infrastructure.
The following tests have not been imported, for their code lacks a licence:
asn1, rsa, sha256, sha512, wp.
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:15 miod Exp $
+
+SUBDIR= \
+ bf \
+ bn \
+ cast \
+ des \
+ dh \
+ dsa \
+ ec \
+ ecdh \
+ ecdsa \
+ evp \
+ exp \
+ hmac \
+ idea \
+ ige \
+ md4 \
+ md5 \
+ mdc2 \
+ rand \
+ rc2 \
+ rc4 \
+ rmd \
+ sha \
+ sha1
+
+install:
+
+.include <bsd.subdir.mk>
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= bftest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/blowfish.h>
+
+static char *bf_key[2]={
+ "abcdefghijklmnopqrstuvwxyz",
+ "Who is John Galt?"
+ };
+
+/* big endian */
+static BF_LONG bf_plain[2][2]={
+ {0x424c4f57L,0x46495348L},
+ {0xfedcba98L,0x76543210L}
+ };
+
+static BF_LONG bf_cipher[2][2]={
+ {0x324ed0feL,0xf413a203L},
+ {0xcc91732bL,0x8022f684L}
+ };
+/************/
+
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+ {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+ {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+ {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+ {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+ {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+ {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+ {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+ {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+ {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+ {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+ {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+ {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+ {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+ {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+ {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+ {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+ {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+ {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+ {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+ {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+ {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+ {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+ {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+ {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+ {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+ {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+ {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+ {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+ {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+ {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+ {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+ {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+ {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+ {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+ {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+ {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+ {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+ {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+ {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+ {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+ {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+ {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+ {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+ {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+ {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+ {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+ {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+ {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+ {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+ {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+ {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+ {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+ {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+ {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+ {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+ {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+ {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+ {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+ {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+ {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+ {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+ {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+ {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+ {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+ {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+ {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+ {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+ {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+ {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+ {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+ {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+ {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+ {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+ };
+
+static unsigned char cbc_key [16]={
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+ 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+ 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+ 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+ 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+ 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+
+static unsigned char cfb64_ok[]={
+ 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+ 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+ 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+ 0x51,0x9D,0x57,0xA6,0xC3};
+
+static unsigned char ofb64_ok[]={
+ 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+ 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+ 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+ 0x63,0xC2,0xCF,0x80,0xDA};
+
+#define KEY_TEST_NUM 25
+static unsigned char key_test[KEY_TEST_NUM]={
+ 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+ 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+ 0x88};
+
+static unsigned char key_data[8]=
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+
+static unsigned char key_out[KEY_TEST_NUM][8]={
+ {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+ {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+ {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+ {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+ {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+ {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+ {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+ {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+ {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+ {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+ {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+ {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+ {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+ {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+ {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+ {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+ {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+ {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+ {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+ {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+ {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+ {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+ {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+ {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+ };
+
+static int test(void );
+static int print_test_data(void );
+int main(int argc, char *argv[])
+ {
+ int ret;
+
+ if (argc > 1)
+ ret=print_test_data();
+ else
+ ret=test();
+
+ return ret;
+ }
+
+static int print_test_data(void)
+ {
+ unsigned int i,j;
+
+ printf("ecb test data\n");
+ printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+ for (i=0; i<NUM_TESTS; i++)
+ {
+ for (j=0; j<8; j++)
+ printf("%02X",ecb_data[i][j]);
+ printf("\t");
+ for (j=0; j<8; j++)
+ printf("%02X",plain_data[i][j]);
+ printf("\t");
+ for (j=0; j<8; j++)
+ printf("%02X",cipher_data[i][j]);
+ printf("\n");
+ }
+
+ printf("set_key test data\n");
+ printf("data[8]= ");
+ for (j=0; j<8; j++)
+ printf("%02X",key_data[j]);
+ printf("\n");
+ for (i=0; i<KEY_TEST_NUM-1; i++)
+ {
+ printf("c=");
+ for (j=0; j<8; j++)
+ printf("%02X",key_out[i][j]);
+ printf(" k[%2u]=",i+1);
+ for (j=0; j<i+1; j++)
+ printf("%02X",key_test[j]);
+ printf("\n");
+ }
+
+ printf("\nchaining mode test data\n");
+ printf("key[16] = ");
+ for (j=0; j<16; j++)
+ printf("%02X",cbc_key[j]);
+ printf("\niv[8] = ");
+ for (j=0; j<8; j++)
+ printf("%02X",cbc_iv[j]);
+ printf("\ndata[%d] = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+ printf("\ndata[%d] = ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",cbc_data[j]);
+ printf("\n");
+ printf("cbc cipher text\n");
+ printf("cipher[%d]= ",32);
+ for (j=0; j<32; j++)
+ printf("%02X",cbc_ok[j]);
+ printf("\n");
+
+ printf("cfb64 cipher text\n");
+ printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",cfb64_ok[j]);
+ printf("\n");
+
+ printf("ofb64 cipher text\n");
+ printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+ for (j=0; j<strlen(cbc_data)+1; j++)
+ printf("%02X",ofb64_ok[j]);
+ printf("\n");
+ return(0);
+ }
+
+static int test(void)
+ {
+ unsigned char cbc_in[40],cbc_out[40],iv[8];
+ int i,n,err=0;
+ BF_KEY key;
+ BF_LONG data[2];
+ unsigned char out[8];
+ BF_LONG len;
+
+ printf("testing blowfish in raw ecb mode\n");
+ for (n=0; n<2; n++)
+ {
+ BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+
+ data[0]=bf_plain[n][0];
+ data[1]=bf_plain[n][1];
+ BF_encrypt(data,&key);
+ if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+ {
+ printf("BF_encrypt error encrypting\n");
+ printf("got :");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)bf_cipher[n][i]);
+ err=1;
+ printf("\n");
+ }
+
+ BF_decrypt(&(data[0]),&key);
+ if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+ {
+ printf("BF_encrypt error decrypting\n");
+ printf("got :");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<2; i++)
+ printf("%08lX ",(unsigned long)bf_plain[n][i]);
+ printf("\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish in ecb mode\n");
+
+ for (n=0; n<NUM_TESTS; n++)
+ {
+ BF_set_key(&key,8,ecb_data[n]);
+
+ BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+ if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+ {
+ printf("BF_ecb_encrypt blowfish error encrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",cipher_data[n][i]);
+ err=1;
+ printf("\n");
+ }
+
+ BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+ if (memcmp(&(plain_data[n][0]),out,8) != 0)
+ {
+ printf("BF_ecb_encrypt error decrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",plain_data[n][i]);
+ printf("\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish set_key\n");
+ for (n=1; n<KEY_TEST_NUM; n++)
+ {
+ BF_set_key(&key,n,key_test);
+ BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+ /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
+ if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
+ {
+ printf("blowfish setkey error\n");
+ err=1;
+ }
+ }
+
+ printf("testing blowfish in cbc mode\n");
+ len=strlen(cbc_data)+1;
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,sizeof cbc_in);
+ memset(cbc_out,0,sizeof cbc_out);
+ memcpy(iv,cbc_iv,sizeof iv);
+ BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+ &key,iv,BF_ENCRYPT);
+ if (memcmp(cbc_out,cbc_ok,32) != 0)
+ {
+ err=1;
+ printf("BF_cbc_encrypt encrypt error\n");
+ for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ memcpy(iv,cbc_iv,8);
+ BF_cbc_encrypt(cbc_out,cbc_in,len,
+ &key,iv,BF_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+ {
+ printf("BF_cbc_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("testing blowfish in cfb64 mode\n");
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,40);
+ memset(cbc_out,0,40);
+ memcpy(iv,cbc_iv,8);
+ n=0;
+ BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+ &key,iv,&n,BF_ENCRYPT);
+ BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+ &key,iv,&n,BF_ENCRYPT);
+ if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+ {
+ err=1;
+ printf("BF_cfb64_encrypt encrypt error\n");
+ for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ n=0;
+ memcpy(iv,cbc_iv,8);
+ BF_cfb64_encrypt(cbc_out,cbc_in,17,
+ &key,iv,&n,BF_DECRYPT);
+ BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+ &key,iv,&n,BF_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+ {
+ printf("BF_cfb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("testing blowfish in ofb64\n");
+
+ BF_set_key(&key,16,cbc_key);
+ memset(cbc_in,0,40);
+ memset(cbc_out,0,40);
+ memcpy(iv,cbc_iv,8);
+ n=0;
+ BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+ BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+ &(cbc_out[13]),len-13,&key,iv,&n);
+ if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+ {
+ err=1;
+ printf("BF_ofb64_encrypt encrypt error\n");
+ for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+ }
+ n=0;
+ memcpy(iv,cbc_iv,8);
+ BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+ BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+ if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+ {
+ printf("BF_ofb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ return(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:15 miod Exp $
+
+PROG= bntest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+const int num0 = 100; /* number of tests */
+const int num1 = 50; /* additional tests for some functions */
+const int num2 = 5; /* number of tests for slow functions */
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_word(BIO *bp);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+static int results=0;
+
+static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static void message(BIO *out, char *m)
+ {
+ fprintf(stderr, "test %s\n", m);
+ BIO_puts(out, "print \"test ");
+ BIO_puts(out, m);
+ BIO_puts(out, "\\n\"\n");
+ }
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx;
+ BIO *out;
+ char *outfile=NULL;
+
+ results = 0;
+
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-results") == 0)
+ results=1;
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) break;
+ outfile= *(++argv);
+ }
+ argc--;
+ argv++;
+ }
+
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) exit(1);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) exit(1);
+ if (outfile == NULL)
+ {
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ }
+ else
+ {
+ if (!BIO_write_filename(out,outfile))
+ {
+ perror(outfile);
+ exit(1);
+ }
+ }
+
+ if (!results)
+ BIO_puts(out,"obase=16\nibase=16\n");
+
+ message(out,"BN_add");
+ if (!test_add(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_sub");
+ if (!test_sub(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift1");
+ if (!test_lshift1(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift (fixed)");
+ if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_lshift");
+ if (!test_lshift(out,ctx,NULL)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_rshift1");
+ if (!test_rshift1(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_rshift");
+ if (!test_rshift(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_sqr");
+ if (!test_sqr(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mul");
+ if (!test_mul(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div");
+ if (!test_div(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div_word");
+ if (!test_div_word(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_div_recp");
+ if (!test_div_recp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod");
+ if (!test_mod(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_mul");
+ if (!test_mod_mul(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mont");
+ if (!test_mont(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_exp");
+ if (!test_mod_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_exp");
+ if (!test_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_kronecker");
+ if (!test_kron(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_mod_sqrt");
+ if (!test_sqrt(out,ctx)) goto err;
+ (void)BIO_flush(out);
+#ifndef OPENSSL_NO_EC2M
+ message(out,"BN_GF2m_add");
+ if (!test_gf2m_add(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod");
+ if (!test_gf2m_mod(out)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_mul");
+ if (!test_gf2m_mod_mul(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_sqr");
+ if (!test_gf2m_mod_sqr(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_inv");
+ if (!test_gf2m_mod_inv(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_div");
+ if (!test_gf2m_mod_div(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_exp");
+ if (!test_gf2m_mod_exp(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_sqrt");
+ if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
+ (void)BIO_flush(out);
+
+ message(out,"BN_GF2m_mod_solve_quad");
+ if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
+ (void)BIO_flush(out);
+#endif
+ BN_CTX_free(ctx);
+ BIO_free(out);
+
+/**/
+ exit(0);
+err:
+ BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+ * the failure, see test_bn in test/Makefile.ssl*/
+ (void)BIO_flush(out);
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+int test_add(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ BN_bntest_rand(&a,512,0,0);
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(&b,450+i,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_add(&c,&a,&b);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," + ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ a.neg=!a.neg;
+ b.neg=!b.neg;
+ BN_add(&c,&c,&b);
+ BN_add(&c,&c,&a);
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"Add test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return(1);
+ }
+
+int test_sub(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,512,0,0);
+ BN_copy(&b,&a);
+ if (BN_set_bit(&a,i)==0) return(0);
+ BN_add_word(&b,i);
+ }
+ else
+ {
+ BN_bntest_rand(&b,400+i-num1,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ }
+ BN_sub(&c,&a,&b);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," - ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_add(&c,&c,&b);
+ BN_sub(&c,&c,&a);
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"Subtract test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return(1);
+ }
+
+int test_div(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,e;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,400,0,0);
+ BN_copy(&b,&a);
+ BN_lshift(&a,&a,i);
+ BN_add_word(&a,i);
+ }
+ else
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_div(&d,&c,&a,&b,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&d);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(&e,&d,&b,ctx);
+ BN_add(&d,&e,&c);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Division test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ return(1);
+ }
+
+static void print_word(BIO *bp,BN_ULONG w)
+ {
+#ifdef SIXTY_FOUR_BIT
+ if (sizeof(w) > sizeof(unsigned long))
+ {
+ unsigned long h=(unsigned long)(w>>32),
+ l=(unsigned long)(w);
+
+ if (h) BIO_printf(bp,"%lX%08lX",h,l);
+ else BIO_printf(bp,"%lX",l);
+ return;
+ }
+#endif
+ BIO_printf(bp,BN_HEX_FMT1,w);
+ }
+
+int test_div_word(BIO *bp)
+ {
+ BIGNUM a,b;
+ BN_ULONG r,s;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+
+ for (i=0; i<num0; i++)
+ {
+ do {
+ BN_bntest_rand(&a,512,-1,0);
+ BN_bntest_rand(&b,BN_BITS2,-1,0);
+ s = b.d[0];
+ } while (!s);
+
+ BN_copy(&b, &a);
+ r = BN_div_word(&b, s);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ print_word(bp,s);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&b);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ print_word(bp,s);
+ BIO_puts(bp," - ");
+ }
+ print_word(bp,r);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul_word(&b,s);
+ BN_add_word(&b,r);
+ BN_sub(&b,&a,&b);
+ if(!BN_is_zero(&b))
+ {
+ fprintf(stderr,"Division (word) test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ return(1);
+ }
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,e;
+ BN_RECP_CTX recp;
+ int i;
+
+ BN_RECP_CTX_init(&recp);
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i < num1)
+ {
+ BN_bntest_rand(&a,400,0,0);
+ BN_copy(&b,&a);
+ BN_lshift(&a,&a,i);
+ BN_add_word(&a,i);
+ }
+ else
+ BN_bntest_rand(&b,50+3*(i-num1),0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_RECP_CTX_set(&recp,&b,ctx);
+ BN_div_recp(&d,&c,&a,&recp,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," / ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&d);
+ BIO_puts(bp,"\n");
+
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," % ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(&e,&d,&b,ctx);
+ BN_add(&d,&e,&c);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Reciprocal division test failed!\n");
+ fprintf(stderr,"a=");
+ BN_print_fp(stderr,&a);
+ fprintf(stderr,"\nb=");
+ BN_print_fp(stderr,&b);
+ fprintf(stderr,"\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_RECP_CTX_free(&recp);
+ return(1);
+ }
+
+int test_mul(BIO *bp)
+ {
+ BIGNUM a,b,c,d,e;
+ int i;
+ BN_CTX *ctx;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL) exit(1);
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0+num1; i++)
+ {
+ if (i <= num1)
+ {
+ BN_bntest_rand(&a,100,0,0);
+ BN_bntest_rand(&b,100,0,0);
+ }
+ else
+ BN_bntest_rand(&b,i-num1,0,0);
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_mul(&c,&a,&b,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(&d,&e,&c,&a,ctx);
+ BN_sub(&d,&d,&b);
+ if(!BN_is_zero(&d) || !BN_is_zero(&e))
+ {
+ fprintf(stderr,"Multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_CTX_free(ctx);
+ return(1);
+ }
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,c,d,e;
+ int i;
+
+ BN_init(&a);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(&a,40+i*10,0,0);
+ a.neg=rand_neg();
+ BN_sqr(&c,&a,ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(&d,&e,&c,&a,ctx);
+ BN_sub(&d,&d,&a);
+ if(!BN_is_zero(&d) || !BN_is_zero(&e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ return(1);
+ }
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM a,b,c,d,A,B;
+ BIGNUM n;
+ int i;
+ BN_MONT_CTX *mont;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&A);
+ BN_init(&B);
+ BN_init(&n);
+
+ mont=BN_MONT_CTX_new();
+ if (mont == NULL)
+ return 0;
+
+ BN_bntest_rand(&a,100,0,0); /**/
+ BN_bntest_rand(&b,100,0,0); /**/
+ for (i=0; i<num2; i++)
+ {
+ int bits = (200*(i+1))/num2;
+
+ if (bits == 0)
+ continue;
+ BN_bntest_rand(&n,bits,0,1);
+ BN_MONT_CTX_set(mont,&n,ctx);
+
+ BN_nnmod(&a,&a,&n,ctx);
+ BN_nnmod(&b,&b,&n,ctx);
+
+ BN_to_montgomery(&A,&a,mont,ctx);
+ BN_to_montgomery(&B,&b,mont,ctx);
+
+ BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+ BN_from_montgomery(&A,&c,mont,ctx);/**/
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," * ");
+ BN_print(bp,&b);
+ BIO_puts(bp," % ");
+ BN_print(bp,&(mont->N));
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,&A);
+ BIO_puts(bp,"\n");
+ }
+ BN_mod_mul(&d,&a,&b,&n,ctx);
+ BN_sub(&d,&d,&A);
+ if(!BN_is_zero(&d))
+ {
+ fprintf(stderr,"Montgomery multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_MONT_CTX_free(mont);
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&A);
+ BN_free(&B);
+ BN_free(&n);
+ return(1);
+ }
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(a,1024,0,0); /**/
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(b,450+i*10,0,0); /**/
+ a->neg=rand_neg();
+ b->neg=rand_neg();
+ BN_mod(c,a,b,ctx);/**/
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," % ");
+ BN_print(bp,b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(d,e,a,b,ctx);
+ BN_sub(e,e,c);
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"Modulo test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i,j;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ for (j=0; j<3; j++) {
+ BN_bntest_rand(c,1024,0,0); /**/
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a,475+i*10,0,0); /**/
