PolarSSL v1.2.8
test_suite_pkcs1_v21.c
Go to the documentation of this file.
1 #include "fct.h"
2 #include <polarssl/config.h>
3 
4 #include <polarssl/rsa.h>
5 #include <polarssl/md.h>
6 #include <polarssl/md2.h>
7 #include <polarssl/md4.h>
8 #include <polarssl/md5.h>
9 #include <polarssl/sha1.h>
10 #include <polarssl/sha2.h>
11 #include <polarssl/sha4.h>
12 
13 #ifdef _MSC_VER
14 #include <basetsd.h>
15 typedef UINT32 uint32_t;
16 #else
17 #include <inttypes.h>
18 #endif
19 
20 /*
21  * 32-bit integer manipulation macros (big endian)
22  */
23 #ifndef GET_UINT32_BE
24 #define GET_UINT32_BE(n,b,i) \
25 { \
26  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
27  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
28  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
29  | ( (uint32_t) (b)[(i) + 3] ); \
30 }
31 #endif
32 
33 #ifndef PUT_UINT32_BE
34 #define PUT_UINT32_BE(n,b,i) \
35 { \
36  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
37  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
38  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
39  (b)[(i) + 3] = (unsigned char) ( (n) ); \
40 }
41 #endif
42 
43 int unhexify(unsigned char *obuf, const char *ibuf)
44 {
45  unsigned char c, c2;
46  int len = strlen(ibuf) / 2;
47  assert(!(strlen(ibuf) %1)); // must be even number of bytes
48 
49  while (*ibuf != 0)
50  {
51  c = *ibuf++;
52  if( c >= '0' && c <= '9' )
53  c -= '0';
54  else if( c >= 'a' && c <= 'f' )
55  c -= 'a' - 10;
56  else if( c >= 'A' && c <= 'F' )
57  c -= 'A' - 10;
58  else
59  assert( 0 );
60 
61  c2 = *ibuf++;
62  if( c2 >= '0' && c2 <= '9' )
63  c2 -= '0';
64  else if( c2 >= 'a' && c2 <= 'f' )
65  c2 -= 'a' - 10;
66  else if( c2 >= 'A' && c2 <= 'F' )
67  c2 -= 'A' - 10;
68  else
69  assert( 0 );
70 
71  *obuf++ = ( c << 4 ) | c2;
72  }
73 
74  return len;
75 }
76 
77 void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
78 {
79  unsigned char l, h;
80 
81  while (len != 0)
82  {
83  h = (*ibuf) / 16;
84  l = (*ibuf) % 16;
85 
86  if( h < 10 )
87  *obuf++ = '0' + h;
88  else
89  *obuf++ = 'a' + h - 10;
90 
91  if( l < 10 )
92  *obuf++ = '0' + l;
93  else
94  *obuf++ = 'a' + l - 10;
95 
96  ++ibuf;
97  len--;
98  }
99 }
100 
110 static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
111 {
112  size_t i;
113 
114  if( rng_state != NULL )
115  rng_state = NULL;
116 
117  for( i = 0; i < len; ++i )
118  output[i] = rand();
119 
120  return( 0 );
121 }
122 
128 static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
129 {
130  if( rng_state != NULL )
131  rng_state = NULL;
132 
133  memset( output, 0, len );
134 
135  return( 0 );
136 }
137 
138 typedef struct
139 {
140  unsigned char *buf;
141  size_t length;
142 } rnd_buf_info;
143 
155 static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
156 {
157  rnd_buf_info *info = (rnd_buf_info *) rng_state;
158  size_t use_len;
159 
160  if( rng_state == NULL )
161  return( rnd_std_rand( NULL, output, len ) );
162 
163  use_len = len;
164  if( len > info->length )
165  use_len = info->length;
166 
167  if( use_len )
168  {
169  memcpy( output, info->buf, use_len );
170  info->buf += use_len;
171  info->length -= use_len;
172  }
173 
174  if( len - use_len > 0 )
175  return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
176 
177  return( 0 );
178 }
179 
187 typedef struct
188 {
189  uint32_t key[16];
190  uint32_t v0, v1;
192 
201 static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
202 {
203  rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
204  uint32_t i, *k, sum, delta=0x9E3779B9;
205  unsigned char result[4];
206 
207  if( rng_state == NULL )
208  return( rnd_std_rand( NULL, output, len ) );
209 
210  k = info->key;
211 
212  while( len > 0 )
213  {
214  size_t use_len = ( len > 4 ) ? 4 : len;
215  sum = 0;
216 
217  for( i = 0; i < 32; i++ )
218  {
219  info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
220  sum += delta;
221  info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
222  }
223 
224  PUT_UINT32_BE( info->v0, result, 0 );
225  memcpy( output, result, use_len );
226  len -= use_len;
227  }
228 
229  return( 0 );
230 }
231 
232 
234 {
235 #ifdef POLARSSL_PKCS1_V21
236 #ifdef POLARSSL_RSA_C
237 #ifdef POLARSSL_BIGNUM_C
238 #ifdef POLARSSL_SHA1_C
239 #ifdef POLARSSL_GENPRIME
240 
241 
242  FCT_SUITE_BGN(test_suite_pkcs1_v21)
243  {
244 
245  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_int)
246  {
247  unsigned char message_str[1000];
248  unsigned char output[1000];
249  unsigned char output_str[1000];
250  unsigned char rnd_buf[1000];
251  rsa_context ctx;
252  size_t msg_len;
253  rnd_buf_info info;
254 
255  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
256  info.buf = rnd_buf;
257 
259  memset( message_str, 0x00, 1000 );
260  memset( output, 0x00, 1000 );
261  memset( output_str, 0x00, 1000 );
262 
263  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
264  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
265  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
266 
267  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
268 
269  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49" );
270 
271  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
272  if( 0 == 0 )
273  {
274  hexify( output_str, output, ctx.len );
275 
276  fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
277  }
278 
279  rsa_free( &ctx );
280  }
281  FCT_TEST_END();
282 
283 
284  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_data_just_fits)
285  {
286  unsigned char message_str[1000];
287  unsigned char output[1000];
288  unsigned char output_str[1000];
289  unsigned char rnd_buf[1000];
290  rsa_context ctx;
291  size_t msg_len;
292  rnd_buf_info info;
293 
294  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
295  info.buf = rnd_buf;
296 
298  memset( message_str, 0x00, 1000 );
299  memset( output, 0x00, 1000 );
300  memset( output_str, 0x00, 1000 );
301 
302  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
303  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
304  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
305 
306  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
307 
308  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd" );
309 
310  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
311  if( 0 == 0 )
312  {
313  hexify( output_str, output, ctx.len );
314 
315  fct_chk( strcasecmp( (char *) output_str, "3082f2288fff275213d53168f0a272573cff81837c249dc1f380a12ac124c8f217b700708a1ce7dce154265f31a126ebdd9ed3ef9145ae29124a25f4e65aa52c5a9ff34f6cf4de9ba937ae406dc7d1f277af4f6fb7ea73bfbab2bd397b6b2c53570e173ffcf3b9f0bb96837623a4f87bd81b41446c59e681a2f3da81239e9bdf" ) == 0 );
316  }
317 
318  rsa_free( &ctx );
319  }
320  FCT_TEST_END();
321 
322 
323  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_data_too_long)
324  {
325  unsigned char message_str[1000];
326  unsigned char output[1000];
327  unsigned char output_str[1000];
328  unsigned char rnd_buf[1000];
329  rsa_context ctx;
330  size_t msg_len;
331  rnd_buf_info info;
332 
333  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
334  info.buf = rnd_buf;
335 
337  memset( message_str, 0x00, 1000 );
338  memset( output, 0x00, 1000 );
339  memset( output_str, 0x00, 1000 );
340 
341  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
342  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
343  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
344 
345  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
346 
347  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00" );
348 
349  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == POLARSSL_ERR_RSA_BAD_INPUT_DATA );
351  {
352  hexify( output_str, output, ctx.len );
353 
354  fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
355  }
356 
357  rsa_free( &ctx );
358  }
359  FCT_TEST_END();
360 
361 
362  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_1)
363  {
364  unsigned char message_str[1000];
365  unsigned char output[1000];
366  unsigned char output_str[1000];
367  unsigned char rnd_buf[1000];
368  rsa_context ctx;
369  size_t msg_len;
370  rnd_buf_info info;
371 
372  info.length = unhexify( rnd_buf, "18b776ea21069d69776a33e96bad48e1dda0a5ef" );
373  info.buf = rnd_buf;
374 
376  memset( message_str, 0x00, 1000 );
377  memset( output, 0x00, 1000 );
378  memset( output_str, 0x00, 1000 );
379 
380  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
381  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
382  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
383 
384  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
385 
386  msg_len = unhexify( message_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" );
387 
388  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
389  if( 0 == 0 )
390  {
391  hexify( output_str, output, ctx.len );
392 
393  fct_chk( strcasecmp( (char *) output_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" ) == 0 );
394  }
395 
396  rsa_free( &ctx );
397  }
398  FCT_TEST_END();
399 
400 
401  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_2)
402  {
403  unsigned char message_str[1000];
404  unsigned char output[1000];
405  unsigned char output_str[1000];
406  unsigned char rnd_buf[1000];
407  rsa_context ctx;
408  size_t msg_len;
409  rnd_buf_info info;
410 
411  info.length = unhexify( rnd_buf, "0cc742ce4a9b7f32f951bcb251efd925fe4fe35f" );
412  info.buf = rnd_buf;
413 
415  memset( message_str, 0x00, 1000 );
416  memset( output, 0x00, 1000 );
417  memset( output_str, 0x00, 1000 );
418 
419  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
420  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
421  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
422 
423  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
424 
425  msg_len = unhexify( message_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" );
426 
427  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
428  if( 0 == 0 )
429  {
430  hexify( output_str, output, ctx.len );
431 
432  fct_chk( strcasecmp( (char *) output_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" ) == 0 );
433  }
434 
435  rsa_free( &ctx );
436  }
437  FCT_TEST_END();
438 
439 
440  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_3)
441  {
442  unsigned char message_str[1000];
443  unsigned char output[1000];
444  unsigned char output_str[1000];
445  unsigned char rnd_buf[1000];
446  rsa_context ctx;
447  size_t msg_len;
448  rnd_buf_info info;
449 
450  info.length = unhexify( rnd_buf, "2514df4695755a67b288eaf4905c36eec66fd2fd" );
451  info.buf = rnd_buf;
452 
454  memset( message_str, 0x00, 1000 );
455  memset( output, 0x00, 1000 );
456  memset( output_str, 0x00, 1000 );
457 
458  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
459  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
460  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
461 
462  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
463 
464  msg_len = unhexify( message_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" );
465 
466  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
467  if( 0 == 0 )
468  {
469  hexify( output_str, output, ctx.len );
470 
471  fct_chk( strcasecmp( (char *) output_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" ) == 0 );
472  }
473 
474  rsa_free( &ctx );
475  }
476  FCT_TEST_END();
477 
478 
479  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_4)
480  {
481  unsigned char message_str[1000];
482  unsigned char output[1000];
483  unsigned char output_str[1000];
484  unsigned char rnd_buf[1000];
485  rsa_context ctx;
486  size_t msg_len;
487  rnd_buf_info info;
488 
489  info.length = unhexify( rnd_buf, "c4435a3e1a18a68b6820436290a37cefb85db3fb" );
490  info.buf = rnd_buf;
491 
493  memset( message_str, 0x00, 1000 );
494  memset( output, 0x00, 1000 );
495  memset( output_str, 0x00, 1000 );
496 
497  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
498  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
499  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
500 
501  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
502 
503  msg_len = unhexify( message_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" );
504 
505  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
506  if( 0 == 0 )
507  {
508  hexify( output_str, output, ctx.len );
509 
510  fct_chk( strcasecmp( (char *) output_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" ) == 0 );
511  }
512 
513  rsa_free( &ctx );
514  }
515  FCT_TEST_END();
516 
517 
518  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_5)
519  {
520  unsigned char message_str[1000];
521  unsigned char output[1000];
522  unsigned char output_str[1000];
523  unsigned char rnd_buf[1000];
524  rsa_context ctx;
525  size_t msg_len;
526  rnd_buf_info info;
527 
528  info.length = unhexify( rnd_buf, "b318c42df3be0f83fea823f5a7b47ed5e425a3b5" );
529  info.buf = rnd_buf;
530 
532  memset( message_str, 0x00, 1000 );
533  memset( output, 0x00, 1000 );
534  memset( output_str, 0x00, 1000 );
535 
536  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
537  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
538  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
539 
540  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
541 
542  msg_len = unhexify( message_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802" );
543 
544  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
545  if( 0 == 0 )
546  {
547  hexify( output_str, output, ctx.len );
548 
549  fct_chk( strcasecmp( (char *) output_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" ) == 0 );
550  }
551 
552  rsa_free( &ctx );
553  }
554  FCT_TEST_END();
555 
556 
557  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_6)
558  {
559  unsigned char message_str[1000];
560  unsigned char output[1000];
561  unsigned char output_str[1000];
562  unsigned char rnd_buf[1000];
563  rsa_context ctx;
564  size_t msg_len;
565  rnd_buf_info info;
566 
567  info.length = unhexify( rnd_buf, "e4ec0982c2336f3a677f6a356174eb0ce887abc2" );
568  info.buf = rnd_buf;
569 
571  memset( message_str, 0x00, 1000 );
572  memset( output, 0x00, 1000 );
573  memset( output_str, 0x00, 1000 );
574 
575  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
576  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
577  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
578 
579  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
580 
581  msg_len = unhexify( message_str, "26521050844271" );
582 
583  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
584  if( 0 == 0 )
585  {
586  hexify( output_str, output, ctx.len );
587 
588  fct_chk( strcasecmp( (char *) output_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" ) == 0 );
589  }
590 
591  rsa_free( &ctx );
592  }
593  FCT_TEST_END();
594 
595 
596  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_1)
597  {
598  unsigned char message_str[1000];
599  unsigned char output[1000];
600  unsigned char output_str[1000];
601  unsigned char rnd_buf[1000];
602  rsa_context ctx;
603  size_t msg_len;
604  rnd_buf_info info;
605 
606  info.length = unhexify( rnd_buf, "8c407b5ec2899e5099c53e8ce793bf94e71b1782" );
607  info.buf = rnd_buf;
608 
610  memset( message_str, 0x00, 1000 );
611  memset( output, 0x00, 1000 );
612  memset( output_str, 0x00, 1000 );
613 
614  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
615  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
616  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
617 
618  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
619 
620  msg_len = unhexify( message_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" );
621 
622  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
623  if( 0 == 0 )
624  {
625  hexify( output_str, output, ctx.len );
626 
627  fct_chk( strcasecmp( (char *) output_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" ) == 0 );
628  }
629 
630  rsa_free( &ctx );
631  }
632  FCT_TEST_END();
633 
634 
635  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_2)
636  {
637  unsigned char message_str[1000];
638  unsigned char output[1000];
639  unsigned char output_str[1000];
640  unsigned char rnd_buf[1000];
641  rsa_context ctx;
642  size_t msg_len;
643  rnd_buf_info info;
644 
645  info.length = unhexify( rnd_buf, "b600cf3c2e506d7f16778c910d3a8b003eee61d5" );
646  info.buf = rnd_buf;
647 
649  memset( message_str, 0x00, 1000 );
650  memset( output, 0x00, 1000 );
651  memset( output_str, 0x00, 1000 );
652 
653  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
654  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
655  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
656 
657  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
658 
659  msg_len = unhexify( message_str, "2d" );
660 
661  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
662  if( 0 == 0 )
663  {
664  hexify( output_str, output, ctx.len );
665 
666  fct_chk( strcasecmp( (char *) output_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" ) == 0 );
667  }
668 
669  rsa_free( &ctx );
670  }
671  FCT_TEST_END();
672 
673 
674  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_3)
675  {
676  unsigned char message_str[1000];
677  unsigned char output[1000];
678  unsigned char output_str[1000];
679  unsigned char rnd_buf[1000];
680  rsa_context ctx;
681  size_t msg_len;
682  rnd_buf_info info;
683 
684  info.length = unhexify( rnd_buf, "a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3" );
685  info.buf = rnd_buf;
686 
688  memset( message_str, 0x00, 1000 );
689  memset( output, 0x00, 1000 );
690  memset( output_str, 0x00, 1000 );
691 
692  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
693  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
694  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
695 
696  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
697 
698  msg_len = unhexify( message_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" );
699 
700  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
701  if( 0 == 0 )
702  {
703  hexify( output_str, output, ctx.len );
704 
705  fct_chk( strcasecmp( (char *) output_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" ) == 0 );
706  }
707 
708  rsa_free( &ctx );
709  }
710  FCT_TEST_END();
711 
712 
713  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_4)
714  {
715  unsigned char message_str[1000];
716  unsigned char output[1000];
717  unsigned char output_str[1000];
718  unsigned char rnd_buf[1000];
719  rsa_context ctx;
720  size_t msg_len;
721  rnd_buf_info info;
722 
723  info.length = unhexify( rnd_buf, "9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156" );
724  info.buf = rnd_buf;
725 
727  memset( message_str, 0x00, 1000 );
728  memset( output, 0x00, 1000 );
729  memset( output_str, 0x00, 1000 );
730 
731  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
732  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
733  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
734 
735  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
736 
737  msg_len = unhexify( message_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" );
738 
739  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
740  if( 0 == 0 )
741  {
742  hexify( output_str, output, ctx.len );
743 
744  fct_chk( strcasecmp( (char *) output_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" ) == 0 );
745  }
746 
747  rsa_free( &ctx );
748  }
749  FCT_TEST_END();
750 
751 
752  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_5)
753  {
754  unsigned char message_str[1000];
755  unsigned char output[1000];
756  unsigned char output_str[1000];
757  unsigned char rnd_buf[1000];
758  rsa_context ctx;
759  size_t msg_len;
760  rnd_buf_info info;
761 
762  info.length = unhexify( rnd_buf, "eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3" );
763  info.buf = rnd_buf;
764 
766  memset( message_str, 0x00, 1000 );
767  memset( output, 0x00, 1000 );
768  memset( output_str, 0x00, 1000 );
769 
770  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
771  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
772  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
773 
774  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
775 
776  msg_len = unhexify( message_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" );
777 
778  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
779  if( 0 == 0 )
780  {
781  hexify( output_str, output, ctx.len );
782 
783  fct_chk( strcasecmp( (char *) output_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" ) == 0 );
784  }
785 
786  rsa_free( &ctx );
787  }
788  FCT_TEST_END();
789 
790 
791  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_6)
792  {
793  unsigned char message_str[1000];
794  unsigned char output[1000];
795  unsigned char output_str[1000];
796  unsigned char rnd_buf[1000];
797  rsa_context ctx;
798  size_t msg_len;
799  rnd_buf_info info;
800 
801  info.length = unhexify( rnd_buf, "4c45cf4d57c98e3d6d2095adc51c489eb50dff84" );
802  info.buf = rnd_buf;
803 
805  memset( message_str, 0x00, 1000 );
806  memset( output, 0x00, 1000 );
807  memset( output_str, 0x00, 1000 );
808 
809  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
810  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
811  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
812 
813  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
814 
815  msg_len = unhexify( message_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" );
816 
817  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
818  if( 0 == 0 )
819  {
820  hexify( output_str, output, ctx.len );
821 
822  fct_chk( strcasecmp( (char *) output_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" ) == 0 );
823  }
824 
825  rsa_free( &ctx );
826  }
827  FCT_TEST_END();
828 
829 
830  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_1)
831  {
832  unsigned char message_str[1000];
833  unsigned char output[1000];
834  unsigned char output_str[1000];
835  unsigned char rnd_buf[1000];
836  rsa_context ctx;
837  size_t msg_len;
838  rnd_buf_info info;
839 
840  info.length = unhexify( rnd_buf, "8ced6b196290805790e909074015e6a20b0c4894" );
841  info.buf = rnd_buf;
842 
844  memset( message_str, 0x00, 1000 );
845  memset( output, 0x00, 1000 );
846  memset( output_str, 0x00, 1000 );
847 
848  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
849  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
850  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
851 
852  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
853 
854  msg_len = unhexify( message_str, "087820b569e8fa8d" );
855 
856  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
857  if( 0 == 0 )
858  {
859  hexify( output_str, output, ctx.len );
860 
861  fct_chk( strcasecmp( (char *) output_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" ) == 0 );
862  }
863 
864  rsa_free( &ctx );
865  }
866  FCT_TEST_END();
867 
868 
869  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_2)
870  {
871  unsigned char message_str[1000];
872  unsigned char output[1000];
873  unsigned char output_str[1000];
874  unsigned char rnd_buf[1000];
875  rsa_context ctx;
876  size_t msg_len;
877  rnd_buf_info info;
878 
879  info.length = unhexify( rnd_buf, "b4291d6567550848cc156967c809baab6ca507f0" );
880  info.buf = rnd_buf;
881 
883  memset( message_str, 0x00, 1000 );
884  memset( output, 0x00, 1000 );
885  memset( output_str, 0x00, 1000 );
886 
887  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
888  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
889  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
890 
891  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
892 
893  msg_len = unhexify( message_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" );
894 
895  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
896  if( 0 == 0 )
897  {
898  hexify( output_str, output, ctx.len );
899 
900  fct_chk( strcasecmp( (char *) output_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" ) == 0 );
901  }
902 
903  rsa_free( &ctx );
904  }
905  FCT_TEST_END();
906 
907 
908  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_3)
909  {
910  unsigned char message_str[1000];
911  unsigned char output[1000];
912  unsigned char output_str[1000];
913  unsigned char rnd_buf[1000];
914  rsa_context ctx;
915  size_t msg_len;
916  rnd_buf_info info;
917 
918  info.length = unhexify( rnd_buf, "ce8928f6059558254008badd9794fadcd2fd1f65" );
919  info.buf = rnd_buf;
920 
922  memset( message_str, 0x00, 1000 );
923  memset( output, 0x00, 1000 );
924  memset( output_str, 0x00, 1000 );
925 
926  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
927  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
928  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
929 
930  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
931 
932  msg_len = unhexify( message_str, "d94cd0e08fa404ed89" );
933 
934  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
935  if( 0 == 0 )
936  {
937  hexify( output_str, output, ctx.len );
938 
939  fct_chk( strcasecmp( (char *) output_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" ) == 0 );
940  }
941 
942  rsa_free( &ctx );
943  }
944  FCT_TEST_END();
945 
946 
947  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_4)
948  {
949  unsigned char message_str[1000];
950  unsigned char output[1000];
951  unsigned char output_str[1000];
952  unsigned char rnd_buf[1000];
953  rsa_context ctx;
954  size_t msg_len;
955  rnd_buf_info info;
956 
957  info.length = unhexify( rnd_buf, "6e2979f52d6814a57d83b090054888f119a5b9a3" );
958  info.buf = rnd_buf;
959 
961  memset( message_str, 0x00, 1000 );
962  memset( output, 0x00, 1000 );
963  memset( output_str, 0x00, 1000 );
964 
965  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
966  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
967  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
968 
969  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
970 
971  msg_len = unhexify( message_str, "6cc641b6b61e6f963974dad23a9013284ef1" );
972 
973  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
974  if( 0 == 0 )
975  {
976  hexify( output_str, output, ctx.len );
977 
978  fct_chk( strcasecmp( (char *) output_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" ) == 0 );
979  }
980 
981  rsa_free( &ctx );
982  }
983  FCT_TEST_END();
984 
985 
986  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_5)
987  {
988  unsigned char message_str[1000];
989  unsigned char output[1000];
990  unsigned char output_str[1000];
991  unsigned char rnd_buf[1000];
992  rsa_context ctx;
993  size_t msg_len;
994  rnd_buf_info info;
995 
996  info.length = unhexify( rnd_buf, "2d760bfe38c59de34cdc8b8c78a38e66284a2d27" );
997  info.buf = rnd_buf;
998 
1000  memset( message_str, 0x00, 1000 );
1001  memset( output, 0x00, 1000 );
1002  memset( output_str, 0x00, 1000 );
1003 
1004  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
1005  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
1006  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1007 
1008  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1009 
1010  msg_len = unhexify( message_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" );
1011 
1012  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1013  if( 0 == 0 )
1014  {
1015  hexify( output_str, output, ctx.len );
1016 
1017  fct_chk( strcasecmp( (char *) output_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" ) == 0 );
1018  }
1019 
1020  rsa_free( &ctx );
1021  }
1022  FCT_TEST_END();
1023 
1024 
1025  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_6)
1026  {
1027  unsigned char message_str[1000];
1028  unsigned char output[1000];
1029  unsigned char output_str[1000];
1030  unsigned char rnd_buf[1000];
1031  rsa_context ctx;
1032  size_t msg_len;
1033  rnd_buf_info info;
1034 
1035  info.length = unhexify( rnd_buf, "f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e" );
1036  info.buf = rnd_buf;
1037 
1039  memset( message_str, 0x00, 1000 );
1040  memset( output, 0x00, 1000 );
1041  memset( output_str, 0x00, 1000 );
1042 
1043  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
1044  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
1045  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1046 
1047  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1048 
1049  msg_len = unhexify( message_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" );
1050 
1051  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1052  if( 0 == 0 )
1053  {
1054  hexify( output_str, output, ctx.len );
1055 
1056  fct_chk( strcasecmp( (char *) output_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" ) == 0 );
1057  }
1058 
1059  rsa_free( &ctx );
1060  }
1061  FCT_TEST_END();
1062 
1063 
1064  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_1)
1065  {
1066  unsigned char message_str[1000];
1067  unsigned char output[1000];
1068  unsigned char output_str[1000];
1069  unsigned char rnd_buf[1000];
1070  rsa_context ctx;
1071  size_t msg_len;
1072  rnd_buf_info info;
1073 
1074  info.length = unhexify( rnd_buf, "1cac19ce993def55f98203f6852896c95ccca1f3" );
1075  info.buf = rnd_buf;
1076 
1078  memset( message_str, 0x00, 1000 );
1079  memset( output, 0x00, 1000 );
1080  memset( output_str, 0x00, 1000 );
1081 
1082  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1083  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1084  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1085 
1086  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1087 
1088  msg_len = unhexify( message_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" );
1089 
1090  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1091  if( 0 == 0 )
1092  {
1093  hexify( output_str, output, ctx.len );
1094 
1095  fct_chk( strcasecmp( (char *) output_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" ) == 0 );
1096  }
1097 
1098  rsa_free( &ctx );
1099  }
1100  FCT_TEST_END();
1101 
1102 
1103  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_2)
1104  {
1105  unsigned char message_str[1000];
1106  unsigned char output[1000];
1107  unsigned char output_str[1000];
1108  unsigned char rnd_buf[1000];
1109  rsa_context ctx;
1110  size_t msg_len;
1111  rnd_buf_info info;
1112 
1113  info.length = unhexify( rnd_buf, "f545d5897585e3db71aa0cb8da76c51d032ae963" );
1114  info.buf = rnd_buf;
1115 
1117  memset( message_str, 0x00, 1000 );
1118  memset( output, 0x00, 1000 );
1119  memset( output_str, 0x00, 1000 );
1120 
1121  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1122  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1123  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1124 
1125  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1126 
1127  msg_len = unhexify( message_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" );
1128 
1129  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1130  if( 0 == 0 )
1131  {
1132  hexify( output_str, output, ctx.len );
1133 
1134  fct_chk( strcasecmp( (char *) output_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" ) == 0 );
1135  }
1136 
1137  rsa_free( &ctx );
1138  }
1139  FCT_TEST_END();
1140 
1141 
1142  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_3)
1143  {
1144  unsigned char message_str[1000];
1145  unsigned char output[1000];
1146  unsigned char output_str[1000];
1147  unsigned char rnd_buf[1000];
1148  rsa_context ctx;
1149  size_t msg_len;
1150  rnd_buf_info info;
1151 
1152  info.length = unhexify( rnd_buf, "ad997feef730d6ea7be60d0dc52e72eacbfdd275" );
1153  info.buf = rnd_buf;
1154 
1156  memset( message_str, 0x00, 1000 );
1157  memset( output, 0x00, 1000 );
1158  memset( output_str, 0x00, 1000 );
1159 
1160  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1161  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1162  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1163 
1164  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1165 
1166  msg_len = unhexify( message_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" );
1167 
1168  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1169  if( 0 == 0 )
1170  {
1171  hexify( output_str, output, ctx.len );
1172 
1173  fct_chk( strcasecmp( (char *) output_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" ) == 0 );
1174  }
1175 
1176  rsa_free( &ctx );
1177  }
1178  FCT_TEST_END();
1179 
1180 
1181  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_4)
1182  {
1183  unsigned char message_str[1000];
1184  unsigned char output[1000];
1185  unsigned char output_str[1000];
1186  unsigned char rnd_buf[1000];
1187  rsa_context ctx;
1188  size_t msg_len;
1189  rnd_buf_info info;
1190 
1191  info.length = unhexify( rnd_buf, "136454df5730f73c807a7e40d8c1a312ac5b9dd3" );
1192  info.buf = rnd_buf;
1193 
1195  memset( message_str, 0x00, 1000 );
1196  memset( output, 0x00, 1000 );
1197  memset( output_str, 0x00, 1000 );
1198 
1199  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1200  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1201  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1202 
1203  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1204 
1205  msg_len = unhexify( message_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" );
1206 
1207  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1208  if( 0 == 0 )
1209  {
1210  hexify( output_str, output, ctx.len );
1211 
1212  fct_chk( strcasecmp( (char *) output_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" ) == 0 );
1213  }
1214 
1215  rsa_free( &ctx );
1216  }
1217  FCT_TEST_END();
1218 
1219 
1220  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_5)
1221  {
1222  unsigned char message_str[1000];
1223  unsigned char output[1000];
1224  unsigned char output_str[1000];
1225  unsigned char rnd_buf[1000];
1226  rsa_context ctx;
1227  size_t msg_len;
1228  rnd_buf_info info;
1229 
1230  info.length = unhexify( rnd_buf, "bca8057f824b2ea257f2861407eef63d33208681" );
1231  info.buf = rnd_buf;
1232 
1234  memset( message_str, 0x00, 1000 );
1235  memset( output, 0x00, 1000 );
1236  memset( output_str, 0x00, 1000 );
1237 
1238  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1239  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1240  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1241 
1242  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1243 
1244  msg_len = unhexify( message_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" );
1245 
1246  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1247  if( 0 == 0 )
1248  {
1249  hexify( output_str, output, ctx.len );
1250 
1251  fct_chk( strcasecmp( (char *) output_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" ) == 0 );
1252  }
1253 
1254  rsa_free( &ctx );
1255  }
1256  FCT_TEST_END();
1257 
1258 
1259  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_6)
1260  {
1261  unsigned char message_str[1000];
1262  unsigned char output[1000];
1263  unsigned char output_str[1000];
1264  unsigned char rnd_buf[1000];
1265  rsa_context ctx;
1266  size_t msg_len;
1267  rnd_buf_info info;
1268 
1269  info.length = unhexify( rnd_buf, "2e7e1e17f647b5ddd033e15472f90f6812f3ac4e" );
1270  info.buf = rnd_buf;
1271 
1273  memset( message_str, 0x00, 1000 );
1274  memset( output, 0x00, 1000 );
1275  memset( output_str, 0x00, 1000 );
1276 
1277  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1278  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1279  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1280 
1281  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1282 
1283  msg_len = unhexify( message_str, "f22242751ec6b1" );
1284 
1285  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1286  if( 0 == 0 )
1287  {
1288  hexify( output_str, output, ctx.len );
1289 
1290  fct_chk( strcasecmp( (char *) output_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" ) == 0 );
1291  }
1292 
1293  rsa_free( &ctx );
1294  }
1295  FCT_TEST_END();
1296 
1297 
1298  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_1)
1299  {
1300  unsigned char message_str[1000];
1301  unsigned char output[1000];
1302  unsigned char output_str[1000];
1303  unsigned char rnd_buf[1000];
1304  rsa_context ctx;
1305  size_t msg_len;
1306  rnd_buf_info info;
1307 
1308  info.length = unhexify( rnd_buf, "44c92e283f77b9499c603d963660c87d2f939461" );
1309  info.buf = rnd_buf;
1310 
1312  memset( message_str, 0x00, 1000 );
1313  memset( output, 0x00, 1000 );
1314  memset( output_str, 0x00, 1000 );
1315 
1316  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1317  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1318  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1319 
1320  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1321 
1322  msg_len = unhexify( message_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" );
1323 
1324  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1325  if( 0 == 0 )
1326  {
1327  hexify( output_str, output, ctx.len );
1328 
1329  fct_chk( strcasecmp( (char *) output_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" ) == 0 );
1330  }
1331 
1332  rsa_free( &ctx );
1333  }
1334  FCT_TEST_END();
1335 
1336 
1337  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_2)
1338  {
1339  unsigned char message_str[1000];
1340  unsigned char output[1000];
1341  unsigned char output_str[1000];
1342  unsigned char rnd_buf[1000];
1343  rsa_context ctx;
1344  size_t msg_len;
1345  rnd_buf_info info;
1346 
1347  info.length = unhexify( rnd_buf, "cb28f5860659fceee49c3eeafce625a70803bd32" );
1348  info.buf = rnd_buf;
1349 
1351  memset( message_str, 0x00, 1000 );
1352  memset( output, 0x00, 1000 );
1353  memset( output_str, 0x00, 1000 );
1354 
1355  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1356  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1357  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1358 
1359  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1360 
1361  msg_len = unhexify( message_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" );
1362 
1363  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1364  if( 0 == 0 )
1365  {
1366  hexify( output_str, output, ctx.len );
1367 
1368  fct_chk( strcasecmp( (char *) output_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" ) == 0 );
1369  }
1370 
1371  rsa_free( &ctx );
1372  }
1373  FCT_TEST_END();
1374 
1375 
1376  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_3)
1377  {
1378  unsigned char message_str[1000];
1379  unsigned char output[1000];
1380  unsigned char output_str[1000];
1381  unsigned char rnd_buf[1000];
1382  rsa_context ctx;
1383  size_t msg_len;
1384  rnd_buf_info info;
1385 
1386  info.length = unhexify( rnd_buf, "2285f40d770482f9a9efa2c72cb3ac55716dc0ca" );
1387  info.buf = rnd_buf;
1388 
1390  memset( message_str, 0x00, 1000 );
1391  memset( output, 0x00, 1000 );
1392  memset( output_str, 0x00, 1000 );
1393 
1394  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1395  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1396  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1397 
1398  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1399 
1400  msg_len = unhexify( message_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" );
1401 
1402  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1403  if( 0 == 0 )
1404  {
1405  hexify( output_str, output, ctx.len );
1406 
1407  fct_chk( strcasecmp( (char *) output_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" ) == 0 );
1408  }
1409 
1410  rsa_free( &ctx );
1411  }
1412  FCT_TEST_END();
1413 
1414 
1415  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_4)
1416  {
1417  unsigned char message_str[1000];
1418  unsigned char output[1000];
1419  unsigned char output_str[1000];
1420  unsigned char rnd_buf[1000];
1421  rsa_context ctx;
1422  size_t msg_len;
1423  rnd_buf_info info;
1424 
1425  info.length = unhexify( rnd_buf, "49fa45d3a78dd10dfd577399d1eb00af7eed5513" );
1426  info.buf = rnd_buf;
1427 
1429  memset( message_str, 0x00, 1000 );
1430  memset( output, 0x00, 1000 );
1431  memset( output_str, 0x00, 1000 );
1432 
1433  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1434  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1435  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1436 
1437  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1438 
1439  msg_len = unhexify( message_str, "15c5b9ee1185" );
1440 
1441  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1442  if( 0 == 0 )
1443  {
1444  hexify( output_str, output, ctx.len );
1445 
1446  fct_chk( strcasecmp( (char *) output_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" ) == 0 );
1447  }
1448 
1449  rsa_free( &ctx );
1450  }
1451  FCT_TEST_END();
1452 
1453 
1454  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_5)
1455  {
1456  unsigned char message_str[1000];
1457  unsigned char output[1000];
1458  unsigned char output_str[1000];
1459  unsigned char rnd_buf[1000];
1460  rsa_context ctx;
1461  size_t msg_len;
1462  rnd_buf_info info;
1463 
1464  info.length = unhexify( rnd_buf, "f0287413234cc5034724a094c4586b87aff133fc" );
1465  info.buf = rnd_buf;
1466 
1468  memset( message_str, 0x00, 1000 );
1469  memset( output, 0x00, 1000 );
1470  memset( output_str, 0x00, 1000 );
1471 
1472  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1473  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1474  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1475 
1476  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1477 
1478  msg_len = unhexify( message_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" );
1479 
1480  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1481  if( 0 == 0 )
1482  {
1483  hexify( output_str, output, ctx.len );
1484 
1485  fct_chk( strcasecmp( (char *) output_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" ) == 0 );
1486  }
1487 
1488  rsa_free( &ctx );
1489  }
1490  FCT_TEST_END();
1491 
1492 
1493  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_6)
1494  {
1495  unsigned char message_str[1000];
1496  unsigned char output[1000];
1497  unsigned char output_str[1000];
1498  unsigned char rnd_buf[1000];
1499  rsa_context ctx;
1500  size_t msg_len;
1501  rnd_buf_info info;
1502 
1503  info.length = unhexify( rnd_buf, "d9fba45c96f21e6e26d29eb2cdcb6585be9cb341" );
1504  info.buf = rnd_buf;
1505 
1507  memset( message_str, 0x00, 1000 );
1508  memset( output, 0x00, 1000 );
1509  memset( output_str, 0x00, 1000 );
1510 
1511  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1512  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1513  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1514 
1515  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1516 
1517  msg_len = unhexify( message_str, "541e37b68b6c8872b84c02" );
1518 
1519  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1520  if( 0 == 0 )
1521  {
1522  hexify( output_str, output, ctx.len );
1523 
1524  fct_chk( strcasecmp( (char *) output_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" ) == 0 );
1525  }
1526 
1527  rsa_free( &ctx );
1528  }
1529  FCT_TEST_END();
1530 
1531 
1532  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_1)
1533  {
1534  unsigned char message_str[1000];
1535  unsigned char output[1000];
1536  unsigned char output_str[1000];
1537  unsigned char rnd_buf[1000];
1538  rsa_context ctx;
1539  size_t msg_len;
1540  rnd_buf_info info;
1541 
1542  info.length = unhexify( rnd_buf, "dd0f6cfe415e88e5a469a51fbba6dfd40adb4384" );
1543  info.buf = rnd_buf;
1544 
1546  memset( message_str, 0x00, 1000 );
1547  memset( output, 0x00, 1000 );
1548  memset( output_str, 0x00, 1000 );
1549 
1550  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1551  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1552  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1553 
1554  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1555 
1556  msg_len = unhexify( message_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" );
1557 
1558  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1559  if( 0 == 0 )
1560  {
1561  hexify( output_str, output, ctx.len );
1562 
1563  fct_chk( strcasecmp( (char *) output_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" ) == 0 );
1564  }
1565 
1566  rsa_free( &ctx );
1567  }
1568  FCT_TEST_END();
1569 
1570 
1571  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_2)
1572  {
1573  unsigned char message_str[1000];
1574  unsigned char output[1000];
1575  unsigned char output_str[1000];
1576  unsigned char rnd_buf[1000];
1577  rsa_context ctx;
1578  size_t msg_len;
1579  rnd_buf_info info;
1580 
1581  info.length = unhexify( rnd_buf, "8d14bd946a1351148f5cae2ed9a0c653e85ebd85" );
1582  info.buf = rnd_buf;
1583 
1585  memset( message_str, 0x00, 1000 );
1586  memset( output, 0x00, 1000 );
1587  memset( output_str, 0x00, 1000 );
1588 
1589  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1590  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1591  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1592 
1593  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1594 
1595  msg_len = unhexify( message_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" );
1596 
1597  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1598  if( 0 == 0 )
1599  {
1600  hexify( output_str, output, ctx.len );
1601 
1602  fct_chk( strcasecmp( (char *) output_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" ) == 0 );
1603  }
1604 
1605  rsa_free( &ctx );
1606  }
1607  FCT_TEST_END();
1608 
1609 
1610  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_3)
1611  {
1612  unsigned char message_str[1000];
1613  unsigned char output[1000];
1614  unsigned char output_str[1000];
1615  unsigned char rnd_buf[1000];
1616  rsa_context ctx;
1617  size_t msg_len;
1618  rnd_buf_info info;
1619 
1620  info.length = unhexify( rnd_buf, "6c075bc45520f165c0bf5ea4c5df191bc9ef0e44" );
1621  info.buf = rnd_buf;
1622 
1624  memset( message_str, 0x00, 1000 );
1625  memset( output, 0x00, 1000 );
1626  memset( output_str, 0x00, 1000 );
1627 
1628  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1629  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1630  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1631 
1632  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1633 
1634  msg_len = unhexify( message_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" );
1635 
1636  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1637  if( 0 == 0 )
1638  {
1639  hexify( output_str, output, ctx.len );
1640 
1641  fct_chk( strcasecmp( (char *) output_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" ) == 0 );
1642  }
1643 
1644  rsa_free( &ctx );
1645  }
1646  FCT_TEST_END();
1647 
1648 
1649  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_4)
1650  {
1651  unsigned char message_str[1000];
1652  unsigned char output[1000];
1653  unsigned char output_str[1000];
1654  unsigned char rnd_buf[1000];
1655  rsa_context ctx;
1656  size_t msg_len;
1657  rnd_buf_info info;
1658 
1659  info.length = unhexify( rnd_buf, "3bbc3bd6637dfe12846901029bf5b0c07103439c" );
1660  info.buf = rnd_buf;
1661 
1663  memset( message_str, 0x00, 1000 );
1664  memset( output, 0x00, 1000 );
1665  memset( output_str, 0x00, 1000 );
1666 
1667  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1668  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1669  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1670 
1671  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1672 
1673  msg_len = unhexify( message_str, "684e3038c5c041f7" );
1674 
1675  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1676  if( 0 == 0 )
1677  {
1678  hexify( output_str, output, ctx.len );
1679 
1680  fct_chk( strcasecmp( (char *) output_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" ) == 0 );
1681  }
1682 
1683  rsa_free( &ctx );
1684  }
1685  FCT_TEST_END();
1686 
1687 
1688  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_5)
1689  {
1690  unsigned char message_str[1000];
1691  unsigned char output[1000];
1692  unsigned char output_str[1000];
1693  unsigned char rnd_buf[1000];
1694  rsa_context ctx;
1695  size_t msg_len;
1696  rnd_buf_info info;
1697 
1698  info.length = unhexify( rnd_buf, "b46b41893e8bef326f6759383a83071dae7fcabc" );
1699  info.buf = rnd_buf;
1700 
1702  memset( message_str, 0x00, 1000 );
1703  memset( output, 0x00, 1000 );
1704  memset( output_str, 0x00, 1000 );
1705 
1706  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1707  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1708  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1709 
1710  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1711 
1712  msg_len = unhexify( message_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" );
1713 
1714  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1715  if( 0 == 0 )
1716  {
1717  hexify( output_str, output, ctx.len );
1718 
1719  fct_chk( strcasecmp( (char *) output_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" ) == 0 );
1720  }
1721 
1722  rsa_free( &ctx );
1723  }
1724  FCT_TEST_END();
1725 
1726 
1727  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_6)
1728  {
1729  unsigned char message_str[1000];
1730  unsigned char output[1000];
1731  unsigned char output_str[1000];
1732  unsigned char rnd_buf[1000];
1733  rsa_context ctx;
1734  size_t msg_len;
1735  rnd_buf_info info;
1736 
1737  info.length = unhexify( rnd_buf, "0a2403312a41e3d52f060fbc13a67de5cf7609a7" );
1738  info.buf = rnd_buf;
1739 
1741  memset( message_str, 0x00, 1000 );
1742  memset( output, 0x00, 1000 );
1743  memset( output_str, 0x00, 1000 );
1744 
1745  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1746  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1747  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1748 
1749  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1750 
1751  msg_len = unhexify( message_str, "50ba14be8462720279c306ba" );
1752 
1753  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1754  if( 0 == 0 )
1755  {
1756  hexify( output_str, output, ctx.len );
1757 
1758  fct_chk( strcasecmp( (char *) output_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" ) == 0 );
1759  }
1760 
1761  rsa_free( &ctx );
1762  }
1763  FCT_TEST_END();
1764 
1765 
1766  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_1)
1767  {
1768  unsigned char message_str[1000];
1769  unsigned char output[1000];
1770  unsigned char output_str[1000];
1771  unsigned char rnd_buf[1000];
1772  rsa_context ctx;
1773  size_t msg_len;
1774  rnd_buf_info info;
1775 
1776  info.length = unhexify( rnd_buf, "43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f" );
1777  info.buf = rnd_buf;
1778 
1780  memset( message_str, 0x00, 1000 );
1781  memset( output, 0x00, 1000 );
1782  memset( output_str, 0x00, 1000 );
1783 
1784  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1785  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1786  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1787 
1788  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1789 
1790  msg_len = unhexify( message_str, "47aae909" );
1791 
1792  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1793  if( 0 == 0 )
1794  {
1795  hexify( output_str, output, ctx.len );
1796 
1797  fct_chk( strcasecmp( (char *) output_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" ) == 0 );
1798  }
1799 
1800  rsa_free( &ctx );
1801  }
1802  FCT_TEST_END();
1803 
1804 
1805  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_2)
1806  {
1807  unsigned char message_str[1000];
1808  unsigned char output[1000];
1809  unsigned char output_str[1000];
1810  unsigned char rnd_buf[1000];
1811  rsa_context ctx;
1812  size_t msg_len;
1813  rnd_buf_info info;
1814 
1815  info.length = unhexify( rnd_buf, "3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b" );
1816  info.buf = rnd_buf;
1817 
1819  memset( message_str, 0x00, 1000 );
1820  memset( output, 0x00, 1000 );
1821  memset( output_str, 0x00, 1000 );
1822 
1823  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1824  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1825  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1826 
1827  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1828 
1829  msg_len = unhexify( message_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" );
1830 
1831  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1832  if( 0 == 0 )
1833  {
1834  hexify( output_str, output, ctx.len );
1835 
1836  fct_chk( strcasecmp( (char *) output_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" ) == 0 );
1837  }
1838 
1839  rsa_free( &ctx );
1840  }
1841  FCT_TEST_END();
1842 
1843 
1844  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_3)
1845  {
1846  unsigned char message_str[1000];
1847  unsigned char output[1000];
1848  unsigned char output_str[1000];
1849  unsigned char rnd_buf[1000];
1850  rsa_context ctx;
1851  size_t msg_len;
1852  rnd_buf_info info;
1853 
1854  info.length = unhexify( rnd_buf, "76a75e5b6157a556cf8884bb2e45c293dd545cf5" );
1855  info.buf = rnd_buf;
1856 
1858  memset( message_str, 0x00, 1000 );
1859  memset( output, 0x00, 1000 );
1860  memset( output_str, 0x00, 1000 );
1861 
1862  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1863  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1864  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1865 
1866  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1867 
1868  msg_len = unhexify( message_str, "d976fc" );
1869 
1870  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1871  if( 0 == 0 )
1872  {
1873  hexify( output_str, output, ctx.len );
1874 
1875  fct_chk( strcasecmp( (char *) output_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" ) == 0 );
1876  }
1877 
1878  rsa_free( &ctx );
1879  }
1880  FCT_TEST_END();
1881 
1882 
1883  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_4)
1884  {
1885  unsigned char message_str[1000];
1886  unsigned char output[1000];
1887  unsigned char output_str[1000];
1888  unsigned char rnd_buf[1000];
1889  rsa_context ctx;
1890  size_t msg_len;
1891  rnd_buf_info info;
1892 
1893  info.length = unhexify( rnd_buf, "7866314a6ad6f2b250a35941db28f5864b585859" );
1894  info.buf = rnd_buf;
1895 
1897  memset( message_str, 0x00, 1000 );
1898  memset( output, 0x00, 1000 );
1899  memset( output_str, 0x00, 1000 );
1900 
1901  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1902  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1903  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1904 
1905  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1906 
1907  msg_len = unhexify( message_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" );
1908 
1909  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1910  if( 0 == 0 )
1911  {
1912  hexify( output_str, output, ctx.len );
1913 
1914  fct_chk( strcasecmp( (char *) output_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" ) == 0 );
1915  }
1916 
1917  rsa_free( &ctx );
1918  }
1919  FCT_TEST_END();
1920 
1921 
1922  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_5)
1923  {
1924  unsigned char message_str[1000];
1925  unsigned char output[1000];
1926  unsigned char output_str[1000];
1927  unsigned char rnd_buf[1000];
1928  rsa_context ctx;
1929  size_t msg_len;
1930  rnd_buf_info info;
1931 
1932  info.length = unhexify( rnd_buf, "b2166ed472d58db10cab2c6b000cccf10a7dc509" );
1933  info.buf = rnd_buf;
1934 
1936  memset( message_str, 0x00, 1000 );
1937  memset( output, 0x00, 1000 );
1938  memset( output_str, 0x00, 1000 );
1939 
1940  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1941  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1942  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1943 
1944  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1945 
1946  msg_len = unhexify( message_str, "bb47231ca5ea1d3ad46c99345d9a8a61" );
1947 
1948  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1949  if( 0 == 0 )
1950  {
1951  hexify( output_str, output, ctx.len );
1952 
1953  fct_chk( strcasecmp( (char *) output_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" ) == 0 );
1954  }
1955 
1956  rsa_free( &ctx );
1957  }
1958  FCT_TEST_END();
1959 
1960 
1961  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_6)
1962  {
1963  unsigned char message_str[1000];
1964  unsigned char output[1000];
1965  unsigned char output_str[1000];
1966  unsigned char rnd_buf[1000];
1967  rsa_context ctx;
1968  size_t msg_len;
1969  rnd_buf_info info;
1970 
1971  info.length = unhexify( rnd_buf, "52673bde2ca166c2aa46131ac1dc808d67d7d3b1" );
1972  info.buf = rnd_buf;
1973 
1975  memset( message_str, 0x00, 1000 );
1976  memset( output, 0x00, 1000 );
1977  memset( output_str, 0x00, 1000 );
1978 
1979  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1980  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1981  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1982 
1983  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1984 
1985  msg_len = unhexify( message_str, "2184827095d35c3f86f600e8e59754013296" );
1986 
1987  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1988  if( 0 == 0 )
1989  {
1990  hexify( output_str, output, ctx.len );
1991 
1992  fct_chk( strcasecmp( (char *) output_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" ) == 0 );
1993  }
1994 
1995  rsa_free( &ctx );
1996  }
1997  FCT_TEST_END();
1998 
1999 
2000  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_1)
2001  {
2002  unsigned char message_str[1000];
2003  unsigned char output[1000];
2004  unsigned char output_str[1000];
2005  unsigned char rnd_buf[1000];
2006  rsa_context ctx;
2007  size_t msg_len;
2008  rnd_buf_info info;
2009 
2010  info.length = unhexify( rnd_buf, "7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125" );
2011  info.buf = rnd_buf;
2012 
2014  memset( message_str, 0x00, 1000 );
2015  memset( output, 0x00, 1000 );
2016  memset( output_str, 0x00, 1000 );
2017 
2018  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2019  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2020  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2021 
2022  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2023 
2024  msg_len = unhexify( message_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" );
2025 
2026  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2027  if( 0 == 0 )
2028  {
2029  hexify( output_str, output, ctx.len );
2030 
2031  fct_chk( strcasecmp( (char *) output_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" ) == 0 );
2032  }
2033 
2034  rsa_free( &ctx );
2035  }
2036  FCT_TEST_END();
2037 
2038 
2039  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_2)
2040  {
2041  unsigned char message_str[1000];
2042  unsigned char output[1000];
2043  unsigned char output_str[1000];
2044  unsigned char rnd_buf[1000];
2045  rsa_context ctx;
2046  size_t msg_len;
2047  rnd_buf_info info;
2048 
2049  info.length = unhexify( rnd_buf, "a3717da143b4dcffbc742665a8fa950585548343" );
2050  info.buf = rnd_buf;
2051 
2053  memset( message_str, 0x00, 1000 );
2054  memset( output, 0x00, 1000 );
2055  memset( output_str, 0x00, 1000 );
2056 
2057  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2058  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2059  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2060 
2061  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2062 
2063  msg_len = unhexify( message_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" );
2064 
2065  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2066  if( 0 == 0 )
2067  {
2068  hexify( output_str, output, ctx.len );
2069 
2070  fct_chk( strcasecmp( (char *) output_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" ) == 0 );
2071  }
2072 
2073  rsa_free( &ctx );
2074  }
2075  FCT_TEST_END();
2076 
2077 
2078  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_3)
2079  {
2080  unsigned char message_str[1000];
2081  unsigned char output[1000];
2082  unsigned char output_str[1000];
2083  unsigned char rnd_buf[1000];
2084  rsa_context ctx;
2085  size_t msg_len;
2086  rnd_buf_info info;
2087 
2088  info.length = unhexify( rnd_buf, "ee06209073cca026bb264e5185bf8c68b7739f86" );
2089  info.buf = rnd_buf;
2090 
2092  memset( message_str, 0x00, 1000 );
2093  memset( output, 0x00, 1000 );
2094  memset( output_str, 0x00, 1000 );
2095 
2096  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2097  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2098  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2099 
2100  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2101 
2102  msg_len = unhexify( message_str, "8604ac56328c1ab5ad917861" );
2103 
2104  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2105  if( 0 == 0 )
2106  {
2107  hexify( output_str, output, ctx.len );
2108 
2109  fct_chk( strcasecmp( (char *) output_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" ) == 0 );
2110  }
2111 
2112  rsa_free( &ctx );
2113  }
2114  FCT_TEST_END();
2115 
2116 
2117  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_4)
2118  {
2119  unsigned char message_str[1000];
2120  unsigned char output[1000];
2121  unsigned char output_str[1000];
2122  unsigned char rnd_buf[1000];
2123  rsa_context ctx;
2124  size_t msg_len;
2125  rnd_buf_info info;
2126 
2127  info.length = unhexify( rnd_buf, "990ad573dc48a973235b6d82543618f2e955105d" );
2128  info.buf = rnd_buf;
2129 
2131  memset( message_str, 0x00, 1000 );
2132  memset( output, 0x00, 1000 );
2133  memset( output_str, 0x00, 1000 );
2134 
2135  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2136  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2137  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2138 
2139  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2140 
2141  msg_len = unhexify( message_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" );
2142 
2143  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2144  if( 0 == 0 )
2145  {
2146  hexify( output_str, output, ctx.len );
