PolarSSL v1.1.4
test_suite_pkcs1_v21.c
Go to the documentation of this file.
1 #include "fct.h"
2 
3 #include <polarssl/rsa.h>
4 #include <polarssl/md.h>
5 #include <polarssl/md2.h>
6 #include <polarssl/md4.h>
7 #include <polarssl/md5.h>
8 #include <polarssl/sha1.h>
9 #include <polarssl/sha2.h>
10 #include <polarssl/sha4.h>
11 
12 #include <polarssl/config.h>
13 
14 #ifdef _MSC_VER
15 #include <basetsd.h>
16 typedef UINT32 uint32_t;
17 #else
18 #include <inttypes.h>
19 #endif
20 
21 /*
22  * 32-bit integer manipulation macros (big endian)
23  */
24 #ifndef GET_ULONG_BE
25 #define GET_ULONG_BE(n,b,i) \
26 { \
27  (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
28  | ( (unsigned long) (b)[(i) + 1] << 16 ) \
29  | ( (unsigned long) (b)[(i) + 2] << 8 ) \
30  | ( (unsigned long) (b)[(i) + 3] ); \
31 }
32 #endif
33 
34 #ifndef PUT_ULONG_BE
35 #define PUT_ULONG_BE(n,b,i) \
36 { \
37  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
38  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
39  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
40  (b)[(i) + 3] = (unsigned char) ( (n) ); \
41 }
42 #endif
43 
44 int unhexify(unsigned char *obuf, const char *ibuf)
45 {
46  unsigned char c, c2;
47  int len = strlen(ibuf) / 2;
48  assert(!(strlen(ibuf) %1)); // must be even number of bytes
49 
50  while (*ibuf != 0)
51  {
52  c = *ibuf++;
53  if( c >= '0' && c <= '9' )
54  c -= '0';
55  else if( c >= 'a' && c <= 'f' )
56  c -= 'a' - 10;
57  else if( c >= 'A' && c <= 'F' )
58  c -= 'A' - 10;
59  else
60  assert( 0 );
61 
62  c2 = *ibuf++;
63  if( c2 >= '0' && c2 <= '9' )
64  c2 -= '0';
65  else if( c2 >= 'a' && c2 <= 'f' )
66  c2 -= 'a' - 10;
67  else if( c2 >= 'A' && c2 <= 'F' )
68  c2 -= 'A' - 10;
69  else
70  assert( 0 );
71 
72  *obuf++ = ( c << 4 ) | c2;
73  }
74 
75  return len;
76 }
77 
78 void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
79 {
80  unsigned char l, h;
81 
82  while (len != 0)
83  {
84  h = (*ibuf) / 16;
85  l = (*ibuf) % 16;
86 
87  if( h < 10 )
88  *obuf++ = '0' + h;
89  else
90  *obuf++ = 'a' + h - 10;
91 
92  if( l < 10 )
93  *obuf++ = '0' + l;
94  else
95  *obuf++ = 'a' + l - 10;
96 
97  ++ibuf;
98  len--;
99  }
100 }
101 
111 static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
112 {
113  size_t i;
114 
115  if( rng_state != NULL )
116  rng_state = NULL;
117 
118  for( i = 0; i < len; ++i )
119  output[i] = rand();
120 
121  return( 0 );
122 }
123 
129 static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
130 {
131  if( rng_state != NULL )
132  rng_state = NULL;
133 
134  memset( output, 0, len );
135 
136  return( 0 );
137 }
138 
139 typedef struct
140 {
141  unsigned char *buf;
142  size_t length;
143 } rnd_buf_info;
144 
156 static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
157 {
158  rnd_buf_info *info = (rnd_buf_info *) rng_state;
159  size_t use_len;
160 
161  if( rng_state == NULL )
162  return( rnd_std_rand( NULL, output, len ) );
163 
164  use_len = len;
165  if( len > info->length )
166  use_len = info->length;
167 
168  if( use_len )
169  {
170  memcpy( output, info->buf, use_len );
171  info->buf += use_len;
172  info->length -= use_len;
173  }
174 
175  if( len - use_len > 0 )
176  return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
177 
178  return( 0 );
179 }
180 
188 typedef struct
189 {
190  uint32_t key[16];
191  uint32_t v0, v1;
193 
202 static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
203 {
204  rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
205  uint32_t i, *k, sum, delta=0x9E3779B9;
206  unsigned char result[4];
207 
208  if( rng_state == NULL )
209  return( rnd_std_rand( NULL, output, len ) );
210 
211  k = info->key;
212 
213  while( len > 0 )
214  {
215  size_t use_len = ( len > 4 ) ? 4 : len;
216  sum = 0;
217 
218  for( i = 0; i < 32; i++ )
219  {
220  info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
221  sum += delta;
222  info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
223  }
224 
225  PUT_ULONG_BE( info->v0, result, 0 );
226  memcpy( output, result, use_len );
227  len -= use_len;
228  }
229 
230  return( 0 );
231 }
232 
233 
235 {
236 #ifdef POLARSSL_PKCS1_V21
237 #ifdef POLARSSL_RSA_C
238 #ifdef POLARSSL_BIGNUM_C
239 #ifdef POLARSSL_SHA1_C
240 #ifdef POLARSSL_GENPRIME
241 
242 
243  FCT_SUITE_BGN(test_suite_pkcs1_v21)
244  {
245 
246  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_int)
247  {
248  unsigned char message_str[1000];
249  unsigned char output[1000];
250  unsigned char output_str[1000];
251  unsigned char rnd_buf[1000];
252  rsa_context ctx;
253  size_t msg_len;
254  rnd_buf_info info;
255 
256  info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
257  info.buf = rnd_buf;
258 
260  memset( message_str, 0x00, 1000 );
261  memset( output, 0x00, 1000 );
262  memset( output_str, 0x00, 1000 );
263 
264  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
265  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
266  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
267 
268  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
269 
270  msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49" );
271 
272  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
273  if( 0 == 0 )
274  {
275  hexify( output_str, output, ctx.len );
276 
277  fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
278  }
279  }
280  FCT_TEST_END();
281 
282 
283  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_1)
284  {
285  unsigned char message_str[1000];
286  unsigned char output[1000];
287  unsigned char output_str[1000];
288  unsigned char rnd_buf[1000];
289  rsa_context ctx;
290  size_t msg_len;
291  rnd_buf_info info;
292 
293  info.length = unhexify( rnd_buf, "18b776ea21069d69776a33e96bad48e1dda0a5ef" );
294  info.buf = rnd_buf;
295 
297  memset( message_str, 0x00, 1000 );
298  memset( output, 0x00, 1000 );
299  memset( output_str, 0x00, 1000 );
300 
301  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
302  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
303  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
304 
305  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
306 
307  msg_len = unhexify( message_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" );
308 
309  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
310  if( 0 == 0 )
311  {
312  hexify( output_str, output, ctx.len );
313 
314  fct_chk( strcasecmp( (char *) output_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" ) == 0 );
315  }
316  }
317  FCT_TEST_END();
318 
319 
320  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_2)
321  {
322  unsigned char message_str[1000];
323  unsigned char output[1000];
324  unsigned char output_str[1000];
325  unsigned char rnd_buf[1000];
326  rsa_context ctx;
327  size_t msg_len;
328  rnd_buf_info info;
329 
330  info.length = unhexify( rnd_buf, "0cc742ce4a9b7f32f951bcb251efd925fe4fe35f" );
331  info.buf = rnd_buf;
332 
334  memset( message_str, 0x00, 1000 );
335  memset( output, 0x00, 1000 );
336  memset( output_str, 0x00, 1000 );
337 
338  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
339  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
340  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
341 
342  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
343 
344  msg_len = unhexify( message_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" );
345 
346  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
347  if( 0 == 0 )
348  {
349  hexify( output_str, output, ctx.len );
350 
351  fct_chk( strcasecmp( (char *) output_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" ) == 0 );
352  }
353  }
354  FCT_TEST_END();
355 
356 
357  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_3)
358  {
359  unsigned char message_str[1000];
360  unsigned char output[1000];
361  unsigned char output_str[1000];
362  unsigned char rnd_buf[1000];
363  rsa_context ctx;
364  size_t msg_len;
365  rnd_buf_info info;
366 
367  info.length = unhexify( rnd_buf, "2514df4695755a67b288eaf4905c36eec66fd2fd" );
368  info.buf = rnd_buf;
369 
371  memset( message_str, 0x00, 1000 );
372  memset( output, 0x00, 1000 );
373  memset( output_str, 0x00, 1000 );
374 
375  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
376  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
377  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
378 
379  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
380 
381  msg_len = unhexify( message_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" );
382 
383  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
384  if( 0 == 0 )
385  {
386  hexify( output_str, output, ctx.len );
387 
388  fct_chk( strcasecmp( (char *) output_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" ) == 0 );
389  }
390  }
391  FCT_TEST_END();
392 
393 
394  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_4)
395  {
396  unsigned char message_str[1000];
397  unsigned char output[1000];
398  unsigned char output_str[1000];
399  unsigned char rnd_buf[1000];
400  rsa_context ctx;
401  size_t msg_len;
402  rnd_buf_info info;
403 
404  info.length = unhexify( rnd_buf, "c4435a3e1a18a68b6820436290a37cefb85db3fb" );
405  info.buf = rnd_buf;
406 
408  memset( message_str, 0x00, 1000 );
409  memset( output, 0x00, 1000 );
410  memset( output_str, 0x00, 1000 );
411 
412  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
413  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
414  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
415 
416  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
417 
418  msg_len = unhexify( message_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" );
419 
420  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
421  if( 0 == 0 )
422  {
423  hexify( output_str, output, ctx.len );
424 
425  fct_chk( strcasecmp( (char *) output_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" ) == 0 );
426  }
427  }
428  FCT_TEST_END();
429 
430 
431  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_5)
432  {
433  unsigned char message_str[1000];
434  unsigned char output[1000];
435  unsigned char output_str[1000];
436  unsigned char rnd_buf[1000];
437  rsa_context ctx;
438  size_t msg_len;
439  rnd_buf_info info;
440 
441  info.length = unhexify( rnd_buf, "b318c42df3be0f83fea823f5a7b47ed5e425a3b5" );
442  info.buf = rnd_buf;
443 
445  memset( message_str, 0x00, 1000 );
446  memset( output, 0x00, 1000 );
447  memset( output_str, 0x00, 1000 );
448 
449  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
450  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
451  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
452 
453  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
454 
455  msg_len = unhexify( message_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802" );
456 
457  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
458  if( 0 == 0 )
459  {
460  hexify( output_str, output, ctx.len );
461 
462  fct_chk( strcasecmp( (char *) output_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" ) == 0 );
463  }
464  }
465  FCT_TEST_END();
466 
467 
468  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_6)
469  {
470  unsigned char message_str[1000];
471  unsigned char output[1000];
472  unsigned char output_str[1000];
473  unsigned char rnd_buf[1000];
474  rsa_context ctx;
475  size_t msg_len;
476  rnd_buf_info info;
477 
478  info.length = unhexify( rnd_buf, "e4ec0982c2336f3a677f6a356174eb0ce887abc2" );
479  info.buf = rnd_buf;
480 
482  memset( message_str, 0x00, 1000 );
483  memset( output, 0x00, 1000 );
484  memset( output_str, 0x00, 1000 );
485 
486  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
487  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
488  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
489 
490  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
491 
492  msg_len = unhexify( message_str, "26521050844271" );
493 
494  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
495  if( 0 == 0 )
496  {
497  hexify( output_str, output, ctx.len );
498 
499  fct_chk( strcasecmp( (char *) output_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" ) == 0 );
500  }
501  }
502  FCT_TEST_END();
503 
504 
505  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_1)
506  {
507  unsigned char message_str[1000];
508  unsigned char output[1000];
509  unsigned char output_str[1000];
510  unsigned char rnd_buf[1000];
511  rsa_context ctx;
512  size_t msg_len;
513  rnd_buf_info info;
514 
515  info.length = unhexify( rnd_buf, "8c407b5ec2899e5099c53e8ce793bf94e71b1782" );
516  info.buf = rnd_buf;
517 
519  memset( message_str, 0x00, 1000 );
520  memset( output, 0x00, 1000 );
521  memset( output_str, 0x00, 1000 );
522 
523  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
524  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
525  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
526 
527  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
528 
529  msg_len = unhexify( message_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" );
530 
531  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
532  if( 0 == 0 )
533  {
534  hexify( output_str, output, ctx.len );
535 
536  fct_chk( strcasecmp( (char *) output_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" ) == 0 );
537  }
538  }
539  FCT_TEST_END();
540 
541 
542  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_2)
543  {
544  unsigned char message_str[1000];
545  unsigned char output[1000];
546  unsigned char output_str[1000];
547  unsigned char rnd_buf[1000];
548  rsa_context ctx;
549  size_t msg_len;
550  rnd_buf_info info;
551 
552  info.length = unhexify( rnd_buf, "b600cf3c2e506d7f16778c910d3a8b003eee61d5" );
553  info.buf = rnd_buf;
554 
556  memset( message_str, 0x00, 1000 );
557  memset( output, 0x00, 1000 );
558  memset( output_str, 0x00, 1000 );
559 
560  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
561  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
562  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
563 
564  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
565 
566  msg_len = unhexify( message_str, "2d" );
567 
568  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
569  if( 0 == 0 )
570  {
571  hexify( output_str, output, ctx.len );
572 
573  fct_chk( strcasecmp( (char *) output_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" ) == 0 );
574  }
575  }
576  FCT_TEST_END();
577 
578 
579  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_3)
580  {
581  unsigned char message_str[1000];
582  unsigned char output[1000];
583  unsigned char output_str[1000];
584  unsigned char rnd_buf[1000];
585  rsa_context ctx;
586  size_t msg_len;
587  rnd_buf_info info;
588 
589  info.length = unhexify( rnd_buf, "a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3" );
590  info.buf = rnd_buf;
591 
593  memset( message_str, 0x00, 1000 );
594  memset( output, 0x00, 1000 );
595  memset( output_str, 0x00, 1000 );
596 
597  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
598  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
599  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
600 
601  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
602 
603  msg_len = unhexify( message_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" );
604 
605  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
606  if( 0 == 0 )
607  {
608  hexify( output_str, output, ctx.len );
609 
610  fct_chk( strcasecmp( (char *) output_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" ) == 0 );
611  }
612  }
613  FCT_TEST_END();
614 
615 
616  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_4)
617  {
618  unsigned char message_str[1000];
619  unsigned char output[1000];
620  unsigned char output_str[1000];
621  unsigned char rnd_buf[1000];
622  rsa_context ctx;
623  size_t msg_len;
624  rnd_buf_info info;
625 
626  info.length = unhexify( rnd_buf, "9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156" );
627  info.buf = rnd_buf;
628 
630  memset( message_str, 0x00, 1000 );
631  memset( output, 0x00, 1000 );
632  memset( output_str, 0x00, 1000 );
633 
634  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
635  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
636  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
637 
638  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
639 
640  msg_len = unhexify( message_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" );
641 
642  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
643  if( 0 == 0 )
644  {
645  hexify( output_str, output, ctx.len );
646 
647  fct_chk( strcasecmp( (char *) output_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" ) == 0 );
648  }
649  }
650  FCT_TEST_END();
651 
652 
653  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_5)
654  {
655  unsigned char message_str[1000];
656  unsigned char output[1000];
657  unsigned char output_str[1000];
658  unsigned char rnd_buf[1000];
659  rsa_context ctx;
660  size_t msg_len;
661  rnd_buf_info info;
662 
663  info.length = unhexify( rnd_buf, "eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3" );
664  info.buf = rnd_buf;
665 
667  memset( message_str, 0x00, 1000 );
668  memset( output, 0x00, 1000 );
669  memset( output_str, 0x00, 1000 );
670 
671  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
672  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
673  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
674 
675  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
676 
677  msg_len = unhexify( message_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" );
678 
679  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
680  if( 0 == 0 )
681  {
682  hexify( output_str, output, ctx.len );
683 
684  fct_chk( strcasecmp( (char *) output_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" ) == 0 );
685  }
686  }
687  FCT_TEST_END();
688 
689 
690  FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_6)
691  {
692  unsigned char message_str[1000];
693  unsigned char output[1000];
694  unsigned char output_str[1000];
695  unsigned char rnd_buf[1000];
696  rsa_context ctx;
697  size_t msg_len;
698  rnd_buf_info info;
699 
700  info.length = unhexify( rnd_buf, "4c45cf4d57c98e3d6d2095adc51c489eb50dff84" );
701  info.buf = rnd_buf;
702 
704  memset( message_str, 0x00, 1000 );
705  memset( output, 0x00, 1000 );
706  memset( output_str, 0x00, 1000 );
707 
708  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
709  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
710  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
711 
712  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
713 
714  msg_len = unhexify( message_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" );
715 
716  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
717  if( 0 == 0 )
718  {
719  hexify( output_str, output, ctx.len );
720 
721  fct_chk( strcasecmp( (char *) output_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" ) == 0 );
722  }
723  }
724  FCT_TEST_END();
725 
726 
727  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_1)
728  {
729  unsigned char message_str[1000];
730  unsigned char output[1000];
731  unsigned char output_str[1000];
732  unsigned char rnd_buf[1000];
733  rsa_context ctx;
734  size_t msg_len;
735  rnd_buf_info info;
736 
737  info.length = unhexify( rnd_buf, "8ced6b196290805790e909074015e6a20b0c4894" );
738  info.buf = rnd_buf;
739 
741  memset( message_str, 0x00, 1000 );
742  memset( output, 0x00, 1000 );
743  memset( output_str, 0x00, 1000 );
744 
745  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
746  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
747  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
748 
749  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
750 
751  msg_len = unhexify( message_str, "087820b569e8fa8d" );
752 
753  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
754  if( 0 == 0 )
755  {
756  hexify( output_str, output, ctx.len );
757 
758  fct_chk( strcasecmp( (char *) output_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" ) == 0 );
759  }
760  }
761  FCT_TEST_END();
762 
763 
764  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_2)
765  {
766  unsigned char message_str[1000];
767  unsigned char output[1000];
768  unsigned char output_str[1000];
769  unsigned char rnd_buf[1000];
770  rsa_context ctx;
771  size_t msg_len;
772  rnd_buf_info info;
773 
774  info.length = unhexify( rnd_buf, "b4291d6567550848cc156967c809baab6ca507f0" );
775  info.buf = rnd_buf;
776 
778  memset( message_str, 0x00, 1000 );
779  memset( output, 0x00, 1000 );
780  memset( output_str, 0x00, 1000 );
781 
782  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
783  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
784  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
785 
786  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
787 
788  msg_len = unhexify( message_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" );
789 
790  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
791  if( 0 == 0 )
792  {
793  hexify( output_str, output, ctx.len );
794 
795  fct_chk( strcasecmp( (char *) output_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" ) == 0 );
796  }
797  }
798  FCT_TEST_END();
799 
800 
801  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_3)
802  {
803  unsigned char message_str[1000];
804  unsigned char output[1000];
805  unsigned char output_str[1000];
806  unsigned char rnd_buf[1000];
807  rsa_context ctx;
808  size_t msg_len;
809  rnd_buf_info info;
810 
811  info.length = unhexify( rnd_buf, "ce8928f6059558254008badd9794fadcd2fd1f65" );
812  info.buf = rnd_buf;
813 
815  memset( message_str, 0x00, 1000 );
816  memset( output, 0x00, 1000 );
817  memset( output_str, 0x00, 1000 );
818 
819  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
820  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
821  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
822 
823  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
824 
825  msg_len = unhexify( message_str, "d94cd0e08fa404ed89" );
826 
827  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
828  if( 0 == 0 )
829  {
830  hexify( output_str, output, ctx.len );
831 
832  fct_chk( strcasecmp( (char *) output_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" ) == 0 );
833  }
834  }
835  FCT_TEST_END();
836 
837 
838  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_4)
839  {
840  unsigned char message_str[1000];
841  unsigned char output[1000];
842  unsigned char output_str[1000];
843  unsigned char rnd_buf[1000];
844  rsa_context ctx;
845  size_t msg_len;
846  rnd_buf_info info;
847 
848  info.length = unhexify( rnd_buf, "6e2979f52d6814a57d83b090054888f119a5b9a3" );
849  info.buf = rnd_buf;
850 
852  memset( message_str, 0x00, 1000 );
853  memset( output, 0x00, 1000 );
854  memset( output_str, 0x00, 1000 );
855 
856  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
857  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
858  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
859 
860  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
861 
862  msg_len = unhexify( message_str, "6cc641b6b61e6f963974dad23a9013284ef1" );
863 
864  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
865  if( 0 == 0 )
866  {
867  hexify( output_str, output, ctx.len );
868 
869  fct_chk( strcasecmp( (char *) output_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" ) == 0 );
870  }
871  }
872  FCT_TEST_END();
873 
874 
875  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_5)
876  {
877  unsigned char message_str[1000];
878  unsigned char output[1000];
879  unsigned char output_str[1000];
880  unsigned char rnd_buf[1000];
881  rsa_context ctx;
882  size_t msg_len;
883  rnd_buf_info info;
884 
885  info.length = unhexify( rnd_buf, "2d760bfe38c59de34cdc8b8c78a38e66284a2d27" );
886  info.buf = rnd_buf;
887 
889  memset( message_str, 0x00, 1000 );
890  memset( output, 0x00, 1000 );
891  memset( output_str, 0x00, 1000 );
892 
893  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
894  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
895  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
896 
897  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
898 
899  msg_len = unhexify( message_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" );
900 
901  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
902  if( 0 == 0 )
903  {
904  hexify( output_str, output, ctx.len );
905 
906  fct_chk( strcasecmp( (char *) output_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" ) == 0 );
907  }
908  }
909  FCT_TEST_END();
910 
911 
912  FCT_TEST_BGN(rsaes_oaep_encryption_example_3_6)
913  {
914  unsigned char message_str[1000];
915  unsigned char output[1000];
916  unsigned char output_str[1000];
917  unsigned char rnd_buf[1000];
918  rsa_context ctx;
919  size_t msg_len;
920  rnd_buf_info info;
921 
922  info.length = unhexify( rnd_buf, "f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e" );
923  info.buf = rnd_buf;
924 
926  memset( message_str, 0x00, 1000 );
927  memset( output, 0x00, 1000 );
928  memset( output_str, 0x00, 1000 );
929 
930  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
931  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
932  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
933 
934  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
935 
936  msg_len = unhexify( message_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" );
937 
938  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
939  if( 0 == 0 )
940  {
941  hexify( output_str, output, ctx.len );
942 
943  fct_chk( strcasecmp( (char *) output_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" ) == 0 );
944  }
945  }
946  FCT_TEST_END();
947 
948 
949  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_1)
950  {
951  unsigned char message_str[1000];
952  unsigned char output[1000];
953  unsigned char output_str[1000];
954  unsigned char rnd_buf[1000];
955  rsa_context ctx;
956  size_t msg_len;
957  rnd_buf_info info;
958 
959  info.length = unhexify( rnd_buf, "1cac19ce993def55f98203f6852896c95ccca1f3" );
960  info.buf = rnd_buf;
961 
963  memset( message_str, 0x00, 1000 );
964  memset( output, 0x00, 1000 );
965  memset( output_str, 0x00, 1000 );
966 
967  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
968  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
969  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
970 
971  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
972 
973  msg_len = unhexify( message_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" );
974 
975  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
976  if( 0 == 0 )
977  {
978  hexify( output_str, output, ctx.len );
979 
980  fct_chk( strcasecmp( (char *) output_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" ) == 0 );
981  }
982  }
983  FCT_TEST_END();
984 
985 
986  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_2)
987  {
988  unsigned char message_str[1000];
989  unsigned char output[1000];
990  unsigned char output_str[1000];
991  unsigned char rnd_buf[1000];
992  rsa_context ctx;
993  size_t msg_len;
994  rnd_buf_info info;
995 
996  info.length = unhexify( rnd_buf, "f545d5897585e3db71aa0cb8da76c51d032ae963" );
997  info.buf = rnd_buf;
998 
1000  memset( message_str, 0x00, 1000 );
1001  memset( output, 0x00, 1000 );
1002  memset( output_str, 0x00, 1000 );
1003 
1004  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1005  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1006  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1007 
1008  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1009 
1010  msg_len = unhexify( message_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" );
1011 
1012  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1013  if( 0 == 0 )
1014  {
1015  hexify( output_str, output, ctx.len );
1016 
1017  fct_chk( strcasecmp( (char *) output_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" ) == 0 );
1018  }
1019  }
1020  FCT_TEST_END();
1021 
1022 
1023  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_3)
1024  {
1025  unsigned char message_str[1000];
1026  unsigned char output[1000];
1027  unsigned char output_str[1000];
1028  unsigned char rnd_buf[1000];
1029  rsa_context ctx;
1030  size_t msg_len;
1031  rnd_buf_info info;
1032 
1033  info.length = unhexify( rnd_buf, "ad997feef730d6ea7be60d0dc52e72eacbfdd275" );
1034  info.buf = rnd_buf;
1035 
1037  memset( message_str, 0x00, 1000 );
1038  memset( output, 0x00, 1000 );
1039  memset( output_str, 0x00, 1000 );
1040 
1041  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1042  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1043  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1044 
1045  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1046 
1047  msg_len = unhexify( message_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" );
1048 
1049  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1050  if( 0 == 0 )
1051  {
1052  hexify( output_str, output, ctx.len );
1053 
1054  fct_chk( strcasecmp( (char *) output_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" ) == 0 );
1055  }
1056  }
1057  FCT_TEST_END();
1058 
1059 
1060  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_4)
1061  {
1062  unsigned char message_str[1000];
1063  unsigned char output[1000];
1064  unsigned char output_str[1000];
1065  unsigned char rnd_buf[1000];
1066  rsa_context ctx;
1067  size_t msg_len;
1068  rnd_buf_info info;
1069 
1070  info.length = unhexify( rnd_buf, "136454df5730f73c807a7e40d8c1a312ac5b9dd3" );
1071  info.buf = rnd_buf;
1072 
1074  memset( message_str, 0x00, 1000 );
1075  memset( output, 0x00, 1000 );
1076  memset( output_str, 0x00, 1000 );
1077 
1078  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1079  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1080  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1081 
1082  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1083 
1084  msg_len = unhexify( message_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" );
1085 
1086  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1087  if( 0 == 0 )
1088  {
1089  hexify( output_str, output, ctx.len );
1090 
1091  fct_chk( strcasecmp( (char *) output_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" ) == 0 );
1092  }
1093  }
1094  FCT_TEST_END();
1095 
1096 
1097  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_5)
1098  {
1099  unsigned char message_str[1000];
1100  unsigned char output[1000];
1101  unsigned char output_str[1000];
1102  unsigned char rnd_buf[1000];
1103  rsa_context ctx;
1104  size_t msg_len;
1105  rnd_buf_info info;
1106 
1107  info.length = unhexify( rnd_buf, "bca8057f824b2ea257f2861407eef63d33208681" );
1108  info.buf = rnd_buf;
1109 
1111  memset( message_str, 0x00, 1000 );
1112  memset( output, 0x00, 1000 );
1113  memset( output_str, 0x00, 1000 );
1114 
1115  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1116  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1117  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1118 
1119  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1120 
1121  msg_len = unhexify( message_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" );
1122 
1123  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1124  if( 0 == 0 )
1125  {
1126  hexify( output_str, output, ctx.len );
1127 
1128  fct_chk( strcasecmp( (char *) output_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" ) == 0 );
1129  }
1130  }
1131  FCT_TEST_END();
1132 
1133 
1134  FCT_TEST_BGN(rsaes_oaep_encryption_example_4_6)
1135  {
1136  unsigned char message_str[1000];
1137  unsigned char output[1000];
1138  unsigned char output_str[1000];
1139  unsigned char rnd_buf[1000];
1140  rsa_context ctx;
1141  size_t msg_len;
1142  rnd_buf_info info;
1143 
1144  info.length = unhexify( rnd_buf, "2e7e1e17f647b5ddd033e15472f90f6812f3ac4e" );
1145  info.buf = rnd_buf;
1146 
1148  memset( message_str, 0x00, 1000 );
1149  memset( output, 0x00, 1000 );
1150  memset( output_str, 0x00, 1000 );
1151 
1152  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
1153  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
1154  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1155 
1156  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1157 
1158  msg_len = unhexify( message_str, "f22242751ec6b1" );
1159 
1160  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1161  if( 0 == 0 )
1162  {
1163  hexify( output_str, output, ctx.len );
1164 
1165  fct_chk( strcasecmp( (char *) output_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" ) == 0 );
1166  }
1167  }
1168  FCT_TEST_END();
1169 
1170 
1171  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_1)
1172  {
1173  unsigned char message_str[1000];
1174  unsigned char output[1000];
1175  unsigned char output_str[1000];
1176  unsigned char rnd_buf[1000];
1177  rsa_context ctx;
1178  size_t msg_len;
1179  rnd_buf_info info;
1180 
1181  info.length = unhexify( rnd_buf, "44c92e283f77b9499c603d963660c87d2f939461" );
1182  info.buf = rnd_buf;
1183 
1185  memset( message_str, 0x00, 1000 );
1186  memset( output, 0x00, 1000 );
1187  memset( output_str, 0x00, 1000 );
1188 
1189  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1190  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1191  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1192 
1193  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1194 
1195  msg_len = unhexify( message_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" );
1196 
1197  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1198  if( 0 == 0 )
1199  {
1200  hexify( output_str, output, ctx.len );
1201 
1202  fct_chk( strcasecmp( (char *) output_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" ) == 0 );
1203  }
1204  }
1205  FCT_TEST_END();
1206 
1207 
1208  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_2)
1209  {
1210  unsigned char message_str[1000];
1211  unsigned char output[1000];
1212  unsigned char output_str[1000];
1213  unsigned char rnd_buf[1000];
1214  rsa_context ctx;
1215  size_t msg_len;
1216  rnd_buf_info info;
1217 
1218  info.length = unhexify( rnd_buf, "cb28f5860659fceee49c3eeafce625a70803bd32" );
1219  info.buf = rnd_buf;
1220 
1222  memset( message_str, 0x00, 1000 );
1223  memset( output, 0x00, 1000 );
1224  memset( output_str, 0x00, 1000 );
1225 
1226  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1227  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1228  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1229 
1230  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1231 
1232  msg_len = unhexify( message_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" );
1233 
1234  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1235  if( 0 == 0 )
1236  {
1237  hexify( output_str, output, ctx.len );
1238 
1239  fct_chk( strcasecmp( (char *) output_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" ) == 0 );
1240  }
1241  }
1242  FCT_TEST_END();
1243 
1244 
1245  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_3)
1246  {
1247  unsigned char message_str[1000];
1248  unsigned char output[1000];
1249  unsigned char output_str[1000];
1250  unsigned char rnd_buf[1000];
1251  rsa_context ctx;
1252  size_t msg_len;
1253  rnd_buf_info info;
1254 
1255  info.length = unhexify( rnd_buf, "2285f40d770482f9a9efa2c72cb3ac55716dc0ca" );
1256  info.buf = rnd_buf;
1257 
1259  memset( message_str, 0x00, 1000 );
1260  memset( output, 0x00, 1000 );
1261  memset( output_str, 0x00, 1000 );
1262 
1263  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1264  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1265  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1266 
1267  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1268 
1269  msg_len = unhexify( message_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" );
1270 
1271  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1272  if( 0 == 0 )
1273  {
1274  hexify( output_str, output, ctx.len );
1275 
1276  fct_chk( strcasecmp( (char *) output_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" ) == 0 );
1277  }
1278  }
1279  FCT_TEST_END();
1280 
1281 
1282  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_4)
1283  {
1284  unsigned char message_str[1000];
1285  unsigned char output[1000];
1286  unsigned char output_str[1000];
1287  unsigned char rnd_buf[1000];
1288  rsa_context ctx;
1289  size_t msg_len;
1290  rnd_buf_info info;
1291 
1292  info.length = unhexify( rnd_buf, "49fa45d3a78dd10dfd577399d1eb00af7eed5513" );
1293  info.buf = rnd_buf;
1294 
1296  memset( message_str, 0x00, 1000 );
1297  memset( output, 0x00, 1000 );
1298  memset( output_str, 0x00, 1000 );
1299 
1300  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1301  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1302  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1303 
1304  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1305 
1306  msg_len = unhexify( message_str, "15c5b9ee1185" );
1307 
1308  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1309  if( 0 == 0 )
1310  {
1311  hexify( output_str, output, ctx.len );
1312 
1313  fct_chk( strcasecmp( (char *) output_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" ) == 0 );
1314  }
1315  }
1316  FCT_TEST_END();
1317 
1318 
1319  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_5)
1320  {
1321  unsigned char message_str[1000];
1322  unsigned char output[1000];
1323  unsigned char output_str[1000];
1324  unsigned char rnd_buf[1000];
1325  rsa_context ctx;
1326  size_t msg_len;
1327  rnd_buf_info info;
1328 
1329  info.length = unhexify( rnd_buf, "f0287413234cc5034724a094c4586b87aff133fc" );
1330  info.buf = rnd_buf;
1331 
1333  memset( message_str, 0x00, 1000 );
1334  memset( output, 0x00, 1000 );
1335  memset( output_str, 0x00, 1000 );
1336 
1337  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1338  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1339  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1340 
1341  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1342 
1343  msg_len = unhexify( message_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" );
1344 
1345  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1346  if( 0 == 0 )
1347  {
1348  hexify( output_str, output, ctx.len );
1349 
1350  fct_chk( strcasecmp( (char *) output_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" ) == 0 );
1351  }
1352  }
1353  FCT_TEST_END();
1354 
1355 
1356  FCT_TEST_BGN(rsaes_oaep_encryption_example_5_6)
1357  {
1358  unsigned char message_str[1000];
1359  unsigned char output[1000];
1360  unsigned char output_str[1000];
1361  unsigned char rnd_buf[1000];
1362  rsa_context ctx;
1363  size_t msg_len;
1364  rnd_buf_info info;
1365 
1366  info.length = unhexify( rnd_buf, "d9fba45c96f21e6e26d29eb2cdcb6585be9cb341" );
1367  info.buf = rnd_buf;
1368 
1370  memset( message_str, 0x00, 1000 );
1371  memset( output, 0x00, 1000 );
1372  memset( output_str, 0x00, 1000 );
1373 
1374  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
1375  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
1376  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1377 
1378  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1379 
1380  msg_len = unhexify( message_str, "541e37b68b6c8872b84c02" );
1381 
1382  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1383  if( 0 == 0 )
1384  {
1385  hexify( output_str, output, ctx.len );
1386 
1387  fct_chk( strcasecmp( (char *) output_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" ) == 0 );
1388  }
1389  }
1390  FCT_TEST_END();
1391 
1392 
1393  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_1)
1394  {
1395  unsigned char message_str[1000];
1396  unsigned char output[1000];
1397  unsigned char output_str[1000];
1398  unsigned char rnd_buf[1000];
1399  rsa_context ctx;
1400  size_t msg_len;
1401  rnd_buf_info info;
1402 
1403  info.length = unhexify( rnd_buf, "dd0f6cfe415e88e5a469a51fbba6dfd40adb4384" );
1404  info.buf = rnd_buf;
1405 
1407  memset( message_str, 0x00, 1000 );
1408  memset( output, 0x00, 1000 );
1409  memset( output_str, 0x00, 1000 );
1410 
1411  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1412  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1413  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1414 
1415  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1416 
1417  msg_len = unhexify( message_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" );
1418 
1419  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1420  if( 0 == 0 )
1421  {
1422  hexify( output_str, output, ctx.len );
1423 
1424  fct_chk( strcasecmp( (char *) output_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" ) == 0 );
1425  }
1426  }
1427  FCT_TEST_END();
1428 
1429 
1430  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_2)
1431  {
1432  unsigned char message_str[1000];
1433  unsigned char output[1000];
1434  unsigned char output_str[1000];
1435  unsigned char rnd_buf[1000];
1436  rsa_context ctx;
1437  size_t msg_len;
1438  rnd_buf_info info;
1439 
1440  info.length = unhexify( rnd_buf, "8d14bd946a1351148f5cae2ed9a0c653e85ebd85" );
1441  info.buf = rnd_buf;
1442 
1444  memset( message_str, 0x00, 1000 );
1445  memset( output, 0x00, 1000 );
1446  memset( output_str, 0x00, 1000 );
1447 
1448  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1449  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1450  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1451 
1452  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1453 
1454  msg_len = unhexify( message_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" );
1455 
1456  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1457  if( 0 == 0 )
1458  {
1459  hexify( output_str, output, ctx.len );
1460 
1461  fct_chk( strcasecmp( (char *) output_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" ) == 0 );
1462  }
1463  }
1464  FCT_TEST_END();
1465 
1466 
1467  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_3)
1468  {
1469  unsigned char message_str[1000];
1470  unsigned char output[1000];
1471  unsigned char output_str[1000];
1472  unsigned char rnd_buf[1000];
1473  rsa_context ctx;
1474  size_t msg_len;
1475  rnd_buf_info info;
1476 
1477  info.length = unhexify( rnd_buf, "6c075bc45520f165c0bf5ea4c5df191bc9ef0e44" );
1478  info.buf = rnd_buf;
1479 
1481  memset( message_str, 0x00, 1000 );
1482  memset( output, 0x00, 1000 );
1483  memset( output_str, 0x00, 1000 );
1484 
1485  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1486  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1487  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1488 
1489  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1490 
1491  msg_len = unhexify( message_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" );
1492 
1493  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1494  if( 0 == 0 )
1495  {
1496  hexify( output_str, output, ctx.len );
1497 
1498  fct_chk( strcasecmp( (char *) output_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" ) == 0 );
1499  }
1500  }
1501  FCT_TEST_END();
1502 
1503 
1504  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_4)
1505  {
1506  unsigned char message_str[1000];
1507  unsigned char output[1000];
1508  unsigned char output_str[1000];
1509  unsigned char rnd_buf[1000];
1510  rsa_context ctx;
1511  size_t msg_len;
1512  rnd_buf_info info;
1513 
1514  info.length = unhexify( rnd_buf, "3bbc3bd6637dfe12846901029bf5b0c07103439c" );
1515  info.buf = rnd_buf;
1516 
1518  memset( message_str, 0x00, 1000 );
1519  memset( output, 0x00, 1000 );
1520  memset( output_str, 0x00, 1000 );
1521 
1522  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1523  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1524  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1525 
1526  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1527 
1528  msg_len = unhexify( message_str, "684e3038c5c041f7" );
1529 
1530  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1531  if( 0 == 0 )
1532  {
1533  hexify( output_str, output, ctx.len );
1534 
1535  fct_chk( strcasecmp( (char *) output_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" ) == 0 );
1536  }
1537  }
1538  FCT_TEST_END();
1539 
1540 
1541  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_5)
1542  {
1543  unsigned char message_str[1000];
1544  unsigned char output[1000];
1545  unsigned char output_str[1000];
1546  unsigned char rnd_buf[1000];
1547  rsa_context ctx;
1548  size_t msg_len;
1549  rnd_buf_info info;
1550 
1551  info.length = unhexify( rnd_buf, "b46b41893e8bef326f6759383a83071dae7fcabc" );
1552  info.buf = rnd_buf;
1553 
1555  memset( message_str, 0x00, 1000 );
1556  memset( output, 0x00, 1000 );
1557  memset( output_str, 0x00, 1000 );
1558 
1559  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1560  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1561  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1562 
1563  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1564 
1565  msg_len = unhexify( message_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" );
1566 
1567  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1568  if( 0 == 0 )
1569  {
1570  hexify( output_str, output, ctx.len );
1571 
1572  fct_chk( strcasecmp( (char *) output_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" ) == 0 );
1573  }
1574  }
1575  FCT_TEST_END();
1576 
1577 
1578  FCT_TEST_BGN(rsaes_oaep_encryption_example_6_6)
1579  {
1580  unsigned char message_str[1000];
1581  unsigned char output[1000];
1582  unsigned char output_str[1000];
1583  unsigned char rnd_buf[1000];
1584  rsa_context ctx;
1585  size_t msg_len;
1586  rnd_buf_info info;
1587 
1588  info.length = unhexify( rnd_buf, "0a2403312a41e3d52f060fbc13a67de5cf7609a7" );
1589  info.buf = rnd_buf;
1590 
1592  memset( message_str, 0x00, 1000 );
1593  memset( output, 0x00, 1000 );
1594  memset( output_str, 0x00, 1000 );
1595 
1596  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
1597  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
1598  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1599 
1600  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1601 
1602  msg_len = unhexify( message_str, "50ba14be8462720279c306ba" );
1603 
1604  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1605  if( 0 == 0 )
1606  {
1607  hexify( output_str, output, ctx.len );
1608 
1609  fct_chk( strcasecmp( (char *) output_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" ) == 0 );
1610  }
1611  }
1612  FCT_TEST_END();
1613 
1614 
1615  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_1)
1616  {
1617  unsigned char message_str[1000];
1618  unsigned char output[1000];
1619  unsigned char output_str[1000];
1620  unsigned char rnd_buf[1000];
1621  rsa_context ctx;
1622  size_t msg_len;
1623  rnd_buf_info info;
1624 
1625  info.length = unhexify( rnd_buf, "43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f" );
1626  info.buf = rnd_buf;
1627 
1629  memset( message_str, 0x00, 1000 );
1630  memset( output, 0x00, 1000 );
1631  memset( output_str, 0x00, 1000 );
1632 
1633  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1634  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1635  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1636 
1637  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1638 
1639  msg_len = unhexify( message_str, "47aae909" );
1640 
1641  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1642  if( 0 == 0 )
1643  {
1644  hexify( output_str, output, ctx.len );
1645 
1646  fct_chk( strcasecmp( (char *) output_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" ) == 0 );
1647  }
1648  }
1649  FCT_TEST_END();
1650 
1651 
1652  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_2)
1653  {
1654  unsigned char message_str[1000];
1655  unsigned char output[1000];
1656  unsigned char output_str[1000];
1657  unsigned char rnd_buf[1000];
1658  rsa_context ctx;
1659  size_t msg_len;
1660  rnd_buf_info info;
1661 
1662  info.length = unhexify( rnd_buf, "3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b" );
1663  info.buf = rnd_buf;
1664 
1666  memset( message_str, 0x00, 1000 );
1667  memset( output, 0x00, 1000 );
1668  memset( output_str, 0x00, 1000 );
1669 
1670  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1671  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1672  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1673 
1674  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1675 
1676  msg_len = unhexify( message_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" );
1677 
1678  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1679  if( 0 == 0 )
1680  {
1681  hexify( output_str, output, ctx.len );
1682 
1683  fct_chk( strcasecmp( (char *) output_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" ) == 0 );
1684  }
1685  }
1686  FCT_TEST_END();
1687 
1688 
1689  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_3)
1690  {
1691  unsigned char message_str[1000];
1692  unsigned char output[1000];
1693  unsigned char output_str[1000];
1694  unsigned char rnd_buf[1000];
1695  rsa_context ctx;
1696  size_t msg_len;
1697  rnd_buf_info info;
1698 
1699  info.length = unhexify( rnd_buf, "76a75e5b6157a556cf8884bb2e45c293dd545cf5" );
1700  info.buf = rnd_buf;
1701 
1703  memset( message_str, 0x00, 1000 );
1704  memset( output, 0x00, 1000 );
1705  memset( output_str, 0x00, 1000 );
1706 
1707  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1708  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1709  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1710 
1711  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1712 
1713  msg_len = unhexify( message_str, "d976fc" );
1714 
1715  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1716  if( 0 == 0 )
1717  {
1718  hexify( output_str, output, ctx.len );
1719 
1720  fct_chk( strcasecmp( (char *) output_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" ) == 0 );
1721  }
1722  }
1723  FCT_TEST_END();
1724 
1725 
1726  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_4)
1727  {
1728  unsigned char message_str[1000];
1729  unsigned char output[1000];
1730  unsigned char output_str[1000];
1731  unsigned char rnd_buf[1000];
1732  rsa_context ctx;
1733  size_t msg_len;
1734  rnd_buf_info info;
1735 
1736  info.length = unhexify( rnd_buf, "7866314a6ad6f2b250a35941db28f5864b585859" );
1737  info.buf = rnd_buf;
1738 
1740  memset( message_str, 0x00, 1000 );
1741  memset( output, 0x00, 1000 );
1742  memset( output_str, 0x00, 1000 );
1743 
1744  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1745  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1746  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1747 
1748  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1749 
1750  msg_len = unhexify( message_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" );
1751 
1752  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1753  if( 0 == 0 )
1754  {
1755  hexify( output_str, output, ctx.len );
1756 
1757  fct_chk( strcasecmp( (char *) output_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" ) == 0 );
1758  }
1759  }
1760  FCT_TEST_END();
1761 
1762 
1763  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_5)
1764  {
1765  unsigned char message_str[1000];
1766  unsigned char output[1000];
1767  unsigned char output_str[1000];
1768  unsigned char rnd_buf[1000];
1769  rsa_context ctx;
1770  size_t msg_len;
1771  rnd_buf_info info;
1772 
1773  info.length = unhexify( rnd_buf, "b2166ed472d58db10cab2c6b000cccf10a7dc509" );
1774  info.buf = rnd_buf;
1775 
1777  memset( message_str, 0x00, 1000 );
1778  memset( output, 0x00, 1000 );
1779  memset( output_str, 0x00, 1000 );
1780 
1781  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1782  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1783  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1784 
1785  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1786 
1787  msg_len = unhexify( message_str, "bb47231ca5ea1d3ad46c99345d9a8a61" );
1788 
1789  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1790  if( 0 == 0 )
1791  {
1792  hexify( output_str, output, ctx.len );
1793 
1794  fct_chk( strcasecmp( (char *) output_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" ) == 0 );
1795  }
1796  }
1797  FCT_TEST_END();
1798 
1799 
1800  FCT_TEST_BGN(rsaes_oaep_encryption_example_7_6)
1801  {
1802  unsigned char message_str[1000];
1803  unsigned char output[1000];
1804  unsigned char output_str[1000];
1805  unsigned char rnd_buf[1000];
1806  rsa_context ctx;
1807  size_t msg_len;
1808  rnd_buf_info info;
1809 
1810  info.length = unhexify( rnd_buf, "52673bde2ca166c2aa46131ac1dc808d67d7d3b1" );
1811  info.buf = rnd_buf;
1812 
1814  memset( message_str, 0x00, 1000 );
1815  memset( output, 0x00, 1000 );
1816  memset( output_str, 0x00, 1000 );
1817 
1818  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
1819  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
1820  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1821 
1822  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1823 
1824  msg_len = unhexify( message_str, "2184827095d35c3f86f600e8e59754013296" );
1825 
1826  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1827  if( 0 == 0 )
1828  {
1829  hexify( output_str, output, ctx.len );
1830 
1831  fct_chk( strcasecmp( (char *) output_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" ) == 0 );
1832  }
1833  }
1834  FCT_TEST_END();
1835 
1836 
1837  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_1)
1838  {
1839  unsigned char message_str[1000];
1840  unsigned char output[1000];
1841  unsigned char output_str[1000];
1842  unsigned char rnd_buf[1000];
1843  rsa_context ctx;
1844  size_t msg_len;
1845  rnd_buf_info info;
1846 
1847  info.length = unhexify( rnd_buf, "7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125" );
1848  info.buf = rnd_buf;
1849 
1851  memset( message_str, 0x00, 1000 );
1852  memset( output, 0x00, 1000 );
1853  memset( output_str, 0x00, 1000 );
1854 
1855  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
1856  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
1857  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1858 
1859  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1860 
1861  msg_len = unhexify( message_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" );
1862 
1863  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1864  if( 0 == 0 )
1865  {
1866  hexify( output_str, output, ctx.len );
1867 
1868  fct_chk( strcasecmp( (char *) output_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" ) == 0 );
1869  }
1870  }
1871  FCT_TEST_END();
1872 
1873 
1874  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_2)
1875  {
1876  unsigned char message_str[1000];
1877  unsigned char output[1000];
1878  unsigned char output_str[1000];
1879  unsigned char rnd_buf[1000];
1880  rsa_context ctx;
1881  size_t msg_len;
1882  rnd_buf_info info;
1883 
1884  info.length = unhexify( rnd_buf, "a3717da143b4dcffbc742665a8fa950585548343" );
1885  info.buf = rnd_buf;
1886 
1888  memset( message_str, 0x00, 1000 );
1889  memset( output, 0x00, 1000 );
1890  memset( output_str, 0x00, 1000 );
1891 
1892  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
1893  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
1894  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1895 
1896  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1897 
1898  msg_len = unhexify( message_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" );
1899 
1900  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1901  if( 0 == 0 )
1902  {
1903  hexify( output_str, output, ctx.len );
1904 
1905  fct_chk( strcasecmp( (char *) output_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" ) == 0 );
1906  }
1907  }
1908  FCT_TEST_END();
1909 
1910 
1911  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_3)
1912  {
1913  unsigned char message_str[1000];
1914  unsigned char output[1000];
1915  unsigned char output_str[1000];
1916  unsigned char rnd_buf[1000];
1917  rsa_context ctx;
1918  size_t msg_len;
1919  rnd_buf_info info;
1920 
1921  info.length = unhexify( rnd_buf, "ee06209073cca026bb264e5185bf8c68b7739f86" );
1922  info.buf = rnd_buf;
1923 
1925  memset( message_str, 0x00, 1000 );
1926  memset( output, 0x00, 1000 );
1927  memset( output_str, 0x00, 1000 );
1928 
1929  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
1930  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
1931  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1932 
1933  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1934 
1935  msg_len = unhexify( message_str, "8604ac56328c1ab5ad917861" );
1936 
1937  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1938  if( 0 == 0 )
1939  {
1940  hexify( output_str, output, ctx.len );
1941 
1942  fct_chk( strcasecmp( (char *) output_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" ) == 0 );
1943  }
1944  }
1945  FCT_TEST_END();
1946 
1947 
1948  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_4)
1949  {
1950  unsigned char message_str[1000];
1951  unsigned char output[1000];
1952  unsigned char output_str[1000];
1953  unsigned char rnd_buf[1000];
1954  rsa_context ctx;
1955  size_t msg_len;
1956  rnd_buf_info info;
1957 
1958  info.length = unhexify( rnd_buf, "990ad573dc48a973235b6d82543618f2e955105d" );
1959  info.buf = rnd_buf;
1960 
1962  memset( message_str, 0x00, 1000 );
1963  memset( output, 0x00, 1000 );
1964  memset( output_str, 0x00, 1000 );
1965 
1966  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
1967  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
1968  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
1969 
1970  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
1971 
1972  msg_len = unhexify( message_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" );
1973 
1974  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
1975  if( 0 == 0 )
1976  {
1977  hexify( output_str, output, ctx.len );
1978 
1979  fct_chk( strcasecmp( (char *) output_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" ) == 0 );
1980  }
1981  }
1982  FCT_TEST_END();
1983 
1984 
1985  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_5)
1986  {
1987  unsigned char message_str[1000];
1988  unsigned char output[1000];
1989  unsigned char output_str[1000];
1990  unsigned char rnd_buf[1000];
1991  rsa_context ctx;
1992  size_t msg_len;
1993  rnd_buf_info info;
1994 
1995  info.length = unhexify( rnd_buf, "ecc63b28f0756f22f52ac8e6ec1251a6ec304718" );
1996  info.buf = rnd_buf;
1997 
1999  memset( message_str, 0x00, 1000 );
2000  memset( output, 0x00, 1000 );
2001  memset( output_str, 0x00, 1000 );
2002 
2003  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2004  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2005  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2006 
2007  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2008 
2009  msg_len = unhexify( message_str, "4a5f4914bee25de3c69341de07" );
2010 
2011  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2012  if( 0 == 0 )
2013  {
2014  hexify( output_str, output, ctx.len );
2015 
2016  fct_chk( strcasecmp( (char *) output_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" ) == 0 );
2017  }
2018  }
2019  FCT_TEST_END();
2020 
2021 
2022  FCT_TEST_BGN(rsaes_oaep_encryption_example_8_6)
2023  {
2024  unsigned char message_str[1000];
2025  unsigned char output[1000];
2026  unsigned char output_str[1000];
2027  unsigned char rnd_buf[1000];
2028  rsa_context ctx;
2029  size_t msg_len;
2030  rnd_buf_info info;
2031 
2032  info.length = unhexify( rnd_buf, "3925c71b362d40a0a6de42145579ba1e7dd459fc" );
2033  info.buf = rnd_buf;
2034 
2036  memset( message_str, 0x00, 1000 );
2037  memset( output, 0x00, 1000 );
2038  memset( output_str, 0x00, 1000 );
2039 
2040  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
2041  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
2042  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2043 
2044  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2045 
2046  msg_len = unhexify( message_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" );
2047 
2048  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2049  if( 0 == 0 )
2050  {
2051  hexify( output_str, output, ctx.len );
2052 