+ BN_bntest_rand(b,425+i*11,0,0); /**/
+ a->neg=rand_neg();
+ b->neg=rand_neg();
+ if (!BN_mod_mul(e,a,b,c,ctx))
+ {
+ unsigned long l;
+
+ while ((l=ERR_get_error()))
+ fprintf(stderr,"ERROR:%s\n",
+ ERR_error_string(l,NULL));
+ exit(1);
+ }
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ if ((a->neg ^ b->neg) && !BN_is_zero(e))
+ {
+ /* If (a*b) % c is negative, c must be added
+ * in order to obtain the normalized remainder
+ * (new with OpenSSL 0.9.7, previous versions of
+ * BN_mod_mul could generate negative results)
+ */
+ BIO_puts(bp," + ");
+ BN_print(bp,c);
+ }
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,e);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d,a,b,ctx);
+ BN_sub(d,d,e);
+ BN_div(a,b,d,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo multiply test failed!\n");
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp(d,a,b,c,ctx))
+ return(0);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+ return(00);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*d,*e,*one;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ d=BN_new();
+ e=BN_new();
+ one=BN_new();
+ BN_one(one);
+
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (BN_exp(d,a,b,ctx) <= 0)
+ return(0);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_one(e);
+ for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+ BN_mul(e,e,a,ctx);
+ BN_sub(e,e,d);
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"Exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(d);
+ BN_free(e);
+ BN_free(one);
+ return(1);
+ }
+#ifndef OPENSSL_NO_EC2M
+int test_gf2m_add(BIO *bp)
+ {
+ BIGNUM a,b,c;
+ int i, ret = 0;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_rand(&a,512,0,0);
+ BN_copy(&b, BN_value_one());
+ a.neg=rand_neg();
+ b.neg=rand_neg();
+ BN_GF2m_add(&c,&a,&b);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,&a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,&b);
+ BIO_puts(bp," = ");
+ }
+ BN_print(bp,&c);
+ BIO_puts(bp,"\n");
+ }
+#endif
+ /* Test that two added values have the correct parity. */
+ if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
+ {
+ fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
+ goto err;
+ }
+ BN_GF2m_add(&c,&c,&c);
+ /* Test that c + c = 0. */
+ if(!BN_is_zero(&c))
+ {
+ fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return ret;
+ }
+
+int test_gf2m_mod(BIO *bp)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod(c, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp," - ");
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, a, c);
+ BN_GF2m_mod(e, d, b[j]);
+ /* Test that a + (a mod p) mod p == 0. */
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"GF(2^m) modulo test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+ }
+
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+ g=BN_new();
+ h=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ BN_bntest_rand(c, 1024, 0, 0);
+ BN_bntest_rand(d, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,c);
+ BIO_puts(bp," % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp," - ");
+ BN_print(bp,e);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, a, d);
+ BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+ BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+ BN_GF2m_add(f, e, g);
+ BN_GF2m_add(f, f, h);
+ /* Test that (a+d)*c = a*c + d*c. */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ BN_free(g);
+ BN_free(h);
+ return ret;
+ }
+
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_sqr(c, a, b[j], ctx);
+ BN_copy(d, a);
+ BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ 2 % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, " = ");
+ BN_print(bp,c);
+ BIO_puts(bp,"; a * a = ");
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, c, d);
+ /* Test that a*a = a^2. */
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+ }
+
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_inv(c, a, b[j], ctx);
+ BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " * ");
+ BN_print(bp,c);
+ BIO_puts(bp," - 1 % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ /* Test that ((1/a)*a) = 1. */
+ if(!BN_is_one(d))
+ {
+ fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+ }
+
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_div(d, a, c, b[j], ctx);
+ BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+ BN_GF2m_mod_div(f, a, e, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " = ");
+ BN_print(bp,c);
+ BIO_puts(bp," * ");
+ BN_print(bp,d);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ /* Test that ((a/c)*c)/a = 1. */
+ if(!BN_is_one(f))
+ {
+ fprintf(stderr,"GF(2^m) modular division test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ BN_bntest_rand(d, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+ BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+ BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+ BN_add(f, c, d);
+ BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp, " ^ (");
+ BN_print(bp,c);
+ BIO_puts(bp," + ");
+ BN_print(bp,d);
+ BIO_puts(bp, ") = ");
+ BN_print(bp,e);
+ BIO_puts(bp, "; - ");
+ BN_print(bp,f);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, e, f);
+ /* Test that a^(c+d)=a^c*a^d. */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e,*f;
+ int i, j, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ f=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ BN_GF2m_mod(c, a, b[j]);
+ BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+ BN_GF2m_mod_sqr(e, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,d);
+ BIO_puts(bp, " ^ 2 - ");
+ BN_print(bp,a);
+ BIO_puts(bp,"\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, c, e);
+ /* Test that d^2 = a, where d = sqrt(a). */
+ if(!BN_is_zero(f))
+ {
+ fprintf(stderr,"GF(2^m) modular square root test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+ }
+
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b[2],*c,*d,*e;
+ int i, j, s = 0, t, ret = 0;
+ int p0[] = {163,7,6,3,0,-1};
+ int p1[] = {193,15,0,-1};
+
+ a=BN_new();
+ b[0]=BN_new();
+ b[1]=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i=0; i<num0; i++)
+ {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j=0; j < 2; j++)
+ {
+ t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+ if (t)
+ {
+ s++;
+ BN_GF2m_mod_sqr(d, c, b[j], ctx);
+ BN_GF2m_add(d, c, d);
+ BN_GF2m_mod(e, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,c);
+ BIO_puts(bp, " is root of z^2 + z = ");
+ BN_print(bp,a);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(e, e, d);
+ /* Test that solution of quadratic c satisfies c^2 + c = a. */
+ if(!BN_is_zero(e))
+ {
+ fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
+ goto err;
+ }
+
+ }
+ else
+ {
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BIO_puts(bp, "There are no roots of z^2 + z = ");
+ BN_print(bp,a);
+ BIO_puts(bp, " % ");
+ BN_print(bp,b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ }
+ }
+ }
+ if (s == 0)
+ {
+ fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
+ fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
+ goto err;
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+ }
+#endif
+static int genprime_cb(int p, int n, BN_GENCB *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ putc(c, stderr);
+ fflush(stderr);
+ return 1;
+ }
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+ {
+ BN_GENCB cb;
+ BIGNUM *a,*b,*r,*t;
+ int i;
+ int legendre, kronecker;
+ int ret = 0;
+
+ a = BN_new();
+ b = BN_new();
+ r = BN_new();
+ t = BN_new();
+ if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
+ * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
+ * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+ * So we generate a random prime b and compare these values
+ * for a number of random a's. (That is, we run the Solovay-Strassen
+ * primality test to confirm that b is prime, except that we
+ * don't want to test whether b is prime but whether BN_kronecker
+ * works.) */
+
+ if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
+ b->neg = rand_neg();
+ putc('\n', stderr);
+
+ for (i = 0; i < num0; i++)
+ {
+ if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+ a->neg = rand_neg();
+
+ /* t := (|b|-1)/2 (note that b is odd) */
+ if (!BN_copy(t, b)) goto err;
+ t->neg = 0;
+ if (!BN_sub_word(t, 1)) goto err;
+ if (!BN_rshift1(t, t)) goto err;
+ /* r := a^t mod b */
+ b->neg=0;
+
+ if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+ b->neg=1;
+
+ if (BN_is_word(r, 1))
+ legendre = 1;
+ else if (BN_is_zero(r))
+ legendre = 0;
+ else
+ {
+ if (!BN_add_word(r, 1)) goto err;
+ if (0 != BN_ucmp(r, b))
+ {
+ fprintf(stderr, "Legendre symbol computation failed\n");
+ goto err;
+ }
+ legendre = -1;
+ }
+
+ kronecker = BN_kronecker(a, b, ctx);
+ if (kronecker < -1) goto err;
+ /* we actually need BN_kronecker(a, |b|) */
+ if (a->neg && b->neg)
+ kronecker = -kronecker;
+
+ if (legendre != kronecker)
+ {
+ fprintf(stderr, "legendre != kronecker; a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", b = ");
+ BN_print_fp(stderr, b);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ ret = 1;
+ err:
+ if (a != NULL) BN_free(a);
+ if (b != NULL) BN_free(b);
+ if (r != NULL) BN_free(r);
+ if (t != NULL) BN_free(t);
+ return ret;
+ }
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+ {
+ BN_GENCB cb;
+ BIGNUM *a,*p,*r;
+ int i, j;
+ int ret = 0;
+
+ a = BN_new();
+ p = BN_new();
+ r = BN_new();
+ if (a == NULL || p == NULL || r == NULL) goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ for (i = 0; i < 16; i++)
+ {
+ if (i < 8)
+ {
+ unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+
+ if (!BN_set_word(p, primes[i])) goto err;
+ }
+ else
+ {
+ if (!BN_set_word(a, 32)) goto err;
+ if (!BN_set_word(r, 2*i + 1)) goto err;
+
+ if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
+ putc('\n', stderr);
+ }
+ p->neg = rand_neg();
+
+ for (j = 0; j < num2; j++)
+ {
+ /* construct 'a' such that it is a square modulo p,
+ * but in general not a proper square and not reduced modulo p */
+ if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+ if (!BN_nnmod(r, r, p, ctx)) goto err;
+ if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+ if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+ if (!BN_nnmod(a, a, p, ctx)) goto err;
+ if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+ if (!BN_mul(a, a, r, ctx)) goto err;
+ if (rand_neg())
+ if (!BN_sub(a, a, p)) goto err;
+
+ if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+ if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+
+ if (!BN_nnmod(a, a, p, ctx)) goto err;
+
+ if (BN_cmp(a, r) != 0)
+ {
+ fprintf(stderr, "BN_mod_sqrt failed: a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", r = ");
+ BN_print_fp(stderr, r);
+ fprintf(stderr, ", p = ");
+ BN_print_fp(stderr, p);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ }
+ ret = 1;
+ err:
+ if (a != NULL) BN_free(a);
+ if (p != NULL) BN_free(p);
+ if (r != NULL) BN_free(r);
+ return ret;
+ }
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+ {
+ BIGNUM *a,*b,*c,*d;
+ int i;
+
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ BN_one(c);
+
+ if(a_)
+ a=a_;
+ else
+ {
+ a=BN_new();
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ }
+ for (i=0; i<num0; i++)
+ {
+ BN_lshift(b,a,i+1);
+ BN_add(c,c,c);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d,a,c,ctx);
+ BN_sub(d,d,b);
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"Left shift test failed!\n");
+ fprintf(stderr,"a=");
+ BN_print_fp(stderr,a);
+ fprintf(stderr,"\nb=");
+ BN_print_fp(stderr,b);
+ fprintf(stderr,"\nc=");
+ BN_print_fp(stderr,c);
+ fprintf(stderr,"\nd=");
+ BN_print_fp(stderr,d);
+ fprintf(stderr,"\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ return(1);
+ }
+
+int test_lshift1(BIO *bp)
+ {
+ BIGNUM *a,*b,*c;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_lshift1(b,a);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * 2");
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_add(c,a,a);
+ BN_sub(a,b,c);
+ if(!BN_is_zero(a))
+ {
+ fprintf(stderr,"Left shift one test failed!\n");
+ return 0;
+ }
+
+ BN_copy(a,b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return(1);
+ }
+
+int test_rshift(BIO *bp,BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+ BN_one(c);
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_rshift(b,a,i+1);
+ BN_add(c,c,c);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," / ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_div(d,e,a,c,ctx);
+ BN_sub(d,d,b);
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr,"Right shift test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
+int test_rshift1(BIO *bp)
+ {
+ BIGNUM *a,*b,*c;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+
+ BN_bntest_rand(a,200,0,0); /**/
+ a->neg=rand_neg();
+ for (i=0; i<num0; i++)
+ {
+ BN_rshift1(b,a);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," / 2");
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,b);
+ BIO_puts(bp,"\n");
+ }
+ BN_sub(c,a,b);
+ BN_sub(c,c,b);
+ if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
+ {
+ fprintf(stderr,"Right shift one test failed!\n");
+ return 0;
+ }
+ BN_copy(a,b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return(1);
+ }
+
+int rand_neg(void)
+ {
+ static unsigned int neg=0;
+ static int sign[8]={0,0,0,1,1,0,1,1};
+
+ return(sign[(neg++)%8]);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= casttest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
+
+#include <openssl/cast.h>
+
+#define FULL_TEST
+
+static unsigned char k[16]={
+ 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+ 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+ };
+
+static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+
+static int k_len[3]={16,10,5};
+static unsigned char c[3][8]={
+ {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+ {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+ {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+ };
+static unsigned char out[80];
+
+static unsigned char in_a[16]={
+ 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+ 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+static unsigned char in_b[16]={
+ 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+ 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+
+static unsigned char c_a[16]={
+ 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+ 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+static unsigned char c_b[16]={
+ 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+ 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+
+#if 0
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+ 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+ 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+ };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+ {
+ 0x4e,0x6f,0x77,0x20,0x69,0x73,
+ 0x20,0x74,0x68,0x65,0x20,0x74,
+ 0x69,0x6d,0x65,0x20,0x66,0x6f,
+ 0x72,0x20,0x61,0x6c,0x6c,0x20
+ };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+ 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+ 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+ 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+ };
+#endif
+
+int main(int argc, char *argv[])
+ {
+#ifdef FULL_TEST
+ long l;
+ CAST_KEY key_b;
+#endif
+ int i,z,err=0;
+ CAST_KEY key;
+
+ for (z=0; z<3; z++)
+ {
+ CAST_set_key(&key,k_len[z],k);
+
+ CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+ if (memcmp(out,&(c[z][0]),8) != 0)
+ {
+ printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",c[z][i]);
+ err=20;
+ printf("\n");
+ }
+
+ CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+ if (memcmp(out,in,8) != 0)
+ {
+ printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",in[i]);
+ printf("\n");
+ err=3;
+ }
+ }
+ if (err == 0)
+ printf("ecb cast5 ok\n");
+
+#ifdef FULL_TEST
+ {
+ unsigned char out_a[16],out_b[16];
+ static char *hex="0123456789ABCDEF";
+
+ printf("This test will take some time....");
+ fflush(stdout);
+ memcpy(out_a,in_a,sizeof(in_a));
+ memcpy(out_b,in_b,sizeof(in_b));
+ i=1;
+
+ for (l=0; l<1000000L; l++)
+ {
+ CAST_set_key(&key_b,16,out_b);
+ CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+ CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+ CAST_set_key(&key,16,out_a);
+ CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+ CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+ if ((l & 0xffff) == 0xffff)
+ {
+ printf("%c",hex[i&0x0f]);
+ fflush(stdout);
+ i++;
+ }
+ }
+
+ if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+ (memcmp(out_b,c_b,sizeof(c_b)) != 0))
+ {
+ printf("\n");
+ printf("Error\n");
+
+ printf("A out =");
+ for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+ printf("\nactual=");
+ for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+ printf("\n");
+
+ printf("B out =");
+ for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+ printf("\nactual=");
+ for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+ printf("\n");
+ }
+ else
+ printf(" ok\n");
+ }
+#endif
+
+ exit(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= destest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <unistd.h>
+#include <string.h>
+
+#include <openssl/des.h>
+
+#define crypt(c,s) (DES_crypt((c),(s)))
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+ {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+ {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+ {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+ {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+ {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+ {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+ {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+ {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+ {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+ {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+ {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+ {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+ {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+ {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+ {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+ {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+ {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+ {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+ {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+ {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+ {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+ {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+
+static unsigned char plain_data[NUM_TESTS][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+ {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+ {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+ {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+ {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+ {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+ {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+ {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+ {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+ {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+ {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+ {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+ {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+ {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+ {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+ {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+ {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+ {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+ {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+
+static unsigned char cipher_data[NUM_TESTS][8]={
+ {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+ {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+ {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+ {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+ {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+ {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+ {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+ {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+ {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+ {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+ {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+ {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+ {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+ {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+ {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+ {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+ {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+ {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+ {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+ {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+ {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+ {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+ {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+ {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+ {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+ {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+ {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+ {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+ {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+ {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+ {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+ {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+ {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+ {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+ {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+ {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+ {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+ {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+ {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+ {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+ {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+ {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+ {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+ {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+ {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+ {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+ {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+ {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+ {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+ {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+ {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+ {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+ {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+ {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+ {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+ {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+ {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+ {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+ {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+ {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+ {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+ {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+ {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+ {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+ {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+ {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+ {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40]={
+ 0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+ 0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+ 0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+ 0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ };
+
+static unsigned char cbc_ok[32]={
+ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+ 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+ 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+ 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+#ifdef SCREW_THE_PARITY
+#error "SCREW_THE_PARITY is not ment to be defined."