2147 
2148  fct_chk( strcasecmp( (char *) output_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" ) == 0 );
2149  }
2150 
2151  rsa_free( &ctx );
2152  }
2153  FCT_TEST_END();
2154 
2155 
2156  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_5)
2157  {
2158  unsigned char message_str[1000];
2159  unsigned char output[1000];
2160  unsigned char output_str[1000];
2161  unsigned char rnd_buf[1000];
2162  rsa_context ctx;
2163  size_t msg_len;
2164  rnd_buf_info info;
2165 
2166  info.length = unhexify( rnd_buf, "ecc63b28f0756f22f52ac8e6ec1251a6ec304718" );
2167  info.buf = rnd_buf;
2168 
2170  memset( message_str, 0x00, 1000 );
2171  memset( output, 0x00, 1000 );
2172  memset( output_str, 0x00, 1000 );
2173 
2174  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2175  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2176  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2177 
2178  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2179 
2180  msg_len = unhexify( message_str, "4a5f4914bee25de3c69341de07" );
2181 
2182  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2183  if( 0 == 0 )
2184  {
2185  hexify( output_str, output, ctx.len );
2186 
2187  fct_chk( strcasecmp( (char *) output_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" ) == 0 );
2188  }
2189 
2190  rsa_free( &ctx );
2191  }
2192  FCT_TEST_END();
2193 
2194 
2195  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_6)
2196  {
2197  unsigned char message_str[1000];
2198  unsigned char output[1000];
2199  unsigned char output_str[1000];
2200  unsigned char rnd_buf[1000];
2201  rsa_context ctx;
2202  size_t msg_len;
2203  rnd_buf_info info;
2204 
2205  info.length = unhexify( rnd_buf, "3925c71b362d40a0a6de42145579ba1e7dd459fc" );
2206  info.buf = rnd_buf;
2207 
2209  memset( message_str, 0x00, 1000 );
2210  memset( output, 0x00, 1000 );
2211  memset( output_str, 0x00, 1000 );
2212 
2213  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2214  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2215  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2216 
2217  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2218 
2219  msg_len = unhexify( message_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" );
2220 
2221  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2222  if( 0 == 0 )
2223  {
2224  hexify( output_str, output, ctx.len );
2225 
2226  fct_chk( strcasecmp( (char *) output_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" ) == 0 );
2227  }
2228 
2229  rsa_free( &ctx );
2230  }
2231  FCT_TEST_END();
2232 
2233 
2234  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_1)
2235  {
2236  unsigned char message_str[1000];
2237  unsigned char output[1000];
2238  unsigned char output_str[1000];
2239  unsigned char rnd_buf[1000];
2240  rsa_context ctx;
2241  size_t msg_len;
2242  rnd_buf_info info;
2243 
2244  info.length = unhexify( rnd_buf, "8ec965f134a3ec9931e92a1ca0dc8169d5ea705c" );
2245  info.buf = rnd_buf;
2246 
2248  memset( message_str, 0x00, 1000 );
2249  memset( output, 0x00, 1000 );
2250  memset( output_str, 0x00, 1000 );
2251 
2252  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2253  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2254  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2255 
2256  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2257 
2258  msg_len = unhexify( message_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" );
2259 
2260  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2261  if( 0 == 0 )
2262  {
2263  hexify( output_str, output, ctx.len );
2264 
2265  fct_chk( strcasecmp( (char *) output_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" ) == 0 );
2266  }
2267 
2268  rsa_free( &ctx );
2269  }
2270  FCT_TEST_END();
2271 
2272 
2273  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_2)
2274  {
2275  unsigned char message_str[1000];
2276  unsigned char output[1000];
2277  unsigned char output_str[1000];
2278  unsigned char rnd_buf[1000];
2279  rsa_context ctx;
2280  size_t msg_len;
2281  rnd_buf_info info;
2282 
2283  info.length = unhexify( rnd_buf, "ecb1b8b25fa50cdab08e56042867f4af5826d16c" );
2284  info.buf = rnd_buf;
2285 
2287  memset( message_str, 0x00, 1000 );
2288  memset( output, 0x00, 1000 );
2289  memset( output_str, 0x00, 1000 );
2290 
2291  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2292  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2293  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2294 
2295  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2296 
2297  msg_len = unhexify( message_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" );
2298 
2299  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2300  if( 0 == 0 )
2301  {
2302  hexify( output_str, output, ctx.len );
2303 
2304  fct_chk( strcasecmp( (char *) output_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" ) == 0 );
2305  }
2306 
2307  rsa_free( &ctx );
2308  }
2309  FCT_TEST_END();
2310 
2311 
2312  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_3)
2313  {
2314  unsigned char message_str[1000];
2315  unsigned char output[1000];
2316  unsigned char output_str[1000];
2317  unsigned char rnd_buf[1000];
2318  rsa_context ctx;
2319  size_t msg_len;
2320  rnd_buf_info info;
2321 
2322  info.length = unhexify( rnd_buf, "e89bb032c6ce622cbdb53bc9466014ea77f777c0" );
2323  info.buf = rnd_buf;
2324 
2326  memset( message_str, 0x00, 1000 );
2327  memset( output, 0x00, 1000 );
2328  memset( output_str, 0x00, 1000 );
2329 
2330  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2331  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2332  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2333 
2334  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2335 
2336  msg_len = unhexify( message_str, "fd326429df9b890e09b54b18b8f34f1e24" );
2337 
2338  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2339  if( 0 == 0 )
2340  {
2341  hexify( output_str, output, ctx.len );
2342 
2343  fct_chk( strcasecmp( (char *) output_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" ) == 0 );
2344  }
2345 
2346  rsa_free( &ctx );
2347  }
2348  FCT_TEST_END();
2349 
2350 
2351  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_4)
2352  {
2353  unsigned char message_str[1000];
2354  unsigned char output[1000];
2355  unsigned char output_str[1000];
2356  unsigned char rnd_buf[1000];
2357  rsa_context ctx;
2358  size_t msg_len;
2359  rnd_buf_info info;
2360 
2361  info.length = unhexify( rnd_buf, "606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc" );
2362  info.buf = rnd_buf;
2363 
2365  memset( message_str, 0x00, 1000 );
2366  memset( output, 0x00, 1000 );
2367  memset( output_str, 0x00, 1000 );
2368 
2369  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2370  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2371  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2372 
2373  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2374 
2375  msg_len = unhexify( message_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" );
2376 
2377  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2378  if( 0 == 0 )
2379  {
2380  hexify( output_str, output, ctx.len );
2381 
2382  fct_chk( strcasecmp( (char *) output_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" ) == 0 );
2383  }
2384 
2385  rsa_free( &ctx );
2386  }
2387  FCT_TEST_END();
2388 
2389 
2390  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_5)
2391  {
2392  unsigned char message_str[1000];
2393  unsigned char output[1000];
2394  unsigned char output_str[1000];
2395  unsigned char rnd_buf[1000];
2396  rsa_context ctx;
2397  size_t msg_len;
2398  rnd_buf_info info;
2399 
2400  info.length = unhexify( rnd_buf, "fcbc421402e9ecabc6082afa40ba5f26522c840e" );
2401  info.buf = rnd_buf;
2402 
2404  memset( message_str, 0x00, 1000 );
2405  memset( output, 0x00, 1000 );
2406  memset( output_str, 0x00, 1000 );
2407 
2408  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2409  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2410  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2411 
2412  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2413 
2414  msg_len = unhexify( message_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" );
2415 
2416  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2417  if( 0 == 0 )
2418  {
2419  hexify( output_str, output, ctx.len );
2420 
2421  fct_chk( strcasecmp( (char *) output_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" ) == 0 );
2422  }
2423 
2424  rsa_free( &ctx );
2425  }
2426  FCT_TEST_END();
2427 
2428 
2429  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_6)
2430  {
2431  unsigned char message_str[1000];
2432  unsigned char output[1000];
2433  unsigned char output_str[1000];
2434  unsigned char rnd_buf[1000];
2435  rsa_context ctx;
2436  size_t msg_len;
2437  rnd_buf_info info;
2438 
2439  info.length = unhexify( rnd_buf, "23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2" );
2440  info.buf = rnd_buf;
2441 
2443  memset( message_str, 0x00, 1000 );
2444  memset( output, 0x00, 1000 );
2445  memset( output_str, 0x00, 1000 );
2446 
2447  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2448  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2449  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2450 
2451  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2452 
2453  msg_len = unhexify( message_str, "b6b28ea2198d0c1008bc64" );
2454 
2455  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2456  if( 0 == 0 )
2457  {
2458  hexify( output_str, output, ctx.len );
2459 
2460  fct_chk( strcasecmp( (char *) output_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" ) == 0 );
2461  }
2462 
2463  rsa_free( &ctx );
2464  }
2465  FCT_TEST_END();
2466 
2467 
2468  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_1)
2469  {
2470  unsigned char message_str[1000];
2471  unsigned char output[1000];
2472  unsigned char output_str[1000];
2473  unsigned char rnd_buf[1000];
2474  rsa_context ctx;
2475  size_t msg_len;
2476  rnd_buf_info info;
2477 
2478  info.length = unhexify( rnd_buf, "47e1ab7119fee56c95ee5eaad86f40d0aa63bd33" );
2479  info.buf = rnd_buf;
2480 
2482  memset( message_str, 0x00, 1000 );
2483  memset( output, 0x00, 1000 );
2484  memset( output_str, 0x00, 1000 );
2485 
2486  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2487  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2488  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2489 
2490  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2491 
2492  msg_len = unhexify( message_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" );
2493 
2494  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2495  if( 0 == 0 )
2496  {
2497  hexify( output_str, output, ctx.len );
2498 
2499  fct_chk( strcasecmp( (char *) output_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" ) == 0 );
2500  }
2501 
2502  rsa_free( &ctx );
2503  }
2504  FCT_TEST_END();
2505 
2506 
2507  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_2)
2508  {
2509  unsigned char message_str[1000];
2510  unsigned char output[1000];
2511  unsigned char output_str[1000];
2512  unsigned char rnd_buf[1000];
2513  rsa_context ctx;
2514  size_t msg_len;
2515  rnd_buf_info info;
2516 
2517  info.length = unhexify( rnd_buf, "6d17f5b4c1ffac351d195bf7b09d09f09a4079cf" );
2518  info.buf = rnd_buf;
2519 
2521  memset( message_str, 0x00, 1000 );
2522  memset( output, 0x00, 1000 );
2523  memset( output_str, 0x00, 1000 );
2524 
2525  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2526  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2527  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2528 
2529  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2530 
2531  msg_len = unhexify( message_str, "e6ad181f053b58a904f2457510373e57" );
2532 
2533  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2534  if( 0 == 0 )
2535  {
2536  hexify( output_str, output, ctx.len );
2537 
2538  fct_chk( strcasecmp( (char *) output_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" ) == 0 );
2539  }
2540 
2541  rsa_free( &ctx );
2542  }
2543  FCT_TEST_END();
2544 
2545 
2546  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_3)
2547  {
2548  unsigned char message_str[1000];
2549  unsigned char output[1000];
2550  unsigned char output_str[1000];
2551  unsigned char rnd_buf[1000];
2552  rsa_context ctx;
2553  size_t msg_len;
2554  rnd_buf_info info;
2555 
2556  info.length = unhexify( rnd_buf, "385387514deccc7c740dd8cdf9daee49a1cbfd54" );
2557  info.buf = rnd_buf;
2558 
2560  memset( message_str, 0x00, 1000 );
2561  memset( output, 0x00, 1000 );
2562  memset( output_str, 0x00, 1000 );
2563 
2564  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2565  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2566  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2567 
2568  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2569 
2570  msg_len = unhexify( message_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" );
2571 
2572  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2573  if( 0 == 0 )
2574  {
2575  hexify( output_str, output, ctx.len );
2576 
2577  fct_chk( strcasecmp( (char *) output_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" ) == 0 );
2578  }
2579 
2580  rsa_free( &ctx );
2581  }
2582  FCT_TEST_END();
2583 
2584 
2585  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_4)
2586  {
2587  unsigned char message_str[1000];
2588  unsigned char output[1000];
2589  unsigned char output_str[1000];
2590  unsigned char rnd_buf[1000];
2591  rsa_context ctx;
2592  size_t msg_len;
2593  rnd_buf_info info;
2594 
2595  info.length = unhexify( rnd_buf, "5caca6a0f764161a9684f85d92b6e0ef37ca8b65" );
2596  info.buf = rnd_buf;
2597 
2599  memset( message_str, 0x00, 1000 );
2600  memset( output, 0x00, 1000 );
2601  memset( output_str, 0x00, 1000 );
2602 
2603  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2604  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2605  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2606 
2607  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2608 
2609  msg_len = unhexify( message_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" );
2610 
2611  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2612  if( 0 == 0 )
2613  {
2614  hexify( output_str, output, ctx.len );
2615 
2616  fct_chk( strcasecmp( (char *) output_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" ) == 0 );
2617  }
2618 
2619  rsa_free( &ctx );
2620  }
2621  FCT_TEST_END();
2622 
2623 
2624  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_5)
2625  {
2626  unsigned char message_str[1000];
2627  unsigned char output[1000];
2628  unsigned char output_str[1000];
2629  unsigned char rnd_buf[1000];
2630  rsa_context ctx;
2631  size_t msg_len;
2632  rnd_buf_info info;
2633 
2634  info.length = unhexify( rnd_buf, "95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4" );
2635  info.buf = rnd_buf;
2636 
2638  memset( message_str, 0x00, 1000 );
2639  memset( output, 0x00, 1000 );
2640  memset( output_str, 0x00, 1000 );
2641 
2642  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2643  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2644  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2645 
2646  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2647 
2648  msg_len = unhexify( message_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" );
2649 
2650  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2651  if( 0 == 0 )
2652  {
2653  hexify( output_str, output, ctx.len );
2654 
2655  fct_chk( strcasecmp( (char *) output_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" ) == 0 );
2656  }
2657 
2658  rsa_free( &ctx );
2659  }
2660  FCT_TEST_END();
2661 
2662 
2663  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_6)
2664  {
2665  unsigned char message_str[1000];
2666  unsigned char output[1000];
2667  unsigned char output_str[1000];
2668  unsigned char rnd_buf[1000];
2669  rsa_context ctx;
2670  size_t msg_len;
2671  rnd_buf_info info;
2672 
2673  info.length = unhexify( rnd_buf, "9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32" );
2674  info.buf = rnd_buf;
2675 
2677  memset( message_str, 0x00, 1000 );
2678  memset( output, 0x00, 1000 );
2679  memset( output_str, 0x00, 1000 );
2680 
2681  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2682  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2683  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2684 
2685  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2686 
2687  msg_len = unhexify( message_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" );
2688 
2689  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2690  if( 0 == 0 )
2691  {
2692  hexify( output_str, output, ctx.len );
2693 
2694  fct_chk( strcasecmp( (char *) output_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" ) == 0 );
2695  }
2696 
2697  rsa_free( &ctx );
2698  }
2699  FCT_TEST_END();
2700 
2701 
2702  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_int)
2703  {
2704  unsigned char message_str[1000];
2705  unsigned char output[1000];
2706  unsigned char output_str[1000];
2707  rsa_context ctx;
2708  mpi P1, Q1, H, G;
2709  size_t output_len;
2710 
2711  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2713 
2714  memset( message_str, 0x00, 1000 );
2715  memset( output, 0x00, 1000 );
2716  memset( output_str, 0x00, 1000 );
2717 
2718  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2719  fct_chk( mpi_read_string( &ctx.P, 16, "eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599" ) == 0 );
2720  fct_chk( mpi_read_string( &ctx.Q, 16, "c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503" ) == 0 );
2721  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
2722  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
2723 
2724  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2725  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2726  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2727  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2728  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2729  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2730  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2731  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2732 
2733  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2734 
2735  unhexify( message_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" );
2736 
2737  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2738  if( 0 == 0 )
2739  {
2740  hexify( output_str, output, ctx.len );
2741 
2742  fct_chk( strncasecmp( (char *) output_str, "d436e99569fd32a7c8a05bbc90d32c49", strlen( "d436e99569fd32a7c8a05bbc90d32c49" ) ) == 0 );
2743  }
2744 
2745  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2746  rsa_free( &ctx );
2747  }
2748  FCT_TEST_END();
2749 
2750 
2751  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_1)
2752  {
2753  unsigned char message_str[1000];
2754  unsigned char output[1000];
2755  unsigned char output_str[1000];
2756  rsa_context ctx;
2757  mpi P1, Q1, H, G;
2758  size_t output_len;
2759 
2760  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2762 
2763  memset( message_str, 0x00, 1000 );
2764  memset( output, 0x00, 1000 );
2765  memset( output_str, 0x00, 1000 );
2766 
2767  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2768  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2769  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2770  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2771  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2772 
2773  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2774  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2775  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2776  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2777  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2778  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2779  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2780  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2781 
2782  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2783 
2784  unhexify( message_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" );
2785 
2786  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2787  if( 0 == 0 )
2788  {
2789  hexify( output_str, output, ctx.len );
2790 
2791  fct_chk( strncasecmp( (char *) output_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34", strlen( "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" ) ) == 0 );
2792  }
2793 
2794  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2795  rsa_free( &ctx );
2796  }
2797  FCT_TEST_END();
2798 
2799 
2800  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_2)
2801  {
2802  unsigned char message_str[1000];
2803  unsigned char output[1000];
2804  unsigned char output_str[1000];
2805  rsa_context ctx;
2806  mpi P1, Q1, H, G;
2807  size_t output_len;
2808 
2809  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2811 
2812  memset( message_str, 0x00, 1000 );
2813  memset( output, 0x00, 1000 );
2814  memset( output_str, 0x00, 1000 );
2815 
2816  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2817  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2818  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2819  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2820  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2821 
2822  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2823  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2824  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2825  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2826  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2827  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2828  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2829  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2830 
2831  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2832 
2833  unhexify( message_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" );
2834 
2835  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2836  if( 0 == 0 )
2837  {
2838  hexify( output_str, output, ctx.len );
2839 
2840  fct_chk( strncasecmp( (char *) output_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5", strlen( "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" ) ) == 0 );
2841  }
2842 
2843  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2844  rsa_free( &ctx );
2845  }
2846  FCT_TEST_END();
2847 
2848 
2849  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_3)
2850  {
2851  unsigned char message_str[1000];
2852  unsigned char output[1000];
2853  unsigned char output_str[1000];
2854  rsa_context ctx;
2855  mpi P1, Q1, H, G;
2856  size_t output_len;
2857 
2858  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2860 
2861  memset( message_str, 0x00, 1000 );
2862  memset( output, 0x00, 1000 );
2863  memset( output_str, 0x00, 1000 );
2864 
2865  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2866  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2867  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2868  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2869  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2870 
2871  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2872  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2873  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2874  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2875  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2876  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2877  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2878  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2879 
2880  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2881 
2882  unhexify( message_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" );
2883 
2884  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2885  if( 0 == 0 )
2886  {
2887  hexify( output_str, output, ctx.len );
2888 
2889  fct_chk( strncasecmp( (char *) output_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051", strlen( "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" ) ) == 0 );
2890  }
2891 
2892  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2893  rsa_free( &ctx );
2894  }
2895  FCT_TEST_END();
2896 
2897 
2898  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_4)
2899  {
2900  unsigned char message_str[1000];
2901  unsigned char output[1000];
2902  unsigned char output_str[1000];
2903  rsa_context ctx;
2904  mpi P1, Q1, H, G;
2905  size_t output_len;
2906 
2907  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2909 
2910  memset( message_str, 0x00, 1000 );
2911  memset( output, 0x00, 1000 );
2912  memset( output_str, 0x00, 1000 );
2913 
2914  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2915  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2916  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2917  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2918  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2919 
2920  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2921  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2922  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2923  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2924  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2925  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2926  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2927  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2928 
2929  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2930 
2931  unhexify( message_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" );
2932 
2933  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2934  if( 0 == 0 )
2935  {
2936  hexify( output_str, output, ctx.len );
2937 
2938  fct_chk( strncasecmp( (char *) output_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85", strlen( "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" ) ) == 0 );
2939  }
2940 
2941  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2942  rsa_free( &ctx );
2943  }
2944  FCT_TEST_END();
2945 
2946 
2947  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_5)
2948  {
2949  unsigned char message_str[1000];
2950  unsigned char output[1000];
2951  unsigned char output_str[1000];
2952  rsa_context ctx;
2953  mpi P1, Q1, H, G;
2954  size_t output_len;
2955 
2956  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2958 
2959  memset( message_str, 0x00, 1000 );
2960  memset( output, 0x00, 1000 );
2961  memset( output_str, 0x00, 1000 );
2962 
2963  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2964  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2965  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2966  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2967  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2968 
2969  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2970  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2971  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2972  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2973  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2974  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2975  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2976  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2977 
2978  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2979 
2980  unhexify( message_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" );
2981 
2982  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2983  if( 0 == 0 )
2984  {
2985  hexify( output_str, output, ctx.len );
2986 
2987  fct_chk( strncasecmp( (char *) output_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802", strlen( "8da89fd9e5f974a29feffb462b49180f6cf9e802" ) ) == 0 );
2988  }
2989 
2990  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2991  rsa_free( &ctx );
2992  }
2993  FCT_TEST_END();
2994 
2995 
2996  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_6)
2997  {
2998  unsigned char message_str[1000];
2999  unsigned char output[1000];
3000  unsigned char output_str[1000];
3001  rsa_context ctx;
3002  mpi P1, Q1, H, G;
3003  size_t output_len;
3004 
3005  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3007 
3008  memset( message_str, 0x00, 1000 );
3009  memset( output, 0x00, 1000 );
3010  memset( output_str, 0x00, 1000 );
3011 
3012  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
3013  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
3014  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
3015  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
3016  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3017 
3018  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3019  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3020  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3021  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3022  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3023  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3024  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3025  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3026 
3027  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3028 
3029  unhexify( message_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" );
3030 
3031  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3032  if( 0 == 0 )
3033  {
3034  hexify( output_str, output, ctx.len );
3035 
3036  fct_chk( strncasecmp( (char *) output_str, "26521050844271", strlen( "26521050844271" ) ) == 0 );
3037  }
3038 
3039  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3040  rsa_free( &ctx );
3041  }
3042  FCT_TEST_END();
3043 
3044 
3045  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_1)
3046  {
3047  unsigned char message_str[1000];
3048  unsigned char output[1000];
3049  unsigned char output_str[1000];
3050  rsa_context ctx;
3051  mpi P1, Q1, H, G;
3052  size_t output_len;
3053 
3054  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3056 
3057  memset( message_str, 0x00, 1000 );
3058  memset( output, 0x00, 1000 );
3059  memset( output_str, 0x00, 1000 );
3060 
3061  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3062  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3063  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3064  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3065  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3066 
3067  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3068  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3069  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3070  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3071  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3072  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3073  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3074  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3075 
3076  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3077 
3078  unhexify( message_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" );
3079 
3080  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3081  if( 0 == 0 )
3082  {
3083  hexify( output_str, output, ctx.len );
3084 
3085  fct_chk( strncasecmp( (char *) output_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7", strlen( "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" ) ) == 0 );
3086  }
3087 
3088  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3089  rsa_free( &ctx );
3090  }
3091  FCT_TEST_END();
3092 
3093 
3094  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_2)
3095  {
3096  unsigned char message_str[1000];
3097  unsigned char output[1000];
3098  unsigned char output_str[1000];
3099  rsa_context ctx;
3100  mpi P1, Q1, H, G;
3101  size_t output_len;
3102 
3103  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3105 
3106  memset( message_str, 0x00, 1000 );
3107  memset( output, 0x00, 1000 );
3108  memset( output_str, 0x00, 1000 );
3109 
3110  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3111  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3112  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3113  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3114  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3115 
3116  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3117  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3118  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3119  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3120  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3121  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3122  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3123  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3124 
3125  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3126 
3127  unhexify( message_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" );
3128 
3129  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3130  if( 0 == 0 )
3131  {
3132  hexify( output_str, output, ctx.len );
3133 
3134  fct_chk( strncasecmp( (char *) output_str, "2d", strlen( "2d" ) ) == 0 );
3135  }
3136 
3137  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3138  rsa_free( &ctx );
3139  }
3140  FCT_TEST_END();
3141 
3142 
3143  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_3)
3144  {
3145  unsigned char message_str[1000];
3146  unsigned char output[1000];
3147  unsigned char output_str[1000];
3148  rsa_context ctx;
3149  mpi P1, Q1, H, G;
3150  size_t output_len;
3151 
3152  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3154 
3155  memset( message_str, 0x00, 1000 );
3156  memset( output, 0x00, 1000 );
3157  memset( output_str, 0x00, 1000 );
3158 
3159  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3160  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3161  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3162  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3163  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3164 
3165  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3166  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3167  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3168  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3169  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3170  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3171  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3172  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3173 
3174  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3175 
3176  unhexify( message_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" );
3177 
3178  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3179  if( 0 == 0 )
3180  {
3181  hexify( output_str, output, ctx.len );
3182 
3183  fct_chk( strncasecmp( (char *) output_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e", strlen( "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" ) ) == 0 );
3184  }
3185 
3186  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3187  rsa_free( &ctx );
3188  }
3189  FCT_TEST_END();
3190 
3191 
3192  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_4)
3193  {
3194  unsigned char message_str[1000];
3195  unsigned char output[1000];
3196  unsigned char output_str[1000];
3197  rsa_context ctx;
3198  mpi P1, Q1, H, G;
3199  size_t output_len;
3200 
3201  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3203 
3204  memset( message_str, 0x00, 1000 );
3205  memset( output, 0x00, 1000 );
3206  memset( output_str, 0x00, 1000 );
3207 
3208  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3209  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3210  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3211  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3212  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3213 
3214  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3215  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3216  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3217  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3218  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3219  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3220  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3221  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3222 
3223  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3224 
3225  unhexify( message_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" );
3226 
3227  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3228  if( 0 == 0 )
3229  {
3230  hexify( output_str, output, ctx.len );
3231 
3232  fct_chk( strncasecmp( (char *) output_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a", strlen( "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" ) ) == 0 );
3233  }
3234 
3235  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3236  rsa_free( &ctx );
3237  }
3238  FCT_TEST_END();
3239 
3240 
3241  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_5)
3242  {
3243  unsigned char message_str[1000];
3244  unsigned char output[1000];
3245  unsigned char output_str[1000];
3246  rsa_context ctx;
3247  mpi P1, Q1, H, G;
3248  size_t output_len;
3249 
3250  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3252 
3253  memset( message_str, 0x00, 1000 );
3254  memset( output, 0x00, 1000 );
3255  memset( output_str, 0x00, 1000 );
3256 
3257  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3258  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3259  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3260  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3261  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3262 
3263  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3264  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3265  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3266  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3267  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3268  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3269  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3270  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3271 
3272  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3273 
3274  unhexify( message_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" );
3275 
3276  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3277  if( 0 == 0 )
3278  {
3279  hexify( output_str, output, ctx.len );
3280 
3281  fct_chk( strncasecmp( (char *) output_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c", strlen( "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" ) ) == 0 );
3282  }
3283 
3284  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3285  rsa_free( &ctx );
3286  }
3287  FCT_TEST_END();
3288 
3289 
3290  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_6)
3291  {
3292  unsigned char message_str[1000];
3293  unsigned char output[1000];
3294  unsigned char output_str[1000];
3295  rsa_context ctx;
3296  mpi P1, Q1, H, G;
3297  size_t output_len;
3298 
3299  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3301 
3302  memset( message_str, 0x00, 1000 );
3303  memset( output, 0x00, 1000 );
3304  memset( output_str, 0x00, 1000 );
3305 
3306  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3307  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3308  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3309  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3310  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3311 
3312  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3313  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3314  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3315  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3316  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3317  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3318  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3319  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3320 
3321  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3322 
3323  unhexify( message_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" );
3324 
3325  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3326  if( 0 == 0 )
3327  {
3328  hexify( output_str, output, ctx.len );
3329 
3330  fct_chk( strncasecmp( (char *) output_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0", strlen( "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" ) ) == 0 );
3331  }
3332 
3333  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3334  rsa_free( &ctx );
3335  }
3336  FCT_TEST_END();
3337 
3338 
3339  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_1)
3340  {
3341  unsigned char message_str[1000];
3342  unsigned char output[1000];
3343  unsigned char output_str[1000];
3344  rsa_context ctx;
3345  mpi P1, Q1, H, G;
3346  size_t output_len;
3347 
3348  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3350 
3351  memset( message_str, 0x00, 1000 );
3352  memset( output, 0x00, 1000 );
3353  memset( output_str, 0x00, 1000 );
3354 
3355  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3356  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3357  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3358  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3359  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3360 
3361  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3362  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3363  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3364  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3365  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3366  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3367  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3368  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3369 
3370  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3371 
3372  unhexify( message_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" );
3373 
3374  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3375  if( 0 == 0 )
3376  {
3377  hexify( output_str, output, ctx.len );
3378 
3379  fct_chk( strncasecmp( (char *) output_str, "087820b569e8fa8d", strlen( "087820b569e8fa8d" ) ) == 0 );
3380  }
3381 
3382  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3383  rsa_free( &ctx );
3384  }
3385  FCT_TEST_END();
3386 
3387 
3388  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_2)
3389  {
3390  unsigned char message_str[1000];
3391  unsigned char output[1000];
3392  unsigned char output_str[1000];
3393  rsa_context ctx;
3394  mpi P1, Q1, H, G;
3395  size_t output_len;
3396 
3397  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3399 
3400  memset( message_str, 0x00, 1000 );
3401  memset( output, 0x00, 1000 );
3402  memset( output_str, 0x00, 1000 );
3403 
3404  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3405  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3406  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3407  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3408  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3409 
3410  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3411  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3412  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3413  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3414  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3415  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3416  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3417  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3418 
3419  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3420 
3421  unhexify( message_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" );
3422 
3423  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3424  if( 0 == 0 )
3425  {
3426  hexify( output_str, output, ctx.len );
3427 
3428  fct_chk( strncasecmp( (char *) output_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04", strlen( "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" ) ) == 0 );
3429  }
3430 
3431  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3432  rsa_free( &ctx );
3433  }
3434  FCT_TEST_END();
3435 
3436 
3437  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_3)
3438  {
3439  unsigned char message_str[1000];
3440  unsigned char output[1000];
3441  unsigned char output_str[1000];
3442  rsa_context ctx;
3443  mpi P1, Q1, H, G;
3444  size_t output_len;
3445 
3446  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3448 
3449  memset( message_str, 0x00, 1000 );
3450  memset( output, 0x00, 1000 );
3451  memset( output_str, 0x00, 1000 );
3452 
3453  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3454  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3455  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3456  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3457  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3458 
3459  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3460  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3461  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3462  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3463  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3464  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3465  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3466  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3467 
3468  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3469 
3470  unhexify( message_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" );
3471 
3472  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3473  if( 0 == 0 )
3474  {
3475  hexify( output_str, output, ctx.len );
3476 
3477  fct_chk( strncasecmp( (char *) output_str, "d94cd0e08fa404ed89", strlen( "d94cd0e08fa404ed89" ) ) == 0 );
3478  }
3479 
3480  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3481  rsa_free( &ctx );
3482  }
3483  FCT_TEST_END();
3484 
3485 
3486  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_4)
3487  {
3488  unsigned char message_str[1000];
3489  unsigned char output[1000];
3490  unsigned char output_str[1000];
3491  rsa_context ctx;
3492  mpi P1, Q1, H, G;
3493  size_t output_len;
3494 
3495  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3497 
3498  memset( message_str, 0x00, 1000 );
3499  memset( output, 0x00, 1000 );
3500  memset( output_str, 0x00, 1000 );
3501 
3502  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3503  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3504  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3505  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3506  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3507 
3508  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3509  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3510  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3511  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3512  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3513  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3514  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3515  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3516 
3517  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3518 
3519  unhexify( message_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" );
3520 
3521  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3522  if( 0 == 0 )
3523  {
3524  hexify( output_str, output, ctx.len );
3525 
3526  fct_chk( strncasecmp( (char *) output_str, "6cc641b6b61e6f963974dad23a9013284ef1", strlen( "6cc641b6b61e6f963974dad23a9013284ef1" ) ) == 0 );
3527  }
3528 
3529  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3530  rsa_free( &ctx );
3531  }
3532  FCT_TEST_END();
3533 
3534 
3535  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_5)
3536  {
3537  unsigned char message_str[1000];
3538  unsigned char output[1000];
3539  unsigned char output_str[1000];
3540  rsa_context ctx;
3541  mpi P1, Q1, H, G;
3542  size_t output_len;
3543 
3544  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3546 
3547  memset( message_str, 0x00, 1000 );
3548  memset( output, 0x00, 1000 );
3549  memset( output_str, 0x00, 1000 );
3550 
3551  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3552  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3553  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3554  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3555  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3556 
3557  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3558  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3559  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3560  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3561  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3562  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3563  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3564  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3565 
3566  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3567 
3568  unhexify( message_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" );
3569 
3570  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3571  if( 0 == 0 )
3572  {
3573  hexify( output_str, output, ctx.len );
3574 
3575  fct_chk( strncasecmp( (char *) output_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223", strlen( "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" ) ) == 0 );
3576  }
3577 
3578  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3579  rsa_free( &ctx );
3580  }
3581  FCT_TEST_END();
3582 
3583 
3584  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_6)
3585  {
3586  unsigned char message_str[1000];
3587  unsigned char output[1000];
3588  unsigned char output_str[1000];
3589  rsa_context ctx;
3590  mpi P1, Q1, H, G;
3591  size_t output_len;
3592 
3593  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3595 
3596  memset( message_str, 0x00, 1000 );
3597  memset( output, 0x00, 1000 );
3598  memset( output_str, 0x00, 1000 );
3599 
3600  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3601  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3602  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3603  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3604  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3605 
3606  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3607  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3608  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3609  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3610  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3611  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3612  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3613  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3614 
3615  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3616 
3617  unhexify( message_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" );
3618 
3619  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3620  if( 0 == 0 )
3621  {
3622  hexify( output_str, output, ctx.len );
3623 
3624  fct_chk( strncasecmp( (char *) output_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1", strlen( "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" ) ) == 0 );
3625  }
3626 
3627  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3628  rsa_free( &ctx );
3629  }
3630  FCT_TEST_END();
3631 
3632 
3633  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_1)
3634  {
3635  unsigned char message_str[1000];
3636  unsigned char output[1000];
3637  unsigned char output_str[1000];
3638  rsa_context ctx;
3639  mpi P1, Q1, H, G;
3640  size_t output_len;
3641 
3642  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3644 
3645  memset( message_str, 0x00, 1000 );
3646  memset( output, 0x00, 1000 );
3647  memset( output_str, 0x00, 1000 );
3648 
3649  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3650  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3651  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3652  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3653  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3654 
3655  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3656  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3657  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3658  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3659  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3660  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3661  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3662  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3663 
3664  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3665 
3666  unhexify( message_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" );
3667 
3668  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3669  if( 0 == 0 )
3670  {
3671  hexify( output_str, output, ctx.len );
3672 
3673  fct_chk( strncasecmp( (char *) output_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2", strlen( "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" ) ) == 0 );
3674  }
3675 
3676  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3677  rsa_free( &ctx );
3678  }
3679  FCT_TEST_END();
3680 
3681 
3682  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_2)
3683  {
3684  unsigned char message_str[1000];
3685  unsigned char output[1000];
3686  unsigned char output_str[1000];
3687  rsa_context ctx;
3688  mpi P1, Q1, H, G;
3689  size_t output_len;
3690 
3691  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3693 
3694  memset( message_str, 0x00, 1000 );
3695  memset( output, 0x00, 1000 );
3696  memset( output_str, 0x00, 1000 );
3697 
3698  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3699  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3700  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3701  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3702  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3703 
3704  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3705  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3706  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3707  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3708  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3709  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3710  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3711  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3712 
3713  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3714 
3715  unhexify( message_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" );
3716 
3717  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3718  if( 0 == 0 )
3719  {
3720  hexify( output_str, output, ctx.len );
3721 
3722  fct_chk( strncasecmp( (char *) output_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8", strlen( "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" ) ) == 0 );
3723  }
3724 
3725  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3726  rsa_free( &ctx );
3727  }
3728  FCT_TEST_END();
3729 
3730 
3731  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_3)
3732  {
3733  unsigned char message_str[1000];
3734  unsigned char output[1000];
3735  unsigned char output_str[1000];
3736  rsa_context ctx;
3737  mpi P1, Q1, H, G;
3738  size_t output_len;
3739 
3740  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3742 
3743  memset( message_str, 0x00, 1000 );
3744  memset( output, 0x00, 1000 );
3745  memset( output_str, 0x00, 1000 );
3746 
3747  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3748  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3749  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3750  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3751  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3752 
3753  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3754  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3755  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3756  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3757  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3758  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3759  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3760  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3761 
3762  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3763 
3764  unhexify( message_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" );
3765 
3766  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3767  if( 0 == 0 )
3768  {
3769  hexify( output_str, output, ctx.len );
3770 
3771  fct_chk( strncasecmp( (char *) output_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99", strlen( "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" ) ) == 0 );
3772  }
3773 
3774  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3775  rsa_free( &ctx );
3776  }
3777  FCT_TEST_END();
3778 
3779 
3780  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_4)
3781  {
3782  unsigned char message_str[1000];
3783  unsigned char output[1000];
3784  unsigned char output_str[1000];
3785  rsa_context ctx;
3786  mpi P1, Q1, H, G;
3787  size_t output_len;
3788 
3789  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3791 
3792  memset( message_str, 0x00, 1000 );
3793  memset( output, 0x00, 1000 );
3794  memset( output_str, 0x00, 1000 );
3795 
3796  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3797  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3798  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3799  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3800  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3801 
3802  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3803  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3804  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3805  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3806  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3807  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3808  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3809  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3810 
3811  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3812 
3813  unhexify( message_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" );
3814 
3815  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3816  if( 0 == 0 )
3817  {
3818  hexify( output_str, output, ctx.len );
3819 
3820  fct_chk( strncasecmp( (char *) output_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e", strlen( "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" ) ) == 0 );
3821  }
3822 
3823  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3824  rsa_free( &ctx );
3825  }
3826  FCT_TEST_END();
3827 
3828 
3829  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_5)
3830  {
3831  unsigned char message_str[1000];
3832  unsigned char output[1000];
3833  unsigned char output_str[1000];
3834  rsa_context ctx;
3835  mpi P1, Q1, H, G;
3836  size_t output_len;
3837 
3838  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3840 
3841  memset( message_str, 0x00, 1000 );
3842  memset( output, 0x00, 1000 );
3843  memset( output_str, 0x00, 1000 );
3844 
3845  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3846  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3847  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3848  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3849  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3850 
3851  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3852  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3853  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3854  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3855  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3856  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3857  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3858  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3859 
3860  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3861 
3862  unhexify( message_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" );
3863 
3864  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3865  if( 0 == 0 )
3866  {
3867  hexify( output_str, output, ctx.len );
3868 
3869  fct_chk( strncasecmp( (char *) output_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284", strlen( "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" ) ) == 0 );
3870  }
3871 
3872  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3873  rsa_free( &ctx );
3874  }
3875  FCT_TEST_END();
3876 
3877 
3878  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_6)
3879  {
3880  unsigned char message_str[1000];
3881  unsigned char output[1000];
3882  unsigned char output_str[1000];
3883  rsa_context ctx;
3884  mpi P1, Q1, H, G;
3885  size_t output_len;
3886 
3887  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3889 
3890  memset( message_str, 0x00, 1000 );
3891  memset( output, 0x00, 1000 );
3892  memset( output_str, 0x00, 1000 );
3893 
3894  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3895  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3896  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3897  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3898  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3899 
3900  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3901  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3902  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3903  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3904  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3905  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3906  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3907  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3908 
3909  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3910 
3911  unhexify( message_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" );
3912 
