diff options
Diffstat (limited to 'test')
38 files changed, 21281 insertions, 0 deletions
diff --git a/test/bftest.c b/test/bftest.c new file mode 100644 index 0000000000..e581bf50ab --- /dev/null +++ b/test/bftest.c @@ -0,0 +1,537 @@ +/* crypto/bf/bftest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC2 modes, more of the code will be uncommented. + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */ + +#include "../e_os.h" + +#ifdef OPENSSL_NO_BF +int main(int argc, char *argv[]) +{ + printf("No BF support\n"); + return (0); +} +#else +# include <openssl/blowfish.h> + +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif + +static char *bf_key[2] = { + "abcdefghijklmnopqrstuvwxyz", + "Who is John Galt?" +}; + +/* big endian */ +static BF_LONG bf_plain[2][2] = { + {0x424c4f57L, 0x46495348L}, + {0xfedcba98L, 0x76543210L} +}; + +static BF_LONG bf_cipher[2][2] = { + {0x324ed0feL, 0xf413a203L}, + {0xcc91732bL, 0x8022f684L} +}; + +/************/ + +/* Lets use the DES test vectors :-) */ +# define NUM_TESTS 34 +static unsigned char ecb_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, + {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, + {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, + {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, + {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, + {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, + {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, + {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, + {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, + {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, + {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, + {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, + {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, + {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, + {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, + {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, + {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, + {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, + {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, + {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, + {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} +}; + +static unsigned char plain_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, + {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, + {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, + {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, + {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, + {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, + {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, + {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, + {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, + {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, + {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, + {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, + {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, + {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, + {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, + {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, + {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, + {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, + {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} +}; + +static unsigned char cipher_data[NUM_TESTS][8] = { + {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, + {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A}, + {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2}, + {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D}, + {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96}, + {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7}, + {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78}, + {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D}, + {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B}, + {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0}, + {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4}, + {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB}, + {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A}, + {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18}, + {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98}, + {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5}, + {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79}, + {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3}, + {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69}, + {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B}, + {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E}, + {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD}, + {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19}, + {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3}, + {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5}, + {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78}, + {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01}, + {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2}, + {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE}, + {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D}, + {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4}, + {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC}, + {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A}, + {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A}, +}; + +static unsigned char cbc_key[16] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 +}; +static unsigned char cbc_iv[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static char cbc_data[40] = "7654321 Now is the time for "; +static unsigned char cbc_ok[32] = { + 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6, + 0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93, + 0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9, + 0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC +}; + +static unsigned char cfb64_ok[] = { + 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA, + 0xF2, 0x6E, 0xCF, 0x6D, 0x2E, 0xB9, 0xE7, 0x6E, + 0x3D, 0xA3, 0xDE, 0x04, 0xD1, 0x51, 0x72, 0x00, + 0x51, 0x9D, 0x57, 0xA6, 0xC3 +}; + +static unsigned char ofb64_ok[] = { + 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA, + 0x62, 0xB3, 0x43, 0xCC, 0x5B, 0x65, 0x58, 0x73, + 0x10, 0xDD, 0x90, 0x8D, 0x0C, 0x24, 0x1B, 0x22, + 0x63, 0xC2, 0xCF, 0x80, 0xDA +}; + +# define KEY_TEST_NUM 25 +static unsigned char key_test[KEY_TEST_NUM] = { + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, + 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88 +}; + +static unsigned char key_data[8] = + { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; + +static unsigned char key_out[KEY_TEST_NUM][8] = { + {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E}, + {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6}, + {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3}, + {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05}, + {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E}, + {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D}, + {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D}, + {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82}, + {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77}, + {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0}, + {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6}, + {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2}, + {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4}, + {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68}, + {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F}, + {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C}, + {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B}, + {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B}, + {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8}, + {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F}, + {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F}, + {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F}, + {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD}, + {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80}, +}; + +static int test(void); +static int print_test_data(void); +int main(int argc, char *argv[]) +{ + int ret; + + if (argc > 1) + ret = print_test_data(); + else + ret = test(); + +# ifdef OPENSSL_SYS_NETWARE + if (ret) + printf("ERROR: %d\n", ret); +# endif + EXIT(ret); +} + +static int print_test_data(void) +{ + unsigned int i, j; + + printf("ecb test data\n"); + printf("key bytes\t\tclear bytes\t\tcipher bytes\n"); + for (i = 0; i < NUM_TESTS; i++) { + for (j = 0; j < 8; j++) + printf("%02X", ecb_data[i][j]); + printf("\t"); + for (j = 0; j < 8; j++) + printf("%02X", plain_data[i][j]); + printf("\t"); + for (j = 0; j < 8; j++) + printf("%02X", cipher_data[i][j]); + printf("\n"); + } + + printf("set_key test data\n"); + printf("data[8]= "); + for (j = 0; j < 8; j++) + printf("%02X", key_data[j]); + printf("\n"); + for (i = 0; i < KEY_TEST_NUM - 1; i++) { + printf("c="); + for (j = 0; j < 8; j++) + printf("%02X", key_out[i][j]); + printf(" k[%2u]=", i + 1); + for (j = 0; j < i + 1; j++) + printf("%02X", key_test[j]); + printf("\n"); + } + + printf("\nchaining mode test data\n"); + printf("key[16] = "); + for (j = 0; j < 16; j++) + printf("%02X", cbc_key[j]); + printf("\niv[8] = "); + for (j = 0; j < 8; j++) + printf("%02X", cbc_iv[j]); + printf("\ndata[%d] = '%s'", (int)strlen(cbc_data) + 1, cbc_data); + printf("\ndata[%d] = ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", cbc_data[j]); + printf("\n"); + printf("cbc cipher text\n"); + printf("cipher[%d]= ", 32); + for (j = 0; j < 32; j++) + printf("%02X", cbc_ok[j]); + printf("\n"); + + printf("cfb64 cipher text\n"); + printf("cipher[%d]= ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", cfb64_ok[j]); + printf("\n"); + + printf("ofb64 cipher text\n"); + printf("cipher[%d]= ", (int)strlen(cbc_data) + 1); + for (j = 0; j < strlen(cbc_data) + 1; j++) + printf("%02X", ofb64_ok[j]); + printf("\n"); + return (0); +} + +static int test(void) +{ + unsigned char cbc_in[40], cbc_out[40], iv[8]; + int i, n, err = 0; + BF_KEY key; + BF_LONG data[2]; + unsigned char out[8]; + BF_LONG len; + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); +# endif + + printf("testing blowfish in raw ecb mode\n"); + for (n = 0; n < 2; n++) { +# ifdef CHARSET_EBCDIC + ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); +# endif + BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]); + + data[0] = bf_plain[n][0]; + data[1] = bf_plain[n][1]; + BF_encrypt(data, &key); + if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) { + printf("BF_encrypt error encrypting\n"); + printf("got :"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)data[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)bf_cipher[n][i]); + err = 1; + printf("\n"); + } + + BF_decrypt(&(data[0]), &key); + if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) { + printf("BF_encrypt error decrypting\n"); + printf("got :"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)data[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 2; i++) + printf("%08lX ", (unsigned long)bf_plain[n][i]); + printf("\n"); + err = 1; + } + } + + printf("testing blowfish in ecb mode\n"); + + for (n = 0; n < NUM_TESTS; n++) { + BF_set_key(&key, 8, ecb_data[n]); + + BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT); + if (memcmp(&(cipher_data[n][0]), out, 8) != 0) { + printf("BF_ecb_encrypt blowfish error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", cipher_data[n][i]); + err = 1; + printf("\n"); + } + + BF_ecb_encrypt(out, out, &key, BF_DECRYPT); + if (memcmp(&(plain_data[n][0]), out, 8) != 0) { + printf("BF_ecb_encrypt error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", plain_data[n][i]); + printf("\n"); + err = 1; + } + } + + printf("testing blowfish set_key\n"); + for (n = 1; n < KEY_TEST_NUM; n++) { + BF_set_key(&key, n, key_test); + BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT); + /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */ + if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) { + printf("blowfish setkey error\n"); + err = 1; + } + } + + printf("testing blowfish in cbc mode\n"); + len = strlen(cbc_data) + 1; + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, sizeof cbc_in); + memset(cbc_out, 0, sizeof cbc_out); + memcpy(iv, cbc_iv, sizeof iv); + BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, + &key, iv, BF_ENCRYPT); + if (memcmp(cbc_out, cbc_ok, 32) != 0) { + err = 1; + printf("BF_cbc_encrypt encrypt error\n"); + for (i = 0; i < 32; i++) + printf("0x%02X,", cbc_out[i]); + } + memcpy(iv, cbc_iv, 8); + BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) { + printf("BF_cbc_encrypt decrypt error\n"); + err = 1; + } + + printf("testing blowfish in cfb64 mode\n"); + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, 40); + memset(cbc_out, 0, 40); + memcpy(iv, cbc_iv, 8); + n = 0; + BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, + &key, iv, &n, BF_ENCRYPT); + BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), + len - 13, &key, iv, &n, BF_ENCRYPT); + if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) { + err = 1; + printf("BF_cfb64_encrypt encrypt error\n"); + for (i = 0; i < (int)len; i++) + printf("0x%02X,", cbc_out[i]); + } + n = 0; + memcpy(iv, cbc_iv, 8); + BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT); + BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, + &key, iv, &n, BF_DECRYPT); + if (memcmp(cbc_in, cbc_data, (int)len) != 0) { + printf("BF_cfb64_encrypt decrypt error\n"); + err = 1; + } + + printf("testing blowfish in ofb64\n"); + + BF_set_key(&key, 16, cbc_key); + memset(cbc_in, 0, 40); + memset(cbc_out, 0, 40); + memcpy(iv, cbc_iv, 8); + n = 0; + BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv, + &n); + BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]), + len - 13, &key, iv, &n); + if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) { + err = 1; + printf("BF_ofb64_encrypt encrypt error\n"); + for (i = 0; i < (int)len; i++) + printf("0x%02X,", cbc_out[i]); + } + n = 0; + memcpy(iv, cbc_iv, 8); + BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n); + BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n); + if (memcmp(cbc_in, cbc_data, (int)len) != 0) { + printf("BF_ofb64_encrypt decrypt error\n"); + err = 1; + } + + return (err); +} +#endif diff --git a/test/bntest.c b/test/bntest.c new file mode 100644 index 0000000000..521858ae16 --- /dev/null +++ b/test/bntest.c @@ -0,0 +1,2003 @@ +/* crypto/bn/bntest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "e_os.h" + +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/x509.h> +#include <openssl/err.h> + +#include "../crypto/bn/bn_lcl.h" + +const int num0 = 100; /* number of tests */ +const int num1 = 50; /* additional tests for some functions */ +const int num2 = 5; /* number of tests for slow functions */ + +int test_add(BIO *bp); +int test_sub(BIO *bp); +int test_lshift1(BIO *bp); +int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_); +int test_rshift1(BIO *bp); +int test_rshift(BIO *bp, BN_CTX *ctx); +int test_div(BIO *bp, BN_CTX *ctx); +int test_div_word(BIO *bp); +int test_div_recp(BIO *bp, BN_CTX *ctx); +int test_mul(BIO *bp); +int test_sqr(BIO *bp, BN_CTX *ctx); +int test_mont(BIO *bp, BN_CTX *ctx); +int test_mod(BIO *bp, BN_CTX *ctx); +int test_mod_mul(BIO *bp, BN_CTX *ctx); +int test_mod_exp(BIO *bp, BN_CTX *ctx); +int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx); +int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx); +int test_exp(BIO *bp, BN_CTX *ctx); +int test_gf2m_add(BIO *bp); +int test_gf2m_mod(BIO *bp); +int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx); +int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx); +int test_kron(BIO *bp, BN_CTX *ctx); +int test_sqrt(BIO *bp, BN_CTX *ctx); +int test_small_prime(BIO *bp, BN_CTX *ctx); +int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx); +int rand_neg(void); +static int results = 0; + +static unsigned char lst[] = + "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" + "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static void message(BIO *out, char *m) +{ + fprintf(stderr, "test %s\n", m); + BIO_puts(out, "print \"test "); + BIO_puts(out, m); + BIO_puts(out, "\\n\"\n"); +} + +int main(int argc, char *argv[]) +{ + BN_CTX *ctx; + BIO *out; + char *outfile = NULL; + + results = 0; + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + + argc--; + argv++; + while (argc >= 1) { + if (strcmp(*argv, "-results") == 0) + results = 1; + else if (strcmp(*argv, "-out") == 0) { + if (--argc < 1) + break; + outfile = *(++argv); + } + argc--; + argv++; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + if (outfile == NULL) { + BIO_set_fp(out, stdout, BIO_NOCLOSE); + } else { + if (!BIO_write_filename(out, outfile)) { + perror(outfile); + EXIT(1); + } + } + + if (!results) + BIO_puts(out, "obase=16\nibase=16\n"); + + message(out, "BN_add"); + if (!test_add(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_sub"); + if (!test_sub(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift1"); + if (!test_lshift1(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift (fixed)"); + if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) + goto err; + (void)BIO_flush(out); + + message(out, "BN_lshift"); + if (!test_lshift(out, ctx, NULL)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_rshift1"); + if (!test_rshift1(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_rshift"); + if (!test_rshift(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_sqr"); + if (!test_sqr(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mul"); + if (!test_mul(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div"); + if (!test_div(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div_word"); + if (!test_div_word(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_div_recp"); + if (!test_div_recp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod"); + if (!test_mod(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_mul"); + if (!test_mod_mul(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mont"); + if (!test_mont(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_exp"); + if (!test_mod_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(out, ctx)) + goto err; + if (!test_mod_exp_mont5(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_exp"); + if (!test_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_kronecker"); + if (!test_kron(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_mod_sqrt"); + if (!test_sqrt(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "Small prime generation"); + if (!test_small_prime(out, ctx)) + goto err; + (void)BIO_flush(out); + +#ifdef OPENSSL_SYS_WIN32 + message(out, "Probable prime generation with coprimes disabled"); +#else + message(out, "Probable prime generation with coprimes"); + if (!test_probable_prime_coprime(out, ctx)) + goto err; +#endif + (void)BIO_flush(out); + +#ifndef OPENSSL_NO_EC2M + message(out, "BN_GF2m_add"); + if (!test_gf2m_add(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod"); + if (!test_gf2m_mod(out)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_mul"); + if (!test_gf2m_mod_mul(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_sqr"); + if (!test_gf2m_mod_sqr(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_inv"); + if (!test_gf2m_mod_inv(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_div"); + if (!test_gf2m_mod_div(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_exp"); + if (!test_gf2m_mod_exp(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_sqrt"); + if (!test_gf2m_mod_sqrt(out, ctx)) + goto err; + (void)BIO_flush(out); + + message(out, "BN_GF2m_mod_solve_quad"); + if (!test_gf2m_mod_solve_quad(out, ctx)) + goto err; + (void)BIO_flush(out); +#endif + BN_CTX_free(ctx); + BIO_free(out); + + EXIT(0); + err: + BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc + * notices the failure, see test_bn in + * test/Makefile.ssl */ + (void)BIO_flush(out); + ERR_load_crypto_strings(); + ERR_print_errors_fp(stderr); + EXIT(1); +} + +int test_add(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 512, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(b, 450 + i, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_add(c, a, b); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " + "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + a->neg = !a->neg; + b->neg = !b->neg; + BN_add(c, c, b); + BN_add(c, c, a); + if (!BN_is_zero(c)) { + fprintf(stderr, "Add test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_sub(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 512, 0, 0); + BN_copy(b, a); + if (BN_set_bit(a, i) == 0) + return (0); + BN_add_word(b, i); + } else { + BN_bntest_rand(b, 400 + i - num1, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + } + BN_sub(c, a, b); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " - "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_add(c, c, b); + BN_sub(c, c, a); + if (!BN_is_zero(c)) { + fprintf(stderr, "Subtract test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_div(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 400, 0, 0); + BN_copy(b, a); + BN_lshift(a, a, i); + BN_add_word(a, i); + } else + BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_div(d, c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(e, d, b, ctx); + BN_add(d, e, c); + BN_sub(d, d, a); + if (!BN_is_zero(d)) { + fprintf(stderr, "Division test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +static void print_word(BIO *bp, BN_ULONG w) +{ +#ifdef SIXTY_FOUR_BIT + if (sizeof(w) > sizeof(unsigned long)) { + unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w); + + if (h) + BIO_printf(bp, "%lX%08lX", h, l); + else + BIO_printf(bp, "%lX", l); + return; + } +#endif + BIO_printf(bp, BN_HEX_FMT1, w); +} + +int test_div_word(BIO *bp) +{ + BIGNUM *a, *b; + BN_ULONG r, s; + int i; + + a = BN_new(); + b = BN_new(); + + for (i = 0; i < num0; i++) { + do { + BN_bntest_rand(a, 512, -1, 0); + BN_bntest_rand(b, BN_BITS2, -1, 0); + s = b->d[0]; + } while (!s); + + BN_copy(b, a); + r = BN_div_word(b, s); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + print_word(bp, s); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + print_word(bp, s); + BIO_puts(bp, " - "); + } + print_word(bp, r); + BIO_puts(bp, "\n"); + } + BN_mul_word(b, s); + BN_add_word(b, r); + BN_sub(b, a, b); + if (!BN_is_zero(b)) { + fprintf(stderr, "Division (word) test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + return (1); +} + +int test_div_recp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + BN_RECP_CTX *recp; + int i; + + recp = BN_RECP_CTX_new(); + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i < num1) { + BN_bntest_rand(a, 400, 0, 0); + BN_copy(b, a); + BN_lshift(a, a, i); + BN_add_word(a, i); + } else + BN_bntest_rand(b, 50 + 3 * (i - num1), 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_RECP_CTX_set(recp, b, ctx); + BN_div_recp(d, c, a, recp, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(e, d, b, ctx); + BN_add(d, e, c); + BN_sub(d, d, a); + if (!BN_is_zero(d)) { + fprintf(stderr, "Reciprocal division test failed!\n"); + fprintf(stderr, "a="); + BN_print_fp(stderr, a); + fprintf(stderr, "\nb="); + BN_print_fp(stderr, b); + fprintf(stderr, "\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_RECP_CTX_free(recp); + return (1); +} + +int test_mul(BIO *bp) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + BN_CTX *ctx; + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (i = 0; i < num0 + num1; i++) { + if (i <= num1) { + BN_bntest_rand(a, 100, 0, 0); + BN_bntest_rand(b, 100, 0, 0); + } else + BN_bntest_rand(b, i - num1, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_mul(c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, c, a, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d) || !BN_is_zero(e)) { + fprintf(stderr, "Multiplication test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_CTX_free(ctx); + return (1); +} + +int test_sqr(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *c, *d, *e; + int i, ret = 0; + + a = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + if (a == NULL || c == NULL || d == NULL || e == NULL) { + goto err; + } + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 40 + i * 10, 0, 0); + a->neg = rand_neg(); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, c, a, ctx); + BN_sub(d, d, a); + if (!BN_is_zero(d) || !BN_is_zero(e)) { + fprintf(stderr, "Square test failed!\n"); + goto err; + } + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001" + "FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001" + "FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, a); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; + err: + if (a != NULL) + BN_free(a); + if (c != NULL) + BN_free(c); + if (d != NULL) + BN_free(d); + if (e != NULL) + BN_free(e); + return ret; +} + +int test_mont(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *A, *B; + BIGNUM *n; + int i; + BN_MONT_CTX *mont; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + A = BN_new(); + B = BN_new(); + n = BN_new(); + + mont = BN_MONT_CTX_new(); + if (mont == NULL) + return 0; + + BN_bntest_rand(a, 100, 0, 0); + BN_bntest_rand(b, 100, 0, 0); + for (i = 0; i < num2; i++) { + int bits = (200 * (i + 1)) / num2; + + if (bits == 0) + continue; + BN_bntest_rand(n, bits, 0, 1); + BN_MONT_CTX_set(mont, n, ctx); + + BN_nnmod(a, a, n, ctx); + BN_nnmod(b, b, n, ctx); + + BN_to_montgomery(A, a, mont, ctx); + BN_to_montgomery(B, b, mont, ctx); + + BN_mod_mul_montgomery(c, A, B, mont, ctx); + BN_from_montgomery(A, c, mont, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, &mont->N); + BIO_puts(bp, " - "); + } + BN_print(bp, A); + BIO_puts(bp, "\n"); + } + BN_mod_mul(d, a, b, n, ctx); + BN_sub(d, d, A); + if (!BN_is_zero(d)) { + fprintf(stderr, "Montgomery multiplication test failed!\n"); + return 0; + } + } + BN_MONT_CTX_free(mont); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(A); + BN_free(B); + BN_free(n); + return (1); +} + +int test_mod(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_bntest_rand(a, 1024, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(b, 450 + i * 10, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_mod(c, a, b, ctx); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " % "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, c); + BIO_puts(bp, "\n"); + } + BN_div(d, e, a, b, ctx); + BN_sub(e, e, c); + if (!BN_is_zero(e)) { + fprintf(stderr, "Modulo test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_mul(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i, j; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + for (j = 0; j < 3; j++) { + BN_bntest_rand(c, 1024, 0, 0); + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 475 + i * 10, 0, 0); + BN_bntest_rand(b, 425 + i * 11, 0, 0); + a->neg = rand_neg(); + b->neg = rand_neg(); + if (!BN_mod_mul(e, a, b, c, ctx)) { + unsigned long l; + + while ((l = ERR_get_error())) + fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL)); + EXIT(1); + } + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + if ((a->neg ^ b->neg) && !BN_is_zero(e)) { + /* + * If (a*b) % c is negative, c must be added in order + * to obtain the normalized remainder (new with + * OpenSSL 0.9.7, previous versions of BN_mod_mul + * could generate negative results) + */ + BIO_puts(bp, " + "); + BN_print(bp, c); + } + BIO_puts(bp, " - "); + } + BN_print(bp, e); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, b, ctx); + BN_sub(d, d, e); + BN_div(a, b, d, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo multiply test failed!\n"); + ERR_print_errors_fp(stderr); + return 0; + } + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (!BN_mod_exp(d, a, b, c, ctx)) + return (0); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_exp(e, a, b, ctx); + BN_sub(e, e, d); + BN_div(a, b, e, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) + return (00); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " % "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_exp(e, a, b, ctx); + BN_sub(e, e, d); + BN_div(a, b, e, c, ctx); + if (!BN_is_zero(b)) { + fprintf(stderr, "Modulo exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +/* + * Test constant-time modular exponentiation with 1024-bit inputs, which on + * x86_64 cause a different code branch to be taken. + */ +int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *p, *m, *d, *e; + + BN_MONT_CTX *mont; + + a = BN_new(); + p = BN_new(); + m = BN_new(); + d = BN_new(); + e = BN_new(); + + mont = BN_MONT_CTX_new(); + + BN_bntest_rand(m, 1024, 0, 1); /* must be odd for montgomery */ + /* Zero exponent */ + BN_bntest_rand(a, 1024, 0, 0); + BN_zero(p); + if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) + return 0; + if (!BN_is_one(d)) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* Zero input */ + BN_bntest_rand(p, 1024, 0, 0); + BN_zero(a); + if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) + return 0; + if (!BN_is_zero(d)) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* + * Craft an input whose Montgomery representation is 1, i.e., shorter + * than the modulus m, in order to test the const time precomputation + * scattering/gathering. + */ + BN_one(a); + BN_MONT_CTX_set(mont, m, ctx); + if (!BN_from_montgomery(e, a, mont, ctx)) + return 0; + if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + return 0; + if (!BN_mod_exp_simple(a, e, p, m, ctx)) + return 0; + if (BN_cmp(a, d) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + /* Finally, some regular test vectors. */ + BN_bntest_rand(e, 1024, 0, 0); + if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + return 0; + if (!BN_mod_exp_simple(a, e, p, m, ctx)) + return 0; + if (BN_cmp(a, d) != 0) { + fprintf(stderr, "Modular exponentiation test failed!\n"); + return 0; + } + BN_free(a); + BN_free(p); + BN_free(m); + BN_free(d); + BN_free(e); + return (1); +} + +int test_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *d, *e, *one; + int i; + + a = BN_new(); + b = BN_new(); + d = BN_new(); + e = BN_new(); + one = BN_new(); + BN_one(one); + + for (i = 0; i < num2; i++) { + BN_bntest_rand(a, 20 + i * 5, 0, 0); + BN_bntest_rand(b, 2 + i, 0, 0); + + if (BN_exp(d, a, b, ctx) <= 0) + return (0); + + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " ^ "); + BN_print(bp, b); + BIO_puts(bp, " - "); + } + BN_print(bp, d); + BIO_puts(bp, "\n"); + } + BN_one(e); + for (; !BN_is_zero(b); BN_sub(b, b, one)) + BN_mul(e, e, a, ctx); + BN_sub(e, e, d); + if (!BN_is_zero(e)) { + fprintf(stderr, "Exponentiation test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(d); + BN_free(e); + BN_free(one); + return (1); +} + +#ifndef OPENSSL_NO_EC2M +int test_gf2m_add(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i, ret = 0; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + for (i = 0; i < num0; i++) { + BN_rand(a, 512, 0, 0); + BN_copy(b, BN_value_one()); + a->neg = rand_neg(); + b->neg = rand_neg(); + BN_GF2m_add(c, a, b); + /* Test that two added values have the correct parity. */ + if ((BN_is_odd(a) && BN_is_odd(c)) + || (!BN_is_odd(a) && !BN_is_odd(c))) { + fprintf(stderr, "GF(2^m) addition test (a) failed!\n"); + goto err; + } + BN_GF2m_add(c, c, c); + /* Test that c + c = 0. */ + if (!BN_is_zero(c)) { + fprintf(stderr, "GF(2^m) addition test (b) failed!\n"); + goto err; + } + } + ret = 1; + err: + BN_free(a); + BN_free(b); + BN_free(c); + return ret; +} + +int test_gf2m_mod(BIO *bp) +{ + BIGNUM *a, *b[2], *c, *d, *e; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod(c, a, b[j]); + BN_GF2m_add(d, a, c); + BN_GF2m_mod(e, d, b[j]); + /* Test that a + (a mod p) mod p == 0. */ + if (!BN_is_zero(e)) { + fprintf(stderr, "GF(2^m) modulo test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + return ret; +} + +int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + g = BN_new(); + h = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + BN_bntest_rand(c, 1024, 0, 0); + BN_bntest_rand(d, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_mul(e, a, c, b[j], ctx); + BN_GF2m_add(f, a, d); + BN_GF2m_mod_mul(g, f, c, b[j], ctx); + BN_GF2m_mod_mul(h, d, c, b[j], ctx); + BN_GF2m_add(f, e, g); + BN_GF2m_add(f, f, h); + /* Test that (a+d)*c = a*c + d*c. */ + if (!BN_is_zero(f)) { + fprintf(stderr, + "GF(2^m) modular multiplication test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + BN_free(g); + BN_free(h); + return ret; +} + +int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 1024, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_sqr(c, a, b[j], ctx); + BN_copy(d, a); + BN_GF2m_mod_mul(d, a, d, b[j], ctx); + BN_GF2m_add(d, c, d); + /* Test that a*a = a^2. */ + if (!BN_is_zero(d)) { + fprintf(stderr, "GF(2^m) modular squaring test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + return ret; +} + +int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_inv(c, a, b[j], ctx); + BN_GF2m_mod_mul(d, a, c, b[j], ctx); + /* Test that ((1/a)*a) = 1. */ + if (!BN_is_one(d)) { + fprintf(stderr, "GF(2^m) modular inversion test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + return ret; +} + +int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + BN_bntest_rand(c, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_div(d, a, c, b[j], ctx); + BN_GF2m_mod_mul(e, d, c, b[j], ctx); + BN_GF2m_mod_div(f, a, e, b[j], ctx); + /* Test that ((a/c)*c)/a = 1. */ + if (!BN_is_one(f)) { + fprintf(stderr, "GF(2^m) modular division test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + BN_bntest_rand(c, 512, 0, 0); + BN_bntest_rand(d, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod_exp(e, a, c, b[j], ctx); + BN_GF2m_mod_exp(f, a, d, b[j], ctx); + BN_GF2m_mod_mul(e, e, f, b[j], ctx); + BN_add(f, c, d); + BN_GF2m_mod_exp(f, a, f, b[j], ctx); + BN_GF2m_add(f, e, f); + /* Test that a^(c+d)=a^c*a^d. */ + if (!BN_is_zero(f)) { + fprintf(stderr, + "GF(2^m) modular exponentiation test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e, *f; + int i, j, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + f = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + BN_GF2m_mod(c, a, b[j]); + BN_GF2m_mod_sqrt(d, a, b[j], ctx); + BN_GF2m_mod_sqr(e, d, b[j], ctx); + BN_GF2m_add(f, c, e); + /* Test that d^2 = a, where d = sqrt(a). */ + if (!BN_is_zero(f)) { + fprintf(stderr, "GF(2^m) modular square root test failed!\n"); + goto err; + } + } + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + BN_free(f); + return ret; +} + +int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b[2], *c, *d, *e; + int i, j, s = 0, t, ret = 0; + int p0[] = { 163, 7, 6, 3, 0, -1 }; + int p1[] = { 193, 15, 0, -1 }; + + a = BN_new(); + b[0] = BN_new(); + b[1] = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + + BN_GF2m_arr2poly(p0, b[0]); + BN_GF2m_arr2poly(p1, b[1]); + + for (i = 0; i < num0; i++) { + BN_bntest_rand(a, 512, 0, 0); + for (j = 0; j < 2; j++) { + t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); + if (t) { + s++; + BN_GF2m_mod_sqr(d, c, b[j], ctx); + BN_GF2m_add(d, c, d); + BN_GF2m_mod(e, a, b[j]); + BN_GF2m_add(e, e, d); + /* + * Test that solution of quadratic c satisfies c^2 + c = a. + */ + if (!BN_is_zero(e)) { + fprintf(stderr, + "GF(2^m) modular solve quadratic test failed!\n"); + goto err; + } + + } + } + } + if (s == 0) { + fprintf(stderr, + "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", + num0); + fprintf(stderr, + "this is very unlikely and probably indicates an error.\n"); + goto err; + } + ret = 1; + err: + BN_free(a); + BN_free(b[0]); + BN_free(b[1]); + BN_free(c); + BN_free(d); + BN_free(e); + return ret; +} +#endif +static int genprime_cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + putc(c, stderr); + fflush(stderr); + return 1; +} + +int test_kron(BIO *bp, BN_CTX *ctx) +{ + BN_GENCB cb; + BIGNUM *a, *b, *r, *t; + int i; + int legendre, kronecker; + int ret = 0; + + a = BN_new(); + b = BN_new(); + r = BN_new(); + t = BN_new(); + if (a == NULL || b == NULL || r == NULL || t == NULL) + goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); + + /* + * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In + * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is + * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we + * generate a random prime b and compare these values for a number of + * random a's. (That is, we run the Solovay-Strassen primality test to + * confirm that b is prime, except that we don't want to test whether b + * is prime but whether BN_kronecker works.) + */ + + if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) + goto err; + b->neg = rand_neg(); + putc('\n', stderr); + + for (i = 0; i < num0; i++) { + if (!BN_bntest_rand(a, 512, 0, 0)) + goto err; + a->neg = rand_neg(); + + /* t := (|b|-1)/2 (note that b is odd) */ + if (!BN_copy(t, b)) + goto err; + t->neg = 0; + if (!BN_sub_word(t, 1)) + goto err; + if (!BN_rshift1(t, t)) + goto err; + /* r := a^t mod b */ + b->neg = 0; + + if (!BN_mod_exp_recp(r, a, t, b, ctx)) + goto err; + b->neg = 1; + + if (BN_is_word(r, 1)) + legendre = 1; + else if (BN_is_zero(r)) + legendre = 0; + else { + if (!BN_add_word(r, 1)) + goto err; + if (0 != BN_ucmp(r, b)) { + fprintf(stderr, "Legendre symbol computation failed\n"); + goto err; + } + legendre = -1; + } + + kronecker = BN_kronecker(a, b, ctx); + if (kronecker < -1) + goto err; + /* we actually need BN_kronecker(a, |b|) */ + if (a->neg && b->neg) + kronecker = -kronecker; + + if (legendre != kronecker) { + fprintf(stderr, "legendre != kronecker; a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", b = "); + BN_print_fp(stderr, b); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + ret = 1; + err: + if (a != NULL) + BN_free(a); + if (b != NULL) + BN_free(b); + if (r != NULL) + BN_free(r); + if (t != NULL) + BN_free(t); + return ret; +} + +int test_sqrt(BIO *bp, BN_CTX *ctx) +{ + BN_GENCB cb; + BIGNUM *a, *p, *r; + int i, j; + int ret = 0; + + a = BN_new(); + p = BN_new(); + r = BN_new(); + if (a == NULL || p == NULL || r == NULL) + goto err; + + BN_GENCB_set(&cb, genprime_cb, NULL); + + for (i = 0; i < 16; i++) { + if (i < 8) { + unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; + + if (!BN_set_word(p, primes[i])) + goto err; + } else { + if (!BN_set_word(a, 32)) + goto err; + if (!BN_set_word(r, 2 * i + 1)) + goto err; + + if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) + goto err; + putc('\n', stderr); + } + p->neg = rand_neg(); + + for (j = 0; j < num2; j++) { + /* + * construct 'a' such that it is a square modulo p, but in + * general not a proper square and not reduced modulo p + */ + if (!BN_bntest_rand(r, 256, 0, 3)) + goto err; + if (!BN_nnmod(r, r, p, ctx)) + goto err; + if (!BN_mod_sqr(r, r, p, ctx)) + goto err; + if (!BN_bntest_rand(a, 256, 0, 3)) + goto err; + if (!BN_nnmod(a, a, p, ctx)) + goto err; + if (!BN_mod_sqr(a, a, p, ctx)) + goto err; + if (!BN_mul(a, a, r, ctx)) + goto err; + if (rand_neg()) + if (!BN_sub(a, a, p)) + goto err; + + if (!BN_mod_sqrt(r, a, p, ctx)) + goto err; + if (!BN_mod_sqr(r, r, p, ctx)) + goto err; + + if (!BN_nnmod(a, a, p, ctx)) + goto err; + + if (BN_cmp(a, r) != 0) { + fprintf(stderr, "BN_mod_sqrt failed: a = "); + BN_print_fp(stderr, a); + fprintf(stderr, ", r = "); + BN_print_fp(stderr, r); + fprintf(stderr, ", p = "); + BN_print_fp(stderr, p); + fprintf(stderr, "\n"); + goto err; + } + + putc('.', stderr); + fflush(stderr); + } + + putc('\n', stderr); + fflush(stderr); + } + ret = 1; + err: + if (a != NULL) + BN_free(a); + if (p != NULL) + BN_free(p); + if (r != NULL) + BN_free(r); + return ret; +} + +int test_small_prime(BIO *bp, BN_CTX *ctx) +{ + static const int bits = 10; + int ret = 0; + BIGNUM *r; + + r = BN_new(); + if (!BN_generate_prime_ex(r, bits, 0, NULL, NULL, NULL)) + goto err; + if (BN_num_bits(r) != bits) { + BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, + BN_num_bits(r)); + goto err; + } + + ret = 1; + + err: + BN_clear_free(r); + return ret; +} + +#ifndef OPENSSL_SYS_WIN32 +int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx) +{ + int i, j, ret = 0; + BIGNUM *r; + BN_ULONG primes[5] = { 2, 3, 5, 7, 11 }; + + r = BN_new(); + + for (i = 0; i < 1000; i++) { + if (!bn_probable_prime_dh_coprime(r, 1024, ctx)) + goto err; + + for (j = 0; j < 5; j++) { + if (BN_mod_word(r, primes[j]) == 0) { + BIO_printf(bp, "Number generated is not coprime to %ld:\n", + primes[j]); + BN_print_fp(stdout, r); + BIO_printf(bp, "\n"); + goto err; + } + } + } + + ret = 1; + + err: + BN_clear_free(r); + return ret; +} +#endif +int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_) +{ + BIGNUM *a, *b, *c, *d; + int i; + + b = BN_new(); + c = BN_new(); + d = BN_new(); + BN_one(c); + + if (a_) + a = a_; + else { + a = BN_new(); + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + } + for (i = 0; i < num0; i++) { + BN_lshift(b, a, i + 1); + BN_add(c, c, c); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_mul(d, a, c, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d)) { + fprintf(stderr, "Left shift test failed!\n"); + fprintf(stderr, "a="); + BN_print_fp(stderr, a); + fprintf(stderr, "\nb="); + BN_print_fp(stderr, b); + fprintf(stderr, "\nc="); + BN_print_fp(stderr, c); + fprintf(stderr, "\nd="); + BN_print_fp(stderr, d); + fprintf(stderr, "\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + return (1); +} + +int test_lshift1(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_lshift1(b, a); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " * 2"); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_add(c, a, a); + BN_sub(a, b, c); + if (!BN_is_zero(a)) { + fprintf(stderr, "Left shift one test failed!\n"); + return 0; + } + + BN_copy(a, b); + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int test_rshift(BIO *bp, BN_CTX *ctx) +{ + BIGNUM *a, *b, *c, *d, *e; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + BN_one(c); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_rshift(b, a, i + 1); + BN_add(c, c, c); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / "); + BN_print(bp, c); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_div(d, e, a, c, ctx); + BN_sub(d, d, b); + if (!BN_is_zero(d)) { + fprintf(stderr, "Right shift test failed!\n"); + return 0; + } + } + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + return (1); +} + +int test_rshift1(BIO *bp) +{ + BIGNUM *a, *b, *c; + int i; + + a = BN_new(); + b = BN_new(); + c = BN_new(); + + BN_bntest_rand(a, 200, 0, 0); + a->neg = rand_neg(); + for (i = 0; i < num0; i++) { + BN_rshift1(b, a); + if (bp != NULL) { + if (!results) { + BN_print(bp, a); + BIO_puts(bp, " / 2"); + BIO_puts(bp, " - "); + } + BN_print(bp, b); + BIO_puts(bp, "\n"); + } + BN_sub(c, a, b); + BN_sub(c, c, b); + if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) { + fprintf(stderr, "Right shift one test failed!\n"); + return 0; + } + BN_copy(a, b); + } + BN_free(a); + BN_free(b); + BN_free(c); + return (1); +} + +int rand_neg(void) +{ + static unsigned int neg = 0; + static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; + + return (sign[(neg++) % 8]); +} diff --git a/test/casttest.c b/test/casttest.c new file mode 100644 index 0000000000..8063b9c2e1 --- /dev/null +++ b/test/casttest.c @@ -0,0 +1,212 @@ +/* crypto/cast/casttest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */ + +#include "../e_os.h" + +#ifdef OPENSSL_NO_CAST +int main(int argc, char *argv[]) +{ + printf("No CAST support\n"); + return (0); +} +#else +# include <openssl/cast.h> + +# define FULL_TEST + +static unsigned char k[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char in[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }; + +static int k_len[3] = { 16, 10, 5 }; + +static unsigned char c[3][8] = { + {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2}, + {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B}, + {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E}, +}; + +static unsigned char out[80]; + +static unsigned char in_a[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char in_b[16] = { + 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, + 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A +}; + +static unsigned char c_a[16] = { + 0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6, + 0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92 +}; + +static unsigned char c_b[16] = { + 0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71, + 0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E +}; + +int main(int argc, char *argv[]) +{ +# ifdef FULL_TEST + long l; + CAST_KEY key_b; +# endif + int i, z, err = 0; + CAST_KEY key; + + for (z = 0; z < 3; z++) { + CAST_set_key(&key, k_len[z], k); + + CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT); + if (memcmp(out, &(c[z][0]), 8) != 0) { + printf("ecb cast error encrypting for keysize %d\n", + k_len[z] * 8); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", c[z][i]); + err = 20; + printf("\n"); + } + + CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT); + if (memcmp(out, in, 8) != 0) { + printf("ecb cast error decrypting for keysize %d\n", + k_len[z] * 8); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", in[i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("ecb cast5 ok\n"); + +# ifdef FULL_TEST + { + unsigned char out_a[16], out_b[16]; + static char *hex = "0123456789ABCDEF"; + + printf("This test will take some time...."); + fflush(stdout); + memcpy(out_a, in_a, sizeof(in_a)); + memcpy(out_b, in_b, sizeof(in_b)); + i = 1; + + for (l = 0; l < 1000000L; l++) { + CAST_set_key(&key_b, 16, out_b); + CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT); + CAST_set_key(&key, 16, out_a); + CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT); + CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT); + if ((l & 0xffff) == 0xffff) { + printf("%c", hex[i & 0x0f]); + fflush(stdout); + i++; + } + } + + if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) || + (memcmp(out_b, c_b, sizeof(c_b)) != 0)) { + printf("\n"); + printf("Error\n"); + + printf("A out ="); + for (i = 0; i < 16; i++) + printf("%02X ", out_a[i]); + printf("\nactual="); + for (i = 0; i < 16; i++) + printf("%02X ", c_a[i]); + printf("\n"); + + printf("B out ="); + for (i = 0; i < 16; i++) + printf("%02X ", out_b[i]); + printf("\nactual="); + for (i = 0; i < 16; i++) + printf("%02X ", c_b[i]); + printf("\n"); + } else + printf(" ok\n"); + } +# endif + + EXIT(err); +} +#endif diff --git a/test/constant_time_test.c b/test/constant_time_test.c new file mode 100644 index 0000000000..d313d0c7a9 --- /dev/null +++ b/test/constant_time_test.c @@ -0,0 +1,304 @@ +/* crypto/constant_time_test.c */ +/*- + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "../crypto/constant_time_locl.h" + +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> + +static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); +static const unsigned int CONSTTIME_FALSE = 0; +static const unsigned char CONSTTIME_TRUE_8 = 0xff; +static const unsigned char CONSTTIME_FALSE_8 = 0; + +static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b), + const char *op_name, unsigned int a, unsigned int b, + int is_true) +{ + unsigned c = op(a, b); + if (is_true && c != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); + return 1; + } else if (!is_true && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c); + return 1; + } + return 0; +} + +static int test_binary_op_8(unsigned + char (*op) (unsigned int a, unsigned int b), + const char *op_name, unsigned int a, + unsigned int b, int is_true) +{ + unsigned char c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); + return 1; + } else if (!is_true && c != CONSTTIME_FALSE_8) { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c); + return 1; + } + return 0; +} + +static int test_is_zero(unsigned int a) +{ + unsigned int c = constant_time_is_zero(a); + if (a == 0 && c != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); + return 1; + } else if (a != 0 && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c); + return 1; + } + return 0; +} + +static int test_is_zero_8(unsigned int a) +{ + unsigned char c = constant_time_is_zero_8(a); + if (a == 0 && c != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); + return 1; + } else if (a != 0 && c != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c); + return 1; + } + return 0; +} + +static int test_select(unsigned int a, unsigned int b) +{ + unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(first value), got %du\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select(CONSTTIME_FALSE, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(second value), got %du\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_select_8(unsigned char a, unsigned char b) +{ + unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(first value), got %u\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(second value), got %u\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_select_int(int a, int b) +{ + int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); + if (selected != a) { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(first value), got %d\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_int(CONSTTIME_FALSE, a, b); + if (selected != b) { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(second value), got %d\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; +} + +static int test_eq_int(int a, int b) +{ + unsigned int equal = constant_time_eq_int(a, b); + if (a == b && equal != CONSTTIME_TRUE) { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal); + return 1; + } else if (a != b && equal != CONSTTIME_FALSE) { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(FALSE), got %du\n", + a, b, CONSTTIME_FALSE, equal); + return 1; + } + return 0; +} + +static int test_eq_int_8(int a, int b) +{ + unsigned char equal = constant_time_eq_int_8(a, b); + if (a == b && equal != CONSTTIME_TRUE_8) { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal); + return 1; + } else if (a != b && equal != CONSTTIME_FALSE_8) { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(FALSE), got %u\n", + a, b, CONSTTIME_FALSE_8, equal); + return 1; + } + return 0; +} + +static unsigned int test_values[] = + { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1, + UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1, + UINT_MAX +}; + +static unsigned char test_values_8[] = + { 0, 1, 2, 20, 32, 127, 128, 129, 255 }; + +static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1, + INT_MIN + 1 +}; + +int main(int argc, char *argv[]) +{ + unsigned int a, b, i, j; + int c, d; + unsigned char e, f; + int num_failed = 0, num_all = 0; + fprintf(stdout, "Testing constant time operations...