2:
10949  md2( message_str, msg_len, hash_result );
10950  break;
10951  #endif
10952  #ifdef POLARSSL_MD4_C
10953  case SIG_RSA_MD4:
10954  md4( message_str, msg_len, hash_result );
10955  break;
10956  #endif
10957  #ifdef POLARSSL_MD5_C
10958  case SIG_RSA_MD5:
10959  md5( message_str, msg_len, hash_result );
10960  break;
10961  #endif
10962  #ifdef POLARSSL_SHA1_C
10963  case SIG_RSA_SHA1:
10964  sha1( message_str, msg_len, hash_result );
10965  break;
10966  #endif
10967  #ifdef POLARSSL_SHA2_C
10968  case SIG_RSA_SHA224:
10969  sha2( message_str, msg_len, hash_result, 1 );
10970  break;
10971  case SIG_RSA_SHA256:
10972  sha2( message_str, msg_len, hash_result, 0 );
10973  break;
10974  #endif
10975  #ifdef POLARSSL_SHA4_C
10976  case SIG_RSA_SHA384:
10977  sha4( message_str, msg_len, hash_result, 1 );
10978  break;
10979  case SIG_RSA_SHA512:
10980  sha4( message_str, msg_len, hash_result, 0 );
10981  break;
10982  #endif
10983  }
10984 
10985  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10986  if( 0 == 0 )
10987  {
10988  hexify( output_str, output, ctx.len);
10989 
10990  fct_chk( strcasecmp( (char *) output_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" ) == 0 );
10991  }
10992 
10993  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10994  rsa_free( &ctx );
10995  }
10996  FCT_TEST_END();
10997 
10998 
10999  FCT_TEST_BGN(rsassa_pss_signature_example_6_1_verify)
11000  {
11001  unsigned char message_str[1000];
11002  unsigned char hash_result[1000];
11003  unsigned char result_str[1000];
11004  rsa_context ctx;
11005  size_t msg_len;
11006 
11008  memset( message_str, 0x00, 1000 );
11009  memset( hash_result, 0x00, 1000 );
11010  memset( result_str, 0x00, 1000 );
11011 
11012  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11013  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11014  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11015 
11016  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11017 
11018  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
11019  unhexify( result_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" );
11020 
11021  switch( SIG_RSA_SHA1 )
11022  {
11023  #ifdef POLARSSL_MD2_C
11024  case SIG_RSA_MD2:
11025  md2( message_str, msg_len, hash_result );
11026  break;
11027  #endif
11028  #ifdef POLARSSL_MD4_C
11029  case SIG_RSA_MD4:
11030  md4( message_str, msg_len, hash_result );
11031  break;
11032  #endif
11033  #ifdef POLARSSL_MD5_C
11034  case SIG_RSA_MD5:
11035  md5( message_str, msg_len, hash_result );
11036  break;
11037  #endif
11038  #ifdef POLARSSL_SHA1_C
11039  case SIG_RSA_SHA1:
11040  sha1( message_str, msg_len, hash_result );
11041  break;
11042  #endif
11043  #ifdef POLARSSL_SHA2_C
11044  case SIG_RSA_SHA224:
11045  sha2( message_str, msg_len, hash_result, 1 );
11046  break;
11047  case SIG_RSA_SHA256:
11048  sha2( message_str, msg_len, hash_result, 0 );
11049  break;
11050  #endif
11051  #ifdef POLARSSL_SHA4_C
11052  case SIG_RSA_SHA384:
11053  sha4( message_str, msg_len, hash_result, 1 );
11054  break;
11055  case SIG_RSA_SHA512:
11056  sha4( message_str, msg_len, hash_result, 0 );
11057  break;
11058  #endif
11059  }
11060 
11061  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11062 
11063  rsa_free( &ctx );
11064  }
11065  FCT_TEST_END();
11066 
11067 
11068  FCT_TEST_BGN(rsassa_pss_signature_example_6_2)
11069  {
11070  unsigned char message_str[1000];
11071  unsigned char hash_result[1000];
11072  unsigned char output[1000];
11073  unsigned char output_str[1000];
11074  unsigned char rnd_buf[1000];
11075  rsa_context ctx;
11076  mpi P1, Q1, H, G;
11077  size_t msg_len;
11078  rnd_buf_info info;
11079 
11080  info.length = unhexify( rnd_buf, "83146a9e782722c28b014f98b4267bda2ac9504f" );
11081  info.buf = rnd_buf;
11082 
11083  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11085 
11086  memset( message_str, 0x00, 1000 );
11087  memset( hash_result, 0x00, 1000 );
11088  memset( output, 0x00, 1000 );
11089  memset( output_str, 0x00, 1000 );
11090 
11091  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11092  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11093  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11094  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11095  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11096 
11097  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11098  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11099  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11100  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11101  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11102  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11103  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11104  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11105 
11106  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11107 
11108  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
11109 
11110  switch( SIG_RSA_SHA1 )
11111  {
11112  #ifdef POLARSSL_MD2_C
11113  case SIG_RSA_MD2:
11114  md2( message_str, msg_len, hash_result );
11115  break;
11116  #endif
11117  #ifdef POLARSSL_MD4_C
11118  case SIG_RSA_MD4:
11119  md4( message_str, msg_len, hash_result );
11120  break;
11121  #endif
11122  #ifdef POLARSSL_MD5_C
11123  case SIG_RSA_MD5:
11124  md5( message_str, msg_len, hash_result );
11125  break;
11126  #endif
11127  #ifdef POLARSSL_SHA1_C
11128  case SIG_RSA_SHA1:
11129  sha1( message_str, msg_len, hash_result );
11130  break;
11131  #endif
11132  #ifdef POLARSSL_SHA2_C
11133  case SIG_RSA_SHA224:
11134  sha2( message_str, msg_len, hash_result, 1 );
11135  break;
11136  case SIG_RSA_SHA256:
11137  sha2( message_str, msg_len, hash_result, 0 );
11138  break;
11139  #endif
11140  #ifdef POLARSSL_SHA4_C
11141  case SIG_RSA_SHA384:
11142  sha4( message_str, msg_len, hash_result, 1 );
11143  break;
11144  case SIG_RSA_SHA512:
11145  sha4( message_str, msg_len, hash_result, 0 );
11146  break;
11147  #endif
11148  }
11149 
11150  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11151  if( 0 == 0 )
11152  {
11153  hexify( output_str, output, ctx.len);
11154 
11155  fct_chk( strcasecmp( (char *) output_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" ) == 0 );
11156  }
11157 
11158  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11159  rsa_free( &ctx );
11160  }
11161  FCT_TEST_END();
11162 
11163 
11164  FCT_TEST_BGN(rsassa_pss_signature_example_6_2_verify)
11165  {
11166  unsigned char message_str[1000];
11167  unsigned char hash_result[1000];
11168  unsigned char result_str[1000];
11169  rsa_context ctx;
11170  size_t msg_len;
11171 
11173  memset( message_str, 0x00, 1000 );
11174  memset( hash_result, 0x00, 1000 );
11175  memset( result_str, 0x00, 1000 );
11176 
11177  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11178  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11179  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11180 
11181  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11182 
11183  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
11184  unhexify( result_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" );
11185 
11186  switch( SIG_RSA_SHA1 )
11187  {
11188  #ifdef POLARSSL_MD2_C
11189  case SIG_RSA_MD2:
11190  md2( message_str, msg_len, hash_result );
11191  break;
11192  #endif
11193  #ifdef POLARSSL_MD4_C
11194  case SIG_RSA_MD4:
11195  md4( message_str, msg_len, hash_result );
11196  break;
11197  #endif
11198  #ifdef POLARSSL_MD5_C
11199  case SIG_RSA_MD5:
11200  md5( message_str, msg_len, hash_result );
11201  break;
11202  #endif
11203  #ifdef POLARSSL_SHA1_C
11204  case SIG_RSA_SHA1:
11205  sha1( message_str, msg_len, hash_result );
11206  break;
11207  #endif
11208  #ifdef POLARSSL_SHA2_C
11209  case SIG_RSA_SHA224:
11210  sha2( message_str, msg_len, hash_result, 1 );
11211  break;
11212  case SIG_RSA_SHA256:
11213  sha2( message_str, msg_len, hash_result, 0 );
11214  break;
11215  #endif
11216  #ifdef POLARSSL_SHA4_C
11217  case SIG_RSA_SHA384:
11218  sha4( message_str, msg_len, hash_result, 1 );
11219  break;
11220  case SIG_RSA_SHA512:
11221  sha4( message_str, msg_len, hash_result, 0 );
11222  break;
11223  #endif
11224  }
11225 
11226  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11227 
11228  rsa_free( &ctx );
11229  }
11230  FCT_TEST_END();
11231 
11232 
11233  FCT_TEST_BGN(rsassa_pss_signature_example_6_3)
11234  {
11235  unsigned char message_str[1000];
11236  unsigned char hash_result[1000];
11237  unsigned char output[1000];
11238  unsigned char output_str[1000];
11239  unsigned char rnd_buf[1000];
11240  rsa_context ctx;
11241  mpi P1, Q1, H, G;
11242  size_t msg_len;
11243  rnd_buf_info info;
11244 
11245  info.length = unhexify( rnd_buf, "a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8" );
11246  info.buf = rnd_buf;
11247 
11248  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11250 
11251  memset( message_str, 0x00, 1000 );
11252  memset( hash_result, 0x00, 1000 );
11253  memset( output, 0x00, 1000 );
11254  memset( output_str, 0x00, 1000 );
11255 
11256  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11257  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11258  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11259  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11260  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11261 
11262  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11263  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11264  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11265  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11266  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11267  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11268  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11269  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11270 
11271  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11272 
11273  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
11274 
11275  switch( SIG_RSA_SHA1 )
11276  {
11277  #ifdef POLARSSL_MD2_C
11278  case SIG_RSA_MD2:
11279  md2( message_str, msg_len, hash_result );
11280  break;
11281  #endif
11282  #ifdef POLARSSL_MD4_C
11283  case SIG_RSA_MD4:
11284  md4( message_str, msg_len, hash_result );
11285  break;
11286  #endif
11287  #ifdef POLARSSL_MD5_C
11288  case SIG_RSA_MD5:
11289  md5( message_str, msg_len, hash_result );
11290  break;
11291  #endif
11292  #ifdef POLARSSL_SHA1_C
11293  case SIG_RSA_SHA1:
11294  sha1( message_str, msg_len, hash_result );
11295  break;
11296  #endif
11297  #ifdef POLARSSL_SHA2_C
11298  case SIG_RSA_SHA224:
11299  sha2( message_str, msg_len, hash_result, 1 );
11300  break;
11301  case SIG_RSA_SHA256:
11302  sha2( message_str, msg_len, hash_result, 0 );
11303  break;
11304  #endif
11305  #ifdef POLARSSL_SHA4_C
11306  case SIG_RSA_SHA384:
11307  sha4( message_str, msg_len, hash_result, 1 );
11308  break;
11309  case SIG_RSA_SHA512:
11310  sha4( message_str, msg_len, hash_result, 0 );
11311  break;
11312  #endif
11313  }
11314 
11315  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11316  if( 0 == 0 )
11317  {
11318  hexify( output_str, output, ctx.len);
11319 
11320  fct_chk( strcasecmp( (char *) output_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" ) == 0 );
11321  }
11322 
11323  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11324  rsa_free( &ctx );
11325  }
11326  FCT_TEST_END();
11327 
11328 
11329  FCT_TEST_BGN(rsassa_pss_signature_example_6_3_verify)
11330  {
11331  unsigned char message_str[1000];
11332  unsigned char hash_result[1000];
11333  unsigned char result_str[1000];
11334  rsa_context ctx;
11335  size_t msg_len;
11336 
11338  memset( message_str, 0x00, 1000 );
11339  memset( hash_result, 0x00, 1000 );
11340  memset( result_str, 0x00, 1000 );
11341 
11342  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11343  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11344  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11345 
11346  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11347 
11348  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
11349  unhexify( result_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" );
11350 
11351  switch( SIG_RSA_SHA1 )
11352  {
11353  #ifdef POLARSSL_MD2_C
11354  case SIG_RSA_MD2:
11355  md2( message_str, msg_len, hash_result );
11356  break;
11357  #endif
11358  #ifdef POLARSSL_MD4_C
11359  case SIG_RSA_MD4:
11360  md4( message_str, msg_len, hash_result );
11361  break;
11362  #endif
11363  #ifdef POLARSSL_MD5_C
11364  case SIG_RSA_MD5:
11365  md5( message_str, msg_len, hash_result );
11366  break;
11367  #endif
11368  #ifdef POLARSSL_SHA1_C
11369  case SIG_RSA_SHA1:
11370  sha1( message_str, msg_len, hash_result );
11371  break;
11372  #endif
11373  #ifdef POLARSSL_SHA2_C
11374  case SIG_RSA_SHA224:
11375  sha2( message_str, msg_len, hash_result, 1 );
11376  break;
11377  case SIG_RSA_SHA256:
11378  sha2( message_str, msg_len, hash_result, 0 );
11379  break;
11380  #endif
11381  #ifdef POLARSSL_SHA4_C
11382  case SIG_RSA_SHA384:
11383  sha4( message_str, msg_len, hash_result, 1 );
11384  break;
11385  case SIG_RSA_SHA512:
11386  sha4( message_str, msg_len, hash_result, 0 );
11387  break;
11388  #endif
11389  }
11390 
11391  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11392 
11393  rsa_free( &ctx );
11394  }
11395  FCT_TEST_END();
11396 
11397 
11398  FCT_TEST_BGN(rsassa_pss_signature_example_6_4)
11399  {
11400  unsigned char message_str[1000];
11401  unsigned char hash_result[1000];
11402  unsigned char output[1000];
11403  unsigned char output_str[1000];
11404  unsigned char rnd_buf[1000];
11405  rsa_context ctx;
11406  mpi P1, Q1, H, G;
11407  size_t msg_len;
11408  rnd_buf_info info;
11409 
11410  info.length = unhexify( rnd_buf, "a37932f8a7494a942d6f767438e724d6d0c0ef18" );
11411  info.buf = rnd_buf;
11412 
11413  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11415 
11416  memset( message_str, 0x00, 1000 );
11417  memset( hash_result, 0x00, 1000 );
11418  memset( output, 0x00, 1000 );
11419  memset( output_str, 0x00, 1000 );
11420 
11421  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11422  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11423  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11424  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11425  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11426 
11427  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11428  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11429  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11430  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11431  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11432  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11433  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11434  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11435 
11436  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11437 
11438  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11439 
11440  switch( SIG_RSA_SHA1 )
11441  {
11442  #ifdef POLARSSL_MD2_C
11443  case SIG_RSA_MD2:
11444  md2( message_str, msg_len, hash_result );
11445  break;
11446  #endif
11447  #ifdef POLARSSL_MD4_C
11448  case SIG_RSA_MD4:
11449  md4( message_str, msg_len, hash_result );
11450  break;
11451  #endif
11452  #ifdef POLARSSL_MD5_C
11453  case SIG_RSA_MD5:
11454  md5( message_str, msg_len, hash_result );
11455  break;
11456  #endif
11457  #ifdef POLARSSL_SHA1_C
11458  case SIG_RSA_SHA1:
11459  sha1( message_str, msg_len, hash_result );
11460  break;
11461  #endif
11462  #ifdef POLARSSL_SHA2_C
11463  case SIG_RSA_SHA224:
11464  sha2( message_str, msg_len, hash_result, 1 );
11465  break;
11466  case SIG_RSA_SHA256:
11467  sha2( message_str, msg_len, hash_result, 0 );
11468  break;
11469  #endif
11470  #ifdef POLARSSL_SHA4_C
11471  case SIG_RSA_SHA384:
11472  sha4( message_str, msg_len, hash_result, 1 );
11473  break;
11474  case SIG_RSA_SHA512:
11475  sha4( message_str, msg_len, hash_result, 0 );
11476  break;
11477  #endif
11478  }
11479 
11480  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11481  if( 0 == 0 )
11482  {
11483  hexify( output_str, output, ctx.len);
11484 
11485  fct_chk( strcasecmp( (char *) output_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" ) == 0 );
11486  }
11487 
11488  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11489  rsa_free( &ctx );
11490  }
11491  FCT_TEST_END();
11492 
11493 
11494  FCT_TEST_BGN(rsassa_pss_signature_example_6_4_verify)
11495  {
11496  unsigned char message_str[1000];
11497  unsigned char hash_result[1000];
11498  unsigned char result_str[1000];
11499  rsa_context ctx;
11500  size_t msg_len;
11501 
11503  memset( message_str, 0x00, 1000 );
11504  memset( hash_result, 0x00, 1000 );
11505  memset( result_str, 0x00, 1000 );
11506 
11507  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11508  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11509  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11510 
11511  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11512 
11513  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11514  unhexify( result_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" );
11515 
11516  switch( SIG_RSA_SHA1 )
11517  {
11518  #ifdef POLARSSL_MD2_C
11519  case SIG_RSA_MD2:
11520  md2( message_str, msg_len, hash_result );
11521  break;
11522  #endif
11523  #ifdef POLARSSL_MD4_C
11524  case SIG_RSA_MD4:
11525  md4( message_str, msg_len, hash_result );
11526  break;
11527  #endif
11528  #ifdef POLARSSL_MD5_C
11529  case SIG_RSA_MD5:
11530  md5( message_str, msg_len, hash_result );
11531  break;
11532  #endif
11533  #ifdef POLARSSL_SHA1_C
11534  case SIG_RSA_SHA1:
11535  sha1( message_str, msg_len, hash_result );
11536  break;
11537  #endif
11538  #ifdef POLARSSL_SHA2_C
11539  case SIG_RSA_SHA224:
11540  sha2( message_str, msg_len, hash_result, 1 );
11541  break;
11542  case SIG_RSA_SHA256:
11543  sha2( message_str, msg_len, hash_result, 0 );
11544  break;
11545  #endif
11546  #ifdef POLARSSL_SHA4_C
11547  case SIG_RSA_SHA384:
11548  sha4( message_str, msg_len, hash_result, 1 );
11549  break;
11550  case SIG_RSA_SHA512:
11551  sha4( message_str, msg_len, hash_result, 0 );
11552  break;
11553  #endif
11554  }
11555 
11556  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11557 
11558  rsa_free( &ctx );
11559  }
11560  FCT_TEST_END();
11561 
11562 
11563  FCT_TEST_BGN(rsassa_pss_signature_example_6_5)
11564  {
11565  unsigned char message_str[1000];
11566  unsigned char hash_result[1000];
11567  unsigned char output[1000];
11568  unsigned char output_str[1000];
11569  unsigned char rnd_buf[1000];
11570  rsa_context ctx;