3913  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3914  if( 0 == 0 )
3915  {
3916  hexify( output_str, output, ctx.len );
3917 
3918  fct_chk( strncasecmp( (char *) output_str, "f22242751ec6b1", strlen( "f22242751ec6b1" ) ) == 0 );
3919  }
3920 
3921  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3922  rsa_free( &ctx );
3923  }
3924  FCT_TEST_END();
3925 
3926 
3927  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_1)
3928  {
3929  unsigned char message_str[1000];
3930  unsigned char output[1000];
3931  unsigned char output_str[1000];
3932  rsa_context ctx;
3933  mpi P1, Q1, H, G;
3934  size_t output_len;
3935 
3936  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3938 
3939  memset( message_str, 0x00, 1000 );
3940  memset( output, 0x00, 1000 );
3941  memset( output_str, 0x00, 1000 );
3942 
3943  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3944  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3945  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3946  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3947  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3948 
3949  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3950  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3951  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3952  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3953  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3954  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3955  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3956  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3957 
3958  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3959 
3960  unhexify( message_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" );
3961 
3962  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3963  if( 0 == 0 )
3964  {
3965  hexify( output_str, output, ctx.len );
3966 
3967  fct_chk( strncasecmp( (char *) output_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8", strlen( "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" ) ) == 0 );
3968  }
3969 
3970  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3971  rsa_free( &ctx );
3972  }
3973  FCT_TEST_END();
3974 
3975 
3976  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_2)
3977  {
3978  unsigned char message_str[1000];
3979  unsigned char output[1000];
3980  unsigned char output_str[1000];
3981  rsa_context ctx;
3982  mpi P1, Q1, H, G;
3983  size_t output_len;
3984 
3985  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3987 
3988  memset( message_str, 0x00, 1000 );
3989  memset( output, 0x00, 1000 );
3990  memset( output_str, 0x00, 1000 );
3991 
3992  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3993  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3994  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3995  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3996  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3997 
3998  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3999  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4000  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4001  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4002  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4003  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4004  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4005  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4006 
4007  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4008 
4009  unhexify( message_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" );
4010 
4011  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4012  if( 0 == 0 )
4013  {
4014  hexify( output_str, output, ctx.len );
4015 
4016  fct_chk( strncasecmp( (char *) output_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399", strlen( "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" ) ) == 0 );
4017  }
4018 
4019  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4020  rsa_free( &ctx );
4021  }
4022  FCT_TEST_END();
4023 
4024 
4025  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_3)
4026  {
4027  unsigned char message_str[1000];
4028  unsigned char output[1000];
4029  unsigned char output_str[1000];
4030  rsa_context ctx;
4031  mpi P1, Q1, H, G;
4032  size_t output_len;
4033 
4034  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4036 
4037  memset( message_str, 0x00, 1000 );
4038  memset( output, 0x00, 1000 );
4039  memset( output_str, 0x00, 1000 );
4040 
4041  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4042  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4043  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4044  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4045  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4046 
4047  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4048  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4049  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4050  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4051  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4052  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4053  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4054  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4055 
4056  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4057 
4058  unhexify( message_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" );
4059 
4060  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4061  if( 0 == 0 )
4062  {
4063  hexify( output_str, output, ctx.len );
4064 
4065  fct_chk( strncasecmp( (char *) output_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7", strlen( "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" ) ) == 0 );
4066  }
4067 
4068  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4069  rsa_free( &ctx );
4070  }
4071  FCT_TEST_END();
4072 
4073 
4074  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_4)
4075  {
4076  unsigned char message_str[1000];
4077  unsigned char output[1000];
4078  unsigned char output_str[1000];
4079  rsa_context ctx;
4080  mpi P1, Q1, H, G;
4081  size_t output_len;
4082 
4083  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4085 
4086  memset( message_str, 0x00, 1000 );
4087  memset( output, 0x00, 1000 );
4088  memset( output_str, 0x00, 1000 );
4089 
4090  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4091  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4092  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4093  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4094  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4095 
4096  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4097  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4098  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4099  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4100  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4101  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4102  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4103  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4104 
4105  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4106 
4107  unhexify( message_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" );
4108 
4109  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4110  if( 0 == 0 )
4111  {
4112  hexify( output_str, output, ctx.len );
4113 
4114  fct_chk( strncasecmp( (char *) output_str, "15c5b9ee1185", strlen( "15c5b9ee1185" ) ) == 0 );
4115  }
4116 
4117  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4118  rsa_free( &ctx );
4119  }
4120  FCT_TEST_END();
4121 
4122 
4123  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_5)
4124  {
4125  unsigned char message_str[1000];
4126  unsigned char output[1000];
4127  unsigned char output_str[1000];
4128  rsa_context ctx;
4129  mpi P1, Q1, H, G;
4130  size_t output_len;
4131 
4132  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4134 
4135  memset( message_str, 0x00, 1000 );
4136  memset( output, 0x00, 1000 );
4137  memset( output_str, 0x00, 1000 );
4138 
4139  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4140  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4141  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4142  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4143  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4144 
4145  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4146  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4147  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4148  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4149  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4150  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4151  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4152  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4153 
4154  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4155 
4156  unhexify( message_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" );
4157 
4158  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4159  if( 0 == 0 )
4160  {
4161  hexify( output_str, output, ctx.len );
4162 
4163  fct_chk( strncasecmp( (char *) output_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a", strlen( "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" ) ) == 0 );
4164  }
4165 
4166  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4167  rsa_free( &ctx );
4168  }
4169  FCT_TEST_END();
4170 
4171 
4172  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_6)
4173  {
4174  unsigned char message_str[1000];
4175  unsigned char output[1000];
4176  unsigned char output_str[1000];
4177  rsa_context ctx;
4178  mpi P1, Q1, H, G;
4179  size_t output_len;
4180 
4181  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4183 
4184  memset( message_str, 0x00, 1000 );
4185  memset( output, 0x00, 1000 );
4186  memset( output_str, 0x00, 1000 );
4187 
4188  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
4189  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
4190  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
4191  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
4192  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4193 
4194  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4195  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4196  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4197  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4198  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4199  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4200  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4201  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4202 
4203  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4204 
4205  unhexify( message_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" );
4206 
4207  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4208  if( 0 == 0 )
4209  {
4210  hexify( output_str, output, ctx.len );
4211 
4212  fct_chk( strncasecmp( (char *) output_str, "541e37b68b6c8872b84c02", strlen( "541e37b68b6c8872b84c02" ) ) == 0 );
4213  }
4214 
4215  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4216  rsa_free( &ctx );
4217  }
4218  FCT_TEST_END();
4219 
4220 
4221  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_1)
4222  {
4223  unsigned char message_str[1000];
4224  unsigned char output[1000];
4225  unsigned char output_str[1000];
4226  rsa_context ctx;
4227  mpi P1, Q1, H, G;
4228  size_t output_len;
4229 
4230  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4232 
4233  memset( message_str, 0x00, 1000 );
4234  memset( output, 0x00, 1000 );
4235  memset( output_str, 0x00, 1000 );
4236 
4237  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4238  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4239  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4240  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4241  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4242 
4243  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4244  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4245  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4246  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4247  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4248  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4249  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4250  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4251 
4252  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4253 
4254  unhexify( message_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" );
4255 
4256  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4257  if( 0 == 0 )
4258  {
4259  hexify( output_str, output, ctx.len );
4260 
4261  fct_chk( strncasecmp( (char *) output_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4", strlen( "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" ) ) == 0 );
4262  }
4263 
4264  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4265  rsa_free( &ctx );
4266  }
4267  FCT_TEST_END();
4268 
4269 
4270  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_2)
4271  {
4272  unsigned char message_str[1000];
4273  unsigned char output[1000];
4274  unsigned char output_str[1000];
4275  rsa_context ctx;
4276  mpi P1, Q1, H, G;
4277  size_t output_len;
4278 
4279  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4281 
4282  memset( message_str, 0x00, 1000 );
4283  memset( output, 0x00, 1000 );
4284  memset( output_str, 0x00, 1000 );
4285 
4286  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4287  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4288  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4289  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4290  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4291 
4292  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4293  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4294  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4295  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4296  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4297  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4298  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4299  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4300 
4301  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4302 
4303  unhexify( message_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" );
4304 
4305  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4306  if( 0 == 0 )
4307  {
4308  hexify( output_str, output, ctx.len );
4309 
4310  fct_chk( strncasecmp( (char *) output_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7", strlen( "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" ) ) == 0 );
4311  }
4312 
4313  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4314  rsa_free( &ctx );
4315  }
4316  FCT_TEST_END();
4317 
4318 
4319  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_3)
4320  {
4321  unsigned char message_str[1000];
4322  unsigned char output[1000];
4323  unsigned char output_str[1000];
4324  rsa_context ctx;
4325  mpi P1, Q1, H, G;
4326  size_t output_len;
4327 
4328  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4330 
4331  memset( message_str, 0x00, 1000 );
4332  memset( output, 0x00, 1000 );
4333  memset( output_str, 0x00, 1000 );
4334 
4335  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4336  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4337  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4338  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4339  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4340 
4341  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4342  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4343  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4344  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4345  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4346  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4347  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4348  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4349 
4350  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4351 
4352  unhexify( message_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" );
4353 
4354  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4355  if( 0 == 0 )
4356  {
4357  hexify( output_str, output, ctx.len );
4358 
4359  fct_chk( strncasecmp( (char *) output_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c", strlen( "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" ) ) == 0 );
4360  }
4361 
4362  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4363  rsa_free( &ctx );
4364  }
4365  FCT_TEST_END();
4366 
4367 
4368  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_4)
4369  {
4370  unsigned char message_str[1000];
4371  unsigned char output[1000];
4372  unsigned char output_str[1000];
4373  rsa_context ctx;
4374  mpi P1, Q1, H, G;
4375  size_t output_len;
4376 
4377  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4379 
4380  memset( message_str, 0x00, 1000 );
4381  memset( output, 0x00, 1000 );
4382  memset( output_str, 0x00, 1000 );
4383 
4384  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4385  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4386  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4387  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4388  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4389 
4390  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4391  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4392  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4393  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4394  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4395  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4396  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4397  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4398 
4399  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4400 
4401  unhexify( message_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" );
4402 
4403  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4404  if( 0 == 0 )
4405  {
4406  hexify( output_str, output, ctx.len );
4407 
4408  fct_chk( strncasecmp( (char *) output_str, "684e3038c5c041f7", strlen( "684e3038c5c041f7" ) ) == 0 );
4409  }
4410 
4411  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4412  rsa_free( &ctx );
4413  }
4414  FCT_TEST_END();
4415 
4416 
4417  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_5)
4418  {
4419  unsigned char message_str[1000];
4420  unsigned char output[1000];
4421  unsigned char output_str[1000];
4422  rsa_context ctx;
4423  mpi P1, Q1, H, G;
4424  size_t output_len;
4425 
4426  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4428 
4429  memset( message_str, 0x00, 1000 );
4430  memset( output, 0x00, 1000 );
4431  memset( output_str, 0x00, 1000 );
4432 
4433  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4434  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4435  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4436  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4437  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4438 
4439  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4440  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4441  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4442  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4443  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4444  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4445  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4446  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4447 
4448  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4449 
4450  unhexify( message_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" );
4451 
4452  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4453  if( 0 == 0 )
4454  {
4455  hexify( output_str, output, ctx.len );
4456 
4457  fct_chk( strncasecmp( (char *) output_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693", strlen( "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" ) ) == 0 );
4458  }
4459 
4460  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4461  rsa_free( &ctx );
4462  }
4463  FCT_TEST_END();
4464 
4465 
4466  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_6)
4467  {
4468  unsigned char message_str[1000];
4469  unsigned char output[1000];
4470  unsigned char output_str[1000];
4471  rsa_context ctx;
4472  mpi P1, Q1, H, G;
4473  size_t output_len;
4474 
4475  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4477 
4478  memset( message_str, 0x00, 1000 );
4479  memset( output, 0x00, 1000 );
4480  memset( output_str, 0x00, 1000 );
4481 
4482  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4483  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4484  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4485  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4486  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4487 
4488  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4489  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4490  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4491  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4492  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4493  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4494  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4495  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4496 
4497  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4498 
4499  unhexify( message_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" );
4500 
4501  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4502  if( 0 == 0 )
4503  {
4504  hexify( output_str, output, ctx.len );
4505 
4506  fct_chk( strncasecmp( (char *) output_str, "50ba14be8462720279c306ba", strlen( "50ba14be8462720279c306ba" ) ) == 0 );
4507  }
4508 
4509  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4510  rsa_free( &ctx );
4511  }
4512  FCT_TEST_END();
4513 
4514 
4515  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_1)
4516  {
4517  unsigned char message_str[1000];
4518  unsigned char output[1000];
4519  unsigned char output_str[1000];
4520  rsa_context ctx;
4521  mpi P1, Q1, H, G;
4522  size_t output_len;
4523 
4524  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4526 
4527  memset( message_str, 0x00, 1000 );
4528  memset( output, 0x00, 1000 );
4529  memset( output_str, 0x00, 1000 );
4530 
4531  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4532  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4533  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4534  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4535  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4536 
4537  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4538  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4539  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4540  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4541  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4542  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4543  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4544  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4545 
4546  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4547 
4548  unhexify( message_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" );
4549 
4550  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4551  if( 0 == 0 )
4552  {
4553  hexify( output_str, output, ctx.len );
4554 
4555  fct_chk( strncasecmp( (char *) output_str, "47aae909", strlen( "47aae909" ) ) == 0 );
4556  }
4557 
4558  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4559  rsa_free( &ctx );
4560  }
4561  FCT_TEST_END();
4562 
4563 
4564  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_2)
4565  {
4566  unsigned char message_str[1000];
4567  unsigned char output[1000];
4568  unsigned char output_str[1000];
4569  rsa_context ctx;
4570  mpi P1, Q1, H, G;
4571  size_t output_len;
4572 
4573  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4575 
4576  memset( message_str, 0x00, 1000 );
4577  memset( output, 0x00, 1000 );
4578  memset( output_str, 0x00, 1000 );
4579 
4580  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4581  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4582  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4583  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4584  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4585 
4586  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4587  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4588  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4589  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4590  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4591  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4592  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4593  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4594 
4595  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4596 
4597  unhexify( message_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" );
4598 
4599  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4600  if( 0 == 0 )
4601  {
4602  hexify( output_str, output, ctx.len );
4603 
4604  fct_chk( strncasecmp( (char *) output_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7", strlen( "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" ) ) == 0 );
4605  }
4606 
4607  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4608  rsa_free( &ctx );
4609  }
4610  FCT_TEST_END();
4611 
4612 
4613  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_3)
4614  {
4615  unsigned char message_str[1000];
4616  unsigned char output[1000];
4617  unsigned char output_str[1000];
4618  rsa_context ctx;
4619  mpi P1, Q1, H, G;
4620  size_t output_len;
4621 
4622  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4624 
4625  memset( message_str, 0x00, 1000 );
4626  memset( output, 0x00, 1000 );
4627  memset( output_str, 0x00, 1000 );
4628 
4629  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4630  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4631  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4632  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4633  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4634 
4635  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4636  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4637  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4638  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4639  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4640  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4641  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4642  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4643 
4644  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4645 
4646  unhexify( message_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" );
4647 
4648  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4649  if( 0 == 0 )
4650  {
4651  hexify( output_str, output, ctx.len );
4652 
4653  fct_chk( strncasecmp( (char *) output_str, "d976fc", strlen( "d976fc" ) ) == 0 );
4654  }
4655 
4656  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4657  rsa_free( &ctx );
4658  }
4659  FCT_TEST_END();
4660 
4661 
4662  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_4)
4663  {
4664  unsigned char message_str[1000];
4665  unsigned char output[1000];
4666  unsigned char output_str[1000];
4667  rsa_context ctx;
4668  mpi P1, Q1, H, G;
4669  size_t output_len;
4670 
4671  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4673 
4674  memset( message_str, 0x00, 1000 );
4675  memset( output, 0x00, 1000 );
4676  memset( output_str, 0x00, 1000 );
4677 
4678  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4679  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4680  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4681  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4682  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4683 
4684  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4685  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4686  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4687  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4688  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4689  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4690  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4691  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4692 
4693  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4694 
4695  unhexify( message_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" );
4696 
4697  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4698  if( 0 == 0 )
4699  {
4700  hexify( output_str, output, ctx.len );
4701 
4702  fct_chk( strncasecmp( (char *) output_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb", strlen( "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" ) ) == 0 );
4703  }
4704 
4705  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4706  rsa_free( &ctx );
4707  }
4708  FCT_TEST_END();
4709 
4710 
4711  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_5)
4712  {
4713  unsigned char message_str[1000];
4714  unsigned char output[1000];
4715  unsigned char output_str[1000];
4716  rsa_context ctx;
4717  mpi P1, Q1, H, G;
4718  size_t output_len;
4719 
4720  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4722 
4723  memset( message_str, 0x00, 1000 );
4724  memset( output, 0x00, 1000 );
4725  memset( output_str, 0x00, 1000 );
4726 
4727  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4728  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4729  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4730  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4731  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4732 
4733  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4734  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4735  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4736  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4737  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4738  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4739  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4740  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4741 
4742  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4743 
4744  unhexify( message_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" );
4745 
4746  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4747  if( 0 == 0 )
4748  {
4749  hexify( output_str, output, ctx.len );
4750 
4751  fct_chk( strncasecmp( (char *) output_str, "bb47231ca5ea1d3ad46c99345d9a8a61", strlen( "bb47231ca5ea1d3ad46c99345d9a8a61" ) ) == 0 );
4752  }
4753 
4754  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4755  rsa_free( &ctx );
4756  }
4757  FCT_TEST_END();
4758 
4759 
4760  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_6)
4761  {
4762  unsigned char message_str[1000];
4763  unsigned char output[1000];
4764  unsigned char output_str[1000];
4765  rsa_context ctx;
4766  mpi P1, Q1, H, G;
4767  size_t output_len;
4768 
4769  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4771 
4772  memset( message_str, 0x00, 1000 );
4773  memset( output, 0x00, 1000 );
4774  memset( output_str, 0x00, 1000 );
4775 
4776  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4777  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4778  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4779  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4780  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4781 
4782  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4783  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4784  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4785  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4786  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4787  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4788  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4789  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4790 
4791  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4792 
4793  unhexify( message_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" );
4794 
4795  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4796  if( 0 == 0 )
4797  {
4798  hexify( output_str, output, ctx.len );
4799 
4800  fct_chk( strncasecmp( (char *) output_str, "2184827095d35c3f86f600e8e59754013296", strlen( "2184827095d35c3f86f600e8e59754013296" ) ) == 0 );
4801  }
4802 
4803  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4804  rsa_free( &ctx );
4805  }
4806  FCT_TEST_END();
4807 
4808 
4809  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_1)
4810  {
4811  unsigned char message_str[1000];
4812  unsigned char output[1000];
4813  unsigned char output_str[1000];
4814  rsa_context ctx;
4815  mpi P1, Q1, H, G;
4816  size_t output_len;
4817 
4818  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4820 
4821  memset( message_str, 0x00, 1000 );
4822  memset( output, 0x00, 1000 );
4823  memset( output_str, 0x00, 1000 );
4824 
4825  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4826  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4827  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4828  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4829  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4830 
4831  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4832  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4833  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4834  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4835  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4836  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4837  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4838  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4839 
4840  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4841 
4842  unhexify( message_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" );
4843 
4844  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4845  if( 0 == 0 )
4846  {
4847  hexify( output_str, output, ctx.len );
4848 
4849  fct_chk( strncasecmp( (char *) output_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967", strlen( "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" ) ) == 0 );
4850  }
4851 
4852  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4853  rsa_free( &ctx );
4854  }
4855  FCT_TEST_END();
4856 
4857 
4858  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_2)
4859  {
4860  unsigned char message_str[1000];
4861  unsigned char output[1000];
4862  unsigned char output_str[1000];
4863  rsa_context ctx;
4864  mpi P1, Q1, H, G;
4865  size_t output_len;
4866 
4867  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4869 
4870  memset( message_str, 0x00, 1000 );
4871  memset( output, 0x00, 1000 );
4872  memset( output_str, 0x00, 1000 );
4873 
4874  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4875  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4876  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4877  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4878  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4879 
4880  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4881  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4882  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4883  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4884  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4885  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4886  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4887  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4888 
4889  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4890 
4891  unhexify( message_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" );
4892 
4893  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4894  if( 0 == 0 )
4895  {
4896  hexify( output_str, output, ctx.len );
4897 
4898  fct_chk( strncasecmp( (char *) output_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc", strlen( "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" ) ) == 0 );
4899  }
4900 
4901  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4902  rsa_free( &ctx );
4903  }
4904  FCT_TEST_END();
4905 
4906 
4907  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_3)
4908  {
4909  unsigned char message_str[1000];
4910  unsigned char output[1000];
4911  unsigned char output_str[1000];
4912  rsa_context ctx;
4913  mpi P1, Q1, H, G;
4914  size_t output_len;
4915 
4916  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4918 
4919  memset( message_str, 0x00, 1000 );
4920  memset( output, 0x00, 1000 );
4921  memset( output_str, 0x00, 1000 );
4922 
4923  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4924  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4925  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4926  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4927  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4928 
4929  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4930  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4931  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4932  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4933  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4934  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4935  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4936  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4937 
4938  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4939 
4940  unhexify( message_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" );
4941 
4942  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4943  if( 0 == 0 )
4944  {
4945  hexify( output_str, output, ctx.len );
4946 
4947  fct_chk( strncasecmp( (char *) output_str, "8604ac56328c1ab5ad917861", strlen( "8604ac56328c1ab5ad917861" ) ) == 0 );
4948  }
4949 
4950  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4951  rsa_free( &ctx );
4952  }
4953  FCT_TEST_END();
4954 
4955 
4956  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_4)
4957  {
4958  unsigned char message_str[1000];
4959  unsigned char output[1000];
4960  unsigned char output_str[1000];
4961  rsa_context ctx;
4962  mpi P1, Q1, H, G;
4963  size_t output_len;
4964 
4965  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4967 
4968  memset( message_str, 0x00, 1000 );
4969  memset( output, 0x00, 1000 );
4970  memset( output_str, 0x00, 1000 );
4971 
4972  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4973  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4974  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4975  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4976  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4977 
4978  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4979  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4980  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4981  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4982  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4983  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4984  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4985  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4986 
4987  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4988 
4989  unhexify( message_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" );
4990 
4991  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4992  if( 0 == 0 )
4993  {
4994  hexify( output_str, output, ctx.len );
4995 
4996  fct_chk( strncasecmp( (char *) output_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc", strlen( "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" ) ) == 0 );
4997  }
4998 
4999  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5000  rsa_free( &ctx );
5001  }
5002  FCT_TEST_END();
5003 
5004 
5005  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_5)
5006  {
5007  unsigned char message_str[1000];
5008  unsigned char output[1000];
5009  unsigned char output_str[1000];
5010  rsa_context ctx;
5011  mpi P1, Q1, H, G;
5012  size_t output_len;
5013 
5014  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5016 
5017  memset( message_str, 0x00, 1000 );
5018  memset( output, 0x00, 1000 );
5019  memset( output_str, 0x00, 1000 );
5020 
5021  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
5022  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
5023  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
5024  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
5025  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5026 
5027  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5028  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5029  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5030  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5031  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5032  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5033  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5034  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5035 
5036  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5037 
5038  unhexify( message_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" );
5039 
5040  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5041  if( 0 == 0 )
5042  {
5043  hexify( output_str, output, ctx.len );
5044 
5045  fct_chk( strncasecmp( (char *) output_str, "4a5f4914bee25de3c69341de07", strlen( "4a5f4914bee25de3c69341de07" ) ) == 0 );
5046  }
5047 
5048  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5049  rsa_free( &ctx );
5050  }
5051  FCT_TEST_END();
5052 
5053 
5054  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_6)
5055  {
5056  unsigned char message_str[1000];
5057  unsigned char output[1000];
5058  unsigned char output_str[1000];
5059  rsa_context ctx;
5060  mpi P1, Q1, H, G;
5061  size_t output_len;
5062 
5063  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5065 
5066  memset( message_str, 0x00, 1000 );
5067  memset( output, 0x00, 1000 );
5068  memset( output_str, 0x00, 1000 );
5069 
5070  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
5071  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
5072  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
5073  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
5074  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5075 
5076  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5077  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5078  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5079  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5080  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5081  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5082  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5083  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5084 
5085  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5086 
5087  unhexify( message_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" );
5088 
5089  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5090  if( 0 == 0 )
5091  {
5092  hexify( output_str, output, ctx.len );
5093 
5094  fct_chk( strncasecmp( (char *) output_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be", strlen( "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" ) ) == 0 );
5095  }
5096 
5097  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5098  rsa_free( &ctx );
5099  }
5100  FCT_TEST_END();
5101 
5102 
5103  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_1)
5104  {
5105  unsigned char message_str[1000];
5106  unsigned char output[1000];
5107  unsigned char output_str[1000];
5108  rsa_context ctx;
5109  mpi P1, Q1, H, G;
5110  size_t output_len;
5111 
5112  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5114 
5115  memset( message_str, 0x00, 1000 );
5116  memset( output, 0x00, 1000 );
5117  memset( output_str, 0x00, 1000 );
5118 
5119  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5120  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5121  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5122  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5123  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5124 
5125  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5126  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5127  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5128  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5129  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5130  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5131  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5132  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5133 
5134  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5135 
5136  unhexify( message_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" );
5137 
5138  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5139  if( 0 == 0 )
5140  {
5141  hexify( output_str, output, ctx.len );
5142 
5143  fct_chk( strncasecmp( (char *) output_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6", strlen( "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" ) ) == 0 );
5144  }
5145 
5146  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5147  rsa_free( &ctx );
5148  }
5149  FCT_TEST_END();
5150 
5151 
5152  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_2)
5153  {
5154  unsigned char message_str[1000];
5155  unsigned char output[1000];
5156  unsigned char output_str[1000];
5157  rsa_context ctx;
5158  mpi P1, Q1, H, G;
5159  size_t output_len;
5160 
5161  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5163 
5164  memset( message_str, 0x00, 1000 );
5165  memset( output, 0x00, 1000 );
5166  memset( output_str, 0x00, 1000 );
5167 
5168  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5169  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5170  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5171  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5172  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5173 
5174  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5175  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5176  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5177  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5178  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5179  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5180  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5181  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5182 
5183  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5184 
5185  unhexify( message_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" );
5186 
5187  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5188  if( 0 == 0 )
5189  {
5190  hexify( output_str, output, ctx.len );
5191 
5192  fct_chk( strncasecmp( (char *) output_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659", strlen( "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" ) ) == 0 );
5193  }
5194 
5195  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5196  rsa_free( &ctx );
5197  }
5198  FCT_TEST_END();
5199 
5200 
5201  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_3)
5202  {
5203  unsigned char message_str[1000];
5204  unsigned char output[1000];
5205  unsigned char output_str[1000];
5206  rsa_context ctx;
5207  mpi P1, Q1, H, G;
5208  size_t output_len;
5209 
5210  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5212 
5213  memset( message_str, 0x00, 1000 );
5214  memset( output, 0x00, 1000 );
5215  memset( output_str, 0x00, 1000 );
5216 
5217  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5218  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5219  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5220  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5221  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5222 
5223  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5224  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5225  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5226  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5227  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5228  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5229  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5230  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5231 
5232  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5233 
5234  unhexify( message_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" );
5235 
5236  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5237  if( 0 == 0 )
5238  {
5239  hexify( output_str, output, ctx.len );
5240 
5241  fct_chk( strncasecmp( (char *) output_str, "fd326429df9b890e09b54b18b8f34f1e24", strlen( "fd326429df9b890e09b54b18b8f34f1e24" ) ) == 0 );
5242  }
5243 
5244  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5245  rsa_free( &ctx );
5246  }
5247  FCT_TEST_END();
5248 
5249 
5250  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_4)
5251  {
5252  unsigned char message_str[1000];
5253  unsigned char output[1000];
5254  unsigned char output_str[1000];
5255  rsa_context ctx;
5256  mpi P1, Q1, H, G;
5257  size_t output_len;
5258 
5259  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5261 
5262  memset( message_str, 0x00, 1000 );
5263  memset( output, 0x00, 1000 );
5264  memset( output_str, 0x00, 1000 );
5265 
5266  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5267  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5268  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5269  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5270  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5271 
5272  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5273  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5274  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5275  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5276  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5277  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5278  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5279  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5280 
5281  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5282 
5283  unhexify( message_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" );
5284 
5285  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5286  if( 0 == 0 )
5287  {
5288  hexify( output_str, output, ctx.len );
5289 
5290  fct_chk( strncasecmp( (char *) output_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e", strlen( "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" ) ) == 0 );
5291  }
5292 
5293  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5294  rsa_free( &ctx );
5295  }
5296  FCT_TEST_END();
5297 
5298 
5299  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_5)
5300  {
5301  unsigned char message_str[1000];
5302  unsigned char output[1000];
5303  unsigned char output_str[1000];
5304  rsa_context ctx;
5305  mpi P1, Q1, H, G;
5306  size_t output_len;
5307 
5308  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5310 
5311  memset( message_str, 0x00, 1000 );
5312  memset( output, 0x00, 1000 );
5313  memset( output_str, 0x00, 1000 );
5314 
5315  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5316  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5317  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5318  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5319  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5320 
5321  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5322  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5323  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5324  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5325  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5326  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5327  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5328  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5329 
5330  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5331 
5332  unhexify( message_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" );
5333 
5334  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5335  if( 0 == 0 )
5336  {
5337  hexify( output_str, output, ctx.len );
5338 
5339  fct_chk( strncasecmp( (char *) output_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d", strlen( "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" ) ) == 0 );
5340  }
5341 
5342  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5343  rsa_free( &ctx );
5344  }
5345  FCT_TEST_END();
5346 
5347 
5348  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_6)
5349  {
5350  unsigned char message_str[1000];
5351  unsigned char output[1000];
5352  unsigned char output_str[1000];
5353  rsa_context ctx;
5354  mpi P1, Q1, H, G;
5355  size_t output_len;
5356 
5357  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5359 
5360  memset( message_str, 0x00, 1000 );
5361  memset( output, 0x00, 1000 );
5362  memset( output_str, 0x00, 1000 );
5363 
5364  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5365  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5366  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5367  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5368  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5369 
5370  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5371  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5372  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5373  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5374  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5375  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5376  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5377  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5378 
5379  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5380 
5381  unhexify( message_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" );
5382 
5383  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5384  if( 0 == 0 )
5385  {
5386  hexify( output_str, output, ctx.len );
5387 
5388  fct_chk( strncasecmp( (char *) output_str, "b6b28ea2198d0c1008bc64", strlen( "b6b28ea2198d0c1008bc64" ) ) == 0 );
5389  }
5390 
5391  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5392  rsa_free( &ctx );
5393  }
5394  FCT_TEST_END();
5395 
5396 
5397  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_1)
5398  {
5399  unsigned char message_str[1000];
5400  unsigned char output[1000];
5401  unsigned char output_str[1000];
5402  rsa_context ctx;
5403  mpi P1, Q1, H, G;
5404  size_t output_len;
5405 
5406  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5408 
5409  memset( message_str, 0x00, 1000 );
5410  memset( output, 0x00, 1000 );
5411  memset( output_str, 0x00, 1000 );
5412 
5413  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5414  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5415  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5416  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5417  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5418 
5419  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5420  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5421  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5422  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5423  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5424  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5425  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5426  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5427 
5428  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5429 
5430  unhexify( message_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" );
5431 
5432  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5433  if( 0 == 0 )
5434  {
5435  hexify( output_str, output, ctx.len );
5436 
5437  fct_chk( strncasecmp( (char *) output_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee", strlen( "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" ) ) == 0 );
5438  }
5439 
5440  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5441  rsa_free( &ctx );
5442  }
5443  FCT_TEST_END();
5444 
5445 
5446  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_2)
5447  {
5448  unsigned char message_str[1000];
5449  unsigned char output[1000];
5450  unsigned char output_str[1000];
5451  rsa_context ctx;
5452  mpi P1, Q1, H, G;
5453  size_t output_len;
5454 
5455  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5457 
5458  memset( message_str, 0x00, 1000 );
5459  memset( output, 0x00, 1000 );
5460  memset( output_str, 0x00, 1000 );
5461 
5462  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5463  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5464  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5465  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5466  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5467 
5468  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5469  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5470  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5471  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5472  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5473  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5474  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5475  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5476 
5477  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5478 
5479  unhexify( message_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" );
5480 
5481  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5482  if( 0 == 0 )
5483  {
5484  hexify( output_str, output, ctx.len );
5485 
5486  fct_chk( strncasecmp( (char *) output_str, "e6ad181f053b58a904f2457510373e57", strlen( "e6ad181f053b58a904f2457510373e57" ) ) == 0 );
5487  }
5488 
5489  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5490  rsa_free( &ctx );
5491  }
5492  FCT_TEST_END();
5493 
5494 
5495  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_3)
5496  {
5497  unsigned char message_str[1000];
5498  unsigned char output[1000];
5499  unsigned char output_str[1000];
5500  rsa_context ctx;
5501  mpi P1, Q1, H, G;
5502  size_t output_len;
5503 
5504  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5506 
5507  memset( message_str, 0x00, 1000 );
5508  memset( output, 0x00, 1000 );
5509  memset( output_str, 0x00, 1000 );
5510 
5511  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5512  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5513  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5514  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5515  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5516 
5517  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5518  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5519  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5520  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5521  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5522  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5523  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5524  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5525 
5526  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5527 
5528  unhexify( message_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" );
5529 
5530  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5531  if( 0 == 0 )
5532  {
5533  hexify( output_str, output, ctx.len );
5534 
5535  fct_chk( strncasecmp( (char *) output_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124", strlen( "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" ) ) == 0 );
5536  }
5537 
5538  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5539  rsa_free( &ctx );
5540  }
5541  FCT_TEST_END();
5542 
5543 
5544  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_4)
5545  {
5546  unsigned char message_str[1000];
5547  unsigned char output[1000];
5548  unsigned char output_str[1000];
5549  rsa_context ctx;
5550  mpi P1, Q1, H, G;
5551  size_t output_len;
5552 
5553  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5555 
5556  memset( message_str, 0x00, 1000 );
5557  memset( output, 0x00, 1000 );
5558  memset( output_str, 0x00, 1000 );
5559 
5560  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5561  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5562  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5563  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5564  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5565 
5566  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5567  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5568  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5569  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5570  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5571  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5572  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5573  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5574 
5575  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5576 
5577  unhexify( message_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" );
5578 
5579  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5580  if( 0 == 0 )
5581  {
5582  hexify( output_str, output, ctx.len );
5583 
5584  fct_chk( strncasecmp( (char *) output_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9", strlen( "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" ) ) == 0 );
5585  }
5586 
5587  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5588  rsa_free( &ctx );
5589  }
5590  FCT_TEST_END();
5591 
5592 
5593  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_5)
5594  {
5595  unsigned char message_str[1000];
5596  unsigned char output[1000];
5597  unsigned char output_str[1000];
5598  rsa_context ctx;
5599  mpi P1, Q1, H, G;
