summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/Makefile30
-rw-r--r--src/regress/lib/libcrypto/bf/Makefile7
-rw-r--r--src/regress/lib/libcrypto/bf/bftest.c514
-rw-r--r--src/regress/lib/libcrypto/bn/Makefile7
-rw-r--r--src/regress/lib/libcrypto/bn/bntest.c2000
-rw-r--r--src/regress/lib/libcrypto/cast/Makefile7
-rw-r--r--src/regress/lib/libcrypto/cast/casttest.c222
-rw-r--r--src/regress/lib/libcrypto/des/Makefile7
-rw-r--r--src/regress/lib/libcrypto/des/destest.c884
-rw-r--r--src/regress/lib/libcrypto/dh/Makefile7
-rw-r--r--src/regress/lib/libcrypto/dh/dhtest.c195
-rw-r--r--src/regress/lib/libcrypto/dsa/Makefile13
-rw-r--r--src/regress/lib/libcrypto/dsa/dsatest.c236
-rw-r--r--src/regress/lib/libcrypto/ec/Makefile7
-rw-r--r--src/regress/lib/libcrypto/ec/ectest.c1328
-rw-r--r--src/regress/lib/libcrypto/ecdh/Makefile7
-rw-r--r--src/regress/lib/libcrypto/ecdh/ecdhtest.c278
-rw-r--r--src/regress/lib/libcrypto/ecdsa/Makefile7
-rw-r--r--src/regress/lib/libcrypto/ecdsa/ecdsatest.c555
-rw-r--r--src/regress/lib/libcrypto/evp/Makefile12
-rw-r--r--src/regress/lib/libcrypto/evp/evptest.c448
-rw-r--r--src/regress/lib/libcrypto/evp/evptests.txt334
-rw-r--r--src/regress/lib/libcrypto/exp/Makefile7
-rw-r--r--src/regress/lib/libcrypto/exp/exptest.c191
-rw-r--r--src/regress/lib/libcrypto/hmac/Makefile7
-rw-r--r--src/regress/lib/libcrypto/hmac/hmactest.c154
-rw-r--r--src/regress/lib/libcrypto/idea/Makefile7
-rw-r--r--src/regress/lib/libcrypto/idea/ideatest.c221
-rw-r--r--src/regress/lib/libcrypto/ige/Makefile7
-rw-r--r--src/regress/lib/libcrypto/ige/igetest.c503
-rw-r--r--src/regress/lib/libcrypto/md4/Makefile7
-rw-r--r--src/regress/lib/libcrypto/md4/md4test.c125
-rw-r--r--src/regress/lib/libcrypto/md5/Makefile7
-rw-r--r--src/regress/lib/libcrypto/md5/md5test.c126
-rw-r--r--src/regress/lib/libcrypto/mdc2/Makefile7
-rw-r--r--src/regress/lib/libcrypto/mdc2/mdc2test.c123
-rw-r--r--src/regress/lib/libcrypto/rand/Makefile7
-rw-r--r--src/regress/lib/libcrypto/rand/randtest.c202
-rw-r--r--src/regress/lib/libcrypto/rc2/Makefile7
-rw-r--r--src/regress/lib/libcrypto/rc2/rc2test.c138
-rw-r--r--src/regress/lib/libcrypto/rc4/Makefile7
-rw-r--r--src/regress/lib/libcrypto/rc4/rc4test.c228
-rw-r--r--src/regress/lib/libcrypto/rmd/Makefile7
-rw-r--r--src/regress/lib/libcrypto/rmd/rmdtest.c128
-rw-r--r--src/regress/lib/libcrypto/sha/Makefile7
-rw-r--r--src/regress/lib/libcrypto/sha/shatest.c152
-rw-r--r--src/regress/lib/libcrypto/sha1/Makefile7
-rw-r--r--src/regress/lib/libcrypto/sha1/sha1test.c152
48 files changed, 9639 insertions, 0 deletions
diff --git a/src/regress/lib/libcrypto/Makefile b/src/regress/lib/libcrypto/Makefile
new file mode 100644
index 0000000000..c752bf042e
--- /dev/null
+++ b/src/regress/lib/libcrypto/Makefile
@@ -0,0 +1,30 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:15 miod Exp $
2
3SUBDIR= \
4 bf \
5 bn \
6 cast \
7 des \
8 dh \
9 dsa \
10 ec \
11 ecdh \
12 ecdsa \
13 evp \
14 exp \
15 hmac \
16 idea \
17 ige \
18 md4 \
19 md5 \
20 mdc2 \
21 rand \
22 rc2 \
23 rc4 \
24 rmd \
25 sha \
26 sha1
27
28install:
29
30.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libcrypto/bf/Makefile b/src/regress/lib/libcrypto/bf/Makefile
new file mode 100644
index 0000000000..056384939a
--- /dev/null
+++ b/src/regress/lib/libcrypto/bf/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= bftest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bf/bftest.c b/src/regress/lib/libcrypto/bf/bftest.c
new file mode 100644
index 0000000000..c3f04d801e
--- /dev/null
+++ b/src/regress/lib/libcrypto/bf/bftest.c
@@ -0,0 +1,514 @@
1/* crypto/bf/bftest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
60 * RC2 modes, more of the code will be uncommented. */
61
62#include <stdio.h>
63#include <string.h>
64#include <stdlib.h>
65
66#include <openssl/blowfish.h>
67
68static char *bf_key[2]={
69 "abcdefghijklmnopqrstuvwxyz",
70 "Who is John Galt?"
71 };
72
73/* big endian */
74static BF_LONG bf_plain[2][2]={
75 {0x424c4f57L,0x46495348L},
76 {0xfedcba98L,0x76543210L}
77 };
78
79static BF_LONG bf_cipher[2][2]={
80 {0x324ed0feL,0xf413a203L},
81 {0xcc91732bL,0x8022f684L}
82 };
83/************/
84
85/* Lets use the DES test vectors :-) */
86#define NUM_TESTS 34
87static unsigned char ecb_data[NUM_TESTS][8]={
88 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
89 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
90 {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
91 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
92 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
93 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
94 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
95 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
96 {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
97 {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
98 {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
99 {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
100 {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
101 {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
102 {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
103 {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
104 {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
105 {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
106 {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
107 {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
108 {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
109 {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
110 {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
111 {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
112 {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
113 {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
114 {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
115 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
116 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
117 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
118 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
119 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
120 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
121 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
122
123static unsigned char plain_data[NUM_TESTS][8]={
124 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
125 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
126 {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
127 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
128 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
129 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
130 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
131 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
132 {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
133 {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
134 {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
135 {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
136 {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
137 {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
138 {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
139 {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
140 {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
141 {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
142 {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
143 {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
144 {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
145 {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
146 {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
147 {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
148 {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
149 {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
150 {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
151 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
152 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
153 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
154 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
155 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
156 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
157 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
158
159static unsigned char cipher_data[NUM_TESTS][8]={
160 {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
161 {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
162 {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
163 {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
164 {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
165 {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
166 {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
167 {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
168 {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
169 {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
170 {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
171 {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
172 {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
173 {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
174 {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
175 {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
176 {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
177 {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
178 {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
179 {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
180 {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
181 {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
182 {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
183 {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
184 {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
185 {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
186 {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
187 {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
188 {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
189 {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
190 {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
191 {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
192 {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
193 {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
194 };
195
196static unsigned char cbc_key [16]={
197 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
198 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
199static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
200static char cbc_data[40]="7654321 Now is the time for ";
201static unsigned char cbc_ok[32]={
202 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
203 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
204 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
205 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
206
207static unsigned char cfb64_ok[]={
208 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
209 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
210 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
211 0x51,0x9D,0x57,0xA6,0xC3};
212
213static unsigned char ofb64_ok[]={
214 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
215 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
216 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
217 0x63,0xC2,0xCF,0x80,0xDA};
218
219#define KEY_TEST_NUM 25
220static unsigned char key_test[KEY_TEST_NUM]={
221 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
222 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
223 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
224 0x88};
225
226static unsigned char key_data[8]=
227 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
228
229static unsigned char key_out[KEY_TEST_NUM][8]={
230 {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
231 {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
232 {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
233 {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
234 {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
235 {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
236 {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
237 {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
238 {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
239 {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
240 {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
241 {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
242 {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
243 {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
244 {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
245 {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
246 {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
247 {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
248 {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
249 {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
250 {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
251 {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
252 {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
253 {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
254 };
255
256static int test(void );
257static int print_test_data(void );
258int main(int argc, char *argv[])
259 {
260 int ret;
261
262 if (argc > 1)
263 ret=print_test_data();
264 else
265 ret=test();
266
267 return ret;
268 }
269
270static int print_test_data(void)
271 {
272 unsigned int i,j;
273
274 printf("ecb test data\n");
275 printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
276 for (i=0; i<NUM_TESTS; i++)
277 {
278 for (j=0; j<8; j++)
279 printf("%02X",ecb_data[i][j]);
280 printf("\t");
281 for (j=0; j<8; j++)
282 printf("%02X",plain_data[i][j]);
283 printf("\t");
284 for (j=0; j<8; j++)
285 printf("%02X",cipher_data[i][j]);
286 printf("\n");
287 }
288
289 printf("set_key test data\n");
290 printf("data[8]= ");
291 for (j=0; j<8; j++)
292 printf("%02X",key_data[j]);
293 printf("\n");
294 for (i=0; i<KEY_TEST_NUM-1; i++)
295 {
296 printf("c=");
297 for (j=0; j<8; j++)
298 printf("%02X",key_out[i][j]);
299 printf(" k[%2u]=",i+1);
300 for (j=0; j<i+1; j++)
301 printf("%02X",key_test[j]);
302 printf("\n");
303 }
304
305 printf("\nchaining mode test data\n");
306 printf("key[16] = ");
307 for (j=0; j<16; j++)
308 printf("%02X",cbc_key[j]);
309 printf("\niv[8] = ");
310 for (j=0; j<8; j++)
311 printf("%02X",cbc_iv[j]);
312 printf("\ndata[%d] = '%s'",(int)strlen(cbc_data)+1,cbc_data);
313 printf("\ndata[%d] = ",(int)strlen(cbc_data)+1);
314 for (j=0; j<strlen(cbc_data)+1; j++)
315 printf("%02X",cbc_data[j]);
316 printf("\n");
317 printf("cbc cipher text\n");
318 printf("cipher[%d]= ",32);
319 for (j=0; j<32; j++)
320 printf("%02X",cbc_ok[j]);
321 printf("\n");
322
323 printf("cfb64 cipher text\n");
324 printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
325 for (j=0; j<strlen(cbc_data)+1; j++)
326 printf("%02X",cfb64_ok[j]);
327 printf("\n");
328
329 printf("ofb64 cipher text\n");
330 printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
331 for (j=0; j<strlen(cbc_data)+1; j++)
332 printf("%02X",ofb64_ok[j]);
333 printf("\n");
334 return(0);
335 }
336
337static int test(void)
338 {
339 unsigned char cbc_in[40],cbc_out[40],iv[8];
340 int i,n,err=0;
341 BF_KEY key;
342 BF_LONG data[2];
343 unsigned char out[8];
344 BF_LONG len;
345
346 printf("testing blowfish in raw ecb mode\n");
347 for (n=0; n<2; n++)
348 {
349 BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
350
351 data[0]=bf_plain[n][0];
352 data[1]=bf_plain[n][1];
353 BF_encrypt(data,&key);
354 if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
355 {
356 printf("BF_encrypt error encrypting\n");
357 printf("got :");
358 for (i=0; i<2; i++)
359 printf("%08lX ",(unsigned long)data[i]);
360 printf("\n");
361 printf("expected:");
362 for (i=0; i<2; i++)
363 printf("%08lX ",(unsigned long)bf_cipher[n][i]);
364 err=1;
365 printf("\n");
366 }
367
368 BF_decrypt(&(data[0]),&key);
369 if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
370 {
371 printf("BF_encrypt error decrypting\n");
372 printf("got :");
373 for (i=0; i<2; i++)
374 printf("%08lX ",(unsigned long)data[i]);
375 printf("\n");
376 printf("expected:");
377 for (i=0; i<2; i++)
378 printf("%08lX ",(unsigned long)bf_plain[n][i]);
379 printf("\n");
380 err=1;
381 }
382 }
383
384 printf("testing blowfish in ecb mode\n");
385
386 for (n=0; n<NUM_TESTS; n++)
387 {
388 BF_set_key(&key,8,ecb_data[n]);
389
390 BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
391 if (memcmp(&(cipher_data[n][0]),out,8) != 0)
392 {
393 printf("BF_ecb_encrypt blowfish error encrypting\n");
394 printf("got :");
395 for (i=0; i<8; i++)
396 printf("%02X ",out[i]);
397 printf("\n");
398 printf("expected:");
399 for (i=0; i<8; i++)
400 printf("%02X ",cipher_data[n][i]);
401 err=1;
402 printf("\n");
403 }
404
405 BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
406 if (memcmp(&(plain_data[n][0]),out,8) != 0)
407 {
408 printf("BF_ecb_encrypt error decrypting\n");
409 printf("got :");
410 for (i=0; i<8; i++)
411 printf("%02X ",out[i]);
412 printf("\n");
413 printf("expected:");
414 for (i=0; i<8; i++)
415 printf("%02X ",plain_data[n][i]);
416 printf("\n");
417 err=1;
418 }
419 }
420
421 printf("testing blowfish set_key\n");
422 for (n=1; n<KEY_TEST_NUM; n++)
423 {
424 BF_set_key(&key,n,key_test);
425 BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
426 /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
427 if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
428 {
429 printf("blowfish setkey error\n");
430 err=1;
431 }
432 }
433
434 printf("testing blowfish in cbc mode\n");
435 len=strlen(cbc_data)+1;
436
437 BF_set_key(&key,16,cbc_key);
438 memset(cbc_in,0,sizeof cbc_in);
439 memset(cbc_out,0,sizeof cbc_out);
440 memcpy(iv,cbc_iv,sizeof iv);
441 BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
442 &key,iv,BF_ENCRYPT);
443 if (memcmp(cbc_out,cbc_ok,32) != 0)
444 {
445 err=1;
446 printf("BF_cbc_encrypt encrypt error\n");
447 for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
448 }
449 memcpy(iv,cbc_iv,8);
450 BF_cbc_encrypt(cbc_out,cbc_in,len,
451 &key,iv,BF_DECRYPT);
452 if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
453 {
454 printf("BF_cbc_encrypt decrypt error\n");
455 err=1;
456 }
457
458 printf("testing blowfish in cfb64 mode\n");
459
460 BF_set_key(&key,16,cbc_key);
461 memset(cbc_in,0,40);
462 memset(cbc_out,0,40);
463 memcpy(iv,cbc_iv,8);
464 n=0;
465 BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
466 &key,iv,&n,BF_ENCRYPT);
467 BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
468 &key,iv,&n,BF_ENCRYPT);
469 if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
470 {
471 err=1;
472 printf("BF_cfb64_encrypt encrypt error\n");
473 for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
474 }
475 n=0;
476 memcpy(iv,cbc_iv,8);
477 BF_cfb64_encrypt(cbc_out,cbc_in,17,
478 &key,iv,&n,BF_DECRYPT);
479 BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
480 &key,iv,&n,BF_DECRYPT);
481 if (memcmp(cbc_in,cbc_data,(int)len) != 0)
482 {
483 printf("BF_cfb64_encrypt decrypt error\n");
484 err=1;
485 }
486
487 printf("testing blowfish in ofb64\n");
488
489 BF_set_key(&key,16,cbc_key);
490 memset(cbc_in,0,40);
491 memset(cbc_out,0,40);
492 memcpy(iv,cbc_iv,8);
493 n=0;
494 BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
495 BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
496 &(cbc_out[13]),len-13,&key,iv,&n);
497 if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
498 {
499 err=1;
500 printf("BF_ofb64_encrypt encrypt error\n");
501 for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
502 }
503 n=0;
504 memcpy(iv,cbc_iv,8);
505 BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
506 BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
507 if (memcmp(cbc_in,cbc_data,(int)len) != 0)
508 {
509 printf("BF_ofb64_encrypt decrypt error\n");
510 err=1;
511 }
512
513 return(err);
514 }
diff --git a/src/regress/lib/libcrypto/bn/Makefile b/src/regress/lib/libcrypto/bn/Makefile
new file mode 100644
index 0000000000..30bc0ef297
--- /dev/null
+++ b/src/regress/lib/libcrypto/bn/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:15 miod Exp $
2
3PROG= bntest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/bntest.c b/src/regress/lib/libcrypto/bn/bntest.c
new file mode 100644
index 0000000000..74a97e9c8a
--- /dev/null
+++ b/src/regress/lib/libcrypto/bn/bntest.c
@@ -0,0 +1,2000 @@
1/* crypto/bn/bntest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
66 *
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72/* Until the key-gen callbacks are modified to use newer prototypes, we allow
73 * deprecated functions for openssl-internal code */
74#ifdef OPENSSL_NO_DEPRECATED
75#undef OPENSSL_NO_DEPRECATED
76#endif
77
78#include <stdio.h>
79#include <stdlib.h>
80#include <string.h>
81
82#include <openssl/bio.h>
83#include <openssl/bn.h>
84#include <openssl/rand.h>
85#include <openssl/x509.h>
86#include <openssl/err.h>
87
88const int num0 = 100; /* number of tests */
89const int num1 = 50; /* additional tests for some functions */
90const int num2 = 5; /* number of tests for slow functions */
91
92int test_add(BIO *bp);
93int test_sub(BIO *bp);
94int test_lshift1(BIO *bp);
95int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
96int test_rshift1(BIO *bp);
97int test_rshift(BIO *bp,BN_CTX *ctx);
98int test_div(BIO *bp,BN_CTX *ctx);
99int test_div_word(BIO *bp);
100int test_div_recp(BIO *bp,BN_CTX *ctx);
101int test_mul(BIO *bp);
102int test_sqr(BIO *bp,BN_CTX *ctx);
103int test_mont(BIO *bp,BN_CTX *ctx);
104int test_mod(BIO *bp,BN_CTX *ctx);
105int test_mod_mul(BIO *bp,BN_CTX *ctx);
106int test_mod_exp(BIO *bp,BN_CTX *ctx);
107int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
108int test_exp(BIO *bp,BN_CTX *ctx);
109int test_gf2m_add(BIO *bp);
110int test_gf2m_mod(BIO *bp);
111int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
112int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
113int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
114int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
115int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
116int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
117int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
118int test_kron(BIO *bp,BN_CTX *ctx);
119int test_sqrt(BIO *bp,BN_CTX *ctx);
120int rand_neg(void);
121static int results=0;
122
123static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
124"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
125
126static void message(BIO *out, char *m)
127 {
128 fprintf(stderr, "test %s\n", m);
129 BIO_puts(out, "print \"test ");
130 BIO_puts(out, m);
131 BIO_puts(out, "\\n\"\n");
132 }
133
134int main(int argc, char *argv[])
135 {
136 BN_CTX *ctx;
137 BIO *out;
138 char *outfile=NULL;
139
140 results = 0;
141
142 argc--;
143 argv++;
144 while (argc >= 1)
145 {
146 if (strcmp(*argv,"-results") == 0)
147 results=1;
148 else if (strcmp(*argv,"-out") == 0)
149 {
150 if (--argc < 1) break;
151 outfile= *(++argv);
152 }
153 argc--;
154 argv++;
155 }
156
157
158 ctx=BN_CTX_new();
159 if (ctx == NULL) exit(1);
160
161 out=BIO_new(BIO_s_file());
162 if (out == NULL) exit(1);
163 if (outfile == NULL)
164 {
165 BIO_set_fp(out,stdout,BIO_NOCLOSE);
166 }
167 else
168 {
169 if (!BIO_write_filename(out,outfile))
170 {
171 perror(outfile);
172 exit(1);
173 }
174 }
175
176 if (!results)
177 BIO_puts(out,"obase=16\nibase=16\n");
178
179 message(out,"BN_add");
180 if (!test_add(out)) goto err;
181 (void)BIO_flush(out);
182
183 message(out,"BN_sub");
184 if (!test_sub(out)) goto err;
185 (void)BIO_flush(out);
186
187 message(out,"BN_lshift1");
188 if (!test_lshift1(out)) goto err;
189 (void)BIO_flush(out);
190
191 message(out,"BN_lshift (fixed)");
192 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
193 goto err;
194 (void)BIO_flush(out);
195
196 message(out,"BN_lshift");
197 if (!test_lshift(out,ctx,NULL)) goto err;
198 (void)BIO_flush(out);
199
200 message(out,"BN_rshift1");
201 if (!test_rshift1(out)) goto err;
202 (void)BIO_flush(out);
203
204 message(out,"BN_rshift");
205 if (!test_rshift(out,ctx)) goto err;
206 (void)BIO_flush(out);
207
208 message(out,"BN_sqr");
209 if (!test_sqr(out,ctx)) goto err;
210 (void)BIO_flush(out);
211
212 message(out,"BN_mul");
213 if (!test_mul(out)) goto err;
214 (void)BIO_flush(out);
215
216 message(out,"BN_div");
217 if (!test_div(out,ctx)) goto err;
218 (void)BIO_flush(out);
219
220 message(out,"BN_div_word");
221 if (!test_div_word(out)) goto err;
222 (void)BIO_flush(out);
223
224 message(out,"BN_div_recp");
225 if (!test_div_recp(out,ctx)) goto err;
226 (void)BIO_flush(out);
227
228 message(out,"BN_mod");
229 if (!test_mod(out,ctx)) goto err;
230 (void)BIO_flush(out);
231
232 message(out,"BN_mod_mul");
233 if (!test_mod_mul(out,ctx)) goto err;
234 (void)BIO_flush(out);
235
236 message(out,"BN_mont");
237 if (!test_mont(out,ctx)) goto err;
238 (void)BIO_flush(out);
239
240 message(out,"BN_mod_exp");
241 if (!test_mod_exp(out,ctx)) goto err;
242 (void)BIO_flush(out);
243
244 message(out,"BN_mod_exp_mont_consttime");
245 if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
246 (void)BIO_flush(out);
