diff options
100 files changed, 9162 insertions, 1779 deletions
diff --git a/c5/GNUmakefile b/c5/GNUmakefile index 32226e2..942f7bd 100644 --- a/c5/GNUmakefile +++ b/c5/GNUmakefile @@ -1,6 +1,9 @@ # can't use -fno-rtti yet because it causes problems with exception handling in GCC 2.95.2 CXXFLAGS = -g -# uncomment the next two lines to do a release build +# Uncomment the next two lines to do a release build. +# Note that you must define NDEBUG for your own application if you define it for Crypto++. +# Also, make sure you run the validation tests and test your own program thoroughly +# after turning on -O2. The GCC optimizer may have bugs that cause it to generate incorrect code. # CXXFLAGS = -O2 -DNDEBUG -ffunction-sections -fdata-sections # LDFLAGS = -Wl,--gc-sections ARFLAGS = -cr # ar needs the dash on OpenBSD @@ -13,13 +16,21 @@ else CXXFLAGS += -pipe endif -ifeq ($(UNAME),Darwin) # -fpic conflicts with inline asm in integer.cpp on i386 +ifeq ($(UNAME),Darwin) +AR = libtool +ARFLAGS = -static -o +CXXFLAGS += -D__pic__ +IS_GCC2 = $(shell c++ -v 2>&1 | grep -c gcc-932) +ifeq ($(IS_GCC2),1) +CXXFLAGS += -fno-coalesce-templates -fno-coalesce-static-vtables CXX = c++ -CXXFLAGS += -fno-pic +LDLIBS += -lstdc++ +LDFLAGS += -flat_namespace -undefined suppress -m +endif endif ifeq ($(UNAME),SunOS) -LDLIBS = -lnsl -lsocket +LDLIBS += -lnsl -lsocket endif ifeq ($(CXX),gcc) # for some reason CXX is gcc on cygwin 1.1.4 @@ -27,14 +38,13 @@ CXX = g++ endif SRCS = $(wildcard *.cpp) - ifeq ($(SRCS),) # workaround wildcard function bug in GNU Make 3.77 SRCS = $(shell ls *.cpp) endif OBJS = $(SRCS:.cpp=.o) # test.o needs to be after bench.o for cygwin 1.1.4 (possible ld bug?) -TESTOBJS = bench.o test.o validat1.o validat2.o validat3.o +TESTOBJS = bench.o test.o validat1.o validat2.o validat3.o adhoc.o datatest.o regtest.o LIBOBJS = $(filter-out $(TESTOBJS),$(OBJS)) all: cryptest.exe @@ -52,6 +62,13 @@ cryptest.exe: libcryptopp.a $(TESTOBJS) nolib: $(OBJS) # makes it faster to test changes $(CXX) -o ct $(CXXFLAGS) $(OBJS) $(LDFLAGS) $(LDLIBS) +adhoc.cpp: adhoc.cpp.proto +ifeq ($(wildcard adhoc.cpp),) + cp adhoc.cpp.proto adhoc.cpp +else + touch adhoc.cpp +endif + .SUFFIXES: .cpp .cpp.o: diff --git a/c5/License.txt b/c5/License.txt index a848c33..2a8ec4e 100644 --- a/c5/License.txt +++ b/c5/License.txt @@ -1,12 +1,12 @@ -Compilation Copyright (c) 1995-2002 by Wei Dai. All rights reserved. +Compilation Copyright (c) 1995-2003 by Wei Dai. All rights reserved. This copyright applies only to this software distribution package as a compilation, and does not imply a copyright on any particular file in the package. -The following files are copyrighted by their respective original authors: +The following files are copyrighted by their respective original authors, +and their use is subject to additional licenses included in these files. mars.cpp - Copyright 1998 Brian Gladman. -serpent.cpp - Copyright 1998, 1999 Brian Gladman and Sam Simpson. All other files in this compilation are placed in the public domain by Wei Dai and other contributors. @@ -18,7 +18,7 @@ Joan Daemen - 3way.cpp Leonard Janke - cast.cpp, seal.cpp Steve Reid - cast.cpp Phil Karn - des.cpp -Michael Paul Johnson - diamond.cpp, sapphire.cpp +Michael Paul Johnson - diamond.cpp Andrew M. Kuchling - md2.cpp, md4.cpp Colin Plumb - md5.cpp, md5mac.cpp Seal Woods - rc6.cpp diff --git a/c5/Readme.txt b/c5/Readme.txt index 37f5327..d9ca490 100644 --- a/c5/Readme.txt +++ b/c5/Readme.txt @@ -1,5 +1,5 @@ Crypto++: a C++ Class Library of Cryptographic Primitives -Version 5.0 9/11/2002 +Version 5.1 3/20/2003 This library includes: @@ -11,8 +11,7 @@ This library includes: 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack - generic block cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter (CTR) mode -- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, Sapphire II, - BlumBlumShub +- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub - public key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN - padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSSR, IEEE @@ -59,28 +58,26 @@ and build the "cryptest" project. This will compile Crypto++ as a static library and also build the test driver. Run the test driver and make sure the validation suite passes. Then to use the library simply insert the "cryptlib.dsp" project file into your own application workspace as a -dependent project. You may need to check the compiler options to make sure +dependent project. You should check the compiler options to make sure that the library and your application are using the same C++ run-time -libraries. +libraries and calling conventions. A makefile is included for you to compile Crypto++ with GCC. Make sure you are using GNU Make and GNU ld. The make process will produce two files, libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation suite. -Crypto++ is documented mostly through comments in header files. If you are -not familiar with cryptography, I suggest that you read an introductory -text (such as Bruce Schneier's _Applied Cryptography_) before attempting -to use this library. Then, you should start by looking at -cryptlib.h, which contains the main abstract base classes and their -descriptions, and test.cpp, which contains sample/test code. There -should also be a link on http://www.cryptopp.com to an HTML reference -manual generated from the inline documentation. +Crypto++ is documented through inline comments in header files, which are +processed through Doxygen to produce an HTML reference manual. You can find +a link to the manual from http://www.cryptopp.com. Also at that site is +the Crypto++ FAQ, which you should browse through before attempting to +use this library, because it will likely answer many of questions that +may come up. If you run into any problems, please try the Crypto++ mailing list. The subscription information and the list archive are available on http://www.cryptopp.com. You can also email me directly at -weidai@eskimo.com, but you will probably get a faster response through +cryptopp@weidai.com, but you will probably get a faster response through the mailing list. Finally, a couple of usage notes to keep in mind: @@ -236,8 +233,23 @@ History AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption - where possible, typedefs have been added to improve backwards compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined - - changed HAVAL and IDEA to use public domain code + - changed Serpent, HAVAL and IDEA to use public domain code - implemented SSE2 optimizations for Integer operations - - is being evaluated for FIPS 140-2 compliance - fixed a bug in HMAC::TruncatedFinal() - fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02 + +5.01 (special FIPS 140-2 release, in development) + - added known answer test for X9.17 RNG in FIPS 140 power-up self test + - is being evaluated for FIPS 140-2 compliance + +5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard + - added blinding for RSA and Rabin to defend against timing attacks + on decryption operations + - changed signing and decryption APIs to support the above + - changed WaitObjectContainer to allow waiting for more than 64 + objects at a time on Win32 platforms + - fixed a bug in CBC and ECB modes with processing non-aligned data + - fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2 + signature scheme (these fixes are not backwards compatible) + - fixed a number of compiler warnings, minor bugs, and portability problems + - removed Sapphire diff --git a/c5/TestVectors/Readme.txt b/c5/TestVectors/Readme.txt new file mode 100644 index 0000000..664d972 --- /dev/null +++ b/c5/TestVectors/Readme.txt @@ -0,0 +1,71 @@ +Test Data Format + +A test data file is an ASCII text file composed of sections separated by +blank lines. Each section is stand-alone and independent of other +sections that may be in the same file, and contains one or more tests. + +A section is composed of a sequence of fields. Each field is one or more +lines composed of a field name, followed by a colon (":"), followed by a +field body. All but the last line of a field must end with a backslash +("\"). If any line contains a hash mark ("#"), the hash mark and +everything after it on the same line is not considered part of the field +body. + +Each section must contain fields named AlgorithmType, Name, Source, and +Test. The presence and semantics of other fields depend on the algorithm +being tested and the tests to be run. + +Each section may contain more than one test and therefore more than one +field named Test. In that case the order of the fields is significant. A +test should always use the last field with any given name that occurs +before the Test field. + +Data Types + +int - small integer (less than 2^32) in decimal representation +string - human readable string +encoded string - can be one of the following + - quoted string: "message" means "message" without the quotes + or terminating '\0' + - hex encoded string: 0x74657374 or 74657374 means "test" + - repeated string: r100 "message" to repeat "message" 100 times, or + r256 0x0011 to repeat 0x0011 256 times + +Field Types + +AlgorithmType - string, for example "Signature", "AsymmetricCipher", +"SymmetricCipher", "MAC", "MessageDigest", or "KeyFactory" +Name - string, an algorithm name from SCAN +Test - string, identifies the test to run +Source - string, text explaining where the test data came from +Comment - string, other comments about the test data +KeyFormat - string, specifies the key format. "Component" here means +each component of the key or key pair is specified separately as a name, +value pair, with the names depending on the algorithm being tested. +Otherwise the value names "Key", or "PublicKey" and "PrivateKey" are +used. +Key - encoded string +PublicKey - encoded string +PrivateKey - encoded string +Message - encoded string, message to be signed or verified +Signature - encoded string, signature to be verified or compared +with +Plaintext - encoded string +Ciphertext - encoded string +Digest - encoded string +TruncatedSize - int, size of truncated digest in bytes +(more to come here) + +Possible Tests + +KeyPairValidAndConsistent - public and private keys are both valid and +consistent with each other +PublicKeyInvalid - public key validation should not pass +PrivateKeyInvalid - private key validation should not pass +Verify - signature/digest/MAC verification should pass +VerifyTruncated - truncated digest/MAC verification should pass +NotVerify - signature/digest/MAC verification should not pass +DeterministicSign - sign message using given seed, and the resulting +signature should be equal to the given signature +DecryptMatch - ciphertext decrypts to plaintext +(more to come here) diff --git a/c5/TestVectors/all.txt b/c5/TestVectors/all.txt new file mode 100644 index 0000000..a9749c6 --- /dev/null +++ b/c5/TestVectors/all.txt @@ -0,0 +1,13 @@ +AlgorithmType: FileList +Name: all.txt collection +Test: dlies.txt +Test: dsa.txt +Test: dsa_1363.txt +Test: esign.txt +Test: hmac.txt +Test: nr.txt +Test: rsa_oaep.txt +Test: rsa_pkcs1_1_5.txt +Test: rsa_pss.txt +Test: rw.txt +Test: sha.txt diff --git a/c5/TestVectors/dlies.txt b/c5/TestVectors/dlies.txt new file mode 100644 index 0000000..aa71155 --- /dev/null +++ b/c5/TestVectors/dlies.txt @@ -0,0 +1,542 @@ +AlgorithmType: AsymmetricCipher +Name: DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES) +Source: generated by Wei Dai using Crypto++ 5.1 +Comment: keys are encoded as DSA keys, with OID id-dsa +KeyFormat: DER +Comment: 1024-bit DLIES key +PrivateKey: \ + 308201370201003082011706072a8648ce3804013082010a02818100ba3ed941\ + 10332be99b77a345da72a33146ca960498a6fc2e0e207fdeaadf69c3e5650df7\ + 3255475854900b75af7f6aac021de687a1c166ecb2ab6ec6b9da82ad4fb0f48a\ + 966a2b968406e18ba50947d7ee3bb1f13511cb4dde191f0ade1933d089c5e82a\ + b8d283943d85ef0102e173abf2635aeac2f84cfc9ec6c4e8f3fbc4130281805d\ + 1f6ca0881995f4cdbbd1a2ed395198a3654b024c537e1707103fef556fb4e1f2\ + b286fb992aa3ac2a4805bad7bfb556010ef343d0e0b3765955b7635ced4156a7\ + d87a454b3515cb420370c5d284a3ebf71dd8f89a88e5a6ef0c8f856f0c99e844\ + e2f4155c6941ca1ec2f7808170b9d5f931ad75617c267e4f63627479fde20902\ + 01030417021501fdc788cd93f07dba3af2de42ae5aa3ede219919d +PublicKey: \ + 308201a23082011706072a8648ce3804013082010a02818100ba3ed94110332b\ + e99b77a345da72a33146ca960498a6fc2e0e207fdeaadf69c3e5650df7325547\ + 5854900b75af7f6aac021de687a1c166ecb2ab6ec6b9da82ad4fb0f48a966a2b\ + 968406e18ba50947d7ee3bb1f13511cb4dde191f0ade1933d089c5e82ab8d283\ + 943d85ef0102e173abf2635aeac2f84cfc9ec6c4e8f3fbc4130281805d1f6ca0\ + 881995f4cdbbd1a2ed395198a3654b024c537e1707103fef556fb4e1f2b286fb\ + 992aa3ac2a4805bad7bfb556010ef343d0e0b3765955b7635ced4156a7d87a45\ + 4b3515cb420370c5d284a3ebf71dd8f89a88e5a6ef0c8f856f0c99e844e2f415\ + 5c6941ca1ec2f7808170b9d5f931ad75617c267e4f63627479fde20902010303\ + 81840002818029eaa5b193357c200e0d42f374d4c003c633c77f4778fe40ad0b\ + d035b87ae5da4e74110ec2b15eefe1bd8b9357534c85328382946d314e15b79f\ + 7b854227012dfaac9bd862e73a5630e01327b36319765a3eb1434e108ef6421c\ + 659e3f9223966759611429b3c86ed9937563efbfad8bfedcfa92db3d7d2157fe\ + 2c8a33f08636 +Test: KeyPairValidAndConsistent +Plaintext: 76 +Ciphertext: B11D906CC5A8E71CA8962A8CC0AC4CAFF2DA00DC130C370F42D11FCF5C37DE046EBC07C7D457CA351CE456A043695D14ED055ADAD2B58BE0DF992685EF8B0D21597A43D7B3D9634A077CB70C4590CD73C20FAAACBC5649413EECA0C7B3CBF469E531299398F61496C51FE9FFE48AE9FE6034F104EFC562DE9529C776B86ADD4025AD6B0C3687B012F92C7B9E82F794E4FBE247D644 +Test: DecryptMatch +Plaintext: 89338CE80AFB62E9577A310E40311BB3F77F +Ciphertext: 8A33B0E212DB8155CA796B472F55CD77267C9106229B6055141EA3AAAE42AD27249D90E70F892B0CDC80D29D3D586A5CA6FE67D4BB44C58B03496708F80681125DCEF983B7453B1E4F927438BD2E3E506C1951E9F19BA70F9B687012440CD75C0BB78BDCFAB22AF535D3E2670ABD1F4D44ED95F3360536612B1A7DF35E2A88F66BD6E8C813EB9DC89D93A85C9A0BA13E4862B91171B681E64A0750197C6467B22566BC640E11 +Test: DecryptMatch +Plaintext: 0835455ABD53E6FB11ED9B0C00485D3C6845DB +Ciphertext: A81181517BD270B0D921AF735052898932008DF00D501EDE0D2D564871D61A6A837776E8D7C7F9B0E5F9181C1FC68BC430F30ABB1A64D62B444C0AC5AAE588B4481AEF08B38E466155F10CA04C8202F281186016AE35212A2C7815A22DB2750ABD526D285BDBC598672BFB52E95CE33A0D3E5DCF4CF5F46224CFBB85297F3AB170C8B9478994E32D9A21A452B095D3D902E92C7E444A3307FDD7256FE49341142E5FF7A616475A +Test: DecryptMatch +Plaintext: 1EBED48EC47B6987091C52BC +Ciphertext: 1DF446FF43AAAAAC8E3F7D70C912E2D45AB832BCA3D0FBD17AF864B9EA878C45B9E2902804171A739A0552BB7CE0CD46DC16343714CC9C2E71AE26304885EEEB242665814DD9E33C480ABA214755D5449F16CD8870D1AB3A8E64E45E463AB3F4D3031FA3ECD395B61B372602665FCF218D9C51E8C791FA1E5BCC2916EFBB482E1814632CDF0F1852EE4943D9652DAA4E1F3B22F17F57F51D52A0997BED5B04ED +Test: DecryptMatch +Plaintext: 65D8 +Ciphertext: 4385797FD38AD5DFBB4F613BC87637B0051501E57699A5880E235DB7A6994A04A1613D0C8E07E36AFD08F2E47D018951B22E7625DA647AA1A0791DB3B2FA794610892D9A3D3F173CF95277B4B1EB92579A229510B67E171CB5BBA8B3AA732047BA038816A30124AF1C4C57CA80E93AACCC8EC70BCF7867914E7DE2C403568F9778F8DBEAF08FDB9F48452054C9735DC84F012DF8FE17 +Test: DecryptMatch +Plaintext: F86D8ED91E9934125DA6E9B4E97545C83A +Ciphertext: 13B0AE03AB532D5E31C9384B4E726A9AC73583CFBB0643EC322E3D2D45D9358CAF745B0541C136E8AA2220C42CEC9E1ED174886475538732AA6D6417DA89FA411AEDEADCD9F15D25D27D0AE252F77E888470AE696D5805CE8CCCB40B45D4AA835E97C7BF2CD6A2B4FEC6FCF858606CE4695DCE998C518360068ED028FC882478BF96096D92C166899EB51778BC4B7DA1BA8C4B6CEBA1139F17CEE484EA104A0325420A3D56 +Test: DecryptMatch +Comment: 1025-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b028181015dd79808\ + 07a15e557e3a39466eb2987828c536a871d4fc7f3723d52f8145a0d10d996295\ + 64aca54fd567c0509ef3c428fac68d916551e77a5ca0ed6d9f12cc96262b1f11\ + 49f398ef9f0f17fc0ed92bb917f890d1e6a4f62b91a7978d0aa1bf53b89805c1\ + 06ebebd0924cb99a4168a38dad65238236d4d166d38a3dfd5359ec5f02818100\ + aeebcc0403d0af2abf1d1ca337594c3c14629b5438ea7e3f9b91ea97c0a2d068\ + 86ccb14ab25652a7eab3e0284f79e2147d6346c8b2a8f3bd2e5076b6cf89664b\ + 13158f88a4f9cc77cf878bfe076c95dc8bfc4868f3527b15c8d3cbc68550dfa9\ + dc4c02e08375f5e849265ccd20b451c6d6b291c11b6a68b369c51efea9acf62f\ + 020102041702150f514282f489098f1df0c7be02ccbb3f23bed00376 +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b028181015dd7980807a15e\ + 557e3a39466eb2987828c536a871d4fc7f3723d52f8145a0d10d99629564aca5\ + 4fd567c0509ef3c428fac68d916551e77a5ca0ed6d9f12cc96262b1f1149f398\ + ef9f0f17fc0ed92bb917f890d1e6a4f62b91a7978d0aa1bf53b89805c106ebeb\ + d0924cb99a4168a38dad65238236d4d166d38a3dfd5359ec5f02818100aeebcc\ + 0403d0af2abf1d1ca337594c3c14629b5438ea7e3f9b91ea97c0a2d06886ccb1\ + 4ab25652a7eab3e0284f79e2147d6346c8b2a8f3bd2e5076b6cf89664b13158f\ + 88a4f9cc77cf878bfe076c95dc8bfc4868f3527b15c8d3cbc68550dfa9dc4c02\ + e08375f5e849265ccd20b451c6d6b291c11b6a68b369c51efea9acf62f020102\ + 038185000281810107143658b98a3725010d3631a3f4f7448cb967ac0118e4ca\ + 8fc8871eb4fb872d55c52d93a4f21eed98b6499db74315956a268f38a288958b\ + f7c4d548662c668669d69375e0cb710ff3a1a9f43e49add1f7ae58b836b6444e\ + 419e40474c27066cb03aae8132e65f3fead0109307ab1c7f0254eb14e9d76639\ + 1a66ca1ba442b425 +Test: KeyPairValidAndConsistent +Plaintext: 256F07E0D37D69BE542BD17FA98CE4CFC3DA849B +Ciphertext: 01269CE30DE12430904CEC9D8B91A6D8860B4F8D37FCE7DBDCE8FA18AC521684F4C1CD5C38BF3B42C259033CD36A53F0376A0CDD801979CF1B76ADD72AFDD27830BD85B373C4D451B84926ABA34012EB98331F0B81CCF8E801ACCDEE88A35DF60EFADABA1F395250A15463203FDCCEDAB7DD6CD1271B38A5E0946F8D189B225E8A307D198AC5E4EB33BCF26A02C0C602AA14592AEA01452E4F8AE46E7A032BABD1BA8ACB0919F2EA18 +Test: DecryptMatch +Plaintext: A992 +Ciphertext: 007822B0BDF45CC5B15102B5E21F7656C8896E98FAD6C2AF6CD55D0DB90B7A6B05E36D260C7A5C070526813290BCA722959B9B9BF00041B4B7F3E3EAFA9B5376A1E02944EDA55B99202601AE6D402D56617B56B28BAC1B405016053CDC78AB4D372B0D58E7380D50F1CD0E31B8CB77FD2F6BA3E7A436A5B35552B9974EA5AB30AC0C4989E34F5FD7D272417FF2094B97119BEB2C73C68B +Test: DecryptMatch +Plaintext: 1D20C118C894EFDC67DAC33E56179C5D262C83 +Ciphertext: 001587AFEC265C244875371B680521FF93F0B1196901A7D580785B62A257B1736C86D1D9E59A31E62F53B92B209B45A7952776C6AC839243B0BBF3A059E6CEE99B120BBD45922B4E813DDE0F5793A42B3AF2DDDAA357136A010519D884589A1F9912110020A8C16E9B91C753EB8842B3224FE9C9A22AE2B82251CFF7799E78885B0B67B27DAAC6A7B58013C31115C2B8C0C0176BC2A7B96A299CC75693B4F2138B2B4053CB5320D5 +Test: DecryptMatch +Plaintext: 83BC82A4F7A4DFC96CD7798BAC52254CD6E9 +Ciphertext: 0085E83465997BFED9CAE63B04B0419578D0BD85B1A65285E5537F4367E5E7E11DD8762BD3335916A13B8CF9D5BC651E762458E9879363B06748BEA0CA86D32CBC4F1B0C0BF67E616B872A64F7356241CD052944F6594A570522EF2BCC53D90E3326D2ECFA036C46256D9B678C93BE5877749AF8FF8FEDB6E1E17B67C7B6C6098D0C71D5B2AB503AFD7739ABCC8DE67DAC056AFE99D8A107230BA88C282FB8FD46E9E9E2C6874A +Test: DecryptMatch +Plaintext: 157597899A950A32 +Ciphertext: 013623199FFDD0D4689A4C50A9FEA3C2250D0C73F209F33BF3EF13E6035976D6F3EAFBA3D83A3862E4B6DFC7581EA43B62F49BC85392B7EAB854F92DA8DD5921A6A4C42777E89004EB7E6D479BD028F758171C324168DC0814369C6BCD8471D9620C4E9BED785A220EF9C0DCF1201311A16C51341E0551043C6EAB45E04A81C9280633F58621D8D3492864FFF6A39EDC48450ABFE0C7AABAEB9A86CFFD +Test: DecryptMatch +Plaintext: CDE651 +Ciphertext: 0040308CCDAB105426597D84A64665200A93208713004DB38594C490F7B85F08ADB67BBE47B7FB7BBDA435A6B6A2CA0B4CBE0FDCBD4FF078FD052213CBCAA4580D1C7962A3505DAA9BEA2957718AB36D061E61B9DEB3D7DD726975C6E7FD79AADBF649F5ABE51AC384E967D3CDAFD9EAA18EEB69774961E439F54844FA22DA1B6892E86471DAE6F7E74CACC944123234826621C7634AE34E +Test: DecryptMatch +Comment: 1026-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b028181031e7d8589\ + b9fa11e77204b8c1b27ad66b39863978d26912a65de306dcb32a0c7c96bb431d\ + c4a14204a8f01a65b0fe56a4d016716914c21576f10d63dac5f49287636519ac\ + f9be56c9f58eeb90ba3240d4cce26f647bfd86360cf0f6b8ff609ae2ef736558\ + 155a1498adf4e92dc90f34169123a5fcd8ddfc763c81658a4d08383702818101\ + 8f3ec2c4dcfd08f3b9025c60d93d6b359cc31cbc693489532ef1836e5995063e\ + 4b5da18ee250a10254780d32d87f2b52680b38b48a610abb7886b1ed62fa4943\ + b1b28cd67cdf2b64fac775c85d19206a667137b23dfec31b06787b5c7fb04d71\ + 77b9b2ac0aad0a4c56fa7496e4879a0b4891d2fe6c6efe3b1e40b2c526841c1b\ + 020102041702151fa3003b00efad22ecc26c5115e6d036d13d3b2f7e +PublicKey: \ + 308201a33082011806072a8648ce3804013082010b028181031e7d8589b9fa11\ + e77204b8c1b27ad66b39863978d26912a65de306dcb32a0c7c96bb431dc4a142\ + 04a8f01a65b0fe56a4d016716914c21576f10d63dac5f49287636519acf9be56\ + c9f58eeb90ba3240d4cce26f647bfd86360cf0f6b8ff609ae2ef736558155a14\ + 98adf4e92dc90f34169123a5fcd8ddfc763c81658a4d083837028181018f3ec2\ + c4dcfd08f3b9025c60d93d6b359cc31cbc693489532ef1836e5995063e4b5da1\ + 8ee250a10254780d32d87f2b52680b38b48a610abb7886b1ed62fa4943b1b28c\ + d67cdf2b64fac775c85d19206a667137b23dfec31b06787b5c7fb04d7177b9b2\ + ac0aad0a4c56fa7496e4879a0b4891d2fe6c6efe3b1e40b2c526841c1b020102\ + 038184000281802c6360e6e3eba6da6efb5bce8d07a99e42949b68b3c2900583\ + c2eb34498081c7212d8dc95a631d63edeafc625f8faf063e57b41d7b662ba9c1\ + a99b3f2506fdf5e59116a0e93e7e94aab55691abae75eaac9637a713949360a4\ + 5f6908f23ba5503d4760bcd6f7abceb8351a66bb14fae05f03b1494e7ef4154c\ + 99a9cb6a9bfe12 +Test: KeyPairValidAndConsistent +Plaintext: DEC85711F12C0D1D6C26797E91B0F39B37 +Ciphertext: 0215D75DD99B8A59DEA3FBA9B0F8A621EFFBFD831E9543749B04B495147CE9B56D519EE71BDF56D86FD1D9C1AE8BC1D7F29DC469A05221E4A31C726971731CF627E63FAB269FC92DEDDFF3319819373F299D55F4CABE08DADF29A7C60E9B4E2806899371B93A853F828EC4312D94CFDADFDEF2037D9C1FCE21A3E451006AC542E1BC36D3C33AEAC0D1666C26AA886F4C118836EDCA7C5A428E407C4ACD62A885C03202230FA6 +Test: DecryptMatch +Plaintext: 0E665CD2CF75C2E6E24908448F29E9A198EF +Ciphertext: 00A4583FF3A9451C6F8970E53D95EC74F41F709F5156B4FC9C698B1E43C7B5F3230D5417AED2C7447455009CE8381A30BE400EC15BBB1D7BCB9461E593D416421157541479FE1DCEAAE635728C68C58D260337A25D0CF9FA291D84E9E1DF4FF96822CA1F05CDD247AD14E5AFB231A0AF0F2E79FB9A0528CA2FE9431724C0AC9F0A2ABCED9A20EC1203DE2A835D90EA5FB1447EC722456B6F4C75D0645CEC5BECCE35B79FF3071A +Test: DecryptMatch +Plaintext: BE2A +Ciphertext: 02823CB4ABD598FC5D36300306460886BBECFAE6F56E02708A96EFB27EF7E3D8F08442FC819EAB1DC35CC70A074984A149F209EB285C6064DDDBC7781CEF7358F384D592BFC75D346A6D97D8524CB35060A35E3B3145199F4968677FA22BB468DBFF63E3E366D778B3042D5858699D9FE5D6F53D0CB084E107111B572AE9B933B94FF37F2681DC50CDED2714668375DA90787CF0144F1B +Test: DecryptMatch +Plaintext: 20D57B7E074BFFF8F54AF3E69C9B632253B3B5C0 +Ciphertext: 00D18C24BF39CD527455737B4B214BADDE99B070181C1E4729CC7B6EAC82298417FFAE7BDA1F41A7D74D6969BF9CAF3A7F9EC9397DB75F5E53D0282F793D601A28E8B3CA8730CD9D7A0ABA338E2DB3EB5314321EEBA2F16C8072DA6AD9A887AA5AED0EC5EF3DC7E5726626511F8F23B0BA4D83BA358DF0951B07399C7515349E3DE2938D2AA53AB11A4D1C07213E091CD3FB6453AF7DFB6799D45DA44B060F7BF5ACA5A25B3892BBB6 +Test: DecryptMatch +Plaintext: CC47935F7976 +Ciphertext: 02366250DE032B147BCEABCB576ED39F4993251D25010FAEEB41BDDA4301B890063247EEDC041539488E70B977091BF581033EE6EF75C224C8046EE3E7D2330383A30BA07FF33D10F07FF6E1EE20FA4D112CAB1BF457B50DC301DE5C6DBFACE227903379A41DC4D92517A547968D3F147D6435C3DF6A3D0D13635360716CBAC322EBD295593865C3A117050059FBEC83D112C5C3727377EBA7778A +Test: DecryptMatch +Plaintext: 3A370FAFD82869FEC40117 +Ciphertext: 026AE53843D3EFE36D8E52D9FD55DC6F0A0F51584BF81529914DAB6E380A6C9716828A7254307440B6A0CD16BF0D9D713939AE7F6C4D82D5AA70F33C9531E4071B9CB415C7622A23DBF4C81820BE04272874549F081B57D40B27BC1879BF134A2CF5D15203D326F9F97BCAC8606082A50A755CAE6FE2B72060EB1E0B72EF5AFAE8A823B3F0F91877C931CA64A06F3888DD4E2C823B3FCF529407255BE2AAD36A +Test: DecryptMatch +Comment: 1027-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b028181072c45d24e\ + de76df2a03270413d8ab37645c8d6301ea76bb6cedea97142df7aa422b83043f\ + 8cfd8874dd684f47138433f5832c83c8c811d3c6d477b088006381ffb066402c\ + 951670f1927b1b67883451202f456bdb975d8bb2cde9b43c178ecfe788a0a0ab\ + df2cbfc700fbb97ef71e52221bc054fbd3cf8c04175e4841a45b89cf02818103\ + 9622e9276f3b6f9501938209ec559bb22e46b180f53b5db676f54b8a16fbd521\ + 15c1821fc67ec43a6eb427a389c219fac19641e46408e9e36a3bd8440031c0ff\ + d83320164a8b3878c93d8db3c41a289017a2b5edcbaec5d966f4da1e0bc767f3\ + c4505055ef965fe3807ddcbf7b8f29110de02a7de9e7c6020baf2420d22dc4e7\ + 0201020417021506533f6f0886a8a44137598adb93aeee548c9af303 +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b028181072c45d24ede76df\ + 2a03270413d8ab37645c8d6301ea76bb6cedea97142df7aa422b83043f8cfd88\ + 74dd684f47138433f5832c83c8c811d3c6d477b088006381ffb066402c951670\ + f1927b1b67883451202f456bdb975d8bb2cde9b43c178ecfe788a0a0abdf2cbf\ + c700fbb97ef71e52221bc054fbd3cf8c04175e4841a45b89cf028181039622e9\ + 276f3b6f9501938209ec559bb22e46b180f53b5db676f54b8a16fbd52115c182\ + 1fc67ec43a6eb427a389c219fac19641e46408e9e36a3bd8440031c0ffd83320\ + 164a8b3878c93d8db3c41a289017a2b5edcbaec5d966f4da1e0bc767f3c45050\ + 55ef965fe3807ddcbf7b8f29110de02a7de9e7c6020baf2420d22dc4e7020102\ + 03818500028181056bf5dcced97da0ddd23c1f1294f97431e323f9719fc9bed6\ + 352d08a88ceb13a06b559b8ef7dc04c5a04a761a9631aa1000f32f885fb0de56\ + 505524ae89462079631f438284c8e5225c021d7731087ec0aad11aba9bba95de\ + 03f5c99ac228861a3ee6a7b47617cec687a58255321694b923e63ed247e65ff1\ + 4c279bec5282bc1b +Test: KeyPairValidAndConsistent +Plaintext: D391B4F3B53EB9B035C3AB1E3C6E +Ciphertext: 05D90F9892F6DD3DC3654130CAA312D2287D9E57607C301BE58607BB19FC78D67F2082C907FACA819A0D946AD16B46FE1E7264BE7D25D4EAB4F80D136E89EE7BC53B65CC1692581E3ABFA3C15482A6FEEB607AD1765897E67BCEDAED0E03FDE18E05330A99BEBB8710C77E7735CBB747EB507FE1EC04F239E964B509A4FEE8463478E28BF5338AE016DED9FE6B2DDBD3FDE467C45F0FA619E039FEF085D2F1544EA3CD +Test: DecryptMatch +Plaintext: 28 +Ciphertext: 066BBCB2D9E474A2C6CD514663BDA7AECA1F79136A00C1F9BDBAEDE344872093E67102307C96BF824999D86543121CC3D99B5CC4B511153A42E8A1569D063C27788E105858AF8EEB0766FAD9E0EDEFAEFFC733BE6824644CEE03AEE5FF15860CB3CBF4A46F95988D5E010FB844F944628043C830E575964EC36E2C38326C771085D796F2C22C0969E58665626415463A3CA1F56C357B +Test: DecryptMatch +Plaintext: D2C349F40A24230689EA15736C3AEFB1588A +Ciphertext: 019A66A4ADFED556BBD1E58728A3B7A3631458DCF677BB155DA989827C2240A586783D8C5DB98E266C39FCDF6FB016BBB25D53A6B30F3BC9D1109CB908B54F1932335F3DFC2C80847D94D13C5933953EA1D212107AB42189536171069621403681CAAB2A13EEAEC847193FA6A0234FA8F107E2C1747425584EBB4F4D702E29A3A09580E25B34413208009F9643327A636DF622B7F0267D3169A64646F301C584F64066801383ED +Test: DecryptMatch +Plaintext: 85D75863811C6F574222B577 +Ciphertext: 02C6FFDB38965F3061C736E633B497192862677CB247A37C5FA1FEB4F2C021EA94C65AD9506C73C2E98ADF0F340DAFAD2BF6F6CC906C93655594D093D4B0F6867755013C25ED0AD75DC9A04DD0666E6340BDD6C1E748479F3D64129F76B5BAB37D26319287EC9D65CE9E2243D4CCC7BCEA4065623C4D388A7BD779941EE541DD29E070F7356ED1A1ADAE947D79F8421FA717F933F08CBB8B699B551F1EFF75B8F5 +Test: DecryptMatch +Plaintext: DD07A91D32C26D3258AA4ABBD82E81 +Ciphertext: 05669E0777B003CC2EBE9BF3981160806A8B416A2DEAB4058497C5AF6A5C8F8D1ADF1225CC6FF7D292320E9C98CEDA144862FB4E32EE11AD9CC76A5C85FAE56A2567E6C9D168586F288CF4D525C94FF9F0ED6C3DBD08787768B90F8CD776520EFB920E61FB0E4463BE8D5AAE2683D31F392229A9554E0977BF25BCBBAAC7BB4FCCB009630D0203451A7A2AF847BA60AA0CE8C4D656DBED02353B92025925E1A0A6DF490F +Test: DecryptMatch +Plaintext: 0AA6B9FB846D1230F521F2624127 +Ciphertext: 01A9D56F1547728782D4F80BB0EBC8890BAEFE994900F41D56094F4734ABA2BB371060B2A69C6B7BC8944358519D141FC277E1195B3A78F7068731C3AF3C604A062A0D551397CD804168B7F400F786BC5CC3F912457AEAD56873AEF1A2378F34E953E240C20FFD7DDA229D4C020BDC68684A53C0AB3ACF9B44581353C60CE9854E3451645A604BB7AB3EB44088A07F59CE0FEB6454CC5A83BE5E939B317D4D8537CAFA +Test: DecryptMatch +Comment: 1028-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b0281810cb31a78b6\ + 6dafe2dd020483aec0cad421e4a3df2a81b827009dd74f5ef0468fc508477190\ + f628033471ee2d56f913d45a94a8ad1582b29785a7ead06c88ce73812e653797\ + 921d3c4a8fba91c1423d6609e85625b2f41494546500237151958b13d1cc0f90\ + 586b0233290d052a18c2aa3ec2bdc32adb4676cbeb30309e330b823702818106\ + 598d3c5b36d7f16e810241d760656a10f251ef9540dc13804eeba7af782347e2\ + 8423b8c87b14019a38f716ab7c89ea2d4a54568ac1594bc2d3f56836446739c0\ + 97329bcbc90e9e2547dd48e0a11eb304f42b12d97a0a4a2a328011b8a8cac589\ + e8e607c82c358119948682950c61551f615ee1956da33b65f598184f1985c11b\ + 020102041702151c0cefd22a713385985cacb5fe84cd40e724ce9587 +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b0281810cb31a78b66dafe2\ + dd020483aec0cad421e4a3df2a81b827009dd74f5ef0468fc508477190f62803\ + 3471ee2d56f913d45a94a8ad1582b29785a7ead06c88ce73812e653797921d3c\ + 4a8fba91c1423d6609e85625b2f41494546500237151958b13d1cc0f90586b02\ + 33290d052a18c2aa3ec2bdc32adb4676cbeb30309e330b823702818106598d3c\ + 5b36d7f16e810241d760656a10f251ef9540dc13804eeba7af782347e28423b8\ + c87b14019a38f716ab7c89ea2d4a54568ac1594bc2d3f56836446739c097329b\ + cbc90e9e2547dd48e0a11eb304f42b12d97a0a4a2a328011b8a8cac589e8e607\ + c82c358119948682950c61551f615ee1956da33b65f598184f1985c11b020102\ + 038185000281810aacd80676c540b97f74d2a94c2f389795c9f696d2a1fa934d\ + 20e93d49d0099d9312552e6e310da5d97cef87c9a5a4c47e7acd195293b09adf\ + db8e0cac95139446aba60fd625d17eaa102c7c26568b34891edb38226f949656\ + 44a9d52ff299cd007ab3dbc15779d4388431a66774ffaae5c6be04526b28c620\ + ac97e8618cb09d46 +Test: KeyPairValidAndConsistent +Plaintext: +Ciphertext: 0194C64DEB9CB401573730A29359456F4E9528347ED80F24E5AEC4441E896E38047EF95AAD9AD7A25AED6CC89FD95CAAEF27F3C814C26FE43F6D65288D87E372A204D1A66C3BCF0346CE89E9D2D7646E90BACB9A85022ACFEF8903C72A663BAED9A346E1A6B2B2FCF70E239EE70A34385F8C76CDD121F6B190085BAB3300E6B811906CE38AC740FE88A3DF8DCA1C6DF73A03236D51 +Test: DecryptMatch +Plaintext: 9498EB7300 +Ciphertext: 0A38C373F6A96D87528D2D55F6391A9E801252A65F622F36A130ABD140E1858024E31F247C3BC8C07D9500CBE7A8A3D6C0670AF0FA14D020DC54B201E657C233F8031DF990AE801077D4D3AD9B861F4C32D36FFB9E8BD5E2651169BC4560CC7FD02159929AA50882F8B4C8508BB98F6BE8A6A7C0E21A2A81AF781447ABEC85C170F3F6256C3B6C5E2D3A01BB5EA8B502D37561C06F1DA536BD59 +Test: DecryptMatch +Plaintext: F07FFAC9794BD8D528F750D50C05 +Ciphertext: 03DAF7F6C2BEBF8D0B380EB71BD8BEE9D649AD7647DF6DE4CBCE00D0363E31F11E0DC0331409863E3C069EE3F975E7F623B55D7F4690C7419C5AD97EB52BBC0212D3FF0A83A031591A31481116B2CD232A9C86A20EA40BD13A53BB73E644A6C7DC1E6C767756E7235538E9D5B155B3173416E99F121E96E02034C6DB9129489A050740F603DEFF96EF1D99E7EB4A32083D0D946670B1AEF30E1E38D3F076D6BCB57255 +Test: DecryptMatch +Plaintext: 85916A46E0965C69C4773C7DF9AF +Ciphertext: 053D29F0878C68FF55FFC8E6E0E03044AE23B79588034F0236A49A5B6D00EFE8C564D2D29ACB61FE49C0E984EFC3A48A96EAF22AF3032D8D0FD3B3BB16A0157C161F2B3D3DF802FDD6B61899212F44493383DDDEA8B2463BACD0C5E1F4F9E4063DE5E52032E7DA8B79E04C5F03144CD710ADA74506CEC2D448BEA0F2B59AB63FCC443BBE920748E122DDD6123BDDAE484DBD02088817D999FDF80D5ED4B308AF4C2DCC +Test: DecryptMatch +Plaintext: EB632C72F563174E680961BCF26EC7 +Ciphertext: 0BBE666C02191F668A2DB000646A14385A8E9199BD887913BA587DA4C683535801853186673AD7C43EFA5B65902559BA5345EFA111E0514D461C1B1EFFAE58708EE6C17F1758EBED31F0B3206B0EC1B4BEB2EF911C589E25CDC3B0020C47119B5F33EA2FB7C332CA6B1FDA2F350A4CB0D6844637F2CCA71EFB036C7400957AE093B21BE90E30A8672847C9BA5266EBBF9D62341F67A4D09FFA196A817DD2F5EE1A9654EC +Test: DecryptMatch +Plaintext: 42B5D2DB89374231 +Ciphertext: 0085B6894D887B59393F9D7365411DF239BE1104FD86CC63A52C990A84FC4660FF9B60CF0641E44A8224C169A9FD1B35EAF78008E34F14B5311CB5D725096D9DE92F35BE6E71E3AC3E3B3D68BDD5351A5AF93F0B3BCDB00B9B126D8DA07E5F42107181F9580CCD0D6F086C94177FD48ECFAE3FCF2F26D64940D749E8A964275290A247AF700210500517BEB2175326F4CD3016AB175B352F9BD3289079 +Test: DecryptMatch +Comment: 1029-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b0281811b02fc18f7\ + ba0ae7f84ebcaf319294fa2bad52e47e1926267ad38b2f1b2566145bbc190cb5\ + c39a8d6229eb238d3742bbd234b0f28eac92363a31ac96c5b08eaeb1963de59a\ + 3b2d0295c0266a7da4ca92b64f96c497f262e98df7f20ec55814b8441acfb639\ + 7abf9c4e42ab9bd6dda6ae180b12e12ead68672f9d56b98ee40e2b630281810d\ + 817e0c7bdd0573fc275e5798c94a7d15d6a9723f0c93133d69c5978d92b30a2d\ + de0c865ae1cd46b114f591c69ba15de91a58794756491b1d18d64b62d8475758\ + cb1ef2cd1d96814ae013353ed265495b27cb624bf93174c6fbf90762ac0a5c22\ + 0d67db1cbd5fce272155cdeb6ed3570c0589709756b43397ceab5cc7720715b1\ + 020103041702152c7c60166a1bfebb17831e65b8e1f61f3ef9ed9ff7 +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b0281811b02fc18f7ba0ae7\ + f84ebcaf319294fa2bad52e47e1926267ad38b2f1b2566145bbc190cb5c39a8d\ + 6229eb238d3742bbd234b0f28eac92363a31ac96c5b08eaeb1963de59a3b2d02\ + 95c0266a7da4ca92b64f96c497f262e98df7f20ec55814b8441acfb6397abf9c\ + 4e42ab9bd6dda6ae180b12e12ead68672f9d56b98ee40e2b630281810d817e0c\ + 7bdd0573fc275e5798c94a7d15d6a9723f0c93133d69c5978d92b30a2dde0c86\ + 5ae1cd46b114f591c69ba15de91a58794756491b1d18d64b62d8475758cb1ef2\ + cd1d96814ae013353ed265495b27cb624bf93174c6fbf90762ac0a5c220d67db\ + 1cbd5fce272155cdeb6ed3570c0589709756b43397ceab5cc7720715b1020103\ + 038185000281810e6e9c7b74e33a1f4683ddfa35509c39a75b75c10f438efad0\ + 82caad08a7418990983150a9a5ffe3f8e340443dfbabf82fe060da487f94afdd\ + 1e713d491b983fc4fb69d4405a12e356808c5cf6a7bd397c1a5637ba8e168b7e\ + d3f549a9f39f343e8fe3992706e782a1dde5c5e9e6a950f7d980835c1bc1742d\ + c2840cb2e61086d7 +Test: KeyPairValidAndConsistent +Plaintext: 03C57B87 +Ciphertext: 1440C6776914314A1DA161EAA41D52B283E2C0B487C801CEC33DCDB639F579F69D12FD029C994A311913EB6869C7A5659EE8BD9F5D7225BBB2EB77CF6F3D24A5E9866BD2CC50E593EC5CEBA4A96C59FE8B98B5EE2121E5892F2436F98B5C4E4A12077A1A64F1FCEB783D05453A657BB91909637063813CC00754402DE24F4AD6C0D9D4C15B7F4E485AF3538D391CF5993A59F6D1FE6C76E2A7 +Test: DecryptMatch +Plaintext: C5598C0FE0D90B10E7125079E2EDA32E531C2EBF +Ciphertext: 129FC863B70BB82C1C59EE2DA37FF3909F1DAB4B55D9727EE0CA3311BE5797F93446ACA0409CBFA848A90756D2598B6ECA56F6341C6E9F716A62380CB5D47400CF392A5441DA5AD2C1D066F894942837EA7B6237D7BE2E94FFE0A106148C2B7B9AF624242A945BF3B217D89FDBB070FA5940C1C899AD83AF1F865DEADFF0F4E48A7E00BF7AC5625F6E32F8B01394AE90284AFA061AF6DD61ECA1B8FA77CBC172573A9938332D7AEE41 +Test: DecryptMatch +Plaintext: +Ciphertext: 068117F2BCF29C72CDA3F4560A2165B7DB7C29314EFEC8D110425D5AA02F35C0F9A2304A0554C097944EF3A615BD70F5461E6549C319AC1207B100FEF022410C46284CEA9CA103685A18EC944DEA0BAE8E06D2489A3E2D1D9B255F192677664CA6FF44130C28CDE1FD437E85396503DFF305BA2D64E8BF9C75B00CA1595A1AED2C60865C0DF03F408EF95517E70552B2D5A8C190DC +Test: DecryptMatch +Plaintext: 8DDB5FC737283E5B +Ciphertext: 0B3E0CE51E1D3AE240EB34787DB5D49D6786B3BCC29C37EF8B9155F342C4D226CE1D07F7BAE09DFF7E8CD89915E1312F43540A26F03D918BF56B07E6D07A96870362643092F24FBCC6A2DE62F637B5F5F807E430DAF9B7AFE1890143591BBA035538FB419BE4CBADFCED5EB8BE2471B39CFCFBB2BA854C9E0F52E67524ECB80F9FBB3173D2A18C9F4C43F4E20866428A9256AB8AD199BA0BAD55A18896 +Test: DecryptMatch +Plaintext: +Ciphertext: 197D4DC43B0716191F926DC806A1B707ABD6684735144AFE07E0EAEEDD9BB3C89B9D0076859DACE6FFF9E2685592ECB010909910DCA50D2FB1B15EB9B9CFF4F71250D807EDDC2EFB2033BDFD93FD10E117683E3E4E8A5D3308572D4852954BD51251279A79092E3DCB95F1FCEC8310931933F47998DDB61438478CD80864F08D3370C863BE6E7E1CD22E38BC512D9A160478814057 +Test: DecryptMatch +Plaintext: 53AC983CEE599A17261C53 +Ciphertext: 0E31EAACA9E8A86ACEFD1CB817869F48EAB342EAD0DAFE17B848CA9CB72B92567987B929F655B8D601EB1384BE380C8E4BA8B4E274F724F02FC5C00479C308813A3963E2D8AC88ACE92AEB00AB024A4EC5560857310E03009752B86793B356DA344B4AEF01F3ACCD9CBFBE399D0016260C006FCA5443359EA1E012D43921B8D2B8CFD31B94972ECE9C0031420238C76514635E9B40F17D9AF25A1009DB75E4C0 +Test: DecryptMatch +Comment: 1030-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b02818127b35992d0\ + 8edcc7aaa6ca70365afa8ffacb4a9bef0ea348e27414c2100b81827fbf1abd3f\ + 14150bb5d85ab13b2aca21304365f150511a68c90f4a4eac0bfef0c548e3076b\ + 30a24929c4482f42f2b03ce122b3a251e685a3fe3dbb539932bf8d2b117b1b08\ + dbceb78c84966270657164fe6f20c6d27dca270dd4417f843fdfb23302818113\ + d9acc968476e63d55365381b2d7d47fd65a54df78751a4713a0a610805c0c13f\ + df8d5e9f8a0a85daec2d589d9565109821b2f8a8288d346487a5275605ff7862\ + a47183b598512494e22417a179581e709159d128f342d1ff1edda9cc995fc695\ + 88bd8d846de75bc6424b313832b8b27f379063693ee51386ea20bfc21fefd919\ + 0201030417021513560b35fe90d01a106b1e6ccba4cec953421d48cb +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b02818127b35992d08edcc7\ + aaa6ca70365afa8ffacb4a9bef0ea348e27414c2100b81827fbf1abd3f14150b\ + b5d85ab13b2aca21304365f150511a68c90f4a4eac0bfef0c548e3076b30a249\ + 29c4482f42f2b03ce122b3a251e685a3fe3dbb539932bf8d2b117b1b08dbceb7\ + 8c84966270657164fe6f20c6d27dca270dd4417f843fdfb23302818113d9acc9\ + 68476e63d55365381b2d7d47fd65a54df78751a4713a0a610805c0c13fdf8d5e\ + 9f8a0a85daec2d589d9565109821b2f8a8288d346487a5275605ff7862a47183\ + b598512494e22417a179581e709159d128f342d1ff1edda9cc995fc69588bd8d\ + 846de75bc6424b313832b8b27f379063693ee51386ea20bfc21fefd919020103\ + 0381850002818117f468e3d38f1198556447bc16fb6c6ffe98b31f9042e59602\ + c71286db3e0780601e47372e6eb4a570f2059a7a87ee4471eaf94bcf23e34017\ + 5a377333d39dc64b7eaefcc065bef4a92d0d10acbba71082852c2014d9d3eb2f\ + 8583947c2cbf52865730d2b9511ed8a68367e4d89eca4589b836889cd424485c\ + 9305bc0386b16619 +Test: KeyPairValidAndConsistent +Plaintext: 4424 +Ciphertext: 0C570D0317363DB43DEB295D49A3BC937116F2ECAC9226415952CE634679272B7041A4B806164F12E87A0050AC2D60D393F845965CB3A56FF0CF28D31CFA0285015452C59949E3D96C5C6D1DBE38F6EE98E2C93357E6C036053DF920C7CA5E2EA1617AE44434A347FCE426C55295172ADDE9CAC3AEF2C6D6AB2C8F0FAB1B146FF1A10D5EC2191C99D6418519443EEE2A198BFD159BCC63 +Test: DecryptMatch +Plaintext: 5092C5D9FA398EE31AE27C97 +Ciphertext: 196476CA0E6622569F233780EE0C449C2CAAD3819B348D01B4DE5425EBCDEAEA739C6D9CCACE4DDF06520E83C94D237AFD46A4EFED635112CC78534E2FA6046ED6C06806EA8F4B9F3FC3F87DC55F63B9E14F9ABD82E9CC80A298DB281C9F690391F5B064880CF35C5A0BC7537DE9F65DEB2467FAB5CE8F41529A5B06BFA6B587ED661849BC7388277AE7F7E5EFA3F2526E503ECB106B718275BF32C4F83278CA30 +Test: DecryptMatch +Plaintext: 89BB350DC43CB3 +Ciphertext: 13844D63B45821E8704A9C1F6E9166B5EB7FD98DE5369E5DBB9DECE506EE467294282B5B174EF2F81B6766A3616AC5A974F06D9C47163C69668F4C1C78F8A6716A4EC28A6AE25F615A838B9C747EE857AA2AC92DEDC575AC568A78E8A86EF78D55EDB88707F7B6D558E8A760095BE8BCD066FC57396E67C9D8654245676DAE9FC4BC9D578496CA450B35E179410A5DB443C2026FFF0E5F7E54821E39 +Test: DecryptMatch +Plaintext: +Ciphertext: 040E084ED4A1C135C8867BAFF219A0092855E1E9FC96F38277E16B96986FDEABDC22F3B02CC53B655369DDE3356EA6FE49B77C8EAA49815CD5B1DFDC6E7D0AF6AA985483345BBA8A251F1EC7658DF708C8EED8AB6B953393C03BA2EEDB8B6391D921C9EAD2AA61DBE724B15C9C664EC4EFF83A535E46BF768FD519B043DBF46A36FA03921224281A826F6F43DEA6DF38749D600317 +Test: DecryptMatch +Plaintext: BB296D4FF04AE0171F1F24AE +Ciphertext: 0AA9A85958D9F1BB06E3DB48DACC842534915A7E42715057BD33523EE756F62AD973E37128BB8031358A1DC583F40598B74F079AD667C037D4BE89938233BFE1C167EFE764724F97F2EA42479FB455B1166AAB26A43440867ACE77472CCB13643D5BC9532F68C5368825BF225DF49E2D3BD023447A795AFFE927A796C70E5D6359537A9CE2B4B9323D7FE208540CC32447940ACD91F4718FC7A7CAD45A524B6DA6 +Test: DecryptMatch +Plaintext: 87A2C6B33856C6A096EE +Ciphertext: 12D17080AD0E7FD426E02B6A90736AB4B566F31E937B2D3E642D663D6ABFEB903FC9C4763AE492191E0C15B264CEF321DC8747C590F751A9BA2825D9250F72BA85EEB45B1F1D7B2BA972455DCE7DAE6CBD7B5BFBFB88FCEF52910F9B28D3DCD6BB5D479BBFC73896C3D1C44AB387989DE4D77855F6B8C7A8C12969D51DC6B10BA15C2B19E91A55BD5542853EC6F8F13260E8774C706958B1C9866114FADA1D +Test: DecryptMatch +Comment: 1031-bit DLIES key +PrivateKey: \ + 308201380201003082011806072a8648ce3804013082010b0281814ff13b3664\ + f5c527c36120159d9b9a82054f9ade6866b379e13d03e76cb63b25731132d5f7\ + ec6e95186ed83c793b5d63189dac30c6e6a655605f885fe73d2ae5433c80e660\ + c5d985ad6d12783082861829355c25cd7a7ff84b3033cb7fb530a7baa4000830\ + 2c1eb24b866cf467f570e782bceee66e15585f70b0633965c870530302818127\ + f89d9b327ae293e1b0900acecdcd4102a7cd6f343359bcf09e81f3b65b1d92b9\ + 88996afbf6374a8c376c1e3c9daeb18c4ed6186373532ab02fc42ff39e9572a1\ + 9e40733062ecc2d6b6893c1841430c149aae12e6bd3ffc259819e5bfda9853dd\ + 52000418160f5925c3367a33fab873c15e7773370aac2fb858319cb2e4382981\ + 020103041702150910a291c216ca5f944c5f3eaaa1535c3b8a1f0b15 +PublicKey: \ + 308201a43082011806072a8648ce3804013082010b0281814ff13b3664f5c527\ + c36120159d9b9a82054f9ade6866b379e13d03e76cb63b25731132d5f7ec6e95\ + 186ed83c793b5d63189dac30c6e6a655605f885fe73d2ae5433c80e660c5d985\ + ad6d12783082861829355c25cd7a7ff84b3033cb7fb530a7baa40008302c1eb2\ + 4b866cf467f570e782bceee66e15585f70b0633965c870530302818127f89d9b\ + 327ae293e1b0900acecdcd4102a7cd6f343359bcf09e81f3b65b1d92b988996a\ + fbf6374a8c376c1e3c9daeb18c4ed6186373532ab02fc42ff39e9572a19e4073\ + 3062ecc2d6b6893c1841430c149aae12e6bd3ffc259819e5bfda9853dd520004\ + 18160f5925c3367a33fab873c15e7773370aac2fb858319cb2e4382981020103\ + 038185000281812e9a62ec280cf5ee7d09e5e5675b67a4c325c7565a1129c079\ + 095d0f078e7b8a5b3c947c21c022f01c0b9267a45fdd9f267e63c7f674a02d39\ + 6fc59a960d7991d2e3552d01deb2784f26ec4c9355c0df0497271cb583d157db\ + 90b0634180578ac85005143dda75a33a127df96639e275cee8fe9c02db62d2ed\ + 879f3caae11d6e00 +Test: KeyPairValidAndConsistent +Plaintext: 1FBE21CDBCEBA28625584CB1EA0D9627A919A6CA +Ciphertext: 2CFC251CB2A397880EFD0077D9CEF817A6D69EB6278CD82998C5988DD18D6ED15FC8CAFD1611DE58BB46BA8A87013C7BBD4A8DCFC454F13DB282BBBD4E1594E6AF17AB6219E91D7354EB88515007B58BF0D8FF4BD4C387FF6E02BF81455803E6A936F25245863F1580F00ADFA4BDE052BEC72739B88042CF99480AB6F4489F9C8B9319828A000FDDC4D1A6E49868E3B39DBF7DCDADD9B882B755E330C762FCC023EBBCBD0330D28DB6 +Test: DecryptMatch +Plaintext: DCF33FA5BEDFDD93DA +Ciphertext: 14BA927F10262B134AC43F6787EAEC3546C17EFE3F6D54AD2A245A0EE732B749B7312521372F21716E1DE29AF8FB329C25ADEDE2DADE3A455235DAC6C1F347C2A052893DBA6511C3760384935D68C7808D23CB194E6A19F579782B22C3D8880736BECE89FD75E7E69022E9B2500E5A044105B832C9BFC5F18A807889B401E61A9888276B31FD299D604AEA85091578D41E5B36D66C4510F4B147C5E59615 +Test: DecryptMatch +Plaintext: 217B0E +Ciphertext: 37B50EFF3A3FDA419988CA44CCA3AE95F465A18C89CE2DF025F565DAF0F833E198DAEEB46517FBDE47AA3D5DC5039B873A31D0DEE1EBC63F3E97C0A63CC05A8F877FE70EB7F6198C088FF35C1C369616D3EACB013F295F764146A5AAA2D21CD36B9DA4490CF1B37D379ED7713B955C3B0581650B5C7F4F5B8F45B89B94DC364D3340414B491C29AAF2E197AD6F59B0DD687F2E60F8826169 +Test: DecryptMatch +Plaintext: 36DA002D110CD632A9969DC42409B478A3AD3B +Ciphertext: 37126F749ACDF2B6BF667DE9635CC0BBD61753B30931C847B612936C1AE122D6F0E409B4E9454852540C5FD8DD3DA8BA4026FBE8CC8449CA0071409DB47165907202DC078E5A8F6B0E9C8D3497A2D02F53DC3A47389C1B3778EDDEE980055BC4B7EBAC0B95C0CC4783A4B202CE127FA0D7B65B252492A1847FAA9D1ABE893376917BCD46DB4FFADC06C880AD848683B874F7CDFBF0E4BD87AFC39303C512C44EF58B510702C1129C +Test: DecryptMatch +Plaintext: FAFD +Ciphertext: 0F63F22B7817F2449388E0422C6122200D76BA8D4CEDE63DE950ED26768E6779BA0A238C8C3F2CC5C87C7926F1247A7067E27245423EEEFABCDB606976BA2FD9977320F903733FB57D02620682820B1AEE165604410157C5ECFAB7090EE83638A99E4CA36CA0879D3C14856A3417690A52F14F33CC50FE44503FC47F2D90C096C03F62A85D88891E9568911AF61DF916C3677DCF152FD3 +Test: DecryptMatch +Plaintext: 9E9145E890FEEADC706AE1 +Ciphertext: 0B60A14F132D21E47E2FA20633DE43694EC0394115DB297C1B68D1A7EE7722B6AF5D149A2EF5D0EA05761C0FABCF8C0862AF320E9D273AE743717F78A46F15B640C87F4AD0C25865EA3453B0FB59D997E41A31B6C1669F14639E2F70F7D4324B8729A26C8869D97B432740F7CE28A74EFFC82AD7EF172A02AC678C13235BA2C6EF79143D189838E1F101385BD7098AE3B5B78A80964D5C0A3D7DBA7FD7328BE8 +Test: DecryptMatch +Comment: 1032-bit DLIES key +PrivateKey: \ + 308201390201003082011906072a8648ce3804013082010c02818200b98458f5\ + ada1f23f4ae8a3a519c27fde91efd1f201e386aa6119749aaf6ed389079ae49c\ + c76317f81f14164673e8f0be00edd4db4792d446e7bf84b30200626b442af3f7\ + c9a6ee6fb0f95807e62fa5b2d171a4b326cd60c82b20d63ef00b408ea337f50f\ + a51f07549dc4f9a660842724566b94d6e2a58980d2d20281ce6c327643028181\ + 5cc22c7ad6d0f91fa57451d28ce13fef48f7e8f900f1c355308cba4d57b769c4\ + 83cd724e63b18bfc0f8a0b2339f4785f0076ea6da3c96a2373dfc25981003135\ + a21579fbe4d37737d87cac03f317d2d968b8d2599366b06415906b1f7805a047\ + 519bfa87d28f83aa4ee27cd3304213922b35ca6b7152c4c069690140e736193b\ + 210201030417021534999c0e7b17cc3c110cff71571e8d4708c3122a1a +PublicKey: \ + 308201a53082011906072a8648ce3804013082010c02818200b98458f5ada1f2\ + 3f4ae8a3a519c27fde91efd1f201e386aa6119749aaf6ed389079ae49cc76317\ + f81f14164673e8f0be00edd4db4792d446e7bf84b30200626b442af3f7c9a6ee\ + 6fb0f95807e62fa5b2d171a4b326cd60c82b20d63ef00b408ea337f50fa51f07\ + 549dc4f9a660842724566b94d6e2a58980d2d20281ce6c3276430281815cc22c\ + 7ad6d0f91fa57451d28ce13fef48f7e8f900f1c355308cba4d57b769c483cd72\ + 4e63b18bfc0f8a0b2339f4785f0076ea6da3c96a2373dfc25981003135a21579\ + fbe4d37737d87cac03f317d2d968b8d2599366b06415906b1f7805a047519bfa\ + 87d28f83aa4ee27cd3304213922b35ca6b7152c4c069690140e736193b210201\ + 03038185000281813c42dc88e1e15b9a737bfd64b96a7448983da5242a6cf43e\ + 1cc72e8886db723b681c291f772bfe33de5ba735404581c839341969a691c199\ + 229c2849c1c8c80396837c71d711ce34129d3006aef9d16cac504543c6e570bc\ + 3d730d5cd35d8a375edacf591b2837f9a705d63dd62754365d13c103961161dd\ + 984d89792985ad688f +Test: KeyPairValidAndConsistent +Plaintext: 23 +Ciphertext: 0BE692E3384A784AD01D80A65D22B48449AFC0281B36085B0D8FA03574B4BAD05F754D6FFB8E3F4B4BFE60FC7EA2BC1F11253505C753BEFB1D3BDA0084E6CC1FD82454A601F1C0ADB52B3FFC4895D36542FE0139465B490102C7B6A75C9273B737536DD122CC8C3EA0F32900C82C45B0FEE97D995AC5B4345A8899DD6888D1E814BB5A1141A86E636D31FA05689ABA512DE869D12BB4 +Test: DecryptMatch +Plaintext: 4F571384FD52A9041C8F3094 +Ciphertext: AB7942750662F0FA422F4628B558938545FBF7C749995B4D5B32BBF392292FD1B4EF02E5A2EEF6874BCA9F0D4CBCB92D684CDA821829850BD4CAE110E78E42909CF069B54B4BC7D742E113E57C85BCF54AA5CAE1005516BADA834A857315DD6C3DEF4AEBBBF6CB4AE217107E16E83F884B2933EE618F22C45B78092B2EFF7D5C33DB7D89FED4E134921DFD9DA999FB8AFBFD094D77BD887D2C86AACC401A621905 +Test: DecryptMatch +Plaintext: E421A467654B3B88C93C8E5384FE2B85D4E340 +Ciphertext: 7485B8E5360BC1383FCE1C586E126D5DE89FF1CA7CC8146C37A1E6582A564C4588984915CCE9635EA6ED434C80CAE138FBC1EB15D16B294AC1E59CDE544E4DFBF276D30A7F51461C2B7E7F076222DE6AC534DC47E015BA85062694FD78DC37E9460C10FDAF2C61FC7EE0669E99793A657543B881B50B0D3916E395A959EF55B02DB8E7B4C5B5B653AE2D11CCE639342C8C77C667625116D9E6B6C6AE822CDDF2AA503EC3FAD53D80 +Test: DecryptMatch +Plaintext: 3D6C941B1F03E5C9A4 +Ciphertext: 684AA8D2AD35D2775BC30794A078CFC931096A37D472FE511F72B03B33E87AB1E7B958C3447AF6285AC379379E0D1F1BEC535E4032E186573742A75C1B42BDC52F679DCA13B2B9E67CC73461084DE1777FAAED93C7C1E4A6B19473EDF6A57CD88C076574A356748D501A05AF66A136E908993A0A70538FEB03109C62A41540EB4E166596887B4860E3AB0BF9C1AFD02C67D4BFF28BAECD31D1CEB207A245 +Test: DecryptMatch +Plaintext: +Ciphertext: 111C252A9E64FB777F09AF6AEF9C4210B9644C3A66D5528C631D5348E30B146A6225783DE1FB796DBAB3A901E37818B5AE49BF1F8CC0A6C8909D2DB06D651CB08009A25E13A89653DBBA5959674E37BD72039D4E7BFFB3A2395DF8C36164C3FA71334DBFF2FACA090F1C349BF68443838A0D893B9B498D3B6CC86646F935D5ADED81967A387506688B6478492129534F3A651C9985 +Test: DecryptMatch +Plaintext: DE5F0B92C45A0C1530 +Ciphertext: AE6BAEF52B43EE88AEA7796D667D044887407ED07E7618358243A0108514FE9793EB28EB42B4BA2F28F6687FE7973FB8DBF825541010F1BC1FC7350CBEC0B055C0C71FF2C4D2634582C966C1CFD3449AF8AC956BEC3EE797F7E81E589450EA13C1A8C99116E05E49F4BB87C9B95EFDBEB35B21C36711CEC8A1ECF3E4F194251563F88C056749B835FC19A7CD560FEC785207DD14D43C6104D83BB05F1DA1 +Test: DecryptMatch +Comment: 1536-bit DLIES key +PrivateKey: \ + 308201bb0201003082019706072a8648ce3804013082018a0281c100f9566c8d\ + 687a5ead7c780617d3ed37b4afc46582e9fc0d75ae217fb506f5c2024c2a0e6d\ + 7e042544235b4de63047a33940d772721e895f9d4e92790bef0d3668ec7f6cad\ + e7f9b18049b33efa773c83e97b35ef7ebf18934b48dd4700a48c1f76ffc20684\ + 521bad52834086ccdf1e3d5c9128fef52f6a9444d8e9944d49e5ab411f46b63b\ + 290b7fdc8f48fab24c2059510bb7247e0930d5043802522d67f2b69ac18b82bd\ + 0229e53bf6769fe83c469188d600e6afa6686bd9725afb9ce39bbd9f0281c07c\ + ab3646b43d2f56be3c030be9f69bda57e232c174fe06bad710bfda837ae10126\ + 150736bf0212a211ada6f31823d19ca06bb9390f44afcea7493c85f7869b3476\ + 3fb656f3fcd8c024d99f7d3b9e41f4bd9af7bf5f8c49a5a46ea38052460fbb7f\ + e10342290dd6a941a043666f8f1eae48947f7a97b54a226c74ca26a4f2d5a08f\ + a35b1d9485bfee47a47d5926102ca885db923f04986a821c012916b3f95b4d60\ + c5c15e8114f29dfb3b4ff41e2348c46b007357d33435ecb92d7dce71cddecf02\ + 0102041b02191d78b208d09b23e859be7e79ca76e612d8e5ac75a5ca02c506 +PublicKey: \ + 308202623082019706072a8648ce3804013082018a0281c100f9566c8d687a5e\ + ad7c780617d3ed37b4afc46582e9fc0d75ae217fb506f5c2024c2a0e6d7e0425\ + 44235b4de63047a33940d772721e895f9d4e92790bef0d3668ec7f6cade7f9b1\ + 8049b33efa773c83e97b35ef7ebf18934b48dd4700a48c1f76ffc20684521bad\ + 52834086ccdf1e3d5c9128fef52f6a9444d8e9944d49e5ab411f46b63b290b7f\ + dc8f48fab24c2059510bb7247e0930d5043802522d67f2b69ac18b82bd0229e5\ + 3bf6769fe83c469188d600e6afa6686bd9725afb9ce39bbd9f0281c07cab3646\ + b43d2f56be3c030be9f69bda57e232c174fe06bad710bfda837ae10126150736\ + bf0212a211ada6f31823d19ca06bb9390f44afcea7493c85f7869b34763fb656\ + f3fcd8c024d99f7d3b9e41f4bd9af7bf5f8c49a5a46ea38052460fbb7fe10342\ + 290dd6a941a043666f8f1eae48947f7a97b54a226c74ca26a4f2d5a08fa35b1d\ + 9485bfee47a47d5926102ca885db923f04986a821c012916b3f95b4d60c5c15e\ + 8114f29dfb3b4ff41e2348c46b007357d33435ecb92d7dce71cddecf02010203\ + 81c4000281c07a5b4ddf442b2cd7fd925be84f2ef4c4032d61c5a55c5949b30a\ + 765cd4d5d4566af37ffa7f814f51bdd71c3e5575c6fd0203f14d3ded4e14baa8\ + 2747a6437d35ebc81e2035bfb0e04087fb5fe449163377d47b045b680b394962\ + 20b3138e85f6d24e06f955ec7a1b785ce34c2926cda441bfc86ba2f44a489a41\ + ee1740ab5ec3daf6d2c598e1d143654c05ce61792b47ac92c8d6ba0711419e41\ + 221743b768eeec2601f66d277fba154a62dc996537a0caccfa313cc9fde0194c\ + 05493aab1f07 +Test: KeyPairValidAndConsistent +Plaintext: 9302C420D137C310 +Ciphertext: EEF64A81C754B2EF543A19549AC0FF3F44E4B548284ABAA1E5F1EB704B0D246749D7F1CEF7B20A5226384DBE8FB596101591BE2B53E9909EE3723CB70A385FC2DAF6CE15629EBA21E7F26223B0A2428D8931CBB4F1B281E318A540F38A809C8BAD92D10FDD63305DBBE972E6CB973FC4F2FDF0BB9CC37FC42C7AD76E8DE3FA91E5E79B09796652BFCD62A28A59D9A97759032A0A78E0E1B081DF212A15AA44E35DE9E291EDA499DDB631486C029D56052246C9E37FF24EE9E86465B3B55BC4BAD77B9AC873B6F36EA65892B202E320756540009C81B9C6747BDAF40E +Test: DecryptMatch +Plaintext: 9FD4F26B7317BBD1B235 +Ciphertext: 514DB5C63AD9707197B4F0B2A30CDA18369B963E62F7ABBA1E030E08D3DE4E6C17D4BD7CB8097C2E641FBB0AED6A9FE7FBEAAC1C6B85BB3570D0E86FF6105B9F8C9B562A4EFE4AE3AECA26978C514129006D22C108B1C8A0FA55864EED3D3F81643AAFE36DF1CBC3B4E1B1AD6D5E0612214938A55114589B97286A7EE5B04E39254696DA91453027F07346984423FE2784DEA9375C236E6640504B5BCAC32062836E5BE1695CE73285CD77CE9717FA38E080C28C2959D9E32A589C04ACE5E52970ED49BE34703AD6B9F024DDA176C631EF5EE76833B427E233A5DAEC4328 +Test: DecryptMatch +Plaintext: 337D8BDD32 +Ciphertext: A4EFBF2151DAC683F0C51D60A647151A1EA0C0DAA8CF3497D7116439E6AEEC62A36D06F89AB2F1886FB9F62403E3DA8D6F67F66DA2436EE20FFBADD698DF87EF40470749C0BE0414A7AE4D2755459F8A17F6C7D8920236400313D7846532C391A0A4D99C26C556772E2D3C74E0119C4CEC7EF224488BFEBA017A910E5FD167B4486E436F7481DC5A46F3FF0536193C75A857DC53C5242C11AB911BD21926462C5060BB89F71D99FDEAD3D16B1E21E0D0791B59ED0F49871F744B13F23EF5028C238B895532F90B0ABE9912644EC079604939A0CF519BA9D185 +Test: DecryptMatch +Plaintext: 25549A5AE844ABEAA694E3F6 +Ciphertext: E2B30DD7781DB7EE7B2EE3FEB77F7360A6069396D8BF1DFD85D5429DA5A156677679085D612D0FCCA0979C97E924E77C43D3702940DBB556A5BB6EA33D650E078B1CDF8E5F76DA6591D0AFF4389A3A982A9AC581BFF393B35D36894E407AA56B493C2F7C4CBB75AEC72394AC4F8A99089702F3AEDB2FC7486F5CD01691C3C8F8FF3E951CEC70A4E172B763124BE1D9F96DBBFBA8FA0EBD1A71067A20F68DA6AAAE849880DD7F88901DF051715E240BF0F5B49EEFE35B9B0ED2B69757111080DCE2E2A933CFBE8FB9E6E9A2C2C75E0A4228D06689796AB919EF80405CBF648137 +Test: DecryptMatch +Plaintext: 5E61EB24085019F4A76893517C0A13 +Ciphertext: B13E45F9288FD2C5C0FEE230D1A09DE376ADADB5A4330F33BEC04C6F14C4A1CF3789B976F402F11611AB8345B2EB1069CFEE1E2F482A02A0ED9A3B9D94EB78C7BD7222ECD48A598E34D1F0B6205331CB20E0B2C6C146FB29CC11BAD5CA06BCA3EE39DD536FF330663A817ADECCC284B92F6AE3EB75B00316992BEF8A955EBB4DDE2CEF504E9298AC243C00FDB64B6AE96FD7B2135E6BCEFA7CBFEE135A650AA3D8CD095D1C9156232DCFE1904BC4CCE58B455CEFDDEC1D201B07ED4F999D6281AE21C2008525DB24BEA2D9FDAC1BFEADC3E6E6B1181F1A55A75976C565BC28F177CF02 +Test: DecryptMatch +Plaintext: 87 +Ciphertext: 174E5CFE167D4F6FB9A8FCC0FBEFC12864745900F5A18EA92282C8B6689EF53BBB87B30FC21DB101D93E9FFCED05538EDAB59F9FA07FB176407651DD0C4CD8269B1DBB70F24C8177EC6E16294CF5E87A3070A077B1CE84B612C3E3B1D4FD60D732C4D2CAEF5AC442A358AD0F323E60F58FC8B29894F3EAD3AE0DB8FD08BEBCCD4220CEE6B7C43A5E769D1F890A6B6505EE7FCDC7E399FE5321C2792D7AE094D13EC493CC0911B3EDBA6DAA037E2EA0CD3642784FFF2CB1BE04E5B12AC9D2871F016D8BCCE6DF25C1C04D912CBE707FD4DB0F9E89C4 +Test: DecryptMatch +Comment: 2048-bit DLIES key +PrivateKey: \ + 308202400201003082021906072a8648ce3804013082020c028201010096411b\ + e93e733637e91b1d74f808f4c9c528293e3123ac1d3d2f94c462ff38d0cd2fde\ + c0eb03bc5e54b6df41e9bbe9127a1b3a7f47cfb513340664829ffae26f832b48\ + e2d660d10e4debc1bfb412f331ab7b2f88c0d31fb587ed5c5256e0ebf7da698a\ + fd3cfa0443af91bab8c539376fcbad72bfa6985b6e64250e6b546b07a4575b08\ + 449d383b5650083c637d2452e7d1b9227adfd328ce473bb4374fa31e0ad52e56\ + 7feff6a9c4842d24d069e7babb35313ad63ca5d33d572bb309689a571e9ffe25\ + 38816bd7bde7bb11c10752e6a842751f594f50cf4b8111f387134e30c6c03ba6\ + 40be7cd5b6574c0d0b571a98fcdc292070595dcf6e8d034cc0ef92e8ef028201\ + 004b208df49f399b1bf48d8eba7c047a64e294149f1891d60e9e97ca62317f9c\ + 686697ef607581de2f2a5b6fa0f4ddf4893d0d9d3fa3e7da899a0332414ffd71\ + 37c195a4716b30688726f5e0dfda097998d5bd97c460698fdac3f6ae292b7075\ + fbed34c57e9e7d0221d7c8dd5c629c9bb7e5d6b95fd34c2db732128735aa3583\ + d22bad84224e9c1dab28041e31be922973e8dc913d6fe99467239dda1ba7d18f\ + 056a972b3ff7fb54e24216926834f3dd5d9a989d6b1e52e99eab95d984b44d2b\ + 8f4fff129c40b5ebdef3dd88e083a97354213a8faca7a867a5c088f9c389a718\ + 63601dd3205f3e6adb2ba60685ab8d4c7e6e1490382caee7b74681a66077c974\ + 77020102041e021c614682228a4bea799d01008a4bca099e7cf7711d7914a81c\ + 39d2407f +PublicKey: \ + 308203263082021906072a8648ce3804013082020c028201010096411be93e73\ + 3637e91b1d74f808f4c9c528293e3123ac1d3d2f94c462ff38d0cd2fdec0eb03\ + bc5e54b6df41e9bbe9127a1b3a7f47cfb513340664829ffae26f832b48e2d660\ + d10e4debc1bfb412f331ab7b2f88c0d31fb587ed5c5256e0ebf7da698afd3cfa\ + 0443af91bab8c539376fcbad72bfa6985b6e64250e6b546b07a4575b08449d38\ + 3b5650083c637d2452e7d1b9227adfd328ce473bb4374fa31e0ad52e567feff6\ + a9c4842d24d069e7babb35313ad63ca5d33d572bb309689a571e9ffe2538816b\ + d7bde7bb11c10752e6a842751f594f50cf4b8111f387134e30c6c03ba640be7c\ + d5b6574c0d0b571a98fcdc292070595dcf6e8d034cc0ef92e8ef028201004b20\ + 8df49f399b1bf48d8eba7c047a64e294149f1891d60e9e97ca62317f9c686697\ + ef607581de2f2a5b6fa0f4ddf4893d0d9d3fa3e7da899a0332414ffd7137c195\ + a4716b30688726f5e0dfda097998d5bd97c460698fdac3f6ae292b7075fbed34\ + c57e9e7d0221d7c8dd5c629c9bb7e5d6b95fd34c2db732128735aa3583d22bad\ + 84224e9c1dab28041e31be922973e8dc913d6fe99467239dda1ba7d18f056a97\ + 2b3ff7fb54e24216926834f3dd5d9a989d6b1e52e99eab95d984b44d2b8f4fff\ + 129c40b5ebdef3dd88e083a97354213a8faca7a867a5c088f9c389a71863601d\ + d3205f3e6adb2ba60685ab8d4c7e6e1490382caee7b74681a66077c974770201\ + 020382010500028201001eb30132e415358b7d3f726b93e2eeb083fe7add7abb\ + 6ca352c9e09b365e5768ce032ee52d59f1c65311045c490c42c36ae08cd0264a\ + 26199aeec8c3a8882a363397b4d7e0b6c4abc407f27847be0e8477993069a1a3\ + a3fe68093e09ce55bbedf97c91e741ad2eceb7a0f4be6ff87f68deb03c5280d4\ + 8fdf4900485bf5ca20257b176f58fcee1f0451b3716862488b0642bcd76654ec\ + 4874512538976967a545cdc208a0050f26e541ca70343f653222e6df7aaa07cb\ + cf354a5ab910eb8447382d7f512c440982ab37a402c87d2888eecb35c636ba6c\ + 84a5cce917f234fc7f8d9167167e30f2840407e13751f1944f6aceae3f5a7025\ + 36723c1d88c8c04981e4 +Test: KeyPairValidAndConsistent +Plaintext: 5EE1 +Ciphertext: 73279829369404A1B68D5E86FF334259936133CB04C9186CFF733972054918C3285EE907C2863DEE872252BF03EC9FB088B8DCE6D69D78C6BCD6B3FF87E683C6CF3CA05FA6AF0C068D964BE01030A3AB4E19575811D141A59CFBC9D3558E48CB771D88CB1E0E6C7ABED041077D24005E337AFCFE8531569FE56E2CE97C40693C071409888AE46DAC8BD739AE0E1C392586917FE07A66F7D3AAF0DDC398117B594481D0D5CD19C8708DAED6338EAA552564C31F9548FFC7E5C641FDA95B252EF637C6CF708979948A3E6B4F37A9ADCD60BDD841F3B0945CFF55E2F13468EC71C550CC2AD48E7E1FB444F132AADB1EF2A7C5A22450D0E0CFE9E37D999B4794B5A594A4EB7ED406DB24ED541E575B9F2756545DDD34F6DB +Test: DecryptMatch +Plaintext: 0252EE2E1C603017 +Ciphertext: 0E742D794904D05C0F0B6F60E9655337F8C110F289C6E4A0D6FBA6A2A8EB0FBB566A7F9B9862175C7A00A8205E8C8012366023FD8DDB6EB713DEF86917233DC5D16C2822707230169C183FD3A714806220D7DBA735C4F747A23E4131CE12C5572BD5E659F967A8B7DAD0EB6138D1BB569C6F04EAD79F9A6301609697F73F6FD8CCE934FAC6FC138B4C552E211FB1CC242805C035815F462D0291537DE10632141ED0A7C22439C7270AF0A6244C073CE9E2654FED918C86697988B0B341C5EAD2CD6DE75EAFDB1DFFCC5FE465E8D8C9A34D5B7F0E9DDE62204FD12EE2F99435DD58F3254268F8E6CFFADEA9205DDFCC943004887C405859866A0A40456A6C50B57FCED319AE0EC92B9069F765013436FC9A0253481CBE12B707A2B20D +Test: DecryptMatch +Plaintext: 01AE +Ciphertext: 6AB2E26D99942CEEE4844632355BB3B7713DF000DA11099D4E1BF9EDD1781A9396032E9D96BA0DF21B309A9CABCE9AE3D022C33A931183DEC5A3721EA5CEB39C18935A43E3B0BC153E4469AEB604D031A0084BE5927478AF8EA652D0A4AF455BDC57EDF26E2C6F9A01C91F29984C11D3C60313A53D8AC65D9FA504742868AD3D313506EB4FDD0E9799B111F3041F4C0547BBB06BF7DB20D18B427BCA1BA5099821A5F0997EF08C319B851F0C88B4814CAC7BAA4290B3182738C37B6ABFC2C4770A633F70E6FA4FA53AB286384FFC2AF9B64DECBE12C8EEB97862F76296D13D889E864418056420DCCD0DF9B76FB32FA6BDEE149585F427F133972DB7281D91D6E78B6BC46151901179D186CAAC784D6271023FD6E84B +Test: DecryptMatch +Plaintext: D52A1E0E3253FE281A9471 +Ciphertext: 63F60818E399024073EAF02A7A419229EA4E2FA4126C910AE7D31DE7EB6C9502752F5B7241F2A133E9D71C1A75E23A6F5DBE36C1B661935B0F20123BF434153B1F81BBDE278611C9FAF9F56BE8C78116823AC5B5F355B88A82AD6A73D2B63BECFC7D3B39DB2A6B393E23826235AB76653EDF65DD7A94BD27E221E9D511041340FE83A27F7B26CCF3FA40B2BD786BB9D67D2BCED415F2F76D116E8F3EDC953B8A327D2846F247D91626F643F8DB800F5E1DF0CDAE2369AA8969A938E0BB5A44F0A9C0BBC7D15A34DAF4713531A7B6B59CCCA2282952B16A7E1A1D1CD47D8B2AC6A88BC6A85E692FED89BB3D1F16AC2A922836152059433A29F786F2386A74DD6F555CC8D06C890A4A93E9FE88CEB078333A631E9E3EED0610F0A17F2A4F8DAF +Test: DecryptMatch +Plaintext: 53 +Ciphertext: 7F820C0C9A5709C6026E58446623B5D4B323BACE54724F456684526BD1966A360944227D04824B3C9BAF19A602EBAD25B8047FB6BF9997EBDE6B854140C032481F1479E4B994FC5A2DE8128375099A7A0024AE1CB985D73BB2B806B20E0751EA154BE2A70ECBCA49335BA57694DF1E0EA4566304B8DF4BBFE5AA41D0B767AE1679BDDE70F95E1C0C7E06F4A635F987E2858407BCA2133C3EC5620D58F1AB7FE1426B615959009A4706797FE4060E1C690DA373E48D6BA684F69E981DEE5DB9A58C504DED4D4CA6CD9B776DA03E55DEBA97E541A300465FFC68C5417A10ACED061023ADE00FEED4099180948F26F10D2F9470978469F67AE1092100C16D8FC4104DD1E711CF67D5842DE4102869E96E817F9C9FF520 +Test: DecryptMatch +Plaintext: CEA6026338 +Ciphertext: 