PolarSSL v1.1.4
test_suite_pkcs1_v21.c
Go to the documentation of this file.
00001 #include "fct.h"
00002 
00003 #include <polarssl/rsa.h>
00004 #include <polarssl/md.h>
00005 #include <polarssl/md2.h>
00006 #include <polarssl/md4.h>
00007 #include <polarssl/md5.h>
00008 #include <polarssl/sha1.h>
00009 #include <polarssl/sha2.h>
00010 #include <polarssl/sha4.h>
00011 
00012 #include <polarssl/config.h>
00013 
00014 #ifdef _MSC_VER
00015 #include <basetsd.h>
00016 typedef UINT32 uint32_t;
00017 #else
00018 #include <inttypes.h>
00019 #endif
00020 
00021 /*
00022  * 32-bit integer manipulation macros (big endian)
00023  */
00024 #ifndef GET_ULONG_BE
00025 #define GET_ULONG_BE(n,b,i)                             \
00026 {                                                       \
00027     (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
00028         | ( (unsigned long) (b)[(i) + 1] << 16 )        \
00029         | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
00030         | ( (unsigned long) (b)[(i) + 3]       );       \
00031 }
00032 #endif
00033 
00034 #ifndef PUT_ULONG_BE
00035 #define PUT_ULONG_BE(n,b,i)                             \
00036 {                                                       \
00037     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00038     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00039     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00040     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00041 }
00042 #endif
00043 
00044 int unhexify(unsigned char *obuf, const char *ibuf)
00045 {
00046     unsigned char c, c2;
00047     int len = strlen(ibuf) / 2;
00048     assert(!(strlen(ibuf) %1)); // must be even number of bytes
00049 
00050     while (*ibuf != 0)
00051     {
00052         c = *ibuf++;
00053         if( c >= '0' && c <= '9' )
00054             c -= '0';
00055         else if( c >= 'a' && c <= 'f' )
00056             c -= 'a' - 10;
00057         else if( c >= 'A' && c <= 'F' )
00058             c -= 'A' - 10;
00059         else
00060             assert( 0 );
00061 
00062         c2 = *ibuf++;
00063         if( c2 >= '0' && c2 <= '9' )
00064             c2 -= '0';
00065         else if( c2 >= 'a' && c2 <= 'f' )
00066             c2 -= 'a' - 10;
00067         else if( c2 >= 'A' && c2 <= 'F' )
00068             c2 -= 'A' - 10;
00069         else
00070             assert( 0 );
00071 
00072         *obuf++ = ( c << 4 ) | c2;
00073     }
00074 
00075     return len;
00076 }
00077 
00078 void hexify(unsigned char *obuf, const unsigned char *ibuf, int len)
00079 {
00080     unsigned char l, h;
00081 
00082     while (len != 0)
00083     {
00084         h = (*ibuf) / 16;
00085         l = (*ibuf) % 16;
00086 
00087         if( h < 10 )
00088             *obuf++ = '0' + h;
00089         else
00090             *obuf++ = 'a' + h - 10;
00091 
00092         if( l < 10 )
00093             *obuf++ = '0' + l;
00094         else
00095             *obuf++ = 'a' + l - 10;
00096 
00097         ++ibuf;
00098         len--;
00099     }
00100 }
00101 
00111 static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
00112 {
00113     size_t i;
00114 
00115     if( rng_state != NULL )
00116         rng_state  = NULL;
00117 
00118     for( i = 0; i < len; ++i )
00119         output[i] = rand();
00120 
00121     return( 0 );
00122 }
00123 
00129 static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
00130 {
00131     if( rng_state != NULL )
00132         rng_state  = NULL;
00133 
00134     memset( output, 0, len );
00135 
00136     return( 0 );
00137 }
00138 
00139 typedef struct
00140 {
00141     unsigned char *buf;
00142     size_t length;
00143 } rnd_buf_info;
00144 
00156 static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
00157 {
00158     rnd_buf_info *info = (rnd_buf_info *) rng_state;
00159     size_t use_len;
00160 
00161     if( rng_state == NULL )
00162         return( rnd_std_rand( NULL, output, len ) );
00163 
00164     use_len = len;
00165     if( len > info->length )
00166         use_len = info->length;
00167 
00168     if( use_len )
00169     {
00170         memcpy( output, info->buf, use_len );
00171         info->buf += use_len;
00172         info->length -= use_len;
00173     }
00174 
00175     if( len - use_len > 0 )
00176         return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
00177 
00178     return( 0 );
00179 }
00180 
00188 typedef struct
00189 {
00190     uint32_t key[16];
00191     uint32_t v0, v1;
00192 } rnd_pseudo_info;
00193 
00202 static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
00203 {
00204     rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
00205     uint32_t i, *k, sum, delta=0x9E3779B9;
00206     unsigned char result[4];
00207 
00208     if( rng_state == NULL )
00209         return( rnd_std_rand( NULL, output, len ) );
00210 
00211     k = info->key;
00212 
00213     while( len > 0 )
00214     {
00215         size_t use_len = ( len > 4 ) ? 4 : len;
00216         sum = 0;
00217 
00218         for( i = 0; i < 32; i++ )
00219         {
00220             info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5)) + info->v1) ^ (sum + k[sum & 3]);
00221             sum += delta;
00222             info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5)) + info->v0) ^ (sum + k[(sum>>11) & 3]);
00223         }
00224 
00225         PUT_ULONG_BE( info->v0, result, 0 );
00226         memcpy( output, result, use_len );
00227         len -= use_len;
00228     }
00229 
00230     return( 0 );
00231 }
00232 
00233 
00234 FCT_BGN()
00235 {
00236 #ifdef POLARSSL_PKCS1_V21
00237 #ifdef POLARSSL_RSA_C
00238 #ifdef POLARSSL_BIGNUM_C
00239 #ifdef POLARSSL_SHA1_C
00240 #ifdef POLARSSL_GENPRIME
00241 
00242 
00243     FCT_SUITE_BGN(test_suite_pkcs1_v21)
00244     {
00245 
00246         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_int)
00247         {
00248             unsigned char message_str[1000];
00249             unsigned char output[1000];
00250             unsigned char output_str[1000];
00251             unsigned char rnd_buf[1000];
00252             rsa_context ctx;
00253             size_t msg_len;
00254             rnd_buf_info info;
00255         
00256             info.length = unhexify( rnd_buf, "aafd12f659cae63489b479e5076ddec2f06cb58f" );
00257             info.buf = rnd_buf;
00258         
00259             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00260             memset( message_str, 0x00, 1000 );
00261             memset( output, 0x00, 1000 );
00262             memset( output_str, 0x00, 1000 );
00263         
00264             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00265             fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
00266             fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
00267         
00268             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00269         
00270             msg_len = unhexify( message_str, "d436e99569fd32a7c8a05bbc90d32c49" );
00271         
00272             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00273             if( 0 == 0 )
00274             {
00275                 hexify( output_str, output, ctx.len );
00276         
00277                 fct_chk( strcasecmp( (char *) output_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" ) == 0 );
00278             }
00279         }
00280         FCT_TEST_END();
00281 
00282 
00283         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_1)
00284         {
00285             unsigned char message_str[1000];
00286             unsigned char output[1000];
00287             unsigned char output_str[1000];
00288             unsigned char rnd_buf[1000];
00289             rsa_context ctx;
00290             size_t msg_len;
00291             rnd_buf_info info;
00292         
00293             info.length = unhexify( rnd_buf, "18b776ea21069d69776a33e96bad48e1dda0a5ef" );
00294             info.buf = rnd_buf;
00295         
00296             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00297             memset( message_str, 0x00, 1000 );
00298             memset( output, 0x00, 1000 );
00299             memset( output_str, 0x00, 1000 );
00300         
00301             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00302             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00303             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00304         
00305             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00306         
00307             msg_len = unhexify( message_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" );
00308         
00309             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00310             if( 0 == 0 )
00311             {
00312                 hexify( output_str, output, ctx.len );
00313         
00314                 fct_chk( strcasecmp( (char *) output_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" ) == 0 );
00315             }
00316         }
00317         FCT_TEST_END();
00318 
00319 
00320         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_2)
00321         {
00322             unsigned char message_str[1000];
00323             unsigned char output[1000];
00324             unsigned char output_str[1000];
00325             unsigned char rnd_buf[1000];
00326             rsa_context ctx;
00327             size_t msg_len;
00328             rnd_buf_info info;
00329         
00330             info.length = unhexify( rnd_buf, "0cc742ce4a9b7f32f951bcb251efd925fe4fe35f" );
00331             info.buf = rnd_buf;
00332         
00333             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00334             memset( message_str, 0x00, 1000 );
00335             memset( output, 0x00, 1000 );
00336             memset( output_str, 0x00, 1000 );
00337         
00338             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00339             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00340             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00341         
00342             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00343         
00344             msg_len = unhexify( message_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" );
00345         
00346             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00347             if( 0 == 0 )
00348             {
00349                 hexify( output_str, output, ctx.len );
00350         
00351                 fct_chk( strcasecmp( (char *) output_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" ) == 0 );
00352             }
00353         }
00354         FCT_TEST_END();
00355 
00356 
00357         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_3)
00358         {
00359             unsigned char message_str[1000];
00360             unsigned char output[1000];
00361             unsigned char output_str[1000];
00362             unsigned char rnd_buf[1000];
00363             rsa_context ctx;
00364             size_t msg_len;
00365             rnd_buf_info info;
00366         
00367             info.length = unhexify( rnd_buf, "2514df4695755a67b288eaf4905c36eec66fd2fd" );
00368             info.buf = rnd_buf;
00369         
00370             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00371             memset( message_str, 0x00, 1000 );
00372             memset( output, 0x00, 1000 );
00373             memset( output_str, 0x00, 1000 );
00374         
00375             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00376             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00377             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00378         
00379             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00380         
00381             msg_len = unhexify( message_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" );
00382         
00383             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00384             if( 0 == 0 )
00385             {
00386                 hexify( output_str, output, ctx.len );
00387         
00388                 fct_chk( strcasecmp( (char *) output_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" ) == 0 );
00389             }
00390         }
00391         FCT_TEST_END();
00392 
00393 
00394         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_4)
00395         {
00396             unsigned char message_str[1000];
00397             unsigned char output[1000];
00398             unsigned char output_str[1000];
00399             unsigned char rnd_buf[1000];
00400             rsa_context ctx;
00401             size_t msg_len;
00402             rnd_buf_info info;
00403         
00404             info.length = unhexify( rnd_buf, "c4435a3e1a18a68b6820436290a37cefb85db3fb" );
00405             info.buf = rnd_buf;
00406         
00407             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00408             memset( message_str, 0x00, 1000 );
00409             memset( output, 0x00, 1000 );
00410             memset( output_str, 0x00, 1000 );
00411         
00412             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00413             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00414             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00415         
00416             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00417         
00418             msg_len = unhexify( message_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" );
00419         
00420             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00421             if( 0 == 0 )
00422             {
00423                 hexify( output_str, output, ctx.len );
00424         
00425                 fct_chk( strcasecmp( (char *) output_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" ) == 0 );
00426             }
00427         }
00428         FCT_TEST_END();
00429 
00430 
00431         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_5)
00432         {
00433             unsigned char message_str[1000];
00434             unsigned char output[1000];
00435             unsigned char output_str[1000];
00436             unsigned char rnd_buf[1000];
00437             rsa_context ctx;
00438             size_t msg_len;
00439             rnd_buf_info info;
00440         
00441             info.length = unhexify( rnd_buf, "b318c42df3be0f83fea823f5a7b47ed5e425a3b5" );
00442             info.buf = rnd_buf;
00443         
00444             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00445             memset( message_str, 0x00, 1000 );
00446             memset( output, 0x00, 1000 );
00447             memset( output_str, 0x00, 1000 );
00448         
00449             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00450             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00451             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00452         
00453             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00454         
00455             msg_len = unhexify( message_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802" );
00456         
00457             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00458             if( 0 == 0 )
00459             {
00460                 hexify( output_str, output, ctx.len );
00461         
00462                 fct_chk( strcasecmp( (char *) output_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" ) == 0 );
00463             }
00464         }
00465         FCT_TEST_END();
00466 
00467 
00468         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_1_6)
00469         {
00470             unsigned char message_str[1000];
00471             unsigned char output[1000];
00472             unsigned char output_str[1000];
00473             unsigned char rnd_buf[1000];
00474             rsa_context ctx;
00475             size_t msg_len;
00476             rnd_buf_info info;
00477         
00478             info.length = unhexify( rnd_buf, "e4ec0982c2336f3a677f6a356174eb0ce887abc2" );
00479             info.buf = rnd_buf;
00480         
00481             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00482             memset( message_str, 0x00, 1000 );
00483             memset( output, 0x00, 1000 );
00484             memset( output_str, 0x00, 1000 );
00485         
00486             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
00487             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
00488             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00489         
00490             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00491         
00492             msg_len = unhexify( message_str, "26521050844271" );
00493         
00494             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00495             if( 0 == 0 )
00496             {
00497                 hexify( output_str, output, ctx.len );
00498         
00499                 fct_chk( strcasecmp( (char *) output_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" ) == 0 );
00500             }
00501         }
00502         FCT_TEST_END();
00503 
00504 
00505         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_1)
00506         {
00507             unsigned char message_str[1000];
00508             unsigned char output[1000];
00509             unsigned char output_str[1000];
00510             unsigned char rnd_buf[1000];
00511             rsa_context ctx;
00512             size_t msg_len;
00513             rnd_buf_info info;
00514         
00515             info.length = unhexify( rnd_buf, "8c407b5ec2899e5099c53e8ce793bf94e71b1782" );
00516             info.buf = rnd_buf;
00517         
00518             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00519             memset( message_str, 0x00, 1000 );
00520             memset( output, 0x00, 1000 );
00521             memset( output_str, 0x00, 1000 );
00522         
00523             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00524             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00525             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00526         
00527             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00528         
00529             msg_len = unhexify( message_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" );
00530         
00531             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00532             if( 0 == 0 )
00533             {
00534                 hexify( output_str, output, ctx.len );
00535         
00536                 fct_chk( strcasecmp( (char *) output_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" ) == 0 );
00537             }
00538         }
00539         FCT_TEST_END();
00540 
00541 
00542         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_2)
00543         {
00544             unsigned char message_str[1000];
00545             unsigned char output[1000];
00546             unsigned char output_str[1000];
00547             unsigned char rnd_buf[1000];
00548             rsa_context ctx;
00549             size_t msg_len;
00550             rnd_buf_info info;
00551         
00552             info.length = unhexify( rnd_buf, "b600cf3c2e506d7f16778c910d3a8b003eee61d5" );
00553             info.buf = rnd_buf;
00554         
00555             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00556             memset( message_str, 0x00, 1000 );
00557             memset( output, 0x00, 1000 );
00558             memset( output_str, 0x00, 1000 );
00559         
00560             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00561             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00562             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00563         
00564             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00565         
00566             msg_len = unhexify( message_str, "2d" );
00567         
00568             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00569             if( 0 == 0 )
00570             {
00571                 hexify( output_str, output, ctx.len );
00572         
00573                 fct_chk( strcasecmp( (char *) output_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" ) == 0 );
00574             }
00575         }
00576         FCT_TEST_END();
00577 
00578 
00579         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_3)
00580         {
00581             unsigned char message_str[1000];
00582             unsigned char output[1000];
00583             unsigned char output_str[1000];
00584             unsigned char rnd_buf[1000];
00585             rsa_context ctx;
00586             size_t msg_len;
00587             rnd_buf_info info;
00588         
00589             info.length = unhexify( rnd_buf, "a73768aeeaa91f9d8c1ed6f9d2b63467f07ccae3" );
00590             info.buf = rnd_buf;
00591         
00592             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00593             memset( message_str, 0x00, 1000 );
00594             memset( output, 0x00, 1000 );
00595             memset( output_str, 0x00, 1000 );
00596         
00597             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00598             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00599             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00600         
00601             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00602         
00603             msg_len = unhexify( message_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" );
00604         
00605             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00606             if( 0 == 0 )
00607             {
00608                 hexify( output_str, output, ctx.len );
00609         
00610                 fct_chk( strcasecmp( (char *) output_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" ) == 0 );
00611             }
00612         }
00613         FCT_TEST_END();
00614 
00615 
00616         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_4)
00617         {
00618             unsigned char message_str[1000];
00619             unsigned char output[1000];
00620             unsigned char output_str[1000];
00621             unsigned char rnd_buf[1000];
00622             rsa_context ctx;
00623             size_t msg_len;
00624             rnd_buf_info info;
00625         
00626             info.length = unhexify( rnd_buf, "9a7b3b0e708bd96f8190ecab4fb9b2b3805a8156" );
00627             info.buf = rnd_buf;
00628         
00629             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00630             memset( message_str, 0x00, 1000 );
00631             memset( output, 0x00, 1000 );
00632             memset( output_str, 0x00, 1000 );
00633         
00634             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00635             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00636             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00637         
00638             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00639         
00640             msg_len = unhexify( message_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" );
00641         
00642             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00643             if( 0 == 0 )
00644             {
00645                 hexify( output_str, output, ctx.len );
00646         
00647                 fct_chk( strcasecmp( (char *) output_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" ) == 0 );
00648             }
00649         }
00650         FCT_TEST_END();
00651 
00652 
00653         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_5)
00654         {
00655             unsigned char message_str[1000];
00656             unsigned char output[1000];
00657             unsigned char output_str[1000];
00658             unsigned char rnd_buf[1000];
00659             rsa_context ctx;
00660             size_t msg_len;
00661             rnd_buf_info info;
00662         
00663             info.length = unhexify( rnd_buf, "eb3cebbc4adc16bb48e88c8aec0e34af7f427fd3" );
00664             info.buf = rnd_buf;
00665         
00666             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00667             memset( message_str, 0x00, 1000 );
00668             memset( output, 0x00, 1000 );
00669             memset( output_str, 0x00, 1000 );
00670         
00671             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00672             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00673             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00674         
00675             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00676         
00677             msg_len = unhexify( message_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" );
00678         
00679             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00680             if( 0 == 0 )
00681             {
00682                 hexify( output_str, output, ctx.len );
00683         
00684                 fct_chk( strcasecmp( (char *) output_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" ) == 0 );
00685             }
00686         }
00687         FCT_TEST_END();
00688 
00689 
00690         FCT_TEST_BGN(rsaes_oaep_encryption_test_vector_2_6)
00691         {
00692             unsigned char message_str[1000];
00693             unsigned char output[1000];
00694             unsigned char output_str[1000];
00695             unsigned char rnd_buf[1000];
00696             rsa_context ctx;
00697             size_t msg_len;
00698             rnd_buf_info info;
00699         
00700             info.length = unhexify( rnd_buf, "4c45cf4d57c98e3d6d2095adc51c489eb50dff84" );
00701             info.buf = rnd_buf;
00702         
00703             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00704             memset( message_str, 0x00, 1000 );
00705             memset( output, 0x00, 1000 );
00706             memset( output_str, 0x00, 1000 );
00707         
00708             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
00709             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
00710             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00711         
00712             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00713         
00714             msg_len = unhexify( message_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" );
00715         
00716             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00717             if( 0 == 0 )
00718             {
00719                 hexify( output_str, output, ctx.len );
00720         
00721                 fct_chk( strcasecmp( (char *) output_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" ) == 0 );
00722             }
00723         }
00724         FCT_TEST_END();
00725 
00726 
00727         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_1)
00728         {
00729             unsigned char message_str[1000];
00730             unsigned char output[1000];
00731             unsigned char output_str[1000];
00732             unsigned char rnd_buf[1000];
00733             rsa_context ctx;
00734             size_t msg_len;
00735             rnd_buf_info info;
00736         
00737             info.length = unhexify( rnd_buf, "8ced6b196290805790e909074015e6a20b0c4894" );
00738             info.buf = rnd_buf;
00739         
00740             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00741             memset( message_str, 0x00, 1000 );
00742             memset( output, 0x00, 1000 );
00743             memset( output_str, 0x00, 1000 );
00744         
00745             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00746             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00747             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00748         
00749             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00750         
00751             msg_len = unhexify( message_str, "087820b569e8fa8d" );
00752         
00753             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00754             if( 0 == 0 )
00755             {
00756                 hexify( output_str, output, ctx.len );
00757         
00758                 fct_chk( strcasecmp( (char *) output_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" ) == 0 );
00759             }
00760         }
00761         FCT_TEST_END();
00762 
00763 
00764         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_2)
00765         {
00766             unsigned char message_str[1000];
00767             unsigned char output[1000];
00768             unsigned char output_str[1000];
00769             unsigned char rnd_buf[1000];
00770             rsa_context ctx;
00771             size_t msg_len;
00772             rnd_buf_info info;
00773         
00774             info.length = unhexify( rnd_buf, "b4291d6567550848cc156967c809baab6ca507f0" );
00775             info.buf = rnd_buf;
00776         
00777             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00778             memset( message_str, 0x00, 1000 );
00779             memset( output, 0x00, 1000 );
00780             memset( output_str, 0x00, 1000 );
00781         
00782             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00783             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00784             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00785         
00786             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00787         
00788             msg_len = unhexify( message_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" );
00789         
00790             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00791             if( 0 == 0 )
00792             {
00793                 hexify( output_str, output, ctx.len );
00794         
00795                 fct_chk( strcasecmp( (char *) output_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" ) == 0 );
00796             }
00797         }
00798         FCT_TEST_END();
00799 
00800 
00801         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_3)
00802         {
00803             unsigned char message_str[1000];
00804             unsigned char output[1000];
00805             unsigned char output_str[1000];
00806             unsigned char rnd_buf[1000];
00807             rsa_context ctx;
00808             size_t msg_len;
00809             rnd_buf_info info;
00810         
00811             info.length = unhexify( rnd_buf, "ce8928f6059558254008badd9794fadcd2fd1f65" );
00812             info.buf = rnd_buf;
00813         
00814             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00815             memset( message_str, 0x00, 1000 );
00816             memset( output, 0x00, 1000 );
00817             memset( output_str, 0x00, 1000 );
00818         
00819             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00820             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00821             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00822         
00823             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00824         
00825             msg_len = unhexify( message_str, "d94cd0e08fa404ed89" );
00826         
00827             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00828             if( 0 == 0 )
00829             {
00830                 hexify( output_str, output, ctx.len );
00831         
00832                 fct_chk( strcasecmp( (char *) output_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" ) == 0 );
00833             }
00834         }
00835         FCT_TEST_END();
00836 
00837 
00838         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_4)
00839         {
00840             unsigned char message_str[1000];
00841             unsigned char output[1000];
00842             unsigned char output_str[1000];
00843             unsigned char rnd_buf[1000];
00844             rsa_context ctx;
00845             size_t msg_len;
00846             rnd_buf_info info;
00847         
00848             info.length = unhexify( rnd_buf, "6e2979f52d6814a57d83b090054888f119a5b9a3" );
00849             info.buf = rnd_buf;
00850         
00851             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00852             memset( message_str, 0x00, 1000 );
00853             memset( output, 0x00, 1000 );
00854             memset( output_str, 0x00, 1000 );
00855         
00856             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00857             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00858             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00859         
00860             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00861         
00862             msg_len = unhexify( message_str, "6cc641b6b61e6f963974dad23a9013284ef1" );
00863         
00864             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00865             if( 0 == 0 )
00866             {
00867                 hexify( output_str, output, ctx.len );
00868         
00869                 fct_chk( strcasecmp( (char *) output_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" ) == 0 );
00870             }
00871         }
00872         FCT_TEST_END();
00873 
00874 
00875         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_5)
00876         {
00877             unsigned char message_str[1000];
00878             unsigned char output[1000];
00879             unsigned char output_str[1000];
00880             unsigned char rnd_buf[1000];
00881             rsa_context ctx;
00882             size_t msg_len;
00883             rnd_buf_info info;
00884         
00885             info.length = unhexify( rnd_buf, "2d760bfe38c59de34cdc8b8c78a38e66284a2d27" );
00886             info.buf = rnd_buf;
00887         
00888             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00889             memset( message_str, 0x00, 1000 );
00890             memset( output, 0x00, 1000 );
00891             memset( output_str, 0x00, 1000 );
00892         
00893             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00894             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00895             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00896         
00897             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00898         
00899             msg_len = unhexify( message_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" );
00900         
00901             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00902             if( 0 == 0 )
00903             {
00904                 hexify( output_str, output, ctx.len );
00905         
00906                 fct_chk( strcasecmp( (char *) output_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" ) == 0 );
00907             }
00908         }
00909         FCT_TEST_END();
00910 
00911 
00912         FCT_TEST_BGN(rsaes_oaep_encryption_example_3_6)
00913         {
00914             unsigned char message_str[1000];
00915             unsigned char output[1000];
00916             unsigned char output_str[1000];
00917             unsigned char rnd_buf[1000];
00918             rsa_context ctx;
00919             size_t msg_len;
00920             rnd_buf_info info;
00921         
00922             info.length = unhexify( rnd_buf, "f174779c5fd3cfe007badcb7a36c9b55bfcfbf0e" );
00923             info.buf = rnd_buf;
00924         
00925             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00926             memset( message_str, 0x00, 1000 );
00927             memset( output, 0x00, 1000 );
00928             memset( output_str, 0x00, 1000 );
00929         
00930             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
00931             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
00932             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00933         
00934             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00935         
00936             msg_len = unhexify( message_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" );
00937         
00938             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00939             if( 0 == 0 )
00940             {
00941                 hexify( output_str, output, ctx.len );
00942         
00943                 fct_chk( strcasecmp( (char *) output_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" ) == 0 );
00944             }
00945         }
00946         FCT_TEST_END();
00947 
00948 
00949         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_1)
00950         {
00951             unsigned char message_str[1000];
00952             unsigned char output[1000];
00953             unsigned char output_str[1000];
00954             unsigned char rnd_buf[1000];
00955             rsa_context ctx;
00956             size_t msg_len;
00957             rnd_buf_info info;
00958         
00959             info.length = unhexify( rnd_buf, "1cac19ce993def55f98203f6852896c95ccca1f3" );
00960             info.buf = rnd_buf;
00961         
00962             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
00963             memset( message_str, 0x00, 1000 );
00964             memset( output, 0x00, 1000 );
00965             memset( output_str, 0x00, 1000 );
00966         
00967             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
00968             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
00969             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
00970         
00971             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
00972         
00973             msg_len = unhexify( message_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" );
00974         
00975             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
00976             if( 0 == 0 )
00977             {
00978                 hexify( output_str, output, ctx.len );
00979         
00980                 fct_chk( strcasecmp( (char *) output_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" ) == 0 );
00981             }
00982         }
00983         FCT_TEST_END();
00984 
00985 
00986         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_2)
00987         {
00988             unsigned char message_str[1000];
00989             unsigned char output[1000];
00990             unsigned char output_str[1000];
00991             unsigned char rnd_buf[1000];
00992             rsa_context ctx;
00993             size_t msg_len;
00994             rnd_buf_info info;
00995         
00996             info.length = unhexify( rnd_buf, "f545d5897585e3db71aa0cb8da76c51d032ae963" );
00997             info.buf = rnd_buf;
00998         
00999             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01000             memset( message_str, 0x00, 1000 );
01001             memset( output, 0x00, 1000 );
01002             memset( output_str, 0x00, 1000 );
01003         
01004             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
01005             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
01006             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01007         
01008             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01009         
01010             msg_len = unhexify( message_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" );
01011         
01012             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01013             if( 0 == 0 )
01014             {
01015                 hexify( output_str, output, ctx.len );
01016         
01017                 fct_chk( strcasecmp( (char *) output_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" ) == 0 );
01018             }
01019         }
01020         FCT_TEST_END();
01021 
01022 
01023         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_3)
01024         {
01025             unsigned char message_str[1000];
01026             unsigned char output[1000];
01027             unsigned char output_str[1000];
01028             unsigned char rnd_buf[1000];
01029             rsa_context ctx;
01030             size_t msg_len;
01031             rnd_buf_info info;
01032         
01033             info.length = unhexify( rnd_buf, "ad997feef730d6ea7be60d0dc52e72eacbfdd275" );
01034             info.buf = rnd_buf;
01035         
01036             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01037             memset( message_str, 0x00, 1000 );
01038             memset( output, 0x00, 1000 );
01039             memset( output_str, 0x00, 1000 );
01040         
01041             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
01042             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
01043             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01044         
01045             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01046         
01047             msg_len = unhexify( message_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" );
01048         
01049             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01050             if( 0 == 0 )
01051             {
01052                 hexify( output_str, output, ctx.len );
01053         
01054                 fct_chk( strcasecmp( (char *) output_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" ) == 0 );
01055             }
01056         }
01057         FCT_TEST_END();
01058 
01059 
01060         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_4)
01061         {
01062             unsigned char message_str[1000];
01063             unsigned char output[1000];
01064             unsigned char output_str[1000];
01065             unsigned char rnd_buf[1000];
01066             rsa_context ctx;
01067             size_t msg_len;
01068             rnd_buf_info info;
01069         
01070             info.length = unhexify( rnd_buf, "136454df5730f73c807a7e40d8c1a312ac5b9dd3" );
01071             info.buf = rnd_buf;
01072         
01073             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01074             memset( message_str, 0x00, 1000 );
01075             memset( output, 0x00, 1000 );
01076             memset( output_str, 0x00, 1000 );
01077         
01078             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
01079             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
01080             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01081         
01082             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01083         
01084             msg_len = unhexify( message_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" );
01085         
01086             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01087             if( 0 == 0 )
01088             {
01089                 hexify( output_str, output, ctx.len );
01090         
01091                 fct_chk( strcasecmp( (char *) output_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" ) == 0 );
01092             }
01093         }
01094         FCT_TEST_END();
01095 
01096 
01097         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_5)
01098         {
01099             unsigned char message_str[1000];
01100             unsigned char output[1000];
01101             unsigned char output_str[1000];
01102             unsigned char rnd_buf[1000];
01103             rsa_context ctx;
01104             size_t msg_len;
01105             rnd_buf_info info;
01106         
01107             info.length = unhexify( rnd_buf, "bca8057f824b2ea257f2861407eef63d33208681" );
01108             info.buf = rnd_buf;
01109         
01110             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01111             memset( message_str, 0x00, 1000 );
01112             memset( output, 0x00, 1000 );
01113             memset( output_str, 0x00, 1000 );
01114         
01115             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
01116             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
01117             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01118         
01119             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01120         
01121             msg_len = unhexify( message_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" );
01122         
01123             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01124             if( 0 == 0 )
01125             {
01126                 hexify( output_str, output, ctx.len );
01127         
01128                 fct_chk( strcasecmp( (char *) output_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" ) == 0 );
01129             }
01130         }
01131         FCT_TEST_END();
01132 
01133 
01134         FCT_TEST_BGN(rsaes_oaep_encryption_example_4_6)
01135         {
01136             unsigned char message_str[1000];
01137             unsigned char output[1000];
01138             unsigned char output_str[1000];
01139             unsigned char rnd_buf[1000];
01140             rsa_context ctx;
01141             size_t msg_len;
01142             rnd_buf_info info;
01143         
01144             info.length = unhexify( rnd_buf, "2e7e1e17f647b5ddd033e15472f90f6812f3ac4e" );
01145             info.buf = rnd_buf;
01146         
01147             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01148             memset( message_str, 0x00, 1000 );
01149             memset( output, 0x00, 1000 );
01150             memset( output_str, 0x00, 1000 );
01151         
01152             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
01153             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
01154             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01155         
01156             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01157         
01158             msg_len = unhexify( message_str, "f22242751ec6b1" );
01159         
01160             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01161             if( 0 == 0 )
01162             {
01163                 hexify( output_str, output, ctx.len );
01164         
01165                 fct_chk( strcasecmp( (char *) output_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" ) == 0 );
01166             }
01167         }
01168         FCT_TEST_END();
01169 
01170 
01171         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_1)
01172         {
01173             unsigned char message_str[1000];
01174             unsigned char output[1000];
01175             unsigned char output_str[1000];
01176             unsigned char rnd_buf[1000];
01177             rsa_context ctx;
01178             size_t msg_len;
01179             rnd_buf_info info;
01180         
01181             info.length = unhexify( rnd_buf, "44c92e283f77b9499c603d963660c87d2f939461" );
01182             info.buf = rnd_buf;
01183         
01184             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01185             memset( message_str, 0x00, 1000 );
01186             memset( output, 0x00, 1000 );
01187             memset( output_str, 0x00, 1000 );
01188         
01189             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01190             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01191             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01192         
01193             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01194         
01195             msg_len = unhexify( message_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" );
01196         
01197             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01198             if( 0 == 0 )
01199             {
01200                 hexify( output_str, output, ctx.len );
01201         
01202                 fct_chk( strcasecmp( (char *) output_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" ) == 0 );
01203             }
01204         }
01205         FCT_TEST_END();
01206 
01207 
01208         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_2)
01209         {
01210             unsigned char message_str[1000];
01211             unsigned char output[1000];
01212             unsigned char output_str[1000];
01213             unsigned char rnd_buf[1000];
01214             rsa_context ctx;
01215             size_t msg_len;
01216             rnd_buf_info info;
01217         
01218             info.length = unhexify( rnd_buf, "cb28f5860659fceee49c3eeafce625a70803bd32" );
01219             info.buf = rnd_buf;
01220         
01221             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01222             memset( message_str, 0x00, 1000 );
01223             memset( output, 0x00, 1000 );
01224             memset( output_str, 0x00, 1000 );
01225         
01226             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01227             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01228             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01229         
01230             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01231         
01232             msg_len = unhexify( message_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" );
01233         
01234             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01235             if( 0 == 0 )
01236             {
01237                 hexify( output_str, output, ctx.len );
01238         
01239                 fct_chk( strcasecmp( (char *) output_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" ) == 0 );
01240             }
01241         }
01242         FCT_TEST_END();
01243 
01244 
01245         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_3)
01246         {
01247             unsigned char message_str[1000];
01248             unsigned char output[1000];
01249             unsigned char output_str[1000];
01250             unsigned char rnd_buf[1000];
01251             rsa_context ctx;
01252             size_t msg_len;
01253             rnd_buf_info info;
01254         
01255             info.length = unhexify( rnd_buf, "2285f40d770482f9a9efa2c72cb3ac55716dc0ca" );
01256             info.buf = rnd_buf;
01257         
01258             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01259             memset( message_str, 0x00, 1000 );
01260             memset( output, 0x00, 1000 );
01261             memset( output_str, 0x00, 1000 );
01262         
01263             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01264             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01265             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01266         
01267             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01268         
01269             msg_len = unhexify( message_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" );
01270         
01271             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01272             if( 0 == 0 )
01273             {
01274                 hexify( output_str, output, ctx.len );
01275         
01276                 fct_chk( strcasecmp( (char *) output_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" ) == 0 );
01277             }
01278         }
01279         FCT_TEST_END();
01280 
01281 
01282         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_4)
01283         {
01284             unsigned char message_str[1000];
01285             unsigned char output[1000];
01286             unsigned char output_str[1000];
01287             unsigned char rnd_buf[1000];
01288             rsa_context ctx;
01289             size_t msg_len;
01290             rnd_buf_info info;
01291         
01292             info.length = unhexify( rnd_buf, "49fa45d3a78dd10dfd577399d1eb00af7eed5513" );
01293             info.buf = rnd_buf;
01294         
01295             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01296             memset( message_str, 0x00, 1000 );
01297             memset( output, 0x00, 1000 );
01298             memset( output_str, 0x00, 1000 );
01299         
01300             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01301             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01302             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01303         
01304             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01305         
01306             msg_len = unhexify( message_str, "15c5b9ee1185" );
01307         
01308             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01309             if( 0 == 0 )
01310             {
01311                 hexify( output_str, output, ctx.len );
01312         
01313                 fct_chk( strcasecmp( (char *) output_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" ) == 0 );
01314             }
01315         }
01316         FCT_TEST_END();
01317 
01318 
01319         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_5)
01320         {
01321             unsigned char message_str[1000];
01322             unsigned char output[1000];
01323             unsigned char output_str[1000];
01324             unsigned char rnd_buf[1000];
01325             rsa_context ctx;
01326             size_t msg_len;
01327             rnd_buf_info info;
01328         
01329             info.length = unhexify( rnd_buf, "f0287413234cc5034724a094c4586b87aff133fc" );
01330             info.buf = rnd_buf;
01331         
01332             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01333             memset( message_str, 0x00, 1000 );
01334             memset( output, 0x00, 1000 );
01335             memset( output_str, 0x00, 1000 );
01336         
01337             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01338             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01339             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01340         
01341             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01342         
01343             msg_len = unhexify( message_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" );
01344         
01345             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01346             if( 0 == 0 )
01347             {
01348                 hexify( output_str, output, ctx.len );
01349         
01350                 fct_chk( strcasecmp( (char *) output_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" ) == 0 );
01351             }
01352         }
01353         FCT_TEST_END();
01354 
01355 
01356         FCT_TEST_BGN(rsaes_oaep_encryption_example_5_6)
01357         {
01358             unsigned char message_str[1000];
01359             unsigned char output[1000];
01360             unsigned char output_str[1000];
01361             unsigned char rnd_buf[1000];
01362             rsa_context ctx;
01363             size_t msg_len;
01364             rnd_buf_info info;
01365         
01366             info.length = unhexify( rnd_buf, "d9fba45c96f21e6e26d29eb2cdcb6585be9cb341" );
01367             info.buf = rnd_buf;
01368         
01369             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01370             memset( message_str, 0x00, 1000 );
01371             memset( output, 0x00, 1000 );
01372             memset( output_str, 0x00, 1000 );
01373         
01374             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
01375             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
01376             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01377         
01378             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01379         
01380             msg_len = unhexify( message_str, "541e37b68b6c8872b84c02" );
01381         
01382             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01383             if( 0 == 0 )
01384             {
01385                 hexify( output_str, output, ctx.len );
01386         
01387                 fct_chk( strcasecmp( (char *) output_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" ) == 0 );
01388             }
01389         }
01390         FCT_TEST_END();
01391 
01392 
01393         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_1)
01394         {
01395             unsigned char message_str[1000];
01396             unsigned char output[1000];
01397             unsigned char output_str[1000];
01398             unsigned char rnd_buf[1000];
01399             rsa_context ctx;
01400             size_t msg_len;
01401             rnd_buf_info info;
01402         
01403             info.length = unhexify( rnd_buf, "dd0f6cfe415e88e5a469a51fbba6dfd40adb4384" );
01404             info.buf = rnd_buf;
01405         
01406             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01407             memset( message_str, 0x00, 1000 );
01408             memset( output, 0x00, 1000 );
01409             memset( output_str, 0x00, 1000 );
01410         
01411             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01412             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01413             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01414         
01415             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01416         
01417             msg_len = unhexify( message_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" );
01418         
01419             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01420             if( 0 == 0 )
01421             {
01422                 hexify( output_str, output, ctx.len );
01423         
01424                 fct_chk( strcasecmp( (char *) output_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" ) == 0 );
01425             }
01426         }
01427         FCT_TEST_END();
01428 
01429 
01430         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_2)
01431         {
01432             unsigned char message_str[1000];
01433             unsigned char output[1000];
01434             unsigned char output_str[1000];
01435             unsigned char rnd_buf[1000];
01436             rsa_context ctx;
01437             size_t msg_len;
01438             rnd_buf_info info;
01439         
01440             info.length = unhexify( rnd_buf, "8d14bd946a1351148f5cae2ed9a0c653e85ebd85" );
01441             info.buf = rnd_buf;
01442         
01443             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01444             memset( message_str, 0x00, 1000 );
01445             memset( output, 0x00, 1000 );
01446             memset( output_str, 0x00, 1000 );
01447         
01448             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01449             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01450             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01451         
01452             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01453         
01454             msg_len = unhexify( message_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" );
01455         
01456             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01457             if( 0 == 0 )
01458             {
01459                 hexify( output_str, output, ctx.len );
01460         
01461                 fct_chk( strcasecmp( (char *) output_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" ) == 0 );
01462             }
01463         }
01464         FCT_TEST_END();
01465 
01466 
01467         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_3)
01468         {
01469             unsigned char message_str[1000];
01470             unsigned char output[1000];
01471             unsigned char output_str[1000];
01472             unsigned char rnd_buf[1000];
01473             rsa_context ctx;
01474             size_t msg_len;
01475             rnd_buf_info info;
01476         
01477             info.length = unhexify( rnd_buf, "6c075bc45520f165c0bf5ea4c5df191bc9ef0e44" );
01478             info.buf = rnd_buf;
01479         
01480             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01481             memset( message_str, 0x00, 1000 );
01482             memset( output, 0x00, 1000 );
01483             memset( output_str, 0x00, 1000 );
01484         
01485             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01486             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01487             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01488         
01489             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01490         
01491             msg_len = unhexify( message_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" );
01492         
01493             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01494             if( 0 == 0 )
01495             {
01496                 hexify( output_str, output, ctx.len );
01497         
01498                 fct_chk( strcasecmp( (char *) output_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" ) == 0 );
01499             }
01500         }
01501         FCT_TEST_END();
01502 
01503 
01504         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_4)
01505         {
01506             unsigned char message_str[1000];
01507             unsigned char output[1000];
01508             unsigned char output_str[1000];
01509             unsigned char rnd_buf[1000];
01510             rsa_context ctx;
01511             size_t msg_len;
01512             rnd_buf_info info;
01513         
01514             info.length = unhexify( rnd_buf, "3bbc3bd6637dfe12846901029bf5b0c07103439c" );
01515             info.buf = rnd_buf;
01516         
01517             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01518             memset( message_str, 0x00, 1000 );
01519             memset( output, 0x00, 1000 );
01520             memset( output_str, 0x00, 1000 );
01521         
01522             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01523             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01524             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01525         
01526             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01527         
01528             msg_len = unhexify( message_str, "684e3038c5c041f7" );
01529         
01530             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01531             if( 0 == 0 )
01532             {
01533                 hexify( output_str, output, ctx.len );
01534         
01535                 fct_chk( strcasecmp( (char *) output_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" ) == 0 );
01536             }
01537         }
01538         FCT_TEST_END();
01539 
01540 
01541         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_5)
01542         {
01543             unsigned char message_str[1000];
01544             unsigned char output[1000];
01545             unsigned char output_str[1000];
01546             unsigned char rnd_buf[1000];
01547             rsa_context ctx;
01548             size_t msg_len;
01549             rnd_buf_info info;
01550         
01551             info.length = unhexify( rnd_buf, "b46b41893e8bef326f6759383a83071dae7fcabc" );
01552             info.buf = rnd_buf;
01553         
01554             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01555             memset( message_str, 0x00, 1000 );
01556             memset( output, 0x00, 1000 );
01557             memset( output_str, 0x00, 1000 );
01558         
01559             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01560             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01561             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01562         
01563             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01564         
01565             msg_len = unhexify( message_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" );
01566         
01567             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01568             if( 0 == 0 )
01569             {
01570                 hexify( output_str, output, ctx.len );
01571         
01572                 fct_chk( strcasecmp( (char *) output_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" ) == 0 );
01573             }
01574         }
01575         FCT_TEST_END();
01576 
01577 
01578         FCT_TEST_BGN(rsaes_oaep_encryption_example_6_6)
01579         {
01580             unsigned char message_str[1000];
01581             unsigned char output[1000];
01582             unsigned char output_str[1000];
01583             unsigned char rnd_buf[1000];
01584             rsa_context ctx;
01585             size_t msg_len;
01586             rnd_buf_info info;
01587         
01588             info.length = unhexify( rnd_buf, "0a2403312a41e3d52f060fbc13a67de5cf7609a7" );
01589             info.buf = rnd_buf;
01590         
01591             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01592             memset( message_str, 0x00, 1000 );
01593             memset( output, 0x00, 1000 );
01594             memset( output_str, 0x00, 1000 );
01595         
01596             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
01597             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
01598             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01599         
01600             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01601         
01602             msg_len = unhexify( message_str, "50ba14be8462720279c306ba" );
01603         
01604             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01605             if( 0 == 0 )
01606             {
01607                 hexify( output_str, output, ctx.len );
01608         
01609                 fct_chk( strcasecmp( (char *) output_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" ) == 0 );
01610             }
01611         }
01612         FCT_TEST_END();
01613 
01614 
01615         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_1)
01616         {
01617             unsigned char message_str[1000];
01618             unsigned char output[1000];
01619             unsigned char output_str[1000];
01620             unsigned char rnd_buf[1000];
01621             rsa_context ctx;
01622             size_t msg_len;
01623             rnd_buf_info info;
01624         
01625             info.length = unhexify( rnd_buf, "43dd09a07ff4cac71caa4632ee5e1c1daee4cd8f" );
01626             info.buf = rnd_buf;
01627         
01628             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01629             memset( message_str, 0x00, 1000 );
01630             memset( output, 0x00, 1000 );
01631             memset( output_str, 0x00, 1000 );
01632         
01633             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01634             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01635             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01636         
01637             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01638         
01639             msg_len = unhexify( message_str, "47aae909" );
01640         
01641             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01642             if( 0 == 0 )
01643             {
01644                 hexify( output_str, output, ctx.len );
01645         
01646                 fct_chk( strcasecmp( (char *) output_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" ) == 0 );
01647             }
01648         }
01649         FCT_TEST_END();
01650 
01651 
01652         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_2)
01653         {
01654             unsigned char message_str[1000];
01655             unsigned char output[1000];
01656             unsigned char output_str[1000];
01657             unsigned char rnd_buf[1000];
01658             rsa_context ctx;
01659             size_t msg_len;
01660             rnd_buf_info info;
01661         
01662             info.length = unhexify( rnd_buf, "3a9c3cec7b84f9bd3adecbc673ec99d54b22bc9b" );
01663             info.buf = rnd_buf;
01664         
01665             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01666             memset( message_str, 0x00, 1000 );
01667             memset( output, 0x00, 1000 );
01668             memset( output_str, 0x00, 1000 );
01669         
01670             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01671             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01672             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01673         
01674             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01675         
01676             msg_len = unhexify( message_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" );
01677         
01678             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01679             if( 0 == 0 )
01680             {
01681                 hexify( output_str, output, ctx.len );
01682         
01683                 fct_chk( strcasecmp( (char *) output_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" ) == 0 );
01684             }
01685         }
01686         FCT_TEST_END();
01687 
01688 
01689         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_3)
01690         {
01691             unsigned char message_str[1000];
01692             unsigned char output[1000];
01693             unsigned char output_str[1000];
01694             unsigned char rnd_buf[1000];
01695             rsa_context ctx;
01696             size_t msg_len;
01697             rnd_buf_info info;
01698         
01699             info.length = unhexify( rnd_buf, "76a75e5b6157a556cf8884bb2e45c293dd545cf5" );
01700             info.buf = rnd_buf;
01701         
01702             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01703             memset( message_str, 0x00, 1000 );
01704             memset( output, 0x00, 1000 );
01705             memset( output_str, 0x00, 1000 );
01706         
01707             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01708             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01709             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01710         
01711             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01712         
01713             msg_len = unhexify( message_str, "d976fc" );
01714         
01715             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01716             if( 0 == 0 )
01717             {
01718                 hexify( output_str, output, ctx.len );
01719         
01720                 fct_chk( strcasecmp( (char *) output_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" ) == 0 );
01721             }
01722         }
01723         FCT_TEST_END();
01724 
01725 
01726         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_4)
01727         {
01728             unsigned char message_str[1000];
01729             unsigned char output[1000];
01730             unsigned char output_str[1000];
01731             unsigned char rnd_buf[1000];
01732             rsa_context ctx;
01733             size_t msg_len;
01734             rnd_buf_info info;
01735         
01736             info.length = unhexify( rnd_buf, "7866314a6ad6f2b250a35941db28f5864b585859" );
01737             info.buf = rnd_buf;
01738         
01739             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01740             memset( message_str, 0x00, 1000 );
01741             memset( output, 0x00, 1000 );
01742             memset( output_str, 0x00, 1000 );
01743         
01744             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01745             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01746             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01747         
01748             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01749         
01750             msg_len = unhexify( message_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" );
01751         
01752             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01753             if( 0 == 0 )
01754             {
01755                 hexify( output_str, output, ctx.len );
01756         
01757                 fct_chk( strcasecmp( (char *) output_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" ) == 0 );
01758             }
01759         }
01760         FCT_TEST_END();
01761 
01762 
01763         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_5)
01764         {
01765             unsigned char message_str[1000];
01766             unsigned char output[1000];
01767             unsigned char output_str[1000];
01768             unsigned char rnd_buf[1000];
01769             rsa_context ctx;
01770             size_t msg_len;
01771             rnd_buf_info info;
01772         
01773             info.length = unhexify( rnd_buf, "b2166ed472d58db10cab2c6b000cccf10a7dc509" );
01774             info.buf = rnd_buf;
01775         
01776             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01777             memset( message_str, 0x00, 1000 );
01778             memset( output, 0x00, 1000 );
01779             memset( output_str, 0x00, 1000 );
01780         
01781             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01782             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01783             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01784         
01785             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01786         
01787             msg_len = unhexify( message_str, "bb47231ca5ea1d3ad46c99345d9a8a61" );
01788         
01789             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01790             if( 0 == 0 )
01791             {
01792                 hexify( output_str, output, ctx.len );
01793         
01794                 fct_chk( strcasecmp( (char *) output_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" ) == 0 );
01795             }
01796         }
01797         FCT_TEST_END();
01798 
01799 
01800         FCT_TEST_BGN(rsaes_oaep_encryption_example_7_6)
01801         {
01802             unsigned char message_str[1000];
01803             unsigned char output[1000];
01804             unsigned char output_str[1000];
01805             unsigned char rnd_buf[1000];
01806             rsa_context ctx;
01807             size_t msg_len;
01808             rnd_buf_info info;
01809         
01810             info.length = unhexify( rnd_buf, "52673bde2ca166c2aa46131ac1dc808d67d7d3b1" );
01811             info.buf = rnd_buf;
01812         
01813             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01814             memset( message_str, 0x00, 1000 );
01815             memset( output, 0x00, 1000 );
01816             memset( output_str, 0x00, 1000 );
01817         
01818             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
01819             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
01820             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01821         
01822             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01823         
01824             msg_len = unhexify( message_str, "2184827095d35c3f86f600e8e59754013296" );
01825         
01826             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01827             if( 0 == 0 )
01828             {
01829                 hexify( output_str, output, ctx.len );
01830         
01831                 fct_chk( strcasecmp( (char *) output_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" ) == 0 );
01832             }
01833         }
01834         FCT_TEST_END();
01835 
01836 
01837         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_1)
01838         {
01839             unsigned char message_str[1000];
01840             unsigned char output[1000];
01841             unsigned char output_str[1000];
01842             unsigned char rnd_buf[1000];
01843             rsa_context ctx;
01844             size_t msg_len;
01845             rnd_buf_info info;
01846         
01847             info.length = unhexify( rnd_buf, "7706ffca1ecfb1ebee2a55e5c6e24cd2797a4125" );
01848             info.buf = rnd_buf;
01849         
01850             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01851             memset( message_str, 0x00, 1000 );
01852             memset( output, 0x00, 1000 );
01853             memset( output_str, 0x00, 1000 );
01854         
01855             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
01856             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
01857             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01858         
01859             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01860         
01861             msg_len = unhexify( message_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" );
01862         
01863             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01864             if( 0 == 0 )
01865             {
01866                 hexify( output_str, output, ctx.len );
01867         
01868                 fct_chk( strcasecmp( (char *) output_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" ) == 0 );
01869             }
01870         }
01871         FCT_TEST_END();
01872 
01873 
01874         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_2)
01875         {
01876             unsigned char message_str[1000];
01877             unsigned char output[1000];
01878             unsigned char output_str[1000];
01879             unsigned char rnd_buf[1000];
01880             rsa_context ctx;
01881             size_t msg_len;
01882             rnd_buf_info info;
01883         
01884             info.length = unhexify( rnd_buf, "a3717da143b4dcffbc742665a8fa950585548343" );
01885             info.buf = rnd_buf;
01886         
01887             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01888             memset( message_str, 0x00, 1000 );
01889             memset( output, 0x00, 1000 );
01890             memset( output_str, 0x00, 1000 );
01891         
01892             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
01893             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
01894             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01895         
01896             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01897         
01898             msg_len = unhexify( message_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" );
01899         
01900             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01901             if( 0 == 0 )
01902             {
01903                 hexify( output_str, output, ctx.len );
01904         
01905                 fct_chk( strcasecmp( (char *) output_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" ) == 0 );
01906             }
01907         }
01908         FCT_TEST_END();
01909 
01910 
01911         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_3)
01912         {
01913             unsigned char message_str[1000];
01914             unsigned char output[1000];
01915             unsigned char output_str[1000];
01916             unsigned char rnd_buf[1000];
01917             rsa_context ctx;
01918             size_t msg_len;
01919             rnd_buf_info info;
01920         
01921             info.length = unhexify( rnd_buf, "ee06209073cca026bb264e5185bf8c68b7739f86" );
01922             info.buf = rnd_buf;
01923         
01924             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01925             memset( message_str, 0x00, 1000 );
01926             memset( output, 0x00, 1000 );
01927             memset( output_str, 0x00, 1000 );
01928         
01929             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
01930             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
01931             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01932         
01933             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01934         
01935             msg_len = unhexify( message_str, "8604ac56328c1ab5ad917861" );
01936         
01937             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01938             if( 0 == 0 )
01939             {
01940                 hexify( output_str, output, ctx.len );
01941         
01942                 fct_chk( strcasecmp( (char *) output_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" ) == 0 );
01943             }
01944         }
01945         FCT_TEST_END();
01946 
01947 
01948         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_4)
01949         {
01950             unsigned char message_str[1000];
01951             unsigned char output[1000];
01952             unsigned char output_str[1000];
01953             unsigned char rnd_buf[1000];
01954             rsa_context ctx;
01955             size_t msg_len;
01956             rnd_buf_info info;
01957         
01958             info.length = unhexify( rnd_buf, "990ad573dc48a973235b6d82543618f2e955105d" );
01959             info.buf = rnd_buf;
01960         
01961             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01962             memset( message_str, 0x00, 1000 );
01963             memset( output, 0x00, 1000 );
01964             memset( output_str, 0x00, 1000 );
01965         
01966             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
01967             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
01968             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
01969         
01970             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
01971         
01972             msg_len = unhexify( message_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" );
01973         
01974             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
01975             if( 0 == 0 )
01976             {
01977                 hexify( output_str, output, ctx.len );
01978         
01979                 fct_chk( strcasecmp( (char *) output_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" ) == 0 );
01980             }
01981         }
01982         FCT_TEST_END();
01983 
01984 
01985         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_5)
01986         {
01987             unsigned char message_str[1000];
01988             unsigned char output[1000];
01989             unsigned char output_str[1000];
01990             unsigned char rnd_buf[1000];
01991             rsa_context ctx;
01992             size_t msg_len;
01993             rnd_buf_info info;
01994         
01995             info.length = unhexify( rnd_buf, "ecc63b28f0756f22f52ac8e6ec1251a6ec304718" );
01996             info.buf = rnd_buf;
01997         
01998             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
01999             memset( message_str, 0x00, 1000 );
02000             memset( output, 0x00, 1000 );
02001             memset( output_str, 0x00, 1000 );
02002         
02003             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
02004             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
02005             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02006         
02007             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02008         
02009             msg_len = unhexify( message_str, "4a5f4914bee25de3c69341de07" );
02010         
02011             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02012             if( 0 == 0 )
02013             {
02014                 hexify( output_str, output, ctx.len );
02015         
02016                 fct_chk( strcasecmp( (char *) output_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" ) == 0 );
02017             }
02018         }
02019         FCT_TEST_END();
02020 
02021 
02022         FCT_TEST_BGN(rsaes_oaep_encryption_example_8_6)
02023         {
02024             unsigned char message_str[1000];
02025             unsigned char output[1000];
02026             unsigned char output_str[1000];
02027             unsigned char rnd_buf[1000];
02028             rsa_context ctx;
02029             size_t msg_len;
02030             rnd_buf_info info;
02031         
02032             info.length = unhexify( rnd_buf, "3925c71b362d40a0a6de42145579ba1e7dd459fc" );
02033             info.buf = rnd_buf;
02034         
02035             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02036             memset( message_str, 0x00, 1000 );
02037             memset( output, 0x00, 1000 );
02038             memset( output_str, 0x00, 1000 );
02039         
02040             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
02041             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
02042             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02043         
02044             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02045         
02046             msg_len = unhexify( message_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" );
02047         
02048             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02049             if( 0 == 0 )
02050             {
02051                 hexify( output_str, output, ctx.len );
02052         
02053                 fct_chk( strcasecmp( (char *) output_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" ) == 0 );
02054             }
02055         }
02056         FCT_TEST_END();
02057 
02058 
02059         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_1)
02060         {
02061             unsigned char message_str[1000];
02062             unsigned char output[1000];
02063             unsigned char output_str[1000];
02064             unsigned char rnd_buf[1000];
02065             rsa_context ctx;
02066             size_t msg_len;
02067             rnd_buf_info info;
02068         
02069             info.length = unhexify( rnd_buf, "8ec965f134a3ec9931e92a1ca0dc8169d5ea705c" );
02070             info.buf = rnd_buf;
02071         
02072             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02073             memset( message_str, 0x00, 1000 );
02074             memset( output, 0x00, 1000 );
02075             memset( output_str, 0x00, 1000 );
02076         
02077             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02078             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02079             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02080         
02081             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02082         
02083             msg_len = unhexify( message_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" );
02084         
02085             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02086             if( 0 == 0 )
02087             {
02088                 hexify( output_str, output, ctx.len );
02089         
02090                 fct_chk( strcasecmp( (char *) output_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" ) == 0 );
02091             }