247
248 message(out,"BN_exp");
249 if (!test_exp(out,ctx)) goto err;
250 (void)BIO_flush(out);
251
252 message(out,"BN_kronecker");
253 if (!test_kron(out,ctx)) goto err;
254 (void)BIO_flush(out);
255
256 message(out,"BN_mod_sqrt");
257 if (!test_sqrt(out,ctx)) goto err;
258 (void)BIO_flush(out);
259#ifndef OPENSSL_NO_EC2M
260 message(out,"BN_GF2m_add");
261 if (!test_gf2m_add(out)) goto err;
262 (void)BIO_flush(out);
263
264 message(out,"BN_GF2m_mod");
265 if (!test_gf2m_mod(out)) goto err;
266 (void)BIO_flush(out);
267
268 message(out,"BN_GF2m_mod_mul");
269 if (!test_gf2m_mod_mul(out,ctx)) goto err;
270 (void)BIO_flush(out);
271
272 message(out,"BN_GF2m_mod_sqr");
273 if (!test_gf2m_mod_sqr(out,ctx)) goto err;
274 (void)BIO_flush(out);
275
276 message(out,"BN_GF2m_mod_inv");
277 if (!test_gf2m_mod_inv(out,ctx)) goto err;
278 (void)BIO_flush(out);
279
280 message(out,"BN_GF2m_mod_div");
281 if (!test_gf2m_mod_div(out,ctx)) goto err;
282 (void)BIO_flush(out);
283
284 message(out,"BN_GF2m_mod_exp");
285 if (!test_gf2m_mod_exp(out,ctx)) goto err;
286 (void)BIO_flush(out);
287
288 message(out,"BN_GF2m_mod_sqrt");
289 if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
290 (void)BIO_flush(out);
291
292 message(out,"BN_GF2m_mod_solve_quad");
293 if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
294 (void)BIO_flush(out);
295#endif
296 BN_CTX_free(ctx);
297 BIO_free(out);
298
299/**/
300 exit(0);
301err:
302 BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
303 * the failure, see test_bn in test/Makefile.ssl*/
304 (void)BIO_flush(out);
305 ERR_load_crypto_strings();
306 ERR_print_errors_fp(stderr);
307 exit(1);
308 }
309
310int test_add(BIO *bp)
311 {
312 BIGNUM a,b,c;
313 int i;
314
315 BN_init(&a);
316 BN_init(&b);
317 BN_init(&c);
318
319 BN_bntest_rand(&a,512,0,0);
320 for (i=0; i<num0; i++)
321 {
322 BN_bntest_rand(&b,450+i,0,0);
323 a.neg=rand_neg();
324 b.neg=rand_neg();
325 BN_add(&c,&a,&b);
326 if (bp != NULL)
327 {
328 if (!results)
329 {
330 BN_print(bp,&a);
331 BIO_puts(bp," + ");
332 BN_print(bp,&b);
333 BIO_puts(bp," - ");
334 }
335 BN_print(bp,&c);
336 BIO_puts(bp,"\n");
337 }
338 a.neg=!a.neg;
339 b.neg=!b.neg;
340 BN_add(&c,&c,&b);
341 BN_add(&c,&c,&a);
342 if(!BN_is_zero(&c))
343 {
344 fprintf(stderr,"Add test failed!\n");
345 return 0;
346 }
347 }
348 BN_free(&a);
349 BN_free(&b);
350 BN_free(&c);
351 return(1);
352 }
353
354int test_sub(BIO *bp)
355 {
356 BIGNUM a,b,c;
357 int i;
358
359 BN_init(&a);
360 BN_init(&b);
361 BN_init(&c);
362
363 for (i=0; i<num0+num1; i++)
364 {
365 if (i < num1)
366 {
367 BN_bntest_rand(&a,512,0,0);
368 BN_copy(&b,&a);
369 if (BN_set_bit(&a,i)==0) return(0);
370 BN_add_word(&b,i);
371 }
372 else
373 {
374 BN_bntest_rand(&b,400+i-num1,0,0);
375 a.neg=rand_neg();
376 b.neg=rand_neg();
377 }
378 BN_sub(&c,&a,&b);
379 if (bp != NULL)
380 {
381 if (!results)
382 {
383 BN_print(bp,&a);
384 BIO_puts(bp," - ");
385 BN_print(bp,&b);
386 BIO_puts(bp," - ");
387 }
388 BN_print(bp,&c);
389 BIO_puts(bp,"\n");
390 }
391 BN_add(&c,&c,&b);
392 BN_sub(&c,&c,&a);
393 if(!BN_is_zero(&c))
394 {
395 fprintf(stderr,"Subtract test failed!\n");
396 return 0;
397 }
398 }
399 BN_free(&a);
400 BN_free(&b);
401 BN_free(&c);
402 return(1);
403 }
404
405int test_div(BIO *bp, BN_CTX *ctx)
406 {
407 BIGNUM a,b,c,d,e;
408 int i;
409
410 BN_init(&a);
411 BN_init(&b);
412 BN_init(&c);
413 BN_init(&d);
414 BN_init(&e);
415
416 for (i=0; i<num0+num1; i++)
417 {
418 if (i < num1)
419 {
420 BN_bntest_rand(&a,400,0,0);
421 BN_copy(&b,&a);
422 BN_lshift(&a,&a,i);
423 BN_add_word(&a,i);
424 }
425 else
426 BN_bntest_rand(&b,50+3*(i-num1),0,0);
427 a.neg=rand_neg();
428 b.neg=rand_neg();
429 BN_div(&d,&c,&a,&b,ctx);
430 if (bp != NULL)
431 {
432 if (!results)
433 {
434 BN_print(bp,&a);
435 BIO_puts(bp," / ");
436 BN_print(bp,&b);
437 BIO_puts(bp," - ");
438 }
439 BN_print(bp,&d);
440 BIO_puts(bp,"\n");
441
442 if (!results)
443 {
444 BN_print(bp,&a);
445 BIO_puts(bp," % ");
446 BN_print(bp,&b);
447 BIO_puts(bp," - ");
448 }
449 BN_print(bp,&c);
450 BIO_puts(bp,"\n");
451 }
452 BN_mul(&e,&d,&b,ctx);
453 BN_add(&d,&e,&c);
454 BN_sub(&d,&d,&a);
455 if(!BN_is_zero(&d))
456 {
457 fprintf(stderr,"Division test failed!\n");
458 return 0;
459 }
460 }
461 BN_free(&a);
462 BN_free(&b);
463 BN_free(&c);
464 BN_free(&d);
465 BN_free(&e);
466 return(1);
467 }
468
469static void print_word(BIO *bp,BN_ULONG w)
470 {
471#ifdef SIXTY_FOUR_BIT
472 if (sizeof(w) > sizeof(unsigned long))
473 {
474 unsigned long h=(unsigned long)(w>>32),
475 l=(unsigned long)(w);
476
477 if (h) BIO_printf(bp,"%lX%08lX",h,l);
478 else BIO_printf(bp,"%lX",l);
479 return;
480 }
481#endif
482 BIO_printf(bp,BN_HEX_FMT1,w);
483 }
484
485int test_div_word(BIO *bp)
486 {
487 BIGNUM a,b;
488 BN_ULONG r,s;
489 int i;
490
491 BN_init(&a);
492 BN_init(&b);
493
494 for (i=0; i<num0; i++)
495 {
496 do {
497 BN_bntest_rand(&a,512,-1,0);
498 BN_bntest_rand(&b,BN_BITS2,-1,0);
499 s = b.d[0];
500 } while (!s);
501
502 BN_copy(&b, &a);
503 r = BN_div_word(&b, s);
504
505 if (bp != NULL)
506 {
507 if (!results)
508 {
509 BN_print(bp,&a);
510 BIO_puts(bp," / ");
511 print_word(bp,s);
512 BIO_puts(bp," - ");
513 }
514 BN_print(bp,&b);
515 BIO_puts(bp,"\n");
516
517 if (!results)
518 {
519 BN_print(bp,&a);
520 BIO_puts(bp," % ");
521 print_word(bp,s);
522 BIO_puts(bp," - ");
523 }
524 print_word(bp,r);
525 BIO_puts(bp,"\n");
526 }
527 BN_mul_word(&b,s);
528 BN_add_word(&b,r);
529 BN_sub(&b,&a,&b);
530 if(!BN_is_zero(&b))
531 {
532 fprintf(stderr,"Division (word) test failed!\n");
533 return 0;
534 }
535 }
536 BN_free(&a);
537 BN_free(&b);
538 return(1);
539 }
540
541int test_div_recp(BIO *bp, BN_CTX *ctx)
542 {
543 BIGNUM a,b,c,d,e;
544 BN_RECP_CTX recp;
545 int i;
546
547 BN_RECP_CTX_init(&recp);
548 BN_init(&a);
549 BN_init(&b);
550 BN_init(&c);
551 BN_init(&d);
552 BN_init(&e);
553
554 for (i=0; i<num0+num1; i++)
555 {
556 if (i < num1)
557 {
558 BN_bntest_rand(&a,400,0,0);
559 BN_copy(&b,&a);
560 BN_lshift(&a,&a,i);
561 BN_add_word(&a,i);
562 }
563 else
564 BN_bntest_rand(&b,50+3*(i-num1),0,0);
565 a.neg=rand_neg();
566 b.neg=rand_neg();
567 BN_RECP_CTX_set(&recp,&b,ctx);
568 BN_div_recp(&d,&c,&a,&recp,ctx);
569 if (bp != NULL)
570 {
571 if (!results)
572 {
573 BN_print(bp,&a);
574 BIO_puts(bp," / ");
575 BN_print(bp,&b);
576 BIO_puts(bp," - ");
577 }
578 BN_print(bp,&d);
579 BIO_puts(bp,"\n");
580
581 if (!results)
582 {
583 BN_print(bp,&a);
584 BIO_puts(bp," % ");
585 BN_print(bp,&b);
586 BIO_puts(bp," - ");
587 }
588 BN_print(bp,&c);
589 BIO_puts(bp,"\n");
590 }
591 BN_mul(&e,&d,&b,ctx);
592 BN_add(&d,&e,&c);
593 BN_sub(&d,&d,&a);
594 if(!BN_is_zero(&d))
595 {
596 fprintf(stderr,"Reciprocal division test failed!\n");
597 fprintf(stderr,"a=");
598 BN_print_fp(stderr,&a);
599 fprintf(stderr,"\nb=");
600 BN_print_fp(stderr,&b);
601 fprintf(stderr,"\n");
602 return 0;
603 }
604 }
605 BN_free(&a);
606 BN_free(&b);
607 BN_free(&c);
608 BN_free(&d);
609 BN_free(&e);
610 BN_RECP_CTX_free(&recp);
611 return(1);
612 }
613
614int test_mul(BIO *bp)
615 {
616 BIGNUM a,b,c,d,e;
617 int i;
618 BN_CTX *ctx;
619
620 ctx = BN_CTX_new();
621 if (ctx == NULL) exit(1);
622
623 BN_init(&a);
624 BN_init(&b);
625 BN_init(&c);
626 BN_init(&d);
627 BN_init(&e);
628
629 for (i=0; i<num0+num1; i++)
630 {
631 if (i <= num1)
632 {
633 BN_bntest_rand(&a,100,0,0);
634 BN_bntest_rand(&b,100,0,0);
635 }
636 else
637 BN_bntest_rand(&b,i-num1,0,0);
638 a.neg=rand_neg();
639 b.neg=rand_neg();
640 BN_mul(&c,&a,&b,ctx);
641 if (bp != NULL)
642 {
643 if (!results)
644 {
645 BN_print(bp,&a);
646 BIO_puts(bp," * ");
647 BN_print(bp,&b);
648 BIO_puts(bp," - ");
649 }
650 BN_print(bp,&c);
651 BIO_puts(bp,"\n");
652 }
653 BN_div(&d,&e,&c,&a,ctx);
654 BN_sub(&d,&d,&b);
655 if(!BN_is_zero(&d) || !BN_is_zero(&e))
656 {
657 fprintf(stderr,"Multiplication test failed!\n");
658 return 0;
659 }
660 }
661 BN_free(&a);
662 BN_free(&b);
663 BN_free(&c);
664 BN_free(&d);
665 BN_free(&e);
666 BN_CTX_free(ctx);
667 return(1);
668 }
669
670int test_sqr(BIO *bp, BN_CTX *ctx)
671 {
672 BIGNUM a,c,d,e;
673 int i;
674
675 BN_init(&a);
676 BN_init(&c);
677 BN_init(&d);
678 BN_init(&e);
679
680 for (i=0; i<num0; i++)
681 {
682 BN_bntest_rand(&a,40+i*10,0,0);
683 a.neg=rand_neg();
684 BN_sqr(&c,&a,ctx);
685 if (bp != NULL)
686 {
687 if (!results)
688 {
689 BN_print(bp,&a);
690 BIO_puts(bp," * ");
691 BN_print(bp,&a);
692 BIO_puts(bp," - ");
693 }
694 BN_print(bp,&c);
695 BIO_puts(bp,"\n");
696 }
697 BN_div(&d,&e,&c,&a,ctx);
698 BN_sub(&d,&d,&a);
699 if(!BN_is_zero(&d) || !BN_is_zero(&e))
700 {
701 fprintf(stderr,"Square test failed!\n");
702 return 0;
703 }
704 }
705 BN_free(&a);
706 BN_free(&c);
707 BN_free(&d);
708 BN_free(&e);
709 return(1);
710 }
711
712int test_mont(BIO *bp, BN_CTX *ctx)
713 {
714 BIGNUM a,b,c,d,A,B;
715 BIGNUM n;
716 int i;
717 BN_MONT_CTX *mont;
718
719 BN_init(&a);
720 BN_init(&b);
721 BN_init(&c);
722 BN_init(&d);
723 BN_init(&A);
724 BN_init(&B);
725 BN_init(&n);
726
727 mont=BN_MONT_CTX_new();
728 if (mont == NULL)
729 return 0;
730
731 BN_bntest_rand(&a,100,0,0); /**/
732 BN_bntest_rand(&b,100,0,0); /**/
733 for (i=0; i<num2; i++)
734 {
735 int bits = (200*(i+1))/num2;
736
737 if (bits == 0)
738 continue;
739 BN_bntest_rand(&n,bits,0,1);
740 BN_MONT_CTX_set(mont,&n,ctx);
741
742 BN_nnmod(&a,&a,&n,ctx);
743 BN_nnmod(&b,&b,&n,ctx);
744
745 BN_to_montgomery(&A,&a,mont,ctx);
746 BN_to_montgomery(&B,&b,mont,ctx);
747
748 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
749 BN_from_montgomery(&A,&c,mont,ctx);/**/
750 if (bp != NULL)
751 {
752 if (!results)
753 {
754 BN_print(bp,&a);
755 BIO_puts(bp," * ");
756 BN_print(bp,&b);
757 BIO_puts(bp," % ");
758 BN_print(bp,&(mont->N));
759 BIO_puts(bp," - ");
760 }
761 BN_print(bp,&A);
762 BIO_puts(bp,"\n");
763 }
764 BN_mod_mul(&d,&a,&b,&n,ctx);
765 BN_sub(&d,&d,&A);
766 if(!BN_is_zero(&d))
767 {
768 fprintf(stderr,"Montgomery multiplication test failed!\n");
769 return 0;
770 }
771 }
772 BN_MONT_CTX_free(mont);
773 BN_free(&a);
774 BN_free(&b);
775 BN_free(&c);
776 BN_free(&d);
777 BN_free(&A);
778 BN_free(&B);
779 BN_free(&n);
780 return(1);
781 }
782
783int test_mod(BIO *bp, BN_CTX *ctx)
784 {
785 BIGNUM *a,*b,*c,*d,*e;
786 int i;
787
788 a=BN_new();
789 b=BN_new();
790 c=BN_new();
791 d=BN_new();
792 e=BN_new();
793
794 BN_bntest_rand(a,1024,0,0); /**/
795 for (i=0; i<num0; i++)
796 {
797 BN_bntest_rand(b,450+i*10,0,0); /**/
798 a->neg=rand_neg();
799 b->neg=rand_neg();
800 BN_mod(c,a,b,ctx);/**/
801 if (bp != NULL)
802 {
803 if (!results)
804 {
805 BN_print(bp,a);
806 BIO_puts(bp," % ");
807 BN_print(bp,b);
808 BIO_puts(bp," - ");
809 }
810 BN_print(bp,c);
811 BIO_puts(bp,"\n");
812 }
813 BN_div(d,e,a,b,ctx);
814 BN_sub(e,e,c);
815 if(!BN_is_zero(e))
816 {
817 fprintf(stderr,"Modulo test failed!\n");
818 return 0;
819 }
820 }
821 BN_free(a);
822 BN_free(b);
823 BN_free(c);
824 BN_free(d);
825 BN_free(e);
826 return(1);
827 }
828
829int test_mod_mul(BIO *bp, BN_CTX *ctx)
830 {
831 BIGNUM *a,*b,*c,*d,*e;
832 int i,j;
833
834 a=BN_new();
835 b=BN_new();
836 c=BN_new();
837 d=BN_new();
838 e=BN_new();
839
840 for (j=0; j<3; j++) {
841 BN_bntest_rand(c,1024,0,0); /**/
842 for (i=0; i<num0; i++)
843 {
844 BN_bntest_rand(a,475+i*10,0,0); /**/
845 BN_bntest_rand(b,425+i*11,0,0); /**/
846 a->neg=rand_neg();
847 b->neg=rand_neg();
848 if (!BN_mod_mul(e,a,b,c,ctx))
849 {
850 unsigned long l;
851
852 while ((l=ERR_get_error()))
853 fprintf(stderr,"ERROR:%s\n",
854 ERR_error_string(l,NULL));
855 exit(1);
856 }
857 if (bp != NULL)
858 {
859 if (!results)
860 {
861 BN_print(bp,a);
862 BIO_puts(bp," * ");
863 BN_print(bp,b);
864 BIO_puts(bp," % ");
865 BN_print(bp,c);
866 if ((a->neg ^ b->neg) && !BN_is_zero(e))
867 {
868 /* If (a*b) % c is negative, c must be added
869 * in order to obtain the normalized remainder
870 * (new with OpenSSL 0.9.7, previous versions of
871 * BN_mod_mul could generate negative results)
872 */
873 BIO_puts(bp," + ");
874 BN_print(bp,c);
875 }
876 BIO_puts(bp," - ");
877 }
878 BN_print(bp,e);
879 BIO_puts(bp,"\n");
880 }
881 BN_mul(d,a,b,ctx);
882 BN_sub(d,d,e);
883 BN_div(a,b,d,c,ctx);
884 if(!BN_is_zero(b))
885 {
886 fprintf(stderr,"Modulo multiply test failed!\n");
887 ERR_print_errors_fp(stderr);
888 return 0;
889 }
890 }
891 }
892 BN_free(a);
893 BN_free(b);
894 BN_free(c);
895 BN_free(d);
896 BN_free(e);
897 return(1);
898 }
899
900int test_mod_exp(BIO *bp, BN_CTX *ctx)
901 {
902 BIGNUM *a,*b,*c,*d,*e;
903 int i;
904
905 a=BN_new();
906 b=BN_new();
907 c=BN_new();
908 d=BN_new();
909 e=BN_new();
910
911 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
912 for (i=0; i<num2; i++)
913 {
914 BN_bntest_rand(a,20+i*5,0,0); /**/
915 BN_bntest_rand(b,2+i,0,0); /**/
916
917 if (!BN_mod_exp(d,a,b,c,ctx))
918 return(0);
919
920 if (bp != NULL)
921 {
922 if (!results)
923 {
924 BN_print(bp,a);
925 BIO_puts(bp," ^ ");
926 BN_print(bp,b);
927 BIO_puts(bp," % ");
928 BN_print(bp,c);
929 BIO_puts(bp," - ");
930 }
931 BN_print(bp,d);
932 BIO_puts(bp,"\n");
933 }
934 BN_exp(e,a,b,ctx);
935 BN_sub(e,e,d);
936 BN_div(a,b,e,c,ctx);
937 if(!BN_is_zero(b))
938 {
939 fprintf(stderr,"Modulo exponentiation test failed!\n");
940 return 0;
941 }
942 }
943 BN_free(a);
944 BN_free(b);
945 BN_free(c);
946 BN_free(d);
947 BN_free(e);
948 return(1);
949 }
950
951int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
952 {
953 BIGNUM *a,*b,*c,*d,*e;
954 int i;
955
956 a=BN_new();
957 b=BN_new();
958 c=BN_new();
959 d=BN_new();
960 e=BN_new();
961
962 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
963 for (i=0; i<num2; i++)
964 {
965 BN_bntest_rand(a,20+i*5,0,0); /**/
966 BN_bntest_rand(b,2+i,0,0); /**/
967
968 if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
969 return(00);
970
971 if (bp != NULL)
972 {
973 if (!results)
974 {
975 BN_print(bp,a);
976 BIO_puts(bp," ^ ");
977 BN_print(bp,b);
978 BIO_puts(bp," % ");
979 BN_print(bp,c);
980 BIO_puts(bp," - ");
981 }
982 BN_print(bp,d);
983 BIO_puts(bp,"\n");
984 }
985 BN_exp(e,a,b,ctx);
986 BN_sub(e,e,d);
987 BN_div(a,b,e,c,ctx);
988 if(!BN_is_zero(b))
989 {
990 fprintf(stderr,"Modulo exponentiation test failed!\n");
991 return 0;
992 }
993 }
994 BN_free(a);
995 BN_free(b);
996 BN_free(c);
997 BN_free(d);
998 BN_free(e);
999 return(1);
1000 }
1001
1002int test_exp(BIO *bp, BN_CTX *ctx)
1003 {
1004 BIGNUM *a,*b,*d,*e,*one;
1005 int i;
1006
1007 a=BN_new();
1008 b=BN_new();
1009 d=BN_new();
1010 e=BN_new();
1011 one=BN_new();
1012 BN_one(one);
1013
1014 for (i=0; i<num2; i++)
1015 {
1016 BN_bntest_rand(a,20+i*5,0,0); /**/
1017 BN_bntest_rand(b,2+i,0,0); /**/
1018
1019 if (BN_exp(d,a,b,ctx) <= 0)
1020 return(0);
1021
1022 if (bp != NULL)
1023 {
1024 if (!results)
1025 {
1026 BN_print(bp,a);
1027 BIO_puts(bp," ^ ");
1028 BN_print(bp,b);
1029 BIO_puts(bp," - ");
1030 }
1031 BN_print(bp,d);
1032 BIO_puts(bp,"\n");
1033 }
1034 BN_one(e);
1035 for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
1036 BN_mul(e,e,a,ctx);
1037 BN_sub(e,e,d);
1038 if(!BN_is_zero(e))
1039 {
1040 fprintf(stderr,"Exponentiation test failed!\n");
1041 return 0;
1042 }
1043 }
1044 BN_free(a);
1045 BN_free(b);
1046 BN_free(d);
1047 BN_free(e);
1048 BN_free(one);
1049 return(1);
1050 }
1051#ifndef OPENSSL_NO_EC2M
1052int test_gf2m_add(BIO *bp)
1053 {
1054 BIGNUM a,b,c;
1055 int i, ret = 0;
1056
1057 BN_init(&a);
1058 BN_init(&b);
1059 BN_init(&c);
1060
1061 for (i=0; i<num0; i++)
1062 {
1063 BN_rand(&a,512,0,0);
1064 BN_copy(&b, BN_value_one());
1065 a.neg=rand_neg();
1066 b.neg=rand_neg();
1067 BN_GF2m_add(&c,&a,&b);
1068#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1069 if (bp != NULL)
1070 {
1071 if (!results)
1072 {
1073 BN_print(bp,&a);
1074 BIO_puts(bp," ^ ");
1075 BN_print(bp,&b);
1076 BIO_puts(bp," = ");
1077 }
1078 BN_print(bp,&c);
1079 BIO_puts(bp,"\n");
1080 }
1081#endif
1082 /* Test that two added values have the correct parity. */
1083 if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
1084 {
1085 fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
1086 goto err;
1087 }
1088 BN_GF2m_add(&c,&c,&c);
1089 /* Test that c + c = 0. */
1090 if(!BN_is_zero(&c))
1091 {
1092 fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
1093 goto err;
1094 }
1095 }
1096 ret = 1;
1097 err:
1098 BN_free(&a);
1099 BN_free(&b);
1100 BN_free(&c);
1101 return ret;
1102 }
1103
1104int test_gf2m_mod(BIO *bp)
1105 {
1106 BIGNUM *a,*b[2],*c,*d,*e;
1107 int i, j, ret = 0;
1108 int p0[] = {163,7,6,3,0,-1};
1109 int p1[] = {193,15,0,-1};
1110
1111 a=BN_new();
1112 b[0]=BN_new();
1113 b[1]=BN_new();
1114 c=BN_new();
1115 d=BN_new();
1116 e=BN_new();
1117
1118 BN_GF2m_arr2poly(p0, b[0]);
1119 BN_GF2m_arr2poly(p1, b[1]);
1120
1121 for (i=0; i<num0; i++)
1122 {
1123 BN_bntest_rand(a, 1024, 0, 0);
1124 for (j=0; j < 2; j++)
1125 {
1126 BN_GF2m_mod(c, a, b[j]);
1127#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1128 if (bp != NULL)
1129 {
1130 if (!results)
1131 {
1132 BN_print(bp,a);
1133 BIO_puts(bp," % ");
1134 BN_print(bp,b[j]);
1135 BIO_puts(bp," - ");
1136 BN_print(bp,c);
1137 BIO_puts(bp,"\n");
1138 }
1139 }
1140#endif
1141 BN_GF2m_add(d, a, c);
1142 BN_GF2m_mod(e, d, b[j]);
1143 /* Test that a + (a mod p) mod p == 0. */
1144 if(!BN_is_zero(e))
1145 {
1146 fprintf(stderr,"GF(2^m) modulo test failed!\n");
1147 goto err;
1148 }
1149 }
1150 }
1151 ret = 1;
1152 err:
1153 BN_free(a);
1154 BN_free(b[0]);
1155 BN_free(b[1]);
1156 BN_free(c);
1157 BN_free(d);
1158 BN_free(e);
1159 return ret;
1160 }
1161
1162int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
1163 {
1164 BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
1165 int i, j, ret = 0;
1166 int p0[] = {163,7,6,3,0,-1};
1167 int p1[] = {193,15,0,-1};
1168
1169 a=BN_new();
1170 b[0]=BN_new();
1171 b[1]=BN_new();
1172 c=BN_new();
1173 d=BN_new();
1174 e=BN_new();
1175 f=BN_new();
1176 g=BN_new();
1177 h=BN_new();
1178
1179 BN_GF2m_arr2poly(p0, b[0]);
1180 BN_GF2m_arr2poly(p1, b[1]);
1181
1182 for (i=0; i<num0; i++)
1183 {
1184 BN_bntest_rand(a, 1024, 0, 0);
1185 BN_bntest_rand(c, 1024, 0, 0);
1186 BN_bntest_rand(d, 1024, 0, 0);
1187 for (j=0; j < 2; j++)
1188 {
1189 BN_GF2m_mod_mul(e, a, c, b[j], ctx);
1190#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1191 if (bp != NULL)
1192 {
1193 if (!results)
1194 {
1195 BN_print(bp,a);
1196 BIO_puts(bp," * ");
1197 BN_print(bp,c);
1198 BIO_puts(bp," % ");
1199 BN_print(bp,b[j]);
1200 BIO_puts(bp," - ");
1201 BN_print(bp,e);
1202 BIO_puts(bp,"\n");
1203 }
1204 }
1205#endif
1206 BN_GF2m_add(f, a, d);
1207 BN_GF2m_mod_mul(g, f, c, b[j], ctx);
1208 BN_GF2m_mod_mul(h, d, c, b[j], ctx);
1209 BN_GF2m_add(f, e, g);
1210 BN_GF2m_add(f, f, h);
1211 /* Test that (a+d)*c = a*c + d*c. */
1212 if(!BN_is_zero(f))
1213 {
1214 fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
1215 goto err;
1216 }
1217 }
1218 }
1219 ret = 1;
1220 err:
1221 BN_free(a);
1222 BN_free(b[0]);
1223 BN_free(b[1]);
1224 BN_free(c);
1225 BN_free(d);
1226 BN_free(e);
1227 BN_free(f);
1228 BN_free(g);
1229 BN_free(h);
1230 return ret;
1231 }
1232
1233int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
1234 {
1235 BIGNUM *a,*b[2],*c,*d;
1236 int i, j, ret = 0;
1237 int p0[] = {163,7,6,3,0,-1};
1238 int p1[] = {193,15,0,-1};
1239
1240 a=BN_new();
1241 b[0]=BN_new();
1242 b[1]=BN_new();
1243 c=BN_new();
1244 d=BN_new();
1245
1246 BN_GF2m_arr2poly(p0, b[0]);
1247 BN_GF2m_arr2poly(p1, b[1]);
1248
1249 for (i=0; i<num0; i++)
1250 {
1251 BN_bntest_rand(a, 1024, 0, 0);
1252 for (j=0; j < 2; j++)
1253 {
1254 BN_GF2m_mod_sqr(c, a, b[j], ctx);
1255 BN_copy(d, a);
1256 BN_GF2m_mod_mul(d, a, d, b[j], ctx);
1257#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1258 if (bp != NULL)
1259 {
1260 if (!results)
1261 {
1262 BN_print(bp,a);
1263 BIO_puts(bp," ^ 2 % ");
1264 BN_print(bp,b[j]);
1265 BIO_puts(bp, " = ");
1266 BN_print(bp,c);
1267 BIO_puts(bp,"; a * a = ");
1268 BN_print(bp,d);
1269 BIO_puts(bp,"\n");
1270 }
1271 }
1272#endif
1273 BN_GF2m_add(d, c, d);
1274 /* Test that a*a = a^2. */
1275 if(!BN_is_zero(d))
1276 {
1277 fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
1278 goto err;
1279 }
1280 }
1281 }
1282 ret = 1;
1283 err:
1284 BN_free(a);
1285 BN_free(b[0]);
1286 BN_free(b[1]);
1287 BN_free(c);
1288 BN_free(d);
1289 return ret;
1290 }
1291
1292int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
1293 {
1294 BIGNUM *a,*b[2],*c,*d;
1295 int i, j, ret = 0;
1296 int p0[] = {163,7,6,3,0,-1};
1297 int p1[] = {193,15,0,-1};
1298
1299 a=BN_new();
1300 b[0]=BN_new();
1301 b[1]=BN_new();
1302 c=BN_new();
1303 d=BN_new();
1304
1305 BN_GF2m_arr2poly(p0, b[0]);
1306 BN_GF2m_arr2poly(p1, b[1]);
1307
1308 for (i=0; i<num0; i++)
1309 {
1310 BN_bntest_rand(a, 512, 0, 0);
1311 for (j=0; j < 2; j++)
1312 {
1313 BN_GF2m_mod_inv(c, a, b[j], ctx);
1314 BN_GF2m_mod_mul(d, a, c, b[j], ctx);
1315#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1316 if (bp != NULL)
1317 {
1318 if (!results)
1319 {
1320 BN_print(bp,a);
1321 BIO_puts(bp, " * ");
1322 BN_print(bp,c);
1323 BIO_puts(bp," - 1 % ");
1324 BN_print(bp,b[j]);
1325 BIO_puts(bp,"\n");
1326 }
1327 }
1328#endif
1329 /* Test that ((1/a)*a) = 1. */
1330 if(!BN_is_one(d))
1331 {
1332 fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
1333 goto err;
1334 }
1335 }
1336 }
1337 ret = 1;
1338 err:
1339 BN_free(a);
1340 BN_free(b[0]);
1341 BN_free(b[1]);
1342 BN_free(c);
1343 BN_free(d);
1344 return ret;
1345 }
1346
1347int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
1348 {
1349 BIGNUM *a,*b[2],*c,*d,*e,*f;
1350 int i, j, ret = 0;
1351 int p0[] = {163,7,6,3,0,-1};
1352 int p1[] = {193,15,0,-1};
1353
1354 a=BN_new();
1355 b[0]=BN_new();
1356 b[1]=BN_new();
1357 c=BN_new();
1358 d=BN_new();
1359 e=BN_new();
1360 f=BN_new();
1361
1362 BN_GF2m_arr2poly(p0, b[0]);
1363 BN_GF2m_arr2poly(p1, b[1]);
1364
1365 for (i=0; i<num0; i++)
1366 {
1367 BN_bntest_rand(a, 512, 0, 0);
1368 BN_bntest_rand(c, 512, 0, 0);
1369 for (j=0; j < 2; j++)
1370 {
1371 BN_GF2m_mod_div(d, a, c, b[j], ctx);
1372 BN_GF2m_mod_mul(e, d, c, b[j], ctx);
1373 BN_GF2m_mod_div(f, a, e, b[j], ctx);
1374#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1375 if (bp != NULL)
1376 {
1377 if (!results)
1378 {
1379 BN_print(bp,a);
1380 BIO_puts(bp, " = ");
1381 BN_print(bp,c);
1382 BIO_puts(bp," * ");
1383 BN_print(bp,d);
1384 BIO_puts(bp, " % ");
1385 BN_print(bp,b[j]);
1386 BIO_puts(bp,"\n");
1387 }
1388 }
1389#endif
1390 /* Test that ((a/c)*c)/a = 1. */
1391 if(!BN_is_one(f))
1392 {
1393 fprintf(stderr,"GF(2^m) modular division test failed!\n");
1394 goto err;
1395 }
1396 }
1397 }
1398 ret = 1;
1399 err:
1400 BN_free(a);
1401 BN_free(b[0]);
1402 BN_free(b[1]);
1403 BN_free(c);
1404 BN_free(d);
1405 BN_free(e);
1406 BN_free(f);
1407 return ret;
1408 }
1409
1410int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
1411 {
1412 BIGNUM *a,*b[2],*c,*d,*e,*f;
1413 int i, j, ret = 0;
1414 int p0[] = {163,7,6,3,0,-1};
1415 int p1[] = {193,15,0,-1};
1416
1417 a=BN_new();
1418 b[0]=BN_new();
1419 b[1]=BN_new();
1420 c=BN_new();
1421 d=BN_new();
1422 e=BN_new();
1423 f=BN_new();
1424
1425 BN_GF2m_arr2poly(p0, b[0]);
1426 BN_GF2m_arr2poly(p1, b[1]);
1427
1428 for (i=0; i<num0; i++)
1429 {
1430 BN_bntest_rand(a, 512, 0, 0);
1431 BN_bntest_rand(c, 512, 0, 0);
1432 BN_bntest_rand(d, 512, 0, 0);
1433 for (j=0; j < 2; j++)
1434 {
1435 BN_GF2m_mod_exp(e, a, c, b[j], ctx);
1436 BN_GF2m_mod_exp(f, a, d, b[j], ctx);
1437 BN_GF2m_mod_mul(e, e, f, b[j], ctx);
1438 BN_add(f, c, d);
1439 BN_GF2m_mod_exp(f, a, f, b[j], ctx);
1440#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1441 if (bp != NULL)
1442 {
1443 if (!results)
1444 {
1445 BN_print(bp,a);
1446 BIO_puts(bp, " ^ (");
1447 BN_print(bp,c);
1448 BIO_puts(bp," + ");
1449 BN_print(bp,d);
1450 BIO_puts(bp, ") = ");
1451 BN_print(bp,e);
1452 BIO_puts(bp, "; - ");
1453 BN_print(bp,f);
1454 BIO_puts(bp, " % ");
1455 BN_print(bp,b[j]);
1456 BIO_puts(bp,"\n");
1457 }
1458 }
1459#endif
1460 BN_GF2m_add(f, e, f);
1461 /* Test that a^(c+d)=a^c*a^d. */
1462 if(!BN_is_zero(f))
1463 {
1464 fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
1465 goto err;
1466 }
1467 }
1468 }
1469 ret = 1;
1470 err:
1471 BN_free(a);
1472 BN_free(b[0]);
1473 BN_free(b[1]);
1474 BN_free(c);
1475 BN_free(d);
1476 BN_free(e);
1477 BN_free(f);
1478 return ret;
1479 }
1480
1481int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
1482 {
1483 BIGNUM *a,*b[2],*c,*d,*e,*f;
1484 int i, j, ret = 0;
1485 int p0[] = {163,7,6,3,0,-1};
1486 int p1[] = {193,15,0,-1};
1487
1488 a=BN_new();
1489 b[0]=BN_new();
1490 b[1]=BN_new();
1491 c=BN_new();
1492 d=BN_new();
1493 e=BN_new();
1494 f=BN_new();
1495
1496 BN_GF2m_arr2poly(p0, b[0]);
1497 BN_GF2m_arr2poly(p1, b[1]);
1498
1499 for (i=0; i<num0; i++)
1500 {
1501 BN_bntest_rand(a, 512, 0, 0);
1502 for (j=0; j < 2; j++)
1503 {
1504 BN_GF2m_mod(c, a, b[j]);
1505 BN_GF2m_mod_sqrt(d, a, b[j], ctx);
1506 BN_GF2m_mod_sqr(e, d, b[j], ctx);
1507#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1508 if (bp != NULL)
1509 {
1510 if (!results)
1511 {
1512 BN_print(bp,d);
1513 BIO_puts(bp, " ^ 2 - ");
1514 BN_print(bp,a);
1515 BIO_puts(bp,"\n");
1516 }
1517 }
1518#endif
1519 BN_GF2m_add(f, c, e);
1520 /* Test that d^2 = a, where d = sqrt(a). */
1521 if(!BN_is_zero(f))
1522 {
1523 fprintf(stderr,"GF(2^m) modular square root test failed!\n");
1524 goto err;
1525 }
1526 }
1527 }