\n"); + + for (i = 0; i < sizeof(test_values) / sizeof(int); ++i) { + a = test_values[i]; + num_failed += test_is_zero(a); + num_failed += test_is_zero_8(a); + num_all += 2; + for (j = 0; j < sizeof(test_values) / sizeof(int); ++j) { + b = test_values[j]; + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt", a, b, a < b); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", a, b, a >= b); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", a, b, + a >= b); + num_failed += + test_binary_op(&constant_time_ge, "constant_time_ge", b, a, + b >= a); + num_failed += + test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b, + a, b >= a); + num_failed += + test_binary_op(&constant_time_eq, "constant_time_eq", a, b, + a == b); + num_failed += + test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a, + b, a == b); + num_failed += + test_binary_op(&constant_time_eq, "constant_time_eq", b, a, + b == a); + num_failed += + test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b, + a, b == a); + num_failed += test_select(a, b); + num_all += 13; + } + } + + for (i = 0; i < sizeof(signed_test_values) / sizeof(int); ++i) { + c = signed_test_values[i]; + for (j = 0; j < sizeof(signed_test_values) / sizeof(int); ++j) { + d = signed_test_values[j]; + num_failed += test_select_int(c, d); + num_failed += test_eq_int(c, d); + num_failed += test_eq_int_8(c, d); + num_all += 3; + } + } + + for (i = 0; i < sizeof(test_values_8); ++i) { + e = test_values_8[i]; + for (j = 0; j < sizeof(test_values_8); ++j) { + f = test_values_8[j]; + num_failed += test_select_8(e, f); + num_all += 1; + } + } + + if (!num_failed) { + fprintf(stdout, "ok (ran %d tests)\n", num_all); + return EXIT_SUCCESS; + } else { + fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); + return EXIT_FAILURE; + } +} diff --git a/test/destest.c b/test/destest.c new file mode 100644 index 0000000000..406e6de7bc --- /dev/null +++ b/test/destest.c @@ -0,0 +1,844 @@ +/* crypto/des/destest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> + +#include <openssl/e_os2.h> +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINDOWS) +# ifndef OPENSSL_SYS_MSDOS +# define OPENSSL_SYS_MSDOS +# endif +#endif + +#ifndef OPENSSL_SYS_MSDOS +# if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC) +# include OPENSSL_UNISTD +# endif +#else +# include <io.h> +#endif +#include <string.h> + +#ifdef OPENSSL_NO_DES +int main(int argc, char *argv[]) +{ + printf("No DES support\n"); + return (0); +} +#else +# include <openssl/des.h> + +# define crypt(c,s) (DES_crypt((c),(s))) + +/* tisk tisk - the test keys don't all have odd parity :-( */ +/* test data */ +# define NUM_TESTS 34 +static unsigned char key_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, + {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, + {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, + {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, + {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, + {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, + {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, + {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, + {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, + {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, + {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, + {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, + {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, + {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, + {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, + {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, + {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, + {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, + {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, + {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, + {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10} +}; + +static unsigned char plain_data[NUM_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42}, + {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA}, + {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72}, + {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A}, + {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2}, + {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A}, + {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2}, + {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A}, + {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02}, + {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A}, + {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32}, + {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA}, + {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62}, + {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2}, + {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA}, + {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92}, + {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A}, + {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2}, + {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} +}; + +static unsigned char cipher_data[NUM_TESTS][8] = { + {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, + {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58}, + {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B}, + {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33}, + {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D}, + {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD}, + {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7}, + {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, + {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B}, + {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71}, + {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A}, + {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A}, + {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95}, + {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B}, + {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09}, + {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A}, + {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F}, + {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88}, + {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77}, + {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A}, + {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56}, + {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56}, + {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56}, + {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC}, + {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A}, + {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41}, + {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93}, + {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00}, + {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06}, + {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7}, + {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51}, + {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE}, + {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D}, + {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2} +}; + +static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = { + {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E}, + {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16}, + {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27}, + {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6}, + {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25}, + {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A}, + {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74}, + {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6}, + {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67}, + {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10}, + {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85}, + {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA}, + {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3}, + {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3}, + {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A}, + {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69}, + {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1}, + {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7}, + {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F}, + {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87}, + {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A}, + {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE}, + {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3}, + {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD}, + {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84}, + {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85}, + {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC}, + {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89}, + {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E}, + {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89}, + {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7}, + {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8}, + {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85} +}; + +static unsigned char cbc_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cbc2_key[8] = + { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 }; +static unsigned char cbc3_key[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +static unsigned char cbc_iv[8] = + { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; +/* + * Changed the following text constant to binary so it will work on ebcdic + * machines :-) + */ +/* static char cbc_data[40]="7654321 Now is the time for \0001"; */ +static unsigned char cbc_data[40] = { + 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, + 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20, + 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; + +static unsigned char cbc_ok[32] = { + 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, + 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb, + 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68, + 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 +}; + +# ifdef SCREW_THE_PARITY +# error "SCREW_THE_PARITY is not ment to be defined." +# error "Original vectors are preserved for reference only." +static unsigned char cbc2_key[8] = + { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 }; +static unsigned char xcbc_ok[32] = { + 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48, + 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD, + 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76, + 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2, +}; +# else +static unsigned char xcbc_ok[32] = { + 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29, + 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1, + 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53, + 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4, +}; +# endif + +static unsigned char cbc3_ok[32] = { + 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0, + 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC, + 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4, + 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75 +}; + +static unsigned char pcbc_ok[32] = { + 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, + 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, + 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, + 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88 +}; + +static unsigned char cfb_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char cfb_iv[8] = + { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; +static unsigned char plain[24] = { + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, + 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 +}; + +static unsigned char cfb_cipher8[24] = { + 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8, + 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87 +}; + +static unsigned char cfb_cipher16[24] = { + 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70, + 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B +}; + +static unsigned char cfb_cipher32[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD, + 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6 +}; + +static unsigned char cfb_cipher48[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85, + 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F +}; + +static unsigned char cfb_cipher64[24] = { + 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B, + 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22 +}; + +static unsigned char ofb_key[8] = + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static unsigned char ofb_iv[8] = + { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef }; +static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8]; +static unsigned char ofb_cipher[24] = { + 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51, + 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f, + 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 +}; +static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; +static unsigned char cbc_cksum_data[8] = + { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; + +static char *pt(unsigned char *p); +static int cfb_test(int bits, unsigned char *cfb_cipher); +static int cfb64_test(unsigned char *cfb_cipher); +static int ede_cfb64_test(unsigned char *cfb_cipher); +int main(int argc, char *argv[]) +{ + int j, err = 0; + unsigned int i; + DES_cblock in, out, outin, iv3; + DES_key_schedule ks, ks2, ks3; + unsigned char cbc_in[40]; + unsigned char cbc_out[40]; + DES_LONG cs; + unsigned char cret[8]; + DES_LONG lqret[4]; + int num; + char *str; + + printf("Doing ecb\n"); + for (i = 0; i < NUM_TESTS; i++) { + DES_set_key_unchecked(&key_data[i], &ks); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); + DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); + + if (memcmp(out, cipher_data[i], 8) != 0) { + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]), + pt(out)); + err = 1; + } + if (memcmp(in, outin, 8) != 0) { + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); + err = 1; + } + } + +# ifndef LIBDES_LIT + printf("Doing ede ecb\n"); + for (i = 0; i < (NUM_TESTS - 2); i++) { + DES_set_key_unchecked(&key_data[i], &ks); + DES_set_key_unchecked(&key_data[i + 1], &ks2); + DES_set_key_unchecked(&key_data[i + 2], &ks3); + memcpy(in, plain_data[i], 8); + memset(out, 0, 8); + memset(outin, 0, 8); + DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT); + DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT); + + if (memcmp(out, cipher_ecb2[i], 8) != 0) { + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(in), pt(cipher_ecb2[i]), + pt(out)); + err = 1; + } + if (memcmp(in, outin, 8) != 0) { + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", + i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin)); + err = 1; + } + } +# endif + + printf("Doing cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &iv3, DES_ENCRYPT); + if (memcmp(cbc_out, cbc_ok, 32) != 0) { + printf("cbc_encrypt encrypt error\n"); + err = 1; + } + + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &iv3, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) { + printf("cbc_encrypt decrypt error\n"); + err = 1; + } +# ifndef LIBDES_LIT + printf("Doing desx cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT); + if (memcmp(cbc_out, xcbc_ok, 32) != 0) { + printf("des_xcbc_encrypt encrypt error\n"); + err = 1; + } + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + printf("des_xcbc_encrypt decrypt error\n"); + err = 1; + } +# endif + + printf("Doing ede cbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + i = strlen((char *)cbc_data) + 1; + /* i=((i+7)/8)*8; */ + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + + DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, + DES_ENCRYPT); + DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2, + &ks3, &iv3, DES_ENCRYPT); + if (memcmp + (cbc_out, cbc3_ok, + (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) { + unsigned int n; + + printf("des_ede3_cbc_encrypt encrypt error\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_out[n]); + printf("\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc3_ok[n]); + printf("\n"); + err = 1; + } + + memcpy(iv3, cbc_iv, sizeof(cbc_iv)); + DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + unsigned int n; + + printf("DES_ede3_cbc_encrypt decrypt error\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_data[n]); + printf("\n"); + for (n = 0; n < i; ++n) + printf(" %02x", cbc_in[n]); + printf("\n"); + err = 1; + } +# ifndef LIBDES_LIT + printf("Doing pcbc\n"); + if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { + printf("Key error %d\n", j); + err = 1; + } + memset(cbc_out, 0, 40); + memset(cbc_in, 0, 40); + DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + if (memcmp(cbc_out, pcbc_ok, 32) != 0) { + printf("pcbc_encrypt encrypt error\n"); + err = 1; + } + DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_DECRYPT); + if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { + printf("pcbc_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing "); + printf("cfb8 "); + err += cfb_test(8, cfb_cipher8); + printf("cfb16 "); + err += cfb_test(16, cfb_cipher16); + printf("cfb32 "); + err += cfb_test(32, cfb_cipher32); + printf("cfb48 "); + err += cfb_test(48, cfb_cipher48); + printf("cfb64 "); + err += cfb_test(64, cfb_cipher64); + + printf("cfb64() "); + err += cfb64_test(cfb_cipher64); + + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + for (i = 0; i < sizeof(plain); i++) + DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]), + 8, 1, &ks, &cfb_tmp, DES_ENCRYPT); + if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) { + printf("cfb_encrypt small encrypt error\n"); + err = 1; + } + + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + for (i = 0; i < sizeof(plain); i++) + DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]), + 8, 1, &ks, &cfb_tmp, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + printf("cfb_encrypt small decrypt error\n"); + err = 1; + } + + printf("ede_cfb64() "); + err += ede_cfb64_test(cfb_cipher64); + + printf("done\n"); + + printf("Doing ofb\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp); + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ofb_encrypt encrypt error\n"); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", + ofb_buf1[8 + 0], ofb_buf1[8 + 1], ofb_buf1[8 + 2], + ofb_buf1[8 + 3], ofb_buf1[8 + 4], ofb_buf1[8 + 5], + ofb_buf1[8 + 6], ofb_buf1[8 + 7]); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8 + 0], + ofb_cipher[8 + 1], ofb_cipher[8 + 2], ofb_cipher[8 + 3], + ofb_buf1[8 + 4], ofb_cipher[8 + 5], ofb_cipher[8 + 6], + ofb_cipher[8 + 7]); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, + &ofb_tmp); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ofb_encrypt decrypt error\n"); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", + ofb_buf2[8 + 0], ofb_buf2[8 + 1], ofb_buf2[8 + 2], + ofb_buf2[8 + 3], ofb_buf2[8 + 4], ofb_buf2[8 + 5], + ofb_buf2[8 + 6], ofb_buf2[8 + 7]); + printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8 + 0], + plain[8 + 1], plain[8 + 2], plain[8 + 3], plain[8 + 4], + plain[8 + 5], plain[8 + 6], plain[8 + 7]); + err = 1; + } + + printf("Doing ofb64\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + memset(ofb_buf1, 0, sizeof(ofb_buf1)); + memset(ofb_buf2, 0, sizeof(ofb_buf1)); + num = 0; + for (i = 0; i < sizeof(plain); i++) { + DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num); + } + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ofb64_encrypt encrypt error\n"); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + num = 0; + DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, + &num); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ofb64_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing ede_ofb64\n"); + DES_set_key_checked(&ofb_key, &ks); + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + memset(ofb_buf1, 0, sizeof(ofb_buf1)); + memset(ofb_buf2, 0, sizeof(ofb_buf1)); + num = 0; + for (i = 0; i < sizeof(plain); i++) { + DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks, + &ks, &ofb_tmp, &num); + } + if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { + printf("ede_ofb64_encrypt encrypt error\n"); + err = 1; + } + memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); + num = 0; + DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, + &ofb_tmp, &num); + if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { + printf("ede_ofb64_encrypt decrypt error\n"); + err = 1; + } + + printf("Doing cbc_cksum\n"); + DES_set_key_checked(&cbc_key, &ks); + cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, + &cbc_iv); + if (cs != cbc_cksum_ret) { + printf("bad return value (%08lX), should be %08lX\n", + (unsigned long)cs, (unsigned long)cbc_cksum_ret); + err = 1; + } + if (memcmp(cret, cbc_cksum_data, 8) != 0) { + printf("bad cbc_cksum block returned\n"); + err = 1; + } + + printf("Doing quad_cksum\n"); + cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, + (long)strlen((char *)cbc_data), 2, + (DES_cblock *)cbc_iv); + if (cs != 0x70d7a63aL) { + printf("quad_cksum error, ret %08lx should be 70d7a63a\n", + (unsigned long)cs); + err = 1; + } + if (lqret[0] != 0x327eba8dL) { + printf("quad_cksum error, out[0] %08lx is not %08lx\n", + (unsigned long)lqret[0], 0x327eba8dUL); + err = 1; + } + if (lqret[1] != 0x201a49ccL) { + printf("quad_cksum error, out[1] %08lx is not %08lx\n", + (unsigned long)lqret[1], 0x201a49ccUL); + err = 1; + } + if (lqret[2] != 0x70d7a63aL) { + printf("quad_cksum error, out[2] %08lx is not %08lx\n", + (unsigned long)lqret[2], 0x70d7a63aUL); + err = 1; + } + if (lqret[3] != 0x501c2c26L) { + printf("quad_cksum error, out[3] %08lx is not %08lx\n", + (unsigned long)lqret[3], 0x501c2c26UL); + err = 1; + } +# endif + + printf("input word alignment test"); + for (i = 0; i < 4; i++) { + printf(" %d", i); + DES_ncbc_encrypt(&(cbc_out[i]), cbc_in, + strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + } + printf("\noutput word alignment test"); + for (i = 0; i < 4; i++) { + printf(" %d", i); + DES_ncbc_encrypt(cbc_out, &(cbc_in[i]), + strlen((char *)cbc_data) + 1, &ks, + &cbc_iv, DES_ENCRYPT); + } + printf("\n"); + printf("fast crypt test "); + str = crypt("testing", "ef"); + if (strcmp("efGnQx2725bI2", str) != 0) { + printf("fast crypt error, %s should be efGnQx2725bI2\n", str); + err = 1; + } + str = crypt("bca76;23", "yA"); + if (strcmp("yA1Rp/1hZXIJk", str) != 0) { + printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str); + err = 1; + } +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + printf("\n"); + return (err); +} + +static char *pt(unsigned char *p) +{ + static char bufs[10][20]; + static int bnum = 0; + char *ret; + int i; + static char *f = "0123456789ABCDEF"; + + ret = &(bufs[bnum++][0]); + bnum %= 10; + for (i = 0; i < 8; i++) { + ret[i * 2] = f[(p[i] >> 4) & 0xf]; + ret[i * 2 + 1] = f[p[i] & 0xf]; + } + ret[16] = '\0'; + return (ret); +} + +# ifndef LIBDES_LIT + +static int cfb_test(int bits, unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int i, err = 0; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, + DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, + DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + return (err); +} + +static int cfb64_test(unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int err = 0, i, n; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); + DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks, + &cfb_tmp, &n, DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +static int ede_cfb64_test(unsigned char *cfb_cipher) +{ + DES_key_schedule ks; + int err = 0, i, n; + + DES_set_key_checked(&cfb_key, &ks); + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, + DES_ENCRYPT); + DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + sizeof(plain) - 12, &ks, &ks, &ks, + &cfb_tmp, &n, DES_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { + err = 1; + printf("ede_cfb_encrypt encrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); + n = 0; + DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, + &cfb_tmp, &n, DES_DECRYPT); + DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &ks, &ks, + &cfb_tmp, &n, DES_DECRYPT); + if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { + err = 1; + printf("ede_cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +# endif +#endif diff --git a/test/dhtest.c b/test/dhtest.c new file mode 100644 index 0000000000..6c063daf3d --- /dev/null +++ b/test/dhtest.c @@ -0,0 +1,549 @@ +/* crypto/dh/dhtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#include <openssl/crypto.h> +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#ifdef OPENSSL_NO_DH +int main(int argc, char *argv[]) +{ + printf("No DH support\n"); + return (0); +} +#else +# include <openssl/dh.h> + +static int cb(int p, int n, BN_GENCB *arg); + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static int run_rfc5114_tests(void); + +int main(int argc, char *argv[]) +{ + BN_GENCB *_cb; + DH *a = NULL; + DH *b = NULL; + char buf[12]; + unsigned char *abuf = NULL, *bbuf = NULL; + int i, alen, blen, aout, bout, ret = 1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +# ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +# endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + _cb = BN_GENCB_new(); + if (!_cb) + goto err; + BN_GENCB_set(_cb, &cb, out); + if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, + DH_GENERATOR_5, + _cb)) + goto err; + + if (!DH_check(a, &i)) + goto err; + if (i & DH_CHECK_P_NOT_PRIME) + BIO_puts(out, "p value is not prime\n"); + if (i & DH_CHECK_P_NOT_SAFE_PRIME) + BIO_puts(out, "p value is not a safe prime\n"); + if (i & DH_UNABLE_TO_CHECK_GENERATOR) + BIO_puts(out, "unable to check the generator value\n"); + if (i & DH_NOT_SUITABLE_GENERATOR) + BIO_puts(out, "the g value is not a generator\n"); + + BIO_puts(out, "\np ="); + BN_print(out, a->p); + BIO_puts(out, "\ng ="); + BN_print(out, a->g); + BIO_puts(out, "\n"); + + b = DH_new(); + if (b == NULL) + goto err; + + b->p = BN_dup(a->p); + b->g = BN_dup(a->g); + if ((b->p == NULL) || (b->g == NULL)) + goto err; + + /* Set a to run with normal modexp and b to use constant time */ + a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; + b->flags |= DH_FLAG_NO_EXP_CONSTTIME; + + if (!DH_generate_key(a)) + goto err; + BIO_puts(out, "pri 1="); + BN_print(out, a->priv_key); + BIO_puts(out, "\npub 1="); + BN_print(out, a->pub_key); + BIO_puts(out, "\n"); + + if (!DH_generate_key(b)) + goto err; + BIO_puts(out, "pri 2="); + BN_print(out, b->priv_key); + BIO_puts(out, "\npub 2="); + BN_print(out, b->pub_key); + BIO_puts(out, "\n"); + + alen = DH_size(a); + abuf = (unsigned char *)OPENSSL_malloc(alen); + aout = DH_compute_key(abuf, b->pub_key, a); + + BIO_puts(out, "key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + + blen = DH_size(b); + bbuf = (unsigned char *)OPENSSL_malloc(blen); + bout = DH_compute_key(bbuf, a->pub_key, b); + + BIO_puts(out, "key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { + fprintf(stderr, "Error in DH routines\n"); + ret = 1; + } else + ret = 0; + if (!run_rfc5114_tests()) + ret = 1; + err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) + OPENSSL_free(abuf); + if (bbuf != NULL) + OPENSSL_free(bbuf); + DH_free(b); + DH_free(a); + if (_cb) + BN_GENCB_free(_cb); + BIO_free(out); +# ifdef OPENSSL_SYS_NETWARE + if (ret) + printf("ERROR: %d\n", ret); +# endif + EXIT(ret); +} + +static int cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + return 1; +} + +/* Test data from RFC 5114 */ + +static const unsigned char dhtest_1024_160_xA[] = { + 0xB9, 0xA3, 0xB3, 0xAE, 0x8F, 0xEF, 0xC1, 0xA2, 0x93, 0x04, 0x96, 0x50, + 0x70, 0x86, 0xF8, 0x45, 0x5D, 0x48, 0x94, 0x3E +}; + +static const unsigned char dhtest_1024_160_yA[] = { + 0x2A, 0x85, 0x3B, 0x3D, 0x92, 0x19, 0x75, 0x01, 0xB9, 0x01, 0x5B, 0x2D, + 0xEB, 0x3E, 0xD8, 0x4F, 0x5E, 0x02, 0x1D, 0xCC, 0x3E, 0x52, 0xF1, 0x09, + 0xD3, 0x27, 0x3D, 0x2B, 0x75, 0x21, 0x28, 0x1C, 0xBA, 0xBE, 0x0E, 0x76, + 0xFF, 0x57, 0x27, 0xFA, 0x8A, 0xCC, 0xE2, 0x69, 0x56, 0xBA, 0x9A, 0x1F, + 0xCA, 0x26, 0xF2, 0x02, 0x28, 0xD8, 0x69, 0x3F, 0xEB, 0x10, 0x84, 0x1D, + 0x84, 0xA7, 0x36, 0x00, 0x54, 0xEC, 0xE5, 0xA7, 0xF5, 0xB7, 0xA6, 0x1A, + 0xD3, 0xDF, 0xB3, 0xC6, 0x0D, 0x2E, 0x43, 0x10, 0x6D, 0x87, 0x27, 0xDA, + 0x37, 0xDF, 0x9C, 0xCE, 0x95, 0xB4, 0x78, 0x75, 0x5D, 0x06, 0xBC, 0xEA, + 0x8F, 0x9D, 0x45, 0x96, 0x5F, 0x75, 0xA5, 0xF3, 0xD1, 0xDF, 0x37, 0x01, + 0x16, 0x5F, 0xC9, 0xE5, 0x0C, 0x42, 0x79, 0xCE, 0xB0, 0x7F, 0x98, 0x95, + 0x40, 0xAE, 0x96, 0xD5, 0xD8, 0x8E, 0xD7, 0x76 +}; + +static const unsigned char dhtest_1024_160_xB[] = { + 0x93, 0x92, 0xC9, 0xF9, 0xEB, 0x6A, 0x7A, 0x6A, 0x90, 0x22, 0xF7, 0xD8, + 0x3E, 0x72, 0x23, 0xC6, 0x83, 0x5B, 0xBD, 0xDA +}; + +static const unsigned char dhtest_1024_160_yB[] = { + 0x71, 0x7A, 0x6C, 0xB0, 0x53, 0x37, 0x1F, 0xF4, 0xA3, 0xB9, 0x32, 0x94, + 0x1C, 0x1E, 0x56, 0x63, 0xF8, 0x61, 0xA1, 0xD6, 0xAD, 0x34, 0xAE, 0x66, + 0x57, 0x6D, 0xFB, 0x98, 0xF6, 0xC6, 0xCB, 0xF9, 0xDD, 0xD5, 0xA5, 0x6C, + 0x78, 0x33, 0xF6, 0xBC, 0xFD, 0xFF, 0x09, 0x55, 0x82, 0xAD, 0x86, 0x8E, + 0x44, 0x0E, 0x8D, 0x09, 0xFD, 0x76, 0x9E, 0x3C, 0xEC, 0xCD, 0xC3, 0xD3, + 0xB1, 0xE4, 0xCF, 0xA0, 0x57, 0x77, 0x6C, 0xAA, 0xF9, 0x73, 0x9B, 0x6A, + 0x9F, 0xEE, 0x8E, 0x74, 0x11, 0xF8, 0xD6, 0xDA, 0xC0, 0x9D, 0x6A, 0x4E, + 0xDB, 0x46, 0xCC, 0x2B, 0x5D, 0x52, 0x03, 0x09, 0x0E, 0xAE, 0x61, 0x26, + 0x31, 0x1E, 0x53, 0xFD, 0x2C, 0x14, 0xB5, 0x74, 0xE6, 0xA3, 0x10, 0x9A, + 0x3D, 0xA1, 0xBE, 0x41, 0xBD, 0xCE, 0xAA, 0x18, 0x6F, 0x5C, 0xE0, 0x67, + 0x16, 0xA2, 0xB6, 0xA0, 0x7B, 0x3C, 0x33, 0xFE +}; + +static const unsigned char dhtest_1024_160_Z[] = { + 0x5C, 0x80, 0x4F, 0x45, 0x4D, 0x30, 0xD9, 0xC4, 0xDF, 0x85, 0x27, 0x1F, + 0x93, 0x52, 0x8C, 0x91, 0xDF, 0x6B, 0x48, 0xAB, 0x5F, 0x80, 0xB3, 0xB5, + 0x9C, 0xAA, 0xC1, 0xB2, 0x8F, 0x8A, 0xCB, 0xA9, 0xCD, 0x3E, 0x39, 0xF3, + 0xCB, 0x61, 0x45, 0x25, 0xD9, 0x52, 0x1D, 0x2E, 0x64, 0x4C, 0x53, 0xB8, + 0x07, 0xB8, 0x10, 0xF3, 0x40, 0x06, 0x2F, 0x25, 0x7D, 0x7D, 0x6F, 0xBF, + 0xE8, 0xD5, 0xE8, 0xF0, 0x72, 0xE9, 0xB6, 0xE9, 0xAF, 0xDA, 0x94, 0x13, + 0xEA, 0xFB, 0x2E, 0x8B, 0x06, 0x99, 0xB1, 0xFB, 0x5A, 0x0C, 0xAC, 0xED, + 0xDE, 0xAE, 0xAD, 0x7E, 0x9C, 0xFB, 0xB3, 0x6A, 0xE2, 0xB4, 0x20, 0x83, + 0x5B, 0xD8, 0x3A, 0x19, 0xFB, 0x0B, 0x5E, 0x96, 0xBF, 0x8F, 0xA4, 0xD0, + 0x9E, 0x34, 0x55, 0x25, 0x16, 0x7E, 0xCD, 0x91, 0x55, 0x41, 0x6F, 0x46, + 0xF4, 0x08, 0xED, 0x31, 0xB6, 0x3C, 0x6E, 0x6D +}; + +static const unsigned char dhtest_2048_224_xA[] = { + 0x22, 0xE6, 0x26, 0x01, 0xDB, 0xFF, 0xD0, 0x67, 0x08, 0xA6, 0x80, 0xF7, + 0x47, 0xF3, 0x61, 0xF7, 0x6D, 0x8F, 0x4F, 0x72, 0x1A, 0x05, 0x48, 0xE4, + 0x83, 0x29, 0x4B, 0x0C +}; + +static const unsigned char dhtest_2048_224_yA[] = { + 0x1B, 0x3A, 0x63, 0x45, 0x1B, 0xD8, 0x86, 0xE6, 0x99, 0xE6, 0x7B, 0x49, + 0x4E, 0x28, 0x8B, 0xD7, 0xF8, 0xE0, 0xD3, 0x70, 0xBA, 0xDD, 0xA7, 0xA0, + 0xEF, 0xD2, 0xFD, 0xE7, 0xD8, 0xF6, 0x61, 0x45, 0xCC, 0x9F, 0x28, 0x04, + 0x19, 0x97, 0x5E, 0xB8, 0x08, 0x87, 0x7C, 0x8A, 0x4C, 0x0C, 0x8E, 0x0B, + 0xD4, 0x8D, 0x4A, 0x54, 0x01, 0xEB, 0x1E, 0x87, 0x76, 0xBF, 0xEE, 0xE1, + 0x34, 0xC0, 0x38, 0x31, 0xAC, 0x27, 0x3C, 0xD9, 0xD6, 0x35, 0xAB, 0x0C, + 0xE0, 0x06, 0xA4, 0x2A, 0x88, 0x7E, 0x3F, 0x52, 0xFB, 0x87, 0x66, 0xB6, + 0x50, 0xF3, 0x80, 0x78, 0xBC, 0x8E, 0xE8, 0x58, 0x0C, 0xEF, 0xE2, 0x43, + 0x96, 0x8C, 0xFC, 0x4F, 0x8D, 0xC3, 0xDB, 0x08, 0x45, 0x54, 0x17, 0x1D, + 0x41, 0xBF, 0x2E, 0x86, 0x1B, 0x7B, 0xB4, 0xD6, 0x9D, 0xD0, 0xE0, 0x1E, + 0xA3, 0x87, 0xCB, 0xAA, 0x5C, 0xA6, 0x72, 0xAF, 0xCB, 0xE8, 0xBD, 0xB9, + 0xD6, 0x2D, 0x4C, 0xE1, 0x5F, 0x17, 0xDD, 0x36, 0xF9, 0x1E, 0xD1, 0xEE, + 0xDD, 0x65, 0xCA, 0x4A, 0x06, 0x45, 0x5C, 0xB9, 0x4C, 0xD4, 0x0A, 0x52, + 0xEC, 0x36, 0x0E, 0x84, 0xB3, 0xC9, 0x26, 0xE2, 0x2C, 0x43, 0x80, 0xA3, + 0xBF, 0x30, 0x9D, 0x56, 0x84, 0x97, 0x68, 0xB7, 0xF5, 0x2C, 0xFD, 0xF6, + 0x55, 0xFD, 0x05, 0x3A, 0x7E, 0xF7, 0x06, 0x97, 0x9E, 0x7E, 0x58, 0x06, + 0xB1, 0x7D, 0xFA, 0xE5, 0x3A, 0xD2, 0xA5, 0xBC, 0x56, 0x8E, 0xBB, 0x52, + 0x9A, 0x7A, 0x61, 0xD6, 0x8D, 0x25, 0x6F, 0x8F, 0xC9, 0x7C, 0x07, 0x4A, + 0x86, 0x1D, 0x82, 0x7E, 0x2E, 0xBC, 0x8C, 0x61, 0x34, 0x55, 0x31, 0x15, + 0xB7, 0x0E, 0x71, 0x03, 0x92, 0x0A, 0xA1, 0x6D, 0x85, 0xE5, 0x2B, 0xCB, + 0xAB, 0x8D, 0x78, 0x6A, 0x68, 0x17, 0x8F, 0xA8, 0xFF, 0x7C, 0x2F, 0x5C, + 0x71, 0x64, 0x8D, 0x6F +}; + +static const unsigned char dhtest_2048_224_xB[] = { + 0x4F, 0xF3, 0xBC, 0x96, 0xC7, 0xFC, 0x6A, 0x6D, 0x71, 0xD3, 0xB3, 0x63, + 0x80, 0x0A, 0x7C, 0xDF, 0xEF, 0x6F, 0xC4, 0x1B, 0x44, 0x17, 0xEA, 0x15, + 0x35, 0x3B, 0x75, 0x90 +}; + +static const unsigned char dhtest_2048_224_yB[] = { + 0x4D, 0xCE, 0xE9, 0x92, 0xA9, 0x76, 0x2A, 0x13, 0xF2, 0xF8, 0x38, 0x44, + 0xAD, 0x3D, 0x77, 0xEE, 0x0E, 0x31, 0xC9, 0x71, 0x8B, 0x3D, 0xB6, 0xC2, + 0x03, 0x5D, 0x39, 0x61, 0x18, 0x2C, 0x3E, 0x0B, 0xA2, 0x47, 0xEC, 0x41, + 0x82, 0xD7, 0x60, 0xCD, 0x48, 0xD9, 0x95, 0x99, 0x97, 0x06, 0x22, 0xA1, + 0x88, 0x1B, 0xBA, 0x2D, 0xC8, 0x22, 0x93, 0x9C, 0x78, 0xC3, 0x91, 0x2C, + 0x66, 0x61, 0xFA, 0x54, 0x38, 0xB2, 0x07, 0x66, 0x22, 0x2B, 0x75, 0xE2, + 0x4C, 0x2E, 0x3A, 0xD0, 0xC7, 0x28, 0x72, 0x36, 0x12, 0x95, 0x25, 0xEE, + 0x15, 0xB5, 0xDD, 0x79, 0x98, 0xAA, 0x04, 0xC4, 0xA9, 0x69, 0x6C, 0xAC, + 0xD7, 0x17, 0x20, 0x83, 0xA9, 0x7A, 0x81, 0x66, 0x4E, 0xAD, 0x2C, 0x47, + 0x9E, 0x44, 0x4E, 0x4C, 0x06, 0x54, 0xCC, 0x19, 0xE2, 0x8D, 0x77, 0x03, + 0xCE, 0xE8, 0xDA, 0xCD, 0x61, 0x26, 0xF5, 0xD6, 0x65, 0xEC, 0x52, 0xC6, + 0x72, 0x55, 0xDB, 0x92, 0x01, 0x4B, 0x03, 0x7E, 0xB6, 0x21, 0xA2, 0xAC, + 0x8E, 0x36, 0x5D, 0xE0, 0x71, 0xFF, 0xC1, 0x40, 0x0A, 0xCF, 0x07, 0x7A, + 0x12, 0x91, 0x3D, 0xD8, 0xDE, 0x89, 0x47, 0x34, 0x37, 0xAB, 0x7B, 0xA3, + 0x46, 0x74, 0x3C, 0x1B, 0x21, 0x5D, 0xD9, 0xC1, 0x21, 0x64, 0xA7, 0xE4, + 0x05, 0x31, 0x18, 0xD1, 0x99, 0xBE, 0xC8, 0xEF, 0x6F, 0xC5, 0x61, 0x17, + 0x0C, 0x84, 0xC8, 0x7D, 0x10, 0xEE, 0x9A, 0x67, 0x4A, 0x1F, 0xA8, 0xFF, + 0xE1, 0x3B, 0xDF, 0xBA, 0x1D, 0x44, 0xDE, 0x48, 0x94, 0x6D, 0x68, 0xDC, + 0x0C, 0xDD, 0x77, 0x76, 0x35, 0xA7, 0xAB, 0x5B, 0xFB, 0x1E, 0x4B, 0xB7, + 0xB8, 0x56, 0xF9, 0x68, 0x27, 0x73, 0x4C, 0x18, 0x41, 0x38, 0xE9, 0x15, + 0xD9, 0xC3, 0x00, 0x2E, 0xBC, 0xE5, 0x31, 0x20, 0x54, 0x6A, 0x7E, 0x20, + 0x02, 0x14, 0x2B, 0x6C +}; + +static const unsigned char dhtest_2048_224_Z[] = { + 0x34, 0xD9, 0xBD, 0xDC, 0x1B, 0x42, 0x17, 0x6C, 0x31, 0x3F, 0xEA, 0x03, + 0x4C, 0x21, 0x03, 0x4D, 0x07, 0x4A, 0x63, 0x13, 0xBB, 0x4E, 0xCD, 0xB3, + 0x70, 0x3F, 0xFF, 0x42, 0x45, 0x67, 0xA4, 0x6B, 0xDF, 0x75, 0x53, 0x0E, + 0xDE, 0x0A, 0x9D, 0xA5, 0x22, 0x9D, 0xE7, 0xD7, 0x67, 0x32, 0x28, 0x6C, + 0xBC, 0x0F, 0x91, 0xDA, 0x4C, 0x3C, 0x85, 0x2F, 0xC0, 0x99, 0xC6, 0x79, + 0x53, 0x1D, 0x94, 0xC7, 0x8A, 0xB0, 0x3D, 0x9D, 0xEC, 0xB0, 0xA4, 0xE4, + 0xCA, 0x8B, 0x2B, 0xB4, 0x59, 0x1C, 0x40, 0x21, 0xCF, 0x8C, 0xE3, 0xA2, + 0x0A, 0x54, 0x1D, 0x33, 0x99, 0x40, 0x17, 0xD0, 0x20, 0x0A, 0xE2, 0xC9, + 0x51, 0x6E, 0x2F, 0xF5, 0x14, 0x57, 0x79, 0x26, 0x9E, 0x86, 0x2B, 0x0F, + 0xB4, 0x74, 0xA2, 0xD5, 0x6D, 0xC3, 0x1E, 0xD5, 0x69, 0xA7, 0x70, 0x0B, + 0x4C, 0x4A, 0xB1, 0x6B, 0x22, 0xA4, 0x55, 0x13, 0x53, 0x1E, 0xF5, 0x23, + 0xD7, 0x12, 0x12, 0x07, 0x7B, 0x5A, 0x16, 0x9B, 0xDE, 0xFF, 0xAD, 0x7A, + 0xD9, 0x60, 0x82, 0x84, 0xC7, 0x79, 0x5B, 0x6D, 0x5A, 0x51, 0x83, 0xB8, + 0x70, 0x66, 0xDE, 0x17, 0xD8, 0xD6, 0x71, 0xC9, 0xEB, 0xD8, 0xEC, 0x89, + 0x54, 0x4D, 0x45, 0xEC, 0x06, 0x15, 0x93, 0xD4, 0x42, 0xC6, 0x2A, 0xB9, + 0xCE, 0x3B, 0x1C, 0xB9, 0x94, 0x3A, 0x1D, 0x23, 0xA5, 0xEA, 0x3B, 0xCF, + 0x21, 0xA0, 0x14, 0x71, 0xE6, 0x7E, 0x00, 0x3E, 0x7F, 0x8A, 0x69, 0xC7, + 0x28, 0xBE, 0x49, 0x0B, 0x2F, 0xC8, 0x8C, 0xFE, 0xB9, 0x2D, 0xB6, 0xA2, + 0x15, 0xE5, 0xD0, 0x3C, 0x17, 0xC4, 0x64, 0xC9, 0xAC, 0x1A, 0x46, 0xE2, + 0x03, 0xE1, 0x3F, 0x95, 0x29, 0x95, 0xFB, 0x03, 0xC6, 0x9D, 0x3C, 0xC4, + 0x7F, 0xCB, 0x51, 0x0B, 0x69, 0x98, 0xFF, 0xD3, 0xAA, 0x6D, 0xE7, 0x3C, + 0xF9, 0xF6, 0x38, 0x69 +}; + +static const unsigned char dhtest_2048_256_xA[] = { + 0x08, 0x81, 0x38, 0x2C, 0xDB, 0x87, 0x66, 0x0C, 0x6D, 0xC1, 0x3E, 0x61, + 0x49, 0x38, 0xD5, 0xB9, 0xC8, 0xB2, 0xF2, 0x48, 0x58, 0x1C, 0xC5, 0xE3, + 0x1B, 0x35, 0x45, 0x43, 0x97, 0xFC, 0xE5, 0x0E +}; + +static const unsigned char dhtest_2048_256_yA[] = { + 0x2E, 0x93, 0x80, 0xC8, 0x32, 0x3A, 0xF9, 0x75, 0x45, 0xBC, 0x49, 0x41, + 0xDE, 0xB0, 0xEC, 0x37, 0x42, 0xC6, 0x2F, 0xE0, 0xEC, 0xE8, 0x24, 0xA6, + 0xAB, 0xDB, 0xE6, 0x6C, 0x59, 0xBE, 0xE0, 0x24, 0x29, 0x11, 0xBF, 0xB9, + 0x67, 0x23, 0x5C, 0xEB, 0xA3, 0x5A, 0xE1, 0x3E, 0x4E, 0xC7, 0x52, 0xBE, + 0x63, 0x0B, 0x92, 0xDC, 0x4B, 0xDE, 0x28, 0x47, 0xA9, 0xC6, 0x2C, 0xB8, + 0x15, 0x27, 0x45, 0x42, 0x1F, 0xB7, 0xEB, 0x60, 0xA6, 0x3C, 0x0F, 0xE9, + 0x15, 0x9F, 0xCC, 0xE7, 0x26, 0xCE, 0x7C, 0xD8, 0x52, 0x3D, 0x74, 0x50, + 0x66, 0x7E, 0xF8, 0x40, 0xE4, 0x91, 0x91, 0x21, 0xEB, 0x5F, 0x01, 0xC8, + 0xC9, 0xB0, 0xD3, 0xD6, 0x48, 0xA9, 0x3B, 0xFB, 0x75, 0x68, 0x9E, 0x82, + 0x44, 0xAC, 0x13, 0x4A, 0xF5, 0x44, 0x71, 0x1C, 0xE7, 0x9A, 0x02, 0xDC, + 0xC3, 0x42, 0x26, 0x68, 0x47, 0x80, 0xDD, 0xDC, 0xB4, 0x98, 0x59, 0x41, + 0x06, 0xC3, 0x7F, 0x5B, 0xC7, 0x98, 0x56, 0x48, 0x7A, 0xF5, 0xAB, 0x02, + 0x2A, 0x2E, 0x5E, 0x42, 0xF0, 0x98, 0x97, 0xC1, 0xA8, 0x5A, 0x11, 0xEA, + 0x02, 0x12, 0xAF, 0x04, 0xD9, 0xB4, 0xCE, 0xBC, 0x93, 0x7C, 0x3C, 0x1A, + 0x3E, 0x15, 0xA8, 0xA0, 0x34, 0x2E, 0x33, 0x76, 0x15, 0xC8, 0x4E, 0x7F, + 0xE3, 0xB8, 0xB9, 0xB8, 0x7F, 0xB1, 0xE7, 0x3A, 0x15, 0xAF, 0x12, 0xA3, + 0x0D, 0x74, 0x6E, 0x06, 0xDF, 0xC3, 0x4F, 0x29, 0x0D, 0x79, 0x7C, 0xE5, + 0x1A, 0xA1, 0x3A, 0xA7, 0x85, 0xBF, 0x66, 0x58, 0xAF, 0xF5, 0xE4, 0xB0, + 0x93, 0x00, 0x3C, 0xBE, 0xAF, 0x66, 0x5B, 0x3C, 0x2E, 0x11, 0x3A, 0x3A, + 0x4E, 0x90, 0x52, 0x69, 0x34, 0x1D, 0xC0, 0x71, 0x14, 0x26, 0x68, 0x5F, + 0x4E, 0xF3, 0x7E, 0x86, 0x8A, 0x81, 0x26, 0xFF, 0x3F, 0x22, 0x79, 0xB5, + 0x7C, 0xA6, 0x7E, 0x29 +}; + +static const unsigned char dhtest_2048_256_xB[] = { + 0x7D, 0x62, 0xA7, 0xE3, 0xEF, 0x36, 0xDE, 0x61, 0x7B, 0x13, 0xD1, 0xAF, + 0xB8, 0x2C, 0x78, 0x0D, 0x83, 0xA2, 0x3B, 0xD4, 0xEE, 0x67, 0x05, 0x64, + 0x51, 0x21, 0xF3, 0x71, 0xF5, 0x46, 0xA5, 0x3D +}; + +static const unsigned char dhtest_2048_256_yB[] = { + 0x57, 0x5F, 0x03, 0x51, 0xBD, 0x2B, 0x1B, 0x81, 0x74, 0x48, 0xBD, 0xF8, + 0x7A, 0x6C, 0x36, 0x2C, 0x1E, 0x28, 0x9D, 0x39, 0x03, 0xA3, 0x0B, 0x98, + 0x32, 0xC5, 0x74, 0x1F, 0xA2, 0x50, 0x36, 0x3E, 0x7A, 0xCB, 0xC7, 0xF7, + 0x7F, 0x3D, 0xAC, 0xBC, 0x1F, 0x13, 0x1A, 0xDD, 0x8E, 0x03, 0x36, 0x7E, + 0xFF, 0x8F, 0xBB, 0xB3, 0xE1, 0xC5, 0x78, 0x44, 0x24, 0x80, 0x9B, 0x25, + 0xAF, 0xE4, 0xD2, 0x26, 0x2A, 0x1A, 0x6F, 0xD2, 0xFA, 0xB6, 0x41, 0x05, + 0xCA, 0x30, 0xA6, 0x74, 0xE0, 0x7F, 0x78, 0x09, 0x85, 0x20, 0x88, 0x63, + 0x2F, 0xC0, 0x49, 0x23, 0x37, 0x91, 0xAD, 0x4E, 0xDD, 0x08, 0x3A, 0x97, + 0x8B, 0x88, 0x3E, 0xE6, 0x18, 0xBC, 0x5E, 0x0D, 0xD0, 0x47, 0x41, 0x5F, + 0x2D, 0x95, 0xE6, 0x83, 0xCF, 0x14, 0x82, 0x6B, 0x5F, 0xBE, 0x10, 0xD3, + 0xCE, 0x41, 0xC6, 0xC1, 0x20, 0xC7, 0x8A, 0xB2, 0x00, 0x08, 0xC6, 0x98, + 0xBF, 0x7F, 0x0B, 0xCA, 0xB9, 0xD7, 0xF4, 0x07, 0xBE, 0xD0, 0xF4, 0x3A, + 0xFB, 0x29, 0x70, 0xF5, 0x7F, 0x8D, 0x12, 0x04, 0x39, 0x63, 0xE6, 0x6D, + 0xDD, 0x32, 0x0D, 0x59, 0x9A, 0xD9, 0x93, 0x6C, 0x8F, 0x44, 0x13, 0x7C, + 0x08, 0xB1, 0x80, 0xEC, 0x5E, 0x98, 0x5C, 0xEB, 0xE1, 0x86, 0xF3, 0xD5, + 0x49, 0x67, 0x7E, 0x80, 0x60, 0x73, 0x31, 0xEE, 0x17, 0xAF, 0x33, 0x80, + 0xA7, 0x25, 0xB0, 0x78, 0x23, 0x17, 0xD7, 0xDD, 0x43, 0xF5, 0x9D, 0x7A, + 0xF9, 0x56, 0x8A, 0x9B, 0xB6, 0x3A, 0x84, 0xD3, 0x65, 0xF9, 0x22, 0x44, + 0xED, 0x12, 0x09, 0x88, 0x21, 0x93, 0x02, 0xF4, 0x29, 0x24, 0xC7, 0xCA, + 0x90, 0xB8, 0x9D, 0x24, 0xF7, 0x1B, 0x0A, 0xB6, 0x97, 0x82, 0x3D, 0x7D, + 0xEB, 0x1A, 0xFF, 0x5B, 0x0E, 0x8E, 0x4A, 0x45, 0xD4, 0x9F, 0x7F, 0x53, + 0x75, 0x7E, 0x19, 0x13 +}; + +static const unsigned char dhtest_2048_256_Z[] = { + 0x86, 0xC7, 0x0B, 0xF8, 0xD0, 0xBB, 0x81, 0xBB, 0x01, 0x07, 0x8A, 0x17, + 0x21, 0x9C, 0xB7, 0xD2, 0x72, 0x03, 0xDB, 0x2A, 0x19, 0xC8, 0x77, 0xF1, + 0xD1, 0xF1, 0x9F, 0xD7, 0xD7, 0x7E, 0xF2, 0x25, 0x46, 0xA6, 0x8F, 0x00, + 0x5A, 0xD5, 0x2D, 0xC8, 0x45, 0x53, 0xB7, 0x8F, 0xC6, 0x03, 0x30, 0xBE, + 0x51, 0xEA, 0x7C, 0x06, 0x72, 0xCA, 0xC1, 0x51, 0x5E, 0x4B, 0x35, 0xC0, + 0x47, 0xB9, 0xA5, 0x51, 0xB8, 0x8F, 0x39, 0xDC, 0x26, 0xDA, 0x14, 0xA0, + 0x9E, 0xF7, 0x47, 0x74, 0xD4, 0x7C, 0x76, 0x2D, 0xD1, 0x77, 0xF9, 0xED, + 0x5B, 0xC2, 0xF1, 0x1E, 0x52, 0xC8, 0x79, 0xBD, 0x95, 0x09, 0x85, 0x04, + 0xCD, 0x9E, 0xEC, 0xD8, 0xA8, 0xF9, 0xB3, 0xEF, 0xBD, 0x1F, 0x00, 0x8A, + 0xC5, 0x85, 0x30, 0x97, 0xD9, 0xD1, 0x83, 0x7F, 0x2B, 0x18, 0xF7, 0x7C, + 0xD7, 0xBE, 0x01, 0xAF, 0x80, 0xA7, 0xC7, 0xB5, 0xEA, 0x3C, 0xA5, 0x4C, + 0xC0, 0x2D, 0x0C, 0x11, 0x6F, 0xEE, 0x3F, 0x95, 0xBB, 0x87, 0x39, 0x93, + 0x85, 0x87, 0x5D, 0x7E, 0x86, 0x74, 0x7E, 0x67, 0x6E, 0x72, 0x89, 0x38, + 0xAC, 0xBF, 0xF7, 0x09, 0x8E, 0x05, 0xBE, 0x4D, 0xCF, 0xB2, 0x40, 0x52, + 0xB8, 0x3A, 0xEF, 0xFB, 0x14, 0x78, 0x3F, 0x02, 0x9A, 0xDB, 0xDE, 0x7F, + 0x53, 0xFA, 0xE9, 0x20, 0x84, 0x22, 0x40, 0x90, 0xE0, 0x07, 0xCE, 0xE9, + 0x4D, 0x4B, 0xF2, 0xBA, 0xCE, 0x9F, 0xFD, 0x4B, 0x57, 0xD2, 0xAF, 0x7C, + 0x72, 0x4D, 0x0C, 0xAA, 0x19, 0xBF, 0x05, 0x01, 0xF6, 0xF1, 0x7B, 0x4A, + 0xA1, 0x0F, 0x42, 0x5E, 0x3E, 0xA7, 0x60, 0x80, 0xB4, 0xB9, 0xD6, 0xB3, + 0xCE, 0xFE, 0xA1, 0x15, 0xB2, 0xCE, 0xB8, 0x78, 0x9B, 0xB8, 0xA3, 0xB0, + 0xEA, 0x87, 0xFE, 0xBE, 0x63, 0xB6, 0xC8, 0xF8, 0x46, 0xEC, 0x6D, 0xB0, + 0xC2, 0x6C, 0x5D, 0x7C +}; + +typedef struct { + DH *(*get_param) (void); + const unsigned char *xA; + size_t xA_len; + const unsigned char *yA; + size_t yA_len; + const unsigned char *xB; + size_t xB_len; + const unsigned char *yB; + size_t yB_len; + const unsigned char *Z; + size_t Z_len; +} rfc5114_td; + +# define make_rfc5114_td(pre) { \ + DH_get_##pre, \ + dhtest_##pre##_xA, sizeof(dhtest_##pre##_xA), \ + dhtest_##pre##_yA, sizeof(dhtest_##pre##_yA), \ + dhtest_##pre##_xB, sizeof(dhtest_##pre##_xB), \ + dhtest_##pre##_yB, sizeof(dhtest_##pre##_yB), \ + dhtest_##pre##_Z, sizeof(dhtest_##pre##_Z) \ + } + +static const rfc5114_td rfctd[] = { + make_rfc5114_td(1024_160), + make_rfc5114_td(2048_224), + make_rfc5114_td(2048_256) +}; + +static int run_rfc5114_tests(void) +{ + int i; + for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) { + DH *dhA, *dhB; + unsigned char *Z1 = NULL, *Z2 = NULL; + const rfc5114_td *td = rfctd + i; + /* Set up DH structures setting key components */ + dhA = td->get_param(); + dhB = td->get_param(); + if (!dhA || !dhB) + goto bad_err; + + dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL); + dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL); + + dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL); + dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL); + + if (!dhA->priv_key || !dhA->pub_key + || !dhB->priv_key || !dhB->pub_key) + goto bad_err; + + if ((td->Z_len != (size_t)DH_size(dhA)) + || (td->Z_len != (size_t)DH_size(dhB))) + goto err; + + Z1 = OPENSSL_malloc(DH_size(dhA)); + Z2 = OPENSSL_malloc(DH_size(dhB)); + /* + * Work out shared secrets using both sides and compare with expected + * values. + */ + if (!DH_compute_key(Z1, dhB->pub_key, dhA)) + goto bad_err; + if (!DH_compute_key(Z2, dhA->pub_key, dhB)) + goto bad_err; + + if (memcmp(Z1, td->Z, td->Z_len)) + goto err; + if (memcmp(Z2, td->Z, td->Z_len)) + goto err; + + printf("RFC5114 parameter test %d OK\n", i + 1); + + DH_free(dhA); + DH_free(dhB); + OPENSSL_free(Z1); + OPENSSL_free(Z2); + + } + return 1; + bad_err: + fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1); + ERR_print_errors_fp(stderr); + return 0; + err: + fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1); + return 0; +} + +#endif diff --git a/test/dsatest.c b/test/dsatest.c new file mode 100644 index 0000000000..a5d40f1eb6 --- /dev/null +++ b/test/dsatest.c @@ -0,0 +1,256 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> + +#include "../e_os.h" + +#include <openssl/crypto.h> +#include <openssl/rand.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_NO_DSA +int main(int argc, char *argv[]) +{ + printf("No DSA support\n"); + return (0); +} +#else +# include <openssl/dsa.h> + +static int dsa_cb(int p, int n, BN_GENCB *arg); + +/* + * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS + * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 + */ +static unsigned char seed[20] = { + 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, + 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, +}; + +static unsigned char out_p[] = { + 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, + 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, + 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, + 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, + 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, + 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, + 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, + 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, +}; + +static unsigned char out_q[] = { + 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, + 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, + 0xda, 0xce, 0x91, 0x5f, +}; + +static unsigned char out_g[] = { + 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, + 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, + 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, + 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, + 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, + 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, + 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, + 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, +}; + +static const unsigned char str1[] = "12345678901234567890"; + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static BIO *bio_err = NULL; + +int main(int argc, char **argv) +{ + BN_GENCB *cb; + DSA *dsa = NULL; + int counter, ret = 0, i, j; + unsigned char buf[256]; + unsigned long h; + unsigned char sig[256]; + unsigned int siglen; + + if (bio_err == NULL) + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + RAND_seed(rnd_seed, sizeof rnd_seed); + + BIO_printf(bio_err, "test generation of DSA parameters\n"); + + cb = BN_GENCB_new(); + if (!cb) + goto end; + + BN_GENCB_set(cb, dsa_cb, bio_err); + if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, + seed, 20, + &counter, + &h, cb)) + goto end; + + BIO_printf(bio_err, "seed\n"); + for (i = 0; i < 20; i += 4) { + BIO_printf(bio_err, "%02X%02X%02X%02X ", + seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); + } + BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); + + DSA_print(bio_err, dsa, 0); + if (counter != 105) { + BIO_printf(bio_err, "counter should be 105\n"); + goto end; + } + if (h != 2) { + BIO_printf(bio_err, "h should be 2\n"); + goto end; + } + + i = BN_bn2bin(dsa->q, buf); + j = sizeof(out_q); + if ((i != j) || (memcmp(buf, out_q, i) != 0)) { + BIO_printf(bio_err, "q value is wrong\n"); + goto end; + } + + i = BN_bn2bin(dsa->p, buf); + j = sizeof(out_p); + if ((i != j) || (memcmp(buf, out_p, i) != 0)) { + BIO_printf(bio_err, "p value is wrong\n"); + goto end; + } + + i = BN_bn2bin(dsa->g, buf); + j = sizeof(out_g); + if ((i != j) || (memcmp(buf, out_g, i) != 0)) { + BIO_printf(bio_err, "g value is wrong\n"); + goto end; + } + + dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; + DSA_generate_key(dsa); + DSA_sign(0, str1, 20, sig, &siglen, dsa); + if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + ret = 1; + + dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; + DSA_generate_key(dsa); + DSA_sign(0, str1, 20, sig, &siglen, dsa); + if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + ret = 1; + + end: + if (!ret) + ERR_print_errors(bio_err); + DSA_free(dsa); + if (cb != NULL) + BN_GENCB_free(cb); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + BIO_free(bio_err); + bio_err = NULL; +# ifdef OPENSSL_SYS_NETWARE + if (!ret) + printf("ERROR\n"); +# endif + EXIT(!ret); +} + +static int dsa_cb(int p, int n, BN_GENCB *arg) +{ + char c = '*'; + static int ok = 0, num = 0; + + if (p == 0) { + c = '.'; + num++; + }; + if (p == 1) + c = '+'; + if (p == 2) { + c = '*'; + ok++; + } + if (p == 3) + c = '\n'; + BIO_write(BN_GENCB_get_arg(arg), &c, 1); + (void)BIO_flush(BN_GENCB_get_arg(arg)); + + if (!ok && (p == 0) && (num > 1)) { + BIO_printf((BIO *)arg, "error in dsatest\n"); + return 0; + } + return 1; +} +#endif diff --git a/test/ecdhtest.c b/test/ecdhtest.c new file mode 100644 index 0000000000..a89177e435 --- /dev/null +++ b/test/ecdhtest.c @@ -0,0 +1,537 @@ +/* crypto/ecdh/ecdhtest.