11571  mpi P1, Q1, H, G;
11572  size_t msg_len;
11573  rnd_buf_info info;
11574 
11575  info.length = unhexify( rnd_buf, "7b790c1d62f7b84e94df6af28917cf571018110e" );
11576  info.buf = rnd_buf;
11577 
11578  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11580 
11581  memset( message_str, 0x00, 1000 );
11582  memset( hash_result, 0x00, 1000 );
11583  memset( output, 0x00, 1000 );
11584  memset( output_str, 0x00, 1000 );
11585 
11586  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11587  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11588  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11589  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11590  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11591 
11592  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11593  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11594  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11595  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11596  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11597  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11598  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11599  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11600 
11601  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11602 
11603  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11604 
11605  switch( SIG_RSA_SHA1 )
11606  {
11607  #ifdef POLARSSL_MD2_C
11608  case SIG_RSA_MD2:
11609  md2( message_str, msg_len, hash_result );
11610  break;
11611  #endif
11612  #ifdef POLARSSL_MD4_C
11613  case SIG_RSA_MD4:
11614  md4( message_str, msg_len, hash_result );
11615  break;
11616  #endif
11617  #ifdef POLARSSL_MD5_C
11618  case SIG_RSA_MD5:
11619  md5( message_str, msg_len, hash_result );
11620  break;
11621  #endif
11622  #ifdef POLARSSL_SHA1_C
11623  case SIG_RSA_SHA1:
11624  sha1( message_str, msg_len, hash_result );
11625  break;
11626  #endif
11627  #ifdef POLARSSL_SHA2_C
11628  case SIG_RSA_SHA224:
11629  sha2( message_str, msg_len, hash_result, 1 );
11630  break;
11631  case SIG_RSA_SHA256:
11632  sha2( message_str, msg_len, hash_result, 0 );
11633  break;
11634  #endif
11635  #ifdef POLARSSL_SHA4_C
11636  case SIG_RSA_SHA384:
11637  sha4( message_str, msg_len, hash_result, 1 );
11638  break;
11639  case SIG_RSA_SHA512:
11640  sha4( message_str, msg_len, hash_result, 0 );
11641  break;
11642  #endif
11643  }
11644 
11645  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11646  if( 0 == 0 )
11647  {
11648  hexify( output_str, output, ctx.len);
11649 
11650  fct_chk( strcasecmp( (char *) output_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" ) == 0 );
11651  }
11652 
11653  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11654  rsa_free( &ctx );
11655  }
11656  FCT_TEST_END();
11657 
11658 
11659  FCT_TEST_BGN(rsassa_pss_signature_example_6_5_verify)
11660  {
11661  unsigned char message_str[1000];
11662  unsigned char hash_result[1000];
11663  unsigned char result_str[1000];
11664  rsa_context ctx;
11665  size_t msg_len;
11666 
11668  memset( message_str, 0x00, 1000 );
11669  memset( hash_result, 0x00, 1000 );
11670  memset( result_str, 0x00, 1000 );
11671 
11672  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11673  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11674  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11675 
11676  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11677 
11678  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11679  unhexify( result_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" );
11680 
11681  switch( SIG_RSA_SHA1 )
11682  {
11683  #ifdef POLARSSL_MD2_C
11684  case SIG_RSA_MD2:
11685  md2( message_str, msg_len, hash_result );
11686  break;
11687  #endif
11688  #ifdef POLARSSL_MD4_C
11689  case SIG_RSA_MD4:
11690  md4( message_str, msg_len, hash_result );
11691  break;
11692  #endif
11693  #ifdef POLARSSL_MD5_C
11694  case SIG_RSA_MD5:
11695  md5( message_str, msg_len, hash_result );
11696  break;
11697  #endif
11698  #ifdef POLARSSL_SHA1_C
11699  case SIG_RSA_SHA1:
11700  sha1( message_str, msg_len, hash_result );
11701  break;
11702  #endif
11703  #ifdef POLARSSL_SHA2_C
11704  case SIG_RSA_SHA224:
11705  sha2( message_str, msg_len, hash_result, 1 );
11706  break;
11707  case SIG_RSA_SHA256:
11708  sha2( message_str, msg_len, hash_result, 0 );
11709  break;
11710  #endif
11711  #ifdef POLARSSL_SHA4_C
11712  case SIG_RSA_SHA384:
11713  sha4( message_str, msg_len, hash_result, 1 );
11714  break;
11715  case SIG_RSA_SHA512:
11716  sha4( message_str, msg_len, hash_result, 0 );
11717  break;
11718  #endif
11719  }
11720 
11721  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11722 
11723  rsa_free( &ctx );
11724  }
11725  FCT_TEST_END();
11726 
11727 
11728  FCT_TEST_BGN(rsassa_pss_signature_example_6_6)
11729  {
11730  unsigned char message_str[1000];
11731  unsigned char hash_result[1000];
11732  unsigned char output[1000];
11733  unsigned char output_str[1000];
11734  unsigned char rnd_buf[1000];
11735  rsa_context ctx;
11736  mpi P1, Q1, H, G;
11737  size_t msg_len;
11738  rnd_buf_info info;
11739 
11740  info.length = unhexify( rnd_buf, "fbbe059025b69b89fb14ae2289e7aaafe60c0fcd" );
11741  info.buf = rnd_buf;
11742 
11743  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11745 
11746  memset( message_str, 0x00, 1000 );
11747  memset( hash_result, 0x00, 1000 );
11748  memset( output, 0x00, 1000 );
11749  memset( output_str, 0x00, 1000 );
11750 
11751  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11752  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11753  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11754  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11755  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11756 
11757  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11758  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11759  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11760  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11761  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11762  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11763  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11764  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11765 
11766  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11767 
11768  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11769 
11770  switch( SIG_RSA_SHA1 )
11771  {
11772  #ifdef POLARSSL_MD2_C
11773  case SIG_RSA_MD2:
11774  md2( message_str, msg_len, hash_result );
11775  break;
11776  #endif
11777  #ifdef POLARSSL_MD4_C
11778  case SIG_RSA_MD4:
11779  md4( message_str, msg_len, hash_result );
11780  break;
11781  #endif
11782  #ifdef POLARSSL_MD5_C
11783  case SIG_RSA_MD5:
11784  md5( message_str, msg_len, hash_result );
11785  break;
11786  #endif
11787  #ifdef POLARSSL_SHA1_C
11788  case SIG_RSA_SHA1:
11789  sha1( message_str, msg_len, hash_result );
11790  break;
11791  #endif
11792  #ifdef POLARSSL_SHA2_C
11793  case SIG_RSA_SHA224:
11794  sha2( message_str, msg_len, hash_result, 1 );
11795  break;
11796  case SIG_RSA_SHA256:
11797  sha2( message_str, msg_len, hash_result, 0 );
11798  break;
11799  #endif
11800  #ifdef POLARSSL_SHA4_C
11801  case SIG_RSA_SHA384:
11802  sha4( message_str, msg_len, hash_result, 1 );
11803  break;
11804  case SIG_RSA_SHA512:
11805  sha4( message_str, msg_len, hash_result, 0 );
11806  break;
11807  #endif
11808  }
11809 
11810  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11811  if( 0 == 0 )
11812  {
11813  hexify( output_str, output, ctx.len);
11814 
11815  fct_chk( strcasecmp( (char *) output_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" ) == 0 );
11816  }
11817 
11818  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11819  rsa_free( &ctx );
11820  }
11821  FCT_TEST_END();
11822 
11823 
11824  FCT_TEST_BGN(rsassa_pss_signature_example_6_6_verify)
11825  {
11826  unsigned char message_str[1000];
11827  unsigned char hash_result[1000];
11828  unsigned char result_str[1000];
11829  rsa_context ctx;
11830  size_t msg_len;
11831 
11833  memset( message_str, 0x00, 1000 );
11834  memset( hash_result, 0x00, 1000 );
11835  memset( result_str, 0x00, 1000 );
11836 
11837  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11838  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11839  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11840 
11841  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11842 
11843  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11844  unhexify( result_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" );
11845 
11846  switch( SIG_RSA_SHA1 )
11847  {
11848  #ifdef POLARSSL_MD2_C
11849  case SIG_RSA_MD2:
11850  md2( message_str, msg_len, hash_result );
11851  break;
11852  #endif
11853  #ifdef POLARSSL_MD4_C
11854  case SIG_RSA_MD4:
11855  md4( message_str, msg_len, hash_result );
11856  break;
11857  #endif
11858  #ifdef POLARSSL_MD5_C
11859  case SIG_RSA_MD5:
11860  md5( message_str, msg_len, hash_result );
11861  break;
11862  #endif
11863  #ifdef POLARSSL_SHA1_C
11864  case SIG_RSA_SHA1:
11865  sha1( message_str, msg_len, hash_result );
11866  break;
11867  #endif
11868  #ifdef POLARSSL_SHA2_C
11869  case SIG_RSA_SHA224:
11870  sha2( message_str, msg_len, hash_result, 1 );
11871  break;
11872  case SIG_RSA_SHA256:
11873  sha2( message_str, msg_len, hash_result, 0 );
11874  break;
11875  #endif
11876  #ifdef POLARSSL_SHA4_C
11877  case SIG_RSA_SHA384:
11878  sha4( message_str, msg_len, hash_result, 1 );
11879  break;
11880  case SIG_RSA_SHA512:
11881  sha4( message_str, msg_len, hash_result, 0 );
11882  break;
11883  #endif
11884  }
11885 
11886  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11887 
11888  rsa_free( &ctx );
11889  }
11890  FCT_TEST_END();
11891 
11892 
11893  FCT_TEST_BGN(rsassa_pss_signature_example_7_1)
11894  {
11895  unsigned char message_str[1000];
11896  unsigned char hash_result[1000];
11897  unsigned char output[1000];
11898  unsigned char output_str[1000];
11899  unsigned char rnd_buf[1000];
11900  rsa_context ctx;
11901  mpi P1, Q1, H, G;
11902  size_t msg_len;
11903  rnd_buf_info info;
11904 
11905  info.length = unhexify( rnd_buf, "b7867a59958cb54328f8775e6546ec06d27eaa50" );
11906  info.buf = rnd_buf;
11907 
11908  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11910 
11911  memset( message_str, 0x00, 1000 );
11912  memset( hash_result, 0x00, 1000 );
11913  memset( output, 0x00, 1000 );
11914  memset( output_str, 0x00, 1000 );
11915 
11916  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11917  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11918  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11919  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11920  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11921 
11922  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11923  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11924  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11925  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11926  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11927  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11928  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11929  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11930 
11931  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11932 
11933  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11934 
11935  switch( SIG_RSA_SHA1 )
11936  {
11937  #ifdef POLARSSL_MD2_C
11938  case SIG_RSA_MD2:
11939  md2( message_str, msg_len, hash_result );
11940  break;
11941  #endif
11942  #ifdef POLARSSL_MD4_C
11943  case SIG_RSA_MD4:
11944  md4( message_str, msg_len, hash_result );
11945  break;
11946  #endif
11947  #ifdef POLARSSL_MD5_C
11948  case SIG_RSA_MD5:
11949  md5( message_str, msg_len, hash_result );
11950  break;
11951  #endif
11952  #ifdef POLARSSL_SHA1_C
11953  case SIG_RSA_SHA1:
11954  sha1( message_str, msg_len, hash_result );
11955  break;
11956  #endif
11957  #ifdef POLARSSL_SHA2_C
11958  case SIG_RSA_SHA224:
11959  sha2( message_str, msg_len, hash_result, 1 );
11960  break;
11961  case SIG_RSA_SHA256:
11962  sha2( message_str, msg_len, hash_result, 0 );
11963  break;
11964  #endif
11965  #ifdef POLARSSL_SHA4_C
11966  case SIG_RSA_SHA384:
11967  sha4( message_str, msg_len, hash_result, 1 );
11968  break;
11969  case SIG_RSA_SHA512:
11970  sha4( message_str, msg_len, hash_result, 0 );
11971  break;
11972  #endif
11973  }
11974 
11975  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11976  if( 0 == 0 )
11977  {
11978  hexify( output_str, output, ctx.len);
11979 
11980  fct_chk( strcasecmp( (char *) output_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" ) == 0 );
11981  }
11982 
11983  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11984  rsa_free( &ctx );
11985  }
11986  FCT_TEST_END();
11987 
11988 
11989  FCT_TEST_BGN(rsassa_pss_signature_example_7_1_verify)
11990  {
11991  unsigned char message_str[1000];
11992  unsigned char hash_result[1000];
11993  unsigned char result_str[1000];
11994  rsa_context ctx;
11995  size_t msg_len;
11996 
11998  memset( message_str, 0x00, 1000 );
11999  memset( hash_result, 0x00, 1000 );
12000  memset( result_str, 0x00, 1000 );
12001 
12002  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12003  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12004  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12005 
12006  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12007 
12008  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
12009  unhexify( result_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" );
12010 
12011  switch( SIG_RSA_SHA1 )
12012  {
12013  #ifdef POLARSSL_MD2_C
12014  case SIG_RSA_MD2:
12015  md2( message_str, msg_len, hash_result );
12016  break;
12017  #endif
12018  #ifdef POLARSSL_MD4_C
12019  case SIG_RSA_MD4:
12020  md4( message_str, msg_len, hash_result );
12021  break;
12022  #endif
12023  #ifdef POLARSSL_MD5_C
12024  case SIG_RSA_MD5:
12025  md5( message_str, msg_len, hash_result );
12026  break;
12027  #endif
12028  #ifdef POLARSSL_SHA1_C
12029  case SIG_RSA_SHA1:
12030  sha1( message_str, msg_len, hash_result );
12031  break;
12032  #endif
12033  #ifdef POLARSSL_SHA2_C
12034  case SIG_RSA_SHA224:
12035  sha2( message_str, msg_len, hash_result, 1 );
12036  break;
12037  case SIG_RSA_SHA256:
12038  sha2( message_str, msg_len, hash_result, 0 );
12039  break;
12040  #endif
12041  #ifdef POLARSSL_SHA4_C
12042  case SIG_RSA_SHA384:
12043  sha4( message_str, msg_len, hash_result, 1 );
12044  break;
12045  case SIG_RSA_SHA512:
12046  sha4( message_str, msg_len, hash_result, 0 );
12047  break;
12048  #endif
12049  }
12050 
12051  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12052 
12053  rsa_free( &ctx );
12054  }
12055  FCT_TEST_END();
12056 
12057 
12058  FCT_TEST_BGN(rsassa_pss_signature_example_7_2)
12059  {
12060  unsigned char message_str[1000];
12061  unsigned char hash_result[1000];
12062  unsigned char output[1000];
12063  unsigned char output_str[1000];
12064  unsigned char rnd_buf[1000];
12065  rsa_context ctx;
12066  mpi P1, Q1, H, G;
12067  size_t msg_len;
12068  rnd_buf_info info;
12069 
12070  info.length = unhexify( rnd_buf, "0c09582266df086310821ba7e18df64dfee6de09" );
12071  info.buf = rnd_buf;
12072 
12073  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12075 
12076  memset( message_str, 0x00, 1000 );
12077  memset( hash_result, 0x00, 1000 );
12078  memset( output, 0x00, 1000 );
12079  memset( output_str, 0x00, 1000 );
12080 
12081  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12082  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12083  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12084  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12085  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12086 
12087  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12088  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12089  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12090  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12091  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12092  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12093  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12094  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12095 
12096  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12097 
12098  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
12099 
12100  switch( SIG_RSA_SHA1 )
12101  {
12102  #ifdef POLARSSL_MD2_C
12103  case SIG_RSA_MD2:
12104  md2( message_str, msg_len, hash_result );
12105  break;
12106  #endif
12107  #ifdef POLARSSL_MD4_C
12108  case SIG_RSA_MD4:
12109  md4( message_str, msg_len, hash_result );
12110  break;
12111  #endif
12112  #ifdef POLARSSL_MD5_C
12113  case SIG_RSA_MD5:
12114  md5( message_str, msg_len, hash_result );
12115  break;
12116  #endif
12117  #ifdef POLARSSL_SHA1_C
12118  case SIG_RSA_SHA1:
12119  sha1( message_str, msg_len, hash_result );
12120  break;
12121  #endif
12122  #ifdef POLARSSL_SHA2_C
12123  case SIG_RSA_SHA224:
12124  sha2( message_str, msg_len, hash_result, 1 );
12125  break;
12126  case SIG_RSA_SHA256:
12127  sha2( message_str, msg_len, hash_result, 0 );
12128  break;
12129  #endif
12130  #ifdef POLARSSL_SHA4_C
12131  case SIG_RSA_SHA384:
12132  sha4( message_str, msg_len, hash_result, 1 );
12133  break;
12134  case SIG_RSA_SHA512:
12135  sha4( message_str, msg_len, hash_result, 0 );
12136  break;
12137  #endif
12138  }
12139 
12140  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12141  if( 0 == 0 )
12142  {
12143  hexify( output_str, output, ctx.len);
12144 
12145  fct_chk( strcasecmp( (char *) output_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" ) == 0 );
12146  }
12147 
12148  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12149  rsa_free( &ctx );
12150  }
12151  FCT_TEST_END();
12152 
12153 
12154  FCT_TEST_BGN(rsassa_pss_signature_example_7_2_verify)
12155  {
12156  unsigned char message_str[1000];
12157  unsigned char hash_result[1000];
12158  unsigned char result_str[1000];
12159  rsa_context ctx;
12160  size_t msg_len;
12161 
12163  memset( message_str, 0x00, 1000 );
12164  memset( hash_result, 0x00, 1000 );
12165  memset( result_str, 0x00, 1000 );
12166 
12167  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12168  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12169  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12170 
12171  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12172 
12173  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
12174  unhexify( result_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" );
12175 
12176  switch( SIG_RSA_SHA1 )