1528 ret = 1;
1529 err:
1530 BN_free(a);
1531 BN_free(b[0]);
1532 BN_free(b[1]);
1533 BN_free(c);
1534 BN_free(d);
1535 BN_free(e);
1536 BN_free(f);
1537 return ret;
1538 }
1539
1540int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
1541 {
1542 BIGNUM *a,*b[2],*c,*d,*e;
1543 int i, j, s = 0, t, ret = 0;
1544 int p0[] = {163,7,6,3,0,-1};
1545 int p1[] = {193,15,0,-1};
1546
1547 a=BN_new();
1548 b[0]=BN_new();
1549 b[1]=BN_new();
1550 c=BN_new();
1551 d=BN_new();
1552 e=BN_new();
1553
1554 BN_GF2m_arr2poly(p0, b[0]);
1555 BN_GF2m_arr2poly(p1, b[1]);
1556
1557 for (i=0; i<num0; i++)
1558 {
1559 BN_bntest_rand(a, 512, 0, 0);
1560 for (j=0; j < 2; j++)
1561 {
1562 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1563 if (t)
1564 {
1565 s++;
1566 BN_GF2m_mod_sqr(d, c, b[j], ctx);
1567 BN_GF2m_add(d, c, d);
1568 BN_GF2m_mod(e, a, b[j]);
1569#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1570 if (bp != NULL)
1571 {
1572 if (!results)
1573 {
1574 BN_print(bp,c);
1575 BIO_puts(bp, " is root of z^2 + z = ");
1576 BN_print(bp,a);
1577 BIO_puts(bp, " % ");
1578 BN_print(bp,b[j]);
1579 BIO_puts(bp, "\n");
1580 }
1581 }
1582#endif
1583 BN_GF2m_add(e, e, d);
1584 /* Test that solution of quadratic c satisfies c^2 + c = a. */
1585 if(!BN_is_zero(e))
1586 {
1587 fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
1588 goto err;
1589 }
1590
1591 }
1592 else
1593 {
1594#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1595 if (bp != NULL)
1596 {
1597 if (!results)
1598 {
1599 BIO_puts(bp, "There are no roots of z^2 + z = ");
1600 BN_print(bp,a);
1601 BIO_puts(bp, " % ");
1602 BN_print(bp,b[j]);
1603 BIO_puts(bp, "\n");
1604 }
1605 }
1606#endif
1607 }
1608 }
1609 }
1610 if (s == 0)
1611 {
1612 fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
1613 fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
1614 goto err;
1615 }
1616 ret = 1;
1617 err:
1618 BN_free(a);
1619 BN_free(b[0]);
1620 BN_free(b[1]);
1621 BN_free(c);
1622 BN_free(d);
1623 BN_free(e);
1624 return ret;
1625 }
1626#endif
1627static int genprime_cb(int p, int n, BN_GENCB *arg)
1628 {
1629 char c='*';
1630
1631 if (p == 0) c='.';
1632 if (p == 1) c='+';
1633 if (p == 2) c='*';
1634 if (p == 3) c='\n';
1635 putc(c, stderr);
1636 fflush(stderr);
1637 return 1;
1638 }
1639
1640int test_kron(BIO *bp, BN_CTX *ctx)
1641 {
1642 BN_GENCB cb;
1643 BIGNUM *a,*b,*r,*t;
1644 int i;
1645 int legendre, kronecker;
1646 int ret = 0;
1647
1648 a = BN_new();
1649 b = BN_new();
1650 r = BN_new();
1651 t = BN_new();
1652 if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
1653
1654 BN_GENCB_set(&cb, genprime_cb, NULL);
1655
1656 /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
1657 * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
1658 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
1659 * So we generate a random prime b and compare these values
1660 * for a number of random a's. (That is, we run the Solovay-Strassen
1661 * primality test to confirm that b is prime, except that we
1662 * don't want to test whether b is prime but whether BN_kronecker
1663 * works.) */
1664
1665 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
1666 b->neg = rand_neg();
1667 putc('\n', stderr);
1668
1669 for (i = 0; i < num0; i++)
1670 {
1671 if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
1672 a->neg = rand_neg();
1673
1674 /* t := (|b|-1)/2 (note that b is odd) */
1675 if (!BN_copy(t, b)) goto err;
1676 t->neg = 0;
1677 if (!BN_sub_word(t, 1)) goto err;
1678 if (!BN_rshift1(t, t)) goto err;
1679 /* r := a^t mod b */
1680 b->neg=0;
1681
1682 if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
1683 b->neg=1;
1684
1685 if (BN_is_word(r, 1))
1686 legendre = 1;
1687 else if (BN_is_zero(r))
1688 legendre = 0;
1689 else
1690 {
1691 if (!BN_add_word(r, 1)) goto err;
1692 if (0 != BN_ucmp(r, b))
1693 {
1694 fprintf(stderr, "Legendre symbol computation failed\n");
1695 goto err;
1696 }
1697 legendre = -1;
1698 }
1699
1700 kronecker = BN_kronecker(a, b, ctx);
1701 if (kronecker < -1) goto err;
1702 /* we actually need BN_kronecker(a, |b|) */
1703 if (a->neg && b->neg)
1704 kronecker = -kronecker;
1705
1706 if (legendre != kronecker)
1707 {
1708 fprintf(stderr, "legendre != kronecker; a = ");
1709 BN_print_fp(stderr, a);
1710 fprintf(stderr, ", b = ");
1711 BN_print_fp(stderr, b);
1712 fprintf(stderr, "\n");
1713 goto err;
1714 }
1715
1716 putc('.', stderr);
1717 fflush(stderr);
1718 }
1719
1720 putc('\n', stderr);
1721 fflush(stderr);
1722 ret = 1;
1723 err:
1724 if (a != NULL) BN_free(a);
1725 if (b != NULL) BN_free(b);
1726 if (r != NULL) BN_free(r);
1727 if (t != NULL) BN_free(t);
1728 return ret;
1729 }
1730
1731int test_sqrt(BIO *bp, BN_CTX *ctx)
1732 {
1733 BN_GENCB cb;
1734 BIGNUM *a,*p,*r;
1735 int i, j;
1736 int ret = 0;
1737
1738 a = BN_new();
1739 p = BN_new();
1740 r = BN_new();
1741 if (a == NULL || p == NULL || r == NULL) goto err;
1742
1743 BN_GENCB_set(&cb, genprime_cb, NULL);
1744
1745 for (i = 0; i < 16; i++)
1746 {
1747 if (i < 8)
1748 {
1749 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
1750
1751 if (!BN_set_word(p, primes[i])) goto err;
1752 }
1753 else
1754 {
1755 if (!BN_set_word(a, 32)) goto err;
1756 if (!BN_set_word(r, 2*i + 1)) goto err;
1757
1758 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
1759 putc('\n', stderr);
1760 }
1761 p->neg = rand_neg();
1762
1763 for (j = 0; j < num2; j++)
1764 {
1765 /* construct 'a' such that it is a square modulo p,
1766 * but in general not a proper square and not reduced modulo p */
1767 if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
1768 if (!BN_nnmod(r, r, p, ctx)) goto err;
1769 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1770 if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
1771 if (!BN_nnmod(a, a, p, ctx)) goto err;
1772 if (!BN_mod_sqr(a, a, p, ctx)) goto err;
1773 if (!BN_mul(a, a, r, ctx)) goto err;
1774 if (rand_neg())
1775 if (!BN_sub(a, a, p)) goto err;
1776
1777 if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
1778 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1779
1780 if (!BN_nnmod(a, a, p, ctx)) goto err;
1781
1782 if (BN_cmp(a, r) != 0)
1783 {
1784 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1785 BN_print_fp(stderr, a);
1786 fprintf(stderr, ", r = ");
1787 BN_print_fp(stderr, r);
1788 fprintf(stderr, ", p = ");
1789 BN_print_fp(stderr, p);
1790 fprintf(stderr, "\n");
1791 goto err;
1792 }
1793
1794 putc('.', stderr);
1795 fflush(stderr);
1796 }
1797
1798 putc('\n', stderr);
1799 fflush(stderr);
1800 }
1801 ret = 1;
1802 err:
1803 if (a != NULL) BN_free(a);
1804 if (p != NULL) BN_free(p);
1805 if (r != NULL) BN_free(r);
1806 return ret;
1807 }
1808
1809int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
1810 {
1811 BIGNUM *a,*b,*c,*d;
1812 int i;
1813
1814 b=BN_new();
1815 c=BN_new();
1816 d=BN_new();
1817 BN_one(c);
1818
1819 if(a_)
1820 a=a_;
1821 else
1822 {
1823 a=BN_new();
1824 BN_bntest_rand(a,200,0,0); /**/
1825 a->neg=rand_neg();
1826 }
1827 for (i=0; i<num0; i++)
1828 {
1829 BN_lshift(b,a,i+1);
1830 BN_add(c,c,c);
1831 if (bp != NULL)
1832 {
1833 if (!results)
1834 {
1835 BN_print(bp,a);
1836 BIO_puts(bp," * ");
1837 BN_print(bp,c);
1838 BIO_puts(bp," - ");
1839 }
1840 BN_print(bp,b);
1841 BIO_puts(bp,"\n");
1842 }
1843 BN_mul(d,a,c,ctx);
1844 BN_sub(d,d,b);
1845 if(!BN_is_zero(d))
1846 {
1847 fprintf(stderr,"Left shift test failed!\n");
1848 fprintf(stderr,"a=");
1849 BN_print_fp(stderr,a);
1850 fprintf(stderr,"\nb=");
1851 BN_print_fp(stderr,b);
1852 fprintf(stderr,"\nc=");
1853 BN_print_fp(stderr,c);
1854 fprintf(stderr,"\nd=");
1855 BN_print_fp(stderr,d);
1856 fprintf(stderr,"\n");
1857 return 0;
1858 }
1859 }
1860 BN_free(a);
1861 BN_free(b);
1862 BN_free(c);
1863 BN_free(d);
1864 return(1);
1865 }
1866
1867int test_lshift1(BIO *bp)
1868 {
1869 BIGNUM *a,*b,*c;
1870 int i;
1871
1872 a=BN_new();
1873 b=BN_new();
1874 c=BN_new();
1875
1876 BN_bntest_rand(a,200,0,0); /**/
1877 a->neg=rand_neg();
1878 for (i=0; i<num0; i++)
1879 {
1880 BN_lshift1(b,a);
1881 if (bp != NULL)
1882 {
1883 if (!results)
1884 {
1885 BN_print(bp,a);
1886 BIO_puts(bp," * 2");
1887 BIO_puts(bp," - ");
1888 }
1889 BN_print(bp,b);
1890 BIO_puts(bp,"\n");
1891 }
1892 BN_add(c,a,a);
1893 BN_sub(a,b,c);
1894 if(!BN_is_zero(a))
1895 {
1896 fprintf(stderr,"Left shift one test failed!\n");
1897 return 0;
1898 }
1899
1900 BN_copy(a,b);
1901 }
1902 BN_free(a);
1903 BN_free(b);
1904 BN_free(c);
1905 return(1);
1906 }
1907
1908int test_rshift(BIO *bp,BN_CTX *ctx)
1909 {
1910 BIGNUM *a,*b,*c,*d,*e;
1911 int i;
1912
1913 a=BN_new();
1914 b=BN_new();
1915 c=BN_new();
1916 d=BN_new();
1917 e=BN_new();
1918 BN_one(c);
1919
1920 BN_bntest_rand(a,200,0,0); /**/
1921 a->neg=rand_neg();
1922 for (i=0; i<num0; i++)
1923 {
1924 BN_rshift(b,a,i+1);
1925 BN_add(c,c,c);
1926 if (bp != NULL)
1927 {
1928 if (!results)
1929 {
1930 BN_print(bp,a);
1931 BIO_puts(bp," / ");
1932 BN_print(bp,c);
1933 BIO_puts(bp," - ");
1934 }
1935 BN_print(bp,b);
1936 BIO_puts(bp,"\n");
1937 }
1938 BN_div(d,e,a,c,ctx);
1939 BN_sub(d,d,b);
1940 if(!BN_is_zero(d))
1941 {
1942 fprintf(stderr,"Right shift test failed!\n");
1943 return 0;
1944 }
1945 }
1946 BN_free(a);
1947 BN_free(b);
1948 BN_free(c);
1949 BN_free(d);
1950 BN_free(e);
1951 return(1);
1952 }
1953
1954int test_rshift1(BIO *bp)
1955 {
1956 BIGNUM *a,*b,*c;
1957 int i;
1958
1959 a=BN_new();
1960 b=BN_new();
1961 c=BN_new();
1962
1963 BN_bntest_rand(a,200,0,0); /**/
1964 a->neg=rand_neg();
1965 for (i=0; i<num0; i++)
1966 {
1967 BN_rshift1(b,a);
1968 if (bp != NULL)
1969 {
1970 if (!results)
1971 {
1972 BN_print(bp,a);
1973 BIO_puts(bp," / 2");
1974 BIO_puts(bp," - ");
1975 }
1976 BN_print(bp,b);
1977 BIO_puts(bp,"\n");
1978 }
1979 BN_sub(c,a,b);
1980 BN_sub(c,c,b);
1981 if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
1982 {
1983 fprintf(stderr,"Right shift one test failed!\n");
1984 return 0;
1985 }
1986 BN_copy(a,b);
1987 }
1988 BN_free(a);
1989 BN_free(b);
1990 BN_free(c);
1991 return(1);
1992 }
1993
1994int rand_neg(void)
1995 {
1996 static unsigned int neg=0;
1997 static int sign[8]={0,0,0,1,1,0,1,1};
1998
1999 return(sign[(neg++)%8]);
2000 }
diff --git a/src/regress/lib/libcrypto/cast/Makefile b/src/regress/lib/libcrypto/cast/Makefile
new file mode 100644
index 0000000000..9e14207b4a
--- /dev/null
+++ b/src/regress/lib/libcrypto/cast/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= casttest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/cast/casttest.c b/src/regress/lib/libcrypto/cast/casttest.c
new file mode 100644
index 0000000000..77f8ed4ba5
--- /dev/null
+++ b/src/regress/lib/libcrypto/cast/casttest.c
@@ -0,0 +1,222 @@
1/* crypto/cast/casttest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
63
64#include <openssl/cast.h>
65
66#define FULL_TEST
67
68static unsigned char k[16]={
69 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
70 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
71 };
72
73static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
74
75static int k_len[3]={16,10,5};
76static unsigned char c[3][8]={
77 {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
78 {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
79 {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
80 };
81static unsigned char out[80];
82
83static unsigned char in_a[16]={
84 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
85 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
86static unsigned char in_b[16]={
87 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
88 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
89
90static unsigned char c_a[16]={
91 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
92 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
93static unsigned char c_b[16]={
94 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
95 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
96
97#if 0
98char *text="Hello to all people out there";
99
100static unsigned char cfb_key[16]={
101 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
102 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
103 };
104static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
105static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
106#define CFB_TEST_SIZE 24
107static unsigned char plain[CFB_TEST_SIZE]=
108 {
109 0x4e,0x6f,0x77,0x20,0x69,0x73,
110 0x20,0x74,0x68,0x65,0x20,0x74,
111 0x69,0x6d,0x65,0x20,0x66,0x6f,
112 0x72,0x20,0x61,0x6c,0x6c,0x20
113 };
114static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
115 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
116 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
117 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
118
119/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
120 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
121 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
122 };
123#endif
124
125int main(int argc, char *argv[])
126 {
127#ifdef FULL_TEST
128 long l;
129 CAST_KEY key_b;
130#endif
131 int i,z,err=0;
132 CAST_KEY key;
133
134 for (z=0; z<3; z++)
135 {
136 CAST_set_key(&key,k_len[z],k);
137
138 CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
139 if (memcmp(out,&(c[z][0]),8) != 0)
140 {
141 printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
142 printf("got :");
143 for (i=0; i<8; i++)
144 printf("%02X ",out[i]);
145 printf("\n");
146 printf("expected:");
147 for (i=0; i<8; i++)
148 printf("%02X ",c[z][i]);
149 err=20;
150 printf("\n");
151 }
152
153 CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
154 if (memcmp(out,in,8) != 0)
155 {
156 printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
157 printf("got :");
158 for (i=0; i<8; i++)
159 printf("%02X ",out[i]);
160 printf("\n");
161 printf("expected:");
162 for (i=0; i<8; i++)
163 printf("%02X ",in[i]);
164 printf("\n");
165 err=3;
166 }
167 }
168 if (err == 0)
169 printf("ecb cast5 ok\n");
170
171#ifdef FULL_TEST
172 {
173 unsigned char out_a[16],out_b[16];
174 static char *hex="0123456789ABCDEF";
175
176 printf("This test will take some time....");
177 fflush(stdout);
178 memcpy(out_a,in_a,sizeof(in_a));
179 memcpy(out_b,in_b,sizeof(in_b));
180 i=1;
181
182 for (l=0; l<1000000L; l++)
183 {
184 CAST_set_key(&key_b,16,out_b);
185 CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
186 CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
187 CAST_set_key(&key,16,out_a);
188 CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
189 CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
190 if ((l & 0xffff) == 0xffff)
191 {
192 printf("%c",hex[i&0x0f]);
193 fflush(stdout);
194 i++;
195 }
196 }
197
198 if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
199 (memcmp(out_b,c_b,sizeof(c_b)) != 0))
200 {
201 printf("\n");
202 printf("Error\n");
203
204 printf("A out =");
205 for (i=0; i<16; i++) printf("%02X ",out_a[i]);
206 printf("\nactual=");
207 for (i=0; i<16; i++) printf("%02X ",c_a[i]);
208 printf("\n");
209
210 printf("B out =");
211 for (i=0; i<16; i++) printf("%02X ",out_b[i]);
212 printf("\nactual=");
213 for (i=0; i<16; i++) printf("%02X ",c_b[i]);
214 printf("\n");
215 }
216 else
217 printf(" ok\n");
218 }
219#endif
220
221 exit(err);
222 }
diff --git a/src/regress/lib/libcrypto/des/Makefile b/src/regress/lib/libcrypto/des/Makefile
new file mode 100644
index 0000000000..cd251bc24c
--- /dev/null
+++ b/src/regress/lib/libcrypto/des/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= destest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/des/destest.c b/src/regress/lib/libcrypto/des/destest.c
new file mode 100644
index 0000000000..940c0ae92e
--- /dev/null
+++ b/src/regress/lib/libcrypto/des/destest.c
@@ -0,0 +1,884 @@
1/* crypto/des/destest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61
62#include <unistd.h>
63#include <string.h>
64
65#include <openssl/des.h>
66
67#define crypt(c,s) (DES_crypt((c),(s)))
68
69/* tisk tisk - the test keys don't all have odd parity :-( */
70/* test data */
71#define NUM_TESTS 34
72static unsigned char key_data[NUM_TESTS][8]={
73 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
74 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
75 {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
76 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
77 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
78 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
79 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
80 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
81 {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
82 {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
83 {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
84 {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
85 {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
86 {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
87 {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
88 {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
89 {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
90 {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
91 {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
92 {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
93 {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
94 {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
95 {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
96 {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
97 {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
98 {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
99 {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
100 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
101 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
102 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
103 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
104 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
105 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
106 {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
107
108static unsigned char plain_data[NUM_TESTS][8]={
109 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
110 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
111 {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
112 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
113 {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
114 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
115 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
116 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
117 {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
118 {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
119 {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
120 {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
121 {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
122 {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
123 {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
124 {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
125 {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
126 {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
127 {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
128 {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
129 {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
130 {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
131 {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
132 {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
133 {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
134 {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
135 {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
136 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
137 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
138 {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
139 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
140 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
141 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
142 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
143
144static unsigned char cipher_data[NUM_TESTS][8]={
145 {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
146 {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
147 {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
148 {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
149 {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
150 {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
151 {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
152 {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
153 {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
154 {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
155 {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
156 {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
157 {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
158 {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
159 {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
160 {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
161 {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
162 {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
163 {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
164 {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
165 {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
166 {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
167 {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
168 {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
169 {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
170 {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
171 {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
172 {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
173 {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
174 {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
175 {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
176 {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
177 {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
178 {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
179
180static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
181 {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
182 {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
183 {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
184 {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
185 {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
186 {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
187 {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
188 {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
189 {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
190 {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
191 {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
192 {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
193 {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
194 {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
195 {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
196 {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
197 {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
198 {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
199 {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
200 {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
201 {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
202 {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
203 {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
204 {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
205 {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
206 {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
207 {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
208 {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
209 {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
210 {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
211 {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
212 {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
213 {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
214
215static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
216static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
217static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
218static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
219/* Changed the following text constant to binary so it will work on ebcdic
220 * machines :-) */
221/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
222static unsigned char cbc_data[40]={
223 0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
224 0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
225 0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
226 0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
227 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
228 };
229
230static unsigned char cbc_ok[32]={
231 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
232 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
233 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
234 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
235
236#ifdef SCREW_THE_PARITY
237#error "SCREW_THE_PARITY is not ment to be defined."
238#error "Original vectors are preserved for reference only."