+#error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char xcbc_ok[32]={
+ 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+ 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+ 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+ 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+ };
+#else
+static unsigned char xcbc_ok[32]={
+ 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
+ 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
+ 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
+ 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
+ };
+#endif
+
+static unsigned char cbc3_ok[32]={
+ 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+ 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+ 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+ 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+
+static unsigned char pcbc_ok[32]={
+ 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+ 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+ 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+ 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+ {
+ 0x4e,0x6f,0x77,0x20,0x69,0x73,
+ 0x20,0x74,0x68,0x65,0x20,0x74,
+ 0x69,0x6d,0x65,0x20,0x66,0x6f,
+ 0x72,0x20,0x61,0x6c,0x6c,0x20
+ };
+static unsigned char cfb_cipher8[24]= {
+ 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+ 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+ 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+ 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+ 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+ 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+ 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+ 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+ 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+ {
+ 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+ 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+ 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+ };
+
+#if 0
+static DES_LONG cbc_cksum_ret=0xB462FEF7L;
+#else
+static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
+#endif
+static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+ {
+ int j,err=0;
+ unsigned int i;
+ des_cblock in,out,outin,iv3,iv2;
+ des_key_schedule ks,ks2,ks3;
+ unsigned char cbc_in[40];
+ unsigned char cbc_out[40];
+ DES_LONG cs;
+ unsigned char cret[8];
+ DES_LONG lqret[4];
+ int num;
+ char *str;
+
+#ifndef OPENSSL_NO_DESCBCM
+ printf("Doing cbcm\n");
+ if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ memset(cbc_out,0,40);
+ memset(cbc_in,0,40);
+ i=strlen((char *)cbc_data)+1;
+ /* i=((i+7)/8)*8; */
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ memset(iv2,'\0',sizeof iv2);
+
+ DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
+ DES_ENCRYPT);
+ DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
+ &iv3,&iv2,DES_ENCRYPT);
+ /* if (memcmp(cbc_out,cbc3_ok,
+ (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+ {
+ printf("des_ede3_cbc_encrypt encrypt error\n");
+ err=1;
+ }
+ */
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ memset(iv2,'\0',sizeof iv2);
+ DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+ {
+ unsigned int n;
+
+ printf("des_ede3_cbcm_encrypt decrypt error\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc_data[n]);
+ printf("\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc_in[n]);
+ printf("\n");
+ err=1;
+ }
+#endif
+
+ printf("Doing ecb\n");
+ for (i=0; i<NUM_TESTS; i++)
+ {
+ DES_set_key_unchecked(&key_data[i],&ks);
+ memcpy(in,plain_data[i],8);
+ memset(out,0,8);
+ memset(outin,0,8);
+ des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+ des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
+
+ if (memcmp(out,cipher_data[i],8) != 0)
+ {
+ printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+ pt(out));
+ err=1;
+ }
+ if (memcmp(in,outin,8) != 0)
+ {
+ printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+ err=1;
+ }
+ }
+
+ printf("Doing ede ecb\n");
+ for (i=0; i<(NUM_TESTS-2); i++)
+ {
+ DES_set_key_unchecked(&key_data[i],&ks);
+ DES_set_key_unchecked(&key_data[i+1],&ks2);
+ DES_set_key_unchecked(&key_data[i+2],&ks3);
+ memcpy(in,plain_data[i],8);
+ memset(out,0,8);
+ memset(outin,0,8);
+ des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+ des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
+
+ if (memcmp(out,cipher_ecb2[i],8) != 0)
+ {
+ printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+ pt(out));
+ err=1;
+ }
+ if (memcmp(in,outin,8) != 0)
+ {
+ printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+ err=1;
+ }
+ }
+
+ printf("Doing cbc\n");
+ if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ memset(cbc_out,0,40);
+ memset(cbc_in,0,40);
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+ &iv3,DES_ENCRYPT);
+ if (memcmp(cbc_out,cbc_ok,32) != 0)
+ {
+ printf("cbc_encrypt encrypt error\n");
+ err=1;
+ }
+
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+ &iv3,DES_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+ {
+ printf("cbc_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("Doing desx cbc\n");
+ if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ memset(cbc_out,0,40);
+ memset(cbc_in,0,40);
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+ &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
+ if (memcmp(cbc_out,xcbc_ok,32) != 0)
+ {
+ printf("des_xcbc_encrypt encrypt error\n");
+ err=1;
+ }
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+ &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+ {
+ printf("des_xcbc_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("Doing ede cbc\n");
+ if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ memset(cbc_out,0,40);
+ memset(cbc_in,0,40);
+ i=strlen((char *)cbc_data)+1;
+ /* i=((i+7)/8)*8; */
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+
+ des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
+ DES_ENCRYPT);
+ des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+ &iv3,DES_ENCRYPT);
+ if (memcmp(cbc_out,cbc3_ok,
+ (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+ {
+ unsigned int n;
+
+ printf("des_ede3_cbc_encrypt encrypt error\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc_out[n]);
+ printf("\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc3_ok[n]);
+ printf("\n");
+ err=1;
+ }
+
+ memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+ des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+ {
+ unsigned int n;
+
+ printf("des_ede3_cbc_encrypt decrypt error\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc_data[n]);
+ printf("\n");
+ for(n=0 ; n < i ; ++n)
+ printf(" %02x",cbc_in[n]);
+ printf("\n");
+ err=1;
+ }
+
+ printf("Doing pcbc\n");
+ if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+ {
+ printf("Key error %d\n",j);
+ err=1;
+ }
+ memset(cbc_out,0,40);
+ memset(cbc_in,0,40);
+ des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+ &cbc_iv,DES_ENCRYPT);
+ if (memcmp(cbc_out,pcbc_ok,32) != 0)
+ {
+ printf("pcbc_encrypt encrypt error\n");
+ err=1;
+ }
+ des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+ DES_DECRYPT);
+ if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+ {
+ printf("pcbc_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("Doing ");
+ printf("cfb8 ");
+ err+=cfb_test(8,cfb_cipher8);
+ printf("cfb16 ");
+ err+=cfb_test(16,cfb_cipher16);
+ printf("cfb32 ");
+ err+=cfb_test(32,cfb_cipher32);
+ printf("cfb48 ");
+ err+=cfb_test(48,cfb_cipher48);
+ printf("cfb64 ");
+ err+=cfb_test(64,cfb_cipher64);
+
+ printf("cfb64() ");
+ err+=cfb64_test(cfb_cipher64);
+
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ for (i=0; i<sizeof(plain); i++)
+ des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+ 8,1,ks,&cfb_tmp,DES_ENCRYPT);
+ if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+ {
+ printf("cfb_encrypt small encrypt error\n");
+ err=1;
+ }
+
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ for (i=0; i<sizeof(plain); i++)
+ des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+ 8,1,ks,&cfb_tmp,DES_DECRYPT);
+ if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+ {
+ printf("cfb_encrypt small decrypt error\n");
+ err=1;
+ }
+
+ printf("ede_cfb64() ");
+ err+=ede_cfb64_test(cfb_cipher64);
+
+ printf("done\n");
+
+ printf("Doing ofb\n");
+ DES_set_key_checked(&ofb_key,&ks);
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
+ if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+ {
+ printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+ err=1;
+ }
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
+ if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+ {
+ printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+ err=1;
+ }
+
+ printf("Doing ofb64\n");
+ DES_set_key_checked(&ofb_key,&ks);
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ memset(ofb_buf1,0,sizeof(ofb_buf1));
+ memset(ofb_buf2,0,sizeof(ofb_buf1));
+ num=0;
+ for (i=0; i<sizeof(plain); i++)
+ {
+ des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+ &num);
+ }
+ if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+ {
+ printf("ofb64_encrypt encrypt error\n");
+ err=1;
+ }
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ num=0;
+ des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
+ &num);
+ if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+ {
+ printf("ofb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("Doing ede_ofb64\n");
+ DES_set_key_checked(&ofb_key,&ks);
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ memset(ofb_buf1,0,sizeof(ofb_buf1));
+ memset(ofb_buf2,0,sizeof(ofb_buf1));
+ num=0;
+ for (i=0; i<sizeof(plain); i++)
+ {
+ des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
+ ks,&ofb_tmp,&num);
+ }
+ if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+ {
+ printf("ede_ofb64_encrypt encrypt error\n");
+ err=1;
+ }
+ memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+ num=0;
+ des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
+ &ofb_tmp,&num);
+ if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+ {
+ printf("ede_ofb64_encrypt decrypt error\n");
+ err=1;
+ }
+
+ printf("Doing cbc_cksum\n");
+ DES_set_key_checked(&cbc_key,&ks);
+ cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
+ if (cs != cbc_cksum_ret)
+ {
+ printf("bad return value (%08lX), should be %08lX\n",
+ (unsigned long)cs,(unsigned long)cbc_cksum_ret);
+ err=1;
+ }
+ if (memcmp(cret,cbc_cksum_data,8) != 0)
+ {
+ printf("bad cbc_cksum block returned\n");
+ err=1;
+ }
+
+ printf("Doing quad_cksum\n");
+ cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
+ (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
+ if (cs != 0x70d7a63aL)
+ {
+ printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+ (unsigned long)cs);
+ err=1;
+ }
+ if (lqret[0] != 0x327eba8dL)
+ {
+ printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+ (unsigned long)lqret[0],0x327eba8dUL);
+ err=1;
+ }
+ if (lqret[1] != 0x201a49ccL)
+ {
+ printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+ (unsigned long)lqret[1],0x201a49ccUL);
+ err=1;
+ }
+ if (lqret[2] != 0x70d7a63aL)
+ {
+ printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+ (unsigned long)lqret[2],0x70d7a63aUL);
+ err=1;
+ }
+ if (lqret[3] != 0x501c2c26L)
+ {
+ printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+ (unsigned long)lqret[3],0x501c2c26UL);
+ err=1;
+ }
+
+ printf("input word alignment test");
+ for (i=0; i<4; i++)
+ {
+ printf(" %d",i);
+ des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+ strlen((char *)cbc_data)+1,ks,
+ &cbc_iv,DES_ENCRYPT);
+ }
+ printf("\noutput word alignment test");
+ for (i=0; i<4; i++)
+ {
+ printf(" %d",i);
+ des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+ strlen((char *)cbc_data)+1,ks,
+ &cbc_iv,DES_ENCRYPT);
+ }
+ printf("\n");
+ printf("fast crypt test ");
+ str=crypt("testing","ef");
+ if (strcmp("efGnQx2725bI2",str) != 0)
+ {
+ printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+ err=1;
+ }
+ str=crypt("bca76;23","yA");
+ if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+ {
+ printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+ err=1;
+ }
+ printf("\n");
+ return(err);
+ }
+
+static char *pt(unsigned char *p)
+ {
+ static char bufs[10][20];
+ static int bnum=0;
+ char *ret;
+ int i;
+ static char *f="0123456789ABCDEF";
+
+ ret= &(bufs[bnum++][0]);
+ bnum%=10;
+ for (i=0; i<8; i++)
+ {
+ ret[i*2]=f[(p[i]>>4)&0xf];
+ ret[i*2+1]=f[p[i]&0xf];
+ }
+ ret[16]='\0';
+ return(ret);
+ }
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+ {
+ des_key_schedule ks;
+ int i,err=0;
+
+ DES_set_key_checked(&cfb_key,&ks);
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+ DES_ENCRYPT);
+ if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("cfb_encrypt encrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+ DES_DECRYPT);
+ if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("cfb_encrypt decrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf1[i])));
+ }
+ return(err);
+ }
+
+static int cfb64_test(unsigned char *cfb_cipher)
+ {
+ des_key_schedule ks;
+ int err=0,i,n;
+
+ DES_set_key_checked(&cfb_key,&ks);
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ n=0;
+ des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+ des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+ &cfb_tmp,&n,DES_ENCRYPT);
+ if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("cfb_encrypt encrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ n=0;
+ des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+ des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+ sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+ if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("cfb_encrypt decrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf2[i])));
+ }
+ return(err);
+ }
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+ {
+ des_key_schedule ks;
+ int err=0,i,n;
+
+ DES_set_key_checked(&cfb_key,&ks);
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ n=0;
+ des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+ DES_ENCRYPT);
+ des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+ sizeof(plain)-12,ks,ks,ks,
+ &cfb_tmp,&n,DES_ENCRYPT);
+ if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("ede_cfb_encrypt encrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+ n=0;
+ des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+ &cfb_tmp,&n,DES_DECRYPT);
+ des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+ sizeof(plain)-17,ks,ks,ks,
+ &cfb_tmp,&n,DES_DECRYPT);
+ if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+ {
+ err=1;
+ printf("ede_cfb_encrypt decrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf2[i])));
+ }
+ return(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= dhtest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#include <openssl/dh.h>
+
+static int cb(int p, int n, BN_GENCB *arg);
+
+int main(int argc, char *argv[])
+ {
+ BN_GENCB _cb;
+ DH *a;
+ DH *b=NULL;
+ char buf[12];
+ unsigned char *abuf=NULL,*bbuf=NULL;
+ int i,alen,blen,aout,bout,ret=1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) exit(1);
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+ BN_GENCB_set(&_cb, &cb, out);
+ if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+ DH_GENERATOR_5, &_cb))
+ goto err;
+
+ if (!DH_check(a, &i)) goto err;
+ if (i & DH_CHECK_P_NOT_PRIME)
+ BIO_puts(out, "p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ BIO_puts(out, "p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ BIO_puts(out, "unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ BIO_puts(out, "the g value is not a generator\n");
+
+ BIO_puts(out,"\np =");
+ BN_print(out,a->p);
+ BIO_puts(out,"\ng =");
+ BN_print(out,a->g);
+ BIO_puts(out,"\n");
+
+ b=DH_new();
+ if (b == NULL) goto err;
+
+ b->p=BN_dup(a->p);