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#include <openssl/opensslconf.h> /* for OPENSSL_NO_EC */ +#include <openssl/crypto.h> +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/objects.h> +#include <openssl/rand.h> +#include <openssl/sha.h> +#include <openssl/err.h> + +#ifdef OPENSSL_NO_EC +int main(int argc, char *argv[]) +{ + printf("No ECDH support\n"); + return (0); +} +#else +# include <openssl/ec.h> +# include <openssl/ecdh.h> + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, + size_t *outlen) +{ + if (*outlen < SHA_DIGEST_LENGTH) + return NULL; + *outlen = SHA_DIGEST_LENGTH; + return SHA1(in, inlen, out); +} + +static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) +{ + EC_KEY *a = NULL; + EC_KEY *b = NULL; + BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL; + char buf[12]; + unsigned char *abuf = NULL, *bbuf = NULL; + int i, alen, blen, aout, bout, ret = 0; + const EC_GROUP *group; + + a = EC_KEY_new_by_curve_name(nid); + b = EC_KEY_new_by_curve_name(nid); + if (a == NULL || b == NULL) + goto err; + + group = EC_KEY_get0_group(a); + + if ((x_a = BN_new()) == NULL) + goto err; + if ((y_a = BN_new()) == NULL) + goto err; + if ((x_b = BN_new()) == NULL) + goto err; + if ((y_b = BN_new()) == NULL) + goto err; + + BIO_puts(out, "Testing key generation with "); + BIO_puts(out, text); +# ifdef NOISY + BIO_puts(out, "\n"); +# else + (void)BIO_flush(out); +# endif + + if (!EC_KEY_generate_key(a)) + goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp + (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) + goto err; + } +# ifndef OPENSSL_NO_EC2M + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(a), + x_a, y_a, ctx)) + goto err; + } +# endif +# ifdef NOISY + BIO_puts(out, " pri 1="); + BN_print(out, a->priv_key); + BIO_puts(out, "\n pub 1="); + BN_print(out, x_a); + BIO_puts(out, ","); + BN_print(out, y_a); + BIO_puts(out, "\n"); +# else + BIO_printf(out, " ."); + (void)BIO_flush(out); +# endif + + if (!EC_KEY_generate_key(b)) + goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp + (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) + goto err; + } +# ifndef OPENSSL_NO_EC2M + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(b), + x_b, y_b, ctx)) + goto err; + } +# endif + +# ifdef NOISY + BIO_puts(out, " pri 2="); + BN_print(out, b->priv_key); + BIO_puts(out, "\n pub 2="); + BN_print(out, x_b); + BIO_puts(out, ","); + BN_print(out, y_b); + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + alen = KDF1_SHA1_len; + abuf = (unsigned char *)OPENSSL_malloc(alen); + aout = + ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1); + +# ifdef NOISY + BIO_puts(out, " key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + blen = KDF1_SHA1_len; + bbuf = (unsigned char *)OPENSSL_malloc(blen); + bout = + ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1); + +# ifdef NOISY + BIO_puts(out, " key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { +# ifndef NOISY + BIO_printf(out, " failed\n\n"); + BIO_printf(out, "key a:\n"); + BIO_printf(out, "private key: "); + BN_print(out, EC_KEY_get0_private_key(a)); + BIO_printf(out, "\n"); + BIO_printf(out, "public key (x,y): "); + BN_print(out, x_a); + BIO_printf(out, ","); + BN_print(out, y_a); + BIO_printf(out, "\nkey b:\n"); + BIO_printf(out, "private key: "); + BN_print(out, EC_KEY_get0_private_key(b)); + BIO_printf(out, "\n"); + BIO_printf(out, "public key (x,y): "); + BN_print(out, x_b); + BIO_printf(out, ","); + BN_print(out, y_b); + BIO_printf(out, "\n"); + BIO_printf(out, "generated key a: "); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_printf(out, "\n"); + BIO_printf(out, "generated key b: "); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_printf(out, "\n"); +# endif + fprintf(stderr, "Error in ECDH routines\n"); + ret = 0; + } else { +# ifndef NOISY + BIO_printf(out, " ok\n"); +# endif + ret = 1; + } + err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) + OPENSSL_free(abuf); + if (bbuf != NULL) + OPENSSL_free(bbuf); + if (x_a) + BN_free(x_a); + if (y_a) + BN_free(y_a); + if (x_b) + BN_free(x_b); + if (y_b) + BN_free(y_b); + EC_KEY_free(b); + EC_KEY_free(a); + return (ret); +} + +/* Keys and shared secrets from RFC 7027 */ + +static const unsigned char bp256_da[] = { + 0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70, + 0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50, + 0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D +}; + +static const unsigned char bp256_db[] = { + 0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6, + 0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87, + 0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3 +}; + +static const unsigned char bp256_Z[] = { + 0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94, + 0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79, + 0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B +}; + +static const unsigned char bp384_da[] = { + 0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74, + 0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D, + 0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1, + 0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42 +}; + +static const unsigned char bp384_db[] = { + 0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C, + 0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A, + 0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32, + 0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70 +}; + +static const unsigned char bp384_Z[] = { + 0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4, + 0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC, + 0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37, + 0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42 +}; + +static const unsigned char bp512_da[] = { + 0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71, + 0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A, + 0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27, + 0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2, + 0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD, + 0x57, 0x66, 0x54, 0x22 +}; + +static const unsigned char bp512_db[] = { + 0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E, + 0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4, + 0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96, + 0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7, + 0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36, + 0x66, 0xB2, 0x54, 0x29 +}; + +static const unsigned char bp512_Z[] = { + 0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9, + 0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87, + 0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0, + 0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D, + 0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B, + 0x21, 0xC4, 0xCD, 0x1F +}; + +/* Given private value and NID, create EC_KEY structure */ + +static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen) +{ + int ok = 0; + EC_KEY *k = NULL; + BIGNUM *priv = NULL; + EC_POINT *pub = NULL; + const EC_GROUP *grp; + k = EC_KEY_new_by_curve_name(nid); + if (!k) + goto err; + priv = BN_bin2bn(p, plen, NULL); + if (!priv) + goto err; + if (!EC_KEY_set_private_key(k, priv)) + goto err; + grp = EC_KEY_get0_group(k); + pub = EC_POINT_new(grp); + if (!pub) + goto err; + if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL)) + goto err; + if (!EC_KEY_set_public_key(k, pub)) + goto err; + ok = 1; + err: + if (priv) + BN_clear_free(priv); + EC_POINT_free(pub); + if (ok) + return k; + EC_KEY_free(k); + return NULL; +} + +/* + * Known answer test: compute shared secret and check it matches expected + * value. + */ + +static int ecdh_kat(BIO *out, const char *cname, int nid, + const unsigned char *k1, size_t k1_len, + const unsigned char *k2, size_t k2_len, + const unsigned char *Z, size_t Zlen) +{ + int rv = 0; + EC_KEY *key1 = NULL, *key2 = NULL; + unsigned char *Ztmp = NULL; + size_t Ztmplen; + BIO_puts(out, "Testing ECDH shared secret with "); + BIO_puts(out, cname); + key1 = mk_eckey(nid, k1, k1_len); + key2 = mk_eckey(nid, k2, k2_len); + if (!key1 || !key2) + goto err; + Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8; + if (Ztmplen != Zlen) + goto err; + Ztmp = OPENSSL_malloc(Ztmplen); + if (!ECDH_compute_key(Ztmp, Ztmplen, + EC_KEY_get0_public_key(key2), key1, 0)) + goto err; + if (memcmp(Ztmp, Z, Zlen)) + goto err; + memset(Ztmp, 0, Zlen); + if (!ECDH_compute_key(Ztmp, Ztmplen, + EC_KEY_get0_public_key(key1), key2, 0)) + goto err; + if (memcmp(Ztmp, Z, Zlen)) + goto err; + rv = 1; + err: + EC_KEY_free(key1); + EC_KEY_free(key2); + if (Ztmp) + OPENSSL_free(Ztmp); + if (rv) + BIO_puts(out, " ok\n"); + else { + fprintf(stderr, "Error in ECDH routines\n"); + ERR_print_errors_fp(stderr); + } + return rv; +} + +# define test_ecdh_kat(bio, curve, bits) \ + ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \ + bp##bits##_da, sizeof(bp##bits##_da), \ + bp##bits##_db, sizeof(bp##bits##_db), \ + bp##bits##_Z, sizeof(bp##bits##_Z)) + +int main(int argc, char *argv[]) +{ + BN_CTX *ctx = NULL; + int ret = 1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +# ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +# endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + /* NIST PRIME CURVES TESTS */ + if (!test_ecdh_curve + (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) + goto err; + if (!test_ecdh_curve + (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) + goto err; +# ifndef OPENSSL_NO_EC2M + /* NIST BINARY CURVES TESTS */ + if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) + goto err; +# endif + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) + goto err; + + ret = 0; + + err: + ERR_print_errors_fp(stderr); + if (ctx) + BN_CTX_free(ctx); + BIO_free(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + CRYPTO_mem_leaks_fp(stderr); + EXIT(ret); +} +#endif diff --git a/test/ecdsatest.c b/test/ecdsatest.c new file mode 100644 index 0000000000..3a455b4747 --- /dev/null +++ b/test/ecdsatest.c @@ -0,0 +1,565 @@ +/* crypto/ecdsa/ecdsatest.c */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */ + +#ifdef OPENSSL_NO_EC +int main(int argc, char *argv[]) +{ + puts("Elliptic curves are disabled."); + return 0; +} +#else + +# include <openssl/crypto.h> +# include <openssl/bio.h> +# include <openssl/evp.h> +# include <openssl/bn.h> +# include <openssl/ecdsa.h> +# ifndef OPENSSL_NO_ENGINE +# include <openssl/engine.h> +# endif +# include <openssl/err.h> +# include <openssl/rand.h> + +static const char rnd_seed[] = "string to make the random number generator " + "think it has entropy"; + +/* declaration of the test functions */ +int x9_62_tests(BIO *); +int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s); +int test_builtin(BIO *); + +/* functions to change the RAND_METHOD */ +int change_rand(void); +int restore_rand(void); +int fbytes(unsigned char *buf, int num); + +RAND_METHOD fake_rand; +const RAND_METHOD *old_rand; + +int change_rand(void) +{ + /* save old rand method */ + if ((old_rand = RAND_get_rand_method()) == NULL) + return 0; + + fake_rand.seed = old_rand->seed; + fake_rand.cleanup = old_rand->cleanup; + fake_rand.add = old_rand->add; + fake_rand.status = old_rand->status; + /* use own random function */ + fake_rand.bytes = fbytes; + fake_rand.pseudorand = old_rand->bytes; + /* set new RAND_METHOD */ + if (!RAND_set_rand_method(&fake_rand)) + return 0; + return 1; +} + +int restore_rand(void) +{ + if (!RAND_set_rand_method(old_rand)) + return 0; + else + return 1; +} + +static int fbytes_counter = 0, use_fake = 0; +static const char *numbers[8] = { + "651056770906015076056810763456358567190100156695615665659", + "6140507067065001063065065565667405560006161556565665656654", + "8763001015071075675010661307616710783570106710677817767166" + "71676178726717", + "7000000175690566466555057817571571075705015757757057795755" + "55657156756655", + "1275552191113212300012030439187146164646146646466749494799", + "1542725565216523985789236956265265265235675811949404040041", + "1456427555219115346513212300075341203043918714616464614664" + "64667494947990", + "1712787255652165239672857892369562652652652356758119494040" + "40041670216363" +}; + +int fbytes(unsigned char *buf, int num) +{ + int ret; + BIGNUM *tmp = NULL; + + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + + if (fbytes_counter >= 8) + return 0; + tmp = BN_new(); + if (!tmp) + return 0; + if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) { + BN_free(tmp); + return 0; + } + fbytes_counter++; + if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf)) + ret = 0; + else + ret = 1; + BN_free(tmp); + return ret; +} + +/* some tests from the X9.62 draft */ +int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) +{ + int ret = 0; + const char message[] = "abc"; + unsigned char digest[20]; + unsigned int dgst_len = 0; + EVP_MD_CTX md_ctx; + EC_KEY *key = NULL; + ECDSA_SIG *signature = NULL; + BIGNUM *r = NULL, *s = NULL; + BIGNUM *kinv = NULL, *rp = NULL; + + EVP_MD_CTX_init(&md_ctx); + /* get the message digest */ + if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) + || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) + || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) + goto x962_int_err; + + BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); + /* create the key */ + if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) + goto x962_int_err; + use_fake = 1; + if (!EC_KEY_generate_key(key)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* create the signature */ + use_fake = 1; + /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ + if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) + goto x962_int_err; + signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); + if (signature == NULL) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* compare the created signature with the expected signature */ + if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) + goto x962_int_err; + if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) + goto x962_int_err; + if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s)) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify the signature */ + if (ECDSA_do_verify(digest, 20, signature, key) != 1) + goto x962_int_err; + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + ret = 1; + x962_int_err: + if (!ret) + BIO_printf(out, " failed\n"); + EC_KEY_free(key); + if (signature) + ECDSA_SIG_free(signature); + if (r) + BN_free(r); + if (s) + BN_free(s); + EVP_MD_CTX_cleanup(&md_ctx); + if (kinv) + BN_clear_free(kinv); + if (rp) + BN_clear_free(rp); + return ret; +} + +int x9_62_tests(BIO *out) +{ + int ret = 0; + + BIO_printf(out, "some tests from X9.62:\n"); + + /* set own rand method */ + if (!change_rand()) + goto x962_err; + + if (!x9_62_test_internal(out, NID_X9_62_prime192v1, + "3342403536405981729393488334694600415596881826869351677613", + "5735822328888155254683894997897571951568553642892029982342")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_prime239v1, + "3086361431751678114926225473006680188549593787585317781474" + "62058306432176", + "3238135532097973577080787768312505059318910517550078427819" + "78505179448783")) + goto x962_err; +# ifndef OPENSSL_NO_EC2M + if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1, + "87194383164871543355722284926904419997237591535066528048", + "308992691965804947361541664549085895292153777025772063598")) + goto x962_err; + if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1, + "2159633321041961198501834003903461262881815148684178964245" + "5876922391552", + "1970303740007316867383349976549972270528498040721988191026" + "49413465737174")) + goto x962_err; +# endif + ret = 1; + x962_err: + if (!restore_rand()) + ret = 0; + return ret; +} + +int test_builtin(BIO *out) +{ + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + EC_KEY *eckey = NULL, *wrong_eckey = NULL; + EC_GROUP *group; + ECDSA_SIG *ecdsa_sig = NULL; + unsigned char digest[20], wrong_digest[20]; + unsigned char *signature = NULL; + const unsigned char *sig_ptr; + unsigned char *sig_ptr2; + unsigned char *raw_buf = NULL; + unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; + int nid, ret = 0; + + /* fill digest values with some random data */ + if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) { + BIO_printf(out, "ERROR: unable to get random data\n"); + goto builtin_err; + } + + /* + * create and verify a ecdsa signature with every availble curve (with ) + */ + BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " + "with some internal curves:\n"); + + /* get a list of all internal curves */ + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) { + BIO_printf(out, "malloc error\n"); + goto builtin_err; + } + + if (!EC_get_builtin_curves(curves, crv_len)) { + BIO_printf(out, "unable to get internal curves\n"); + goto builtin_err; + } + + /* now create and verify a signature for every curve */ + for (n = 0; n < crv_len; n++) { + unsigned char dirt, offset; + + nid = curves[n].nid; + if (nid == NID_ipsec4) + continue; + /* create new ecdsa key (== EC_KEY) */ + if ((eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); + if (degree < 160) { + /* drop the curve */ + EC_KEY_free(eckey); + eckey = NULL; + continue; + } + BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); + /* create key */ + if (!EC_KEY_generate_key(eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* create second key */ + if ((wrong_eckey = EC_KEY_new()) == NULL) + goto builtin_err; + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) + goto builtin_err; + if (EC_KEY_set_group(wrong_eckey, group) == 0) + goto builtin_err; + EC_GROUP_free(group); + if (!EC_KEY_generate_key(wrong_eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + BIO_printf(out, "."); + (void)BIO_flush(out); + /* check key */ + if (!EC_KEY_check_key(eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* create signature */ + sig_len = ECDSA_size(eckey); + if ((signature = OPENSSL_malloc(sig_len)) == NULL) + goto builtin_err; + if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify signature */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* verify signature with the wrong key */ + if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* wrong digest */ + if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + /* wrong length */ + if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + + /* + * Modify a single byte of the signature: to ensure we don't garble + * the ASN1 structure, we read the raw signature and modify a byte in + * one of the bignums directly. + */ + sig_ptr = signature; + if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + + /* Store the two BIGNUMs in raw_buf. */ + r_len = BN_num_bytes(ecdsa_sig->r); + s_len = BN_num_bytes(ecdsa_sig->s); + bn_len = (degree + 7) / 8; + if ((r_len > bn_len) || (s_len > bn_len)) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + buf_len = 2 * bn_len; + if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) + goto builtin_err; + /* Pad the bignums with leading zeroes. */ + memset(raw_buf, 0, buf_len); + BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); + BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); + + /* Modify a single byte in the buffer. */ + offset = raw_buf[10] % buf_len; + dirt = raw_buf[11] ? raw_buf[11] : 1; + raw_buf[offset] ^= dirt; + /* Now read the BIGNUMs back in from raw_buf. */ + if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || + (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) + goto builtin_err; + + sig_ptr2 = signature; + sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + /* + * Sanity check: undo the modification and verify signature. + */ + raw_buf[offset] ^= dirt; + if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || + (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) + goto builtin_err; + + sig_ptr2 = signature; + sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); + if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { + BIO_printf(out, " failed\n"); + goto builtin_err; + } + BIO_printf(out, "."); + (void)BIO_flush(out); + + BIO_printf(out, " ok\n"); + /* cleanup */ + /* clean bogus errors */ + ERR_clear_error(); + OPENSSL_free(signature); + signature = NULL; + EC_KEY_free(eckey); + eckey = NULL; + EC_KEY_free(wrong_eckey); + wrong_eckey = NULL; + ECDSA_SIG_free(ecdsa_sig); + ecdsa_sig = NULL; + OPENSSL_free(raw_buf); + raw_buf = NULL; + } + + ret = 1; + builtin_err: + EC_KEY_free(eckey); + EC_KEY_free(wrong_eckey); + if (ecdsa_sig) + ECDSA_SIG_free(ecdsa_sig); + if (signature) + OPENSSL_free(signature); + if (raw_buf) + OPENSSL_free(raw_buf); + if (curves) + OPENSSL_free(curves); + + return ret; +} + +int main(void) +{ + int ret = 1; + BIO *out; + + out = BIO_new_fp(stdout, BIO_NOCLOSE); + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && + (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } else { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* initialize the prng */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); + + /* the tests */ + if (!x9_62_tests(out)) + goto err; + if (!test_builtin(out)) + goto err; + + ret = 0; + err: + if (ret) + BIO_printf(out, "\nECDSA test failed\n"); + else + BIO_printf(out, "\nECDSA test passed\n"); + if (ret) + ERR_print_errors(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks(out); + BIO_free(out); + return ret; +} +#endif diff --git a/test/ectest.c b/test/ectest.c new file mode 100644 index 0000000000..79ec21f820 --- /dev/null +++ b/test/ectest.c @@ -0,0 +1,1682 @@ +/* crypto/ec/ectest.c */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#ifdef FLAT_INC +# include "e_os.h" +#else +# include "../e_os.h" +#endif +#include <string.h> +#include <time.h> + +#ifdef OPENSSL_NO_EC +int main(int argc, char *argv[]) +{ + puts("Elliptic curves are disabled."); + return 0; +} +#else + +# include <openssl/ec.h> +# ifndef OPENSSL_NO_ENGINE +# include <openssl/engine.h> +# endif +# include <openssl/err.h> +# include <openssl/obj_mac.h> +# include <openssl/objects.h> +# include <openssl/rand.h> +# include <openssl/bn.h> +# include <openssl/opensslconf.h> + +# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12) +/* suppress "too big too optimize" warning */ +# pragma warning(disable:4959) +# endif + +# define ABORT do { \ + fflush(stdout); \ + fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ + ERR_print_errors_fp(stderr); \ + EXIT(1); \ +} while (0) + +# define TIMING_BASE_PT 0 +# define TIMING_RAND_PT 1 +# define TIMING_SIMUL 2 + +/* test multiplication with group order, long and negative scalars */ +static void group_order_tests(EC_GROUP *group) +{ + BIGNUM *n1, *n2, *order; + EC_POINT *P = EC_POINT_new(group); + EC_POINT *Q = EC_POINT_new(group); + BN_CTX *ctx = BN_CTX_new(); + int i; + + n1 = BN_new(); + n2 = BN_new(); + order = BN_new(); + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, order, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + fprintf(stdout, " ok\n"); + fprintf(stdout, "long/negative scalar tests "); + for (i = 1; i <= 2; i++) { + const BIGNUM *scalars[6]; + const EC_POINT *points[6]; + + fprintf(stdout, i == 1 ? + "allowing precomputation ... " : + "without precomputation ... "); + if (!BN_set_word(n1, i)) + ABORT; + /* + * If i == 1, P will be the predefined generator for which + * EC_GROUP_precompute_mult has set up precomputation. + */ + if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + ABORT; + + if (!BN_one(n1)) + ABORT; + /* n1 = 1 - order */ + if (!BN_sub(n1, n1, order)) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = 1 + order */ + if (!BN_add(n2, order, BN_value_one())) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = (1 - order) * (1 + order) = 1 - order^2 */ + if (!BN_mul(n2, n1, n2, ctx)) + ABORT; + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, Q, P, ctx)) + ABORT; + + /* n2 = order^2 - 1 */ + BN_set_negative(n2, 0); + if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) + ABORT; + /* Add P to verify the result. */ + if (!EC_POINT_add(group, Q, Q, P, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) + ABORT; + + /* Exercise EC_POINTs_mul, including corner cases. */ + if (EC_POINT_is_at_infinity(group, P)) + ABORT; + scalars[0] = n1; + points[0] = Q; /* => infinity */ + scalars[1] = n2; + points[1] = P; /* => -P */ + scalars[2] = n1; + points[2] = Q; /* => infinity */ + scalars[3] = n2; + points[3] = Q; /* => infinity */ + scalars[4] = n1; + points[4] = P; /* => P */ + scalars[5] = n2; + points[5] = Q; /* => infinity */ + if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + } + fprintf(stdout, "ok\n"); + + EC_POINT_free(P); + EC_POINT_free(Q); + BN_free(n1); + BN_free(n2); + BN_free(order); + BN_CTX_free(ctx); +} + +static void prime_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p, *a, *b; + EC_GROUP *group; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = + NULL, *P_384 = NULL, *P_521 = NULL; + EC_POINT *P, *Q, *R; + BIGNUM *x, *y, *z; + unsigned char buf[100]; + size_t i, len; + int k; + + ctx = BN_CTX_new(); + if (!ctx) + ABORT; + + p = BN_new(); + a = BN_new(); + b = BN_new(); + if (!p || !a || !b) + ABORT; + + if (!BN_hex2bn(&p, "17")) + ABORT; + if (!BN_hex2bn(&a, "1")) + ABORT; + if (!BN_hex2bn(&b, "1")) + ABORT; + + group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use + * EC_GROUP_new_curve_GFp so + * that the library gets to + * choose the EC_METHOD */ + if (!group) + ABORT; + + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + { + EC_GROUP *tmp; + tmp = EC_GROUP_new(EC_GROUP_method_of(group)); + if (!tmp) + ABORT; + if (!EC_GROUP_copy(tmp, group)) + ABORT; + EC_GROUP_free(group); + group = tmp; + } + + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) + ABORT; + + fprintf(stdout, + "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, ")\n a = 0x"); + BN_print_fp(stdout, a); + fprintf(stdout, "\n b = 0x"); + BN_print_fp(stdout, b); + fprintf(stdout, "\n"); + + P = EC_POINT_new(group); + Q = EC_POINT_new(group); + R = EC_POINT_new(group); + if (!P || !Q || !R) + ABORT; + + if (!EC_POINT_set_to_infinity(group, P)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + buf[0] = 0; + if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) + ABORT; + + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + x = BN_new(); + y = BN_new(); + z = BN_new(); + if (!x || !y || !z) + ABORT; + + if (!BN_hex2bn(&x, "D")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) + ABORT; + fprintf(stderr, "Point is not on curve: x = 0x"); + BN_print_fp(stderr, x); + fprintf(stderr, ", y = 0x"); + BN_print_fp(stderr, y); + fprintf(stderr, "\n"); + ABORT; + } + + fprintf(stdout, "A cyclic subgroup:\n"); + k = 100; + do { + if (k-- == 0) + ABORT; + + if (EC_POINT_is_at_infinity(group, P)) + fprintf(stdout, " point at infinity\n"); + else { + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + + fprintf(stdout, " x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + } + + if (!EC_POINT_copy(R, P)) + ABORT; + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + + } + while (!EC_POINT_is_at_infinity(group, P)); + + if (!EC_POINT_add(group, P, Q, R, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, + sizeof buf, ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "Generator as octet string, compressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, + sizeof buf, ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + + if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) + ABORT; + fprintf(stdout, + "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", Y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, ", Z = 0x"); + BN_print_fp(stdout, z); + fprintf(stdout, "\n"); + + if (!EC_POINT_invert(group, P, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + + /* + * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, + * 2000) -- not a NIST curve, but commonly used + */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) + ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_160, group)) + ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 192) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_192, group)) + ABORT; + + /* Curve P-224 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn + (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn + (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) + ABORT; + if (!BN_hex2bn + (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn + (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn + (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn + (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 224) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_224, group)) + ABORT; + + /* Curve P-256 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn + (&p, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn + (&a, + "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn + (&b, + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn + (&x, + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" + "84F3B9CAC2FC632551")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn + (&z, + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 256) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_256, group)) + ABORT; + + /* Curve P-384 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" + "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" + "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" + "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 384) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_384, group)) + ABORT; + + /* Curve P-521 (FIPS PUB 186-2, App. 6) */ + + if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) + ABORT; + if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" + "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" + "DF883D2C34F1EF451FD46B503F00")) + ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + ABORT; + + if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" + "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" + "3C1856A429BF97E7E31C2E5BD66")) + ABORT; + if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" + "C9B8899C47AEBB6FB71E91386409")) + ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) + ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) + ABORT; + fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" + "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" + "7086A272C24088BE94769FD16650")) + ABORT; + if (0 != BN_cmp(y, z)) + ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 521) + ABORT; + fprintf(stdout, " ok\n"); + + group_order_tests(group); + + if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) + ABORT; + if (!EC_GROUP_copy(P_521, group)) + ABORT; + + /* more tests using the last curve */ + + if (!EC_POINT_copy(Q, P)) + ABORT; + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + if (!EC_POINT_dbl(group, P, P, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!EC_POINT_invert(group, Q, ctx)) + ABORT; /* P = -2Q */ + + if (!EC_POINT_add(group, R, P, Q, ctx)) + ABORT; + if (!EC_POINT_add(group, R, R, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, R)) + ABORT; /* R = P + 2Q */ + + { + const EC_POINT *points[4]; + const BIGNUM *scalars[4]; + BIGNUM *scalar3; + + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + points[0] = Q; + points[1] = Q; + points[2] = Q; + points[3] = Q; + + if (!EC_GROUP_get_order(group, z, ctx)) + ABORT; + if (!BN_add(y, z, BN_value_one())) + ABORT; + if (BN_is_odd(y)) + ABORT; + if (!BN_rshift1(y, y)) + ABORT; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + fprintf(stdout, "combined multiplication ..."); + fflush(stdout); + + /* z is still the group order */ + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, Q, ctx)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + ABORT; + if (!BN_add(z, z, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + ABORT; + if (!BN_add(z, x, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + scalar3 = BN_new(); + if (!scalar3) + ABORT; + BN_zero(scalar3); + scalars[3] = scalar3; + + if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, " ok\n\n"); + + BN_free(scalar3); + } + + if (ctx) + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + + EC_GROUP_free(P_160); + EC_GROUP_free(P_192); + EC_GROUP_free(P_224); + EC_GROUP_free(P_256); + EC_GROUP_free(P_384); + EC_GROUP_free(P_521); + +} + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP +# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); \ + /* G_y value taken from the standard: */ \ + if (!BN_hex2bn(&z, _y)) ABORT; \ + if (0 != BN_cmp(y, z)) ABORT; +# else +# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&x, _x)) ABORT; \ + if (!BN_hex2bn(&y, _y)) ABORT; \ + if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (!BN_hex2bn(&z, _order)) ABORT; \ + if (!BN_hex2bn(&cof, _cof)) ABORT; \ + if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ + fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \ + BN_print_fp(stdout, x); \ + fprintf(stdout, "\n y = 0x"); \ + BN_print_fp(stdout, y); \ + fprintf(stdout, "\n"); +# endif + +# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + if (!BN_hex2bn(&p, _p)) ABORT; \ + if (!BN_hex2bn(&a, _a)) ABORT; \ + if (!BN_hex2bn(&b, _b)) ABORT; \ + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \ + CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ + fprintf(stdout, "verify degree ..."); \ + if (EC_GROUP_get_degree(group) != _degree) ABORT; \ + fprintf(stdout, " ok\n"); \ + group_order_tests(group); \ + if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \ + if (!EC_GROUP_copy(_variable, group)) ABORT; \ + +# ifndef OPENSSL_NO_EC2M + +static void char2_field_tests(void) +{ + BN_CTX *ctx = NULL; + BIGNUM *p, *a, *b; + EC_GROUP *group; + EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = + NULL, *C2_K571 = NULL; + EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = + NULL, *C2_B571 = NULL; + EC_POINT *P, *Q, *R; + BIGNUM *x, *y, *z, *cof; + unsigned char buf[100]; + size_t i, len; + int k; + + ctx = BN_CTX_new(); + if (!ctx) + ABORT; + + p = BN_new(); + a = BN_new(); + b = BN_new(); + if (!p || !a || !b) + ABORT; + + if (!BN_hex2bn(&p, "13")) + ABORT; + if (!BN_hex2bn(&a, "3")) + ABORT; + if (!BN_hex2bn(&b, "1")) + ABORT; + + group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use + * EC_GROUP_new_curve_GF2m + * so that the library gets + * to choose the EC_METHOD */ + if (!group) + ABORT; + if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) + ABORT; + + { + EC_GROUP *tmp; + tmp = EC_GROUP_new(EC_GROUP_method_of(group)); + if (!tmp) + ABORT; + if (!EC_GROUP_copy(tmp, group)) + ABORT; + EC_GROUP_free(group); + group = tmp; + } + + if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) + ABORT; + + fprintf(stdout, + "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, ")\n a = 0x"); + BN_print_fp(stdout, a); + fprintf(stdout, "\n b = 0x"); + BN_print_fp(stdout, b); + fprintf(stdout, "\n(0x... means binary polynomial)\n"); + + P = EC_POINT_new(group); + Q = EC_POINT_new(group); + R = EC_POINT_new(group); + if (!P || !Q || !R) + ABORT; + + if (!EC_POINT_set_to_infinity(group, P)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + buf[0] = 0; + if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) + ABORT; + + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + x = BN_new(); + y = BN_new(); + z = BN_new(); + cof = BN_new(); + if (!x || !y || !z || !cof) + ABORT; + + if (!BN_hex2bn(&x, "6")) + ABORT; +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) + ABORT; +# else + if (!BN_hex2bn(&y, "8")) + ABORT; + if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) + ABORT; +# endif + if (!EC_POINT_is_on_curve(group, Q, ctx)) { +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) + ABORT; +# endif + fprintf(stderr, "Point is not on curve: x = 0x"); + BN_print_fp(stderr, x); + fprintf(stderr, ", y = 0x"); + BN_print_fp(stderr, y); + fprintf(stderr, "\n"); + ABORT; + } + + fprintf(stdout, "A cyclic subgroup:\n"); + k = 100; + do { + if (k-- == 0) + ABORT; + + if (EC_POINT_is_at_infinity(group, P)) + fprintf(stdout, " point at infinity\n"); + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) + ABORT; + + fprintf(stdout, " x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, ", y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + } + + if (!EC_POINT_copy(R, P)) + ABORT; + if (!EC_POINT_add(group, P, P, Q, ctx)) + ABORT; + } + while (!EC_POINT_is_at_infinity(group, P)); + + if (!EC_POINT_add(group, P, Q, R, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, + sizeof buf, ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "Generator as octet string, compressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); +# endif + + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, + sizeof buf, ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); + +/* Change test based on whether binary point compression is enabled or not. */ +# ifdef OPENSSL_EC_BIN_PT_COMP + len = + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + ctx); + if (len == 0) + ABORT; + if (!EC_POINT_oct2point(group, P, buf, len, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, Q, ctx)) + ABORT; + fprintf(stdout, "\nGenerator as octet string, hybrid form:\n "); + for (i = 0; i < len; i++) + fprintf(stdout, "%02X", buf[i]); +# endif + + fprintf(stdout, "\n"); + + if (!EC_POINT_invert(group, P, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + + /* Curve K-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-163", + "0800000000000000000000000000000000000000C9", + "1", + "1", + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", + "0289070FB05D38FF58321F2E800536D538CCDAA3D9", + 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163); + + /* Curve B-163 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-163", + "0800000000000000000000000000000000000000C9", + "1", + "020A601907B8C953CA1481EB10512F78744A3205FD", + "03F0EBA16286A2D57EA0991168D4994637E8343E36", + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", + 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163); + + /* Curve K-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-233", + "020000000000000000000000000000000000000004000000000000000001", + "0", + "1", + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", + 0, + "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", + "4", 233, C2_K233); + + /* Curve B-233 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-233", + "020000000000000000000000000000000000000004000000000000000001", + "000000000000000000000000000000000000000000000000000000000001", + "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", + 1, + "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", + "2", 233, C2_B233); + + /* Curve K-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "0", + "1", + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836", + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259", + 0, + "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61", + "4", 283, C2_K283); + + /* Curve B-283 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-283", + "0800000000000000000000000000000000000000000000000000000000000000000010A1", + "000000000000000000000000000000000000000000000000000000000000000000000001", + "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5", + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053", + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307", + "2", 283, C2_B283); + + /* Curve K-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "0", + "1", + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746", + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B", + 1, + "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", + "4", 409, C2_K409); + + /* Curve B-409 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-409", + "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001", + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F", + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7", + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706", + 1, + "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173", + "2", 409, C2_B409); + + /* Curve K-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve K-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "0", + "1", + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972", + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3", + 0, + "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001", + "4", 571, C2_K571); + + /* Curve B-571 (FIPS PUB 186-2, App. 6) */ + CHAR2_CURVE_TEST + ("NIST curve B-571", + "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425", + "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A", + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19", + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B", + 1, + "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47", + "2", 571, C2_B571); + + /* more tests using the last curve */ + + if (!EC_POINT_copy(Q, P)) + ABORT; + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + if (!EC_POINT_dbl(group, P, P, ctx)) + ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) + ABORT; + if (!EC_POINT_invert(group, Q, ctx)) + ABORT; /* P = -2Q */ + + if (!EC_POINT_add(group, R, P, Q, ctx)) + ABORT; + if (!EC_POINT_add(group, R, R, Q, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, R)) + ABORT; /* R = P + 2Q */ + + { + const EC_POINT *points[3]; + const BIGNUM *scalars[3]; + + if (EC_POINT_is_at_infinity(group, Q)) + ABORT; + points[0] = Q; + points[1] = Q; + points[2] = Q; + + if (!BN_add(y, z, BN_value_one())) + ABORT; + if (BN_is_odd(y)) + ABORT; + if (!BN_rshift1(y, y)) + ABORT; + scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ + scalars[1] = y; + + fprintf(stdout, "combined multiplication ..."); + fflush(stdout); + + /* z is still the group order */ + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, P, R, ctx)) + ABORT; + if (0 != EC_POINT_cmp(group, R, Q, ctx)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) + ABORT; + if (!BN_add(z, z, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = y; + scalars[1] = z; /* z = -(order + y) */ + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) + ABORT; + if (!BN_add(z, x, y)) + ABORT; + BN_set_negative(z, 1); + scalars[0] = x; + scalars[1] = y; + scalars[2] = z; /* z = -(x+y) */ + + if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) + ABORT; + if (!EC_POINT_is_at_infinity(group, P)) + ABORT; + + fprintf(stdout, " ok\n\n"); + } + + if (ctx) + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + EC_GROUP_free(group); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(R); + BN_free(x); + BN_free(y); + BN_free(z); + BN_free(cof); + + EC_GROUP_free(C2_K163); + EC_GROUP_free(C2_B163); + EC_GROUP_free(C2_K233); + EC_GROUP_free(C2_B233); + EC_GROUP_free(C2_K283); + EC_GROUP_free(C2_B283); + EC_GROUP_free(C2_K409); + EC_GROUP_free(C2_B409); + EC_GROUP_free(C2_K571); + EC_GROUP_free(C2_B571); + +} +# endif + +static void internal_curve_test(void) +{ + EC_builtin_curve *curves = NULL; + size_t crv_len = 0, n = 0; + int ok = 1; + + crv_len = EC_get_builtin_curves(NULL, 0); + + curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); + + if (curves == NULL) + return; + + if (!EC_get_builtin_curves(curves, crv_len)) { + OPENSSL_free(curves); + return; + } + + fprintf(stdout, "testing internal curves: "); + + for (n = 0; n < crv_len; n++) { + EC_GROUP *group = NULL; + int nid = curves[n].nid; + if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { + ok = 0; + fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + /* try next curve */ + continue; + } + if (!EC_GROUP_check(group, NULL)) { + ok = 0; + fprintf(stdout, "\nEC_GROUP_check() failed with" + " curve %s\n", OBJ_nid2sn(nid)); + EC_GROUP_free(group); + /* try the next curve */ + continue; + } + fprintf(stdout, "."); + fflush(stdout); + EC_GROUP_free(group); + } + if (ok) + fprintf(stdout, " ok\n\n"); + else { + fprintf(stdout, " failed\n\n"); + ABORT; + } + OPENSSL_free(curves); + return; +} + +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/* + * nistp_test_params contains magic numbers for testing our optimized + * implementations of several NIST curves with characteristic > 3. + */ +struct nistp_test_params { + const EC_METHOD *(*meth) (); + int degree; + /* + * Qx, Qy and D are taken from + * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * Otherwise, values are standard curve parameters from FIPS 180-3 + */ + const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; +}; + +static const struct nistp_test_params nistp_tests_params[] = { + { + /* P-224 */ + EC_GFp_nistp224_method, + 224, + /* p */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", + /* a */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", + /* b */ + "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", + /* Qx */ + "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", + /* Qy */ + "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", + /* Gx */ + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", + /* Gy */ + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", + /* order */ + "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", + /* d */ + "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", + }, + { + /* P-256 */ + EC_GFp_nistp256_method, + 256, + /* p */ + "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", + /* a */ + "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", + /* b */ + "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", + /* Qx */ + "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", + /* Qy */ + "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", + /* Gx */ + "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", + /* Gy */ + "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", + /* order */ + "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", + /* d */ + "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", + }, + { + /* P-521 */ + EC_GFp_nistp521_method, + 521, + /* p */ + "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + /* a */ + "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", + /* b */ + "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", + /* Qx */ + "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", + /* Qy */ + "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", + /* Gx */ + "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", + /* Gy */ + "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", + /* order */ + "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", + /* d */ + "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", + }, +}; + +static void nistp_single_test(const struct nistp_test_params *test) +{ + BN_CTX *ctx; + BIGNUM *p, *a, *b, *x, *y, *n, *m, *order; + EC_GROUP *NISTP; + EC_POINT *G, *P, *Q, *Q_CHECK; + + fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", + test->degree); + ctx = BN_CTX_new(); + p = BN_new(); + a = BN_new(); + b = BN_new(); + x = BN_new(); + y = BN_new(); + m = BN_new(); + n = BN_new(); + order = BN_new(); + + NISTP = EC_GROUP_new(test->meth()); + if (!NISTP) + ABORT; + if (!BN_hex2bn(&p, test->p)) + ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) + ABORT; + if (!BN_hex2bn(&a, test->a)) + ABORT; + if (!BN_hex2bn(&b, test->b)) + ABORT; + if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) + ABORT; + G = EC_POINT_new(NISTP); + P = EC_POINT_new(NISTP); + Q = EC_POINT_new(NISTP); + Q_CHECK = EC_POINT_new(NISTP); + if (!BN_hex2bn(&x, test->Qx)) + ABORT; + if (!BN_hex2bn(&y, test->Qy)) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) + ABORT; + if (!BN_hex2bn(&x, test->Gx)) + ABORT; + if (!BN_hex2bn(&y, test->Gy)) + ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) + ABORT; + if (!BN_hex2bn(&order, test->order)) + ABORT; + if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + ABORT; + + fprintf(stdout, "verify degree ... "); + if (EC_GROUP_get_degree(NISTP) != test->degree) + ABORT; + fprintf(stdout, "ok\n"); + + fprintf(stdout, "NIST test vectors ... "); + if (!BN_hex2bn(&n, test->d)) + ABORT; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* set generator to P = 2*G, where G is the standard generator */ + if (!EC_POINT_dbl(NISTP, P, G, ctx)) + ABORT; + if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) + ABORT; + /* set the scalar to m=n/2, where n is the NIST test scalar */ + if (!BN_rshift(m, n, 1)) + ABORT; + + /* test the non-standard generator */ + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* now repeat all tests with precomputation */ + if (!EC_GROUP_precompute_mult(NISTP, ctx)) + ABORT; + + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, P, m, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + /* reset generator */ + if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) + ABORT; + /* fixed point multiplication */ + EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + /* random point multiplication */ + EC_POINT_mul(NISTP, Q, NULL, G, n, ctx); + if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) + ABORT; + + fprintf(stdout, "ok\n"); + group_order_tests(NISTP); + EC_GROUP_free(NISTP); + EC_POINT_free(G); + EC_POINT_free(P); + EC_POINT_free(Q); + EC_POINT_free(Q_CHECK); + BN_free(n); + BN_free(m); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(x); + BN_free(y); + BN_free(order); + BN_CTX_free(ctx); +} + +static void nistp_tests() +{ + unsigned i; + + for (i = 0; + i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); + i++) { + nistp_single_test(&nistp_tests_params[i]); + } +} +# endif + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) +{ + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) + && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } else { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + ERR_load_crypto_strings(); + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + + prime_field_tests(); + puts(""); +# ifndef OPENSSL_NO_EC2M + char2_field_tests(); +# endif +# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + nistp_tests(); +# endif + /* test the internal curves */ + internal_curve_test(); + +# ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); +# endif + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + ERR_remove_thread_state(NULL); + CRYPTO_mem_leaks_fp(stderr); + + return 0; +} +#endif diff --git a/test/enginetest.c b/test/enginetest.c new file mode 100644 index 0000000000..ab7c0c00dd --- /dev/null +++ b/test/enginetest.c @@ -0,0 +1,269 @@ +/* crypto/engine/enginetest.c */ +/* + * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project + * 2000. + */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <string.h> +#include <openssl/e_os2.h> + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return (0); +} +#else +# include <openssl/buffer.h> +# include <openssl/crypto.h> +# include <openssl/engine.h> +# include <openssl/err.h> + +static void display_engine_list(void) +{ + ENGINE *h; + int loop; + + h = ENGINE_get_first(); + loop = 0; + printf("listing available engine types\n"); + while (h) { + printf("engine %i, id = \"%s\", name = \"%s\"\n", + loop++, ENGINE_get_id(h), ENGINE_get_name(h)); + h = ENGINE_get_next(h); + } + printf("end of list\n"); + /* + * ENGINE_get_first() increases the struct_ref counter, so we must call + * ENGINE_free() to decrease it again + */ + ENGINE_free(h); +} + +int main(int argc, char *argv[]) +{ + ENGINE *block[512]; + char buf[256]; + const char *id, *name; + ENGINE *ptr; + int loop; + int to_return = 1; + ENGINE *new_h1 = NULL; + ENGINE *new_h2 = NULL; + ENGINE *new_h3 = NULL; + ENGINE *new_h4 = NULL; + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) + && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } else { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + ERR_load_crypto_strings(); + + memset(block, 0, 512 * sizeof(ENGINE *)); + if (((new_h1 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h1, "test_id0") || + !ENGINE_set_name(new_h1, "First test item") || + ((new_h2 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h2, "test_id1") || + !ENGINE_set_name(new_h2, "Second test item") || + ((new_h3 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h3, "test_id2") || + !ENGINE_set_name(new_h3, "Third test item") || + ((new_h4 = ENGINE_new()) == NULL) || + !ENGINE_set_id(new_h4, "test_id3") || + !ENGINE_set_name(new_h4, "Fourth test item")) { + printf("Couldn't set up test ENGINE structures\n"); + goto end; + } + printf("\nenginetest beginning\n\n"); + display_engine_list(); + if (!ENGINE_add(new_h1)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + ptr = ENGINE_get_first(); + if (!ENGINE_remove(ptr)) { + printf("Remove failed!\n"); + goto end; + } + if (ptr) + ENGINE_free(ptr); + display_engine_list(); + if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_remove(new_h2)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_add(new_h4)) { + printf("Add failed!\n"); + goto end; + } + display_engine_list(); + if (ENGINE_add(new_h3)) { + printf("Add *should* have failed but didn't!\n"); + goto end; + } else + printf("Add that should fail did.\n"); + ERR_clear_error(); + if (ENGINE_remove(new_h2)) { + printf("Remove *should* have failed but didn't!\n"); + goto end; + } else + printf("Remove that should fail did.\n"); + ERR_clear_error(); + if (!ENGINE_remove(new_h3)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + if (!ENGINE_remove(new_h4)) { + printf("Remove failed!\n"); + goto end; + } + display_engine_list(); + /* + * Depending on whether there's any hardware support compiled in, this + * remove may be destined to fail. + */ + ptr = ENGINE_get_first(); + if (ptr) + if (!ENGINE_remove(ptr)) + printf("Remove failed!i - probably no hardware " + "support present.\n"); + if (ptr) + ENGINE_free(ptr); + display_engine_list(); + if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { + printf("Couldn't add and remove to an empty list!\n"); + goto end; + } else + printf("Successfully added and removed to an empty list!\n"); + printf("About to beef up the engine-type list\n"); + for (loop = 0; loop < 512; loop++) { + sprintf(buf, "id%i", loop); + id = BUF_strdup(buf); + sprintf(buf, "Fake engine type %i", loop); + name = BUF_strdup(buf); + if (((block[loop] = ENGINE_new()) == NULL) || + !ENGINE_set_id(block[loop], id) || + !ENGINE_set_name(block[loop], name)) { + printf("Couldn't create block of ENGINE structures.\n" + "I'll probably also core-dump now, damn.\n"); + goto end; + } + } + for (loop = 0; loop < 512; loop++) { + if (!ENGINE_add(block[loop])) { + printf("\nAdding stopped at %i, (%s,%s)\n", + loop, ENGINE_get_id(block[loop]), + ENGINE_get_name(block[loop])); + goto cleanup_loop; + } else + printf("."); + fflush(stdout); + } + cleanup_loop: + printf("\nAbout to empty the engine-type list\n"); + while ((ptr = ENGINE_get_first()) != NULL) { + if (!ENGINE_remove(ptr)) { + printf("\nRemove failed!\n"); + goto end; + } + ENGINE_free(ptr); + printf("."); + fflush(stdout); + } + for (loop = 0; loop < 512; loop++) { + OPENSSL_free((void *)ENGINE_get_id(block[loop])); + OPENSSL_free((void *)ENGINE_get_name(block[loop])); + } + printf("\nTests completed happily\n"); + to_return = 0; + end: + if (to_return) + ERR_print_errors_fp(stderr); + if (new_h1) + ENGINE_free(new_h1); + if (new_h2) + ENGINE_free(new_h2); + if (new_h3) + ENGINE_free(new_h3); + if (new_h4) + ENGINE_free(new_h4); + for (loop = 0; loop < 512; loop++) + if (block[loop]) + ENGINE_free(block[loop]); + ENGINE_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + ERR_remove_thread_state(NULL); + CRYPTO_mem_leaks_fp(stderr); + return to_return; +} +#endif diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c new file mode 100644 index 0000000000..567ed0f5f9 --- /dev/null +++ b/test/evp_extra_test.c @@ -0,0 +1,477 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/rsa.h> +#include <openssl/x509.h> + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const unsigned char kMsg[] = { 1, 2, 3, 4 }; + +static const unsigned char kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +#ifndef OPENSSL_NO_EC +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* + * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. The private key is equal to the order and will fail to import + */ +static const unsigned char kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; +#endif + +static EVP_PKEY *load_example_rsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleRSAKeyDER; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + return NULL; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { + goto out; + } + + ret = pkey; + pkey = NULL; + + out: + EVP_PKEY_free(pkey); + RSA_free(rsa); + + return ret; +} + +static int test_EVP_DigestSignInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + EVP_MD_CTX md_ctx, md_ctx_verify; + + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_init(&md_ctx_verify); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + goto out; + } + /* Determine the size of the signature. */ + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + goto out; + } + /* Sanity check for testing. */ + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + goto out; + } + + sig = OPENSSL_malloc(sig_len); + if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + goto out; + } + + /* Ensure that the signature round-trips. */ + if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + goto out; + } + + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(&md_ctx_verify); + EVP_PKEY_free(pkey); + if (sig) { + OPENSSL_free(sig); + } + + return ret; +} + +static int test_EVP_DigestVerifyInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX md_ctx; + + EVP_MD_CTX_init(&md_ctx); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { + goto out; + } + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + EVP_PKEY_free(pkey); + + return ret; +} + +static int test_d2i_AutoPrivateKey(const unsigned char *input, + size_t input_len, int expected_id) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + + done: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_PKEY_free(pkey); + return ret; +} + +#ifndef OPENSSL_NO_EC +/* Tests loading a bad key in PKCS8 format */ +static int test_EVP_PKCS82PKEY(void) +{ + int ret = 0; + const unsigned char *derp = kExampleBadECKeyDER; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey = NULL; + + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + goto done; + } + + pkey = EVP_PKCS82PKEY(p8inf); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + goto done; + } + + ret = 1; + + done: + if (p8inf != NULL) { + PKCS8_PRIV_KEY_INFO_free(p8inf); + } + + EVP_PKEY_free(pkey); + + return ret; +} +#endif + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + /* Load up the software EVP_CIPHER and EVP_MD definitions */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + + if (!test_EVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + return 1; + } + + if (!test_EVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey + (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + +#ifndef OPENSSL_NO_EC + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + + if (!test_EVP_PKCS82PKEY()) { + fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); + return 1; + } +#endif + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/test/evp_test.c b/test/evp_test.c new file mode 100644 index 0000000000..68d5bde300 --- /dev/null +++ b/test/evp_test.c @@ -0,0 +1,1255 @@ +/* evp_test.c */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#include <openssl/evp.h> +#include <openssl/pem.h> +#include <openssl/err.h> +#include <openssl/x509v3.h> + +/* Remove spaces from beginning and end of a string */ + +static void remove_space(char **pval) +{ + unsigned char *p = (unsigned char *)*pval; + + while (isspace(*p)) + p++; + + *pval = (char *)p; + + p = p + strlen(*pval) - 1; + + /* Remove trailing space */ + while (isspace(*p)) + *p-- = 0; +} + +/* + * Given a line of the form: + * name = value # comment + * extract name and value. NB: modifies passed buffer. + */ + +static int parse_line(char **pkw, char **pval, char *linebuf) +{ + char *p; + + p = linebuf + strlen(linebuf) - 1; + + if (*p != '\n') { + fprintf(stderr, "FATAL: missing EOL\n"); + exit(1); + } + + /* Look for # */ + + p = strchr(linebuf, '#'); + + if (p) + *p = '\0'; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no '=' exit */ + if (!p) + return 0; + + *p++ = '\0'; + + *pkw = linebuf; + *pval = p; + + /* Remove spaces from keyword and value */ + remove_space(pkw); + remove_space(pval); + + return 1; +} + +/* For a hex string "value" convert to a binary allocated buffer */ +static int test_bin(const char *value, unsigned char **buf, size_t *buflen) +{ + long len; + if (!