12177  {
12178  #ifdef POLARSSL_MD2_C
12179  case SIG_RSA_MD2:
12180  md2( message_str, msg_len, hash_result );
12181  break;
12182  #endif
12183  #ifdef POLARSSL_MD4_C
12184  case SIG_RSA_MD4:
12185  md4( message_str, msg_len, hash_result );
12186  break;
12187  #endif
12188  #ifdef POLARSSL_MD5_C
12189  case SIG_RSA_MD5:
12190  md5( message_str, msg_len, hash_result );
12191  break;
12192  #endif
12193  #ifdef POLARSSL_SHA1_C
12194  case SIG_RSA_SHA1:
12195  sha1( message_str, msg_len, hash_result );
12196  break;
12197  #endif
12198  #ifdef POLARSSL_SHA2_C
12199  case SIG_RSA_SHA224:
12200  sha2( message_str, msg_len, hash_result, 1 );
12201  break;
12202  case SIG_RSA_SHA256:
12203  sha2( message_str, msg_len, hash_result, 0 );
12204  break;
12205  #endif
12206  #ifdef POLARSSL_SHA4_C
12207  case SIG_RSA_SHA384:
12208  sha4( message_str, msg_len, hash_result, 1 );
12209  break;
12210  case SIG_RSA_SHA512:
12211  sha4( message_str, msg_len, hash_result, 0 );
12212  break;
12213  #endif
12214  }
12215 
12216  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12217 
12218  rsa_free( &ctx );
12219  }
12220  FCT_TEST_END();
12221 
12222 
12223  FCT_TEST_BGN(rsassa_pss_signature_example_7_3)
12224  {
12225  unsigned char message_str[1000];
12226  unsigned char hash_result[1000];
12227  unsigned char output[1000];
12228  unsigned char output_str[1000];
12229  unsigned char rnd_buf[1000];
12230  rsa_context ctx;
12231  mpi P1, Q1, H, G;
12232  size_t msg_len;
12233  rnd_buf_info info;
12234 
12235  info.length = unhexify( rnd_buf, "28039dcfe106d3b8296611258c4a56651c9e92dd" );
12236  info.buf = rnd_buf;
12237 
12238  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12240 
12241  memset( message_str, 0x00, 1000 );
12242  memset( hash_result, 0x00, 1000 );
12243  memset( output, 0x00, 1000 );
12244  memset( output_str, 0x00, 1000 );
12245 
12246  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12247  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12248  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12249  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12250  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12251 
12252  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12253  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12254  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12255  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12256  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12257  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12258  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12259  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12260 
12261  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12262 
12263  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
12264 
12265  switch( SIG_RSA_SHA1 )
12266  {
12267  #ifdef POLARSSL_MD2_C
12268  case SIG_RSA_MD2:
12269  md2( message_str, msg_len, hash_result );
12270  break;
12271  #endif
12272  #ifdef POLARSSL_MD4_C
12273  case SIG_RSA_MD4:
12274  md4( message_str, msg_len, hash_result );
12275  break;
12276  #endif
12277  #ifdef POLARSSL_MD5_C
12278  case SIG_RSA_MD5:
12279  md5( message_str, msg_len, hash_result );
12280  break;
12281  #endif
12282  #ifdef POLARSSL_SHA1_C
12283  case SIG_RSA_SHA1:
12284  sha1( message_str, msg_len, hash_result );
12285  break;
12286  #endif
12287  #ifdef POLARSSL_SHA2_C
12288  case SIG_RSA_SHA224:
12289  sha2( message_str, msg_len, hash_result, 1 );
12290  break;
12291  case SIG_RSA_SHA256:
12292  sha2( message_str, msg_len, hash_result, 0 );
12293  break;
12294  #endif
12295  #ifdef POLARSSL_SHA4_C
12296  case SIG_RSA_SHA384:
12297  sha4( message_str, msg_len, hash_result, 1 );
12298  break;
12299  case SIG_RSA_SHA512:
12300  sha4( message_str, msg_len, hash_result, 0 );
12301  break;
12302  #endif
12303  }
12304 
12305  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12306  if( 0 == 0 )
12307  {
12308  hexify( output_str, output, ctx.len);
12309 
12310  fct_chk( strcasecmp( (char *) output_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" ) == 0 );
12311  }
12312 
12313  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12314  rsa_free( &ctx );
12315  }
12316  FCT_TEST_END();
12317 
12318 
12319  FCT_TEST_BGN(rsassa_pss_signature_example_7_3_verify)
12320  {
12321  unsigned char message_str[1000];
12322  unsigned char hash_result[1000];
12323  unsigned char result_str[1000];
12324  rsa_context ctx;
12325  size_t msg_len;
12326 
12328  memset( message_str, 0x00, 1000 );
12329  memset( hash_result, 0x00, 1000 );
12330  memset( result_str, 0x00, 1000 );
12331 
12332  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12333  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12334  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12335 
12336  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12337 
12338  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
12339  unhexify( result_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" );
12340 
12341  switch( SIG_RSA_SHA1 )
12342  {
12343  #ifdef POLARSSL_MD2_C
12344  case SIG_RSA_MD2:
12345  md2( message_str, msg_len, hash_result );
12346  break;
12347  #endif
12348  #ifdef POLARSSL_MD4_C
12349  case SIG_RSA_MD4:
12350  md4( message_str, msg_len, hash_result );
12351  break;
12352  #endif
12353  #ifdef POLARSSL_MD5_C
12354  case SIG_RSA_MD5:
12355  md5( message_str, msg_len, hash_result );
12356  break;
12357  #endif
12358  #ifdef POLARSSL_SHA1_C
12359  case SIG_RSA_SHA1:
12360  sha1( message_str, msg_len, hash_result );
12361  break;
12362  #endif
12363  #ifdef POLARSSL_SHA2_C
12364  case SIG_RSA_SHA224:
12365  sha2( message_str, msg_len, hash_result, 1 );
12366  break;
12367  case SIG_RSA_SHA256:
12368  sha2( message_str, msg_len, hash_result, 0 );
12369  break;
12370  #endif
12371  #ifdef POLARSSL_SHA4_C
12372  case SIG_RSA_SHA384:
12373  sha4( message_str, msg_len, hash_result, 1 );
12374  break;
12375  case SIG_RSA_SHA512:
12376  sha4( message_str, msg_len, hash_result, 0 );
12377  break;
12378  #endif
12379  }
12380 
12381  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12382 
12383  rsa_free( &ctx );
12384  }
12385  FCT_TEST_END();
12386 
12387 
12388  FCT_TEST_BGN(rsassa_pss_signature_example_7_4)
12389  {
12390  unsigned char message_str[1000];
12391  unsigned char hash_result[1000];
12392  unsigned char output[1000];
12393  unsigned char output_str[1000];
12394  unsigned char rnd_buf[1000];
12395  rsa_context ctx;
12396  mpi P1, Q1, H, G;
12397  size_t msg_len;
12398  rnd_buf_info info;
12399 
12400  info.length = unhexify( rnd_buf, "a77821ebbbef24628e4e12e1d0ea96de398f7b0f" );
12401  info.buf = rnd_buf;
12402 
12403  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12405 
12406  memset( message_str, 0x00, 1000 );
12407  memset( hash_result, 0x00, 1000 );
12408  memset( output, 0x00, 1000 );
12409  memset( output_str, 0x00, 1000 );
12410 
12411  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12412  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12413  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12414  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12415  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12416 
12417  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12418  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12419  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12420  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12421  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12422  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12423  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12424  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12425 
12426  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12427 
12428  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12429 
12430  switch( SIG_RSA_SHA1 )
12431  {
12432  #ifdef POLARSSL_MD2_C
12433  case SIG_RSA_MD2:
12434  md2( message_str, msg_len, hash_result );
12435  break;
12436  #endif
12437  #ifdef POLARSSL_MD4_C
12438  case SIG_RSA_MD4:
12439  md4( message_str, msg_len, hash_result );
12440  break;
12441  #endif
12442  #ifdef POLARSSL_MD5_C
12443  case SIG_RSA_MD5:
12444  md5( message_str, msg_len, hash_result );
12445  break;
12446  #endif
12447  #ifdef POLARSSL_SHA1_C
12448  case SIG_RSA_SHA1:
12449  sha1( message_str, msg_len, hash_result );
12450  break;
12451  #endif
12452  #ifdef POLARSSL_SHA2_C
12453  case SIG_RSA_SHA224:
12454  sha2( message_str, msg_len, hash_result, 1 );
12455  break;
12456  case SIG_RSA_SHA256:
12457  sha2( message_str, msg_len, hash_result, 0 );
12458  break;
12459  #endif
12460  #ifdef POLARSSL_SHA4_C
12461  case SIG_RSA_SHA384:
12462  sha4( message_str, msg_len, hash_result, 1 );
12463  break;
12464  case SIG_RSA_SHA512:
12465  sha4( message_str, msg_len, hash_result, 0 );
12466  break;
12467  #endif
12468  }
12469 
12470  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12471  if( 0 == 0 )
12472  {
12473  hexify( output_str, output, ctx.len);
12474 
12475  fct_chk( strcasecmp( (char *) output_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" ) == 0 );
12476  }
12477 
12478  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12479  rsa_free( &ctx );
12480  }
12481  FCT_TEST_END();
12482 
12483 
12484  FCT_TEST_BGN(rsassa_pss_signature_example_7_4_verify)
12485  {
12486  unsigned char message_str[1000];
12487  unsigned char hash_result[1000];
12488  unsigned char result_str[1000];
12489  rsa_context ctx;
12490  size_t msg_len;
12491 
12493  memset( message_str, 0x00, 1000 );
12494  memset( hash_result, 0x00, 1000 );
12495  memset( result_str, 0x00, 1000 );
12496 
12497  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12498  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12499  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12500 
12501  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12502 
12503  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12504  unhexify( result_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" );
12505 
12506  switch( SIG_RSA_SHA1 )
12507  {
12508  #ifdef POLARSSL_MD2_C
12509  case SIG_RSA_MD2:
12510  md2( message_str, msg_len, hash_result );
12511  break;
12512  #endif
12513  #ifdef POLARSSL_MD4_C
12514  case SIG_RSA_MD4:
12515  md4( message_str, msg_len, hash_result );
12516  break;
12517  #endif
12518  #ifdef POLARSSL_MD5_C
12519  case SIG_RSA_MD5:
12520  md5( message_str, msg_len, hash_result );
12521  break;
12522  #endif
12523  #ifdef POLARSSL_SHA1_C
12524  case SIG_RSA_SHA1:
12525  sha1( message_str, msg_len, hash_result );
12526  break;
12527  #endif
12528  #ifdef POLARSSL_SHA2_C
12529  case SIG_RSA_SHA224:
12530  sha2( message_str, msg_len, hash_result, 1 );
12531  break;
12532  case SIG_RSA_SHA256:
12533  sha2( message_str, msg_len, hash_result, 0 );
12534  break;
12535  #endif
12536  #ifdef POLARSSL_SHA4_C
12537  case SIG_RSA_SHA384:
12538  sha4( message_str, msg_len, hash_result, 1 );
12539  break;
12540  case SIG_RSA_SHA512:
12541  sha4( message_str, msg_len, hash_result, 0 );
12542  break;
12543  #endif
12544  }
12545 
12546  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12547 
12548  rsa_free( &ctx );
12549  }
12550  FCT_TEST_END();
12551 
12552 
12553  FCT_TEST_BGN(rsassa_pss_signature_example_7_5)
12554  {
12555  unsigned char message_str[1000];
12556  unsigned char hash_result[1000];
12557  unsigned char output[1000];
12558  unsigned char output_str[1000];
12559  unsigned char rnd_buf[1000];
12560  rsa_context ctx;
12561  mpi P1, Q1, H, G;
12562  size_t msg_len;
12563  rnd_buf_info info;
12564 
12565  info.length = unhexify( rnd_buf, "9d5ad8eb452134b65dc3a98b6a73b5f741609cd6" );
12566  info.buf = rnd_buf;
12567 
12568  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12570 
12571  memset( message_str, 0x00, 1000 );
12572  memset( hash_result, 0x00, 1000 );
12573  memset( output, 0x00, 1000 );
12574  memset( output_str, 0x00, 1000 );
12575 
12576  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12577  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12578  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12579  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12580  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12581 
12582  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12583  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12584  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12585  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12586  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12587  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12588  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12589  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12590 
12591  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12592 
12593  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12594 
12595  switch( SIG_RSA_SHA1 )
12596  {
12597  #ifdef POLARSSL_MD2_C
12598  case SIG_RSA_MD2:
12599  md2( message_str, msg_len, hash_result );
12600  break;
12601  #endif
12602  #ifdef POLARSSL_MD4_C
12603  case SIG_RSA_MD4:
12604  md4( message_str, msg_len, hash_result );
12605  break;
12606  #endif
12607  #ifdef POLARSSL_MD5_C
12608  case SIG_RSA_MD5:
12609  md5( message_str, msg_len, hash_result );
12610  break;
12611  #endif
12612  #ifdef POLARSSL_SHA1_C
12613  case SIG_RSA_SHA1:
12614  sha1( message_str, msg_len, hash_result );
12615  break;
12616  #endif
12617  #ifdef POLARSSL_SHA2_C
12618  case SIG_RSA_SHA224:
12619  sha2( message_str, msg_len, hash_result, 1 );
12620  break;
12621  case SIG_RSA_SHA256:
12622  sha2( message_str, msg_len, hash_result, 0 );
12623  break;
12624  #endif
12625  #ifdef POLARSSL_SHA4_C
12626  case SIG_RSA_SHA384:
12627  sha4( message_str, msg_len, hash_result, 1 );
12628  break;
12629  case SIG_RSA_SHA512:
12630  sha4( message_str, msg_len, hash_result, 0 );
12631  break;
12632  #endif
12633  }
12634 
12635  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12636  if( 0 == 0 )
12637  {
12638  hexify( output_str, output, ctx.len);
12639 
12640  fct_chk( strcasecmp( (char *) output_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" ) == 0 );
12641  }
12642 
12643  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12644  rsa_free( &ctx );
12645  }
12646  FCT_TEST_END();
12647 
12648 
12649  FCT_TEST_BGN(rsassa_pss_signature_example_7_5_verify)
12650  {
12651  unsigned char message_str[1000];
12652  unsigned char hash_result[1000];
12653  unsigned char result_str[1000];
12654  rsa_context ctx;
12655  size_t msg_len;
12656 
12658  memset( message_str, 0x00, 1000 );
12659  memset( hash_result, 0x00, 1000 );
12660  memset( result_str, 0x00, 1000 );
12661 
12662  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12663  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12664  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12665 
12666  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12667 
12668  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12669  unhexify( result_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" );
12670 
12671  switch( SIG_RSA_SHA1 )
12672  {
12673  #ifdef POLARSSL_MD2_C
12674  case SIG_RSA_MD2:
12675  md2( message_str, msg_len, hash_result );
12676  break;
12677  #endif
12678  #ifdef POLARSSL_MD4_C
12679  case SIG_RSA_MD4:
12680  md4( message_str, msg_len, hash_result );
12681  break;
12682  #endif
12683  #ifdef POLARSSL_MD5_C
12684  case SIG_RSA_MD5:
12685  md5( message_str, msg_len, hash_result );
12686  break;
12687  #endif
12688  #ifdef POLARSSL_SHA1_C
12689  case SIG_RSA_SHA1:
12690  sha1( message_str, msg_len, hash_result );
12691  break;
12692  #endif
12693  #ifdef POLARSSL_SHA2_C
12694  case SIG_RSA_SHA224:
12695  sha2( message_str, msg_len, hash_result, 1 );
12696  break;
12697  case SIG_RSA_SHA256:
12698  sha2( message_str, msg_len, hash_result, 0 );
12699  break;
12700  #endif
12701  #ifdef POLARSSL_SHA4_C
12702  case SIG_RSA_SHA384:
12703  sha4( message_str, msg_len, hash_result, 1 );
12704  break;
12705  case SIG_RSA_SHA512:
12706  sha4( message_str, msg_len, hash_result, 0 );
12707  break;
12708  #endif
12709  }
12710 
12711  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12712 
12713  rsa_free( &ctx );
12714  }
12715  FCT_TEST_END();
12716 
12717 
12718  FCT_TEST_BGN(rsassa_pss_signature_example_7_6)
12719  {
12720  unsigned char message_str[1000];
12721  unsigned char hash_result[1000];
12722  unsigned char output[1000];
12723  unsigned char output_str[1000];
12724  unsigned char rnd_buf[1000];
12725  rsa_context ctx;
12726  mpi P1, Q1, H, G;
12727  size_t msg_len;
12728  rnd_buf_info info;
12729 
12730  info.length = unhexify( rnd_buf, "3f2efc595880a7d47fcf3cba04983ea54c4b73fb" );
12731  info.buf = rnd_buf;
12732 
12733  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12735 
12736  memset( message_str, 0x00, 1000 );
12737  memset( hash_result, 0x00, 1000 );
12738  memset( output, 0x00, 1000 );
12739  memset( output_str, 0x00, 1000 );
12740 
12741  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12742  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12743  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12744  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12745  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12746 
12747  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12748  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12749  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12750  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12751  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12752  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12753  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12754  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12755 
12756  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12757 
12758  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12759 
12760  switch( SIG_RSA_SHA1 )
12761  {
12762  #ifdef POLARSSL_MD2_C
12763  case SIG_RSA_MD2:
12764  md2( message_str, msg_len, hash_result );
12765  break;
12766  #endif
12767  #ifdef POLARSSL_MD4_C
12768  case SIG_RSA_MD4:
12769  md4( message_str, msg_len, hash_result );
12770  break;
12771  #endif
12772  #ifdef POLARSSL_MD5_C
12773  case SIG_RSA_MD5:
12774  md5( message_str, msg_len, hash_result );
12775  break;
12776  #endif
12777  #ifdef POLARSSL_SHA1_C
12778  case SIG_RSA_SHA1:
12779  sha1( message_str, msg_len, hash_result );
12780  break;
12781  #endif
12782  #ifdef POLARSSL_SHA2_C
12783  case SIG_RSA_SHA224:
12784  sha2( message_str, msg_len, hash_result, 1 );
12785  break;
12786  case SIG_RSA_SHA256:
12787  sha2( message_str, msg_len, hash_result, 0 );
12788  break;
12789  #endif