+ b->g=BN_dup(a->g);
+ if ((b->p == NULL) || (b->g == NULL)) goto err;
+
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+ if (!DH_generate_key(a)) goto err;
+ BIO_puts(out,"pri 1=");
+ BN_print(out,a->priv_key);
+ BIO_puts(out,"\npub 1=");
+ BN_print(out,a->pub_key);
+ BIO_puts(out,"\n");
+
+ if (!DH_generate_key(b)) goto err;
+ BIO_puts(out,"pri 2=");
+ BN_print(out,b->priv_key);
+ BIO_puts(out,"\npub 2=");
+ BN_print(out,b->pub_key);
+ BIO_puts(out,"\n");
+
+ alen=DH_size(a);
+ abuf=(unsigned char *)OPENSSL_malloc(alen);
+ aout=DH_compute_key(abuf,b->pub_key,a);
+
+ BIO_puts(out,"key1 =");
+ for (i=0; i<aout; i++)
+ {
+ snprintf(buf,sizeof buf,"%02X",abuf[i]);
+ BIO_puts(out,buf);
+ }
+ BIO_puts(out,"\n");
+
+ blen=DH_size(b);
+ bbuf=(unsigned char *)OPENSSL_malloc(blen);
+ bout=DH_compute_key(bbuf,a->pub_key,b);
+
+ BIO_puts(out,"key2 =");
+ for (i=0; i<bout; i++)
+ {
+ snprintf(buf,sizeof buf,"%02X",bbuf[i]);
+ BIO_puts(out,buf);
+ }
+ BIO_puts(out,"\n");
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+ {
+ fprintf(stderr,"Error in DH routines\n");
+ ret=1;
+ }
+ else
+ ret=0;
+err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL) OPENSSL_free(abuf);
+ if (bbuf != NULL) OPENSSL_free(bbuf);
+ if(b != NULL) DH_free(b);
+ if(a != NULL) DH_free(a);
+ BIO_free(out);
+ exit(ret);
+ }
+
+static int cb(int p, int n, BN_GENCB *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write(arg->arg,&c,1);
+ (void)BIO_flush(arg->arg);
+ return 1;
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= dsatest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+REGRESS_TARGETS=regress-dsatest
+
+regress-dsatest: ${PROG}
+ ./${PROG}
+ ./${PROG} -app2_1
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include <openssl/dsa.h>
+
+static int dsa_cb(int p, int n, BN_GENCB *arg);
+
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+ 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+ 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+ };
+
+static unsigned char out_p[]={
+ 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+ 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+ 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+ 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+ 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+ 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+ 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+ 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+ };
+
+static unsigned char out_q[]={
+ 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+ 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+ 0xda,0xce,0x91,0x5f,
+ };
+
+static unsigned char out_g[]={
+ 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+ 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+ 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+ 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+ 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+ 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+ 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+ 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+ };
+
+static const unsigned char str1[]="12345678901234567890";
+
+static BIO *bio_err=NULL;
+
+int main(int argc, char **argv)
+ {
+ BN_GENCB cb;
+ DSA *dsa=NULL;
+ int counter,ret=0,i,j;
+ unsigned char buf[256];
+ unsigned long h;
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ BIO_printf(bio_err,"test generation of DSA parameters\n");
+
+ BN_GENCB_set(&cb, dsa_cb, bio_err);
+ if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
+ seed, 20, &counter, &h, &cb))
+ goto end;
+
+ BIO_printf(bio_err,"seed\n");
+ for (i=0; i<20; i+=4)
+ {
+ BIO_printf(bio_err,"%02X%02X%02X%02X ",
+ seed[i],seed[i+1],seed[i+2],seed[i+3]);
+ }
+ BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
+
+ DSA_print(bio_err,dsa,0);
+ if (counter != 105)
+ {
+ BIO_printf(bio_err,"counter should be 105\n");
+ goto end;
+ }
+ if (h != 2)
+ {
+ BIO_printf(bio_err,"h should be 2\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->q,buf);
+ j=sizeof(out_q);
+ if ((i != j) || (memcmp(buf,out_q,i) != 0))
+ {
+ BIO_printf(bio_err,"q value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->p,buf);
+ j=sizeof(out_p);
+ if ((i != j) || (memcmp(buf,out_p,i) != 0))
+ {
+ BIO_printf(bio_err,"p value is wrong\n");
+ goto end;
+ }
+
+ i=BN_bn2bin(dsa->g,buf);
+ j=sizeof(out_g);
+ if ((i != j) || (memcmp(buf,out_g,i) != 0))
+ {
+ BIO_printf(bio_err,"g value is wrong\n");
+ goto end;
+ }
+
+ dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+
+ dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+
+end:
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (dsa != NULL) DSA_free(dsa);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ {
+ BIO_free(bio_err);
+ bio_err = NULL;
+ }
+ exit(!ret);
+ }
+
+static int dsa_cb(int p, int n, BN_GENCB *arg)
+ {
+ char c='*';
+ static int ok=0,num=0;
+
+ if (p == 0) { c='.'; num++; };
+ if (p == 1) c='+';
+ if (p == 2) { c='*'; ok++; }
+ if (p == 3) c='\n';
+ BIO_write(arg->arg,&c,1);
+ (void)BIO_flush(arg->arg);
+
+ if (!ok && (p == 0) && (num > 1))
+ {
+ BIO_printf((BIO *)arg,"error in dsatest\n");
+ return 0;
+ }
+ return 1;
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
+
+PROG= ectest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+
+#define ABORT do { \
+ fflush(stdout); \
+ fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+ ERR_print_errors_fp(stderr); \
+ exit(1); \
+} while (0)
+
+#define TIMING_BASE_PT 0
+#define TIMING_RAND_PT 1
+#define TIMING_SIMUL 2
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+ {
+ BIGNUM *n1, *n2, *order;
+ EC_POINT *P = EC_POINT_new(group);
+ EC_POINT *Q = EC_POINT_new(group);
+ BN_CTX *ctx = BN_CTX_new();
+
+ n1 = BN_new(); n2 = BN_new(); order = BN_new();
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
+ if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+ if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+ if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+ fprintf(stdout, " ok\n");
+ fprintf(stdout, "long/negative scalar tests ... ");
+ if (!BN_one(n1)) ABORT;
+ /* n1 = 1 - order */
+ if (!BN_sub(n1, n1, order)) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ /* n2 = 1 + order */
+ if (!BN_add(n2, order, BN_value_one())) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ /* n2 = (1 - order) * (1 + order) */
+ if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+ if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+ fprintf(stdout, "ok\n");
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ BN_free(n1);
+ BN_free(n2);
+ BN_free(order);
+ BN_CTX_free(ctx);
+ }
+
+static void prime_field_tests(void)
+ {
+ BN_CTX *ctx = NULL;
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group;
+ EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+ EC_POINT *P, *Q, *R;
+ BIGNUM *x, *y, *z;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+
+#if 1 /* optional */
+ ctx = BN_CTX_new();
+ if (!ctx) ABORT;
+#endif
+
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ if (!p || !a || !b) ABORT;
+
+ if (!BN_hex2bn(&p, "17")) ABORT;
+ if (!BN_hex2bn(&a, "1")) ABORT;
+ if (!BN_hex2bn(&b, "1")) ABORT;
+
+ group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+ * so that the library gets to choose the EC_METHOD */
+ if (!group) ABORT;
+
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ {
+ EC_GROUP *tmp;
+ tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+ if (!tmp) ABORT;
+ if (!EC_GROUP_copy(tmp, group)) ABORT;
+ EC_GROUP_free(group);
+ group = tmp;
+ }
+
+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
+ BN_print_fp(stdout, p);
+ fprintf(stdout, ")\n a = 0x");
+ BN_print_fp(stdout, a);
+ fprintf(stdout, "\n b = 0x");
+ BN_print_fp(stdout, b);
+ fprintf(stdout, "\n");
+
+ P = EC_POINT_new(group);
+ Q = EC_POINT_new(group);
+ R = EC_POINT_new(group);
+ if (!P || !Q || !R) ABORT;
+
+ if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ buf[0] = 0;
+ if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+ if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+ if (!x || !y || !z) ABORT;
+
+ if (!BN_hex2bn(&x, "D")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, Q, ctx))
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+ fprintf(stderr, "Point is not on curve: x = 0x");
+ BN_print_fp(stderr, x);
+ fprintf(stderr, ", y = 0x");
+ BN_print_fp(stderr, y);
+ fprintf(stderr, "\n");
+ ABORT;
+ }
+
+ fprintf(stdout, "A cyclic subgroup:\n");
+ k = 100;
+ do
+ {
+ if (k-- == 0) ABORT;
+
+ if (EC_POINT_is_at_infinity(group, P))
+ fprintf(stdout, " point at infinity\n");
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+
+ fprintf(stdout, " x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ }
+
+ if (!EC_POINT_copy(R, P)) ABORT;
+ if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+
+#if 0 /* optional */
+ {
+ EC_POINT *points[3];
+
+ points[0] = R;
+ points[1] = Q;
+ points[2] = P;
+ if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
+ }
+#endif
+
+ }
+ while (!EC_POINT_is_at_infinity(group, P));
+
+ if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "Generator as octet string, compressed form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+
+ if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
+ fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", Y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, ", Z = 0x");
+ BN_print_fp(stdout, z);
+ fprintf(stdout, "\n");
+
+ if (!EC_POINT_invert(group, P, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+ /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
+ * -- not a NIST curve, but commonly used */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
+ if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 160) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_160, group)) ABORT;
+
+
+ /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 192) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_192, group)) ABORT;
+
+
+ /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
+ if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 224) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_224, group)) ABORT;
+
+
+ /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+ "84F3B9CAC2FC632551")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 256) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+ /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+ "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+ "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+ "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 384) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+ /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+ if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+ "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+ "DF883D2C34F1EF451FD46B503F00")) ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+ if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+ "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+ "3C1856A429BF97E7E31C2E5BD66")) ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+ "C9B8899C47AEBB6FB71E91386409")) ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+ fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+ "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+ "7086A272C24088BE94769FD16650")) ABORT;
+ if (0 != BN_cmp(y, z)) ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 521) ABORT;
+ fprintf(stdout, " ok\n");
+
+ group_order_tests(group);
+
+ if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+ if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+ /* more tests using the last curve */
+
+ if (!EC_POINT_copy(Q, P)) ABORT;
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+ if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+ if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+ {
+ const EC_POINT *points[4];
+ const BIGNUM *scalars[4];
+ BIGNUM scalar3;
+
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+ points[3] = Q;
+
+ if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+ if (!BN_add(y, z, BN_value_one())) ABORT;
+ if (BN_is_odd(y)) ABORT;
+ if (!BN_rshift1(y, y)) ABORT;
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ fprintf(stdout, "combined multiplication ...");
+ fflush(stdout);
+
+ /* z is still the group order */
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+ if (!BN_add(z, z, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+ if (!BN_add(z, x, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ BN_init(&scalar3);
+ BN_zero(&scalar3);
+ scalars[3] = &scalar3;
+
+ if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, " ok\n\n");
+
+ BN_free(&scalar3);
+ }
+
+
+ if (ctx)
+ BN_CTX_free(ctx);
+ BN_free(p); BN_free(a); BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x); BN_free(y); BN_free(z);
+
+ if (P_160) EC_GROUP_free(P_160);
+ if (P_192) EC_GROUP_free(P_192);
+ if (P_224) EC_GROUP_free(P_224);
+ if (P_256) EC_GROUP_free(P_256);
+ if (P_384) EC_GROUP_free(P_384);
+ if (P_521) EC_GROUP_free(P_521);
+
+ }
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
+ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+ if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+ fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
+ BN_print_fp(stdout, x); \
+ fprintf(stdout, "\n y = 0x"); \
+ BN_print_fp(stdout, y); \
+ fprintf(stdout, "\n"); \
+ /* G_y value taken from the standard: */ \
+ if (!BN_hex2bn(&z, _y)) ABORT; \
+ if (0 != BN_cmp(y, z)) ABORT;
+#else
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
+ if (!BN_hex2bn(&y, _y)) ABORT; \
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+ if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+ fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
+ BN_print_fp(stdout, x); \
+ fprintf(stdout, "\n y = 0x"); \
+ BN_print_fp(stdout, y); \
+ fprintf(stdout, "\n");
+#endif
+
+#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&p, _p)) ABORT; \
+ if (!BN_hex2bn(&a, _a)) ABORT; \
+ if (!BN_hex2bn(&b, _b)) ABORT; \
+ if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+ CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ fprintf(stdout, "verify degree ..."); \
+ if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+ fprintf(stdout, " ok\n"); \
+ group_order_tests(group); \
+ if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
+ if (!EC_GROUP_copy(_variable, group)) ABORT; \
+
+#ifndef OPENSSL_NO_EC2M
+
+static void char2_field_tests(void)
+ {
+ BN_CTX *ctx = NULL;
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group;
+ EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
+ EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
+ EC_POINT *P, *Q, *R;
+ BIGNUM *x, *y, *z, *cof;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+
+#if 1 /* optional */
+ ctx = BN_CTX_new();
+ if (!ctx) ABORT;
+#endif
+
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ if (!p || !a || !b) ABORT;
+
+ if (!BN_hex2bn(&p, "13")) ABORT;
+ if (!BN_hex2bn(&a, "3")) ABORT;
+ if (!BN_hex2bn(&b, "1")) ABORT;
+
+ group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
+ * so that the library gets to choose the EC_METHOD */
+ if (!group) ABORT;
+ if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+ {
+ EC_GROUP *tmp;
+ tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+ if (!tmp) ABORT;
+ if (!EC_GROUP_copy(tmp, group)) ABORT;
+ EC_GROUP_free(group);
+ group = tmp;
+ }
+
+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+ fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
+ BN_print_fp(stdout, p);
+ fprintf(stdout, ")\n a = 0x");
+ BN_print_fp(stdout, a);
+ fprintf(stdout, "\n b = 0x");
+ BN_print_fp(stdout, b);
+ fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+ P = EC_POINT_new(group);