5600  size_t output_len;
5601 
5602  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5604 
5605  memset( message_str, 0x00, 1000 );
5606  memset( output, 0x00, 1000 );
5607  memset( output_str, 0x00, 1000 );
5608 
5609  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5610  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5611  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5612  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5613  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5614 
5615  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5616  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5617  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5618  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5619  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5620  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5621  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5622  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5623 
5624  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5625 
5626  unhexify( message_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" );
5627 
5628  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5629  if( 0 == 0 )
5630  {
5631  hexify( output_str, output, ctx.len );
5632 
5633  fct_chk( strncasecmp( (char *) output_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9", strlen( "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" ) ) == 0 );
5634  }
5635 
5636  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5637  rsa_free( &ctx );
5638  }
5639  FCT_TEST_END();
5640 
5641 
5642  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_6)
5643  {
5644  unsigned char message_str[1000];
5645  unsigned char output[1000];
5646  unsigned char output_str[1000];
5647  rsa_context ctx;
5648  mpi P1, Q1, H, G;
5649  size_t output_len;
5650 
5651  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5653 
5654  memset( message_str, 0x00, 1000 );
5655  memset( output, 0x00, 1000 );
5656  memset( output_str, 0x00, 1000 );
5657 
5658  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5659  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5660  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5661  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5662  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5663 
5664  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5665  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5666  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5667  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5668  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5669  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5670  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5671  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5672 
5673  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5674 
5675  unhexify( message_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" );
5676 
5677  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5678  if( 0 == 0 )
5679  {
5680  hexify( output_str, output, ctx.len );
5681 
5682  fct_chk( strncasecmp( (char *) output_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac", strlen( "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" ) ) == 0 );
5683  }
5684 
5685  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5686  rsa_free( &ctx );
5687  }
5688  FCT_TEST_END();
5689 
5690 
5691  FCT_TEST_BGN(rsassa_pss_signing_test_vector_int)
5692  {
5693  unsigned char message_str[1000];
5694  unsigned char hash_result[1000];
5695  unsigned char output[1000];
5696  unsigned char output_str[1000];
5697  unsigned char rnd_buf[1000];
5698  rsa_context ctx;
5699  mpi P1, Q1, H, G;
5700  size_t msg_len;
5701  rnd_buf_info info;
5702 
5703  info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
5704  info.buf = rnd_buf;
5705 
5706  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5708 
5709  memset( message_str, 0x00, 1000 );
5710  memset( hash_result, 0x00, 1000 );
5711  memset( output, 0x00, 1000 );
5712  memset( output_str, 0x00, 1000 );
5713 
5714  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5715  fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
5716  fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
5717  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5718  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5719 
5720  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5721  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5722  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5723  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5724  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5725  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5726  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5727  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5728 
5729  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5730 
5731  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5732 
5733  switch( SIG_RSA_SHA1 )
5734  {
5735  #ifdef POLARSSL_MD2_C
5736  case SIG_RSA_MD2:
5737  md2( message_str, msg_len, hash_result );
5738  break;
5739  #endif
5740  #ifdef POLARSSL_MD4_C
5741  case SIG_RSA_MD4:
5742  md4( message_str, msg_len, hash_result );
5743  break;
5744  #endif
5745  #ifdef POLARSSL_MD5_C
5746  case SIG_RSA_MD5:
5747  md5( message_str, msg_len, hash_result );
5748  break;
5749  #endif
5750  #ifdef POLARSSL_SHA1_C
5751  case SIG_RSA_SHA1:
5752  sha1( message_str, msg_len, hash_result );
5753  break;
5754  #endif
5755  #ifdef POLARSSL_SHA2_C
5756  case SIG_RSA_SHA224:
5757  sha2( message_str, msg_len, hash_result, 1 );
5758  break;
5759  case SIG_RSA_SHA256:
5760  sha2( message_str, msg_len, hash_result, 0 );
5761  break;
5762  #endif
5763  #ifdef POLARSSL_SHA4_C
5764  case SIG_RSA_SHA384:
5765  sha4( message_str, msg_len, hash_result, 1 );
5766  break;
5767  case SIG_RSA_SHA512:
5768  sha4( message_str, msg_len, hash_result, 0 );
5769  break;
5770  #endif
5771  }
5772 
5773  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
5774  if( 0 == 0 )
5775  {
5776  hexify( output_str, output, ctx.len);
5777 
5778  fct_chk( strcasecmp( (char *) output_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" ) == 0 );
5779  }
5780 
5781  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5782  rsa_free( &ctx );
5783  }
5784  FCT_TEST_END();
5785 
5786 
5787  FCT_TEST_BGN(rsassa_pss_verification_test_vector_int)
5788  {
5789  unsigned char message_str[1000];
5790  unsigned char hash_result[1000];
5791  unsigned char result_str[1000];
5792  rsa_context ctx;
5793  size_t msg_len;
5794 
5796  memset( message_str, 0x00, 1000 );
5797  memset( hash_result, 0x00, 1000 );
5798  memset( result_str, 0x00, 1000 );
5799 
5800  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5801  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5802  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5803 
5804  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
5805 
5806  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5807  unhexify( result_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" );
5808 
5809  switch( SIG_RSA_SHA1 )
5810  {
5811  #ifdef POLARSSL_MD2_C
5812  case SIG_RSA_MD2:
5813  md2( message_str, msg_len, hash_result );
5814  break;
5815  #endif
5816  #ifdef POLARSSL_MD4_C
5817  case SIG_RSA_MD4:
5818  md4( message_str, msg_len, hash_result );
5819  break;
5820  #endif
5821  #ifdef POLARSSL_MD5_C
5822  case SIG_RSA_MD5:
5823  md5( message_str, msg_len, hash_result );
5824  break;
5825  #endif
5826  #ifdef POLARSSL_SHA1_C
5827  case SIG_RSA_SHA1:
5828  sha1( message_str, msg_len, hash_result );
5829  break;
5830  #endif
5831  #ifdef POLARSSL_SHA2_C
5832  case SIG_RSA_SHA224:
5833  sha2( message_str, msg_len, hash_result, 1 );
5834  break;
5835  case SIG_RSA_SHA256:
5836  sha2( message_str, msg_len, hash_result, 0 );
5837  break;
5838  #endif
5839  #ifdef POLARSSL_SHA4_C
5840  case SIG_RSA_SHA384:
5841  sha4( message_str, msg_len, hash_result, 1 );
5842  break;
5843  case SIG_RSA_SHA512:
5844  sha4( message_str, msg_len, hash_result, 0 );
5845  break;
5846  #endif
5847  }
5848 
5849  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
5850 
5851  rsa_free( &ctx );
5852  }
5853  FCT_TEST_END();
5854 
5855 
5856  FCT_TEST_BGN(rsassa_pss_signing_test_vector_hash_too_large)
5857  {
5858  unsigned char message_str[1000];
5859  unsigned char hash_result[1000];
5860  unsigned char output[1000];
5861  unsigned char output_str[1000];
5862  unsigned char rnd_buf[1000];
5863  rsa_context ctx;
5864  mpi P1, Q1, H, G;
5865  size_t msg_len;
5866  rnd_buf_info info;
5867 
5868  info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
5869  info.buf = rnd_buf;
5870 
5871  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5873 
5874  memset( message_str, 0x00, 1000 );
5875  memset( hash_result, 0x00, 1000 );
5876  memset( output, 0x00, 1000 );
5877  memset( output_str, 0x00, 1000 );
5878 
5879  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5880  fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
5881  fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
5882  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5883  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5884 
5885  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5886  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5887  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5888  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5889  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5890  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5891  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5892  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5893 
5894  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5895 
5896  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd32a7c8a05bbc90d32c49d436e99569fd00" );
5897 
5898  switch( SIG_RSA_SHA1 )
5899  {
5900  #ifdef POLARSSL_MD2_C
5901  case SIG_RSA_MD2:
5902  md2( message_str, msg_len, hash_result );
5903  break;
5904  #endif
5905  #ifdef POLARSSL_MD4_C
5906  case SIG_RSA_MD4:
5907  md4( message_str, msg_len, hash_result );
5908  break;
5909  #endif
5910  #ifdef POLARSSL_MD5_C
5911  case SIG_RSA_MD5:
5912  md5( message_str, msg_len, hash_result );
5913  break;
5914  #endif
5915  #ifdef POLARSSL_SHA1_C
5916  case SIG_RSA_SHA1:
5917  sha1( message_str, msg_len, hash_result );
5918  break;
5919  #endif
5920  #ifdef POLARSSL_SHA2_C
5921  case SIG_RSA_SHA224:
5922  sha2( message_str, msg_len, hash_result, 1 );
5923  break;
5924  case SIG_RSA_SHA256:
5925  sha2( message_str, msg_len, hash_result, 0 );
5926  break;
5927  #endif
5928  #ifdef POLARSSL_SHA4_C
5929  case SIG_RSA_SHA384:
5930  sha4( message_str, msg_len, hash_result, 1 );
5931  break;
5932  case SIG_RSA_SHA512:
5933  sha4( message_str, msg_len, hash_result, 0 );
5934  break;
5935  #endif
5936  }
5937 
5938  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == POLARSSL_ERR_RSA_BAD_INPUT_DATA );
5940  {
5941  hexify( output_str, output, ctx.len);
5942 
5943  fct_chk( strcasecmp( (char *) output_str, "" ) == 0 );
5944  }
5945 
5946  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5947  rsa_free( &ctx );
5948  }
5949  FCT_TEST_END();
5950 
5951 
5952  FCT_TEST_BGN(rsassa_pss_signature_example_1_1)
5953  {
5954  unsigned char message_str[1000];
5955  unsigned char hash_result[1000];
5956  unsigned char output[1000];
5957  unsigned char output_str[1000];
5958  unsigned char rnd_buf[1000];
5959  rsa_context ctx;
5960  mpi P1, Q1, H, G;
5961  size_t msg_len;
5962  rnd_buf_info info;
5963 
5964  info.length = unhexify( rnd_buf, "dee959c7e06411361420ff80185ed57f3e6776af" );
5965  info.buf = rnd_buf;
5966 
5967  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5969 
5970  memset( message_str, 0x00, 1000 );
5971  memset( hash_result, 0x00, 1000 );
5972  memset( output, 0x00, 1000 );
5973  memset( output_str, 0x00, 1000 );
5974 
5975  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5976  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
5977  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
5978  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5979  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5980 
5981  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5982  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5983  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5984  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5985  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5986  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5987  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5988  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5989 
5990  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5991 
5992  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
5993 
5994  switch( SIG_RSA_SHA1 )
5995  {
5996  #ifdef POLARSSL_MD2_C
5997  case SIG_RSA_MD2:
5998  md2( message_str, msg_len, hash_result );
5999  break;
6000  #endif
6001  #ifdef POLARSSL_MD4_C
6002  case SIG_RSA_MD4:
6003  md4( message_str, msg_len, hash_result );
6004  break;
6005  #endif
6006  #ifdef POLARSSL_MD5_C
6007  case SIG_RSA_MD5:
6008  md5( message_str, msg_len, hash_result );
6009  break;
6010  #endif
6011  #ifdef POLARSSL_SHA1_C
6012  case SIG_RSA_SHA1:
6013  sha1( message_str, msg_len, hash_result );
6014  break;
6015  #endif
6016  #ifdef POLARSSL_SHA2_C
6017  case SIG_RSA_SHA224:
6018  sha2( message_str, msg_len, hash_result, 1 );
6019  break;
6020  case SIG_RSA_SHA256:
6021  sha2( message_str, msg_len, hash_result, 0 );
6022  break;
6023  #endif
6024  #ifdef POLARSSL_SHA4_C
6025  case SIG_RSA_SHA384:
6026  sha4( message_str, msg_len, hash_result, 1 );
6027  break;
6028  case SIG_RSA_SHA512:
6029  sha4( message_str, msg_len, hash_result, 0 );
6030  break;
6031  #endif
6032  }
6033 
6034  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6035  if( 0 == 0 )
6036  {
6037  hexify( output_str, output, ctx.len);
6038 
6039  fct_chk( strcasecmp( (char *) output_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" ) == 0 );
6040  }
6041 
6042  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6043  rsa_free( &ctx );
6044  }
6045  FCT_TEST_END();
6046 
6047 
6048  FCT_TEST_BGN(rsassa_pss_signature_example_1_1_verify)
6049  {
6050  unsigned char message_str[1000];
6051  unsigned char hash_result[1000];
6052  unsigned char result_str[1000];
6053  rsa_context ctx;
6054  size_t msg_len;
6055 
6057  memset( message_str, 0x00, 1000 );
6058  memset( hash_result, 0x00, 1000 );
6059  memset( result_str, 0x00, 1000 );
6060 
6061  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6062  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6063  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6064 
6065  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6066 
6067  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
6068  unhexify( result_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" );
6069 
6070  switch( SIG_RSA_SHA1 )
6071  {
6072  #ifdef POLARSSL_MD2_C
6073  case SIG_RSA_MD2:
6074  md2( message_str, msg_len, hash_result );
6075  break;
6076  #endif
6077  #ifdef POLARSSL_MD4_C
6078  case SIG_RSA_MD4:
6079  md4( message_str, msg_len, hash_result );
6080  break;
6081  #endif
6082  #ifdef POLARSSL_MD5_C
6083  case SIG_RSA_MD5:
6084  md5( message_str, msg_len, hash_result );
6085  break;
6086  #endif
6087  #ifdef POLARSSL_SHA1_C
6088  case SIG_RSA_SHA1:
6089  sha1( message_str, msg_len, hash_result );
6090  break;
6091  #endif
6092  #ifdef POLARSSL_SHA2_C
6093  case SIG_RSA_SHA224:
6094  sha2( message_str, msg_len, hash_result, 1 );
6095  break;
6096  case SIG_RSA_SHA256:
6097  sha2( message_str, msg_len, hash_result, 0 );
6098  break;
6099  #endif
6100  #ifdef POLARSSL_SHA4_C
6101  case SIG_RSA_SHA384:
6102  sha4( message_str, msg_len, hash_result, 1 );
6103  break;
6104  case SIG_RSA_SHA512:
6105  sha4( message_str, msg_len, hash_result, 0 );
6106  break;
6107  #endif
6108  }
6109 
6110  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6111 
6112  rsa_free( &ctx );
6113  }
6114  FCT_TEST_END();
6115 
6116 
6117  FCT_TEST_BGN(rsassa_pss_signature_example_1_2)
6118  {
6119  unsigned char message_str[1000];
6120  unsigned char hash_result[1000];
6121  unsigned char output[1000];
6122  unsigned char output_str[1000];
6123  unsigned char rnd_buf[1000];
6124  rsa_context ctx;
6125  mpi P1, Q1, H, G;
6126  size_t msg_len;
6127  rnd_buf_info info;
6128 
6129  info.length = unhexify( rnd_buf, "ef2869fa40c346cb183dab3d7bffc98fd56df42d" );
6130  info.buf = rnd_buf;
6131 
6132  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6134 
6135  memset( message_str, 0x00, 1000 );
6136  memset( hash_result, 0x00, 1000 );
6137  memset( output, 0x00, 1000 );
6138  memset( output_str, 0x00, 1000 );
6139 
6140  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6141  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6142  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6143  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6144  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6145 
6146  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6147  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6148  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6149  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6150  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6151  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6152  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6153  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6154 
6155  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6156 
6157  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
6158 
6159  switch( SIG_RSA_SHA1 )
6160  {
6161  #ifdef POLARSSL_MD2_C
6162  case SIG_RSA_MD2:
6163  md2( message_str, msg_len, hash_result );
6164  break;
6165  #endif
6166  #ifdef POLARSSL_MD4_C
6167  case SIG_RSA_MD4:
6168  md4( message_str, msg_len, hash_result );
6169  break;
6170  #endif
6171  #ifdef POLARSSL_MD5_C
6172  case SIG_RSA_MD5:
6173  md5( message_str, msg_len, hash_result );
6174  break;
6175  #endif
6176  #ifdef POLARSSL_SHA1_C
6177  case SIG_RSA_SHA1:
6178  sha1( message_str, msg_len, hash_result );
6179  break;
6180  #endif
6181  #ifdef POLARSSL_SHA2_C
6182  case SIG_RSA_SHA224:
6183  sha2( message_str, msg_len, hash_result, 1 );
6184  break;
6185  case SIG_RSA_SHA256:
6186  sha2( message_str, msg_len, hash_result, 0 );
6187  break;
6188  #endif
6189  #ifdef POLARSSL_SHA4_C
6190  case SIG_RSA_SHA384:
6191  sha4( message_str, msg_len, hash_result, 1 );
6192  break;
6193  case SIG_RSA_SHA512:
6194  sha4( message_str, msg_len, hash_result, 0 );
6195  break;
6196  #endif
6197  }
6198 
6199  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6200  if( 0 == 0 )
6201  {
6202  hexify( output_str, output, ctx.len);
6203 
6204  fct_chk( strcasecmp( (char *) output_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" ) == 0 );
6205  }
6206 
6207  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6208  rsa_free( &ctx );
6209  }
6210  FCT_TEST_END();
6211 
6212 
6213  FCT_TEST_BGN(rsassa_pss_signature_example_1_2_verify)
6214  {
6215  unsigned char message_str[1000];
6216  unsigned char hash_result[1000];
6217  unsigned char result_str[1000];
6218  rsa_context ctx;
6219  size_t msg_len;
6220 
6222  memset( message_str, 0x00, 1000 );
6223  memset( hash_result, 0x00, 1000 );
6224  memset( result_str, 0x00, 1000 );
6225 
6226  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6227  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6228  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6229 
6230  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6231 
6232  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
6233  unhexify( result_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" );
6234 
6235  switch( SIG_RSA_SHA1 )
6236  {
6237  #ifdef POLARSSL_MD2_C
6238  case SIG_RSA_MD2:
6239  md2( message_str, msg_len, hash_result );
6240  break;
6241  #endif
6242  #ifdef POLARSSL_MD4_C
6243  case SIG_RSA_MD4:
6244  md4( message_str, msg_len, hash_result );
6245  break;
6246  #endif
6247  #ifdef POLARSSL_MD5_C
6248  case SIG_RSA_MD5:
6249  md5( message_str, msg_len, hash_result );
6250  break;
6251  #endif
6252  #ifdef POLARSSL_SHA1_C
6253  case SIG_RSA_SHA1:
6254  sha1( message_str, msg_len, hash_result );
6255  break;
6256  #endif
6257  #ifdef POLARSSL_SHA2_C
6258  case SIG_RSA_SHA224:
6259  sha2( message_str, msg_len, hash_result, 1 );
6260  break;
6261  case SIG_RSA_SHA256:
6262  sha2( message_str, msg_len, hash_result, 0 );
6263  break;
6264  #endif
6265  #ifdef POLARSSL_SHA4_C
6266  case SIG_RSA_SHA384:
6267  sha4( message_str, msg_len, hash_result, 1 );
6268  break;
6269  case SIG_RSA_SHA512:
6270  sha4( message_str, msg_len, hash_result, 0 );
6271  break;
6272  #endif
6273  }
6274 
6275  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6276 
6277  rsa_free( &ctx );
6278  }
6279  FCT_TEST_END();
6280 
6281 
6282  FCT_TEST_BGN(rsassa_pss_signature_example_1_3)
6283  {
6284  unsigned char message_str[1000];
6285  unsigned char hash_result[1000];
6286  unsigned char output[1000];
6287  unsigned char output_str[1000];
6288  unsigned char rnd_buf[1000];
6289  rsa_context ctx;
6290  mpi P1, Q1, H, G;
6291  size_t msg_len;
6292  rnd_buf_info info;
6293 
6294  info.length = unhexify( rnd_buf, "710b9c4747d800d4de87f12afdce6df18107cc77" );
6295  info.buf = rnd_buf;
6296 
6297  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6299 
6300  memset( message_str, 0x00, 1000 );
6301  memset( hash_result, 0x00, 1000 );
6302  memset( output, 0x00, 1000 );
6303  memset( output_str, 0x00, 1000 );
6304 
6305  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6306  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6307  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6308  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6309  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6310 
6311  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6312  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6313  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6314  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6315  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6316  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6317  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6318  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6319 
6320  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6321 
6322  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
6323 
6324  switch( SIG_RSA_SHA1 )
6325  {
6326  #ifdef POLARSSL_MD2_C
6327  case SIG_RSA_MD2:
6328  md2( message_str, msg_len, hash_result );
6329  break;
6330  #endif
6331  #ifdef POLARSSL_MD4_C
6332  case SIG_RSA_MD4:
6333  md4( message_str, msg_len, hash_result );
6334  break;
6335  #endif
6336  #ifdef POLARSSL_MD5_C
6337  case SIG_RSA_MD5:
6338  md5( message_str, msg_len, hash_result );
6339  break;
6340  #endif
6341  #ifdef POLARSSL_SHA1_C
6342  case SIG_RSA_SHA1:
6343  sha1( message_str, msg_len, hash_result );
6344  break;
6345  #endif
6346  #ifdef POLARSSL_SHA2_C
6347  case SIG_RSA_SHA224:
6348  sha2( message_str, msg_len, hash_result, 1 );
6349  break;
6350  case SIG_RSA_SHA256:
6351  sha2( message_str, msg_len, hash_result, 0 );
6352  break;
6353  #endif
6354  #ifdef POLARSSL_SHA4_C
6355  case SIG_RSA_SHA384:
6356  sha4( message_str, msg_len, hash_result, 1 );
6357  break;
6358  case SIG_RSA_SHA512:
6359  sha4( message_str, msg_len, hash_result, 0 );
6360  break;
6361  #endif
6362  }
6363 
6364  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6365  if( 0 == 0 )
6366  {
6367  hexify( output_str, output, ctx.len);
6368 
6369  fct_chk( strcasecmp( (char *) output_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" ) == 0 );
6370  }
6371 
6372  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6373  rsa_free( &ctx );
6374  }
6375  FCT_TEST_END();
6376 
6377 
6378  FCT_TEST_BGN(rsassa_pss_signature_example_1_3_verify)
6379  {
6380  unsigned char message_str[1000];
6381  unsigned char hash_result[1000];
6382  unsigned char result_str[1000];
6383  rsa_context ctx;
6384  size_t msg_len;
6385 
6387  memset( message_str, 0x00, 1000 );
6388  memset( hash_result, 0x00, 1000 );
6389  memset( result_str, 0x00, 1000 );
6390 
6391  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6392  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6393  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6394 
6395  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6396 
6397  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
6398  unhexify( result_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" );
6399 
6400  switch( SIG_RSA_SHA1 )
6401  {
6402  #ifdef POLARSSL_MD2_C
6403  case SIG_RSA_MD2:
6404  md2( message_str, msg_len, hash_result );
6405  break;
6406  #endif
6407  #ifdef POLARSSL_MD4_C
6408  case SIG_RSA_MD4:
6409  md4( message_str, msg_len, hash_result );
6410  break;
6411  #endif
6412  #ifdef POLARSSL_MD5_C
6413  case SIG_RSA_MD5:
6414  md5( message_str, msg_len, hash_result );
6415  break;
6416  #endif
6417  #ifdef POLARSSL_SHA1_C
6418  case SIG_RSA_SHA1:
6419  sha1( message_str, msg_len, hash_result );
6420  break;
6421  #endif
6422  #ifdef POLARSSL_SHA2_C
6423  case SIG_RSA_SHA224:
6424  sha2( message_str, msg_len, hash_result, 1 );
6425  break;
6426  case SIG_RSA_SHA256:
6427  sha2( message_str, msg_len, hash_result, 0 );
6428  break;
6429  #endif
6430  #ifdef POLARSSL_SHA4_C
6431  case SIG_RSA_SHA384:
6432  sha4( message_str, msg_len, hash_result, 1 );
6433  break;
6434  case SIG_RSA_SHA512:
6435  sha4( message_str, msg_len, hash_result, 0 );
6436  break;
6437  #endif
6438  }
6439 
6440  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6441 
6442  rsa_free( &ctx );
6443  }
6444  FCT_TEST_END();
6445 
6446 
6447  FCT_TEST_BGN(rsassa_pss_signature_example_1_4)
6448  {
6449  unsigned char message_str[1000];
6450  unsigned char hash_result[1000];
6451  unsigned char output[1000];
6452  unsigned char output_str[1000];
6453  unsigned char rnd_buf[1000];
6454  rsa_context ctx;
6455  mpi P1, Q1, H, G;
6456  size_t msg_len;
6457  rnd_buf_info info;
6458 
6459  info.length = unhexify( rnd_buf, "056f00985de14d8ef5cea9e82f8c27bef720335e" );
6460  info.buf = rnd_buf;
6461 
6462  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6464 
6465  memset( message_str, 0x00, 1000 );
6466  memset( hash_result, 0x00, 1000 );
6467  memset( output, 0x00, 1000 );
6468  memset( output_str, 0x00, 1000 );
6469 
6470  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6471  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6472  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6473  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6474  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6475 
6476  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6477  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6478  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6479  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6480  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6481  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6482  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6483  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6484 
6485  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6486 
6487  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6488 
6489  switch( SIG_RSA_SHA1 )
6490  {
6491  #ifdef POLARSSL_MD2_C
6492  case SIG_RSA_MD2:
6493  md2( message_str, msg_len, hash_result );
6494  break;
6495  #endif
6496  #ifdef POLARSSL_MD4_C
6497  case SIG_RSA_MD4:
6498  md4( message_str, msg_len, hash_result );
6499  break;
6500  #endif
6501  #ifdef POLARSSL_MD5_C
6502  case SIG_RSA_MD5:
6503  md5( message_str, msg_len, hash_result );
6504  break;
6505  #endif
6506  #ifdef POLARSSL_SHA1_C
6507  case SIG_RSA_SHA1:
6508  sha1( message_str, msg_len, hash_result );
6509  break;
6510  #endif
6511  #ifdef POLARSSL_SHA2_C
6512  case SIG_RSA_SHA224:
6513  sha2( message_str, msg_len, hash_result, 1 );
6514  break;
6515  case SIG_RSA_SHA256:
6516  sha2( message_str, msg_len, hash_result, 0 );
6517  break;
6518  #endif
6519  #ifdef POLARSSL_SHA4_C
6520  case SIG_RSA_SHA384:
6521  sha4( message_str, msg_len, hash_result, 1 );
6522  break;
6523  case SIG_RSA_SHA512:
6524  sha4( message_str, msg_len, hash_result, 0 );
6525  break;
6526  #endif
6527  }
6528 
6529  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6530  if( 0 == 0 )
6531  {
6532  hexify( output_str, output, ctx.len);
6533 
6534  fct_chk( strcasecmp( (char *) output_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" ) == 0 );
6535  }
6536 
6537  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6538  rsa_free( &ctx );
6539  }
6540  FCT_TEST_END();
6541 
6542 
6543  FCT_TEST_BGN(rsassa_pss_signature_example_1_4_verify)
6544  {
6545  unsigned char message_str[1000];
6546  unsigned char hash_result[1000];
6547  unsigned char result_str[1000];
6548  rsa_context ctx;
6549  size_t msg_len;
6550 
6552  memset( message_str, 0x00, 1000 );
6553  memset( hash_result, 0x00, 1000 );
6554  memset( result_str, 0x00, 1000 );
6555 
6556  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6557  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6558  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6559 
6560  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6561 
6562  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6563  unhexify( result_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" );
6564 
6565  switch( SIG_RSA_SHA1 )
6566  {
6567  #ifdef POLARSSL_MD2_C
6568  case SIG_RSA_MD2:
6569  md2( message_str, msg_len, hash_result );
6570  break;
6571  #endif
6572  #ifdef POLARSSL_MD4_C
6573  case SIG_RSA_MD4:
6574  md4( message_str, msg_len, hash_result );
6575  break;
6576  #endif
6577  #ifdef POLARSSL_MD5_C
6578  case SIG_RSA_MD5:
6579  md5( message_str, msg_len, hash_result );
6580  break;
6581  #endif
6582  #ifdef POLARSSL_SHA1_C
6583  case SIG_RSA_SHA1:
6584  sha1( message_str, msg_len, hash_result );
6585  break;
6586  #endif
6587  #ifdef POLARSSL_SHA2_C
6588  case SIG_RSA_SHA224:
6589  sha2( message_str, msg_len, hash_result, 1 );
6590  break;
6591  case SIG_RSA_SHA256:
6592  sha2( message_str, msg_len, hash_result, 0 );
6593  break;
6594  #endif
6595  #ifdef POLARSSL_SHA4_C
6596  case SIG_RSA_SHA384:
6597  sha4( message_str, msg_len, hash_result, 1 );
6598  break;
6599  case SIG_RSA_SHA512:
6600  sha4( message_str, msg_len, hash_result, 0 );
6601  break;
6602  #endif
6603  }
6604 
6605  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6606 
6607  rsa_free( &ctx );
6608  }
6609  FCT_TEST_END();
6610 
6611 
6612  FCT_TEST_BGN(rsassa_pss_signature_example_1_5)
6613  {
6614  unsigned char message_str[1000];
6615  unsigned char hash_result[1000];
6616  unsigned char output[1000];
6617  unsigned char output_str[1000];
6618  unsigned char rnd_buf[1000];
6619  rsa_context ctx;
6620  mpi P1, Q1, H, G;
6621  size_t msg_len;
6622  rnd_buf_info info;
6623 
6624  info.length = unhexify( rnd_buf, "80e70ff86a08de3ec60972b39b4fbfdcea67ae8e" );
6625  info.buf = rnd_buf;
6626 
6627  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6629 
6630  memset( message_str, 0x00, 1000 );
6631  memset( hash_result, 0x00, 1000 );
6632  memset( output, 0x00, 1000 );
6633  memset( output_str, 0x00, 1000 );
6634 
6635  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6636  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6637  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6638  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6639  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6640 
6641  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6642  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6643  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6644  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6645  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6646  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6647  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6648  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6649 
6650  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6651 
6652  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6653 
6654  switch( SIG_RSA_SHA1 )
6655  {
6656  #ifdef POLARSSL_MD2_C
6657  case SIG_RSA_MD2:
6658  md2( message_str, msg_len, hash_result );
6659  break;
6660  #endif
6661  #ifdef POLARSSL_MD4_C
6662  case SIG_RSA_MD4:
6663  md4( message_str, msg_len, hash_result );
6664  break;
6665  #endif
6666  #ifdef POLARSSL_MD5_C
6667  case SIG_RSA_MD5:
6668  md5( message_str, msg_len, hash_result );
6669  break;
6670  #endif
6671  #ifdef POLARSSL_SHA1_C
6672  case SIG_RSA_SHA1:
6673  sha1( message_str, msg_len, hash_result );
6674  break;
6675  #endif
6676  #ifdef POLARSSL_SHA2_C
6677  case SIG_RSA_SHA224:
6678  sha2( message_str, msg_len, hash_result, 1 );
6679  break;
6680  case SIG_RSA_SHA256:
6681  sha2( message_str, msg_len, hash_result, 0 );
6682  break;
6683  #endif
6684  #ifdef POLARSSL_SHA4_C
6685  case SIG_RSA_SHA384:
6686  sha4( message_str, msg_len, hash_result, 1 );
6687  break;
6688  case SIG_RSA_SHA512:
6689  sha4( message_str, msg_len, hash_result, 0 );
6690  break;
6691  #endif
6692  }
6693 
6694  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6695  if( 0 == 0 )
6696  {
6697  hexify( output_str, output, ctx.len);
6698 
6699  fct_chk( strcasecmp( (char *) output_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" ) == 0 );
6700  }
6701 
6702  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6703  rsa_free( &ctx );
6704  }
6705  FCT_TEST_END();
6706 
6707 
6708  FCT_TEST_BGN(rsassa_pss_signature_example_1_5_verify)
6709  {
6710  unsigned char message_str[1000];
6711  unsigned char hash_result[1000];
6712  unsigned char result_str[1000];
6713  rsa_context ctx;
6714  size_t msg_len;
6715 
6717  memset( message_str, 0x00, 1000 );
6718  memset( hash_result, 0x00, 1000 );
6719  memset( result_str, 0x00, 1000 );
6720 
6721  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6722  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6723  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6724 
6725  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6726 
6727  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6728  unhexify( result_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" );
6729 
6730  switch( SIG_RSA_SHA1 )
6731  {
6732  #ifdef POLARSSL_MD2_C
6733  case SIG_RSA_MD2:
6734  md2( message_str, msg_len, hash_result );
6735  break;
6736  #endif
6737  #ifdef POLARSSL_MD4_C
6738  case SIG_RSA_MD4:
6739  md4( message_str, msg_len, hash_result );
6740  break;
6741  #endif
6742  #ifdef POLARSSL_MD5_C
6743  case SIG_RSA_MD5:
6744  md5( message_str, msg_len, hash_result );
6745  break;
6746  #endif
6747  #ifdef POLARSSL_SHA1_C
6748  case SIG_RSA_SHA1:
6749  sha1( message_str, msg_len, hash_result );
6750  break;
6751  #endif
6752  #ifdef POLARSSL_SHA2_C
6753  case SIG_RSA_SHA224:
6754  sha2( message_str, msg_len, hash_result, 1 );
6755  break;
6756  case SIG_RSA_SHA256:
6757  sha2( message_str, msg_len, hash_result, 0 );
6758  break;
6759  #endif
6760  #ifdef POLARSSL_SHA4_C
6761  case SIG_RSA_SHA384:
6762  sha4( message_str, msg_len, hash_result, 1 );
6763  break;
6764  case SIG_RSA_SHA512:
6765  sha4( message_str, msg_len, hash_result, 0 );
6766  break;
6767  #endif
6768  }
6769 
6770  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6771 
6772  rsa_free( &ctx );
6773  }
6774  FCT_TEST_END();
6775 
6776 
6777  FCT_TEST_BGN(rsassa_pss_signature_example_1_6)
6778  {
6779  unsigned char message_str[1000];
6780  unsigned char hash_result[1000];
6781  unsigned char output[1000];
6782  unsigned char output_str[1000];
6783  unsigned char rnd_buf[1000];
6784  rsa_context ctx;
6785  mpi P1, Q1, H, G;
6786  size_t msg_len;
6787  rnd_buf_info info;
6788 
6789  info.length = unhexify( rnd_buf, "a8ab69dd801f0074c2a1fc60649836c616d99681" );
6790  info.buf = rnd_buf;
6791 
6792  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6794 
6795  memset( message_str, 0x00, 1000 );
6796  memset( hash_result, 0x00, 1000 );
6797  memset( output, 0x00, 1000 );
6798  memset( output_str, 0x00, 1000 );
6799 
6800  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6801  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6802  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6803  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6804  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6805 
6806  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6807  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6808  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6809  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6810  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6811  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6812  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6813  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6814 
6815  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6816 
6817  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6818 
6819  switch( SIG_RSA_SHA1 )
6820  {
6821  #ifdef POLARSSL_MD2_C
6822  case SIG_RSA_MD2:
6823  md2( message_str, msg_len, hash_result );
6824  break;
6825  #endif
6826  #ifdef POLARSSL_MD4_C
6827  case SIG_RSA_MD4:
6828  md4( message_str, msg_len, hash_result );
6829  break;
6830  #endif
6831  #ifdef POLARSSL_MD5_C
6832  case SIG_RSA_MD5:
6833  md5( message_str, msg_len, hash_result );
6834  break;
6835  #endif
6836  #ifdef POLARSSL_SHA1_C
6837  case SIG_RSA_SHA1:
6838  sha1( message_str, msg_len, hash_result );
6839  break;
6840  #endif
6841  #ifdef POLARSSL_SHA2_C
6842  case SIG_RSA_SHA224:
6843  sha2( message_str, msg_len, hash_result, 1 );
6844  break;
6845  case SIG_RSA_SHA256:
6846  sha2( message_str, msg_len, hash_result, 0 );
6847  break;
6848  #endif
6849  #ifdef POLARSSL_SHA4_C
6850  case SIG_RSA_SHA384:
6851  sha4( message_str, msg_len, hash_result, 1 );
6852  break;
6853  case SIG_RSA_SHA512:
6854  sha4( message_str, msg_len, hash_result, 0 );
6855  break;
6856  #endif
6857  }
6858 
6859  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6860  if( 0 == 0 )
6861  {
6862  hexify( output_str, output, ctx.len);
6863 
6864  fct_chk( strcasecmp( (char *) output_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" ) == 0 );
6865  }
6866 
6867  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6868  rsa_free( &ctx );
6869  }
6870  FCT_TEST_END();
6871 
6872 
6873  FCT_TEST_BGN(rsassa_pss_signature_example_1_6_verify)
6874  {
6875  unsigned char message_str[1000];
6876  unsigned char hash_result[1000];
6877  unsigned char result_str[1000];
6878  rsa_context ctx;
6879  size_t msg_len;
6880 
6882  memset( message_str, 0x00, 1000 );
6883  memset( hash_result, 0x00, 1000 );
6884  memset( result_str, 0x00, 1000 );
6885 
6886  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6887  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6888  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6889 
6890  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6891 
6892  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6893  unhexify( result_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" );
6894 
6895  switch( SIG_RSA_SHA1 )
6896  {
6897  #ifdef POLARSSL_MD2_C
6898  case SIG_RSA_MD2:
6899  md2( message_str, msg_len, hash_result );
6900  break;
6901  #endif
6902  #ifdef POLARSSL_MD4_C
6903  case SIG_RSA_MD4:
6904  md4( message_str, msg_len, hash_result );
6905  break;
6906  #endif
6907  #ifdef POLARSSL_MD5_C
6908  case SIG_RSA_MD5:
6909  md5( message_str, msg_len, hash_result );
6910  break;
6911  #endif
6912  #ifdef POLARSSL_SHA1_C
6913  case SIG_RSA_SHA1:
6914  sha1( message_str, msg_len, hash_result );
6915  break;
6916  #endif
6917  #ifdef POLARSSL_SHA2_C
6918  case SIG_RSA_SHA224:
6919  sha2( message_str, msg_len, hash_result, 1 );
6920  break;
6921  case SIG_RSA_SHA256:
6922  sha2( message_str, msg_len, hash_result, 0 );
6923  break;
6924  #endif
6925  #ifdef POLARSSL_SHA4_C
6926  case SIG_RSA_SHA384:
6927  sha4( message_str, msg_len, hash_result, 1 );
6928  break;
6929  case SIG_RSA_SHA512:
6930  sha4( message_str, msg_len, hash_result, 0 );
6931  break;
6932  #endif
6933  }
6934 
6935  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6936 
6937  rsa_free( &ctx );
6938  }
6939  FCT_TEST_END();
6940 
6941 
6942  FCT_TEST_BGN(rsassa_pss_signature_example_2_1)
6943  {
6944  unsigned char message_str[1000];
6945  unsigned char hash_result[1000];
6946  unsigned char output[1000];
6947  unsigned char output_str[1000];
6948  unsigned char rnd_buf[1000];
6949  rsa_context ctx;
6950  mpi P1, Q1, H, G;
6951  size_t msg_len;
6952  rnd_buf_info info;
6953 
6954  info.length = unhexify( rnd_buf, "57bf160bcb02bb1dc7280cf0458530b7d2832ff7" );
6955  info.buf = rnd_buf;
6956 
6957  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6959 
6960  memset( message_str, 0x00, 1000 );
6961  memset( hash_result, 0x00, 1000 );
6962  memset( output, 0x00, 1000 );
6963  memset( output_str, 0x00, 1000 );
6964 
6965  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6966  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
6967  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
6968  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6969  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6970 
6971  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6972  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6973  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6974  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6975  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6976  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6977  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6978  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6979 
6980  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6981 
6982  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
6983 
6984  switch( SIG_RSA_SHA1 )
6985  {
6986  #ifdef POLARSSL_MD2_C
6987  case SIG_RSA_MD2:
6988  md2( message_str, msg_len, hash_result );
6989  break;
6990  #endif
6991  #ifdef POLARSSL_MD4_C
6992  case SIG_RSA_MD4:
6993  md4( message_str, msg_len, hash_result );
6994  break;
6995  #endif
6996  #ifdef POLARSSL_MD5_C
6997  case SIG_RSA_MD5:
6998  md5( message_str, msg_len, hash_result );
6999  break;
7000  #endif
7001  #ifdef POLARSSL_SHA1_C
7002  case SIG_RSA_SHA1:
7003  sha1( message_str, msg_len, hash_result );
7004  break;
7005  #endif
7006  #ifdef POLARSSL_SHA2_C
7007  case SIG_RSA_SHA224:
7008  sha2( message_str, msg_len, hash_result, 1 );
7009  break;
7010  case SIG_RSA_SHA256:
7011  sha2( message_str, msg_len, hash_result, 0 );
7012  break;
7013  #endif
7014  #ifdef POLARSSL_SHA4_C
7015  case SIG_RSA_SHA384:
7016  sha4( message_str, msg_len, hash_result, 1 );
7017  break;
7018  case SIG_RSA_SHA512:
7019  sha4( message_str, msg_len, hash_result, 0 );
7020  break;
7021  #endif
7022  }
7023 
7024  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7025  if( 0 == 0 )
7026  {
7027  hexify( output_str, output, ctx.len);
7028 
7029  fct_chk( strcasecmp( (char *) output_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" ) == 0 );
7030  }
7031 
7032  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7033  rsa_free( &ctx );
7034  }
7035  FCT_TEST_END();
7036 
7037 
7038  FCT_TEST_BGN(rsassa_pss_signature_example_2_1_verify)
7039  {
7040  unsigned char message_str[1000];
7041  unsigned char hash_result[1000];
7042  unsigned char result_str[1000];
7043  rsa_context ctx;
7044  size_t msg_len;
7045 
7047  memset( message_str, 0x00, 1000 );
7048  memset( hash_result, 0x00, 1000 );
7049  memset( result_str, 0x00, 1000 );
7050 
7051  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7052  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7053  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7054 
7055  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7056 
7057  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
7058  unhexify( result_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" );
7059 
7060  switch( SIG_RSA_SHA1 )
7061  {
7062  #ifdef POLARSSL_MD2_C
7063  case SIG_RSA_MD2:
7064  md2( message_str, msg_len, hash_result );
7065  break;
7066  #endif
7067  #ifdef POLARSSL_MD4_C
7068  case SIG_RSA_MD4:
7069  md4( message_str, msg_len, hash_result );
7070  break;
7071  #endif
7072  #ifdef POLARSSL_MD5_C
7073  case SIG_RSA_MD5:
7074  md5( message_str, msg_len, hash_result );
7075  break;
7076  #endif
7077  #ifdef POLARSSL_SHA1_C
7078  case SIG_RSA_SHA1:
7079  sha1( message_str, msg_len, hash_result );
7080  break;
7081  #endif
7082  #ifdef POLARSSL_SHA2_C
7083  case SIG_RSA_SHA224:
7084  sha2( message_str, msg_len, hash_result, 1 );
7085  break;
7086  case SIG_RSA_SHA256:
7087  sha2( message_str, msg_len, hash_result, 0 );
7088  break;
7089  #endif
7090  #ifdef POLARSSL_SHA4_C
7091  case SIG_RSA_SHA384:
7092  sha4( message_str, msg_len, hash_result, 1 );
7093  break;
7094  case SIG_RSA_SHA512:
7095  sha4( message_str, msg_len, hash_result, 0 );
7096  break;
7097  #endif
7098  }
7099 
7100  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7101 
7102  rsa_free( &ctx );
7103  }
7104  FCT_TEST_END();
7105 
7106 
7107  FCT_TEST_BGN(rsassa_pss_signature_example_2_2)
7108  {
7109  unsigned char message_str[1000];
7110  unsigned char hash_result[1000];
7111  unsigned char output[1000];
7112  unsigned char output_str[1000];
7113  unsigned char rnd_buf[1000];
7114  rsa_context ctx;
7115  mpi P1, Q1, H, G;
7116  size_t msg_len;
7117  rnd_buf_info info;
7118 
7119  info.length = unhexify( rnd_buf, "7f6dd359e604e60870e898e47b19bf2e5a7b2a90" );
7120  info.buf = rnd_buf;
7121 
7122  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7124 
7125  memset( message_str, 0x00, 1000 );
7126  memset( hash_result, 0x00, 1000 );
7127  memset( output, 0x00, 1000 );
7128  memset( output_str, 0x00, 1000 );
7129 
7130  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7131  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7132  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7133  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7134  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7135 
7136  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7137  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7138  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7139  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7140  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7141  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7142  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7143  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7144 
7145  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7146 
7147  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
7148 
7149  switch( SIG_RSA_SHA1 )
7150  {
7151  #ifdef POLARSSL_MD2_C
7152  case SIG_RSA_MD2:
7153  md2( message_str, msg_len, hash_result );
7154  break;
7155  #endif
7156  #ifdef POLARSSL_MD4_C
7157  case SIG_RSA_MD4:
7158  md4( message_str, msg_len, hash_result );
7159  break;
7160  #endif
7161  #ifdef POLARSSL_MD5_C
7162  case SIG_RSA_MD5:
7163  md5( message_str, msg_len, hash_result );
7164  break;
7165  #endif
7166  #ifdef POLARSSL_SHA1_C
7167  case SIG_RSA_SHA1:
7168  sha1( message_str, msg_len, hash_result );
7169  break;
7170  #endif
7171  #ifdef POLARSSL_SHA2_C
7172  case SIG_RSA_SHA224:
7173  sha2( message_str, msg_len, hash_result, 1 );
7174  break;
7175  case SIG_RSA_SHA256:
7176  sha2( message_str, msg_len, hash_result, 0 );
7177  break;
7178  #endif
7179  #ifdef POLARSSL_SHA4_C
7180  case SIG_RSA_SHA384:
7181  sha4( message_str, msg_len, hash_result, 1 );
7182  break;
7183  case SIG_RSA_SHA512:
7184  sha4( message_str, msg_len, hash_result, 0 );
7185  break;
7186  #endif
7187  }
7188 
7189  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7190  if( 0 == 0 )
7191  {
7192  hexify( output_str, output, ctx.len);
7193 
7194  fct_chk( strcasecmp( (char *) output_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" ) == 0 );
7195  }
7196 
7197  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7198  rsa_free( &ctx );
7199  }
7200  FCT_TEST_END();
7201 
7202 
7203  FCT_TEST_BGN(rsassa_pss_signature_example_2_2_verify)
7204  {
7205  unsigned char message_str[1000];
7206  unsigned char hash_result[1000];
7207  unsigned char result_str[1000];
7208  rsa_context ctx;
7209  size_t msg_len;
7210 
7212  memset( message_str, 0x00, 1000 );
7213  memset( hash_result, 0x00, 1000 );
7214  memset( result_str, 0x00, 1000 );
7215 
7216  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7217  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7218  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7219 
7220  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7221 
7222  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
7223  unhexify( result_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" );
7224 
7225  switch( SIG_RSA_SHA1 )
7226  {
7227  #ifdef POLARSSL_MD2_C
7228  case SIG_RSA_MD2:
7229  md2( message_str, msg_len, hash_result );
7230  break;
7231  #endif
7232  #ifdef POLARSSL_MD4_C
7233  case SIG_RSA_MD4:
7234  md4( message_str, msg_len, hash_result );
7235  break;
7236  #endif
7237  #ifdef POLARSSL_MD5_C
7238  case SIG_RSA_MD5:
7239  md5( message_str, msg_len, hash_result );
7240  break;
7241  #endif
7242  #ifdef POLARSSL_SHA1_C
7243  case SIG_RSA_SHA1:
7244  sha1( message_str, msg_len, hash_result );
7245  break;
7246  #endif
7247  #ifdef POLARSSL_SHA2_C
7248  case SIG_RSA_SHA224:
7249  sha2( message_str, msg_len, hash_result, 1 );
7250  break;
7251  case SIG_RSA_SHA256:
7252  sha2( message_str, msg_len, hash_result, 0 );
7253  break;
7254  #endif
7255  #ifdef POLARSSL_SHA4_C
7256  case SIG_RSA_SHA384:
7257  sha4( message_str, msg_len, hash_result, 1 );
7258  break;
7259  case SIG_RSA_SHA512:
7260  sha4( message_str, msg_len, hash_result, 0 );
7261  break;
7262  #endif
7263  }
7264 
7265  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7266 
7267  rsa_free( &ctx );
7268  }
7269  FCT_TEST_END();
7270 
7271 
7272  FCT_TEST_BGN(rsassa_pss_signature_example_2_3)
7273  {
7274  unsigned char message_str[1000];
7275  unsigned char hash_result[1000];
7276  unsigned char output[1000];
7277  unsigned char output_str[1000];
7278  unsigned char rnd_buf[1000];
7279  rsa_context ctx;
7280  mpi P1, Q1, H, G;
7281  size_t msg_len;
7282  rnd_buf_info info;
7283 
7284  info.length = unhexify( rnd_buf, "fca862068bce2246724b708a0519da17e648688c" );
7285  info.buf = rnd_buf;
7286 
7287  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7289 
7290  memset( message_str, 0x00, 1000 );
7291  memset( hash_result, 0x00, 1000 );
7292  memset( output, 0x00, 1000 );
7293  memset( output_str, 0x00, 1000 );
7294 
7295  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7296  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7297  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7298  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7299  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7300 
7301  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7302  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7303  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7304  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7305  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7306  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7307  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7308  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7309 
7310  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7311 
7312  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
7313 
7314  switch( SIG_RSA_SHA1 )
7315  {
7316  #ifdef POLARSSL_MD2_C
7317  case SIG_RSA_MD2:
7318  md2( message_str, msg_len, hash_result );
7319  break;
7320  #endif
7321  #ifdef POLARSSL_MD4_C
7322  case SIG_RSA_MD4:
7323  md4( message_str, msg_len, hash_result );
7324  break;
7325  #endif
7326  #ifdef POLARSSL_MD5_C
7327  case SIG_RSA_MD5:
7328  md5( message_str, msg_len, hash_result );
7329  break;
7330  #endif
7331  #ifdef POLARSSL_SHA1_C
7332  case SIG_RSA_SHA1:
7333  sha1( message_str, msg_len, hash_result );
7334  break;
7335  #endif
7336  #ifdef POLARSSL_SHA2_C
7337  case SIG_RSA_SHA224:
7338  sha2( message_str, msg_len, hash_result, 1 );
7339  break;
7340  case SIG_RSA_SHA256:
7341  sha2( message_str, msg_len, hash_result, 0 );
7342  break;
7343  #endif
7344  #ifdef POLARSSL_SHA4_C
7345  case SIG_RSA_SHA384:
7346  sha4( message_str, msg_len, hash_result, 1 );
7347  break;
7348  case SIG_RSA_SHA512:
7349  sha4( message_str, msg_len, hash_result, 0 );
7350  break;
7351  #endif
7352  }
7353 
7354  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7355  if( 0 == 0 )
7356  {
7357  hexify( output_str, output, ctx.len);
7358 
7359  fct_chk( strcasecmp( (char *) output_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" ) == 0 );
7360  }
7361 
7362  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7363  rsa_free( &ctx );
7364  }
7365  FCT_TEST_END();
7366 
7367 
7368  FCT_TEST_BGN(rsassa_pss_signature_example_2_3_verify)
7369  {
7370  unsigned char message_str[1000];
7371  unsigned char hash_result[1000];
7372  unsigned char result_str[1000];
7373  rsa_context ctx;
7374  size_t msg_len;
7375 
7377  memset( message_str, 0x00, 1000 );
7378  memset( hash_result, 0x00, 1000 );
7379  memset( result_str, 0x00, 1000 );
7380 
7381  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7382  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7383  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7384 
7385  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7386 
7387  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
7388  unhexify( result_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" );
7389 
7390  switch( SIG_RSA_SHA1 )
7391  {
7392  #ifdef POLARSSL_MD2_C
7393  case SIG_RSA_MD2:
7394  md2( message_str, msg_len, hash_result );
7395  break;
7396  #endif
7397  #ifdef POLARSSL_MD4_C
7398  case SIG_RSA_MD4:
7399  md4( message_str, msg_len, hash_result );
7400  break;
7401  #endif
7402  #ifdef POLARSSL_MD5_C
7403  case SIG_RSA_MD5:
7404  md5( message_str, msg_len, hash_result );
7405  break;
7406  #endif
7407  #ifdef POLARSSL_SHA1_C
7408  case SIG_RSA_SHA1:
7409  sha1( message_str, msg_len, hash_result );
7410  break;
7411  #endif
7412  #ifdef POLARSSL_SHA2_C
7413  case SIG_RSA_SHA224:
7414  sha2( message_str, msg_len, hash_result, 1 );
7415  break;
7416  case SIG_RSA_SHA256:
7417  sha2( message_str, msg_len, hash_result, 0 );
7418  break;
7419  #endif
7420  #ifdef POLARSSL_SHA4_C
7421  case SIG_RSA_SHA384:
7422  sha4( message_str, msg_len, hash_result, 1 );
7423  break;
7424  case SIG_RSA_SHA512:
7425  sha4( message_str, msg_len, hash_result, 0 );
7426  break;
7427  #endif
7428  }
7429 
7430  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7431 
7432  rsa_free( &ctx );
7433  }
7434  FCT_TEST_END();
7435 
7436 
7437  FCT_TEST_BGN(rsassa_pss_signature_example_2_4)
7438  {
7439  unsigned char message_str[1000];
7440  unsigned char hash_result[1000];
7441  unsigned char output[1000];
7442  unsigned char output_str[1000];
7443  unsigned char rnd_buf[1000];
7444  rsa_context ctx;
7445  mpi P1, Q1, H, G;
7446  size_t msg_len;
7447  rnd_buf_info info;
7448 
7449  info.length = unhexify( rnd_buf, "8070ef2de945c02387684ba0d33096732235d440" );
7450  info.buf = rnd_buf;
7451 
7452  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7454 
7455  memset( message_str, 0x00, 1000 );
7456  memset( hash_result, 0x00, 1000 );
7457  memset( output, 0x00, 1000 );
7458  memset( output_str, 0x00, 1000 );
7459 
7460  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7461  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7462  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7463  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7464  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7465 
7466  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7467  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7468  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7469  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7470  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7471  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7472  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7473  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7474 
7475  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7476 
7477  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7478 
7479  switch( SIG_RSA_SHA1 )
7480  {
7481  #ifdef POLARSSL_MD2_C
7482  case SIG_RSA_MD2:
7483  md2( message_str, msg_len, hash_result );
7484  break;
7485  #endif
7486  #ifdef POLARSSL_MD4_C
7487  case SIG_RSA_MD4:
7488  md4( message_str, msg_len, hash_result );
7489  break;
7490  #endif
7491  #ifdef POLARSSL_MD5_C
7492  case SIG_RSA_MD5:
7493  md5( message_str, msg_len, hash_result );
7494  break;
7495  #endif
7496  #ifdef POLARSSL_SHA1_C
7497  case SIG_RSA_SHA1:
7498  sha1( message_str, msg_len, hash_result );
7499  break;
7500  #endif
7501  #ifdef POLARSSL_SHA2_C
7502  case SIG_RSA_SHA224:
7503  sha2( message_str, msg_len, hash_result, 1 );
7504  break;
7505  case SIG_RSA_SHA256:
7506  sha2( message_str, msg_len, hash_result, 0 );
7507  break;
7508  #endif
7509  #ifdef POLARSSL_SHA4_C
7510  case SIG_RSA_SHA384:
7511  sha4( message_str, msg_len, hash_result, 1 );
7512  break;
7513  case SIG_RSA_SHA512:
7514  sha4( message_str, msg_len, hash_result, 0 );
7515  break;
7516  #endif
7517  }
7518 
7519  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7520  if( 0 == 0 )
7521  {
7522  hexify( output_str, output, ctx.len);
7523 
7524  fct_chk( strcasecmp( (char *) output_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" ) == 0 );
7525  }
7526 
7527  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7528  rsa_free( &ctx );
7529  }
7530  FCT_TEST_END();
7531 
7532 
7533  FCT_TEST_BGN(rsassa_pss_signature_example_2_4_verify)
7534  {
7535  unsigned char message_str[1000];
7536  unsigned char hash_result[1000];
7537  unsigned char result_str[1000];
7538  rsa_context ctx;
7539  size_t msg_len;
7540 
7542  memset( message_str, 0x00, 1000 );
7543  memset( hash_result, 0x00, 1000 );
7544  memset( result_str, 0x00, 1000 );
7545 
7546  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7547  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7548  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7549 
7550  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7551 
7552  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7553  unhexify( result_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" );
7554 
7555  switch( SIG_RSA_SHA1 )
7556  {
7557  #ifdef POLARSSL_MD2_C
7558  case SIG_RSA_MD2:
7559  md2( message_str, msg_len, hash_result );
7560  break;
7561  #endif
7562  #ifdef POLARSSL_MD4_C
7563  case SIG_RSA_MD4:
7564  md4( message_str, msg_len, hash_result );
7565  break;
7566  #endif
7567  #ifdef POLARSSL_MD5_C
7568  case SIG_RSA_MD5:
7569  md5( message_str, msg_len, hash_result );
7570  break;
7571  #endif
7572  #ifdef POLARSSL_SHA1_C
7573  case SIG_RSA_SHA1:
7574  sha1( message_str, msg_len, hash_result );
7575  break;
7576  #endif
7577  #ifdef POLARSSL_SHA2_C
7578  case SIG_RSA_SHA224:
7579  sha2( message_str, msg_len, hash_result, 1 );
7580  break;
7581  case SIG_RSA_SHA256:
7582  sha2( message_str, msg_len, hash_result, 0 );
7583  break;
7584  #endif
7585  #ifdef POLARSSL_SHA4_C
7586  case SIG_RSA_SHA384:
7587  sha4( message_str, msg_len, hash_result, 1 );
7588  break;
7589  case SIG_RSA_SHA512:
7590  sha4( message_str, msg_len, hash_result, 0 );
7591  break;
7592  #endif
7593  }
7594 
7595  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7596 
7597  rsa_free( &ctx );
7598  }
7599  FCT_TEST_END();
7600 
7601 
7602  FCT_TEST_BGN(rsassa_pss_signature_example_2_5)
7603  {
7604  unsigned char message_str[1000];
7605  unsigned char hash_result[1000];
7606  unsigned char output[1000];
7607  unsigned char output_str[1000];
7608  unsigned char rnd_buf[1000];
7609  rsa_context ctx;
7610  mpi P1, Q1, H, G;
7611  size_t msg_len;
7612  rnd_buf_info info;
7613 
7614  info.length = unhexify( rnd_buf, "17639a4e88d722c4fca24d079a8b29c32433b0c9" );
7615  info.buf = rnd_buf;
7616 
7617  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7619 
7620  memset( message_str, 0x00, 1000 );
7621  memset( hash_result, 0x00, 1000 );
7622  memset( output, 0x00, 1000 );
7623  memset( output_str, 0x00, 1000 );
7624 
7625  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7626  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7627  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7628  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7629  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7630 
7631  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7632  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7633  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7634  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7635  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7636  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7637  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7638  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7639 
7640  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7641 
7642  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7643 
7644  switch( SIG_RSA_SHA1 )
7645  {
7646  #ifdef POLARSSL_MD2_C
7647  case SIG_RSA_MD2:
7648  md2( message_str, msg_len, hash_result );
7649  break;
7650  #endif
7651  #ifdef POLARSSL_MD4_C
7652  case SIG_RSA_MD4:
7653  md4( message_str, msg_len, hash_result );
7654  break;
7655  #endif
7656  #ifdef POLARSSL_MD5_C
7657  case SIG_RSA_MD5:
7658  md5( message_str, msg_len, hash_result );
7659  break;
7660  #endif
7661  #ifdef POLARSSL_SHA1_C
7662  case SIG_RSA_SHA1:
7663  sha1( message_str, msg_len, hash_result );
7664  break;
7665  #endif
7666  #ifdef POLARSSL_SHA2_C
7667  case SIG_RSA_SHA224:
7668  sha2( message_str, msg_len, hash_result, 1 );
7669  break;
7670  case SIG_RSA_SHA256:
7671  sha2( message_str, msg_len, hash_result, 0 );
7672  break;
7673  #endif
7674  #ifdef POLARSSL_SHA4_C
7675  case SIG_RSA_SHA384:
7676  sha4( message_str, msg_len, hash_result, 1 );
7677  break;
7678  case SIG_RSA_SHA512:
7679  sha4( message_str, msg_len, hash_result, 0 );
7680  break;
7681  #endif
7682  }
7683 
7684  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7685  if( 0 == 0 )
7686  {
7687  hexify( output_str, output, ctx.len);
7688 
7689  fct_chk( strcasecmp( (char *) output_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" ) == 0 );
7690  }
7691 
7692  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7693  rsa_free( &ctx );
7694  }
7695  FCT_TEST_END();
7696 
7697 
7698  FCT_TEST_BGN(rsassa_pss_signature_example_2_5_verify)
7699  {
7700  unsigned char message_str[1000];
7701  unsigned char hash_result[1000];
7702  unsigned char result_str[1000];
7703  rsa_context ctx;
7704  size_t msg_len;
7705 
7707  memset( message_str, 0x00, 1000 );
7708  memset( hash_result, 0x00, 1000 );
7709  memset( result_str, 0x00, 1000 );
7710 
7711  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7712  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7713  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7714 
7715  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7716 
7717  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7718  unhexify( result_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" );
7719 
7720  switch( SIG_RSA_SHA1 )
7721  {
7722  #ifdef POLARSSL_MD2_C
7723  case SIG_RSA_MD2:
7724  md2( message_str, msg_len, hash_result );
7725  break;
7726  #endif
7727  #ifdef POLARSSL_MD4_C
7728  case SIG_RSA_MD4:
7729  md4( message_str, msg_len, hash_result );
7730  break;
7731  #endif
7732  #ifdef POLARSSL_MD5_C
7733  case SIG_RSA_MD5:
7734  md5( message_str, msg_len, hash_result );
7735  break;
7736  #endif
7737  #ifdef POLARSSL_SHA1_C
7738  case SIG_RSA_SHA1:
7739  sha1( message_str, msg_len, hash_result );
7740  break;
7741  #endif
7742  #ifdef POLARSSL_SHA2_C
7743  case SIG_RSA_SHA224:
7744  sha2( message_str, msg_len, hash_result, 1 );
7745  break;
7746  case SIG_RSA_SHA256:
7747  sha2( message_str, msg_len, hash_result, 0 );
7748  break;
7749  #endif
7750  #ifdef POLARSSL_SHA4_C
7751  case SIG_RSA_SHA384:
7752  sha4( message_str, msg_len, hash_result, 1 );
7753  break;
7754  case SIG_RSA_SHA512:
7755  sha4( message_str, msg_len, hash_result, 0 );
7756  break;
7757  #endif
7758  }
7759 
7760  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7761 
7762  rsa_free( &ctx );
7763  }
7764  FCT_TEST_END();
7765 
7766 
7767  FCT_TEST_BGN(rsassa_pss_signature_example_2_6)
7768  {
7769  unsigned char message_str[1000];
7770  unsigned char hash_result[1000];
7771  unsigned char output[1000];
7772  unsigned char output_str[1000];
7773  unsigned char rnd_buf[1000];
7774  rsa_context ctx;
7775  mpi P1, Q1, H, G;
7776  size_t msg_len;
7777  rnd_buf_info info;
7778 
7779  info.length = unhexify( rnd_buf, "37810def1055ed922b063df798de5d0aabf886ee" );
7780  info.buf = rnd_buf;
7781 
7782  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7784 
7785  memset( message_str, 0x00, 1000 );
7786  memset( hash_result, 0x00, 1000 );
7787  memset( output, 0x00, 1000 );
7788  memset( output_str, 0x00, 1000 );
7789 
7790  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7791  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7792  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7793  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7794  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7795 
7796  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7797  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7798  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7799  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7800  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7801  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7802  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7803  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7804 
7805  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7806 
7807  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7808 
7809  switch( SIG_RSA_SHA1 )
7810  {
7811  #ifdef POLARSSL_MD2_C
7812  case SIG_RSA_MD2:
7813  md2( message_str, msg_len, hash_result );
7814  break;
7815  #endif
7816  #ifdef POLARSSL_MD4_C
7817  case SIG_RSA_MD4:
7818  md4( message_str, msg_len, hash_result );
7819  break;
7820  #endif
7821  #ifdef POLARSSL_MD5_C
7822  case SIG_RSA_MD5:
7823  md5( message_str, msg_len, hash_result );
7824  break;
7825  #endif
7826  #ifdef POLARSSL_SHA1_C
7827  case SIG_RSA_SHA1:
7828  sha1( message_str, msg_len, hash_result );
7829  break;
7830  #endif
7831  #ifdef POLARSSL_SHA2_C
7832  case SIG_RSA_SHA224:
7833  sha2( message_str, msg_len, hash_result, 1 );
7834  break;
7835  case SIG_RSA_SHA256:
7836  sha2( message_str, msg_len, hash_result, 0 );
7837  break;
7838  #endif
7839  #ifdef POLARSSL_SHA4_C
7840  case SIG_RSA_SHA384:
7841  sha4( message_str, msg_len, hash_result, 1 );
7842  break;
7843  case SIG_RSA_SHA512:
7844  sha4( message_str, msg_len, hash_result, 0 );
7845  break;
7846  #endif
7847  }
7848 
7849  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7850  if( 0 == 0 )
7851  {
7852  hexify( output_str, output, ctx.len);
7853 
7854  fct_chk( strcasecmp( (char *) output_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" ) == 0 );
7855  }
7856 
7857  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7858  rsa_free( &ctx );
7859  }
7860  FCT_TEST_END();
7861 
7862 
7863  FCT_TEST_BGN(rsassa_pss_signature_example_2_6_verify)
7864  {
7865  unsigned char message_str[1000];
7866  unsigned char hash_result[1000];
7867  unsigned char result_str[1000];
7868  rsa_context ctx;
7869  size_t msg_len;
7870 
7872  memset( message_str, 0x00, 1000 );
7873  memset( hash_result, 0x00, 1000 );
7874  memset( result_str, 0x00, 1000 );
7875 
7876  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7877  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7878  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7879 
7880  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7881 
7882  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7883  unhexify( result_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" );
7884 
7885  switch( SIG_RSA_SHA1 )
7886  {
7887  #ifdef POLARSSL_MD2_C
7888  case SIG_RSA_MD2:
7889  md2( message_str, msg_len, hash_result );
7890  break;
7891  #endif
7892  #ifdef POLARSSL_MD4_C
7893  case SIG_RSA_MD4:
7894  md4( message_str, msg_len, hash_result );
7895  break;
7896  #endif
7897  #ifdef POLARSSL_MD5_C
7898  case SIG_RSA_MD5:
7899  md5( message_str, msg_len, hash_result );
7900  break;
7901  #endif
7902  #ifdef POLARSSL_SHA1_C
7903  case SIG_RSA_SHA1:
7904  sha1( message_str, msg_len, hash_result );
7905  break;
7906  #endif
7907  #ifdef POLARSSL_SHA2_C
7908  case SIG_RSA_SHA224:
7909  sha2( message_str, msg_len, hash_result, 1 );
7910  break;
7911  case SIG_RSA_SHA256:
7912  sha2( message_str, msg_len, hash_result, 0 );
7913  break;
7914  #endif
7915  #ifdef POLARSSL_SHA4_C
7916  case SIG_RSA_SHA384:
7917  sha4( message_str, msg_len, hash_result, 1 );
7918  break;
7919  case SIG_RSA_SHA512:
7920  sha4( message_str, msg_len, hash_result, 0 );
7921  break;
7922  #endif
7923  }
7924 
7925  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7926 
7927  rsa_free( &ctx );
7928  }
7929  FCT_TEST_END();
7930 
7931 
7932  FCT_TEST_BGN(rsassa_pss_signature_example_3_1)
7933  {
7934  unsigned char message_str[1000];
7935  unsigned char hash_result[1000];
7936  unsigned char output[1000];
7937  unsigned char output_str[1000];
7938  unsigned char rnd_buf[1000];
7939  rsa_context ctx;
7940  mpi P1, Q1, H, G;
7941  size_t msg_len;
7942  rnd_buf_info info;
7943 
7944  info.length = unhexify( rnd_buf, "f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa" );
7945  info.buf = rnd_buf;
7946 
7947  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7949 
7950  memset( message_str, 0x00, 1000 );
7951  memset( hash_result, 0x00, 1000 );
7952  memset( output, 0x00, 1000 );
7953  memset( output_str, 0x00, 1000 );
7954 
7955  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7956  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
7957  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
7958  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7959  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7960 
7961  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7962  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7963  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7964  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7965  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7966  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7967  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7968  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7969 
7970  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7971 
7972  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
7973 
7974  switch( SIG_RSA_SHA1 )
7975  {
7976  #ifdef POLARSSL_MD2_C
7977  case SIG_RSA_MD2:
7978  md2( message_str, msg_len, hash_result );
7979  break;
7980  #endif
7981  #ifdef POLARSSL_MD4_C
7982  case SIG_RSA_MD4:
7983  md4( message_str, msg_len, hash_result );
7984  break;
7985  #endif
7986  #ifdef POLARSSL_MD5_C
7987  case SIG_RSA_MD5:
7988  md5( message_str, msg_len, hash_result );
7989  break;
7990  #endif
7991  #ifdef POLARSSL_SHA1_C
7992  case SIG_RSA_SHA1:
7993  sha1( message_str, msg_len, hash_result );
7994  break;
7995  #endif
7996  #ifdef POLARSSL_SHA2_C
7997  case SIG_RSA_SHA224:
7998  sha2( message_str, msg_len, hash_result, 1 );
7999  break;
8000  case SIG_RSA_SHA256:
8001  sha2( message_str, msg_len, hash_result, 0 );
8002  break;
8003  #endif
8004  #ifdef POLARSSL_SHA4_C
8005  case SIG_RSA_SHA384:
8006  sha4( message_str, msg_len, hash_result, 1 );
8007  break;
8008  case SIG_RSA_SHA512:
8009  sha4( message_str, msg_len, hash_result, 0 );
8010  break;
8011  #endif
8012  }
8013 
8014  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8015  if( 0 == 0 )
8016  {
8017  hexify( output_str, output, ctx.len);
8018 
8019  fct_chk( strcasecmp( (char *) output_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" ) == 0 );
8020  }
8021 
8022  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8023  rsa_free( &ctx );
8024  }
8025  FCT_TEST_END();
8026 
8027 
8028  FCT_TEST_BGN(rsassa_pss_signature_example_3_1_verify)
8029  {
8030  unsigned char message_str[1000];
8031  unsigned char hash_result[1000];
8032  unsigned char result_str[1000];
8033  rsa_context ctx;
8034  size_t msg_len;
8035 
8037  memset( message_str, 0x00, 1000 );
8038  memset( hash_result, 0x00, 1000 );
8039  memset( result_str, 0x00, 1000 );
8040 
8041  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8042  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8043  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8044 
8045  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8046 
8047  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
8048  unhexify( result_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" );
8049 
8050  switch( SIG_RSA_SHA1 )
8051  {
8052  #ifdef POLARSSL_MD2_C
8053  case SIG_RSA_MD2:
8054  md2( message_str, msg_len, hash_result );
8055  break;
8056  #endif
8057  #ifdef POLARSSL_MD4_C
8058  case SIG_RSA_MD4:
8059  md4( message_str, msg_len, hash_result );
8060  break;
8061  #endif
8062  #ifdef POLARSSL_MD5_C
8063  case SIG_RSA_MD5:
8064  md5( message_str, msg_len, hash_result );
8065  break;
8066  #endif
8067  #ifdef POLARSSL_SHA1_C
8068  case SIG_RSA_SHA1:
8069  sha1( message_str, msg_len, hash_result );
8070  break;
8071  #endif
8072  #ifdef POLARSSL_SHA2_C
8073  case SIG_RSA_SHA224:
8074  sha2( message_str, msg_len, hash_result, 1 );
8075  break;
8076  case SIG_RSA_SHA256:
8077  sha2( message_str, msg_len, hash_result, 0 );
8078  break;
8079  #endif
8080  #ifdef POLARSSL_SHA4_C
8081  case SIG_RSA_SHA384:
8082  sha4( message_str, msg_len, hash_result, 1 );
8083  break;
8084  case SIG_RSA_SHA512:
8085  sha4( message_str, msg_len, hash_result, 0 );
8086  break;
8087  #endif
8088  }
8089 
8090  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8091 
8092  rsa_free( &ctx );
8093  }
8094  FCT_TEST_END();
8095 
8096 
8097  FCT_TEST_BGN(rsassa_pss_signature_example_3_2)
8098  {
8099  unsigned char message_str[1000];
8100  unsigned char hash_result[1000];
8101  unsigned char output[1000];
8102  unsigned char output_str[1000];
8103  unsigned char rnd_buf[1000];
8104  rsa_context ctx;
8105  mpi P1, Q1, H, G;
8106  size_t msg_len;
8107  rnd_buf_info info;
8108 
8109  info.length = unhexify( rnd_buf, "fcf9f0e1f199a3d1d0da681c5b8606fc642939f7" );
8110  info.buf = rnd_buf;
8111 
8112  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8114 
8115  memset( message_str, 0x00, 1000 );
8116  memset( hash_result, 0x00, 1000 );
8117  memset( output, 0x00, 1000 );
8118  memset( output_str, 0x00, 1000 );
8119 
8120  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8121  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8122  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8123  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8124  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8125 
8126  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8127  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8128  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8129  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8130  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8131  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8132  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8133  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8134 
8135  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8136 
8137  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
8138 
8139  switch( SIG_RSA_SHA1 )
8140  {
8141  #ifdef POLARSSL_MD2_C
8142  case SIG_RSA_MD2:
8143  md2( message_str, msg_len, hash_result );
8144  break;
8145  #endif
8146  #ifdef POLARSSL_MD4_C
8147  case SIG_RSA_MD4:
8148  md4( message_str, msg_len, hash_result );
8149  break;
8150  #endif
8151  #ifdef POLARSSL_MD5_C
8152  case SIG_RSA_MD5:
8153  md5( message_str, msg_len, hash_result );
8154  break;
8155  #endif
8156  #ifdef POLARSSL_SHA1_C
8157  case SIG_RSA_SHA1:
8158  sha1( message_str, msg_len, hash_result );
8159  break;
8160  #endif
8161  #ifdef POLARSSL_SHA2_C
8162  case SIG_RSA_SHA224:
8163  sha2( message_str, msg_len, hash_result, 1 );
8164  break;
8165  case SIG_RSA_SHA256:
8166  sha2( message_str, msg_len, hash_result, 0 );
8167  break;
8168  #endif
8169  #ifdef POLARSSL_SHA4_C
8170  case SIG_RSA_SHA384:
8171  sha4( message_str, msg_len, hash_result, 1 );
8172  break;
8173  case SIG_RSA_SHA512:
8174  sha4( message_str, msg_len, hash_result, 0 );
8175  break;
8176  #endif
8177  }
8178 
8179  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8180  if( 0 == 0 )
8181  {
8182  hexify( output_str, output, ctx.len);
8183 
8184  fct_chk( strcasecmp( (char *) output_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" ) == 0 );
8185  }
8186 
8187  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8188  rsa_free( &ctx );
8189  }
8190  FCT_TEST_END();
8191 
8192 
8193  FCT_TEST_BGN(rsassa_pss_signature_example_3_2_verify)
8194  {
8195  unsigned char message_str[1000];
8196  unsigned char hash_result[1000];
8197  unsigned char result_str[1000];
8198  rsa_context ctx;
8199  size_t msg_len;
8200 
8202  memset( message_str, 0x00, 1000 );
8203  memset( hash_result, 0x00, 1000 );
8204  memset( result_str, 0x00, 1000 );
8205 
8206  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8207  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8208  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8209 
8210  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8211 
8212  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
8213  unhexify( result_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" );
8214 
8215  switch( SIG_RSA_SHA1 )
8216  {
8217  #ifdef POLARSSL_MD2_C
8218  case SIG_RSA_MD2:
8219  md2( message_str, msg_len, hash_result );
8220  break;
8221  #endif
8222  #ifdef POLARSSL_MD4_C
8223  case SIG_RSA_MD4:
8224  md4( message_str, msg_len, hash_result );
8225  break;
8226  #endif
8227  #ifdef POLARSSL_MD5_C
8228  case SIG_RSA_MD5:
8229  md5( message_str, msg_len, hash_result );
8230  break;
8231  #endif
8232  #ifdef POLARSSL_SHA1_C
8233  case SIG_RSA_SHA1:
8234  sha1( message_str, msg_len, hash_result );
8235  break;
8236  #endif
8237  #ifdef POLARSSL_SHA2_C
8238  case SIG_RSA_SHA224:
8239  sha2( message_str, msg_len, hash_result, 1 );
8240  break;
8241  case SIG_RSA_SHA256:
8242  sha2( message_str, msg_len, hash_result, 0 );
8243  break;
8244  #endif
8245  #ifdef POLARSSL_SHA4_C
8246  case SIG_RSA_SHA384:
8247  sha4( message_str, msg_len, hash_result, 1 );
8248  break;
8249  case SIG_RSA_SHA512:
8250  sha4( message_str, msg_len, hash_result, 0 );
8251  break;
8252  #endif
8253  }
8254 
8255  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8256 
8257  rsa_free( &ctx );
8258  }
8259  FCT_TEST_END();
8260 
8261 
8262  FCT_TEST_BGN(rsassa_pss_signature_example_3_3)
8263  {
8264  unsigned char message_str[1000];
8265  unsigned char hash_result[1000];
8266  unsigned char output[1000];
8267  unsigned char output_str[1000];
8268  unsigned char rnd_buf[1000];
8269  rsa_context ctx;
8270  mpi P1, Q1, H, G;
8271  size_t msg_len;
8272  rnd_buf_info info;
8273 
8274  info.length = unhexify( rnd_buf, "986e7c43dbb671bd41b9a7f4b6afc80e805f2423" );
8275  info.buf = rnd_buf;
8276 
8277  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8279 
8280  memset( message_str, 0x00, 1000 );
8281  memset( hash_result, 0x00, 1000 );
8282  memset( output, 0x00, 1000 );
8283  memset( output_str, 0x00, 1000 );
8284 
8285  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8286  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8287  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8288  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8289  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8290 
8291  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8292  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8293  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8294  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8295  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8296  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8297  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8298  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8299 
8300  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8301 
8302  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
8303 
8304  switch( SIG_RSA_SHA1 )
8305  {
8306  #ifdef POLARSSL_MD2_C
8307  case SIG_RSA_MD2:
8308  md2( message_str, msg_len, hash_result );
8309  break;
8310  #endif
8311  #ifdef POLARSSL_MD4_C
8312  case SIG_RSA_MD4:
8313  md4( message_str, msg_len, hash_result );
8314  break;
8315  #endif
8316  #ifdef POLARSSL_MD5_C
8317  case SIG_RSA_MD5:
8318  md5( message_str, msg_len, hash_result );
8319  break;
8320  #endif
8321  #ifdef POLARSSL_SHA1_C
8322  case SIG_RSA_SHA1:
8323  sha1( message_str, msg_len, hash_result );
8324  break;
8325  #endif
8326  #ifdef POLARSSL_SHA2_C
8327  case SIG_RSA_SHA224:
8328  sha2( message_str, msg_len, hash_result, 1 );
8329  break;
8330  case SIG_RSA_SHA256:
8331  sha2( message_str, msg_len, hash_result, 0 );
8332  break;
8333  #endif
8334  #ifdef POLARSSL_SHA4_C
8335  case SIG_RSA_SHA384:
8336  sha4( message_str, msg_len, hash_result, 1 );
8337  break;
8338  case SIG_RSA_SHA512:
8339  sha4( message_str, msg_len, hash_result, 0 );
8340  break;
8341  #endif
8342  }
8343 
8344  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8345  if( 0 == 0 )
8346  {
8347  hexify( output_str, output, ctx.len);
8348 
8349  fct_chk( strcasecmp( (char *) output_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" ) == 0 );
8350  }
8351 
8352  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8353  rsa_free( &ctx );
8354  }
8355  FCT_TEST_END();
8356 
8357 
8358  FCT_TEST_BGN(rsassa_pss_signature_example_3_3_verify)
8359  {
8360  unsigned char message_str[1000];
8361  unsigned char hash_result[1000];
8362  unsigned char result_str[1000];
8363  rsa_context ctx;
8364  size_t msg_len;
8365 
8367  memset( message_str, 0x00, 1000 );
8368  memset( hash_result, 0x00, 1000 );
8369  memset( result_str, 0x00, 1000 );
8370 
8371  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8372  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8373  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8374 
8375  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8376 
8377  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
8378  unhexify( result_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" );
8379 
8380  switch( SIG_RSA_SHA1 )
8381  {
8382  #ifdef POLARSSL_MD2_C
8383  case SIG_RSA_MD2:
8384  md2( message_str, msg_len, hash_result );
8385  break;
8386  #endif
8387  #ifdef POLARSSL_MD4_C
8388  case SIG_RSA_MD4:
8389  md4( message_str, msg_len, hash_result );
8390  break;
8391  #endif
8392  #ifdef POLARSSL_MD5_C
8393  case SIG_RSA_MD5:
8394  md5( message_str, msg_len, hash_result );
8395  break;
8396  #endif
8397  #ifdef POLARSSL_SHA1_C
8398  case SIG_RSA_SHA1:
8399  sha1( message_str, msg_len, hash_result );
8400  break;
8401  #endif
8402  #ifdef POLARSSL_SHA2_C
8403  case SIG_RSA_SHA224:
8404  sha2( message_str, msg_len, hash_result, 1 );
8405  break;
8406  case SIG_RSA_SHA256:
8407  sha2( message_str, msg_len, hash_result, 0 );
8408  break;
8409  #endif
8410  #ifdef POLARSSL_SHA4_C
8411  case SIG_RSA_SHA384:
8412  sha4( message_str, msg_len, hash_result, 1 );
8413  break;
8414  case SIG_RSA_SHA512:
8415  sha4( message_str, msg_len, hash_result, 0 );
8416  break;
8417  #endif
8418  }
8419 
8420  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8421 
8422  rsa_free( &ctx );
8423  }
8424  FCT_TEST_END();
8425 
8426 
8427  FCT_TEST_BGN(rsassa_pss_signature_example_3_4)
8428  {
8429  unsigned char message_str[1000];
8430  unsigned char hash_result[1000];
8431  unsigned char output[1000];
8432  unsigned char output_str[1000];
8433  unsigned char rnd_buf[1000];
8434  rsa_context ctx;
8435  mpi P1, Q1, H, G;
8436  size_t msg_len;
8437  rnd_buf_info info;
8438 
8439  info.length = unhexify( rnd_buf, "f8312d9c8eea13ec0a4c7b98120c87509087c478" );
8440  info.buf = rnd_buf;
8441 
8442  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8444 
8445  memset( message_str, 0x00, 1000 );
8446  memset( hash_result, 0x00, 1000 );
8447  memset( output, 0x00, 1000 );
8448  memset( output_str, 0x00, 1000 );
8449 
8450  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8451  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8452  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8453  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8454  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8455 
8456  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8457  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8458  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8459  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8460  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8461  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8462  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8463  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8464 
8465  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8466 
8467  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8468 
8469  switch( SIG_RSA_SHA1 )
8470  {
8471  #ifdef POLARSSL_MD2_C
8472  case SIG_RSA_MD2:
8473  md2( message_str, msg_len, hash_result );
8474  break;
8475  #endif
8476  #ifdef POLARSSL_MD4_C
8477  case SIG_RSA_MD4:
8478  md4( message_str, msg_len, hash_result );
8479  break;
8480  #endif
8481  #ifdef POLARSSL_MD5_C
8482  case SIG_RSA_MD5:
8483  md5( message_str, msg_len, hash_result );
8484  break;
8485  #endif
8486  #ifdef POLARSSL_SHA1_C
8487  case SIG_RSA_SHA1:
8488  sha1( message_str, msg_len, hash_result );
8489  break;
8490  #endif
8491  #ifdef POLARSSL_SHA2_C
8492  case SIG_RSA_SHA224:
8493  sha2( message_str, msg_len, hash_result, 1 );
8494  break;
8495  case SIG_RSA_SHA256:
8496  sha2( message_str, msg_len, hash_result, 0 );
8497  break;
8498  #endif
8499  #ifdef POLARSSL_SHA4_C
8500  case SIG_RSA_SHA384:
8501  sha4( message_str, msg_len, hash_result, 1 );
8502  break;
8503  case SIG_RSA_SHA512:
8504  sha4( message_str, msg_len, hash_result, 0 );
8505  break;
8506  #endif
8507  }
8508 
8509  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8510  if( 0 == 0 )
8511  {
8512  hexify( output_str, output, ctx.len);
8513 
8514  fct_chk( strcasecmp( (char *) output_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" ) == 0 );
8515  }
8516 
8517  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8518  rsa_free( &ctx );
8519  }
8520  FCT_TEST_END();
8521 
8522 
8523  FCT_TEST_BGN(rsassa_pss_signature_example_3_4_verify)
8524  {
8525  unsigned char message_str[1000];
8526  unsigned char hash_result[1000];
8527  unsigned char result_str[1000];
8528  rsa_context ctx;
8529  size_t msg_len;
8530 
8532  memset( message_str, 0x00, 1000 );
8533  memset( hash_result, 0x00, 1000 );
8534  memset( result_str, 0x00, 1000 );
8535 
8536  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8537  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8538  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8539 
8540  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8541 
8542  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8543  unhexify( result_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" );
8544 
8545  switch( SIG_RSA_SHA1 )
8546  {
8547  #ifdef POLARSSL_MD2_C
8548  case SIG_RSA_MD2:
8549  md2( message_str, msg_len, hash_result );
8550  break;
8551  #endif
8552  #ifdef POLARSSL_MD4_C
8553  case SIG_RSA_MD4:
8554  md4( message_str, msg_len, hash_result );
8555  break;
8556  #endif
8557  #ifdef POLARSSL_MD5_C
8558  case SIG_RSA_MD5:
8559  md5( message_str, msg_len, hash_result );
8560  break;
8561  #endif
8562  #ifdef POLARSSL_SHA1_C
8563  case SIG_RSA_SHA1:
8564  sha1( message_str, msg_len, hash_result );
8565  break;
8566  #endif
8567  #ifdef POLARSSL_SHA2_C
8568  case SIG_RSA_SHA224:
8569  sha2( message_str, msg_len, hash_result, 1 );
8570  break;
8571  case SIG_RSA_SHA256:
8572  sha2( message_str, msg_len, hash_result, 0 );
8573  break;
8574  #endif
8575  #ifdef POLARSSL_SHA4_C
8576  case SIG_RSA_SHA384:
8577  sha4( message_str, msg_len, hash_result, 1 );
8578  break;
8579  case SIG_RSA_SHA512:
8580  sha4( message_str, msg_len, hash_result, 0 );
8581  break;
8582  #endif
8583  }
8584 
8585  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8586 
8587  rsa_free( &ctx );
8588  }
8589  FCT_TEST_END();
8590 
8591 
8592  FCT_TEST_BGN(rsassa_pss_signature_example_3_5)
8593  {
8594  unsigned char message_str[1000];
8595  unsigned char hash_result[1000];
8596  unsigned char output[1000];
8597  unsigned char output_str[1000];
8598  unsigned char rnd_buf[1000];
8599  rsa_context ctx;
8600  mpi P1, Q1, H, G;
8601  size_t msg_len;
8602  rnd_buf_info info;
8603 
8604  info.length = unhexify( rnd_buf, "50327efec6292f98019fc67a2a6638563e9b6e2d" );
8605  info.buf = rnd_buf;
8606 
8607  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8609 
8610  memset( message_str, 0x00, 1000 );
8611  memset( hash_result, 0x00, 1000 );
8612  memset( output, 0x00, 1000 );
8613  memset( output_str, 0x00, 1000 );
8614 
8615  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8616  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8617  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8618  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8619  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8620 
8621  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8622  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8623  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8624  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8625  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8626  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8627  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8628  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8629 
8630  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8631 
8632  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8633 
8634  switch( SIG_RSA_SHA1 )
8635  {
8636  #ifdef POLARSSL_MD2_C
8637  case SIG_RSA_MD2:
8638  md2( message_str, msg_len, hash_result );
8639  break;
8640  #endif
8641  #ifdef POLARSSL_MD4_C
8642  case SIG_RSA_MD4:
8643  md4( message_str, msg_len, hash_result );
8644  break;
8645  #endif
8646  #ifdef POLARSSL_MD5_C
8647  case SIG_RSA_MD5:
8648  md5( message_str, msg_len, hash_result );
8649  break;
8650  #endif
8651  #ifdef POLARSSL_SHA1_C
8652  case SIG_RSA_SHA1:
8653  sha1( message_str, msg_len, hash_result );
8654  break;
8655  #endif
8656  #ifdef POLARSSL_SHA2_C
8657  case SIG_RSA_SHA224:
8658  sha2( message_str, msg_len, hash_result, 1 );
8659  break;
8660  case SIG_RSA_SHA256:
8661  sha2( message_str, msg_len, hash_result, 0 );
8662  break;
8663  #endif
8664  #ifdef POLARSSL_SHA4_C
8665  case SIG_RSA_SHA384:
8666  sha4( message_str, msg_len, hash_result, 1 );
8667  break;
8668  case SIG_RSA_SHA512:
8669  sha4( message_str, msg_len, hash_result, 0 );
8670  break;
8671  #endif
8672  }
8673 
8674  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8675  if( 0 == 0 )
8676  {
8677  hexify( output_str, output, ctx.len);
8678 
8679  fct_chk( strcasecmp( (char *) output_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" ) == 0 );
8680  }
8681 
8682  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8683  rsa_free( &ctx );
8684  }
8685  FCT_TEST_END();
8686 
8687 
8688  FCT_TEST_BGN(rsassa_pss_signature_example_3_5_verify)
8689  {
8690  unsigned char message_str[1000];
8691  unsigned char hash_result[1000];
8692  unsigned char result_str[1000];
8693  rsa_context ctx;
8694  size_t msg_len;
8695 
8697  memset( message_str, 0x00, 1000 );
8698  memset( hash_result, 0x00, 1000 );
8699  memset( result_str, 0x00, 1000 );
8700 
8701  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8702  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8703  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8704 
8705  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8706 
8707  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8708  unhexify( result_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" );
8709 
8710  switch( SIG_RSA_SHA1 )
8711  {
8712  #ifdef POLARSSL_MD2_C
8713  case SIG_RSA_MD2:
8714  md2( message_str, msg_len, hash_result );
8715  break;
8716  #endif
8717  #ifdef POLARSSL_MD4_C
8718  case SIG_RSA_MD4:
8719  md4( message_str, msg_len, hash_result );
8720  break;
8721  #endif
8722  #ifdef POLARSSL_MD5_C
8723  case SIG_RSA_MD5:
8724  md5( message_str, msg_len, hash_result );
8725  break;
8726  #endif
8727  #ifdef POLARSSL_SHA1_C
8728  case SIG_RSA_SHA1:
8729  sha1( message_str, msg_len, hash_result );
8730  break;
8731  #endif
8732  #ifdef POLARSSL_SHA2_C
8733  case SIG_RSA_SHA224:
8734  sha2( message_str, msg_len, hash_result, 1 );
8735  break;
8736  case SIG_RSA_SHA256:
8737  sha2( message_str, msg_len, hash_result, 0 );
8738  break;
8739  #endif
8740  #ifdef POLARSSL_SHA4_C
8741  case SIG_RSA_SHA384:
8742  sha4( message_str, msg_len, hash_result, 1 );
8743  break;
8744  case SIG_RSA_SHA512:
8745  sha4( message_str, msg_len, hash_result, 0 );
8746  break;
8747  #endif
8748  }
8749 
8750  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8751 
8752  rsa_free( &ctx );
8753  }
8754  FCT_TEST_END();
8755 
8756 
8757  FCT_TEST_BGN(rsassa_pss_signature_example_3_6)
8758  {
8759  unsigned char message_str[1000];
8760  unsigned char hash_result[1000];
8761  unsigned char output[1000];
8762  unsigned char output_str[1000];
8763  unsigned char rnd_buf[1000];
8764  rsa_context ctx;
8765  mpi P1, Q1, H, G;
8766  size_t msg_len;
8767  rnd_buf_info info;
8768 
8769  info.length = unhexify( rnd_buf, "b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3" );
8770  info.buf = rnd_buf;
8771 
8772  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8774 
8775  memset( message_str, 0x00, 1000 );
8776  memset( hash_result, 0x00, 1000 );
8777  memset( output, 0x00, 1000 );
8778  memset( output_str, 0x00, 1000 );
8779 
8780  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8781  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8782  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8783  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8784  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8785 
8786  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8787  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8788  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8789  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8790  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8791  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8792  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8793  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8794 
8795  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8796 
8797  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8798 
8799  switch( SIG_RSA_SHA1 )
8800  {
8801  #ifdef POLARSSL_MD2_C
8802  case SIG_RSA_MD2:
8803  md2( message_str, msg_len, hash_result );
8804  break;
8805  #endif
8806  #ifdef POLARSSL_MD4_C
8807  case SIG_RSA_MD4:
8808  md4( message_str, msg_len, hash_result );
8809  break;
8810  #endif
8811  #ifdef POLARSSL_MD5_C
8812  case SIG_RSA_MD5:
8813  md5( message_str, msg_len, hash_result );
8814  break;
8815  #endif
8816  #ifdef POLARSSL_SHA1_C
8817  case SIG_RSA_SHA1:
8818  sha1( message_str, msg_len, hash_result );
8819  break;
8820  #endif
8821  #ifdef POLARSSL_SHA2_C
8822  case SIG_RSA_SHA224:
8823  sha2( message_str, msg_len, hash_result, 1 );
8824  break;
8825  case SIG_RSA_SHA256:
8826  sha2( message_str, msg_len, hash_result, 0 );
8827  break;
8828  #endif
8829  #ifdef POLARSSL_SHA4_C
8830  case SIG_RSA_SHA384:
8831  sha4( message_str, msg_len, hash_result, 1 );
8832  break;
8833  case SIG_RSA_SHA512:
8834  sha4( message_str, msg_len, hash_result, 0 );
8835  break;
8836  #endif
8837  }
8838 
8839  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8840  if( 0 == 0 )
8841  {
8842  hexify( output_str, output, ctx.len);
8843 
8844  fct_chk( strcasecmp( (char *) output_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" ) == 0 );
8845  }
8846 
8847  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8848  rsa_free( &ctx );
8849  }
8850  FCT_TEST_END();
8851 
8852 
8853  FCT_TEST_BGN(rsassa_pss_signature_example_3_6_verify)
8854  {
8855  unsigned char message_str[1000];
8856  unsigned char hash_result[1000];
8857  unsigned char result_str[1000];
8858  rsa_context ctx;
8859  size_t msg_len;
8860 
8862  memset( message_str, 0x00, 1000 );
8863  memset( hash_result, 0x00, 1000 );
8864  memset( result_str, 0x00, 1000 );
8865 
8866  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8867  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8868  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8869 
8870  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8871 
8872  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8873  unhexify( result_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" );
8874 
8875  switch( SIG_RSA_SHA1 )
8876  {
8877  #ifdef POLARSSL_MD2_C
8878  case SIG_RSA_MD2:
8879  md2( message_str, msg_len, hash_result );
8880  break;
8881  #endif
8882  #ifdef POLARSSL_MD4_C
8883  case SIG_RSA_MD4:
8884  md4( message_str, msg_len, hash_result );
8885  break;
8886  #endif
8887  #ifdef POLARSSL_MD5_C
8888  case SIG_RSA_MD5:
8889  md5( message_str, msg_len, hash_result );
8890  break;
8891  #endif
8892  #ifdef POLARSSL_SHA1_C
8893  case SIG_RSA_SHA1:
8894  sha1( message_str, msg_len, hash_result );
8895  break;
8896  #endif
8897  #ifdef POLARSSL_SHA2_C
8898  case SIG_RSA_SHA224:
8899  sha2( message_str, msg_len, hash_result, 1 );
8900  break;
8901  case SIG_RSA_SHA256:
8902  sha2( message_str, msg_len, hash_result, 0 );
8903  break;
8904  #endif
8905  #ifdef POLARSSL_SHA4_C
8906  case SIG_RSA_SHA384:
8907  sha4( message_str, msg_len, hash_result, 1 );
8908  break;
8909  case SIG_RSA_SHA512:
8910  sha4( message_str, msg_len, hash_result, 0 );
8911  break;
8912  #endif
8913  }
8914 
8915  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8916 
8917  rsa_free( &ctx );
8918  }
8919  FCT_TEST_END();
8920 
8921 
8922  FCT_TEST_BGN(rsassa_pss_signature_example_4_1)
8923  {
8924  unsigned char message_str[1000];
8925  unsigned char hash_result[1000];
8926  unsigned char output[1000];
8927  unsigned char output_str[1000];
8928  unsigned char rnd_buf[1000];
8929  rsa_context ctx;
8930  mpi P1, Q1, H, G;
8931  size_t msg_len;
8932  rnd_buf_info info;
8933 
8934  info.length = unhexify( rnd_buf, "ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d" );
8935  info.buf = rnd_buf;
8936 
8937  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8939 
8940  memset( message_str, 0x00, 1000 );
8941  memset( hash_result, 0x00, 1000 );
8942  memset( output, 0x00, 1000 );
8943  memset( output_str, 0x00, 1000 );
8944 
8945  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8946  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
8947  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
8948  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8949  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8950 
8951  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8952  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8953  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8954  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8955  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8956  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8957  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8958  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8959 
8960  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8961 
8962  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
8963 
8964  switch( SIG_RSA_SHA1 )
8965  {
8966  #ifdef POLARSSL_MD2_C
8967  case SIG_RSA_MD2:
8968  md2( message_str, msg_len, hash_result );
8969  break;
8970  #endif
8971  #ifdef POLARSSL_MD4_C
8972  case SIG_RSA_MD4:
8973  md4( message_str, msg_len, hash_result );
8974  break;
8975  #endif
8976  #ifdef POLARSSL_MD5_C
8977  case SIG_RSA_MD5:
8978  md5( message_str, msg_len, hash_result );
8979  break;
8980  #endif
8981  #ifdef POLARSSL_SHA1_C
8982  case SIG_RSA_SHA1:
8983  sha1( message_str, msg_len, hash_result );
8984  break;
8985  #endif
8986  #ifdef POLARSSL_SHA2_C
8987  case SIG_RSA_SHA224:
8988  sha2( message_str, msg_len, hash_result, 1 );
8989  break;
8990  case SIG_RSA_SHA256:
8991  sha2( message_str, msg_len, hash_result, 0 );
8992  break;
8993  #endif
8994  #ifdef POLARSSL_SHA4_C
8995  case SIG_RSA_SHA384:
8996  sha4( message_str, msg_len, hash_result, 1 );
8997  break;
8998  case SIG_RSA_SHA512:
8999  sha4( message_str, msg_len, hash_result, 0 );
9000  break;
9001  #endif
9002  }
9003 
9004  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9005  if( 0 == 0 )
9006  {
9007  hexify( output_str, output, ctx.len);
9008 
9009  fct_chk( strcasecmp( (char *) output_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" ) == 0 );
9010  }
9011 
9012  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9013  rsa_free( &ctx );
9014  }
9015  FCT_TEST_END();
9016 
9017 
9018  FCT_TEST_BGN(rsassa_pss_signature_example_4_1_verify)
9019  {
9020  unsigned char message_str[1000];
9021  unsigned char hash_result[1000];
9022  unsigned char result_str[1000];
9023  rsa_context ctx;
9024  size_t msg_len;
9025 
9027  memset( message_str, 0x00, 1000 );
9028  memset( hash_result, 0x00, 1000 );
9029  memset( result_str, 0x00, 1000 );
9030 
9031  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9032  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9033  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9034 
9035  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9036 
9037  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
9038  unhexify( result_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" );
9039 
9040  switch( SIG_RSA_SHA1 )
9041  {
9042  #ifdef POLARSSL_MD2_C
9043  case SIG_RSA_MD2:
9044  md2( message_str, msg_len, hash_result );
9045  break;
9046  #endif
9047  #ifdef POLARSSL_MD4_C
9048  case SIG_RSA_MD4:
9049  md4( message_str, msg_len, hash_result );
9050  break;
9051  #endif
9052  #ifdef POLARSSL_MD5_C
9053  case SIG_RSA_MD5:
9054  md5( message_str, msg_len, hash_result );
9055  break;
9056  #endif
9057  #ifdef POLARSSL_SHA1_C
9058  case SIG_RSA_SHA1:
9059  sha1( message_str, msg_len, hash_result );
9060  break;
9061  #endif
9062  #ifdef POLARSSL_SHA2_C
9063  case SIG_RSA_SHA224:
9064  sha2( message_str, msg_len, hash_result, 1 );
9065  break;
9066  case SIG_RSA_SHA256:
9067  sha2( message_str, msg_len, hash_result, 0 );
9068  break;
9069  #endif
9070  #ifdef POLARSSL_SHA4_C
9071  case SIG_RSA_SHA384:
9072  sha4( message_str, msg_len, hash_result, 1 );
9073  break;
9074  case SIG_RSA_SHA512:
9075  sha4( message_str, msg_len, hash_result, 0 );
9076  break;
9077  #endif
9078  }
9079 
9080  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9081 
9082  rsa_free( &ctx );
9083  }
9084  FCT_TEST_END();
9085 
9086 
9087  FCT_TEST_BGN(rsassa_pss_signature_example_4_2)
9088  {
9089  unsigned char message_str[1000];
9090  unsigned char hash_result[1000];
9091  unsigned char output[1000];
9092  unsigned char output_str[1000];
9093  unsigned char rnd_buf[1000];
9094  rsa_context ctx;
9095  mpi P1, Q1, H, G;
9096  size_t msg_len;
9097  rnd_buf_info info;
9098 
9099  info.length = unhexify( rnd_buf, "22d71d54363a4217aa55113f059b3384e3e57e44" );
9100  info.buf = rnd_buf;
9101 
9102  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9104 
9105  memset( message_str, 0x00, 1000 );
9106  memset( hash_result, 0x00, 1000 );
9107  memset( output, 0x00, 1000 );
9108  memset( output_str, 0x00, 1000 );
9109 
9110  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9111  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9112  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9113  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9114  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9115 
9116  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9117  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9118  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9119  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9120  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9121  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9122  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9123  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9124 
9125  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9126 
9127  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
9128 
9129  switch( SIG_RSA_SHA1 )
9130  {
9131  #ifdef POLARSSL_MD2_C
9132  case SIG_RSA_MD2:
9133  md2( message_str, msg_len, hash_result );
9134  break;
9135  #endif
9136  #ifdef POLARSSL_MD4_C
9137  case SIG_RSA_MD4:
9138  md4( message_str, msg_len, hash_result );
9139  break;
9140  #endif
9141  #ifdef POLARSSL_MD5_C
9142  case SIG_RSA_MD5:
9143  md5( message_str, msg_len, hash_result );
9144  break;
9145  #endif
9146  #ifdef POLARSSL_SHA1_C
9147  case SIG_RSA_SHA1:
9148  sha1( message_str, msg_len, hash_result );
9149  break;
9150  #endif
9151  #ifdef POLARSSL_SHA2_C
9152  case SIG_RSA_SHA224:
9153  sha2( message_str, msg_len, hash_result, 1 );
9154  break;
9155  case SIG_RSA_SHA256:
9156  sha2( message_str, msg_len, hash_result, 0 );
9157  break;
9158  #endif
9159  #ifdef POLARSSL_SHA4_C
9160  case SIG_RSA_SHA384:
9161  sha4( message_str, msg_len, hash_result, 1 );
9162  break;
9163  case SIG_RSA_SHA512:
9164  sha4( message_str, msg_len, hash_result, 0 );
9165  break;
9166  #endif
9167  }
9168 
9169  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9170  if( 0 == 0 )
9171  {
9172  hexify( output_str, output, ctx.len);
9173 
9174  fct_chk( strcasecmp( (char *) output_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" ) == 0 );
9175  }
9176 
9177  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9178  rsa_free( &ctx );
9179  }
9180  FCT_TEST_END();
9181 
9182 
9183  FCT_TEST_BGN(rsassa_pss_signature_example_4_2_verify)
9184  {
9185  unsigned char message_str[1000];
9186  unsigned char hash_result[1000];
9187  unsigned char result_str[1000];
9188  rsa_context ctx;
9189  size_t msg_len;
9190 
9192  memset( message_str, 0x00, 1000 );
9193  memset( hash_result, 0x00, 1000 );
9194  memset( result_str, 0x00, 1000 );
9195 
9196  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9197  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9198  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9199 
9200  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9201 
9202  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
9203  unhexify( result_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" );
9204 
9205  switch( SIG_RSA_SHA1 )
9206  {
9207  #ifdef POLARSSL_MD2_C
9208  case SIG_RSA_MD2:
9209  md2( message_str, msg_len, hash_result );
9210  break;
9211  #endif
9212  #ifdef POLARSSL_MD4_C
9213  case SIG_RSA_MD4:
9214  md4( message_str, msg_len, hash_result );
9215  break;
9216  #endif
9217  #ifdef POLARSSL_MD5_C
9218  case SIG_RSA_MD5:
9219  md5( message_str, msg_len, hash_result );
9220  break;
9221  #endif
9222  #ifdef POLARSSL_SHA1_C
9223  case SIG_RSA_SHA1:
9224  sha1( message_str, msg_len, hash_result );
9225  break;
9226  #endif
9227  #ifdef POLARSSL_SHA2_C
9228  case SIG_RSA_SHA224:
9229  sha2( message_str, msg_len, hash_result, 1 );
9230  break;
9231  case SIG_RSA_SHA256:
9232  sha2( message_str, msg_len, hash_result, 0 );
9233  break;
9234  #endif
9235  #ifdef POLARSSL_SHA4_C
9236  case SIG_RSA_SHA384:
9237  sha4( message_str, msg_len, hash_result, 1 );
9238  break;
9239  case SIG_RSA_SHA512:
9240  sha4( message_str, msg_len, hash_result, 0 );
9241  break;
9242  #endif
9243  }
9244 
9245  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9246 
9247  rsa_free( &ctx );
9248  }
9249  FCT_TEST_END();
9250 
9251 
9252  FCT_TEST_BGN(rsassa_pss_signature_example_4_3)
9253  {
9254  unsigned char message_str[1000];
9255  unsigned char hash_result[1000];
9256  unsigned char output[1000];
9257  unsigned char output_str[1000];
9258  unsigned char rnd_buf[1000];
9259  rsa_context ctx;
9260  mpi P1, Q1, H, G;
9261  size_t msg_len;
9262  rnd_buf_info info;
9263 
9264  info.length = unhexify( rnd_buf, "4af870fbc6516012ca916c70ba862ac7e8243617" );
9265  info.buf = rnd_buf;
9266 
9267  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9269 
9270  memset( message_str, 0x00, 1000 );
9271  memset( hash_result, 0x00, 1000 );
9272  memset( output, 0x00, 1000 );
9273  memset( output_str, 0x00, 1000 );
9274 
9275  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9276  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9277  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9278  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9279  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9280 
9281  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9282  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9283  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9284  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9285  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9286  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9287  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9288  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9289 
9290  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9291 
9292  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
9293 
9294  switch( SIG_RSA_SHA1 )
9295  {
9296  #ifdef POLARSSL_MD2_C
9297  case SIG_RSA_MD2:
9298  md2( message_str, msg_len, hash_result );
9299  break;
9300  #endif
9301  #ifdef POLARSSL_MD4_C
9302  case SIG_RSA_MD4:
9303  md4( message_str, msg_len, hash_result );
9304  break;
9305  #endif
9306  #ifdef POLARSSL_MD5_C
9307  case SIG_RSA_MD5:
9308  md5( message_str, msg_len, hash_result );
9309  break;
9310  #endif
9311  #ifdef POLARSSL_SHA1_C
9312  case SIG_RSA_SHA1:
9313  sha1( message_str, msg_len, hash_result );
9314  break;
9315  #endif
9316  #ifdef POLARSSL_SHA2_C
9317  case SIG_RSA_SHA224:
9318  sha2( message_str, msg_len, hash_result, 1 );
9319  break;
9320  case SIG_RSA_SHA256:
9321  sha2( message_str, msg_len, hash_result, 0 );
9322  break;
9323  #endif
9324  #ifdef POLARSSL_SHA4_C
9325  case SIG_RSA_SHA384:
9326  sha4( message_str, msg_len, hash_result, 1 );
9327  break;
9328  case SIG_RSA_SHA512:
9329  sha4( message_str, msg_len, hash_result, 0 );
9330  break;
9331  #endif
9332  }
9333 
9334  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9335  if( 0 == 0 )
9336  {
9337  hexify( output_str, output, ctx.len);
9338 
9339  fct_chk( strcasecmp( (char *) output_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" ) == 0 );
9340  }
9341 
9342  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9343  rsa_free( &ctx );
9344  }
9345  FCT_TEST_END();
9346 
9347 
9348  FCT_TEST_BGN(rsassa_pss_signature_example_4_3_verify)
9349  {
9350  unsigned char message_str[1000];
9351  unsigned char hash_result[1000];
9352  unsigned char result_str[1000];
9353  rsa_context ctx;
9354  size_t msg_len;
9355 
9357  memset( message_str, 0x00, 1000 );
9358  memset( hash_result, 0x00, 1000 );
9359  memset( result_str, 0x00, 1000 );
9360 
9361  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9362  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9363  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9364 
9365  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9366 
9367  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
9368  unhexify( result_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" );
9369 
9370  switch( SIG_RSA_SHA1 )
9371  {
9372  #ifdef POLARSSL_MD2_C
9373  case SIG_RSA_MD2:
9374  md2( message_str, msg_len, hash_result );
9375  break;
9376  #endif
9377  #ifdef POLARSSL_MD4_C
9378  case SIG_RSA_MD4:
9379  md4( message_str, msg_len, hash_result );
9380  break;
9381  #endif
9382  #ifdef POLARSSL_MD5_C
9383  case SIG_RSA_MD5:
9384  md5( message_str, msg_len, hash_result );
9385  break;
9386  #endif
9387  #ifdef POLARSSL_SHA1_C
9388  case SIG_RSA_SHA1:
9389  sha1( message_str, msg_len, hash_result );
9390  break;
9391  #endif
9392  #ifdef POLARSSL_SHA2_C
9393  case SIG_RSA_SHA224:
9394  sha2( message_str, msg_len, hash_result, 1 );
9395  break;
9396  case SIG_RSA_SHA256:
9397  sha2( message_str, msg_len, hash_result, 0 );
9398  break;
9399  #endif
9400  #ifdef POLARSSL_SHA4_C
9401  case SIG_RSA_SHA384:
9402  sha4( message_str, msg_len, hash_result, 1 );
9403  break;
9404  case SIG_RSA_SHA512:
9405  sha4( message_str, msg_len, hash_result, 0 );
9406  break;
9407  #endif
9408  }
9409 
9410  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9411 
9412  rsa_free( &ctx );
9413  }
9414  FCT_TEST_END();
9415 
9416 
9417  FCT_TEST_BGN(rsassa_pss_signature_example_4_4)
9418  {
9419  unsigned char message_str[1000];
9420  unsigned char hash_result[1000];
9421  unsigned char output[1000];
9422  unsigned char output_str[1000];
9423  unsigned char rnd_buf[1000];
9424  rsa_context ctx;
9425  mpi P1, Q1, H, G;
9426  size_t msg_len;
9427  rnd_buf_info info;
9428 
9429  info.length = unhexify( rnd_buf, "40d2e180fae1eac439c190b56c2c0e14ddf9a226" );
9430  info.buf = rnd_buf;
9431 
9432  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9434 
9435  memset( message_str, 0x00, 1000 );
9436  memset( hash_result, 0x00, 1000 );
9437  memset( output, 0x00, 1000 );
9438  memset( output_str, 0x00, 1000 );
9439 
9440  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9441  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9442  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9443  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9444  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9445 
9446  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9447  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9448  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9449  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9450  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9451  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9452  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9453  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9454 
9455  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9456 
9457  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9458 
9459  switch( SIG_RSA_SHA1 )
9460  {
9461  #ifdef POLARSSL_MD2_C
9462  case SIG_RSA_MD2:
9463  md2( message_str, msg_len, hash_result );
9464  break;
9465  #endif
9466  #ifdef POLARSSL_MD4_C
9467  case SIG_RSA_MD4:
9468  md4( message_str, msg_len, hash_result );
9469  break;
9470  #endif
9471  #ifdef POLARSSL_MD5_C
9472  case SIG_RSA_MD5:
9473  md5( message_str, msg_len, hash_result );
9474  break;
9475  #endif
9476  #ifdef POLARSSL_SHA1_C
9477  case SIG_RSA_SHA1:
9478  sha1( message_str, msg_len, hash_result );
9479  break;
9480  #endif
9481  #ifdef POLARSSL_SHA2_C
9482  case SIG_RSA_SHA224:
9483  sha2( message_str, msg_len, hash_result, 1 );
9484  break;
9485  case SIG_RSA_SHA256:
9486  sha2( message_str, msg_len, hash_result, 0 );
9487  break;
9488  #endif
9489  #ifdef POLARSSL_SHA4_C
9490  case SIG_RSA_SHA384:
9491  sha4( message_str, msg_len, hash_result, 1 );
9492  break;
9493  case SIG_RSA_SHA512:
9494  sha4( message_str, msg_len, hash_result, 0 );
9495  break;
9496  #endif
9497  }
9498 
9499  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9500  if( 0 == 0 )
9501  {
9502  hexify( output_str, output, ctx.len);
9503 
9504  fct_chk( strcasecmp( (char *) output_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" ) == 0 );
9505  }
9506 
9507  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9508  rsa_free( &ctx );
9509  }
9510  FCT_TEST_END();
9511 
9512 
9513  FCT_TEST_BGN(rsassa_pss_signature_example_4_4_verify)
9514  {
9515  unsigned char message_str[1000];
9516  unsigned char hash_result[1000];
9517  unsigned char result_str[1000];
9518  rsa_context ctx;
9519  size_t msg_len;
9520 
9522  memset( message_str, 0x00, 1000 );
9523  memset( hash_result, 0x00, 1000 );
9524  memset( result_str, 0x00, 1000 );
9525 
9526  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9527  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9528  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9529 
9530  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9531 
9532  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9533  unhexify( result_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" );
9534 
9535  switch( SIG_RSA_SHA1 )
9536  {
9537  #ifdef POLARSSL_MD2_C
9538  case SIG_RSA_MD2:
9539  md2( message_str, msg_len, hash_result );
9540  break;
9541  #endif
9542  #ifdef POLARSSL_MD4_C
9543  case SIG_RSA_MD4:
9544  md4( message_str, msg_len, hash_result );
9545  break;
9546  #endif
9547  #ifdef POLARSSL_MD5_C
9548  case SIG_RSA_MD5:
9549  md5( message_str, msg_len, hash_result );
9550  break;
9551  #endif
9552  #ifdef POLARSSL_SHA1_C
9553  case SIG_RSA_SHA1:
9554  sha1( message_str, msg_len, hash_result );
9555  break;
9556  #endif
9557  #ifdef POLARSSL_SHA2_C
9558  case SIG_RSA_SHA224:
9559  sha2( message_str, msg_len, hash_result, 1 );
9560  break;
9561  case SIG_RSA_SHA256:
9562  sha2( message_str, msg_len, hash_result, 0 );
9563  break;
9564  #endif
9565  #ifdef POLARSSL_SHA4_C
9566  case SIG_RSA_SHA384:
9567  sha4( message_str, msg_len, hash_result, 1 );
9568  break;
9569  case SIG_RSA_SHA512:
9570  sha4( message_str, msg_len, hash_result, 0 );
9571  break;
9572  #endif
9573  }
9574 
9575  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9576 
9577  rsa_free( &ctx );
9578  }
9579  FCT_TEST_END();
9580 
9581 
9582  FCT_TEST_BGN(rsassa_pss_signature_example_4_5)
9583  {
9584  unsigned char message_str[1000];
9585  unsigned char hash_result[1000];
9586  unsigned char output[1000];
9587  unsigned char output_str[1000];
9588  unsigned char rnd_buf[1000];
9589  rsa_context ctx;
9590  mpi P1, Q1, H, G;
9591  size_t msg_len;
9592  rnd_buf_info info;
9593 
9594  info.length = unhexify( rnd_buf, "2497dc2b4615dfae5a663d49ffd56bf7efc11304" );
9595  info.buf = rnd_buf;
9596 
9597  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9599 
9600  memset( message_str, 0x00, 1000 );
9601  memset( hash_result, 0x00, 1000 );
9602  memset( output, 0x00, 1000 );
9603  memset( output_str, 0x00, 1000 );
9604 
9605  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9606  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9607  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9608  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9609  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9610 
9611  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9612  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9613  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9614  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9615  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9616  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9617  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9618  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9619 
9620  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9621 
9622  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9623 
9624  switch( SIG_RSA_SHA1 )
9625  {
9626  #ifdef POLARSSL_MD2_C
9627  case SIG_RSA_MD2:
9628  md2( message_str, msg_len, hash_result );
9629  break;
9630  #endif
9631  #ifdef POLARSSL_MD4_C
9632  case SIG_RSA_MD4:
9633  md4( message_str, msg_len, hash_result );
9634  break;
9635  #endif
9636  #ifdef POLARSSL_MD5_C
9637  case SIG_RSA_MD5:
9638  md5( message_str, msg_len, hash_result );
9639  break;
9640  #endif
9641  #ifdef POLARSSL_SHA1_C
9642  case SIG_RSA_SHA1:
9643  sha1( message_str, msg_len, hash_result );
9644  break;
9645  #endif
9646  #ifdef POLARSSL_SHA2_C
9647  case SIG_RSA_SHA224:
9648  sha2( message_str, msg_len, hash_result, 1 );
9649  break;
9650  case SIG_RSA_SHA256:
9651  sha2( message_str, msg_len, hash_result, 0 );
9652  break;
9653  #endif
9654  #ifdef POLARSSL_SHA4_C
9655  case SIG_RSA_SHA384:
9656  sha4( message_str, msg_len, hash_result, 1 );
9657  break;
9658  case SIG_RSA_SHA512:
9659  sha4( message_str, msg_len, hash_result, 0 );
9660  break;
9661  #endif
9662  }
9663 
9664  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9665  if( 0 == 0 )
9666  {
9667  hexify( output_str, output, ctx.len);
9668 
9669  fct_chk( strcasecmp( (char *) output_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" ) == 0 );
9670  }
9671 
9672  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9673  rsa_free( &ctx );
9674  }
9675  FCT_TEST_END();
9676 
9677 
9678  FCT_TEST_BGN(rsassa_pss_signature_example_4_5_verify)
9679  {
9680  unsigned char message_str[1000];
9681  unsigned char hash_result[1000];
9682  unsigned char result_str[1000];
9683  rsa_context ctx;
9684  size_t msg_len;
9685 
9687  memset( message_str, 0x00, 1000 );
9688  memset( hash_result, 0x00, 1000 );
9689  memset( result_str, 0x00, 1000 );
9690 
9691  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9692  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9693  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9694 
9695  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9696 
9697  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9698  unhexify( result_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" );
9699 
9700  switch( SIG_RSA_SHA1 )
9701  {
9702  #ifdef POLARSSL_MD2_C
9703  case SIG_RSA_MD2:
9704  md2( message_str, msg_len, hash_result );
9705  break;
9706  #endif
9707  #ifdef POLARSSL_MD4_C
9708  case SIG_RSA_MD4:
9709  md4( message_str, msg_len, hash_result );
9710  break;
9711  #endif
9712  #ifdef POLARSSL_MD5_C
9713  case SIG_RSA_MD5:
9714  md5( message_str, msg_len, hash_result );
9715  break;
9716  #endif
9717  #ifdef POLARSSL_SHA1_C
9718  case SIG_RSA_SHA1:
9719  sha1( message_str, msg_len, hash_result );
9720  break;
9721  #endif
9722  #ifdef POLARSSL_SHA2_C
9723  case SIG_RSA_SHA224:
9724  sha2( message_str, msg_len, hash_result, 1 );
9725  break;
9726  case SIG_RSA_SHA256:
9727  sha2( message_str, msg_len, hash_result, 0 );
9728  break;
9729  #endif
9730  #ifdef POLARSSL_SHA4_C
9731  case SIG_RSA_SHA384:
9732  sha4( message_str, msg_len, hash_result, 1 );
9733  break;
9734  case SIG_RSA_SHA512:
9735  sha4( message_str, msg_len, hash_result, 0 );
9736  break;
9737  #endif
9738  }
9739 
9740  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9741 
9742  rsa_free( &ctx );
9743  }
9744  FCT_TEST_END();
9745 
9746 
9747  FCT_TEST_BGN(rsassa_pss_signature_example_4_6)
9748  {
9749  unsigned char message_str[1000];
9750  unsigned char hash_result[1000];
9751  unsigned char output[1000];
9752  unsigned char output_str[1000];
9753  unsigned char rnd_buf[1000];
9754  rsa_context ctx;
9755  mpi P1, Q1, H, G;
9756  size_t msg_len;
9757  rnd_buf_info info;
9758 
9759  info.length = unhexify( rnd_buf, "a334db6faebf11081a04f87c2d621cdec7930b9b" );
9760  info.buf = rnd_buf;
9761 
9762  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9764 