12790  #ifdef POLARSSL_SHA4_C
12791  case SIG_RSA_SHA384:
12792  sha4( message_str, msg_len, hash_result, 1 );
12793  break;
12794  case SIG_RSA_SHA512:
12795  sha4( message_str, msg_len, hash_result, 0 );
12796  break;
12797  #endif
12798  }
12799 
12800  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12801  if( 0 == 0 )
12802  {
12803  hexify( output_str, output, ctx.len);
12804 
12805  fct_chk( strcasecmp( (char *) output_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" ) == 0 );
12806  }
12807 
12808  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12809  rsa_free( &ctx );
12810  }
12811  FCT_TEST_END();
12812 
12813 
12814  FCT_TEST_BGN(rsassa_pss_signature_example_7_6_verify)
12815  {
12816  unsigned char message_str[1000];
12817  unsigned char hash_result[1000];
12818  unsigned char result_str[1000];
12819  rsa_context ctx;
12820  size_t msg_len;
12821 
12823  memset( message_str, 0x00, 1000 );
12824  memset( hash_result, 0x00, 1000 );
12825  memset( result_str, 0x00, 1000 );
12826 
12827  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12828  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12829  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12830 
12831  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12832 
12833  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12834  unhexify( result_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" );
12835 
12836  switch( SIG_RSA_SHA1 )
12837  {
12838  #ifdef POLARSSL_MD2_C
12839  case SIG_RSA_MD2:
12840  md2( message_str, msg_len, hash_result );
12841  break;
12842  #endif
12843  #ifdef POLARSSL_MD4_C
12844  case SIG_RSA_MD4:
12845  md4( message_str, msg_len, hash_result );
12846  break;
12847  #endif
12848  #ifdef POLARSSL_MD5_C
12849  case SIG_RSA_MD5:
12850  md5( message_str, msg_len, hash_result );
12851  break;
12852  #endif
12853  #ifdef POLARSSL_SHA1_C
12854  case SIG_RSA_SHA1:
12855  sha1( message_str, msg_len, hash_result );
12856  break;
12857  #endif
12858  #ifdef POLARSSL_SHA2_C
12859  case SIG_RSA_SHA224:
12860  sha2( message_str, msg_len, hash_result, 1 );
12861  break;
12862  case SIG_RSA_SHA256:
12863  sha2( message_str, msg_len, hash_result, 0 );
12864  break;
12865  #endif
12866  #ifdef POLARSSL_SHA4_C
12867  case SIG_RSA_SHA384:
12868  sha4( message_str, msg_len, hash_result, 1 );
12869  break;
12870  case SIG_RSA_SHA512:
12871  sha4( message_str, msg_len, hash_result, 0 );
12872  break;
12873  #endif
12874  }
12875 
12876  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12877 
12878  rsa_free( &ctx );
12879  }
12880  FCT_TEST_END();
12881 
12882 
12883  FCT_TEST_BGN(rsassa_pss_signature_example_8_1)
12884  {
12885  unsigned char message_str[1000];
12886  unsigned char hash_result[1000];
12887  unsigned char output[1000];
12888  unsigned char output_str[1000];
12889  unsigned char rnd_buf[1000];
12890  rsa_context ctx;
12891  mpi P1, Q1, H, G;
12892  size_t msg_len;
12893  rnd_buf_info info;
12894 
12895  info.length = unhexify( rnd_buf, "1d65491d79c864b373009be6f6f2467bac4c78fa" );
12896  info.buf = rnd_buf;
12897 
12898  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12900 
12901  memset( message_str, 0x00, 1000 );
12902  memset( hash_result, 0x00, 1000 );
12903  memset( output, 0x00, 1000 );
12904  memset( output_str, 0x00, 1000 );
12905 
12906  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12907  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12908  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12909  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12910  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12911 
12912  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12913  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12914  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12915  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12916  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12917  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12918  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12919  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12920 
12921  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12922 
12923  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12924 
12925  switch( SIG_RSA_SHA1 )
12926  {
12927  #ifdef POLARSSL_MD2_C
12928  case SIG_RSA_MD2:
12929  md2( message_str, msg_len, hash_result );
12930  break;
12931  #endif
12932  #ifdef POLARSSL_MD4_C
12933  case SIG_RSA_MD4:
12934  md4( message_str, msg_len, hash_result );
12935  break;
12936  #endif
12937  #ifdef POLARSSL_MD5_C
12938  case SIG_RSA_MD5:
12939  md5( message_str, msg_len, hash_result );
12940  break;
12941  #endif
12942  #ifdef POLARSSL_SHA1_C
12943  case SIG_RSA_SHA1:
12944  sha1( message_str, msg_len, hash_result );
12945  break;
12946  #endif
12947  #ifdef POLARSSL_SHA2_C
12948  case SIG_RSA_SHA224:
12949  sha2( message_str, msg_len, hash_result, 1 );
12950  break;
12951  case SIG_RSA_SHA256:
12952  sha2( message_str, msg_len, hash_result, 0 );
12953  break;
12954  #endif
12955  #ifdef POLARSSL_SHA4_C
12956  case SIG_RSA_SHA384:
12957  sha4( message_str, msg_len, hash_result, 1 );
12958  break;
12959  case SIG_RSA_SHA512:
12960  sha4( message_str, msg_len, hash_result, 0 );
12961  break;
12962  #endif
12963  }
12964 
12965  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12966  if( 0 == 0 )
12967  {
12968  hexify( output_str, output, ctx.len);
12969 
12970  fct_chk( strcasecmp( (char *) output_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" ) == 0 );
12971  }
12972 
12973  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12974  rsa_free( &ctx );
12975  }
12976  FCT_TEST_END();
12977 
12978 
12979  FCT_TEST_BGN(rsassa_pss_signature_example_8_1_verify)
12980  {
12981  unsigned char message_str[1000];
12982  unsigned char hash_result[1000];
12983  unsigned char result_str[1000];
12984  rsa_context ctx;
12985  size_t msg_len;
12986 
12988  memset( message_str, 0x00, 1000 );
12989  memset( hash_result, 0x00, 1000 );
12990  memset( result_str, 0x00, 1000 );
12991 
12992  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12993  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12994  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12995 
12996  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12997 
12998  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12999  unhexify( result_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" );
13000 
13001  switch( SIG_RSA_SHA1 )
13002  {
13003  #ifdef POLARSSL_MD2_C
13004  case SIG_RSA_MD2:
13005  md2( message_str, msg_len, hash_result );
13006  break;
13007  #endif
13008  #ifdef POLARSSL_MD4_C
13009  case SIG_RSA_MD4:
13010  md4( message_str, msg_len, hash_result );
13011  break;
13012  #endif
13013  #ifdef POLARSSL_MD5_C
13014  case SIG_RSA_MD5:
13015  md5( message_str, msg_len, hash_result );
13016  break;
13017  #endif
13018  #ifdef POLARSSL_SHA1_C
13019  case SIG_RSA_SHA1:
13020  sha1( message_str, msg_len, hash_result );
13021  break;
13022  #endif
13023  #ifdef POLARSSL_SHA2_C
13024  case SIG_RSA_SHA224:
13025  sha2( message_str, msg_len, hash_result, 1 );
13026  break;
13027  case SIG_RSA_SHA256:
13028  sha2( message_str, msg_len, hash_result, 0 );
13029  break;
13030  #endif
13031  #ifdef POLARSSL_SHA4_C
13032  case SIG_RSA_SHA384:
13033  sha4( message_str, msg_len, hash_result, 1 );
13034  break;
13035  case SIG_RSA_SHA512:
13036  sha4( message_str, msg_len, hash_result, 0 );
13037  break;
13038  #endif
13039  }
13040 
13041  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13042 
13043  rsa_free( &ctx );
13044  }
13045  FCT_TEST_END();
13046 
13047 
13048  FCT_TEST_BGN(rsassa_pss_signature_example_8_2)
13049  {
13050  unsigned char message_str[1000];
13051  unsigned char hash_result[1000];
13052  unsigned char output[1000];
13053  unsigned char output_str[1000];
13054  unsigned char rnd_buf[1000];
13055  rsa_context ctx;
13056  mpi P1, Q1, H, G;
13057  size_t msg_len;
13058  rnd_buf_info info;
13059 
13060  info.length = unhexify( rnd_buf, "435c098aa9909eb2377f1248b091b68987ff1838" );
13061  info.buf = rnd_buf;
13062 
13063  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13065 
13066  memset( message_str, 0x00, 1000 );
13067  memset( hash_result, 0x00, 1000 );
13068  memset( output, 0x00, 1000 );
13069  memset( output_str, 0x00, 1000 );
13070 
13071  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13072  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13073  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13074  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13075  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13076 
13077  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13078  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13079  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13080  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13081  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13082  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13083  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13084  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13085 
13086  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13087 
13088  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
13089 
13090  switch( SIG_RSA_SHA1 )
13091  {
13092  #ifdef POLARSSL_MD2_C
13093  case SIG_RSA_MD2:
13094  md2( message_str, msg_len, hash_result );
13095  break;
13096  #endif
13097  #ifdef POLARSSL_MD4_C
13098  case SIG_RSA_MD4:
13099  md4( message_str, msg_len, hash_result );
13100  break;
13101  #endif
13102  #ifdef POLARSSL_MD5_C
13103  case SIG_RSA_MD5:
13104  md5( message_str, msg_len, hash_result );
13105  break;
13106  #endif
13107  #ifdef POLARSSL_SHA1_C
13108  case SIG_RSA_SHA1:
13109  sha1( message_str, msg_len, hash_result );
13110  break;
13111  #endif
13112  #ifdef POLARSSL_SHA2_C
13113  case SIG_RSA_SHA224:
13114  sha2( message_str, msg_len, hash_result, 1 );
13115  break;
13116  case SIG_RSA_SHA256:
13117  sha2( message_str, msg_len, hash_result, 0 );
13118  break;
13119  #endif
13120  #ifdef POLARSSL_SHA4_C
13121  case SIG_RSA_SHA384:
13122  sha4( message_str, msg_len, hash_result, 1 );
13123  break;
13124  case SIG_RSA_SHA512:
13125  sha4( message_str, msg_len, hash_result, 0 );
13126  break;
13127  #endif
13128  }
13129 
13130  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13131  if( 0 == 0 )
13132  {
13133  hexify( output_str, output, ctx.len);
13134 
13135  fct_chk( strcasecmp( (char *) output_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" ) == 0 );
13136  }
13137 
13138  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13139  rsa_free( &ctx );
13140  }
13141  FCT_TEST_END();
13142 
13143 
13144  FCT_TEST_BGN(rsassa_pss_signature_example_8_2_verify)
13145  {
13146  unsigned char message_str[1000];
13147  unsigned char hash_result[1000];
13148  unsigned char result_str[1000];
13149  rsa_context ctx;
13150  size_t msg_len;
13151 
13153  memset( message_str, 0x00, 1000 );
13154  memset( hash_result, 0x00, 1000 );
13155  memset( result_str, 0x00, 1000 );
13156 
13157  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13158  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13159  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13160 
13161  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13162 
13163  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
13164  unhexify( result_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" );
13165 
13166  switch( SIG_RSA_SHA1 )
13167  {
13168  #ifdef POLARSSL_MD2_C
13169  case SIG_RSA_MD2:
13170  md2( message_str, msg_len, hash_result );
13171  break;
13172  #endif
13173  #ifdef POLARSSL_MD4_C
13174  case SIG_RSA_MD4:
13175  md4( message_str, msg_len, hash_result );
13176  break;
13177  #endif
13178  #ifdef POLARSSL_MD5_C
13179  case SIG_RSA_MD5:
13180  md5( message_str, msg_len, hash_result );
13181  break;
13182  #endif
13183  #ifdef POLARSSL_SHA1_C
13184  case SIG_RSA_SHA1:
13185  sha1( message_str, msg_len, hash_result );
13186  break;
13187  #endif
13188  #ifdef POLARSSL_SHA2_C
13189  case SIG_RSA_SHA224:
13190  sha2( message_str, msg_len, hash_result, 1 );
13191  break;
13192  case SIG_RSA_SHA256:
13193  sha2( message_str, msg_len, hash_result, 0 );
13194  break;
13195  #endif
13196  #ifdef POLARSSL_SHA4_C
13197  case SIG_RSA_SHA384:
13198  sha4( message_str, msg_len, hash_result, 1 );
13199  break;
13200  case SIG_RSA_SHA512:
13201  sha4( message_str, msg_len, hash_result, 0 );
13202  break;
13203  #endif
13204  }
13205 
13206  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13207 
13208  rsa_free( &ctx );
13209  }
13210  FCT_TEST_END();
13211 
13212 
13213  FCT_TEST_BGN(rsassa_pss_signature_example_8_3)
13214  {
13215  unsigned char message_str[1000];
13216  unsigned char hash_result[1000];
13217  unsigned char output[1000];
13218  unsigned char output_str[1000];
13219  unsigned char rnd_buf[1000];
13220  rsa_context ctx;
13221  mpi P1, Q1, H, G;
13222  size_t msg_len;
13223  rnd_buf_info info;
13224 
13225  info.length = unhexify( rnd_buf, "c6ebbe76df0c4aea32c474175b2f136862d04529" );
13226  info.buf = rnd_buf;
13227 
13228  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13230 
13231  memset( message_str, 0x00, 1000 );
13232  memset( hash_result, 0x00, 1000 );
13233  memset( output, 0x00, 1000 );
13234  memset( output_str, 0x00, 1000 );
13235 
13236  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13237  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13238  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13239  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13240  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13241 
13242  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13243  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13244  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13245  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13246  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13247  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13248  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13249  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13250 
13251  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13252 
13253  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
13254 
13255  switch( SIG_RSA_SHA1 )
13256  {
13257  #ifdef POLARSSL_MD2_C
13258  case SIG_RSA_MD2:
13259  md2( message_str, msg_len, hash_result );
13260  break;
13261  #endif
13262  #ifdef POLARSSL_MD4_C
13263  case SIG_RSA_MD4:
13264  md4( message_str, msg_len, hash_result );
13265  break;
13266  #endif
13267  #ifdef POLARSSL_MD5_C
13268  case SIG_RSA_MD5:
13269  md5( message_str, msg_len, hash_result );
13270  break;
13271  #endif
13272  #ifdef POLARSSL_SHA1_C
13273  case SIG_RSA_SHA1:
13274  sha1( message_str, msg_len, hash_result );
13275  break;
13276  #endif
13277  #ifdef POLARSSL_SHA2_C
13278  case SIG_RSA_SHA224:
13279  sha2( message_str, msg_len, hash_result, 1 );
13280  break;
13281  case SIG_RSA_SHA256:
13282  sha2( message_str, msg_len, hash_result, 0 );
13283  break;
13284  #endif
13285  #ifdef POLARSSL_SHA4_C
13286  case SIG_RSA_SHA384:
13287  sha4( message_str, msg_len, hash_result, 1 );
13288  break;
13289  case SIG_RSA_SHA512:
13290  sha4( message_str, msg_len, hash_result, 0 );
13291  break;
13292  #endif
13293  }
13294 
13295  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13296  if( 0 == 0 )
13297  {
13298  hexify( output_str, output, ctx.len);
13299 
13300  fct_chk( strcasecmp( (char *) output_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" ) == 0 );
13301  }
13302 
13303  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13304  rsa_free( &ctx );
13305  }
13306  FCT_TEST_END();
13307 
13308 
13309  FCT_TEST_BGN(rsassa_pss_signature_example_8_3_verify)
13310  {
13311  unsigned char message_str[1000];
13312  unsigned char hash_result[1000];
13313  unsigned char result_str[1000];
13314  rsa_context ctx;
13315  size_t msg_len;
13316 
13318  memset( message_str, 0x00, 1000 );
13319  memset( hash_result, 0x00, 1000 );
13320  memset( result_str, 0x00, 1000 );
13321 
13322  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13323  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13324  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13325 
13326  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13327 
13328  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
13329  unhexify( result_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" );
13330 
13331  switch( SIG_RSA_SHA1 )
13332  {
13333  #ifdef POLARSSL_MD2_C
13334  case SIG_RSA_MD2:
13335  md2( message_str, msg_len, hash_result );
13336  break;
13337  #endif
13338  #ifdef POLARSSL_MD4_C
13339  case SIG_RSA_MD4:
13340  md4( message_str, msg_len, hash_result );
13341  break;
13342  #endif
13343  #ifdef POLARSSL_MD5_C
13344  case SIG_RSA_MD5:
13345  md5( message_str, msg_len, hash_result );
13346  break;
13347  #endif
13348  #ifdef POLARSSL_SHA1_C
13349  case SIG_RSA_SHA1:
13350  sha1( message_str, msg_len, hash_result );
13351  break;
13352  #endif
13353  #ifdef POLARSSL_SHA2_C
13354  case SIG_RSA_SHA224:
13355  sha2( message_str, msg_len, hash_result, 1 );
13356  break;
13357  case SIG_RSA_SHA256:
13358  sha2( message_str, msg_len, hash_result, 0 );
13359  break;
13360  #endif
13361  #ifdef POLARSSL_SHA4_C
13362  case SIG_RSA_SHA384:
13363  sha4( message_str, msg_len, hash_result, 1 );
13364  break;
13365  case SIG_RSA_SHA512:
13366  sha4( message_str, msg_len, hash_result, 0 );
13367  break;
13368  #endif
13369  }
13370 
13371  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13372 
13373  rsa_free( &ctx );
13374  }
13375  FCT_TEST_END();
13376 
13377 
13378  FCT_TEST_BGN(rsassa_pss_signature_example_8_4)
13379  {
13380  unsigned char message_str[1000];
13381  unsigned char hash_result[1000];
13382  unsigned char output[1000];
13383  unsigned char output_str[1000];
13384  unsigned char rnd_buf[1000];
13385  rsa_context ctx;
13386  mpi P1, Q1, H, G;
13387  size_t msg_len;
13388  rnd_buf_info info;
13389 
13390  info.length = unhexify( rnd_buf, "021fdcc6ebb5e19b1cb16e9c67f27681657fe20a" );
13391  info.buf = rnd_buf;
13392 
13393  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13395 
13396  memset( message_str, 0x00, 1000 );
13397  memset( hash_result, 0x00, 1000 );
13398  memset( output, 0x00, 1000 );
13399  memset( output_str, 0x00, 1000 );
13400 
13401  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13402  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13403  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13404  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13405  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13406 