+ Q = EC_POINT_new(group);
+ R = EC_POINT_new(group);
+ if (!P || !Q || !R) ABORT;
+
+ if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ buf[0] = 0;
+ if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+ if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+ cof = BN_new();
+ if (!x || !y || !z || !cof) ABORT;
+
+ if (!BN_hex2bn(&x, "6")) ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+ if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
+#else
+ if (!BN_hex2bn(&y, "8")) ABORT;
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+ if (!EC_POINT_is_on_curve(group, Q, ctx))
+ {
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+ fprintf(stderr, "Point is not on curve: x = 0x");
+ BN_print_fp(stderr, x);
+ fprintf(stderr, ", y = 0x");
+ BN_print_fp(stderr, y);
+ fprintf(stderr, "\n");
+ ABORT;
+ }
+
+ fprintf(stdout, "A cyclic subgroup:\n");
+ k = 100;
+ do
+ {
+ if (k-- == 0) ABORT;
+
+ if (EC_POINT_is_at_infinity(group, P))
+ fprintf(stdout, " point at infinity\n");
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
+
+ fprintf(stdout, " x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ }
+
+ if (!EC_POINT_copy(R, P)) ABORT;
+ if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+ }
+ while (!EC_POINT_is_at_infinity(group, P));
+
+ if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "Generator as octet string, compressed form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+ len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+ if (len == 0) ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+ fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
+ for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+
+ fprintf(stdout, "\n");
+
+ if (!EC_POINT_invert(group, P, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+ /* Curve K-163 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve K-163",
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "1",
+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+ 1,
+ "04000000000000000000020108A2E0CC0D99F8A5EF",
+ "2",
+ 163,
+ C2_K163
+ );
+
+ /* Curve B-163 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve B-163",
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "020A601907B8C953CA1481EB10512F78744A3205FD",
+ "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+ 1,
+ "040000000000000000000292FE77E70C12A4234C33",
+ "2",
+ 163,
+ C2_B163
+ );
+
+ /* Curve K-233 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve K-233",
+ "020000000000000000000000000000000000000004000000000000000001",
+ "0",
+ "1",
+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+ 0,
+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+ "4",
+ 233,
+ C2_K233
+ );
+
+ /* Curve B-233 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve B-233",
+ "020000000000000000000000000000000000000004000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+ 1,
+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+ "2",
+ 233,
+ C2_B233
+ );
+
+ /* Curve K-283 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve K-283",
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "0",
+ "1",
+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+ 0,
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+ "4",
+ 283,
+ C2_K283
+ );
+
+ /* Curve B-283 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve B-283",
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "000000000000000000000000000000000000000000000000000000000000000000000001",
+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+ 1,
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+ "2",
+ 283,
+ C2_B283
+ );
+
+ /* Curve K-409 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve K-409",
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "0",
+ "1",
+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+ 1,
+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+ "4",
+ 409,
+ C2_K409
+ );
+
+ /* Curve B-409 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve B-409",
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+ 1,
+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+ "2",
+ 409,
+ C2_B409
+ );
+
+ /* Curve K-571 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve K-571",
+ "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "0",
+ "1",
+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+ 0,
+ "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+ "4",
+ 571,
+ C2_K571
+ );
+
+ /* Curve B-571 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ (
+ "NIST curve B-571",
+ "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+ 1,
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+ "2",
+ 571,
+ C2_B571
+ );
+
+ /* more tests using the last curve */
+
+ if (!EC_POINT_copy(Q, P)) ABORT;
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+ if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+ if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+ {
+ const EC_POINT *points[3];
+ const BIGNUM *scalars[3];
+
+ if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+
+ if (!BN_add(y, z, BN_value_one())) ABORT;
+ if (BN_is_odd(y)) ABORT;
+ if (!BN_rshift1(y, y)) ABORT;
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ fprintf(stdout, "combined multiplication ...");
+ fflush(stdout);
+
+ /* z is still the group order */
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+ if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+ if (!BN_add(z, z, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+ if (!BN_add(z, x, y)) ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+ if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+ fprintf(stdout, " ok\n\n");
+ }
+
+
+ if (ctx)
+ BN_CTX_free(ctx);
+ BN_free(p); BN_free(a); BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
+
+ if (C2_K163) EC_GROUP_free(C2_K163);
+ if (C2_B163) EC_GROUP_free(C2_B163);
+ if (C2_K233) EC_GROUP_free(C2_K233);
+ if (C2_B233) EC_GROUP_free(C2_B233);
+ if (C2_K283) EC_GROUP_free(C2_K283);
+ if (C2_B283) EC_GROUP_free(C2_B283);
+ if (C2_K409) EC_GROUP_free(C2_K409);
+ if (C2_B409) EC_GROUP_free(C2_B409);
+ if (C2_K571) EC_GROUP_free(C2_K571);
+ if (C2_B571) EC_GROUP_free(C2_B571);
+
+ }
+#endif
+
+static void internal_curve_test(void)
+ {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ int ok = 1;
+
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL)
+ return;
+
+ if (!EC_get_builtin_curves(curves, crv_len))
+ {
+ OPENSSL_free(curves);
+ return;
+ }
+
+ fprintf(stdout, "testing internal curves: ");
+
+ for (n = 0; n < crv_len; n++)
+ {
+ EC_GROUP *group = NULL;
+ int nid = curves[n].nid;
+ if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+ {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ /* try next curve */
+ continue;
+ }
+ if (!EC_GROUP_check(group, NULL))
+ {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_check() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ EC_GROUP_free(group);
+ /* try the next curve */
+ continue;
+ }
+ fprintf(stdout, ".");
+ fflush(stdout);
+ EC_GROUP_free(group);
+ }
+ if (ok)
+ fprintf(stdout, " ok\n\n");
+ else
+ {
+ fprintf(stdout, " failed\n\n");
+ ABORT;
+ }
+ OPENSSL_free(curves);
+ return;
+ }
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3. */
+struct nistp_test_params
+ {
+ const EC_METHOD* (*meth) ();
+ int degree;
+ /* Qx, Qy and D are taken from
+ * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+ * Otherwise, values are standard curve parameters from FIPS 180-3 */
+ const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+ };
+
+static const struct nistp_test_params nistp_tests_params[] =
+ {
+ {
+ /* P-224 */
+ EC_GFp_nistp224_method,
+ 224,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
+ "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
+ "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
+ "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
+ },
+ {
+ /* P-256 */
+ EC_GFp_nistp256_method,
+ 256,
+ "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
+ "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
+ "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
+ "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
+ "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
+ "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
+ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
+ "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
+ "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
+ },
+ {
+ /* P-521 */
+ EC_GFp_nistp521_method,
+ 521,
+ "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
+ "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
+ "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
+ "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
+ "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
+ "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
+ "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
+ "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
+ "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
+ },
+ };
+
+void nistp_single_test(const struct nistp_test_params *test)
+ {
+ BN_CTX *ctx;
+ BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+ EC_GROUP *NISTP;
+ EC_POINT *G, *P, *Q, *Q_CHECK;
+
+ fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
+ ctx = BN_CTX_new();
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ x = BN_new(); y = BN_new();
+ m = BN_new(); n = BN_new(); order = BN_new();
+
+ NISTP = EC_GROUP_new(test->meth());
+ if(!NISTP) ABORT;
+ if (!BN_hex2bn(&p, test->p)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+ if (!BN_hex2bn(&a, test->a)) ABORT;
+ if (!BN_hex2bn(&b, test->b)) ABORT;
+ if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
+ G = EC_POINT_new(NISTP);
+ P = EC_POINT_new(NISTP);
+ Q = EC_POINT_new(NISTP);
+ Q_CHECK = EC_POINT_new(NISTP);
+ if(!BN_hex2bn(&x, test->Qx)) ABORT;
+ if(!BN_hex2bn(&y, test->Qy)) ABORT;
+ if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
+ if (!BN_hex2bn(&x, test->Gx)) ABORT;
+ if (!BN_hex2bn(&y, test->Gy)) ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
+ if (!BN_hex2bn(&order, test->order)) ABORT;
+ if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+
+ fprintf(stdout, "verify degree ... ");
+ if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
+ fprintf(stdout, "ok\n");
+
+ fprintf(stdout, "NIST test vectors ... ");
+ if (!BN_hex2bn(&n, test->d)) ABORT;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* set generator to P = 2*G, where G is the standard generator */
+ if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
+ if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
+ /* set the scalar to m=n/2, where n is the NIST test scalar */
+ if (!BN_rshift(m, n, 1)) ABORT;
+
+ /* test the non-standard generator */
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* now repeat all tests with precomputation */
+ if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
+
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ /* reset generator */
+ if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+ /* fixed point multiplication */
+ EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+ /* random point multiplication */
+ EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+ if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+ fprintf(stdout, "ok\n");
+ group_order_tests(NISTP);
+ EC_GROUP_free(NISTP);
+ EC_POINT_free(G);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(Q_CHECK);
+ BN_free(n);
+ BN_free(m);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ BN_free(x);
+ BN_free(y);
+ BN_free(order);
+ BN_CTX_free(ctx);
+ }
+
+void nistp_tests()
+ {
+ unsigned i;
+
+ for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
+ {
+ nistp_single_test(&nistp_tests_params[i]);
+ }
+ }
+#endif
+
+int main(int argc, char *argv[])
+ {
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+ {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ }
+ else
+ {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
+
+ prime_field_tests();
+ puts("");
+#ifndef OPENSSL_NO_EC2M
+ char2_field_tests();
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ nistp_tests();
+#endif
+ /* test the internal curves */
+ internal_curve_test();
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks_fp(stderr);
+
+ return 0;
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
+
+PROG= ecdhtest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+ {
+#ifndef OPENSSL_NO_SHA
+ if (*outlen < SHA_DIGEST_LENGTH)
+ return NULL;
+ else
+ *outlen = SHA_DIGEST_LENGTH;
+ return SHA1(in, inlen, out);
+#else
+ return NULL;
+#endif
+ }
+
+
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+ {
+ EC_KEY *a=NULL;
+ EC_KEY *b=NULL;
+ BIGNUM *x_a=NULL, *y_a=NULL,
+ *x_b=NULL, *y_b=NULL;
+ char buf[12];
+ unsigned char *abuf=NULL,*bbuf=NULL;
+ int i,alen,blen,aout,bout,ret=0;
+ const EC_GROUP *group;
+
+ a = EC_KEY_new_by_curve_name(nid);
+ b = EC_KEY_new_by_curve_name(nid);
+ if (a == NULL || b == NULL)
+ goto err;
+
+ group = EC_KEY_get0_group(a);
+
+ if ((x_a=BN_new()) == NULL) goto err;
+ if ((y_a=BN_new()) == NULL) goto err;
+ if ((x_b=BN_new()) == NULL) goto err;
+ if ((y_b=BN_new()) == NULL) goto err;
+
+ BIO_puts(out,"Testing key generation with ");
+ BIO_puts(out,text);
+ (void)BIO_flush(out);
+
+ if (!EC_KEY_generate_key(a)) goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group,
+ EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+ }
+#ifndef OPENSSL_NO_EC2M
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+ }
+#endif
+ BIO_printf(out," .");
+ (void)BIO_flush(out);
+
+ if (!EC_KEY_generate_key(b)) goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
+ {
+ if (!EC_POINT_get_affine_coordinates_GFp(group,
+ EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+ }
+#ifndef OPENSSL_NO_EC2M
+ else
+ {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+ }
+#endif
+
+ BIO_printf(out,".");
+ (void)BIO_flush(out);
+
+ alen=KDF1_SHA1_len;
+ abuf=(unsigned char *)OPENSSL_malloc(alen);
+ aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
+
+ BIO_printf(out,".");
+ (void)BIO_flush(out);
+
+ blen=KDF1_SHA1_len;
+ bbuf=(unsigned char *)OPENSSL_malloc(blen);
+ bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
+
+ BIO_printf(out,".");
+ (void)BIO_flush(out);
+
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+ {
+ BIO_printf(out, " failed\n\n");
+ BIO_printf(out, "key a:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(a));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_a);
+ BIO_printf(out, ",");
+ BN_print(out, y_a);
+ BIO_printf(out, "\nkey b:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(b));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_b);
+ BIO_printf(out, ",");
+ BN_print(out, y_b);
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key a: ");
+ for (i=0; i<bout; i++)
+ {
+ snprintf(buf, sizeof buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key b: ");
+ for (i=0; i<aout; i++)
+ {
+ snprintf(buf, sizeof buf, "%02X", abuf[i]);
+ BIO_puts(out,buf);
+ }
+ BIO_printf(out, "\n");
+ fprintf(stderr,"Error in ECDH routines\n");
+ ret=0;
+ }
+ else
+ {
+ BIO_printf(out, " ok\n");
+ ret=1;
+ }
+err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL) OPENSSL_free(abuf);
+ if (bbuf != NULL) OPENSSL_free(bbuf);
+ if (x_a) BN_free(x_a);
+ if (y_a) BN_free(y_a);
+ if (x_b) BN_free(x_b);
+ if (y_b) BN_free(y_b);
+ if (b) EC_KEY_free(b);
+ if (a) EC_KEY_free(a);
+ return(ret);
+ }
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx=NULL;
+ int ret=1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL) exit(1);
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+ /* NIST PRIME CURVES TESTS */
+ if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+#ifndef OPENSSL_NO_EC2M