9765  memset( message_str, 0x00, 1000 );
9766  memset( hash_result, 0x00, 1000 );
9767  memset( output, 0x00, 1000 );
9768  memset( output_str, 0x00, 1000 );
9769 
9770  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9771  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9772  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9773  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9774  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9775 
9776  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9777  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9778  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9779  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9780  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9781  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9782  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9783  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9784 
9785  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9786 
9787  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9788 
9789  switch( SIG_RSA_SHA1 )
9790  {
9791  #ifdef POLARSSL_MD2_C
9792  case SIG_RSA_MD2:
9793  md2( message_str, msg_len, hash_result );
9794  break;
9795  #endif
9796  #ifdef POLARSSL_MD4_C
9797  case SIG_RSA_MD4:
9798  md4( message_str, msg_len, hash_result );
9799  break;
9800  #endif
9801  #ifdef POLARSSL_MD5_C
9802  case SIG_RSA_MD5:
9803  md5( message_str, msg_len, hash_result );
9804  break;
9805  #endif
9806  #ifdef POLARSSL_SHA1_C
9807  case SIG_RSA_SHA1:
9808  sha1( message_str, msg_len, hash_result );
9809  break;
9810  #endif
9811  #ifdef POLARSSL_SHA2_C
9812  case SIG_RSA_SHA224:
9813  sha2( message_str, msg_len, hash_result, 1 );
9814  break;
9815  case SIG_RSA_SHA256:
9816  sha2( message_str, msg_len, hash_result, 0 );
9817  break;
9818  #endif
9819  #ifdef POLARSSL_SHA4_C
9820  case SIG_RSA_SHA384:
9821  sha4( message_str, msg_len, hash_result, 1 );
9822  break;
9823  case SIG_RSA_SHA512:
9824  sha4( message_str, msg_len, hash_result, 0 );
9825  break;
9826  #endif
9827  }
9828 
9829  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9830  if( 0 == 0 )
9831  {
9832  hexify( output_str, output, ctx.len);
9833 
9834  fct_chk( strcasecmp( (char *) output_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" ) == 0 );
9835  }
9836 
9837  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9838  rsa_free( &ctx );
9839  }
9840  FCT_TEST_END();
9841 
9842 
9843  FCT_TEST_BGN(rsassa_pss_signature_example_4_6_verify)
9844  {
9845  unsigned char message_str[1000];
9846  unsigned char hash_result[1000];
9847  unsigned char result_str[1000];
9848  rsa_context ctx;
9849  size_t msg_len;
9850 
9852  memset( message_str, 0x00, 1000 );
9853  memset( hash_result, 0x00, 1000 );
9854  memset( result_str, 0x00, 1000 );
9855 
9856  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9857  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9858  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9859 
9860  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9861 
9862  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9863  unhexify( result_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" );
9864 
9865  switch( SIG_RSA_SHA1 )
9866  {
9867  #ifdef POLARSSL_MD2_C
9868  case SIG_RSA_MD2:
9869  md2( message_str, msg_len, hash_result );
9870  break;
9871  #endif
9872  #ifdef POLARSSL_MD4_C
9873  case SIG_RSA_MD4:
9874  md4( message_str, msg_len, hash_result );
9875  break;
9876  #endif
9877  #ifdef POLARSSL_MD5_C
9878  case SIG_RSA_MD5:
9879  md5( message_str, msg_len, hash_result );
9880  break;
9881  #endif
9882  #ifdef POLARSSL_SHA1_C
9883  case SIG_RSA_SHA1:
9884  sha1( message_str, msg_len, hash_result );
9885  break;
9886  #endif
9887  #ifdef POLARSSL_SHA2_C
9888  case SIG_RSA_SHA224:
9889  sha2( message_str, msg_len, hash_result, 1 );
9890  break;
9891  case SIG_RSA_SHA256:
9892  sha2( message_str, msg_len, hash_result, 0 );
9893  break;
9894  #endif
9895  #ifdef POLARSSL_SHA4_C
9896  case SIG_RSA_SHA384:
9897  sha4( message_str, msg_len, hash_result, 1 );
9898  break;
9899  case SIG_RSA_SHA512:
9900  sha4( message_str, msg_len, hash_result, 0 );
9901  break;
9902  #endif
9903  }
9904 
9905  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9906 
9907  rsa_free( &ctx );
9908  }
9909  FCT_TEST_END();
9910 
9911 
9912  FCT_TEST_BGN(rsassa_pss_signature_example_5_1)
9913  {
9914  unsigned char message_str[1000];
9915  unsigned char hash_result[1000];
9916  unsigned char output[1000];
9917  unsigned char output_str[1000];
9918  unsigned char rnd_buf[1000];
9919  rsa_context ctx;
9920  mpi P1, Q1, H, G;
9921  size_t msg_len;
9922  rnd_buf_info info;
9923 
9924  info.length = unhexify( rnd_buf, "081b233b43567750bd6e78f396a88b9f6a445151" );
9925  info.buf = rnd_buf;
9926 
9927  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9929 
9930  memset( message_str, 0x00, 1000 );
9931  memset( hash_result, 0x00, 1000 );
9932  memset( output, 0x00, 1000 );
9933  memset( output_str, 0x00, 1000 );
9934 
9935  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9936  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9937  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9938  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9939  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9940 
9941  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9942  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9943  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9944  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9945  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9946  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9947  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9948  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9949 
9950  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9951 
9952  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
9953 
9954  switch( SIG_RSA_SHA1 )
9955  {
9956  #ifdef POLARSSL_MD2_C
9957  case SIG_RSA_MD2:
9958  md2( message_str, msg_len, hash_result );
9959  break;
9960  #endif
9961  #ifdef POLARSSL_MD4_C
9962  case SIG_RSA_MD4:
9963  md4( message_str, msg_len, hash_result );
9964  break;
9965  #endif
9966  #ifdef POLARSSL_MD5_C
9967  case SIG_RSA_MD5:
9968  md5( message_str, msg_len, hash_result );
9969  break;
9970  #endif
9971  #ifdef POLARSSL_SHA1_C
9972  case SIG_RSA_SHA1:
9973  sha1( message_str, msg_len, hash_result );
9974  break;
9975  #endif
9976  #ifdef POLARSSL_SHA2_C
9977  case SIG_RSA_SHA224:
9978  sha2( message_str, msg_len, hash_result, 1 );
9979  break;
9980  case SIG_RSA_SHA256:
9981  sha2( message_str, msg_len, hash_result, 0 );
9982  break;
9983  #endif
9984  #ifdef POLARSSL_SHA4_C
9985  case SIG_RSA_SHA384:
9986  sha4( message_str, msg_len, hash_result, 1 );
9987  break;
9988  case SIG_RSA_SHA512:
9989  sha4( message_str, msg_len, hash_result, 0 );
9990  break;
9991  #endif
9992  }
9993 
9994  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9995  if( 0 == 0 )
9996  {
9997  hexify( output_str, output, ctx.len);
9998 
9999  fct_chk( strcasecmp( (char *) output_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" ) == 0 );
10000  }
10001 
10002  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10003  rsa_free( &ctx );
10004  }
10005  FCT_TEST_END();
10006 
10007 
10008  FCT_TEST_BGN(rsassa_pss_signature_example_5_1_verify)
10009  {
10010  unsigned char message_str[1000];
10011  unsigned char hash_result[1000];
10012  unsigned char result_str[1000];
10013  rsa_context ctx;
10014  size_t msg_len;
10015 
10017  memset( message_str, 0x00, 1000 );
10018  memset( hash_result, 0x00, 1000 );
10019  memset( result_str, 0x00, 1000 );
10020 
10021  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10022  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10023  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10024 
10025  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10026 
10027  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
10028  unhexify( result_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" );
10029 
10030  switch( SIG_RSA_SHA1 )
10031  {
10032  #ifdef POLARSSL_MD2_C
10033  case SIG_RSA_MD2:
10034  md2( message_str, msg_len, hash_result );
10035  break;
10036  #endif
10037  #ifdef POLARSSL_MD4_C
10038  case SIG_RSA_MD4:
10039  md4( message_str, msg_len, hash_result );
10040  break;
10041  #endif
10042  #ifdef POLARSSL_MD5_C
10043  case SIG_RSA_MD5:
10044  md5( message_str, msg_len, hash_result );
10045  break;
10046  #endif
10047  #ifdef POLARSSL_SHA1_C
10048  case SIG_RSA_SHA1:
10049  sha1( message_str, msg_len, hash_result );
10050  break;
10051  #endif
10052  #ifdef POLARSSL_SHA2_C
10053  case SIG_RSA_SHA224:
10054  sha2( message_str, msg_len, hash_result, 1 );
10055  break;
10056  case SIG_RSA_SHA256:
10057  sha2( message_str, msg_len, hash_result, 0 );
10058  break;
10059  #endif
10060  #ifdef POLARSSL_SHA4_C
10061  case SIG_RSA_SHA384:
10062  sha4( message_str, msg_len, hash_result, 1 );
10063  break;
10064  case SIG_RSA_SHA512:
10065  sha4( message_str, msg_len, hash_result, 0 );
10066  break;
10067  #endif
10068  }
10069 
10070  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10071 
10072  rsa_free( &ctx );
10073  }
10074  FCT_TEST_END();
10075 
10076 
10077  FCT_TEST_BGN(rsassa_pss_signature_example_5_2)
10078  {
10079  unsigned char message_str[1000];
10080  unsigned char hash_result[1000];
10081  unsigned char output[1000];
10082  unsigned char output_str[1000];
10083  unsigned char rnd_buf[1000];
10084  rsa_context ctx;
10085  mpi P1, Q1, H, G;
10086  size_t msg_len;
10087  rnd_buf_info info;
10088 
10089  info.length = unhexify( rnd_buf, "bd0ce19549d0700120cbe51077dbbbb00a8d8b09" );
10090  info.buf = rnd_buf;
10091 
10092  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10094 
10095  memset( message_str, 0x00, 1000 );
10096  memset( hash_result, 0x00, 1000 );
10097  memset( output, 0x00, 1000 );
10098  memset( output_str, 0x00, 1000 );
10099 
10100  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10101  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10102  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10103  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10104  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10105 
10106  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10107  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10108  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10109  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10110  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10111  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10112  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10113  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10114 
10115  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10116 
10117  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
10118 
10119  switch( SIG_RSA_SHA1 )
10120  {
10121  #ifdef POLARSSL_MD2_C
10122  case SIG_RSA_MD2:
10123  md2( message_str, msg_len, hash_result );
10124  break;
10125  #endif
10126  #ifdef POLARSSL_MD4_C
10127  case SIG_RSA_MD4:
10128  md4( message_str, msg_len, hash_result );
10129  break;
10130  #endif
10131  #ifdef POLARSSL_MD5_C
10132  case SIG_RSA_MD5:
10133  md5( message_str, msg_len, hash_result );
10134  break;
10135  #endif
10136  #ifdef POLARSSL_SHA1_C
10137  case SIG_RSA_SHA1:
10138  sha1( message_str, msg_len, hash_result );
10139  break;
10140  #endif
10141  #ifdef POLARSSL_SHA2_C
10142  case SIG_RSA_SHA224:
10143  sha2( message_str, msg_len, hash_result, 1 );
10144  break;
10145  case SIG_RSA_SHA256:
10146  sha2( message_str, msg_len, hash_result, 0 );
10147  break;
10148  #endif
10149  #ifdef POLARSSL_SHA4_C
10150  case SIG_RSA_SHA384:
10151  sha4( message_str, msg_len, hash_result, 1 );
10152  break;
10153  case SIG_RSA_SHA512:
10154  sha4( message_str, msg_len, hash_result, 0 );
10155  break;
10156  #endif
10157  }
10158 
10159  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10160  if( 0 == 0 )
10161  {
10162  hexify( output_str, output, ctx.len);
10163 
10164  fct_chk( strcasecmp( (char *) output_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" ) == 0 );
10165  }
10166 
10167  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10168  rsa_free( &ctx );
10169  }
10170  FCT_TEST_END();
10171 
10172 
10173  FCT_TEST_BGN(rsassa_pss_signature_example_5_2_verify)
10174  {
10175  unsigned char message_str[1000];
10176  unsigned char hash_result[1000];
10177  unsigned char result_str[1000];
10178  rsa_context ctx;
10179  size_t msg_len;
10180 
10182  memset( message_str, 0x00, 1000 );
10183  memset( hash_result, 0x00, 1000 );
10184  memset( result_str, 0x00, 1000 );
10185 
10186  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10187  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10188  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10189 
10190  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10191 
10192  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
10193  unhexify( result_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" );
10194 
10195  switch( SIG_RSA_SHA1 )
10196  {
10197  #ifdef POLARSSL_MD2_C
10198  case SIG_RSA_MD2:
10199  md2( message_str, msg_len, hash_result );
10200  break;
10201  #endif
10202  #ifdef POLARSSL_MD4_C
10203  case SIG_RSA_MD4:
10204  md4( message_str, msg_len, hash_result );
10205  break;
10206  #endif
10207  #ifdef POLARSSL_MD5_C
10208  case SIG_RSA_MD5:
10209  md5( message_str, msg_len, hash_result );
10210  break;
10211  #endif
10212  #ifdef POLARSSL_SHA1_C
10213  case SIG_RSA_SHA1:
10214  sha1( message_str, msg_len, hash_result );
10215  break;
10216  #endif
10217  #ifdef POLARSSL_SHA2_C
10218  case SIG_RSA_SHA224:
10219  sha2( message_str, msg_len, hash_result, 1 );
10220  break;
10221  case SIG_RSA_SHA256:
10222  sha2( message_str, msg_len, hash_result, 0 );
10223  break;
10224  #endif
10225  #ifdef POLARSSL_SHA4_C
10226  case SIG_RSA_SHA384:
10227  sha4( message_str, msg_len, hash_result, 1 );
10228  break;
10229  case SIG_RSA_SHA512:
10230  sha4( message_str, msg_len, hash_result, 0 );
10231  break;
10232  #endif
10233  }
10234 
10235  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10236 
10237  rsa_free( &ctx );
10238  }
10239  FCT_TEST_END();
10240 
10241 
10242  FCT_TEST_BGN(rsassa_pss_signature_example_5_3)
10243  {
10244  unsigned char message_str[1000];
10245  unsigned char hash_result[1000];
10246  unsigned char output[1000];
10247  unsigned char output_str[1000];
10248  unsigned char rnd_buf[1000];
10249  rsa_context ctx;
10250  mpi P1, Q1, H, G;
10251  size_t msg_len;
10252  rnd_buf_info info;
10253 
10254  info.length = unhexify( rnd_buf, "815779a91b3a8bd049bf2aeb920142772222c9ca" );
10255  info.buf = rnd_buf;
10256 
10257  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10259 
10260  memset( message_str, 0x00, 1000 );
10261  memset( hash_result, 0x00, 1000 );
10262  memset( output, 0x00, 1000 );
10263  memset( output_str, 0x00, 1000 );
10264 
10265  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10266  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10267  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10268  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10269  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10270 
10271  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10272  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10273  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10274  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10275  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10276  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10277  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10278  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10279 
10280  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10281 
10282  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
10283 
10284  switch( SIG_RSA_SHA1 )
10285  {
10286  #ifdef POLARSSL_MD2_C
10287  case SIG_RSA_MD2:
10288  md2( message_str, msg_len, hash_result );
10289  break;
10290  #endif
10291  #ifdef POLARSSL_MD4_C
10292  case SIG_RSA_MD4:
10293  md4( message_str, msg_len, hash_result );
10294  break;
10295  #endif
10296  #ifdef POLARSSL_MD5_C
10297  case SIG_RSA_MD5:
10298  md5( message_str, msg_len, hash_result );
10299  break;
10300  #endif
10301  #ifdef POLARSSL_SHA1_C
10302  case SIG_RSA_SHA1:
10303  sha1( message_str, msg_len, hash_result );
10304  break;
10305  #endif
10306  #ifdef POLARSSL_SHA2_C
10307  case SIG_RSA_SHA224:
10308  sha2( message_str, msg_len, hash_result, 1 );
10309  break;
10310  case SIG_RSA_SHA256:
10311  sha2( message_str, msg_len, hash_result, 0 );
10312  break;
10313  #endif
10314  #ifdef POLARSSL_SHA4_C
10315  case SIG_RSA_SHA384:
10316  sha4( message_str, msg_len, hash_result, 1 );
10317  break;
10318  case SIG_RSA_SHA512:
10319  sha4( message_str, msg_len, hash_result, 0 );
10320  break;
10321  #endif
10322  }
10323 
10324  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10325  if( 0 == 0 )
10326  {
10327  hexify( output_str, output, ctx.len);
10328 
10329  fct_chk( strcasecmp( (char *) output_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" ) == 0 );
10330  }
10331 
10332  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10333  rsa_free( &ctx );
10334  }
10335  FCT_TEST_END();
10336 
10337 
10338  FCT_TEST_BGN(rsassa_pss_signature_example_5_3_verify)
10339  {
10340  unsigned char message_str[1000];
10341  unsigned char hash_result[1000];
10342  unsigned char result_str[1000];
10343  rsa_context ctx;
10344  size_t msg_len;
10345 
10347  memset( message_str, 0x00, 1000 );
10348  memset( hash_result, 0x00, 1000 );
10349  memset( result_str, 0x00, 1000 );
10350 
10351  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10352  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10353  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10354 
10355  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10356 
10357  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
10358  unhexify( result_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" );
10359 
10360  switch( SIG_RSA_SHA1 )
10361  {
10362  #ifdef POLARSSL_MD2_C
10363  case SIG_RSA_MD2:
10364  md2( message_str, msg_len, hash_result );
10365  break;
10366  #endif
10367  #ifdef POLARSSL_MD4_C
10368  case SIG_RSA_MD4:
10369  md4( message_str, msg_len, hash_result );
10370  break;
10371  #endif
10372  #ifdef POLARSSL_MD5_C
10373  case SIG_RSA_MD5:
10374  md5( message_str, msg_len, hash_result );
10375  break;
10376  #endif
10377  #ifdef POLARSSL_SHA1_C
10378  case SIG_RSA_SHA1:
10379  sha1( message_str, msg_len, hash_result );
10380  break;
10381  #endif
10382  #ifdef POLARSSL_SHA2_C
10383  case SIG_RSA_SHA224:
10384  sha2( message_str, msg_len, hash_result, 1 );
10385  break;
10386  case SIG_RSA_SHA256:
10387  sha2( message_str, msg_len, hash_result, 0 );
10388  break;
10389  #endif
10390  #ifdef POLARSSL_SHA4_C
10391  case SIG_RSA_SHA384:
10392  sha4( message_str, msg_len, hash_result, 1 );
10393  break;
10394  case SIG_RSA_SHA512:
10395  sha4( message_str, msg_len, hash_result, 0 );
10396  break;
10397  #endif
10398  }
10399 
10400  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10401 
10402  rsa_free( &ctx );
10403  }
10404  FCT_TEST_END();
10405 
10406 
10407  FCT_TEST_BGN(rsassa_pss_signature_example_5_4)
10408  {
10409  unsigned char message_str[1000];
10410  unsigned char hash_result[1000];
10411  unsigned char output[1000];
10412  unsigned char output_str[1000];
10413  unsigned char rnd_buf[1000];
10414  rsa_context ctx;
10415  mpi P1, Q1, H, G;
10416  size_t msg_len;
10417  rnd_buf_info info;
10418 
10419  info.length = unhexify( rnd_buf, "9aec4a7480d5bbc42920d7ca235db674989c9aac" );
10420  info.buf = rnd_buf;
10421 
10422  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10424 
10425  memset( message_str, 0x00, 1000 );
10426  memset( hash_result, 0x00, 1000 );
10427  memset( output, 0x00, 1000 );
10428  memset( output_str, 0x00, 1000 );
10429 
10430  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10431  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10432  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10433  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10434  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10435 
10436  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10437  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10438  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10439  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10440  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10441  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10442  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10443  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10444 
10445  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10446 
10447  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10448 
10449  switch( SIG_RSA_SHA1 )
10450  {
10451  #ifdef POLARSSL_MD2_C
10452  case SIG_RSA_MD2:
10453  md2( message_str, msg_len, hash_result );
10454  break;
10455  #endif
10456  #ifdef POLARSSL_MD4_C
10457  case SIG_RSA_MD4:
10458  md4( message_str, msg_len, hash_result );
10459  break;
10460  #endif
10461  #ifdef POLARSSL_MD5_C
10462  case SIG_RSA_MD5:
10463  md5( message_str, msg_len, hash_result );
10464  break;
10465  #endif
10466  #ifdef POLARSSL_SHA1_C
10467  case SIG_RSA_SHA1:
10468  sha1( message_str, msg_len, hash_result );
10469  break;
10470  #endif
10471  #ifdef POLARSSL_SHA2_C
10472  case SIG_RSA_SHA224:
10473  sha2( message_str, msg_len, hash_result, 1 );
10474  break;
10475  case SIG_RSA_SHA256:
10476  sha2( message_str, msg_len, hash_result, 0 );
10477  break;
10478  #endif
10479  #ifdef POLARSSL_SHA4_C
10480  case SIG_RSA_SHA384:
10481  sha4( message_str, msg_len, hash_result, 1 );
10482  break;
10483  case SIG_RSA_SHA512:
10484  sha4( message_str, msg_len, hash_result, 0 );
10485  break;
10486  #endif
10487  }
10488 
10489  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10490  if( 0 == 0 )
10491  {
10492  hexify( output_str, output, ctx.len);
10493 
10494  fct_chk( strcasecmp( (char *) output_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" ) == 0 );
10495  }
10496 
10497  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10498  rsa_free( &ctx );
10499  }
10500  FCT_TEST_END();
10501 
10502 
10503  FCT_TEST_BGN(rsassa_pss_signature_example_5_4_verify)
10504  {
10505  unsigned char message_str[1000];
10506  unsigned char hash_result[1000];
10507  unsigned char result_str[1000];
10508  rsa_context ctx;
10509  size_t msg_len;
10510 
10512  memset( message_str, 0x00, 1000 );
10513  memset( hash_result, 0x00, 1000 );
10514  memset( result_str, 0x00, 1000 );
10515 
10516  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10517  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10518  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10519 
10520  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10521 
10522  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10523  unhexify( result_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" );
10524 
10525  switch( SIG_RSA_SHA1 )
10526  {
10527  #ifdef POLARSSL_MD2_C
10528  case SIG_RSA_MD2:
10529  md2( message_str, msg_len, hash_result );
10530  break;
10531  #endif
10532  #ifdef POLARSSL_MD4_C
10533  case SIG_RSA_MD4:
10534  md4( message_str, msg_len, hash_result );
10535  break;
10536  #endif
10537  #ifdef POLARSSL_MD5_C
10538  case SIG_RSA_MD5:
10539  md5( message_str, msg_len, hash_result );
10540  break;
10541  #endif
10542  #ifdef POLARSSL_SHA1_C
10543  case SIG_RSA_SHA1:
10544  sha1( message_str, msg_len, hash_result );
10545  break;
10546  #endif
10547  #ifdef POLARSSL_SHA2_C
10548  case SIG_RSA_SHA224:
10549  sha2( message_str, msg_len, hash_result, 1 );
10550  break;
10551  case SIG_RSA_SHA256:
10552  sha2( message_str, msg_len, hash_result, 0 );
10553  break;
10554  #endif
10555  #ifdef POLARSSL_SHA4_C
10556  case SIG_RSA_SHA384:
10557  sha4( message_str, msg_len, hash_result, 1 );
10558  break;
10559  case SIG_RSA_SHA512:
10560  sha4( message_str, msg_len, hash_result, 0 );
10561  break;
10562  #endif
10563  }
10564 
10565  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10566 
10567  rsa_free( &ctx );
10568  }
10569  FCT_TEST_END();
10570 
10571 
10572  FCT_TEST_BGN(rsassa_pss_signature_example_5_5)
10573  {
10574  unsigned char message_str[1000];
10575  unsigned char hash_result[1000];
10576  unsigned char output[1000];
10577  unsigned char output_str[1000];
10578  unsigned char rnd_buf[1000];
10579  rsa_context ctx;
10580  mpi P1, Q1, H, G;
10581  size_t msg_len;
10582  rnd_buf_info info;
10583 
10584  info.length = unhexify( rnd_buf, "e20c1e9878512c39970f58375e1549a68b64f31d" );
10585  info.buf = rnd_buf;
10586 
10587  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10589 
10590  memset( message_str, 0x00, 1000 );
10591  memset( hash_result, 0x00, 1000 );
10592  memset( output, 0x00, 1000 );
10593  memset( output_str, 0x00, 1000 );
10594 
10595  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10596  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10597  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10598  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10599  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10600 
10601  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10602  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10603  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10604  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10605  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10606  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10607  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10608  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10609 
10610  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10611 
10612  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10613 
10614  switch( SIG_RSA_SHA1 )
10615  {
10616  #ifdef POLARSSL_MD2_C
10617  case SIG_RSA_MD2:
10618  md2( message_str, msg_len, hash_result );
10619  break;
10620  #endif
10621  #ifdef POLARSSL_MD4_C
10622  case SIG_RSA_MD4:
10623  md4( message_str, msg_len, hash_result );
10624  break;
10625  #endif
10626  #ifdef POLARSSL_MD5_C
10627  case SIG_RSA_MD5:
10628  md5( message_str, msg_len, hash_result );
10629  break;
10630  #endif
10631  #ifdef POLARSSL_SHA1_C
10632  case SIG_RSA_SHA1:
10633  sha1( message_str, msg_len, hash_result );
10634  break;
10635  #endif
10636  #ifdef POLARSSL_SHA2_C
10637  case SIG_RSA_SHA224:
10638  sha2( message_str, msg_len, hash_result, 1 );
10639  break;
10640  case SIG_RSA_SHA256:
10641  sha2( message_str, msg_len, hash_result, 0 );
10642  break;
10643  #endif
10644  #ifdef POLARSSL_SHA4_C
10645  case SIG_RSA_SHA384:
10646  sha4( message_str, msg_len, hash_result, 1 );
10647  break;
10648  case SIG_RSA_SHA512:
10649  sha4( message_str, msg_len, hash_result, 0 );
10650  break;
10651  #endif
10652  }
10653 
10654  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10655  if( 0 == 0 )
10656  {
10657  hexify( output_str, output, ctx.len);
10658 
10659  fct_chk( strcasecmp( (char *) output_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" ) == 0 );
10660  }
10661 
10662  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10663  rsa_free( &ctx );
10664  }
10665  FCT_TEST_END();
10666 
10667 
10668  FCT_TEST_BGN(rsassa_pss_signature_example_5_5_verify)
10669  {
10670  unsigned char message_str[1000];
10671  unsigned char hash_result[1000];
10672  unsigned char result_str[1000];
10673  rsa_context ctx;
10674  size_t msg_len;
10675 
10677  memset( message_str, 0x00, 1000 );
10678  memset( hash_result, 0x00, 1000 );
10679  memset( result_str, 0x00, 1000 );
10680 
10681  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10682  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10683  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10684 
10685  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10686 
10687  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10688  unhexify( result_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" );
10689 
10690  switch( SIG_RSA_SHA1 )
10691  {
10692  #ifdef POLARSSL_MD2_C
10693  case SIG_RSA_MD2:
10694  md2( message_str, msg_len, hash_result );
10695  break;
10696  #endif
10697  #ifdef POLARSSL_MD4_C
10698  case SIG_RSA_MD4:
10699  md4( message_str, msg_len, hash_result );
10700  break;
10701  #endif
10702  #ifdef POLARSSL_MD5_C
10703  case SIG_RSA_MD5:
10704  md5( message_str, msg_len, hash_result );
10705  break;
10706  #endif
10707  #ifdef POLARSSL_SHA1_C
10708  case SIG_RSA_SHA1:
10709  sha1( message_str, msg_len, hash_result );
10710  break;
10711  #endif
10712  #ifdef POLARSSL_SHA2_C
10713  case SIG_RSA_SHA224:
10714  sha2( message_str, msg_len, hash_result, 1 );
10715  break;
10716  case SIG_RSA_SHA256:
10717  sha2( message_str, msg_len, hash_result, 0 );
10718  break;
10719  #endif
10720  #ifdef POLARSSL_SHA4_C
10721  case SIG_RSA_SHA384:
10722  sha4( message_str, msg_len, hash_result, 1 );
10723  break;
10724  case SIG_RSA_SHA512:
10725  sha4( message_str, msg_len, hash_result, 0 );
10726  break;
10727  #endif
10728  }
10729 
10730  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10731 
10732  rsa_free( &ctx );
10733  }
10734  FCT_TEST_END();
10735 
10736 
10737  FCT_TEST_BGN(rsassa_pss_signature_example_5_6)
10738  {
10739  unsigned char message_str[1000];
10740  unsigned char hash_result[1000];
10741  unsigned char output[1000];
10742  unsigned char output_str[1000];
10743  unsigned char rnd_buf[1000];
10744  rsa_context ctx;
10745  mpi P1, Q1, H, G;
10746  size_t msg_len;
10747  rnd_buf_info info;
10748 
10749  info.length = unhexify( rnd_buf, "23291e4a3307e8bbb776623ab34e4a5f4cc8a8db" );
10750  info.buf = rnd_buf;
10751 
10752  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10754 
10755  memset( message_str, 0x00, 1000 );
10756  memset( hash_result, 0x00, 1000 );
10757  memset( output, 0x00, 1000 );
10758  memset( output_str, 0x00, 1000 );
10759 
10760  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10761  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10762  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10763  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10764  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10765 
10766  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10767  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10768  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10769  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10770  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10771  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10772  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10773  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10774 
10775  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10776 
10777  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10778 
10779  switch( SIG_RSA_SHA1 )
10780  {
10781  #ifdef POLARSSL_MD2_C
10782  case SIG_RSA_MD2:
10783  md2( message_str, msg_len, hash_result );
10784  break;
10785  #endif
10786  #ifdef POLARSSL_MD4_C
10787  case SIG_RSA_MD4:
10788  md4( message_str, msg_len, hash_result );
10789  break;
10790  #endif
10791  #ifdef POLARSSL_MD5_C
10792  case SIG_RSA_MD5:
10793  md5( message_str, msg_len, hash_result );
10794  break;
10795  #endif
10796  #ifdef POLARSSL_SHA1_C
10797  case SIG_RSA_SHA1:
10798  sha1( message_str, msg_len, hash_result );
10799  break;
10800  #endif
10801  #ifdef POLARSSL_SHA2_C
10802  case SIG_RSA_SHA224:
10803  sha2( message_str, msg_len, hash_result, 1 );
10804  break;
10805  case SIG_RSA_SHA256:
10806  sha2( message_str, msg_len, hash_result, 0 );
10807  break;
10808  #endif
10809  #ifdef POLARSSL_SHA4_C
10810  case SIG_RSA_SHA384:
10811  sha4( message_str, msg_len, hash_result, 1 );
10812  break;
10813  case SIG_RSA_SHA512:
10814  sha4( message_str, msg_len, hash_result, 0 );
10815  break;
10816  #endif
10817  }
10818 
10819  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10820  if( 0 == 0 )
10821  {
10822  hexify( output_str, output, ctx.len);
10823 
10824  fct_chk( strcasecmp( (char *) output_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" ) == 0 );
10825  }
10826 
10827  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10828  rsa_free( &ctx );
10829  }
10830  FCT_TEST_END();
10831 
10832 
10833  FCT_TEST_BGN(rsassa_pss_signature_example_5_6_verify)
10834  {
10835  unsigned char message_str[1000];
10836  unsigned char hash_result[1000];
10837  unsigned char result_str[1000];
10838  rsa_context ctx;
10839  size_t msg_len;
10840 
10842  memset( message_str, 0x00, 1000 );
10843  memset( hash_result, 0x00, 1000 );
10844  memset( result_str, 0x00, 1000 );
10845 
10846  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10847  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10848  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10849 
10850  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10851 
10852  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10853  unhexify( result_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" );
10854 
10855  switch( SIG_RSA_SHA1 )
10856  {
10857  #ifdef POLARSSL_MD2_C
10858  case SIG_RSA_MD2:
10859  md2( message_str, msg_len, hash_result );
10860  break;
10861  #endif
10862  #ifdef POLARSSL_MD4_C
10863  case SIG_RSA_MD4:
10864  md4( message_str, msg_len, hash_result );
10865  break;
10866  #endif
10867  #ifdef POLARSSL_MD5_C
10868  case SIG_RSA_MD5:
10869  md5( message_str, msg_len, hash_result );
10870  break;
10871  #endif
10872  #ifdef POLARSSL_SHA1_C
10873  case SIG_RSA_SHA1:
10874  sha1( message_str, msg_len, hash_result );
10875  break;
10876  #endif
10877  #ifdef POLARSSL_SHA2_C
10878  case SIG_RSA_SHA224:
10879  sha2( message_str, msg_len, hash_result, 1 );
10880  break;
10881  case SIG_RSA_SHA256:
10882  sha2( message_str, msg_len, hash_result, 0 );
10883  break;
10884  #endif
10885  #ifdef POLARSSL_SHA4_C
10886  case SIG_RSA_SHA384:
10887  sha4( message_str, msg_len, hash_result, 1 );
10888  break;
10889  case SIG_RSA_SHA512:
10890  sha4( message_str, msg_len, hash_result, 0 );
10891  break;
10892  #endif
10893  }
10894 
10895  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10896 
10897  rsa_free( &ctx );
10898  }
10899  FCT_TEST_END();
10900 
10901 
10902  FCT_TEST_BGN(rsassa_pss_signature_example_6_1)
10903  {
10904  unsigned char message_str[1000];
10905  unsigned char hash_result[1000];
10906  unsigned char output[1000];
10907  unsigned char output_str[1000];
10908  unsigned char rnd_buf[1000];
10909  rsa_context ctx;
10910  mpi P1, Q1, H, G;
10911  size_t msg_len;
10912  rnd_buf_info info;
10913 
10914  info.length = unhexify( rnd_buf, "5b4ea2ef629cc22f3b538e016904b47b1e40bfd5" );
10915  info.buf = rnd_buf;
10916 
10917  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10919 
10920  memset( message_str, 0x00, 1000 );
10921  memset( hash_result, 0x00, 1000 );
10922  memset( output, 0x00, 1000 );
10923  memset( output_str, 0x00, 1000 );
10924 
10925  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10926  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10927  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10928  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10929  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10930 
10931  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10932  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10933  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10934  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10935  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10936  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10937  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10938  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10939 
10940  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10941 
10942  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10943 
10944  switch( SIG_RSA_SHA1 )
10945  {
10946  #ifdef POLARSSL_MD2_C
10947  case SIG_RSA_MD2:
10948  md2( message_str, msg_len, hash_result );
10949  break;
10950  #endif
10951  #ifdef POLARSSL_MD4_C
10952  case SIG_RSA_MD4:
10953  md4( message_str, msg_len, hash_result );
10954  break;
10955  #endif
10956  #ifdef POLARSSL_MD5_C
10957  case SIG_RSA_MD5:
10958  md5( message_str, msg_len, hash_result );
10959  break;
10960  #endif
10961  #ifdef POLARSSL_SHA1_C
10962  case SIG_RSA_SHA1:
10963  sha1( message_str, msg_len, hash_result );
10964  break;
10965  #endif
10966  #ifdef POLARSSL_SHA2_C
10967  case SIG_RSA_SHA224:
10968  sha2( message_str, msg_len, hash_result, 1 );
10969  break;
10970  case SIG_RSA_SHA256:
10971  sha2( message_str, msg_len, hash_result, 0 );
10972  break;
10973  #endif
10974  #ifdef POLARSSL_SHA4_C
10975  case SIG_RSA_SHA384:
10976  sha4( message_str, msg_len, hash_result, 1 );
10977  break;
10978  case SIG_RSA_SHA512:
10979  sha4( message_str, msg_len, hash_result, 0 );
10980  break;
10981  #endif
10982  }
10983 
10984  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10985  if( 0 == 0 )
10986  {
10987  hexify( output_str, output, ctx.len);
10988 
10989  fct_chk( strcasecmp( (char *) output_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" ) == 0 );
10990  }
10991 
10992  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10993  rsa_free( &ctx );
10994  }
10995  FCT_TEST_END();
10996 
10997 
10998  FCT_TEST_BGN(rsassa_pss_signature_example_6_1_verify)
10999  {
11000  unsigned char message_str[1000];
11001  unsigned char hash_result[1000];
11002  unsigned char result_str[1000];
11003  rsa_context ctx;
11004  size_t msg_len;
11005 
11007  memset( message_str, 0x00, 1000 );
11008  memset( hash_result, 0x00, 1000 );
11009  memset( result_str, 0x00, 1000 );
11010 
11011  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11012  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11013  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11014 
11015  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11016 
11017  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
11018  unhexify( result_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" );
11019 
11020  switch( SIG_RSA_SHA1 )
11021  {
11022  #ifdef POLARSSL_MD2_C
11023  case SIG_RSA_MD2:
11024  md2( message_str, msg_len, hash_result );
11025  break;
11026  #endif
11027  #ifdef POLARSSL_MD4_C
11028  case SIG_RSA_MD4:
11029  md4( message_str, msg_len, hash_result );
11030  break;
11031  #endif
11032  #ifdef POLARSSL_MD5_C
11033  case SIG_RSA_MD5:
11034  md5( message_str, msg_len, hash_result );
11035  break;
11036  #endif
11037  #ifdef POLARSSL_SHA1_C
11038  case SIG_RSA_SHA1:
11039  sha1( message_str, msg_len, hash_result );
11040  break;
11041  #endif
11042  #ifdef POLARSSL_SHA2_C
11043  case SIG_RSA_SHA224:
11044  sha2( message_str, msg_len, hash_result, 1 );
11045  break;
11046  case SIG_RSA_SHA256:
11047  sha2( message_str, msg_len, hash_result, 0 );
11048  break;
11049  #endif
11050  #ifdef POLARSSL_SHA4_C
11051  case SIG_RSA_SHA384:
11052  sha4( message_str, msg_len, hash_result, 1 );
11053  break;
11054  case SIG_RSA_SHA512:
11055  sha4( message_str, msg_len, hash_result, 0 );
11056  break;
11057  #endif
11058  }
11059 
11060  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11061 
11062  rsa_free( &ctx );
11063  }
11064  FCT_TEST_END();
11065 
11066 
11067  FCT_TEST_BGN(rsassa_pss_signature_example_6_2)
11068  {
11069  unsigned char message_str[1000];
11070  unsigned char hash_result[1000];
11071  unsigned char output[1000];
11072  unsigned char output_str[1000];
11073  unsigned char rnd_buf[1000];
11074  rsa_context ctx;
11075  mpi P1, Q1, H, G;
11076  size_t msg_len;
11077  rnd_buf_info info;
11078 
11079  info.length = unhexify( rnd_buf, "83146a9e782722c28b014f98b4267bda2ac9504f" );
11080  info.buf = rnd_buf;
11081 
11082  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11084 
11085  memset( message_str, 0x00, 1000 );
11086  memset( hash_result, 0x00, 1000 );
11087  memset( output, 0x00, 1000 );
11088  memset( output_str, 0x00, 1000 );
11089 
11090  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11091  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11092  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11093  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11094  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11095 
11096  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11097  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11098  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11099  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11100  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11101  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11102  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11103  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11104 
11105  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11106 
11107  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
11108 
11109  switch( SIG_RSA_SHA1 )
11110  {
11111  #ifdef POLARSSL_MD2_C
11112  case SIG_RSA_MD2:
11113  md2( message_str, msg_len, hash_result );
11114  break;
11115  #endif
11116  #ifdef POLARSSL_MD4_C
11117  case SIG_RSA_MD4:
11118  md4( message_str, msg_len, hash_result );
11119  break;
11120  #endif
11121  #ifdef POLARSSL_MD5_C
11122  case SIG_RSA_MD5:
11123  md5( message_str, msg_len, hash_result );
11124  break;
11125  #endif
11126  #ifdef POLARSSL_SHA1_C
11127  case SIG_RSA_SHA1:
11128  sha1( message_str, msg_len, hash_result );
11129  break;
11130  #endif
11131  #ifdef POLARSSL_SHA2_C
11132  case SIG_RSA_SHA224:
11133  sha2( message_str, msg_len, hash_result, 1 );
11134  break;
11135  case SIG_RSA_SHA256:
11136  sha2( message_str, msg_len, hash_result, 0 );
11137  break;
11138  #endif
11139  #ifdef POLARSSL_SHA4_C
11140  case SIG_RSA_SHA384:
11141  sha4( message_str, msg_len, hash_result, 1 );
11142  break;
11143  case SIG_RSA_SHA512:
11144  sha4( message_str, msg_len, hash_result, 0 );
11145  break;
11146  #endif
11147  }
11148 
11149  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11150  if( 0 == 0 )
11151  {
11152  hexify( output_str, output, ctx.len);
11153 
11154  fct_chk( strcasecmp( (char *) output_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" ) == 0 );
11155  }
11156 
11157  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11158  rsa_free( &ctx );
11159  }
11160  FCT_TEST_END();
11161 
11162 
11163  FCT_TEST_BGN(rsassa_pss_signature_example_6_2_verify)
11164  {
11165  unsigned char message_str[1000];
11166  unsigned char hash_result[1000];
11167  unsigned char result_str[1000];
11168  rsa_context ctx;
11169  size_t msg_len;
11170 
11172  memset( message_str, 0x00, 1000 );
11173  memset( hash_result, 0x00, 1000 );
11174  memset( result_str, 0x00, 1000 );
11175 
11176  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11177  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11178  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11179 
11180  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11181 
11182  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
11183  unhexify( result_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" );
11184 
11185  switch( SIG_RSA_SHA1 )
11186  {
11187  #ifdef POLARSSL_MD2_C
11188  case SIG_RSA_MD2:
11189  md2( message_str, msg_len, hash_result );
11190  break;
11191  #endif
11192  #ifdef POLARSSL_MD4_C
11193  case SIG_RSA_MD4:
11194  md4( message_str, msg_len, hash_result );
11195  break;
11196  #endif
11197  #ifdef POLARSSL_MD5_C
11198  case SIG_RSA_MD5:
11199  md5( message_str, msg_len, hash_result );
11200  break;
11201  #endif
11202  #ifdef POLARSSL_SHA1_C
11203  case SIG_RSA_SHA1:
11204  sha1( message_str, msg_len, hash_result );
11205  break;
11206  #endif
11207  #ifdef POLARSSL_SHA2_C
11208  case SIG_RSA_SHA224:
11209  sha2( message_str, msg_len, hash_result, 1 );
11210  break;
11211  case SIG_RSA_SHA256:
11212  sha2( message_str, msg_len, hash_result, 0 );
11213  break;
11214  #endif
11215  #ifdef POLARSSL_SHA4_C
11216  case SIG_RSA_SHA384:
11217  sha4( message_str, msg_len, hash_result, 1 );
11218  break;
11219  case SIG_RSA_SHA512:
11220  sha4( message_str, msg_len, hash_result, 0 );
11221  break;
11222  #endif
11223  }
11224 
11225  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11226 
11227  rsa_free( &ctx );
11228  }
11229  FCT_TEST_END();
11230 
11231 
11232  FCT_TEST_BGN(rsassa_pss_signature_example_6_3)
11233  {
11234  unsigned char message_str[1000];
11235  unsigned char hash_result[1000];
11236  unsigned char output[1000];
11237  unsigned char output_str[1000];
11238  unsigned char rnd_buf[1000];
11239  rsa_context ctx;
11240  mpi P1, Q1, H, G;
11241  size_t msg_len;
11242  rnd_buf_info info;
11243 
11244  info.length = unhexify( rnd_buf, "a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8" );
11245  info.buf = rnd_buf;
11246 
11247  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11249 
11250  memset( message_str, 0x00, 1000 );
11251  memset( hash_result, 0x00, 1000 );
11252  memset( output, 0x00, 1000 );
11253  memset( output_str, 0x00, 1000 );
11254 
11255  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11256  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11257  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11258  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11259  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11260 
11261  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11262  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11263  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11264  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11265  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11266  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11267  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11268  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11269 
11270  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11271 
11272  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
11273 
11274  switch( SIG_RSA_SHA1 )
11275  {
11276  #ifdef POLARSSL_MD2_C
11277  case SIG_RSA_MD2:
11278  md2( message_str, msg_len, hash_result );
11279  break;
11280  #endif
11281  #ifdef POLARSSL_MD4_C
11282  case SIG_RSA_MD4:
11283  md4( message_str, msg_len, hash_result );
11284  break;
11285  #endif
11286  #ifdef POLARSSL_MD5_C
11287  case SIG_RSA_MD5:
11288  md5( message_str, msg_len, hash_result );
11289  break;
11290  #endif
11291  #ifdef POLARSSL_SHA1_C
11292  case SIG_RSA_SHA1:
11293  sha1( message_str, msg_len, hash_result );
11294  break;
11295  #endif
11296  #ifdef POLARSSL_SHA2_C
11297  case SIG_RSA_SHA224:
11298  sha2( message_str, msg_len, hash_result, 1 );
11299  break;
11300  case SIG_RSA_SHA256:
11301  sha2( message_str, msg_len, hash_result, 0 );
11302  break;
11303  #endif
11304  #ifdef POLARSSL_SHA4_C
11305  case SIG_RSA_SHA384:
11306  sha4( message_str, msg_len, hash_result, 1 );
11307  break;
11308  case SIG_RSA_SHA512:
11309  sha4( message_str, msg_len, hash_result, 0 );
11310  break;
11311  #endif
11312  }
11313 
11314  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11315  if( 0 == 0 )
11316  {
11317  hexify( output_str, output, ctx.len);
11318 
11319  fct_chk( strcasecmp( (char *) output_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" ) == 0 );
11320  }
11321 
11322  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11323  rsa_free( &ctx );
11324  }
11325  FCT_TEST_END();
11326 
11327 
11328  FCT_TEST_BGN(rsassa_pss_signature_example_6_3_verify)
11329  {
11330  unsigned char message_str[1000];
11331  unsigned char hash_result[1000];
11332  unsigned char result_str[1000];
11333  rsa_context ctx;
11334  size_t msg_len;
11335 
11337  memset( message_str, 0x00, 1000 );
11338  memset( hash_result, 0x00, 1000 );
11339  memset( result_str, 0x00, 1000 );
11340 
11341  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11342  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11343  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11344 
11345  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11346 
11347  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
11348  unhexify( result_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" );
11349 
11350  switch( SIG_RSA_SHA1 )
11351  {
11352  #ifdef POLARSSL_MD2_C
11353  case SIG_RSA_MD2:
11354  md2( message_str, msg_len, hash_result );
11355  break;
11356  #endif
11357  #ifdef POLARSSL_MD4_C
11358  case SIG_RSA_MD4:
11359  md4( message_str, msg_len, hash_result );
11360  break;
11361  #endif
11362  #ifdef POLARSSL_MD5_C
11363  case SIG_RSA_MD5:
11364  md5( message_str, msg_len, hash_result );
11365  break;
11366  #endif
11367  #ifdef POLARSSL_SHA1_C
11368  case SIG_RSA_SHA1:
11369  sha1( message_str, msg_len, hash_result );
11370  break;
11371  #endif
11372  #ifdef POLARSSL_SHA2_C
11373  case SIG_RSA_SHA224:
11374  sha2( message_str, msg_len, hash_result, 1 );
11375  break;
11376  case SIG_RSA_SHA256:
11377  sha2( message_str, msg_len, hash_result, 0 );
11378  break;
11379  #endif
11380  #ifdef POLARSSL_SHA4_C
11381  case SIG_RSA_SHA384:
11382  sha4( message_str, msg_len, hash_result, 1 );
11383  break;
11384  case SIG_RSA_SHA512:
11385  sha4( message_str, msg_len, hash_result, 0 );
11386  break;
11387  #endif
11388  }
11389 
11390  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11391 
11392  rsa_free( &ctx );
11393  }
11394  FCT_TEST_END();
11395 
11396 
11397  FCT_TEST_BGN(rsassa_pss_signature_example_6_4)
11398  {
11399  unsigned char message_str[1000];
11400  unsigned char hash_result[1000];
11401  unsigned char output[1000];
11402  unsigned char output_str[1000];
11403  unsigned char rnd_buf[1000];
11404  rsa_context ctx;
11405  mpi P1, Q1, H, G;
11406  size_t msg_len;
11407  rnd_buf_info info;
11408 
11409  info.length = unhexify( rnd_buf, "a37932f8a7494a942d6f767438e724d6d0c0ef18" );
11410  info.buf = rnd_buf;
11411 
11412  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11414 
11415  memset( message_str, 0x00, 1000 );
11416  memset( hash_result, 0x00, 1000 );
11417  memset( output, 0x00, 1000 );
11418  memset( output_str, 0x00, 1000 );
11419 
11420  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11421  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11422  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11423  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11424  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11425 
11426  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11427  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11428  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11429  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11430  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11431  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11432  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11433  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11434 
11435  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11436 
11437  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11438 
11439  switch( SIG_RSA_SHA1 )
11440  {
11441  #ifdef POLARSSL_MD2_C
11442  case SIG_RSA_MD2:
11443  md2( message_str, msg_len, hash_result );
11444  break;
11445  #endif
11446  #ifdef POLARSSL_MD4_C
11447  case SIG_RSA_MD4:
11448  md4( message_str, msg_len, hash_result );
11449  break;
11450  #endif
11451  #ifdef POLARSSL_MD5_C
11452  case SIG_RSA_MD5:
11453  md5( message_str, msg_len, hash_result );
11454  break;
11455  #endif
11456  #ifdef POLARSSL_SHA1_C
11457  case SIG_RSA_SHA1:
11458  sha1( message_str, msg_len, hash_result );
11459  break;
11460  #endif
11461  #ifdef POLARSSL_SHA2_C
11462  case SIG_RSA_SHA224:
11463  sha2( message_str, msg_len, hash_result, 1 );
11464  break;
11465  case SIG_RSA_SHA256:
11466  sha2( message_str, msg_len, hash_result, 0 );
11467  break;
11468  #endif
11469  #ifdef POLARSSL_SHA4_C
11470  case SIG_RSA_SHA384:
11471  sha4( message_str, msg_len, hash_result, 1 );
11472  break;
11473  case SIG_RSA_SHA512:
11474  sha4( message_str, msg_len, hash_result, 0 );
11475  break;
11476  #endif
11477  }
11478 
11479  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11480  if( 0 == 0 )
11481  {
11482  hexify( output_str, output, ctx.len);
11483 
11484  fct_chk( strcasecmp( (char *) output_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" ) == 0 );
11485  }
11486 
11487  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11488  rsa_free( &ctx );
11489  }
11490  FCT_TEST_END();
11491 
11492 
11493  FCT_TEST_BGN(rsassa_pss_signature_example_6_4_verify)
11494  {
11495  unsigned char message_str[1000];
11496  unsigned char hash_result[1000];
11497  unsigned char result_str[1000];
11498  rsa_context ctx;
11499  size_t msg_len;
11500 
11502  memset( message_str, 0x00, 1000 );
11503  memset( hash_result, 0x00, 1000 );
11504  memset( result_str, 0x00, 1000 );
11505 
11506  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11507  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11508  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11509 
11510  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11511 
11512  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11513  unhexify( result_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" );
11514 
11515  switch( SIG_RSA_SHA1 )
11516  {
11517  #ifdef POLARSSL_MD2_C
11518  case SIG_RSA_MD2:
11519  md2( message_str, msg_len, hash_result );
11520  break;
11521  #endif
11522  #ifdef POLARSSL_MD4_C
11523  case SIG_RSA_MD4:
11524  md4( message_str, msg_len, hash_result );
11525  break;
11526  #endif
11527  #ifdef POLARSSL_MD5_C
11528  case SIG_RSA_MD5:
11529  md5( message_str, msg_len, hash_result );
11530  break;
11531  #endif
11532  #ifdef POLARSSL_SHA1_C
11533  case SIG_RSA_SHA1:
11534  sha1( message_str, msg_len, hash_result );
11535  break;
11536  #endif
11537  #ifdef POLARSSL_SHA2_C
11538  case SIG_RSA_SHA224:
11539  sha2( message_str, msg_len, hash_result, 1 );
11540  break;
11541  case SIG_RSA_SHA256:
11542  sha2( message_str, msg_len, hash_result, 0 );
11543  break;
11544  #endif
11545  #ifdef POLARSSL_SHA4_C
11546  case SIG_RSA_SHA384:
11547  sha4( message_str, msg_len, hash_result, 1 );
11548  break;
11549  case SIG_RSA_SHA512:
11550  sha4( message_str, msg_len, hash_result, 0 );
11551  break;
11552  #endif
11553  }
11554 
11555  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11556 
11557  rsa_free( &ctx );
11558  }
11559  FCT_TEST_END();
11560 
11561 
11562  FCT_TEST_BGN(rsassa_pss_signature_example_6_5)
11563  {
11564  unsigned char message_str[1000];
11565  unsigned char hash_result[1000];
11566  unsigned char output[1000];
11567  unsigned char output_str[1000];
11568  unsigned char rnd_buf[1000];
11569  rsa_context ctx;
11570  mpi P1, Q1, H, G;
11571  size_t msg_len;
11572  rnd_buf_info info;
11573 
11574  info.length = unhexify( rnd_buf, "7b790c1d62f7b84e94df6af28917cf571018110e" );
11575  info.buf = rnd_buf;
11576 
11577  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11579 
11580  memset( message_str, 0x00, 1000 );
11581  memset( hash_result, 0x00, 1000 );
11582  memset( output, 0x00, 1000 );
11583  memset( output_str, 0x00, 1000 );
11584 
11585  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11586  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11587  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11588  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11589  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11590 
11591  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11592  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11593  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11594  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11595  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11596  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11597  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11598  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11599 
11600  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11601 
11602  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11603 
11604  switch( SIG_RSA_SHA1 )
11605  {
11606  #ifdef POLARSSL_MD2_C
11607  case SIG_RSA_MD2:
11608  md2( message_str, msg_len, hash_result );
11609  break;
11610  #endif
11611  #ifdef POLARSSL_MD4_C
11612  case SIG_RSA_MD4:
11613  md4( message_str, msg_len, hash_result );
11614  break;
11615  #endif
11616  #ifdef POLARSSL_MD5_C
11617  case SIG_RSA_MD5:
11618  md5( message_str, msg_len, hash_result );
11619  break;
11620  #endif
11621  #ifdef POLARSSL_SHA1_C
11622  case SIG_RSA_SHA1:
11623  sha1( message_str, msg_len, hash_result );
11624  break;
11625  #endif
11626  #ifdef POLARSSL_SHA2_C
11627  case SIG_RSA_SHA224:
11628  sha2( message_str, msg_len, hash_result, 1 );
11629  break;
11630  case SIG_RSA_SHA256:
11631  sha2( message_str, msg_len, hash_result, 0 );
11632  break;
11633  #endif
11634  #ifdef POLARSSL_SHA4_C
11635  case SIG_RSA_SHA384:
11636  sha4( message_str, msg_len, hash_result, 1 );
11637  break;
11638  case SIG_RSA_SHA512:
11639  sha4( message_str, msg_len, hash_result, 0 );
11640  break;
11641  #endif
11642  }
11643 
11644  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11645  if( 0 == 0 )
11646  {
11647  hexify( output_str, output, ctx.len);
11648 
11649  fct_chk( strcasecmp( (char *) output_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" ) == 0 );
11650  }
11651 
11652  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11653  rsa_free( &ctx );
11654  }
11655  FCT_TEST_END();
11656 
11657 
11658  FCT_TEST_BGN(rsassa_pss_signature_example_6_5_verify)
11659  {
11660  unsigned char message_str[1000];
11661  unsigned char hash_result[1000];
11662  unsigned char result_str[1000];
11663  rsa_context ctx;
11664  size_t msg_len;
11665 
11667  memset( message_str, 0x00, 1000 );
11668  memset( hash_result, 0x00, 1000 );
11669  memset( result_str, 0x00, 1000 );
11670 
11671  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11672  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11673  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11674 
11675  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11676 
11677  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11678  unhexify( result_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" );
11679 
11680  switch( SIG_RSA_SHA1 )
11681  {
11682  #ifdef POLARSSL_MD2_C
11683  case SIG_RSA_MD2:
11684  md2( message_str, msg_len, hash_result );
11685  break;
11686  #endif
11687  #ifdef POLARSSL_MD4_C
11688  case SIG_RSA_MD4:
11689  md4( message_str, msg_len, hash_result );
11690  break;
11691  #endif
11692  #ifdef POLARSSL_MD5_C
11693  case SIG_RSA_MD5:
11694  md5( message_str, msg_len, hash_result );
11695  break;
11696  #endif
11697  #ifdef POLARSSL_SHA1_C
11698  case SIG_RSA_SHA1:
11699  sha1( message_str, msg_len, hash_result );
11700  break;
11701  #endif
11702  #ifdef POLARSSL_SHA2_C
11703  case SIG_RSA_SHA224:
11704  sha2( message_str, msg_len, hash_result, 1 );
11705  break;
11706  case SIG_RSA_SHA256:
11707  sha2( message_str, msg_len, hash_result, 0 );
11708  break;
11709  #endif
11710  #ifdef POLARSSL_SHA4_C
11711  case SIG_RSA_SHA384:
11712  sha4( message_str, msg_len, hash_result, 1 );
11713  break;
11714  case SIG_RSA_SHA512:
11715  sha4( message_str, msg_len, hash_result, 0 );
11716  break;
11717  #endif
11718  }
11719 
11720  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11721 
11722  rsa_free( &ctx );
11723  }
11724  FCT_TEST_END();
11725 
11726 
11727  FCT_TEST_BGN(rsassa_pss_signature_example_6_6)
11728  {
11729  unsigned char message_str[1000];
11730  unsigned char hash_result[1000];
11731  unsigned char output[1000];
11732  unsigned char output_str[1000];
11733  unsigned char rnd_buf[1000];
11734  rsa_context ctx;
11735  mpi P1, Q1, H, G;
11736  size_t msg_len;
11737  rnd_buf_info info;
11738 
11739  info.length = unhexify( rnd_buf, "fbbe059025b69b89fb14ae2289e7aaafe60c0fcd" );
11740  info.buf = rnd_buf;
11741 
11742  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11744 
11745  memset( message_str, 0x00, 1000 );
11746  memset( hash_result, 0x00, 1000 );
11747  memset( output, 0x00, 1000 );
11748  memset( output_str, 0x00, 1000 );
11749 
11750  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11751  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11752  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11753  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11754  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11755 
11756  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11757  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11758  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11759  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11760  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11761  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11762  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11763  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11764 
11765  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11766 
11767  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11768 
11769  switch( SIG_RSA_SHA1 )
11770  {
11771  #ifdef POLARSSL_MD2_C
11772  case SIG_RSA_MD2:
11773  md2( message_str, msg_len, hash_result );
11774  break;
11775  #endif
11776  #ifdef POLARSSL_MD4_C
11777  case SIG_RSA_MD4:
11778  md4( message_str, msg_len, hash_result );
11779  break;
11780  #endif
11781  #ifdef POLARSSL_MD5_C
11782  case SIG_RSA_MD5:
11783  md5( message_str, msg_len, hash_result );
11784  break;
11785  #endif
11786  #ifdef POLARSSL_SHA1_C
11787  case SIG_RSA_SHA1:
11788  sha1( message_str, msg_len, hash_result );
11789  break;
11790  #endif
11791  #ifdef POLARSSL_SHA2_C
11792  case SIG_RSA_SHA224:
11793  sha2( message_str, msg_len, hash_result, 1 );
11794  break;
11795  case SIG_RSA_SHA256:
11796  sha2( message_str, msg_len, hash_result, 0 );
11797  break;
11798  #endif
11799  #ifdef POLARSSL_SHA4_C
11800  case SIG_RSA_SHA384:
11801  sha4( message_str, msg_len, hash_result, 1 );
11802  break;
11803  case SIG_RSA_SHA512:
11804  sha4( message_str, msg_len, hash_result, 0 );
11805  break;
11806  #endif
11807  }
11808 
11809  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11810  if( 0 == 0 )
11811  {
11812  hexify( output_str, output, ctx.len);
11813 
11814  fct_chk( strcasecmp( (char *) output_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" ) == 0 );
11815  }
11816 
11817  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11818  rsa_free( &ctx );
11819  }
11820  FCT_TEST_END();
11821 
11822 
11823  FCT_TEST_BGN(rsassa_pss_signature_example_6_6_verify)
11824  {
11825  unsigned char message_str[1000];
11826  unsigned char hash_result[1000];
11827  unsigned char result_str[1000];
11828  rsa_context ctx;
11829  size_t msg_len;
11830 
11832  memset( message_str, 0x00, 1000 );
11833  memset( hash_result, 0x00, 1000 );
11834  memset( result_str, 0x00, 1000 );
11835 
11836  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11837  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11838  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11839 
11840  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11841 
11842  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11843  unhexify( result_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" );
11844 
11845  switch( SIG_RSA_SHA1 )
11846  {
11847  #ifdef POLARSSL_MD2_C
11848  case SIG_RSA_MD2:
11849  md2( message_str, msg_len, hash_result );
11850  break;
11851  #endif
11852  #ifdef POLARSSL_MD4_C
11853  case SIG_RSA_MD4:
11854  md4( message_str, msg_len, hash_result );
11855  break;
11856  #endif
11857  #ifdef POLARSSL_MD5_C
11858  case SIG_RSA_MD5:
11859  md5( message_str, msg_len, hash_result );
11860  break;
11861  #endif
11862  #ifdef POLARSSL_SHA1_C
11863  case SIG_RSA_SHA1:
11864  sha1( message_str, msg_len, hash_result );
11865  break;
11866  #endif
11867  #ifdef POLARSSL_SHA2_C
11868  case SIG_RSA_SHA224:
11869  sha2( message_str, msg_len, hash_result, 1 );
11870  break;
11871  case SIG_RSA_SHA256:
11872  sha2( message_str, msg_len, hash_result, 0 );
11873  break;
11874  #endif
11875  #ifdef POLARSSL_SHA4_C
11876  case SIG_RSA_SHA384:
11877  sha4( message_str, msg_len, hash_result, 1 );
11878  break;
11879  case SIG_RSA_SHA512:
11880  sha4( message_str, msg_len, hash_result, 0 );
11881  break;
11882  #endif
11883  }
11884 
11885  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11886 
11887  rsa_free( &ctx );
11888  }
11889  FCT_TEST_END();
11890 
11891 
11892  FCT_TEST_BGN(rsassa_pss_signature_example_7_1)
11893  {
11894  unsigned char message_str[1000];
11895  unsigned char hash_result[1000];
11896  unsigned char output[1000];
11897  unsigned char output_str[1000];
11898  unsigned char rnd_buf[1000];
11899  rsa_context ctx;
11900  mpi P1, Q1, H, G;
11901  size_t msg_len;
11902  rnd_buf_info info;
11903 
11904  info.length = unhexify( rnd_buf, "b7867a59958cb54328f8775e6546ec06d27eaa50" );
11905  info.buf = rnd_buf;
11906 
11907  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11909 
11910  memset( message_str, 0x00, 1000 );
11911  memset( hash_result, 0x00, 1000 );
11912  memset( output, 0x00, 1000 );
11913  memset( output_str, 0x00, 1000 );
11914 
11915  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11916  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11917  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11918  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11919  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11920 
11921  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11922  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11923  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11924  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11925  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11926  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11927  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11928  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11929 
11930  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11931 
11932  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11933 
11934  switch( SIG_RSA_SHA1 )
11935  {
11936  #ifdef POLARSSL_MD2_C
11937  case SIG_RSA_MD2:
11938  md2( message_str, msg_len, hash_result );
11939  break;
11940  #endif
11941  #ifdef POLARSSL_MD4_C
11942  case SIG_RSA_MD4:
11943  md4( message_str, msg_len, hash_result );
11944  break;
11945  #endif
11946  #ifdef POLARSSL_MD5_C
11947  case SIG_RSA_MD5:
11948  md5( message_str, msg_len, hash_result );
11949  break;
11950  #endif
11951  #ifdef POLARSSL_SHA1_C
11952  case SIG_RSA_SHA1:
11953  sha1( message_str, msg_len, hash_result );
11954  break;
11955  #endif
11956  #ifdef POLARSSL_SHA2_C
11957  case SIG_RSA_SHA224:
11958  sha2( message_str, msg_len, hash_result, 1 );
11959  break;
11960  case SIG_RSA_SHA256:
11961  sha2( message_str, msg_len, hash_result, 0 );
11962  break;
11963  #endif
11964  #ifdef POLARSSL_SHA4_C
11965  case SIG_RSA_SHA384:
11966  sha4( message_str, msg_len, hash_result, 1 );
11967  break;
11968  case SIG_RSA_SHA512:
11969  sha4( message_str, msg_len, hash_result, 0 );
11970  break;
11971  #endif
11972  }
11973 
11974  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11975  if( 0 == 0 )
11976  {
11977  hexify( output_str, output, ctx.len);
11978 
11979  fct_chk( strcasecmp( (char *) output_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" ) == 0 );
11980  }
11981 
11982  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11983  rsa_free( &ctx );
11984  }
11985  FCT_TEST_END();
11986 
11987 
11988  FCT_TEST_BGN(rsassa_pss_signature_example_7_1_verify)
11989  {
11990  unsigned char message_str[1000];
11991  unsigned char hash_result[1000];
11992  unsigned char result_str[1000];
11993  rsa_context ctx;
11994  size_t msg_len;
11995 
11997  memset( message_str, 0x00, 1000 );
11998  memset( hash_result, 0x00, 1000 );
11999  memset( result_str, 0x00, 1000 );
12000 
12001  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12002  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12003  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12004 
12005  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12006 
12007  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
12008  unhexify( result_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" );
12009 
12010  switch( SIG_RSA_SHA1 )
12011  {
12012  #ifdef POLARSSL_MD2_C
12013  case SIG_RSA_MD2:
12014  md2( message_str, msg_len, hash_result );
12015  break;
12016  #endif
12017  #ifdef POLARSSL_MD4_C
12018  case SIG_RSA_MD4:
12019  md4( message_str, msg_len, hash_result );
12020  break;
12021  #endif
12022  #ifdef POLARSSL_MD5_C
12023  case SIG_RSA_MD5:
12024  md5( message_str, msg_len, hash_result );
12025  break;
12026  #endif
12027  #ifdef POLARSSL_SHA1_C
12028  case SIG_RSA_SHA1:
12029  sha1( message_str, msg_len, hash_result );
12030  break;
12031  #endif
12032  #ifdef POLARSSL_SHA2_C
12033  case SIG_RSA_SHA224:
12034  sha2( message_str, msg_len, hash_result, 1 );
12035  break;
12036  case SIG_RSA_SHA256:
12037  sha2( message_str, msg_len, hash_result, 0 );
12038  break;
12039  #endif
12040  #ifdef POLARSSL_SHA4_C
12041  case SIG_RSA_SHA384:
12042  sha4( message_str, msg_len, hash_result, 1 );
12043  break;
12044  case SIG_RSA_SHA512:
12045  sha4( message_str, msg_len, hash_result, 0 );
12046  break;
12047  #endif
12048  }
12049 
12050  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12051 
12052  rsa_free( &ctx );
12053  }
12054  FCT_TEST_END();
12055 
12056 
12057  FCT_TEST_BGN(rsassa_pss_signature_example_7_2)
12058  {
12059  unsigned char message_str[1000];
12060  unsigned char hash_result[1000];
12061  unsigned char output[1000];
12062  unsigned char output_str[1000];
12063  unsigned char rnd_buf[1000];
12064  rsa_context ctx;
12065  mpi P1, Q1, H, G;
12066  size_t msg_len;
12067  rnd_buf_info info;
12068 
12069  info.length = unhexify( rnd_buf, "0c09582266df086310821ba7e18df64dfee6de09" );
12070  info.buf = rnd_buf;
12071 
12072  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12074 
12075  memset( message_str, 0x00, 1000 );
12076  memset( hash_result, 0x00, 1000 );
12077  memset( output, 0x00, 1000 );
12078  memset( output_str, 0x00, 1000 );
12079 
12080  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12081  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12082  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12083  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12084  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12085 
12086  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12087  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12088  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12089  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12090  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12091  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12092  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12093  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12094 
12095  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12096 
12097  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
12098 
12099  switch( SIG_RSA_SHA1 )
12100  {
12101  #ifdef POLARSSL_MD2_C
12102  case SIG_RSA_MD2:
12103  md2( message_str, msg_len, hash_result );
12104  break;
12105  #endif
12106  #ifdef POLARSSL_MD4_C
12107  case SIG_RSA_MD4:
12108  md4( message_str, msg_len, hash_result );
12109  break;
12110  #endif
12111  #ifdef POLARSSL_MD5_C
12112  case SIG_RSA_MD5:
12113  md5( message_str, msg_len, hash_result );
12114  break;
12115  #endif
12116  #ifdef POLARSSL_SHA1_C
12117  case SIG_RSA_SHA1:
12118  sha1( message_str, msg_len, hash_result );
12119  break;
12120  #endif
12121  #ifdef POLARSSL_SHA2_C
12122  case SIG_RSA_SHA224:
12123  sha2( message_str, msg_len, hash_result, 1 );
12124  break;
12125  case SIG_RSA_SHA256:
12126  sha2( message_str, msg_len, hash_result, 0 );
12127  break;
12128  #endif
12129  #ifdef POLARSSL_SHA4_C
12130  case SIG_RSA_SHA384:
12131  sha4( message_str, msg_len, hash_result, 1 );
12132  break;
12133  case SIG_RSA_SHA512:
12134  sha4( message_str, msg_len, hash_result, 0 );
12135  break;
12136  #endif
12137  }
12138 
12139  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12140  if( 0 == 0 )
12141  {
12142  hexify( output_str, output, ctx.len);
12143 
12144  fct_chk( strcasecmp( (char *) output_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" ) == 0 );
12145  }
12146 
12147  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12148  rsa_free( &ctx );
12149  }
12150  FCT_TEST_END();
12151 
12152 
12153  FCT_TEST_BGN(rsassa_pss_signature_example_7_2_verify)
12154  {
12155  unsigned char message_str[1000];
12156  unsigned char hash_result[1000];
12157  unsigned char result_str[1000];
12158  rsa_context ctx;
12159  size_t msg_len;
12160 
12162  memset( message_str, 0x00, 1000 );
12163  memset( hash_result, 0x00, 1000 );
12164  memset( result_str, 0x00, 1000 );
12165 
12166  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12167  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12168  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12169 
12170  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12171 
12172  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
12173  unhexify( result_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" );
12174 
12175  switch( SIG_RSA_SHA1 )
12176  {
12177  #ifdef POLARSSL_MD2_C
12178  case SIG_RSA_MD2:
12179  md2( message_str, msg_len, hash_result );
12180  break;
12181  #endif
12182  #ifdef POLARSSL_MD4_C
12183  case SIG_RSA_MD4:
12184  md4( message_str, msg_len, hash_result );
12185  break;
12186  #endif
12187  #ifdef POLARSSL_MD5_C
12188  case SIG_RSA_MD5:
12189  md5( message_str, msg_len, hash_result );
12190  break;
12191  #endif
12192  #ifdef POLARSSL_SHA1_C
12193  case SIG_RSA_SHA1:
12194  sha1( message_str, msg_len, hash_result );
12195  break;
12196  #endif
12197  #ifdef POLARSSL_SHA2_C
12198  case SIG_RSA_SHA224:
12199  sha2( message_str, msg_len, hash_result, 1 );
12200  break;
12201  case SIG_RSA_SHA256:
12202  sha2( message_str, msg_len, hash_result, 0 );
12203  break;
12204  #endif
12205  #ifdef POLARSSL_SHA4_C
12206  case SIG_RSA_SHA384:
12207  sha4( message_str, msg_len, hash_result, 1 );
12208  break;
12209  case SIG_RSA_SHA512:
12210  sha4( message_str, msg_len, hash_result, 0 );
12211  break;
12212  #endif
12213  }
12214 
12215  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12216 
12217  rsa_free( &ctx );
12218  }
12219  FCT_TEST_END();
12220 
12221 
12222  FCT_TEST_BGN(rsassa_pss_signature_example_7_3)
12223  {
12224  unsigned char message_str[1000];
12225  unsigned char hash_result[1000];
12226  unsigned char output[1000];
12227  unsigned char output_str[1000];
12228  unsigned char rnd_buf[1000];
12229  rsa_context ctx;
12230  mpi P1, Q1, H, G;
12231  size_t msg_len;
12232  rnd_buf_info info;
12233 
12234  info.length = unhexify( rnd_buf, "28039dcfe106d3b8296611258c4a56651c9e92dd" );
12235  info.buf = rnd_buf;
12236 
12237  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12239 
12240  memset( message_str, 0x00, 1000 );
12241  memset( hash_result, 0x00, 1000 );
12242  memset( output, 0x00, 1000 );
12243  memset( output_str, 0x00, 1000 );
12244 
12245  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12246  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12247  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12248  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12249  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12250 
12251  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12252  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12253  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12254  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12255  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12256  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12257  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12258  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12259 
12260  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12261 
12262  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
12263 
12264  switch( SIG_RSA_SHA1 )
12265  {
12266  #ifdef POLARSSL_MD2_C
12267  case SIG_RSA_MD2:
12268  md2( message_str, msg_len, hash_result );
12269  break;
12270  #endif
12271  #ifdef POLARSSL_MD4_C
12272  case SIG_RSA_MD4:
12273  md4( message_str, msg_len, hash_result );
12274  break;
12275  #endif
12276  #ifdef POLARSSL_MD5_C
12277  case SIG_RSA_MD5:
12278  md5( message_str, msg_len, hash_result );
12279  break;
12280  #endif
12281  #ifdef POLARSSL_SHA1_C
12282  case SIG_RSA_SHA1:
12283  sha1( message_str, msg_len, hash_result );
12284  break;
12285  #endif
12286  #ifdef POLARSSL_SHA2_C
12287  case SIG_RSA_SHA224:
12288  sha2( message_str, msg_len, hash_result, 1 );
12289  break;
12290  case SIG_RSA_SHA256:
12291  sha2( message_str, msg_len, hash_result, 0 );
12292  break;
12293  #endif
12294  #ifdef POLARSSL_SHA4_C
12295  case SIG_RSA_SHA384:
12296  sha4( message_str, msg_len, hash_result, 1 );
12297  break;
12298  case SIG_RSA_SHA512:
12299  sha4( message_str, msg_len, hash_result, 0 );
12300  break;
12301  #endif
12302  }
12303 
12304  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12305  if( 0 == 0 )
12306  {
12307  hexify( output_str, output, ctx.len);
12308 
12309  fct_chk( strcasecmp( (char *) output_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" ) == 0 );
12310  }
12311 
12312  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12313  rsa_free( &ctx );
12314  }
12315  FCT_TEST_END();
12316 
12317 
12318  FCT_TEST_BGN(rsassa_pss_signature_example_7_3_verify)
12319  {
12320  unsigned char message_str[1000];
12321  unsigned char hash_result[1000];
12322  unsigned char result_str[1000];
12323  rsa_context ctx;
12324  size_t msg_len;
12325 
12327  memset( message_str, 0x00, 1000 );
12328  memset( hash_result, 0x00, 1000 );
12329  memset( result_str, 0x00, 1000 );
12330 
12331  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12332  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12333  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12334 
12335  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12336 
12337  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
12338  unhexify( result_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" );
12339 
12340  switch( SIG_RSA_SHA1 )
12341  {
12342  #ifdef POLARSSL_MD2_C
12343  case SIG_RSA_MD2:
12344  md2( message_str, msg_len, hash_result );
12345  break;
12346  #endif
12347  #ifdef POLARSSL_MD4_C
12348  case SIG_RSA_MD4:
12349  md4( message_str, msg_len, hash_result );
12350  break;
12351  #endif
12352  #ifdef POLARSSL_MD5_C
12353  case SIG_RSA_MD5:
12354  md5( message_str, msg_len, hash_result );
12355  break;
12356  #endif
12357  #ifdef POLARSSL_SHA1_C
12358  case SIG_RSA_SHA1:
12359  sha1( message_str, msg_len, hash_result );
12360  break;
12361  #endif
12362  #ifdef POLARSSL_SHA2_C
12363  case SIG_RSA_SHA224:
12364  sha2( message_str, msg_len, hash_result, 1 );
12365  break;
12366  case SIG_RSA_SHA256:
12367  sha2( message_str, msg_len, hash_result, 0 );
12368  break;
12369  #endif
12370  #ifdef POLARSSL_SHA4_C
12371  case SIG_RSA_SHA384:
12372  sha4( message_str, msg_len, hash_result, 1 );
12373  break;
12374  case SIG_RSA_SHA512:
12375  sha4( message_str, msg_len, hash_result, 0 );
12376  break;
12377  #endif
12378  }
12379 
12380  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12381 
12382  rsa_free( &ctx );
12383  }
12384  FCT_TEST_END();
12385 
12386 
12387  FCT_TEST_BGN(rsassa_pss_signature_example_7_4)
12388  {
12389  unsigned char message_str[1000];
12390  unsigned char hash_result[1000];
12391  unsigned char output[1000];
12392  unsigned char output_str[1000];
12393  unsigned char rnd_buf[1000];
12394  rsa_context ctx;
12395  mpi P1, Q1, H, G;
12396  size_t msg_len;
12397  rnd_buf_info info;
12398 
12399  info.length = unhexify( rnd_buf, "a77821ebbbef24628e4e12e1d0ea96de398f7b0f" );
12400  info.buf = rnd_buf;
12401 
12402  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12404 
12405  memset( message_str, 0x00, 1000 );
12406  memset( hash_result, 0x00, 1000 );
12407  memset( output, 0x00, 1000 );
12408  memset( output_str, 0x00, 1000 );
12409 
12410  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12411  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12412  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12413  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12414  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12415 
12416  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12417  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12418  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12419  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12420  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12421  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12422  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12423  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12424 
12425  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12426 
12427  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12428 
12429  switch( SIG_RSA_SHA1 )
12430  {
12431  #ifdef POLARSSL_MD2_C
12432  case SIG_RSA_MD2:
12433  md2( message_str, msg_len, hash_result );
12434  break;
12435  #endif
12436  #ifdef POLARSSL_MD4_C
12437  case SIG_RSA_MD4:
12438  md4( message_str, msg_len, hash_result );
12439  break;
12440  #endif
12441  #ifdef POLARSSL_MD5_C
12442  case SIG_RSA_MD5:
12443  md5( message_str, msg_len, hash_result );
12444  break;
12445  #endif
12446  #ifdef POLARSSL_SHA1_C
12447  case SIG_RSA_SHA1:
12448  sha1( message_str, msg_len, hash_result );
12449  break;
12450  #endif
12451  #ifdef POLARSSL_SHA2_C
12452  case SIG_RSA_SHA224:
12453  sha2( message_str, msg_len, hash_result, 1 );
12454  break;
12455  case SIG_RSA_SHA256:
12456  sha2( message_str, msg_len, hash_result, 0 );
12457  break;
12458  #endif
12459  #ifdef POLARSSL_SHA4_C
12460  case SIG_RSA_SHA384:
12461  sha4( message_str, msg_len, hash_result, 1 );
12462  break;
12463  case SIG_RSA_SHA512:
12464  sha4( message_str, msg_len, hash_result, 0 );
12465  break;
12466  #endif
12467  }
12468 
12469  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12470  if( 0 == 0 )
12471  {
12472  hexify( output_str, output, ctx.len);
12473 
12474  fct_chk( strcasecmp( (char *) output_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" ) == 0 );
12475  }
12476 
12477  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12478  rsa_free( &ctx );
12479  }
12480  FCT_TEST_END();
12481 
12482 
12483  FCT_TEST_BGN(rsassa_pss_signature_example_7_4_verify)
12484  {
12485  unsigned char message_str[1000];
12486  unsigned char hash_result[1000];
12487  unsigned char result_str[1000];
12488  rsa_context ctx;
12489  size_t msg_len;
12490 
12492  memset( message_str, 0x00, 1000 );
12493  memset( hash_result, 0x00, 1000 );
12494  memset( result_str, 0x00, 1000 );
12495 
12496  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12497  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12498  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12499 
12500  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12501 
12502  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12503  unhexify( result_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" );
12504 
12505  switch( SIG_RSA_SHA1 )
12506  {
12507  #ifdef POLARSSL_MD2_C
12508  case SIG_RSA_MD2:
12509  md2( message_str, msg_len, hash_result );
12510  break;
12511  #endif
12512  #ifdef POLARSSL_MD4_C
12513  case SIG_RSA_MD4:
12514  md4( message_str, msg_len, hash_result );
12515  break;
12516  #endif
12517  #ifdef POLARSSL_MD5_C
12518  case SIG_RSA_MD5:
12519  md5( message_str, msg_len, hash_result );
12520  break;
12521  #endif
12522  #ifdef POLARSSL_SHA1_C
12523  case SIG_RSA_SHA1:
12524  sha1( message_str, msg_len, hash_result );
12525  break;
12526  #endif
12527  #ifdef POLARSSL_SHA2_C
12528  case SIG_RSA_SHA224:
12529  sha2( message_str, msg_len, hash_result, 1 );
12530  break;
12531  case SIG_RSA_SHA256:
12532  sha2( message_str, msg_len, hash_result, 0 );
12533  break;
12534  #endif
12535  #ifdef POLARSSL_SHA4_C
12536  case SIG_RSA_SHA384:
12537  sha4( message_str, msg_len, hash_result, 1 );
12538  break;
12539  case SIG_RSA_SHA512:
12540  sha4( message_str, msg_len, hash_result, 0 );
12541  break;
12542  #endif
12543  }
12544 
12545  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12546 
12547  rsa_free( &ctx );
12548  }
12549  FCT_TEST_END();
12550 
12551 
12552  FCT_TEST_BGN(rsassa_pss_signature_example_7_5)
12553  {
12554  unsigned char message_str[1000];
12555  unsigned char hash_result[1000];
12556  unsigned char output[1000];
12557  unsigned char output_str[1000];
12558  unsigned char rnd_buf[1000];
12559  rsa_context ctx;
12560  mpi P1, Q1, H, G;
12561  size_t msg_len;
12562  rnd_buf_info info;
12563 
12564  info.length = unhexify( rnd_buf, "9d5ad8eb452134b65dc3a98b6a73b5f741609cd6" );
12565  info.buf = rnd_buf;
12566 
12567  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12569 
12570  memset( message_str, 0x00, 1000 );
12571  memset( hash_result, 0x00, 1000 );
12572  memset( output, 0x00, 1000 );
12573  memset( output_str, 0x00, 1000 );
12574 
12575  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12576  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12577  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12578  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12579  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12580 
12581  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12582  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12583  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12584  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12585  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12586  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12587  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12588  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12589 
12590  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12591 
12592  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12593 
12594  switch( SIG_RSA_SHA1 )
12595  {
12596  #ifdef POLARSSL_MD2_C
12597  case SIG_RSA_MD2:
12598  md2( message_str, msg_len, hash_result );
12599  break;
12600  #endif
12601  #ifdef POLARSSL_MD4_C
12602  case SIG_RSA_MD4:
12603  md4( message_str, msg_len, hash_result );
12604  break;
12605  #endif
12606  #ifdef POLARSSL_MD5_C
12607  case SIG_RSA_MD5:
12608  md5( message_str, msg_len, hash_result );
12609  break;
12610  #endif
12611  #ifdef POLARSSL_SHA1_C
12612  case SIG_RSA_SHA1:
12613  sha1( message_str, msg_len, hash_result );
12614  break;
12615  #endif
12616  #ifdef POLARSSL_SHA2_C
12617  case SIG_RSA_SHA224:
12618  sha2( message_str, msg_len, hash_result, 1 );
12619  break;
12620  case SIG_RSA_SHA256:
12621  sha2( message_str, msg_len, hash_result, 0 );
12622  break;
12623  #endif
12624  #ifdef POLARSSL_SHA4_C
12625  case SIG_RSA_SHA384:
12626  sha4( message_str, msg_len, hash_result, 1 );
12627  break;
12628  case SIG_RSA_SHA512:
12629  sha4( message_str, msg_len, hash_result, 0 );
12630  break;
12631  #endif
12632  }
12633 
12634  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12635  if( 0 == 0 )
12636  {
12637  hexify( output_str, output, ctx.len);
12638 
12639  fct_chk( strcasecmp( (char *) output_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" ) == 0 );
12640  }
12641 
12642  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12643  rsa_free( &ctx );
12644  }
12645  FCT_TEST_END();
12646 
12647 
12648  FCT_TEST_BGN(rsassa_pss_signature_example_7_5_verify)
12649  {
12650  unsigned char message_str[1000];
12651  unsigned char hash_result[1000];
12652  unsigned char result_str[1000];
12653  rsa_context ctx;
12654  size_t msg_len;
12655 
12657  memset( message_str, 0x00, 1000 );
12658  memset( hash_result, 0x00, 1000 );
12659  memset( result_str, 0x00, 1000 );
12660 
12661  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12662  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12663  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12664 
12665  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12666 
12667  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12668  unhexify( result_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" );
12669 
12670  switch( SIG_RSA_SHA1 )
12671  {
12672  #ifdef POLARSSL_MD2_C
12673  case SIG_RSA_MD2:
12674  md2( message_str, msg_len, hash_result );
12675  break;
12676  #endif
12677  #ifdef POLARSSL_MD4_C
12678  case SIG_RSA_MD4:
12679  md4( message_str, msg_len, hash_result );
12680  break;
12681  #endif
12682  #ifdef POLARSSL_MD5_C
12683  case SIG_RSA_MD5:
12684  md5( message_str, msg_len, hash_result );
12685  break;
12686  #endif
12687  #ifdef POLARSSL_SHA1_C
12688  case SIG_RSA_SHA1:
12689  sha1( message_str, msg_len, hash_result );
12690  break;
12691  #endif
12692  #ifdef POLARSSL_SHA2_C
12693  case SIG_RSA_SHA224:
12694  sha2( message_str, msg_len, hash_result, 1 );
12695  break;
12696  case SIG_RSA_SHA256:
12697  sha2( message_str, msg_len, hash_result, 0 );
12698  break;
12699  #endif
12700  #ifdef POLARSSL_SHA4_C
12701  case SIG_RSA_SHA384:
12702  sha4( message_str, msg_len, hash_result, 1 );
12703  break;
12704  case SIG_RSA_SHA512:
12705  sha4( message_str, msg_len, hash_result, 0 );
12706  break;
12707  #endif
12708  }
12709 
12710  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12711 
12712  rsa_free( &ctx );
12713  }
12714  FCT_TEST_END();
12715 
12716 
12717  FCT_TEST_BGN(rsassa_pss_signature_example_7_6)
12718  {
12719  unsigned char message_str[1000];
12720  unsigned char hash_result[1000];
12721  unsigned char output[1000];
12722  unsigned char output_str[1000];
12723  unsigned char rnd_buf[1000];
12724  rsa_context ctx;
12725  mpi P1, Q1, H, G;
12726  size_t msg_len;
12727  rnd_buf_info info;
12728 
12729  info.length = unhexify( rnd_buf, "3f2efc595880a7d47fcf3cba04983ea54c4b73fb" );
12730  info.buf = rnd_buf;
12731 
12732  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12734 
12735  memset( message_str, 0x00, 1000 );
12736  memset( hash_result, 0x00, 1000 );
12737  memset( output, 0x00, 1000 );
12738  memset( output_str, 0x00, 1000 );
12739 
12740  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12741  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12742  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12743  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12744  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12745 
12746  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12747  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12748  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12749  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12750  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12751  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12752  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12753  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12754 
12755  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12756 
12757  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12758 
12759  switch( SIG_RSA_SHA1 )
12760  {
12761  #ifdef POLARSSL_MD2_C
12762  case SIG_RSA_MD2:
12763  md2( message_str, msg_len, hash_result );
12764  break;
12765  #endif
12766  #ifdef POLARSSL_MD4_C
12767  case SIG_RSA_MD4:
12768  md4( message_str, msg_len, hash_result );
12769  break;
12770  #endif
12771  #ifdef POLARSSL_MD5_C
12772  case SIG_RSA_MD5:
12773  md5( message_str, msg_len, hash_result );
12774  break;
12775  #endif
12776  #ifdef POLARSSL_SHA1_C
12777  case SIG_RSA_SHA1:
12778  sha1( message_str, msg_len, hash_result );
12779  break;
12780  #endif
12781  #ifdef POLARSSL_SHA2_C
12782  case SIG_RSA_SHA224:
12783  sha2( message_str, msg_len, hash_result, 1 );
12784  break;
12785  case SIG_RSA_SHA256:
12786  sha2( message_str, msg_len, hash_result, 0 );
12787  break;
12788  #endif
12789  #ifdef POLARSSL_SHA4_C
12790  case SIG_RSA_SHA384:
12791  sha4( message_str, msg_len, hash_result, 1 );
12792  break;
12793  case SIG_RSA_SHA512:
12794  sha4( message_str, msg_len, hash_result, 0 );
12795  break;
12796  #endif
12797  }
12798 
12799  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12800  if( 0 == 0 )
12801  {
12802  hexify( output_str, output, ctx.len);
12803 
12804  fct_chk( strcasecmp( (char *) output_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" ) == 0 );
12805  }
12806 
12807  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12808  rsa_free( &ctx );
12809  }
12810  FCT_TEST_END();
12811 
12812 
12813  FCT_TEST_BGN(rsassa_pss_signature_example_7_6_verify)
12814  {
12815  unsigned char message_str[1000];
12816  unsigned char hash_result[1000];
12817  unsigned char result_str[1000];
12818  rsa_context ctx;
12819  size_t msg_len;
12820 
12822  memset( message_str, 0x00, 1000 );
12823  memset( hash_result, 0x00, 1000 );
12824  memset( result_str, 0x00, 1000 );
12825 
12826  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12827  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12828  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12829 
12830  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12831 
12832  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12833  unhexify( result_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" );
12834 
12835  switch( SIG_RSA_SHA1 )
12836  {
12837  #ifdef POLARSSL_MD2_C
12838  case SIG_RSA_MD2:
12839  md2( message_str, msg_len, hash_result );
12840  break;
12841  #endif
12842  #ifdef POLARSSL_MD4_C
12843  case SIG_RSA_MD4:
12844  md4( message_str, msg_len, hash_result );
12845  break;
12846  #endif
12847  #ifdef POLARSSL_MD5_C
12848  case SIG_RSA_MD5:
12849  md5( message_str, msg_len, hash_result );
12850  break;
12851  #endif
12852  #ifdef POLARSSL_SHA1_C
12853  case SIG_RSA_SHA1:
12854  sha1( message_str, msg_len, hash_result );
12855  break;
12856  #endif
12857  #ifdef POLARSSL_SHA2_C
12858  case SIG_RSA_SHA224:
12859  sha2( message_str, msg_len, hash_result, 1 );
12860  break;
12861  case SIG_RSA_SHA256:
12862  sha2( message_str, msg_len, hash_result, 0 );
12863  break;
12864  #endif
12865  #ifdef POLARSSL_SHA4_C
12866  case SIG_RSA_SHA384:
12867  sha4( message_str, msg_len, hash_result, 1 );
12868  break;
12869  case SIG_RSA_SHA512:
12870  sha4( message_str, msg_len, hash_result, 0 );
12871  break;
12872  #endif
12873  }
12874 
12875  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12876 
12877  rsa_free( &ctx );
12878  }
12879  FCT_TEST_END();
12880 
12881 
12882  FCT_TEST_BGN(rsassa_pss_signature_example_8_1)
12883  {
12884  unsigned char message_str[1000];
12885  unsigned char hash_result[1000];
12886  unsigned char output[1000];
12887  unsigned char output_str[1000];
12888  unsigned char rnd_buf[1000];
12889  rsa_context ctx;
12890  mpi P1, Q1, H, G;
12891  size_t msg_len;
12892  rnd_buf_info info;
12893 
12894  info.length = unhexify( rnd_buf, "1d65491d79c864b373009be6f6f2467bac4c78fa" );
12895  info.buf = rnd_buf;
12896 
12897  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12899 
12900  memset( message_str, 0x00, 1000 );
12901  memset( hash_result, 0x00, 1000 );
12902  memset( output, 0x00, 1000 );
12903  memset( output_str, 0x00, 1000 );
12904 
12905  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12906  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12907  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12908  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12909  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12910 
12911  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12912  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12913  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12914  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12915  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12916  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12917  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12918  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12919 
12920  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12921 
12922  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12923 
12924  switch( SIG_RSA_SHA1 )
12925  {
12926  #ifdef POLARSSL_MD2_C
12927  case SIG_RSA_MD2:
12928  md2( message_str, msg_len, hash_result );
12929  break;
12930  #endif
12931  #ifdef POLARSSL_MD4_C
12932  case SIG_RSA_MD4:
12933  md4( message_str, msg_len, hash_result );
12934  break;
12935  #endif
12936  #ifdef POLARSSL_MD5_C
12937  case SIG_RSA_MD5:
12938  md5( message_str, msg_len, hash_result );
12939  break;
12940  #endif
12941  #ifdef POLARSSL_SHA1_C
12942  case SIG_RSA_SHA1:
12943  sha1( message_str, msg_len, hash_result );
12944  break;
12945  #endif
12946  #ifdef POLARSSL_SHA2_C
12947  case SIG_RSA_SHA224:
12948  sha2( message_str, msg_len, hash_result, 1 );
12949  break;
12950  case SIG_RSA_SHA256:
12951  sha2( message_str, msg_len, hash_result, 0 );
12952  break;
12953  #endif
12954  #ifdef POLARSSL_SHA4_C
12955  case SIG_RSA_SHA384:
12956  sha4( message_str, msg_len, hash_result, 1 );
12957  break;
12958  case SIG_RSA_SHA512:
12959  sha4( message_str, msg_len, hash_result, 0 );
12960  break;
12961  #endif
12962  }
12963 
12964  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12965  if( 0 == 0 )
12966  {
12967  hexify( output_str, output, ctx.len);
12968 
12969  fct_chk( strcasecmp( (char *) output_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" ) == 0 );
12970  }
12971 
12972  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12973  rsa_free( &ctx );
12974  }
12975  FCT_TEST_END();
12976 
12977 
12978  FCT_TEST_BGN(rsassa_pss_signature_example_8_1_verify)
12979  {
12980  unsigned char message_str[1000];
12981  unsigned char hash_result[1000];
12982  unsigned char result_str[1000];
12983  rsa_context ctx;
12984  size_t msg_len;
12985 
12987  memset( message_str, 0x00, 1000 );
12988  memset( hash_result, 0x00, 1000 );
12989  memset( result_str, 0x00, 1000 );
12990 
12991  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12992  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12993  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12994 
12995  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12996 
12997  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12998  unhexify( result_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" );
12999 
13000  switch( SIG_RSA_SHA1 )
13001  {
13002  #ifdef POLARSSL_MD2_C
13003  case SIG_RSA_MD2:
13004  md2( message_str, msg_len, hash_result );
13005  break;
13006  #endif
13007  #ifdef POLARSSL_MD4_C
13008  case SIG_RSA_MD4:
13009  md4( message_str, msg_len, hash_result );
13010  break;
13011  #endif
13012  #ifdef POLARSSL_MD5_C
13013  case SIG_RSA_MD5:
13014  md5( message_str, msg_len, hash_result );
13015  break;
13016  #endif
13017  #ifdef POLARSSL_SHA1_C
13018  case SIG_RSA_SHA1:
13019  sha1( message_str, msg_len, hash_result );
13020  break;
13021  #endif
13022  #ifdef POLARSSL_SHA2_C
13023  case SIG_RSA_SHA224:
13024  sha2( message_str, msg_len, hash_result, 1 );
13025  break;
13026  case SIG_RSA_SHA256:
13027  sha2( message_str, msg_len, hash_result, 0 );
13028  break;
13029  #endif
13030  #ifdef POLARSSL_SHA4_C
13031  case SIG_RSA_SHA384:
13032  sha4( message_str, msg_len, hash_result, 1 );
13033  break;
13034  case SIG_RSA_SHA512:
13035  sha4( message_str, msg_len, hash_result, 0 );
13036  break;
13037  #endif
13038  }
13039 
13040  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13041 
13042  rsa_free( &ctx );
13043  }
13044  FCT_TEST_END();
13045 
13046 
13047  FCT_TEST_BGN(rsassa_pss_signature_example_8_2)
13048  {
13049  unsigned char message_str[1000];
13050  unsigned char hash_result[1000];
13051  unsigned char output[1000];
13052  unsigned char output_str[1000];
13053  unsigned char rnd_buf[1000];
13054  rsa_context ctx;
13055  mpi P1, Q1, H, G;
13056  size_t msg_len;
13057  rnd_buf_info info;
13058 
13059  info.length = unhexify( rnd_buf, "435c098aa9909eb2377f1248b091b68987ff1838" );
13060  info.buf = rnd_buf;
13061 
13062  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13064 
13065  memset( message_str, 0x00, 1000 );
13066  memset( hash_result, 0x00, 1000 );
13067  memset( output, 0x00, 1000 );
13068  memset( output_str, 0x00, 1000 );
13069 
13070  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13071  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13072  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13073  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13074  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13075 
13076  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13077  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13078  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13079  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13080  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13081  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13082  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13083  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13084 
13085  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13086 
13087  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
13088 
13089  switch( SIG_RSA_SHA1 )
13090  {
13091  #ifdef POLARSSL_MD2_C
13092  case SIG_RSA_MD2:
13093  md2( message_str, msg_len, hash_result );
13094  break;
13095  #endif
13096  #ifdef POLARSSL_MD4_C
13097  case SIG_RSA_MD4:
13098  md4( message_str, msg_len, hash_result );
13099  break;
13100  #endif
13101  #ifdef POLARSSL_MD5_C
13102  case SIG_RSA_MD5:
13103  md5( message_str, msg_len, hash_result );
13104  break;
13105  #endif
13106  #ifdef POLARSSL_SHA1_C
13107  case SIG_RSA_SHA1:
13108  sha1( message_str, msg_len, hash_result );
13109  break;
13110  #endif
13111  #ifdef POLARSSL_SHA2_C
13112  case SIG_RSA_SHA224:
13113  sha2( message_str, msg_len, hash_result, 1 );
13114  break;
13115  case SIG_RSA_SHA256:
13116  sha2( message_str, msg_len, hash_result, 0 );
13117  break;
13118  #endif
13119  #ifdef POLARSSL_SHA4_C
13120  case SIG_RSA_SHA384:
13121  sha4( message_str, msg_len, hash_result, 1 );
13122  break;
13123  case SIG_RSA_SHA512:
13124  sha4( message_str, msg_len, hash_result, 0 );
13125  break;
13126  #endif
13127  }
13128 
13129  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13130  if( 0 == 0 )
13131  {
13132  hexify( output_str, output, ctx.len);
13133 
13134  fct_chk( strcasecmp( (char *) output_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" ) == 0 );
13135  }
13136 
13137  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13138  rsa_free( &ctx );
13139  }
13140  FCT_TEST_END();
13141 
13142 
13143  FCT_TEST_BGN(rsassa_pss_signature_example_8_2_verify)
13144  {
13145  unsigned char message_str[1000];
13146  unsigned char hash_result[1000];
13147  unsigned char result_str[1000];
13148  rsa_context ctx;
13149  size_t msg_len;
13150 
13152  memset( message_str, 0x00, 1000 );
13153  memset( hash_result, 0x00, 1000 );
13154  memset( result_str, 0x00, 1000 );
13155 
13156  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13157  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13158  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13159 
13160  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13161 
13162  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
13163  unhexify( result_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" );
13164 
13165  switch( SIG_RSA_SHA1 )
13166  {
13167  #ifdef POLARSSL_MD2_C
13168  case SIG_RSA_MD2:
13169  md2( message_str, msg_len, hash_result );
13170  break;
13171  #endif
13172  #ifdef POLARSSL_MD4_C
13173  case SIG_RSA_MD4:
13174  md4( message_str, msg_len, hash_result );
13175  break;
13176  #endif
13177  #ifdef POLARSSL_MD5_C
13178  case SIG_RSA_MD5:
13179  md5( message_str, msg_len, hash_result );
13180  break;
13181  #endif
13182  #ifdef POLARSSL_SHA1_C
13183  case SIG_RSA_SHA1:
13184  sha1( message_str, msg_len, hash_result );
13185  break;
13186  #endif
13187  #ifdef POLARSSL_SHA2_C
13188  case SIG_RSA_SHA224:
13189  sha2( message_str, msg_len, hash_result, 1 );
13190  break;
13191  case SIG_RSA_SHA256:
13192  sha2( message_str, msg_len, hash_result, 0 );
13193  break;
13194  #endif
13195  #ifdef POLARSSL_SHA4_C
13196  case SIG_RSA_SHA384:
13197  sha4( message_str, msg_len, hash_result, 1 );
13198  break;
13199  case SIG_RSA_SHA512:
13200  sha4( message_str, msg_len, hash_result, 0 );
13201  break;
13202  #endif
13203  }
13204 
13205  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13206 
13207  rsa_free( &ctx );
13208  }
13209  FCT_TEST_END();
13210 
13211 
13212  FCT_TEST_BGN(rsassa_pss_signature_example_8_3)
13213  {
13214  unsigned char message_str[1000];
13215  unsigned char hash_result[1000];
13216  unsigned char output[1000];
13217  unsigned char output_str[1000];
13218  unsigned char rnd_buf[1000];
13219  rsa_context ctx;
13220  mpi P1, Q1, H, G;
13221  size_t msg_len;
13222  rnd_buf_info info;
13223 
13224  info.length = unhexify( rnd_buf, "c6ebbe76df0c4aea32c474175b2f136862d04529" );
13225  info.buf = rnd_buf;
13226 
13227  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13229 
13230  memset( message_str, 0x00, 1000 );
13231  memset( hash_result, 0x00, 1000 );
13232  memset( output, 0x00, 1000 );
13233  memset( output_str, 0x00, 1000 );
13234 
13235  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13236  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13237  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13238  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13239  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13240 
13241  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13242  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13243  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13244  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13245  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13246  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13247  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13248  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13249 
13250  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13251 
13252  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
13253 
13254  switch( SIG_RSA_SHA1 )
13255  {
13256  #ifdef POLARSSL_MD2_C
13257  case SIG_RSA_MD2:
13258  md2( message_str, msg_len, hash_result );
13259  break;
13260  #endif
13261  #ifdef POLARSSL_MD4_C
13262  case SIG_RSA_MD4:
13263  md4( message_str, msg_len, hash_result );
13264  break;
13265  #endif
13266  #ifdef POLARSSL_MD5_C
13267  case SIG_RSA_MD5:
13268  md5( message_str, msg_len, hash_result );
13269  break;
13270  #endif
13271  #ifdef POLARSSL_SHA1_C
13272  case SIG_RSA_SHA1:
13273  sha1( message_str, msg_len, hash_result );
13274  break;
13275  #endif
13276  #ifdef POLARSSL_SHA2_C
13277  case SIG_RSA_SHA224:
13278  sha2( message_str, msg_len, hash_result, 1 );
13279  break;
13280  case SIG_RSA_SHA256:
13281  sha2( message_str, msg_len, hash_result, 0 );
13282  break;
13283  #endif
13284  #ifdef POLARSSL_SHA4_C
13285  case SIG_RSA_SHA384:
13286  sha4( message_str, msg_len, hash_result, 1 );
13287  break;
13288  case SIG_RSA_SHA512:
13289  sha4( message_str, msg_len, hash_result, 0 );
13290  break;
13291  #endif
13292  }
13293 
13294  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13295  if( 0 == 0 )
13296  {
13297  hexify( output_str, output, ctx.len);
13298 
13299  fct_chk( strcasecmp( (char *) output_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" ) == 0 );
13300  }
13301 
13302  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13303  rsa_free( &ctx );
13304  }
13305  FCT_TEST_END();
13306 
13307 
13308  FCT_TEST_BGN(rsassa_pss_signature_example_8_3_verify)
13309  {
13310  unsigned char message_str[1000];
13311  unsigned char hash_result[1000];
13312  unsigned char result_str[1000];
13313  rsa_context ctx;
13314  size_t msg_len;
13315 
13317  memset( message_str, 0x00, 1000 );
13318  memset( hash_result, 0x00, 1000 );
13319  memset( result_str, 0x00, 1000 );
13320 
13321  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13322  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13323  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13324 
13325  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13326 
13327  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
13328  unhexify( result_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" );
13329 
13330  switch( SIG_RSA_SHA1 )
13331  {
13332  #ifdef POLARSSL_MD2_C
13333  case SIG_RSA_MD2:
13334  md2( message_str, msg_len, hash_result );
13335  break;
13336  #endif
13337  #ifdef POLARSSL_MD4_C
13338  case SIG_RSA_MD4:
13339  md4( message_str, msg_len, hash_result );
13340  break;
13341  #endif
13342  #ifdef POLARSSL_MD5_C
13343  case SIG_RSA_MD5:
13344  md5( message_str, msg_len, hash_result );
13345  break;
13346  #endif
13347  #ifdef POLARSSL_SHA1_C
13348  case SIG_RSA_SHA1:
13349  sha1( message_str, msg_len, hash_result );
13350  break;
13351  #endif
13352  #ifdef POLARSSL_SHA2_C
13353  case SIG_RSA_SHA224:
13354  sha2( message_str, msg_len, hash_result, 1 );
13355  break;
13356  case SIG_RSA_SHA256:
13357  sha2( message_str, msg_len, hash_result, 0 );
13358  break;
13359  #endif
13360  #ifdef POLARSSL_SHA4_C
13361  case SIG_RSA_SHA384:
13362  sha4( message_str, msg_len, hash_result, 1 );
13363  break;
13364  case SIG_RSA_SHA512:
13365  sha4( message_str, msg_len, hash_result, 0 );
13366  break;
13367  #endif
13368  }
13369 
13370  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13371 
13372  rsa_free( &ctx );
13373  }
13374  FCT_TEST_END();
13375 
13376 
13377  FCT_TEST_BGN(rsassa_pss_signature_example_8_4)
13378  {
13379  unsigned char message_str[1000];
13380  unsigned char hash_result[1000];
13381  unsigned char output[1000];
13382  unsigned char output_str[1000];
13383  unsigned char rnd_buf[1000];
13384  rsa_context ctx;
13385  mpi P1, Q1, H, G;
13386  size_t msg_len;
13387  rnd_buf_info info;
13388 
13389  info.length = unhexify( rnd_buf, "021fdcc6ebb5e19b1cb16e9c67f27681657fe20a" );
13390  info.buf = rnd_buf;
13391 
13392  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13394 
13395  memset( message_str, 0x00, 1000 );
13396  memset( hash_result, 0x00, 1000 );
13397  memset( output, 0x00, 1000 );
13398  memset( output_str, 0x00, 1000 );
13399 
13400  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13401  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13402  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13403  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13404  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13405 
13406  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13407  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13408  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13409  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13410  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13411  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13412  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13413  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13414 
13415  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13416 
13417  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
13418 
13419  switch( SIG_RSA_SHA1 )
13420  {
13421  #ifdef POLARSSL_MD2_C
13422  case SIG_RSA_MD2:
13423  md2( message_str, msg_len, hash_result );
13424  break;
13425  #endif
13426  #ifdef POLARSSL_MD4_C
13427  case SIG_RSA_MD4:
13428  md4( message_str, msg_len, hash_result );
13429  break;
13430  #endif
13431  #ifdef POLARSSL_MD5_C
13432  case SIG_RSA_MD5:
13433  md5( message_str, msg_len, hash_result );
13434  break;
13435  #endif
13436  #ifdef POLARSSL_SHA1_C
13437  case SIG_RSA_SHA1:
13438  sha1( message_str, msg_len, hash_result );
13439  break;
13440  #endif
13441  #ifdef POLARSSL_SHA2_C
13442  case SIG_RSA_SHA224:
13443  sha2( message_str, msg_len, hash_result, 1 );
13444  break;
13445  case SIG_RSA_SHA256:
13446  sha2( message_str, msg_len, hash_result, 0 );
13447  break;
13448  #endif
13449  #ifdef POLARSSL_SHA4_C
13450  case SIG_RSA_SHA384:
13451  sha4( message_str, msg_len, hash_result, 1 );
13452  break;
13453  case SIG_RSA_SHA512:
13454  sha4( message_str, msg_len, hash_result, 0 );
13455  break;
13456  #endif
13457  }
13458 
13459  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13460  if( 0 == 0 )
13461  {
13462  hexify( output_str, output, ctx.len);
13463 
13464  fct_chk( strcasecmp( (char *) output_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" ) == 0 );
13465  }
13466 
13467  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13468  rsa_free( &ctx );
13469  }
13470  FCT_TEST_END();
13471 
13472 
13473  FCT_TEST_BGN(rsassa_pss_signature_example_8_4_verify)
13474  {
13475  unsigned char message_str[1000];
13476  unsigned char hash_result[1000];
13477  unsigned char result_str[1000];
13478  rsa_context ctx;
13479  size_t msg_len;
13480 
13482  memset( message_str, 0x00, 1000 );
13483  memset( hash_result, 0x00, 1000 );
13484  memset( result_str, 0x00, 1000 );
13485 
13486  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13487  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13488  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13489 
13490  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13491 
13492  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
13493  unhexify( result_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" );
13494 
13495  switch( SIG_RSA_SHA1 )
13496  {
13497  #ifdef POLARSSL_MD2_C
13498  case SIG_RSA_MD2:
13499  md2( message_str, msg_len, hash_result );
13500  break;
13501  #endif
13502  #ifdef POLARSSL_MD4_C
13503  case SIG_RSA_MD4:
13504  md4( message_str, msg_len, hash_result );
13505  break;
13506  #endif
13507  #ifdef POLARSSL_MD5_C
13508  case SIG_RSA_MD5:
13509  md5( message_str, msg_len, hash_result );
13510  break;
13511  #endif
13512  #ifdef POLARSSL_SHA1_C
13513  case SIG_RSA_SHA1:
13514  sha1( message_str, msg_len, hash_result );
13515  break;
13516  #endif
13517  #ifdef POLARSSL_SHA2_C
13518  case SIG_RSA_SHA224:
13519  sha2( message_str, msg_len, hash_result, 1 );
13520  break;
13521  case SIG_RSA_SHA256:
13522  sha2( message_str, msg_len, hash_result, 0 );
13523  break;
13524  #endif
13525  #ifdef POLARSSL_SHA4_C
13526  case SIG_RSA_SHA384:
13527  sha4( message_str, msg_len, hash_result, 1 );
13528  break;
13529  case SIG_RSA_SHA512:
13530  sha4( message_str, msg_len, hash_result, 0 );
13531  break;
13532  #endif
13533  }
13534 
13535  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13536 
13537  rsa_free( &ctx );
13538  }
13539  FCT_TEST_END();
13540 
13541 
13542  FCT_TEST_BGN(rsassa_pss_signature_example_8_5)
13543  {
13544  unsigned char message_str[1000];
13545  unsigned char hash_result[1000];
13546  unsigned char output[1000];
13547  unsigned char output_str[1000];
13548  unsigned char rnd_buf[1000];
13549  rsa_context ctx;
13550  mpi P1, Q1, H, G;
13551  size_t msg_len;
13552  rnd_buf_info info;
13553 
13554  info.length = unhexify( rnd_buf, "c558d7167cbb4508ada042971e71b1377eea4269" );
13555  info.buf = rnd_buf;
13556 
13557  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13559 
13560  memset( message_str, 0x00, 1000 );
13561  memset( hash_result, 0x00, 1000 );
13562  memset( output, 0x00, 1000 );
13563  memset( output_str, 0x00, 1000 );
13564 
13565  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13566  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13567  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13568  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13569  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13570 
13571  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13572  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13573  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13574  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13575  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13576  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13577  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13578  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13579 
13580  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13581 
13582  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13583 
13584  switch( SIG_RSA_SHA1 )
13585  {
13586  #ifdef POLARSSL_MD2_C
13587  case SIG_RSA_MD2:
13588  md2( message_str, msg_len, hash_result );
13589  break;
13590  #endif
13591  #ifdef POLARSSL_MD4_C
13592  case SIG_RSA_MD4:
13593  md4( message_str, msg_len, hash_result );
13594  break;
13595  #endif
13596  #ifdef POLARSSL_MD5_C
13597  case SIG_RSA_MD5:
13598  md5( message_str, msg_len, hash_result );
13599  break;
13600  #endif
13601  #ifdef POLARSSL_SHA1_C
13602  case SIG_RSA_SHA1:
13603  sha1( message_str, msg_len, hash_result );
13604  break;
13605  #endif
13606  #ifdef POLARSSL_SHA2_C
13607  case SIG_RSA_SHA224:
13608  sha2( message_str, msg_len, hash_result, 1 );
13609  break;
13610  case SIG_RSA_SHA256:
13611  sha2( message_str, msg_len, hash_result, 0 );
13612  break;
13613  #endif
13614  #ifdef POLARSSL_SHA4_C
13615  case SIG_RSA_SHA384:
13616  sha4( message_str, msg_len, hash_result, 1 );
13617  break;
13618  case SIG_RSA_SHA512:
13619  sha4( message_str, msg_len, hash_result, 0 );
13620  break;
13621  #endif
13622  }
13623 
13624  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13625  if( 0 == 0 )
13626  {
13627  hexify( output_str, output, ctx.len);
13628 
13629  fct_chk( strcasecmp( (char *) output_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" ) == 0 );
13630  }
13631 
13632  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13633  rsa_free( &ctx );
13634  }
13635  FCT_TEST_END();
13636 
13637 
13638  FCT_TEST_BGN(rsassa_pss_signature_example_8_5_verify)
13639  {
13640  unsigned char message_str[1000];
13641  unsigned char hash_result[1000];
13642  unsigned char result_str[1000];
13643  rsa_context ctx;
13644  size_t msg_len;
13645 
13647  memset( message_str, 0x00, 1000 );
13648  memset( hash_result, 0x00, 1000 );
13649  memset( result_str, 0x00, 1000 );
13650 
13651  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13652  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13653  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13654 
13655  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13656 
13657  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13658  unhexify( result_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" );
13659 
13660  switch( SIG_RSA_SHA1 )
13661  {
13662  #ifdef POLARSSL_MD2_C
13663  case SIG_RSA_MD2:
13664  md2( message_str, msg_len, hash_result );
13665  break;
13666  #endif
13667  #ifdef POLARSSL_MD4_C
13668  case SIG_RSA_MD4:
13669  md4( message_str, msg_len, hash_result );
13670  break;
13671  #endif
13672  #ifdef POLARSSL_MD5_C
13673  case SIG_RSA_MD5:
13674  md5( message_str, msg_len, hash_result );
13675  break;
13676  #endif
13677  #ifdef POLARSSL_SHA1_C
13678  case SIG_RSA_SHA1:
13679  sha1( message_str, msg_len, hash_result );
13680  break;
13681  #endif
13682  #ifdef POLARSSL_SHA2_C
13683  case SIG_RSA_SHA224:
13684  sha2( message_str, msg_len, hash_result, 1 );
13685  break;
13686  case SIG_RSA_SHA256:
13687  sha2( message_str, msg_len, hash_result, 0 );
13688  break;
13689  #endif
13690  #ifdef POLARSSL_SHA4_C
13691  case SIG_RSA_SHA384:
13692  sha4( message_str, msg_len, hash_result, 1 );
13693  break;
13694  case SIG_RSA_SHA512:
13695  sha4( message_str, msg_len, hash_result, 0 );
13696  break;
13697  #endif
13698  }
13699 
13700  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13701 
13702  rsa_free( &ctx );
13703  }
13704  FCT_TEST_END();
13705 
13706 
13707  FCT_TEST_BGN(rsassa_pss_signature_example_8_6)
13708  {
13709  unsigned char message_str[1000];
13710  unsigned char hash_result[1000];
13711  unsigned char output[1000];
13712  unsigned char output_str[1000];
13713  unsigned char rnd_buf[1000];
13714  rsa_context ctx;
13715  mpi P1, Q1, H, G;
13716  size_t msg_len;
13717  rnd_buf_info info;
13718 
13719  info.length = unhexify( rnd_buf, "76fd4e64fdc98eb927a0403e35a084e76ba9f92a" );
13720  info.buf = rnd_buf;
13721 
13722  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13724 
13725  memset( message_str, 0x00, 1000 );
13726  memset( hash_result, 0x00, 1000 );
13727  memset( output, 0x00, 1000 );
13728  memset( output_str, 0x00, 1000 );
13729 
13730  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13731  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13732  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13733  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13734  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13735 
13736  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13737  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13738  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13739  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13740  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13741  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13742  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13743  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13744 
13745  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13746 
13747  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13748 
13749  switch( SIG_RSA_SHA1 )
13750  {
13751  #ifdef POLARSSL_MD2_C
13752  case SIG_RSA_MD2:
13753  md2( message_str, msg_len, hash_result );
13754  break;
13755  #endif
13756  #ifdef POLARSSL_MD4_C
13757  case SIG_RSA_MD4:
13758  md4( message_str, msg_len, hash_result );
13759  break;
13760  #endif
13761  #ifdef POLARSSL_MD5_C
13762  case SIG_RSA_MD5:
13763  md5( message_str, msg_len, hash_result );
13764  break;
13765  #endif
13766  #ifdef POLARSSL_SHA1_C
13767  case SIG_RSA_SHA1:
13768  sha1( message_str, msg_len, hash_result );
13769  break;
13770  #endif
13771  #ifdef POLARSSL_SHA2_C
13772  case SIG_RSA_SHA224:
13773  sha2( message_str, msg_len, hash_result, 1 );
13774  break;
13775  case SIG_RSA_SHA256:
13776  sha2( message_str, msg_len, hash_result, 0 );
13777  break;
13778  #endif
13779  #ifdef POLARSSL_SHA4_C
13780  case SIG_RSA_SHA384:
13781  sha4( message_str, msg_len, hash_result, 1 );
13782  break;
13783  case SIG_RSA_SHA512:
13784  sha4( message_str, msg_len, hash_result, 0 );
13785  break;
13786  #endif
13787  }
13788 
13789  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13790  if( 0 == 0 )
13791  {
13792  hexify( output_str, output, ctx.len);
13793 
13794  fct_chk( strcasecmp( (char *) output_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" ) == 0 );
13795  }
13796 
13797  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13798  rsa_free( &ctx );
13799  }
13800  FCT_TEST_END();
13801 
13802 
13803  FCT_TEST_BGN(rsassa_pss_signature_example_8_6_verify)
13804  {
13805  unsigned char message_str[1000];
13806  unsigned char hash_result[1000];
13807  unsigned char result_str[1000];
13808  rsa_context ctx;
13809  size_t msg_len;
13810 
13812  memset( message_str, 0x00, 1000 );
13813  memset( hash_result, 0x00, 1000 );
13814  memset( result_str, 0x00, 1000 );
13815 
13816  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13817  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13818  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13819 
13820  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13821 
13822  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13823  unhexify( result_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" );