13407  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13408  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13409  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13410  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13411  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13412  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13413  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13414  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13415 
13416  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13417 
13418  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
13419 
13420  switch( SIG_RSA_SHA1 )
13421  {
13422  #ifdef POLARSSL_MD2_C
13423  case SIG_RSA_MD2:
13424  md2( message_str, msg_len, hash_result );
13425  break;
13426  #endif
13427  #ifdef POLARSSL_MD4_C
13428  case SIG_RSA_MD4:
13429  md4( message_str, msg_len, hash_result );
13430  break;
13431  #endif
13432  #ifdef POLARSSL_MD5_C
13433  case SIG_RSA_MD5:
13434  md5( message_str, msg_len, hash_result );
13435  break;
13436  #endif
13437  #ifdef POLARSSL_SHA1_C
13438  case SIG_RSA_SHA1:
13439  sha1( message_str, msg_len, hash_result );
13440  break;
13441  #endif
13442  #ifdef POLARSSL_SHA2_C
13443  case SIG_RSA_SHA224:
13444  sha2( message_str, msg_len, hash_result, 1 );
13445  break;
13446  case SIG_RSA_SHA256:
13447  sha2( message_str, msg_len, hash_result, 0 );
13448  break;
13449  #endif
13450  #ifdef POLARSSL_SHA4_C
13451  case SIG_RSA_SHA384:
13452  sha4( message_str, msg_len, hash_result, 1 );
13453  break;
13454  case SIG_RSA_SHA512:
13455  sha4( message_str, msg_len, hash_result, 0 );
13456  break;
13457  #endif
13458  }
13459 
13460  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13461  if( 0 == 0 )
13462  {
13463  hexify( output_str, output, ctx.len);
13464 
13465  fct_chk( strcasecmp( (char *) output_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" ) == 0 );
13466  }
13467 
13468  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13469  rsa_free( &ctx );
13470  }
13471  FCT_TEST_END();
13472 
13473 
13474  FCT_TEST_BGN(rsassa_pss_signature_example_8_4_verify)
13475  {
13476  unsigned char message_str[1000];
13477  unsigned char hash_result[1000];
13478  unsigned char result_str[1000];
13479  rsa_context ctx;
13480  size_t msg_len;
13481 
13483  memset( message_str, 0x00, 1000 );
13484  memset( hash_result, 0x00, 1000 );
13485  memset( result_str, 0x00, 1000 );
13486 
13487  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13488  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13489  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13490 
13491  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13492 
13493  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
13494  unhexify( result_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" );
13495 
13496  switch( SIG_RSA_SHA1 )
13497  {
13498  #ifdef POLARSSL_MD2_C
13499  case SIG_RSA_MD2:
13500  md2( message_str, msg_len, hash_result );
13501  break;
13502  #endif
13503  #ifdef POLARSSL_MD4_C
13504  case SIG_RSA_MD4:
13505  md4( message_str, msg_len, hash_result );
13506  break;
13507  #endif
13508  #ifdef POLARSSL_MD5_C
13509  case SIG_RSA_MD5:
13510  md5( message_str, msg_len, hash_result );
13511  break;
13512  #endif
13513  #ifdef POLARSSL_SHA1_C
13514  case SIG_RSA_SHA1:
13515  sha1( message_str, msg_len, hash_result );
13516  break;
13517  #endif
13518  #ifdef POLARSSL_SHA2_C
13519  case SIG_RSA_SHA224:
13520  sha2( message_str, msg_len, hash_result, 1 );
13521  break;
13522  case SIG_RSA_SHA256:
13523  sha2( message_str, msg_len, hash_result, 0 );
13524  break;
13525  #endif
13526  #ifdef POLARSSL_SHA4_C
13527  case SIG_RSA_SHA384:
13528  sha4( message_str, msg_len, hash_result, 1 );
13529  break;
13530  case SIG_RSA_SHA512:
13531  sha4( message_str, msg_len, hash_result, 0 );
13532  break;
13533  #endif
13534  }
13535 
13536  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13537 
13538  rsa_free( &ctx );
13539  }
13540  FCT_TEST_END();
13541 
13542 
13543  FCT_TEST_BGN(rsassa_pss_signature_example_8_5)
13544  {
13545  unsigned char message_str[1000];
13546  unsigned char hash_result[1000];
13547  unsigned char output[1000];
13548  unsigned char output_str[1000];
13549  unsigned char rnd_buf[1000];
13550  rsa_context ctx;
13551  mpi P1, Q1, H, G;
13552  size_t msg_len;
13553  rnd_buf_info info;
13554 
13555  info.length = unhexify( rnd_buf, "c558d7167cbb4508ada042971e71b1377eea4269" );
13556  info.buf = rnd_buf;
13557 
13558  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13560 
13561  memset( message_str, 0x00, 1000 );
13562  memset( hash_result, 0x00, 1000 );
13563  memset( output, 0x00, 1000 );
13564  memset( output_str, 0x00, 1000 );
13565 
13566  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13567  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13568  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13569  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13570  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13571 
13572  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13573  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13574  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13575  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13576  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13577  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13578  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13579  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13580 
13581  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13582 
13583  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13584 
13585  switch( SIG_RSA_SHA1 )
13586  {
13587  #ifdef POLARSSL_MD2_C
13588  case SIG_RSA_MD2:
13589  md2( message_str, msg_len, hash_result );
13590  break;
13591  #endif
13592  #ifdef POLARSSL_MD4_C
13593  case SIG_RSA_MD4:
13594  md4( message_str, msg_len, hash_result );
13595  break;
13596  #endif
13597  #ifdef POLARSSL_MD5_C
13598  case SIG_RSA_MD5:
13599  md5( message_str, msg_len, hash_result );
13600  break;
13601  #endif
13602  #ifdef POLARSSL_SHA1_C
13603  case SIG_RSA_SHA1:
13604  sha1( message_str, msg_len, hash_result );
13605  break;
13606  #endif
13607  #ifdef POLARSSL_SHA2_C
13608  case SIG_RSA_SHA224:
13609  sha2( message_str, msg_len, hash_result, 1 );
13610  break;
13611  case SIG_RSA_SHA256:
13612  sha2( message_str, msg_len, hash_result, 0 );
13613  break;
13614  #endif
13615  #ifdef POLARSSL_SHA4_C
13616  case SIG_RSA_SHA384:
13617  sha4( message_str, msg_len, hash_result, 1 );
13618  break;
13619  case SIG_RSA_SHA512:
13620  sha4( message_str, msg_len, hash_result, 0 );
13621  break;
13622  #endif
13623  }
13624 
13625  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13626  if( 0 == 0 )
13627  {
13628  hexify( output_str, output, ctx.len);
13629 
13630  fct_chk( strcasecmp( (char *) output_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" ) == 0 );
13631  }
13632 
13633  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13634  rsa_free( &ctx );
13635  }
13636  FCT_TEST_END();
13637 
13638 
13639  FCT_TEST_BGN(rsassa_pss_signature_example_8_5_verify)
13640  {
13641  unsigned char message_str[1000];
13642  unsigned char hash_result[1000];
13643  unsigned char result_str[1000];
13644  rsa_context ctx;
13645  size_t msg_len;
13646 
13648  memset( message_str, 0x00, 1000 );
13649  memset( hash_result, 0x00, 1000 );
13650  memset( result_str, 0x00, 1000 );
13651 
13652  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13653  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13654  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13655 
13656  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13657 
13658  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13659  unhexify( result_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" );
13660 
13661  switch( SIG_RSA_SHA1 )
13662  {
13663  #ifdef POLARSSL_MD2_C
13664  case SIG_RSA_MD2:
13665  md2( message_str, msg_len, hash_result );
13666  break;
13667  #endif
13668  #ifdef POLARSSL_MD4_C
13669  case SIG_RSA_MD4:
13670  md4( message_str, msg_len, hash_result );
13671  break;
13672  #endif
13673  #ifdef POLARSSL_MD5_C
13674  case SIG_RSA_MD5:
13675  md5( message_str, msg_len, hash_result );
13676  break;
13677  #endif
13678  #ifdef POLARSSL_SHA1_C
13679  case SIG_RSA_SHA1:
13680  sha1( message_str, msg_len, hash_result );
13681  break;
13682  #endif
13683  #ifdef POLARSSL_SHA2_C
13684  case SIG_RSA_SHA224:
13685  sha2( message_str, msg_len, hash_result, 1 );
13686  break;
13687  case SIG_RSA_SHA256:
13688  sha2( message_str, msg_len, hash_result, 0 );
13689  break;
13690  #endif
13691  #ifdef POLARSSL_SHA4_C
13692  case SIG_RSA_SHA384:
13693  sha4( message_str, msg_len, hash_result, 1 );
13694  break;
13695  case SIG_RSA_SHA512:
13696  sha4( message_str, msg_len, hash_result, 0 );
13697  break;
13698  #endif
13699  }
13700 
13701  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13702 
13703  rsa_free( &ctx );
13704  }
13705  FCT_TEST_END();
13706 
13707 
13708  FCT_TEST_BGN(rsassa_pss_signature_example_8_6)
13709  {
13710  unsigned char message_str[1000];
13711  unsigned char hash_result[1000];
13712  unsigned char output[1000];
13713  unsigned char output_str[1000];
13714  unsigned char rnd_buf[1000];
13715  rsa_context ctx;
13716  mpi P1, Q1, H, G;
13717  size_t msg_len;
13718  rnd_buf_info info;
13719 
13720  info.length = unhexify( rnd_buf, "76fd4e64fdc98eb927a0403e35a084e76ba9f92a" );
13721  info.buf = rnd_buf;
13722 
13723  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13725 
13726  memset( message_str, 0x00, 1000 );
13727  memset( hash_result, 0x00, 1000 );
13728  memset( output, 0x00, 1000 );
13729  memset( output_str, 0x00, 1000 );
13730 
13731  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13732  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13733  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13734  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13735  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13736 
13737  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13738  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13739  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13740  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13741  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13742  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13743  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13744  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13745 
13746  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13747 
13748  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13749 
13750  switch( SIG_RSA_SHA1 )
13751  {
13752  #ifdef POLARSSL_MD2_C
13753  case SIG_RSA_MD2:
13754  md2( message_str, msg_len, hash_result );
13755  break;
13756  #endif
13757  #ifdef POLARSSL_MD4_C
13758  case SIG_RSA_MD4:
13759  md4( message_str, msg_len, hash_result );
13760  break;
13761  #endif
13762  #ifdef POLARSSL_MD5_C
13763  case SIG_RSA_MD5:
13764  md5( message_str, msg_len, hash_result );
13765  break;
13766  #endif
13767  #ifdef POLARSSL_SHA1_C
13768  case SIG_RSA_SHA1:
13769  sha1( message_str, msg_len, hash_result );
13770  break;
13771  #endif
13772  #ifdef POLARSSL_SHA2_C
13773  case SIG_RSA_SHA224:
13774  sha2( message_str, msg_len, hash_result, 1 );
13775  break;
13776  case SIG_RSA_SHA256:
13777  sha2( message_str, msg_len, hash_result, 0 );
13778  break;
13779  #endif
13780  #ifdef POLARSSL_SHA4_C
13781  case SIG_RSA_SHA384:
13782  sha4( message_str, msg_len, hash_result, 1 );
13783  break;
13784  case SIG_RSA_SHA512:
13785  sha4( message_str, msg_len, hash_result, 0 );
13786  break;
13787  #endif
13788  }
13789 
13790  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13791  if( 0 == 0 )
13792  {
13793  hexify( output_str, output, ctx.len);
13794 
13795  fct_chk( strcasecmp( (char *) output_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" ) == 0 );
13796  }
13797 
13798  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13799  rsa_free( &ctx );
13800  }
13801  FCT_TEST_END();
13802 
13803 
13804  FCT_TEST_BGN(rsassa_pss_signature_example_8_6_verify)
13805  {
13806  unsigned char message_str[1000];
13807  unsigned char hash_result[1000];
13808  unsigned char result_str[1000];
13809  rsa_context ctx;
13810  size_t msg_len;
13811 
13813  memset( message_str, 0x00, 1000 );
13814  memset( hash_result, 0x00, 1000 );
13815  memset( result_str, 0x00, 1000 );
13816 
13817  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13818  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13819  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13820 
13821  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13822 
13823  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13824  unhexify( result_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" );
13825 
13826  switch( SIG_RSA_SHA1 )
13827  {
13828  #ifdef POLARSSL_MD2_C
13829  case SIG_RSA_MD2:
13830  md2( message_str, msg_len, hash_result );
13831  break;
13832  #endif
13833  #ifdef POLARSSL_MD4_C
13834  case SIG_RSA_MD4:
13835  md4( message_str, msg_len, hash_result );
13836  break;
13837  #endif
13838  #ifdef POLARSSL_MD5_C
13839  case SIG_RSA_MD5:
13840  md5( message_str, msg_len, hash_result );
13841  break;
13842  #endif
13843  #ifdef POLARSSL_SHA1_C
13844  case SIG_RSA_SHA1:
13845  sha1( message_str, msg_len, hash_result );
13846  break;
13847  #endif
13848  #ifdef POLARSSL_SHA2_C
13849  case SIG_RSA_SHA224:
13850  sha2( message_str, msg_len, hash_result, 1 );
13851  break;
13852  case SIG_RSA_SHA256:
13853  sha2( message_str, msg_len, hash_result, 0 );
13854  break;
13855  #endif
13856  #ifdef POLARSSL_SHA4_C
13857  case SIG_RSA_SHA384:
13858  sha4( message_str, msg_len, hash_result, 1 );
13859  break;
13860  case SIG_RSA_SHA512:
13861  sha4( message_str, msg_len, hash_result, 0 );
13862  break;
13863  #endif
13864  }
13865 
13866  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13867 
13868  rsa_free( &ctx );
13869  }
13870  FCT_TEST_END();
13871 
13872 
13873  FCT_TEST_BGN(rsassa_pss_signature_example_9_1)
13874  {
13875  unsigned char message_str[1000];
13876  unsigned char hash_result[1000];
13877  unsigned char output[1000];
13878  unsigned char output_str[1000];
13879  unsigned char rnd_buf[1000];
13880  rsa_context ctx;
13881  mpi P1, Q1, H, G;
13882  size_t msg_len;
13883  rnd_buf_info info;
13884 
13885  info.length = unhexify( rnd_buf, "c0a425313df8d7564bd2434d311523d5257eed80" );
13886  info.buf = rnd_buf;
13887 
13888  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13890 
13891  memset( message_str, 0x00, 1000 );
13892  memset( hash_result, 0x00, 1000 );
13893  memset( output, 0x00, 1000 );
13894  memset( output_str, 0x00, 1000 );
13895 
13896  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13897  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13898  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13899  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13900  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13901 
13902  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13903  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13904  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13905  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13906  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13907  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13908  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13909  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13910 
13911  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13912 
13913  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13914 
13915  switch( SIG_RSA_SHA1 )
13916  {
13917  #ifdef POLARSSL_MD2_C
13918  case SIG_RSA_MD2:
13919  md2( message_str, msg_len, hash_result );
13920  break;
13921  #endif
13922  #ifdef POLARSSL_MD4_C
13923  case SIG_RSA_MD4:
13924  md4( message_str, msg_len, hash_result );
13925  break;
13926  #endif
13927  #ifdef POLARSSL_MD5_C
13928  case SIG_RSA_MD5:
13929  md5( message_str, msg_len, hash_result );
13930  break;
13931  #endif
13932  #ifdef POLARSSL_SHA1_C
13933  case SIG_RSA_SHA1:
13934  sha1( message_str, msg_len, hash_result );
13935  break;
13936  #endif
13937  #ifdef POLARSSL_SHA2_C
13938  case SIG_RSA_SHA224:
13939  sha2( message_str, msg_len, hash_result, 1 );
13940  break;
13941  case SIG_RSA_SHA256:
13942  sha2( message_str, msg_len, hash_result, 0 );
13943  break;
13944  #endif
13945  #ifdef POLARSSL_SHA4_C
13946  case SIG_RSA_SHA384:
13947  sha4( message_str, msg_len, hash_result, 1 );
13948  break;
13949  case SIG_RSA_SHA512:
13950  sha4( message_str, msg_len, hash_result, 0 );
13951  break;
13952  #endif
13953  }
13954 
13955  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13956  if( 0 == 0 )
13957  {
13958  hexify( output_str, output, ctx.len);
13959 
13960  fct_chk( strcasecmp( (char *) output_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" ) == 0 );
13961  }
13962 
13963  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13964  rsa_free( &ctx );
13965  }
13966  FCT_TEST_END();
13967 
13968 
13969  FCT_TEST_BGN(rsassa_pss_signature_example_9_1_verify)
13970  {
13971  unsigned char message_str[1000];
13972  unsigned char hash_result[1000];
13973  unsigned char result_str[1000];
13974  rsa_context ctx;
13975  size_t msg_len;
13976 
13978  memset( message_str, 0x00, 1000 );
13979  memset( hash_result, 0x00, 1000 );
13980  memset( result_str, 0x00, 1000 );
13981 
13982  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13983  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13984  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13985 
13986  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13987 
13988  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13989  unhexify( result_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" );
13990 
13991  switch( SIG_RSA_SHA1 )
13992  {
13993  #ifdef POLARSSL_MD2_C
13994  case SIG_RSA_MD2:
13995  md2( message_str, msg_len, hash_result );
13996  break;
13997  #endif
13998  #ifdef POLARSSL_MD4_C
13999  case SIG_RSA_MD4:
14000  md4( message_str, msg_len, hash_result );
14001  break;
14002  #endif
14003  #ifdef POLARSSL_MD5_C
14004  case SIG_RSA_MD5:
14005  md5( message_str, msg_len, hash_result );
14006  break;
14007  #endif
14008  #ifdef POLARSSL_SHA1_C
14009  case SIG_RSA_SHA1:
14010  sha1( message_str, msg_len, hash_result );
14011  break;
14012  #endif
14013  #ifdef POLARSSL_SHA2_C
14014  case SIG_RSA_SHA224:
14015  sha2( message_str, msg_len, hash_result, 1 );
14016  break;
14017  case SIG_RSA_SHA256:
14018  sha2( message_str, msg_len, hash_result, 0 );
14019  break;
14020  #endif
14021  #ifdef POLARSSL_SHA4_C
14022  case SIG_RSA_SHA384:
14023  sha4( message_str, msg_len, hash_result, 1 );
14024  break;
14025  case SIG_RSA_SHA512:
14026  sha4( message_str, msg_len, hash_result, 0 );
14027  break;
14028  #endif
14029  }
14030 
14031  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14032 
14033  rsa_free( &ctx );
14034  }
14035  FCT_TEST_END();
14036 
14037 
14038  FCT_TEST_BGN(rsassa_pss_signature_example_9_2)
14039  {
14040  unsigned char message_str[1000];
14041  unsigned char hash_result[1000];
14042  unsigned char output[1000];
14043  unsigned char output_str[1000];
14044  unsigned char rnd_buf[1000];
14045  rsa_context ctx;
14046  mpi P1, Q1, H, G;
14047  size_t msg_len;
14048  rnd_buf_info info;
14049 
14050  info.length = unhexify( rnd_buf, "b307c43b4850a8dac2f15f32e37839ef8c5c0e91" );
14051  info.buf = rnd_buf;
14052 
14053  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14055 
14056  memset( message_str, 0x00, 1000 );
14057  memset( hash_result, 0x00, 1000 );
14058  memset( output, 0x00, 1000 );
14059  memset( output_str, 0x00, 1000 );
14060 
14061  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14062  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14063  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14064  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14065  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14066 
14067  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14068  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14069  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14070  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14071  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14072  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14073  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14074  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14075 
14076  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14077 
14078  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
14079 
14080  switch( SIG_RSA_SHA1 )
14081  {
14082  #ifdef POLARSSL_MD2_C
14083  case SIG_RSA_MD2:
14084  md2( message_str, msg_len, hash_result );
14085  break;
14086  #endif
14087  #ifdef POLARSSL_MD4_C
14088  case SIG_RSA_MD4:
14089  md4( message_str, msg_len, hash_result );
14090  break;
14091  #endif
14092  #ifdef POLARSSL_MD5_C
14093  case SIG_RSA_MD5:
14094  md5( message_str, msg_len, hash_result );
14095  break;
14096  #endif
14097  #ifdef POLARSSL_SHA1_C
14098  case SIG_RSA_SHA1:
14099  sha1( message_str, msg_len, hash_result );
14100  break;
14101  #endif
14102  #ifdef POLARSSL_SHA2_C
14103  case SIG_RSA_SHA224:
14104  sha2( message_str, msg_len, hash_result, 1 );
14105  break;
14106  case SIG_RSA_SHA256:
14107  sha2( message_str, msg_len, hash_result, 0 );
14108  break;
14109  #endif
14110  #ifdef POLARSSL_SHA4_C
14111  case SIG_RSA_SHA384:
14112  sha4( message_str, msg_len, hash_result, 1 );
14113  break;
14114  case SIG_RSA_SHA512:
14115  sha4( message_str, msg_len, hash_result, 0 );
14116  break;
14117  #endif
14118  }
14119 
14120  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14121  if( 0 == 0 )
14122  {
14123  hexify( output_str, output, ctx.len);
14124 
14125  fct_chk( strcasecmp( (char *) output_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" ) == 0 );
14126  }
14127 
14128  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14129  rsa_free( &ctx );
14130  }
14131  FCT_TEST_END();
14132 
14133 
14134  FCT_TEST_BGN(rsassa_pss_signature_example_9_2_verify)
14135  {
14136  unsigned char message_str[1000];
14137  unsigned char hash_result[1000];
14138  unsigned char result_str[1000];
14139  rsa_context ctx;
14140  size_t msg_len;
14141 
14143  memset( message_str, 0x00, 1000 );
14144  memset( hash_result, 0x00, 1000 );
14145  memset( result_str, 0x00, 1000 );
14146 
14147  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14148  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14149  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14150 
14151  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14152 
14153  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
14154  unhexify( result_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" );
14155 
14156  switch( SIG_RSA_SHA1 )
14157  {
14158  #ifdef POLARSSL_MD2_C
14159  case SIG_RSA_MD2:
14160  md2( message_str, msg_len, hash_result );
14161  break;
14162  #endif
14163  #ifdef POLARSSL_MD4_C
14164  case SIG_RSA_MD4:
14165  md4( message_str, msg_len, hash_result );
14166  break;
14167  #endif
14168  #ifdef POLARSSL_MD5_C
14169  case SIG_RSA_MD5:
14170  md5( message_str, msg_len, hash_result );
14171  break;
14172  #endif
14173  #ifdef POLARSSL_SHA1_C
14174  case SIG_RSA_SHA1:
14175  sha1( message_str, msg_len, hash_result );
14176  break;
14177  #endif
14178  #ifdef POLARSSL_SHA2_C
14179  case SIG_RSA_SHA224:
14180  sha2( message_str, msg_len, hash_result, 1 );
14181  break;
14182  case SIG_RSA_SHA256:
14183  sha2( message_str, msg_len, hash_result, 0 );
14184  break;
14185  #endif
14186  #ifdef POLARSSL_SHA4_C
14187  case SIG_RSA_SHA384:
14188  sha4( message_str, msg_len, hash_result, 1 );
14189  break;
14190  case SIG_RSA_SHA512:
14191  sha4( message_str, msg_len, hash_result, 0 );
14192  break;
14193  #endif
14194  }
14195 
14196  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14197 
14198  rsa_free( &ctx );
14199  }
14200  FCT_TEST_END();
14201 
14202 
14203  FCT_TEST_BGN(rsassa_pss_signature_example_9_3)
14204  {
14205  unsigned char message_str[1000];
14206  unsigned char hash_result[1000];
14207  unsigned char output[1000];
14208  unsigned char output_str[1000];
14209  unsigned char rnd_buf[1000];
14210  rsa_context ctx;
14211  mpi P1, Q1, H, G;
14212  size_t msg_len;
14213  rnd_buf_info info;
14214 
14215  info.length = unhexify( rnd_buf, "9a2b007e80978bbb192c354eb7da9aedfc74dbf5" );
14216  info.buf = rnd_buf;
14217 
14218  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14220 
14221  memset( message_str, 0x00, 1000 );
14222  memset( hash_result, 0x00, 1000 );
14223  memset( output, 0x00, 1000 );
14224  memset( output_str, 0x00, 1000 );
14225 
14226  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14227  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14228  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14229  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14230  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14231 
14232  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14233  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14234  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14235  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14236  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14237  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14238  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14239  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14240 
14241  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14242 
14243  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
14244 
14245  switch( SIG_RSA_SHA1 )
14246  {
14247  #ifdef POLARSSL_MD2_C
14248  case SIG_RSA_MD2:
14249  md2( message_str, msg_len, hash_result );
14250  break;
14251  #endif
14252  #ifdef POLARSSL_MD4_C
14253  case SIG_RSA_MD4:
14254  md4( message_str, msg_len, hash_result );
14255  break;
14256  #endif
14257  #ifdef POLARSSL_MD5_C
14258  case SIG_RSA_MD5:
14259  md5( message_str, msg_len, hash_result );
14260  break;
14261  #endif
14262  #ifdef POLARSSL_SHA1_C
14263  case SIG_RSA_SHA1:
14264  sha1( message_str, msg_len, hash_result );
14265  break;
14266  #endif
14267  #ifdef POLARSSL_SHA2_C
14268  case SIG_RSA_SHA224:
14269  sha2( message_str, msg_len, hash_result, 1 );
14270  break;
14271  case SIG_RSA_SHA256:
14272  sha2( message_str, msg_len, hash_result, 0 );
14273  break;
14274  #endif
14275  #ifdef POLARSSL_SHA4_C
14276  case SIG_RSA_SHA384:
14277  sha4( message_str, msg_len, hash_result, 1 );
14278  break;
14279  case SIG_RSA_SHA512:
14280  sha4( message_str, msg_len, hash_result, 0 );
14281  break;
14282  #endif
14283  }
14284 
14285  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14286  if( 0 == 0 )
14287  {
14288  hexify( output_str, output, ctx.len);
14289 
14290  fct_chk( strcasecmp( (char *) output_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" ) == 0 );
14291  }
14292 
14293  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14294  rsa_free( &ctx );
14295  }
14296  FCT_TEST_END();
14297 
14298 
14299  FCT_TEST_BGN(rsassa_pss_signature_example_9_3_verify)
14300  {
14301  unsigned char message_str[1000];
14302  unsigned char hash_result[1000];
14303  unsigned char result_str[1000];
14304  rsa_context ctx;
14305  size_t msg_len;
14306 
14308  memset( message_str, 0x00, 1000 );
14309  memset( hash_result, 0x00, 1000 );
14310  memset( result_str, 0x00, 1000 );
14311 
14312  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14313  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14314  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14315 
14316  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14317 
14318  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
14319  unhexify( result_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" );
14320 
14321  switch( SIG_RSA_SHA1 )
14322  {
14323  #ifdef POLARSSL_MD2_C
14324  case SIG_RSA_MD2:
14325  md2( message_str, msg_len, hash_result );
14326  break;
14327  #endif
14328  #ifdef POLARSSL_MD4_C
14329  case SIG_RSA_MD4:
14330  md4( message_str, msg_len, hash_result );
14331  break;
14332  #endif
14333  #ifdef POLARSSL_MD5_C
14334  case SIG_RSA_MD5:
14335  md5( message_str, msg_len, hash_result );
14336  break;
14337  #endif
14338  #ifdef POLARSSL_SHA1_C
14339  case SIG_RSA_SHA1:
14340  sha1( message_str, msg_len, hash_result );
14341  break;
14342  #endif
14343  #ifdef POLARSSL_SHA2_C
14344  case SIG_RSA_SHA224:
14345  sha2( message_str, msg_len, hash_result, 1 );
14346  break;
14347  case SIG_RSA_SHA256:
14348  sha2( message_str, msg_len, hash_result, 0 );
14349  break;
14350  #endif
14351  #ifdef POLARSSL_SHA4_C
14352  case SIG_RSA_SHA384:
14353  sha4( message_str, msg_len, hash_result, 1 );
14354  break;
14355  case SIG_RSA_SHA512:
14356  sha4( message_str, msg_len, hash_result, 0 );
14357  break;
14358  #endif
14359  }
14360 
14361  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14362 
14363  rsa_free( &ctx );
14364  }
14365  FCT_TEST_END();
14366 
14367 
14368  FCT_TEST_BGN(rsassa_pss_signature_example_9_4)
14369  {
14370  unsigned char message_str[1000];
14371  unsigned char hash_result[1000];
14372  unsigned char output[1000];
14373  unsigned char output_str[1000];
14374  unsigned char rnd_buf[1000];
14375  rsa_context ctx;
14376  mpi P1, Q1, H, G;
14377  size_t msg_len;
14378  rnd_buf_info info;
14379 
14380  info.length = unhexify( rnd_buf, "70f382bddf4d5d2dd88b3bc7b7308be632b84045" );
14381  info.buf = rnd_buf;
14382 
14383  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14385 
14386  memset( message_str, 0x00, 1000 );
14387  memset( hash_result, 0x00, 1000 );
14388  memset( output, 0x00, 1000 );
14389  memset( output_str, 0x00, 1000 );
14390 
14391  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14392  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14393  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14394  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14395  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14396 
14397  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14398  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14399  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14400  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14401  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14402  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14403  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14404  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14405 
14406  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14407 
14408  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
14409 
14410  switch( SIG_RSA_SHA1 )
14411  {
14412  #ifdef POLARSSL_MD2_C
14413  case SIG_RSA_MD2:
14414  md2( message_str, msg_len, hash_result );
14415  break;
14416  #endif
14417  #ifdef POLARSSL_MD4_C
14418  case SIG_RSA_MD4:
14419  md4( message_str, msg_len, hash_result );
14420  break;
14421  #endif
14422  #ifdef POLARSSL_MD5_C
14423  case SIG_RSA_MD5:
14424  md5( message_str, msg_len, hash_result );
14425  break;
14426  #endif
14427  #ifdef POLARSSL_SHA1_C
14428  case SIG_RSA_SHA1:
14429  sha1( message_str, msg_len, hash_result );
14430  break;
14431  #endif
14432  #ifdef POLARSSL_SHA2_C
14433  case SIG_RSA_SHA224:
14434  sha2( message_str, msg_len, hash_result, 1 );
14435  break;
14436  case SIG_RSA_SHA256:
14437  sha2( message_str, msg_len, hash_result, 0 );
14438  break;
14439  #endif
14440  #ifdef POLARSSL_SHA4_C
14441  case SIG_RSA_SHA384:
14442  sha4( message_str, msg_len, hash_result, 1 );
14443  break;
14444  case SIG_RSA_SHA512:
14445  sha4( message_str, msg_len, hash_result, 0 );
14446  break;
14447  #endif
14448  }
14449 
14450  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14451  if( 0 == 0 )
14452  {
14453  hexify( output_str, output, ctx.len);
14454 
14455  fct_chk( strcasecmp( (char *) output_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" ) == 0 );
14456  }
14457 
14458  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14459  rsa_free( &ctx );
14460  }
14461  FCT_TEST_END();
14462 
14463 
14464  FCT_TEST_BGN(rsassa_pss_signature_example_9_4_verify)
14465  {
14466  unsigned char message_str[1000];
14467  unsigned char hash_result[1000];
14468  unsigned char result_str[1000];
14469  rsa_context ctx;
14470  size_t msg_len;
14471 
14473  memset( message_str, 0x00, 1000 );
14474  memset( hash_result, 0x00, 1000 );
14475  memset( result_str, 0x00, 1000 );
14476 
14477  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14478  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14479  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14480 
14481  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14482 
14483  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
14484  unhexify( result_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" );
14485 
14486  switch( SIG_RSA_SHA1 )
14487  {
14488  #ifdef POLARSSL_MD2_C
14489  case SIG_RSA_MD2:
14490  md2( message_str, msg_len, hash_result );
14491  break;
14492  #endif
14493  #ifdef POLARSSL_MD4_C
14494  case SIG_RSA_MD4:
14495  md4( message_str, msg_len, hash_result );
14496  break;
14497  #endif
14498  #ifdef POLARSSL_MD5_C
14499  case SIG_RSA_MD5:
14500  md5( message_str, msg_len, hash_result );
14501  break;
14502  #endif
14503  #ifdef POLARSSL_SHA1_C
14504  case SIG_RSA_SHA1:
14505  sha1( message_str, msg_len, hash_result );
14506  break;
14507  #endif
14508  #ifdef POLARSSL_SHA2_C
14509  case SIG_RSA_SHA224:
14510  sha2( message_str, msg_len, hash_result, 1 );
14511  break;
14512  case SIG_RSA_SHA256:
14513  sha2( message_str, msg_len, hash_result, 0 );
14514  break;
14515  #endif
14516  #ifdef POLARSSL_SHA4_C
14517  case SIG_RSA_SHA384:
14518  sha4( message_str, msg_len, hash_result, 1 );
14519  break;
14520  case SIG_RSA_SHA512:
14521  sha4( message_str, msg_len, hash_result, 0 );
14522  break;
14523  #endif
14524  }
14525 
14526  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14527 
14528  rsa_free( &ctx );
14529  }
14530  FCT_TEST_END();
14531 
14532 
14533  FCT_TEST_BGN(rsassa_pss_signature_example_9_5)
14534  {
14535  unsigned char message_str[1000];
14536  unsigned char hash_result[1000];
14537  unsigned char output[1000];
14538  unsigned char output_str[1000];
14539  unsigned char rnd_buf[1000];
14540  rsa_context ctx;
14541  mpi P1, Q1, H, G;
14542  size_t msg_len;
14543  rnd_buf_info info;
14544 
14545  info.length = unhexify( rnd_buf, "d689257a86effa68212c5e0c619eca295fb91b67" );
14546  info.buf = rnd_buf;
14547 
14548  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14550 
14551  memset( message_str, 0x00, 1000 );
14552  memset( hash_result, 0x00, 1000 );
14553  memset( output, 0x00, 1000 );
14554  memset( output_str, 0x00, 1000 );
14555 
14556  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14557  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14558  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14559  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14560  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14561 
14562  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14563  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14564  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14565  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14566  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14567  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14568  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14569  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14570 
14571  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14572 
14573  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14574 
14575  switch( SIG_RSA_SHA1 )
14576  {
14577  #ifdef POLARSSL_MD2_C
14578  case SIG_RSA_MD2:
14579  md2( message_str, msg_len, hash_result );
14580  break;
14581  #endif
14582  #ifdef POLARSSL_MD4_C
14583  case SIG_RSA_MD4:
14584  md4( message_str, msg_len, hash_result );
14585  break;
14586  #endif
14587  #ifdef POLARSSL_MD5_C
14588  case SIG_RSA_MD5:
14589  md5( message_str, msg_len, hash_result );
14590  break;
14591  #endif
14592  #ifdef POLARSSL_SHA1_C
14593  case SIG_RSA_SHA1:
14594  sha1( message_str, msg_len, hash_result );
14595  break;
14596  #endif
14597  #ifdef POLARSSL_SHA2_C
14598  case SIG_RSA_SHA224:
14599  sha2( message_str, msg_len, hash_result, 1 );
14600  break;
14601  case SIG_RSA_SHA256:
14602  sha2( message_str, msg_len, hash_result, 0 );
14603  break;
14604  #endif
14605  #ifdef POLARSSL_SHA4_C
14606  case SIG_RSA_SHA384:
14607  sha4( message_str, msg_len, hash_result, 1 );
14608  break;
14609  case SIG_RSA_SHA512:
14610  sha4( message_str, msg_len, hash_result, 0 );
14611  break;
14612  #endif
14613  }
14614 
14615  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14616  if( 0 == 0 )
14617  {
14618  hexify( output_str, output, ctx.len);
14619 
14620  fct_chk( strcasecmp( (char *) output_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" ) == 0 );
14621  }
14622 
14623  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14624  rsa_free( &ctx );
14625  }
14626  FCT_TEST_END();
14627 
14628 
14629  FCT_TEST_BGN(rsassa_pss_signature_example_9_5_verify)
14630  {