02092         }
02093         FCT_TEST_END();
02094 
02095 
02096         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_2)
02097         {
02098             unsigned char message_str[1000];
02099             unsigned char output[1000];
02100             unsigned char output_str[1000];
02101             unsigned char rnd_buf[1000];
02102             rsa_context ctx;
02103             size_t msg_len;
02104             rnd_buf_info info;
02105         
02106             info.length = unhexify( rnd_buf, "ecb1b8b25fa50cdab08e56042867f4af5826d16c" );
02107             info.buf = rnd_buf;
02108         
02109             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02110             memset( message_str, 0x00, 1000 );
02111             memset( output, 0x00, 1000 );
02112             memset( output_str, 0x00, 1000 );
02113         
02114             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02115             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02116             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02117         
02118             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02119         
02120             msg_len = unhexify( message_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" );
02121         
02122             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02123             if( 0 == 0 )
02124             {
02125                 hexify( output_str, output, ctx.len );
02126         
02127                 fct_chk( strcasecmp( (char *) output_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" ) == 0 );
02128             }
02129         }
02130         FCT_TEST_END();
02131 
02132 
02133         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_3)
02134         {
02135             unsigned char message_str[1000];
02136             unsigned char output[1000];
02137             unsigned char output_str[1000];
02138             unsigned char rnd_buf[1000];
02139             rsa_context ctx;
02140             size_t msg_len;
02141             rnd_buf_info info;
02142         
02143             info.length = unhexify( rnd_buf, "e89bb032c6ce622cbdb53bc9466014ea77f777c0" );
02144             info.buf = rnd_buf;
02145         
02146             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02147             memset( message_str, 0x00, 1000 );
02148             memset( output, 0x00, 1000 );
02149             memset( output_str, 0x00, 1000 );
02150         
02151             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02152             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02153             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02154         
02155             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02156         
02157             msg_len = unhexify( message_str, "fd326429df9b890e09b54b18b8f34f1e24" );
02158         
02159             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02160             if( 0 == 0 )
02161             {
02162                 hexify( output_str, output, ctx.len );
02163         
02164                 fct_chk( strcasecmp( (char *) output_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" ) == 0 );
02165             }
02166         }
02167         FCT_TEST_END();
02168 
02169 
02170         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_4)
02171         {
02172             unsigned char message_str[1000];
02173             unsigned char output[1000];
02174             unsigned char output_str[1000];
02175             unsigned char rnd_buf[1000];
02176             rsa_context ctx;
02177             size_t msg_len;
02178             rnd_buf_info info;
02179         
02180             info.length = unhexify( rnd_buf, "606f3b99c0b9ccd771eaa29ea0e4c884f3189ccc" );
02181             info.buf = rnd_buf;
02182         
02183             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02184             memset( message_str, 0x00, 1000 );
02185             memset( output, 0x00, 1000 );
02186             memset( output_str, 0x00, 1000 );
02187         
02188             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02189             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02190             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02191         
02192             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02193         
02194             msg_len = unhexify( message_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" );
02195         
02196             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02197             if( 0 == 0 )
02198             {
02199                 hexify( output_str, output, ctx.len );
02200         
02201                 fct_chk( strcasecmp( (char *) output_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" ) == 0 );
02202             }
02203         }
02204         FCT_TEST_END();
02205 
02206 
02207         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_5)
02208         {
02209             unsigned char message_str[1000];
02210             unsigned char output[1000];
02211             unsigned char output_str[1000];
02212             unsigned char rnd_buf[1000];
02213             rsa_context ctx;
02214             size_t msg_len;
02215             rnd_buf_info info;
02216         
02217             info.length = unhexify( rnd_buf, "fcbc421402e9ecabc6082afa40ba5f26522c840e" );
02218             info.buf = rnd_buf;
02219         
02220             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02221             memset( message_str, 0x00, 1000 );
02222             memset( output, 0x00, 1000 );
02223             memset( output_str, 0x00, 1000 );
02224         
02225             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02226             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02227             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02228         
02229             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02230         
02231             msg_len = unhexify( message_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" );
02232         
02233             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02234             if( 0 == 0 )
02235             {
02236                 hexify( output_str, output, ctx.len );
02237         
02238                 fct_chk( strcasecmp( (char *) output_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" ) == 0 );
02239             }
02240         }
02241         FCT_TEST_END();
02242 
02243 
02244         FCT_TEST_BGN(rsaes_oaep_encryption_example_9_6)
02245         {
02246             unsigned char message_str[1000];
02247             unsigned char output[1000];
02248             unsigned char output_str[1000];
02249             unsigned char rnd_buf[1000];
02250             rsa_context ctx;
02251             size_t msg_len;
02252             rnd_buf_info info;
02253         
02254             info.length = unhexify( rnd_buf, "23aade0e1e08bb9b9a78d2302a52f9c21b2e1ba2" );
02255             info.buf = rnd_buf;
02256         
02257             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02258             memset( message_str, 0x00, 1000 );
02259             memset( output, 0x00, 1000 );
02260             memset( output_str, 0x00, 1000 );
02261         
02262             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
02263             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
02264             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02265         
02266             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02267         
02268             msg_len = unhexify( message_str, "b6b28ea2198d0c1008bc64" );
02269         
02270             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02271             if( 0 == 0 )
02272             {
02273                 hexify( output_str, output, ctx.len );
02274         
02275                 fct_chk( strcasecmp( (char *) output_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" ) == 0 );
02276             }
02277         }
02278         FCT_TEST_END();
02279 
02280 
02281         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_1)
02282         {
02283             unsigned char message_str[1000];
02284             unsigned char output[1000];
02285             unsigned char output_str[1000];
02286             unsigned char rnd_buf[1000];
02287             rsa_context ctx;
02288             size_t msg_len;
02289             rnd_buf_info info;
02290         
02291             info.length = unhexify( rnd_buf, "47e1ab7119fee56c95ee5eaad86f40d0aa63bd33" );
02292             info.buf = rnd_buf;
02293         
02294             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02295             memset( message_str, 0x00, 1000 );
02296             memset( output, 0x00, 1000 );
02297             memset( output_str, 0x00, 1000 );
02298         
02299             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02300             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02301             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02302         
02303             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02304         
02305             msg_len = unhexify( message_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" );
02306         
02307             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02308             if( 0 == 0 )
02309             {
02310                 hexify( output_str, output, ctx.len );
02311         
02312                 fct_chk( strcasecmp( (char *) output_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" ) == 0 );
02313             }
02314         }
02315         FCT_TEST_END();
02316 
02317 
02318         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_2)
02319         {
02320             unsigned char message_str[1000];
02321             unsigned char output[1000];
02322             unsigned char output_str[1000];
02323             unsigned char rnd_buf[1000];
02324             rsa_context ctx;
02325             size_t msg_len;
02326             rnd_buf_info info;
02327         
02328             info.length = unhexify( rnd_buf, "6d17f5b4c1ffac351d195bf7b09d09f09a4079cf" );
02329             info.buf = rnd_buf;
02330         
02331             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02332             memset( message_str, 0x00, 1000 );
02333             memset( output, 0x00, 1000 );
02334             memset( output_str, 0x00, 1000 );
02335         
02336             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02337             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02338             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02339         
02340             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02341         
02342             msg_len = unhexify( message_str, "e6ad181f053b58a904f2457510373e57" );
02343         
02344             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02345             if( 0 == 0 )
02346             {
02347                 hexify( output_str, output, ctx.len );
02348         
02349                 fct_chk( strcasecmp( (char *) output_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" ) == 0 );
02350             }
02351         }
02352         FCT_TEST_END();
02353 
02354 
02355         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_3)
02356         {
02357             unsigned char message_str[1000];
02358             unsigned char output[1000];
02359             unsigned char output_str[1000];
02360             unsigned char rnd_buf[1000];
02361             rsa_context ctx;
02362             size_t msg_len;
02363             rnd_buf_info info;
02364         
02365             info.length = unhexify( rnd_buf, "385387514deccc7c740dd8cdf9daee49a1cbfd54" );
02366             info.buf = rnd_buf;
02367         
02368             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02369             memset( message_str, 0x00, 1000 );
02370             memset( output, 0x00, 1000 );
02371             memset( output_str, 0x00, 1000 );
02372         
02373             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02374             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02375             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02376         
02377             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02378         
02379             msg_len = unhexify( message_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" );
02380         
02381             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02382             if( 0 == 0 )
02383             {
02384                 hexify( output_str, output, ctx.len );
02385         
02386                 fct_chk( strcasecmp( (char *) output_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" ) == 0 );
02387             }
02388         }
02389         FCT_TEST_END();
02390 
02391 
02392         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_4)
02393         {
02394             unsigned char message_str[1000];
02395             unsigned char output[1000];
02396             unsigned char output_str[1000];
02397             unsigned char rnd_buf[1000];
02398             rsa_context ctx;
02399             size_t msg_len;
02400             rnd_buf_info info;
02401         
02402             info.length = unhexify( rnd_buf, "5caca6a0f764161a9684f85d92b6e0ef37ca8b65" );
02403             info.buf = rnd_buf;
02404         
02405             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02406             memset( message_str, 0x00, 1000 );
02407             memset( output, 0x00, 1000 );
02408             memset( output_str, 0x00, 1000 );
02409         
02410             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02411             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02412             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02413         
02414             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02415         
02416             msg_len = unhexify( message_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" );
02417         
02418             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02419             if( 0 == 0 )
02420             {
02421                 hexify( output_str, output, ctx.len );
02422         
02423                 fct_chk( strcasecmp( (char *) output_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" ) == 0 );
02424             }
02425         }
02426         FCT_TEST_END();
02427 
02428 
02429         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_5)
02430         {
02431             unsigned char message_str[1000];
02432             unsigned char output[1000];
02433             unsigned char output_str[1000];
02434             unsigned char rnd_buf[1000];
02435             rsa_context ctx;
02436             size_t msg_len;
02437             rnd_buf_info info;
02438         
02439             info.length = unhexify( rnd_buf, "95bca9e3859894b3dd869fa7ecd5bbc6401bf3e4" );
02440             info.buf = rnd_buf;
02441         
02442             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02443             memset( message_str, 0x00, 1000 );
02444             memset( output, 0x00, 1000 );
02445             memset( output_str, 0x00, 1000 );
02446         
02447             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02448             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02449             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02450         
02451             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02452         
02453             msg_len = unhexify( message_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" );
02454         
02455             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02456             if( 0 == 0 )
02457             {
02458                 hexify( output_str, output, ctx.len );
02459         
02460                 fct_chk( strcasecmp( (char *) output_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" ) == 0 );
02461             }
02462         }
02463         FCT_TEST_END();
02464 
02465 
02466         FCT_TEST_BGN(rsaes_oaep_encryption_example_10_6)
02467         {
02468             unsigned char message_str[1000];
02469             unsigned char output[1000];
02470             unsigned char output_str[1000];
02471             unsigned char rnd_buf[1000];
02472             rsa_context ctx;
02473             size_t msg_len;
02474             rnd_buf_info info;
02475         
02476             info.length = unhexify( rnd_buf, "9f47ddf42e97eea856a9bdbc714eb3ac22f6eb32" );
02477             info.buf = rnd_buf;
02478         
02479             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02480             memset( message_str, 0x00, 1000 );
02481             memset( output, 0x00, 1000 );
02482             memset( output_str, 0x00, 1000 );
02483         
02484             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
02485             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
02486             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02487         
02488             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
02489         
02490             msg_len = unhexify( message_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" );
02491         
02492             fct_chk( rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, RSA_PUBLIC, msg_len, message_str, output ) == 0 );
02493             if( 0 == 0 )
02494             {
02495                 hexify( output_str, output, ctx.len );
02496         
02497                 fct_chk( strcasecmp( (char *) output_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" ) == 0 );
02498             }
02499         }
02500         FCT_TEST_END();
02501 
02502 
02503         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_int)
02504         {
02505             unsigned char message_str[1000];
02506             unsigned char output[1000];
02507             unsigned char output_str[1000];
02508             rsa_context ctx;
02509             mpi P1, Q1, H, G;
02510             size_t output_len;
02511         
02512             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02513             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02514         
02515             memset( message_str, 0x00, 1000 );
02516             memset( output, 0x00, 1000 );
02517             memset( output_str, 0x00, 1000 );
02518         
02519             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02520             fct_chk( mpi_read_string( &ctx.P, 16, "eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599" ) == 0 );
02521             fct_chk( mpi_read_string( &ctx.Q, 16, "c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503" ) == 0 );
02522             fct_chk( mpi_read_string( &ctx.N, 16, "bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb" ) == 0 );
02523             fct_chk( mpi_read_string( &ctx.E, 16, "11" ) == 0 );
02524                         
02525             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02526             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02527             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02528             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02529             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02530             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02531             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02532             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02533         
02534             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02535         
02536             unhexify( message_str, "1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955" );
02537         
02538             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02539             if( 0 == 0 )
02540             {
02541                 hexify( output_str, output, ctx.len );
02542         
02543                 fct_chk( strncasecmp( (char *) output_str, "d436e99569fd32a7c8a05bbc90d32c49", strlen( "d436e99569fd32a7c8a05bbc90d32c49" ) ) == 0 );
02544             }
02545         
02546             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02547         }
02548         FCT_TEST_END();
02549 
02550 
02551         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_1)
02552         {
02553             unsigned char message_str[1000];
02554             unsigned char output[1000];
02555             unsigned char output_str[1000];
02556             rsa_context ctx;
02557             mpi P1, Q1, H, G;
02558             size_t output_len;
02559         
02560             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02561             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02562         
02563             memset( message_str, 0x00, 1000 );
02564             memset( output, 0x00, 1000 );
02565             memset( output_str, 0x00, 1000 );
02566         
02567             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02568             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02569             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02570             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02571             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02572                         
02573             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02574             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02575             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02576             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02577             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02578             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02579             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02580             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02581         
02582             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02583         
02584             unhexify( message_str, "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" );
02585         
02586             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02587             if( 0 == 0 )
02588             {
02589                 hexify( output_str, output, ctx.len );
02590         
02591                 fct_chk( strncasecmp( (char *) output_str, "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34", strlen( "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" ) ) == 0 );
02592             }
02593         
02594             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02595         }
02596         FCT_TEST_END();
02597 
02598 
02599         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_2)
02600         {
02601             unsigned char message_str[1000];
02602             unsigned char output[1000];
02603             unsigned char output_str[1000];
02604             rsa_context ctx;
02605             mpi P1, Q1, H, G;
02606             size_t output_len;
02607         
02608             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02609             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02610         
02611             memset( message_str, 0x00, 1000 );
02612             memset( output, 0x00, 1000 );
02613             memset( output_str, 0x00, 1000 );
02614         
02615             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02616             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02617             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02618             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02619             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02620                         
02621             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02622             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02623             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02624             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02625             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02626             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02627             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02628             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02629         
02630             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02631         
02632             unhexify( message_str, "640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44" );
02633         
02634             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02635             if( 0 == 0 )
02636             {
02637                 hexify( output_str, output, ctx.len );
02638         
02639                 fct_chk( strncasecmp( (char *) output_str, "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5", strlen( "750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5" ) ) == 0 );
02640             }
02641         
02642             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02643         }
02644         FCT_TEST_END();
02645 
02646 
02647         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_3)
02648         {
02649             unsigned char message_str[1000];
02650             unsigned char output[1000];
02651             unsigned char output_str[1000];
02652             rsa_context ctx;
02653             mpi P1, Q1, H, G;
02654             size_t output_len;
02655         
02656             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02657             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02658         
02659             memset( message_str, 0x00, 1000 );
02660             memset( output, 0x00, 1000 );
02661             memset( output_str, 0x00, 1000 );
02662         
02663             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02664             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02665             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02666             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02667             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02668                         
02669             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02670             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02671             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02672             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02673             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02674             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02675             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02676             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02677         
02678             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02679         
02680             unhexify( message_str, "423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb" );
02681         
02682             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02683             if( 0 == 0 )
02684             {
02685                 hexify( output_str, output, ctx.len );
02686         
02687                 fct_chk( strncasecmp( (char *) output_str, "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051", strlen( "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" ) ) == 0 );
02688             }
02689         
02690             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02691         }
02692         FCT_TEST_END();
02693 
02694 
02695         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_4)
02696         {
02697             unsigned char message_str[1000];
02698             unsigned char output[1000];
02699             unsigned char output_str[1000];
02700             rsa_context ctx;
02701             mpi P1, Q1, H, G;
02702             size_t output_len;
02703         
02704             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02705             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02706         
02707             memset( message_str, 0x00, 1000 );
02708             memset( output, 0x00, 1000 );
02709             memset( output_str, 0x00, 1000 );
02710         
02711             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02712             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02713             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02714             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02715             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02716                         
02717             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02718             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02719             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02720             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02721             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02722             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02723             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02724             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02725         
02726             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02727         
02728             unhexify( message_str, "45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755" );
02729         
02730             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02731             if( 0 == 0 )
02732             {
02733                 hexify( output_str, output, ctx.len );
02734         
02735                 fct_chk( strncasecmp( (char *) output_str, "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85", strlen( "52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85" ) ) == 0 );
02736             }
02737         
02738             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02739         }
02740         FCT_TEST_END();
02741 
02742 
02743         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_5)
02744         {
02745             unsigned char message_str[1000];
02746             unsigned char output[1000];
02747             unsigned char output_str[1000];
02748             rsa_context ctx;
02749             mpi P1, Q1, H, G;
02750             size_t output_len;
02751         
02752             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02753             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02754         
02755             memset( message_str, 0x00, 1000 );
02756             memset( output, 0x00, 1000 );
02757             memset( output_str, 0x00, 1000 );
02758         
02759             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02760             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02761             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02762             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02763             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02764                         
02765             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02766             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02767             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02768             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02769             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02770             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02771             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02772             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02773         
02774             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02775         
02776             unhexify( message_str, "36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439" );
02777         
02778             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02779             if( 0 == 0 )
02780             {
02781                 hexify( output_str, output, ctx.len );
02782         
02783                 fct_chk( strncasecmp( (char *) output_str, "8da89fd9e5f974a29feffb462b49180f6cf9e802", strlen( "8da89fd9e5f974a29feffb462b49180f6cf9e802" ) ) == 0 );
02784             }
02785         
02786             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02787         }
02788         FCT_TEST_END();
02789 
02790 
02791         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_1_6)
02792         {
02793             unsigned char message_str[1000];
02794             unsigned char output[1000];
02795             unsigned char output_str[1000];
02796             rsa_context ctx;
02797             mpi P1, Q1, H, G;
02798             size_t output_len;
02799         
02800             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02801             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02802         
02803             memset( message_str, 0x00, 1000 );
02804             memset( output, 0x00, 1000 );
02805             memset( output_str, 0x00, 1000 );
02806         
02807             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
02808             fct_chk( mpi_read_string( &ctx.P, 16, "d32737e7267ffe1341b2d5c0d150a81b586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1c11c520c2f26a471dcad212eac7ca39d" ) == 0 );
02809             fct_chk( mpi_read_string( &ctx.Q, 16, "cc8853d1d54da630fac004f471f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0dd852be2419b2af72bfe9a030e860b0288b5d77" ) == 0 );
02810             fct_chk( mpi_read_string( &ctx.N, 16, "a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb" ) == 0 );
02811             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02812                         
02813             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02814             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02815             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02816             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02817             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02818             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02819             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02820             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02821         
02822             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02823         
02824             unhexify( message_str, "42cee2617b1ecea4db3f4829386fbd61dafbf038e180d837c96366df24c097b4ab0fac6bdf590d821c9f10642e681ad05b8d78b378c0f46ce2fad63f74e0ad3df06b075d7eb5f5636f8d403b9059ca761b5c62bb52aa45002ea70baace08ded243b9d8cbd62a68ade265832b56564e43a6fa42ed199a099769742df1539e8255" );
02825         
02826             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02827             if( 0 == 0 )
02828             {
02829                 hexify( output_str, output, ctx.len );
02830         
02831                 fct_chk( strncasecmp( (char *) output_str, "26521050844271", strlen( "26521050844271" ) ) == 0 );
02832             }
02833         
02834             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02835         }
02836         FCT_TEST_END();
02837 
02838 
02839         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_1)
02840         {
02841             unsigned char message_str[1000];
02842             unsigned char output[1000];
02843             unsigned char output_str[1000];
02844             rsa_context ctx;
02845             mpi P1, Q1, H, G;
02846             size_t output_len;
02847         
02848             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02849             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02850         
02851             memset( message_str, 0x00, 1000 );
02852             memset( output, 0x00, 1000 );
02853             memset( output_str, 0x00, 1000 );
02854         
02855             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
02856             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
02857             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
02858             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
02859             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02860                         
02861             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02862             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02863             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02864             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02865             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02866             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02867             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02868             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02869         
02870             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02871         
02872             unhexify( message_str, "0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e" );
02873         
02874             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02875             if( 0 == 0 )
02876             {
02877                 hexify( output_str, output, ctx.len );
02878         
02879                 fct_chk( strncasecmp( (char *) output_str, "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7", strlen( "8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7" ) ) == 0 );
02880             }
02881         
02882             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02883         }
02884         FCT_TEST_END();
02885 
02886 
02887         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_2)
02888         {
02889             unsigned char message_str[1000];
02890             unsigned char output[1000];
02891             unsigned char output_str[1000];
02892             rsa_context ctx;
02893             mpi P1, Q1, H, G;
02894             size_t output_len;
02895         
02896             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02897             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02898         
02899             memset( message_str, 0x00, 1000 );
02900             memset( output, 0x00, 1000 );
02901             memset( output_str, 0x00, 1000 );
02902         
02903             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
02904             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
02905             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
02906             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
02907             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02908                         
02909             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02910             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02911             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02912             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02913             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02914             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02915             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02916             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02917         
02918             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02919         
02920             unhexify( message_str, "018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245" );
02921         
02922             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02923             if( 0 == 0 )
02924             {
02925                 hexify( output_str, output, ctx.len );
02926         
02927                 fct_chk( strncasecmp( (char *) output_str, "2d", strlen( "2d" ) ) == 0 );
02928             }
02929         
02930             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02931         }
02932         FCT_TEST_END();
02933 
02934 
02935         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_3)
02936         {
02937             unsigned char message_str[1000];
02938             unsigned char output[1000];
02939             unsigned char output_str[1000];
02940             rsa_context ctx;
02941             mpi P1, Q1, H, G;
02942             size_t output_len;
02943         
02944             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02945             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02946         
02947             memset( message_str, 0x00, 1000 );
02948             memset( output, 0x00, 1000 );
02949             memset( output_str, 0x00, 1000 );
02950         
02951             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
02952             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
02953             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
02954             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
02955             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
02956                         
02957             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
02958             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
02959             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
02960             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
02961             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
02962             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
02963             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
02964             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
02965         
02966             fct_chk( rsa_check_privkey( &ctx ) == 0 );
02967         
02968             unhexify( message_str, "018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053" );
02969         
02970             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
02971             if( 0 == 0 )
02972             {
02973                 hexify( output_str, output, ctx.len );
02974         
02975                 fct_chk( strncasecmp( (char *) output_str, "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e", strlen( "74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e" ) ) == 0 );
02976             }
02977         
02978             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
02979         }
02980         FCT_TEST_END();
02981 
02982 
02983         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_4)
02984         {
02985             unsigned char message_str[1000];
02986             unsigned char output[1000];
02987             unsigned char output_str[1000];
02988             rsa_context ctx;
02989             mpi P1, Q1, H, G;
02990             size_t output_len;
02991         
02992             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
02993             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
02994         
02995             memset( message_str, 0x00, 1000 );
02996             memset( output, 0x00, 1000 );
02997             memset( output_str, 0x00, 1000 );
02998         
02999             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
03000             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
03001             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
03002             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
03003             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03004                         
03005             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03006             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03007             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03008             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03009             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03010             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03011             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03012             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03013         
03014             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03015         
03016             unhexify( message_str, "00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641" );
03017         
03018             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03019             if( 0 == 0 )
03020             {
03021                 hexify( output_str, output, ctx.len );
03022         
03023                 fct_chk( strncasecmp( (char *) output_str, "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a", strlen( "a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a" ) ) == 0 );
03024             }
03025         
03026             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03027         }
03028         FCT_TEST_END();
03029 
03030 
03031         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_5)
03032         {
03033             unsigned char message_str[1000];
03034             unsigned char output[1000];
03035             unsigned char output_str[1000];
03036             rsa_context ctx;
03037             mpi P1, Q1, H, G;
03038             size_t output_len;
03039         
03040             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03041             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03042         
03043             memset( message_str, 0x00, 1000 );
03044             memset( output, 0x00, 1000 );
03045             memset( output_str, 0x00, 1000 );
03046         
03047             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
03048             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
03049             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
03050             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
03051             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03052                         
03053             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03054             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03055             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03056             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03057             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03058             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03059             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03060             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03061         
03062             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03063         
03064             unhexify( message_str, "00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec" );
03065         
03066             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03067             if( 0 == 0 )
03068             {
03069                 hexify( output_str, output, ctx.len );
03070         
03071                 fct_chk( strncasecmp( (char *) output_str, "2ef2b066f854c33f3bdcbb5994a435e73d6c6c", strlen( "2ef2b066f854c33f3bdcbb5994a435e73d6c6c" ) ) == 0 );
03072             }
03073         
03074             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03075         }
03076         FCT_TEST_END();
03077 
03078 
03079         FCT_TEST_BGN(rsaes_oaep_decryption_test_vector_2_6)
03080         {
03081             unsigned char message_str[1000];
03082             unsigned char output[1000];
03083             unsigned char output_str[1000];
03084             rsa_context ctx;
03085             mpi P1, Q1, H, G;
03086             size_t output_len;
03087         
03088             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03089             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03090         
03091             memset( message_str, 0x00, 1000 );
03092             memset( output, 0x00, 1000 );
03093             memset( output_str, 0x00, 1000 );
03094         
03095             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
03096             fct_chk( mpi_read_string( &ctx.P, 16, "0159dbde04a33ef06fb608b80b190f4d3e22bcc13ac8e4a081033abfa416edb0b338aa08b57309ea5a5240e7dc6e54378c69414c31d97ddb1f406db3769cc41a43" ) == 0 );
03097             fct_chk( mpi_read_string( &ctx.Q, 16, "012b652f30403b38b40995fd6ff41a1acc8ada70373236b7202d39b2ee30cfb46db09511f6f307cc61cc21606c18a75b8a62f822df031ba0df0dafd5506f568bd7" ) == 0 );
03098             fct_chk( mpi_read_string( &ctx.N, 16, "01947c7fce90425f47279e70851f25d5e62316fe8a1df19371e3e628e260543e4901ef6081f68c0b8141190d2ae8daba7d1250ec6db636e944ec3722877c7c1d0a67f14b1694c5f0379451a43e49a32dde83670b73da91a1c99bc23b436a60055c610f0baf99c1a079565b95a3f1526632d1d4da60f20eda25e653c4f002766f45" ) == 0 );
03099             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03100                         
03101             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03102             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03103             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03104             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03105             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03106             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03107             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03108             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03109         
03110             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03111         
03112             unhexify( message_str, "010839ec20c27b9052e55befb9b77e6fc26e9075d7a54378c646abdf51e445bd5715de81789f56f1803d9170764a9e93cb78798694023ee7393ce04bc5d8f8c5a52c171d43837e3aca62f609eb0aa5ffb0960ef04198dd754f57f7fbe6abf765cf118b4ca443b23b5aab266f952326ac4581100644325f8b721acd5d04ff14ef3a" );
03113         
03114             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03115             if( 0 == 0 )
03116             {
03117                 hexify( output_str, output, ctx.len );
03118         
03119                 fct_chk( strncasecmp( (char *) output_str, "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0", strlen( "8a7fb344c8b6cb2cf2ef1f643f9a3218f6e19bba89c0" ) ) == 0 );
03120             }
03121         
03122             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03123         }
03124         FCT_TEST_END();
03125 
03126 
03127         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_1)
03128         {
03129             unsigned char message_str[1000];
03130             unsigned char output[1000];
03131             unsigned char output_str[1000];
03132             rsa_context ctx;
03133             mpi P1, Q1, H, G;
03134             size_t output_len;
03135         
03136             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03137             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03138         
03139             memset( message_str, 0x00, 1000 );
03140             memset( output, 0x00, 1000 );
03141             memset( output_str, 0x00, 1000 );
03142         
03143             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03144             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03145             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03146             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03147             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03148                         
03149             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03150             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03151             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03152             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03153             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03154             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03155             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03156             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03157         
03158             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03159         
03160             unhexify( message_str, "026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80" );
03161         
03162             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03163             if( 0 == 0 )
03164             {
03165                 hexify( output_str, output, ctx.len );
03166         
03167                 fct_chk( strncasecmp( (char *) output_str, "087820b569e8fa8d", strlen( "087820b569e8fa8d" ) ) == 0 );
03168             }
03169         
03170             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03171         }
03172         FCT_TEST_END();
03173 
03174 
03175         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_2)
03176         {
03177             unsigned char message_str[1000];
03178             unsigned char output[1000];
03179             unsigned char output_str[1000];
03180             rsa_context ctx;
03181             mpi P1, Q1, H, G;
03182             size_t output_len;
03183         
03184             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03185             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03186         
03187             memset( message_str, 0x00, 1000 );
03188             memset( output, 0x00, 1000 );
03189             memset( output_str, 0x00, 1000 );
03190         
03191             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03192             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03193             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03194             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03195             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03196                         
03197             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03198             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03199             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03200             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03201             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03202             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03203             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03204             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03205         
03206             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03207         
03208             unhexify( message_str, "024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5" );
03209         
03210             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03211             if( 0 == 0 )
03212             {
03213                 hexify( output_str, output, ctx.len );
03214         
03215                 fct_chk( strncasecmp( (char *) output_str, "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04", strlen( "4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04" ) ) == 0 );
03216             }
03217         
03218             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03219         }
03220         FCT_TEST_END();
03221 
03222 
03223         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_3)
03224         {
03225             unsigned char message_str[1000];
03226             unsigned char output[1000];
03227             unsigned char output_str[1000];
03228             rsa_context ctx;
03229             mpi P1, Q1, H, G;
03230             size_t output_len;
03231         
03232             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03233             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03234         
03235             memset( message_str, 0x00, 1000 );
03236             memset( output, 0x00, 1000 );
03237             memset( output_str, 0x00, 1000 );
03238         
03239             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03240             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03241             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03242             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03243             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03244                         
03245             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03246             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03247             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03248             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03249             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03250             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03251             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03252             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03253         
03254             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03255         
03256             unhexify( message_str, "0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a" );
03257         
03258             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03259             if( 0 == 0 )
03260             {
03261                 hexify( output_str, output, ctx.len );
03262         
03263                 fct_chk( strncasecmp( (char *) output_str, "d94cd0e08fa404ed89", strlen( "d94cd0e08fa404ed89" ) ) == 0 );
03264             }
03265         
03266             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03267         }
03268         FCT_TEST_END();
03269 
03270 
03271         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_4)
03272         {
03273             unsigned char message_str[1000];
03274             unsigned char output[1000];
03275             unsigned char output_str[1000];
03276             rsa_context ctx;
03277             mpi P1, Q1, H, G;
03278             size_t output_len;
03279         
03280             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03281             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03282         
03283             memset( message_str, 0x00, 1000 );
03284             memset( output, 0x00, 1000 );
03285             memset( output_str, 0x00, 1000 );
03286         
03287             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03288             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03289             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03290             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03291             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03292                         
03293             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03294             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03295             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03296             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03297             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03298             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03299             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03300             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03301         
03302             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03303         
03304             unhexify( message_str, "02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0" );
03305         
03306             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03307             if( 0 == 0 )
03308             {
03309                 hexify( output_str, output, ctx.len );
03310         
03311                 fct_chk( strncasecmp( (char *) output_str, "6cc641b6b61e6f963974dad23a9013284ef1", strlen( "6cc641b6b61e6f963974dad23a9013284ef1" ) ) == 0 );
03312             }
03313         
03314             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03315         }
03316         FCT_TEST_END();
03317 
03318 
03319         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_5)
03320         {
03321             unsigned char message_str[1000];
03322             unsigned char output[1000];
03323             unsigned char output_str[1000];
03324             rsa_context ctx;
03325             mpi P1, Q1, H, G;
03326             size_t output_len;
03327         
03328             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03329             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03330         
03331             memset( message_str, 0x00, 1000 );
03332             memset( output, 0x00, 1000 );
03333             memset( output_str, 0x00, 1000 );
03334         
03335             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03336             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03337             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03338             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03339             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03340                         
03341             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03342             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03343             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03344             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03345             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03346             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03347             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03348             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03349         
03350             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03351         
03352             unhexify( message_str, "0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60" );
03353         
03354             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03355             if( 0 == 0 )
03356             {
03357                 hexify( output_str, output, ctx.len );
03358         
03359                 fct_chk( strncasecmp( (char *) output_str, "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223", strlen( "df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223" ) ) == 0 );
03360             }
03361         
03362             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03363         }
03364         FCT_TEST_END();
03365 
03366 
03367         FCT_TEST_BGN(rsaes_oaep_decryption_example_3_6)
03368         {
03369             unsigned char message_str[1000];
03370             unsigned char output[1000];
03371             unsigned char output_str[1000];
03372             rsa_context ctx;
03373             mpi P1, Q1, H, G;
03374             size_t output_len;
03375         
03376             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03377             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03378         
03379             memset( message_str, 0x00, 1000 );
03380             memset( output, 0x00, 1000 );
03381             memset( output_str, 0x00, 1000 );
03382         
03383             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
03384             fct_chk( mpi_read_string( &ctx.P, 16, "01bf01d216d73595cf0270c2beb78d40a0d8447d31da919a983f7eea781b77d85fe371b3e9373e7b69217d3150a02d8958de7fad9d555160958b4454127e0e7eaf" ) == 0 );
03385             fct_chk( mpi_read_string( &ctx.Q, 16, "018d3399658166db3829816d7b295416759e9c91987f5b2d8aecd63b04b48bd7b2fcf229bb7f8a6dc88ba13dd2e39ad55b6d1a06160708f9700be80b8fd3744ce7" ) == 0 );
03386             fct_chk( mpi_read_string( &ctx.N, 16, "02b58fec039a860700a4d7b6462f93e6cdd491161ddd74f4e810b40e3c1652006a5c277b2774c11305a4cbab5a78efa57e17a86df7a3fa36fc4b1d2249f22ec7c2dd6a463232accea906d66ebe80b5704b10729da6f833234abb5efdd4a292cbfad33b4d33fa7a14b8c397b56e3acd21203428b77cdfa33a6da706b3d8b0fc43e9" ) == 0 );
03387             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03388                         
03389             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03390             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03391             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03392             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03393             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03394             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03395             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03396             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03397         
03398             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03399         
03400             unhexify( message_str, "00112051e75d064943bc4478075e43482fd59cee0679de6893eec3a943daa490b9691c93dfc0464b6623b9f3dbd3e70083264f034b374f74164e1a00763725e574744ba0b9db83434f31df96f6e2a26f6d8eba348bd4686c2238ac07c37aac3785d1c7eea2f819fd91491798ed8e9cef5e43b781b0e0276e37c43ff9492d005730" );
03401         
03402             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03403             if( 0 == 0 )
03404             {
03405                 hexify( output_str, output, ctx.len );
03406         
03407                 fct_chk( strncasecmp( (char *) output_str, "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1", strlen( "3c3bad893c544a6d520ab022319188c8d504b7a788b850903b85972eaa18552e1134a7ad6098826254ff7ab672b3d8eb3158fac6d4cbaef1" ) ) == 0 );
03408             }
03409         
03410             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03411         }
03412         FCT_TEST_END();
03413 
03414 
03415         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_1)
03416         {
03417             unsigned char message_str[1000];
03418             unsigned char output[1000];
03419             unsigned char output_str[1000];
03420             rsa_context ctx;
03421             mpi P1, Q1, H, G;
03422             size_t output_len;
03423         
03424             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03425             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03426         
03427             memset( message_str, 0x00, 1000 );
03428             memset( output, 0x00, 1000 );
03429             memset( output_str, 0x00, 1000 );
03430         
03431             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03432             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03433             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03434             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03435             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03436                         
03437             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03438             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03439             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03440             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03441             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03442             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03443             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03444             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03445         
03446             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03447         
03448             unhexify( message_str, "04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8" );
03449         
03450             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03451             if( 0 == 0 )
03452             {
03453                 hexify( output_str, output, ctx.len );
03454         
03455                 fct_chk( strncasecmp( (char *) output_str, "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2", strlen( "4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2" ) ) == 0 );
03456             }
03457         
03458             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03459         }
03460         FCT_TEST_END();
03461 
03462 
03463         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_2)
03464         {
03465             unsigned char message_str[1000];
03466             unsigned char output[1000];
03467             unsigned char output_str[1000];
03468             rsa_context ctx;
03469             mpi P1, Q1, H, G;
03470             size_t output_len;
03471         
03472             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03473             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03474         
03475             memset( message_str, 0x00, 1000 );
03476             memset( output, 0x00, 1000 );
03477             memset( output_str, 0x00, 1000 );
03478         
03479             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03480             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03481             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03482             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03483             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03484                         
03485             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03486             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03487             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03488             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03489             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03490             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03491             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03492             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03493         
03494             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03495         
03496             unhexify( message_str, "0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e" );
03497         
03498             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03499             if( 0 == 0 )
03500             {
03501                 hexify( output_str, output, ctx.len );
03502         
03503                 fct_chk( strncasecmp( (char *) output_str, "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8", strlen( "b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8" ) ) == 0 );
03504             }
03505         
03506             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03507         }
03508         FCT_TEST_END();
03509 
03510 
03511         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_3)
03512         {
03513             unsigned char message_str[1000];
03514             unsigned char output[1000];
03515             unsigned char output_str[1000];
03516             rsa_context ctx;
03517             mpi P1, Q1, H, G;
03518             size_t output_len;
03519         
03520             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03521             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03522         
03523             memset( message_str, 0x00, 1000 );
03524             memset( output, 0x00, 1000 );
03525             memset( output_str, 0x00, 1000 );
03526         
03527             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03528             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03529             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03530             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03531             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03532                         
03533             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03534             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03535             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03536             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03537             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03538             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03539             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03540             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03541         
03542             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03543         
03544             unhexify( message_str, "0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065" );
03545         
03546             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03547             if( 0 == 0 )
03548             {
03549                 hexify( output_str, output, ctx.len );
03550         
03551                 fct_chk( strncasecmp( (char *) output_str, "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99", strlen( "bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99" ) ) == 0 );
03552             }
03553         
03554             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03555         }
03556         FCT_TEST_END();
03557 
03558 
03559         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_4)
03560         {
03561             unsigned char message_str[1000];
03562             unsigned char output[1000];
03563             unsigned char output_str[1000];
03564             rsa_context ctx;
03565             mpi P1, Q1, H, G;
03566             size_t output_len;
03567         
03568             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03569             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03570         
03571             memset( message_str, 0x00, 1000 );
03572             memset( output, 0x00, 1000 );
03573             memset( output_str, 0x00, 1000 );
03574         
03575             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03576             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03577             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03578             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03579             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03580                         
03581             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03582             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03583             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03584             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03585             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03586             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03587             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03588             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03589         
03590             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03591         
03592             unhexify( message_str, "02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4" );
03593         
03594             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03595             if( 0 == 0 )
03596             {
03597                 hexify( output_str, output, ctx.len );
03598         
03599                 fct_chk( strncasecmp( (char *) output_str, "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e", strlen( "fb2ef112f5e766eb94019297934794f7be2f6fc1c58e" ) ) == 0 );
03600             }
03601         
03602             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03603         }
03604         FCT_TEST_END();
03605 
03606 
03607         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_5)
03608         {
03609             unsigned char message_str[1000];
03610             unsigned char output[1000];
03611             unsigned char output_str[1000];
03612             rsa_context ctx;
03613             mpi P1, Q1, H, G;
03614             size_t output_len;
03615         
03616             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03617             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03618         
03619             memset( message_str, 0x00, 1000 );
03620             memset( output, 0x00, 1000 );
03621             memset( output_str, 0x00, 1000 );
03622         
03623             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03624             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03625             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03626             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03627             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03628                         
03629             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03630             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03631             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03632             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03633             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03634             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03635             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03636             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03637         
03638             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03639         
03640             unhexify( message_str, "00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2" );
03641         
03642             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03643             if( 0 == 0 )
03644             {
03645                 hexify( output_str, output, ctx.len );
03646         
03647                 fct_chk( strncasecmp( (char *) output_str, "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284", strlen( "28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284" ) ) == 0 );
03648             }
03649         
03650             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03651         }
03652         FCT_TEST_END();
03653 
03654 
03655         FCT_TEST_BGN(rsaes_oaep_decryption_example_4_6)
03656         {
03657             unsigned char message_str[1000];
03658             unsigned char output[1000];
03659             unsigned char output_str[1000];
03660             rsa_context ctx;
03661             mpi P1, Q1, H, G;
03662             size_t output_len;
03663         
03664             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03665             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03666         
03667             memset( message_str, 0x00, 1000 );
03668             memset( output, 0x00, 1000 );
03669             memset( output_str, 0x00, 1000 );
03670         
03671             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
03672             fct_chk( mpi_read_string( &ctx.P, 16, "027458c19ec1636919e736c9af25d609a51b8f561d19c6bf6943dd1ee1ab8a4a3f232100bd40b88decc6ba235548b6ef792a11c9de823d0a7922c7095b6eba5701" ) == 0 );
03673             fct_chk( mpi_read_string( &ctx.Q, 16, "0210ee9b33ab61716e27d251bd465f4b35a1a232e2da00901c294bf22350ce490d099f642b5375612db63ba1f20386492bf04d34b3c22bceb909d13441b53b5139" ) == 0 );
03674             fct_chk( mpi_read_string( &ctx.N, 16, "051240b6cc0004fa48d0134671c078c7c8dec3b3e2f25bc2564467339db38853d06b85eea5b2de353bff42ac2e46bc97fae6ac9618da9537a5c8f553c1e357625991d6108dcd7885fb3a25413f53efcad948cb35cd9b9ae9c1c67626d113d57dde4c5bea76bb5bb7de96c00d07372e9685a6d75cf9d239fa148d70931b5f3fb039" ) == 0 );
03675             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03676                         
03677             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03678             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03679             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03680             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03681             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03682             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03683             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03684             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03685         
03686             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03687         
03688             unhexify( message_str, "00a5ffa4768c8bbecaee2db77e8f2eec99595933545520835e5ba7db9493d3e17cddefe6a5f567624471908db4e2d83a0fbee60608fc84049503b2234a07dc83b27b22847ad8920ff42f674ef79b76280b00233d2b51b8cb2703a9d42bfbc8250c96ec32c051e57f1b4ba528db89c37e4c54e27e6e64ac69635ae887d9541619a9" );
03689         
03690             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03691             if( 0 == 0 )
03692             {
03693                 hexify( output_str, output, ctx.len );
03694         
03695                 fct_chk( strncasecmp( (char *) output_str, "f22242751ec6b1", strlen( "f22242751ec6b1" ) ) == 0 );
03696             }
03697         
03698             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03699         }
03700         FCT_TEST_END();
03701 
03702 
03703         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_1)
03704         {
03705             unsigned char message_str[1000];
03706             unsigned char output[1000];
03707             unsigned char output_str[1000];
03708             rsa_context ctx;
03709             mpi P1, Q1, H, G;
03710             size_t output_len;
03711         
03712             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03713             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03714         
03715             memset( message_str, 0x00, 1000 );
03716             memset( output, 0x00, 1000 );
03717             memset( output_str, 0x00, 1000 );
03718         
03719             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03720             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03721             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03722             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03723             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03724                         
03725             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03726             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03727             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03728             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03729             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03730             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03731             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03732             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03733         
03734             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03735         
03736             unhexify( message_str, "036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5" );
03737         
03738             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03739             if( 0 == 0 )
03740             {
03741                 hexify( output_str, output, ctx.len );
03742         
03743                 fct_chk( strncasecmp( (char *) output_str, "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8", strlen( "af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8" ) ) == 0 );
03744             }
03745         
03746             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03747         }
03748         FCT_TEST_END();
03749 
03750 
03751         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_2)
03752         {
03753             unsigned char message_str[1000];
03754             unsigned char output[1000];
03755             unsigned char output_str[1000];
03756             rsa_context ctx;
03757             mpi P1, Q1, H, G;
03758             size_t output_len;
03759         
03760             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03761             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03762         
03763             memset( message_str, 0x00, 1000 );
03764             memset( output, 0x00, 1000 );
03765             memset( output_str, 0x00, 1000 );
03766         
03767             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03768             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03769             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03770             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03771             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03772                         
03773             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03774             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03775             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03776             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03777             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03778             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03779             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03780             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03781         
03782             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03783         
03784             unhexify( message_str, "03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad" );
03785         
03786             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03787             if( 0 == 0 )
03788             {
03789                 hexify( output_str, output, ctx.len );
03790         
03791                 fct_chk( strncasecmp( (char *) output_str, "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399", strlen( "a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399" ) ) == 0 );
03792             }
03793         
03794             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03795         }
03796         FCT_TEST_END();
03797 
03798 
03799         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_3)
03800         {
03801             unsigned char message_str[1000];
03802             unsigned char output[1000];
03803             unsigned char output_str[1000];
03804             rsa_context ctx;
03805             mpi P1, Q1, H, G;
03806             size_t output_len;
03807         
03808             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03809             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03810         
03811             memset( message_str, 0x00, 1000 );
03812             memset( output, 0x00, 1000 );
03813             memset( output_str, 0x00, 1000 );
03814         
03815             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03816             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03817             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03818             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03819             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03820                         