2053  fct_chk( strcasecmp( (char *) output_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" ) == 0 );
2054  }
2055  }
2056  FCT_TEST_END();
2057 
2058 
2059  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_1)
2060  {
2061  unsigned char message_str[1000];
2062  unsigned char output[1000];
2063  unsigned char output_str[1000];
2064  unsigned char rnd_buf[1000];
2065  rsa_context ctx;
2066  size_t msg_len;
2067  rnd_buf_info info;
2068 
2069  info.length = unhexify( rnd_buf, "8ec965f134a3ec9931e92a1ca0dc8169d5ea705c" );
2070  info.buf = rnd_buf;
2071 
2073  memset( message_str, 0x00, 1000 );
2074  memset( output, 0x00, 1000 );
2075  memset( output_str, 0x00, 1000 );
2076 
2077  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2078  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2079  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2080 
2081  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2082 
2083  msg_len = unhexify( message_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" );
2084 
2085  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2086  if( 0 == 0 )
2087  {
2088  hexify( output_str, output, ctx.len );
2089 
2090  fct_chk( strcasecmp( (char *) output_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" ) == 0 );
2091  }
2092  }
2093  FCT_TEST_END();
2094 
2095 
2096  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_2)
2097  {
2098  unsigned char message_str[1000];
2099  unsigned char output[1000];
2100  unsigned char output_str[1000];
2101  unsigned char rnd_buf[1000];
2102  rsa_context ctx;
2103  size_t msg_len;
2104  rnd_buf_info info;
2105 
2106  info.length = unhexify( rnd_buf, "ecb1b8b25fa50cdab08e56042867f4af5826d16c" );
2107  info.buf = rnd_buf;
2108 
2110  memset( message_str, 0x00, 1000 );
2111  memset( output, 0x00, 1000 );
2112  memset( output_str, 0x00, 1000 );
2113 
2114  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2115  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2116  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2117 
2118  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2119 
2120  msg_len = unhexify( message_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" );
2121 
2122  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2123  if( 0 == 0 )
2124  {
2125  hexify( output_str, output, ctx.len );
2126 
2127  fct_chk( strcasecmp( (char *) output_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" ) == 0 );
2128  }
2129  }
2130  FCT_TEST_END();
2131 
2132 
2133  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_3)
2134  {
2135  unsigned char message_str[1000];
2136  unsigned char output[1000];
2137  unsigned char output_str[1000];
2138  unsigned char rnd_buf[1000];
2139  rsa_context ctx;
2140  size_t msg_len;
2141  rnd_buf_info info;
2142 
2143  info.length = unhexify( rnd_buf, "e89bb032c6ce622cbdb53bc9466014ea77f777c0" );
2144  info.buf = rnd_buf;
2145 
2147  memset( message_str, 0x00, 1000 );
2148  memset( output, 0x00, 1000 );
2149  memset( output_str, 0x00, 1000 );
2150 
2151  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2152  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2153  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2154 
2155  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2156 
2157  msg_len = unhexify( message_str, "fd326429df9b890e09b54b18b8f34f1e24" );
2158 
2159  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2160  if( 0 == 0 )
2161  {
2162  hexify( output_str, output, ctx.len );
2163 
2164  fct_chk( strcasecmp( (char *) output_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" ) == 0 );
2165  }
2166  }
2167  FCT_TEST_END();
2168 
2169 
2170  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_4)
2171  {
2172  unsigned char message_str[1000];
2173  unsigned char output[1000];
2174  unsigned char output_str[1000];
2175  unsigned char rnd_buf[1000];
2176  rsa_context ctx;
2177  size_t msg_len;
2178  rnd_buf_info info;
2179 
2180  info.length = unhexify( rnd_buf, "606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc" );
2181  info.buf = rnd_buf;
2182 
2184  memset( message_str, 0x00, 1000 );
2185  memset( output, 0x00, 1000 );
2186  memset( output_str, 0x00, 1000 );
2187 
2188  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2189  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2190  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2191 
2192  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2193 
2194  msg_len = unhexify( message_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" );
2195 
2196  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2197  if( 0 == 0 )
2198  {
2199  hexify( output_str, output, ctx.len );
2200 
2201  fct_chk( strcasecmp( (char *) output_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" ) == 0 );
2202  }
2203  }
2204  FCT_TEST_END();
2205 
2206 
2207  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_5)
2208  {
2209  unsigned char message_str[1000];
2210  unsigned char output[1000];
2211  unsigned char output_str[1000];
2212  unsigned char rnd_buf[1000];
2213  rsa_context ctx;
2214  size_t msg_len;
2215  rnd_buf_info info;
2216 
2217  info.length = unhexify( rnd_buf, "fcbc421402e9ecabc6082afa40ba5f26522c840e" );
2218  info.buf = rnd_buf;
2219 
2221  memset( message_str, 0x00, 1000 );
2222  memset( output, 0x00, 1000 );
2223  memset( output_str, 0x00, 1000 );
2224 
2225  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2226  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2227  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2228 
2229  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2230 
2231  msg_len = unhexify( message_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" );
2232 
2233  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2234  if( 0 == 0 )
2235  {
2236  hexify( output_str, output, ctx.len );
2237 
2238  fct_chk( strcasecmp( (char *) output_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" ) == 0 );
2239  }
2240  }
2241  FCT_TEST_END();
2242 
2243 
2244  FCT_TEST_BGN(rsaes_oaep_encryption_example_9_6)
2245  {
2246  unsigned char message_str[1000];
2247  unsigned char output[1000];
2248  unsigned char output_str[1000];
2249  unsigned char rnd_buf[1000];
2250  rsa_context ctx;
2251  size_t msg_len;
2252  rnd_buf_info info;
2253 
2254  info.length = unhexify( rnd_buf, "23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2" );
2255  info.buf = rnd_buf;
2256 
2258  memset( message_str, 0x00, 1000 );
2259  memset( output, 0x00, 1000 );
2260  memset( output_str, 0x00, 1000 );
2261 
2262  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
2263  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
2264  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2265 
2266  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2267 
2268  msg_len = unhexify( message_str, "b6b28ea2198d0c1008bc64" );
2269 
2270  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2271  if( 0 == 0 )
2272  {
2273  hexify( output_str, output, ctx.len );
2274 
2275  fct_chk( strcasecmp( (char *) output_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" ) == 0 );
2276  }
2277  }
2278  FCT_TEST_END();
2279 
2280 
2281  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_1)
2282  {
2283  unsigned char message_str[1000];
2284  unsigned char output[1000];
2285  unsigned char output_str[1000];
2286  unsigned char rnd_buf[1000];
2287  rsa_context ctx;
2288  size_t msg_len;
2289  rnd_buf_info info;
2290 
2291  info.length = unhexify( rnd_buf, "47e1ab7119fee56c95ee5eaad86f40d0aa63bd33" );
2292  info.buf = rnd_buf;
2293 
2295  memset( message_str, 0x00, 1000 );
2296  memset( output, 0x00, 1000 );
2297  memset( output_str, 0x00, 1000 );
2298 
2299  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2300  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2301  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2302 
2303  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2304 
2305  msg_len = unhexify( message_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" );
2306 
2307  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2308  if( 0 == 0 )
2309  {
2310  hexify( output_str, output, ctx.len );
2311 
2312  fct_chk( strcasecmp( (char *) output_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" ) == 0 );
2313  }
2314  }
2315  FCT_TEST_END();
2316 
2317 
2318  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_2)
2319  {
2320  unsigned char message_str[1000];
2321  unsigned char output[1000];
2322  unsigned char output_str[1000];
2323  unsigned char rnd_buf[1000];
2324  rsa_context ctx;
2325  size_t msg_len;
2326  rnd_buf_info info;
2327 
2328  info.length = unhexify( rnd_buf, "6d17f5b4c1ffac351d195bf7b09d09f09a4079cf" );
2329  info.buf = rnd_buf;
2330 
2332  memset( message_str, 0x00, 1000 );
2333  memset( output, 0x00, 1000 );
2334  memset( output_str, 0x00, 1000 );
2335 
2336  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2337  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2338  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2339 
2340  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2341 
2342  msg_len = unhexify( message_str, "e6ad181f053b58a904f2457510373e57" );
2343 
2344  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2345  if( 0 == 0 )
2346  {
2347  hexify( output_str, output, ctx.len );
2348 
2349  fct_chk( strcasecmp( (char *) output_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" ) == 0 );
2350  }
2351  }
2352  FCT_TEST_END();
2353 
2354 
2355  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_3)
2356  {
2357  unsigned char message_str[1000];
2358  unsigned char output[1000];
2359  unsigned char output_str[1000];
2360  unsigned char rnd_buf[1000];
2361  rsa_context ctx;
2362  size_t msg_len;
2363  rnd_buf_info info;
2364 
2365  info.length = unhexify( rnd_buf, "385387514deccc7c740dd8cdf9daee49a1cbfd54" );
2366  info.buf = rnd_buf;
2367 
2369  memset( message_str, 0x00, 1000 );
2370  memset( output, 0x00, 1000 );
2371  memset( output_str, 0x00, 1000 );
2372 
2373  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2374  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2375  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2376 
2377  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2378 
2379  msg_len = unhexify( message_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" );
2380 
2381  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2382  if( 0 == 0 )
2383  {
2384  hexify( output_str, output, ctx.len );
2385 
2386  fct_chk( strcasecmp( (char *) output_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" ) == 0 );
2387  }
2388  }
2389  FCT_TEST_END();
2390 
2391 
2392  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_4)
2393  {
2394  unsigned char message_str[1000];
2395  unsigned char output[1000];
2396  unsigned char output_str[1000];
2397  unsigned char rnd_buf[1000];
2398  rsa_context ctx;
2399  size_t msg_len;
2400  rnd_buf_info info;
2401 
2402  info.length = unhexify( rnd_buf, "5caca6a0f764161a9684f85d92b6e0ef37ca8b65" );
2403  info.buf = rnd_buf;
2404 
2406  memset( message_str, 0x00, 1000 );
2407  memset( output, 0x00, 1000 );
2408  memset( output_str, 0x00, 1000 );
2409 
2410  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2411  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2412  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2413 
2414  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2415 
2416  msg_len = unhexify( message_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" );
2417 
2418  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2419  if( 0 == 0 )
2420  {
2421  hexify( output_str, output, ctx.len );
2422 
2423  fct_chk( strcasecmp( (char *) output_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" ) == 0 );
2424  }
2425  }
2426  FCT_TEST_END();
2427 
2428 
2429  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_5)
2430  {
2431  unsigned char message_str[1000];
2432  unsigned char output[1000];
2433  unsigned char output_str[1000];
2434  unsigned char rnd_buf[1000];
2435  rsa_context ctx;
2436  size_t msg_len;
2437  rnd_buf_info info;
2438 
2439  info.length = unhexify( rnd_buf, "95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4" );
2440  info.buf = rnd_buf;
2441 
2443  memset( message_str, 0x00, 1000 );
2444  memset( output, 0x00, 1000 );
2445  memset( output_str, 0x00, 1000 );
2446 
2447  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2448  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2449  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2450 
2451  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2452 
2453  msg_len = unhexify( message_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" );
2454 
2455  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2456  if( 0 == 0 )
2457  {
2458  hexify( output_str, output, ctx.len );
2459 
2460  fct_chk( strcasecmp( (char *) output_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" ) == 0 );
2461  }
2462  }
2463  FCT_TEST_END();
2464 
2465 
2466  FCT_TEST_BGN(rsaes_oaep_encryption_example_10_6)
2467  {
2468  unsigned char message_str[1000];
2469  unsigned char output[1000];
2470  unsigned char output_str[1000];
2471  unsigned char rnd_buf[1000];
2472  rsa_context ctx;
2473  size_t msg_len;
2474  rnd_buf_info info;
2475 
2476  info.length = unhexify( rnd_buf, "9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32" );
2477  info.buf = rnd_buf;
2478 
2480  memset( message_str, 0x00, 1000 );
2481  memset( output, 0x00, 1000 );
2482  memset( output_str, 0x00, 1000 );
2483 
2484  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
2485  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
2486  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2487 
2488  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
2489 
2490  msg_len = unhexify( message_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" );
2491 
2492  fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
2493  if( 0 == 0 )
2494  {
2495  hexify( output_str, output, ctx.len );
2496 
2497  fct_chk( strcasecmp( (char *) output_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" ) == 0 );
2498  }
2499  }
2500  FCT_TEST_END();
2501 
2502 
2503  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_int)
2504  {
2505  unsigned char message_str[1000];
2506  unsigned char output[1000];
2507  unsigned char output_str[1000];
2508  rsa_context ctx;
2509  mpi P1, Q1, H, G;
2510  size_t output_len;
2511 
2512  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2514 
2515  memset( message_str, 0x00, 1000 );
2516  memset( output, 0x00, 1000 );
2517  memset( output_str, 0x00, 1000 );
2518 
2519  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2520  fct_chk( mpi_read_string( &ctx.P, 16, "eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599" ) == 0 );
2521  fct_chk( mpi_read_string( &ctx.Q, 16, "c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503" ) == 0 );
2522  fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
2523  fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
2524 
2525  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2526  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2527  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2528  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2529  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2530  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2531  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2532  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2533 
2534  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2535 
2536  unhexify( message_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" );
2537 
2538  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2539  if( 0 == 0 )
2540  {
2541  hexify( output_str, output, ctx.len );
2542 
2543  fct_chk( strncasecmp( (char *) output_str, "d436e99569fd32a7c8a05bbc90d32c49", strlen( "d436e99569fd32a7c8a05bbc90d32c49" ) ) == 0 );
2544  }
2545 
2546  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2547  }
2548  FCT_TEST_END();
2549 
2550 
2551  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_1)
2552  {
2553  unsigned char message_str[1000];
2554  unsigned char output[1000];
2555  unsigned char output_str[1000];
2556  rsa_context ctx;
2557  mpi P1, Q1, H, G;
2558  size_t output_len;
2559 
2560  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2562 
2563  memset( message_str, 0x00, 1000 );
2564  memset( output, 0x00, 1000 );
2565  memset( output_str, 0x00, 1000 );
2566 
2567  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2568  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2569  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2570  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2571  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2572 
2573  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2574  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2575  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2576  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2577  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2578  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2579  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2580  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2581 
2582  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2583 
2584  unhexify( message_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" );
2585 
2586  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2587  if( 0 == 0 )
2588  {
2589  hexify( output_str, output, ctx.len );
2590 
2591  fct_chk( strncasecmp( (char *) output_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34", strlen( "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" ) ) == 0 );
2592  }
2593 
2594  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2595  }
2596  FCT_TEST_END();
2597 
2598 
2599  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_2)
2600  {
2601  unsigned char message_str[1000];
2602  unsigned char output[1000];
2603  unsigned char output_str[1000];
2604  rsa_context ctx;
2605  mpi P1, Q1, H, G;
2606  size_t output_len;
2607 
2608  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2610 
2611  memset( message_str, 0x00, 1000 );
2612  memset( output, 0x00, 1000 );
2613  memset( output_str, 0x00, 1000 );
2614 
2615  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2616  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2617  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2618  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2619  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2620 
2621  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2622  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2623  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2624  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2625  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2626  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2627  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2628  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2629 
2630  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2631 
2632  unhexify( message_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" );
2633 
2634  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2635  if( 0 == 0 )
2636  {
2637  hexify( output_str, output, ctx.len );
2638 
2639  fct_chk( strncasecmp( (char *) output_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5", strlen( "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" ) ) == 0 );
2640  }
2641 
2642  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2643  }
2644  FCT_TEST_END();
2645 
2646 
2647  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_3)
2648  {
2649  unsigned char message_str[1000];
2650  unsigned char output[1000];
2651  unsigned char output_str[1000];
2652  rsa_context ctx;
2653  mpi P1, Q1, H, G;
2654  size_t output_len;
2655 
2656  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2658 
2659  memset( message_str, 0x00, 1000 );
2660  memset( output, 0x00, 1000 );
2661  memset( output_str, 0x00, 1000 );
2662 
2663  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2664  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2665  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2666  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2667  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2668 
2669  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2670  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2671  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2672  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2673  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2674  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2675  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2676  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2677 
2678  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2679 
2680  unhexify( message_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" );
2681 
2682  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2683  if( 0 == 0 )
2684  {
2685  hexify( output_str, output, ctx.len );
2686 
2687  fct_chk( strncasecmp( (char *) output_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051", strlen( "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" ) ) == 0 );
2688  }
2689 
2690  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2691  }
2692  FCT_TEST_END();
2693 
2694 
2695  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_4)
2696  {
2697  unsigned char message_str[1000];
2698  unsigned char output[1000];
2699  unsigned char output_str[1000];
2700  rsa_context ctx;
2701  mpi P1, Q1, H, G;
2702  size_t output_len;
2703 
2704  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2706 
2707  memset( message_str, 0x00, 1000 );
2708  memset( output, 0x00, 1000 );
2709  memset( output_str, 0x00, 1000 );
2710 
2711  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2712  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2713  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2714  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2715  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2716 
2717  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2718  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2719  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2720  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2721  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2722  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2723  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2724  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2725 
2726  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2727 
2728  unhexify( message_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" );
2729 
2730  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2731  if( 0 == 0 )
2732  {
2733  hexify( output_str, output, ctx.len );
2734 
2735  fct_chk( strncasecmp( (char *) output_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85", strlen( "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" ) ) == 0 );
2736  }
2737 
2738  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2739  }
2740  FCT_TEST_END();
2741 
2742 
2743  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_5)
2744  {
2745  unsigned char message_str[1000];
2746  unsigned char output[1000];
2747  unsigned char output_str[1000];
2748  rsa_context ctx;
2749  mpi P1, Q1, H, G;
2750  size_t output_len;
2751 
2752  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2754 
2755  memset( message_str, 0x00, 1000 );
2756  memset( output, 0x00, 1000 );
2757  memset( output_str, 0x00, 1000 );
2758 
2759  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2760  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2761  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2762  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2763  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2764 
2765  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2766  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2767  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2768  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2769  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2770  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2771  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2772  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2773 
2774  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2775 
2776  unhexify( message_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" );
2777 
2778  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2779  if( 0 == 0 )
2780  {
2781  hexify( output_str, output, ctx.len );
2782 
2783  fct_chk( strncasecmp( (char *) output_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802", strlen( "8da89fd9e5f974a29feffb462b49180f6cf9e802" ) ) == 0 );
2784  }
2785 
2786  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2787  }
2788  FCT_TEST_END();
2789 
2790 
2791  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_6)
2792  {
2793  unsigned char message_str[1000];
2794  unsigned char output[1000];
2795  unsigned char output_str[1000];
2796  rsa_context ctx;
2797  mpi P1, Q1, H, G;
2798  size_t output_len;
2799 
2800  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2802 
2803  memset( message_str, 0x00, 1000 );
2804  memset( output, 0x00, 1000 );
2805  memset( output_str, 0x00, 1000 );
2806 
2807  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
2808  fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
2809  fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
2810  fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
2811  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2812 
2813  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2814  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2815  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2816  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2817  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2818  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2819  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2820  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2821 
2822  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2823 
2824  unhexify( message_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" );
2825 
2826  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2827  if( 0 == 0 )
2828  {
2829  hexify( output_str, output, ctx.len );
2830 
2831  fct_chk( strncasecmp( (char *) output_str, "26521050844271", strlen( "26521050844271" ) ) == 0 );
2832  }
2833 
2834  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2835  }
2836  FCT_TEST_END();
2837 
2838 
2839  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_1)
2840  {
2841  unsigned char message_str[1000];
2842  unsigned char output[1000];
2843  unsigned char output_str[1000];
2844  rsa_context ctx;
2845  mpi P1, Q1, H, G;
2846  size_t output_len;
2847 
2848  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2850 
2851  memset( message_str, 0x00, 1000 );
2852  memset( output, 0x00, 1000 );
2853  memset( output_str, 0x00, 1000 );
2854 
2855  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
2856  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
2857  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
2858  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
2859  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2860 
2861  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2862  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2863  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2864  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2865  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2866  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2867  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2868  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2869 
2870  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2871 
2872  unhexify( message_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" );
2873 
2874  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2875  if( 0 == 0 )
2876  {
2877  hexify( output_str, output, ctx.len );
2878 
2879  fct_chk( strncasecmp( (char *) output_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7", strlen( "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" ) ) == 0 );
2880  }
2881 
2882  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2883  }
2884  FCT_TEST_END();
2885 
2886 
2887  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_2)
2888  {
2889  unsigned char message_str[1000];
2890  unsigned char output[1000];
2891  unsigned char output_str[1000];
2892  rsa_context ctx;
2893  mpi P1, Q1, H, G;
2894  size_t output_len;
2895 
2896  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2898 
2899  memset( message_str, 0x00, 1000 );
2900  memset( output, 0x00, 1000 );
2901  memset( output_str, 0x00, 1000 );
2902 
2903  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
2904  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
2905  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
2906  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
2907  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2908 
2909  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2910  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2911  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2912  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2913  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2914  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2915  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2916  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2917 
2918  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2919 
2920  unhexify( message_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" );
2921 
2922  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2923  if( 0 == 0 )
2924  {
2925  hexify( output_str, output, ctx.len );
2926 
2927  fct_chk( strncasecmp( (char *) output_str, "2d", strlen( "2d" ) ) == 0 );
2928  }
2929 
2930  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2931  }
2932  FCT_TEST_END();
2933 
2934 
2935  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_3)
2936  {
2937  unsigned char message_str[1000];
2938  unsigned char output[1000];
2939  unsigned char output_str[1000];
2940  rsa_context ctx;
2941  mpi P1, Q1, H, G;
2942  size_t output_len;
2943 
2944  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2946 
2947  memset( message_str, 0x00, 1000 );
2948  memset( output, 0x00, 1000 );
2949  memset( output_str, 0x00, 1000 );
2950 
2951  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
2952  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
2953  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
2954  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
2955  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
2956 
2957  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
2958  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
2959  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
2960  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
2961  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
2962  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
2963  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
2964  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
2965 
2966  fct_chk( rsa_check_privkey( &ctx ) == 0 );
2967 
2968  unhexify( message_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" );
2969 
2970  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
2971  if( 0 == 0 )
2972  {
2973  hexify( output_str, output, ctx.len );
2974 
2975  fct_chk( strncasecmp( (char *) output_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e", strlen( "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" ) ) == 0 );
2976  }
2977 
2978  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
2979  }
2980  FCT_TEST_END();
2981 
2982 
2983  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_4)
2984  {
2985  unsigned char message_str[1000];
2986  unsigned char output[1000];
2987  unsigned char output_str[1000];
2988  rsa_context ctx;
2989  mpi P1, Q1, H, G;
2990  size_t output_len;
2991 
2992  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
2994 
2995  memset( message_str, 0x00, 1000 );
2996  memset( output, 0x00, 1000 );
2997  memset( output_str, 0x00, 1000 );
2998 
2999  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3000  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3001  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3002  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3003  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3004 
3005  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3006  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3007  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3008  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3009  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3010  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3011  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3012  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3013 
3014  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3015 
3016  unhexify( message_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" );
3017 
3018  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3019  if( 0 == 0 )
3020  {
3021  hexify( output_str, output, ctx.len );
3022 
3023  fct_chk( strncasecmp( (char *) output_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a", strlen( "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" ) ) == 0 );
3024  }
3025 
3026  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3027  }
3028  FCT_TEST_END();
3029 
3030 
3031  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_5)
3032  {
3033  unsigned char message_str[1000];
3034  unsigned char output[1000];
3035  unsigned char output_str[1000];
3036  rsa_context ctx;
3037  mpi P1, Q1, H, G;
3038  size_t output_len;
3039 
3040  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3042 
3043  memset( message_str, 0x00, 1000 );
3044  memset( output, 0x00, 1000 );
3045  memset( output_str, 0x00, 1000 );
3046 
3047  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3048  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3049  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3050  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3051  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3052 
3053  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3054  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3055  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3056  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3057  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3058  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3059  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3060  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3061 
3062  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3063 
3064  unhexify( message_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" );
3065 
3066  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3067  if( 0 == 0 )
3068  {
3069  hexify( output_str, output, ctx.len );
3070 
3071  fct_chk( strncasecmp( (char *) output_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c", strlen( "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" ) ) == 0 );
3072  }
3073 
3074  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3075  }
3076  FCT_TEST_END();
3077 
3078 
3079  FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_6)
3080  {
3081  unsigned char message_str[1000];
3082  unsigned char output[1000];
3083  unsigned char output_str[1000];
3084  rsa_context ctx;
3085  mpi P1, Q1, H, G;
3086  size_t output_len;
3087 
3088  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3090 
3091  memset( message_str, 0x00, 1000 );
3092  memset( output, 0x00, 1000 );
3093  memset( output_str, 0x00, 1000 );
3094 
3095  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
3096  fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
3097  fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
3098  fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
3099  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3100 
3101  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3102  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3103  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3104  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3105  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3106  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3107  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3108  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3109 
3110  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3111 
3112  unhexify( message_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" );
3113 
3114  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3115  if( 0 == 0 )
3116  {
3117  hexify( output_str, output, ctx.len );
3118 
3119  fct_chk( strncasecmp( (char *) output_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0", strlen( "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" ) ) == 0 );
3120  }
3121 
3122  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3123  }
3124  FCT_TEST_END();
3125 
3126 
3127  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_1)
3128  {
3129  unsigned char message_str[1000];
3130  unsigned char output[1000];
3131  unsigned char output_str[1000];
3132  rsa_context ctx;
3133  mpi P1, Q1, H, G;
3134  size_t output_len;
3135 
3136  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3138 
3139  memset( message_str, 0x00, 1000 );
3140  memset( output, 0x00, 1000 );
3141  memset( output_str, 0x00, 1000 );
3142 
3143  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3144  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3145  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3146  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3147  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3148 
3149  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3150  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3151  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3152  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3153  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3154  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3155  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3156  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3157 
3158  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3159 
3160  unhexify( message_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" );
3161 
3162  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3163  if( 0 == 0 )
3164  {
3165  hexify( output_str, output, ctx.len );
3166 
3167  fct_chk( strncasecmp( (char *) output_str, "087820b569e8fa8d", strlen( "087820b569e8fa8d" ) ) == 0 );
3168  }
3169 
3170  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3171  }
3172  FCT_TEST_END();
3173 
3174 
3175  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_2)
3176  {
3177  unsigned char message_str[1000];
3178  unsigned char output[1000];
3179  unsigned char output_str[1000];
3180  rsa_context ctx;
3181  mpi P1, Q1, H, G;
3182  size_t output_len;
3183 
3184  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3186 
3187  memset( message_str, 0x00, 1000 );
3188  memset( output, 0x00, 1000 );
3189  memset( output_str, 0x00, 1000 );
3190 
3191  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3192  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3193  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3194  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3195  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3196 
3197  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3198  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3199  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3200  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3201  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3202  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3203  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3204  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3205 
3206  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3207 
3208  unhexify( message_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" );
3209 
3210  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3211  if( 0 == 0 )
3212  {
3213  hexify( output_str, output, ctx.len );
3214 
3215  fct_chk( strncasecmp( (char *) output_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04", strlen( "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" ) ) == 0 );
3216  }
3217 
3218  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3219  }
3220  FCT_TEST_END();
3221 
3222 
3223  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_3)
3224  {
3225  unsigned char message_str[1000];
3226  unsigned char output[1000];
3227  unsigned char output_str[1000];
3228  rsa_context ctx;
3229  mpi P1, Q1, H, G;
3230  size_t output_len;
3231 
3232  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3234 
3235  memset( message_str, 0x00, 1000 );
3236  memset( output, 0x00, 1000 );
3237  memset( output_str, 0x00, 1000 );
3238 
3239  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3240  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3241  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3242  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3243  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3244 
3245  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3246  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3247  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3248  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3249  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3250  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3251  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3252  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3253 
3254  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3255 
3256  unhexify( message_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" );
3257 
3258  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3259  if( 0 == 0 )
3260  {
3261  hexify( output_str, output, ctx.len );
3262 
3263  fct_chk( strncasecmp( (char *) output_str, "d94cd0e08fa404ed89", strlen( "d94cd0e08fa404ed89" ) ) == 0 );
3264  }
3265 
3266  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3267  }
3268  FCT_TEST_END();
3269 
3270 
3271  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_4)
3272  {
3273  unsigned char message_str[1000];
3274  unsigned char output[1000];
3275  unsigned char output_str[1000];
3276  rsa_context ctx;
3277  mpi P1, Q1, H, G;
3278  size_t output_len;
3279 
3280  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3282 
3283  memset( message_str, 0x00, 1000 );
3284  memset( output, 0x00, 1000 );
3285  memset( output_str, 0x00, 1000 );
3286 
3287  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3288  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3289  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3290  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3291  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3292 
3293  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3294  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3295  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3296  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3297  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3298  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3299  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3300  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3301 
3302  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3303 
3304  unhexify( message_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" );
3305 
3306  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3307  if( 0 == 0 )
3308  {
3309  hexify( output_str, output, ctx.len );
3310 
3311  fct_chk( strncasecmp( (char *) output_str, "6cc641b6b61e6f963974dad23a9013284ef1", strlen( "6cc641b6b61e6f963974dad23a9013284ef1" ) ) == 0 );
3312  }
3313 
3314  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3315  }
3316  FCT_TEST_END();
3317 
3318 
3319  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_5)
3320  {
3321  unsigned char message_str[1000];
3322  unsigned char output[1000];
3323  unsigned char output_str[1000];
3324  rsa_context ctx;
3325  mpi P1, Q1, H, G;
3326  size_t output_len;
3327 
3328  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3330 
3331  memset( message_str, 0x00, 1000 );
3332  memset( output, 0x00, 1000 );
3333  memset( output_str, 0x00, 1000 );
3334 
3335  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3336  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3337  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3338  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3339  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3340 
3341  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3342  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3343  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3344  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3345  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3346  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3347  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3348  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3349 
3350  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3351 
3352  unhexify( message_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" );
3353 
3354  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3355  if( 0 == 0 )
3356  {
3357  hexify( output_str, output, ctx.len );
3358 
3359  fct_chk( strncasecmp( (char *) output_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223", strlen( "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" ) ) == 0 );
3360  }
3361 
3362  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3363  }
3364  FCT_TEST_END();
3365 
3366 
3367  FCT_TEST_BGN(rsaes_oaep_decryption_example_3_6)
3368  {
3369  unsigned char message_str[1000];
3370  unsigned char output[1000];
3371  unsigned char output_str[1000];
3372  rsa_context ctx;
3373  mpi P1, Q1, H, G;
3374  size_t output_len;
3375 
3376  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3378 
3379  memset( message_str, 0x00, 1000 );
3380  memset( output, 0x00, 1000 );
3381  memset( output_str, 0x00, 1000 );
3382 
3383  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
3384  fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
3385  fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
3386  fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
3387  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3388 
3389  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3390  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3391  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3392  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3393  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3394  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3395  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3396  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3397 
3398  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3399 
3400  unhexify( message_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" );
3401 
3402  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3403  if( 0 == 0 )
3404  {
3405  hexify( output_str, output, ctx.len );
3406 
3407  fct_chk( strncasecmp( (char *) output_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1", strlen( "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" ) ) == 0 );
3408  }
3409 
3410  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3411  }
3412  FCT_TEST_END();
3413 
3414 
3415  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_1)
3416  {
3417  unsigned char message_str[1000];
3418  unsigned char output[1000];
3419  unsigned char output_str[1000];
3420  rsa_context ctx;
3421  mpi P1, Q1, H, G;
3422  size_t output_len;
3423 
3424  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3426 
3427  memset( message_str, 0x00, 1000 );
3428  memset( output, 0x00, 1000 );
3429  memset( output_str, 0x00, 1000 );
3430 
3431  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3432  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3433  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3434  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3435  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3436 
3437  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3438  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3439  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3440  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3441  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3442  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3443  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3444  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3445 
3446  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3447 
3448  unhexify( message_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" );
3449 
3450  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3451  if( 0 == 0 )
3452  {
3453  hexify( output_str, output, ctx.len );
3454 
3455  fct_chk( strncasecmp( (char *) output_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2", strlen( "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" ) ) == 0 );
3456  }
3457 
3458  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3459  }
3460  FCT_TEST_END();
3461 
3462 
3463  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_2)
3464  {
3465  unsigned char message_str[1000];
3466  unsigned char output[1000];
3467  unsigned char output_str[1000];
3468  rsa_context ctx;
3469  mpi P1, Q1, H, G;
3470  size_t output_len;
3471 
3472  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3474 
3475  memset( message_str, 0x00, 1000 );
3476  memset( output, 0x00, 1000 );
3477  memset( output_str, 0x00, 1000 );
3478 
3479  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3480  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3481  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3482  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3483  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3484 
3485  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3486  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3487  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3488  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3489  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3490  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3491  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3492  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3493 
3494  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3495 
3496  unhexify( message_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" );
3497 
3498  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3499  if( 0 == 0 )
3500  {
3501  hexify( output_str, output, ctx.len );
3502 
3503  fct_chk( strncasecmp( (char *) output_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8", strlen( "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" ) ) == 0 );
3504  }
3505 
3506  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3507  }
3508  FCT_TEST_END();
3509 
3510 
3511  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_3)
3512  {
3513  unsigned char message_str[1000];
3514  unsigned char output[1000];
3515  unsigned char output_str[1000];
3516  rsa_context ctx;
3517  mpi P1, Q1, H, G;
3518  size_t output_len;
3519 
3520  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3522 
3523  memset( message_str, 0x00, 1000 );
3524  memset( output, 0x00, 1000 );
3525  memset( output_str, 0x00, 1000 );
3526 
3527  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3528  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3529  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3530  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3531  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3532 
3533  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3534  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3535  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3536  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3537  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3538  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3539  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3540  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3541 
3542  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3543 
3544  unhexify( message_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" );
3545 
3546  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3547  if( 0 == 0 )
3548  {
3549  hexify( output_str, output, ctx.len );
3550 
3551  fct_chk( strncasecmp( (char *) output_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99", strlen( "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" ) ) == 0 );
3552  }
3553 
3554  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3555  }
3556  FCT_TEST_END();
3557 
3558 
3559  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_4)
3560  {
3561  unsigned char message_str[1000];
3562  unsigned char output[1000];
3563  unsigned char output_str[1000];
3564  rsa_context ctx;
3565  mpi P1, Q1, H, G;
3566  size_t output_len;
3567 
3568  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3570 
3571  memset( message_str, 0x00, 1000 );
3572  memset( output, 0x00, 1000 );
3573  memset( output_str, 0x00, 1000 );
3574 
3575  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3576  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3577  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3578  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3579  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3580 
3581  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3582  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3583  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3584  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3585  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3586  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3587  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3588  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3589 
3590  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3591 
3592  unhexify( message_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" );
3593 
3594  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3595  if( 0 == 0 )
3596  {
3597  hexify( output_str, output, ctx.len );
3598 
3599  fct_chk( strncasecmp( (char *) output_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e", strlen( "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" ) ) == 0 );
3600  }
3601 
3602  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3603  }
3604  FCT_TEST_END();
3605 
3606 
3607  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_5)
3608  {
3609  unsigned char message_str[1000];
3610  unsigned char output[1000];
3611  unsigned char output_str[1000];
3612  rsa_context ctx;
3613  mpi P1, Q1, H, G;
3614  size_t output_len;
3615 
3616  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3618 
3619  memset( message_str, 0x00, 1000 );
3620  memset( output, 0x00, 1000 );
3621  memset( output_str, 0x00, 1000 );
3622 
3623  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3624  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3625  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3626  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3627  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3628 
3629  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3630  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3631  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3632  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3633  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3634  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3635  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3636  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3637 
3638  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3639 
3640  unhexify( message_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" );
3641 
3642  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3643  if( 0 == 0 )
3644  {
3645  hexify( output_str, output, ctx.len );
3646 
3647  fct_chk( strncasecmp( (char *) output_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284", strlen( "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" ) ) == 0 );
3648  }
3649 
3650  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3651  }
3652  FCT_TEST_END();
3653 
3654 
3655  FCT_TEST_BGN(rsaes_oaep_decryption_example_4_6)
3656  {
3657  unsigned char message_str[1000];
3658  unsigned char output[1000];
3659  unsigned char output_str[1000];
3660  rsa_context ctx;
3661  mpi P1, Q1, H, G;
3662  size_t output_len;
3663 
3664  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3666 
3667  memset( message_str, 0x00, 1000 );
3668  memset( output, 0x00, 1000 );
3669  memset( output_str, 0x00, 1000 );
3670 
3671  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
3672  fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
3673  fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
3674  fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
3675  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3676 
3677  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3678  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3679  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3680  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3681  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3682  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3683  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3684  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3685 
3686  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3687 
3688  unhexify( message_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" );
3689 
3690  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3691  if( 0 == 0 )
3692  {
3693  hexify( output_str, output, ctx.len );
3694 
3695  fct_chk( strncasecmp( (char *) output_str, "f22242751ec6b1", strlen( "f22242751ec6b1" ) ) == 0 );
3696  }
3697 
3698  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3699  }
3700  FCT_TEST_END();
3701 
3702 
3703  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_1)
3704  {
3705  unsigned char message_str[1000];
3706  unsigned char output[1000];
3707  unsigned char output_str[1000];
3708  rsa_context ctx;
3709  mpi P1, Q1, H, G;
3710  size_t output_len;
3711 
3712  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3714 
3715  memset( message_str, 0x00, 1000 );
3716  memset( output, 0x00, 1000 );
3717  memset( output_str, 0x00, 1000 );
3718 
3719  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3720  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3721  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3722  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3723  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3724 
3725  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3726  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3727  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3728  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3729  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3730  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3731  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3732  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3733 
3734  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3735 
3736  unhexify( message_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" );
3737 
3738  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3739  if( 0 == 0 )
3740  {
3741  hexify( output_str, output, ctx.len );