*value) { + /* Don't return NULL for zero length buffer */ + *buf = OPENSSL_malloc(1); + if (!*buf) + return 0; + **buf = 0; + *buflen = 0; + return 1; + } + /* Check for string literal */ + if (value[0] == '"') { + size_t vlen; + value++; + vlen = strlen(value); + if (value[vlen - 1] != '"') + return 0; + vlen--; + *buf = BUF_memdup(value, vlen); + *buflen = vlen; + return 1; + } + *buf = string_to_hex(value, &len); + if (!*buf) { + fprintf(stderr, "Value=%s\n", value); + ERR_print_errors_fp(stderr); + return -1; + } + /* Size of input buffer means we'll never overflow */ + *buflen = len; + return 1; +} + +/* Structure holding test information */ +struct evp_test { + /* file being read */ + FILE *in; + /* List of public and private keys */ + struct key_list *private; + struct key_list *public; + /* method for this test */ + const struct evp_test_method *meth; + /* current line being processed */ + unsigned int line; + /* start line of current test */ + unsigned int start_line; + /* Error string for test */ + const char *err; + /* Expected error value of test */ + char *expected_err; + /* Number of tests */ + int ntests; + /* Error count */ + int errors; + /* Number of tests skipped */ + int nskip; + /* If output mismatch expected and got value */ + unsigned char *out_got; + unsigned char *out_expected; + size_t out_len; + /* test specific data */ + void *data; + /* Current test should be skipped */ + int skip; +}; + +struct key_list { + char *name; + EVP_PKEY *key; + struct key_list *next; +}; + +/* Test method structure */ +struct evp_test_method { + /* Name of test as it appears in file */ + const char *name; + /* Initialise test for "alg" */ + int (*init) (struct evp_test * t, const char *alg); + /* Clean up method */ + void (*cleanup) (struct evp_test * t); + /* Test specific name value pair processing */ + int (*parse) (struct evp_test * t, const char *name, const char *value); + /* Run the test itself */ + int (*run_test) (struct evp_test * t); +}; + +static const struct evp_test_method digest_test_method, cipher_test_method; +static const struct evp_test_method mac_test_method; +static const struct evp_test_method psign_test_method, pverify_test_method; +static const struct evp_test_method pdecrypt_test_method; +static const struct evp_test_method pverify_recover_test_method; + +static const struct evp_test_method *evp_test_list[] = { + &digest_test_method, + &cipher_test_method, + &mac_test_method, + &psign_test_method, + &pverify_test_method, + &pdecrypt_test_method, + &pverify_recover_test_method, + NULL +}; + +static const struct evp_test_method *evp_find_test(const char *name) +{ + const struct evp_test_method **tt; + for (tt = evp_test_list; *tt; tt++) { + if (!strcmp(name, (*tt)->name)) + return *tt; + } + return NULL; +} + +static void hex_print(const char *name, const unsigned char *buf, size_t len) +{ + size_t i; + fprintf(stderr, "%s ", name); + for (i = 0; i < len; i++) + fprintf(stderr, "%02X", buf[i]); + fputs("\n", stderr); +} + +static void free_expected(struct evp_test *t) +{ + if (t->expected_err) { + OPENSSL_free(t->expected_err); + t->expected_err = NULL; + } + if (t->out_expected) { + OPENSSL_free(t->out_expected); + OPENSSL_free(t->out_got); + t->out_expected = NULL; + t->out_got = NULL; + } +} + +static void print_expected(struct evp_test *t) +{ + if (t->out_expected == NULL) + return; + hex_print("Expected:", t->out_expected, t->out_len); + hex_print("Got: ", t->out_got, t->out_len); + free_expected(t); +} + +static int check_test_error(struct evp_test *t) +{ + if (!t->err && !t->expected_err) + return 1; + if (t->err && !t->expected_err) { + fprintf(stderr, "Test line %d: unexpected error %s\n", + t->start_line, t->err); + print_expected(t); + return 0; + } + if (!t->err && t->expected_err) { + fprintf(stderr, "Test line %d: succeeded expecting %s\n", + t->start_line, t->expected_err); + return 0; + } + if (!strcmp(t->err, t->expected_err)) + return 1; + + fprintf(stderr, "Test line %d: expecting %s got %s\n", + t->start_line, t->expected_err, t->err); + return 0; +} + +/* Setup a new test, run any existing test */ + +static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) +{ + /* If we already have a test set up run it */ + if (t->meth) { + t->ntests++; + if (t->skip) { + t->meth = tmeth; + t->nskip++; + return 1; + } + t->err = NULL; + if (t->meth->run_test(t) != 1) { + fprintf(stderr, "%s test error line %d\n", + t->meth->name, t->start_line); + return 0; + } + if (!check_test_error(t)) { + if (t->err) + ERR_print_errors_fp(stderr); + t->errors++; + } + ERR_clear_error(); + t->meth->cleanup(t); + OPENSSL_free(t->data); + t->data = NULL; + if (t->expected_err) { + OPENSSL_free(t->expected_err); + t->expected_err = NULL; + } + free_expected(t); + } + t->meth = tmeth; + return 1; +} + +static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) +{ + for (; lst; lst = lst->next) { + if (!strcmp(lst->name, name)) { + if (ppk) + *ppk = lst->key; + return 1; + } + } + return 0; +} + +static void free_key_list(struct key_list *lst) +{ + while (lst != NULL) { + struct key_list *ltmp; + EVP_PKEY_free(lst->key); + OPENSSL_free(lst->name); + ltmp = lst->next; + OPENSSL_free(lst); + lst = ltmp; + } +} + +static int check_unsupported() +{ + long err = ERR_peek_error(); + if (ERR_GET_LIB(err) == ERR_LIB_EVP + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + ERR_clear_error(); + return 1; + } + return 0; +} + +static int process_test(struct evp_test *t, char *buf, int verbose) +{ + char *keyword, *value; + int rv = 0, add_key = 0; + long save_pos; + struct key_list **lst, *key; + EVP_PKEY *pk = NULL; + const struct evp_test_method *tmeth; + if (verbose) + fputs(buf, stdout); + if (!parse_line(&keyword, &value, buf)) + return 1; + if (!strcmp(keyword, "PrivateKey")) { + save_pos = ftell(t->in); + pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL); + if (pk == NULL && !check_unsupported()) { + fprintf(stderr, "Error reading private key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->private; + add_key = 1; + } + if (!strcmp(keyword, "PublicKey")) { + save_pos = ftell(t->in); + pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL); + if (pk == NULL && !check_unsupported()) { + fprintf(stderr, "Error reading public key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->public; + add_key = 1; + } + /* If we have a key add to list */ + if (add_key) { + char tmpbuf[80]; + if (find_key(NULL, value, *lst)) { + fprintf(stderr, "Duplicate key %s\n", value); + return 0; + } + key = OPENSSL_malloc(sizeof(struct key_list)); + if (!key) + return 0; + key->name = BUF_strdup(value); + key->key = pk; + key->next = *lst; + *lst = key; + /* Rewind input, read to end and update line numbers */ + fseek(t->in, save_pos, SEEK_SET); + while (fgets(tmpbuf, sizeof(tmpbuf), t->in)) { + t->line++; + if (!strncmp(tmpbuf, "-----END", 8)) + return 1; + } + fprintf(stderr, "Can't find key end\n"); + return 0; + } + + /* See if keyword corresponds to a test start */ + tmeth = evp_find_test(keyword); + if (tmeth) { + if (!setup_test(t, tmeth)) + return 0; + t->start_line = t->line; + t->skip = 0; + if (!tmeth->init(t, value)) { + fprintf(stderr, "Unknown %s: %s\n", keyword, value); + return 0; + } + return 1; + } else if (t->skip) { + return 1; + } else if (!strcmp(keyword, "Result")) { + if (t->expected_err) { + fprintf(stderr, "Line %d: multiple result lines\n", t->line); + return 0; + } + t->expected_err = BUF_strdup(value); + if (!t->expected_err) + return 0; + } else { + /* Must be test specific line: try to parse it */ + if (t->meth) + rv = t->meth->parse(t, keyword, value); + + if (rv == 0) + fprintf(stderr, "line %d: unexpected keyword %s\n", + t->line, keyword); + + if (rv < 0) + fprintf(stderr, "line %d: error processing keyword %s\n", + t->line, keyword); + if (rv <= 0) + return 0; + } + return 1; +} + +static int check_output(struct evp_test *t, const unsigned char *expected, + const unsigned char *got, size_t len) +{ + if (!memcmp(expected, got, len)) + return 0; + t->out_expected = BUF_memdup(expected, len); + t->out_got = BUF_memdup(got, len); + t->out_len = len; + if (t->out_expected == NULL || t->out_got == NULL) { + fprintf(stderr, "Memory allocation error!\n"); + exit(1); + } + return 1; +} + +int main(int argc, char **argv) +{ + FILE *in = NULL; + char buf[10240]; + struct evp_test t; + + if (argc != 2) { + fprintf(stderr, "usage: evp_test testfile.txt\n"); + return 1; + } + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + + memset(&t, 0, sizeof(t)); + t.meth = NULL; + t.public = NULL; + t.private = NULL; + t.err = NULL; + t.line = 0; + t.start_line = -1; + t.errors = 0; + t.ntests = 0; + t.out_expected = NULL; + t.out_got = NULL; + t.out_len = 0; + in = fopen(argv[1], "r"); + t.in = in; + while (fgets(buf, sizeof(buf), in)) { + t.line++; + if (!process_test(&t, buf, 0)) + exit(1); + } + /* Run any final test we have */ + if (!setup_test(&t, NULL)) + exit(1); + fprintf(stderr, "%d tests completed with %d errors, %d skipped\n", + t.ntests, t.errors, t.nskip); + free_key_list(t.public); + free_key_list(t.private); + fclose(in); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + if (t.errors) + return 1; + return 0; +} + +static void test_free(void *d) +{ + if (d) + OPENSSL_free(d); +} + +/* Message digest tests */ + +struct digest_data { + /* Digest this test is for */ + const EVP_MD *digest; + /* Input to digest */ + unsigned char *input; + size_t input_len; + /* Repeat count for input */ + size_t nrpt; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +static int digest_test_init(struct evp_test *t, const char *alg) +{ + const EVP_MD *digest; + struct digest_data *mdat = t->data; + digest = EVP_get_digestbyname(alg); + if (!digest) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; + } + mdat = OPENSSL_malloc(sizeof(struct digest_data)); + mdat->digest = digest; + mdat->input = NULL; + mdat->output = NULL; + mdat->nrpt = 1; + t->data = mdat; + return 1; +} + +static void digest_test_cleanup(struct evp_test *t) +{ + struct digest_data *mdat = t->data; + test_free(mdat->input); + test_free(mdat->output); +} + +static int digest_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct digest_data *mdata = t->data; + if (!strcmp(keyword, "Input")) + return test_bin(value, &mdata->input, &mdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &mdata->output, &mdata->output_len); + if (!strcmp(keyword, "Count")) { + long nrpt = atoi(value); + if (nrpt <= 0) + return 0; + mdata->nrpt = (size_t)nrpt; + return 1; + } + return 0; +} + +static int digest_test_run(struct evp_test *t) +{ + struct digest_data *mdata = t->data; + size_t i; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_len; + mctx = EVP_MD_CTX_create(); + if (!mctx) + goto err; + err = "DIGESTINIT_ERROR"; + if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) + goto err; + err = "DIGESTUPDATE_ERROR"; + for (i = 0; i < mdata->nrpt; i++) { + if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + } + err = "DIGESTFINAL_ERROR"; + if (!EVP_DigestFinal(mctx, md, &md_len)) + goto err; + err = "DIGEST_LENGTH_MISMATCH"; + if (md_len != mdata->output_len) + goto err; + err = "DIGEST_MISMATCH"; + if (check_output(t, mdata->output, md, md_len)) + goto err; + err = NULL; + err: + if (mctx) + EVP_MD_CTX_destroy(mctx); + t->err = err; + return 1; +} + +static const struct evp_test_method digest_test_method = { + "Digest", + digest_test_init, + digest_test_cleanup, + digest_test_parse, + digest_test_run +}; + +/* Cipher tests */ +struct cipher_data { + const EVP_CIPHER *cipher; + int enc; + /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ + int aead; + unsigned char *key; + size_t key_len; + unsigned char *iv; + size_t iv_len; + unsigned char *plaintext; + size_t plaintext_len; + unsigned char *ciphertext; + size_t ciphertext_len; + /* GCM, CCM only */ + unsigned char *aad; + size_t aad_len; + unsigned char *tag; + size_t tag_len; +}; + +static int cipher_test_init(struct evp_test *t, const char *alg) +{ + const EVP_CIPHER *cipher; + struct cipher_data *cdat = t->data; + cipher = EVP_get_cipherbyname(alg); + if (!cipher) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } + return 0; + } + cdat = OPENSSL_malloc(sizeof(struct cipher_data)); + cdat->cipher = cipher; + cdat->enc = -1; + cdat->key = NULL; + cdat->iv = NULL; + cdat->ciphertext = NULL; + cdat->plaintext = NULL; + cdat->aad = NULL; + cdat->tag = NULL; + t->data = cdat; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) + cdat->aead = EVP_CIPHER_mode(cipher); + else + cdat->aead = 0; + + return 1; +} + +static void cipher_test_cleanup(struct evp_test *t) +{ + struct cipher_data *cdat = t->data; + test_free(cdat->key); + test_free(cdat->iv); + test_free(cdat->ciphertext); + test_free(cdat->plaintext); + test_free(cdat->aad); + test_free(cdat->tag); +} + +static int cipher_test_parse(struct evp_test *t, const char *keyword, + const char *value) +{ + struct cipher_data *cdat = t->data; + if (!strcmp(keyword, "Key")) + return test_bin(value, &cdat->key, &cdat->key_len); + if (!strcmp(keyword, "IV")) + return test_bin(value, &cdat->iv, &cdat->iv_len); + if (!strcmp(keyword, "Plaintext")) + return test_bin(value, &cdat->plaintext, &cdat->plaintext_len); + if (!strcmp(keyword, "Ciphertext")) + return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); + if (cdat->aead) { + if (!strcmp(keyword, "AAD")) + return test_bin(value, &cdat->aad, &cdat->aad_len); + if (!strcmp(keyword, "Tag")) + return test_bin(value, &cdat->tag, &cdat->tag_len); + } + + if (!strcmp(keyword, "Operation")) { + if (!strcmp(value, "ENCRYPT")) + cdat->enc = 1; + else if (!strcmp(value, "DECRYPT")) + cdat->enc = 0; + else + return 0; + return 1; + } + return 0; +} + +static int cipher_test_enc(struct evp_test *t, int enc) +{ + struct cipher_data *cdat = t->data; + unsigned char *in, *out, *tmp = NULL; + size_t in_len, out_len; + int tmplen, tmpflen; + EVP_CIPHER_CTX *ctx = NULL; + const char *err; + err = "INTERNAL_ERROR"; + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + goto err; + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (enc) { + in = cdat->plaintext; + in_len = cdat->plaintext_len; + out = cdat->ciphertext; + out_len = cdat->ciphertext_len; + } else { + in = cdat->ciphertext; + in_len = cdat->ciphertext_len; + out = cdat->plaintext; + out_len = cdat->plaintext_len; + } + tmp = OPENSSL_malloc(in_len + 2 * EVP_MAX_BLOCK_LENGTH); + if (!tmp) + goto err; + err = "CIPHERINIT_ERROR"; + if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) + goto err; + err = "INVALID_IV_LENGTH"; + if (cdat->iv) { + if (cdat->aead) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + cdat->iv_len, 0)) + goto err; + } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + goto err; + } + if (cdat->aead) { + unsigned char *tag; + /* + * If encrypting or OCB just set tag length initially, otherwise + * set tag length and value. + */ + if (enc || cdat->aead == EVP_CIPH_OCB_MODE) { + err = "TAG_LENGTH_SET_ERROR"; + tag = NULL; + } else { + err = "TAG_SET_ERROR"; + tag = cdat->tag; + } + if (tag || cdat->aead != EVP_CIPH_GCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + cdat->tag_len, tag)) + goto err; + } + } + + err = "INVALID_KEY_LENGTH"; + if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) + goto err; + err = "KEY_SET_ERROR"; + if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) + goto err; + + if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + cdat->tag_len, cdat->tag)) { + err = "TAG_SET_ERROR"; + goto err; + } + } + + if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { + err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; + goto err; + } + } + if (cdat->aad) { + if (!EVP_CipherUpdate(ctx, NULL, &tmplen, cdat->aad, cdat->aad_len)) { + err = "AAD_SET_ERROR"; + goto err; + } + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + err = "CIPHERUPDATE_ERROR"; + if (!EVP_CipherUpdate(ctx, tmp, &tmplen, in, in_len)) + goto err; + if (cdat->aead == EVP_CIPH_CCM_MODE) + tmpflen = 0; + else { + err = "CIPHERFINAL_ERROR"; + if (!EVP_CipherFinal_ex(ctx, tmp + tmplen, &tmpflen)) + goto err; + } + err = "LENGTH_MISMATCH"; + if (out_len != (size_t)(tmplen + tmpflen)) + goto err; + err = "VALUE_MISMATCH"; + if (check_output(t, out, tmp, out_len)) + goto err; + if (enc && cdat->aead) { + unsigned char rtag[16]; + if (cdat->tag_len > sizeof(rtag)) { + err = "TAG_LENGTH_INTERNAL_ERROR"; + goto err; + } + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + cdat->tag_len, rtag)) { + err = "TAG_RETRIEVE_ERROR"; + goto err; + } + if (check_output(t, cdat->tag, rtag, cdat->tag_len)) { + err = "TAG_VALUE_MISMATCH"; + goto err; + } + } + err = NULL; + err: + if (tmp) + OPENSSL_free(tmp); + EVP_CIPHER_CTX_free(ctx); + t->err = err; + return err ? 0 : 1; +} + +static int cipher_test_run(struct evp_test *t) +{ + struct cipher_data *cdat = t->data; + int rv; + if (!cdat->key) { + t->err = "NO_KEY"; + return 0; + } + if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) { + /* IV is optional and usually omitted in wrap mode */ + if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { + t->err = "NO_IV"; + return 0; + } + } + if (cdat->aead && !cdat->tag) { + t->err = "NO_TAG"; + return 0; + } + if (cdat->enc) { + rv = cipher_test_enc(t, 1); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + if (cdat->enc != 1) { + rv = cipher_test_enc(t, 0); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + return 1; +} + +static const struct evp_test_method cipher_test_method = { + "Cipher", + cipher_test_init, + cipher_test_cleanup, + cipher_test_parse, + cipher_test_run +}; + +struct mac_data { + /* MAC type */ + int type; + /* Algorithm string for this MAC */ + char *alg; + /* MAC key */ + unsigned char *key; + size_t key_len; + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +static int mac_test_init(struct evp_test *t, const char *alg) +{ + int type; + struct mac_data *mdat; + if (!strcmp(alg, "HMAC")) + type = EVP_PKEY_HMAC; + else if (!strcmp(alg, "CMAC")) + type = EVP_PKEY_CMAC; + else + return 0; + + mdat = OPENSSL_malloc(sizeof(struct mac_data)); + mdat->type = type; + mdat->alg = NULL; + mdat->key = NULL; + mdat->input = NULL; + mdat->output = NULL; + t->data = mdat; + return 1; +} + +static void mac_test_cleanup(struct evp_test *t) +{ + struct mac_data *mdat = t->data; + test_free(mdat->alg); + test_free(mdat->key); + test_free(mdat->input); + test_free(mdat->output); +} + +static int mac_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct mac_data *mdata = t->data; + if (!strcmp(keyword, "Key")) + return test_bin(value, &mdata->key, &mdata->key_len); + if (!strcmp(keyword, "Algorithm")) { + mdata->alg = BUF_strdup(value); + if (!mdata->alg) + return 0; + return 1; + } + if (!strcmp(keyword, "Input")) + return test_bin(value, &mdata->input, &mdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &mdata->output, &mdata->output_len); + return 0; +} + +static int mac_test_run(struct evp_test *t) +{ + struct mac_data *mdata = t->data; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; + EVP_PKEY *key = NULL; + const EVP_MD *md = NULL; + unsigned char *mac = NULL; + size_t mac_len; + + err = "MAC_PKEY_CTX_ERROR"; + genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL); + if (!genctx) + goto err; + + err = "MAC_KEYGEN_INIT_ERROR"; + if (EVP_PKEY_keygen_init(genctx) <= 0) + goto err; + if (mdata->type == EVP_PKEY_CMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) + goto err; + } + + err = "MAC_KEY_SET_ERROR"; + if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) + goto err; + + err = "MAC_KEY_GENERATE_ERROR"; + if (EVP_PKEY_keygen(genctx, &key) <= 0) + goto err; + if (mdata->type == EVP_PKEY_HMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + md = EVP_get_digestbyname(mdata->alg); + if (!md) + goto err; + } + mctx = EVP_MD_CTX_create(); + if (!mctx) + goto err; + err = "DIGESTSIGNINIT_ERROR"; + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) + goto err; + + err = "DIGESTSIGNUPDATE_ERROR"; + if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + err = "DIGESTSIGNFINAL_LENGTH_ERROR"; + if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) + goto err; + mac = OPENSSL_malloc(mac_len); + if (!mac) { + fprintf(stderr, "Error allocating mac buffer!\n"); + exit(1); + } + if (!EVP_DigestSignFinal(mctx, mac, &mac_len)) + goto err; + err = "MAC_LENGTH_MISMATCH"; + if (mac_len != mdata->output_len) + goto err; + err = "MAC_MISMATCH"; + if (check_output(t, mdata->output, mac, mac_len)) + goto err; + err = NULL; + err: + if (mctx) + EVP_MD_CTX_destroy(mctx); + if (mac) + OPENSSL_free(mac); + EVP_PKEY_CTX_free(genctx); + EVP_PKEY_free(key); + t->err = err; + return 1; +} + +static const struct evp_test_method mac_test_method = { + "MAC", + mac_test_init, + mac_test_cleanup, + mac_test_parse, + mac_test_run +}; + +/* + * Public key operations. These are all very similar and can share + * a lot of common code. + */ + +struct pkey_data { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Key operation to perform */ + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int pkey_test_init(struct evp_test *t, const char *name, + int use_public, + int (*keyopinit) (EVP_PKEY_CTX *ctx), + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen) + ) +{ + struct pkey_data *kdata; + EVP_PKEY *pkey = NULL; + int rv = 0; + if (use_public) + rv = find_key(&pkey, name, t->public); + if (!rv) + rv = find_key(&pkey, name, t->private); + if (!rv) + return 0; + if (!pkey) { + t->skip = 1; + return 1; + } + + kdata = OPENSSL_malloc(sizeof(struct pkey_data)); + if (!kdata) { + EVP_PKEY_free(pkey); + return 0; + } + kdata->ctx = NULL; + kdata->input = NULL; + kdata->output = NULL; + kdata->keyop = keyop; + t->data = kdata; + kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!kdata->ctx) + return 0; + if (keyopinit(kdata->ctx) <= 0) + return 0; + return 1; +} + +static void pkey_test_cleanup(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + if (kdata->input) + OPENSSL_free(kdata->input); + if (kdata->output) + OPENSSL_free(kdata->output); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int pkey_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pkey_data *kdata = t->data; + if (!strcmp(keyword, "Input")) + return test_bin(value, &kdata->input, &kdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &kdata->output, &kdata->output_len); + if (!strcmp(keyword, "Ctrl")) { + char *p = strchr(value, ':'); + if (p) + *p++ = 0; + if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0) + return 0; + return 1; + } + return 0; +} + +static int pkey_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len; + const char *err = "KEYOP_LENGTH_ERROR"; + if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input, + kdata->input_len) <= 0) + goto err; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "KEYOP_ERROR"; + if (kdata->keyop + (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0) + goto err; + err = "KEYOP_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "KEYOP_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + if (out) + OPENSSL_free(out); + t->err = err; + return 1; +} + +static int sign_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); +} + +static const struct evp_test_method psign_test_method = { + "Sign", + sign_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_recover_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, + EVP_PKEY_verify_recover); +} + +static const struct evp_test_method pverify_recover_test_method = { + "VerifyRecover", + verify_recover_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int decrypt_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, + EVP_PKEY_decrypt); +} + +static const struct evp_test_method pdecrypt_test_method = { + "Decrypt", + decrypt_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); +} + +static int verify_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, + kdata->input, kdata->input_len) <= 0) + t->err = "VERIFY_ERROR"; + return 1; +} + +static const struct evp_test_method pverify_test_method = { + "Verify", + verify_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; diff --git a/test/evptests.txt b/test/evptests.txt new file mode 100644 index 0000000000..26d371c559 --- /dev/null +++ b/test/evptests.txt @@ -0,0 +1,2316 @@ +#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) +#aadcipher:key:iv:plaintext:ciphertext:aad:tag:0/1(decrypt/encrypt) +#digest:::input:output + +# SHA(1) tests (from shatest.c) +Digest = SHA1 +Input = 616263 +Output = a9993e364706816aba3e25717850c26c9cd0d89d + + +# MD5 tests (from md5test.c) +Digest = MD5 +Input = +Output = d41d8cd98f00b204e9800998ecf8427e + +Digest = MD5 +Input = 61 +Output = 0cc175b9c0f1b6a831c399e269772661 + +Digest = MD5 +Input = 616263 +Output = 900150983cd24fb0d6963f7d28e17f72 + +Digest = MD5 +Input = 6d65737361676520646967657374 +Output = f96b697d7cb7938d525a2f31aaf161d0 + +Digest = MD5 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c3fcd3d76192e4007dfb496cca67e13b + +Digest = MD5 +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = d174ab98d277d9f5a5611c2c9f419d9f + +Digest = MD5 +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = 57edf4a22be3c955ac49da2e2107b67a + +# MD4 tests from md4test.c +Digest = MD4 +Input = "" +Output = 31d6cfe0d16ae931b73c59d7e0c089c0 +Digest = MD4 +Input = "a" +Output = bde52cb31de33e46245e05fbdbd6fb24 +Digest = MD4 +Input = "abc" +Output = a448017aaf21d8525fc10ae87aa6729d +Digest = MD4 +Input = "message digest" +Output = d9130a8164549fe818874806e1c7014b +Digest = MD4 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = d79e1c308aa5bbcdeea8ed63df412da9 +Digest = MD4 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = 043f8582f241db351ce627e153e7f0e4 +Digest = MD4 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = e33b4ddc9c38f2199c3e7b164fcc0536 + +# RIPEMD160 tests from rmdtest.c +Digest = RIPEMD160 +Input = "" +Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 +Digest = RIPEMD160 +Input = "a" +Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe +Digest = RIPEMD160 +Input = "abc" +Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc +Digest = RIPEMD160 +Input = "message digest" +Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 +Digest = RIPEMD160 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc +Digest = RIPEMD160 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b +Digest = RIPEMD160 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = b0e20b6e3116640286ed3a87a5713079b21f5189 +Digest = RIPEMD160 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb + +# whirlpool tests from wp_test.c +Digest = whirlpool +Input = "" +Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 +Digest = whirlpool +Input = "a" +Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A +Digest = whirlpool +Input = "abc" +Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5 +Digest = whirlpool +Input = "message digest" +Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E +Digest = whirlpool +Input = "abcdefghijklmnopqrstuvwxyz" +Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B +Digest = whirlpool +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467 +Digest = whirlpool +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B +Digest = whirlpool +Input = "abcdbcdecdefdefgefghfghighijhijk" +Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD +Digest = whirlpool +Input = "aaaaaaaaaa" +Count = 100000 +Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 + +# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A + +# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191 + + +# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) + +Cipher = AES-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 8EA2B7CA516745BFEAFC49904B496089 + + +# AES 128 ECB tests (from NIST test vectors, encrypt) + +#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 + +# AES 128 ECB tests (from NIST test vectors, decrypt) + +#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 + +# AES 192 ECB tests (from NIST test vectors, decrypt) + +#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 + +# AES 256 ECB tests (from NIST test vectors, decrypt) + +#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 + +# AES 128 CBC tests (from NIST test vectors, encrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 + +# AES 192 CBC tests (from NIST test vectors, encrypt) + +#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 + +# AES 256 CBC tests (from NIST test vectors, encrypt) + +#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 + +# AES 128 CBC tests (from NIST test vectors, decrypt) + +#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 + +# AES tests from NIST document SP800-38A +# For all ECB encrypts and decrypts, the transformed sequence is +# AES-bits-ECB:key::plaintext:ciphertext:encdec +# ECB-AES128.Encrypt and ECB-AES128.Decrypt +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = F5D3D58503B9699DE785895A96FDBAAF + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 43B1CD7F598ECE23881B00E3ED030688 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7B0C785E27E8AD3F8223207104725DD4 + +# ECB-AES192.Encrypt and ECB-AES192.Decrypt +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BD334F1D6E45F25FF712A214571FA5CC + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = EF7AFD2270E2E60ADCE0BA2FACE6444E + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E + +# ECB-AES256.Encrypt and ECB-AES256.Decrypt +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 591CCB10D410ED26DC5BA74A31362870 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B6ED21B99CA6F4F9F153E7B1BEAFED1D + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7 + +# For all CBC encrypts and decrypts, the transformed sequence is +# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-AES128.Encrypt and CBC-AES128.Decrypt +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 7649ABAC8119B246CEE98E9B12E9197D + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 7649ABAC8119B246CEE98E9B12E9197D +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5086CB9B507219EE95DB113A917678B2 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 5086CB9B507219EE95DB113A917678B2 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 73BED6B8E3C1743B7116E69E22229516 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 73BED6B8E3C1743B7116E69E22229516 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 + +# CBC-AES192.Encrypt and CBC-AES192.Decrypt +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 4F021DB243BC633D7178183A9FA071E8 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 4F021DB243BC633D7178183A9FA071E8 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = B4D9ADA9AD7DEDF4E5E738763F69145A + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = B4D9ADA9AD7DEDF4E5E738763F69145A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 571B242012FB7AE07FA9BAAC3DF102E0 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 571B242012FB7AE07FA9BAAC3DF102E0 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 08B0E27988598881D920A9E64F5615CD + +# CBC-AES256.Encrypt and CBC-AES256.Decrypt +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F58C4C04D6E5F1BA779EABFB5F7BFBD6 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = F58C4C04D6E5F1BA779EABFB5F7BFBD6 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 9CFC4E967EDB808D679F777BC6702C7D + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 9CFC4E967EDB808D679F777BC6702C7D +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 39F23369A9D9BACFA530E26304231461 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39F23369A9D9BACFA530E26304231461 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B + +# We don't support CFB{1,8}-AESxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-AES128.Encrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + +# CFB128-AES128.Decrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + +# CFB128-AES192.Encrypt +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + +# CFB128-AES192.Decrypt +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + +# CFB128-AES256.Encrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + +# CFB128-AES256.Decrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + +# For all OFB encrypts and decrypts, the transformed sequence is +# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-AES128.Encrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES128.Decrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES192.Encrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES192.Decrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES256.Encrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + +# OFB-AES256.Decrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + + +# AES Counter test vectors from RFC3686 +Cipher = aes-128-ctr +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 + +Cipher = aes-128-ctr +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28 + +Cipher = aes-128-ctr +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F + + +Cipher = aes-192-ctr +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 4B55384FE259C9C84E7935A003CBE928 + +Cipher = aes-192-ctr +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00 + +Cipher = aes-192-ctr +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935 + + +Cipher = aes-256-ctr +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0 + +Cipher = aes-256-ctr +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C + +Cipher = aes-256-ctr +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8 + + +# DES ECB tests (from destest) + +Cipher = DES-ECB +Key = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 8CA64DE9C1B123A7 + +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 + +Cipher = DES-ECB +Key = 3000000000000000 +Plaintext = 1000000000000001 +Ciphertext = 958E6E627A05557B + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 1111111111111111 +Ciphertext = F40379AB9E0EC533 + +Cipher = DES-ECB +Key = 0123456789ABCDEF +Plaintext = 1111111111111111 +Ciphertext = 17668DFC7292532D + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 0123456789ABCDEF +Ciphertext = 8A5AE1F81AB8F2DD + +Cipher = DES-ECB +Key = FEDCBA9876543210 +Plaintext = 0123456789ABCDEF +Ciphertext = ED39D950FA74BCC4 + + +# DESX-CBC tests (from destest) +Cipher = DESX-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + + +# DES EDE3 CBC tests (from destest) +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + + +# RC4 tests (from rc4test) +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + + + +# Camellia tests from RFC3713 +# For all ECB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec +Cipher = CAMELLIA-128-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 67673138549669730857065648eabe43 + +Cipher = CAMELLIA-192-ECB +Key = 0123456789abcdeffedcba98765432100011223344556677 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 + +Cipher = CAMELLIA-256-ECB +Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 + + +# ECB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 77CF412067AF8270613529149919546F + +Cipher = CAMELLIA-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 + +Cipher = CAMELLIA-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 + + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 432FC5DCD628115B7C388D770B270C96 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A + + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 909DBD95799096748CB27357E73E1D26 + + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BEFD219B112FA00098919CD101C9CCFA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A623D711DC5F25A51BB8A80D56397D28 + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B + + +# For all CBC encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 1607CF494B36BBF00DAEB0B503C831AB +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A2F2CF671629EF7840C5A5DFB5074887 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 0F06165008CF8B8B5A63586362543E54 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 + + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2A4830AB5AC4A1A2405955FD2195CF93 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 5D5A869BD14CE54264F892A6DD2EC3D5 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 37D359C3349836D884E310ADDF68C449 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 37D359C3349836D884E310ADDF68C449 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 + + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E6CFA35FC02B134A4D2C0B6737AC3EDA +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 36CBEB73BD504B4070B1B7DE2B21EB50 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = E31A6055297D96CA3330CDF1B1860A83 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E31A6055297D96CA3330CDF1B1860A83 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F + + +# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt +# For all CFB128 encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec +# CFB128-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + + +# CFB128-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + + +# CFB128-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + + +# CFB128-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + + +# CFB128-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + + +# CFB128-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + + +# For all OFB encrypts and decrypts, the transformed sequence is +# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec +# OFB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + + +# OFB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + + +# Camellia test vectors from RFC5528 +Cipher = CAMELLIA-128-CTR +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = D09DC29A8214619A20877C76DB1F0B3F + +Cipher = CAMELLIA-128-CTR +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 + +Cipher = CAMELLIA-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 + +Cipher = CAMELLIA-192-CTR +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 + +Cipher = CAMELLIA-192-CTR +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED + +Cipher = CAMELLIA-192-CTR +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 + +Cipher = CAMELLIA-256-CTR +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 + +Cipher = CAMELLIA-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 + +Cipher = CAMELLIA-256-CTR +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D + +# SEED test vectors from RFC4269 +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = DECRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = DECRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = DECRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = ENCRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = ENCRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + + +# AES CCM 256 bit key +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2bf +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 + + +# AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 58e2fccefa7e3061367f1d57a4e7455a +Plaintext = +Ciphertext = + +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = ab6e47d42cec13bdf53a67b21257bddf +Plaintext = 00000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3612d2e79e3b0785561be14aaca2fccb +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d050 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cd33b28ac773f74ba00ed1f312572435 +Plaintext = +Ciphertext = + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 2ff58d80033927ab8ef4d4587514f0fb +Plaintext = 00000000000000000000000000000000 +Ciphertext = 98e7247c07f0fe411c267e4384b0f600 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 9924a7c8587336bfb118024db8674a14 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 2519498e80f1478f37ba55bd6d27618c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 65dcc57fcf623a24094fcca40d3533f8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d9 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 530f8afbc74536b9a963b4f1c4cb738b +Plaintext = +Ciphertext = + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = d0d1c8a799996bf0265b98b5d48ab919 +Plaintext = 00000000000000000000000000000000 +Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = b094dac5d93471bdec1a502270e3cc6c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 76fc6ece0f4e1768cddf8853bb2d551b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3a337dbf46a792c45e454913fe2ea8f2 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f + +# local add-ons, primarily streaming ghash tests +# 128 bytes aad +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +Tag = 5fea793a2d6f974d37e68e0cb8ff9492 +Plaintext = +Ciphertext = + +# 48 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 + +# 80 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 98885a3a22bd4742fe7b72172193b163 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 + +# 128 bytes plaintext +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cac45f60e31efd3b5a43b98a22ce1aa1 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 + +# 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 566f8ef683078bfdeeffa869d751a017 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 + +# 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 8b307f6b33286d0ab026a9ed3fe1e85f +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c + +# 80 bytes plaintext, submitted by Intel +Cipher = aes-128-gcm +Key = 843ffcf5d2b72694d19ed01d01249412 +IV = dbcca32ebf9b804617c3aa9e +AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 + +#AES OCB Test vectors +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 197B9C3C441D3C83EAFB2BEF633B9182 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 16DC76A46D47E1EAD537209E8A96D14E +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 98B91552C8C009185044E30A6EB2FE21 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 971EFFCAE19AD4716F88E87B871FBEED +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 776C9924D6723A1FC4524532AC3E5BEB +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 7DDB8E6CEA6814866212509619B19CC6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 13CC8B747807121A4CBB3E4BD6B456AF +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 282026DA3068BC9FA118681D559F10F6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68 +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = B2A040DD3BD5164372D76D7BB6824240 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = E1E072633BADE51A60E85951D9C42A1B +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 659C623211DEEA0DE30D2C381879F4C8 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 7AEB7A69A1687DD082CA27B0D9A37096 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 060C8467F4ABAB5E8B3C2067A2E115DC +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +#AES OCB Non standard test vectors - generated from reference implementation +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1b6c44f34e3abb3cbf8976e7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B0C0D0E +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1ad62009901f40cba7cd7156f94a7324 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee + +# AES XTS test vectors from IEEE Std 1619-2007 +Cipher = aes-128-xts +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e + +Cipher = aes-128-xts +Key = 1111111111111111111111111111111122222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 01000000000000000000000000000000 +Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 +Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 02000000000000000000000000000000 +Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd +Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fd000000000000000000000000000000 +Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888 +Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fe000000000000000000000000000000 +Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 +Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = ff000000000000000000000000000000 +Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a +Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd + + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ff000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffff0000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffff00000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffff000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffffff0000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 + + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10 +Ciphertext = 6c1625db4671522d3d7599601de7ca09ed + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f1011 +Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112 +Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10111213 +Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac + +Cipher = aes-128-xts +Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf +IV = 21436587a90000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 + +# AES wrap tests from RFC3394 +Cipher = id-aes128-wrap +Key = 000102030405060708090A0B0C0D0E0F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + +# Same as previous example but with invalid unwrap key: should be rejected +# without returning any plaintext +Cipher = id-aes256-wrap +Operation = DECRYPT +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E00 +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Result = CIPHERUPDATE_ERROR + +# AES wrap tests from RFC5649 +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = c37b7e6492584340bed12207808941155068f738 +Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a + +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = 466f7250617369 +Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f + +# HMAC tests from RFC2104 +MAC = HMAC +Algorithm = MD5 +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Input = "Hi There" +Output = 9294727a3638bb1c13f48ef8158bfc9d + +MAC = HMAC +Algorithm = MD5 +Key = "Jefe" +Input = "what do ya want for nothing?" +Output = 750c783e6ab0b503eaa86e310a5db738 + +MAC = HMAC +Algorithm = MD5 +Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD +Output = 56be34521d144c88dbb8c733f0e8b3f6 + +# HMAC tests from NIST test data + +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29 +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F10111213 +Output = 4C99FF0CB1B31BD33F8431DBAF4D17FCD356A807 +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 2D51B2F7750E410584662E38F133435F4C4FD42A +MAC = HMAC +Algorithm = SHA224 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B +MAC = HMAC +Algorithm = SHA224 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B +Output = E3D249A8CFB67EF8B7A169E9A0A599714A2CECBA65999A51BEB8FBBE +MAC = HMAC +Algorithm = SHA224 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = 91C52509E5AF8531601AE6230099D90BEF88AAEFB961F4080ABC014D +MAC = HMAC +Algorithm = SHA256 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 8BB9A1DB9806F20DF7F77B82138C7914D174D59E13DC4D0169C9057B133E1D62 +MAC = HMAC +Algorithm = SHA256 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Output = A28CF43130EE696A98F14A37678B56BCFCBDD9E5CF69717FECF5480F0EBDF790 +MAC = HMAC +Algorithm = SHA256 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Output = BDCCB6C72DDEADB500AE768386CB38CC41C63DBB0878DDB9C7A38A431B78378D +MAC = HMAC +Algorithm = SHA384 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = 63C5DAA5E651847CA897C95814AB830BEDEDC7D25E83EEF9195CD45857A37F448947858F5AF50CC2B1B730DDF29671A9 +MAC = HMAC +Algorithm = SHA384 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F +Output = 6EB242BDBB582CA17BEBFA481B1E23211464D2B7F8C20B9FF2201637B93646AF5AE9AC316E98DB45D9CAE773675EEED0 +MAC = HMAC +Algorithm = SHA384 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = 5B664436DF69B0CA22551231A3F0A3D5B4F97991713CFA84BFF4D0792EFF96C27DCCBBB6F79B65D548B40E8564CEF594 +MAC = HMAC +Algorithm = SHA512 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Output = FC25E240658CA785B7A811A8D3F7B4CA48CFA26A8A366BF2CD1F836B05FCB024BD36853081811D6CEA4216EBAD79DA1CFCB95EA4586B8A0CE356596A55FB1347 +MAC = HMAC +Algorithm = SHA512 +Input = "Sample message for keylen<blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = FD44C18BDA0BB0A6CE0E82B031BF2818F6539BD56EC00BDC10A8A2D730B3634DE2545D639B0F2CF710D0692C72A1896F1F211C2B922D1A96C392E07E7EA9FEDC +MAC = HMAC +Algorithm = SHA512 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3 + +# CMAC tests from FIPS module + +MAC = CMAC +Algorithm = AES-128-CBC +Key = 77A77FAF290C1FA30C683DF16BA7A77B +Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13 +Output = FBFEA41BF9740CB501F1292C21CEBB40 + +MAC = CMAC +Algorithm = AES-192-CBC +Key = 7B32391369AA4CA97558095BE3C3EC862BD057CEF1E32D62 +Input = +Output = E4D9340B03E67DEFD4969CC1ED3735E6 + +MAC = CMAC +Algorithm = AES-256-CBC +Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1 +Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F +Output = F62C46329B41085625669BAF51DEA66A + +MAC = CMAC +Algorithm = DES-EDE3-CBC +Key = 89BCD952A8C8AB371AF48AC7D07085D5EFF702E6D62CDC23 +Input = FA620C1BBE97319E9A0CF0492121F7A20EB08A6A709DCBD00AAF38E4F99E754E +Output = 8F49A1B7D6AA2258 + +# Public key algorithm tests + +# Private keys used for PKEY operations. + +# RSA 2048 bit key. + +PrivateKey = RSA-2048 + +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV +n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW +B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP +6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr +LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7 +yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt +A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X +ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS +IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W +glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo +qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC +XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe +hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv +6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK +hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY +eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A +RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg +T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR +2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK +HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ +qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg +esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq +IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7 +aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu +SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH +fMkTd7GabVourqIZdgvu1Q== +-----END PRIVATE KEY----- + +# EC P-256 key + +PrivateKey=P-256 + +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw ++RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH ++JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ +-----END PRIVATE KEY----- + +# RSA tests + +Sign = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +Verify = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad + +# Digest too long +Sign = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF12345" +Output = 00 +Result = KEYOP_ERROR + +# Digest too short +Sign = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF12345" +Output = 00 +Result = KEYOP_ERROR + +# Mismatched digest +Verify = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1233" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad +Result = VERIFY_ERROR + +# Corrupted signature +Verify = RSA-2048 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1233" +Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ae +Result = VERIFY_ERROR + +# parameter is not NULL: should verify OK +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e75b4f6b37f67edd9c60c800f9ab941c0c157d7d880ca9de40c951d60fd293ae220d4bc510b1572d6e85a1bbbd8605b52e05f1c64fafdae59a1c2fbed214b7844d0134619de62851d5a0522e32e556e5950f3f97b8150e3f0dffee612c924201c27cd9bc8b423a71533380c276d3d59fcba35a2e80a1a192ec266a6c2255012cd86a349fe90a542b355fa3355b04da6cdf1df77f0e7bd44a90e880e1760266d233e465226f5db1c68857847d82072861ee266ddfc2e596845b77e1803274a579835ab5e4975d81d20b7df9cec7795489e4a2bdb8c1cf6a6b359945ac92c + +# embedded digest too long +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Result = VERIFY_ERROR + +# embedded digest too short +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Result = VERIFY_ERROR + +# Garbage after DigestInfo +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 +Result = VERIFY_ERROR + +# invalid tag for parameter +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 +Result = VERIFY_ERROR + +# EC tests + +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 + +# Digest too long +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF12345" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +Result = VERIFY_ERROR + +# Digest too short +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF123" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +Result = VERIFY_ERROR + +# Digest invalid +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1235" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 +Result = VERIFY_ERROR + +# Invalid signature +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 +Result = VERIFY_ERROR + +# Garbage after signature +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 +Result = VERIFY_ERROR + +# BER signature +Verify = P-256 +Ctrl = digest:SHA1 +Input = "0123456789ABCDEF1234" +Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 +Result = VERIFY_ERROR diff --git a/test/exptest.c b/test/exptest.c new file mode 100644 index 0000000000..2da8dc2ffe --- /dev/null +++ b/test/exptest.c @@ -0,0 +1,257 @@ +/* crypto/bn/exptest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#define NUM_BITS (BN_BITS*2) + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +/* + * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. + */ +static int test_exp_mod_zero() +{ + BIGNUM *a = NULL, *p = NULL, *m = NULL; + BIGNUM *r = NULL; + BN_CTX *ctx = BN_CTX_new(); + int ret = 1; + + m = BN_new(); + if (!m) + goto err; + BN_one(m); + + a = BN_new(); + if (!a) + goto err; + BN_one(a); + + p = BN_new(); + if (!p) + goto err; + BN_zero(p); + + r = BN_new(); + if (!r) + goto err; + BN_mod_exp(r, a, p, m, ctx); + BN_CTX_free(ctx); + + if (BN_is_zero(r)) + ret = 0; + else { + printf("1**0 mod 1 = "); + BN_print_fp(stdout, r); + printf(", should be 0\n"); + } + + err: + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); + + return ret; +} + +int main(int argc, char *argv[]) +{ + BN_CTX *ctx; + BIO *out = NULL; + int i, ret; + unsigned char c; + BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we + * don't even check its return + * value (which we should) */ + + ERR_load_BN_strings(); + + ctx = BN_CTX_new(); + if (ctx == NULL) + EXIT(1); + r_mont = BN_new(); + r_mont_const = BN_new(); + r_recp = BN_new(); + r_simple = BN_new(); + a = BN_new(); + b = BN_new(); + m = BN_new(); + if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL)) + goto err; + + out = BIO_new(BIO_s_file()); + + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + for (i = 0; i < 200; i++) { + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(a, NUM_BITS + c, 0, 0); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(b, NUM_BITS + c, 0, 0); + + RAND_bytes(&c, 1); + c = (c % BN_BITS) - BN_BITS2; + BN_rand(m, NUM_BITS + c, 0, 1); + + BN_mod(a, a, m, ctx); + BN_mod(b, b, m, ctx); + + ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); + if (ret <= 0) { + printf("BN_mod_exp_mont() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); + if (ret <= 0) { + printf("BN_mod_exp_recp() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_simple(r_simple, a, b, m, ctx); + if (ret <= 0) { + printf("BN_mod_exp_simple() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); + if (ret <= 0) { + printf("BN_mod_exp_mont_consttime() problems\n"); + ERR_print_errors(out); + EXIT(1); + } + + if (BN_cmp(r_simple, r_mont) == 0 + && BN_cmp(r_simple, r_recp) == 0 + && BN_cmp(r_simple, r_mont_const) == 0) { + printf("."); + fflush(stdout); + } else { + if (BN_cmp(r_simple, r_mont) != 0) + printf("\nsimple and mont results differ\n"); + if (BN_cmp(r_simple, r_mont_const) != 0) + printf("\nsimple and mont const time results differ\n"); + if (BN_cmp(r_simple, r_recp) != 0) + printf("\nsimple and recp results differ\n"); + + printf("a (%3d) = ", BN_num_bits(a)); + BN_print(out, a); + printf("\nb (%3d) = ", BN_num_bits(b)); + BN_print(out, b); + printf("\nm (%3d) = ", BN_num_bits(m)); + BN_print(out, m); + printf("\nsimple ="); + BN_print(out, r_simple); + printf("\nrecp ="); + BN_print(out, r_recp); + printf("\nmont ="); + BN_print(out, r_mont); + printf("\nmont_ct ="); + BN_print(out, r_mont_const); + printf("\n"); + EXIT(1); + } + } + BN_free(r_mont); + BN_free(r_mont_const); + BN_free(r_recp); + BN_free(r_simple); + BN_free(a); + BN_free(b); + BN_free(m); + BN_CTX_free(ctx); + ERR_remove_thread_state(NULL); + CRYPTO_mem_leaks(out); + BIO_free(out); + printf("\n"); + + if (test_exp_mod_zero() != 0) + goto err; + + printf("done\n"); + + EXIT(0); + err: + ERR_load_crypto_strings(); + ERR_print_errors(out); +#ifdef OPENSSL_SYS_NETWARE + printf("ERROR\n"); +#endif + EXIT(1); +} diff --git a/test/gost2814789test.c b/test/gost2814789test.c new file mode 100644 index 0000000000..8384d66bd0 --- /dev/null +++ b/test/gost2814789test.c @@ -0,0 +1,1437 @@ +/* vim: set fileencoding=ascii : Charset: ASCII */ +/* test/gostr2814789t.c */ +/* ==================================================================== + * Copyright (c) 2012 Crypto-Pro, Ltd., Serguei E. Leontiev, + * lse@cryptopro.ru + * + * This file is distributed under the same license as OpenSSL + * ==================================================================== + */ +#include <stdio.h> + +#if defined(OPENSSL_NO_ENGINE) || defined(OPENSSL_NO_GOST) +int main(int argc, char *argv[]) +{ + printf("No GOST 28147-89 support\n"); + return 0; +} +#else + +# include <stdlib.h> +# include <string.h> +# include <openssl/conf.h> +# include <openssl/crypto.h> +# include <openssl/engine.h> +# include <openssl/err.h> +# include <openssl/evp.h> +# include <openssl/hmac.h> +# include <openssl/obj_mac.h> + +# define CCGOST_ID "gost" + +# include "../engines/ccgost/gost89.h" + +# define G89_MAX_TC_LEN (2048) +# define G89_BLOCK_LEN (8) + +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +typedef unsigned __int64 u64; +# define U64(C) C##UI64 +# define FMT64 "%I64u" +# elif defined(__arch64__) +typedef unsigned long u64; +# define U64(C) C##UL +# define FMT64 "%lu" +# else +typedef unsigned long long u64; +# define U64(C) C##ULL +# define FMT64 "%llu" +# endif +# if defined(__MINGW32__) +# undef FMT64 +# define FMT64 "%I64u" +# endif + +typedef enum g89_mode_ { + G89_ECB, + G89_CFB, + G89_CNT, + G89_IMIT +} g89_mode; + +typedef struct g89_tc_ { + u64 ullLen; /* ullLen > G89_MAX_TC_LEN */ + /* Clear text ullLen */ + /* of zero bytes */ + const byte bIn[G89_MAX_TC_LEN]; /* Clear text, when */ + /* ullLen <= G89_MAX_TC_LEN */ + const char *szParamSet; /* S-Box ID */ + const char *szDerive; /* String for derive bRawKey */ + const byte bRawKey[EVP_MAX_KEY_LENGTH]; + g89_mode gMode; /* Mode of encryption or MAC */ + const byte bIV[EVP_MAX_IV_LENGTH]; /* IV for CFB or CNT mode */ + const byte bOut[G89_MAX_TC_LEN]; /* Cipher text for ECB/CFB/CNT */ + /* + * mode, when ullLen <= G89_MAX_TC_LEN; Last 16 byte of cipher text for + * ECB/CFB/CNT, when ullLen > G89_MAX_TC_LEN; 4 byte MAC for imitovstavka + */ +} g89_tc; + +const g89_tc tcs[] = { + /* + * GOST R 34.11-94 Test cases + */ + { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 + * [ENG-GOSTR341194] */ + /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */ + /* Iteration 1, K[1], see Errata for RFC 5831 */ + 8, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + "id-GostR3410-94-TestParamSet", + NULL, + { + 0x54, 0x6d, 0x20, 0x33, 0x68, 0x65, 0x6c, 0x32, + 0x69, 0x73, 0x65, 0x20, 0x73, 0x73, 0x6e, 0x62, + 0x20, 0x61, 0x67, 0x79, 0x69, 0x67, 0x74, 0x74, + 0x73, 0x65, 0x68, 0x65, 0x20, 0x2c, 0x3d, 0x73}, + G89_ECB, + {0}, + { + 0x1b, 0x0b, 0xbc, 0x32, 0xce, 0xbc, 0xab, 0x42} + }, + { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 + * [ENG-GOSTR341194] */ + /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */ + /* Iteration 1, K[4] */ + 8, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + "id-GostR3410-94-TestParamSet", + NULL, + { + 0xec, 0x0a, 0x8b, 0xa1, 0x5e, 0xc0, 0x04, 0xa8, + 0xba, 0xc5, 0x0c, 0xac, 0x0c, 0x62, 0x1d, 0xee, + 0xe1, 0xc7, 0xb8, 0xe7, 0x00, 0x7a, 0xe2, 0xec, + 0xf2, 0x73, 0x1b, 0xff, 0x4e, 0x80, 0xe2, 0xa0}, + G89_ECB, + {0}, + { + 0x2d, 0x56, 0x2a, 0x0d, 0x19, 0x04, 0x86, 0xe7} + }, + { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 + * [ENG-GOSTR341194] */ + /* <http://tools.ietf.org/html/rfc5831#section-7.3.1> */ + /* Iteration 2, K[1] */ + 8, + { + 0x34, 0xc0, 0x15, 0x33, 0xe3, 0x7d, 0x1c, 0x56}, + "id-GostR3410-94-TestParamSet", + NULL, + { + 0x34, 0x87, 0x24, 0xa4, 0xc1, 0xa6, 0x76, 0x67, + 0x15, 0x3d, 0xde, 0x59, 0x33, 0x88, 0x42, 0x50, + 0xe3, 0x24, 0x8c, 0x65, 0x7d, 0x41, 0x3b, 0x8c, + 0x1c, 0x9c, 0xa0, 0x9a, 0x56, 0xd9, 0x68, 0xcf}, + G89_ECB, + {0}, + { + 0x86, 0x3e, 0x78, 0xdd, 0x2d, 0x60, 0xd1, 0x3c} + }, + /* + * id-Gost28147-89-CryptoPro-A-ParamSet (1.2.643.2.2.31.1) + * Test cases + */ + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 16, + { + 0x74, 0x3d, 0x76, 0xf9, 0x1b, 0xee, 0x35, 0x3c, + 0xa2, 0x5c, 0x3b, 0x10, 0xeb, 0x64, 0xcf, 0xf5}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testecb1", + { + 0xbb, 0xf1, 0xed, 0xd3, 0x20, 0xaf, 0x8a, 0x62, + 0x8e, 0x11, 0xc8, 0xa9, 0x51, 0xcc, 0xbe, 0x81, + 0x47, 0x7b, 0x41, 0xa1, 0x6a, 0xf6, 0x7f, 0x05, + 0xe8, 0x51, 0x2f, 0x9e, 0x01, 0xf8, 0xcf, 0x49}, + G89_ECB, + {0}, + { + 0xc3, 0x73, 0x90, 0x95, 0x35, 0x58, 0x08, 0x63, + 0xcb, 0x68, 0x85, 0x96, 0x77, 0xe8, 0xfb, 0xa9} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 16, + { + 0xd2, 0xfd, 0xf8, 0x3a, 0xc1, 0xb4, 0x39, 0x23, + 0x2e, 0xaa, 0xcc, 0x98, 0x0a, 0x02, 0xda, 0x33}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcfb1", + { + 0x8d, 0x5a, 0x2c, 0x83, 0xa7, 0xc7, 0x0a, 0x61, + 0xd6, 0x1b, 0x34, 0xb5, 0x1f, 0xdf, 0x42, 0x68, + 0x66, 0x71, 0xa3, 0x5d, 0x87, 0x4c, 0xfd, 0x84, + 0x99, 0x36, 0x63, 0xb6, 0x1e, 0xd6, 0x0d, 0xad}, + G89_CFB, + { + 0x46, 0x60, 0x6f, 0x0d, 0x88, 0x34, 0x23, 0x5a}, + { + 0x88, 0xb7, 0x75, 0x16, 0x74, 0xa5, 0xee, 0x2d, + 0x14, 0xfe, 0x91, 0x67, 0xd0, 0x5c, 0xcc, 0x40} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 16, + { + 0x90, 0xa2, 0x39, 0x66, 0xae, 0x01, 0xb9, 0xa3, + 0x52, 0x4e, 0xc8, 0xed, 0x6c, 0xdd, 0x88, 0x30}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcnt1", + { + 0x59, 0x9f, 0x84, 0xba, 0xc3, 0xf3, 0xd2, 0xf1, + 0x60, 0xe1, 0xe3, 0xf2, 0x6a, 0x96, 0x1a, 0xf9, + 0x9c, 0x48, 0xb2, 0x4e, 0xbc, 0xbb, 0xbf, 0x7c, + 0xd8, 0xf3, 0xac, 0xcd, 0x96, 0x8d, 0x28, 0x6a}, + G89_CNT, + { + 0x8d, 0xaf, 0xa8, 0xd1, 0x58, 0xed, 0x05, 0x8d}, + { + 0x6e, 0x72, 0x62, 0xcc, 0xe3, 0x59, 0x36, 0x90, + 0x83, 0x3a, 0xfe, 0xa9, 0x1b, 0xc9, 0xbe, 0xce} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 16, + { + 0xb5, 0xa1, 0xf0, 0xe3, 0xce, 0x2f, 0x02, 0x1d, + 0x67, 0x61, 0x94, 0x34, 0x5c, 0x41, 0xe3, 0x6e}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit1", + { + 0x9d, 0x05, 0xb7, 0x9e, 0x90, 0xca, 0xd0, 0x0a, + 0x2c, 0xda, 0xd2, 0x2e, 0xf4, 0xe8, 0x6f, 0x5c, + 0xf5, 0xdc, 0x37, 0x68, 0x19, 0x85, 0xb3, 0xbf, + 0xaa, 0x18, 0xc1, 0xc3, 0x05, 0x0a, 0x91, 0xa2}, + G89_IMIT, + {0}, + { + 0xf8, 0x1f, 0x08, 0xa3} + }, + /* + * Other paramsets and key meshing test cases. + */ + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 1039, + { + 0x8c, 0x9c, 0x44, 0x35, 0xfb, 0xe9, 0xa5, 0xa3, + 0xa0, 0xae, 0x28, 0x56, 0x91, 0x10, 0x8e, 0x1e, + 0xd2, 0xbb, 0x18, 0x53, 0x81, 0x27, 0x0d, 0xa6, + 0x68, 0x59, 0x36, 0xc5, 0x81, 0x62, 0x9a, 0x8e, + 0x7d, 0x50, 0xf1, 0x6f, 0x97, 0x62, 0x29, 0xec, + 0x80, 0x51, 0xe3, 0x7d, 0x6c, 0xc4, 0x07, 0x95, + 0x28, 0x63, 0xdc, 0xb4, 0xb9, 0x2d, 0xb8, 0x13, + 0xb1, 0x05, 0xb5, 0xf9, 0xeb, 0x75, 0x37, 0x4e, + 0xf7, 0xbf, 0x51, 0xf1, 0x98, 0x86, 0x43, 0xc4, + 0xe4, 0x3d, 0x3e, 0xa7, 0x62, 0xec, 0x41, 0x59, + 0xe0, 0xbd, 0xfb, 0xb6, 0xfd, 0xec, 0xe0, 0x77, + 0x13, 0xd2, 0x59, 0x90, 0xa1, 0xb8, 0x97, 0x6b, + 0x3d, 0x8b, 0x7d, 0xfc, 0x9d, 0xca, 0x82, 0x73, + 0x32, 0x70, 0x0a, 0x74, 0x03, 0xc6, 0x0c, 0x26, + 0x7f, 0x56, 0xf0, 0x9d, 0xb2, 0xeb, 0x71, 0x40, + 0xd7, 0xc3, 0xb1, 0xa7, 0xc5, 0x1e, 0x20, 0x17, + 0xb3, 0x50, 0x1d, 0x8a, 0x6e, 0x19, 0xcb, 0xbe, + 0x20, 0x86, 0x2b, 0xd6, 0x1c, 0xfd, 0xb4, 0xb7, + 0x5d, 0x9a, 0xb3, 0xe3, 0x7d, 0x15, 0x7a, 0x35, + 0x01, 0x9f, 0x5d, 0x65, 0x89, 0x4b, 0x34, 0xc6, + 0xf4, 0x81, 0x3f, 0x78, 0x30, 0xcf, 0xe9, 0x15, + 0x90, 0x9a, 0xf9, 0xde, 0xba, 0x63, 0xd0, 0x19, + 0x14, 0x66, 0x3c, 0xb9, 0xa4, 0xb2, 0x84, 0x94, + 0x02, 0xcf, 0xce, 0x20, 0xcf, 0x76, 0xe7, 0xc5, + 0x48, 0xf7, 0x69, 0x3a, 0x5d, 0xec, 0xaf, 0x41, + 0xa7, 0x12, 0x64, 0x83, 0xf5, 0x99, 0x1e, 0x9e, + 0xb2, 0xab, 0x86, 0x16, 0x00, 0x23, 0x8e, 0xe6, + 0xd9, 0x80, 0x0b, 0x6d, 0xc5, 0x93, 0xe2, 0x5c, + 0x8c, 0xd8, 0x5e, 0x5a, 0xae, 0x4a, 0x85, 0xfd, + 0x76, 0x01, 0xea, 0x30, 0xf3, 0x78, 0x34, 0x10, + 0x72, 0x51, 0xbc, 0x9f, 0x76, 0xce, 0x1f, 0xd4, + 0x8f, 0x33, 0x50, 0x34, 0xc7, 0x4d, 0x7b, 0xcf, + 0x91, 0x63, 0x7d, 0x82, 0x9e, 0xa1, 0x23, 0x45, + 0xf5, 0x45, 0xac, 0x98, 0x7a, 0x48, 0xff, 0x64, + 0xd5, 0x59, 0x47, 0xde, 0x2b, 0x3f, 0xfa, 0xec, + 0x50, 0xe0, 0x81, 0x60, 0x8b, 0xc3, 0xfc, 0x80, + 0x98, 0x17, 0xc7, 0xa3, 0xc2, 0x57, 0x3d, 0xab, + 0x91, 0x67, 0xf5, 0xc4, 0xab, 0x92, 0xc8, 0xd6, + 0x3b, 0x6b, 0x3f, 0xff, 0x15, 0x6b, 0xcf, 0x53, + 0x65, 0x02, 0xf1, 0x74, 0xca, 0xa9, 0xbe, 0x24, + 0xd2, 0xf0, 0xb7, 0x26, 0xa8, 0xd7, 0x6d, 0xed, + 0x90, 0x36, 0x7b, 0x3e, 0x41, 0xa9, 0x7f, 0xa3, + 0x1b, 0xf4, 0x43, 0xc5, 0x51, 0xbe, 0x28, 0x59, + 0xe9, 0x45, 0x26, 0x49, 0x38, 0x32, 0xf8, 0xf3, + 0x92, 0x6e, 0x30, 0xcc, 0xb0, 0xa0, 0xf9, 0x01, + 0x14, 0xc8, 0xba, 0xd9, 0xf0, 0x2a, 0x29, 0xe2, + 0x52, 0x9a, 0x76, 0x95, 0x3a, 0x16, 0x32, 0xec, + 0xf4, 0x10, 0xec, 0xee, 0x47, 0x00, 0x70, 0x19, + 0xe4, 0x72, 0x35, 0x66, 0x44, 0x53, 0x2d, 0xa2, + 0xf3, 0xaa, 0x7e, 0x8a, 0x33, 0x13, 0xcd, 0xc8, + 0xbf, 0x0e, 0x40, 0x90, 0x00, 0xe4, 0x42, 0xc3, + 0x09, 0x84, 0xe1, 0x66, 0x17, 0xa2, 0xaf, 0x03, + 0xab, 0x6b, 0xa1, 0xec, 0xfb, 0x17, 0x72, 0x81, + 0xfe, 0x9a, 0x9f, 0xf4, 0xb2, 0x33, 0x1f, 0xae, + 0x0c, 0xd1, 0x6a, 0xae, 0x19, 0xb8, 0xaf, 0xec, + 0xe3, 0xea, 0x00, 0xf8, 0xac, 0x87, 0x07, 0x5f, + 0x6d, 0xb0, 0xac, 0x6b, 0x22, 0x48, 0x36, 0xbf, + 0x22, 0x18, 0xb0, 0x03, 0x9f, 0x6c, 0x70, 0x45, + 0x36, 0xf0, 0x6b, 0xc6, 0xc2, 0xa5, 0x72, 0x2c, + 0xd8, 0xe0, 0x27, 0x3d, 0xec, 0x56, 0x07, 0x05, + 0x7d, 0x83, 0xa1, 0x65, 0x7d, 0x41, 0x5b, 0xcd, + 0x77, 0x24, 0xe5, 0xaa, 0x76, 0x47, 0xd0, 0x50, + 0xf6, 0xe7, 0xb5, 0x59, 0x75, 0x31, 0x27, 0xef, + 0xd8, 0xa6, 0x4e, 0x7f, 0xb8, 0x40, 0xb1, 0xdf, + 0x53, 0x14, 0xed, 0xf1, 0x68, 0x5f, 0xfc, 0x3f, + 0x02, 0xdb, 0x05, 0xeb, 0x31, 0xe4, 0x2c, 0x7f, + 0x32, 0xb5, 0x70, 0x8e, 0x75, 0x85, 0xa4, 0x5c, + 0x16, 0x23, 0x37, 0xf2, 0x10, 0x79, 0xcb, 0xdc, + 0xf8, 0x1c, 0x25, 0xc2, 0xa1, 0x3d, 0x9c, 0x33, + 0x6c, 0xed, 0xc3, 0xe7, 0xf3, 0x02, 0x87, 0x82, + 0x4e, 0xfb, 0xac, 0xb3, 0x2d, 0xfc, 0xf8, 0x0d, + 0x1d, 0x4a, 0x39, 0xd4, 0xb3, 0x09, 0xbb, 0xe9, + 0x25, 0xc7, 0xec, 0x6a, 0x87, 0x72, 0x84, 0xed, + 0x12, 0x60, 0x19, 0x64, 0xeb, 0x16, 0x2a, 0x5b, + 0x10, 0x76, 0x27, 0xff, 0x7b, 0xe4, 0xae, 0xe5, + 0xa4, 0x04, 0x02, 0x7f, 0xbb, 0x0a, 0xb5, 0xf4, + 0x05, 0xa5, 0x56, 0x1c, 0x53, 0x31, 0x7a, 0x93, + 0xba, 0x16, 0x15, 0xab, 0x62, 0x60, 0xfc, 0xde, + 0x72, 0x36, 0x6e, 0x28, 0xaf, 0x98, 0x0d, 0xe6, + 0xf4, 0xde, 0x60, 0xa7, 0x7e, 0x06, 0x07, 0x86, + 0xf3, 0x94, 0xb6, 0x6d, 0x0d, 0x93, 0xa6, 0xbc, + 0x60, 0x70, 0x33, 0xac, 0x3f, 0xa1, 0xa8, 0x4a, + 0x20, 0x61, 0xb6, 0xb5, 0x43, 0xa3, 0x15, 0x5a, + 0x00, 0xbe, 0x76, 0x98, 0x57, 0x72, 0xab, 0x7a, + 0x0e, 0x18, 0x93, 0x82, 0x3a, 0x18, 0x78, 0x6e, + 0x71, 0x7b, 0x78, 0x4f, 0x7e, 0x8c, 0xde, 0x7a, + 0x62, 0xb5, 0x0a, 0x7c, 0x45, 0x1d, 0x16, 0xd5, + 0xc3, 0x8c, 0x9b, 0x25, 0xb4, 0x50, 0x90, 0xcd, + 0x96, 0x93, 0xad, 0x0f, 0xd4, 0x43, 0xcb, 0x49, + 0x0f, 0xfc, 0x5a, 0x31, 0xf4, 0x19, 0xb7, 0xd4, + 0xeb, 0x4d, 0x40, 0x58, 0xd0, 0x3b, 0xc8, 0xe0, + 0x4a, 0x54, 0x2f, 0xdb, 0x22, 0xc3, 0x29, 0x7b, + 0x40, 0x90, 0x61, 0x43, 0xd3, 0x7e, 0xe2, 0x30, + 0x2b, 0x48, 0x3c, 0xce, 0x90, 0x93, 0xb1, 0x8b, + 0x31, 0x96, 0x65, 0x6d, 0x57, 0x8b, 0x9d, 0x4d, + 0x53, 0xf0, 0x83, 0x1c, 0xe5, 0xa1, 0x9d, 0x55, + 0xe3, 0xbf, 0x7e, 0xca, 0x1a, 0x74, 0x66, 0x14, + 0xcc, 0x47, 0x43, 0xd9, 0xbb, 0xef, 0x97, 0x7d, + 0xb7, 0x6e, 0xff, 0xf1, 0x22, 0xf8, 0x10, 0x2d, + 0x3f, 0xcd, 0x49, 0x96, 0xd9, 0x09, 0x11, 0xb8, + 0x33, 0xd0, 0x23, 0x9a, 0xfa, 0x16, 0xcb, 0x50, + 0x26, 0x57, 0x24, 0x5c, 0x0e, 0xba, 0xf0, 0x3f, + 0x37, 0x2f, 0xa3, 0xf7, 0x18, 0x57, 0x48, 0x48, + 0x95, 0xcf, 0xef, 0x87, 0x67, 0x2a, 0xe9, 0xb6, + 0x8a, 0x21, 0x36, 0x7f, 0xff, 0x48, 0x6c, 0x46, + 0x35, 0x57, 0xf2, 0xbc, 0x48, 0x67, 0x8f, 0x63, + 0x23, 0x78, 0x11, 0x2b, 0xc2, 0x08, 0xde, 0x51, + 0xe8, 0x8b, 0x92, 0x29, 0xf9, 0x9a, 0x9e, 0xad, + 0xed, 0x0f, 0xeb, 0xa2, 0xd2, 0x40, 0x92, 0xd4, + 0xde, 0x62, 0x95, 0x76, 0xfd, 0x6e, 0x3c, 0xbf, + 0xc0, 0xd7, 0x0d, 0xe5, 0x1b, 0xa4, 0xc7, 0x18, + 0xe1, 0x58, 0xa4, 0x56, 0xef, 0x2e, 0x17, 0x1b, + 0x75, 0xcb, 0xbc, 0xf9, 0x2a, 0x95, 0x71, 0xa7, + 0x1d, 0x7f, 0xe7, 0x73, 0x63, 0x05, 0x6b, 0x19, + 0x4c, 0xf4, 0x22, 0x14, 0xc4, 0x59, 0x88, 0x66, + 0x92, 0x86, 0x61, 0x5c, 0x6a, 0xae, 0xec, 0x58, + 0xff, 0xc9, 0xf2, 0x44, 0xd4, 0xa2, 0xf5, 0x98, + 0xeb, 0x5f, 0x09, 0xbc, 0x8a, 0xbf, 0x3c, 0xb4, + 0x3e, 0xb1, 0x20, 0x05, 0x44, 0x96, 0x79, 0x0a, + 0x40, 0x92, 0x7f, 0x9d, 0xd1, 0xaf, 0xbc, 0x90, + 0x95, 0x0a, 0x81, 0xd4, 0xa7, 0xc6, 0xb8, 0xe0, + 0xe4, 0x39, 0x30, 0x1d, 0x79, 0xc0, 0xe5, 0xfa, + 0xb4, 0xe9, 0x63, 0xb4, 0x09, 0x72, 0x3b, 0x3e, + 0xd9, 0xf6, 0xd9, 0x10, 0x21, 0x18, 0x7e, 0xe5, + 0xad, 0x81, 0xd7, 0xd5, 0x82, 0xd0, 0x8c, 0x3b, + 0x38, 0x95, 0xf8, 0x92, 0x01, 0xa9, 0x92, 0x00, + 0x70, 0xd1, 0xa7, 0x88, 0x77, 0x1f, 0x3a, 0xeb, + 0xb5, 0xe4, 0xf5, 0x9d, 0xc7, 0x37, 0x86, 0xb2, + 0x12, 0x46, 0x34, 0x19, 0x72, 0x8c, 0xf5, 0x8c, + 0xf6, 0x78, 0x98, 0xe0, 0x7c, 0xd3, 0xf4}, + "id-Gost28147-89-CryptoPro-B-ParamSet", + "testcfb2", + { + 0x48, 0x0c, 0x74, 0x1b, 0x02, 0x6b, 0x55, 0xd5, + 0xb6, 0x6d, 0xd7, 0x1d, 0x40, 0x48, 0x05, 0x6b, + 0x6d, 0xeb, 0x3c, 0x29, 0x0f, 0x84, 0x80, 0x23, + 0xee, 0x0d, 0x47, 0x77, 0xe3, 0xfe, 0x61, 0xc9}, + G89_CFB, + { + 0x1f, 0x3f, 0x82, 0x1e, 0x0d, 0xd8, 0x1e, 0x22}, + { + 0x23, 0xc6, 0x7f, 0x20, 0xa1, 0x23, 0x58, 0xbc, + 0x7b, 0x05, 0xdb, 0x21, 0x15, 0xcf, 0x96, 0x41, + 0xc7, 0x88, 0xef, 0x76, 0x5c, 0x49, 0xdb, 0x42, + 0xbf, 0xf3, 0xc0, 0xf5, 0xbd, 0x5d, 0xd9, 0x8e, + 0xaf, 0x3d, 0xf4, 0xe4, 0xda, 0x88, 0xbd, 0xbc, + 0x47, 0x5d, 0x76, 0x07, 0xc9, 0x5f, 0x54, 0x1d, + 0x1d, 0x6a, 0xa1, 0x2e, 0x18, 0xd6, 0x60, 0x84, + 0x02, 0x18, 0x37, 0x92, 0x92, 0x15, 0xab, 0x21, + 0xee, 0x21, 0xcc, 0x71, 0x6e, 0x51, 0xd9, 0x2b, + 0xcc, 0x81, 0x97, 0x3f, 0xeb, 0x45, 0x99, 0xb8, + 0x1b, 0xda, 0xff, 0x90, 0xd3, 0x41, 0x06, 0x9c, + 0x3f, 0xfb, 0xe4, 0xb2, 0xdc, 0xc9, 0x03, 0x0d, + 0xa7, 0xae, 0xd7, 0x7d, 0x02, 0xb8, 0x32, 0xab, + 0xf3, 0x65, 0xa3, 0x65, 0x6c, 0x4e, 0xe4, 0xa2, + 0x5e, 0x9e, 0xee, 0xcd, 0xde, 0x79, 0x36, 0x6b, + 0x1b, 0xe1, 0x3c, 0xdf, 0x10, 0xad, 0x4f, 0x02, + 0xe1, 0x14, 0xaa, 0x09, 0xb4, 0x0b, 0x76, 0xeb, + 0x69, 0x38, 0x20, 0x02, 0xcb, 0x8e, 0xc0, 0xdf, + 0xca, 0x48, 0x74, 0xc3, 0x31, 0xad, 0x42, 0x2c, + 0x51, 0x9b, 0xd0, 0x6a, 0xc1, 0x36, 0xd7, 0x21, + 0xdf, 0xb0, 0x45, 0xba, 0xca, 0x7f, 0x35, 0x20, + 0x28, 0xbb, 0xc1, 0x76, 0xfd, 0x43, 0x5d, 0x23, + 0x7d, 0x31, 0x84, 0x1a, 0x97, 0x4d, 0x83, 0xaa, + 0x7e, 0xf1, 0xc4, 0xe6, 0x83, 0xac, 0x0d, 0xef, + 0xef, 0x3c, 0xa4, 0x7c, 0x48, 0xe4, 0xc8, 0xca, + 0x0d, 0x7d, 0xea, 0x7c, 0x45, 0xd7, 0x73, 0x50, + 0x25, 0x1d, 0x01, 0xc4, 0x02, 0x1a, 0xcd, 0xe0, + 0x38, 0x5b, 0xa8, 0x5a, 0x16, 0x9a, 0x10, 0x59, + 0x74, 0xd7, 0x19, 0xc6, 0xf3, 0xb5, 0x17, 0xf6, + 0x59, 0x8d, 0x62, 0xaf, 0x44, 0xe8, 0xdc, 0xe9, + 0xc1, 0x76, 0xf1, 0xd0, 0xbd, 0x29, 0xd7, 0xec, + 0x1d, 0xac, 0x57, 0xdb, 0x1a, 0x3f, 0xd8, 0xf6, + 0x6e, 0xb6, 0xe6, 0xdf, 0x36, 0xe7, 0x89, 0xce, + 0x56, 0x35, 0x43, 0x1c, 0x7d, 0x57, 0x79, 0x0e, + 0xd8, 0xf4, 0xd7, 0xa7, 0x0d, 0xc6, 0x8f, 0x91, + 0x66, 0x67, 0x82, 0x0f, 0x49, 0xc9, 0xc5, 0x65, + 0x81, 0xa1, 0x39, 0x5a, 0x53, 0x9f, 0x02, 0xa5, + 0xd5, 0x36, 0x22, 0xa8, 0xa8, 0x1c, 0x37, 0x0e, + 0x76, 0x46, 0xdf, 0xbd, 0x6a, 0xdb, 0xfc, 0x1b, + 0xbd, 0x10, 0xb8, 0xb1, 0xbc, 0x72, 0x4c, 0x58, + 0x4a, 0xda, 0x6d, 0x66, 0x00, 0xda, 0x7a, 0x66, + 0xa0, 0xe7, 0x3b, 0x39, 0xa3, 0xf7, 0x05, 0x07, + 0xfa, 0x21, 0x4b, 0xc7, 0x94, 0xc0, 0xd3, 0x7b, + 0x19, 0x02, 0x5d, 0x4a, 0x10, 0xf1, 0xc2, 0x0f, + 0x19, 0x68, 0x27, 0xc7, 0x7d, 0xbf, 0x55, 0x03, + 0x57, 0x7d, 0xaf, 0x77, 0xae, 0x80, 0x2f, 0x7a, + 0xe6, 0x1f, 0x4b, 0xdc, 0x15, 0x18, 0xc0, 0x62, + 0xa1, 0xe8, 0xd9, 0x1c, 0x9e, 0x8c, 0x96, 0x39, + 0xc1, 0xc4, 0x88, 0xf7, 0x0c, 0xe1, 0x04, 0x84, + 0x68, 0x51, 0xce, 0xf1, 0x90, 0xda, 0x7f, 0x76, + 0xc8, 0xc0, 0x88, 0xef, 0x8e, 0x15, 0x25, 0x3e, + 0x7b, 0xe4, 0x79, 0xb5, 0x66, 0x2d, 0x9c, 0xd1, + 0x13, 0xda, 0xd0, 0xd5, 0x46, 0xd5, 0x8d, 0x46, + 0x18, 0x07, 0xee, 0xd8, 0xc9, 0x64, 0xe3, 0xbe, + 0x0e, 0x68, 0x27, 0x09, 0x96, 0x26, 0xf6, 0xe2, + 0x19, 0x61, 0x3f, 0xf4, 0x58, 0x27, 0x0a, 0xeb, + 0xce, 0x7c, 0xb6, 0x68, 0x92, 0xe7, 0x12, 0x3b, + 0x31, 0xd4, 0x48, 0xdf, 0x35, 0x8d, 0xf4, 0x86, + 0x42, 0x2a, 0x15, 0x4b, 0xe8, 0x19, 0x1f, 0x26, + 0x65, 0x9b, 0xa8, 0xda, 0x4b, 0x79, 0x1f, 0x8e, + 0xe6, 0x13, 0x7e, 0x49, 0x8f, 0xc1, 0xce, 0xdc, + 0x5e, 0x64, 0x74, 0xce, 0x02, 0x78, 0xe0, 0xcf, + 0xa0, 0xed, 0x5e, 0x31, 0x74, 0xd1, 0xd0, 0xb4, + 0xee, 0x70, 0x19, 0x14, 0x3c, 0x8f, 0x16, 0xa6, + 0xcf, 0x12, 0x93, 0x15, 0x88, 0xeb, 0x91, 0x65, + 0x76, 0x98, 0xfd, 0xa1, 0x94, 0x30, 0xba, 0x43, + 0x62, 0x65, 0x40, 0x04, 0x77, 0x9e, 0xd6, 0xab, + 0x8b, 0x0d, 0x93, 0x80, 0x50, 0x5f, 0xa2, 0x76, + 0x20, 0xa7, 0xd6, 0x9c, 0x27, 0x15, 0x27, 0xbc, + 0xa5, 0x5a, 0xbf, 0xe9, 0x92, 0x82, 0x05, 0xa8, + 0x41, 0xe9, 0xb5, 0x60, 0xd5, 0xc0, 0xd7, 0x4b, + 0xad, 0x38, 0xb2, 0xe9, 0xd1, 0xe5, 0x51, 0x5f, + 0x24, 0x78, 0x24, 0x9a, 0x23, 0xd2, 0xc2, 0x48, + 0xbd, 0x0e, 0xf1, 0x37, 0x72, 0x91, 0x87, 0xb0, + 0x4e, 0xbd, 0x99, 0x6b, 0x2c, 0x01, 0xb6, 0x79, + 0x69, 0xec, 0x0c, 0xed, 0xe5, 0x3f, 0x50, 0x64, + 0x7c, 0xb9, 0xdd, 0xe1, 0x92, 0x81, 0xb5, 0xd0, + 0xcb, 0x17, 0x83, 0x86, 0x8b, 0xea, 0x4f, 0x93, + 0x08, 0xbc, 0x22, 0x0c, 0xef, 0xe8, 0x0d, 0xf5, + 0x9e, 0x23, 0xe1, 0xf9, 0xb7, 0x6b, 0x45, 0x0b, + 0xcb, 0xa9, 0xb6, 0x4d, 0x28, 0x25, 0xba, 0x3e, + 0x86, 0xf2, 0x75, 0x47, 0x5d, 0x9d, 0x6b, 0xf6, + 0x8a, 0x05, 0x58, 0x73, 0x3d, 0x00, 0xde, 0xfd, + 0x69, 0xb1, 0x61, 0x16, 0xf5, 0x2e, 0xb0, 0x9f, + 0x31, 0x6a, 0x00, 0xb9, 0xef, 0x71, 0x63, 0x47, + 0xa3, 0xca, 0xe0, 0x40, 0xa8, 0x7e, 0x02, 0x04, + 0xfe, 0xe5, 0xce, 0x48, 0x73, 0xe3, 0x94, 0xcf, + 0xe2, 0xff, 0x29, 0x7e, 0xf6, 0x32, 0xbb, 0xb7, + 0x55, 0x12, 0x21, 0x7a, 0x9c, 0x75, 0x04, 0x0c, + 0xb4, 0x7c, 0xb0, 0x3d, 0x40, 0xb3, 0x11, 0x9a, + 0x7a, 0x9a, 0x13, 0xfb, 0x77, 0xa7, 0x51, 0x68, + 0xf7, 0x05, 0x47, 0x3b, 0x0f, 0x52, 0x5c, 0xe6, + 0xc2, 0x99, 0x3a, 0x37, 0x54, 0x5c, 0x4f, 0x2b, + 0xa7, 0x01, 0x08, 0x74, 0xbc, 0x91, 0xe3, 0xe2, + 0xfe, 0x65, 0x94, 0xfd, 0x3d, 0x18, 0xe0, 0xf0, + 0x62, 0xed, 0xc2, 0x10, 0x82, 0x9c, 0x58, 0x7f, + 0xb2, 0xa3, 0x87, 0x8a, 0x74, 0xd9, 0xc1, 0xfb, + 0x84, 0x28, 0x17, 0xc7, 0x2b, 0xcb, 0x53, 0x1f, + 0x4e, 0x8a, 0x82, 0xfc, 0xb4, 0x3f, 0xc1, 0x47, + 0x25, 0xf3, 0x21, 0xdc, 0x4c, 0x2d, 0x08, 0xfa, + 0xe7, 0x0f, 0x03, 0xa9, 0x68, 0xde, 0x6b, 0x41, + 0xa0, 0xf9, 0x41, 0x6c, 0x57, 0x4d, 0x3a, 0x0e, + 0xea, 0x51, 0xca, 0x9f, 0x97, 0x11, 0x7d, 0xf6, + 0x8e, 0x88, 0x63, 0x67, 0xc9, 0x65, 0x13, 0xca, + 0x38, 0xed, 0x35, 0xbe, 0xf4, 0x27, 0xa9, 0xfc, + 0xa9, 0xe6, 0xc3, 0x40, 0x86, 0x08, 0x39, 0x72, + 0x37, 0xee, 0xb2, 0x87, 0x09, 0x96, 0xb7, 0x40, + 0x87, 0x36, 0x92, 0xc1, 0x5d, 0x6a, 0x2c, 0x43, + 0xca, 0x25, 0xc8, 0x35, 0x37, 0x2d, 0xb5, 0xa9, + 0x27, 0x44, 0x50, 0xf2, 0x6d, 0x22, 0x75, 0x41, + 0x77, 0x2a, 0xdb, 0xb1, 0x8c, 0x6d, 0x05, 0xe8, + 0xc9, 0x99, 0xc7, 0x08, 0xf9, 0x14, 0x8f, 0x78, + 0xa9, 0x8f, 0xc2, 0x5a, 0x7a, 0x65, 0xc5, 0xd8, + 0x86, 0xbb, 0x72, 0x69, 0x6b, 0x6b, 0x45, 0x83, + 0x5b, 0xb1, 0xf7, 0xcd, 0x16, 0x73, 0xee, 0xe9, + 0x80, 0x85, 0xfe, 0x8e, 0xe1, 0xae, 0x53, 0x8f, + 0xde, 0xbe, 0x48, 0x8b, 0x59, 0xef, 0xf6, 0x7e, + 0xd8, 0xb5, 0xa8, 0x47, 0xc0, 0x4e, 0x15, 0x58, + 0xca, 0xd3, 0x2f, 0xf8, 0x6c, 0xa6, 0x3d, 0x78, + 0x4d, 0x7a, 0x54, 0xd6, 0x10, 0xe5, 0xcc, 0x05, + 0xe2, 0x29, 0xb5, 0x86, 0x07, 0x39, 0x7d, 0x78, + 0x8e, 0x5a, 0x8f, 0x83, 0x4c, 0xe7, 0x3d, 0x68, + 0x3e, 0xe5, 0x02, 0xe6, 0x64, 0x4f, 0x5e, 0xb4, + 0x49, 0x77, 0xf0, 0xc0, 0xfa, 0x6f, 0xc8, 0xfb, + 0x9f, 0x84, 0x6f, 0x55, 0xfb, 0x30, 0x5e, 0x89, + 0x93, 0xa9, 0xf3, 0xa6, 0xa3, 0xd7, 0x26, 0xbb, + 0xd8, 0xa8, 0xd9, 0x95, 0x1d, 0xfe, 0xfc, 0xd7, + 0xa8, 0x93, 0x66, 0x2f, 0x04, 0x53, 0x06, 0x64, + 0x7f, 0x31, 0x29, 0xae, 0xb7, 0x9f, 0xba, 0xc4, + 0x6d, 0x68, 0xd1, 0x24, 0x32, 0xf4, 0x11} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 4, + { + 0x07, 0x9c, 0x91, 0xbe}, + "id-Gost28147-89-CryptoPro-C-ParamSet", + "testcfb3", + { + 0x77, 0xc3, 0x45, 0x8e, 0xf6, 0x42, 0xe7, 0x04, + 0x8e, 0xfc, 0x08, 0xe4, 0x70, 0x96, 0xd6, 0x05, + 0x93, 0x59, 0x02, 0x6d, 0x6f, 0x97, 0xca, 0xe9, + 0xcf, 0x89, 0x44, 0x4b, 0xde, 0x6c, 0x22, 0x1d}, + G89_CFB, + { + 0x43, 0x7c, 0x3e, 0x8e, 0x2f, 0x2a, 0x00, 0x98}, + { + 0x19, 0x35, 0x81, 0x34} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 9, + { + 0x2f, 0x31, 0xd8, 0x83, 0xb4, 0x20, 0xe8, 0x6e, + 0xda}, + "id-Gost28147-89-CryptoPro-D-ParamSet", + "testcfb4", + { + 0x38, 0x9f, 0xe8, 0x37, 0xff, 0x9c, 0x5d, 0x29, + 0xfc, 0x48, 0x55, 0xa0, 0x87, 0xea, 0xe8, 0x40, + 0x20, 0x87, 0x5b, 0xb2, 0x01, 0x15, 0x55, 0xa7, + 0xe3, 0x2d, 0xcb, 0x3d, 0xd6, 0x59, 0x04, 0x73}, + G89_CFB, + { + 0xc5, 0xa2, 0xd2, 0x1f, 0x2f, 0xdf, 0xb8, 0xeb}, + { + 0x6d, 0xa4, 0xed, 0x40, 0x08, 0x88, 0x71, 0xad, + 0x16} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 5242880 + 8, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mcfb", + { + 0x61, 0x58, 0x44, 0x5a, 0x41, 0xf6, 0xc7, 0x0f, + 0x6b, 0xdb, 0x51, 0x91, 0x6a, 0xf6, 0x81, 0x30, + 0x8c, 0xa7, 0x98, 0xdd, 0x38, 0x35, 0x8a, 0x60, + 0x85, 0xb4, 0xf0, 0xf9, 0x43, 0xa2, 0x7d, 0x9a}, + G89_CFB, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + { + 0x1c, 0x16, 0xa0, 0xe9, 0x63, 0x94, 0xfe, 0x38, + 0x37, 0xa7, 0x9b, 0x70, 0x25, 0x2e, 0xd6, 0x00} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + U64(4294967296) + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gcfb", + { + 0xae, 0x57, 0xa2, 0xdd, 0xa4, 0xef, 0x4f, 0x96, + 0xb8, 0x94, 0xa5, 0xd1, 0x1b, 0xc8, 0x9b, 0x42, + 0xa5, 0x24, 0xcc, 0x89, 0x5c, 0xb8, 0x92, 0x52, + 0xc1, 0x12, 0x6a, 0xb0, 0x9a, 0x26, 0xe8, 0x06}, + G89_CFB, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + { + 0x2e, 0x62, 0xb0, 0x2e, 0xc7, 0x87, 0x4b, 0x29, + 0x33, 0x16, 0x6b, 0xb4, 0xd6, 0x61, 0x66, 0xd9} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 1037, + { + 0x3d, 0x0b, 0x69, 0xf7, 0xa8, 0xe4, 0xfc, 0x99, + 0x22, 0x2e, 0xee, 0xd1, 0x63, 0x12, 0xfe, 0xa8, + 0x9d, 0xcb, 0x6c, 0x4d, 0x48, 0x8c, 0xe8, 0xbd, + 0x8b, 0x60, 0xf1, 0xbf, 0x7b, 0xe3, 0x79, 0xd5, + 0x2b, 0x25, 0x97, 0x13, 0xef, 0x35, 0xda, 0xf4, + 0xbc, 0x77, 0xce, 0xea, 0xe9, 0x3f, 0xa4, 0xb6, + 0x01, 0xd5, 0x73, 0x29, 0x58, 0xda, 0xd7, 0x67, + 0x17, 0xac, 0xe4, 0x75, 0x2f, 0x57, 0x23, 0xac, + 0x96, 0x21, 0xc7, 0x62, 0x2d, 0xf7, 0x32, 0xb5, + 0x44, 0x5f, 0x72, 0xb1, 0x5f, 0xba, 0x1b, 0x1e, + 0xdb, 0x4a, 0x09, 0x8c, 0x92, 0x61, 0xa2, 0xb0, + 0x49, 0x68, 0xe5, 0xb3, 0xa2, 0x8f, 0x13, 0x4b, + 0xf5, 0x4d, 0x84, 0xda, 0xab, 0xa0, 0xb6, 0xd1, + 0x5a, 0x63, 0x19, 0xe8, 0xa2, 0x09, 0xf6, 0x76, + 0x6f, 0x9b, 0x48, 0x0a, 0x15, 0x5d, 0xb7, 0x20, + 0x21, 0x9a, 0x2e, 0xb9, 0x6d, 0xfa, 0x1e, 0xc2, + 0x0e, 0xef, 0x15, 0xab, 0x59, 0x01, 0xfe, 0x43, + 0x90, 0xf2, 0x62, 0xca, 0x4a, 0x9a, 0x48, 0x38, + 0xab, 0x6f, 0x9d, 0x21, 0xb3, 0xad, 0xa7, 0x60, + 0x46, 0xe3, 0xef, 0xd0, 0xe3, 0x1d, 0xc5, 0xe1, + 0xb8, 0xa1, 0xe2, 0x99, 0x20, 0xc5, 0x76, 0xcc, + 0xaa, 0x8a, 0xa9, 0x45, 0x55, 0xa0, 0x78, 0x00, + 0x64, 0xde, 0xcf, 0x5b, 0xdf, 0x26, 0x48, 0xcd, + 0xba, 0x8a, 0xb5, 0xfb, 0xfd, 0x4a, 0xd5, 0xc4, + 0xe0, 0x43, 0xa6, 0x71, 0x90, 0xa4, 0x8b, 0xca, + 0x2e, 0x88, 0x7b, 0xac, 0xb2, 0xdc, 0xf2, 0x01, + 0xcb, 0xda, 0x6e, 0x91, 0x27, 0x28, 0x44, 0x88, + 0x9a, 0xd2, 0x12, 0xf1, 0xa6, 0xf5, 0xb7, 0x61, + 0xce, 0x79, 0x62, 0x52, 0x3c, 0xe6, 0x14, 0x73, + 0xd1, 0x41, 0x92, 0x50, 0xbd, 0xdc, 0x3b, 0xd0, + 0xa7, 0x11, 0x8c, 0x3a, 0xe4, 0x2d, 0xf2, 0x52, + 0xd3, 0x2f, 0x7c, 0x8e, 0x54, 0x90, 0x4e, 0x23, + 0xae, 0xb3, 0xa0, 0xf3, 0x25, 0x7e, 0x66, 0xaa, + 0x0f, 0x6f, 0x81, 0x72, 0x77, 0xbb, 0xd3, 0x47, + 0xe8, 0x05, 0xff, 0xe1, 0x5b, 0xc9, 0x37, 0x50, + 0x33, 0x49, 0x17, 0xaf, 0xab, 0x1d, 0xe1, 0x15, + 0xf2, 0xe5, 0x98, 0x5e, 0x2d, 0x05, 0x1f, 0x0d, + 0x55, 0x97, 0xed, 0xff, 0x5e, 0xe0, 0x0f, 0xc3, + 0x9c, 0xbd, 0x82, 0xc2, 0x06, 0xbe, 0x45, 0x66, + 0xae, 0x33, 0xbe, 0x28, 0x48, 0xe9, 0x2d, 0x1a, + 0xe6, 0x65, 0x8e, 0xdf, 0x76, 0x03, 0x73, 0x4b, + 0xc0, 0x80, 0x71, 0xf9, 0xac, 0xba, 0xa0, 0xb0, + 0x19, 0x1a, 0x0a, 0xd4, 0x35, 0x12, 0x88, 0x76, + 0x05, 0x75, 0x8f, 0x7c, 0xb5, 0xf0, 0x19, 0x75, + 0x6d, 0x05, 0xcb, 0x0d, 0xbc, 0x8d, 0xe9, 0xf0, + 0xd4, 0xdb, 0x3c, 0x3c, 0x29, 0x8e, 0x2c, 0x32, + 0x1d, 0xf7, 0xb6, 0x49, 0xcf, 0xdb, 0x63, 0xee, + 0x3c, 0xfa, 0x33, 0x73, 0x6f, 0xe4, 0x97, 0x4e, + 0x2f, 0xc9, 0x4c, 0x5c, 0x65, 0xfe, 0xea, 0xfb, + 0xc6, 0xdd, 0xc1, 0x1c, 0x47, 0x3f, 0xf4, 0x50, + 0x2f, 0xde, 0x1b, 0x5b, 0x0b, 0x16, 0xca, 0xb6, + 0x46, 0x44, 0xf2, 0xc1, 0x0d, 0xa1, 0x1d, 0xa6, + 0xdb, 0xf0, 0x3d, 0xb1, 0x6c, 0x05, 0x31, 0x85, + 0x8e, 0x74, 0xae, 0xf2, 0x39, 0x26, 0xf7, 0xc1, + 0xe7, 0x4c, 0xdd, 0x9d, 0x40, 0xb8, 0xf3, 0xc5, + 0xc2, 0x16, 0x64, 0x6b, 0xaa, 0xdb, 0x4b, 0x82, + 0x5c, 0xd3, 0x02, 0xd3, 0x8f, 0x26, 0x79, 0x8d, + 0xb0, 0x78, 0x70, 0x19, 0x58, 0x0c, 0xb4, 0x31, + 0x88, 0x44, 0x1c, 0x91, 0x6f, 0xf4, 0x52, 0x39, + 0xa8, 0xf5, 0xc0, 0x1b, 0xfe, 0xf2, 0x0e, 0x4b, + 0xac, 0x0a, 0xc2, 0x7e, 0x9c, 0x9b, 0xeb, 0x5d, + 0x4e, 0x4f, 0x42, 0xd8, 0x71, 0x0a, 0x97, 0x27, + 0x03, 0x14, 0x96, 0xa6, 0x3d, 0x04, 0xea, 0x9f, + 0x14, 0x14, 0x27, 0x4c, 0xd9, 0xa2, 0x89, 0x5f, + 0x65, 0x4a, 0xe1, 0x9d, 0x2c, 0xb8, 0xf8, 0xd4, + 0x8f, 0x2a, 0x57, 0x36, 0xcc, 0x06, 0x9c, 0x2c, + 0xc5, 0x13, 0x16, 0xdf, 0xfc, 0xae, 0x22, 0x16, + 0xa8, 0x2b, 0x71, 0x6f, 0x1d, 0xb3, 0x47, 0x54, + 0x3f, 0x2d, 0x0a, 0x68, 0x9f, 0x2e, 0xf6, 0x90, + 0xd8, 0xa1, 0x21, 0x09, 0xd4, 0x97, 0xb9, 0x7b, + 0x7f, 0x9b, 0x6a, 0xed, 0xd1, 0xf0, 0xe3, 0xb6, + 0x28, 0xc7, 0x62, 0x82, 0x00, 0xc9, 0x38, 0xa1, + 0x82, 0x78, 0xce, 0x87, 0xc8, 0x53, 0xac, 0x4f, + 0x2e, 0x31, 0xb9, 0x50, 0x7f, 0x36, 0x00, 0x4a, + 0x32, 0xe6, 0xd8, 0xbb, 0x59, 0x45, 0x0e, 0x91, + 0x1b, 0x38, 0xa9, 0xbc, 0xb9, 0x5e, 0x6c, 0x6a, + 0x9c, 0x03, 0x01, 0x1c, 0xde, 0xe8, 0x1f, 0x1e, + 0xe3, 0xde, 0x25, 0xa2, 0x56, 0x79, 0xe1, 0xbd, + 0x58, 0xc4, 0x93, 0xe6, 0xd0, 0x8a, 0x4d, 0x08, + 0xab, 0xf7, 0xaa, 0xc3, 0x7d, 0xc1, 0xee, 0x68, + 0x37, 0xbc, 0x78, 0x0b, 0x19, 0x68, 0x2b, 0x2b, + 0x2e, 0x6d, 0xc4, 0x6f, 0xaa, 0x3b, 0xc6, 0x19, + 0xcb, 0xf1, 0x58, 0xb9, 0x60, 0x85, 0x45, 0xae, + 0x52, 0x97, 0xba, 0x24, 0x32, 0x13, 0x72, 0x16, + 0x6e, 0x7b, 0xc1, 0x98, 0xac, 0xb1, 0xed, 0xb4, + 0xcc, 0x6c, 0xcf, 0x45, 0xfc, 0x50, 0x89, 0x80, + 0x8e, 0x7a, 0xa4, 0xd3, 0x64, 0x50, 0x63, 0x37, + 0xc9, 0x6c, 0xf1, 0xc4, 0x3d, 0xfb, 0xde, 0x5a, + 0x5c, 0xa8, 0x21, 0x35, 0xe6, 0x2e, 0x8c, 0x2a, + 0x3c, 0x12, 0x17, 0x79, 0x9a, 0x0d, 0x2e, 0x79, + 0xeb, 0x67, 0x1f, 0x2b, 0xf8, 0x6e, 0xca, 0xc1, + 0xfa, 0x45, 0x18, 0x9e, 0xdf, 0x6a, 0xe6, 0xcb, + 0xe9, 0x5c, 0xc3, 0x09, 0xaf, 0x93, 0x58, 0x13, + 0xbf, 0x90, 0x84, 0x87, 0x75, 0xd6, 0x82, 0x28, + 0x8d, 0xe7, 0x2f, 0xa3, 0xfb, 0x97, 0x74, 0x2a, + 0x73, 0x04, 0x82, 0x06, 0x76, 0x69, 0xb1, 0x0b, + 0x19, 0xfc, 0xae, 0xb3, 0xdd, 0x2a, 0xe5, 0xc1, + 0x05, 0xd8, 0x80, 0x95, 0x22, 0x90, 0x71, 0xfc, + 0xc2, 0x92, 0x42, 0xfd, 0xf1, 0x70, 0xb4, 0x68, + 0x88, 0xa4, 0x9e, 0x0a, 0x24, 0x40, 0x13, 0xc8, + 0xa2, 0x56, 0x4f, 0x39, 0xe6, 0x06, 0xf1, 0xdc, + 0xf5, 0x13, 0x0e, 0xad, 0x9c, 0x8b, 0xaf, 0xe9, + 0xe3, 0x88, 0x72, 0xff, 0xa0, 0x6d, 0xda, 0x08, + 0x70, 0xb9, 0x2e, 0x83, 0xc5, 0xbb, 0x32, 0xa5, + 0x74, 0xc7, 0xfb, 0x7b, 0x76, 0xaf, 0x02, 0xbb, + 0x2b, 0xb8, 0x5e, 0x65, 0x02, 0xfe, 0x0e, 0xa0, + 0x99, 0xce, 0x01, 0x3b, 0x35, 0xe1, 0xb0, 0x22, + 0xe5, 0x94, 0xbd, 0xdd, 0x8e, 0xbb, 0xf6, 0x75, + 0xbf, 0xbf, 0xee, 0x7a, 0xb1, 0x58, 0xb4, 0x81, + 0xb8, 0x39, 0x3e, 0xb6, 0x1e, 0xde, 0xda, 0x1b, + 0xd5, 0xf7, 0xdd, 0x7d, 0x65, 0x9c, 0xaa, 0x56, + 0x93, 0xb8, 0xaf, 0x48, 0x53, 0xc7, 0x22, 0xe4, + 0x1c, 0xdf, 0xe9, 0x79, 0xb4, 0x20, 0x89, 0xcc, + 0x2a, 0x79, 0x2c, 0x09, 0xbe, 0x78, 0xcf, 0xcc, + 0xf2, 0x90, 0xd6, 0x65, 0xc5, 0x29, 0xfc, 0xda, + 0x69, 0xfc, 0xc0, 0xd6, 0x70, 0x99, 0x61, 0x3f, + 0x60, 0x02, 0xd8, 0x12, 0x22, 0xc8, 0x34, 0xc6, + 0x3b, 0xb3, 0xc2, 0x33, 0xa1, 0x5c, 0x8f, 0x4c, + 0xd1, 0x52, 0x72, 0xf2, 0x42, 0x05, 0x8e, 0x18, + 0x1f, 0x16, 0xda, 0xb8, 0x53, 0xa1, 0x5f, 0x01, + 0x32, 0x1b, 0x90, 0xb3, 0x53, 0x9b, 0xd0, 0x85, + 0x61, 0x2d, 0x17, 0xed, 0x0a, 0xa4, 0xa5, 0x27, + 0x09, 0x75, 0x7c, 0xbc, 0x30, 0xf7, 0x5e, 0x59, + 0x9a, 0x07, 0x96, 0x84, 0x28, 0x86, 0x4b, 0xa7, + 0x22, 0x35, 0x28, 0xc7, 0xed, 0x0d, 0xc3, 0xce, + 0x98, 0xcc, 0x2d, 0xec, 0xd4, 0x98, 0x09, 0x8e, + 0x52, 0x5f, 0x2b, 0x9a, 0x13, 0xbe, 0x99, 0x16, + 0x73, 0xd1, 0x1f, 0x81, 0xe5, 0xa2, 0x08, 0x78, + 0xcb, 0x0c, 0x20, 0xd4, 0xa5, 0xea, 0x4b, 0x5b, + 0x95, 0x5a, 0x92, 0x9a, 0x52}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testcnt2", + { + 0x1b, 0x5d, 0xdb, 0x77, 0xcf, 0xf9, 0xec, 0x95, + 0x5e, 0xcc, 0x67, 0x9f, 0x5d, 0x28, 0xad, 0x4a, + 0x27, 0xf4, 0x32, 0xc6, 0xb2, 0xcb, 0xb1, 0x45, + 0x6a, 0x88, 0x14, 0x0c, 0x9b, 0x9b, 0x5f, 0x48}, + G89_CNT, + { + 0x71, 0x58, 0x8c, 0xe1, 0x55, 0xf4, 0xf6, 0xb3}, + { + 0x8e, 0xcd, 0x8f, 0xc8, 0xac, 0xe1, 0x15, 0x48, + 0x2d, 0xae, 0x24, 0x8a, 0xc7, 0xfb, 0xba, 0x0f, + 0x1d, 0x8a, 0x95, 0xa2, 0x43, 0xef, 0xcb, 0xdc, + 0x59, 0x57, 0xa7, 0xc7, 0x0e, 0xe3, 0xe2, 0xb9, + 0x0d, 0x86, 0x29, 0x62, 0xcb, 0x83, 0x4d, 0x07, + 0x0c, 0x40, 0xd4, 0x7b, 0x2e, 0xca, 0xba, 0xbf, + 0x4a, 0x60, 0x3b, 0x31, 0x98, 0xc8, 0x88, 0x47, + 0xd9, 0x82, 0xab, 0xfc, 0x8f, 0x48, 0xe2, 0x46, + 0xab, 0xd3, 0xa1, 0xab, 0x8a, 0x05, 0x22, 0x8c, + 0xf4, 0xec, 0x9a, 0x1e, 0x76, 0xab, 0x1a, 0x60, + 0xd9, 0x25, 0x6b, 0xb8, 0x56, 0xe5, 0xb2, 0xea, + 0x10, 0xf3, 0x62, 0x04, 0x32, 0x5e, 0xaa, 0x3b, + 0x7b, 0x57, 0xbc, 0x3b, 0x8b, 0x43, 0x47, 0xf2, + 0xd5, 0x03, 0x7e, 0x51, 0x01, 0xff, 0x77, 0x28, + 0xca, 0x90, 0xa3, 0xfe, 0x7e, 0x2e, 0x70, 0x16, + 0x75, 0x18, 0x44, 0xf0, 0x1b, 0x85, 0x05, 0xea, + 0xe3, 0x21, 0xf7, 0x26, 0x86, 0x76, 0x3c, 0x67, + 0x9d, 0xfc, 0xbc, 0x10, 0x7f, 0x77, 0xe4, 0xed, + 0xd3, 0x12, 0xf8, 0x83, 0x00, 0x1f, 0x4b, 0x92, + 0x95, 0x92, 0x5c, 0xf3, 0x5a, 0xf3, 0xb7, 0xd0, + 0xa9, 0x5f, 0xf2, 0x18, 0xc4, 0x66, 0x62, 0xc1, + 0x84, 0x0e, 0x66, 0xe8, 0x80, 0x7d, 0x1f, 0xf0, + 0xba, 0x01, 0x9b, 0x71, 0xae, 0x93, 0xcc, 0x27, + 0x54, 0x34, 0x9a, 0xbd, 0xca, 0xee, 0x52, 0x09, + 0x92, 0x9d, 0xb0, 0xd5, 0xd9, 0xba, 0x2f, 0xb9, + 0x96, 0xdc, 0xfa, 0xbd, 0xce, 0xea, 0x1a, 0x7b, + 0x9a, 0x1d, 0x13, 0xa7, 0x11, 0xe2, 0x9a, 0x64, + 0xf6, 0xd3, 0xee, 0xc6, 0x33, 0xb7, 0x6e, 0xef, + 0x25, 0x9e, 0x1e, 0x7c, 0xe3, 0x1f, 0x2c, 0x6e, + 0xa9, 0xc0, 0xf8, 0xc1, 0xbf, 0x3b, 0xf8, 0x34, + 0x03, 0x9b, 0xa1, 0x40, 0x5b, 0x0c, 0x3c, 0x09, + 0x66, 0x9d, 0x63, 0xe2, 0xe2, 0x04, 0x8f, 0x06, + 0x84, 0x74, 0x68, 0xb2, 0x5c, 0x3b, 0x4c, 0xad, + 0x0b, 0x3f, 0x03, 0xb3, 0x07, 0x8a, 0x64, 0xa7, + 0x36, 0x56, 0x26, 0x39, 0x66, 0xda, 0xe9, 0x6d, + 0x1b, 0xd5, 0x88, 0xe8, 0x5c, 0xaf, 0x5a, 0x4c, + 0x49, 0xf7, 0xf5, 0xb7, 0x78, 0xf0, 0xde, 0xec, + 0xcd, 0x16, 0x23, 0x9e, 0x8c, 0x13, 0xbe, 0x6b, + 0x6f, 0x9b, 0x07, 0xe5, 0xbb, 0xcc, 0x3a, 0x1b, + 0x6f, 0x43, 0xdf, 0xff, 0x46, 0x2a, 0xae, 0x47, + 0x19, 0x18, 0x9a, 0x25, 0x09, 0xc9, 0x24, 0x40, + 0x0c, 0x4b, 0xa7, 0xda, 0x5e, 0x0d, 0xee, 0xfa, + 0x62, 0x45, 0x8e, 0xcc, 0x2f, 0x23, 0x08, 0x1d, + 0x92, 0xf0, 0xfe, 0x82, 0x0f, 0xd7, 0x11, 0x60, + 0x7e, 0x0b, 0x0b, 0x75, 0xf4, 0xf5, 0x3b, 0xc0, + 0xa4, 0xe8, 0x72, 0xa5, 0xb6, 0xfa, 0x5a, 0xad, + 0x5a, 0x4f, 0x39, 0xb5, 0xa2, 0x12, 0x96, 0x0a, + 0x32, 0x84, 0xb2, 0xa1, 0x06, 0x68, 0x56, 0x57, + 0x97, 0xa3, 0x7b, 0x22, 0x61, 0x76, 0x5d, 0x30, + 0x1a, 0x31, 0xab, 0x99, 0x06, 0xc5, 0x1a, 0x96, + 0xcf, 0xcf, 0x14, 0xff, 0xb2, 0xc4, 0xcc, 0x2b, + 0xbf, 0x0c, 0x9d, 0x91, 0x8f, 0x79, 0x5b, 0xbc, + 0xa9, 0x6b, 0x91, 0x6a, 0xb4, 0x93, 0x5c, 0x7b, + 0x5d, 0xc2, 0x8a, 0x75, 0xc0, 0xc1, 0x08, 0xfa, + 0x99, 0xf9, 0x4d, 0x5e, 0x0c, 0x06, 0x64, 0x60, + 0xa9, 0x01, 0x4a, 0x34, 0x0f, 0x33, 0x84, 0x95, + 0x69, 0x30, 0xc1, 0x1c, 0x36, 0xf8, 0xfc, 0x30, + 0x23, 0xb2, 0x71, 0xe5, 0x52, 0x4d, 0x12, 0x1a, + 0xc9, 0xbe, 0xee, 0xc9, 0xcb, 0x01, 0x85, 0xf3, + 0xdb, 0x30, 0xf9, 0x41, 0xa9, 0x40, 0xb0, 0x06, + 0x29, 0x77, 0xcd, 0xc5, 0xec, 0x58, 0x02, 0x48, + 0x83, 0x53, 0x44, 0x6a, 0xd2, 0xca, 0x05, 0xd8, + 0x5a, 0x08, 0xeb, 0xa9, 0xf4, 0xe6, 0xc7, 0x9d, + 0xd5, 0x7b, 0x74, 0x0b, 0x31, 0xb7, 0xa5, 0x57, + 0x7c, 0x7a, 0xfd, 0x1a, 0x0e, 0xd7, 0x97, 0x41, + 0xbf, 0xdd, 0xc6, 0x19, 0x6c, 0x77, 0x8c, 0x18, + 0x52, 0x57, 0x83, 0xba, 0x71, 0x25, 0xee, 0x39, + 0xbb, 0xe2, 0x43, 0xa0, 0x14, 0xdc, 0x0e, 0x84, + 0xb4, 0x2b, 0xde, 0x3e, 0xe5, 0x36, 0xb7, 0xa2, + 0x92, 0x98, 0x05, 0xb8, 0x96, 0xe5, 0xd0, 0x8c, + 0x08, 0x93, 0x35, 0xc2, 0x81, 0xe0, 0xfc, 0x59, + 0x71, 0xe2, 0x44, 0x49, 0x5d, 0xda, 0xfb, 0x9c, + 0xaa, 0x70, 0x9f, 0x43, 0xa8, 0xa5, 0xd9, 0x67, + 0xd9, 0x8f, 0xa3, 0x1e, 0xbe, 0x0e, 0xec, 0xdf, + 0x12, 0x2b, 0x6a, 0xe7, 0x1c, 0x12, 0x17, 0xe7, + 0xc4, 0x6d, 0x50, 0xc9, 0x52, 0x7a, 0xd5, 0xe8, + 0x7f, 0xbc, 0x07, 0x15, 0xac, 0xdb, 0x93, 0x66, + 0xb1, 0xf0, 0xa7, 0x7b, 0x2f, 0xe9, 0xec, 0xd0, + 0x47, 0x69, 0x59, 0x87, 0xf1, 0x4c, 0x3e, 0x4b, + 0x9b, 0x11, 0x79, 0x13, 0xe4, 0x96, 0xf6, 0x56, + 0x04, 0x6e, 0x0b, 0x33, 0xfc, 0x40, 0xf6, 0xc7, + 0xc1, 0x43, 0xb1, 0xbf, 0x0e, 0xb3, 0x87, 0xfd, + 0x0b, 0x1c, 0x63, 0x46, 0x3a, 0xd3, 0xa0, 0x17, + 0x59, 0x25, 0x94, 0x6c, 0x9c, 0x3d, 0x0c, 0x81, + 0xce, 0x82, 0x72, 0x42, 0x28, 0xf9, 0x37, 0x6a, + 0x6d, 0xe4, 0x12, 0xf4, 0x21, 0xaa, 0xf7, 0xfe, + 0x27, 0x55, 0x40, 0x1a, 0x14, 0xc3, 0x39, 0x5b, + 0xbf, 0x63, 0xc2, 0x5f, 0x10, 0x1f, 0x14, 0x25, + 0xd0, 0xce, 0xf3, 0x14, 0x48, 0x13, 0xa5, 0x0b, + 0x4d, 0x38, 0xcf, 0x0d, 0x34, 0xc0, 0x0a, 0x11, + 0xb4, 0xb5, 0x72, 0xc8, 0x4b, 0xc2, 0x6f, 0xe7, + 0x9d, 0x93, 0xf7, 0xdf, 0xb8, 0x43, 0x72, 0x7e, + 0xda, 0x3e, 0x20, 0x1f, 0xbc, 0x21, 0x2a, 0xce, + 0x00, 0xfa, 0x96, 0x9f, 0x3d, 0xe5, 0x88, 0x96, + 0xef, 0x29, 0x84, 0xdf, 0x6c, 0x1c, 0x96, 0xd8, + 0x58, 0x47, 0xaa, 0x92, 0xf3, 0x07, 0xe5, 0xfb, + 0xaf, 0xea, 0x95, 0x7e, 0x0b, 0x71, 0xcd, 0x81, + 0x0f, 0xb7, 0x0a, 0x59, 0x8f, 0x31, 0x4d, 0xd1, + 0xc3, 0xf3, 0x2f, 0x70, 0x5c, 0x59, 0x18, 0x97, + 0xaf, 0x77, 0x95, 0x5e, 0xaf, 0x40, 0x06, 0x12, + 0x81, 0x61, 0x86, 0x08, 0x4e, 0xbc, 0x89, 0x46, + 0x07, 0x2e, 0x5b, 0x10, 0xaa, 0x12, 0xf0, 0xa7, + 0x84, 0xe2, 0x9a, 0x08, 0xf1, 0xde, 0x59, 0xe3, + 0x0e, 0x47, 0x4b, 0xff, 0xc3, 0xc9, 0x18, 0xaf, + 0x95, 0x9c, 0x67, 0x2a, 0xde, 0x8a, 0x7a, 0x99, + 0x04, 0xc4, 0xb8, 0x97, 0x4c, 0x04, 0x29, 0x71, + 0x05, 0xda, 0xb3, 0xd6, 0xdb, 0x6c, 0x71, 0xe6, + 0xe8, 0x03, 0xbf, 0x94, 0x7d, 0xde, 0x3d, 0xc8, + 0x44, 0xfa, 0x7d, 0x62, 0xb4, 0x36, 0x03, 0xee, + 0x36, 0x52, 0x64, 0xb4, 0x85, 0x6d, 0xd5, 0x78, + 0xf0, 0x6f, 0x67, 0x2d, 0x0e, 0xe0, 0x2c, 0x88, + 0x9b, 0x55, 0x19, 0x29, 0x40, 0xf6, 0x8c, 0x12, + 0xbb, 0x2c, 0x83, 0x96, 0x40, 0xc0, 0x36, 0xf5, + 0x77, 0xff, 0x70, 0x8c, 0x75, 0x92, 0x0b, 0xad, + 0x05, 0x9b, 0x7e, 0xa2, 0xfc, 0xa9, 0xd1, 0x64, + 0x76, 0x82, 0x13, 0xba, 0x22, 0x5e, 0x33, 0x0e, + 0x26, 0x70, 0xa9, 0xbe, 0x74, 0x28, 0xf5, 0xe2, + 0xc4, 0x96, 0xee, 0x3a, 0xbc, 0x97, 0xa6, 0x2c, + 0x2a, 0xe0, 0x64, 0x8d, 0x35, 0xc6, 0x1a, 0xca, + 0xf4, 0x92, 0xfa, 0xc3, 0xf1, 0x1f, 0x98, 0xe4, + 0x43, 0x88, 0x69, 0x3a, 0x09, 0xbf, 0x63, 0xe5, + 0x96, 0x29, 0x0b, 0x9b, 0x62, 0x23, 0x14, 0x8a, + 0x95, 0xe4, 0x1c, 0x5c, 0x0a, 0xa9, 0xc5, 0xb9, + 0x6f, 0x4f, 0x2b, 0x25, 0x6f, 0x74, 0x1e, 0x18, + 0xd5, 0xfe, 0x27, 0x7d, 0x3f, 0x6e, 0x55, 0x2c, + 0x67, 0xe6, 0xde, 0xb5, 0xcc, 0xc0, 0x2d, 0xff, + 0xc4, 0xe4, 0x06, 0x21, 0xa5, 0xc8, 0xd3, 0xd6, + 0x6c, 0xa1, 0xc3, 0xfb, 0x88, 0x92, 0xb1, 0x1d, + 0x90, 0xe1, 0x35, 0x05, 0x9b, 0x29, 0x6d, 0xba, + 0xf1, 0xf4, 0x1e, 0x23, 0x2e} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 5242880 + 8, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mcnt", + { + 0x07, 0x52, 0x65, 0xe7, 0xca, 0xa3, 0xca, 0x45, + 0xcf, 0x3a, 0x05, 0x1d, 0x38, 0x03, 0x53, 0x0c, + 0x22, 0x31, 0xba, 0x99, 0x4f, 0x9b, 0x6a, 0x1b, + 0x7e, 0x09, 0x9d, 0x4e, 0xb5, 0xc9, 0x84, 0x2e}, + G89_CNT, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + { + 0x3d, 0x05, 0x07, 0x57, 0xc0, 0x75, 0x89, 0x97, + 0xd6, 0x94, 0x49, 0x11, 0x1d, 0xd0, 0x91, 0xee} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + U64(4294967296) + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gcnt", + { + 0x75, 0xa3, 0x3c, 0xae, 0x03, 0x6b, 0x10, 0xdb, + 0xc1, 0x56, 0x50, 0x89, 0x03, 0xd2, 0x9f, 0x91, + 0xee, 0xe8, 0x64, 0x1d, 0x43, 0xf2, 0x4e, 0xf8, + 0xf2, 0x6c, 0xed, 0xda, 0x8f, 0xe4, 0x88, 0xe9}, + G89_CNT, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + { + 0xfa, 0x6c, 0x96, 0x78, 0xe2, 0xf8, 0xdd, 0xaa, + 0x67, 0x5a, 0xc9, 0x5d, 0x57, 0xf1, 0xbd, 0x99} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 1035, + { + 0xd6, 0xcf, 0x31, 0x96, 0x9c, 0xa1, 0xfb, 0xd6, + 0x8d, 0xa3, 0xdd, 0x01, 0xd9, 0x88, 0xc0, 0x2f, + 0xbc, 0x46, 0xc7, 0x3a, 0xe4, 0x21, 0x86, 0x96, + 0x8d, 0xe2, 0xca, 0xb6, 0x37, 0xa2, 0xe1, 0xa8, + 0x7e, 0xa7, 0x79, 0x2e, 0xa4, 0x56, 0x75, 0x7f, + 0x3e, 0x55, 0x8b, 0x43, 0xae, 0x65, 0xdf, 0xaa, + 0x42, 0xb6, 0x00, 0xa6, 0x61, 0x03, 0x0d, 0xd3, + 0x41, 0x02, 0x27, 0x23, 0x95, 0x79, 0x9b, 0x34, + 0x81, 0xa9, 0x86, 0xb5, 0xa7, 0x90, 0xe2, 0xae, + 0xc4, 0x2f, 0xc3, 0x8e, 0x32, 0x56, 0x13, 0xfa, + 0x4d, 0x4e, 0x9f, 0x15, 0x75, 0x7e, 0x74, 0xdc, + 0x32, 0x2d, 0xee, 0x4d, 0x67, 0x70, 0x9f, 0x62, + 0xb9, 0xc4, 0xdb, 0x24, 0x84, 0xcc, 0x16, 0x7b, + 0xda, 0x22, 0xf7, 0xc5, 0xf3, 0x93, 0x35, 0x73, + 0xc6, 0x03, 0x1c, 0x77, 0xa5, 0xf2, 0x76, 0x56, + 0xb4, 0x95, 0xd4, 0x7e, 0x0d, 0x20, 0xc6, 0x6e, + 0xee, 0x8f, 0x25, 0x48, 0xff, 0x7e, 0x01, 0x3a, + 0xb4, 0x1f, 0xaa, 0x35, 0xc0, 0x33, 0x58, 0x9c, + 0xb5, 0xba, 0x65, 0x4b, 0xd3, 0x51, 0x14, 0xec, + 0x61, 0xce, 0xe4, 0xba, 0x49, 0xba, 0x39, 0x32, + 0xab, 0xce, 0x81, 0x72, 0xce, 0xab, 0xed, 0xd4, + 0xd2, 0x19, 0x87, 0x85, 0x92, 0xfa, 0x64, 0x34, + 0xd8, 0x86, 0xf4, 0x8a, 0x08, 0x3c, 0xde, 0xee, + 0x97, 0x92, 0x92, 0x69, 0xba, 0x9b, 0x5f, 0x7a, + 0x03, 0xc1, 0x5d, 0x43, 0x02, 0x8c, 0xbe, 0xd2, + 0x46, 0x72, 0x81, 0x40, 0x7d, 0x68, 0x98, 0x45, + 0x0b, 0x54, 0x27, 0x1c, 0xaf, 0x80, 0x42, 0xe4, + 0xd5, 0xd4, 0xe4, 0xa2, 0x98, 0x07, 0x8f, 0x03, + 0xf5, 0x2c, 0x8c, 0x88, 0xca, 0x5a, 0xde, 0xe4, + 0x9f, 0xb1, 0x5f, 0x82, 0xff, 0x20, 0x67, 0x52, + 0x85, 0x84, 0x4f, 0xc8, 0xfe, 0xa7, 0x9e, 0xae, + 0x1c, 0xfa, 0xb8, 0x75, 0xd3, 0xf7, 0x9f, 0x0d, + 0xda, 0x2d, 0xe6, 0xcc, 0x86, 0x6b, 0xa4, 0x14, + 0x65, 0xc3, 0xf9, 0x15, 0xbc, 0x87, 0xf5, 0xae, + 0x8c, 0x10, 0xd4, 0xce, 0x5b, 0x9c, 0xe2, 0xdd, + 0x42, 0x03, 0x09, 0x87, 0x47, 0xed, 0x5d, 0xd0, + 0x7a, 0x69, 0x4c, 0xfa, 0x43, 0x7d, 0xbf, 0x07, + 0x85, 0x6a, 0xee, 0x68, 0xe6, 0x7a, 0x57, 0xb2, + 0x20, 0x8d, 0x80, 0xf2, 0x91, 0x6f, 0x5c, 0x07, + 0x8c, 0xe4, 0x6a, 0x49, 0x90, 0x85, 0x8b, 0x77, + 0x29, 0x56, 0x1c, 0x5e, 0xa9, 0x3f, 0xab, 0x8b, + 0x79, 0xa3, 0x6f, 0x6b, 0x34, 0xcb, 0x61, 0xf6, + 0xe6, 0x92, 0xd1, 0x48, 0x9e, 0x11, 0xa2, 0x82, + 0xc0, 0x4e, 0x23, 0xd2, 0x15, 0x0d, 0x8d, 0xff, + 0xfa, 0x17, 0x9d, 0x81, 0xb8, 0xbc, 0xd7, 0x5b, + 0x08, 0x81, 0x20, 0x40, 0xc0, 0x3c, 0x06, 0x8b, + 0x1a, 0x88, 0x0b, 0x4b, 0x7b, 0x31, 0xf5, 0xd4, + 0x4e, 0x09, 0xd1, 0x4d, 0x0d, 0x7f, 0x45, 0xd1, + 0x09, 0x35, 0xba, 0xce, 0x65, 0xdd, 0xf2, 0xb8, + 0xfb, 0x7a, 0xbc, 0xc4, 0x4b, 0xc8, 0x75, 0xda, + 0x6b, 0xce, 0x3d, 0xe8, 0x94, 0xcc, 0x23, 0x6f, + 0xb0, 0x3b, 0x4f, 0x7d, 0x07, 0xb9, 0x0f, 0x62, + 0x92, 0x7e, 0xda, 0x70, 0x50, 0xce, 0xd3, 0x28, + 0x12, 0x11, 0x00, 0xeb, 0x8d, 0x63, 0x70, 0x78, + 0xa8, 0x7b, 0x76, 0xab, 0xc6, 0x40, 0xc0, 0x4e, + 0x80, 0xdd, 0xf0, 0xfe, 0x83, 0x72, 0x56, 0x4c, + 0x09, 0x4c, 0xf1, 0x72, 0x72, 0x86, 0x26, 0x31, + 0xc3, 0xc2, 0xdc, 0x8e, 0xc7, 0xf4, 0x35, 0xec, + 0x17, 0x06, 0x63, 0x47, 0x49, 0x88, 0x47, 0xaf, + 0xb3, 0x38, 0x4f, 0x7e, 0x44, 0x95, 0xb5, 0xbb, + 0x1d, 0xbd, 0x5a, 0x91, 0x5b, 0xd0, 0x1a, 0xdf, + 0x0d, 0x0b, 0x50, 0xd8, 0xe2, 0x0e, 0xc5, 0x00, + 0x2d, 0x5b, 0x29, 0x19, 0xaa, 0x2b, 0x64, 0xc5, + 0x40, 0x31, 0x48, 0x11, 0xbc, 0x04, 0xd1, 0xcf, + 0x6d, 0xf9, 0xa5, 0x2f, 0x4a, 0xc9, 0x82, 0xfa, + 0x59, 0xe1, 0xfc, 0xab, 0x1c, 0x33, 0x26, 0x0a, + 0x5f, 0xef, 0xf2, 0x06, 0xd8, 0xd3, 0x7e, 0x16, + 0x58, 0x16, 0x78, 0x73, 0xae, 0xba, 0xeb, 0xe5, + 0x3d, 0xb2, 0x0a, 0xb3, 0x32, 0x2d, 0x14, 0xa4, + 0xfa, 0x3f, 0x1f, 0x43, 0xf9, 0x7b, 0xa9, 0x43, + 0x98, 0x18, 0x94, 0x07, 0x07, 0xe5, 0x19, 0x34, + 0xa8, 0x16, 0x5f, 0x71, 0x67, 0xaa, 0x29, 0xe5, + 0xfa, 0xf0, 0x83, 0x06, 0x1d, 0x9d, 0xfc, 0xfe, + 0xfe, 0x8c, 0xb5, 0xb2, 0xa9, 0xe7, 0xa0, 0x40, + 0x60, 0xb6, 0x71, 0x9e, 0xab, 0x5b, 0x83, 0xb9, + 0x0c, 0x2b, 0x58, 0x23, 0x80, 0x09, 0x9e, 0x5d, + 0x94, 0x7d, 0x40, 0x76, 0xa9, 0x16, 0x96, 0x9e, + 0x83, 0xe0, 0x0d, 0xec, 0xa0, 0xec, 0x76, 0x2a, + 0xb7, 0xa0, 0xff, 0xb8, 0x50, 0x4c, 0x5b, 0xc6, + 0x8b, 0x0a, 0x65, 0x2e, 0xfe, 0xb4, 0x40, 0x9a, + 0x01, 0xd8, 0xc6, 0xa3, 0xab, 0x99, 0xa2, 0xc5, + 0x0c, 0x08, 0xc4, 0xb7, 0xee, 0x4d, 0x1d, 0xc4, + 0x08, 0x15, 0xd0, 0xdb, 0xaa, 0x63, 0x4f, 0x31, + 0xeb, 0x14, 0x97, 0x43, 0xbd, 0xc1, 0x94, 0x08, + 0xe6, 0xde, 0x43, 0x9f, 0x95, 0x0b, 0x96, 0x7e, + 0x7f, 0x3c, 0x68, 0xba, 0x6f, 0xc4, 0xc9, 0x35, + 0x2b, 0xc4, 0x0e, 0xda, 0x1f, 0x91, 0x68, 0x64, + 0x63, 0x34, 0x73, 0xbe, 0x57, 0x75, 0xb9, 0xed, + 0xf7, 0x2d, 0x3b, 0x05, 0x21, 0x93, 0x28, 0x48, + 0x96, 0x95, 0x97, 0xa0, 0xd2, 0x7d, 0x78, 0xbb, + 0x6a, 0x49, 0x8f, 0x76, 0x55, 0x74, 0x63, 0xb9, + 0xc5, 0x36, 0x12, 0x25, 0xbf, 0x03, 0x82, 0x8f, + 0xf0, 0xf6, 0x80, 0xbb, 0x33, 0xb4, 0xf4, 0x17, + 0x27, 0x1c, 0xf3, 0x4c, 0x10, 0xa3, 0xe4, 0xd1, + 0x55, 0xd9, 0x68, 0x21, 0x4e, 0x5a, 0x83, 0x67, + 0xbf, 0xf8, 0x3c, 0x7d, 0x4e, 0x62, 0xd3, 0x28, + 0xa7, 0x26, 0x6f, 0xe9, 0xee, 0xc2, 0x0b, 0x2d, + 0x03, 0x84, 0xb1, 0xff, 0xd6, 0x68, 0x1f, 0xb6, + 0xf2, 0xe4, 0x0f, 0xda, 0x2d, 0xee, 0x5f, 0x6e, + 0x21, 0xc8, 0xe1, 0xfc, 0xad, 0x6b, 0x0e, 0x04, + 0x7d, 0xaf, 0xc2, 0x3b, 0xa5, 0x68, 0x9b, 0x0c, + 0xf3, 0x56, 0xf3, 0xda, 0x8d, 0xc8, 0x7d, 0x39, + 0xdc, 0xd5, 0x99, 0xc6, 0x01, 0x10, 0xce, 0x42, + 0x1b, 0xac, 0x48, 0xdc, 0x97, 0x78, 0x0a, 0xec, + 0xb3, 0x8f, 0x47, 0x35, 0xa3, 0x6a, 0x64, 0xb2, + 0x8e, 0x63, 0x69, 0x22, 0x66, 0xae, 0x2e, 0xe0, + 0x88, 0xf9, 0x40, 0x3c, 0xc9, 0xa2, 0x57, 0x61, + 0xf6, 0xad, 0xf0, 0xdc, 0x90, 0x56, 0x3f, 0x06, + 0x9b, 0x7d, 0xbd, 0xc2, 0x81, 0x02, 0xab, 0xb8, + 0x15, 0x09, 0x88, 0x4a, 0xff, 0x2f, 0x31, 0xbf, + 0x5e, 0xfa, 0x6a, 0x7e, 0xf6, 0xc5, 0xa7, 0xf7, + 0xd5, 0xab, 0x55, 0xac, 0xae, 0x0d, 0x8c, 0x8d, + 0x7f, 0x4b, 0x25, 0xbb, 0x32, 0xff, 0x11, 0x33, + 0x2e, 0x37, 0x37, 0x69, 0x96, 0x15, 0x17, 0xb1, + 0x17, 0x49, 0xe0, 0x9a, 0x9c, 0xd9, 0x5b, 0x8d, + 0x58, 0xa3, 0x1d, 0x92, 0x87, 0xf8, 0x80, 0xb9, + 0xbd, 0x5a, 0xec, 0x40, 0xe1, 0x00, 0x33, 0x60, + 0xe4, 0x86, 0x16, 0x6d, 0x61, 0x81, 0xf2, 0x28, + 0x6a, 0xa7, 0xce, 0x3f, 0x95, 0xae, 0x43, 0xca, + 0xe1, 0x3f, 0x81, 0x74, 0x7e, 0x1c, 0x47, 0x17, + 0x95, 0xc6, 0x60, 0xda, 0x74, 0x77, 0xd9, 0x9f, + 0xfa, 0x92, 0xb4, 0xbe, 0xe1, 0x23, 0x98, 0x18, + 0x95, 0x63, 0x03, 0x13, 0x4c, 0x1a, 0x2d, 0x41, + 0xcd, 0xe4, 0x84, 0xf7, 0xe6, 0x38, 0xef, 0xff, + 0x95, 0xb2, 0xe8, 0x7c, 0x8f, 0x58, 0xb5, 0xb5, + 0xed, 0x27, 0x7f, 0x3c, 0x18, 0xab, 0xbe, 0x7f, + 0x4f, 0xe2, 0x35, 0x15, 0x71, 0xb7, 0x6f, 0x85, + 0x38, 0x9b, 0x88, 0xf6, 0x9c, 0x8d, 0x43, 0xb5, + 0x58, 0x9e, 0xf2, 0xd1, 0x96, 0xbe, 0xb7, 0xad, + 0x1a, 0xa0, 0x98}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit2", + { + 0x80, 0xd9, 0xa0, 0xdc, 0x21, 0xf9, 0x30, 0x40, + 0x75, 0xfe, 0x49, 0x1b, 0x9e, 0x71, 0x90, 0x91, + 0x78, 0x88, 0x21, 0x60, 0x39, 0xe7, 0xc9, 0x2b, + 0xfb, 0x55, 0x1d, 0xf4, 0xdd, 0x2b, 0x0a, 0x01}, + G89_IMIT, + {0}, + { + 0x90, 0xf2, 0x11, 0x9a} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 10, + { + 0x1d, 0xeb, 0xe6, 0x79, 0x0a, 0x59, 0x00, 0xe6, + 0x8e, 0x5c}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit3", + { + 0xa9, 0xb6, 0x37, 0xcc, 0x6d, 0x9b, 0x2f, 0x25, + 0xb0, 0xdf, 0x47, 0x04, 0x50, 0x68, 0xb0, 0x27, + 0x41, 0x27, 0x58, 0x6a, 0xbd, 0x0a, 0x6e, 0x50, + 0x2f, 0xc6, 0xfc, 0xc0, 0x3e, 0x29, 0x42, 0xa5}, + G89_IMIT, + {0}, + { + 0x31, 0x7c, 0x16, 0xe4} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 6, + { + 0xef, 0x06, 0x8f, 0x14, 0xc9, 0x04}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit4", + { + 0xb0, 0x6c, 0x48, 0x23, 0x0a, 0x6e, 0xf4, 0xec, + 0x27, 0x98, 0x01, 0x23, 0xa7, 0xd8, 0xbf, 0x60, + 0x89, 0xef, 0xad, 0xe8, 0x8f, 0x79, 0x14, 0x8c, + 0x18, 0x5c, 0x9a, 0xda, 0xef, 0x0b, 0xdd, 0xa0}, + G89_IMIT, + {0}, + { + 0xe9, 0x72, 0xae, 0xbf} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 16, + { + 0x02, 0xf8, 0xec, 0x2b, 0x4d, 0x1f, 0xbc, 0x7c, + 0x6e, 0x47, 0xe3, 0x87, 0x22, 0x75, 0x41, 0xa7}, + "id-Gost28147-89-CryptoPro-B-ParamSet", + "testimit5", + { + 0x33, 0xd3, 0xef, 0x01, 0x19, 0x95, 0x0e, 0x15, + 0xa1, 0x69, 0x75, 0xae, 0x56, 0x27, 0x17, 0x79, + 0x63, 0x47, 0xab, 0x62, 0x9d, 0x4a, 0xf0, 0x34, + 0xd3, 0x1e, 0x69, 0x74, 0xec, 0x31, 0x48, 0xfc}, + G89_IMIT, + {0}, + { + 0xf5, 0x55, 0x1f, 0x28} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 8, + { + 0xf3, 0xb2, 0x29, 0xd2, 0x7a, 0x37, 0x03, 0x12}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit6", + { + 0x42, 0x35, 0x81, 0x91, 0x0b, 0xa9, 0x99, 0xff, + 0xd9, 0x43, 0xf8, 0xc6, 0x19, 0x55, 0x1f, 0x2f, + 0x2d, 0x45, 0x40, 0x20, 0x1e, 0x1d, 0x32, 0x7a, + 0xb1, 0x07, 0x6b, 0x4f, 0x45, 0x90, 0xd9, 0x80}, + G89_IMIT, + {0}, + { + 0x6e, 0x15, 0xfa, 0xe8} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 0, + { + 0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "testimit7", + { + 0x26, 0xcb, 0xb9, 0xf0, 0x0c, 0x62, 0x9f, 0xaa, + 0x4a, 0x1d, 0xb6, 0x30, 0x09, 0x01, 0x56, 0x89, + 0x66, 0xd4, 0xe4, 0x0e, 0xfe, 0xf6, 0x10, 0x6b, + 0x6c, 0xe8, 0x04, 0x3a, 0xe3, 0x61, 0x4b, 0x19}, + G89_IMIT, + {0}, + { + 0x00, 0x00, 0x00, 0x00} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 5242880, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test5Mimit", + { + 0xaa, 0x85, 0x84, 0xcd, 0x65, 0x28, 0xe1, 0xdb, + 0xb8, 0x20, 0x19, 0x43, 0xe0, 0x36, 0x35, 0x10, + 0x19, 0xc3, 0x70, 0x5b, 0x27, 0xc1, 0x9d, 0x84, + 0x75, 0xa3, 0xc6, 0x49, 0x46, 0x8f, 0x7c, 0x4e}, + G89_IMIT, + {0}, + { + 0x2a, 0xe6, 0x23, 0xc6} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + 3221225472U + 16, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test3Gimit1", + { + 0xd5, 0xda, 0xfe, 0x06, 0x60, 0xdc, 0xf0, 0xb3, + 0x49, 0x5a, 0x02, 0x59, 0xc8, 0x2e, 0x4a, 0x2b, + 0xcc, 0x9b, 0x98, 0x04, 0xb7, 0xf2, 0x78, 0xb7, + 0xce, 0xa3, 0xf2, 0xdb, 0x9e, 0xa8, 0x49, 0x1d}, + G89_IMIT, + {0}, + { + 0xcc, 0x46, 0x67, 0xe4} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + U64(4) * 1024 * 1024 * 1024, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit3", + { + 0x0d, 0xf1, 0xa8, 0x7f, 0x57, 0x03, 0x44, 0xcc, + 0xdb, 0x20, 0xde, 0xed, 0x85, 0x50, 0x38, 0xda, + 0xc9, 0x44, 0xec, 0x2c, 0x0d, 0x66, 0xb7, 0xdc, + 0x17, 0x14, 0x55, 0x95, 0x33, 0x6e, 0x43, 0x3e}, + G89_IMIT, + {0}, + { + 0xb7, 0x21, 0x2e, 0x48} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + U64(4) * 1024 * 1024 * 1024 + 4, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit1", + { + 0x0c, 0xf3, 0xe9, 0xb0, 0x28, 0x3b, 0x9f, 0x8b, + 0xe3, 0x82, 0xb9, 0xa2, 0xa6, 0xbd, 0x80, 0xd2, + 0xcd, 0xfa, 0x3f, 0xf7, 0x90, 0xa7, 0x55, 0x06, + 0x9b, 0x7a, 0x58, 0xee, 0xe7, 0xf1, 0x9d, 0xbe}, + G89_IMIT, + {0}, + { + 0xda, 0x15, 0x10, 0x73} + }, + { /* Calculated by libcapi10, CryptoPro CSP + * 3.6R2, Mac OSX */ + U64(4) * 1024 * 1024 * 1024 + 10, + {0}, + "id-Gost28147-89-CryptoPro-A-ParamSet", + "test4Gimit2", + { + 0x97, 0x1a, 0x42, 0x22, 0xfa, 0x07, 0xb2, 0xca, + 0xf9, 0xd2, 0x34, 0x5a, 0x92, 0xb1, 0x1f, 0x6b, + 0x53, 0xf8, 0xaf, 0xed, 0x9a, 0x73, 0xc4, 0x38, + 0xd7, 0x7d, 0x25, 0x81, 0x00, 0x0d, 0xd4, 0x29}, + G89_IMIT, + {0}, + { + 0x52, 0xaa, 0x22, 0xb4} + } +}; + +int main(int argc, char *argv[]) +{ + unsigned int t; + u64 ullMaxLen = 6 * 1000 * 1000; + int ignore = 0; + ENGINE *impl = NULL; + EVP_MD_CTX mctx; + EVP_CIPHER_CTX ectx; + EVP_PKEY *mac_key; + byte bDerive[EVP_MAX_KEY_LENGTH]; + byte bTest[G89_MAX_TC_LEN]; + byte bTest1[G89_MAX_TC_LEN]; + u64 ullLeft; + static const byte bZB[40 * 1024 * 1024] = { 0 }; + static byte bTS[40 * 1024 * 1024] = { 0 }; + unsigned int mdl = 0; + int enlu = 0; + int enlf = 0; + size_t siglen; + size_t l = 0; + + const EVP_MD *md_gost94 = NULL; + const EVP_CIPHER *cp_g89cfb = NULL; + const EVP_CIPHER *cp_g89cnt = NULL; + const EVP_CIPHER *ctype = NULL; + const EVP_MD *md_g89imit = NULL; + + long lErrLine; + CONF *pConfig = NCONF_new(NULL); + BIO *bpConf; + char sConf[] = + "openssl_conf = openssl_def\n" + "\n" + "[openssl_def]\n" + "engines = engine_section\n" + "\n" + "[engine_section]\n" + "gost = gost_section\n" + "\n" "[gost_section]\n" "default_algorithms = ALL\n" "\n"; + + printf("Testing GOST 28147-89 "); + + if (1 < argc) { + if (1 != sscanf(argv[1], FMT64, &ullMaxLen) || + (2 < argc ? 