03821             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03822             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03823             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03824             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03825             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03826             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03827             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03828             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03829         
03830             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03831         
03832             unhexify( message_str, "0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967" );
03833         
03834             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03835             if( 0 == 0 )
03836             {
03837                 hexify( output_str, output, ctx.len );
03838         
03839                 fct_chk( strncasecmp( (char *) output_str, "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7", strlen( "308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7" ) ) == 0 );
03840             }
03841         
03842             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03843         }
03844         FCT_TEST_END();
03845 
03846 
03847         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_4)
03848         {
03849             unsigned char message_str[1000];
03850             unsigned char output[1000];
03851             unsigned char output_str[1000];
03852             rsa_context ctx;
03853             mpi P1, Q1, H, G;
03854             size_t output_len;
03855         
03856             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03857             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03858         
03859             memset( message_str, 0x00, 1000 );
03860             memset( output, 0x00, 1000 );
03861             memset( output_str, 0x00, 1000 );
03862         
03863             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03864             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03865             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03866             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03867             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03868                         
03869             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03870             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03871             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03872             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03873             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03874             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03875             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03876             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03877         
03878             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03879         
03880             unhexify( message_str, "0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf" );
03881         
03882             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03883             if( 0 == 0 )
03884             {
03885                 hexify( output_str, output, ctx.len );
03886         
03887                 fct_chk( strncasecmp( (char *) output_str, "15c5b9ee1185", strlen( "15c5b9ee1185" ) ) == 0 );
03888             }
03889         
03890             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03891         }
03892         FCT_TEST_END();
03893 
03894 
03895         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_5)
03896         {
03897             unsigned char message_str[1000];
03898             unsigned char output[1000];
03899             unsigned char output_str[1000];
03900             rsa_context ctx;
03901             mpi P1, Q1, H, G;
03902             size_t output_len;
03903         
03904             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03905             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03906         
03907             memset( message_str, 0x00, 1000 );
03908             memset( output, 0x00, 1000 );
03909             memset( output_str, 0x00, 1000 );
03910         
03911             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03912             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03913             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03914             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03915             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03916                         
03917             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03918             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03919             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03920             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03921             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03922             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03923             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03924             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03925         
03926             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03927         
03928             unhexify( message_str, "07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723" );
03929         
03930             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03931             if( 0 == 0 )
03932             {
03933                 hexify( output_str, output, ctx.len );
03934         
03935                 fct_chk( strncasecmp( (char *) output_str, "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a", strlen( "21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a" ) ) == 0 );
03936             }
03937         
03938             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03939         }
03940         FCT_TEST_END();
03941 
03942 
03943         FCT_TEST_BGN(rsaes_oaep_decryption_example_5_6)
03944         {
03945             unsigned char message_str[1000];
03946             unsigned char output[1000];
03947             unsigned char output_str[1000];
03948             rsa_context ctx;
03949             mpi P1, Q1, H, G;
03950             size_t output_len;
03951         
03952             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
03953             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
03954         
03955             memset( message_str, 0x00, 1000 );
03956             memset( output, 0x00, 1000 );
03957             memset( output_str, 0x00, 1000 );
03958         
03959             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
03960             fct_chk( mpi_read_string( &ctx.P, 16, "03b0d3962f6d17549cbfca11294348dcf0e7e39f8c2bc6824f2164b606d687860dae1e632393cfedf513228229069e2f60e4acd7e633a436063f82385f48993707" ) == 0 );
03961             fct_chk( mpi_read_string( &ctx.Q, 16, "02e4c32e2f517269b7072309f00c0e31365f7ce28b236b82912df239abf39572cf0ed604b02982e53564c52d6a05397de5c052a2fddc141ef7189836346aeb331f" ) == 0 );
03962             fct_chk( mpi_read_string( &ctx.N, 16, "0aadf3f9c125e5d891f31ac448e993defe580f802b45f9d7f22ba5021e9c47576b5a1e68031ba9db4e6dabe4d96a1d6f3d267268cff408005f118efcadb99888d1c234467166b2a2b849a05a889c060ac0da0c5fae8b55f309ba62e703742fa0326f2d10b011021489ff497770190d895fd39f52293c39efd73a698bdab9f10ed9" ) == 0 );
03963             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
03964                         
03965             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
03966             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
03967             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
03968             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
03969             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
03970             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
03971             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
03972             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
03973         
03974             fct_chk( rsa_check_privkey( &ctx ) == 0 );
03975         
03976             unhexify( message_str, "08c36d4dda33423b2ed6830d85f6411ba1dcf470a1fae0ebefee7c089f256cef74cb96ea69c38f60f39abee44129bcb4c92de7f797623b20074e3d9c2899701ed9071e1efa0bdd84d4c3e5130302d8f0240baba4b84a71cc032f2235a5ff0fae277c3e8f9112bef44c9ae20d175fc9a4058bfc930ba31b02e2e4f444483710f24a" );
03977         
03978             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
03979             if( 0 == 0 )
03980             {
03981                 hexify( output_str, output, ctx.len );
03982         
03983                 fct_chk( strncasecmp( (char *) output_str, "541e37b68b6c8872b84c02", strlen( "541e37b68b6c8872b84c02" ) ) == 0 );
03984             }
03985         
03986             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
03987         }
03988         FCT_TEST_END();
03989 
03990 
03991         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_1)
03992         {
03993             unsigned char message_str[1000];
03994             unsigned char output[1000];
03995             unsigned char output_str[1000];
03996             rsa_context ctx;
03997             mpi P1, Q1, H, G;
03998             size_t output_len;
03999         
04000             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04001             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04002         
04003             memset( message_str, 0x00, 1000 );
04004             memset( output, 0x00, 1000 );
04005             memset( output_str, 0x00, 1000 );
04006         
04007             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04008             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04009             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04010             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04011             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04012                         
04013             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04014             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04015             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04016             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04017             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04018             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04019             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04020             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04021         
04022             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04023         
04024             unhexify( message_str, "0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3" );
04025         
04026             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04027             if( 0 == 0 )
04028             {
04029                 hexify( output_str, output, ctx.len );
04030         
04031                 fct_chk( strncasecmp( (char *) output_str, "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4", strlen( "4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4" ) ) == 0 );
04032             }
04033         
04034             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04035         }
04036         FCT_TEST_END();
04037 
04038 
04039         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_2)
04040         {
04041             unsigned char message_str[1000];
04042             unsigned char output[1000];
04043             unsigned char output_str[1000];
04044             rsa_context ctx;
04045             mpi P1, Q1, H, G;
04046             size_t output_len;
04047         
04048             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04049             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04050         
04051             memset( message_str, 0x00, 1000 );
04052             memset( output, 0x00, 1000 );
04053             memset( output_str, 0x00, 1000 );
04054         
04055             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04056             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04057             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04058             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04059             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04060                         
04061             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04062             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04063             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04064             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04065             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04066             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04067             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04068             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04069         
04070             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04071         
04072             unhexify( message_str, "0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f" );
04073         
04074             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04075             if( 0 == 0 )
04076             {
04077                 hexify( output_str, output, ctx.len );
04078         
04079                 fct_chk( strncasecmp( (char *) output_str, "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7", strlen( "5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7" ) ) == 0 );
04080             }
04081         
04082             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04083         }
04084         FCT_TEST_END();
04085 
04086 
04087         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_3)
04088         {
04089             unsigned char message_str[1000];
04090             unsigned char output[1000];
04091             unsigned char output_str[1000];
04092             rsa_context ctx;
04093             mpi P1, Q1, H, G;
04094             size_t output_len;
04095         
04096             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04097             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04098         
04099             memset( message_str, 0x00, 1000 );
04100             memset( output, 0x00, 1000 );
04101             memset( output_str, 0x00, 1000 );
04102         
04103             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04104             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04105             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04106             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04107             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04108                         
04109             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04110             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04111             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04112             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04113             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04114             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04115             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04116             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04117         
04118             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04119         
04120             unhexify( message_str, "0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65" );
04121         
04122             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04123             if( 0 == 0 )
04124             {
04125                 hexify( output_str, output, ctx.len );
04126         
04127                 fct_chk( strncasecmp( (char *) output_str, "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c", strlen( "b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c" ) ) == 0 );
04128             }
04129         
04130             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04131         }
04132         FCT_TEST_END();
04133 
04134 
04135         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_4)
04136         {
04137             unsigned char message_str[1000];
04138             unsigned char output[1000];
04139             unsigned char output_str[1000];
04140             rsa_context ctx;
04141             mpi P1, Q1, H, G;
04142             size_t output_len;
04143         
04144             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04145             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04146         
04147             memset( message_str, 0x00, 1000 );
04148             memset( output, 0x00, 1000 );
04149             memset( output_str, 0x00, 1000 );
04150         
04151             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04152             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04153             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04154             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04155             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04156                         
04157             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04158             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04159             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04160             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04161             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04162             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04163             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04164             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04165         
04166             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04167         
04168             unhexify( message_str, "008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8" );
04169         
04170             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04171             if( 0 == 0 )
04172             {
04173                 hexify( output_str, output, ctx.len );
04174         
04175                 fct_chk( strncasecmp( (char *) output_str, "684e3038c5c041f7", strlen( "684e3038c5c041f7" ) ) == 0 );
04176             }
04177         
04178             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04179         }
04180         FCT_TEST_END();
04181 
04182 
04183         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_5)
04184         {
04185             unsigned char message_str[1000];
04186             unsigned char output[1000];
04187             unsigned char output_str[1000];
04188             rsa_context ctx;
04189             mpi P1, Q1, H, G;
04190             size_t output_len;
04191         
04192             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04193             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04194         
04195             memset( message_str, 0x00, 1000 );
04196             memset( output, 0x00, 1000 );
04197             memset( output_str, 0x00, 1000 );
04198         
04199             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04200             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04201             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04202             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04203             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04204                         
04205             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04206             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04207             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04208             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04209             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04210             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04211             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04212             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04213         
04214             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04215         
04216             unhexify( message_str, "00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab" );
04217         
04218             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04219             if( 0 == 0 )
04220             {
04221                 hexify( output_str, output, ctx.len );
04222         
04223                 fct_chk( strncasecmp( (char *) output_str, "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693", strlen( "32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693" ) ) == 0 );
04224             }
04225         
04226             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04227         }
04228         FCT_TEST_END();
04229 
04230 
04231         FCT_TEST_BGN(rsaes_oaep_decryption_example_6_6)
04232         {
04233             unsigned char message_str[1000];
04234             unsigned char output[1000];
04235             unsigned char output_str[1000];
04236             rsa_context ctx;
04237             mpi P1, Q1, H, G;
04238             size_t output_len;
04239         
04240             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04241             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04242         
04243             memset( message_str, 0x00, 1000 );
04244             memset( output, 0x00, 1000 );
04245             memset( output_str, 0x00, 1000 );
04246         
04247             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
04248             fct_chk( mpi_read_string( &ctx.P, 16, "04a6ce8b7358dfa69bdcf742617005afb5385f5f3a58a24ef74a22a8c05cb7cc38ebd4cc9d9a9d789a62cd0f60f0cb941d3423c9692efa4fe3adff290c4749a38b" ) == 0 );
04249             fct_chk( mpi_read_string( &ctx.Q, 16, "0404c9a803371fedb4c5be39f3c00b009e5e08a63be1e40035cdaca5011cc701cf7eebcb99f0ffe17cfd0a4bf7befd2dd536ac946db797fdbc4abe8f29349b91ed" ) == 0 );
04250             fct_chk( mpi_read_string( &ctx.N, 16, "12b17f6dad2ecd19ff46dc13f7860f09e0e0cfb677b38a52592305ceaf022c166db90d04ac29e33f7dd12d9faf66e0816bb63ead267cc7d46c17c37be214bca2a22d723a64e44407436b6fc965729aefc2554f376cd5dcea68293780a62bf39d0029485a160bbb9e5dc0972d21a504f52e5ee028aa416332f510b2e9cff5f722af" ) == 0 );
04251             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04252                         
04253             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04254             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04255             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04256             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04257             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04258             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04259             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04260             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04261         
04262             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04263         
04264             unhexify( message_str, "0a026dda5fc8785f7bd9bf75327b63e85e2c0fdee5dadb65ebdcac9ae1de95c92c672ab433aa7a8e69ce6a6d8897fac4ac4a54de841ae5e5bbce7687879d79634cea7a30684065c714d52409b928256bbf53eabcd5231eb7259504537399bd29164b726d33a46da701360a4168a091ccab72d44a62fed246c0ffea5b1348ab5470" );
04265         
04266             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04267             if( 0 == 0 )
04268             {
04269                 hexify( output_str, output, ctx.len );
04270         
04271                 fct_chk( strncasecmp( (char *) output_str, "50ba14be8462720279c306ba", strlen( "50ba14be8462720279c306ba" ) ) == 0 );
04272             }
04273         
04274             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04275         }
04276         FCT_TEST_END();
04277 
04278 
04279         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_1)
04280         {
04281             unsigned char message_str[1000];
04282             unsigned char output[1000];
04283             unsigned char output_str[1000];
04284             rsa_context ctx;
04285             mpi P1, Q1, H, G;
04286             size_t output_len;
04287         
04288             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04289             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04290         
04291             memset( message_str, 0x00, 1000 );
04292             memset( output, 0x00, 1000 );
04293             memset( output_str, 0x00, 1000 );
04294         
04295             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04296             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04297             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04298             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04299             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04300                         
04301             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04302             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04303             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04304             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04305             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04306             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04307             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04308             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04309         
04310             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04311         
04312             unhexify( message_str, "1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1" );
04313         
04314             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04315             if( 0 == 0 )
04316             {
04317                 hexify( output_str, output, ctx.len );
04318         
04319                 fct_chk( strncasecmp( (char *) output_str, "47aae909", strlen( "47aae909" ) ) == 0 );
04320             }
04321         
04322             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04323         }
04324         FCT_TEST_END();
04325 
04326 
04327         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_2)
04328         {
04329             unsigned char message_str[1000];
04330             unsigned char output[1000];
04331             unsigned char output_str[1000];
04332             rsa_context ctx;
04333             mpi P1, Q1, H, G;
04334             size_t output_len;
04335         
04336             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04337             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04338         
04339             memset( message_str, 0x00, 1000 );
04340             memset( output, 0x00, 1000 );
04341             memset( output_str, 0x00, 1000 );
04342         
04343             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04344             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04345             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04346             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04347             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04348                         
04349             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04350             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04351             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04352             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04353             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04354             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04355             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04356             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04357         
04358             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04359         
04360             unhexify( message_str, "1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6" );
04361         
04362             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04363             if( 0 == 0 )
04364             {
04365                 hexify( output_str, output, ctx.len );
04366         
04367                 fct_chk( strncasecmp( (char *) output_str, "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7", strlen( "1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7" ) ) == 0 );
04368             }
04369         
04370             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04371         }
04372         FCT_TEST_END();
04373 
04374 
04375         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_3)
04376         {
04377             unsigned char message_str[1000];
04378             unsigned char output[1000];
04379             unsigned char output_str[1000];
04380             rsa_context ctx;
04381             mpi P1, Q1, H, G;
04382             size_t output_len;
04383         
04384             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04385             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04386         
04387             memset( message_str, 0x00, 1000 );
04388             memset( output, 0x00, 1000 );
04389             memset( output_str, 0x00, 1000 );
04390         
04391             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04392             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04393             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04394             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04395             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04396                         
04397             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04398             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04399             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04400             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04401             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04402             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04403             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04404             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04405         
04406             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04407         
04408             unhexify( message_str, "2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b" );
04409         
04410             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04411             if( 0 == 0 )
04412             {
04413                 hexify( output_str, output, ctx.len );
04414         
04415                 fct_chk( strncasecmp( (char *) output_str, "d976fc", strlen( "d976fc" ) ) == 0 );
04416             }
04417         
04418             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04419         }
04420         FCT_TEST_END();
04421 
04422 
04423         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_4)
04424         {
04425             unsigned char message_str[1000];
04426             unsigned char output[1000];
04427             unsigned char output_str[1000];
04428             rsa_context ctx;
04429             mpi P1, Q1, H, G;
04430             size_t output_len;
04431         
04432             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04433             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04434         
04435             memset( message_str, 0x00, 1000 );
04436             memset( output, 0x00, 1000 );
04437             memset( output_str, 0x00, 1000 );
04438         
04439             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04440             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04441             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04442             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04443             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04444                         
04445             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04446             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04447             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04448             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04449             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04450             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04451             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04452             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04453         
04454             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04455         
04456             unhexify( message_str, "0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac" );
04457         
04458             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04459             if( 0 == 0 )
04460             {
04461                 hexify( output_str, output, ctx.len );
04462         
04463                 fct_chk( strncasecmp( (char *) output_str, "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb", strlen( "d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb" ) ) == 0 );
04464             }
04465         
04466             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04467         }
04468         FCT_TEST_END();
04469 
04470 
04471         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_5)
04472         {
04473             unsigned char message_str[1000];
04474             unsigned char output[1000];
04475             unsigned char output_str[1000];
04476             rsa_context ctx;
04477             mpi P1, Q1, H, G;
04478             size_t output_len;
04479         
04480             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04481             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04482         
04483             memset( message_str, 0x00, 1000 );
04484             memset( output, 0x00, 1000 );
04485             memset( output_str, 0x00, 1000 );
04486         
04487             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04488             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04489             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04490             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04491             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04492                         
04493             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04494             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04495             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04496             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04497             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04498             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04499             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04500             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04501         
04502             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04503         
04504             unhexify( message_str, "028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478" );
04505         
04506             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04507             if( 0 == 0 )
04508             {
04509                 hexify( output_str, output, ctx.len );
04510         
04511                 fct_chk( strncasecmp( (char *) output_str, "bb47231ca5ea1d3ad46c99345d9a8a61", strlen( "bb47231ca5ea1d3ad46c99345d9a8a61" ) ) == 0 );
04512             }
04513         
04514             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04515         }
04516         FCT_TEST_END();
04517 
04518 
04519         FCT_TEST_BGN(rsaes_oaep_decryption_example_7_6)
04520         {
04521             unsigned char message_str[1000];
04522             unsigned char output[1000];
04523             unsigned char output_str[1000];
04524             rsa_context ctx;
04525             mpi P1, Q1, H, G;
04526             size_t output_len;
04527         
04528             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04529             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04530         
04531             memset( message_str, 0x00, 1000 );
04532             memset( output, 0x00, 1000 );
04533             memset( output_str, 0x00, 1000 );
04534         
04535             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
04536             fct_chk( mpi_read_string( &ctx.P, 16, "0749262c111cd470ec2566e6b3732fc09329469aa19071d3b9c01906514c6f1d26baa14beab0971c8b7e611a4f79009d6fea776928ca25285b0de3643d1a3f8c71" ) == 0 );
04537             fct_chk( mpi_read_string( &ctx.Q, 16, "06bc1e50e96c02bf636e9eea8b899bbebf7651de77dd474c3e9bc23bad8182b61904c7d97dfbebfb1e00108878b6e67e415391d67942c2b2bf9b4435f88b0cb023" ) == 0 );
04538             fct_chk( mpi_read_string( &ctx.N, 16, "311179f0bcfc9b9d3ca315d00ef30d7bdd3a2cfae9911bfedcb948b3a4782d0732b6ab44aa4bf03741a644dc01bec3e69b01a033e675d8acd7c4925c6b1aec3119051dfd89762d215d45475ffcb59f908148623f37177156f6ae86dd7a7c5f43dc1e1f908254058a284a5f06c0021793a87f1ac5feff7dcaee69c5e51a3789e373" ) == 0 );
04539             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04540                         
04541             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04542             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04543             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04544             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04545             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04546             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04547             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04548             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04549         
04550             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04551         
04552             unhexify( message_str, "14c678a94ad60525ef39e959b2f3ba5c097a94ff912b67dbace80535c187abd47d075420b1872152bba08f7fc31f313bbf9273c912fc4c0149a9b0cfb79807e346eb332069611bec0ff9bcd168f1f7c33e77313cea454b94e2549eecf002e2acf7f6f2d2845d4fe0aab2e5a92ddf68c480ae11247935d1f62574842216ae674115" );
04553         
04554             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04555             if( 0 == 0 )
04556             {
04557                 hexify( output_str, output, ctx.len );
04558         
04559                 fct_chk( strncasecmp( (char *) output_str, "2184827095d35c3f86f600e8e59754013296", strlen( "2184827095d35c3f86f600e8e59754013296" ) ) == 0 );
04560             }
04561         
04562             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04563         }
04564         FCT_TEST_END();
04565 
04566 
04567         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_1)
04568         {
04569             unsigned char message_str[1000];
04570             unsigned char output[1000];
04571             unsigned char output_str[1000];
04572             rsa_context ctx;
04573             mpi P1, Q1, H, G;
04574             size_t output_len;
04575         
04576             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04577             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04578         
04579             memset( message_str, 0x00, 1000 );
04580             memset( output, 0x00, 1000 );
04581             memset( output_str, 0x00, 1000 );
04582         
04583             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04584             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04585             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04586             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04587             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04588                         
04589             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04590             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04591             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04592             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04593             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04594             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04595             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04596             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04597         
04598             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04599         
04600             unhexify( message_str, "09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61" );
04601         
04602             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04603             if( 0 == 0 )
04604             {
04605                 hexify( output_str, output, ctx.len );
04606         
04607                 fct_chk( strncasecmp( (char *) output_str, "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967", strlen( "050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967" ) ) == 0 );
04608             }
04609         
04610             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04611         }
04612         FCT_TEST_END();
04613 
04614 
04615         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_2)
04616         {
04617             unsigned char message_str[1000];
04618             unsigned char output[1000];
04619             unsigned char output_str[1000];
04620             rsa_context ctx;
04621             mpi P1, Q1, H, G;
04622             size_t output_len;
04623         
04624             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04625             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04626         
04627             memset( message_str, 0x00, 1000 );
04628             memset( output, 0x00, 1000 );
04629             memset( output_str, 0x00, 1000 );
04630         
04631             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04632             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04633             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04634             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04635             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04636                         
04637             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04638             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04639             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04640             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04641             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04642             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04643             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04644             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04645         
04646             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04647         
04648             unhexify( message_str, "2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d" );
04649         
04650             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04651             if( 0 == 0 )
04652             {
04653                 hexify( output_str, output, ctx.len );
04654         
04655                 fct_chk( strncasecmp( (char *) output_str, "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc", strlen( "4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc" ) ) == 0 );
04656             }
04657         
04658             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04659         }
04660         FCT_TEST_END();
04661 
04662 
04663         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_3)
04664         {
04665             unsigned char message_str[1000];
04666             unsigned char output[1000];
04667             unsigned char output_str[1000];
04668             rsa_context ctx;
04669             mpi P1, Q1, H, G;
04670             size_t output_len;
04671         
04672             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04673             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04674         
04675             memset( message_str, 0x00, 1000 );
04676             memset( output, 0x00, 1000 );
04677             memset( output_str, 0x00, 1000 );
04678         
04679             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04680             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04681             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04682             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04683             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04684                         
04685             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04686             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04687             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04688             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04689             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04690             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04691             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04692             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04693         
04694             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04695         
04696             unhexify( message_str, "4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f" );
04697         
04698             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04699             if( 0 == 0 )
04700             {
04701                 hexify( output_str, output, ctx.len );
04702         
04703                 fct_chk( strncasecmp( (char *) output_str, "8604ac56328c1ab5ad917861", strlen( "8604ac56328c1ab5ad917861" ) ) == 0 );
04704             }
04705         
04706             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04707         }
04708         FCT_TEST_END();
04709 
04710 
04711         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_4)
04712         {
04713             unsigned char message_str[1000];
04714             unsigned char output[1000];
04715             unsigned char output_str[1000];
04716             rsa_context ctx;
04717             mpi P1, Q1, H, G;
04718             size_t output_len;
04719         
04720             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04721             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04722         
04723             memset( message_str, 0x00, 1000 );
04724             memset( output, 0x00, 1000 );
04725             memset( output_str, 0x00, 1000 );
04726         
04727             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04728             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04729             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04730             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04731             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04732                         
04733             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04734             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04735             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04736             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04737             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04738             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04739             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04740             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04741         
04742             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04743         
04744             unhexify( message_str, "2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0" );
04745         
04746             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04747             if( 0 == 0 )
04748             {
04749                 hexify( output_str, output, ctx.len );
04750         
04751                 fct_chk( strncasecmp( (char *) output_str, "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc", strlen( "fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc" ) ) == 0 );
04752             }
04753         
04754             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04755         }
04756         FCT_TEST_END();
04757 
04758 
04759         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_5)
04760         {
04761             unsigned char message_str[1000];
04762             unsigned char output[1000];
04763             unsigned char output_str[1000];
04764             rsa_context ctx;
04765             mpi P1, Q1, H, G;
04766             size_t output_len;
04767         
04768             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04769             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04770         
04771             memset( message_str, 0x00, 1000 );
04772             memset( output, 0x00, 1000 );
04773             memset( output_str, 0x00, 1000 );
04774         
04775             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04776             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04777             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04778             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04779             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04780                         
04781             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04782             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04783             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04784             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04785             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04786             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04787             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04788             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04789         
04790             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04791         
04792             unhexify( message_str, "1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2" );
04793         
04794             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04795             if( 0 == 0 )
04796             {
04797                 hexify( output_str, output, ctx.len );
04798         
04799                 fct_chk( strncasecmp( (char *) output_str, "4a5f4914bee25de3c69341de07", strlen( "4a5f4914bee25de3c69341de07" ) ) == 0 );
04800             }
04801         
04802             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04803         }
04804         FCT_TEST_END();
04805 
04806 
04807         FCT_TEST_BGN(rsaes_oaep_decryption_example_8_6)
04808         {
04809             unsigned char message_str[1000];
04810             unsigned char output[1000];
04811             unsigned char output_str[1000];
04812             rsa_context ctx;
04813             mpi P1, Q1, H, G;
04814             size_t output_len;
04815         
04816             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04817             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04818         
04819             memset( message_str, 0x00, 1000 );
04820             memset( output, 0x00, 1000 );
04821             memset( output_str, 0x00, 1000 );
04822         
04823             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
04824             fct_chk( mpi_read_string( &ctx.P, 16, "0a02ef8448d9fad8bbd0d004c8c2aa9751ef9721c1b0d03236a54b0df947cbaed5a255ee9e8e20d491ea1723fe094704a9762e88afd16ebb5994412ca966dc4f9f" ) == 0 );
04825             fct_chk( mpi_read_string( &ctx.Q, 16, "092d362e7ed3a0bfd9e9fd0e6c0301b6df29159cf50cc83b9b0cf4d6eea71a61e002b46e0ae9f2de62d25b5d7452d498b81c9ac6fc58593d4c3fb4f5d72dfbb0a9" ) == 0 );
04826             fct_chk( mpi_read_string( &ctx.N, 16, "5bdf0e30d321dda5147f882408fa69195480df8f80d3f6e8bf5818504f36427ca9b1f5540b9c65a8f6974cf8447a244d9280201bb49fcbbe6378d1944cd227e230f96e3d10f819dcef276c64a00b2a4b6701e7d01de5fabde3b1e9a0df82f4631359cd22669647fbb1717246134ed7b497cfffbdc42b59c73a96ed90166212dff7" ) == 0 );
04827             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04828                         
04829             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04830             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04831             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04832             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04833             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04834             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04835             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04836             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04837         
04838             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04839         
04840             unhexify( message_str, "3afd9c6600147b21798d818c655a0f4c9212db26d0b0dfdc2a7594ccb3d22f5bf1d7c3e112cd73fc7d509c7a8bafdd3c274d1399009f9609ec4be6477e453f075aa33db382870c1c3409aef392d7386ae3a696b99a94b4da0589447e955d16c98b17602a59bd736279fcd8fb280c4462d590bfa9bf13fed570eafde97330a2c210" );
04841         
04842             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04843             if( 0 == 0 )
04844             {
04845                 hexify( output_str, output, ctx.len );
04846         
04847                 fct_chk( strncasecmp( (char *) output_str, "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be", strlen( "8e07d66f7b880a72563abcd3f35092bc33409fb7f88f2472be" ) ) == 0 );
04848             }
04849         
04850             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04851         }
04852         FCT_TEST_END();
04853 
04854 
04855         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_1)
04856         {
04857             unsigned char message_str[1000];
04858             unsigned char output[1000];
04859             unsigned char output_str[1000];
04860             rsa_context ctx;
04861             mpi P1, Q1, H, G;
04862             size_t output_len;
04863         
04864             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04865             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04866         
04867             memset( message_str, 0x00, 1000 );
04868             memset( output, 0x00, 1000 );
04869             memset( output_str, 0x00, 1000 );
04870         
04871             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
04872             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
04873             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
04874             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
04875             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04876                         
04877             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04878             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04879             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04880             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04881             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04882             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04883             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04884             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04885         
04886             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04887         
04888             unhexify( message_str, "267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72" );
04889         
04890             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04891             if( 0 == 0 )
04892             {
04893                 hexify( output_str, output, ctx.len );
04894         
04895                 fct_chk( strncasecmp( (char *) output_str, "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6", strlen( "f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6" ) ) == 0 );
04896             }
04897         
04898             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04899         }
04900         FCT_TEST_END();
04901 
04902 
04903         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_2)
04904         {
04905             unsigned char message_str[1000];
04906             unsigned char output[1000];
04907             unsigned char output_str[1000];
04908             rsa_context ctx;
04909             mpi P1, Q1, H, G;
04910             size_t output_len;
04911         
04912             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04913             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04914         
04915             memset( message_str, 0x00, 1000 );
04916             memset( output, 0x00, 1000 );
04917             memset( output_str, 0x00, 1000 );
04918         
04919             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
04920             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
04921             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
04922             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
04923             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04924                         
04925             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04926             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04927             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04928             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04929             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04930             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04931             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04932             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04933         
04934             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04935         
04936             unhexify( message_str, "93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8" );
04937         
04938             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04939             if( 0 == 0 )
04940             {
04941                 hexify( output_str, output, ctx.len );
04942         
04943                 fct_chk( strncasecmp( (char *) output_str, "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659", strlen( "81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659" ) ) == 0 );
04944             }
04945         
04946             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04947         }
04948         FCT_TEST_END();
04949 
04950 
04951         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_3)
04952         {
04953             unsigned char message_str[1000];
04954             unsigned char output[1000];
04955             unsigned char output_str[1000];
04956             rsa_context ctx;
04957             mpi P1, Q1, H, G;
04958             size_t output_len;
04959         
04960             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
04961             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
04962         
04963             memset( message_str, 0x00, 1000 );
04964             memset( output, 0x00, 1000 );
04965             memset( output_str, 0x00, 1000 );
04966         
04967             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
04968             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
04969             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
04970             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
04971             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
04972                         
04973             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
04974             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
04975             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
04976             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
04977             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
04978             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
04979             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
04980             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
04981         
04982             fct_chk( rsa_check_privkey( &ctx ) == 0 );
04983         
04984             unhexify( message_str, "81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3" );
04985         
04986             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
04987             if( 0 == 0 )
04988             {
04989                 hexify( output_str, output, ctx.len );
04990         
04991                 fct_chk( strncasecmp( (char *) output_str, "fd326429df9b890e09b54b18b8f34f1e24", strlen( "fd326429df9b890e09b54b18b8f34f1e24" ) ) == 0 );
04992             }
04993         
04994             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
04995         }
04996         FCT_TEST_END();
04997 
04998 
04999         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_4)
05000         {
05001             unsigned char message_str[1000];
05002             unsigned char output[1000];
05003             unsigned char output_str[1000];
05004             rsa_context ctx;
05005             mpi P1, Q1, H, G;
05006             size_t output_len;
05007         
05008             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05009             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05010         
05011             memset( message_str, 0x00, 1000 );
05012             memset( output, 0x00, 1000 );
05013             memset( output_str, 0x00, 1000 );
05014         
05015             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
05016             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
05017             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
05018             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
05019             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05020                         
05021             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05022             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05023             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05024             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05025             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05026             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05027             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05028             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05029         
05030             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05031         
05032             unhexify( message_str, "bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858" );
05033         
05034             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05035             if( 0 == 0 )
05036             {
05037                 hexify( output_str, output, ctx.len );
05038         
05039                 fct_chk( strncasecmp( (char *) output_str, "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e", strlen( "f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e" ) ) == 0 );
05040             }
05041         
05042             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05043         }
05044         FCT_TEST_END();
05045 
05046 
05047         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_5)
05048         {
05049             unsigned char message_str[1000];
05050             unsigned char output[1000];
05051             unsigned char output_str[1000];
05052             rsa_context ctx;
05053             mpi P1, Q1, H, G;
05054             size_t output_len;
05055         
05056             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05057             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05058         
05059             memset( message_str, 0x00, 1000 );
05060             memset( output, 0x00, 1000 );
05061             memset( output_str, 0x00, 1000 );
05062         
05063             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
05064             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
05065             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
05066             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
05067             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05068                         
05069             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05070             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05071             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05072             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05073             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05074             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05075             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05076             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05077         
05078             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05079         
05080             unhexify( message_str, "232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e" );
05081         
05082             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05083             if( 0 == 0 )
05084             {
05085                 hexify( output_str, output, ctx.len );
05086         
05087                 fct_chk( strncasecmp( (char *) output_str, "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d", strlen( "53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d" ) ) == 0 );
05088             }
05089         
05090             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05091         }
05092         FCT_TEST_END();
05093 
05094 
05095         FCT_TEST_BGN(rsaes_oaep_decryption_example_9_6)
05096         {
05097             unsigned char message_str[1000];
05098             unsigned char output[1000];
05099             unsigned char output_str[1000];
05100             rsa_context ctx;
05101             mpi P1, Q1, H, G;
05102             size_t output_len;
05103         
05104             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05105             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05106         
05107             memset( message_str, 0x00, 1000 );
05108             memset( output, 0x00, 1000 );
05109             memset( output_str, 0x00, 1000 );
05110         
05111             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
05112             fct_chk( mpi_read_string( &ctx.P, 16, "fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd" ) == 0 );
05113             fct_chk( mpi_read_string( &ctx.Q, 16, "d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1" ) == 0 );
05114             fct_chk( mpi_read_string( &ctx.N, 16, "cf2cd41e34ca3a728ea5cb8aff64c36d27bdef5364e336fd68d3123c5a196a8c287013e853d5156d58d151954520fb4f6d7b17abb6817765909c576119659d902b1906ed8a2b10c155c24d124528dab9eeae379beac66e4a411786dcb8fd0062ebc030de1219a04c2a8c1b7dd3131e4d6b6caee2e31a5ed41ac1509b2ef1ee2ab18364be568ca941c25ecc84ff9d643b5ec1aaae102a20d73f479b780fd6da91075212d9eac03a0674d899eba2e431f4c44b615b6ba2232bd4b33baed73d625d" ) == 0 );
05115             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05116                         
05117             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05118             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05119             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05120             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05121             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05122             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05123             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05124             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05125         
05126             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05127         
05128             unhexify( message_str, "438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f" );
05129         
05130             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05131             if( 0 == 0 )
05132             {
05133                 hexify( output_str, output, ctx.len );
05134         
05135                 fct_chk( strncasecmp( (char *) output_str, "b6b28ea2198d0c1008bc64", strlen( "b6b28ea2198d0c1008bc64" ) ) == 0 );
05136             }
05137         
05138             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05139         }
05140         FCT_TEST_END();
05141 
05142 
05143         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_1)
05144         {
05145             unsigned char message_str[1000];
05146             unsigned char output[1000];
05147             unsigned char output_str[1000];
05148             rsa_context ctx;
05149             mpi P1, Q1, H, G;
05150             size_t output_len;
05151         
05152             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05153             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05154         
05155             memset( message_str, 0x00, 1000 );
05156             memset( output, 0x00, 1000 );
05157             memset( output_str, 0x00, 1000 );
05158         
05159             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05160             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05161             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05162             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05163             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05164                         
05165             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05166             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05167             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05168             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05169             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05170             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05171             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05172             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05173         
05174             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05175         
05176             unhexify( message_str, "53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc" );
05177         
05178             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05179             if( 0 == 0 )
05180             {
05181                 hexify( output_str, output, ctx.len );
05182         
05183                 fct_chk( strncasecmp( (char *) output_str, "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee", strlen( "8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee" ) ) == 0 );
05184             }
05185         
05186             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05187         }
05188         FCT_TEST_END();
05189 
05190 
05191         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_2)
05192         {
05193             unsigned char message_str[1000];
05194             unsigned char output[1000];
05195             unsigned char output_str[1000];
05196             rsa_context ctx;
05197             mpi P1, Q1, H, G;
05198             size_t output_len;
05199         
05200             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05201             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05202         
05203             memset( message_str, 0x00, 1000 );
05204             memset( output, 0x00, 1000 );
05205             memset( output_str, 0x00, 1000 );
05206         
05207             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05208             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05209             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05210             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05211             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05212                         
05213             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05214             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05215             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05216             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05217             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05218             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05219             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05220             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05221         
05222             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05223         
05224             unhexify( message_str, "a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795" );
05225         
05226             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05227             if( 0 == 0 )
05228             {
05229                 hexify( output_str, output, ctx.len );
05230         
05231                 fct_chk( strncasecmp( (char *) output_str, "e6ad181f053b58a904f2457510373e57", strlen( "e6ad181f053b58a904f2457510373e57" ) ) == 0 );
05232             }
05233         
05234             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05235         }
05236         FCT_TEST_END();
05237 
05238 
05239         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_3)
05240         {
05241             unsigned char message_str[1000];
05242             unsigned char output[1000];
05243             unsigned char output_str[1000];
05244             rsa_context ctx;
05245             mpi P1, Q1, H, G;
05246             size_t output_len;
05247         
05248             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05249             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05250         
05251             memset( message_str, 0x00, 1000 );
05252             memset( output, 0x00, 1000 );
05253             memset( output_str, 0x00, 1000 );
05254         
05255             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05256             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05257             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05258             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05259             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05260                         
05261             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05262             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05263             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05264             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05265             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05266             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05267             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05268             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05269         
05270             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05271         
05272             unhexify( message_str, "9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede" );
05273         
05274             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05275             if( 0 == 0 )
05276             {
05277                 hexify( output_str, output, ctx.len );
05278         
05279                 fct_chk( strncasecmp( (char *) output_str, "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124", strlen( "510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124" ) ) == 0 );
05280             }
05281         
05282             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05283         }
05284         FCT_TEST_END();
05285 
05286 
05287         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_4)
05288         {
05289             unsigned char message_str[1000];
05290             unsigned char output[1000];
05291             unsigned char output_str[1000];
05292             rsa_context ctx;
05293             mpi P1, Q1, H, G;
05294             size_t output_len;
05295         
05296             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05297             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05298         
05299             memset( message_str, 0x00, 1000 );
05300             memset( output, 0x00, 1000 );
05301             memset( output_str, 0x00, 1000 );
05302         
05303             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05304             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05305             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05306             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05307             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05308                         
05309             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05310             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05311             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05312             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05313             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05314             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05315             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05316             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05317         
05318             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05319         
05320             unhexify( message_str, "6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8" );
05321         
05322             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05323             if( 0 == 0 )
05324             {
05325                 hexify( output_str, output, ctx.len );
05326         
05327                 fct_chk( strncasecmp( (char *) output_str, "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9", strlen( "bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9" ) ) == 0 );
05328             }
05329         
05330             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05331         }
05332         FCT_TEST_END();
05333 
05334 
05335         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_5)
05336         {
05337             unsigned char message_str[1000];
05338             unsigned char output[1000];
05339             unsigned char output_str[1000];
05340             rsa_context ctx;
05341             mpi P1, Q1, H, G;
05342             size_t output_len;
05343         
05344             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05345             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05346         
05347             memset( message_str, 0x00, 1000 );
05348             memset( output, 0x00, 1000 );
05349             memset( output_str, 0x00, 1000 );
05350         
05351             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05352             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05353             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05354             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05355             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05356                         
05357             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05358             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05359             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05360             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05361             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05362             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05363             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05364             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05365         
05366             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05367         
05368             unhexify( message_str, "75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0" );
05369         
05370             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05371             if( 0 == 0 )
05372             {
05373                 hexify( output_str, output, ctx.len );
05374         
05375                 fct_chk( strncasecmp( (char *) output_str, "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9", strlen( "a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9" ) ) == 0 );
05376             }
05377         
05378             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05379         }
05380         FCT_TEST_END();
05381 
05382 
05383         FCT_TEST_BGN(rsaes_oaep_decryption_example_10_6)
05384         {
05385             unsigned char message_str[1000];
05386             unsigned char output[1000];
05387             unsigned char output_str[1000];
05388             rsa_context ctx;
05389             mpi P1, Q1, H, G;
05390             size_t output_len;
05391         
05392             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05393             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05394         
05395             memset( message_str, 0x00, 1000 );
05396             memset( output, 0x00, 1000 );
05397             memset( output_str, 0x00, 1000 );
05398         
05399             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
05400             fct_chk( mpi_read_string( &ctx.P, 16, "ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce769" ) == 0 );
05401             fct_chk( mpi_read_string( &ctx.Q, 16, "bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc3863183" ) == 0 );
05402             fct_chk( mpi_read_string( &ctx.N, 16, "ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb" ) == 0 );
05403             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05404                         
05405             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05406             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05407             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05408             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05409             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05410             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05411             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05412             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05413         
05414             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05415         
05416             unhexify( message_str, "2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46" );
05417         
05418             fct_chk( rsa_pkcs1_decrypt( &ctx, RSA_PRIVATE, &output_len, message_str, output, 1000 ) == 0 );
05419             if( 0 == 0 )
05420             {
05421                 hexify( output_str, output, ctx.len );
05422         
05423                 fct_chk( strncasecmp( (char *) output_str, "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac", strlen( "eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac" ) ) == 0 );
05424             }
05425         
05426             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05427         }
05428         FCT_TEST_END();
05429 
05430 
05431         FCT_TEST_BGN(rsassa_pss_signing_test_vector_int)
05432         {
05433             unsigned char message_str[1000];
05434             unsigned char hash_result[1000];
05435             unsigned char output[1000];
05436             unsigned char output_str[1000];
05437             unsigned char rnd_buf[1000];
05438             rsa_context ctx;
05439             mpi P1, Q1, H, G;
05440             size_t msg_len;
05441             rnd_buf_info info;
05442         
05443             info.length = unhexify( rnd_buf, "e3b5d5d002c1bce50c2b65ef88a188d83bce7e61" );
05444             info.buf = rnd_buf;
05445         
05446             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05447             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05448         
05449             memset( message_str, 0x00, 1000 );
05450             memset( hash_result, 0x00, 1000 );
05451             memset( output, 0x00, 1000 );
05452             memset( output_str, 0x00, 1000 );
05453         
05454             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05455             fct_chk( mpi_read_string( &ctx.P, 16, "d17f655bf27c8b16d35462c905cc04a26f37e2a67fa9c0ce0dced472394a0df743fe7f929e378efdb368eddff453cf007af6d948e0ade757371f8a711e278f6b" ) == 0 );
05456             fct_chk( mpi_read_string( &ctx.Q, 16, "c6d92b6fee7414d1358ce1546fb62987530b90bd15e0f14963a5e2635adb69347ec0c01b2ab1763fd8ac1a592fb22757463a982425bb97a3a437c5bf86d03f2f" ) == 0 );
05457             fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
05458             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05459         
05460             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05461             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05462             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05463             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05464             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05465             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05466             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05467             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05468         
05469             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05470         
05471             msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
05472         
05473             switch( SIG_RSA_SHA1 )
05474             {
05475         #ifdef POLARSSL_MD2_C
05476             case SIG_RSA_MD2:
05477                 md2( message_str, msg_len, hash_result );
05478                 break;
05479         #endif
05480         #ifdef POLARSSL_MD4_C
05481             case SIG_RSA_MD4:
05482                 md4( message_str, msg_len, hash_result );
05483                 break;
05484         #endif
05485         #ifdef POLARSSL_MD5_C
05486             case SIG_RSA_MD5:
05487                 md5( message_str, msg_len, hash_result );
05488                 break;
05489         #endif
05490         #ifdef POLARSSL_SHA1_C
05491             case SIG_RSA_SHA1:
05492                 sha1( message_str, msg_len, hash_result );
05493                 break;
05494         #endif
05495         #ifdef POLARSSL_SHA2_C
05496             case SIG_RSA_SHA224:
05497                 sha2( message_str, msg_len, hash_result, 1 );
05498                 break;
05499             case SIG_RSA_SHA256:
05500                 sha2( message_str, msg_len, hash_result, 0 );
05501                 break;
05502         #endif
05503         #ifdef POLARSSL_SHA4_C
05504             case SIG_RSA_SHA384:
05505                 sha4( message_str, msg_len, hash_result, 1 );
05506                 break;
05507             case SIG_RSA_SHA512:
05508                 sha4( message_str, msg_len, hash_result, 0 );
05509                 break;
05510         #endif
05511             }
05512         
05513             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
05514             if( 0 == 0 )
05515             {
05516                 hexify( output_str, output, ctx.len);
05517         
05518                 fct_chk( strcasecmp( (char *) output_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" ) == 0 );
05519             }
05520         
05521             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05522         }
05523         FCT_TEST_END();
05524 
05525 
05526         FCT_TEST_BGN(rsassa_pss_verification_test_vector_int)
05527         {
05528             unsigned char message_str[1000];
05529             unsigned char hash_result[1000];
05530             unsigned char result_str[1000];
05531             rsa_context ctx;
05532             size_t msg_len;
05533         
05534             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05535             memset( message_str, 0x00, 1000 );
05536             memset( hash_result, 0x00, 1000 );
05537             memset( result_str, 0x00, 1000 );
05538         
05539             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05540             fct_chk( mpi_read_string( &ctx.N, 16, "a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5" ) == 0 );
05541             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05542         
05543             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
05544         
05545             msg_len = unhexify( message_str, "859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc" );
05546             unhexify( result_str, "8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e" );
05547         
05548             switch( SIG_RSA_SHA1 )
05549             {
05550         #ifdef POLARSSL_MD2_C
05551             case SIG_RSA_MD2:
05552                 md2( message_str, msg_len, hash_result );
05553                 break;
05554         #endif
05555         #ifdef POLARSSL_MD4_C
05556             case SIG_RSA_MD4:
05557                 md4( message_str, msg_len, hash_result );
05558                 break;
05559         #endif
05560         #ifdef POLARSSL_MD5_C
05561             case SIG_RSA_MD5:
05562                 md5( message_str, msg_len, hash_result );
05563                 break;
05564         #endif
05565         #ifdef POLARSSL_SHA1_C
05566             case SIG_RSA_SHA1:
05567                 sha1( message_str, msg_len, hash_result );
05568                 break;
05569         #endif
05570         #ifdef POLARSSL_SHA2_C
05571             case SIG_RSA_SHA224:
05572                 sha2( message_str, msg_len, hash_result, 1 );
05573                 break;
05574             case SIG_RSA_SHA256:
05575                 sha2( message_str, msg_len, hash_result, 0 );
05576                 break;
05577         #endif
05578         #ifdef POLARSSL_SHA4_C
05579             case SIG_RSA_SHA384:
05580                 sha4( message_str, msg_len, hash_result, 1 );
05581                 break;
05582             case SIG_RSA_SHA512:
05583                 sha4( message_str, msg_len, hash_result, 0 );
05584                 break;
05585         #endif
05586             }
05587         
05588             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
05589         }
05590         FCT_TEST_END();
05591 
05592 
05593         FCT_TEST_BGN(rsassa_pss_signature_example_1_1)
05594         {
05595             unsigned char message_str[1000];
05596             unsigned char hash_result[1000];
05597             unsigned char output[1000];
05598             unsigned char output_str[1000];
05599             unsigned char rnd_buf[1000];
05600             rsa_context ctx;
05601             mpi P1, Q1, H, G;
05602             size_t msg_len;
05603             rnd_buf_info info;
05604         
05605             info.length = unhexify( rnd_buf, "dee959c7e06411361420ff80185ed57f3e6776af" );
05606             info.buf = rnd_buf;
05607         
05608             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05609             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05610         
05611             memset( message_str, 0x00, 1000 );
05612             memset( hash_result, 0x00, 1000 );
05613             memset( output, 0x00, 1000 );
05614             memset( output_str, 0x00, 1000 );
05615         
05616             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05617             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
05618             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
05619             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
05620             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05621         
05622             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05623             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05624             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05625             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05626             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05627             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05628             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05629             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05630         
05631             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05632         
05633             msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
05634         
05635             switch( SIG_RSA_SHA1 )
05636             {
05637         #ifdef POLARSSL_MD2_C
05638             case SIG_RSA_MD2:
05639                 md2( message_str, msg_len, hash_result );
05640                 break;
05641         #endif
05642         #ifdef POLARSSL_MD4_C
05643             case SIG_RSA_MD4:
05644                 md4( message_str, msg_len, hash_result );
05645                 break;
05646         #endif
05647         #ifdef POLARSSL_MD5_C
05648             case SIG_RSA_MD5:
05649                 md5( message_str, msg_len, hash_result );
05650                 break;
05651         #endif
05652         #ifdef POLARSSL_SHA1_C
05653             case SIG_RSA_SHA1:
05654                 sha1( message_str, msg_len, hash_result );
05655                 break;
05656         #endif
05657         #ifdef POLARSSL_SHA2_C
05658             case SIG_RSA_SHA224:
05659                 sha2( message_str, msg_len, hash_result, 1 );
05660                 break;
05661             case SIG_RSA_SHA256:
05662                 sha2( message_str, msg_len, hash_result, 0 );
05663                 break;
05664         #endif
05665         #ifdef POLARSSL_SHA4_C
05666             case SIG_RSA_SHA384:
05667                 sha4( message_str, msg_len, hash_result, 1 );
05668                 break;
05669             case SIG_RSA_SHA512:
05670                 sha4( message_str, msg_len, hash_result, 0 );
05671                 break;
05672         #endif
05673             }
05674         
05675             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
05676             if( 0 == 0 )
05677             {
05678                 hexify( output_str, output, ctx.len);
05679         
05680                 fct_chk( strcasecmp( (char *) output_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" ) == 0 );
05681             }
05682         
05683             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05684         }
05685         FCT_TEST_END();
05686 
05687 
05688         FCT_TEST_BGN(rsassa_pss_signature_example_1_1_verify)
05689         {
05690             unsigned char message_str[1000];
05691             unsigned char hash_result[1000];
05692             unsigned char result_str[1000];
05693             rsa_context ctx;
05694             size_t msg_len;
05695         
05696             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05697             memset( message_str, 0x00, 1000 );
05698             memset( hash_result, 0x00, 1000 );
05699             memset( result_str, 0x00, 1000 );
05700         
05701             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05702             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
05703             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05704         
05705             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
05706         
05707             msg_len = unhexify( message_str, "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" );
05708             unhexify( result_str, "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" );
05709         
05710             switch( SIG_RSA_SHA1 )
05711             {
05712         #ifdef POLARSSL_MD2_C
05713             case SIG_RSA_MD2:
05714                 md2( message_str, msg_len, hash_result );
05715                 break;
05716         #endif
05717         #ifdef POLARSSL_MD4_C
05718             case SIG_RSA_MD4:
05719                 md4( message_str, msg_len, hash_result );
05720                 break;
05721         #endif
05722         #ifdef POLARSSL_MD5_C
05723             case SIG_RSA_MD5:
05724                 md5( message_str, msg_len, hash_result );
05725                 break;
05726         #endif
05727         #ifdef POLARSSL_SHA1_C
05728             case SIG_RSA_SHA1:
05729                 sha1( message_str, msg_len, hash_result );
05730                 break;
05731         #endif
05732         #ifdef POLARSSL_SHA2_C
05733             case SIG_RSA_SHA224:
05734                 sha2( message_str, msg_len, hash_result, 1 );
05735                 break;
05736             case SIG_RSA_SHA256:
05737                 sha2( message_str, msg_len, hash_result, 0 );
05738                 break;
05739         #endif
05740         #ifdef POLARSSL_SHA4_C
05741             case SIG_RSA_SHA384:
05742                 sha4( message_str, msg_len, hash_result, 1 );
05743                 break;
05744             case SIG_RSA_SHA512:
05745                 sha4( message_str, msg_len, hash_result, 0 );
05746                 break;
05747         #endif
05748             }
05749         
05750             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
05751         }
05752         FCT_TEST_END();
05753 
05754 
05755         FCT_TEST_BGN(rsassa_pss_signature_example_1_2)
05756         {
05757             unsigned char message_str[1000];
05758             unsigned char hash_result[1000];
05759             unsigned char output[1000];
05760             unsigned char output_str[1000];
05761             unsigned char rnd_buf[1000];
05762             rsa_context ctx;
05763             mpi P1, Q1, H, G;
05764             size_t msg_len;
05765             rnd_buf_info info;
05766         
05767             info.length = unhexify( rnd_buf, "ef2869fa40c346cb183dab3d7bffc98fd56df42d" );
05768             info.buf = rnd_buf;
05769         
05770             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05771             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05772         
05773             memset( message_str, 0x00, 1000 );
05774             memset( hash_result, 0x00, 1000 );
05775             memset( output, 0x00, 1000 );
05776             memset( output_str, 0x00, 1000 );
05777         
05778             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05779             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
05780             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
05781             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
05782             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05783         
05784             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05785             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05786             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05787             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05788             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05789             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05790             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05791             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05792         
05793             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05794         
05795             msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
05796         
05797             switch( SIG_RSA_SHA1 )
05798             {
05799         #ifdef POLARSSL_MD2_C
05800             case SIG_RSA_MD2:
05801                 md2( message_str, msg_len, hash_result );
05802                 break;
05803         #endif
05804         #ifdef POLARSSL_MD4_C
05805             case SIG_RSA_MD4:
05806                 md4( message_str, msg_len, hash_result );
05807                 break;
05808         #endif
05809         #ifdef POLARSSL_MD5_C
05810             case SIG_RSA_MD5:
05811                 md5( message_str, msg_len, hash_result );
05812                 break;
05813         #endif
05814         #ifdef POLARSSL_SHA1_C
05815             case SIG_RSA_SHA1:
05816                 sha1( message_str, msg_len, hash_result );
05817                 break;
05818         #endif
05819         #ifdef POLARSSL_SHA2_C
05820             case SIG_RSA_SHA224:
05821                 sha2( message_str, msg_len, hash_result, 1 );
05822                 break;
05823             case SIG_RSA_SHA256:
05824                 sha2( message_str, msg_len, hash_result, 0 );
05825                 break;
05826         #endif
05827         #ifdef POLARSSL_SHA4_C
05828             case SIG_RSA_SHA384:
05829                 sha4( message_str, msg_len, hash_result, 1 );
05830                 break;
05831             case SIG_RSA_SHA512:
05832                 sha4( message_str, msg_len, hash_result, 0 );
05833                 break;
05834         #endif
05835             }
05836         
05837             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
05838             if( 0 == 0 )
05839             {
05840                 hexify( output_str, output, ctx.len);
05841         
05842                 fct_chk( strcasecmp( (char *) output_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" ) == 0 );
05843             }
05844         
05845             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
05846         }
05847         FCT_TEST_END();
05848 
05849 
05850         FCT_TEST_BGN(rsassa_pss_signature_example_1_2_verify)
05851         {
05852             unsigned char message_str[1000];
05853             unsigned char hash_result[1000];
05854             unsigned char result_str[1000];
05855             rsa_context ctx;
05856             size_t msg_len;
05857         
05858             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05859             memset( message_str, 0x00, 1000 );
05860             memset( hash_result, 0x00, 1000 );
05861             memset( result_str, 0x00, 1000 );
05862         
05863             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05864             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
05865             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05866         
05867             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
05868         
05869             msg_len = unhexify( message_str, "851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e" );
05870             unhexify( result_str, "3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843" );
05871         
05872             switch( SIG_RSA_SHA1 )
05873             {
05874         #ifdef POLARSSL_MD2_C
05875             case SIG_RSA_MD2:
05876                 md2( message_str, msg_len, hash_result );
05877                 break;
05878         #endif
05879         #ifdef POLARSSL_MD4_C
05880             case SIG_RSA_MD4:
05881                 md4( message_str, msg_len, hash_result );
05882                 break;
05883         #endif
05884         #ifdef POLARSSL_MD5_C
05885             case SIG_RSA_MD5:
05886                 md5( message_str, msg_len, hash_result );
05887                 break;
05888         #endif
05889         #ifdef POLARSSL_SHA1_C
05890             case SIG_RSA_SHA1:
05891                 sha1( message_str, msg_len, hash_result );
05892                 break;
05893         #endif
05894         #ifdef POLARSSL_SHA2_C
05895             case SIG_RSA_SHA224:
05896                 sha2( message_str, msg_len, hash_result, 1 );
05897                 break;
05898             case SIG_RSA_SHA256:
05899                 sha2( message_str, msg_len, hash_result, 0 );
05900                 break;
05901         #endif
05902         #ifdef POLARSSL_SHA4_C
05903             case SIG_RSA_SHA384:
05904                 sha4( message_str, msg_len, hash_result, 1 );
05905                 break;
05906             case SIG_RSA_SHA512:
05907                 sha4( message_str, msg_len, hash_result, 0 );
05908                 break;
05909         #endif
05910             }
05911         
05912             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
05913         }
05914         FCT_TEST_END();
05915 
05916 
05917         FCT_TEST_BGN(rsassa_pss_signature_example_1_3)
05918         {
05919             unsigned char message_str[1000];
05920             unsigned char hash_result[1000];
05921             unsigned char output[1000];
05922             unsigned char output_str[1000];
05923             unsigned char rnd_buf[1000];
05924             rsa_context ctx;
05925             mpi P1, Q1, H, G;
05926             size_t msg_len;
05927             rnd_buf_info info;
05928         
05929             info.length = unhexify( rnd_buf, "710b9c4747d800d4de87f12afdce6df18107cc77" );
05930             info.buf = rnd_buf;
05931         
05932             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
05933             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
05934         
05935             memset( message_str, 0x00, 1000 );
05936             memset( hash_result, 0x00, 1000 );
05937             memset( output, 0x00, 1000 );
05938             memset( output_str, 0x00, 1000 );
05939         
05940             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
05941             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
05942             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
05943             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
05944             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
05945         
05946             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
05947             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
05948             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
05949             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
05950             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
05951             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
05952             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
05953             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
05954         
05955             fct_chk( rsa_check_privkey( &ctx ) == 0 );
05956         
05957             msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
05958         
05959             switch( SIG_RSA_SHA1 )
05960             {
05961         #ifdef POLARSSL_MD2_C
05962             case SIG_RSA_MD2:
05963                 md2( message_str, msg_len, hash_result );
05964                 break;
05965         #endif
05966         #ifdef POLARSSL_MD4_C
05967             case SIG_RSA_MD4:
05968                 md4( message_str, msg_len, hash_result );
05969                 break;
05970         #endif
05971         #ifdef POLARSSL_MD5_C
05972             case SIG_RSA_MD5:
05973                 md5( message_str, msg_len, hash_result );
05974                 break;
05975         #endif
05976         #ifdef POLARSSL_SHA1_C
05977             case SIG_RSA_SHA1:
05978                 sha1( message_str, msg_len, hash_result );
05979                 break;
05980         #endif
05981         #ifdef POLARSSL_SHA2_C
05982             case SIG_RSA_SHA224:
05983                 sha2( message_str, msg_len, hash_result, 1 );
05984                 break;
05985             case SIG_RSA_SHA256:
05986                 sha2( message_str, msg_len, hash_result, 0 );
05987                 break;
05988         #endif
05989         #ifdef POLARSSL_SHA4_C
05990             case SIG_RSA_SHA384:
05991                 sha4( message_str, msg_len, hash_result, 1 );
05992                 break;
05993             case SIG_RSA_SHA512:
05994                 sha4( message_str, msg_len, hash_result, 0 );
05995                 break;
05996         #endif
05997             }
05998         
05999             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06000             if( 0 == 0 )
06001             {
06002                 hexify( output_str, output, ctx.len);
06003         
06004                 fct_chk( strcasecmp( (char *) output_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" ) == 0 );
06005             }
06006         
06007             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06008         }
06009         FCT_TEST_END();
06010 
06011 
06012         FCT_TEST_BGN(rsassa_pss_signature_example_1_3_verify)
06013         {
06014             unsigned char message_str[1000];
06015             unsigned char hash_result[1000];
06016             unsigned char result_str[1000];
06017             rsa_context ctx;
06018             size_t msg_len;
06019         
06020             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06021             memset( message_str, 0x00, 1000 );
06022             memset( hash_result, 0x00, 1000 );
06023             memset( result_str, 0x00, 1000 );
06024         
06025             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06026             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06027             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06028         
06029             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06030         
06031             msg_len = unhexify( message_str, "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c745e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef416971338e7d470" );
06032             unhexify( result_str, "666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1" );
06033         
06034             switch( SIG_RSA_SHA1 )
06035             {
06036         #ifdef POLARSSL_MD2_C
06037             case SIG_RSA_MD2:
06038                 md2( message_str, msg_len, hash_result );
06039                 break;
06040         #endif
06041         #ifdef POLARSSL_MD4_C
06042             case SIG_RSA_MD4:
06043                 md4( message_str, msg_len, hash_result );
06044                 break;
06045         #endif
06046         #ifdef POLARSSL_MD5_C
06047             case SIG_RSA_MD5:
06048                 md5( message_str, msg_len, hash_result );
06049                 break;
06050         #endif
06051         #ifdef POLARSSL_SHA1_C
06052             case SIG_RSA_SHA1:
06053                 sha1( message_str, msg_len, hash_result );
06054                 break;
06055         #endif
06056         #ifdef POLARSSL_SHA2_C
06057             case SIG_RSA_SHA224:
06058                 sha2( message_str, msg_len, hash_result, 1 );
06059                 break;
06060             case SIG_RSA_SHA256:
06061                 sha2( message_str, msg_len, hash_result, 0 );
06062                 break;
06063         #endif
06064         #ifdef POLARSSL_SHA4_C
06065             case SIG_RSA_SHA384:
06066                 sha4( message_str, msg_len, hash_result, 1 );
06067                 break;
06068             case SIG_RSA_SHA512:
06069                 sha4( message_str, msg_len, hash_result, 0 );
06070                 break;
06071         #endif
06072             }
06073         
06074             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06075         }
06076         FCT_TEST_END();
06077 
06078 
06079         FCT_TEST_BGN(rsassa_pss_signature_example_1_4)
06080         {
06081             unsigned char message_str[1000];
06082             unsigned char hash_result[1000];
06083             unsigned char output[1000];
06084             unsigned char output_str[1000];
06085             unsigned char rnd_buf[1000];
06086             rsa_context ctx;
06087             mpi P1, Q1, H, G;
06088             size_t msg_len;
06089             rnd_buf_info info;
06090         
06091             info.length = unhexify( rnd_buf, "056f00985de14d8ef5cea9e82f8c27bef720335e" );
06092             info.buf = rnd_buf;
06093         
06094             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06095             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06096         
06097             memset( message_str, 0x00, 1000 );
06098             memset( hash_result, 0x00, 1000 );
06099             memset( output, 0x00, 1000 );
06100             memset( output_str, 0x00, 1000 );
06101         
06102             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06103             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
06104             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
06105             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06106             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06107         
06108             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06109             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06110             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06111             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06112             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06113             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06114             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06115             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06116         
06117             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06118         
06119             msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
06120         
06121             switch( SIG_RSA_SHA1 )
06122             {
06123         #ifdef POLARSSL_MD2_C
06124             case SIG_RSA_MD2:
06125                 md2( message_str, msg_len, hash_result );
06126                 break;
06127         #endif
06128         #ifdef POLARSSL_MD4_C
06129             case SIG_RSA_MD4:
06130                 md4( message_str, msg_len, hash_result );
06131                 break;
06132         #endif
06133         #ifdef POLARSSL_MD5_C
06134             case SIG_RSA_MD5:
06135                 md5( message_str, msg_len, hash_result );
06136                 break;
06137         #endif
06138         #ifdef POLARSSL_SHA1_C
06139             case SIG_RSA_SHA1:
06140                 sha1( message_str, msg_len, hash_result );
06141                 break;
06142         #endif
06143         #ifdef POLARSSL_SHA2_C
06144             case SIG_RSA_SHA224:
06145                 sha2( message_str, msg_len, hash_result, 1 );
06146                 break;
06147             case SIG_RSA_SHA256:
06148                 sha2( message_str, msg_len, hash_result, 0 );
06149                 break;
06150         #endif
06151         #ifdef POLARSSL_SHA4_C
06152             case SIG_RSA_SHA384:
06153                 sha4( message_str, msg_len, hash_result, 1 );
06154                 break;
06155             case SIG_RSA_SHA512:
06156                 sha4( message_str, msg_len, hash_result, 0 );
06157                 break;
06158         #endif
06159             }
06160         
06161             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06162             if( 0 == 0 )
06163             {
06164                 hexify( output_str, output, ctx.len);
06165         
06166                 fct_chk( strcasecmp( (char *) output_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" ) == 0 );
06167             }
06168         
06169             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06170         }
06171         FCT_TEST_END();
06172 
06173 
06174         FCT_TEST_BGN(rsassa_pss_signature_example_1_4_verify)
06175         {
06176             unsigned char message_str[1000];
06177             unsigned char hash_result[1000];
06178             unsigned char result_str[1000];
06179             rsa_context ctx;
06180             size_t msg_len;
06181         
06182             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06183             memset( message_str, 0x00, 1000 );
06184             memset( hash_result, 0x00, 1000 );
06185             memset( result_str, 0x00, 1000 );
06186         
06187             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06188             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06189             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06190         
06191             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06192         
06193             msg_len = unhexify( message_str, "bc656747fa9eafb3f0" );
06194             unhexify( result_str, "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" );
06195         
06196             switch( SIG_RSA_SHA1 )
06197             {
06198         #ifdef POLARSSL_MD2_C
06199             case SIG_RSA_MD2:
06200                 md2( message_str, msg_len, hash_result );
06201                 break;
06202         #endif
06203         #ifdef POLARSSL_MD4_C
06204             case SIG_RSA_MD4:
06205                 md4( message_str, msg_len, hash_result );
06206                 break;
06207         #endif
06208         #ifdef POLARSSL_MD5_C
06209             case SIG_RSA_MD5:
06210                 md5( message_str, msg_len, hash_result );
06211                 break;
06212         #endif
06213         #ifdef POLARSSL_SHA1_C
06214             case SIG_RSA_SHA1:
06215                 sha1( message_str, msg_len, hash_result );
06216                 break;
06217         #endif
06218         #ifdef POLARSSL_SHA2_C
06219             case SIG_RSA_SHA224:
06220                 sha2( message_str, msg_len, hash_result, 1 );
06221                 break;
06222             case SIG_RSA_SHA256:
06223                 sha2( message_str, msg_len, hash_result, 0 );
06224                 break;
06225         #endif
06226         #ifdef POLARSSL_SHA4_C
06227             case SIG_RSA_SHA384:
06228                 sha4( message_str, msg_len, hash_result, 1 );
06229                 break;
06230             case SIG_RSA_SHA512:
06231                 sha4( message_str, msg_len, hash_result, 0 );
06232                 break;
06233         #endif
06234             }
06235         
06236             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06237         }
06238         FCT_TEST_END();
06239 
06240 
06241         FCT_TEST_BGN(rsassa_pss_signature_example_1_5)
06242         {
06243             unsigned char message_str[1000];
06244             unsigned char hash_result[1000];
06245             unsigned char output[1000];
06246             unsigned char output_str[1000];
06247             unsigned char rnd_buf[1000];
06248             rsa_context ctx;
06249             mpi P1, Q1, H, G;
06250             size_t msg_len;
06251             rnd_buf_info info;
06252         
06253             info.length = unhexify( rnd_buf, "80e70ff86a08de3ec60972b39b4fbfdcea67ae8e" );
06254             info.buf = rnd_buf;
06255         
06256             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06257             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06258         
06259             memset( message_str, 0x00, 1000 );
06260             memset( hash_result, 0x00, 1000 );
06261             memset( output, 0x00, 1000 );
06262             memset( output_str, 0x00, 1000 );
06263         
06264             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06265             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
06266             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
06267             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06268             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06269         
06270             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06271             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06272             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06273             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06274             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06275             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06276             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06277             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06278         
06279             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06280         
06281             msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
06282         
06283             switch( SIG_RSA_SHA1 )
06284             {
06285         #ifdef POLARSSL_MD2_C
06286             case SIG_RSA_MD2:
06287                 md2( message_str, msg_len, hash_result );
06288                 break;
06289         #endif
06290         #ifdef POLARSSL_MD4_C
06291             case SIG_RSA_MD4:
06292                 md4( message_str, msg_len, hash_result );
06293                 break;
06294         #endif
06295         #ifdef POLARSSL_MD5_C
06296             case SIG_RSA_MD5:
06297                 md5( message_str, msg_len, hash_result );
06298                 break;
06299         #endif
06300         #ifdef POLARSSL_SHA1_C
06301             case SIG_RSA_SHA1:
06302                 sha1( message_str, msg_len, hash_result );
06303                 break;
06304         #endif
06305         #ifdef POLARSSL_SHA2_C
06306             case SIG_RSA_SHA224:
06307                 sha2( message_str, msg_len, hash_result, 1 );
06308                 break;
06309             case SIG_RSA_SHA256:
06310                 sha2( message_str, msg_len, hash_result, 0 );
06311                 break;
06312         #endif
06313         #ifdef POLARSSL_SHA4_C
06314             case SIG_RSA_SHA384:
06315                 sha4( message_str, msg_len, hash_result, 1 );
06316                 break;
06317             case SIG_RSA_SHA512:
06318                 sha4( message_str, msg_len, hash_result, 0 );
06319                 break;
06320         #endif
06321             }
06322         
06323             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06324             if( 0 == 0 )
06325             {
06326                 hexify( output_str, output, ctx.len);
06327         
06328                 fct_chk( strcasecmp( (char *) output_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" ) == 0 );
06329             }
06330         
06331             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06332         }
06333         FCT_TEST_END();
06334 
06335 
06336         FCT_TEST_BGN(rsassa_pss_signature_example_1_5_verify)
06337         {
06338             unsigned char message_str[1000];
06339             unsigned char hash_result[1000];
06340             unsigned char result_str[1000];
06341             rsa_context ctx;
06342             size_t msg_len;
06343         
06344             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06345             memset( message_str, 0x00, 1000 );
06346             memset( hash_result, 0x00, 1000 );
06347             memset( result_str, 0x00, 1000 );
06348         
06349             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06350             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06351             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06352         
06353             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06354         
06355             msg_len = unhexify( message_str, "b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4" );
06356             unhexify( result_str, "1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad" );
06357         
06358             switch( SIG_RSA_SHA1 )
06359             {
06360         #ifdef POLARSSL_MD2_C
06361             case SIG_RSA_MD2:
06362                 md2( message_str, msg_len, hash_result );
06363                 break;
06364         #endif
06365         #ifdef POLARSSL_MD4_C
06366             case SIG_RSA_MD4:
06367                 md4( message_str, msg_len, hash_result );
06368                 break;
06369         #endif
06370         #ifdef POLARSSL_MD5_C
06371             case SIG_RSA_MD5:
06372                 md5( message_str, msg_len, hash_result );
06373                 break;
06374         #endif
06375         #ifdef POLARSSL_SHA1_C
06376             case SIG_RSA_SHA1:
06377                 sha1( message_str, msg_len, hash_result );
06378                 break;
06379         #endif
06380         #ifdef POLARSSL_SHA2_C
06381             case SIG_RSA_SHA224:
06382                 sha2( message_str, msg_len, hash_result, 1 );
06383                 break;
06384             case SIG_RSA_SHA256:
06385                 sha2( message_str, msg_len, hash_result, 0 );
06386                 break;
06387         #endif
06388         #ifdef POLARSSL_SHA4_C
06389             case SIG_RSA_SHA384:
06390                 sha4( message_str, msg_len, hash_result, 1 );
06391                 break;
06392             case SIG_RSA_SHA512:
06393                 sha4( message_str, msg_len, hash_result, 0 );
06394                 break;
06395         #endif
06396             }
06397         
06398             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06399         }
06400         FCT_TEST_END();
06401 
06402 
06403         FCT_TEST_BGN(rsassa_pss_signature_example_1_6)
06404         {
06405             unsigned char message_str[1000];
06406             unsigned char hash_result[1000];
06407             unsigned char output[1000];
06408             unsigned char output_str[1000];
06409             unsigned char rnd_buf[1000];
06410             rsa_context ctx;
06411             mpi P1, Q1, H, G;
06412             size_t msg_len;
06413             rnd_buf_info info;
06414         
06415             info.length = unhexify( rnd_buf, "a8ab69dd801f0074c2a1fc60649836c616d99681" );
06416             info.buf = rnd_buf;
06417         
06418             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06419             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06420         
06421             memset( message_str, 0x00, 1000 );
06422             memset( hash_result, 0x00, 1000 );
06423             memset( output, 0x00, 1000 );
06424             memset( output_str, 0x00, 1000 );
06425         
06426             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06427             fct_chk( mpi_read_string( &ctx.P, 16, "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443" ) == 0 );
06428             fct_chk( mpi_read_string( &ctx.Q, 16, "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd" ) == 0 );
06429             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06430             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06431         
06432             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06433             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06434             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06435             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06436             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06437             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06438             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06439             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06440         
06441             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06442         
06443             msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
06444         
06445             switch( SIG_RSA_SHA1 )
06446             {
06447         #ifdef POLARSSL_MD2_C
06448             case SIG_RSA_MD2:
06449                 md2( message_str, msg_len, hash_result );
06450                 break;
06451         #endif
06452         #ifdef POLARSSL_MD4_C
06453             case SIG_RSA_MD4:
06454                 md4( message_str, msg_len, hash_result );
06455                 break;
06456         #endif
06457         #ifdef POLARSSL_MD5_C
06458             case SIG_RSA_MD5:
06459                 md5( message_str, msg_len, hash_result );
06460                 break;
06461         #endif
06462         #ifdef POLARSSL_SHA1_C
06463             case SIG_RSA_SHA1:
06464                 sha1( message_str, msg_len, hash_result );
06465                 break;
06466         #endif
06467         #ifdef POLARSSL_SHA2_C
06468             case SIG_RSA_SHA224:
06469                 sha2( message_str, msg_len, hash_result, 1 );
06470                 break;
06471             case SIG_RSA_SHA256:
06472                 sha2( message_str, msg_len, hash_result, 0 );
06473                 break;
06474         #endif
06475         #ifdef POLARSSL_SHA4_C
06476             case SIG_RSA_SHA384:
06477                 sha4( message_str, msg_len, hash_result, 1 );
06478                 break;
06479             case SIG_RSA_SHA512:
06480                 sha4( message_str, msg_len, hash_result, 0 );
06481                 break;
06482         #endif
06483             }
06484         
06485             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06486             if( 0 == 0 )
06487             {
06488                 hexify( output_str, output, ctx.len);
06489         
06490                 fct_chk( strcasecmp( (char *) output_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" ) == 0 );
06491             }
06492         
06493             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06494         }
06495         FCT_TEST_END();
06496 
06497 
06498         FCT_TEST_BGN(rsassa_pss_signature_example_1_6_verify)
06499         {
06500             unsigned char message_str[1000];
06501             unsigned char hash_result[1000];
06502             unsigned char result_str[1000];
06503             rsa_context ctx;
06504             size_t msg_len;
06505         
06506             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06507             memset( message_str, 0x00, 1000 );
06508             memset( hash_result, 0x00, 1000 );
06509             memset( result_str, 0x00, 1000 );
06510         
06511             ctx.len = 1024 / 8 + ( ( 1024 % 8 ) ? 1 : 0 );
06512             fct_chk( mpi_read_string( &ctx.N, 16, "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137" ) == 0 );
06513             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06514         
06515             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06516         
06517             msg_len = unhexify( message_str, "10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b705a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb8794c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6138d144f8ce4e2da73" );
06518             unhexify( result_str, "2a34f6125e1f6b0bf971e84fbd41c632be8f2c2ace7de8b6926e31ff93e9af987fbc06e51e9be14f5198f91f3f953bd67da60a9df59764c3dc0fe08e1cbef0b75f868d10ad3fba749fef59fb6dac46a0d6e504369331586f58e4628f39aa278982543bc0eeb537dc61958019b394fb273f215858a0a01ac4d650b955c67f4c58" );
06519         
06520             switch( SIG_RSA_SHA1 )
06521             {
06522         #ifdef POLARSSL_MD2_C
06523             case SIG_RSA_MD2:
06524                 md2( message_str, msg_len, hash_result );
06525                 break;
06526         #endif
06527         #ifdef POLARSSL_MD4_C
06528             case SIG_RSA_MD4:
06529                 md4( message_str, msg_len, hash_result );
06530                 break;
06531         #endif
06532         #ifdef POLARSSL_MD5_C
06533             case SIG_RSA_MD5:
06534                 md5( message_str, msg_len, hash_result );
06535                 break;
06536         #endif
06537         #ifdef POLARSSL_SHA1_C
06538             case SIG_RSA_SHA1:
06539                 sha1( message_str, msg_len, hash_result );
06540                 break;
06541         #endif
06542         #ifdef POLARSSL_SHA2_C
06543             case SIG_RSA_SHA224:
06544                 sha2( message_str, msg_len, hash_result, 1 );
06545                 break;
06546             case SIG_RSA_SHA256:
06547                 sha2( message_str, msg_len, hash_result, 0 );
06548                 break;
06549         #endif
06550         #ifdef POLARSSL_SHA4_C
06551             case SIG_RSA_SHA384:
06552                 sha4( message_str, msg_len, hash_result, 1 );
06553                 break;
06554             case SIG_RSA_SHA512:
06555                 sha4( message_str, msg_len, hash_result, 0 );
06556                 break;
06557         #endif
06558             }
06559         
06560             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06561         }
06562         FCT_TEST_END();
06563 
06564 
06565         FCT_TEST_BGN(rsassa_pss_signature_example_2_1)
06566         {
06567             unsigned char message_str[1000];
06568             unsigned char hash_result[1000];
06569             unsigned char output[1000];
06570             unsigned char output_str[1000];
06571             unsigned char rnd_buf[1000];
06572             rsa_context ctx;
06573             mpi P1, Q1, H, G;
06574             size_t msg_len;
06575             rnd_buf_info info;
06576         
06577             info.length = unhexify( rnd_buf, "57bf160bcb02bb1dc7280cf0458530b7d2832ff7" );
06578             info.buf = rnd_buf;
06579         
06580             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06581             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06582         
06583             memset( message_str, 0x00, 1000 );
06584             memset( hash_result, 0x00, 1000 );
06585             memset( output, 0x00, 1000 );
06586             memset( output_str, 0x00, 1000 );
06587         
06588             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06589             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
06590             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
06591             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06592             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06593         
06594             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06595             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06596             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06597             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06598             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06599             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06600             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06601             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06602         
06603             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06604         
06605             msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
06606         
06607             switch( SIG_RSA_SHA1 )
06608             {
06609         #ifdef POLARSSL_MD2_C
06610             case SIG_RSA_MD2:
06611                 md2( message_str, msg_len, hash_result );
06612                 break;
06613         #endif
06614         #ifdef POLARSSL_MD4_C
06615             case SIG_RSA_MD4:
06616                 md4( message_str, msg_len, hash_result );
06617                 break;
06618         #endif
06619         #ifdef POLARSSL_MD5_C
06620             case SIG_RSA_MD5:
06621                 md5( message_str, msg_len, hash_result );
06622                 break;
06623         #endif
06624         #ifdef POLARSSL_SHA1_C
06625             case SIG_RSA_SHA1:
06626                 sha1( message_str, msg_len, hash_result );
06627                 break;
06628         #endif
06629         #ifdef POLARSSL_SHA2_C
06630             case SIG_RSA_SHA224:
06631                 sha2( message_str, msg_len, hash_result, 1 );
06632                 break;
06633             case SIG_RSA_SHA256:
06634                 sha2( message_str, msg_len, hash_result, 0 );
06635                 break;
06636         #endif
06637         #ifdef POLARSSL_SHA4_C
06638             case SIG_RSA_SHA384:
06639                 sha4( message_str, msg_len, hash_result, 1 );
06640                 break;
06641             case SIG_RSA_SHA512:
06642                 sha4( message_str, msg_len, hash_result, 0 );
06643                 break;
06644         #endif
06645             }
06646         
06647             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06648             if( 0 == 0 )
06649             {
06650                 hexify( output_str, output, ctx.len);
06651         
06652                 fct_chk( strcasecmp( (char *) output_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" ) == 0 );
06653             }
06654         
06655             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06656         }
06657         FCT_TEST_END();
06658 
06659 
06660         FCT_TEST_BGN(rsassa_pss_signature_example_2_1_verify)
06661         {
06662             unsigned char message_str[1000];
06663             unsigned char hash_result[1000];
06664             unsigned char result_str[1000];
06665             rsa_context ctx;
06666             size_t msg_len;
06667         
06668             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06669             memset( message_str, 0x00, 1000 );
06670             memset( hash_result, 0x00, 1000 );
06671             memset( result_str, 0x00, 1000 );
06672         
06673             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06674             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06675             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06676         
06677             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06678         
06679             msg_len = unhexify( message_str, "daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360" );
06680             unhexify( result_str, "014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3" );
06681         
06682             switch( SIG_RSA_SHA1 )
06683             {
06684         #ifdef POLARSSL_MD2_C
06685             case SIG_RSA_MD2:
06686                 md2( message_str, msg_len, hash_result );
06687                 break;
06688         #endif
06689         #ifdef POLARSSL_MD4_C
06690             case SIG_RSA_MD4:
06691                 md4( message_str, msg_len, hash_result );
06692                 break;
06693         #endif
06694         #ifdef POLARSSL_MD5_C
06695             case SIG_RSA_MD5:
06696                 md5( message_str, msg_len, hash_result );
06697                 break;
06698         #endif
06699         #ifdef POLARSSL_SHA1_C
06700             case SIG_RSA_SHA1:
06701                 sha1( message_str, msg_len, hash_result );
06702                 break;
06703         #endif
06704         #ifdef POLARSSL_SHA2_C
06705             case SIG_RSA_SHA224:
06706                 sha2( message_str, msg_len, hash_result, 1 );
06707                 break;
06708             case SIG_RSA_SHA256:
06709                 sha2( message_str, msg_len, hash_result, 0 );
06710                 break;
06711         #endif
06712         #ifdef POLARSSL_SHA4_C
06713             case SIG_RSA_SHA384:
06714                 sha4( message_str, msg_len, hash_result, 1 );
06715                 break;
06716             case SIG_RSA_SHA512:
06717                 sha4( message_str, msg_len, hash_result, 0 );
06718                 break;
06719         #endif
06720             }
06721         
06722             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06723         }
06724         FCT_TEST_END();
06725 
06726 
06727         FCT_TEST_BGN(rsassa_pss_signature_example_2_2)
06728         {
06729             unsigned char message_str[1000];
06730             unsigned char hash_result[1000];
06731             unsigned char output[1000];
06732             unsigned char output_str[1000];
06733             unsigned char rnd_buf[1000];
06734             rsa_context ctx;
06735             mpi P1, Q1, H, G;
06736             size_t msg_len;
06737             rnd_buf_info info;
06738         
06739             info.length = unhexify( rnd_buf, "7f6dd359e604e60870e898e47b19bf2e5a7b2a90" );
06740             info.buf = rnd_buf;
06741         
06742             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06743             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06744         
06745             memset( message_str, 0x00, 1000 );
06746             memset( hash_result, 0x00, 1000 );
06747             memset( output, 0x00, 1000 );
06748             memset( output_str, 0x00, 1000 );
06749         
06750             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06751             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
06752             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
06753             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06754             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06755         
06756             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06757             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06758             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06759             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06760             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06761             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06762             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06763             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06764         
06765             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06766         
06767             msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
06768         
06769             switch( SIG_RSA_SHA1 )
06770             {
06771         #ifdef POLARSSL_MD2_C
06772             case SIG_RSA_MD2:
06773                 md2( message_str, msg_len, hash_result );
06774                 break;
06775         #endif
06776         #ifdef POLARSSL_MD4_C
06777             case SIG_RSA_MD4:
06778                 md4( message_str, msg_len, hash_result );
06779                 break;
06780         #endif
06781         #ifdef POLARSSL_MD5_C
06782             case SIG_RSA_MD5:
06783                 md5( message_str, msg_len, hash_result );
06784                 break;
06785         #endif
06786         #ifdef POLARSSL_SHA1_C
06787             case SIG_RSA_SHA1:
06788                 sha1( message_str, msg_len, hash_result );
06789                 break;
06790         #endif
06791         #ifdef POLARSSL_SHA2_C
06792             case SIG_RSA_SHA224:
06793                 sha2( message_str, msg_len, hash_result, 1 );
06794                 break;
06795             case SIG_RSA_SHA256:
06796                 sha2( message_str, msg_len, hash_result, 0 );
06797                 break;
06798         #endif
06799         #ifdef POLARSSL_SHA4_C
06800             case SIG_RSA_SHA384:
06801                 sha4( message_str, msg_len, hash_result, 1 );
06802                 break;
06803             case SIG_RSA_SHA512:
06804                 sha4( message_str, msg_len, hash_result, 0 );
06805                 break;
06806         #endif
06807             }
06808         
06809             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06810             if( 0 == 0 )
06811             {
06812                 hexify( output_str, output, ctx.len);
06813         
06814                 fct_chk( strcasecmp( (char *) output_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" ) == 0 );
06815             }
06816         
06817             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06818         }
06819         FCT_TEST_END();
06820 
06821 
06822         FCT_TEST_BGN(rsassa_pss_signature_example_2_2_verify)
06823         {
06824             unsigned char message_str[1000];
06825             unsigned char hash_result[1000];
06826             unsigned char result_str[1000];
06827             rsa_context ctx;
06828             size_t msg_len;
06829         
06830             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06831             memset( message_str, 0x00, 1000 );
06832             memset( hash_result, 0x00, 1000 );
06833             memset( result_str, 0x00, 1000 );
06834         
06835             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06836             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06837             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06838         
06839             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
06840         
06841             msg_len = unhexify( message_str, "e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe" );
06842             unhexify( result_str, "010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea" );
06843         
06844             switch( SIG_RSA_SHA1 )
06845             {
06846         #ifdef POLARSSL_MD2_C
06847             case SIG_RSA_MD2:
06848                 md2( message_str, msg_len, hash_result );
06849                 break;
06850         #endif
06851         #ifdef POLARSSL_MD4_C
06852             case SIG_RSA_MD4:
06853                 md4( message_str, msg_len, hash_result );
06854                 break;
06855         #endif
06856         #ifdef POLARSSL_MD5_C
06857             case SIG_RSA_MD5:
06858                 md5( message_str, msg_len, hash_result );
06859                 break;
06860         #endif
06861         #ifdef POLARSSL_SHA1_C
06862             case SIG_RSA_SHA1:
06863                 sha1( message_str, msg_len, hash_result );
06864                 break;
06865         #endif
06866         #ifdef POLARSSL_SHA2_C
06867             case SIG_RSA_SHA224:
06868                 sha2( message_str, msg_len, hash_result, 1 );
06869                 break;
06870             case SIG_RSA_SHA256:
06871                 sha2( message_str, msg_len, hash_result, 0 );
06872                 break;
06873         #endif
06874         #ifdef POLARSSL_SHA4_C
06875             case SIG_RSA_SHA384:
06876                 sha4( message_str, msg_len, hash_result, 1 );
06877                 break;
06878             case SIG_RSA_SHA512:
06879                 sha4( message_str, msg_len, hash_result, 0 );
06880                 break;
06881         #endif
06882             }
06883         
06884             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
06885         }
06886         FCT_TEST_END();
06887 
06888 
06889         FCT_TEST_BGN(rsassa_pss_signature_example_2_3)
06890         {
06891             unsigned char message_str[1000];
06892             unsigned char hash_result[1000];
06893             unsigned char output[1000];
06894             unsigned char output_str[1000];
06895             unsigned char rnd_buf[1000];
06896             rsa_context ctx;
06897             mpi P1, Q1, H, G;
06898             size_t msg_len;
06899             rnd_buf_info info;
06900         
06901             info.length = unhexify( rnd_buf, "fca862068bce2246724b708a0519da17e648688c" );
06902             info.buf = rnd_buf;
06903         
06904             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
06905             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06906         
06907             memset( message_str, 0x00, 1000 );
06908             memset( hash_result, 0x00, 1000 );
06909             memset( output, 0x00, 1000 );
06910             memset( output_str, 0x00, 1000 );
06911         
06912             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06913             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
06914             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
06915             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06916             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
06917         
06918             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
06919             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
06920             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
06921             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
06922             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
06923             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
06924             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
06925             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
06926         
06927             fct_chk( rsa_check_privkey( &ctx ) == 0 );
06928         
06929             msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
06930         
06931             switch( SIG_RSA_SHA1 )
06932             {
06933         #ifdef POLARSSL_MD2_C
06934             case SIG_RSA_MD2:
06935                 md2( message_str, msg_len, hash_result );
06936                 break;
06937         #endif
06938         #ifdef POLARSSL_MD4_C
06939             case SIG_RSA_MD4:
06940                 md4( message_str, msg_len, hash_result );
06941                 break;
06942         #endif
06943         #ifdef POLARSSL_MD5_C
06944             case SIG_RSA_MD5:
06945                 md5( message_str, msg_len, hash_result );
06946                 break;
06947         #endif
06948         #ifdef POLARSSL_SHA1_C
06949             case SIG_RSA_SHA1:
06950                 sha1( message_str, msg_len, hash_result );
06951                 break;
06952         #endif
06953         #ifdef POLARSSL_SHA2_C
06954             case SIG_RSA_SHA224:
06955                 sha2( message_str, msg_len, hash_result, 1 );
06956                 break;
06957             case SIG_RSA_SHA256:
06958                 sha2( message_str, msg_len, hash_result, 0 );
06959                 break;
06960         #endif
06961         #ifdef POLARSSL_SHA4_C
06962             case SIG_RSA_SHA384:
06963                 sha4( message_str, msg_len, hash_result, 1 );
06964                 break;
06965             case SIG_RSA_SHA512:
06966                 sha4( message_str, msg_len, hash_result, 0 );
06967                 break;
06968         #endif
06969             }
06970         
06971             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
06972             if( 0 == 0 )
06973             {
06974                 hexify( output_str, output, ctx.len);
06975         
06976                 fct_chk( strcasecmp( (char *) output_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" ) == 0 );
06977             }
06978         
06979             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
06980         }
06981         FCT_TEST_END();
06982 
06983 
06984         FCT_TEST_BGN(rsassa_pss_signature_example_2_3_verify)
06985         {
06986             unsigned char message_str[1000];
06987             unsigned char hash_result[1000];
06988             unsigned char result_str[1000];
06989             rsa_context ctx;
06990             size_t msg_len;
06991         
06992             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
06993             memset( message_str, 0x00, 1000 );
06994             memset( hash_result, 0x00, 1000 );
06995             memset( result_str, 0x00, 1000 );
06996         
06997             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
06998             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
06999             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07000         
07001             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07002         
07003             msg_len = unhexify( message_str, "52a1d96c8ac39e41e455809801b927a5b445c10d902a0dcd3850d22a66d2bb0703e67d5867114595aabf5a7aeb5a8f87034bbb30e13cfd4817a9be76230023606d0286a3faf8a4d22b728ec518079f9e64526e3a0cc7941aa338c437997c680ccac67c66bfa1" );
07004             unhexify( result_str, "007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4" );
07005         
07006             switch( SIG_RSA_SHA1 )
07007             {
07008         #ifdef POLARSSL_MD2_C
07009             case SIG_RSA_MD2:
07010                 md2( message_str, msg_len, hash_result );
07011                 break;
07012         #endif
07013         #ifdef POLARSSL_MD4_C
07014             case SIG_RSA_MD4:
07015                 md4( message_str, msg_len, hash_result );
07016                 break;
07017         #endif
07018         #ifdef POLARSSL_MD5_C
07019             case SIG_RSA_MD5:
07020                 md5( message_str, msg_len, hash_result );
07021                 break;
07022         #endif
07023         #ifdef POLARSSL_SHA1_C
07024             case SIG_RSA_SHA1:
07025                 sha1( message_str, msg_len, hash_result );
07026                 break;
07027         #endif
07028         #ifdef POLARSSL_SHA2_C
07029             case SIG_RSA_SHA224:
07030                 sha2( message_str, msg_len, hash_result, 1 );
07031                 break;
07032             case SIG_RSA_SHA256:
07033                 sha2( message_str, msg_len, hash_result, 0 );
07034                 break;
07035         #endif
07036         #ifdef POLARSSL_SHA4_C
07037             case SIG_RSA_SHA384:
07038                 sha4( message_str, msg_len, hash_result, 1 );
07039                 break;
07040             case SIG_RSA_SHA512:
07041                 sha4( message_str, msg_len, hash_result, 0 );
07042                 break;
07043         #endif
07044             }
07045         
07046             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07047         }
07048         FCT_TEST_END();
07049 
07050 
07051         FCT_TEST_BGN(rsassa_pss_signature_example_2_4)
07052         {
07053             unsigned char message_str[1000];
07054             unsigned char hash_result[1000];
07055             unsigned char output[1000];
07056             unsigned char output_str[1000];
07057             unsigned char rnd_buf[1000];
07058             rsa_context ctx;
07059             mpi P1, Q1, H, G;
07060             size_t msg_len;
07061             rnd_buf_info info;
07062         
07063             info.length = unhexify( rnd_buf, "8070ef2de945c02387684ba0d33096732235d440" );
07064             info.buf = rnd_buf;
07065         
07066             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07067             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07068         
07069             memset( message_str, 0x00, 1000 );
07070             memset( hash_result, 0x00, 1000 );
07071             memset( output, 0x00, 1000 );
07072             memset( output_str, 0x00, 1000 );
07073         
07074             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07075             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
07076             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
07077             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07078             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07079         
07080             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07081             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07082             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07083             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07084             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07085             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07086             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07087             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07088         
07089             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07090         
07091             msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
07092         
07093             switch( SIG_RSA_SHA1 )
07094             {
07095         #ifdef POLARSSL_MD2_C
07096             case SIG_RSA_MD2:
07097                 md2( message_str, msg_len, hash_result );
07098                 break;
07099         #endif
07100         #ifdef POLARSSL_MD4_C
07101             case SIG_RSA_MD4:
07102                 md4( message_str, msg_len, hash_result );
07103                 break;
07104         #endif
07105         #ifdef POLARSSL_MD5_C
07106             case SIG_RSA_MD5:
07107                 md5( message_str, msg_len, hash_result );
07108                 break;
07109         #endif
07110         #ifdef POLARSSL_SHA1_C
07111             case SIG_RSA_SHA1:
07112                 sha1( message_str, msg_len, hash_result );
07113                 break;
07114         #endif
07115         #ifdef POLARSSL_SHA2_C
07116             case SIG_RSA_SHA224:
07117                 sha2( message_str, msg_len, hash_result, 1 );
07118                 break;
07119             case SIG_RSA_SHA256:
07120                 sha2( message_str, msg_len, hash_result, 0 );
07121                 break;
07122         #endif
07123         #ifdef POLARSSL_SHA4_C
07124             case SIG_RSA_SHA384:
07125                 sha4( message_str, msg_len, hash_result, 1 );
07126                 break;
07127             case SIG_RSA_SHA512:
07128                 sha4( message_str, msg_len, hash_result, 0 );
07129                 break;
07130         #endif
07131             }
07132         
07133             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07134             if( 0 == 0 )
07135             {
07136                 hexify( output_str, output, ctx.len);
07137         
07138                 fct_chk( strcasecmp( (char *) output_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" ) == 0 );
07139             }
07140         
07141             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07142         }
07143         FCT_TEST_END();
07144 
07145 
07146         FCT_TEST_BGN(rsassa_pss_signature_example_2_4_verify)
07147         {
07148             unsigned char message_str[1000];
07149             unsigned char hash_result[1000];
07150             unsigned char result_str[1000];
07151             rsa_context ctx;
07152             size_t msg_len;
07153         
07154             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07155             memset( message_str, 0x00, 1000 );
07156             memset( hash_result, 0x00, 1000 );
07157             memset( result_str, 0x00, 1000 );
07158         
07159             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07160             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07161             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07162         
07163             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07164         
07165             msg_len = unhexify( message_str, "a7182c83ac18be6570a106aa9d5c4e3dbbd4afaeb0c60c4a23e1969d79ff" );
07166             unhexify( result_str, "009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b" );
07167         
07168             switch( SIG_RSA_SHA1 )
07169             {
07170         #ifdef POLARSSL_MD2_C
07171             case SIG_RSA_MD2:
07172                 md2( message_str, msg_len, hash_result );
07173                 break;
07174         #endif
07175         #ifdef POLARSSL_MD4_C
07176             case SIG_RSA_MD4:
07177                 md4( message_str, msg_len, hash_result );
07178                 break;
07179         #endif
07180         #ifdef POLARSSL_MD5_C
07181             case SIG_RSA_MD5:
07182                 md5( message_str, msg_len, hash_result );
07183                 break;
07184         #endif
07185         #ifdef POLARSSL_SHA1_C
07186             case SIG_RSA_SHA1:
07187                 sha1( message_str, msg_len, hash_result );
07188                 break;
07189         #endif
07190         #ifdef POLARSSL_SHA2_C
07191             case SIG_RSA_SHA224:
07192                 sha2( message_str, msg_len, hash_result, 1 );
07193                 break;
07194             case SIG_RSA_SHA256:
07195                 sha2( message_str, msg_len, hash_result, 0 );
07196                 break;
07197         #endif
07198         #ifdef POLARSSL_SHA4_C
07199             case SIG_RSA_SHA384:
07200                 sha4( message_str, msg_len, hash_result, 1 );
07201                 break;
07202             case SIG_RSA_SHA512:
07203                 sha4( message_str, msg_len, hash_result, 0 );
07204                 break;
07205         #endif
07206             }
07207         
07208             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07209         }
07210         FCT_TEST_END();
07211 
07212 
07213         FCT_TEST_BGN(rsassa_pss_signature_example_2_5)
07214         {
07215             unsigned char message_str[1000];
07216             unsigned char hash_result[1000];
07217             unsigned char output[1000];
07218             unsigned char output_str[1000];
07219             unsigned char rnd_buf[1000];
07220             rsa_context ctx;
07221             mpi P1, Q1, H, G;
07222             size_t msg_len;
07223             rnd_buf_info info;
07224         
07225             info.length = unhexify( rnd_buf, "17639a4e88d722c4fca24d079a8b29c32433b0c9" );
07226             info.buf = rnd_buf;
07227         
07228             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07229             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07230         
07231             memset( message_str, 0x00, 1000 );
07232             memset( hash_result, 0x00, 1000 );
07233             memset( output, 0x00, 1000 );
07234             memset( output_str, 0x00, 1000 );
07235         
07236             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07237             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
07238             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
07239             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07240             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07241         
07242             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07243             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07244             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07245             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07246             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07247             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07248             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07249             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07250         
07251             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07252         
07253             msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
07254         
07255             switch( SIG_RSA_SHA1 )
07256             {
07257         #ifdef POLARSSL_MD2_C
07258             case SIG_RSA_MD2:
07259                 md2( message_str, msg_len, hash_result );
07260                 break;
07261         #endif
07262         #ifdef POLARSSL_MD4_C
07263             case SIG_RSA_MD4:
07264                 md4( message_str, msg_len, hash_result );
07265                 break;
07266         #endif
07267         #ifdef POLARSSL_MD5_C
07268             case SIG_RSA_MD5:
07269                 md5( message_str, msg_len, hash_result );
07270                 break;
07271         #endif
07272         #ifdef POLARSSL_SHA1_C
07273             case SIG_RSA_SHA1:
07274                 sha1( message_str, msg_len, hash_result );
07275                 break;
07276         #endif
07277         #ifdef POLARSSL_SHA2_C
07278             case SIG_RSA_SHA224:
07279                 sha2( message_str, msg_len, hash_result, 1 );
07280                 break;
07281             case SIG_RSA_SHA256:
07282                 sha2( message_str, msg_len, hash_result, 0 );
07283                 break;
07284         #endif
07285         #ifdef POLARSSL_SHA4_C
07286             case SIG_RSA_SHA384:
07287                 sha4( message_str, msg_len, hash_result, 1 );
07288                 break;
07289             case SIG_RSA_SHA512:
07290                 sha4( message_str, msg_len, hash_result, 0 );
07291                 break;
07292         #endif
07293             }
07294         
07295             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07296             if( 0 == 0 )
07297             {
07298                 hexify( output_str, output, ctx.len);
07299         
07300                 fct_chk( strcasecmp( (char *) output_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" ) == 0 );
07301             }
07302         
07303             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07304         }
07305         FCT_TEST_END();
07306 
07307 
07308         FCT_TEST_BGN(rsassa_pss_signature_example_2_5_verify)
07309         {
07310             unsigned char message_str[1000];
07311             unsigned char hash_result[1000];
07312             unsigned char result_str[1000];
07313             rsa_context ctx;
07314             size_t msg_len;
07315         
07316             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07317             memset( message_str, 0x00, 1000 );
07318             memset( hash_result, 0x00, 1000 );
07319             memset( result_str, 0x00, 1000 );
07320         
07321             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07322             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07323             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07324         
07325             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07326         
07327             msg_len = unhexify( message_str, "86a83d4a72ee932a4f5630af6579a386b78fe88999e0abd2d49034a4bfc854dd94f1094e2e8cd7a179d19588e4aefc1b1bd25e95e3dd461f" );
07328             unhexify( result_str, "00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf" );
07329         
07330             switch( SIG_RSA_SHA1 )
07331             {
07332         #ifdef POLARSSL_MD2_C
07333             case SIG_RSA_MD2:
07334                 md2( message_str, msg_len, hash_result );
07335                 break;
07336         #endif
07337         #ifdef POLARSSL_MD4_C
07338             case SIG_RSA_MD4:
07339                 md4( message_str, msg_len, hash_result );
07340                 break;
07341         #endif
07342         #ifdef POLARSSL_MD5_C
07343             case SIG_RSA_MD5:
07344                 md5( message_str, msg_len, hash_result );
07345                 break;
07346         #endif
07347         #ifdef POLARSSL_SHA1_C
07348             case SIG_RSA_SHA1:
07349                 sha1( message_str, msg_len, hash_result );
07350                 break;
07351         #endif
07352         #ifdef POLARSSL_SHA2_C
07353             case SIG_RSA_SHA224:
07354                 sha2( message_str, msg_len, hash_result, 1 );
07355                 break;
07356             case SIG_RSA_SHA256:
07357                 sha2( message_str, msg_len, hash_result, 0 );
07358                 break;
07359         #endif
07360         #ifdef POLARSSL_SHA4_C
07361             case SIG_RSA_SHA384:
07362                 sha4( message_str, msg_len, hash_result, 1 );
07363                 break;
07364             case SIG_RSA_SHA512:
07365                 sha4( message_str, msg_len, hash_result, 0 );
07366                 break;
07367         #endif
07368             }
07369         
07370             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07371         }
07372         FCT_TEST_END();
07373 
07374 
07375         FCT_TEST_BGN(rsassa_pss_signature_example_2_6)
07376         {
07377             unsigned char message_str[1000];
07378             unsigned char hash_result[1000];
07379             unsigned char output[1000];
07380             unsigned char output_str[1000];
07381             unsigned char rnd_buf[1000];
07382             rsa_context ctx;
07383             mpi P1, Q1, H, G;
07384             size_t msg_len;
07385             rnd_buf_info info;
07386         
07387             info.length = unhexify( rnd_buf, "37810def1055ed922b063df798de5d0aabf886ee" );
07388             info.buf = rnd_buf;
07389         
07390             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07391             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07392         
07393             memset( message_str, 0x00, 1000 );
07394             memset( hash_result, 0x00, 1000 );
07395             memset( output, 0x00, 1000 );
07396             memset( output_str, 0x00, 1000 );
07397         
07398             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07399             fct_chk( mpi_read_string( &ctx.P, 16, "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1" ) == 0 );
07400             fct_chk( mpi_read_string( &ctx.Q, 16, "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079" ) == 0 );
07401             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07402             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07403         
07404             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07405             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07406             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07407             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07408             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07409             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07410             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07411             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07412         
07413             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07414         
07415             msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
07416         
07417             switch( SIG_RSA_SHA1 )
07418             {
07419         #ifdef POLARSSL_MD2_C
07420             case SIG_RSA_MD2:
07421                 md2( message_str, msg_len, hash_result );
07422                 break;
07423         #endif
07424         #ifdef POLARSSL_MD4_C
07425             case SIG_RSA_MD4:
07426                 md4( message_str, msg_len, hash_result );
07427                 break;
07428         #endif
07429         #ifdef POLARSSL_MD5_C
07430             case SIG_RSA_MD5:
07431                 md5( message_str, msg_len, hash_result );
07432                 break;
07433         #endif
07434         #ifdef POLARSSL_SHA1_C
07435             case SIG_RSA_SHA1:
07436                 sha1( message_str, msg_len, hash_result );
07437                 break;
07438         #endif
07439         #ifdef POLARSSL_SHA2_C
07440             case SIG_RSA_SHA224:
07441                 sha2( message_str, msg_len, hash_result, 1 );
07442                 break;
07443             case SIG_RSA_SHA256:
07444                 sha2( message_str, msg_len, hash_result, 0 );
07445                 break;
07446         #endif
07447         #ifdef POLARSSL_SHA4_C
07448             case SIG_RSA_SHA384:
07449                 sha4( message_str, msg_len, hash_result, 1 );
07450                 break;
07451             case SIG_RSA_SHA512:
07452                 sha4( message_str, msg_len, hash_result, 0 );
07453                 break;
07454         #endif
07455             }
07456         
07457             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07458             if( 0 == 0 )
07459             {
07460                 hexify( output_str, output, ctx.len);
07461         
07462                 fct_chk( strcasecmp( (char *) output_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" ) == 0 );
07463             }
07464         
07465             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07466         }
07467         FCT_TEST_END();
07468 
07469 
07470         FCT_TEST_BGN(rsassa_pss_signature_example_2_6_verify)
07471         {
07472             unsigned char message_str[1000];
07473             unsigned char hash_result[1000];
07474             unsigned char result_str[1000];
07475             rsa_context ctx;
07476             size_t msg_len;
07477         
07478             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07479             memset( message_str, 0x00, 1000 );
07480             memset( hash_result, 0x00, 1000 );
07481             memset( result_str, 0x00, 1000 );
07482         
07483             ctx.len = 1025 / 8 + ( ( 1025 % 8 ) ? 1 : 0 );
07484             fct_chk( mpi_read_string( &ctx.N, 16, "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9" ) == 0 );
07485             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07486         
07487             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07488         
07489             msg_len = unhexify( message_str, "049f9154d871ac4a7c7ab45325ba7545a1ed08f70525b2667cf1" );
07490             unhexify( result_str, "00475b1648f814a8dc0abdc37b5527f543b666bb6e39d30e5b49d3b876dccc58eac14e32a2d55c2616014456ad2f246fc8e3d560da3ddf379a1c0bd200f10221df078c219a151bc8d4ec9d2fc2564467811014ef15d8ea01c2ebbff8c2c8efab38096e55fcbe3285c7aa558851254faffa92c1c72b78758663ef4582843139d7a6" );
07491         