3742 
3743  fct_chk( strncasecmp( (char *) output_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8", strlen( "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" ) ) == 0 );
3744  }
3745 
3746  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3747  }
3748  FCT_TEST_END();
3749 
3750 
3751  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_2)
3752  {
3753  unsigned char message_str[1000];
3754  unsigned char output[1000];
3755  unsigned char output_str[1000];
3756  rsa_context ctx;
3757  mpi P1, Q1, H, G;
3758  size_t output_len;
3759 
3760  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3762 
3763  memset( message_str, 0x00, 1000 );
3764  memset( output, 0x00, 1000 );
3765  memset( output_str, 0x00, 1000 );
3766 
3767  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3768  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3769  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3770  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3771  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3772 
3773  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3774  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3775  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3776  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3777  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3778  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3779  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3780  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3781 
3782  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3783 
3784  unhexify( message_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" );
3785 
3786  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3787  if( 0 == 0 )
3788  {
3789  hexify( output_str, output, ctx.len );
3790 
3791  fct_chk( strncasecmp( (char *) output_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399", strlen( "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" ) ) == 0 );
3792  }
3793 
3794  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3795  }
3796  FCT_TEST_END();
3797 
3798 
3799  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_3)
3800  {
3801  unsigned char message_str[1000];
3802  unsigned char output[1000];
3803  unsigned char output_str[1000];
3804  rsa_context ctx;
3805  mpi P1, Q1, H, G;
3806  size_t output_len;
3807 
3808  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3810 
3811  memset( message_str, 0x00, 1000 );
3812  memset( output, 0x00, 1000 );
3813  memset( output_str, 0x00, 1000 );
3814 
3815  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3816  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3817  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3818  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3819  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3820 
3821  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3822  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3823  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3824  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3825  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3826  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3827  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3828  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3829 
3830  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3831 
3832  unhexify( message_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" );
3833 
3834  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3835  if( 0 == 0 )
3836  {
3837  hexify( output_str, output, ctx.len );
3838 
3839  fct_chk( strncasecmp( (char *) output_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7", strlen( "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" ) ) == 0 );
3840  }
3841 
3842  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3843  }
3844  FCT_TEST_END();
3845 
3846 
3847  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_4)
3848  {
3849  unsigned char message_str[1000];
3850  unsigned char output[1000];
3851  unsigned char output_str[1000];
3852  rsa_context ctx;
3853  mpi P1, Q1, H, G;
3854  size_t output_len;
3855 
3856  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3858 
3859  memset( message_str, 0x00, 1000 );
3860  memset( output, 0x00, 1000 );
3861  memset( output_str, 0x00, 1000 );
3862 
3863  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3864  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3865  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3866  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3867  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3868 
3869  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3870  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3871  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3872  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3873  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3874  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3875  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3876  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3877 
3878  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3879 
3880  unhexify( message_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" );
3881 
3882  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3883  if( 0 == 0 )
3884  {
3885  hexify( output_str, output, ctx.len );
3886 
3887  fct_chk( strncasecmp( (char *) output_str, "15c5b9ee1185", strlen( "15c5b9ee1185" ) ) == 0 );
3888  }
3889 
3890  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3891  }
3892  FCT_TEST_END();
3893 
3894 
3895  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_5)
3896  {
3897  unsigned char message_str[1000];
3898  unsigned char output[1000];
3899  unsigned char output_str[1000];
3900  rsa_context ctx;
3901  mpi P1, Q1, H, G;
3902  size_t output_len;
3903 
3904  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3906 
3907  memset( message_str, 0x00, 1000 );
3908  memset( output, 0x00, 1000 );
3909  memset( output_str, 0x00, 1000 );
3910 
3911  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3912  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3913  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3914  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3915  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3916 
3917  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3918  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3919  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3920  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3921  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3922  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3923  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3924  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3925 
3926  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3927 
3928  unhexify( message_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" );
3929 
3930  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3931  if( 0 == 0 )
3932  {
3933  hexify( output_str, output, ctx.len );
3934 
3935  fct_chk( strncasecmp( (char *) output_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a", strlen( "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" ) ) == 0 );
3936  }
3937 
3938  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3939  }
3940  FCT_TEST_END();
3941 
3942 
3943  FCT_TEST_BGN(rsaes_oaep_decryption_example_5_6)
3944  {
3945  unsigned char message_str[1000];
3946  unsigned char output[1000];
3947  unsigned char output_str[1000];
3948  rsa_context ctx;
3949  mpi P1, Q1, H, G;
3950  size_t output_len;
3951 
3952  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
3954 
3955  memset( message_str, 0x00, 1000 );
3956  memset( output, 0x00, 1000 );
3957  memset( output_str, 0x00, 1000 );
3958 
3959  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
3960  fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
3961  fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
3962  fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
3963  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
3964 
3965  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
3966  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
3967  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
3968  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
3969  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
3970  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
3971  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
3972  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
3973 
3974  fct_chk( rsa_check_privkey( &ctx ) == 0 );
3975 
3976  unhexify( message_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" );
3977 
3978  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
3979  if( 0 == 0 )
3980  {
3981  hexify( output_str, output, ctx.len );
3982 
3983  fct_chk( strncasecmp( (char *) output_str, "541e37b68b6c8872b84c02", strlen( "541e37b68b6c8872b84c02" ) ) == 0 );
3984  }
3985 
3986  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
3987  }
3988  FCT_TEST_END();
3989 
3990 
3991  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_1)
3992  {
3993  unsigned char message_str[1000];
3994  unsigned char output[1000];
3995  unsigned char output_str[1000];
3996  rsa_context ctx;
3997  mpi P1, Q1, H, G;
3998  size_t output_len;
3999 
4000  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4002 
4003  memset( message_str, 0x00, 1000 );
4004  memset( output, 0x00, 1000 );
4005  memset( output_str, 0x00, 1000 );
4006 
4007  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4008  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4009  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4010  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4011  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4012 
4013  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4014  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4015  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4016  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4017  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4018  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4019  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4020  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4021 
4022  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4023 
4024  unhexify( message_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" );
4025 
4026  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4027  if( 0 == 0 )
4028  {
4029  hexify( output_str, output, ctx.len );
4030 
4031  fct_chk( strncasecmp( (char *) output_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4", strlen( "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" ) ) == 0 );
4032  }
4033 
4034  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4035  }
4036  FCT_TEST_END();
4037 
4038 
4039  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_2)
4040  {
4041  unsigned char message_str[1000];
4042  unsigned char output[1000];
4043  unsigned char output_str[1000];
4044  rsa_context ctx;
4045  mpi P1, Q1, H, G;
4046  size_t output_len;
4047 
4048  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4050 
4051  memset( message_str, 0x00, 1000 );
4052  memset( output, 0x00, 1000 );
4053  memset( output_str, 0x00, 1000 );
4054 
4055  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4056  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4057  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4058  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4059  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4060 
4061  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4062  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4063  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4064  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4065  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4066  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4067  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4068  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4069 
4070  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4071 
4072  unhexify( message_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" );
4073 
4074  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4075  if( 0 == 0 )
4076  {
4077  hexify( output_str, output, ctx.len );
4078 
4079  fct_chk( strncasecmp( (char *) output_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7", strlen( "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" ) ) == 0 );
4080  }
4081 
4082  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4083  }
4084  FCT_TEST_END();
4085 
4086 
4087  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_3)
4088  {
4089  unsigned char message_str[1000];
4090  unsigned char output[1000];
4091  unsigned char output_str[1000];
4092  rsa_context ctx;
4093  mpi P1, Q1, H, G;
4094  size_t output_len;
4095 
4096  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4098 
4099  memset( message_str, 0x00, 1000 );
4100  memset( output, 0x00, 1000 );
4101  memset( output_str, 0x00, 1000 );
4102 
4103  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4104  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4105  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4106  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4107  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4108 
4109  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4110  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4111  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4112  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4113  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4114  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4115  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4116  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4117 
4118  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4119 
4120  unhexify( message_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" );
4121 
4122  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4123  if( 0 == 0 )
4124  {
4125  hexify( output_str, output, ctx.len );
4126 
4127  fct_chk( strncasecmp( (char *) output_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c", strlen( "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" ) ) == 0 );
4128  }
4129 
4130  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4131  }
4132  FCT_TEST_END();
4133 
4134 
4135  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_4)
4136  {
4137  unsigned char message_str[1000];
4138  unsigned char output[1000];
4139  unsigned char output_str[1000];
4140  rsa_context ctx;
4141  mpi P1, Q1, H, G;
4142  size_t output_len;
4143 
4144  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4146 
4147  memset( message_str, 0x00, 1000 );
4148  memset( output, 0x00, 1000 );
4149  memset( output_str, 0x00, 1000 );
4150 
4151  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4152  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4153  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4154  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4155  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4156 
4157  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4158  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4159  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4160  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4161  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4162  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4163  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4164  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4165 
4166  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4167 
4168  unhexify( message_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" );
4169 
4170  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4171  if( 0 == 0 )
4172  {
4173  hexify( output_str, output, ctx.len );
4174 
4175  fct_chk( strncasecmp( (char *) output_str, "684e3038c5c041f7", strlen( "684e3038c5c041f7" ) ) == 0 );
4176  }
4177 
4178  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4179  }
4180  FCT_TEST_END();
4181 
4182 
4183  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_5)
4184  {
4185  unsigned char message_str[1000];
4186  unsigned char output[1000];
4187  unsigned char output_str[1000];
4188  rsa_context ctx;
4189  mpi P1, Q1, H, G;
4190  size_t output_len;
4191 
4192  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4194 
4195  memset( message_str, 0x00, 1000 );
4196  memset( output, 0x00, 1000 );
4197  memset( output_str, 0x00, 1000 );
4198 
4199  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4200  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4201  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4202  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4203  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4204 
4205  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4206  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4207  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4208  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4209  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4210  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4211  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4212  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4213 
4214  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4215 
4216  unhexify( message_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" );
4217 
4218  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4219  if( 0 == 0 )
4220  {
4221  hexify( output_str, output, ctx.len );
4222 
4223  fct_chk( strncasecmp( (char *) output_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693", strlen( "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" ) ) == 0 );
4224  }
4225 
4226  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4227  }
4228  FCT_TEST_END();
4229 
4230 
4231  FCT_TEST_BGN(rsaes_oaep_decryption_example_6_6)
4232  {
4233  unsigned char message_str[1000];
4234  unsigned char output[1000];
4235  unsigned char output_str[1000];
4236  rsa_context ctx;
4237  mpi P1, Q1, H, G;
4238  size_t output_len;
4239 
4240  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4242 
4243  memset( message_str, 0x00, 1000 );
4244  memset( output, 0x00, 1000 );
4245  memset( output_str, 0x00, 1000 );
4246 
4247  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
4248  fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
4249  fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
4250  fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
4251  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4252 
4253  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4254  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4255  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4256  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4257  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4258  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4259  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4260  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4261 
4262  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4263 
4264  unhexify( message_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" );
4265 
4266  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4267  if( 0 == 0 )
4268  {
4269  hexify( output_str, output, ctx.len );
4270 
4271  fct_chk( strncasecmp( (char *) output_str, "50ba14be8462720279c306ba", strlen( "50ba14be8462720279c306ba" ) ) == 0 );
4272  }
4273 
4274  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4275  }
4276  FCT_TEST_END();
4277 
4278 
4279  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_1)
4280  {
4281  unsigned char message_str[1000];
4282  unsigned char output[1000];
4283  unsigned char output_str[1000];
4284  rsa_context ctx;
4285  mpi P1, Q1, H, G;
4286  size_t output_len;
4287 
4288  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4290 
4291  memset( message_str, 0x00, 1000 );
4292  memset( output, 0x00, 1000 );
4293  memset( output_str, 0x00, 1000 );
4294 
4295  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4296  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4297  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4298  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4299  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4300 
4301  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4302  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4303  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4304  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4305  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4306  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4307  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4308  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4309 
4310  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4311 
4312  unhexify( message_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" );
4313 
4314  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4315  if( 0 == 0 )
4316  {
4317  hexify( output_str, output, ctx.len );
4318 
4319  fct_chk( strncasecmp( (char *) output_str, "47aae909", strlen( "47aae909" ) ) == 0 );
4320  }
4321 
4322  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4323  }
4324  FCT_TEST_END();
4325 
4326 
4327  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_2)
4328  {
4329  unsigned char message_str[1000];
4330  unsigned char output[1000];
4331  unsigned char output_str[1000];
4332  rsa_context ctx;
4333  mpi P1, Q1, H, G;
4334  size_t output_len;
4335 
4336  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4338 
4339  memset( message_str, 0x00, 1000 );
4340  memset( output, 0x00, 1000 );
4341  memset( output_str, 0x00, 1000 );
4342 
4343  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4344  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4345  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4346  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4347  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4348 
4349  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4350  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4351  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4352  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4353  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4354  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4355  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4356  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4357 
4358  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4359 
4360  unhexify( message_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" );
4361 
4362  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4363  if( 0 == 0 )
4364  {
4365  hexify( output_str, output, ctx.len );
4366 
4367  fct_chk( strncasecmp( (char *) output_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7", strlen( "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" ) ) == 0 );
4368  }
4369 
4370  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4371  }
4372  FCT_TEST_END();
4373 
4374 
4375  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_3)
4376  {
4377  unsigned char message_str[1000];
4378  unsigned char output[1000];
4379  unsigned char output_str[1000];
4380  rsa_context ctx;
4381  mpi P1, Q1, H, G;
4382  size_t output_len;
4383 
4384  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4386 
4387  memset( message_str, 0x00, 1000 );
4388  memset( output, 0x00, 1000 );
4389  memset( output_str, 0x00, 1000 );
4390 
4391  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4392  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4393  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4394  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4395  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4396 
4397  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4398  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4399  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4400  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4401  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4402  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4403  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4404  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4405 
4406  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4407 
4408  unhexify( message_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" );
4409 
4410  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4411  if( 0 == 0 )
4412  {
4413  hexify( output_str, output, ctx.len );
4414 
4415  fct_chk( strncasecmp( (char *) output_str, "d976fc", strlen( "d976fc" ) ) == 0 );
4416  }
4417 
4418  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4419  }
4420  FCT_TEST_END();
4421 
4422 
4423  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_4)
4424  {
4425  unsigned char message_str[1000];
4426  unsigned char output[1000];
4427  unsigned char output_str[1000];
4428  rsa_context ctx;
4429  mpi P1, Q1, H, G;
4430  size_t output_len;
4431 
4432  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4434 
4435  memset( message_str, 0x00, 1000 );
4436  memset( output, 0x00, 1000 );
4437  memset( output_str, 0x00, 1000 );
4438 
4439  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4440  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4441  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4442  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4443  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4444 
4445  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4446  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4447  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4448  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4449  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4450  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4451  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4452  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4453 
4454  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4455 
4456  unhexify( message_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" );
4457 
4458  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4459  if( 0 == 0 )
4460  {
4461  hexify( output_str, output, ctx.len );
4462 
4463  fct_chk( strncasecmp( (char *) output_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb", strlen( "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" ) ) == 0 );
4464  }
4465 
4466  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4467  }
4468  FCT_TEST_END();
4469 
4470 
4471  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_5)
4472  {
4473  unsigned char message_str[1000];
4474  unsigned char output[1000];
4475  unsigned char output_str[1000];
4476  rsa_context ctx;
4477  mpi P1, Q1, H, G;
4478  size_t output_len;
4479 
4480  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4482 
4483  memset( message_str, 0x00, 1000 );
4484  memset( output, 0x00, 1000 );
4485  memset( output_str, 0x00, 1000 );
4486 
4487  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4488  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4489  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4490  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4491  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4492 
4493  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4494  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4495  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4496  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4497  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4498  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4499  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4500  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4501 
4502  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4503 
4504  unhexify( message_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" );
4505 
4506  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4507  if( 0 == 0 )
4508  {
4509  hexify( output_str, output, ctx.len );
4510 
4511  fct_chk( strncasecmp( (char *) output_str, "bb47231ca5ea1d3ad46c99345d9a8a61", strlen( "bb47231ca5ea1d3ad46c99345d9a8a61" ) ) == 0 );
4512  }
4513 
4514  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4515  }
4516  FCT_TEST_END();
4517 
4518 
4519  FCT_TEST_BGN(rsaes_oaep_decryption_example_7_6)
4520  {
4521  unsigned char message_str[1000];
4522  unsigned char output[1000];
4523  unsigned char output_str[1000];
4524  rsa_context ctx;
4525  mpi P1, Q1, H, G;
4526  size_t output_len;
4527 
4528  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4530 
4531  memset( message_str, 0x00, 1000 );
4532  memset( output, 0x00, 1000 );
4533  memset( output_str, 0x00, 1000 );
4534 
4535  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
4536  fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
4537  fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
4538  fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
4539  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4540 
4541  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4542  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4543  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4544  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4545  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4546  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4547  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4548  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4549 
4550  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4551 
4552  unhexify( message_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" );
4553 
4554  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4555  if( 0 == 0 )
4556  {
4557  hexify( output_str, output, ctx.len );
4558 
4559  fct_chk( strncasecmp( (char *) output_str, "2184827095d35c3f86f600e8e59754013296", strlen( "2184827095d35c3f86f600e8e59754013296" ) ) == 0 );
4560  }
4561 
4562  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4563  }
4564  FCT_TEST_END();
4565 
4566 
4567  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_1)
4568  {
4569  unsigned char message_str[1000];
4570  unsigned char output[1000];
4571  unsigned char output_str[1000];
4572  rsa_context ctx;
4573  mpi P1, Q1, H, G;
4574  size_t output_len;
4575 
4576  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4578 
4579  memset( message_str, 0x00, 1000 );
4580  memset( output, 0x00, 1000 );
4581  memset( output_str, 0x00, 1000 );
4582 
4583  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4584  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4585  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4586  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4587  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4588 
4589  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4590  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4591  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4592  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4593  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4594  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4595  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4596  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4597 
4598  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4599 
4600  unhexify( message_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" );
4601 
4602  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4603  if( 0 == 0 )
4604  {
4605  hexify( output_str, output, ctx.len );
4606 
4607  fct_chk( strncasecmp( (char *) output_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967", strlen( "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" ) ) == 0 );
4608  }
4609 
4610  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4611  }
4612  FCT_TEST_END();
4613 
4614 
4615  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_2)
4616  {
4617  unsigned char message_str[1000];
4618  unsigned char output[1000];
4619  unsigned char output_str[1000];
4620  rsa_context ctx;
4621  mpi P1, Q1, H, G;
4622  size_t output_len;
4623 
4624  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4626 
4627  memset( message_str, 0x00, 1000 );
4628  memset( output, 0x00, 1000 );
4629  memset( output_str, 0x00, 1000 );
4630 
4631  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4632  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4633  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4634  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4635  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4636 
4637  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4638  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4639  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4640  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4641  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4642  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4643  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4644  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4645 
4646  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4647 
4648  unhexify( message_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" );
4649 
4650  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4651  if( 0 == 0 )
4652  {
4653  hexify( output_str, output, ctx.len );
4654 
4655  fct_chk( strncasecmp( (char *) output_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc", strlen( "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" ) ) == 0 );
4656  }
4657 
4658  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4659  }
4660  FCT_TEST_END();
4661 
4662 
4663  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_3)
4664  {
4665  unsigned char message_str[1000];
4666  unsigned char output[1000];
4667  unsigned char output_str[1000];
4668  rsa_context ctx;
4669  mpi P1, Q1, H, G;
4670  size_t output_len;
4671 
4672  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4674 
4675  memset( message_str, 0x00, 1000 );
4676  memset( output, 0x00, 1000 );
4677  memset( output_str, 0x00, 1000 );
4678 
4679  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4680  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4681  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4682  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4683  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4684 
4685  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4686  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4687  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4688  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4689  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4690  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4691  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4692  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4693 
4694  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4695 
4696  unhexify( message_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" );
4697 
4698  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4699  if( 0 == 0 )
4700  {
4701  hexify( output_str, output, ctx.len );
4702 
4703  fct_chk( strncasecmp( (char *) output_str, "8604ac56328c1ab5ad917861", strlen( "8604ac56328c1ab5ad917861" ) ) == 0 );
4704  }
4705 
4706  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4707  }
4708  FCT_TEST_END();
4709 
4710 
4711  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_4)
4712  {
4713  unsigned char message_str[1000];
4714  unsigned char output[1000];
4715  unsigned char output_str[1000];
4716  rsa_context ctx;
4717  mpi P1, Q1, H, G;
4718  size_t output_len;
4719 
4720  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4722 
4723  memset( message_str, 0x00, 1000 );
4724  memset( output, 0x00, 1000 );
4725  memset( output_str, 0x00, 1000 );
4726 
4727  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4728  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4729  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4730  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4731  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4732 
4733  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4734  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4735  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4736  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4737  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4738  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4739  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4740  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4741 
4742  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4743 
4744  unhexify( message_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" );
4745 
4746  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4747  if( 0 == 0 )
4748  {
4749  hexify( output_str, output, ctx.len );
4750 
4751  fct_chk( strncasecmp( (char *) output_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc", strlen( "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" ) ) == 0 );
4752  }
4753 
4754  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4755  }
4756  FCT_TEST_END();
4757 
4758 
4759  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_5)
4760  {
4761  unsigned char message_str[1000];
4762  unsigned char output[1000];
4763  unsigned char output_str[1000];
4764  rsa_context ctx;
4765  mpi P1, Q1, H, G;
4766  size_t output_len;
4767 
4768  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4770 
4771  memset( message_str, 0x00, 1000 );
4772  memset( output, 0x00, 1000 );
4773  memset( output_str, 0x00, 1000 );
4774 
4775  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4776  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4777  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4778  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4779  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4780 
4781  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4782  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4783  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4784  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4785  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4786  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4787  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4788  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4789 
4790  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4791 
4792  unhexify( message_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" );
4793 
4794  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4795  if( 0 == 0 )
4796  {
4797  hexify( output_str, output, ctx.len );
4798 
4799  fct_chk( strncasecmp( (char *) output_str, "4a5f4914bee25de3c69341de07", strlen( "4a5f4914bee25de3c69341de07" ) ) == 0 );
4800  }
4801 
4802  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4803  }
4804  FCT_TEST_END();
4805 
4806 
4807  FCT_TEST_BGN(rsaes_oaep_decryption_example_8_6)
4808  {
4809  unsigned char message_str[1000];
4810  unsigned char output[1000];
4811  unsigned char output_str[1000];
4812  rsa_context ctx;
4813  mpi P1, Q1, H, G;
4814  size_t output_len;
4815 
4816  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4818 
4819  memset( message_str, 0x00, 1000 );
4820  memset( output, 0x00, 1000 );
4821  memset( output_str, 0x00, 1000 );
4822 
4823  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
4824  fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
4825  fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
4826  fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
4827  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4828 
4829  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4830  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4831  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4832  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4833  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4834  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4835  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4836  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4837 
4838  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4839 
4840  unhexify( message_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" );
4841 
4842  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4843  if( 0 == 0 )
4844  {
4845  hexify( output_str, output, ctx.len );
4846 
4847  fct_chk( strncasecmp( (char *) output_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be", strlen( "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" ) ) == 0 );
4848  }
4849 
4850  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4851  }
4852  FCT_TEST_END();
4853 
4854 
4855  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_1)
4856  {
4857  unsigned char message_str[1000];
4858  unsigned char output[1000];
4859  unsigned char output_str[1000];
4860  rsa_context ctx;
4861  mpi P1, Q1, H, G;
4862  size_t output_len;
4863 
4864  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4866 
4867  memset( message_str, 0x00, 1000 );
4868  memset( output, 0x00, 1000 );
4869  memset( output_str, 0x00, 1000 );
4870 
4871  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
4872  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
4873  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
4874  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
4875  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4876 
4877  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4878  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4879  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4880  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4881  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4882  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4883  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4884  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4885 
4886  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4887 
4888  unhexify( message_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" );
4889 
4890  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4891  if( 0 == 0 )
4892  {
4893  hexify( output_str, output, ctx.len );
4894 
4895  fct_chk( strncasecmp( (char *) output_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6", strlen( "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" ) ) == 0 );
4896  }
4897 
4898  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4899  }
4900  FCT_TEST_END();
4901 
4902 
4903  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_2)
4904  {
4905  unsigned char message_str[1000];
4906  unsigned char output[1000];
4907  unsigned char output_str[1000];
4908  rsa_context ctx;
4909  mpi P1, Q1, H, G;
4910  size_t output_len;
4911 
4912  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4914 
4915  memset( message_str, 0x00, 1000 );
4916  memset( output, 0x00, 1000 );
4917  memset( output_str, 0x00, 1000 );
4918 
4919  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
4920  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
4921  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
4922  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
4923  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4924 
4925  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4926  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4927  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4928  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4929  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4930  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4931  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4932  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4933 
4934  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4935 
4936  unhexify( message_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" );
4937 
4938  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4939  if( 0 == 0 )
4940  {
4941  hexify( output_str, output, ctx.len );
4942 
4943  fct_chk( strncasecmp( (char *) output_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659", strlen( "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" ) ) == 0 );
4944  }
4945 
4946  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4947  }
4948  FCT_TEST_END();
4949 
4950 
4951  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_3)
4952  {
4953  unsigned char message_str[1000];
4954  unsigned char output[1000];
4955  unsigned char output_str[1000];
4956  rsa_context ctx;
4957  mpi P1, Q1, H, G;
4958  size_t output_len;
4959 
4960  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
4962 
4963  memset( message_str, 0x00, 1000 );
4964  memset( output, 0x00, 1000 );
4965  memset( output_str, 0x00, 1000 );
4966 
4967  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
4968  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
4969  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
4970  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
4971  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
4972 
4973  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
4974  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
4975  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
4976  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
4977  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
4978  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
4979  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
4980  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
4981 
4982  fct_chk( rsa_check_privkey( &ctx ) == 0 );
4983 
4984  unhexify( message_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" );
4985 
4986  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
4987  if( 0 == 0 )
4988  {
4989  hexify( output_str, output, ctx.len );
4990 
4991  fct_chk( strncasecmp( (char *) output_str, "fd326429df9b890e09b54b18b8f34f1e24", strlen( "fd326429df9b890e09b54b18b8f34f1e24" ) ) == 0 );
4992  }
4993 
4994  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
4995  }
4996  FCT_TEST_END();
4997 
4998 
4999  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_4)
5000  {
5001  unsigned char message_str[1000];
5002  unsigned char output[1000];
5003  unsigned char output_str[1000];
5004  rsa_context ctx;
5005  mpi P1, Q1, H, G;
5006  size_t output_len;
5007 
5008  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5010 
5011  memset( message_str, 0x00, 1000 );
5012  memset( output, 0x00, 1000 );
5013  memset( output_str, 0x00, 1000 );
5014 
5015  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5016  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5017  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5018  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5019  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5020 
5021  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5022  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5023  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5024  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5025  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5026  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5027  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5028  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5029 
5030  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5031 
5032  unhexify( message_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" );
5033 
5034  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5035  if( 0 == 0 )
5036  {
5037  hexify( output_str, output, ctx.len );
5038 
5039  fct_chk( strncasecmp( (char *) output_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e", strlen( "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" ) ) == 0 );
5040  }
5041 
5042  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5043  }
5044  FCT_TEST_END();
5045 
5046 
5047  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_5)
5048  {
5049  unsigned char message_str[1000];
5050  unsigned char output[1000];
5051  unsigned char output_str[1000];
5052  rsa_context ctx;
5053  mpi P1, Q1, H, G;
5054  size_t output_len;
5055 
5056  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5058 
5059  memset( message_str, 0x00, 1000 );
5060  memset( output, 0x00, 1000 );
5061  memset( output_str, 0x00, 1000 );
5062 
5063  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5064  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5065  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5066  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5067  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5068 
5069  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5070  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5071  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5072  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5073  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5074  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5075  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5076  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5077 
5078  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5079 
5080  unhexify( message_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" );
5081 
5082  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5083  if( 0 == 0 )
5084  {
5085  hexify( output_str, output, ctx.len );
5086 
5087  fct_chk( strncasecmp( (char *) output_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d", strlen( "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" ) ) == 0 );
5088  }
5089 
5090  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5091  }
5092  FCT_TEST_END();
5093 
5094 
5095  FCT_TEST_BGN(rsaes_oaep_decryption_example_9_6)
5096  {
5097  unsigned char message_str[1000];
5098  unsigned char output[1000];
5099  unsigned char output_str[1000];
5100  rsa_context ctx;
5101  mpi P1, Q1, H, G;
5102  size_t output_len;
5103 
5104  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5106 
5107  memset( message_str, 0x00, 1000 );
5108  memset( output, 0x00, 1000 );
5109  memset( output_str, 0x00, 1000 );
5110 
5111  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
5112  fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
5113  fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
5114  fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
5115  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5116 
5117  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5118  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5119  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5120  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5121  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5122  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5123  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5124  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5125 
5126  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5127 
5128  unhexify( message_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" );
5129 
5130  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5131  if( 0 == 0 )
5132  {
5133  hexify( output_str, output, ctx.len );
5134 
5135  fct_chk( strncasecmp( (char *) output_str, "b6b28ea2198d0c1008bc64", strlen( "b6b28ea2198d0c1008bc64" ) ) == 0 );
5136  }
5137 
5138  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5139  }
5140  FCT_TEST_END();
5141 
5142 
5143  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_1)
5144  {
5145  unsigned char message_str[1000];
5146  unsigned char output[1000];
5147  unsigned char output_str[1000];
5148  rsa_context ctx;
5149  mpi P1, Q1, H, G;
5150  size_t output_len;
5151 
5152  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5154 
5155  memset( message_str, 0x00, 1000 );
5156  memset( output, 0x00, 1000 );
5157  memset( output_str, 0x00, 1000 );
5158 
5159  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5160  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5161  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5162  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5163  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5164 
5165  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5166  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5167  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5168  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5169  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5170  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5171  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5172  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5173 
5174  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5175 
5176  unhexify( message_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" );
5177 
5178  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5179  if( 0 == 0 )
5180  {
5181  hexify( output_str, output, ctx.len );
5182 
5183  fct_chk( strncasecmp( (char *) output_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee", strlen( "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" ) ) == 0 );
5184  }
5185 
5186  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5187  }
5188  FCT_TEST_END();
5189 
5190 
5191  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_2)
5192  {
5193  unsigned char message_str[1000];
5194  unsigned char output[1000];
5195  unsigned char output_str[1000];
5196  rsa_context ctx;
5197  mpi P1, Q1, H, G;
5198  size_t output_len;
5199 
5200  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5202 
5203  memset( message_str, 0x00, 1000 );
5204  memset( output, 0x00, 1000 );
5205  memset( output_str, 0x00, 1000 );
5206 
5207  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5208  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5209  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5210  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5211  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5212 
5213  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5214  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5215  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5216  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5217  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5218  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5219  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5220  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5221 
5222  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5223 
5224  unhexify( message_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" );
5225 
5226  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5227  if( 0 == 0 )
5228  {
5229  hexify( output_str, output, ctx.len );
5230 
5231  fct_chk( strncasecmp( (char *) output_str, "e6ad181f053b58a904f2457510373e57", strlen( "e6ad181f053b58a904f2457510373e57" ) ) == 0 );
5232  }
5233 
5234  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5235  }
5236  FCT_TEST_END();
5237 
5238 
5239  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_3)
5240  {
5241  unsigned char message_str[1000];
5242  unsigned char output[1000];
5243  unsigned char output_str[1000];
5244  rsa_context ctx;
5245  mpi P1, Q1, H, G;
5246  size_t output_len;
5247 
5248  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5250 
5251  memset( message_str, 0x00, 1000 );
5252  memset( output, 0x00, 1000 );
5253  memset( output_str, 0x00, 1000 );
5254 
5255  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5256  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5257  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5258  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5259  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5260 
5261  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5262  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5263  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5264  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5265  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5266  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5267  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5268  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5269 
5270  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5271 
5272  unhexify( message_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" );
5273 
5274  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5275  if( 0 == 0 )
5276  {
5277  hexify( output_str, output, ctx.len );
5278 
5279  fct_chk( strncasecmp( (char *) output_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124", strlen( "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" ) ) == 0 );
5280  }
5281 
5282  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5283  }
5284  FCT_TEST_END();
5285 
5286 
5287  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_4)
5288  {
5289  unsigned char message_str[1000];
5290  unsigned char output[1000];
5291  unsigned char output_str[1000];
5292  rsa_context ctx;
5293  mpi P1, Q1, H, G;
5294  size_t output_len;
5295 
5296  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5298 
5299  memset( message_str, 0x00, 1000 );
5300  memset( output, 0x00, 1000 );
5301  memset( output_str, 0x00, 1000 );
5302 
5303  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5304  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5305  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5306  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5307  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5308 
5309  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5310  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5311  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5312  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5313  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5314  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5315  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5316  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5317 
5318  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5319 
5320  unhexify( message_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" );
5321 
5322  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5323  if( 0 == 0 )
5324  {
5325  hexify( output_str, output, ctx.len );
5326 
5327  fct_chk( strncasecmp( (char *) output_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9", strlen( "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" ) ) == 0 );
5328  }
5329 
5330  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5331  }
5332  FCT_TEST_END();
5333 
5334 
5335  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_5)
5336  {
5337  unsigned char message_str[1000];
5338  unsigned char output[1000];
5339  unsigned char output_str[1000];
5340  rsa_context ctx;
5341  mpi P1, Q1, H, G;
5342  size_t output_len;
5343 
5344  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5346 
5347  memset( message_str, 0x00, 1000 );
5348  memset( output, 0x00, 1000 );
5349  memset( output_str, 0x00, 1000 );
5350 
5351  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5352  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5353  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5354  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5355  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5356 
5357  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5358  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5359  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5360  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5361  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5362  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5363  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5364  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5365 
5366  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5367 
5368  unhexify( message_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" );