1 != sscanf(argv[2], "%d", &ignore) : 0)) { + fflush(NULL); + fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", argv[0]); + return 1; + } + } + + /* + * ccgost engine test on GostR3411_94_CryptoProParamSet + */ + ERR_load_crypto_strings(); + ENGINE_load_builtin_engines(); + OPENSSL_load_builtin_modules(); + + bpConf = BIO_new_mem_buf(sConf, -1); + if (!NCONF_load_bio(pConfig, bpConf, &lErrLine)) { + fflush(NULL); + fprintf(stderr, "NCONF_load_bio: ErrLine=%ld: %s\n", + lErrLine, ERR_error_string(ERR_get_error(), NULL)); + return 4; + } + BIO_free(bpConf); + + if (!CONF_modules_load(pConfig, NULL, 0)) { + fflush(NULL); + fprintf(stderr, "CONF_modules_load: %s\n", + ERR_error_string(ERR_get_error(), NULL)); + return 5; + } + + /* Test load engine */ + if (NULL == (impl = ENGINE_by_id(CCGOST_ID))) { + fflush(NULL); + fprintf(stderr, "Can't load engine id \"" CCGOST_ID "\"\n"); + if (!ignore) { + return 6; + } + } + if (NULL == (md_gost94 = EVP_get_digestbyname(SN_id_GostR3411_94))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n"); + if (!ignore) { + return 7; + } + } + if (NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n"); + if (!ignore) { + return 8; + } + } + if (NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) { + fflush(NULL); + fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n"); + if (!ignore) { + return 9; + } + } + if (NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) { + fflush(NULL); + fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n"); + if (!ignore) { + return 10; + } + } + + /* Test cases */ + for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) { + if (NULL == tcs[t].szDerive) { + continue; + } + memset(bDerive, 0x3c, sizeof(bDerive)); + mdl = sizeof(bDerive); + EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), + bDerive, &mdl, md_gost94, impl); + if (0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) { + fflush(NULL); + fprintf(stderr, "Engine test t=%d " "derive key error.\n", t); + if (!ignore) { + return 12; + } + } + if (ullMaxLen < tcs[t].ullLen) { + continue; + } + memset(bTest, 0xa5, sizeof(bTest)); + memset(bTest1, 0x5a, sizeof(bTest1)); + if (!ENGINE_ctrl_cmd_string(impl, + "CRYPT_PARAMS", tcs[t].szParamSet, 0)) { + fflush(NULL); + fprintf(stderr, "ENGINE_ctrl_cmd_string: %s\n", + ERR_error_string(ERR_get_error(), NULL)); + return 11; + } + switch (tcs[t].gMode) { + case G89_ECB: + /* OpenSSL/ccgost not implemented GOST 28147-89 ECB */ + continue; + case G89_CFB: + ctype = cp_g89cfb; + goto engine_cipher_check; + case G89_CNT: + if (0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", + tcs[t].szParamSet)) { + /* + * ccgost engine can't change S-Box for gost-cnt + */ + continue; + } + ctype = cp_g89cnt; + engine_cipher_check: + EVP_CIPHER_CTX_init(&ectx); + EVP_EncryptInit_ex(&ectx, ctype, impl, bDerive, tcs[t].bIV); + if (G89_MAX_TC_LEN >= tcs[t].ullLen) { + enlu = sizeof(bTest); + EVP_EncryptUpdate(&ectx, bTest, &enlu, + tcs[t].bIn, (int)tcs[t].ullLen); + l = (size_t)tcs[t].ullLen; + } else { + for (ullLeft = tcs[t].ullLen; + ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { + printf("B"); + fflush(NULL); + enlu = sizeof(bTS); + EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, sizeof(bZB)); + } + printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen); + fflush(NULL); + EVP_EncryptUpdate(&ectx, bTS, &enlu, bZB, (int)ullLeft); + memcpy(bTest, &bTS[enlu - 16], 16); + enlu = (int)tcs[t].ullLen; + l = 16; + } + enlf = sizeof(bTest1); + EVP_EncryptFinal_ex(&ectx, bTest1, &enlf); + EVP_CIPHER_CTX_cleanup(&ectx); + break; + case G89_IMIT: + if (0 != strcmp("id-Gost28147-89-CryptoPro-A-ParamSet", + tcs[t].szParamSet)) { + /* + * ccgost engine can't change S-Box for gost-mac + */ + continue; + } + EVP_MD_CTX_init(&mctx); + mac_key = EVP_PKEY_new_mac_key(NID_id_Gost28147_89_MAC, NULL, + bDerive, mdl); + EVP_DigestSignInit(&mctx, NULL, md_g89imit, impl, mac_key); + if (G89_MAX_TC_LEN >= tcs[t].ullLen) { + EVP_DigestSignUpdate(&mctx, tcs[t].bIn, + (unsigned int)tcs[t].ullLen); + } else { + for (ullLeft = tcs[t].ullLen; + ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { + printf("B"); + fflush(NULL); + EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB)); + } + printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen); + fflush(NULL); + EVP_DigestSignUpdate(&mctx, bZB, (unsigned int)ullLeft); + } + siglen = 4; + OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen)); + EVP_MD_CTX_cleanup(&mctx); + enlu = (int)tcs[t].ullLen; + enlf = 0; + l = siglen; + break; + } + if ((int)tcs[t].ullLen != enlu || 0 != enlf || + 0 != memcmp(tcs[t].bOut, bTest, l)) { + fflush(NULL); + fprintf(stderr, "\nEngine test t=%d len=" FMT64 + " failed.\n", t, tcs[t].ullLen); + if (!ignore) { + return 13; + } + } else { + printf("."); + fflush(NULL); + } + } + + printf(" passed\n"); + fflush(NULL); + + return EXIT_SUCCESS; +} +#endif diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c new file mode 100644 index 0000000000..491bbedd18 --- /dev/null +++ b/test/heartbeat_test.c @@ -0,0 +1,468 @@ +/* test/heartbeat_test.c */ +/*- + * Unit test for TLS heartbeats. + * + * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). + * + * Author: Mike Bland (mbland@acm.org, http://mike-bland.com/) + * Date: 2014-04-12 + * License: Creative Commons Attribution 4.0 International (CC By 4.0) + * http://creativecommons.org/licenses/by/4.0/deed.en_US + * + * OUTPUT + * ------ + * The program returns zero on success. It will print a message with a count + * of the number of failed tests and return nonzero if any tests fail. + * + * It will print the contents of the request and response buffers for each + * failing test. In a "fixed" version, all the tests should pass and there + * should be no output. + * + * In a "bleeding" version, you'll see: + * + * test_dtls1_heartbleed failed: + * expected payload len: 0 + * received: 1024 + * sent 26 characters + * "HEARTBLEED " + * received 1024 characters + * "HEARTBLEED \xde\xad\xbe\xef..." + * ** test_dtls1_heartbleed failed ** + * + * The contents of the returned buffer in the failing test will depend on the + * contents of memory on your machine. + * + * MORE INFORMATION + * ---------------- + * http://mike-bland.com/2014/04/12/heartbleed.html + * http://mike-bland.com/tags/heartbleed.html + */ + +#define OPENSSL_UNIT_TEST + +#include "../ssl/ssl_locl.h" + +#include "testutil.h" +#include <ctype.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) + +/* As per https://tools.ietf.org/html/rfc6520#section-4 */ +# define MIN_PADDING_SIZE 16 + +/* Maximum number of payload characters to print as test output */ +# define MAX_PRINTABLE_CHARACTERS 1024 + +typedef struct heartbeat_test_fixture { + SSL_CTX *ctx; + SSL *s; + const char *test_case_name; + int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); + unsigned char *payload; + int sent_payload_len; + int expected_return_value; + int return_payload_offset; + int expected_payload_len; + const char *expected_return_payload; +} HEARTBEAT_TEST_FIXTURE; + +static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, + const SSL_METHOD *meth) +{ + HEARTBEAT_TEST_FIXTURE fixture; + int setup_ok = 1; + memset(&fixture, 0, sizeof(fixture)); + fixture.test_case_name = test_case_name; + + fixture.ctx = SSL_CTX_new(meth); + if (!fixture.ctx) { + fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + fixture.s = SSL_new(fixture.ctx); + if (!fixture.s) { + fprintf(stderr, "Failed to allocate SSL for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl_init_wbio_buffer(fixture.s, 1)) { + fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl3_setup_buffers(fixture.s)) { + fprintf(stderr, "Failed to setup buffers for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + /* + * Clear the memory for the return buffer, since this isn't automatically + * zeroed in opt mode and will cause spurious test failures that will + * change with each execution. + */ + memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len); + + fail: + if (!setup_ok) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } + return fixture; +} + +static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name) +{ + HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, + DTLSv1_server_method()); + fixture.process_heartbeat = dtls1_process_heartbeat; + + /* + * As per dtls1_get_record(), skipping the following from the beginning + * of the returned heartbeat message: type-1 byte; version-2 bytes; + * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte + * type encoded by process_heartbeat for a total of 14 bytes, at which + * point we can grab the length and the payload we seek. + */ + fixture.return_payload_offset = 14; + return fixture; +} + +/* Needed by ssl3_write_bytes() */ +static int dummy_handshake(SSL *s) +{ + return 1; +} + +static HEARTBEAT_TEST_FIXTURE set_up_tls(const char *const test_case_name) +{ + HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, + TLSv1_server_method()); + fixture.process_heartbeat = tls1_process_heartbeat; + fixture.s->handshake_func = dummy_handshake; + + /* + * As per do_ssl3_write(), skipping the following from the beginning of + * the returned heartbeat message: type-1 byte; version-2 bytes; length-2 + * bytes And then skipping the 1-byte type encoded by process_heartbeat + * for a total of 6 bytes, at which point we can grab the length and the + * payload we seek. + */ + fixture.return_payload_offset = 6; + return fixture; +} + +static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) +{ + ERR_print_errors_fp(stderr); + SSL_free(fixture.s); + SSL_CTX_free(fixture.ctx); +} + +static void print_payload(const char *const prefix, + const unsigned char *payload, const int n) +{ + const int end = n < MAX_PRINTABLE_CHARACTERS ? n + : MAX_PRINTABLE_CHARACTERS; + int i = 0; + + printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); + if (end != n) + printf(" (first %d shown)", end); + printf("\n \""); + + for (; i != end; ++i) { + const unsigned char c = payload[i]; + if (isprint(c)) + fputc(c, stdout); + else + printf("\\x%02x", c); + } + printf("\"\n"); +} + +static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) +{ + int result = 0; + SSL *s = fixture.s; + unsigned char *payload = fixture.payload; + unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; + int return_value; + unsigned const char *p; + int actual_payload_len; + + s->rlayer.rrec.data = payload; + s->rlayer.rrec.length = strlen((const char *)payload); + *payload++ = TLS1_HB_REQUEST; + s2n(fixture.sent_payload_len, payload); + + /* + * Make a local copy of the request, since it gets overwritten at some + * point + */ + memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf)); + + return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, + s->rlayer.rrec.length); + + if (return_value != fixture.expected_return_value) { + printf("%s failed: expected return value %d, received %d\n", + fixture.test_case_name, fixture.expected_return_value, + return_value); + result = 1; + } + + /* + * If there is any byte alignment, it will be stored in wbuf.offset. + */ + p = &(s->rlayer. + wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]); + actual_payload_len = 0; + n2s(p, actual_payload_len); + + if (actual_payload_len != fixture.expected_payload_len) { + printf("%s failed:\n expected payload len: %d\n received: %d\n", + fixture.test_case_name, fixture.expected_payload_len, + actual_payload_len); + print_payload("sent", sent_buf, strlen((const char *)sent_buf)); + print_payload("received", p, actual_payload_len); + result = 1; + } else { + char *actual_payload = + BUF_strndup((const char *)p, actual_payload_len); + if (strcmp(actual_payload, fixture.expected_return_payload) != 0) { + printf + ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", + fixture.test_case_name, fixture.expected_return_payload, + actual_payload); + result = 1; + } + OPENSSL_free(actual_payload); + } + + if (result != 0) { + printf("** %s failed **\n--------\n", fixture.test_case_name); + } + return result; +} + +static int honest_payload_size(unsigned char payload_buf[]) +{ + /* Omit three-byte pad at the beginning for type and payload length */ + return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE; +} + +# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ + SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type) + +# define EXECUTE_HEARTBEAT_TEST()\ + EXECUTE_TEST(execute_heartbeat, tear_down) + +static int test_dtls1_not_bleeding() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " Not bleeding, sixteen spaces of padding" " "; + const int payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = + "Not bleeding, sixteen spaces of padding"; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_not_bleeding_empty_payload() +{ + int payload_buf_len; + + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Three-byte pad at the beginning for type and payload length, plus a + * NUL at the end + */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); + payload_buf[MIN_PADDING_SIZE + 3] = '\0'; + payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] = + " HEARTBLEED "; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed_empty_payload() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte short of type + payload length + * + minimum padding + */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); + payload_buf[MIN_PADDING_SIZE + 2] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_dtls1_heartbleed_excessive_plaintext_length() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte in excess of maximum allowed + * heartbeat message length + */ + unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; + memset(payload_buf, ' ', sizeof(payload_buf)); + payload_buf[sizeof(payload_buf) - 1] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = honest_payload_size(payload_buf); + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_tls1_not_bleeding() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " Not bleeding, sixteen spaces of padding" " "; + const int payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = + "Not bleeding, sixteen spaces of padding"; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_tls1_not_bleeding_empty_payload() +{ + int payload_buf_len; + + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* + * Three-byte pad at the beginning for type and payload length, plus a + * NUL at the end + */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); + payload_buf[MIN_PADDING_SIZE + 3] = '\0'; + payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_tls1_heartbleed() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " HEARTBLEED "; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +static int test_tls1_heartbleed_empty_payload() +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* + * Excluding the NUL at the end, one byte short of type + payload length + * + minimum padding + */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); + payload_buf[MIN_PADDING_SIZE + 2] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +# undef EXECUTE_HEARTBEAT_TEST +# undef SETUP_HEARTBEAT_TEST_FIXTURE + +int main(int argc, char *argv[]) +{ + int result = 0; + + SSL_library_init(); + SSL_load_error_strings(); + + ADD_TEST(test_dtls1_not_bleeding); + ADD_TEST(test_dtls1_not_bleeding_empty_payload); + ADD_TEST(test_dtls1_heartbleed); + ADD_TEST(test_dtls1_heartbleed_empty_payload); + ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length); + ADD_TEST(test_tls1_not_bleeding); + ADD_TEST(test_tls1_not_bleeding_empty_payload); + ADD_TEST(test_tls1_heartbleed); + ADD_TEST(test_tls1_heartbleed_empty_payload); + + result = run_tests(argv[0]); + ERR_print_errors_fp(stderr); + return result; +} + +#else /* OPENSSL_NO_HEARTBEATS */ + +int main(int argc, char *argv[]) +{ + return EXIT_SUCCESS; +} +#endif /* OPENSSL_NO_HEARTBEATS */ diff --git a/test/hmactest.c b/test/hmactest.c new file mode 100644 index 0000000000..5e90dba55a --- /dev/null +++ b/test/hmactest.c @@ -0,0 +1,318 @@ +/* crypto/hmac/hmactest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +# include <openssl/hmac.h> +# ifndef OPENSSL_NO_MD5 +# include <openssl/md5.h> +# endif + +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif + +# ifndef OPENSSL_NO_MD5 +static struct test_st { + unsigned char key[16]; + int key_len; + unsigned char data[64]; + int data_len; + unsigned char *digest; +} test[8] = { + { + "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, + (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", + }, + { + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + }, 16, "Hi There", 8, + (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d", + }, + { + "Jefe", 4, "what do ya want for nothing?", 28, + (unsigned char *)"750c783e6ab0b503eaa86e310a5db738", + }, + { + { + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + }, 16, { + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, + 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd + }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", + }, + { + "", 0, "My test data", 12, + (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc" + }, + { + "", 0, "My test data", 12, + (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" + }, + { + "123456", 6, "My test data", 12, + (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" + }, + { + "12345", 5, "My test data again", 12, + (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb" + } +}; +# endif + +static char *pt(unsigned char *md, unsigned int len); + +int main(int argc, char *argv[]) +{ +# ifndef OPENSSL_NO_MD5 + int i; + char *p; +# endif + int err = 0; + HMAC_CTX ctx, ctx2; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; + +# ifdef OPENSSL_NO_MD5 + printf("test skipped: MD5 disabled\n"); +# else + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); + ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); + ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); + ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); +# endif + + for (i = 0; i < 4; i++) { + p = pt(HMAC(EVP_md5(), + test[i].key, test[i].key_len, + test[i].data, test[i].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); + + if (strcmp(p, (char *)test[i].digest) != 0) { + printf("Error calculating HMAC on %d entry'\n", i); + printf("got %s instead of %s\n", p, test[i].digest); + err++; + } else + printf("test %d ok\n", i); + } +# endif /* OPENSSL_NO_MD5 */ + +/* test4 */ + HMAC_CTX_init(&ctx); + if(HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); + err++; + goto test5; + } + if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + if(HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with empty key (test 4)\n"); + err++; + goto test5; + } + if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + printf("test 4 ok\n"); +test5: + HMAC_CTX_init(&ctx); + if(HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD (test 5)\n"); + err++; + goto test6; + } + if(HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); + err++; + goto test6; + } + if(HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Error updating HMAC with data (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + goto test6; + } + if(!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + printf("Failed to reinitialise HMAC (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + printf("Error updating HMAC with data (sha256) (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (sha256) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[5].digest) != 0) { + printf("Error calculating 2nd interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[5].digest); + err++; + goto test6; + } + if(!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + printf("Failed to reinitialise HMAC with key (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + printf("Error updating HMAC with data (new key) (test 5)\n"); + err++; + goto test6; + } + if(!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (new key) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[6].digest) != 0) { + printf("error calculating HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[6].digest); + err++; + } else { + printf("test 5 ok\n"); + } +test6: + HMAC_CTX_init(&ctx); + if(!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 6)\n"); + err++; + goto end; + } + if(!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + printf("Error updating HMAC with data (test 6)\n"); + err++; + goto end; + } + if(!HMAC_CTX_copy(&ctx2, &ctx)) { + printf("Failed to copy HMAC_CTX (test 6)\n"); + err++; + goto end; + } + if(!HMAC_Final(&ctx2, buf, &len)) { + printf("Error finalising data (test 6)\n"); + err++; + goto end; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[7].digest) != 0) { + printf("Error calculating HMAC on test 6\n"); + printf("got %s instead of %s\n", p, test[7].digest); + err++; + } else { + printf("test 6 ok\n"); + } +end: + EXIT(err); +} + +# ifndef OPENSSL_NO_MD5 +static char *pt(unsigned char *md, unsigned int len) +{ + unsigned int i; + static char buf[80]; + + for (i = 0; i < len; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +# endif diff --git a/test/ideatest.c b/test/ideatest.c new file mode 100644 index 0000000000..dd5d9ff12f --- /dev/null +++ b/test/ideatest.c @@ -0,0 +1,231 @@ +/* crypto/idea/ideatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_IDEA +int main(int argc, char *argv[]) +{ + printf("No IDEA support\n"); + return (0); +} +#else +# include <openssl/idea.h> + +unsigned char k[16] = { + 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, + 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 +}; + +unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; +unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; + +unsigned char out[80]; + +char *text = "Hello to all people out there"; + +static unsigned char cfb_key[16] = { + 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, + 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, +}; +static unsigned char cfb_iv[80] = + { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; +static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; +# define CFB_TEST_SIZE 24 +static unsigned char plain[CFB_TEST_SIZE] = { + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, + 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 +}; + +static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { + 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, + 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, + 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 +/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, + 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, + 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ +}; + +static int cfb64_test(unsigned char *cfb_cipher); +static char *pt(unsigned char *p); +int main(int argc, char *argv[]) +{ + int i, err = 0; + IDEA_KEY_SCHEDULE key, dkey; + unsigned char iv[8]; + + idea_set_encrypt_key(k, &key); + idea_ecb_encrypt(in, out, &key); + if (memcmp(out, c, 8) != 0) { + printf("ecb idea error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", c[i]); + err = 20; + printf("\n"); + } + + idea_set_decrypt_key(&key, &dkey); + idea_ecb_encrypt(c, out, &dkey); + if (memcmp(out, in, 8) != 0) { + printf("ecb idea error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", out[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", in[i]); + printf("\n"); + err = 3; + } + + if (err == 0) + printf("ecb idea ok\n"); + + memcpy(iv, k, 8); + idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv, + 1); + memcpy(iv, k, 8); + idea_cbc_encrypt(out, out, 8, &dkey, iv, 0); + idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv, + 0); + if (memcmp(text, out, strlen(text) + 1) != 0) { + printf("cbc idea bad\n"); + err = 4; + } else + printf("cbc idea ok\n"); + + printf("cfb64 idea "); + if (cfb64_test(cfb_cipher64)) { + printf("bad\n"); + err = 5; + } else + printf("ok\n"); + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); +} + +static int cfb64_test(unsigned char *cfb_cipher) +{ + IDEA_KEY_SCHEDULE eks, dks; + int err = 0, i, n; + + idea_set_encrypt_key(cfb_key, &eks); + idea_set_decrypt_key(&eks, &dks); + memcpy(cfb_tmp, cfb_iv, 8); + n = 0; + idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, + cfb_tmp, &n, IDEA_ENCRYPT); + idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + (long)CFB_TEST_SIZE - 12, &eks, + cfb_tmp, &n, IDEA_ENCRYPT); + if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) { + err = 1; + printf("idea_cfb64_encrypt encrypt error\n"); + for (i = 0; i < CFB_TEST_SIZE; i += 8) + printf("%s\n", pt(&(cfb_buf1[i]))); + } + memcpy(cfb_tmp, cfb_iv, 8); + n = 0; + idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks, + cfb_tmp, &n, IDEA_DECRYPT); + idea_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]), + (long)CFB_TEST_SIZE - 13, &eks, + cfb_tmp, &n, IDEA_DECRYPT); + if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) { + err = 1; + printf("idea_cfb_encrypt decrypt error\n"); + for (i = 0; i < 24; i += 8) + printf("%s\n", pt(&(cfb_buf2[i]))); + } + return (err); +} + +static char *pt(unsigned char *p) +{ + static char bufs[10][20]; + static int bnum = 0; + char *ret; + int i; + static char *f = "0123456789ABCDEF"; + + ret = &(bufs[bnum++][0]); + bnum %= 10; + for (i = 0; i < 8; i++) { + ret[i * 2] = f[(p[i] >> 4) & 0xf]; + ret[i * 2 + 1] = f[p[i] & 0xf]; + } + ret[16] = '\0'; + return (ret); +} +#endif diff --git a/test/jpaketest.c b/test/jpaketest.c new file mode 100644 index 0000000000..ef9e54bdb3 --- /dev/null +++ b/test/jpaketest.c @@ -0,0 +1,185 @@ +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_JPAKE + +# include <stdio.h> + +int main(int argc, char *argv[]) +{ + printf("No J-PAKE support\n"); + return (0); +} + +#else + +# include <openssl/jpake.h> +# include <openssl/err.h> + +static void showbn(const char *name, const BIGNUM *bn) +{ + fputs(name, stdout); + fputs(" = ", stdout); + BN_print_fp(stdout, bn); + putc('\n', stdout); +} + +static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) +{ + JPAKE_STEP1 alice_s1; + JPAKE_STEP1 bob_s1; + JPAKE_STEP2 alice_s2; + JPAKE_STEP2 bob_s2; + JPAKE_STEP3A alice_s3a; + JPAKE_STEP3B bob_s3b; + + /* Alice -> Bob: step 1 */ + puts("A->B s1"); + JPAKE_STEP1_init(&alice_s1); + JPAKE_STEP1_generate(&alice_s1, alice); + if (!JPAKE_STEP1_process(bob, &alice_s1)) { + printf("Bob fails to process Alice's step 1\n"); + ERR_print_errors_fp(stdout); + return 1; + } + JPAKE_STEP1_release(&alice_s1); + + /* Bob -> Alice: step 1 */ + puts("B->A s1"); + JPAKE_STEP1_init(&bob_s1); + JPAKE_STEP1_generate(&bob_s1, bob); + if (!JPAKE_STEP1_process(alice, &bob_s1)) { + printf("Alice fails to process Bob's step 1\n"); + ERR_print_errors_fp(stdout); + return 2; + } + JPAKE_STEP1_release(&bob_s1); + + /* Alice -> Bob: step 2 */ + puts("A->B s2"); + JPAKE_STEP2_init(&alice_s2); + JPAKE_STEP2_generate(&alice_s2, alice); + if (!JPAKE_STEP2_process(bob, &alice_s2)) { + printf("Bob fails to process Alice's step 2\n"); + ERR_print_errors_fp(stdout); + return 3; + } + JPAKE_STEP2_release(&alice_s2); + + /* Bob -> Alice: step 2 */ + puts("B->A s2"); + JPAKE_STEP2_init(&bob_s2); + JPAKE_STEP2_generate(&bob_s2, bob); + if (!JPAKE_STEP2_process(alice, &bob_s2)) { + printf("Alice fails to process Bob's step 2\n"); + ERR_print_errors_fp(stdout); + return 4; + } + JPAKE_STEP2_release(&bob_s2); + + showbn("Alice's key", JPAKE_get_shared_key(alice)); + showbn("Bob's key ", JPAKE_get_shared_key(bob)); + + /* Alice -> Bob: step 3a */ + puts("A->B s3a"); + JPAKE_STEP3A_init(&alice_s3a); + JPAKE_STEP3A_generate(&alice_s3a, alice); + if (!JPAKE_STEP3A_process(bob, &alice_s3a)) { + printf("Bob fails to process Alice's step 3a\n"); + ERR_print_errors_fp(stdout); + return 5; + } + JPAKE_STEP3A_release(&alice_s3a); + + /* Bob -> Alice: step 3b */ + puts("B->A s3b"); + JPAKE_STEP3B_init(&bob_s3b); + JPAKE_STEP3B_generate(&bob_s3b, bob); + if (!JPAKE_STEP3B_process(alice, &bob_s3b)) { + printf("Alice fails to process Bob's step 3b\n"); + ERR_print_errors_fp(stdout); + return 6; + } + JPAKE_STEP3B_release(&bob_s3b); + + return 0; +} + +int main(int argc, char **argv) +{ + JPAKE_CTX *alice; + JPAKE_CTX *bob; + BIGNUM *p = NULL; + BIGNUM *g = NULL; + BIGNUM *q = NULL; + BIGNUM *secret = BN_new(); + BIO *bio_err; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /*- + BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); + BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); + BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); + */ + /*- + p = BN_new(); + BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); + */ + /* Use a safe prime for p (that we found earlier) */ + BN_hex2bn(&p, + "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); + showbn("p", p); + g = BN_new(); + BN_set_word(g, 2); + showbn("g", g); + q = BN_new(); + BN_rshift1(q, p); + showbn("q", q); + + BN_rand(secret, 32, -1, 0); + + /* A normal run, expect this to work... */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if (run_jpake(alice, bob) != 0) { + fprintf(stderr, "Plain JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + /* Now give Alice and Bob different secrets */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + BN_add_word(secret, 1); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if (run_jpake(alice, bob) != 5) { + fprintf(stderr, "Mismatched secret JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + BN_free(secret); + BN_free(q); + BN_free(g); + BN_free(p); + + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + + return 0; +} + +#endif diff --git a/test/md2test.c b/test/md2test.c new file mode 100644 index 0000000000..49a8a9bc78 --- /dev/null +++ b/test/md2test.c @@ -0,0 +1,142 @@ +/* crypto/md2/md2test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD2 +int main(int argc, char *argv[]) +{ + printf("No MD2 support\n"); + return (0); +} +#else +# include <openssl/evp.h> +# include <openssl/md2.h> + +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "8350e5a3e24c153df2275c9f80692773", + "32ec01ec4a6dac72c0ab96fb34c0b5d1", + "da853b0d3f88d99b30283a69e6ded6bb", + "ab4f496bfb2a530b219ff33031fe06b0", + "4e8ddff3650292ab5a4108c3aa47940b", + "da33def2a42df13975352846c30338cd", + "d5976f79d83d3a0dc9806c3c66f3efd8", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD2_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(), + NULL); + p = pt(md); + if (strcmp(p, *R) != 0) { + printf("error calculating MD2 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); + return err; +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD2_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/test/md4test.c b/test/md4test.c new file mode 100644 index 0000000000..9c82eb07f8 --- /dev/null +++ b/test/md4test.c @@ -0,0 +1,132 @@ +/* crypto/md4/md4test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD4 +int main(int argc, char *argv[]) +{ + printf("No MD4 support\n"); + return (0); +} +#else +# include <openssl/evp.h> +# include <openssl/md4.h> + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "31d6cfe0d16ae931b73c59d7e0c089c0", + "bde52cb31de33e46245e05fbdbd6fb24", + "a448017aaf21d8525fc10ae87aa6729d", + "d9130a8164549fe818874806e1c7014b", + "d79e1c308aa5bbcdeea8ed63df412da9", + "043f8582f241db351ce627e153e7f0e4", + "e33b4ddc9c38f2199c3e7b164fcc0536", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD4_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL); + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating MD4 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD4_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/test/md5test.c b/test/md5test.c new file mode 100644 index 0000000000..3016ee39d5 --- /dev/null +++ b/test/md5test.c @@ -0,0 +1,137 @@ +/* crypto/md5/md5test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_MD5 +int main(int argc, char *argv[]) +{ + printf("No MD5 support\n"); + return (0); +} +#else +# include <openssl/evp.h> +# include <openssl/md5.h> + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "d41d8cd98f00b204e9800998ecf8427e", + "0cc175b9c0f1b6a831c399e269772661", + "900150983cd24fb0d6963f7d28e17f72", + "f96b697d7cb7938d525a2f31aaf161d0", + "c3fcd3d76192e4007dfb496cca67e13b", + "d174ab98d277d9f5a5611c2c9f419d9f", + "57edf4a22be3c955ac49da2e2107b67a", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[MD5_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL); + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating MD5 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < MD5_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/test/mdc2test.c b/test/mdc2test.c new file mode 100644 index 0000000000..a0d77a30ec --- /dev/null +++ b/test/mdc2test.c @@ -0,0 +1,145 @@ +/* crypto/mdc2/mdc2test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) +# define OPENSSL_NO_MDC2 +#endif + +#ifdef OPENSSL_NO_MDC2 +int main(int argc, char *argv[]) +{ + printf("No MDC2 support\n"); + return (0); +} +#else +# include <openssl/evp.h> +# include <openssl/mdc2.h> + +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif + +static unsigned char pad1[16] = { + 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA, + 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A +}; + +static unsigned char pad2[16] = { + 0x2E, 0x46, 0x79, 0xB5, 0xAD, 0xD9, 0xCA, 0x75, + 0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2 +}; + +int main(int argc, char *argv[]) +{ + int ret = 0; + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + EVP_MD_CTX c; + static char *text = "Now is the time for all "; + +# ifdef CHARSET_EBCDIC + ebcdic2ascii(text, text, strlen(text)); +# endif + + EVP_MD_CTX_init(&c); + EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); + EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(&c, &(md[0]), NULL); + + if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", md[i]); + printf(" <- generated\n"); + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", pad1[i]); + printf(" <- correct\n"); + ret = 1; + } else + printf("pad1 - ok\n"); + + EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); + /* FIXME: use a ctl function? */ + ((MDC2_CTX *)c.md_data)->pad_type = 2; + EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(&c, &(md[0]), NULL); + + if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", md[i]); + printf(" <- generated\n"); + for (i = 0; i < MDC2_DIGEST_LENGTH; i++) + printf("%02X", pad2[i]); + printf(" <- correct\n"); + ret = 1; + } else + printf("pad2 - ok\n"); + + EVP_MD_CTX_cleanup(&c); +# ifdef OPENSSL_SYS_NETWARE + if (ret) + printf("ERROR: %d\n", ret); +# endif + EXIT(ret); +} +#endif diff --git a/test/p5_crpt2_test.c b/test/p5_crpt2_test.c new file mode 100644 index 0000000000..01661b15ed --- /dev/null +++ b/test/p5_crpt2_test.c @@ -0,0 +1,211 @@ +/* Written by Christian Heimes, 2013 */ +/* + * Copyright (c) 2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <string.h> + +#include "../e_os.h" + +#include <openssl/opensslconf.h> +#include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE +# include <openssl/engine.h> +#endif +#include <openssl/err.h> +#include <openssl/conf.h> + +typedef struct { + const char *pass; + int passlen; + const char *salt; + int saltlen; + int iter; +} testdata; + +static testdata test_cases[] = { + {"password", 8, "salt", 4, 1}, + {"password", 8, "salt", 4, 2}, + {"password", 8, "salt", 4, 4096}, + {"passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, 4096}, + {"pass\0word", 9, "sa\0lt", 5, 4096}, + {NULL}, +}; + +static const char *sha1_results[] = { + "0c60c80f961f0e71f3a9b524af6012062fe037a6", + "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957", + "4b007901b765489abead49d926f721d065a429c1", + "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038", + "56fa6aa75548099dcc37d7f03425e0c3", +}; + +static const char *sha256_results[] = { + "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b", + "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43", + "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a", + "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c63551" + "8c7dac47e9", + "89b69d0516f829893c696226650a8687", +}; + +static const char *sha512_results[] = { + "867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d47" + "0a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce", + "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab" + "2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e", + "d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30" + "602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5", + "8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59" + "f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8", + "9d9e9c4cd21fe4be24d5b8244c759665", +}; + +static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) +{ + int i; + fprintf(f, "%s", title); + for (i = 0; i < l; i++) { + fprintf(f, "%02x", s[i]); + } + fprintf(f, "\n"); +} + +static void convert(unsigned char *dst, const unsigned char *src, int len) +{ + int i; + for (i = 0; i < len; i++, dst++, src += 2) { + unsigned int n; + sscanf((char *)src, "%2x", &n); + *dst = (unsigned char)n; + } + *dst = 0; +} + +static void +test_p5_pbkdf2(int i, char *digestname, testdata *test, const char *hex) +{ + const EVP_MD *digest; + unsigned char *out; + unsigned char *expected; + int keylen, r; + + digest = EVP_get_digestbyname(digestname); + if (digest == NULL) { + fprintf(stderr, "unknown digest %s\n", digestname); + EXIT(5); + } + + if ((strlen(hex) % 2) != 0) { + fprintf(stderr, "odd hex digest %s %i\n", digestname, i); + EXIT(5); + } + keylen = strlen(hex) / 2; + expected = OPENSSL_malloc(keylen + 1); + out = OPENSSL_malloc(keylen + 1); + if ((expected == NULL) || (out == NULL)) { + fprintf(stderr, "malloc() failed\n"); + EXIT(5); + } + convert(expected, (const unsigned char *)hex, keylen); + + r = PKCS5_PBKDF2_HMAC(test->pass, test->passlen, + (const unsigned char *)test->salt, test->saltlen, + test->iter, digest, keylen, out); + + if (r == 0) { + fprintf(stderr, "PKCS5_PBKDF2_HMAC(%s) failure test %i\n", + digestname, i); + EXIT(3); + } + if (memcmp(expected, out, keylen) != 0) { + fprintf(stderr, "Wrong result for PKCS5_PBKDF2_HMAC(%s) test %i\n", + digestname, i); + hexdump(stderr, "expected: ", expected, keylen); + hexdump(stderr, "result: ", out, keylen); + EXIT(2); + } + OPENSSL_free(expected); + OPENSSL_free(out); +} + +int main(int argc, char **argv) +{ + int i; + testdata *test = test_cases; + + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + OpenSSL_add_all_digests(); +# ifndef OPENSSL_NO_ENGINE + ENGINE_load_builtin_engines(); + ENGINE_register_all_digests(); +# endif + + printf("PKCS5_PBKDF2_HMAC() tests "); + for (i = 0; test->pass != NULL; i++, test++) { + test_p5_pbkdf2(i, "sha1", test, sha1_results[i]); + test_p5_pbkdf2(i, "sha256", test, sha256_results[i]); + test_p5_pbkdf2(i, "sha512", test, sha512_results[i]); + printf("."); + } + printf(" done\n"); + +# ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); +# endif + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + return 0; +} diff --git a/test/randtest.c b/test/randtest.c new file mode 100644 index 0000000000..67acf700ee --- /dev/null +++ b/test/randtest.c @@ -0,0 +1,198 @@ +/* crypto/rand/randtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/rand.h> + +#include "../e_os.h" + +/* some FIPS 140-1 random number test */ +/* some simple tests */ + +int main(int argc, char **argv) +{ + unsigned char buf[2500]; + int i, j, k, s, sign, nsign, err = 0; + unsigned long n1; + unsigned long n2[16]; + unsigned long runs[2][34]; + /* + * double d; + */ + long d; + + i = RAND_bytes(buf, 2500); + if (i <= 0) { + printf("init failed, the rand method is not properly installed\n"); + err++; + goto err; + } + + n1 = 0; + for (i = 0; i < 16; i++) + n2[i] = 0; + for (i = 0; i < 34; i++) + runs[0][i] = runs[1][i] = 0; + + /* test 1 and 2 */ + sign = 0; + nsign = 0; + for (i = 0; i < 2500; i++) { + j = buf[i]; + + n2[j & 0x0f]++; + n2[(j >> 4) & 0x0f]++; + + for (k = 0; k < 8; k++) { + s = (j & 0x01); + if (s == sign) + nsign++; + else { + if (nsign > 34) + nsign = 34; + if (nsign != 0) { + runs[sign][nsign - 1]++; + if (nsign > 6) + runs[sign][5]++; + } + sign = s; + nsign = 1; + } + + if (s) + n1++; + j >>= 1; + } + } + if (nsign > 34) + nsign = 34; + if (nsign != 0) + runs[sign][nsign - 1]++; + + /* test 1 */ + if (!((9654 < n1) && (n1 < 10346))) { + printf("test 1 failed, X=%lu\n", n1); + err++; + } + printf("test 1 done\n"); + + /* test 2 */ + d = 0; + for (i = 0; i < 16; i++) + d += n2[i] * n2[i]; + d = (d * 8) / 25 - 500000; + if (!((103 < d) && (d < 5740))) { + printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L); + err++; + } + printf("test 2 done\n"); + + /* test 3 */ + for (i = 0; i < 2; i++) { + if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 1, runs[i][0]); + err++; + } + if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 2, runs[i][1]); + err++; + } + if (!((502 < runs[i][2]) && (runs[i][2] < 748))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 3, runs[i][2]); + err++; + } + if (!((223 < runs[i][3]) && (runs[i][3] < 402))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 4, runs[i][3]); + err++; + } + if (!((90 < runs[i][4]) && (runs[i][4] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 5, runs[i][4]); + err++; + } + if (!((90 < runs[i][5]) && (runs[i][5] < 223))) { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i, 6, runs[i][5]); + err++; + } + } + printf("test 3 done\n"); + + /* test 4 */ + if (runs[0][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]); + err++; + } + if (runs[1][33] != 0) { + printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]); + err++; + } + printf("test 4 done\n"); + err: + err = ((err) ? 1 : 0); +#ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +#endif + EXIT(err); +} diff --git a/test/rc2test.c b/test/rc2test.c new file mode 100644 index 0000000000..ae57e56d39 --- /dev/null +++ b/test/rc2test.c @@ -0,0 +1,152 @@ +/* crypto/rc2/rc2test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC2 modes, more of the code will be uncommented. + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC2 +int main(int argc, char *argv[]) +{ + printf("No RC2 support\n"); + return (0); +} +#else +# include <openssl/rc2.h> + +static unsigned char RC2key[4][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, +}; + +static unsigned char RC2plain[4][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, +}; + +static unsigned char RC2cipher[4][8] = { + {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7}, + {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74}, + {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E}, + {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31}, +}; + +int main(int argc, char *argv[]) +{ + int i, n, err = 0; + RC2_KEY key; + unsigned char buf[8], buf2[8]; + + for (n = 0; n < 4; n++) { + RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ ); + + RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT); + if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) { + printf("ecb rc2 error encrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC2cipher[n][i]); + err = 20; + printf("\n"); + } + + RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT); + if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) { + printf("ecb RC2 error decrypting\n"); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC2plain[n][i]); + printf("\n"); + err = 3; + } + } + + if (err == 0) + printf("ecb RC2 ok\n"); + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); +} + +#endif diff --git a/test/rc4test.c b/test/rc4test.c new file mode 100644 index 0000000000..a1f96e4cb8 --- /dev/null +++ b/test/rc4test.c @@ -0,0 +1,234 @@ +/* crypto/rc4/rc4test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC4 +int main(int argc, char *argv[]) +{ + printf("No RC4 support\n"); + return (0); +} +#else +# include <openssl/rc4.h> +# include <openssl/sha.h> + +static unsigned char keys[7][30] = { + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {4, 0xef, 0x01, 0x23, 0x45}, + {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}, + {4, 0xef, 0x01, 0x23, 0x45}, +}; + +static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 }; + +static unsigned char data[7][30] = { + {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff}, + {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff}, + {0}, +}; + +static unsigned char output[7][30] = { + {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00}, + {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00}, + {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00}, + {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, + 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba, + 0x36, 0xb6, 0x78, 0x58, 0x00}, + {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89, + 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c, + 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87, + 0x40, 0x01, 0x1e, 0xcf, 0x00}, + {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00}, + {0}, +}; + +int main(int argc, char *argv[]) +{ + int i, err = 0; + int j; + unsigned char *p; + RC4_KEY key; + unsigned char obuf[512]; + +# if !defined(OPENSSL_PIC) + void OPENSSL_cpuid_setup(void); + + OPENSSL_cpuid_setup(); +# endif + + for (i = 0; i < 6; i++) { + RC4_set_key(&key, keys[i][0], &(keys[i][1])); + memset(obuf, 0x00, sizeof(obuf)); + RC4(&key, data_len[i], &(data[i][0]), obuf); + if (memcmp(obuf, output[i], data_len[i] + 1) != 0) { + printf("error calculating RC4\n"); + printf("output:"); + for (j = 0; j < data_len[i] + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[i][0]); + for (j = 0; j < data_len[i] + 1; j++) + printf(" %02x", *(p++)); + printf("\n"); + err++; + } else + printf("test %d ok\n", i); + } + printf("test end processing "); + for (i = 0; i < data_len[3]; i++) { + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0x00, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) { + printf("error in RC4 length processing\n"); + printf("output:"); + for (j = 0; j < i + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[3][0]); + for (j = 0; j < i; j++) + printf(" %02x", *(p++)); + printf(" 00\n"); + err++; + } else { + printf("."); + fflush(stdout); + } + } + printf("done\n"); + printf("test multi-call "); + for (i = 0; i < data_len[3]; i++) { + RC4_set_key(&key, keys[3][0], &(keys[3][1])); + memset(obuf, 0x00, sizeof(obuf)); + RC4(&key, i, &(data[3][0]), obuf); + RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i])); + if (memcmp(obuf, output[3], data_len[3] + 1) != 0) { + printf("error in RC4 multi-call processing\n"); + printf("output:"); + for (j = 0; j < data_len[3] + 1; j++) + printf(" %02x", obuf[j]); + printf("\n"); + printf("expect:"); + p = &(output[3][0]); + for (j = 0; j < data_len[3] + 1; j++) + printf(" %02x", *(p++)); + err++; + } else { + printf("."); + fflush(stdout); + } + } + printf("done\n"); + printf("bulk test "); + { + unsigned char buf[513]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + static unsigned char expected[] = { + 0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f, + 0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5 + }; + + RC4_set_key(&key, keys[0][0], &(keys[3][1])); + memset(buf, '\0', sizeof(buf)); + SHA1_Init(&c); + for (i = 0; i < 2571; i++) { + RC4(&key, sizeof(buf), buf, buf); + SHA1_Update(&c, buf, sizeof(buf)); + } + SHA1_Final(md, &c); + + if (memcmp(md, expected, sizeof(md))) { + printf("error in RC4 bulk test\n"); + printf("output:"); + for (j = 0; j < (int)sizeof(md); j++) + printf(" %02x", md[j]); + printf("\n"); + printf("expect:"); + for (j = 0; j < (int)sizeof(md); j++) + printf(" %02x", expected[j]); + printf("\n"); + err++; + } else + printf("ok\n"); + } +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); +} +#endif diff --git a/test/rc5test.c b/test/rc5test.c new file mode 100644 index 0000000000..5ed4d21105 --- /dev/null +++ b/test/rc5test.c @@ -0,0 +1,325 @@ +/* crypto/rc5/rc5test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * This has been a quickly hacked 'ideatest.c'. When I add tests for other + * RC5 modes, more of the code will be uncommented. + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RC5 +int main(int argc, char *argv[]) +{ + printf("No RC5 support\n"); + return (0); +} +#else +# include <openssl/rc5.h> + +static unsigned char RC5key[5][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51, + 0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91}, + {0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f, + 0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87}, + {0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f, + 0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf}, + {0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15, + 0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25}, +}; + +static unsigned char RC5plain[5][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, + {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, + {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, + {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, +}; + +static unsigned char RC5cipher[5][8] = { + {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D}, + {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52}, + {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92}, + {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC}, + {0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24}, +}; + +# define RC5_CBC_NUM 27 +static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8] = { + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e}, + {0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e}, + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, + {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f}, + {0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6}, + {0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78}, + {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, + {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88}, + {0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff}, + {0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8}, + {0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4}, + {0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36}, + {0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02}, + {0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34}, + {0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4}, + {0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c}, + {0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3}, + {0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7}, + {0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad}, + {0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63}, + {0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60}, + {0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8}, + {0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f}, + {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, + {0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95}, + {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, + {0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17}, +}; + +static unsigned char rc5_cbc_key[RC5_CBC_NUM][17] = { + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x11}, + {1, 0x00}, + {4, 0x00, 0x00, 0x00, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {1, 0x00}, + {4, 0x01, 0x02, 0x03, 0x04}, + {4, 0x01, 0x02, 0x03, 0x04}, + {4, 0x01, 0x02, 0x03, 0x04}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, + {5, 0x01, 0x02, 0x03, 0x04, 0x05}, +}; + +static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01}, +}; + +static int rc5_cbc_rounds[RC5_CBC_NUM] = { + 0, 0, 0, 0, 0, 1, 2, 2, + 8, 8, 12, 16, 8, 12, 16, 12, + 8, 12, 16, 8, 12, 16, 12, 8, + 8, 8, 8, +}; + +static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11}, +}; + +int main(int argc, char *argv[]) +{ + int i, n, err = 0; + RC5_32_KEY key; + unsigned char buf[8], buf2[8], ivb[8]; + + for (n = 0; n < 5; n++) { + RC5_32_set_key(&key, 16, &(RC5key[n][0]), 12); + + RC5_32_ecb_encrypt(&(RC5plain[n][0]), buf, &key, RC5_ENCRYPT); + if (memcmp(&(RC5cipher[n][0]), buf, 8) != 0) { + printf("ecb RC5 error encrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC5cipher[n][i]); + err = 20; + printf("\n"); + } + + RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT); + if (memcmp(&(RC5plain[n][0]), buf2, 8) != 0) { + printf("ecb RC5 error decrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf2[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", RC5plain[n][i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("ecb RC5 ok\n"); + + for (n = 0; n < RC5_CBC_NUM; n++) { + i = rc5_cbc_rounds[n]; + if (i < 8) + continue; + + RC5_32_set_key(&key, rc5_cbc_key[n][0], &(rc5_cbc_key[n][1]), i); + + memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); + RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]), buf, 8, + &key, &(ivb[0]), RC5_ENCRYPT); + + if (memcmp(&(rc5_cbc_cipher[n][0]), buf, 8) != 0) { + printf("cbc RC5 error encrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", rc5_cbc_cipher[n][i]); + err = 30; + printf("\n"); + } + + memcpy(ivb, &(rc5_cbc_iv[n][0]), 8); + RC5_32_cbc_encrypt(buf, buf2, 8, &key, &(ivb[0]), RC5_DECRYPT); + if (memcmp(&(rc5_cbc_plain[n][0]), buf2, 8) != 0) { + printf("cbc RC5 error decrypting (%d)\n", n + 1); + printf("got :"); + for (i = 0; i < 8; i++) + printf("%02X ", buf2[i]); + printf("\n"); + printf("expected:"); + for (i = 0; i < 8; i++) + printf("%02X ", rc5_cbc_plain[n][i]); + printf("\n"); + err = 3; + } + } + if (err == 0) + printf("cbc RC5 ok\n"); + + EXIT(err); + return (err); +} + +#endif diff --git a/test/rmdtest.c b/test/rmdtest.c new file mode 100644 index 0000000000..b0ebb12c27 --- /dev/null +++ b/test/rmdtest.c @@ -0,0 +1,142 @@ +/* crypto/ripemd/rmdtest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" + +#ifdef OPENSSL_NO_RMD160 +int main(int argc, char *argv[]) +{ + printf("No ripemd support\n"); + return (0); +} +#else +# include <openssl/ripemd.h> +# include <openssl/evp.h> + +# ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +# endif + +static char *test[] = { + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + NULL, +}; + +static char *ret[] = { + "9c1185a5c5e9fc54612808977ee8f548b2258d31", + "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", + "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc", + "5d0689ef49d2fae572b881b123a85ffa21595f36", + "f71c27109c692c1b56bbdceb5b9d2865b3708dbc", + "12a053384a9c0c88e405a06c27dcf49ada62eb2b", + "b0e20b6e3116640286ed3a87a5713079b21f5189", + "9b752e45573d4b39f4dbd3323cab82bf63326bfb", +}; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + char *p; + unsigned char md[RIPEMD160_DIGEST_LENGTH]; + + P = test; + R = ret; + i = 1; + while (*P != NULL) { +# ifdef CHARSET_EBCDIC + ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); +# endif + EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_ripemd160(), + NULL); + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating RIPEMD160 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + EXIT(err); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} +#endif diff --git a/test/rsa_test.c b/test/rsa_test.c new file mode 100644 index 0000000000..e9712953e9 --- /dev/null +++ b/test/rsa_test.c @@ -0,0 +1,331 @@ +/* test vectors from p1ovect1.txt */ + +#include <stdio.h> +#include <string.h> + +#include "e_os.h" + +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/bn.h> +#ifdef OPENSSL_NO_RSA +int main(int argc, char *argv[]) +{ + printf("No RSA support\n"); + return (0); +} +#else +# include <openssl/rsa.h> + +# define SetKey \ + key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ + key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \ + key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \ + key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \ + key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \ + key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \ + key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \ + key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ + return (sizeof(ctext_ex) - 1); + +static int key1(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = + "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; + + static unsigned char dmp1[] = + "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = + "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; + + static unsigned char iqmp[] = + "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = + "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" + "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" + "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" + "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + + SetKey; +} + +static int key2(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" + "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" + "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" + "\x34\x77\xCF"; + + static unsigned char e[] = "\x3"; + + static unsigned char d[] = + "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" + "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" + "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" + "\xE5\xEB"; + + static unsigned char p[] = + "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" + "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + + static unsigned char dmp1[] = + "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" + "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + + static unsigned char dmq1[] = + "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" + "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + + static unsigned char iqmp[] = + "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" + "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + + static unsigned char ctext_ex[] = + "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" + "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" + "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" + "\x62\x51"; + + SetKey; +} + +static int key3(RSA *key, unsigned char *c) +{ + static unsigned char n[] = + "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" + "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" + "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" + "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" + "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" + "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" + "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" + "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" + "\xCB"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = + "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" + "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" + "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" + "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" + "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" + "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" + "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" + "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" + "\xC1"; + + static unsigned char p[] = + "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" + "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" + "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" + "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" + "\x99"; + + static unsigned char q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" + "\x03"; + + static unsigned char dmp1[] = + "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" + "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" + "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" + "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = + "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" + "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" + "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" + "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = + "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" + "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" + "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" + "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" + "\xF7"; + + static unsigned char ctext_ex[] = + "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" + "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" + "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" + "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" + "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" + "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" + "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" + "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + + SetKey; +} + +static int pad_unknown(void) +{ + unsigned long l; + while ((l = ERR_get_error()) != 0) + if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) + return (1); + return (0); +} + +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int main(int argc, char *argv[]) +{ + int err = 0; + int v; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + int n; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + + plen = sizeof(ptext_ex) - 1; + + for (v = 0; v < 6; v++) { + key = RSA_new(); + switch (v % 3) { + case 0: + clen = key1(key, ctext_ex); + break; + case 1: + clen = key2(key, ctext_ex); + break; + case 2: + clen = key3(key, ctext_ex); + break; + } + if (v / 3 >= 1) + key->flags |= RSA_FLAG_NO_CONSTTIME; + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (num != clen) { + printf("PKCS#1 v1.5 encryption failed!\n"); + err = 1; + goto oaep; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("PKCS#1 v1.5 decryption failed!\n"); + err = 1; + } else + printf("PKCS #1 v1.5 encryption/decryption ok\n"); + + oaep: + ERR_clear_error(); + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) { + printf("No OAEP support\n"); + goto next; + } + if (num != clen) { + printf("OAEP encryption failed!\n"); + err = 1; + goto next; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (encrypted data) failed!\n"); + err = 1; + } else if (memcmp(ctext, ctext_ex, num) == 0) + printf("OAEP test vector %d passed!\n", v); + + /* + * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try + * decrypting ctext_ex + */ + + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { + printf("OAEP decryption (test vector data) failed!\n"); + err = 1; + } else + printf("OAEP encryption/decryption ok\n"); + + /* Try decrypting corrupted ciphertexts */ + for (n = 0; n < clen; ++n) { + int b; + unsigned char saved = ctext[n]; + for (b = 0; b < 256; ++b) { + if (b == saved) + continue; + ctext[n] = b; + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + printf("Corrupt data decrypted!\n"); + err = 1; + } + } + } + next: + RSA_free(key); + } + + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + + CRYPTO_mem_leaks_fp(stderr); + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + return err; +} +#endif diff --git a/test/sha1test.c b/test/sha1test.c new file mode 100644 index 0000000000..cc3633dc68 --- /dev/null +++ b/test/sha1test.c @@ -0,0 +1,152 @@ +/* crypto/sha/sha1test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "../e_os.h" +#include <openssl/evp.h> +#include <openssl/sha.h> + +#ifdef CHARSET_EBCDIC +# include <openssl/ebcdic.h> +#endif + +static char *test[] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL, +}; + +static char *ret[] = { + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", +}; + +static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; + +static char *pt(unsigned char *md); +int main(int argc, char *argv[]) +{ + int i, err = 0; + char **P, **R; + static unsigned char buf[1000]; + char *p, *r; + EVP_MD_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + +#ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0], test[0], strlen(test[0])); + ebcdic2ascii(test[1], test[1], strlen(test[1])); +#endif + + EVP_MD_CTX_init(&c); + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL); + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating SHA1 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + + memset(buf, 'a', 1000); +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, 1000); +#endif /* CHARSET_EBCDIC */ + EVP_DigestInit_ex(&c, EVP_sha1(), NULL); + for (i = 0; i < 1000; i++) + EVP_DigestUpdate(&c, buf, 1000); + EVP_DigestFinal_ex(&c, md, NULL); + p = pt(md); + + r = bigret; + if (strcmp(p, r) != 0) { + printf("error calculating SHA1 on 'a' * 1000\n"); + printf("got %s instead of %s\n", p, r); + err++; + } else + printf("test 3 ok\n"); + +#ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +#endif + EXIT(err); + EVP_MD_CTX_cleanup(&c); + return (0); +} + +static char *pt(unsigned char *md) +{ + int i; + static char buf[80]; + + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return (buf); +} diff --git a/test/sha256t.c b/test/sha256t.c new file mode 100644 index 0000000000..0872f346b7 --- /dev/null +++ b/test/sha256t.c @@ -0,0 +1,153 @@ +/* crypto/sha/sha256t.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <openssl/sha.h> +#include <openssl/evp.h> + +unsigned char app_b1[SHA256_DIGEST_LENGTH] = { + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; + +unsigned char app_b2[SHA256_DIGEST_LENGTH] = { + 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, + 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, + 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, + 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 +}; + +unsigned char app_b3[SHA256_DIGEST_LENGTH] = { + 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 +}; + +unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { + 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, + 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, + 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, + 0xe3, 0x6c, 0x9d, 0xa7 +}; + +unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { + 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, + 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, + 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, + 0x52, 0x52, 0x25, 0x25 +}; + +unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, + 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, + 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, + 0x4e, 0xe7, 0xad, 0x67 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA256_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + + fprintf(stdout, "Testing SHA-256 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL); + if (memcmp(md, app_b1, sizeof(app_b1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(), + NULL); + if (memcmp(md, app_b2, sizeof(app_b2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha256(), NULL); + for (i = 0; i < 1000000; i += 288) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_b3, sizeof(app_b3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-224 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL); + if (memcmp(md, addenum_1, sizeof(addenum_1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(), + NULL); + if (memcmp(md, addenum_2, sizeof(addenum_2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha224(), NULL); + for (i = 0; i < 1000000; i += 64) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, addenum_3, sizeof(addenum_3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; +} diff --git a/test/sha512t.c b/test/sha512t.c new file mode 100644 index 0000000000..a4d4b5e80b --- /dev/null +++ b/test/sha512t.c @@ -0,0 +1,187 @@ +/* crypto/sha/sha512t.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <openssl/sha.h> +#include <openssl/evp.h> +#include <openssl/crypto.h> + +unsigned char app_c1[SHA512_DIGEST_LENGTH] = { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; + +unsigned char app_c2[SHA512_DIGEST_LENGTH] = { + 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, + 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, + 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, + 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, + 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, + 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, + 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, + 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 +}; + +unsigned char app_c3[SHA512_DIGEST_LENGTH] = { + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, + 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, + 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, + 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, + 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, + 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, + 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b +}; + +unsigned char app_d1[SHA384_DIGEST_LENGTH] = { + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; + +unsigned char app_d2[SHA384_DIGEST_LENGTH] = { + 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, + 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, + 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, + 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, + 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, + 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 +}; + +unsigned char app_d3[SHA384_DIGEST_LENGTH] = { + 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, + 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, + 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, + 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, + 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, + 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA512_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + +# ifdef OPENSSL_IA32_SSE2 + /* + * Alternative to this is to call OpenSSL_add_all_algorithms... The below + * code is retained exclusively for debugging purposes. + */ + { + char *env; + + if ((env = getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul(env, NULL, 0); + } +# endif + + fprintf(stdout, "Testing SHA-512 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL); + if (memcmp(md, app_c1, sizeof(app_c1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL); + if (memcmp(md, app_c2, sizeof(app_c2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha512(), NULL); + for (i = 0; i < 1000000; i += 288) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_c3, sizeof(app_c3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-384 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL); + if (memcmp(md, app_d1, sizeof(app_d1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL); + if (memcmp(md, app_d2, sizeof(app_d2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha384(), NULL); + for (i = 0; i < 1000000; i += 64) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_d3, sizeof(app_d3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; +} diff --git a/test/srptest.c b/test/srptest.c new file mode 100644 index 0000000000..1d463cd782 --- /dev/null +++ b/test/srptest.c @@ -0,0 +1,154 @@ +#include <openssl/opensslconf.h> +#ifdef OPENSSL_NO_SRP + +# include <stdio.h> + +int main(int argc, char *argv[]) +{ + printf("No SRP support\n"); + return (0); +} + +#else + +# include <openssl/srp.h> +# include <openssl/rand.h> +# include <openssl/err.h> + +static void showbn(const char *name, const BIGNUM *bn) +{ + fputs(name, stdout); + fputs(" = ", stdout); + BN_print_fp(stdout, bn); + putc('\n', stdout); +} + +# define RANDOM_SIZE 32 /* use 256 bits on each side */ + +static int run_srp(const char *username, const char *client_pass, + const char *server_pass) +{ + int ret = -1; + BIGNUM *s = NULL; + BIGNUM *v = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *u = NULL; + BIGNUM *x = NULL; + BIGNUM *Apub = NULL; + BIGNUM *Bpub = NULL; + BIGNUM *Kclient = NULL; + BIGNUM *Kserver = NULL; + unsigned char rand_tmp[RANDOM_SIZE]; + /* use builtin 1024-bit params */ + const SRP_gN *GN = SRP_get_default_gN("1024"); + + if (GN == NULL) { + fprintf(stderr, "Failed to get SRP parameters\n"); + return -1; + } + /* Set up server's password entry */ + if (!SRP_create_verifier_BN(username, server_pass, &s, &v, GN->N, GN->g)) { + fprintf(stderr, "Failed to create SRP verifier\n"); + return -1; + } + + showbn("N", GN->N); + showbn("g", GN->g); + showbn("Salt", s); + showbn("Verifier", v); + + /* Server random */ + RAND_bytes(rand_tmp, sizeof(rand_tmp)); + b = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); + /* TODO - check b != 0 */ + showbn("b", b); + + /* Server's first message */ + Bpub = SRP_Calc_B(b, GN->N, GN->g, v); + showbn("B", Bpub); + + if (!SRP_Verify_B_mod_N(Bpub, GN->N)) { + fprintf(stderr, "Invalid B\n"); + return -1; + } + + /* Client random */ + RAND_bytes(rand_tmp, sizeof(rand_tmp)); + a = BN_bin2bn(rand_tmp, sizeof(rand_tmp), NULL); + /* TODO - check a != 0 */ + showbn("a", a); + + /* Client's response */ + Apub = SRP_Calc_A(a, GN->N, GN->g); + showbn("A", Apub); + + if (!SRP_Verify_A_mod_N(Apub, GN->N)) { + fprintf(stderr, "Invalid A\n"); + return -1; + } + + /* Both sides calculate u */ + u = SRP_Calc_u(Apub, Bpub, GN->N); + + /* Client's key */ + x = SRP_Calc_x(s, username, client_pass); + Kclient = SRP_Calc_client_key(GN->N, Bpub, GN->g, x, a, u); + showbn("Client's key", Kclient); + + /* Server's key */ + Kserver = SRP_Calc_server_key(Apub, v, u, b, GN->N); + showbn("Server's key", Kserver); + + if (BN_cmp(Kclient, Kserver) == 0) { + ret = 0; + } else { + fprintf(stderr, "Keys mismatch\n"); + ret = 1; + } + + BN_clear_free(Kclient); + BN_clear_free(Kserver); + BN_clear_free(x); + BN_free(u); + BN_free(Apub); + BN_clear_free(a); + BN_free(Bpub); + BN_clear_free(b); + BN_free(s); + BN_clear_free(v); + + return ret; +} + +int main(int argc, char **argv) +{ + BIO *bio_err; + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* "Negative" test, expect a mismatch */ + if (run_srp("alice", "password1", "password2") == 0) { + fprintf(stderr, "Mismatched SRP run failed\n"); + return 1; + } + + /* "Positive" test, should pass */ + if (run_srp("alice", "password", "password") != 0) { + fprintf(stderr, "Plain SRP run failed\n"); + return 1; + } + + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + + return 0; +} +#endif diff --git a/test/ssltest.c b/test/ssltest.c new file mode 100644 index 0000000000..508fedd613 --- /dev/null +++ b/test/ssltest.c @@ -0,0 +1,3207 @@ +/* ssl/ssltest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +/* Or gethostname won't be declared properly on Linux and GNU platforms. */ +#define _BSD_SOURCE 1 + +#include <assert.h> +#include <errno.h> +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> + +#define USE_SOCKETS +#include "e_os.h" + +#ifdef OPENSSL_SYS_VMS +/* + * Or isascii won't be declared properly on VMS (at least with DECompHP C). + */ +# define _XOPEN_SOURCE 500 +#endif + +#include <ctype.h> + +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include <openssl/ssl.h> +#ifndef OPENSSL_NO_ENGINE +# include <openssl/engine.h> +#endif +#include <openssl/err.h> +#include <openssl/rand.h> +#ifndef OPENSSL_NO_RSA +# include <openssl/rsa.h> +#endif +#ifndef OPENSSL_NO_DSA +# include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_DH +# include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_SRP +# include <openssl/srp.h> +#endif +#include <openssl/bn.h> + +#include "../ssl/ssl_locl.h" + +/* + * Or gethostname won't be declared properly + * on Compaq platforms (at least with DEC C). + * Do not try to put it earlier, or IPv6 includes + * get screwed... + */ +#define _XOPEN_SOURCE_EXTENDED 1 + +#ifdef OPENSSL_SYS_WINDOWS +# include <winsock.h> +#else +# include OPENSSL_UNISTD +#endif + +#ifdef OPENSSL_SYS_VMS +# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" +# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" +#elif defined(OPENSSL_SYS_WINCE) +# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" +# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" +#elif defined(OPENSSL_SYS_NETWARE) +# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" +# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" +#else +# define TEST_SERVER_CERT "../apps/server.pem" +# define TEST_CLIENT_CERT "../apps/client.pem" +#endif + +/* + * There is really no standard for this, so let's assign some tentative + * numbers. In any case, these numbers are only for this test + */ +#define COMP_RLE 255 +#define COMP_ZLIB 1 + +static int verify_callback(int ok, X509_STORE_CTX *ctx); +#ifndef OPENSSL_NO_RSA +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); +static void free_tmp_rsa(void); +#endif +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); +#define APP_CALLBACK_STRING "Test Callback Argument" +struct app_verify_arg { + char *string; + int app_verify; + int allow_proxy_certs; + char *proxy_auth; + char *proxy_cond; +}; + +#ifndef OPENSSL_NO_DH +static DH *get_dh512(void); +static DH *get_dh1024(void); +static DH *get_dh1024dsa(void); +#endif + +static char *psk_key = NULL; /* by default PSK is not used */ +#ifndef OPENSSL_NO_PSK +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +#endif + +#ifndef OPENSSL_NO_SRP +/* SRP client */ +/* This is a context that we pass to all callbacks */ +typedef struct srp_client_arg_st { + char *srppassin; + char *srplogin; +} SRP_CLIENT_ARG; + +# define PWD_STRLEN 1024 + +static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +{ + SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; + return BUF_strdup((char *)srp_client_arg->srppassin); +} + +/* SRP server */ +/* This is a context that we pass to SRP server callbacks */ +typedef struct srp_server_arg_st { + char *expected_user; + char *pass; +} SRP_SERVER_ARG; + +static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) +{ + SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg; + + if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { + fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); + return SSL3_AL_FATAL; + } + if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + return SSL_ERROR_NONE; +} +#endif + +static BIO *bio_err = NULL; +static BIO *bio_stdout = NULL; + +#ifndef OPENSSL_NO_NEXTPROTONEG +/* Note that this code assumes that this is only a one element list: */ +static const char NEXT_PROTO_STRING[] = "\x09testproto"; +int npn_client = 0; +int npn_server = 0; +int npn_server_reject = 0; + +static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + void *arg) +{ + /* + * This callback only returns the protocol string, rather than a length + * prefixed set. We assume that NEXT_PROTO_STRING is a one element list + * and remove the first byte to chop off the length prefix. + */ + *out = (unsigned char *)NEXT_PROTO_STRING + 1; + *outlen = sizeof(NEXT_PROTO_STRING) - 2; + return SSL_TLSEXT_ERR_OK; +} + +static int cb_server_npn(SSL *s, const unsigned char **data, + unsigned int *len, void *arg) +{ + *data = (const unsigned char *)NEXT_PROTO_STRING; + *len = sizeof(NEXT_PROTO_STRING) - 1; + return SSL_TLSEXT_ERR_OK; +} + +static int cb_server_rejects_npn(SSL *s, const unsigned char **data, + unsigned int *len, void *arg) +{ + return SSL_TLSEXT_ERR_NOACK; +} + +static int verify_npn(SSL *client, SSL *server) +{ + const unsigned char *client_s; + unsigned client_len; + const unsigned char *server_s; + unsigned server_len; + + SSL_get0_next_proto_negotiated(client, &client_s, &client_len); + SSL_get0_next_proto_negotiated(server, &server_s, &server_len); + + if (client_len) { + BIO_printf(bio_stdout, "Client NPN: "); + BIO_write(bio_stdout, client_s, client_len); + BIO_printf(bio_stdout, "\n"); + } + + if (server_len) { + BIO_printf(bio_stdout, "Server NPN: "); + BIO_write(bio_stdout, server_s, server_len); + BIO_printf(bio_stdout, "\n"); + } + + /* + * If an NPN string was returned, it must be the protocol that we + * expected to negotiate. + */ + if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 || + memcmp(client_s, NEXT_PROTO_STRING + 1, client_len))) + return -1; + if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 || + memcmp(server_s, NEXT_PROTO_STRING + 1, server_len))) + return -1; + + if (!npn_client && client_len) + return -1; + if (!npn_server && server_len) + return -1; + if (npn_server_reject && server_len) + return -1; + if (npn_client && npn_server && (!client_len || !server_len)) + return -1; + + return 0; +} +#endif + +static const char *alpn_client; +static const char *alpn_server; +static const char *alpn_expected; +static unsigned char *alpn_selected; + +/*- + * next_protos_parse parses a comma separated list of strings into a string + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. + * outlen: (output) set to the length of the resulting buffer on success. + * err: (maybe NULL) on failure, an error message line is written to this BIO. + * in: a NUL terminated string like "abc,def,ghi" + * + * returns: a malloced buffer or NULL on failure. + */ +static unsigned char *next_protos_parse(unsigned short *outlen, + const char *in) +{ + size_t len; + unsigned char *out; + size_t i, start = 0; + + len = strlen(in); + if (len >= 65535) + return NULL; + + out = OPENSSL_malloc(strlen(in) + 1); + if (!out) + return NULL; + + for (i = 0; i <= len; ++i) { + if (i == len || in[i] == ',') { + if (i - start > 255) { + OPENSSL_free(out); + return NULL; + } + out[start] = i - start; + start = i + 1; + } else + out[i + 1] = in[i]; + } + + *outlen = len + 1; + return out; +} + +static int cb_server_alpn(SSL *s, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + unsigned char *protos; + unsigned short protos_len; + + protos = next_protos_parse(&protos_len, alpn_server); + if (protos == NULL) { + fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", + alpn_server); + abort(); + } + + if (SSL_select_next_proto + ((unsigned char **)out, outlen, protos, protos_len, in, + inlen) != OPENSSL_NPN_NEGOTIATED) { + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_NOACK; + } + + /* + * Make a copy of the selected protocol which will be freed in + * verify_alpn. + */ + alpn_selected = OPENSSL_malloc(*outlen); + memcpy(alpn_selected, *out, *outlen); + *out = alpn_selected; + + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_OK; +} + +static int verify_alpn(SSL *client, SSL *server) +{ + const unsigned char *client_proto, *server_proto; + unsigned int client_proto_len = 0, server_proto_len = 0; + SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); + SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); + + if (alpn_selected != NULL) { + OPENSSL_free(alpn_selected); + alpn_selected = NULL; + } + + if (client_proto_len != server_proto_len || + memcmp(client_proto, server_proto, client_proto_len) != 0) { + BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); + goto err; + } + + if (client_proto_len > 0 && alpn_expected == NULL) { + BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); + goto err; + } + + if (alpn_expected != NULL && + (client_proto_len != strlen(alpn_expected) || + memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { + BIO_printf(bio_stdout, + "ALPN selected protocols not equal to expected protocol: %s\n", + alpn_expected); + goto err; + } + + return 0; + + err: + BIO_printf(bio_stdout, "ALPN results: client: '"); + BIO_write(bio_stdout, client_proto, client_proto_len); + BIO_printf(bio_stdout, "', server: '"); + BIO_write(bio_stdout, server_proto, server_proto_len); + BIO_printf(bio_stdout, "'\n"); + BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", + alpn_client, alpn_server); + return -1; +} + +#define SCT_EXT_TYPE 18 + +/* + * WARNING : below extension types are *NOT* IETF assigned, and could + * conflict if these types are reassigned and handled specially by OpenSSL + * in the future + */ +#define TACK_EXT_TYPE 62208 +#define CUSTOM_EXT_TYPE_0 1000 +#define CUSTOM_EXT_TYPE_1 1001 +#define CUSTOM_EXT_TYPE_2 1002 +#define CUSTOM_EXT_TYPE_3 1003 + +const char custom_ext_cli_string[] = "abc"; +const char custom_ext_srv_string[] = "defg"; + +/* These set from cmdline */ +char *serverinfo_file = NULL; +int serverinfo_sct = 0; +int serverinfo_tack = 0; + +/* These set based on extension callbacks */ +int serverinfo_sct_seen = 0; +int serverinfo_tack_seen = 0; +int serverinfo_other_seen = 0; + +/* This set from cmdline */ +int custom_ext = 0; + +/* This set based on extension callbacks */ +int custom_ext_error = 0; + +static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, size_t inlen, + int *al, void *arg) +{ + if (ext_type == SCT_EXT_TYPE) + serverinfo_sct_seen++; + else if (ext_type == TACK_EXT_TYPE) + serverinfo_tack_seen++; + else + serverinfo_other_seen++; + return 1; +} + +static int verify_serverinfo() +{ + if (serverinfo_sct != serverinfo_sct_seen) + return -1; + if (serverinfo_tack != serverinfo_tack_seen) + return -1; + if (serverinfo_other_seen) + return -1; + return 0; +} + +/*- + * Four test cases for custom extensions: + * 0 - no ClientHello extension or ServerHello response + * 1 - ClientHello with "abc", no response + * 2 - ClientHello with "abc", empty response + * 3 - ClientHello with "abc", "defg" response + */ + +static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_0) + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} + +static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} + +static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} + +static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + if (inlen != 0) + custom_ext_error = 1; /* Should be empty response */ + return 1; +} + +static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} + +static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + if (inlen != strlen(custom_ext_srv_string)) + custom_ext_error = 1; + if (memcmp(custom_ext_srv_string, in, inlen) != 0) + custom_ext_error = 1; /* Check for "defg" */ + return 1; +} + +/* + * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback + * for this extension + */ +static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + custom_ext_error = 1; + return 1; +} + +/* 'add' callbacks are only called if the 'parse' callback is called */ +static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + /* Error: should not have been called */ + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} + +static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + return 0; /* Don't send an extension */ +} + +static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = NULL; + *outlen = 0; + return 1; /* Send empty extension */ +} + +static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} + +static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = (const unsigned char *)custom_ext_srv_string; + *outlen = strlen(custom_ext_srv_string); + return 1; /* Send "defg" */ +} + +static char *cipher = NULL; +static int verbose = 0; +static int debug = 0; +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; + +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, + clock_t *c_time); +int doit(SSL *s_ssl, SSL *c_ssl, long bytes); +static int do_test_cipherlist(void); + +static void sv_usage(void) +{ + fprintf(stderr, "usage: ssltest [args ...]\n"); + fprintf(stderr, "\n"); +#ifdef OPENSSL_FIPS + fprintf(stderr, "-F - run test in FIPS mode\n"); +#endif + fprintf(stderr, " -server_auth - check server certificate\n"); + fprintf(stderr, " -client_auth - do client authentication\n"); + fprintf(stderr, " -proxy - allow proxy certificates\n"); + fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n"); + fprintf(stderr, + " -proxy_cond <val> - expression to test proxy policy rights\n"); + fprintf(stderr, " -v - more output\n"); + fprintf(stderr, " -d - debug output\n"); + fprintf(stderr, " -reuse - use session-id reuse\n"); + fprintf(stderr, " -num <val> - number of connections to perform\n"); + fprintf(stderr, + " -bytes <val> - number of bytes to swap between client/server\n"); +#ifndef OPENSSL_NO_DH + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + fprintf(stderr, + " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, " -no_dhe - disable DHE\n"); +#endif +#ifndef OPENSSL_NO_EC + fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); +#endif +#ifndef OPENSSL_NO_PSK + fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); +#endif +#ifndef OPENSSL_NO_SRP + fprintf(stderr, " -srpuser user - SRP username to use\n"); + fprintf(stderr, " -srppass arg - password for 'user'\n"); +#endif +#ifndef OPENSSL_NO_SSL3_METHOD + fprintf(stderr, " -ssl3 - use SSLv3\n"); +#endif + fprintf(stderr, " -tls1 - use TLSv1\n"); +#ifndef OPENSSL_NO_DTLS + fprintf(stderr, " -dtls1 - use DTLSv1\n"); + fprintf(stderr, " -dtls12 - use DTLSv1.2\n"); +#endif + fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); + fprintf(stderr, " -cert arg - Server certificate file\n"); + fprintf(stderr, + " -key arg - Server key file (default: same as -cert)\n"); + fprintf(stderr, " -c_cert arg - Client certificate file\n"); + fprintf(stderr, + " -c_key arg - Client key file (default: same as -c_cert)\n"); + fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -bio_pair - Use BIO pairs\n"); + fprintf(stderr, " -f - Test even cases that can't work\n"); + fprintf(stderr, + " -time - measure processor time used by client and server\n"); + fprintf(stderr, " -zlib - use zlib compression\n"); + fprintf(stderr, " -rle - use rle compression\n"); +#ifndef OPENSSL_NO_EC + fprintf(stderr, + " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" + " Use \"openssl ecparam -list_curves\" for all names\n" + " (default is sect163r2).\n"); +#endif + fprintf(stderr, + " -test_cipherlist - Verifies the order of the ssl cipher lists.\n" + " When this option is requested, the cipherlist\n" + " tests are run instead of handshake tests.\n"); +#ifndef OPENSSL_NO_NEXTPROTONEG + fprintf(stderr, " -npn_client - have client side offer NPN\n"); + fprintf(stderr, " -npn_server - have server side offer NPN\n"); + fprintf(stderr, " -npn_server_reject - have server reject NPN\n"); +#endif + fprintf(stderr, " -serverinfo_file file - have server use this file\n"); + fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n"); + fprintf(stderr, + " -serverinfo_tack - have client offer and expect TACK\n"); + fprintf(stderr, + " -custom_ext - try various custom extension callbacks\n"); + fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n"); + fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n"); + fprintf(stderr, + " -alpn_expected <string> - the ALPN protocol that should be negotiated\n"); +} + +static void print_key_details(BIO *out, EVP_PKEY *key) +{ + int keyid = EVP_PKEY_id(key); +#ifndef OPENSSL_NO_EC + if (keyid == EVP_PKEY_EC) { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); + int nid; + const char *cname; + nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + cname = EC_curve_nid2nist(nid); + if (!cname) + cname = OBJ_nid2sn(nid); + BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname); + } else +#endif + { + const char *algname; + switch (keyid) { + case EVP_PKEY_RSA: + algname = "RSA"; + break; + case EVP_PKEY_DSA: + algname = "DSA"; + break; + case EVP_PKEY_DH: + algname = "DH"; + break; + default: + algname = OBJ_nid2sn(keyid); + break; + } + BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname); + } +} + +static void print_details(SSL *c_ssl, const char *prefix) +{ + const SSL_CIPHER *ciph; + int mdnid; + X509 *cert; + EVP_PKEY *pkey; + + ciph = SSL_get_current_cipher(c_ssl); + BIO_printf(bio_stdout, "%s%s, cipher %s %s", + prefix, + SSL_get_version(c_ssl), + SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph)); + cert = SSL_get_peer_certificate(c_ssl); + if (cert != NULL) { + pkey = X509_get_pubkey(cert); + if (pkey != NULL) { + BIO_puts(bio_stdout, ", "); + print_key_details(bio_stdout, pkey); + EVP_PKEY_free(pkey); + } + X509_free(cert); + } + if (SSL_get_server_tmp_key(c_ssl, &pkey)) { + BIO_puts(bio_stdout, ", temp key: "); + print_key_details(bio_stdout, pkey); + EVP_PKEY_free(pkey); + } + if (SSL_get_peer_signature_nid(c_ssl, &mdnid)) + BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid)); + BIO_printf(bio_stdout, "\n"); +} + +static void lock_dbg_cb(int mode, int type, const char *file, int line) +{ + static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ + const char *errstr = NULL; + int rw; + + rw = mode & (CRYPTO_READ | CRYPTO_WRITE); + if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) { + errstr = "invalid mode"; + goto err; + } + + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { + errstr = "type out of bounds"; + goto err; + } + + if (mode & CRYPTO_LOCK) { + if (modes[type]) { + errstr = "already locked"; + /* + * must not happen in a single-threaded program (would deadlock) + */ + goto err; + } + + modes[type] = rw; + } else if (mode & CRYPTO_UNLOCK) { + if (!modes[type]) { + errstr = "not locked"; + goto err; + } + + if (modes[type] != rw) { + errstr = (rw == CRYPTO_READ) ? + "CRYPTO_r_unlock on write lock" : + "CRYPTO_w_unlock on read lock"; + } + + modes[type] = 0; + } else { + errstr = "invalid mode"; + goto err; + } + + err: + if (errstr) { + /* we cannot use bio_err here */ + fprintf(stderr, + "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", + errstr, mode, type, file, line); + } +} + +int main(int argc, char *argv[]) +{ + char *CApath = NULL, *CAfile = NULL; + int badop = 0; + int bio_pair = 0; + int force = 0; + int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1; + int client_auth = 0; + int server_auth = 0, i; + struct app_verify_arg app_verify_arg = + { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; + char *server_cert = TEST_SERVER_CERT; + char *server_key = NULL; + char *client_cert = TEST_CLIENT_CERT; + char *client_key = NULL; +#ifndef OPENSSL_NO_EC + char *named_curve = NULL; +#endif + SSL_CTX *s_ctx = NULL; + SSL_CTX *c_ctx = NULL; + const SSL_METHOD *meth = NULL; + SSL *c_ssl, *s_ssl; + int number = 1, reuse = 0; + long bytes = 256L; +#ifndef OPENSSL_NO_DH + DH *dh; + int dhe1024 = 0, dhe1024dsa = 0; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *ecdh = NULL; +#endif +#ifndef OPENSSL_NO_SRP + /* client */ + SRP_CLIENT_ARG srp_client_arg = { NULL, NULL }; + /* server */ + SRP_SERVER_ARG srp_server_arg = { NULL, NULL }; +#endif + int no_dhe = 0; + int no_ecdhe = 0; + int no_psk = 0; + int print_time = 0; + clock_t s_time = 0, c_time = 0; +#ifndef OPENSSL_NO_COMP + int comp = 0; + COMP_METHOD *cm = NULL; + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; +#endif + int test_cipherlist = 0; +#ifdef OPENSSL_FIPS + int fips_mode = 0; +#endif + int no_protocol = 0; + + SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL; + STACK_OF(OPENSSL_STRING) *conf_args = NULL; + const char *arg = NULL, *argn = NULL; + + verbose = 0; + debug = 0; + cipher = 0; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + + CRYPTO_set_locking_callback(lock_dbg_cb); + + /* enable memory leak checking unless explicitly disabled */ + if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) + && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + } else { + /* OPENSSL_DEBUG_MEMORY=off */ + CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); + } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + RAND_seed(rnd_seed, sizeof rnd_seed); + + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + + s_cctx = SSL_CONF_CTX_new(); + c_cctx = SSL_CONF_CTX_new(); + + if (!s_cctx || !c_cctx) { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(s_cctx, + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER); + if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) { + ERR_print_errors(bio_err); + goto end; + } + + SSL_CONF_CTX_set_flags(c_cctx, + SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT); + if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) { + ERR_print_errors(bio_err); + goto end; + } + + argc--; + argv++; + + while (argc >= 1) { + if (!strcmp(*argv, "-F")) { +#ifdef OPENSSL_FIPS + fips_mode = 1; +#else + fprintf(stderr, + "not compiled with FIPS support, so exiting without running.\n"); + EXIT(0); +#endif + } else if (strcmp(*argv, "-server_auth") == 0) + server_auth = 1; + else if (strcmp(*argv, "-client_auth") == 0) + client_auth = 1; + else if (strcmp(*argv, "-proxy_auth") == 0) { + if (--argc < 1) + goto bad; + app_verify_arg.proxy_auth = *(++argv); + } else if (strcmp(*argv, "-proxy_cond") == 0) { + if (--argc < 1) + goto bad; + app_verify_arg.proxy_cond = *(++argv); + } else if (strcmp(*argv, "-v") == 0) + verbose = 1; + else if (strcmp(*argv, "-d") == 0) + debug = 1; + else if (strcmp(*argv, "-reuse") == 0) + reuse = 1; + else if (strcmp(*argv, "-dhe1024") == 0) { +#ifndef OPENSSL_NO_DH + dhe1024 = 1; +#else + fprintf(stderr, + "ignoring -dhe1024, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-dhe1024dsa") == 0) { +#ifndef OPENSSL_NO_DH + dhe1024dsa = 1; +#else + fprintf(stderr, + "ignoring -dhe1024, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-no_dhe") == 0) + no_dhe = 1; + else if (strcmp(*argv, "-no_ecdhe") == 0) + no_ecdhe = 1; + else if (strcmp(*argv, "-psk") == 0) { + if (--argc < 1) + goto bad; + psk_key = *(++argv); +#ifndef OPENSSL_NO_PSK + if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) { + BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); + goto bad; + } +#else + no_psk = 1; +#endif + } +#ifndef OPENSSL_NO_SRP + else if (strcmp(*argv, "-srpuser") == 0) { + if (--argc < 1) + goto bad; + srp_server_arg.expected_user = srp_client_arg.srplogin = + *(++argv); + tls1 = 1; + } else if (strcmp(*argv, "-srppass") == 0) { + if (--argc < 1) + goto bad; + srp_server_arg.pass = srp_client_arg.srppassin = *(++argv); + tls1 = 1; + } +#endif + else if (strcmp(*argv, "-tls1") == 0) { + tls1 = 1; + } else if (strcmp(*argv, "-ssl3") == 0) { +#ifdef OPENSSL_NO_SSL3_METHOD + no_protocol = 1; +#endif + ssl3 = 1; + } else if (strcmp(*argv, "-dtls1") == 0) { +#ifdef OPENSSL_NO_DTLS + no_protocol = 1; +#endif + dtls1 = 1; + } else if (strcmp(*argv, "-dtls12") == 0) { +#ifdef OPENSSL_NO_DTLS + no_protocol = 1; +#endif + dtls12 = 1; + } else if (strncmp(*argv, "-num", 4) == 0) { + if (--argc < 1) + goto bad; + number = atoi(*(++argv)); + if (number == 0) + number = 1; + } else if (strcmp(*argv, "-bytes") == 0) { + if (--argc < 1) + goto bad; + bytes = atol(*(++argv)); + if (bytes == 0L) + bytes = 1L; + i = strlen(argv[0]); + if (argv[0][i - 1] == 'k') + bytes *= 1024L; + if (argv[0][i - 1] == 'm') + bytes *= 1024L * 1024L; + } else if (strcmp(*argv, "-cert") == 0) { + if (--argc < 1) + goto bad; + server_cert = *(++argv); + } else if (strcmp(*argv, "-s_cert") == 0) { + if (--argc < 1) + goto bad; + server_cert = *(++argv); + } else if (strcmp(*argv, "-key") == 0) { + if (--argc < 1) + goto bad; + server_key = *(++argv); + } else if (strcmp(*argv, "-s_key") == 0) { + if (--argc < 1) + goto bad; + server_key = *(++argv); + } else if (strcmp(*argv, "-c_cert") == 0) { + if (--argc < 1) + goto bad; + client_cert = *(++argv); + } else if (strcmp(*argv, "-c_key") == 0) { + if (--argc < 1) + goto bad; + client_key = *(++argv); + } else if (strcmp(*argv, "-cipher") == 0) { + if (--argc < 1) + goto bad; + cipher = *(++argv); + } else if (strcmp(*argv, "-CApath") == 0) { + if (--argc < 1) + goto bad; + CApath = *(++argv); + } else if (strcmp(*argv, "-CAfile") == 0) { + if (--argc < 1) + goto bad; + CAfile = *(++argv); + } else if (strcmp(*argv, "-bio_pair") == 0) { + bio_pair = 1; + } else if (strcmp(*argv, "-f") == 0) { + force = 1; + } else if (strcmp(*argv, "-time") == 0) { + print_time = 1; + } +#ifndef OPENSSL_NO_COMP + else if (strcmp(*argv, "-zlib") == 0) { + comp = COMP_ZLIB; + } else if (strcmp(*argv, "-rle") == 0) { + comp = COMP_RLE; + } +#endif + else if (strcmp(*argv, "-named_curve") == 0) { + if (--argc < 1) + goto bad; +#ifndef OPENSSL_NO_EC + named_curve = *(++argv); +#else + fprintf(stderr, + "ignoring -named_curve, since I'm compiled without ECDH\n"); + ++argv; +#endif + } else if (strcmp(*argv, "-app_verify") == 0) { + app_verify_arg.app_verify = 1; + } else if (strcmp(*argv, "-proxy") == 0) { + app_verify_arg.allow_proxy_certs = 1; + } else if (strcmp(*argv, "-test_cipherlist") == 0) { + test_cipherlist = 1; + } +#ifndef OPENSSL_NO_NEXTPROTONEG + else if (strcmp(*argv, "-npn_client") == 0) { + npn_client = 1; + } else if (strcmp(*argv, "-npn_server") == 0) { + npn_server = 1; + } else if (strcmp(*argv, "-npn_server_reject") == 0) { + npn_server_reject = 1; + } +#endif + else if (strcmp(*argv, "-serverinfo_sct") == 0) { + serverinfo_sct = 1; + } else if (strcmp(*argv, "-serverinfo_tack") == 0) { + serverinfo_tack = 1; + } else if (strcmp(*argv, "-serverinfo_file") == 0) { + if (--argc < 1) + goto bad; + serverinfo_file = *(++argv); + } else if (strcmp(*argv, "-custom_ext") == 0) { + custom_ext = 1; + } else if (strcmp(*argv, "-alpn_client") == 0) { + if (--argc < 1) + goto bad; + alpn_client = *(++argv); + } else if (strcmp(*argv, "-alpn_server") == 0) { + if (--argc < 1) + goto bad; + alpn_server = *(++argv); + } else if (strcmp(*argv, "-alpn_expected") == 0) { + if (--argc < 1) + goto bad; + alpn_expected = *(++argv); + } else { + int rv; + arg = argv[0]; + argn = argv[1]; + /* Try to process command using SSL_CONF */ + rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv); + /* If not processed try server */ + if (rv == 0) + rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv); + /* Recognised: store it for later use */ + if (rv > 0) { + if (rv == 1) + argn = NULL; + if (!conf_args) { + conf_args = sk_OPENSSL_STRING_new_null(); + if (!conf_args) + goto end; + } + if (!sk_OPENSSL_STRING_push(conf_args, arg)) + goto end; + if (!sk_OPENSSL_STRING_push(conf_args, argn)) + goto end; + continue; + } + if (rv == -3) + BIO_printf(bio_err, "Missing argument for %s\n", arg); + else if (rv < 0) + BIO_printf(bio_err, "Error with command %s\n", arg); + else if (rv == 0) + BIO_printf(bio_err, "unknown option %s\n", arg); + badop = 1; + break; + } + argc--; + argv++; + } + if (badop) { + bad: + sv_usage(); + goto end; + } + + /* + * test_cipherlist prevails over protocol switch: we test the cipherlist + * for all enabled protocols. + */ + if (test_cipherlist == 1) { + /* + * ensure that the cipher list are correctly sorted and exit + */ + fprintf(stdout, "Testing cipherlist order only. Ignoring all " + "other options.\n"); + if (do_test_cipherlist() == 0) + EXIT(1); + ret = 0; + goto end; + } + + if (ssl3 + tls1 + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should " + "be requested.\n"); + EXIT(1); + } + + /* + * Testing was requested for a compiled-out protocol (e.g. SSLv3). + * Ideally, we would error out, but the generic test wrapper can't know + * when to expect failure. So we do nothing and return success. + */ + if (no_protocol) { + fprintf(stderr, "Testing was requested for a disabled protocol. " + "Skipping tests.\n"); + ret = 0; + goto end; + } + + if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + fprintf(stderr, "This case cannot work. Use -f to perform " + "the test anyway (and\n-d to see what happens), " + "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n" + "to avoid protocol mismatch.\n"); + EXIT(1); + } +#ifdef OPENSSL_FIPS + if (fips_mode) { + if (!FIPS_mode_set(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); + EXIT(1); + } else + fprintf(stderr, "*** IN FIPS MODE ***\n"); + } +#endif + + if (print_time) { + if (!bio_pair) { + fprintf(stderr, "Using BIO pair (-bio_pair)\n"); + bio_pair = 1; + } + if (number < 50 && !force) + fprintf(stderr, + "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); + } + +/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ + + SSL_library_init(); + SSL_load_error_strings(); + +#ifndef OPENSSL_NO_COMP + if (comp == COMP_ZLIB) + cm = COMP_zlib(); + if (comp == COMP_RLE) + cm = COMP_rle(); + if (cm != NULL) { + if (cm->type != NID_undef) { + if (SSL_COMP_add_compression_method(comp, cm) != 0) { + fprintf(stderr, "Failed to add compression method\n"); + ERR_print_errors_fp(stderr); + } + } else { + fprintf(stderr, + "Warning: %s compression not supported\n", + (comp == COMP_RLE ? "rle" : + (comp == COMP_ZLIB ? "zlib" : "unknown"))); + ERR_print_errors_fp(stderr); + } + } + ssl_comp_methods = SSL_COMP_get_compression_methods(); + fprintf(stderr, "Available compression methods:\n"); + { + int j, n = sk_SSL_COMP_num(ssl_comp_methods); + if (n == 0) + fprintf(stderr, " NONE\n"); + else + for (j = 0; j < n; j++) { + SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); + fprintf(stderr, " %d: %s\n", c->id, c->name); + } + } +#endif + + /* + * At this point, ssl3/tls1 is only set if the protocol is available. + * (Otherwise we exit early.) However the compiler doesn't know this, so + * we ifdef. + */ +#ifndef OPENSSL_NO_SSL3 + if (ssl3) + meth = SSLv3_method(); + else +#endif +#ifndef OPENSSL_NO_DTLS + if (dtls1) + meth = DTLSv1_method(); + else if (dtls12) + meth = DTLSv1_2_method(); + else +#endif + if (tls1) + meth = TLSv1_method(); + else + meth = SSLv23_method(); + + c_ctx = SSL_CTX_new(meth); + s_ctx = SSL_CTX_new(meth); + if ((c_ctx == NULL) || (s_ctx == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + /* + * Since we will use low security ciphersuites and keys for testing set + * security level to zero. + */ + SSL_CTX_set_security_level(c_ctx, 0); + SSL_CTX_set_security_level(s_ctx, 0); + + if (cipher != NULL) { + if(!SSL_CTX_set_cipher_list(c_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx, cipher)) { + ERR_print_errors(bio_err); + goto end; + } + } + + /* Process SSL_CONF arguments */ + SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx); + SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx); + + for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) { + int rv; + arg = sk_OPENSSL_STRING_value(conf_args, i); + argn = sk_OPENSSL_STRING_value(conf_args, i + 1); + rv = SSL_CONF_cmd(c_cctx, arg, argn); + /* If not recognised use server context */ + if (rv == -2) + rv = SSL_CONF_cmd(s_cctx, arg, argn); + if (rv <= 0) { + BIO_printf(bio_err, "Error processing %s %s\n", + arg, argn ? argn : ""); + ERR_print_errors(bio_err); + goto end; + } + } + + if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx)) { + BIO_puts(bio_err, "Error finishing context\n"); + ERR_print_errors(bio_err); + goto end; + } +#ifndef OPENSSL_NO_DH + if (!no_dhe) { + if (dhe1024dsa) { + /* + * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks + */ + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); + dh = get_dh1024dsa(); + } else if (dhe1024) + dh = get_dh1024(); + else + dh = get_dh512(); + SSL_CTX_set_tmp_dh(s_ctx, dh); + DH_free(dh); + } +#else + (void)no_dhe; +#endif + +#ifndef OPENSSL_NO_EC + if (!no_ecdhe) { + int nid; + + if (named_curve != NULL) { + nid = OBJ_sn2nid(named_curve); + if (nid == 0) { + BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); + goto end; + } + } else +# ifdef OPENSSL_NO_EC2M + nid = NID_X9_62_prime256v1; +# else + nid = NID_sect163r2; +# endif + + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) { + BIO_printf(bio_err, "unable to create curve\n"); + goto end; + } + + SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); + SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); + EC_KEY_free(ecdh); + } +#else + (void)no_ecdhe; +#endif + +#ifndef OPENSSL_NO_RSA + SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); +#endif + + if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { + ERR_print_errors(bio_err); + } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, + (server_key ? server_key : + server_cert), + SSL_FILETYPE_PEM)) { + ERR_print_errors(bio_err); + goto end; + } + + if (client_auth) { + if(!