239static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
240static unsigned char xcbc_ok[32]={
241 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
242 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
243 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
244 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
245 };
246#else
247static unsigned char xcbc_ok[32]={
248 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
249 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
250 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
251 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
252 };
253#endif
254
255static unsigned char cbc3_ok[32]={
256 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
257 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
258 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
259 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
260
261static unsigned char pcbc_ok[32]={
262 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
263 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
264 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
265 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
266
267static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
268static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
269static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
270static unsigned char plain[24]=
271 {
272 0x4e,0x6f,0x77,0x20,0x69,0x73,
273 0x20,0x74,0x68,0x65,0x20,0x74,
274 0x69,0x6d,0x65,0x20,0x66,0x6f,
275 0x72,0x20,0x61,0x6c,0x6c,0x20
276 };
277static unsigned char cfb_cipher8[24]= {
278 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
279 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
280static unsigned char cfb_cipher16[24]={
281 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
282 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
283static unsigned char cfb_cipher32[24]={
284 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
285 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
286static unsigned char cfb_cipher48[24]={
287 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
288 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
289static unsigned char cfb_cipher64[24]={
290 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
291 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
292
293static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
294static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
295static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
296static unsigned char ofb_cipher[24]=
297 {
298 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
299 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
300 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
301 };
302
303#if 0
304static DES_LONG cbc_cksum_ret=0xB462FEF7L;
305#else
306static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
307#endif
308static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
309
310static char *pt(unsigned char *p);
311static int cfb_test(int bits, unsigned char *cfb_cipher);
312static int cfb64_test(unsigned char *cfb_cipher);
313static int ede_cfb64_test(unsigned char *cfb_cipher);
314int main(int argc, char *argv[])
315 {
316 int j,err=0;
317 unsigned int i;
318 des_cblock in,out,outin,iv3,iv2;
319 des_key_schedule ks,ks2,ks3;
320 unsigned char cbc_in[40];
321 unsigned char cbc_out[40];
322 DES_LONG cs;
323 unsigned char cret[8];
324 DES_LONG lqret[4];
325 int num;
326 char *str;
327
328#ifndef OPENSSL_NO_DESCBCM
329 printf("Doing cbcm\n");
330 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
331 {
332 printf("Key error %d\n",j);
333 err=1;
334 }
335 if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
336 {
337 printf("Key error %d\n",j);
338 err=1;
339 }
340 if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
341 {
342 printf("Key error %d\n",j);
343 err=1;
344 }
345 memset(cbc_out,0,40);
346 memset(cbc_in,0,40);
347 i=strlen((char *)cbc_data)+1;
348 /* i=((i+7)/8)*8; */
349 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
350 memset(iv2,'\0',sizeof iv2);
351
352 DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
353 DES_ENCRYPT);
354 DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
355 &iv3,&iv2,DES_ENCRYPT);
356 /* if (memcmp(cbc_out,cbc3_ok,
357 (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
358 {
359 printf("des_ede3_cbc_encrypt encrypt error\n");
360 err=1;
361 }
362 */
363 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
364 memset(iv2,'\0',sizeof iv2);
365 DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
366 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
367 {
368 unsigned int n;
369
370 printf("des_ede3_cbcm_encrypt decrypt error\n");
371 for(n=0 ; n < i ; ++n)
372 printf(" %02x",cbc_data[n]);
373 printf("\n");
374 for(n=0 ; n < i ; ++n)
375 printf(" %02x",cbc_in[n]);
376 printf("\n");
377 err=1;
378 }
379#endif
380
381 printf("Doing ecb\n");
382 for (i=0; i<NUM_TESTS; i++)
383 {
384 DES_set_key_unchecked(&key_data[i],&ks);
385 memcpy(in,plain_data[i],8);
386 memset(out,0,8);
387 memset(outin,0,8);
388 des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
389 des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
390
391 if (memcmp(out,cipher_data[i],8) != 0)
392 {
393 printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
394 i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
395 pt(out));
396 err=1;
397 }
398 if (memcmp(in,outin,8) != 0)
399 {
400 printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
401 i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
402 err=1;
403 }
404 }
405
406 printf("Doing ede ecb\n");
407 for (i=0; i<(NUM_TESTS-2); i++)
408 {
409 DES_set_key_unchecked(&key_data[i],&ks);
410 DES_set_key_unchecked(&key_data[i+1],&ks2);
411 DES_set_key_unchecked(&key_data[i+2],&ks3);
412 memcpy(in,plain_data[i],8);
413 memset(out,0,8);
414 memset(outin,0,8);
415 des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
416 des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
417
418 if (memcmp(out,cipher_ecb2[i],8) != 0)
419 {
420 printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
421 i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
422 pt(out));
423 err=1;
424 }
425 if (memcmp(in,outin,8) != 0)
426 {
427 printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
428 i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
429 err=1;
430 }
431 }
432
433 printf("Doing cbc\n");
434 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
435 {
436 printf("Key error %d\n",j);
437 err=1;
438 }
439 memset(cbc_out,0,40);
440 memset(cbc_in,0,40);
441 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
442 des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
443 &iv3,DES_ENCRYPT);
444 if (memcmp(cbc_out,cbc_ok,32) != 0)
445 {
446 printf("cbc_encrypt encrypt error\n");
447 err=1;
448 }
449
450 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
451 des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
452 &iv3,DES_DECRYPT);
453 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
454 {
455 printf("cbc_encrypt decrypt error\n");
456 err=1;
457 }
458
459 printf("Doing desx cbc\n");
460 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
461 {
462 printf("Key error %d\n",j);
463 err=1;
464 }
465 memset(cbc_out,0,40);
466 memset(cbc_in,0,40);
467 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
468 des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
469 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
470 if (memcmp(cbc_out,xcbc_ok,32) != 0)
471 {
472 printf("des_xcbc_encrypt encrypt error\n");
473 err=1;
474 }
475 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
476 des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
477 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
478 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
479 {
480 printf("des_xcbc_encrypt decrypt error\n");
481 err=1;
482 }
483
484 printf("Doing ede cbc\n");
485 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
486 {
487 printf("Key error %d\n",j);
488 err=1;
489 }
490 if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
491 {
492 printf("Key error %d\n",j);
493 err=1;
494 }
495 if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
496 {
497 printf("Key error %d\n",j);
498 err=1;
499 }
500 memset(cbc_out,0,40);
501 memset(cbc_in,0,40);
502 i=strlen((char *)cbc_data)+1;
503 /* i=((i+7)/8)*8; */
504 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
505
506 des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
507 DES_ENCRYPT);
508 des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
509 &iv3,DES_ENCRYPT);
510 if (memcmp(cbc_out,cbc3_ok,
511 (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
512 {
513 unsigned int n;
514
515 printf("des_ede3_cbc_encrypt encrypt error\n");
516 for(n=0 ; n < i ; ++n)
517 printf(" %02x",cbc_out[n]);
518 printf("\n");
519 for(n=0 ; n < i ; ++n)
520 printf(" %02x",cbc3_ok[n]);
521 printf("\n");
522 err=1;
523 }
524
525 memcpy(iv3,cbc_iv,sizeof(cbc_iv));
526 des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
527 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
528 {
529 unsigned int n;
530
531 printf("des_ede3_cbc_encrypt decrypt error\n");
532 for(n=0 ; n < i ; ++n)
533 printf(" %02x",cbc_data[n]);
534 printf("\n");
535 for(n=0 ; n < i ; ++n)
536 printf(" %02x",cbc_in[n]);
537 printf("\n");
538 err=1;
539 }
540
541 printf("Doing pcbc\n");
542 if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
543 {
544 printf("Key error %d\n",j);
545 err=1;
546 }
547 memset(cbc_out,0,40);
548 memset(cbc_in,0,40);
549 des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
550 &cbc_iv,DES_ENCRYPT);
551 if (memcmp(cbc_out,pcbc_ok,32) != 0)
552 {
553 printf("pcbc_encrypt encrypt error\n");
554 err=1;
555 }
556 des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
557 DES_DECRYPT);
558 if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
559 {
560 printf("pcbc_encrypt decrypt error\n");
561 err=1;
562 }
563
564 printf("Doing ");
565 printf("cfb8 ");
566 err+=cfb_test(8,cfb_cipher8);
567 printf("cfb16 ");
568 err+=cfb_test(16,cfb_cipher16);
569 printf("cfb32 ");
570 err+=cfb_test(32,cfb_cipher32);
571 printf("cfb48 ");
572 err+=cfb_test(48,cfb_cipher48);
573 printf("cfb64 ");
574 err+=cfb_test(64,cfb_cipher64);
575
576 printf("cfb64() ");
577 err+=cfb64_test(cfb_cipher64);
578
579 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
580 for (i=0; i<sizeof(plain); i++)
581 des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
582 8,1,ks,&cfb_tmp,DES_ENCRYPT);
583 if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
584 {
585 printf("cfb_encrypt small encrypt error\n");
586 err=1;
587 }
588
589 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
590 for (i=0; i<sizeof(plain); i++)
591 des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
592 8,1,ks,&cfb_tmp,DES_DECRYPT);
593 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
594 {
595 printf("cfb_encrypt small decrypt error\n");
596 err=1;
597 }
598
599 printf("ede_cfb64() ");
600 err+=ede_cfb64_test(cfb_cipher64);
601
602 printf("done\n");
603
604 printf("Doing ofb\n");
605 DES_set_key_checked(&ofb_key,&ks);
606 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
607 des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
608 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
609 {
610 printf("ofb_encrypt encrypt error\n");
611printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
612ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
613ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
614printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
615ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
616ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
617 err=1;
618 }
619 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
620 des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
621 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
622 {
623 printf("ofb_encrypt decrypt error\n");
624printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
625ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
626ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
627printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
628plain[8+0], plain[8+1], plain[8+2], plain[8+3],
629plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
630 err=1;
631 }
632
633 printf("Doing ofb64\n");
634 DES_set_key_checked(&ofb_key,&ks);
635 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
636 memset(ofb_buf1,0,sizeof(ofb_buf1));
637 memset(ofb_buf2,0,sizeof(ofb_buf1));
638 num=0;
639 for (i=0; i<sizeof(plain); i++)
640 {
641 des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
642 &num);
643 }
644 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
645 {
646 printf("ofb64_encrypt encrypt error\n");
647 err=1;
648 }
649 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
650 num=0;
651 des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
652 &num);
653 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
654 {
655 printf("ofb64_encrypt decrypt error\n");
656 err=1;
657 }
658
659 printf("Doing ede_ofb64\n");
660 DES_set_key_checked(&ofb_key,&ks);
661 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
662 memset(ofb_buf1,0,sizeof(ofb_buf1));
663 memset(ofb_buf2,0,sizeof(ofb_buf1));
664 num=0;
665 for (i=0; i<sizeof(plain); i++)
666 {
667 des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
668 ks,&ofb_tmp,&num);
669 }
670 if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
671 {
672 printf("ede_ofb64_encrypt encrypt error\n");
673 err=1;
674 }
675 memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
676 num=0;
677 des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
678 &ofb_tmp,&num);
679 if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
680 {
681 printf("ede_ofb64_encrypt decrypt error\n");
682 err=1;
683 }
684
685 printf("Doing cbc_cksum\n");
686 DES_set_key_checked(&cbc_key,&ks);
687 cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
688 if (cs != cbc_cksum_ret)
689 {
690 printf("bad return value (%08lX), should be %08lX\n",
691 (unsigned long)cs,(unsigned long)cbc_cksum_ret);
692 err=1;
693 }
694 if (memcmp(cret,cbc_cksum_data,8) != 0)
695 {
696 printf("bad cbc_cksum block returned\n");
697 err=1;
698 }
699
700 printf("Doing quad_cksum\n");
701 cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
702 (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
703 if (cs != 0x70d7a63aL)
704 {
705 printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
706 (unsigned long)cs);
707 err=1;
708 }
709 if (lqret[0] != 0x327eba8dL)
710 {
711 printf("quad_cksum error, out[0] %08lx is not %08lx\n",
712 (unsigned long)lqret[0],0x327eba8dUL);
713 err=1;
714 }
715 if (lqret[1] != 0x201a49ccL)
716 {
717 printf("quad_cksum error, out[1] %08lx is not %08lx\n",
718 (unsigned long)lqret[1],0x201a49ccUL);
719 err=1;
720 }
721 if (lqret[2] != 0x70d7a63aL)
722 {
723 printf("quad_cksum error, out[2] %08lx is not %08lx\n",
724 (unsigned long)lqret[2],0x70d7a63aUL);
725 err=1;
726 }
727 if (lqret[3] != 0x501c2c26L)
728 {
729 printf("quad_cksum error, out[3] %08lx is not %08lx\n",
730 (unsigned long)lqret[3],0x501c2c26UL);
731 err=1;
732 }
733
734 printf("input word alignment test");
735 for (i=0; i<4; i++)
736 {
737 printf(" %d",i);
738 des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
739 strlen((char *)cbc_data)+1,ks,
740 &cbc_iv,DES_ENCRYPT);
741 }
742 printf("\noutput word alignment test");
743 for (i=0; i<4; i++)
744 {
745 printf(" %d",i);
746 des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
747 strlen((char *)cbc_data)+1,ks,
748 &cbc_iv,DES_ENCRYPT);
749 }
750 printf("\n");
751 printf("fast crypt test ");
752 str=crypt("testing","ef");
753 if (strcmp("efGnQx2725bI2",str) != 0)
754 {
755 printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
756 err=1;
757 }
758 str=crypt("bca76;23","yA");
759 if (strcmp("yA1Rp/1hZXIJk",str) != 0)
760 {
761 printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
762 err=1;
763 }
764 printf("\n");
765 return(err);
766 }
767
768static char *pt(unsigned char *p)
769 {
770 static char bufs[10][20];
771 static int bnum=0;
772 char *ret;
773 int i;
774 static char *f="0123456789ABCDEF";
775
776 ret= &(bufs[bnum++][0]);
777 bnum%=10;
778 for (i=0; i<8; i++)
779 {
780 ret[i*2]=f[(p[i]>>4)&0xf];
781 ret[i*2+1]=f[p[i]&0xf];
782 }
783 ret[16]='\0';
784 return(ret);
785 }
786
787static int cfb_test(int bits, unsigned char *cfb_cipher)
788 {
789 des_key_schedule ks;
790 int i,err=0;
791
792 DES_set_key_checked(&cfb_key,&ks);
793 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
794 des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
795 DES_ENCRYPT);
796 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
797 {
798 err=1;
799 printf("cfb_encrypt encrypt error\n");
800 for (i=0; i<24; i+=8)
801 printf("%s\n",pt(&(cfb_buf1[i])));
802 }
803 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
804 des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
805 DES_DECRYPT);
806 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
807 {
808 err=1;
809 printf("cfb_encrypt decrypt error\n");
810 for (i=0; i<24; i+=8)
811 printf("%s\n",pt(&(cfb_buf1[i])));
812 }
813 return(err);
814 }
815
816static int cfb64_test(unsigned char *cfb_cipher)
817 {
818 des_key_schedule ks;
819 int err=0,i,n;
820
821 DES_set_key_checked(&cfb_key,&ks);
822 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
823 n=0;
824 des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
825 des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
826 &cfb_tmp,&n,DES_ENCRYPT);
827 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
828 {
829 err=1;
830 printf("cfb_encrypt encrypt error\n");
831 for (i=0; i<24; i+=8)
832 printf("%s\n",pt(&(cfb_buf1[i])));
833 }
834 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
835 n=0;
836 des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
837 des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
838 sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
839 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
840 {
841 err=1;
842 printf("cfb_encrypt decrypt error\n");
843 for (i=0; i<24; i+=8)
844 printf("%s\n",pt(&(cfb_buf2[i])));
845 }
846 return(err);
847 }
848
849static int ede_cfb64_test(unsigned char *cfb_cipher)
850 {
851 des_key_schedule ks;
852 int err=0,i,n;
853
854 DES_set_key_checked(&cfb_key,&ks);
855 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
856 n=0;
857 des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
858 DES_ENCRYPT);
859 des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
860 sizeof(plain)-12,ks,ks,ks,
861 &cfb_tmp,&n,DES_ENCRYPT);
862 if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
863 {
864 err=1;
865 printf("ede_cfb_encrypt encrypt error\n");
866 for (i=0; i<24; i+=8)
867 printf("%s\n",pt(&(cfb_buf1[i])));
868 }
869 memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
870 n=0;
871 des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
872 &cfb_tmp,&n,DES_DECRYPT);
873 des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
874 sizeof(plain)-17,ks,ks,ks,
875 &cfb_tmp,&n,DES_DECRYPT);
876 if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
877 {
878 err=1;
879 printf("ede_cfb_encrypt decrypt error\n");
880 for (i=0; i<24; i+=8)
881 printf("%s\n",pt(&(cfb_buf2[i])));
882 }
883 return(err);
884 }
diff --git a/src/regress/lib/libcrypto/dh/Makefile b/src/regress/lib/libcrypto/dh/Makefile
new file mode 100644
index 0000000000..d4af5ed57e
--- /dev/null
+++ b/src/regress/lib/libcrypto/dh/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= dhtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/dh/dhtest.c b/src/regress/lib/libcrypto/dh/dhtest.c
new file mode 100644
index 0000000000..916d7aeff0
--- /dev/null
+++ b/src/regress/lib/libcrypto/dh/dhtest.c
@@ -0,0 +1,195 @@
1/* crypto/dh/dhtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68
69#include <openssl/crypto.h>
70#include <openssl/bio.h>
71#include <openssl/bn.h>
72#include <openssl/rand.h>
73#include <openssl/err.h>
74
75#include <openssl/dh.h>
76
77static int cb(int p, int n, BN_GENCB *arg);
78
79int main(int argc, char *argv[])
80 {
81 BN_GENCB _cb;
82 DH *a;
83 DH *b=NULL;
84 char buf[12];
85 unsigned char *abuf=NULL,*bbuf=NULL;
86 int i,alen,blen,aout,bout,ret=1;
87 BIO *out;
88
89 CRYPTO_malloc_debug_init();
90 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
91 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
92
93 out=BIO_new(BIO_s_file());
94 if (out == NULL) exit(1);
95 BIO_set_fp(out,stdout,BIO_NOCLOSE);
96
97 BN_GENCB_set(&_cb, &cb, out);
98 if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
99 DH_GENERATOR_5, &_cb))
100 goto err;
101
102 if (!DH_check(a, &i)) goto err;
103 if (i & DH_CHECK_P_NOT_PRIME)
104 BIO_puts(out, "p value is not prime\n");
105 if (i & DH_CHECK_P_NOT_SAFE_PRIME)
106 BIO_puts(out, "p value is not a safe prime\n");
107 if (i & DH_UNABLE_TO_CHECK_GENERATOR)
108 BIO_puts(out, "unable to check the generator value\n");
109 if (i & DH_NOT_SUITABLE_GENERATOR)
110 BIO_puts(out, "the g value is not a generator\n");
111
112 BIO_puts(out,"\np =");
113 BN_print(out,a->p);
114 BIO_puts(out,"\ng =");
115 BN_print(out,a->g);
116 BIO_puts(out,"\n");
117
118 b=DH_new();
119 if (b == NULL) goto err;
120
121 b->p=BN_dup(a->p);
122 b->g=BN_dup(a->g);
123 if ((b->p == NULL) || (b->g == NULL)) goto err;
124
125 /* Set a to run with normal modexp and b to use constant time */
126 a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
127 b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
128
129 if (!DH_generate_key(a)) goto err;
130 BIO_puts(out,"pri 1=");
131 BN_print(out,a->priv_key);
132 BIO_puts(out,"\npub 1=");
133 BN_print(out,a->pub_key);
134 BIO_puts(out,"\n");
135
136 if (!DH_generate_key(b)) goto err;
137 BIO_puts(out,"pri 2=");
138 BN_print(out,b->priv_key);
139 BIO_puts(out,"\npub 2=");
140 BN_print(out,b->pub_key);
141 BIO_puts(out,"\n");
142
143 alen=DH_size(a);
144 abuf=(unsigned char *)OPENSSL_malloc(alen);
145 aout=DH_compute_key(abuf,b->pub_key,a);
146
147 BIO_puts(out,"key1 =");
148 for (i=0; i<aout; i++)
149 {
150 snprintf(buf,sizeof buf,"%02X",abuf[i]);
151 BIO_puts(out,buf);
152 }
153 BIO_puts(out,"\n");
154
155 blen=DH_size(b);
156 bbuf=(unsigned char *)OPENSSL_malloc(blen);
157 bout=DH_compute_key(bbuf,a->pub_key,b);
158
159 BIO_puts(out,"key2 =");
160 for (i=0; i<bout; i++)
161 {
162 snprintf(buf,sizeof buf,"%02X",bbuf[i]);
163 BIO_puts(out,buf);
164 }
165 BIO_puts(out,"\n");
166 if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
167 {
168 fprintf(stderr,"Error in DH routines\n");
169 ret=1;
170 }
171 else
172 ret=0;
173err:
174 ERR_print_errors_fp(stderr);
175
176 if (abuf != NULL) OPENSSL_free(abuf);
177 if (bbuf != NULL) OPENSSL_free(bbuf);
178 if(b != NULL) DH_free(b);
179 if(a != NULL) DH_free(a);
180 BIO_free(out);
181 exit(ret);
182 }
183
184static int cb(int p, int n, BN_GENCB *arg)
185 {
186 char c='*';
187
188 if (p == 0) c='.';
189 if (p == 1) c='+';
190 if (p == 2) c='*';
191 if (p == 3) c='\n';
192 BIO_write(arg->arg,&c,1);
193 (void)BIO_flush(arg->arg);
194 return 1;
195 }
diff --git a/src/regress/lib/libcrypto/dsa/Makefile b/src/regress/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..cce7c3b0f6
--- /dev/null
+++ b/src/regress/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,13 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= dsatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7REGRESS_TARGETS=regress-dsatest
8
9regress-dsatest: ${PROG}
10 ./${PROG}
11 ./${PROG} -app2_1
12
13.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/dsa/dsatest.c b/src/regress/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..3131f429e2
--- /dev/null
+++ b/src/regress/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,236 @@
1/* crypto/dsa/dsatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Until the key-gen callbacks are modified to use newer prototypes, we allow
60 * deprecated functions for openssl-internal code */
61#ifdef OPENSSL_NO_DEPRECATED
62#undef OPENSSL_NO_DEPRECATED
63#endif
64
65#include <stdio.h>
66#include <stdlib.h>
67#include <string.h>
68#include <sys/types.h>
69#include <sys/stat.h>
70
71#include <openssl/crypto.h>
72#include <openssl/rand.h>
73#include <openssl/bio.h>
74#include <openssl/err.h>
75#include <openssl/bn.h>
76
77#include <openssl/dsa.h>
78
79static int dsa_cb(int p, int n, BN_GENCB *arg);
80
81/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
82 * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
83static unsigned char seed[20]={
84 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
85 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
86 };
87
88static unsigned char out_p[]={
89 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
90 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
91 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
92 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
93 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
94 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
95 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
96 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
97 };
98
99static unsigned char out_q[]={
100 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
101 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
102 0xda,0xce,0x91,0x5f,
103 };
104
105static unsigned char out_g[]={
106 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
107 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
108 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
109 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
110 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
111 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
112 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
113 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
114 };
115
116static const unsigned char str1[]="12345678901234567890";
117
118static BIO *bio_err=NULL;
119
120int main(int argc, char **argv)
121 {
122 BN_GENCB cb;
123 DSA *dsa=NULL;
124 int counter,ret=0,i,j;
125 unsigned char buf[256];
126 unsigned long h;
127 unsigned char sig[256];
128 unsigned int siglen;
129
130 if (bio_err == NULL)
131 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
132
133 CRYPTO_malloc_debug_init();
134 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
135 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
136
137 ERR_load_crypto_strings();
138
139 BIO_printf(bio_err,"test generation of DSA parameters\n");
140
141 BN_GENCB_set(&cb, dsa_cb, bio_err);
142 if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
143 seed, 20, &counter, &h, &cb))
144 goto end;
145
146 BIO_printf(bio_err,"seed\n");
147 for (i=0; i<20; i+=4)
148 {
149 BIO_printf(bio_err,"%02X%02X%02X%02X ",
150 seed[i],seed[i+1],seed[i+2],seed[i+3]);
151 }
152 BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
153
154 DSA_print(bio_err,dsa,0);
155 if (counter != 105)
156 {
157 BIO_printf(bio_err,"counter should be 105\n");
158 goto end;
159 }
160 if (h != 2)
161 {
162 BIO_printf(bio_err,"h should be 2\n");
163 goto end;
164 }
165
166 i=BN_bn2bin(dsa->q,buf);
167 j=sizeof(out_q);
168 if ((i != j) || (memcmp(buf,out_q,i) != 0))
169 {
170 BIO_printf(bio_err,"q value is wrong\n");
171 goto end;
172 }
173
174 i=BN_bn2bin(dsa->p,buf);
175 j=sizeof(out_p);
176 if ((i != j) || (memcmp(buf,out_p,i) != 0))
177 {
178 BIO_printf(bio_err,"p value is wrong\n");
179 goto end;
180 }
181
182 i=BN_bn2bin(dsa->g,buf);
183 j=sizeof(out_g);
184 if ((i != j) || (memcmp(buf,out_g,i) != 0))
185 {
186 BIO_printf(bio_err,"g value is wrong\n");
187 goto end;
188 }
189
190 dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
191 DSA_generate_key(dsa);
192 DSA_sign(0, str1, 20, sig, &siglen, dsa);
193 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
194 ret=1;
195
196 dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
197 DSA_generate_key(dsa);
198 DSA_sign(0, str1, 20, sig, &siglen, dsa);
199 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
200 ret=1;
201
202end:
203 if (!ret)
204 ERR_print_errors(bio_err);
205 if (dsa != NULL) DSA_free(dsa);
206 CRYPTO_cleanup_all_ex_data();
207 ERR_remove_thread_state(NULL);
208 ERR_free_strings();
209 CRYPTO_mem_leaks(bio_err);
210 if (bio_err != NULL)
211 {
212 BIO_free(bio_err);
213 bio_err = NULL;
214 }
215 exit(!ret);
216 }
217
218static int dsa_cb(int p, int n, BN_GENCB *arg)
219 {
220 char c='*';
221 static int ok=0,num=0;
222
223 if (p == 0) { c='.'; num++; };
224 if (p == 1) c='+';
225 if (p == 2) { c='*'; ok++; }
226 if (p == 3) c='\n';
227 BIO_write(arg->arg,&c,1);
228 (void)BIO_flush(arg->arg);
229
230 if (!ok && (p == 0) && (num > 1))
231 {
232 BIO_printf((BIO *)arg,"error in dsatest\n");
233 return 0;
234 }
235 return 1;
236 }
diff --git a/src/regress/lib/libcrypto/ec/Makefile b/src/regress/lib/libcrypto/ec/Makefile
new file mode 100644
index 0000000000..f6dbef5b9b
--- /dev/null
+++ b/src/regress/lib/libcrypto/ec/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
2
3PROG= ectest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ec/ectest.c b/src/regress/lib/libcrypto/ec/ectest.c
new file mode 100644
index 0000000000..e3028881e0
--- /dev/null
+++ b/src/regress/lib/libcrypto/ec/ectest.c
@@ -0,0 +1,1328 @@
1/* crypto/ec/ectest.c */
2/*
3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * openssl-core@openssl.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72#include <stdio.h>
73#include <stdlib.h>
74#include <string.h>
75#include <time.h>
76
77#include <openssl/ec.h>
78#ifndef OPENSSL_NO_ENGINE
79#include <openssl/engine.h>
80#endif
81#include <openssl/err.h>
82#include <openssl/obj_mac.h>
83#include <openssl/objects.h>
84#include <openssl/rand.h>
85#include <openssl/bn.h>
86#include <openssl/opensslconf.h>
87
88#define ABORT do { \
89 fflush(stdout); \
90 fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
91 ERR_print_errors_fp(stderr); \
92 exit(1); \
93} while (0)
94
95#define TIMING_BASE_PT 0
96#define TIMING_RAND_PT 1
97#define TIMING_SIMUL 2
98
99/* test multiplication with group order, long and negative scalars */
100static void group_order_tests(EC_GROUP *group)
101 {
102 BIGNUM *n1, *n2, *order;
103 EC_POINT *P = EC_POINT_new(group);
104 EC_POINT *Q = EC_POINT_new(group);
105 BN_CTX *ctx = BN_CTX_new();
106
107 n1 = BN_new(); n2 = BN_new(); order = BN_new();
108 fprintf(stdout, "verify group order ...");
109 fflush(stdout);
110 if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
111 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
112 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
113 fprintf(stdout, ".");
114 fflush(stdout);
115 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
116 if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
117 if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
118 fprintf(stdout, " ok\n");
119 fprintf(stdout, "long/negative scalar tests ... ");
120 if (!BN_one(n1)) ABORT;
121 /* n1 = 1 - order */
122 if (!BN_sub(n1, n1, order)) ABORT;
123 if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
124 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
125 /* n2 = 1 + order */
126 if (!BN_add(n2, order, BN_value_one())) ABORT;
127 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
128 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
129 /* n2 = (1 - order) * (1 + order) */
130 if (!BN_mul(n2, n1, n2, ctx)) ABORT;
131 if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
132 if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
133 fprintf(stdout, "ok\n");
134 EC_POINT_free(P);
135 EC_POINT_free(Q);
136 BN_free(n1);
137 BN_free(n2);
138 BN_free(order);
139 BN_CTX_free(ctx);
140 }
141
142static void prime_field_tests(void)
143 {
144 BN_CTX *ctx = NULL;
145 BIGNUM *p, *a, *b;
146 EC_GROUP *group;
147 EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
148 EC_POINT *P, *Q, *R;
149 BIGNUM *x, *y, *z;
150 unsigned char buf[100];
151 size_t i, len;
152 int k;
153
154#if 1 /* optional */
155 ctx = BN_CTX_new();
156 if (!ctx) ABORT;
157#endif
158
159 p = BN_new();
160 a = BN_new();
161 b = BN_new();
162 if (!p || !a || !b) ABORT;
163
164 if (!BN_hex2bn(&p, "17")) ABORT;
165 if (!BN_hex2bn(&a, "1")) ABORT;
166 if (!BN_hex2bn(&b, "1")) ABORT;
167
168 group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
169 * so that the library gets to choose the EC_METHOD */
170 if (!group) ABORT;
171
172 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
173
174 {
175 EC_GROUP *tmp;
176 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
177 if (!tmp) ABORT;
178 if (!EC_GROUP_copy(tmp, group)) ABORT;
179 EC_GROUP_free(group);
180 group = tmp;
181 }
182
183 if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
184
185 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
186 BN_print_fp(stdout, p);
187 fprintf(stdout, ")\n a = 0x");
188 BN_print_fp(stdout, a);
189 fprintf(stdout, "\n b = 0x");
190 BN_print_fp(stdout, b);
191 fprintf(stdout, "\n");
192
193 P = EC_POINT_new(group);
194 Q = EC_POINT_new(group);
195 R = EC_POINT_new(group);
196 if (!P || !Q || !R) ABORT;
197
198 if (!EC_POINT_set_to_infinity(group, P)) ABORT;
199 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
200
201 buf[0] = 0;
202 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
203
204 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
205 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
206
207 x = BN_new();
208 y = BN_new();
209 z = BN_new();
210 if (!x || !y || !z) ABORT;
211
212 if (!BN_hex2bn(&x, "D")) ABORT;
213 if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
214 if (!EC_POINT_is_on_curve(group, Q, ctx))
215 {
216 if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
217 fprintf(stderr, "Point is not on curve: x = 0x");
218 BN_print_fp(stderr, x);
219 fprintf(stderr, ", y = 0x");
220 BN_print_fp(stderr, y);
221 fprintf(stderr, "\n");
222 ABORT;
223 }
224
225 fprintf(stdout, "A cyclic subgroup:\n");
226 k = 100;
227 do
228 {
229 if (k-- == 0) ABORT;
230
231 if (EC_POINT_is_at_infinity(group, P))
232 fprintf(stdout, " point at infinity\n");
233 else
234 {
235 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
236
237 fprintf(stdout, " x = 0x");
238 BN_print_fp(stdout, x);
239 fprintf(stdout, ", y = 0x");
240 BN_print_fp(stdout, y);
241 fprintf(stdout, "\n");
242 }
243
244 if (!EC_POINT_copy(R, P)) ABORT;
245 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
246
247#if 0 /* optional */
248 {
249 EC_POINT *points[3];
250
251 points[0] = R;
252 points[1] = Q;
253 points[2] = P;
254 if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
255 }
256#endif
257
258 }
259 while (!EC_POINT_is_at_infinity(group, P));
260
261 if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
262 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
263
264 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
265 if (len == 0) ABORT;
266 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
267 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
268 fprintf(stdout, "Generator as octet string, compressed form:\n ");
269 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
270
271 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
272 if (len == 0) ABORT;
273 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
274 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
275 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
276 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
277
278 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
279 if (len == 0) ABORT;
280 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
281 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
282 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
283 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
284
285 if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
286 fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
287 BN_print_fp(stdout, x);
288 fprintf(stdout, ", Y = 0x");
289 BN_print_fp(stdout, y);
290 fprintf(stdout, ", Z = 0x");
291 BN_print_fp(stdout, z);
292 fprintf(stdout, "\n");
293
294 if (!EC_POINT_invert(group, P, ctx)) ABORT;
295 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
296
297
298 /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
299 * -- not a NIST curve, but commonly used */
300
301 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
302 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
303 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
304 if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
305 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
306
307 if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
308 if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
309 if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
310 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
311 if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
312 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
313
314 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
315 fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
316 BN_print_fp(stdout, x);
317 fprintf(stdout, "\n y = 0x");
318 BN_print_fp(stdout, y);
319 fprintf(stdout, "\n");
320 /* G_y value taken from the standard: */
321 if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
322 if (0 != BN_cmp(y, z)) ABORT;
323
324 fprintf(stdout, "verify degree ...");
325 if (EC_GROUP_get_degree(group) != 160) ABORT;
326 fprintf(stdout, " ok\n");
327
328 group_order_tests(group);
329
330 if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
331 if (!EC_GROUP_copy(P_160, group)) ABORT;
332
333
334 /* Curve P-192 (FIPS PUB 186-2, App. 6) */
335
336 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
337 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
338 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
339 if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
340 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
341
342 if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
343 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
344 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
345 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
346 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
347
348 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
349 fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
350 BN_print_fp(stdout, x);
351 fprintf(stdout, "\n y = 0x");
352 BN_print_fp(stdout, y);
353 fprintf(stdout, "\n");
354 /* G_y value taken from the standard: */
355 if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
356 if (0 != BN_cmp(y, z)) ABORT;
357
358 fprintf(stdout, "verify degree ...");
359 if (EC_GROUP_get_degree(group) != 192) ABORT;
360 fprintf(stdout, " ok\n");