5369 
5370  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5371  if( 0 == 0 )
5372  {
5373  hexify( output_str, output, ctx.len );
5374 
5375  fct_chk( strncasecmp( (char *) output_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9", strlen( "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" ) ) == 0 );
5376  }
5377 
5378  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5379  }
5380  FCT_TEST_END();
5381 
5382 
5383  FCT_TEST_BGN(rsaes_oaep_decryption_example_10_6)
5384  {
5385  unsigned char message_str[1000];
5386  unsigned char output[1000];
5387  unsigned char output_str[1000];
5388  rsa_context ctx;
5389  mpi P1, Q1, H, G;
5390  size_t output_len;
5391 
5392  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5394 
5395  memset( message_str, 0x00, 1000 );
5396  memset( output, 0x00, 1000 );
5397  memset( output_str, 0x00, 1000 );
5398 
5399  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
5400  fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
5401  fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
5402  fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
5403  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5404 
5405  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5406  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5407  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5408  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5409  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5410  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5411  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5412  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5413 
5414  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5415 
5416  unhexify( message_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" );
5417 
5418  fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
5419  if( 0 == 0 )
5420  {
5421  hexify( output_str, output, ctx.len );
5422 
5423  fct_chk( strncasecmp( (char *) output_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac", strlen( "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" ) ) == 0 );
5424  }
5425 
5426  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5427  }
5428  FCT_TEST_END();
5429 
5430 
5431  FCT_TEST_BGN(rsassa_pss_signing_test_vector_int)
5432  {
5433  unsigned char message_str[1000];
5434  unsigned char hash_result[1000];
5435  unsigned char output[1000];
5436  unsigned char output_str[1000];
5437  unsigned char rnd_buf[1000];
5438  rsa_context ctx;
5439  mpi P1, Q1, H, G;
5440  size_t msg_len;
5441  rnd_buf_info info;
5442 
5443  info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
5444  info.buf = rnd_buf;
5445 
5446  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5448 
5449  memset( message_str, 0x00, 1000 );
5450  memset( hash_result, 0x00, 1000 );
5451  memset( output, 0x00, 1000 );
5452  memset( output_str, 0x00, 1000 );
5453 
5454  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5455  fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
5456  fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
5457  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5458  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5459 
5460  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5461  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5462  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5463  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5464  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5465  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5466  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5467  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5468 
5469  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5470 
5471  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5472 
5473  switch( SIG_RSA_SHA1 )
5474  {
5475  #ifdef POLARSSL_MD2_C
5476  case SIG_RSA_MD2:
5477  md2( message_str, msg_len, hash_result );
5478  break;
5479  #endif
5480  #ifdef POLARSSL_MD4_C
5481  case SIG_RSA_MD4:
5482  md4( message_str, msg_len, hash_result );
5483  break;
5484  #endif
5485  #ifdef POLARSSL_MD5_C
5486  case SIG_RSA_MD5:
5487  md5( message_str, msg_len, hash_result );
5488  break;
5489  #endif
5490  #ifdef POLARSSL_SHA1_C
5491  case SIG_RSA_SHA1:
5492  sha1( message_str, msg_len, hash_result );
5493  break;
5494  #endif
5495  #ifdef POLARSSL_SHA2_C
5496  case SIG_RSA_SHA224:
5497  sha2( message_str, msg_len, hash_result, 1 );
5498  break;
5499  case SIG_RSA_SHA256:
5500  sha2( message_str, msg_len, hash_result, 0 );
5501  break;
5502  #endif
5503  #ifdef POLARSSL_SHA4_C
5504  case SIG_RSA_SHA384:
5505  sha4( message_str, msg_len, hash_result, 1 );
5506  break;
5507  case SIG_RSA_SHA512:
5508  sha4( message_str, msg_len, hash_result, 0 );
5509  break;
5510  #endif
5511  }
5512 
5513  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
5514  if( 0 == 0 )
5515  {
5516  hexify( output_str, output, ctx.len);
5517 
5518  fct_chk( strcasecmp( (char *) output_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" ) == 0 );
5519  }
5520 
5521  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5522  }
5523  FCT_TEST_END();
5524 
5525 
5526  FCT_TEST_BGN(rsassa_pss_verification_test_vector_int)
5527  {
5528  unsigned char message_str[1000];
5529  unsigned char hash_result[1000];
5530  unsigned char result_str[1000];
5531  rsa_context ctx;
5532  size_t msg_len;
5533 
5535  memset( message_str, 0x00, 1000 );
5536  memset( hash_result, 0x00, 1000 );
5537  memset( result_str, 0x00, 1000 );
5538 
5539  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5540  fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
5541  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5542 
5543  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
5544 
5545  msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
5546  unhexify( result_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" );
5547 
5548  switch( SIG_RSA_SHA1 )
5549  {
5550  #ifdef POLARSSL_MD2_C
5551  case SIG_RSA_MD2:
5552  md2( message_str, msg_len, hash_result );
5553  break;
5554  #endif
5555  #ifdef POLARSSL_MD4_C
5556  case SIG_RSA_MD4:
5557  md4( message_str, msg_len, hash_result );
5558  break;
5559  #endif
5560  #ifdef POLARSSL_MD5_C
5561  case SIG_RSA_MD5:
5562  md5( message_str, msg_len, hash_result );
5563  break;
5564  #endif
5565  #ifdef POLARSSL_SHA1_C
5566  case SIG_RSA_SHA1:
5567  sha1( message_str, msg_len, hash_result );
5568  break;
5569  #endif
5570  #ifdef POLARSSL_SHA2_C
5571  case SIG_RSA_SHA224:
5572  sha2( message_str, msg_len, hash_result, 1 );
5573  break;
5574  case SIG_RSA_SHA256:
5575  sha2( message_str, msg_len, hash_result, 0 );
5576  break;
5577  #endif
5578  #ifdef POLARSSL_SHA4_C
5579  case SIG_RSA_SHA384:
5580  sha4( message_str, msg_len, hash_result, 1 );
5581  break;
5582  case SIG_RSA_SHA512:
5583  sha4( message_str, msg_len, hash_result, 0 );
5584  break;
5585  #endif
5586  }
5587 
5588  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
5589  }
5590  FCT_TEST_END();
5591 
5592 
5593  FCT_TEST_BGN(rsassa_pss_signature_example_1_1)
5594  {
5595  unsigned char message_str[1000];
5596  unsigned char hash_result[1000];
5597  unsigned char output[1000];
5598  unsigned char output_str[1000];
5599  unsigned char rnd_buf[1000];
5600  rsa_context ctx;
5601  mpi P1, Q1, H, G;
5602  size_t msg_len;
5603  rnd_buf_info info;
5604 
5605  info.length = unhexify( rnd_buf, "dee959c7e06411361420ff80185ed57f3e6776af" );
5606  info.buf = rnd_buf;
5607 
5608  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5610 
5611  memset( message_str, 0x00, 1000 );
5612  memset( hash_result, 0x00, 1000 );
5613  memset( output, 0x00, 1000 );
5614  memset( output_str, 0x00, 1000 );
5615 
5616  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5617  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
5618  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
5619  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5620  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5621 
5622  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5623  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5624  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5625  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5626  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5627  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5628  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5629  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5630 
5631  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5632 
5633  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
5634 
5635  switch( SIG_RSA_SHA1 )
5636  {
5637  #ifdef POLARSSL_MD2_C
5638  case SIG_RSA_MD2:
5639  md2( message_str, msg_len, hash_result );
5640  break;
5641  #endif
5642  #ifdef POLARSSL_MD4_C
5643  case SIG_RSA_MD4:
5644  md4( message_str, msg_len, hash_result );
5645  break;
5646  #endif
5647  #ifdef POLARSSL_MD5_C
5648  case SIG_RSA_MD5:
5649  md5( message_str, msg_len, hash_result );
5650  break;
5651  #endif
5652  #ifdef POLARSSL_SHA1_C
5653  case SIG_RSA_SHA1:
5654  sha1( message_str, msg_len, hash_result );
5655  break;
5656  #endif
5657  #ifdef POLARSSL_SHA2_C
5658  case SIG_RSA_SHA224:
5659  sha2( message_str, msg_len, hash_result, 1 );
5660  break;
5661  case SIG_RSA_SHA256:
5662  sha2( message_str, msg_len, hash_result, 0 );
5663  break;
5664  #endif
5665  #ifdef POLARSSL_SHA4_C
5666  case SIG_RSA_SHA384:
5667  sha4( message_str, msg_len, hash_result, 1 );
5668  break;
5669  case SIG_RSA_SHA512:
5670  sha4( message_str, msg_len, hash_result, 0 );
5671  break;
5672  #endif
5673  }
5674 
5675  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
5676  if( 0 == 0 )
5677  {
5678  hexify( output_str, output, ctx.len);
5679 
5680  fct_chk( strcasecmp( (char *) output_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" ) == 0 );
5681  }
5682 
5683  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5684  }
5685  FCT_TEST_END();
5686 
5687 
5688  FCT_TEST_BGN(rsassa_pss_signature_example_1_1_verify)
5689  {
5690  unsigned char message_str[1000];
5691  unsigned char hash_result[1000];
5692  unsigned char result_str[1000];
5693  rsa_context ctx;
5694  size_t msg_len;
5695 
5697  memset( message_str, 0x00, 1000 );
5698  memset( hash_result, 0x00, 1000 );
5699  memset( result_str, 0x00, 1000 );
5700 
5701  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5702  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5703  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5704 
5705  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
5706 
5707  msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
5708  unhexify( result_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" );
5709 
5710  switch( SIG_RSA_SHA1 )
5711  {
5712  #ifdef POLARSSL_MD2_C
5713  case SIG_RSA_MD2:
5714  md2( message_str, msg_len, hash_result );
5715  break;
5716  #endif
5717  #ifdef POLARSSL_MD4_C
5718  case SIG_RSA_MD4:
5719  md4( message_str, msg_len, hash_result );
5720  break;
5721  #endif
5722  #ifdef POLARSSL_MD5_C
5723  case SIG_RSA_MD5:
5724  md5( message_str, msg_len, hash_result );
5725  break;
5726  #endif
5727  #ifdef POLARSSL_SHA1_C
5728  case SIG_RSA_SHA1:
5729  sha1( message_str, msg_len, hash_result );
5730  break;
5731  #endif
5732  #ifdef POLARSSL_SHA2_C
5733  case SIG_RSA_SHA224:
5734  sha2( message_str, msg_len, hash_result, 1 );
5735  break;
5736  case SIG_RSA_SHA256:
5737  sha2( message_str, msg_len, hash_result, 0 );
5738  break;
5739  #endif
5740  #ifdef POLARSSL_SHA4_C
5741  case SIG_RSA_SHA384:
5742  sha4( message_str, msg_len, hash_result, 1 );
5743  break;
5744  case SIG_RSA_SHA512:
5745  sha4( message_str, msg_len, hash_result, 0 );
5746  break;
5747  #endif
5748  }
5749 
5750  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
5751  }
5752  FCT_TEST_END();
5753 
5754 
5755  FCT_TEST_BGN(rsassa_pss_signature_example_1_2)
5756  {
5757  unsigned char message_str[1000];
5758  unsigned char hash_result[1000];
5759  unsigned char output[1000];
5760  unsigned char output_str[1000];
5761  unsigned char rnd_buf[1000];
5762  rsa_context ctx;
5763  mpi P1, Q1, H, G;
5764  size_t msg_len;
5765  rnd_buf_info info;
5766 
5767  info.length = unhexify( rnd_buf, "ef2869fa40c346cb183dab3d7bffc98fd56df42d" );
5768  info.buf = rnd_buf;
5769 
5770  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5772 
5773  memset( message_str, 0x00, 1000 );
5774  memset( hash_result, 0x00, 1000 );
5775  memset( output, 0x00, 1000 );
5776  memset( output_str, 0x00, 1000 );
5777 
5778  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5779  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
5780  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
5781  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5782  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5783 
5784  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5785  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5786  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5787  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5788  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5789  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5790  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5791  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5792 
5793  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5794 
5795  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
5796 
5797  switch( SIG_RSA_SHA1 )
5798  {
5799  #ifdef POLARSSL_MD2_C
5800  case SIG_RSA_MD2:
5801  md2( message_str, msg_len, hash_result );
5802  break;
5803  #endif
5804  #ifdef POLARSSL_MD4_C
5805  case SIG_RSA_MD4:
5806  md4( message_str, msg_len, hash_result );
5807  break;
5808  #endif
5809  #ifdef POLARSSL_MD5_C
5810  case SIG_RSA_MD5:
5811  md5( message_str, msg_len, hash_result );
5812  break;
5813  #endif
5814  #ifdef POLARSSL_SHA1_C
5815  case SIG_RSA_SHA1:
5816  sha1( message_str, msg_len, hash_result );
5817  break;
5818  #endif
5819  #ifdef POLARSSL_SHA2_C
5820  case SIG_RSA_SHA224:
5821  sha2( message_str, msg_len, hash_result, 1 );
5822  break;
5823  case SIG_RSA_SHA256:
5824  sha2( message_str, msg_len, hash_result, 0 );
5825  break;
5826  #endif
5827  #ifdef POLARSSL_SHA4_C
5828  case SIG_RSA_SHA384:
5829  sha4( message_str, msg_len, hash_result, 1 );
5830  break;
5831  case SIG_RSA_SHA512:
5832  sha4( message_str, msg_len, hash_result, 0 );
5833  break;
5834  #endif
5835  }
5836 
5837  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
5838  if( 0 == 0 )
5839  {
5840  hexify( output_str, output, ctx.len);
5841 
5842  fct_chk( strcasecmp( (char *) output_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" ) == 0 );
5843  }
5844 
5845  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
5846  }
5847  FCT_TEST_END();
5848 
5849 
5850  FCT_TEST_BGN(rsassa_pss_signature_example_1_2_verify)
5851  {
5852  unsigned char message_str[1000];
5853  unsigned char hash_result[1000];
5854  unsigned char result_str[1000];
5855  rsa_context ctx;
5856  size_t msg_len;
5857 
5859  memset( message_str, 0x00, 1000 );
5860  memset( hash_result, 0x00, 1000 );
5861  memset( result_str, 0x00, 1000 );
5862 
5863  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5864  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5865  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5866 
5867  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
5868 
5869  msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
5870  unhexify( result_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" );
5871 
5872  switch( SIG_RSA_SHA1 )
5873  {
5874  #ifdef POLARSSL_MD2_C
5875  case SIG_RSA_MD2:
5876  md2( message_str, msg_len, hash_result );
5877  break;
5878  #endif
5879  #ifdef POLARSSL_MD4_C
5880  case SIG_RSA_MD4:
5881  md4( message_str, msg_len, hash_result );
5882  break;
5883  #endif
5884  #ifdef POLARSSL_MD5_C
5885  case SIG_RSA_MD5:
5886  md5( message_str, msg_len, hash_result );
5887  break;
5888  #endif
5889  #ifdef POLARSSL_SHA1_C
5890  case SIG_RSA_SHA1:
5891  sha1( message_str, msg_len, hash_result );
5892  break;
5893  #endif
5894  #ifdef POLARSSL_SHA2_C
5895  case SIG_RSA_SHA224:
5896  sha2( message_str, msg_len, hash_result, 1 );
5897  break;
5898  case SIG_RSA_SHA256:
5899  sha2( message_str, msg_len, hash_result, 0 );
5900  break;
5901  #endif
5902  #ifdef POLARSSL_SHA4_C
5903  case SIG_RSA_SHA384:
5904  sha4( message_str, msg_len, hash_result, 1 );
5905  break;
5906  case SIG_RSA_SHA512:
5907  sha4( message_str, msg_len, hash_result, 0 );
5908  break;
5909  #endif
5910  }
5911 
5912  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
5913  }
5914  FCT_TEST_END();
5915 
5916 
5917  FCT_TEST_BGN(rsassa_pss_signature_example_1_3)
5918  {
5919  unsigned char message_str[1000];
5920  unsigned char hash_result[1000];
5921  unsigned char output[1000];
5922  unsigned char output_str[1000];
5923  unsigned char rnd_buf[1000];
5924  rsa_context ctx;
5925  mpi P1, Q1, H, G;
5926  size_t msg_len;
5927  rnd_buf_info info;
5928 
5929  info.length = unhexify( rnd_buf, "710b9c4747d800d4de87f12afdce6df18107cc77" );
5930  info.buf = rnd_buf;
5931 
5932  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
5934 
5935  memset( message_str, 0x00, 1000 );
5936  memset( hash_result, 0x00, 1000 );
5937  memset( output, 0x00, 1000 );
5938  memset( output_str, 0x00, 1000 );
5939 
5940  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
5941  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
5942  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
5943  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
5944  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
5945 
5946  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
5947  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
5948  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
5949  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
5950  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
5951  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
5952  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
5953  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
5954 
5955  fct_chk( rsa_check_privkey( &ctx ) == 0 );
5956 
5957  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
5958 
5959  switch( SIG_RSA_SHA1 )
5960  {
5961  #ifdef POLARSSL_MD2_C
5962  case SIG_RSA_MD2:
5963  md2( message_str, msg_len, hash_result );
5964  break;
5965  #endif
5966  #ifdef POLARSSL_MD4_C
5967  case SIG_RSA_MD4:
5968  md4( message_str, msg_len, hash_result );
5969  break;
5970  #endif
5971  #ifdef POLARSSL_MD5_C
5972  case SIG_RSA_MD5:
5973  md5( message_str, msg_len, hash_result );
5974  break;
5975  #endif
5976  #ifdef POLARSSL_SHA1_C
5977  case SIG_RSA_SHA1:
5978  sha1( message_str, msg_len, hash_result );
5979  break;
5980  #endif
5981  #ifdef POLARSSL_SHA2_C
5982  case SIG_RSA_SHA224:
5983  sha2( message_str, msg_len, hash_result, 1 );
5984  break;
5985  case SIG_RSA_SHA256:
5986  sha2( message_str, msg_len, hash_result, 0 );
5987  break;
5988  #endif
5989  #ifdef POLARSSL_SHA4_C
5990  case SIG_RSA_SHA384:
5991  sha4( message_str, msg_len, hash_result, 1 );
5992  break;
5993  case SIG_RSA_SHA512:
5994  sha4( message_str, msg_len, hash_result, 0 );
5995  break;
5996  #endif
5997  }
5998 
5999  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6000  if( 0 == 0 )
6001  {
6002  hexify( output_str, output, ctx.len);
6003 
6004  fct_chk( strcasecmp( (char *) output_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" ) == 0 );
6005  }
6006 
6007  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6008  }
6009  FCT_TEST_END();
6010 
6011 
6012  FCT_TEST_BGN(rsassa_pss_signature_example_1_3_verify)
6013  {
6014  unsigned char message_str[1000];
6015  unsigned char hash_result[1000];
6016  unsigned char result_str[1000];
6017  rsa_context ctx;
6018  size_t msg_len;
6019 
6021  memset( message_str, 0x00, 1000 );
6022  memset( hash_result, 0x00, 1000 );
6023  memset( result_str, 0x00, 1000 );
6024 
6025  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6026  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6027  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6028 
6029  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6030 
6031  msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
6032  unhexify( result_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" );
6033 
6034  switch( SIG_RSA_SHA1 )
6035  {
6036  #ifdef POLARSSL_MD2_C
6037  case SIG_RSA_MD2:
6038  md2( message_str, msg_len, hash_result );
6039  break;
6040  #endif
6041  #ifdef POLARSSL_MD4_C
6042  case SIG_RSA_MD4:
6043  md4( message_str, msg_len, hash_result );
6044  break;
6045  #endif
6046  #ifdef POLARSSL_MD5_C
6047  case SIG_RSA_MD5:
6048  md5( message_str, msg_len, hash_result );
6049  break;
6050  #endif
6051  #ifdef POLARSSL_SHA1_C
6052  case SIG_RSA_SHA1:
6053  sha1( message_str, msg_len, hash_result );
6054  break;
6055  #endif
6056  #ifdef POLARSSL_SHA2_C
6057  case SIG_RSA_SHA224:
6058  sha2( message_str, msg_len, hash_result, 1 );
6059  break;
6060  case SIG_RSA_SHA256:
6061  sha2( message_str, msg_len, hash_result, 0 );
6062  break;
6063  #endif
6064  #ifdef POLARSSL_SHA4_C
6065  case SIG_RSA_SHA384:
6066  sha4( message_str, msg_len, hash_result, 1 );
6067  break;
6068  case SIG_RSA_SHA512:
6069  sha4( message_str, msg_len, hash_result, 0 );
6070  break;
6071  #endif
6072  }
6073 
6074  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6075  }
6076  FCT_TEST_END();
6077 
6078 
6079  FCT_TEST_BGN(rsassa_pss_signature_example_1_4)
6080  {
6081  unsigned char message_str[1000];
6082  unsigned char hash_result[1000];
6083  unsigned char output[1000];
6084  unsigned char output_str[1000];
6085  unsigned char rnd_buf[1000];
6086  rsa_context ctx;
6087  mpi P1, Q1, H, G;
6088  size_t msg_len;
6089  rnd_buf_info info;
6090 
6091  info.length = unhexify( rnd_buf, "056f00985de14d8ef5cea9e82f8c27bef720335e" );
6092  info.buf = rnd_buf;
6093 
6094  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6096 
6097  memset( message_str, 0x00, 1000 );
6098  memset( hash_result, 0x00, 1000 );
6099  memset( output, 0x00, 1000 );
6100  memset( output_str, 0x00, 1000 );
6101 
6102  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6103  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6104  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6105  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6106  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6107 
6108  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6109  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6110  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6111  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6112  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6113  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6114  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6115  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6116 
6117  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6118 
6119  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6120 
6121  switch( SIG_RSA_SHA1 )
6122  {
6123  #ifdef POLARSSL_MD2_C
6124  case SIG_RSA_MD2:
6125  md2( message_str, msg_len, hash_result );
6126  break;
6127  #endif
6128  #ifdef POLARSSL_MD4_C
6129  case SIG_RSA_MD4:
6130  md4( message_str, msg_len, hash_result );
6131  break;
6132  #endif
6133  #ifdef POLARSSL_MD5_C
6134  case SIG_RSA_MD5:
6135  md5( message_str, msg_len, hash_result );
6136  break;
6137  #endif
6138  #ifdef POLARSSL_SHA1_C
6139  case SIG_RSA_SHA1:
6140  sha1( message_str, msg_len, hash_result );
6141  break;
6142  #endif
6143  #ifdef POLARSSL_SHA2_C
6144  case SIG_RSA_SHA224:
6145  sha2( message_str, msg_len, hash_result, 1 );
6146  break;
6147  case SIG_RSA_SHA256:
6148  sha2( message_str, msg_len, hash_result, 0 );
6149  break;
6150  #endif
6151  #ifdef POLARSSL_SHA4_C
6152  case SIG_RSA_SHA384:
6153  sha4( message_str, msg_len, hash_result, 1 );
6154  break;
6155  case SIG_RSA_SHA512:
6156  sha4( message_str, msg_len, hash_result, 0 );
6157  break;
6158  #endif
6159  }
6160 
6161  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6162  if( 0 == 0 )
6163  {
6164  hexify( output_str, output, ctx.len);
6165 
6166  fct_chk( strcasecmp( (char *) output_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" ) == 0 );
6167  }
6168 
6169  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6170  }
6171  FCT_TEST_END();
6172 
6173 
6174  FCT_TEST_BGN(rsassa_pss_signature_example_1_4_verify)
6175  {
6176  unsigned char message_str[1000];
6177  unsigned char hash_result[1000];
6178  unsigned char result_str[1000];
6179  rsa_context ctx;
6180  size_t msg_len;
6181 
6183  memset( message_str, 0x00, 1000 );
6184  memset( hash_result, 0x00, 1000 );
6185  memset( result_str, 0x00, 1000 );
6186 
6187  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6188  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6189  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6190 
6191  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6192 
6193  msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
6194  unhexify( result_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" );
6195 
6196  switch( SIG_RSA_SHA1 )
6197  {
6198  #ifdef POLARSSL_MD2_C
6199  case SIG_RSA_MD2:
6200  md2( message_str, msg_len, hash_result );
6201  break;
6202  #endif
6203  #ifdef POLARSSL_MD4_C
6204  case SIG_RSA_MD4:
6205  md4( message_str, msg_len, hash_result );
6206  break;
6207  #endif
6208  #ifdef POLARSSL_MD5_C
6209  case SIG_RSA_MD5:
6210  md5( message_str, msg_len, hash_result );
6211  break;
6212  #endif
6213  #ifdef POLARSSL_SHA1_C
6214  case SIG_RSA_SHA1:
6215  sha1( message_str, msg_len, hash_result );
6216  break;
6217  #endif
6218  #ifdef POLARSSL_SHA2_C
6219  case SIG_RSA_SHA224:
6220  sha2( message_str, msg_len, hash_result, 1 );
6221  break;
6222  case SIG_RSA_SHA256:
6223  sha2( message_str, msg_len, hash_result, 0 );
6224  break;
6225  #endif
6226  #ifdef POLARSSL_SHA4_C
6227  case SIG_RSA_SHA384:
6228  sha4( message_str, msg_len, hash_result, 1 );
6229  break;
6230  case SIG_RSA_SHA512:
6231  sha4( message_str, msg_len, hash_result, 0 );
6232  break;
6233  #endif
6234  }
6235 
6236  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6237  }
6238  FCT_TEST_END();
6239 
6240 
6241  FCT_TEST_BGN(rsassa_pss_signature_example_1_5)
6242  {
6243  unsigned char message_str[1000];
6244  unsigned char hash_result[1000];
6245  unsigned char output[1000];
6246  unsigned char output_str[1000];
6247  unsigned char rnd_buf[1000];
6248  rsa_context ctx;
6249  mpi P1, Q1, H, G;
6250  size_t msg_len;
6251  rnd_buf_info info;
6252 
6253  info.length = unhexify( rnd_buf, "80e70ff86a08de3ec60972b39b4fbfdcea67ae8e" );
6254  info.buf = rnd_buf;
6255 
6256  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6258 
6259  memset( message_str, 0x00, 1000 );
6260  memset( hash_result, 0x00, 1000 );
6261  memset( output, 0x00, 1000 );
6262  memset( output_str, 0x00, 1000 );
6263 
6264  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6265  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6266  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6267  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6268  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6269 
6270  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6271  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6272  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6273  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6274  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6275  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6276  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6277  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6278 
6279  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6280 
6281  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6282 
6283  switch( SIG_RSA_SHA1 )
6284  {
6285  #ifdef POLARSSL_MD2_C
6286  case SIG_RSA_MD2:
6287  md2( message_str, msg_len, hash_result );
6288  break;
6289  #endif
6290  #ifdef POLARSSL_MD4_C
6291  case SIG_RSA_MD4:
6292  md4( message_str, msg_len, hash_result );
6293  break;
6294  #endif
6295  #ifdef POLARSSL_MD5_C
6296  case SIG_RSA_MD5:
6297  md5( message_str, msg_len, hash_result );
6298  break;
6299  #endif
6300  #ifdef POLARSSL_SHA1_C
6301  case SIG_RSA_SHA1:
6302  sha1( message_str, msg_len, hash_result );
6303  break;
6304  #endif
6305  #ifdef POLARSSL_SHA2_C
6306  case SIG_RSA_SHA224:
6307  sha2( message_str, msg_len, hash_result, 1 );
6308  break;
6309  case SIG_RSA_SHA256:
6310  sha2( message_str, msg_len, hash_result, 0 );
6311  break;
6312  #endif
6313  #ifdef POLARSSL_SHA4_C
6314  case SIG_RSA_SHA384:
6315  sha4( message_str, msg_len, hash_result, 1 );
6316  break;
6317  case SIG_RSA_SHA512:
6318  sha4( message_str, msg_len, hash_result, 0 );
6319  break;
6320  #endif
6321  }
6322 
6323  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6324  if( 0 == 0 )
6325  {
6326  hexify( output_str, output, ctx.len);
6327 
6328  fct_chk( strcasecmp( (char *) output_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" ) == 0 );
6329  }
6330 
6331  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6332  }
6333  FCT_TEST_END();
6334 
6335 
6336  FCT_TEST_BGN(rsassa_pss_signature_example_1_5_verify)
6337  {
6338  unsigned char message_str[1000];
6339  unsigned char hash_result[1000];
6340  unsigned char result_str[1000];
6341  rsa_context ctx;
6342  size_t msg_len;
6343 
6345  memset( message_str, 0x00, 1000 );
6346  memset( hash_result, 0x00, 1000 );
6347  memset( result_str, 0x00, 1000 );
6348 
6349  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6350  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6351  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6352 
6353  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6354 
6355  msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
6356  unhexify( result_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" );
6357 
6358  switch( SIG_RSA_SHA1 )
6359  {
6360  #ifdef POLARSSL_MD2_C
6361  case SIG_RSA_MD2:
6362  md2( message_str, msg_len, hash_result );
6363  break;
6364  #endif
6365  #ifdef POLARSSL_MD4_C
6366  case SIG_RSA_MD4:
6367  md4( message_str, msg_len, hash_result );
6368  break;
6369  #endif
6370  #ifdef POLARSSL_MD5_C
6371  case SIG_RSA_MD5:
6372  md5( message_str, msg_len, hash_result );
6373  break;
6374  #endif
6375  #ifdef POLARSSL_SHA1_C
6376  case SIG_RSA_SHA1:
6377  sha1( message_str, msg_len, hash_result );
6378  break;
6379  #endif
6380  #ifdef POLARSSL_SHA2_C
6381  case SIG_RSA_SHA224:
6382  sha2( message_str, msg_len, hash_result, 1 );
6383  break;
6384  case SIG_RSA_SHA256:
6385  sha2( message_str, msg_len, hash_result, 0 );
6386  break;
6387  #endif
6388  #ifdef POLARSSL_SHA4_C
6389  case SIG_RSA_SHA384:
6390  sha4( message_str, msg_len, hash_result, 1 );
6391  break;
6392  case SIG_RSA_SHA512:
6393  sha4( message_str, msg_len, hash_result, 0 );
6394  break;
6395  #endif
6396  }
6397 
6398  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6399  }
6400  FCT_TEST_END();
6401 
6402 
6403  FCT_TEST_BGN(rsassa_pss_signature_example_1_6)
6404  {
6405  unsigned char message_str[1000];
6406  unsigned char hash_result[1000];
6407  unsigned char output[1000];
6408  unsigned char output_str[1000];
6409  unsigned char rnd_buf[1000];
6410  rsa_context ctx;
6411  mpi P1, Q1, H, G;
6412  size_t msg_len;
6413  rnd_buf_info info;
6414 
6415  info.length = unhexify( rnd_buf, "a8ab69dd801f0074c2a1fc60649836c616d99681" );
6416  info.buf = rnd_buf;
6417 
6418  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6420 
6421  memset( message_str, 0x00, 1000 );
6422  memset( hash_result, 0x00, 1000 );
6423  memset( output, 0x00, 1000 );
6424  memset( output_str, 0x00, 1000 );
6425 
6426  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6427  fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
6428  fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
6429  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6430  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6431 
6432  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6433  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6434  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6435  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6436  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6437  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6438  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6439  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6440 
6441  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6442 
6443  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6444 
6445  switch( SIG_RSA_SHA1 )
6446  {
6447  #ifdef POLARSSL_MD2_C
6448  case SIG_RSA_MD2:
6449  md2( message_str, msg_len, hash_result );
6450  break;
6451  #endif
6452  #ifdef POLARSSL_MD4_C
6453  case SIG_RSA_MD4:
6454  md4( message_str, msg_len, hash_result );
6455  break;
6456  #endif
6457  #ifdef POLARSSL_MD5_C
6458  case SIG_RSA_MD5:
6459  md5( message_str, msg_len, hash_result );
6460  break;
6461  #endif
6462  #ifdef POLARSSL_SHA1_C
6463  case SIG_RSA_SHA1:
6464  sha1( message_str, msg_len, hash_result );
6465  break;
6466  #endif
6467  #ifdef POLARSSL_SHA2_C
6468  case SIG_RSA_SHA224:
6469  sha2( message_str, msg_len, hash_result, 1 );
6470  break;
6471  case SIG_RSA_SHA256:
6472  sha2( message_str, msg_len, hash_result, 0 );
6473  break;
6474  #endif
6475  #ifdef POLARSSL_SHA4_C
6476  case SIG_RSA_SHA384:
6477  sha4( message_str, msg_len, hash_result, 1 );
6478  break;
6479  case SIG_RSA_SHA512:
6480  sha4( message_str, msg_len, hash_result, 0 );
6481  break;
6482  #endif
6483  }
6484 
6485  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6486  if( 0 == 0 )
6487  {
6488  hexify( output_str, output, ctx.len);
6489 
6490  fct_chk( strcasecmp( (char *) output_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" ) == 0 );
6491  }
6492 
6493  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6494  }
6495  FCT_TEST_END();
6496 
6497 
6498  FCT_TEST_BGN(rsassa_pss_signature_example_1_6_verify)
6499  {
6500  unsigned char message_str[1000];
6501  unsigned char hash_result[1000];
6502  unsigned char result_str[1000];
6503  rsa_context ctx;
6504  size_t msg_len;
6505 
6507  memset( message_str, 0x00, 1000 );
6508  memset( hash_result, 0x00, 1000 );
6509  memset( result_str, 0x00, 1000 );
6510 
6511  ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
6512  fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
6513  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6514 
6515  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6516 
6517  msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
6518  unhexify( result_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" );
6519 
6520  switch( SIG_RSA_SHA1 )
6521  {
6522  #ifdef POLARSSL_MD2_C
6523  case SIG_RSA_MD2:
6524  md2( message_str, msg_len, hash_result );
6525  break;
6526  #endif
6527  #ifdef POLARSSL_MD4_C
6528  case SIG_RSA_MD4:
6529  md4( message_str, msg_len, hash_result );
6530  break;
6531  #endif
6532  #ifdef POLARSSL_MD5_C
6533  case SIG_RSA_MD5:
6534  md5( message_str, msg_len, hash_result );
6535  break;
6536  #endif
6537  #ifdef POLARSSL_SHA1_C
6538  case SIG_RSA_SHA1:
6539  sha1( message_str, msg_len, hash_result );
6540  break;
6541  #endif
6542  #ifdef POLARSSL_SHA2_C
6543  case SIG_RSA_SHA224:
6544  sha2( message_str, msg_len, hash_result, 1 );
6545  break;
6546  case SIG_RSA_SHA256:
6547  sha2( message_str, msg_len, hash_result, 0 );
6548  break;
6549  #endif
6550  #ifdef POLARSSL_SHA4_C
6551  case SIG_RSA_SHA384:
6552  sha4( message_str, msg_len, hash_result, 1 );
6553  break;
6554  case SIG_RSA_SHA512:
6555  sha4( message_str, msg_len, hash_result, 0 );
6556  break;
6557  #endif
6558  }
6559 
6560  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6561  }
6562  FCT_TEST_END();
6563 
6564 
6565  FCT_TEST_BGN(rsassa_pss_signature_example_2_1)
6566  {
6567  unsigned char message_str[1000];
6568  unsigned char hash_result[1000];
6569  unsigned char output[1000];
6570  unsigned char output_str[1000];
6571  unsigned char rnd_buf[1000];
6572  rsa_context ctx;
6573  mpi P1, Q1, H, G;
6574  size_t msg_len;
6575  rnd_buf_info info;
6576 
6577  info.length = unhexify( rnd_buf, "57bf160bcb02bb1dc7280cf0458530b7d2832ff7" );
6578  info.buf = rnd_buf;
6579 
6580  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6582 
6583  memset( message_str, 0x00, 1000 );
6584  memset( hash_result, 0x00, 1000 );
6585  memset( output, 0x00, 1000 );
6586  memset( output_str, 0x00, 1000 );
6587 
6588  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6589  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
6590  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
6591  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6592  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6593 
6594  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6595  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6596  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6597  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6598  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6599  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6600  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6601  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6602 
6603  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6604 
6605  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
6606 
6607  switch( SIG_RSA_SHA1 )
6608  {
6609  #ifdef POLARSSL_MD2_C
6610  case SIG_RSA_MD2:
6611  md2( message_str, msg_len, hash_result );
6612  break;
6613  #endif
6614  #ifdef POLARSSL_MD4_C
6615  case SIG_RSA_MD4:
6616  md4( message_str, msg_len, hash_result );
6617  break;
6618  #endif
6619  #ifdef POLARSSL_MD5_C
6620  case SIG_RSA_MD5:
6621  md5( message_str, msg_len, hash_result );
6622  break;
6623  #endif
6624  #ifdef POLARSSL_SHA1_C
6625  case SIG_RSA_SHA1:
6626  sha1( message_str, msg_len, hash_result );
6627  break;
6628  #endif
6629  #ifdef POLARSSL_SHA2_C
6630  case SIG_RSA_SHA224:
6631  sha2( message_str, msg_len, hash_result, 1 );
6632  break;
6633  case SIG_RSA_SHA256:
6634  sha2( message_str, msg_len, hash_result, 0 );
6635  break;
6636  #endif
6637  #ifdef POLARSSL_SHA4_C
6638  case SIG_RSA_SHA384:
6639  sha4( message_str, msg_len, hash_result, 1 );
6640  break;
6641  case SIG_RSA_SHA512:
6642  sha4( message_str, msg_len, hash_result, 0 );
6643  break;
6644  #endif
6645  }
6646 
6647  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6648  if( 0 == 0 )
6649  {
6650  hexify( output_str, output, ctx.len);
6651 
6652  fct_chk( strcasecmp( (char *) output_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" ) == 0 );
6653  }
6654 
6655  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6656  }
6657  FCT_TEST_END();
6658 
6659 
6660  FCT_TEST_BGN(rsassa_pss_signature_example_2_1_verify)
6661  {
6662  unsigned char message_str[1000];
6663  unsigned char hash_result[1000];
6664  unsigned char result_str[1000];
6665  rsa_context ctx;
6666  size_t msg_len;
6667 
6669  memset( message_str, 0x00, 1000 );
6670  memset( hash_result, 0x00, 1000 );
6671  memset( result_str, 0x00, 1000 );
6672 
6673  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6674  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6675  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6676 
6677  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6678 
6679  msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
6680  unhexify( result_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" );
6681 
6682  switch( SIG_RSA_SHA1 )
6683  {
6684  #ifdef POLARSSL_MD2_C
6685  case SIG_RSA_MD2:
6686  md2( message_str, msg_len, hash_result );
6687  break;
6688  #endif
6689  #ifdef POLARSSL_MD4_C
6690  case SIG_RSA_MD4:
6691  md4( message_str, msg_len, hash_result );
6692  break;
6693  #endif
6694  #ifdef POLARSSL_MD5_C
6695  case SIG_RSA_MD5:
6696  md5( message_str, msg_len, hash_result );
6697  break;
6698  #endif
6699  #ifdef POLARSSL_SHA1_C
6700  case SIG_RSA_SHA1:
6701  sha1( message_str, msg_len, hash_result );
6702  break;
6703  #endif
6704  #ifdef POLARSSL_SHA2_C
6705  case SIG_RSA_SHA224:
6706  sha2( message_str, msg_len, hash_result, 1 );
6707  break;
6708  case SIG_RSA_SHA256:
6709  sha2( message_str, msg_len, hash_result, 0 );
6710  break;
6711  #endif
6712  #ifdef POLARSSL_SHA4_C
6713  case SIG_RSA_SHA384:
6714  sha4( message_str, msg_len, hash_result, 1 );
6715  break;
6716  case SIG_RSA_SHA512:
6717  sha4( message_str, msg_len, hash_result, 0 );
6718  break;
6719  #endif
6720  }
6721 
6722  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6723  }
6724  FCT_TEST_END();
6725 
6726 
6727  FCT_TEST_BGN(rsassa_pss_signature_example_2_2)
6728  {
6729  unsigned char message_str[1000];
6730  unsigned char hash_result[1000];
6731  unsigned char output[1000];
6732  unsigned char output_str[1000];
6733  unsigned char rnd_buf[1000];
6734  rsa_context ctx;
6735  mpi P1, Q1, H, G;
6736  size_t msg_len;
6737  rnd_buf_info info;
6738 
6739  info.length = unhexify( rnd_buf, "7f6dd359e604e60870e898e47b19bf2e5a7b2a90" );
6740  info.buf = rnd_buf;
6741 
6742  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6744 
6745  memset( message_str, 0x00, 1000 );
6746  memset( hash_result, 0x00, 1000 );
6747  memset( output, 0x00, 1000 );
6748  memset( output_str, 0x00, 1000 );
6749 
6750  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6751  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
6752  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
6753  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6754  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6755 
6756  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6757  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6758  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6759  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6760  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6761  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6762  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6763  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6764 
6765  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6766 
6767  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
6768 
6769  switch( SIG_RSA_SHA1 )
6770  {
6771  #ifdef POLARSSL_MD2_C
6772  case SIG_RSA_MD2:
6773  md2( message_str, msg_len, hash_result );
6774  break;
6775  #endif
6776  #ifdef POLARSSL_MD4_C
6777  case SIG_RSA_MD4:
6778  md4( message_str, msg_len, hash_result );
6779  break;
6780  #endif
6781  #ifdef POLARSSL_MD5_C
6782  case SIG_RSA_MD5:
6783  md5( message_str, msg_len, hash_result );
6784  break;
6785  #endif
6786  #ifdef POLARSSL_SHA1_C
6787  case SIG_RSA_SHA1:
6788  sha1( message_str, msg_len, hash_result );
6789  break;
6790  #endif
6791  #ifdef POLARSSL_SHA2_C
6792  case SIG_RSA_SHA224:
6793  sha2( message_str, msg_len, hash_result, 1 );
6794  break;
6795  case SIG_RSA_SHA256:
6796  sha2( message_str, msg_len, hash_result, 0 );
6797  break;
6798  #endif
6799  #ifdef POLARSSL_SHA4_C
6800  case SIG_RSA_SHA384:
6801  sha4( message_str, msg_len, hash_result, 1 );
6802  break;
6803  case SIG_RSA_SHA512:
6804  sha4( message_str, msg_len, hash_result, 0 );
6805  break;
6806  #endif
6807  }
6808 
6809  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6810  if( 0 == 0 )
6811  {
6812  hexify( output_str, output, ctx.len);
6813 
6814  fct_chk( strcasecmp( (char *) output_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" ) == 0 );
6815  }
6816 
6817  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6818  }
6819  FCT_TEST_END();
6820 
6821 
6822  FCT_TEST_BGN(rsassa_pss_signature_example_2_2_verify)
6823  {
6824  unsigned char message_str[1000];
6825  unsigned char hash_result[1000];
6826  unsigned char result_str[1000];
6827  rsa_context ctx;
6828  size_t msg_len;
6829 
6831  memset( message_str, 0x00, 1000 );
6832  memset( hash_result, 0x00, 1000 );
6833  memset( result_str, 0x00, 1000 );
6834 
6835  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6836  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6837  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6838 
6839  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
6840 
6841  msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
6842  unhexify( result_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" );
6843 
6844  switch( SIG_RSA_SHA1 )
6845  {
6846  #ifdef POLARSSL_MD2_C
6847  case SIG_RSA_MD2:
6848  md2( message_str, msg_len, hash_result );
6849  break;
6850  #endif
6851  #ifdef POLARSSL_MD4_C
6852  case SIG_RSA_MD4:
6853  md4( message_str, msg_len, hash_result );
6854  break;
6855  #endif
6856  #ifdef POLARSSL_MD5_C
6857  case SIG_RSA_MD5:
6858  md5( message_str, msg_len, hash_result );
6859  break;
6860  #endif
6861  #ifdef POLARSSL_SHA1_C
6862  case SIG_RSA_SHA1:
6863  sha1( message_str, msg_len, hash_result );
6864  break;
6865  #endif
6866  #ifdef POLARSSL_SHA2_C
6867  case SIG_RSA_SHA224:
6868  sha2( message_str, msg_len, hash_result, 1 );
6869  break;
6870  case SIG_RSA_SHA256:
6871  sha2( message_str, msg_len, hash_result, 0 );
6872  break;
6873  #endif
6874  #ifdef POLARSSL_SHA4_C
6875  case SIG_RSA_SHA384:
6876  sha4( message_str, msg_len, hash_result, 1 );
6877  break;
6878  case SIG_RSA_SHA512:
6879  sha4( message_str, msg_len, hash_result, 0 );
6880  break;
6881  #endif
6882  }
6883 
6884  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
6885  }
6886  FCT_TEST_END();
6887 
6888 
6889  FCT_TEST_BGN(rsassa_pss_signature_example_2_3)
6890  {
6891  unsigned char message_str[1000];
6892  unsigned char hash_result[1000];
6893  unsigned char output[1000];
6894  unsigned char output_str[1000];
6895  unsigned char rnd_buf[1000];
6896  rsa_context ctx;
6897  mpi P1, Q1, H, G;
6898  size_t msg_len;
6899  rnd_buf_info info;
6900 
6901  info.length = unhexify( rnd_buf, "fca862068bce2246724b708a0519da17e648688c" );
6902  info.buf = rnd_buf;
6903 
6904  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
6906 
6907  memset( message_str, 0x00, 1000 );
6908  memset( hash_result, 0x00, 1000 );
6909  memset( output, 0x00, 1000 );
6910  memset( output_str, 0x00, 1000 );
6911 
6912  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6913  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
6914  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
6915  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6916  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
6917 
6918  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
6919  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
6920  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
6921  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
6922  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
6923  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
6924  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
6925  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
6926 
6927  fct_chk( rsa_check_privkey( &ctx ) == 0 );
6928 
6929  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
6930 
6931  switch( SIG_RSA_SHA1 )
6932  {
6933  #ifdef POLARSSL_MD2_C
6934  case SIG_RSA_MD2:
6935  md2( message_str, msg_len, hash_result );
6936  break;
6937  #endif
6938  #ifdef POLARSSL_MD4_C
6939  case SIG_RSA_MD4:
6940  md4( message_str, msg_len, hash_result );
6941  break;
6942  #endif
6943  #ifdef POLARSSL_MD5_C
6944  case SIG_RSA_MD5:
6945  md5( message_str, msg_len, hash_result );
6946  break;
6947  #endif
6948  #ifdef POLARSSL_SHA1_C
6949  case SIG_RSA_SHA1:
6950  sha1( message_str, msg_len, hash_result );
6951  break;
6952  #endif
6953  #ifdef POLARSSL_SHA2_C
6954  case SIG_RSA_SHA224:
6955  sha2( message_str, msg_len, hash_result, 1 );
6956  break;
6957  case SIG_RSA_SHA256:
6958  sha2( message_str, msg_len, hash_result, 0 );
6959  break;
6960  #endif
6961  #ifdef POLARSSL_SHA4_C
6962  case SIG_RSA_SHA384:
6963  sha4( message_str, msg_len, hash_result, 1 );
6964  break;
6965  case SIG_RSA_SHA512:
6966  sha4( message_str, msg_len, hash_result, 0 );
6967  break;
6968  #endif
6969  }
6970 
6971  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
6972  if( 0 == 0 )
6973  {
6974  hexify( output_str, output, ctx.len);
6975 
6976  fct_chk( strcasecmp( (char *) output_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" ) == 0 );
6977  }
6978 
6979  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
6980  }
6981  FCT_TEST_END();
6982 
6983 
6984  FCT_TEST_BGN(rsassa_pss_signature_example_2_3_verify)
6985  {
6986  unsigned char message_str[1000];
6987  unsigned char hash_result[1000];
6988  unsigned char result_str[1000];
6989  rsa_context ctx;
6990  size_t msg_len;
6991 
6993  memset( message_str, 0x00, 1000 );
6994  memset( hash_result, 0x00, 1000 );
6995  memset( result_str, 0x00, 1000 );
6996 
6997  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
6998  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
6999  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7000 
7001  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7002 
7003  msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
7004  unhexify( result_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" );
7005 
7006  switch( SIG_RSA_SHA1 )
7007  {
7008  #ifdef POLARSSL_MD2_C
7009  case SIG_RSA_MD2:
7010  md2( message_str, msg_len, hash_result );
7011  break;
7012  #endif
7013  #ifdef POLARSSL_MD4_C
7014  case SIG_RSA_MD4:
7015  md4( message_str, msg_len, hash_result );
7016  break;
7017  #endif
7018  #ifdef POLARSSL_MD5_C
7019  case SIG_RSA_MD5:
7020  md5( message_str, msg_len, hash_result );
7021  break;
7022  #endif
7023  #ifdef POLARSSL_SHA1_C
7024  case SIG_RSA_SHA1:
7025  sha1( message_str, msg_len, hash_result );
7026  break;
7027  #endif
7028  #ifdef POLARSSL_SHA2_C
7029  case SIG_RSA_SHA224:
7030  sha2( message_str, msg_len, hash_result, 1 );
7031  break;
7032  case SIG_RSA_SHA256:
7033  sha2( message_str, msg_len, hash_result, 0 );
7034  break;
7035  #endif
7036  #ifdef POLARSSL_SHA4_C
7037  case SIG_RSA_SHA384:
7038  sha4( message_str, msg_len, hash_result, 1 );
7039  break;
7040  case SIG_RSA_SHA512:
7041  sha4( message_str, msg_len, hash_result, 0 );
7042  break;
7043  #endif
7044  }
7045 
7046  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7047  }
7048  FCT_TEST_END();
7049 
7050 
7051  FCT_TEST_BGN(rsassa_pss_signature_example_2_4)
7052  {
7053  unsigned char message_str[1000];
7054  unsigned char hash_result[1000];
7055  unsigned char output[1000];
7056  unsigned char output_str[1000];
7057  unsigned char rnd_buf[1000];
7058  rsa_context ctx;
7059  mpi P1, Q1, H, G;
7060  size_t msg_len;
7061  rnd_buf_info info;
7062 
7063  info.length = unhexify( rnd_buf, "8070ef2de945c02387684ba0d33096732235d440" );
7064  info.buf = rnd_buf;
7065 
7066  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7068 
7069  memset( message_str, 0x00, 1000 );
7070  memset( hash_result, 0x00, 1000 );
7071  memset( output, 0x00, 1000 );
7072  memset( output_str, 0x00, 1000 );
7073 
7074  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7075  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7076  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7077  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7078  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7079 
7080  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7081  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7082  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7083  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7084  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7085  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7086  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7087  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7088 
7089  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7090 
7091  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7092 
7093  switch( SIG_RSA_SHA1 )
7094  {
7095  #ifdef POLARSSL_MD2_C
7096  case SIG_RSA_MD2:
7097  md2( message_str, msg_len, hash_result );
7098  break;
7099  #endif
7100  #ifdef POLARSSL_MD4_C
7101  case SIG_RSA_MD4:
7102  md4( message_str, msg_len, hash_result );
7103  break;
7104  #endif
7105  #ifdef POLARSSL_MD5_C
7106  case SIG_RSA_MD5:
7107  md5( message_str, msg_len, hash_result );
7108  break;
7109  #endif
7110  #ifdef POLARSSL_SHA1_C
7111  case SIG_RSA_SHA1:
7112  sha1( message_str, msg_len, hash_result );
7113  break;
7114  #endif
7115  #ifdef POLARSSL_SHA2_C
7116  case SIG_RSA_SHA224:
7117  sha2( message_str, msg_len, hash_result, 1 );
7118  break;
7119  case SIG_RSA_SHA256:
7120  sha2( message_str, msg_len, hash_result, 0 );
7121  break;
7122  #endif
7123  #ifdef POLARSSL_SHA4_C
7124  case SIG_RSA_SHA384:
7125  sha4( message_str, msg_len, hash_result, 1 );
7126  break;
7127  case SIG_RSA_SHA512:
7128  sha4( message_str, msg_len, hash_result, 0 );
7129  break;
7130  #endif
7131  }
7132 
7133  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7134  if( 0 == 0 )
7135  {
7136  hexify( output_str, output, ctx.len);
7137 
7138  fct_chk( strcasecmp( (char *) output_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" ) == 0 );
7139  }
7140 
7141  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7142  }
7143  FCT_TEST_END();
7144 
7145 
7146  FCT_TEST_BGN(rsassa_pss_signature_example_2_4_verify)
7147  {
7148  unsigned char message_str[1000];
7149  unsigned char hash_result[1000];
7150  unsigned char result_str[1000];
7151  rsa_context ctx;
7152  size_t msg_len;
7153 
7155  memset( message_str, 0x00, 1000 );
7156  memset( hash_result, 0x00, 1000 );
7157  memset( result_str, 0x00, 1000 );
7158 
7159  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7160  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7161  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7162 
7163  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7164 
7165  msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
7166  unhexify( result_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" );
7167 
7168  switch( SIG_RSA_SHA1 )
7169  {
7170  #ifdef POLARSSL_MD2_C
7171  case SIG_RSA_MD2:
7172  md2( message_str, msg_len, hash_result );
7173  break;
7174  #endif
7175  #ifdef POLARSSL_MD4_C
7176  case SIG_RSA_MD4:
7177  md4( message_str, msg_len, hash_result );
7178  break;
7179  #endif
7180  #ifdef POLARSSL_MD5_C
7181  case SIG_RSA_MD5:
7182  md5( message_str, msg_len, hash_result );
7183  break;
7184  #endif
7185  #ifdef POLARSSL_SHA1_C
7186  case SIG_RSA_SHA1:
7187  sha1( message_str, msg_len, hash_result );
7188  break;
7189  #endif
7190  #ifdef POLARSSL_SHA2_C
7191  case SIG_RSA_SHA224:
7192  sha2( message_str, msg_len, hash_result, 1 );
7193  break;
7194  case SIG_RSA_SHA256:
7195  sha2( message_str, msg_len, hash_result, 0 );
7196  break;
7197  #endif
7198  #ifdef POLARSSL_SHA4_C
7199  case SIG_RSA_SHA384:
7200  sha4( message_str, msg_len, hash_result, 1 );
7201  break;
7202  case SIG_RSA_SHA512:
7203  sha4( message_str, msg_len, hash_result, 0 );
7204  break;
7205  #endif
7206  }
7207 
7208  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7209  }
7210  FCT_TEST_END();
7211 
7212 
7213  FCT_TEST_BGN(rsassa_pss_signature_example_2_5)
7214  {
7215  unsigned char message_str[1000];
7216  unsigned char hash_result[1000];
7217  unsigned char output[1000];
7218  unsigned char output_str[1000];
7219  unsigned char rnd_buf[1000];
7220  rsa_context ctx;
7221  mpi P1, Q1, H, G;
7222  size_t msg_len;
7223  rnd_buf_info info;
7224 
7225  info.length = unhexify( rnd_buf, "17639a4e88d722c4fca24d079a8b29c32433b0c9" );
7226  info.buf = rnd_buf;
7227 
7228  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7230 
7231  memset( message_str, 0x00, 1000 );
7232  memset( hash_result, 0x00, 1000 );
7233  memset( output, 0x00, 1000 );
7234  memset( output_str, 0x00, 1000 );
7235 
7236  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7237  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7238  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7239  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7240  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7241 
7242  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7243  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7244  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7245  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7246  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7247  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7248  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7249  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7250 
7251  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7252 
7253  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7254 
7255  switch( SIG_RSA_SHA1 )
7256  {
7257  #ifdef POLARSSL_MD2_C
7258  case SIG_RSA_MD2:
7259  md2( message_str, msg_len, hash_result );
7260  break;
7261  #endif
7262  #ifdef POLARSSL_MD4_C
7263  case SIG_RSA_MD4:
7264  md4( message_str, msg_len, hash_result );
7265  break;
7266  #endif
7267  #ifdef POLARSSL_MD5_C
7268  case SIG_RSA_MD5:
7269  md5( message_str, msg_len, hash_result );
7270  break;
7271  #endif
7272  #ifdef POLARSSL_SHA1_C
7273  case SIG_RSA_SHA1:
7274  sha1( message_str, msg_len, hash_result );
7275  break;
7276  #endif
7277  #ifdef POLARSSL_SHA2_C
7278  case SIG_RSA_SHA224:
7279  sha2( message_str, msg_len, hash_result, 1 );
7280  break;
7281  case SIG_RSA_SHA256:
7282  sha2( message_str, msg_len, hash_result, 0 );
7283  break;
7284  #endif
7285  #ifdef POLARSSL_SHA4_C
7286  case SIG_RSA_SHA384:
7287  sha4( message_str, msg_len, hash_result, 1 );
7288  break;
7289  case SIG_RSA_SHA512:
7290  sha4( message_str, msg_len, hash_result, 0 );
7291  break;
7292  #endif
7293  }
7294 
7295  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7296  if( 0 == 0 )
7297  {
7298  hexify( output_str, output, ctx.len);
7299 
7300  fct_chk( strcasecmp( (char *) output_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" ) == 0 );
7301  }
7302 
7303  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7304  }
7305  FCT_TEST_END();
7306 
7307 
7308  FCT_TEST_BGN(rsassa_pss_signature_example_2_5_verify)
7309  {
7310  unsigned char message_str[1000];
7311  unsigned char hash_result[1000];
7312  unsigned char result_str[1000];
7313  rsa_context ctx;
7314  size_t msg_len;
7315 
7317  memset( message_str, 0x00, 1000 );
7318  memset( hash_result, 0x00, 1000 );
7319  memset( result_str, 0x00, 1000 );
7320 
7321  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7322  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7323  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7324 
7325  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7326 
7327  msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
7328  unhexify( result_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" );
7329 
7330  switch( SIG_RSA_SHA1 )
7331  {
7332  #ifdef POLARSSL_MD2_C
7333  case SIG_RSA_MD2:
7334  md2( message_str, msg_len, hash_result );
7335  break;
7336  #endif
7337  #ifdef POLARSSL_MD4_C
7338  case SIG_RSA_MD4:
7339  md4( message_str, msg_len, hash_result );
7340  break;
7341  #endif
7342  #ifdef POLARSSL_MD5_C
7343  case SIG_RSA_MD5:
7344  md5( message_str, msg_len, hash_result );
7345  break;
7346  #endif
7347  #ifdef POLARSSL_SHA1_C
7348  case SIG_RSA_SHA1:
7349  sha1( message_str, msg_len, hash_result );
7350  break;
7351  #endif
7352  #ifdef POLARSSL_SHA2_C
7353  case SIG_RSA_SHA224:
7354  sha2( message_str, msg_len, hash_result, 1 );
7355  break;
7356  case SIG_RSA_SHA256:
7357  sha2( message_str, msg_len, hash_result, 0 );
7358  break;
7359  #endif
7360  #ifdef POLARSSL_SHA4_C
7361  case SIG_RSA_SHA384:
7362  sha4( message_str, msg_len, hash_result, 1 );
7363  break;
7364  case SIG_RSA_SHA512:
7365  sha4( message_str, msg_len, hash_result, 0 );
7366  break;
7367  #endif
7368  }
7369 
7370  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7371  }
7372  FCT_TEST_END();
7373 
7374 
7375  FCT_TEST_BGN(rsassa_pss_signature_example_2_6)
7376  {
7377  unsigned char message_str[1000];
7378  unsigned char hash_result[1000];
7379  unsigned char output[1000];
7380  unsigned char output_str[1000];
7381  unsigned char rnd_buf[1000];