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM) + || !SSL_CTX_use_PrivateKey_file(c_ctx, + (client_key ? client_key : client_cert), + SSL_FILETYPE_PEM)) { + ERR_print_errors(bio_err); + goto end; + } + } + + if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(s_ctx)) || + (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || + (!SSL_CTX_set_default_verify_paths(c_ctx))) { + /* fprintf(stderr,"SSL_load_verify_locations\n"); */ + ERR_print_errors(bio_err); + /* goto end; */ + } + + if (client_auth) { + BIO_printf(bio_err, "client authentication\n"); + SSL_CTX_set_verify(s_ctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_callback); + SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, + &app_verify_arg); + } + if (server_auth) { + BIO_printf(bio_err, "server authentication\n"); + SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback); + SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, + &app_verify_arg); + } + + { + int session_id_context = 0; + if(!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, + sizeof session_id_context)) { + ERR_print_errors(bio_err); + goto end; + } + } + + /* Use PSK only if PSK key is given */ + if (psk_key != NULL) { + /* + * no_psk is used to avoid putting psk command to openssl tool + */ + if (no_psk) { + /* + * if PSK is not compiled in and psk key is given, do nothing and + * exit successfully + */ + ret = 0; + goto end; + } +#ifndef OPENSSL_NO_PSK + SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); + SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); + if (debug) + BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n"); + if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) { + BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n"); + ERR_print_errors(bio_err); + goto end; + } +#endif + } +#ifndef OPENSSL_NO_SRP + if (srp_client_arg.srplogin) { + if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) { + BIO_printf(bio_err, "Unable to set SRP username\n"); + goto end; + } + SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg); + SSL_CTX_set_srp_client_pwd_callback(c_ctx, + ssl_give_srp_client_pwd_cb); + /* + * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength); + */ + } + + if (srp_server_arg.expected_user != NULL) { + SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback); + SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); + SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); + } +#endif + +#ifndef OPENSSL_NO_NEXTPROTONEG + if (npn_client) { + SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL); + } + if (npn_server) { + if (npn_server_reject) { + BIO_printf(bio_err, + "Can't have both -npn_server and -npn_server_reject\n"); + goto end; + } + SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL); + } + if (npn_server_reject) { + SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, + NULL); + } +#endif + + if (serverinfo_sct) { + if(!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE, + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { + BIO_printf(bio_err, "Error adding SCT extension\n"); + goto end; + } + } + if (serverinfo_tack) { + if(!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE, + NULL, NULL, NULL, + serverinfo_cli_parse_cb, NULL)) { + BIO_printf(bio_err, "Error adding TACK extension\n"); + goto end; + } + } + if (serverinfo_file) + if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) { + BIO_printf(bio_err, "missing serverinfo file\n"); + goto end; + } + + if (custom_ext) { + if(!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, + custom_ext_0_cli_add_cb, + NULL, NULL, + custom_ext_0_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1, + custom_ext_1_cli_add_cb, + NULL, NULL, + custom_ext_1_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2, + custom_ext_2_cli_add_cb, + NULL, NULL, + custom_ext_2_cli_parse_cb, NULL) + || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3, + custom_ext_3_cli_add_cb, + NULL, NULL, + custom_ext_3_cli_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0, + custom_ext_0_srv_add_cb, + NULL, NULL, + custom_ext_0_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1, + custom_ext_1_srv_add_cb, + NULL, NULL, + custom_ext_1_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2, + custom_ext_2_srv_add_cb, + NULL, NULL, + custom_ext_2_srv_parse_cb, NULL) + || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3, + custom_ext_3_srv_add_cb, + NULL, NULL, + custom_ext_3_srv_parse_cb, NULL)) { + BIO_printf(bio_err, "Error setting custom extensions\n"); + goto end; + } + } + + if (alpn_server) + SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL); + + if (alpn_client) { + unsigned short alpn_len; + unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client); + + if (alpn == NULL) { + BIO_printf(bio_err, "Error parsing -alpn_client argument\n"); + goto end; + } + /* Returns 0 on success!! */ + if(SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) { + BIO_printf(bio_err, "Error setting ALPN\n"); + OPENSSL_free(alpn); + goto end; + } + OPENSSL_free(alpn); + } + + c_ssl = SSL_new(c_ctx); + s_ssl = SSL_new(s_ctx); + +#ifndef OPENSSL_NO_KRB5 + if (c_ssl && c_ssl->kssl_ctx) { + char localhost[MAXHOSTNAMELEN + 2]; + + if (gethostname(localhost, sizeof localhost - 1) == 0) { + localhost[sizeof localhost - 1] = '\0'; + if (strlen(localhost) == sizeof localhost - 1) { + BIO_printf(bio_err, "localhost name too long\n"); + goto end; + } + kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); + } + } +#endif /* OPENSSL_NO_KRB5 */ + + for (i = 0; i < number; i++) { + if (!reuse) { + if(!SSL_set_session(c_ssl, NULL)) { + BIO_printf(bio_err, "Failed to set session\n"); + goto end; + } + } + if (bio_pair) + ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); + else + ret = doit(s_ssl, c_ssl, bytes); + if (ret) break; + } + + if (!verbose) { + print_details(c_ssl, ""); + } + if ((i > 1) || (bytes > 1L)) + BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", i, + bytes); + if (print_time) { +#ifdef CLOCKS_PER_SEC + /* + * "To determine the time in seconds, the value returned by the clock + * function should be divided by the value of the macro + * CLOCKS_PER_SEC." -- ISO/IEC 9899 + */ + BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" + "Approximate total client time: %6.2f s\n", + (double)s_time / CLOCKS_PER_SEC, + (double)c_time / CLOCKS_PER_SEC); +#else + BIO_printf(bio_stdout, + "Approximate total server time: %6.2f units\n" + "Approximate total client time: %6.2f units\n", + (double)s_time, (double)c_time); +#endif + } + + SSL_free(s_ssl); + SSL_free(c_ssl); + + end: + if (s_ctx != NULL) + SSL_CTX_free(s_ctx); + if (c_ctx != NULL) + SSL_CTX_free(c_ctx); + + if (s_cctx) + SSL_CONF_CTX_free(s_cctx); + if (c_cctx) + SSL_CONF_CTX_free(c_cctx); + sk_OPENSSL_STRING_free(conf_args); + + BIO_free(bio_stdout); + +#ifndef OPENSSL_NO_RSA + free_tmp_rsa(); +#endif +#ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); +#endif + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_mem_leaks(bio_err); + BIO_free(bio_err); + EXIT(ret); +} + +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, + clock_t *s_time, clock_t *c_time) +{ + long cw_num = count, cr_num = count, sw_num = count, sr_num = count; + BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; + BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; + int ret = 1; + + size_t bufsiz = 256; /* small buffer for testing */ + + if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) + goto err; + if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) + goto err; + + s_ssl_bio = BIO_new(BIO_f_ssl()); + if (!s_ssl_bio) + goto err; + + c_ssl_bio = BIO_new(BIO_f_ssl()); + if (!c_ssl_bio) + goto err; + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl, client, client); + (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl, server, server); + (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); + + do { + /*- + * c_ssl_bio: SSL filter BIO + * + * client: pseudo-I/O for SSL library + * + * client_io: client's SSL communication; usually to be + * relayed over some I/O facility, but in this + * test program, we're the server, too: + * + * server_io: server's SSL communication + * + * server: pseudo-I/O for SSL library + * + * s_ssl_bio: SSL filter BIO + * + * The client and the server each employ a "BIO pair": + * client + client_io, server + server_io. + * BIO pairs are symmetric. A BIO pair behaves similar + * to a non-blocking socketpair (but both endpoints must + * be handled by the same thread). + * [Here we could connect client and server to the ends + * of a single BIO pair, but then this code would be less + * suitable as an example for BIO pairs in general.] + * + * Useful functions for querying the state of BIO pair endpoints: + * + * BIO_ctrl_pending(bio) number of bytes we can read now + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * other side's read attempt + * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now + * + * ..._read_request is never more than ..._write_guarantee; + * it depends on the application which one you should use. + */ + + /* + * We have non-blocking behaviour throughout this test program, but + * can be sure that there is *some* progress in each iteration; so we + * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE -- + * we just try everything in each iteration + */ + + { + /* CLIENT */ + + char cbuf[1024 * 8]; + int i, r; + clock_t c_clock = clock(); + + memset(cbuf, 0, sizeof(cbuf)); + + if (debug) + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); + + if (cw_num > 0) { + /* Write to server. */ + + if (cw_num > (long)sizeof cbuf) + i = sizeof cbuf; + else + i = (int)cw_num; + r = BIO_write(c_ssl_bio, cbuf, i); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + goto err; + } + /* + * BIO_should_retry(...) can just be ignored here. The + * library expects us to call BIO_write with the same + * arguments again, and that's what we will do in the + * next iteration. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client wrote %d\n", r); + cw_num -= r; + } + } + + if (cr_num > 0) { + /* Read from server. */ + + r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); + if (r < 0) { + if (!BIO_should_retry(c_ssl_bio)) { + fprintf(stderr, "ERROR in CLIENT\n"); + goto err; + } + /* + * Again, "BIO_should_retry" can be ignored. + */ + } else if (r == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client read %d\n", r); + cr_num -= r; + } + } + + /* + * c_time and s_time increments will typically be very small + * (depending on machine speed and clock tick intervals), but + * sampling over a large number of connections should result in + * fairly accurate figures. We cannot guarantee a lot, however + * -- if each connection lasts for exactly one clock tick, it + * will be counted only for the client or only for the server or + * even not at all. + */ + *c_time += (clock() - c_clock); + } + + { + /* SERVER */ + + char sbuf[1024 * 8]; + int i, r; + clock_t s_clock = clock(); + + memset(sbuf, 0, sizeof(sbuf)); + + if (debug) + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); + + if (sw_num > 0) { + /* Write to client. */ + + if (sw_num > (long)sizeof sbuf) + i = sizeof sbuf; + else + i = (int)sw_num; + r = BIO_write(s_ssl_bio, sbuf, i); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + goto err; + } + /* Ignore "BIO_should_retry". */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server wrote %d\n", r); + sw_num -= r; + } + } + + if (sr_num > 0) { + /* Read from client. */ + + r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); + if (r < 0) { + if (!BIO_should_retry(s_ssl_bio)) { + fprintf(stderr, "ERROR in SERVER\n"); + goto err; + } + /* blah, blah */ + } else if (r == 0) { + fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("server read %d\n", r); + sr_num -= r; + } + } + + *s_time += (clock() - s_clock); + } + + { + /* "I/O" BETWEEN CLIENT AND SERVER. */ + + size_t r1, r2; + BIO *io1 = server_io, *io2 = client_io; + /* + * we use the non-copying interface for io1 and the standard + * BIO_write/BIO_read interface for io2 + */ + + static int prev_progress = 1; + int progress = 0; + + /* io1 to io2 */ + do { + size_t num; + int r; + + r1 = BIO_ctrl_pending(io1); + r2 = BIO_ctrl_get_write_guarantee(io2); + + num = r1; + if (r2 < num) + num = r2; + if (num) { + char *dataptr; + + if (INT_MAX < num) /* yeah, right */ + num = INT_MAX; + + r = BIO_nread(io1, &dataptr, (int)num); + assert(r > 0); + assert(r <= (int)num); + /* + * possibly r < num (non-contiguous data) + */ + num = r; + r = BIO_write(io2, dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_write could not write " + "BIO_ctrl_get_write_guarantee() bytes"); + goto err; + } + progress = 1; + + if (debug) + printf((io1 == client_io) ? + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", (int)num); + } + } + while (r1 && r2); + + /* io2 to io1 */ + { + size_t num; + int r; + + r1 = BIO_ctrl_pending(io2); + r2 = BIO_ctrl_get_read_request(io1); + /* + * here we could use ..._get_write_guarantee instead of + * ..._get_read_request, but by using the latter we test + * restartability of the SSL implementation more thoroughly + */ + num = r1; + if (r2 < num) + num = r2; + if (num) { + char *dataptr; + + if (INT_MAX < num) + num = INT_MAX; + + if (num > 1) + --num; /* test restartability even more thoroughly */ + + r = BIO_nwrite0(io1, &dataptr); + assert(r > 0); + if (r < (int)num) + num = r; + r = BIO_read(io2, dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_read could not read " + "BIO_ctrl_pending() bytes"); + goto err; + } + progress = 1; + r = BIO_nwrite(io1, &dataptr, (int)num); + if (r != (int)num) { /* can't happen */ + fprintf(stderr, "ERROR: BIO_nwrite() did not accept " + "BIO_nwrite0() bytes"); + goto err; + } + + if (debug) + printf((io2 == client_io) ? + "C->S relaying: %d bytes\n" : + "S->C relaying: %d bytes\n", (int)num); + } + } /* no loop, BIO_ctrl_get_read_request now + * returns 0 anyway */ + + if (!progress && !prev_progress) + if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { + fprintf(stderr, "ERROR: got stuck\n"); + fprintf(stderr, " ERROR.\n"); + goto err; + } + prev_progress = progress; + } + } + while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); + + if (verbose) + print_details(c_ssl, "DONE via BIO pair: "); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (verify_npn(c_ssl, s_ssl) < 0) { + ret = 1; + goto end; + } +#endif + if (verify_serverinfo() < 0) { + fprintf(stderr, "Server info verify error\n"); + ret = 1; + goto err; + } + if (verify_alpn(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } + + if (custom_ext_error) { + fprintf(stderr, "Custom extension error\n"); + ret = 1; + goto err; + } + + end: + ret = 0; + + err: + ERR_print_errors(bio_err); + + BIO_free(server); + BIO_free(server_io); + BIO_free(client); + BIO_free(client_io); + BIO_free(s_ssl_bio); + BIO_free(c_ssl_bio); + + return ret; +} + +#define W_READ 1 +#define W_WRITE 2 +#define C_DONE 1 +#define S_DONE 2 + +int doit(SSL *s_ssl, SSL *c_ssl, long count) +{ + char *cbuf = NULL, *sbuf = NULL; + long bufsiz; + long cw_num = count, cr_num = count; + long sw_num = count, sr_num = count; + int ret = 1; + BIO *c_to_s = NULL; + BIO *s_to_c = NULL; + BIO *c_bio = NULL; + BIO *s_bio = NULL; + int c_r, c_w, s_r, s_w; + int i, j; + int done = 0; + int c_write, s_write; + int do_server = 0, do_client = 0; + int max_frag = 5 * 1024; + + bufsiz = count > 40 * 1024 ? 40 * 1024 : count; + + if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL) + goto err; + if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL) + goto err; + + memset(cbuf, 0, bufsiz); + memset(sbuf, 0, bufsiz); + + c_to_s = BIO_new(BIO_s_mem()); + s_to_c = BIO_new(BIO_s_mem()); + if ((s_to_c == NULL) || (c_to_s == NULL)) { + ERR_print_errors(bio_err); + goto err; + } + + c_bio = BIO_new(BIO_f_ssl()); + s_bio = BIO_new(BIO_f_ssl()); + if ((c_bio == NULL) || (s_bio == NULL)) { + ERR_print_errors(bio_err); + goto err; + } + + SSL_set_connect_state(c_ssl); + SSL_set_bio(c_ssl, s_to_c, c_to_s); + SSL_set_max_send_fragment(c_ssl, max_frag); + BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE); + + SSL_set_accept_state(s_ssl); + SSL_set_bio(s_ssl, c_to_s, s_to_c); + SSL_set_max_send_fragment(s_ssl, max_frag); + BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE); + + c_r = 0; + s_r = 1; + c_w = 1; + s_w = 0; + c_write = 1, s_write = 0; + + /* We can always do writes */ + for (;;) { + do_server = 0; + do_client = 0; + + i = (int)BIO_pending(s_bio); + if ((i && s_r) || s_w) + do_server = 1; + + i = (int)BIO_pending(c_bio); + if ((i && c_r) || c_w) + do_client = 1; + + if (do_server && debug) { + if (SSL_in_init(s_ssl)) + printf("server waiting in SSL_accept - %s\n", + SSL_state_string_long(s_ssl)); +/*- + else if (s_write) + printf("server:SSL_write()\n"); + else + printf("server:SSL_read()\n"); */ + } + + if (do_client && debug) { + if (SSL_in_init(c_ssl)) + printf("client waiting in SSL_connect - %s\n", + SSL_state_string_long(c_ssl)); +/*- + else if (c_write) + printf("client:SSL_write()\n"); + else + printf("client:SSL_read()\n"); */ + } + + if (!do_client && !do_server) { + fprintf(stdout, "ERROR IN STARTUP\n"); + ERR_print_errors(bio_err); + goto err; + } + if (do_client && !(done & C_DONE)) { + if (c_write) { + j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num; + i = BIO_write(c_bio, cbuf, j); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { + if (BIO_should_read(c_bio)) + c_r = 1; + if (BIO_should_write(c_bio)) + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client wrote %d\n", i); + /* ok */ + s_r = 1; + c_write = 0; + cw_num -= i; + if (max_frag > 1029) + SSL_set_max_send_fragment(c_ssl, max_frag -= 5); + } + } else { + i = BIO_read(c_bio, cbuf, bufsiz); + if (i < 0) { + c_r = 0; + c_w = 0; + if (BIO_should_retry(c_bio)) { + if (BIO_should_read(c_bio)) + c_r = 1; + if (BIO_should_write(c_bio)) + c_w = 1; + } else { + fprintf(stderr, "ERROR in CLIENT\n"); + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); + goto err; + } else { + if (debug) + printf("client read %d\n", i); + cr_num -= i; + if (sw_num > 0) { + s_write = 1; + s_w = 1; + } + if (cr_num <= 0) { + s_write = 1; + s_w = 1; + done = S_DONE | C_DONE; + } + } + } + } + + if (do_server && !(done & S_DONE)) { + if (!s_write) { + i = BIO_read(s_bio, sbuf, bufsiz); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { + if (BIO_should_read(s_bio)) + s_r = 1; + if (BIO_should_write(s_bio)) + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + ERR_print_errors(bio_err); + fprintf(stderr, + "SSL SERVER STARTUP FAILED in SSL_read\n"); + goto err; + } else { + if (debug) + printf("server read %d\n", i); + sr_num -= i; + if (cw_num > 0) { + c_write = 1; + c_w = 1; + } + if (sr_num <= 0) { + s_write = 1; + s_w = 1; + c_write = 0; + } + } + } else { + j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num; + i = BIO_write(s_bio, sbuf, j); + if (i < 0) { + s_r = 0; + s_w = 0; + if (BIO_should_retry(s_bio)) { + if (BIO_should_read(s_bio)) + s_r = 1; + if (BIO_should_write(s_bio)) + s_w = 1; + } else { + fprintf(stderr, "ERROR in SERVER\n"); + ERR_print_errors(bio_err); + goto err; + } + } else if (i == 0) { + ERR_print_errors(bio_err); + fprintf(stderr, + "SSL SERVER STARTUP FAILED in SSL_write\n"); + goto err; + } else { + if (debug) + printf("server wrote %d\n", i); + sw_num -= i; + s_write = 0; + c_r = 1; + if (sw_num <= 0) + done |= S_DONE; + if (max_frag > 1029) + SSL_set_max_send_fragment(s_ssl, max_frag -= 5); + } + } + } + + if ((done & S_DONE) && (done & C_DONE)) + break; + } + + if (verbose) + print_details(c_ssl, "DONE: "); +#ifndef OPENSSL_NO_NEXTPROTONEG + if (verify_npn(c_ssl, s_ssl) < 0) { + ret = 1; + goto err; + } +#endif + if (verify_serverinfo() < 0) { + fprintf(stderr, "Server info verify error\n"); + ret = 1; + goto err; + } + if (custom_ext_error) { + fprintf(stderr, "Custom extension error\n"); + ret = 1; + goto err; + } + ret = 0; + err: + /* + * We have to set the BIO's to NULL otherwise they will be + * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again + * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and + * c_ssl are sharing the same BIO structure and SSL_set_bio() and + * SSL_free() automatically BIO_free non NULL entries. You should not + * normally do this or be required to do this + */ + if (s_ssl != NULL) { + s_ssl->rbio = NULL; + s_ssl->wbio = NULL; + } + if (c_ssl != NULL) { + c_ssl->rbio = NULL; + c_ssl->wbio = NULL; + } + + BIO_free(c_to_s); + BIO_free(s_to_c); + BIO_free_all(c_bio); + BIO_free_all(s_bio); + + if (cbuf) + OPENSSL_free(cbuf); + if (sbuf) + OPENSSL_free(sbuf); + + return (ret); +} + +static int get_proxy_auth_ex_data_idx(void) +{ + static volatile int idx = -1; + if (idx < 0) { + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + if (idx < 0) { + idx = X509_STORE_CTX_get_ex_new_index(0, + "SSLtest for verify callback", + NULL, NULL, NULL); + } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + } + return idx; +} + +static int verify_callback(int ok, X509_STORE_CTX *ctx) +{ + char *s, buf[256]; + + s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, + sizeof buf); + if (s != NULL) { + if (ok) + fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf); + else { + fprintf(stderr, "depth=%d error=%d %s\n", + ctx->error_depth, ctx->error, buf); + } + } + + if (ok == 0) { + fprintf(stderr, "Error string: %s\n", + X509_verify_cert_error_string(ctx->error)); + switch (ctx->error) { + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + fprintf(stderr, " ... ignored.\n"); + ok = 1; + } + } + + if (ok == 1) { + X509 *xs = ctx->current_cert; + if (xs->ex_flags & EXFLAG_PROXY) { + unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx + ()); + + if (letters) { + int found_any = 0; + int i; + PROXY_CERT_INFO_EXTENSION *pci = + X509_get_ext_d2i(xs, NID_proxyCertInfo, + NULL, NULL); + + switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { + case NID_Independent: + /* + * Completely meaningless in this program, as there's no + * way to grant explicit rights to a specific PrC. + * Basically, using id-ppl-Independent is the perfect way + * to grant no rights at all. + */ + fprintf(stderr, " Independent proxy certificate"); + for (i = 0; i < 26; i++) + letters[i] = 0; + break; + case NID_id_ppl_inheritAll: + /* + * This is basically a NOP, we simply let the current + * rights stand as they are. + */ + fprintf(stderr, " Proxy certificate inherits all"); + break; + default: + s = (char *) + pci->proxyPolicy->policy->data; + i = pci->proxyPolicy->policy->length; + + /* + * The algorithm works as follows: it is assumed that + * previous iterations or the initial granted rights has + * already set some elements of `letters'. What we need + * to do is to clear those that weren't granted by the + * current PrC as well. The easiest way to do this is to + * add 1 to all the elements whose letters are given with + * the current policy. That way, all elements that are + * set by the current policy and were already set by + * earlier policies and through the original grant of + * rights will get the value 2 or higher. The last thing + * to do is to sweep through `letters' and keep the + * elements having the value 2 as set, and clear all the + * others. + */ + + fprintf(stderr, " Certificate proxy rights = %*.*s", i, + i, s); + while (i-- > 0) { + int c = *s++; + if (isascii(c) && isalpha(c)) { + if (islower(c)) + c = toupper(c); + letters[c - 'A']++; + } + } + for (i = 0; i < 26; i++) + if (letters[i] < 2) + letters[i] = 0; + else + letters[i] = 1; + } + + found_any = 0; + fprintf(stderr, ", resulting proxy rights = "); + for (i = 0; i < 26; i++) + if (letters[i]) { + fprintf(stderr, "%c", i + 'A'); + found_any = 1; + } + if (!found_any) + fprintf(stderr, "none"); + fprintf(stderr, "\n"); + + PROXY_CERT_INFO_EXTENSION_free(pci); + } + } + } + + return (ok); +} + +static void process_proxy_debug(int indent, const char *format, ...) +{ + /* That's 80 > */ + static const char indentation[] = + ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" + ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; + char my_format[256]; + va_list args; + + BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s", + indent, indent, indentation, format); + + va_start(args, format); + vfprintf(stderr, my_format, args); + va_end(args); +} + +/*- + * Priority levels: + * 0 [!]var, () + * 1 & ^ + * 2 | + */ +static int process_proxy_cond_adders(unsigned int letters[26], + const char *cond, const char **cond_end, + int *pos, int indent); +static int process_proxy_cond_val(unsigned int letters[26], const char *cond, + const char **cond_end, int *pos, int indent) +{ + int c; + int ok = 1; + int negate = 0; + + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } + c = *cond; + + if (debug) + process_proxy_debug(indent, + "Start process_proxy_cond_val at position %d: %s\n", + *pos, cond); + + while (c == '!') { + negate = !negate; + cond++; + (*pos)++; + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } + c = *cond; + } + + if (c == '(') { + cond++; + (*pos)++; + ok = process_proxy_cond_adders(letters, cond, cond_end, pos, + indent + 1); + cond = *cond_end; + if (ok < 0) + goto end; + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } + c = *cond; + if (c != ')') { + fprintf(stderr, + "Weird condition character in position %d: " + "%c\n", *pos, c); + ok = -1; + goto end; + } + cond++; + (*pos)++; + } else if (isascii(c) && isalpha(c)) { + if (islower(c)) + c = toupper(c); + ok = letters[c - 'A']; + cond++; + (*pos)++; + } else { + fprintf(stderr, + "Weird condition character in position %d: " "%c\n", *pos, c); + ok = -1; + goto end; + } + end: + *cond_end = cond; + if (ok >= 0 && negate) + ok = !ok; + + if (debug) + process_proxy_debug(indent, + "End process_proxy_cond_val at position %d: %s, returning %d\n", + *pos, cond, ok); + + return ok; +} + +static int process_proxy_cond_multipliers(unsigned int letters[26], + const char *cond, + const char **cond_end, int *pos, + int indent) +{ + int ok; + char c; + + if (debug) + process_proxy_debug(indent, + "Start process_proxy_cond_multipliers at position %d: %s\n", + *pos, cond); + + ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1); + cond = *cond_end; + if (ok < 0) + goto end; + + while (ok >= 0) { + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } + c = *cond; + + switch (c) { + case '&': + case '^': + { + int save_ok = ok; + + cond++; + (*pos)++; + ok = process_proxy_cond_val(letters, + cond, cond_end, pos, indent + 1); + cond = *cond_end; + if (ok < 0) + break; + + switch (c) { + case '&': + ok &= save_ok; + break; + case '^': + ok ^= save_ok; + break; + default: + fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" + " STOPPING\n"); + EXIT(1); + } + } + break; + default: + goto end; + } + } + end: + if (debug) + process_proxy_debug(indent, + "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", + *pos, cond, ok); + + *cond_end = cond; + return ok; +} + +static int process_proxy_cond_adders(unsigned int letters[26], + const char *cond, const char **cond_end, + int *pos, int indent) +{ + int ok; + char c; + + if (debug) + process_proxy_debug(indent, + "Start process_proxy_cond_adders at position %d: %s\n", + *pos, cond); + + ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos, + indent + 1); + cond = *cond_end; + if (ok < 0) + goto end; + + while (ok >= 0) { + while (isspace((int)*cond)) { + cond++; + (*pos)++; + } + c = *cond; + + switch (c) { + case '|': + { + int save_ok = ok; + + cond++; + (*pos)++; + ok = process_proxy_cond_multipliers(letters, + cond, cond_end, pos, + indent + 1); + cond = *cond_end; + if (ok < 0) + break; + + switch (c) { + case '|': + ok |= save_ok; + break; + default: + fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" + " STOPPING\n"); + EXIT(1); + } + } + break; + default: + goto end; + } + } + end: + if (debug) + process_proxy_debug(indent, + "End process_proxy_cond_adders at position %d: %s, returning %d\n", + *pos, cond, ok); + + *cond_end = cond; + return ok; +} + +static int process_proxy_cond(unsigned int letters[26], + const char *cond, const char **cond_end) +{ + int pos = 1; + return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1); +} + +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) +{ + int ok = 1; + struct app_verify_arg *cb_arg = arg; + unsigned int letters[26]; /* only used with proxy_auth */ + + if (cb_arg->app_verify) { + char *s = NULL, buf[256]; + + fprintf(stderr, "In app_verify_callback, allowing cert. "); + fprintf(stderr, "Arg is: %s\n", cb_arg->string); + fprintf(stderr, + "Finished printing do we have a context? 0x%p a cert? 0x%p\n", + (void *)ctx, (void *)ctx->cert); + if (ctx->cert) + s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256); + if (s != NULL) { + fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf); + } + return (1); + } + if (cb_arg->proxy_auth) { + int found_any = 0, i; + char *sp; + + for (i = 0; i < 26; i++) + letters[i] = 0; + for (sp = cb_arg->proxy_auth; *sp; sp++) { + int c = *sp; + if (isascii(c) && isalpha(c)) { + if (islower(c)) + c = toupper(c); + letters[c - 'A'] = 1; + } + } + + fprintf(stderr, " Initial proxy rights = "); + for (i = 0; i < 26; i++) + if (letters[i]) { + fprintf(stderr, "%c", i + 'A'); + found_any = 1; + } + if (!found_any) + fprintf(stderr, "none"); + fprintf(stderr, "\n"); + + X509_STORE_CTX_set_ex_data(ctx, + get_proxy_auth_ex_data_idx(), letters); + } + if (cb_arg->allow_proxy_certs) { + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + } + ok = X509_verify_cert(ctx); + + if (cb_arg->proxy_auth) { + if (ok > 0) { + const char *cond_end = NULL; + + ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end); + + if (ok < 0) + EXIT(3); + if (*cond_end) { + fprintf(stderr, + "Stopped processing condition before it's end.\n"); + ok = 0; + } + if (!ok) + fprintf(stderr, + "Proxy rights check with condition '%s' proved invalid\n", + cb_arg->proxy_cond); + else + fprintf(stderr, + "Proxy rights check with condition '%s' proved valid\n", + cb_arg->proxy_cond); + } + } + return (ok); +} + +#ifndef OPENSSL_NO_RSA +static RSA *rsa_tmp = NULL; + +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) +{ + BIGNUM *bn = NULL; + if (rsa_tmp == NULL) { + bn = BN_new(); + rsa_tmp = RSA_new(); + if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) { + BIO_printf(bio_err, "Memory error..."); + goto end; + } + BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength); + (void)BIO_flush(bio_err); + if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { + BIO_printf(bio_err, "Error generating key."); + RSA_free(rsa_tmp); + rsa_tmp = NULL; + } + end: + BIO_printf(bio_err, "\n"); + (void)BIO_flush(bio_err); + } + if (bn) + BN_free(bn); + return (rsa_tmp); +} + +static void free_tmp_rsa(void) +{ + RSA_free(rsa_tmp); + rsa_tmp = NULL; +} +#endif + +#ifndef OPENSSL_NO_DH +/*- + * These DH parameters have been generated as follows: + * $ openssl dhparam -C -noout 512 + * $ openssl dhparam -C -noout 1024 + * $ openssl dhparam -C -noout -dsaparam 1024 + * (The third function has been renamed to avoid name conflicts.) + */ +static DH *get_dh512() +{ + static unsigned char dh512_p[] = { + 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, + 0xC6, + 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, + 0xB0, + 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, + 0x5F, + 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, + 0xB8, + 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, + 0x33, + 0x02, 0xC5, 0xAE, 0x23, + }; + static unsigned char dh512_g[] = { + 0x02, + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return (NULL); + dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); + dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); + } + return (dh); +} + +static DH *get_dh1024() +{ + static unsigned char dh1024_p[] = { + 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, + 0x3A, + 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, + 0xA2, + 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, + 0xB0, + 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, + 0xC2, + 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, + 0x8C, + 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, + 0xB8, + 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, + 0x52, + 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, + 0xC1, + 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, + 0xB1, + 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, + 0xAB, + 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53, + }; + static unsigned char dh1024_g[] = { + 0x02, + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return (NULL); + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); + } + return (dh); +} + +static DH *get_dh1024dsa() +{ + static unsigned char dh1024_p[] = { + 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, + 0x00, + 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, + 0x19, + 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, + 0xD2, + 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, + 0x55, + 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, + 0xFC, + 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, + 0x97, + 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, + 0x8D, + 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, + 0xBB, + 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, + 0xF6, + 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, + 0x9E, + 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, + }; + static unsigned char dh1024_g[] = { + 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, + 0x05, + 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, + 0xF3, + 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, + 0xE9, + 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, + 0x3C, + 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, + 0x65, + 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, + 0x60, + 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, + 0xF6, + 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, + 0xA7, + 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, + 0xA1, + 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, + 0x60, + 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, + }; + DH *dh; + + if ((dh = DH_new()) == NULL) + return (NULL); + dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); + dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); + if ((dh->p == NULL) || (dh->g == NULL)) { + DH_free(dh); + return (NULL); + } + dh->length = 160; + return (dh); +} +#endif + +#ifndef OPENSSL_NO_PSK +/* convert the PSK key (psk_key) in ascii to binary (psk) */ +static int psk_key2bn(const char *pskkey, unsigned char *psk, + unsigned int max_psk_len) +{ + int ret; + BIGNUM *bn = NULL; + + ret = BN_hex2bn(&bn, pskkey); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + pskkey); + if (bn) + BN_free(bn); + return 0; + } + if (BN_num_bytes(bn) > (int)max_psk_len) { + BIO_printf(bio_err, + "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + ret = BN_bn2bin(bn, psk); + BN_free(bn); + return ret; +} + +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len) +{ + int ret; + unsigned int psk_len = 0; + + ret = BIO_snprintf(identity, max_identity_len, "Client_identity"); + if (ret < 0) + goto out_err; + if (debug) + fprintf(stderr, "client: created identity '%s' len=%d\n", identity, + ret); + ret = psk_key2bn(psk_key, psk, max_psk_len); + if (ret < 0) + goto out_err; + psk_len = ret; + out_err: + return psk_len; +} + +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len) +{ + unsigned int psk_len = 0; + + if (strcmp(identity, "Client_identity") != 0) { + BIO_printf(bio_err, "server: PSK error: client identity not found\n"); + return 0; + } + psk_len = psk_key2bn(psk_key, psk, max_psk_len); + return psk_len; +} +#endif + +static int do_test_cipherlist(void) +{ + int i = 0; + const SSL_METHOD *meth; + const SSL_CIPHER *ci, *tci = NULL; + +#ifndef OPENSSL_NO_SSL3 + fprintf(stderr, "testing SSLv3 cipher list order: "); + meth = SSLv3_method(); + tci = NULL; + while ((ci = meth->get_cipher(i++)) != NULL) { + if (tci != NULL) + if (ci->id >= tci->id) { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, "ok\n"); +#endif + fprintf(stderr, "testing TLSv1 cipher list order: "); + meth = TLSv1_method(); + tci = NULL; + while ((ci = meth->get_cipher(i++)) != NULL) { + if (tci != NULL) + if (ci->id >= tci->id) { + fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + return 0; + } + tci = ci; + } + fprintf(stderr, "ok\n"); + + return 1; +} diff --git a/test/v3nametest.c b/test/v3nametest.c new file mode 100644 index 0000000000..7b5c1c8e51 --- /dev/null +++ b/test/v3nametest.c @@ -0,0 +1,336 @@ +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include "../e_os.h" +#include <string.h> + +static const char *const names[] = { + "a", "b", ".", "*", "@", + ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", + "@@", "**", "*.com", "*com", "*.*.com", "*com", "com*", "*example.com", + "*@example.com", "test@*.example.com", "example.com", "www.example.com", + "test.www.example.com", "*.example.com", "*.www.example.com", + "test.*.example.com", "www.*.com", + ".www.example.com", "*www.example.com", + "example.net", "xn--rger-koa.example.com", + "a.example.com", "b.example.com", + "postmaster@example.com", "Postmaster@example.com", + "postmaster@EXAMPLE.COM", + NULL +}; + +static const char *const exceptions[] = { + "set CN: host: [*.example.com] matches [a.example.com]", + "set CN: host: [*.example.com] matches [b.example.com]", + "set CN: host: [*.example.com] matches [www.example.com]", + "set CN: host: [*.example.com] matches [xn--rger-koa.example.com]", + "set CN: host: [*.www.example.com] matches [test.www.example.com]", + "set CN: host: [*.www.example.com] matches [.www.example.com]", + "set CN: host: [*www.example.com] matches [www.example.com]", + "set CN: host: [test.www.example.com] matches [.www.example.com]", + "set CN: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set CN: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", + "set emailAddress: email: [postmaster@example.com] does not match [Postmaster@example.com]", + "set emailAddress: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", + "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@example.com]", + "set emailAddress: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", + "set dnsName: host: [*.example.com] matches [www.example.com]", + "set dnsName: host: [*.example.com] matches [a.example.com]", + "set dnsName: host: [*.example.com] matches [b.example.com]", + "set dnsName: host: [*.example.com] matches [xn--rger-koa.example.com]", + "set dnsName: host: [*.www.example.com] matches [test.www.example.com]", + "set dnsName: host-no-wildcards: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host-no-wildcards: [test.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*.www.example.com] matches [.www.example.com]", + "set dnsName: host: [*www.example.com] matches [www.example.com]", + "set dnsName: host: [test.www.example.com] matches [.www.example.com]", + "set rfc822Name: email: [postmaster@example.com] does not match [Postmaster@example.com]", + "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@example.com]", + "set rfc822Name: email: [Postmaster@example.com] does not match [postmaster@EXAMPLE.COM]", + "set rfc822Name: email: [postmaster@EXAMPLE.COM] does not match [Postmaster@example.com]", + NULL +}; + +static int is_exception(const char *msg) +{ + const char *const *p; + for (p = exceptions; *p; ++p) + if (strcmp(msg, *p) == 0) + return 1; + return 0; +} + +static int set_cn(X509 *crt, ...) +{ + int ret = 0; + X509_NAME *n = NULL; + va_list ap; + va_start(ap, crt); + n = X509_NAME_new(); + if (n == NULL) + goto out; + while (1) { + int nid; + const char *name; + nid = va_arg(ap, int); + if (nid == 0) + break; + name = va_arg(ap, const char *); + if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, + (unsigned char *)name, -1, -1, 1)) + goto out; + } + if (!X509_set_subject_name(crt, n)) + goto out; + ret = 1; + out: + X509_NAME_free(n); + va_end(ap); + return ret; +} + +/*- +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +*/ + +static int set_altname(X509 *crt, ...) +{ + int ret = 0; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_IA5STRING *ia5 = NULL; + va_list ap; + va_start(ap, crt); + gens = sk_GENERAL_NAME_new_null(); + if (gens == NULL) + goto out; + while (1) { + int type; + const char *name; + type = va_arg(ap, int); + if (type == 0) + break; + name = va_arg(ap, const char *); + + gen = GENERAL_NAME_new(); + if (gen == NULL) + goto out; + ia5 = ASN1_IA5STRING_new(); + if (ia5 == NULL) + goto out; + if (!ASN1_STRING_set(ia5, name, -1)) + goto out; + switch (type) { + case GEN_EMAIL: + case GEN_DNS: + GENERAL_NAME_set0_value(gen, type, ia5); + ia5 = NULL; + break; + default: + abort(); + } + sk_GENERAL_NAME_push(gens, gen); + gen = NULL; + } + if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, 0)) + goto out; + ret = 1; + out: + ASN1_IA5STRING_free(ia5); + GENERAL_NAME_free(gen); + GENERAL_NAMES_free(gens); + va_end(ap); + return ret; +} + +static int set_cn1(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, 0); +} + +static int set_cn_and_email(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, + NID_pkcs9_emailAddress, "dummy@example.com", 0); +} + +static int set_cn2(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, "dummy value", + NID_commonName, name, 0); +} + +static int set_cn3(X509 *crt, const char *name) +{ + return set_cn(crt, NID_commonName, name, + NID_commonName, "dummy value", 0); +} + +static int set_email1(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, 0); +} + +static int set_email2(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, "dummy@example.com", + NID_pkcs9_emailAddress, name, 0); +} + +static int set_email3(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, + NID_pkcs9_emailAddress, "dummy@example.com", 0); +} + +static int set_email_and_cn(X509 *crt, const char *name) +{ + return set_cn(crt, NID_pkcs9_emailAddress, name, + NID_commonName, "www.example.org", 0); +} + +static int set_altname_dns(X509 *crt, const char *name) +{ + return set_altname(crt, GEN_DNS, name, 0); +} + +static int set_altname_email(X509 *crt, const char *name) +{ + return set_altname(crt, GEN_EMAIL, name, 0); +} + +struct set_name_fn { + int (*fn) (X509 *, const char *); + const char *name; + int host; + int email; +}; + +static const struct set_name_fn name_fns[] = { + {set_cn1, "set CN", 1, 0}, + {set_cn2, "set CN", 1, 0}, + {set_cn3, "set CN", 1, 0}, + {set_cn_and_email, "set CN", 1, 0}, + {set_email1, "set emailAddress", 0, 1}, + {set_email2, "set emailAddress", 0, 1}, + {set_email3, "set emailAddress", 0, 1}, + {set_email_and_cn, "set emailAddress", 0, 1}, + {set_altname_dns, "set dnsName", 1, 0}, + {set_altname_email, "set rfc822Name", 0, 1}, + {NULL, NULL, 0} +}; + +static X509 *make_cert() +{ + X509 *ret = NULL; + X509 *crt = NULL; + X509_NAME *issuer = NULL; + crt = X509_new(); + if (crt == NULL) + goto out; + if (!X509_set_version(crt, 3)) + goto out; + ret = crt; + crt = NULL; + out: + X509_NAME_free(issuer); + return ret; +} + +static int errors; + +static void check_message(const struct set_name_fn *fn, const char *op, + const char *nameincert, int match, const char *name) +{ + char msg[1024]; + if (match < 0) + return; + BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", + fn->name, op, nameincert, + match ? "matches" : "does not match", name); + if (is_exception(msg)) + return; + puts(msg); + ++errors; +} + +static void run_cert(X509 *crt, const char *nameincert, + const struct set_name_fn *fn) +{ + const char *const *pname = names; + while (*pname) { + int samename = strcasecmp(nameincert, *pname) == 0; + size_t namelen = strlen(*pname); + char *name = malloc(namelen); + int match, ret; + memcpy(name, *pname, namelen); + + ret = X509_check_host(crt, name, namelen, 0, NULL); + match = -1; + if (ret < 0) { + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } else if (fn->host) { + if (ret == 1 && !samename) + match = 1; + if (ret == 0 && samename) + match = 0; + } else if (ret == 1) + match = 1; + check_message(fn, "host", nameincert, match, *pname); + + ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, NULL); + match = -1; + if (ret < 0) { + fprintf(stderr, "internal error in X509_check_host"); + ++errors; + } else if (fn->host) { + if (ret == 1 && !samename) + match = 1; + if (ret == 0 && samename) + match = 0; + } else if (ret == 1) + match = 1; + check_message(fn, "host-no-wildcards", nameincert, match, *pname); + + ret = X509_check_email(crt, name, namelen, 0); + match = -1; + if (fn->email) { + if (ret && !samename) + match = 1; + if (!ret && samename && strchr(nameincert, '@') != NULL) + match = 0; + } else if (ret) + match = 1; + check_message(fn, "email", nameincert, match, *pname); + ++pname; + free(name); + } +} + +int main(void) +{ + const struct set_name_fn *pfn = name_fns; + while (pfn->name) { + const char *const *pname = names; + while (*pname) { + X509 *crt = make_cert(); + if (crt == NULL) { + fprintf(stderr, "make_cert failed\n"); + return 1; + } + if (!pfn->fn(crt, *pname)) { + fprintf(stderr, "X509 name setting failed\n"); + return 1; + } + run_cert(crt, *pname, pfn); + X509_free(crt); + ++pname; + } + ++pfn; + } + return errors > 0 ? 1 : 0; +} diff --git a/test/wp_test.c b/test/wp_test.c new file mode 100644 index 0000000000..2ea6251a58 --- /dev/null +++ b/test/wp_test.c @@ -0,0 +1,241 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * ==================================================================== + */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include <openssl/whrlpool.h> +#include <openssl/crypto.h> + +#if defined(OPENSSL_NO_WHIRLPOOL) +int main(int argc, char *argv[]) +{ + printf("No Whirlpool support\n"); + return (0); +} +#else + +/* ISO/IEC 10118-3 test vector set */ +unsigned char iso_test_1[WHIRLPOOL_DIGEST_LENGTH] = { + 0x19, 0xFA, 0x61, 0xD7, 0x55, 0x22, 0xA4, 0x66, + 0x9B, 0x44, 0xE3, 0x9C, 0x1D, 0x2E, 0x17, 0x26, + 0xC5, 0x30, 0x23, 0x21, 0x30, 0xD4, 0x07, 0xF8, + 0x9A, 0xFE, 0xE0, 0x96, 0x49, 0x97, 0xF7, 0xA7, + 0x3E, 0x83, 0xBE, 0x69, 0x8B, 0x28, 0x8F, 0xEB, + 0xCF, 0x88, 0xE3, 0xE0, 0x3C, 0x4F, 0x07, 0x57, + 0xEA, 0x89, 0x64, 0xE5, 0x9B, 0x63, 0xD9, 0x37, + 0x08, 0xB1, 0x38, 0xCC, 0x42, 0xA6, 0x6E, 0xB3 +}; + +unsigned char iso_test_2[WHIRLPOOL_DIGEST_LENGTH] = { + 0x8A, 0xCA, 0x26, 0x02, 0x79, 0x2A, 0xEC, 0x6F, + 0x11, 0xA6, 0x72, 0x06, 0x53, 0x1F, 0xB7, 0xD7, + 0xF0, 0xDF, 0xF5, 0x94, 0x13, 0x14, 0x5E, 0x69, + 0x73, 0xC4, 0x50, 0x01, 0xD0, 0x08, 0x7B, 0x42, + 0xD1, 0x1B, 0xC6, 0x45, 0x41, 0x3A, 0xEF, 0xF6, + 0x3A, 0x42, 0x39, 0x1A, 0x39, 0x14, 0x5A, 0x59, + 0x1A, 0x92, 0x20, 0x0D, 0x56, 0x01, 0x95, 0xE5, + 0x3B, 0x47, 0x85, 0x84, 0xFD, 0xAE, 0x23, 0x1A +}; + +unsigned char iso_test_3[WHIRLPOOL_DIGEST_LENGTH] = { + 0x4E, 0x24, 0x48, 0xA4, 0xC6, 0xF4, 0x86, 0xBB, + 0x16, 0xB6, 0x56, 0x2C, 0x73, 0xB4, 0x02, 0x0B, + 0xF3, 0x04, 0x3E, 0x3A, 0x73, 0x1B, 0xCE, 0x72, + 0x1A, 0xE1, 0xB3, 0x03, 0xD9, 0x7E, 0x6D, 0x4C, + 0x71, 0x81, 0xEE, 0xBD, 0xB6, 0xC5, 0x7E, 0x27, + 0x7D, 0x0E, 0x34, 0x95, 0x71, 0x14, 0xCB, 0xD6, + 0xC7, 0x97, 0xFC, 0x9D, 0x95, 0xD8, 0xB5, 0x82, + 0xD2, 0x25, 0x29, 0x20, 0x76, 0xD4, 0xEE, 0xF5 +}; + +unsigned char iso_test_4[WHIRLPOOL_DIGEST_LENGTH] = { + 0x37, 0x8C, 0x84, 0xA4, 0x12, 0x6E, 0x2D, 0xC6, + 0xE5, 0x6D, 0xCC, 0x74, 0x58, 0x37, 0x7A, 0xAC, + 0x83, 0x8D, 0x00, 0x03, 0x22, 0x30, 0xF5, 0x3C, + 0xE1, 0xF5, 0x70, 0x0C, 0x0F, 0xFB, 0x4D, 0x3B, + 0x84, 0x21, 0x55, 0x76, 0x59, 0xEF, 0x55, 0xC1, + 0x06, 0xB4, 0xB5, 0x2A, 0xC5, 0xA4, 0xAA, 0xA6, + 0x92, 0xED, 0x92, 0x00, 0x52, 0x83, 0x8F, 0x33, + 0x62, 0xE8, 0x6D, 0xBD, 0x37, 0xA8, 0x90, 0x3E +}; + +unsigned char iso_test_5[WHIRLPOOL_DIGEST_LENGTH] = { + 0xF1, 0xD7, 0x54, 0x66, 0x26, 0x36, 0xFF, 0xE9, + 0x2C, 0x82, 0xEB, 0xB9, 0x21, 0x2A, 0x48, 0x4A, + 0x8D, 0x38, 0x63, 0x1E, 0xAD, 0x42, 0x38, 0xF5, + 0x44, 0x2E, 0xE1, 0x3B, 0x80, 0x54, 0xE4, 0x1B, + 0x08, 0xBF, 0x2A, 0x92, 0x51, 0xC3, 0x0B, 0x6A, + 0x0B, 0x8A, 0xAE, 0x86, 0x17, 0x7A, 0xB4, 0xA6, + 0xF6, 0x8F, 0x67, 0x3E, 0x72, 0x07, 0x86, 0x5D, + 0x5D, 0x98, 0x19, 0xA3, 0xDB, 0xA4, 0xEB, 0x3B +}; + +unsigned char iso_test_6[WHIRLPOOL_DIGEST_LENGTH] = { + 0xDC, 0x37, 0xE0, 0x08, 0xCF, 0x9E, 0xE6, 0x9B, + 0xF1, 0x1F, 0x00, 0xED, 0x9A, 0xBA, 0x26, 0x90, + 0x1D, 0xD7, 0xC2, 0x8C, 0xDE, 0xC0, 0x66, 0xCC, + 0x6A, 0xF4, 0x2E, 0x40, 0xF8, 0x2F, 0x3A, 0x1E, + 0x08, 0xEB, 0xA2, 0x66, 0x29, 0x12, 0x9D, 0x8F, + 0xB7, 0xCB, 0x57, 0x21, 0x1B, 0x92, 0x81, 0xA6, + 0x55, 0x17, 0xCC, 0x87, 0x9D, 0x7B, 0x96, 0x21, + 0x42, 0xC6, 0x5F, 0x5A, 0x7A, 0xF0, 0x14, 0x67 +}; + +unsigned char iso_test_7[WHIRLPOOL_DIGEST_LENGTH] = { + 0x46, 0x6E, 0xF1, 0x8B, 0xAB, 0xB0, 0x15, 0x4D, + 0x25, 0xB9, 0xD3, 0x8A, 0x64, 0x14, 0xF5, 0xC0, + 0x87, 0x84, 0x37, 0x2B, 0xCC, 0xB2, 0x04, 0xD6, + 0x54, 0x9C, 0x4A, 0xFA, 0xDB, 0x60, 0x14, 0x29, + 0x4D, 0x5B, 0xD8, 0xDF, 0x2A, 0x6C, 0x44, 0xE5, + 0x38, 0xCD, 0x04, 0x7B, 0x26, 0x81, 0xA5, 0x1A, + 0x2C, 0x60, 0x48, 0x1E, 0x88, 0xC5, 0xA2, 0x0B, + 0x2C, 0x2A, 0x80, 0xCF, 0x3A, 0x9A, 0x08, 0x3B +}; + +unsigned char iso_test_8[WHIRLPOOL_DIGEST_LENGTH] = { + 0x2A, 0x98, 0x7E, 0xA4, 0x0F, 0x91, 0x70, 0x61, + 0xF5, 0xD6, 0xF0, 0xA0, 0xE4, 0x64, 0x4F, 0x48, + 0x8A, 0x7A, 0x5A, 0x52, 0xDE, 0xEE, 0x65, 0x62, + 0x07, 0xC5, 0x62, 0xF9, 0x88, 0xE9, 0x5C, 0x69, + 0x16, 0xBD, 0xC8, 0x03, 0x1B, 0xC5, 0xBE, 0x1B, + 0x7B, 0x94, 0x76, 0x39, 0xFE, 0x05, 0x0B, 0x56, + 0x93, 0x9B, 0xAA, 0xA0, 0xAD, 0xFF, 0x9A, 0xE6, + 0x74, 0x5B, 0x7B, 0x18, 0x1C, 0x3B, 0xE3, 0xFD +}; + +unsigned char iso_test_9[WHIRLPOOL_DIGEST_LENGTH] = { + 0x0C, 0x99, 0x00, 0x5B, 0xEB, 0x57, 0xEF, 0xF5, + 0x0A, 0x7C, 0xF0, 0x05, 0x56, 0x0D, 0xDF, 0x5D, + 0x29, 0x05, 0x7F, 0xD8, 0x6B, 0x20, 0xBF, 0xD6, + 0x2D, 0xEC, 0xA0, 0xF1, 0xCC, 0xEA, 0x4A, 0xF5, + 0x1F, 0xC1, 0x54, 0x90, 0xED, 0xDC, 0x47, 0xAF, + 0x32, 0xBB, 0x2B, 0x66, 0xC3, 0x4F, 0xF9, 0xAD, + 0x8C, 0x60, 0x08, 0xAD, 0x67, 0x7F, 0x77, 0x12, + 0x69, 0x53, 0xB2, 0x26, 0xE4, 0xED, 0x8B, 0x01 +}; + +int main(int argc, char *argv[]) +{ + unsigned char md[WHIRLPOOL_DIGEST_LENGTH]; + int i; + WHIRLPOOL_CTX ctx; + +# ifdef OPENSSL_IA32_SSE2 + /* + * Alternative to this is to call OpenSSL_add_all_algorithms... The below + * code is retained exclusively for debugging purposes. + */ + { + char *env; + + if ((env = getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul(env, NULL, 0); + } +# endif + + fprintf(stdout, "Testing Whirlpool "); + + WHIRLPOOL("", 0, md); + if (memcmp(md, iso_test_1, sizeof(iso_test_1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("a", 1, md); + if (memcmp(md, iso_test_2, sizeof(iso_test_2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abc", 3, md); + if (memcmp(md, iso_test_3, sizeof(iso_test_3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("message digest", 14, md); + if (memcmp(md, iso_test_4, sizeof(iso_test_4))) { + fflush(stdout); + fprintf(stderr, "\nTEST 4 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abcdefghijklmnopqrstuvwxyz", 26, md); + if (memcmp(md, iso_test_5, sizeof(iso_test_5))) { + fflush(stdout); + fprintf(stderr, "\nTEST 5 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" "0123456789", 62, md); + if (memcmp(md, iso_test_6, sizeof(iso_test_6))) { + fflush(stdout); + fprintf(stderr, "\nTEST 6 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("1234567890" "1234567890" "1234567890" "1234567890" + "1234567890" "1234567890" "1234567890" "1234567890", 80, md); + if (memcmp(md, iso_test_7, sizeof(iso_test_7))) { + fflush(stdout); + fprintf(stderr, "\nTEST 7 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL("abcdbcdecdefdefgefghfghighijhijk", 32, md); + if (memcmp(md, iso_test_8, sizeof(iso_test_8))) { + fflush(stdout); + fprintf(stderr, "\nTEST 8 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + WHIRLPOOL_Init(&ctx); + for (i = 0; i < 1000000; i += 288) + WHIRLPOOL_Update(&ctx, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288); + WHIRLPOOL_Final(md, &ctx); + if (memcmp(md, iso_test_9, sizeof(iso_test_9))) { + fflush(stdout); + fprintf(stderr, "\nTEST 9 of 9 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; +} +#endif |