07492             switch( SIG_RSA_SHA1 )
07493             {
07494         #ifdef POLARSSL_MD2_C
07495             case SIG_RSA_MD2:
07496                 md2( message_str, msg_len, hash_result );
07497                 break;
07498         #endif
07499         #ifdef POLARSSL_MD4_C
07500             case SIG_RSA_MD4:
07501                 md4( message_str, msg_len, hash_result );
07502                 break;
07503         #endif
07504         #ifdef POLARSSL_MD5_C
07505             case SIG_RSA_MD5:
07506                 md5( message_str, msg_len, hash_result );
07507                 break;
07508         #endif
07509         #ifdef POLARSSL_SHA1_C
07510             case SIG_RSA_SHA1:
07511                 sha1( message_str, msg_len, hash_result );
07512                 break;
07513         #endif
07514         #ifdef POLARSSL_SHA2_C
07515             case SIG_RSA_SHA224:
07516                 sha2( message_str, msg_len, hash_result, 1 );
07517                 break;
07518             case SIG_RSA_SHA256:
07519                 sha2( message_str, msg_len, hash_result, 0 );
07520                 break;
07521         #endif
07522         #ifdef POLARSSL_SHA4_C
07523             case SIG_RSA_SHA384:
07524                 sha4( message_str, msg_len, hash_result, 1 );
07525                 break;
07526             case SIG_RSA_SHA512:
07527                 sha4( message_str, msg_len, hash_result, 0 );
07528                 break;
07529         #endif
07530             }
07531         
07532             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07533         }
07534         FCT_TEST_END();
07535 
07536 
07537         FCT_TEST_BGN(rsassa_pss_signature_example_3_1)
07538         {
07539             unsigned char message_str[1000];
07540             unsigned char hash_result[1000];
07541             unsigned char output[1000];
07542             unsigned char output_str[1000];
07543             unsigned char rnd_buf[1000];
07544             rsa_context ctx;
07545             mpi P1, Q1, H, G;
07546             size_t msg_len;
07547             rnd_buf_info info;
07548         
07549             info.length = unhexify( rnd_buf, "f31ad6c8cf89df78ed77feacbcc2f8b0a8e4cfaa" );
07550             info.buf = rnd_buf;
07551         
07552             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07553             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07554         
07555             memset( message_str, 0x00, 1000 );
07556             memset( hash_result, 0x00, 1000 );
07557             memset( output, 0x00, 1000 );
07558             memset( output_str, 0x00, 1000 );
07559         
07560             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07561             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
07562             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
07563             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07564             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07565         
07566             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07567             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07568             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07569             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07570             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07571             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07572             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07573             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07574         
07575             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07576         
07577             msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
07578         
07579             switch( SIG_RSA_SHA1 )
07580             {
07581         #ifdef POLARSSL_MD2_C
07582             case SIG_RSA_MD2:
07583                 md2( message_str, msg_len, hash_result );
07584                 break;
07585         #endif
07586         #ifdef POLARSSL_MD4_C
07587             case SIG_RSA_MD4:
07588                 md4( message_str, msg_len, hash_result );
07589                 break;
07590         #endif
07591         #ifdef POLARSSL_MD5_C
07592             case SIG_RSA_MD5:
07593                 md5( message_str, msg_len, hash_result );
07594                 break;
07595         #endif
07596         #ifdef POLARSSL_SHA1_C
07597             case SIG_RSA_SHA1:
07598                 sha1( message_str, msg_len, hash_result );
07599                 break;
07600         #endif
07601         #ifdef POLARSSL_SHA2_C
07602             case SIG_RSA_SHA224:
07603                 sha2( message_str, msg_len, hash_result, 1 );
07604                 break;
07605             case SIG_RSA_SHA256:
07606                 sha2( message_str, msg_len, hash_result, 0 );
07607                 break;
07608         #endif
07609         #ifdef POLARSSL_SHA4_C
07610             case SIG_RSA_SHA384:
07611                 sha4( message_str, msg_len, hash_result, 1 );
07612                 break;
07613             case SIG_RSA_SHA512:
07614                 sha4( message_str, msg_len, hash_result, 0 );
07615                 break;
07616         #endif
07617             }
07618         
07619             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07620             if( 0 == 0 )
07621             {
07622                 hexify( output_str, output, ctx.len);
07623         
07624                 fct_chk( strcasecmp( (char *) output_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" ) == 0 );
07625             }
07626         
07627             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07628         }
07629         FCT_TEST_END();
07630 
07631 
07632         FCT_TEST_BGN(rsassa_pss_signature_example_3_1_verify)
07633         {
07634             unsigned char message_str[1000];
07635             unsigned char hash_result[1000];
07636             unsigned char result_str[1000];
07637             rsa_context ctx;
07638             size_t msg_len;
07639         
07640             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07641             memset( message_str, 0x00, 1000 );
07642             memset( hash_result, 0x00, 1000 );
07643             memset( result_str, 0x00, 1000 );
07644         
07645             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07646             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07647             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07648         
07649             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07650         
07651             msg_len = unhexify( message_str, "594b37333bbb2c84524a87c1a01f75fcec0e3256f108e38dca36d70d0057" );
07652             unhexify( result_str, "0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f" );
07653         
07654             switch( SIG_RSA_SHA1 )
07655             {
07656         #ifdef POLARSSL_MD2_C
07657             case SIG_RSA_MD2:
07658                 md2( message_str, msg_len, hash_result );
07659                 break;
07660         #endif
07661         #ifdef POLARSSL_MD4_C
07662             case SIG_RSA_MD4:
07663                 md4( message_str, msg_len, hash_result );
07664                 break;
07665         #endif
07666         #ifdef POLARSSL_MD5_C
07667             case SIG_RSA_MD5:
07668                 md5( message_str, msg_len, hash_result );
07669                 break;
07670         #endif
07671         #ifdef POLARSSL_SHA1_C
07672             case SIG_RSA_SHA1:
07673                 sha1( message_str, msg_len, hash_result );
07674                 break;
07675         #endif
07676         #ifdef POLARSSL_SHA2_C
07677             case SIG_RSA_SHA224:
07678                 sha2( message_str, msg_len, hash_result, 1 );
07679                 break;
07680             case SIG_RSA_SHA256:
07681                 sha2( message_str, msg_len, hash_result, 0 );
07682                 break;
07683         #endif
07684         #ifdef POLARSSL_SHA4_C
07685             case SIG_RSA_SHA384:
07686                 sha4( message_str, msg_len, hash_result, 1 );
07687                 break;
07688             case SIG_RSA_SHA512:
07689                 sha4( message_str, msg_len, hash_result, 0 );
07690                 break;
07691         #endif
07692             }
07693         
07694             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07695         }
07696         FCT_TEST_END();
07697 
07698 
07699         FCT_TEST_BGN(rsassa_pss_signature_example_3_2)
07700         {
07701             unsigned char message_str[1000];
07702             unsigned char hash_result[1000];
07703             unsigned char output[1000];
07704             unsigned char output_str[1000];
07705             unsigned char rnd_buf[1000];
07706             rsa_context ctx;
07707             mpi P1, Q1, H, G;
07708             size_t msg_len;
07709             rnd_buf_info info;
07710         
07711             info.length = unhexify( rnd_buf, "fcf9f0e1f199a3d1d0da681c5b8606fc642939f7" );
07712             info.buf = rnd_buf;
07713         
07714             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07715             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07716         
07717             memset( message_str, 0x00, 1000 );
07718             memset( hash_result, 0x00, 1000 );
07719             memset( output, 0x00, 1000 );
07720             memset( output_str, 0x00, 1000 );
07721         
07722             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07723             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
07724             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
07725             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07726             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07727         
07728             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07729             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07730             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07731             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07732             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07733             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07734             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07735             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07736         
07737             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07738         
07739             msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
07740         
07741             switch( SIG_RSA_SHA1 )
07742             {
07743         #ifdef POLARSSL_MD2_C
07744             case SIG_RSA_MD2:
07745                 md2( message_str, msg_len, hash_result );
07746                 break;
07747         #endif
07748         #ifdef POLARSSL_MD4_C
07749             case SIG_RSA_MD4:
07750                 md4( message_str, msg_len, hash_result );
07751                 break;
07752         #endif
07753         #ifdef POLARSSL_MD5_C
07754             case SIG_RSA_MD5:
07755                 md5( message_str, msg_len, hash_result );
07756                 break;
07757         #endif
07758         #ifdef POLARSSL_SHA1_C
07759             case SIG_RSA_SHA1:
07760                 sha1( message_str, msg_len, hash_result );
07761                 break;
07762         #endif
07763         #ifdef POLARSSL_SHA2_C
07764             case SIG_RSA_SHA224:
07765                 sha2( message_str, msg_len, hash_result, 1 );
07766                 break;
07767             case SIG_RSA_SHA256:
07768                 sha2( message_str, msg_len, hash_result, 0 );
07769                 break;
07770         #endif
07771         #ifdef POLARSSL_SHA4_C
07772             case SIG_RSA_SHA384:
07773                 sha4( message_str, msg_len, hash_result, 1 );
07774                 break;
07775             case SIG_RSA_SHA512:
07776                 sha4( message_str, msg_len, hash_result, 0 );
07777                 break;
07778         #endif
07779             }
07780         
07781             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07782             if( 0 == 0 )
07783             {
07784                 hexify( output_str, output, ctx.len);
07785         
07786                 fct_chk( strcasecmp( (char *) output_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" ) == 0 );
07787             }
07788         
07789             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07790         }
07791         FCT_TEST_END();
07792 
07793 
07794         FCT_TEST_BGN(rsassa_pss_signature_example_3_2_verify)
07795         {
07796             unsigned char message_str[1000];
07797             unsigned char hash_result[1000];
07798             unsigned char result_str[1000];
07799             rsa_context ctx;
07800             size_t msg_len;
07801         
07802             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07803             memset( message_str, 0x00, 1000 );
07804             memset( hash_result, 0x00, 1000 );
07805             memset( result_str, 0x00, 1000 );
07806         
07807             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07808             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07809             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07810         
07811             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07812         
07813             msg_len = unhexify( message_str, "8b769528884a0d1ffd090cf102993e796dadcfbddd38e44ff6324ca451" );
07814             unhexify( result_str, "02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af" );
07815         
07816             switch( SIG_RSA_SHA1 )
07817             {
07818         #ifdef POLARSSL_MD2_C
07819             case SIG_RSA_MD2:
07820                 md2( message_str, msg_len, hash_result );
07821                 break;
07822         #endif
07823         #ifdef POLARSSL_MD4_C
07824             case SIG_RSA_MD4:
07825                 md4( message_str, msg_len, hash_result );
07826                 break;
07827         #endif
07828         #ifdef POLARSSL_MD5_C
07829             case SIG_RSA_MD5:
07830                 md5( message_str, msg_len, hash_result );
07831                 break;
07832         #endif
07833         #ifdef POLARSSL_SHA1_C
07834             case SIG_RSA_SHA1:
07835                 sha1( message_str, msg_len, hash_result );
07836                 break;
07837         #endif
07838         #ifdef POLARSSL_SHA2_C
07839             case SIG_RSA_SHA224:
07840                 sha2( message_str, msg_len, hash_result, 1 );
07841                 break;
07842             case SIG_RSA_SHA256:
07843                 sha2( message_str, msg_len, hash_result, 0 );
07844                 break;
07845         #endif
07846         #ifdef POLARSSL_SHA4_C
07847             case SIG_RSA_SHA384:
07848                 sha4( message_str, msg_len, hash_result, 1 );
07849                 break;
07850             case SIG_RSA_SHA512:
07851                 sha4( message_str, msg_len, hash_result, 0 );
07852                 break;
07853         #endif
07854             }
07855         
07856             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
07857         }
07858         FCT_TEST_END();
07859 
07860 
07861         FCT_TEST_BGN(rsassa_pss_signature_example_3_3)
07862         {
07863             unsigned char message_str[1000];
07864             unsigned char hash_result[1000];
07865             unsigned char output[1000];
07866             unsigned char output_str[1000];
07867             unsigned char rnd_buf[1000];
07868             rsa_context ctx;
07869             mpi P1, Q1, H, G;
07870             size_t msg_len;
07871             rnd_buf_info info;
07872         
07873             info.length = unhexify( rnd_buf, "986e7c43dbb671bd41b9a7f4b6afc80e805f2423" );
07874             info.buf = rnd_buf;
07875         
07876             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
07877             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07878         
07879             memset( message_str, 0x00, 1000 );
07880             memset( hash_result, 0x00, 1000 );
07881             memset( output, 0x00, 1000 );
07882             memset( output_str, 0x00, 1000 );
07883         
07884             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07885             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
07886             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
07887             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07888             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07889         
07890             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
07891             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
07892             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
07893             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
07894             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
07895             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
07896             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
07897             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
07898         
07899             fct_chk( rsa_check_privkey( &ctx ) == 0 );
07900         
07901             msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
07902         
07903             switch( SIG_RSA_SHA1 )
07904             {
07905         #ifdef POLARSSL_MD2_C
07906             case SIG_RSA_MD2:
07907                 md2( message_str, msg_len, hash_result );
07908                 break;
07909         #endif
07910         #ifdef POLARSSL_MD4_C
07911             case SIG_RSA_MD4:
07912                 md4( message_str, msg_len, hash_result );
07913                 break;
07914         #endif
07915         #ifdef POLARSSL_MD5_C
07916             case SIG_RSA_MD5:
07917                 md5( message_str, msg_len, hash_result );
07918                 break;
07919         #endif
07920         #ifdef POLARSSL_SHA1_C
07921             case SIG_RSA_SHA1:
07922                 sha1( message_str, msg_len, hash_result );
07923                 break;
07924         #endif
07925         #ifdef POLARSSL_SHA2_C
07926             case SIG_RSA_SHA224:
07927                 sha2( message_str, msg_len, hash_result, 1 );
07928                 break;
07929             case SIG_RSA_SHA256:
07930                 sha2( message_str, msg_len, hash_result, 0 );
07931                 break;
07932         #endif
07933         #ifdef POLARSSL_SHA4_C
07934             case SIG_RSA_SHA384:
07935                 sha4( message_str, msg_len, hash_result, 1 );
07936                 break;
07937             case SIG_RSA_SHA512:
07938                 sha4( message_str, msg_len, hash_result, 0 );
07939                 break;
07940         #endif
07941             }
07942         
07943             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
07944             if( 0 == 0 )
07945             {
07946                 hexify( output_str, output, ctx.len);
07947         
07948                 fct_chk( strcasecmp( (char *) output_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" ) == 0 );
07949             }
07950         
07951             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
07952         }
07953         FCT_TEST_END();
07954 
07955 
07956         FCT_TEST_BGN(rsassa_pss_signature_example_3_3_verify)
07957         {
07958             unsigned char message_str[1000];
07959             unsigned char hash_result[1000];
07960             unsigned char result_str[1000];
07961             rsa_context ctx;
07962             size_t msg_len;
07963         
07964             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
07965             memset( message_str, 0x00, 1000 );
07966             memset( hash_result, 0x00, 1000 );
07967             memset( result_str, 0x00, 1000 );
07968         
07969             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
07970             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
07971             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
07972         
07973             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
07974         
07975             msg_len = unhexify( message_str, "1abdba489c5ada2f995ed16f19d5a94d9e6ec34a8d84f84557d26e5ef9b02b22887e3f9a4b690ad1149209c20c61431f0c017c36c2657b35d7b07d3f5ad8708507a9c1b831df835a56f831071814ea5d3d8d8f6ade40cba38b42db7a2d3d7a29c8f0a79a7838cf58a9757fa2fe4c40df9baa193bfc6f92b123ad57b07ace3e6ac068c9f106afd9eeb03b4f37c25dbfbcfb3071f6f9771766d072f3bb070af6605532973ae25051" );
07976             unhexify( result_str, "0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c" );
07977         
07978             switch( SIG_RSA_SHA1 )
07979             {
07980         #ifdef POLARSSL_MD2_C
07981             case SIG_RSA_MD2:
07982                 md2( message_str, msg_len, hash_result );
07983                 break;
07984         #endif
07985         #ifdef POLARSSL_MD4_C
07986             case SIG_RSA_MD4:
07987                 md4( message_str, msg_len, hash_result );
07988                 break;
07989         #endif
07990         #ifdef POLARSSL_MD5_C
07991             case SIG_RSA_MD5:
07992                 md5( message_str, msg_len, hash_result );
07993                 break;
07994         #endif
07995         #ifdef POLARSSL_SHA1_C
07996             case SIG_RSA_SHA1:
07997                 sha1( message_str, msg_len, hash_result );
07998                 break;
07999         #endif
08000         #ifdef POLARSSL_SHA2_C
08001             case SIG_RSA_SHA224:
08002                 sha2( message_str, msg_len, hash_result, 1 );
08003                 break;
08004             case SIG_RSA_SHA256:
08005                 sha2( message_str, msg_len, hash_result, 0 );
08006                 break;
08007         #endif
08008         #ifdef POLARSSL_SHA4_C
08009             case SIG_RSA_SHA384:
08010                 sha4( message_str, msg_len, hash_result, 1 );
08011                 break;
08012             case SIG_RSA_SHA512:
08013                 sha4( message_str, msg_len, hash_result, 0 );
08014                 break;
08015         #endif
08016             }
08017         
08018             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08019         }
08020         FCT_TEST_END();
08021 
08022 
08023         FCT_TEST_BGN(rsassa_pss_signature_example_3_4)
08024         {
08025             unsigned char message_str[1000];
08026             unsigned char hash_result[1000];
08027             unsigned char output[1000];
08028             unsigned char output_str[1000];
08029             unsigned char rnd_buf[1000];
08030             rsa_context ctx;
08031             mpi P1, Q1, H, G;
08032             size_t msg_len;
08033             rnd_buf_info info;
08034         
08035             info.length = unhexify( rnd_buf, "f8312d9c8eea13ec0a4c7b98120c87509087c478" );
08036             info.buf = rnd_buf;
08037         
08038             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08039             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08040         
08041             memset( message_str, 0x00, 1000 );
08042             memset( hash_result, 0x00, 1000 );
08043             memset( output, 0x00, 1000 );
08044             memset( output_str, 0x00, 1000 );
08045         
08046             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08047             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
08048             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
08049             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08050             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08051         
08052             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08053             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08054             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08055             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08056             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08057             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08058             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08059             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08060         
08061             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08062         
08063             msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
08064         
08065             switch( SIG_RSA_SHA1 )
08066             {
08067         #ifdef POLARSSL_MD2_C
08068             case SIG_RSA_MD2:
08069                 md2( message_str, msg_len, hash_result );
08070                 break;
08071         #endif
08072         #ifdef POLARSSL_MD4_C
08073             case SIG_RSA_MD4:
08074                 md4( message_str, msg_len, hash_result );
08075                 break;
08076         #endif
08077         #ifdef POLARSSL_MD5_C
08078             case SIG_RSA_MD5:
08079                 md5( message_str, msg_len, hash_result );
08080                 break;
08081         #endif
08082         #ifdef POLARSSL_SHA1_C
08083             case SIG_RSA_SHA1:
08084                 sha1( message_str, msg_len, hash_result );
08085                 break;
08086         #endif
08087         #ifdef POLARSSL_SHA2_C
08088             case SIG_RSA_SHA224:
08089                 sha2( message_str, msg_len, hash_result, 1 );
08090                 break;
08091             case SIG_RSA_SHA256:
08092                 sha2( message_str, msg_len, hash_result, 0 );
08093                 break;
08094         #endif
08095         #ifdef POLARSSL_SHA4_C
08096             case SIG_RSA_SHA384:
08097                 sha4( message_str, msg_len, hash_result, 1 );
08098                 break;
08099             case SIG_RSA_SHA512:
08100                 sha4( message_str, msg_len, hash_result, 0 );
08101                 break;
08102         #endif
08103             }
08104         
08105             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08106             if( 0 == 0 )
08107             {
08108                 hexify( output_str, output, ctx.len);
08109         
08110                 fct_chk( strcasecmp( (char *) output_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" ) == 0 );
08111             }
08112         
08113             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08114         }
08115         FCT_TEST_END();
08116 
08117 
08118         FCT_TEST_BGN(rsassa_pss_signature_example_3_4_verify)
08119         {
08120             unsigned char message_str[1000];
08121             unsigned char hash_result[1000];
08122             unsigned char result_str[1000];
08123             rsa_context ctx;
08124             size_t msg_len;
08125         
08126             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08127             memset( message_str, 0x00, 1000 );
08128             memset( hash_result, 0x00, 1000 );
08129             memset( result_str, 0x00, 1000 );
08130         
08131             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08132             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08133             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08134         
08135             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08136         
08137             msg_len = unhexify( message_str, "8fb431f5ee792b6c2ac7db53cc428655aeb32d03f4e889c5c25de683c461b53acf89f9f8d3aabdf6b9f0c2a1de12e15b49edb3919a652fe9491c25a7fce1f722c2543608b69dc375ec" );
08138             unhexify( result_str, "0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8" );
08139         
08140             switch( SIG_RSA_SHA1 )
08141             {
08142         #ifdef POLARSSL_MD2_C
08143             case SIG_RSA_MD2:
08144                 md2( message_str, msg_len, hash_result );
08145                 break;
08146         #endif
08147         #ifdef POLARSSL_MD4_C
08148             case SIG_RSA_MD4:
08149                 md4( message_str, msg_len, hash_result );
08150                 break;
08151         #endif
08152         #ifdef POLARSSL_MD5_C
08153             case SIG_RSA_MD5:
08154                 md5( message_str, msg_len, hash_result );
08155                 break;
08156         #endif
08157         #ifdef POLARSSL_SHA1_C
08158             case SIG_RSA_SHA1:
08159                 sha1( message_str, msg_len, hash_result );
08160                 break;
08161         #endif
08162         #ifdef POLARSSL_SHA2_C
08163             case SIG_RSA_SHA224:
08164                 sha2( message_str, msg_len, hash_result, 1 );
08165                 break;
08166             case SIG_RSA_SHA256:
08167                 sha2( message_str, msg_len, hash_result, 0 );
08168                 break;
08169         #endif
08170         #ifdef POLARSSL_SHA4_C
08171             case SIG_RSA_SHA384:
08172                 sha4( message_str, msg_len, hash_result, 1 );
08173                 break;
08174             case SIG_RSA_SHA512:
08175                 sha4( message_str, msg_len, hash_result, 0 );
08176                 break;
08177         #endif
08178             }
08179         
08180             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08181         }
08182         FCT_TEST_END();
08183 
08184 
08185         FCT_TEST_BGN(rsassa_pss_signature_example_3_5)
08186         {
08187             unsigned char message_str[1000];
08188             unsigned char hash_result[1000];
08189             unsigned char output[1000];
08190             unsigned char output_str[1000];
08191             unsigned char rnd_buf[1000];
08192             rsa_context ctx;
08193             mpi P1, Q1, H, G;
08194             size_t msg_len;
08195             rnd_buf_info info;
08196         
08197             info.length = unhexify( rnd_buf, "50327efec6292f98019fc67a2a6638563e9b6e2d" );
08198             info.buf = rnd_buf;
08199         
08200             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08201             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08202         
08203             memset( message_str, 0x00, 1000 );
08204             memset( hash_result, 0x00, 1000 );
08205             memset( output, 0x00, 1000 );
08206             memset( output_str, 0x00, 1000 );
08207         
08208             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08209             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
08210             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
08211             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08212             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08213         
08214             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08215             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08216             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08217             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08218             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08219             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08220             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08221             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08222         
08223             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08224         
08225             msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
08226         
08227             switch( SIG_RSA_SHA1 )
08228             {
08229         #ifdef POLARSSL_MD2_C
08230             case SIG_RSA_MD2:
08231                 md2( message_str, msg_len, hash_result );
08232                 break;
08233         #endif
08234         #ifdef POLARSSL_MD4_C
08235             case SIG_RSA_MD4:
08236                 md4( message_str, msg_len, hash_result );
08237                 break;
08238         #endif
08239         #ifdef POLARSSL_MD5_C
08240             case SIG_RSA_MD5:
08241                 md5( message_str, msg_len, hash_result );
08242                 break;
08243         #endif
08244         #ifdef POLARSSL_SHA1_C
08245             case SIG_RSA_SHA1:
08246                 sha1( message_str, msg_len, hash_result );
08247                 break;
08248         #endif
08249         #ifdef POLARSSL_SHA2_C
08250             case SIG_RSA_SHA224:
08251                 sha2( message_str, msg_len, hash_result, 1 );
08252                 break;
08253             case SIG_RSA_SHA256:
08254                 sha2( message_str, msg_len, hash_result, 0 );
08255                 break;
08256         #endif
08257         #ifdef POLARSSL_SHA4_C
08258             case SIG_RSA_SHA384:
08259                 sha4( message_str, msg_len, hash_result, 1 );
08260                 break;
08261             case SIG_RSA_SHA512:
08262                 sha4( message_str, msg_len, hash_result, 0 );
08263                 break;
08264         #endif
08265             }
08266         
08267             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08268             if( 0 == 0 )
08269             {
08270                 hexify( output_str, output, ctx.len);
08271         
08272                 fct_chk( strcasecmp( (char *) output_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" ) == 0 );
08273             }
08274         
08275             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08276         }
08277         FCT_TEST_END();
08278 
08279 
08280         FCT_TEST_BGN(rsassa_pss_signature_example_3_5_verify)
08281         {
08282             unsigned char message_str[1000];
08283             unsigned char hash_result[1000];
08284             unsigned char result_str[1000];
08285             rsa_context ctx;
08286             size_t msg_len;
08287         
08288             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08289             memset( message_str, 0x00, 1000 );
08290             memset( hash_result, 0x00, 1000 );
08291             memset( result_str, 0x00, 1000 );
08292         
08293             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08294             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08295             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08296         
08297             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08298         
08299             msg_len = unhexify( message_str, "fef4161dfaaf9c5295051dfc1ff3810c8c9ec2e866f7075422c8ec4216a9c4ff49427d483cae10c8534a41b2fd15fee06960ec6fb3f7a7e94a2f8a2e3e43dc4a40576c3097ac953b1de86f0b4ed36d644f23ae14425529622464ca0cbf0b1741347238157fab59e4de5524096d62baec63ac64" );
08300             unhexify( result_str, "021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83" );
08301         
08302             switch( SIG_RSA_SHA1 )
08303             {
08304         #ifdef POLARSSL_MD2_C
08305             case SIG_RSA_MD2:
08306                 md2( message_str, msg_len, hash_result );
08307                 break;
08308         #endif
08309         #ifdef POLARSSL_MD4_C
08310             case SIG_RSA_MD4:
08311                 md4( message_str, msg_len, hash_result );
08312                 break;
08313         #endif
08314         #ifdef POLARSSL_MD5_C
08315             case SIG_RSA_MD5:
08316                 md5( message_str, msg_len, hash_result );
08317                 break;
08318         #endif
08319         #ifdef POLARSSL_SHA1_C
08320             case SIG_RSA_SHA1:
08321                 sha1( message_str, msg_len, hash_result );
08322                 break;
08323         #endif
08324         #ifdef POLARSSL_SHA2_C
08325             case SIG_RSA_SHA224:
08326                 sha2( message_str, msg_len, hash_result, 1 );
08327                 break;
08328             case SIG_RSA_SHA256:
08329                 sha2( message_str, msg_len, hash_result, 0 );
08330                 break;
08331         #endif
08332         #ifdef POLARSSL_SHA4_C
08333             case SIG_RSA_SHA384:
08334                 sha4( message_str, msg_len, hash_result, 1 );
08335                 break;
08336             case SIG_RSA_SHA512:
08337                 sha4( message_str, msg_len, hash_result, 0 );
08338                 break;
08339         #endif
08340             }
08341         
08342             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08343         }
08344         FCT_TEST_END();
08345 
08346 
08347         FCT_TEST_BGN(rsassa_pss_signature_example_3_6)
08348         {
08349             unsigned char message_str[1000];
08350             unsigned char hash_result[1000];
08351             unsigned char output[1000];
08352             unsigned char output_str[1000];
08353             unsigned char rnd_buf[1000];
08354             rsa_context ctx;
08355             mpi P1, Q1, H, G;
08356             size_t msg_len;
08357             rnd_buf_info info;
08358         
08359             info.length = unhexify( rnd_buf, "b0de3fc25b65f5af96b1d5cc3b27d0c6053087b3" );
08360             info.buf = rnd_buf;
08361         
08362             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08363             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08364         
08365             memset( message_str, 0x00, 1000 );
08366             memset( hash_result, 0x00, 1000 );
08367             memset( output, 0x00, 1000 );
08368             memset( output_str, 0x00, 1000 );
08369         
08370             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08371             fct_chk( mpi_read_string( &ctx.P, 16, "01bd36e18ece4b0fdb2e9c9d548bd1a7d6e2c21c6fdc35074a1d05b1c6c8b3d558ea2639c9a9a421680169317252558bd148ad215aac550e2dcf12a82d0ebfe853" ) == 0 );
08372             fct_chk( mpi_read_string( &ctx.Q, 16, "01b1b656ad86d8e19d5dc86292b3a192fdf6e0dd37877bad14822fa00190cab265f90d3f02057b6f54d6ecb14491e5adeacebc48bf0ebd2a2ad26d402e54f61651" ) == 0 );
08373             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08374             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08375         
08376             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08377             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08378             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08379             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08380             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08381             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08382             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08383             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08384         
08385             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08386         
08387             msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
08388         
08389             switch( SIG_RSA_SHA1 )
08390             {
08391         #ifdef POLARSSL_MD2_C
08392             case SIG_RSA_MD2:
08393                 md2( message_str, msg_len, hash_result );
08394                 break;
08395         #endif
08396         #ifdef POLARSSL_MD4_C
08397             case SIG_RSA_MD4:
08398                 md4( message_str, msg_len, hash_result );
08399                 break;
08400         #endif
08401         #ifdef POLARSSL_MD5_C
08402             case SIG_RSA_MD5:
08403                 md5( message_str, msg_len, hash_result );
08404                 break;
08405         #endif
08406         #ifdef POLARSSL_SHA1_C
08407             case SIG_RSA_SHA1:
08408                 sha1( message_str, msg_len, hash_result );
08409                 break;
08410         #endif
08411         #ifdef POLARSSL_SHA2_C
08412             case SIG_RSA_SHA224:
08413                 sha2( message_str, msg_len, hash_result, 1 );
08414                 break;
08415             case SIG_RSA_SHA256:
08416                 sha2( message_str, msg_len, hash_result, 0 );
08417                 break;
08418         #endif
08419         #ifdef POLARSSL_SHA4_C
08420             case SIG_RSA_SHA384:
08421                 sha4( message_str, msg_len, hash_result, 1 );
08422                 break;
08423             case SIG_RSA_SHA512:
08424                 sha4( message_str, msg_len, hash_result, 0 );
08425                 break;
08426         #endif
08427             }
08428         
08429             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08430             if( 0 == 0 )
08431             {
08432                 hexify( output_str, output, ctx.len);
08433         
08434                 fct_chk( strcasecmp( (char *) output_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" ) == 0 );
08435             }
08436         
08437             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08438         }
08439         FCT_TEST_END();
08440 
08441 
08442         FCT_TEST_BGN(rsassa_pss_signature_example_3_6_verify)
08443         {
08444             unsigned char message_str[1000];
08445             unsigned char hash_result[1000];
08446             unsigned char result_str[1000];
08447             rsa_context ctx;
08448             size_t msg_len;
08449         
08450             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08451             memset( message_str, 0x00, 1000 );
08452             memset( hash_result, 0x00, 1000 );
08453             memset( result_str, 0x00, 1000 );
08454         
08455             ctx.len = 1026 / 8 + ( ( 1026 % 8 ) ? 1 : 0 );
08456             fct_chk( mpi_read_string( &ctx.N, 16, "02f246ef451ed3eebb9a310200cc25859c048e4be798302991112eb68ce6db674e280da21feded1ae74880ca522b18db249385012827c515f0e466a1ffa691d98170574e9d0eadb087586ca48933da3cc953d95bd0ed50de10ddcb6736107d6c831c7f663e833ca4c097e700ce0fb945f88fb85fe8e5a773172565b914a471a443" ) == 0 );
08457             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08458         
08459             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08460         
08461             msg_len = unhexify( message_str, "efd237bb098a443aeeb2bf6c3f8c81b8c01b7fcb3feb" );
08462             unhexify( result_str, "012fafec862f56e9e92f60ab0c77824f4299a0ca734ed26e0644d5d222c7f0bde03964f8e70a5cb65ed44e44d56ae0edf1ff86ca032cc5dd4404dbb76ab854586c44eed8336d08d457ce6c03693b45c0f1efef93624b95b8ec169c616d20e5538ebc0b6737a6f82b4bc0570924fc6b35759a3348426279f8b3d7744e2d222426ce" );
08463         
08464             switch( SIG_RSA_SHA1 )
08465             {
08466         #ifdef POLARSSL_MD2_C
08467             case SIG_RSA_MD2:
08468                 md2( message_str, msg_len, hash_result );
08469                 break;
08470         #endif
08471         #ifdef POLARSSL_MD4_C
08472             case SIG_RSA_MD4:
08473                 md4( message_str, msg_len, hash_result );
08474                 break;
08475         #endif
08476         #ifdef POLARSSL_MD5_C
08477             case SIG_RSA_MD5:
08478                 md5( message_str, msg_len, hash_result );
08479                 break;
08480         #endif
08481         #ifdef POLARSSL_SHA1_C
08482             case SIG_RSA_SHA1:
08483                 sha1( message_str, msg_len, hash_result );
08484                 break;
08485         #endif
08486         #ifdef POLARSSL_SHA2_C
08487             case SIG_RSA_SHA224:
08488                 sha2( message_str, msg_len, hash_result, 1 );
08489                 break;
08490             case SIG_RSA_SHA256:
08491                 sha2( message_str, msg_len, hash_result, 0 );
08492                 break;
08493         #endif
08494         #ifdef POLARSSL_SHA4_C
08495             case SIG_RSA_SHA384:
08496                 sha4( message_str, msg_len, hash_result, 1 );
08497                 break;
08498             case SIG_RSA_SHA512:
08499                 sha4( message_str, msg_len, hash_result, 0 );
08500                 break;
08501         #endif
08502             }
08503         
08504             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08505         }
08506         FCT_TEST_END();
08507 
08508 
08509         FCT_TEST_BGN(rsassa_pss_signature_example_4_1)
08510         {
08511             unsigned char message_str[1000];
08512             unsigned char hash_result[1000];
08513             unsigned char output[1000];
08514             unsigned char output_str[1000];
08515             unsigned char rnd_buf[1000];
08516             rsa_context ctx;
08517             mpi P1, Q1, H, G;
08518             size_t msg_len;
08519             rnd_buf_info info;
08520         
08521             info.length = unhexify( rnd_buf, "ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d" );
08522             info.buf = rnd_buf;
08523         
08524             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08525             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08526         
08527             memset( message_str, 0x00, 1000 );
08528             memset( hash_result, 0x00, 1000 );
08529             memset( output, 0x00, 1000 );
08530             memset( output_str, 0x00, 1000 );
08531         
08532             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08533             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
08534             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
08535             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08536             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08537         
08538             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08539             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08540             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08541             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08542             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08543             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08544             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08545             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08546         
08547             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08548         
08549             msg_len = unhexify( message_str, "9fb03b827c8217d9" );
08550         
08551             switch( SIG_RSA_SHA1 )
08552             {
08553         #ifdef POLARSSL_MD2_C
08554             case SIG_RSA_MD2:
08555                 md2( message_str, msg_len, hash_result );
08556                 break;
08557         #endif
08558         #ifdef POLARSSL_MD4_C
08559             case SIG_RSA_MD4:
08560                 md4( message_str, msg_len, hash_result );
08561                 break;
08562         #endif
08563         #ifdef POLARSSL_MD5_C
08564             case SIG_RSA_MD5:
08565                 md5( message_str, msg_len, hash_result );
08566                 break;
08567         #endif
08568         #ifdef POLARSSL_SHA1_C
08569             case SIG_RSA_SHA1:
08570                 sha1( message_str, msg_len, hash_result );
08571                 break;
08572         #endif
08573         #ifdef POLARSSL_SHA2_C
08574             case SIG_RSA_SHA224:
08575                 sha2( message_str, msg_len, hash_result, 1 );
08576                 break;
08577             case SIG_RSA_SHA256:
08578                 sha2( message_str, msg_len, hash_result, 0 );
08579                 break;
08580         #endif
08581         #ifdef POLARSSL_SHA4_C
08582             case SIG_RSA_SHA384:
08583                 sha4( message_str, msg_len, hash_result, 1 );
08584                 break;
08585             case SIG_RSA_SHA512:
08586                 sha4( message_str, msg_len, hash_result, 0 );
08587                 break;
08588         #endif
08589             }
08590         
08591             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08592             if( 0 == 0 )
08593             {
08594                 hexify( output_str, output, ctx.len);
08595         
08596                 fct_chk( strcasecmp( (char *) output_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" ) == 0 );
08597             }
08598         
08599             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08600         }
08601         FCT_TEST_END();
08602 
08603 
08604         FCT_TEST_BGN(rsassa_pss_signature_example_4_1_verify)
08605         {
08606             unsigned char message_str[1000];
08607             unsigned char hash_result[1000];
08608             unsigned char result_str[1000];
08609             rsa_context ctx;
08610             size_t msg_len;
08611         
08612             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08613             memset( message_str, 0x00, 1000 );
08614             memset( hash_result, 0x00, 1000 );
08615             memset( result_str, 0x00, 1000 );
08616         
08617             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08618             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08619             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08620         
08621             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08622         
08623             msg_len = unhexify( message_str, "9fb03b827c8217d9" );
08624             unhexify( result_str, "0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948" );
08625         
08626             switch( SIG_RSA_SHA1 )
08627             {
08628         #ifdef POLARSSL_MD2_C
08629             case SIG_RSA_MD2:
08630                 md2( message_str, msg_len, hash_result );
08631                 break;
08632         #endif
08633         #ifdef POLARSSL_MD4_C
08634             case SIG_RSA_MD4:
08635                 md4( message_str, msg_len, hash_result );
08636                 break;
08637         #endif
08638         #ifdef POLARSSL_MD5_C
08639             case SIG_RSA_MD5:
08640                 md5( message_str, msg_len, hash_result );
08641                 break;
08642         #endif
08643         #ifdef POLARSSL_SHA1_C
08644             case SIG_RSA_SHA1:
08645                 sha1( message_str, msg_len, hash_result );
08646                 break;
08647         #endif
08648         #ifdef POLARSSL_SHA2_C
08649             case SIG_RSA_SHA224:
08650                 sha2( message_str, msg_len, hash_result, 1 );
08651                 break;
08652             case SIG_RSA_SHA256:
08653                 sha2( message_str, msg_len, hash_result, 0 );
08654                 break;
08655         #endif
08656         #ifdef POLARSSL_SHA4_C
08657             case SIG_RSA_SHA384:
08658                 sha4( message_str, msg_len, hash_result, 1 );
08659                 break;
08660             case SIG_RSA_SHA512:
08661                 sha4( message_str, msg_len, hash_result, 0 );
08662                 break;
08663         #endif
08664             }
08665         
08666             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08667         }
08668         FCT_TEST_END();
08669 
08670 
08671         FCT_TEST_BGN(rsassa_pss_signature_example_4_2)
08672         {
08673             unsigned char message_str[1000];
08674             unsigned char hash_result[1000];
08675             unsigned char output[1000];
08676             unsigned char output_str[1000];
08677             unsigned char rnd_buf[1000];
08678             rsa_context ctx;
08679             mpi P1, Q1, H, G;
08680             size_t msg_len;
08681             rnd_buf_info info;
08682         
08683             info.length = unhexify( rnd_buf, "22d71d54363a4217aa55113f059b3384e3e57e44" );
08684             info.buf = rnd_buf;
08685         
08686             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08687             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08688         
08689             memset( message_str, 0x00, 1000 );
08690             memset( hash_result, 0x00, 1000 );
08691             memset( output, 0x00, 1000 );
08692             memset( output_str, 0x00, 1000 );
08693         
08694             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08695             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
08696             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
08697             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08698             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08699         
08700             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08701             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08702             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08703             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08704             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08705             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08706             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08707             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08708         
08709             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08710         
08711             msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
08712         
08713             switch( SIG_RSA_SHA1 )
08714             {
08715         #ifdef POLARSSL_MD2_C
08716             case SIG_RSA_MD2:
08717                 md2( message_str, msg_len, hash_result );
08718                 break;
08719         #endif
08720         #ifdef POLARSSL_MD4_C
08721             case SIG_RSA_MD4:
08722                 md4( message_str, msg_len, hash_result );
08723                 break;
08724         #endif
08725         #ifdef POLARSSL_MD5_C
08726             case SIG_RSA_MD5:
08727                 md5( message_str, msg_len, hash_result );
08728                 break;
08729         #endif
08730         #ifdef POLARSSL_SHA1_C
08731             case SIG_RSA_SHA1:
08732                 sha1( message_str, msg_len, hash_result );
08733                 break;
08734         #endif
08735         #ifdef POLARSSL_SHA2_C
08736             case SIG_RSA_SHA224:
08737                 sha2( message_str, msg_len, hash_result, 1 );
08738                 break;
08739             case SIG_RSA_SHA256:
08740                 sha2( message_str, msg_len, hash_result, 0 );
08741                 break;
08742         #endif
08743         #ifdef POLARSSL_SHA4_C
08744             case SIG_RSA_SHA384:
08745                 sha4( message_str, msg_len, hash_result, 1 );
08746                 break;
08747             case SIG_RSA_SHA512:
08748                 sha4( message_str, msg_len, hash_result, 0 );
08749                 break;
08750         #endif
08751             }
08752         
08753             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08754             if( 0 == 0 )
08755             {
08756                 hexify( output_str, output, ctx.len);
08757         
08758                 fct_chk( strcasecmp( (char *) output_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" ) == 0 );
08759             }
08760         
08761             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08762         }
08763         FCT_TEST_END();
08764 
08765 
08766         FCT_TEST_BGN(rsassa_pss_signature_example_4_2_verify)
08767         {
08768             unsigned char message_str[1000];
08769             unsigned char hash_result[1000];
08770             unsigned char result_str[1000];
08771             rsa_context ctx;
08772             size_t msg_len;
08773         
08774             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08775             memset( message_str, 0x00, 1000 );
08776             memset( hash_result, 0x00, 1000 );
08777             memset( result_str, 0x00, 1000 );
08778         
08779             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08780             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08781             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08782         
08783             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08784         
08785             msg_len = unhexify( message_str, "0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f" );
08786             unhexify( result_str, "049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598" );
08787         
08788             switch( SIG_RSA_SHA1 )
08789             {
08790         #ifdef POLARSSL_MD2_C
08791             case SIG_RSA_MD2:
08792                 md2( message_str, msg_len, hash_result );
08793                 break;
08794         #endif
08795         #ifdef POLARSSL_MD4_C
08796             case SIG_RSA_MD4:
08797                 md4( message_str, msg_len, hash_result );
08798                 break;
08799         #endif
08800         #ifdef POLARSSL_MD5_C
08801             case SIG_RSA_MD5:
08802                 md5( message_str, msg_len, hash_result );
08803                 break;
08804         #endif
08805         #ifdef POLARSSL_SHA1_C
08806             case SIG_RSA_SHA1:
08807                 sha1( message_str, msg_len, hash_result );
08808                 break;
08809         #endif
08810         #ifdef POLARSSL_SHA2_C
08811             case SIG_RSA_SHA224:
08812                 sha2( message_str, msg_len, hash_result, 1 );
08813                 break;
08814             case SIG_RSA_SHA256:
08815                 sha2( message_str, msg_len, hash_result, 0 );
08816                 break;
08817         #endif
08818         #ifdef POLARSSL_SHA4_C
08819             case SIG_RSA_SHA384:
08820                 sha4( message_str, msg_len, hash_result, 1 );
08821                 break;
08822             case SIG_RSA_SHA512:
08823                 sha4( message_str, msg_len, hash_result, 0 );
08824                 break;
08825         #endif
08826             }
08827         
08828             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08829         }
08830         FCT_TEST_END();
08831 
08832 
08833         FCT_TEST_BGN(rsassa_pss_signature_example_4_3)
08834         {
08835             unsigned char message_str[1000];
08836             unsigned char hash_result[1000];
08837             unsigned char output[1000];
08838             unsigned char output_str[1000];
08839             unsigned char rnd_buf[1000];
08840             rsa_context ctx;
08841             mpi P1, Q1, H, G;
08842             size_t msg_len;
08843             rnd_buf_info info;
08844         
08845             info.length = unhexify( rnd_buf, "4af870fbc6516012ca916c70ba862ac7e8243617" );
08846             info.buf = rnd_buf;
08847         
08848             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
08849             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08850         
08851             memset( message_str, 0x00, 1000 );
08852             memset( hash_result, 0x00, 1000 );
08853             memset( output, 0x00, 1000 );
08854             memset( output_str, 0x00, 1000 );
08855         
08856             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08857             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
08858             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
08859             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08860             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08861         
08862             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
08863             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
08864             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
08865             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
08866             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
08867             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
08868             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
08869             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
08870         
08871             fct_chk( rsa_check_privkey( &ctx ) == 0 );
08872         
08873             msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
08874         
08875             switch( SIG_RSA_SHA1 )
08876             {
08877         #ifdef POLARSSL_MD2_C
08878             case SIG_RSA_MD2:
08879                 md2( message_str, msg_len, hash_result );
08880                 break;
08881         #endif
08882         #ifdef POLARSSL_MD4_C
08883             case SIG_RSA_MD4:
08884                 md4( message_str, msg_len, hash_result );
08885                 break;
08886         #endif
08887         #ifdef POLARSSL_MD5_C
08888             case SIG_RSA_MD5:
08889                 md5( message_str, msg_len, hash_result );
08890                 break;
08891         #endif
08892         #ifdef POLARSSL_SHA1_C
08893             case SIG_RSA_SHA1:
08894                 sha1( message_str, msg_len, hash_result );
08895                 break;
08896         #endif
08897         #ifdef POLARSSL_SHA2_C
08898             case SIG_RSA_SHA224:
08899                 sha2( message_str, msg_len, hash_result, 1 );
08900                 break;
08901             case SIG_RSA_SHA256:
08902                 sha2( message_str, msg_len, hash_result, 0 );
08903                 break;
08904         #endif
08905         #ifdef POLARSSL_SHA4_C
08906             case SIG_RSA_SHA384:
08907                 sha4( message_str, msg_len, hash_result, 1 );
08908                 break;
08909             case SIG_RSA_SHA512:
08910                 sha4( message_str, msg_len, hash_result, 0 );
08911                 break;
08912         #endif
08913             }
08914         
08915             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
08916             if( 0 == 0 )
08917             {
08918                 hexify( output_str, output, ctx.len);
08919         
08920                 fct_chk( strcasecmp( (char *) output_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" ) == 0 );
08921             }
08922         
08923             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
08924         }
08925         FCT_TEST_END();
08926 
08927 
08928         FCT_TEST_BGN(rsassa_pss_signature_example_4_3_verify)
08929         {
08930             unsigned char message_str[1000];
08931             unsigned char hash_result[1000];
08932             unsigned char result_str[1000];
08933             rsa_context ctx;
08934             size_t msg_len;
08935         
08936             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
08937             memset( message_str, 0x00, 1000 );
08938             memset( hash_result, 0x00, 1000 );
08939             memset( result_str, 0x00, 1000 );
08940         
08941             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
08942             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
08943             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
08944         
08945             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
08946         
08947             msg_len = unhexify( message_str, "288062afc08fcdb7c5f8650b29837300461dd5676c17a20a3c8fb5148949e3f73d66b3ae82c7240e27c5b3ec4328ee7d6ddf6a6a0c9b5b15bcda196a9d0c76b119d534d85abd123962d583b76ce9d180bce1ca" );
08948             unhexify( result_str, "03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad" );
08949         
08950             switch( SIG_RSA_SHA1 )
08951             {
08952         #ifdef POLARSSL_MD2_C
08953             case SIG_RSA_MD2:
08954                 md2( message_str, msg_len, hash_result );
08955                 break;
08956         #endif
08957         #ifdef POLARSSL_MD4_C
08958             case SIG_RSA_MD4:
08959                 md4( message_str, msg_len, hash_result );
08960                 break;
08961         #endif
08962         #ifdef POLARSSL_MD5_C
08963             case SIG_RSA_MD5:
08964                 md5( message_str, msg_len, hash_result );
08965                 break;
08966         #endif
08967         #ifdef POLARSSL_SHA1_C
08968             case SIG_RSA_SHA1:
08969                 sha1( message_str, msg_len, hash_result );
08970                 break;
08971         #endif
08972         #ifdef POLARSSL_SHA2_C
08973             case SIG_RSA_SHA224:
08974                 sha2( message_str, msg_len, hash_result, 1 );
08975                 break;
08976             case SIG_RSA_SHA256:
08977                 sha2( message_str, msg_len, hash_result, 0 );
08978                 break;
08979         #endif
08980         #ifdef POLARSSL_SHA4_C
08981             case SIG_RSA_SHA384:
08982                 sha4( message_str, msg_len, hash_result, 1 );
08983                 break;
08984             case SIG_RSA_SHA512:
08985                 sha4( message_str, msg_len, hash_result, 0 );
08986                 break;
08987         #endif
08988             }
08989         
08990             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
08991         }
08992         FCT_TEST_END();
08993 
08994 
08995         FCT_TEST_BGN(rsassa_pss_signature_example_4_4)
08996         {
08997             unsigned char message_str[1000];
08998             unsigned char hash_result[1000];
08999             unsigned char output[1000];
09000             unsigned char output_str[1000];
09001             unsigned char rnd_buf[1000];
09002             rsa_context ctx;
09003             mpi P1, Q1, H, G;
09004             size_t msg_len;
09005             rnd_buf_info info;
09006         
09007             info.length = unhexify( rnd_buf, "40d2e180fae1eac439c190b56c2c0e14ddf9a226" );
09008             info.buf = rnd_buf;
09009         
09010             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09011             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09012         
09013             memset( message_str, 0x00, 1000 );
09014             memset( hash_result, 0x00, 1000 );
09015             memset( output, 0x00, 1000 );
09016             memset( output_str, 0x00, 1000 );
09017         
09018             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09019             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
09020             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
09021             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09022             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09023         
09024             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09025             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09026             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09027             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09028             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09029             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09030             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09031             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09032         
09033             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09034         
09035             msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
09036         
09037             switch( SIG_RSA_SHA1 )
09038             {
09039         #ifdef POLARSSL_MD2_C
09040             case SIG_RSA_MD2:
09041                 md2( message_str, msg_len, hash_result );
09042                 break;
09043         #endif
09044         #ifdef POLARSSL_MD4_C
09045             case SIG_RSA_MD4:
09046                 md4( message_str, msg_len, hash_result );
09047                 break;
09048         #endif
09049         #ifdef POLARSSL_MD5_C
09050             case SIG_RSA_MD5:
09051                 md5( message_str, msg_len, hash_result );
09052                 break;
09053         #endif
09054         #ifdef POLARSSL_SHA1_C
09055             case SIG_RSA_SHA1:
09056                 sha1( message_str, msg_len, hash_result );
09057                 break;
09058         #endif
09059         #ifdef POLARSSL_SHA2_C
09060             case SIG_RSA_SHA224:
09061                 sha2( message_str, msg_len, hash_result, 1 );
09062                 break;
09063             case SIG_RSA_SHA256:
09064                 sha2( message_str, msg_len, hash_result, 0 );
09065                 break;
09066         #endif
09067         #ifdef POLARSSL_SHA4_C
09068             case SIG_RSA_SHA384:
09069                 sha4( message_str, msg_len, hash_result, 1 );
09070                 break;
09071             case SIG_RSA_SHA512:
09072                 sha4( message_str, msg_len, hash_result, 0 );
09073                 break;
09074         #endif
09075             }
09076         
09077             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09078             if( 0 == 0 )
09079             {
09080                 hexify( output_str, output, ctx.len);
09081         
09082                 fct_chk( strcasecmp( (char *) output_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" ) == 0 );
09083             }
09084         
09085             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09086         }
09087         FCT_TEST_END();
09088 
09089 
09090         FCT_TEST_BGN(rsassa_pss_signature_example_4_4_verify)
09091         {
09092             unsigned char message_str[1000];
09093             unsigned char hash_result[1000];
09094             unsigned char result_str[1000];
09095             rsa_context ctx;
09096             size_t msg_len;
09097         
09098             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09099             memset( message_str, 0x00, 1000 );
09100             memset( hash_result, 0x00, 1000 );
09101             memset( result_str, 0x00, 1000 );
09102         
09103             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09104             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09105             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09106         
09107             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09108         
09109             msg_len = unhexify( message_str, "6f4f9ab9501199cef55c6cf408fe7b36c557c49d420a4763d2463c8ad44b3cfc5be2742c0e7d9b0f6608f08c7f47b693ee" );
09110             unhexify( result_str, "0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f" );
09111         
09112             switch( SIG_RSA_SHA1 )
09113             {
09114         #ifdef POLARSSL_MD2_C
09115             case SIG_RSA_MD2:
09116                 md2( message_str, msg_len, hash_result );
09117                 break;
09118         #endif
09119         #ifdef POLARSSL_MD4_C
09120             case SIG_RSA_MD4:
09121                 md4( message_str, msg_len, hash_result );
09122                 break;
09123         #endif
09124         #ifdef POLARSSL_MD5_C
09125             case SIG_RSA_MD5:
09126                 md5( message_str, msg_len, hash_result );
09127                 break;
09128         #endif
09129         #ifdef POLARSSL_SHA1_C
09130             case SIG_RSA_SHA1:
09131                 sha1( message_str, msg_len, hash_result );
09132                 break;
09133         #endif
09134         #ifdef POLARSSL_SHA2_C
09135             case SIG_RSA_SHA224:
09136                 sha2( message_str, msg_len, hash_result, 1 );
09137                 break;
09138             case SIG_RSA_SHA256:
09139                 sha2( message_str, msg_len, hash_result, 0 );
09140                 break;
09141         #endif
09142         #ifdef POLARSSL_SHA4_C
09143             case SIG_RSA_SHA384:
09144                 sha4( message_str, msg_len, hash_result, 1 );
09145                 break;
09146             case SIG_RSA_SHA512:
09147                 sha4( message_str, msg_len, hash_result, 0 );
09148                 break;
09149         #endif
09150             }
09151         
09152             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09153         }
09154         FCT_TEST_END();
09155 
09156 
09157         FCT_TEST_BGN(rsassa_pss_signature_example_4_5)
09158         {
09159             unsigned char message_str[1000];
09160             unsigned char hash_result[1000];
09161             unsigned char output[1000];
09162             unsigned char output_str[1000];
09163             unsigned char rnd_buf[1000];
09164             rsa_context ctx;
09165             mpi P1, Q1, H, G;
09166             size_t msg_len;
09167             rnd_buf_info info;
09168         
09169             info.length = unhexify( rnd_buf, "2497dc2b4615dfae5a663d49ffd56bf7efc11304" );
09170             info.buf = rnd_buf;
09171         
09172             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09173             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09174         
09175             memset( message_str, 0x00, 1000 );
09176             memset( hash_result, 0x00, 1000 );
09177             memset( output, 0x00, 1000 );
09178             memset( output_str, 0x00, 1000 );
09179         
09180             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09181             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
09182             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
09183             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09184             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09185         
09186             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09187             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09188             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09189             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09190             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09191             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09192             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09193             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09194         
09195             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09196         
09197             msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
09198         
09199             switch( SIG_RSA_SHA1 )
09200             {
09201         #ifdef POLARSSL_MD2_C
09202             case SIG_RSA_MD2:
09203                 md2( message_str, msg_len, hash_result );
09204                 break;
09205         #endif
09206         #ifdef POLARSSL_MD4_C
09207             case SIG_RSA_MD4:
09208                 md4( message_str, msg_len, hash_result );
09209                 break;
09210         #endif
09211         #ifdef POLARSSL_MD5_C
09212             case SIG_RSA_MD5:
09213                 md5( message_str, msg_len, hash_result );
09214                 break;
09215         #endif
09216         #ifdef POLARSSL_SHA1_C
09217             case SIG_RSA_SHA1:
09218                 sha1( message_str, msg_len, hash_result );
09219                 break;
09220         #endif
09221         #ifdef POLARSSL_SHA2_C
09222             case SIG_RSA_SHA224:
09223                 sha2( message_str, msg_len, hash_result, 1 );
09224                 break;
09225             case SIG_RSA_SHA256:
09226                 sha2( message_str, msg_len, hash_result, 0 );
09227                 break;
09228         #endif
09229         #ifdef POLARSSL_SHA4_C
09230             case SIG_RSA_SHA384:
09231                 sha4( message_str, msg_len, hash_result, 1 );
09232                 break;
09233             case SIG_RSA_SHA512:
09234                 sha4( message_str, msg_len, hash_result, 0 );
09235                 break;
09236         #endif
09237             }
09238         
09239             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09240             if( 0 == 0 )
09241             {
09242                 hexify( output_str, output, ctx.len);
09243         
09244                 fct_chk( strcasecmp( (char *) output_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" ) == 0 );
09245             }
09246         
09247             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09248         }
09249         FCT_TEST_END();
09250 
09251 
09252         FCT_TEST_BGN(rsassa_pss_signature_example_4_5_verify)
09253         {
09254             unsigned char message_str[1000];
09255             unsigned char hash_result[1000];
09256             unsigned char result_str[1000];
09257             rsa_context ctx;
09258             size_t msg_len;
09259         
09260             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09261             memset( message_str, 0x00, 1000 );
09262             memset( hash_result, 0x00, 1000 );
09263             memset( result_str, 0x00, 1000 );
09264         
09265             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09266             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09267             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09268         
09269             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09270         
09271             msg_len = unhexify( message_str, "e17d20385d501955823c3f666254c1d3dd36ad5168b8f18d286fdcf67a7dad94097085fab7ed86fe2142a28771717997ef1a7a08884efc39356d76077aaf82459a7fad45848875f2819b098937fe923bcc9dc442d72d754d812025090c9bc03db3080c138dd63b355d0b4b85d6688ac19f4de15084a0ba4e373b93ef4a555096691915dc23c00e954cdeb20a47cd55d16c3d8681d46ed7f2ed5ea42795be17baed25f0f4d113b3636addd585f16a8b5aec0c8fa9c5f03cbf3b9b73" );
09272             unhexify( result_str, "022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a" );
09273         
09274             switch( SIG_RSA_SHA1 )
09275             {
09276         #ifdef POLARSSL_MD2_C
09277             case SIG_RSA_MD2:
09278                 md2( message_str, msg_len, hash_result );
09279                 break;
09280         #endif
09281         #ifdef POLARSSL_MD4_C
09282             case SIG_RSA_MD4:
09283                 md4( message_str, msg_len, hash_result );
09284                 break;
09285         #endif
09286         #ifdef POLARSSL_MD5_C
09287             case SIG_RSA_MD5:
09288                 md5( message_str, msg_len, hash_result );
09289                 break;
09290         #endif
09291         #ifdef POLARSSL_SHA1_C
09292             case SIG_RSA_SHA1:
09293                 sha1( message_str, msg_len, hash_result );
09294                 break;
09295         #endif
09296         #ifdef POLARSSL_SHA2_C
09297             case SIG_RSA_SHA224:
09298                 sha2( message_str, msg_len, hash_result, 1 );
09299                 break;
09300             case SIG_RSA_SHA256:
09301                 sha2( message_str, msg_len, hash_result, 0 );
09302                 break;
09303         #endif
09304         #ifdef POLARSSL_SHA4_C
09305             case SIG_RSA_SHA384:
09306                 sha4( message_str, msg_len, hash_result, 1 );
09307                 break;
09308             case SIG_RSA_SHA512:
09309                 sha4( message_str, msg_len, hash_result, 0 );
09310                 break;
09311         #endif
09312             }
09313         
09314             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09315         }
09316         FCT_TEST_END();
09317 
09318 
09319         FCT_TEST_BGN(rsassa_pss_signature_example_4_6)
09320         {
09321             unsigned char message_str[1000];
09322             unsigned char hash_result[1000];
09323             unsigned char output[1000];
09324             unsigned char output_str[1000];
09325             unsigned char rnd_buf[1000];
09326             rsa_context ctx;
09327             mpi P1, Q1, H, G;
09328             size_t msg_len;
09329             rnd_buf_info info;
09330         
09331             info.length = unhexify( rnd_buf, "a334db6faebf11081a04f87c2d621cdec7930b9b" );
09332             info.buf = rnd_buf;
09333         
09334             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09335             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09336         
09337             memset( message_str, 0x00, 1000 );
09338             memset( hash_result, 0x00, 1000 );
09339             memset( output, 0x00, 1000 );
09340             memset( output_str, 0x00, 1000 );
09341         
09342             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09343             fct_chk( mpi_read_string( &ctx.P, 16, "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995" ) == 0 );
09344             fct_chk( mpi_read_string( &ctx.Q, 16, "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1" ) == 0 );
09345             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09346             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09347         
09348             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09349             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09350             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09351             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09352             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09353             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09354             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09355             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09356         
09357             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09358         
09359             msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
09360         
09361             switch( SIG_RSA_SHA1 )
09362             {
09363         #ifdef POLARSSL_MD2_C
09364             case SIG_RSA_MD2:
09365                 md2( message_str, msg_len, hash_result );
09366                 break;
09367         #endif
09368         #ifdef POLARSSL_MD4_C
09369             case SIG_RSA_MD4:
09370                 md4( message_str, msg_len, hash_result );
09371                 break;
09372         #endif
09373         #ifdef POLARSSL_MD5_C
09374             case SIG_RSA_MD5:
09375                 md5( message_str, msg_len, hash_result );
09376                 break;
09377         #endif
09378         #ifdef POLARSSL_SHA1_C
09379             case SIG_RSA_SHA1:
09380                 sha1( message_str, msg_len, hash_result );
09381                 break;
09382         #endif
09383         #ifdef POLARSSL_SHA2_C
09384             case SIG_RSA_SHA224:
09385                 sha2( message_str, msg_len, hash_result, 1 );
09386                 break;
09387             case SIG_RSA_SHA256:
09388                 sha2( message_str, msg_len, hash_result, 0 );
09389                 break;
09390         #endif
09391         #ifdef POLARSSL_SHA4_C
09392             case SIG_RSA_SHA384:
09393                 sha4( message_str, msg_len, hash_result, 1 );
09394                 break;
09395             case SIG_RSA_SHA512:
09396                 sha4( message_str, msg_len, hash_result, 0 );
09397                 break;
09398         #endif
09399             }
09400         
09401             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09402             if( 0 == 0 )
09403             {
09404                 hexify( output_str, output, ctx.len);
09405         
09406                 fct_chk( strcasecmp( (char *) output_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" ) == 0 );
09407             }
09408         
09409             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09410         }
09411         FCT_TEST_END();
09412 
09413 
09414         FCT_TEST_BGN(rsassa_pss_signature_example_4_6_verify)
09415         {
09416             unsigned char message_str[1000];
09417             unsigned char hash_result[1000];
09418             unsigned char result_str[1000];
09419             rsa_context ctx;
09420             size_t msg_len;
09421         
09422             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09423             memset( message_str, 0x00, 1000 );
09424             memset( hash_result, 0x00, 1000 );
09425             memset( result_str, 0x00, 1000 );
09426         
09427             ctx.len = 1027 / 8 + ( ( 1027 % 8 ) ? 1 : 0 );
09428             fct_chk( mpi_read_string( &ctx.N, 16, "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705" ) == 0 );
09429             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09430         
09431             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09432         
09433             msg_len = unhexify( message_str, "afbc19d479249018fdf4e09f618726440495de11ddeee38872d775fcea74a23896b5343c9c38d46af0dba224d047580cc60a65e9391cf9b59b36a860598d4e8216722f993b91cfae87bc255af89a6a199bca4a391eadbc3a24903c0bd667368f6be78e3feabfb4ffd463122763740ffbbefeab9a25564bc5d1c24c93e422f75073e2ad72bf45b10df00b52a147128e73fee33fa3f0577d77f80fbc2df1bed313290c12777f50" );
09434             unhexify( result_str, "00938dcb6d583046065f69c78da7a1f1757066a7fa75125a9d2929f0b79a60b627b082f11f5b196f28eb9daa6f21c05e5140f6aef1737d2023075c05ecf04a028c686a2ab3e7d5a0664f295ce12995e890908b6ad21f0839eb65b70393a7b5afd9871de0caa0cedec5b819626756209d13ab1e7bb9546a26ff37e9a51af9fd562e" );
09435         
09436             switch( SIG_RSA_SHA1 )
09437             {
09438         #ifdef POLARSSL_MD2_C
09439             case SIG_RSA_MD2:
09440                 md2( message_str, msg_len, hash_result );
09441                 break;
09442         #endif
09443         #ifdef POLARSSL_MD4_C
09444             case SIG_RSA_MD4:
09445                 md4( message_str, msg_len, hash_result );
09446                 break;
09447         #endif
09448         #ifdef POLARSSL_MD5_C
09449             case SIG_RSA_MD5:
09450                 md5( message_str, msg_len, hash_result );
09451                 break;
09452         #endif
09453         #ifdef POLARSSL_SHA1_C
09454             case SIG_RSA_SHA1:
09455                 sha1( message_str, msg_len, hash_result );
09456                 break;
09457         #endif
09458         #ifdef POLARSSL_SHA2_C
09459             case SIG_RSA_SHA224:
09460                 sha2( message_str, msg_len, hash_result, 1 );
09461                 break;
09462             case SIG_RSA_SHA256:
09463                 sha2( message_str, msg_len, hash_result, 0 );
09464                 break;
09465         #endif
09466         #ifdef POLARSSL_SHA4_C
09467             case SIG_RSA_SHA384:
09468                 sha4( message_str, msg_len, hash_result, 1 );
09469                 break;
09470             case SIG_RSA_SHA512:
09471                 sha4( message_str, msg_len, hash_result, 0 );
09472                 break;
09473         #endif
09474             }
09475         
09476             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09477         }
09478         FCT_TEST_END();
09479 
09480 
09481         FCT_TEST_BGN(rsassa_pss_signature_example_5_1)
09482         {
09483             unsigned char message_str[1000];
09484             unsigned char hash_result[1000];