7382  rsa_context ctx;
7383  mpi P1, Q1, H, G;
7384  size_t msg_len;
7385  rnd_buf_info info;
7386 
7387  info.length = unhexify( rnd_buf, "37810def1055ed922b063df798de5d0aabf886ee" );
7388  info.buf = rnd_buf;
7389 
7390  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7392 
7393  memset( message_str, 0x00, 1000 );
7394  memset( hash_result, 0x00, 1000 );
7395  memset( output, 0x00, 1000 );
7396  memset( output_str, 0x00, 1000 );
7397 
7398  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7399  fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
7400  fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
7401  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7402  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7403 
7404  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7405  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7406  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7407  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7408  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7409  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7410  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7411  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7412 
7413  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7414 
7415  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7416 
7417  switch( SIG_RSA_SHA1 )
7418  {
7419  #ifdef POLARSSL_MD2_C
7420  case SIG_RSA_MD2:
7421  md2( message_str, msg_len, hash_result );
7422  break;
7423  #endif
7424  #ifdef POLARSSL_MD4_C
7425  case SIG_RSA_MD4:
7426  md4( message_str, msg_len, hash_result );
7427  break;
7428  #endif
7429  #ifdef POLARSSL_MD5_C
7430  case SIG_RSA_MD5:
7431  md5( message_str, msg_len, hash_result );
7432  break;
7433  #endif
7434  #ifdef POLARSSL_SHA1_C
7435  case SIG_RSA_SHA1:
7436  sha1( message_str, msg_len, hash_result );
7437  break;
7438  #endif
7439  #ifdef POLARSSL_SHA2_C
7440  case SIG_RSA_SHA224:
7441  sha2( message_str, msg_len, hash_result, 1 );
7442  break;
7443  case SIG_RSA_SHA256:
7444  sha2( message_str, msg_len, hash_result, 0 );
7445  break;
7446  #endif
7447  #ifdef POLARSSL_SHA4_C
7448  case SIG_RSA_SHA384:
7449  sha4( message_str, msg_len, hash_result, 1 );
7450  break;
7451  case SIG_RSA_SHA512:
7452  sha4( message_str, msg_len, hash_result, 0 );
7453  break;
7454  #endif
7455  }
7456 
7457  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7458  if( 0 == 0 )
7459  {
7460  hexify( output_str, output, ctx.len);
7461 
7462  fct_chk( strcasecmp( (char *) output_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" ) == 0 );
7463  }
7464 
7465  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7466  }
7467  FCT_TEST_END();
7468 
7469 
7470  FCT_TEST_BGN(rsassa_pss_signature_example_2_6_verify)
7471  {
7472  unsigned char message_str[1000];
7473  unsigned char hash_result[1000];
7474  unsigned char result_str[1000];
7475  rsa_context ctx;
7476  size_t msg_len;
7477 
7479  memset( message_str, 0x00, 1000 );
7480  memset( hash_result, 0x00, 1000 );
7481  memset( result_str, 0x00, 1000 );
7482 
7483  ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
7484  fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
7485  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7486 
7487  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7488 
7489  msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
7490  unhexify( result_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" );
7491 
7492  switch( SIG_RSA_SHA1 )
7493  {
7494  #ifdef POLARSSL_MD2_C
7495  case SIG_RSA_MD2:
7496  md2( message_str, msg_len, hash_result );
7497  break;
7498  #endif
7499  #ifdef POLARSSL_MD4_C
7500  case SIG_RSA_MD4:
7501  md4( message_str, msg_len, hash_result );
7502  break;
7503  #endif
7504  #ifdef POLARSSL_MD5_C
7505  case SIG_RSA_MD5:
7506  md5( message_str, msg_len, hash_result );
7507  break;
7508  #endif
7509  #ifdef POLARSSL_SHA1_C
7510  case SIG_RSA_SHA1:
7511  sha1( message_str, msg_len, hash_result );
7512  break;
7513  #endif
7514  #ifdef POLARSSL_SHA2_C
7515  case SIG_RSA_SHA224:
7516  sha2( message_str, msg_len, hash_result, 1 );
7517  break;
7518  case SIG_RSA_SHA256:
7519  sha2( message_str, msg_len, hash_result, 0 );
7520  break;
7521  #endif
7522  #ifdef POLARSSL_SHA4_C
7523  case SIG_RSA_SHA384:
7524  sha4( message_str, msg_len, hash_result, 1 );
7525  break;
7526  case SIG_RSA_SHA512:
7527  sha4( message_str, msg_len, hash_result, 0 );
7528  break;
7529  #endif
7530  }
7531 
7532  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7533  }
7534  FCT_TEST_END();
7535 
7536 
7537  FCT_TEST_BGN(rsassa_pss_signature_example_3_1)
7538  {
7539  unsigned char message_str[1000];
7540  unsigned char hash_result[1000];
7541  unsigned char output[1000];
7542  unsigned char output_str[1000];
7543  unsigned char rnd_buf[1000];
7544  rsa_context ctx;
7545  mpi P1, Q1, H, G;
7546  size_t msg_len;
7547  rnd_buf_info info;
7548 
7549  info.length = unhexify( rnd_buf, "f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa" );
7550  info.buf = rnd_buf;
7551 
7552  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7554 
7555  memset( message_str, 0x00, 1000 );
7556  memset( hash_result, 0x00, 1000 );
7557  memset( output, 0x00, 1000 );
7558  memset( output_str, 0x00, 1000 );
7559 
7560  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7561  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
7562  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
7563  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7564  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7565 
7566  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7567  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7568  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7569  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7570  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7571  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7572  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7573  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7574 
7575  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7576 
7577  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
7578 
7579  switch( SIG_RSA_SHA1 )
7580  {
7581  #ifdef POLARSSL_MD2_C
7582  case SIG_RSA_MD2:
7583  md2( message_str, msg_len, hash_result );
7584  break;
7585  #endif
7586  #ifdef POLARSSL_MD4_C
7587  case SIG_RSA_MD4:
7588  md4( message_str, msg_len, hash_result );
7589  break;
7590  #endif
7591  #ifdef POLARSSL_MD5_C
7592  case SIG_RSA_MD5:
7593  md5( message_str, msg_len, hash_result );
7594  break;
7595  #endif
7596  #ifdef POLARSSL_SHA1_C
7597  case SIG_RSA_SHA1:
7598  sha1( message_str, msg_len, hash_result );
7599  break;
7600  #endif
7601  #ifdef POLARSSL_SHA2_C
7602  case SIG_RSA_SHA224:
7603  sha2( message_str, msg_len, hash_result, 1 );
7604  break;
7605  case SIG_RSA_SHA256:
7606  sha2( message_str, msg_len, hash_result, 0 );
7607  break;
7608  #endif
7609  #ifdef POLARSSL_SHA4_C
7610  case SIG_RSA_SHA384:
7611  sha4( message_str, msg_len, hash_result, 1 );
7612  break;
7613  case SIG_RSA_SHA512:
7614  sha4( message_str, msg_len, hash_result, 0 );
7615  break;
7616  #endif
7617  }
7618 
7619  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7620  if( 0 == 0 )
7621  {
7622  hexify( output_str, output, ctx.len);
7623 
7624  fct_chk( strcasecmp( (char *) output_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" ) == 0 );
7625  }
7626 
7627  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7628  }
7629  FCT_TEST_END();
7630 
7631 
7632  FCT_TEST_BGN(rsassa_pss_signature_example_3_1_verify)
7633  {
7634  unsigned char message_str[1000];
7635  unsigned char hash_result[1000];
7636  unsigned char result_str[1000];
7637  rsa_context ctx;
7638  size_t msg_len;
7639 
7641  memset( message_str, 0x00, 1000 );
7642  memset( hash_result, 0x00, 1000 );
7643  memset( result_str, 0x00, 1000 );
7644 
7645  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7646  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7647  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7648 
7649  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7650 
7651  msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
7652  unhexify( result_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" );
7653 
7654  switch( SIG_RSA_SHA1 )
7655  {
7656  #ifdef POLARSSL_MD2_C
7657  case SIG_RSA_MD2:
7658  md2( message_str, msg_len, hash_result );
7659  break;
7660  #endif
7661  #ifdef POLARSSL_MD4_C
7662  case SIG_RSA_MD4:
7663  md4( message_str, msg_len, hash_result );
7664  break;
7665  #endif
7666  #ifdef POLARSSL_MD5_C
7667  case SIG_RSA_MD5:
7668  md5( message_str, msg_len, hash_result );
7669  break;
7670  #endif
7671  #ifdef POLARSSL_SHA1_C
7672  case SIG_RSA_SHA1:
7673  sha1( message_str, msg_len, hash_result );
7674  break;
7675  #endif
7676  #ifdef POLARSSL_SHA2_C
7677  case SIG_RSA_SHA224:
7678  sha2( message_str, msg_len, hash_result, 1 );
7679  break;
7680  case SIG_RSA_SHA256:
7681  sha2( message_str, msg_len, hash_result, 0 );
7682  break;
7683  #endif
7684  #ifdef POLARSSL_SHA4_C
7685  case SIG_RSA_SHA384:
7686  sha4( message_str, msg_len, hash_result, 1 );
7687  break;
7688  case SIG_RSA_SHA512:
7689  sha4( message_str, msg_len, hash_result, 0 );
7690  break;
7691  #endif
7692  }
7693 
7694  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7695  }
7696  FCT_TEST_END();
7697 
7698 
7699  FCT_TEST_BGN(rsassa_pss_signature_example_3_2)
7700  {
7701  unsigned char message_str[1000];
7702  unsigned char hash_result[1000];
7703  unsigned char output[1000];
7704  unsigned char output_str[1000];
7705  unsigned char rnd_buf[1000];
7706  rsa_context ctx;
7707  mpi P1, Q1, H, G;
7708  size_t msg_len;
7709  rnd_buf_info info;
7710 
7711  info.length = unhexify( rnd_buf, "fcf9f0e1f199a3d1d0da681c5b8606fc642939f7" );
7712  info.buf = rnd_buf;
7713 
7714  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7716 
7717  memset( message_str, 0x00, 1000 );
7718  memset( hash_result, 0x00, 1000 );
7719  memset( output, 0x00, 1000 );
7720  memset( output_str, 0x00, 1000 );
7721 
7722  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7723  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
7724  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
7725  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7726  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7727 
7728  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7729  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7730  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7731  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7732  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7733  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7734  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7735  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7736 
7737  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7738 
7739  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
7740 
7741  switch( SIG_RSA_SHA1 )
7742  {
7743  #ifdef POLARSSL_MD2_C
7744  case SIG_RSA_MD2:
7745  md2( message_str, msg_len, hash_result );
7746  break;
7747  #endif
7748  #ifdef POLARSSL_MD4_C
7749  case SIG_RSA_MD4:
7750  md4( message_str, msg_len, hash_result );
7751  break;
7752  #endif
7753  #ifdef POLARSSL_MD5_C
7754  case SIG_RSA_MD5:
7755  md5( message_str, msg_len, hash_result );
7756  break;
7757  #endif
7758  #ifdef POLARSSL_SHA1_C
7759  case SIG_RSA_SHA1:
7760  sha1( message_str, msg_len, hash_result );
7761  break;
7762  #endif
7763  #ifdef POLARSSL_SHA2_C
7764  case SIG_RSA_SHA224:
7765  sha2( message_str, msg_len, hash_result, 1 );
7766  break;
7767  case SIG_RSA_SHA256:
7768  sha2( message_str, msg_len, hash_result, 0 );
7769  break;
7770  #endif
7771  #ifdef POLARSSL_SHA4_C
7772  case SIG_RSA_SHA384:
7773  sha4( message_str, msg_len, hash_result, 1 );
7774  break;
7775  case SIG_RSA_SHA512:
7776  sha4( message_str, msg_len, hash_result, 0 );
7777  break;
7778  #endif
7779  }
7780 
7781  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7782  if( 0 == 0 )
7783  {
7784  hexify( output_str, output, ctx.len);
7785 
7786  fct_chk( strcasecmp( (char *) output_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" ) == 0 );
7787  }
7788 
7789  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7790  }
7791  FCT_TEST_END();
7792 
7793 
7794  FCT_TEST_BGN(rsassa_pss_signature_example_3_2_verify)
7795  {
7796  unsigned char message_str[1000];
7797  unsigned char hash_result[1000];
7798  unsigned char result_str[1000];
7799  rsa_context ctx;
7800  size_t msg_len;
7801 
7803  memset( message_str, 0x00, 1000 );
7804  memset( hash_result, 0x00, 1000 );
7805  memset( result_str, 0x00, 1000 );
7806 
7807  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7808  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7809  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7810 
7811  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7812 
7813  msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
7814  unhexify( result_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" );
7815 
7816  switch( SIG_RSA_SHA1 )
7817  {
7818  #ifdef POLARSSL_MD2_C
7819  case SIG_RSA_MD2:
7820  md2( message_str, msg_len, hash_result );
7821  break;
7822  #endif
7823  #ifdef POLARSSL_MD4_C
7824  case SIG_RSA_MD4:
7825  md4( message_str, msg_len, hash_result );
7826  break;
7827  #endif
7828  #ifdef POLARSSL_MD5_C
7829  case SIG_RSA_MD5:
7830  md5( message_str, msg_len, hash_result );
7831  break;
7832  #endif
7833  #ifdef POLARSSL_SHA1_C
7834  case SIG_RSA_SHA1:
7835  sha1( message_str, msg_len, hash_result );
7836  break;
7837  #endif
7838  #ifdef POLARSSL_SHA2_C
7839  case SIG_RSA_SHA224:
7840  sha2( message_str, msg_len, hash_result, 1 );
7841  break;
7842  case SIG_RSA_SHA256:
7843  sha2( message_str, msg_len, hash_result, 0 );
7844  break;
7845  #endif
7846  #ifdef POLARSSL_SHA4_C
7847  case SIG_RSA_SHA384:
7848  sha4( message_str, msg_len, hash_result, 1 );
7849  break;
7850  case SIG_RSA_SHA512:
7851  sha4( message_str, msg_len, hash_result, 0 );
7852  break;
7853  #endif
7854  }
7855 
7856  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
7857  }
7858  FCT_TEST_END();
7859 
7860 
7861  FCT_TEST_BGN(rsassa_pss_signature_example_3_3)
7862  {
7863  unsigned char message_str[1000];
7864  unsigned char hash_result[1000];
7865  unsigned char output[1000];
7866  unsigned char output_str[1000];
7867  unsigned char rnd_buf[1000];
7868  rsa_context ctx;
7869  mpi P1, Q1, H, G;
7870  size_t msg_len;
7871  rnd_buf_info info;
7872 
7873  info.length = unhexify( rnd_buf, "986e7c43dbb671bd41b9a7f4b6afc80e805f2423" );
7874  info.buf = rnd_buf;
7875 
7876  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
7878 
7879  memset( message_str, 0x00, 1000 );
7880  memset( hash_result, 0x00, 1000 );
7881  memset( output, 0x00, 1000 );
7882  memset( output_str, 0x00, 1000 );
7883 
7884  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7885  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
7886  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
7887  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7888  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7889 
7890  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
7891  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
7892  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
7893  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
7894  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
7895  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
7896  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
7897  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
7898 
7899  fct_chk( rsa_check_privkey( &ctx ) == 0 );
7900 
7901  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
7902 
7903  switch( SIG_RSA_SHA1 )
7904  {
7905  #ifdef POLARSSL_MD2_C
7906  case SIG_RSA_MD2:
7907  md2( message_str, msg_len, hash_result );
7908  break;
7909  #endif
7910  #ifdef POLARSSL_MD4_C
7911  case SIG_RSA_MD4:
7912  md4( message_str, msg_len, hash_result );
7913  break;
7914  #endif
7915  #ifdef POLARSSL_MD5_C
7916  case SIG_RSA_MD5:
7917  md5( message_str, msg_len, hash_result );
7918  break;
7919  #endif
7920  #ifdef POLARSSL_SHA1_C
7921  case SIG_RSA_SHA1:
7922  sha1( message_str, msg_len, hash_result );
7923  break;
7924  #endif
7925  #ifdef POLARSSL_SHA2_C
7926  case SIG_RSA_SHA224:
7927  sha2( message_str, msg_len, hash_result, 1 );
7928  break;
7929  case SIG_RSA_SHA256:
7930  sha2( message_str, msg_len, hash_result, 0 );
7931  break;
7932  #endif
7933  #ifdef POLARSSL_SHA4_C
7934  case SIG_RSA_SHA384:
7935  sha4( message_str, msg_len, hash_result, 1 );
7936  break;
7937  case SIG_RSA_SHA512:
7938  sha4( message_str, msg_len, hash_result, 0 );
7939  break;
7940  #endif
7941  }
7942 
7943  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
7944  if( 0 == 0 )
7945  {
7946  hexify( output_str, output, ctx.len);
7947 
7948  fct_chk( strcasecmp( (char *) output_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" ) == 0 );
7949  }
7950 
7951  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
7952  }
7953  FCT_TEST_END();
7954 
7955 
7956  FCT_TEST_BGN(rsassa_pss_signature_example_3_3_verify)
7957  {
7958  unsigned char message_str[1000];
7959  unsigned char hash_result[1000];
7960  unsigned char result_str[1000];
7961  rsa_context ctx;
7962  size_t msg_len;
7963 
7965  memset( message_str, 0x00, 1000 );
7966  memset( hash_result, 0x00, 1000 );
7967  memset( result_str, 0x00, 1000 );
7968 
7969  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
7970  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
7971  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
7972 
7973  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
7974 
7975  msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
7976  unhexify( result_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" );
7977 
7978  switch( SIG_RSA_SHA1 )
7979  {
7980  #ifdef POLARSSL_MD2_C
7981  case SIG_RSA_MD2:
7982  md2( message_str, msg_len, hash_result );
7983  break;
7984  #endif
7985  #ifdef POLARSSL_MD4_C
7986  case SIG_RSA_MD4:
7987  md4( message_str, msg_len, hash_result );
7988  break;
7989  #endif
7990  #ifdef POLARSSL_MD5_C
7991  case SIG_RSA_MD5:
7992  md5( message_str, msg_len, hash_result );
7993  break;
7994  #endif
7995  #ifdef POLARSSL_SHA1_C
7996  case SIG_RSA_SHA1:
7997  sha1( message_str, msg_len, hash_result );
7998  break;
7999  #endif
8000  #ifdef POLARSSL_SHA2_C
8001  case SIG_RSA_SHA224:
8002  sha2( message_str, msg_len, hash_result, 1 );
8003  break;
8004  case SIG_RSA_SHA256:
8005  sha2( message_str, msg_len, hash_result, 0 );
8006  break;
8007  #endif
8008  #ifdef POLARSSL_SHA4_C
8009  case SIG_RSA_SHA384:
8010  sha4( message_str, msg_len, hash_result, 1 );
8011  break;
8012  case SIG_RSA_SHA512:
8013  sha4( message_str, msg_len, hash_result, 0 );
8014  break;
8015  #endif
8016  }
8017 
8018  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8019  }
8020  FCT_TEST_END();
8021 
8022 
8023  FCT_TEST_BGN(rsassa_pss_signature_example_3_4)
8024  {
8025  unsigned char message_str[1000];
8026  unsigned char hash_result[1000];
8027  unsigned char output[1000];
8028  unsigned char output_str[1000];
8029  unsigned char rnd_buf[1000];
8030  rsa_context ctx;
8031  mpi P1, Q1, H, G;
8032  size_t msg_len;
8033  rnd_buf_info info;
8034 
8035  info.length = unhexify( rnd_buf, "f8312d9c8eea13ec0a4c7b98120c87509087c478" );
8036  info.buf = rnd_buf;
8037 
8038  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8040 
8041  memset( message_str, 0x00, 1000 );
8042  memset( hash_result, 0x00, 1000 );
8043  memset( output, 0x00, 1000 );
8044  memset( output_str, 0x00, 1000 );
8045 
8046  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8047  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8048  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8049  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8050  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8051 
8052  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8053  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8054  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8055  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8056  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8057  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8058  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8059  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8060 
8061  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8062 
8063  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8064 
8065  switch( SIG_RSA_SHA1 )
8066  {
8067  #ifdef POLARSSL_MD2_C
8068  case SIG_RSA_MD2:
8069  md2( message_str, msg_len, hash_result );
8070  break;
8071  #endif
8072  #ifdef POLARSSL_MD4_C
8073  case SIG_RSA_MD4:
8074  md4( message_str, msg_len, hash_result );
8075  break;
8076  #endif
8077  #ifdef POLARSSL_MD5_C
8078  case SIG_RSA_MD5:
8079  md5( message_str, msg_len, hash_result );
8080  break;
8081  #endif
8082  #ifdef POLARSSL_SHA1_C
8083  case SIG_RSA_SHA1:
8084  sha1( message_str, msg_len, hash_result );
8085  break;
8086  #endif
8087  #ifdef POLARSSL_SHA2_C
8088  case SIG_RSA_SHA224:
8089  sha2( message_str, msg_len, hash_result, 1 );
8090  break;
8091  case SIG_RSA_SHA256:
8092  sha2( message_str, msg_len, hash_result, 0 );
8093  break;
8094  #endif
8095  #ifdef POLARSSL_SHA4_C
8096  case SIG_RSA_SHA384:
8097  sha4( message_str, msg_len, hash_result, 1 );
8098  break;
8099  case SIG_RSA_SHA512:
8100  sha4( message_str, msg_len, hash_result, 0 );
8101  break;
8102  #endif
8103  }
8104 
8105  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8106  if( 0 == 0 )
8107  {
8108  hexify( output_str, output, ctx.len);
8109 
8110  fct_chk( strcasecmp( (char *) output_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" ) == 0 );
8111  }
8112 
8113  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8114  }
8115  FCT_TEST_END();
8116 
8117 
8118  FCT_TEST_BGN(rsassa_pss_signature_example_3_4_verify)
8119  {
8120  unsigned char message_str[1000];
8121  unsigned char hash_result[1000];
8122  unsigned char result_str[1000];
8123  rsa_context ctx;
8124  size_t msg_len;
8125 
8127  memset( message_str, 0x00, 1000 );
8128  memset( hash_result, 0x00, 1000 );
8129  memset( result_str, 0x00, 1000 );
8130 
8131  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8132  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8133  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8134 
8135  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8136 
8137  msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
8138  unhexify( result_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" );
8139 
8140  switch( SIG_RSA_SHA1 )
8141  {
8142  #ifdef POLARSSL_MD2_C
8143  case SIG_RSA_MD2:
8144  md2( message_str, msg_len, hash_result );
8145  break;
8146  #endif
8147  #ifdef POLARSSL_MD4_C
8148  case SIG_RSA_MD4:
8149  md4( message_str, msg_len, hash_result );
8150  break;
8151  #endif
8152  #ifdef POLARSSL_MD5_C
8153  case SIG_RSA_MD5:
8154  md5( message_str, msg_len, hash_result );
8155  break;
8156  #endif
8157  #ifdef POLARSSL_SHA1_C
8158  case SIG_RSA_SHA1:
8159  sha1( message_str, msg_len, hash_result );
8160  break;
8161  #endif
8162  #ifdef POLARSSL_SHA2_C
8163  case SIG_RSA_SHA224:
8164  sha2( message_str, msg_len, hash_result, 1 );
8165  break;
8166  case SIG_RSA_SHA256:
8167  sha2( message_str, msg_len, hash_result, 0 );
8168  break;
8169  #endif
8170  #ifdef POLARSSL_SHA4_C
8171  case SIG_RSA_SHA384:
8172  sha4( message_str, msg_len, hash_result, 1 );
8173  break;
8174  case SIG_RSA_SHA512:
8175  sha4( message_str, msg_len, hash_result, 0 );
8176  break;
8177  #endif
8178  }
8179 
8180  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8181  }
8182  FCT_TEST_END();
8183 
8184 
8185  FCT_TEST_BGN(rsassa_pss_signature_example_3_5)
8186  {
8187  unsigned char message_str[1000];
8188  unsigned char hash_result[1000];
8189  unsigned char output[1000];
8190  unsigned char output_str[1000];
8191  unsigned char rnd_buf[1000];
8192  rsa_context ctx;
8193  mpi P1, Q1, H, G;
8194  size_t msg_len;
8195  rnd_buf_info info;
8196 
8197  info.length = unhexify( rnd_buf, "50327efec6292f98019fc67a2a6638563e9b6e2d" );
8198  info.buf = rnd_buf;
8199 
8200  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8202 
8203  memset( message_str, 0x00, 1000 );
8204  memset( hash_result, 0x00, 1000 );
8205  memset( output, 0x00, 1000 );
8206  memset( output_str, 0x00, 1000 );
8207 
8208  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8209  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8210  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8211  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8212  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8213 
8214  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8215  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8216  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8217  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8218  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8219  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8220  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8221  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8222 
8223  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8224 
8225  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8226 
8227  switch( SIG_RSA_SHA1 )
8228  {
8229  #ifdef POLARSSL_MD2_C
8230  case SIG_RSA_MD2:
8231  md2( message_str, msg_len, hash_result );
8232  break;
8233  #endif
8234  #ifdef POLARSSL_MD4_C
8235  case SIG_RSA_MD4:
8236  md4( message_str, msg_len, hash_result );
8237  break;
8238  #endif
8239  #ifdef POLARSSL_MD5_C
8240  case SIG_RSA_MD5:
8241  md5( message_str, msg_len, hash_result );
8242  break;
8243  #endif
8244  #ifdef POLARSSL_SHA1_C
8245  case SIG_RSA_SHA1:
8246  sha1( message_str, msg_len, hash_result );
8247  break;
8248  #endif
8249  #ifdef POLARSSL_SHA2_C
8250  case SIG_RSA_SHA224:
8251  sha2( message_str, msg_len, hash_result, 1 );
8252  break;
8253  case SIG_RSA_SHA256:
8254  sha2( message_str, msg_len, hash_result, 0 );
8255  break;
8256  #endif
8257  #ifdef POLARSSL_SHA4_C
8258  case SIG_RSA_SHA384:
8259  sha4( message_str, msg_len, hash_result, 1 );
8260  break;
8261  case SIG_RSA_SHA512:
8262  sha4( message_str, msg_len, hash_result, 0 );
8263  break;
8264  #endif
8265  }
8266 
8267  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8268  if( 0 == 0 )
8269  {
8270  hexify( output_str, output, ctx.len);
8271 
8272  fct_chk( strcasecmp( (char *) output_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" ) == 0 );
8273  }
8274 
8275  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8276  }
8277  FCT_TEST_END();
8278 
8279 
8280  FCT_TEST_BGN(rsassa_pss_signature_example_3_5_verify)
8281  {
8282  unsigned char message_str[1000];
8283  unsigned char hash_result[1000];
8284  unsigned char result_str[1000];
8285  rsa_context ctx;
8286  size_t msg_len;
8287 
8289  memset( message_str, 0x00, 1000 );
8290  memset( hash_result, 0x00, 1000 );
8291  memset( result_str, 0x00, 1000 );
8292 
8293  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8294  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8295  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8296 
8297  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8298 
8299  msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
8300  unhexify( result_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" );
8301 
8302  switch( SIG_RSA_SHA1 )
8303  {
8304  #ifdef POLARSSL_MD2_C
8305  case SIG_RSA_MD2:
8306  md2( message_str, msg_len, hash_result );
8307  break;
8308  #endif
8309  #ifdef POLARSSL_MD4_C
8310  case SIG_RSA_MD4:
8311  md4( message_str, msg_len, hash_result );
8312  break;
8313  #endif
8314  #ifdef POLARSSL_MD5_C
8315  case SIG_RSA_MD5:
8316  md5( message_str, msg_len, hash_result );
8317  break;
8318  #endif
8319  #ifdef POLARSSL_SHA1_C
8320  case SIG_RSA_SHA1:
8321  sha1( message_str, msg_len, hash_result );
8322  break;
8323  #endif
8324  #ifdef POLARSSL_SHA2_C
8325  case SIG_RSA_SHA224:
8326  sha2( message_str, msg_len, hash_result, 1 );
8327  break;
8328  case SIG_RSA_SHA256:
8329  sha2( message_str, msg_len, hash_result, 0 );
8330  break;
8331  #endif
8332  #ifdef POLARSSL_SHA4_C
8333  case SIG_RSA_SHA384:
8334  sha4( message_str, msg_len, hash_result, 1 );
8335  break;
8336  case SIG_RSA_SHA512:
8337  sha4( message_str, msg_len, hash_result, 0 );
8338  break;
8339  #endif
8340  }
8341 
8342  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8343  }
8344  FCT_TEST_END();
8345 
8346 
8347  FCT_TEST_BGN(rsassa_pss_signature_example_3_6)
8348  {
8349  unsigned char message_str[1000];
8350  unsigned char hash_result[1000];
8351  unsigned char output[1000];
8352  unsigned char output_str[1000];
8353  unsigned char rnd_buf[1000];
8354  rsa_context ctx;
8355  mpi P1, Q1, H, G;
8356  size_t msg_len;
8357  rnd_buf_info info;
8358 
8359  info.length = unhexify( rnd_buf, "b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3" );
8360  info.buf = rnd_buf;
8361 
8362  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8364 
8365  memset( message_str, 0x00, 1000 );
8366  memset( hash_result, 0x00, 1000 );
8367  memset( output, 0x00, 1000 );
8368  memset( output_str, 0x00, 1000 );
8369 
8370  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8371  fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
8372  fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
8373  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8374  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8375 
8376  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8377  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8378  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8379  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8380  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8381  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8382  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8383  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8384 
8385  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8386 
8387  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8388 
8389  switch( SIG_RSA_SHA1 )
8390  {
8391  #ifdef POLARSSL_MD2_C
8392  case SIG_RSA_MD2:
8393  md2( message_str, msg_len, hash_result );
8394  break;
8395  #endif
8396  #ifdef POLARSSL_MD4_C
8397  case SIG_RSA_MD4:
8398  md4( message_str, msg_len, hash_result );
8399  break;
8400  #endif
8401  #ifdef POLARSSL_MD5_C
8402  case SIG_RSA_MD5:
8403  md5( message_str, msg_len, hash_result );
8404  break;
8405  #endif
8406  #ifdef POLARSSL_SHA1_C
8407  case SIG_RSA_SHA1:
8408  sha1( message_str, msg_len, hash_result );
8409  break;
8410  #endif
8411  #ifdef POLARSSL_SHA2_C
8412  case SIG_RSA_SHA224:
8413  sha2( message_str, msg_len, hash_result, 1 );
8414  break;
8415  case SIG_RSA_SHA256:
8416  sha2( message_str, msg_len, hash_result, 0 );
8417  break;
8418  #endif
8419  #ifdef POLARSSL_SHA4_C
8420  case SIG_RSA_SHA384:
8421  sha4( message_str, msg_len, hash_result, 1 );
8422  break;
8423  case SIG_RSA_SHA512:
8424  sha4( message_str, msg_len, hash_result, 0 );
8425  break;
8426  #endif
8427  }
8428 
8429  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8430  if( 0 == 0 )
8431  {
8432  hexify( output_str, output, ctx.len);
8433 
8434  fct_chk( strcasecmp( (char *) output_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" ) == 0 );
8435  }
8436 
8437  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8438  }
8439  FCT_TEST_END();
8440 
8441 
8442  FCT_TEST_BGN(rsassa_pss_signature_example_3_6_verify)
8443  {
8444  unsigned char message_str[1000];
8445  unsigned char hash_result[1000];
8446  unsigned char result_str[1000];
8447  rsa_context ctx;
8448  size_t msg_len;
8449 
8451  memset( message_str, 0x00, 1000 );
8452  memset( hash_result, 0x00, 1000 );
8453  memset( result_str, 0x00, 1000 );
8454 
8455  ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
8456  fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
8457  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8458 
8459  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8460 
8461  msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
8462  unhexify( result_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" );
8463 
8464  switch( SIG_RSA_SHA1 )
8465  {
8466  #ifdef POLARSSL_MD2_C
8467  case SIG_RSA_MD2:
8468  md2( message_str, msg_len, hash_result );
8469  break;
8470  #endif
8471  #ifdef POLARSSL_MD4_C
8472  case SIG_RSA_MD4:
8473  md4( message_str, msg_len, hash_result );
8474  break;
8475  #endif
8476  #ifdef POLARSSL_MD5_C
8477  case SIG_RSA_MD5:
8478  md5( message_str, msg_len, hash_result );
8479  break;
8480  #endif
8481  #ifdef POLARSSL_SHA1_C
8482  case SIG_RSA_SHA1:
8483  sha1( message_str, msg_len, hash_result );
8484  break;
8485  #endif
8486  #ifdef POLARSSL_SHA2_C
8487  case SIG_RSA_SHA224:
8488  sha2( message_str, msg_len, hash_result, 1 );
8489  break;
8490  case SIG_RSA_SHA256:
8491  sha2( message_str, msg_len, hash_result, 0 );
8492  break;
8493  #endif
8494  #ifdef POLARSSL_SHA4_C
8495  case SIG_RSA_SHA384:
8496  sha4( message_str, msg_len, hash_result, 1 );
8497  break;
8498  case SIG_RSA_SHA512:
8499  sha4( message_str, msg_len, hash_result, 0 );
8500  break;
8501  #endif
8502  }
8503 
8504  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8505  }
8506  FCT_TEST_END();
8507 
8508 
8509  FCT_TEST_BGN(rsassa_pss_signature_example_4_1)
8510  {
8511  unsigned char message_str[1000];
8512  unsigned char hash_result[1000];
8513  unsigned char output[1000];
8514  unsigned char output_str[1000];
8515  unsigned char rnd_buf[1000];
8516  rsa_context ctx;
8517  mpi P1, Q1, H, G;
8518  size_t msg_len;
8519  rnd_buf_info info;
8520 
8521  info.length = unhexify( rnd_buf, "ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d" );
8522  info.buf = rnd_buf;
8523 
8524  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8526 
8527  memset( message_str, 0x00, 1000 );
8528  memset( hash_result, 0x00, 1000 );
8529  memset( output, 0x00, 1000 );
8530  memset( output_str, 0x00, 1000 );
8531 
8532  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8533  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
8534  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
8535  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8536  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8537 
8538  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8539  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8540  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8541  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8542  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8543  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8544  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8545  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8546 
8547  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8548 
8549  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
8550 
8551  switch( SIG_RSA_SHA1 )
8552  {
8553  #ifdef POLARSSL_MD2_C
8554  case SIG_RSA_MD2:
8555  md2( message_str, msg_len, hash_result );
8556  break;
8557  #endif
8558  #ifdef POLARSSL_MD4_C
8559  case SIG_RSA_MD4:
8560  md4( message_str, msg_len, hash_result );
8561  break;
8562  #endif
8563  #ifdef POLARSSL_MD5_C
8564  case SIG_RSA_MD5:
8565  md5( message_str, msg_len, hash_result );
8566  break;
8567  #endif
8568  #ifdef POLARSSL_SHA1_C
8569  case SIG_RSA_SHA1:
8570  sha1( message_str, msg_len, hash_result );
8571  break;
8572  #endif
8573  #ifdef POLARSSL_SHA2_C
8574  case SIG_RSA_SHA224:
8575  sha2( message_str, msg_len, hash_result, 1 );
8576  break;
8577  case SIG_RSA_SHA256:
8578  sha2( message_str, msg_len, hash_result, 0 );
8579  break;
8580  #endif
8581  #ifdef POLARSSL_SHA4_C
8582  case SIG_RSA_SHA384:
8583  sha4( message_str, msg_len, hash_result, 1 );
8584  break;
8585  case SIG_RSA_SHA512:
8586  sha4( message_str, msg_len, hash_result, 0 );
8587  break;
8588  #endif
8589  }
8590 
8591  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8592  if( 0 == 0 )
8593  {
8594  hexify( output_str, output, ctx.len);
8595 
8596  fct_chk( strcasecmp( (char *) output_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" ) == 0 );
8597  }
8598 
8599  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8600  }
8601  FCT_TEST_END();
8602 
8603 
8604  FCT_TEST_BGN(rsassa_pss_signature_example_4_1_verify)
8605  {
8606  unsigned char message_str[1000];
8607  unsigned char hash_result[1000];
8608  unsigned char result_str[1000];
8609  rsa_context ctx;
8610  size_t msg_len;
8611 
8613  memset( message_str, 0x00, 1000 );
8614  memset( hash_result, 0x00, 1000 );
8615  memset( result_str, 0x00, 1000 );
8616 
8617  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8618  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8619  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8620 
8621  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8622 
8623  msg_len = unhexify( message_str, "9fb03b827c8217d9" );
8624  unhexify( result_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" );
8625 
8626  switch( SIG_RSA_SHA1 )
8627  {
8628  #ifdef POLARSSL_MD2_C
8629  case SIG_RSA_MD2:
8630  md2( message_str, msg_len, hash_result );
8631  break;
8632  #endif
8633  #ifdef POLARSSL_MD4_C
8634  case SIG_RSA_MD4:
8635  md4( message_str, msg_len, hash_result );
8636  break;
8637  #endif
8638  #ifdef POLARSSL_MD5_C
8639  case SIG_RSA_MD5:
8640  md5( message_str, msg_len, hash_result );
8641  break;
8642  #endif
8643  #ifdef POLARSSL_SHA1_C
8644  case SIG_RSA_SHA1:
8645  sha1( message_str, msg_len, hash_result );
8646  break;
8647  #endif
8648  #ifdef POLARSSL_SHA2_C
8649  case SIG_RSA_SHA224:
8650  sha2( message_str, msg_len, hash_result, 1 );
8651  break;
8652  case SIG_RSA_SHA256:
8653  sha2( message_str, msg_len, hash_result, 0 );
8654  break;
8655  #endif
8656  #ifdef POLARSSL_SHA4_C
8657  case SIG_RSA_SHA384:
8658  sha4( message_str, msg_len, hash_result, 1 );
8659  break;
8660  case SIG_RSA_SHA512:
8661  sha4( message_str, msg_len, hash_result, 0 );
8662  break;
8663  #endif
8664  }
8665 
8666  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8667  }
8668  FCT_TEST_END();
8669 
8670 
8671  FCT_TEST_BGN(rsassa_pss_signature_example_4_2)
8672  {
8673  unsigned char message_str[1000];
8674  unsigned char hash_result[1000];
8675  unsigned char output[1000];
8676  unsigned char output_str[1000];
8677  unsigned char rnd_buf[1000];
8678  rsa_context ctx;
8679  mpi P1, Q1, H, G;
8680  size_t msg_len;
8681  rnd_buf_info info;
8682 
8683  info.length = unhexify( rnd_buf, "22d71d54363a4217aa55113f059b3384e3e57e44" );
8684  info.buf = rnd_buf;
8685 
8686  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8688 
8689  memset( message_str, 0x00, 1000 );
8690  memset( hash_result, 0x00, 1000 );
8691  memset( output, 0x00, 1000 );
8692  memset( output_str, 0x00, 1000 );
8693 
8694  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8695  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
8696  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
8697  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8698  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8699 
8700  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8701  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8702  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8703  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8704  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8705  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8706  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8707  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8708 
8709  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8710 
8711  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
8712 
8713  switch( SIG_RSA_SHA1 )
8714  {
8715  #ifdef POLARSSL_MD2_C
8716  case SIG_RSA_MD2:
8717  md2( message_str, msg_len, hash_result );
8718  break;
8719  #endif
8720  #ifdef POLARSSL_MD4_C
8721  case SIG_RSA_MD4:
8722  md4( message_str, msg_len, hash_result );
8723  break;
8724  #endif
8725  #ifdef POLARSSL_MD5_C
8726  case SIG_RSA_MD5:
8727  md5( message_str, msg_len, hash_result );
8728  break;
8729  #endif
8730  #ifdef POLARSSL_SHA1_C
8731  case SIG_RSA_SHA1:
8732  sha1( message_str, msg_len, hash_result );
8733  break;
8734  #endif
8735  #ifdef POLARSSL_SHA2_C
8736  case SIG_RSA_SHA224:
8737  sha2( message_str, msg_len, hash_result, 1 );
8738  break;
8739  case SIG_RSA_SHA256:
8740  sha2( message_str, msg_len, hash_result, 0 );
8741  break;
8742  #endif
8743  #ifdef POLARSSL_SHA4_C
8744  case SIG_RSA_SHA384:
8745  sha4( message_str, msg_len, hash_result, 1 );
8746  break;
8747  case SIG_RSA_SHA512:
8748  sha4( message_str, msg_len, hash_result, 0 );
8749  break;
8750  #endif
8751  }
8752 
8753  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8754  if( 0 == 0 )
8755  {
8756  hexify( output_str, output, ctx.len);
8757 
8758  fct_chk( strcasecmp( (char *) output_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" ) == 0 );
8759  }
8760 
8761  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8762  }
8763  FCT_TEST_END();
8764 
8765 
8766  FCT_TEST_BGN(rsassa_pss_signature_example_4_2_verify)
8767  {
8768  unsigned char message_str[1000];
8769  unsigned char hash_result[1000];
8770  unsigned char result_str[1000];
8771  rsa_context ctx;
8772  size_t msg_len;
8773 
8775  memset( message_str, 0x00, 1000 );
8776  memset( hash_result, 0x00, 1000 );
8777  memset( result_str, 0x00, 1000 );
8778 
8779  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8780  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8781  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8782 
8783  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8784 
8785  msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
8786  unhexify( result_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" );
8787 
8788  switch( SIG_RSA_SHA1 )
8789  {
8790  #ifdef POLARSSL_MD2_C
8791  case SIG_RSA_MD2:
8792  md2( message_str, msg_len, hash_result );
8793  break;
8794  #endif
8795  #ifdef POLARSSL_MD4_C
8796  case SIG_RSA_MD4:
8797  md4( message_str, msg_len, hash_result );
8798  break;
8799  #endif
8800  #ifdef POLARSSL_MD5_C
8801  case SIG_RSA_MD5:
8802  md5( message_str, msg_len, hash_result );
8803  break;
8804  #endif
8805  #ifdef POLARSSL_SHA1_C
8806  case SIG_RSA_SHA1:
8807  sha1( message_str, msg_len, hash_result );
8808  break;
8809  #endif
8810  #ifdef POLARSSL_SHA2_C
8811  case SIG_RSA_SHA224:
8812  sha2( message_str, msg_len, hash_result, 1 );
8813  break;
8814  case SIG_RSA_SHA256:
8815  sha2( message_str, msg_len, hash_result, 0 );
8816  break;
8817  #endif
8818  #ifdef POLARSSL_SHA4_C
8819  case SIG_RSA_SHA384:
8820  sha4( message_str, msg_len, hash_result, 1 );
8821  break;
8822  case SIG_RSA_SHA512:
8823  sha4( message_str, msg_len, hash_result, 0 );
8824  break;
8825  #endif
8826  }
8827 
8828  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8829  }
8830  FCT_TEST_END();
8831 
8832 
8833  FCT_TEST_BGN(rsassa_pss_signature_example_4_3)
8834  {
8835  unsigned char message_str[1000];
8836  unsigned char hash_result[1000];
8837  unsigned char output[1000];
8838  unsigned char output_str[1000];
8839  unsigned char rnd_buf[1000];
8840  rsa_context ctx;
8841  mpi P1, Q1, H, G;
8842  size_t msg_len;
8843  rnd_buf_info info;
8844 
8845  info.length = unhexify( rnd_buf, "4af870fbc6516012ca916c70ba862ac7e8243617" );
8846  info.buf = rnd_buf;
8847 
8848  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
8850 
8851  memset( message_str, 0x00, 1000 );
8852  memset( hash_result, 0x00, 1000 );
8853  memset( output, 0x00, 1000 );
8854  memset( output_str, 0x00, 1000 );
8855 
8856  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8857  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
8858  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
8859  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8860  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8861 
8862  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
8863  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
8864  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
8865  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
8866  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
8867  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
8868  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
8869  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
8870 
8871  fct_chk( rsa_check_privkey( &ctx ) == 0 );
8872 
8873  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
8874 
8875  switch( SIG_RSA_SHA1 )
8876  {
8877  #ifdef POLARSSL_MD2_C
8878  case SIG_RSA_MD2:
8879  md2( message_str, msg_len, hash_result );
8880  break;
8881  #endif
8882  #ifdef POLARSSL_MD4_C
8883  case SIG_RSA_MD4:
8884  md4( message_str, msg_len, hash_result );
8885  break;
8886  #endif
8887  #ifdef POLARSSL_MD5_C
8888  case SIG_RSA_MD5:
8889  md5( message_str, msg_len, hash_result );
8890  break;
8891  #endif
8892  #ifdef POLARSSL_SHA1_C
8893  case SIG_RSA_SHA1:
8894  sha1( message_str, msg_len, hash_result );
8895  break;
8896  #endif
8897  #ifdef POLARSSL_SHA2_C
8898  case SIG_RSA_SHA224:
8899  sha2( message_str, msg_len, hash_result, 1 );
8900  break;
8901  case SIG_RSA_SHA256:
8902  sha2( message_str, msg_len, hash_result, 0 );
8903  break;
8904  #endif
8905  #ifdef POLARSSL_SHA4_C
8906  case SIG_RSA_SHA384:
8907  sha4( message_str, msg_len, hash_result, 1 );
8908  break;
8909  case SIG_RSA_SHA512:
8910  sha4( message_str, msg_len, hash_result, 0 );
8911  break;
8912  #endif
8913  }
8914 
8915  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
8916  if( 0 == 0 )
8917  {
8918  hexify( output_str, output, ctx.len);
8919 
8920  fct_chk( strcasecmp( (char *) output_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" ) == 0 );
8921  }
8922 
8923  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
8924  }
8925  FCT_TEST_END();
8926 
8927 
8928  FCT_TEST_BGN(rsassa_pss_signature_example_4_3_verify)
8929  {
8930  unsigned char message_str[1000];
8931  unsigned char hash_result[1000];
8932  unsigned char result_str[1000];
8933  rsa_context ctx;
8934  size_t msg_len;
8935 
8937  memset( message_str, 0x00, 1000 );
8938  memset( hash_result, 0x00, 1000 );
8939  memset( result_str, 0x00, 1000 );
8940 
8941  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
8942  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
8943  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
8944 
8945  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
8946 
8947  msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
8948  unhexify( result_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" );
8949 
8950  switch( SIG_RSA_SHA1 )
8951  {
8952  #ifdef POLARSSL_MD2_C
8953  case SIG_RSA_MD2:
8954  md2( message_str, msg_len, hash_result );
8955  break;
8956  #endif
8957  #ifdef POLARSSL_MD4_C
8958  case SIG_RSA_MD4:
8959  md4( message_str, msg_len, hash_result );
8960  break;
8961  #endif
8962  #ifdef POLARSSL_MD5_C
8963  case SIG_RSA_MD5:
8964  md5( message_str, msg_len, hash_result );
8965  break;
8966  #endif
8967  #ifdef POLARSSL_SHA1_C
8968  case SIG_RSA_SHA1:
8969  sha1( message_str, msg_len, hash_result );
8970  break;
8971  #endif
8972  #ifdef POLARSSL_SHA2_C
8973  case SIG_RSA_SHA224:
8974  sha2( message_str, msg_len, hash_result, 1 );
8975  break;
8976  case SIG_RSA_SHA256:
8977  sha2( message_str, msg_len, hash_result, 0 );
8978  break;
8979  #endif
8980  #ifdef POLARSSL_SHA4_C
8981  case SIG_RSA_SHA384:
8982  sha4( message_str, msg_len, hash_result, 1 );
8983  break;
8984  case SIG_RSA_SHA512:
8985  sha4( message_str, msg_len, hash_result, 0 );
8986  break;
8987  #endif
8988  }
8989 
8990  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
8991  }
8992  FCT_TEST_END();
8993 
8994 
8995  FCT_TEST_BGN(rsassa_pss_signature_example_4_4)
8996  {
8997  unsigned char message_str[1000];
8998  unsigned char hash_result[1000];
8999  unsigned char output[1000];
9000  unsigned char output_str[1000];
9001  unsigned char rnd_buf[1000];
9002  rsa_context ctx;
9003  mpi P1, Q1, H, G;
9004  size_t msg_len;
9005  rnd_buf_info info;
9006 
9007  info.length = unhexify( rnd_buf, "40d2e180fae1eac439c190b56c2c0e14ddf9a226" );
9008  info.buf = rnd_buf;
9009 
9010  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9012 
9013  memset( message_str, 0x00, 1000 );
9014  memset( hash_result, 0x00, 1000 );
9015  memset( output, 0x00, 1000 );
9016  memset( output_str, 0x00, 1000 );
9017 
9018  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9019  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9020  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9021  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9022  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9023 
9024  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9025  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9026  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9027  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9028  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9029  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9030  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9031  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9032 
9033  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9034 
9035  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9036 
9037  switch( SIG_RSA_SHA1 )
9038  {
9039  #ifdef POLARSSL_MD2_C
9040  case SIG_RSA_MD2:
9041  md2( message_str, msg_len, hash_result );
9042  break;
9043  #endif
9044  #ifdef POLARSSL_MD4_C
9045  case SIG_RSA_MD4:
9046  md4( message_str, msg_len, hash_result );
9047  break;
9048  #endif
9049  #ifdef POLARSSL_MD5_C
9050  case SIG_RSA_MD5:
9051  md5( message_str, msg_len, hash_result );
9052  break;
9053  #endif
9054  #ifdef POLARSSL_SHA1_C
9055  case SIG_RSA_SHA1:
9056  sha1( message_str, msg_len, hash_result );
9057  break;
9058  #endif
9059  #ifdef POLARSSL_SHA2_C
9060  case SIG_RSA_SHA224:
9061  sha2( message_str, msg_len, hash_result, 1 );
9062  break;
9063  case SIG_RSA_SHA256:
9064  sha2( message_str, msg_len, hash_result, 0 );
9065  break;
9066  #endif
9067  #ifdef POLARSSL_SHA4_C
9068  case SIG_RSA_SHA384:
9069  sha4( message_str, msg_len, hash_result, 1 );
9070  break;
9071  case SIG_RSA_SHA512:
9072  sha4( message_str, msg_len, hash_result, 0 );
9073  break;
9074  #endif
9075  }
9076 
9077  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9078  if( 0 == 0 )
9079  {
9080  hexify( output_str, output, ctx.len);
9081 
9082  fct_chk( strcasecmp( (char *) output_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" ) == 0 );
9083  }
9084 
9085  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9086  }
9087  FCT_TEST_END();
9088 
9089 
9090  FCT_TEST_BGN(rsassa_pss_signature_example_4_4_verify)
9091  {
9092  unsigned char message_str[1000];
9093  unsigned char hash_result[1000];
9094  unsigned char result_str[1000];
9095  rsa_context ctx;
9096  size_t msg_len;
9097 
9099  memset( message_str, 0x00, 1000 );
9100  memset( hash_result, 0x00, 1000 );
9101  memset( result_str, 0x00, 1000 );
9102 
9103  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9104  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9105  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9106 
9107  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9108 
9109  msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
9110  unhexify( result_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" );
9111 
9112  switch( SIG_RSA_SHA1 )
9113  {
9114  #ifdef POLARSSL_MD2_C
9115  case SIG_RSA_MD2:
9116  md2( message_str, msg_len, hash_result );
9117  break;
9118  #endif
9119  #ifdef POLARSSL_MD4_C
9120  case SIG_RSA_MD4:
9121  md4( message_str, msg_len, hash_result );
9122  break;
9123  #endif
9124  #ifdef POLARSSL_MD5_C
9125  case SIG_RSA_MD5:
9126  md5( message_str, msg_len, hash_result );
9127  break;
9128  #endif
9129  #ifdef POLARSSL_SHA1_C
9130  case SIG_RSA_SHA1:
9131  sha1( message_str, msg_len, hash_result );
9132  break;
9133  #endif
9134  #ifdef POLARSSL_SHA2_C
9135  case SIG_RSA_SHA224:
9136  sha2( message_str, msg_len, hash_result, 1 );
9137  break;
9138  case SIG_RSA_SHA256:
9139  sha2( message_str, msg_len, hash_result, 0 );
9140  break;
9141  #endif
9142  #ifdef POLARSSL_SHA4_C
9143  case SIG_RSA_SHA384:
9144  sha4( message_str, msg_len, hash_result, 1 );
9145  break;
9146  case SIG_RSA_SHA512:
9147  sha4( message_str, msg_len, hash_result, 0 );
9148  break;
9149  #endif
9150  }
9151 
9152  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9153  }
9154  FCT_TEST_END();
9155 
9156 
9157  FCT_TEST_BGN(rsassa_pss_signature_example_4_5)
9158  {
9159  unsigned char message_str[1000];
9160  unsigned char hash_result[1000];
9161  unsigned char output[1000];
9162  unsigned char output_str[1000];
9163  unsigned char rnd_buf[1000];
9164  rsa_context ctx;
9165  mpi P1, Q1, H, G;
9166  size_t msg_len;
9167  rnd_buf_info info;
9168 
9169  info.length = unhexify( rnd_buf, "2497dc2b4615dfae5a663d49ffd56bf7efc11304" );
9170  info.buf = rnd_buf;
9171 
9172  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9174 
9175  memset( message_str, 0x00, 1000 );
9176  memset( hash_result, 0x00, 1000 );
9177  memset( output, 0x00, 1000 );
9178  memset( output_str, 0x00, 1000 );
9179 
9180  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9181  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9182  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9183  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9184  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9185 
9186  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9187  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9188  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9189  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9190  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9191  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9192  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9193  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9194 
9195  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9196 
9197  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9198 
9199  switch( SIG_RSA_SHA1 )
9200  {
9201  #ifdef POLARSSL_MD2_C
9202  case SIG_RSA_MD2:
9203  md2( message_str, msg_len, hash_result );
9204  break;
9205  #endif
9206  #ifdef POLARSSL_MD4_C
9207  case SIG_RSA_MD4:
9208  md4( message_str, msg_len, hash_result );
9209  break;
9210  #endif
9211  #ifdef POLARSSL_MD5_C
9212  case SIG_RSA_MD5:
9213  md5( message_str, msg_len, hash_result );
9214  break;
9215  #endif
9216  #ifdef POLARSSL_SHA1_C
9217  case SIG_RSA_SHA1:
9218  sha1( message_str, msg_len, hash_result );
9219  break;
9220  #endif
9221  #ifdef POLARSSL_SHA2_C
9222  case SIG_RSA_SHA224:
9223  sha2( message_str, msg_len, hash_result, 1 );
9224  break;
9225  case SIG_RSA_SHA256:
9226  sha2( message_str, msg_len, hash_result, 0 );
9227  break;
9228  #endif
9229  #ifdef POLARSSL_SHA4_C
9230  case SIG_RSA_SHA384:
9231  sha4( message_str, msg_len, hash_result, 1 );
9232  break;
9233  case SIG_RSA_SHA512:
9234  sha4( message_str, msg_len, hash_result, 0 );
9235  break;
9236  #endif
9237  }
9238 
9239  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9240  if( 0 == 0 )
9241  {
9242  hexify( output_str, output, ctx.len);
9243 
9244  fct_chk( strcasecmp( (char *) output_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" ) == 0 );
9245  }
9246 
9247  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9248  }
9249  FCT_TEST_END();
9250 
9251 
9252  FCT_TEST_BGN(rsassa_pss_signature_example_4_5_verify)
9253  {
9254  unsigned char message_str[1000];
9255  unsigned char hash_result[1000];
9256  unsigned char result_str[1000];
9257  rsa_context ctx;
9258  size_t msg_len;
9259 
9261  memset( message_str, 0x00, 1000 );
9262  memset( hash_result, 0x00, 1000 );
9263  memset( result_str, 0x00, 1000 );
9264 
9265  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9266  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9267  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9268 
9269  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9270 
9271  msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
9272  unhexify( result_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" );
9273 
9274  switch( SIG_RSA_SHA1 )
9275  {
9276  #ifdef POLARSSL_MD2_C
9277  case SIG_RSA_MD2:
9278  md2( message_str, msg_len, hash_result );
9279  break;
9280  #endif
9281  #ifdef POLARSSL_MD4_C
9282  case SIG_RSA_MD4:
9283  md4( message_str, msg_len, hash_result );
9284  break;
9285  #endif
9286  #ifdef POLARSSL_MD5_C
9287  case SIG_RSA_MD5:
9288  md5( message_str, msg_len, hash_result );
9289  break;
9290  #endif
9291  #ifdef POLARSSL_SHA1_C
9292  case SIG_RSA_SHA1:
9293  sha1( message_str, msg_len, hash_result );
9294  break;
9295  #endif
9296  #ifdef POLARSSL_SHA2_C
9297  case SIG_RSA_SHA224:
9298  sha2( message_str, msg_len, hash_result, 1 );
9299  break;
9300  case SIG_RSA_SHA256:
9301  sha2( message_str, msg_len, hash_result, 0 );
9302  break;
9303  #endif
9304  #ifdef POLARSSL_SHA4_C
9305  case SIG_RSA_SHA384:
9306  sha4( message_str, msg_len, hash_result, 1 );
9307  break;
9308  case SIG_RSA_SHA512:
9309  sha4( message_str, msg_len, hash_result, 0 );
9310  break;
9311  #endif
9312  }
9313 
9314  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9315  }
9316  FCT_TEST_END();
9317 
9318 
9319  FCT_TEST_BGN(rsassa_pss_signature_example_4_6)
9320  {
9321  unsigned char message_str[1000];
9322  unsigned char hash_result[1000];
9323  unsigned char output[1000];
9324  unsigned char output_str[1000];
9325  unsigned char rnd_buf[1000];
9326  rsa_context ctx;
9327  mpi P1, Q1, H, G;
9328  size_t msg_len;
9329  rnd_buf_info info;
9330 
9331  info.length = unhexify( rnd_buf, "a334db6faebf11081a04f87c2d621cdec7930b9b" );
9332  info.buf = rnd_buf;
9333 
9334  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9336 
9337  memset( message_str, 0x00, 1000 );
9338  memset( hash_result, 0x00, 1000 );
9339  memset( output, 0x00, 1000 );
9340  memset( output_str, 0x00, 1000 );
9341 
9342  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9343  fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
9344  fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
9345  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9346  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9347 
9348  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9349  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9350  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9351  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9352  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9353  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9354  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9355  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9356 
9357  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9358 
9359  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9360 
9361  switch( SIG_RSA_SHA1 )
9362  {
9363  #ifdef POLARSSL_MD2_C
9364  case SIG_RSA_MD2:
9365  md2( message_str, msg_len, hash_result );
9366  break;
9367  #endif
9368  #ifdef POLARSSL_MD4_C
9369  case SIG_RSA_MD4:
9370  md4( message_str, msg_len, hash_result );
9371  break;
9372  #endif
9373  #ifdef POLARSSL_MD5_C
9374  case SIG_RSA_MD5:
9375  md5( message_str, msg_len, hash_result );
9376  break;
9377  #endif
9378  #ifdef POLARSSL_SHA1_C
9379  case SIG_RSA_SHA1:
9380  sha1( message_str, msg_len, hash_result );
9381  break;
9382  #endif
9383  #ifdef POLARSSL_SHA2_C
9384  case SIG_RSA_SHA224:
9385  sha2( message_str, msg_len, hash_result, 1 );
9386  break;
9387  case SIG_RSA_SHA256:
9388  sha2( message_str, msg_len, hash_result, 0 );
9389  break;
9390  #endif
9391  #ifdef POLARSSL_SHA4_C
9392  case SIG_RSA_SHA384:
9393  sha4( message_str, msg_len, hash_result, 1 );
9394  break;
9395  case SIG_RSA_SHA512:
9396  sha4( message_str, msg_len, hash_result, 0 );
9397  break;
9398  #endif
9399  }
9400 
9401  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9402  if( 0 == 0 )
9403  {