13D877F0F00D01125447982639AC82AACF30FA0573001DD809C72D0F811138088C6D6D0569E63AB001CEB0339BFB90F7B71F339CA2F75859920370C622C0C4930B79B99DAC0560C763A1162AB46F58D1409E25301AE6D70DD4FA64984FE894DAD2B6401F8864580132664DDC2A57D1AF8AAE43C2759780C8587475F21275D61765251DA8FE91921703DC8DD279DFF4260D8AFE69257BB43EC609DA30DC33526D66E46365F399AA04F34FA7BA6469CA964AD6F2299233424E7342F1BF493C0BBB31FA1C713543D758219AB0F73B9C24F4699415F96C32E2A700669FCAE7EA6921F96288723ECEDF9677EF35702C8C0B71AC27A57624A7667580A2FBFF72818B2BCBA3589DCB686486FDDB50E29E75EBC8AD3DEDC8B741AF80F7 +Test: DecryptMatch diff --git a/c5/TestVectors/dsa.txt b/c5/TestVectors/dsa.txt new file mode 100644 index 0000000..8f31ee9 --- /dev/null +++ b/c5/TestVectors/dsa.txt @@ -0,0 +1,337 @@ +AlgorithmType: Signature +Name: DSA(1363) +Source: sent by CygnaCom during Crypto++ 5.0 FIPS 140-2 evaluation +KeyFormat: Component +Modulus: 8fbb9edf2fd2834b1a9fe97c25999fbc381ae165d932aa521592c2cdcb4318bfb99a2408f118ea874b73704e2cc557fc89a01ecfb5bc412951e86613b0b2fad2389e81ef42f79705fcdc87a9b9dcb1afb44c37d971aeffc1c859be367457ea19d71f22bcaa29752f15242f59b295125e9e01ab582887fa869e4b0f4a308167a7 +SubgroupOrder: cd6c675f1d22c771e7f59020ca0e94078950df9b +SubgroupGenerator: 7b473ffda9ed6e10f85177ac05f43ec666dc6d42310151053ae83369de9f9b331232cbc83bef31166e19b111e46e57703fc6666ac9a571ff053e18f3c2fbc4c2f32521750a941981a55379a2fe13bc78c6a3787f44dea397af63a7ce432704657feb57295ab9711ac7070ca5b7344bcaaedfd8bbddecd8de9c67e7cffa2fa20d +PublicElement: 64f31bc4d5b42622b41326361fb0d67f9feb364b34be67f6b2e4dc1f928fc70e6fe42cd9cd6ce3dc40113e7b4742d4af6fbe04d962adc5238d4d95b7bb67f0ec6592e966517d0a34137a45dc82ebe282c904750e1aa31b62c919b250d4d8ef922b0b0574cb2ccf1b451d7facd075e77fa532626602b32fee6fb334e1c2911388 +Test: PublicKeyValid +Message: 699c4211bcba049ac8d73c37fc3d02241f70b8ccbd6a1225d813664bcd043660847dfba3dca434cf5600afb60036171ea402bfdc3279ae2f6b7deb5fd0810a96ca7ff7ff1a36021d84a92b6db7d4b03f80b1d5d2306cf3af4be2c448725fedd09399cd5d4fe8853cabc84895fb91e4400c7591e691bafa5cd0398a3c8d18f8c5 +Signature: c0aa11b2571acf6fb78dd85148d97ae04877ea1a05d27ab73783ba4efa3a4b7f110cc44c7ba2c842 +Test: Verify +Message: f5373216e55156d66524e39dd8a345cc519edd8cee2b7cdb755222d42ef8f843000e8b69cffa4b0c154543c3bf871b804a904b5e1ed8a1ad2a29f63bc28b2ce5b5706c5fb2219e40dd682951ad7fed1709397d9ea36fa18894ad0c57391e5af74db54d8f479d4989f6e40de05b63b4a9c7f0ebe535c87485ea36dcbf4b897890 +Signature: 33e28ca5be57567a880c52451ec72f27d25b6e26c38216900ef17f0c307fd7614b399ff5febfd7e6 +Test: Verify +Message: 92fe48a60045104207970b674f800f67cabbba0dbc8d1d120b64a4ddc9b149800003f9efbd6446825ff84fae21d4ed00e61d1f5b4562b872d53b4788ba2247677091889fd75ddd017f52075b3610e275d025ce4c366c608eb2a64a567a5688287ae2cd3066e72db701dc0ce6a7eb46bf210c9f59aa646e5c3ddd86bc210665ba +Signature: 95616a85b6d9ff3c9af7264cbbf8b9cdb71404eec47fa7c91291fb93ddd8b0327df74cfae6698e0d +Test: Verify +Message: 18b8baa09b84cf8ec77a1d34d68b0971fa71016ad5b71838350ce9d114c8aa34d0bf8fd9a747615876845f58b2fb55bba757fb08f176901838b7b7042f87924fcf2a1c50d1c7cce36ab768514b0f277cd86b0a4fa7fe7c653cd729f803751b0d8f8f1cde121d47871caaf0f598deb70c0447e718f0671576ba04f68488ab80c5 +Signature: 23c6fde5fd9a2478d99c3abaa61363d90b2c161e847be181af07276e376ce4f76db56dfc3a1f2425 +Test: Verify +Message: 598660449d62f60b1e0581b0c493803d3ba5cb49a5c5d5917f2a41d6d1b6a8f69a2ea94e7bb8334fa29a0f5ffa32b1f291313fe9491ce32ac3044e8188848db77afd10f17a0ef84b5b56a1b5076d700df021de7ebaeec51827c0eab042ecccfacf6bace5f35add3820b04e6a443e55c632ecbec05032149182d52e1a57e4fef8 +Signature: 2c07790afcaf89768f1d1492345510d937e65bca5621811e1b705651a861be1f88f52090036cc1ce +Test: Verify +Message: e37395964c3c1f7b37c99c2f56070cf9672de2f7cf63bc6778ae6532e81f09baa23cb7e5c2af1c6ad32e7e5bf4aaf7f42cbbf4a20a4bed578182660d02f22799db04b8b2cfa31f41f727ddebd88326ddc6b361d77860e07cedd6e1d87e28c53244a28f14ad6fa099598cb1f73bec114ceded21ad53fa0d6d7482ccaa951a5b1e +Signature: 58697e6dad83ddfe43817e5534535ecd78a985d3928e271212165dec4e76c8025d531ee84ba8caf3 +Test: Verify +Message: 24976d350993351696b33cf2db5440303d5a722cc2d25eeb9ccf1e20f57ec060fa8bf4a22ab9fafbe0bdcb971f5b86fb9ec41e79142e42f4c6b58dd54e71ef4eadd95cce9458b3c5ef2df19ab38896e9e9e35801fb9e079e3fdec0e3c1a7559b5638fdb1dea738edd9bd06f12d144873366f76bc0f5a83621f030d42e857cac0 +Signature: 7488f2ca5fe2bec2c7a83e73407411c9e89bf8cd594d4a03a736423ebd913c2b98a21e445bdf70f6 +Test: NotVerify +Message: 430cde2feba0256295b6366211252174a29c9bd2b8e6db8fe97fb9ce35580a247be8364a37741b077e9f275d3b34b1f2ab3397c2171b1e04d177065972aced3c5201e6a648ef5900a3ab1e4f69f2d59bcf1488a0f84485b8f21e7508ef7ac1eac070269b97ac9726fef3539012f647450557a6c2d4fac685448d3e32235a3e06 +Signature: 7500d2fe4b2943b4da93490d3bac5c344bb18eb550975ead0e461ec33485e11714b4ceab478644b0 +Test: Verify +Message: 81bd412f4f9c8f8b7885d9fec9b013be8246d4284121dc9c2fbfe59a6987af1db141463855cf96ef6031325800b961f2378a6a46c65722bc565ab3c0e993ae15814354790fa8217a9efa9a98c0a6599c39c95638ebf077e0010f5be860bf63df4abc032a559e47e58bd8a9f6e3ee1173e0fb2d378762f4bf87d4764aa483e631 +Signature: 37cb9d9adb92a7e74365f9e4c4857a88a6fabd200d955dc76333b0ea9c1b2f05fee9117c79b10d09 +Test: Verify +Message: 84652beae6fec221ab800bf6303f17a47a84278a1274a2b11f40569bc58ff34ebe28c5a138e4b1c7eed4731989ae1728397db5038f8970c59e84b16353f8a1b411ede5c290de9e50f7de9fab3807f1b6ad238530f09e384900ac0c6591b6a530b30b03e2a8c47ed4fff80744f5219e650cce0eaaed8bf0547b0edf3a39a3f8d9 +Signature: 194a79f399087d977a29a3eab308670b7b133acf4e8b43068639e0e5e37d7ed305e32b85e30a0a22 +Test: Verify +Message: 9cdf6e966c37794c7b3dd6234e76d715099128caff3d03917a4a96a2c703b19386cab41830f5b8ffe9e9fd6b88759450e4714d2f6298e413bca267cc13a5ea6c38ae6fff379b0f8e253b6e562ca95f45d4e6d3b694b6076e99bdeed7d5d9dc7b4bc275c49ae0d5f2c86c015d51cb8eed702790d7ad50c59aa8d203392456dfba +Signature: 7b427233d9e49dbfd8ff2a7814dd99cbd4533d67155696b215d593d5ac3989c8927850601c0d453d +Test: Verify +Message: df577c9f2370b362f86a928e40106d7b0a511d5d8ec619776b82d57e1f195b4bc7f328c619d2490e9fa2b6ed3681ef7cc60fd51343f7cb74e5be0d37a3cb5078f6b89bc0ccd86532ca09f0f7c6bbe5eb85413088b1571e131ef5b6063e5355bfe23d8d6733993f24f036f682ead7871fbd7fe796d0ff4dae90be88c4e8c9a276 +Signature: 39a7efc692685eed0c3cea8838c026b39367c6f446a16258906787af9447329ab99e821eba53cb89 +Test: Verify +Message: 91042eb63d47c10f678bec836f98630e13e707b29c98b28d47b1443cf699e97018d4aecfd500440e7f11134c35c982b1d97b86473500691869fadc89974840f7d2ca319045565573a0fb630bc87576a8bff09460d1027a2500e3ab28b2eeb86d995dd1afe3418c76a4c0f5778094d72c9dc04ab4c8947eede6e3c6cf9d83e80c +Signature: a813d89e3de90f1ce1b77a7d6c629e8f83296aefb8bfe1194f914797d08b53fb59cb9186935dc10e +Test: Verify +Message: e644b9a45009da8248611de174b5613dfb4aafc0a772740c38f1ff480bb23e69ecabb5c2380dbfcf37b1093eb8bf4c3feea04a0d8b270cbd1bfb5a46a2487bd279a62e446649e80afb6b502431f6f97544765f4ad13f24282edb8bdb0ab635bc460d1c421314cdcc4c66eaad16b3e078b6a4e48eb21234e62b688c1d7a56e6be +Signature: 4e4fbbd84fc44f0ecd6c163fa292cd96051ca51764fb5626f8ecbd8470faf6ae5d79c731d9a3497e +Test: NotVerify +Message: d30ac577ac767ce6eee34ccfe09f0278f2faf8d28f657cb424ca7f53712b7f040f7eb63643c784ab02771af64405693a8eca4a21ba22ee1b09c189d96c533a0910583e53283e5693ffc076593d7eaf9e79de5ec9002296e2e4cacc15492cc26beb52b5c4f414ca17fd77b6ee6245ad1ccbec8ec2f89c4c81cc9ca0019deeeda3 +Signature: 4ee3704d4bff39aff0efded0930cf28ff7641f089280f1d0e38a186075e91d73a5b1e7d028340fe5 +Test: Verify +Message: 82bb8073af3e53b8ae158f342c4cae3c039dc830703bf0e893dacf5d280284948596bbd0d3a00cf8915f96464693dc328507df9e27607d43c426095b74102c90c494fc24fbaf5a628ef29146e1ce2c684020182f1e00fb338cc6d4f2fd5ed3b739ce7bc89e05f6cf9fe6b88b769558b72c01ab3accb22291e3d5667a3c8532e3 +Signature: 0b0b366b23090265e75752fdcde1a7d76113653246e0da762e25012cceb13859313e469f4dc31680 +Test: Verify +Message: 12da3a70153655976cba8144f67dc21719410fd136aa69ab4cc11df9eaa955005ba0e5140d3955f643d82a6cfc6e7a222376afc1f8309b4dbe1dbdc4a6bcd2f5fc839f9e9020fec967f12768a3c14130b0c529b3b0d682c129f1fd00eeeceac94b7a0046746269ca30fc1171c2ed30f9182416df371436bde63376e49ab2b635 +Signature: b43f325f82eb07dd2cb3a03a022e8c89216e820da743c216ec6eec5bf445f12b2d326d52e38b90ab +Test: Verify +Message: 45a2799fb193f3adbef66b8035318c5f7eb3610dfc64dbd1a84b87c0f082884ed257db1435c4cce38711b30b9dc8f4e5c7d936a7330ee36984b2e172b37d8ec925c401f80ede802305d93d4ae85e56dbf3e20c7b1c0f4216b17238253465893f773f63e3f4bb07846fa781d6cfcea858382658226e3eeff166e306702e1271c9 +Signature: 238f01011e1b3e7d027af353e06e2138f5a40ffd3d7a78d55c95ea3b94ad82b8ed58c308f7db5ef3 +Test: Verify +Message: 6cff32791fa0d15947fdedf67508fee334d1739512e15ce3ecdb5ac17f56c43e2cf51bbb0bc8b06d34e894164a4dc0ff48f3863a902d3716314916e278667de7bb914ea061279d3c36679b57ee56c6f4f7d84fbe830bcb80d6e71ee2cd15a565b00ca3a13972eebfe4b2da3279d966bad8b7a69a0533701873ed4a36951b94b0 +Signature: c9194d5ca3dbb424faae51f66377836a93bc55ab1d481e5eb9663c7033329d82c13af868f4a24efd +Test: Verify +Message: 37a363f2ebaa01fd1ed7902a4804c8fa46845b63d82b947e59a23073c0e97da2d72db113bbcc8d2095a6336197a744d83a923d5eb610134dc1f80d6f8de1e327fce615de26b88db10dea78599f79615aed9b906fabcaa236e8106a180e94077b1c65462c23863a07003b19e858935ad7d9360d6fae717a8f4480fd443c1a21f7 +Signature: 9ca210249d306006ecffd384f87c4dfcb1d466e005d877c2508475bf0074c4c6fffad6e123bd5dab +Test: Verify +Message: d3b14dfc79ab30cae8e40dcda6bafd6434741e6ab1b9e0d2cd4e8d80f10f176aac3126ef61b662772f31fe4d21bc85b99737e961f5c2c9e28a7d02aac27f7a19901529d8163c687997617e509f576890719ae9aab1c3d3e3524b9434c384036655d56d6ef035db06f7eaa68e78843e22981437fc3eb2950bff2e59d54a154b8a +Signature: 30cffe077d2330f111eaff346634237473feb83cc522a5d20c75db7b4c90c4e21583e1cec8e00f29 +Test: NotVerify +Message: 69d5980a58474652bf27388ea6041f9e0fe688ea95f59fa745682c69bcb1c7ea82e75f19a773eb669cff6e4d549b31219b323c1bb62d16a33c65bfdd344feb77706280b229cc51afdc571dfc6495c35f5953c8e1a83d0b1e73cec7cd2b7bca8beb20f4ec18abf2c437073cb20f4b4def00232255a27ff6b3a17b3b50d88fdcbd +Signature: 18eeda64cc75f18f58d43ce6b95eb3918a521bfb40c1745a38f985d294caf2d86879528678881191 +Test: NotVerify +Message: e0ac66b23eabe745886613c4698c79478f484a43f8dc444e7e7ee215a673c29ba56a56b4b41bcfc1962046ad66132d28a6eaf623858f028c71c3cc4bdd34567d54ddd4f0bf9f97dff31e3def7edd1769b39cdbbaf3f28b283e27a5d7fb548cfc04be365ff66f1717b7164e8148210f83cd1951ffda3db89a0062c5af980a3c8e +Signature: 6db33727b795d286a69ddebadd6e09c527bcb1ee596915b6fc950549beed350fda40a4c1f52c6a34 +Test: Verify +Message: f9cec4d6e1f2c2285dfb17d3ec5d16edec0da9b05ad12d62cbcd8f84ab4ba73eb6cad40ab44ad9a079d7f8221c544d89778a6d50df713f5f25bd1a3acdac1f6a8d0fd92c0a971459ce62fb958dc675bc995dc189a3515088b3e9e33f6b54e59978b60b9359712a2954b55883b54b475c4a9ddeb31c0a19b66f6922ebfcdbb0a1 +Signature: 947428406add226d1dd8db3245d00617b152921404ee5ab8d4e840c87d26073cc4d144a0b51e19a5 +Test: Verify +Message: 966d6fa1ea1ae8d344037a48420d6379278133fbc0c25450974fd9105bf988398f652ad373c511c830d2eb02470dc7c63b3865507d0fc3b0994ce4e4a0dae337d55839d99bd14bbf9eba37be412de0e348653815c77acdee4b5d97d646170062c03e35ec3cb8ac73e8b3f6b40ae5c78aa7014383757a8bc4037c881f2727f772 +Signature: 63137ff0730f28235e87cd5122d22a973035869332ec538d5be6e2c9c0db94f3c012ae4abf3af9fd +Test: Verify +Message: 43a8f0b5992db54d1d65acbf72780493d1af881fe95f9f14f61b834f201ac1df16e5f252eb46b845306efc2b5365655d38b71c63155dbf8193e9a48623f64fd19ecf36a4205fb4ad26594bd2e6a81e3cee19aea80147d4ea2fc700c23395b0e411bf3342f050a09c357f114be21925492e2cb58564f5d666010c0f9e09cedc31 +Signature: 1bf8e80c8183d00907ce80e74989d84815db85dd1654a6d49f74c020a83e8bc931a178ce18056f57 +Test: Verify +Message: c4aaf1632b1438752e9790c89cff4773932d3fab0ef710bcaf41794bcf5c0ccac49e1a3c7143dd2b1484e4e74cf6c4006925fd06f9702a8090276e2ad7e41b74d727a3378835c4ba9533efe5727efac4a14d073f4089b418d7ec8526605a8ed0987c65cc85a3471948dc893b254f41b7d0dd36cefafa057d1cc796b58374bfd7 +Signature: 5fa8964b471c76211e2743c4d993e793dfa7239dc84a19bb3fdad2162a8c98a2434c94213f3a163d +Test: Verify +Message: 739d44364282b7bc61c62188d07e0ef12b907960a740f1764ff8ed7981586c04a47ed0ef2b97fc7dcfa6adc508941762cd79c05f8d2aa15d6e037a06c5f676b7d6d40069cddbe4e0fc81aa18578030ed2d22860929cf0f1389d4d5159d762c2f82378b7a2067a73f62efd159b55a91e8c3248438714773f01704b57fffefc7c3 +Signature: 1b61d79c6b33e3c3394fff6efd641405652033690d7219da8475faaabce3e395bc720d70c60e12f0 +Test: Verify +Message: fc205229f11c877b617739d9ac191773c207ac714c5e2a061a917ad2cde4827ec628b5924eb8e19a06b4357a927d920e8171130580e8dfffc06f2ee5a4449a89af12a87faeed963b2291676cf0d72d984c7997f8e207ba96472924a5a0161f21915542a769b33e978b85e7681f20814bfb964d03ccb25404893674cb1954a87d +Signature: 283d55c038d4270e71ae39db618390f17675478b704764d1fe352550054076f4461eb6da6174dd17 +Test: Verify +Message: c343029ce5d70a70251b50cc5e784126dd65e35080940f450d5cf435d567c9ce8a9dd2cd5d5096c55ba95f2f0952f2b33f6490b642942d24259aef7f62e2ea29b4771bee372ca2d5c30c4428850421c1e0cfb2978323068acb1a3d6b5be34550f9a9d416acc3a637141ef8ce09e845e7787f400d7a99120eb5b4d611f8c051db +Signature: 0cdabb09213e0f09cf01e0329bba5661753950fc92e681173a6eb46c02d00224b50ebca62a248faa +Test: Verify +Message: 5e126ef683f3b61a39065574bece4ad82dbf4d34495f40cb899dd2b163717588ddb683795244ac758252a3adde0a0950126e9984d26a96a7e93b72c780ffbf60ac9d5b553cd8d831c1af2a9edef79426d13cd42942d48e204c45f611cadac252e3804f81d8e612c40dd5423e56cdc3d285e1561b31d400acc875b885d73854d5 +Signature: 01dde9613b9ce3c29b3503c19c13f863f27ab71bc0844476b3860ac891f9ce374aea6c24f517b8ab +Test: Verify +Message: f799a6b5a7bf7c32847fc243cbe0166f5244a377c43682c41b75530e6342174fade751e751885d10692e10858b11926ec626788fdfe925b2cd6d625272a13c899ce41e3c3ccc2f84e533ef6088840d9a6e448bf777e415a291c59ddb7b8d3cdcbca9450bde23ab67f0a6952c3bcf3fc944b6140502bc0a6d60983d00f69dcf1e +Signature: 0fc64023e095044c9d2d003a555e2da7aa5daf413896cd4e7ac774ecbaa0e4ece8e8ccfa053ab62e +Test: Verify +Message: ae0424ff8fb19e8842828a3cd51c93e1123e0c4ce9f9fbbc1b326979295be9ad7c6e6783d62b337ef8924e1b95a3f4aa77546a6af0d409e483ff8b89d422958fcdf0860912c47f45a819b36be047f0538a806ea6580bd83990bf99a6f6c2682cf98316c91df69796a80f50639082a093a5b9b139fb1580739a692b0769b47b3d +Signature: 6fbe751842e02a3fc3726a5d8298d1a7adb799a02d897597f4c459d28e9e25cf447b8cdf50001d21 +Test: Verify +Message: fc5837b228cd6c963b52cabd227cf61b5a1e6ccb4baff71ae4f971da7904bce5d94201efb3fc28912bfc9894b87c307a414f8653784e5fbe76056e3d989f51bf990fca68f0813aa36c00646a0e685fd5278fdce1b2af9a83f41726ed5212d82072180bb396339ce235b5a5dadb187b434335e50fb2aa9f829685108260354721 +Signature: 5bb80b35dad17648220dbe980a660effaddd7c43ad3584318e835c355dd7bf2f5510091389c42914 +Test: Verify +Message: 689eec3b665d72447abe64d4ddd79b7b73cd171bd22fa8689395e0a3d9793997205583d449fe912be240246ababb1859a5fdcdf48ce1d9ebb928ec58615503c073ced04ca0306948abf231ddf33e040b3e0ca7eac8816e218b872fa7d1ad67b9f841ab1c85ab52956d0c61a69f18b78ad5317a739dc6c102a2ea82084038bf7c +Signature: 3cb07367288036891a8861931e5b2104734a6e7e70ffaa32a49032b968805dd0bfc9f1989da22b12 +Test: Verify +Message: bc4828ec0810c7a43cbf028dced7a5890803681f86238a28f296aebeffc7f561a4fa5d6c9a595ab7193ab38eceb39fd220601f6ea5739efddffec8b93b7da7a74ba705014376fde4b375e33a844a57ea3583a43f56a55f9745723c4d287b34e82be7d584fb82e98183094b6be6b4052abd05ae6b92d0034d9d8cc550bdd8d27b +Signature: 67b214ed56ba44ced95d3d9e8c25c99331e3e973a3099e524473ccc8d4256f4ff7de9674a369cb57 +Test: Verify +PublicElement: 19b80e6f0132bd24dc0f26acc6a30445c4deb4fe7394440ce1ea0039d9c8137ec962e54b09d4383989baa288129e551e027477965ba1dbca0b6d586e482325f09a0fb16236d7b4ac3a3bb822a7a329aefeb91936f4b8cae38fd1e369db4f3f97421277533724d27e39248de3618a662c4b757cbbea2e3d805116d3e9d0ab3547 +Test: PublicKeyValid +Message: ceba9387e7ba8d55f8010aa2e8ed7de2c8310df67951e1c49c5fad18baf47dbbb571c2d26f779a79b8a564a07d9184252f097432728b0cda080212effcc3052612c8266e6f2bc88e85e6dafd42cab20679bd1b1d9038a27b6b001e0199237e4cbe37d81441ceaeca363d82728d8f9ebe7dc41d6c2b4f3ee19fcfea07e90c8364 +Signature: 84d8e940de14bfb65b8c0e0999e296a1d3c51f18b8bd79c57d826d9d200a6e38e52490722c6ee201 +Test: Verify +Message: 7b9058ef673b23e5b6a3d97784b898e0d912c990449be876b77b768da6443ba95b5fc1849db70e0482a4a1cf901aaf111b129e8dda38c3e2ccd758204a03c18b6d0500aea30b76a48c11dca21b0a82c9ea54c62bdd5bd71bfb8bacba897c3fbf68590f86b191d55c8ec285095ce2899fffb03983845a9eb9fe6f68749a082ddd +Signature: 7d07f3033c1c841466eeb641ad899ee247757ca067ab38f6f698ad0cce5f26517da7bc51b8e630fa +Test: Verify +Message: 2404a0e4c5ff8fa11c40f9932c8bfd3bac118eee53085c8e658cff857eb56b029ffa907876c65054f258a7fd07e01512bfd850df82a02820a65dbafb3a13d9380f01b9c3093ddd64a49044bcc994cf84d30cf602dd84accc4f2a8fc1a8eb55458ed173bc139c0f494aa028c80ade040a0166da50fdecc00a77aad8d16175b7a2 +Signature: 793e491940787f4e76495575616901c1c77d023342569cb8bc96efcfbc9746b3f51c31e29b221b02 +Test: Verify +Message: 5c311c167d2e3ebc19fbf7ab1c619d8ac1611152527a953d2137eaecc6fdaed79c13f4fa76f224bea7cf162531676a3a4c0a2ab81beba3f9aaa681222b122a8d724a5c77aef60aeb69df73eec3b384eceb157063dee88dce64dd72d4473b4fb2d6ee8de59bd3a61d5843465e48dea37894991aaa130a0b9246f3f659940ed61c +Signature: 7f76e9d084a9afd5c390271261b316cbd1095e710d1b7e4503188c99b8a8d851b130ad240e31f0c3 +Test: NotVerify +Message: 9dc221be2ab612b2ce6c7fc8b739af7fe740e9601f3201d3094a2444a488e076f52c7727ec7665e5949d2f307f0e6ed171e71c7a4cb21f9f3c661494239b5de7470e6d003a5553f80ae385b6aa3fef50a0803ca1f10d64264a93761e6f47a8e2e95e9c82ecc9f5a186361a930e434ab5cc05e10ce5b9e9218bc9e41b6203d81e +Signature: 332a2daa48681410763f13c3b127516c861bf1f187504d8b3bb1bd11ecbf9a9821f18466c10f1859 +Test: Verify +Message: e4354b9c9bd98d62fe629486b6856c96f34d2fa2460200c5c25746f454d32a065f8153049bdbe1b32ff4a8600de6aeeb8f7be7174f1f2f114c06893e3a9997492927596d5bc92a005f96f8417209c36316af59d9f41450e4eff0445b8a8e52ba7d7ed56e927b6060c59ffcc09bc5a313c33ffc80ecba5957e56deee2fc895471 +Signature: 65c2fd8a2635d6942b4b833682b29637eff64d80ac5ba18491bdc26d1c34d70a2c4b680900347d1d +Test: Verify +Message: a090ca3eecf8677a7699f42b16428445a3cbe74981efd6436d66620185469e959b9c8c0dbb464672fa136dff821ed7a2db6874b97bb5810691a9f1f30f22180df6d89abae633943ee56c08ee6fe88eb3bfd139c25df7c899e8e60e3d2647a3b3497cccbd8477a9d7cfdb9d71f657036ee83f0fdc3e6b01f60a559157e36e9781 +Signature: 19b4876e4043fe5f5a58e70b1560b0942ff4fdba842266a6653a6aa1550b91f4ba85a3b676a3659b +Test: Verify +Message: 8e2ecbfb35ae99dd004f2305cb2fe98c81edcccc13372e86b98f4e526d5dde4da43ae6fd4f7cdd8812fd0516c43107832767cf49e95faaaddb0e9f2a70ad0b1b790880ac1f05df022172b3a94f14d13f47ee2e5f70cf01d0341f19ef82ea805a832e51de9b61d7a3a346e89665f280175919a0e59f9e69463d5b757a9a2d7662 +Signature: 6d67367aa1caef2722c125a30e9e08ef7dad05a015893ec3c395c35d81944fe2db2a660e4e60913e +Test: Verify +Message: 6d3ba912c4bc10feb611e15965fe814bb2d5e5de67705a1ca46e8e6a8cb2e3243018f57abb7a698bdfe3f9c08012bd6aa033bc9f8bd9b351433f24b12ec0a3c3fe945c42e1cce9b6eb9153d4c099661686ea3a9b0ad3ff4131280800a2bd1b8ab125f7218fac27b8b092064d7d8a13863c73788a3c56d52344a051113ea1e3b1 +Signature: c56d1aa9f30790bec01fc07e5816fc6f44ab659898a959ecb061b4347e7f2be6f2df97ba33043a00 +Test: Verify +Message: cf2010dec81c60bbe408df2bf20f465d259a5a8d2f7920ce9c566318705c69950423f1281edf713f50ca8eda93cedbdc2378d6929d192081573efd7500520cc6799247edf3323e4849cd902aa013aa273daec49ea6741887fcd4657e987aa511e5450a467e6c3f7088ebdc3451342ad729141aca81e3807843f0944e712bab0c +Signature: a6640671721cb21d86265e30cabbc09ba20cf6081b4a5c7928ab3a53d4e291bf6049e8bf8418f6d6 +Test: Verify +Message: 4b00e4324ff7fbeb0fc48a6c83de82d52da1bcd1eb6669cffbe2bd824fc1d7971383f4b67d96d5bcd4b56e36c480d021e05d58e0788e197f9e93882773c267e1b725f38f919451289b143633316ed687fb131041b930d7064e0de47a10ac9a014f9e39b5232847a87b973c5b63e16d7f957d3aea43847cdd24092975bdb5496f +Signature: ab2f5b0d5237ec1b7e6297700a7c06647a526cb069c8162c513100008fe0dc37d4a8c9639ac94cb0 +Test: Verify +Message: 20f18b1eb4ccf98fa68c10d680f1536bd5c7c3307cb13ede0e3717afa213f74dc8b8f4fbc324ef020ce7335e03744baaf8a824495a9964d63ea00ace13a9467ca4ba9b264fc2337684a4822b81841f004c51dfdcf193333cfd77c4de3a184db0ad10b8f8ce3f7cc407da369470b88647c8d92d43b73864e942d37f388ff7c3c0 +Signature: ae23d943a56fc60ef381a2a5c056d24e472e9e906e4af1bcc91a27800b99b7cbbae8d4fc303ada82 +Test: Verify +Message: c9db3284c5b9a283f38da98655485939d5662045b325ccae3207df72838a1660f22634364f8814fe9f0eeeaa0483e9efea1ce25f74b37bca264268d6d3a3f6dcc986dc063cb347a7f08220db2b97a060dae317b302d8f86e6aec29e287518af0a8f2c32d62b153363ee0d650a2fe9744fdb3567a370e5a5458fdbbce770de953 +Signature: 06bd46f7ec091697c86e82497dc184139a988e3b9adee67ce3d87d739871fb1cdcef9dc6de421615 +Test: Verify +Message: e2e5fc81619b215141e12ea9544184e5ebabcb3834e96dbad2464fb5be7bd22c5dda0aade2be3d59e732a03147e04da33f3c8854c4f23330278e8fb0e76b356bd7de54e071a22c827987cb05d65708e8ac09bd43be2948d304874443881f84bd874852b1c421e6e52f3929bdb77eabcd6c68e29dda66a4bba189e807596fb93b +Signature: c86708f91828158b1c129e48ccc6adfdccf4997e8eb2214c24fd4bf4edd8ac1f3411d77ec65321c2 +Test: Verify +Message: b9a5127b9995a063f3422d3069a4b22ff9b7816e01ceeb3f933733f1fc11b3ca8f694d49b79c159a3ce93c59d555408befc452dabd54071181fd43d8196863b1cc0caa32568fee84335c841c298068b919cbb19e06233412662b7815a916da6408c501af8f2885196ed3dbf17cdf84af0c047632f5f4ca39dcfaa81fc5d370db +Signature: 0461b5dfdcfa1f9be6e7528478e2785903f0b8990f2354209554aeedd246d231567b06c5f81e0842 +Test: Verify +Message: 38da1e2a517a87304f85291a67e7a7ea0e637e797fa1a122707b58ac10845b7d44da2afe232eaf49b011171ad781edf4aab47992dc2358927eda5d5df9ffa75a4da2035389c484278aaa60b1f7630ef97d979e9a48935873c2929892904ee95dc9c7610279533c2256e7bcb9c1a4405100a5a367ba08d81db43bc322cb885adf +Signature: 3e7f697603dd770218ff55f027a8fc980763b6b9bbe84a766e0e55fc7c23e4f734d28f67fd73e14c +Test: Verify +Message: e431f4fc91ec6111098c5de4532c76bdd3ab9a42e92c6c10e7ccc69539a38f31cffdbe8dcedaaf3b78a3a68f592fa1bcb4f663332d94bd38b8811fc7c10f60a69da5cacb303a6af0e0159675bac3bf76e459782d43ebc7896c4dac0fd009f0f224a0306e0f06296a1858454ecee06722394bf4e88129223adda68528bf87d74c +Signature: 2b2111694dd96095c76bd18fbce8f720ddcffe6c8d9c194e880b0abfa44bcaee6b97addc84c519de +Test: NotVerify +Message: 2f3e3407e1c3e585d3f87ecdf8ee45321c8d46ed84410565c7e282c1ece573acc5c2bd688ba53416bb5894433070bfb782b7397b9edae229a653f2780b993a07e887996aa20bbd73be101bc203ad318fd18efbb7c0a3b4057c08cfc3e03535825167c0255d4ef73495f80c60a8fd1352c1ec85b822f6f59201da10baa310dbb2 +Signature: 88ed45212439c0cb86f513026b72002cdae6317544b95fcf4dd1eeaf460edb6f5891080272a3b31c +Test: Verify +Message: b3b7c629f3f5e85b35f7b95d9757a8dd980a2acc68fd9f1b74ee82af328cd5a62ad2ccce45a1b8625a9c3706f6499a066c6597cb1e88309f0afae3a298d4130ca25bb6a5c5994181e73dd00109b59a074e8a95794cfb65f993dd8be27cb2cb863409dea709155933f391dd4466d38058562f7ccd8c8f17a02850d267775fd58c +Signature: b2101fe80d5d71592eae972be0cb7f67e0fc2950bf60fb12b91a1a63d9f4747c1d92d2712cc33300 +Test: Verify +Message: cbf84e9aefa950d9c997dcb571a50e25c09c7ba40e730a1c28e112109621b4090b057b442c3e339a86ea07afc95fde5f4a37f765b99cc34e1fd5039d1b1122405d74d5336360f17273058c25da2b5807633f3c181a9d3483421d6ad294e09550bb5c93bf0ca6423b8affa46e1aa232f603cd8113a90e13958ad080057925c612 +Signature: bb80dfc840147d79654ed993f5266da74985e2225e7f5d61266fb1caa2deb06fa3bebd930122cfe4 +Test: Verify +Message: 3f1ba8edcc9ff1dfe2c25c860202f927af2188fe5bde071b8fef797c5f42f96c0d75001bfc94f37ed912f06a040adaec45b6a3ebac30d901c96974960d67de3f80c34456a5621cdaab73f788d5a9893b2bbaf68162185f7f09efad07f6609df7f0fb0cd59e8284a8b0dd08194c591dcbbb2519f7540fb04ca97bbc06f1a44d4d +Signature: 06c8b4f82b1e5429a07857ad5a1753f1d7cb43b345bd935a1f203ca2e69fcbd2321b295b1ed3c2a2 +Test: Verify +Message: d0b56cf1a2bf4845544090bc5440efaf864b8ba6205a03e5cbffac3af8d50d067f28988a7fe0ab7472b3c7aa8f8b0f5664350432b44c80168f65f0bfb07cd6e11b9f7e70f7d9ff2ca961766b33047f2bcbd0f458bf02e95a8932e8e22ebd69f6dc73953bc3823d8333a21597f8833546f374d1aefa5438c9f1be0b3c2970c05d +Signature: 035b9d105cbcce5d24fc186ff52ca07663ca774e057e6de4f5cba8df8b24cbd361df4878c6ebd3c8 +Test: Verify +Message: 82f8b357919acf5ac548e01bbe97782acc131a157d1b616364ff6dd32c5993d1dea9453a6f343e518e1ef301abc636554b632d368cdc7363f3ec8cb67e768e95e6260eb7354a491989ef9440274005b0c31b63ac0ef54c3081efa52d6939470433a8e745fa9346a94ff39b4e47ba3d31cb7495f11c1c44c2a54190b0055a1416 +Signature: a4e3cd2cbd2151d2033d0a56fa7d388af1e050efbc23bdd5fd17061234244d0a9511b84525e719bc +Test: Verify +Message: 5e5dc7a9fad7608fa377eee0d126a5377bfc0b9c11cd19b3b7f88f25c36c984f78fb9f2a05e3707bb99a933b88dae649c4ed794e143aaff1b911923d02b3764f0da5d244bf375b61064f62854e7b6fcc42371f85c57b3b562f891aaeccf5396c93f518cd23ea579b032f12941b2279186e71b4181aa7f63b91f7df51194718fd +Signature: a96a7dffb16216ec93857df38b10fc73c4792e61055a3d5c2aea3e5193113b7d0bfd81f6c3b0d01c +Test: NotVerify +Message: 9f8215298027d29e4128e75b86e6343bdebfd7f0f60bf417ff57c49a5ce1e14b9154d0be68c5cf6765ede1f56ca818eeb1af228be19217d68ef98202e01cad0b7a7f328eabf3bfebd6ca2999245ab4c968b4a13e52a6f96cd8ef99d0e1c17f8f347d5352a1aa39616e36d6fe04f1a104db476cc0a33e3210b4b022bab7c9ed0f +Signature: 7956b42cf6762bfa1d84425dbde83554a598caeb6e3298db6c225befa59a9840faab00f16b662ca5 +Test: Verify +Message: c196e14d01a2abd6dc046801d766e076cae2539afa2ab5597af92c35c4bbcd8f9378923503069f2dec6fb6c17ba1f7cc1355dd4363417607c881e2e9e5430ffe80b2b326a0258ad7e589d22f270c043a530cd480823f6bd35a23e357aaa804d2411c3d360f58e66c7f29b56314017e5942df2f698f7c0b56eab727964b4222a2 +Signature: caee28fd1cc548ceeb7141e3255c6043751425f2c344e1ddfe08ee2d42ae77391ed03f9baa195aef +Test: Verify +Message: 7d8df5288388272a7473d757c078a6de15994fe827c215d0bf2f6aa50701e1e2141c566cb5445bcd7b78e6b0098d399c9d0f12f5df541530eae276569803ebbc13a7d101997a9d488f4686b7c98b7130185c1c4f157c8fa42ebac032ee8a852891e5c0dec862c513c9950f659aa824129f39c5ee63735ba4a36f9e31a1cd889d +Signature: 75bb8dd4118b861c56c6a56bf00f194b9296bb677ea7ca4f5cda2855253f880473d5aaa8196c39b3 +Test: Verify +Message: fca73579a6d91eabb3401ed9b9145c2bc94a7066a85eba514a62046a95485bca536c2a5678659828970d253c9fce805fda30ab5527a0514a7783677b867b0325dbf979ae0303bc120947f3913a615a9717695ceb9ac1ef1cae1d2f29e9d33e6f8c655bd8bd4c41420307c22e0365a4aa790fbc80795849a0e84993cb36e8c482 +Signature: bb488822df803c1b8b424169ebc82e4638af6d567a7d2adfeaff0861631adc4c602a95a7ea8a0c00 +Test: Verify +Message: 2e5dd807911f65df6c7b71c9727137156df8fe02af3c1e19bb1d51cb35e43d4e07483eb5d5a1784ea46b1d41c6fefc66088c4b661f5bb5165044a710606dd893bb43179de8ba59472cc902617d20744eab2cd621ca4e26f8e2578299da47b24ca247faf8a0e41f815e8eb8617150b785acd1376a868c8878c94c799e7debe530 +Signature: 02bd342623b4f7cadbd88af72c8ccfb29f85042d4d2d6853d6a7769f2ed879fbed85cc6c7440fcd3 +Test: Verify +Message: fd149580b4d7b1e3799006d6c37974de79658e074d2d1cf4585ed124f7204986e569464099642cbde21cbaf5c16d0a01872dccde2f96bf81fef7711c599b37b0e6fa6fd3e71ff5c4d359e4ac36258e37cb5bbe53d7992d48c8ed42f90fc60e793a1d88d156e00510849ffb94da79f7987d49dcfffc0e5d60ef98bd52d07ac6f9 +Signature: 52c97e4fd456b9a2141afde95fc0ebf4ee2a509f274e31f5a6ee2730194eb09532d7c12583b2413f +Test: Verify +Message: d1197e08ba9f4654452e42783e664e3c7ad5cd9de2565149c0aa8d5a49547d576cb9d369da79a5da560856d33e91c2565b0cae7ae59e6ee7da31d891815469b93954b621879c168e5f4a8e84b313fd3d3a5989eb828b493039bc33dab88749e3d12200a9dac0f16afa2dc303b3a557e9b0f53668d1d5381b748477ad07a573ce +Signature: 41b31f1faac06a781ce424ab9ec6cff44f1e015bc7237a3019af5d73774a0b60345b6ed2293b7fa3 +Test: Verify +Message: 78cb9e8764eae88cc7bcfecb525617286955348da2e9c0958124677a7285334108c0ee2475d0b3404940d6806fb5f7c965c06166bbe3a9b7cfe18316c74be80acf4766af95a4c765011ce6b839e8cd90d58a139a60d675f60f42b421c570ae2647fac001bb7d5b5367e8e44da806d2d6324a03ff87db5ea9b9e0af75630dbfed +Signature: 62a367ef341b27a22c1ecb52dcfc34180902479129796872ce1b0cdbb678fcb0df10b1f37da5ac9f +Test: Verify +Message: f0e673b363e13da716f3288bf4b4993d6ff109e72a28529ce9453a2eb69b3d5256249ff7ebfdb3e3ea1d659040550e46c08d7979d03d3165552a0ee8db63ffa0097b19454508e148a35cd6ad14834226cc7d4371f3bc14f391e1a196b3b44be0e361f854c7fa5f0d18299399c635cd1469387e86eb9f947e74e20dee9785ba4a +Signature: bd8054b1502e66908555110fc569ac6ddccdea0285a04c81b9ed46ff160a26eedfeb4a8255147239 +Test: NotVerify +Message: dcbaca556bcbfcc70d2164b348b037467071dc423c11a549aad8d06716ddbee49668724899a84daebf96084efb29f246e7bb6ca967bba2ca82948bca7dde246039c4e8e8cfb593af694f197d6488e164a41f46c8364250b02d81af4cb6f2f9c67da6254d454c4860c3248e58bb277c395d7564bae2fe299263753405f972b7af +Signature: cc52d6498a412d0b801d243e37a0291644135294bb91fd182f3458c59e60725b21436a401d534497 +Test: Verify +Message: 901bc4215934ede2f6835d615c38953a95cd48bc09a249a30edcb412b37f5cd4c9ca75d433d383da706382886614579471a97647acaed5377f511241697fe0c90f42b735865abca8dd1beefcef86930267abe2fd143ef25c6f79e2b86a314a0e7b3ce23ee90271c35661f9b58ec721fc8f8ae2d6d88b768cf70c7e704dce721b +Signature: 69fe1c37cddc2db194719f80d9db24c60618f5e99cda4d645d1be7c3c4ba192c5d8606dc9c2cdc61 +Test: Verify +Message: e524024ea5f5ef7baaf30efbfadbffd9ca00ccd03d91c23a612e8d3c67ab933023239253c4417cb0d5cb934c7370c193d0d23a03e8d75417832da6766c1c605df090eb4a9966c1ea2cf68e45e0e28828e11f0bd305417ae4ce0b5283a0378fcf438243899cfb75ffa88e383cbacc0c6ef5fd7a970c68ea7839e1c8bb7c94d760 +Signature: 41bfc6a00915f9a7e24e0d4a7a1220aa0c0f3127b0286f8333c9b002a4acba9673717ffb09368caa +Test: Verify +PublicElement: 1dd203bc368c505fafbc02d560b4b9f003d93be0f78a11fe60e94c406890ce920be3fab9d9ffe84b80f3fdb9071dc602d7c8165fb62e346847b3918d450b3dcccb4bcff0ab98e3052ae36d1a65caa37c7187bb620c5147870ef676091f5199be871dce4fcda065da9f3568fa70edd637450acaa7e42f128b6a3a0519d86784d4 +Test: PublicKeyValid +Message: 691699d5c945a8508a41c3c83f768406a904e3bcad75c75e76becc40e67857f0435fd8d61f0b5f0b88ee6276718fcd2d60064b0b5ab7d48d0c5377f23b0c69936d174f80d968c95c8ca93f7bde7cef3914f2379e574c202fd5f12c1735af62774136970acfd2fefdf068f20e5cb403e31dc140ad7caac5fd298f84e6aeda5855 +Signature: 9c2687d271c475a3ca252997642f12c2494e6e1612ca7c28dcebefb178a72071de741a27699cbb58 +Test: Verify +Message: ad15c247a6d92417670bb015e2c56b2170d449feaea127d898600517e37d88639f43b0f80ecfd52cbf34e83deff0e860208fa308fb9eaf7463d2a87cdb79ab9c1a221341ed8973544dc5d405c0b530d9f5a72ff69a4b20af81d83b4bf47c151b560a65bbfbdff6a74915ec020fec3ba325746462458072a12ac8351de75dbef7 +Signature: 3edf3214d7492ead518c21641cdeeaf11955cf2c9fd41dd6990a3d93b5b996dc65b4480102910be6 +Test: Verify +Message: fe8aa91c3ff17c55cfeb6ca7d7934f00e1ea15bb63b4fb9d8a94f410486b559ea1eebfb131865289026c0f7e8d058e780e7be2ac0d9dca9929f91942283868ad3cbafa9c9872ef8a3303ade9dc1c8b9b7f11c0afb6ba8b5d9391a444ac07e4e2682730548a6eab50fbe91c60dc909d61cce2853b76c398e25f926e8def8f2136 +Signature: 454f59ad954b584350b19484ee93f3fac35e5a21025acec86b4d2cedb998a838f9c3d801acf7ff52 +Test: Verify +Message: 53bd313ad31f55de5bf21a35c1a6291bca8e6e0b206736489726884da107c1770fd273f10a707fe051af70d0b5521b5fd25d75280f9fb5f2d880aa1a1b0c5e3e0140ec2bee959f09bccb4cc633f7f2c0ccd08fb6a73645f0ca04aeae9c177ccea19f55c277a5eeb212dd66ed34aee5963080758bdf452099e34a4bdf1b405280 +Signature: 7408d817a92cce7b17409ca4a522ee8d2a05bc6ab21cfaa6c48819dde84f86090139f18c389ec906 +Test: Verify +Message: 8d67b965319d7ea31ecc8f7538b0042c8175e4de45b0eb7d869b9e3aaa918d1964cae8d5e05846f63261b131009ef5006f152a824c137f957c6c4a31a6f64d081e444b5c159fcc20004b2c5245f8ea982d862f1906fd9d9f98cd5beaca425e57954bf9b22a6ca8585f00199160b47c2c93410c5ccb69ded3b135ea1d706d573e +Signature: 3c2251163492bf6e777793020a5010959d84a258b28ebc211aeffb54f4f99500f88cf0b2eee180ca +Test: NotVerify +Message: 8fa0b50bd675f973a529cb90f5a7be4302794ed969f31dda80a16e0ef6efe2d1ac177399d350aec5463535a82a7374d6c4b7a3ae9ad7fd28cd3f3fe0b69e6363c0d29eba861297352d5bea7a031cddcd582561a29dcd4c60bc63d678b7d751a683a92d8727132c5c1172e11db8fb6fc2789b80cdaa2e841b03e52ced2ff12632 +Signature: 4d6e667824358fe066bf44377146bf2f5f2d92d2adc0aa673fc3912c3ae67bf8d0c529fb1c25776d +Test: Verify +Message: 17aeab19d1ee54e4aaaa66144a82f1a348dc53f8f1fa9d1b575c44389e580c5883f8315b2d14d83838b1b679009800f12b3a92c179c4638ad07e28f4836a475fe21900e908d0d6a0e0dc44097a339ed18d4c45d24c400f496e22f556789bffb54dca6dbbf95b2794bae667bb508aa4bb86cac22401a779d049ff035715250ad1 +Signature: 570867e6fd129769612e82d31a833ddfbb9a07833815df754b1db1c729e7a85fa4bee867dbcd42ce +Test: Verify +Message: cbdcecd18c9984a189ddd576261b6aebaf3030639731cd79ef7a3faa2af4b9420fa6bb84ff7f701d69624ccb8b73e6496ba1137f157444e81618224339ab687d81c300de67436173556028bd62eff59850f1896dc3611d9cc43c052476d28695174df4383a7f107c43f0a0a4232750af5539c98719900f6ef0fe20a65802cb60 +Signature: bed7f5866b9ec24dc7f0ec818262aa7a2197926c314a353cfdb5d11c7e57685ddc0c1863b7915521 +Test: Verify +Message: e8cac9ce0ef12933d72bb5ec654590ae24739b0b378f75d32293d3acb85902ef4791b9c603032484b0072f45944210c79ca21787cd9dba1feea5dcdf74ef5dabae66e81531eaf9bb86ce2de21390ce5347da9f760abae4ad641eb5f46c9385b6733feef2721cbf8eb27748fbbaa8e40b7d13c80fc55f0c35daf6f82078bd90c9 +Signature: 35dc7ce798a62cf86653c31306ee9dc5a8ffef2a8c086ebe25b001f990e5f511f780ad9d7eeed027 +Test: Verify +Message: 95f01262b79dfb8fc98a0217a661456a8b97042d6dd524499daae53a9a70e096377c44dcee8a528083671634dce0677820eb21640f14a2b4a22b8316e32c98b10f6f2af6e91073aa61a15b34660f722408d22e05d359666567b50e225c8434f655203c46620958279c914bb1fbc65e897ba4a2a96f7c697325a0fff6bb50ae7f +Signature: 9e75e572e76eca4859c954248a01d31921da32e371ecee37eb40aa9c13ca2e65961359e4466e9e72 +Test: Verify +Message: 64414cf10d118df7436add5cbd54ba23e8af55f7f79d44a22b1369ce64ba21fce90cb1c274acee4981062d07d9276ab859debca30814f90b5969a5f3bd1120176ced102775ed0d4604a58cc3f42e0e179540891fbf8d179a1760dde6a1763ef7861d4298288b41e66481d30a2620fd36330b94e333bff649fe2fea1e28a3d493 +Signature: 212c24985e37ee89e71cbe6d6012b89fa181db569227db91fc0b6f557f377e380cc56c271f7cb77f +Test: Verify +Message: 8dcf3f1d21a4d1e15238b6db0e89798e66cc62b60e7d0eee15a550a2e56b47387ddec07aee02cd471418a77a9733c21b22f82ec5e1b4365741a533dfe382b1c3e24cc6314659aecac89eab8ac93c1cfb8d4edc9abcf2de891b95067786844acd32b0091b21c2abc2e65f7be29bbdc1862066230e954c3edd1a0e8044c68a49af +Signature: 7add75db81ef8d210f6dad09da3d11381324430bc473f003495c0288a42fd93957dfa5321bdc3d82 +Test: Verify +Message: 0ee654428677f6fd59e6cdcd1406dae8f753dcbca966a88e1db8ab5abf9bbde6e47528287040f8dac93f865cfd023fca2f9dba5d4725fa07da6b004a57fc955a73595573d773007c096afddd9987309e8c78fdc10dca9de053aca00bcde3c3dc9508f5dc1409a41bf1e04c0a408d429ce85abe9d554f285260f3a4527b46e0a4 +Signature: ccfd740744131a05fbfebb26edf96572d3475d6441c042287c109e0aaa4e9db694d074889cb55dfc +Test: Verify +Message: 1a21fb1ded7d167c9a590c8bfc4abc10ab1aab159476b834d9d91e24ebb8aa84e5ee3ee72c6b87214519fbd2f70f1630a2fad519dec7735857966237e8db8d46f6d6cd6b0f36aa2bc4095337c4e7e03a3a60c6e268a29b2d846f0cf6d33e1cbf04b09fc1cf37f631ce010cd59b2b91c82b2376896b5ea94b193c1278e438ce87 +Signature: a07b8566ada6bbd54b5fc36b4a3b698cbf60c1ee912a5197ba6e98bd4777a884d6bc66022020de8f +Test: Verify +Message: ffc7c4abcca3dae4c21b311e6fb51da2262e53dd491ed515d6cd216d34549a1c40f836ea93c36aec17645380c949258bd0fbd9f2bfb9135727585115615a5a7e9a4ee6541f678a86eb60e72c6e8f14c4a04848af4675cce784732002a42f6c6c25812be108c8132956c74718f6c0c0c5adcff80a7689d93c05d5e62c960aa95e +Signature: 60b09ca0f393d3398635c5075d114429b6cdc8bcc7e66888f49148be9a9f96edc5014b106de6afe6 +Test: Verify +Message: 88fb1d5c4fe552db3d7213c906f74702fc102d41cfe636138ac123fbcbce5fe743319fd36e4eb8bc9355c0c7fe0c69b27de19a7c182f4e5016d0b2b82de57aff08e284e7ffdcb18c1217009826cbeba9843706ff8fe9d66ac64bf073fa7253cad02307f07927f625b1d10994f6cd87bd0b2aac23acab8638934a1485ab0ea11e +Signature: a4e8a3e21168f000ced52e3a35573fb6ba82eaa164813969ad388163d2cb861f472e7cbee985e0e1 +Test: Verify +Message: 4593c65d5e569a3d1369a916c8e6d4f541080dc192e7e51447745056d5b7bc1c404852c00e0d8b406d32f75ca06e4aecaf74a87f4fb7323a0f63d1efc598427c38e963670f15bcb7fa0451151f05a724c747141d49954caf37562916c8c4ba7a866c908a38e7445912d74d781b240055e078e8d457f9492b1646ef03b5b43ccd +Signature: 8c8e17b621fc67bbf36704f2356e7755d960fce3a52357c84b778376dcca9f92c91b9be575daf7b0 +Test: Verify +Message: 6180fb71de61a23cbe0d4383386e0170da515bbd67512b41ef03e0bc2d63fbdf257fc89ffe625fbb1d43da8c84efd80d6974322a1a0ffd4d1158c02753acf7bc0edbc8b2721304dacf0d6100f176f6efb9a0f8c8fd69b385a16cccc9f667b5ea52ed7141f14c8ab10cc1507638db532f012d232fc6384700d7977b39ce6c2f82 +Signature: 4156c005b5e099e4cae1d24a4ef35ae0749e4cdeade8929a74ef00f4f57e18c864ae6a376d8bdb55 +Test: Verify +Message: e52be63c5733b8e9860af61ee50f73e7f679522cd72f31af10ec93469c938e5b35d0b7a1e4f14b18c9039f442831caa9b659908b22ef92e4e617b4a54ffecf32ca7a981872e2d011d72fae3a11538a9306d9cbb7f8bf12de5291a710b3c625ab3b5f621816bea1ca48c4fb78b82f0b9b7e32d92a71560994ec9145ffe1a4e7c0 +Signature: b07e9d17a45cc2ceeb1fde1299ba0d6b3bcbe7dcc50e823d12ae5d86972fc6e21d499d38120d7638 +Test: Verify +Message: 1b223eeb3cebfc1575b37c5eba339ca55ab86c9300a64fcfe94d4f6467f1c06f9714190d5f060f84abb0f3b0e89d4db0c04abad218af03bd480d7fdd9afaab1405ab079e2a82334590d84ac71c0c7f85d4ccf76dd5a3e62992c4ec894f15b22edd7fc0789775a2b29dc33c7d5099697a0ed7db3b2f9b2f6c40084f3e7e590d15 +Signature: 199d5f32d2645a1d46ef1cb3ecb15a34eab59b9a8c3cbf5810966097bb9c280e812c22ac298e156a +Test: Verify +Message: 7296f7fd229c0893a84a5b7ee87a034416e5ae1edf1e7416d6c9df5f20213cf564aa2175ed32403f220e6aca2893e747d5d3f579d8999ed427a7bfd5aa2f55a1258f0be16b5102dcc163e0d790931baa504e87a3b1991ea00b501067089f0b498fbeccf8f4f1e7a55fbfd35d7a7239a55fcf7d55c0178eb2583eebcf936af626 +Signature: 5e2044f956599ab077c91e0f9f9408dfd3c458c61fe6edfab105b1f711919c0b43bbb7557252b193 +Test: Verify +Message: 7279097dcfe09b8615d3275b713dced645da08ef435fe783c5e888676fa3daad07bb933594886f78b6f4ab914530c28d2e9967f48ae5c398ff92f09d5c90b6c9702d850d2b42b355f89cf68d5aad25f4c5742ba5bfaa4c62372e9ca425b3bce164a8d81dcc67deb494a20066e60b6da3c4434b191a06f87c249482950362658e +Signature: c2b345d1c28a149215db60952dac2854103f0260bd4994a0b35394474ab82958d7ceb406f6285f4c +Test: Verify +Message: 7c9b50842db0de693441a2c13323de1369e251c07cd49c41877ff69b672d142642ce53805a0e28cd11b7ca313c491e8facd7e382fa241e9d93ffc8df05dcb67a89b4cac6d01e587f12aedb47558ed958fb5b14898f43f284d15c2f46ff47c1d866050b4c2a1947fa52df2dfc172ce9e86d273ccdd368f070584f82c8eea60bb7 +Signature: 363c61fe40b4c0a4f06908df5c46d8a9c98dee71cd1c56f8d7a16c081712cb1b8c92cfd00464a3e7 +Test: Verify +Message: 0bf43670b5fe01cb48e75a19b519f324451ccbb3d85d8ef15c41311b906aca6efb48ad5027e4cdbd23e951f538f47564ea1da4d133c6d4cbfba32151db0aadc1137db703c975faf58471481ae93f677fb48a2ceffaa5d6579d97ad7c1067dbdb4da98ae01349404c659777e04093804f9b7b9a63a5934e6e3a340df4a7180d96 +Signature: bbefc869907609019f4a85294aa854961e51c4884c235f4cdf85c4c3e0ff34069183ebf0ef50bb9f +Test: Verify +Message: 419ff761987d7257a0bc8817abb4077986972726e6ac93f311cab67ac91747fa7d021871b37f1bf8b082b55e6bbf4709b1a0fa099986cc7d2b44d82b4cd9ea5bec6e43f47490a9da6aafb38767d753e83bada47a5eacf6a59aa11758f665e4e6e7db1121b22a35b5253b19c7767542ce7bb7bcb10c972922b6da0b3aa1334e56 +Signature: 29becc5afb5ea31a71b4169b91f9594d0819de2d409e4c0c3bfe8e2ea53e98dc1ad4a72f3e3081b9 +Test: NotVerify +Message: 31c4c31942471dd6583810807472b62ce7cbbddbac7de47f08d7bb4b6024973f5adcd3f4380a4ea571fd227f9133a22a53829698fc88ba0dfa55746fbe58d6d0d687d43a4fd3c7ba4acb21afdd8f72542df89c8cc90553ee4989d8112713f619dd1e3d82407a7d2c1cfa87a8115f20c1ad84454ecbcca6382bc95dc6532eef31 +Signature: 3c999e56f7ba49e48cb72c76bb7848d4562aa96dbb8c5a3adc19533b00cb2a421fa107b0b956452d +Test: Verify +Message: 64a5d78514c2e26b011e7bca8ae480a2770cb50b03bb6fac29db817c30fb6bb87a68c225898ddb885288bb62c70e43f19f8198646850d15dd08ee5ad30d6d34b595e1395a4593dcb3493f8c98e4825055d454dc87f4249b1537e3067469c869e9cbda24d7cdf602d3f760876fa497fd5498facb15f492d9f4be23c238d05dbaa +Signature: c3a0e8c6df40bb4d672d2438f4f770c141054f1e0b6cd25a0f9d0de138d6c8eb028ae0b23dbd2720 +Test: Verify +Message: c4d9d647a62a699ce00ac9c55b2197a796fd1e8e2120f2d75a50cadf671a9c2c74a8f7db2ec5a549802e81058d1c95f6ee0e78c92ddce79e82f9a3f3cc088ad0d3a2f934bd6661c0ce4327a26402c2c432171036bca8f8da13df464ed36dc31f5a5f942b4a25d55741e07673d8ec556adaae9caec69f5ee387996dca72617e71 +Signature: 1145693d535af4e7b13ed5801c2539db279007dca94800d15c4f2d184c71cf793feab7e46c52121b +Test: Verify +Message: 9981198067ce9d394f53f1233ee06b86075ed7d61142c04f3e54fdcf1ea280f454bf5b76494113c6107a2ae89a76e78e1b356876bc2aeb0582f459257e5b145b368e022d539bdab38d2fae7cd490baa4c1d86b333c74b3b86edd8c25e995cbee1664275ddfd489399eea969746277b00d0c0f8c5e919b09eda88af89b7473ce2 +Signature: 57f2c2fd72f077ef67ceaf46d99753bf796a4712a018b08a786d4c40136256ac0a8618db7dd1eb28 +Test: Verify +Message: bfcbe3e18f4423b9f21b33fadb4763c2e4221126f11b6c79099e6bd9714008000a2fc249edda520144dcacf16c2e3929488e540ee82a03a65c92f723d2dcc6aff61967778bf8eefa46b98a94eb55bc45aaecd9c7bc6fc3d13a8ee4a53de46be03c61cb82a2f8703cae8bc4fa901362b1c2149a6aa440258f5b6a2a76ebae712c +Signature: 5c141ab2f4ee5a513c4ee7e9a5e770f294859b1f6551d44ed78029dbbebe181a73e2726f1b553022 +Test: Verify +Message: 839331e55e6928503c36c0530394dea50f46f78d7bd8fea1ae7894c02a136b4e91b3fbaff91869067196b42fd32e22fbcdf0eaab2b9023af6747ec9f73eddd7bc555ae1fa4e8260ab2844750ba97b8ddbc7773ec3705afc6b68310c09eb20d6f362fa22ef71038d316bad1ae500678c2f594e847386e7c60b6e157194499d4a4 +Signature: 0ad3d7f5ea209ad35ba4a0a17e16483c50f5e4953a692ea71730d7c5c4c13feed38ed90759aa2e86 +Test: Verify +Message: d4fdc830db8cef7540b6b3ab242cfe3bb59004a3f3c61b60a37cda1890fc7108093249ae98f9dcb7ffaad62b79e76dd72fa4fdfbf878e8355523aeadac5f4882c5ecc97583d638d5e309a8aa3a189925ab4a9348e7e601d129c14b6d7005381bff4383dd13bcbba6e4ec6081df583bfe229afee237aa1d0e156eecb05485f9a9 +Signature: 189c08e378bc9feb81891706f80a9fcd1f10725564e3814342937391e39f8830eaed6702b8579e3d +Test: NotVerify +Message: 3fb043ac04c26a1d06fa3f3638e0ab0a218b5a74c36243f4ce1278c606d02b44f1d1027ec6069c17931c6463adb495be5de08e2fc8de583e1f187513085bebd04d579130c4589a607e445f1e33d57110ee17df67f524c4b4fb1f150a896fa955aa3d8afbd6307bb12168c99fa4b957b72c29e45222aca00dba1eefe460827d8c +Signature: 65ab093718776e0b945e5fa24014468ee40422b3688c00beb21593dd4785c90b350e9471a5dff538 +Test: Verify +Message: 155f0682c1d481571fd2d93a6bd70e5e2a6fee3702270f03d7b40d9c2c65057eb8c6521448968747d5ebac49e5a4be9f270f616d49dce8061d4287b4ed6fd7c41c368bd6fef47163f9c3ac8fdce330317f657e209c19a2c1eeba6ace8858e86877072a609cc638c2c3b24fa3086c5d2d6cc7bde8b3b6344b80762c83b4f73082 +Signature: 90e0b86567a2b176a74a817d52009c2bb553eb9ac3694f997c5f70ca3936b6d57f1908868ffc7518 +Test: Verify +Message: 4b03e4a77dd910d51e6c170faa228f3d5c258c96bc44cc986a0d244629292ca62ff8277aab6d353e982bbc62c1e113c815e371812d0916c41ccdb83076a03043a38c651b6511796ba83933c18afdadf6abdc3ef6b6baaab230f6896280d0f50040f97801c37c3456e7cd54a31c2eb3bfb54bcc6c6e0de2583fc270536071d3d3 +Signature: 999adeab789df72dab3c86e115140d0dbb4905adbebe59a1995fbc73fc678a8ca89d7b6cb644569f +Test: Verify +Message: a59d6636f5dc1fbe82ec2df71a90657f5ccbbcf1af6e69157de03b45b42e3c227f53877942c96770d450b1f500fd64683e877e87aece219a56ace7e19d01823b07f9981733a1dea012aa7324697c7fc68a7e0c654fa524cb573b2c1a84f18074b52850eac17cbba7b4932a5e4d24eef1b84b1d62880ba9fff824c2ca63186f26 +Signature: 30f81281e18c995d53f02e6d04eb988bb0b8bd3f1af1a7c8447c704f06d7379dae2ccf95ec13edd9 +Test: NotVerify diff --git a/c5/TestVectors/dsa_1363.txt b/c5/TestVectors/dsa_1363.txt new file mode 100644 index 0000000..712e5ea --- /dev/null +++ b/c5/TestVectors/dsa_1363.txt @@ -0,0 +1,553 @@ +AlgorithmType: Signature +Name: DSA-1363/EMSA1(SHA-1) +Source: generated by Wei Dai using Crypto++ 5.0 +KeyFormat: DER +Comment: 1024-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f02818100bd670f79\ + b0cde98a84fd97e54d5d5c81525a016d222a3986dd7af3f32cde8a9f6564e43a\ + 559a0c9f8bad36cc25330548b347ac158a345631fa90f7b873c36effae2f7823\ + 227a3f580b5dd18304d5932751e743e922eebfbb4289c389d9019c36f96c6b81\ + fffbf20be062182104e3c4b7d02b872d9a21e0fb5f10ded64420951b021509b2\ + 940496d6d9a43bb7ec642c57b302e59b3a515502818100a1c379ba91fe1f9d52\ + 83807b809c698bce4aee6f405f4de8c46becf33c08a63bc5f8088f75b5b6bcfb\ + 0847ccbdee700e4e698652317bbd7a3056404c541136d7332c2b835ef0d1508e\ + f57b437de60675f20f75df0483f242ddeb57efacd180418790f4dec0a8250593\ + ba36f17316580d50db1383ea93a21247650a2e04af904d041702150355dc8843\ + 45c08fb399b23b161831e94dbe61571e +PublicKey: \ + 308201b73082012c06072a8648ce3804013082011f02818100bd670f79b0cde9\ + 8a84fd97e54d5d5c81525a016d222a3986dd7af3f32cde8a9f6564e43a559a0c\ + 9f8bad36cc25330548b347ac158a345631fa90f7b873c36effae2f7823227a3f\ + 580b5dd18304d5932751e743e922eebfbb4289c389d9019c36f96c6b81fffbf2\ + 0be062182104e3c4b7d02b872d9a21e0fb5f10ded64420951b021509b2940496\ + d6d9a43bb7ec642c57b302e59b3a515502818100a1c379ba91fe1f9d5283807b\ + 809c698bce4aee6f405f4de8c46becf33c08a63bc5f8088f75b5b6bcfb0847cc\ + bdee700e4e698652317bbd7a3056404c541136d7332c2b835ef0d1508ef57b43\ + 7de60675f20f75df0483f242ddeb57efacd180418790f4dec0a8250593ba36f1\ + 7316580d50db1383ea93a21247650a2e04af904d03818400028180255cf6b0a3\ + 3f80cab614eafd5f7b2a6d83b3eafe27cd97b77ae70c7b966707d823f0e6aaaa\ + 41dc005aaefd3a0c269e60a665d2642f5d631ff1a3b8701bc06be9c44ab7367f\ + 77fefeec4c5959cd07e50d74a05af60b059ad3fc75249ecf44774b88b46860d9\ + c3fa35d033bcfc7b0b2d48dc180d192d4918cddff4f7ebcdaaa198 +Test: KeyPairValidAndConsistent +Message: 66B92E1E2C44B80F7BFA +Signature: 06418D4F24A8059553951CA062BBD6E0833ED1745608E1158CA4B8F8FE1CD2AF087B5EEE08FCA0D7A63C +Test: Verify +Message: 973266BB0A492248082A +Signature: 02BA236FE800EECABB85698A76B5485865454B3016010755F0E1BF7CE26FB62BE4FD01141F5CA4144811 +Test: Verify +Message: 9A6D079ED0CA9D8B40E8 +Signature: 045BA3DB16E6B910DC89A2D26096625F757D62077D049886B85EBC7500884B4DDD1898BC52746C54F68D +Test: Verify +Message: AA34DCE67BCDAC927DA6 +Signature: 0835C94121313842ABF04D4960E711D1F0904612BC09840989EEAFF2071522B75957DEAC801574BD22EB +Test: Verify +Message: 4EDAC08816AFDBF284DA +Signature: 08E1574E5299C910694D17075136F41EBD558D1B1805CAA3B6E98DCCC3702F286E76BBD29435CA2CEA5C +Test: Verify +Message: D82F2E903230962B8174 +Signature: 0366F1AE94FD2CDEBA4EE879BB8923F0E49CFB921008E6A5C7457E88811D46DC7F297D6A96E909268244 +Test: Verify +Comment: 1025-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f028181017310bf02\ + d70ef2cee45d1cc47ec8ce8cabdd6bf32a560975a42ef057bf9dfd553bc9368d\ + db154a55d855edaa755e69f511a4c69ba78571cc4b14ddbb0f32a4a9c56c2863\ + 05aa21ec4e35de7390747477b3bd574e7b87cbebde2f665703137a1172350ad2\ + f48a0884d076ada9db82f104e6b0ad86693cd4adbd0067639102fcf102150b39\ + 49dadf3196f08bca0606f06443afce2fb1d02f028181015f0f6d1729ef2af723\ + c00e36450a04c7e7681d65b74a6417a53b3eb6036989eff8e0ab11a7ec3ce234\ + 0b7c7a92e1a977aee52555c06c12c4cc28496ddc2598feeb7539ce90d3888e21\ + f61d7f14746cf67d9fed373afd97e2483700e300ed9da25e7200b363a4727ad2\ + 01194b36ea5f816cf83488c3e527d3a5515870d2da63d6041702150696b0f255\ + 468b7ac18e11632f208ca86383a46724 +PublicKey: \ + 308201b73082012c06072a8648ce3804013082011f028181017310bf02d70ef2\ + cee45d1cc47ec8ce8cabdd6bf32a560975a42ef057bf9dfd553bc9368ddb154a\ + 55d855edaa755e69f511a4c69ba78571cc4b14ddbb0f32a4a9c56c286305aa21\ + ec4e35de7390747477b3bd574e7b87cbebde2f665703137a1172350ad2f48a08\ + 84d076ada9db82f104e6b0ad86693cd4adbd0067639102fcf102150b3949dadf\ + 3196f08bca0606f06443afce2fb1d02f028181015f0f6d1729ef2af723c00e36\ + 450a04c7e7681d65b74a6417a53b3eb6036989eff8e0ab11a7ec3ce2340b7c7a\ + 92e1a977aee52555c06c12c4cc28496ddc2598feeb7539ce90d3888e21f61d7f\ + 14746cf67d9fed373afd97e2483700e300ed9da25e7200b363a4727ad201194b\ + 36ea5f816cf83488c3e527d3a5515870d2da63d60381840002818045bf83e62f\ + 50190374b23de5e4a1d0278e9e8e6c8335577d62e80662a380c206e326819c50\ + 82d321dfda1f905fa5a3ead9a2dc769885a27b1fd6a133185dc5a7876a76ab0a\ + 09fe02b7071a924169e4d2d2a67e67ed3628800134183b962c0b313463aa154e\ + 6437d644e025ab234e63d19c129842a61c5e5ea5a06466c858c81c +Test: KeyPairValidAndConsistent +Message: 2F585D0CE4FA1CD93880 +Signature: 0643ABF8D3C2F4BAB02CF79D698948A1A416BEC05D00F33CC3D41CA9117E6CD99E5DCBBD4425DA12E98E +Test: Verify +Message: 4F09A1F217B8393199EE +Signature: 052DE620B5628EECCF7C56410CAC2B72A5AD1B5A67072ABF369453BC28A386ACD5939C9985C09338FD03 +Test: Verify +Message: 03D7110A753B008A76A0 +Signature: 01D44D16B5FDFB8C39AACEA72391A889EECBFFB5E701EB8F46E4FAB96326F73E0CC698E1F66C32FE5C2E +Test: Verify +Message: 129F4781D417671F886D +Signature: 00CE142CE967BA951B9DE26DEFB5B341CB49247C1308515315449B5533ED469B6470C4E3A3751E35E7BB +Test: Verify +Message: 3E1594F559D1248D1112 +Signature: 07B192657E256B60567BF6EB399D8A2DE8FFF7AE8A031A655BEC911A82049155CDB4F2A76A8004AE646D +Test: Verify +Message: D6F0354F1B6B253B6997 +Signature: 07FE18E0C00F6AC3CBCB95874AB66A98E34DF74F37059178C920C5D13CE173B8D2832310B9587940F6D9 +Test: Verify +Comment: 1026-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f0281810250988282\ + 17d00108030801e5f135fc6fd3010be39e49060a96addc8a081198803402c4b4\ + 6e4ce0750fcbab8cf084c7ca8cae09f1b5482d336fa3af47b96791d02d8143e2\ + 74b1325f2213e17f9384c805f479e52a3117cf84869d395f1bc025c918484478\ + d2da1880d32bc519f4e6b2fd2d46958795550ce1765f725626f3fc17021536bb\ + 68cd95dab195f14c4534283e7ea50b00cc31a302818100e2782ad6992f4b7e88\ + 787b4d616744b60e095575a177569c4a069e311e38b7240c43343367e23574c3\ + 0e4d9f05afe1fbe61423bab715915c4ccf28aa0ed2f52b092b86c8ec1f9d4795\ + d6e91c88ba41297625c11a9e1f4f182da13cf51e541038a1266bf32b2dd81ecd\ + 84bb80be8fdf97689942e944b7fbb6981e00cd680ee25f041702152db270c284\ + 328353f979cad99f4133c53acaa6ee71 +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f028181025098828217d001\ + 08030801e5f135fc6fd3010be39e49060a96addc8a081198803402c4b46e4ce0\ + 750fcbab8cf084c7ca8cae09f1b5482d336fa3af47b96791d02d8143e274b132\ + 5f2213e17f9384c805f479e52a3117cf84869d395f1bc025c918484478d2da18\ + 80d32bc519f4e6b2fd2d46958795550ce1765f725626f3fc17021536bb68cd95\ + dab195f14c4534283e7ea50b00cc31a302818100e2782ad6992f4b7e88787b4d\ + 616744b60e095575a177569c4a069e311e38b7240c43343367e23574c30e4d9f\ + 05afe1fbe61423bab715915c4ccf28aa0ed2f52b092b86c8ec1f9d4795d6e91c\ + 88ba41297625c11a9e1f4f182da13cf51e541038a1266bf32b2dd81ecd84bb80\ + be8fdf97689942e944b7fbb6981e00cd680ee25f038185000281810179b283f6\ + 7868aeded3a0c5633d0e6c18fad77174e2c89c03452593d05e77a9fb029c0ccb\ + 2b6f2328e79c286ee392713f12d9d45578348383b81d11b0e0f7e89965a7785d\ + 5ab64ea25bb73e8acaa8e84cb9897985015757a48c0b1dac3a6a606fe671ea07\ + 3ec434a46f227b8d4b02a46fbba2f6c6216736d669f55778d81004d8 +Test: KeyPairValidAndConsistent +Message: 7E4F2ED4E79062778A2D +Signature: 03DF91D560884BAA90258F0F78A7AB61F9A4A5CF3D363E8DE2EAAB389B9492C2B80C44509BF2372BDEE0 +Test: Verify +Message: A0E35846B5CF1B5BF560 +Signature: 21DF9C60877B6D7F531AAF1C39122779436029685109B2D736A45F51A80099041AA5F118D7D6025AD30E +Test: Verify +Message: 3B138785EFC6F520EAE0 +Signature: 10A38520BAC07202DD1CB5A9C88B15B9579B9A1344025E4C4B9D1BC3AAA8C97AA90121D52E42E59A0A99 +Test: Verify +Message: 0F6BE2AA764B485145D4 +Signature: 0233267173F284737B68D15A500D23F3C86988E3DB28DD55AE3DFEAAA7251D354CB44315D6024CBE3E36 +Test: Verify +Message: 6CD9FBD23EA58826FB04 +Signature: 15A1B0DDA6BDB62D96AC557E3F1F24DCAD0C51EF3523B01EA2A8FD93761D0E4D070BA6352A81F31B776A +Test: Verify +Message: 473A82649565109E9E89 +Signature: 1FE31C3A3EF6F57DE2586A5F2EBD48A5C707092D230E1D217EE0A752EFD9ACA8BF0B9EE9424184B8F8F2 +Test: Verify +Comment: 1027-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f028181055402a8ab\ + e9cda3072ca8601d68032651feb0335856e57f8f8d4ec949098a6459151cefee\ + f91b7aa733668c8cf0e9b96c93c61f3528d4036daa6565646f65d74c4552817d\ + f7e5fb1cc421cfd885e27bb811ad227e81b3fa02f7a00bf01ee6e23fb5572a75\ + f8f29b58bd5f7db435e8a92a923f15d50f34213d29816921bf195b2d0215291d\ + 0ba731a4303070504d8b9615640a5e1345e00f028181051c9d0270b69ceef82a\ + f5aed5f91dc88d585096609d835d03d39cf3ce74f5a3402d4e8e192455493da6\ + 1cc58ee6f54dd941172be3d7642169cbc52273f4b725f1d6c820c3333336c64d\ + 32fb6238121b3ccb7c71b847764946bb0887a44ca9de802cda62efa9dda57375\ + 1084225353f11ed837f3dc25de8374b6fdbfb6e313e46d0417021513b27094d9\ + a5a3a9704cebdbe890da325fa26ad555 +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f028181055402a8abe9cda3\ + 072ca8601d68032651feb0335856e57f8f8d4ec949098a6459151cefeef91b7a\ + a733668c8cf0e9b96c93c61f3528d4036daa6565646f65d74c4552817df7e5fb\ + 1cc421cfd885e27bb811ad227e81b3fa02f7a00bf01ee6e23fb5572a75f8f29b\ + 58bd5f7db435e8a92a923f15d50f34213d29816921bf195b2d0215291d0ba731\ + a4303070504d8b9615640a5e1345e00f028181051c9d0270b69ceef82af5aed5\ + f91dc88d585096609d835d03d39cf3ce74f5a3402d4e8e192455493da61cc58e\ + e6f54dd941172be3d7642169cbc52273f4b725f1d6c820c3333336c64d32fb62\ + 38121b3ccb7c71b847764946bb0887a44ca9de802cda62efa9dda57375108422\ + 5353f11ed837f3dc25de8374b6fdbfb6e313e46d0381850002818103b06b9909\ + 7cd7145c7d7782b02e247a4741f3c7f39233627f17e13ebff89a18cad6a454c3\ + f32f7ef2910384030da71ae47e1c3fa79c2141dad107f8e715e47fb0bb626baa\ + fc35db769852ebbec2d339c3c3d5f2287cfdd20b3b78ea4607086c42558ae463\ + 7eddd6a74bc1072d0f34d9c0130cbc9e84f537e7ce50df502d17b5c3 +Test: KeyPairValidAndConsistent +Message: AE6DCD9535AEEE3ECC89 +Signature: 1BB090DC4573AA79F34181020C4D5B582BBA67062C23E5DD6913CE91482A05716784BA680F7F4AC1684B +Test: Verify +Message: C83A14EAC016D659F9FE +Signature: 182AC27BC4B77B145BF90E73A2CEEC5325941507F925279DF5B6280664CE82248348C3EDC59DCD428B64 +Test: Verify +Message: 745E02041EB487D16CE6 +Signature: 13C4F9AC03EA094CF7F60B96CAAA29053706E93DEC1024EAA1606E13B2C3062F2D6082846D29E6E60829 +Test: Verify +Message: 62F019655A83501FC4E7 +Signature: 077E19089B0BB32A7B21B0D27218C6E1F14AD432181BB76FF5E7EC35EC01CA47595F4C7ABB8ABD6064A9 +Test: Verify +Message: 351D37A4B5046E885EAA +Signature: 21962B09FF030A41251AD592F8D2AF24144B3AC713245AF18BE28F192FD29326D91F12A76A01477C8788 +Test: Verify +Message: 4073D33915F595F4FF9D +Signature: 1F4CF158E806AFE59139E2A9840BCEF79237800C521E49B7DBDF9830C86E7653FC716B43224EA00C883F +Test: Verify +Comment: 1028-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f0281810abdeff64b\ + 6f28256e4562109bffed29cb5aa95d89cc0ec95da0e773dbff3467c271bbb1e1\ + fbb6af058517fdacdf26b5919674c625eced6317d8631c063f43b3ade2cd633d\ + 554913339071d6ebed5fd665fc5dd7d47b80721a976c3b14fbd253f0f988c354\ + 725289f2897df0a15985c92b2d4da8d087870c251c72d979b8304d5102152368\ + e2b864b250ad45406391e7eeaa3d27cd053c2b02818107c325695dfe315a77ad\ + 7b42f0d18f9d4821b5c153fee7385877602fa54477bb8c0639d2438f34352b97\ + c22d02a7295d2b53d5286a01caa919d6283614690624240af922675ccd4a0534\ + ec336cb79cde31b02b5988cc5a53ca17790d67d803a27bb927b9c59bdc6ac794\ + 175e285cafdece6778ab19a0b444747fee20d5bf929e70041702150771305163\ + 506b2b83bd5279935df1b5fcf180b004 +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f0281810abdeff64b6f2825\ + 6e4562109bffed29cb5aa95d89cc0ec95da0e773dbff3467c271bbb1e1fbb6af\ + 058517fdacdf26b5919674c625eced6317d8631c063f43b3ade2cd633d554913\ + 339071d6ebed5fd665fc5dd7d47b80721a976c3b14fbd253f0f988c354725289\ + f2897df0a15985c92b2d4da8d087870c251c72d979b8304d5102152368e2b864\ + b250ad45406391e7eeaa3d27cd053c2b02818107c325695dfe315a77ad7b42f0\ + d18f9d4821b5c153fee7385877602fa54477bb8c0639d2438f34352b97c22d02\ + a7295d2b53d5286a01caa919d6283614690624240af922675ccd4a0534ec336c\ + b79cde31b02b5988cc5a53ca17790d67d803a27bb927b9c59bdc6ac794175e28\ + 5cafdece6778ab19a0b444747fee20d5bf929e7003818500028181043e4ae624\ + 4408879264fe6b859b578218705b9a45af22efded27141b7f090cbcbe42dcf48\ + 1df3e41b13920ae02b694eaa6bfd62f2d3c5d677b8c4ce783cbe2789e088b044\ + 89ef535ad4a517351c8835cf128f7ec677a1b1dbe3ae9cc4198ddb6e1cef8e97\ + 8c0725f5063797bc43eb9ae496286cccbad5d4e026e9edb997d2f918 +Test: KeyPairValidAndConsistent +Message: 4867852C83F181CDD010 +Signature: 1D0F4F49AFA0448163604847C9308A824ECE928E05066D47892256DB725FCB31F93F38B9E02C71E100EE +Test: Verify +Message: DA6493C86D6B62C5961C +Signature: 1BB4A8A1B8D81EEE9AB291C49F688F27D2191EA51B15A5DA66A6367D931DAB338E595C80E70CEE4BB644 +Test: Verify +Message: AE2C1136BFE966794A6C +Signature: 02AFAB91234D08FCEC22E57AB5718FBF41A86D2469012F8476BFCF4EA4E03D9F7A6E467ABDD0B5626784 +Test: Verify +Message: B20160E0442E726BE749 +Signature: 140A45F4933F05807A533628962E42A8BEFAF5977917F2A8D8706B8BE83EE6B6CEBCC951553B4E3203B5 +Test: Verify +Message: 3638935C4492F5CA42F2 +Signature: 234F78EF68343E77710E17285E47994AB599F3646315C37B8CC01CF6BE9C803D6B81B232DE9171DA7967 +Test: Verify +Message: DFB674CA6E0FDC0CBE99 +Signature: 1DF9B1B9F78F5FCCCCC5F698EDDBC8EB28C0F4D10002A052284AA4FBA601D3047E3AA97F8CF73731A44B +Test: Verify +Comment: 1029-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f0281811d0f176b67\ + 99b36724c92954c38d0288fa95400c2b14e064f76a6338fccaebca8d978b93bb\ + 76507bc150a50f9fe799fffe12ae2875b13ac1084ffcfde9f62b86185a72f04f\ + f80538d6eac177edc98d61a517b1275bcf4b57aa262e1702d623bc344db7e562\ + 1c949a9b12e9936e88fae9b200a1f8ad5b40ec8220aa301267f38dd702153357\ + 536531dec150be0ef8747f69ea30d987ff7df1028181067dd80dbc6b41f58d08\ + f077a9a3dcbfe12a62065fe6b4691c457f506b56dcab0433b3aad6ef96250163\ + 3d0f3947b491a1317e7e6b632f062c53104d609c9222b056f08a0c83662a7074\ + 4331fd09b2b42fb0768e52da27e92732106fbd41ec737373fd080b56b543d808\ + d49eeb6e1bb0a8619b1edee8fb8295dc042423f684af8a041702152dcdc00a86\ + ecc2a60ebfa6660a83af1d7c3e570b85 +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f0281811d0f176b6799b367\ + 24c92954c38d0288fa95400c2b14e064f76a6338fccaebca8d978b93bb76507b\ + c150a50f9fe799fffe12ae2875b13ac1084ffcfde9f62b86185a72f04ff80538\ + d6eac177edc98d61a517b1275bcf4b57aa262e1702d623bc344db7e5621c949a\ + 9b12e9936e88fae9b200a1f8ad5b40ec8220aa301267f38dd702153357536531\ + dec150be0ef8747f69ea30d987ff7df1028181067dd80dbc6b41f58d08f077a9\ + a3dcbfe12a62065fe6b4691c457f506b56dcab0433b3aad6ef962501633d0f39\ + 47b491a1317e7e6b632f062c53104d609c9222b056f08a0c83662a70744331fd\ + 09b2b42fb0768e52da27e92732106fbd41ec737373fd080b56b543d808d49eeb\ + 6e1bb0a8619b1edee8fb8295dc042423f684af8a0381850002818113834f0fa1\ + f42abf7dbd264cb7d2eb5798da8972df67f517c62d7ae5070fd588d61db62e49\ + 2f9654833e876ed5737df35069f5ee01a45de881d8f5e68ec52ad9ef32780e8c\ + 453a5f1e38cc17bc5cd061a3c122080f6e1b82d31877e8b08f634f497bd90b06\ + 824eaa0416c64104ce5622c272673d0dedb836ac7d47e0cea0673902 +Test: KeyPairValidAndConsistent +Message: 1E34034C47FE533F8FF5 +Signature: 04E171B845E602A871CD5DACA5738BC4585A452A86108D03D70C3D2D605FAE90DB8D339AADB692EB1ABE +Test: Verify +Message: 53D2CA23AF7DF95634F0 +Signature: 1327D4C32DFB874EA2104A9B30EAF288C7016146D1217C237E0201482E483EBC7F0A713748547F9B6B21 +Test: Verify +Message: 0F056E08AE77B3B30F33 +Signature: 1B4A688745F3D86B0D8A5D97FFA0E31C322EFAAD0A0FCD907B2D49EB8150539E81FF29341EC34440425C +Test: Verify +Message: F08C80E8FD38A3867B76 +Signature: 0972705B5E84A8BA57226C770CCB0ECDEBC816EA162FCB3BA5B3C235105EA75F379EE84187E27A86D21D +Test: Verify +Message: 6D392690B92B3E75020F +Signature: 185968475C67C936CB152F76E80EE22FB82A27ED120C5C0ADB2D750D2C38F0A9671EBFEC2815F675C24C +Test: Verify +Message: 10AE0E091A267641FACF +Signature: 1AC3C2010BFB10CA6889120A23F984FE0D4CF79D1B07578217E5A3C68EDF05006C1F3F1BFB3848E4ECE5 +Test: Verify +Comment: 1030-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f0281812a32d68d31\ + 248024053bf628a94404b9a49d91ade4d7a45b071e93292a7f8c2661d9165f0a\ + b85491d4b0dc67d335fa7d7dd172cb17193390a55eb000aa97e2b8ed3ee64b73\ + aa43ea9b8979132c2d966ab03c42cc14782c96e4284ee1136b8515007ed1b1a5\ + 708b5e8d81304fa651edc715918e2299cfe9016dfec5f454d907f59f021527c7\ + 996c1d3729c4cf1de06529e5619771e27ad9eb0281810d87a4b01385da7f43b6\ + 