09485             unsigned char output[1000];
09486             unsigned char output_str[1000];
09487             unsigned char rnd_buf[1000];
09488             rsa_context ctx;
09489             mpi P1, Q1, H, G;
09490             size_t msg_len;
09491             rnd_buf_info info;
09492         
09493             info.length = unhexify( rnd_buf, "081b233b43567750bd6e78f396a88b9f6a445151" );
09494             info.buf = rnd_buf;
09495         
09496             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09497             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09498         
09499             memset( message_str, 0x00, 1000 );
09500             memset( hash_result, 0x00, 1000 );
09501             memset( output, 0x00, 1000 );
09502             memset( output_str, 0x00, 1000 );
09503         
09504             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09505             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
09506             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
09507             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09508             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09509         
09510             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09511             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09512             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09513             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09514             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09515             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09516             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09517             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09518         
09519             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09520         
09521             msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
09522         
09523             switch( SIG_RSA_SHA1 )
09524             {
09525         #ifdef POLARSSL_MD2_C
09526             case SIG_RSA_MD2:
09527                 md2( message_str, msg_len, hash_result );
09528                 break;
09529         #endif
09530         #ifdef POLARSSL_MD4_C
09531             case SIG_RSA_MD4:
09532                 md4( message_str, msg_len, hash_result );
09533                 break;
09534         #endif
09535         #ifdef POLARSSL_MD5_C
09536             case SIG_RSA_MD5:
09537                 md5( message_str, msg_len, hash_result );
09538                 break;
09539         #endif
09540         #ifdef POLARSSL_SHA1_C
09541             case SIG_RSA_SHA1:
09542                 sha1( message_str, msg_len, hash_result );
09543                 break;
09544         #endif
09545         #ifdef POLARSSL_SHA2_C
09546             case SIG_RSA_SHA224:
09547                 sha2( message_str, msg_len, hash_result, 1 );
09548                 break;
09549             case SIG_RSA_SHA256:
09550                 sha2( message_str, msg_len, hash_result, 0 );
09551                 break;
09552         #endif
09553         #ifdef POLARSSL_SHA4_C
09554             case SIG_RSA_SHA384:
09555                 sha4( message_str, msg_len, hash_result, 1 );
09556                 break;
09557             case SIG_RSA_SHA512:
09558                 sha4( message_str, msg_len, hash_result, 0 );
09559                 break;
09560         #endif
09561             }
09562         
09563             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09564             if( 0 == 0 )
09565             {
09566                 hexify( output_str, output, ctx.len);
09567         
09568                 fct_chk( strcasecmp( (char *) output_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" ) == 0 );
09569             }
09570         
09571             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09572         }
09573         FCT_TEST_END();
09574 
09575 
09576         FCT_TEST_BGN(rsassa_pss_signature_example_5_1_verify)
09577         {
09578             unsigned char message_str[1000];
09579             unsigned char hash_result[1000];
09580             unsigned char result_str[1000];
09581             rsa_context ctx;
09582             size_t msg_len;
09583         
09584             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09585             memset( message_str, 0x00, 1000 );
09586             memset( hash_result, 0x00, 1000 );
09587             memset( result_str, 0x00, 1000 );
09588         
09589             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09590             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09591             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09592         
09593             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09594         
09595             msg_len = unhexify( message_str, "30c7d557458b436decfdc14d06cb7b96b06718c48d7de57482a868ae7f065870a6216506d11b779323dfdf046cf5775129134b4d5689e4d9c0ce1e12d7d4b06cb5fc5820decfa41baf59bf257b32f025b7679b445b9499c92555145885992f1b76f84891ee4d3be0f5150fd5901e3a4c8ed43fd36b61d022e65ad5008dbf33293c22bfbfd07321f0f1d5fa9fdf0014c2fcb0358aad0e354b0d29" );
09596             unhexify( result_str, "0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d" );
09597         
09598             switch( SIG_RSA_SHA1 )
09599             {
09600         #ifdef POLARSSL_MD2_C
09601             case SIG_RSA_MD2:
09602                 md2( message_str, msg_len, hash_result );
09603                 break;
09604         #endif
09605         #ifdef POLARSSL_MD4_C
09606             case SIG_RSA_MD4:
09607                 md4( message_str, msg_len, hash_result );
09608                 break;
09609         #endif
09610         #ifdef POLARSSL_MD5_C
09611             case SIG_RSA_MD5:
09612                 md5( message_str, msg_len, hash_result );
09613                 break;
09614         #endif
09615         #ifdef POLARSSL_SHA1_C
09616             case SIG_RSA_SHA1:
09617                 sha1( message_str, msg_len, hash_result );
09618                 break;
09619         #endif
09620         #ifdef POLARSSL_SHA2_C
09621             case SIG_RSA_SHA224:
09622                 sha2( message_str, msg_len, hash_result, 1 );
09623                 break;
09624             case SIG_RSA_SHA256:
09625                 sha2( message_str, msg_len, hash_result, 0 );
09626                 break;
09627         #endif
09628         #ifdef POLARSSL_SHA4_C
09629             case SIG_RSA_SHA384:
09630                 sha4( message_str, msg_len, hash_result, 1 );
09631                 break;
09632             case SIG_RSA_SHA512:
09633                 sha4( message_str, msg_len, hash_result, 0 );
09634                 break;
09635         #endif
09636             }
09637         
09638             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09639         }
09640         FCT_TEST_END();
09641 
09642 
09643         FCT_TEST_BGN(rsassa_pss_signature_example_5_2)
09644         {
09645             unsigned char message_str[1000];
09646             unsigned char hash_result[1000];
09647             unsigned char output[1000];
09648             unsigned char output_str[1000];
09649             unsigned char rnd_buf[1000];
09650             rsa_context ctx;
09651             mpi P1, Q1, H, G;
09652             size_t msg_len;
09653             rnd_buf_info info;
09654         
09655             info.length = unhexify( rnd_buf, "bd0ce19549d0700120cbe51077dbbbb00a8d8b09" );
09656             info.buf = rnd_buf;
09657         
09658             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09659             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09660         
09661             memset( message_str, 0x00, 1000 );
09662             memset( hash_result, 0x00, 1000 );
09663             memset( output, 0x00, 1000 );
09664             memset( output_str, 0x00, 1000 );
09665         
09666             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09667             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
09668             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
09669             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09670             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09671         
09672             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09673             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09674             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09675             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09676             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09677             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09678             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09679             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09680         
09681             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09682         
09683             msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
09684         
09685             switch( SIG_RSA_SHA1 )
09686             {
09687         #ifdef POLARSSL_MD2_C
09688             case SIG_RSA_MD2:
09689                 md2( message_str, msg_len, hash_result );
09690                 break;
09691         #endif
09692         #ifdef POLARSSL_MD4_C
09693             case SIG_RSA_MD4:
09694                 md4( message_str, msg_len, hash_result );
09695                 break;
09696         #endif
09697         #ifdef POLARSSL_MD5_C
09698             case SIG_RSA_MD5:
09699                 md5( message_str, msg_len, hash_result );
09700                 break;
09701         #endif
09702         #ifdef POLARSSL_SHA1_C
09703             case SIG_RSA_SHA1:
09704                 sha1( message_str, msg_len, hash_result );
09705                 break;
09706         #endif
09707         #ifdef POLARSSL_SHA2_C
09708             case SIG_RSA_SHA224:
09709                 sha2( message_str, msg_len, hash_result, 1 );
09710                 break;
09711             case SIG_RSA_SHA256:
09712                 sha2( message_str, msg_len, hash_result, 0 );
09713                 break;
09714         #endif
09715         #ifdef POLARSSL_SHA4_C
09716             case SIG_RSA_SHA384:
09717                 sha4( message_str, msg_len, hash_result, 1 );
09718                 break;
09719             case SIG_RSA_SHA512:
09720                 sha4( message_str, msg_len, hash_result, 0 );
09721                 break;
09722         #endif
09723             }
09724         
09725             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09726             if( 0 == 0 )
09727             {
09728                 hexify( output_str, output, ctx.len);
09729         
09730                 fct_chk( strcasecmp( (char *) output_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" ) == 0 );
09731             }
09732         
09733             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09734         }
09735         FCT_TEST_END();
09736 
09737 
09738         FCT_TEST_BGN(rsassa_pss_signature_example_5_2_verify)
09739         {
09740             unsigned char message_str[1000];
09741             unsigned char hash_result[1000];
09742             unsigned char result_str[1000];
09743             rsa_context ctx;
09744             size_t msg_len;
09745         
09746             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09747             memset( message_str, 0x00, 1000 );
09748             memset( hash_result, 0x00, 1000 );
09749             memset( result_str, 0x00, 1000 );
09750         
09751             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09752             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09753             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09754         
09755             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09756         
09757             msg_len = unhexify( message_str, "e7b32e1556ea1b2795046ac69739d22ac8966bf11c116f614b166740e96b90653e5750945fcf772186c03790a07fda323e1a61916b06ee2157db3dff80d67d5e39a53ae268c8f09ed99a732005b0bc6a04af4e08d57a00e7201b3060efaadb73113bfc087fd837093aa25235b8c149f56215f031c24ad5bde7f29960df7d524070f7449c6f785084be1a0f733047f336f9154738674547db02a9f44dfc6e60301081e1ce99847f3b5b601ff06b4d5776a9740b9aa0d34058fd3b906e4f7859dfb07d7173e5e6f6350adac21f27b2307469" );
09758             unhexify( result_str, "08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e" );
09759         
09760             switch( SIG_RSA_SHA1 )
09761             {
09762         #ifdef POLARSSL_MD2_C
09763             case SIG_RSA_MD2:
09764                 md2( message_str, msg_len, hash_result );
09765                 break;
09766         #endif
09767         #ifdef POLARSSL_MD4_C
09768             case SIG_RSA_MD4:
09769                 md4( message_str, msg_len, hash_result );
09770                 break;
09771         #endif
09772         #ifdef POLARSSL_MD5_C
09773             case SIG_RSA_MD5:
09774                 md5( message_str, msg_len, hash_result );
09775                 break;
09776         #endif
09777         #ifdef POLARSSL_SHA1_C
09778             case SIG_RSA_SHA1:
09779                 sha1( message_str, msg_len, hash_result );
09780                 break;
09781         #endif
09782         #ifdef POLARSSL_SHA2_C
09783             case SIG_RSA_SHA224:
09784                 sha2( message_str, msg_len, hash_result, 1 );
09785                 break;
09786             case SIG_RSA_SHA256:
09787                 sha2( message_str, msg_len, hash_result, 0 );
09788                 break;
09789         #endif
09790         #ifdef POLARSSL_SHA4_C
09791             case SIG_RSA_SHA384:
09792                 sha4( message_str, msg_len, hash_result, 1 );
09793                 break;
09794             case SIG_RSA_SHA512:
09795                 sha4( message_str, msg_len, hash_result, 0 );
09796                 break;
09797         #endif
09798             }
09799         
09800             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09801         }
09802         FCT_TEST_END();
09803 
09804 
09805         FCT_TEST_BGN(rsassa_pss_signature_example_5_3)
09806         {
09807             unsigned char message_str[1000];
09808             unsigned char hash_result[1000];
09809             unsigned char output[1000];
09810             unsigned char output_str[1000];
09811             unsigned char rnd_buf[1000];
09812             rsa_context ctx;
09813             mpi P1, Q1, H, G;
09814             size_t msg_len;
09815             rnd_buf_info info;
09816         
09817             info.length = unhexify( rnd_buf, "815779a91b3a8bd049bf2aeb920142772222c9ca" );
09818             info.buf = rnd_buf;
09819         
09820             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09821             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09822         
09823             memset( message_str, 0x00, 1000 );
09824             memset( hash_result, 0x00, 1000 );
09825             memset( output, 0x00, 1000 );
09826             memset( output_str, 0x00, 1000 );
09827         
09828             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09829             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
09830             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
09831             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09832             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09833         
09834             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09835             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09836             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09837             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
09838             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
09839             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
09840             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
09841             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
09842         
09843             fct_chk( rsa_check_privkey( &ctx ) == 0 );
09844         
09845             msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
09846         
09847             switch( SIG_RSA_SHA1 )
09848             {
09849         #ifdef POLARSSL_MD2_C
09850             case SIG_RSA_MD2:
09851                 md2( message_str, msg_len, hash_result );
09852                 break;
09853         #endif
09854         #ifdef POLARSSL_MD4_C
09855             case SIG_RSA_MD4:
09856                 md4( message_str, msg_len, hash_result );
09857                 break;
09858         #endif
09859         #ifdef POLARSSL_MD5_C
09860             case SIG_RSA_MD5:
09861                 md5( message_str, msg_len, hash_result );
09862                 break;
09863         #endif
09864         #ifdef POLARSSL_SHA1_C
09865             case SIG_RSA_SHA1:
09866                 sha1( message_str, msg_len, hash_result );
09867                 break;
09868         #endif
09869         #ifdef POLARSSL_SHA2_C
09870             case SIG_RSA_SHA224:
09871                 sha2( message_str, msg_len, hash_result, 1 );
09872                 break;
09873             case SIG_RSA_SHA256:
09874                 sha2( message_str, msg_len, hash_result, 0 );
09875                 break;
09876         #endif
09877         #ifdef POLARSSL_SHA4_C
09878             case SIG_RSA_SHA384:
09879                 sha4( message_str, msg_len, hash_result, 1 );
09880                 break;
09881             case SIG_RSA_SHA512:
09882                 sha4( message_str, msg_len, hash_result, 0 );
09883                 break;
09884         #endif
09885             }
09886         
09887             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
09888             if( 0 == 0 )
09889             {
09890                 hexify( output_str, output, ctx.len);
09891         
09892                 fct_chk( strcasecmp( (char *) output_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" ) == 0 );
09893             }
09894         
09895             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
09896         }
09897         FCT_TEST_END();
09898 
09899 
09900         FCT_TEST_BGN(rsassa_pss_signature_example_5_3_verify)
09901         {
09902             unsigned char message_str[1000];
09903             unsigned char hash_result[1000];
09904             unsigned char result_str[1000];
09905             rsa_context ctx;
09906             size_t msg_len;
09907         
09908             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09909             memset( message_str, 0x00, 1000 );
09910             memset( hash_result, 0x00, 1000 );
09911             memset( result_str, 0x00, 1000 );
09912         
09913             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09914             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09915             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09916         
09917             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
09918         
09919             msg_len = unhexify( message_str, "8d8396e36507fe1ef6a19017548e0c716674c2fec233adb2f775665ec41f2bd0ba396b061a9daa7e866f7c23fd3531954300a342f924535ea1498c48f6c879932865fc02000c528723b7ad0335745b51209a0afed932af8f0887c219004d2abd894ea92559ee3198af3a734fe9b9638c263a728ad95a5ae8ce3eb15839f3aa7852bb390706e7760e43a71291a2e3f827237deda851874c517665f545f27238df86557f375d09ccd8bd15d8ccf61f5d78ca5c7f5cde782e6bf5d0057056d4bad98b3d2f9575e824ab7a33ff57b0ac100ab0d6ead7aa0b50f6e4d3e5ec0b966b" );
09920             unhexify( result_str, "05e0fdbdf6f756ef733185ccfa8ced2eb6d029d9d56e35561b5db8e70257ee6fd019d2f0bbf669fe9b9821e78df6d41e31608d58280f318ee34f559941c8df13287574bac000b7e58dc4f414ba49fb127f9d0f8936638c76e85356c994f79750f7fa3cf4fd482df75e3fb9978cd061f7abb17572e6e63e0bde12cbdcf18c68b979" );
09921         
09922             switch( SIG_RSA_SHA1 )
09923             {
09924         #ifdef POLARSSL_MD2_C
09925             case SIG_RSA_MD2:
09926                 md2( message_str, msg_len, hash_result );
09927                 break;
09928         #endif
09929         #ifdef POLARSSL_MD4_C
09930             case SIG_RSA_MD4:
09931                 md4( message_str, msg_len, hash_result );
09932                 break;
09933         #endif
09934         #ifdef POLARSSL_MD5_C
09935             case SIG_RSA_MD5:
09936                 md5( message_str, msg_len, hash_result );
09937                 break;
09938         #endif
09939         #ifdef POLARSSL_SHA1_C
09940             case SIG_RSA_SHA1:
09941                 sha1( message_str, msg_len, hash_result );
09942                 break;
09943         #endif
09944         #ifdef POLARSSL_SHA2_C
09945             case SIG_RSA_SHA224:
09946                 sha2( message_str, msg_len, hash_result, 1 );
09947                 break;
09948             case SIG_RSA_SHA256:
09949                 sha2( message_str, msg_len, hash_result, 0 );
09950                 break;
09951         #endif
09952         #ifdef POLARSSL_SHA4_C
09953             case SIG_RSA_SHA384:
09954                 sha4( message_str, msg_len, hash_result, 1 );
09955                 break;
09956             case SIG_RSA_SHA512:
09957                 sha4( message_str, msg_len, hash_result, 0 );
09958                 break;
09959         #endif
09960             }
09961         
09962             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
09963         }
09964         FCT_TEST_END();
09965 
09966 
09967         FCT_TEST_BGN(rsassa_pss_signature_example_5_4)
09968         {
09969             unsigned char message_str[1000];
09970             unsigned char hash_result[1000];
09971             unsigned char output[1000];
09972             unsigned char output_str[1000];
09973             unsigned char rnd_buf[1000];
09974             rsa_context ctx;
09975             mpi P1, Q1, H, G;
09976             size_t msg_len;
09977             rnd_buf_info info;
09978         
09979             info.length = unhexify( rnd_buf, "9aec4a7480d5bbc42920d7ca235db674989c9aac" );
09980             info.buf = rnd_buf;
09981         
09982             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
09983             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
09984         
09985             memset( message_str, 0x00, 1000 );
09986             memset( hash_result, 0x00, 1000 );
09987             memset( output, 0x00, 1000 );
09988             memset( output_str, 0x00, 1000 );
09989         
09990             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
09991             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
09992             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
09993             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
09994             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
09995         
09996             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
09997             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
09998             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
09999             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10000             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10001             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10002             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10003             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10004         
10005             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10006         
10007             msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10008         
10009             switch( SIG_RSA_SHA1 )
10010             {
10011         #ifdef POLARSSL_MD2_C
10012             case SIG_RSA_MD2:
10013                 md2( message_str, msg_len, hash_result );
10014                 break;
10015         #endif
10016         #ifdef POLARSSL_MD4_C
10017             case SIG_RSA_MD4:
10018                 md4( message_str, msg_len, hash_result );
10019                 break;
10020         #endif
10021         #ifdef POLARSSL_MD5_C
10022             case SIG_RSA_MD5:
10023                 md5( message_str, msg_len, hash_result );
10024                 break;
10025         #endif
10026         #ifdef POLARSSL_SHA1_C
10027             case SIG_RSA_SHA1:
10028                 sha1( message_str, msg_len, hash_result );
10029                 break;
10030         #endif
10031         #ifdef POLARSSL_SHA2_C
10032             case SIG_RSA_SHA224:
10033                 sha2( message_str, msg_len, hash_result, 1 );
10034                 break;
10035             case SIG_RSA_SHA256:
10036                 sha2( message_str, msg_len, hash_result, 0 );
10037                 break;
10038         #endif
10039         #ifdef POLARSSL_SHA4_C
10040             case SIG_RSA_SHA384:
10041                 sha4( message_str, msg_len, hash_result, 1 );
10042                 break;
10043             case SIG_RSA_SHA512:
10044                 sha4( message_str, msg_len, hash_result, 0 );
10045                 break;
10046         #endif
10047             }
10048         
10049             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10050             if( 0 == 0 )
10051             {
10052                 hexify( output_str, output, ctx.len);
10053         
10054                 fct_chk( strcasecmp( (char *) output_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" ) == 0 );
10055             }
10056         
10057             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10058         }
10059         FCT_TEST_END();
10060 
10061 
10062         FCT_TEST_BGN(rsassa_pss_signature_example_5_4_verify)
10063         {
10064             unsigned char message_str[1000];
10065             unsigned char hash_result[1000];
10066             unsigned char result_str[1000];
10067             rsa_context ctx;
10068             size_t msg_len;
10069         
10070             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10071             memset( message_str, 0x00, 1000 );
10072             memset( hash_result, 0x00, 1000 );
10073             memset( result_str, 0x00, 1000 );
10074         
10075             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10076             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10077             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10078         
10079             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10080         
10081             msg_len = unhexify( message_str, "328c659e0a6437433cceb73c14" );
10082             unhexify( result_str, "0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1" );
10083         
10084             switch( SIG_RSA_SHA1 )
10085             {
10086         #ifdef POLARSSL_MD2_C
10087             case SIG_RSA_MD2:
10088                 md2( message_str, msg_len, hash_result );
10089                 break;
10090         #endif
10091         #ifdef POLARSSL_MD4_C
10092             case SIG_RSA_MD4:
10093                 md4( message_str, msg_len, hash_result );
10094                 break;
10095         #endif
10096         #ifdef POLARSSL_MD5_C
10097             case SIG_RSA_MD5:
10098                 md5( message_str, msg_len, hash_result );
10099                 break;
10100         #endif
10101         #ifdef POLARSSL_SHA1_C
10102             case SIG_RSA_SHA1:
10103                 sha1( message_str, msg_len, hash_result );
10104                 break;
10105         #endif
10106         #ifdef POLARSSL_SHA2_C
10107             case SIG_RSA_SHA224:
10108                 sha2( message_str, msg_len, hash_result, 1 );
10109                 break;
10110             case SIG_RSA_SHA256:
10111                 sha2( message_str, msg_len, hash_result, 0 );
10112                 break;
10113         #endif
10114         #ifdef POLARSSL_SHA4_C
10115             case SIG_RSA_SHA384:
10116                 sha4( message_str, msg_len, hash_result, 1 );
10117                 break;
10118             case SIG_RSA_SHA512:
10119                 sha4( message_str, msg_len, hash_result, 0 );
10120                 break;
10121         #endif
10122             }
10123         
10124             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10125         }
10126         FCT_TEST_END();
10127 
10128 
10129         FCT_TEST_BGN(rsassa_pss_signature_example_5_5)
10130         {
10131             unsigned char message_str[1000];
10132             unsigned char hash_result[1000];
10133             unsigned char output[1000];
10134             unsigned char output_str[1000];
10135             unsigned char rnd_buf[1000];
10136             rsa_context ctx;
10137             mpi P1, Q1, H, G;
10138             size_t msg_len;
10139             rnd_buf_info info;
10140         
10141             info.length = unhexify( rnd_buf, "e20c1e9878512c39970f58375e1549a68b64f31d" );
10142             info.buf = rnd_buf;
10143         
10144             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10145             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10146         
10147             memset( message_str, 0x00, 1000 );
10148             memset( hash_result, 0x00, 1000 );
10149             memset( output, 0x00, 1000 );
10150             memset( output_str, 0x00, 1000 );
10151         
10152             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10153             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10154             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10155             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10156             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10157         
10158             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10159             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10160             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10161             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10162             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10163             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10164             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10165             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10166         
10167             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10168         
10169             msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10170         
10171             switch( SIG_RSA_SHA1 )
10172             {
10173         #ifdef POLARSSL_MD2_C
10174             case SIG_RSA_MD2:
10175                 md2( message_str, msg_len, hash_result );
10176                 break;
10177         #endif
10178         #ifdef POLARSSL_MD4_C
10179             case SIG_RSA_MD4:
10180                 md4( message_str, msg_len, hash_result );
10181                 break;
10182         #endif
10183         #ifdef POLARSSL_MD5_C
10184             case SIG_RSA_MD5:
10185                 md5( message_str, msg_len, hash_result );
10186                 break;
10187         #endif
10188         #ifdef POLARSSL_SHA1_C
10189             case SIG_RSA_SHA1:
10190                 sha1( message_str, msg_len, hash_result );
10191                 break;
10192         #endif
10193         #ifdef POLARSSL_SHA2_C
10194             case SIG_RSA_SHA224:
10195                 sha2( message_str, msg_len, hash_result, 1 );
10196                 break;
10197             case SIG_RSA_SHA256:
10198                 sha2( message_str, msg_len, hash_result, 0 );
10199                 break;
10200         #endif
10201         #ifdef POLARSSL_SHA4_C
10202             case SIG_RSA_SHA384:
10203                 sha4( message_str, msg_len, hash_result, 1 );
10204                 break;
10205             case SIG_RSA_SHA512:
10206                 sha4( message_str, msg_len, hash_result, 0 );
10207                 break;
10208         #endif
10209             }
10210         
10211             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10212             if( 0 == 0 )
10213             {
10214                 hexify( output_str, output, ctx.len);
10215         
10216                 fct_chk( strcasecmp( (char *) output_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" ) == 0 );
10217             }
10218         
10219             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10220         }
10221         FCT_TEST_END();
10222 
10223 
10224         FCT_TEST_BGN(rsassa_pss_signature_example_5_5_verify)
10225         {
10226             unsigned char message_str[1000];
10227             unsigned char hash_result[1000];
10228             unsigned char result_str[1000];
10229             rsa_context ctx;
10230             size_t msg_len;
10231         
10232             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10233             memset( message_str, 0x00, 1000 );
10234             memset( hash_result, 0x00, 1000 );
10235             memset( result_str, 0x00, 1000 );
10236         
10237             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10238             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10239             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10240         
10241             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10242         
10243             msg_len = unhexify( message_str, "f37b962379a47d415a376eec8973150bcb34edd5ab654041b61430560c2144582ba133c867d852d6b8e23321901302ecb45b09ec88b1527178fa043263f3067d9ffe973032a99f4cb08ad2c7e0a2456cdd57a7df56fe6053527a5aeb67d7e552063c1ca97b1beffa7b39e997caf27878ea0f62cbebc8c21df4c889a202851e949088490c249b6e9acf1d8063f5be2343989bf95c4da01a2be78b4ab6b378015bc37957f76948b5e58e440c28453d40d7cfd57e7d690600474ab5e75973b1ea0c5f1e45d14190afe2f4eb6d3bdf71f1d2f8bb156a1c295d04aaeb9d689dce79ed62bc443e" );
10244             unhexify( result_str, "0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd" );
10245         
10246             switch( SIG_RSA_SHA1 )
10247             {
10248         #ifdef POLARSSL_MD2_C
10249             case SIG_RSA_MD2:
10250                 md2( message_str, msg_len, hash_result );
10251                 break;
10252         #endif
10253         #ifdef POLARSSL_MD4_C
10254             case SIG_RSA_MD4:
10255                 md4( message_str, msg_len, hash_result );
10256                 break;
10257         #endif
10258         #ifdef POLARSSL_MD5_C
10259             case SIG_RSA_MD5:
10260                 md5( message_str, msg_len, hash_result );
10261                 break;
10262         #endif
10263         #ifdef POLARSSL_SHA1_C
10264             case SIG_RSA_SHA1:
10265                 sha1( message_str, msg_len, hash_result );
10266                 break;
10267         #endif
10268         #ifdef POLARSSL_SHA2_C
10269             case SIG_RSA_SHA224:
10270                 sha2( message_str, msg_len, hash_result, 1 );
10271                 break;
10272             case SIG_RSA_SHA256:
10273                 sha2( message_str, msg_len, hash_result, 0 );
10274                 break;
10275         #endif
10276         #ifdef POLARSSL_SHA4_C
10277             case SIG_RSA_SHA384:
10278                 sha4( message_str, msg_len, hash_result, 1 );
10279                 break;
10280             case SIG_RSA_SHA512:
10281                 sha4( message_str, msg_len, hash_result, 0 );
10282                 break;
10283         #endif
10284             }
10285         
10286             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10287         }
10288         FCT_TEST_END();
10289 
10290 
10291         FCT_TEST_BGN(rsassa_pss_signature_example_5_6)
10292         {
10293             unsigned char message_str[1000];
10294             unsigned char hash_result[1000];
10295             unsigned char output[1000];
10296             unsigned char output_str[1000];
10297             unsigned char rnd_buf[1000];
10298             rsa_context ctx;
10299             mpi P1, Q1, H, G;
10300             size_t msg_len;
10301             rnd_buf_info info;
10302         
10303             info.length = unhexify( rnd_buf, "23291e4a3307e8bbb776623ab34e4a5f4cc8a8db" );
10304             info.buf = rnd_buf;
10305         
10306             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10307             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10308         
10309             memset( message_str, 0x00, 1000 );
10310             memset( hash_result, 0x00, 1000 );
10311             memset( output, 0x00, 1000 );
10312             memset( output_str, 0x00, 1000 );
10313         
10314             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10315             fct_chk( mpi_read_string( &ctx.P, 16, "03f2f331f4142d4f24b43aa10279a89652d4e7537221a1a7b2a25deb551e5de9ac497411c227a94e45f91c2d1c13cc046cf4ce14e32d058734210d44a87ee1b73f" ) == 0 );
10316             fct_chk( mpi_read_string( &ctx.Q, 16, "034f090d73b55803030cf0361a5d8081bfb79f851523feac0a2124d08d4013ff08487771a870d0479dc0686c62f7718dfecf024b17c9267678059171339cc00839" ) == 0 );
10317             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10318             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10319         
10320             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10321             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10322             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10323             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10324             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10325             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10326             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10327             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10328         
10329             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10330         
10331             msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10332         
10333             switch( SIG_RSA_SHA1 )
10334             {
10335         #ifdef POLARSSL_MD2_C
10336             case SIG_RSA_MD2:
10337                 md2( message_str, msg_len, hash_result );
10338                 break;
10339         #endif
10340         #ifdef POLARSSL_MD4_C
10341             case SIG_RSA_MD4:
10342                 md4( message_str, msg_len, hash_result );
10343                 break;
10344         #endif
10345         #ifdef POLARSSL_MD5_C
10346             case SIG_RSA_MD5:
10347                 md5( message_str, msg_len, hash_result );
10348                 break;
10349         #endif
10350         #ifdef POLARSSL_SHA1_C
10351             case SIG_RSA_SHA1:
10352                 sha1( message_str, msg_len, hash_result );
10353                 break;
10354         #endif
10355         #ifdef POLARSSL_SHA2_C
10356             case SIG_RSA_SHA224:
10357                 sha2( message_str, msg_len, hash_result, 1 );
10358                 break;
10359             case SIG_RSA_SHA256:
10360                 sha2( message_str, msg_len, hash_result, 0 );
10361                 break;
10362         #endif
10363         #ifdef POLARSSL_SHA4_C
10364             case SIG_RSA_SHA384:
10365                 sha4( message_str, msg_len, hash_result, 1 );
10366                 break;
10367             case SIG_RSA_SHA512:
10368                 sha4( message_str, msg_len, hash_result, 0 );
10369                 break;
10370         #endif
10371             }
10372         
10373             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10374             if( 0 == 0 )
10375             {
10376                 hexify( output_str, output, ctx.len);
10377         
10378                 fct_chk( strcasecmp( (char *) output_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" ) == 0 );
10379             }
10380         
10381             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10382         }
10383         FCT_TEST_END();
10384 
10385 
10386         FCT_TEST_BGN(rsassa_pss_signature_example_5_6_verify)
10387         {
10388             unsigned char message_str[1000];
10389             unsigned char hash_result[1000];
10390             unsigned char result_str[1000];
10391             rsa_context ctx;
10392             size_t msg_len;
10393         
10394             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10395             memset( message_str, 0x00, 1000 );
10396             memset( hash_result, 0x00, 1000 );
10397             memset( result_str, 0x00, 1000 );
10398         
10399             ctx.len = 1028 / 8 + ( ( 1028 % 8 ) ? 1 : 0 );
10400             fct_chk( mpi_read_string( &ctx.N, 16, "0d10f661f29940f5ed39aa260966deb47843679d2b6fb25b3de370f3ac7c19916391fd25fb527ebfa6a4b4df45a1759d996c4bb4ebd18828c44fc52d0191871740525f47a4b0cc8da325ed8aa676b0d0f626e0a77f07692170acac8082f42faa7dc7cd123e730e31a87985204cabcbe6670d43a2dd2b2ddef5e05392fc213bc507" ) == 0 );
10401             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10402         
10403             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10404         
10405             msg_len = unhexify( message_str, "c6103c330c1ef718c141e47b8fa859be4d5b96259e7d142070ecd485839dba5a8369c17c1114035e532d195c74f44a0476a2d3e8a4da210016caced0e367cb867710a4b5aa2df2b8e5daf5fdc647807d4d5ebb6c56b9763ccdae4dea3308eb0ac2a89501cb209d2639fa5bf87ce790747d3cb2d295e84564f2f637824f0c13028129b0aa4a422d162282" );
10406             unhexify( result_str, "02802dccfa8dfaf5279bf0b4a29ba1b157611faeaaf419b8919d15941900c1339e7e92e6fae562c53e6cc8e84104b110bce03ad18525e3c49a0eadad5d3f28f244a8ed89edbafbb686277cfa8ae909714d6b28f4bf8e293aa04c41efe7c0a81266d5c061e2575be032aa464674ff71626219bd74cc45f0e7ed4e3ff96eee758e8f" );
10407         
10408             switch( SIG_RSA_SHA1 )
10409             {
10410         #ifdef POLARSSL_MD2_C
10411             case SIG_RSA_MD2:
10412                 md2( message_str, msg_len, hash_result );
10413                 break;
10414         #endif
10415         #ifdef POLARSSL_MD4_C
10416             case SIG_RSA_MD4:
10417                 md4( message_str, msg_len, hash_result );
10418                 break;
10419         #endif
10420         #ifdef POLARSSL_MD5_C
10421             case SIG_RSA_MD5:
10422                 md5( message_str, msg_len, hash_result );
10423                 break;
10424         #endif
10425         #ifdef POLARSSL_SHA1_C
10426             case SIG_RSA_SHA1:
10427                 sha1( message_str, msg_len, hash_result );
10428                 break;
10429         #endif
10430         #ifdef POLARSSL_SHA2_C
10431             case SIG_RSA_SHA224:
10432                 sha2( message_str, msg_len, hash_result, 1 );
10433                 break;
10434             case SIG_RSA_SHA256:
10435                 sha2( message_str, msg_len, hash_result, 0 );
10436                 break;
10437         #endif
10438         #ifdef POLARSSL_SHA4_C
10439             case SIG_RSA_SHA384:
10440                 sha4( message_str, msg_len, hash_result, 1 );
10441                 break;
10442             case SIG_RSA_SHA512:
10443                 sha4( message_str, msg_len, hash_result, 0 );
10444                 break;
10445         #endif
10446             }
10447         
10448             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10449         }
10450         FCT_TEST_END();
10451 
10452 
10453         FCT_TEST_BGN(rsassa_pss_signature_example_6_1)
10454         {
10455             unsigned char message_str[1000];
10456             unsigned char hash_result[1000];
10457             unsigned char output[1000];
10458             unsigned char output_str[1000];
10459             unsigned char rnd_buf[1000];
10460             rsa_context ctx;
10461             mpi P1, Q1, H, G;
10462             size_t msg_len;
10463             rnd_buf_info info;
10464         
10465             info.length = unhexify( rnd_buf, "5b4ea2ef629cc22f3b538e016904b47b1e40bfd5" );
10466             info.buf = rnd_buf;
10467         
10468             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10469             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10470         
10471             memset( message_str, 0x00, 1000 );
10472             memset( hash_result, 0x00, 1000 );
10473             memset( output, 0x00, 1000 );
10474             memset( output_str, 0x00, 1000 );
10475         
10476             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10477             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10478             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10479             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10480             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10481         
10482             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10483             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10484             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10485             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10486             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10487             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10488             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10489             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10490         
10491             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10492         
10493             msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10494         
10495             switch( SIG_RSA_SHA1 )
10496             {
10497         #ifdef POLARSSL_MD2_C
10498             case SIG_RSA_MD2:
10499                 md2( message_str, msg_len, hash_result );
10500                 break;
10501         #endif
10502         #ifdef POLARSSL_MD4_C
10503             case SIG_RSA_MD4:
10504                 md4( message_str, msg_len, hash_result );
10505                 break;
10506         #endif
10507         #ifdef POLARSSL_MD5_C
10508             case SIG_RSA_MD5:
10509                 md5( message_str, msg_len, hash_result );
10510                 break;
10511         #endif
10512         #ifdef POLARSSL_SHA1_C
10513             case SIG_RSA_SHA1:
10514                 sha1( message_str, msg_len, hash_result );
10515                 break;
10516         #endif
10517         #ifdef POLARSSL_SHA2_C
10518             case SIG_RSA_SHA224:
10519                 sha2( message_str, msg_len, hash_result, 1 );
10520                 break;
10521             case SIG_RSA_SHA256:
10522                 sha2( message_str, msg_len, hash_result, 0 );
10523                 break;
10524         #endif
10525         #ifdef POLARSSL_SHA4_C
10526             case SIG_RSA_SHA384:
10527                 sha4( message_str, msg_len, hash_result, 1 );
10528                 break;
10529             case SIG_RSA_SHA512:
10530                 sha4( message_str, msg_len, hash_result, 0 );
10531                 break;
10532         #endif
10533             }
10534         
10535             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10536             if( 0 == 0 )
10537             {
10538                 hexify( output_str, output, ctx.len);
10539         
10540                 fct_chk( strcasecmp( (char *) output_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" ) == 0 );
10541             }
10542         
10543             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10544         }
10545         FCT_TEST_END();
10546 
10547 
10548         FCT_TEST_BGN(rsassa_pss_signature_example_6_1_verify)
10549         {
10550             unsigned char message_str[1000];
10551             unsigned char hash_result[1000];
10552             unsigned char result_str[1000];
10553             rsa_context ctx;
10554             size_t msg_len;
10555         
10556             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10557             memset( message_str, 0x00, 1000 );
10558             memset( hash_result, 0x00, 1000 );
10559             memset( result_str, 0x00, 1000 );
10560         
10561             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10562             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10563             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10564         
10565             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10566         
10567             msg_len = unhexify( message_str, "0a20b774addc2fa51245ed7cb9da609e50cac6636a52543f97458eed7340f8d53ffc64918f949078ee03ef60d42b5fec246050bd5505cd8cb597bad3c4e713b0ef30644e76adabb0de01a1561efb255158c74fc801e6e919e581b46f0f0ddd08e4f34c7810b5ed8318f91d7c8c" );
10568             unhexify( result_str, "04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1" );
10569         
10570             switch( SIG_RSA_SHA1 )
10571             {
10572         #ifdef POLARSSL_MD2_C
10573             case SIG_RSA_MD2:
10574                 md2( message_str, msg_len, hash_result );
10575                 break;
10576         #endif
10577         #ifdef POLARSSL_MD4_C
10578             case SIG_RSA_MD4:
10579                 md4( message_str, msg_len, hash_result );
10580                 break;
10581         #endif
10582         #ifdef POLARSSL_MD5_C
10583             case SIG_RSA_MD5:
10584                 md5( message_str, msg_len, hash_result );
10585                 break;
10586         #endif
10587         #ifdef POLARSSL_SHA1_C
10588             case SIG_RSA_SHA1:
10589                 sha1( message_str, msg_len, hash_result );
10590                 break;
10591         #endif
10592         #ifdef POLARSSL_SHA2_C
10593             case SIG_RSA_SHA224:
10594                 sha2( message_str, msg_len, hash_result, 1 );
10595                 break;
10596             case SIG_RSA_SHA256:
10597                 sha2( message_str, msg_len, hash_result, 0 );
10598                 break;
10599         #endif
10600         #ifdef POLARSSL_SHA4_C
10601             case SIG_RSA_SHA384:
10602                 sha4( message_str, msg_len, hash_result, 1 );
10603                 break;
10604             case SIG_RSA_SHA512:
10605                 sha4( message_str, msg_len, hash_result, 0 );
10606                 break;
10607         #endif
10608             }
10609         
10610             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10611         }
10612         FCT_TEST_END();
10613 
10614 
10615         FCT_TEST_BGN(rsassa_pss_signature_example_6_2)
10616         {
10617             unsigned char message_str[1000];
10618             unsigned char hash_result[1000];
10619             unsigned char output[1000];
10620             unsigned char output_str[1000];
10621             unsigned char rnd_buf[1000];
10622             rsa_context ctx;
10623             mpi P1, Q1, H, G;
10624             size_t msg_len;
10625             rnd_buf_info info;
10626         
10627             info.length = unhexify( rnd_buf, "83146a9e782722c28b014f98b4267bda2ac9504f" );
10628             info.buf = rnd_buf;
10629         
10630             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10631             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10632         
10633             memset( message_str, 0x00, 1000 );
10634             memset( hash_result, 0x00, 1000 );
10635             memset( output, 0x00, 1000 );
10636             memset( output_str, 0x00, 1000 );
10637         
10638             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10639             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10640             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10641             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10642             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10643         
10644             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10645             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10646             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10647             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10648             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10649             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10650             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10651             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10652         
10653             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10654         
10655             msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
10656         
10657             switch( SIG_RSA_SHA1 )
10658             {
10659         #ifdef POLARSSL_MD2_C
10660             case SIG_RSA_MD2:
10661                 md2( message_str, msg_len, hash_result );
10662                 break;
10663         #endif
10664         #ifdef POLARSSL_MD4_C
10665             case SIG_RSA_MD4:
10666                 md4( message_str, msg_len, hash_result );
10667                 break;
10668         #endif
10669         #ifdef POLARSSL_MD5_C
10670             case SIG_RSA_MD5:
10671                 md5( message_str, msg_len, hash_result );
10672                 break;
10673         #endif
10674         #ifdef POLARSSL_SHA1_C
10675             case SIG_RSA_SHA1:
10676                 sha1( message_str, msg_len, hash_result );
10677                 break;
10678         #endif
10679         #ifdef POLARSSL_SHA2_C
10680             case SIG_RSA_SHA224:
10681                 sha2( message_str, msg_len, hash_result, 1 );
10682                 break;
10683             case SIG_RSA_SHA256:
10684                 sha2( message_str, msg_len, hash_result, 0 );
10685                 break;
10686         #endif
10687         #ifdef POLARSSL_SHA4_C
10688             case SIG_RSA_SHA384:
10689                 sha4( message_str, msg_len, hash_result, 1 );
10690                 break;
10691             case SIG_RSA_SHA512:
10692                 sha4( message_str, msg_len, hash_result, 0 );
10693                 break;
10694         #endif
10695             }
10696         
10697             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10698             if( 0 == 0 )
10699             {
10700                 hexify( output_str, output, ctx.len);
10701         
10702                 fct_chk( strcasecmp( (char *) output_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" ) == 0 );
10703             }
10704         
10705             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10706         }
10707         FCT_TEST_END();
10708 
10709 
10710         FCT_TEST_BGN(rsassa_pss_signature_example_6_2_verify)
10711         {
10712             unsigned char message_str[1000];
10713             unsigned char hash_result[1000];
10714             unsigned char result_str[1000];
10715             rsa_context ctx;
10716             size_t msg_len;
10717         
10718             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10719             memset( message_str, 0x00, 1000 );
10720             memset( hash_result, 0x00, 1000 );
10721             memset( result_str, 0x00, 1000 );
10722         
10723             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10724             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10725             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10726         
10727             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10728         
10729             msg_len = unhexify( message_str, "2aaff6631f621ce615760a9ebce94bb333077ad86488c861d4b76d29c1f48746c611ae1e03ced4445d7cfa1fe5f62e1b3f08452bde3b6ef81973bafbb57f97bceef873985395b8260589aa88cb7db50ab469262e551bdcd9a56f275a0ac4fe484700c35f3dbf2b469ede864741b86fa59172a360ba95a02e139be50ddfb7cf0b42faeabbfbbaa86a4497699c4f2dfd5b08406af7e14144427c253ec0efa20eaf9a8be8cd49ce1f1bc4e93e619cf2aa8ed4fb39bc8590d0f7b96488f7317ac9abf7bee4e3a0e715" );
10730             unhexify( result_str, "0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773" );
10731         
10732             switch( SIG_RSA_SHA1 )
10733             {
10734         #ifdef POLARSSL_MD2_C
10735             case SIG_RSA_MD2:
10736                 md2( message_str, msg_len, hash_result );
10737                 break;
10738         #endif
10739         #ifdef POLARSSL_MD4_C
10740             case SIG_RSA_MD4:
10741                 md4( message_str, msg_len, hash_result );
10742                 break;
10743         #endif
10744         #ifdef POLARSSL_MD5_C
10745             case SIG_RSA_MD5:
10746                 md5( message_str, msg_len, hash_result );
10747                 break;
10748         #endif
10749         #ifdef POLARSSL_SHA1_C
10750             case SIG_RSA_SHA1:
10751                 sha1( message_str, msg_len, hash_result );
10752                 break;
10753         #endif
10754         #ifdef POLARSSL_SHA2_C
10755             case SIG_RSA_SHA224:
10756                 sha2( message_str, msg_len, hash_result, 1 );
10757                 break;
10758             case SIG_RSA_SHA256:
10759                 sha2( message_str, msg_len, hash_result, 0 );
10760                 break;
10761         #endif
10762         #ifdef POLARSSL_SHA4_C
10763             case SIG_RSA_SHA384:
10764                 sha4( message_str, msg_len, hash_result, 1 );
10765                 break;
10766             case SIG_RSA_SHA512:
10767                 sha4( message_str, msg_len, hash_result, 0 );
10768                 break;
10769         #endif
10770             }
10771         
10772             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10773         }
10774         FCT_TEST_END();
10775 
10776 
10777         FCT_TEST_BGN(rsassa_pss_signature_example_6_3)
10778         {
10779             unsigned char message_str[1000];
10780             unsigned char hash_result[1000];
10781             unsigned char output[1000];
10782             unsigned char output_str[1000];
10783             unsigned char rnd_buf[1000];
10784             rsa_context ctx;
10785             mpi P1, Q1, H, G;
10786             size_t msg_len;
10787             rnd_buf_info info;
10788         
10789             info.length = unhexify( rnd_buf, "a87b8aed07d7b8e2daf14ddca4ac68c4d0aabff8" );
10790             info.buf = rnd_buf;
10791         
10792             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10793             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10794         
10795             memset( message_str, 0x00, 1000 );
10796             memset( hash_result, 0x00, 1000 );
10797             memset( output, 0x00, 1000 );
10798             memset( output_str, 0x00, 1000 );
10799         
10800             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10801             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10802             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10803             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10804             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10805         
10806             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10807             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10808             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10809             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10810             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10811             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10812             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10813             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10814         
10815             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10816         
10817             msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
10818         
10819             switch( SIG_RSA_SHA1 )
10820             {
10821         #ifdef POLARSSL_MD2_C
10822             case SIG_RSA_MD2:
10823                 md2( message_str, msg_len, hash_result );
10824                 break;
10825         #endif
10826         #ifdef POLARSSL_MD4_C
10827             case SIG_RSA_MD4:
10828                 md4( message_str, msg_len, hash_result );
10829                 break;
10830         #endif
10831         #ifdef POLARSSL_MD5_C
10832             case SIG_RSA_MD5:
10833                 md5( message_str, msg_len, hash_result );
10834                 break;
10835         #endif
10836         #ifdef POLARSSL_SHA1_C
10837             case SIG_RSA_SHA1:
10838                 sha1( message_str, msg_len, hash_result );
10839                 break;
10840         #endif
10841         #ifdef POLARSSL_SHA2_C
10842             case SIG_RSA_SHA224:
10843                 sha2( message_str, msg_len, hash_result, 1 );
10844                 break;
10845             case SIG_RSA_SHA256:
10846                 sha2( message_str, msg_len, hash_result, 0 );
10847                 break;
10848         #endif
10849         #ifdef POLARSSL_SHA4_C
10850             case SIG_RSA_SHA384:
10851                 sha4( message_str, msg_len, hash_result, 1 );
10852                 break;
10853             case SIG_RSA_SHA512:
10854                 sha4( message_str, msg_len, hash_result, 0 );
10855                 break;
10856         #endif
10857             }
10858         
10859             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
10860             if( 0 == 0 )
10861             {
10862                 hexify( output_str, output, ctx.len);
10863         
10864                 fct_chk( strcasecmp( (char *) output_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" ) == 0 );
10865             }
10866         
10867             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
10868         }
10869         FCT_TEST_END();
10870 
10871 
10872         FCT_TEST_BGN(rsassa_pss_signature_example_6_3_verify)
10873         {
10874             unsigned char message_str[1000];
10875             unsigned char hash_result[1000];
10876             unsigned char result_str[1000];
10877             rsa_context ctx;
10878             size_t msg_len;
10879         
10880             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10881             memset( message_str, 0x00, 1000 );
10882             memset( hash_result, 0x00, 1000 );
10883             memset( result_str, 0x00, 1000 );
10884         
10885             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10886             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10887             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10888         
10889             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
10890         
10891             msg_len = unhexify( message_str, "0f6195d04a6e6fc7e2c9600dbf840c39ea8d4d624fd53507016b0e26858a5e0aecd7ada543ae5c0ab3a62599cba0a54e6bf446e262f989978f9ddf5e9a41" );
10892             unhexify( result_str, "086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456" );
10893         
10894             switch( SIG_RSA_SHA1 )
10895             {
10896         #ifdef POLARSSL_MD2_C
10897             case SIG_RSA_MD2:
10898                 md2( message_str, msg_len, hash_result );
10899                 break;
10900         #endif
10901         #ifdef POLARSSL_MD4_C
10902             case SIG_RSA_MD4:
10903                 md4( message_str, msg_len, hash_result );
10904                 break;
10905         #endif
10906         #ifdef POLARSSL_MD5_C
10907             case SIG_RSA_MD5:
10908                 md5( message_str, msg_len, hash_result );
10909                 break;
10910         #endif
10911         #ifdef POLARSSL_SHA1_C
10912             case SIG_RSA_SHA1:
10913                 sha1( message_str, msg_len, hash_result );
10914                 break;
10915         #endif
10916         #ifdef POLARSSL_SHA2_C
10917             case SIG_RSA_SHA224:
10918                 sha2( message_str, msg_len, hash_result, 1 );
10919                 break;
10920             case SIG_RSA_SHA256:
10921                 sha2( message_str, msg_len, hash_result, 0 );
10922                 break;
10923         #endif
10924         #ifdef POLARSSL_SHA4_C
10925             case SIG_RSA_SHA384:
10926                 sha4( message_str, msg_len, hash_result, 1 );
10927                 break;
10928             case SIG_RSA_SHA512:
10929                 sha4( message_str, msg_len, hash_result, 0 );
10930                 break;
10931         #endif
10932             }
10933         
10934             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
10935         }
10936         FCT_TEST_END();
10937 
10938 
10939         FCT_TEST_BGN(rsassa_pss_signature_example_6_4)
10940         {
10941             unsigned char message_str[1000];
10942             unsigned char hash_result[1000];
10943             unsigned char output[1000];
10944             unsigned char output_str[1000];
10945             unsigned char rnd_buf[1000];
10946             rsa_context ctx;
10947             mpi P1, Q1, H, G;
10948             size_t msg_len;
10949             rnd_buf_info info;
10950         
10951             info.length = unhexify( rnd_buf, "a37932f8a7494a942d6f767438e724d6d0c0ef18" );
10952             info.buf = rnd_buf;
10953         
10954             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
10955             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
10956         
10957             memset( message_str, 0x00, 1000 );
10958             memset( hash_result, 0x00, 1000 );
10959             memset( output, 0x00, 1000 );
10960             memset( output_str, 0x00, 1000 );
10961         
10962             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
10963             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
10964             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
10965             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
10966             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
10967         
10968             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
10969             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
10970             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
10971             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
10972             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
10973             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
10974             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
10975             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
10976         
10977             fct_chk( rsa_check_privkey( &ctx ) == 0 );
10978         
10979             msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
10980         
10981             switch( SIG_RSA_SHA1 )
10982             {
10983         #ifdef POLARSSL_MD2_C
10984             case SIG_RSA_MD2:
10985                 md2( message_str, msg_len, hash_result );
10986                 break;
10987         #endif
10988         #ifdef POLARSSL_MD4_C
10989             case SIG_RSA_MD4:
10990                 md4( message_str, msg_len, hash_result );
10991                 break;
10992         #endif
10993         #ifdef POLARSSL_MD5_C
10994             case SIG_RSA_MD5:
10995                 md5( message_str, msg_len, hash_result );
10996                 break;
10997         #endif
10998         #ifdef POLARSSL_SHA1_C
10999             case SIG_RSA_SHA1:
11000                 sha1( message_str, msg_len, hash_result );
11001                 break;
11002         #endif
11003         #ifdef POLARSSL_SHA2_C
11004             case SIG_RSA_SHA224:
11005                 sha2( message_str, msg_len, hash_result, 1 );
11006                 break;
11007             case SIG_RSA_SHA256:
11008                 sha2( message_str, msg_len, hash_result, 0 );
11009                 break;
11010         #endif
11011         #ifdef POLARSSL_SHA4_C
11012             case SIG_RSA_SHA384:
11013                 sha4( message_str, msg_len, hash_result, 1 );
11014                 break;
11015             case SIG_RSA_SHA512:
11016                 sha4( message_str, msg_len, hash_result, 0 );
11017                 break;
11018         #endif
11019             }
11020         
11021             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11022             if( 0 == 0 )
11023             {
11024                 hexify( output_str, output, ctx.len);
11025         
11026                 fct_chk( strcasecmp( (char *) output_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" ) == 0 );
11027             }
11028         
11029             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11030         }
11031         FCT_TEST_END();
11032 
11033 
11034         FCT_TEST_BGN(rsassa_pss_signature_example_6_4_verify)
11035         {
11036             unsigned char message_str[1000];
11037             unsigned char hash_result[1000];
11038             unsigned char result_str[1000];
11039             rsa_context ctx;
11040             size_t msg_len;
11041         
11042             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11043             memset( message_str, 0x00, 1000 );
11044             memset( hash_result, 0x00, 1000 );
11045             memset( result_str, 0x00, 1000 );
11046         
11047             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11048             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11049             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11050         
11051             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11052         
11053             msg_len = unhexify( message_str, "337d25fe9810ebca0de4d4658d3ceb8e0fe4c066aba3bcc48b105d3bf7e0257d44fecea6596f4d0c59a08402833678f70620f9138dfeb7ded905e4a6d5f05c473d55936652e2a5df43c0cfda7bacaf3087f4524b06cf42157d01539739f7fddec9d58125df31a32eab06c19b71f1d5bf" );
11054             unhexify( result_str, "0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f" );
11055         
11056             switch( SIG_RSA_SHA1 )
11057             {
11058         #ifdef POLARSSL_MD2_C
11059             case SIG_RSA_MD2:
11060                 md2( message_str, msg_len, hash_result );
11061                 break;
11062         #endif
11063         #ifdef POLARSSL_MD4_C
11064             case SIG_RSA_MD4:
11065                 md4( message_str, msg_len, hash_result );
11066                 break;
11067         #endif
11068         #ifdef POLARSSL_MD5_C
11069             case SIG_RSA_MD5:
11070                 md5( message_str, msg_len, hash_result );
11071                 break;
11072         #endif
11073         #ifdef POLARSSL_SHA1_C
11074             case SIG_RSA_SHA1:
11075                 sha1( message_str, msg_len, hash_result );
11076                 break;
11077         #endif
11078         #ifdef POLARSSL_SHA2_C
11079             case SIG_RSA_SHA224:
11080                 sha2( message_str, msg_len, hash_result, 1 );
11081                 break;
11082             case SIG_RSA_SHA256:
11083                 sha2( message_str, msg_len, hash_result, 0 );
11084                 break;
11085         #endif
11086         #ifdef POLARSSL_SHA4_C
11087             case SIG_RSA_SHA384:
11088                 sha4( message_str, msg_len, hash_result, 1 );
11089                 break;
11090             case SIG_RSA_SHA512:
11091                 sha4( message_str, msg_len, hash_result, 0 );
11092                 break;
11093         #endif
11094             }
11095         
11096             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11097         }
11098         FCT_TEST_END();
11099 
11100 
11101         FCT_TEST_BGN(rsassa_pss_signature_example_6_5)
11102         {
11103             unsigned char message_str[1000];
11104             unsigned char hash_result[1000];
11105             unsigned char output[1000];
11106             unsigned char output_str[1000];
11107             unsigned char rnd_buf[1000];
11108             rsa_context ctx;
11109             mpi P1, Q1, H, G;
11110             size_t msg_len;
11111             rnd_buf_info info;
11112         
11113             info.length = unhexify( rnd_buf, "7b790c1d62f7b84e94df6af28917cf571018110e" );
11114             info.buf = rnd_buf;
11115         
11116             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11117             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11118         
11119             memset( message_str, 0x00, 1000 );
11120             memset( hash_result, 0x00, 1000 );
11121             memset( output, 0x00, 1000 );
11122             memset( output_str, 0x00, 1000 );
11123         
11124             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11125             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11126             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11127             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11128             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11129         
11130             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11131             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11132             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11133             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11134             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11135             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11136             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11137             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11138         
11139             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11140         
11141             msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11142         
11143             switch( SIG_RSA_SHA1 )
11144             {
11145         #ifdef POLARSSL_MD2_C
11146             case SIG_RSA_MD2:
11147                 md2( message_str, msg_len, hash_result );
11148                 break;
11149         #endif
11150         #ifdef POLARSSL_MD4_C
11151             case SIG_RSA_MD4:
11152                 md4( message_str, msg_len, hash_result );
11153                 break;
11154         #endif
11155         #ifdef POLARSSL_MD5_C
11156             case SIG_RSA_MD5:
11157                 md5( message_str, msg_len, hash_result );
11158                 break;
11159         #endif
11160         #ifdef POLARSSL_SHA1_C
11161             case SIG_RSA_SHA1:
11162                 sha1( message_str, msg_len, hash_result );
11163                 break;
11164         #endif
11165         #ifdef POLARSSL_SHA2_C
11166             case SIG_RSA_SHA224:
11167                 sha2( message_str, msg_len, hash_result, 1 );
11168                 break;
11169             case SIG_RSA_SHA256:
11170                 sha2( message_str, msg_len, hash_result, 0 );
11171                 break;
11172         #endif
11173         #ifdef POLARSSL_SHA4_C
11174             case SIG_RSA_SHA384:
11175                 sha4( message_str, msg_len, hash_result, 1 );
11176                 break;
11177             case SIG_RSA_SHA512:
11178                 sha4( message_str, msg_len, hash_result, 0 );
11179                 break;
11180         #endif
11181             }
11182         
11183             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11184             if( 0 == 0 )
11185             {
11186                 hexify( output_str, output, ctx.len);
11187         
11188                 fct_chk( strcasecmp( (char *) output_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" ) == 0 );
11189             }
11190         
11191             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11192         }
11193         FCT_TEST_END();
11194 
11195 
11196         FCT_TEST_BGN(rsassa_pss_signature_example_6_5_verify)
11197         {
11198             unsigned char message_str[1000];
11199             unsigned char hash_result[1000];
11200             unsigned char result_str[1000];
11201             rsa_context ctx;
11202             size_t msg_len;
11203         
11204             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11205             memset( message_str, 0x00, 1000 );
11206             memset( hash_result, 0x00, 1000 );
11207             memset( result_str, 0x00, 1000 );
11208         
11209             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11210             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11211             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11212         
11213             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11214         
11215             msg_len = unhexify( message_str, "84ec502b072e8287789d8f9235829ea3b187afd4d4c785611bda5f9eb3cb96717efa7007227f1c08cbcb972e667235e0fb7d431a6570326d2ecce35adb373dc753b3be5f829b89175493193fab16badb41371b3aac0ae670076f24bef420c135add7cee8d35fbc944d79fafb9e307a13b0f556cb654a06f973ed22672330197ef5a748bf826a5db2383a25364b686b9372bb2339aeb1ac9e9889327d016f1670776db06201adbdcaf8a5e3b74e108b73" );
11216             unhexify( result_str, "02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b" );
11217         
11218             switch( SIG_RSA_SHA1 )
11219             {
11220         #ifdef POLARSSL_MD2_C
11221             case SIG_RSA_MD2:
11222                 md2( message_str, msg_len, hash_result );
11223                 break;
11224         #endif
11225         #ifdef POLARSSL_MD4_C
11226             case SIG_RSA_MD4:
11227                 md4( message_str, msg_len, hash_result );
11228                 break;
11229         #endif
11230         #ifdef POLARSSL_MD5_C
11231             case SIG_RSA_MD5:
11232                 md5( message_str, msg_len, hash_result );
11233                 break;
11234         #endif
11235         #ifdef POLARSSL_SHA1_C
11236             case SIG_RSA_SHA1:
11237                 sha1( message_str, msg_len, hash_result );
11238                 break;
11239         #endif
11240         #ifdef POLARSSL_SHA2_C
11241             case SIG_RSA_SHA224:
11242                 sha2( message_str, msg_len, hash_result, 1 );
11243                 break;
11244             case SIG_RSA_SHA256:
11245                 sha2( message_str, msg_len, hash_result, 0 );
11246                 break;
11247         #endif
11248         #ifdef POLARSSL_SHA4_C
11249             case SIG_RSA_SHA384:
11250                 sha4( message_str, msg_len, hash_result, 1 );
11251                 break;
11252             case SIG_RSA_SHA512:
11253                 sha4( message_str, msg_len, hash_result, 0 );
11254                 break;
11255         #endif
11256             }
11257         
11258             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11259         }
11260         FCT_TEST_END();
11261 
11262 
11263         FCT_TEST_BGN(rsassa_pss_signature_example_6_6)
11264         {
11265             unsigned char message_str[1000];
11266             unsigned char hash_result[1000];
11267             unsigned char output[1000];
11268             unsigned char output_str[1000];
11269             unsigned char rnd_buf[1000];
11270             rsa_context ctx;
11271             mpi P1, Q1, H, G;
11272             size_t msg_len;
11273             rnd_buf_info info;
11274         
11275             info.length = unhexify( rnd_buf, "fbbe059025b69b89fb14ae2289e7aaafe60c0fcd" );
11276             info.buf = rnd_buf;
11277         
11278             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11279             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11280         
11281             memset( message_str, 0x00, 1000 );
11282             memset( hash_result, 0x00, 1000 );
11283             memset( output, 0x00, 1000 );
11284             memset( output_str, 0x00, 1000 );
11285         
11286             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11287             fct_chk( mpi_read_string( &ctx.P, 16, "04f0548c9626ab1ebf1244934741d99a06220efa2a5856aa0e75730b2ec96adc86be894fa2803b53a5e85d276acbd29ab823f80a7391bb54a5051672fb04eeb543" ) == 0 );
11288             fct_chk( mpi_read_string( &ctx.Q, 16, "0483e0ae47915587743ff345362b555d3962d98bb6f15f848b4c92b1771ca8ed107d8d3ee65ec44517dd0faa481a387e902f7a2e747c269e7ea44480bc538b8e5b" ) == 0 );
11289             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11290             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11291         
11292             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11293             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11294             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11295             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11296             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11297             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11298             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11299             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11300         
11301             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11302         
11303             msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11304         
11305             switch( SIG_RSA_SHA1 )
11306             {
11307         #ifdef POLARSSL_MD2_C
11308             case SIG_RSA_MD2:
11309                 md2( message_str, msg_len, hash_result );
11310                 break;
11311         #endif
11312         #ifdef POLARSSL_MD4_C
11313             case SIG_RSA_MD4:
11314                 md4( message_str, msg_len, hash_result );
11315                 break;
11316         #endif
11317         #ifdef POLARSSL_MD5_C
11318             case SIG_RSA_MD5:
11319                 md5( message_str, msg_len, hash_result );
11320                 break;
11321         #endif
11322         #ifdef POLARSSL_SHA1_C
11323             case SIG_RSA_SHA1:
11324                 sha1( message_str, msg_len, hash_result );
11325                 break;
11326         #endif
11327         #ifdef POLARSSL_SHA2_C
11328             case SIG_RSA_SHA224:
11329                 sha2( message_str, msg_len, hash_result, 1 );
11330                 break;
11331             case SIG_RSA_SHA256:
11332                 sha2( message_str, msg_len, hash_result, 0 );
11333                 break;
11334         #endif
11335         #ifdef POLARSSL_SHA4_C
11336             case SIG_RSA_SHA384:
11337                 sha4( message_str, msg_len, hash_result, 1 );
11338                 break;
11339             case SIG_RSA_SHA512:
11340                 sha4( message_str, msg_len, hash_result, 0 );
11341                 break;
11342         #endif
11343             }
11344         
11345             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11346             if( 0 == 0 )
11347             {
11348                 hexify( output_str, output, ctx.len);
11349         
11350                 fct_chk( strcasecmp( (char *) output_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" ) == 0 );
11351             }
11352         
11353             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11354         }
11355         FCT_TEST_END();
11356 
11357 
11358         FCT_TEST_BGN(rsassa_pss_signature_example_6_6_verify)
11359         {
11360             unsigned char message_str[1000];
11361             unsigned char hash_result[1000];
11362             unsigned char result_str[1000];
11363             rsa_context ctx;
11364             size_t msg_len;
11365         
11366             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11367             memset( message_str, 0x00, 1000 );
11368             memset( hash_result, 0x00, 1000 );
11369             memset( result_str, 0x00, 1000 );
11370         
11371             ctx.len = 1029 / 8 + ( ( 1029 % 8 ) ? 1 : 0 );
11372             fct_chk( mpi_read_string( &ctx.N, 16, "164ca31cff609f3a0e7101b039f2e4fe6dd37519ab98598d179e174996598071f47d3a04559158d7be373cf1aa53f0aa6ef09039e5678c2a4c63900514c8c4f8aaed5de12a5f10b09c311af8c0ffb5b7a297f2efc63b8d6b0510931f0b98e48bf5fc6ec4e7b8db1ffaeb08c38e02adb8f03a48229c99e969431f61cb8c4dc698d1" ) == 0 );
11373             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11374         
11375             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11376         
11377             msg_len = unhexify( message_str, "9906d89f97a9fdedd3ccd824db687326f30f00aa25a7fca2afcb3b0f86cd41e73f0e8ff7d2d83f59e28ed31a5a0d551523374de22e4c7e8ff568b386ee3dc41163f10bf67bb006261c9082f9af90bf1d9049a6b9fae71c7f84fbe6e55f02789de774f230f115026a4b4e96c55b04a95da3aacbb2cece8f81764a1f1c99515411087cf7d34aeded0932c183" );
11378             unhexify( result_str, "0a40a16e2fe2b38d1df90546167cf9469c9e3c3681a3442b4b2c2f581deb385ce99fc6188bb02a841d56e76d301891e24560550fcc2a26b55f4ccb26d837d350a154bcaca8392d98fa67959e9727b78cad03269f56968fc56b68bd679926d83cc9cb215550645ccda31c760ff35888943d2d8a1d351e81e5d07b86182e751081ef" );
11379         
11380             switch( SIG_RSA_SHA1 )
11381             {
11382         #ifdef POLARSSL_MD2_C
11383             case SIG_RSA_MD2:
11384                 md2( message_str, msg_len, hash_result );
11385                 break;
11386         #endif
11387         #ifdef POLARSSL_MD4_C
11388             case SIG_RSA_MD4:
11389                 md4( message_str, msg_len, hash_result );
11390                 break;
11391         #endif
11392         #ifdef POLARSSL_MD5_C
11393             case SIG_RSA_MD5:
11394                 md5( message_str, msg_len, hash_result );
11395                 break;
11396         #endif
11397         #ifdef POLARSSL_SHA1_C
11398             case SIG_RSA_SHA1:
11399                 sha1( message_str, msg_len, hash_result );
11400                 break;
11401         #endif
11402         #ifdef POLARSSL_SHA2_C
11403             case SIG_RSA_SHA224:
11404                 sha2( message_str, msg_len, hash_result, 1 );
11405                 break;
11406             case SIG_RSA_SHA256:
11407                 sha2( message_str, msg_len, hash_result, 0 );
11408                 break;
11409         #endif
11410         #ifdef POLARSSL_SHA4_C
11411             case SIG_RSA_SHA384:
11412                 sha4( message_str, msg_len, hash_result, 1 );
11413                 break;
11414             case SIG_RSA_SHA512:
11415                 sha4( message_str, msg_len, hash_result, 0 );
11416                 break;
11417         #endif
11418             }