9404  hexify( output_str, output, ctx.len);
9405 
9406  fct_chk( strcasecmp( (char *) output_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" ) == 0 );
9407  }
9408 
9409  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9410  }
9411  FCT_TEST_END();
9412 
9413 
9414  FCT_TEST_BGN(rsassa_pss_signature_example_4_6_verify)
9415  {
9416  unsigned char message_str[1000];
9417  unsigned char hash_result[1000];
9418  unsigned char result_str[1000];
9419  rsa_context ctx;
9420  size_t msg_len;
9421 
9423  memset( message_str, 0x00, 1000 );
9424  memset( hash_result, 0x00, 1000 );
9425  memset( result_str, 0x00, 1000 );
9426 
9427  ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
9428  fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
9429  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9430 
9431  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9432 
9433  msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
9434  unhexify( result_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" );
9435 
9436  switch( SIG_RSA_SHA1 )
9437  {
9438  #ifdef POLARSSL_MD2_C
9439  case SIG_RSA_MD2:
9440  md2( message_str, msg_len, hash_result );
9441  break;
9442  #endif
9443  #ifdef POLARSSL_MD4_C
9444  case SIG_RSA_MD4:
9445  md4( message_str, msg_len, hash_result );
9446  break;
9447  #endif
9448  #ifdef POLARSSL_MD5_C
9449  case SIG_RSA_MD5:
9450  md5( message_str, msg_len, hash_result );
9451  break;
9452  #endif
9453  #ifdef POLARSSL_SHA1_C
9454  case SIG_RSA_SHA1:
9455  sha1( message_str, msg_len, hash_result );
9456  break;
9457  #endif
9458  #ifdef POLARSSL_SHA2_C
9459  case SIG_RSA_SHA224:
9460  sha2( message_str, msg_len, hash_result, 1 );
9461  break;
9462  case SIG_RSA_SHA256:
9463  sha2( message_str, msg_len, hash_result, 0 );
9464  break;
9465  #endif
9466  #ifdef POLARSSL_SHA4_C
9467  case SIG_RSA_SHA384:
9468  sha4( message_str, msg_len, hash_result, 1 );
9469  break;
9470  case SIG_RSA_SHA512:
9471  sha4( message_str, msg_len, hash_result, 0 );
9472  break;
9473  #endif
9474  }
9475 
9476  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9477  }
9478  FCT_TEST_END();
9479 
9480 
9481  FCT_TEST_BGN(rsassa_pss_signature_example_5_1)
9482  {
9483  unsigned char message_str[1000];
9484  unsigned char hash_result[1000];
9485  unsigned char output[1000];
9486  unsigned char output_str[1000];
9487  unsigned char rnd_buf[1000];
9488  rsa_context ctx;
9489  mpi P1, Q1, H, G;
9490  size_t msg_len;
9491  rnd_buf_info info;
9492 
9493  info.length = unhexify( rnd_buf, "081b233b43567750bd6e78f396a88b9f6a445151" );
9494  info.buf = rnd_buf;
9495 
9496  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9498 
9499  memset( message_str, 0x00, 1000 );
9500  memset( hash_result, 0x00, 1000 );
9501  memset( output, 0x00, 1000 );
9502  memset( output_str, 0x00, 1000 );
9503 
9504  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9505  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9506  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9507  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9508  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9509 
9510  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9511  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9512  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9513  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9514  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9515  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9516  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9517  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9518 
9519  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9520 
9521  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
9522 
9523  switch( SIG_RSA_SHA1 )
9524  {
9525  #ifdef POLARSSL_MD2_C
9526  case SIG_RSA_MD2:
9527  md2( message_str, msg_len, hash_result );
9528  break;
9529  #endif
9530  #ifdef POLARSSL_MD4_C
9531  case SIG_RSA_MD4:
9532  md4( message_str, msg_len, hash_result );
9533  break;
9534  #endif
9535  #ifdef POLARSSL_MD5_C
9536  case SIG_RSA_MD5:
9537  md5( message_str, msg_len, hash_result );
9538  break;
9539  #endif
9540  #ifdef POLARSSL_SHA1_C
9541  case SIG_RSA_SHA1:
9542  sha1( message_str, msg_len, hash_result );
9543  break;
9544  #endif
9545  #ifdef POLARSSL_SHA2_C
9546  case SIG_RSA_SHA224:
9547  sha2( message_str, msg_len, hash_result, 1 );
9548  break;
9549  case SIG_RSA_SHA256:
9550  sha2( message_str, msg_len, hash_result, 0 );
9551  break;
9552  #endif
9553  #ifdef POLARSSL_SHA4_C
9554  case SIG_RSA_SHA384:
9555  sha4( message_str, msg_len, hash_result, 1 );
9556  break;
9557  case SIG_RSA_SHA512:
9558  sha4( message_str, msg_len, hash_result, 0 );
9559  break;
9560  #endif
9561  }
9562 
9563  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9564  if( 0 == 0 )
9565  {
9566  hexify( output_str, output, ctx.len);
9567 
9568  fct_chk( strcasecmp( (char *) output_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" ) == 0 );
9569  }
9570 
9571  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9572  }
9573  FCT_TEST_END();
9574 
9575 
9576  FCT_TEST_BGN(rsassa_pss_signature_example_5_1_verify)
9577  {
9578  unsigned char message_str[1000];
9579  unsigned char hash_result[1000];
9580  unsigned char result_str[1000];
9581  rsa_context ctx;
9582  size_t msg_len;
9583 
9585  memset( message_str, 0x00, 1000 );
9586  memset( hash_result, 0x00, 1000 );
9587  memset( result_str, 0x00, 1000 );
9588 
9589  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9590  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9591  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9592 
9593  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9594 
9595  msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
9596  unhexify( result_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" );
9597 
9598  switch( SIG_RSA_SHA1 )
9599  {
9600  #ifdef POLARSSL_MD2_C
9601  case SIG_RSA_MD2:
9602  md2( message_str, msg_len, hash_result );
9603  break;
9604  #endif
9605  #ifdef POLARSSL_MD4_C
9606  case SIG_RSA_MD4:
9607  md4( message_str, msg_len, hash_result );
9608  break;
9609  #endif
9610  #ifdef POLARSSL_MD5_C
9611  case SIG_RSA_MD5:
9612  md5( message_str, msg_len, hash_result );
9613  break;
9614  #endif
9615  #ifdef POLARSSL_SHA1_C
9616  case SIG_RSA_SHA1:
9617  sha1( message_str, msg_len, hash_result );
9618  break;
9619  #endif
9620  #ifdef POLARSSL_SHA2_C
9621  case SIG_RSA_SHA224:
9622  sha2( message_str, msg_len, hash_result, 1 );
9623  break;
9624  case SIG_RSA_SHA256:
9625  sha2( message_str, msg_len, hash_result, 0 );
9626  break;
9627  #endif
9628  #ifdef POLARSSL_SHA4_C
9629  case SIG_RSA_SHA384:
9630  sha4( message_str, msg_len, hash_result, 1 );
9631  break;
9632  case SIG_RSA_SHA512:
9633  sha4( message_str, msg_len, hash_result, 0 );
9634  break;
9635  #endif
9636  }
9637 
9638  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9639  }
9640  FCT_TEST_END();
9641 
9642 
9643  FCT_TEST_BGN(rsassa_pss_signature_example_5_2)
9644  {
9645  unsigned char message_str[1000];
9646  unsigned char hash_result[1000];
9647  unsigned char output[1000];
9648  unsigned char output_str[1000];
9649  unsigned char rnd_buf[1000];
9650  rsa_context ctx;
9651  mpi P1, Q1, H, G;
9652  size_t msg_len;
9653  rnd_buf_info info;
9654 
9655  info.length = unhexify( rnd_buf, "bd0ce19549d0700120cbe51077dbbbb00a8d8b09" );
9656  info.buf = rnd_buf;
9657 
9658  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9660 
9661  memset( message_str, 0x00, 1000 );
9662  memset( hash_result, 0x00, 1000 );
9663  memset( output, 0x00, 1000 );
9664  memset( output_str, 0x00, 1000 );
9665 
9666  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9667  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9668  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9669  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9670  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9671 
9672  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9673  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9674  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9675  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9676  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9677  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9678  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9679  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9680 
9681  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9682 
9683  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
9684 
9685  switch( SIG_RSA_SHA1 )
9686  {
9687  #ifdef POLARSSL_MD2_C
9688  case SIG_RSA_MD2:
9689  md2( message_str, msg_len, hash_result );
9690  break;
9691  #endif
9692  #ifdef POLARSSL_MD4_C
9693  case SIG_RSA_MD4:
9694  md4( message_str, msg_len, hash_result );
9695  break;
9696  #endif
9697  #ifdef POLARSSL_MD5_C
9698  case SIG_RSA_MD5:
9699  md5( message_str, msg_len, hash_result );
9700  break;
9701  #endif
9702  #ifdef POLARSSL_SHA1_C
9703  case SIG_RSA_SHA1:
9704  sha1( message_str, msg_len, hash_result );
9705  break;
9706  #endif
9707  #ifdef POLARSSL_SHA2_C
9708  case SIG_RSA_SHA224:
9709  sha2( message_str, msg_len, hash_result, 1 );
9710  break;
9711  case SIG_RSA_SHA256:
9712  sha2( message_str, msg_len, hash_result, 0 );
9713  break;
9714  #endif
9715  #ifdef POLARSSL_SHA4_C
9716  case SIG_RSA_SHA384:
9717  sha4( message_str, msg_len, hash_result, 1 );
9718  break;
9719  case SIG_RSA_SHA512:
9720  sha4( message_str, msg_len, hash_result, 0 );
9721  break;
9722  #endif
9723  }
9724 
9725  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9726  if( 0 == 0 )
9727  {
9728  hexify( output_str, output, ctx.len);
9729 
9730  fct_chk( strcasecmp( (char *) output_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" ) == 0 );
9731  }
9732 
9733  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9734  }
9735  FCT_TEST_END();
9736 
9737 
9738  FCT_TEST_BGN(rsassa_pss_signature_example_5_2_verify)
9739  {
9740  unsigned char message_str[1000];
9741  unsigned char hash_result[1000];
9742  unsigned char result_str[1000];
9743  rsa_context ctx;
9744  size_t msg_len;
9745 
9747  memset( message_str, 0x00, 1000 );
9748  memset( hash_result, 0x00, 1000 );
9749  memset( result_str, 0x00, 1000 );
9750 
9751  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9752  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9753  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9754 
9755  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9756 
9757  msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
9758  unhexify( result_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" );
9759 
9760  switch( SIG_RSA_SHA1 )
9761  {
9762  #ifdef POLARSSL_MD2_C
9763  case SIG_RSA_MD2:
9764  md2( message_str, msg_len, hash_result );
9765  break;
9766  #endif
9767  #ifdef POLARSSL_MD4_C
9768  case SIG_RSA_MD4:
9769  md4( message_str, msg_len, hash_result );
9770  break;
9771  #endif
9772  #ifdef POLARSSL_MD5_C
9773  case SIG_RSA_MD5:
9774  md5( message_str, msg_len, hash_result );
9775  break;
9776  #endif
9777  #ifdef POLARSSL_SHA1_C
9778  case SIG_RSA_SHA1:
9779  sha1( message_str, msg_len, hash_result );
9780  break;
9781  #endif
9782  #ifdef POLARSSL_SHA2_C
9783  case SIG_RSA_SHA224:
9784  sha2( message_str, msg_len, hash_result, 1 );
9785  break;
9786  case SIG_RSA_SHA256:
9787  sha2( message_str, msg_len, hash_result, 0 );
9788  break;
9789  #endif
9790  #ifdef POLARSSL_SHA4_C
9791  case SIG_RSA_SHA384:
9792  sha4( message_str, msg_len, hash_result, 1 );
9793  break;
9794  case SIG_RSA_SHA512:
9795  sha4( message_str, msg_len, hash_result, 0 );
9796  break;
9797  #endif
9798  }
9799 
9800  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9801  }
9802  FCT_TEST_END();
9803 
9804 
9805  FCT_TEST_BGN(rsassa_pss_signature_example_5_3)
9806  {
9807  unsigned char message_str[1000];
9808  unsigned char hash_result[1000];
9809  unsigned char output[1000];
9810  unsigned char output_str[1000];
9811  unsigned char rnd_buf[1000];
9812  rsa_context ctx;
9813  mpi P1, Q1, H, G;
9814  size_t msg_len;
9815  rnd_buf_info info;
9816 
9817  info.length = unhexify( rnd_buf, "815779a91b3a8bd049bf2aeb920142772222c9ca" );
9818  info.buf = rnd_buf;
9819 
9820  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9822 
9823  memset( message_str, 0x00, 1000 );
9824  memset( hash_result, 0x00, 1000 );
9825  memset( output, 0x00, 1000 );
9826  memset( output_str, 0x00, 1000 );
9827 
9828  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9829  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9830  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9831  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9832  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9833 
9834  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9835  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9836  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9837  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
9838  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
9839  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
9840  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
9841  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
9842 
9843  fct_chk( rsa_check_privkey( &ctx ) == 0 );
9844 
9845  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
9846 
9847  switch( SIG_RSA_SHA1 )
9848  {
9849  #ifdef POLARSSL_MD2_C
9850  case SIG_RSA_MD2:
9851  md2( message_str, msg_len, hash_result );
9852  break;
9853  #endif
9854  #ifdef POLARSSL_MD4_C
9855  case SIG_RSA_MD4:
9856  md4( message_str, msg_len, hash_result );
9857  break;
9858  #endif
9859  #ifdef POLARSSL_MD5_C
9860  case SIG_RSA_MD5:
9861  md5( message_str, msg_len, hash_result );
9862  break;
9863  #endif
9864  #ifdef POLARSSL_SHA1_C
9865  case SIG_RSA_SHA1:
9866  sha1( message_str, msg_len, hash_result );
9867  break;
9868  #endif
9869  #ifdef POLARSSL_SHA2_C
9870  case SIG_RSA_SHA224:
9871  sha2( message_str, msg_len, hash_result, 1 );
9872  break;
9873  case SIG_RSA_SHA256:
9874  sha2( message_str, msg_len, hash_result, 0 );
9875  break;
9876  #endif
9877  #ifdef POLARSSL_SHA4_C
9878  case SIG_RSA_SHA384:
9879  sha4( message_str, msg_len, hash_result, 1 );
9880  break;
9881  case SIG_RSA_SHA512:
9882  sha4( message_str, msg_len, hash_result, 0 );
9883  break;
9884  #endif
9885  }
9886 
9887  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
9888  if( 0 == 0 )
9889  {
9890  hexify( output_str, output, ctx.len);
9891 
9892  fct_chk( strcasecmp( (char *) output_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" ) == 0 );
9893  }
9894 
9895  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
9896  }
9897  FCT_TEST_END();
9898 
9899 
9900  FCT_TEST_BGN(rsassa_pss_signature_example_5_3_verify)
9901  {
9902  unsigned char message_str[1000];
9903  unsigned char hash_result[1000];
9904  unsigned char result_str[1000];
9905  rsa_context ctx;
9906  size_t msg_len;
9907 
9909  memset( message_str, 0x00, 1000 );
9910  memset( hash_result, 0x00, 1000 );
9911  memset( result_str, 0x00, 1000 );
9912 
9913  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9914  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9915  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9916 
9917  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
9918 
9919  msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
9920  unhexify( result_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" );
9921 
9922  switch( SIG_RSA_SHA1 )
9923  {
9924  #ifdef POLARSSL_MD2_C
9925  case SIG_RSA_MD2:
9926  md2( message_str, msg_len, hash_result );
9927  break;
9928  #endif
9929  #ifdef POLARSSL_MD4_C
9930  case SIG_RSA_MD4:
9931  md4( message_str, msg_len, hash_result );
9932  break;
9933  #endif
9934  #ifdef POLARSSL_MD5_C
9935  case SIG_RSA_MD5:
9936  md5( message_str, msg_len, hash_result );
9937  break;
9938  #endif
9939  #ifdef POLARSSL_SHA1_C
9940  case SIG_RSA_SHA1:
9941  sha1( message_str, msg_len, hash_result );
9942  break;
9943  #endif
9944  #ifdef POLARSSL_SHA2_C
9945  case SIG_RSA_SHA224:
9946  sha2( message_str, msg_len, hash_result, 1 );
9947  break;
9948  case SIG_RSA_SHA256:
9949  sha2( message_str, msg_len, hash_result, 0 );
9950  break;
9951  #endif
9952  #ifdef POLARSSL_SHA4_C
9953  case SIG_RSA_SHA384:
9954  sha4( message_str, msg_len, hash_result, 1 );
9955  break;
9956  case SIG_RSA_SHA512:
9957  sha4( message_str, msg_len, hash_result, 0 );
9958  break;
9959  #endif
9960  }
9961 
9962  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
9963  }
9964  FCT_TEST_END();
9965 
9966 
9967  FCT_TEST_BGN(rsassa_pss_signature_example_5_4)
9968  {
9969  unsigned char message_str[1000];
9970  unsigned char hash_result[1000];
9971  unsigned char output[1000];
9972  unsigned char output_str[1000];
9973  unsigned char rnd_buf[1000];
9974  rsa_context ctx;
9975  mpi P1, Q1, H, G;
9976  size_t msg_len;
9977  rnd_buf_info info;
9978 
9979  info.length = unhexify( rnd_buf, "9aec4a7480d5bbc42920d7ca235db674989c9aac" );
9980  info.buf = rnd_buf;
9981 
9982  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
9984 
9985  memset( message_str, 0x00, 1000 );
9986  memset( hash_result, 0x00, 1000 );
9987  memset( output, 0x00, 1000 );
9988  memset( output_str, 0x00, 1000 );
9989 
9990  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
9991  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
9992  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
9993  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
9994  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
9995 
9996  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
9997  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
9998  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
9999  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10000  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10001  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10002  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10003  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10004 
10005  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10006 
10007  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10008 
10009  switch( SIG_RSA_SHA1 )
10010  {
10011  #ifdef POLARSSL_MD2_C
10012  case SIG_RSA_MD2:
10013  md2( message_str, msg_len, hash_result );
10014  break;
10015  #endif
10016  #ifdef POLARSSL_MD4_C
10017  case SIG_RSA_MD4:
10018  md4( message_str, msg_len, hash_result );
10019  break;
10020  #endif
10021  #ifdef POLARSSL_MD5_C
10022  case SIG_RSA_MD5:
10023  md5( message_str, msg_len, hash_result );
10024  break;
10025  #endif
10026  #ifdef POLARSSL_SHA1_C
10027  case SIG_RSA_SHA1:
10028  sha1( message_str, msg_len, hash_result );
10029  break;
10030  #endif
10031  #ifdef POLARSSL_SHA2_C
10032  case SIG_RSA_SHA224:
10033  sha2( message_str, msg_len, hash_result, 1 );
10034  break;
10035  case SIG_RSA_SHA256:
10036  sha2( message_str, msg_len, hash_result, 0 );
10037  break;
10038  #endif
10039  #ifdef POLARSSL_SHA4_C
10040  case SIG_RSA_SHA384:
10041  sha4( message_str, msg_len, hash_result, 1 );
10042  break;
10043  case SIG_RSA_SHA512:
10044  sha4( message_str, msg_len, hash_result, 0 );
10045  break;
10046  #endif
10047  }
10048 
10049  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10050  if( 0 == 0 )
10051  {
10052  hexify( output_str, output, ctx.len);
10053 
10054  fct_chk( strcasecmp( (char *) output_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" ) == 0 );
10055  }
10056 
10057  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10058  }
10059  FCT_TEST_END();
10060 
10061 
10062  FCT_TEST_BGN(rsassa_pss_signature_example_5_4_verify)
10063  {
10064  unsigned char message_str[1000];
10065  unsigned char hash_result[1000];
10066  unsigned char result_str[1000];
10067  rsa_context ctx;
10068  size_t msg_len;
10069 
10071  memset( message_str, 0x00, 1000 );
10072  memset( hash_result, 0x00, 1000 );
10073  memset( result_str, 0x00, 1000 );
10074 
10075  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10076  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10077  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10078 
10079  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10080 
10081  msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10082  unhexify( result_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" );
10083 
10084  switch( SIG_RSA_SHA1 )
10085  {
10086  #ifdef POLARSSL_MD2_C
10087  case SIG_RSA_MD2:
10088  md2( message_str, msg_len, hash_result );
10089  break;
10090  #endif
10091  #ifdef POLARSSL_MD4_C
10092  case SIG_RSA_MD4:
10093  md4( message_str, msg_len, hash_result );
10094  break;
10095  #endif
10096  #ifdef POLARSSL_MD5_C
10097  case SIG_RSA_MD5:
10098  md5( message_str, msg_len, hash_result );
10099  break;
10100  #endif
10101  #ifdef POLARSSL_SHA1_C
10102  case SIG_RSA_SHA1:
10103  sha1( message_str, msg_len, hash_result );
10104  break;
10105  #endif
10106  #ifdef POLARSSL_SHA2_C
10107  case SIG_RSA_SHA224:
10108  sha2( message_str, msg_len, hash_result, 1 );
10109  break;
10110  case SIG_RSA_SHA256:
10111  sha2( message_str, msg_len, hash_result, 0 );
10112  break;
10113  #endif
10114  #ifdef POLARSSL_SHA4_C
10115  case SIG_RSA_SHA384:
10116  sha4( message_str, msg_len, hash_result, 1 );
10117  break;
10118  case SIG_RSA_SHA512:
10119  sha4( message_str, msg_len, hash_result, 0 );
10120  break;
10121  #endif
10122  }
10123 
10124  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10125  }
10126  FCT_TEST_END();
10127 
10128 
10129  FCT_TEST_BGN(rsassa_pss_signature_example_5_5)
10130  {
10131  unsigned char message_str[1000];
10132  unsigned char hash_result[1000];
10133  unsigned char output[1000];
10134  unsigned char output_str[1000];
10135  unsigned char rnd_buf[1000];
10136  rsa_context ctx;
10137  mpi P1, Q1, H, G;
10138  size_t msg_len;
10139  rnd_buf_info info;
10140 
10141  info.length = unhexify( rnd_buf, "e20c1e9878512c39970f58375e1549a68b64f31d" );
10142  info.buf = rnd_buf;
10143 
10144  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10146 
10147  memset( message_str, 0x00, 1000 );
10148  memset( hash_result, 0x00, 1000 );
10149  memset( output, 0x00, 1000 );
10150  memset( output_str, 0x00, 1000 );
10151 
10152  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10153  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10154  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10155  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10156  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10157 
10158  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10159  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10160  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10161  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10162  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10163  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10164  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10165  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10166 
10167  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10168 
10169  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10170 
10171  switch( SIG_RSA_SHA1 )
10172  {
10173  #ifdef POLARSSL_MD2_C
10174  case SIG_RSA_MD2:
10175  md2( message_str, msg_len, hash_result );
10176  break;
10177  #endif
10178  #ifdef POLARSSL_MD4_C
10179  case SIG_RSA_MD4:
10180  md4( message_str, msg_len, hash_result );
10181  break;
10182  #endif
10183  #ifdef POLARSSL_MD5_C
10184  case SIG_RSA_MD5:
10185  md5( message_str, msg_len, hash_result );
10186  break;
10187  #endif
10188  #ifdef POLARSSL_SHA1_C
10189  case SIG_RSA_SHA1:
10190  sha1( message_str, msg_len, hash_result );
10191  break;
10192  #endif
10193  #ifdef POLARSSL_SHA2_C
10194  case SIG_RSA_SHA224:
10195  sha2( message_str, msg_len, hash_result, 1 );
10196  break;
10197  case SIG_RSA_SHA256:
10198  sha2( message_str, msg_len, hash_result, 0 );
10199  break;
10200  #endif
10201  #ifdef POLARSSL_SHA4_C
10202  case SIG_RSA_SHA384:
10203  sha4( message_str, msg_len, hash_result, 1 );
10204  break;
10205  case SIG_RSA_SHA512:
10206  sha4( message_str, msg_len, hash_result, 0 );
10207  break;
10208  #endif
10209  }
10210 
10211  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10212  if( 0 == 0 )
10213  {
10214  hexify( output_str, output, ctx.len);
10215 
10216  fct_chk( strcasecmp( (char *) output_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" ) == 0 );
10217  }
10218 
10219  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10220  }
10221  FCT_TEST_END();
10222 
10223 
10224  FCT_TEST_BGN(rsassa_pss_signature_example_5_5_verify)
10225  {
10226  unsigned char message_str[1000];
10227  unsigned char hash_result[1000];
10228  unsigned char result_str[1000];
10229  rsa_context ctx;
10230  size_t msg_len;
10231 
10233  memset( message_str, 0x00, 1000 );
10234  memset( hash_result, 0x00, 1000 );
10235  memset( result_str, 0x00, 1000 );
10236 
10237  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10238  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10239  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10240 
10241  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10242 
10243  msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10244  unhexify( result_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" );
10245 
10246  switch( SIG_RSA_SHA1 )
10247  {
10248  #ifdef POLARSSL_MD2_C
10249  case SIG_RSA_MD2:
10250  md2( message_str, msg_len, hash_result );
10251  break;
10252  #endif
10253  #ifdef POLARSSL_MD4_C
10254  case SIG_RSA_MD4:
10255  md4( message_str, msg_len, hash_result );
10256  break;
10257  #endif
10258  #ifdef POLARSSL_MD5_C
10259  case SIG_RSA_MD5:
10260  md5( message_str, msg_len, hash_result );
10261  break;
10262  #endif
10263  #ifdef POLARSSL_SHA1_C
10264  case SIG_RSA_SHA1:
10265  sha1( message_str, msg_len, hash_result );
10266  break;
10267  #endif
10268  #ifdef POLARSSL_SHA2_C
10269  case SIG_RSA_SHA224:
10270  sha2( message_str, msg_len, hash_result, 1 );
10271  break;
10272  case SIG_RSA_SHA256:
10273  sha2( message_str, msg_len, hash_result, 0 );
10274  break;
10275  #endif
10276  #ifdef POLARSSL_SHA4_C
10277  case SIG_RSA_SHA384:
10278  sha4( message_str, msg_len, hash_result, 1 );
10279  break;
10280  case SIG_RSA_SHA512:
10281  sha4( message_str, msg_len, hash_result, 0 );
10282  break;
10283  #endif
10284  }
10285 
10286  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10287  }
10288  FCT_TEST_END();
10289 
10290 
10291  FCT_TEST_BGN(rsassa_pss_signature_example_5_6)
10292  {
10293  unsigned char message_str[1000];
10294  unsigned char hash_result[1000];
10295  unsigned char output[1000];
10296  unsigned char output_str[1000];
10297  unsigned char rnd_buf[1000];
10298  rsa_context ctx;
10299  mpi P1, Q1, H, G;
10300  size_t msg_len;
10301  rnd_buf_info info;
10302 
10303  info.length = unhexify( rnd_buf, "23291e4a3307e8bbb776623ab34e4a5f4cc8a8db" );
10304  info.buf = rnd_buf;
10305 
10306  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10308 
10309  memset( message_str, 0x00, 1000 );
10310  memset( hash_result, 0x00, 1000 );
10311  memset( output, 0x00, 1000 );
10312  memset( output_str, 0x00, 1000 );
10313 
10314  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10315  fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10316  fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10317  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10318  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10319 
10320  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10321  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10322  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10323  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10324  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10325  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10326  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10327  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10328 
10329  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10330 
10331  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10332 
10333  switch( SIG_RSA_SHA1 )
10334  {
10335  #ifdef POLARSSL_MD2_C
10336  case SIG_RSA_MD2:
10337  md2( message_str, msg_len, hash_result );
10338  break;
10339  #endif
10340  #ifdef POLARSSL_MD4_C
10341  case SIG_RSA_MD4:
10342  md4( message_str, msg_len, hash_result );
10343  break;
10344  #endif
10345  #ifdef POLARSSL_MD5_C
10346  case SIG_RSA_MD5:
10347  md5( message_str, msg_len, hash_result );
10348  break;
10349  #endif
10350  #ifdef POLARSSL_SHA1_C
10351  case SIG_RSA_SHA1:
10352  sha1( message_str, msg_len, hash_result );
10353  break;
10354  #endif
10355  #ifdef POLARSSL_SHA2_C
10356  case SIG_RSA_SHA224:
10357  sha2( message_str, msg_len, hash_result, 1 );
10358  break;
10359  case SIG_RSA_SHA256:
10360  sha2( message_str, msg_len, hash_result, 0 );
10361  break;
10362  #endif
10363  #ifdef POLARSSL_SHA4_C
10364  case SIG_RSA_SHA384:
10365  sha4( message_str, msg_len, hash_result, 1 );
10366  break;
10367  case SIG_RSA_SHA512:
10368  sha4( message_str, msg_len, hash_result, 0 );
10369  break;
10370  #endif
10371  }
10372 
10373  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10374  if( 0 == 0 )
10375  {
10376  hexify( output_str, output, ctx.len);
10377 
10378  fct_chk( strcasecmp( (char *) output_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" ) == 0 );
10379  }
10380 
10381  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10382  }
10383  FCT_TEST_END();
10384 
10385 
10386  FCT_TEST_BGN(rsassa_pss_signature_example_5_6_verify)
10387  {
10388  unsigned char message_str[1000];
10389  unsigned char hash_result[1000];
10390  unsigned char result_str[1000];
10391  rsa_context ctx;
10392  size_t msg_len;
10393 
10395  memset( message_str, 0x00, 1000 );
10396  memset( hash_result, 0x00, 1000 );
10397  memset( result_str, 0x00, 1000 );
10398 
10399  ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10400  fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10401  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10402 
10403  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10404 
10405  msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10406  unhexify( result_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" );
10407 
10408  switch( SIG_RSA_SHA1 )
10409  {
10410  #ifdef POLARSSL_MD2_C
10411  case SIG_RSA_MD2:
10412  md2( message_str, msg_len, hash_result );
10413  break;
10414  #endif
10415  #ifdef POLARSSL_MD4_C
10416  case SIG_RSA_MD4:
10417  md4( message_str, msg_len, hash_result );
10418  break;
10419  #endif
10420  #ifdef POLARSSL_MD5_C
10421  case SIG_RSA_MD5:
10422  md5( message_str, msg_len, hash_result );
10423  break;
10424  #endif
10425  #ifdef POLARSSL_SHA1_C
10426  case SIG_RSA_SHA1:
10427  sha1( message_str, msg_len, hash_result );
10428  break;
10429  #endif
10430  #ifdef POLARSSL_SHA2_C
10431  case SIG_RSA_SHA224:
10432  sha2( message_str, msg_len, hash_result, 1 );
10433  break;
10434  case SIG_RSA_SHA256:
10435  sha2( message_str, msg_len, hash_result, 0 );
10436  break;
10437  #endif
10438  #ifdef POLARSSL_SHA4_C
10439  case SIG_RSA_SHA384:
10440  sha4( message_str, msg_len, hash_result, 1 );
10441  break;
10442  case SIG_RSA_SHA512:
10443  sha4( message_str, msg_len, hash_result, 0 );
10444  break;
10445  #endif
10446  }
10447 
10448  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10449  }
10450  FCT_TEST_END();
10451 
10452 
10453  FCT_TEST_BGN(rsassa_pss_signature_example_6_1)
10454  {
10455  unsigned char message_str[1000];
10456  unsigned char hash_result[1000];
10457  unsigned char output[1000];
10458  unsigned char output_str[1000];
10459  unsigned char rnd_buf[1000];
10460  rsa_context ctx;
10461  mpi P1, Q1, H, G;
10462  size_t msg_len;
10463  rnd_buf_info info;
10464 
10465  info.length = unhexify( rnd_buf, "5b4ea2ef629cc22f3b538e016904b47b1e40bfd5" );
10466  info.buf = rnd_buf;
10467 
10468  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10470 
10471  memset( message_str, 0x00, 1000 );
10472  memset( hash_result, 0x00, 1000 );
10473  memset( output, 0x00, 1000 );
10474  memset( output_str, 0x00, 1000 );
10475 
10476  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10477  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10478  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10479  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10480  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10481 
10482  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10483  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10484  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10485  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10486  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10487  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10488  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10489  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10490 
10491  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10492 
10493  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10494 
10495  switch( SIG_RSA_SHA1 )
10496  {
10497  #ifdef POLARSSL_MD2_C
10498  case SIG_RSA_MD2:
10499  md2( message_str, msg_len, hash_result );
10500  break;
10501  #endif
10502  #ifdef POLARSSL_MD4_C
10503  case SIG_RSA_MD4:
10504  md4( message_str, msg_len, hash_result );
10505  break;
10506  #endif
10507  #ifdef POLARSSL_MD5_C
10508  case SIG_RSA_MD5:
10509  md5( message_str, msg_len, hash_result );
10510  break;
10511  #endif
10512  #ifdef POLARSSL_SHA1_C
10513  case SIG_RSA_SHA1:
10514  sha1( message_str, msg_len, hash_result );
10515  break;
10516  #endif
10517  #ifdef POLARSSL_SHA2_C
10518  case SIG_RSA_SHA224:
10519  sha2( message_str, msg_len, hash_result, 1 );
10520  break;
10521  case SIG_RSA_SHA256:
10522  sha2( message_str, msg_len, hash_result, 0 );
10523  break;
10524  #endif
10525  #ifdef POLARSSL_SHA4_C
10526  case SIG_RSA_SHA384:
10527  sha4( message_str, msg_len, hash_result, 1 );
10528  break;
10529  case SIG_RSA_SHA512:
10530  sha4( message_str, msg_len, hash_result, 0 );
10531  break;
10532  #endif
10533  }
10534 
10535  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10536  if( 0 == 0 )
10537  {
10538  hexify( output_str, output, ctx.len);
10539 
10540  fct_chk( strcasecmp( (char *) output_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" ) == 0 );
10541  }
10542 
10543  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10544  }
10545  FCT_TEST_END();
10546 
10547 
10548  FCT_TEST_BGN(rsassa_pss_signature_example_6_1_verify)
10549  {
10550  unsigned char message_str[1000];
10551  unsigned char hash_result[1000];
10552  unsigned char result_str[1000];
10553  rsa_context ctx;
10554  size_t msg_len;
10555 
10557  memset( message_str, 0x00, 1000 );
10558  memset( hash_result, 0x00, 1000 );
10559  memset( result_str, 0x00, 1000 );
10560 
10561  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10562  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10563  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10564 
10565  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10566 
10567  msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10568  unhexify( result_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" );
10569 
10570  switch( SIG_RSA_SHA1 )
10571  {
10572  #ifdef POLARSSL_MD2_C
10573  case SIG_RSA_MD2:
10574  md2( message_str, msg_len, hash_result );
10575  break;
10576  #endif
10577  #ifdef POLARSSL_MD4_C
10578  case SIG_RSA_MD4:
10579  md4( message_str, msg_len, hash_result );
10580  break;
10581  #endif
10582  #ifdef POLARSSL_MD5_C
10583  case SIG_RSA_MD5:
10584  md5( message_str, msg_len, hash_result );
10585  break;
10586  #endif
10587  #ifdef POLARSSL_SHA1_C
10588  case SIG_RSA_SHA1:
10589  sha1( message_str, msg_len, hash_result );
10590  break;
10591  #endif
10592  #ifdef POLARSSL_SHA2_C
10593  case SIG_RSA_SHA224:
10594  sha2( message_str, msg_len, hash_result, 1 );
10595  break;
10596  case SIG_RSA_SHA256:
10597  sha2( message_str, msg_len, hash_result, 0 );
10598  break;
10599  #endif
10600  #ifdef POLARSSL_SHA4_C
10601  case SIG_RSA_SHA384:
10602  sha4( message_str, msg_len, hash_result, 1 );
10603  break;
10604  case SIG_RSA_SHA512:
10605  sha4( message_str, msg_len, hash_result, 0 );
10606  break;
10607  #endif
10608  }
10609 
10610  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10611  }
10612  FCT_TEST_END();
10613 
10614 
10615  FCT_TEST_BGN(rsassa_pss_signature_example_6_2)
10616  {
10617  unsigned char message_str[1000];
10618  unsigned char hash_result[1000];
10619  unsigned char output[1000];
10620  unsigned char output_str[1000];
10621  unsigned char rnd_buf[1000];
10622  rsa_context ctx;
10623  mpi P1, Q1, H, G;
10624  size_t msg_len;
10625  rnd_buf_info info;
10626 
10627  info.length = unhexify( rnd_buf, "83146a9e782722c28b014f98b4267bda2ac9504f" );
10628  info.buf = rnd_buf;
10629 
10630  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10632 
10633  memset( message_str, 0x00, 1000 );
10634  memset( hash_result, 0x00, 1000 );
10635  memset( output, 0x00, 1000 );
10636  memset( output_str, 0x00, 1000 );
10637 
10638  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10639  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10640  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10641  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10642  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10643 
10644  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10645  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10646  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10647  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10648  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10649  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10650  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10651  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10652 
10653  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10654 
10655  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
10656 
10657  switch( SIG_RSA_SHA1 )
10658  {
10659  #ifdef POLARSSL_MD2_C
10660  case SIG_RSA_MD2:
10661  md2( message_str, msg_len, hash_result );
10662  break;
10663  #endif
10664  #ifdef POLARSSL_MD4_C
10665  case SIG_RSA_MD4:
10666  md4( message_str, msg_len, hash_result );
10667  break;
10668  #endif
10669  #ifdef POLARSSL_MD5_C
10670  case SIG_RSA_MD5:
10671  md5( message_str, msg_len, hash_result );
10672  break;
10673  #endif
10674  #ifdef POLARSSL_SHA1_C
10675  case SIG_RSA_SHA1:
10676  sha1( message_str, msg_len, hash_result );
10677  break;
10678  #endif
10679  #ifdef POLARSSL_SHA2_C
10680  case SIG_RSA_SHA224:
10681  sha2( message_str, msg_len, hash_result, 1 );
10682  break;
10683  case SIG_RSA_SHA256:
10684  sha2( message_str, msg_len, hash_result, 0 );
10685  break;
10686  #endif
10687  #ifdef POLARSSL_SHA4_C
10688  case SIG_RSA_SHA384:
10689  sha4( message_str, msg_len, hash_result, 1 );
10690  break;
10691  case SIG_RSA_SHA512:
10692  sha4( message_str, msg_len, hash_result, 0 );
10693  break;
10694  #endif
10695  }
10696 
10697  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10698  if( 0 == 0 )
10699  {
10700  hexify( output_str, output, ctx.len);
10701 
10702  fct_chk( strcasecmp( (char *) output_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" ) == 0 );
10703  }
10704 
10705  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10706  }
10707  FCT_TEST_END();
10708 
10709 
10710  FCT_TEST_BGN(rsassa_pss_signature_example_6_2_verify)
10711  {
10712  unsigned char message_str[1000];
10713  unsigned char hash_result[1000];
10714  unsigned char result_str[1000];
10715  rsa_context ctx;
10716  size_t msg_len;
10717 
10719  memset( message_str, 0x00, 1000 );
10720  memset( hash_result, 0x00, 1000 );
10721  memset( result_str, 0x00, 1000 );
10722 
10723  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10724  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10725  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10726 
10727  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10728 
10729  msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
10730  unhexify( result_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" );
10731 
10732  switch( SIG_RSA_SHA1 )
10733  {
10734  #ifdef POLARSSL_MD2_C
10735  case SIG_RSA_MD2:
10736  md2( message_str, msg_len, hash_result );
10737  break;
10738  #endif
10739  #ifdef POLARSSL_MD4_C
10740  case SIG_RSA_MD4:
10741  md4( message_str, msg_len, hash_result );
10742  break;
10743  #endif
10744  #ifdef POLARSSL_MD5_C
10745  case SIG_RSA_MD5:
10746  md5( message_str, msg_len, hash_result );
10747  break;
10748  #endif
10749  #ifdef POLARSSL_SHA1_C
10750  case SIG_RSA_SHA1:
10751  sha1( message_str, msg_len, hash_result );
10752  break;
10753  #endif
10754  #ifdef POLARSSL_SHA2_C
10755  case SIG_RSA_SHA224:
10756  sha2( message_str, msg_len, hash_result, 1 );
10757  break;
10758  case SIG_RSA_SHA256:
10759  sha2( message_str, msg_len, hash_result, 0 );
10760  break;
10761  #endif
10762  #ifdef POLARSSL_SHA4_C
10763  case SIG_RSA_SHA384:
10764  sha4( message_str, msg_len, hash_result, 1 );
10765  break;
10766  case SIG_RSA_SHA512:
10767  sha4( message_str, msg_len, hash_result, 0 );
10768  break;
10769  #endif
10770  }
10771 
10772  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10773  }
10774  FCT_TEST_END();
10775 
10776 
10777  FCT_TEST_BGN(rsassa_pss_signature_example_6_3)
10778  {
10779  unsigned char message_str[1000];
10780  unsigned char hash_result[1000];
10781  unsigned char output[1000];
10782  unsigned char output_str[1000];
10783  unsigned char rnd_buf[1000];
10784  rsa_context ctx;
10785  mpi P1, Q1, H, G;
10786  size_t msg_len;
10787  rnd_buf_info info;
10788 
10789  info.length = unhexify( rnd_buf, "a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8" );
10790  info.buf = rnd_buf;
10791 
10792  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10794 
10795  memset( message_str, 0x00, 1000 );
10796  memset( hash_result, 0x00, 1000 );
10797  memset( output, 0x00, 1000 );
10798  memset( output_str, 0x00, 1000 );
10799 
10800  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10801  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10802  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10803  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10804  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10805 
10806  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10807  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10808  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10809  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10810  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10811  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10812  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10813  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10814 
10815  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10816 
10817  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
10818 
10819  switch( SIG_RSA_SHA1 )
10820  {
10821  #ifdef POLARSSL_MD2_C
10822  case SIG_RSA_MD2:
10823  md2( message_str, msg_len, hash_result );
10824  break;
10825  #endif
10826  #ifdef POLARSSL_MD4_C
10827  case SIG_RSA_MD4:
10828  md4( message_str, msg_len, hash_result );
10829  break;
10830  #endif
10831  #ifdef POLARSSL_MD5_C
10832  case SIG_RSA_MD5:
10833  md5( message_str, msg_len, hash_result );
10834  break;
10835  #endif
10836  #ifdef POLARSSL_SHA1_C
10837  case SIG_RSA_SHA1:
10838  sha1( message_str, msg_len, hash_result );
10839  break;
10840  #endif
10841  #ifdef POLARSSL_SHA2_C
10842  case SIG_RSA_SHA224:
10843  sha2( message_str, msg_len, hash_result, 1 );
10844  break;
10845  case SIG_RSA_SHA256:
10846  sha2( message_str, msg_len, hash_result, 0 );
10847  break;
10848  #endif
10849  #ifdef POLARSSL_SHA4_C
10850  case SIG_RSA_SHA384:
10851  sha4( message_str, msg_len, hash_result, 1 );
10852  break;
10853  case SIG_RSA_SHA512:
10854  sha4( message_str, msg_len, hash_result, 0 );
10855  break;
10856  #endif
10857  }
10858 
10859  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10860  if( 0 == 0 )
10861  {
10862  hexify( output_str, output, ctx.len);
10863 
10864  fct_chk( strcasecmp( (char *) output_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" ) == 0 );
10865  }
10866 
10867  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10868  }
10869  FCT_TEST_END();
10870 
10871 
10872  FCT_TEST_BGN(rsassa_pss_signature_example_6_3_verify)
10873  {
10874  unsigned char message_str[1000];
10875  unsigned char hash_result[1000];
10876  unsigned char result_str[1000];
10877  rsa_context ctx;
10878  size_t msg_len;
10879 
10881  memset( message_str, 0x00, 1000 );
10882  memset( hash_result, 0x00, 1000 );
10883  memset( result_str, 0x00, 1000 );
10884 
10885  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10886  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10887  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10888 
10889  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10890 
10891  msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
10892  unhexify( result_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" );
10893 
10894  switch( SIG_RSA_SHA1 )
10895  {
10896  #ifdef POLARSSL_MD2_C
10897  case SIG_RSA_MD2:
10898  md2( message_str, msg_len, hash_result );
10899  break;
10900  #endif
10901  #ifdef POLARSSL_MD4_C
10902  case SIG_RSA_MD4:
10903  md4( message_str, msg_len, hash_result );
10904  break;
10905  #endif
10906  #ifdef POLARSSL_MD5_C
10907  case SIG_RSA_MD5:
10908  md5( message_str, msg_len, hash_result );
10909  break;
10910  #endif
10911  #ifdef POLARSSL_SHA1_C
10912  case SIG_RSA_SHA1:
10913  sha1( message_str, msg_len, hash_result );
10914  break;
10915  #endif
10916  #ifdef POLARSSL_SHA2_C
10917  case SIG_RSA_SHA224:
10918  sha2( message_str, msg_len, hash_result, 1 );
10919  break;
10920  case SIG_RSA_SHA256:
10921  sha2( message_str, msg_len, hash_result, 0 );
10922  break;
10923  #endif
10924  #ifdef POLARSSL_SHA4_C
10925  case SIG_RSA_SHA384:
10926  sha4( message_str, msg_len, hash_result, 1 );
10927  break;
10928  case SIG_RSA_SHA512:
10929  sha4( message_str, msg_len, hash_result, 0 );
10930  break;
10931  #endif
10932  }
10933 
10934  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10935  }
10936  FCT_TEST_END();
10937 
10938 
10939  FCT_TEST_BGN(rsassa_pss_signature_example_6_4)
10940  {
10941  unsigned char message_str[1000];
10942  unsigned char hash_result[1000];
10943  unsigned char output[1000];
10944  unsigned char output_str[1000];
10945  unsigned char rnd_buf[1000];
10946  rsa_context ctx;
10947  mpi P1, Q1, H, G;
10948  size_t msg_len;
10949  rnd_buf_info info;
10950 
10951  info.length = unhexify( rnd_buf, "a37932f8a7494a942d6f767438e724d6d0c0ef18" );
10952  info.buf = rnd_buf;
10953 
10954  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10956 
10957  memset( message_str, 0x00, 1000 );
10958  memset( hash_result, 0x00, 1000 );
10959  memset( output, 0x00, 1000 );
10960  memset( output_str, 0x00, 1000 );
10961 
10962  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10963  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10964  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10965  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10966  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10967 
10968  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10969  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10970  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10971  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
10972  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
10973  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10974  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10975  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10976 
10977  fct_chk( rsa_check_privkey( &ctx ) == 0 );
10978 
10979  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
10980 
10981  switch( SIG_RSA_SHA1 )
10982  {
10983  #ifdef POLARSSL_MD2_C
10984  case SIG_RSA_MD2:
10985  md2( message_str, msg_len, hash_result );
10986  break;
10987  #endif
10988  #ifdef POLARSSL_MD4_C
10989  case SIG_RSA_MD4:
10990  md4( message_str, msg_len, hash_result );
10991  break;
10992  #endif
10993  #ifdef POLARSSL_MD5_C
10994  case SIG_RSA_MD5:
10995  md5( message_str, msg_len, hash_result );
10996  break;
10997  #endif
10998  #ifdef POLARSSL_SHA1_C
10999  case SIG_RSA_SHA1:
11000  sha1( message_str, msg_len, hash_result );
11001  break;
11002  #endif
11003  #ifdef POLARSSL_SHA2_C
11004  case SIG_RSA_SHA224:
11005  sha2( message_str, msg_len, hash_result, 1 );
11006  break;
11007  case SIG_RSA_SHA256:
11008  sha2( message_str, msg_len, hash_result, 0 );
11009  break;
11010  #endif
11011  #ifdef POLARSSL_SHA4_C
11012  case SIG_RSA_SHA384:
11013  sha4( message_str, msg_len, hash_result, 1 );
11014  break;
11015  case SIG_RSA_SHA512:
11016  sha4( message_str, msg_len, hash_result, 0 );
11017  break;
11018  #endif
11019  }
11020 
11021  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11022  if( 0 == 0 )
11023  {
11024  hexify( output_str, output, ctx.len);
11025 
11026  fct_chk( strcasecmp( (char *) output_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" ) == 0 );
11027  }
11028 
11029  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11030  }
11031  FCT_TEST_END();
11032 
11033 
11034  FCT_TEST_BGN(rsassa_pss_signature_example_6_4_verify)
11035  {
11036  unsigned char message_str[1000];
11037  unsigned char hash_result[1000];
11038  unsigned char result_str[1000];
11039  rsa_context ctx;
11040  size_t msg_len;
11041 
11043  memset( message_str, 0x00, 1000 );
11044  memset( hash_result, 0x00, 1000 );
11045  memset( result_str, 0x00, 1000 );
11046 
11047  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11048  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11049  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11050 
11051  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11052 
11053  msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11054  unhexify( result_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" );
11055 
11056  switch( SIG_RSA_SHA1 )
11057  {
11058  #ifdef POLARSSL_MD2_C
11059  case SIG_RSA_MD2:
11060  md2( message_str, msg_len, hash_result );
11061  break;
11062  #endif
11063  #ifdef POLARSSL_MD4_C
11064  case SIG_RSA_MD4:
11065  md4( message_str, msg_len, hash_result );
11066  break;
11067  #endif
11068  #ifdef POLARSSL_MD5_C
11069  case SIG_RSA_MD5:
11070  md5( message_str, msg_len, hash_result );
11071  break;
11072  #endif
11073  #ifdef POLARSSL_SHA1_C
11074  case SIG_RSA_SHA1:
11075  sha1( message_str, msg_len, hash_result );
11076  break;
11077  #endif
11078  #ifdef POLARSSL_SHA2_C
11079  case SIG_RSA_SHA224:
11080  sha2( message_str, msg_len, hash_result, 1 );
11081  break;
11082  case SIG_RSA_SHA256:
11083  sha2( message_str, msg_len, hash_result, 0 );
11084  break;
11085  #endif
11086  #ifdef POLARSSL_SHA4_C
11087  case SIG_RSA_SHA384:
11088  sha4( message_str, msg_len, hash_result, 1 );
11089  break;
11090  case SIG_RSA_SHA512:
11091  sha4( message_str, msg_len, hash_result, 0 );
11092  break;
11093  #endif
11094  }
11095 
11096  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11097  }
11098  FCT_TEST_END();
11099 
11100 
11101  FCT_TEST_BGN(rsassa_pss_signature_example_6_5)
11102  {
11103  unsigned char message_str[1000];
11104  unsigned char hash_result[1000];
11105  unsigned char output[1000];
11106  unsigned char output_str[1000];
11107  unsigned char rnd_buf[1000];
11108  rsa_context ctx;
11109  mpi P1, Q1, H, G;
11110  size_t msg_len;
11111  rnd_buf_info info;
11112 
11113  info.length = unhexify( rnd_buf, "7b790c1d62f7b84e94df6af28917cf571018110e" );
11114  info.buf = rnd_buf;
11115 
11116  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11118 
11119  memset( message_str, 0x00, 1000 );
11120  memset( hash_result, 0x00, 1000 );
11121  memset( output, 0x00, 1000 );
11122  memset( output_str, 0x00, 1000 );
11123 
11124  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11125  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11126  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11127  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11128  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11129 
11130  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11131  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11132  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11133  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11134  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11135  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11136  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11137  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11138 
11139  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11140 
11141  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11142 
11143  switch( SIG_RSA_SHA1 )
11144  {
11145  #ifdef POLARSSL_MD2_C
11146  case SIG_RSA_MD2:
11147  md2( message_str, msg_len, hash_result );
11148  break;
11149  #endif
11150  #ifdef POLARSSL_MD4_C
11151  case SIG_RSA_MD4:
11152  md4( message_str, msg_len, hash_result );
11153  break;
11154  #endif
11155  #ifdef POLARSSL_MD5_C
11156  case SIG_RSA_MD5:
11157  md5( message_str, msg_len, hash_result );
11158  break;
11159  #endif
11160  #ifdef POLARSSL_SHA1_C
11161  case SIG_RSA_SHA1:
11162  sha1( message_str, msg_len, hash_result );
11163  break;
11164  #endif
11165  #ifdef POLARSSL_SHA2_C
11166  case SIG_RSA_SHA224:
11167  sha2( message_str, msg_len, hash_result, 1 );
11168  break;
11169  case SIG_RSA_SHA256:
11170  sha2( message_str, msg_len, hash_result, 0 );
11171  break;
11172  #endif
11173  #ifdef POLARSSL_SHA4_C
11174  case SIG_RSA_SHA384:
11175  sha4( message_str, msg_len, hash_result, 1 );
11176  break;
11177  case SIG_RSA_SHA512:
11178  sha4( message_str, msg_len, hash_result, 0 );
11179  break;
11180  #endif
11181  }
11182 
11183  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11184  if( 0 == 0 )
11185  {
11186  hexify( output_str, output, ctx.len);
11187 
11188  fct_chk( strcasecmp( (char *) output_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" ) == 0 );
11189  }
11190 
11191  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11192  }
11193  FCT_TEST_END();
11194 
11195 
11196  FCT_TEST_BGN(rsassa_pss_signature_example_6_5_verify)
11197  {
11198  unsigned char message_str[1000];
11199  unsigned char hash_result[1000];
11200  unsigned char result_str[1000];
11201  rsa_context ctx;
11202  size_t msg_len;
11203 
11205  memset( message_str, 0x00, 1000 );
11206  memset( hash_result, 0x00, 1000 );
11207  memset( result_str, 0x00, 1000 );
11208 
11209  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11210  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11211  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11212 
11213  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11214 
11215  msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11216  unhexify( result_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" );
11217 
11218  switch( SIG_RSA_SHA1 )
11219  {
11220  #ifdef POLARSSL_MD2_C
11221  case SIG_RSA_MD2:
11222  md2( message_str, msg_len, hash_result );
11223  break;
11224  #endif
11225  #ifdef POLARSSL_MD4_C
11226  case SIG_RSA_MD4:
11227  md4( message_str, msg_len, hash_result );
11228  break;
11229  #endif
11230  #ifdef POLARSSL_MD5_C
11231  case SIG_RSA_MD5:
11232  md5( message_str, msg_len, hash_result );
11233  break;
11234  #endif
11235  #ifdef POLARSSL_SHA1_C
11236  case SIG_RSA_SHA1:
11237  sha1( message_str, msg_len, hash_result );
11238  break;
11239  #endif
11240  #ifdef POLARSSL_SHA2_C
11241  case SIG_RSA_SHA224:
11242  sha2( message_str, msg_len, hash_result, 1 );
11243  break;
11244  case SIG_RSA_SHA256:
11245  sha2( message_str, msg_len, hash_result, 0 );
11246  break;
11247  #endif
11248  #ifdef POLARSSL_SHA4_C
11249  case SIG_RSA_SHA384:
11250  sha4( message_str, msg_len, hash_result, 1 );
11251  break;
11252  case SIG_RSA_SHA512:
11253  sha4( message_str, msg_len, hash_result, 0 );
11254  break;
11255  #endif
11256  }
11257 
11258  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11259  }
11260  FCT_TEST_END();
11261 
11262 
11263  FCT_TEST_BGN(rsassa_pss_signature_example_6_6)
11264  {
11265  unsigned char message_str[1000];
11266  unsigned char hash_result[1000];
11267  unsigned char output[1000];
11268  unsigned char output_str[1000];
11269  unsigned char rnd_buf[1000];
11270  rsa_context ctx;
11271  mpi P1, Q1, H, G;
11272  size_t msg_len;
11273  rnd_buf_info info;
11274 
11275  info.length = unhexify( rnd_buf, "fbbe059025b69b89fb14ae2289e7aaafe60c0fcd" );
11276  info.buf = rnd_buf;
11277 
11278  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11280 
11281  memset( message_str, 0x00, 1000 );
11282  memset( hash_result, 0x00, 1000 );
11283  memset( output, 0x00, 1000 );
11284  memset( output_str, 0x00, 1000 );
11285 
11286  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11287  fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11288  fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11289  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11290  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11291 
11292  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11293  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11294  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11295  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11296  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11297  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11298  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11299  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11300 
11301  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11302 
11303  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11304 
11305  switch( SIG_RSA_SHA1 )
11306  {
11307  #ifdef POLARSSL_MD2_C
11308  case SIG_RSA_MD2:
11309  md2( message_str, msg_len, hash_result );
11310  break;
11311  #endif
11312  #ifdef POLARSSL_MD4_C
11313  case SIG_RSA_MD4:
11314  md4( message_str, msg_len, hash_result );
11315  break;
11316  #endif
11317  #ifdef POLARSSL_MD5_C
11318  case SIG_RSA_MD5:
11319  md5( message_str, msg_len, hash_result );
11320  break;
11321  #endif
11322  #ifdef POLARSSL_SHA1_C
11323  case SIG_RSA_SHA1:
11324  sha1( message_str, msg_len, hash_result );
11325  break;
11326  #endif
11327  #ifdef POLARSSL_SHA2_C
11328  case SIG_RSA_SHA224:
11329  sha2( message_str, msg_len, hash_result, 1 );
11330  break;
11331  case SIG_RSA_SHA256:
11332  sha2( message_str, msg_len, hash_result, 0 );
11333  break;
11334  #endif
11335  #ifdef POLARSSL_SHA4_C
11336  case SIG_RSA_SHA384:
11337  sha4( message_str, msg_len, hash_result, 1 );
11338  break;
11339  case SIG_RSA_SHA512:
11340  sha4( message_str, msg_len, hash_result, 0 );
11341  break;
11342  #endif
11343  }
11344 
11345  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11346  if( 0 == 0 )
11347  {
11348  hexify( output_str, output, ctx.len);
11349 
11350  fct_chk( strcasecmp( (char *) output_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" ) == 0 );
11351  }
11352 
11353  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11354  }
11355  FCT_TEST_END();
11356 
11357 
11358  FCT_TEST_BGN(rsassa_pss_signature_example_6_6_verify)
11359  {
11360  unsigned char message_str[1000];
11361  unsigned char hash_result[1000];
11362  unsigned char result_str[1000];
11363  rsa_context ctx;
11364  size_t msg_len;
11365 
11367  memset( message_str, 0x00, 1000 );
11368  memset( hash_result, 0x00, 1000 );
11369  memset( result_str, 0x00, 1000 );
11370 
11371  ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11372  fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11373  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11374 
11375  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11376 
11377  msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11378  unhexify( result_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" );
11379 
11380  switch( SIG_RSA_SHA1 )
11381  {
11382  #ifdef POLARSSL_MD2_C
11383  case SIG_RSA_MD2:
11384  md2( message_str, msg_len, hash_result );