277933c5f0dc8072dcacd5252e1b29f588114a7ac56e377050aa8174b5dda400\ + f043234e4a746442792734dc80274a00a3676101be94759fc2630b9a85896648\ + 8b12611d03d0b31e7243e124497a754544cee1db10bb0a81cf0b2a68045b76fe\ + 935f641c666fdc788a2b968c6668c669115756b961d9fe04170215091155581e\ + cb7a0a792ba95c772d9382298bfdfa6f +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f0281812a32d68d31248024\ + 053bf628a94404b9a49d91ade4d7a45b071e93292a7f8c2661d9165f0ab85491\ + d4b0dc67d335fa7d7dd172cb17193390a55eb000aa97e2b8ed3ee64b73aa43ea\ + 9b8979132c2d966ab03c42cc14782c96e4284ee1136b8515007ed1b1a5708b5e\ + 8d81304fa651edc715918e2299cfe9016dfec5f454d907f59f021527c7996c1d\ + 3729c4cf1de06529e5619771e27ad9eb0281810d87a4b01385da7f43b6277933\ + c5f0dc8072dcacd5252e1b29f588114a7ac56e377050aa8174b5dda400f04323\ + 4e4a746442792734dc80274a00a3676101be94759fc2630b9a858966488b1261\ + 1d03d0b31e7243e124497a754544cee1db10bb0a81cf0b2a68045b76fe935f64\ + 1c666fdc788a2b968c6668c669115756b961d9fe038185000281810d7d22c931\ + 422fc46505887559a51490c2e367cdb40242cdbaeb23024693fd5c68f6a3307c\ + a34b224457d5aa610b90eca3b39905481daaba7151318f09f974ad664546d14c\ + 87f797e38139ee1e07adba9c775e07b7f7b3edba87d886920d6b2cef5f084359\ + 566b0a3b8b940a65b9ad93fd7ccd1354cdcee3c43c6bd315180498ad +Test: KeyPairValidAndConsistent +Message: 23EEE1D0EA8950B8F322 +Signature: 1800356929B316D1E4FA886CAE0CAD56E32506522D0B8440BB7695D522F31CD87079BEA4CA9F18ED4288 +Test: Verify +Message: 13FA6F2816FB83190A21 +Signature: 207830C2DE87296BC39CD21630F26228F00CF60BC3150CBC82CFA9006534A6C5E354AA281C434A8C2077 +Test: Verify +Message: D071CCC0C6E4CAE82E5A +Signature: 054C9C0C30C6B73AAB9E54C11D4EFC82BD6E8680932501D78A58EE305930E72ACD3BB2565023455DEAEA +Test: Verify +Message: 22CE83F4803BF3EA2C48 +Signature: 07065A6F5C9A086CB83F2F113895730C1B2FE0DCD90FD6AA887B066D685D3DD6C3C0D95CB8C8A48FBFF1 +Test: Verify +Message: 7A927EC7BB9CA16C1B0A +Signature: 24BF344DC7B25F831428078AC0D929A72A29160B6205A1BD4B1B2C5BD8BEFCB650DE23652701DDD4F4EF +Test: Verify +Message: 9591B069993E10BC0B84 +Signature: 0E6E6BF91BBC9FB91FCD3CE32907F5B6AB5E88928C1E3BC92649EDFDFE672AFB654C765F2758DE4BD78F +Test: Verify +Comment: 1031-bit DSA key +PrivateKey: \ + 3082014c0201003082012c06072a8648ce3804013082011f0281814d58515f7b\ + 41c4fc87e4fcefe5cf6d84b2d74a9d6f498ae9605fcbf1c59217422001a272ef\ + 91dbd09e7af5ee54126dd4fc44bb1ed624d0dd5dafb984d52781140bba40600c\ + bd4752d2c32b43253efee57af6964c339570edb24195502e6d424b84bed65ac9\ + 8c6fc52ec90e40a525f1863a53f2fbe2a0a133342eff4337f26ceb93021526f8\ + 6a81a6bb530c2f9b63e3690e95a0894575f4450281811e24828adb4ebf2becdb\ + dcadf6706631293ad6566803d12479f04a7bb20b6086fe81df164f8bd02c5f41\ + 8c1140d143f11a71170b42d0753c952bfff951b9ca4204868375efaa4afad50b\ + 75787e41c5ab9ce8adcbccecd3716f350bb8aaeca9b6098bd0002d789e1f7db9\ + c19d9045499877b93ecb4e7c64808b742063bbecf60e29041702150e61a054ee\ + 6510734a80f67a54d8c4151c957ef16f +PublicKey: \ + 308201b83082012c06072a8648ce3804013082011f0281814d58515f7b41c4fc\ + 87e4fcefe5cf6d84b2d74a9d6f498ae9605fcbf1c59217422001a272ef91dbd0\ + 9e7af5ee54126dd4fc44bb1ed624d0dd5dafb984d52781140bba40600cbd4752\ + d2c32b43253efee57af6964c339570edb24195502e6d424b84bed65ac98c6fc5\ + 2ec90e40a525f1863a53f2fbe2a0a133342eff4337f26ceb93021526f86a81a6\ + bb530c2f9b63e3690e95a0894575f4450281811e24828adb4ebf2becdbdcadf6\ + 706631293ad6566803d12479f04a7bb20b6086fe81df164f8bd02c5f418c1140\ + d143f11a71170b42d0753c952bfff951b9ca4204868375efaa4afad50b75787e\ + 41c5ab9ce8adcbccecd3716f350bb8aaeca9b6098bd0002d789e1f7db9c19d90\ + 45499877b93ecb4e7c64808b742063bbecf60e290381850002818119b50f1eea\ + 45bfaa22352a38f3c3b86d6f670747ac2fd94359608e25f2bb9f602506bc3572\ + 45deeb4c3c702d435c557da4f4a9fd37330a75547c91681fdbb51f286adb498d\ + 1e489e89b2e6a4eb9ff30222c51fefbeac7435f629f536ac2d6b87664d80e5c9\ + 7398cf489a1d1ca217f7f21ea8e409f938378875cf5f528162e3bc07 +Test: KeyPairValidAndConsistent +Message: B4B3C8FBE82013228A21 +Signature: 0E08FE696A4C70B16A127CAE8C61E5B38B7A1F34402584D1F21F71016054E820E3B1BB866309D93A7DA5 +Test: Verify +Message: 17D2D18302173E2CE992 +Signature: 0203C3869E15F8847B58BD158CB746433AA05F201317C0541908ACD5EA78A02D1FAB79380619199CC5B8 +Test: Verify +Message: 8032AE177D6DF38C7E27 +Signature: 1F436F5BC73A3402221B539F1D7CCBD4C3AE948418216122809E062ACF5D6086546FCBB293B4C7510CBD +Test: Verify +Message: 768640A60A3C62E02428 +Signature: 0A5D52C534A9BF1175247538638077489537025975254955F8A96B0CA2E7985D5D6E3DD54EE298C90100 +Test: Verify +Message: B0999CA45B77ED63639D +Signature: 144DDD0C1BE6D96FC3AFFA240FCD6D2AD0748C848F0C8A25AE8AC2E55A38DE9DBBAFF90CF464547365E2 +Test: Verify +Message: 587EDB968FA82C12C930 +Signature: 01FC4F6F98898F3639E8D93E7C2E6F3945120AD19D15EA13EDC96BED7E73A7D5D161217F1C67F3048BE3 +Test: Verify +Comment: 1032-bit DSA key +PrivateKey: \ + 3082014e0201003082012e06072a8648ce3804013082012102818200d551680a\ + 62ebf98f0ed8930cc5b12de86d0a0c29a0d7e5524c24672a25428833f4c19ac8\ + 83ead22efcc0c6823f2e942c17adb7ab763ff2c7cc2698fa8b6448e514d4628b\ + 197721bdaec780e126ac80ac83f24fef5c154f7690ceba903748be5212e3180e\ + a718ca7a71a49dee939bf9bc5b7845c9648d074587ccd3724493b91f0902152e\ + 802b5369c3f1ddfa789bf8f2ad2e048ced3bf35502818200a9aebee7d29f90b0\ + 81afc4d496a6a78210e918bb57a8a21c5995586c0bf20f7a56bb10a97e05a3a7\ + 23e7db64612b12bb591b1fe7d2e46be8c96a7b2ce7c66076aeded938775ae222\ + 3900adaf52a93f52d62173c82d4b67388c85d4c1127e1edf4643cf09f5375b60\ + c19316c4f8f8fd7daea1d8b44a2d03e97c2741537f63d86b4a041702150f66e0\ + 4c5a75d3eac03d744e5432f23e3aea066a63 +PublicKey: \ + 308201ba3082012e06072a8648ce3804013082012102818200d551680a62ebf9\ + 8f0ed8930cc5b12de86d0a0c29a0d7e5524c24672a25428833f4c19ac883ead2\ + 2efcc0c6823f2e942c17adb7ab763ff2c7cc2698fa8b6448e514d4628b197721\ + bdaec780e126ac80ac83f24fef5c154f7690ceba903748be5212e3180ea718ca\ + 7a71a49dee939bf9bc5b7845c9648d074587ccd3724493b91f0902152e802b53\ + 69c3f1ddfa789bf8f2ad2e048ced3bf35502818200a9aebee7d29f90b081afc4\ + d496a6a78210e918bb57a8a21c5995586c0bf20f7a56bb10a97e05a3a723e7db\ + 64612b12bb591b1fe7d2e46be8c96a7b2ce7c66076aeded938775ae2223900ad\ + af52a93f52d62173c82d4b67388c85d4c1127e1edf4643cf09f5375b60c19316\ + c4f8f8fd7daea1d8b44a2d03e97c2741537f63d86b4a038185000281812640c1\ + 88055329f0b44aaf80f82f7fc7f0e421031834dfbd1fb6d6af6ab3e1c173c901\ + 370a4ce2793c1b88d12f764c58ff064905da9c5001f679c7508972f237bccca5\ + 6524787466a7c9c2d6bb6392963008ed1a3e4cf3b13e66086bce3a4ca04d8cab\ + cf0cadb4c403c7d02a858460d04350e730289cb5adf200b5fdf1198168b5 +Test: KeyPairValidAndConsistent +Message: 909068BEFFA43331FDC7 +Signature: 2CCCFF8A67073E5DF643B61A5AE7A5BC216FE267E713B9005F69797B44ECD33BA5DD87461B5C72C50390 +Test: Verify +Message: AC8AFC7A1D9105539E10 +Signature: 0A2BEB58D806EECDDCBD590EBE4AE5AE7BDA326EA0072ADB9FA6A6FEBF40488C80690A2B1DF141BACF91 +Test: Verify +Message: 310E40311BB3F77F9483 +Signature: 28726153B52FE75F1FAA4C97124EE042065D2C90B50B43F885FC45C42C3ED9BDC4EC2D36A2799A041C67 +Test: Verify +Message: 35455ABD53E6FB11ED9B +Signature: 15B3D6ACA9EAD5AA1501ED201335AF9B46657A4CBF00D19328018D82624D4BD9B22D645429B385DADBCA +Test: Verify +Message: 95FFA73B52F0D06A0C1E +Signature: 2904FA8F78B6DF0D15A08714C8F86B97532A9D13B617EC03F329DA20E42816CCF45DBACB432B1F5011C8 +Test: Verify +Message: 1E9934125DA6E9B4E975 +Signature: 1666A3B9DBE26F2AE3F9BF7CBF47989D87AF82F580147BEC8350E21D4DB0691074F63B85A3A7D8E82A8D +Test: Verify +Comment: 1536-bit DSA key +PrivateKey: \ + 308201d4020100308201b006072a8648ce380401308201a30281c100fada6e4b\ + ecef964a85caf9e129639a5616ac000dbac59bd50b84bc8d464114079c34c5b5\ + 8d7d40027faaf037c6a649c527cb002d3a716bdef62b6c94d7a47a8b65c2ebac\ + 05da09e40cdc417024cccba267a98f4eb69701a276b4f117662b566605c36054\ + e7f015d2e5f81331e5666ec17ebf71907788b40cbcea0f24aaffb029ef5c25c5\ + 5ae998f28a2ddb091d262c32ad324f4e64c7b4b50a19e9d92f6d8024188627cf\ + 5ce68674e7ec7da38fd6cf4ec29a6ce2f17e3188d8ef6b0e50d77d5b0219232c\ + f9bee9d56c8bd8252d1edb59d99c40cf32d07d9e5a48930281c100f028143e3f\ + 9d1317aafb814215ffda9c584da8943e96212c90a082c3d2f335e8a6b64d1c89\ + 0aa2224ebf158bec2b6fe6bad236417acd517a4907331e0be0dd0b801218ac27\ + 0acdd45579290be1b94bc418b8f82c651d82a19d2f0e1cbb0fbc0f054d95150a\ + f96f9a7488010787a799c544883ff76a4e3092f2ca9aa9000cecb88dda343c97\ + 2c8192a83820727b1945c1a270cf913ab932457e8e6e207d06cd0efdf265b762\ + b9fa15c9a14633af17204ba2b755ed1b3b421ac596a2a04e64be43041b02191d\ + 4cedc87d55eea31bd702139b90be08d58692a1f97628a01b +PublicKey: \ + 3082027c308201b006072a8648ce380401308201a30281c100fada6e4becef96\ + 4a85caf9e129639a5616ac000dbac59bd50b84bc8d464114079c34c5b58d7d40\ + 027faaf037c6a649c527cb002d3a716bdef62b6c94d7a47a8b65c2ebac05da09\ + e40cdc417024cccba267a98f4eb69701a276b4f117662b566605c36054e7f015\ + d2e5f81331e5666ec17ebf71907788b40cbcea0f24aaffb029ef5c25c55ae998\ + f28a2ddb091d262c32ad324f4e64c7b4b50a19e9d92f6d8024188627cf5ce686\ + 74e7ec7da38fd6cf4ec29a6ce2f17e3188d8ef6b0e50d77d5b0219232cf9bee9\ + d56c8bd8252d1edb59d99c40cf32d07d9e5a48930281c100f028143e3f9d1317\ + aafb814215ffda9c584da8943e96212c90a082c3d2f335e8a6b64d1c890aa222\ + 4ebf158bec2b6fe6bad236417acd517a4907331e0be0dd0b801218ac270acdd4\ + 5579290be1b94bc418b8f82c651d82a19d2f0e1cbb0fbc0f054d95150af96f9a\ + 7488010787a799c544883ff76a4e3092f2ca9aa9000cecb88dda343c972c8192\ + a83820727b1945c1a270cf913ab932457e8e6e207d06cd0efdf265b762b9fa15\ + c9a14633af17204ba2b755ed1b3b421ac596a2a04e64be430381c5000281c100\ + 819c8cedb9c014aa577e9046b90795accbebe81bef68b1b5c37c68cb357e1a5f\ + f92761bc26cb0953956b6c0aec05acfc9d1a27c50789793b13d9eaf2361760c9\ + 7a7d86e7d922f4809a5d2d01448e938190bbc24c150e03ef8305365ddbf5ca19\ + 6857314e3b3023f8ddc9d209bd7dad1ee763e7003fd1b0c53057d2e9acadd23a\ + a18f83d20143bc41a2dfa4a164c82621fc0f800052ec01bec7c99c66fe20ec57\ + 67e6fbbe8810cd5aa75eff3d8a4cb53e1259ebcfebcc2fcf21ba7f3589cd525a +Test: KeyPairValidAndConsistent +Message: 9F6DC301DF53FE22CAC0 +Signature: 15B22111FEFA4AC1E53F2FEC346559E3613BB94F7BB3E2B7551D8B982FA10C38E7F182834DFC7391155FFA42AB945A29E118 +Test: Verify +Message: 2D7B5B9A27EAB468331E +Signature: 029EEA97097FE926DD09821284BCA3F45750B1F8102380D20100596D914DBF6BEFBE1B7A938E3AA5D656B6FD99E8EEE7C606 +Test: Verify +Message: F552FCBBA04FFCCC5CB6 +Signature: 115DE3CC1553CD5E4D40CCED80146DB1D76C10D992AACBCBCB05375C5FDA9F65B9A19DF7E51E6A36A3F2830AEA433AFD4F8B +Test: Verify +Message: 0D52B894153A4BB74068 +Signature: 0F6B8CC28D82E22B9B87D62CFF5C7B2289BB2F8008C42F105B2322CF95BC6D443A9D89A292F482490D94693A44DDF7AC4BD3 +Test: Verify +Message: 294442E103CC0CBA32A6 +Signature: 0FBD8768A18C2B28CE95775AD734157C34C1C3961C1DBBAFDD0A3E92A312A7925AFC9F7F4760FB0C56B42A2042C6B8B37C0E +Test: Verify +Message: E993D8FE1E6F6C3914ED +Signature: 0559D66BAC906C607BBA769AAFEB93E9AEC55FDD4597E432870CDC8A3DF9778301A0B218C886F6B08A414C51BD2F8214201A +Test: Verify +Comment: 2048-bit DSA key +PrivateKey: \ + 3082025d0201003082023506072a8648ce3804013082022802820101009a0886\ + 5d2bc9e0cf03d2500b2a08402bb9dc953d5fcd73f04be61236efc0998a8f012f\ + 00e52f7a6e91e81b88a4c9f985a2da523cbe7caff08cae44963d2035eda72e1f\ + 31f82c8d64c86e686899d53c0200282f407ceb1507db480f1db223606a57466c\ + f60fe9fc5f7ea7d5fd82ed3ab2cf5e35491dfaef0aa2e10fbfa3cdfeb5ebf65e\ + 4dfc2837e1f6399db06cc2e0420c7b14a4c0d483b742ca58b31fec9f26a64e9b\ + fcaa82334e644f4b954e2a9c7eeae096b8864ecd223ead3bcf9e8c1f68f6678f\ + accdb7f26d8f33d8a5fb0cb156cc7daf4a96ec2b730c0d7f666d699f7345a37d\ + dc1ccdea6d8f439ddb23de04a941b246bc257b0aef544a8e868bc8444f021d03\ + f35f80fcd896f03eda9ff07f2e35295384c4f3b8f8c4821369ab541702820100\ + 75c5d8c8f72302d92be3bf486b8648330ff86954de5e6e83efef624a277574c1\ + 6757684d3874ee303fa08343fe82dae484e5dda6781280b434c4090044cc7ff9\ + b6e962594d3ca069815c0f0b6bfd25215a419420d0ef8a1595c6eb1b44a719b4\ + 0131081f75cc15cb09a5d5a029c8546230c30b4af2d4a9f4374c93a095c83b59\ + 4b1774d635d4aee965f1d094469f7bbf8bdc93216a6b8a6c5753b48962335bf2\ + 092aa583c897878c8a7ce61186b592b05d2aea710b673d5994cedb5f117fdb6b\ + 8ad4d89f443c4eb662b428a34a7522c69794cc0274f3eba837e90da86acbc707\ + 4ee3a0b029d970efa48b3d582b740ae0e585d175a5f63a385f8b6b8878b44e1a\ + 041f021d0212c34d3d17b96a899548ebf43bb886676acebd2f040f5b33a4e88d\ + 2d +PublicKey: \ + 308203423082023506072a8648ce3804013082022802820101009a08865d2bc9\ + e0cf03d2500b2a08402bb9dc953d5fcd73f04be61236efc0998a8f012f00e52f\ + 7a6e91e81b88a4c9f985a2da523cbe7caff08cae44963d2035eda72e1f31f82c\ + 8d64c86e686899d53c0200282f407ceb1507db480f1db223606a57466cf60fe9\ + fc5f7ea7d5fd82ed3ab2cf5e35491dfaef0aa2e10fbfa3cdfeb5ebf65e4dfc28\ + 37e1f6399db06cc2e0420c7b14a4c0d483b742ca58b31fec9f26a64e9bfcaa82\ + 334e644f4b954e2a9c7eeae096b8864ecd223ead3bcf9e8c1f68f6678faccdb7\ + f26d8f33d8a5fb0cb156cc7daf4a96ec2b730c0d7f666d699f7345a37ddc1ccd\ + ea6d8f439ddb23de04a941b246bc257b0aef544a8e868bc8444f021d03f35f80\ + fcd896f03eda9ff07f2e35295384c4f3b8f8c4821369ab54170282010075c5d8\ + c8f72302d92be3bf486b8648330ff86954de5e6e83efef624a277574c1675768\ + 4d3874ee303fa08343fe82dae484e5dda6781280b434c4090044cc7ff9b6e962\ + 594d3ca069815c0f0b6bfd25215a419420d0ef8a1595c6eb1b44a719b4013108\ + 1f75cc15cb09a5d5a029c8546230c30b4af2d4a9f4374c93a095c83b594b1774\ + d635d4aee965f1d094469f7bbf8bdc93216a6b8a6c5753b48962335bf2092aa5\ + 83c897878c8a7ce61186b592b05d2aea710b673d5994cedb5f117fdb6b8ad4d8\ + 9f443c4eb662b428a34a7522c69794cc0274f3eba837e90da86acbc7074ee3a0\ + b029d970efa48b3d582b740ae0e585d175a5f63a385f8b6b8878b44e1a038201\ + 050002820100267f9c3ff3ee3cbc0f9e94dc7e6837e1ff65175e967987b90b9a\ + ea7eef1de6e4c342bebb5dbd0c4e2f6514f2d487857a146dda6cfdbc8b56ed25\ + 4cd65754d84dd21a271cd15fc656274725643728b41ce3f0e6872b6dfb4c289e\ + 03f9b903880ce3d7d745dfbb641c8c42ec0bfb6951ca2611fd877c32248c9725\ + 2bdb42d7bd65ebc50653dff389526c546d1e6ebaf6bd8b3298c01935901b7efb\ + 288b78730d89fba7f46f2a642aee0dbc93aa29c190b201acf89d4f8ba28f3e3f\ + 54a1c5a48294dda908f904afb7db398682c809ce13abd49279221d5b40ad7621\ + 6bad7ca256d718d3552344c481b20da5aac3e637fb7edeaf7960b532ef761376\ + 489f02fa8c10 +Test: KeyPairValidAndConsistent +Message: 5F3914F7AE0F6C76D152 +Signature: 03D30B7EAADDCB384CECDBB7541DFE57187242C836A6C72AF6C2525E1A01DB97DF3F41156089162FAFC87361F2F28E55616A50633637FB13EFE3 +Test: Verify +Message: 769583D4E7EAD14C137A +Signature: 01DC2815FD4918B8D314526066A03AD6593C8CED9E1ED04252B1BBA59D019F1C965028DA88BF4DB35AEDBA2C3C963B7933E5C07C590EF78BDFA1 +Test: Verify +Message: 6441D5239F50C71DE0F5 +Signature: 013F6D395DE56832F72F17F7F7572BB6DD1C48BADCBDEA91F0A634486E034B617DA8F5AB5E6F78C691313F822C599B6400A0A119A5DA330C6830 +Test: Verify +Message: F1C2D4F7C3ECDF2C17B7 +Signature: 006441A8B3517613F950BC1C84504082C0C3EA10CC08DCC1DA22E05480036D78345B17244F0DE41DA8342AF3441489CF9880BAA01BF2745CAB3A +Test: Verify +Message: 752A1F2B8D9A717A882F +Signature: 0127027984402F5B8C7DB1B7666FFA787548E4200D26B9D3B20EA9B4370298A9BDC901F324844613E8B5F34F2BFE40D9E6513D0E207B5105A9B1 +Test: Verify +Message: 666DC6B1E871026EDE56 +Signature: 03E87B55A7E81318B6B7057C901F8E3DC564053C1EA08B1F1FD965453803F21C20CE7FCCF606FB1328EC987666E87AF16ABE6B42DB854BFAA019 +Test: Verify diff --git a/c5/TestVectors/esign.txt b/c5/TestVectors/esign.txt new file mode 100644 index 0000000..6370671 --- /dev/null +++ b/c5/TestVectors/esign.txt @@ -0,0 +1,93 @@ +AlgorithmType: Signature +Name: ESIGN/EMSA5-MGF1(SHA-1) +Source: Crypto++ 5.0 test vectors, generated by Wei Dai +Comment: 1536-bit key +KeyFormat: DER +PrivateKey: \ + 3082014D0281C100E2A6788AB3CC986AEC06C51690143D3677141645D0628165EE924B9AFB7E6EDD\ + 52D90145B2F6031522C7A6CEC05E358F42B7837DACEA589F868F8DCA1C0F5FD8E5EDB8BBBAFCFF6D\ + 64CFCFBE68F46FBA6EFF45BC9D0CBB4F7F6075F5FFC2049C2F304B51C417764E18D182926E02D411\ + 6CE5C5C010E3D0AA6872A49B0D1FF4B37D54689C31F5821D04E9D4DB34D7536EE7F88B8C481B0EC1\ + F93193A0B70567E6FD76E9FAC4F67BB47DACD356D0C8015261E068DDF8C34C0CAFCF3FA775577FEB\ + 020120024100FAF0F292EE96D4F449024F86C0A104E0633C722586EC00AD33E0234629825D2081BA\ + 337597889CAC55DC6BEBDD8F13FE3AA2133D6371601A37D195DA7BC45EF3024100EBE16F88887A42\ + 5AA08E271467CC2220DC44012AB24ED4FF3512A96E8CB600C8BBCB771459FF0EE63D4B6786952A83\ + A7143A775073F0A1D69B6D0B5817755673 +PublicKey: \ + 3081C70281C100E2A6788AB3CC986AEC06C51690143D3677141645D0628165EE924B9AFB7E6EDD52\ + D90145B2F6031522C7A6CEC05E358F42B7837DACEA589F868F8DCA1C0F5FD8E5EDB8BBBAFCFF6D64\ + CFCFBE68F46FBA6EFF45BC9D0CBB4F7F6075F5FFC2049C2F304B51C417764E18D182926E02D4116C\ + E5C5C010E3D0AA6872A49B0D1FF4B37D54689C31F5821D04E9D4DB34D7536EE7F88B8C481B0EC1F9\ + 3193A0B70567E6FD76E9FAC4F67BB47DACD356D0C8015261E068DDF8C34C0CAFCF3FA775577FEB02\ + 0120 +Test: KeyPairValidAndConsistent +Message: "test" +Signature: \ + A3E32065DEDAE7EC05C1BFCD25797D99CDD5739D9DF3A4AA9AA45AC8233D0D37FEBC763FF184F659\ + 14914F0C341BAE9A5C2E2E38087877CBDC3C7EA034445B0F67D9352A79471A523771DB1267C1B6C6\ + 6673B3402ED6F21A840AB67B0FEB8B88AB33DDE4832190632D512AB16FABA75CFD7799F2E1EF671A\ + 7402370EED0A06ADF41565B8E1D145AE3919B4FF5DF1457BE0FE72ED11928F61414F0200F2766F7C\ + 79A2E552205D975EFE39AE2110FB35F480814113DDE85FCA1E4FF89BB268FB28 +Test: Verify +Message: "test1" +Test: NotVerify + +AlgorithmType: Signature +Name: ESIGN/EMSA5-MGF1(SHA-1) +Source: http://www.nttmcl.com/sec/Esign/esign_emsa5_data_ntt.txt, \ + ESIGN ( IFSSA-ESIGN-EMSA5 ) Test Vector No.1-3 ( 1152 bits ) +KeyFormat: Component +Prime1: ec8b4bdc9a56ae7b60619814ec45d617246063b5aac39c286f7c82ec2824c245001b678217a7cf178979c7270eb510db +Prime2: e7b1c3ae3494d0ac7b6868a53a5fe3ba19471437c54b25699e8c348a003e5e1d4c6d244d4f6a78f260c98fc54795a6a3 +Modulus: c5d0b8fac0cc6acc9d52c61200b541f7b4f8ff9f1bda97e0ebf78a3df768ba70ade59306d6ae65655bff7c6a94518c91e43dc0003b6f8730acc244799bdacb1e5070c6ea3089ea83bd5ef0a533adf3d9d63c0e88ce74545cfb21213fc33813fd913c6a6cf84b5adabc7d74751e9945521ac76a790bba95ad48d9d3fb2fbc4b0ed2ddee7d5ea6aa61633eccdac6381fab +PublicExponent: 0400 +Test: KeyPairValidAndConsistent +Message: 86f28c1cb5e640548309b85dc6e64c1a +Signature: 348dc9a0943b1e2ba7ef501cbe970a023b37ca4019b9a5cb35ffc3bcdb28dcbd4193d7817d418bbaf291d97a1eeb918a03ee65caa7ad26c24f9ef807c8798ade5b70d7328cd36ac0844bf63f511bb63067e8236d084cf8af68e88155ea94b978aab6bd0339c55d976434423fc779d549779e81f528d028c7343e060544410e528814fb0874417d1eedf38d6db4b97dd6 +Test: Verify +Message: 2fd87bfa6c8a965c9e1aaa8e3574202b +Signature: 561ad8bd11270c71f00af0e0cf256d858c757e8b55b9c4d6fb6bf71598ab59352992656348c1ff1ccda14fb7c5c3b53be49727c07422b78ffc380eeb03be7bdf07b279337af8a1eb7c5bdb725b33a82926b6afb7a1fff0750cc2532c6f96e28d7f1e621cf222b42bb850312f1a5fb7d99acd1c6f6d2347a121dd478374d6a40a7b0cd42e430f01b926135fc8d850366a +Test: Verify +Message: 888330ef1dc1588d578badde35c98d1e +Signature: 915d64d7b9b811fe8b58eaff4c2bf9ce2ad886eef95b28093f8c21f4ca950fdb2f6e77f97d0f2f8158445347f5b3ce33e082f3b5204522e15614d1891078d9557796726b5555cbd8d5489638ecf4738257dea70175fe27de54b1f45c0a96c229bd59260bebfb241e8eacb8a1a23b9a9a79b6d1f52cfed8cca2f1968e37d76c435ad1acd44131ef2c5f5e4ea8a33aee4e +Test: Verify + +AlgorithmType: Signature +Name: ESIGN/EMSA5-MGF1(SHA-1) +Source: http://www.nttmcl.com/sec/Esign/esign_emsa5_data_ntt.txt, \ + ESIGN ( IFSSA-ESIGN-EMSA5 ) Test Vector No.4-6 ( 1152 bits ) +KeyFormat: Component +Prime1: d64dac2fb3506111bbac11a04e138d2d6f32df119f2f259065cf5785a46aaf404ad887f0a310b36be4a3a1a33c8a054f +Prime2: d1158628ed1e0695c02a821ab8590f59fc1a3fb1e19ee192ab789e9d963766d78f55cfef9bf58c0c774a32d8a8943955 +Modulus: 92855120174c4a115bf525fa1f2ebf68d8328162149a5a6751b2512584eab7e5582d38d0e5029e01ece85a484030bb884a29121d8924f0195b22842b16436cd36c33bbe843e1cf7a585e89894b14595641d081a3077d667096df251bd93c86ebd94e0d555601794fa66fa2bcea920287c19922bed486a4f631390d1e36cc3635b509cb14c44d50313919a6cbb75eff35 +PublicExponent: 0400 +Test: KeyPairValidAndConsistent +Message: 16a3632339c463e243a4909f8a3810a8 +Signature: 7d8790ee852a4f3ba8bb3fa0f6fc30c29b6bc2bc538195826544138dcb92500122148ac2cf0dc77dd37182c2267a73317ce5b2ae26db79204abe0e10c7212ba8de99fdc5cf498f7ee689588541fb78291afb9b65242f725a4aa32b119957b4314a58b4239a0235b9b1a8a6efbaa3601961d4b0730a6d9e5659f20105931d473daf3d378b39b7f3f01516d72ade9ef68a +Test: Verify +Message: ef8bcad6c164a86b0e0a3c011d556744 +Signature: 6ce6024f64a7f04a0fe29b65cf2ec2ac49d9f90078a77db8bc260d3cfef233165a90b29d5787218b4d05a0e9321f2e802a8ed6d1a4201feb982a5d06bef051d60436d8c61a249432e662e625806526075f02b60d198142b96b67a4ac31d0071a1f971dae5a6a1b6db177591edfe80f7e51c7335441490f05f214b5a1aec94de572e3ec11ef4bebeb42f27037d38a186f +Test: Verify +Message: 29023889c79230c1c479820c5ff2e006 +Signature: 85f0b648ee0f6d30a18666e2da8bcda319ede91ca18e018548e2a1c21b0e0049b91528eba4da3be4551b26c4e59e6aba25312874f2320eaf7c94c541e17fb16fb0d9d9928ea526b0fc0c0fb2d12e425a5917e4039a5366585327bc3456107ff31c889c5e04259457dfe65952dc43cd35f4ca689272769096b9583bbffad4a057673f938fa7192bbca44598cf5600e3eb +Test: Verify + +AlgorithmType: Signature +Name: ESIGN/EMSA5-MGF1(SHA-1) +Source: http://www.nttmcl.com/sec/Esign/esign_emsa5_data_ntt.txt, \ + ESIGN ( IFSSA-ESIGN-EMSA5 ) Test Vector No.7-9 ( 1152 bits ) +KeyFormat: Component +Prime1: fd5708b30e8ee342bacaeb01c0d3baa91a833dacff2878c7df62e04a65afe770acdcefeaf8a72a5809387e5ed97756ef +Prime2: fa335563d5da151e3ab025f3b77d3f1eaf4a0d431012e79b12ca8ec433d347bd9a2b5179f2ed332a19ea2cad694c97dd +Modulus: f5072ba25e7df2c0e0a0abde031dda9534a493396ab895e6132abc90f993535ce55d6395e1fd548371228decc1cfefa9737344243ddb1eccbbc22d68571617afb23638c3f0222a84b0a8c9889ab934aa84cc92e14d972670db6d2105bbd0212c1843ff0ccbae19535ac01cf02ad98aa941fce32fac874cea7f1f83969fbaf025fb562a087efb4652210d45279312da7d +PublicExponent: 0400 +Test: KeyPairValidAndConsistent +Message: abbf5c71245af5d272e627ec845e9ed4 +Signature: b75e2869c052df20d6c008dd911a5bd752d5a23ee42ae47def37f76f6b2d5f04eb8d9b0783c502e0abd30bc567a6672292c3a6736fe8d4034fad857456cd599259d09f42f1d4c64d244fd149f6316f0b763be0de4f9da7f9649a76b984fe2ae99293d406904a9df59d28cc8a58b7ad0029657a47ac0e28d6353287df1ea8feef2fbb65d86425e80487420c1c9c1bda7e +Test: Verify +Message: cf2c943bc4c23175b43ba128c75339d1 +Signature: 64616eb627bf49c2a5a183479a66b7dae12cd1a0982baa0cc12329f594196b9de47909e6b5cf4653bfccdeeb5478fd88c31c197c9adc335a84ec58664ce5fc55c7b2f17b0f32ffac4ff3f3b4ddb3ce125ab7e43efc0be6ae8357895ab5f118a4ec71b57cc1b252373fecd4a1f404ed295f2d97868e3737fdd6fdf124bc2f1e083b57d5c237db775d429d08d5b5ced857 +Test: Verify +Message: 4d011f09f665d5f4a12595900e3827ec +Signature: 1911d3df18bdd9907b69ce6b655086c952c92d826bbef199fb1e0dcb7209a1b28d0a03beabc9e7d8df052febe26f691ff808caaac697c3005d524f3da8c700bf620aa37fd0793b3f22c6a488d733336d040642e0767755391951a754a1111345b912b4c0228ab154eb4baac0383a54023bd7c7ea2ed4bb894444b80d7e5f18407f51c3af858b9fa9198190b4b540fce8 +Test: Verify diff --git a/c5/TestVectors/hmac.txt b/c5/TestVectors/hmac.txt new file mode 100644 index 0000000..b380bab --- /dev/null +++ b/c5/TestVectors/hmac.txt @@ -0,0 +1,125 @@ +AlgorithmType: MAC +Name: HMAC(MD5) +Source: RFC 2202 +Comment: Test Case 1 +Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Message: "Hi There" +Digest: 0x9294727a3638bb1c13f48ef8158bfc9d +Test: Verify +Comment: Test Case 2 +Key: "Jefe" +Message: "what do ya want for nothing?" +Digest: 0x750c783e6ab0b503eaa86e310a5db738 +Test: Verify +Comment: Test Case 3 +Key: 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +Message: r50 0xdd +Digest: 0x56be34521d144c88dbb8c733f0e8b3f6 +Test: Verify +Comment: Test Case 4 +Key: 0x0102030405060708090a0b0c0d0e0f10111213141516171819 +Message: r50 0xcd +Digest: 0x697eaf0aca3a3aea3a75164746ffaa79 +Test: Verify +Comment: Test Case 5 +Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Message: "Test With Truncation" +Digest: 0x56461ef2342edc00f9bab995690efd4c +Test: Verify +Digest: 0x56461ef2342edc00f9bab995 +TruncatedSize: 12 +Test: VerifyTruncated +Comment: Test Case 6 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key - Hash Key First" +Digest: 0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd +Test: Verify +Comment: Test Case 7 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" +Digest: 0x6f630fad67cda0ee1fb1f562db3aa53e +Test: Verify + +AlgorithmType: MAC +Name: HMAC(SHA-1) +Source: RFC 2202 +Comment: Test Case 1 +Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Message: "Hi There" +Digest: 0xb617318655057264e28bc0b6fb378c8ef146be00 +Test: Verify +Comment: Test Case 2 +Key: "Jefe" +Message: "what do ya want for nothing?" +Digest: 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 +Test: Verify +Comment: Test Case 3 +Key: 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +Message: r50 0xdd +Digest: 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3 +Test: Verify +Comment: Test Case 4 +Key: 0x0102030405060708090a0b0c0d0e0f10111213141516171819 +Message: r50 0xcd +Digest: 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da +Test: Verify +Comment: Test Case 5 +Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Message: "Test With Truncation" +Digest: 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 +Test: Verify +Digest: 0x4c1a03424b55e07fe7f27be1 +TruncatedSize: 12 +Test: VerifyTruncated +Comment: Test Case 6 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key - Hash Key First" +Digest: 0xaa4ae5e15272d00e95705637ce8a3b55ed402112 +Test: Verify +Comment: Test Case 7 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" +Digest: 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91 +Test: Verify + +AlgorithmType: MAC +Name: HMAC(RIPEMD-160) +Source: RFC 2286 +Comment: Test Case 1 +Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Message: "Hi There" +Digest: 0x24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668 +Test: Verify +Comment: Test Case 2 +Key: "Jefe" +Message: "what do ya want for nothing?" +Digest: 0xdda6c0213a485a9e24f4742064a7f033b43c4069 +Test: Verify +Comment: Test Case 3 +Key: 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +Message: r50 0xdd +Digest: 0xb0b105360de759960ab4f35298e116e295d8e7c1 +Test: Verify +Comment: Test Case 4 +Key: 0x0102030405060708090a0b0c0d0e0f10111213141516171819 +Message: r50 0xcd +Digest: 0xd5ca862f4d21d5e610e18b4cf1beb97a4365ecf4 +Test: Verify +Comment: Test Case 5 +Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Message: "Test With Truncation" +Digest: 0x7619693978f91d90539ae786500ff3d8e0518e39 +Test: Verify +Digest: 0x7619693978f91d90539ae786 +TruncatedSize: 12 +Test: VerifyTruncated +Comment: Test Case 6 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key - Hash Key First" +Digest: 0x6466ca07ac5eac29e1bd523e5ada7605b791fd8b +Test: Verify +Comment: Test Case 7 +Key: r80 0xaa +Message: "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" +Digest: 0x69ea60798d71616cce5fd0871e23754cd75d5a0a +Test: Verify diff --git a/c5/TestVectors/nr.txt b/c5/TestVectors/nr.txt new file mode 100644 index 0000000..f08bb6a --- /dev/null +++ b/c5/TestVectors/nr.txt @@ -0,0 +1,615 @@ +AlgorithmType: Signature +Name: NR(1363)/EMSA1(SHA-1) +Source: generated by Wei Dai using Crypto++ 5.0 +Comment: 1024-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 09b2940496d6d9a43bb7ec642c57b302e59b3a5155 +SubgroupGenerator: \ + a1c379ba91fe1f9d5283807b809c698bce4aee6f405f4de8c46becf33c08a63b\ + c5f8088f75b5b6bcfb0847ccbdee700e4e698652317bbd7a3056404c541136d7\ + 332c2b835ef0d1508ef57b437de60675f20f75df0483f242ddeb57efacd18041\ + 8790f4dec0a8250593ba36f17316580d50db1383ea93a21247650a2e04af904d +Modulus: \ + bd670f79b0cde98a84fd97e54d5d5c81525a016d222a3986dd7af3f32cde8a9f\ + 6564e43a559a0c9f8bad36cc25330548b347ac158a345631fa90f7b873c36eff\ + ae2f7823227a3f580b5dd18304d5932751e743e922eebfbb4289c389d9019c36\ + f96c6b81fffbf20be062182104e3c4b7d02b872d9a21e0fb5f10ded64420951b +PrivateExponent: \ + 0355dc884345c08fb399b23b161831e94dbe61571e +PublicElement: \ + 255cf6b0a33f80cab614eafd5f7b2a6d83b3eafe27cd97b77ae70c7b966707d8\ + 23f0e6aaaa41dc005aaefd3a0c269e60a665d2642f5d631ff1a3b8701bc06be9\ + c44ab7367f77fefeec4c5959cd07e50d74a05af60b059ad3fc75249ecf44774b\ + 88b46860d9c3fa35d033bcfc7b0b2d48dc180d192d4918cddff4f7ebcdaaa198 +Test: KeyPairValidAndConsistent +Message: 66B92E1E2C44B80F7BFA +Signature: \ + 06e7586b76d5a8270155cce2d3ff4495237eed29a101eb1341fce0b43d95397b\ + 053d93772b0a9cf3117b +Test: Verify +Message: 973266BB0A492248082A +Signature: \ + 02de44ed2233f0f11dcf567217d2089ec039a211bf000d42e04900a66ce45c58\ + 526a97d7f4cfba29e43d +Test: Verify +Message: 9A6D079ED0CA9D8B40E8 +Signature: \ + 04f59dbb2712926b3bc1d3c428f16203f3443f88db0669adda94dcb54e1fff71\ + fb51bb603e7adff13f84 +Test: Verify +Message: AA34DCE67BCDAC927DA6 +Signature: \ + 08ad21bf9d0cc598a214329d3544685d39487988bb01aced68ad0a4831affbff\ + 3b14df6c0f4ac4d2e967 +Test: Verify +Message: 4EDAC08816AFDBF284DA +Signature: \ + 09a9d5aa9bd1b6b61fe8825128c8e52a6213692b2504c8c6951299b5ca51b03d\ + ea0a5e56f9a7c4cd44f7 +Test: Verify +Message: D82F2E903230962B8174 +Signature: \ + 0441c8d089e690a7fab391de07073326d443a0d9d806a3997ac1641175310890\ + 1e55582a582541330539 +Test: Verify +Comment: 1025-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 0b3949dadf3196f08bca0606f06443afce2fb1d02f +SubgroupGenerator: \ + 015f0f6d1729ef2af723c00e36450a04c7e7681d65b74a6417a53b3eb6036989\ + eff8e0ab11a7ec3ce2340b7c7a92e1a977aee52555c06c12c4cc28496ddc2598\ + feeb7539ce90d3888e21f61d7f14746cf67d9fed373afd97e2483700e300ed9d\ + a25e7200b363a4727ad201194b36ea5f816cf83488c3e527d3a5515870d2da63\ + d6 +Modulus: \ + 017310bf02d70ef2cee45d1cc47ec8ce8cabdd6bf32a560975a42ef057bf9dfd\ + 553bc9368ddb154a55d855edaa755e69f511a4c69ba78571cc4b14ddbb0f32a4\ + a9c56c286305aa21ec4e35de7390747477b3bd574e7b87cbebde2f665703137a\ + 1172350ad2f48a0884d076ada9db82f104e6b0ad86693cd4adbd0067639102fc\ + f1 +PrivateExponent: \ + 0696b0f255468b7ac18e11632f208ca86383a46724 +PublicElement: \ + 45bf83e62f50190374b23de5e4a1d0278e9e8e6c8335577d62e80662a380c206\ + e326819c5082d321dfda1f905fa5a3ead9a2dc769885a27b1fd6a133185dc5a7\ + 876a76ab0a09fe02b7071a924169e4d2d2a67e67ed3628800134183b962c0b31\ + 3463aa154e6437d644e025ab234e63d19c129842a61c5e5ea5a06466c858c81c +Test: KeyPairValidAndConsistent +Message: 2F585D0CE4FA1CD93880 +Signature: \ + 06586d8a703cdc27200d5261853f50effa8ebbdfc905f5becb68b81eca506992\ + 50fb54e46d557c6095dd +Test: Verify +Message: 4F09A1F217B8393199EE +Signature: \ + 0622cd33b1d715829d8fae104759ed449f95becb5e03d36f5578fd6a2951d2e6\ + 26cfce85ba6563990d64 +Test: Verify +Message: 03D7110A753B008A76A0 +Signature: \ + 02925630b4c80e604fc1d8680bfd0e3d878e22b3a30ab8b10da7fc38816a8c5f\ + 1e06927c68f9d3db60d9 +Test: Verify +Message: 129F4781D417671F886D +Signature: \ + 016c2c4ce845b4d412828cbb8a396d080c7eb93bcb01f7010410198c8bac96df\ + 8ab8761cebdb7d87f3a2 +Test: Verify +Message: 3E1594F559D1248D1112 +Signature: \ + 080bab68c62be86ab2c1bfd0edf10387a7cd66b69f054e254218e01f650e4e8c\ + 6bfa10054e367893e59e +Test: Verify +Message: D6F0354F1B6B253B6997 +Signature: \ + 08755c7e8012e8160db75c6160686351e5c577207f01602b4dda2fa56b864374\ + 703c83bb323c7bb34f5f +Test: Verify +Comment: 1026-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 36bb68cd95dab195f14c4534283e7ea50b00cc31a3 +SubgroupGenerator: \ + e2782ad6992f4b7e88787b4d616744b60e095575a177569c4a069e311e38b724\ + 0c43343367e23574c30e4d9f05afe1fbe61423bab715915c4ccf28aa0ed2f52b\ + 092b86c8ec1f9d4795d6e91c88ba41297625c11a9e1f4f182da13cf51e541038\ + a1266bf32b2dd81ecd84bb80be8fdf97689942e944b7fbb6981e00cd680ee25f +Modulus: \ + 025098828217d00108030801e5f135fc6fd3010be39e49060a96addc8a081198\ + 803402c4b46e4ce0750fcbab8cf084c7ca8cae09f1b5482d336fa3af47b96791\ + d02d8143e274b1325f2213e17f9384c805f479e52a3117cf84869d395f1bc025\ + c918484478d2da1880d32bc519f4e6b2fd2d46958795550ce1765f725626f3fc\ + 17 +PrivateExponent: \ + 2db270c284328353f979cad99f4133c53acaa6ee71 +PublicElement: \ + 0179b283f67868aeded3a0c5633d0e6c18fad77174e2c89c03452593d05e77a9\ + fb029c0ccb2b6f2328e79c286ee392713f12d9d45578348383b81d11b0e0f7e8\ + 9965a7785d5ab64ea25bb73e8acaa8e84cb9897985015757a48c0b1dac3a6a60\ + 6fe671ea073ec434a46f227b8d4b02a46fbba2f6c6216736d669f55778d81004\ + d8 +Test: KeyPairValidAndConsistent +Message: 7E4F2ED4E79062778A2D +Signature: \ + 03f523873462ee1513833e2853c3b62e30c5c1cc3224f1a42dc154fa84ecce04\ + 487069530d76e0574a38 +Test: Verify +Message: A0E35846B5CF1B5BF560 +Signature: \ + 2264285d75a55c431a7adb9347bc07d58efbeb1dd9354d01b0b86f2875f8dec0\ + 294d20289d39369c5afa +Test: Verify +Message: 3B138785EFC6F520EAE0 +Signature: \ + 116e45961ca73f3ccf08b35f94877fef88772cf0fa2ab196c85a91104d8fbde6\ + 65b7032b2fb4011a88cc +Test: Verify +Message: 0F6BE2AA764B485145D4 +Signature: \ + 027ad753bde13c7f2fcd7571e5558f8af756cdb9463237fb0e285cb633cc86be\ + 1b410188d701f6ca83c6 +Test: Verify +Message: 6CD9FBD23EA58826FB04 +Signature: \ + 1651decd376899104e3fdbe40ab2d9bfd3c8577f3b092b66e3760678ecb3fc35\ + 23a59107e0bdccb76a73 +Test: Verify +Message: 473A82649565109E9E89 +Signature: \ + 2045ef56d92f89a214d76cca6b591068ac5f0d008c121ec4e5c4c1e8ca9b67cd\ + bb5ecc776a23b6d54ba5 +Test: Verify +Comment: 1027-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 291d0ba731a4303070504d8b9615640a5e1345e00f +SubgroupGenerator: \ + 051c9d0270b69ceef82af5aed5f91dc88d585096609d835d03d39cf3ce74f5a3\ + 402d4e8e192455493da61cc58ee6f54dd941172be3d7642169cbc52273f4b725\ + f1d6c820c3333336c64d32fb6238121b3ccb7c71b847764946bb0887a44ca9de\ + 802cda62efa9dda573751084225353f11ed837f3dc25de8374b6fdbfb6e313e4\ + 6d +Modulus: \ + 055402a8abe9cda3072ca8601d68032651feb0335856e57f8f8d4ec949098a64\ + 59151cefeef91b7aa733668c8cf0e9b96c93c61f3528d4036daa6565646f65d7\ + 4c4552817df7e5fb1cc421cfd885e27bb811ad227e81b3fa02f7a00bf01ee6e2\ + 3fb5572a75f8f29b58bd5f7db435e8a92a923f15d50f34213d29816921bf195b\ + 2d +PrivateExponent: \ + 13b27094d9a5a3a9704cebdbe890da325fa26ad555 +PublicElement: \ + 03b06b99097cd7145c7d7782b02e247a4741f3c7f39233627f17e13ebff89a18\ + cad6a454c3f32f7ef2910384030da71ae47e1c3fa79c2141dad107f8e715e47f\ + b0bb626baafc35db769852ebbec2d339c3c3d5f2287cfdd20b3b78ea4607086c\ + 42558ae4637eddd6a74bc1072d0f34d9c0130cbc9e84f537e7ce50df502d17b5\ + c3 +Test: KeyPairValidAndConsistent +Message: AE6DCD9535AEEE3ECC89 +Signature: \ + 1c6794878aabf07cf9f59b685d4a3a6e51c9135dc101a4a6a62c95a20902e2fa\ + 23db7d15293f595f86ab +Test: Verify +Message: C83A14EAC016D659F9FE +Signature: \ + 18ed4812925dca6a9c30e2e3566433e202be2d305414e1e6583905ad845cbc63\ + 2049804932aac79b858c +Test: Verify +Message: 745E02041EB487D16CE6 +Signature: \ + 13d4ef1de59ef0fe9bc4ecc6d382908642f6f5793e255b819e25ed124f7fa574\ + d91fc2e9b258f0514b15 +Test: Verify +Message: 62F019655A83501FC4E7 +Signature: \ + 07f797768984ecc792f366ece16f5102aec2aac6d31fdaf3972839cac2c99a2b\ + f5b347c887d37943383c +Test: Verify +Message: 351D37A4B5046E885EAA +Signature: \ + 22064cd5179ff1551dbf73c5220e17a9dfa1aa8f7f22f44a6c70f13c6d0a21f8\ + 7e53278251037a6cdc5e +Test: Verify +Message: 4073D33915F595F4FF9D +Signature: \ + 1f902ea2c9521b8c7f11619d35dd22a4667e2eb89a017194bb68ec0a9df762c9\ + 377c1c075b5f09566048 +Test: Verify +Comment: 1028-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 2368e2b864b250ad45406391e7eeaa3d27cd053c2b +SubgroupGenerator: \ + 07c325695dfe315a77ad7b42f0d18f9d4821b5c153fee7385877602fa54477bb\ + 8c0639d2438f34352b97c22d02a7295d2b53d5286a01caa919d6283614690624\ + 240af922675ccd4a0534ec336cb79cde31b02b5988cc5a53ca17790d67d803a2\ + 7bb927b9c59bdc6ac794175e285cafdece6778ab19a0b444747fee20d5bf929e\ + 70 +Modulus: \ + 0abdeff64b6f28256e4562109bffed29cb5aa95d89cc0ec95da0e773dbff3467\ + c271bbb1e1fbb6af058517fdacdf26b5919674c625eced6317d8631c063f43b3\ + ade2cd633d554913339071d6ebed5fd665fc5dd7d47b80721a976c3b14fbd253\ + f0f988c354725289f2897df0a15985c92b2d4da8d087870c251c72d979b8304d\ + 51 +PrivateExponent: \ + 0771305163506b2b83bd5279935df1b5fcf180b004 +PublicElement: \ + 043e4ae6244408879264fe6b859b578218705b9a45af22efded27141b7f090cb\ + cbe42dcf481df3e41b13920ae02b694eaa6bfd62f2d3c5d677b8c4ce783cbe27\ + 89e088b04489ef535ad4a517351c8835cf128f7ec677a1b1dbe3ae9cc4198ddb\ + 6e1cef8e978c0725f5063797bc43eb9ae496286cccbad5d4e026e9edb997d2f9\ + 18 +Test: KeyPairValidAndConsistent +Message: 4867852C83F181CDD010 +Signature: \ + 1db6a5661b20c9289428c3b9ebf65d5a8f757f3a3b1eb15dfaf0c8cefc891954\ + b48279eb45910a141ec3 +Test: Verify +Message: DA6493C86D6B62C5961C +Signature: \ + 1c05300a56319ba4a8ace1206f5f37b5bbefc9d80a171a57b6da3c02aa1f3079\ + 70583c008f073996d932 +Test: Verify +Message: AE2C1136BFE966794A6C +Signature: \ + 02dfd79eb18f3a862b11a5d199a7db1dc53580ade90517a7739cbd8ab1849c44\ + 54ba17a69b8d03ecc4f9 +Test: Verify +Message: B20160E0442E726BE749 +Signature: \ + 14c0cf809174d39f1324b7dd0d6d1fb3be5b5577c10048b12def39772fa60cd5\ + a9d2cca9075f12e5a3c1 +Test: Verify +Message: 3638935C4492F5CA42F2 +Signature: \ + 0081d7216636bc6fb9bc7a637a377ebf4f9048826e0360c8faf03dd28c4ee4a4\ + da82689259f140b3d918 +Test: Verify +Message: DFB674CA6E0FDC0CBE99 +Signature: \ + 1e3e21aa3dcccddb8cf3e360631fc36956263951ff18fec553531252b4dbe753\ + 6ed5fc62897d51500c38 +Test: Verify +Comment: 1029-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 3357536531dec150be0ef8747f69ea30d987ff7df1 +SubgroupGenerator: \ + 067dd80dbc6b41f58d08f077a9a3dcbfe12a62065fe6b4691c457f506b56dcab\ + 0433b3aad6ef962501633d0f3947b491a1317e7e6b632f062c53104d609c9222\ + b056f08a0c83662a70744331fd09b2b42fb0768e52da27e92732106fbd41ec73\ + 7373fd080b56b543d808d49eeb6e1bb0a8619b1edee8fb8295dc042423f684af\ + 8a +Modulus: \ + 1d0f176b6799b36724c92954c38d0288fa95400c2b14e064f76a6338fccaebca\ + 8d978b93bb76507bc150a50f9fe799fffe12ae2875b13ac1084ffcfde9f62b86\ + 185a72f04ff80538d6eac177edc98d61a517b1275bcf4b57aa262e1702d623bc\ + 344db7e5621c949a9b12e9936e88fae9b200a1f8ad5b40ec8220aa301267f38d\ + d7 +PrivateExponent: \ + 2dcdc00a86ecc2a60ebfa6660a83af1d7c3e570b85 +PublicElement: \ + 13834f0fa1f42abf7dbd264cb7d2eb5798da8972df67f517c62d7ae5070fd588\ + d61db62e492f9654833e876ed5737df35069f5ee01a45de881d8f5e68ec52ad9\ + ef32780e8c453a5f1e38cc17bc5cd061a3c122080f6e1b82d31877e8b08f634f\ + 497bd90b06824eaa0416c64104ce5622c272673d0dedb836ac7d47e0cea06739\ + 02 +Test: KeyPairValidAndConsistent +Message: 1E34034C47FE533F8FF5 +Signature: \ + 05c110848feacc9ac762ffa14943f9ce9a111777de0502d9f364ad9b2df4e1a8\ + 17bc15a602579b3a6a25 +Test: Verify +Message: 53D2CA23AF7DF95634F0 +Signature: \ + 14009997efeb3fd246956e44b5b0e48581ac5f414613b41fe5842c85b031ab8a\ + e68f66f8e1f1f9fc1d74 +Test: Verify +Message: 0F056E08AE77B3B30F33 +Signature: \ + 1beedf85b426d36a657f422ab9a9132986eaf415332816d33d70c726c3066158\ + c6481fd00503ffb65518 +Test: Verify +Message: F08C80E8FD38A3867B76 +Signature: \ + 0a23b8d8f920cfb0dec93725e4972080445647c54227fb987dd9f80fab446c75\ + 1c2594276168aa68f318 +Test: Verify +Message: 6D392690B92B3E75020F +Signature: \ + 18668f59c6974dad551a89bec5cacf0bf8617e8f43052eb97d7a1b12411b27b7\ + 4248b3d1f5070823e951 +Test: Verify +Message: 10AE0E091A267641FACF +Signature: \ + 1b3d10f74fdaed3d4d61fedfa3f6ad3a37c0cf6687166a312d5b280724c3545d\ + 225e1fe0639cfb1113d6 +Test: Verify +Comment: 1030-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 27c7996c1d3729c4cf1de06529e5619771e27ad9eb +SubgroupGenerator: \ + 0d87a4b01385da7f43b6277933c5f0dc8072dcacd5252e1b29f588114a7ac56e\ + 377050aa8174b5dda400f043234e4a746442792734dc80274a00a3676101be94\ + 759fc2630b9a858966488b12611d03d0b31e7243e124497a754544cee1db10bb\ + 0a81cf0b2a68045b76fe935f641c666fdc788a2b968c6668c669115756b961d9\ + fe +Modulus: \ + 2a32d68d31248024053bf628a94404b9a49d91ade4d7a45b071e93292a7f8c26\ + 61d9165f0ab85491d4b0dc67d335fa7d7dd172cb17193390a55eb000aa97e2b8\ + ed3ee64b73aa43ea9b8979132c2d966ab03c42cc14782c96e4284ee1136b8515\ + 007ed1b1a5708b5e8d81304fa651edc715918e2299cfe9016dfec5f454d907f5\ + 9f +PrivateExponent: \ + 091155581ecb7a0a792ba95c772d9382298bfdfa6f +PublicElement: \ + 0d7d22c931422fc46505887559a51490c2e367cdb40242cdbaeb23024693fd5c\ + 68f6a3307ca34b224457d5aa610b90eca3b39905481daaba7151318f09f974ad\ + 664546d14c87f797e38139ee1e07adba9c775e07b7f7b3edba87d886920d6b2c\ + ef5f084359566b0a3b8b940a65b9ad93fd7ccd1354cdcee3c43c6bd315180498\ + ad +Test: KeyPairValidAndConsistent +Message: 23EEE1D0EA8950B8F322 +Signature: \ + 18fe1a5f61c4946810e82a1e30fb6c87ce4ad9cebb1ae27eebfa8779fe292b2a\ + 451be3506bb65519dfd0 +Test: Verify +Message: 13FA6F2816FB83190A21 +Signature: \ + 2161a5be85f7ffe806df00f4bd50915e4b0674e7591f1c0902153823f881bc7b\ + 3f093d92bf86b74b5b3e +Test: Verify +Message: D071CCC0C6E4CAE82E5A +Signature: \ + 059158b2cf143f38eb8c51088dd79bf45990e596c8026fa3de5e668368b9d8d7\ + fe9ffdbdecf66aaf02bb +Test: Verify +Message: 22CE83F4803BF3EA2C48 +Signature: \ + 073b56d72a5b706455cfdcbf85b75ee45c40e96dd21a5460542ade665e51a85c\ + 510315a50307c2bbdb2d +Test: Verify +Message: 7A927EC7BB9CA16C1B0A +Signature: \ + 254c7525aad9b4b3807b3900a963fbf42f9ff2144820ea69abe5ba2c80613510\ + e1429ebc726fd0a87a4c +Test: Verify +Message: 9591B069993E10BC0B84 +Signature: \ + 0ed4210e5e4f2f9546ea181c4a61d062a1158810071905b180dbf070b480f436\ + 0b1f66065ecf111741cf +Test: Verify +Comment: 1031-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 26f86a81a6bb530c2f9b63e3690e95a0894575f445 +SubgroupGenerator: \ + 1e24828adb4ebf2becdbdcadf6706631293ad6566803d12479f04a7bb20b6086\ + fe81df164f8bd02c5f418c1140d143f11a71170b42d0753c952bfff951b9ca42\ + 04868375efaa4afad50b75787e41c5ab9ce8adcbccecd3716f350bb8aaeca9b6\ + 098bd0002d789e1f7db9c19d9045499877b93ecb4e7c64808b742063bbecf60e\ + 29 +Modulus: \ + 4d58515f7b41c4fc87e4fcefe5cf6d84b2d74a9d6f498ae9605fcbf1c5921742\ + 2001a272ef91dbd09e7af5ee54126dd4fc44bb1ed624d0dd5dafb984d5278114\ + 0bba40600cbd4752d2c32b43253efee57af6964c339570edb24195502e6d424b\ + 84bed65ac98c6fc52ec90e40a525f1863a53f2fbe2a0a133342eff4337f26ceb\ + 93 +PrivateExponent: \ + 0e61a054ee6510734a80f67a54d8c4151c957ef16f +PublicElement: \ + 19b50f1eea45bfaa22352a38f3c3b86d6f670747ac2fd94359608e25f2bb9f60\ + 2506bc357245deeb4c3c702d435c557da4f4a9fd37330a75547c91681fdbb51f\ + 286adb498d1e489e89b2e6a4eb9ff30222c51fefbeac7435f629f536ac2d6b87\ + 664d80e5c97398cf489a1d1ca217f7f21ea8e409f938378875cf5f528162e3bc\ + 07 +Test: KeyPairValidAndConsistent +Message: B4B3C8FBE82013228A21 +Signature: \ + 0e1003dd216194ded89f7d10b35a266ca7587d8cfb06a1fe3dd43f07dea4a6d6\ + acaa1477f2552c9b3114 +Test: Verify +Message: 17D2D18302173E2CE992 +Signature: \ + 027b40cd9a159257a57efae3a657399a3b6d8b06f707ba3a323abc383a93f919\ + 1246c38c03b028be05df +Test: Verify +Message: 8032AE177D6DF38C7E27 +Signature: \ + 1f5e3d759e3b832f5a6c57b055764ff5b8ad942dd819610ef94cfec296cd1b56\ + 4fd0b18bfa08c3645db3 +Test: Verify +Message: 768640A60A3C62E02428 +Signature: \ + 0abe2dfabc81ab677d2cbd781ef9768325a5d6d15a22f41b32972bd67058e617\ + e28c7e0dfbaae535d655 +Test: Verify +Message: B0999CA45B77ED63639D +Signature: \ + 1525539cd207d5f6f915eb2731b6451e38e11e0a031d7e420e0bb95d6616d8ef\ + 35d20eb43c111f8f9ca1 +Test: Verify +Message: 587EDB968FA82C12C930 +Signature: \ + 024ed20dc19a07e00158aa2fe9cb6353f0112b8fab0e6775667115e1c92e5eb4\ + 29876c12ed48e996f4f7 +Test: Verify +Comment: 1032-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 2e802b5369c3f1ddfa789bf8f2ad2e048ced3bf355 +SubgroupGenerator: \ + a9aebee7d29f90b081afc4d496a6a78210e918bb57a8a21c5995586c0bf20f7a\ + 56bb10a97e05a3a723e7db64612b12bb591b1fe7d2e46be8c96a7b2ce7c66076\ + aeded938775ae2223900adaf52a93f52d62173c82d4b67388c85d4c1127e1edf\ + 4643cf09f5375b60c19316c4f8f8fd7daea1d8b44a2d03e97c2741537f63d86b\ + 4a +Modulus: \ + d551680a62ebf98f0ed8930cc5b12de86d0a0c29a0d7e5524c24672a25428833\ + f4c19ac883ead22efcc0c6823f2e942c17adb7ab763ff2c7cc2698fa8b6448e5\ + 14d4628b197721bdaec780e126ac80ac83f24fef5c154f7690ceba903748be52\ + 12e3180ea718ca7a71a49dee939bf9bc5b7845c9648d074587ccd3724493b91f\ + 09 +PrivateExponent: \ + 0f66e04c5a75d3eac03d744e5432f23e3aea066a63 +PublicElement: \ + 2640c188055329f0b44aaf80f82f7fc7f0e421031834dfbd1fb6d6af6ab3e1c1\ + 73c901370a4ce2793c1b88d12f764c58ff064905da9c5001f679c7508972f237\ + bccca56524787466a7c9c2d6bb6392963008ed1a3e4cf3b13e66086bce3a4ca0\ + 4d8cabcf0cadb4c403c7d02a858460d04350e730289cb5adf200b5fdf1198168\ + b5 +Test: KeyPairValidAndConsistent +Message: 909068BEFFA43331FDC7 +Signature: \ + 2d557d8fae420880640dd9f60a524db48980c80d8b0179dd3c1892f02e87c9f6\ + a04a8aa731be05aaffef +Test: Verify +Message: AC8AFC7A1D9105539E10 +Signature: \ + 0ae7f23328453fdb03c090c09ee69d787ee7dfaccd047445b1026a9a7cacdd1f\ + 91455db7299538817894 +Test: Verify +Message: 310E40311BB3F77F9483 +Signature: \ + 28a8d8de06dc0011b044d19a163d350535d6ca91a023c9687557690ddf102d8c\ + 7558246ced311f2fc444 +Test: Verify +Message: 35455ABD53E6FB11ED9B +Signature: \ + 162156e476cba65e767b4db942bb35cdc6293cf4360f1801a215bb2c726c22af\ + f3a711d3c6473f1eb985 +Test: Verify +Message: 95FFA73B52F0D06A0C1E +Signature: \ + 29bf4f13e6aff528aa1b060c2baed865c442e0472422b4bd485aa5ba2a09ad0d\ + 732637bb3ee520f6bc0b +Test: Verify +Message: 1E9934125DA6E9B4E975 +Signature: \ + 1674975d0a97e799d113ff9cad06b7f70a33f5ca5f1916cee07b525270284fbb\ + 1c0428666987ad7e2116 +Test: Verify +Comment: 1536-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 232cf9bee9d56c8bd8252d1edb59d99c40cf32d07d9e5a4893 +SubgroupGenerator: \ + f028143e3f9d1317aafb814215ffda9c584da8943e96212c90a082c3d2f335e8\ + a6b64d1c890aa2224ebf158bec2b6fe6bad236417acd517a4907331e0be0dd0b\ + 801218ac270acdd45579290be1b94bc418b8f82c651d82a19d2f0e1cbb0fbc0f\ + 054d95150af96f9a7488010787a799c544883ff76a4e3092f2ca9aa9000cecb8\ + 8dda343c972c8192a83820727b1945c1a270cf913ab932457e8e6e207d06cd0e\ + fdf265b762b9fa15c9a14633af17204ba2b755ed1b3b421ac596a2a04e64be43 +Modulus: \ + fada6e4becef964a85caf9e129639a5616ac000dbac59bd50b84bc8d46411407\ + 9c34c5b58d7d40027faaf037c6a649c527cb002d3a716bdef62b6c94d7a47a8b\ + 65c2ebac05da09e40cdc417024cccba267a98f4eb69701a276b4f117662b5666\ + 05c36054e7f015d2e5f81331e5666ec17ebf71907788b40cbcea0f24aaffb029\ + ef5c25c55ae998f28a2ddb091d262c32ad324f4e64c7b4b50a19e9d92f6d8024\ + 188627cf5ce68674e7ec7da38fd6cf4ec29a6ce2f17e3188d8ef6b0e50d77d5b +PrivateExponent: \ + 1d4cedc87d55eea31bd702139b90be08d58692a1f97628a01b +PublicElement: \ + 819c8cedb9c014aa577e9046b90795accbebe81bef68b1b5c37c68cb357e1a5f\ + f92761bc26cb0953956b6c0aec05acfc9d1a27c50789793b13d9eaf2361760c9\ + 7a7d86e7d922f4809a5d2d01448e938190bbc24c150e03ef8305365ddbf5ca19\ + 6857314e3b3023f8ddc9d209bd7dad1ee763e7003fd1b0c53057d2e9acadd23a\ + a18f83d20143bc41a2dfa4a164c82621fc0f800052ec01bec7c99c66fe20ec57\ + 67e6fbbe8810cd5aa75eff3d8a4cb53e1259ebcfebcc2fcf21ba7f3589cd525a +Test: KeyPairValidAndConsistent +Message: 9F6DC301DF53FE22CAC0 +Signature: \ + 15b22111ffa1b733979cd9d8944b1291ce09468ccbd05040de0f83023c8fe083\ + 734ec39a542011643e448b01429c4bae06d1 +Test: Verify +Message: 2D7B5B9A27EAB468331E +Signature: \ + 029eea970a049ffcb4c6117c97d181bec7a27557ceb88d422b2212ca36238380\ + 87cd52d2445f539c9c03705ba4b485f56e19 +Test: Verify +Message: F552FCBBA04FFCCC5CB6 +Signature: \ + 115de3cc15d9a066c00fed43f583f6a9c984d4b8f4c93c3d72094a4b04dda506\ + 7d460c3d1ae33ba66ceaac676256c1e73001 +Test: Verify +Message: 0D52B894153A4BB74068 +Signature: \ + 0f6b8cc28e2068a3fe14d220177793daf3512ba6942e9d16ef1571fa34926c27\ + edd1bfa94723a663425f5c2d01eaddaa972e +Test: Verify +Message: 294442E103CC0CBA32A6 +Signature: \ + 0fbd8768a1b3025c0d0d309cc448320e086318772bb9485a5a0a2afa1eb2afb2\ + d1818aa7b1c55b9dc424e654524278f0ddbc +Test: Verify +Message: E993D8FE1E6F6C3914ED +Signature: \ + 0559d66bad3a51520bbb85827a257ab09dfa33938127c69bf40f08339b2f2251\ + c0e50b63d2a4d05225dea7f58f67de3071e9 +Test: Verify +Comment: 2048-bit NR key +KeyFormat: Component +SubgroupOrder: \ + 03f35f80fcd896f03eda9ff07f2e35295384c4f3b8f8c4821369ab5417 +SubgroupGenerator: \ + 75c5d8c8f72302d92be3bf486b8648330ff86954de5e6e83efef624a277574c1\ + 6757684d3874ee303fa08343fe82dae484e5dda6781280b434c4090044cc7ff9\ + b6e962594d3ca069815c0f0b6bfd25215a419420d0ef8a1595c6eb1b44a719b4\ + 0131081f75cc15cb09a5d5a029c8546230c30b4af2d4a9f4374c93a095c83b59\ + 4b1774d635d4aee965f1d094469f7bbf8bdc93216a6b8a6c5753b48962335bf2\ + 092aa583c897878c8a7ce61186b592b05d2aea710b673d5994cedb5f117fdb6b\ + 8ad4d89f443c4eb662b428a34a7522c69794cc0274f3eba837e90da86acbc707\ + 4ee3a0b029d970efa48b3d582b740ae0e585d175a5f63a385f8b6b8878b44e1a +Modulus: \ + 9a08865d2bc9e0cf03d2500b2a08402bb9dc953d5fcd73f04be61236efc0998a\ + 8f012f00e52f7a6e91e81b88a4c9f985a2da523cbe7caff08cae44963d2035ed\ + a72e1f31f82c8d64c86e686899d53c0200282f407ceb1507db480f1db223606a\ + 57466cf60fe9fc5f7ea7d5fd82ed3ab2cf5e35491dfaef0aa2e10fbfa3cdfeb5\ + ebf65e4dfc2837e1f6399db06cc2e0420c7b14a4c0d483b742ca58b31fec9f26\ + a64e9bfcaa82334e644f4b954e2a9c7eeae096b8864ecd223ead3bcf9e8c1f68\ + f6678faccdb7f26d8f33d8a5fb0cb156cc7daf4a96ec2b730c0d7f666d699f73\ + 45a37ddc1ccdea6d8f439ddb23de04a941b246bc257b0aef544a8e868bc8444f +PrivateExponent: \ + 0212c34d3d17b96a899548ebf43bb886676acebd2f040f5b33a4e88d2d +PublicElement: \ + 267f9c3ff3ee3cbc0f9e94dc7e6837e1ff65175e967987b90b9aea7eef1de6e4\ + c342bebb5dbd0c4e2f6514f2d487857a146dda6cfdbc8b56ed254cd65754d84d\ + d21a271cd15fc656274725643728b41ce3f0e6872b6dfb4c289e03f9b903880c\ + e3d7d745dfbb641c8c42ec0bfb6951ca2611fd877c32248c97252bdb42d7bd65\ + ebc50653dff389526c546d1e6ebaf6bd8b3298c01935901b7efb288b78730d89\ + fba7f46f2a642aee0dbc93aa29c190b201acf89d4f8ba28f3e3f54a1c5a48294\ + dda908f904afb7db398682c809ce13abd49279221d5b40ad76216bad7ca256d7\ + 18d3552344c481b20da5aac3e637fb7edeaf7960b532ef761376489f02fa8c10 +Test: KeyPairValidAndConsistent +Message: 5F3914F7AE0F6C76D152 +Signature: \ + 03d30b7eaaddcb384dce378f806e88d646419bbedbc2c0c5cae32f3c3b02e0e1\ + a3c3ab04b31e2c25db713db539a65c9419a846aea88aaa707cb4 +Test: Verify +Message: 769583D4E7EAD14C137A +Signature: \ + 01dc2815fd4918b8d3bd1743f5ab4546313b1fa8044b4737b2c485eeb0016bcc\ + cc084be064b6a8934a28011167eebbc33513ce609aa206810aa1 +Test: Verify +Message: 6441D5239F50C71DE0F5 +Signature: \ + 013f6d395de56832f82ee813b574002c36e551aaeffbb28ddebb84da7f01ff6f\ + 4c3d0f3519d548e2ec1a0b36f12ac1e4fedc83071bbbbce024a6 +Test: Verify +Message: F1C2D4F7C3ECDF2C17B7 +Signature: \ + 006441a8b3517613f9a8c2e7a89c492e7f49300d901ad01b92167c1fce02453d\ + 52b69dc1fc6532e792ad6366eae7fb14de3ad3f6f3132b0519fc +Test: Verify +Message: 752A1F2B8D9A717A882F +Signature: \ + 0127027984402f5b8cc069decc1bd611f0bb59c6eee86da7d334e3f8b903c5f3\ + 02c65aaf16a837963bf772931235f81e963e4d692699dfd4f7e1 +Test: Verify +Message: 666DC6B1E871026EDE56 +Signature: \ + 03e87b55a7e81318b7599da3fa8f18d46253b6546814fd1ae19318820100c297\ + 4de2624da0d54ca27e7fe3477913a6df35bf925de3f3d9a06849 +Test: Verify diff --git a/c5/TestVectors/rsa_oaep.txt b/c5/TestVectors/rsa_oaep.txt new file mode 100644 index 0000000..4e4cdd3 --- /dev/null +++ b/c5/TestVectors/rsa_oaep.txt @@ -0,0 +1,1765 @@ +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 1: A 1024-bit RSA Key Pair +Modulus: \ +a8 b3 b2 84 af 8e b5 0b 38 70 34 a8 60 f1 46 c4 \ +91 9f 31 87 63 cd 6c 55 98 c8 ae 48 11 a1 e0 ab \ +c4 c7 e0 b0 82 d6 93 a5 e7 fc ed 67 5c f4 66 85 \ +12 77 2c 0c bc 64 a7 42 c6 c6 30 f5 33 c8 cc 72 \ +f6 2a e8 33 c4 0b f2 58 42 e9 84 bb 78 bd bf 97 \ +c0 10 7d 55 bd b6 62 f5 c4 e0 fa b9 84 5c b5 14 \ +8e f7 39 2d d3 aa ff 93 ae 1e 6b 66 7b b3 d4 24 \ +76 16 d4 f5 ba 10 d4 cf d2 26 de 88 d3 9f 16 fb +PublicExponent: 01 00 01 +PrivateExponent: \ +53 33 9c fd b7 9f c8 46 6a 65 5c 73 16 ac a8 5c \ +55 fd 8f 6d d8 98 fd af 11 95 17 ef 4f 52 e8 fd \ +8e 25 8d f9 3f ee 18 0f a0 e4 ab 29 69 3c d8 3b \ +15 2a 55 3d 4a c4 d1 81 2b 8b 9f a5 af 0e 7f 55 \ +fe 73 04 df 41 57 09 26 f3 31 1f 15 c4 d6 5a 73 \ +2c 48 31 16 ee 3d 3d 2d 0a f3 54 9a d9 bf 7c bf \ +b7 8a d8 84 f8 4d 5b eb 04 72 4d c7 36 9b 31 de \ +f3 7d 0c f5 39 e9 cf cd d3 de 65 37 29 ea d5 d1 +Prime1: \ +d3 27 37 e7 26 7f fe 13 41 b2 d5 c0 d1 50 a8 1b \ +58 6f b3 13 2b ed 2f 8d 52 62 86 4a 9c b9 f3 0a \ +f3 8b e4 48 59 8d 41 3a 17 2e fb 80 2c 21 ac f1 \ +c1 1c 52 0c 2f 26 a4 71 dc ad 21 2e ac 7c a3 9d +Prime2: \ +cc 88 53 d1 d5 4d a6 30 fa c0 04 f4 71 f2 81 c7 \ +b8 98 2d 82 24 a4 90 ed be b3 3d 3e 3d 5c c9 3c \ +47 65 70 3d 1d d7 91 64 2f 1f 11 6a 0d d8 52 be \ +24 19 b2 af 72 bf e9 a0 30 e8 60 b0 28 8b 5d 77 +ModPrime1PrivateExponent: \ +0e 12 bf 17 18 e9 ce f5 59 9b a1 c3 88 2f e8 04 \ +6a 90 87 4e ef ce 8f 2c cc 20 e4 f2 74 1f b0 a3 \ +3a 38 48 ae c9 c9 30 5f be cb d2 d7 68 19 96 7d \ +46 71 ac c6 43 1e 40 37 96 8d b3 78 78 e6 95 c1 +ModPrime2PrivateExponent: \ +95 29 7b 0f 95 a2 fa 67 d0 07 07 d6 09 df d4 fc \ +05 c8 9d af c2 ef 6d 6e a5 5b ec 77 1e a3 33 73 \ +4d 92 51 e7 90 82 ec da 86 6e fe f1 3c 45 9e 1a \ +63 13 86 b7 e3 54 c8 99 f5 f1 12 ca 85 d7 15 83 +MultiplicativeInverseOfPrime2ModPrime1: \ +4f 45 6c 50 24 93 bd c0 ed 2a b7 56 a3 a6 ed 4d \ +67 35 2a 69 7d 42 16 e9 32 12 b1 27 a6 3d 54 11 \ +ce 6f a9 8d 5d be fd 73 26 3e 37 28 14 27 43 81 \ +81 66 ed 7d d6 36 87 dd 2a 8c a1 d2 f4 fb d8 e1 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 1.1 +Plaintext: \ +66 28 19 4e 12 07 3d b0 3b a9 4c da 9e f9 53 23 \ +97 d5 0d ba 79 b9 87 00 4a fe fe 34 +Seed: # not used yet\ +18 b7 76 ea 21 06 9d 69 77 6a 33 e9 6b ad 48 e1 \ +dd a0 a5 ef +Ciphertext: \ +35 4f e6 7b 4a 12 6d 5d 35 fe 36 c7 77 79 1a 3f \ +7b a1 3d ef 48 4e 2d 39 08 af f7 22 fa d4 68 fb \ +21 69 6d e9 5d 0b e9 11 c2 d3 17 4f 8a fc c2 01 \ +03 5f 7b 6d 8e 69 40 2d e5 45 16 18 c2 1a 53 5f \ +a9 d7 bf c5 b8 dd 9f c2 43 f8 cf 92 7d b3 13 22 \ +d6 e8 81 ea a9 1a 99 61 70 e6 57 a0 5a 26 64 26 \ +d9 8c 88 00 3f 84 77 c1 22 70 94 a0 d9 fa 1e 8c \ +40 24 30 9c e1 ec cc b5 21 00 35 d4 7a c7 2e 8a +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 1.2 +Plaintext: \ +75 0c 40 47 f5 47 e8 e4 14 11 85 65 23 29 8a c9\ +ba e2 45 ef af 13 97 fb e5 6f 9d d5 +Seed: # not used yet\ +0c c7 42 ce 4a 9b 7f 32 f9 51 bc b2 51 ef d9 25\ +fe 4f e3 5f +Ciphertext: \ +64 0d b1 ac c5 8e 05 68 fe 54 07 e5 f9 b7 01 df\ +f8 c3 c9 1e 71 6c 53 6f c7 fc ec 6c b5 b7 1c 11\ +65 98 8d 4a 27 9e 15 77 d7 30 fc 7a 29 93 2e 3f\ +00 c8 15 15 23 6d 8d 8e 31 01 7a 7a 09 df 43 52\ +d9 04 cd eb 79 aa 58 3a dc c3 1e a6 98 a4 c0 52\ +83 da ba 90 89 be 54 91 f6 7c 1a 4e e4 8d c7 4b\ +bb e6 64 3a ef 84 66 79 b4 cb 39 5a 35 2d 5e d1\ +15 91 2d f6 96 ff e0 70 29 32 94 6d 71 49 2b 44 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 1.3 +Plaintext: \ +d9 4a e0 83 2e 64 45 ce 42 33 1c b0 6d 53 1a 82\ +b1 db 4b aa d3 0f 74 6d c9 16 df 24 d4 e3 c2 45\ +1f ff 59 a6 42 3e b0 e1 d0 2d 4f e6 46 cf 69 9d\ +fd 81 8c 6e 97 b0 51 +Seed: # not used yet\ +25 14 df 46 95 75 5a 67 b2 88 ea f4 90 5c 36 ee\ +c6 6f d2 fd +Ciphertext: \ +42 37 36 ed 03 5f 60 26 af 27 6c 35 c0 b3 74 1b\ +36 5e 5f 76 ca 09 1b 4e 8c 29 e2 f0 be fe e6 03\ +59 5a a8 32 2d 60 2d 2e 62 5e 95 eb 81 b2 f1 c9\ +72 4e 82 2e ca 76 db 86 18 cf 09 c5 34 35 03 a4\ +36 08 35 b5 90 3b c6 37 e3 87 9f b0 5e 0e f3 26\ +85 d5 ae c5 06 7c d7 cc 96 fe 4b 26 70 b6 ea c3\ +06 6b 1f cf 56 86 b6 85 89 aa fb 7d 62 9b 02 d8\ +f8 62 5c a3 83 36 24 d4 80 0f b0 81 b1 cf 94 eb +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 1.4 +Plaintext: \ +52 e6 50 d9 8e 7f 2a 04 8b 4f 86 85 21 53 b9 7e\ +01 dd 31 6f 34 6a 19 f6 7a 85 +Seed: # not used yet\ +c4 43 5a 3e 1a 18 a6 8b 68 20 43 62 90 a3 7c ef\ +b8 5d b3 fb +Ciphertext: \ +45 ea d4 ca 55 1e 66 2c 98 00 f1 ac a8 28 3b 05\ +25 e6 ab ae 30 be 4b 4a ba 76 2f a4 0f d3 d3 8e\ +22 ab ef c6 97 94 f6 eb bb c0 5d db b1 12 16 24\ +7d 2f 41 2f d0 fb a8 7c 6e 3a cd 88 88 13 64 6f\ +d0 e4 8e 78 52 04 f9 c3 f7 3d 6d 82 39 56 27 22\ +dd dd 87 71 fe c4 8b 83 a3 1e e6 f5 92 c4 cf d4\ +bc 88 17 4f 3b 13 a1 12 aa e3 b9 f7 b8 0e 0f c6\ +f7 25 5b a8 80 dc 7d 80 21 e2 2a d6 a8 5f 07 55 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 1.5 +Plaintext: \ +8d a8 9f d9 e5 f9 74 a2 9f ef fb 46 2b 49 18 0f\ +6c f9 e8 02 +Seed: # not used yet\ +b3 18 c4 2d f3 be 0f 83 fe a8 23 f5 a7 b4 7e d5\ +e4 25 a3 b5 +Ciphertext: \ +36 f6 e3 4d 94 a8 d3 4d aa cb a3 3a 21 39 d0 0a\ +d8 5a 93 45 a8 60 51 e7 30 71 62 00 56 b9 20 e2\ +19 00 58 55 a2 13 a0 f2 38 97 cd cd 73 1b 45 25\ +7c 77 7f e9 08 20 2b ef dd 0b 58 38 6b 12 44 ea\ +0c f5 39 a0 5d 5d 10 32 9d a4 4e 13 03 0f d7 60\ +dc d6 44 cf ef 20 94 d1 91 0d 3f 43 3e 1c 7c 6d\ +d1 8b c1 f2 df 7f 64 3d 66 2f b9 dd 37 ea d9 05\ +91 90 f4 fa 66 ca 39 e8 69 c4 eb 44 9c bd c4 39 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 1.6 +Plaintext: \ +26 52 10 50 84 42 71 +Seed: # not used yet\ +e4 ec 09 82 c2 33 6f 3a 67 7f 6a 35 61 74 eb 0c\ +e8 87 ab c2 +Ciphertext: \ +42 ce e2 61 7b 1e ce a4 db 3f 48 29 38 6f bd 61\ +da fb f0 38 e1 80 d8 37 c9 63 66 df 24 c0 97 b4\ +ab 0f ac 6b df 59 0d 82 1c 9f 10 64 2e 68 1a d0\ +5b 8d 78 b3 78 c0 f4 6c e2 fa d6 3f 74 e0 ad 3d\ +f0 6b 07 5d 7e b5 f5 63 6f 8d 40 3b 90 59 ca 76\ +1b 5c 62 bb 52 aa 45 00 2e a7 0b aa ce 08 de d2\ +43 b9 d8 cb d6 2a 68 ad e2 65 83 2b 56 56 4e 43\ +a6 fa 42 ed 19 9a 09 97 69 74 2d f1 53 9e 82 55 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 2: A 1025-bit RSA Key Pair +Modulus: \ +01 94 7c 7f ce 90 42 5f 47 27 9e 70 85 1f 25 d5\ +e6 23 16 fe 8a 1d f1 93 71 e3 e6 28 e2 60 54 3e\ +49 01 ef 60 81 f6 8c 0b 81 41 19 0d 2a e8 da ba\ +7d 12 50 ec 6d b6 36 e9 44 ec 37 22 87 7c 7c 1d\ +0a 67 f1 4b 16 94 c5 f0 37 94 51 a4 3e 49 a3 2d\ +de 83 67 0b 73 da 91 a1 c9 9b c2 3b 43 6a 60 05\ +5c 61 0f 0b af 99 c1 a0 79 56 5b 95 a3 f1 52 66\ +32 d1 d4 da 60 f2 0e da 25 e6 53 c4 f0 02 76 6f\ +45 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +08 23 f2 0f ad b5 da 89 08 8a 9d 00 89 3e 21 fa\ +4a 1b 11 fb c9 3c 64 a3 be 0b aa ea 97 fb 3b 93\ +c3 ff 71 37 04 c1 9c 96 3c 1d 10 7a ae 99 05 47\ +39 f7 9e 02 e1 86 de 86 f8 7a 6d de fe a6 d8 cc\ +d1 d3 c8 1a 47 bf a7 25 5b e2 06 01 a4 a4 b2 f0\ +8a 16 7b 5e 27 9d 71 5b 1b 45 5b dd 7e ab 24 59\ +41 d9 76 8b 9a ce fb 3c cd a5 95 2d a3 ce e7 25\ +25 b4 50 16 63 a8 ee 15 c9 e9 92 d9 24 62 fe 39 +Prime1: \ +01 59 db de 04 a3 3e f0 6f b6 08 b8 0b 19 0f 4d\ +3e 22 bc c1 3a c8 e4 a0 81 03 3a bf a4 16 ed b0\ +b3 38 aa 08 b5 73 09 ea 5a 52 40 e7 dc 6e 54 37\ +8c 69 41 4c 31 d9 7d db 1f 40 6d b3 76 9c c4 1a\ +43 +Prime2: \ +01 2b 65 2f 30 40 3b 38 b4 09 95 fd 6f f4 1a 1a\ +cc 8a da 70 37 32 36 b7 20 2d 39 b2 ee 30 cf b4\ +6d b0 95 11 f6 f3 07 cc 61 cc 21 60 6c 18 a7 5b\ +8a 62 f8 22 df 03 1b a0 df 0d af d5 50 6f 56 8b\ +d7 +ModPrime1PrivateExponent: \ +43 6e f5 08 de 73 65 19 c2 da 4c 58 0d 98 c8 2c\ +b7 45 2a 3f b5 ef ad c3 b9 c7 78 9a 1b c6 58 4f\ +79 5a dd bb d3 24 39 c7 46 86 55 2e cb 6c 2c 30\ +7a 4d 3a f7 f5 39 ee c1 57 24 8c 7b 31 f1 a2 55 +ModPrime2PrivateExponent: \ +01 2b 15 a8 9f 3d fb 2b 39 07 3e 73 f0 2b dd 0c\ +1a 7b 37 9d d4 35 f0 5c dd e2 ef f9 e4 62 94 8b\ +7c ec 62 ee 90 50 d5 e0 81 6e 07 85 a8 56 b4 91\ +08 dc b7 5f 36 83 87 4d 1c a6 32 9a 19 01 30 66\ +ff +MultiplicativeInverseOfPrime2ModPrime1: \ +02 70 db 17 d5 91 4b 01 8d 76 11 8b 24 38 9a 73\ +50 ec 83 6b 00 63 a2 17 21 23 6f d8 ed b6 d8 9b\ +51 e7 ee b8 7b 61 1b 71 32 cb 7e a7 35 6c 23 15\ +1c 1e 77 51 50 7c 78 6d 9e e1 79 41 70 a8 c8 e8 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 2.1 +Plaintext: \ +8f f0 0c aa 60 5c 70 28 30 63 4d 9a 6c 3d 42 c6\ +52 b5 8c f1 d9 2f ec 57 0b ee e7 +Seed: # not used yet\ +8c 40 7b 5e c2 89 9e 50 99 c5 3e 8c e7 93 bf 94\ +e7 1b 17 82 +Ciphertext: \ +01 81 af 89 22 b9 fc b4 d7 9d 92 eb e1 98 15 99\ +2f c0 c1 43 9d 8b cd 49 13 98 a0 f4 ad 3a 32 