+ /* NIST BINARY CURVES TESTS */
+ if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+ if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+#endif
+
+ ret = 0;
+
+err:
+ ERR_print_errors_fp(stderr);
+ if (ctx) BN_CTX_free(ctx);
+ BIO_free(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks_fp(stderr);
+ exit(ret);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
+
+PROG= ecdsatest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
+ {
+ /* save old rand method */
+ if ((old_rand = RAND_get_rand_method()) == NULL)
+ return 0;
+
+ fake_rand.seed = old_rand->seed;
+ fake_rand.cleanup = old_rand->cleanup;
+ fake_rand.add = old_rand->add;
+ fake_rand.status = old_rand->status;
+ /* use own random function */
+ fake_rand.bytes = fbytes;
+ fake_rand.pseudorand = old_rand->bytes;
+ /* set new RAND_METHOD */
+ if (!RAND_set_rand_method(&fake_rand))
+ return 0;
+ return 1;
+ }
+
+int restore_rand(void)
+ {
+ if (!RAND_set_rand_method(old_rand))
+ return 0;
+ else
+ return 1;
+ }
+
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+ "651056770906015076056810763456358567190100156695615665659",
+ "6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
+ "7000000175690566466555057817571571075705015757757057795755"
+ "55657156756655",
+ "1275552191113212300012030439187146164646146646466749494799",
+ "1542725565216523985789236956265265265235675811949404040041",
+ "1456427555219115346513212300075341203043918714616464614664"
+ "64667494947990",
+ "1712787255652165239672857892369562652652652356758119494040"
+ "40041670216363"};
+
+int fbytes(unsigned char *buf, int num)
+ {
+ int ret;
+ BIGNUM *tmp = NULL;
+
+ if (fbytes_counter >= 8)
+ return 0;
+ tmp = BN_new();
+ if (!tmp)
+ return 0;
+ if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+ {
+ BN_free(tmp);
+ return 0;
+ }
+ fbytes_counter ++;
+ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+ ret = 0;
+ else
+ ret = 1;
+ if (tmp)
+ BN_free(tmp);
+ return ret;
+ }
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+ {
+ int ret = 0;
+ const char message[] = "abc";
+ unsigned char digest[20];
+ unsigned int dgst_len = 0;
+ EVP_MD_CTX md_ctx;
+ EC_KEY *key = NULL;
+ ECDSA_SIG *signature = NULL;
+ BIGNUM *r = NULL, *s = NULL;
+
+ EVP_MD_CTX_init(&md_ctx);
+ /* get the message digest */
+ EVP_DigestInit(&md_ctx, EVP_ecdsa());
+ EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+ EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+ BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+ /* create the key */
+ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+ goto x962_int_err;
+ if (!EC_KEY_generate_key(key))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create the signature */
+ signature = ECDSA_do_sign(digest, 20, key);
+ if (signature == NULL)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* compare the created signature with the expected signature */
+ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+ goto x962_int_err;
+ if (!BN_dec2bn(&r, r_in) ||
+ !BN_dec2bn(&s, s_in))
+ goto x962_int_err;
+ if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify the signature */
+ if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ ret = 1;
+x962_int_err:
+ if (!ret)
+ BIO_printf(out, " failed\n");
+ if (key)
+ EC_KEY_free(key);
+ if (signature)
+ ECDSA_SIG_free(signature);
+ if (r)
+ BN_free(r);
+ if (s)
+ BN_free(s);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return ret;
+ }
+
+int x9_62_tests(BIO *out)
+ {
+ int ret = 0;
+
+ BIO_printf(out, "some tests from X9.62:\n");
+
+ /* set own rand method */
+ if (!change_rand())
+ goto x962_err;
+
+ if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+ "3342403536405981729393488334694600415596881826869351677613",
+ "5735822328888155254683894997897571951568553642892029982342"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+ "3086361431751678114926225473006680188549593787585317781474"
+ "62058306432176",
+ "3238135532097973577080787768312505059318910517550078427819"
+ "78505179448783"))
+ goto x962_err;
+#ifndef OPENSSL_NO_EC2M
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+ "87194383164871543355722284926904419997237591535066528048",
+ "308992691965804947361541664549085895292153777025772063598"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+ "2159633321041961198501834003903461262881815148684178964245"
+ "5876922391552",
+ "1970303740007316867383349976549972270528498040721988191026"
+ "49413465737174"))
+ goto x962_err;
+#endif
+ ret = 1;
+x962_err:
+ if (!restore_rand())
+ ret = 0;
+ return ret;
+ }
+
+int test_builtin(BIO *out)
+ {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ EC_KEY *eckey = NULL, *wrong_eckey = NULL;
+ EC_GROUP *group;
+ ECDSA_SIG *ecdsa_sig = NULL;
+ unsigned char digest[20], wrong_digest[20];
+ unsigned char *signature = NULL;
+ const unsigned char *sig_ptr;
+ unsigned char *sig_ptr2;
+ unsigned char *raw_buf = NULL;
+ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+ int nid, ret = 0;
+
+ /* fill digest values with some random data */
+ if (!RAND_pseudo_bytes(digest, 20) ||
+ !RAND_pseudo_bytes(wrong_digest, 20))
+ {
+ BIO_printf(out, "ERROR: unable to get random data\n");
+ goto builtin_err;
+ }
+
+ /* create and verify a ecdsa signature with every availble curve
+ * (with ) */
+ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+ "with some internal curves:\n");
+
+ /* get a list of all internal curves */
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL)
+ {
+ BIO_printf(out, "malloc error\n");
+ goto builtin_err;
+ }
+
+ if (!EC_get_builtin_curves(curves, crv_len))
+ {
+ BIO_printf(out, "unable to get internal curves\n");
+ goto builtin_err;
+ }
+
+ /* now create and verify a signature for every curve */
+ for (n = 0; n < crv_len; n++)
+ {
+ unsigned char dirt, offset;
+
+ nid = curves[n].nid;
+ if (nid == NID_ipsec4)
+ continue;
+ /* create new ecdsa key (== EC_KEY) */
+ if ((eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+ if (degree < 160)
+ /* drop the curve */
+ {
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ continue;
+ }
+ BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+ /* create key */
+ if (!EC_KEY_generate_key(eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /* create second key */
+ if ((wrong_eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(wrong_eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ if (!EC_KEY_generate_key(wrong_eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* check key */
+ if (!EC_KEY_check_key(eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create signature */
+ sig_len = ECDSA_size(eckey);
+ if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+ goto builtin_err;
+ if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature with the wrong key */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len,
+ wrong_eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong digest */
+ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+ eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong length */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
+ eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ /* Modify a single byte of the signature: to ensure we don't
+ * garble the ASN1 structure, we read the raw signature and
+ * modify a byte in one of the bignums directly. */
+ sig_ptr = signature;
+ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ /* Store the two BIGNUMs in raw_buf. */
+ r_len = BN_num_bytes(ecdsa_sig->r);
+ s_len = BN_num_bytes(ecdsa_sig->s);
+ bn_len = (degree + 7) / 8;
+ if ((r_len > bn_len) || (s_len > bn_len))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ buf_len = 2 * bn_len;
+ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+ goto builtin_err;
+ /* Pad the bignums with leading zeroes. */
+ memset(raw_buf, 0, buf_len);
+ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+
+ /* Modify a single byte in the buffer. */
+ offset = raw_buf[10] % buf_len;
+ dirt = raw_buf[11] ? raw_buf[11] : 1;
+ raw_buf[offset] ^= dirt;
+ /* Now read the BIGNUMs back in from raw_buf. */
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /* Sanity check: undo the modification and verify signature. */
+ raw_buf[offset] ^= dirt;
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ /* cleanup */
+ /* clean bogus errors */
+ ERR_clear_error();
+ OPENSSL_free(signature);
+ signature = NULL;
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ EC_KEY_free(wrong_eckey);
+ wrong_eckey = NULL;
+ ECDSA_SIG_free(ecdsa_sig);
+ ecdsa_sig = NULL;
+ OPENSSL_free(raw_buf);
+ raw_buf = NULL;
+ }
+
+ ret = 1;
+builtin_err:
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (wrong_eckey)
+ EC_KEY_free(wrong_eckey);
+ if (ecdsa_sig)
+ ECDSA_SIG_free(ecdsa_sig);
+ if (signature)
+ OPENSSL_free(signature);
+ if (raw_buf)
+ OPENSSL_free(raw_buf);
+ if (curves)
+ OPENSSL_free(curves);
+
+ return ret;
+ }
+
+int main(void)
+ {
+ int ret = 1;
+ BIO *out;
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
+ (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+ {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ }
+ else
+ {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ /* the tests */
+ if (!x9_62_tests(out)) goto err;
+ if (!test_builtin(out)) goto err;
+
+ ret = 0;
+err:
+ if (ret)
+ BIO_printf(out, "\nECDSA test failed\n");
+ else
+ BIO_printf(out, "\nECDSA test passed\n");
+ if (ret)
+ ERR_print_errors(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(out);
+ if (out != NULL)
+ BIO_free(out);
+ return ret;
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= evptest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+REGRESS_TARGETS=regress-evptest
+
+regress-evptest: ${PROG}
+ ./${PROG} ${.CURDIR}/evptests.txt
+
+.include <bsd.regress.mk>
--- /dev/null
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+ {
+ int n=0;
+
+ fprintf(f,"%s",title);
+ for( ; n < l ; ++n)
+ {
+ if((n%16) == 0)
+ fprintf(f,"\n%04x",n);
+ fprintf(f," %02x",s[n]);
+ }
+ fprintf(f,"\n");
+ }
+
+static int convert(unsigned char *s)
+ {
+ unsigned char *d;
+
+ for(d=s ; *s ; s+=2,++d)
+ {
+ unsigned int n;
+
+ if(!s[1])
+ {
+ fprintf(stderr,"Odd number of hex digits!");
+ exit(4);
+ }
+ sscanf((char *)s,"%2x",&n);
+ *d=(unsigned char)n;
+ }
+ return s-d;
+ }
+
+static char *sstrsep(char **string, const char *delim)
+ {
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, 256);
+ isdelim[0] = 1;
+
+ while (*delim)
+ {
+ isdelim[(unsigned char)(*delim)] = 1;
+ delim++;
+ }
+
+ while (!isdelim[(unsigned char)(**string)])
+ {
+ (*string)++;
+ }
+
+ if (**string)
+ {
+ **string = 0;
+ (*string)++;
+ }
+
+ return token;
+ }
+
+static unsigned char *ustrsep(char **p,const char *sep)
+ { return (unsigned char *)sstrsep(p,sep); }
+
+static int test1_exit(int ec)
+ {
+ exit(ec);
+ return(0); /* To keep some compilers quiet */
+ }
+
+static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
+ const unsigned char *iv,int in,
+ const unsigned char *plaintext,int pn,
+ const unsigned char *ciphertext,int cn,
+ int encdec)
+ {
+ EVP_CIPHER_CTX ctx;
+ unsigned char out[4096];
+ int outl,outl2;
+
+ printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
+ (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+ hexdump(stdout,"Key",key,kn);
+ if(in)
+ hexdump(stdout,"IV",iv,in);
+ hexdump(stdout,"Plaintext",plaintext,pn);
+ hexdump(stdout,"Ciphertext",ciphertext,cn);
+
+ if(kn != c->key_len)
+ {
+ fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
+ (unsigned long)c->key_len);
+ test1_exit(5);
+ }
+ EVP_CIPHER_CTX_init(&ctx);
+ if (encdec != 0)
+ {
+ if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
+ {
+ fprintf(stderr,"EncryptInit failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(10);
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+ if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
+ {
+ fprintf(stderr,"Encrypt failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(6);
+ }
+ if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
+ {
+ fprintf(stderr,"EncryptFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(7);
+ }
+
+ if(outl+outl2 != cn)
+ {
+ fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
+ outl+outl2,cn);
+ test1_exit(8);
+ }
+
+ if(memcmp(out,ciphertext,cn))
+ {
+ fprintf(stderr,"Ciphertext mismatch\n");
+ hexdump(stderr,"Got",out,cn);
+ hexdump(stderr,"Expected",ciphertext,cn);
+ test1_exit(9);
+ }
+ }
+
+ if (encdec <= 0)
+ {
+ if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
+ {
+ fprintf(stderr,"DecryptInit failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(11);
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+ if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
+ {
+ fprintf(stderr,"Decrypt failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(6);
+ }
+ if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
+ {
+ fprintf(stderr,"DecryptFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(7);
+ }
+
+ if(outl+outl2 != pn)
+ {
+ fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
+ outl+outl2,pn);
+ test1_exit(8);
+ }
+
+ if(memcmp(out,plaintext,pn))
+ {
+ fprintf(stderr,"Plaintext mismatch\n");
+ hexdump(stderr,"Got",out,pn);
+ hexdump(stderr,"Expected",plaintext,pn);
+ test1_exit(9);
+ }
+ }
+
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ printf("\n");
+ }
+
+static int test_cipher(const char *cipher,const unsigned char *key,int kn,
+ const unsigned char *iv,int in,
+ const unsigned char *plaintext,int pn,
+ const unsigned char *ciphertext,int cn,
+ int encdec)
+ {
+ const EVP_CIPHER *c;
+
+ c=EVP_get_cipherbyname(cipher);
+ if(!c)
+ return 0;
+
+ test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
+
+ return 1;
+ }
+
+static int test_digest(const char *digest,
+ const unsigned char *plaintext,int pn,
+ const unsigned char *ciphertext, unsigned int cn)
+ {
+ const EVP_MD *d;
+ EVP_MD_CTX ctx;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdn;
+
+ d=EVP_get_digestbyname(digest);
+ if(!d)
+ return 0;
+
+ printf("Testing digest %s\n",EVP_MD_name(d));
+ hexdump(stdout,"Plaintext",plaintext,pn);
+ hexdump(stdout,"Digest",ciphertext,cn);
+
+ EVP_MD_CTX_init(&ctx);
+ if(!EVP_DigestInit_ex(&ctx,d, NULL))
+ {
+ fprintf(stderr,"DigestInit failed\n");
+ ERR_print_errors_fp(stderr);
+ exit(100);
+ }
+ if(!EVP_DigestUpdate(&ctx,plaintext,pn))
+ {
+ fprintf(stderr,"DigestUpdate failed\n");
+ ERR_print_errors_fp(stderr);
+ exit(101);
+ }
+ if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
+ {
+ fprintf(stderr,"DigestFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ exit(101);
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if(mdn != cn)
+ {
+ fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
+ exit(102);
+ }
+
+ if(memcmp(md,ciphertext,cn))
+ {
+ fprintf(stderr,"Digest mismatch\n");
+ hexdump(stderr,"Got",md,cn);
+ hexdump(stderr,"Expected",ciphertext,cn);
+ exit(103);
+ }
+
+ printf("\n");
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return 1;
+ }
+
+int main(int argc,char **argv)
+ {
+ const char *szTestFile;
+ FILE *f;
+
+ if(argc != 2)
+ {
+ fprintf(stderr,"%s <test file>\n",argv[0]);
+ exit(1);
+ }
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ szTestFile=argv[1];
+
+ f=fopen(szTestFile,"r");
+ if(!f)
+ {
+ perror(szTestFile);
+ exit(2);
+ }
+
+ /* Load up the software EVP_CIPHER and EVP_MD definitions */
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+ /* Load all compiled-in ENGINEs */
+ ENGINE_load_builtin_engines();
+#endif
+#if 0
+ OPENSSL_config();
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ /* Register all available ENGINE implementations of ciphers and digests.
+ * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
+ /* If we add command-line options, this statement should be switchable.
+ * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+ * they weren't already initialised. */
+ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
+
+ for( ; ; )
+ {
+ char line[4096];
+ char *p;
+ char *cipher;
+ unsigned char *iv,*key,*plaintext,*ciphertext;
+ int encdec;
+ int kn,in,pn,cn;
+
+ if(!fgets((char *)line,sizeof line,f))
+ break;
+ if(line[0] == '#' || line[0] == '\n')
+ continue;
+ p=line;
+ cipher=sstrsep(&p,":");
+ key=ustrsep(&p,":");
+ iv=ustrsep(&p,":");
+ plaintext=ustrsep(&p,":");
+ ciphertext=ustrsep(&p,":");
+ if (p[-1] == '\n') {
+ p[-1] = '\0';
+ encdec = -1;
+ } else {
+ encdec = atoi(sstrsep(&p,"\n"));
+ }
+
+
+ kn=convert(key);
+ in=convert(iv);
+ pn=convert(plaintext);
+ cn=convert(ciphertext);
+
+ if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
+ && !test_digest(cipher,plaintext,pn,ciphertext,cn))
+ {
+#ifdef OPENSSL_NO_AES
+ if (strstr(cipher, "AES") == cipher)
+ {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_DES
+ if (strstr(cipher, "DES") == cipher)
+ {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_RC4
+ if (strstr(cipher, "RC4") == cipher)
+ {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+ if (strstr(cipher, "CAMELLIA") == cipher)
+ {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_SEED
+ if (strstr(cipher, "SEED") == cipher)
+ {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+ fprintf(stderr,"Can't find %s\n",cipher);
+ exit(3);
+ }
+ }
+ fclose(f);
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_thread_state(NULL);
+ ERR_free_strings();
+ CRYPTO_mem_leaks_fp(stderr);
+
+ return 0;
+ }
--- /dev/null
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#digest:::input:output
+
+# SHA(1) tests (from shatest.c)
+SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
+
+# MD5 tests (from md5test.c)
+MD5::::d41d8cd98f00b204e9800998ecf8427e
+MD5:::61:0cc175b9c0f1b6a831c399e269772661
+MD5:::616263:900150983cd24fb0d6963f7d28e17f72
+MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
+MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
+MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
+MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
+
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
+
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
+
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
+
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+# AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
+# For all CBC encrypts and decrypts, the transformed sequence is
+# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
+# CFB128-AES128.Decrypt
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
+# CFB128-AES192.Encrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
+# CFB128-AES192.Decrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
+# CFB128-AES256.Encrypt
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
+# CFB128-AES256.Decrypt
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
+# For all OFB encrypts and decrypts, the transformed sequence is
+# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
+# OFB-AES128.Decrypt
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
+# OFB-AES192.Encrypt
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
+# OFB-AES192.Decrypt
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
+# OFB-AES256.Encrypt
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
+# OFB-AES256.Decrypt
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
+
+# AES Counter test vectors from RFC3686
+aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
+aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
+aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
+
+aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
+aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
+aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
+
+aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
+aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
+aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
+
+# DES ECB tests (from destest)
+
+DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
+DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
+DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
+DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
+DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
+DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
+DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
+
+# DESX-CBC tests (from destest)
+DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+
+# DES EDE3 CBC tests (from destest)
+DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+# RC4 tests (from rc4test)
+RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
+RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
+RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
+RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
+
+
+# Camellia tests from RFC3713
+# For all ECB encrypts and decrypts, the transformed sequence is
+# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
+CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
+CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
+CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
+
+# ECB-CAMELLIA128.Encrypt
+CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
+CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
+CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
+
+# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
+CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
+
+# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
+CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
+
+# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
+CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
+
+# For all CBC encrypts and decrypts, the transformed sequence is
+# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
+CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
+
+# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
+CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
+
+# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
+CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
+
+# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-CAMELLIA128.Encrypt
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
+
+# CFB128-CAMELLIA128.Decrypt
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
+CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
+
+# CFB128-CAMELLIA192.Encrypt
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
+
+# CFB128-CAMELLIA192.Decrypt
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
+CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
+
+# CFB128-CAMELLIA256.Encrypt
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
+
+# CFB128-CAMELLIA256.Decrypt
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
+CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
+
+# For all OFB encrypts and decrypts, the transformed sequence is
+# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-CAMELLIA128.Encrypt
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
+
+# OFB-CAMELLIA128.Decrypt
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
+CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
+
+# OFB-CAMELLIA192.Encrypt
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
+
+# OFB-CAMELLIA192.Decrypt
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
+CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
+
+# OFB-CAMELLIA256.Encrypt
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
+
+# OFB-CAMELLIA256.Decrypt
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
+CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
+
+# SEED test vectors from RFC4269
+SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
+SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
+SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
+SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
+SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
+SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
+SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
+SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
+
+PROG= exptest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS (BN_BITS*2)
+
+int main(int argc, char *argv[])
+ {
+ BN_CTX *ctx;
+ BIO *out=NULL;
+ int i,ret;
+ unsigned char c;
+ BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
+
+ ERR_load_BN_strings();
+
+ ctx=BN_CTX_new();
+ if (ctx == NULL) exit(1);
+ r_mont=BN_new();
+ r_mont_const=BN_new();
+ r_recp=BN_new();
+ r_simple=BN_new();
+ a=BN_new();
+ b=BN_new();
+ m=BN_new();
+ if ( (r_mont == NULL) || (r_recp == NULL) ||
+ (a == NULL) || (b == NULL))
+ goto err;
+
+ out=BIO_new(BIO_s_file());
+
+ if (out == NULL) exit(1);
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+ for (i=0; i<200; i++)
+ {
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(a,NUM_BITS+c,0,0);
+
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(b,NUM_BITS+c,0,0);
+
+ RAND_bytes(&c,1);
+ c=(c%BN_BITS)-BN_BITS2;
+ BN_rand(m,NUM_BITS+c,0,1);
+
+ BN_mod(a,a,m,ctx);
+ BN_mod(b,b,m,ctx);
+
+ ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont() problems\n");
+ ERR_print_errors(out);
+ exit(1);
+ }
+
+ ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_recp() problems\n");
+ ERR_print_errors(out);
+ exit(1);
+ }
+
+ ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_simple() problems\n");
+ ERR_print_errors(out);
+ exit(1);
+ }
+
+ ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ exit(1);
+ }
+
+ if (BN_cmp(r_simple, r_mont) == 0
+ && BN_cmp(r_simple,r_recp) == 0
+ && BN_cmp(r_simple,r_mont_const) == 0)
+ {
+ printf(".");
+ fflush(stdout);
+ }
+ else
+ {
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple,r_mont_const) != 0)
+ printf("\nsimple and mont const time results differ\n");
+ if (BN_cmp(r_simple,r_recp) != 0)
+ printf("\nsimple and recp results differ\n");
+
+ printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a);
+ printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+ printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+ printf("\nsimple ="); BN_print(out,r_simple);
+ printf("\nrecp ="); BN_print(out,r_recp);
+ printf("\nmont ="); BN_print(out,r_mont);
+ printf("\nmont_ct ="); BN_print(out,r_mont_const);
+ printf("\n");
+ exit(1);
+ }
+ }
+ BN_free(r_mont);
+ BN_free(r_mont_const);
+ BN_free(r_recp);
+ BN_free(r_simple);
+ BN_free(a);
+ BN_free(b);
+ BN_free(m);
+ BN_CTX_free(ctx);
+ ERR_remove_thread_state(NULL);
+ CRYPTO_mem_leaks(out);
+ BIO_free(out);
+ printf(" done\n");
+ exit(0);
+err:
+ ERR_load_crypto_strings();
+ ERR_print_errors(out);
+ exit(1);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= hmactest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/hmac.h>
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static struct test_st
+ {
+ unsigned char key[16];
+ int key_len;
+ unsigned char data[64];
+ int data_len;
+ unsigned char *digest;
+ } test[4]={
+ { "",
+ 0,
+ "More text test vectors to stuff up EBCDIC machines :-)",
+ 54,
+ (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+ },{ {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+ 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+ 16,
+ "Hi There",
+ 8,
+ (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+ },{ "Jefe",
+ 4,
+ "what do ya want for nothing?",
+ 28,
+ (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+ },{
+ {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+ 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+ 16,
+ {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+ 0xdd,0xdd},
+ 50,
+ (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+ },
+ };
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+#ifndef OPENSSL_NO_MD5
+ int i;
+ char *p;
+#endif
+ int err=0;
+
+#ifdef OPENSSL_NO_MD5
+ printf("test skipped: MD5 disabled\n");
+#else
+
+ for (i=0; i<4; i++)
+ {
+ p=pt(HMAC(EVP_md5(),
+ test[i].key, test[i].key_len,
+ test[i].data, test[i].data_len,
+ NULL,NULL));
+
+ if (strcmp(p,(char *)test[i].digest) != 0)
+ {
+ printf("error calculating HMAC on %d entry'\n",i);
+ printf("got %s instead of %s\n",p,test[i].digest);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ }
+#endif /* OPENSSL_NO_MD5 */
+ exit(err);
+ return(0);
+ }
+
+#ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<MD5_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
+#endif
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= ideatest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/idea/ideatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/idea.h>
+
+unsigned char k[16]={
+ 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+ 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+
+char *text="Hello to all people out there";
+
+static unsigned char cfb_key[16]={
+ 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+ 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+ };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+ {
+ 0x4e,0x6f,0x77,0x20,0x69,0x73,
+ 0x20,0x74,0x68,0x65,0x20,0x74,
+ 0x69,0x6d,0x65,0x20,0x66,0x6f,
+ 0x72,0x20,0x61,0x6c,0x6c,0x20
+ };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+ 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+ 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+ 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+
+/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+ };
+
+static int cfb64_test(unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ IDEA_KEY_SCHEDULE key,dkey;
+ unsigned char iv[8];
+
+ idea_set_encrypt_key(k,&key);
+ idea_ecb_encrypt(in,out,&key);
+ if (memcmp(out,c,8) != 0)
+ {
+ printf("ecb idea error encrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",c[i]);
+ err=20;
+ printf("\n");
+ }
+
+ idea_set_decrypt_key(&key,&dkey);
+ idea_ecb_encrypt(c,out,&dkey);
+ if (memcmp(out,in,8) != 0)
+ {
+ printf("ecb idea error decrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",in[i]);
+ printf("\n");
+ err=3;
+ }
+
+ if (err == 0) printf("ecb idea ok\n");
+
+ memcpy(iv,k,8);
+ idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+ memcpy(iv,k,8);
+ idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+ idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+ if (memcmp(text,out,strlen(text)+1) != 0)
+ {
+ printf("cbc idea bad\n");
+ err=4;
+ }
+ else
+ printf("cbc idea ok\n");
+
+ printf("cfb64 idea ");
+ if (cfb64_test(cfb_cipher64))
+ {
+ printf("bad\n");
+ err=5;
+ }
+ else
+ printf("ok\n");
+
+ exit(err);
+ }
+
+static int cfb64_test(unsigned char *cfb_cipher)
+ {
+ IDEA_KEY_SCHEDULE eks,dks;
+ int err=0,i,n;
+
+ idea_set_encrypt_key(cfb_key,&eks);
+ idea_set_decrypt_key(&eks,&dks);
+ memcpy(cfb_tmp,cfb_iv,8);
+ n=0;
+ idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+ cfb_tmp,&n,IDEA_ENCRYPT);
+ idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+ (long)CFB_TEST_SIZE-12,&eks,
+ cfb_tmp,&n,IDEA_ENCRYPT);
+ if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+ {
+ err=1;
+ printf("idea_cfb64_encrypt encrypt error\n");
+ for (i=0; i<CFB_TEST_SIZE; i+=8)
+ printf("%s\n",pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp,cfb_iv,8);
+ n=0;
+ idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+ cfb_tmp,&n,IDEA_DECRYPT);
+ idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+ (long)CFB_TEST_SIZE-17,&dks,
+ cfb_tmp,&n,IDEA_DECRYPT);
+ if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+ {
+ err=1;
+ printf("idea_cfb_encrypt decrypt error\n");
+ for (i=0; i<24; i+=8)
+ printf("%s\n",pt(&(cfb_buf2[i])));
+ }
+ return(err);
+ }
+
+static char *pt(unsigned char *p)
+ {
+ static char bufs[10][20];
+ static int bnum=0;
+ char *ret;
+ int i;
+ static char *f="0123456789ABCDEF";
+
+ ret= &(bufs[bnum++][0]);
+ bnum%=10;
+ for (i=0; i<8; i++)
+ {
+ ret[i*2]=f[(p[i]>>4)&0xf];
+ ret[i*2+1]=f[p[i]&0xf];
+ }
+ ret[16]='\0';
+ return(ret);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= igetest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#define TEST_SIZE 128
+#define BIG_TEST_SIZE 10240
+
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+ {
+ int n=0;
+
+ fprintf(f,"%s",title);
+ for( ; n < l ; ++n)
+ {
+ if((n%16) == 0)
+ fprintf(f,"\n%04x",n);
+ fprintf(f," %02x",s[n]);
+ }
+ fprintf(f,"\n");
+ }
+
+#define MAX_VECTOR_SIZE 64
+
+struct ige_test
+ {
+ const unsigned char key[16];
+ const unsigned char iv[32];
+ const unsigned char in[MAX_VECTOR_SIZE];
+ const unsigned char out[MAX_VECTOR_SIZE];
+ const size_t length;
+ const int encrypt;
+ };
+
+static struct ige_test const ige_test_vectors[] = {
+{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
+ { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
+ 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
+ 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
+ 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
+ 32, AES_ENCRYPT }, /* test vector 0 */
+
+{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+ 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
+ { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
+ 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
+ { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
+ 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
+ 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
+ 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
+ { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
+ 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
+ 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
+ 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
+ 32, AES_DECRYPT }, /* test vector 1 */
+};
+
+struct bi_ige_test
+ {
+ const unsigned char key1[32];
+ const unsigned char key2[32];
+ const unsigned char iv[64];
+ const unsigned char in[MAX_VECTOR_SIZE];
+ const unsigned char out[MAX_VECTOR_SIZE];
+ const size_t keysize;
+ const size_t length;
+ const int encrypt;
+ };
+
+static struct bi_ige_test const bi_ige_test_vectors[] = {
+{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
+ { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
+ { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
+ 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
+ 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
+ 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
+ 16, 32, AES_ENCRYPT }, /* test vector 0 */
+{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
+ 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
+ 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
+ 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
+ { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
+ 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
+ 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
+ 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
+ { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
+ 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
+ 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
+ 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
+ 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
+ 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
+ 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
+ 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
+ { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
+ 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
+ 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
+ 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
+ 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
+ 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
+ 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
+ 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
+ { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
+ 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
+ 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
+ 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
+ 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
+ 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
+ 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
+ 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
+ 32, 64, AES_ENCRYPT }, /* test vector 1 */
+
+};
+
+static int run_test_vectors(void)
+ {
+ unsigned int n;
+ int errs = 0;
+
+ for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
+ {
+ const struct ige_test * const v = &ige_test_vectors[n];
+ AES_KEY key;
+ unsigned char buf[MAX_VECTOR_SIZE];
+ unsigned char iv[AES_BLOCK_SIZE*2];
+
+ assert(v->length <= MAX_VECTOR_SIZE);
+
+ if(v->encrypt == AES_ENCRYPT)
+ AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
+ else
+ AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
+ memcpy(iv, v->iv, sizeof iv);
+ AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
+
+ if(memcmp(v->out, buf, v->length))
+ {
+ printf("IGE test vector %d failed\n", n);
+ hexdump(stdout, "key", v->key, sizeof v->key);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+
+ /* try with in == out */
+ memcpy(iv, v->iv, sizeof iv);
+ memcpy(buf, v->in, v->length);
+ AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
+
+ if(memcmp(v->out, buf, v->length))
+ {
+ printf("IGE test vector %d failed (with in == out)\n", n);
+ hexdump(stdout, "key", v->key, sizeof v->key);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+ }
+
+ for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
+ ; ++n)
+ {