11385  break;
11386  #endif
11387  #ifdef POLARSSL_MD4_C
11388  case SIG_RSA_MD4:
11389  md4( message_str, msg_len, hash_result );
11390  break;
11391  #endif
11392  #ifdef POLARSSL_MD5_C
11393  case SIG_RSA_MD5:
11394  md5( message_str, msg_len, hash_result );
11395  break;
11396  #endif
11397  #ifdef POLARSSL_SHA1_C
11398  case SIG_RSA_SHA1:
11399  sha1( message_str, msg_len, hash_result );
11400  break;
11401  #endif
11402  #ifdef POLARSSL_SHA2_C
11403  case SIG_RSA_SHA224:
11404  sha2( message_str, msg_len, hash_result, 1 );
11405  break;
11406  case SIG_RSA_SHA256:
11407  sha2( message_str, msg_len, hash_result, 0 );
11408  break;
11409  #endif
11410  #ifdef POLARSSL_SHA4_C
11411  case SIG_RSA_SHA384:
11412  sha4( message_str, msg_len, hash_result, 1 );
11413  break;
11414  case SIG_RSA_SHA512:
11415  sha4( message_str, msg_len, hash_result, 0 );
11416  break;
11417  #endif
11418  }
11419 
11420  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11421  }
11422  FCT_TEST_END();
11423 
11424 
11425  FCT_TEST_BGN(rsassa_pss_signature_example_7_1)
11426  {
11427  unsigned char message_str[1000];
11428  unsigned char hash_result[1000];
11429  unsigned char output[1000];
11430  unsigned char output_str[1000];
11431  unsigned char rnd_buf[1000];
11432  rsa_context ctx;
11433  mpi P1, Q1, H, G;
11434  size_t msg_len;
11435  rnd_buf_info info;
11436 
11437  info.length = unhexify( rnd_buf, "b7867a59958cb54328f8775e6546ec06d27eaa50" );
11438  info.buf = rnd_buf;
11439 
11440  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11442 
11443  memset( message_str, 0x00, 1000 );
11444  memset( hash_result, 0x00, 1000 );
11445  memset( output, 0x00, 1000 );
11446  memset( output_str, 0x00, 1000 );
11447 
11448  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11449  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11450  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11451  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11452  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11453 
11454  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11455  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11456  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11457  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11458  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11459  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11460  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11461  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11462 
11463  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11464 
11465  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11466 
11467  switch( SIG_RSA_SHA1 )
11468  {
11469  #ifdef POLARSSL_MD2_C
11470  case SIG_RSA_MD2:
11471  md2( message_str, msg_len, hash_result );
11472  break;
11473  #endif
11474  #ifdef POLARSSL_MD4_C
11475  case SIG_RSA_MD4:
11476  md4( message_str, msg_len, hash_result );
11477  break;
11478  #endif
11479  #ifdef POLARSSL_MD5_C
11480  case SIG_RSA_MD5:
11481  md5( message_str, msg_len, hash_result );
11482  break;
11483  #endif
11484  #ifdef POLARSSL_SHA1_C
11485  case SIG_RSA_SHA1:
11486  sha1( message_str, msg_len, hash_result );
11487  break;
11488  #endif
11489  #ifdef POLARSSL_SHA2_C
11490  case SIG_RSA_SHA224:
11491  sha2( message_str, msg_len, hash_result, 1 );
11492  break;
11493  case SIG_RSA_SHA256:
11494  sha2( message_str, msg_len, hash_result, 0 );
11495  break;
11496  #endif
11497  #ifdef POLARSSL_SHA4_C
11498  case SIG_RSA_SHA384:
11499  sha4( message_str, msg_len, hash_result, 1 );
11500  break;
11501  case SIG_RSA_SHA512:
11502  sha4( message_str, msg_len, hash_result, 0 );
11503  break;
11504  #endif
11505  }
11506 
11507  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11508  if( 0 == 0 )
11509  {
11510  hexify( output_str, output, ctx.len);
11511 
11512  fct_chk( strcasecmp( (char *) output_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" ) == 0 );
11513  }
11514 
11515  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11516  }
11517  FCT_TEST_END();
11518 
11519 
11520  FCT_TEST_BGN(rsassa_pss_signature_example_7_1_verify)
11521  {
11522  unsigned char message_str[1000];
11523  unsigned char hash_result[1000];
11524  unsigned char result_str[1000];
11525  rsa_context ctx;
11526  size_t msg_len;
11527 
11529  memset( message_str, 0x00, 1000 );
11530  memset( hash_result, 0x00, 1000 );
11531  memset( result_str, 0x00, 1000 );
11532 
11533  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11534  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11535  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11536 
11537  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11538 
11539  msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11540  unhexify( result_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" );
11541 
11542  switch( SIG_RSA_SHA1 )
11543  {
11544  #ifdef POLARSSL_MD2_C
11545  case SIG_RSA_MD2:
11546  md2( message_str, msg_len, hash_result );
11547  break;
11548  #endif
11549  #ifdef POLARSSL_MD4_C
11550  case SIG_RSA_MD4:
11551  md4( message_str, msg_len, hash_result );
11552  break;
11553  #endif
11554  #ifdef POLARSSL_MD5_C
11555  case SIG_RSA_MD5:
11556  md5( message_str, msg_len, hash_result );
11557  break;
11558  #endif
11559  #ifdef POLARSSL_SHA1_C
11560  case SIG_RSA_SHA1:
11561  sha1( message_str, msg_len, hash_result );
11562  break;
11563  #endif
11564  #ifdef POLARSSL_SHA2_C
11565  case SIG_RSA_SHA224:
11566  sha2( message_str, msg_len, hash_result, 1 );
11567  break;
11568  case SIG_RSA_SHA256:
11569  sha2( message_str, msg_len, hash_result, 0 );
11570  break;
11571  #endif
11572  #ifdef POLARSSL_SHA4_C
11573  case SIG_RSA_SHA384:
11574  sha4( message_str, msg_len, hash_result, 1 );
11575  break;
11576  case SIG_RSA_SHA512:
11577  sha4( message_str, msg_len, hash_result, 0 );
11578  break;
11579  #endif
11580  }
11581 
11582  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11583  }
11584  FCT_TEST_END();
11585 
11586 
11587  FCT_TEST_BGN(rsassa_pss_signature_example_7_2)
11588  {
11589  unsigned char message_str[1000];
11590  unsigned char hash_result[1000];
11591  unsigned char output[1000];
11592  unsigned char output_str[1000];
11593  unsigned char rnd_buf[1000];
11594  rsa_context ctx;
11595  mpi P1, Q1, H, G;
11596  size_t msg_len;
11597  rnd_buf_info info;
11598 
11599  info.length = unhexify( rnd_buf, "0c09582266df086310821ba7e18df64dfee6de09" );
11600  info.buf = rnd_buf;
11601 
11602  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11604 
11605  memset( message_str, 0x00, 1000 );
11606  memset( hash_result, 0x00, 1000 );
11607  memset( output, 0x00, 1000 );
11608  memset( output_str, 0x00, 1000 );
11609 
11610  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11611  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11612  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11613  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11614  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11615 
11616  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11617  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11618  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11619  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11620  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11621  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11622  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11623  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11624 
11625  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11626 
11627  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
11628 
11629  switch( SIG_RSA_SHA1 )
11630  {
11631  #ifdef POLARSSL_MD2_C
11632  case SIG_RSA_MD2:
11633  md2( message_str, msg_len, hash_result );
11634  break;
11635  #endif
11636  #ifdef POLARSSL_MD4_C
11637  case SIG_RSA_MD4:
11638  md4( message_str, msg_len, hash_result );
11639  break;
11640  #endif
11641  #ifdef POLARSSL_MD5_C
11642  case SIG_RSA_MD5:
11643  md5( message_str, msg_len, hash_result );
11644  break;
11645  #endif
11646  #ifdef POLARSSL_SHA1_C
11647  case SIG_RSA_SHA1:
11648  sha1( message_str, msg_len, hash_result );
11649  break;
11650  #endif
11651  #ifdef POLARSSL_SHA2_C
11652  case SIG_RSA_SHA224:
11653  sha2( message_str, msg_len, hash_result, 1 );
11654  break;
11655  case SIG_RSA_SHA256:
11656  sha2( message_str, msg_len, hash_result, 0 );
11657  break;
11658  #endif
11659  #ifdef POLARSSL_SHA4_C
11660  case SIG_RSA_SHA384:
11661  sha4( message_str, msg_len, hash_result, 1 );
11662  break;
11663  case SIG_RSA_SHA512:
11664  sha4( message_str, msg_len, hash_result, 0 );
11665  break;
11666  #endif
11667  }
11668 
11669  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11670  if( 0 == 0 )
11671  {
11672  hexify( output_str, output, ctx.len);
11673 
11674  fct_chk( strcasecmp( (char *) output_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" ) == 0 );
11675  }
11676 
11677  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11678  }
11679  FCT_TEST_END();
11680 
11681 
11682  FCT_TEST_BGN(rsassa_pss_signature_example_7_2_verify)
11683  {
11684  unsigned char message_str[1000];
11685  unsigned char hash_result[1000];
11686  unsigned char result_str[1000];
11687  rsa_context ctx;
11688  size_t msg_len;
11689 
11691  memset( message_str, 0x00, 1000 );
11692  memset( hash_result, 0x00, 1000 );
11693  memset( result_str, 0x00, 1000 );
11694 
11695  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11696  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11697  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11698 
11699  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11700 
11701  msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
11702  unhexify( result_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" );
11703 
11704  switch( SIG_RSA_SHA1 )
11705  {
11706  #ifdef POLARSSL_MD2_C
11707  case SIG_RSA_MD2:
11708  md2( message_str, msg_len, hash_result );
11709  break;
11710  #endif
11711  #ifdef POLARSSL_MD4_C
11712  case SIG_RSA_MD4:
11713  md4( message_str, msg_len, hash_result );
11714  break;
11715  #endif
11716  #ifdef POLARSSL_MD5_C
11717  case SIG_RSA_MD5:
11718  md5( message_str, msg_len, hash_result );
11719  break;
11720  #endif
11721  #ifdef POLARSSL_SHA1_C
11722  case SIG_RSA_SHA1:
11723  sha1( message_str, msg_len, hash_result );
11724  break;
11725  #endif
11726  #ifdef POLARSSL_SHA2_C
11727  case SIG_RSA_SHA224:
11728  sha2( message_str, msg_len, hash_result, 1 );
11729  break;
11730  case SIG_RSA_SHA256:
11731  sha2( message_str, msg_len, hash_result, 0 );
11732  break;
11733  #endif
11734  #ifdef POLARSSL_SHA4_C
11735  case SIG_RSA_SHA384:
11736  sha4( message_str, msg_len, hash_result, 1 );
11737  break;
11738  case SIG_RSA_SHA512:
11739  sha4( message_str, msg_len, hash_result, 0 );
11740  break;
11741  #endif
11742  }
11743 
11744  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11745  }
11746  FCT_TEST_END();
11747 
11748 
11749  FCT_TEST_BGN(rsassa_pss_signature_example_7_3)
11750  {
11751  unsigned char message_str[1000];
11752  unsigned char hash_result[1000];
11753  unsigned char output[1000];
11754  unsigned char output_str[1000];
11755  unsigned char rnd_buf[1000];
11756  rsa_context ctx;
11757  mpi P1, Q1, H, G;
11758  size_t msg_len;
11759  rnd_buf_info info;
11760 
11761  info.length = unhexify( rnd_buf, "28039dcfe106d3b8296611258c4a56651c9e92dd" );
11762  info.buf = rnd_buf;
11763 
11764  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11766 
11767  memset( message_str, 0x00, 1000 );
11768  memset( hash_result, 0x00, 1000 );
11769  memset( output, 0x00, 1000 );
11770  memset( output_str, 0x00, 1000 );
11771 
11772  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11773  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11774  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11775  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11776  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11777 
11778  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11779  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11780  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11781  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11782  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11783  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11784  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11785  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11786 
11787  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11788 
11789  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
11790 
11791  switch( SIG_RSA_SHA1 )
11792  {
11793  #ifdef POLARSSL_MD2_C
11794  case SIG_RSA_MD2:
11795  md2( message_str, msg_len, hash_result );
11796  break;
11797  #endif
11798  #ifdef POLARSSL_MD4_C
11799  case SIG_RSA_MD4:
11800  md4( message_str, msg_len, hash_result );
11801  break;
11802  #endif
11803  #ifdef POLARSSL_MD5_C
11804  case SIG_RSA_MD5:
11805  md5( message_str, msg_len, hash_result );
11806  break;
11807  #endif
11808  #ifdef POLARSSL_SHA1_C
11809  case SIG_RSA_SHA1:
11810  sha1( message_str, msg_len, hash_result );
11811  break;
11812  #endif
11813  #ifdef POLARSSL_SHA2_C
11814  case SIG_RSA_SHA224:
11815  sha2( message_str, msg_len, hash_result, 1 );
11816  break;
11817  case SIG_RSA_SHA256:
11818  sha2( message_str, msg_len, hash_result, 0 );
11819  break;
11820  #endif
11821  #ifdef POLARSSL_SHA4_C
11822  case SIG_RSA_SHA384:
11823  sha4( message_str, msg_len, hash_result, 1 );
11824  break;
11825  case SIG_RSA_SHA512:
11826  sha4( message_str, msg_len, hash_result, 0 );
11827  break;
11828  #endif
11829  }
11830 
11831  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11832  if( 0 == 0 )
11833  {
11834  hexify( output_str, output, ctx.len);
11835 
11836  fct_chk( strcasecmp( (char *) output_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" ) == 0 );
11837  }
11838 
11839  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11840  }
11841  FCT_TEST_END();
11842 
11843 
11844  FCT_TEST_BGN(rsassa_pss_signature_example_7_3_verify)
11845  {
11846  unsigned char message_str[1000];
11847  unsigned char hash_result[1000];
11848  unsigned char result_str[1000];
11849  rsa_context ctx;
11850  size_t msg_len;
11851 
11853  memset( message_str, 0x00, 1000 );
11854  memset( hash_result, 0x00, 1000 );
11855  memset( result_str, 0x00, 1000 );
11856 
11857  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11858  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11859  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11860 
11861  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11862 
11863  msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
11864  unhexify( result_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" );
11865 
11866  switch( SIG_RSA_SHA1 )
11867  {
11868  #ifdef POLARSSL_MD2_C
11869  case SIG_RSA_MD2:
11870  md2( message_str, msg_len, hash_result );
11871  break;
11872  #endif
11873  #ifdef POLARSSL_MD4_C
11874  case SIG_RSA_MD4:
11875  md4( message_str, msg_len, hash_result );
11876  break;
11877  #endif
11878  #ifdef POLARSSL_MD5_C
11879  case SIG_RSA_MD5:
11880  md5( message_str, msg_len, hash_result );
11881  break;
11882  #endif
11883  #ifdef POLARSSL_SHA1_C
11884  case SIG_RSA_SHA1:
11885  sha1( message_str, msg_len, hash_result );
11886  break;
11887  #endif
11888  #ifdef POLARSSL_SHA2_C
11889  case SIG_RSA_SHA224:
11890  sha2( message_str, msg_len, hash_result, 1 );
11891  break;
11892  case SIG_RSA_SHA256:
11893  sha2( message_str, msg_len, hash_result, 0 );
11894  break;
11895  #endif
11896  #ifdef POLARSSL_SHA4_C
11897  case SIG_RSA_SHA384:
11898  sha4( message_str, msg_len, hash_result, 1 );
11899  break;
11900  case SIG_RSA_SHA512:
11901  sha4( message_str, msg_len, hash_result, 0 );
11902  break;
11903  #endif
11904  }
11905 
11906  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11907  }
11908  FCT_TEST_END();
11909 
11910 
11911  FCT_TEST_BGN(rsassa_pss_signature_example_7_4)
11912  {
11913  unsigned char message_str[1000];
11914  unsigned char hash_result[1000];
11915  unsigned char output[1000];
11916  unsigned char output_str[1000];
11917  unsigned char rnd_buf[1000];
11918  rsa_context ctx;
11919  mpi P1, Q1, H, G;
11920  size_t msg_len;
11921  rnd_buf_info info;
11922 
11923  info.length = unhexify( rnd_buf, "a77821ebbbef24628e4e12e1d0ea96de398f7b0f" );
11924  info.buf = rnd_buf;
11925 
11926  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11928 
11929  memset( message_str, 0x00, 1000 );
11930  memset( hash_result, 0x00, 1000 );
11931  memset( output, 0x00, 1000 );
11932  memset( output_str, 0x00, 1000 );
11933 
11934  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11935  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11936  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11937  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11938  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11939 
11940  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11941  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11942  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11943  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
11944  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
11945  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11946  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11947  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11948 
11949  fct_chk( rsa_check_privkey( &ctx ) == 0 );
11950 
11951  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
11952 
11953  switch( SIG_RSA_SHA1 )
11954  {
11955  #ifdef POLARSSL_MD2_C
11956  case SIG_RSA_MD2:
11957  md2( message_str, msg_len, hash_result );
11958  break;
11959  #endif
11960  #ifdef POLARSSL_MD4_C
11961  case SIG_RSA_MD4:
11962  md4( message_str, msg_len, hash_result );
11963  break;
11964  #endif
11965  #ifdef POLARSSL_MD5_C
11966  case SIG_RSA_MD5:
11967  md5( message_str, msg_len, hash_result );
11968  break;
11969  #endif
11970  #ifdef POLARSSL_SHA1_C
11971  case SIG_RSA_SHA1:
11972  sha1( message_str, msg_len, hash_result );
11973  break;
11974  #endif
11975  #ifdef POLARSSL_SHA2_C
11976  case SIG_RSA_SHA224:
11977  sha2( message_str, msg_len, hash_result, 1 );
11978  break;
11979  case SIG_RSA_SHA256:
11980  sha2( message_str, msg_len, hash_result, 0 );
11981  break;
11982  #endif
11983  #ifdef POLARSSL_SHA4_C
11984  case SIG_RSA_SHA384:
11985  sha4( message_str, msg_len, hash_result, 1 );
11986  break;
11987  case SIG_RSA_SHA512:
11988  sha4( message_str, msg_len, hash_result, 0 );
11989  break;
11990  #endif
11991  }
11992 
11993  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11994  if( 0 == 0 )
11995  {
11996  hexify( output_str, output, ctx.len);
11997 
11998  fct_chk( strcasecmp( (char *) output_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" ) == 0 );
11999  }
12000 
12001  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12002  }
12003  FCT_TEST_END();
12004 
12005 
12006  FCT_TEST_BGN(rsassa_pss_signature_example_7_4_verify)
12007  {
12008  unsigned char message_str[1000];
12009  unsigned char hash_result[1000];
12010  unsigned char result_str[1000];
12011  rsa_context ctx;
12012  size_t msg_len;
12013 
12015  memset( message_str, 0x00, 1000 );
12016  memset( hash_result, 0x00, 1000 );
12017  memset( result_str, 0x00, 1000 );
12018 
12019  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12020  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12021  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12022 
12023  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12024 
12025  msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12026  unhexify( result_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" );
12027 
12028  switch( SIG_RSA_SHA1 )
12029  {
12030  #ifdef POLARSSL_MD2_C
12031  case SIG_RSA_MD2:
12032  md2( message_str, msg_len, hash_result );
12033  break;
12034  #endif
12035  #ifdef POLARSSL_MD4_C
12036  case SIG_RSA_MD4:
12037  md4( message_str, msg_len, hash_result );
12038  break;
12039  #endif
12040  #ifdef POLARSSL_MD5_C
12041  case SIG_RSA_MD5:
12042  md5( message_str, msg_len, hash_result );
12043  break;
12044  #endif
12045  #ifdef POLARSSL_SHA1_C
12046  case SIG_RSA_SHA1:
12047  sha1( message_str, msg_len, hash_result );
12048  break;
12049  #endif
12050  #ifdef POLARSSL_SHA2_C
12051  case SIG_RSA_SHA224:
12052  sha2( message_str, msg_len, hash_result, 1 );
12053  break;
12054  case SIG_RSA_SHA256:
12055  sha2( message_str, msg_len, hash_result, 0 );
12056  break;
12057  #endif
12058  #ifdef POLARSSL_SHA4_C
12059  case SIG_RSA_SHA384:
12060  sha4( message_str, msg_len, hash_result, 1 );
12061  break;
12062  case SIG_RSA_SHA512:
12063  sha4( message_str, msg_len, hash_result, 0 );
12064  break;
12065  #endif
12066  }
12067 
12068  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12069  }
12070  FCT_TEST_END();
12071 
12072 
12073  FCT_TEST_BGN(rsassa_pss_signature_example_7_5)
12074  {
12075  unsigned char message_str[1000];
12076  unsigned char hash_result[1000];
12077  unsigned char output[1000];
12078  unsigned char output_str[1000];
12079  unsigned char rnd_buf[1000];
12080  rsa_context ctx;
12081  mpi P1, Q1, H, G;
12082  size_t msg_len;
12083  rnd_buf_info info;
12084 
12085  info.length = unhexify( rnd_buf, "9d5ad8eb452134b65dc3a98b6a73b5f741609cd6" );
12086  info.buf = rnd_buf;
12087 
12088  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12090 
12091  memset( message_str, 0x00, 1000 );
12092  memset( hash_result, 0x00, 1000 );
12093  memset( output, 0x00, 1000 );
12094  memset( output_str, 0x00, 1000 );
12095 
12096  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12097  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12098  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12099  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12100  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12101 
12102  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12103  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12104  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12105  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12106  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12107  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12108  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12109  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12110 
12111  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12112 
12113  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12114 
12115  switch( SIG_RSA_SHA1 )
12116  {
12117  #ifdef POLARSSL_MD2_C
12118  case SIG_RSA_MD2:
12119  md2( message_str, msg_len, hash_result );
12120  break;
12121  #endif
12122  #ifdef POLARSSL_MD4_C
12123  case SIG_RSA_MD4:
12124  md4( message_str, msg_len, hash_result );
12125  break;
12126  #endif
12127  #ifdef POLARSSL_MD5_C
12128  case SIG_RSA_MD5:
12129  md5( message_str, msg_len, hash_result );
12130  break;
12131  #endif
12132  #ifdef POLARSSL_SHA1_C
12133  case SIG_RSA_SHA1:
12134  sha1( message_str, msg_len, hash_result );
12135  break;
12136  #endif
12137  #ifdef POLARSSL_SHA2_C
12138  case SIG_RSA_SHA224:
12139  sha2( message_str, msg_len, hash_result, 1 );
12140  break;
12141  case SIG_RSA_SHA256:
12142  sha2( message_str, msg_len, hash_result, 0 );
12143  break;
12144  #endif
12145  #ifdef POLARSSL_SHA4_C
12146  case SIG_RSA_SHA384:
12147  sha4( message_str, msg_len, hash_result, 1 );
12148  break;
12149  case SIG_RSA_SHA512:
12150  sha4( message_str, msg_len, hash_result, 0 );
12151  break;
12152  #endif
12153  }
12154 
12155  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12156  if( 0 == 0 )
12157  {
12158  hexify( output_str, output, ctx.len);
12159 
12160  fct_chk( strcasecmp( (char *) output_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" ) == 0 );
12161  }
12162 
12163  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12164  }
12165  FCT_TEST_END();
12166 
12167 
12168  FCT_TEST_BGN(rsassa_pss_signature_example_7_5_verify)
12169  {
12170  unsigned char message_str[1000];
12171  unsigned char hash_result[1000];
12172  unsigned char result_str[1000];
12173  rsa_context ctx;
12174  size_t msg_len;
12175 
12177  memset( message_str, 0x00, 1000 );
12178  memset( hash_result, 0x00, 1000 );
12179  memset( result_str, 0x00, 1000 );
12180 
12181  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12182  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12183  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12184 
12185  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12186 
12187  msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12188  unhexify( result_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" );
12189 
12190  switch( SIG_RSA_SHA1 )
12191  {
12192  #ifdef POLARSSL_MD2_C
12193  case SIG_RSA_MD2:
12194  md2( message_str, msg_len, hash_result );
12195  break;
12196  #endif
12197  #ifdef POLARSSL_MD4_C
12198  case SIG_RSA_MD4:
12199  md4( message_str, msg_len, hash_result );
12200  break;
12201  #endif
12202  #ifdef POLARSSL_MD5_C
12203  case SIG_RSA_MD5:
12204  md5( message_str, msg_len, hash_result );
12205  break;
12206  #endif
12207  #ifdef POLARSSL_SHA1_C
12208  case SIG_RSA_SHA1:
12209  sha1( message_str, msg_len, hash_result );
12210  break;
12211  #endif
12212  #ifdef POLARSSL_SHA2_C
12213  case SIG_RSA_SHA224:
12214  sha2( message_str, msg_len, hash_result, 1 );
12215  break;
12216  case SIG_RSA_SHA256:
12217  sha2( message_str, msg_len, hash_result, 0 );
12218  break;
12219  #endif
12220  #ifdef POLARSSL_SHA4_C
12221  case SIG_RSA_SHA384:
12222  sha4( message_str, msg_len, hash_result, 1 );
12223  break;
12224  case SIG_RSA_SHA512:
12225  sha4( message_str, msg_len, hash_result, 0 );
12226  break;
12227  #endif
12228  }
12229 
12230  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12231  }
12232  FCT_TEST_END();
12233 
12234 
12235  FCT_TEST_BGN(rsassa_pss_signature_example_7_6)
12236  {
12237  unsigned char message_str[1000];
12238  unsigned char hash_result[1000];
12239  unsigned char output[1000];
12240  unsigned char output_str[1000];
12241  unsigned char rnd_buf[1000];
12242  rsa_context ctx;
12243  mpi P1, Q1, H, G;
12244  size_t msg_len;
12245  rnd_buf_info info;
12246 
12247  info.length = unhexify( rnd_buf, "3f2efc595880a7d47fcf3cba04983ea54c4b73fb" );
12248  info.buf = rnd_buf;
12249 
12250  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12252 
12253  memset( message_str, 0x00, 1000 );
12254  memset( hash_result, 0x00, 1000 );
12255  memset( output, 0x00, 1000 );
12256  memset( output_str, 0x00, 1000 );
12257 
12258  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12259  fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12260  fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12261  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12262  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12263 
12264  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12265  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12266  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12267  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12268  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12269  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12270  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12271  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12272 
12273  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12274 
12275  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12276 
12277  switch( SIG_RSA_SHA1 )
12278  {
12279  #ifdef POLARSSL_MD2_C
12280  case SIG_RSA_MD2:
12281  md2( message_str, msg_len, hash_result );
12282  break;
12283  #endif
12284  #ifdef POLARSSL_MD4_C
12285  case SIG_RSA_MD4:
12286  md4( message_str, msg_len, hash_result );
12287  break;
12288  #endif
12289  #ifdef POLARSSL_MD5_C
12290  case SIG_RSA_MD5:
12291  md5( message_str, msg_len, hash_result );
12292  break;
12293  #endif
12294  #ifdef POLARSSL_SHA1_C
12295  case SIG_RSA_SHA1:
12296  sha1( message_str, msg_len, hash_result );
12297  break;
12298  #endif
12299  #ifdef POLARSSL_SHA2_C
12300  case SIG_RSA_SHA224:
12301  sha2( message_str, msg_len, hash_result, 1 );
12302  break;
12303  case SIG_RSA_SHA256:
12304  sha2( message_str, msg_len, hash_result, 0 );
12305  break;
12306  #endif
12307  #ifdef POLARSSL_SHA4_C
12308  case SIG_RSA_SHA384:
12309  sha4( message_str, msg_len, hash_result, 1 );
12310  break;
12311  case SIG_RSA_SHA512:
12312  sha4( message_str, msg_len, hash_result, 0 );
12313  break;
12314  #endif
12315  }
12316 
12317  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12318  if( 0 == 0 )
12319  {
12320  hexify( output_str, output, ctx.len);
12321 
12322  fct_chk( strcasecmp( (char *) output_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" ) == 0 );
12323  }
12324 
12325  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12326  }
12327  FCT_TEST_END();
12328 
12329 
12330  FCT_TEST_BGN(rsassa_pss_signature_example_7_6_verify)
12331  {
12332  unsigned char message_str[1000];
12333  unsigned char hash_result[1000];
12334  unsigned char result_str[1000];
12335  rsa_context ctx;
12336  size_t msg_len;
12337 
12339  memset( message_str, 0x00, 1000 );
12340  memset( hash_result, 0x00, 1000 );
12341  memset( result_str, 0x00, 1000 );
12342 
12343  ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12344  fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12345  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12346 
12347  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12348 
12349  msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12350  unhexify( result_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" );
12351 
12352  switch( SIG_RSA_SHA1 )
12353  {
12354  #ifdef POLARSSL_MD2_C
12355  case SIG_RSA_MD2:
12356  md2( message_str, msg_len, hash_result );
12357  break;
12358  #endif
12359  #ifdef POLARSSL_MD4_C
12360  case SIG_RSA_MD4:
12361  md4( message_str, msg_len, hash_result );
12362  break;
12363  #endif
12364  #ifdef POLARSSL_MD5_C
12365  case SIG_RSA_MD5:
12366  md5( message_str, msg_len, hash_result );
12367  break;
12368  #endif
12369  #ifdef POLARSSL_SHA1_C
12370  case SIG_RSA_SHA1:
12371  sha1( message_str, msg_len, hash_result );
12372  break;
12373  #endif
12374  #ifdef POLARSSL_SHA2_C
12375  case SIG_RSA_SHA224:
12376  sha2( message_str, msg_len, hash_result, 1 );
12377  break;
12378  case SIG_RSA_SHA256:
12379  sha2( message_str, msg_len, hash_result, 0 );
12380  break;
12381  #endif
12382  #ifdef POLARSSL_SHA4_C
12383  case SIG_RSA_SHA384:
12384  sha4( message_str, msg_len, hash_result, 1 );
12385  break;
12386  case SIG_RSA_SHA512:
12387  sha4( message_str, msg_len, hash_result, 0 );
12388  break;
12389  #endif
12390  }
12391 
12392  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12393  }
12394  FCT_TEST_END();
12395 
12396 
12397  FCT_TEST_BGN(rsassa_pss_signature_example_8_1)
12398  {
12399  unsigned char message_str[1000];
12400  unsigned char hash_result[1000];
12401  unsigned char output[1000];
12402  unsigned char output_str[1000];
12403  unsigned char rnd_buf[1000];
12404  rsa_context ctx;
12405  mpi P1, Q1, H, G;
12406  size_t msg_len;
12407  rnd_buf_info info;
12408 
12409  info.length = unhexify( rnd_buf, "1d65491d79c864b373009be6f6f2467bac4c78fa" );
12410  info.buf = rnd_buf;
12411 
12412  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12414 
12415  memset( message_str, 0x00, 1000 );
12416  memset( hash_result, 0x00, 1000 );
12417  memset( output, 0x00, 1000 );
12418  memset( output_str, 0x00, 1000 );
12419 
12420  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12421  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12422  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12423  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12424  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12425 
12426  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12427  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12428  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12429  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12430  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12431  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12432  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12433  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12434 
12435  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12436 
12437  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12438 
12439  switch( SIG_RSA_SHA1 )
12440  {
12441  #ifdef POLARSSL_MD2_C
12442  case SIG_RSA_MD2:
12443  md2( message_str, msg_len, hash_result );
12444  break;
12445  #endif
12446  #ifdef POLARSSL_MD4_C
12447  case SIG_RSA_MD4:
12448  md4( message_str, msg_len, hash_result );
12449  break;
12450  #endif
12451  #ifdef POLARSSL_MD5_C
12452  case SIG_RSA_MD5:
12453  md5( message_str, msg_len, hash_result );
12454  break;
12455  #endif
12456  #ifdef POLARSSL_SHA1_C
12457  case SIG_RSA_SHA1:
12458  sha1( message_str, msg_len, hash_result );
12459  break;
12460  #endif
12461  #ifdef POLARSSL_SHA2_C
12462  case SIG_RSA_SHA224:
12463  sha2( message_str, msg_len, hash_result, 1 );
12464  break;
12465  case SIG_RSA_SHA256:
12466  sha2( message_str, msg_len, hash_result, 0 );
12467  break;
12468  #endif
12469  #ifdef POLARSSL_SHA4_C
12470  case SIG_RSA_SHA384:
12471  sha4( message_str, msg_len, hash_result, 1 );
12472  break;
12473  case SIG_RSA_SHA512:
12474  sha4( message_str, msg_len, hash_result, 0 );
12475  break;
12476  #endif
12477  }
12478 
12479  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12480  if( 0 == 0 )
12481  {
12482  hexify( output_str, output, ctx.len);
12483 
12484  fct_chk( strcasecmp( (char *) output_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" ) == 0 );
12485  }
12486 
12487  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12488  }
12489  FCT_TEST_END();
12490 
12491 
12492  FCT_TEST_BGN(rsassa_pss_signature_example_8_1_verify)
12493  {
12494  unsigned char message_str[1000];
12495  unsigned char hash_result[1000];
12496  unsigned char result_str[1000];
12497  rsa_context ctx;
12498  size_t msg_len;
12499 
12501  memset( message_str, 0x00, 1000 );
12502  memset( hash_result, 0x00, 1000 );
12503  memset( result_str, 0x00, 1000 );
12504 
12505  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12506  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12507  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12508 
12509  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12510 
12511  msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12512  unhexify( result_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" );
12513 
12514  switch( SIG_RSA_SHA1 )
12515  {
12516  #ifdef POLARSSL_MD2_C
12517  case SIG_RSA_MD2:
12518  md2( message_str, msg_len, hash_result );
12519  break;
12520  #endif
12521  #ifdef POLARSSL_MD4_C
12522  case SIG_RSA_MD4:
12523  md4( message_str, msg_len, hash_result );
12524  break;
12525  #endif
12526  #ifdef POLARSSL_MD5_C
12527  case SIG_RSA_MD5:
12528  md5( message_str, msg_len, hash_result );
12529  break;
12530  #endif
12531  #ifdef POLARSSL_SHA1_C
12532  case SIG_RSA_SHA1:
12533  sha1( message_str, msg_len, hash_result );
12534  break;
12535  #endif
12536  #ifdef POLARSSL_SHA2_C
12537  case SIG_RSA_SHA224:
12538  sha2( message_str, msg_len, hash_result, 1 );
12539  break;
12540  case SIG_RSA_SHA256:
12541  sha2( message_str, msg_len, hash_result, 0 );
12542  break;
12543  #endif
12544  #ifdef POLARSSL_SHA4_C
12545  case SIG_RSA_SHA384:
12546  sha4( message_str, msg_len, hash_result, 1 );
12547  break;
12548  case SIG_RSA_SHA512:
12549  sha4( message_str, msg_len, hash_result, 0 );
12550  break;
12551  #endif
12552  }
12553 
12554  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12555  }
12556  FCT_TEST_END();
12557 
12558 
12559  FCT_TEST_BGN(rsassa_pss_signature_example_8_2)
12560  {
12561  unsigned char message_str[1000];
12562  unsigned char hash_result[1000];
12563  unsigned char output[1000];
12564  unsigned char output_str[1000];
12565  unsigned char rnd_buf[1000];
12566  rsa_context ctx;
12567  mpi P1, Q1, H, G;
12568  size_t msg_len;
12569  rnd_buf_info info;
12570 
12571  info.length = unhexify( rnd_buf, "435c098aa9909eb2377f1248b091b68987ff1838" );
12572  info.buf = rnd_buf;
12573 
12574  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12576 
12577  memset( message_str, 0x00, 1000 );
12578  memset( hash_result, 0x00, 1000 );
12579  memset( output, 0x00, 1000 );
12580  memset( output_str, 0x00, 1000 );
12581 
12582  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12583  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12584  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12585  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12586  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12587 
12588  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12589  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12590  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12591  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12592  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12593  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12594  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12595  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12596 
12597  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12598 
12599  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
12600 
12601  switch( SIG_RSA_SHA1 )
12602  {
12603  #ifdef POLARSSL_MD2_C
12604  case SIG_RSA_MD2:
12605  md2( message_str, msg_len, hash_result );
12606  break;
12607  #endif
12608  #ifdef POLARSSL_MD4_C
12609  case SIG_RSA_MD4:
12610  md4( message_str, msg_len, hash_result );
12611  break;
12612  #endif
12613  #ifdef POLARSSL_MD5_C
12614  case SIG_RSA_MD5:
12615  md5( message_str, msg_len, hash_result );
12616  break;
12617  #endif
12618  #ifdef POLARSSL_SHA1_C
12619  case SIG_RSA_SHA1:
12620  sha1( message_str, msg_len, hash_result );
12621  break;
12622  #endif
12623  #ifdef POLARSSL_SHA2_C
12624  case SIG_RSA_SHA224:
12625  sha2( message_str, msg_len, hash_result, 1 );
12626  break;
12627  case SIG_RSA_SHA256:
12628  sha2( message_str, msg_len, hash_result, 0 );
12629  break;
12630  #endif
12631  #ifdef POLARSSL_SHA4_C
12632  case SIG_RSA_SHA384:
12633  sha4( message_str, msg_len, hash_result, 1 );
12634  break;
12635  case SIG_RSA_SHA512:
12636  sha4( message_str, msg_len, hash_result, 0 );
12637  break;
12638  #endif
12639  }
12640 
12641  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12642  if( 0 == 0 )
12643  {
12644  hexify( output_str, output, ctx.len);
12645 
12646  fct_chk( strcasecmp( (char *) output_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" ) == 0 );
12647  }
12648 
12649  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12650  }
12651  FCT_TEST_END();
12652 
12653 
12654  FCT_TEST_BGN(rsassa_pss_signature_example_8_2_verify)
12655  {
12656  unsigned char message_str[1000];
12657  unsigned char hash_result[1000];
12658  unsigned char result_str[1000];
12659  rsa_context ctx;
12660  size_t msg_len;
12661 
12663  memset( message_str, 0x00, 1000 );
12664  memset( hash_result, 0x00, 1000 );
12665  memset( result_str, 0x00, 1000 );
12666 
12667  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12668  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12669  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12670 
12671  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12672 
12673  msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
12674  unhexify( result_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" );
12675 
12676  switch( SIG_RSA_SHA1 )
12677  {
12678  #ifdef POLARSSL_MD2_C
12679  case SIG_RSA_MD2:
12680  md2( message_str, msg_len, hash_result );
12681  break;
12682  #endif
12683  #ifdef POLARSSL_MD4_C
12684  case SIG_RSA_MD4:
12685  md4( message_str, msg_len, hash_result );
12686  break;
12687  #endif
12688  #ifdef POLARSSL_MD5_C
12689  case SIG_RSA_MD5:
12690  md5( message_str, msg_len, hash_result );
12691  break;
12692  #endif
12693  #ifdef POLARSSL_SHA1_C
12694  case SIG_RSA_SHA1:
12695  sha1( message_str, msg_len, hash_result );
12696  break;
12697  #endif
12698  #ifdef POLARSSL_SHA2_C
12699  case SIG_RSA_SHA224:
12700  sha2( message_str, msg_len, hash_result, 1 );
12701  break;
12702  case SIG_RSA_SHA256:
12703  sha2( message_str, msg_len, hash_result, 0 );
12704  break;
12705  #endif
12706  #ifdef POLARSSL_SHA4_C
12707  case SIG_RSA_SHA384:
12708  sha4( message_str, msg_len, hash_result, 1 );
12709  break;
12710  case SIG_RSA_SHA512:
12711  sha4( message_str, msg_len, hash_result, 0 );
12712  break;
12713  #endif
12714  }
12715 
12716  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12717  }
12718  FCT_TEST_END();
12719 
12720 
12721  FCT_TEST_BGN(rsassa_pss_signature_example_8_3)
12722  {
12723  unsigned char message_str[1000];
12724  unsigned char hash_result[1000];
12725  unsigned char output[1000];
12726  unsigned char output_str[1000];
12727  unsigned char rnd_buf[1000];
12728  rsa_context ctx;
12729  mpi P1, Q1, H, G;
12730  size_t msg_len;
12731  rnd_buf_info info;
12732 
12733  info.length = unhexify( rnd_buf, "c6ebbe76df0c4aea32c474175b2f136862d04529" );
12734  info.buf = rnd_buf;
12735 
12736  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12738 
12739  memset( message_str, 0x00, 1000 );
12740  memset( hash_result, 0x00, 1000 );
12741  memset( output, 0x00, 1000 );
12742  memset( output_str, 0x00, 1000 );
12743 
12744  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12745  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12746  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12747  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12748  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12749 
12750  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12751  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12752  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12753  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12754  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12755  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12756  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12757  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12758 
12759  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12760 
12761  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
12762 
12763  switch( SIG_RSA_SHA1 )
12764  {
12765  #ifdef POLARSSL_MD2_C
12766  case SIG_RSA_MD2:
12767  md2( message_str, msg_len, hash_result );
12768  break;
12769  #endif
12770  #ifdef POLARSSL_MD4_C
12771  case SIG_RSA_MD4:
12772  md4( message_str, msg_len, hash_result );
12773  break;
12774  #endif
12775  #ifdef POLARSSL_MD5_C
12776  case SIG_RSA_MD5:
12777  md5( message_str, msg_len, hash_result );
12778  break;
12779  #endif
12780  #ifdef POLARSSL_SHA1_C
12781  case SIG_RSA_SHA1:
12782  sha1( message_str, msg_len, hash_result );
12783  break;
12784  #endif
12785  #ifdef POLARSSL_SHA2_C
12786  case SIG_RSA_SHA224:
12787  sha2( message_str, msg_len, hash_result, 1 );
12788  break;
12789  case SIG_RSA_SHA256:
12790  sha2( message_str, msg_len, hash_result, 0 );
12791  break;
12792  #endif
12793  #ifdef POLARSSL_SHA4_C
12794  case SIG_RSA_SHA384:
12795  sha4( message_str, msg_len, hash_result, 1 );
12796  break;
12797  case SIG_RSA_SHA512:
12798  sha4( message_str, msg_len, hash_result, 0 );
12799  break;
12800  #endif
12801  }
12802 
12803  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12804  if( 0 == 0 )
12805  {
12806  hexify( output_str, output, ctx.len);
12807 
12808  fct_chk( strcasecmp( (char *) output_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" ) == 0 );
12809  }
12810 
12811  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12812  }
12813  FCT_TEST_END();
12814 
12815 
12816  FCT_TEST_BGN(rsassa_pss_signature_example_8_3_verify)
12817  {
12818  unsigned char message_str[1000];
12819  unsigned char hash_result[1000];
12820  unsigned char result_str[1000];
12821  rsa_context ctx;
12822  size_t msg_len;
12823 
12825  memset( message_str, 0x00, 1000 );
12826  memset( hash_result, 0x00, 1000 );
12827  memset( result_str, 0x00, 1000 );
12828 
12829  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12830  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12831  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12832 
12833  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12834 
12835  msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
12836  unhexify( result_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" );
12837 
12838  switch( SIG_RSA_SHA1 )
12839  {
12840  #ifdef POLARSSL_MD2_C
12841  case SIG_RSA_MD2:
12842  md2( message_str, msg_len, hash_result );
12843  break;
12844  #endif
12845  #ifdef POLARSSL_MD4_C
12846  case SIG_RSA_MD4:
12847  md4( message_str, msg_len, hash_result );
12848  break;
12849  #endif
12850  #ifdef POLARSSL_MD5_C
12851  case SIG_RSA_MD5:
12852  md5( message_str, msg_len, hash_result );
12853  break;
12854  #endif
12855  #ifdef POLARSSL_SHA1_C
12856  case SIG_RSA_SHA1:
12857  sha1( message_str, msg_len, hash_result );
12858  break;
12859  #endif
12860  #ifdef POLARSSL_SHA2_C
12861  case SIG_RSA_SHA224:
12862  sha2( message_str, msg_len, hash_result, 1 );
12863  break;
12864  case SIG_RSA_SHA256:
12865  sha2( message_str, msg_len, hash_result, 0 );
12866  break;
12867  #endif
12868  #ifdef POLARSSL_SHA4_C
12869  case SIG_RSA_SHA384:
12870  sha4( message_str, msg_len, hash_result, 1 );
12871  break;
12872  case SIG_RSA_SHA512:
12873  sha4( message_str, msg_len, hash_result, 0 );
12874  break;
12875  #endif
12876  }
12877 
12878  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12879  }
12880  FCT_TEST_END();
12881 
12882 
12883  FCT_TEST_BGN(rsassa_pss_signature_example_8_4)
12884  {
12885  unsigned char message_str[1000];
12886  unsigned char hash_result[1000];
12887  unsigned char output[1000];
12888  unsigned char output_str[1000];
12889  unsigned char rnd_buf[1000];
12890  rsa_context ctx;
12891  mpi P1, Q1, H, G;
12892  size_t msg_len;
12893  rnd_buf_info info;
12894 
12895  info.length = unhexify( rnd_buf, "021fdcc6ebb5e19b1cb16e9c67f27681657fe20a" );
12896  info.buf = rnd_buf;
12897 
12898  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12900 
12901  memset( message_str, 0x00, 1000 );
12902  memset( hash_result, 0x00, 1000 );
12903  memset( output, 0x00, 1000 );
12904  memset( output_str, 0x00, 1000 );
12905 
12906  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12907  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12908  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12909  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12910  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12911 
12912  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12913  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12914  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12915  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
12916  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
12917  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12918  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12919  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12920 
12921  fct_chk( rsa_check_privkey( &ctx ) == 0 );
12922 
12923  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
12924 
12925  switch( SIG_RSA_SHA1 )
12926  {
12927  #ifdef POLARSSL_MD2_C
12928  case SIG_RSA_MD2:
12929  md2( message_str, msg_len, hash_result );
12930  break;
12931  #endif
12932  #ifdef POLARSSL_MD4_C
12933  case SIG_RSA_MD4:
12934  md4( message_str, msg_len, hash_result );
12935  break;
12936  #endif
12937  #ifdef POLARSSL_MD5_C
12938  case SIG_RSA_MD5:
12939  md5( message_str, msg_len, hash_result );
12940  break;
12941  #endif
12942  #ifdef POLARSSL_SHA1_C
12943  case SIG_RSA_SHA1:
12944  sha1( message_str, msg_len, hash_result );
12945  break;
12946  #endif
12947  #ifdef POLARSSL_SHA2_C
12948  case SIG_RSA_SHA224:
12949  sha2( message_str, msg_len, hash_result, 1 );
12950  break;
12951  case SIG_RSA_SHA256:
12952  sha2( message_str, msg_len, hash_result, 0 );
12953  break;
12954  #endif
12955  #ifdef POLARSSL_SHA4_C
12956  case SIG_RSA_SHA384:
12957  sha4( message_str, msg_len, hash_result, 1 );
12958  break;
12959  case SIG_RSA_SHA512:
12960  sha4( message_str, msg_len, hash_result, 0 );
12961  break;
12962  #endif
12963  }
12964 
12965  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12966  if( 0 == 0 )
12967  {
12968  hexify( output_str, output, ctx.len);
12969 
12970  fct_chk( strcasecmp( (char *) output_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" ) == 0 );
12971  }
12972 
12973  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12974  }
12975  FCT_TEST_END();
12976 
12977 
12978  FCT_TEST_BGN(rsassa_pss_signature_example_8_4_verify)
12979  {
12980  unsigned char message_str[1000];
12981  unsigned char hash_result[1000];
12982  unsigned char result_str[1000];
12983  rsa_context ctx;
12984  size_t msg_len;
12985 
12987  memset( message_str, 0x00, 1000 );
12988  memset( hash_result, 0x00, 1000 );
12989  memset( result_str, 0x00, 1000 );
12990 
12991  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12992  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12993  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12994 
12995  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12996 
12997  msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
12998  unhexify( result_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" );
12999 
13000  switch( SIG_RSA_SHA1 )
13001  {
13002  #ifdef POLARSSL_MD2_C
13003  case SIG_RSA_MD2:
13004  md2( message_str, msg_len, hash_result );
13005  break;
13006  #endif
13007  #ifdef POLARSSL_MD4_C
13008  case SIG_RSA_MD4:
13009  md4( message_str, msg_len, hash_result );
13010  break;
13011  #endif
13012  #ifdef POLARSSL_MD5_C
13013  case SIG_RSA_MD5:
13014  md5( message_str, msg_len, hash_result );
13015  break;
13016  #endif
13017  #ifdef POLARSSL_SHA1_C
13018  case SIG_RSA_SHA1:
13019  sha1( message_str, msg_len, hash_result );
13020  break;
13021  #endif
13022  #ifdef POLARSSL_SHA2_C
13023  case SIG_RSA_SHA224:
13024  sha2( message_str, msg_len, hash_result, 1 );
13025  break;
13026  case SIG_RSA_SHA256:
13027  sha2( message_str, msg_len, hash_result, 0 );
13028  break;
13029  #endif
13030  #ifdef POLARSSL_SHA4_C
13031  case SIG_RSA_SHA384:
13032  sha4( message_str, msg_len, hash_result, 1 );
13033  break;
13034  case SIG_RSA_SHA512:
13035  sha4( message_str, msg_len, hash_result, 0 );
13036  break;
13037  #endif
13038  }
13039 
13040  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13041  }
13042  FCT_TEST_END();
13043 
13044 
13045  FCT_TEST_BGN(rsassa_pss_signature_example_8_5)
13046  {
13047  unsigned char message_str[1000];
13048  unsigned char hash_result[1000];
13049  unsigned char output[1000];
13050  unsigned char output_str[1000];
13051  unsigned char rnd_buf[1000];
13052  rsa_context ctx;
13053  mpi P1, Q1, H, G;
13054  size_t msg_len;
13055  rnd_buf_info info;
13056 
13057  info.length = unhexify( rnd_buf, "c558d7167cbb4508ada042971e71b1377eea4269" );
13058  info.buf = rnd_buf;
13059 
13060  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13062 
13063  memset( message_str, 0x00, 1000 );
13064  memset( hash_result, 0x00, 1000 );
13065  memset( output, 0x00, 1000 );
13066  memset( output_str, 0x00, 1000 );
13067 
13068  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13069  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13070  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13071  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13072  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13073 
13074  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13075  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13076  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13077  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13078  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13079  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13080  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13081  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13082 
13083  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13084 
13085  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13086 
13087  switch( SIG_RSA_SHA1 )
13088  {
13089  #ifdef POLARSSL_MD2_C
13090  case SIG_RSA_MD2:
13091  md2( message_str, msg_len, hash_result );
13092  break;
13093  #endif
13094  #ifdef POLARSSL_MD4_C
13095  case SIG_RSA_MD4:
13096  md4( message_str, msg_len, hash_result );
13097  break;
13098  #endif
13099  #ifdef POLARSSL_MD5_C
13100  case SIG_RSA_MD5:
13101  md5( message_str, msg_len, hash_result );
13102  break;
13103  #endif
13104  #ifdef POLARSSL_SHA1_C
13105  case SIG_RSA_SHA1:
13106  sha1( message_str, msg_len, hash_result );
13107  break;
13108  #endif
13109  #ifdef POLARSSL_SHA2_C
13110  case SIG_RSA_SHA224:
13111  sha2( message_str, msg_len, hash_result, 1 );
13112  break;
13113  case SIG_RSA_SHA256:
13114  sha2( message_str, msg_len, hash_result, 0 );
13115  break;
13116  #endif
13117  #ifdef POLARSSL_SHA4_C
13118  case SIG_RSA_SHA384:
13119  sha4( message_str, msg_len, hash_result, 1 );
13120  break;
13121  case SIG_RSA_SHA512:
13122  sha4( message_str, msg_len, hash_result, 0 );
13123  break;
13124  #endif
13125  }
13126 
13127  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13128  if( 0 == 0 )
13129  {
13130  hexify( output_str, output, ctx.len);
13131 
13132  fct_chk( strcasecmp( (char *) output_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" ) == 0 );
13133  }
13134 
13135  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13136  }
13137  FCT_TEST_END();
13138 
13139 
13140  FCT_TEST_BGN(rsassa_pss_signature_example_8_5_verify)
13141  {
13142  unsigned char message_str[1000];
13143  unsigned char hash_result[1000];
13144  unsigned char result_str[1000];
13145  rsa_context ctx;
13146  size_t msg_len;
13147 
13149  memset( message_str, 0x00, 1000 );
13150  memset( hash_result, 0x00, 1000 );
13151  memset( result_str, 0x00, 1000 );
13152 
13153  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13154  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13155  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13156 
13157  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13158 
13159  msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13160  unhexify( result_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" );
13161 
13162  switch( SIG_RSA_SHA1 )
13163  {
13164  #ifdef POLARSSL_MD2_C
13165  case SIG_RSA_MD2:
13166  md2( message_str, msg_len, hash_result );
13167  break;
13168  #endif
13169  #ifdef POLARSSL_MD4_C
13170  case SIG_RSA_MD4:
13171  md4( message_str, msg_len, hash_result );
13172  break;
13173  #endif
13174  #ifdef POLARSSL_MD5_C
13175  case SIG_RSA_MD5:
13176  md5( message_str, msg_len, hash_result );
13177  break;
13178  #endif
13179  #ifdef POLARSSL_SHA1_C
13180  case SIG_RSA_SHA1:
13181  sha1( message_str, msg_len, hash_result );
13182  break;
13183  #endif
13184  #ifdef POLARSSL_SHA2_C
13185  case SIG_RSA_SHA224:
13186  sha2( message_str, msg_len, hash_result, 1 );
13187  break;
13188  case SIG_RSA_SHA256:
13189  sha2( message_str, msg_len, hash_result, 0 );
13190  break;
13191  #endif
13192  #ifdef POLARSSL_SHA4_C
13193  case SIG_RSA_SHA384:
13194  sha4( message_str, msg_len, hash_result, 1 );
13195  break;
13196  case SIG_RSA_SHA512:
13197  sha4( message_str, msg_len, hash_result, 0 );
13198  break;
13199  #endif
13200  }
13201 
13202  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13203  }
13204  FCT_TEST_END();
13205 
13206 
13207  FCT_TEST_BGN(rsassa_pss_signature_example_8_6)
13208  {
13209  unsigned char message_str[1000];
13210  unsigned char hash_result[1000];
13211  unsigned char output[1000];
13212  unsigned char output_str[1000];
13213  unsigned char rnd_buf[1000];
13214  rsa_context ctx;
13215  mpi P1, Q1, H, G;
13216  size_t msg_len;
13217  rnd_buf_info info;
13218 
13219  info.length = unhexify( rnd_buf, "76fd4e64fdc98eb927a0403e35a084e76ba9f92a" );
13220  info.buf = rnd_buf;
13221 
13222  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13224 
13225  memset( message_str, 0x00, 1000 );
13226  memset( hash_result, 0x00, 1000 );
13227  memset( output, 0x00, 1000 );
13228  memset( output_str, 0x00, 1000 );
13229 
13230  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13231  fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13232  fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13233  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13234  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13235 
13236  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13237  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13238  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13239  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13240  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13241  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13242  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13243  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13244 
13245  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13246 
13247  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13248 
13249  switch( SIG_RSA_SHA1 )
13250  {
13251  #ifdef POLARSSL_MD2_C
13252  case SIG_RSA_MD2:
13253  md2( message_str, msg_len, hash_result );
13254  break;
13255  #endif
13256  #ifdef POLARSSL_MD4_C
13257  case SIG_RSA_MD4:
13258  md4( message_str, msg_len, hash_result );
13259  break;
13260  #endif
13261  #ifdef POLARSSL_MD5_C
13262  case SIG_RSA_MD5:
13263  md5( message_str, msg_len, hash_result );
13264  break;
13265  #endif
13266  #ifdef POLARSSL_SHA1_C
13267  case SIG_RSA_SHA1:
13268  sha1( message_str, msg_len, hash_result );
13269  break;
13270  #endif
13271  #ifdef POLARSSL_SHA2_C
13272  case SIG_RSA_SHA224:
13273  sha2( message_str, msg_len, hash_result, 1 );
13274  break;
13275  case SIG_RSA_SHA256:
13276  sha2( message_str, msg_len, hash_result, 0 );
13277  break;
13278  #endif
13279  #ifdef POLARSSL_SHA4_C
13280  case SIG_RSA_SHA384:
13281  sha4( message_str, msg_len, hash_result, 1 );
13282  break;
13283  case SIG_RSA_SHA512:
13284  sha4( message_str, msg_len, hash_result, 0 );
13285  break;
13286  #endif
13287  }
13288 
13289  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13290  if( 0 == 0 )
13291  {
13292  hexify( output_str, output, ctx.len);
13293 
13294  fct_chk( strcasecmp( (char *) output_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" ) == 0 );
13295  }
13296 
13297  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13298  }
13299  FCT_TEST_END();
13300 
13301 
13302  FCT_TEST_BGN(rsassa_pss_signature_example_8_6_verify)
13303  {
13304  unsigned char message_str[1000];
13305  unsigned char hash_result[1000];
13306  unsigned char result_str[1000];
13307  rsa_context ctx;
13308  size_t msg_len;
13309 
13311  memset( message_str, 0x00, 1000 );
13312  memset( hash_result, 0x00, 1000 );
13313  memset( result_str, 0x00, 1000 );
13314 
13315  ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13316  fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13317  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13318 
13319  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13320 
13321  msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13322  unhexify( result_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" );
13323 
13324  switch( SIG_RSA_SHA1 )
13325  {
13326  #ifdef POLARSSL_MD2_C
13327  case SIG_RSA_MD2:
13328  md2( message_str, msg_len, hash_result );
13329  break;
13330  #endif
13331  #ifdef POLARSSL_MD4_C
13332  case SIG_RSA_MD4:
13333  md4( message_str, msg_len, hash_result );
13334  break;
13335  #endif
13336  #ifdef POLARSSL_MD5_C
13337  case SIG_RSA_MD5:
13338  md5( message_str, msg_len, hash_result );
13339  break;
13340  #endif
13341  #ifdef POLARSSL_SHA1_C
13342  case SIG_RSA_SHA1:
13343  sha1( message_str, msg_len, hash_result );
13344  break;
13345  #endif
13346  #ifdef POLARSSL_SHA2_C
13347  case SIG_RSA_SHA224:
13348  sha2( message_str, msg_len, hash_result, 1 );
13349  break;
13350  case SIG_RSA_SHA256:
13351  sha2( message_str, msg_len, hash_result, 0 );
13352  break;