361
362 group_order_tests(group);
363
364 if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
365 if (!EC_GROUP_copy(P_192, group)) ABORT;
366
367
368 /* Curve P-224 (FIPS PUB 186-2, App. 6) */
369
370 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
371 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
372 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
373 if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
374 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
375
376 if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
377 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
378 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
379 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
380 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
381
382 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
383 fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
384 BN_print_fp(stdout, x);
385 fprintf(stdout, "\n y = 0x");
386 BN_print_fp(stdout, y);
387 fprintf(stdout, "\n");
388 /* G_y value taken from the standard: */
389 if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
390 if (0 != BN_cmp(y, z)) ABORT;
391
392 fprintf(stdout, "verify degree ...");
393 if (EC_GROUP_get_degree(group) != 224) ABORT;
394 fprintf(stdout, " ok\n");
395
396 group_order_tests(group);
397
398 if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
399 if (!EC_GROUP_copy(P_224, group)) ABORT;
400
401
402 /* Curve P-256 (FIPS PUB 186-2, App. 6) */
403
404 if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
405 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
406 if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
407 if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
408 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
409
410 if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
411 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
412 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
413 if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
414 "84F3B9CAC2FC632551")) ABORT;
415 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
416
417 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
418 fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
419 BN_print_fp(stdout, x);
420 fprintf(stdout, "\n y = 0x");
421 BN_print_fp(stdout, y);
422 fprintf(stdout, "\n");
423 /* G_y value taken from the standard: */
424 if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
425 if (0 != BN_cmp(y, z)) ABORT;
426
427 fprintf(stdout, "verify degree ...");
428 if (EC_GROUP_get_degree(group) != 256) ABORT;
429 fprintf(stdout, " ok\n");
430
431 group_order_tests(group);
432
433 if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
434 if (!EC_GROUP_copy(P_256, group)) ABORT;
435
436
437 /* Curve P-384 (FIPS PUB 186-2, App. 6) */
438
439 if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
440 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
441 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
442 if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
443 "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
444 if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
445 "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
446 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
447
448 if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
449 "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
450 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
451 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
452 if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
453 "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
454 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
455
456 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
457 fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
458 BN_print_fp(stdout, x);
459 fprintf(stdout, "\n y = 0x");
460 BN_print_fp(stdout, y);
461 fprintf(stdout, "\n");
462 /* G_y value taken from the standard: */
463 if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
464 "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
465 if (0 != BN_cmp(y, z)) ABORT;
466
467 fprintf(stdout, "verify degree ...");
468 if (EC_GROUP_get_degree(group) != 384) ABORT;
469 fprintf(stdout, " ok\n");
470
471 group_order_tests(group);
472
473 if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
474 if (!EC_GROUP_copy(P_384, group)) ABORT;
475
476
477 /* Curve P-521 (FIPS PUB 186-2, App. 6) */
478
479 if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
480 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
481 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
482 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
483 if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
484 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
485 "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
486 if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
487 "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
488 "DF883D2C34F1EF451FD46B503F00")) ABORT;
489 if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
490
491 if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
492 "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
493 "3C1856A429BF97E7E31C2E5BD66")) ABORT;
494 if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
495 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
496 if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
497 "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
498 "C9B8899C47AEBB6FB71E91386409")) ABORT;
499 if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
500
501 if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
502 fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
503 BN_print_fp(stdout, x);
504 fprintf(stdout, "\n y = 0x");
505 BN_print_fp(stdout, y);
506 fprintf(stdout, "\n");
507 /* G_y value taken from the standard: */
508 if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
509 "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
510 "7086A272C24088BE94769FD16650")) ABORT;
511 if (0 != BN_cmp(y, z)) ABORT;
512
513 fprintf(stdout, "verify degree ...");
514 if (EC_GROUP_get_degree(group) != 521) ABORT;
515 fprintf(stdout, " ok\n");
516
517 group_order_tests(group);
518
519 if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
520 if (!EC_GROUP_copy(P_521, group)) ABORT;
521
522
523 /* more tests using the last curve */
524
525 if (!EC_POINT_copy(Q, P)) ABORT;
526 if (EC_POINT_is_at_infinity(group, Q)) ABORT;
527 if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
528 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
529 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
530
531 if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
532 if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
533 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
534
535 {
536 const EC_POINT *points[4];
537 const BIGNUM *scalars[4];
538 BIGNUM scalar3;
539
540 if (EC_POINT_is_at_infinity(group, Q)) ABORT;
541 points[0] = Q;
542 points[1] = Q;
543 points[2] = Q;
544 points[3] = Q;
545
546 if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
547 if (!BN_add(y, z, BN_value_one())) ABORT;
548 if (BN_is_odd(y)) ABORT;
549 if (!BN_rshift1(y, y)) ABORT;
550 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
551 scalars[1] = y;
552
553 fprintf(stdout, "combined multiplication ...");
554 fflush(stdout);
555
556 /* z is still the group order */
557 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
558 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
559 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
560 if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
561
562 fprintf(stdout, ".");
563 fflush(stdout);
564
565 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
566 if (!BN_add(z, z, y)) ABORT;
567 BN_set_negative(z, 1);
568 scalars[0] = y;
569 scalars[1] = z; /* z = -(order + y) */
570
571 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
572 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
573
574 fprintf(stdout, ".");
575 fflush(stdout);
576
577 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
578 if (!BN_add(z, x, y)) ABORT;
579 BN_set_negative(z, 1);
580 scalars[0] = x;
581 scalars[1] = y;
582 scalars[2] = z; /* z = -(x+y) */
583
584 BN_init(&scalar3);
585 BN_zero(&scalar3);
586 scalars[3] = &scalar3;
587
588 if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
589 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
590
591 fprintf(stdout, " ok\n\n");
592
593 BN_free(&scalar3);
594 }
595
596
597 if (ctx)
598 BN_CTX_free(ctx);
599 BN_free(p); BN_free(a); BN_free(b);
600 EC_GROUP_free(group);
601 EC_POINT_free(P);
602 EC_POINT_free(Q);
603 EC_POINT_free(R);
604 BN_free(x); BN_free(y); BN_free(z);
605
606 if (P_160) EC_GROUP_free(P_160);
607 if (P_192) EC_GROUP_free(P_192);
608 if (P_224) EC_GROUP_free(P_224);
609 if (P_256) EC_GROUP_free(P_256);
610 if (P_384) EC_GROUP_free(P_384);
611 if (P_521) EC_GROUP_free(P_521);
612
613 }
614
615/* Change test based on whether binary point compression is enabled or not. */
616#ifdef OPENSSL_EC_BIN_PT_COMP
617#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
618 if (!BN_hex2bn(&x, _x)) ABORT; \
619 if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
620 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
621 if (!BN_hex2bn(&z, _order)) ABORT; \
622 if (!BN_hex2bn(&cof, _cof)) ABORT; \
623 if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
624 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
625 fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
626 BN_print_fp(stdout, x); \
627 fprintf(stdout, "\n y = 0x"); \
628 BN_print_fp(stdout, y); \
629 fprintf(stdout, "\n"); \
630 /* G_y value taken from the standard: */ \
631 if (!BN_hex2bn(&z, _y)) ABORT; \
632 if (0 != BN_cmp(y, z)) ABORT;
633#else
634#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
635 if (!BN_hex2bn(&x, _x)) ABORT; \
636 if (!BN_hex2bn(&y, _y)) ABORT; \
637 if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
638 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
639 if (!BN_hex2bn(&z, _order)) ABORT; \
640 if (!BN_hex2bn(&cof, _cof)) ABORT; \
641 if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
642 fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
643 BN_print_fp(stdout, x); \
644 fprintf(stdout, "\n y = 0x"); \
645 BN_print_fp(stdout, y); \
646 fprintf(stdout, "\n");
647#endif
648
649#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
650 if (!BN_hex2bn(&p, _p)) ABORT; \
651 if (!BN_hex2bn(&a, _a)) ABORT; \
652 if (!BN_hex2bn(&b, _b)) ABORT; \
653 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
654 CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
655 fprintf(stdout, "verify degree ..."); \
656 if (EC_GROUP_get_degree(group) != _degree) ABORT; \
657 fprintf(stdout, " ok\n"); \
658 group_order_tests(group); \
659 if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
660 if (!EC_GROUP_copy(_variable, group)) ABORT; \
661
662#ifndef OPENSSL_NO_EC2M
663
664static void char2_field_tests(void)
665 {
666 BN_CTX *ctx = NULL;
667 BIGNUM *p, *a, *b;
668 EC_GROUP *group;
669 EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
670 EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
671 EC_POINT *P, *Q, *R;
672 BIGNUM *x, *y, *z, *cof;
673 unsigned char buf[100];
674 size_t i, len;
675 int k;
676
677#if 1 /* optional */
678 ctx = BN_CTX_new();
679 if (!ctx) ABORT;
680#endif
681
682 p = BN_new();
683 a = BN_new();
684 b = BN_new();
685 if (!p || !a || !b) ABORT;
686
687 if (!BN_hex2bn(&p, "13")) ABORT;
688 if (!BN_hex2bn(&a, "3")) ABORT;
689 if (!BN_hex2bn(&b, "1")) ABORT;
690
691 group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
692 * so that the library gets to choose the EC_METHOD */
693 if (!group) ABORT;
694 if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
695
696 {
697 EC_GROUP *tmp;
698 tmp = EC_GROUP_new(EC_GROUP_method_of(group));
699 if (!tmp) ABORT;
700 if (!EC_GROUP_copy(tmp, group)) ABORT;
701 EC_GROUP_free(group);
702 group = tmp;
703 }
704
705 if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
706
707 fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
708 BN_print_fp(stdout, p);
709 fprintf(stdout, ")\n a = 0x");
710 BN_print_fp(stdout, a);
711 fprintf(stdout, "\n b = 0x");
712 BN_print_fp(stdout, b);
713 fprintf(stdout, "\n(0x... means binary polynomial)\n");
714
715 P = EC_POINT_new(group);
716 Q = EC_POINT_new(group);
717 R = EC_POINT_new(group);
718 if (!P || !Q || !R) ABORT;
719
720 if (!EC_POINT_set_to_infinity(group, P)) ABORT;
721 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
722
723 buf[0] = 0;
724 if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
725
726 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
727 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
728
729 x = BN_new();
730 y = BN_new();
731 z = BN_new();
732 cof = BN_new();
733 if (!x || !y || !z || !cof) ABORT;
734
735 if (!BN_hex2bn(&x, "6")) ABORT;
736/* Change test based on whether binary point compression is enabled or not. */
737#ifdef OPENSSL_EC_BIN_PT_COMP
738 if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
739#else
740 if (!BN_hex2bn(&y, "8")) ABORT;
741 if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
742#endif
743 if (!EC_POINT_is_on_curve(group, Q, ctx))
744 {
745/* Change test based on whether binary point compression is enabled or not. */
746#ifdef OPENSSL_EC_BIN_PT_COMP
747 if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
748#endif
749 fprintf(stderr, "Point is not on curve: x = 0x");
750 BN_print_fp(stderr, x);
751 fprintf(stderr, ", y = 0x");
752 BN_print_fp(stderr, y);
753 fprintf(stderr, "\n");
754 ABORT;
755 }
756
757 fprintf(stdout, "A cyclic subgroup:\n");
758 k = 100;
759 do
760 {
761 if (k-- == 0) ABORT;
762
763 if (EC_POINT_is_at_infinity(group, P))
764 fprintf(stdout, " point at infinity\n");
765 else
766 {
767 if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
768
769 fprintf(stdout, " x = 0x");
770 BN_print_fp(stdout, x);
771 fprintf(stdout, ", y = 0x");
772 BN_print_fp(stdout, y);
773 fprintf(stdout, "\n");
774 }
775
776 if (!EC_POINT_copy(R, P)) ABORT;
777 if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
778 }
779 while (!EC_POINT_is_at_infinity(group, P));
780
781 if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
782 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
783
784/* Change test based on whether binary point compression is enabled or not. */
785#ifdef OPENSSL_EC_BIN_PT_COMP
786 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
787 if (len == 0) ABORT;
788 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
789 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
790 fprintf(stdout, "Generator as octet string, compressed form:\n ");
791 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
792#endif
793
794 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
795 if (len == 0) ABORT;
796 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
797 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
798 fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
799 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
800
801/* Change test based on whether binary point compression is enabled or not. */
802#ifdef OPENSSL_EC_BIN_PT_COMP
803 len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
804 if (len == 0) ABORT;
805 if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
806 if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
807 fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
808 for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
809#endif
810
811 fprintf(stdout, "\n");
812
813 if (!EC_POINT_invert(group, P, ctx)) ABORT;
814 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
815
816
817 /* Curve K-163 (FIPS PUB 186-2, App. 6) */
818 CHAR2_CURVE_TEST
819 (
820 "NIST curve K-163",
821 "0800000000000000000000000000000000000000C9",
822 "1",
823 "1",
824 "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
825 "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
826 1,
827 "04000000000000000000020108A2E0CC0D99F8A5EF",
828 "2",
829 163,
830 C2_K163
831 );
832
833 /* Curve B-163 (FIPS PUB 186-2, App. 6) */
834 CHAR2_CURVE_TEST
835 (
836 "NIST curve B-163",
837 "0800000000000000000000000000000000000000C9",
838 "1",
839 "020A601907B8C953CA1481EB10512F78744A3205FD",
840 "03F0EBA16286A2D57EA0991168D4994637E8343E36",
841 "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
842 1,
843 "040000000000000000000292FE77E70C12A4234C33",
844 "2",
845 163,
846 C2_B163
847 );
848
849 /* Curve K-233 (FIPS PUB 186-2, App. 6) */
850 CHAR2_CURVE_TEST
851 (
852 "NIST curve K-233",
853 "020000000000000000000000000000000000000004000000000000000001",
854 "0",
855 "1",
856 "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
857 "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
858 0,
859 "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
860 "4",
861 233,
862 C2_K233
863 );
864
865 /* Curve B-233 (FIPS PUB 186-2, App. 6) */
866 CHAR2_CURVE_TEST
867 (
868 "NIST curve B-233",
869 "020000000000000000000000000000000000000004000000000000000001",
870 "000000000000000000000000000000000000000000000000000000000001",
871 "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
872 "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
873 "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
874 1,
875 "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
876 "2",
877 233,
878 C2_B233
879 );
880
881 /* Curve K-283 (FIPS PUB 186-2, App. 6) */
882 CHAR2_CURVE_TEST
883 (
884 "NIST curve K-283",
885 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
886 "0",
887 "1",
888 "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
889 "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
890 0,
891 "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
892 "4",
893 283,
894 C2_K283
895 );
896
897 /* Curve B-283 (FIPS PUB 186-2, App. 6) */
898 CHAR2_CURVE_TEST
899 (
900 "NIST curve B-283",
901 "0800000000000000000000000000000000000000000000000000000000000000000010A1",
902 "000000000000000000000000000000000000000000000000000000000000000000000001",
903 "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
904 "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
905 "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
906 1,
907 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
908 "2",
909 283,
910 C2_B283
911 );
912
913 /* Curve K-409 (FIPS PUB 186-2, App. 6) */
914 CHAR2_CURVE_TEST
915 (
916 "NIST curve K-409",
917 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
918 "0",
919 "1",
920 "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
921 "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
922 1,
923 "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
924 "4",
925 409,
926 C2_K409
927 );
928
929 /* Curve B-409 (FIPS PUB 186-2, App. 6) */
930 CHAR2_CURVE_TEST
931 (
932 "NIST curve B-409",
933 "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
934 "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
935 "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
936 "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
937 "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
938 1,
939 "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
940 "2",
941 409,
942 C2_B409
943 );
944
945 /* Curve K-571 (FIPS PUB 186-2, App. 6) */
946 CHAR2_CURVE_TEST
947 (
948 "NIST curve K-571",
949 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
950 "0",
951 "1",
952 "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
953 "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
954 0,
955 "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
956 "4",
957 571,
958 C2_K571
959 );
960
961 /* Curve B-571 (FIPS PUB 186-2, App. 6) */
962 CHAR2_CURVE_TEST
963 (
964 "NIST curve B-571",
965 "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
966 "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
967 "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
968 "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
969 "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
970 1,
971 "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
972 "2",
973 571,
974 C2_B571
975 );
976
977 /* more tests using the last curve */
978
979 if (!EC_POINT_copy(Q, P)) ABORT;
980 if (EC_POINT_is_at_infinity(group, Q)) ABORT;
981 if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
982 if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
983 if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
984
985 if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
986 if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
987 if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
988
989 {
990 const EC_POINT *points[3];
991 const BIGNUM *scalars[3];
992
993 if (EC_POINT_is_at_infinity(group, Q)) ABORT;
994 points[0] = Q;
995 points[1] = Q;
996 points[2] = Q;
997
998 if (!BN_add(y, z, BN_value_one())) ABORT;
999 if (BN_is_odd(y)) ABORT;
1000 if (!BN_rshift1(y, y)) ABORT;
1001 scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
1002 scalars[1] = y;
1003
1004 fprintf(stdout, "combined multiplication ...");
1005 fflush(stdout);
1006
1007 /* z is still the group order */
1008 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
1009 if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
1010 if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
1011 if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
1012
1013 fprintf(stdout, ".");
1014 fflush(stdout);
1015
1016 if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
1017 if (!BN_add(z, z, y)) ABORT;
1018 BN_set_negative(z, 1);
1019 scalars[0] = y;
1020 scalars[1] = z; /* z = -(order + y) */
1021
1022 if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
1023 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
1024
1025 fprintf(stdout, ".");
1026 fflush(stdout);
1027
1028 if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
1029 if (!BN_add(z, x, y)) ABORT;
1030 BN_set_negative(z, 1);
1031 scalars[0] = x;
1032 scalars[1] = y;
1033 scalars[2] = z; /* z = -(x+y) */
1034
1035 if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
1036 if (!EC_POINT_is_at_infinity(group, P)) ABORT;
1037
1038 fprintf(stdout, " ok\n\n");
1039 }
1040
1041
1042 if (ctx)
1043 BN_CTX_free(ctx);
1044 BN_free(p); BN_free(a); BN_free(b);
1045 EC_GROUP_free(group);
1046 EC_POINT_free(P);
1047 EC_POINT_free(Q);
1048 EC_POINT_free(R);
1049 BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
1050
1051 if (C2_K163) EC_GROUP_free(C2_K163);
1052 if (C2_B163) EC_GROUP_free(C2_B163);
1053 if (C2_K233) EC_GROUP_free(C2_K233);
1054 if (C2_B233) EC_GROUP_free(C2_B233);
1055 if (C2_K283) EC_GROUP_free(C2_K283);
1056 if (C2_B283) EC_GROUP_free(C2_B283);
1057 if (C2_K409) EC_GROUP_free(C2_K409);
1058 if (C2_B409) EC_GROUP_free(C2_B409);
1059 if (C2_K571) EC_GROUP_free(C2_K571);
1060 if (C2_B571) EC_GROUP_free(C2_B571);
1061
1062 }
1063#endif
1064
1065static void internal_curve_test(void)
1066 {
1067 EC_builtin_curve *curves = NULL;
1068 size_t crv_len = 0, n = 0;
1069 int ok = 1;
1070
1071 crv_len = EC_get_builtin_curves(NULL, 0);
1072
1073 curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
1074
1075 if (curves == NULL)
1076 return;
1077
1078 if (!EC_get_builtin_curves(curves, crv_len))
1079 {
1080 OPENSSL_free(curves);
1081 return;
1082 }
1083
1084 fprintf(stdout, "testing internal curves: ");
1085
1086 for (n = 0; n < crv_len; n++)
1087 {
1088 EC_GROUP *group = NULL;
1089 int nid = curves[n].nid;
1090 if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
1091 {
1092 ok = 0;
1093 fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
1094 " curve %s\n", OBJ_nid2sn(nid));
1095 /* try next curve */
1096 continue;
1097 }
1098 if (!EC_GROUP_check(group, NULL))
1099 {
1100 ok = 0;
1101 fprintf(stdout, "\nEC_GROUP_check() failed with"
1102 " curve %s\n", OBJ_nid2sn(nid));
1103 EC_GROUP_free(group);
1104 /* try the next curve */
1105 continue;
1106 }
1107 fprintf(stdout, ".");
1108 fflush(stdout);
1109 EC_GROUP_free(group);
1110 }
1111 if (ok)
1112 fprintf(stdout, " ok\n\n");
1113 else
1114 {
1115 fprintf(stdout, " failed\n\n");
1116 ABORT;
1117 }
1118 OPENSSL_free(curves);
1119 return;
1120 }
1121
1122#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1123/* nistp_test_params contains magic numbers for testing our optimized
1124 * implementations of several NIST curves with characteristic > 3. */
1125struct nistp_test_params
1126 {
1127 const EC_METHOD* (*meth) ();
1128 int degree;
1129 /* Qx, Qy and D are taken from
1130 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
1131 * Otherwise, values are standard curve parameters from FIPS 180-3 */
1132 const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
1133 };
1134
1135static const struct nistp_test_params nistp_tests_params[] =
1136 {
1137 {
1138 /* P-224 */
1139 EC_GFp_nistp224_method,
1140 224,
1141 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
1142 "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
1143 "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
1144 "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
1145 "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
1146 "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
1147 "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
1148 "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
1149 "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
1150 },
1151 {
1152 /* P-256 */
1153 EC_GFp_nistp256_method,
1154 256,
1155 "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
1156 "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
1157 "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
1158 "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
1159 "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
1160 "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
1161 "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
1162 "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
1163 "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
1164 },
1165 {
1166 /* P-521 */
1167 EC_GFp_nistp521_method,
1168 521,
1169 "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
1170 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
1171 "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
1172 "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
1173 "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
1174 "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
1175 "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
1176 "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
1177 "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
1178 },
1179 };
1180
1181void nistp_single_test(const struct nistp_test_params *test)
1182 {
1183 BN_CTX *ctx;
1184 BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
1185 EC_GROUP *NISTP;
1186 EC_POINT *G, *P, *Q, *Q_CHECK;
1187
1188 fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
1189 ctx = BN_CTX_new();
1190 p = BN_new();
1191 a = BN_new();
1192 b = BN_new();
1193 x = BN_new(); y = BN_new();
1194 m = BN_new(); n = BN_new(); order = BN_new();
1195
1196 NISTP = EC_GROUP_new(test->meth());
1197 if(!NISTP) ABORT;
1198 if (!BN_hex2bn(&p, test->p)) ABORT;
1199 if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
1200 if (!BN_hex2bn(&a, test->a)) ABORT;
1201 if (!BN_hex2bn(&b, test->b)) ABORT;
1202 if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
1203 G = EC_POINT_new(NISTP);
1204 P = EC_POINT_new(NISTP);
1205 Q = EC_POINT_new(NISTP);
1206 Q_CHECK = EC_POINT_new(NISTP);
1207 if(!BN_hex2bn(&x, test->Qx)) ABORT;
1208 if(!BN_hex2bn(&y, test->Qy)) ABORT;
1209 if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
1210 if (!BN_hex2bn(&x, test->Gx)) ABORT;
1211 if (!BN_hex2bn(&y, test->Gy)) ABORT;
1212 if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
1213 if (!BN_hex2bn(&order, test->order)) ABORT;
1214 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
1215
1216 fprintf(stdout, "verify degree ... ");
1217 if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
1218 fprintf(stdout, "ok\n");
1219
1220 fprintf(stdout, "NIST test vectors ... ");
1221 if (!BN_hex2bn(&n, test->d)) ABORT;
1222 /* fixed point multiplication */
1223 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1224 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1225 /* random point multiplication */
1226 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1227 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1228
1229 /* set generator to P = 2*G, where G is the standard generator */
1230 if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
1231 if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
1232 /* set the scalar to m=n/2, where n is the NIST test scalar */
1233 if (!BN_rshift(m, n, 1)) ABORT;
1234
1235 /* test the non-standard generator */
1236 /* fixed point multiplication */
1237 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1238 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1239 /* random point multiplication */
1240 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1241 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1242
1243 /* now repeat all tests with precomputation */
1244 if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
1245
1246 /* fixed point multiplication */
1247 EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
1248 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1249 /* random point multiplication */
1250 EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
1251 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1252
1253 /* reset generator */
1254 if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
1255 /* fixed point multiplication */
1256 EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
1257 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1258 /* random point multiplication */
1259 EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
1260 if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
1261
1262 fprintf(stdout, "ok\n");
1263 group_order_tests(NISTP);
1264 EC_GROUP_free(NISTP);
1265 EC_POINT_free(G);
1266 EC_POINT_free(P);
1267 EC_POINT_free(Q);
1268 EC_POINT_free(Q_CHECK);
1269 BN_free(n);
1270 BN_free(m);
1271 BN_free(p);
1272 BN_free(a);
1273 BN_free(b);
1274 BN_free(x);
1275 BN_free(y);
1276 BN_free(order);
1277 BN_CTX_free(ctx);
1278 }
1279
1280void nistp_tests()
1281 {
1282 unsigned i;
1283
1284 for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
1285 {
1286 nistp_single_test(&nistp_tests_params[i]);
1287 }
1288 }
1289#endif
1290
1291int main(int argc, char *argv[])
1292 {
1293
1294 /* enable memory leak checking unless explicitly disabled */
1295 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
1296 {
1297 CRYPTO_malloc_debug_init();
1298 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1299 }
1300 else
1301 {
1302 /* OPENSSL_DEBUG_MEMORY=off */
1303 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1304 }
1305 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1306 ERR_load_crypto_strings();
1307
1308 prime_field_tests();
1309 puts("");
1310#ifndef OPENSSL_NO_EC2M
1311 char2_field_tests();
1312#endif
1313#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1314 nistp_tests();
1315#endif
1316 /* test the internal curves */
1317 internal_curve_test();
1318
1319#ifndef OPENSSL_NO_ENGINE
1320 ENGINE_cleanup();
1321#endif
1322 CRYPTO_cleanup_all_ex_data();
1323 ERR_free_strings();
1324 ERR_remove_thread_state(NULL);
1325 CRYPTO_mem_leaks_fp(stderr);
1326
1327 return 0;
1328 }
diff --git a/src/regress/lib/libcrypto/ecdh/Makefile b/src/regress/lib/libcrypto/ecdh/Makefile
new file mode 100644
index 0000000000..5eb18a3205
--- /dev/null
+++ b/src/regress/lib/libcrypto/ecdh/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
2
3PROG= ecdhtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ecdh/ecdhtest.c b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..bf362245bb
--- /dev/null
+++ b/src/regress/lib/libcrypto/ecdh/ecdhtest.c
@@ -0,0 +1,278 @@
1/* crypto/ecdh/ecdhtest.c */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH software is originally written by Douglas Stebila of
13 * Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * openssl-core@openssl.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70#include <stdio.h>
71#include <stdlib.h>
72#include <string.h>
73
74#include <openssl/crypto.h>
75#include <openssl/bio.h>
76#include <openssl/bn.h>
77#include <openssl/objects.h>
78#include <openssl/rand.h>
79#include <openssl/sha.h>
80#include <openssl/err.h>
81
82#include <openssl/ec.h>
83#include <openssl/ecdh.h>
84
85static const int KDF1_SHA1_len = 20;
86static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
87 {
88#ifndef OPENSSL_NO_SHA
89 if (*outlen < SHA_DIGEST_LENGTH)
90 return NULL;
91 else
92 *outlen = SHA_DIGEST_LENGTH;
93 return SHA1(in, inlen, out);
94#else
95 return NULL;
96#endif
97 }
98
99
100static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
101 {
102 EC_KEY *a=NULL;
103 EC_KEY *b=NULL;
104 BIGNUM *x_a=NULL, *y_a=NULL,
105 *x_b=NULL, *y_b=NULL;
106 char buf[12];
107 unsigned char *abuf=NULL,*bbuf=NULL;
108 int i,alen,blen,aout,bout,ret=0;
109 const EC_GROUP *group;
110
111 a = EC_KEY_new_by_curve_name(nid);
112 b = EC_KEY_new_by_curve_name(nid);
113 if (a == NULL || b == NULL)
114 goto err;
115
116 group = EC_KEY_get0_group(a);
117
118 if ((x_a=BN_new()) == NULL) goto err;
119 if ((y_a=BN_new()) == NULL) goto err;
120 if ((x_b=BN_new()) == NULL) goto err;
121 if ((y_b=BN_new()) == NULL) goto err;
122
123 BIO_puts(out,"Testing key generation with ");
124 BIO_puts(out,text);
125 (void)BIO_flush(out);
126
127 if (!EC_KEY_generate_key(a)) goto err;
128
129 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
130 {
131 if (!EC_POINT_get_affine_coordinates_GFp(group,
132 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
133 }
134#ifndef OPENSSL_NO_EC2M
135 else
136 {
137 if (!EC_POINT_get_affine_coordinates_GF2m(group,
138 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
139 }
140#endif
141 BIO_printf(out," .");
142 (void)BIO_flush(out);
143
144 if (!EC_KEY_generate_key(b)) goto err;
145
146 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
147 {
148 if (!EC_POINT_get_affine_coordinates_GFp(group,
149 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
150 }
151#ifndef OPENSSL_NO_EC2M
152 else
153 {
154 if (!EC_POINT_get_affine_coordinates_GF2m(group,
155 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
156 }
157#endif
158
159 BIO_printf(out,".");
160 (void)BIO_flush(out);
161
162 alen=KDF1_SHA1_len;
163 abuf=(unsigned char *)OPENSSL_malloc(alen);
164 aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
165
166 BIO_printf(out,".");
167 (void)BIO_flush(out);
168
169 blen=KDF1_SHA1_len;
170 bbuf=(unsigned char *)OPENSSL_malloc(blen);
171 bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
172
173 BIO_printf(out,".");
174 (void)BIO_flush(out);
175
176 if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
177 {
178 BIO_printf(out, " failed\n\n");
179 BIO_printf(out, "key a:\n");
180 BIO_printf(out, "private key: ");
181 BN_print(out, EC_KEY_get0_private_key(a));
182 BIO_printf(out, "\n");
183 BIO_printf(out, "public key (x,y): ");
184 BN_print(out, x_a);
185 BIO_printf(out, ",");
186 BN_print(out, y_a);
187 BIO_printf(out, "\nkey b:\n");
188 BIO_printf(out, "private key: ");
189 BN_print(out, EC_KEY_get0_private_key(b));
190 BIO_printf(out, "\n");
191 BIO_printf(out, "public key (x,y): ");
192 BN_print(out, x_b);
193 BIO_printf(out, ",");
194 BN_print(out, y_b);
195 BIO_printf(out, "\n");
196 BIO_printf(out, "generated key a: ");
197 for (i=0; i<bout; i++)
198 {
199 snprintf(buf, sizeof buf, "%02X", bbuf[i]);
200 BIO_puts(out, buf);
201 }
202 BIO_printf(out, "\n");
203 BIO_printf(out, "generated key b: ");
204 for (i=0; i<aout; i++)
205 {
206 snprintf(buf, sizeof buf, "%02X", abuf[i]);
207 BIO_puts(out,buf);
208 }
209 BIO_printf(out, "\n");
210 fprintf(stderr,"Error in ECDH routines\n");
211 ret=0;
212 }
213 else
214 {
215 BIO_printf(out, " ok\n");
216 ret=1;
217 }
218err:
219 ERR_print_errors_fp(stderr);
220
221 if (abuf != NULL) OPENSSL_free(abuf);
222 if (bbuf != NULL) OPENSSL_free(bbuf);
223 if (x_a) BN_free(x_a);
224 if (y_a) BN_free(y_a);
225 if (x_b) BN_free(x_b);
226 if (y_b) BN_free(y_b);
227 if (b) EC_KEY_free(b);
228 if (a) EC_KEY_free(a);
229 return(ret);
230 }
231
232int main(int argc, char *argv[])
233 {
234 BN_CTX *ctx=NULL;
235 int ret=1;
236 BIO *out;
237
238 CRYPTO_malloc_debug_init();
239 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
240 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
241
242 out=BIO_new(BIO_s_file());
243 if (out == NULL) exit(1);
244 BIO_set_fp(out,stdout,BIO_NOCLOSE);
245
246 if ((ctx=BN_CTX_new()) == NULL) goto err;
247
248 /* NIST PRIME CURVES TESTS */
249 if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
250 if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
251 if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
252 if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
253 if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
254#ifndef OPENSSL_NO_EC2M
255 /* NIST BINARY CURVES TESTS */
256 if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
257 if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
258 if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
259 if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
260 if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
261 if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
262 if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
263 if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
264 if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
265 if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
266#endif
267
268 ret = 0;
269
270err:
271 ERR_print_errors_fp(stderr);
272 if (ctx) BN_CTX_free(ctx);
273 BIO_free(out);
274 CRYPTO_cleanup_all_ex_data();
275 ERR_remove_thread_state(NULL);
276 CRYPTO_mem_leaks_fp(stderr);
277 exit(ret);
278 }
diff --git a/src/regress/lib/libcrypto/ecdsa/Makefile b/src/regress/lib/libcrypto/ecdsa/Makefile
new file mode 100644
index 0000000000..c171b51e56
--- /dev/null
+++ b/src/regress/lib/libcrypto/ecdsa/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
2
3PROG= ecdsatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ecdsa/ecdsatest.c b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
new file mode 100644
index 0000000000..8dd04e0fd3
--- /dev/null
+++ b/src/regress/lib/libcrypto/ecdsa/ecdsatest.c
@@ -0,0 +1,555 @@
1/* crypto/ecdsa/ecdsatest.c */
2/*
3 * Written by Nils Larsch for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the OpenSSL open source
65 * license provided above.