+ const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
+ AES_KEY key1;
+ AES_KEY key2;
+ unsigned char buf[MAX_VECTOR_SIZE];
+
+ assert(v->length <= MAX_VECTOR_SIZE);
+
+ if(v->encrypt == AES_ENCRYPT)
+ {
+ AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
+ AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
+ }
+ else
+ {
+ AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
+ AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
+ }
+
+ AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
+ v->encrypt);
+
+ if(memcmp(v->out, buf, v->length))
+ {
+ printf("Bidirectional IGE test vector %d failed\n", n);
+ hexdump(stdout, "key 1", v->key1, sizeof v->key1);
+ hexdump(stdout, "key 2", v->key2, sizeof v->key2);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+ }
+
+ return errs;
+ }
+
+int main(int argc, char **argv)
+ {
+ unsigned char rkey[16];
+ unsigned char rkey2[16];
+ AES_KEY key;
+ AES_KEY key2;
+ unsigned char plaintext[BIG_TEST_SIZE];
+ unsigned char ciphertext[BIG_TEST_SIZE];
+ unsigned char checktext[BIG_TEST_SIZE];
+ unsigned char iv[AES_BLOCK_SIZE*4];
+ unsigned char saved_iv[AES_BLOCK_SIZE*4];
+ int err = 0;
+ unsigned int n;
+ unsigned matches;
+
+ assert(BIG_TEST_SIZE >= TEST_SIZE);
+
+ RAND_pseudo_bytes(rkey, sizeof rkey);
+ RAND_pseudo_bytes(plaintext, sizeof plaintext);
+ RAND_pseudo_bytes(iv, sizeof iv);
+ memcpy(saved_iv, iv, sizeof saved_iv);
+
+ /* Forward IGE only... */
+
+ /* Straight encrypt/decrypt */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
+ AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
+ AES_DECRYPT);
+
+ if(memcmp(checktext, plaintext, TEST_SIZE))
+ {
+ printf("Encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* Now check encrypt chaining works */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
+ AES_ENCRYPT);
+ AES_ige_encrypt(plaintext+TEST_SIZE/2,
+ ciphertext+TEST_SIZE/2, TEST_SIZE/2,
+ &key, iv, AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
+ AES_DECRYPT);
+
+ if(memcmp(checktext, plaintext, TEST_SIZE))
+ {
+ printf("Chained encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* And check decrypt chaining */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
+ AES_ENCRYPT);
+ AES_ige_encrypt(plaintext+TEST_SIZE/2,
+ ciphertext+TEST_SIZE/2, TEST_SIZE/2,
+ &key, iv, AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
+ AES_DECRYPT);
+ AES_ige_encrypt(ciphertext+TEST_SIZE/2,
+ checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
+ AES_DECRYPT);
+
+ if(memcmp(checktext, plaintext, TEST_SIZE))
+ {
+ printf("Chained encrypt+chained decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* make sure garble extends forwards only */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt halfway through */
+ ++ciphertext[sizeof ciphertext/2];
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches=0;
+ for(n=0 ; n < sizeof checktext ; ++n)
+ if(checktext[n] == plaintext[n])
+ ++matches;
+
+ if(matches > sizeof checktext/2+sizeof checktext/100)
+ {
+ printf("More than 51%% matches after garbling\n");
+ ++err;
+ }
+
+ if(matches < sizeof checktext/2)
+ {
+ printf("Garble extends backwards!\n");
+ ++err;
+ }
+
+ /* Bi-directional IGE */
+
+ /* Note that we don't have to recover the IV, because chaining isn't */
+ /* possible with biIGE, so the IV is not updated. */
+
+ RAND_pseudo_bytes(rkey2, sizeof rkey2);
+
+ /* Straight encrypt/decrypt */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
+ AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
+ AES_DECRYPT);
+
+ if(memcmp(checktext, plaintext, TEST_SIZE))
+ {
+ printf("Encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* make sure garble extends both ways */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt halfway through */
+ ++ciphertext[sizeof ciphertext/2];
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches=0;
+ for(n=0 ; n < sizeof checktext ; ++n)
+ if(checktext[n] == plaintext[n])
+ ++matches;
+
+ if(matches > sizeof checktext/100)
+ {
+ printf("More than 1%% matches after bidirectional garbling\n");
+ ++err;
+ }
+
+ /* make sure garble extends both ways (2) */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt right at the end */
+ ++ciphertext[sizeof ciphertext-1];
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches=0;
+ for(n=0 ; n < sizeof checktext ; ++n)
+ if(checktext[n] == plaintext[n])
+ ++matches;
+
+ if(matches > sizeof checktext/100)
+ {
+ printf("More than 1%% matches after bidirectional garbling (2)\n");
+ ++err;
+ }
+
+ /* make sure garble extends both ways (3) */
+ AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt right at the start */
+ ++ciphertext[0];
+ AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches=0;
+ for(n=0 ; n < sizeof checktext ; ++n)
+ if(checktext[n] == plaintext[n])
+ ++matches;
+
+ if(matches > sizeof checktext/100)
+ {
+ printf("More than 1%% matches after bidirectional garbling (3)\n");
+ ++err;
+ }
+
+ err += run_test_vectors();
+
+ return err;
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= md4test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+
+static char *test[]={
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+ };
+
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ char **P,**R;
+ char *p;
+ unsigned char md[MD4_DIGEST_LENGTH];
+
+ P=test;
+ R=ret;
+ i=1;
+ while (*P != NULL)
+ {
+ EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+ p=pt(md);
+ if (strcmp(p,(char *)*R) != 0)
+ {
+ printf("error calculating MD4 on '%s'\n",*P);
+ printf("got %s instead of %s\n",p,*R);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ i++;
+ R++;
+ P++;
+ }
+ exit(err);
+ }
+
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<MD4_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= md5test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static char *test[]={
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+ };
+
+static char *ret[]={
+ "d41d8cd98f00b204e9800998ecf8427e",
+ "0cc175b9c0f1b6a831c399e269772661",
+ "900150983cd24fb0d6963f7d28e17f72",
+ "f96b697d7cb7938d525a2f31aaf161d0",
+ "c3fcd3d76192e4007dfb496cca67e13b",
+ "d174ab98d277d9f5a5611c2c9f419d9f",
+ "57edf4a22be3c955ac49da2e2107b67a",
+ };
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ char **P,**R;
+ char *p;
+ unsigned char md[MD5_DIGEST_LENGTH];
+
+ P=test;
+ R=ret;
+ i=1;
+ while (*P != NULL)
+ {
+ EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
+ p=pt(md);
+ if (strcmp(p,(char *)*R) != 0)
+ {
+ printf("error calculating MD5 on '%s'\n",*P);
+ printf("got %s instead of %s\n",p,*R);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ i++;
+ R++;
+ P++;
+ }
+
+ exit(err);
+ }
+
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<MD5_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= mdc2test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/mdc2/mdc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/mdc2.h>
+
+static unsigned char pad1[16]={
+ 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
+ 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
+ };
+
+static unsigned char pad2[16]={
+ 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
+ 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
+ };
+
+int main(int argc, char *argv[])
+ {
+ int ret=0;
+ unsigned char md[MDC2_DIGEST_LENGTH];
+ int i;
+ EVP_MD_CTX c;
+ static char *text="Now is the time for all ";
+
+ EVP_MD_CTX_init(&c);
+ EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+ EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+ EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+
+ if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
+ {
+ for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+ printf("%02X",md[i]);
+ printf(" <- generated\n");
+ for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+ printf("%02X",pad1[i]);
+ printf(" <- correct\n");
+ ret=1;
+ }
+ else
+ printf("pad1 - ok\n");
+
+ EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+ /* FIXME: use a ctl function? */
+ ((MDC2_CTX *)c.md_data)->pad_type=2;
+ EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+ EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+
+ if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
+ {
+ for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+ printf("%02X",md[i]);
+ printf(" <- generated\n");
+ for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+ printf("%02X",pad2[i]);
+ printf(" <- correct\n");
+ ret=1;
+ }
+ else
+ printf("pad2 - ok\n");
+
+ EVP_MD_CTX_cleanup(&c);
+ exit(ret);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
+
+PROG= randtest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+int main(int argc,char **argv)
+ {
+ unsigned char buf[2500];
+ int i,j,k,s,sign,nsign,err=0;
+ unsigned long n1;
+ unsigned long n2[16];
+ unsigned long runs[2][34];
+ /*double d; */
+ long d;
+
+ i = RAND_pseudo_bytes(buf,2500);
+ if (i < 0)
+ {
+ printf ("init failed, the rand method is not properly installed\n");
+ err++;
+ goto err;
+ }
+
+ n1=0;
+ for (i=0; i<16; i++) n2[i]=0;
+ for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+
+ /* test 1 and 2 */
+ sign=0;
+ nsign=0;
+ for (i=0; i<2500; i++)
+ {
+ j=buf[i];
+
+ n2[j&0x0f]++;
+ n2[(j>>4)&0x0f]++;
+
+ for (k=0; k<8; k++)
+ {
+ s=(j&0x01);
+ if (s == sign)
+ nsign++;
+ else
+ {
+ if (nsign > 34) nsign=34;
+ if (nsign != 0)
+ {
+ runs[sign][nsign-1]++;
+ if (nsign > 6)
+ runs[sign][5]++;
+ }
+ sign=s;
+ nsign=1;
+ }
+
+ if (s) n1++;
+ j>>=1;
+ }
+ }
+ if (nsign > 34) nsign=34;
+ if (nsign != 0) runs[sign][nsign-1]++;
+
+ /* test 1 */
+ if (!((9654 < n1) && (n1 < 10346)))
+ {
+ printf("test 1 failed, X=%lu\n",n1);
+ err++;
+ }
+ printf("test 1 done\n");
+
+ /* test 2 */
+ d=0;
+ for (i=0; i<16; i++)
+ d+=n2[i]*n2[i];
+ d=(d*8)/25-500000;
+ if (!((103 < d) && (d < 5740)))
+ {
+ printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+ err++;
+ }
+ printf("test 2 done\n");
+
+ /* test 3 */
+ for (i=0; i<2; i++)
+ {
+ if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,1,runs[i][0]);
+ err++;
+ }
+ if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,2,runs[i][1]);
+ err++;
+ }
+ if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,3,runs[i][2]);
+ err++;
+ }
+ if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,4,runs[i][3]);
+ err++;
+ }
+ if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,5,runs[i][4]);
+ err++;
+ }
+ if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
+ {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i,6,runs[i][5]);
+ err++;
+ }
+ }
+ printf("test 3 done\n");
+
+ /* test 4 */
+ if (runs[0][33] != 0)
+ {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n",
+ 0,34,runs[0][33]);
+ err++;
+ }
+ if (runs[1][33] != 0)
+ {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n",
+ 1,34,runs[1][33]);
+ err++;
+ }
+ printf("test 4 done\n");
+ err:
+ err=((err)?1:0);
+ exit(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= rc2test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/rc2.h>
+
+static unsigned char RC2key[4][16]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+ 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+ };
+
+static unsigned char RC2plain[4][8]={
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ };
+
+static unsigned char RC2cipher[4][8]={
+ {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+ {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+ {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+ {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+ };
+/************/
+
+int main(int argc, char *argv[])
+ {
+ int i,n,err=0;
+ RC2_KEY key;
+ unsigned char buf[8],buf2[8];
+
+ for (n=0; n<4; n++)
+ {
+ RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+
+ RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+ if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+ {
+ printf("ecb rc2 error encrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",RC2cipher[n][i]);
+ err=20;
+ printf("\n");
+ }
+
+ RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+ if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+ {
+ printf("ecb RC2 error decrypting\n");
+ printf("got :");
+ for (i=0; i<8; i++)
+ printf("%02X ",buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i=0; i<8; i++)
+ printf("%02X ",RC2plain[n][i]);
+ printf("\n");
+ err=3;
+ }
+ }
+
+ if (err == 0) printf("ecb RC2 ok\n");
+
+ exit(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= rc4test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/rc4.h>
+#include <openssl/sha.h>
+
+static unsigned char keys[7][30]={
+ {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+ {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+ {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+ {4,0xef,0x01,0x23,0x45},
+ {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+ {4,0xef,0x01,0x23,0x45},
+ };
+
+static unsigned char data_len[7]={8,8,8,20,28,10};
+static unsigned char data[7][30]={
+ {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0xff},
+ {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+ 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+ 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+ 0x12,0x34,0x56,0x78,0xff},
+ {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+ {0},
+ };
+
+static unsigned char output[7][30]={
+ {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+ {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+ {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+ {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+ 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+ 0x36,0xb6,0x78,0x58,0x00},
+ {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+ 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+ 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+ 0x40,0x01,0x1e,0xcf,0x00},
+ {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+ {0},
+ };
+
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ int j;
+ unsigned char *p;
+ RC4_KEY key;
+ unsigned char obuf[512];
+
+#if !defined(OPENSSL_PIC)
+ void OPENSSL_cpuid_setup(void);
+
+ OPENSSL_cpuid_setup();
+#endif
+
+ for (i=0; i<6; i++)
+ {
+ RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+ memset(obuf,0x00,sizeof(obuf));
+ RC4(&key,data_len[i],&(data[i][0]),obuf);
+ if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+ {
+ printf("error calculating RC4\n");
+ printf("output:");
+ for (j=0; j<data_len[i]+1; j++)
+ printf(" %02x",obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p= &(output[i][0]);
+ for (j=0; j<data_len[i]+1; j++)
+ printf(" %02x",*(p++));
+ printf("\n");
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ }
+ printf("test end processing ");
+ for (i=0; i<data_len[3]; i++)
+ {
+ RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+ memset(obuf,0x00,sizeof(obuf));
+ RC4(&key,i,&(data[3][0]),obuf);
+ if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+ {
+ printf("error in RC4 length processing\n");
+ printf("output:");
+ for (j=0; j<i+1; j++)
+ printf(" %02x",obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p= &(output[3][0]);
+ for (j=0; j<i; j++)
+ printf(" %02x",*(p++));
+ printf(" 00\n");
+ err++;
+ }
+ else
+ {
+ printf(".");
+ fflush(stdout);
+ }
+ }
+ printf("done\n");
+ printf("test multi-call ");
+ for (i=0; i<data_len[3]; i++)
+ {
+ RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+ memset(obuf,0x00,sizeof(obuf));
+ RC4(&key,i,&(data[3][0]),obuf);
+ RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+ if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+ {
+ printf("error in RC4 multi-call processing\n");
+ printf("output:");
+ for (j=0; j<data_len[3]+1; j++)
+ printf(" %02x",obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p= &(output[3][0]);
+ for (j=0; j<data_len[3]+1; j++)
+ printf(" %02x",*(p++));
+ err++;
+ }
+ else
+ {
+ printf(".");
+ fflush(stdout);
+ }
+ }
+ printf("done\n");
+ printf("bulk test ");
+ { unsigned char buf[513];
+ SHA_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+ static unsigned char expected[]={
+ 0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
+ 0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
+
+ RC4_set_key(&key,keys[0][0],&(keys[3][1]));
+ memset(buf,'\0',sizeof(buf));
+ SHA1_Init(&c);
+ for (i=0;i<2571;i++) {
+ RC4(&key,sizeof(buf),buf,buf);
+ SHA1_Update(&c,buf,sizeof(buf));
+ }
+ SHA1_Final(md,&c);
+
+ if (memcmp(md,expected,sizeof(md))) {
+ printf("error in RC4 bulk test\n");
+ printf("output:");
+ for (j=0; j<(int)sizeof(md); j++)
+ printf(" %02x",md[j]);
+ printf("\n");
+ printf("expect:");
+ for (j=0; j<(int)sizeof(md); j++)
+ printf(" %02x",expected[j]);
+ printf("\n");
+ err++;
+ }
+ else printf("ok\n");
+ }
+ exit(err);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= rmdtest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+
+static char *test[]={
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+ };
+
+static char *ret[]={
+ "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+ "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+ "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+ "5d0689ef49d2fae572b881b123a85ffa21595f36",
+ "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+ "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+ "b0e20b6e3116640286ed3a87a5713079b21f5189",
+ "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+ };
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ char **P,**R;
+ char *p;
+ unsigned char md[RIPEMD160_DIGEST_LENGTH];
+
+ P=test;
+ R=ret;
+ i=1;
+ while (*P != NULL)
+ {
+ EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
+ p=pt(md);
+ if (strcmp(p,(char *)*R) != 0)
+ {
+ printf("error calculating RIPEMD160 on '%s'\n",*P);
+ printf("got %s instead of %s\n",p,*R);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ i++;
+ R++;
+ P++;
+ }
+ exit(err);
+ return(0);
+ }
+
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= shatest
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#define SHA_0 /* FIPS 180 */
+#undef SHA_1 /* FIPS 180-1 */
+
+static char *test[]={
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ NULL,
+ };
+
+#ifdef SHA_0
+static char *ret[]={
+ "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+ "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+ };
+static char *bigret=
+ "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+ "a9993e364706816aba3e25717850c26c9cd0d89d",
+ "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+ };
+static char *bigret=
+ "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ char **P,**R;
+ static unsigned char buf[1000];
+ char *p,*r;
+ EVP_MD_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ EVP_MD_CTX_init(&c);
+ P=test;
+ R=ret;
+ i=1;
+ while (*P != NULL)
+ {
+ EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
+ p=pt(md);
+ if (strcmp(p,*R) != 0)
+ {
+ printf("error calculating SHA on '%s'\n",*P);
+ printf("got %s instead of %s\n",p,*R);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ i++;
+ R++;
+ P++;
+ }
+
+ memset(buf,'a',1000);
+ EVP_DigestInit_ex(&c,EVP_sha(), NULL);
+ for (i=0; i<1000; i++)
+ EVP_DigestUpdate(&c,buf,1000);
+ EVP_DigestFinal_ex(&c,md,NULL);
+ p=pt(md);
+
+ r=bigret;
+ if (strcmp(p,r) != 0)
+ {
+ printf("error calculating SHA on '%s'\n",p);
+ printf("got %s instead of %s\n",p,r);
+ err++;
+ }
+ else
+ printf("test 3 ok\n");
+
+ EVP_MD_CTX_cleanup(&c);
+ exit(err);
+ }
+
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<SHA_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
--- /dev/null
+# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
+
+PROG= sha1test
+LDADD= -lcrypto
+DPADD= ${LIBCRYPTO}
+
+.include <bsd.regress.mk>
--- /dev/null
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#undef SHA_0 /* FIPS 180 */
+#define SHA_1 /* FIPS 180-1 */
+
+static char *test[]={
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ NULL,
+ };
+
+#ifdef SHA_0
+static char *ret[]={
+ "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+ "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+ };
+static char *bigret=
+ "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+ "a9993e364706816aba3e25717850c26c9cd0d89d",
+ "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+ };
+static char *bigret=
+ "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+ {
+ int i,err=0;
+ char **P,**R;
+ static unsigned char buf[1000];
+ char *p,*r;
+ EVP_MD_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ EVP_MD_CTX_init(&c);
+ P=test;
+ R=ret;
+ i=1;
+ while (*P != NULL)
+ {
+ EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
+ p=pt(md);
+ if (strcmp(p,(char *)*R) != 0)
+ {
+ printf("error calculating SHA1 on '%s'\n",*P);
+ printf("got %s instead of %s\n",p,*R);
+ err++;
+ }
+ else
+ printf("test %d ok\n",i);
+ i++;
+ R++;
+ P++;
+ }
+
+ memset(buf,'a',1000);
+ EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+ for (i=0; i<1000; i++)
+ EVP_DigestUpdate(&c,buf,1000);
+ EVP_DigestFinal_ex(&c,md,NULL);
+ p=pt(md);
+
+ r=bigret;
+ if (strcmp(p,r) != 0)
+ {
+ printf("error calculating SHA1 on 'a' * 1000\n");
+ printf("got %s instead of %s\n",p,r);
+ err++;
+ }
+ else
+ printf("test 3 ok\n");
+
+ EVP_MD_CTX_cleanup(&c);
+ exit(err);
+ }
+
+static char *pt(unsigned char *md)
+ {
+ int i;
+ static char buf[80];
+
+ for (i=0; i<SHA_DIGEST_LENGTH; i++)
+ snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
+ return(buf);
+ }
projects / openbsd / commitdiff