13353  #endif
13354  #ifdef POLARSSL_SHA4_C
13355  case SIG_RSA_SHA384:
13356  sha4( message_str, msg_len, hash_result, 1 );
13357  break;
13358  case SIG_RSA_SHA512:
13359  sha4( message_str, msg_len, hash_result, 0 );
13360  break;
13361  #endif
13362  }
13363 
13364  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13365  }
13366  FCT_TEST_END();
13367 
13368 
13369  FCT_TEST_BGN(rsassa_pss_signature_example_9_1)
13370  {
13371  unsigned char message_str[1000];
13372  unsigned char hash_result[1000];
13373  unsigned char output[1000];
13374  unsigned char output_str[1000];
13375  unsigned char rnd_buf[1000];
13376  rsa_context ctx;
13377  mpi P1, Q1, H, G;
13378  size_t msg_len;
13379  rnd_buf_info info;
13380 
13381  info.length = unhexify( rnd_buf, "c0a425313df8d7564bd2434d311523d5257eed80" );
13382  info.buf = rnd_buf;
13383 
13384  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13386 
13387  memset( message_str, 0x00, 1000 );
13388  memset( hash_result, 0x00, 1000 );
13389  memset( output, 0x00, 1000 );
13390  memset( output_str, 0x00, 1000 );
13391 
13392  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13393  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13394  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13395  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13396  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13397 
13398  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13399  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13400  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13401  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13402  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13403  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13404  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13405  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13406 
13407  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13408 
13409  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13410 
13411  switch( SIG_RSA_SHA1 )
13412  {
13413  #ifdef POLARSSL_MD2_C
13414  case SIG_RSA_MD2:
13415  md2( message_str, msg_len, hash_result );
13416  break;
13417  #endif
13418  #ifdef POLARSSL_MD4_C
13419  case SIG_RSA_MD4:
13420  md4( message_str, msg_len, hash_result );
13421  break;
13422  #endif
13423  #ifdef POLARSSL_MD5_C
13424  case SIG_RSA_MD5:
13425  md5( message_str, msg_len, hash_result );
13426  break;
13427  #endif
13428  #ifdef POLARSSL_SHA1_C
13429  case SIG_RSA_SHA1:
13430  sha1( message_str, msg_len, hash_result );
13431  break;
13432  #endif
13433  #ifdef POLARSSL_SHA2_C
13434  case SIG_RSA_SHA224:
13435  sha2( message_str, msg_len, hash_result, 1 );
13436  break;
13437  case SIG_RSA_SHA256:
13438  sha2( message_str, msg_len, hash_result, 0 );
13439  break;
13440  #endif
13441  #ifdef POLARSSL_SHA4_C
13442  case SIG_RSA_SHA384:
13443  sha4( message_str, msg_len, hash_result, 1 );
13444  break;
13445  case SIG_RSA_SHA512:
13446  sha4( message_str, msg_len, hash_result, 0 );
13447  break;
13448  #endif
13449  }
13450 
13451  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13452  if( 0 == 0 )
13453  {
13454  hexify( output_str, output, ctx.len);
13455 
13456  fct_chk( strcasecmp( (char *) output_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" ) == 0 );
13457  }
13458 
13459  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13460  }
13461  FCT_TEST_END();
13462 
13463 
13464  FCT_TEST_BGN(rsassa_pss_signature_example_9_1_verify)
13465  {
13466  unsigned char message_str[1000];
13467  unsigned char hash_result[1000];
13468  unsigned char result_str[1000];
13469  rsa_context ctx;
13470  size_t msg_len;
13471 
13473  memset( message_str, 0x00, 1000 );
13474  memset( hash_result, 0x00, 1000 );
13475  memset( result_str, 0x00, 1000 );
13476 
13477  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13478  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13479  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13480 
13481  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13482 
13483  msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13484  unhexify( result_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" );
13485 
13486  switch( SIG_RSA_SHA1 )
13487  {
13488  #ifdef POLARSSL_MD2_C
13489  case SIG_RSA_MD2:
13490  md2( message_str, msg_len, hash_result );
13491  break;
13492  #endif
13493  #ifdef POLARSSL_MD4_C
13494  case SIG_RSA_MD4:
13495  md4( message_str, msg_len, hash_result );
13496  break;
13497  #endif
13498  #ifdef POLARSSL_MD5_C
13499  case SIG_RSA_MD5:
13500  md5( message_str, msg_len, hash_result );
13501  break;
13502  #endif
13503  #ifdef POLARSSL_SHA1_C
13504  case SIG_RSA_SHA1:
13505  sha1( message_str, msg_len, hash_result );
13506  break;
13507  #endif
13508  #ifdef POLARSSL_SHA2_C
13509  case SIG_RSA_SHA224:
13510  sha2( message_str, msg_len, hash_result, 1 );
13511  break;
13512  case SIG_RSA_SHA256:
13513  sha2( message_str, msg_len, hash_result, 0 );
13514  break;
13515  #endif
13516  #ifdef POLARSSL_SHA4_C
13517  case SIG_RSA_SHA384:
13518  sha4( message_str, msg_len, hash_result, 1 );
13519  break;
13520  case SIG_RSA_SHA512:
13521  sha4( message_str, msg_len, hash_result, 0 );
13522  break;
13523  #endif
13524  }
13525 
13526  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13527  }
13528  FCT_TEST_END();
13529 
13530 
13531  FCT_TEST_BGN(rsassa_pss_signature_example_9_2)
13532  {
13533  unsigned char message_str[1000];
13534  unsigned char hash_result[1000];
13535  unsigned char output[1000];
13536  unsigned char output_str[1000];
13537  unsigned char rnd_buf[1000];
13538  rsa_context ctx;
13539  mpi P1, Q1, H, G;
13540  size_t msg_len;
13541  rnd_buf_info info;
13542 
13543  info.length = unhexify( rnd_buf, "b307c43b4850a8dac2f15f32e37839ef8c5c0e91" );
13544  info.buf = rnd_buf;
13545 
13546  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13548 
13549  memset( message_str, 0x00, 1000 );
13550  memset( hash_result, 0x00, 1000 );
13551  memset( output, 0x00, 1000 );
13552  memset( output_str, 0x00, 1000 );
13553 
13554  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13555  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13556  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13557  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13558  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13559 
13560  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13561  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13562  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13563  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13564  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13565  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13566  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13567  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13568 
13569  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13570 
13571  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
13572 
13573  switch( SIG_RSA_SHA1 )
13574  {
13575  #ifdef POLARSSL_MD2_C
13576  case SIG_RSA_MD2:
13577  md2( message_str, msg_len, hash_result );
13578  break;
13579  #endif
13580  #ifdef POLARSSL_MD4_C
13581  case SIG_RSA_MD4:
13582  md4( message_str, msg_len, hash_result );
13583  break;
13584  #endif
13585  #ifdef POLARSSL_MD5_C
13586  case SIG_RSA_MD5:
13587  md5( message_str, msg_len, hash_result );
13588  break;
13589  #endif
13590  #ifdef POLARSSL_SHA1_C
13591  case SIG_RSA_SHA1:
13592  sha1( message_str, msg_len, hash_result );
13593  break;
13594  #endif
13595  #ifdef POLARSSL_SHA2_C
13596  case SIG_RSA_SHA224:
13597  sha2( message_str, msg_len, hash_result, 1 );
13598  break;
13599  case SIG_RSA_SHA256:
13600  sha2( message_str, msg_len, hash_result, 0 );
13601  break;
13602  #endif
13603  #ifdef POLARSSL_SHA4_C
13604  case SIG_RSA_SHA384:
13605  sha4( message_str, msg_len, hash_result, 1 );
13606  break;
13607  case SIG_RSA_SHA512:
13608  sha4( message_str, msg_len, hash_result, 0 );
13609  break;
13610  #endif
13611  }
13612 
13613  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13614  if( 0 == 0 )
13615  {
13616  hexify( output_str, output, ctx.len);
13617 
13618  fct_chk( strcasecmp( (char *) output_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" ) == 0 );
13619  }
13620 
13621  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13622  }
13623  FCT_TEST_END();
13624 
13625 
13626  FCT_TEST_BGN(rsassa_pss_signature_example_9_2_verify)
13627  {
13628  unsigned char message_str[1000];
13629  unsigned char hash_result[1000];
13630  unsigned char result_str[1000];
13631  rsa_context ctx;
13632  size_t msg_len;
13633 
13635  memset( message_str, 0x00, 1000 );
13636  memset( hash_result, 0x00, 1000 );
13637  memset( result_str, 0x00, 1000 );
13638 
13639  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13640  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13641  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13642 
13643  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13644 
13645  msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
13646  unhexify( result_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" );
13647 
13648  switch( SIG_RSA_SHA1 )
13649  {
13650  #ifdef POLARSSL_MD2_C
13651  case SIG_RSA_MD2:
13652  md2( message_str, msg_len, hash_result );
13653  break;
13654  #endif
13655  #ifdef POLARSSL_MD4_C
13656  case SIG_RSA_MD4:
13657  md4( message_str, msg_len, hash_result );
13658  break;
13659  #endif
13660  #ifdef POLARSSL_MD5_C
13661  case SIG_RSA_MD5:
13662  md5( message_str, msg_len, hash_result );
13663  break;
13664  #endif
13665  #ifdef POLARSSL_SHA1_C
13666  case SIG_RSA_SHA1:
13667  sha1( message_str, msg_len, hash_result );
13668  break;
13669  #endif
13670  #ifdef POLARSSL_SHA2_C
13671  case SIG_RSA_SHA224:
13672  sha2( message_str, msg_len, hash_result, 1 );
13673  break;
13674  case SIG_RSA_SHA256:
13675  sha2( message_str, msg_len, hash_result, 0 );
13676  break;
13677  #endif
13678  #ifdef POLARSSL_SHA4_C
13679  case SIG_RSA_SHA384:
13680  sha4( message_str, msg_len, hash_result, 1 );
13681  break;
13682  case SIG_RSA_SHA512:
13683  sha4( message_str, msg_len, hash_result, 0 );
13684  break;
13685  #endif
13686  }
13687 
13688  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13689  }
13690  FCT_TEST_END();
13691 
13692 
13693  FCT_TEST_BGN(rsassa_pss_signature_example_9_3)
13694  {
13695  unsigned char message_str[1000];
13696  unsigned char hash_result[1000];
13697  unsigned char output[1000];
13698  unsigned char output_str[1000];
13699  unsigned char rnd_buf[1000];
13700  rsa_context ctx;
13701  mpi P1, Q1, H, G;
13702  size_t msg_len;
13703  rnd_buf_info info;
13704 
13705  info.length = unhexify( rnd_buf, "9a2b007e80978bbb192c354eb7da9aedfc74dbf5" );
13706  info.buf = rnd_buf;
13707 
13708  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13710 
13711  memset( message_str, 0x00, 1000 );
13712  memset( hash_result, 0x00, 1000 );
13713  memset( output, 0x00, 1000 );
13714  memset( output_str, 0x00, 1000 );
13715 
13716  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13717  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13718  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13719  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13720  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13721 
13722  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13723  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13724  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13725  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13726  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13727  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13728  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13729  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13730 
13731  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13732 
13733  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
13734 
13735  switch( SIG_RSA_SHA1 )
13736  {
13737  #ifdef POLARSSL_MD2_C
13738  case SIG_RSA_MD2:
13739  md2( message_str, msg_len, hash_result );
13740  break;
13741  #endif
13742  #ifdef POLARSSL_MD4_C
13743  case SIG_RSA_MD4:
13744  md4( message_str, msg_len, hash_result );
13745  break;
13746  #endif
13747  #ifdef POLARSSL_MD5_C
13748  case SIG_RSA_MD5:
13749  md5( message_str, msg_len, hash_result );
13750  break;
13751  #endif
13752  #ifdef POLARSSL_SHA1_C
13753  case SIG_RSA_SHA1:
13754  sha1( message_str, msg_len, hash_result );
13755  break;
13756  #endif
13757  #ifdef POLARSSL_SHA2_C
13758  case SIG_RSA_SHA224:
13759  sha2( message_str, msg_len, hash_result, 1 );
13760  break;
13761  case SIG_RSA_SHA256:
13762  sha2( message_str, msg_len, hash_result, 0 );
13763  break;
13764  #endif
13765  #ifdef POLARSSL_SHA4_C
13766  case SIG_RSA_SHA384:
13767  sha4( message_str, msg_len, hash_result, 1 );
13768  break;
13769  case SIG_RSA_SHA512:
13770  sha4( message_str, msg_len, hash_result, 0 );
13771  break;
13772  #endif
13773  }
13774 
13775  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13776  if( 0 == 0 )
13777  {
13778  hexify( output_str, output, ctx.len);
13779 
13780  fct_chk( strcasecmp( (char *) output_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" ) == 0 );
13781  }
13782 
13783  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13784  }
13785  FCT_TEST_END();
13786 
13787 
13788  FCT_TEST_BGN(rsassa_pss_signature_example_9_3_verify)
13789  {
13790  unsigned char message_str[1000];
13791  unsigned char hash_result[1000];
13792  unsigned char result_str[1000];
13793  rsa_context ctx;
13794  size_t msg_len;
13795 
13797  memset( message_str, 0x00, 1000 );
13798  memset( hash_result, 0x00, 1000 );
13799  memset( result_str, 0x00, 1000 );
13800 
13801  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13802  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13803  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13804 
13805  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13806 
13807  msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
13808  unhexify( result_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" );
13809 
13810  switch( SIG_RSA_SHA1 )
13811  {
13812  #ifdef POLARSSL_MD2_C
13813  case SIG_RSA_MD2:
13814  md2( message_str, msg_len, hash_result );
13815  break;
13816  #endif
13817  #ifdef POLARSSL_MD4_C
13818  case SIG_RSA_MD4:
13819  md4( message_str, msg_len, hash_result );
13820  break;
13821  #endif
13822  #ifdef POLARSSL_MD5_C
13823  case SIG_RSA_MD5:
13824  md5( message_str, msg_len, hash_result );
13825  break;
13826  #endif
13827  #ifdef POLARSSL_SHA1_C
13828  case SIG_RSA_SHA1:
13829  sha1( message_str, msg_len, hash_result );
13830  break;
13831  #endif
13832  #ifdef POLARSSL_SHA2_C
13833  case SIG_RSA_SHA224:
13834  sha2( message_str, msg_len, hash_result, 1 );
13835  break;
13836  case SIG_RSA_SHA256:
13837  sha2( message_str, msg_len, hash_result, 0 );
13838  break;
13839  #endif
13840  #ifdef POLARSSL_SHA4_C
13841  case SIG_RSA_SHA384:
13842  sha4( message_str, msg_len, hash_result, 1 );
13843  break;
13844  case SIG_RSA_SHA512:
13845  sha4( message_str, msg_len, hash_result, 0 );
13846  break;
13847  #endif
13848  }
13849 
13850  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13851  }
13852  FCT_TEST_END();
13853 
13854 
13855  FCT_TEST_BGN(rsassa_pss_signature_example_9_4)
13856  {
13857  unsigned char message_str[1000];
13858  unsigned char hash_result[1000];
13859  unsigned char output[1000];
13860  unsigned char output_str[1000];
13861  unsigned char rnd_buf[1000];
13862  rsa_context ctx;
13863  mpi P1, Q1, H, G;
13864  size_t msg_len;
13865  rnd_buf_info info;
13866 
13867  info.length = unhexify( rnd_buf, "70f382bddf4d5d2dd88b3bc7b7308be632b84045" );
13868  info.buf = rnd_buf;
13869 
13870  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13872 
13873  memset( message_str, 0x00, 1000 );
13874  memset( hash_result, 0x00, 1000 );
13875  memset( output, 0x00, 1000 );
13876  memset( output_str, 0x00, 1000 );
13877 
13878  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13879  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13880  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13881  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13882  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13883 
13884  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13885  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13886  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13887  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
13888  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
13889  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13890  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13891  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13892 
13893  fct_chk( rsa_check_privkey( &ctx ) == 0 );
13894 
13895  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
13896 
13897  switch( SIG_RSA_SHA1 )
13898  {
13899  #ifdef POLARSSL_MD2_C
13900  case SIG_RSA_MD2:
13901  md2( message_str, msg_len, hash_result );
13902  break;
13903  #endif
13904  #ifdef POLARSSL_MD4_C
13905  case SIG_RSA_MD4:
13906  md4( message_str, msg_len, hash_result );
13907  break;
13908  #endif
13909  #ifdef POLARSSL_MD5_C
13910  case SIG_RSA_MD5:
13911  md5( message_str, msg_len, hash_result );
13912  break;
13913  #endif
13914  #ifdef POLARSSL_SHA1_C
13915  case SIG_RSA_SHA1:
13916  sha1( message_str, msg_len, hash_result );
13917  break;
13918  #endif
13919  #ifdef POLARSSL_SHA2_C
13920  case SIG_RSA_SHA224:
13921  sha2( message_str, msg_len, hash_result, 1 );
13922  break;
13923  case SIG_RSA_SHA256:
13924  sha2( message_str, msg_len, hash_result, 0 );
13925  break;
13926  #endif
13927  #ifdef POLARSSL_SHA4_C
13928  case SIG_RSA_SHA384:
13929  sha4( message_str, msg_len, hash_result, 1 );
13930  break;
13931  case SIG_RSA_SHA512:
13932  sha4( message_str, msg_len, hash_result, 0 );
13933  break;
13934  #endif
13935  }
13936 
13937  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13938  if( 0 == 0 )
13939  {
13940  hexify( output_str, output, ctx.len);
13941 
13942  fct_chk( strcasecmp( (char *) output_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" ) == 0 );
13943  }
13944 
13945  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13946  }
13947  FCT_TEST_END();
13948 
13949 
13950  FCT_TEST_BGN(rsassa_pss_signature_example_9_4_verify)
13951  {
13952  unsigned char message_str[1000];
13953  unsigned char hash_result[1000];
13954  unsigned char result_str[1000];
13955  rsa_context ctx;
13956  size_t msg_len;
13957 
13959  memset( message_str, 0x00, 1000 );
13960  memset( hash_result, 0x00, 1000 );
13961  memset( result_str, 0x00, 1000 );
13962 
13963  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13964  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13965  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13966 
13967  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13968 
13969  msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
13970  unhexify( result_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" );
13971 
13972  switch( SIG_RSA_SHA1 )
13973  {
13974  #ifdef POLARSSL_MD2_C
13975  case SIG_RSA_MD2:
13976  md2( message_str, msg_len, hash_result );
13977  break;
13978  #endif
13979  #ifdef POLARSSL_MD4_C
13980  case SIG_RSA_MD4:
13981  md4( message_str, msg_len, hash_result );
13982  break;
13983  #endif
13984  #ifdef POLARSSL_MD5_C
13985  case SIG_RSA_MD5:
13986  md5( message_str, msg_len, hash_result );
13987  break;
13988  #endif
13989  #ifdef POLARSSL_SHA1_C
13990  case SIG_RSA_SHA1:
13991  sha1( message_str, msg_len, hash_result );
13992  break;
13993  #endif
13994  #ifdef POLARSSL_SHA2_C
13995  case SIG_RSA_SHA224:
13996  sha2( message_str, msg_len, hash_result, 1 );
13997  break;
13998  case SIG_RSA_SHA256:
13999  sha2( message_str, msg_len, hash_result, 0 );
14000  break;
14001  #endif
14002  #ifdef POLARSSL_SHA4_C
14003  case SIG_RSA_SHA384:
14004  sha4( message_str, msg_len, hash_result, 1 );
14005  break;
14006  case SIG_RSA_SHA512:
14007  sha4( message_str, msg_len, hash_result, 0 );
14008  break;
14009  #endif
14010  }
14011 
14012  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14013  }
14014  FCT_TEST_END();
14015 
14016 
14017  FCT_TEST_BGN(rsassa_pss_signature_example_9_5)
14018  {
14019  unsigned char message_str[1000];
14020  unsigned char hash_result[1000];
14021  unsigned char output[1000];
14022  unsigned char output_str[1000];
14023  unsigned char rnd_buf[1000];
14024  rsa_context ctx;
14025  mpi P1, Q1, H, G;
14026  size_t msg_len;
14027  rnd_buf_info info;
14028 
14029  info.length = unhexify( rnd_buf, "d689257a86effa68212c5e0c619eca295fb91b67" );
14030  info.buf = rnd_buf;
14031 
14032  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14034 
14035  memset( message_str, 0x00, 1000 );
14036  memset( hash_result, 0x00, 1000 );
14037  memset( output, 0x00, 1000 );
14038  memset( output_str, 0x00, 1000 );
14039 
14040  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14041  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14042  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14043  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14044  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14045 
14046  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14047  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14048  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14049  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14050  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14051  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14052  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14053  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14054 
14055  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14056 
14057  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14058 
14059  switch( SIG_RSA_SHA1 )
14060  {
14061  #ifdef POLARSSL_MD2_C
14062  case SIG_RSA_MD2:
14063  md2( message_str, msg_len, hash_result );
14064  break;
14065  #endif
14066  #ifdef POLARSSL_MD4_C
14067  case SIG_RSA_MD4:
14068  md4( message_str, msg_len, hash_result );
14069  break;
14070  #endif
14071  #ifdef POLARSSL_MD5_C
14072  case SIG_RSA_MD5:
14073  md5( message_str, msg_len, hash_result );
14074  break;
14075  #endif
14076  #ifdef POLARSSL_SHA1_C
14077  case SIG_RSA_SHA1:
14078  sha1( message_str, msg_len, hash_result );
14079  break;
14080  #endif
14081  #ifdef POLARSSL_SHA2_C
14082  case SIG_RSA_SHA224:
14083  sha2( message_str, msg_len, hash_result, 1 );
14084  break;
14085  case SIG_RSA_SHA256:
14086  sha2( message_str, msg_len, hash_result, 0 );
14087  break;
14088  #endif
14089  #ifdef POLARSSL_SHA4_C
14090  case SIG_RSA_SHA384:
14091  sha4( message_str, msg_len, hash_result, 1 );
14092  break;
14093  case SIG_RSA_SHA512:
14094  sha4( message_str, msg_len, hash_result, 0 );
14095  break;
14096  #endif
14097  }
14098 
14099  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14100  if( 0 == 0 )
14101  {
14102  hexify( output_str, output, ctx.len);
14103 
14104  fct_chk( strcasecmp( (char *) output_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" ) == 0 );
14105  }
14106 
14107  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14108  }
14109  FCT_TEST_END();
14110 
14111 
14112  FCT_TEST_BGN(rsassa_pss_signature_example_9_5_verify)
14113  {
14114  unsigned char message_str[1000];
14115  unsigned char hash_result[1000];
14116  unsigned char result_str[1000];
14117  rsa_context ctx;
14118  size_t msg_len;
14119 
14121  memset( message_str, 0x00, 1000 );
14122  memset( hash_result, 0x00, 1000 );
14123  memset( result_str, 0x00, 1000 );
14124 
14125  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14126  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14127  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14128 
14129  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14130 
14131  msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14132  unhexify( result_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" );
14133 
14134  switch( SIG_RSA_SHA1 )
14135  {
14136  #ifdef POLARSSL_MD2_C
14137  case SIG_RSA_MD2:
14138  md2( message_str, msg_len, hash_result );
14139  break;
14140  #endif
14141  #ifdef POLARSSL_MD4_C
14142  case SIG_RSA_MD4:
14143  md4( message_str, msg_len, hash_result );
14144  break;
14145  #endif
14146  #ifdef POLARSSL_MD5_C
14147  case SIG_RSA_MD5:
14148  md5( message_str, msg_len, hash_result );
14149  break;
14150  #endif
14151  #ifdef POLARSSL_SHA1_C
14152  case SIG_RSA_SHA1:
14153  sha1( message_str, msg_len, hash_result );
14154  break;
14155  #endif
14156  #ifdef POLARSSL_SHA2_C
14157  case SIG_RSA_SHA224:
14158  sha2( message_str, msg_len, hash_result, 1 );
14159  break;
14160  case SIG_RSA_SHA256:
14161  sha2( message_str, msg_len, hash_result, 0 );
14162  break;
14163  #endif
14164  #ifdef POLARSSL_SHA4_C
14165  case SIG_RSA_SHA384:
14166  sha4( message_str, msg_len, hash_result, 1 );
14167  break;
14168  case SIG_RSA_SHA512:
14169  sha4( message_str, msg_len, hash_result, 0 );
14170  break;
14171  #endif
14172  }
14173 
14174  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14175  }
14176  FCT_TEST_END();
14177 
14178 
14179  FCT_TEST_BGN(rsassa_pss_signature_example_9_6)
14180  {
14181  unsigned char message_str[1000];
14182  unsigned char hash_result[1000];
14183  unsigned char output[1000];
14184  unsigned char output_str[1000];
14185  unsigned char rnd_buf[1000];
14186  rsa_context ctx;
14187  mpi P1, Q1, H, G;
14188  size_t msg_len;
14189  rnd_buf_info info;
14190 
14191  info.length = unhexify( rnd_buf, "c25f13bf67d081671a0481a1f1820d613bba2276" );
14192  info.buf = rnd_buf;
14193 
14194  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14196 
14197  memset( message_str, 0x00, 1000 );
14198  memset( hash_result, 0x00, 1000 );
14199  memset( output, 0x00, 1000 );
14200  memset( output_str, 0x00, 1000 );
14201 
14202  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14203  fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14204  fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14205  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14206  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14207 
14208  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14209  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14210  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14211  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14212  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14213  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14214  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14215  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14216 
14217  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14218 
14219  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14220 
14221  switch( SIG_RSA_SHA1 )
14222  {
14223  #ifdef POLARSSL_MD2_C
14224  case SIG_RSA_MD2:
14225  md2( message_str, msg_len, hash_result );
14226  break;
14227  #endif
14228  #ifdef POLARSSL_MD4_C
14229  case SIG_RSA_MD4:
14230  md4( message_str, msg_len, hash_result );
14231  break;
14232  #endif
14233  #ifdef POLARSSL_MD5_C
14234  case SIG_RSA_MD5:
14235  md5( message_str, msg_len, hash_result );
14236  break;
14237  #endif
14238  #ifdef POLARSSL_SHA1_C
14239  case SIG_RSA_SHA1:
14240  sha1( message_str, msg_len, hash_result );
14241  break;
14242  #endif
14243  #ifdef POLARSSL_SHA2_C
14244  case SIG_RSA_SHA224:
14245  sha2( message_str, msg_len, hash_result, 1 );
14246  break;
14247  case SIG_RSA_SHA256:
14248  sha2( message_str, msg_len, hash_result, 0 );
14249  break;
14250  #endif
14251  #ifdef POLARSSL_SHA4_C
14252  case SIG_RSA_SHA384:
14253  sha4( message_str, msg_len, hash_result, 1 );
14254  break;
14255  case SIG_RSA_SHA512:
14256  sha4( message_str, msg_len, hash_result, 0 );
14257  break;
14258  #endif
14259  }
14260 
14261  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14262  if( 0 == 0 )
14263  {
14264  hexify( output_str, output, ctx.len);
14265 
14266  fct_chk( strcasecmp( (char *) output_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" ) == 0 );
14267  }
14268 
14269  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14270  }
14271  FCT_TEST_END();
14272 
14273 
14274  FCT_TEST_BGN(rsassa_pss_signature_example_9_6_verify)
14275  {
14276  unsigned char message_str[1000];
14277  unsigned char hash_result[1000];
14278  unsigned char result_str[1000];
14279  rsa_context ctx;
14280  size_t msg_len;
14281 
14283  memset( message_str, 0x00, 1000 );
14284  memset( hash_result, 0x00, 1000 );
14285  memset( result_str, 0x00, 1000 );
14286 
14287  ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14288  fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14289  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14290 
14291  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14292 
14293  msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14294  unhexify( result_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" );
14295 
14296  switch( SIG_RSA_SHA1 )
14297  {
14298  #ifdef POLARSSL_MD2_C
14299  case SIG_RSA_MD2:
14300  md2( message_str, msg_len, hash_result );
14301  break;
14302  #endif
14303  #ifdef POLARSSL_MD4_C
14304  case SIG_RSA_MD4:
14305  md4( message_str, msg_len, hash_result );
14306  break;
14307  #endif
14308  #ifdef POLARSSL_MD5_C
14309  case SIG_RSA_MD5:
14310  md5( message_str, msg_len, hash_result );
14311  break;
14312  #endif
14313  #ifdef POLARSSL_SHA1_C
14314  case SIG_RSA_SHA1:
14315  sha1( message_str, msg_len, hash_result );
14316  break;
14317  #endif
14318  #ifdef POLARSSL_SHA2_C
14319  case SIG_RSA_SHA224:
14320  sha2( message_str, msg_len, hash_result, 1 );
14321  break;
14322  case SIG_RSA_SHA256:
14323  sha2( message_str, msg_len, hash_result, 0 );
14324  break;
14325  #endif
14326  #ifdef POLARSSL_SHA4_C
14327  case SIG_RSA_SHA384:
14328  sha4( message_str, msg_len, hash_result, 1 );
14329  break;
14330  case SIG_RSA_SHA512:
14331  sha4( message_str, msg_len, hash_result, 0 );
14332  break;
14333  #endif
14334  }
14335 
14336  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14337  }
14338  FCT_TEST_END();
14339 
14340 
14341  FCT_TEST_BGN(rsassa_pss_signature_example_10_1)
14342  {
14343  unsigned char message_str[1000];
14344  unsigned char hash_result[1000];
14345  unsigned char output[1000];
14346  unsigned char output_str[1000];
14347  unsigned char rnd_buf[1000];
14348  rsa_context ctx;
14349  mpi P1, Q1, H, G;
14350  size_t msg_len;
14351  rnd_buf_info info;
14352 
14353  info.length = unhexify( rnd_buf, "04e215ee6ff934b9da70d7730c8734abfcecde89" );
14354  info.buf = rnd_buf;
14355 
14356  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14358 
14359  memset( message_str, 0x00, 1000 );
14360  memset( hash_result, 0x00, 1000 );
14361  memset( output, 0x00, 1000 );
14362  memset( output_str, 0x00, 1000 );
14363 
14364  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14365  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14366  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14367  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14368  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14369 
14370  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14371  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14372  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14373  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14374  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14375  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14376  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14377  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14378 
14379  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14380 
14381  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14382 
14383  switch( SIG_RSA_SHA1 )
14384  {
14385  #ifdef POLARSSL_MD2_C
14386  case SIG_RSA_MD2:
14387  md2( message_str, msg_len, hash_result );
14388  break;
14389  #endif
14390  #ifdef POLARSSL_MD4_C
14391  case SIG_RSA_MD4:
14392  md4( message_str, msg_len, hash_result );
14393  break;
14394  #endif
14395  #ifdef POLARSSL_MD5_C
14396  case SIG_RSA_MD5:
14397  md5( message_str, msg_len, hash_result );
14398  break;
14399  #endif
14400  #ifdef POLARSSL_SHA1_C
14401  case SIG_RSA_SHA1:
14402  sha1( message_str, msg_len, hash_result );
14403  break;
14404  #endif
14405  #ifdef POLARSSL_SHA2_C
14406  case SIG_RSA_SHA224:
14407  sha2( message_str, msg_len, hash_result, 1 );
14408  break;
14409  case SIG_RSA_SHA256:
14410  sha2( message_str, msg_len, hash_result, 0 );
14411  break;
14412  #endif
14413  #ifdef POLARSSL_SHA4_C
14414  case SIG_RSA_SHA384:
14415  sha4( message_str, msg_len, hash_result, 1 );
14416  break;
14417  case SIG_RSA_SHA512:
14418  sha4( message_str, msg_len, hash_result, 0 );
14419  break;
14420  #endif
14421  }
14422 
14423  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14424  if( 0 == 0 )
14425  {
14426  hexify( output_str, output, ctx.len);
14427 
14428  fct_chk( strcasecmp( (char *) output_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" ) == 0 );
14429  }
14430 
14431  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14432  }
14433  FCT_TEST_END();
14434 
14435 
14436  FCT_TEST_BGN(rsassa_pss_signature_example_10_1_verify)
14437  {
14438  unsigned char message_str[1000];
14439  unsigned char hash_result[1000];
14440  unsigned char result_str[1000];
14441  rsa_context ctx;
14442  size_t msg_len;
14443 
14445  memset( message_str, 0x00, 1000 );
14446  memset( hash_result, 0x00, 1000 );
14447  memset( result_str, 0x00, 1000 );
14448 
14449  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14450  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14451  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14452 
14453  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14454 
14455  msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14456  unhexify( result_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" );
14457 
14458  switch( SIG_RSA_SHA1 )
14459  {
14460  #ifdef POLARSSL_MD2_C
14461  case SIG_RSA_MD2:
14462  md2( message_str, msg_len, hash_result );
14463  break;
14464  #endif
14465  #ifdef POLARSSL_MD4_C
14466  case SIG_RSA_MD4:
14467  md4( message_str, msg_len, hash_result );
14468  break;
14469  #endif
14470  #ifdef POLARSSL_MD5_C
14471  case SIG_RSA_MD5:
14472  md5( message_str, msg_len, hash_result );
14473  break;
14474  #endif
14475  #ifdef POLARSSL_SHA1_C
14476  case SIG_RSA_SHA1:
14477  sha1( message_str, msg_len, hash_result );
14478  break;
14479  #endif
14480  #ifdef POLARSSL_SHA2_C
14481  case SIG_RSA_SHA224:
14482  sha2( message_str, msg_len, hash_result, 1 );
14483  break;
14484  case SIG_RSA_SHA256:
14485  sha2( message_str, msg_len, hash_result, 0 );
14486  break;
14487  #endif
14488  #ifdef POLARSSL_SHA4_C
14489  case SIG_RSA_SHA384:
14490  sha4( message_str, msg_len, hash_result, 1 );
14491  break;
14492  case SIG_RSA_SHA512:
14493  sha4( message_str, msg_len, hash_result, 0 );
14494  break;
14495  #endif
14496  }
14497 
14498  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14499  }
14500  FCT_TEST_END();
14501 
14502 
14503  FCT_TEST_BGN(rsassa_pss_signature_example_10_2)
14504  {
14505  unsigned char message_str[1000];
14506  unsigned char hash_result[1000];
14507  unsigned char output[1000];
14508  unsigned char output_str[1000];
14509  unsigned char rnd_buf[1000];
14510  rsa_context ctx;
14511  mpi P1, Q1, H, G;
14512  size_t msg_len;
14513  rnd_buf_info info;
14514 
14515  info.length = unhexify( rnd_buf, "8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b" );
14516  info.buf = rnd_buf;
14517 
14518  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14520 
14521  memset( message_str, 0x00, 1000 );
14522  memset( hash_result, 0x00, 1000 );
14523  memset( output, 0x00, 1000 );
14524  memset( output_str, 0x00, 1000 );
14525 
14526  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14527  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14528  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14529  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14530  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14531 
14532  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14533  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14534  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14535  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14536  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14537  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14538  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14539  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14540 
14541  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14542 
14543  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
14544 
14545  switch( SIG_RSA_SHA1 )
14546  {
14547  #ifdef POLARSSL_MD2_C
14548  case SIG_RSA_MD2:
14549  md2( message_str, msg_len, hash_result );
14550  break;
14551  #endif
14552  #ifdef POLARSSL_MD4_C
14553  case SIG_RSA_MD4:
14554  md4( message_str, msg_len, hash_result );
14555  break;
14556  #endif
14557  #ifdef POLARSSL_MD5_C
14558  case SIG_RSA_MD5:
14559  md5( message_str, msg_len, hash_result );
14560  break;
14561  #endif
14562  #ifdef POLARSSL_SHA1_C
14563  case SIG_RSA_SHA1:
14564  sha1( message_str, msg_len, hash_result );
14565  break;
14566  #endif
14567  #ifdef POLARSSL_SHA2_C
14568  case SIG_RSA_SHA224:
14569  sha2( message_str, msg_len, hash_result, 1 );
14570  break;
14571  case SIG_RSA_SHA256:
14572  sha2( message_str, msg_len, hash_result, 0 );
14573  break;
14574  #endif
14575  #ifdef POLARSSL_SHA4_C
14576  case SIG_RSA_SHA384:
14577  sha4( message_str, msg_len, hash_result, 1 );
14578  break;
14579  case SIG_RSA_SHA512:
14580  sha4( message_str, msg_len, hash_result, 0 );
14581  break;
14582  #endif
14583  }
14584 
14585  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14586  if( 0 == 0 )
14587  {
14588  hexify( output_str, output, ctx.len);
14589 
14590  fct_chk( strcasecmp( (char *) output_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" ) == 0 );
14591  }
14592 
14593  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14594  }
14595  FCT_TEST_END();
14596 
14597 
14598  FCT_TEST_BGN(rsassa_pss_signature_example_10_2_verify)
14599  {
14600  unsigned char message_str[1000];
14601  unsigned char hash_result[1000];
14602  unsigned char result_str[1000];
14603  rsa_context ctx;
14604  size_t msg_len;
14605 
14607  memset( message_str, 0x00, 1000 );
14608  memset( hash_result, 0x00, 1000 );
14609  memset( result_str, 0x00, 1000 );
14610 
14611  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14612  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14613  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14614 
14615  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14616 
14617  msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
14618  unhexify( result_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" );
14619 
14620  switch( SIG_RSA_SHA1 )
14621  {
14622  #ifdef POLARSSL_MD2_C
14623  case SIG_RSA_MD2:
14624  md2( message_str, msg_len, hash_result );
14625  break;
14626  #endif
14627  #ifdef POLARSSL_MD4_C
14628  case SIG_RSA_MD4:
14629  md4( message_str, msg_len, hash_result );
14630  break;
14631  #endif
14632  #ifdef POLARSSL_MD5_C
14633  case SIG_RSA_MD5:
14634  md5( message_str, msg_len, hash_result );
14635  break;
14636  #endif
14637  #ifdef POLARSSL_SHA1_C
14638  case SIG_RSA_SHA1:
14639  sha1( message_str, msg_len, hash_result );
14640  break;
14641  #endif
14642  #ifdef POLARSSL_SHA2_C
14643  case SIG_RSA_SHA224:
14644  sha2( message_str, msg_len, hash_result, 1 );
14645  break;
14646  case SIG_RSA_SHA256:
14647  sha2( message_str, msg_len, hash_result, 0 );
14648  break;
14649  #endif
14650  #ifdef POLARSSL_SHA4_C
14651  case SIG_RSA_SHA384:
14652  sha4( message_str, msg_len, hash_result, 1 );
14653  break;
14654  case SIG_RSA_SHA512:
14655  sha4( message_str, msg_len, hash_result, 0 );
14656  break;
14657  #endif
14658  }
14659 
14660  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14661  }
14662  FCT_TEST_END();
14663 
14664 
14665  FCT_TEST_BGN(rsassa_pss_signature_example_10_3)
14666  {
14667  unsigned char message_str[1000];
14668  unsigned char hash_result[1000];
14669  unsigned char output[1000];
14670  unsigned char output_str[1000];
14671  unsigned char rnd_buf[1000];
14672  rsa_context ctx;
14673  mpi P1, Q1, H, G;
14674  size_t msg_len;
14675  rnd_buf_info info;
14676 
14677  info.length = unhexify( rnd_buf, "4e96fc1b398f92b44671010c0dc3efd6e20c2d73" );
14678  info.buf = rnd_buf;
14679 
14680  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14682 
14683  memset( message_str, 0x00, 1000 );
14684  memset( hash_result, 0x00, 1000 );
14685  memset( output, 0x00, 1000 );
14686  memset( output_str, 0x00, 1000 );
14687 
14688  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14689  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14690  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14691  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14692  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14693 
14694  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14695  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14696  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14697  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14698  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14699  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14700  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14701  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14702 
14703  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14704 
14705  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
14706 
14707  switch( SIG_RSA_SHA1 )
14708  {
14709  #ifdef POLARSSL_MD2_C
14710  case SIG_RSA_MD2:
14711  md2( message_str, msg_len, hash_result );
14712  break;
14713  #endif
14714  #ifdef POLARSSL_MD4_C
14715  case SIG_RSA_MD4:
14716  md4( message_str, msg_len, hash_result );
14717  break;
14718  #endif
14719  #ifdef POLARSSL_MD5_C
14720  case SIG_RSA_MD5:
14721  md5( message_str, msg_len, hash_result );
14722  break;
14723  #endif
14724  #ifdef POLARSSL_SHA1_C
14725  case SIG_RSA_SHA1:
14726  sha1( message_str, msg_len, hash_result );
14727  break;
14728  #endif
14729  #ifdef POLARSSL_SHA2_C
14730  case SIG_RSA_SHA224:
14731  sha2( message_str, msg_len, hash_result, 1 );
14732  break;
14733  case SIG_RSA_SHA256:
14734  sha2( message_str, msg_len, hash_result, 0 );
14735  break;
14736  #endif
14737  #ifdef POLARSSL_SHA4_C
14738  case SIG_RSA_SHA384:
14739  sha4( message_str, msg_len, hash_result, 1 );
14740  break;
14741  case SIG_RSA_SHA512:
14742  sha4( message_str, msg_len, hash_result, 0 );
14743  break;
14744  #endif
14745  }
14746 
14747  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14748  if( 0 == 0 )
14749  {
14750  hexify( output_str, output, ctx.len);
14751 
14752  fct_chk( strcasecmp( (char *) output_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" ) == 0 );
14753  }
14754 
14755  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14756  }
14757  FCT_TEST_END();
14758 
14759 
14760  FCT_TEST_BGN(rsassa_pss_signature_example_10_3_verify)
14761  {
14762  unsigned char message_str[1000];
14763  unsigned char hash_result[1000];
14764  unsigned char result_str[1000];
14765  rsa_context ctx;
14766  size_t msg_len;
14767 
14769  memset( message_str, 0x00, 1000 );
14770  memset( hash_result, 0x00, 1000 );
14771  memset( result_str, 0x00, 1000 );
14772 
14773  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14774  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14775  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14776 
14777  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14778 
14779  msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
14780  unhexify( result_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" );
14781 
14782  switch( SIG_RSA_SHA1 )
14783  {
14784  #ifdef POLARSSL_MD2_C
14785  case SIG_RSA_MD2:
14786  md2( message_str, msg_len, hash_result );
14787  break;
14788  #endif
14789  #ifdef POLARSSL_MD4_C
14790  case SIG_RSA_MD4:
14791  md4( message_str, msg_len, hash_result );
14792  break;
14793  #endif
14794  #ifdef POLARSSL_MD5_C
14795  case SIG_RSA_MD5:
14796  md5( message_str, msg_len, hash_result );
14797  break;
14798  #endif
14799  #ifdef POLARSSL_SHA1_C
14800  case SIG_RSA_SHA1:
14801  sha1( message_str, msg_len, hash_result );
14802  break;
14803  #endif
14804  #ifdef POLARSSL_SHA2_C
14805  case SIG_RSA_SHA224:
14806  sha2( message_str, msg_len, hash_result, 1 );
14807  break;
14808  case SIG_RSA_SHA256:
14809  sha2( message_str, msg_len, hash_result, 0 );
14810  break;
14811  #endif
14812  #ifdef POLARSSL_SHA4_C
14813  case SIG_RSA_SHA384:
14814  sha4( message_str, msg_len, hash_result, 1 );
14815  break;
14816  case SIG_RSA_SHA512:
14817  sha4( message_str, msg_len, hash_result, 0 );
14818  break;
14819  #endif
14820  }
14821 
14822  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14823  }
14824  FCT_TEST_END();
14825 
14826 
14827  FCT_TEST_BGN(rsassa_pss_signature_example_10_4)
14828  {
14829  unsigned char message_str[1000];
14830  unsigned char hash_result[1000];
14831  unsigned char output[1000];
14832  unsigned char output_str[1000];
14833  unsigned char rnd_buf[1000];
14834  rsa_context ctx;
14835  mpi P1, Q1, H, G;
14836  size_t msg_len;
14837  rnd_buf_info info;
14838 
14839  info.length = unhexify( rnd_buf, "c7cd698d84b65128d8835e3a8b1eb0e01cb541ec" );
14840  info.buf = rnd_buf;
14841 
14842  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14844 
14845  memset( message_str, 0x00, 1000 );
14846  memset( hash_result, 0x00, 1000 );
14847  memset( output, 0x00, 1000 );
14848  memset( output_str, 0x00, 1000 );
14849 
14850  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14851  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14852  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14853  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14854  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14855 
14856  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14857  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14858  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14859  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
14860  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
14861  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14862  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14863  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14864 
14865  fct_chk( rsa_check_privkey( &ctx ) == 0 );
14866 
14867  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
14868 
14869  switch( SIG_RSA_SHA1 )
14870  {
14871  #ifdef POLARSSL_MD2_C
14872  case SIG_RSA_MD2:
14873  md2( message_str, msg_len, hash_result );
14874  break;
14875  #endif
14876  #ifdef POLARSSL_MD4_C
14877  case SIG_RSA_MD4:
14878  md4( message_str, msg_len, hash_result );
14879  break;
14880  #endif
14881  #ifdef POLARSSL_MD5_C
14882  case SIG_RSA_MD5:
14883  md5( message_str, msg_len, hash_result );
14884  break;
14885  #endif
14886  #ifdef POLARSSL_SHA1_C
14887  case SIG_RSA_SHA1:
14888  sha1( message_str, msg_len, hash_result );
14889  break;
14890  #endif
14891  #ifdef POLARSSL_SHA2_C
14892  case SIG_RSA_SHA224:
14893  sha2( message_str, msg_len, hash_result, 1 );
14894  break;
14895  case SIG_RSA_SHA256:
14896  sha2( message_str, msg_len, hash_result, 0 );
14897  break;
14898  #endif
14899  #ifdef POLARSSL_SHA4_C
14900  case SIG_RSA_SHA384:
14901  sha4( message_str, msg_len, hash_result, 1 );
14902  break;
14903  case SIG_RSA_SHA512:
14904  sha4( message_str, msg_len, hash_result, 0 );
14905  break;
14906  #endif
14907  }
14908 
14909  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14910  if( 0 == 0 )
14911  {
14912  hexify( output_str, output, ctx.len);
14913 
14914  fct_chk( strcasecmp( (char *) output_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" ) == 0 );
14915  }
14916 
14917  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14918  }
14919  FCT_TEST_END();
14920 
14921 
14922  FCT_TEST_BGN(rsassa_pss_signature_example_10_4_verify)
14923  {
14924  unsigned char message_str[1000];
14925  unsigned char hash_result[1000];
14926  unsigned char result_str[1000];
14927  rsa_context ctx;
14928  size_t msg_len;
14929 
14931  memset( message_str, 0x00, 1000 );
14932  memset( hash_result, 0x00, 1000 );
14933  memset( result_str, 0x00, 1000 );
14934 
14935  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14936  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14937  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14938 
14939  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14940 
14941  msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
14942  unhexify( result_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" );
14943 
14944  switch( SIG_RSA_SHA1 )
14945  {
14946  #ifdef POLARSSL_MD2_C
14947  case SIG_RSA_MD2:
14948  md2( message_str, msg_len, hash_result );
14949  break;
14950  #endif
14951  #ifdef POLARSSL_MD4_C
14952  case SIG_RSA_MD4:
14953  md4( message_str, msg_len, hash_result );
14954  break;
14955  #endif
14956  #ifdef POLARSSL_MD5_C
14957  case SIG_RSA_MD5:
14958  md5( message_str, msg_len, hash_result );
14959  break;
14960  #endif
14961  #ifdef POLARSSL_SHA1_C
14962  case SIG_RSA_SHA1:
14963  sha1( message_str, msg_len, hash_result );
14964  break;
14965  #endif
14966  #ifdef POLARSSL_SHA2_C
14967  case SIG_RSA_SHA224:
14968  sha2( message_str, msg_len, hash_result, 1 );
14969  break;
14970  case SIG_RSA_SHA256:
14971  sha2( message_str, msg_len, hash_result, 0 );
14972  break;
14973  #endif
14974  #ifdef POLARSSL_SHA4_C
14975  case SIG_RSA_SHA384:
14976  sha4( message_str, msg_len, hash_result, 1 );
14977  break;
14978  case SIG_RSA_SHA512:
14979  sha4( message_str, msg_len, hash_result, 0 );
14980  break;
14981  #endif
14982  }
14983 
14984  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14985  }
14986  FCT_TEST_END();
14987 
14988 
14989  FCT_TEST_BGN(rsassa_pss_signature_example_10_5)
14990  {
14991  unsigned char message_str[1000];
14992  unsigned char hash_result[1000];
14993  unsigned char output[1000];
14994  unsigned char output_str[1000];
14995  unsigned char rnd_buf[1000];
14996  rsa_context ctx;
14997  mpi P1, Q1, H, G;
14998  size_t msg_len;
14999  rnd_buf_info info;
15000 
15001  info.length = unhexify( rnd_buf, "efa8bff96212b2f4a3f371a10d574152655f5dfb" );
15002  info.buf = rnd_buf;
15003 
15004  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15006 
15007  memset( message_str, 0x00, 1000 );
15008  memset( hash_result, 0x00, 1000 );
15009  memset( output, 0x00, 1000 );
15010  memset( output_str, 0x00, 1000 );
15011 
15012  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15013  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15014  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15015  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15016  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15017 
15018  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15019  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15020  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15021  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15022  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15023  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15024  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15025  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15026 
15027  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15028 
15029  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15030 
15031  switch( SIG_RSA_SHA1 )
15032  {
15033  #ifdef POLARSSL_MD2_C
15034  case SIG_RSA_MD2:
15035  md2( message_str, msg_len, hash_result );
15036  break;
15037  #endif
15038  #ifdef POLARSSL_MD4_C
15039  case SIG_RSA_MD4:
15040  md4( message_str, msg_len, hash_result );
15041  break;
15042  #endif
15043  #ifdef POLARSSL_MD5_C
15044  case SIG_RSA_MD5:
15045  md5( message_str, msg_len, hash_result );
15046  break;
15047  #endif
15048  #ifdef POLARSSL_SHA1_C
15049  case SIG_RSA_SHA1:
15050  sha1( message_str, msg_len, hash_result );
15051  break;
15052  #endif
15053  #ifdef POLARSSL_SHA2_C
15054  case SIG_RSA_SHA224:
15055  sha2( message_str, msg_len, hash_result, 1 );
15056  break;
15057  case SIG_RSA_SHA256:
15058  sha2( message_str, msg_len, hash_result, 0 );
15059  break;
15060  #endif
15061  #ifdef POLARSSL_SHA4_C
15062  case SIG_RSA_SHA384:
15063  sha4( message_str, msg_len, hash_result, 1 );
15064  break;
15065  case SIG_RSA_SHA512:
15066  sha4( message_str, msg_len, hash_result, 0 );
15067  break;
15068  #endif
15069  }
15070 
15071  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15072  if( 0 == 0 )
15073  {
15074  hexify( output_str, output, ctx.len);
15075 
15076  fct_chk( strcasecmp( (char *) output_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" ) == 0 );
15077  }
15078 
15079  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15080  }
15081  FCT_TEST_END();
15082 
15083 
15084  FCT_TEST_BGN(rsassa_pss_signature_example_10_5_verify)
15085  {
15086  unsigned char message_str[1000];
15087  unsigned char hash_result[1000];
15088  unsigned char result_str[1000];
15089  rsa_context ctx;
15090  size_t msg_len;
15091 
15093  memset( message_str, 0x00, 1000 );
15094  memset( hash_result, 0x00, 1000 );
15095  memset( result_str, 0x00, 1000 );
15096 
15097  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15098  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15099  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15100 
15101  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15102 
15103  msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15104  unhexify( result_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" );
15105 
15106  switch( SIG_RSA_SHA1 )
15107  {
15108  #ifdef POLARSSL_MD2_C
15109  case SIG_RSA_MD2:
15110  md2( message_str, msg_len, hash_result );
15111  break;
15112  #endif
15113  #ifdef POLARSSL_MD4_C
15114  case SIG_RSA_MD4:
15115  md4( message_str, msg_len, hash_result );
15116  break;
15117  #endif
15118  #ifdef POLARSSL_MD5_C
15119  case SIG_RSA_MD5:
15120  md5( message_str, msg_len, hash_result );
15121  break;
15122  #endif
15123  #ifdef POLARSSL_SHA1_C
15124  case SIG_RSA_SHA1:
15125  sha1( message_str, msg_len, hash_result );
15126  break;
15127  #endif
15128  #ifdef POLARSSL_SHA2_C
15129  case SIG_RSA_SHA224:
15130  sha2( message_str, msg_len, hash_result, 1 );
15131  break;
15132  case SIG_RSA_SHA256:
15133  sha2( message_str, msg_len, hash_result, 0 );
15134  break;
15135  #endif
15136  #ifdef POLARSSL_SHA4_C
15137  case SIG_RSA_SHA384:
15138  sha4( message_str, msg_len, hash_result, 1 );
15139  break;
15140  case SIG_RSA_SHA512:
15141  sha4( message_str, msg_len, hash_result, 0 );
15142  break;
15143  #endif
15144  }
15145 
15146  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15147  }
15148  FCT_TEST_END();
15149 
15150 
15151  FCT_TEST_BGN(rsassa_pss_signature_example_10_6)
15152  {
15153  unsigned char message_str[1000];
15154  unsigned char hash_result[1000];
15155  unsigned char output[1000];
15156  unsigned char output_str[1000];
15157  unsigned char rnd_buf[1000];
15158  rsa_context ctx;
15159  mpi P1, Q1, H, G;
15160  size_t msg_len;
15161  rnd_buf_info info;
15162 
15163  info.length = unhexify( rnd_buf, "ad8b1523703646224b660b550885917ca2d1df28" );
15164  info.buf = rnd_buf;
15165 
15166  mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15168 
15169  memset( message_str, 0x00, 1000 );
15170  memset( hash_result, 0x00, 1000 );
15171  memset( output, 0x00, 1000 );
15172  memset( output_str, 0x00, 1000 );
15173 
15174  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15175  fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15176  fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15177  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15178  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15179 
15180  fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15181  fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15182  fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15183  fct_chk( mpi_gcd( &G, &ctx.E, &H ) == 0 );
15184  fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 );
15185  fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15186  fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15187  fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15188 
15189  fct_chk( rsa_check_privkey( &ctx ) == 0 );
15190 
15191  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15192 
15193  switch( SIG_RSA_SHA1 )
15194  {
15195  #ifdef POLARSSL_MD2_C
15196  case SIG_RSA_MD2:
15197  md2( message_str, msg_len, hash_result );
15198  break;
15199  #endif
15200  #ifdef POLARSSL_MD4_C
15201  case SIG_RSA_MD4:
15202  md4( message_str, msg_len, hash_result );
15203  break;
15204  #endif
15205  #ifdef POLARSSL_MD5_C
15206  case SIG_RSA_MD5:
15207  md5( message_str, msg_len, hash_result );
15208  break;
15209  #endif
15210  #ifdef POLARSSL_SHA1_C
15211  case SIG_RSA_SHA1:
15212  sha1( message_str, msg_len, hash_result );
15213  break;
15214  #endif
15215  #ifdef POLARSSL_SHA2_C
15216  case SIG_RSA_SHA224:
15217  sha2( message_str, msg_len, hash_result, 1 );
15218  break;
15219  case SIG_RSA_SHA256:
15220  sha2( message_str, msg_len, hash_result, 0 );
15221  break;
15222  #endif
15223  #ifdef POLARSSL_SHA4_C
15224  case SIG_RSA_SHA384:
15225  sha4( message_str, msg_len, hash_result, 1 );
15226  break;
15227  case SIG_RSA_SHA512:
15228  sha4( message_str, msg_len, hash_result, 0 );
15229  break;
15230  #endif
15231  }
15232 
15233  fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15234  if( 0 == 0 )
15235  {
15236  hexify( output_str, output, ctx.len);
15237 
15238  fct_chk( strcasecmp( (char *) output_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" ) == 0 );
15239  }
15240 
15241  mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15242  }
15243  FCT_TEST_END();
15244 
15245 
15246  FCT_TEST_BGN(rsassa_pss_signature_example_10_6_verify)
15247  {
15248  unsigned char message_str[1000];
15249  unsigned char hash_result[1000];
15250  unsigned char result_str[1000];
15251  rsa_context ctx;
15252  size_t msg_len;
15253 
15255  memset( message_str, 0x00, 1000 );
15256  memset( hash_result, 0x00, 1000 );
15257  memset( result_str, 0x00, 1000 );
15258 
15259  ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15260  fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15261  fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15262 
15263  fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15264 
15265  msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15266  unhexify( result_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" );
15267 
15268  switch( SIG_RSA_SHA1 )
15269  {
15270  #ifdef POLARSSL_MD2_C
15271  case SIG_RSA_MD2:
15272  md2( message_str, msg_len, hash_result );
15273  break;
15274  #endif
15275  #ifdef POLARSSL_MD4_C
15276  case SIG_RSA_MD4:
15277  md4( message_str, msg_len, hash_result );
15278  break;
15279  #endif
15280  #ifdef POLARSSL_MD5_C
15281  case SIG_RSA_MD5:
15282  md5( message_str, msg_len, hash_result );
15283  break;
15284  #endif
15285  #ifdef POLARSSL_SHA1_C
15286  case SIG_RSA_SHA1:
15287  sha1( message_str, msg_len, hash_result );
15288  break;
15289  #endif
15290  #ifdef POLARSSL_SHA2_C
15291  case SIG_RSA_SHA224:
15292  sha2( message_str, msg_len, hash_result, 1 );
15293  break;
15294  case SIG_RSA_SHA256:
15295  sha2( message_str, msg_len, hash_result, 0 );
15296  break;
15297  #endif
15298  #ifdef POLARSSL_SHA4_C
15299  case SIG_RSA_SHA384:
15300  sha4( message_str, msg_len, hash_result, 1 );
15301  break;
15302  case SIG_RSA_SHA512:
15303  sha4( message_str, msg_len, hash_result, 0 );
15304  break;
15305  #endif
15306  }
15307 
15308  fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15309  }
15310  FCT_TEST_END();
15311 
15312  }
15313  FCT_SUITE_END();
15314 
15315 #endif /* POLARSSL_PKCS1_V21 */
15316 #endif /* POLARSSL_RSA_C */
15317 #endif /* POLARSSL_BIGNUM_C */
15318 #endif /* POLARSSL_SHA1_C */
15319 #endif /* POLARSSL_GENPRIME */
15320 
15321 }
15322 FCT_END();
15323