14631  unsigned char message_str[1000];
14632  unsigned char hash_result[1000];
14633  unsigned char result_str[1000];
14634  rsa_context ctx;
14635  size_t msg_len;
14636 
14638  memset( message_str, 0x00, 1000 );
14639  memset( hash_result, 0x00, 1000 );
14640  memset( result_str, 0x00, 1000 );
14641 
14642  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14643  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14644  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14645 
14646  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14647 
14648  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14649  unhexify( result_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" );
14650 
14651  switch( SIG_RSA_SHA1 )
14652  {
14653  #ifdef POLARSSL_MD2_C
14654  case SIG_RSA_MD2:
14655  md2( message_str, msg_len, hash_result );
14656  break;
14657  #endif
14658  #ifdef POLARSSL_MD4_C
14659  case SIG_RSA_MD4:
14660  md4( message_str, msg_len, hash_result );
14661  break;
14662  #endif
14663  #ifdef POLARSSL_MD5_C
14664  case SIG_RSA_MD5:
14665  md5( message_str, msg_len, hash_result );
14666  break;
14667  #endif
14668  #ifdef POLARSSL_SHA1_C
14669  case SIG_RSA_SHA1:
14670  sha1( message_str, msg_len, hash_result );
14671  break;
14672  #endif
14673  #ifdef POLARSSL_SHA2_C
14674  case SIG_RSA_SHA224:
14675  sha2( message_str, msg_len, hash_result, 1 );
14676  break;
14677  case SIG_RSA_SHA256:
14678  sha2( message_str, msg_len, hash_result, 0 );
14679  break;
14680  #endif
14681  #ifdef POLARSSL_SHA4_C
14682  case SIG_RSA_SHA384:
14683  sha4( message_str, msg_len, hash_result, 1 );
14684  break;
14685  case SIG_RSA_SHA512:
14686  sha4( message_str, msg_len, hash_result, 0 );
14687  break;
14688  #endif
14689  }
14690 
14691  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14692 
14693  rsa_free( &ctx );
14694  }
14695  FCT_TEST_END();
14696 
14697 
14698  FCT_TEST_BGN(rsassa_pss_signature_example_9_6)
14699  {
14700  unsigned char message_str[1000];
14701  unsigned char hash_result[1000];
14702  unsigned char output[1000];
14703  unsigned char output_str[1000];
14704  unsigned char rnd_buf[1000];
14705  rsa_context ctx;
14706  mpi P1, Q1, H, G;
14707  size_t msg_len;
14708  rnd_buf_info info;
14709 
14710  info.length = unhexify( rnd_buf, "c25f13bf67d081671a0481a1f1820d613bba2276" );
14711  info.buf = rnd_buf;
14712 
14713  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14715 
14716  memset( message_str, 0x00, 1000 );
14717  memset( hash_result, 0x00, 1000 );
14718  memset( output, 0x00, 1000 );
14719  memset( output_str, 0x00, 1000 );
14720 
14721  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14722  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14723  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14724  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14725  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14726 
14727  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14728  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14729  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14730  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14731  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14732  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14733  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14734  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14735 
14736  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14737 
14738  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14739 
14740  switch( SIG_RSA_SHA1 )
14741  {
14742  #ifdef POLARSSL_MD2_C
14743  case SIG_RSA_MD2:
14744  md2( message_str, msg_len, hash_result );
14745  break;
14746  #endif
14747  #ifdef POLARSSL_MD4_C
14748  case SIG_RSA_MD4:
14749  md4( message_str, msg_len, hash_result );
14750  break;
14751  #endif
14752  #ifdef POLARSSL_MD5_C
14753  case SIG_RSA_MD5:
14754  md5( message_str, msg_len, hash_result );
14755  break;
14756  #endif
14757  #ifdef POLARSSL_SHA1_C
14758  case SIG_RSA_SHA1:
14759  sha1( message_str, msg_len, hash_result );
14760  break;
14761  #endif
14762  #ifdef POLARSSL_SHA2_C
14763  case SIG_RSA_SHA224:
14764  sha2( message_str, msg_len, hash_result, 1 );
14765  break;
14766  case SIG_RSA_SHA256:
14767  sha2( message_str, msg_len, hash_result, 0 );
14768  break;
14769  #endif
14770  #ifdef POLARSSL_SHA4_C
14771  case SIG_RSA_SHA384:
14772  sha4( message_str, msg_len, hash_result, 1 );
14773  break;
14774  case SIG_RSA_SHA512:
14775  sha4( message_str, msg_len, hash_result, 0 );
14776  break;
14777  #endif
14778  }
14779 
14780  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14781  if( 0 == 0 )
14782  {
14783  hexify( output_str, output, ctx.len);
14784 
14785  fct_chk( strcasecmp( (char *) output_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" ) == 0 );
14786  }
14787 
14788  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14789  rsa_free( &ctx );
14790  }
14791  FCT_TEST_END();
14792 
14793 
14794  FCT_TEST_BGN(rsassa_pss_signature_example_9_6_verify)
14795  {
14796  unsigned char message_str[1000];
14797  unsigned char hash_result[1000];
14798  unsigned char result_str[1000];
14799  rsa_context ctx;
14800  size_t msg_len;
14801 
14803  memset( message_str, 0x00, 1000 );
14804  memset( hash_result, 0x00, 1000 );
14805  memset( result_str, 0x00, 1000 );
14806 
14807  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14808  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14809  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14810 
14811  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14812 
14813  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14814  unhexify( result_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" );
14815 
14816  switch( SIG_RSA_SHA1 )
14817  {
14818  #ifdef POLARSSL_MD2_C
14819  case SIG_RSA_MD2:
14820  md2( message_str, msg_len, hash_result );
14821  break;
14822  #endif
14823  #ifdef POLARSSL_MD4_C
14824  case SIG_RSA_MD4:
14825  md4( message_str, msg_len, hash_result );
14826  break;
14827  #endif
14828  #ifdef POLARSSL_MD5_C
14829  case SIG_RSA_MD5:
14830  md5( message_str, msg_len, hash_result );
14831  break;
14832  #endif
14833  #ifdef POLARSSL_SHA1_C
14834  case SIG_RSA_SHA1:
14835  sha1( message_str, msg_len, hash_result );
14836  break;
14837  #endif
14838  #ifdef POLARSSL_SHA2_C
14839  case SIG_RSA_SHA224:
14840  sha2( message_str, msg_len, hash_result, 1 );
14841  break;
14842  case SIG_RSA_SHA256:
14843  sha2( message_str, msg_len, hash_result, 0 );
14844  break;
14845  #endif
14846  #ifdef POLARSSL_SHA4_C
14847  case SIG_RSA_SHA384:
14848  sha4( message_str, msg_len, hash_result, 1 );
14849  break;
14850  case SIG_RSA_SHA512:
14851  sha4( message_str, msg_len, hash_result, 0 );
14852  break;
14853  #endif
14854  }
14855 
14856  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14857 
14858  rsa_free( &ctx );
14859  }
14860  FCT_TEST_END();
14861 
14862 
14863  FCT_TEST_BGN(rsassa_pss_signature_example_10_1)
14864  {
14865  unsigned char message_str[1000];
14866  unsigned char hash_result[1000];
14867  unsigned char output[1000];
14868  unsigned char output_str[1000];
14869  unsigned char rnd_buf[1000];
14870  rsa_context ctx;
14871  mpi P1, Q1, H, G;
14872  size_t msg_len;
14873  rnd_buf_info info;
14874 
14875  info.length = unhexify( rnd_buf, "04e215ee6ff934b9da70d7730c8734abfcecde89" );
14876  info.buf = rnd_buf;
14877 
14878  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14880 
14881  memset( message_str, 0x00, 1000 );
14882  memset( hash_result, 0x00, 1000 );
14883  memset( output, 0x00, 1000 );
14884  memset( output_str, 0x00, 1000 );
14885 
14886  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14887  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14888  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14889  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14890  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14891 
14892  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14893  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14894  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14895  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14896  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14897  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14898  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14899  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14900 
14901  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14902 
14903  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14904 
14905  switch( SIG_RSA_SHA1 )
14906  {
14907  #ifdef POLARSSL_MD2_C
14908  case SIG_RSA_MD2:
14909  md2( message_str, msg_len, hash_result );
14910  break;
14911  #endif
14912  #ifdef POLARSSL_MD4_C
14913  case SIG_RSA_MD4:
14914  md4( message_str, msg_len, hash_result );
14915  break;
14916  #endif
14917  #ifdef POLARSSL_MD5_C
14918  case SIG_RSA_MD5:
14919  md5( message_str, msg_len, hash_result );
14920  break;
14921  #endif
14922  #ifdef POLARSSL_SHA1_C
14923  case SIG_RSA_SHA1:
14924  sha1( message_str, msg_len, hash_result );
14925  break;
14926  #endif
14927  #ifdef POLARSSL_SHA2_C
14928  case SIG_RSA_SHA224:
14929  sha2( message_str, msg_len, hash_result, 1 );
14930  break;
14931  case SIG_RSA_SHA256:
14932  sha2( message_str, msg_len, hash_result, 0 );
14933  break;
14934  #endif
14935  #ifdef POLARSSL_SHA4_C
14936  case SIG_RSA_SHA384:
14937  sha4( message_str, msg_len, hash_result, 1 );
14938  break;
14939  case SIG_RSA_SHA512:
14940  sha4( message_str, msg_len, hash_result, 0 );
14941  break;
14942  #endif
14943  }
14944 
14945  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14946  if( 0 == 0 )
14947  {
14948  hexify( output_str, output, ctx.len);
14949 
14950  fct_chk( strcasecmp( (char *) output_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" ) == 0 );
14951  }
14952 
14953  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14954  rsa_free( &ctx );
14955  }
14956  FCT_TEST_END();
14957 
14958 
14959  FCT_TEST_BGN(rsassa_pss_signature_example_10_1_verify)
14960  {
14961  unsigned char message_str[1000];
14962  unsigned char hash_result[1000];
14963  unsigned char result_str[1000];
14964  rsa_context ctx;
14965  size_t msg_len;
14966 
14968  memset( message_str, 0x00, 1000 );
14969  memset( hash_result, 0x00, 1000 );
14970  memset( result_str, 0x00, 1000 );
14971 
14972  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14973  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14974  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14975 
14976  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14977 
14978  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14979  unhexify( result_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" );
14980 
14981  switch( SIG_RSA_SHA1 )
14982  {
14983  #ifdef POLARSSL_MD2_C
14984  case SIG_RSA_MD2:
14985  md2( message_str, msg_len, hash_result );
14986  break;
14987  #endif
14988  #ifdef POLARSSL_MD4_C
14989  case SIG_RSA_MD4:
14990  md4( message_str, msg_len, hash_result );
14991  break;
14992  #endif
14993  #ifdef POLARSSL_MD5_C
14994  case SIG_RSA_MD5:
14995  md5( message_str, msg_len, hash_result );
14996  break;
14997  #endif
14998  #ifdef POLARSSL_SHA1_C
14999  case SIG_RSA_SHA1:
15000  sha1( message_str, msg_len, hash_result );
15001  break;
15002  #endif
15003  #ifdef POLARSSL_SHA2_C
15004  case SIG_RSA_SHA224:
15005  sha2( message_str, msg_len, hash_result, 1 );
15006  break;
15007  case SIG_RSA_SHA256:
15008  sha2( message_str, msg_len, hash_result, 0 );
15009  break;
15010  #endif
15011  #ifdef POLARSSL_SHA4_C
15012  case SIG_RSA_SHA384:
15013  sha4( message_str, msg_len, hash_result, 1 );
15014  break;
15015  case SIG_RSA_SHA512:
15016  sha4( message_str, msg_len, hash_result, 0 );
15017  break;
15018  #endif
15019  }
15020 
15021  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15022 
15023  rsa_free( &ctx );
15024  }
15025  FCT_TEST_END();
15026 
15027 
15028  FCT_TEST_BGN(rsassa_pss_signature_example_10_2)
15029  {
15030  unsigned char message_str[1000];
15031  unsigned char hash_result[1000];
15032  unsigned char output[1000];
15033  unsigned char output_str[1000];
15034  unsigned char rnd_buf[1000];
15035  rsa_context ctx;
15036  mpi P1, Q1, H, G;
15037  size_t msg_len;
15038  rnd_buf_info info;
15039 
15040  info.length = unhexify( rnd_buf, "8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b" );
15041  info.buf = rnd_buf;
15042 
15043  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15045 
15046  memset( message_str, 0x00, 1000 );
15047  memset( hash_result, 0x00, 1000 );
15048  memset( output, 0x00, 1000 );
15049  memset( output_str, 0x00, 1000 );
15050 
15051  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15052  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15053  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15054  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15055  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15056 
15057  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15058  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15059  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15060  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15061  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15062  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15063  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15064  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15065 
15066  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15067 
15068  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
15069 
15070  switch( SIG_RSA_SHA1 )
15071  {
15072  #ifdef POLARSSL_MD2_C
15073  case SIG_RSA_MD2:
15074  md2( message_str, msg_len, hash_result );
15075  break;
15076  #endif
15077  #ifdef POLARSSL_MD4_C
15078  case SIG_RSA_MD4:
15079  md4( message_str, msg_len, hash_result );
15080  break;
15081  #endif
15082  #ifdef POLARSSL_MD5_C
15083  case SIG_RSA_MD5:
15084  md5( message_str, msg_len, hash_result );
15085  break;
15086  #endif
15087  #ifdef POLARSSL_SHA1_C
15088  case SIG_RSA_SHA1:
15089  sha1( message_str, msg_len, hash_result );
15090  break;
15091  #endif
15092  #ifdef POLARSSL_SHA2_C
15093  case SIG_RSA_SHA224:
15094  sha2( message_str, msg_len, hash_result, 1 );
15095  break;
15096  case SIG_RSA_SHA256:
15097  sha2( message_str, msg_len, hash_result, 0 );
15098  break;
15099  #endif
15100  #ifdef POLARSSL_SHA4_C
15101  case SIG_RSA_SHA384:
15102  sha4( message_str, msg_len, hash_result, 1 );
15103  break;
15104  case SIG_RSA_SHA512:
15105  sha4( message_str, msg_len, hash_result, 0 );
15106  break;
15107  #endif
15108  }
15109 
15110  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15111  if( 0 == 0 )
15112  {
15113  hexify( output_str, output, ctx.len);
15114 
15115  fct_chk( strcasecmp( (char *) output_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" ) == 0 );
15116  }
15117 
15118  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15119  rsa_free( &ctx );
15120  }
15121  FCT_TEST_END();
15122 
15123 
15124  FCT_TEST_BGN(rsassa_pss_signature_example_10_2_verify)
15125  {
15126  unsigned char message_str[1000];
15127  unsigned char hash_result[1000];
15128  unsigned char result_str[1000];
15129  rsa_context ctx;
15130  size_t msg_len;
15131 
15133  memset( message_str, 0x00, 1000 );
15134  memset( hash_result, 0x00, 1000 );
15135  memset( result_str, 0x00, 1000 );
15136 
15137  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15138  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15139  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15140 
15141  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15142 
15143  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
15144  unhexify( result_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" );
15145 
15146  switch( SIG_RSA_SHA1 )
15147  {
15148  #ifdef POLARSSL_MD2_C
15149  case SIG_RSA_MD2:
15150  md2( message_str, msg_len, hash_result );
15151  break;
15152  #endif
15153  #ifdef POLARSSL_MD4_C
15154  case SIG_RSA_MD4:
15155  md4( message_str, msg_len, hash_result );
15156  break;
15157  #endif
15158  #ifdef POLARSSL_MD5_C
15159  case SIG_RSA_MD5:
15160  md5( message_str, msg_len, hash_result );
15161  break;
15162  #endif
15163  #ifdef POLARSSL_SHA1_C
15164  case SIG_RSA_SHA1:
15165  sha1( message_str, msg_len, hash_result );
15166  break;
15167  #endif
15168  #ifdef POLARSSL_SHA2_C
15169  case SIG_RSA_SHA224:
15170  sha2( message_str, msg_len, hash_result, 1 );
15171  break;
15172  case SIG_RSA_SHA256:
15173  sha2( message_str, msg_len, hash_result, 0 );
15174  break;
15175  #endif
15176  #ifdef POLARSSL_SHA4_C
15177  case SIG_RSA_SHA384:
15178  sha4( message_str, msg_len, hash_result, 1 );
15179  break;
15180  case SIG_RSA_SHA512:
15181  sha4( message_str, msg_len, hash_result, 0 );
15182  break;
15183  #endif
15184  }
15185 
15186  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15187 
15188  rsa_free( &ctx );
15189  }
15190  FCT_TEST_END();
15191 
15192 
15193  FCT_TEST_BGN(rsassa_pss_signature_example_10_3)
15194  {
15195  unsigned char message_str[1000];
15196  unsigned char hash_result[1000];
15197  unsigned char output[1000];
15198  unsigned char output_str[1000];
15199  unsigned char rnd_buf[1000];
15200  rsa_context ctx;
15201  mpi P1, Q1, H, G;
15202  size_t msg_len;
15203  rnd_buf_info info;
15204 
15205  info.length = unhexify( rnd_buf, "4e96fc1b398f92b44671010c0dc3efd6e20c2d73" );
15206  info.buf = rnd_buf;
15207 
15208  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15210 
15211  memset( message_str, 0x00, 1000 );
15212  memset( hash_result, 0x00, 1000 );
15213  memset( output, 0x00, 1000 );
15214  memset( output_str, 0x00, 1000 );
15215 
15216  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15217  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15218  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15219  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15220  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15221 
15222  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15223  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15224  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15225  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15226  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15227  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15228  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15229  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15230 
15231  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15232 
15233  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
15234 
15235  switch( SIG_RSA_SHA1 )
15236  {
15237  #ifdef POLARSSL_MD2_C