66 *
67 * The elliptic curve binary polynomial software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
71
72#include <stdio.h>
73#include <stdlib.h>
74#include <string.h>
75
76#include <openssl/crypto.h>
77#include <openssl/bio.h>
78#include <openssl/evp.h>
79#include <openssl/bn.h>
80#include <openssl/ecdsa.h>
81#ifndef OPENSSL_NO_ENGINE
82#include <openssl/engine.h>
83#endif
84#include <openssl/err.h>
85#include <openssl/rand.h>
86
87/* declaration of the test functions */
88int x9_62_tests(BIO *);
89int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
90int test_builtin(BIO *);
91
92/* functions to change the RAND_METHOD */
93int change_rand(void);
94int restore_rand(void);
95int fbytes(unsigned char *buf, int num);
96
97RAND_METHOD fake_rand;
98const RAND_METHOD *old_rand;
99
100int change_rand(void)
101 {
102 /* save old rand method */
103 if ((old_rand = RAND_get_rand_method()) == NULL)
104 return 0;
105
106 fake_rand.seed = old_rand->seed;
107 fake_rand.cleanup = old_rand->cleanup;
108 fake_rand.add = old_rand->add;
109 fake_rand.status = old_rand->status;
110 /* use own random function */
111 fake_rand.bytes = fbytes;
112 fake_rand.pseudorand = old_rand->bytes;
113 /* set new RAND_METHOD */
114 if (!RAND_set_rand_method(&fake_rand))
115 return 0;
116 return 1;
117 }
118
119int restore_rand(void)
120 {
121 if (!RAND_set_rand_method(old_rand))
122 return 0;
123 else
124 return 1;
125 }
126
127static int fbytes_counter = 0;
128static const char *numbers[8] = {
129 "651056770906015076056810763456358567190100156695615665659",
130 "6140507067065001063065065565667405560006161556565665656654",
131 "8763001015071075675010661307616710783570106710677817767166"
132 "71676178726717",
133 "7000000175690566466555057817571571075705015757757057795755"
134 "55657156756655",
135 "1275552191113212300012030439187146164646146646466749494799",
136 "1542725565216523985789236956265265265235675811949404040041",
137 "1456427555219115346513212300075341203043918714616464614664"
138 "64667494947990",
139 "1712787255652165239672857892369562652652652356758119494040"
140 "40041670216363"};
141
142int fbytes(unsigned char *buf, int num)
143 {
144 int ret;
145 BIGNUM *tmp = NULL;
146
147 if (fbytes_counter >= 8)
148 return 0;
149 tmp = BN_new();
150 if (!tmp)
151 return 0;
152 if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
153 {
154 BN_free(tmp);
155 return 0;
156 }
157 fbytes_counter ++;
158 if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
159 ret = 0;
160 else
161 ret = 1;
162 if (tmp)
163 BN_free(tmp);
164 return ret;
165 }
166
167/* some tests from the X9.62 draft */
168int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
169 {
170 int ret = 0;
171 const char message[] = "abc";
172 unsigned char digest[20];
173 unsigned int dgst_len = 0;
174 EVP_MD_CTX md_ctx;
175 EC_KEY *key = NULL;
176 ECDSA_SIG *signature = NULL;
177 BIGNUM *r = NULL, *s = NULL;
178
179 EVP_MD_CTX_init(&md_ctx);
180 /* get the message digest */
181 EVP_DigestInit(&md_ctx, EVP_ecdsa());
182 EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
183 EVP_DigestFinal(&md_ctx, digest, &dgst_len);
184
185 BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
186 /* create the key */
187 if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
188 goto x962_int_err;
189 if (!EC_KEY_generate_key(key))
190 goto x962_int_err;
191 BIO_printf(out, ".");
192 (void)BIO_flush(out);
193 /* create the signature */
194 signature = ECDSA_do_sign(digest, 20, key);
195 if (signature == NULL)
196 goto x962_int_err;
197 BIO_printf(out, ".");
198 (void)BIO_flush(out);
199 /* compare the created signature with the expected signature */
200 if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
201 goto x962_int_err;
202 if (!BN_dec2bn(&r, r_in) ||
203 !BN_dec2bn(&s, s_in))
204 goto x962_int_err;
205 if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
206 goto x962_int_err;
207 BIO_printf(out, ".");
208 (void)BIO_flush(out);
209 /* verify the signature */
210 if (ECDSA_do_verify(digest, 20, signature, key) != 1)
211 goto x962_int_err;
212 BIO_printf(out, ".");
213 (void)BIO_flush(out);
214
215 BIO_printf(out, " ok\n");
216 ret = 1;
217x962_int_err:
218 if (!ret)
219 BIO_printf(out, " failed\n");
220 if (key)
221 EC_KEY_free(key);
222 if (signature)
223 ECDSA_SIG_free(signature);
224 if (r)
225 BN_free(r);
226 if (s)
227 BN_free(s);
228 EVP_MD_CTX_cleanup(&md_ctx);
229 return ret;
230 }
231
232int x9_62_tests(BIO *out)
233 {
234 int ret = 0;
235
236 BIO_printf(out, "some tests from X9.62:\n");
237
238 /* set own rand method */
239 if (!change_rand())
240 goto x962_err;
241
242 if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
243 "3342403536405981729393488334694600415596881826869351677613",
244 "5735822328888155254683894997897571951568553642892029982342"))
245 goto x962_err;
246 if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
247 "3086361431751678114926225473006680188549593787585317781474"
248 "62058306432176",
249 "3238135532097973577080787768312505059318910517550078427819"
250 "78505179448783"))
251 goto x962_err;
252#ifndef OPENSSL_NO_EC2M
253 if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
254 "87194383164871543355722284926904419997237591535066528048",
255 "308992691965804947361541664549085895292153777025772063598"))
256 goto x962_err;
257 if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
258 "2159633321041961198501834003903461262881815148684178964245"
259 "5876922391552",
260 "1970303740007316867383349976549972270528498040721988191026"
261 "49413465737174"))
262 goto x962_err;
263#endif
264 ret = 1;
265x962_err:
266 if (!restore_rand())
267 ret = 0;
268 return ret;
269 }
270
271int test_builtin(BIO *out)
272 {
273 EC_builtin_curve *curves = NULL;
274 size_t crv_len = 0, n = 0;
275 EC_KEY *eckey = NULL, *wrong_eckey = NULL;
276 EC_GROUP *group;
277 ECDSA_SIG *ecdsa_sig = NULL;
278 unsigned char digest[20], wrong_digest[20];
279 unsigned char *signature = NULL;
280 const unsigned char *sig_ptr;
281 unsigned char *sig_ptr2;
282 unsigned char *raw_buf = NULL;
283 unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
284 int nid, ret = 0;
285
286 /* fill digest values with some random data */
287 if (!RAND_pseudo_bytes(digest, 20) ||
288 !RAND_pseudo_bytes(wrong_digest, 20))
289 {
290 BIO_printf(out, "ERROR: unable to get random data\n");
291 goto builtin_err;
292 }
293
294 /* create and verify a ecdsa signature with every availble curve
295 * (with ) */
296 BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
297 "with some internal curves:\n");
298
299 /* get a list of all internal curves */
300 crv_len = EC_get_builtin_curves(NULL, 0);
301
302 curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
303
304 if (curves == NULL)
305 {
306 BIO_printf(out, "malloc error\n");
307 goto builtin_err;
308 }
309
310 if (!EC_get_builtin_curves(curves, crv_len))
311 {
312 BIO_printf(out, "unable to get internal curves\n");
313 goto builtin_err;
314 }
315
316 /* now create and verify a signature for every curve */
317 for (n = 0; n < crv_len; n++)
318 {
319 unsigned char dirt, offset;
320
321 nid = curves[n].nid;
322 if (nid == NID_ipsec4)
323 continue;
324 /* create new ecdsa key (== EC_KEY) */
325 if ((eckey = EC_KEY_new()) == NULL)
326 goto builtin_err;
327 group = EC_GROUP_new_by_curve_name(nid);
328 if (group == NULL)
329 goto builtin_err;
330 if (EC_KEY_set_group(eckey, group) == 0)
331 goto builtin_err;
332 EC_GROUP_free(group);
333 degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
334 if (degree < 160)
335 /* drop the curve */
336 {
337 EC_KEY_free(eckey);
338 eckey = NULL;
339 continue;
340 }
341 BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
342 /* create key */
343 if (!EC_KEY_generate_key(eckey))
344 {
345 BIO_printf(out, " failed\n");
346 goto builtin_err;
347 }
348 /* create second key */
349 if ((wrong_eckey = EC_KEY_new()) == NULL)
350 goto builtin_err;
351 group = EC_GROUP_new_by_curve_name(nid);
352 if (group == NULL)
353 goto builtin_err;
354 if (EC_KEY_set_group(wrong_eckey, group) == 0)
355 goto builtin_err;
356 EC_GROUP_free(group);
357 if (!EC_KEY_generate_key(wrong_eckey))
358 {
359 BIO_printf(out, " failed\n");
360 goto builtin_err;
361 }
362
363 BIO_printf(out, ".");
364 (void)BIO_flush(out);
365 /* check key */
366 if (!EC_KEY_check_key(eckey))
367 {
368 BIO_printf(out, " failed\n");
369 goto builtin_err;
370 }
371 BIO_printf(out, ".");
372 (void)BIO_flush(out);
373 /* create signature */
374 sig_len = ECDSA_size(eckey);
375 if ((signature = OPENSSL_malloc(sig_len)) == NULL)
376 goto builtin_err;
377 if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
378 {
379 BIO_printf(out, " failed\n");
380 goto builtin_err;
381 }
382 BIO_printf(out, ".");
383 (void)BIO_flush(out);
384 /* verify signature */
385 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
386 {
387 BIO_printf(out, " failed\n");
388 goto builtin_err;
389 }
390 BIO_printf(out, ".");
391 (void)BIO_flush(out);
392 /* verify signature with the wrong key */
393 if (ECDSA_verify(0, digest, 20, signature, sig_len,
394 wrong_eckey) == 1)
395 {
396 BIO_printf(out, " failed\n");
397 goto builtin_err;
398 }
399 BIO_printf(out, ".");
400 (void)BIO_flush(out);
401 /* wrong digest */
402 if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
403 eckey) == 1)
404 {
405 BIO_printf(out, " failed\n");
406 goto builtin_err;
407 }
408 BIO_printf(out, ".");
409 (void)BIO_flush(out);
410 /* wrong length */
411 if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
412 eckey) == 1)
413 {
414 BIO_printf(out, " failed\n");
415 goto builtin_err;
416 }
417 BIO_printf(out, ".");
418 (void)BIO_flush(out);
419
420 /* Modify a single byte of the signature: to ensure we don't
421 * garble the ASN1 structure, we read the raw signature and
422 * modify a byte in one of the bignums directly. */
423 sig_ptr = signature;
424 if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
425 {
426 BIO_printf(out, " failed\n");
427 goto builtin_err;
428 }
429
430 /* Store the two BIGNUMs in raw_buf. */
431 r_len = BN_num_bytes(ecdsa_sig->r);
432 s_len = BN_num_bytes(ecdsa_sig->s);
433 bn_len = (degree + 7) / 8;
434 if ((r_len > bn_len) || (s_len > bn_len))
435 {
436 BIO_printf(out, " failed\n");
437 goto builtin_err;
438 }
439 buf_len = 2 * bn_len;
440 if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
441 goto builtin_err;
442 /* Pad the bignums with leading zeroes. */
443 memset(raw_buf, 0, buf_len);
444 BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
445 BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
446
447 /* Modify a single byte in the buffer. */
448 offset = raw_buf[10] % buf_len;
449 dirt = raw_buf[11] ? raw_buf[11] : 1;
450 raw_buf[offset] ^= dirt;
451 /* Now read the BIGNUMs back in from raw_buf. */
452 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
453 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
454 goto builtin_err;
455
456 sig_ptr2 = signature;
457 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
458 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
459 {
460 BIO_printf(out, " failed\n");
461 goto builtin_err;
462 }
463 /* Sanity check: undo the modification and verify signature. */
464 raw_buf[offset] ^= dirt;
465 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
466 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
467 goto builtin_err;
468
469 sig_ptr2 = signature;
470 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
471 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
472 {
473 BIO_printf(out, " failed\n");
474 goto builtin_err;
475 }
476 BIO_printf(out, ".");
477 (void)BIO_flush(out);
478
479 BIO_printf(out, " ok\n");
480 /* cleanup */
481 /* clean bogus errors */
482 ERR_clear_error();
483 OPENSSL_free(signature);
484 signature = NULL;
485 EC_KEY_free(eckey);
486 eckey = NULL;
487 EC_KEY_free(wrong_eckey);
488 wrong_eckey = NULL;
489 ECDSA_SIG_free(ecdsa_sig);
490 ecdsa_sig = NULL;
491 OPENSSL_free(raw_buf);
492 raw_buf = NULL;
493 }
494
495 ret = 1;
496builtin_err:
497 if (eckey)
498 EC_KEY_free(eckey);
499 if (wrong_eckey)
500 EC_KEY_free(wrong_eckey);
501 if (ecdsa_sig)
502 ECDSA_SIG_free(ecdsa_sig);
503 if (signature)
504 OPENSSL_free(signature);
505 if (raw_buf)
506 OPENSSL_free(raw_buf);
507 if (curves)
508 OPENSSL_free(curves);
509
510 return ret;
511 }
512
513int main(void)
514 {
515 int ret = 1;
516 BIO *out;
517
518 out = BIO_new_fp(stdout, BIO_NOCLOSE);
519
520 /* enable memory leak checking unless explicitly disabled */
521 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
522 (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
523 {
524 CRYPTO_malloc_debug_init();
525 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
526 }
527 else
528 {
529 /* OPENSSL_DEBUG_MEMORY=off */
530 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
531 }
532 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
533
534 ERR_load_crypto_strings();
535
536 /* the tests */
537 if (!x9_62_tests(out)) goto err;
538 if (!test_builtin(out)) goto err;
539
540 ret = 0;
541err:
542 if (ret)
543 BIO_printf(out, "\nECDSA test failed\n");
544 else
545 BIO_printf(out, "\nECDSA test passed\n");
546 if (ret)
547 ERR_print_errors(out);
548 CRYPTO_cleanup_all_ex_data();
549 ERR_remove_thread_state(NULL);
550 ERR_free_strings();
551 CRYPTO_mem_leaks(out);
552 if (out != NULL)
553 BIO_free(out);
554 return ret;
555 }
diff --git a/src/regress/lib/libcrypto/evp/Makefile b/src/regress/lib/libcrypto/evp/Makefile
new file mode 100644
index 0000000000..11acf06a01
--- /dev/null
+++ b/src/regress/lib/libcrypto/evp/Makefile
@@ -0,0 +1,12 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= evptest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7REGRESS_TARGETS=regress-evptest
8
9regress-evptest: ${PROG}
10 ./${PROG} ${.CURDIR}/evptests.txt
11
12.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/evp/evptest.c b/src/regress/lib/libcrypto/evp/evptest.c
new file mode 100644
index 0000000000..164d8f3e01
--- /dev/null
+++ b/src/regress/lib/libcrypto/evp/evptest.c
@@ -0,0 +1,448 @@
1/* Written by Ben Laurie, 2001 */
2/*
3 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 */
49
50#include <stdio.h>
51#include <string.h>
52
53#include <openssl/opensslconf.h>
54#include <openssl/evp.h>
55#ifndef OPENSSL_NO_ENGINE
56#include <openssl/engine.h>
57#endif
58#include <openssl/err.h>
59#include <openssl/conf.h>
60
61static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
62 {
63 int n=0;
64
65 fprintf(f,"%s",title);
66 for( ; n < l ; ++n)
67 {
68 if((n%16) == 0)
69 fprintf(f,"\n%04x",n);
70 fprintf(f," %02x",s[n]);
71 }
72 fprintf(f,"\n");
73 }
74
75static int convert(unsigned char *s)
76 {
77 unsigned char *d;
78
79 for(d=s ; *s ; s+=2,++d)
80 {
81 unsigned int n;
82
83 if(!s[1])
84 {
85 fprintf(stderr,"Odd number of hex digits!");
86 exit(4);
87 }
88 sscanf((char *)s,"%2x",&n);
89 *d=(unsigned char)n;
90 }
91 return s-d;
92 }
93
94static char *sstrsep(char **string, const char *delim)
95 {
96 char isdelim[256];
97 char *token = *string;
98
99 if (**string == 0)
100 return NULL;
101
102 memset(isdelim, 0, 256);
103 isdelim[0] = 1;
104
105 while (*delim)
106 {
107 isdelim[(unsigned char)(*delim)] = 1;
108 delim++;
109 }
110
111 while (!isdelim[(unsigned char)(**string)])
112 {
113 (*string)++;
114 }
115
116 if (**string)
117 {
118 **string = 0;
119 (*string)++;
120 }
121
122 return token;
123 }
124
125static unsigned char *ustrsep(char **p,const char *sep)
126 { return (unsigned char *)sstrsep(p,sep); }
127
128static int test1_exit(int ec)
129 {
130 exit(ec);
131 return(0); /* To keep some compilers quiet */
132 }
133
134static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
135 const unsigned char *iv,int in,
136 const unsigned char *plaintext,int pn,
137 const unsigned char *ciphertext,int cn,
138 int encdec)
139 {
140 EVP_CIPHER_CTX ctx;
141 unsigned char out[4096];
142 int outl,outl2;
143
144 printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
145 (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
146 hexdump(stdout,"Key",key,kn);
147 if(in)
148 hexdump(stdout,"IV",iv,in);
149 hexdump(stdout,"Plaintext",plaintext,pn);
150 hexdump(stdout,"Ciphertext",ciphertext,cn);
151
152 if(kn != c->key_len)
153 {
154 fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
155 (unsigned long)c->key_len);
156 test1_exit(5);
157 }
158 EVP_CIPHER_CTX_init(&ctx);
159 if (encdec != 0)
160 {
161 if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
162 {
163 fprintf(stderr,"EncryptInit failed\n");
164 ERR_print_errors_fp(stderr);
165 test1_exit(10);
166 }
167 EVP_CIPHER_CTX_set_padding(&ctx,0);
168
169 if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
170 {
171 fprintf(stderr,"Encrypt failed\n");
172 ERR_print_errors_fp(stderr);
173 test1_exit(6);
174 }
175 if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
176 {
177 fprintf(stderr,"EncryptFinal failed\n");
178 ERR_print_errors_fp(stderr);
179 test1_exit(7);
180 }
181
182 if(outl+outl2 != cn)
183 {
184 fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
185 outl+outl2,cn);
186 test1_exit(8);
187 }
188
189 if(memcmp(out,ciphertext,cn))
190 {
191 fprintf(stderr,"Ciphertext mismatch\n");
192 hexdump(stderr,"Got",out,cn);
193 hexdump(stderr,"Expected",ciphertext,cn);
194 test1_exit(9);
195 }
196 }
197
198 if (encdec <= 0)
199 {
200 if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
201 {
202 fprintf(stderr,"DecryptInit failed\n");
203 ERR_print_errors_fp(stderr);
204 test1_exit(11);
205 }
206 EVP_CIPHER_CTX_set_padding(&ctx,0);
207
208 if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
209 {
210 fprintf(stderr,"Decrypt failed\n");
211 ERR_print_errors_fp(stderr);
212 test1_exit(6);
213 }
214 if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
215 {
216 fprintf(stderr,"DecryptFinal failed\n");
217 ERR_print_errors_fp(stderr);
218 test1_exit(7);
219 }
220
221 if(outl+outl2 != pn)
222 {
223 fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
224 outl+outl2,pn);
225 test1_exit(8);
226 }
227
228 if(memcmp(out,plaintext,pn))
229 {
230 fprintf(stderr,"Plaintext mismatch\n");
231 hexdump(stderr,"Got",out,pn);
232 hexdump(stderr,"Expected",plaintext,pn);
233 test1_exit(9);
234 }
235 }
236
237 EVP_CIPHER_CTX_cleanup(&ctx);
238
239 printf("\n");
240 }
241
242static int test_cipher(const char *cipher,const unsigned char *key,int kn,
243 const unsigned char *iv,int in,
244 const unsigned char *plaintext,int pn,
245 const unsigned char *ciphertext,int cn,
246 int encdec)
247 {
248 const EVP_CIPHER *c;
249
250 c=EVP_get_cipherbyname(cipher);
251 if(!c)
252 return 0;
253
254 test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
255
256 return 1;
257 }
258
259static int test_digest(const char *digest,
260 const unsigned char *plaintext,int pn,
261 const unsigned char *ciphertext, unsigned int cn)
262 {
263 const EVP_MD *d;
264 EVP_MD_CTX ctx;
265 unsigned char md[EVP_MAX_MD_SIZE];
266 unsigned int mdn;
267
268 d=EVP_get_digestbyname(digest);
269 if(!d)
270 return 0;
271
272 printf("Testing digest %s\n",EVP_MD_name(d));
273 hexdump(stdout,"Plaintext",plaintext,pn);
274 hexdump(stdout,"Digest",ciphertext,cn);
275
276 EVP_MD_CTX_init(&ctx);
277 if(!EVP_DigestInit_ex(&ctx,d, NULL))
278 {
279 fprintf(stderr,"DigestInit failed\n");
280 ERR_print_errors_fp(stderr);
281 exit(100);
282 }
283 if(!EVP_DigestUpdate(&ctx,plaintext,pn))
284 {
285 fprintf(stderr,"DigestUpdate failed\n");
286 ERR_print_errors_fp(stderr);
287 exit(101);
288 }
289 if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
290 {
291 fprintf(stderr,"DigestFinal failed\n");
292 ERR_print_errors_fp(stderr);
293 exit(101);
294 }
295 EVP_MD_CTX_cleanup(&ctx);
296
297 if(mdn != cn)
298 {
299 fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
300 exit(102);
301 }
302
303 if(memcmp(md,ciphertext,cn))
304 {
305 fprintf(stderr,"Digest mismatch\n");
306 hexdump(stderr,"Got",md,cn);
307 hexdump(stderr,"Expected",ciphertext,cn);
308 exit(103);
309 }
310
311 printf("\n");
312
313 EVP_MD_CTX_cleanup(&ctx);
314
315 return 1;
316 }
317
318int main(int argc,char **argv)
319 {
320 const char *szTestFile;
321 FILE *f;
322
323 if(argc != 2)
324 {
325 fprintf(stderr,"%s <test file>\n",argv[0]);
326 exit(1);
327 }
328 CRYPTO_malloc_debug_init();
329 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
330 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
331
332 szTestFile=argv[1];
333
334 f=fopen(szTestFile,"r");
335 if(!f)
336 {
337 perror(szTestFile);
338 exit(2);
339 }
340
341 /* Load up the software EVP_CIPHER and EVP_MD definitions */
342 OpenSSL_add_all_ciphers();
343 OpenSSL_add_all_digests();
344#ifndef OPENSSL_NO_ENGINE
345 /* Load all compiled-in ENGINEs */
346 ENGINE_load_builtin_engines();
347#endif
348#if 0
349 OPENSSL_config();
350#endif
351#ifndef OPENSSL_NO_ENGINE
352 /* Register all available ENGINE implementations of ciphers and digests.
353 * This could perhaps be changed to "ENGINE_register_all_complete()"? */
354 ENGINE_register_all_ciphers();
355 ENGINE_register_all_digests();
356 /* If we add command-line options, this statement should be switchable.