9a\ +5b d9 38 55 60 db 53 26 83 c8 b7 da 04 e4 b1 2a\ +ed 6a ac df 47 1c 34 c9 cd a8 91 ad dc c2 df 34\ +56 65 3a a6 38 2e 9a e5 9b 54 45 52 57 eb 09 9d\ +56 2b be 10 45 3f 2b 6d 13 c5 9c 02 e1 0f 1f 8a\ +bb 5d a0 d0 57 09 32 da cf 2d 09 01 db 72 9d 0f\ +ef cc 05 4e 70 96 8e a5 40 c8 1b 04 bc ae fe 72\ +0e +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 2.2 +Plaintext: \ +2d +Seed: # not used yet\ +b6 00 cf 3c 2e 50 6d 7f 16 77 8c 91 0d 3a 8b 00\ +3e ee 61 d5 +Ciphertext: \ +01 87 59 ff 1d f6 3b 27 92 41 05 62 31 44 16 a8\ +ae af 2a c6 34 b4 6f 94 0a b8 2d 64 db f1 65 ee\ +e3 30 11 da 74 9d 4b ab 6e 2f cd 18 12 9c 9e 49\ +27 7d 84 53 11 2b 42 9a 22 2a 84 71 b0 70 99 39\ +98 e7 58 86 1c 4d 3f 6d 74 9d 91 c4 29 0d 33 2c\ +7a 4a b3 f7 ea 35 ff 3a 07 d4 97 c9 55 ff 0f fc\ +95 00 6b 62 c6 d2 96 81 0d 9b fa b0 24 19 6c 79\ +34 01 2c 2d f9 78 ef 29 9a ba 23 99 40 cb a1 02\ +45 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 2.3 +Plaintext: \ +74 fc 88 c5 1b c9 0f 77 af 9d 5e 9a 4a 70 13 3d\ +4b 4e 0b 34 da 3c 37 c7 ef 8e +Seed: # not used yet\ +a7 37 68 ae ea a9 1f 9d 8c 1e d6 f9 d2 b6 34 67\ +f0 7c ca e3 +Ciphertext: \ +01 88 02 ba b0 4c 60 32 5e 81 c4 96 23 11 f2 be\ +7c 2a dc e9 30 41 a0 07 19 c8 8f 95 75 75 f2 c7\ +9f 1b 7b c8 ce d1 15 c7 06 b3 11 c0 8a 2d 98 6c\ +a3 b6 a9 33 6b 14 7c 29 c6 f2 29 40 9d de c6 51\ +bd 1f dd 5a 0b 7f 61 0c 99 37 fd b4 a3 a7 62 36\ +4b 8b 32 06 b4 ea 48 5f d0 98 d0 8f 63 d4 aa 8b\ +b2 69 7d 02 7b 75 0c 32 d7 f7 4e af 51 80 d2 e9\ +b6 6b 17 cb 2f a5 55 23 bc 28 0d a1 0d 14 be 20\ +53 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 2.4 +Plaintext: \ +a7 eb 2a 50 36 93 1d 27 d4 e8 91 32 6d 99 69 2f\ +fa dd a9 bf 7e fd 3e 34 e6 22 c4 ad c0 85 f7 21\ +df e8 85 07 2c 78 a2 03 b1 51 73 9b e5 40 fa 8c\ +15 3a 10 f0 0a +Seed: # not used yet\ +9a 7b 3b 0e 70 8b d9 6f 81 90 ec ab 4f b9 b2 b3\ +80 5a 81 56 +Ciphertext: \ +00 a4 57 8c bc 17 63 18 a6 38 fb a7 d0 1d f1 57\ +46 af 44 d4 f6 cd 96 d7 e7 c4 95 cb f4 25 b0 9c\ +64 9d 32 bf 88 6d a4 8f ba f9 89 a2 11 71 87 ca\ +fb 1f b5 80 31 76 90 e3 cc d4 46 92 0b 7a f8 2b\ +31 db 58 04 d8 7d 01 51 4a cb fa 91 56 e7 82 f8\ +67 f6 be d9 44 9e 0e 9a 2c 09 bc ec c6 aa 08 76\ +36 96 5e 34 b3 ec 76 6f 2f e2 e4 30 18 a2 fd de\ +b1 40 61 6a 0e 9d 82 e5 33 10 24 ee 06 52 fc 76\ +41 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 2.5 +Plaintext: \ +2e f2 b0 66 f8 54 c3 3f 3b dc bb 59 94 a4 35 e7\ +3d 6c 6c +Seed: # not used yet\ +eb 3c eb bc 4a dc 16 bb 48 e8 8c 8a ec 0e 34 af\ +7f 42 7f d3 +Ciphertext: \ +00 eb c5 f5 fd a7 7c fd ad 3c 83 64 1a 90 25 e7\ +7d 72 d8 a6 fb 33 a8 10 f5 95 0f 8d 74 c7 3e 8d\ +93 1e 86 34 d8 6a b1 24 62 56 ae 07 b6 00 5b 71\ +b7 f2 fb 98 35 12 18 33 1c e6 9b 8f fb dc 9d a0\ +8b bc 9c 70 4f 87 6d eb 9d f9 fc 2e c0 65 ca d8\ +7f 90 90 b0 7a cc 17 aa 7f 99 7b 27 ac a4 88 06\ +e8 97 f7 71 d9 51 41 fe 45 26 d8 a5 30 1b 67 86\ +27 ef ab 70 7f d4 0f be bd 6e 79 2a 25 61 3e 7a\ +ec +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 2.6 +Plaintext: \ +8a 7f b3 44 c8 b6 cb 2c f2 ef 1f 64 3f 9a 32 18\ +f6 e1 9b ba 89 c0 +Seed: # not used yet\ +4c 45 cf 4d 57 c9 8e 3d 6d 20 95 ad c5 1c 48 9e\ +b5 0d ff 84 +Ciphertext: \ +01 08 39 ec 20 c2 7b 90 52 e5 5b ef b9 b7 7e 6f\ +c2 6e 90 75 d7 a5 43 78 c6 46 ab df 51 e4 45 bd\ +57 15 de 81 78 9f 56 f1 80 3d 91 70 76 4a 9e 93\ +cb 78 79 86 94 02 3e e7 39 3c e0 4b c5 d8 f8 c5\ +a5 2c 17 1d 43 83 7e 3a ca 62 f6 09 eb 0a a5 ff\ +b0 96 0e f0 41 98 dd 75 4f 57 f7 fb e6 ab f7 65\ +cf 11 8b 4c a4 43 b2 3b 5a ab 26 6f 95 23 26 ac\ +45 81 10 06 44 32 5f 8b 72 1a cd 5d 04 ff 14 ef\ +3a +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 3: A 1026-bit RSA Key Pair +Modulus: \ +02 b5 8f ec 03 9a 86 07 00 a4 d7 b6 46 2f 93 e6\ +cd d4 91 16 1d dd 74 f4 e8 10 b4 0e 3c 16 52 00\ +6a 5c 27 7b 27 74 c1 13 05 a4 cb ab 5a 78 ef a5\ +7e 17 a8 6d f7 a3 fa 36 fc 4b 1d 22 49 f2 2e c7\ +c2 dd 6a 46 32 32 ac ce a9 06 d6 6e be 80 b5 70\ +4b 10 72 9d a6 f8 33 23 4a bb 5e fd d4 a2 92 cb\ +fa d3 3b 4d 33 fa 7a 14 b8 c3 97 b5 6e 3a cd 21\ +20 34 28 b7 7c df a3 3a 6d a7 06 b3 d8 b0 fc 43\ +e9 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +15 b4 8a 5b 56 83 a9 46 70 e2 3b 57 18 f8 14 fa\ +0e 13 f8 50 38 f5 07 11 18 2c ba 61 51 05 81 f3\ +d2 2c 7e 23 2e f9 37 e2 2e 55 1d 68 b8 6e 2f 8c\ +b1 aa d8 be 2e 48 8f 5d f7 ef d2 79 e3 f5 68 d4\ +ea f3 6f 80 cf 71 41 ac e6 0f cc 91 13 fb 6c 4a\ +84 1f d5 0b bc 7c 51 2f fc be ff 21 48 7a a8 11\ +eb 3c a8 c6 20 05 34 6a 86 de 86 bf a1 d8 a9 48\ +fd 3f 34 8c 22 ea ad f3 33 c3 ce 6c e1 32 08 fd +Prime1: \ +01 bf 01 d2 16 d7 35 95 cf 02 70 c2 be b7 8d 40\ +a0 d8 44 7d 31 da 91 9a 98 3f 7e ea 78 1b 77 d8\ +5f e3 71 b3 e9 37 3e 7b 69 21 7d 31 50 a0 2d 89\ +58 de 7f ad 9d 55 51 60 95 8b 44 54 12 7e 0e 7e\ +af +Prime2: \ +01 8d 33 99 65 81 66 db 38 29 81 6d 7b 29 54 16\ +75 9e 9c 91 98 7f 5b 2d 8a ec d6 3b 04 b4 8b d7\ +b2 fc f2 29 bb 7f 8a 6d c8 8b a1 3d d2 e3 9a d5\ +5b 6d 1a 06 16 07 08 f9 70 0b e8 0b 8f d3 74 4c\ +e7 +ModPrime1PrivateExponent: \ +06 c0 a2 49 d2 0a 6f 2e e7 5c 88 b4 94 d5 3f 6a\ +ae 99 aa 42 7c 88 c2 8b 16 3a 76 94 45 e5 f3 90\ +cf 40 c2 74 fd 6e a6 32 9a 5c e7 c7 ce 03 a2 15\ +83 96 ee 2a 78 45 78 6e 09 e2 88 5a 97 28 e4 e5 +ModPrime2PrivateExponent: \ +d1 d2 7c 29 fe dd 92 d8 6c 34 8e dd 0c cb fa c1\ +4f 74 6e 05 1c e1 d1 81 1d f3 5d 61 f2 ee 1c 97\ +d4 bf 28 04 80 2f 64 27 18 7b a8 e9 0a 8a f4 42\ +43 b4 07 9b 03 44 5e 60 2e 29 fa 51 93 e6 4f e9 +MultiplicativeInverseOfPrime2ModPrime1: \ +8c b2 f7 56 bd 89 41 b1 d3 b7 70 e5 ad 31 ee 37\ +3b 28 ac da 69 ff 9b 6f 40 fe 57 8b 9f 1a fb 85\ +83 6f 96 27 d3 7a cf f7 3c 27 79 e6 34 bb 26 01\ +1c 2c 8f 7f 33 61 ae 2a 9e a6 5e d6 89 e3 63 9a +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 3.1 +Plaintext: \ +08 78 20 b5 69 e8 fa 8d +Seed: # not used yet\ +8c ed 6b 19 62 90 80 57 90 e9 09 07 40 15 e6 a2\ +0b 0c 48 94 +Ciphertext: \ +02 6a 04 85 d9 6a eb d9 6b 43 82 08 50 99 b9 62\ +e6 a2 bd ec 3d 90 c8 db 62 5e 14 37 2d e8 5e 2d\ +5b 7b aa b6 5c 8f af 91 bb 55 04 fb 49 5a fc e5\ +c9 88 b3 f6 a5 2e 20 e1 d6 cb d3 56 6c 5c d1 f2\ +b8 31 8b b5 42 cc 0e a2 5c 4a ab 99 32 af a2 07\ +60 ea dd ec 78 43 96 a0 7e a0 ef 24 d4 e6 f4 d3\ +7e 50 52 a7 a3 1e 14 6a a4 80 a1 11 bb e9 26 40\ +13 07 e0 0f 41 00 33 84 2b 6d 82 fe 5c e4 df ae\ +80 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 3.2 +Plaintext: \ +46 53 ac af 17 19 60 b0 1f 52 a7 be 63 a3 ab 21\ +dc 36 8e c4 3b 50 d8 2e c3 78 1e 04 +Seed: # not used yet\ +b4 29 1d 65 67 55 08 48 cc 15 69 67 c8 09 ba ab\ +6c a5 07 f0 +Ciphertext: \ +02 4d b8 9c 78 02 98 9b e0 78 38 47 86 30 84 94\ +1b f2 09 d7 61 98 7e 38 f9 7c b5 f6 f1 bc 88 da\ +72 a5 0b 73 eb af 11 c8 79 c4 f9 5d f3 7b 85 0b\ +8f 65 d7 62 2e 25 b1 b8 89 e8 0f e8 0b ac a2 06\ +9d 6e 0e 1d 82 99 53 fc 45 90 69 de 98 ea 97 98\ +b4 51 e5 57 e9 9a bf 8f e3 d9 cc f9 09 6e bb f3\ +e5 25 5d 3b 4e 1c 6d 2e ca df 06 7a 35 9e ea 86\ +40 5a cd 47 d5 e1 65 51 7c ca fd 47 d6 db ee 4b\ +f5 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 3.3 +Plaintext: \ +d9 4c d0 e0 8f a4 04 ed 89 +Seed: # not used yet\ +ce 89 28 f6 05 95 58 25 40 08 ba dd 97 94 fa dc\ +d2 fd 1f 65 +Ciphertext: \ +02 39 bc e6 81 03 24 41 52 88 77 d6 d1 c8 bb 28\ +aa 3b c9 7f 1d f5 84 56 36 18 99 57 97 68 38 44\ +ca 86 66 47 32 f4 be d7 a0 aa b0 83 aa ab fb 72\ +38 f5 82 e3 09 58 c2 02 4e 44 e5 70 43 b9 79 50\ +fd 54 3d a9 77 c9 0c dd e5 33 7d 61 84 42 f9 9e\ +60 d7 78 3a b5 9c e6 dd 9d 69 c4 7a d1 e9 62 be\ +c2 2d 05 89 5c ff 8d 3f 64 ed 52 61 d9 2b 26 78\ +51 03 93 48 49 90 ba 3f 7f 06 81 8a e6 ff ce 8a\ +3a +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 3.4 +Plaintext: \ +6c c6 41 b6 b6 1e 6f 96 39 74 da d2 3a 90 13 28\ +4e f1 +Seed: # not used yet\ +6e 29 79 f5 2d 68 14 a5 7d 83 b0 90 05 48 88 f1\ +19 a5 b9 a3 +Ciphertext: \ +02 99 4c 62 af d7 6f 49 8b a1 fd 2c f6 42 85 7f\ +ca 81 f4 37 3c b0 8f 1c ba ee 6f 02 5c 3b 51 2b\ +42 c3 e8 77 91 13 47 66 48 03 9d be 04 93 f9 24\ +62 92 fa c2 89 50 60 0e 7c 0f 32 ed f9 c8 1b 9d\ +ec 45 c3 bd e0 cc 8d 88 47 59 01 69 90 7b 7d c5\ +99 1c eb 29 bb 07 14 d6 13 d9 6d f0 f1 2e c5 d8\ +d3 50 7c 8e e7 ae 78 dd 83 f2 16 fa 61 de 10 03\ +63 ac a4 8a 7e 91 4a e9 f4 2d df be 94 3b 09 d9\ +a0 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 3.5 +Plaintext: \ +df 51 51 83 2b 61 f4 f2 58 91 fb 41 72 f3 28 d2\ +ed df 83 71 ff cf db e9 97 93 92 95 f3 0e ca 69\ +18 01 7c fd a1 15 3b f7 a6 af 87 59 32 23 +Seed: # not used yet\ +2d 76 0b fe 38 c5 9d e3 4c dc 8b 8c 78 a3 8e 66\ +28 4a 2d 27 +Ciphertext: \ +01 62 04 2f f6 96 95 92 a6 16 70 31 81 1a 23 98\ +34 ce 63 8a bf 54 fe c8 b9 94 78 12 2a fe 2e e6\ +7f 8c 5b 18 b0 33 98 05 bf db c5 a4 e6 72 0b 37\ +c5 9c fb a9 42 46 4c 59 7f f5 32 a1 19 82 15 45\ +fd 2e 59 b1 14 e6 1d af 71 82 05 29 f5 02 9c f5\ +24 95 43 27 c3 4e c5 e6 f5 ba 7e fc c4 de 94 3a\ +b8 ad 4e d7 87 b1 45 43 29 f7 0d b7 98 a3 a8 f4\ +d9 2f 82 74 e2 b2 94 8a de 62 7c e8 ee 33 e4 3c\ +60 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 3.6 +Plaintext: \ +3c 3b ad 89 3c 54 4a 6d 52 0a b0 22 31 91 88 c8\ +d5 04 b7 a7 88 b8 50 90 3b 85 97 2e aa 18 55 2e\ +11 34 a7 ad 60 98 82 62 54 ff 7a b6 72 b3 d8 eb\ +31 58 fa c6 d4 cb ae f1 +Seed: # not used yet\ +f1 74 77 9c 5f d3 cf e0 07 ba dc b7 a3 6c 9b 55\ +bf cf bf 0e +Ciphertext: \ +00 11 20 51 e7 5d 06 49 43 bc 44 78 07 5e 43 48\ +2f d5 9c ee 06 79 de 68 93 ee c3 a9 43 da a4 90\ +b9 69 1c 93 df c0 46 4b 66 23 b9 f3 db d3 e7 00\ +83 26 4f 03 4b 37 4f 74 16 4e 1a 00 76 37 25 e5\ +74 74 4b a0 b9 db 83 43 4f 31 df 96 f6 e2 a2 6f\ +6d 8e ba 34 8b d4 68 6c 22 38 ac 07 c3 7a ac 37\ +85 d1 c7 ee a2 f8 19 fd 91 49 17 98 ed 8e 9c ef\ +5e 43 b7 81 b0 e0 27 6e 37 c4 3f f9 49 2d 00 57\ +30 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 4: A 1027-bit RSA Key Pair +Modulus: \ +05 12 40 b6 cc 00 04 fa 48 d0 13 46 71 c0 78 c7\ +c8 de c3 b3 e2 f2 5b c2 56 44 67 33 9d b3 88 53\ +d0 6b 85 ee a5 b2 de 35 3b ff 42 ac 2e 46 bc 97\ +fa e6 ac 96 18 da 95 37 a5 c8 f5 53 c1 e3 57 62\ +59 91 d6 10 8d cd 78 85 fb 3a 25 41 3f 53 ef ca\ +d9 48 cb 35 cd 9b 9a e9 c1 c6 76 26 d1 13 d5 7d\ +de 4c 5b ea 76 bb 5b b7 de 96 c0 0d 07 37 2e 96\ +85 a6 d7 5c f9 d2 39 fa 14 8d 70 93 1b 5f 3f b0\ +39 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +04 11 ff ca 3b 7c a5 e9 e9 be 7f e3 8a 85 10 5e\ +35 38 96 db 05 c5 79 6a ec d2 a7 25 16 1e b3 65\ +1c 86 29 a9 b8 62 b9 04 d7 b0 c7 b3 7f 8c b5 a1\ +c2 b5 40 01 01 8a 00 a1 eb 2c af e4 ee 4e 94 92\ +c3 48 bc 2b ed ab 4b 9e bb f0 64 e8 ef f3 22 b9\ +00 9f 8e ec 65 39 05 f4 0d f8 8a 3c dc 49 d4 56\ +7f 75 62 7d 41 ac a6 24 12 9b 46 a0 b7 c6 98 e5\ +e6 5f 2b 7b a1 02 c7 49 a1 01 35 b6 54 0d 04 01 +Prime1: \ +02 74 58 c1 9e c1 63 69 19 e7 36 c9 af 25 d6 09\ +a5 1b 8f 56 1d 19 c6 bf 69 43 dd 1e e1 ab 8a 4a\ +3f 23 21 00 bd 40 b8 8d ec c6 ba 23 55 48 b6 ef\ +79 2a 11 c9 de 82 3d 0a 79 22 c7 09 5b 6e ba 57\ +01 +Prime2: \ +02 10 ee 9b 33 ab 61 71 6e 27 d2 51 bd 46 5f 4b\ +35 a1 a2 32 e2 da 00 90 1c 29 4b f2 23 50 ce 49\ +0d 09 9f 64 2b 53 75 61 2d b6 3b a1 f2 03 86 49\ +2b f0 4d 34 b3 c2 2b ce b9 09 d1 34 41 b5 3b 51\ +39 +ModPrime1PrivateExponent: \ +39 fa 02 8b 82 6e 88 c1 12 1b 75 0a 8b 24 2f a9\ +a3 5c 5b 66 bd fd 1f a6 37 d3 cc 48 a8 4a 4f 45\ +7a 19 4e 77 27 e4 9f 7b cc 6e 5a 5a 41 26 57 fc\ +47 0c 73 22 eb c3 74 16 ef 45 8c 30 7a 8c 09 01 +ModPrime2PrivateExponent: \ +01 5d 99 a8 41 95 94 39 79 fa 9e 1b e2 c3 c1 b6\ +9f 43 2f 46 fd 03 e4 7d 5b ef bb bf d6 b1 d1 37\ +1d 83 ef b3 30 a3 e0 20 94 2b 2f ed 11 5e 5d 02\ +be 24 fd 92 c9 01 9d 1c ec d6 dd 4c f1 e5 4c c8\ +99 +MultiplicativeInverseOfPrime2ModPrime1: \ +01 f0 b7 01 51 70 b3 f5 e4 22 23 ba 30 30 1c 41\ +a6 d8 7c bb 70 e3 0c b7 d3 c6 7d 25 47 3d b1 f6\ +cb f0 3e 3f 91 26 e3 e9 79 68 27 9a 86 5b 2c 2b\ +42 65 24 cf c5 2a 68 3d 31 ed 30 eb 98 4b e4 12\ +ba +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 4.1 +Plaintext: \ +4a 86 60 95 34 ee 43 4a 6c bc a3 f7 e9 62 e7 6d\ +45 5e 32 64 c1 9f 60 5f 6e 5f f6 13 7c 65 c5 6d\ +7f b3 44 cd 52 bc 93 37 4f 3d 16 6c 9f 0c 6f 9c\ +50 6b ad 19 33 09 72 d2 +Seed: # not used yet\ +1c ac 19 ce 99 3d ef 55 f9 82 03 f6 85 28 96 c9\ +5c cc a1 f3 +Ciphertext: \ +04 cc e1 96 14 84 5e 09 41 52 a3 fe 18 e5 4e 33\ +30 c4 4e 5e fb c6 4a e1 68 86 cb 18 69 01 4c c5\ +78 1b 1f 8f 9e 04 53 84 d0 11 2a 13 5c a0 d1 2e\ +9c 88 a8 e4 06 34 16 de aa e3 84 4f 60 d6 e9 6f\ +e1 55 14 5f 45 25 b9 a3 44 31 ca 37 66 18 0f 70\ +e1 5a 5e 5d 8e 8b 1a 51 6f f8 70 60 9f 13 f8 96\ +93 5c ed 18 82 79 a5 8e d1 3d 07 11 42 77 d7 5c\ +65 68 60 7e 0a b0 92 fd 80 3a 22 3e 4a 8e e0 b1\ +a8 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 4.2 +Plaintext: \ +b0 ad c4 f3 fe 11 da 59 ce 99 27 73 d9 05 99 43\ +c0 30 46 49 7e e9 d9 f9 a0 6d f1 16 6d b4 6d 98\ +f5 8d 27 ec 07 4c 02 ee e6 cb e2 44 9c 8b 9f c5\ +08 0c 5c 3f 44 33 09 25 12 ec 46 aa 79 37 43 c8 +Seed: # not used yet\ +f5 45 d5 89 75 85 e3 db 71 aa 0c b8 da 76 c5 1d\ +03 2a e9 63 +Ciphertext: \ +00 97 b6 98 c6 16 56 45 b3 03 48 6f bf 5a 2a 44\ +79 c0 ee 85 88 9b 54 1a 6f 0b 85 8d 6b 65 97 b1\ +3b 85 4e b4 f8 39 af 03 39 9a 80 d7 9b da 65 78\ +c8 41 f9 0d 64 57 15 b2 80 d3 71 43 99 2d d1 86\ +c8 0b 94 9b 77 5c ae 97 37 0e 4e c9 74 43 13 6c\ +6d a4 84 e9 70 ff db 13 23 a2 08 47 82 1d 3b 18\ +38 1d e1 3b b4 9a ae a6 65 30 c4 a4 b8 27 1f 3e\ +ae 17 2c d3 66 e0 7e 66 36 f1 01 9d 2a 28 ae d1\ +5e +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 4.3 +Plaintext: \ +bf 6d 42 e7 01 70 7b 1d 02 06 b0 c8 b4 5a 1c 72\ +64 1f f1 28 89 21 9a 82 bd ea 96 5b 5e 79 a9 6b\ +0d 01 63 ed 9d 57 8e c9 ad a2 0f 2f bc f1 ea 3c\ +40 89 d8 34 19 ba 81 b0 c6 0f 36 06 da 99 +Seed: # not used yet\ +ad 99 7f ee f7 30 d6 ea 7b e6 0d 0d c5 2e 72 ea\ +cb fd d2 75 +Ciphertext: \ +03 01 f9 35 e9 c4 7a bc b4 8a cb be 09 89 5d 9f\ +59 71 af 14 83 9d a4 ff 95 41 7e e4 53 d1 fd 77\ +31 90 72 bb 72 97 e1 b5 5d 75 61 cd 9d 1b b2 4c\ +1a 9a 37 c6 19 86 43 08 24 28 04 87 9d 86 eb d0\ +01 dc e5 18 39 75 e1 50 69 89 b7 0e 5a 83 43 41\ +54 d5 cb fd 6a 24 78 7e 60 eb 0c 65 8d 2a c1 93\ +30 2d 11 92 c6 e6 22 d4 a1 2a d4 b5 39 23 bc a2\ +46 df 31 c6 39 5e 37 70 2c 6a 78 ae 08 1f b9 d0\ +65 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 4.4 +Plaintext: \ +fb 2e f1 12 f5 e7 66 eb 94 01 92 97 93 47 94 f7\ +be 2f 6f c1 c5 8e +Seed: # not used yet\ +13 64 54 df 57 30 f7 3c 80 7a 7e 40 d8 c1 a3 12\ +ac 5b 9d d3 +Ciphertext: \ +02 d1 10 ad 30 af b7 27 be b6 91 dd 0c f1 7d 0a\ +f1 a1 e7 fa 0c c0 40 ec 1a 4b a2 6a 42 c5 9d 0a\ +79 6a 2e 22 c8 f3 57 cc c9 8b 65 19 ac eb 68 2e\ +94 5e 62 cb 73 46 14 a5 29 40 7c d4 52 be e3 e4\ +4f ec e8 42 3c c1 9e 55 54 8b 8b 99 4b 84 9c 7e\ +cd e4 93 3e 76 03 7e 1d 0c e4 42 75 b0 87 10 c6\ +8e 43 01 30 b9 29 73 0e d7 7e 09 b0 15 64 2c 55\ +93 f0 4e 4f fb 94 10 79 81 02 a8 e9 6f fd fe 11\ +e4 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 4.5 +Plaintext: \ +28 cc d4 47 bb 9e 85 16 6d ab b9 e5 b7 d1 ad ad\ +c4 b9 d3 9f 20 4e 96 d5 e4 40 ce 9a d9 28 bc 1c\ +22 84 +Seed: # not used yet\ +bc a8 05 7f 82 4b 2e a2 57 f2 86 14 07 ee f6 3d\ +33 20 86 81 +Ciphertext: \ +00 db b8 a7 43 9d 90 ef d9 19 a3 77 c5 4f ae 8f\ +e1 1e c5 8c 3b 85 83 62 e2 3a d1 b8 a4 43 10 79\ +90 66 b9 93 47 aa 52 56 91 d2 ad c5 8d 9b 06 e3\ +4f 28 8c 17 03 90 c5 f0 e1 1c 0a a3 64 59 59 f1\ +8e e7 9e 8f 2b e8 d7 ac 5c 23 d0 61 f1 8d d7 4b\ +8c 5f 2a 58 fc b5 eb 0c 54 f9 9f 01 a8 32 47 56\ +82 92 53 65 83 34 09 48 d7 a8 c9 7c 4a cd 1e 98\ +d1 e2 9d c3 20 e9 7a 26 05 32 a8 aa 7a 75 8a 1e\ +c2 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 4.6 +Plaintext: \ +f2 22 42 75 1e c6 b1 +Seed: # not used yet\ +2e 7e 1e 17 f6 47 b5 dd d0 33 e1 54 72 f9 0f 68\ +12 f3 ac 4e +Ciphertext: \ +00 a5 ff a4 76 8c 8b be ca ee 2d b7 7e 8f 2e ec\ +99 59 59 33 54 55 20 83 5e 5b a7 db 94 93 d3 e1\ +7c dd ef e6 a5 f5 67 62 44 71 90 8d b4 e2 d8 3a\ +0f be e6 06 08 fc 84 04 95 03 b2 23 4a 07 dc 83\ +b2 7b 22 84 7a d8 92 0f f4 2f 67 4e f7 9b 76 28\ +0b 00 23 3d 2b 51 b8 cb 27 03 a9 d4 2b fb c8 25\ +0c 96 ec 32 c0 51 e5 7f 1b 4b a5 28 db 89 c3 7e\ +4c 54 e2 7e 6e 64 ac 69 63 5a e8 87 d9 54 16 19\ +a9 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 5: A 1028-bit RSA Key Pair +Modulus: \ +0a ad f3 f9 c1 25 e5 d8 91 f3 1a c4 48 e9 93 de\ +fe 58 0f 80 2b 45 f9 d7 f2 2b a5 02 1e 9c 47 57\ +6b 5a 1e 68 03 1b a9 db 4e 6d ab e4 d9 6a 1d 6f\ +3d 26 72 68 cf f4 08 00 5f 11 8e fc ad b9 98 88\ +d1 c2 34 46 71 66 b2 a2 b8 49 a0 5a 88 9c 06 0a\ +c0 da 0c 5f ae 8b 55 f3 09 ba 62 e7 03 74 2f a0\ +32 6f 2d 10 b0 11 02 14 89 ff 49 77 70 19 0d 89\ +5f d3 9f 52 29 3c 39 ef d7 3a 69 8b da b9 f1 0e\ +d9 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +02 56 eb 4c ba 70 67 f2 d2 be 54 0d cd ff 45 82\ +a3 6b 7d 31 d1 c9 09 9b b2 14 b7 98 48 46 6a 26\ +8f 80 f5 8a 49 ac 04 c0 e3 64 89 34 a0 20 6c 04\ +53 7c 19 b2 36 64 3a 60 82 73 21 44 df 75 fa 21\ +75 88 f7 94 68 2b e8 91 68 27 6d c7 26 c5 c0 cb\ +db 84 d3 1b bf 26 d0 a4 3a f4 95 71 7f 7d 52 8a\ +cf ee 34 15 61 f6 ff 3c ae 05 c5 78 f8 47 0d 96\ +82 f9 c0 d0 72 f9 f6 06 8b 56 d5 88 0f 68 2b e2\ +c5 +Prime1: \ +03 b0 d3 96 2f 6d 17 54 9c bf ca 11 29 43 48 dc\ +f0 e7 e3 9f 8c 2b c6 82 4f 21 64 b6 06 d6 87 86\ +0d ae 1e 63 23 93 cf ed f5 13 22 82 29 06 9e 2f\ +60 e4 ac d7 e6 33 a4 36 06 3f 82 38 5f 48 99 37\ +07 +Prime2: \ +02 e4 c3 2e 2f 51 72 69 b7 07 23 09 f0 0c 0e 31\ +36 5f 7c e2 8b 23 6b 82 91 2d f2 39 ab f3 95 72\ +cf 0e d6 04 b0 29 82 e5 35 64 c5 2d 6a 05 39 7d\ +e5 c0 52 a2 fd dc 14 1e f7 18 98 36 34 6a eb 33\ +1f +ModPrime1PrivateExponent: \ +01 e8 4b 11 9d 25 16 1f a6 7b 00 25 6a 5b d9 b6\ +45 d2 b2 32 ec b0 5b 01 51 80 02 9a 88 62 2a dc\ +3f 09 b3 ae ac de 61 61 ab 7c de 22 c2 ad 26 e7\ +79 7d f5 4e 07 2c bd 3b 26 73 80 0b 3e 43 38 db\ +d5 +ModPrime2PrivateExponent: \ +eb 90 aa 1a 40 13 5b 4c ea 07 19 7c ed c8 81 9b\ +e1 e7 cb ff 25 47 66 21 16 f4 65 a4 a9 f4 87 ab\ +12 f3 ba 4f ef 13 82 22 65 a6 52 97 d9 8b 7b de\ +d9 37 2e 3f fe 81 a3 8b 3e 96 00 fe d0 55 75 4f +MultiplicativeInverseOfPrime2ModPrime1: \ +01 2f 7f 81 38 f9 40 40 62 eb 85 a4 29 24 52 0b\ +38 f5 bb 88 6a 01 96 f4 8b b8 dc ea 60 fd 92 cc\ +02 7f 18 e7 81 58 a3 4a 5c 5d 5f 86 0a 0f 6c 04\ +07 1a 7d 01 31 2c 06 50 62 f1 eb 48 b7 9d 1c 83\ +cb +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 5.1 +Plaintext: \ +af 71 a9 01 e3 a6 1d 31 32 f0 fc 1f db 47 4f 9e\ +a6 57 92 57 ff c2 4d 16 41 70 14 5b 3d bd e8 +Seed: # not used yet\ +44 c9 2e 28 3f 77 b9 49 9c 60 3d 96 36 60 c8 7d\ +2f 93 94 61 +Ciphertext: \ +03 60 46 a4 a4 7d 9e d3 ba 9a 89 13 9c 10 50 38\ +eb 74 92 b0 5a 5d 68 bf d5 3a cc ff 45 97 f7 a6\ +86 51 b4 7b 4a 46 27 d9 27 e4 85 ee d7 b4 56 64\ +20 e8 b4 09 87 9e 5d 60 6e ae 25 1d 22 a5 df 79\ +9f 79 20 bf c1 17 b9 92 57 2a 53 b1 26 31 46 bc\ +ea 03 38 5c c5 e8 53 c9 a1 01 c8 c3 e1 bd a3 1a\ +51 98 07 49 6c 6c b5 e5 ef b4 08 82 3a 35 2b 8f\ +a0 66 1f b6 64 ef ad d5 93 de b9 9f ff 5e d0 00\ +e5 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 5.2 +Plaintext: \ +a3 b8 44 a0 82 39 a8 ac 41 60 5a f1 7a 6c fd a4\ +d3 50 13 65 85 90 3a 41 7a 79 26 87 60 51 9a 4b\ +4a c3 30 3e c7 3f 0f 87 cf b3 23 99 +Seed: # not used yet\ +cb 28 f5 86 06 59 fc ee e4 9c 3e ea fc e6 25 a7\ +08 03 bd 32 +Ciphertext: \ +03 d6 eb 65 4e dc e6 15 bc 59 f4 55 26 5e d4 e5\ +a1 82 23 cb b9 be 4e 40 69 b4 73 80 4d 5d e9 6f\ +54 dc aa a6 03 d0 49 c5 d9 4a a1 47 0d fc d2 25\ +40 66 b7 c7 b6 1f f1 f6 f6 77 0e 32 15 c5 13 99\ +fd 4e 34 ec 50 82 bc 48 f0 89 84 0a d0 43 54 ae\ +66 dc 0f 1b d1 8e 46 1a 33 cc 12 58 b4 43 a2 83\ +7a 6d f2 67 59 aa 23 02 33 49 86 f8 73 80 c9 cc\ +9d 53 be 9f 99 60 5d 2c 9a 97 da 7b 09 15 a4 a7\ +ad +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 5.3 +Plaintext: \ +30 8b 0e cb d2 c7 6c b7 7f c6 f7 0c 5e dd 23 3f\ +d2 f2 09 29 d6 29 f0 26 95 3b b6 2a 8f 4a 3a 31\ +4b de 19 5d e8 5b 5f 81 6d a2 aa b0 74 d2 6c b6\ +ac dd f3 23 ae 3b 9c 67 8a c3 cf 12 fb dd e7 +Seed: # not used yet\ +22 85 f4 0d 77 04 82 f9 a9 ef a2 c7 2c b3 ac 55\ +71 6d c0 ca +Ciphertext: \ +07 70 95 21 81 64 9f 9f 9f 07 ff 62 6f f3 a2 2c\ +35 c4 62 44 3d 90 5d 45 6a 9f d0 bf f4 3c ac 2c\ +a7 a9 f5 54 e9 47 8b 9a cc 3a c8 38 b0 20 40 ff\ +d3 e1 84 7d e2 e4 25 39 29 f9 dd 9e e4 04 43 25\ +a9 b0 5c ab b8 08 b2 ee 84 0d 34 e1 5d 10 5a 3f\ +1f 7b 27 69 5a 1a 07 a2 d7 3f e0 8e ca aa 3c 9c\ +9d 4d 5a 89 ff 89 0d 54 72 7d 7a e4 0c 0e c1 a8\ +dd 86 16 5d 8e e2 c6 36 81 41 01 6a 48 b5 5b 69\ +67 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 5.4 +Plaintext: \ +15 c5 b9 ee 11 85 +Seed: # not used yet\ +49 fa 45 d3 a7 8d d1 0d fd 57 73 99 d1 eb 00 af\ +7e ed 55 13 +Ciphertext: \ +08 12 b7 67 68 eb cb 64 2d 04 02 58 e5 f4 44 1a\ +01 85 21 bd 96 68 7e 6c 5e 89 9f cd 6c 17 58 8f\ +f5 9a 82 cc 8a e0 3a 4b 45 b3 12 99 af 17 88 c3\ +29 f7 dc d2 85 f8 cf 4c ed 82 60 6b 97 61 26 71\ +a4 5b ed ca 13 34 42 14 4d 16 17 d1 14 f8 02 85\ +7f 0f 9d 73 97 51 c5 7a 3f 9e e4 00 91 2c 61 e2\ +e6 99 2b e0 31 a4 3d d4 8f a6 ba 14 ee f7 c4 22\ +b5 ed c4 e7 af a0 4f dd 38 f4 02 d1 c8 bb 71 9a\ +bf +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 5.5 +Plaintext: \ +21 02 6e 68 00 c7 fa 72 8f ca ab a0 d1 96 ae 28\ +d7 a2 ac 4f fd 8a bc e7 94 f0 98 5f 60 c8 a6 73\ +72 77 36 5d 3f ea 11 db 89 23 a2 02 9a +Seed: # not used yet\ +f0 28 74 13 23 4c c5 03 47 24 a0 94 c4 58 6b 87\ +af f1 33 fc +Ciphertext: \ +07 b6 0e 14 ec 95 4b fd 29 e6 0d 00 47 e7 89 f5\ +1d 57 18 6c 63 58 99 03 30 67 93 ce d3 f6 82 41\ +c7 43 52 9a ba 6a 63 74 f9 2e 19 e0 16 3e fa 33\ +69 7e 19 6f 76 61 df aa a4 7a ac 6b de 5e 51 de\ +b5 07 c7 2c 58 9a 2c a1 69 3d 96 b1 46 03 81 24\ +9b 2c db 9e ac 44 76 9f 24 89 c5 d3 d2 f9 9f 0e\ +e3 c7 ee 5b f6 4a 5a c7 9c 42 bd 43 3f 14 9b e8\ +cb 59 54 83 61 64 05 95 51 3c 97 af 7b c2 50 97\ +23 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 5.6 +Plaintext: \ +54 1e 37 b6 8b 6c 88 72 b8 4c 02 +Seed: # not used yet\ +d9 fb a4 5c 96 f2 1e 6e 26 d2 9e b2 cd cb 65 85\ +be 9c b3 41 +Ciphertext: \ +08 c3 6d 4d da 33 42 3b 2e d6 83 0d 85 f6 41 1b\ +a1 dc f4 70 a1 fa e0 eb ef ee 7c 08 9f 25 6c ef\ +74 cb 96 ea 69 c3 8f 60 f3 9a be e4 41 29 bc b4\ +c9 2d e7 f7 97 62 3b 20 07 4e 3d 9c 28 99 70 1e\ +d9 07 1e 1e fa 0b dd 84 d4 c3 e5 13 03 02 d8 f0\ +24 0b ab a4 b8 4a 71 cc 03 2f 22 35 a5 ff 0f ae\ +27 7c 3e 8f 91 12 be f4 4c 9a e2 0d 17 5f c9 a4\ +05 8b fc 93 0b a3 1b 02 e2 e4 f4 44 48 37 10 f2\ +4a +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 6: A 1029-bit RSA Key Pair +Modulus: \ +12 b1 7f 6d ad 2e cd 19 ff 46 dc 13 f7 86 0f 09\ +e0 e0 cf b6 77 b3 8a 52 59 23 05 ce af 02 2c 16\ +6d b9 0d 04 ac 29 e3 3f 7d d1 2d 9f af 66 e0 81\ +6b b6 3e ad 26 7c c7 d4 6c 17 c3 7b e2 14 bc a2\ +a2 2d 72 3a 64 e4 44 07 43 6b 6f c9 65 72 9a ef\ +c2 55 4f 37 6c d5 dc ea 68 29 37 80 a6 2b f3 9d\ +00 29 48 5a 16 0b bb 9e 5d c0 97 2d 21 a5 04 f5\ +2e 5e e0 28 aa 41 63 32 f5 10 b2 e9 cf f5 f7 22\ +af +PublicExponent: \ +01 00 01 +PrivateExponent: \ +02 95 ec a3 56 06 18 36 95 59 ce cd 30 3a a9 cf\ +da fc 1d 9f 06 95 9d f7 5f fe f9 29 aa 89 69 61\ +bc d1 90 dc 69 97 ed a7 f5 96 3e 72 4d 07 b4 dc\ +11 f3 06 5e 5a e9 7d 96 83 51 12 28 0b 90 84 bb\ +14 f2 a2 1e bd 4e 88 9d 41 b9 c4 13 2e c1 95 6f\ +ca b8 bb 2f ed 05 75 88 49 36 52 2c 5f f7 d3 32\ +61 90 48 24 e7 ca de e4 e0 bb 37 2d 24 57 cf 78\ +e2 bd 12 86 22 8f f8 3f 10 73 1c e6 3c 90 cf f3\ +f9 +Prime1: \ +04 a6 ce 8b 73 58 df a6 9b dc f7 42 61 70 05 af\ +b5 38 5f 5f 3a 58 a2 4e f7 4a 22 a8 c0 5c b7 cc\ +38 eb d4 cc 9d 9a 9d 78 9a 62 cd 0f 60 f0 cb 94\ +1d 34 23 c9 69 2e fa 4f e3 ad ff 29 0c 47 49 a3\ +8b +Prime2: \ +04 04 c9 a8 03 37 1f ed b4 c5 be 39 f3 c0 0b 00\ +9e 5e 08 a6 3b e1 e4 00 35 cd ac a5 01 1c c7 01\ +cf 7e eb cb 99 f0 ff e1 7c fd 0a 4b f7 be fd 2d\ +d5 36 ac 94 6d b7 97 fd bc 4a be 8f 29 34 9b 91\ +ed +ModPrime1PrivateExponent: \ +03 96 1c 8f 76 0a a2 bd 51 54 c7 aa fd 77 22 5b\ +3b ac d0 13 9a e7 b5 94 8e a3 31 1f cc d8 6f b9\ +5c 75 af a7 67 28 4b 9b 2d e5 59 57 2f 15 d8 d0\ +44 c7 eb 83 a1 be 5f ad f2 cc 37 7c 0d 84 75 29\ +4b +ModPrime2PrivateExponent: \ +02 21 97 e0 66 74 21 96 aa bc 03 fa 2f ee b4 e7\ +0b 15 cb 78 7d 61 7a cd 31 bb 75 c7 bc 23 4a d7\ +06 f7 c4 8d 21 82 d1 f0 ff 9c 22 8d cf 41 96 7b\ +6c 0b a6 d2 c0 ad 11 0a 1b 85 78 31 ec 24 5e 2c\ +b1 +MultiplicativeInverseOfPrime2ModPrime1: \ +04 01 c4 c0 c5 3d 45 db db 5e 9d 96 d0 fe cf 42\ +75 df 09 74 bc 4a 07 36 b4 a7 4c 32 69 05 3e fb\ +68 6a ce 24 06 e2 2c 9e 05 8d db 4a e5 40 62 7a\ +e2 fd b0 82 61 e8 e7 e4 bc bc 99 4d aa fa 30 5c\ +45 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 6.1 +Plaintext: \ +40 46 ca 8b aa 33 47 ca 27 f4 9e 0d 81 f9 cc 1d\ +71 be 9b a5 17 d4 +Seed: # not used yet\ +dd 0f 6c fe 41 5e 88 e5 a4 69 a5 1f bb a6 df d4\ +0a db 43 84 +Ciphertext: \ +06 30 ee bc d2 85 6c 24 f7 98 80 6e 41 f9 e6 73\ +45 ed a9 ce da 38 6a cc 9f ac ae a1 ee ed 06 ac\ +e5 83 70 97 18 d9 d1 69 fa df 41 4d 5c 76 f9 29\ +96 83 3e f3 05 b7 5b 1e 4b 95 f6 62 a2 0f ae dc\ +3b ae 0c 48 27 a8 bf 8a 88 ed bd 57 ec 20 3a 27\ +a8 41 f0 2e 43 a6 15 ba b1 a8 ca c0 70 1d e3 4d\ +eb de f6 2a 08 80 89 b5 5e c3 6e a7 52 2f d3 ec\ +8d 06 b6 a0 73 e6 df 83 31 53 bc 0a ef d9 3b d1\ +a3 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 6.2 +Plaintext: \ +5c c7 2c 60 23 1d f0 3b 3d 40 f9 b5 79 31 bc 31\ +10 9f 97 25 27 f2 8b 19 e7 48 0c 72 88 cb 3c 92\ +b2 25 12 21 4e 4b e6 c9 14 79 2d da bd f5 7f aa\ +8a a7 +Seed: # not used yet\ +8d 14 bd 94 6a 13 51 14 8f 5c ae 2e d9 a0 c6 53\ +e8 5e bd 85 +Ciphertext: \ +0e bc 37 37 61 73 a4 fd 2f 89 cc 55 c2 ca 62 b2\ +6b 11 d5 1c 3c 7c e4 9e 88 45 f7 4e 76 07 31 7c\ +43 6b c8 d2 3b 96 67 df eb 9d 08 72 34 b4 7b c6\ +83 71 75 ae 5c 05 59 f6 b8 1d 7d 22 41 6d 3e 50\ +f4 ac 53 3d 8f 08 12 f2 db 9e 79 1f e9 c7 75 ac\ +8b 6a d0 f5 35 ad 9c eb 23 a4 a0 20 14 c5 8a b3\ +f8 d3 16 14 99 a2 60 f3 93 48 e7 14 ae 2a 1d 34\ +43 20 8f d8 b7 22 cc fd fb 39 3e 98 01 1f 99 e6\ +3f +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 6.3 +Plaintext: \ +b2 0e 65 13 03 09 2f 4b cc b4 30 70 c0 f8 6d 23\ +04 93 62 ed 96 64 2f c5 63 2c 27 db 4a 52 e3 d8\ +31 f2 ab 06 8b 23 b1 49 87 9c 00 2f 6b f3 fe ee\ +97 59 11 12 56 2c +Seed: # not used yet\ +6c 07 5b c4 55 20 f1 65 c0 bf 5e a4 c5 df 19 1b\ +c9 ef 0e 44 +Ciphertext: \ +0a 98 bf 10 93 61 93 94 43 6c f6 8d 8f 38 e2 f1\ +58 fd e8 ea 54 f3 43 5f 23 9b 8d 06 b8 32 18 44\ +20 24 76 ae ed 96 00 94 92 48 0c e3 a8 d7 05 49\ +8c 4c 8c 68 f0 15 01 dc 81 db 60 8f 60 08 73 50\ +c8 c3 b0 bd 2e 9e f6 a8 14 58 b7 c8 01 b8 9f 2e\ +4f e9 9d 49 00 ba 6a 4b 5e 5a 96 d8 65 dc 67 6c\ +77 55 92 87 94 13 0d 62 80 a8 16 0a 19 0f 2d f3\ +ea 7c f9 aa 02 71 d8 8e 9e 69 05 ec f1 c5 15 2d\ +65 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 6.4 +Plaintext: \ +68 4e 30 38 c5 c0 41 f7 +Seed: # not used yet\ +3b bc 3b d6 63 7d fe 12 84 69 01 02 9b f5 b0 c0\ +71 03 43 9c +Ciphertext: \ +00 8e 7a 67 ca cf b5 c4 e2 4b ec 7d ee 14 91 17\ +f1 95 98 ce 8c 45 80 8f ef 88 c6 08 ff 9c d6 e6\ +95 26 3b 9a 3c 0a d4 b8 ba 4c 95 23 8e 96 a8 42\ +2b 85 35 62 9c 8d 53 82 37 44 79 ad 13 fa 39 97\ +4b 24 2f 9a 75 9e ea f9 c8 3a d5 a8 ca 18 94 0a\ +01 62 ba 75 58 76 df 26 3f 4b d5 0c 65 25 c5 60\ +90 26 7c 1f 0e 09 ce 08 99 a0 cf 35 9e 88 12 0a\ +bd 9b f8 93 44 5b 3c ae 77 d3 60 73 59 ae 9a 52\ +f8 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 6.5 +Plaintext: \ +32 48 8c b2 62 d0 41 d6 e4 dd 35 f9 87 bf 3c a6\ +96 db 1f 06 ac 29 a4 46 93 +Seed: # not used yet\ +b4 6b 41 89 3e 8b ef 32 6f 67 59 38 3a 83 07 1d\ +ae 7f ca bc +Ciphertext: \ +00 00 34 74 41 6c 7b 68 bd f9 61 c3 85 73 79 44\ +d7 f1 f4 0c b3 95 34 3c 69 3c c0 b4 fe 63 b3 1f\ +ed f1 ea ee ac 9c cc 06 78 b3 1d c3 2e 09 77 48\ +95 14 c4 f0 90 85 f6 29 8a 96 53 f0 1a ea 40 45\ +ff 58 2e e8 87 be 26 ae 57 5b 73 ee f7 f3 77 49\ +21 e3 75 a3 d1 9a dd a0 ca 31 aa 18 49 88 7c 1f\ +42 ca c9 67 7f 7a 2f 4e 92 3f 6e 5a 86 8b 38 c0\ +84 ef 18 75 94 dc 9f 7f 04 8f ea 2e 02 95 53 84\ +ab +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 6.6 +Plaintext: \ +50 ba 14 be 84 62 72 02 79 c3 06 ba +Seed: # not used yet\ +0a 24 03 31 2a 41 e3 d5 2f 06 0f bc 13 a6 7d e5\ +cf 76 09 a7 +Ciphertext: \ +0a 02 6d da 5f c8 78 5f 7b d9 bf 75 32 7b 63 e8\ +5e 2c 0f de e5 da db 65 eb dc ac 9a e1 de 95 c9\ +2c 67 2a b4 33 aa 7a 8e 69 ce 6a 6d 88 97 fa c4\ +ac 4a 54 de 84 1a e5 e5 bb ce 76 87 87 9d 79 63\ +4c ea 7a 30 68 40 65 c7 14 d5 24 09 b9 28 25 6b\ +bf 53 ea bc d5 23 1e b7 25 95 04 53 73 99 bd 29\ +16 4b 72 6d 33 a4 6d a7 01 36 0a 41 68 a0 91 cc\ +ab 72 d4 4a 62 fe d2 46 c0 ff ea 5b 13 48 ab 54\ +70 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 7: A 1030-bit RSA Key Pair +Modulus: \ +31 11 79 f0 bc fc 9b 9d 3c a3 15 d0 0e f3 0d 7b\ +dd 3a 2c fa e9 91 1b fe dc b9 48 b3 a4 78 2d 07\ +32 b6 ab 44 aa 4b f0 37 41 a6 44 dc 01 be c3 e6\ +9b 01 a0 33 e6 75 d8 ac d7 c4 92 5c 6b 1a ec 31\ +19 05 1d fd 89 76 2d 21 5d 45 47 5f fc b5 9f 90\ +81 48 62 3f 37 17 71 56 f6 ae 86 dd 7a 7c 5f 43\ +dc 1e 1f 90 82 54 05 8a 28 4a 5f 06 c0 02 17 93\ +a8 7f 1a c5 fe ff 7d ca ee 69 c5 e5 1a 37 89 e3\ +73 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +07 0c fc ff 2f eb 82 76 e2 74 32 c4 5d fe e4 8f\ +49 b7 91 7d 65 30 e1 f0 ca 34 60 f3 2e 02 76 17\ +44 87 c5 6e 22 a4 5d 25 00 d7 77 54 95 21 9d 7d\ +16 5a 9c f3 bd 92 c3 2a f9 a9 8d 8d c9 cc 29 68\ +00 ad c9 4a 0a 54 fb 40 f3 42 91 bf 84 ee 8e a1\ +2b 6f 10 93 59 c6 d3 54 2a 50 f9 c7 67 f5 cf ff\ +05 a6 81 c2 e6 56 fb 77 ca aa db 4b e9 46 8d 8a\ +bc d4 df 98 f5 8e 86 d2 05 3f a1 34 9f 74 8e 21\ +b1 +Prime1: \ +07 49 26 2c 11 1c d4 70 ec 25 66 e6 b3 73 2f c0\ +93 29 46 9a a1 90 71 d3 b9 c0 19 06 51 4c 6f 1d\ +26 ba a1 4b ea b0 97 1c 8b 7e 61 1a 4f 79 00 9d\ +6f ea 77 69 28 ca 25 28 5b 0d e3 64 3d 1a 3f 8c\ +71 +Prime2: \ +06 bc 1e 50 e9 6c 02 bf 63 6e 9e ea 8b 89 9b be\ +bf 76 51 de 77 dd 47 4c 3e 9b c2 3b ad 81 82 b6\ +19 04 c7 d9 7d fb eb fb 1e 00 10 88 78 b6 e6 7e\ +41 53 91 d6 79 42 c2 b2 bf 9b 44 35 f8 8b 0c b0\ +23 +ModPrime1PrivateExponent: \ +03 bc 7e a7 f0 aa b1 43 ab c6 ce 8b 97 11 86 36\ +a3 01 72 e4 cf e0 2c 8f a0 dd a3 b7 ba af 90 f8\ +09 29 82 98 55 25 f4 88 bd fc b4 bd 72 6e 22 63\ +9a c6 4a 30 92 ab 7f fc bf 1d 53 34 cf a5 0b 5b\ +f1 +ModPrime2PrivateExponent: \ +02 62 a6 aa 29 c2 a3 c6 7d c5 34 6c 06 38 1a fd\ +98 7a a3 cc 93 cf bf ec f5 4f dd 9f 9d 78 7d 7f\ +59 a5 23 d3 98 97 9d a1 37 a2 f6 38 1f e9 48 01\ +f7 c9 4d a2 15 18 dc 34 cb 40 87 0c 46 97 99 4a\ +d9 +MultiplicativeInverseOfPrime2ModPrime1: \ +64 9d 4c 17 b6 ee 17 21 e7 72 d0 38 9a 55 9c 3d\ +3c df 95 50 d4 57 c4 6b 03 7b 74 64 1b 1d 52 16\ +6a f8 a2 13 c8 39 62 06 cd fb a4 42 2f 18 d6 f6\ +1d bc b5 d2 14 c9 71 bf 48 2a eb 97 6a 73 70 c2 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 7.1 +Plaintext: \ +47 aa e9 09 +Seed: # not used yet\ +43 dd 09 a0 7f f4 ca c7 1c aa 46 32 ee 5e 1c 1d\ +ae e4 cd 8f +Ciphertext: \ +16 88 e4 ce 77 94 bb a6 cb 70 14 16 9e cd 55 9c\ +ed e2 a3 0b 56 a5 2b 68 d9 fe 18 cf 19 73 ef 97\ +b2 a0 31 53 95 1c 75 5f 62 94 aa 49 ad bd b5 58\ +45 ab 68 75 fb 39 86 c9 3e cf 92 79 62 84 0d 28\ +2f 9e 54 ce 8b 69 0f 7c 0c b8 bb d7 34 40 d9 57\ +1d 1b 16 cd 92 60 f9 ea b4 78 3c c4 82 e5 22 3d\ +c6 09 73 87 17 83 ec 27 b0 ae 0f d4 77 32 cb c2\ +86 a1 73 fc 92 b0 0f b4 ba 68 24 64 7c d9 3c 85\ +c1 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 7.2 +Plaintext: \ +1d 9b 2e 22 23 d9 bc 13 bf b9 f1 62 ce 73 5d b4\ +8b a7 c6 8f 68 22 a0 a1 a7 b6 ae 16 58 34 e7 +Seed: # not used yet\ +3a 9c 3c ec 7b 84 f9 bd 3a de cb c6 73 ec 99 d5\ +4b 22 bc 9b +Ciphertext: \ +10 52 ed 39 7b 2e 01 e1 d0 ee 1c 50 bf 24 36 3f\ +95 e5 04 f4 a0 34 34 a0 8f d8 22 57 4e d6 b9 73\ +6e db b5 f3 90 db 10 32 14 79 a8 a1 39 35 0e 2b\ +d4 97 7c 37 78 ef 33 1f 3e 78 ae 11 8b 26 84 51\ +f2 0a 2f 01 d4 71 f5 d5 3c 56 69 37 17 1b 2d bc\ +2d 4b de 45 9a 57 99 f0 37 2d 65 74 23 9b 23 23\ +d2 45 d0 bb 81 c2 86 b6 3c 89 a3 61 01 73 37 e4\ +90 2f 88 a4 67 f4 c7 f2 44 bf d5 ab 46 43 7f f3\ +b6 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 7.3 +Plaintext: \ +d9 76 fc +Seed: # not used yet\ +76 a7 5e 5b 61 57 a5 56 cf 88 84 bb 2e 45 c2 93\ +dd 54 5c f5 +Ciphertext: \ +21 55 cd 84 3f f2 4a 4e e8 ba db 76 94 26 00 28\ +a4 90 81 3b a8 b3 69 a4 cb f1 06 ec 14 8e 52 98\ +70 7f 59 65 be 7d 10 1c 10 49 ea 85 84 c2 4c d6\ +34 55 ad 9c 10 4d 68 62 82 d3 fb 80 3a 4c 11 c1\ +c2 e9 b9 1c 71 78 80 1d 1b 66 40 f0 03 f5 72 8d\ +f0 07 b8 a4 cc c9 2b ce 05 e4 1a 27 27 8d 7c 85\ +01 8c 52 41 43 13 a5 07 77 89 00 1d 4f 01 91 0b\ +72 aa d0 5d 22 0a a1 4a 58 73 3a 74 89 bc 54 55\ +6b +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 7.4 +Plaintext: \ +d4 73 86 23 df 22 3a a4 38 43 df 84 67 53 4c 41\ +d0 13 e0 c8 03 c6 24 e2 63 66 6b 23 9b de 40 a5\ +f2 9a eb 8d e7 9e 3d aa 61 dd 03 70 f4 9b d4 b0\ +13 83 4b 98 21 2a ef 6b 1c 5e e3 73 b3 cb +Seed: # not used yet\ +78 66 31 4a 6a d6 f2 b2 50 a3 59 41 db 28 f5 86\ +4b 58 58 59 +Ciphertext: \ +0a b1 4c 37 3a eb 7d 43 28 d0 aa ad 8c 09 4d 88\ +b9 eb 09 8b 95 f2 10 54 a2 90 82 52 2b e7 c2 7a\ +31 28 78 b6 37 91 7e 3d 81 9e 6c 3c 56 8d b5 d8\ +43 80 2b 06 d5 1d 9e 98 a2 be 0b f4 0c 03 14 23\ +b0 0e df bf f8 32 0e fb 91 71 bd 20 44 65 3a 4c\ +b9 c5 12 2f 6c 65 e8 3c da 2e c3 c1 26 02 7a 9c\ +1a 56 ba 87 4d 0f ea 23 f3 80 b8 2c f2 40 b8 cf\ +54 00 04 75 8c 4c 77 d9 34 15 7a 74 f3 fc 12 bf\ +ac +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 7.5 +Plaintext: \ +bb 47 23 1c a5 ea 1d 3a d4 6c 99 34 5d 9a 8a 61 +Seed: # not used yet\ +b2 16 6e d4 72 d5 8d b1 0c ab 2c 6b 00 0c cc f1\ +0a 7d c5 09 +Ciphertext: \ +02 83 87 a3 18 27 74 34 79 8b 4d 97 f4 60 06 8d\ +f5 29 8f ab a5 04 1b a1 17 61 a1 cb 73 16 b2 41\ +84 11 4e c5 00 25 7e 25 89 ed 3b 60 7a 1e bb e9\ +7a 6c c2 e0 2b f1 b6 81 f4 23 12 a3 3b 7a 77 d8\ +e7 85 5c 4a 6d e0 3e 3c 04 64 3f 78 6b 91 a2 64\ +a0 d6 80 5e 2c ea 91 e6 81 77 eb 7a 64 d9 25 5e\ +4f 27 e7 13 b7 cc ec 00 dc 20 0e bd 21 c2 ea 2b\ +b8 90 fe ae 49 42 df 94 1d c3 f9 78 90 ed 34 74\ +78 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 7.6 +Plaintext: \ +21 84 82 70 95 d3 5c 3f 86 f6 00 e8 e5 97 54 01\ +32 96 +Seed: # not used yet\ +52 67 3b de 2c a1 66 c2 aa 46 13 1a c1 dc 80 8d\ +67 d7 d3 b1 +Ciphertext: \ +14 c6 78 a9 4a d6 05 25 ef 39 e9 59 b2 f3 ba 5c\ +09 7a 94 ff 91 2b 67 db ac e8 05 35 c1 87 ab d4\ +7d 07 54 20 b1 87 21 52 bb a0 8f 7f c3 1f 31 3b\ +bf 92 73 c9 12 fc 4c 01 49 a9 b0 cf b7 98 07 e3\ +46 eb 33 20 69 61 1b ec 0f f9 bc d1 68 f1 f7 c3\ +3e 77 31 3c ea 45 4b 94 e2 54 9e ec f0 02 e2 ac\ +f7 f6 f2 d2 84 5d 4f e0 aa b2 e5 a9 2d df 68 c4\ +80 ae 11 24 79 35 d1 f6 25 74 84 22 16 ae 67 41\ +15 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 8: A 1031-bit RSA Key Pair +Modulus: \ +5b df 0e 30 d3 21 dd a5 14 7f 88 24 08 fa 69 19\ +54 80 df 8f 80 d3 f6 e8 bf 58 18 50 4f 36 42 7c\ +a9 b1 f5 54 0b 9c 65 a8 f6 97 4c f8 44 7a 24 4d\ +92 80 20 1b b4 9f cb be 63 78 d1 94 4c d2 27 e2\ +30 f9 6e 3d 10 f8 19 dc ef 27 6c 64 a0 0b 2a 4b\ +67 01 e7 d0 1d e5 fa bd e3 b1 e9 a0 df 82 f4 63\ +13 59 cd 22 66 96 47 fb b1 71 72 46 13 4e d7 b4\ +97 cf ff bd c4 2b 59 c7 3a 96 ed 90 16 62 12 df\ +f7 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +0f 7d 1e 9e 5a aa 25 fd 13 e4 a0 66 3a e1 44 e0\ +d1 5f 5c d1 8b cd b0 9d f2 cc 7e 64 e3 c5 e9 15\ +ad 62 64 53 04 16 1d 09 8c 71 5b b7 ab 8b d0 1d\ +07 ea f3 fe d7 c7 ed 08 af 2a 8a 62 ef 44 ab 16\ +b3 20 e1 4a f7 2a 48 f9 6a fe 26 2a 0a e4 cf 65\ +e6 35 e9 10 79 0c d4 ee 5c ea 76 8a 4b 26 39 f7\ +e6 f6 77 b3 f0 bb 6b e3 2b 75 74 7d 89 09 03 6f\ +02 64 f5 8d 40 1c db a1 31 71 61 57 a7 5e cf 63\ +31 +Prime1: \ +0a 02 ef 84 48 d9 fa d8 bb d0 d0 04 c8 c2 aa 97\ +51 ef 97 21 c1 b0 d0 32 36 a5 4b 0d f9 47 cb ae\ +d5 a2 55 ee 9e 8e 20 d4 91 ea 17 23 fe 09 47 04\ +a9 76 2e 88 af d1 6e bb 59 94 41 2c a9 66 dc 4f\ +9f +Prime2: \ +09 2d 36 2e 7e d3 a0 bf d9 e9 fd 0e 6c 03 01 b6\ +df 29 15 9c f5 0c c8 3b 9b 0c f4 d6 ee a7 1a 61\ +e0 02 b4 6e 0a e9 f2 de 62 d2 5b 5d 74 52 d4 98\ +b8 1c 9a c6 fc 58 59 3d 4c 3f b4 f5 d7 2d fb b0\ +a9 +ModPrime1PrivateExponent: \ +07 c7 14 10 af 10 39 62 db 36 74 04 e3 7a e8 50\ +ba a4 e9 c2 9d d9 21 45 81 52 94 a6 7c 7d 1c 6d\ +ed 26 3a a0 30 a9 b6 33 ae 50 30 3e 14 03 5d 1a\ +f0 14 12 3e ba 68 78 20 30 8d 8e bc 85 b6 95 7d\ +7d +ModPrime2PrivateExponent: \ +ae 2c 75 38 0c 02 c0 16 ad 05 89 1b 33 01 de 88\ +1f 28 ae 11 71 18 2b 6b 2c 83 be a7 c5 15 ec a9\ +ca 29 8c 7b 1c ab 58 17 a5 97 06 8f c8 50 60 de\ +4d a8 a0 16 37 8a ae 43 c7 f9 67 bc c3 79 04 b9 +MultiplicativeInverseOfPrime2ModPrime1: \ +05 98 d1 05 9e 3a da 4f 63 20 75 2c 09 d8 05 ff\ +7d 1f 1a e0 d0 17 ae ee e9 ce fa 0d 7d d7 ff 77\ +5e 44 b5 78 32 2f 64 05 d6 21 1d a1 95 19 66 6a\ +a8 7f dc 4c d8 c8 8f 6b 6e 3d 67 e9 61 dc bb a3\ +d0 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 8.1 +Plaintext: \ +05 0b 75 5e 5e 68 80 f7 b9 e9 d6 92 a7 4c 37 aa\ +e4 49 b3 1b fe a6 de ff 83 74 7a 89 7f 6c 2c 82\ +5b b1 ad bf 85 0a 3c 96 99 4b 5d e5 b3 3c bc 7d\ +4a 17 91 3a 79 67 +Seed: # not used yet\ +77 06 ff ca 1e cf b1 eb ee 2a 55 e5 c6 e2 4c d2\ +79 7a 41 25 +Ciphertext: \ +09 b3 68 3d 8a 2e b0 fb 29 5b 62 ed 1f b9 29 0b\ +71 44 57 b7 82 53 19 f4 64 78 72 af 88 9b 30 40\ +94 72 02 0a d1 29 12 bf 19 b1 1d 48 19 f4 96 14\ +82 4f fd 84 d0 9c 0a 17 e7 d1 73 09 d1 29 19 79\ +04 10 aa 29 95 69 9f 6a 86 db e3 24 2b 5a cc 23\ +af 45 69 10 80 d6 b1 ae 81 0f b3 e3 05 70 87 f0\ +97 00 92 ce 00 be 95 62 ff 40 53 b6 26 2c e0 ca\ +a9 3e 13 72 3d 2e 3a 5b a0 75 d4 5f 0d 61 b5 4b\ +61 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 8.2 +Plaintext: \ +4e b6 8d cd 93 ca 9b 19 df 11 1b d4 36 08 f5 57\ +02 6f e4 aa 1d 5c fa c2 27 a3 eb 5a b9 54 8c 18\ +a0 6d de d2 3f 81 82 59 86 b2 fc d7 11 09 ec ef\ +7e ff 88 87 3f 07 5c 2a a0 c4 69 f6 9c 92 bc +Seed: # not used yet\ +a3 71 7d a1 43 b4 dc ff bc 74 26 65 a8 fa 95 05\ +85 54 83 43 +Ciphertext: \ +2e cf 15 c9 7c 5a 15 b1 47 6a e9 86 b3 71 b5 7a\ +24 28 4f 4a 16 2a 8d 0c 81 82 e7 90 5e 79 22 56\ +f1 81 2b a5 f8 3f 1f 7a 13 0e 42 dc c0 22 32 84\ +4e dc 14 a3 1a 68 ee 97 ae 56 4a 38 3a 34 11 65\ +64 24 c5 f6 2d db 64 60 93 c3 67 be 1f cd a4 26\ +cf 00 a0 6d 8a cb 7e 57 77 6f bb d8 55 ac 3d f5\ +06 fc 16 b1 d7 c3 f2 11 0f 3d 80 68 e9 1e 18 63\ +63 83 1c 84 09 68 0d 8d a9 ec d8 cf 1f a2 0e e3\ +9d +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 8.3 +Plaintext: \ +86 04 ac 56 32 8c 1a b5 ad 91 78 61 +Seed: # not used yet\ +ee 06 20 90 73 cc a0 26 bb 26 4e 51 85 bf 8c 68\ +b7 73 9f 86 +Ciphertext: \ +4b c8 91 30 a5 b2 da bb 7c 2f cf 90 eb 5d 0e af\ +9e 68 1b 71 46 a3 8f 31 73 a3 d9 cf ec 52 ea 9e\ +0a 41 93 2e 64 8a 9d 69 34 4c 50 da 76 3f 51 a0\ +3c 95 76 21 31 e8 05 22 54 dc d2 24 8c ba 40 fd\ +31 66 77 86 ce 05 a2 b7 b5 31 ac 9d ac 9e d5 84\ +a5 9b 67 7c 1a 8a ed 8c 5d 15 d6 8c 05 56 9e 2b\ +e7 80 bf 7d b6 38 fd 2b fd 2a 85 ab 27 68 60 f3\ +77 73 38 fc a9 89 ff d7 43 d1 3e e0 8e 0c a9 89\ +3f +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 8.4 +Plaintext: \ +fd da 5f bf 6e c3 61 a9 d9 a4 ac 68 af 21 6a 06\ +86 f4 38 b1 e0 e5 c3 6b 95 5f 74 e1 07 f3 9c 0d\ +dd cc +Seed: # not used yet\ +99 0a d5 73 dc 48 a9 73 23 5b 6d 82 54 36 18 f2\ +e9 55 10 5d +Ciphertext: \ +2e 45 68 47 d8 fc 36 ff 01 47 d6 99 35 94 b9 39\ +72 27 d5 77 75 2c 79 d0 f9 04 fc b0 39 d4 d8 12\ +fe a6 05 a7 b5 74 dd 82 ca 78 6f 93 75 23 48 43\ +8e e9 f5 b5 45 49 85 d5 f0 e1 69 9e 3e 7a d1 75\ +a3 2e 15 f0 3d eb 04 2a b9 fe 1d d9 db 1b b8 6f\ +8c 08 9c cb 45 e7 ef 0c 5e e7 ca 9b 72 90 ca 6b\ +15 be d4 70 39 78 8a 8a 93 ff 83 e0 e8 d6 24 4c\ +71 00 63 62 de ef 69 b6 f4 16 fb 3c 68 43 83 fb\ +d0 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 8.5 +Plaintext: \ +4a 5f 49 14 be e2 5d e3 c6 93 41 de 07 +Seed: # not used yet\ +ec c6 3b 28 f0 75 6f 22 f5 2a c8 e6 ec 12 51 a6\ +ec 30 47 18 +Ciphertext: \ +1f b9 35 6f d5 c4 b1 79 6d b2 eb f7 d0 d3 93 cc\ +81 0a df 61 45 de fc 2f ce 71 4f 79 d9 38 00 d5\ +e2 ac 21 1e a8 bb ec ca 4b 65 4b 94 c3 b1 8b 30\ +dd 57 6c e3 4d c9 54 36 ef 57 a0 94 15 64 59 23\ +35 9a 5d 7b 41 71 ef 22 c2 46 70 f1 b2 29 d3 60\ +3e 91 f7 66 71 b7 df 97 e7 31 7c 97 73 44 76 d5\ +f3 d1 7d 21 cf 82 b5 ba 9f 83 df 2e 58 8d 36 98\ +4f d1 b5 84 46 8b d2 3b 2e 87 5f 32 f6 89 53 f7\ +b2 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 8.6 +Plaintext: \ +8e 07 d6 6f 7b 88 0a 72 56 3a bc d3 f3 50 92 bc\ +33 40 9f b7 f8 8f 24 72 be +Seed: # not used yet\ +39 25 c7 1b 36 2d 40 a0 a6 de 42 14 55 79 ba 1e\ +7d d4 59 fc +Ciphertext: \ +3a fd 9c 66 00 14 7b 21 79 8d 81 8c 65 5a 0f 4c\ +92 12 db 26 d0 b0 df dc 2a 75 94 cc b3 d2 2f 5b\ +f1 d7 c3 e1 12 cd 73 fc 7d 50 9c 7a 8b af dd 3c\ +27 4d 13 99 00 9f 96 09 ec 4b e6 47 7e 45 3f 07\ +5a a3 3d b3 82 87 0c 1c 34 09 ae f3 92 d7 38 6a\ +e3 a6 96 b9 9a 94 b4 da 05 89 44 7e 95 5d 16 c9\ +8b 17 60 2a 59 bd 73 62 79 fc d8 fb 28 0c 44 62\ +d5 90 bf a9 bf 13 fe d5 70 ea fd e9 73 30 a2 c2\ +10 +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 9: A 1536-bit RSA Key Pair +Modulus: \ +cf 2c d4 1e 34 ca 3a 72 8e a5 cb 8a ff 64 c3 6d\ +27 bd ef 53 64 e3 36 fd 68 d3 12 3c 5a 19 6a 8c\ +28 70 13 e8 53 d5 15 6d 58 d1 51 95 45 20 fb 4f\ +6d 7b 17 ab b6 81 77 65 90 9c 57 61 19 65 9d 90\ +2b 19 06 ed 8a 2b 10 c1 55 c2 4d 12 45 28 da b9\ +ee ae 37 9b ea c6 6e 4a 41 17 86 dc b8 fd 00 62\ +eb c0 30 de 12 19 a0 4c 2a 8c 1b 7d d3 13 1e 4d\ +6b 6c ae e2 e3 1a 5e d4 1a c1 50 9b 2e f1 ee 2a\ +b1 83 64 be 56 8c a9 41 c2 5e cc 84 ff 9d 64 3b\ +5e c1 aa ae 10 2a 20 d7 3f 47 9b 78 0f d6 da 91\ +07 52 12 d9 ea c0 3a 06 74 d8 99 eb a2 e4 31 f4\ +c4 4b 61 5b 6b a2 23 2b d4 b3 3b ae d7 3d 62 5d +PublicExponent: \ +01 00 01 +PrivateExponent: \ +19 8c 14 1e 23 71 5a 92 bc cf 6a 11 9a 5b c1 13\ +89 46 8d 28 11 f5 48 d7 27 e1 7b 4a b0 eb 98 6d\ +6f 21 1e fb 53 b7 1f 7c cb ea 87 ee 69 c7 5e e6\ +15 00 8c 53 32 de b5 2b f3 90 ab df bf e3 7d 72\ +05 36 81 59 b2 63 8c 1d e3 26 e2 1d 22 25 1f 0f\ +b5 84 8b 3b f1 50 05 d2 a7 43 30 f0 af e9 16 ee\ +62 cc c1 34 4d 1d 83 a7 09 e6 06 76 27 38 40 f7\ +f3 77 42 4a 5e 0a 4d a7 5f 01 b3 1f f7 68 19 cf\ +9c bf dd 21 52 43 c3 91 7c 03 ef 38 19 93 12 e5\ +67 b3 bf 7a ed 3a b4 57 f3 71 ef 8a 14 23 f4 5b\ +68 c6 e2 82 ec 11 1b ba 28 33 b9 87 fd 69 fa d8\ +3b c1 b8 c6 13 c5 e1 ea 16 c1 1e d1 25 ea 7e c1 +Prime1: \ +fc 8d 6c 04 be c4 eb 9a 81 92 ca 79 00 cb e5 36\ +e2 e8 b5 19 de cf 33 b2 45 97 98 c6 90 9d f4 f1\ +76 db 7d 23 19 0f c7 2b 88 65 a7 18 af 89 5f 1b\ +cd 91 45 29 80 27 42 3b 60 5e 70 a4 7c f5 83 90\ +a8 c3 e8 8f c8 c4 8e 8b 32 e3 da 21 0d fb e3 e8\ +81 ea 56 74 b6 a3 48 c2 1e 93 f9 e5 5e a6 5e fd +Prime2: \ +d2 00 d4 5e 78 8a ac ea 60 6a 40 1d 04 60 f8 7d\ +d5 c1 02 7e 12 dc 1a 0d 75 86 e8 93 9d 9c f7 89\ +b4 0f 51 ac 04 42 96 1d e7 d2 1c c2 1e 05 c8 31\ +55 c1 f2 aa 91 93 38 7c fd f9 56 cb 48 d1 53 ba\ +27 04 06 f9 bb ba 53 7d 49 87 d9 e2 f9 94 2d 7a\ +14 cb ff fe a7 4f ec dd a9 28 d2 3e 25 9f 5e e1 +ModPrime1PrivateExponent: \ +db 16 80 2f 79 a2 f0 d4 5f 35 8d 69 fd 33 e4 4b\ +81 fa e8 28 62 2e 93 a5 42 53 e9 97 d0 1b 07 43\ +75 9d a0 e8 12 b4 aa 4e 6c 8b ea b2 32 8d 54 31\ +95 5a 41 8a 67 ff 26 a8 c5 c8 07 a5 da 35 4e 05\ +ef 31 cc 8c f7 58 f4 63 73 29 50 b0 3e 26 57 26\ +fb 94 e3 9d 6a 57 2a 26 24 4a b0 8d b7 57 52 ad +ModPrime2PrivateExponent: \ +a0 a3 17 cf e7 df 14 23 f8 7a 6d ee 84 51 f4 e2\ +b4 a6 7e 54 97 f2 9b 4f 1e 4e 83 0b 9f ad d9 40\ +11 67 02 6f 55 96 e5 a3 9c 97 81 7e 0f 5f 16 e2\ +7e 19 ec 99 02 e0 1d 7e a6 fb 9a a3 c7 60 af ee\ +1e 38 1b 69 de 6a c9 c0 75 85 a0 6a d9 c4 ba 00\ +bf 75 c8 ad 2f a8 98 a4 79 e8 0a e2 94 fe d2 a1 +MultiplicativeInverseOfPrime2ModPrime1: \ +0b 21 f3 35 c3 53 34 2e b4 4c 3a a2 44 45 78 0c\ +2d 65 5b 94 01 74 ca e3 8c 7c 8a 4e 64 93 c0 ba\ +9f d3 03 74 82 67 b0 83 b9 a7 a6 cb 61 e4 2d b3\ +62 b8 c9 89 6d b7 06 4e 02 ad 5a e6 15 87 da 15\ +b4 64 9c 90 59 49 09 fe b3 7d bc b6 54 be b7 26\ +8e c8 01 e5 a8 b4 aa 39 11 be bd 88 54 2f 05 be +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 9.1 +Plaintext: \ +f7 35 fd 55 ba 92 59 2c 3b 52 b8 f9 c4 f6 9a aa\ +1c be f8 fe 88 ad d0 95 59 54 12 46 7f 9c f4 ec\ +0b 89 6c 59 ed a1 62 10 e7 54 9c 8a bb 10 cd bc\ +21 a1 2e c9 b6 b5 b8 fd 2f 10 39 9e b6 +Seed: # not used yet\ +8e c9 65 f1 34 a3 ec 99 31 e9 2a 1c a0 dc 81 69\ +d5 ea 70 5c +Ciphertext: \ +26 7b cd 11 8a ca b1 fc 8b a8 1c 85 d7 30 03 cb\ +86 10 fa 55 c1 d9 7d a8 d4 8a 7c 7f 06 89 6a 4d\ +b7 51 aa 28 42 55 b9 d3 6a d6 5f 37 65 3d 82 9f\ +1b 37 f9 7b 80 01 94 25 45 b2 fc 2c 55 a7 37 6c\ +a7 a1 be 4b 17 60 c8 e0 5a 33 e5 aa 25 26 b8 d9\ +8e 31 70 88 e7 83 4c 75 5b 2a 59 b1 26 31 a1 82\ +c0 5d 5d 43 ab 17 79 26 4f 84 56 f5 15 ce 57 df\ +df 51 2d 54 93 da b7 b7 33 8d c4 b7 d7 8d b9 c0\ +91 ac 3b af 53 7a 69 fc 7f 54 9d 97 9f 0e ff 9a\ +94 fd a4 16 9b d4 d1 d1 9a 69 c9 9e 33 c3 b5 54\ +90 d5 01 b3 9b 1e da e1 18 ff 67 93 a1 53 26 15\ +84 d3 a5 f3 9f 6e 68 2e 3d 17 c8 cd 12 61 fa 72 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 9.2 +Plaintext: \ +81 b9 06 60 50 15 a6 3a ab e4 2d df 11 e1 97 89\ +12 f5 40 4c 74 74 b2 6d ce 3e d4 82 bf 96 1e cc\ +81 8b f4 20 c5 46 59 +Seed: # not used yet\ +ec b1 b8 b2 5f a5 0c da b0 8e 56 04 28 67 f4 af\ +58 26 d1 6c +Ciphertext: \ +93 ac 9f 06 71 ec 29 ac bb 44 4e ff c1 a5 74 13\ +51 d6 0f db 0e 39 3f bf 75 4a cf 0d e4 97 61 a1\ +48 41 df 77 72 e9 bc 82 77 39 66 a1 58 4c 4d 72\ +ba ea 00 11 8f 83 f3 5c ca 6e 53 7c bd 4d 81 1f\ +55 83 b2 97 83 d8 a6 d9 4c d3 1b e7 0d 6f 52 6c\ +10 ff 09 c6 fa 7c e0 69 79 5a 3f cd 05 11 fd 5f\ +cb 56 4b cc 80 ea 9c 78 f3 8b 80 01 25 39 d8 a4\ +dd f6 fe 81 e9 cd db 7f 50 db bb bc c7 e5 d8 60\ +97 cc f4 ec 49 18 9f b8 bf 31 8b e6 d5 a0 71 5d\ +51 6b 49 af 19 12 58 cd 32 dc 83 3c e6 eb 46 73\ +c0 3a 19 bb ac e8 8c c5 48 95 f6 36 cc 0c 1e c8\ +90 96 d1 1c e2 35 a2 65 ca 17 64 23 2a 68 9a e8 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 9.3 +Plaintext: \ +fd 32 64 29 df 9b 89 0e 09 b5 4b 18 b8 f3 4f 1e\ +24 +Seed: # not used yet\ +e8 9b b0 32 c6 ce 62 2c bd b5 3b c9 46 60 14 ea\ +77 f7 77 c0 +Ciphertext: \ +81 eb dd 95 05 4b 0c 82 2e f9 ad 76 93 f5 a8 7a\ +df b4 b4 c4 ce 70 df 2d f8 4e d4 9c 04 da 58 ba\ +5f c2 0a 19 e1 a6 e8 b7 a3 90 0b 22 79 6d c4 e8\ +69 ee 6b 42 79 2d 15 a8 ec eb 56 c0 9c 69 91 4e\ +81 3c ea 8f 69 31 e4 b8 ed 6f 42 1a f2 98 d5 95\ +c9 7f 47 89 c7 ca a6 12 c7 ef 36 09 84 c2 1b 93\ +ed c5 40 10 68 b5 af 4c 78 a8 77 1b 98 4d 53 b8\ +ea 8a df 2f 6a 7d 4a 0b a7 6c 75 e1 dd 9f 65 8f\ +20 de d4 a4 60 71 d4 6d 77 91 b5 68 03 d8 fe a7\ +f0 b0 f8 e4 1a e3 f0 93 83 a6 f9 58 5f e7 75 3e\ +aa ff d2 bf 94 56 31 08 be ec c2 07 bb b5 35 f5\ +fc c7 05 f0 dd e9 f7 08 c6 2f 49 a9 c9 03 71 d3 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 9.4 +Plaintext: \ +f1 45 9b 5f 0c 92 f0 1a 0f 72 3a 2e 56 62 48 4d\ +8f 8c 0a 20 fc 29 da d6 ac d4 3b b5 f3 ef fd f4\ +e1 b6 3e 07 fd fe 66 28 d0 d7 4c a1 9b f2 d6 9e\ +4a 0a bf 86 d2 93 92 5a 79 67 72 f8 08 8e +Seed: # not used yet\ +60 6f 3b 99 c0 b9 cc d7 71 ea a2 9e a0 e4 c8 84\ +f3 18 9c cc +Ciphertext: \ +bc c3 5f 94 cd e6 6c b1 13 66 25 d6 25 b9 44 32\ +a3 5b 22 f3 d2 fa 11 a6 13 ff 0f ca 5b d5 7f 87\ +b9 02 cc dc 1c d0 ae bc b0 71 5e e8 69 d1 d1 fe\ +39 5f 67 93 00 3f 5e ca 46 50 59 c8 86 60 d4 46\ +ff 5f 08 18 55 20 22 55 7e 38 c0 8a 67 ea d9 91\ +26 22 54 f1 06 82 97 5e c5 63 97 76 85 37 f4 97\ +7a f6 d5 f6 aa ce b7 fb 25 de c5 93 72 30 23 1f\ +d8 97 8a f4 91 19 a2 9f 29 e4 24 ab 82 72 b4 75\ +62 79 2d 5c 94 f7 74 b8 82 9d 0b 0d 9f 1a 8c 9e\ +dd f3 75 74 d5 fa 24 8e ef a9 c5 27 1f c5 ec 25\ +79 c8 1b dd 61 b4 10 fa 61 fe 36 e4 24 22 1c 11\ +3a dd b2 75 66 4c 80 1d 34 ca 8c 63 51 e4 a8 58 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 9.5 +Plaintext: \ +53 e6 e8 c7 29 d6 f9 c3 19 dd 31 7e 74 b0 db 8e\ +4c cc a2 5f 3c 83 05 74 6e 13 7a c6 3a 63 ef 37\ +39 e7 b5 95 ab b9 6e 8d 55 e5 4f 7b d4 1a b4 33\ +37 8f fb 91 1d +Seed: # not used yet\ +fc bc 42 14 02 e9 ec ab c6 08 2a fa 40 ba 5f 26\ +52 2c 84 0e +Ciphertext: \ +23 2a fb c9 27 fa 08 c2 f6 a2 7b 87 d4 a5 cb 09\ +c0 7d c2 6f ae 73 d7 3a 90 55 88 39 f4 fd 66 d2\ +81 b8 7e c7 34 bc e2 37 ba 16 66 98 ed 82 91 06\ +a7 de 69 42 cd 6c dc e7 8f ed 8d 2e 4d 81 42 8e\ +66 49 0d 03 62 64 ce f9 2a f9 41 d3 e3 50 55 fe\ +39 81 e1 4d 29 cb b9 a4 f6 74 73 06 3b ae c7 9a\ +11 79 f5 a1 7c 9c 18 32 f2 83 8f d7 d5 e5 9b b9\ +65 9d 56 dc e8 a0 19 ed ef 1b b3 ac cc 69 7c c6\ +cc 7a 77 8f 60 a0 64 c7 f6 f5 d5 29 c6 21 02 62\ +e0 03 de 58 3e 81 e3 16 7b 89 97 1f b8 c0 e1 5d\ +44 ff fe f8 9b 53 d8 d6 4d d7 97 d1 59 b5 6d 2b\ +08 ea 53 07 ea 12 c2 41 bd 58 d4 ee 27 8a 1f 2e +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 9.6 +Plaintext: \ +b6 b2 8e a2 19 8d 0c 10 08 bc 64 +Seed: # not used yet\ +23 aa de 0e 1e 08 bb 9b 9a 78 d2 30 2a 52 f9 c2\ +1b 2e 1b a2 +Ciphertext: \ +43 8c c7 dc 08 a6 8d a2 49 e4 25 05 f8 57 3b a6\ +0e 2c 27 73 d5 b2 90 f4 cf 9d ff 71 8e 84 20 81\ +c3 83 e6 70 24 a0 f2 95 94 ea 98 7b 9d 25 e4 b7\ +38 f2 85 97 0d 19 5a bb 3a 8c 80 54 e3 d7 9d 6b\ +9c 9a 83 27 ba 59 6f 12 59 e2 71 26 67 47 66 90\ +7d 8d 58 2f f3 a8 47 61 54 92 9a db 1e 6d 12 35\ +b2 cc b4 ec 8f 66 3b a9 cc 67 0a 92 be bd 85 3c\ +8d bf 69 c6 43 6d 01 6f 61 ad d8 36 e9 47 32 45\ +04 34 20 7f 9f d4 c4 3d ec 2a 12 a9 58 ef a0 1e\ +fe 26 69 89 9b 5e 60 4c 25 5c 55 fb 71 66 de 55\ +89 e3 69 59 7b b0 91 68 c0 6d d5 db 17 7e 06 a1\ +74 0e b2 d5 c8 2f ae ca 6d 92 fc ee 99 31 ba 9f +Test: DecryptMatch + +AlgorithmType: AsymmetricCipher +Name: RSA/OAEP-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 10: A 2048-bit RSA Key Pair +Modulus: \ +ae 45 ed 56 01 ce c6 b8 cc 05 f8 03 93 5c 67 4d\ +db e0 d7 5c 4c 09 fd 79 51 fc 6b 0c ae c3 13 a8\ +df 39 97 0c 51 8b ff ba 5e d6 8f 3f 0d 7f 22 a4\ +02 9d 41 3f 1a e0 7e 4e be 9e 41 77 ce 23 e7 f5\ +40 4b 56 9e 4e e1 bd cf 3c 1f b0 3e f1 13 80 2d\ +4f 85 5e b9 b5 13 4b 5a 7c 80 85 ad ca e6 fa 2f\ +a1 41 7e c3 76 3b e1 71 b0 c6 2b 76 0e de 23 c1\ +2a d9 2b 98 08 84 c6 41 f5 a8 fa c2 6b da d4 a0\ +33 81 a2 2f e1 b7 54 88 50 94 c8 25 06 d4 01 9a\ +53 5a 28 6a fe b2 71 bb 9b a5 92 de 18 dc f6 00\ +c2 ae ea e5 6e 02 f7 cf 79 fc 14 cf 3b dc 7c d8\ +4f eb bb f9 50 ca 90 30 4b 22 19 a7 aa 06 3a ef\ +a2 c3 c1 98 0e 56 0c d6 4a fe 77 95 85 b6 10 76\ +57 b9 57 85 7e fd e6 01 09 88 ab 7d e4 17 fc 88\ +d8 f3 84 c4 e6 e7 2c 3f 94 3e 0c 31 c0 c4 a5 cc\ +36 f8 79 d8 a3 ac 9d 7d 59 86 0e aa da 6b 83 bb +PublicExponent: \ +01 00 01 +PrivateExponent: \ +05 6b 04 21 6f e5 f3 54 ac 77 25 0a 4b 6b 0c 85\ +25 a8 5c 59 b0 bd 80 c5 64 50 a2 2d 5f 43 8e 59\ +6a 33 3a a8 75 e2 91 dd 43 f4 8c b8 8b 9d 5f c0\ +d4 99 f9 fc d1 c3 97 f9 af c0 70 cd 9e 39 8c 8d\ +19 e6 1d b7 c7 41 0a 6b 26 75 df bf 5d 34 5b 80\ +4d 20 1a dd 50 2d 5c e2 df cb 09 1c e9 99 7b be\ +be 57 30 6f 38 3e 4d 58 81 03 f0 36 f7 e8 5d 19\ +34 d1 52 a3 23 e4 a8 db 45 1d 6f 4a 5b 1b 0f 10\ +2c c1 50 e0 2f ee e2 b8 8d ea 4a d4 c1 ba cc b2\ +4d 84 07 2d 14 e1 d2 4a 67 71 f7 40 8e e3 05 64\ +fb 86 d4 39 3a 34 bc f0 b7 88 50 1d 19 33 03 f1\ +3a 22 84 b0 01 f0 f6 49 ea f7 93 28 d4 ac 5c 43\ +0a b4 41 49 20 a9 46 0e d1 b7 bc 40 ec 65 3e 87\ +6d 09 ab c5 09 ae 45 b5 25 19 01 16 a0 c2 61 01\ +84 82 98 50 9c 1c 3b f3 a4 83 e7 27 40 54 e1 5e\ +97 07 50 36 e9 89 f6 09 32 80 7b 52 57 75 1e 79 +Prime1: \ +ec f5 ae cd 1e 55 15 ff fa cb d7 5a 28 16 c6 eb\ +f4 90 18 cd fb 46 38 e1 85 d6 6a 73 96 b6 f8 09\ +0f 80 18 c7 fd 95 cc 34 b8 57 dc 17 f0 cc 65 16\ +bb 13 46 ab 4d 58 2c ad ad 7b 41 03 35 23 87 b7\ +03 38 d0 84 04 7c 9d 95 39 b6 49 62 04 b3 dd 6e\ +a4 42 49 92 07 be c0 1f 96 42 87 ff 63 36 c3 98\ +46 58 33 68 46 f5 6e 46 86 18 81 c1 02 33 d2 17\ +6b f1 5a 5e 96 dd c7 80 bc 86 8a a7 7d 3c e7 69 +Prime2: \ +bc 46 c4 64 fc 6a c4 ca 78 3b 0e b0 8a 3c 84 1b\ +77 2f 7e 9b 2f 28 ba bd 58 8a e8 85 e1 a0 c6 1e\ +48 58 a0 fb 25 ac 29 99 90 f3 5b e8 51 64 c2 59\ +ba 11 75 cd d7 19 27 07 13 51 84 99 2b 6c 29 b7\ +46 dd 0d 2c ab e1 42 83 5f 7d 14 8c c1 61 52 4b\ +4a 09 94 6d 48 b8 28 47 3f 1c e7 6b 6c b6 88 6c\ +34 5c 03 e0 5f 41 d5 1b 5c 3a 90 a3 f2 40 73 c7\ +d7 4a 4f e2 5d 9c f2 1c 75 96 0f 3f c3 86 31 83 +ModPrime1PrivateExponent: \ +c7 35 64 57 1d 00 fb 15 d0 8a 3d e9 95 7a 50 91\ +5d 71 26 e9 44 2d ac f4 2b c8 2e 86 2e 56 73 ff\ +6a 00 8e d4 d2 e3 74 61 7d f8 9f 17 a1 60 b4 3b\ +7f da 9c b6 b6 b7 42 18 60 98 15 f7 d4 5c a2 63\ +c1 59 aa 32 d2 72 d1 27 fa f4 bc 8c a2 d7 73 78\ +e8 ae b1 9b 0a d7 da 3c b3 de 0a e7 31 49 80 f6\ +2b 6d 4b 0a 87 5d 1d f0 3c 1b ae 39 cc d8 33 ef\ +6c d7 e2 d9 52 8b f0 84 d1 f9 69 e7 94 e9 f6 c1 +ModPrime2PrivateExponent: \ +26 58 b3 7f 6d f9 c1 03 0b e1 db 68 11 7f a9 d8\ +7e 39 ea 2b 69 3b 7e 6d 3a 2f 70 94 74 13 ee c6\ +14 2e 18 fb 8d fc b6 ac 54 5d 7c 86 a0 ad 48 f8\ +45 71 70 f0 ef b2 6b c4 81 26 c5 3e fd 1d 16 92\ +01 98 dc 2a 11 07 dc 28 2d b6 a8 0c d3 06 23 60\ +ba 3f a1 3f 70 e4 31 2f f1 a6 cd 6b 8f c4 cd 9c\ +5c 3d b1 7c 6d 6a 57 21 2f 73 ae 29 f6 19 32 7b\ +ad 59 b1 53 85 85 85 ba 4e 28 b6 0a 62 a4 5e 49 +MultiplicativeInverseOfPrime2ModPrime1: \ +6f 38 52 6b 39 25 08 55 34 ef 3e 41 5a 83 6e de\ +8b 86 15 8a 2c 7c bf ec cb 0b d8 34 30 4f ec 68\ +3b a8 d4 f4 79 c4 33 d4 34 16 e6 32 69 62 3c ea\ +10 07 76 d8 5a ff 40 1d 3f ff 61 0e e6 54 11 ce\ +3b 13 63 d6 3a 97 09 ee de 42 64 7c ea 56 14 93\ +d5 45 70 a8 79 c1 86 82 cd 97 71 0b 96 20 5e c3\ +11 17 d7 3b 5f 36 22 3f ad d6 e8 ba 90 dd 7c 0e\ +e6 1d 44 e1 63 25 1e 20 c7 f6 6e b3 05 11 7c b8 +Test: KeyPairValidAndConsistent +Comment: RSAES-OAEP Encryption Example 10.1 +Plaintext: \ +8b ba 6b f8 2a 6c 0f 86 d5 f1 75 6e 97 95 68 70\ +b0 89 53 b0 6b 4e b2 05 bc 16 94 ee +Seed: # not used yet\ +47 e1 ab 71 19 fe e5 6c 95 ee 5e aa d8 6f 40 d0\ +aa 63 bd 33 +Ciphertext: \ +53 ea 5d c0 8c d2 60 fb 3b 85 85 67 28 7f a9 15\ +52 c3 0b 2f eb fb a2 13 f0 ae 87 70 2d 06 8d 19\ +ba b0 7f e5 74 52 3d fb 42 13 9d 68 c3 c5 af ee\ +e0 bf e4 cb 79 69 cb f3 82 b8 04 d6 e6 13 96 14\ +4e 2d 0e 60 74 1f 89 93 c3 01 4b 58 b9 b1 95 7a\ +8b ab cd 23 af 85 4f 4c 35 6f b1 66 2a a7 2b fc\ +c7 e5 86 55 9d c4 28 0d 16 0c 12 67 85 a7 23 eb\ +ee be ff 71 f1 15 94 44 0a ae f8 7d 10 79 3a 87\ +74 a2 39 d4 a0 4c 87 fe 14 67 b9 da f8 52 08 ec\ +6c 72 55 79 4a 96 cc 29 14 2f 9a 8b d4 18 e3 c1\ +fd 67 34 4b 0c d0 82 9d f3 b2 be c6 02 53 19 62\ +93 c6 b3 4d 3f 75 d3 2f 21 3d d4 5c 62 73 d5 05\ +ad f4 cc ed 10 57 cb 75 8f c2 6a ee fa 44 12 55\ +ed 4e 64 c1 99 ee 07 5e 7f 16 64 61 82 fd b4 64\ +73 9b 68 ab 5d af f0 e6 3e 95 52 01 68 24 f0 54\ +bf 4d 3c 8c 90 a9 7b b6 b6 55 32 84 eb 42 9f cc +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 10.2 +Plaintext: \ +e6 ad 18 1f 05 3b 58 a9 04 f2 45 75 10 37 3e 57 +Seed: # not used yet\ +6d 17 f5 b4 c1 ff ac 35 1d 19 5b f7 b0 9d 09 f0\ +9a 40 79 cf +Ciphertext: \ +a2 b1 a4 30 a9 d6 57 e2 fa 1c 2b b5 ed 43 ff b2\ +5c 05 a3 08 fe 90 93 c0 10 31 79 5f 58 74 40 01\ +10 82 8a e5 8f b9 b5 81 ce 9d dd d3 e5 49 ae 04\ +a0 98 54 59 bd e6 c6 26 59 4e 7b 05 dc 42 78 b2\ +a1 46 5c 13 68 40 88 23 c8 5e 96 dc 66 c3 a3 09\ +83 c6 39 66 4f c4 56 9a 37 fe 21 e5 a1 95 b5 77\ +6e ed 2d f8 d8 d3 61 af 68 6e 75 02 29 bb d6 63\ +f1 61 86 8a 50 61 5e 0c 33 7b ec 0c a3 5f ec 0b\ +b1 9c 36 eb 2e 0b bc c0 58 2f a1 d9 3a ac db 06\ +10 63 f5 9f 2c e1 ee 43 60 5e 5d 89 ec a1 83 d2\ +ac df e9 f8 10 11 02 2a d3 b4 3a 3d d4 17 da c9\ +4b 4e 11 ea 81 b1 92 96 6e 96 6b 18 20 82 e7 19\ +64 60 7b 4f 80 02 f3 62 99 84 4a 11 f2 ae 0f ae\ +ac 2e ae 70 f8 f4 f9 80 88 ac dc d0 ac 55 6e 9f\ +cc c5 11 52 19 08 fa d2 6f 04 c6 42 01 45 03 05\ +77 87 58 b0 53 8b f8 b5 bb 14 4a 82 8e 62 97 95 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 10.3 +Plaintext: \ +51 0a 2c f6 0e 86 6f a2 34 05 53 c9 4e a3 9f bc\ +25 63 11 e8 3e 94 45 4b 41 24 +Seed: # not used yet\ +38 53 87 51 4d ec cc 7c 74 0d d8 cd f9 da ee 49\ +a1 cb fd 54 +Ciphertext: \ +98 86 c3 e6 76 4a 8b 9a 84 e8 41 48 eb d8 c3 b1\ +aa 80 50 38 1a 78 f6 68 71 4c 16 d9 cf d2 a6 ed\ +c5 69 79 c5 35 d9 de e3 b4 4b 85 c1 8b e8 92 89\ +92 37 17 11 47 22 16 d9 5d da 98 d2 ee 83 47 c9\ +b1 4d ff df f8 4a a4 8d 25 ac 06 f7 d7 e6 53 98\ +ac 96 7b 1c e9 09 25 f6 7d ce 04 9b 7f 81 2d b0\ +74 29 97 a7 4d 44 fe 81 db e0 e7 a3 fe af 2e 5c\ +40 af 88 8d 55 0d db be 3b c2 06 57 a2 95 43 f8\ +fc 29 13 b9 bd 1a 61 b2 ab 22 56 ec 40 9b bd 7d\ +c0 d1 77 17 ea 25 c4 3f 42 ed 27 df 87 38 bf 4a\ +fc 67 66 ff 7a ff 08 59 55 5e e2 83 92 0f 4c 8a\ +63 c4 a7 34 0c ba fd dc 33 9e cd b4 b0 51 50 02\ +f9 6c 93 2b 5b 79 16 7a f6 99 c0 ad 3f cc fd f0\ +f4 4e 85 a7 02 62 bf 2e 18 fe 34 b8 50 58 99 75\ +e8 67 ff 96 9d 48 ea bf 21 22 71 54 6c dc 05 a6\ +9e cb 52 6e 52 87 0c 83 6f 30 7b d7 98 78 0e de +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 10.4 +Plaintext: \ +bc dd 19 0d a3 b7 d3 00 df 9a 06 e2 2c aa e2 a7\ +5f 10 c9 1f f6 67 b7 c1 6b de 8b 53 06 4a 26 49\ +a9 40 45 c9 +Seed: # not used yet\ +5c ac a6 a0 f7 64 16 1a 96 84 f8 5d 92 b6 e0 ef\ +37 ca 8b 65 +Ciphertext: \ +63 18 e9 fb 5c 0d 05 e5 30 7e 16 83 43 6e 90 32\ +93 ac 46 42 35 8a aa 22 3d 71 63 01 3a ba 87 e2\ +df da 8e 60 c6 86 0e 29 a1 e9 26 86 16 3e a0 b9\ +17 5f 32 9c a3 b1 31 a1 ed d3 a7 77 59 a8 b9 7b\ +ad 6a 4f 8f 43 96 f2 8c f6 f3 9c a5 81 12 e4 81\ +60 d6 e2 03 da a5 85 6f 3a ca 5f fe d5 77 af 49\ +94 08 e3 df d2 33 e3 e6 04 db e3 4a 9c 4c 90 82\ +de 65 52 7c ac 63 31 d2 9d c8 0e 05 08 a0 fa 71\ +22 e7 f3 29 f6 cc a5 cf a3 4d 4d 1d a4 17 80 54\ +57 e0 08 be c5 49 e4 78 ff 9e 12 a7 63 c4 77 d1\ +5b bb 78 f5 b6 9b d5 78 30 fc 2c 4e d6 86 d7 9b\ +c7 2a 95 d8 5f 88 13 4c 6b 0a fe 56 a8 cc fb c8\ +55 82 8b b3 39 bd 17 90 9c f1 d7 0d e3 33 5a e0\ +70 39 09 3e 60 6d 65 53 65 de 65 50 b8 72 cd 6d\ +e1 d4 40 ee 03 1b 61 94 5f 62 9a d8 a3 53 b0 d4\ +09 39 e9 6a 3c 45 0d 2a 8d 5e ee 9f 67 80 93 c8 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 10.5 +Plaintext: \ +a7 dd 6c 7d c2 4b 46 f9 dd 5f 1e 91 ad a4 c3 b3\ +df 94 7e 87 72 32 a9 +Seed: # not used yet\ +95 bc a9 e3 85 98 94 b3 dd 86 9f a7 ec d5 bb c6\ +40 1b f3 e4 +Ciphertext: \ +75 29 08 72 cc fd 4a 45 05 66 0d 65 1f 56 da 6d\ +aa 09 ca 13 01 d8 90 63 2f 6a 99 2f 3d 56 5c ee\ +46 4a fd ed 40 ed 3b 5b e9 35 67 14 ea 5a a7 65\ +5f 4a 13 66 c2 f1 7c 72 8f 6f 2c 5a 5d 1f 8e 28\ +42 9b c4 e6 f8 f2 cf f8 da 8d c0 e0 a9 80 8e 45\ +fd 09 ea 2f a4 0c b2 b6 ce 6f ff f5 c0 e1 59 d1\ +1b 68 d9 0a 85 f7 b8 4e 10 3b 09 e6 82 66 64 80\ +c6 57 50 5c 09 29 25 94 68 a3 14 78 6d 74 ea b1\ +31 57 3c f2 34 bf 57 db 7d 9e 66 cc 67 48 19 2e\ +00 2d c0 de ea 93 05 85 f0 83 1f dc d9 bc 33 d5\ +1f 79 ed 2f fc 16 bc f4 d5 98 12 fc eb ca a3 f9\ +06 9b 0e 44 56 86 d6 44 c2 5c cf 63 b4 56 ee 5f\ +a6 ff e9 6f 19 cd f7 51 fe d9 ea f3 59 57 75 4d\ +bf 4b fe a5 21 6a a1 84 4d c5 07 cb 2d 08 0e 72\ +2e ba 15 03 08 c2 b5 ff 11 93 62 0f 17 66 ec f4\ +48 1b af b9 43 bd 29 28 77 f2 13 6c a4 94 ab a0 +Test: DecryptMatch +Comment: RSAES-OAEP Encryption Example 10.6 +Plaintext: \ +ea f1 a7 3a 1b 0c 46 09 53 7d e6 9c d9 22 8b bc\ +fb 9a 8c a8 c6 c3 ef af 05 6f e4 a7 f4 63 4e d0\ +0b 7c 39 ec 69 22 d7 b8 ea 2c 04 eb ac +Seed: # not used yet\ +9f 47 dd f4 2e 97 ee a8 56 a9 bd bc 71 4e b3 ac\ +22 f6 eb 32 +Ciphertext: \ +2d 20 7a 73 43 2a 8f b4 c0 30 51 b3 f7 3b 28 a6\ +17 64 09 8d fa 34 c4 7a 20 99 5f 81 15 aa 68 16\ +67 9b 55 7e 82 db ee 58 49 08 c6 e6 97 82 d7 de\ +b3 4d bd 65 af 06 3d 57 fc a7 6a 5f d0 69 49 2f\ +d6 06 8d 99 84 d2 09 35 05 65 a6 2e 5c 77 f2 30\ +38 c1 2c b1 0c 66 34 70 9b 54 7c 46 f6 b4 a7 09\ +bd 85 ca 12 2d 74 46 5e f9 77 62 c2 97 63 e0 6d\ +bc 7a 9e 73 8c 78 bf ca 01 02 dc 5e 79 d6 5b 97\ +3f 28 24 0c aa b2 e1 61 a7 8b 57 d2 62 45 7e d8\ +19 5d 53 e3 c7 ae 9d a0 21 88 3c 6d b7 c2 4a fd\ +d2 32 2e ac 97 2a d3 c3 54 c5 fc ef 1e 14 6c 3a\ +02 90 fb 67 ad f0 07 06 6e 00 42 8d 2c ec 18 ce\ +58 f9 32 86 98 de fe f4 b2 eb 5e c7 69 18 fd e1\ +c1 98 cb b3 8b 7a fc 67 62 6a 9a ef ec 43 22 bf\ +d9 0d 25 63 48 1c 9a 22 1f 78 c8 27 2c 82 d1 b6\ +2a b9 14 e1 c6 9f 6a f6 ef 30 ca 52 60 db 4a 46 +Test: DecryptMatch diff --git a/c5/TestVectors/rsa_pkcs1_1_5.txt b/c5/TestVectors/rsa_pkcs1_1_5.txt new file mode 100644 index 0000000..2272b7c --- /dev/null +++ b/c5/TestVectors/rsa_pkcs1_1_5.txt @@ -0,0 +1,89 @@ +AlgorithmType: Signature +Name: RSA/PKCS1-1.5(MD2) +KeyFormat: DER +Source: http://www.rsasecurity.com/rsalabs/pkcs/index.html, \ + Some Examples of the PKCS Standards +PrivateKey: \ + 30 82 01 50\ + 02 01 00 #version = 0\ + 30 0d #privateKeyAlgorithmIdentifier\ + 06 09 #algorithm = rsaEncryption\ + 2a 86 48 86 f7 0d 01 01 01\ + 05 00 #parameters = NULL\ + 04 82 01 3a #privateKey = RSAPrivateKey encoding\ + 30 82 01 36\ + 02 01 00 #version = 0\ + 02 40 #modulus = n\ + 0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0\ + c0 01 c6 27 10 27 00 75 14 29 42 e1 9a 8d 8c 51\ + d0 53 b3 e3 78 2a 1d e5 dc 5a f4 eb e9 94 68 17\ + 01 14 a1 df e6 7c dc 9a 9a f5 5d 65 56 20 bb ab\ + 02 03 01 00 01 #publicExponent = e\ + 02 40 #privateExponent = d\ + 01 23 c5 b6 1b a3 6e db 1d 36 79 90 41 99 a8 9e\ + a8 0c 09 b9 12 2e 14 00 c0 9a dc f7 78 46 76 d0\ + 1d 23 35 6a 7d 44 d6 bd 8b d5 0e 94 bf c7 23 fa\ + 87 d8 86 2b 75 17 76 91 c1 1d 75 76 92 df 88 81\ + 02 20 #prime1 = p\ + 33 d4 84 45 c8 59 e5 23 40 de 70 4b cd da 06 5f\ + bb 40 58 d7 40 bd 1d 67 d2 9e 9c 14 6c 11 cf 61\ + 02 20 #prime2 = q\ + 33 5e 84 08 86 6b 0f d3 8d c7 00 2d 3f 97 2c 67\ + 38 9a 65 d5 d8 30 65 66 d5 c4 f2 a5 aa 52 62 8b\ + 02 20 #exponent1 = d mod p-1\ + 04 5e c9 00 71 52 53 25 d3 d4 6d b7 96 95 e9 af\ + ac c4 52 39 64 36 0e 02 b1 19 ba a3 66 31 62 41\ + 02 20 #exponent2 = d mod q-1\ + 15 eb 32 73 60 c7 b6 0d 12 e5 e2 d1 6b dc d9 79\ + 81 d1 7f ba 6b 70 db 13 b2 0b 43 6e 24 ea da 59\ + 02 20 #coefficient = q-1 mod p\ + 2c a6 36 6d 72 78 1d fa 24 d3 4a 9a 24 cb c2 ae\ + 92 7a 99 58 af 42 65 63 ff 63 fb 11 65 8a 46 1d +PublicKey: \ + 30 5b #subjectPublicKeyInfo\ + 30 0d #algorithm\ + 06 09 #algorithm = rsaEncryption\ + 2a 86 48 86 f7 0d 01 01 01\ + 05 00 #parameters = NULL\ + 03 4a #subjectPublicKey = RSAPublicKey encoding\ + 00\ + 30 47\ + 02 40 #modulus = n\ + 0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0\ + c0 01 c6 27 10 27 00 75 14 29 42 e1 9a 8d 8c 51\ + d0 53 b3 e3 78 2a 1d e5 dc 5a f4 eb e9 94 68 17\ + 01 14 a1 df e6 7c dc 9a 9a f5 5d 65 56 20 bb ab\ + 02 03 01 00 01 #publicExponent = e +Test: KeyPairValidAndConsistent +Message: # "Everyone gets Friday off."