13824 
13825  switch( SIG_RSA_SHA1 )
13826  {
13827  #ifdef POLARSSL_MD2_C
13828  case SIG_RSA_MD2:
13829  md2( message_str, msg_len, hash_result );
13830  break;
13831  #endif
13832  #ifdef POLARSSL_MD4_C
13833  case SIG_RSA_MD4:
13834  md4( message_str, msg_len, hash_result );
13835  break;
13836  #endif
13837  #ifdef POLARSSL_MD5_C
13838  case SIG_RSA_MD5:
13839  md5( message_str, msg_len, hash_result );
13840  break;
13841  #endif
13842  #ifdef POLARSSL_SHA1_C
13843  case SIG_RSA_SHA1:
13844  sha1( message_str, msg_len, hash_result );
13845  break;
13846  #endif
13847  #ifdef POLARSSL_SHA2_C
13848  case SIG_RSA_SHA224:
13849  sha2( message_str, msg_len, hash_result, 1 );
13850  break;
13851  case SIG_RSA_SHA256:
13852  sha2( message_str, msg_len, hash_result, 0 );
13853  break;
13854  #endif
13855  #ifdef POLARSSL_SHA4_C
13856  case SIG_RSA_SHA384:
13857  sha4( message_str, msg_len, hash_result, 1 );
13858  break;
13859  case SIG_RSA_SHA512:
13860  sha4( message_str, msg_len, hash_result, 0 );
13861  break;
13862  #endif
13863  }
13864 
13865  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13866 
13867  rsa_free( &ctx );
13868  }
13869  FCT_TEST_END();
13870 
13871 
13872  FCT_TEST_BGN(rsassa_pss_signature_example_9_1)
13873  {
13874  unsigned char message_str[1000];
13875  unsigned char hash_result[1000];
13876  unsigned char output[1000];
13877  unsigned char output_str[1000];
13878  unsigned char rnd_buf[1000];
13879  rsa_context ctx;
13880  mpi P1, Q1, H, G;
13881  size_t msg_len;
13882  rnd_buf_info info;
13883 
13884  info.length = unhexify( rnd_buf, "c0a425313df8d7564bd2434d311523d5257eed80" );
13885  info.buf = rnd_buf;
13886 
13887  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13889 
13890  memset( message_str, 0x00, 1000 );
13891  memset( hash_result, 0x00, 1000 );
13892  memset( output, 0x00, 1000 );
13893  memset( output_str, 0x00, 1000 );
13894 
13895  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13896  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13897  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13898  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13899  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13900 
13901  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13902  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13903  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13904  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13905  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13906  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13907  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13908  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13909 
13910  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13911 
13912  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13913 
13914  switch( SIG_RSA_SHA1 )
13915  {
13916  #ifdef POLARSSL_MD2_C
13917  case SIG_RSA_MD2:
13918  md2( message_str, msg_len, hash_result );
13919  break;
13920  #endif
13921  #ifdef POLARSSL_MD4_C
13922  case SIG_RSA_MD4:
13923  md4( message_str, msg_len, hash_result );
13924  break;
13925  #endif
13926  #ifdef POLARSSL_MD5_C
13927  case SIG_RSA_MD5:
13928  md5( message_str, msg_len, hash_result );
13929  break;
13930  #endif
13931  #ifdef POLARSSL_SHA1_C
13932  case SIG_RSA_SHA1:
13933  sha1( message_str, msg_len, hash_result );
13934  break;
13935  #endif
13936  #ifdef POLARSSL_SHA2_C
13937  case SIG_RSA_SHA224:
13938  sha2( message_str, msg_len, hash_result, 1 );
13939  break;
13940  case SIG_RSA_SHA256:
13941  sha2( message_str, msg_len, hash_result, 0 );
13942  break;
13943  #endif
13944  #ifdef POLARSSL_SHA4_C
13945  case SIG_RSA_SHA384:
13946  sha4( message_str, msg_len, hash_result, 1 );
13947  break;
13948  case SIG_RSA_SHA512:
13949  sha4( message_str, msg_len, hash_result, 0 );
13950  break;
13951  #endif
13952  }
13953 
13954  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13955  if( 0 == 0 )
13956  {
13957  hexify( output_str, output, ctx.len);
13958 
13959  fct_chk( strcasecmp( (char *) output_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" ) == 0 );
13960  }
13961 
13962  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13963  rsa_free( &ctx );
13964  }
13965  FCT_TEST_END();
13966 
13967 
13968  FCT_TEST_BGN(rsassa_pss_signature_example_9_1_verify)
13969  {
13970  unsigned char message_str[1000];
13971  unsigned char hash_result[1000];
13972  unsigned char result_str[1000];
13973  rsa_context ctx;
13974  size_t msg_len;
13975 
13977  memset( message_str, 0x00, 1000 );
13978  memset( hash_result, 0x00, 1000 );
13979  memset( result_str, 0x00, 1000 );
13980 
13981  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13982  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13983  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13984 
13985  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13986 
13987  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13988  unhexify( result_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" );
13989 
13990  switch( SIG_RSA_SHA1 )
13991  {
13992  #ifdef POLARSSL_MD2_C
13993  case SIG_RSA_MD2:
13994  md2( message_str, msg_len, hash_result );
13995  break;
13996  #endif
13997  #ifdef POLARSSL_MD4_C
13998  case SIG_RSA_MD4:
13999  md4( message_str, msg_len, hash_result );
14000  break;
14001  #endif
14002  #ifdef POLARSSL_MD5_C
14003  case SIG_RSA_MD5:
14004  md5( message_str, msg_len, hash_result );
14005  break;
14006  #endif
14007  #ifdef POLARSSL_SHA1_C
14008  case SIG_RSA_SHA1:
14009  sha1( message_str, msg_len, hash_result );
14010  break;
14011  #endif
14012  #ifdef POLARSSL_SHA2_C
14013  case SIG_RSA_SHA224:
14014  sha2( message_str, msg_len, hash_result, 1 );
14015  break;
14016  case SIG_RSA_SHA256:
14017  sha2( message_str, msg_len, hash_result, 0 );
14018  break;
14019  #endif
14020  #ifdef POLARSSL_SHA4_C
14021  case SIG_RSA_SHA384:
14022  sha4( message_str, msg_len, hash_result, 1 );
14023  break;
14024  case SIG_RSA_SHA512:
14025  sha4( message_str, msg_len, hash_result, 0 );
14026  break;
14027  #endif
14028  }
14029 
14030  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14031 
14032  rsa_free( &ctx );
14033  }
14034  FCT_TEST_END();
14035 
14036 
14037  FCT_TEST_BGN(rsassa_pss_signature_example_9_2)
14038  {
14039  unsigned char message_str[1000];
14040  unsigned char hash_result[1000];
14041  unsigned char output[1000];
14042  unsigned char output_str[1000];
14043  unsigned char rnd_buf[1000];
14044  rsa_context ctx;
14045  mpi P1, Q1, H, G;
14046  size_t msg_len;
14047  rnd_buf_info info;
14048 
14049  info.length = unhexify( rnd_buf, "b307c43b4850a8dac2f15f32e37839ef8c5c0e91" );
14050  info.buf = rnd_buf;
14051 
14052  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14054 
14055  memset( message_str, 0x00, 1000 );
14056  memset( hash_result, 0x00, 1000 );
14057  memset( output, 0x00, 1000 );
14058  memset( output_str, 0x00, 1000 );
14059 
14060  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14061  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14062  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14063  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14064  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14065 
14066  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14067  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14068  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14069  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14070  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14071  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14072  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14073  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14074 
14075  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14076 
14077  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
14078 
14079  switch( SIG_RSA_SHA1 )
14080  {
14081  #ifdef POLARSSL_MD2_C
14082  case SIG_RSA_MD2:
14083  md2( message_str, msg_len, hash_result );
14084  break;
14085  #endif
14086  #ifdef POLARSSL_MD4_C
14087  case SIG_RSA_MD4:
14088  md4( message_str, msg_len, hash_result );
14089  break;
14090  #endif
14091  #ifdef POLARSSL_MD5_C
14092  case SIG_RSA_MD5:
14093  md5( message_str, msg_len, hash_result );
14094  break;
14095  #endif
14096  #ifdef POLARSSL_SHA1_C
14097  case SIG_RSA_SHA1:
14098  sha1( message_str, msg_len, hash_result );
14099  break;
14100  #endif
14101  #ifdef POLARSSL_SHA2_C
14102  case SIG_RSA_SHA224:
14103  sha2( message_str, msg_len, hash_result, 1 );
14104  break;
14105  case SIG_RSA_SHA256:
14106  sha2( message_str, msg_len, hash_result, 0 );
14107  break;
14108  #endif
14109  #ifdef POLARSSL_SHA4_C
14110  case SIG_RSA_SHA384:
14111  sha4( message_str, msg_len, hash_result, 1 );
14112  break;
14113  case SIG_RSA_SHA512:
14114  sha4( message_str, msg_len, hash_result, 0 );
14115  break;
14116  #endif
14117  }
14118 
14119  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14120  if( 0 == 0 )
14121  {
14122  hexify( output_str, output, ctx.len);
14123 
14124  fct_chk( strcasecmp( (char *) output_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" ) == 0 );
14125  }
14126 
14127  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14128  rsa_free( &ctx );
14129  }
14130  FCT_TEST_END();
14131 
14132 
14133  FCT_TEST_BGN(rsassa_pss_signature_example_9_2_verify)
14134  {
14135  unsigned char message_str[1000];
14136  unsigned char hash_result[1000];
14137  unsigned char result_str[1000];
14138  rsa_context ctx;
14139  size_t msg_len;
14140 
14142  memset( message_str, 0x00, 1000 );
14143  memset( hash_result, 0x00, 1000 );
14144  memset( result_str, 0x00, 1000 );
14145 
14146  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14147  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14148  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14149 
14150  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14151 
14152  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
14153  unhexify( result_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" );
14154 
14155  switch( SIG_RSA_SHA1 )
14156  {
14157  #ifdef POLARSSL_MD2_C
14158  case SIG_RSA_MD2:
14159  md2( message_str, msg_len, hash_result );
14160  break;
14161  #endif
14162  #ifdef POLARSSL_MD4_C
14163  case SIG_RSA_MD4:
14164  md4( message_str, msg_len, hash_result );
14165  break;
14166  #endif
14167  #ifdef POLARSSL_MD5_C
14168  case SIG_RSA_MD5:
14169  md5( message_str, msg_len, hash_result );
14170  break;
14171  #endif
14172  #ifdef POLARSSL_SHA1_C
14173  case SIG_RSA_SHA1:
14174  sha1( message_str, msg_len, hash_result );
14175  break;
14176  #endif
14177  #ifdef POLARSSL_SHA2_C
14178  case SIG_RSA_SHA224:
14179  sha2( message_str, msg_len, hash_result, 1 );
14180  break;
14181  case SIG_RSA_SHA256:
14182  sha2( message_str, msg_len, hash_result, 0 );
14183  break;
14184  #endif
14185  #ifdef POLARSSL_SHA4_C
14186  case SIG_RSA_SHA384:
14187  sha4( message_str, msg_len, hash_result, 1 );
14188  break;
14189  case SIG_RSA_SHA512:
14190  sha4( message_str, msg_len, hash_result, 0 );
14191  break;
14192  #endif
14193  }
14194 
14195  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14196 
14197  rsa_free( &ctx );
14198  }
14199  FCT_TEST_END();
14200 
14201 
14202  FCT_TEST_BGN(rsassa_pss_signature_example_9_3)
14203  {
14204  unsigned char message_str[1000];
14205  unsigned char hash_result[1000];
14206  unsigned char output[1000];
14207  unsigned char output_str[1000];
14208  unsigned char rnd_buf[1000];
14209  rsa_context ctx;
14210  mpi P1, Q1, H, G;
14211  size_t msg_len;
14212  rnd_buf_info info;
14213 
14214  info.length = unhexify( rnd_buf, "9a2b007e80978bbb192c354eb7da9aedfc74dbf5" );
14215  info.buf = rnd_buf;
14216 
14217  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14219 
14220  memset( message_str, 0x00, 1000 );
14221  memset( hash_result, 0x00, 1000 );
14222  memset( output, 0x00, 1000 );
14223  memset( output_str, 0x00, 1000 );
14224 
14225  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14226  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14227  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14228  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14229  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14230 
14231  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14232  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14233  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14234  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14235  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14236  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14237  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14238  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14239 
14240  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14241 
14242  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
14243 
14244  switch( SIG_RSA_SHA1 )
14245  {
14246  #ifdef POLARSSL_MD2_C
14247  case SIG_RSA_MD2:
14248  md2( message_str, msg_len, hash_result );
14249  break;
14250  #endif
14251  #ifdef POLARSSL_MD4_C
14252  case SIG_RSA_MD4:
14253  md4( message_str, msg_len, hash_result );
14254  break;
14255  #endif
14256  #ifdef POLARSSL_MD5_C
14257  case SIG_RSA_MD5:
14258  md5( message_str, msg_len, hash_result );
14259  break;
14260  #endif
14261  #ifdef POLARSSL_SHA1_C
14262  case SIG_RSA_SHA1:
14263  sha1( message_str, msg_len, hash_result );
14264  break;
14265  #endif
14266  #ifdef POLARSSL_SHA2_C
14267  case SIG_RSA_SHA224:
14268  sha2( message_str, msg_len, hash_result, 1 );
14269  break;
14270  case SIG_RSA_SHA256:
14271  sha2( message_str, msg_len, hash_result, 0 );
14272  break;
14273  #endif
14274  #ifdef POLARSSL_SHA4_C
14275  case SIG_RSA_SHA384:
14276  sha4( message_str, msg_len, hash_result, 1 );
14277  break;
14278  case SIG_RSA_SHA512:
14279  sha4( message_str, msg_len, hash_result, 0 );
14280  break;
14281  #endif
14282  }
14283 
14284  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14285  if( 0 == 0 )
14286  {
14287  hexify( output_str, output, ctx.len);
14288 
14289  fct_chk( strcasecmp( (char *) output_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" ) == 0 );
14290  }
14291 
14292  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14293  rsa_free( &ctx );
14294  }
14295  FCT_TEST_END();
14296 
14297 
14298  FCT_TEST_BGN(rsassa_pss_signature_example_9_3_verify)
14299  {
14300  unsigned char message_str[1000];
14301  unsigned char hash_result[1000];
14302  unsigned char result_str[1000];
14303  rsa_context ctx;
14304  size_t msg_len;
14305 
14307  memset( message_str, 0x00, 1000 );
14308  memset( hash_result, 0x00, 1000 );
14309  memset( result_str, 0x00, 1000 );
14310 
14311  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14312  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14313  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14314 
14315  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14316 
14317  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
14318  unhexify( result_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" );
14319 
14320  switch( SIG_RSA_SHA1 )
14321  {
14322  #ifdef POLARSSL_MD2_C
14323  case SIG_RSA_MD2:
14324  md2( message_str, msg_len, hash_result );
14325  break;
14326  #endif
14327  #ifdef POLARSSL_MD4_C
14328  case SIG_RSA_MD4:
14329  md4( message_str, msg_len, hash_result );
14330  break;
14331  #endif
14332  #ifdef POLARSSL_MD5_C
14333  case SIG_RSA_MD5:
14334  md5( message_str, msg_len, hash_result );
14335  break;
14336  #endif
14337  #ifdef POLARSSL_SHA1_C
14338  case SIG_RSA_SHA1:
14339  sha1( message_str, msg_len, hash_result );
14340  break;
14341  #endif
14342  #ifdef POLARSSL_SHA2_C
14343  case SIG_RSA_SHA224:
14344  sha2( message_str, msg_len, hash_result, 1 );
14345  break;
14346  case SIG_RSA_SHA256:
14347  sha2( message_str, msg_len, hash_result, 0 );
14348  break;
14349  #endif
14350  #ifdef POLARSSL_SHA4_C
14351  case SIG_RSA_SHA384:
14352  sha4( message_str, msg_len, hash_result, 1 );
14353  break;
14354  case SIG_RSA_SHA512:
14355  sha4( message_str, msg_len, hash_result, 0 );
14356  break;
14357  #endif
14358  }
14359 
14360  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14361 
14362  rsa_free( &ctx );
14363  }
14364  FCT_TEST_END();
14365 
14366 
14367  FCT_TEST_BGN(rsassa_pss_signature_example_9_4)
14368  {
14369  unsigned char message_str[1000];
14370  unsigned char hash_result[1000];
14371  unsigned char output[1000];
14372  unsigned char output_str[1000];
14373  unsigned char rnd_buf[1000];
14374  rsa_context ctx;
14375  mpi P1, Q1, H, G;
14376  size_t msg_len;
14377  rnd_buf_info info;
14378 
14379  info.length = unhexify( rnd_buf, "70f382bddf4d5d2dd88b3bc7b7308be632b84045" );
14380  info.buf = rnd_buf;
14381 
14382  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14384 
14385  memset( message_str, 0x00, 1000 );
14386  memset( hash_result, 0x00, 1000 );
14387  memset( output, 0x00, 1000 );
14388  memset( output_str, 0x00, 1000 );
14389 
14390  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14391  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14392  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14393  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14394  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14395 
14396  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14397  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14398  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14399  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14400  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14401  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14402  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14403  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14404 
14405  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14406 
14407  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
14408 
14409  switch( SIG_RSA_SHA1 )
14410  {
14411  #ifdef POLARSSL_MD2_C
14412  case SIG_RSA_MD2:
14413  md2( message_str, msg_len, hash_result );
14414  break;
14415  #endif
14416  #ifdef POLARSSL_MD4_C
14417  case SIG_RSA_MD4:
14418  md4( message_str, msg_len, hash_result );
14419  break;
14420  #endif
14421  #ifdef POLARSSL_MD5_C
14422  case SIG_RSA_MD5:
14423  md5( message_str, msg_len, hash_result );
14424  break;
14425  #endif
14426  #ifdef POLARSSL_SHA1_C
14427  case SIG_RSA_SHA1:
14428  sha1( message_str, msg_len, hash_result );
14429  break;
14430  #endif
14431  #ifdef POLARSSL_SHA2_C
14432  case SIG_RSA_SHA224:
14433  sha2( message_str, msg_len, hash_result, 1 );
14434  break;
14435  case SIG_RSA_SHA256:
14436  sha2( message_str, msg_len, hash_result, 0 );
14437  break;
14438  #endif
14439  #ifdef POLARSSL_SHA4_C
14440  case SIG_RSA_SHA384:
14441  sha4( message_str, msg_len, hash_result, 1 );
14442  break;
14443  case SIG_RSA_SHA512:
14444  sha4( message_str, msg_len, hash_result, 0 );
14445  break;
14446  #endif
14447  }
14448 
14449  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14450  if( 0 == 0 )
14451  {
14452  hexify( output_str, output, ctx.len);
14453 
14454  fct_chk( strcasecmp( (char *) output_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" ) == 0 );
14455  }
14456 
14457  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14458  rsa_free( &ctx );
14459  }
14460  FCT_TEST_END();
14461 
14462 
14463  FCT_TEST_BGN(rsassa_pss_signature_example_9_4_verify)
14464  {
14465  unsigned char message_str[1000];
14466  unsigned char hash_result[1000];
14467  unsigned char result_str[1000];
14468  rsa_context ctx;
14469  size_t msg_len;
14470 
14472  memset( message_str, 0x00, 1000 );
14473  memset( hash_result, 0x00, 1000 );
14474  memset( result_str, 0x00, 1000 );
14475 
14476  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14477  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14478  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14479 
14480  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14481 
14482  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
14483  unhexify( result_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" );
14484 
14485  switch( SIG_RSA_SHA1 )
14486  {
14487  #ifdef POLARSSL_MD2_C
14488  case SIG_RSA_MD2:
14489  md2( message_str, msg_len, hash_result );
14490  break;
14491  #endif
14492  #ifdef POLARSSL_MD4_C
14493  case SIG_RSA_MD4:
14494  md4( message_str, msg_len, hash_result );
14495  break;
14496  #endif
14497  #ifdef POLARSSL_MD5_C
14498  case SIG_RSA_MD5:
14499  md5( message_str, msg_len, hash_result );
14500  break;
14501  #endif
14502  #ifdef POLARSSL_SHA1_C
14503  case SIG_RSA_SHA1:
14504  sha1( message_str, msg_len, hash_result );
14505  break;
14506  #endif
14507  #ifdef POLARSSL_SHA2_C
14508  case SIG_RSA_SHA224:
14509  sha2( message_str, msg_len, hash_result, 1 );
14510  break;
14511  case SIG_RSA_SHA256:
14512  sha2( message_str, msg_len, hash_result, 0 );
14513  break;
14514  #endif
14515  #ifdef POLARSSL_SHA4_C
14516  case SIG_RSA_SHA384:
14517  sha4( message_str, msg_len, hash_result, 1 );
14518  break;
14519  case SIG_RSA_SHA512:
14520  sha4( message_str, msg_len, hash_result, 0 );
14521  break;
14522  #endif
14523  }
14524 
14525  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14526 
14527  rsa_free( &ctx );
14528  }
14529  FCT_TEST_END();
14530 
14531 
14532  FCT_TEST_BGN(rsassa_pss_signature_example_9_5)
14533  {
14534  unsigned char message_str[1000];
14535  unsigned char hash_result[1000];
14536  unsigned char output[1000];
14537  unsigned char output_str[1000];
14538  unsigned char rnd_buf[1000];
14539  rsa_context ctx;
14540  mpi P1, Q1, H, G;
14541  size_t msg_len;
14542  rnd_buf_info info;
14543 
14544  info.length = unhexify( rnd_buf, "d689257a86effa68212c5e0c619eca295fb91b67" );
14545  info.buf = rnd_buf;
14546 
14547  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14549 
14550  memset( message_str, 0x00, 1000 );
14551  memset( hash_result, 0x00, 1000 );
14552  memset( output, 0x00, 1000 );
14553  memset( output_str, 0x00, 1000 );
14554 
14555  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14556  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14557  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14558  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14559  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14560 
14561  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14562  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14563  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14564  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14565  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14566  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14567  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14568  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14569 
14570  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14571 
14572  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14573 
14574  switch( SIG_RSA_SHA1 )
14575  {
14576  #ifdef POLARSSL_MD2_C
14577  case SIG_RSA_MD2:
14578  md2( message_str, msg_len, hash_result );
14579  break;
14580  #endif
14581  #ifdef POLARSSL_MD4_C
14582  case SIG_RSA_MD4:
14583  md4( message_str, msg_len, hash_result );
14584  break;
14585  #endif
14586  #ifdef POLARSSL_MD5_C
14587  case SIG_RSA_MD5:
14588  md5( message_str, msg_len, hash_result );
14589  break;
14590  #endif
14591  #ifdef POLARSSL_SHA1_C
14592  case SIG_RSA_SHA1:
14593  sha1( message_str, msg_len, hash_result );
14594  break;
14595  #endif
14596  #ifdef POLARSSL_SHA2_C
14597  case SIG_RSA_SHA224:
14598  sha2( message_str, msg_len, hash_result, 1 );
14599  break;
14600  case SIG_RSA_SHA256:
14601  sha2( message_str, msg_len, hash_result, 0 );
14602  break;
14603  #endif
14604  #ifdef POLARSSL_SHA4_C
14605  case SIG_RSA_SHA384:
14606  sha4( message_str, msg_len, hash_result, 1 );
14607  break;
14608  case SIG_RSA_SHA512:
14609  sha4( message_str, msg_len, hash_result, 0 );
14610  break;
14611  #endif
14612  }
14613 
14614  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14615  if( 0 == 0 )
14616  {
14617  hexify( output_str, output, ctx.len);
14618 
14619  fct_chk( strcasecmp( (char *) output_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" ) == 0 );
14620  }
14621 
14622  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14623  rsa_free( &ctx );
14624  }
14625  FCT_TEST_END();
14626 
14627 
14628  FCT_TEST_BGN(rsassa_pss_signature_example_9_5_verify)
14629  {
14630  unsigned char message_str[1000];
14631  unsigned char hash_result[1000];
14632  unsigned char result_str[1000];
14633  rsa_context ctx;
14634  size_t msg_len;
14635 
14637  memset( message_str, 0x00, 1000 );
14638  memset( hash_result, 0x00, 1000 );
14639  memset( result_str, 0x00, 1000 );
14640 
14641  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14642  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14643  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14644 
14645  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14646 
14647  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14648  unhexify( result_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" );
14649 
14650  switch( SIG_RSA_SHA1 )
14651  {
14652  #ifdef POLARSSL_MD2_C
14653  case SIG_RSA_MD2:
14654  md2( message_str, msg_len, hash_result );
14655  break;
14656  #endif
14657  #ifdef POLARSSL_MD4_C
14658  case SIG_RSA_MD4:
14659  md4( message_str, msg_len, hash_result );
14660  break;
14661  #endif
14662  #ifdef POLARSSL_MD5_C
14663  case SIG_RSA_MD5:
14664  md5( message_str, msg_len, hash_result );
14665  break;
14666  #endif
14667  #ifdef POLARSSL_SHA1_C
14668  case SIG_RSA_SHA1:
14669  sha1( message_str, msg_len, hash_result );
14670  break;
14671  #endif
14672  #ifdef POLARSSL_SHA2_C
14673  case SIG_RSA_SHA224:
14674  sha2( message_str, msg_len, hash_result, 1 );
14675  break;
14676  case SIG_RSA_SHA256:
14677  sha2( message_str, msg_len, hash_result, 0 );
14678  break;
14679  #endif
14680  #ifdef POLARSSL_SHA4_C
14681  case SIG_RSA_SHA384:
14682  sha4( message_str, msg_len, hash_result, 1 );
14683  break;
14684  case SIG_RSA_SHA512:
14685  sha4( message_str, msg_len, hash_result, 0 );
14686  break;
14687  #endif
14688  }
14689 
14690  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14691 
14692  rsa_free( &ctx );
14693  }
14694  FCT_TEST_END();
14695 
14696 
14697  FCT_TEST_BGN(rsassa_pss_signature_example_9_6)
14698  {
14699  unsigned char message_str[1000];
14700  unsigned char hash_result[1000];
14701  unsigned char output[1000];
14702  unsigned char output_str[1000];
14703  unsigned char rnd_buf[1000];
14704  rsa_context ctx;
14705  mpi P1, Q1, H, G;
14706  size_t msg_len;
14707  rnd_buf_info info;
14708 
14709  info.length = unhexify( rnd_buf, "c25f13bf67d081671a0481a1f1820d613bba2276" );
14710  info.buf = rnd_buf;
14711 
14712  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14714 
14715  memset( message_str, 0x00, 1000 );
14716  memset( hash_result, 0x00, 1000 );
14717  memset( output, 0x00, 1000 );
14718  memset( output_str, 0x00, 1000 );
14719 
14720  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14721  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14722  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14723  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14724  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14725 
14726  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14727  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14728  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14729  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14730  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14731  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14732  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14733  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14734 
14735  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14736 
14737  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14738 
14739  switch( SIG_RSA_SHA1 )
14740  {
14741  #ifdef POLARSSL_MD2_C
14742  case SIG_RSA_MD2:
14743  md2( message_str, msg_len, hash_result );
14744  break;
14745  #endif
14746  #ifdef POLARSSL_MD4_C
14747  case SIG_RSA_MD4:
14748  md4( message_str, msg_len, hash_result );
14749  break;
14750  #endif
14751  #ifdef POLARSSL_MD5_C
14752  case SIG_RSA_MD5:
14753  md5( message_str, msg_len, hash_result );
14754  break;
14755  #endif
14756  #ifdef POLARSSL_SHA1_C
14757  case SIG_RSA_SHA1:
14758  sha1( message_str, msg_len, hash_result );
14759  break;
14760  #endif
14761  #ifdef POLARSSL_SHA2_C
14762  case SIG_RSA_SHA224:
14763  sha2( message_str, msg_len, hash_result, 1 );
14764  break;
14765  case SIG_RSA_SHA256:
14766  sha2( message_str, msg_len, hash_result, 0 );
14767  break;
14768  #endif
14769  #ifdef POLARSSL_SHA4_C
14770  case SIG_RSA_SHA384:
14771  sha4( message_str, msg_len, hash_result, 1 );
14772  break;
14773  case SIG_RSA_SHA512:
14774  sha4( message_str, msg_len, hash_result, 0 );
14775  break;
14776  #endif
14777  }
14778 
14779  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14780  if( 0 == 0 )
14781  {
14782  hexify( output_str, output, ctx.len);
14783 
14784  fct_chk( strcasecmp( (char *) output_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" ) == 0 );
14785  }
14786 
14787  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14788  rsa_free( &ctx );
14789  }
14790  FCT_TEST_END();
14791 
14792 
14793  FCT_TEST_BGN(rsassa_pss_signature_example_9_6_verify)
14794  {
14795  unsigned char message_str[1000];
14796  unsigned char hash_result[1000];
14797  unsigned char result_str[1000];
14798  rsa_context ctx;
14799  size_t msg_len;
14800 
14802  memset( message_str, 0x00, 1000 );
14803  memset( hash_result, 0x00, 1000 );
14804  memset( result_str, 0x00, 1000 );
14805 
14806  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14807  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14808  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14809 
14810  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14811 
14812  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14813  unhexify( result_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" );
14814 
14815  switch( SIG_RSA_SHA1 )
14816  {
14817  #ifdef POLARSSL_MD2_C
14818  case SIG_RSA_MD2:
14819  md2( message_str, msg_len, hash_result );
14820  break;
14821  #endif
14822  #ifdef POLARSSL_MD4_C
14823  case SIG_RSA_MD4:
14824  md4( message_str, msg_len, hash_result );
14825  break;
14826  #endif
14827  #ifdef POLARSSL_MD5_C
14828  case SIG_RSA_MD5:
14829  md5( message_str, msg_len, hash_result );
14830  break;
14831  #endif
14832  #ifdef POLARSSL_SHA1_C
14833  case SIG_RSA_SHA1:
14834  sha1( message_str, msg_len, hash_result );
14835  break;
14836  #endif
14837  #ifdef POLARSSL_SHA2_C
14838  case SIG_RSA_SHA224:
14839  sha2( message_str, msg_len, hash_result, 1 );
14840  break;
14841  case SIG_RSA_SHA256:
14842  sha2( message_str, msg_len, hash_result, 0 );
14843  break;
14844  #endif
14845  #ifdef POLARSSL_SHA4_C
14846  case SIG_RSA_SHA384:
14847  sha4( message_str, msg_len, hash_result, 1 );
14848  break;
14849  case SIG_RSA_SHA512:
14850  sha4( message_str, msg_len, hash_result, 0 );
14851  break;
14852  #endif
14853  }
14854 
14855  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14856 
14857  rsa_free( &ctx );
14858  }
14859  FCT_TEST_END();
14860 
14861 
14862  FCT_TEST_BGN(rsassa_pss_signature_example_10_1)
14863  {
14864  unsigned char message_str[1000];
14865  unsigned char hash_result[1000];
14866  unsigned char output[1000];
14867  unsigned char output_str[1000];
14868  unsigned char rnd_buf[1000];
14869  rsa_context ctx;
14870  mpi P1, Q1, H, G;
14871  size_t msg_len;
14872  rnd_buf_info info;
14873 
14874  info.length = unhexify( rnd_buf, "04e215ee6ff934b9da70d7730c8734abfcecde89" );
14875  info.buf = rnd_buf;
14876 
14877  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14879 
14880  memset( message_str, 0x00, 1000 );
14881  memset( hash_result, 0x00, 1000 );
14882  memset( output, 0x00, 1000 );
14883  memset( output_str, 0x00, 1000 );
14884 
14885  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14886  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14887  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14888  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14889  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14890 
14891  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14892  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14893  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14894  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14895  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14896  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14897  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14898  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14899 
14900  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14901 
14902  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14903 
14904  switch( SIG_RSA_SHA1 )
14905  {
14906  #ifdef POLARSSL_MD2_C
14907  case SIG_RSA_MD2:
14908  md2( message_str, msg_len, hash_result );
14909  break;
14910  #endif
14911  #ifdef POLARSSL_MD4_C
14912  case SIG_RSA_MD4:
14913  md4( message_str, msg_len, hash_result );
14914  break;
14915  #endif
14916  #ifdef POLARSSL_MD5_C
14917  case SIG_RSA_MD5:
14918  md5( message_str, msg_len, hash_result );
14919  break;
14920  #endif
14921  #ifdef POLARSSL_SHA1_C
14922  case SIG_RSA_SHA1:
14923  sha1( message_str, msg_len, hash_result );
14924  break;
14925  #endif
14926  #ifdef POLARSSL_SHA2_C
14927  case SIG_RSA_SHA224:
14928  sha2( message_str, msg_len, hash_result, 1 );
14929  break;
14930  case SIG_RSA_SHA256:
14931  sha2( message_str, msg_len, hash_result, 0 );
14932  break;
14933  #endif
14934  #ifdef POLARSSL_SHA4_C
14935  case SIG_RSA_SHA384:
14936  sha4( message_str, msg_len, hash_result, 1 );
14937  break;
14938  case SIG_RSA_SHA512:
14939  sha4( message_str, msg_len, hash_result, 0 );
14940  break;
14941  #endif
14942  }
14943 
14944  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14945  if( 0 == 0 )
14946  {
14947  hexify( output_str, output, ctx.len);
14948 
14949  fct_chk( strcasecmp( (char *) output_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" ) == 0 );
14950  }
14951 
14952  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14953  rsa_free( &ctx );
14954  }
14955  FCT_TEST_END();
14956 
14957 
14958  FCT_TEST_BGN(rsassa_pss_signature_example_10_1_verify)
14959  {
14960  unsigned char message_str[1000];
14961  unsigned char hash_result[1000];
14962  unsigned char result_str[1000];
14963  rsa_context ctx;
14964  size_t msg_len;
14965 
14967  memset( message_str, 0x00, 1000 );
14968  memset( hash_result, 0x00, 1000 );
14969  memset( result_str, 0x00, 1000 );
14970 
14971  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14972  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14973  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14974 
14975  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14976 
14977  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14978  unhexify( result_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" );
14979 
14980  switch( SIG_RSA_SHA1 )
14981  {
14982  #ifdef POLARSSL_MD2_C
14983  case SIG_RSA_MD2:
14984  md2( message_str, msg_len, hash_result );
14985  break;
14986  #endif
14987  #ifdef POLARSSL_MD4_C
14988  case SIG_RSA_MD4:
14989  md4( message_str, msg_len, hash_result );
14990  break;
14991  #endif
14992  #ifdef POLARSSL_MD5_C
14993  case SIG_RSA_MD5:
14994  md5( message_str, msg_len, hash_result );
14995  break;
14996  #endif
14997  #ifdef POLARSSL_SHA1_C
14998  case SIG_RSA_SHA1:
14999  sha1( message_str, msg_len, hash_result );
15000  break;
15001  #endif
15002  #ifdef POLARSSL_SHA2_C
15003  case SIG_RSA_SHA224:
15004  sha2( message_str, msg_len, hash_result, 1 );
15005  break;
15006  case SIG_RSA_SHA256:
15007  sha2( message_str, msg_len, hash_result, 0 );
15008  break;
15009  #endif
15010  #ifdef POLARSSL_SHA4_C
15011  case SIG_RSA_SHA384:
15012  sha4( message_str, msg_len, hash_result, 1 );
15013  break;
15014  case SIG_RSA_SHA512:
15015  sha4( message_str, msg_len, hash_result, 0 );
15016  break;
15017  #endif
15018  }
15019 
15020  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15021 
15022  rsa_free( &ctx );
15023  }
15024  FCT_TEST_END();
15025 
15026 
15027  FCT_TEST_BGN(rsassa_pss_signature_example_10_2)
15028  {
15029  unsigned char message_str[1000];
15030  unsigned char hash_result[1000];
15031  unsigned char output[1000];
15032  unsigned char output_str[1000];
15033  unsigned char rnd_buf[1000];
15034  rsa_context ctx;
15035  mpi P1, Q1, H, G;
15036  size_t msg_len;
15037  rnd_buf_info info;
15038 
15039  info.length = unhexify( rnd_buf, "8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b" );
15040  info.buf = rnd_buf;
15041 
15042  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15044 
15045  memset( message_str, 0x00, 1000 );
15046  memset( hash_result, 0x00, 1000 );
15047  memset( output, 0x00, 1000 );
15048  memset( output_str, 0x00, 1000 );
15049 
15050  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15051  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15052  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15053  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15054  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15055 
15056  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15057  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15058  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15059  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15060  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15061  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15062  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15063  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15064 
15065  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15066 
15067  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
15068 
15069  switch( SIG_RSA_SHA1 )
15070  {
15071  #ifdef POLARSSL_MD2_C
15072  case SIG_RSA_MD2:
15073  md2( message_str, msg_len, hash_result );
15074  break;
15075  #endif
15076  #ifdef POLARSSL_MD4_C
15077  case SIG_RSA_MD4:
15078  md4( message_str, msg_len, hash_result );
15079  break;
15080  #endif
15081  #ifdef POLARSSL_MD5_C
15082  case SIG_RSA_MD5:
15083  md5( message_str, msg_len, hash_result );
15084  break;
15085  #endif
15086  #ifdef POLARSSL_SHA1_C
15087  case SIG_RSA_SHA1:
15088  sha1( message_str, msg_len, hash_result );
15089  break;
15090  #endif
15091  #ifdef POLARSSL_SHA2_C
15092  case SIG_RSA_SHA224:
15093  sha2( message_str, msg_len, hash_result, 1 );
15094  break;
15095  case SIG_RSA_SHA256:
15096  sha2( message_str, msg_len, hash_result, 0 );
15097  break;
15098  #endif
15099  #ifdef POLARSSL_SHA4_C
15100  case SIG_RSA_SHA384:
15101  sha4( message_str, msg_len, hash_result, 1 );
15102  break;
15103  case SIG_RSA_SHA512:
15104  sha4( message_str, msg_len, hash_result, 0 );
15105  break;
15106  #endif
15107  }
15108 
15109  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15110  if( 0 == 0 )
15111  {
15112  hexify( output_str, output, ctx.len);
15113 
15114  fct_chk( strcasecmp( (char *) output_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" ) == 0 );
15115  }
15116 
15117  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15118  rsa_free( &ctx );
15119  }
15120  FCT_TEST_END();
15121 
15122 
15123  FCT_TEST_BGN(rsassa_pss_signature_example_10_2_verify)
15124  {
15125  unsigned char message_str[1000];
15126  unsigned char hash_result[1000];
15127  unsigned char result_str[1000];
15128  rsa_context ctx;
15129  size_t msg_len;
15130 
15132  memset( message_str, 0x00, 1000 );
15133  memset( hash_result, 0x00, 1000 );
15134  memset( result_str, 0x00, 1000 );
15135 
15136  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15137  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15138  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15139 
15140  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15141 
15142  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
15143  unhexify( result_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" );
15144 
15145  switch( SIG_RSA_SHA1 )
15146  {
15147  #ifdef POLARSSL_MD2_C
15148  case SIG_RSA_MD2:
15149  md2( message_str, msg_len, hash_result );
15150  break;
15151  #endif
15152  #ifdef POLARSSL_MD4_C
15153  case SIG_RSA_MD4:
15154  md4( message_str, msg_len, hash_result );
15155  break;
15156  #endif
15157  #ifdef POLARSSL_MD5_C
15158  case SIG_RSA_MD5:
15159  md5( message_str, msg_len, hash_result );
15160  break;
15161  #endif
15162  #ifdef POLARSSL_SHA1_C
15163  case SIG_RSA_SHA1:
15164  sha1( message_str, msg_len, hash_result );
15165  break;
15166  #endif
15167  #ifdef POLARSSL_SHA2_C
15168  case SIG_RSA_SHA224:
15169  sha2( message_str, msg_len, hash_result, 1 );
15170  break;
15171  case SIG_RSA_SHA256:
15172  sha2( message_str, msg_len, hash_result, 0 );
15173  break;
15174  #endif
15175  #ifdef POLARSSL_SHA4_C
15176  case SIG_RSA_SHA384:
15177  sha4( message_str, msg_len, hash_result, 1 );
15178  break;
15179  case SIG_RSA_SHA512:
15180  sha4( message_str, msg_len, hash_result, 0 );
15181  break;
15182  #endif
15183  }
15184 
15185  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15186 
15187  rsa_free( &ctx );
15188  }
15189  FCT_TEST_END();
15190 
15191 
15192  FCT_TEST_BGN(rsassa_pss_signature_example_10_3)
15193  {
15194  unsigned char message_str[1000];
15195  unsigned char hash_result[1000];
15196  unsigned char output[1000];
15197  unsigned char output_str[1000];
15198  unsigned char rnd_buf[1000];
15199  rsa_context ctx;
15200  mpi P1, Q1, H, G;
15201  size_t msg_len;
15202  rnd_buf_info info;
15203 
15204  info.length = unhexify( rnd_buf, "4e96fc1b398f92b44671010c0dc3efd6e20c2d73" );
15205  info.buf = rnd_buf;
15206 
15207  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15209 
15210  memset( message_str, 0x00, 1000 );
15211  memset( hash_result, 0x00, 1000 );
15212  memset( output, 0x00, 1000 );
15213  memset( output_str, 0x00, 1000 );
15214 
15215  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15216  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15217  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15218  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15219  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15220 
15221  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15222  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15223  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15224  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15225  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15226  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15227  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15228  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15229 
15230  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15231 
15232  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
15233 
15234  switch( SIG_RSA_SHA1 )
15235  {
15236  #ifdef POLARSSL_MD2_C
15237  case SIG_RSA_MD2:
15238  md2( message_str, msg_len, hash_result );
15239  break;
15240  #endif
15241  #ifdef POLARSSL_MD4_C
15242  case SIG_RSA_MD4:
15243  md4( message_str, msg_len, hash_result );
15244  break;
15245  #endif
15246  #ifdef POLARSSL_MD5_C
15247  case SIG_RSA_MD5:
15248  md5( message_str, msg_len, hash_result );
15249  break;
15250  #endif
15251  #ifdef POLARSSL_SHA1_C
15252  case SIG_RSA_SHA1:
15253  sha1( message_str, msg_len, hash_result );
15254  break;
15255  #endif
15256  #ifdef POLARSSL_SHA2_C
15257  case SIG_RSA_SHA224:
15258  sha2( message_str, msg_len, hash_result, 1 );
15259  break;
15260  case SIG_RSA_SHA256:
15261  sha2( message_str, msg_len, hash_result, 0 );
15262  break;
15263  #endif
15264  #ifdef POLARSSL_SHA4_C
15265  case SIG_RSA_SHA384:
15266  sha4( message_str, msg_len, hash_result, 1 );
15267  break;
15268  case SIG_RSA_SHA512:
15269  sha4( message_str, msg_len, hash_result, 0 );
15270  break;
15271  #endif
15272  }
15273 
15274  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15275  if( 0 == 0 )
15276  {
15277  hexify( output_str, output, ctx.len);
15278 
15279  fct_chk( strcasecmp( (char *) output_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" ) == 0 );
15280  }
15281 
15282  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15283  rsa_free( &ctx );
15284  }
15285  FCT_TEST_END();
15286 
15287 
15288  FCT_TEST_BGN(rsassa_pss_signature_example_10_3_verify)
15289  {
15290  unsigned char message_str[1000];
15291  unsigned char hash_result[1000];
15292  unsigned char result_str[1000];
15293  rsa_context ctx;
15294  size_t msg_len;
15295 
15297  memset( message_str, 0x00, 1000 );
15298  memset( hash_result, 0x00, 1000 );
15299  memset( result_str, 0x00, 1000 );
15300 
15301  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15302  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15303  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15304 
15305  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15306 
15307  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
15308  unhexify( result_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" );
15309 
15310  switch( SIG_RSA_SHA1 )
15311  {
15312  #ifdef POLARSSL_MD2_C
15313  case SIG_RSA_MD2:
15314  md2( message_str, msg_len, hash_result );
15315  break;
15316  #endif
15317  #ifdef POLARSSL_MD4_C
15318  case SIG_RSA_MD4:
15319  md4( message_str, msg_len, hash_result );
15320  break;
15321  #endif
15322  #ifdef POLARSSL_MD5_C
15323  case SIG_RSA_MD5:
15324  md5( message_str, msg_len, hash_result );
15325  break;
15326  #endif
15327  #ifdef POLARSSL_SHA1_C
15328  case SIG_RSA_SHA1:
15329  sha1( message_str, msg_len, hash_result );
15330  break;
15331  #endif
15332  #ifdef POLARSSL_SHA2_C
15333  case SIG_RSA_SHA224:
15334  sha2( message_str, msg_len, hash_result, 1 );
15335  break;
15336  case SIG_RSA_SHA256:
15337  sha2( message_str, msg_len, hash_result, 0 );
15338  break;
15339  #endif
15340  #ifdef POLARSSL_SHA4_C
15341  case SIG_RSA_SHA384:
15342  sha4( message_str, msg_len, hash_result, 1 );
15343  break;
15344  case SIG_RSA_SHA512:
15345  sha4( message_str, msg_len, hash_result, 0 );
15346  break;
15347  #endif
15348  }
15349 
15350  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15351 
15352  rsa_free( &ctx );
15353  }
15354  FCT_TEST_END();
15355 
15356 
15357  FCT_TEST_BGN(rsassa_pss_signature_example_10_4)
15358  {
15359  unsigned char message_str[1000];
15360  unsigned char hash_result[1000];
15361  unsigned char output[1000];
15362  unsigned char output_str[1000];
15363  unsigned char rnd_buf[1000];
15364  rsa_context ctx;
15365  mpi P1, Q1, H, G;
15366  size_t msg_len;
15367  rnd_buf_info info;
15368 
15369  info.length = unhexify( rnd_buf, "c7cd698d84b65128d8835e3a8b1eb0e01cb541ec" );
15370  info.buf = rnd_buf;
15371 
15372  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15374 
15375  memset( message_str, 0x00, 1000 );
15376  memset( hash_result, 0x00, 1000 );
15377  memset( output, 0x00, 1000 );
15378  memset( output_str, 0x00, 1000 );
15379 
15380  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15381  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15382  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15383  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15384  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15385 
15386  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15387  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15388  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15389  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15390  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15391  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15392  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15393  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15394 
15395  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15396 
15397  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
15398 
15399  switch( SIG_RSA_SHA1 )
15400  {
15401  #ifdef POLARSSL_MD2_C
15402  case SIG_RSA_MD2:
15403  md2( message_str, msg_len, hash_result );
15404  break;
15405  #endif
15406  #ifdef POLARSSL_MD4_C
15407  case SIG_RSA_MD4:
15408  md4( message_str, msg_len, hash_result );
15409  break;
15410  #endif
15411  #ifdef POLARSSL_MD5_C
15412  case SIG_RSA_MD5:
15413  md5( message_str, msg_len, hash_result );
15414  break;
15415  #endif
15416  #ifdef POLARSSL_SHA1_C
15417  case SIG_RSA_SHA1:
15418  sha1( message_str, msg_len, hash_result );
15419  break;
15420  #endif
15421  #ifdef POLARSSL_SHA2_C
15422  case SIG_RSA_SHA224:
15423  sha2( message_str, msg_len, hash_result, 1 );
15424  break;
15425  case SIG_RSA_SHA256:
15426  sha2( message_str, msg_len, hash_result, 0 );
15427  break;
15428  #endif
15429  #ifdef POLARSSL_SHA4_C
15430  case SIG_RSA_SHA384:
15431  sha4( message_str, msg_len, hash_result, 1 );
15432  break;
15433  case SIG_RSA_SHA512:
15434  sha4( message_str, msg_len, hash_result, 0 );
15435  break;
15436  #endif
15437  }
15438 
15439  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15440  if( 0 == 0 )
15441  {
15442  hexify( output_str, output, ctx.len);
15443 
15444  fct_chk( strcasecmp( (char *) output_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" ) == 0 );
15445  }
15446 
15447  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15448  rsa_free( &ctx );
15449  }
15450  FCT_TEST_END();
15451 
15452 
15453  FCT_TEST_BGN(rsassa_pss_signature_example_10_4_verify)
15454  {
15455  unsigned char message_str[1000];
15456  unsigned char hash_result[1000];
15457  unsigned char result_str[1000];
15458  rsa_context ctx;
15459  size_t msg_len;
15460 
15462  memset( message_str, 0x00, 1000 );
15463  memset( hash_result, 0x00, 1000 );
15464  memset( result_str, 0x00, 1000 );
15465 
15466  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15467  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15468  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15469 
15470  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15471 
15472  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
15473  unhexify( result_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" );
15474 
15475  switch( SIG_RSA_SHA1 )
15476  {
15477  #ifdef POLARSSL_MD2_C
15478  case SIG_RSA_MD2:
15479  md2( message_str, msg_len, hash_result );
15480  break;
15481  #endif
15482  #ifdef POLARSSL_MD4_C
15483  case SIG_RSA_MD4:
15484  md4( message_str, msg_len, hash_result );
15485  break;
15486  #endif
15487  #ifdef POLARSSL_MD5_C
15488  case SIG_RSA_MD5:
15489  md5( message_str, msg_len, hash_result );
15490  break;
15491  #endif
15492  #ifdef POLARSSL_SHA1_C
15493  case SIG_RSA_SHA1:
15494  sha1( message_str, msg_len, hash_result );
15495  break;
15496  #endif
15497  #ifdef POLARSSL_SHA2_C
15498  case SIG_RSA_SHA224:
15499  sha2( message_str, msg_len, hash_result, 1 );
15500  break;
15501  case SIG_RSA_SHA256:
15502  sha2( message_str, msg_len, hash_result, 0 );
15503  break;
15504  #endif
15505  #ifdef POLARSSL_SHA4_C
15506  case SIG_RSA_SHA384:
15507  sha4( message_str, msg_len, hash_result, 1 );
15508  break;
15509  case SIG_RSA_SHA512:
15510  sha4( message_str, msg_len, hash_result, 0 );
15511  break;
15512  #endif
15513  }
15514 
15515  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15516 
15517  rsa_free( &ctx );
15518  }
15519  FCT_TEST_END();
15520 
15521 
15522  FCT_TEST_BGN(rsassa_pss_signature_example_10_5)
15523  {
15524  unsigned char message_str[1000];
15525  unsigned char hash_result[1000];
15526  unsigned char output[1000];
15527  unsigned char output_str[1000];
15528  unsigned char rnd_buf[1000];
15529  rsa_context ctx;
15530  mpi P1, Q1, H, G;
15531  size_t msg_len;
15532  rnd_buf_info info;
15533 
15534  info.length = unhexify( rnd_buf, "efa8bff96212b2f4a3f371a10d574152655f5dfb" );
15535  info.buf = rnd_buf;
15536 
15537  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15539 
15540  memset( message_str, 0x00, 1000 );
15541  memset( hash_result, 0x00, 1000 );
15542  memset( output, 0x00, 1000 );
15543  memset( output_str, 0x00, 1000 );
15544 
15545  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15546  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15547  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15548  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15549  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15550 
15551  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15552  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15553  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15554  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15555  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15556  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15557  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15558  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15559 
15560  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15561 
15562  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15563 
15564  switch( SIG_RSA_SHA1 )
15565  {
15566  #ifdef POLARSSL_MD2_C
15567  case SIG_RSA_MD2:
15568  md2( message_str, msg_len, hash_result );
15569  break;
15570  #endif
15571  #ifdef POLARSSL_MD4_C
15572  case SIG_RSA_MD4:
15573  md4( message_str, msg_len, hash_result );
15574  break;
15575  #endif
15576  #ifdef POLARSSL_MD5_C
15577  case SIG_RSA_MD5:
15578  md5( message_str, msg_len, hash_result );
15579  break;
15580  #endif
15581  #ifdef POLARSSL_SHA1_C
15582  case SIG_RSA_SHA1:
15583  sha1( message_str, msg_len, hash_result );
15584  break;
15585  #endif
15586  #ifdef POLARSSL_SHA2_C
15587  case SIG_RSA_SHA224:
15588  sha2( message_str, msg_len, hash_result, 1 );
15589  break;
15590  case SIG_RSA_SHA256:
15591  sha2( message_str, msg_len, hash_result, 0 );
15592  break;
15593  #endif
15594  #ifdef POLARSSL_SHA4_C
15595  case SIG_RSA_SHA384:
15596  sha4( message_str, msg_len, hash_result, 1 );
15597  break;
15598  case SIG_RSA_SHA512:
15599  sha4( message_str, msg_len, hash_result, 0 );
15600  break;
15601  #endif
15602  }
15603 
15604  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15605  if( 0 == 0 )
15606  {
15607  hexify( output_str, output, ctx.len);
15608 
15609  fct_chk( strcasecmp( (char *) output_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" ) == 0 );
15610  }
15611 
15612  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15613  rsa_free( &ctx );
15614  }
15615  FCT_TEST_END();
15616 
15617 
15618  FCT_TEST_BGN(rsassa_pss_signature_example_10_5_verify)
15619  {
15620  unsigned char message_str[1000];
15621  unsigned char hash_result[1000];
15622  unsigned char result_str[1000];
15623  rsa_context ctx;
15624  size_t msg_len;
15625 
15627  memset( message_str, 0x00, 1000 );
15628  memset( hash_result, 0x00, 1000 );
15629  memset( result_str, 0x00, 1000 );
15630 
15631  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15632  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15633  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15634 
15635  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15636 
15637  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15638  unhexify( result_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" );
15639 
15640  switch( SIG_RSA_SHA1 )
15641  {
15642  #ifdef POLARSSL_MD2_C
15643  case SIG_RSA_MD2:
15644  md2( message_str, msg_len, hash_result );
15645  break;
15646  #endif
15647  #ifdef POLARSSL_MD4_C
15648  case SIG_RSA_MD4:
15649  md4( message_str, msg_len, hash_result );
15650  break;
15651  #endif
15652  #ifdef POLARSSL_MD5_C
15653  case SIG_RSA_MD5:
15654  md5( message_str, msg_len, hash_result );
15655  break;
15656  #endif
15657  #ifdef POLARSSL_SHA1_C
15658  case SIG_RSA_SHA1:
15659  sha1( message_str, msg_len, hash_result );
15660  break;
15661  #endif
15662  #ifdef POLARSSL_SHA2_C
15663  case SIG_RSA_SHA224:
15664  sha2( message_str, msg_len, hash_result, 1 );
15665  break;
15666  case SIG_RSA_SHA256:
15667  sha2( message_str, msg_len, hash_result, 0 );
15668  break;
15669  #endif
15670  #ifdef POLARSSL_SHA4_C
15671  case SIG_RSA_SHA384:
15672  sha4( message_str, msg_len, hash_result, 1 );
15673  break;
15674  case SIG_RSA_SHA512:
15675  sha4( message_str, msg_len, hash_result, 0 );
15676  break;
15677  #endif
15678  }
15679 
15680  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15681 
15682  rsa_free( &ctx );
15683  }
15684  FCT_TEST_END();
15685 
15686 
15687  FCT_TEST_BGN(rsassa_pss_signature_example_10_6)
15688  {
15689  unsigned char message_str[1000];
15690  unsigned char hash_result[1000];
15691  unsigned char output[1000];
15692  unsigned char output_str[1000];
15693  unsigned char rnd_buf[1000];
15694  rsa_context ctx;
15695  mpi P1, Q1, H, G;
15696  size_t msg_len;
15697  rnd_buf_info info;
15698 
15699  info.length = unhexify( rnd_buf, "ad8b1523703646224b660b550885917ca2d1df28" );
15700  info.buf = rnd_buf;
15701 
15702  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15704 
15705  memset( message_str, 0x00, 1000 );
15706  memset( hash_result, 0x00, 1000 );
15707  memset( output, 0x00, 1000 );
15708  memset( output_str, 0x00, 1000 );
15709 
15710  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15711  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15712  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15713  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15714  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15715 
15716  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15717  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15718  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15719  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15720  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15721  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15722  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15723  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15724 
15725  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15726 
15727  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15728 
15729  switch( SIG_RSA_SHA1 )
15730  {
15731  #ifdef POLARSSL_MD2_C
15732  case SIG_RSA_MD2:
15733  md2( message_str, msg_len, hash_result );
15734  break;
15735  #endif
15736  #ifdef POLARSSL_MD4_C
15737  case SIG_RSA_MD4:
15738  md4( message_str, msg_len, hash_result );
15739  break;
15740  #endif
15741  #ifdef POLARSSL_MD5_C
15742  case SIG_RSA_MD5:
15743  md5( message_str, msg_len, hash_result );
15744  break;
15745  #endif
15746  #ifdef POLARSSL_SHA1_C
15747  case SIG_RSA_SHA1:
15748  sha1( message_str, msg_len, hash_result );
15749  break;
15750  #endif
15751  #ifdef POLARSSL_SHA2_C
15752  case SIG_RSA_SHA224:
15753  sha2( message_str, msg_len, hash_result, 1 );
15754  break;
15755  case SIG_RSA_SHA256:
15756  sha2( message_str, msg_len, hash_result, 0 );
15757  break;
15758  #endif
15759  #ifdef POLARSSL_SHA4_C
15760  case SIG_RSA_SHA384:
15761  sha4( message_str, msg_len, hash_result, 1 );
15762  break;
15763  case SIG_RSA_SHA512:
15764  sha4( message_str, msg_len, hash_result, 0 );
15765  break;
15766  #endif
15767  }
15768 
15769  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15770  if( 0 == 0 )
15771  {
15772  hexify( output_str, output, ctx.len);
15773 
15774  fct_chk( strcasecmp( (char *) output_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" ) == 0 );
15775  }
15776 
15777  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15778  rsa_free( &ctx );
15779  }
15780  FCT_TEST_END();
15781 
15782 
15783  FCT_TEST_BGN(rsassa_pss_signature_example_10_6_verify)
15784  {
15785  unsigned char message_str[1000];
15786  unsigned char hash_result[1000];
15787  unsigned char result_str[1000];
15788  rsa_context ctx;
15789  size_t msg_len;
15790 
15792  memset( message_str, 0x00, 1000 );
15793  memset( hash_result, 0x00, 1000 );
15794  memset( result_str, 0x00, 1000 );
15795 
15796  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15797  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15798  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15799 
15800  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15801 
15802  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15803  unhexify( result_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" );
15804 
15805  switch( SIG_RSA_SHA1 )
15806  {
15807  #ifdef POLARSSL_MD2_C
15808  case SIG_RSA_MD2:
15809  md2( message_str, msg_len, hash_result );
15810  break;
15811  #endif
15812  #ifdef POLARSSL_MD4_C
15813  case SIG_RSA_MD4:
15814  md4( message_str, msg_len, hash_result );
15815  break;
15816  #endif
15817  #ifdef POLARSSL_MD5_C
15818  case SIG_RSA_MD5:
15819  md5( message_str, msg_len, hash_result );
15820  break;
15821  #endif
15822  #ifdef POLARSSL_SHA1_C
15823  case SIG_RSA_SHA1:
15824  sha1( message_str, msg_len, hash_result );
15825  break;
15826  #endif
15827  #ifdef POLARSSL_SHA2_C
15828  case SIG_RSA_SHA224:
15829  sha2( message_str, msg_len, hash_result, 1 );
15830  break;
15831  case SIG_RSA_SHA256:
15832  sha2( message_str, msg_len, hash_result, 0 );
15833  break;
15834  #endif
15835  #ifdef POLARSSL_SHA4_C
15836  case SIG_RSA_SHA384:
15837  sha4( message_str, msg_len, hash_result, 1 );
15838  break;
15839  case SIG_RSA_SHA512:
15840  sha4( message_str, msg_len, hash_result, 0 );
15841  break;
15842  #endif
15843  }
15844 
15845  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15846 
15847  rsa_free( &ctx );
15848  }
15849  FCT_TEST_END();
15850 
15851  }
15852  FCT_SUITE_END();
15853 
15854 #endif /* POLARSSL_PKCS1_V21 */
15855 #endif /* POLARSSL_RSA_C */
15856 #endif /* POLARSSL_BIGNUM_C */
15857 #endif /* POLARSSL_SHA1_C */
15858 #endif /* POLARSSL_GENPRIME */
15859 
15860 }
15861 FCT_END();
15862