357 * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
358 * they weren't already initialised. */
359 /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
360#endif
361
362 for( ; ; )
363 {
364 char line[4096];
365 char *p;
366 char *cipher;
367 unsigned char *iv,*key,*plaintext,*ciphertext;
368 int encdec;
369 int kn,in,pn,cn;
370
371 if(!fgets((char *)line,sizeof line,f))
372 break;
373 if(line[0] == '#' || line[0] == '\n')
374 continue;
375 p=line;
376 cipher=sstrsep(&p,":");
377 key=ustrsep(&p,":");
378 iv=ustrsep(&p,":");
379 plaintext=ustrsep(&p,":");
380 ciphertext=ustrsep(&p,":");
381 if (p[-1] == '\n') {
382 p[-1] = '\0';
383 encdec = -1;
384 } else {
385 encdec = atoi(sstrsep(&p,"\n"));
386 }
387
388
389 kn=convert(key);
390 in=convert(iv);
391 pn=convert(plaintext);
392 cn=convert(ciphertext);
393
394 if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
395 && !test_digest(cipher,plaintext,pn,ciphertext,cn))
396 {
397#ifdef OPENSSL_NO_AES
398 if (strstr(cipher, "AES") == cipher)
399 {
400 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
401 continue;
402 }
403#endif
404#ifdef OPENSSL_NO_DES
405 if (strstr(cipher, "DES") == cipher)
406 {
407 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
408 continue;
409 }
410#endif
411#ifdef OPENSSL_NO_RC4
412 if (strstr(cipher, "RC4") == cipher)
413 {
414 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
415 continue;
416 }
417#endif
418#ifdef OPENSSL_NO_CAMELLIA
419 if (strstr(cipher, "CAMELLIA") == cipher)
420 {
421 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
422 continue;
423 }
424#endif
425#ifdef OPENSSL_NO_SEED
426 if (strstr(cipher, "SEED") == cipher)
427 {
428 fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
429 continue;
430 }
431#endif
432 fprintf(stderr,"Can't find %s\n",cipher);
433 exit(3);
434 }
435 }
436 fclose(f);
437
438#ifndef OPENSSL_NO_ENGINE
439 ENGINE_cleanup();
440#endif
441 EVP_cleanup();
442 CRYPTO_cleanup_all_ex_data();
443 ERR_remove_thread_state(NULL);
444 ERR_free_strings();
445 CRYPTO_mem_leaks_fp(stderr);
446
447 return 0;
448 }
diff --git a/src/regress/lib/libcrypto/evp/evptests.txt b/src/regress/lib/libcrypto/evp/evptests.txt
new file mode 100644
index 0000000000..c273707c14
--- /dev/null
+++ b/src/regress/lib/libcrypto/evp/evptests.txt
@@ -0,0 +1,334 @@
1#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
2#digest:::input:output
3
4# SHA(1) tests (from shatest.c)
5SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
6
7# MD5 tests (from md5test.c)
8MD5::::d41d8cd98f00b204e9800998ecf8427e
9MD5:::61:0cc175b9c0f1b6a831c399e269772661
10MD5:::616263:900150983cd24fb0d6963f7d28e17f72
11MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
12MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
13MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
14MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
15
16# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
17
18AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
19
20# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
21
22AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
23
24# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
25
26AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
27
28# AES 128 ECB tests (from NIST test vectors, encrypt)
29
30#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
31
32# AES 128 ECB tests (from NIST test vectors, decrypt)
33
34#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
35
36# AES 192 ECB tests (from NIST test vectors, decrypt)
37
38#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
39
40# AES 256 ECB tests (from NIST test vectors, decrypt)
41
42#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
43
44# AES 128 CBC tests (from NIST test vectors, encrypt)
45
46#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
47
48# AES 192 CBC tests (from NIST test vectors, encrypt)
49
50#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
51
52# AES 256 CBC tests (from NIST test vectors, encrypt)
53
54#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
55
56# AES 128 CBC tests (from NIST test vectors, decrypt)
57
58#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
59
60# AES tests from NIST document SP800-38A
61# For all ECB encrypts and decrypts, the transformed sequence is
62# AES-bits-ECB:key::plaintext:ciphertext:encdec
63# ECB-AES128.Encrypt and ECB-AES128.Decrypt
64AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
65AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
66AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
67AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
68# ECB-AES192.Encrypt and ECB-AES192.Decrypt
69AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
70AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
71AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
72AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
73# ECB-AES256.Encrypt and ECB-AES256.Decrypt
74AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
75AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
76AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
77AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
78# For all CBC encrypts and decrypts, the transformed sequence is
79# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
80# CBC-AES128.Encrypt and CBC-AES128.Decrypt
81AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
82AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
83AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
84AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
85# CBC-AES192.Encrypt and CBC-AES192.Decrypt
86AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
87AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
88AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
89AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
90# CBC-AES256.Encrypt and CBC-AES256.Decrypt
91AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
92AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
93AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
94AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
95# We don't support CFB{1,8}-AESxxx.{En,De}crypt
96# For all CFB128 encrypts and decrypts, the transformed sequence is
97# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
98# CFB128-AES128.Encrypt
99AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
100AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
101AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
102AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
103# CFB128-AES128.Decrypt
104AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
105AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
106AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
107AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
108# CFB128-AES192.Encrypt
109AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
110AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
111AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
112AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
113# CFB128-AES192.Decrypt
114AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
115AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
116AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
117AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
118# CFB128-AES256.Encrypt
119AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
120AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
121AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
122AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
123# CFB128-AES256.Decrypt
124AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
125AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
126AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
127AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
128# For all OFB encrypts and decrypts, the transformed sequence is
129# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
130# OFB-AES128.Encrypt
131AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
132AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
133AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
134AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
135# OFB-AES128.Decrypt
136AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
137AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
138AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
139AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
140# OFB-AES192.Encrypt
141AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
142AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
143AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
144AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
145# OFB-AES192.Decrypt
146AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
147AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
148AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
149AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
150# OFB-AES256.Encrypt
151AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
152AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
153AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
154AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
155# OFB-AES256.Decrypt
156AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
157AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
158AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
159AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
160
161# AES Counter test vectors from RFC3686
162aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
163aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
164aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
165
166aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
167aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
168aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
169
170aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
171aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
172aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
173
174# DES ECB tests (from destest)
175
176DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
177DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
178DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
179DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
180DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
181DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
182DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
183
184# DESX-CBC tests (from destest)
185DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
186
187# DES EDE3 CBC tests (from destest)
188DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
189
190# RC4 tests (from rc4test)
191RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
192RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
193RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
194RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
195RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
196RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
197
198
199# Camellia tests from RFC3713
200# For all ECB encrypts and decrypts, the transformed sequence is
201# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
202CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
203CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
204CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
205
206# ECB-CAMELLIA128.Encrypt
207CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
208CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
209CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
210
211# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
212CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
213CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
214CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
215CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
216
217# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
218CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
219CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
220CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
221CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
222
223# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
224CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
225CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
226CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
227CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
228
229# For all CBC encrypts and decrypts, the transformed sequence is
230# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
231# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
232CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
233CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
234CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
235CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
236
237# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
238CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
239CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
240CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
241CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
242
243# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
244CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
245CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
246CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
247CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
248
249# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
250# For all CFB128 encrypts and decrypts, the transformed sequence is
251# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
252# CFB128-CAMELLIA128.Encrypt
253CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
254CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
255CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
256CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
257
258# CFB128-CAMELLIA128.Decrypt
259CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
260CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
261CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
262CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
263
264# CFB128-CAMELLIA192.Encrypt
265CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
266CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
267CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
268CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
269
270# CFB128-CAMELLIA192.Decrypt
271CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
272CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
273CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
274CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
275
276# CFB128-CAMELLIA256.Encrypt
277CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
278CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
279CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
280CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
281
282# CFB128-CAMELLIA256.Decrypt
283CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
284CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
285CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
286CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
287
288# For all OFB encrypts and decrypts, the transformed sequence is
289# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
290# OFB-CAMELLIA128.Encrypt
291CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
292CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
293CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
294CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
295
296# OFB-CAMELLIA128.Decrypt
297CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
298CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
299CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
300CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
301
302# OFB-CAMELLIA192.Encrypt
303CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
304CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
305CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
306CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
307
308# OFB-CAMELLIA192.Decrypt
309CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
310CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
311CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
312CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
313
314# OFB-CAMELLIA256.Encrypt
315CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
316CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
317CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
318CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
319
320# OFB-CAMELLIA256.Decrypt
321CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
322CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
323CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
324CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
325
326# SEED test vectors from RFC4269
327SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
328SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
329SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
330SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
331SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
332SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
333SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
334SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
diff --git a/src/regress/lib/libcrypto/exp/Makefile b/src/regress/lib/libcrypto/exp/Makefile
new file mode 100644
index 0000000000..e55fabe549
--- /dev/null
+++ b/src/regress/lib/libcrypto/exp/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:16 miod Exp $
2
3PROG= exptest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c
new file mode 100644
index 0000000000..faa9328ba9
--- /dev/null
+++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -0,0 +1,191 @@
1/* crypto/bn/exptest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/bio.h>
64#include <openssl/bn.h>
65#include <openssl/rand.h>
66#include <openssl/err.h>
67
68#define NUM_BITS (BN_BITS*2)
69
70int main(int argc, char *argv[])
71 {
72 BN_CTX *ctx;
73 BIO *out=NULL;
74 int i,ret;
75 unsigned char c;
76 BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
77
78 ERR_load_BN_strings();
79
80 ctx=BN_CTX_new();
81 if (ctx == NULL) exit(1);
82 r_mont=BN_new();
83 r_mont_const=BN_new();
84 r_recp=BN_new();
85 r_simple=BN_new();
86 a=BN_new();
87 b=BN_new();
88 m=BN_new();
89 if ( (r_mont == NULL) || (r_recp == NULL) ||
90 (a == NULL) || (b == NULL))
91 goto err;
92
93 out=BIO_new(BIO_s_file());
94
95 if (out == NULL) exit(1);
96 BIO_set_fp(out,stdout,BIO_NOCLOSE);
97
98 for (i=0; i<200; i++)
99 {
100 RAND_bytes(&c,1);
101 c=(c%BN_BITS)-BN_BITS2;
102 BN_rand(a,NUM_BITS+c,0,0);
103
104 RAND_bytes(&c,1);
105 c=(c%BN_BITS)-BN_BITS2;
106 BN_rand(b,NUM_BITS+c,0,0);
107
108 RAND_bytes(&c,1);
109 c=(c%BN_BITS)-BN_BITS2;
110 BN_rand(m,NUM_BITS+c,0,1);
111
112 BN_mod(a,a,m,ctx);
113 BN_mod(b,b,m,ctx);
114
115 ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
116 if (ret <= 0)
117 {
118 printf("BN_mod_exp_mont() problems\n");
119 ERR_print_errors(out);
120 exit(1);
121 }
122
123 ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
124 if (ret <= 0)
125 {
126 printf("BN_mod_exp_recp() problems\n");
127 ERR_print_errors(out);
128 exit(1);
129 }
130
131 ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
132 if (ret <= 0)
133 {
134 printf("BN_mod_exp_simple() problems\n");
135 ERR_print_errors(out);
136 exit(1);
137 }
138
139 ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
140 if (ret <= 0)
141 {
142 printf("BN_mod_exp_mont_consttime() problems\n");
143 ERR_print_errors(out);
144 exit(1);
145 }
146
147 if (BN_cmp(r_simple, r_mont) == 0
148 && BN_cmp(r_simple,r_recp) == 0
149 && BN_cmp(r_simple,r_mont_const) == 0)
150 {
151 printf(".");
152 fflush(stdout);
153 }
154 else
155 {
156 if (BN_cmp(r_simple,r_mont) != 0)
157 printf("\nsimple and mont results differ\n");
158 if (BN_cmp(r_simple,r_mont_const) != 0)
159 printf("\nsimple and mont const time results differ\n");
160 if (BN_cmp(r_simple,r_recp) != 0)
161 printf("\nsimple and recp results differ\n");
162
163 printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a);
164 printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
165 printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
166 printf("\nsimple ="); BN_print(out,r_simple);
167 printf("\nrecp ="); BN_print(out,r_recp);
168 printf("\nmont ="); BN_print(out,r_mont);
169 printf("\nmont_ct ="); BN_print(out,r_mont_const);
170 printf("\n");
171 exit(1);
172 }
173 }
174 BN_free(r_mont);
175 BN_free(r_mont_const);
176 BN_free(r_recp);
177 BN_free(r_simple);
178 BN_free(a);
179 BN_free(b);
180 BN_free(m);
181 BN_CTX_free(ctx);
182 ERR_remove_thread_state(NULL);
183 CRYPTO_mem_leaks(out);
184 BIO_free(out);
185 printf(" done\n");
186 exit(0);
187err:
188 ERR_load_crypto_strings();
189 ERR_print_errors(out);
190 exit(1);
191 }
diff --git a/src/regress/lib/libcrypto/hmac/Makefile b/src/regress/lib/libcrypto/hmac/Makefile
new file mode 100644
index 0000000000..0bcb8f49aa
--- /dev/null
+++ b/src/regress/lib/libcrypto/hmac/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= hmactest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/hmac/hmactest.c b/src/regress/lib/libcrypto/hmac/hmactest.c
new file mode 100644
index 0000000000..7daaacd34f
--- /dev/null
+++ b/src/regress/lib/libcrypto/hmac/hmactest.c
@@ -0,0 +1,154 @@
1/* crypto/hmac/hmactest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/hmac.h>
64#ifndef OPENSSL_NO_MD5
65#include <openssl/md5.h>
66#endif
67
68#ifndef OPENSSL_NO_MD5
69static struct test_st
70 {
71 unsigned char key[16];
72 int key_len;
73 unsigned char data[64];
74 int data_len;
75 unsigned char *digest;
76 } test[4]={
77 { "",
78 0,
79 "More text test vectors to stuff up EBCDIC machines :-)",
80 54,
81 (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
82 },{ {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
83 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
84 16,
85 "Hi There",
86 8,
87 (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
88 },{ "Jefe",
89 4,
90 "what do ya want for nothing?",
91 28,
92 (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
93 },{
94 {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
95 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
96 16,
97 {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
98 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
99 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
100 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
101 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
102 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
103 0xdd,0xdd},
104 50,
105 (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
106 },
107 };
108#endif
109
110static char *pt(unsigned char *md);
111int main(int argc, char *argv[])
112 {
113#ifndef OPENSSL_NO_MD5
114 int i;
115 char *p;
116#endif
117 int err=0;
118
119#ifdef OPENSSL_NO_MD5
120 printf("test skipped: MD5 disabled\n");
121#else
122
123 for (i=0; i<4; i++)
124 {
125 p=pt(HMAC(EVP_md5(),
126 test[i].key, test[i].key_len,
127 test[i].data, test[i].data_len,
128 NULL,NULL));
129
130 if (strcmp(p,(char *)test[i].digest) != 0)
131 {
132 printf("error calculating HMAC on %d entry'\n",i);
133 printf("got %s instead of %s\n",p,test[i].digest);
134 err++;
135 }
136 else
137 printf("test %d ok\n",i);
138 }
139#endif /* OPENSSL_NO_MD5 */
140 exit(err);
141 return(0);
142 }
143
144#ifndef OPENSSL_NO_MD5
145static char *pt(unsigned char *md)
146 {
147 int i;
148 static char buf[80];
149
150 for (i=0; i<MD5_DIGEST_LENGTH; i++)
151 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
152 return(buf);
153 }
154#endif
diff --git a/src/regress/lib/libcrypto/idea/Makefile b/src/regress/lib/libcrypto/idea/Makefile
new file mode 100644
index 0000000000..8188c68a4c
--- /dev/null
+++ b/src/regress/lib/libcrypto/idea/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= ideatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/idea/ideatest.c b/src/regress/lib/libcrypto/idea/ideatest.c
new file mode 100644
index 0000000000..c6478916ee
--- /dev/null
+++ b/src/regress/lib/libcrypto/idea/ideatest.c
@@ -0,0 +1,221 @@
1/* crypto/idea/ideatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/idea.h>
64
65unsigned char k[16]={
66 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
67 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
68
69unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
70unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
71unsigned char out[80];
72
73char *text="Hello to all people out there";
74
75static unsigned char cfb_key[16]={
76 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
77 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
78 };
79static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
80static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
81#define CFB_TEST_SIZE 24
82static unsigned char plain[CFB_TEST_SIZE]=
83 {
84 0x4e,0x6f,0x77,0x20,0x69,0x73,
85 0x20,0x74,0x68,0x65,0x20,0x74,
86 0x69,0x6d,0x65,0x20,0x66,0x6f,
87 0x72,0x20,0x61,0x6c,0x6c,0x20
88 };
89static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
90 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
91 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
92 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
93
94/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
95 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
96 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
97 };
98
99static int cfb64_test(unsigned char *cfb_cipher);
100static char *pt(unsigned char *p);
101int main(int argc, char *argv[])
102 {
103 int i,err=0;
104 IDEA_KEY_SCHEDULE key,dkey;
105 unsigned char iv[8];
106
107 idea_set_encrypt_key(k,&key);
108 idea_ecb_encrypt(in,out,&key);
109 if (memcmp(out,c,8) != 0)
110 {
111 printf("ecb idea error encrypting\n");
112 printf("got :");
113 for (i=0; i<8; i++)
114 printf("%02X ",out[i]);
115 printf("\n");
116 printf("expected:");
117 for (i=0; i<8; i++)
118 printf("%02X ",c[i]);
119 err=20;
120 printf("\n");
121 }
122
123 idea_set_decrypt_key(&key,&dkey);
124 idea_ecb_encrypt(c,out,&dkey);
125 if (memcmp(out,in,8) != 0)
126 {
127 printf("ecb idea error decrypting\n");
128 printf("got :");
129 for (i=0; i<8; i++)
130 printf("%02X ",out[i]);
131 printf("\n");
132 printf("expected:");
133 for (i=0; i<8; i++)
134 printf("%02X ",in[i]);
135 printf("\n");
136 err=3;
137 }
138
139 if (err == 0) printf("ecb idea ok\n");
140
141 memcpy(iv,k,8);
142 idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
143 memcpy(iv,k,8);
144 idea_cbc_encrypt(out,out,8,&dkey,iv,0);
145 idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
146 if (memcmp(text,out,strlen(text)+1) != 0)
147 {
148 printf("cbc idea bad\n");
149 err=4;
150 }
151 else
152 printf("cbc idea ok\n");
153
154 printf("cfb64 idea ");
155 if (cfb64_test(cfb_cipher64))
156 {
157 printf("bad\n");
158 err=5;
159 }
160 else
161 printf("ok\n");
162
163 exit(err);
164 }
165
166static int cfb64_test(unsigned char *cfb_cipher)
167 {
168 IDEA_KEY_SCHEDULE eks,dks;
169 int err=0,i,n;
170
171 idea_set_encrypt_key(cfb_key,&eks);
172 idea_set_decrypt_key(&eks,&dks);
173 memcpy(cfb_tmp,cfb_iv,8);
174 n=0;
175 idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
176 cfb_tmp,&n,IDEA_ENCRYPT);
177 idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
178 (long)CFB_TEST_SIZE-12,&eks,
179 cfb_tmp,&n,IDEA_ENCRYPT);
180 if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
181 {
182 err=1;
183 printf("idea_cfb64_encrypt encrypt error\n");
184 for (i=0; i<CFB_TEST_SIZE; i+=8)
185 printf("%s\n",pt(&(cfb_buf1[i])));
186 }
187 memcpy(cfb_tmp,cfb_iv,8);
188 n=0;
189 idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
190 cfb_tmp,&n,IDEA_DECRYPT);
191 idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
192 (long)CFB_TEST_SIZE-17,&dks,
193 cfb_tmp,&n,IDEA_DECRYPT);
194 if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
195 {
196 err=1;
197 printf("idea_cfb_encrypt decrypt error\n");
198 for (i=0; i<24; i+=8)
199 printf("%s\n",pt(&(cfb_buf2[i])));
200 }
201 return(err);
202 }
203
204static char *pt(unsigned char *p)
205 {
206 static char bufs[10][20];
207 static int bnum=0;
208 char *ret;
209 int i;
210 static char *f="0123456789ABCDEF";
211
212 ret= &(bufs[bnum++][0]);
213 bnum%=10;
214 for (i=0; i<8; i++)
215 {
216 ret[i*2]=f[(p[i]>>4)&0xf];
217 ret[i*2+1]=f[p[i]&0xf];
218 }
219 ret[16]='\0';
220 return(ret);
221 }
diff --git a/src/regress/lib/libcrypto/ige/Makefile b/src/regress/lib/libcrypto/ige/Makefile
new file mode 100644
index 0000000000..587259f412
--- /dev/null
+++ b/src/regress/lib/libcrypto/ige/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= igetest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/ige/igetest.c b/src/regress/lib/libcrypto/ige/igetest.c
new file mode 100644
index 0000000000..1ba900244d
--- /dev/null
+++ b/src/regress/lib/libcrypto/ige/igetest.c
@@ -0,0 +1,503 @@
1/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
2/* ====================================================================
3 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 */
51
52#include <openssl/aes.h>
53#include <openssl/rand.h>
54#include <stdio.h>
55#include <string.h>
56#include <assert.h>
57
58#define TEST_SIZE 128
59#define BIG_TEST_SIZE 10240
60
61static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
62 {
63 int n=0;
64
65 fprintf(f,"%s",title);
66 for( ; n < l ; ++n)
67 {
68 if((n%16) == 0)
69 fprintf(f,"\n%04x",n);
70 fprintf(f," %02x",s[n]);
71 }
72 fprintf(f,"\n");
73 }
74
75#define MAX_VECTOR_SIZE 64
76
77struct ige_test
78 {
79 const unsigned char key[16];
80 const unsigned char iv[32];
81 const unsigned char in[MAX_VECTOR_SIZE];
82 const unsigned char out[MAX_VECTOR_SIZE];
83 const size_t length;
84 const int encrypt;
85 };
86
87static struct ige_test const ige_test_vectors[] = {
88{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
89 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
90 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
91 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
92 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
93 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
94 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
98 { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
99 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
100 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
101 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
102 32, AES_ENCRYPT }, /* test vector 0 */
103
104{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
105 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
106 { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
107 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
108 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
109 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
110 { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
111 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
112 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
113 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
114 { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
115 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
116 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
117 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
118 32, AES_DECRYPT }, /* test vector 1 */
119};
120
121struct bi_ige_test
122 {
123 const unsigned char key1[32];
124 const unsigned char key2[32];
125 const unsigned char iv[64];
126 const unsigned char in[MAX_VECTOR_SIZE];
127 const unsigned char out[MAX_VECTOR_SIZE];
128 const size_t keysize;
129 const size_t length;
130 const int encrypt;
131 };
132
133static struct bi_ige_test const bi_ige_test_vectors[] = {
134{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
135 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
136 { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
137 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
138 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
139 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
140 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
141 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
142 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
143 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
144 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
145 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
146 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
150 { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
151 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
152 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
153 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
154 16, 32, AES_ENCRYPT }, /* test vector 0 */
155{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
156 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
157 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
158 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
159 { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
160 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
161 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
162 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
163 { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
164 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
165 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
166 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
167 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
168 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
169 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
170 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
171 { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
172 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
173 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
174 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
175 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
176 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
177 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
178 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
179 { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
180 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
181 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