\ + 45 76 65 72 79 6f 6e 65 20 67 65 74 73 20 46 72 69 64 61 79 20 6f 66 66 2e +Signature: \ + 05fa6a812fc7df8bf4f2542509e03e84\ + 6e11b9c620be2009efb440efbcc66921\ + 6994ac04f341b57d05202d428fb2a27b\ + 5c77dfd9b15bfc3d559353503410c1e1 +Test: Verify +Name: RSA/PKCS1-1.5(SHA-1) +Source: generated by Wei Dai using Crypto++ 5.0 +Signature: 0610761F95FFD1B8F29DA34212947EC2AA0E358866A722F03CC3C41487ADC604A48FF54F5C6BEDB9FB7BD59F82D6E55D8F3174BA361B2214B2D74E8825E04E81 +Test: Verify +Message: 00 +Test: NotVerify + +AlgorithmType: Signature +Name: RSA/PKCS1-1.5(SHA-1) +Source: http://islab.oregonstate.edu/emails/pkcs-tng-02/0152 +KeyFormat: Component +Modulus: A885B6F851A8079AB8A281DB0297148511EE0D8C07C0D4AE6D6FED461488E0D41E3FF8F281B06A3240B5007A5C2AB4FB6BE8AF88F119DB998368DDDC9710ABED +PublicExponent: 010001 +PrivateExponent: 2B259D2CA3DF851EE891F6F4678BDDFD9A131C95D3305C63D2723B4A5B9C960F5EC8BB7DCDDBEBD8B6A38767D64AD451E9383E0891E4EE7506100481F2B49323 +Prime1: D7103CD676E39824E2BE50B8E6533FE7CB7484348E283802AD2B8D00C80D19DF +Prime2: C89996DC169CEB3F227958275968804D4BE9FC4012C3219662F1A438C9950BB3 +ModPrime1PrivateExponent: 5D8EA4C8AF83A70634D5920C3DB66D908AC3AF57A597FD75BC9BBB856181C185 +ModPrime2PrivateExponent: C598E54DAEC8ABC1E907769A6C2BD01653ED0C9960E1EDB7E186FDA922883A99 +MultiplicativeInverseOfPrime2ModPrime1: 7C6F27B5B51B78AD80FB36E700990CF307866F2943124CBD93D97C137794C104 +Test: KeyPairValidAndConsistent +Source: generated by Wei Dai using Crypto++ 5.0 +Message: 74657374 # "test" +Signature: A7E00CE4391F914D82158D9B732759808E25A1C6383FE87A5199157650D4296CF612E9FF809E686A0AF328238306E79965F6D0138138829D9A1A22764306F6CE +Test: Verify diff --git a/c5/TestVectors/rsa_pss.txt b/c5/TestVectors/rsa_pss.txt new file mode 100644 index 0000000..1b5fc9c --- /dev/null +++ b/c5/TestVectors/rsa_pss.txt @@ -0,0 +1,2083 @@ +AlgorithmType: Signature +Name: RSA/PSS-MGF1(SHA-1) +Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors +KeyFormat: Component +Comment: Example 1: A 1024-bit RSA Key Pair +Modulus: \ +a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1\ +56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91\ +d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3\ +94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df\ +d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77\ +c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1\ +05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4\ +ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +33 a5 04 2a 90 b2 7d 4f 54 51 ca 9b bb d0 b4 47\ +71 a1 01 af 88 43 40 ae f9 88 5f 2a 4b be 92 e8\ +94 a7 24 ac 3c 56 8c 8f 97 85 3a d0 7c 02 66 c8\ +c6 a3 ca 09 29 f1 e8 f1 12 31 88 44 29 fc 4d 9a\ +e5 5f ee 89 6a 10 ce 70 7c 3e d7 e7 34 e4 47 27\ +a3 95 74 50 1a 53 26 83 10 9c 2a ba ca ba 28 3c\ +31 b4 bd 2f 53 c3 ee 37 e3 52 ce e3 4f 9e 50 3b\ +d8 0c 06 22 ad 79 c6 dc ee 88 35 47 c6 a3 b3 25 +Prime1: \ +e7 e8 94 27 20 a8 77 51 72 73 a3 56 05 3e a2 a1\ +bc 0c 94 aa 72 d5 5c 6e 86 29 6b 2d fc 96 79 48\ +c0 a7 2c bc cc a7 ea cb 35 70 6e 09 a1 df 55 a1\ +53 5b d9 b3 cc 34 16 0b 3b 6d cd 3e da 8e 64 43 +Prime2: \ +b6 9d ca 1c f7 d4 d7 ec 81 e7 5b 90 fc ca 87 4a\ +bc de 12 3f d2 70 01 80 aa 90 47 9b 6e 48 de 8d\ +67 ed 24 f9 f1 9d 85 ba 27 58 74 f5 42 cd 20 dc\ +72 3e 69 63 36 4a 1f 94 25 45 2b 26 9a 67 99 fd +ModPrime1PrivateExponent: \ +28 fa 13 93 86 55 be 1f 8a 15 9c ba ca 5a 72 ea\ +19 0c 30 08 9e 19 cd 27 4a 55 6f 36 c4 f6 e1 9f\ +55 4b 34 c0 77 79 04 27 bb dd 8d d3 ed e2 44 83\ +28 f3 85 d8 1b 30 e8 e4 3b 2f ff a0 27 86 19 79 +ModPrime2PrivateExponent: \ +1a 8b 38 f3 98 fa 71 20 49 89 8d 7f b7 9e e0 a7\ +76 68 79 12 99 cd fa 09 ef c0 e5 07 ac b2 1e d7\ +43 01 ef 5b fd 48 be 45 5e ae b6 e1 67 82 55 82\ +75 80 a8 e4 e8 e1 41 51 d1 51 0a 82 a3 f2 e7 29 +MultiplicativeInverseOfPrime2ModPrime1: \ +27 15 6a ba 41 26 d2 4a 81 f3 a5 28 cb fb 27 f5\ +68 86 f8 40 a9 f6 e8 6e 17 a4 4b 94 fe 93 19 58\ +4b 8e 22 fd de 1e 5a 2e 3b d8 aa 5b a8 d8 58 41\ +94 eb 21 90 ac f8 32 b8 47 f1 3a 3d 24 a7 9f 4d +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 1.1 +Message: \ +cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26\ +d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6\ +23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15\ +6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76\ +97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3\ +d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0\ +61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29\ +cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61\ +93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08\ +a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c\ +29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca\ +b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16\ +be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed\ +1b 73 31 8b 75 0a 01 67 d0 +Salt: \ +de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f\ +3e 67 76 af +Signature: \ +90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71\ +fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87\ +e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2\ +26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15\ +df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9\ +c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65\ +98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4\ +c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c +Test: Verify +Comment: RSASSA-PSS Signature Example 1.2 +Message: \ +85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c\ +f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f\ +71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13\ +22 6b 9e +Salt: \ +ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f\ +d5 6d f4 2d +Signature: \ +3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce\ +fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e\ +f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db\ +0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45\ +17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4\ +cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35\ +90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14\ +18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 +Test: Verify +Comment: RSASSA-PSS Signature Example 1.3 +Message: \ +a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5\ +aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef\ +8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d\ +fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55\ +fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db\ +43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7\ +45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29\ +c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4\ +56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17\ +be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c\ +03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b\ +79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa\ +29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61\ +8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13\ +38 e7 d4 70 +Salt: \ +71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1\ +81 07 cc 77 +Signature: \ +66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e\ +4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01\ +54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b\ +aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14\ +3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82\ +72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a\ +a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91\ +60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 +Test: Verify +Comment: RSASSA-PSS Signature Example 1.4 +Message: \ +bc 65 67 47 fa 9e af b3 f0 +Salt: \ +05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be\ +f7 20 33 5e +Signature: \ +46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f\ +3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c\ +17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f\ +4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad\ +84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e\ +42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18\ +33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7\ +52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 +Test: Verify +Comment: RSASSA-PSS Signature Example 1.5 +Message: \ +b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64\ +e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76\ +c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e\ +f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75\ +48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4\ +b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f\ +32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7\ +82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc\ +5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f\ +45 5a 69 09 b4 +Salt: \ +80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc\ +ea 67 ae 8e +Signature: \ +1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98\ +e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73\ +47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1\ +6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59\ +60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c\ +3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db\ +45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6\ +84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad +Test: Verify +Comment: RSASSA-PSS Signature Example 1.6 +Message: \ +10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7\ +5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec\ +74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4\ +3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4\ +35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90\ +9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7\ +05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad\ +b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87\ +94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00\ +44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73\ +d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29\ +51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb\ +3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf\ +e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6\ +13 8d 14 4f 8c e4 e2 da 73 +Salt: \ +a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6\ +16 d9 96 81 +Signature: \ +2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32\ +be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98\ +7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6\ +7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7\ +5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0\ +d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89\ +82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27\ +3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 +Test: Verify +Comment: Example 2: A 1025-bit RSA Key Pair +Modulus: \ +01 d4 0c 1b cf 97 a6 8a e7 cd bd 8a 7b f3 e3 4f\ +a1 9d cc a4 ef 75 a4 74 54 37 5f 94 51 4d 88 fe\ +d0 06 fb 82 9f 84 19 ff 87 d6 31 5d a6 8a 1f f3\ +a0 93 8e 9a bb 34 64 01 1c 30 3a d9 91 99 cf 0c\ +7c 7a 8b 47 7d ce 82 9e 88 44 f6 25 b1 15 e5 e9\ +c4 a5 9c f8 f8 11 3b 68 34 33 6a 2f d2 68 9b 47\ +2c bb 5e 5c ab e6 74 35 0c 59 b6 c1 7e 17 68 74\ +fb 42 f8 fc 3d 17 6a 01 7e dc 61 fd 32 6c 4b 33\ +c9 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +02 7d 14 7e 46 73 05 73 77 fd 1e a2 01 56 57 72\ +17 6a 7d c3 83 58 d3 76 04 56 85 a2 e7 87 c2 3c\ +15 57 6b c1 6b 9f 44 44 02 d6 bf c5 d9 8a 3e 88\ +ea 13 ef 67 c3 53 ec a0 c0 dd ba 92 55 bd 7b 8b\ +b5 0a 64 4a fd fd 1d d5 16 95 b2 52 d2 2e 73 18\ +d1 b6 68 7a 1c 10 ff 75 54 5f 3d b0 fe 60 2d 5f\ +2b 7f 29 4e 36 01 ea b7 b9 d1 ce cd 76 7f 64 69\ +2e 3e 53 6c a2 84 6c b0 c2 dd 48 6a 39 fa 75 b1 +Prime1: \ +01 66 01 e9 26 a0 f8 c9 e2 6e ca b7 69 ea 65 a5\ +e7 c5 2c c9 e0 80 ef 51 94 57 c6 44 da 68 91 c5\ +a1 04 d3 ea 79 55 92 9a 22 e7 c6 8a 7a f9 fc ad\ +77 7c 3c cc 2b 9e 3d 36 50 bc e4 04 39 9b 7e 59\ +d1 +Prime2: \ +01 4e af a1 d4 d0 18 4d a7 e3 1f 87 7d 12 81 dd\ +da 62 56 64 86 9e 83 79 e6 7a d3 b7 5e ae 74 a5\ +80 e9 82 7a bd 6e b7 a0 02 cb 54 11 f5 26 67 97\ +76 8f b8 e9 5a e4 0e 3e 8a 01 f3 5f f8 9e 56 c0\ +79 +ModPrime1PrivateExponent: \ +e2 47 cc e5 04 93 9b 8f 0a 36 09 0d e2 00 93 87\ +55 e2 44 4b 29 53 9a 7d a7 a9 02 f6 05 68 35 c0\ +db 7b 52 55 94 97 cf e2 c6 1a 80 86 d0 21 3c 47\ +2c 78 85 18 00 b1 71 f6 40 1d e2 e9 c2 75 6f 31 +ModPrime2PrivateExponent: \ +b1 2f ba 75 78 55 e5 86 e4 6f 64 c3 8a 70 c6 8b\ +3f 54 8d 93 d7 87 b3 99 99 9d 4c 8f 0b bd 25 81\ +c2 1e 19 ed 00 18 a6 d5 d3 df 86 42 4b 3a bc ad\ +40 19 9d 31 49 5b 61 30 9f 27 c1 bf 55 d4 87 c1 +MultiplicativeInverseOfPrime2ModPrime1: \ +56 4b 1e 1f a0 03 bd a9 1e 89 09 04 25 aa c0 5b\ +91 da 9e e2 50 61 e7 62 8d 5f 51 30 4a 84 99 2f\ +dc 33 76 2b d3 78 a5 9f 03 0a 33 4d 53 2b d0 da\ +e8 f2 98 ea 9e d8 44 63 6a d5 fb 8c bd c0 3c ad +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 2.1 +Message: \ +da ba 03 20 66 26 3f ae db 65 98 48 11 52 78 a5\ +2c 44 fa a3 a7 6f 37 51 5e d3 36 32 10 72 c4 0a\ +9d 9b 53 bc 05 01 40 78 ad f5 20 87 51 46 aa e7\ +0f f0 60 22 6d cb 7b 1f 1f c2 7e 93 60 +Salt: \ +57 bf 16 0b cb 02 bb 1d c7 28 0c f0 45 85 30 b7\ +d2 83 2f f7 +Signature: \ +01 4c 5b a5 33 83 28 cc c6 e7 a9 0b f1 c0 ab 3f\ +d6 06 ff 47 96 d3 c1 2e 4b 63 9e d9 13 6a 5f ec\ +6c 16 d8 88 4b dd 99 cf dc 52 14 56 b0 74 2b 73\ +68 68 cf 90 de 09 9a db 8d 5f fd 1d ef f3 9b a4\ +00 7a b7 46 ce fd b2 2d 7d f0 e2 25 f5 46 27 dc\ +65 46 61 31 72 1b 90 af 44 53 63 a8 35 8b 9f 60\ +76 42 f7 8f ab 0a b0 f4 3b 71 68 d6 4b ae 70 d8\ +82 78 48 d8 ef 1e 42 1c 57 54 dd f4 2c 25 89 b5\ +b3 +Test: Verify +Comment: RSASSA-PSS Signature Example 2.2 +Message: \ +e4 f8 60 1a 8a 6d a1 be 34 44 7c 09 59 c0 58 57\ +0c 36 68 cf d5 1d d5 f9 cc d6 ad 44 11 fe 82 13\ +48 6d 78 a6 c4 9f 93 ef c2 ca 22 88 ce bc 2b 9b\ +60 bd 04 b1 e2 20 d8 6e 3d 48 48 d7 09 d0 32 d1\ +e8 c6 a0 70 c6 af 9a 49 9f cf 95 35 4b 14 ba 61\ +27 c7 39 de 1b b0 fd 16 43 1e 46 93 8a ec 0c f8\ +ad 9e b7 2e 83 2a 70 35 de 9b 78 07 bd c0 ed 8b\ +68 eb 0f 5a c2 21 6b e4 0c e9 20 c0 db 0e dd d3\ +86 0e d7 88 ef ac ca ca 50 2d 8f 2b d6 d1 a7 c1\ +f4 1f f4 6f 16 81 c8 f1 f8 18 e9 c4 f6 d9 1a 0c\ +78 03 cc c6 3d 76 a6 54 4d 84 3e 08 4e 36 3b 8a\ +cc 55 aa 53 17 33 ed b5 de e5 b5 19 6e 9f 03 e8\ +b7 31 b3 77 64 28 d9 e4 57 fe 3f bc b3 db 72 74\ +44 2d 78 58 90 e9 cb 08 54 b6 44 4d ac e7 91 d7\ +27 3d e1 88 97 19 33 8a 77 fe +Salt: \ +7f 6d d3 59 e6 04 e6 08 70 e8 98 e4 7b 19 bf 2e\ +5a 7b 2a 90 +Signature: \ +01 09 91 65 6c ca 18 2b 7f 29 d2 db c0 07 e7 ae\ +0f ec 15 8e b6 75 9c b9 c4 5c 5f f8 7c 76 35 dd\ +46 d1 50 88 2f 4d e1 e9 ae 65 e7 f7 d9 01 8f 68\ +36 95 4a 47 c0 a8 1a 8a 6b 6f 83 f2 94 4d 60 81\ +b1 aa 7c 75 9b 25 4b 2c 34 b6 91 da 67 cc 02 26\ +e2 0b 2f 18 b4 22 12 76 1d cd 4b 90 8a 62 b3 71\ +b5 91 8c 57 42 af 4b 53 7e 29 69 17 67 4f b9 14\ +19 47 61 62 1c c1 9a 41 f6 fb 95 3f bc bb 64 9d\ +ea +Test: Verify +Comment: RSASSA-PSS Signature Example 2.3 +Message: \ +52 a1 d9 6c 8a c3 9e 41 e4 55 80 98 01 b9 27 a5\ +b4 45 c1 0d 90 2a 0d cd 38 50 d2 2a 66 d2 bb 07\ +03 e6 7d 58 67 11 45 95 aa bf 5a 7a eb 5a 8f 87\ +03 4b bb 30 e1 3c fd 48 17 a9 be 76 23 00 23 60\ +6d 02 86 a3 fa f8 a4 d2 2b 72 8e c5 18 07 9f 9e\ +64 52 6e 3a 0c c7 94 1a a3 38 c4 37 99 7c 68 0c\ +ca c6 7c 66 bf a1 +Salt: \ +fc a8 62 06 8b ce 22 46 72 4b 70 8a 05 19 da 17\ +e6 48 68 8c +Signature: \ +00 7f 00 30 01 8f 53 cd c7 1f 23 d0 36 59 fd e5\ +4d 42 41 f7 58 a7 50 b4 2f 18 5f 87 57 85 20 c3\ +07 42 af d8 43 59 b6 e6 e8 d3 ed 95 9d c6 fe 48\ +6b ed c8 e2 cf 00 1f 63 a7 ab e1 62 56 a1 b8 4d\ +f0 d2 49 fc 05 d3 19 4c e5 f0 91 27 42 db bf 80\ +dd 17 4f 6c 51 f6 ba d7 f1 6c f3 36 4e ba 09 5a\ +06 26 7d c3 79 38 03 ac 75 26 ae be 0a 47 5d 38\ +b8 c2 24 7a b5 1c 48 98 df 70 47 dc 6a df 52 c6\ +c4 +Test: Verify +Comment: RSASSA-PSS Signature Example 2.4 +Message: \ +a7 18 2c 83 ac 18 be 65 70 a1 06 aa 9d 5c 4e 3d\ +bb d4 af ae b0 c6 0c 4a 23 e1 96 9d 79 ff +Salt: \ +80 70 ef 2d e9 45 c0 23 87 68 4b a0 d3 30 96 73\ +22 35 d4 40 +Signature: \ +00 9c d2 f4 ed be 23 e1 23 46 ae 8c 76 dd 9a d3\ +23 0a 62 07 61 41 f1 6c 15 2b a1 85 13 a4 8e f6\ +f0 10 e0 e3 7f d3 df 10 a1 ec 62 9a 0c b5 a3 b5\ +d2 89 30 07 29 8c 30 93 6a 95 90 3b 6b a8 55 55\ +d9 ec 36 73 a0 61 08 fd 62 a2 fd a5 6d 1c e2 e8\ +5c 4d b6 b2 4a 81 ca 3b 49 6c 36 d4 fd 06 eb 7c\ +91 66 d8 e9 48 77 c4 2b ea 62 2b 3b fe 92 51 fd\ +c2 1d 8d 53 71 ba da d7 8a 48 82 14 79 63 35 b4\ +0b +Test: Verify +Comment: RSASSA-PSS Signature Example 2.5 +Message: \ +86 a8 3d 4a 72 ee 93 2a 4f 56 30 af 65 79 a3 86\ +b7 8f e8 89 99 e0 ab d2 d4 90 34 a4 bf c8 54 dd\ +94 f1 09 4e 2e 8c d7 a1 79 d1 95 88 e4 ae fc 1b\ +1b d2 5e 95 e3 dd 46 1f +Salt: \ +17 63 9a 4e 88 d7 22 c4 fc a2 4d 07 9a 8b 29 c3\ +24 33 b0 c9 +Signature: \ +00 ec 43 08 24 93 1e bd 3b aa 43 03 4d ae 98 ba\ +64 6b 8c 36 01 3d 16 71 c3 cf 1c f8 26 0c 37 4b\ +19 f8 e1 cc 8d 96 50 12 40 5e 7e 9b f7 37 86 12\ +df cc 85 fc e1 2c da 11 f9 50 bd 0b a8 87 67 40\ +43 6c 1d 25 95 a6 4a 1b 32 ef cf b7 4a 21 c8 73\ +b3 cc 33 aa f4 e3 dc 39 53 de 67 f0 67 4c 04 53\ +b4 fd 9f 60 44 06 d4 41 b8 16 09 8c b1 06 fe 34\ +72 bc 25 1f 81 5f 59 db 2e 43 78 a3 ad dc 18 1e\ +cf +Test: Verify +Comment: RSASSA-PSS Signature Example 2.6 +Message: \ +04 9f 91 54 d8 71 ac 4a 7c 7a b4 53 25 ba 75 45\ +a1 ed 08 f7 05 25 b2 66 7c f1 +Salt: \ +37 81 0d ef 10 55 ed 92 2b 06 3d f7 98 de 5d 0a\ +ab f8 86 ee +Signature: \ +00 47 5b 16 48 f8 14 a8 dc 0a bd c3 7b 55 27 f5\ +43 b6 66 bb 6e 39 d3 0e 5b 49 d3 b8 76 dc cc 58\ +ea c1 4e 32 a2 d5 5c 26 16 01 44 56 ad 2f 24 6f\ +c8 e3 d5 60 da 3d df 37 9a 1c 0b d2 00 f1 02 21\ +df 07 8c 21 9a 15 1b c8 d4 ec 9d 2f c2 56 44 67\ +81 10 14 ef 15 d8 ea 01 c2 eb bf f8 c2 c8 ef ab\ +38 09 6e 55 fc be 32 85 c7 aa 55 88 51 25 4f af\ +fa 92 c1 c7 2b 78 75 86 63 ef 45 82 84 31 39 d7\ +a6 +Test: Verify +Comment: Example 3: A 1026-bit RSA Key Pair +Modulus: \ +02 f2 46 ef 45 1e d3 ee bb 9a 31 02 00 cc 25 85\ +9c 04 8e 4b e7 98 30 29 91 11 2e b6 8c e6 db 67\ +4e 28 0d a2 1f ed ed 1a e7 48 80 ca 52 2b 18 db\ +24 93 85 01 28 27 c5 15 f0 e4 66 a1 ff a6 91 d9\ +81 70 57 4e 9d 0e ad b0 87 58 6c a4 89 33 da 3c\ +c9 53 d9 5b d0 ed 50 de 10 dd cb 67 36 10 7d 6c\ +83 1c 7f 66 3e 83 3c a4 c0 97 e7 00 ce 0f b9 45\ +f8 8f b8 5f e8 e5 a7 73 17 25 65 b9 14 a4 71 a4\ +43 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +65 14 51 73 3b 56 de 5a c0 a6 89 a4 ae b6 e6 89\ +4a 69 01 4e 07 6c 88 dd 7a 66 7e ab 32 32 bb cc\ +d2 fc 44 ba 2f a9 c3 1d b4 6f 21 ed d1 fd b2 3c\ +5c 12 8a 5d a5 ba b9 1e 7f 95 2b 67 75 9c 7c ff\ +70 54 15 ac 9f a0 90 7c 7c a6 17 8f 66 8f b9 48\ +d8 69 da 4c c3 b7 35 6f 40 08 df d5 44 9d 32 ee\ +02 d9 a4 77 eb 69 fc 29 26 6e 5d 90 70 51 23 75\ +a5 0f bb cc 27 e2 38 ad 98 42 5f 6e bb f8 89 91 +Prime1: \ +01 bd 36 e1 8e ce 4b 0f db 2e 9c 9d 54 8b d1 a7\ +d6 e2 c2 1c 6f dc 35 07 4a 1d 05 b1 c6 c8 b3 d5\ +58 ea 26 39 c9 a9 a4 21 68 01 69 31 72 52 55 8b\ +d1 48 ad 21 5a ac 55 0e 2d cf 12 a8 2d 0e bf e8\ +53 +Prime2: \ +01 b1 b6 56 ad 86 d8 e1 9d 5d c8 62 92 b3 a1 92\ +fd f6 e0 dd 37 87 7b ad 14 82 2f a0 01 90 ca b2\ +65 f9 0d 3f 02 05 7b 6f 54 d6 ec b1 44 91 e5 ad\ +ea ce bc 48 bf 0e bd 2a 2a d2 6d 40 2e 54 f6 16\ +51 +ModPrime1PrivateExponent: \ +1f 27 79 fd 2e 3e 5e 6b ae 05 53 95 18 fb a0 cd\ +0e ad 1a a4 51 3a 7c ba 18 f1 cf 10 e3 f6 81 95\ +69 3d 27 8a 0f 0e e7 2f 89 f9 bc 76 0d 80 e2 f9\ +d0 26 1d 51 65 01 c6 ae 39 f1 4a 47 6c e2 cc f5 +ModPrime2PrivateExponent: \ +01 1a 0d 36 79 4b 04 a8 54 aa b4 b2 46 2d 43 9a\ +50 46 c9 1d 94 0b 2b c6 f7 5b 62 95 6f ef 35 a2\ +a6 e6 3c 53 09 81 7f 30 7b bf f9 d5 9e 7e 33 1b\ +d3 63 f6 d6 68 49 b1 83 46 ad ea 16 9f 0a e9 ae\ +c1 +MultiplicativeInverseOfPrime2ModPrime1: \ +0b 30 f0 ec f5 58 75 2f b3 a6 ce 4b a2 b8 c6 75\ +f6 59 eb a6 c3 76 58 5a 1b 39 71 2d 03 8a e3 d2\ +b4 6f cb 41 8a e1 5d 09 05 da 64 40 e1 51 3a 30\ +b9 b7 d6 66 8f bc 5e 88 e5 ab 7a 17 5e 73 ba 35 +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 3.1 +Message: \ +59 4b 37 33 3b bb 2c 84 52 4a 87 c1 a0 1f 75 fc\ +ec 0e 32 56 f1 08 e3 8d ca 36 d7 0d 00 57 +Salt: \ +f3 1a d6 c8 cf 89 df 78 ed 77 fe ac bc c2 f8 b0\ +a8 e4 cf aa +Signature: \ +00 88 b1 35 fb 17 94 b6 b9 6c 4a 3e 67 81 97 f8\ +ca c5 2b 64 b2 fe 90 7d 6f 27 de 76 11 24 96 4a\ +99 a0 1a 88 27 40 ec fa ed 6c 01 a4 74 64 bb 05\ +18 23 13 c0 13 38 a8 cd 09 72 14 cd 68 ca 10 3b\ +d5 7d 3b c9 e8 16 21 3e 61 d7 84 f1 82 46 7a bf\ +8a 01 cf 25 3e 99 a1 56 ea a8 e3 e1 f9 0e 3c 6e\ +4e 3a a2 d8 3e d0 34 5b 89 fa fc 9c 26 07 7c 14\ +b6 ac 51 45 4f a2 6e 44 6e 3a 2f 15 3b 2b 16 79\ +7f +Test: Verify +Comment: RSASSA-PSS Signature Example 3.2 +Message: \ +8b 76 95 28 88 4a 0d 1f fd 09 0c f1 02 99 3e 79\ +6d ad cf bd dd 38 e4 4f f6 32 4c a4 51 +Salt: \ +fc f9 f0 e1 f1 99 a3 d1 d0 da 68 1c 5b 86 06 fc\ +64 29 39 f7 +Signature: \ +02 a5 f0 a8 58 a0 86 4a 4f 65 01 7a 7d 69 45 4f\ +3f 97 3a 29 99 83 9b 7b bc 48 bf 78 64 11 69 17\ +95 56 f5 95 fa 41 f6 ff 18 e2 86 c2 78 30 79 bc\ +09 10 ee 9c c3 4f 49 ba 68 11 24 f9 23 df a8 8f\ +42 61 41 a3 68 a5 f5 a9 30 c6 28 c2 c3 c2 00 e1\ +8a 76 44 72 1a 0c be c6 dd 3f 62 79 bd e3 e8 f2\ +be 5e 2d 4e e5 6f 97 e7 ce af 33 05 4b e7 04 2b\ +d9 1a 63 bb 09 f8 97 bd 41 e8 11 97 de e9 9b 11\ +af +Test: Verify +Comment: RSASSA-PSS Signature Example 3.3 +Message: \ +1a bd ba 48 9c 5a da 2f 99 5e d1 6f 19 d5 a9 4d\ +9e 6e c3 4a 8d 84 f8 45 57 d2 6e 5e f9 b0 2b 22\ +88 7e 3f 9a 4b 69 0a d1 14 92 09 c2 0c 61 43 1f\ +0c 01 7c 36 c2 65 7b 35 d7 b0 7d 3f 5a d8 70 85\ +07 a9 c1 b8 31 df 83 5a 56 f8 31 07 18 14 ea 5d\ +3d 8d 8f 6a de 40 cb a3 8b 42 db 7a 2d 3d 7a 29\ +c8 f0 a7 9a 78 38 cf 58 a9 75 7f a2 fe 4c 40 df\ +9b aa 19 3b fc 6f 92 b1 23 ad 57 b0 7a ce 3e 6a\ +c0 68 c9 f1 06 af d9 ee b0 3b 4f 37 c2 5d bf bc\ +fb 30 71 f6 f9 77 17 66 d0 72 f3 bb 07 0a f6 60\ +55 32 97 3a e2 50 51 +Salt: \ +98 6e 7c 43 db b6 71 bd 41 b9 a7 f4 b6 af c8 0e\ +80 5f 24 23 +Signature: \ +02 44 bc d1 c8 c1 69 55 73 6c 80 3b e4 01 27 2e\ +18 cb 99 08 11 b1 4f 72 db 96 41 24 d5 fa 76 06\ +49 cb b5 7a fb 87 55 db b6 2b f5 1f 46 6c f2 3a\ +0a 16 07 57 6e 98 3d 77 8f ce ff a9 2d f7 54 8a\ +ea 8e a4 ec ad 2c 29 dd 9f 95 bc 07 fe 91 ec f8\ +be e2 55 bf e8 76 2f d7 69 0a a9 bf a4 fa 08 49\ +ef 72 8c 2c 42 c4 53 23 64 52 2d f2 ab 7f 9f 8a\ +03 b6 3f 7a 49 91 75 82 86 68 f5 ef 5a 29 e3 80\ +2c +Test: Verify +Comment: RSASSA-PSS Signature Example 3.4 +Message: \ +8f b4 31 f5 ee 79 2b 6c 2a c7 db 53 cc 42 86 55\ +ae b3 2d 03 f4 e8 89 c5 c2 5d e6 83 c4 61 b5 3a\ +cf 89 f9 f8 d3 aa bd f6 b9 f0 c2 a1 de 12 e1 5b\ +49 ed b3 91 9a 65 2f e9 49 1c 25 a7 fc e1 f7 22\ +c2 54 36 08 b6 9d c3 75 ec +Salt: \ +f8 31 2d 9c 8e ea 13 ec 0a 4c 7b 98 12 0c 87 50\ +90 87 c4 78 +Signature: \ +01 96 f1 2a 00 5b 98 12 9c 8d f1 3c 4c b1 6f 8a\ +a8 87 d3 c4 0d 96 df 3a 88 e7 53 2e f3 9c d9 92\ +f2 73 ab c3 70 bc 1b e6 f0 97 cf eb bf 01 18 fd\ +9e f4 b9 27 15 5f 3d f2 2b 90 4d 90 70 2d 1f 7b\ +a7 a5 2b ed 8b 89 42 f4 12 cd 7b d6 76 c9 d1 8e\ +17 03 91 dc d3 45 c0 6a 73 09 64 b3 f3 0b cc e0\ +bb 20 ba 10 6f 9a b0 ee b3 9c f8 a6 60 7f 75 c0\ +34 7f 0a f7 9f 16 af a0 81 d2 c9 2d 1e e6 f8 36\ +b8 +Test: Verify +Comment: RSASSA-PSS Signature Example 3.5 +Message: \ +fe f4 16 1d fa af 9c 52 95 05 1d fc 1f f3 81 0c\ +8c 9e c2 e8 66 f7 07 54 22 c8 ec 42 16 a9 c4 ff\ +49 42 7d 48 3c ae 10 c8 53 4a 41 b2 fd 15 fe e0\ +69 60 ec 6f b3 f7 a7 e9 4a 2f 8a 2e 3e 43 dc 4a\ +40 57 6c 30 97 ac 95 3b 1d e8 6f 0b 4e d3 6d 64\ +4f 23 ae 14 42 55 29 62 24 64 ca 0c bf 0b 17 41\ +34 72 38 15 7f ab 59 e4 de 55 24 09 6d 62 ba ec\ +63 ac 64 +Salt: \ +50 32 7e fe c6 29 2f 98 01 9f c6 7a 2a 66 38 56\ +3e 9b 6e 2d +Signature: \ +02 1e ca 3a b4 89 22 64 ec 22 41 1a 75 2d 92 22\ +10 76 d4 e0 1c 0e 6f 0d de 9a fd 26 ba 5a cf 6d\ +73 9e f9 87 54 5d 16 68 3e 56 74 c9 e7 0f 1d e6\ +49 d7 e6 1d 48 d0 ca eb 4f b4 d8 b2 4f ba 84 a6\ +e3 10 8f ee 7d 07 05 97 32 66 ac 52 4b 4a d2 80\ +f7 ae 17 dc 59 d9 6d 33 51 58 6b 5a 3b db 89 5d\ +1e 1f 78 20 ac 61 35 d8 75 34 80 99 83 82 ba 32\ +b7 34 95 59 60 8c 38 74 52 90 a8 5e f4 e9 f9 bd\ +83 +Test: Verify +Comment: RSASSA-PSS Signature Example 3.6 +Message: \ +ef d2 37 bb 09 8a 44 3a ee b2 bf 6c 3f 8c 81 b8\ +c0 1b 7f cb 3f eb +Salt: \ +b0 de 3f c2 5b 65 f5 af 96 b1 d5 cc 3b 27 d0 c6\ +05 30 87 b3 +Signature: \ +01 2f af ec 86 2f 56 e9 e9 2f 60 ab 0c 77 82 4f\ +42 99 a0 ca 73 4e d2 6e 06 44 d5 d2 22 c7 f0 bd\ +e0 39 64 f8 e7 0a 5c b6 5e d4 4e 44 d5 6a e0 ed\ +f1 ff 86 ca 03 2c c5 dd 44 04 db b7 6a b8 54 58\ +6c 44 ee d8 33 6d 08 d4 57 ce 6c 03 69 3b 45 c0\ +f1 ef ef 93 62 4b 95 b8 ec 16 9c 61 6d 20 e5 53\ +8e bc 0b 67 37 a6 f8 2b 4b c0 57 09 24 fc 6b 35\ +75 9a 33 48 42 62 79 f8 b3 d7 74 4e 2d 22 24 26\ +ce +Test: Verify +Comment: Example 4: A 1027-bit RSA Key Pair +Modulus: \ +05 4a db 78 86 44 7e fe 6f 57 e0 36 8f 06 cf 52\ +b0 a3 37 07 60 d1 61 ce f1 26 b9 1b e7 f8 9c 42\ +1b 62 a6 ec 1d a3 c3 11 d7 5e d5 0e 0a b5 ff f3\ +fd 33 8a cc 3a a8 a4 e7 7e e2 63 69 ac b8 1b a9\ +00 fa 83 f5 30 0c f9 bb 6c 53 ad 1d c8 a1 78 b8\ +15 db 42 35 a9 a9 da 0c 06 de 4e 61 5e a1 27 7c\ +e5 59 e9 c1 08 de 58 c1 4a 81 aa 77 f5 a6 f8 d1\ +33 54 94 49 88 48 c8 b9 59 40 74 0b e7 bf 7c 37\ +05 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +fa 04 1f 8c d9 69 7c ee d3 8e c8 ca a2 75 52 3b\ +4d d7 2b 09 a3 01 d3 54 1d 72 f5 d3 1c 05 cb ce\ +2d 69 83 b3 61 83 af 10 69 0b d4 6c 46 13 1e 35\ +78 94 31 a5 56 77 1d d0 04 9b 57 46 1b f0 60 c1\ +f6 84 72 e8 a6 7c 25 f3 57 e5 b6 b4 73 8f a5 41\ +a7 30 34 6b 4a 07 64 9a 2d fa 80 6a 69 c9 75 b6\ +ab a6 46 78 ac c7 f5 91 3e 89 c6 22 f2 d8 ab b1\ +e3 e3 25 54 e3 9d f9 4b a6 0c 00 2e 38 7d 90 11 +Prime1: \ +02 92 32 33 6d 28 38 94 5d ba 9d d7 72 3f 4e 62\ +4a 05 f7 37 5b 92 7a 87 ab e6 a8 93 a1 65 8f d4\ +9f 47 f6 c7 b0 fa 59 6c 65 fa 68 a2 3f 0a b4 32\ +96 2d 18 d4 34 3b d6 fd 67 1a 5e a8 d1 48 41 39\ +95 +Prime2: \ +02 0e f5 ef e7 c5 39 4a ed 22 72 f7 e8 1a 74 f4\ +c0 2d 14 58 94 cb 1b 3c ab 23 a9 a0 71 0a 2a fc\ +7e 33 29 ac bb 74 3d 01 f6 80 c4 d0 2a fb 4c 8f\ +de 7e 20 93 08 11 bb 2b 99 57 88 b5 e8 72 c2 0b\ +b1 +ModPrime1PrivateExponent: \ +02 6e 7e 28 01 0e cf 24 12 d9 52 3a d7 04 64 7f\ +b4 fe 9b 66 b1 a6 81 58 1b 0e 15 55 3a 89 b1 54\ +28 28 89 8f 27 24 3e ba b4 5f f5 e1 ac b9 d4 df\ +1b 05 1f bc 62 82 4d bc 6f 6c 93 26 1a 78 b9 a7\ +59 +ModPrime2PrivateExponent: \ +01 2d dc c8 6e f6 55 99 8c 39 dd ae 11 71 86 69\ +e5 e4 6c f1 49 5b 07 e1 3b 10 14 cd 69 b3 af 68\ +30 4a d2 a6 b6 43 21 e7 8b f3 bb ca 9b b4 94 e9\ +1d 45 17 17 e2 d9 75 64 c6 54 94 65 d0 20 5c f4\ +21 +MultiplicativeInverseOfPrime2ModPrime1: \ +01 06 00 c4 c2 18 47 45 9f e5 76 70 3e 2e be ca\ +e8 a5 09 4e e6 3f 53 6b f4 ac 68 d3 c1 3e 5e 4f\ +12 ac 5c c1 0a b6 a2 d0 5a 19 92 14 d1 82 47 47\ +d5 51 90 96 36 b7 74 c2 2c ac 0b 83 75 99 ab cc\ +75 +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 4.1 +Message: \ +9f b0 3b 82 7c 82 17 d9 +Salt: \ +ed 7c 98 c9 5f 30 97 4f be 4f bd dc f0 f2 8d 60\ +21 c0 e9 1d +Signature: \ +03 23 d5 b7 bf 20 ba 45 39 28 9a e4 52 ae 42 97\ +08 0f ef f4 51 84 23 ff 48 11 a8 17 83 7e 7d 82\ +f1 83 6c df ab 54 51 4f f0 88 7b dd ee bf 40 bf\ +99 b0 47 ab c3 ec fa 6a 37 a3 ef 00 f4 a0 c4 a8\ +8a ae 09 04 b7 45 c8 46 c4 10 7e 87 97 72 3e 8a\ +c8 10 d9 e3 d9 5d fa 30 ff 49 66 f4 d7 5d 13 76\ +8d 20 85 7f 2b 14 06 f2 64 cf e7 5e 27 d7 65 2f\ +4b 5e d3 57 5f 28 a7 02 f8 c4 ed 9c f9 b2 d4 49\ +48 +Test: Verify +Comment: RSASSA-PSS Signature Example 4.2 +Message: \ +0c a2 ad 77 79 7e ce 86 de 5b f7 68 75 0d db 5e\ +d6 a3 11 6a d9 9b bd 17 ed f7 f7 82 f0 db 1c d0\ +5b 0f 67 74 68 c5 ea 42 0d c1 16 b1 0e 80 d1 10\ +de 2b 04 61 ea 14 a3 8b e6 86 20 39 2e 7e 89 3c\ +b4 ea 93 93 fb 88 6c 20 ff 79 06 42 30 5b f3 02\ +00 38 92 e5 4d f9 f6 67 50 9d c5 39 20 df 58 3f\ +50 a3 dd 61 ab b6 fa b7 5d 60 03 77 e3 83 e6 ac\ +a6 71 0e ee a2 71 56 e0 67 52 c9 4c e2 5a e9 9f\ +cb f8 59 2d be 2d 7e 27 45 3c b4 4d e0 71 00 eb\ +b1 a2 a1 98 11 a4 78 ad be ab 27 0f 94 e8 fe 36\ +9d 90 b3 ca 61 2f 9f +Salt: \ +22 d7 1d 54 36 3a 42 17 aa 55 11 3f 05 9b 33 84\ +e3 e5 7e 44 +Signature: \ +04 9d 01 85 84 5a 26 4d 28 fe b1 e6 9e da ec 09\ +06 09 e8 e4 6d 93 ab b3 83 71 ce 51 f4 aa 65 a5\ +99 bd aa a8 1d 24 fb a6 6a 08 a1 16 cb 64 4f 3f\ +1e 65 3d 95 c8 9d b8 bb d5 da ac 27 09 c8 98 40\ +00 17 84 10 a7 c6 aa 86 67 dd c3 8c 74 1f 71 0e\ +c8 66 5a a9 05 2b e9 29 d4 e3 b1 67 82 c1 66 21\ +14 c5 41 4b b0 35 34 55 c3 92 fc 28 f3 db 59 05\ +4b 5f 36 5c 49 e1 d1 56 f8 76 ee 10 cb 4f d7 05\ +98 +Test: Verify +Comment: RSASSA-PSS Signature Example 4.3 +Message: \ +28 80 62 af c0 8f cd b7 c5 f8 65 0b 29 83 73 00\ +46 1d d5 67 6c 17 a2 0a 3c 8f b5 14 89 49 e3 f7\ +3d 66 b3 ae 82 c7 24 0e 27 c5 b3 ec 43 28 ee 7d\ +6d df 6a 6a 0c 9b 5b 15 bc da 19 6a 9d 0c 76 b1\ +19 d5 34 d8 5a bd 12 39 62 d5 83 b7 6c e9 d1 80\ +bc e1 ca +Salt: \ +4a f8 70 fb c6 51 60 12 ca 91 6c 70 ba 86 2a c7\ +e8 24 36 17 +Signature: \ +03 fb c4 10 a2 ce d5 95 00 fb 99 f9 e2 af 27 81\ +ad a7 4e 13 14 56 24 60 27 82 e2 99 48 13 ee fc\ +a0 51 9e cd 25 3b 85 5f b6 26 a9 0d 77 1e ae 02\ +8b 0c 47 a1 99 cb d9 f8 e3 26 97 34 af 41 63 59\ +90 90 71 3a 3f a9 10 fa 09 60 65 27 21 43 2b 97\ +10 36 a7 18 1a 2b c0 ca b4 3b 0b 59 8b c6 21 74\ +61 d7 db 30 5f f7 e9 54 c5 b5 bb 23 1c 39 e7 91\ +af 6b cf a7 6b 14 7b 08 13 21 f7 26 41 48 2a 2a\ +ad +Test: Verify +Comment: RSASSA-PSS Signature Example 4.4 +Message: \ +6f 4f 9a b9 50 11 99 ce f5 5c 6c f4 08 fe 7b 36\ +c5 57 c4 9d 42 0a 47 63 d2 46 3c 8a d4 4b 3c fc\ +5b e2 74 2c 0e 7d 9b 0f 66 08 f0 8c 7f 47 b6 93\ +ee +Salt: \ +40 d2 e1 80 fa e1 ea c4 39 c1 90 b5 6c 2c 0e 14\ +dd f9 a2 26 +Signature: \ +04 86 64 4b c6 6b f7 5d 28 33 5a 61 79 b1 08 51\ +f4 3f 09 bd ed 9f ac 1a f3 32 52 bb 99 53 ba 42\ +98 cd 64 66 b2 75 39 a7 0a da a3 f8 9b 3d b3 c7\ +4a b6 35 d1 22 f4 ee 7c e5 57 a6 1e 59 b8 2f fb\ +78 66 30 e5 f9 db 53 c7 7d 9a 0c 12 fa b5 95 8d\ +4c 2c e7 da a8 07 cd 89 ba 2c c7 fc d0 2f f4 70\ +ca 67 b2 29 fc ce 81 4c 85 2c 73 cc 93 be a3 5b\ +e6 84 59 ce 47 8e 9d 46 55 d1 21 c8 47 2f 37 1d\ +4f +Test: Verify +Comment: RSASSA-PSS Signature Example 4.5 +Message: \ +e1 7d 20 38 5d 50 19 55 82 3c 3f 66 62 54 c1 d3\ +dd 36 ad 51 68 b8 f1 8d 28 6f dc f6 7a 7d ad 94\ +09 70 85 fa b7 ed 86 fe 21 42 a2 87 71 71 79 97\ +ef 1a 7a 08 88 4e fc 39 35 6d 76 07 7a af 82 45\ +9a 7f ad 45 84 88 75 f2 81 9b 09 89 37 fe 92 3b\ +cc 9d c4 42 d7 2d 75 4d 81 20 25 09 0c 9b c0 3d\ +b3 08 0c 13 8d d6 3b 35 5d 0b 4b 85 d6 68 8a c1\ +9f 4d e1 50 84 a0 ba 4e 37 3b 93 ef 4a 55 50 96\ +69 19 15 dc 23 c0 0e 95 4c de b2 0a 47 cd 55 d1\ +6c 3d 86 81 d4 6e d7 f2 ed 5e a4 27 95 be 17 ba\ +ed 25 f0 f4 d1 13 b3 63 6a dd d5 85 f1 6a 8b 5a\ +ec 0c 8f a9 c5 f0 3c bf 3b 9b 73 +Salt: \ +24 97 dc 2b 46 15 df ae 5a 66 3d 49 ff d5 6b f7\ +ef c1 13 04 +Signature: \ +02 2a 80 04 53 53 90 4c b3 0c bb 54 2d 7d 49 90\ +42 1a 6e ec 16 a8 02 9a 84 22 ad fd 22 d6 af f8\ +c4 cc 02 94 af 11 0a 0c 06 7e c8 6a 7d 36 41 34\ +45 9b b1 ae 8f f8 36 d5 a8 a2 57 98 40 99 6b 32\ +0b 19 f1 3a 13 fa d3 78 d9 31 a6 56 25 da e2 73\ +9f 0c 53 67 0b 35 d9 d3 cb ac 08 e7 33 e4 ec 2b\ +83 af 4b 91 96 d6 3e 7c 4f f1 dd ea e2 a1 22 79\ +1a 12 5b fe a8 de b0 de 8c cf 1f 4f fa f6 e6 fb\ +0a +Test: Verify +Comment: RSASSA-PSS Signature Example 4.6 +Message: \ +af bc 19 d4 79 24 90 18 fd f4 e0 9f 61 87 26 44\ +04 95 de 11 dd ee e3 88 72 d7 75 fc ea 74 a2 38\ +96 b5 34 3c 9c 38 d4 6a f0 db a2 24 d0 47 58 0c\ +c6 0a 65 e9 39 1c f9 b5 9b 36 a8 60 59 8d 4e 82\ +16 72 2f 99 3b 91 cf ae 87 bc 25 5a f8 9a 6a 19\ +9b ca 4a 39 1e ad bc 3a 24 90 3c 0b d6 67 36 8f\ +6b e7 8e 3f ea bf b4 ff d4 63 12 27 63 74 0f fb\ +be fe ab 9a 25 56 4b c5 d1 c2 4c 93 e4 22 f7 50\ +73 e2 ad 72 bf 45 b1 0d f0 0b 52 a1 47 12 8e 73\ +fe e3 3f a3 f0 57 7d 77 f8 0f bc 2d f1 be d3 13\ +29 0c 12 77 7f 50 +Salt: \ +a3 34 db 6f ae bf 11 08 1a 04 f8 7c 2d 62 1c de\ +c7 93 0b 9b +Signature: \ +00 93 8d cb 6d 58 30 46 06 5f 69 c7 8d a7 a1 f1\ +75 70 66 a7 fa 75 12 5a 9d 29 29 f0 b7 9a 60 b6\ +27 b0 82 f1 1f 5b 19 6f 28 eb 9d aa 6f 21 c0 5e\ +51 40 f6 ae f1 73 7d 20 23 07 5c 05 ec f0 4a 02\ +8c 68 6a 2a b3 e7 d5 a0 66 4f 29 5c e1 29 95 e8\ +90 90 8b 6a d2 1f 08 39 eb 65 b7 03 93 a7 b5 af\ +d9 87 1d e0 ca a0 ce de c5 b8 19 62 67 56 20 9d\ +13 ab 1e 7b b9 54 6a 26 ff 37 e9 a5 1a f9 fd 56\ +2e +Test: Verify +Comment: Example 5: A 1028-bit RSA Key Pair +Modulus: \ +0d 10 f6 61 f2 99 40 f5 ed 39 aa 26 09 66 de b4\ +78 43 67 9d 2b 6f b2 5b 3d e3 70 f3 ac 7c 19 91\ +63 91 fd 25 fb 52 7e bf a6 a4 b4 df 45 a1 75 9d\ +99 6c 4b b4 eb d1 88 28 c4 4f c5 2d 01 91 87 17\ +40 52 5f 47 a4 b0 cc 8d a3 25 ed 8a a6 76 b0 d0\ +f6 26 e0 a7 7f 07 69 21 70 ac ac 80 82 f4 2f aa\ +7d c7 cd 12 3e 73 0e 31 a8 79 85 20 4c ab cb e6\ +67 0d 43 a2 dd 2b 2d de f5 e0 53 92 fc 21 3b c5\ +07 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +03 ce 08 b1 04 ff f3 96 a9 79 bd 3e 4e 46 92 5b\ +63 19 dd b6 3a cb cf d8 19 f1 7d 16 b8 07 7b 3a\ +87 10 1f f3 4b 77 fe 48 b8 b2 05 a9 6e 91 51 ba\ +8e ce a6 4d 0c ce 7b 23 c3 e6 a6 b8 30 58 bc 49\ +da e8 16 ae 73 6d b5 a4 70 8e 2a d4 35 23 2b 56\ +7f 90 96 ce 59 ff 28 06 1e 79 ab 1c 02 d7 17 e6\ +b2 3c ea 6d b8 eb 51 92 fa 7c 1e ab 22 7d ba 74\ +62 1c 45 60 18 96 ee f1 37 92 c8 44 0b eb 15 aa\ +c1 +Prime1: \ +03 f2 f3 31 f4 14 2d 4f 24 b4 3a a1 02 79 a8 96\ +52 d4 e7 53 72 21 a1 a7 b2 a2 5d eb 55 1e 5d e9\ +ac 49 74 11 c2 27 a9 4e 45 f9 1c 2d 1c 13 cc 04\ +6c f4 ce 14 e3 2d 05 87 34 21 0d 44 a8 7e e1 b7\ +3f +Prime2: \ +03 4f 09 0d 73 b5 58 03 03 0c f0 36 1a 5d 80 81\ +bf b7 9f 85 15 23 fe ac 0a 21 24 d0 8d 40 13 ff\ +08 48 77 71 a8 70 d0 47 9d c0 68 6c 62 f7 71 8d\ +fe cf 02 4b 17 c9 26 76 78 05 91 71 33 9c c0 08\ +39 +ModPrime1PrivateExponent: \ +02 aa 66 3a db f5 1a b8 87 a0 18 cb 42 6e 78 bc\ +2f e1 82 dc b2 f7 bc b5 04 41 d1 7f df 0f 06 79\ +8b 50 71 c6 e2 f5 fe b4 d5 4a d8 18 23 11 c1 ef\ +62 d4 c4 9f 18 d1 f5 1f 54 b2 d2 cf fb a4 da 1b\ +e5 +ModPrime2PrivateExponent: \ +02 bb e7 06 07 8b 5c 0b 39 15 12 d4 11 db 1b 19\ +9b 5a 56 64 b8 40 42 ea d3 7f e9 94 ae 72 b9 53\ +2d fb fb 3e 9e 69 81 a0 fb b8 06 51 31 41 b7 c2\ +16 3f e5 6c 39 5e 4b fa ee 57 e3 83 3f 9b 91 8d\ +f9 +MultiplicativeInverseOfPrime2ModPrime1: \ +02 42 b6 cd 00 d3 0a 76 7a ee 9a 89 8e ad 45 3c\ +8e ae a6 3d 50 0b 7d 1e 00 71 3e da e5 1c e3 6b\ +23 b6 64 df 26 e6 3e 26 6e c8 f7 6e 6e 63 ed 1b\ +a4 1e b0 33 b1 20 f7 ea 52 12 ae 21 a9 8f bc 16 +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 5.1 +Message: \ +30 c7 d5 57 45 8b 43 6d ec fd c1 4d 06 cb 7b 96\ +b0 67 18 c4 8d 7d e5 74 82 a8 68 ae 7f 06 58 70\ +a6 21 65 06 d1 1b 77 93 23 df df 04 6c f5 77 51\ +29 13 4b 4d 56 89 e4 d9 c0 ce 1e 12 d7 d4 b0 6c\ +b5 fc 58 20 de cf a4 1b af 59 bf 25 7b 32 f0 25\ +b7 67 9b 44 5b 94 99 c9 25 55 14 58 85 99 2f 1b\ +76 f8 48 91 ee 4d 3b e0 f5 15 0f d5 90 1e 3a 4c\ +8e d4 3f d3 6b 61 d0 22 e6 5a d5 00 8d bf 33 29\ +3c 22 bf bf d0 73 21 f0 f1 d5 fa 9f df 00 14 c2\ +fc b0 35 8a ad 0e 35 4b 0d 29 +Salt: \ +08 1b 23 3b 43 56 77 50 bd 6e 78 f3 96 a8 8b 9f\ +6a 44 51 51 +Signature: \ +0b a3 73 f7 6e 09 21 b7 0a 8f bf e6 22 f0 bf 77\ +b2 8a 3d b9 8e 36 10 51 c3 d7 cb 92 ad 04 52 91\ +5a 4d e9 c0 17 22 f6 82 3e eb 6a df 7e 0c a8 29\ +0f 5d e3 e5 49 89 0a c2 a3 c5 95 0a b2 17 ba 58\ +59 08 94 95 2d e9 6f 8d f1 11 b2 57 52 15 da 6c\ +16 15 90 c7 45 be 61 24 76 ee 57 8e d3 84 ab 33\ +e3 ec e9 74 81 a2 52 f5 c7 9a 98 b5 53 2a e0 0c\ +dd 62 f2 ec c0 cd 1b ae fe 80 d8 0b 96 21 93 ec\ +1d +Test: Verify +Comment: RSASSA-PSS Signature Example 5.2 +Message: \ +e7 b3 2e 15 56 ea 1b 27 95 04 6a c6 97 39 d2 2a\ +c8 96 6b f1 1c 11 6f 61 4b 16 67 40 e9 6b 90 65\ +3e 57 50 94 5f cf 77 21 86 c0 37 90 a0 7f da 32\ +3e 1a 61 91 6b 06 ee 21 57 db 3d ff 80 d6 7d 5e\ +39 a5 3a e2 68 c8 f0 9e d9 9a 73 20 05 b0 bc 6a\ +04 af 4e 08 d5 7a 00 e7 20 1b 30 60 ef aa db 73\ +11 3b fc 08 7f d8 37 09 3a a2 52 35 b8 c1 49 f5\ +62 15 f0 31 c2 4a d5 bd e7 f2 99 60 df 7d 52 40\ +70 f7 44 9c 6f 78 50 84 be 1a 0f 73 30 47 f3 36\ +f9 15 47 38 67 45 47 db 02 a9 f4 4d fc 6e 60 30\ +10 81 e1 ce 99 84 7f 3b 5b 60 1f f0 6b 4d 57 76\ +a9 74 0b 9a a0 d3 40 58 fd 3b 90 6e 4f 78 59 df\ +b0 7d 71 73 e5 e6 f6 35 0a da c2 1f 27 b2 30 74\ +69 +Salt: \ +bd 0c e1 95 49 d0 70 01 20 cb e5 10 77 db bb b0\ +0a 8d 8b 09 +Signature: \ +08 18 0d e8 25 e4 b8 b0 14 a3 2d a8 ba 76 15 55\ +92 12 04 f2 f9 0d 5f 24 b7 12 90 8f f8 4f 3e 22\ +0a d1 79 97 c0 dd 6e 70 66 30 ba 3e 84 ad d4 d5\ +e7 ab 00 4e 58 07 4b 54 97 09 56 5d 43 ad 9e 97\ +b5 a7 a1 a2 9e 85 b9 f9 0f 4a af cd f5 83 21 de\ +8c 59 74 ef 9a bf 2d 52 6f 33 c0 f2 f8 2e 95 d1\ +58 ea 6b 81 f1 73 6d b8 d1 af 3d 6a c6 a8 3b 32\ +d1 8b ae 0f f1 b2 fe 27 de 4c 76 ed 8c 79 80 a3\ +4e +Test: Verify +Comment: RSASSA-PSS Signature Example 5.3 +Message: \ +8d 83 96 e3 65 07 fe 1e f6 a1 90 17 54 8e 0c 71\ +66 74 c2 fe c2 33 ad b2 f7 75 66 5e c4 1f 2b d0\ +ba 39 6b 06 1a 9d aa 7e 86 6f 7c 23 fd 35 31 95\ +43 00 a3 42 f9 24 53 5e a1 49 8c 48 f6 c8 79 93\ +28 65 fc 02 00 0c 52 87 23 b7 ad 03 35 74 5b 51\ +20 9a 0a fe d9 32 af 8f 08 87 c2 19 00 4d 2a bd\ +89 4e a9 25 59 ee 31 98 af 3a 73 4f e9 b9 63 8c\ +26 3a 72 8a d9 5a 5a e8 ce 3e b1 58 39 f3 aa 78\ +52 bb 39 07 06 e7 76 0e 43 a7 12 91 a2 e3 f8 27\ +23 7d ed a8 51 87 4c 51 76 65 f5 45 f2 72 38 df\ +86 55 7f 37 5d 09 cc d8 bd 15 d8 cc f6 1f 5d 78\ +ca 5c 7f 5c de 78 2e 6b f5 d0 05 70 56 d4 ba d9\ +8b 3d 2f 95 75 e8 24 ab 7a 33 ff 57 b0 ac 10 0a\ +b0 d6 ea d7 aa 0b 50 f6 e4 d3 e5 ec 0b 96 6b +Salt: \ +81 57 79 a9 1b 3a 8b d0 49 bf 2a eb 92 01 42 77\ +22 22 c9 ca +Signature: \ +05 e0 fd bd f6 f7 56 ef 73 31 85 cc fa 8c ed 2e\ +b6 d0 29 d9 d5 6e 35 56 1b 5d b8 e7 02 57 ee 6f\ +d0 19 d2 f0 bb f6 69 fe 9b 98 21 e7 8d f6 d4 1e\ +31 60 8d 58 28 0f 31 8e e3 4f 55 99 41 c8 df 13\ +28 75 74 ba c0 00 b7 e5 8d c4 f4 14 ba 49 fb 12\ +7f 9d 0f 89 36 63 8c 76 e8 53 56 c9 94 f7 97 50\ +f7 fa 3c f4 fd 48 2d f7 5e 3f b9 97 8c d0 61 f7\ +ab b1 75 72 e6 e6 3e 0b de 12 cb dc f1 8c 68 b9\ +79 +Test: Verify +Comment: RSASSA-PSS Signature Example 5.4 +Message: \ +32 8c 65 9e 0a 64 37 43 3c ce b7 3c 14 +Salt: \ +9a ec 4a 74 80 d5 bb c4 29 20 d7 ca 23 5d b6 74\ +98 9c 9a ac +Signature: \ +0b c9 89 85 3b c2 ea 86 87 32 71 ce 18 3a 92 3a\ +b6 5e 8a 53 10 0e 6d f5 d8 7a 24 c4 19 4e b7 97\ +81 3e e2 a1 87 c0 97 dd 87 2d 59 1d a6 0c 56 86\ +05 dd 7e 74 2d 5a f4 e3 3b 11 67 8c cb 63 90 32\ +04 a3 d0 80 b0 90 2c 89 ab a8 86 8f 00 9c 0f 1c\ +0c b8 58 10 bb dd 29 12 1a bb 84 71 ff 2d 39 e4\ +9f d9 2d 56 c6 55 c8 e0 37 ad 18 fa fb dc 92 c9\ +58 63 f7 f6 1e a9 ef a2 8f ea 40 13 69 d1 9d ae\ +a1 +Test: Verify +Comment: RSASSA-PSS Signature Example 5.5 +Message: \ +f3 7b 96 23 79 a4 7d 41 5a 37 6e ec 89 73 15 0b\ +cb 34 ed d5 ab 65 40 41 b6 14 30 56 0c 21 44 58\ +2b a1 33 c8 67 d8 52 d6 b8 e2 33 21 90 13 02 ec\ +b4 5b 09 ec 88 b1 52 71 78 fa 04 32 63 f3 06 7d\ +9f fe 97 30 32 a9 9f 4c b0 8a d2 c7 e0 a2 45 6c\ +dd 57 a7 df 56 fe 60 53 52 7a 5a eb 67 d7 e5 52\ +06 3c 1c a9 7b 1b ef fa 7b 39 e9 97 ca f2 78 78\ +ea 0f 62 cb eb c8 c2 1d f4 c8 89 a2 02 85 1e 94\ +90 88 49 0c 24 9b 6e 9a cf 1d 80 63 f5 be 23 43\ +98 9b f9 5c 4d a0 1a 2b e7 8b 4a b6 b3 78 01 5b\ +c3 79 57 f7 69 48 b5 e5 8e 44 0c 28 45 3d 40 d7\ +cf d5 7e 7d 69 06 00 47 4a b5 e7 59 73 b1 ea 0c\ +5f 1e 45 d1 41 90 af e2 f4 eb 6d 3b df 71 f1 d2\ +f8 bb 15 6a 1c 29 5d 04 aa eb 9d 68 9d ce 79 ed\ +62 bc 44 3e +Salt: \ +e2 0c 1e 98 78 51 2c 39 97 0f 58 37 5e 15 49 a6\ +8b 64 f3 1d +Signature: \ +0a ef a9 43 b6 98 b9 60 9e df 89 8a d2 27 44 ac\ +28 dc 23 94 97 ce a3 69 cb bd 84 f6 5c 95 c0 ad\ +77 6b 59 47 40 16 4b 59 a7 39 c6 ff 7c 2f 07 c7\ +c0 77 a8 6d 95 23 8f e5 1e 1f cf 33 57 4a 4a e0\ +68 4b 42 a3 f6 bf 67 7d 91 82 0c a8 98 74 46 7b\ +2c 23 ad d7 79 69 c8 07 17 43 0d 0e fc 1d 36 95\ +89 2c e8 55 cb 7f 70 11 63 0f 4d f2 6d ef 8d df\ +36 fc 23 90 5f 57 fa 62 43 a4 85 c7 70 d5 68 1f\ +cd +Test: Verify +Comment: RSASSA-PSS Signature Example 5.6 +Message: \ +c6 10 3c 33 0c 1e f7 18 c1 41 e4 7b 8f a8 59 be\ +4d 5b 96 25 9e 7d 14 20 70 ec d4 85 83 9d ba 5a\ +83 69 c1 7c 11 14 03 5e 53 2d 19 5c 74 f4 4a 04\ +76 a2 d3 e8 a4 da 21 00 16 ca ce d0 e3 67 cb 86\ +77 10 a4 b5 aa 2d f2 b8 e5 da f5 fd c6 47 80 7d\ +4d 5e bb 6c 56 b9 76 3c cd ae 4d ea 33 08 eb 0a\ +c2 a8 95 01 cb 20 9d 26 39 fa 5b f8 7c e7 90 74\ +7d 3c b2 d2 95 e8 45 64 f2 f6 37 82 4f 0c 13 02\ +81 29 b0 aa 4a 42 2d 16 22 82 +Salt: \ +23 29 1e 4a 33 07 e8 bb b7 76 62 3a b3 4e 4a 5f\ +4c c8 a8 db +Signature: \ +02 80 2d cc fa 8d fa f5 27 9b f0 b4 a2 9b a1 b1\ +57 61 1f ae aa f4 19 b8 91 9d 15 94 19 00 c1 33\ +9e 7e 92 e6 fa e5 62 c5 3e 6c c8 e8 41 04 b1 10\ +bc e0 3a d1 85 25 e3 c4 9a 0e ad ad 5d 3f 28 f2\ +44 a8 ed 89 ed ba fb b6 86 27 7c fa 8a e9 09 71\ +4d 6b 28 f4 bf 8e 29 3a a0 4c 41 ef e7 c0 a8 12\ +66 d5 c0 61 e2 57 5b e0 32 aa 46 46 74 ff 71 62\ +62 19 bd 74 cc 45 f0 e7 ed 4e 3f f9 6e ee 75 8e\ +8f +Test: Verify +Comment: Example 6: A 1029-bit RSA Key Pair +Modulus: \ +16 4c a3 1c ff 60 9f 3a 0e 71 01 b0 39 f2 e4 fe\ +6d d3 75 19 ab 98 59 8d 17 9e 17 49 96 59 80 71\ +f4 7d 3a 04 55 91 58 d7 be 37 3c f1 aa 53 f0 aa\ +6e f0 90 39 e5 67 8c 2a 4c 63 90 05 14 c8 c4 f8\ +aa ed 5d e1 2a 5f 10 b0 9c 31 1a f8 c0 ff b5 b7\ +a2 97 f2 ef c6 3b 8d 6b 05 10 93 1f 0b 98 e4 8b\ +f5 fc 6e c4 e7 b8 db 1f fa eb 08 c3 8e 02 ad b8\ +f0 3a 48 22 9c 99 e9 69 43 1f 61 cb 8c 4d c6 98\ +d1 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +03 b6 64 ee 3b 75 66 72 3f c6 ea f2 8a bb 43 0a\ +39 80 f1 12 6c 81 de 8a d7 09 ea b3 9a c9 dc d0\ +b1 55 0b 37 29 d8 70 68 e9 52 00 9d f5 44 53 4c\ +1f 50 82 9a 78 f4 59 1e b8 fd 57 14 04 26 a6 bb\ +04 05 b6 a6 f5 1a 57 d9 26 7b 7b bc 65 33 91 a6\ +99 a2 a9 0d ac 8a e2 26 bc c6 0f a8 cd 93 4c 73\ +c7 b0 3b 1f 6b 81 81 58 63 18 38 a8 61 2e 6e 6e\ +a9 2b e2 4f 83 24 fa f5 b1 fd 85 87 22 52 67 ba\ +6f +Prime1: \ +04 f0 54 8c 96 26 ab 1e bf 12 44 93 47 41 d9 9a\ +06 22 0e fa 2a 58 56 aa 0e 75 73 0b 2e c9 6a dc\ +86 be 89 4f a2 80 3b 53 a5 e8 5d 27 6a cb d2 9a\ +b8 23 f8 0a 73 91 bb 54 a5 05 16 72 fb 04 ee b5\ +43 +Prime2: \ +04 83 e0 ae 47 91 55 87 74 3f f3 45 36 2b 55 5d\ +39 62 d9 8b b6 f1 5f 84 8b 4c 92 b1 77 1c a8 ed\ +10 7d 8d 3e e6 5e c4 45 17 dd 0f aa 48 1a 38 7e\ +90 2f 7a 2e 74 7c 26 9e 7e a4 44 80 bc 53 8b 8e\ +5b +ModPrime1PrivateExponent: \ +03 a8 e8 ae a9 92 0c 1a a3 b2 f0 d8 46 e4 b8 50\ +d8 1c a3 06 a5 1c 83 54 4f 94 9f 64 f9 0d cf 3f\ +8e 26 61 f0 7e 56 12 20 a1 80 38 8f be 27 3e 70\ +e2 e5 dc a8 3a 0e 13 48 dd 64 90 c7 31 d6 ec e1\ +ab +ModPrime2PrivateExponent: \ +01 35 bd cd b6 0b f2 19 7c 43 6e d3 4b 32 cd 8b\ +4f c7 77 78 83 2b a7 67 03 55 1f b2 42 b3 01 69\ +95 93 af 77 fd 8f c3 94 a8 52 6a d2 3c c4 1a 03\ +80 6b d8 97 fe 4b 0e a6 46 55 8a ad dc c9 9e 8a\ +25 +MultiplicativeInverseOfPrime2ModPrime1: \ +03 04 c0 3d 9c 73 65 03 a9 84 ab bd 9b a2 23 01\ +40 7c 4a 2a b1 dd 85 76 64 81 b6 0d 45 40 11 52\ +e6 92 be 14 f4 12 1d 9a a3 fd 6e 0b 4d 1d 3a 97\ +35 38 a3 1d 42 ee 6e 1e 5e f6 20 23 1a 2b ba f3\ +5f +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 6.1 +Message: \ +0a 20 b7 74 ad dc 2f a5 12 45 ed 7c b9 da 60 9e\ +50 ca c6 63 6a 52 54 3f 97 45 8e ed 73 40 f8 d5\ +3f fc 64 91 8f 94 90 78 ee 03 ef 60 d4 2b 5f ec\ +24 60 50 bd 55 05 cd 8c b5 97 ba d3 c4 e7 13 b0\ +ef 30 64 4e 76 ad ab b0 de 01 a1 56 1e fb 25 51\ +58 c7 4f c8 01 e6 e9 19 e5 81 b4 6f 0f 0d dd 08\ +e4 f3 4c 78 10 b5 ed 83 18 f9 1d 7c 8c +Salt: \ +5b 4e a2 ef 62 9c c2 2f 3b 53 8e 01 69 04 b4 7b\ +1e 40 bf d5 +Signature: \ +04 c0 cf ac ec 04 e5 ba db ec e1 59 a5 a1 10 3f\ +69 b3 f3 2b a5 93 cb 4c c4 b1 b7 ab 45 59 16 a9\ +6a 27 cd 26 78 ea 0f 46 ba 37 f7 fc 9c 86 32 5f\ +29 73 3b 38 9f 1d 97 f4 3e 72 01 c0 f3 48 fc 45\ +fe 42 89 23 35 36 2e ee 01 8b 5b 16 1f 2f 93 93\ +03 12 25 c7 13 01 2a 57 6b c8 8e 23 05 24 89 86\ +8d 90 10 cb f0 33 ec c5 68 e8 bc 15 2b dc 59 d5\ +60 e4 12 91 91 5d 28 56 52 08 e2 2a ee c9 ef 85\ +d1 +Test: Verify +Comment: RSASSA-PSS Signature Example 6.2 +Message: \ +2a af f6 63 1f 62 1c e6 15 76 0a 9e bc e9 4b b3\ +33 07 7a d8 64 88 c8 61 d4 b7 6d 29 c1 f4 87 46\ +c6 11 ae 1e 03 ce d4 44 5d 7c fa 1f e5 f6 2e 1b\ +3f 08 45 2b de 3b 6e f8 19 73 ba fb b5 7f 97 bc\ +ee f8 73 98 53 95 b8 26 05 89 aa 88 cb 7d b5 0a\ +b4 69 26 2e 55 1b dc d9 a5 6f 27 5a 0a c4 fe 48\ +47 00 c3 5f 3d bf 2b 46 9e de 86 47 41 b8 6f a5\ +91 72 a3 60 ba 95 a0 2e 13 9b e5 0d df b7 cf 0b\ +42 fa ea bb fb ba a8 6a 44 97 69 9c 4f 2d fd 5b\ +08 40 6a f7 e1 41 44 42 7c 25 3e c0 ef a2 0e af\ +9a 8b e8 cd 49 ce 1f 1b c4 e9 3e 61 9c f2 aa 8e\ +d4 fb 39 bc 85 90 d0 f7 b9 64 88 f7 31 7a c9 ab\ +f7 be e4 e3 a0 e7 15 +Salt: \ +83 14 6a 9e 78 27 22 c2 8b 01 4f 98 b4 26 7b da\ +2a c9 50 4f +Signature: \ +0a 23 14 25 0c f5 2b 6e 4e 90 8d e5 b3 56 46 bc\ +aa 24 36 1d a8 16 0f b0 f9 25 75 90 ab 3a ce 42\ +b0 dc 3e 77 ad 2d b7 c2 03 a2 0b d9 52 fb b5 6b\ +15 67 04 6e cf aa 93 3d 7b 10 00 c3 de 9f f0 5b\ +7d 98 9b a4 6f d4 3b c4 c2 d0 a3 98 6b 7f fa 13\ +47 1d 37 eb 5b 47 d6 47 07 bd 29 0c fd 6a 9f 39\ +3a d0 8e c1 e3 bd 71 bb 57 92 61 50 35 cd af 2d\ +89 29 ae d3 be 09 83 79 37 7e 77 7c e7 9a aa 47\ +73 +Test: Verify +Comment: RSASSA-PSS Signature Example 6.3 +Message: \ +0f 61 95 d0 4a 6e 6f c7 e2 c9 60 0d bf 84 0c 39\ +ea 8d 4d 62 4f d5 35 07 01 6b 0e 26 85 8a 5e 0a\ +ec d7 ad a5 43 ae 5c 0a b3 a6 25 99 cb a0 a5 4e\ +6b f4 46 e2 62 f9 89 97 8f 9d df 5e 9a 41 +Salt: \ +a8 7b 8a ed 07 d7 b8 e2 da f1 4d dc a4 ac 68 c4\ +d0 aa bf f8 +Signature: \ +08 6d f6 b5 00 09 8c 12 0f 24 ff 84 23 f7 27 d9\ +c6 1a 5c 90 07 d3 b6 a3 1c e7 cf 8f 3c be c1 a2\ +6b b2 0e 2b d4 a0 46 79 32 99 e0 3e 37 a2 1b 40\ +19 4f b0 45 f9 0b 18 bf 20 a4 79 92 cc d7 99 cf\ +9c 05 9c 29 9c 05 26 85 49 54 aa de 8a 6a d9 d9\ +7e c9 1a 11 45 38 3f 42 46 8b 23 1f 4d 72 f2 37\ +06 d9 85 3c 3f a4 3c e8 ac e8 bf e7 48 49 87 a1\ +ec 6a 16 c8 da f8 1f 7c 8b f4 27 74 70 7a 9d f4\ +56 +Test: Verify +Comment: RSASSA-PSS Signature Example 6.4 +Message: \ +33 7d 25 fe 98 10 eb ca 0d e4 d4 65 8d 3c eb 8e\ +0f e4 c0 66 ab a3 bc c4 8b 10 5d 3b f7 e0 25 7d\ +44 fe ce a6 59 6f 4d 0c 59 a0 84 02 83 36 78 f7\ +06 20 f9 13 8d fe b7 de d9 05 e4 a6 d5 f0 5c 47\ +3d 55 93 66 52 e2 a5 df 43 c0 cf da 7b ac af 30\ +87 f4 52 4b 06 cf 42 15 7d 01 53 97 39 f7 fd de\ +c9 d5 81 25 df 31 a3 2e ab 06 c1 9b 71 f1 d5 bf +Salt: \ +a3 79 32 f8 a7 49 4a 94 2d 6f 76 74 38 e7 24 d6\ +d0 c0 ef 18 +Signature: \ +0b 5b 11 ad 54 98 63 ff a9 c5 1a 14 a1 10 6c 2a\ +72 cc 8b 64 6e 5c 72 62 50 97 86 10 5a 98 47 76\ +53 4c a9 b5 4c 1c c6 4b f2 d5 a4 4f d7 e8 a6 9d\ +b6 99 d5 ea 52 08 7a 47 48 fd 2a bc 1a fe d1 e5\ +d6 f7 c8 90 25 53 0b da a2 21 3d 7e 03 0f a5 5d\ +f6 f3 4b cf 1c e4 6d 2e df 4e 3a e4 f3 b0 18 91\ +a0 68 c9 e3 a4 4b bc 43 13 3e da d6 ec b9 f3 54\ +00 c4 25 2a 57 62 d6 57 44 b9 9c b9 f4 c5 59 32\ +9f +Test: Verify +Comment: RSASSA-PSS Signature Example 6.5 +Message: \ +84 ec 50 2b 07 2e 82 87 78 9d 8f 92 35 82 9e a3\ +b1 87 af d4 d4 c7 85 61 1b da 5f 9e b3 cb 96 71\ +7e fa 70 07 22 7f 1c 08 cb cb 97 2e 66 72 35 e0\ +fb 7d 43 1a 65 70 32 6d 2e cc e3 5a db 37 3d c7\ +53 b3 be 5f 82 9b 89 17 54 93 19 3f ab 16 ba db\ +41 37 1b 3a ac 0a e6 70 07 6f 24 be f4 20 c1 35\ +ad d7 ce e8 d3 5f bc 94 4d 79 fa fb 9e 30 7a 13\ +b0 f5 56 cb 65 4a 06 f9 73 ed 22 67 23 30 19 7e\ +f5 a7 48 bf 82 6a 5d b2 38 3a 25 36 4b 68 6b 93\ +72 bb 23 39 ae b1 ac 9e 98 89 32 7d 01 6f 16 70\ +77 6d b0 62 01 ad bd ca f8 a5 e3 b7 4e 10 8b 73 +Salt: \ +7b 79 0c 1d 62 f7 b8 4e 94 df 6a f2 89 17 cf 57\ +10 18 11 0e +Signature: \ +02 d7 1f a9 b5 3e 46 54 fe fb 7f 08 38 5c f6 b0\ +ae 3a 81 79 42 eb f6 6c 35 ac 67 f0 b0 69 95 2a\ +3c e9 c7 e1 f1 b0 2e 48 0a 95 00 83 6d e5 d6 4c\ +db 7e cd e0 45 42 f7 a7 99 88 78 7e 24 c2 ba 05\ +f5 fd 48 2c 02 3e d5 c3 0e 04 83 9d c4 4b ed 2a\ +3a 3a 4f ee 01 11 3c 89 1a 47 d3 2e b8 02 5c 28\ +cb 05 0b 5c db 57 6c 70 fe 76 ef 52 34 05 c0 84\ +17 fa f3 50 b0 37 a4 3c 37 93 39 fc b1 8d 3a 35\ +6b +Test: Verify +Comment: RSASSA-PSS Signature Example 6.6 +Message: \ +99 06 d8 9f 97 a9 fd ed d3 cc d8 24 db 68 73 26\ +f3 0f 00 aa 25 a7 fc a2 af cb 3b 0f 86 cd 41 e7\ +3f 0e 8f f7 d2 d8 3f 59 e2 8e d3 1a 5a 0d 55 15\ +23 37 4d e2 2e 4c 7e 8f f5 68 b3 86 ee 3d c4 11\ +63 f1 0b f6 7b b0 06 26 1c 90 82 f9 af 90 bf 1d\ +90 49 a6 b9 fa e7 1c 7f 84 fb e6 e5 5f 02 78 9d\ +e7 74 f2 30 f1 15 02 6a 4b 4e 96 c5 5b 04 a9 5d\ +a3 aa cb b2 ce ce 8f 81 76 4a 1f 1c 99 51 54 11\ +08 7c f7 d3 4a ed ed 09 32 c1 83 +Salt: \ +fb be 05 90 25 b6 9b 89 fb 14 ae 22 89 e7 aa af\ +e6 0c 0f cd +Signature: \ +0a 40 a1 6e 2f e2 b3 8d 1d f9 05 46 16 7c f9 46\ +9c 9e 3c 36 81 a3 44 2b 4b 2c 2f 58 1d eb 38 5c\ +e9 9f c6 18 8b b0 2a 84 1d 56 e7 6d 30 18 91 e2\ +45 60 55 0f cc 2a 26 b5 5f 4c cb 26 d8 37 d3 50\ +a1 54 bc ac a8 39 2d 98 fa 67 95 9e 97 27 b7 8c\ +ad 03 26 9f 56 96 8f c5 6b 68 bd 67 99 26 d8 3c\ +c9 cb 21 55 50 64 5c cd a3 1c 76 0f f3 58 88 94\ +3d 2d 8a 1d 35 1e 81 e5 d0 7b 86 18 2e 75 10 81\ +ef +Test: Verify +Comment: Example 7: A 1030-bit RSA Key Pair +Modulus: \ +37 c9 da 4a 66 c8 c4 08 b8 da 27 d0 c9 d7 9f 8c\ +cb 1e af c1 d2 fe 48 74 6d 94 0b 7c 4e f5 de e1\ +8a d1 26 47 ce fa a0 c4 b3 18 8b 22 1c 51 53 86\ +75 9b 93 f0 20 24 b2 5a b9 24 2f 83 57 d8 f3 fd\ +49 64 0e e5 e6 43 ea f6 c6 4d ee fa 70 89 72 7c\ +8f f0 39 93 33 39 15 c6 ef 21 bf 59 75 b6 e5 0d\ +11 8b 51 00 8e c3 3e 9f 01 a0 a5 45 a1 0a 83 6a\ +43 dd bc a9 d8 b5 c5 d3 54 80 22 d7 06 4e a2 9a\ +b3 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +3b ed 99 90 52 d9 57 bc 06 d6 51 ee f6 e3 a9 80\ +94 b1 62 1b d3 8b 54 49 bd 6c 4a ea 3d e7 e0 84\ +67 9a 44 84 de d2 5b e0 f0 82 6c f3 37 78 25 41\ +4b 14 d4 d6 1d b1 4d e6 26 fb b8 0e 5f 4f ae c9\ +56 f9 a0 a2 d2 4f 99 57 63 80 f0 84 eb 62 e4 6a\ +57 d5 54 27 8b 53 56 26 19 3c e0 20 60 57 5e b6\ +6c 57 98 d3 6f 6c 5d 40 fb 00 d8 09 b4 2a 73 10\ +2c 1c 74 ee 95 bd 71 42 0f ff ef 63 18 b5 2c 29 +Prime1: \ +07 ee fb 42 4b 0e 3a 40 e4 20 8e e5 af b2 80 b2\ +23 17 30 81 14 dd e0 b4 b6 4f 73 01 84 ec 68 da\ +6c e2 86 7a 9f 48 ed 77 26 d5 e2 61 4e d0 4a 54\ +10 73 6c 8c 71 4e e7 02 47 42 98 c6 29 2a f0 75\ +35 +Prime2: \ +07 08 30 db f9 47 ea c0 22 8d e2 63 14 b5 9b 66\ +99 4c c6 0e 83 60 e7 5d 38 76 29 8f 8f 8a 7d 14\ +1d a0 64 e5 ca 02 6a 97 3e 28 f2 54 73 8c ee 66\ +9c 72 1b 03 4c b5 f8 e2 44 da dd 7c d1 e1 59 d5\ +47 +ModPrime1PrivateExponent: \ +05 24 d2 0c 3d 95 cf f7 5a f2 31 34 83 22 7d 87\ +02 71 7a a5 76 de 15 5f 96 05 15 50 1a db 1d 70\ +e1 c0 4d e9 1b 75 b1 61 db f0 39 83 56 12 7e de\ +da 7b bc 19 a3 2d c1 62 1c c9 f5 3c 26 5d 0c e3\ +31 +ModPrime2PrivateExponent: \ +05 f9 84 a1 f2 3c 93 8d 6a 0e 89 72 4b cf 3d d9\ +3f 99 46 92 60 37 fe 7c 6b 13 a2 9e 52 84 85 5f\ +89 08 95 91 d4 40 97 56 27 bf 5c 9e 3a 8b 5c a7\ +9c 77 2a d2 73 e4 0d 32 1a f4 a6 c9 7d fd ed 78\ +d3 +MultiplicativeInverseOfPrime2ModPrime1: \ +dd d9 18 ad ad a2 9d ca b9 81 ff 9a cb a4 25 70\ +23 c0 9a 38 01 cc ce 09 8c e2 68 f8 55 d0 df 57\ +0c d6 e7 b9 b1 4b d9 a5 a9 25 4c bc 31 5b e6 f8\ +ba 1e 25 46 dd d5 69 c5 ea 19 ee d8 35 3b de 5e +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 7.1 +Message: \ +9e ad 0e 01 94 56 40 67 4e b4 1c ad 43 5e 23 74\ +ea ef a8 ad 71 97 d9 79 13 c4 49 57 d8 d8 3f 40\ +d7 6e e6 0e 39 bf 9c 0f 9e af 30 21 42 1a 07 4d\ +1a de 96 2c 6e 9d 3d c3 bb 17 4f e4 df e6 52 b0\ +91 15 49 5b 8f d2 79 41 74 02 0a 06 02 b5 ca 51\ +84 8c fc 96 ce 5e b5 7f c0 a2 ad c1 dd a3 6a 7c\ +c4 52 64 1a 14 91 1b 37 e4 5b fa 11 da a5 c7 ec\ +db 74 f6 d0 10 0d 1d 3e 39 e7 52 80 0e 20 33 97\ +de 02 33 07 7b 9a 88 85 55 37 fa e9 27 f9 24 38\ +0d 78 0f 98 e1 8d cf f3 9c 5e a7 41 b1 7d 6f dd\ +18 85 bc 9d 58 14 82 d7 71 ce b5 62 d7 8a 8b f8\ +8f 0c 75 b1 13 63 e5 e3 6c d4 79 ce b0 54 5f 9d\ +a8 42 03 e0 e6 e5 08 37 5c c9 e8 44 b8 8b 7a c7\ +a0 a2 01 ea 0f 1b ee 9a 2c 57 79 20 ca 02 c0 1b\ +9d 83 20 e9 74 a5 6f 4e fb 57 63 b9 62 55 ab bf\ +80 37 bf 18 02 cf 01 8f 56 37 94 93 e5 69 a9 +Salt: \ +b7 86 7a 59 95 8c b5 43 28 f8 77 5e 65 46 ec 06\ +d2 7e aa 50 +Signature: \ +18 7f 39 07 23 c8 90 25 91 f0 15 4b ae 6d 4e cb\ +ff e0 67 f0 e8 b7 95 47 6e a4 f4 d5 1c cc 81 05\ +20 bb 3c a9 bc a7 d0 b1 f2 ea 8a 17 d8 73 fa 27\ +57 0a cd 64 2e 38 08 56 1c b9 e9 75 cc fd 80 b2\ +3d c5 77 1c db 33 06 a5 f2 31 59 da cb d3 aa 2d\ +b9 3d 46 d7 66 e0 9e d1 5d 90 0a d8 97 a8 d2 74\ +dc 26 b4 7e 99 4a 27 e9 7e 22 68 a7 66 53 3a e4\ +b5 e4 2a 2f ca f7 55 c1 c4 79 4b 29 4c 60 55 58\ +23 +Test: Verify +Comment: RSASSA-PSS Signature Example 7.2 +Message: \ +8d 80 d2 d0 8d bd 19 c1 54 df 3f 14 67 3a 14 bd\ +03 73 52 31 f2 4e 86 bf 15 3d 0e 69 e7 4c bf f7\ +b1 83 6e 66 4d e8 3f 68 01 24 37 0f c0 f9 6c 9b\ +65 c0 7a 36 6b 64 4c 4a b3 +Salt: \ +0c 09 58 22 66 df 08 63 10 82 1b a7 e1 8d f6 4d\ +fe e6 de 09 +Signature: \ +10 fd 89 76 8a 60 a6 77 88 ab b5 85 6a 78 7c 85\ +61 f3 ed cf 9a 83 e8 98 f7 dc 87 ab 8c ce 79 42\ +9b 43 e5 69 06 94 1a 88 61 94 f1 37 e5 91 fe 7c\ +33 95 55 36 1f bb e1 f2 4f eb 2d 4b cd b8 06 01\ +f3 09 6b c9 13 2d ee a6 0a e1 30 82 f4 4f 9a d4\ +1c d6 28 93 6a 4d 51 17 6e 42 fc 59 cb 76 db 81\ +5c e5 ab 4d b9 9a 10 4a af ea 68 f5 d3 30 32 9e\ +bf 25 8d 4e de 16 06 4b d1 d0 03 93 d5 e1 57 0e\ +b8 +Test: Verify +Comment: RSASSA-PSS Signature Example 7.3 +Message: \ +80 84 05 cd fc 1a 58 b9 bb 03 97 c7 20 72 2a 81\ +ff fb 76 27 8f 33 59 17 ef 9c 47 38 14 b3 e0 16\ +ba 29 73 cd 27 65 f8 f3 f8 2d 6c c3 8a a7 f8 55\ +18 27 fe 8d 1e 38 84 b7 e6 1c 94 68 3b 8f 82 f1\ +84 3b da e2 25 7e ee c9 81 2a d4 c2 cf 28 3c 34\ +e0 b0 ae 0f e3 cb 99 0c f8 8f 2e f9 +Salt: \ +28 03 9d cf e1 06 d3 b8 29 66 11 25 8c 4a 56 65\ +1c 9e 92 dd +Signature: \ +2b 31 fd e9 98 59 b9 77 aa 09 58 6d 8e 27 46 62\ +b2 5a 2a 64 06 40 b4 57 f5 94 05 1c b1 e7 f7 a9\ +11 86 54 55 24 29 26 cf 88 fe 80 df a3 a7 5b a9\ +68 98 44 a1 1e 63 4a 82 b0 75 af bd 69 c1 2a 0d\ +f9 d2 5f 84 ad 49 45 df 3d c8 fe 90 c3 ce fd f2\ +6e 95 f0 53 43 04 b5 bd ba 20 d3 e5 64 0a 2e bf\ +b8 98 aa c3 5a e4 0f 26 fc e5 56 3c 2f 9f 24 f3\ +04 2a f7 6f 3c 70 72 d6 87 bb fb 95 9a 88 46 0a\ +f1 +Test: Verify +Comment: RSASSA-PSS Signature Example 7.4 +Message: \ +f3 37 b9 ba d9 37 de 22 a1 a0 52 df f1 11 34 a8\ +ce 26 97 62 02 98 19 39 b9 1e 07 15 ae 5e 60 96\ +49 da 1a df ce f3 f4 cc a5 9b 23 83 60 e7 d1 e4\ +96 c7 bf 4b 20 4b 5a cf f9 bb d6 16 6a 1d 87 a3\ +6e f2 24 73 73 75 10 39 f8 a8 00 b8 39 98 07 b3\ +a8 5f 44 89 34 97 c0 d0 5f b7 01 7b 82 22 81 52\ +de 6f 25 e6 11 6d cc 75 03 c7 86 c8 75 c2 8f 3a\ +a6 07 e9 4a b0 f1 98 63 ab 1b 50 73 77 0b 0c d5\ +f5 33 ac de 30 c6 fb 95 3c f3 da 68 02 64 e3 0f\ +c1 1b ff 9a 19 bf fa b4 77 9b 62 23 c3 fb 3f e0\ +f7 1a ba de 4e b7 c0 9c 41 e2 4c 22 d2 3f a1 48\ +e6 a1 73 fe b6 39 84 d1 bc 6e e3 a0 2d 91 5b 75\ +2c ea f9 2a 30 15 ec eb 38 ca 58 6c 68 01 b3 7c\ +34 ce fb 2c ff 25 ea 23 c0 86 62 dc ab 26 a7 a9\ +3a 28 5d 05 d3 04 4c +Salt: \ +a7 78 21 eb bb ef 24 62 8e 4e 12 e1 d0 ea 96 de\ +39 8f 7b 0f +Signature: \ +32 c7 ca 38 ff 26 94 9a 15 00 0c 4b a0 4b 2b 13\ +b3 5a 38 10 e5 68 18 4d 7e ca ba a1 66 b7 ff ab\ +dd f2 b6 cf 4b a0 71 24 92 37 90 f2 e5 b1 a5 be\ +04 0a ea 36 fe 13 2e c1 30 e1 f1 05 67 98 2d 17\ +ac 3e 89 b8 d2 6c 30 94 03 4e 76 2d 2e 03 12 64\ +f0 11 70 be ec b3 d1 43 9e 05 84 6f 25 45 83 67\ +a7 d9 c0 20 60 44 46 72 67 1e 64 e8 77 86 45 59\ +ca 19 b2 07 4d 58 8a 28 1b 58 04 d2 37 72 fb be\ +19 +Test: Verify +Comment: RSASSA-PSS Signature Example 7.5 +Message: \ +45 01 3c eb af d9 60 b2 55 47 6a 8e 25 98 b9 aa\ +32 ef be 6d c1 f3 4f 4a 49 8d 8c f5 a2 b4 54 8d\ +08 c5 5d 5f 95 f7 bc c9 61 91 63 05 6f 2d 58 b5\ +2f a0 32 +Salt: \ +9d 5a d8 eb 45 21 34 b6 5d c3 a9 8b 6a 73 b5 f7\ +41 60 9c d6 +Signature: \ +07 eb 65 1d 75 f1 b5 2b c2 63 b2 e1 98 33 6e 99\ +fb eb c4 f3 32 04 9a 92 2a 10 81 56 07 ee 2d 98\ +9d b3 a4 49 5b 7d cc d3 8f 58 a2 11 fb 7e 19 31\ +71 a3 d8 91 13 24 37 eb ca 44 f3 18 b2 80 50 9e\ +52 b5 fa 98 fc ce 82 05 d9 69 7c 8e e4 b7 ff 59\ +d4 c5 9c 79 03 8a 19 70 bd 2a 0d 45 1e cd c5 ef\ +11 d9 97 9c 9d 35 f8 c7 0a 61 63 71 76 07 89 0d\ +58 6a 7c 6d c0 1c 79 f8 6a 8f 28 e8 52 35 f8 c2\ +f1 +Test: Verify +Comment: RSASSA-PSS Signature Example 7.6 +Message: \ +23 58 09 70 86 c8 99 32 3e 75 d9 c9 0d 0c 09 f1\ +2d 9d 54 ed fb df 70 a9 c2 eb 5a 04 d8 f3 6b 9b\ +2b df 2a ab e0 a5 bd a1 96 89 37 f9 d6 eb d3 b6\ +b2 57 ef b3 13 6d 41 31 f9 ac b5 9b 85 e2 60 2c\ +2a 3f cd c8 35 49 4a 1f 4e 5e c1 8b 22 6c 80 23\ +2b 36 a7 5a 45 fd f0 9a 7e a9 e9 8e fb de 14 50\ +d1 19 4b f1 2e 15 a4 c5 f9 eb 5c 0b ce 52 69 e0\ +c3 b2 8c fa b6 55 d8 1a 61 a2 0b 4b e2 f5 44 59\ +bb 25 a0 db 94 c5 22 18 be 10 9a 74 26 de 83 01\ +44 24 78 9a aa 90 e5 05 6e 63 