15238  case SIG_RSA_MD2:
15239  md2( message_str, msg_len, hash_result );
15240  break;
15241  #endif
15242  #ifdef POLARSSL_MD4_C
15243  case SIG_RSA_MD4:
15244  md4( message_str, msg_len, hash_result );
15245  break;
15246  #endif
15247  #ifdef POLARSSL_MD5_C
15248  case SIG_RSA_MD5:
15249  md5( message_str, msg_len, hash_result );
15250  break;
15251  #endif
15252  #ifdef POLARSSL_SHA1_C
15253  case SIG_RSA_SHA1:
15254  sha1( message_str, msg_len, hash_result );
15255  break;
15256  #endif
15257  #ifdef POLARSSL_SHA2_C
15258  case SIG_RSA_SHA224:
15259  sha2( message_str, msg_len, hash_result, 1 );
15260  break;
15261  case SIG_RSA_SHA256:
15262  sha2( message_str, msg_len, hash_result, 0 );
15263  break;
15264  #endif
15265  #ifdef POLARSSL_SHA4_C
15266  case SIG_RSA_SHA384:
15267  sha4( message_str, msg_len, hash_result, 1 );
15268  break;
15269  case SIG_RSA_SHA512:
15270  sha4( message_str, msg_len, hash_result, 0 );
15271  break;
15272  #endif
15273  }
15274 
15275  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15276  if( 0 == 0 )
15277  {
15278  hexify( output_str, output, ctx.len);
15279 
15280  fct_chk( strcasecmp( (char *) output_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" ) == 0 );
15281  }
15282 
15283  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15284  rsa_free( &ctx );
15285  }
15286  FCT_TEST_END();
15287 
15288 
15289  FCT_TEST_BGN(rsassa_pss_signature_example_10_3_verify)
15290  {
15291  unsigned char message_str[1000];
15292  unsigned char hash_result[1000];
15293  unsigned char result_str[1000];
15294  rsa_context ctx;
15295  size_t msg_len;
15296 
15298  memset( message_str, 0x00, 1000 );
15299  memset( hash_result, 0x00, 1000 );
15300  memset( result_str, 0x00, 1000 );
15301 
15302  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15303  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15304  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15305 
15306  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15307 
15308  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
15309  unhexify( result_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" );
15310 
15311  switch( SIG_RSA_SHA1 )
15312  {
15313  #ifdef POLARSSL_MD2_C
15314  case SIG_RSA_MD2:
15315  md2( message_str, msg_len, hash_result );
15316  break;
15317  #endif
15318  #ifdef POLARSSL_MD4_C
15319  case SIG_RSA_MD4:
15320  md4( message_str, msg_len, hash_result );
15321  break;
15322  #endif
15323  #ifdef POLARSSL_MD5_C
15324  case SIG_RSA_MD5:
15325  md5( message_str, msg_len, hash_result );
15326  break;
15327  #endif
15328  #ifdef POLARSSL_SHA1_C
15329  case SIG_RSA_SHA1:
15330  sha1( message_str, msg_len, hash_result );
15331  break;
15332  #endif
15333  #ifdef POLARSSL_SHA2_C
15334  case SIG_RSA_SHA224:
15335  sha2( message_str, msg_len, hash_result, 1 );
15336  break;
15337  case SIG_RSA_SHA256:
15338  sha2( message_str, msg_len, hash_result, 0 );
15339  break;
15340  #endif
15341  #ifdef POLARSSL_SHA4_C
15342  case SIG_RSA_SHA384:
15343  sha4( message_str, msg_len, hash_result, 1 );
15344  break;
15345  case SIG_RSA_SHA512:
15346  sha4( message_str, msg_len, hash_result, 0 );
15347  break;
15348  #endif
15349  }
15350 
15351  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15352 
15353  rsa_free( &ctx );
15354  }
15355  FCT_TEST_END();
15356 
15357 
15358  FCT_TEST_BGN(rsassa_pss_signature_example_10_4)
15359  {
15360  unsigned char message_str[1000];
15361  unsigned char hash_result[1000];
15362  unsigned char output[1000];
15363  unsigned char output_str[1000];
15364  unsigned char rnd_buf[1000];
15365  rsa_context ctx;
15366  mpi P1, Q1, H, G;
15367  size_t msg_len;
15368  rnd_buf_info info;
15369 
15370  info.length = unhexify( rnd_buf, "c7cd698d84b65128d8835e3a8b1eb0e01cb541ec" );
15371  info.buf = rnd_buf;
15372 
15373  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15375 
15376  memset( message_str, 0x00, 1000 );
15377  memset( hash_result, 0x00, 1000 );
15378  memset( output, 0x00, 1000 );
15379  memset( output_str, 0x00, 1000 );
15380 
15381  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15382  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15383  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15384  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15385  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15386 
15387  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15388  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15389  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15390  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15391  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15392  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15393  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15394  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15395 
15396  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15397 
15398  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
15399 
15400  switch( SIG_RSA_SHA1 )
15401  {
15402  #ifdef POLARSSL_MD2_C
15403  case SIG_RSA_MD2:
15404  md2( message_str, msg_len, hash_result );
15405  break;
15406  #endif
15407  #ifdef POLARSSL_MD4_C
15408  case SIG_RSA_MD4:
15409  md4( message_str, msg_len, hash_result );
15410  break;
15411  #endif
15412  #ifdef POLARSSL_MD5_C
15413  case SIG_RSA_MD5:
15414  md5( message_str, msg_len, hash_result );
15415  break;
15416  #endif
15417  #ifdef POLARSSL_SHA1_C
15418  case SIG_RSA_SHA1:
15419  sha1( message_str, msg_len, hash_result );
15420  break;
15421  #endif
15422  #ifdef POLARSSL_SHA2_C
15423  case SIG_RSA_SHA224:
15424  sha2( message_str, msg_len, hash_result, 1 );
15425  break;
15426  case SIG_RSA_SHA256:
15427  sha2( message_str, msg_len, hash_result, 0 );
15428  break;
15429  #endif
15430  #ifdef POLARSSL_SHA4_C
15431  case SIG_RSA_SHA384:
15432  sha4( message_str, msg_len, hash_result, 1 );
15433  break;
15434  case SIG_RSA_SHA512:
15435  sha4( message_str, msg_len, hash_result, 0 );
15436  break;
15437  #endif
15438  }
15439 
15440  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15441  if( 0 == 0 )
15442  {
15443  hexify( output_str, output, ctx.len);
15444 
15445  fct_chk( strcasecmp( (char *) output_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" ) == 0 );
15446  }
15447 
15448  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15449  rsa_free( &ctx );
15450  }
15451  FCT_TEST_END();
15452 
15453 
15454  FCT_TEST_BGN(rsassa_pss_signature_example_10_4_verify)
15455  {
15456  unsigned char message_str[1000];
15457  unsigned char hash_result[1000];
15458  unsigned char result_str[1000];
15459  rsa_context ctx;
15460  size_t msg_len;
15461 
15463  memset( message_str, 0x00, 1000 );
15464  memset( hash_result, 0x00, 1000 );
15465  memset( result_str, 0x00, 1000 );
15466 
15467  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15468  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15469  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15470 
15471  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15472 
15473  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
15474  unhexify( result_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" );
15475 
15476  switch( SIG_RSA_SHA1 )
15477  {
15478  #ifdef POLARSSL_MD2_C
15479  case SIG_RSA_MD2:
15480  md2( message_str, msg_len, hash_result );
15481  break;
15482  #endif
15483  #ifdef POLARSSL_MD4_C
15484  case SIG_RSA_MD4:
15485  md4( message_str, msg_len, hash_result );
15486  break;
15487  #endif
15488  #ifdef POLARSSL_MD5_C
15489  case SIG_RSA_MD5:
15490  md5( message_str, msg_len, hash_result );
15491  break;
15492  #endif
15493  #ifdef POLARSSL_SHA1_C
15494  case SIG_RSA_SHA1:
15495  sha1( message_str, msg_len, hash_result );
15496  break;
15497  #endif
15498  #ifdef POLARSSL_SHA2_C
15499  case SIG_RSA_SHA224:
15500  sha2( message_str, msg_len, hash_result, 1 );
15501  break;
15502  case SIG_RSA_SHA256:
15503  sha2( message_str, msg_len, hash_result, 0 );
15504  break;
15505  #endif
15506  #ifdef POLARSSL_SHA4_C
15507  case SIG_RSA_SHA384:
15508  sha4( message_str, msg_len, hash_result, 1 );
15509  break;
15510  case SIG_RSA_SHA512:
15511  sha4( message_str, msg_len, hash_result, 0 );
15512  break;
15513  #endif
15514  }
15515 
15516  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15517 
15518  rsa_free( &ctx );
15519  }
15520  FCT_TEST_END();
15521 
15522 
15523  FCT_TEST_BGN(rsassa_pss_signature_example_10_5)
15524  {
15525  unsigned char message_str[1000];
15526  unsigned char hash_result[1000];
15527  unsigned char output[1000];
15528  unsigned char output_str[1000];
15529  unsigned char rnd_buf[1000];
15530  rsa_context ctx;
15531  mpi P1, Q1, H, G;
15532  size_t msg_len;
15533  rnd_buf_info info;
15534 
15535  info.length = unhexify( rnd_buf, "efa8bff96212b2f4a3f371a10d574152655f5dfb" );
15536  info.buf = rnd_buf;
15537 
15538  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15540 
15541  memset( message_str, 0x00, 1000 );
15542  memset( hash_result, 0x00, 1000 );
15543  memset( output, 0x00, 1000 );
15544  memset( output_str, 0x00, 1000 );
15545 
15546  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15547  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15548  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15549  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15550  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15551 
15552  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15553  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15554  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15555  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15556  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15557  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15558  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15559  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15560 
15561  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15562 
15563  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15564 
15565  switch( SIG_RSA_SHA1 )
15566  {
15567  #ifdef POLARSSL_MD2_C
15568  case SIG_RSA_MD2:
15569  md2( message_str, msg_len, hash_result );
15570  break;
15571  #endif
15572  #ifdef POLARSSL_MD4_C
15573  case SIG_RSA_MD4:
15574  md4( message_str, msg_len, hash_result );
15575  break;
15576  #endif
15577  #ifdef POLARSSL_MD5_C
15578  case SIG_RSA_MD5:
15579  md5( message_str, msg_len, hash_result );
15580  break;
15581  #endif
15582  #ifdef POLARSSL_SHA1_C
15583  case SIG_RSA_SHA1:
15584  sha1( message_str, msg_len, hash_result );
15585  break;
15586  #endif
15587  #ifdef POLARSSL_SHA2_C
15588  case SIG_RSA_SHA224:
15589  sha2( message_str, msg_len, hash_result, 1 );
15590  break;
15591  case SIG_RSA_SHA256:
15592  sha2( message_str, msg_len, hash_result, 0 );
15593  break;
15594  #endif
15595  #ifdef POLARSSL_SHA4_C
15596  case SIG_RSA_SHA384:
15597  sha4( message_str, msg_len, hash_result, 1 );
15598  break;
15599  case SIG_RSA_SHA512:
15600  sha4( message_str, msg_len, hash_result, 0 );
15601  break;
15602  #endif
15603  }
15604 
15605  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15606  if( 0 == 0 )
15607  {
15608  hexify( output_str, output, ctx.len);
15609 
15610  fct_chk( strcasecmp( (char *) output_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" ) == 0 );
15611  }
15612 
15613  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15614  rsa_free( &ctx );
15615  }
15616  FCT_TEST_END();
15617 
15618 
15619  FCT_TEST_BGN(rsassa_pss_signature_example_10_5_verify)
15620  {
15621  unsigned char message_str[1000];
15622  unsigned char hash_result[1000];
15623  unsigned char result_str[1000];
15624  rsa_context ctx;
15625  size_t msg_len;
15626 
15628  memset( message_str, 0x00, 1000 );
15629  memset( hash_result, 0x00, 1000 );
15630  memset( result_str, 0x00, 1000 );
15631 
15632  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15633  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15634  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15635 
15636  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15637 
15638  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15639  unhexify( result_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" );
15640 
15641  switch( SIG_RSA_SHA1 )
15642  {
15643  #ifdef POLARSSL_MD2_C
15644  case SIG_RSA_MD2:
15645  md2( message_str, msg_len, hash_result );
15646  break;
15647  #endif
15648  #ifdef POLARSSL_MD4_C
15649  case SIG_RSA_MD4:
15650  md4( message_str, msg_len, hash_result );
15651  break;
15652  #endif
15653  #ifdef POLARSSL_MD5_C
15654  case SIG_RSA_MD5:
15655  md5( message_str, msg_len, hash_result );
15656  break;
15657  #endif
15658  #ifdef POLARSSL_SHA1_C
15659  case SIG_RSA_SHA1:
15660  sha1( message_str, msg_len, hash_result );
15661  break;
15662  #endif
15663  #ifdef POLARSSL_SHA2_C
15664  case SIG_RSA_SHA224:
15665  sha2( message_str, msg_len, hash_result, 1 );
15666  break;
15667  case SIG_RSA_SHA256:
15668  sha2( message_str, msg_len, hash_result, 0 );
15669  break;
15670  #endif
15671  #ifdef POLARSSL_SHA4_C
15672  case SIG_RSA_SHA384:
15673  sha4( message_str, msg_len, hash_result, 1 );
15674  break;
15675  case SIG_RSA_SHA512:
15676  sha4( message_str, msg_len, hash_result, 0 );
15677  break;
15678  #endif
15679  }
15680 
15681  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15682 
15683  rsa_free( &ctx );
15684  }
15685  FCT_TEST_END();
15686 
15687 
15688  FCT_TEST_BGN(rsassa_pss_signature_example_10_6)
15689  {
15690  unsigned char message_str[1000];
15691  unsigned char hash_result[1000];
15692  unsigned char output[1000];
15693  unsigned char output_str[1000];
15694  unsigned char rnd_buf[1000];
15695  rsa_context ctx;
15696  mpi P1, Q1, H, G;
15697  size_t msg_len;
15698  rnd_buf_info info;
15699 
15700  info.length = unhexify( rnd_buf, "ad8b1523703646224b660b550885917ca2d1df28" );
15701  info.buf = rnd_buf;
15702 
15703  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15705 
15706  memset( message_str, 0x00, 1000 );
15707  memset( hash_result, 0x00, 1000 );
15708  memset( output, 0x00, 1000 );
15709  memset( output_str, 0x00, 1000 );
15710 
15711  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15712  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15713  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15714  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15715  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15716 
15717  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15718  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15719  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15720  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15721  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15722  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15723  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15724  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15725 
15726  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15727 
15728  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15729 
15730  switch( SIG_RSA_SHA1 )
15731  {
15732  #ifdef POLARSSL_MD2_C
15733  case SIG_RSA_MD2:
15734  md2( message_str, msg_len, hash_result );
15735  break;
15736  #endif
15737  #ifdef POLARSSL_MD4_C
15738  case SIG_RSA_MD4:
15739  md4( message_str, msg_len, hash_result );
15740  break;
15741  #endif
15742  #ifdef POLARSSL_MD5_C
15743  case SIG_RSA_MD5:
15744  md5( message_str, msg_len, hash_result );
15745  break;
15746  #endif
15747  #ifdef POLARSSL_SHA1_C
15748  case SIG_RSA_SHA1:
15749  sha1( message_str, msg_len, hash_result );
15750  break;
15751  #endif
15752  #ifdef POLARSSL_SHA2_C
15753  case SIG_RSA_SHA224:
15754  sha2( message_str, msg_len, hash_result, 1 );
15755  break;
15756  case SIG_RSA_SHA256:
15757  sha2( message_str, msg_len, hash_result, 0 );
15758  break;
15759  #endif
15760  #ifdef POLARSSL_SHA4_C
15761  case SIG_RSA_SHA384:
15762  sha4( message_str, msg_len, hash_result, 1 );
15763  break;
15764  case SIG_RSA_SHA512:
15765  sha4( message_str, msg_len, hash_result, 0 );
15766  break;
15767  #endif
15768  }
15769 
15770  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15771  if( 0 == 0 )
15772  {
15773  hexify( output_str, output, ctx.len);
15774 
15775  fct_chk( strcasecmp( (char *) output_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" ) == 0 );
15776  }
15777 
15778  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15779  rsa_free( &ctx );
15780  }
15781  FCT_TEST_END();
15782 
15783 
15784  FCT_TEST_BGN(rsassa_pss_signature_example_10_6_verify)
15785  {
15786  unsigned char message_str[1000];
15787  unsigned char hash_result[1000];
15788  unsigned char result_str[1000];
15789  rsa_context ctx;
15790  size_t msg_len;
15791 
15793  memset( message_str, 0x00, 1000 );
15794  memset( hash_result, 0x00, 1000 );
15795  memset( result_str, 0x00, 1000 );
15796 
15797  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15798  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15799  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15800 
15801  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15802 
15803  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15804  unhexify( result_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" );
15805 
15806  switch( SIG_RSA_SHA1 )
15807  {
15808  #ifdef POLARSSL_MD2_C
15809  case SIG_RSA_MD2:
15810  md2( message_str, msg_len, hash_result );
15811  break;
15812  #endif
15813  #ifdef POLARSSL_MD4_C
15814  case SIG_RSA_MD4:
15815  md4( message_str, msg_len, hash_result );
15816  break;
15817  #endif
15818  #ifdef POLARSSL_MD5_C
15819  case SIG_RSA_MD5:
15820  md5( message_str, msg_len, hash_result );
15821  break;
15822  #endif
15823  #ifdef POLARSSL_SHA1_C
15824  case SIG_RSA_SHA1:
15825  sha1( message_str, msg_len, hash_result );
15826  break;
15827  #endif
15828  #ifdef POLARSSL_SHA2_C
15829  case SIG_RSA_SHA224:
15830  sha2( message_str, msg_len, hash_result, 1 );
15831  break;
15832  case SIG_RSA_SHA256:
15833  sha2( message_str, msg_len, hash_result, 0 );
15834  break;
15835  #endif
15836  #ifdef POLARSSL_SHA4_C
15837  case SIG_RSA_SHA384:
15838  sha4( message_str, msg_len, hash_result, 1 );
15839  break;
15840  case SIG_RSA_SHA512:
15841  sha4( message_str, msg_len, hash_result, 0 );
15842  break;
15843  #endif
15844  }
15845 
15846  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15847 
15848  rsa_free( &ctx );
15849  }
15850  FCT_TEST_END();
15851 
15852  }
15853  FCT_SUITE_END();
15854 
15855 #endif /* POLARSSL_PKCS1_V21 */
15856 #endif /* POLARSSL_RSA_C */
15857 #endif /* POLARSSL_BIGNUM_C */
15858 #endif /* POLARSSL_SHA1_C */
15859 #endif /* POLARSSL_GENPRIME */
15860 
15861 }
15862 FCT_END();
15863