11419         
11420             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11421         }
11422         FCT_TEST_END();
11423 
11424 
11425         FCT_TEST_BGN(rsassa_pss_signature_example_7_1)
11426         {
11427             unsigned char message_str[1000];
11428             unsigned char hash_result[1000];
11429             unsigned char output[1000];
11430             unsigned char output_str[1000];
11431             unsigned char rnd_buf[1000];
11432             rsa_context ctx;
11433             mpi P1, Q1, H, G;
11434             size_t msg_len;
11435             rnd_buf_info info;
11436         
11437             info.length = unhexify( rnd_buf, "b7867a59958cb54328f8775e6546ec06d27eaa50" );
11438             info.buf = rnd_buf;
11439         
11440             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11441             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11442         
11443             memset( message_str, 0x00, 1000 );
11444             memset( hash_result, 0x00, 1000 );
11445             memset( output, 0x00, 1000 );
11446             memset( output_str, 0x00, 1000 );
11447         
11448             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11449             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11450             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11451             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11452             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11453         
11454             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11455             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11456             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11457             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11458             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11459             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11460             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11461             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11462         
11463             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11464         
11465             msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11466         
11467             switch( SIG_RSA_SHA1 )
11468             {
11469         #ifdef POLARSSL_MD2_C
11470             case SIG_RSA_MD2:
11471                 md2( message_str, msg_len, hash_result );
11472                 break;
11473         #endif
11474         #ifdef POLARSSL_MD4_C
11475             case SIG_RSA_MD4:
11476                 md4( message_str, msg_len, hash_result );
11477                 break;
11478         #endif
11479         #ifdef POLARSSL_MD5_C
11480             case SIG_RSA_MD5:
11481                 md5( message_str, msg_len, hash_result );
11482                 break;
11483         #endif
11484         #ifdef POLARSSL_SHA1_C
11485             case SIG_RSA_SHA1:
11486                 sha1( message_str, msg_len, hash_result );
11487                 break;
11488         #endif
11489         #ifdef POLARSSL_SHA2_C
11490             case SIG_RSA_SHA224:
11491                 sha2( message_str, msg_len, hash_result, 1 );
11492                 break;
11493             case SIG_RSA_SHA256:
11494                 sha2( message_str, msg_len, hash_result, 0 );
11495                 break;
11496         #endif
11497         #ifdef POLARSSL_SHA4_C
11498             case SIG_RSA_SHA384:
11499                 sha4( message_str, msg_len, hash_result, 1 );
11500                 break;
11501             case SIG_RSA_SHA512:
11502                 sha4( message_str, msg_len, hash_result, 0 );
11503                 break;
11504         #endif
11505             }
11506         
11507             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11508             if( 0 == 0 )
11509             {
11510                 hexify( output_str, output, ctx.len);
11511         
11512                 fct_chk( strcasecmp( (char *) output_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" ) == 0 );
11513             }
11514         
11515             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11516         }
11517         FCT_TEST_END();
11518 
11519 
11520         FCT_TEST_BGN(rsassa_pss_signature_example_7_1_verify)
11521         {
11522             unsigned char message_str[1000];
11523             unsigned char hash_result[1000];
11524             unsigned char result_str[1000];
11525             rsa_context ctx;
11526             size_t msg_len;
11527         
11528             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11529             memset( message_str, 0x00, 1000 );
11530             memset( hash_result, 0x00, 1000 );
11531             memset( result_str, 0x00, 1000 );
11532         
11533             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11534             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11535             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11536         
11537             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11538         
11539             msg_len = unhexify( message_str, "9ead0e01945640674eb41cad435e2374eaefa8ad7197d97913c44957d8d83f40d76ee60e39bf9c0f9eaf3021421a074d1ade962c6e9d3dc3bb174fe4dfe652b09115495b8fd2794174020a0602b5ca51848cfc96ce5eb57fc0a2adc1dda36a7cc452641a14911b37e45bfa11daa5c7ecdb74f6d0100d1d3e39e752800e203397de0233077b9a88855537fae927f924380d780f98e18dcff39c5ea741b17d6fdd1885bc9d581482d771ceb562d78a8bf88f0c75b11363e5e36cd479ceb0545f9da84203e0e6e508375cc9e844b88b7ac7a0a201ea0f1bee9a2c577920ca02c01b9d8320e974a56f4efb5763b96255abbf8037bf1802cf018f56379493e569a9" );
11540             unhexify( result_str, "187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823" );
11541         
11542             switch( SIG_RSA_SHA1 )
11543             {
11544         #ifdef POLARSSL_MD2_C
11545             case SIG_RSA_MD2:
11546                 md2( message_str, msg_len, hash_result );
11547                 break;
11548         #endif
11549         #ifdef POLARSSL_MD4_C
11550             case SIG_RSA_MD4:
11551                 md4( message_str, msg_len, hash_result );
11552                 break;
11553         #endif
11554         #ifdef POLARSSL_MD5_C
11555             case SIG_RSA_MD5:
11556                 md5( message_str, msg_len, hash_result );
11557                 break;
11558         #endif
11559         #ifdef POLARSSL_SHA1_C
11560             case SIG_RSA_SHA1:
11561                 sha1( message_str, msg_len, hash_result );
11562                 break;
11563         #endif
11564         #ifdef POLARSSL_SHA2_C
11565             case SIG_RSA_SHA224:
11566                 sha2( message_str, msg_len, hash_result, 1 );
11567                 break;
11568             case SIG_RSA_SHA256:
11569                 sha2( message_str, msg_len, hash_result, 0 );
11570                 break;
11571         #endif
11572         #ifdef POLARSSL_SHA4_C
11573             case SIG_RSA_SHA384:
11574                 sha4( message_str, msg_len, hash_result, 1 );
11575                 break;
11576             case SIG_RSA_SHA512:
11577                 sha4( message_str, msg_len, hash_result, 0 );
11578                 break;
11579         #endif
11580             }
11581         
11582             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11583         }
11584         FCT_TEST_END();
11585 
11586 
11587         FCT_TEST_BGN(rsassa_pss_signature_example_7_2)
11588         {
11589             unsigned char message_str[1000];
11590             unsigned char hash_result[1000];
11591             unsigned char output[1000];
11592             unsigned char output_str[1000];
11593             unsigned char rnd_buf[1000];
11594             rsa_context ctx;
11595             mpi P1, Q1, H, G;
11596             size_t msg_len;
11597             rnd_buf_info info;
11598         
11599             info.length = unhexify( rnd_buf, "0c09582266df086310821ba7e18df64dfee6de09" );
11600             info.buf = rnd_buf;
11601         
11602             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11603             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11604         
11605             memset( message_str, 0x00, 1000 );
11606             memset( hash_result, 0x00, 1000 );
11607             memset( output, 0x00, 1000 );
11608             memset( output_str, 0x00, 1000 );
11609         
11610             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11611             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11612             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11613             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11614             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11615         
11616             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11617             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11618             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11619             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11620             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11621             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11622             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11623             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11624         
11625             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11626         
11627             msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
11628         
11629             switch( SIG_RSA_SHA1 )
11630             {
11631         #ifdef POLARSSL_MD2_C
11632             case SIG_RSA_MD2:
11633                 md2( message_str, msg_len, hash_result );
11634                 break;
11635         #endif
11636         #ifdef POLARSSL_MD4_C
11637             case SIG_RSA_MD4:
11638                 md4( message_str, msg_len, hash_result );
11639                 break;
11640         #endif
11641         #ifdef POLARSSL_MD5_C
11642             case SIG_RSA_MD5:
11643                 md5( message_str, msg_len, hash_result );
11644                 break;
11645         #endif
11646         #ifdef POLARSSL_SHA1_C
11647             case SIG_RSA_SHA1:
11648                 sha1( message_str, msg_len, hash_result );
11649                 break;
11650         #endif
11651         #ifdef POLARSSL_SHA2_C
11652             case SIG_RSA_SHA224:
11653                 sha2( message_str, msg_len, hash_result, 1 );
11654                 break;
11655             case SIG_RSA_SHA256:
11656                 sha2( message_str, msg_len, hash_result, 0 );
11657                 break;
11658         #endif
11659         #ifdef POLARSSL_SHA4_C
11660             case SIG_RSA_SHA384:
11661                 sha4( message_str, msg_len, hash_result, 1 );
11662                 break;
11663             case SIG_RSA_SHA512:
11664                 sha4( message_str, msg_len, hash_result, 0 );
11665                 break;
11666         #endif
11667             }
11668         
11669             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11670             if( 0 == 0 )
11671             {
11672                 hexify( output_str, output, ctx.len);
11673         
11674                 fct_chk( strcasecmp( (char *) output_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" ) == 0 );
11675             }
11676         
11677             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11678         }
11679         FCT_TEST_END();
11680 
11681 
11682         FCT_TEST_BGN(rsassa_pss_signature_example_7_2_verify)
11683         {
11684             unsigned char message_str[1000];
11685             unsigned char hash_result[1000];
11686             unsigned char result_str[1000];
11687             rsa_context ctx;
11688             size_t msg_len;
11689         
11690             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11691             memset( message_str, 0x00, 1000 );
11692             memset( hash_result, 0x00, 1000 );
11693             memset( result_str, 0x00, 1000 );
11694         
11695             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11696             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11697             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11698         
11699             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11700         
11701             msg_len = unhexify( message_str, "8d80d2d08dbd19c154df3f14673a14bd03735231f24e86bf153d0e69e74cbff7b1836e664de83f680124370fc0f96c9b65c07a366b644c4ab3" );
11702             unhexify( result_str, "10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8" );
11703         
11704             switch( SIG_RSA_SHA1 )
11705             {
11706         #ifdef POLARSSL_MD2_C
11707             case SIG_RSA_MD2:
11708                 md2( message_str, msg_len, hash_result );
11709                 break;
11710         #endif
11711         #ifdef POLARSSL_MD4_C
11712             case SIG_RSA_MD4:
11713                 md4( message_str, msg_len, hash_result );
11714                 break;
11715         #endif
11716         #ifdef POLARSSL_MD5_C
11717             case SIG_RSA_MD5:
11718                 md5( message_str, msg_len, hash_result );
11719                 break;
11720         #endif
11721         #ifdef POLARSSL_SHA1_C
11722             case SIG_RSA_SHA1:
11723                 sha1( message_str, msg_len, hash_result );
11724                 break;
11725         #endif
11726         #ifdef POLARSSL_SHA2_C
11727             case SIG_RSA_SHA224:
11728                 sha2( message_str, msg_len, hash_result, 1 );
11729                 break;
11730             case SIG_RSA_SHA256:
11731                 sha2( message_str, msg_len, hash_result, 0 );
11732                 break;
11733         #endif
11734         #ifdef POLARSSL_SHA4_C
11735             case SIG_RSA_SHA384:
11736                 sha4( message_str, msg_len, hash_result, 1 );
11737                 break;
11738             case SIG_RSA_SHA512:
11739                 sha4( message_str, msg_len, hash_result, 0 );
11740                 break;
11741         #endif
11742             }
11743         
11744             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11745         }
11746         FCT_TEST_END();
11747 
11748 
11749         FCT_TEST_BGN(rsassa_pss_signature_example_7_3)
11750         {
11751             unsigned char message_str[1000];
11752             unsigned char hash_result[1000];
11753             unsigned char output[1000];
11754             unsigned char output_str[1000];
11755             unsigned char rnd_buf[1000];
11756             rsa_context ctx;
11757             mpi P1, Q1, H, G;
11758             size_t msg_len;
11759             rnd_buf_info info;
11760         
11761             info.length = unhexify( rnd_buf, "28039dcfe106d3b8296611258c4a56651c9e92dd" );
11762             info.buf = rnd_buf;
11763         
11764             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11765             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11766         
11767             memset( message_str, 0x00, 1000 );
11768             memset( hash_result, 0x00, 1000 );
11769             memset( output, 0x00, 1000 );
11770             memset( output_str, 0x00, 1000 );
11771         
11772             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11773             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11774             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11775             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11776             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11777         
11778             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11779             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11780             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11781             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11782             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11783             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11784             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11785             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11786         
11787             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11788         
11789             msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
11790         
11791             switch( SIG_RSA_SHA1 )
11792             {
11793         #ifdef POLARSSL_MD2_C
11794             case SIG_RSA_MD2:
11795                 md2( message_str, msg_len, hash_result );
11796                 break;
11797         #endif
11798         #ifdef POLARSSL_MD4_C
11799             case SIG_RSA_MD4:
11800                 md4( message_str, msg_len, hash_result );
11801                 break;
11802         #endif
11803         #ifdef POLARSSL_MD5_C
11804             case SIG_RSA_MD5:
11805                 md5( message_str, msg_len, hash_result );
11806                 break;
11807         #endif
11808         #ifdef POLARSSL_SHA1_C
11809             case SIG_RSA_SHA1:
11810                 sha1( message_str, msg_len, hash_result );
11811                 break;
11812         #endif
11813         #ifdef POLARSSL_SHA2_C
11814             case SIG_RSA_SHA224:
11815                 sha2( message_str, msg_len, hash_result, 1 );
11816                 break;
11817             case SIG_RSA_SHA256:
11818                 sha2( message_str, msg_len, hash_result, 0 );
11819                 break;
11820         #endif
11821         #ifdef POLARSSL_SHA4_C
11822             case SIG_RSA_SHA384:
11823                 sha4( message_str, msg_len, hash_result, 1 );
11824                 break;
11825             case SIG_RSA_SHA512:
11826                 sha4( message_str, msg_len, hash_result, 0 );
11827                 break;
11828         #endif
11829             }
11830         
11831             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11832             if( 0 == 0 )
11833             {
11834                 hexify( output_str, output, ctx.len);
11835         
11836                 fct_chk( strcasecmp( (char *) output_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" ) == 0 );
11837             }
11838         
11839             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
11840         }
11841         FCT_TEST_END();
11842 
11843 
11844         FCT_TEST_BGN(rsassa_pss_signature_example_7_3_verify)
11845         {
11846             unsigned char message_str[1000];
11847             unsigned char hash_result[1000];
11848             unsigned char result_str[1000];
11849             rsa_context ctx;
11850             size_t msg_len;
11851         
11852             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11853             memset( message_str, 0x00, 1000 );
11854             memset( hash_result, 0x00, 1000 );
11855             memset( result_str, 0x00, 1000 );
11856         
11857             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11858             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11859             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11860         
11861             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
11862         
11863             msg_len = unhexify( message_str, "808405cdfc1a58b9bb0397c720722a81fffb76278f335917ef9c473814b3e016ba2973cd2765f8f3f82d6cc38aa7f8551827fe8d1e3884b7e61c94683b8f82f1843bdae2257eeec9812ad4c2cf283c34e0b0ae0fe3cb990cf88f2ef9" );
11864             unhexify( result_str, "2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1" );
11865         
11866             switch( SIG_RSA_SHA1 )
11867             {
11868         #ifdef POLARSSL_MD2_C
11869             case SIG_RSA_MD2:
11870                 md2( message_str, msg_len, hash_result );
11871                 break;
11872         #endif
11873         #ifdef POLARSSL_MD4_C
11874             case SIG_RSA_MD4:
11875                 md4( message_str, msg_len, hash_result );
11876                 break;
11877         #endif
11878         #ifdef POLARSSL_MD5_C
11879             case SIG_RSA_MD5:
11880                 md5( message_str, msg_len, hash_result );
11881                 break;
11882         #endif
11883         #ifdef POLARSSL_SHA1_C
11884             case SIG_RSA_SHA1:
11885                 sha1( message_str, msg_len, hash_result );
11886                 break;
11887         #endif
11888         #ifdef POLARSSL_SHA2_C
11889             case SIG_RSA_SHA224:
11890                 sha2( message_str, msg_len, hash_result, 1 );
11891                 break;
11892             case SIG_RSA_SHA256:
11893                 sha2( message_str, msg_len, hash_result, 0 );
11894                 break;
11895         #endif
11896         #ifdef POLARSSL_SHA4_C
11897             case SIG_RSA_SHA384:
11898                 sha4( message_str, msg_len, hash_result, 1 );
11899                 break;
11900             case SIG_RSA_SHA512:
11901                 sha4( message_str, msg_len, hash_result, 0 );
11902                 break;
11903         #endif
11904             }
11905         
11906             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
11907         }
11908         FCT_TEST_END();
11909 
11910 
11911         FCT_TEST_BGN(rsassa_pss_signature_example_7_4)
11912         {
11913             unsigned char message_str[1000];
11914             unsigned char hash_result[1000];
11915             unsigned char output[1000];
11916             unsigned char output_str[1000];
11917             unsigned char rnd_buf[1000];
11918             rsa_context ctx;
11919             mpi P1, Q1, H, G;
11920             size_t msg_len;
11921             rnd_buf_info info;
11922         
11923             info.length = unhexify( rnd_buf, "a77821ebbbef24628e4e12e1d0ea96de398f7b0f" );
11924             info.buf = rnd_buf;
11925         
11926             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
11927             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
11928         
11929             memset( message_str, 0x00, 1000 );
11930             memset( hash_result, 0x00, 1000 );
11931             memset( output, 0x00, 1000 );
11932             memset( output_str, 0x00, 1000 );
11933         
11934             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
11935             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
11936             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
11937             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
11938             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
11939         
11940             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
11941             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
11942             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
11943             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
11944             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
11945             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
11946             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
11947             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
11948         
11949             fct_chk( rsa_check_privkey( &ctx ) == 0 );
11950         
11951             msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
11952         
11953             switch( SIG_RSA_SHA1 )
11954             {
11955         #ifdef POLARSSL_MD2_C
11956             case SIG_RSA_MD2:
11957                 md2( message_str, msg_len, hash_result );
11958                 break;
11959         #endif
11960         #ifdef POLARSSL_MD4_C
11961             case SIG_RSA_MD4:
11962                 md4( message_str, msg_len, hash_result );
11963                 break;
11964         #endif
11965         #ifdef POLARSSL_MD5_C
11966             case SIG_RSA_MD5:
11967                 md5( message_str, msg_len, hash_result );
11968                 break;
11969         #endif
11970         #ifdef POLARSSL_SHA1_C
11971             case SIG_RSA_SHA1:
11972                 sha1( message_str, msg_len, hash_result );
11973                 break;
11974         #endif
11975         #ifdef POLARSSL_SHA2_C
11976             case SIG_RSA_SHA224:
11977                 sha2( message_str, msg_len, hash_result, 1 );
11978                 break;
11979             case SIG_RSA_SHA256:
11980                 sha2( message_str, msg_len, hash_result, 0 );
11981                 break;
11982         #endif
11983         #ifdef POLARSSL_SHA4_C
11984             case SIG_RSA_SHA384:
11985                 sha4( message_str, msg_len, hash_result, 1 );
11986                 break;
11987             case SIG_RSA_SHA512:
11988                 sha4( message_str, msg_len, hash_result, 0 );
11989                 break;
11990         #endif
11991             }
11992         
11993             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
11994             if( 0 == 0 )
11995             {
11996                 hexify( output_str, output, ctx.len);
11997         
11998                 fct_chk( strcasecmp( (char *) output_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" ) == 0 );
11999             }
12000         
12001             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12002         }
12003         FCT_TEST_END();
12004 
12005 
12006         FCT_TEST_BGN(rsassa_pss_signature_example_7_4_verify)
12007         {
12008             unsigned char message_str[1000];
12009             unsigned char hash_result[1000];
12010             unsigned char result_str[1000];
12011             rsa_context ctx;
12012             size_t msg_len;
12013         
12014             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12015             memset( message_str, 0x00, 1000 );
12016             memset( hash_result, 0x00, 1000 );
12017             memset( result_str, 0x00, 1000 );
12018         
12019             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12020             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12021             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12022         
12023             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12024         
12025             msg_len = unhexify( message_str, "f337b9bad937de22a1a052dff11134a8ce26976202981939b91e0715ae5e609649da1adfcef3f4cca59b238360e7d1e496c7bf4b204b5acff9bbd6166a1d87a36ef2247373751039f8a800b8399807b3a85f44893497c0d05fb7017b82228152de6f25e6116dcc7503c786c875c28f3aa607e94ab0f19863ab1b5073770b0cd5f533acde30c6fb953cf3da680264e30fc11bff9a19bffab4779b6223c3fb3fe0f71abade4eb7c09c41e24c22d23fa148e6a173feb63984d1bc6ee3a02d915b752ceaf92a3015eceb38ca586c6801b37c34cefb2cff25ea23c08662dcab26a7a93a285d05d3044c" );
12026             unhexify( result_str, "32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19" );
12027         
12028             switch( SIG_RSA_SHA1 )
12029             {
12030         #ifdef POLARSSL_MD2_C
12031             case SIG_RSA_MD2:
12032                 md2( message_str, msg_len, hash_result );
12033                 break;
12034         #endif
12035         #ifdef POLARSSL_MD4_C
12036             case SIG_RSA_MD4:
12037                 md4( message_str, msg_len, hash_result );
12038                 break;
12039         #endif
12040         #ifdef POLARSSL_MD5_C
12041             case SIG_RSA_MD5:
12042                 md5( message_str, msg_len, hash_result );
12043                 break;
12044         #endif
12045         #ifdef POLARSSL_SHA1_C
12046             case SIG_RSA_SHA1:
12047                 sha1( message_str, msg_len, hash_result );
12048                 break;
12049         #endif
12050         #ifdef POLARSSL_SHA2_C
12051             case SIG_RSA_SHA224:
12052                 sha2( message_str, msg_len, hash_result, 1 );
12053                 break;
12054             case SIG_RSA_SHA256:
12055                 sha2( message_str, msg_len, hash_result, 0 );
12056                 break;
12057         #endif
12058         #ifdef POLARSSL_SHA4_C
12059             case SIG_RSA_SHA384:
12060                 sha4( message_str, msg_len, hash_result, 1 );
12061                 break;
12062             case SIG_RSA_SHA512:
12063                 sha4( message_str, msg_len, hash_result, 0 );
12064                 break;
12065         #endif
12066             }
12067         
12068             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12069         }
12070         FCT_TEST_END();
12071 
12072 
12073         FCT_TEST_BGN(rsassa_pss_signature_example_7_5)
12074         {
12075             unsigned char message_str[1000];
12076             unsigned char hash_result[1000];
12077             unsigned char output[1000];
12078             unsigned char output_str[1000];
12079             unsigned char rnd_buf[1000];
12080             rsa_context ctx;
12081             mpi P1, Q1, H, G;
12082             size_t msg_len;
12083             rnd_buf_info info;
12084         
12085             info.length = unhexify( rnd_buf, "9d5ad8eb452134b65dc3a98b6a73b5f741609cd6" );
12086             info.buf = rnd_buf;
12087         
12088             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12089             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12090         
12091             memset( message_str, 0x00, 1000 );
12092             memset( hash_result, 0x00, 1000 );
12093             memset( output, 0x00, 1000 );
12094             memset( output_str, 0x00, 1000 );
12095         
12096             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12097             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12098             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12099             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12100             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12101         
12102             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12103             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12104             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12105             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12106             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12107             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12108             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12109             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12110         
12111             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12112         
12113             msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12114         
12115             switch( SIG_RSA_SHA1 )
12116             {
12117         #ifdef POLARSSL_MD2_C
12118             case SIG_RSA_MD2:
12119                 md2( message_str, msg_len, hash_result );
12120                 break;
12121         #endif
12122         #ifdef POLARSSL_MD4_C
12123             case SIG_RSA_MD4:
12124                 md4( message_str, msg_len, hash_result );
12125                 break;
12126         #endif
12127         #ifdef POLARSSL_MD5_C
12128             case SIG_RSA_MD5:
12129                 md5( message_str, msg_len, hash_result );
12130                 break;
12131         #endif
12132         #ifdef POLARSSL_SHA1_C
12133             case SIG_RSA_SHA1:
12134                 sha1( message_str, msg_len, hash_result );
12135                 break;
12136         #endif
12137         #ifdef POLARSSL_SHA2_C
12138             case SIG_RSA_SHA224:
12139                 sha2( message_str, msg_len, hash_result, 1 );
12140                 break;
12141             case SIG_RSA_SHA256:
12142                 sha2( message_str, msg_len, hash_result, 0 );
12143                 break;
12144         #endif
12145         #ifdef POLARSSL_SHA4_C
12146             case SIG_RSA_SHA384:
12147                 sha4( message_str, msg_len, hash_result, 1 );
12148                 break;
12149             case SIG_RSA_SHA512:
12150                 sha4( message_str, msg_len, hash_result, 0 );
12151                 break;
12152         #endif
12153             }
12154         
12155             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12156             if( 0 == 0 )
12157             {
12158                 hexify( output_str, output, ctx.len);
12159         
12160                 fct_chk( strcasecmp( (char *) output_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" ) == 0 );
12161             }
12162         
12163             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12164         }
12165         FCT_TEST_END();
12166 
12167 
12168         FCT_TEST_BGN(rsassa_pss_signature_example_7_5_verify)
12169         {
12170             unsigned char message_str[1000];
12171             unsigned char hash_result[1000];
12172             unsigned char result_str[1000];
12173             rsa_context ctx;
12174             size_t msg_len;
12175         
12176             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12177             memset( message_str, 0x00, 1000 );
12178             memset( hash_result, 0x00, 1000 );
12179             memset( result_str, 0x00, 1000 );
12180         
12181             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12182             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12183             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12184         
12185             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12186         
12187             msg_len = unhexify( message_str, "45013cebafd960b255476a8e2598b9aa32efbe6dc1f34f4a498d8cf5a2b4548d08c55d5f95f7bcc9619163056f2d58b52fa032" );
12188             unhexify( result_str, "07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1" );
12189         
12190             switch( SIG_RSA_SHA1 )
12191             {
12192         #ifdef POLARSSL_MD2_C
12193             case SIG_RSA_MD2:
12194                 md2( message_str, msg_len, hash_result );
12195                 break;
12196         #endif
12197         #ifdef POLARSSL_MD4_C
12198             case SIG_RSA_MD4:
12199                 md4( message_str, msg_len, hash_result );
12200                 break;
12201         #endif
12202         #ifdef POLARSSL_MD5_C
12203             case SIG_RSA_MD5:
12204                 md5( message_str, msg_len, hash_result );
12205                 break;
12206         #endif
12207         #ifdef POLARSSL_SHA1_C
12208             case SIG_RSA_SHA1:
12209                 sha1( message_str, msg_len, hash_result );
12210                 break;
12211         #endif
12212         #ifdef POLARSSL_SHA2_C
12213             case SIG_RSA_SHA224:
12214                 sha2( message_str, msg_len, hash_result, 1 );
12215                 break;
12216             case SIG_RSA_SHA256:
12217                 sha2( message_str, msg_len, hash_result, 0 );
12218                 break;
12219         #endif
12220         #ifdef POLARSSL_SHA4_C
12221             case SIG_RSA_SHA384:
12222                 sha4( message_str, msg_len, hash_result, 1 );
12223                 break;
12224             case SIG_RSA_SHA512:
12225                 sha4( message_str, msg_len, hash_result, 0 );
12226                 break;
12227         #endif
12228             }
12229         
12230             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12231         }
12232         FCT_TEST_END();
12233 
12234 
12235         FCT_TEST_BGN(rsassa_pss_signature_example_7_6)
12236         {
12237             unsigned char message_str[1000];
12238             unsigned char hash_result[1000];
12239             unsigned char output[1000];
12240             unsigned char output_str[1000];
12241             unsigned char rnd_buf[1000];
12242             rsa_context ctx;
12243             mpi P1, Q1, H, G;
12244             size_t msg_len;
12245             rnd_buf_info info;
12246         
12247             info.length = unhexify( rnd_buf, "3f2efc595880a7d47fcf3cba04983ea54c4b73fb" );
12248             info.buf = rnd_buf;
12249         
12250             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12251             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12252         
12253             memset( message_str, 0x00, 1000 );
12254             memset( hash_result, 0x00, 1000 );
12255             memset( output, 0x00, 1000 );
12256             memset( output_str, 0x00, 1000 );
12257         
12258             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12259             fct_chk( mpi_read_string( &ctx.P, 16, "07eefb424b0e3a40e4208ee5afb280b22317308114dde0b4b64f730184ec68da6ce2867a9f48ed7726d5e2614ed04a5410736c8c714ee702474298c6292af07535" ) == 0 );
12260             fct_chk( mpi_read_string( &ctx.Q, 16, "070830dbf947eac0228de26314b59b66994cc60e8360e75d3876298f8f8a7d141da064e5ca026a973e28f254738cee669c721b034cb5f8e244dadd7cd1e159d547" ) == 0 );
12261             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12262             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12263         
12264             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12265             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12266             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12267             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12268             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12269             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12270             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12271             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12272         
12273             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12274         
12275             msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12276         
12277             switch( SIG_RSA_SHA1 )
12278             {
12279         #ifdef POLARSSL_MD2_C
12280             case SIG_RSA_MD2:
12281                 md2( message_str, msg_len, hash_result );
12282                 break;
12283         #endif
12284         #ifdef POLARSSL_MD4_C
12285             case SIG_RSA_MD4:
12286                 md4( message_str, msg_len, hash_result );
12287                 break;
12288         #endif
12289         #ifdef POLARSSL_MD5_C
12290             case SIG_RSA_MD5:
12291                 md5( message_str, msg_len, hash_result );
12292                 break;
12293         #endif
12294         #ifdef POLARSSL_SHA1_C
12295             case SIG_RSA_SHA1:
12296                 sha1( message_str, msg_len, hash_result );
12297                 break;
12298         #endif
12299         #ifdef POLARSSL_SHA2_C
12300             case SIG_RSA_SHA224:
12301                 sha2( message_str, msg_len, hash_result, 1 );
12302                 break;
12303             case SIG_RSA_SHA256:
12304                 sha2( message_str, msg_len, hash_result, 0 );
12305                 break;
12306         #endif
12307         #ifdef POLARSSL_SHA4_C
12308             case SIG_RSA_SHA384:
12309                 sha4( message_str, msg_len, hash_result, 1 );
12310                 break;
12311             case SIG_RSA_SHA512:
12312                 sha4( message_str, msg_len, hash_result, 0 );
12313                 break;
12314         #endif
12315             }
12316         
12317             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12318             if( 0 == 0 )
12319             {
12320                 hexify( output_str, output, ctx.len);
12321         
12322                 fct_chk( strcasecmp( (char *) output_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" ) == 0 );
12323             }
12324         
12325             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12326         }
12327         FCT_TEST_END();
12328 
12329 
12330         FCT_TEST_BGN(rsassa_pss_signature_example_7_6_verify)
12331         {
12332             unsigned char message_str[1000];
12333             unsigned char hash_result[1000];
12334             unsigned char result_str[1000];
12335             rsa_context ctx;
12336             size_t msg_len;
12337         
12338             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12339             memset( message_str, 0x00, 1000 );
12340             memset( hash_result, 0x00, 1000 );
12341             memset( result_str, 0x00, 1000 );
12342         
12343             ctx.len = 1030 / 8 + ( ( 1030 % 8 ) ? 1 : 0 );
12344             fct_chk( mpi_read_string( &ctx.N, 16, "37c9da4a66c8c408b8da27d0c9d79f8ccb1eafc1d2fe48746d940b7c4ef5dee18ad12647cefaa0c4b3188b221c515386759b93f02024b25ab9242f8357d8f3fd49640ee5e643eaf6c64deefa7089727c8ff03993333915c6ef21bf5975b6e50d118b51008ec33e9f01a0a545a10a836a43ddbca9d8b5c5d3548022d7064ea29ab3" ) == 0 );
12345             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12346         
12347             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12348         
12349             msg_len = unhexify( message_str, "2358097086c899323e75d9c90d0c09f12d9d54edfbdf70a9c2eb5a04d8f36b9b2bdf2aabe0a5bda1968937f9d6ebd3b6b257efb3136d4131f9acb59b85e2602c2a3fcdc835494a1f4e5ec18b226c80232b36a75a45fdf09a7ea9e98efbde1450d1194bf12e15a4c5f9eb5c0bce5269e0c3b28cfab655d81a61a20b4be2f54459bb25a0db94c52218be109a7426de83014424789aaa90e5056e632a698115e282c1a56410f26c2072f193481a9dcd880572005e64f4082ecf" );
12350             unhexify( result_str, "18da3cdcfe79bfb77fd9c32f377ad399146f0a8e810620233271a6e3ed3248903f5cdc92dc79b55d3e11615aa056a795853792a3998c349ca5c457e8ca7d29d796aa24f83491709befcfb1510ea513c92829a3f00b104f655634f320752e130ec0ccf6754ff893db302932bb025eb60e87822598fc619e0e981737a9a4c4152d33" );
12351         
12352             switch( SIG_RSA_SHA1 )
12353             {
12354         #ifdef POLARSSL_MD2_C
12355             case SIG_RSA_MD2:
12356                 md2( message_str, msg_len, hash_result );
12357                 break;
12358         #endif
12359         #ifdef POLARSSL_MD4_C
12360             case SIG_RSA_MD4:
12361                 md4( message_str, msg_len, hash_result );
12362                 break;
12363         #endif
12364         #ifdef POLARSSL_MD5_C
12365             case SIG_RSA_MD5:
12366                 md5( message_str, msg_len, hash_result );
12367                 break;
12368         #endif
12369         #ifdef POLARSSL_SHA1_C
12370             case SIG_RSA_SHA1:
12371                 sha1( message_str, msg_len, hash_result );
12372                 break;
12373         #endif
12374         #ifdef POLARSSL_SHA2_C
12375             case SIG_RSA_SHA224:
12376                 sha2( message_str, msg_len, hash_result, 1 );
12377                 break;
12378             case SIG_RSA_SHA256:
12379                 sha2( message_str, msg_len, hash_result, 0 );
12380                 break;
12381         #endif
12382         #ifdef POLARSSL_SHA4_C
12383             case SIG_RSA_SHA384:
12384                 sha4( message_str, msg_len, hash_result, 1 );
12385                 break;
12386             case SIG_RSA_SHA512:
12387                 sha4( message_str, msg_len, hash_result, 0 );
12388                 break;
12389         #endif
12390             }
12391         
12392             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12393         }
12394         FCT_TEST_END();
12395 
12396 
12397         FCT_TEST_BGN(rsassa_pss_signature_example_8_1)
12398         {
12399             unsigned char message_str[1000];
12400             unsigned char hash_result[1000];
12401             unsigned char output[1000];
12402             unsigned char output_str[1000];
12403             unsigned char rnd_buf[1000];
12404             rsa_context ctx;
12405             mpi P1, Q1, H, G;
12406             size_t msg_len;
12407             rnd_buf_info info;
12408         
12409             info.length = unhexify( rnd_buf, "1d65491d79c864b373009be6f6f2467bac4c78fa" );
12410             info.buf = rnd_buf;
12411         
12412             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12413             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12414         
12415             memset( message_str, 0x00, 1000 );
12416             memset( hash_result, 0x00, 1000 );
12417             memset( output, 0x00, 1000 );
12418             memset( output_str, 0x00, 1000 );
12419         
12420             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12421             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12422             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12423             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12424             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12425         
12426             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12427             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12428             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12429             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12430             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12431             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12432             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12433             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12434         
12435             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12436         
12437             msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12438         
12439             switch( SIG_RSA_SHA1 )
12440             {
12441         #ifdef POLARSSL_MD2_C
12442             case SIG_RSA_MD2:
12443                 md2( message_str, msg_len, hash_result );
12444                 break;
12445         #endif
12446         #ifdef POLARSSL_MD4_C
12447             case SIG_RSA_MD4:
12448                 md4( message_str, msg_len, hash_result );
12449                 break;
12450         #endif
12451         #ifdef POLARSSL_MD5_C
12452             case SIG_RSA_MD5:
12453                 md5( message_str, msg_len, hash_result );
12454                 break;
12455         #endif
12456         #ifdef POLARSSL_SHA1_C
12457             case SIG_RSA_SHA1:
12458                 sha1( message_str, msg_len, hash_result );
12459                 break;
12460         #endif
12461         #ifdef POLARSSL_SHA2_C
12462             case SIG_RSA_SHA224:
12463                 sha2( message_str, msg_len, hash_result, 1 );
12464                 break;
12465             case SIG_RSA_SHA256:
12466                 sha2( message_str, msg_len, hash_result, 0 );
12467                 break;
12468         #endif
12469         #ifdef POLARSSL_SHA4_C
12470             case SIG_RSA_SHA384:
12471                 sha4( message_str, msg_len, hash_result, 1 );
12472                 break;
12473             case SIG_RSA_SHA512:
12474                 sha4( message_str, msg_len, hash_result, 0 );
12475                 break;
12476         #endif
12477             }
12478         
12479             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12480             if( 0 == 0 )
12481             {
12482                 hexify( output_str, output, ctx.len);
12483         
12484                 fct_chk( strcasecmp( (char *) output_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" ) == 0 );
12485             }
12486         
12487             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12488         }
12489         FCT_TEST_END();
12490 
12491 
12492         FCT_TEST_BGN(rsassa_pss_signature_example_8_1_verify)
12493         {
12494             unsigned char message_str[1000];
12495             unsigned char hash_result[1000];
12496             unsigned char result_str[1000];
12497             rsa_context ctx;
12498             size_t msg_len;
12499         
12500             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12501             memset( message_str, 0x00, 1000 );
12502             memset( hash_result, 0x00, 1000 );
12503             memset( result_str, 0x00, 1000 );
12504         
12505             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12506             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12507             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12508         
12509             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12510         
12511             msg_len = unhexify( message_str, "81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb" );
12512             unhexify( result_str, "0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5" );
12513         
12514             switch( SIG_RSA_SHA1 )
12515             {
12516         #ifdef POLARSSL_MD2_C
12517             case SIG_RSA_MD2:
12518                 md2( message_str, msg_len, hash_result );
12519                 break;
12520         #endif
12521         #ifdef POLARSSL_MD4_C
12522             case SIG_RSA_MD4:
12523                 md4( message_str, msg_len, hash_result );
12524                 break;
12525         #endif
12526         #ifdef POLARSSL_MD5_C
12527             case SIG_RSA_MD5:
12528                 md5( message_str, msg_len, hash_result );
12529                 break;
12530         #endif
12531         #ifdef POLARSSL_SHA1_C
12532             case SIG_RSA_SHA1:
12533                 sha1( message_str, msg_len, hash_result );
12534                 break;
12535         #endif
12536         #ifdef POLARSSL_SHA2_C
12537             case SIG_RSA_SHA224:
12538                 sha2( message_str, msg_len, hash_result, 1 );
12539                 break;
12540             case SIG_RSA_SHA256:
12541                 sha2( message_str, msg_len, hash_result, 0 );
12542                 break;
12543         #endif
12544         #ifdef POLARSSL_SHA4_C
12545             case SIG_RSA_SHA384:
12546                 sha4( message_str, msg_len, hash_result, 1 );
12547                 break;
12548             case SIG_RSA_SHA512:
12549                 sha4( message_str, msg_len, hash_result, 0 );
12550                 break;
12551         #endif
12552             }
12553         
12554             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12555         }
12556         FCT_TEST_END();
12557 
12558 
12559         FCT_TEST_BGN(rsassa_pss_signature_example_8_2)
12560         {
12561             unsigned char message_str[1000];
12562             unsigned char hash_result[1000];
12563             unsigned char output[1000];
12564             unsigned char output_str[1000];
12565             unsigned char rnd_buf[1000];
12566             rsa_context ctx;
12567             mpi P1, Q1, H, G;
12568             size_t msg_len;
12569             rnd_buf_info info;
12570         
12571             info.length = unhexify( rnd_buf, "435c098aa9909eb2377f1248b091b68987ff1838" );
12572             info.buf = rnd_buf;
12573         
12574             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12575             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12576         
12577             memset( message_str, 0x00, 1000 );
12578             memset( hash_result, 0x00, 1000 );
12579             memset( output, 0x00, 1000 );
12580             memset( output_str, 0x00, 1000 );
12581         
12582             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12583             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12584             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12585             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12586             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12587         
12588             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12589             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12590             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12591             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12592             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12593             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12594             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12595             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12596         
12597             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12598         
12599             msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
12600         
12601             switch( SIG_RSA_SHA1 )
12602             {
12603         #ifdef POLARSSL_MD2_C
12604             case SIG_RSA_MD2:
12605                 md2( message_str, msg_len, hash_result );
12606                 break;
12607         #endif
12608         #ifdef POLARSSL_MD4_C
12609             case SIG_RSA_MD4:
12610                 md4( message_str, msg_len, hash_result );
12611                 break;
12612         #endif
12613         #ifdef POLARSSL_MD5_C
12614             case SIG_RSA_MD5:
12615                 md5( message_str, msg_len, hash_result );
12616                 break;
12617         #endif
12618         #ifdef POLARSSL_SHA1_C
12619             case SIG_RSA_SHA1:
12620                 sha1( message_str, msg_len, hash_result );
12621                 break;
12622         #endif
12623         #ifdef POLARSSL_SHA2_C
12624             case SIG_RSA_SHA224:
12625                 sha2( message_str, msg_len, hash_result, 1 );
12626                 break;
12627             case SIG_RSA_SHA256:
12628                 sha2( message_str, msg_len, hash_result, 0 );
12629                 break;
12630         #endif
12631         #ifdef POLARSSL_SHA4_C
12632             case SIG_RSA_SHA384:
12633                 sha4( message_str, msg_len, hash_result, 1 );
12634                 break;
12635             case SIG_RSA_SHA512:
12636                 sha4( message_str, msg_len, hash_result, 0 );
12637                 break;
12638         #endif
12639             }
12640         
12641             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12642             if( 0 == 0 )
12643             {
12644                 hexify( output_str, output, ctx.len);
12645         
12646                 fct_chk( strcasecmp( (char *) output_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" ) == 0 );
12647             }
12648         
12649             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12650         }
12651         FCT_TEST_END();
12652 
12653 
12654         FCT_TEST_BGN(rsassa_pss_signature_example_8_2_verify)
12655         {
12656             unsigned char message_str[1000];
12657             unsigned char hash_result[1000];
12658             unsigned char result_str[1000];
12659             rsa_context ctx;
12660             size_t msg_len;
12661         
12662             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12663             memset( message_str, 0x00, 1000 );
12664             memset( hash_result, 0x00, 1000 );
12665             memset( result_str, 0x00, 1000 );
12666         
12667             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12668             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12669             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12670         
12671             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12672         
12673             msg_len = unhexify( message_str, "e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08" );
12674             unhexify( result_str, "2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e" );
12675         
12676             switch( SIG_RSA_SHA1 )
12677             {
12678         #ifdef POLARSSL_MD2_C
12679             case SIG_RSA_MD2:
12680                 md2( message_str, msg_len, hash_result );
12681                 break;
12682         #endif
12683         #ifdef POLARSSL_MD4_C
12684             case SIG_RSA_MD4:
12685                 md4( message_str, msg_len, hash_result );
12686                 break;
12687         #endif
12688         #ifdef POLARSSL_MD5_C
12689             case SIG_RSA_MD5:
12690                 md5( message_str, msg_len, hash_result );
12691                 break;
12692         #endif
12693         #ifdef POLARSSL_SHA1_C
12694             case SIG_RSA_SHA1:
12695                 sha1( message_str, msg_len, hash_result );
12696                 break;
12697         #endif
12698         #ifdef POLARSSL_SHA2_C
12699             case SIG_RSA_SHA224:
12700                 sha2( message_str, msg_len, hash_result, 1 );
12701                 break;
12702             case SIG_RSA_SHA256:
12703                 sha2( message_str, msg_len, hash_result, 0 );
12704                 break;
12705         #endif
12706         #ifdef POLARSSL_SHA4_C
12707             case SIG_RSA_SHA384:
12708                 sha4( message_str, msg_len, hash_result, 1 );
12709                 break;
12710             case SIG_RSA_SHA512:
12711                 sha4( message_str, msg_len, hash_result, 0 );
12712                 break;
12713         #endif
12714             }
12715         
12716             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12717         }
12718         FCT_TEST_END();
12719 
12720 
12721         FCT_TEST_BGN(rsassa_pss_signature_example_8_3)
12722         {
12723             unsigned char message_str[1000];
12724             unsigned char hash_result[1000];
12725             unsigned char output[1000];
12726             unsigned char output_str[1000];
12727             unsigned char rnd_buf[1000];
12728             rsa_context ctx;
12729             mpi P1, Q1, H, G;
12730             size_t msg_len;
12731             rnd_buf_info info;
12732         
12733             info.length = unhexify( rnd_buf, "c6ebbe76df0c4aea32c474175b2f136862d04529" );
12734             info.buf = rnd_buf;
12735         
12736             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12737             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12738         
12739             memset( message_str, 0x00, 1000 );
12740             memset( hash_result, 0x00, 1000 );
12741             memset( output, 0x00, 1000 );
12742             memset( output_str, 0x00, 1000 );
12743         
12744             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12745             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12746             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12747             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12748             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12749         
12750             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12751             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12752             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12753             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12754             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12755             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12756             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12757             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12758         
12759             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12760         
12761             msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
12762         
12763             switch( SIG_RSA_SHA1 )
12764             {
12765         #ifdef POLARSSL_MD2_C
12766             case SIG_RSA_MD2:
12767                 md2( message_str, msg_len, hash_result );
12768                 break;
12769         #endif
12770         #ifdef POLARSSL_MD4_C
12771             case SIG_RSA_MD4:
12772                 md4( message_str, msg_len, hash_result );
12773                 break;
12774         #endif
12775         #ifdef POLARSSL_MD5_C
12776             case SIG_RSA_MD5:
12777                 md5( message_str, msg_len, hash_result );
12778                 break;
12779         #endif
12780         #ifdef POLARSSL_SHA1_C
12781             case SIG_RSA_SHA1:
12782                 sha1( message_str, msg_len, hash_result );
12783                 break;
12784         #endif
12785         #ifdef POLARSSL_SHA2_C
12786             case SIG_RSA_SHA224:
12787                 sha2( message_str, msg_len, hash_result, 1 );
12788                 break;
12789             case SIG_RSA_SHA256:
12790                 sha2( message_str, msg_len, hash_result, 0 );
12791                 break;
12792         #endif
12793         #ifdef POLARSSL_SHA4_C
12794             case SIG_RSA_SHA384:
12795                 sha4( message_str, msg_len, hash_result, 1 );
12796                 break;
12797             case SIG_RSA_SHA512:
12798                 sha4( message_str, msg_len, hash_result, 0 );
12799                 break;
12800         #endif
12801             }
12802         
12803             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12804             if( 0 == 0 )
12805             {
12806                 hexify( output_str, output, ctx.len);
12807         
12808                 fct_chk( strcasecmp( (char *) output_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" ) == 0 );
12809             }
12810         
12811             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12812         }
12813         FCT_TEST_END();
12814 
12815 
12816         FCT_TEST_BGN(rsassa_pss_signature_example_8_3_verify)
12817         {
12818             unsigned char message_str[1000];
12819             unsigned char hash_result[1000];
12820             unsigned char result_str[1000];
12821             rsa_context ctx;
12822             size_t msg_len;
12823         
12824             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12825             memset( message_str, 0x00, 1000 );
12826             memset( hash_result, 0x00, 1000 );
12827             memset( result_str, 0x00, 1000 );
12828         
12829             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12830             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12831             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12832         
12833             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12834         
12835             msg_len = unhexify( message_str, "e35c6ed98f64a6d5a648fcab8adb16331db32e5d15c74a40edf94c3dc4a4de792d190889f20f1e24ed12054a6b28798fcb42d1c548769b734c96373142092aed277603f4738df4dc1446586d0ec64da4fb60536db2ae17fc7e3c04bbfbbbd907bf117c08636fa16f95f51a6216934d3e34f85030f17bbbc5ba69144058aff081e0b19cf03c17195c5e888ba58f6fe0a02e5c3bda9719a7" );
12836             unhexify( result_str, "2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96" );
12837         
12838             switch( SIG_RSA_SHA1 )
12839             {
12840         #ifdef POLARSSL_MD2_C
12841             case SIG_RSA_MD2:
12842                 md2( message_str, msg_len, hash_result );
12843                 break;
12844         #endif
12845         #ifdef POLARSSL_MD4_C
12846             case SIG_RSA_MD4:
12847                 md4( message_str, msg_len, hash_result );
12848                 break;
12849         #endif
12850         #ifdef POLARSSL_MD5_C
12851             case SIG_RSA_MD5:
12852                 md5( message_str, msg_len, hash_result );
12853                 break;
12854         #endif
12855         #ifdef POLARSSL_SHA1_C
12856             case SIG_RSA_SHA1:
12857                 sha1( message_str, msg_len, hash_result );
12858                 break;
12859         #endif
12860         #ifdef POLARSSL_SHA2_C
12861             case SIG_RSA_SHA224:
12862                 sha2( message_str, msg_len, hash_result, 1 );
12863                 break;
12864             case SIG_RSA_SHA256:
12865                 sha2( message_str, msg_len, hash_result, 0 );
12866                 break;
12867         #endif
12868         #ifdef POLARSSL_SHA4_C
12869             case SIG_RSA_SHA384:
12870                 sha4( message_str, msg_len, hash_result, 1 );
12871                 break;
12872             case SIG_RSA_SHA512:
12873                 sha4( message_str, msg_len, hash_result, 0 );
12874                 break;
12875         #endif
12876             }
12877         
12878             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
12879         }
12880         FCT_TEST_END();
12881 
12882 
12883         FCT_TEST_BGN(rsassa_pss_signature_example_8_4)
12884         {
12885             unsigned char message_str[1000];
12886             unsigned char hash_result[1000];
12887             unsigned char output[1000];
12888             unsigned char output_str[1000];
12889             unsigned char rnd_buf[1000];
12890             rsa_context ctx;
12891             mpi P1, Q1, H, G;
12892             size_t msg_len;
12893             rnd_buf_info info;
12894         
12895             info.length = unhexify( rnd_buf, "021fdcc6ebb5e19b1cb16e9c67f27681657fe20a" );
12896             info.buf = rnd_buf;
12897         
12898             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
12899             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12900         
12901             memset( message_str, 0x00, 1000 );
12902             memset( hash_result, 0x00, 1000 );
12903             memset( output, 0x00, 1000 );
12904             memset( output_str, 0x00, 1000 );
12905         
12906             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12907             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
12908             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
12909             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12910             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12911         
12912             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
12913             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
12914             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
12915             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
12916             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
12917             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
12918             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
12919             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
12920         
12921             fct_chk( rsa_check_privkey( &ctx ) == 0 );
12922         
12923             msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
12924         
12925             switch( SIG_RSA_SHA1 )
12926             {
12927         #ifdef POLARSSL_MD2_C
12928             case SIG_RSA_MD2:
12929                 md2( message_str, msg_len, hash_result );
12930                 break;
12931         #endif
12932         #ifdef POLARSSL_MD4_C
12933             case SIG_RSA_MD4:
12934                 md4( message_str, msg_len, hash_result );
12935                 break;
12936         #endif
12937         #ifdef POLARSSL_MD5_C
12938             case SIG_RSA_MD5:
12939                 md5( message_str, msg_len, hash_result );
12940                 break;
12941         #endif
12942         #ifdef POLARSSL_SHA1_C
12943             case SIG_RSA_SHA1:
12944                 sha1( message_str, msg_len, hash_result );
12945                 break;
12946         #endif
12947         #ifdef POLARSSL_SHA2_C
12948             case SIG_RSA_SHA224:
12949                 sha2( message_str, msg_len, hash_result, 1 );
12950                 break;
12951             case SIG_RSA_SHA256:
12952                 sha2( message_str, msg_len, hash_result, 0 );
12953                 break;
12954         #endif
12955         #ifdef POLARSSL_SHA4_C
12956             case SIG_RSA_SHA384:
12957                 sha4( message_str, msg_len, hash_result, 1 );
12958                 break;
12959             case SIG_RSA_SHA512:
12960                 sha4( message_str, msg_len, hash_result, 0 );
12961                 break;
12962         #endif
12963             }
12964         
12965             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
12966             if( 0 == 0 )
12967             {
12968                 hexify( output_str, output, ctx.len);
12969         
12970                 fct_chk( strcasecmp( (char *) output_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" ) == 0 );
12971             }
12972         
12973             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
12974         }
12975         FCT_TEST_END();
12976 
12977 
12978         FCT_TEST_BGN(rsassa_pss_signature_example_8_4_verify)
12979         {
12980             unsigned char message_str[1000];
12981             unsigned char hash_result[1000];
12982             unsigned char result_str[1000];
12983             rsa_context ctx;
12984             size_t msg_len;
12985         
12986             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
12987             memset( message_str, 0x00, 1000 );
12988             memset( hash_result, 0x00, 1000 );
12989             memset( result_str, 0x00, 1000 );
12990         
12991             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
12992             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
12993             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
12994         
12995             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
12996         
12997             msg_len = unhexify( message_str, "dbc5f750a7a14be2b93e838d18d14a8695e52e8add9c0ac733b8f56d2747e529a0cca532dd49b902aefed514447f9e81d16195c2853868cb9b30f7d0d495c69d01b5c5d50b27045db3866c2324a44a110b1717746de457d1c8c45c3cd2a92970c3d59632055d4c98a41d6e99e2a3ddd5f7f9979ab3cd18f37505d25141de2a1bff17b3a7dce9419ecc385cf11d72840f19953fd0509251f6cafde2893d0e75c781ba7a5012ca401a4fa99e04b3c3249f926d5afe82cc87dab22c3c1b105de48e34ace9c9124e59597ac7ebf8" );
12998             unhexify( result_str, "1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7" );
12999         
13000             switch( SIG_RSA_SHA1 )
13001             {
13002         #ifdef POLARSSL_MD2_C
13003             case SIG_RSA_MD2:
13004                 md2( message_str, msg_len, hash_result );
13005                 break;
13006         #endif
13007         #ifdef POLARSSL_MD4_C
13008             case SIG_RSA_MD4:
13009                 md4( message_str, msg_len, hash_result );
13010                 break;
13011         #endif
13012         #ifdef POLARSSL_MD5_C
13013             case SIG_RSA_MD5:
13014                 md5( message_str, msg_len, hash_result );
13015                 break;
13016         #endif
13017         #ifdef POLARSSL_SHA1_C
13018             case SIG_RSA_SHA1:
13019                 sha1( message_str, msg_len, hash_result );
13020                 break;
13021         #endif
13022         #ifdef POLARSSL_SHA2_C
13023             case SIG_RSA_SHA224:
13024                 sha2( message_str, msg_len, hash_result, 1 );
13025                 break;
13026             case SIG_RSA_SHA256:
13027                 sha2( message_str, msg_len, hash_result, 0 );
13028                 break;
13029         #endif
13030         #ifdef POLARSSL_SHA4_C
13031             case SIG_RSA_SHA384:
13032                 sha4( message_str, msg_len, hash_result, 1 );
13033                 break;
13034             case SIG_RSA_SHA512:
13035                 sha4( message_str, msg_len, hash_result, 0 );
13036                 break;
13037         #endif
13038             }
13039         
13040             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13041         }
13042         FCT_TEST_END();
13043 
13044 
13045         FCT_TEST_BGN(rsassa_pss_signature_example_8_5)
13046         {
13047             unsigned char message_str[1000];
13048             unsigned char hash_result[1000];
13049             unsigned char output[1000];
13050             unsigned char output_str[1000];
13051             unsigned char rnd_buf[1000];
13052             rsa_context ctx;
13053             mpi P1, Q1, H, G;
13054             size_t msg_len;
13055             rnd_buf_info info;
13056         
13057             info.length = unhexify( rnd_buf, "c558d7167cbb4508ada042971e71b1377eea4269" );
13058             info.buf = rnd_buf;
13059         
13060             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13061             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13062         
13063             memset( message_str, 0x00, 1000 );
13064             memset( hash_result, 0x00, 1000 );
13065             memset( output, 0x00, 1000 );
13066             memset( output_str, 0x00, 1000 );
13067         
13068             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13069             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13070             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13071             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13072             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13073         
13074             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13075             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13076             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13077             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13078             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13079             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13080             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13081             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13082         
13083             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13084         
13085             msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13086         
13087             switch( SIG_RSA_SHA1 )
13088             {
13089         #ifdef POLARSSL_MD2_C
13090             case SIG_RSA_MD2:
13091                 md2( message_str, msg_len, hash_result );
13092                 break;
13093         #endif
13094         #ifdef POLARSSL_MD4_C
13095             case SIG_RSA_MD4:
13096                 md4( message_str, msg_len, hash_result );
13097                 break;
13098         #endif
13099         #ifdef POLARSSL_MD5_C
13100             case SIG_RSA_MD5:
13101                 md5( message_str, msg_len, hash_result );
13102                 break;
13103         #endif
13104         #ifdef POLARSSL_SHA1_C
13105             case SIG_RSA_SHA1:
13106                 sha1( message_str, msg_len, hash_result );
13107                 break;
13108         #endif
13109         #ifdef POLARSSL_SHA2_C
13110             case SIG_RSA_SHA224:
13111                 sha2( message_str, msg_len, hash_result, 1 );
13112                 break;
13113             case SIG_RSA_SHA256:
13114                 sha2( message_str, msg_len, hash_result, 0 );
13115                 break;
13116         #endif
13117         #ifdef POLARSSL_SHA4_C
13118             case SIG_RSA_SHA384:
13119                 sha4( message_str, msg_len, hash_result, 1 );
13120                 break;
13121             case SIG_RSA_SHA512:
13122                 sha4( message_str, msg_len, hash_result, 0 );
13123                 break;
13124         #endif
13125             }
13126         
13127             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13128             if( 0 == 0 )
13129             {
13130                 hexify( output_str, output, ctx.len);
13131         
13132                 fct_chk( strcasecmp( (char *) output_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" ) == 0 );
13133             }
13134         
13135             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13136         }
13137         FCT_TEST_END();
13138 
13139 
13140         FCT_TEST_BGN(rsassa_pss_signature_example_8_5_verify)
13141         {
13142             unsigned char message_str[1000];
13143             unsigned char hash_result[1000];
13144             unsigned char result_str[1000];
13145             rsa_context ctx;
13146             size_t msg_len;
13147         
13148             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13149             memset( message_str, 0x00, 1000 );
13150             memset( hash_result, 0x00, 1000 );
13151             memset( result_str, 0x00, 1000 );
13152         
13153             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13154             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13155             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13156         
13157             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13158         
13159             msg_len = unhexify( message_str, "04dc251be72e88e5723485b6383a637e2fefe07660c519a560b8bc18bdedb86eae2364ea53ba9dca6eb3d2e7d6b806af42b3e87f291b4a8881d5bf572cc9a85e19c86acb28f098f9da0383c566d3c0f58cfd8f395dcf602e5cd40e8c7183f714996e2297ef" );
13160             unhexify( result_str, "33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee" );
13161         
13162             switch( SIG_RSA_SHA1 )
13163             {
13164         #ifdef POLARSSL_MD2_C
13165             case SIG_RSA_MD2:
13166                 md2( message_str, msg_len, hash_result );
13167                 break;
13168         #endif
13169         #ifdef POLARSSL_MD4_C
13170             case SIG_RSA_MD4:
13171                 md4( message_str, msg_len, hash_result );
13172                 break;
13173         #endif
13174         #ifdef POLARSSL_MD5_C
13175             case SIG_RSA_MD5:
13176                 md5( message_str, msg_len, hash_result );
13177                 break;
13178         #endif
13179         #ifdef POLARSSL_SHA1_C
13180             case SIG_RSA_SHA1:
13181                 sha1( message_str, msg_len, hash_result );
13182                 break;
13183         #endif
13184         #ifdef POLARSSL_SHA2_C
13185             case SIG_RSA_SHA224:
13186                 sha2( message_str, msg_len, hash_result, 1 );
13187                 break;
13188             case SIG_RSA_SHA256:
13189                 sha2( message_str, msg_len, hash_result, 0 );
13190                 break;
13191         #endif
13192         #ifdef POLARSSL_SHA4_C
13193             case SIG_RSA_SHA384:
13194                 sha4( message_str, msg_len, hash_result, 1 );
13195                 break;
13196             case SIG_RSA_SHA512:
13197                 sha4( message_str, msg_len, hash_result, 0 );
13198                 break;
13199         #endif
13200             }
13201         
13202             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13203         }
13204         FCT_TEST_END();
13205 
13206 
13207         FCT_TEST_BGN(rsassa_pss_signature_example_8_6)
13208         {
13209             unsigned char message_str[1000];
13210             unsigned char hash_result[1000];
13211             unsigned char output[1000];
13212             unsigned char output_str[1000];
13213             unsigned char rnd_buf[1000];
13214             rsa_context ctx;
13215             mpi P1, Q1, H, G;
13216             size_t msg_len;
13217             rnd_buf_info info;
13218         
13219             info.length = unhexify( rnd_buf, "76fd4e64fdc98eb927a0403e35a084e76ba9f92a" );
13220             info.buf = rnd_buf;
13221         
13222             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13223             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13224         
13225             memset( message_str, 0x00, 1000 );
13226             memset( hash_result, 0x00, 1000 );
13227             memset( output, 0x00, 1000 );
13228             memset( output_str, 0x00, 1000 );
13229         
13230             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13231             fct_chk( mpi_read_string( &ctx.P, 16, "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb" ) == 0 );
13232             fct_chk( mpi_read_string( &ctx.Q, 16, "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d" ) == 0 );
13233             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13234             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13235         
13236             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13237             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13238             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13239             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13240             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13241             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13242             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13243             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13244         
13245             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13246         
13247             msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13248         
13249             switch( SIG_RSA_SHA1 )
13250             {
13251         #ifdef POLARSSL_MD2_C
13252             case SIG_RSA_MD2:
13253                 md2( message_str, msg_len, hash_result );
13254                 break;
13255         #endif
13256         #ifdef POLARSSL_MD4_C
13257             case SIG_RSA_MD4:
13258                 md4( message_str, msg_len, hash_result );
13259                 break;
13260         #endif
13261         #ifdef POLARSSL_MD5_C
13262             case SIG_RSA_MD5:
13263                 md5( message_str, msg_len, hash_result );
13264                 break;
13265         #endif
13266         #ifdef POLARSSL_SHA1_C
13267             case SIG_RSA_SHA1:
13268                 sha1( message_str, msg_len, hash_result );
13269                 break;
13270         #endif
13271         #ifdef POLARSSL_SHA2_C
13272             case SIG_RSA_SHA224:
13273                 sha2( message_str, msg_len, hash_result, 1 );
13274                 break;
13275             case SIG_RSA_SHA256:
13276                 sha2( message_str, msg_len, hash_result, 0 );
13277                 break;
13278         #endif
13279         #ifdef POLARSSL_SHA4_C
13280             case SIG_RSA_SHA384:
13281                 sha4( message_str, msg_len, hash_result, 1 );
13282                 break;
13283             case SIG_RSA_SHA512:
13284                 sha4( message_str, msg_len, hash_result, 0 );
13285                 break;
13286         #endif
13287             }
13288         
13289             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13290             if( 0 == 0 )
13291             {
13292                 hexify( output_str, output, ctx.len);
13293         
13294                 fct_chk( strcasecmp( (char *) output_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" ) == 0 );
13295             }
13296         
13297             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13298         }
13299         FCT_TEST_END();
13300 
13301 
13302         FCT_TEST_BGN(rsassa_pss_signature_example_8_6_verify)
13303         {
13304             unsigned char message_str[1000];
13305             unsigned char hash_result[1000];
13306             unsigned char result_str[1000];
13307             rsa_context ctx;
13308             size_t msg_len;
13309         
13310             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13311             memset( message_str, 0x00, 1000 );
13312             memset( hash_result, 0x00, 1000 );
13313             memset( result_str, 0x00, 1000 );
13314         
13315             ctx.len = 1031 / 8 + ( ( 1031 % 8 ) ? 1 : 0 );
13316             fct_chk( mpi_read_string( &ctx.N, 16, "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f" ) == 0 );
13317             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13318         
13319             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13320         
13321             msg_len = unhexify( message_str, "0ea37df9a6fea4a8b610373c24cf390c20fa6e2135c400c8a34f5c183a7e8ea4c9ae090ed31759f42dc77719cca400ecdcc517acfc7ac6902675b2ef30c509665f3321482fc69a9fb570d15e01c845d0d8e50d2a24cbf1cf0e714975a5db7b18d9e9e9cb91b5cb16869060ed18b7b56245503f0caf90352b8de81cb5a1d9c6336092f0cd" );
13322             unhexify( result_str, "1ed1d848fb1edb44129bd9b354795af97a069a7a00d0151048593e0c72c3517ff9ff2a41d0cb5a0ac860d736a199704f7cb6a53986a88bbd8abcc0076a2ce847880031525d449da2ac78356374c536e343faa7cba42a5aaa6506087791c06a8e989335aed19bfab2d5e67e27fb0c2875af896c21b6e8e7309d04e4f6727e69463e" );
13323         
13324             switch( SIG_RSA_SHA1 )
13325             {
13326         #ifdef POLARSSL_MD2_C
13327             case SIG_RSA_MD2:
13328                 md2( message_str, msg_len, hash_result );
13329                 break;
13330         #endif
13331         #ifdef POLARSSL_MD4_C
13332             case SIG_RSA_MD4:
13333                 md4( message_str, msg_len, hash_result );
13334                 break;
13335         #endif
13336         #ifdef POLARSSL_MD5_C
13337             case SIG_RSA_MD5:
13338                 md5( message_str, msg_len, hash_result );
13339                 break;
13340         #endif
13341         #ifdef POLARSSL_SHA1_C
13342             case SIG_RSA_SHA1:
13343                 sha1( message_str, msg_len, hash_result );
13344                 break;
13345         #endif
13346         #ifdef POLARSSL_SHA2_C
13347             case SIG_RSA_SHA224:
13348                 sha2( message_str, msg_len, hash_result, 1 );
13349                 break;
13350             case SIG_RSA_SHA256:
13351                 sha2( message_str, msg_len, hash_result, 0 );
13352                 break;
13353         #endif
13354         #ifdef POLARSSL_SHA4_C
13355             case SIG_RSA_SHA384:
13356                 sha4( message_str, msg_len, hash_result, 1 );
13357                 break;
13358             case SIG_RSA_SHA512:
13359                 sha4( message_str, msg_len, hash_result, 0 );
13360                 break;
13361         #endif
13362             }
13363         
13364             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13365         }
13366         FCT_TEST_END();
13367 
13368 
13369         FCT_TEST_BGN(rsassa_pss_signature_example_9_1)
13370         {
13371             unsigned char message_str[1000];
13372             unsigned char hash_result[1000];
13373             unsigned char output[1000];
13374             unsigned char output_str[1000];
13375             unsigned char rnd_buf[1000];
13376             rsa_context ctx;
13377             mpi P1, Q1, H, G;
13378             size_t msg_len;
13379             rnd_buf_info info;
13380         
13381             info.length = unhexify( rnd_buf, "c0a425313df8d7564bd2434d311523d5257eed80" );