2a 69 81 15 e2 82\ +c1 a5 64 10 f2 6c 20 72 f1 93 48 1a 9d cd 88 05\ +72 00 5e 64 f4 08 2e cf +Salt: \ +3f 2e fc 59 58 80 a7 d4 7f cf 3c ba 04 98 3e a5\ +4c 4b 73 fb +Signature: \ +18 da 3c dc fe 79 bf b7 7f d9 c3 2f 37 7a d3 99\ +14 6f 0a 8e 81 06 20 23 32 71 a6 e3 ed 32 48 90\ +3f 5c dc 92 dc 79 b5 5d 3e 11 61 5a a0 56 a7 95\ +85 37 92 a3 99 8c 34 9c a5 c4 57 e8 ca 7d 29 d7\ +96 aa 24 f8 34 91 70 9b ef cf b1 51 0e a5 13 c9\ +28 29 a3 f0 0b 10 4f 65 56 34 f3 20 75 2e 13 0e\ +c0 cc f6 75 4f f8 93 db 30 29 32 bb 02 5e b6 0e\ +87 82 25 98 fc 61 9e 0e 98 17 37 a9 a4 c4 15 2d\ +33 +Test: Verify +Comment: Example 8: A 1031-bit RSA Key Pair +Modulus: \ +49 53 70 a1 fb 18 54 3c 16 d3 63 1e 31 63 25 5d\ +f6 2b e6 ee e8 90 d5 f2 55 09 e4 f7 78 a8 ea 6f\ +bb bc df 85 df f6 4e 0d 97 20 03 ab 36 81 fb ba\ +6d d4 1f d5 41 82 9b 2e 58 2d e9 f2 a4 a4 e0 a2\ +d0 90 0b ef 47 53 db 3c ee 0e e0 6c 7d fa e8 b1\ +d5 3b 59 53 21 8f 9c ce ea 69 5b 08 66 8e de aa\ +dc ed 94 63 b1 d7 90 d5 eb f2 7e 91 15 b4 6c ad\ +4d 9a 2b 8e fa b0 56 1b 08 10 34 47 39 ad a0 73\ +3f +PublicExponent: \ +01 00 01 +PrivateExponent: \ +6c 66 ff e9 89 80 c3 8f cd ea b5 15 98 98 83 61\ +65 f4 b4 b8 17 c4 f6 a8 d4 86 ee 4e a9 13 0f e9\ +b9 09 2b d1 36 d1 84 f9 5f 50 4a 60 7e ac 56 58\ +46 d2 fd d6 59 7a 89 67 c7 39 6e f9 5a 6e ee bb\ +45 78 a6 43 96 6d ca 4d 8e e3 de 84 2d e6 32 79\ +c6 18 15 9c 1a b5 4a 89 43 7b 6a 61 20 e4 93 0a\ +fb 52 a4 ba 6c ed 8a 49 47 ac 64 b3 0a 34 97 cb\ +e7 01 c2 d6 26 6d 51 72 19 ad 0e c6 d3 47 db e9 +Prime1: \ +08 da d7 f1 13 63 fa a6 23 d5 d6 d5 e8 a3 19 32\ +8d 82 19 0d 71 27 d2 84 6c 43 9b 0a b7 26 19 b0\ +a4 3a 95 32 0e 4e c3 4f c3 a9 ce a8 76 42 23 05\ +bd 76 c5 ba 7b e9 e2 f4 10 c8 06 06 45 a1 d2 9e\ +db +Prime2: \ +08 47 e7 32 37 6f c7 90 0f 89 8e a8 2e b2 b0 fc\ +41 85 65 fd ae 62 f7 d9 ec 4c e2 21 7b 97 99 0d\ +d2 72 db 15 7f 99 f6 3c 0d cb b9 fb ac db d4 c4\ +da db 6d f6 77 56 35 8c a4 17 48 25 b4 8f 49 70\ +6d +ModPrime1PrivateExponent: \ +05 c2 a8 3c 12 4b 36 21 a2 aa 57 ea 2c 3e fe 03\ +5e ff 45 60 f3 3d de bb 7a da b8 1f ce 69 a0 c8\ +c2 ed c1 65 20 dd a8 3d 59 a2 3b e8 67 96 3a c6\ +5f 2c c7 10 bb cf b9 6e e1 03 de b7 71 d1 05 fd\ +85 +ModPrime2PrivateExponent: \ +04 ca e8 aa 0d 9f aa 16 5c 87 b6 82 ec 14 0b 8e\ +d3 b5 0b 24 59 4b 7a 3b 2c 22 0b 36 69 bb 81 9f\ +98 4f 55 31 0a 1a e7 82 36 51 d4 a0 2e 99 44 79\ +72 59 51 39 36 34 34 e5 e3 0a 7e 7d 24 15 51 e1\ +b9 +MultiplicativeInverseOfPrime2ModPrime1: \ +07 d3 e4 7b f6 86 60 0b 11 ac 28 3c e8 8d bb 3f\ +60 51 e8 ef d0 46 80 e4 4c 17 1e f5 31 b8 0b 2b\ +7c 39 fc 76 63 20 e2 cf 15 d8 d9 98 20 e9 6f f3\ +0d c6 96 91 83 9c 4b 40 d7 b0 6e 45 30 7d c9 1f\ +3f +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 8.1 +Message: \ +81 33 2f 4b e6 29 48 41 5e a1 d8 99 79 2e ea cf\ +6c 6e 1d b1 da 8b e1 3b 5c ea 41 db 2f ed 46 70\ +92 e1 ff 39 89 14 c7 14 25 97 75 f5 95 f8 54 7f\ +73 56 92 a5 75 e6 92 3a f7 8f 22 c6 99 7d db 90\ +fb 6f 72 d7 bb 0d d5 74 4a 31 de cd 3d c3 68 58\ +49 83 6e d3 4a ec 59 63 04 ad 11 84 3c 4f 88 48\ +9f 20 97 35 f5 fb 7f da f7 ce c8 ad dc 58 18 16\ +8f 88 0a cb f4 90 d5 10 05 b7 a8 e8 4e 43 e5 42\ +87 97 75 71 dd 99 ee a4 b1 61 eb 2d f1 f5 10 8f\ +12 a4 14 2a 83 32 2e db 05 a7 54 87 a3 43 5c 9a\ +78 ce 53 ed 93 bc 55 08 57 d7 a9 fb +Salt: \ +1d 65 49 1d 79 c8 64 b3 73 00 9b e6 f6 f2 46 7b\ +ac 4c 78 fa +Signature: \ +02 62 ac 25 4b fa 77 f3 c1 ac a2 2c 51 79 f8 f0\ +40 42 2b 3c 5b af d4 0a 8f 21 cf 0f a5 a6 67 cc\ +d5 99 3d 42 db af b4 09 c5 20 e2 5f ce 2b 1e e1\ +e7 16 57 7f 1e fa 17 f3 da 28 05 2f 40 f0 41 9b\ +23 10 6d 78 45 aa f0 11 25 b6 98 e7 a4 df e9 2d\ +39 67 bb 00 c4 d0 d3 5b a3 55 2a b9 a8 b3 ee f0\ +7c 7f ec db c5 42 4a c4 db 1e 20 cb 37 d0 b2 74\ +47 69 94 0e a9 07 e1 7f bb ca 67 3b 20 52 23 80\ +c5 +Test: Verify +Comment: RSASSA-PSS Signature Example 8.2 +Message: \ +e2 f9 6e af 0e 05 e7 ba 32 6e cc a0 ba 7f d2 f7\ +c0 23 56 f3 ce de 9d 0f aa bf 4f cc 8e 60 a9 73\ +e5 59 5f d9 ea 08 +Salt: \ +43 5c 09 8a a9 90 9e b2 37 7f 12 48 b0 91 b6 89\ +87 ff 18 38 +Signature: \ +27 07 b9 ad 51 15 c5 8c 94 e9 32 e8 ec 0a 28 0f\ +56 33 9e 44 a1 b5 8d 4d dc ff 2f 31 2e 5f 34 dc\ +fe 39 e8 9c 6a 94 dc ee 86 db bd ae 5b 79 ba 4e\ +08 19 a9 e7 bf d9 d9 82 e7 ee 6c 86 ee 68 39 6e\ +8b 3a 14 c9 c8 f3 4b 17 8e b7 41 f9 d3 f1 21 10\ +9b f5 c8 17 2f ad a2 e7 68 f9 ea 14 33 03 2c 00\ +4a 8a a0 7e b9 90 00 0a 48 dc 94 c8 ba c8 aa be\ +2b 09 b1 aa 46 c0 a2 aa 0e 12 f6 3f bb a7 75 ba\ +7e +Test: Verify +Comment: RSASSA-PSS Signature Example 8.3 +Message: \ +e3 5c 6e d9 8f 64 a6 d5 a6 48 fc ab 8a db 16 33\ +1d b3 2e 5d 15 c7 4a 40 ed f9 4c 3d c4 a4 de 79\ +2d 19 08 89 f2 0f 1e 24 ed 12 05 4a 6b 28 79 8f\ +cb 42 d1 c5 48 76 9b 73 4c 96 37 31 42 09 2a ed\ +27 76 03 f4 73 8d f4 dc 14 46 58 6d 0e c6 4d a4\ +fb 60 53 6d b2 ae 17 fc 7e 3c 04 bb fb bb d9 07\ +bf 11 7c 08 63 6f a1 6f 95 f5 1a 62 16 93 4d 3e\ +34 f8 50 30 f1 7b bb c5 ba 69 14 40 58 af f0 81\ +e0 b1 9c f0 3c 17 19 5c 5e 88 8b a5 8f 6f e0 a0\ +2e 5c 3b da 97 19 a7 +Salt: \ +c6 eb be 76 df 0c 4a ea 32 c4 74 17 5b 2f 13 68\ +62 d0 45 29 +Signature: \ +2a d2 05 09 d7 8c f2 6d 1b 6c 40 61 46 08 6e 4b\ +0c 91 a9 1c 2b d1 64 c8 7b 96 6b 8f aa 42 aa 0c\ +a4 46 02 23 23 ba 4b 1a 1b 89 70 6d 7f 4c 3b e5\ +7d 7b 69 70 2d 16 8a b5 95 5e e2 90 35 6b 8c 4a\ +29 ed 46 7d 54 7e c2 3c ba df 28 6c cb 58 63 c6\ +67 9d a4 67 fc 93 24 a1 51 c7 ec 55 aa c6 db 40\ +84 f8 27 26 82 5c fe 1a a4 21 bc 64 04 9f b4 2f\ +23 14 8f 9c 25 b2 dc 30 04 37 c3 8d 42 8a a7 5f\ +96 +Test: Verify +Comment: RSASSA-PSS Signature Example 8.4 +Message: \ +db c5 f7 50 a7 a1 4b e2 b9 3e 83 8d 18 d1 4a 86\ +95 e5 2e 8a dd 9c 0a c7 33 b8 f5 6d 27 47 e5 29\ +a0 cc a5 32 dd 49 b9 02 ae fe d5 14 44 7f 9e 81\ +d1 61 95 c2 85 38 68 cb 9b 30 f7 d0 d4 95 c6 9d\ +01 b5 c5 d5 0b 27 04 5d b3 86 6c 23 24 a4 4a 11\ +0b 17 17 74 6d e4 57 d1 c8 c4 5c 3c d2 a9 29 70\ +c3 d5 96 32 05 5d 4c 98 a4 1d 6e 99 e2 a3 dd d5\ +f7 f9 97 9a b3 cd 18 f3 75 05 d2 51 41 de 2a 1b\ +ff 17 b3 a7 dc e9 41 9e cc 38 5c f1 1d 72 84 0f\ +19 95 3f d0 50 92 51 f6 ca fd e2 89 3d 0e 75 c7\ +81 ba 7a 50 12 ca 40 1a 4f a9 9e 04 b3 c3 24 9f\ +92 6d 5a fe 82 cc 87 da b2 2c 3c 1b 10 5d e4 8e\ +34 ac e9 c9 12 4e 59 59 7a c7 eb f8 +Salt: \ +02 1f dc c6 eb b5 e1 9b 1c b1 6e 9c 67 f2 76 81\ +65 7f e2 0a +Signature: \ +1e 24 e6 e5 86 28 e5 17 50 44 a9 eb 6d 83 7d 48\ +af 12 60 b0 52 0e 87 32 7d e7 89 7e e4 d5 b9 f0\ +df 0b e3 e0 9e d4 de a8 c1 45 4f f3 42 3b b0 8e\ +17 93 24 5a 9d f8 bf 6a b3 96 8c 8e dd c3 b5 32\ +85 71 c7 7f 09 1c c5 78 57 69 12 df eb d1 64 b9\ +de 54 54 fe 0b e1 c1 f6 38 5b 32 83 60 ce 67 ec\ +7a 05 f6 e3 0e b4 5c 17 c4 8a c7 00 41 d2 ca b6\ +7f 0a 2a e7 aa fd cc 8d 24 5e a3 44 2a 63 00 cc\ +c7 +Test: Verify +Comment: RSASSA-PSS Signature Example 8.5 +Message: \ +04 dc 25 1b e7 2e 88 e5 72 34 85 b6 38 3a 63 7e\ +2f ef e0 76 60 c5 19 a5 60 b8 bc 18 bd ed b8 6e\ +ae 23 64 ea 53 ba 9d ca 6e b3 d2 e7 d6 b8 06 af\ +42 b3 e8 7f 29 1b 4a 88 81 d5 bf 57 2c c9 a8 5e\ +19 c8 6a cb 28 f0 98 f9 da 03 83 c5 66 d3 c0 f5\ +8c fd 8f 39 5d cf 60 2e 5c d4 0e 8c 71 83 f7 14\ +99 6e 22 97 ef +Salt: \ +c5 58 d7 16 7c bb 45 08 ad a0 42 97 1e 71 b1 37\ +7e ea 42 69 +Signature: \ +33 34 1b a3 57 6a 13 0a 50 e2 a5 cf 86 79 22 43\ +88 d5 69 3f 5a cc c2 35 ac 95 ad d6 8e 5e b1 ee\ +c3 16 66 d0 ca 7a 1c da 6f 70 a1 aa 76 2c 05 75\ +2a 51 95 0c db 8a f3 c5 37 9f 18 cf e6 b5 bc 55\ +a4 64 82 26 a1 5e 91 2e f1 9a d7 7a de ea 91 1d\ +67 cf ef d6 9b a4 3f a4 11 91 35 ff 64 21 17 ba\ +98 5a 7e 01 00 32 5e 95 19 f1 ca 6a 92 16 bd a0\ +55 b5 78 50 15 29 11 25 e9 0d cd 07 a2 ca 96 73\ +ee +Test: Verify +Comment: RSASSA-PSS Signature Example 8.6 +Message: \ +0e a3 7d f9 a6 fe a4 a8 b6 10 37 3c 24 cf 39 0c\ +20 fa 6e 21 35 c4 00 c8 a3 4f 5c 18 3a 7e 8e a4\ +c9 ae 09 0e d3 17 59 f4 2d c7 77 19 cc a4 00 ec\ +dc c5 17 ac fc 7a c6 90 26 75 b2 ef 30 c5 09 66\ +5f 33 21 48 2f c6 9a 9f b5 70 d1 5e 01 c8 45 d0\ +d8 e5 0d 2a 24 cb f1 cf 0e 71 49 75 a5 db 7b 18\ +d9 e9 e9 cb 91 b5 cb 16 86 90 60 ed 18 b7 b5 62\ +45 50 3f 0c af 90 35 2b 8d e8 1c b5 a1 d9 c6 33\ +60 92 f0 cd +Salt: \ +76 fd 4e 64 fd c9 8e b9 27 a0 40 3e 35 a0 84 e7\ +6b a9 f9 2a +Signature: \ +1e d1 d8 48 fb 1e db 44 12 9b d9 b3 54 79 5a f9\ +7a 06 9a 7a 00 d0 15 10 48 59 3e 0c 72 c3 51 7f\ +f9 ff 2a 41 d0 cb 5a 0a c8 60 d7 36 a1 99 70 4f\ +7c b6 a5 39 86 a8 8b bd 8a bc c0 07 6a 2c e8 47\ +88 00 31 52 5d 44 9d a2 ac 78 35 63 74 c5 36 e3\ +43 fa a7 cb a4 2a 5a aa 65 06 08 77 91 c0 6a 8e\ +98 93 35 ae d1 9b fa b2 d5 e6 7e 27 fb 0c 28 75\ +af 89 6c 21 b6 e8 e7 30 9d 04 e4 f6 72 7e 69 46\ +3e +Test: Verify +Comment: Example 9: A 1536-bit RSA Key Pair +Modulus: \ +e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9\ +bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b\ +5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4\ +a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68\ +35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73\ +ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc\ +ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43\ +3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14\ +83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f\ +84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02\ +73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8\ +17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b +PublicExponent: \ +01 00 01 +PrivateExponent: \ +6a 7f d8 4f b8 5f ad 07 3b 34 40 6d b7 4f 8d 61\ +a6 ab c1 21 96 a9 61 dd 79 56 5e 9d a6 e5 18 7b\ +ce 2d 98 02 50 f7 35 95 75 35 92 70 d9 15 90 bb\ +0e 42 7c 71 46 0b 55 d5 14 10 b1 91 bc f3 09 fe\ +a1 31 a9 2c 8e 70 27 38 fa 71 9f 1e 00 41 f5 2e\ +40 e9 1f 22 9f 4d 96 a1 e6 f1 72 e1 55 96 b4 51\ +0a 6d ae c2 61 05 f2 be bc 53 31 6b 87 bd f2 13\ +11 66 60 70 e8 df ee 69 d5 2c 71 a9 76 ca ae 79\ +c7 2b 68 d2 85 80 dc 68 6d 9f 51 29 d2 25 f8 2b\ +3d 61 55 13 a8 82 b3 db 91 41 6b 48 ce 08 88 82\ +13 e3 7e eb 9a f8 00 d8 1c ab 32 8c e4 20 68 99\ +03 c0 0c 7b 5f d3 1b 75 50 3a 6d 41 96 84 d6 29 +Prime1: \ +f8 eb 97 e9 8d f1 26 64 ee fd b7 61 59 6a 69 dd\ +cd 0e 76 da ec e6 ed 4b f5 a1 b5 0a c0 86 f7 92\ +8a 4d 2f 87 26 a7 7e 51 5b 74 da 41 98 8f 22 0b\ +1c c8 7a a1 fc 81 0c e9 9a 82 f2 d1 ce 82 1e dc\ +ed 79 4c 69 41 f4 2c 7a 1a 0b 8c 4d 28 c7 5e c6\ +0b 65 22 79 f6 15 4a 76 2a ed 16 5d 47 de e3 67 +Prime2: \ +ed 4d 71 d0 a6 e2 4b 93 c2 e5 f6 b4 bb e0 5f 5f\ +b0 af a0 42 d2 04 fe 33 78 d3 65 c2 f2 88 b6 a8\ +da d7 ef e4 5d 15 3e ef 40 ca cc 7b 81 ff 93 40\ +02 d1 08 99 4b 94 a5 e4 72 8c d9 c9 63 37 5a e4\ +99 65 bd a5 5c bf 0e fe d8 d6 55 3b 40 27 f2 d8\ +62 08 a6 e6 b4 89 c1 76 12 80 92 d6 29 e4 9d 3d +ModPrime1PrivateExponent: \ +2b b6 8b dd fb 0c 4f 56 c8 55 8b ff af 89 2d 80\ +43 03 78 41 e7 fa 81 cf a6 1a 38 c5 e3 9b 90 1c\ +8e e7 11 22 a5 da 22 27 bd 6c de eb 48 14 52 c1\ +2a d3 d6 1d 5e 4f 77 6a 0a b5 56 59 1b ef e3 e5\ +9e 5a 7f dd b8 34 5e 1f 2f 35 b9 f4 ce e5 7c 32\ +41 4c 08 6a ec 99 3e 93 53 e4 80 d9 ee c6 28 9f +ModPrime2PrivateExponent: \ +4f f8 97 70 9f ad 07 97 46 49 45 78 e7 0f d8 54\ +61 30 ee ab 56 27 c4 9b 08 0f 05 ee 4a d9 f3 e4\ +b7 cb a9 d6 a5 df f1 13 a4 1c 34 09 33 68 33 f1\ +90 81 6d 8a 6b c4 2e 9b ec 56 b7 56 7d 0f 3c 9c\ +69 6d b6 19 b2 45 d9 01 dd 85 6d b7 c8 09 2e 77\ +e9 a1 cc cd 56 ee 4d ba 42 c5 fd b6 1a ec 26 69 +MultiplicativeInverseOfPrime2ModPrime1: \ +77 b9 d1 13 7b 50 40 4a 98 27 29 31 6e fa fc 7d\ +fe 66 d3 4e 5a 18 26 00 d5 f3 0a 0a 85 12 05 1c\ +56 0d 08 1d 4d 0a 18 35 ec 3d 25 a6 0f 4e 4d 6a\ +a9 48 b2 bf 3d bb 5b 12 4c bb c3 48 92 55 a3 a9\ +48 37 2f 69 78 49 67 45 f9 43 e1 db 4f 18 38 2c\ +ea a5 05 df c6 57 57 bb 3f 85 7a 58 dc e5 21 56 +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 9.1 +Message: \ +a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59\ +1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59\ +22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa\ +70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27\ +88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4\ +f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88\ +c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f\ +0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79\ +f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76\ +2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70\ +9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66\ +ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94\ +20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2\ +c7 50 f5 +Salt: \ +c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5\ +25 7e ed 80 +Signature: \ +58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59\ +bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef\ +58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38\ +30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1\ +3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b\ +67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c\ +b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70\ +46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27\ +9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60\ +20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11\ +21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81\ +fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e +Test: Verify +Comment: RSASSA-PSS Signature Example 9.2 +Message: \ +c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3\ +73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26\ +58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce\ +d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1\ +2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8\ +a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6\ +9f 86 35 0e 18 22 e8 bd 53 6a 2e +Salt: \ +b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef\ +8c 5c 0e 91 +Signature: \ +80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2\ +59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d\ +d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04\ +b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f\ +7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f\ +7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46\ +bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63\ +b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea\ +e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5\ +e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee\ +36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa\ +1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 +Test: Verify +Comment: RSASSA-PSS Signature Example 9.3 +Message: \ +0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a\ +4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1\ +26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1\ +fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89\ +3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d\ +df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff\ +74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63\ +19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34\ +09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec\ +be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1\ +4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46\ +2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc\ +d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8\ +9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 +Salt: \ +9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed\ +fc 74 db f5 +Signature: \ +48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27\ +08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9\ +81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5\ +bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c\ +87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77\ +5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd\ +1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb\ +c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20\ +19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16\ +a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd\ +e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3\ +fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca +Test: Verify +Comment: RSASSA-PSS Signature Example 9.4 +Message: \ +1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8\ +82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db\ +be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19\ +a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06\ +e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb\ +b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f\ +53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3\ +0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a\ +45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0\ +1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14\ +fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0\ +c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4\ +3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc\ +b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81\ +7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5\ +69 26 fc ec 20 9f 9e a8 +Salt: \ +70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6\ +32 b8 40 45 +Signature: \ +84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01\ +12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a\ +e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03\ +fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c\ +97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed\ +2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8\ +b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58\ +cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a\ +91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e\ +0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77\ +e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f\ +bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e +Test: Verify +Comment: RSASSA-PSS Signature Example 9.5 +Message: \ +1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9\ +cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d\ +73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52\ +26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76\ +96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18\ +55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21\ +38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8\ +be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80\ +0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f\ +bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67\ +fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed\ +1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1\ +be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e\ +2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01\ +d9 fa 6e d8 06 46 49 1c 93 41 +Salt: \ +d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29\ +5f b9 1b 67 +Signature: \ +82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6\ +4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27\ +4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42\ +0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da\ +5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d\ +4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe\ +c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a\ +1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17\ +17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16\ +64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba\ +3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf\ +22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c +Test: Verify +Comment: RSASSA-PSS Signature Example 9.6 +Message: \ +88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25\ +c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67\ +0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c\ +c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1\ +de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc\ +d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30\ +2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d\ +b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e\ +d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14\ +fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db\ +ce 7a 9e f7 97 +Salt: \ +c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61\ +3b ba 22 76 +Signature: \ +a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86\ +7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa\ +de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2\ +05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04\ +c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4\ +af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c\ +31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9\ +aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3\ +af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d\ +e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08\ +95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42\ +3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f +Test: Verify +Comment: Example 10: A 2048-bit RSA Key Pair +Modulus: \ +a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70\ +ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5\ +7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18\ +75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad\ +cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12\ +cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae\ +4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e\ +90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a\ +21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37\ +39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea\ +45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73\ +3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07\ +0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17\ +b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00\ +1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82\ +ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 +PublicExponent: \ +01 00 01 +PrivateExponent: \ +2d 2f f5 67 b3 fe 74 e0 61 91 b7 fd ed 6d e1 12\ +29 0c 67 06 92 43 0d 59 69 18 40 47 da 23 4c 96\ +93 de ed 16 73 ed 42 95 39 c9 69 d3 72 c0 4d 6b\ +47 e0 f5 b8 ce e0 84 3e 5c 22 83 5d bd 3b 05 a0\ +99 79 84 ae 60 58 b1 1b c4 90 7c bf 67 ed 84 fa\ +9a e2 52 df b0 d0 cd 49 e6 18 e3 5d fd fe 59 bc\ +a3 dd d6 6c 33 ce bb c7 7a d4 41 aa 69 5e 13 e3\ +24 b5 18 f0 1c 60 f5 a8 5c 99 4a d1 79 f2 a6 b5\ +fb e9 34 02 b1 17 67 be 01 bf 07 34 44 d6 ba 1d\ +d2 bc a5 bd 07 4d 4a 5f ae 35 31 ad 13 03 d8 4b\ +30 d8 97 31 8c bb ba 04 e0 3c 2e 66 de 6d 91 f8\ +2f 96 ea 1d 4b b5 4a 5a ae 10 2d 59 46 57 f5 c9\ +78 95 53 51 2b 29 6d ea 29 d8 02 31 96 35 7e 3e\ +3a 6e 95 8f 39 e3 c2 34 40 38 ea 60 4b 31 ed c6\ +f0 f7 ff 6e 71 81 a5 7c 92 82 6a 26 8f 86 76 8e\ +96 f8 78 56 2f c7 1d 85 d6 9e 44 86 12 f7 04 8f +Prime1: \ +cf d5 02 83 fe ee b9 7f 6f 08 d7 3c bc 7b 38 36\ +f8 2b bc d4 99 47 9f 5e 6f 76 fd fc b8 b3 8c 4f\ +71 dc 9e 88 bd 6a 6f 76 37 1a fd 65 d2 af 18 62\ +b3 2a fb 34 a9 5f 71 b8 b1 32 04 3f fe be 3a 95\ +2b af 75 92 44 81 48 c0 3f 9c 69 b1 d6 8e 4c e5\ +cf 32 c8 6b af 46 fe d3 01 ca 1a b4 03 06 9b 32\ +f4 56 b9 1f 71 89 8a b0 81 cd 8c 42 52 ef 52 71\ +91 5c 97 94 b8 f2 95 85 1d a7 51 0f 99 cb 73 eb +Prime2: \ +cc 4e 90 d2 a1 b3 a0 65 d3 b2 d1 f5 a8 fc e3 1b\ +54 44 75 66 4e ab 56 1d 29 71 b9 9f b7 be f8 44\ +e8 ec 1f 36 0b 8c 2a c8 35 96 92 97 1e a6 a3 8f\ +72 3f cc 21 1f 5d bc b1 77 a0 fd ac 51 64 a1 d4\ +ff 7f bb 4e 82 99 86 35 3c b9 83 65 9a 14 8c dd\ +42 0c 7d 31 ba 38 22 ea 90 a3 2b e4 6c 03 0e 8c\ +17 e1 fa 0a d3 78 59 e0 6b 0a a6 fa 3b 21 6d 9c\ +be 6c 0e 22 33 97 69 c0 a6 15 91 3e 5d a7 19 cf +ModPrime1PrivateExponent: \ +1c 2d 1f c3 2f 6b c4 00 4f d8 5d fd e0 fb bf 9a\ +4c 38 f9 c7 c4 e4 1d ea 1a a8 82 34 a2 01 cd 92\ +f3 b7 da 52 65 83 a9 8a d8 5b b3 60 fb 98 3b 71\ +1e 23 44 9d 56 1d 17 78 d7 a5 15 48 6b cb f4 7b\ +46 c9 e9 e1 a3 a1 f7 70 00 ef be b0 9a 8a fe 47\ +e5 b8 57 cd a9 9c b1 6d 7f ff 9b 71 2e 3b d6 0c\ +a9 6d 9c 79 73 d6 16 d4 69 34 a9 c0 50 28 1c 00\ +43 99 ce ff 1d b7 dd a7 87 66 a8 a9 b9 cb 08 73 +ModPrime2PrivateExponent: \ +cb 3b 3c 04 ca a5 8c 60 be 7d 9b 2d eb b3 e3 96\ +43 f4 f5 73 97 be 08 23 6a 1e 9e af aa 70 65 36\ +e7 1c 3a cf e0 1c c6 51 f2 3c 9e 05 85 8f ee 13\ +bb 6a 8a fc 47 df 4e dc 9a 4b a3 0b ce cb 73 d0\ +15 78 52 32 7e e7 89 01 5c 2e 8d ee 7b 9f 05 a0\ +f3 1a c9 4e b6 17 31 64 74 0c 5c 95 14 7c d5 f3\ +b5 ae 2c b4 a8 37 87 f0 1d 8a b3 1f 27 c2 d0 ee\ +a2 dd 8a 11 ab 90 6a ba 20 7c 43 c6 ee 12 53 31 +MultiplicativeInverseOfPrime2ModPrime1: \ +12 f6 b2 cf 13 74 a7 36 fa d0 56 16 05 0f 96 ab\ +4b 61 d1 17 7c 7f 9d 52 5a 29 f3 d1 80 e7 76 67\ +e9 9d 99 ab f0 52 5d 07 58 66 0f 37 52 65 5b 0f\ +25 b8 df 84 31 d9 a8 ff 77 c1 6c 12 a0 a5 12 2a\ +9f 0b f7 cf d5 a2 66 a3 5c 15 9f 99 12 08 b9 03\ +16 ff 44 4f 3e 0b 6b d0 e9 3b 8a 7a 24 48 e9 57\ +e3 dd a6 cf cf 22 66 b1 06 01 3a c4 68 08 d3 b3\ +88 7b 3b 00 34 4b aa c9 53 0b 4c e7 08 fc 32 b6 +Test: KeyPairValidAndConsistent +Comment: RSASSA-PSS Signature Example 10.1 +Message: \ +88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c\ +6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 +Salt: \ +04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab\ +fc ec de 89 +Signature: \ +82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54\ +06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5\ +af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14\ +8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2\ +1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7\ +9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74\ +1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a\ +77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f\ +d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16\ +59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e\ +57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb\ +3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00\ +0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8\ +e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04\ +38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1\ +b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 +Comment: RSASSA-PSS Signature Example 10.2 +Message: \ +dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c\ +52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13\ +97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b\ +34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db\ +d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3\ +c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75\ +ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e\ +80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac +Salt: \ +8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb\ +57 f9 b7 1b +Signature: \ +14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c\ +d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30\ +53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10\ +11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28\ +92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a\ +5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca\ +ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec\ +d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63\ +7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22\ +21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15\ +99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68\ +25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42\ +31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab\ +c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd\ +26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26\ +d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 +Comment: RSASSA-PSS Signature Example 10.3 +Message: \ +48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b\ +08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01\ +93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6\ +26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71\ +ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d\ +e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1\ +3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db +Salt: \ +4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6\ +e2 0c 2d 73 +Signature: \ +6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb\ +39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5\ +4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d\ +3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01\ +02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a\ +a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5\ +d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa\ +91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66\ +f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78\ +34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b\ +44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de\ +03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53\ +1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19\ +6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24\ +71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5\ +0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb +Comment: RSASSA-PSS Signature Example 10.4 +Message: \ +0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75\ +5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4\ +e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82\ +db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a\ +62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45\ +1a +Salt: \ +c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0\ +1c b5 41 ec +Signature: \ +34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61\ +a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd\ +ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93\ +2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc\ +f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0\ +2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34\ +b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6\ +6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce\ +c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45\ +0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d\ +02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec\ +b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f\ +01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9\ +2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d\ +de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6\ +c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb +Comment: RSASSA-PSS Signature Example 10.5 +Message: \ +f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f\ +06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97\ +6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98\ +01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b\ +b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9\ +16 +Salt: \ +ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52\ +65 5f 5d fb +Signature: \ +7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c\ +55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3\ +46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de\ +42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1\ +f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38\ +77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b\ +3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b\ +b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72\ +1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05\ +e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed\ +b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5\ +a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9\ +21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11\ +26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24\ +86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a\ +cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc +Comment: RSASSA-PSS Signature Example 10.6 +Message: \ +25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1\ +f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5\ +55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91\ +dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52\ +c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03\ +23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0\ +74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7\ +d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37\ +8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e\ +aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef\ +b8 af d7 +Salt: \ +ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c\ +a2 d1 df 28 +Signature: \ +6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21\ +80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9\ +b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12\ +5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7\ +b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91\ +55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c\ +43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46\ +bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81\ +8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96\ +d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e\ +f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18\ +e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08\ +8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed\ +94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59\ +e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73\ +2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f +Test: Verify diff --git a/c5/TestVectors/rw.txt b/c5/TestVectors/rw.txt new file mode 100644 index 0000000..2d932d0 --- /dev/null +++ b/c5/TestVectors/rw.txt @@ -0,0 +1,166 @@ +AlgorithmType: Signature +Name: RW/EMSA2(SHA-1) +Source: generated by Wei Dai using Crypto++ 5.1 +Comment: 1024-bit RW key +KeyFormat: Component +Modulus: \ + e5eb47bc1f82db3001faaeabc5bbe71b7d307b431889ac10255262281ec5f5af\ + 8a790bd7bbec5efffa442cf2c3fd5ca4778763b9d15aeac0b9b71bdb13da8272\ + 7f4967ac685975f8ff05a763c864d100b7cc1142102aa2dd343ea1a0ab530255\ + 195c3a6400ecab7b27eff9b01ef6d37381fa6fb5401347f195354396772e8285 +Prime1: \ + ef86dd7af3f32cde8a9f6564e43a559a0c9f8bad36cc25330548b347ac158a34\ + 5631fa90f7b873c36effae2f7823227a3f580b5dd18304d5932751e743e9281b +Prime2: \ + f5bb4289c389d9019c36f96c6b81fffbf20be0620c6343e2b800aefb1b55a330\ + 8cc1402da7a2a558579a2a5146b30cb08e3f20b501081248f2f1de36cdfce9df +MultiplicativeInverseOfPrime2ModPrime1: \ + 88813a3d50b7c301948ee1985db19c9fd33a47c78c977024745e10483d9cc4f0\ + f573597ce564a91421d1d7457bc45a971f7d8b31403298da77799b57cf9a76de +PublicExponent: 02 +Test: KeyPairValidAndConsistent +Message: 2CA039854B55688740E3 +Signature: 1AF029CBEC9C692CE5096E73E4E9A52EC9A28D207A5511CCEC7681E5E3D867A4AE2E22DE4909D89196A272F1B50DE6FA3248BCA334D46E0D57171A790B6F4697E7BA7047DB79DECD47BD21995243DEBBF25915DDBC93C45875C14DE953792257C5C6825C905AFF40109C8CC7E793123D47AC1B5B6304A436CFA9BEEC8E0054E7 +Test: Verify +Message: 2A51DF4AF88613D91A37 +Signature: 6FF18F4471E1A8F850C910A181A9F28E69AACD8E8126969605E000A853197541AF9047E5D17315BF062B9CD8DF91196F0343285D9E31D5C72560C156782B6D0E5AF8F06D7DCDD8CABEC01B2438C168C40C21F6A8794648361BD2AEE13573A49ECA07A7EED97C0B9C5B1E508869E4CFD5FE1771924B1CF5A4BFF7D4379E5CD59F +Test: Verify +Message: 1CF8DDD95D780A89D7CF +Signature: 539C266B0313E0E256ED98EEF13E6AE64CED90C160A4999B3D47CBDA5285DAB0E0678C0E079CE9B8EB23E10EDFACFC19A80EEBB8F38ED5B5D6C8A988AB8CEC40A5A5BA102F75586167EAB6D5BF0CE8FF30C656895800F6F1B37D69FBBAF9055F7505DBEB537C0F986A1B5F0270DC12A640FFCB626F9763FDCFEFA1208C104003 +Test: Verify +Message: 2119A954F1AC0F3DCDB2 +Signature: 60C3CCF4F086B15B7F850B445F384333F7AE5A4B5EDE2820C7233239E1B86D6E4B4FCA4F50B087CE1DF17DA5D62672A17F2CF87A2875BBD9B138CAF6863821D6A4D553E9EB64C9254A8F9A6B960E57E39069D65E3F561AA1FA91643D42FEEFB9270D34AB0861DEA1E234EA587F580503D46A1989D413DAC2FFE0FC4CA663CE68 +Test: Verify +Message: F6959926E6D9D37D8BC0 +Signature: 249E1066542618CE0D236A7174708F801E7AB257931E9967A65C483ED66FB58598F99B6664AF0EAE221E2A6B271D7D17875ED02BF7FE35AA0786023858521CB79FEE0D134D9DDA609B0270FC9804BB6BF74AD90AE11EB339353533DC0D5A69E6B8758212B86024ED563767EA5D9B59655E0B8CC21244F720BA4ED663BF668E3A +Test: Verify +Message: 7A4C634DE6F16315BD5F +Signature: 308A5D65224201BED626CC83FB901EC84874EE03B2E7AB4E752EDBDE024C754E3CC9841CA062100A8843DE9183354B4E0596E8C68F1605828287884F0F9BA6968FC7A9F0CA09418A8485B90465E5D3F96CE4995A5FC7A6E5ABD9CC06BB8A2C3C8109F72EAE67FB4C108852C881CA645B3C5586F27F12FF3028ADE56E32AD9434 +Test: Verify +Comment: 1032-bit RW key +KeyFormat: Component +Modulus: \ + b660eb18786256c993ebc6dcb5892eac342f6d91229b73dc5d04f1afb9bb0dd4\ + eb0b48895f514b4c9afeaf86e91226f2299126d37528ce374e89cc312c06f47c\ + 81112bf5ca60ffc33b98318e04a17627269f1af461b6cb40f3be03b0113fb2d8\ + 404e154c7191306b36fd3efa73c784ad9189115d0bb1bd82b850d000e7cc8d20\ + 35 +Prime1: \ + 0bc31c063f43b3ade2cd633d554913339071d6ebed5fd665fc5dd7d47b80721a\ + 976c3b14fbd253f0f988c354725289f2897d7fb62c5c74af7d597a1e22aafba1\ + d3 +Prime2: \ + 0f816bf0add559afda38b008e4087f6a38b575c56fff453056eaaab3381c9552\ + 0969546f954d458d48e44850938b1db471cf4b40afc47e067fb5bce67ba98be8\ + d7 +MultiplicativeInverseOfPrime2ModPrime1: \ + 0b684eeec75b3e24e2d9947341b3f462258628af6f0b881396c887fe26a3408c\ + 40b13370710c82dd4a021a87bbaab5c0fc96cb1d015a783a764a8ab7b002903d\ + 21 +PublicExponent: 02 +Test: KeyPairValidAndConsistent +Message: EF0F1D56F4E5D587C212 +Signature: 3E544FEBB6623F5D392003B729FE2BFC20E2CB3ECAC22734DFCA55150254E616A41C5E54CE3B50FBC2FE2363EE9AF9B15C70615497B0A458F8AB6D850992EEEB56D65F87EA1BD6E2B4B7E40A0F5E1635C7DDB17110C61039CF712D3524C9C2C1F35D9163BE5C70276F46634514BE16EC09602782E88FE74EAEB2F50CBB0E3B5C4A +Test: Verify +Message: 2C9EA313EACF2C5DA43A +Signature: 1FEFF88814BB53E447E1E955AC8F1AF597C15C3866033E337AFBAB8627306F2EC1276621FF2176C89323CE32EA20F6AEC2CC271F1ED749408B2A3E43A23A44D6A3F38DCDDCAB696B239110AA7ECF12C6681B0E97E6FFF1B72F4F6D796BF82B9450AB8B3D28CA9D220BDF84ACCEA1DA5EDA0B470C3A82BBDD77B4C2723297608BD4 +Test: Verify +Message: EC5CC4228C3C70EE8F35 +Signature: 228BAA85062F10DCC9D99A23D340BC4B9E463D8AB86A6781A6D2143564303E2DC78772BF68449BE1E2711A68D5A15CF04A23573FB3870454308F583BBB5F2467069EF1395431E70F91BD56D846DC8DB2E88AB3D26A9770660B87A76D6C3575DE512BAFA8A0B901AD15B7D8E8BE2F176A182D16A9609F19A4298416245873175805 +Test: Verify +Message: D81F0C6F2D3D60EE19FE +Signature: 17EAA0C18178CD45A2B9100997F682E5F02BE09FBE4D8F345033951345CE98C8B3F13F2CA2A950CE7BDCBF83DBB700890E1F0B863D04C3ADB298F546A8F09F4DA4EF0DC6E7317207CB3CF691114E55D9EAA11C53BE55F7C214F62E6B0460DFA60C55B16EB55B29C9DBB908266C1BDBB03AD651EFB91905B142D852DCA0C4E3BBEE +Test: Verify +Message: FEF5EE07C74118DA30B9 +Signature: 2637E16E2599B6EC2F4728C73D3B29F483C2B881F1E1969C426027605EF080E9B17D258D5E1EBC6472A2501E04CF19C144537FCB38A1DA00D948EBD39FA11322D9230B62E2C12AEDB366BD85A2089588A8D52E941FD986D89828A342B83438A960B6FD87E9AD025AD75A692AA9DFEA873A9467B42D84879E85C5D11EFAB347FBED +Test: Verify +Message: 0B9554FFE4F6ADAB2C76 +Signature: 095952F24D9FBEF3A93A932865F4BDBB522CF24EBE153CE4BBB24CF301A1C7B51FE47B94F8F8B211CBC5A926FF6BAF9A6BBF7E15975D2DCCB95EF01AB7E641687870B0D01FC18B6B16FE17D3FC82931FBBCD4FD18C7F9588CEE8491876D72F98F2E7EEA90C12907210D6859053ADC7178B87BF8B4826954D6986FE761E71E1B7EA +Test: Verify +Comment: 1536-bit RW key +KeyFormat: Component +Modulus: \ + 9f8f8ab78ad635c71c9ef0fce9d4a958a9013ed69fcd67c385722668d4357c32\ + 3732c78179eaa17984531ba570aa0721a1e228957b1008010f1a2d6c42e09847\ + 9ffeaff9bbfeb3c8e101f968fc7ac74cfba210f76a6da160e65934d216368763\ + 8f59e414dc6f0448c0b4052c90f7dc565d32acae5da04e3e157dca184aba8362\ + bb28a2da6915d51d65f54fbeee69104a5a1b2304b87230c504b126dcf1c377cf\ + 1777b93be6903b50a44f054ae233b7cc24f950ded467cb8ffbdb17e7b6937605 +Prime1: \ + d0505c510a3b38a139d6d139818b04251d6ca46c2e717cfafbeebcd5fff8ae62\ + de4698e3241784f05e8c86f0f996db77259ebaac6983f092853639f619b75701\ + e562408cc1f5c543cada21fc26af36905b10a0df5b111efd754666bb3db4be63 +Prime2: \ + c41623ccb51e2474eb3dc5c2ef42cfd320a285ef7aefc1d1edcd5f566549cb79\ + 7285f01c89b9f749ca506b717c2a45b708fec2e7d611c5eee6af0a6d61219c7d\ + cab18961e98eea3b7797c61a75aed21d411de4fcf4a009a8238a832dd6e41277 +MultiplicativeInverseOfPrime2ModPrime1: \ + bc1ceeed917217387ead12254cfc183f82c79709499f510ce093d6d28bc1bf2b\ + fabc3d86d64a1c807605bd57f9ec533745d6e359270885c3eb7a36a02dff7137\ + 9bd453bf3fdc282afa2295d5e393f1c2c74edcbd2374c7740e8135ef0b8af258 +PublicExponent: 02 +Test: KeyPairValidAndConsistent +Message: 400AEF79EDBCEA796D71 +Signature: 15EB5A68CBCB0D6313BB2D14436237A716AC3159B059FBC29931933DB802D6925C01BDC6D90DD0DA25980F1C8199AB9CD3FD105A63D13B5C0101A0430455334492038FBE029BF4EE61F8A2F88D2A6D5424DE7C0CC314B5EA4F867B35224D574463BDE78B71904033C1455484865EB80AE1C2A7D1C229CD0A4D49C0F06A26E264AD42ACAA131F8C0C5EA4DC9EB5BD349D1EE12B3F91F4B9F2DABC3BCF0E216D4A34A3541169955BE45289CECE16DA6BC5352FF31D66538F64308D6FBB9C7DDE72 +Test: Verify +Message: 63F64BFAD5B830682F44 +Signature: 1003E58A73B018FF9F0F66D3BE9A8DD9D83097A0EB216AEEAA75B63C150AAE9E8BE2A5DE426D18FBC56865F4C9CA51A9BB6E99B70C59B7995246A1F4327C9E4A69517131DA66DDE98AE5D8355527D1C5E4D83CC7ED7B3B1F404F6FDF731DA615974F0777CD22C1E6FAA3569D1141900734C7F3262FE7B9ED291A934DE81A06EBF258F7159DE842737A32DAEC79EFE211C2739D3F5859CB9A633D2A16D78C347790241925C3E776F04B5D5F1900A7B48645DF16DC6F9E8C990AEFEE22FA1DA496 +Test: Verify +Message: B6AAE87E8D469A16A335 +Signature: 368EE32DDF9D5526E50B1645473DB79CE4B0EF3801F3DF050E8B6B10DFAA600A505FD1C91CAE1CD8CB8FA7BC2F81EDFEE7E74DCF7BDA9ED4FF87C39650E8A473672FD012A6A57C5DC44FFBBDA4A5DECD099A32791CEDC6170C8B367080792713041350D2483B27924822DD886A36EE575A3CD6C097162F758F5628D3EA301050AC848F0ACAEDAB8AD34D436E418AA53618AFAFC3168B7CFA641B1A88C86007FD1EDD8FE1D1A94FCE59B548DA3D8FE313A0A97719E19C857560763EFF1682CC14 +Test: Verify +Message: DB0F126516E3EDFF3D7C +Signature: 42076C3F6976EF4BBEAFEF0B4F7A8198CACE6F73436C59DF212474C94D00B0501C359CAB8950EB8937E8458964C817926A3181EED64EAB3A5274A9B3114406F62A62C51F4EDBEEF3BD948C21578996236D6D477B2701DD5A4818B08F5D4740CD23064798C3406133D0758D51717DB4575117DE887733D1E7170AA0845A81535444A962F2003A46361E8A8A1914DA6732C37334320F155E90E18D9E2A921034BEC81395AF69D61E22FEF90BC4F9127914B536BD2477552166C11F139519129864 +Test: Verify +Message: A58B1E5E98C44A8680BD +Signature: 100B8692C7A09EFB585A63B5D636EABFE9DDFE50D5235B11BDFD818D1810893B327ACC3B78942900C8F7498BDC1D2FB44330ADD3FEBC709046D8028F38AA7DCC768558E7D6469EDA306C0FCAE001C7B01544C80043864761355888C13960DD53BBD7854F2FBB7D9DE021BAD69769418712B6335A8C63143329363C65CB4170AA0C040559136EA9C19A6793024AF77BCF3EE793CAEDF07FD8A8E2C9C29B5F225F399BBA177D070314E319359394DB999D866A48D591EE8C662BA6394E396300FE +Test: Verify +Message: 7AF0498714B0D93AB959 +Signature: 35A959E3717468552590C26FA92009C3866955A1D14405AD33D3FA745D7591521A323BA031070B1FB60A1B6FE0C7198FC14EA41CE62EB6EB060FD073E816C9C85BB6251BF5235567E12951778A61D87F117137C347DE56337FBF9A3360D49330A98248233719FF862F83F772AC887F035820579F406D221191F4535ABA37401FF6E28216EC06AB8832D9AB3EAE4E1D3D780A1FA46883A79B657A7027597BCE4F21744CFC3704A449A204D3790F668E2EB710D5CF031BAA58359D35DDF92455D7 +Test: Verify +Comment: 2048-bit RW key +KeyFormat: Component +Modulus: \ + b6dee7375bf4385043b3cc2ac5cacbc14ad11a17574738dd2bd84d2d1e6c74e1\ + 6066c2a5c35bc3b87839858afb5ee5e8abfab408f38772866f6f833f39fab248\ + 3a2c34ed55ad7098f9f63d4ec70b7950f02daaaab10781a0008f993c4027e381\ + 6bfd45c52f59452a7b28873513dce415a84fc8bc06601567f91ec41647da2304\ + 5b6e01e24516724acc02947ad5aa2dba4d952bc4f49d18ada0b0f7cc5d488814\ + b921c0bc2b33d8828d80130df7d79b0992cec40d3bc7217d4a4dff3699345e44\ + dac968575194845aa7b60dcf3c712d9b0a384824c3579b40dba265457d50f69f\ + 02a140884d89b7fdee9f0a787e76a37c58c92cf2d3818c72097d41b3faa7aa95 +Prime1: \ + fa880a456f9c205a26e02c3357536531dec150be0ef8747f69ea30d987ff7dd8\ + 9e9a1075ebd39f04fa495bd26d8408a8de69113a9fbb52f20713d1d046a76b47\ + 8cf77c46454a7afda2ef418f63faf67c947d898bca109f3275999e8f2e60e2c0\ + eec133ff69e71a2d396632670b52d8ea03f7589d8144ab580b1d3e60efa1280b +Prime2: \ + badcc718dd2d761c4893c4831d56ada30fc5c7c148d473bedf7615b7e821b92f\ + 319676ce278349f1309fb3d264c1a22bde71b221354c7a4d31117b3ec3c9d480\ + 2e0a26bd8ec05d28b6502c65f35c687af7f8396b963ed029a2c5ae38dd7c5c96\ + 2a953c113c0f590957ab19a6e2afda6db84f22c0c31ae243debd2920fbe9fbdf +MultiplicativeInverseOfPrime2ModPrime1: \ + 48a56f93e044a8211861da6bde9ab61265c63e168e507b56cd6e6e5f4de57c2f\ + 5c0b626462d6c06790cf561fa12a350dc0c08767f2717914183fac90db36495a\ + 91c0e9c0fbcfef19c85075b3b744fc378a9f2045cd7fd144ecd39bd1a59f1483\ + 10f6982efb3ffe502b279c4c0cb2a7f9ef64ca8f38690c486afb5f659cf7f838 +PublicExponent: 02 +Test: KeyPairValidAndConsistent +Message: 00AA5515CDAE5CD0F0DC +Signature: 30EECA6B48D796552F5A6A3C11F28D730FA077422CAAB34FDEB879AE0F71DF21330E2F3BE5BF3A8CA372EBCD3DFA7C81B3398C31B0972D0B857926CB39732351AACEB8276D52B9D82F9C245FA0F1CF49E785A2BC00FF27FBCF777F84D05BEF17FCC0505820B029AC8F0CE17D2469372CE47E1428BB941004FE170EF87163E07298EFFCC1BFA7E7CB1F572C340CAA075A5962A15B69CE937BC7EFB492F501FC88CBF0119C351C8498782091EF6EFB19120195E5FF51DF86F90E90FAEB225AA2EE43AB4E8358101C0348C7E3859B9DEBA19464C74B74AC48A0B73FC8D2E7F8033E86208F0792B6E5B6DE36C99DEF604949811D1671EF6B0A4781B4E7A0A72AD855 +Test: Verify +Message: B8E2FB9EAE22FB2C0021 +Signature: 416D33F8C213CF81F805F54FC1D4E7C6A588A0965F1C9CAEEA1D41452E20935AAF2D30F957584B56621035430212A428E27A2F687CA9DBB596C19864AE692EF7BBA730F3D70CC2DDE15AB71E1E350C0C316EFA1A831ACD1441598B112482487DF72F58ED318182C7CD0906FE39C5655BF1313F29A15D60A6178CBF600C7FBFF8994840ED649C3C4026A463B3EA39C692B7D112B128BE49E1E32D4A7FF8D4513283D8DCD9CCB8FB7300BE0BDD4C44DAA2F7049B3AD83437093E623442AC69B48911CDA21E95E0775041F67F6E6AE01DCE646AEC20908E7C1B693600FE41ABA85AC0C778641E46C419083E41773C749DB3E1BD8FD764E271860D2D7F8E11BD6AB3 +Test: Verify +Message: 8C8C306A629373BAE647 +Signature: 0E9A00045FFD399D9DA9D0D7E543CF9FFD098BC23E72DD7763A64F22C7F0479CE866E31438B8F7DE31A18F35AF419BED6C67BE1540614D3310DD24F019E14FCC3AF73743F4C143D4B79CDF35C752A300F0A8251CCFF4AAF18785C533A7DF1A20AFE6770DEBD1B8BA2C83B2E345A04F833CD173E998FF9840C2F8A370FFDCFF5FD95CBD71B25FC9972192470FD145975344F64C2F6D68CB3513F48F9FC070021BEE8F6A4282D098C44DF655CE415E89B97994AE3ABE85986C7EE0AC348EF2A4F52D102EA80836E77E81AD3678803E53C83CF2F30D2D4950FB6B038CCB3F2690A9381EB34D6C09E88C090AB05E28047DC490EB8A1282FEB38E82FB0B18309284C4 +Test: Verify +Message: 15E7B7B7ED0F176B6799 +Signature: 39FF4B5FA50AE498F3C91A655E6865840D1FC401EE02DBC8460A59DEB8816E6680F712B7BAF8D4DC11A3B54BF906BE698306F0449BB43F3F223B944D930A1A3C718E8A9E2EEDEC5A07AB817C26A80CC2A2EE2846A597EAB8A999D38DB98490166F2574524038BBDF24B4E4622C843210C6B94987638C6976562EA9727385B152614C18349BD54AD95DE33D5354954B505E5259CCDA47E3CECEF3154F6E5481E536BAB568146A0BFCB66573714A7BA7ABE0385115720687F33D9C6EF6BB60272F1272CF349990E3A2FBCCE180B730792101089B164AE5A001F5263F7493AF148D6E0953E311AD12E4202D35F96DD30885663B5101F9B05675FCD2FCC4FCC4DDFF +Test: Verify +Message: B36724C92954C38D0288 +Signature: 3C8CD3614555568BBECA99174B7B203D0BC6FABE9E6FFE0C41EB4D9A2C601D2393CA1E01B7D7E99337758AC914C9F151311E5AE6708DAF1D8C825DA471652C6E13A8FE5802D7AE097BFC899A4EC8CA235B5982B9058C53AAD52823ACF692290EB8823C126635AB0BBF101C2B3149AB16183FA2DBB049DDB99C5E83723E4D4693CA3A08588AA868C677D42ABDAA6586EF192391D276C5E5AF0763ACCA6293F06250C51FDC2AD369CD44EB5F654E98761C881DDEC08E795FFB229B20522349B0714059E18B7B23A48875EAB12ED3F0A011D3A985DD7384B0046F39FA6C1A331F3D4C5125100BA58666935C68A7A10849D9C74850BAB82AE15EC950A283F3E7DAD8 +Test: Verify +Message: FA95400C2B14E064F76A +Signature: 3F67F9DBEB88E6AD057BEDC3D97030555A908867EC578A6CA572137CB61C21036AADE6DDC5592EC7CCB6B263E51B4C886A51904C858040E493D64B9ACE5BAA50C4A66D04ACCDFE0039D8541C4363DEFFCF93BDF5F5CC1FB64855D956B5EFD42D4C9B96B9CBAA97A32F02AAB307674E53404E6836DB5C96B59572ADBFD1113B87608ACE6D0898CB02E35575CC28D38A9FF8C1C4AD36BAA991DEFAB533F0A6C9C2F0F0815F1D659ED576E5DB18494A54B6817D9E34A134F3B9A0F1E8C77FC204B6EE087C0445A7036C935117E338D092F6E1FF4DF7605525C409456A5195233A176B29B2FD8FB2808D0412FCA0541B2BB6800BD8BB9DC9DC25230166071E8D961E +Test: Verify diff --git a/c5/TestVectors/sha.txt b/c5/TestVectors/sha.txt new file mode 100644 index 0000000..a558b65 --- /dev/null +++ b/c5/TestVectors/sha.txt @@ -0,0 +1,38 @@ +AlgorithmType: MessageDigest +Name: SHA-1 +Message: "abc" +Digest: A9993E364706816ABA3E25717850C26C9CD0D89D +Test: Verify +Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Digest: 84983E441C3BD26EBAAE4AA1F95129E5E54670F1 +Test: Verify +Message: r15625 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +Digest: 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F +Test: Verify + +AlgorithmType: MessageDigest +Name: SHA-256 +Message: "abc" +Digest: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad +Test: Verify +Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Digest: 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 +Test: Verify + +AlgorithmType: MessageDigest +Name: SHA-384 +Message: "abc" +Digest: cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 +Test: Verify +Message: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Digest: 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039 +Test: Verify + +AlgorithmType: MessageDigest +Name: SHA-512 +Message: "abc" +Digest: ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f +Test: Verify +Message: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Digest: 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 +Test: Verify diff --git a/c5/adhoc.cpp.proto b/c5/adhoc.cpp.proto new file mode 100644 index 0000000..8e7f9c2 --- /dev/null +++ b/c5/adhoc.cpp.proto @@ -0,0 +1,8 @@ +extern int (*AdhocTest)(int argc, char *argv[]); + +int MyAdhocTest(int argc, char *argv[]) +{ + return 0; +} + +static int s_i = (AdhocTest = &MyAdhocTest, 0); diff --git a/c5/algparam.cpp b/c5/algparam.cpp index 1ef7de4..1f49db6 100644 --- a/c5/algparam.cpp +++ b/c5/algparam.cpp @@ -2,15 +2,9 @@ #include "pch.h" #include "algparam.h" -#include "integer.h" NAMESPACE_BEGIN(CryptoPP) -const std::type_info &g_typeidInteger = typeid(Integer); - -void AssignIntToInteger(void *pInteger, const void *pInt) -{ - *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt); -} +bool (*AssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt) = NULL; NAMESPACE_END diff --git a/c5/algparam.h b/c5/algparam.h index 3e09d1f..999998d 100644 --- a/c5/algparam.h +++ b/c5/algparam.h @@ -88,29 +88,33 @@ template <class T, class BASE> class GetValueHelperClass { public: - GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue) + GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst) : m_pObject(pObject), m_name(name), m_valueType(&valueType), m_pValue(pValue), m_found(false), m_getValueNames(false) { - if (strcmp(name, "ValueNames") == 0) - m_found = m_getValueNames = true; - - std::string thisPointerName = std::string("ThisPointer:") + typeid(T).name(); - - if (m_getValueNames) + if (strcmp(m_name, "ValueNames") == 0) { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(std::string), *m_valueType); + m_found = m_getValueNames = true; + NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(std::string), *m_valueType); + if (searchFirst) + searchFirst->GetVoidValue(m_name, valueType, pValue); if (typeid(T) != typeid(BASE)) - pObject->BASE::GetVoidValue(name, valueType, pValue); - (*reinterpret_cast<std::string *>(m_pValue) += thisPointerName) += ";"; + pObject->BASE::GetVoidValue(m_name, valueType, pValue); + ((*reinterpret_cast<std::string *>(m_pValue) += "ThisPointer:") += typeid(T).name()) += ';'; } - else if (name == thisPointerName) + + if (!m_found && strncmp(m_name, "ThisPointer:", 12) == 0 && strcmp(m_name+12, typeid(T).name()) == 0) { - NameValuePairs::ThrowIfTypeMismatch(name, typeid(T *), *m_valueType); + NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T *), *m_valueType); *reinterpret_cast<const T **>(pValue) = pObject; m_found = true; + return; } - else if (typeid(T) != typeid(BASE)) - m_found = pObject->BASE::GetVoidValue(name, valueType, pValue); + + if (!m_found && searchFirst) + m_found = searchFirst->GetVoidValue(m_name, valueType, pValue); + + if (!m_found && typeid(T) != typeid(BASE)) + m_found = pObject->BASE::GetVoidValue(m_name, valueType, pValue); } operator bool() const {return m_found;} @@ -120,7 +124,7 @@ public: { if (m_getValueNames) (*reinterpret_cast<std::string *>(m_pValue) += name) += ";"; - else if (!m_found && strcmp(name, m_name) == 0) + if (!m_found && strcmp(name, m_name) == 0) { NameValuePairs::ThrowIfTypeMismatch(name, typeid(R), *m_valueType); *reinterpret_cast<R *>(m_pValue) = (m_pObject->*pm)(); @@ -131,10 +135,9 @@ public: GetValueHelperClass<T,BASE> &Assignable() { - std::string thisObjectName = std::string("ThisObject:") + typeid(T).name(); if (m_getValueNames) - (*reinterpret_cast<std::string *>(m_pValue) += thisObjectName) += ";"; - else if (!m_found && m_name == thisObjectName) + ((*reinterpret_cast<std::string *>(m_pValue) += "ThisObject:") += typeid(T).name()) += ';'; + if (!m_found && strncmp(m_name, "ThisObject:", 11) == 0 && strcmp(m_name+11, typeid(T).name()) == 0) { NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T), *m_valueType); *reinterpret_cast<T *>(m_pValue) = *m_pObject; @@ -152,15 +155,15 @@ private: }; template <class BASE, class T> -GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, BASE *dummy=NULL) +GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL, BASE *dummy=NULL) { - return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue); + return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue, searchFirst); } template <class T> -GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue) +GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL) { - return GetValueHelperClass<T, T>(pObject, name, valueType, pValue); + return GetValueHelperClass<T, T>(pObject, name, valueType, pValue, searchFirst); } // ******************************************************** @@ -239,9 +242,10 @@ AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &s // ******************************************************** -void AssignIntToInteger(void *pInteger, const void *pInt); +// This should allow the linker to discard Integer code if not needed. +extern bool (*AssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt); -extern const std::type_info &g_typeidInteger; +const std::type_info & IntegerTypeId(); template <class BASE, class T> class AlgorithmParameters : public NameValuePairs @@ -283,9 +287,7 @@ public: else if (strcmp(name, m_name) == 0) { // special case for retrieving an Integer parameter when an int was passed in - if (valueType == g_typeidInteger && typeid(T) == typeid(int)) - AssignIntToInteger(pValue, &m_value); - else + if (!