182 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
183 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
184 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
185 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
186 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
187 32, 64, AES_ENCRYPT }, /* test vector 1 */
188
189};
190
191static int run_test_vectors(void)
192 {
193 unsigned int n;
194 int errs = 0;
195
196 for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
197 {
198 const struct ige_test * const v = &ige_test_vectors[n];
199 AES_KEY key;
200 unsigned char buf[MAX_VECTOR_SIZE];
201 unsigned char iv[AES_BLOCK_SIZE*2];
202
203 assert(v->length <= MAX_VECTOR_SIZE);
204
205 if(v->encrypt == AES_ENCRYPT)
206 AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
207 else
208 AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
209 memcpy(iv, v->iv, sizeof iv);
210 AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
211
212 if(memcmp(v->out, buf, v->length))
213 {
214 printf("IGE test vector %d failed\n", n);
215 hexdump(stdout, "key", v->key, sizeof v->key);
216 hexdump(stdout, "iv", v->iv, sizeof v->iv);
217 hexdump(stdout, "in", v->in, v->length);
218 hexdump(stdout, "expected", v->out, v->length);
219 hexdump(stdout, "got", buf, v->length);
220
221 ++errs;
222 }
223
224 /* try with in == out */
225 memcpy(iv, v->iv, sizeof iv);
226 memcpy(buf, v->in, v->length);
227 AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
228
229 if(memcmp(v->out, buf, v->length))
230 {
231 printf("IGE test vector %d failed (with in == out)\n", n);
232 hexdump(stdout, "key", v->key, sizeof v->key);
233 hexdump(stdout, "iv", v->iv, sizeof v->iv);
234 hexdump(stdout, "in", v->in, v->length);
235 hexdump(stdout, "expected", v->out, v->length);
236 hexdump(stdout, "got", buf, v->length);
237
238 ++errs;
239 }
240 }
241
242 for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
243 ; ++n)
244 {
245 const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
246 AES_KEY key1;
247 AES_KEY key2;
248 unsigned char buf[MAX_VECTOR_SIZE];
249
250 assert(v->length <= MAX_VECTOR_SIZE);
251
252 if(v->encrypt == AES_ENCRYPT)
253 {
254 AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
255 AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
256 }
257 else
258 {
259 AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
260 AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
261 }
262
263 AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
264 v->encrypt);
265
266 if(memcmp(v->out, buf, v->length))
267 {
268 printf("Bidirectional IGE test vector %d failed\n", n);
269 hexdump(stdout, "key 1", v->key1, sizeof v->key1);
270 hexdump(stdout, "key 2", v->key2, sizeof v->key2);
271 hexdump(stdout, "iv", v->iv, sizeof v->iv);
272 hexdump(stdout, "in", v->in, v->length);
273 hexdump(stdout, "expected", v->out, v->length);
274 hexdump(stdout, "got", buf, v->length);
275
276 ++errs;
277 }
278 }
279
280 return errs;
281 }
282
283int main(int argc, char **argv)
284 {
285 unsigned char rkey[16];
286 unsigned char rkey2[16];
287 AES_KEY key;
288 AES_KEY key2;
289 unsigned char plaintext[BIG_TEST_SIZE];
290 unsigned char ciphertext[BIG_TEST_SIZE];
291 unsigned char checktext[BIG_TEST_SIZE];
292 unsigned char iv[AES_BLOCK_SIZE*4];
293 unsigned char saved_iv[AES_BLOCK_SIZE*4];
294 int err = 0;
295 unsigned int n;
296 unsigned matches;
297
298 assert(BIG_TEST_SIZE >= TEST_SIZE);
299
300 RAND_pseudo_bytes(rkey, sizeof rkey);
301 RAND_pseudo_bytes(plaintext, sizeof plaintext);
302 RAND_pseudo_bytes(iv, sizeof iv);
303 memcpy(saved_iv, iv, sizeof saved_iv);
304
305 /* Forward IGE only... */
306
307 /* Straight encrypt/decrypt */
308 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
309 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
310 AES_ENCRYPT);
311
312 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
313 memcpy(iv, saved_iv, sizeof iv);
314 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
315 AES_DECRYPT);
316
317 if(memcmp(checktext, plaintext, TEST_SIZE))
318 {
319 printf("Encrypt+decrypt doesn't match\n");
320 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
321 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
322 ++err;
323 }
324
325 /* Now check encrypt chaining works */
326 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
327 memcpy(iv, saved_iv, sizeof iv);
328 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
329 AES_ENCRYPT);
330 AES_ige_encrypt(plaintext+TEST_SIZE/2,
331 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
332 &key, iv, AES_ENCRYPT);
333
334 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
335 memcpy(iv, saved_iv, sizeof iv);
336 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
337 AES_DECRYPT);
338
339 if(memcmp(checktext, plaintext, TEST_SIZE))
340 {
341 printf("Chained encrypt+decrypt doesn't match\n");
342 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
343 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
344 ++err;
345 }
346
347 /* And check decrypt chaining */
348 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
349 memcpy(iv, saved_iv, sizeof iv);
350 AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
351 AES_ENCRYPT);
352 AES_ige_encrypt(plaintext+TEST_SIZE/2,
353 ciphertext+TEST_SIZE/2, TEST_SIZE/2,
354 &key, iv, AES_ENCRYPT);
355
356 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
357 memcpy(iv, saved_iv, sizeof iv);
358 AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
359 AES_DECRYPT);
360 AES_ige_encrypt(ciphertext+TEST_SIZE/2,
361 checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
362 AES_DECRYPT);
363
364 if(memcmp(checktext, plaintext, TEST_SIZE))
365 {
366 printf("Chained encrypt+chained decrypt doesn't match\n");
367 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
368 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
369 ++err;
370 }
371
372 /* make sure garble extends forwards only */
373 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
374 memcpy(iv, saved_iv, sizeof iv);
375 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
376 AES_ENCRYPT);
377
378 /* corrupt halfway through */
379 ++ciphertext[sizeof ciphertext/2];
380 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
381 memcpy(iv, saved_iv, sizeof iv);
382 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
383 AES_DECRYPT);
384
385 matches=0;
386 for(n=0 ; n < sizeof checktext ; ++n)
387 if(checktext[n] == plaintext[n])
388 ++matches;
389
390 if(matches > sizeof checktext/2+sizeof checktext/100)
391 {
392 printf("More than 51%% matches after garbling\n");
393 ++err;
394 }
395
396 if(matches < sizeof checktext/2)
397 {
398 printf("Garble extends backwards!\n");
399 ++err;
400 }
401
402 /* Bi-directional IGE */
403
404 /* Note that we don't have to recover the IV, because chaining isn't */
405 /* possible with biIGE, so the IV is not updated. */
406
407 RAND_pseudo_bytes(rkey2, sizeof rkey2);
408
409 /* Straight encrypt/decrypt */
410 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
411 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
412 AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
413 AES_ENCRYPT);
414
415 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
416 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
417 AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
418 AES_DECRYPT);
419
420 if(memcmp(checktext, plaintext, TEST_SIZE))
421 {
422 printf("Encrypt+decrypt doesn't match\n");
423 hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
424 hexdump(stdout, "Checktext", checktext, TEST_SIZE);
425 ++err;
426 }
427
428 /* make sure garble extends both ways */
429 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
430 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
431 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
432 AES_ENCRYPT);
433
434 /* corrupt halfway through */
435 ++ciphertext[sizeof ciphertext/2];
436 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
437 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
438 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
439 AES_DECRYPT);
440
441 matches=0;
442 for(n=0 ; n < sizeof checktext ; ++n)
443 if(checktext[n] == plaintext[n])
444 ++matches;
445
446 if(matches > sizeof checktext/100)
447 {
448 printf("More than 1%% matches after bidirectional garbling\n");
449 ++err;
450 }
451
452 /* make sure garble extends both ways (2) */
453 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
454 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
455 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
456 AES_ENCRYPT);
457
458 /* corrupt right at the end */
459 ++ciphertext[sizeof ciphertext-1];
460 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
461 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
462 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
463 AES_DECRYPT);
464
465 matches=0;
466 for(n=0 ; n < sizeof checktext ; ++n)
467 if(checktext[n] == plaintext[n])
468 ++matches;
469
470 if(matches > sizeof checktext/100)
471 {
472 printf("More than 1%% matches after bidirectional garbling (2)\n");
473 ++err;
474 }
475
476 /* make sure garble extends both ways (3) */
477 AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
478 AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
479 AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
480 AES_ENCRYPT);
481
482 /* corrupt right at the start */
483 ++ciphertext[0];
484 AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
485 AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
486 AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
487 AES_DECRYPT);
488
489 matches=0;
490 for(n=0 ; n < sizeof checktext ; ++n)
491 if(checktext[n] == plaintext[n])
492 ++matches;
493
494 if(matches > sizeof checktext/100)
495 {
496 printf("More than 1%% matches after bidirectional garbling (3)\n");
497 ++err;
498 }
499
500 err += run_test_vectors();
501
502 return err;
503 }
diff --git a/src/regress/lib/libcrypto/md4/Makefile b/src/regress/lib/libcrypto/md4/Makefile
new file mode 100644
index 0000000000..ca015fa404
--- /dev/null
+++ b/src/regress/lib/libcrypto/md4/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= md4test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md4/md4test.c b/src/regress/lib/libcrypto/md4/md4test.c
new file mode 100644
index 0000000000..60b2c0eedb
--- /dev/null
+++ b/src/regress/lib/libcrypto/md4/md4test.c
@@ -0,0 +1,125 @@
1/* crypto/md4/md4test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/md4.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
73 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
74 NULL,
75 };
76
77static char *ret[]={
78"31d6cfe0d16ae931b73c59d7e0c089c0",
79"bde52cb31de33e46245e05fbdbd6fb24",
80"a448017aaf21d8525fc10ae87aa6729d",
81"d9130a8164549fe818874806e1c7014b",
82"d79e1c308aa5bbcdeea8ed63df412da9",
83"043f8582f241db351ce627e153e7f0e4",
84"e33b4ddc9c38f2199c3e7b164fcc0536",
85};
86
87static char *pt(unsigned char *md);
88int main(int argc, char *argv[])
89 {
90 int i,err=0;
91 char **P,**R;
92 char *p;
93 unsigned char md[MD4_DIGEST_LENGTH];
94
95 P=test;
96 R=ret;
97 i=1;
98 while (*P != NULL)
99 {
100 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
101 p=pt(md);
102 if (strcmp(p,(char *)*R) != 0)
103 {
104 printf("error calculating MD4 on '%s'\n",*P);
105 printf("got %s instead of %s\n",p,*R);
106 err++;
107 }
108 else
109 printf("test %d ok\n",i);
110 i++;
111 R++;
112 P++;
113 }
114 exit(err);
115 }
116
117static char *pt(unsigned char *md)
118 {
119 int i;
120 static char buf[80];
121
122 for (i=0; i<MD4_DIGEST_LENGTH; i++)
123 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
124 return(buf);
125 }
diff --git a/src/regress/lib/libcrypto/md5/Makefile b/src/regress/lib/libcrypto/md5/Makefile
new file mode 100644
index 0000000000..80dcb50dec
--- /dev/null
+++ b/src/regress/lib/libcrypto/md5/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= md5test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/md5/md5test.c b/src/regress/lib/libcrypto/md5/md5test.c
new file mode 100644
index 0000000000..481ddaa4e3
--- /dev/null
+++ b/src/regress/lib/libcrypto/md5/md5test.c
@@ -0,0 +1,126 @@
1/* crypto/md5/md5test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/md5.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
73 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
74 NULL,
75 };
76
77static char *ret[]={
78 "d41d8cd98f00b204e9800998ecf8427e",
79 "0cc175b9c0f1b6a831c399e269772661",
80 "900150983cd24fb0d6963f7d28e17f72",
81 "f96b697d7cb7938d525a2f31aaf161d0",
82 "c3fcd3d76192e4007dfb496cca67e13b",
83 "d174ab98d277d9f5a5611c2c9f419d9f",
84 "57edf4a22be3c955ac49da2e2107b67a",
85 };
86
87static char *pt(unsigned char *md);
88int main(int argc, char *argv[])
89 {
90 int i,err=0;
91 char **P,**R;
92 char *p;
93 unsigned char md[MD5_DIGEST_LENGTH];
94
95 P=test;
96 R=ret;
97 i=1;
98 while (*P != NULL)
99 {
100 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
101 p=pt(md);
102 if (strcmp(p,(char *)*R) != 0)
103 {
104 printf("error calculating MD5 on '%s'\n",*P);
105 printf("got %s instead of %s\n",p,*R);
106 err++;
107 }
108 else
109 printf("test %d ok\n",i);
110 i++;
111 R++;
112 P++;
113 }
114
115 exit(err);
116 }
117
118static char *pt(unsigned char *md)
119 {
120 int i;
121 static char buf[80];
122
123 for (i=0; i<MD5_DIGEST_LENGTH; i++)
124 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
125 return(buf);
126 }
diff --git a/src/regress/lib/libcrypto/mdc2/Makefile b/src/regress/lib/libcrypto/mdc2/Makefile
new file mode 100644
index 0000000000..09674f96bf
--- /dev/null
+++ b/src/regress/lib/libcrypto/mdc2/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= mdc2test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/mdc2/mdc2test.c b/src/regress/lib/libcrypto/mdc2/mdc2test.c
new file mode 100644
index 0000000000..aa84a3a00b
--- /dev/null
+++ b/src/regress/lib/libcrypto/mdc2/mdc2test.c
@@ -0,0 +1,123 @@
1/* crypto/mdc2/mdc2test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/evp.h>
64#include <openssl/mdc2.h>
65
66static unsigned char pad1[16]={
67 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
68 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
69 };
70
71static unsigned char pad2[16]={
72 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
73 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
74 };
75
76int main(int argc, char *argv[])
77 {
78 int ret=0;
79 unsigned char md[MDC2_DIGEST_LENGTH];
80 int i;
81 EVP_MD_CTX c;
82 static char *text="Now is the time for all ";
83
84 EVP_MD_CTX_init(&c);
85 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
86 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
87 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
88
89 if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
90 {
91 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
92 printf("%02X",md[i]);
93 printf(" <- generated\n");
94 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
95 printf("%02X",pad1[i]);
96 printf(" <- correct\n");
97 ret=1;
98 }
99 else
100 printf("pad1 - ok\n");
101
102 EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
103 /* FIXME: use a ctl function? */
104 ((MDC2_CTX *)c.md_data)->pad_type=2;
105 EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
106 EVP_DigestFinal_ex(&c,&(md[0]),NULL);
107
108 if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
109 {
110 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
111 printf("%02X",md[i]);
112 printf(" <- generated\n");
113 for (i=0; i<MDC2_DIGEST_LENGTH; i++)
114 printf("%02X",pad2[i]);
115 printf(" <- correct\n");
116 ret=1;
117 }
118 else
119 printf("pad2 - ok\n");
120
121 EVP_MD_CTX_cleanup(&c);
122 exit(ret);
123 }
diff --git a/src/regress/lib/libcrypto/rand/Makefile b/src/regress/lib/libcrypto/rand/Makefile
new file mode 100644
index 0000000000..4284f49df8
--- /dev/null
+++ b/src/regress/lib/libcrypto/rand/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:18 miod Exp $
2
3PROG= randtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rand/randtest.c b/src/regress/lib/libcrypto/rand/randtest.c
new file mode 100644
index 0000000000..8317746642
--- /dev/null
+++ b/src/regress/lib/libcrypto/rand/randtest.c
@@ -0,0 +1,202 @@
1/* crypto/rand/randtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/rand.h>
62
63/* some FIPS 140-1 random number test */
64/* some simple tests */
65
66int main(int argc,char **argv)
67 {
68 unsigned char buf[2500];
69 int i,j,k,s,sign,nsign,err=0;
70 unsigned long n1;
71 unsigned long n2[16];
72 unsigned long runs[2][34];
73 /*double d; */
74 long d;
75
76 i = RAND_pseudo_bytes(buf,2500);
77 if (i < 0)
78 {
79 printf ("init failed, the rand method is not properly installed\n");
80 err++;
81 goto err;
82 }
83
84 n1=0;
85 for (i=0; i<16; i++) n2[i]=0;
86 for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
87
88 /* test 1 and 2 */
89 sign=0;
90 nsign=0;
91 for (i=0; i<2500; i++)
92 {
93 j=buf[i];
94
95 n2[j&0x0f]++;
96 n2[(j>>4)&0x0f]++;
97
98 for (k=0; k<8; k++)
99 {
100 s=(j&0x01);
101 if (s == sign)
102 nsign++;
103 else
104 {
105 if (nsign > 34) nsign=34;
106 if (nsign != 0)
107 {
108 runs[sign][nsign-1]++;
109 if (nsign > 6)
110 runs[sign][5]++;
111 }
112 sign=s;
113 nsign=1;
114 }
115
116 if (s) n1++;
117 j>>=1;
118 }
119 }
120 if (nsign > 34) nsign=34;
121 if (nsign != 0) runs[sign][nsign-1]++;
122
123 /* test 1 */
124 if (!((9654 < n1) && (n1 < 10346)))
125 {
126 printf("test 1 failed, X=%lu\n",n1);
127 err++;
128 }
129 printf("test 1 done\n");
130
131 /* test 2 */
132 d=0;
133 for (i=0; i<16; i++)
134 d+=n2[i]*n2[i];
135 d=(d*8)/25-500000;
136 if (!((103 < d) && (d < 5740)))
137 {
138 printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
139 err++;
140 }
141 printf("test 2 done\n");
142
143 /* test 3 */
144 for (i=0; i<2; i++)
145 {
146 if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
147 {
148 printf("test 3 failed, bit=%d run=%d num=%lu\n",
149 i,1,runs[i][0]);
150 err++;
151 }
152 if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
153 {
154 printf("test 3 failed, bit=%d run=%d num=%lu\n",
155 i,2,runs[i][1]);
156 err++;
157 }
158 if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
159 {
160 printf("test 3 failed, bit=%d run=%d num=%lu\n",
161 i,3,runs[i][2]);
162 err++;
163 }
164 if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
165 {
166 printf("test 3 failed, bit=%d run=%d num=%lu\n",
167 i,4,runs[i][3]);
168 err++;
169 }
170 if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
171 {
172 printf("test 3 failed, bit=%d run=%d num=%lu\n",
173 i,5,runs[i][4]);
174 err++;
175 }
176 if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
177 {
178 printf("test 3 failed, bit=%d run=%d num=%lu\n",
179 i,6,runs[i][5]);
180 err++;
181 }
182 }
183 printf("test 3 done\n");
184
185 /* test 4 */
186 if (runs[0][33] != 0)
187 {
188 printf("test 4 failed, bit=%d run=%d num=%lu\n",
189 0,34,runs[0][33]);
190 err++;
191 }
192 if (runs[1][33] != 0)
193 {
194 printf("test 4 failed, bit=%d run=%d num=%lu\n",
195 1,34,runs[1][33]);
196 err++;
197 }
198 printf("test 4 done\n");
199 err:
200 err=((err)?1:0);
201 exit(err);
202 }
diff --git a/src/regress/lib/libcrypto/rc2/Makefile b/src/regress/lib/libcrypto/rc2/Makefile
new file mode 100644
index 0000000000..5681e0c923
--- /dev/null
+++ b/src/regress/lib/libcrypto/rc2/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= rc2test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rc2/rc2test.c b/src/regress/lib/libcrypto/rc2/rc2test.c
new file mode 100644
index 0000000000..80e1b3035f
--- /dev/null
+++ b/src/regress/lib/libcrypto/rc2/rc2test.c
@@ -0,0 +1,138 @@
1/* crypto/rc2/rc2test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
60 * RC2 modes, more of the code will be uncommented. */
61
62#include <stdio.h>
63#include <string.h>
64#include <stdlib.h>
65
66#include <openssl/rc2.h>
67
68static unsigned char RC2key[4][16]={
69 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
70 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
71 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
72 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
73 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
74 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
75 {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
76 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
77 };
78
79static unsigned char RC2plain[4][8]={
80 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
81 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
82 {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
83 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
84 };
85
86static unsigned char RC2cipher[4][8]={
87 {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
88 {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
89 {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
90 {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
91 };
92/************/
93
94int main(int argc, char *argv[])
95 {
96 int i,n,err=0;
97 RC2_KEY key;
98 unsigned char buf[8],buf2[8];
99
100 for (n=0; n<4; n++)
101 {
102 RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
103
104 RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
105 if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
106 {
107 printf("ecb rc2 error encrypting\n");
108 printf("got :");
109 for (i=0; i<8; i++)
110 printf("%02X ",buf[i]);
111 printf("\n");
112 printf("expected:");
113 for (i=0; i<8; i++)
114 printf("%02X ",RC2cipher[n][i]);
115 err=20;
116 printf("\n");
117 }
118
119 RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
120 if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
121 {
122 printf("ecb RC2 error decrypting\n");
123 printf("got :");
124 for (i=0; i<8; i++)
125 printf("%02X ",buf[i]);
126 printf("\n");
127 printf("expected:");
128 for (i=0; i<8; i++)
129 printf("%02X ",RC2plain[n][i]);
130 printf("\n");
131 err=3;
132 }
133 }
134
135 if (err == 0) printf("ecb RC2 ok\n");
136
137 exit(err);
138 }
diff --git a/src/regress/lib/libcrypto/rc4/Makefile b/src/regress/lib/libcrypto/rc4/Makefile
new file mode 100644
index 0000000000..0e6cf27b71
--- /dev/null
+++ b/src/regress/lib/libcrypto/rc4/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= rc4test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rc4/rc4test.c b/src/regress/lib/libcrypto/rc4/rc4test.c
new file mode 100644
index 0000000000..84cb167b36
--- /dev/null
+++ b/src/regress/lib/libcrypto/rc4/rc4test.c
@@ -0,0 +1,228 @@
1/* crypto/rc4/rc4test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/rc4.h>
64#include <openssl/sha.h>
65
66static unsigned char keys[7][30]={
67 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
68 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
69 {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
70 {4,0xef,0x01,0x23,0x45},
71 {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
72 {4,0xef,0x01,0x23,0x45},
73 };
74
75static unsigned char data_len[7]={8,8,8,20,28,10};
76static unsigned char data[7][30]={
77 {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
78 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
79 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
80 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
81 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
82 0x00,0x00,0x00,0x00,0xff},
83 {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
84 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
85 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
86 0x12,0x34,0x56,0x78,0xff},
87 {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
88 {0},
89 };
90
91static unsigned char output[7][30]={
92 {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
93 {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
94 {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
95 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
96 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
97 0x36,0xb6,0x78,0x58,0x00},
98 {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
99 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
100 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
101 0x40,0x01,0x1e,0xcf,0x00},
102 {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
103 {0},
104 };
105
106int main(int argc, char *argv[])
107 {
108 int i,err=0;
109 int j;
110 unsigned char *p;
111 RC4_KEY key;
112 unsigned char obuf[512];
113
114#if !defined(OPENSSL_PIC)
115 void OPENSSL_cpuid_setup(void);
116
117 OPENSSL_cpuid_setup();
118#endif
119
120 for (i=0; i<6; i++)
121 {
122 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
123 memset(obuf,0x00,sizeof(obuf));
124 RC4(&key,data_len[i],&(data[i][0]),obuf);
125 if (memcmp(obuf,output[i],data_len[i]+1) != 0)
126 {
127 printf("error calculating RC4\n");
128 printf("output:");
129 for (j=0; j<data_len[i]+1; j++)
130 printf(" %02x",obuf[j]);
131 printf("\n");
132 printf("expect:");
133 p= &(output[i][0]);
134 for (j=0; j<data_len[i]+1; j++)
135 printf(" %02x",*(p++));
136 printf("\n");
137 err++;
138 }
139 else
140 printf("test %d ok\n",i);
141 }
142 printf("test end processing ");
143 for (i=0; i<data_len[3]; i++)
144 {
145 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
146 memset(obuf,0x00,sizeof(obuf));
147 RC4(&key,i,&(data[3][0]),obuf);
148 if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
149 {
150 printf("error in RC4 length processing\n");
151 printf("output:");
152 for (j=0; j<i+1; j++)
153 printf(" %02x",obuf[j]);
154 printf("\n");
155 printf("expect:");
156 p= &(output[3][0]);
157 for (j=0; j<i; j++)
158 printf(" %02x",*(p++));
159 printf(" 00\n");
160 err++;
161 }
162 else
163 {
164 printf(".");
165 fflush(stdout);
166 }
167 }
168 printf("done\n");
169 printf("test multi-call ");
170 for (i=0; i<data_len[3]; i++)
171 {
172 RC4_set_key(&key,keys[3][0],&(keys[3][1]));
173 memset(obuf,0x00,sizeof(obuf));
174 RC4(&key,i,&(data[3][0]),obuf);
175 RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
176 if (memcmp(obuf,output[3],data_len[3]+1) != 0)
177 {
178 printf("error in RC4 multi-call processing\n");
179 printf("output:");
180 for (j=0; j<data_len[3]+1; j++)
181 printf(" %02x",obuf[j]);
182 printf("\n");
183 printf("expect:");
184 p= &(output[3][0]);
185 for (j=0; j<data_len[3]+1; j++)
186 printf(" %02x",*(p++));
187 err++;
188 }
189 else
190 {
191 printf(".");
192 fflush(stdout);
193 }
194 }
195 printf("done\n");
196 printf("bulk test ");
197 { unsigned char buf[513];
198 SHA_CTX c;
199 unsigned char md[SHA_DIGEST_LENGTH];
200 static unsigned char expected[]={
201 0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
202 0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
203
204 RC4_set_key(&key,keys[0][0],&(keys[3][1]));
205 memset(buf,'\0',sizeof(buf));
206 SHA1_Init(&c);
207 for (i=0;i<2571;i++) {
208 RC4(&key,sizeof(buf),buf,buf);
209 SHA1_Update(&c,buf,sizeof(buf));
210 }
211 SHA1_Final(md,&c);
212
213 if (memcmp(md,expected,sizeof(md))) {
214 printf("error in RC4 bulk test\n");
215 printf("output:");
216 for (j=0; j<(int)sizeof(md); j++)
217 printf(" %02x",md[j]);
218 printf("\n");
219 printf("expect:");
220 for (j=0; j<(int)sizeof(md); j++)
221 printf(" %02x",expected[j]);
222 printf("\n");
223 err++;
224 }
225 else printf("ok\n");
226 }
227 exit(err);
228 }
diff --git a/src/regress/lib/libcrypto/rmd/Makefile b/src/regress/lib/libcrypto/rmd/Makefile
new file mode 100644
index 0000000000..2100f99b38
--- /dev/null
+++ b/src/regress/lib/libcrypto/rmd/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= rmdtest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/rmd/rmdtest.c b/src/regress/lib/libcrypto/rmd/rmdtest.c
new file mode 100644
index 0000000000..1a488fb1c1
--- /dev/null
+++ b/src/regress/lib/libcrypto/rmd/rmdtest.c
@@ -0,0 +1,128 @@
1/* crypto/ripemd/rmdtest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/ripemd.h>
64#include <openssl/evp.h>
65
66static char *test[]={
67 "",
68 "a",
69 "abc",
70 "message digest",
71 "abcdefghijklmnopqrstuvwxyz",
72 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
73 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
74 "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
75 NULL,
76 };
77
78static char *ret[]={
79 "9c1185a5c5e9fc54612808977ee8f548b2258d31",
80 "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
81 "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
82 "5d0689ef49d2fae572b881b123a85ffa21595f36",
83 "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
84 "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
85 "b0e20b6e3116640286ed3a87a5713079b21f5189",
86 "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
87 };
88
89static char *pt(unsigned char *md);
90int main(int argc, char *argv[])
91 {
92 int i,err=0;
93 char **P,**R;
94 char *p;
95 unsigned char md[RIPEMD160_DIGEST_LENGTH];
96
97 P=test;
98 R=ret;
99 i=1;
100 while (*P != NULL)
101 {
102 EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
103 p=pt(md);
104 if (strcmp(p,(char *)*R) != 0)
105 {
106 printf("error calculating RIPEMD160 on '%s'\n",*P);
107 printf("got %s instead of %s\n",p,*R);
108 err++;
109 }
110 else
111 printf("test %d ok\n",i);
112 i++;
113 R++;
114 P++;
115 }
116 exit(err);
117 return(0);
118 }
119
120static char *pt(unsigned char *md)
121 {
122 int i;
123 static char buf[80];
124
125 for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
126 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
127 return(buf);
128 }
diff --git a/src/regress/lib/libcrypto/sha/Makefile b/src/regress/lib/libcrypto/sha/Makefile
new file mode 100644
index 0000000000..a6bdec61ea
--- /dev/null
+++ b/src/regress/lib/libcrypto/sha/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= shatest
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha/shatest.c b/src/regress/lib/libcrypto/sha/shatest.c
new file mode 100644
index 0000000000..d04e6ac6aa
--- /dev/null
+++ b/src/regress/lib/libcrypto/sha/shatest.c
@@ -0,0 +1,152 @@
1/* crypto/sha/shatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/sha.h>
65
66#define SHA_0 /* FIPS 180 */
67#undef SHA_1 /* FIPS 180-1 */
68
69static char *test[]={
70 "abc",
71 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
72 NULL,
73 };
74
75#ifdef SHA_0
76static char *ret[]={
77 "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
78 "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
79 };
80static char *bigret=
81 "3232affa48628a26653b5aaa44541fd90d690603";
82#endif
83#ifdef SHA_1
84static char *ret[]={
85 "a9993e364706816aba3e25717850c26c9cd0d89d",
86 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
87 };
88static char *bigret=
89 "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
90#endif
91
92static char *pt(unsigned char *md);
93int main(int argc, char *argv[])
94 {
95 int i,err=0;
96 char **P,**R;
97 static unsigned char buf[1000];
98 char *p,*r;
99 EVP_MD_CTX c;
100 unsigned char md[SHA_DIGEST_LENGTH];
101
102 EVP_MD_CTX_init(&c);
103 P=test;
104 R=ret;
105 i=1;
106 while (*P != NULL)
107 {
108 EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
109 p=pt(md);
110 if (strcmp(p,*R) != 0)
111 {
112 printf("error calculating SHA on '%s'\n",*P);
113 printf("got %s instead of %s\n",p,*R);
114 err++;
115 }
116 else
117 printf("test %d ok\n",i);
118 i++;
119 R++;
120 P++;
121 }
122
123 memset(buf,'a',1000);
124 EVP_DigestInit_ex(&c,EVP_sha(), NULL);
125 for (i=0; i<1000; i++)
126 EVP_DigestUpdate(&c,buf,1000);
127 EVP_DigestFinal_ex(&c,md,NULL);
128 p=pt(md);
129
130 r=bigret;
131 if (strcmp(p,r) != 0)
132 {
133 printf("error calculating SHA on '%s'\n",p);
134 printf("got %s instead of %s\n",p,r);
135 err++;
136 }
137 else
138 printf("test 3 ok\n");
139
140 EVP_MD_CTX_cleanup(&c);
141 exit(err);
142 }
143
144static char *pt(unsigned char *md)
145 {
146 int i;
147 static char buf[80];
148
149 for (i=0; i<SHA_DIGEST_LENGTH; i++)
150 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
151 return(buf);
152 }
diff --git a/src/regress/lib/libcrypto/sha1/Makefile b/src/regress/lib/libcrypto/sha1/Makefile
new file mode 100644
index 0000000000..8dfe4fcc8a
--- /dev/null
+++ b/src/regress/lib/libcrypto/sha1/Makefile
@@ -0,0 +1,7 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2014/04/15 18:01:17 miod Exp $
2
3PROG= sha1test
4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO}
6
7.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/sha1/sha1test.c b/src/regress/lib/libcrypto/sha1/sha1test.c
new file mode 100644
index 0000000000..4a18a31459
--- /dev/null
+++ b/src/regress/lib/libcrypto/sha1/sha1test.c
@@ -0,0 +1,152 @@
1/* crypto/sha/sha1test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include <openssl/evp.h>
64#include <openssl/sha.h>
65
66#undef SHA_0 /* FIPS 180 */
67#define SHA_1 /* FIPS 180-1 */
68
69static char *test[]={
70 "abc",
71 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
72 NULL,
73 };
74
75#ifdef SHA_0
76static char *ret[]={
77 "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
78 "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
79 };
80static char *bigret=
81 "3232affa48628a26653b5aaa44541fd90d690603";
82#endif
83#ifdef SHA_1
84static char *ret[]={
85 "a9993e364706816aba3e25717850c26c9cd0d89d",
86 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
87 };
88static char *bigret=
89 "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
90#endif
91
92static char *pt(unsigned char *md);
93int main(int argc, char *argv[])
94 {
95 int i,err=0;
96 char **P,**R;
97 static unsigned char buf[1000];
98 char *p,*r;
99 EVP_MD_CTX c;
100 unsigned char md[SHA_DIGEST_LENGTH];
101
102 EVP_MD_CTX_init(&c);
103 P=test;
104 R=ret;
105 i=1;
106 while (*P != NULL)
107 {
108 EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
109 p=pt(md);
110 if (strcmp(p,(char *)*R) != 0)
111 {
112 printf("error calculating SHA1 on '%s'\n",*P);
113 printf("got %s instead of %s\n",p,*R);
114 err++;
115 }
116 else
117 printf("test %d ok\n",i);
118 i++;
119 R++;
120 P++;
121 }
122
123 memset(buf,'a',1000);
124 EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
125 for (i=0; i<1000; i++)
126 EVP_DigestUpdate(&c,buf,1000);
127 EVP_DigestFinal_ex(&c,md,NULL);
128 p=pt(md);
129
130 r=bigret;
131 if (strcmp(p,r) != 0)
132 {
133 printf("error calculating SHA1 on 'a' * 1000\n");
134 printf("got %s instead of %s\n",p,r);
135 err++;
136 }
137 else
138 printf("test 3 ok\n");
139
140 EVP_MD_CTX_cleanup(&c);
141 exit(err);
142 }
143
144static char *pt(unsigned char *md)
145 {
146 int i;
147 static char buf[80];
148
149 for (i=0; i<SHA_DIGEST_LENGTH; i++)
150 snprintf(buf + i*2, sizeof(buf) - i*2, "%02x",md[i]);
151 return(buf);
152 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 16:26:43 +0000