13382             info.buf = rnd_buf;
13383         
13384             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13385             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13386         
13387             memset( message_str, 0x00, 1000 );
13388             memset( hash_result, 0x00, 1000 );
13389             memset( output, 0x00, 1000 );
13390             memset( output_str, 0x00, 1000 );
13391         
13392             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13393             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13394             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13395             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13396             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13397         
13398             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13399             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13400             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13401             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13402             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13403             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13404             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13405             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13406         
13407             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13408         
13409             msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13410         
13411             switch( SIG_RSA_SHA1 )
13412             {
13413         #ifdef POLARSSL_MD2_C
13414             case SIG_RSA_MD2:
13415                 md2( message_str, msg_len, hash_result );
13416                 break;
13417         #endif
13418         #ifdef POLARSSL_MD4_C
13419             case SIG_RSA_MD4:
13420                 md4( message_str, msg_len, hash_result );
13421                 break;
13422         #endif
13423         #ifdef POLARSSL_MD5_C
13424             case SIG_RSA_MD5:
13425                 md5( message_str, msg_len, hash_result );
13426                 break;
13427         #endif
13428         #ifdef POLARSSL_SHA1_C
13429             case SIG_RSA_SHA1:
13430                 sha1( message_str, msg_len, hash_result );
13431                 break;
13432         #endif
13433         #ifdef POLARSSL_SHA2_C
13434             case SIG_RSA_SHA224:
13435                 sha2( message_str, msg_len, hash_result, 1 );
13436                 break;
13437             case SIG_RSA_SHA256:
13438                 sha2( message_str, msg_len, hash_result, 0 );
13439                 break;
13440         #endif
13441         #ifdef POLARSSL_SHA4_C
13442             case SIG_RSA_SHA384:
13443                 sha4( message_str, msg_len, hash_result, 1 );
13444                 break;
13445             case SIG_RSA_SHA512:
13446                 sha4( message_str, msg_len, hash_result, 0 );
13447                 break;
13448         #endif
13449             }
13450         
13451             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13452             if( 0 == 0 )
13453             {
13454                 hexify( output_str, output, ctx.len);
13455         
13456                 fct_chk( strcasecmp( (char *) output_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" ) == 0 );
13457             }
13458         
13459             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13460         }
13461         FCT_TEST_END();
13462 
13463 
13464         FCT_TEST_BGN(rsassa_pss_signature_example_9_1_verify)
13465         {
13466             unsigned char message_str[1000];
13467             unsigned char hash_result[1000];
13468             unsigned char result_str[1000];
13469             rsa_context ctx;
13470             size_t msg_len;
13471         
13472             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13473             memset( message_str, 0x00, 1000 );
13474             memset( hash_result, 0x00, 1000 );
13475             memset( result_str, 0x00, 1000 );
13476         
13477             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13478             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13479             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13480         
13481             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13482         
13483             msg_len = unhexify( message_str, "a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5" );
13484             unhexify( result_str, "586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e" );
13485         
13486             switch( SIG_RSA_SHA1 )
13487             {
13488         #ifdef POLARSSL_MD2_C
13489             case SIG_RSA_MD2:
13490                 md2( message_str, msg_len, hash_result );
13491                 break;
13492         #endif
13493         #ifdef POLARSSL_MD4_C
13494             case SIG_RSA_MD4:
13495                 md4( message_str, msg_len, hash_result );
13496                 break;
13497         #endif
13498         #ifdef POLARSSL_MD5_C
13499             case SIG_RSA_MD5:
13500                 md5( message_str, msg_len, hash_result );
13501                 break;
13502         #endif
13503         #ifdef POLARSSL_SHA1_C
13504             case SIG_RSA_SHA1:
13505                 sha1( message_str, msg_len, hash_result );
13506                 break;
13507         #endif
13508         #ifdef POLARSSL_SHA2_C
13509             case SIG_RSA_SHA224:
13510                 sha2( message_str, msg_len, hash_result, 1 );
13511                 break;
13512             case SIG_RSA_SHA256:
13513                 sha2( message_str, msg_len, hash_result, 0 );
13514                 break;
13515         #endif
13516         #ifdef POLARSSL_SHA4_C
13517             case SIG_RSA_SHA384:
13518                 sha4( message_str, msg_len, hash_result, 1 );
13519                 break;
13520             case SIG_RSA_SHA512:
13521                 sha4( message_str, msg_len, hash_result, 0 );
13522                 break;
13523         #endif
13524             }
13525         
13526             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13527         }
13528         FCT_TEST_END();
13529 
13530 
13531         FCT_TEST_BGN(rsassa_pss_signature_example_9_2)
13532         {
13533             unsigned char message_str[1000];
13534             unsigned char hash_result[1000];
13535             unsigned char output[1000];
13536             unsigned char output_str[1000];
13537             unsigned char rnd_buf[1000];
13538             rsa_context ctx;
13539             mpi P1, Q1, H, G;
13540             size_t msg_len;
13541             rnd_buf_info info;
13542         
13543             info.length = unhexify( rnd_buf, "b307c43b4850a8dac2f15f32e37839ef8c5c0e91" );
13544             info.buf = rnd_buf;
13545         
13546             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13547             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13548         
13549             memset( message_str, 0x00, 1000 );
13550             memset( hash_result, 0x00, 1000 );
13551             memset( output, 0x00, 1000 );
13552             memset( output_str, 0x00, 1000 );
13553         
13554             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13555             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13556             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13557             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13558             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13559         
13560             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13561             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13562             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13563             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13564             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13565             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13566             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13567             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13568         
13569             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13570         
13571             msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
13572         
13573             switch( SIG_RSA_SHA1 )
13574             {
13575         #ifdef POLARSSL_MD2_C
13576             case SIG_RSA_MD2:
13577                 md2( message_str, msg_len, hash_result );
13578                 break;
13579         #endif
13580         #ifdef POLARSSL_MD4_C
13581             case SIG_RSA_MD4:
13582                 md4( message_str, msg_len, hash_result );
13583                 break;
13584         #endif
13585         #ifdef POLARSSL_MD5_C
13586             case SIG_RSA_MD5:
13587                 md5( message_str, msg_len, hash_result );
13588                 break;
13589         #endif
13590         #ifdef POLARSSL_SHA1_C
13591             case SIG_RSA_SHA1:
13592                 sha1( message_str, msg_len, hash_result );
13593                 break;
13594         #endif
13595         #ifdef POLARSSL_SHA2_C
13596             case SIG_RSA_SHA224:
13597                 sha2( message_str, msg_len, hash_result, 1 );
13598                 break;
13599             case SIG_RSA_SHA256:
13600                 sha2( message_str, msg_len, hash_result, 0 );
13601                 break;
13602         #endif
13603         #ifdef POLARSSL_SHA4_C
13604             case SIG_RSA_SHA384:
13605                 sha4( message_str, msg_len, hash_result, 1 );
13606                 break;
13607             case SIG_RSA_SHA512:
13608                 sha4( message_str, msg_len, hash_result, 0 );
13609                 break;
13610         #endif
13611             }
13612         
13613             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13614             if( 0 == 0 )
13615             {
13616                 hexify( output_str, output, ctx.len);
13617         
13618                 fct_chk( strcasecmp( (char *) output_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" ) == 0 );
13619             }
13620         
13621             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13622         }
13623         FCT_TEST_END();
13624 
13625 
13626         FCT_TEST_BGN(rsassa_pss_signature_example_9_2_verify)
13627         {
13628             unsigned char message_str[1000];
13629             unsigned char hash_result[1000];
13630             unsigned char result_str[1000];
13631             rsa_context ctx;
13632             size_t msg_len;
13633         
13634             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13635             memset( message_str, 0x00, 1000 );
13636             memset( hash_result, 0x00, 1000 );
13637             memset( result_str, 0x00, 1000 );
13638         
13639             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13640             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13641             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13642         
13643             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13644         
13645             msg_len = unhexify( message_str, "c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e" );
13646             unhexify( result_str, "80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958" );
13647         
13648             switch( SIG_RSA_SHA1 )
13649             {
13650         #ifdef POLARSSL_MD2_C
13651             case SIG_RSA_MD2:
13652                 md2( message_str, msg_len, hash_result );
13653                 break;
13654         #endif
13655         #ifdef POLARSSL_MD4_C
13656             case SIG_RSA_MD4:
13657                 md4( message_str, msg_len, hash_result );
13658                 break;
13659         #endif
13660         #ifdef POLARSSL_MD5_C
13661             case SIG_RSA_MD5:
13662                 md5( message_str, msg_len, hash_result );
13663                 break;
13664         #endif
13665         #ifdef POLARSSL_SHA1_C
13666             case SIG_RSA_SHA1:
13667                 sha1( message_str, msg_len, hash_result );
13668                 break;
13669         #endif
13670         #ifdef POLARSSL_SHA2_C
13671             case SIG_RSA_SHA224:
13672                 sha2( message_str, msg_len, hash_result, 1 );
13673                 break;
13674             case SIG_RSA_SHA256:
13675                 sha2( message_str, msg_len, hash_result, 0 );
13676                 break;
13677         #endif
13678         #ifdef POLARSSL_SHA4_C
13679             case SIG_RSA_SHA384:
13680                 sha4( message_str, msg_len, hash_result, 1 );
13681                 break;
13682             case SIG_RSA_SHA512:
13683                 sha4( message_str, msg_len, hash_result, 0 );
13684                 break;
13685         #endif
13686             }
13687         
13688             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13689         }
13690         FCT_TEST_END();
13691 
13692 
13693         FCT_TEST_BGN(rsassa_pss_signature_example_9_3)
13694         {
13695             unsigned char message_str[1000];
13696             unsigned char hash_result[1000];
13697             unsigned char output[1000];
13698             unsigned char output_str[1000];
13699             unsigned char rnd_buf[1000];
13700             rsa_context ctx;
13701             mpi P1, Q1, H, G;
13702             size_t msg_len;
13703             rnd_buf_info info;
13704         
13705             info.length = unhexify( rnd_buf, "9a2b007e80978bbb192c354eb7da9aedfc74dbf5" );
13706             info.buf = rnd_buf;
13707         
13708             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13709             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13710         
13711             memset( message_str, 0x00, 1000 );
13712             memset( hash_result, 0x00, 1000 );
13713             memset( output, 0x00, 1000 );
13714             memset( output_str, 0x00, 1000 );
13715         
13716             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13717             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13718             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13719             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13720             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13721         
13722             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13723             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13724             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13725             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13726             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13727             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13728             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13729             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13730         
13731             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13732         
13733             msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
13734         
13735             switch( SIG_RSA_SHA1 )
13736             {
13737         #ifdef POLARSSL_MD2_C
13738             case SIG_RSA_MD2:
13739                 md2( message_str, msg_len, hash_result );
13740                 break;
13741         #endif
13742         #ifdef POLARSSL_MD4_C
13743             case SIG_RSA_MD4:
13744                 md4( message_str, msg_len, hash_result );
13745                 break;
13746         #endif
13747         #ifdef POLARSSL_MD5_C
13748             case SIG_RSA_MD5:
13749                 md5( message_str, msg_len, hash_result );
13750                 break;
13751         #endif
13752         #ifdef POLARSSL_SHA1_C
13753             case SIG_RSA_SHA1:
13754                 sha1( message_str, msg_len, hash_result );
13755                 break;
13756         #endif
13757         #ifdef POLARSSL_SHA2_C
13758             case SIG_RSA_SHA224:
13759                 sha2( message_str, msg_len, hash_result, 1 );
13760                 break;
13761             case SIG_RSA_SHA256:
13762                 sha2( message_str, msg_len, hash_result, 0 );
13763                 break;
13764         #endif
13765         #ifdef POLARSSL_SHA4_C
13766             case SIG_RSA_SHA384:
13767                 sha4( message_str, msg_len, hash_result, 1 );
13768                 break;
13769             case SIG_RSA_SHA512:
13770                 sha4( message_str, msg_len, hash_result, 0 );
13771                 break;
13772         #endif
13773             }
13774         
13775             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13776             if( 0 == 0 )
13777             {
13778                 hexify( output_str, output, ctx.len);
13779         
13780                 fct_chk( strcasecmp( (char *) output_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" ) == 0 );
13781             }
13782         
13783             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13784         }
13785         FCT_TEST_END();
13786 
13787 
13788         FCT_TEST_BGN(rsassa_pss_signature_example_9_3_verify)
13789         {
13790             unsigned char message_str[1000];
13791             unsigned char hash_result[1000];
13792             unsigned char result_str[1000];
13793             rsa_context ctx;
13794             size_t msg_len;
13795         
13796             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13797             memset( message_str, 0x00, 1000 );
13798             memset( hash_result, 0x00, 1000 );
13799             memset( result_str, 0x00, 1000 );
13800         
13801             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13802             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13803             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13804         
13805             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13806         
13807             msg_len = unhexify( message_str, "0afad42ccd4fc60654a55002d228f52a4a5fe03b8bbb08ca82daca558b44dbe1266e50c0e745a36d9d2904e3408abcd1fd569994063f4a75cc72f2fee2a0cd893a43af1c5b8b487df0a71610024e4f6ddf9f28ad0813c1aab91bcb3c9064d5ff742deffea657094139369e5ea6f4a96319a5cc8224145b545062758fefd1fe3409ae169259c6cdfd6b5f2958e314faecbe69d2cace58ee55179ab9b3e6d1ecc14a557c5febe988595264fc5da1c571462eca798a18a1a4940cdab4a3e92009ccd42e1e947b1314e32238a2dece7d23a89b5b30c751fd0a4a430d2c548594" );
13808             unhexify( result_str, "484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca" );
13809         
13810             switch( SIG_RSA_SHA1 )
13811             {
13812         #ifdef POLARSSL_MD2_C
13813             case SIG_RSA_MD2:
13814                 md2( message_str, msg_len, hash_result );
13815                 break;
13816         #endif
13817         #ifdef POLARSSL_MD4_C
13818             case SIG_RSA_MD4:
13819                 md4( message_str, msg_len, hash_result );
13820                 break;
13821         #endif
13822         #ifdef POLARSSL_MD5_C
13823             case SIG_RSA_MD5:
13824                 md5( message_str, msg_len, hash_result );
13825                 break;
13826         #endif
13827         #ifdef POLARSSL_SHA1_C
13828             case SIG_RSA_SHA1:
13829                 sha1( message_str, msg_len, hash_result );
13830                 break;
13831         #endif
13832         #ifdef POLARSSL_SHA2_C
13833             case SIG_RSA_SHA224:
13834                 sha2( message_str, msg_len, hash_result, 1 );
13835                 break;
13836             case SIG_RSA_SHA256:
13837                 sha2( message_str, msg_len, hash_result, 0 );
13838                 break;
13839         #endif
13840         #ifdef POLARSSL_SHA4_C
13841             case SIG_RSA_SHA384:
13842                 sha4( message_str, msg_len, hash_result, 1 );
13843                 break;
13844             case SIG_RSA_SHA512:
13845                 sha4( message_str, msg_len, hash_result, 0 );
13846                 break;
13847         #endif
13848             }
13849         
13850             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
13851         }
13852         FCT_TEST_END();
13853 
13854 
13855         FCT_TEST_BGN(rsassa_pss_signature_example_9_4)
13856         {
13857             unsigned char message_str[1000];
13858             unsigned char hash_result[1000];
13859             unsigned char output[1000];
13860             unsigned char output_str[1000];
13861             unsigned char rnd_buf[1000];
13862             rsa_context ctx;
13863             mpi P1, Q1, H, G;
13864             size_t msg_len;
13865             rnd_buf_info info;
13866         
13867             info.length = unhexify( rnd_buf, "70f382bddf4d5d2dd88b3bc7b7308be632b84045" );
13868             info.buf = rnd_buf;
13869         
13870             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
13871             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13872         
13873             memset( message_str, 0x00, 1000 );
13874             memset( hash_result, 0x00, 1000 );
13875             memset( output, 0x00, 1000 );
13876             memset( output_str, 0x00, 1000 );
13877         
13878             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13879             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
13880             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
13881             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13882             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13883         
13884             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
13885             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
13886             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
13887             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
13888             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
13889             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
13890             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
13891             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
13892         
13893             fct_chk( rsa_check_privkey( &ctx ) == 0 );
13894         
13895             msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
13896         
13897             switch( SIG_RSA_SHA1 )
13898             {
13899         #ifdef POLARSSL_MD2_C
13900             case SIG_RSA_MD2:
13901                 md2( message_str, msg_len, hash_result );
13902                 break;
13903         #endif
13904         #ifdef POLARSSL_MD4_C
13905             case SIG_RSA_MD4:
13906                 md4( message_str, msg_len, hash_result );
13907                 break;
13908         #endif
13909         #ifdef POLARSSL_MD5_C
13910             case SIG_RSA_MD5:
13911                 md5( message_str, msg_len, hash_result );
13912                 break;
13913         #endif
13914         #ifdef POLARSSL_SHA1_C
13915             case SIG_RSA_SHA1:
13916                 sha1( message_str, msg_len, hash_result );
13917                 break;
13918         #endif
13919         #ifdef POLARSSL_SHA2_C
13920             case SIG_RSA_SHA224:
13921                 sha2( message_str, msg_len, hash_result, 1 );
13922                 break;
13923             case SIG_RSA_SHA256:
13924                 sha2( message_str, msg_len, hash_result, 0 );
13925                 break;
13926         #endif
13927         #ifdef POLARSSL_SHA4_C
13928             case SIG_RSA_SHA384:
13929                 sha4( message_str, msg_len, hash_result, 1 );
13930                 break;
13931             case SIG_RSA_SHA512:
13932                 sha4( message_str, msg_len, hash_result, 0 );
13933                 break;
13934         #endif
13935             }
13936         
13937             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
13938             if( 0 == 0 )
13939             {
13940                 hexify( output_str, output, ctx.len);
13941         
13942                 fct_chk( strcasecmp( (char *) output_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" ) == 0 );
13943             }
13944         
13945             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
13946         }
13947         FCT_TEST_END();
13948 
13949 
13950         FCT_TEST_BGN(rsassa_pss_signature_example_9_4_verify)
13951         {
13952             unsigned char message_str[1000];
13953             unsigned char hash_result[1000];
13954             unsigned char result_str[1000];
13955             rsa_context ctx;
13956             size_t msg_len;
13957         
13958             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
13959             memset( message_str, 0x00, 1000 );
13960             memset( hash_result, 0x00, 1000 );
13961             memset( result_str, 0x00, 1000 );
13962         
13963             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
13964             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
13965             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
13966         
13967             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
13968         
13969             msg_len = unhexify( message_str, "1dfd43b46c93db82629bdae2bd0a12b882ea04c3b465f5cf93023f01059626dbbe99f26bb1be949dddd16dc7f3debb19a194627f0b224434df7d8700e9e98b06e360c12fdbe3d19f51c9684eb9089ecbb0a2f0450399d3f59eac7294085d044f5393c6ce737423d8b86c415370d389e30b9f0a3c02d25d0082e8ad6f3f1ef24a45c3cf82b383367063a4d4613e4264f01b2dac2e5aa42043f8fb5f69fa871d14fb273e767a531c40f02f343bc2fb45a0c7e0f6be2561923a77211d66a6e2dbb43c366350beae22da3ac2c1f5077096fcb5c4bf255f7574351ae0b1e1f03632817c0856d4a8ba97afbdc8b85855402bc56926fcec209f9ea8" );
13970             unhexify( result_str, "84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e" );
13971         
13972             switch( SIG_RSA_SHA1 )
13973             {
13974         #ifdef POLARSSL_MD2_C
13975             case SIG_RSA_MD2:
13976                 md2( message_str, msg_len, hash_result );
13977                 break;
13978         #endif
13979         #ifdef POLARSSL_MD4_C
13980             case SIG_RSA_MD4:
13981                 md4( message_str, msg_len, hash_result );
13982                 break;
13983         #endif
13984         #ifdef POLARSSL_MD5_C
13985             case SIG_RSA_MD5:
13986                 md5( message_str, msg_len, hash_result );
13987                 break;
13988         #endif
13989         #ifdef POLARSSL_SHA1_C
13990             case SIG_RSA_SHA1:
13991                 sha1( message_str, msg_len, hash_result );
13992                 break;
13993         #endif
13994         #ifdef POLARSSL_SHA2_C
13995             case SIG_RSA_SHA224:
13996                 sha2( message_str, msg_len, hash_result, 1 );
13997                 break;
13998             case SIG_RSA_SHA256:
13999                 sha2( message_str, msg_len, hash_result, 0 );
14000                 break;
14001         #endif
14002         #ifdef POLARSSL_SHA4_C
14003             case SIG_RSA_SHA384:
14004                 sha4( message_str, msg_len, hash_result, 1 );
14005                 break;
14006             case SIG_RSA_SHA512:
14007                 sha4( message_str, msg_len, hash_result, 0 );
14008                 break;
14009         #endif
14010             }
14011         
14012             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14013         }
14014         FCT_TEST_END();
14015 
14016 
14017         FCT_TEST_BGN(rsassa_pss_signature_example_9_5)
14018         {
14019             unsigned char message_str[1000];
14020             unsigned char hash_result[1000];
14021             unsigned char output[1000];
14022             unsigned char output_str[1000];
14023             unsigned char rnd_buf[1000];
14024             rsa_context ctx;
14025             mpi P1, Q1, H, G;
14026             size_t msg_len;
14027             rnd_buf_info info;
14028         
14029             info.length = unhexify( rnd_buf, "d689257a86effa68212c5e0c619eca295fb91b67" );
14030             info.buf = rnd_buf;
14031         
14032             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14033             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14034         
14035             memset( message_str, 0x00, 1000 );
14036             memset( hash_result, 0x00, 1000 );
14037             memset( output, 0x00, 1000 );
14038             memset( output_str, 0x00, 1000 );
14039         
14040             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14041             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14042             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14043             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14044             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14045         
14046             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14047             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14048             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14049             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14050             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14051             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14052             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14053             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14054         
14055             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14056         
14057             msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14058         
14059             switch( SIG_RSA_SHA1 )
14060             {
14061         #ifdef POLARSSL_MD2_C
14062             case SIG_RSA_MD2:
14063                 md2( message_str, msg_len, hash_result );
14064                 break;
14065         #endif
14066         #ifdef POLARSSL_MD4_C
14067             case SIG_RSA_MD4:
14068                 md4( message_str, msg_len, hash_result );
14069                 break;
14070         #endif
14071         #ifdef POLARSSL_MD5_C
14072             case SIG_RSA_MD5:
14073                 md5( message_str, msg_len, hash_result );
14074                 break;
14075         #endif
14076         #ifdef POLARSSL_SHA1_C
14077             case SIG_RSA_SHA1:
14078                 sha1( message_str, msg_len, hash_result );
14079                 break;
14080         #endif
14081         #ifdef POLARSSL_SHA2_C
14082             case SIG_RSA_SHA224:
14083                 sha2( message_str, msg_len, hash_result, 1 );
14084                 break;
14085             case SIG_RSA_SHA256:
14086                 sha2( message_str, msg_len, hash_result, 0 );
14087                 break;
14088         #endif
14089         #ifdef POLARSSL_SHA4_C
14090             case SIG_RSA_SHA384:
14091                 sha4( message_str, msg_len, hash_result, 1 );
14092                 break;
14093             case SIG_RSA_SHA512:
14094                 sha4( message_str, msg_len, hash_result, 0 );
14095                 break;
14096         #endif
14097             }
14098         
14099             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14100             if( 0 == 0 )
14101             {
14102                 hexify( output_str, output, ctx.len);
14103         
14104                 fct_chk( strcasecmp( (char *) output_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" ) == 0 );
14105             }
14106         
14107             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14108         }
14109         FCT_TEST_END();
14110 
14111 
14112         FCT_TEST_BGN(rsassa_pss_signature_example_9_5_verify)
14113         {
14114             unsigned char message_str[1000];
14115             unsigned char hash_result[1000];
14116             unsigned char result_str[1000];
14117             rsa_context ctx;
14118             size_t msg_len;
14119         
14120             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14121             memset( message_str, 0x00, 1000 );
14122             memset( hash_result, 0x00, 1000 );
14123             memset( result_str, 0x00, 1000 );
14124         
14125             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14126             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14127             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14128         
14129             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14130         
14131             msg_len = unhexify( message_str, "1bdc6e7c98fb8cf54e9b097b66a831e9cfe52d9d4888448ee4b0978093ba1d7d73ae78b3a62ba4ad95cd289ccb9e005226bb3d178bccaa821fb044a4e21ee97696c14d0678c94c2dae93b0ad73922218553daa7e44ebe57725a7a45cc72b9b2138a6b17c8db411ce8279ee1241aff0a8bec6f77f87edb0c69cb27236e3435a800b192e4f11e519e3fe30fc30eaccca4fbb41769029bf708e817a9e683805be67fa100984683b74838e3bcffa79366eed1d481c76729118838f31ba8a048a93c1be4424598e8df6328b7a77880a3f9c7e2e8dfca8eb5a26fb86bdc556d42bbe01d9fa6ed80646491c9341" );
14132             unhexify( result_str, "82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c" );
14133         
14134             switch( SIG_RSA_SHA1 )
14135             {
14136         #ifdef POLARSSL_MD2_C
14137             case SIG_RSA_MD2:
14138                 md2( message_str, msg_len, hash_result );
14139                 break;
14140         #endif
14141         #ifdef POLARSSL_MD4_C
14142             case SIG_RSA_MD4:
14143                 md4( message_str, msg_len, hash_result );
14144                 break;
14145         #endif
14146         #ifdef POLARSSL_MD5_C
14147             case SIG_RSA_MD5:
14148                 md5( message_str, msg_len, hash_result );
14149                 break;
14150         #endif
14151         #ifdef POLARSSL_SHA1_C
14152             case SIG_RSA_SHA1:
14153                 sha1( message_str, msg_len, hash_result );
14154                 break;
14155         #endif
14156         #ifdef POLARSSL_SHA2_C
14157             case SIG_RSA_SHA224:
14158                 sha2( message_str, msg_len, hash_result, 1 );
14159                 break;
14160             case SIG_RSA_SHA256:
14161                 sha2( message_str, msg_len, hash_result, 0 );
14162                 break;
14163         #endif
14164         #ifdef POLARSSL_SHA4_C
14165             case SIG_RSA_SHA384:
14166                 sha4( message_str, msg_len, hash_result, 1 );
14167                 break;
14168             case SIG_RSA_SHA512:
14169                 sha4( message_str, msg_len, hash_result, 0 );
14170                 break;
14171         #endif
14172             }
14173         
14174             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14175         }
14176         FCT_TEST_END();
14177 
14178 
14179         FCT_TEST_BGN(rsassa_pss_signature_example_9_6)
14180         {
14181             unsigned char message_str[1000];
14182             unsigned char hash_result[1000];
14183             unsigned char output[1000];
14184             unsigned char output_str[1000];
14185             unsigned char rnd_buf[1000];
14186             rsa_context ctx;
14187             mpi P1, Q1, H, G;
14188             size_t msg_len;
14189             rnd_buf_info info;
14190         
14191             info.length = unhexify( rnd_buf, "c25f13bf67d081671a0481a1f1820d613bba2276" );
14192             info.buf = rnd_buf;
14193         
14194             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14195             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14196         
14197             memset( message_str, 0x00, 1000 );
14198             memset( hash_result, 0x00, 1000 );
14199             memset( output, 0x00, 1000 );
14200             memset( output_str, 0x00, 1000 );
14201         
14202             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14203             fct_chk( mpi_read_string( &ctx.P, 16, "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367" ) == 0 );
14204             fct_chk( mpi_read_string( &ctx.Q, 16, "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d" ) == 0 );
14205             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14206             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14207         
14208             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14209             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14210             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14211             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14212             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14213             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14214             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14215             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14216         
14217             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14218         
14219             msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14220         
14221             switch( SIG_RSA_SHA1 )
14222             {
14223         #ifdef POLARSSL_MD2_C
14224             case SIG_RSA_MD2:
14225                 md2( message_str, msg_len, hash_result );
14226                 break;
14227         #endif
14228         #ifdef POLARSSL_MD4_C
14229             case SIG_RSA_MD4:
14230                 md4( message_str, msg_len, hash_result );
14231                 break;
14232         #endif
14233         #ifdef POLARSSL_MD5_C
14234             case SIG_RSA_MD5:
14235                 md5( message_str, msg_len, hash_result );
14236                 break;
14237         #endif
14238         #ifdef POLARSSL_SHA1_C
14239             case SIG_RSA_SHA1:
14240                 sha1( message_str, msg_len, hash_result );
14241                 break;
14242         #endif
14243         #ifdef POLARSSL_SHA2_C
14244             case SIG_RSA_SHA224:
14245                 sha2( message_str, msg_len, hash_result, 1 );
14246                 break;
14247             case SIG_RSA_SHA256:
14248                 sha2( message_str, msg_len, hash_result, 0 );
14249                 break;
14250         #endif
14251         #ifdef POLARSSL_SHA4_C
14252             case SIG_RSA_SHA384:
14253                 sha4( message_str, msg_len, hash_result, 1 );
14254                 break;
14255             case SIG_RSA_SHA512:
14256                 sha4( message_str, msg_len, hash_result, 0 );
14257                 break;
14258         #endif
14259             }
14260         
14261             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14262             if( 0 == 0 )
14263             {
14264                 hexify( output_str, output, ctx.len);
14265         
14266                 fct_chk( strcasecmp( (char *) output_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" ) == 0 );
14267             }
14268         
14269             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14270         }
14271         FCT_TEST_END();
14272 
14273 
14274         FCT_TEST_BGN(rsassa_pss_signature_example_9_6_verify)
14275         {
14276             unsigned char message_str[1000];
14277             unsigned char hash_result[1000];
14278             unsigned char result_str[1000];
14279             rsa_context ctx;
14280             size_t msg_len;
14281         
14282             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14283             memset( message_str, 0x00, 1000 );
14284             memset( hash_result, 0x00, 1000 );
14285             memset( result_str, 0x00, 1000 );
14286         
14287             ctx.len = 1536 / 8 + ( ( 1536 % 8 ) ? 1 : 0 );
14288             fct_chk( mpi_read_string( &ctx.N, 16, "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b" ) == 0 );
14289             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14290         
14291             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14292         
14293             msg_len = unhexify( message_str, "88c7a9f1360401d90e53b101b61c5325c3c75db1b411fbeb8e830b75e96b56670ad245404e16793544ee354bc613a90cc9848715a73db5893e7f6d279815c0c1de83ef8e2956e3a56ed26a888d7a9cdcd042f4b16b7fa51ef1a0573662d16a302d0ec5b285d2e03ad96529c87b3d374db372d95b2443d061b6b1a350ba87807ed083afd1eb05c3f52f4eba5ed2227714fdb50b9d9d9dd6814f62f6272fcd5cdbce7a9ef797" );
14294             unhexify( result_str, "a7fdb0d259165ca2c88d00bbf1028a867d337699d061193b17a9648e14ccbbaadeacaacdec815e7571294ebb8a117af205fa078b47b0712c199e3ad05135c504c24b81705115740802487992ffd511d4afc6b854491eb3f0dd523139542ff15c3101ee85543517c6a3c79417c67e2dd9aa741e9a29b06dcb593c2336b3670ae3afbac7c3e76e215473e866e338ca244de00b62624d6b9426822ceae9f8cc460895f41250073fd45c5a1e7b425c204a423a699159f6903e710b37a7bb2bc8049f" );
14295         
14296             switch( SIG_RSA_SHA1 )
14297             {
14298         #ifdef POLARSSL_MD2_C
14299             case SIG_RSA_MD2:
14300                 md2( message_str, msg_len, hash_result );
14301                 break;
14302         #endif
14303         #ifdef POLARSSL_MD4_C
14304             case SIG_RSA_MD4:
14305                 md4( message_str, msg_len, hash_result );
14306                 break;
14307         #endif
14308         #ifdef POLARSSL_MD5_C
14309             case SIG_RSA_MD5:
14310                 md5( message_str, msg_len, hash_result );
14311                 break;
14312         #endif
14313         #ifdef POLARSSL_SHA1_C
14314             case SIG_RSA_SHA1:
14315                 sha1( message_str, msg_len, hash_result );
14316                 break;
14317         #endif
14318         #ifdef POLARSSL_SHA2_C
14319             case SIG_RSA_SHA224:
14320                 sha2( message_str, msg_len, hash_result, 1 );
14321                 break;
14322             case SIG_RSA_SHA256:
14323                 sha2( message_str, msg_len, hash_result, 0 );
14324                 break;
14325         #endif
14326         #ifdef POLARSSL_SHA4_C
14327             case SIG_RSA_SHA384:
14328                 sha4( message_str, msg_len, hash_result, 1 );
14329                 break;
14330             case SIG_RSA_SHA512:
14331                 sha4( message_str, msg_len, hash_result, 0 );
14332                 break;
14333         #endif
14334             }
14335         
14336             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14337         }
14338         FCT_TEST_END();
14339 
14340 
14341         FCT_TEST_BGN(rsassa_pss_signature_example_10_1)
14342         {
14343             unsigned char message_str[1000];
14344             unsigned char hash_result[1000];
14345             unsigned char output[1000];
14346             unsigned char output_str[1000];
14347             unsigned char rnd_buf[1000];
14348             rsa_context ctx;
14349             mpi P1, Q1, H, G;
14350             size_t msg_len;
14351             rnd_buf_info info;
14352         
14353             info.length = unhexify( rnd_buf, "04e215ee6ff934b9da70d7730c8734abfcecde89" );
14354             info.buf = rnd_buf;
14355         
14356             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14357             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14358         
14359             memset( message_str, 0x00, 1000 );
14360             memset( hash_result, 0x00, 1000 );
14361             memset( output, 0x00, 1000 );
14362             memset( output_str, 0x00, 1000 );
14363         
14364             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14365             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14366             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14367             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14368             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14369         
14370             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14371             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14372             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14373             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14374             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14375             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14376             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14377             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14378         
14379             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14380         
14381             msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14382         
14383             switch( SIG_RSA_SHA1 )
14384             {
14385         #ifdef POLARSSL_MD2_C
14386             case SIG_RSA_MD2:
14387                 md2( message_str, msg_len, hash_result );
14388                 break;
14389         #endif
14390         #ifdef POLARSSL_MD4_C
14391             case SIG_RSA_MD4:
14392                 md4( message_str, msg_len, hash_result );
14393                 break;
14394         #endif
14395         #ifdef POLARSSL_MD5_C
14396             case SIG_RSA_MD5:
14397                 md5( message_str, msg_len, hash_result );
14398                 break;
14399         #endif
14400         #ifdef POLARSSL_SHA1_C
14401             case SIG_RSA_SHA1:
14402                 sha1( message_str, msg_len, hash_result );
14403                 break;
14404         #endif
14405         #ifdef POLARSSL_SHA2_C
14406             case SIG_RSA_SHA224:
14407                 sha2( message_str, msg_len, hash_result, 1 );
14408                 break;
14409             case SIG_RSA_SHA256:
14410                 sha2( message_str, msg_len, hash_result, 0 );
14411                 break;
14412         #endif
14413         #ifdef POLARSSL_SHA4_C
14414             case SIG_RSA_SHA384:
14415                 sha4( message_str, msg_len, hash_result, 1 );
14416                 break;
14417             case SIG_RSA_SHA512:
14418                 sha4( message_str, msg_len, hash_result, 0 );
14419                 break;
14420         #endif
14421             }
14422         
14423             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14424             if( 0 == 0 )
14425             {
14426                 hexify( output_str, output, ctx.len);
14427         
14428                 fct_chk( strcasecmp( (char *) output_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" ) == 0 );
14429             }
14430         
14431             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14432         }
14433         FCT_TEST_END();
14434 
14435 
14436         FCT_TEST_BGN(rsassa_pss_signature_example_10_1_verify)
14437         {
14438             unsigned char message_str[1000];
14439             unsigned char hash_result[1000];
14440             unsigned char result_str[1000];
14441             rsa_context ctx;
14442             size_t msg_len;
14443         
14444             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14445             memset( message_str, 0x00, 1000 );
14446             memset( hash_result, 0x00, 1000 );
14447             memset( result_str, 0x00, 1000 );
14448         
14449             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14450             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14451             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14452         
14453             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14454         
14455             msg_len = unhexify( message_str, "883177e5126b9be2d9a9680327d5370c6f26861f5820c43da67a3ad609" );
14456             unhexify( result_str, "82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666" );
14457         
14458             switch( SIG_RSA_SHA1 )
14459             {
14460         #ifdef POLARSSL_MD2_C
14461             case SIG_RSA_MD2:
14462                 md2( message_str, msg_len, hash_result );
14463                 break;
14464         #endif
14465         #ifdef POLARSSL_MD4_C
14466             case SIG_RSA_MD4:
14467                 md4( message_str, msg_len, hash_result );
14468                 break;
14469         #endif
14470         #ifdef POLARSSL_MD5_C
14471             case SIG_RSA_MD5:
14472                 md5( message_str, msg_len, hash_result );
14473                 break;
14474         #endif
14475         #ifdef POLARSSL_SHA1_C
14476             case SIG_RSA_SHA1:
14477                 sha1( message_str, msg_len, hash_result );
14478                 break;
14479         #endif
14480         #ifdef POLARSSL_SHA2_C
14481             case SIG_RSA_SHA224:
14482                 sha2( message_str, msg_len, hash_result, 1 );
14483                 break;
14484             case SIG_RSA_SHA256:
14485                 sha2( message_str, msg_len, hash_result, 0 );
14486                 break;
14487         #endif
14488         #ifdef POLARSSL_SHA4_C
14489             case SIG_RSA_SHA384:
14490                 sha4( message_str, msg_len, hash_result, 1 );
14491                 break;
14492             case SIG_RSA_SHA512:
14493                 sha4( message_str, msg_len, hash_result, 0 );
14494                 break;
14495         #endif
14496             }
14497         
14498             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14499         }
14500         FCT_TEST_END();
14501 
14502 
14503         FCT_TEST_BGN(rsassa_pss_signature_example_10_2)
14504         {
14505             unsigned char message_str[1000];
14506             unsigned char hash_result[1000];
14507             unsigned char output[1000];
14508             unsigned char output_str[1000];
14509             unsigned char rnd_buf[1000];
14510             rsa_context ctx;
14511             mpi P1, Q1, H, G;
14512             size_t msg_len;
14513             rnd_buf_info info;
14514         
14515             info.length = unhexify( rnd_buf, "8b2bdd4b40faf545c778ddf9bc1a49cb57f9b71b" );
14516             info.buf = rnd_buf;
14517         
14518             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14519             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14520         
14521             memset( message_str, 0x00, 1000 );
14522             memset( hash_result, 0x00, 1000 );
14523             memset( output, 0x00, 1000 );
14524             memset( output_str, 0x00, 1000 );
14525         
14526             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14527             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14528             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14529             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14530             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14531         
14532             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14533             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14534             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14535             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14536             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14537             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14538             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14539             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14540         
14541             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14542         
14543             msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
14544         
14545             switch( SIG_RSA_SHA1 )
14546             {
14547         #ifdef POLARSSL_MD2_C
14548             case SIG_RSA_MD2:
14549                 md2( message_str, msg_len, hash_result );
14550                 break;
14551         #endif
14552         #ifdef POLARSSL_MD4_C
14553             case SIG_RSA_MD4:
14554                 md4( message_str, msg_len, hash_result );
14555                 break;
14556         #endif
14557         #ifdef POLARSSL_MD5_C
14558             case SIG_RSA_MD5:
14559                 md5( message_str, msg_len, hash_result );
14560                 break;
14561         #endif
14562         #ifdef POLARSSL_SHA1_C
14563             case SIG_RSA_SHA1:
14564                 sha1( message_str, msg_len, hash_result );
14565                 break;
14566         #endif
14567         #ifdef POLARSSL_SHA2_C
14568             case SIG_RSA_SHA224:
14569                 sha2( message_str, msg_len, hash_result, 1 );
14570                 break;
14571             case SIG_RSA_SHA256:
14572                 sha2( message_str, msg_len, hash_result, 0 );
14573                 break;
14574         #endif
14575         #ifdef POLARSSL_SHA4_C
14576             case SIG_RSA_SHA384:
14577                 sha4( message_str, msg_len, hash_result, 1 );
14578                 break;
14579             case SIG_RSA_SHA512:
14580                 sha4( message_str, msg_len, hash_result, 0 );
14581                 break;
14582         #endif
14583             }
14584         
14585             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14586             if( 0 == 0 )
14587             {
14588                 hexify( output_str, output, ctx.len);
14589         
14590                 fct_chk( strcasecmp( (char *) output_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" ) == 0 );
14591             }
14592         
14593             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14594         }
14595         FCT_TEST_END();
14596 
14597 
14598         FCT_TEST_BGN(rsassa_pss_signature_example_10_2_verify)
14599         {
14600             unsigned char message_str[1000];
14601             unsigned char hash_result[1000];
14602             unsigned char result_str[1000];
14603             rsa_context ctx;
14604             size_t msg_len;
14605         
14606             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14607             memset( message_str, 0x00, 1000 );
14608             memset( hash_result, 0x00, 1000 );
14609             memset( result_str, 0x00, 1000 );
14610         
14611             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14612             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14613             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14614         
14615             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14616         
14617             msg_len = unhexify( message_str, "dd670a01465868adc93f26131957a50c52fb777cdbaa30892c9e12361164ec13979d43048118e4445db87bee58dd987b3425d02071d8dbae80708b039dbb64dbd1de5657d9fed0c118a54143742e0ff3c87f74e45857647af3f79eb0a14c9d75ea9a1a04b7cf478a897a708fd988f48e801edb0b7039df8c23bb3c56f4e821ac" );
14618             unhexify( result_str, "14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3" );
14619         
14620             switch( SIG_RSA_SHA1 )
14621             {
14622         #ifdef POLARSSL_MD2_C
14623             case SIG_RSA_MD2:
14624                 md2( message_str, msg_len, hash_result );
14625                 break;
14626         #endif
14627         #ifdef POLARSSL_MD4_C
14628             case SIG_RSA_MD4:
14629                 md4( message_str, msg_len, hash_result );
14630                 break;
14631         #endif
14632         #ifdef POLARSSL_MD5_C
14633             case SIG_RSA_MD5:
14634                 md5( message_str, msg_len, hash_result );
14635                 break;
14636         #endif
14637         #ifdef POLARSSL_SHA1_C
14638             case SIG_RSA_SHA1:
14639                 sha1( message_str, msg_len, hash_result );
14640                 break;
14641         #endif
14642         #ifdef POLARSSL_SHA2_C
14643             case SIG_RSA_SHA224:
14644                 sha2( message_str, msg_len, hash_result, 1 );
14645                 break;
14646             case SIG_RSA_SHA256:
14647                 sha2( message_str, msg_len, hash_result, 0 );
14648                 break;
14649         #endif
14650         #ifdef POLARSSL_SHA4_C
14651             case SIG_RSA_SHA384:
14652                 sha4( message_str, msg_len, hash_result, 1 );
14653                 break;
14654             case SIG_RSA_SHA512:
14655                 sha4( message_str, msg_len, hash_result, 0 );
14656                 break;
14657         #endif
14658             }
14659         
14660             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14661         }
14662         FCT_TEST_END();
14663 
14664 
14665         FCT_TEST_BGN(rsassa_pss_signature_example_10_3)
14666         {
14667             unsigned char message_str[1000];
14668             unsigned char hash_result[1000];
14669             unsigned char output[1000];
14670             unsigned char output_str[1000];
14671             unsigned char rnd_buf[1000];
14672             rsa_context ctx;
14673             mpi P1, Q1, H, G;
14674             size_t msg_len;
14675             rnd_buf_info info;
14676         
14677             info.length = unhexify( rnd_buf, "4e96fc1b398f92b44671010c0dc3efd6e20c2d73" );
14678             info.buf = rnd_buf;
14679         
14680             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14681             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14682         
14683             memset( message_str, 0x00, 1000 );
14684             memset( hash_result, 0x00, 1000 );
14685             memset( output, 0x00, 1000 );
14686             memset( output_str, 0x00, 1000 );
14687         
14688             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14689             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14690             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14691             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14692             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14693         
14694             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14695             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14696             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14697             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14698             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14699             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14700             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14701             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14702         
14703             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14704         
14705             msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
14706         
14707             switch( SIG_RSA_SHA1 )
14708             {
14709         #ifdef POLARSSL_MD2_C
14710             case SIG_RSA_MD2:
14711                 md2( message_str, msg_len, hash_result );
14712                 break;
14713         #endif
14714         #ifdef POLARSSL_MD4_C
14715             case SIG_RSA_MD4:
14716                 md4( message_str, msg_len, hash_result );
14717                 break;
14718         #endif
14719         #ifdef POLARSSL_MD5_C
14720             case SIG_RSA_MD5:
14721                 md5( message_str, msg_len, hash_result );
14722                 break;
14723         #endif
14724         #ifdef POLARSSL_SHA1_C
14725             case SIG_RSA_SHA1:
14726                 sha1( message_str, msg_len, hash_result );
14727                 break;
14728         #endif
14729         #ifdef POLARSSL_SHA2_C
14730             case SIG_RSA_SHA224:
14731                 sha2( message_str, msg_len, hash_result, 1 );
14732                 break;
14733             case SIG_RSA_SHA256:
14734                 sha2( message_str, msg_len, hash_result, 0 );
14735                 break;
14736         #endif
14737         #ifdef POLARSSL_SHA4_C
14738             case SIG_RSA_SHA384:
14739                 sha4( message_str, msg_len, hash_result, 1 );
14740                 break;
14741             case SIG_RSA_SHA512:
14742                 sha4( message_str, msg_len, hash_result, 0 );
14743                 break;
14744         #endif
14745             }
14746         
14747             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14748             if( 0 == 0 )
14749             {
14750                 hexify( output_str, output, ctx.len);
14751         
14752                 fct_chk( strcasecmp( (char *) output_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" ) == 0 );
14753             }
14754         
14755             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14756         }
14757         FCT_TEST_END();
14758 
14759 
14760         FCT_TEST_BGN(rsassa_pss_signature_example_10_3_verify)
14761         {
14762             unsigned char message_str[1000];
14763             unsigned char hash_result[1000];
14764             unsigned char result_str[1000];
14765             rsa_context ctx;
14766             size_t msg_len;
14767         
14768             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14769             memset( message_str, 0x00, 1000 );
14770             memset( hash_result, 0x00, 1000 );
14771             memset( result_str, 0x00, 1000 );
14772         
14773             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14774             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14775             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14776         
14777             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14778         
14779             msg_len = unhexify( message_str, "48b2b6a57a63c84cea859d65c668284b08d96bdcaabe252db0e4a96cb1bac6019341db6fbefb8d106b0e90eda6bcc6c6262f37e7ea9c7e5d226bd7df85ec5e71efff2f54c5db577ff729ff91b842491de2741d0c631607df586b905b23b91af13da12304bf83eca8a73e871ff9db" );
14780             unhexify( result_str, "6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb" );
14781         
14782             switch( SIG_RSA_SHA1 )
14783             {
14784         #ifdef POLARSSL_MD2_C
14785             case SIG_RSA_MD2:
14786                 md2( message_str, msg_len, hash_result );
14787                 break;
14788         #endif
14789         #ifdef POLARSSL_MD4_C
14790             case SIG_RSA_MD4:
14791                 md4( message_str, msg_len, hash_result );
14792                 break;
14793         #endif
14794         #ifdef POLARSSL_MD5_C
14795             case SIG_RSA_MD5:
14796                 md5( message_str, msg_len, hash_result );
14797                 break;
14798         #endif
14799         #ifdef POLARSSL_SHA1_C
14800             case SIG_RSA_SHA1:
14801                 sha1( message_str, msg_len, hash_result );
14802                 break;
14803         #endif
14804         #ifdef POLARSSL_SHA2_C
14805             case SIG_RSA_SHA224:
14806                 sha2( message_str, msg_len, hash_result, 1 );
14807                 break;
14808             case SIG_RSA_SHA256:
14809                 sha2( message_str, msg_len, hash_result, 0 );
14810                 break;
14811         #endif
14812         #ifdef POLARSSL_SHA4_C
14813             case SIG_RSA_SHA384:
14814                 sha4( message_str, msg_len, hash_result, 1 );
14815                 break;
14816             case SIG_RSA_SHA512:
14817                 sha4( message_str, msg_len, hash_result, 0 );
14818                 break;
14819         #endif
14820             }
14821         
14822             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14823         }
14824         FCT_TEST_END();
14825 
14826 
14827         FCT_TEST_BGN(rsassa_pss_signature_example_10_4)
14828         {
14829             unsigned char message_str[1000];
14830             unsigned char hash_result[1000];
14831             unsigned char output[1000];
14832             unsigned char output_str[1000];
14833             unsigned char rnd_buf[1000];
14834             rsa_context ctx;
14835             mpi P1, Q1, H, G;
14836             size_t msg_len;
14837             rnd_buf_info info;
14838         
14839             info.length = unhexify( rnd_buf, "c7cd698d84b65128d8835e3a8b1eb0e01cb541ec" );
14840             info.buf = rnd_buf;
14841         
14842             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
14843             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14844         
14845             memset( message_str, 0x00, 1000 );
14846             memset( hash_result, 0x00, 1000 );
14847             memset( output, 0x00, 1000 );
14848             memset( output_str, 0x00, 1000 );
14849         
14850             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14851             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
14852             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
14853             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14854             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14855         
14856             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
14857             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
14858             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
14859             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
14860             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
14861             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
14862             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
14863             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
14864         
14865             fct_chk( rsa_check_privkey( &ctx ) == 0 );
14866         
14867             msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
14868         
14869             switch( SIG_RSA_SHA1 )
14870             {
14871         #ifdef POLARSSL_MD2_C
14872             case SIG_RSA_MD2:
14873                 md2( message_str, msg_len, hash_result );
14874                 break;
14875         #endif
14876         #ifdef POLARSSL_MD4_C
14877             case SIG_RSA_MD4:
14878                 md4( message_str, msg_len, hash_result );
14879                 break;
14880         #endif
14881         #ifdef POLARSSL_MD5_C
14882             case SIG_RSA_MD5:
14883                 md5( message_str, msg_len, hash_result );
14884                 break;
14885         #endif
14886         #ifdef POLARSSL_SHA1_C
14887             case SIG_RSA_SHA1:
14888                 sha1( message_str, msg_len, hash_result );
14889                 break;
14890         #endif
14891         #ifdef POLARSSL_SHA2_C
14892             case SIG_RSA_SHA224:
14893                 sha2( message_str, msg_len, hash_result, 1 );
14894                 break;
14895             case SIG_RSA_SHA256:
14896                 sha2( message_str, msg_len, hash_result, 0 );
14897                 break;
14898         #endif
14899         #ifdef POLARSSL_SHA4_C
14900             case SIG_RSA_SHA384:
14901                 sha4( message_str, msg_len, hash_result, 1 );
14902                 break;
14903             case SIG_RSA_SHA512:
14904                 sha4( message_str, msg_len, hash_result, 0 );
14905                 break;
14906         #endif
14907             }
14908         
14909             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
14910             if( 0 == 0 )
14911             {
14912                 hexify( output_str, output, ctx.len);
14913         
14914                 fct_chk( strcasecmp( (char *) output_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" ) == 0 );
14915             }
14916         
14917             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
14918         }
14919         FCT_TEST_END();
14920 
14921 
14922         FCT_TEST_BGN(rsassa_pss_signature_example_10_4_verify)
14923         {
14924             unsigned char message_str[1000];
14925             unsigned char hash_result[1000];
14926             unsigned char result_str[1000];
14927             rsa_context ctx;
14928             size_t msg_len;
14929         
14930             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
14931             memset( message_str, 0x00, 1000 );
14932             memset( hash_result, 0x00, 1000 );
14933             memset( result_str, 0x00, 1000 );
14934         
14935             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
14936             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
14937             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
14938         
14939             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
14940         
14941             msg_len = unhexify( message_str, "0b8777c7f839baf0a64bbbdbc5ce79755c57a205b845c174e2d2e90546a089c4e6ec8adffa23a7ea97bae6b65d782b82db5d2b5a56d22a29a05e7c4433e2b82a621abba90add05ce393fc48a840542451a" );
14942             unhexify( result_str, "34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb" );
14943         
14944             switch( SIG_RSA_SHA1 )
14945             {
14946         #ifdef POLARSSL_MD2_C
14947             case SIG_RSA_MD2:
14948                 md2( message_str, msg_len, hash_result );
14949                 break;
14950         #endif
14951         #ifdef POLARSSL_MD4_C
14952             case SIG_RSA_MD4:
14953                 md4( message_str, msg_len, hash_result );
14954                 break;
14955         #endif
14956         #ifdef POLARSSL_MD5_C
14957             case SIG_RSA_MD5:
14958                 md5( message_str, msg_len, hash_result );
14959                 break;
14960         #endif
14961         #ifdef POLARSSL_SHA1_C
14962             case SIG_RSA_SHA1:
14963                 sha1( message_str, msg_len, hash_result );
14964                 break;
14965         #endif
14966         #ifdef POLARSSL_SHA2_C
14967             case SIG_RSA_SHA224:
14968                 sha2( message_str, msg_len, hash_result, 1 );
14969                 break;
14970             case SIG_RSA_SHA256:
14971                 sha2( message_str, msg_len, hash_result, 0 );
14972                 break;
14973         #endif
14974         #ifdef POLARSSL_SHA4_C
14975             case SIG_RSA_SHA384:
14976                 sha4( message_str, msg_len, hash_result, 1 );
14977                 break;
14978             case SIG_RSA_SHA512:
14979                 sha4( message_str, msg_len, hash_result, 0 );
14980                 break;
14981         #endif
14982             }
14983         
14984             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
14985         }
14986         FCT_TEST_END();
14987 
14988 
14989         FCT_TEST_BGN(rsassa_pss_signature_example_10_5)
14990         {
14991             unsigned char message_str[1000];
14992             unsigned char hash_result[1000];
14993             unsigned char output[1000];
14994             unsigned char output_str[1000];
14995             unsigned char rnd_buf[1000];
14996             rsa_context ctx;
14997             mpi P1, Q1, H, G;
14998             size_t msg_len;
14999             rnd_buf_info info;
15000         
15001             info.length = unhexify( rnd_buf, "efa8bff96212b2f4a3f371a10d574152655f5dfb" );
15002             info.buf = rnd_buf;
15003         
15004             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15005             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
15006         
15007             memset( message_str, 0x00, 1000 );
15008             memset( hash_result, 0x00, 1000 );
15009             memset( output, 0x00, 1000 );
15010             memset( output_str, 0x00, 1000 );
15011         
15012             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15013             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15014             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15015             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15016             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15017         
15018             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15019             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15020             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15021             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
15022             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
15023             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15024             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15025             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15026         
15027             fct_chk( rsa_check_privkey( &ctx ) == 0 );
15028         
15029             msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15030         
15031             switch( SIG_RSA_SHA1 )
15032             {
15033         #ifdef POLARSSL_MD2_C
15034             case SIG_RSA_MD2:
15035                 md2( message_str, msg_len, hash_result );
15036                 break;
15037         #endif
15038         #ifdef POLARSSL_MD4_C
15039             case SIG_RSA_MD4:
15040                 md4( message_str, msg_len, hash_result );
15041                 break;
15042         #endif
15043         #ifdef POLARSSL_MD5_C
15044             case SIG_RSA_MD5:
15045                 md5( message_str, msg_len, hash_result );
15046                 break;
15047         #endif
15048         #ifdef POLARSSL_SHA1_C
15049             case SIG_RSA_SHA1:
15050                 sha1( message_str, msg_len, hash_result );
15051                 break;
15052         #endif
15053         #ifdef POLARSSL_SHA2_C
15054             case SIG_RSA_SHA224:
15055                 sha2( message_str, msg_len, hash_result, 1 );
15056                 break;
15057             case SIG_RSA_SHA256:
15058                 sha2( message_str, msg_len, hash_result, 0 );
15059                 break;
15060         #endif
15061         #ifdef POLARSSL_SHA4_C
15062             case SIG_RSA_SHA384:
15063                 sha4( message_str, msg_len, hash_result, 1 );
15064                 break;
15065             case SIG_RSA_SHA512:
15066                 sha4( message_str, msg_len, hash_result, 0 );
15067                 break;
15068         #endif
15069             }
15070         
15071             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15072             if( 0 == 0 )
15073             {
15074                 hexify( output_str, output, ctx.len);
15075         
15076                 fct_chk( strcasecmp( (char *) output_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" ) == 0 );
15077             }
15078         
15079             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15080         }
15081         FCT_TEST_END();
15082 
15083 
15084         FCT_TEST_BGN(rsassa_pss_signature_example_10_5_verify)
15085         {
15086             unsigned char message_str[1000];
15087             unsigned char hash_result[1000];
15088             unsigned char result_str[1000];
15089             rsa_context ctx;
15090             size_t msg_len;
15091         
15092             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
15093             memset( message_str, 0x00, 1000 );
15094             memset( hash_result, 0x00, 1000 );
15095             memset( result_str, 0x00, 1000 );
15096         
15097             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15098             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15099             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15100         
15101             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15102         
15103             msg_len = unhexify( message_str, "f1036e008e71e964dadc9219ed30e17f06b4b68a955c16b312b1eddf028b74976bed6b3f6a63d4e77859243c9cccdc98016523abb02483b35591c33aad81213bb7c7bb1a470aabc10d44256c4d4559d916" );
15104             unhexify( result_str, "7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc" );
15105         
15106             switch( SIG_RSA_SHA1 )
15107             {
15108         #ifdef POLARSSL_MD2_C
15109             case SIG_RSA_MD2:
15110                 md2( message_str, msg_len, hash_result );
15111                 break;
15112         #endif
15113         #ifdef POLARSSL_MD4_C
15114             case SIG_RSA_MD4:
15115                 md4( message_str, msg_len, hash_result );
15116                 break;
15117         #endif
15118         #ifdef POLARSSL_MD5_C
15119             case SIG_RSA_MD5:
15120                 md5( message_str, msg_len, hash_result );
15121                 break;
15122         #endif
15123         #ifdef POLARSSL_SHA1_C
15124             case SIG_RSA_SHA1:
15125                 sha1( message_str, msg_len, hash_result );
15126                 break;
15127         #endif
15128         #ifdef POLARSSL_SHA2_C
15129             case SIG_RSA_SHA224:
15130                 sha2( message_str, msg_len, hash_result, 1 );
15131                 break;
15132             case SIG_RSA_SHA256:
15133                 sha2( message_str, msg_len, hash_result, 0 );
15134                 break;
15135         #endif
15136         #ifdef POLARSSL_SHA4_C
15137             case SIG_RSA_SHA384:
15138                 sha4( message_str, msg_len, hash_result, 1 );
15139                 break;
15140             case SIG_RSA_SHA512:
15141                 sha4( message_str, msg_len, hash_result, 0 );
15142                 break;
15143         #endif
15144             }
15145         
15146             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15147         }
15148         FCT_TEST_END();
15149 
15150 
15151         FCT_TEST_BGN(rsassa_pss_signature_example_10_6)
15152         {
15153             unsigned char message_str[1000];
15154             unsigned char hash_result[1000];
15155             unsigned char output[1000];
15156             unsigned char output_str[1000];
15157             unsigned char rnd_buf[1000];
15158             rsa_context ctx;
15159             mpi P1, Q1, H, G;
15160             size_t msg_len;
15161             rnd_buf_info info;
15162         
15163             info.length = unhexify( rnd_buf, "ad8b1523703646224b660b550885917ca2d1df28" );
15164             info.buf = rnd_buf;
15165         
15166             mpi_init( &P1 ); mpi_init( &Q1 ); mpi_init( &H ); mpi_init( &G );
15167             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
15168         
15169             memset( message_str, 0x00, 1000 );
15170             memset( hash_result, 0x00, 1000 );
15171             memset( output, 0x00, 1000 );
15172             memset( output_str, 0x00, 1000 );
15173         
15174             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15175             fct_chk( mpi_read_string( &ctx.P, 16, "cfd50283feeeb97f6f08d73cbc7b3836f82bbcd499479f5e6f76fdfcb8b38c4f71dc9e88bd6a6f76371afd65d2af1862b32afb34a95f71b8b132043ffebe3a952baf7592448148c03f9c69b1d68e4ce5cf32c86baf46fed301ca1ab403069b32f456b91f71898ab081cd8c4252ef5271915c9794b8f295851da7510f99cb73eb" ) == 0 );
15176             fct_chk( mpi_read_string( &ctx.Q, 16, "cc4e90d2a1b3a065d3b2d1f5a8fce31b544475664eab561d2971b99fb7bef844e8ec1f360b8c2ac8359692971ea6a38f723fcc211f5dbcb177a0fdac5164a1d4ff7fbb4e829986353cb983659a148cdd420c7d31ba3822ea90a32be46c030e8c17e1fa0ad37859e06b0aa6fa3b216d9cbe6c0e22339769c0a615913e5da719cf" ) == 0 );
15177             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15178             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15179         
15180             fct_chk( mpi_sub_int( &P1, &ctx.P, 1 ) == 0 );
15181             fct_chk( mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 );
15182             fct_chk( mpi_mul_mpi( &H, &P1, &Q1 ) == 0 );
15183             fct_chk( mpi_gcd( &G, &ctx.E, &H  ) == 0 );
15184             fct_chk( mpi_inv_mod( &ctx.D , &ctx.E, &H  ) == 0 );
15185             fct_chk( mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 );
15186             fct_chk( mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 );
15187             fct_chk( mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 );
15188         
15189             fct_chk( rsa_check_privkey( &ctx ) == 0 );
15190         
15191             msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15192         
15193             switch( SIG_RSA_SHA1 )
15194             {
15195         #ifdef POLARSSL_MD2_C
15196             case SIG_RSA_MD2:
15197                 md2( message_str, msg_len, hash_result );
15198                 break;
15199         #endif
15200         #ifdef POLARSSL_MD4_C
15201             case SIG_RSA_MD4:
15202                 md4( message_str, msg_len, hash_result );
15203                 break;
15204         #endif
15205         #ifdef POLARSSL_MD5_C
15206             case SIG_RSA_MD5:
15207                 md5( message_str, msg_len, hash_result );
15208                 break;
15209         #endif
15210         #ifdef POLARSSL_SHA1_C
15211             case SIG_RSA_SHA1:
15212                 sha1( message_str, msg_len, hash_result );
15213                 break;
15214         #endif
15215         #ifdef POLARSSL_SHA2_C
15216             case SIG_RSA_SHA224:
15217                 sha2( message_str, msg_len, hash_result, 1 );
15218                 break;
15219             case SIG_RSA_SHA256:
15220                 sha2( message_str, msg_len, hash_result, 0 );
15221                 break;
15222         #endif
15223         #ifdef POLARSSL_SHA4_C
15224             case SIG_RSA_SHA384:
15225                 sha4( message_str, msg_len, hash_result, 1 );
15226                 break;
15227             case SIG_RSA_SHA512:
15228                 sha4( message_str, msg_len, hash_result, 0 );
15229                 break;
15230         #endif
15231             }
15232         
15233             fct_chk( rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, RSA_PRIVATE, SIG_RSA_SHA1, 0, hash_result, output ) == 0 );
15234             if( 0 == 0 )
15235             {
15236                 hexify( output_str, output, ctx.len);
15237         
15238                 fct_chk( strcasecmp( (char *) output_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" ) == 0 );
15239             }
15240         
15241             mpi_free( &P1 ); mpi_free( &Q1 ); mpi_free( &H ); mpi_free( &G );
15242         }
15243         FCT_TEST_END();
15244 
15245 
15246         FCT_TEST_BGN(rsassa_pss_signature_example_10_6_verify)
15247         {
15248             unsigned char message_str[1000];
15249             unsigned char hash_result[1000];
15250             unsigned char result_str[1000];
15251             rsa_context ctx;
15252             size_t msg_len;
15253         
15254             rsa_init( &ctx, RSA_PKCS_V21, POLARSSL_MD_SHA1 );
15255             memset( message_str, 0x00, 1000 );
15256             memset( hash_result, 0x00, 1000 );
15257             memset( result_str, 0x00, 1000 );
15258         
15259             ctx.len = 2048 / 8 + ( ( 2048 % 8 ) ? 1 : 0 );
15260             fct_chk( mpi_read_string( &ctx.N, 16, "a5dd867ac4cb02f90b9457d48c14a770ef991c56c39c0ec65fd11afa8937cea57b9be7ac73b45c0017615b82d622e318753b6027c0fd157be12f8090fee2a7adcd0eef759f88ba4997c7a42d58c9aa12cb99ae001fe521c13bb5431445a8d5ae4f5e4c7e948ac227d3604071f20e577e905fbeb15dfaf06d1de5ae6253d63a6a2120b31a5da5dabc9550600e20f27d3739e2627925fea3cc509f21dff04e6eea4549c540d6809ff9307eede91fff58733d8385a237d6d3705a33e391900992070df7adf1357cf7e3700ce3667de83f17b8df1778db381dce09cb4ad058a511001a738198ee27cf55a13b754539906582ec8b174bd58d5d1f3d767c613721ae05" ) == 0 );
15261             fct_chk( mpi_read_string( &ctx.E, 16, "010001" ) == 0 );
15262         
15263             fct_chk( rsa_check_pubkey( &ctx ) == 0 );
15264         
15265             msg_len = unhexify( message_str, "25f10895a87716c137450bb9519dfaa1f207faa942ea88abf71e9c17980085b555aebab76264ae2a3ab93c2d12981191ddac6fb5949eb36aee3c5da940f00752c916d94608fa7d97ba6a2915b688f20323d4e9d96801d89a72ab5892dc2117c07434fcf972e058cf8c41ca4b4ff554f7d5068ad3155fced0f3125bc04f9193378a8f5c4c3b8cb4dd6d1cc69d30ecca6eaa51e36a05730e9e342e855baf099defb8afd7" );
15266             unhexify( result_str, "6d3b5b87f67ea657af21f75441977d2180f91b2c5f692de82955696a686730d9b9778d970758ccb26071c2209ffbd6125be2e96ea81b67cb9b9308239fda17f7b2b64ecda096b6b935640a5a1cb42a9155b1c9ef7a633a02c59f0d6ee59b852c43b35029e73c940ff0410e8f114eed46bbd0fae165e42be2528a401c3b28fd818ef3232dca9f4d2a0f5166ec59c42396d6c11dbc1215a56fa17169db9575343ef34f9de32a49cdc3174922f229c23e18e45df9353119ec4319cedce7a17c64088c1f6f52be29634100b3919d38f3d1ed94e6891e66a73b8fb849f5874df59459e298c7bbce2eee782a195aa66fe2d0732b25e595f57d3e061b1fc3e4063bf98f" );
15267         
15268             switch( SIG_RSA_SHA1 )
15269             {
15270         #ifdef POLARSSL_MD2_C
15271             case SIG_RSA_MD2:
15272                 md2( message_str, msg_len, hash_result );
15273                 break;
15274         #endif
15275         #ifdef POLARSSL_MD4_C
15276             case SIG_RSA_MD4:
15277                 md4( message_str, msg_len, hash_result );
15278                 break;
15279         #endif
15280         #ifdef POLARSSL_MD5_C
15281             case SIG_RSA_MD5:
15282                 md5( message_str, msg_len, hash_result );
15283                 break;
15284         #endif
15285         #ifdef POLARSSL_SHA1_C
15286             case SIG_RSA_SHA1:
15287                 sha1( message_str, msg_len, hash_result );
15288                 break;
15289         #endif
15290         #ifdef POLARSSL_SHA2_C
15291             case SIG_RSA_SHA224:
15292                 sha2( message_str, msg_len, hash_result, 1 );
15293                 break;
15294             case SIG_RSA_SHA256:
15295                 sha2( message_str, msg_len, hash_result, 0 );
15296                 break;
15297         #endif
15298         #ifdef POLARSSL_SHA4_C
15299             case SIG_RSA_SHA384:
15300                 sha4( message_str, msg_len, hash_result, 1 );
15301                 break;
15302             case SIG_RSA_SHA512:
15303                 sha4( message_str, msg_len, hash_result, 0 );
15304                 break;
15305         #endif
15306             }
15307         
15308             fct_chk( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_SHA1, 0, hash_result, result_str ) == 0 );
15309         }
15310         FCT_TEST_END();
15311 
15312     }
15313     FCT_SUITE_END();
15314 
15315 #endif /* POLARSSL_PKCS1_V21 */
15316 #endif /* POLARSSL_RSA_C */
15317 #endif /* POLARSSL_BIGNUM_C */
15318 #endif /* POLARSSL_SHA1_C */
15319 #endif /* POLARSSL_GENPRIME */
15320 
15321 }
15322 FCT_END();
15323