(AssignIntToInteger != NULL && typeid(T) == typeid(int) && AssignIntToInteger(valueType, pValue, &m_value))) { ThrowIfTypeMismatch(name, typeid(T), valueType); *reinterpret_cast<T *>(pValue) = m_value; @@ -236,13 +236,15 @@ public: virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 // one of the following two should be overriden + //! decode subjectPublicKey part of subjectPublicKeyInfo, or privateKey part of privateKeyInfo, without the BIT STRING or OCTET STRING header virtual void BERDecodeKey(BufferedTransformation &bt) {assert(false);} virtual void BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size) {BERDecodeKey(bt);} + //! encode subjectPublicKey part of subjectPublicKeyInfo, or privateKey part of privateKeyInfo, without the BIT STRING or OCTET STRING header virtual void DEREncodeKey(BufferedTransformation &bt) const =0; }; -//! . +//! encodes/decodes subjectPublicKeyInfo class X509PublicKey : virtual public ASN1Key, public PublicKey { public: @@ -250,7 +252,7 @@ public: void DEREncode(BufferedTransformation &bt) const; }; -//! . +//! encodes/decodes privateKeyInfo class PKCS8PrivateKey : virtual public ASN1Key, public PrivateKey { public: diff --git a/c5/base64.cpp b/c5/base64.cpp index 0cc48b9..2670155 100644 --- a/c5/base64.cpp +++ b/c5/base64.cpp @@ -13,6 +13,8 @@ void Base64Encoder::IsolatedInitialize(const NameValuePairs ¶meters) { bool insertLineBreaks = parameters.GetValueWithDefault("InsertLineBreaks", true); int maxLineLength = parameters.GetIntValueWithDefault("MaxLineLength", 72); + + const char *lineBreak = insertLineBreaks ? "\n" : ""; m_filter->Initialize(CombinedNameValuePairs( parameters, @@ -20,8 +22,8 @@ void Base64Encoder::IsolatedInitialize(const NameValuePairs ¶meters) ("PaddingByte", s_padding) ("Log2Base", 6) ("GroupSize", insertLineBreaks ? maxLineLength : 0) - ("Seperator", ConstByteArrayParameter("\n")) - ("Terminator", ConstByteArrayParameter("\n")))); + ("Separator", ConstByteArrayParameter(lineBreak)) + ("Terminator", ConstByteArrayParameter(lineBreak)))); } const int *Base64Decoder::GetDecodingLookupArray() diff --git a/c5/basecode.cpp b/c5/basecode.cpp index 51347b6..1e81ece 100644 --- a/c5/basecode.cpp +++ b/c5/basecode.cpp @@ -41,17 +41,32 @@ unsigned int BaseN_Encoder::Put2(const byte *begin, unsigned int length, int mes if (m_bytePos == 0) memset(m_outBuf, 0, m_outputBlockSize); - m_outBuf[m_bytePos] |= begin[m_inputPosition] >> (8-m_bitsPerChar+m_bitPos); - m_outBuf[m_bytePos+1] |= ((begin[m_inputPosition] << (m_bitsPerChar-m_bitPos)) & 0xff) >> (8-m_bitsPerChar); - ++m_inputPosition; - - m_bitPos += 8; - while (m_bitPos >= m_bitsPerChar) { - m_bitPos -= m_bitsPerChar; - ++m_bytePos; + unsigned int b = begin[m_inputPosition++], bitsLeftInSource = 8; + while (true) + { + assert(m_bitPos < m_bitsPerChar); + unsigned int bitsLeftInTarget = m_bitsPerChar-m_bitPos; + m_outBuf[m_bytePos] |= b >> (8-bitsLeftInTarget); + if (bitsLeftInSource >= bitsLeftInTarget) + { + m_bitPos = 0; + ++m_bytePos; + bitsLeftInSource -= bitsLeftInTarget; + if (bitsLeftInSource == 0) + break; + b <<= bitsLeftInTarget; + b &= 0xff; + } + else + { + m_bitPos += bitsLeftInSource; + break; + } + } } + assert(m_bytePos <= m_outputBlockSize); if (m_bytePos == m_outputBlockSize) { int i; @@ -82,7 +97,7 @@ unsigned int BaseN_Encoder::Put2(const byte *begin, unsigned int length, int mes FILTER_OUTPUT(2, m_outBuf, m_bytePos, messageEnd); m_bytePos = m_bitPos = 0; } - FILTER_END; + FILTER_END_NO_MESSAGE_END; } void BaseN_Decoder::IsolatedInitialize(const NameValuePairs ¶meters) @@ -172,28 +187,26 @@ void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alpha void Grouper::IsolatedInitialize(const NameValuePairs ¶meters) { m_groupSize = parameters.GetIntValueWithDefault("GroupSize", 0); - ConstByteArrayParameter seperator, terminator; + ConstByteArrayParameter separator, terminator; if (m_groupSize) - parameters.GetRequiredParameter("Grouper", "Seperator", seperator); - else - parameters.GetValue("Seperator", seperator); + parameters.GetRequiredParameter("Grouper", "Separator", separator); parameters.GetValue("Terminator", terminator); - m_seperator.Assign(seperator.begin(), seperator.size()); + m_separator.Assign(separator.begin(), separator.size()); m_terminator.Assign(terminator.begin(), terminator.size()); m_counter = 0; } unsigned int Grouper::Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking) { + FILTER_BEGIN; if (m_groupSize) { - FILTER_BEGIN; while (m_inputPosition < length) { if (m_counter == m_groupSize) { - FILTER_OUTPUT(1, m_seperator, m_seperator.size(), 0); + FILTER_OUTPUT(1, m_separator, m_separator.size(), 0); m_counter = 0; } @@ -203,12 +216,13 @@ unsigned int Grouper::Put2(const byte *begin, unsigned int length, int messageEn m_inputPosition += len; m_counter += len; } - if (messageEnd) - FILTER_OUTPUT(3, m_terminator, m_terminator.size(), messageEnd); - FILTER_END_NO_MESSAGE_END } else - return Output(0, begin, length, messageEnd, blocking); + FILTER_OUTPUT(3, begin, length, 0); + + if (messageEnd) + FILTER_OUTPUT(4, m_terminator, m_terminator.size(), messageEnd); + FILTER_END_NO_MESSAGE_END } NAMESPACE_END diff --git a/c5/basecode.h b/c5/basecode.h index dcb49b0..9d6164f 100644 --- a/c5/basecode.h +++ b/c5/basecode.h @@ -61,11 +61,11 @@ public: Grouper(BufferedTransformation *attachment=NULL) : Bufferless<Filter>(attachment) {} - Grouper(int groupSize, const std::string &seperator, const std::string &terminator, BufferedTransformation *attachment=NULL) + Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL) : Bufferless<Filter>(attachment) { IsolatedInitialize(MakeParameters("GroupSize", groupSize) - ("Seperator", ConstByteArrayParameter(seperator)) + ("Separator", ConstByteArrayParameter(separator)) ("Terminator", ConstByteArrayParameter(terminator))); } @@ -73,7 +73,7 @@ public: unsigned int Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking); private: - SecByteBlock m_seperator, m_terminator; + SecByteBlock m_separator, m_terminator; unsigned int m_groupSize, m_counter; }; diff --git a/c5/bench.cpp b/c5/bench.cpp index 9a38a03..44c0c96 100644 --- a/c5/bench.cpp +++ b/c5/bench.cpp @@ -54,7 +54,6 @@ #include "modes.h" #include "mdc.h" #include "lubyrack.h" -#include "sapphire.h" #include "tea.h" #include "dh.h" #include "mqv.h" @@ -230,7 +229,7 @@ void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - priv.Decrypt(ciphertext, ciphertext.size(), plaintext); + priv.Decrypt(rng, ciphertext, ciphertext.size(), plaintext); OutputResultOperations(name, "Decryption", false, i, timeTaken); } @@ -269,7 +268,7 @@ void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier unsigned int i; double timeTaken; for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++) - pub.VerifyMessage(message, len, signature); + pub.VerifyMessage(message, len, signature, signature.size()); OutputResultOperations(name, "Verification", pc, i, timeTaken); @@ -556,10 +555,10 @@ void BenchMarkAll(double t) BenchMarkCrypto<LUC_IES<> >("lucc1024.dat", "LUCELG 1024", t); cout << "<TBODY style=\"background: yellow\">" << endl; - BenchMarkSignature<RSASSA<PKCS1v15, SHA> >("rsa1024.dat", "RSA 1024", t); - BenchMarkSignature<RabinPSSR<SHA> >("rabi1024.dat", "Rabin 1024", t); - BenchMarkSignature<RWSSA<SHA> >("rw1024.dat", "RW 1024", t); - BenchMarkSignature<LUCSSA<SHA> >("luc1024.dat", "LUC 1024", t); + BenchMarkSignature<RSASS<PSSR, SHA> >("rsa1024.dat", "RSA 1024", t); + BenchMarkSignature<RabinSS<PSSR, SHA> >("rabi1024.dat", "Rabin 1024", t); + BenchMarkSignature<RWSS<PSSR, SHA> >("rw1024.dat", "RW 1024", t); + BenchMarkSignature<LUCSS<PSSR, SHA> >("luc1024.dat", "LUC 1024", t); BenchMarkSignature<NR<SHA> >("nr1024.dat", "NR 1024", t); BenchMarkSignature<DSA>("dsa1024.dat", "DSA 1024", t); BenchMarkSignature<LUC_HMP<SHA> >("lucs512.dat", "LUC-HMP 512", t); @@ -567,10 +566,10 @@ void BenchMarkAll(double t) BenchMarkSignature<ESIGN<SHA> >("esig1536.dat", "ESIGN 1536", t); cout << "<TBODY style=\"background: white\">" << endl; - BenchMarkSignature<RSASSA<PKCS1v15, SHA> >("rsa2048.dat", "RSA 2048", t); - BenchMarkSignature<RabinPSSR<SHA> >("rabi2048.dat", "Rabin 2048", t); - BenchMarkSignature<RWSSA<SHA> >("rw2048.dat", "RW 2048", t); - BenchMarkSignature<LUCSSA<SHA> >("luc2048.dat", "LUC 2048", t); + BenchMarkSignature<RSASS<PSSR, SHA> >("rsa2048.dat", "RSA 2048", t); + BenchMarkSignature<RabinSS<PSSR, SHA> >("rabi2048.dat", "Rabin 2048", t); + BenchMarkSignature<RWSS<PSSR, SHA> >("rw2048.dat", "RW 2048", t); + BenchMarkSignature<LUCSS<PSSR, SHA> >("luc2048.dat", "LUC 2048", t); BenchMarkSignature<NR<SHA> >("nr2048.dat", "NR 2048", t); BenchMarkSignature<LUC_HMP<SHA> >("lucs1024.dat", "LUC-HMP 1024", t); BenchMarkSignature<ESIGN<SHA> >("esig2046.dat", "ESIGN 2046", t); diff --git a/c5/blumshub.cpp b/c5/blumshub.cpp index f715c84..40c654a 100644 --- a/c5/blumshub.cpp +++ b/c5/blumshub.cpp @@ -41,9 +41,11 @@ BlumBlumShub::BlumBlumShub(const Integer &p, const Integer &q, const Integer &se void BlumBlumShub::Seek(dword index) { - Integer e = a_exp_b_mod_c (2, ((index*8) / maxBits + 1), (p-1)*(q-1)); + Integer i(Integer::POSITIVE, HIGH_WORD(index), word(index)); + i *= 8; + Integer e = a_exp_b_mod_c (2, i / maxBits + 1, (p-1)*(q-1)); current = modn.Exponentiate(x0, e); - bitsLeft = maxBits - int((index*8) % maxBits); + bitsLeft = maxBits - i % maxBits; } NAMESPACE_END diff --git a/c5/blumshub.h b/c5/blumshub.h index 10b3cac..dbbb8be 100644 --- a/c5/blumshub.h +++ b/c5/blumshub.h @@ -29,7 +29,7 @@ public: protected: const ModularArithmetic modn; - const int maxBits; + const word maxBits; Integer current; int bitsLeft; diff --git a/c5/config.h b/c5/config.h index cd4156b..f27910c 100644 --- a/c5/config.h +++ b/c5/config.h @@ -4,7 +4,7 @@ // ***************** Important Settings ******************** // define this if running on a big-endian CPU -#if !defined(IS_LITTLE_ENDIAN) && (defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__PPC__) || defined(__mips__) || (defined(__MWERKS__) && !defined(__INTEL__))) +#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__mips__) || (defined(__MWERKS__) && !defined(__INTEL__))) # define IS_BIG_ENDIAN #endif @@ -84,7 +84,7 @@ // Unfortunately there is no way to tell whether or not socklen_t is defined. // To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. #ifndef TYPE_OF_SOCKLEN_T -# if defined(_WIN32) || defined(__CYGWIN__) +# if defined(_WIN32) || defined(__CYGWIN__) || defined(__MACH__) # define TYPE_OF_SOCKLEN_T int # else # define TYPE_OF_SOCKLEN_T ::socklen_t @@ -171,7 +171,7 @@ union dword_union NAMESPACE_END // VC60 workaround: it doesn't allow typename in some places -#ifdef _MSC_VER +#if defined(_MSC_VER) && (_MSC_VER < 1300) #define CPP_TYPENAME #else #define CPP_TYPENAME typename @@ -194,11 +194,15 @@ NAMESPACE_END #define CRYPTOPP_WIN32_AVAILABLE #endif -#if !defined(NO_OS_DEPENDENCE) && defined(WORD64_AVAILABLE) && (defined(_WIN32) || defined(__unix__) || defined(macintosh)) +#if defined(__unix__) || defined(__MACH__) +#define CRYPTOPP_UNIX_AVAILABLE +#endif + +#if defined(WORD64_AVAILABLE) && (defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) || defined(macintosh)) # define HIGHRES_TIMER_AVAILABLE #endif -#if defined(__unix__) +#ifdef CRYPTOPP_UNIX_AVAILABLE # define HAS_BERKELEY_STYLE_SOCKETS #endif @@ -225,13 +229,10 @@ NAMESPACE_END # define OS_RNG_AVAILABLE #endif -#if (defined(__FreeBSD__) || defined(__linux__) || defined(__MACH__)) +#ifdef CRYPTOPP_UNIX_AVAILABLE # define NONBLOCKING_RNG_AVAILABLE # define BLOCKING_RNG_AVAILABLE # define OS_RNG_AVAILABLE -#endif - -#ifdef __unix__ # define HAS_PTHREADS # define THREADS_AVAILABLE #endif diff --git a/c5/cryptest.dsp b/c5/cryptest.dsp index dc4ba3f..e481e9e 100644 --- a/c5/cryptest.dsp +++ b/c5/cryptest.dsp @@ -4,7 +4,7 @@ # TARGTYPE "Win32 (x86) Console Application" 0x0103 -CFG=cryptest - Win32 FIPS 140 Debug +CFG=cryptest - Win32 Debug !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE @@ -13,129 +13,137 @@ CFG=cryptest - Win32 FIPS 140 Debug !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "cryptest.mak" CFG="cryptest - Win32 FIPS 140 Debug" +!MESSAGE NMAKE /f "cryptest.mak" CFG="cryptest - Win32 Debug" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "cryptest - Win32 Release" (based on "Win32 (x86) Console Application") -!MESSAGE "cryptest - Win32 Debug" (based on "Win32 (x86) Console Application") !MESSAGE "cryptest - Win32 FIPS 140 Release" (based on "Win32 (x86) Console Application") !MESSAGE "cryptest - Win32 FIPS 140 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE "cryptest - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "cryptest - Win32 Debug" (based on "Win32 (x86) Console Application") !MESSAGE # Begin Project # PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName ""$/cryptlib", BAAAAAAA" -# PROP Scc_LocalPath "." +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" CPP=cl.exe RSC=rc.exe -!IF "$(CFG)" == "cryptest - Win32 Release" +!IF "$(CFG)" == "cryptest - Win32 FIPS 140 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "cryptes0" -# PROP BASE Intermediate_Dir "cryptes0" +# PROP BASE Output_Dir "cryptest___Win32_FIPS_140_Release" +# PROP BASE Intermediate_Dir "cryptest___Win32_FIPS_140_Release" +# PROP BASE Ignore_Export_Lib 0 # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 -# PROP Output_Dir "CTRelease" -# PROP Intermediate_Dir "CTRelease" +# PROP Output_Dir "CT_FIPS_140_Release" +# PROP Intermediate_Dir "CT_FIPS_140_Release" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /GB /Gd /MT /W3 /GX /Zi /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c +# ADD BASE CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c +# ADD CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /D "WIN32" /YX /FD /Zm200 /c # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /OPT:NOWIN98 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /OPT:NOWIN98 +# Begin Special Build Tool +SOURCE="$(InputPath)" +PostBuild_Cmds=echo This configuration is used to build a static binary for FIPS 140 evaluation by a testing laboratory. echo Crypto++ users should not build this configuration directly. +# End Special Build Tool -!ELSEIF "$(CFG)" == "cryptest - Win32 Debug" +!ELSEIF "$(CFG)" == "cryptest - Win32 FIPS 140 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "cryptes1" -# PROP BASE Intermediate_Dir "cryptes1" +# PROP BASE Output_Dir "cryptest___Win32_FIPS_140_Debug" +# PROP BASE Intermediate_Dir "cryptest___Win32_FIPS_140_Debug" +# PROP BASE Ignore_Export_Lib 0 # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 -# PROP Output_Dir "CTDebug" -# PROP Intermediate_Dir "CTDebug" +# PROP Output_Dir "CT_FIPS_140_Debug" +# PROP Intermediate_Dir "CT_FIPS_140_Debug" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /MTd /W3 /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c +# ADD BASE CPP /nologo /MTd /W3 /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c +# ADD CPP /nologo /G5 /Gz /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /D "WIN32" /YX /FD /Zm200 /c # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /OPT:NOWIN98 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /OPT:NOWIN98 +# Begin Special Build Tool +SOURCE="$(InputPath)" +PostBuild_Cmds=echo This configuration is used to build a static binary for FIPS 140 evaluation by a testing laboratory. echo Crypto++ users should not build this configuration directly. +# End Special Build Tool -!ELSEIF "$(CFG)" == "cryptest - Win32 FIPS 140 Release" +!ELSEIF "$(CFG)" == "cryptest - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "cryptest___Win32_FIPS_140_Release" -# PROP BASE Intermediate_Dir "cryptest___Win32_FIPS_140_Release" -# PROP BASE Ignore_Export_Lib 0 +# PROP BASE Output_Dir "cryptes0" +# PROP BASE Intermediate_Dir "cryptes0" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 -# PROP Output_Dir "CT_FIPS_140_Release" -# PROP Intermediate_Dir "CT_FIPS_140_Release" +# PROP Output_Dir "CTRelease" +# PROP Intermediate_Dir "CTRelease" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c -# ADD CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /D "WIN32" /YX /FD /Zm200 /c +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /MT /W3 /GX /Zi /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /OPT:NOWIN98 +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /OPT:NOWIN98 -!ELSEIF "$(CFG)" == "cryptest - Win32 FIPS 140 Debug" +!ELSEIF "$(CFG)" == "cryptest - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "cryptest___Win32_FIPS_140_Debug" -# PROP BASE Intermediate_Dir "cryptest___Win32_FIPS_140_Debug" -# PROP BASE Ignore_Export_Lib 0 +# PROP BASE Output_Dir "cryptes1" +# PROP BASE Intermediate_Dir "cryptes1" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 -# PROP Output_Dir "CT_FIPS_140_Debug" -# PROP Intermediate_Dir "CT_FIPS_140_Debug" +# PROP Output_Dir "CTDebug" +# PROP Intermediate_Dir "CTDebug" # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" -# ADD BASE CPP /nologo /MTd /W3 /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c -# ADD CPP /nologo /G5 /Gz /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /D "WIN32" /YX /FD /Zm200 /c +# ADD BASE CPP /nologo /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /MTd /W3 /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /Zm200 /c # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /OPT:NOWIN98 +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Ws2_32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /OPT:NOWIN98 !ENDIF # Begin Target -# Name "cryptest - Win32 Release" -# Name "cryptest - Win32 Debug" # Name "cryptest - Win32 FIPS 140 Release" # Name "cryptest - Win32 FIPS 140 Debug" +# Name "cryptest - Win32 Release" +# Name "cryptest - Win32 Debug" # Begin Group "Test Data" # PROP Default_Filter ".dat" @@ -358,7 +366,62 @@ SOURCE=.\xtrdh342.dat # End Group # Begin Group "Source Code" -# PROP Default_Filter "" +# PROP Default_Filter ".cpp;.h" +# Begin Source File + +SOURCE=.\adhoc.cpp +# End Source File +# Begin Source File + +SOURCE=.\adhoc.cpp.proto + +!IF "$(CFG)" == "cryptest - Win32 FIPS 140 Release" + +# Begin Custom Build +InputPath=.\adhoc.cpp.proto + +"adhoc.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + if exist adhoc.cpp echo: >> adhoc.cpp + if not exist adhoc.cpp copy "$(InputPath)" adhoc.cpp + +# End Custom Build + +!ELSEIF "$(CFG)" == "cryptest - Win32 FIPS 140 Debug" + +# Begin Custom Build +InputPath=.\adhoc.cpp.proto + +"adhoc.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + if exist adhoc.cpp echo: >> adhoc.cpp + if not exist adhoc.cpp copy "$(InputPath)" adhoc.cpp + +# End Custom Build + +!ELSEIF "$(CFG)" == "cryptest - Win32 Release" + +# Begin Custom Build +InputPath=.\adhoc.cpp.proto + +"adhoc.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + if exist adhoc.cpp echo: >> adhoc.cpp + if not exist adhoc.cpp copy "$(InputPath)" adhoc.cpp + +# End Custom Build + +!ELSEIF "$(CFG)" == "cryptest - Win32 Debug" + +# Begin Custom Build +InputPath=.\adhoc.cpp.proto + +"adhoc.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + if exist adhoc.cpp echo: >> adhoc.cpp + if not exist adhoc.cpp copy "$(InputPath)" adhoc.cpp + +# End Custom Build + +!ENDIF + +# End Source File # Begin Source File SOURCE=.\bench.cpp @@ -369,6 +432,18 @@ SOURCE=.\bench.h # End Source File # Begin Source File +SOURCE=.\datatest.cpp +# End Source File +# Begin Source File + +SOURCE=.\factory.h +# End Source File +# Begin Source File + +SOURCE=.\regtest.cpp +# End Source File +# Begin Source File + SOURCE=.\test.cpp # End Source File # Begin Source File diff --git a/c5/cryptlib.cpp b/c5/cryptlib.cpp index 9e0d59f..e3fe2d5 100644 --- a/c5/cryptlib.cpp +++ b/c5/cryptlib.cpp @@ -545,15 +545,15 @@ BufferedTransformation * PK_Encryptor::CreateEncryptionFilter(RandomNumberGenera return new EncryptionFilter(rng, *this, attachment); } -BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransformation *attachment) const +BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment) const { struct DecryptionFilter : public Unflushable<FilterWithInputQueue> { // VC60 complains if this function is missing - DecryptionFilter(const DecryptionFilter &x) : Unflushable<FilterWithInputQueue>(NULL), m_decryptor(x.m_decryptor) {} + DecryptionFilter(const DecryptionFilter &x) : Unflushable<FilterWithInputQueue>(NULL), m_rng(x.m_rng), m_decryptor(x.m_decryptor) {} - DecryptionFilter(const PK_Decryptor &decryptor, BufferedTransformation *attachment) - : Unflushable<FilterWithInputQueue>(attachment), m_decryptor(decryptor) + DecryptionFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment) + : Unflushable<FilterWithInputQueue>(attachment), m_rng(rng), m_decryptor(decryptor) { } @@ -569,7 +569,7 @@ BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransforma SecByteBlock ciphertext(ciphertextLength); m_inQueue.Get(ciphertext, ciphertextLength); m_plaintext.resize(maxPlaintextLength); - m_result = m_decryptor.Decrypt(ciphertext, ciphertextLength, m_plaintext); + m_result = m_decryptor.Decrypt(m_rng, ciphertext, ciphertextLength, m_plaintext); if (!m_result.isValidCoding) throw InvalidCiphertext(m_decryptor.AlgorithmName() + ": invalid ciphertext"); } @@ -581,12 +581,13 @@ BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransforma return true; } + RandomNumberGenerator &m_rng; const PK_Decryptor &m_decryptor; SecByteBlock m_plaintext; DecodingResult m_result; }; - return new DecryptionFilter(*this, attachment); + return new DecryptionFilter(rng, *this, attachment); } unsigned int PK_FixedLengthCryptoSystem::MaxPlaintextLength(unsigned int cipherTextLength) const @@ -605,38 +606,64 @@ unsigned int PK_FixedLengthCryptoSystem::CiphertextLength(unsigned int plainText return 0; } -DecodingResult PK_FixedLengthDecryptor::Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const +DecodingResult PK_FixedLengthDecryptor::Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const { if (cipherTextLength != FixedCiphertextLength()) return DecodingResult(); - return FixedLengthDecrypt(cipherText, plainText); + return FixedLengthDecrypt(rng, cipherText, plainText); +} + +unsigned int PK_Signer::Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const +{ + std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); + return SignAndRestart(rng, *m, signature, false); +} + +unsigned int PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const +{ + std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); + m->Update(message, messageLen); + return SignAndRestart(rng, *m, signature, false); +} + +unsigned int PK_Signer::SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, unsigned int recoverableMessageLength, + const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, byte *signature) const +{ + std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng)); + InputRecoverableMessage(*m, recoverableMessage, recoverableMessageLength); + m->Update(nonrecoverableMessage, nonrecoverableMessageLength); + return SignAndRestart(rng, *m, signature, false); } -void PK_Signer::Sign(RandomNumberGenerator &rng, HashTransformation *messageAccumulator, byte *signature) const +bool PK_Verifier::Verify(PK_MessageAccumulator *messageAccumulator) const { - std::auto_ptr<HashTransformation> m(messageAccumulator); - SignAndRestart(rng, *m, signature); + std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); + return VerifyAndRestart(*m); } -void PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const +bool PK_Verifier::VerifyMessage(const byte *message, unsigned int messageLen, const byte *signature, unsigned int signatureLength) const { - std::auto_ptr<HashTransformation> accumulator(NewSignatureAccumulator()); - accumulator->Update(message, messageLen); - SignAndRestart(rng, *accumulator, signature); + std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); + InputSignature(*m, signature, signatureLength); + m->Update(message, messageLen); + return VerifyAndRestart(*m); } -bool PK_Verifier::Verify(HashTransformation *messageAccumulator, const byte *signature) const +DecodingResult PK_Verifier::Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const { - std::auto_ptr<HashTransformation> m(messageAccumulator); - return VerifyAndRestart(*m, signature); + std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator); + return RecoverAndRestart(recoveredMessage, *m); } -bool PK_Verifier::VerifyMessage(const byte *message, unsigned int messageLen, const byte *sig) const +DecodingResult PK_Verifier::RecoverMessage(byte *recoveredMessage, + const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, + const byte *signature, unsigned int signatureLength) const { - std::auto_ptr<HashTransformation> accumulator(NewVerificationAccumulator()); - accumulator->Update(message, messageLen); - return VerifyAndRestart(*accumulator, sig); + std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator()); + InputSignature(*m, signature, signatureLength); + m->Update(nonrecoverableMessage, nonrecoverableMessageLength); + return RecoverAndRestart(recoveredMessage, *m); } void SimpleKeyAgreementDomain::GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const diff --git a/c5/cryptlib.dsp b/c5/cryptlib.dsp index c3eb412..5cb3b63 100644 --- a/c5/cryptlib.dsp +++ b/c5/cryptlib.dsp @@ -4,7 +4,7 @@ # TARGTYPE "Win32 (x86) Static Library" 0x0104 -CFG=cryptlib - Win32 FIPS 140 Debug +CFG=cryptlib - Win32 Debug !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE @@ -13,37 +13,37 @@ CFG=cryptlib - Win32 FIPS 140 Debug !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "cryptlib.mak" CFG="cryptlib - Win32 FIPS 140 Debug" +!MESSAGE NMAKE /f "cryptlib.mak" CFG="cryptlib - Win32 Debug" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "cryptlib - Win32 Release" (based on "Win32 (x86) Static Library") -!MESSAGE "cryptlib - Win32 Debug" (based on "Win32 (x86) Static Library") !MESSAGE "cryptlib - Win32 FIPS 140 Release" (based on "Win32 (x86) Static Library") !MESSAGE "cryptlib - Win32 FIPS 140 Debug" (based on "Win32 (x86) Static Library") +!MESSAGE "cryptlib - Win32 Release" (based on "Win32 (x86) Static Library") +!MESSAGE "cryptlib - Win32 Debug" (based on "Win32 (x86) Static Library") !MESSAGE # Begin Project # PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName ""$/cryptlib", BAAAAAAA" -# PROP Scc_LocalPath "." +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" CPP=cl.exe RSC=rc.exe -!IF "$(CFG)" == "cryptlib - Win32 Release" +!IF "$(CFG)" == "cryptlib - Win32 FIPS 140 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "cryptlib" -# PROP BASE Intermediate_Dir "cryptlib" +# PROP BASE Output_Dir "cryptlib___Win32_FIPS_140_Release" +# PROP BASE Intermediate_Dir "cryptlib___Win32_FIPS_140_Release" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 -# PROP Output_Dir "release" -# PROP Intermediate_Dir "release" +# PROP Output_Dir "FIPS_140_Release" +# PROP Intermediate_Dir "FIPS_140_Release" # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /FD /c -# ADD CPP /nologo /GB /Gd /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c +# ADD BASE CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c +# ADD CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /D "WIN32" /D CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1 /Yu"pch.h" /Fd"FIPS_140_Release/cryptopp" /FD /c # ADD BASE RSC /l 0x409 # ADD RSC /l 0x409 BSC32=bscmake.exe @@ -51,22 +51,22 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo +# ADD LIB32 /nologo /out:"FIPS_140_Release\cryptopp.lib" -!ELSEIF "$(CFG)" == "cryptlib - Win32 Debug" +!ELSEIF "$(CFG)" == "cryptlib - Win32 FIPS 140 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "cryptli0" -# PROP BASE Intermediate_Dir "cryptli0" +# PROP BASE Output_Dir "cryptlib___Win32_FIPS_140_Debug" +# PROP BASE Intermediate_Dir "cryptlib___Win32_FIPS_140_Debug" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 -# PROP Output_Dir "debug" -# PROP Intermediate_Dir "debug" +# PROP Output_Dir "FIPS_140_Debug" +# PROP Intermediate_Dir "FIPS_140_Debug" # PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /FD /c -# ADD CPP /nologo /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c +# ADD BASE CPP /nologo /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c +# ADD CPP /nologo /G5 /Gz /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /D "WIN32" /D CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1 /Yu"pch.h" /Fd"FIPS_140_Debug/cryptopp" /FD /c # ADD BASE RSC /l 0x409 # ADD RSC /l 0x409 BSC32=bscmake.exe @@ -74,22 +74,22 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo +# ADD LIB32 /nologo /out:"FIPS_140_Debug\cryptopp.lib" -!ELSEIF "$(CFG)" == "cryptlib - Win32 FIPS 140 Release" +!ELSEIF "$(CFG)" == "cryptlib - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "cryptlib___Win32_FIPS_140_Release" -# PROP BASE Intermediate_Dir "cryptlib___Win32_FIPS_140_Release" +# PROP BASE Output_Dir "cryptlib" +# PROP BASE Intermediate_Dir "cryptlib" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 0 -# PROP Output_Dir "FIPS_140_Release" -# PROP Intermediate_Dir "FIPS_140_Release" +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" # PROP Target_Dir "" -# ADD BASE CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c -# ADD CPP /nologo /G5 /Gz /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /D "WIN32" /D CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1 /Yu"pch.h" /Fd"FIPS_140_Release/cryptopp" /FD /c +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /FD /c +# ADD CPP /nologo /MT /W3 /GX /Zi /O2 /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c # ADD BASE RSC /l 0x409 # ADD RSC /l 0x409 BSC32=bscmake.exe @@ -97,22 +97,22 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"FIPS_140_Release\cryptopp.lib" +# ADD LIB32 /nologo -!ELSEIF "$(CFG)" == "cryptlib - Win32 FIPS 140 Debug" +!ELSEIF "$(CFG)" == "cryptlib - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "cryptlib___Win32_FIPS_140_Debug" -# PROP BASE Intermediate_Dir "cryptlib___Win32_FIPS_140_Debug" +# PROP BASE Output_Dir "cryptli0" +# PROP BASE Intermediate_Dir "cryptli0" # PROP BASE Target_Dir "" # PROP Use_MFC 0 # PROP Use_Debug_Libraries 1 -# PROP Output_Dir "FIPS_140_Debug" -# PROP Intermediate_Dir "FIPS_140_Debug" +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" # PROP Target_Dir "" -# ADD BASE CPP /nologo /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c -# ADD CPP /nologo /G5 /Gz /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /D "WIN32" /D CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2=1 /Yu"pch.h" /Fd"FIPS_140_Debug/cryptopp" /FD /c +# ADD BASE CPP /nologo /W3 /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /FD /c +# ADD CPP /nologo /MTd /W3 /GX /ZI /Od /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "USE_PRECOMPILED_HEADERS" /Yu"pch.h" /FD /c # ADD BASE RSC /l 0x409 # ADD RSC /l 0x409 BSC32=bscmake.exe @@ -120,16 +120,16 @@ BSC32=bscmake.exe # ADD BSC32 /nologo LIB32=link.exe -lib # ADD BASE LIB32 /nologo -# ADD LIB32 /nologo /out:"FIPS_140_Debug\cryptopp.lib" +# ADD LIB32 /nologo !ENDIF # Begin Target -# Name "cryptlib - Win32 Release" -# Name "cryptlib - Win32 Debug" # Name "cryptlib - Win32 FIPS 140 Release" # Name "cryptlib - Win32 FIPS 140 Debug" +# Name "cryptlib - Win32 Release" +# Name "cryptlib - Win32 Debug" # Begin Group "Source Files" # PROP Default_Filter ".cpp" @@ -404,6 +404,10 @@ SOURCE=.\polynomi.cpp # End Source File # Begin Source File +SOURCE=.\pssr.cpp +# End Source File +# Begin Source File + SOURCE=.\pubkey.cpp # End Source File # Begin Source File @@ -460,10 +464,6 @@ SOURCE=.\safer.cpp # End Source File # Begin Source File -SOURCE=.\sapphire.cpp -# End Source File -# Begin Source File - SOURCE=.\seal.cpp # End Source File # Begin Source File @@ -920,10 +920,6 @@ SOURCE=.\safer.h # End Source File # Begin Source File -SOURCE=.\sapphire.h -# End Source File -# Begin Source File - SOURCE=.\seal.h # End Source File # Begin Source File diff --git a/c5/cryptlib.h b/c5/cryptlib.h index 9be8849..2778397 100644 --- a/c5/cryptlib.h +++ b/c5/cryptlib.h @@ -4,7 +4,7 @@ classes that provide a uniform interface to this library. */ -/*! \mainpage <a href="http://www.cryptopp.com">Crypto++</a><sup><small>TM</small></sup> Library 5.0 Reference Manual +/*! \mainpage <a href="http://www.cryptopp.com">Crypto++</a><sup><small>TM</small></sup> Library 5.1 Reference Manual <dl> <dt>Abstract Base Classes<dd> cryptlib.h @@ -21,7 +21,7 @@ <dt>Public Key Cryptosystems<dd> DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES <dt>Public Key Signature Schemes<dd> - DSA, GDSA, ECDSA, NR, ECNR, LUCSSA, RSASSA, RabinSSR, RWSSA, ESIGN + DSA, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RabinSS, RWSS, ESIGN <dt>Key Agreement<dd> #DH, DH2, #MQV, ECDH, ECMQV, XTR_DH <dt>Algebraic Structures<dd> @@ -106,7 +106,7 @@ public: OTHER_ERROR }; - explicit Exception(ErrorType errorType, const std::string &s) : m_what(s) {} + explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {} virtual ~Exception() throw() {} const char *what() const throw() {return (m_what.c_str());} const std::string &GetWhat() const {return m_what;} @@ -319,7 +319,7 @@ public: class Algorithm : public Clonable { public: - /*! When FIPS-140-2 compliance is enabled and checkSelfTestStatus == true, + /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true, this constructor throws SelfTestFailure if the self test hasn't been run or fails. */ Algorithm(bool checkSelfTestStatus = true); //! returns name of this algorithm, not universally implemented yet @@ -519,6 +519,9 @@ public: //! input to Update() should have length a multiple of this for optimal speed virtual unsigned int OptimalBlockSize() const {return 1;} + //! returns how input should be aligned for optimal performance + virtual unsigned int OptimalDataAlignment() const {return 1;} + //! use this if your input is in one piece and you don't want to call Update() and Final() separately virtual void CalculateDigest(byte *digest, const byte *input, unsigned int length) {Update(input, length); Final(digest);} @@ -691,8 +694,9 @@ public: //! input a 32-bit word unsigned int PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); - //! request space to write bytes into for processing + //! request space which can be written into by the caller, and then used as input to Put() /*! \param size is requested size (as a hint) for input, and size of the returned space for output */ + /*! \note The purpose of this method is to help avoid doing extra memory allocations. */ virtual byte * CreatePutSpace(unsigned int &size) {size=0; return NULL;} virtual bool CanModifyInput() const {return false;} @@ -1126,12 +1130,12 @@ public: /*! \pre size of plainText == MaxPlainTextLength(cipherTextLength) bytes. \return the actual length of the plaintext, or 0 if decryption fails. */ - virtual DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const =0; + virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const =0; //! create a new decryption filter /*! \note caller is responsible for deleting the returned pointer */ - virtual BufferedTransformation * CreateDecryptionFilter(BufferedTransformation *attachment=NULL) const; + virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment=NULL) const; }; //! interface for encryptors and decryptors with fixed length ciphertext @@ -1175,165 +1179,154 @@ public: \pre size of plainText == MaxPlainTextLength() \return the actual length of the plaintext, or 0 if decryption fails. */ - virtual DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const =0; - - DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const; + virtual DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const =0; -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - DecodingResult Decrypt(const byte *cipherText, byte *plainText) const {return FixedLengthDecrypt(cipherText, plainText);} -#endif + DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const; }; //! interface for public-key signers and verifiers /*! This class provides an interface common to signers and verifiers - for querying their signature lengths and creating message - accumulators. + for querying scheme properties. */ class PK_SignatureScheme { public: + //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used + class InvalidKeyLength : public Exception + { + public: + InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {} + }; + + //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything + class KeyTooShort : public InvalidKeyLength + { + public: + KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {} + }; + virtual ~PK_SignatureScheme() {} - //! signature length support by this object (as either input or output) + //! signature length if it only depends on the key, otherwise 0 virtual unsigned int SignatureLength() const =0; - //! deprecated, please use PK_Signer::NewSignatureAccumulator or PK_Verifier::NewVerificationAccumulator instead - virtual HashTransformation * NewMessageAccumulator() const =0; -}; + //! maximum signature length produced for a given length of recoverable message part + virtual unsigned int MaxSignatureLength(unsigned int recoverablePartLength = 0) const {return SignatureLength();} -//! interface for public-key signers + //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery + virtual unsigned int MaxRecoverableLength() const =0; -class PK_Signer : virtual public PK_SignatureScheme, public PrivateKeyAlgorithm -{ -public: - //! key too short exception, may be thrown by Sign() or SignMessage() - class KeyTooShort : public Exception - { - public: - KeyTooShort() : Exception(OTHER_ERROR, "PK_Signer: key too short") {} - }; + //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery + virtual unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const =0; - //! sign and delete messageAccumulator (even in case of exception thrown) - /*! \pre messageAccumulator was obtained by calling NewSignatureAccumulator() - \pre HashTransformation::Final() has not been called on messageAccumulator - \pre size of signature == SignatureLength() - */ - virtual void Sign(RandomNumberGenerator &rng, HashTransformation *messageAccumulator, byte *signature) const; + //! requires a random number generator to sign + /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */ + virtual bool IsProbabilistic() const =0; - //! sign and restart messageAccumulator - virtual void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const =0; + //! whether or not a non-recoverable message part can be signed + virtual bool AllowNonrecoverablePart() const =0; - //! sign a message - /*! \pre size of signature == SignatureLength() */ - virtual void SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const; + //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */ + virtual bool SignatureUpfront() const {return false;} - //! create a new HashTransformation to accumulate the message to be signed - virtual HashTransformation * NewSignatureAccumulator() const - {return NewMessageAccumulator();} + //! whether you must input the recoverable part before the non-recoverable part during signing + virtual bool RecoverablePartFirst() const =0; }; -//! interface for public-key signature verifiers +//! interface for accumulating messages to be signed or verified +/*! Only Update() should be called + on this class. No other functions inherited from HashTransformation should be called. +*/ +class PK_MessageAccumulator : public HashTransformation +{ +public: + //! should not be called on PK_MessageAccumulator + unsigned int DigestSize() const + {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");} + //! should not be called on PK_MessageAccumulator + void TruncatedFinal(byte *digest, unsigned int digestSize) + {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");} +}; -class PK_Verifier : virtual public PK_SignatureScheme, public PublicKeyAlgorithm +//! interface for public-key signers + +class PK_Signer : virtual public PK_SignatureScheme, public PrivateKeyAlgorithm { public: - /*! If this function returns true, you must input the signature when - calling NewVerificationAccumulator(). Otherwise, you must input the signature - when calling Verify(). */ - virtual bool SignatureUpfrontForVerification() const {return false;} + //! create a new HashTransformation to accumulate the message to be signed + virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const =0; - //! create a new HashTransformation to accumulate the message to be verified - /*! \param signature is ignored if SignatureUpfrontForVerification() == false - \param signature may be NULL to indicate that the signature is not available yet - */ - virtual HashTransformation * NewVerificationAccumulator(const byte *signature=NULL) const - {return NewMessageAccumulator();} - - //! check whether sig is a valid signature for messageAccumulator, and delete messageAccumulator (even in case of exception thrown) - /*! \pre messageAccumulator was obtained by calling NewVerificationAccumulator() - \pre HashTransformation::Final() has not been called on messageAccumulator - \pre length of signature == SignatureLength() - \param signature is ignored if SignatureUpfrontForVerification() == true + virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const =0; + + //! sign and delete messageAccumulator (even in case of exception thrown) + /*! \pre size of signature == MaxSignatureLength() + \return actual signature length */ - virtual bool Verify(HashTransformation *messageAccumulator, const byte *signature=NULL) const; + virtual unsigned int Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const; - //! check whether sig is a valid signature for messageAccumulator, and restart messageAccumulator - /*! \note depending on SignatureUpfrontForVerification(), signature is either the current or the next signature - \param signature may be NULL to indicate that the next signature is not available yet + //! sign and restart messageAccumulator + /*! \pre size of signature == MaxSignatureLength() + \return actual signature length */ - virtual bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *signature) const =0; + virtual unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0; - //! only useful if SignatureUpfrontForVerification() == true - virtual void InitializeVerificationAccumulator(HashTransformation &messageAccumulator, const byte *signature) const {} + //! sign a message + /*! \pre size of signature == MaxSignatureLength() + \return actual signature length + */ + virtual unsigned int SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const; - //! check whether sig is a valid signature for message - /*! \pre size of signature == SignatureLength() */ - virtual bool VerifyMessage(const byte *message, unsigned int messageLen, const byte *signature) const; + //! sign a recoverable message + /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength) + \return actual signature length + */ + virtual unsigned int SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, unsigned int recoverableMessageLength, + const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, byte *signature) const; }; -//! interface for public-key signers and verifiers with recovery - -/*! In a signature scheme with recovery, a verifier is able to extract - a message from its valid signature. +//! interface for public-key signature verifiers +/*! The Recover* functions throw NotImplemented if the signature scheme does not support + message recovery. + The Verify* functions throw InvalidDataFormat if the scheme does support message + recovery and the signature contains a non-empty recoverable message part. The + Recovery* functions should be used in that case. */ -class PK_SignatureSchemeWithRecovery : virtual public PK_SignatureScheme +class PK_Verifier : virtual public PK_SignatureScheme, public PublicKeyAlgorithm { public: - //! length of longest message that can be fully recovered - virtual unsigned int MaximumRecoverableLength() const =0; - - //! whether or not messages longer than MaximumRecoverableLength() can be signed - /*! If this function returns false, any message longer than - MaximumRecoverableLength() will be truncated for signature - and will fail verification. - */ - virtual bool AllowLeftoverMessage() const =0; -}; - -//! interface for public-key signers with recovery + //! create a new HashTransformation to accumulate the message to be verified + virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0; -class PK_SignerWithRecovery : virtual public PK_SignatureSchemeWithRecovery, virtual public PK_Signer -{ -}; + //! input signature into a message accumulator + virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const =0; -//! interface for public-key verifiers with recovery + //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown) + virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const; -/*! A PK_VerifierWithRecovery can also be used the same way as a PK_Verifier, - where the signature and the entire message is given to Verify() or - VerifyMessage() as input. -*/ -class PK_VerifierWithRecovery : virtual public PK_SignatureSchemeWithRecovery, virtual public PK_Verifier -{ -public: - /*! If this function returns true, you must input the signature when - calling NewRecoveryAccumulator(). Otherwise, you must input the signature - when calling Recover(). */ - virtual bool SignatureUpfrontForRecovery() const =0; + //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator + virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0; - //! create a new HashTransformation to accumulate leftover message - virtual HashTransformation * NewRecoveryAccumulator(const byte *signature=NULL) const =0; + //! check whether input signature is a valid signature for input message + virtual bool VerifyMessage(const byte *message, unsigned int messageLen, + const byte *signature, unsigned int signatureLength) const; //! recover a message from its signature - /*! \pre leftoverMessageAccumulator was obtained by calling NewLeftoverMessageAccumulator(signature) - \pre HashTransformation::Final() has not been called on leftoverMessageAccumulator - \pre length of signature == SignatureLength() - \pre size of recoveredMessage == MaximumRecoverableLength() + /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) */ - virtual DecodingResult Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature=NULL) const =0; + virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const; //! recover a message from its signature - /*! depending on SignatureUpfrontForRecovery(), signature is either the current or the next signature */ - // TODO: uncomment this and implement - // virtual unsigned int RecoverAndRestart(byte *recoveredMessage, HashTransformation &recoveryAccumulator, const byte *signature) const =0; + /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) + */ + virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0; //! recover a message from its signature - /*! \note This function should be equivalent to Recover(recoveredMessage, NewRecoveryAccumulator(signature), signature) - \pre length of signature == SignatureLength() - \pre size of recoveredMessage == MaximumRecoverableLength() + /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength) */ - virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *message, unsigned int messageLen, const byte *signature) const - {return Recover(recoveredMessage, NewRecoveryAccumulator(signature), signature);} + virtual DecodingResult RecoverMessage(byte *recoveredMessage, + const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, + const byte *signature, unsigned int signatureLength) const; }; //! interface for domains of simple key agreement protocols diff --git a/c5/crypto++.mcp b/c5/crypto++.mcp Binary files differnew file mode 100644 index 0000000..48a7bd3 --- /dev/null +++ b/c5/crypto++.mcp diff --git a/c5/datatest.cpp b/c5/datatest.cpp new file mode 100644 index 0000000..50b26fe --- /dev/null +++ b/c5/datatest.cpp @@ -0,0 +1,441 @@ +#include "factory.h" +#include "integer.h" +#include "filters.h" +#include "hex.h" +#include "randpool.h" +#include "files.h" +#include "trunhash.h" +#include <iostream> +#include <memory> + +USING_NAMESPACE(CryptoPP) +USING_NAMESPACE(std) + +RandomPool & GlobalRNG(); +void RegisterFactories(); + +typedef std::map<std::string, std::string> TestData; + +class TestFailure : public Exception +{ +public: + TestFailure() : Exception(OTHER_ERROR, "Validation test failed") {} +}; + +static const TestData *s_currentTestData = NULL; + +void OutputTestData(const TestData &v) +{ + for (TestData::const_iterator i = v.begin(); i != v.end(); ++i) + { + cerr << i->first << ": " << i->second << endl; + } +} + +void SignalTestFailure() +{ + OutputTestData(*s_currentTestData); + throw TestFailure(); +} + +void SignalTestError() +{ + OutputTestData(*s_currentTestData); + throw Exception(Exception::OTHER_ERROR, "Unexpected error during validation test"); +} + +class TestDataNameValuePairs : public NameValuePairs +{ +public: + TestDataNameValuePairs(const TestData &data) : m_data(data) {} + + virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + TestData::const_iterator i = m_data.find(name); + if (i == m_data.end()) + return false; + + const std::string &value = i->second; + + if (valueType == typeid(int)) + *reinterpret_cast<int *>(pValue) = atoi(value.c_str()); + else if (valueType == typeid(Integer)) + *reinterpret_cast<Integer *>(pValue) = Integer((std::string(value) + "h").c_str()); + else + throw ValueTypeMismatch(name, typeid(std::string), valueType); + + return true; + } + +private: + const TestData &m_data; +}; + +const std::string & GetRequiredDatum(const TestData &data, const char *name) +{ + TestData::const_iterator i = data.find(name); + if (i == data.end()) + SignalTestError(); + return i->second; +} + +void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransformation &target) +{ + std::string s1 = GetRequiredDatum(data, name), s2; + + int repeat = 1; + if (s1[0] == 'r') + { + repeat = atoi(s1.c_str()+1); + s1 = s1.substr(s1.find(' ')+1); + } + + if (s1[0] == '\"') + s2 = s1.substr(1, s1.find('\"', 1)-1); + else if (s1.substr(0, 2) == "0x") + StringSource(s1.substr(2), true, new HexDecoder(new StringSink(s2))); + else + StringSource(s1, true, new HexDecoder(new StringSink(s2))); + + while (repeat--) + target.Put((const byte *)s2.data(), s2.size()); +} + +std::string GetDecodedDatum(const TestData &data, const char *name) +{ + std::string s; + PutDecodedDatumInto(data, name, StringSink(s).Ref()); + return s; +} + +void TestKeyPairValidAndConsistent(CryptoMaterial &pub, const CryptoMaterial &priv) +{ + if (!pub.Validate(GlobalRNG(), 3)) + SignalTestFailure(); + if (!priv.Validate(GlobalRNG(), 3)) + SignalTestFailure(); + +/* EqualityComparisonFilter comparison; + pub.Save(ChannelSwitch(comparison, "0")); + pub.AssignFrom(priv); + pub.Save(ChannelSwitch(comparison, "1")); + comparison.ChannelMessageSeriesEnd("0"); + comparison.ChannelMessageSeriesEnd("1"); +*/ +} + +void TestSignatureScheme(TestData &v) +{ + std::string name = GetRequiredDatum(v, "Name"); + std::string test = GetRequiredDatum(v, "Test"); + + std::auto_ptr<PK_Signer> signer(ObjectFactoryRegistry<PK_Signer>::Registry().CreateObject(name.c_str())); + std::auto_ptr<PK_Verifier> verifier(ObjectFactoryRegistry<PK_Verifier>::Registry().CreateObject(name.c_str())); + + TestDataNameValuePairs pairs(v); + std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); + + if (keyFormat == "DER") + verifier->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); + else if (keyFormat == "Component") + verifier->AccessMaterial().AssignFrom(pairs); + + if (test == "Verify" || test == "NotVerify") + { + VerifierFilter verifierFilter(*verifier, NULL, VerifierFilter::SIGNATURE_AT_BEGIN); + PutDecodedDatumInto(v, "Signature", verifierFilter); + PutDecodedDatumInto(v, "Message", verifierFilter); + verifierFilter.MessageEnd(); + if (verifierFilter.GetLastResult() == (test == "NotVerify")) + SignalTestFailure(); + } + else if (test == "PublicKeyValid") + { + if (!verifier->GetMaterial().Validate(GlobalRNG(), 3)) + SignalTestFailure(); + } + else + goto privateKeyTests; + + return; + +privateKeyTests: + if (keyFormat == "DER") + signer->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); + else if (keyFormat == "Component") + signer->AccessMaterial().AssignFrom(pairs); + + if (test == "KeyPairValidAndConsistent") + { + TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial()); + } + else if (test == "Sign") + { + SignerFilter f(GlobalRNG(), *signer, new HexEncoder(new FileSink(cout))); + StringSource ss(GetDecodedDatum(v, "Message"), true, new Redirector(f)); + SignalTestFailure(); + } + else if (test == "DeterministicSign") + { + SignalTestError(); + assert(false); // TODO: implement + } + else if (test == "RandomSign") + { + SignalTestError(); + assert(false); // TODO: implement + } + else if (test == "GenerateKey") + { + SignalTestError(); + assert(false); + } + else + { + SignalTestError(); + assert(false); + } +} + +void TestEncryptionScheme(TestData &v) +{ + std::string name = GetRequiredDatum(v, "Name"); + std::string test = GetRequiredDatum(v, "Test"); + + std::auto_ptr<PK_Encryptor> encryptor(ObjectFactoryRegistry<PK_Encryptor>::Registry().CreateObject(name.c_str())); + std::auto_ptr<PK_Decryptor> decryptor(ObjectFactoryRegistry<PK_Decryptor>::Registry().CreateObject(name.c_str())); + + std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); + + if (keyFormat == "DER") + { + decryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PrivateKey")).Ref()); + encryptor->AccessMaterial().Load(StringStore(GetDecodedDatum(v, "PublicKey")).Ref()); + } + else if (keyFormat == "Component") + { + TestDataNameValuePairs pairs(v); + decryptor->AccessMaterial().AssignFrom(pairs); + encryptor->AccessMaterial().AssignFrom(pairs); + } + + if (test == "DecryptMatch") + { + std::string decrypted, expected = GetDecodedDatum(v, "Plaintext"); + StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(GlobalRNG(), *decryptor, new StringSink(decrypted))); + if (decrypted != expected) + SignalTestFailure(); + } + else if (test == "KeyPairValidAndConsistent") + { + TestKeyPairValidAndConsistent(encryptor->AccessMaterial(), decryptor->GetMaterial()); + } + else + { + SignalTestError(); + assert(false); + } +} + +void TestDigestOrMAC(TestData &v, bool testDigest) +{ + std::string name = GetRequiredDatum(v, "Name"); + std::string test = GetRequiredDatum(v, "Test"); + + member_ptr<MessageAuthenticationCode> mac; + member_ptr<HashTransformation> hash; + HashTransformation *pHash = NULL; + + if (testDigest) + { + hash.reset(ObjectFactoryRegistry<HashTransformation>::Registry().CreateObject(name.c_str())); + pHash = hash.get(); + } + else + { + mac.reset(ObjectFactoryRegistry<MessageAuthenticationCode>::Registry().CreateObject(name.c_str())); + pHash = mac.get(); + std::string key = GetDecodedDatum(v, "Key"); + mac->SetKey((const byte *)key.c_str(), key.size()); + } + + if (test == "Verify" || test == "VerifyTruncated" || test == "NotVerify") + { + int digestSize = pHash->DigestSize(); + if (test == "VerifyTruncated") + digestSize = atoi(GetRequiredDatum(v, "TruncatedSize").c_str()); + TruncatedHashModule thash(*pHash, digestSize); + HashVerificationFilter verifierFilter(thash, NULL, HashVerificationFilter::HASH_AT_BEGIN); + PutDecodedDatumInto(v, "Digest", verifierFilter); + PutDecodedDatumInto(v, "Message", verifierFilter); + verifierFilter.MessageEnd(); + if (verifierFilter.GetLastResult() == (test == "NotVerify")) + SignalTestFailure(); + } + else + { + SignalTestError(); + assert(false); + } +} + +bool GetField(std::istream &is, std::string &name, std::string &value) +{ + name.resize(0); // GCC workaround: 2.95.3 doesn't have clear() + is >> name; + if (name.empty()) + return false; + + if (name[name.size()-1] != ':') + SignalTestError(); + name.erase(name.size()-1); + + while (is.peek() == ' ') + is.ignore(1); + + // VC60 workaround: getline bug + char buffer[128]; + value.resize(0); // GCC workaround: 2.95.3 doesn't have clear() + bool continueLine; + + do + { + do + { + is.get(buffer, sizeof(buffer)); + value += buffer; + } + while (buffer[0] != 0); + is.clear(); + is.ignore(); + + if (value[value.size()-1] == '\\') + { + value.resize(value.size()-1); + continueLine = true; + } + else + continueLine = false; + + std::string::size_type i = value.find('#'); + if (i != std::string::npos) + value.erase(i); + } + while (continueLine); + + return true; +} + +void OutputPair(const NameValuePairs &v, const char *name) +{ + Integer x; + bool b = v.GetValue(name, x); + assert(b); + cout << name << ": \\\n "; + x.Encode(HexEncoder(new FileSink(cout), false, 64, "\\\n ").Ref(), x.MinEncodedSize()); + cout << endl; +} + +void OutputNameValuePairs(const NameValuePairs &v) +{ + std::string names = v.GetValueNames(); + string::size_type i = 0; + while (i < names.size()) + { + string::size_type j = names.find_first_of (';', i); + + if (j == string::npos) + return; + else + { + std::string name = names.substr(i, j-i); + if (name.find(':') == string::npos) + OutputPair(v, name.c_str()); + } + + i = j + 1; + } +} + +void TestDataFile(const std::string &filename, unsigned int &totalTests, unsigned int &failedTests) +{ + std::ifstream file(filename.c_str()); + TestData v; + s_currentTestData = &v; + std::string name, value, lastAlgName; + + while (file) + { + while (file.peek() == '#') + file.ignore(INT_MAX, '\n'); + + if (file.peek() == '\n') + v.clear(); + + if (!GetField(file, name, value)) + break; + v[name] = value; + + if (name == "Test") + { + bool failed = true; + std::string algType = GetRequiredDatum(v, "AlgorithmType"); + + if (lastAlgName != GetRequiredDatum(v, "Name")) + { + lastAlgName = GetRequiredDatum(v, "Name"); + cout << "\nTesting " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n"; + } + + try + { + if (algType == "Signature") + TestSignatureScheme(v); + else if (algType == "AsymmetricCipher") + TestEncryptionScheme(v); + else if (algType == "MessageDigest") + TestDigestOrMAC(v, true); + else if (algType == "MAC") + TestDigestOrMAC(v, false); + else if (algType == "FileList") + TestDataFile(GetRequiredDatum(v, "Test"), totalTests, failedTests); + else + SignalTestError(); + failed = false; + } + catch (TestFailure &) + { + cout << "\nTest failed.\n"; + } + catch (CryptoPP::Exception &e) + { + cout << "\nCryptoPP::Exception caught: " << e.what() << endl; + } + catch (std::exception &e) + { + cout << "\nstd::exception caught: " << e.what() << endl; + } + + if (failed) + { + cout << "Skipping to next test.\n"; + failedTests++; + } + else + cout << "." << flush; + + totalTests++; + } + } +} + +bool RunTestDataFile(const char *filename) +{ + RegisterFactories(); + unsigned int totalTests = 0, failedTests = 0; + TestDataFile(filename, totalTests, failedTests); + cout << "\nTests complete. Total tests = " << totalTests << ". Failed tests = " << failedTests << ".\n"; + if (failedTests != 0) + cout << "SOME TESTS FAILED!\n"; + return failedTests == 0; +} @@ -33,7 +33,7 @@ public: {m_groupParameters.Initialize(v1, v2);} template <class T2, class T3> - DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T2 &v3) + DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3) {m_groupParameters.Initialize(v1, v2, v3);} template <class T2, class T3, class T4> @@ -45,7 +45,7 @@ public: {m_groupParameters.Initialize(v1, v2);} template <class T1, class T2, class T3> - DH_Domain(const T1 &v1, const T2 &v2, const T2 &v3) + DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3) {m_groupParameters.Initialize(v1, v2, v3);} template <class T1, class T2, class T3, class T4> diff --git a/c5/eccrypto.cpp b/c5/eccrypto.cpp index 28110b7..b0042e8 100644 --- a/c5/eccrypto.cpp +++ b/c5/eccrypto.cpp @@ -542,13 +542,13 @@ void DL_GroupParameters_EC<EC>::SimultaneousExponentiate(Element *results, const } template <class EC> -DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const +CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const { return GetCurve().Add(a, b); } template <class EC> -DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const +CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const { return GetCurve().CascadeMultiply(exponent1, element1, exponent2, element2); } diff --git a/c5/eccrypto.h b/c5/eccrypto.h index 9706b7f..dafa1c7 100644 --- a/c5/eccrypto.h +++ b/c5/eccrypto.h @@ -172,14 +172,14 @@ public: }; //! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a> -template <class EC, class COFACTOR_OPTION = DL_GroupParameters_EC<EC>::DefaultCofactorOption> +template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> struct ECDH { typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; }; /// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a> -template <class EC, class COFACTOR_OPTION = DL_GroupParameters_EC<EC>::DefaultCofactorOption> +template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption> struct ECMQV { typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain; @@ -222,13 +222,13 @@ public: //! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a> template <class EC, class H> -struct ECDSA : public DL_SSA<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, H> +struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H> { }; //! ECNR template <class EC, class H = SHA> -struct ECNR : public DL_SSA<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, H> +struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H> { }; diff --git a/c5/elgamal.h b/c5/elgamal.h index a2f6ffb..65446c5 100644 --- a/c5/elgamal.h +++ b/c5/elgamal.h @@ -83,8 +83,8 @@ public: const DL_GroupParameters_GFP & GetGroupParameters() const {return GetKey().GetGroupParameters();} - DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const - {return Decrypt(cipherText, FixedCiphertextLength(), plainText);} + DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const + {return Decrypt(rng, cipherText, FixedCiphertextLength(), plainText);} protected: const DL_KeyAgreementAlgorithm<Integer> & GetKeyAgreementAlgorithm() const {return *this;} @@ -83,32 +83,35 @@ protected: //! . template <class T> -class EMSA5Pad : public PK_NonreversiblePaddingAlgorithm +class EMSA5Pad : public PK_DeterministicSignatureMessageEncodingMethod { public: static const char *StaticAlgorithmName() {return "EMSA5";} - unsigned int MaxUnpaddedLength(unsigned int paddedLength) const {return UINT_MAX;} - - void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - unsigned int paddedByteLength = BitsToBytes(paddedLength); - memset(padded, 0, paddedByteLength); - T::GenerateAndMask(padded, paddedByteLength, raw, inputLength); - if (paddedLength % 8 != 0) - padded[0] = (byte)Crop(padded[0], paddedLength % 8); + m_digest.New(hash.DigestSize()); + hash.Final(m_digest); + unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + T mgf; + mgf.GenerateAndMask(hash, representative, representativeByteLength, m_digest, m_digest.size(), false); + if (representativeBitLength % 8 != 0) + representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); } + +private: + mutable SecByteBlock m_digest; }; //! EMSA5, for use with ESIGN struct P1363_EMSA5 : public SignatureStandard { - template <class H> struct SignaturePaddingAlgorithm {typedef EMSA5Pad<P1363_MGF1<H> > type;}; - template <class H> struct DecoratedHashingAlgorithm {typedef H type;}; + typedef EMSA5Pad<P1363_MGF1> SignatureMessageEncodingMethod; }; -template<> struct CryptoStandardTraits<P1363_EMSA5> : public P1363_EMSA5 {}; - struct ESIGN_Keys { static std::string StaticAlgorithmName() {return "ESIGN";} @@ -118,7 +121,7 @@ struct ESIGN_Keys //! ESIGN, as defined in IEEE P1363a template <class H, class STANDARD = P1363_EMSA5> -struct ESIGN : public TF_SSA<STANDARD, H, ESIGN_Keys> +struct ESIGN : public TF_SS<STANDARD, H, ESIGN_Keys> { }; diff --git a/c5/factory.h b/c5/factory.h new file mode 100644 index 0000000..893a731 --- /dev/null +++ b/c5/factory.h @@ -0,0 +1,94 @@ +#ifndef CRYPTOPP_OBJFACT_H +#define CRYPTOPP_OBJFACT_H + +#include "cryptlib.h" +#include <map> + +NAMESPACE_BEGIN(CryptoPP) + +template <class AbstractClass> +class ObjectFactory +{ +public: + virtual AbstractClass * CreateObject() const =0; +}; + +template <class AbstractClass, class ConcreteClass> +class DefaultObjectFactory : public ObjectFactory<AbstractClass> +{ +public: + AbstractClass * CreateObject() const + { + return new ConcreteClass; + } + +}; + +template <class AbstractClass> +class ObjectFactoryRegistry +{ +public: + ~ObjectFactoryRegistry() + { + for (CPP_TYPENAME Map::iterator i = m_map.begin(); i != m_map.end(); ++i) + { + delete i->second; + i->second = NULL; + } + } + + void RegisterFactory(const char *name, ObjectFactory<AbstractClass> *factory) + { + m_map[name] = factory; + } + + const ObjectFactory<AbstractClass> * GetFactory(const char *name) const + { + CPP_TYPENAME Map::const_iterator i = m_map.find(name); + return i == m_map.end() ? NULL : i->second; + } + + AbstractClass *CreateObject(const char *name) const + { + const ObjectFactory<AbstractClass> *factory = GetFactory(name); + return factory ? factory->CreateObject() : NULL; + } + + // VC60 workaround: use "..." to prevent this function from being inlined + static ObjectFactoryRegistry<AbstractClass> & Registry(...); + +private: + typedef std::map<std::string, ObjectFactory<AbstractClass> *> Map; + Map m_map; +}; + +template <class AbstractClass> +ObjectFactoryRegistry<AbstractClass> & ObjectFactoryRegistry<AbstractClass>::Registry(...) +{ + static ObjectFactoryRegistry<AbstractClass> s_registry; + return s_registry; +} + +template <class AbstractClass, class ConcreteClass> +void RegisterDefaultFactoryFor(const char *name, AbstractClass *Dummy1=NULL, ConcreteClass *Dummy2=NULL) +{ + ObjectFactoryRegistry<AbstractClass>::Registry().RegisterFactory(name, new DefaultObjectFactory<AbstractClass, ConcreteClass>); +} + +template <class SchemeClass> +void RegisterPublicKeyCryptoSystemDefaultFactories(const char *name, SchemeClass *dummy=NULL) +{ + RegisterDefaultFactoryFor<PK_Encryptor, CPP_TYPENAME SchemeClass::Encryptor>(name); + RegisterDefaultFactoryFor<PK_Decryptor, CPP_TYPENAME SchemeClass::Decryptor>(name); +} + +template <class SchemeClass> +void RegisterSignatureSchemeDefaultFactories(const char *name, SchemeClass *dummy=NULL) +{ + RegisterDefaultFactoryFor<PK_Signer, CPP_TYPENAME SchemeClass::Signer>(name); + RegisterDefaultFactoryFor<PK_Verifier, CPP_TYPENAME SchemeClass::Verifier>(name); +} + +NAMESPACE_END + +#endif diff --git a/c5/files.cpp b/c5/files.cpp index 01028c6..2b42010 100644 --- a/c5/files.cpp +++ b/c5/files.cpp @@ -44,21 +44,6 @@ unsigned long FileStore::MaxRetrievable() const return end-current; } -unsigned int FileStore::Peek(byte &outByte) const -{ - if (!m_stream) - return 0; - - int result = m_stream->peek(); - if (result == EOF) // GCC workaround: 2.95.2 doesn't have char_traits<char>::eof() - return 0; - else - { - outByte = byte(result); - return 1; - } -} - unsigned int FileStore::TransferTo2(BufferedTransformation &target, unsigned long &transferBytes, const std::string &channel, bool blocking) { if (!m_stream) @@ -103,6 +88,19 @@ unsigned int FileStore::CopyRangeTo2(BufferedTransformation &target, unsigned lo if (!m_stream) return 0; + if (begin == 0 && end == 1) + { + int result = m_stream->peek(); + if (result == EOF) // GCC workaround: 2.95.2 doesn't have char_traits<char>::eof() + return 0; + else + { + unsigned int blockedBytes = target.ChannelPut(channel, byte(result), blocking); + begin += 1-blockedBytes; + return blockedBytes; + } + } + // TODO: figure out what happens on cin streampos current = m_stream->tellg(); streampos endPosition = m_stream->seekg(0, ios::end).tellg(); @@ -164,7 +162,7 @@ bool FileSink::IsolatedFlush(bool hardFlush, bool blocking) m_stream->flush(); if (!m_stream->good()) - throw WriteErr(); + throw WriteErr(); return false; } @@ -180,7 +178,7 @@ unsigned int FileSink::Put2(const byte *inString, unsigned int length, int messa m_stream->flush(); if (!m_stream->good()) - throw WriteErr(); + throw WriteErr(); return 0; } @@ -30,8 +30,6 @@ public: std::istream* GetStream() {return m_stream;} unsigned long MaxRetrievable() const; - unsigned int Peek(byte &outByte) const; - unsigned int TransferTo2(BufferedTransformation &target, unsigned long &transferBytes, const std::string &channel=NULL_CHANNEL, bool blocking=true); unsigned int CopyRangeTo2(BufferedTransformation &target, unsigned long &begin, unsigned long end=ULONG_MAX, const std::string &channel=NULL_CHANNEL, bool blocking=true) const; diff --git a/c5/filters.cpp b/c5/filters.cpp index 78e6b3c..64c2a37 100644 --- a/c5/filters.cpp +++ b/c5/filters.cpp @@ -133,19 +133,23 @@ bool Filter::OutputMessageSeriesEnd(int outputSite, int propagation, bool blocki unsigned int MeterFilter::Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking) { - FILTER_BEGIN; - m_currentMessageBytes += length; - m_totalBytes += length; - - if (messageEnd) + if (m_transparent) { - m_currentMessageBytes = 0; - m_currentSeriesMessages++; - m_totalMessages++; + FILTER_BEGIN; + m_currentMessageBytes += length; + m_totalBytes += length; + + if (messageEnd) + { + m_currentMessageBytes = 0; + m_currentSeriesMessages++; + m_totalMessages++; + } + + FILTER_OUTPUT(1, begin, length, messageEnd); + FILTER_END_NO_MESSAGE_END; } - - FILTER_OUTPUT(1, begin, length, messageEnd); - FILTER_END; + return 0; } bool MeterFilter::IsolatedMessageSeriesEnd(bool blocking) @@ -387,35 +391,27 @@ void Redirector::ChannelInitialize(const std::string &channel, const NameValuePa // ************************************************************* ProxyFilter::ProxyFilter(BufferedTransformation *filter, unsigned int firstSize, unsigned int lastSize, BufferedTransformation *attachment) - : FilterWithBufferedInput(firstSize, 1, lastSize, attachment), m_filter(filter), m_proxy(NULL) + : FilterWithBufferedInput(firstSize, 1, lastSize, attachment), m_filter(filter) { if (m_filter.get()) - m_filter->Attach(m_proxy = new OutputProxy(*this, false)); + m_filter->Attach(new OutputProxy(*this, false)); } -void ProxyFilter::IsolatedFlush(bool completeFlush) +bool ProxyFilter::IsolatedFlush(bool hardFlush, bool blocking) { - if (m_filter.get()) - { - bool passSignal = m_proxy->GetPassSignal(); - m_proxy->SetPassSignal(false); - m_filter->Flush(completeFlush, -1); - m_proxy->SetPassSignal(passSignal); - } + return m_filter.get() ? m_filter->Flush(hardFlush, -1, blocking) : false; } void ProxyFilter::SetFilter(Filter *filter) { - bool passSignal = m_proxy ? m_proxy->GetPassSignal() : false; m_filter.reset(filter); if (filter) { - std::auto_ptr<OutputProxy> temp(m_proxy = new OutputProxy(*this, passSignal)); - m_filter->TransferAllTo(*m_proxy); + OutputProxy *proxy; + std::auto_ptr<OutputProxy> temp(proxy = new OutputProxy(*this, false)); + m_filter->TransferAllTo(*proxy); m_filter->Attach(temp.release()); } - else - m_proxy=NULL; } void ProxyFilter::NextPutMultiple(const byte *s, unsigned int len) @@ -741,7 +737,8 @@ void SignatureVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameV { m_flags = parameters.GetValueWithDefault(Name::SignatureVerificationFilterFlags(), (word32)DEFAULT_FLAGS); m_messageAccumulator.reset(m_verifier.NewVerificationAccumulator()); - unsigned int size = m_verifier.SignatureLength(); + unsigned int size = m_verifier.SignatureLength(); + assert(size != 0); // TODO: handle recoverable signature scheme m_verified = false; firstSize = m_flags & SIGNATURE_AT_BEGIN ? size : 0; blockSize = 1; @@ -752,8 +749,8 @@ void SignatureVerificationFilter::FirstPut(const byte *inString) { if (m_flags & SIGNATURE_AT_BEGIN) { - if (m_verifier.SignatureUpfrontForVerification()) - m_verifier.InitializeVerificationAccumulator(*m_messageAccumulator, inString); + if (m_verifier.SignatureUpfront()) + m_verifier.InputSignature(*m_messageAccumulator, inString, m_verifier.SignatureLength()); else { m_signature.New(m_verifier.SignatureLength()); @@ -765,7 +762,7 @@ void SignatureVerificationFilter::FirstPut(const byte *inString) } else { - assert(!m_verifier.SignatureUpfrontForVerification()); + assert(!m_verifier.SignatureUpfront()); } } @@ -781,11 +778,13 @@ void SignatureVerificationFilter::LastPut(const byte *inString, unsigned int len if (m_flags & SIGNATURE_AT_BEGIN) { assert(length == 0); - m_verified = m_verifier.Verify(m_messageAccumulator.release(), m_signature); + m_verifier.InputSignature(*m_messageAccumulator, m_signature, m_signature.size()); + m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); } else { - m_verified = (length==m_verifier.SignatureLength() && m_verifier.Verify(m_messageAccumulator.release(), inString)); + m_verifier.InputSignature(*m_messageAccumulator, inString, length); + m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator); if (m_flags & PUT_SIGNATURE) AttachedTransformation()->Put(inString, length); } diff --git a/c5/filters.h b/c5/filters.h index 2b11662..b2ddec2 100644 --- a/c5/filters.h +++ b/c5/filters.h @@ -144,8 +144,8 @@ public: /*! calls ForceNextPut() if hardFlush is true */ bool IsolatedFlush(bool hardFlush, bool blocking); - /*! the input buffer may contain more than blockSize bytes if lastSize != 0 - ForceNextPut() forces a call to NextPut() if this is the case + /*! The input buffer may contain more than blockSize bytes if lastSize != 0. + ForceNextPut() forces a call to NextPut() if this is the case. */ void ForceNextPut(); @@ -324,8 +324,8 @@ public: private: RandomNumberGenerator &m_rng; - const PK_Signer &m_signer; - member_ptr<HashTransformation> m_messageAccumulator; + const PK_Signer &m_signer; + member_ptr<PK_MessageAccumulator> m_messageAccumulator; bool m_putMessage; SecByteBlock m_buf; }; @@ -354,13 +354,13 @@ protected: private: const PK_Verifier &m_verifier; - member_ptr<HashTransformation> m_messageAccumulator; + member_ptr<PK_MessageAccumulator> m_messageAccumulator; word32 m_flags; SecByteBlock m_signature; bool m_verified; }; -typedef SignatureVerificationFilter VerifierFilter; // for backwards compatibility +typedef SignatureVerificationFilter VerifierFilter; // for backwards compatibility //! Redirect input to another BufferedTransformation without owning it class Redirector : public CustomSignalPropagation<Sink> @@ -440,14 +440,13 @@ class ProxyFilter : public FilterWithBufferedInput public: ProxyFilter(BufferedTransformation *filter, unsigned int firstSize, unsigned int lastSize, BufferedTransformation *attachment); - void IsolatedFlush(bool completeFlush); + bool IsolatedFlush(bool hardFlush, bool blocking); void SetFilter(Filter *filter); void NextPutMultiple(const byte *s, unsigned int len); protected: member_ptr<BufferedTransformation> m_filter; - OutputProxy *m_proxy; }; //! simple proxy filter that doesn't modify the underlying filter's input or output @@ -475,8 +474,8 @@ public: class PK_DecryptorFilter : public SimpleProxyFilter { public: - PK_DecryptorFilter(const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL) - : SimpleProxyFilter(decryptor.CreateDecryptionFilter(), attachment) {} + PK_DecryptorFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL) + : SimpleProxyFilter(decryptor.CreateDecryptionFilter(rng), attachment) {} }; //! Append input to a string object @@ -492,9 +491,16 @@ public: void IsolatedInitialize(const NameValuePairs ¶meters) {if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");} + unsigned int Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking) { - m_output->append((const char_type *)begin, (const char_type *)begin+length); + if (length > 0) + { + typename T::size_type size = m_output->size(); + if (length < size && size + length > m_output->capacity()) + m_output->reserve(2*size); + m_output->append((const char_type *)begin, (const char_type *)begin+length); + } return 0; } diff --git a/c5/fips140.cpp b/c5/fips140.cpp index 9a1a6f9..7781956 100644 --- a/c5/fips140.cpp +++ b/c5/fips140.cpp @@ -13,11 +13,11 @@ NAMESPACE_BEGIN(CryptoPP) #endif #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE)) -#error FIPS-140-2 compliance requires the availability of thread local storage. +#error FIPS 140-2 compliance requires the availability of thread local storage. #endif #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) -#error FIPS-140-2 compliance requires the availability of OS provided RNG. +#error FIPS 140-2 compliance requires the availability of OS provided RNG. #endif PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE; @@ -62,4 +62,18 @@ void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) #endif } +void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor) +{ +#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 + EncryptionPairwiseConsistencyTest(encryptor, decryptor); +#endif +} + +void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier) +{ +#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 + SignaturePairwiseConsistencyTest(signer, verifier); +#endif +} + NAMESPACE_END diff --git a/c5/fips140.h b/c5/fips140.h index e7e5d4a..76353ed 100644 --- a/c5/fips140.h +++ b/c5/fips140.h @@ -2,7 +2,7 @@ #define CRYPTOPP_FIPS140_H /*! \file - FIPS-140 related functions and classes. + FIPS 140 related functions and classes. */ #include "cryptlib.h" @@ -16,7 +16,7 @@ public: explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {} }; -//! returns whether FIPS-140-2 compliance features were enabled at compile time +//! returns whether FIPS 140-2 compliance features were enabled at compile time bool FIPS_140_2_ComplianceEnabled(); //! enum values representing status of the power-up self test @@ -39,6 +39,9 @@ void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress); void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier); void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); +void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier); +void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); + NAMESPACE_END #endif diff --git a/c5/fipstest.cpp b/c5/fipstest.cpp index 063ab6b..10368ae 100644 --- a/c5/fipstest.cpp +++ b/c5/fipstest.cpp @@ -23,6 +23,34 @@ NAMESPACE_BEGIN(CryptoPP) extern PowerUpSelfTestStatus g_powerUpSelfTestStatus; +void KnownAnswerTest(RandomNumberGenerator &rng, const char *output) +{ + EqualityComparisonFilter comparison; + + RandomNumberStore(rng, strlen(output)/2).TransferAllTo(comparison, "0"); + StringSource(output, true, new HexDecoder(new ChannelSwitch(comparison, "1"))); + + comparison.ChannelMessageSeriesEnd("0"); + comparison.ChannelMessageSeriesEnd("1"); +} + +template <class CIPHER> +void X917RNG_KnownAnswerTest( + const char *key, + const char *seed, + const char *output, + unsigned int deterministicTimeVector, + CIPHER *dummy = NULL) +{ + std::string decodedKey, decodedSeed; + StringSource(key, true, new HexDecoder(new StringSink(decodedKey))); + StringSource(seed, true, new HexDecoder(new StringSink(decodedSeed))); + + AutoSeededX917RNG<CIPHER> rng; + rng.Reseed((const byte *)decodedKey.data(), decodedKey.size(), (const byte *)decodedSeed.data(), deterministicTimeVector); + KnownAnswerTest(rng, output); +} + void KnownAnswerTest(StreamTransformation &encryption, StreamTransformation &decryption, const char *plaintext, const char *ciphertext) { EqualityComparisonFilter comparison; @@ -136,7 +164,7 @@ void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_D new PK_EncryptorFilter( rng, encryptor, - new PK_DecryptorFilter(decryptor, new ChannelSwitch(comparison, "1")))); + new PK_DecryptorFilter(rng, decryptor, new ChannelSwitch(comparison, "1")))); comparison.ChannelMessageSeriesEnd("0"); comparison.ChannelMessageSeriesEnd("1"); @@ -208,6 +236,12 @@ void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleSha // algorithm tests + X917RNG_KnownAnswerTest<DES_EDE3>( + "48851090B4992453E83CDA86416534E53EA2FCE1A0B3A40C", // key + "7D00BD0A79F6B0F5", // seed + "22B590B08B53363AEB89AD65F81A5B6FB83F326CE06BF35751E6C41B43B729C4", // output + 1489728269); // time vector + SymmetricEncryptionKnownAnswerTest<DES>( "0123456789abcdef", // key "1234567890abcdef", // IV @@ -268,7 +302,7 @@ void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleSha "Sample #2", "0922d3405faa3d194f82a45830737d5cc6c75d24"); - SignatureKnownAnswerTest<RSASSA<PKCS1v15, SHA> >( + SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA> >( "30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0" "c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001" "02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa" diff --git a/c5/fltrimpl.h b/c5/fltrimpl.h index 6c37bfa..a35e68b 100644 --- a/c5/fltrimpl.h +++ b/c5/fltrimpl.h @@ -17,11 +17,13 @@ FILTER_END_NO_MESSAGE_END_NO_RETURN \ return 0; +/* #define FILTER_END \ case -1: \ - if (Output(-1, NULL, 0, messageEnd, blocking)) \ + if (messageEnd && Output(-1, NULL, 0, messageEnd, blocking)) \ return 1; \ FILTER_END_NO_MESSAGE_END +*/ #define FILTER_OUTPUT2(site, statement, output, length, messageEnd) \ {\ diff --git a/c5/gfpcrypt.cpp b/c5/gfpcrypt.cpp index 8d8b0bf..c27a967 100644 --- a/c5/gfpcrypt.cpp +++ b/c5/gfpcrypt.cpp @@ -63,30 +63,48 @@ bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned return pass; } -Integer NR_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) +void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - Integer h; - if (digestLen*8 < modulusBits) - h.Decode(digest, digestLen); - else + assert(recoverableMessageLength == 0); + assert(hashIdentifier.second == 0); + const unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + const unsigned int digestSize = hash.DigestSize(); + const unsigned int paddingLength = SaturatingSubtract(representativeByteLength, digestSize); + + memset(representative, 0, paddingLength); + hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); + + if (digestSize*8 > representativeBitLength) { - h.Decode(digest, BitsToBytes(modulusBits)); - h >>= BitsToBytes(modulusBits)*8 - modulusBits + 1; + Integer h(representative, representativeByteLength); + h >>= representativeByteLength*8 - representativeBitLength; + h.Encode(representative, representativeByteLength); } - return h; } -Integer DSA_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) +void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - Integer h; - if (digestLen*8 <= modulusBits) - h.Decode(digest, digestLen); - else + assert(recoverableMessageLength == 0); + assert(hashIdentifier.second == 0); + const unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + const unsigned int digestSize = hash.DigestSize(); + const unsigned int paddingLength = SaturatingSubtract(representativeByteLength, digestSize); + + memset(representative, 0, paddingLength); + hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize)); + + if (digestSize*8 >= representativeBitLength) { - h.Decode(digest, BitsToBytes(modulusBits)); - h >>= BitsToBytes(modulusBits)*8 - modulusBits; + Integer h(representative, representativeByteLength); + h >>= representativeByteLength*8 - representativeBitLength + 1; + h.Encode(representative, representativeByteLength); } - return h; } bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const diff --git a/c5/gfpcrypt.h b/c5/gfpcrypt.h index 31db5a1..24c8168 100644 --- a/c5/gfpcrypt.h +++ b/c5/gfpcrypt.h @@ -149,18 +149,13 @@ class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T> public: static const char * StaticAlgorithmName() {return "DSA-1363";} - Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) const - { - return DSA_EncodeDigest(modulusBits, digest, digestLen); - } - - bool Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const + void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const { const Integer &q = params.GetSubgroupOrder(); - r = params.ConvertElementToInteger(params.ExponentiateBase(k)) % q; + r %= q; Integer kInv = k.InverseMod(q); s = (kInv * (x*r + e)) % q; - return (!!r && !!s); + assert(!!r && !!s); } bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const @@ -189,12 +184,12 @@ public: return NR_EncodeDigest(modulusBits, digest, digestLen); } - bool Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const + void Sign(const DL_GroupParameters<T> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const { const Integer &q = params.GetSubgroupOrder(); - r = (params.ConvertElementToInteger(params.ExponentiateBase(k)) + e) % q; + r = (r + e) % q; s = (k - x*r) % q; - return !!r; + assert(!!r); } bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const @@ -345,13 +340,21 @@ public: //! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a> template <class H> -struct GDSA : public DL_SSA<DL_SignatureKeys_GFP, DL_Algorithm_GDSA<Integer>, H> +struct GDSA : public DL_SS< + DL_SignatureKeys_GFP, + DL_Algorithm_GDSA<Integer>, + DL_SignatureMessageEncodingMethod_DSA, + H> { }; //! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a> template <class H> -struct NR : public DL_SSA<DL_SignatureKeys_GFP, DL_Algorithm_NR<Integer>, H> +struct NR : public DL_SS< + DL_SignatureKeys_GFP, + DL_Algorithm_NR<Integer>, + DL_SignatureMessageEncodingMethod_NR, + H> { }; @@ -376,7 +379,12 @@ struct DL_Keys_DSA }; //! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA">DSA</a> -struct DSA : public DL_SSA<DL_Keys_DSA, DL_Algorithm_GDSA<Integer>, SHA, DSA> +struct DSA : public DL_SS< + DL_Keys_DSA, + DL_Algorithm_GDSA<Integer>, + DL_SignatureMessageEncodingMethod_DSA, + SHA, + DSA> { static std::string StaticAlgorithmName() {return std::string("DSA");} @@ -426,7 +434,14 @@ public: } xorbuf(cipherText, plainText, cipherKey, plainTextLength); - MAC(macKey).CalculateDigest(cipherText + plainTextLength, cipherText, plainTextLength); + MAC mac(macKey); + mac.Update(cipherText, plainTextLength); + if (DHAES_MODE) + { + const byte L[8] = {0,0,0,0,0,0,0,0}; + mac.Update(L, 8); + } + mac.Final(cipherText + plainTextLength); } DecodingResult SymmetricDecrypt(const byte *key, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const { @@ -443,8 +458,16 @@ public: macKey = key + plainTextLength; } - if (!MAC(macKey).VerifyDigest(cipherText + plainTextLength, cipherText, plainTextLength)) + MAC mac(macKey); + mac.Update(cipherText, plainTextLength); + if (DHAES_MODE) + { + const byte L[8] = {0,0,0,0,0,0,0,0}; + mac.Update(L, 8); + } + if (!mac.Verify(cipherText + plainTextLength)) return DecodingResult(); + xorbuf(plainText, cipherText, cipherKey, plainTextLength); return DecodingResult(plainTextLength); } @@ -9,16 +9,16 @@ NAMESPACE_BEGIN(CryptoPP) class HexEncoder : public SimpleProxyFilter { public: - HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &seperator = ":", const std::string &terminator = "") + HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "") : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) { - IsolatedInitialize(MakeParameters("Uppercase", uppercase)("GroupSize", outputGroupSize)("Seperator", ConstByteArrayParameter(seperator))); + IsolatedInitialize(MakeParameters("Uppercase", uppercase)("GroupSize", outputGroupSize)("Separator", ConstByteArrayParameter(separator))); } void IsolatedInitialize(const NameValuePairs ¶meters); }; -//! Decode 16 bit data back to bytes +//! Decode base 16 data back to bytes class HexDecoder : public BaseN_Decoder { public: diff --git a/c5/hrtimer.cpp b/c5/hrtimer.cpp index 2dafbca..5245841 100644 --- a/c5/hrtimer.cpp +++ b/c5/hrtimer.cpp @@ -8,7 +8,7 @@ #if defined(CRYPTOPP_WIN32_AVAILABLE) #include <windows.h> -#elif defined(__unix__) +#elif defined(CRYPTOPP_UNIX_AVAILABLE) #include <sys/time.h> #elif defined(macintosh) #include <Timer.h> @@ -24,7 +24,7 @@ word64 Timer::GetCurrentTimerValue() FILETIME now; GetSystemTimeAsFileTime(&now); return now.dwLowDateTime + ((word64)now.dwHighDateTime << 32); -#elif defined(__unix__) +#elif defined(CRYPTOPP_UNIX_AVAILABLE) timeval now; gettimeofday(&now, NULL); return (word64)now.tv_sec * 1000000 + now.tv_usec; diff --git a/c5/hrtimer.h b/c5/hrtimer.h index 81d9fcd..d05dfd1 100644 --- a/c5/hrtimer.h +++ b/c5/hrtimer.h @@ -22,7 +22,7 @@ public: { #if defined(CRYPTOPP_WIN32_AVAILABLE) return 10000; -#elif defined(__unix__) || defined(macintosh) +#elif defined(CRYPTOPP_UNIX_AVAILABLE) || defined(macintosh) return 1000; #endif } @@ -45,7 +45,7 @@ void RawIDA::ChannelInitialize(const string &channel, const NameValuePairs ¶ else { int nShares = parameters.GetIntValueWithDefault("NumberOfShares", m_threshold); - for (unsigned int i=0; i<nShares; i++) + for (int i=0; i<nShares; i++) AddOutputChannel(i); } @@ -93,7 +93,7 @@ unsigned int RawIDA::LookupInputChannel(word32 channelId) const void RawIDA::ChannelData(word32 channelId, const byte *inString, unsigned int length, bool messageEnd) { - unsigned int i = InsertInputChannel(channelId); + int i = InsertInputChannel(channelId); if (i < m_threshold) { unsigned long size = m_inputQueues[i].MaxRetrievable(); @@ -125,7 +125,7 @@ void RawIDA::ChannelData(word32 channelId, const byte *inString, unsigned int le unsigned int RawIDA::InputBuffered(word32 channelId) const { - unsigned int i = LookupInputChannel(channelId); + int i = LookupInputChannel(channelId); return i < m_threshold ? m_inputQueues[i].MaxRetrievable() : 0; } @@ -165,7 +165,7 @@ void RawIDA::PrepareInterpolation() void RawIDA::ProcessInputQueues() { bool finished = (m_channelsFinished == m_threshold); - unsigned int i; + int i; while (finished ? m_channelsReady > 0 : m_channelsReady == m_threshold) { @@ -181,7 +181,7 @@ void RawIDA::ProcessInputQueues() m_channelsReady += queue.NumberOfMessages() > 0 || queue.MaxRetrievable() >= 4; } - for (i=0; i<m_outputChannelIds.size(); i++) + for (i=0; (unsigned int)i<m_outputChannelIds.size(); i++) { if (m_outputToInput[i] != m_threshold) m_outputQueues[i].PutWord32(m_y[m_outputToInput[i]]); diff --git a/c5/integer.cpp b/c5/integer.cpp index 0df3540..e18507f 100644 --- a/c5/integer.cpp +++ b/c5/integer.cpp @@ -23,6 +23,16 @@ NAMESPACE_BEGIN(CryptoPP) +bool FunctionAssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt) +{ + if (valueType != typeid(Integer)) + return false; + *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt); + return true; +} + +static int DummyAssignIntToInteger = (AssignIntToInteger = FunctionAssignIntToInteger, 0); + #ifdef SSE2_INTRINSICS_AVAILABLE template <class T> AllocatorBase<T>::pointer AlignedAllocator<T>::allocate(size_type n, const void *) @@ -1295,8 +1305,10 @@ carry2: class PentiumOptimized : public Portable { public: +#ifndef __pic__ // -fpic uses up a register, leaving too few for the asm code static word Add(word *C, const word *A, const word *B, unsigned int N); static word Subtract(word *C, const word *A, const word *B, unsigned int N); +#endif static void Square4(word *R, const word *A); static void Multiply4(word *C, const word *A, const word *B); static void Multiply8(word *C, const word *A, const word *B); @@ -1306,6 +1318,7 @@ typedef PentiumOptimized LowLevel; // Add and Subtract assembly code originally contributed by Alister Lee +#ifndef __pic__ __attribute__((regparm(3))) word PentiumOptimized::Add(word *C, const word *A, const word *B, unsigned int N) { assert (N%2 == 0); @@ -1381,6 +1394,7 @@ __attribute__((regparm(3))) word PentiumOptimized::Subtract(word *C, const word return carry; } +#endif // __pic__ // Comba square and multiply assembly code originally contributed by Leonard Janke @@ -2142,11 +2156,11 @@ void MontgomeryReduce(word *R, word *T, const word *X, const word *M, const word { MultiplyBottom(R, T, X, U, N); MultiplyTop(T, T+N, X, R, M, N); - if (Subtract(R, X+N, T, N)) - { - word carry = Add(R, R, M, N); - assert(carry); - } + word borrow = Subtract(T, X+N, T, N); + // defend against timing attack by doing this Add even when not needed + word carry = Add(T+N, T, M, N); + assert(carry || !borrow); + CopyWords(R, T + (borrow ? N : 0), N); } // R[N] --- result = X/(2**(WORD_BITS*N/2)) mod M @@ -2548,6 +2562,13 @@ Integer::Integer(signed long value) reg[1] = word(SafeRightShift<WORD_BITS, unsigned long>(value)); } +Integer::Integer(Sign s, word high, word low) + : reg(2), sign(s) +{ + reg[0] = low; + reg[1] = high; +} + bool Integer::IsConvertableToLong() const { if (ByteCount() > sizeof(long)) diff --git a/c5/integer.h b/c5/integer.h index b79c07c..fcf3ebe 100644 --- a/c5/integer.h +++ b/c5/integer.h @@ -67,6 +67,9 @@ public: }; //! + enum Sign {POSITIVE=0, NEGATIVE=1}; + + //! enum Signedness { //! UNSIGNED, @@ -92,6 +95,9 @@ public: //! convert from signed long Integer(signed long value); + //! convert from two words + Integer(Sign s, word highWord, word lowWord); + //! convert from string /*! str can be in base 2, 8, 10, or 16. Base is determined by a case insensitive suffix of 'h', 'o', or 'b'. No suffix means base 10. @@ -390,8 +396,6 @@ private: friend void PositiveMultiply(Integer &product, const Integer &a, const Integer &b); friend void PositiveDivide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor); - enum Sign {POSITIVE=0, NEGATIVE=1}; - SecAlignedWordBlock reg; Sign sign; }; diff --git a/c5/iterhash.cpp b/c5/iterhash.cpp index 08f7626..00cc12b 100644 --- a/c5/iterhash.cpp +++ b/c5/iterhash.cpp @@ -17,13 +17,13 @@ template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte { HashWordType tmp = m_countLo; if ((m_countLo = tmp + len) < tmp) - m_countHi++; // Carry from low to high + m_countHi++; // carry from low to high m_countHi += SafeRightShift<8*sizeof(HashWordType)>(len); unsigned int blockSize = BlockSize(); - unsigned int num = (unsigned int)(tmp & (blockSize-1)); + unsigned int num = ModPowerOf2(tmp, blockSize); - if (num != 0) + if (num != 0) // process left over data { if ((num+len) >= blockSize) { @@ -41,8 +41,7 @@ template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte } } - // we now can process the input data in blocks of blockSize - // chars and save the leftovers to this->data. + // now process the input data in blocks of blockSize bytes and save the leftovers to m_data if (len >= blockSize) { if (input == (byte *)m_data.begin()) diff --git a/c5/iterhash.h b/c5/iterhash.h index 1ae9b15..7945cec 100644 --- a/c5/iterhash.h +++ b/c5/iterhash.h @@ -16,6 +16,7 @@ public: IteratedHashBase(unsigned int blockSize, unsigned int digestSize); unsigned int DigestSize() const {return m_digest.size() * sizeof(T);}; unsigned int OptimalBlockSize() const {return BlockSize();} + unsigned int OptimalDataAlignment() const {return sizeof(T);} void Update(const byte *input, unsigned int length); byte * CreateUpdateSpace(unsigned int &size); void Restart(); @@ -18,12 +18,11 @@ void LUC_TestInstantiations() InvertibleLUCFunction t3; } -bool DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const +void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const { const Integer &q = params.GetSubgroupOrder(); r = params.ExponentiateBase(k); s = (k + x*(r+e)) % q; - return true; } bool DL_Algorithm_LUC_HMP::Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const @@ -165,8 +164,9 @@ void InvertibleLUCFunction::DEREncode(BufferedTransformation &bt) const seq.MessageEnd(); } -Integer InvertibleLUCFunction::CalculateInverse(const Integer &x) const +Integer InvertibleLUCFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const { + // not clear how to do blinding with LUC DoQuickSanityCheck(); return InverseLucas(m_e, x, m_q, m_p, m_u); } @@ -13,7 +13,12 @@ NAMESPACE_BEGIN(CryptoPP) -//! . +//! The LUC function. +/*! This class is here for historical and pedagogical interest. It has no + practical advantages over other trapdoor functions and probably shouldn't + be used in production software. The discrete log based LUC schemes + defined later in this .h file may be of more practical interest. +*/ class LUCFunction : public TrapdoorFunction, public PublicKey { typedef LUCFunction ThisClass; @@ -57,7 +62,7 @@ public: void BERDecode(BufferedTransformation &bt); void DEREncode(BufferedTransformation &bt) const; - Integer CalculateInverse(const Integer &x) const; + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; bool Validate(RandomNumberGenerator &rng, unsigned int level) const; bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; @@ -92,8 +97,8 @@ struct LUCES : public TF_ES<STANDARD, LUC> }; //! LUC signature scheme with appendix -template <class H, class STANDARD = PKCS1v15> -struct LUCSSA : public TF_SSA<STANDARD, H, LUC> +template <class STANDARD, class H> +struct LUCSS : public TF_SS<STANDARD, H, LUC> { }; @@ -101,8 +106,8 @@ struct LUCSSA : public TF_SSA<STANDARD, H, LUC> typedef LUCES<OAEP<SHA> >::Decryptor LUCES_OAEP_SHA_Decryptor; typedef LUCES<OAEP<SHA> >::Encryptor LUCES_OAEP_SHA_Encryptor; -typedef LUCSSA<SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer; -typedef LUCSSA<SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier; +typedef LUCSS<PKCS1v15, SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer; +typedef LUCSS<PKCS1v15, SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier; // ******************************************************** @@ -179,10 +184,7 @@ class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm<Integer> public: static const char * StaticAlgorithmName() {return "LUC-HMP";} - Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) const - {return DSA_EncodeDigest(modulusBits, digest, digestLen);} - - bool Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; + void Sign(const DL_GroupParameters<Integer> ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; bool Verify(const DL_GroupParameters<Integer> ¶ms, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const; unsigned int RLen(const DL_GroupParameters<Integer> ¶ms) const @@ -199,7 +201,7 @@ struct DL_SignatureKeys_LUC //! LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen template <class H> -struct LUC_HMP : public DL_SSA<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, H> +struct LUC_HMP : public DL_SS<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, DL_SignatureMessageEncodingMethod_DSA, H> { }; diff --git a/c5/modes.cpp b/c5/modes.cpp index 0222260..70c2323 100644 --- a/c5/modes.cpp +++ b/c5/modes.cpp @@ -63,29 +63,66 @@ void CipherModeBase::SetIV(const byte *iv) void CTR_ModePolicy::SeekToIteration(dword iterationCount) { int carry=0; - for (int i=BlockSize()-1; i>=0 && (iterationCount || carry); i--) + for (int i=BlockSize()-1; i>=0; i--) { - unsigned int sum = m_counterArray[i] + byte(iterationCount) + carry; + unsigned int sum = m_register[i] + byte(iterationCount) + carry; m_counterArray[i] = (byte) sum; carry = sum >> 8; iterationCount >>= 8; } } +static inline void IncrementCounterByOne(byte *inout, unsigned int s) +{ + for (int i=s-1, carry=1; i>=0 && carry; i--) + carry = !++inout[i]; +} + +static inline void IncrementCounterByOne(byte *output, const byte *input, unsigned int s) +{ + for (int i=s-1, carry=1; i>=0; i--) + carry = !(output[i] = input[i]+carry) && carry; +} + +inline void CTR_ModePolicy::ProcessMultipleBlocks(byte *output, const byte *input, unsigned int n) +{ + unsigned int s = BlockSize(), j = 0; + for (unsigned int i=1; i<n; i++, j+=s) + IncrementCounterByOne(m_counterArray + j + s, m_counterArray + j, s); + m_cipher->ProcessAndXorMultipleBlocks(m_counterArray, input, output, n); + IncrementCounterByOne(m_counterArray, m_counterArray + s*(n-1), s); +} + void CTR_ModePolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount) { unsigned int maxBlocks = m_cipher->OptimalNumberOfParallelBlocks(); - unsigned int sizeIncrement = maxBlocks * m_cipher->BlockSize(); - while (iterationCount >= maxBlocks) + if (maxBlocks == 1) { - ProcessMultipleBlocks(output, input, maxBlocks); - output += sizeIncrement; - input += sizeIncrement; - iterationCount -= maxBlocks; + unsigned int sizeIncrement = BlockSize(); + while (iterationCount) + { + m_cipher->ProcessAndXorBlock(m_counterArray, input, output); + IncrementCounterByOne(m_counterArray, sizeIncrement); + output += sizeIncrement; + input += sizeIncrement; + iterationCount -= 1; + } + } + else + { + unsigned int sizeIncrement = maxBlocks * BlockSize(); + while (iterationCount >= maxBlocks) + { + ProcessMultipleBlocks(output, input, maxBlocks); + output += sizeIncrement; + input += sizeIncrement; + iterationCount -= maxBlocks; + } + if (iterationCount > 0) + ProcessMultipleBlocks(output, input, iterationCount); } - if (iterationCount > 0) - ProcessMultipleBlocks(output, input, iterationCount); } + void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv) { unsigned int s = BlockSize(); @@ -107,11 +144,11 @@ void BlockOrientedCipherModeBase::ProcessData(byte *outString, const byte *inStr unsigned int s = BlockSize(); assert(length % s == 0); unsigned int alignment = m_cipher->BlockAlignment(); - bool requireAlignedInput = RequireAlignedInput(); + bool inputAlignmentOk = !RequireAlignedInput() || IsAlignedOn(inString, alignment); if (IsAlignedOn(outString, alignment)) { - if (!requireAlignedInput || IsAlignedOn(inString, alignment)) + if (inputAlignmentOk) ProcessBlocks(outString, inString, length / s); else { @@ -123,7 +160,7 @@ void BlockOrientedCipherModeBase::ProcessData(byte *outString, const byte *inStr { while (length) { - if (!requireAlignedInput || IsAlignedOn(inString, alignment)) + if (inputAlignmentOk) ProcessBlocks(m_buffer, inString, 1); else { @@ -131,6 +168,8 @@ void BlockOrientedCipherModeBase::ProcessData(byte *outString, const byte *inStr ProcessBlocks(m_buffer, m_buffer, 1); } memcpy(outString, m_buffer, s); + inString += s; + outString += s; length -= s; } } @@ -9,6 +9,7 @@ #include "misc.h" #include "strciphr.h" #include "argnames.h" +#include "algparam.h" NAMESPACE_BEGIN(CryptoPP) @@ -142,19 +143,7 @@ class CTR_ModePolicy : public ModePolicyCommonTemplate<AdditiveCipherAbstractPol void SeekToIteration(dword iterationCount); IV_Requirement IVRequirement() const {return STRUCTURED_IV;} - static inline void IncrementCounterByOne(byte *output, const byte *input, unsigned int s) - { - for (int i=s-1, carry=1; i>=0 && carry; i--) - carry = !(output[i] = input[i]+1); - } - inline void ProcessMultipleBlocks(byte *output, const byte *input, unsigned int n) - { - unsigned int s = BlockSize(), j = 0; - for (unsigned int i=1; i<n; i++, j+=s) - IncrementCounterByOne(m_counterArray + j + s, m_counterArray + j, s); - m_cipher->ProcessAndXorMultipleBlocks(m_counterArray, input, output, n); - IncrementCounterByOne(m_counterArray, m_counterArray + s*(n-1), s); - } + inline void ProcessMultipleBlocks(byte *output, const byte *input, unsigned int n); SecByteBlock m_counterArray; }; @@ -209,6 +198,8 @@ class CBC_CTS_Encryption : public CBC_Encryption { public: void SetStolenIV(byte *iv) {m_stolenIV = iv;} + unsigned int MinLastBlockSize() const {return BlockSize()+1;} + void ProcessLastBlock(byte *outString, const byte *inString, unsigned int length); protected: void UncheckedSetKey(const NameValuePairs ¶ms, const byte *key, unsigned int length) @@ -216,8 +207,6 @@ protected: CBC_Encryption::UncheckedSetKey(params, key, length); m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), (byte *)NULL); } - unsigned int MinLastBlockSize() const {return BlockSize()+1;} - void ProcessLastBlock(byte *outString, const byte *inString, unsigned int length); byte *m_stolenIV; }; @@ -238,6 +227,7 @@ protected: class CBC_CTS_Decryption : public CBC_Decryption { +public: unsigned int MinLastBlockSize() const {return BlockSize()+1;} void ProcessLastBlock(byte *outString, const byte *inString, unsigned int length); }; @@ -372,7 +362,7 @@ struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation typedef CFB_Mode_ExternalCipher::Encryption CFBEncryption; typedef CFB_Mode_ExternalCipher::Decryption CFBDecryption; typedef OFB_Mode_ExternalCipher::Encryption OFB; -typedef OFB_Mode_ExternalCipher::Encryption CounterMode; +typedef CTR_Mode_ExternalCipher::Encryption CounterMode; #endif NAMESPACE_END @@ -30,7 +30,7 @@ public: {m_groupParameters.Initialize(v1, v2);} template <class T1, class T2, class T3> - MQV_Domain(T1 v1, T2 v2, T2 v3) + MQV_Domain(T1 v1, T2 v2, T3 v3) {m_groupParameters.Initialize(v1, v2, v3);} template <class T1, class T2, class T3, class T4> diff --git a/c5/oaep.cpp b/c5/oaep.cpp index 9391f5b..8913631 100644 --- a/c5/oaep.cpp +++ b/c5/oaep.cpp @@ -56,8 +56,10 @@ void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsi memcpy(maskedDB+dbLen-inputLength, input, inputLength); rng.GenerateBlock(maskedSeed, seedLen); - MGF::GenerateAndMask(maskedDB, dbLen, maskedSeed, seedLen); - MGF::GenerateAndMask(maskedSeed, seedLen, maskedDB, dbLen); + H h; + MGF mgf; + mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen); + mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen); } template <class H, class MGF, byte *P, unsigned int PLen> @@ -82,8 +84,10 @@ DecodingResult OAEP<H,MGF,P,PLen>::Unpad(const byte *oaepBlock, unsigned int oae byte *const maskedSeed = t; byte *const maskedDB = t+seedLen; - MGF::GenerateAndMask(maskedSeed, seedLen, maskedDB, dbLen); - MGF::GenerateAndMask(maskedDB, dbLen, maskedSeed, seedLen); + H h; + MGF mgf; + mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen); + mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen); // DB = pHash' || 00 ... || 01 || M @@ -8,12 +8,12 @@ NAMESPACE_BEGIN(CryptoPP) extern byte OAEP_P_DEFAULT[]; // defined in misc.cpp /// <a href="http://www.weidai.com/scan-mirror/ca.html#cem_OAEP-MGF1">EME-OAEP</a>, for use with RSAES -template <class H, class MGF=P1363_MGF1<H>, byte *P=OAEP_P_DEFAULT, unsigned int PLen=0> -class OAEP : public PK_PaddingAlgorithm, public EncryptionStandard +template <class H, class MGF=P1363_MGF1, byte *P=OAEP_P_DEFAULT, unsigned int PLen=0> +class OAEP : public PK_EncryptionMessageEncodingMethod, public EncryptionStandard { public: - static std::string StaticAlgorithmName() {return "OAEP-" + MGF::StaticAlgorithmName();} - typedef OAEP<H, MGF, P, PLen> EncryptionPaddingAlgorithm; + static std::string StaticAlgorithmName() {return std::string("OAEP-") + MGF::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} + typedef OAEP<H, MGF, P, PLen> EncryptionMessageEncodingMethod; unsigned int MaxUnpaddedLength(unsigned int paddedLength) const; void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const; diff --git a/c5/osrng.cpp b/c5/osrng.cpp index 9f45b86..57f92e7 100644 --- a/c5/osrng.cpp +++ b/c5/osrng.cpp @@ -15,7 +15,9 @@ #endif #include <windows.h> #include <wincrypt.h> -#else +#endif + +#ifdef CRYPTOPP_UNIX_AVAILABLE #include <errno.h> #include <fcntl.h> #include <unistd.h> @@ -96,6 +96,8 @@ public: explicit AutoSeededX917RNG(bool blocking = false) {Reseed(blocking);} void Reseed(bool blocking = false); + // exposed for testing + void Reseed(const byte *key, unsigned int keylength, const byte *seed, unsigned long timeVector); byte GenerateByte(); @@ -107,6 +109,18 @@ private: }; template <class BLOCK_CIPHER> +void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(const byte *key, unsigned int keylength, const byte *seed, unsigned long timeVector) +{ + m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector)); + + // for FIPS 140-2 + m_lastBlock.resize(16); + m_rng->GenerateBlock(m_lastBlock, m_lastBlock.size()); + m_counter = 0; + m_isDifferent = false; +} + +template <class BLOCK_CIPHER> void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(bool blocking) { SecByteBlock seed(BLOCK_CIPHER::BLOCKSIZE + BLOCK_CIPHER::DEFAULT_KEYLENGTH); @@ -117,15 +131,8 @@ void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(bool blocking) key = seed + BLOCK_CIPHER::BLOCKSIZE; } // check that seed and key don't have same value while (memcmp(key, seed, STDMIN((unsigned int)BLOCK_CIPHER::BLOCKSIZE, (unsigned int)BLOCK_CIPHER::DEFAULT_KEYLENGTH)) == 0); - m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH), seed)); - if (FIPS_140_2_ComplianceEnabled()) - { - m_lastBlock.resize(16); - m_rng->GenerateBlock(m_lastBlock, m_lastBlock.size()); - m_counter = 0; - m_isDifferent = false; - } + Reseed(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH, seed, 0); } template <class BLOCK_CIPHER> @@ -133,18 +140,16 @@ byte AutoSeededX917RNG<BLOCK_CIPHER>::GenerateByte() { byte b = m_rng->GenerateByte(); - if (FIPS_140_2_ComplianceEnabled()) + // for FIPS 140-2 + m_isDifferent = m_isDifferent || b != m_lastBlock[m_counter]; + m_lastBlock[m_counter] = b; + ++m_counter; + if (m_counter == m_lastBlock.size()) { - m_isDifferent = m_isDifferent || b != m_lastBlock[m_counter]; - m_lastBlock[m_counter] = b; - ++m_counter; - if (m_counter == m_lastBlock.size()) - { - if (!m_isDifferent) - throw SelfTestFailure("AutoSeededX917RNG: Continuous random number generator test failed."); - m_counter = 0; - m_isDifferent = false; - } + if (!m_isDifferent) + throw SelfTestFailure("AutoSeededX917RNG: Continuous random number generator test failed."); + m_counter = 0; + m_isDifferent = false; } return b; diff --git a/c5/pkcspad.cpp b/c5/pkcspad.cpp index e94a1fd..e04ac9d 100644 --- a/c5/pkcspad.cpp +++ b/c5/pkcspad.cpp @@ -18,6 +18,9 @@ template<> const unsigned int PKCS_DigestDecoration<MD5>::length = sizeof(PKCS_D template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14}; template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration); +template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18}; +template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = sizeof(PKCS_DigestDecoration<Tiger>::decoration); + template<> const byte PKCS_DigestDecoration<SHA256>::decoration[] = {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}; template<> const unsigned int PKCS_DigestDecoration<SHA256>::length = sizeof(PKCS_DigestDecoration<SHA256>::decoration); @@ -27,11 +30,9 @@ template<> const unsigned int PKCS_DigestDecoration<SHA384>::length = sizeof(PKC template<> const byte PKCS_DigestDecoration<SHA512>::decoration[] = {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}; template<> const unsigned int PKCS_DigestDecoration<SHA512>::length = sizeof(PKCS_DigestDecoration<SHA512>::decoration); - - unsigned int PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(unsigned int paddedLength) const { - return paddedLength/8 > 10 ? paddedLength/8-10 : 0; + return SaturatingSubtract(paddedLength/8, 10U); } void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const @@ -72,7 +73,7 @@ DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsign // Require block type 2. invalid = (pkcsBlock[0] != 2) || invalid; - // skip past the padding until we find the seperator + // skip past the padding until we find the separator unsigned i=1; while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body } @@ -90,62 +91,36 @@ DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsign // ******************************************************** -unsigned int PKCS_SignaturePaddingScheme::MaxUnpaddedLength(unsigned int paddedLength) const -{ - return paddedLength/8 > 10 ? paddedLength/8-10 : 0; -} - -void PKCS_SignaturePaddingScheme::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const -{ - assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller - - // convert from bit length to byte length - if (pkcsBlockLen % 8 != 0) - { - pkcsBlock[0] = 0; - pkcsBlock++; - } - pkcsBlockLen /= 8; - - pkcsBlock[0] = 1; // block type 1 - - // padd with 0xff - memset(pkcsBlock+1, 0xff, pkcsBlockLen-inputLen-2); - - pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator - memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); -} - -DecodingResult PKCS_SignaturePaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output) const +void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen); + unsigned int digestSize = hash.DigestSize(); + if (digestSize + hashIdentifier.second + 10 > representativeBitLength/8) + throw PK_Signer::KeyTooShort(); + unsigned int pkcsBlockLen = representativeBitLength; // convert from bit length to byte length if (pkcsBlockLen % 8 != 0) { - if (pkcsBlock[0] != 0) - return DecodingResult(); - pkcsBlock++; + representative[0] = 0; + representative++; } pkcsBlockLen /= 8; - // Require block type 1. - if (pkcsBlock[0] != 1) - return DecodingResult(); - - // skip past the padding until we find the seperator - unsigned i=1; - while (i<pkcsBlockLen && pkcsBlock[i++]) - if (pkcsBlock[i-1] != 0xff) // not valid padding - return DecodingResult(); - assert(i==pkcsBlockLen || pkcsBlock[i-1]==0); + representative[0] = 1; // block type 1 - unsigned int outputLen = pkcsBlockLen - i; - if (outputLen > maxOutputLen) - return DecodingResult(); + byte *pPadding = representative + 1; + byte *pDigest = representative + pkcsBlockLen - digestSize; + byte *pHashId = pDigest - hashIdentifier.second; + byte *pSeparator = pHashId - 1; - memcpy (output, pkcsBlock+i, outputLen); - return DecodingResult(outputLen); + // pad with 0xff + memset(pPadding, 0xff, pSeparator-pPadding); + *pSeparator = 0; + memcpy(pHashId, hashIdentifier.first, hashIdentifier.second); + hash.Final(pDigest); } NAMESPACE_END diff --git a/c5/pkcspad.h b/c5/pkcspad.h index 347bd95..2e14a5e 100644 --- a/c5/pkcspad.h +++ b/c5/pkcspad.h @@ -6,8 +6,8 @@ NAMESPACE_BEGIN(CryptoPP) -/// <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a> -class PKCS_EncryptionPaddingScheme : public PK_PaddingAlgorithm +//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a> +class PKCS_EncryptionPaddingScheme : public PK_EncryptionMessageEncodingMethod { public: static const char * StaticAlgorithmName() {return "EME-PKCS1-v1_5";} @@ -17,50 +17,41 @@ public: DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const; }; -/// <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a> -class PKCS_SignaturePaddingScheme : public PK_PaddingAlgorithm +template <class H> struct PKCS_DigestDecoration { -public: - static const char * StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";} - - unsigned int MaxUnpaddedLength(unsigned int paddedLength) const; - void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const; - DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const; + static const byte decoration[]; + static const unsigned int length; }; -/// <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a> -template <class H> -class PKCS_DecoratedHashModule : public HashTransformationWithDefaultTruncation +//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a> +class PKCS1v15_SignatureMessageEncodingMethod : public PK_DeterministicSignatureMessageEncodingMethod { public: - static std::string StaticAlgorithmName() {return std::string("EMSA-PKCS1-v1_5(") + H::StaticAlgorithmName() + ")";} - - void Update(const byte *input, unsigned int length) - {h.Update(input, length);} - unsigned int DigestSize() const; - void Final(byte *digest); - void Restart() {h.Restart();} + static const char * StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";} -private: - H h; + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; + + struct HashIdentifierLookup + { + template <class H> struct HashIdentifierLookup2 + { + static HashIdentifier Lookup() + { + return HashIdentifier(PKCS_DigestDecoration<H>::decoration, PKCS_DigestDecoration<H>::length); + } + }; + }; }; -//! PKCS #1 version 1.5, for use with RSAES and RSASSA +//! PKCS #1 version 1.5, for use with RSAES and RSASS /*! The following hash functions are supported for signature: SHA, MD2, MD5, RIPEMD160, SHA256, SHA384, SHA512. */ struct PKCS1v15 : public SignatureStandard, public EncryptionStandard { - typedef PKCS_EncryptionPaddingScheme EncryptionPaddingAlgorithm; - - template <class H> struct SignaturePaddingAlgorithm {typedef PKCS_SignaturePaddingScheme type;}; - template <class H> struct DecoratedHashingAlgorithm {typedef PKCS_DecoratedHashModule<H> type;}; -}; - -template<> struct CryptoStandardTraits<PKCS1v15> : public PKCS1v15 {}; - -template <class H> struct PKCS_DigestDecoration -{ - static const byte decoration[]; - static const unsigned int length; + typedef PKCS_EncryptionPaddingScheme EncryptionMessageEncodingMethod; + typedef PKCS1v15_SignatureMessageEncodingMethod SignatureMessageEncodingMethod; }; // PKCS_DecoratedHashModule can be instantiated with the following @@ -69,24 +60,11 @@ class SHA; class MD2; class MD5; class RIPEMD160; +class Tiger; class SHA256; class SHA384; class SHA512; -template <class H> -void PKCS_DecoratedHashModule<H>::Final(byte *digest) -{ - const unsigned int decorationLen = PKCS_DigestDecoration<H>::length; - memcpy(digest, PKCS_DigestDecoration<H>::decoration, decorationLen); - h.Final(digest+decorationLen); -} - -template <class H> -unsigned int PKCS_DecoratedHashModule<H>::DigestSize() const -{ - return h.DigestSize() + PKCS_DigestDecoration<H>::length; // PKCS_DigestDecoration<H>::length; -} - NAMESPACE_END #endif diff --git a/c5/polynomi.cpp b/c5/polynomi.cpp index 168fff8..5607caf 100644 --- a/c5/polynomi.cpp +++ b/c5/polynomi.cpp @@ -473,7 +473,7 @@ void RingOfPolynomialsOver<T>::CalculateAlpha(std::vector<CoefficientType> &alph } template <class T> -RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const +typename RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const { assert(n > 0); diff --git a/c5/polynomi.h b/c5/polynomi.h index 3a327e5..ce4295e 100644 --- a/c5/polynomi.h +++ b/c5/polynomi.h @@ -164,8 +164,8 @@ template <class T, int instance> class PolynomialOverFixedRing : private Polynom public: typedef T Ring; typedef typename T::Element CoefficientType; - typedef B::DivideByZero DivideByZero; - typedef B::RandomizationParameter RandomizationParameter; + typedef typename B::DivideByZero DivideByZero; + typedef typename B::RandomizationParameter RandomizationParameter; //! \name CREATORS //@{ @@ -304,8 +304,8 @@ template <class T> class RingOfPolynomialsOver : public AbstractEuclideanDomain< public: typedef T CoefficientRing; typedef PolynomialOver<T> Element; - typedef Element::CoefficientType CoefficientType; - typedef Element::RandomizationParameter RandomizationParameter; + typedef typename Element::CoefficientType CoefficientType; + typedef typename Element::RandomizationParameter RandomizationParameter; RingOfPolynomialsOver(const CoefficientRing &ring) : m_ring(ring) {} diff --git a/c5/pssr.cpp b/c5/pssr.cpp new file mode 100644 index 0000000..5dc959a --- /dev/null +++ b/c5/pssr.cpp @@ -0,0 +1,126 @@ +// pssr.cpp - written and placed in the public domain by Wei Dai + +#include "pch.h" +#include "pssr.h" + +NAMESPACE_BEGIN(CryptoPP) + +template<> const byte EMSA2HashId<SHA>::id = 0x33; +template<> const byte EMSA2HashId<RIPEMD160>::id = 0x31; + +unsigned int PSSR_MEM_Base::MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const +{ + if (AllowRecovery()) + { + unsigned int saltLen = SaltLen(digestLength); + unsigned int minPadLen = MinPadLen(digestLength); + return SaturatingSubtract(representativeBitLength, 8*(minPadLen + saltLen + digestLength + hashIdentifierLength) + 9) / 8; + } + return 0; +} + +bool PSSR_MEM_Base::IsProbabilistic() const +{ + return SaltLen(1) > 0; +} + +bool PSSR_MEM_Base::AllowNonrecoverablePart() const +{ + return true; +} + +bool PSSR_MEM_Base::RecoverablePartFirst() const +{ + return false; +} + +void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const +{ + const unsigned int u = hashIdentifier.second + 1; + const unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + const unsigned int digestSize = hash.DigestSize(); + const unsigned int saltSize = SaltLen(digestSize); + byte *const h = representative + representativeByteLength - u - digestSize; + + SecByteBlock digest(digestSize), salt(saltSize); + hash.Final(digest); + rng.GenerateBlock(salt, saltSize); + + // compute H = hash of M' + byte c[8]; + UnalignedPutWord(BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); + UnalignedPutWord(BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); + hash.Update(c, 8); + hash.Update(recoverableMessage, recoverableMessageLength); + hash.Update(digest, digestSize); + hash.Update(salt, saltSize); + hash.Final(h); + + // compute representative + GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false); + byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1; + xorStart[0] ^= 1; + xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength); + xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size()); + memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second); + representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc; + if (representativeBitLength % 8 != 0) + representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); +} + +DecodingResult PSSR_MEM_Base::RecoverMessageFromRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength, + byte *recoverableMessage) const +{ + const unsigned int u = hashIdentifier.second + 1; + const unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + const unsigned int digestSize = hash.DigestSize(); + const unsigned int saltSize = SaltLen(digestSize); + const byte *const h = representative + representativeByteLength - u - digestSize; + + SecByteBlock digest(digestSize); + hash.Final(digest); + + DecodingResult result(0); + bool &valid = result.isValidCoding; + unsigned int &recoverableMessageLength = result.messageLength; + + valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid; + valid = (memcmp(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) == 0) && valid; + + GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize); + if (representativeBitLength % 8 != 0) + representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); + + // extract salt and recoverableMessage from DB = 00 ... || 01 || M || salt + byte *salt = representative + representativeByteLength - u - digestSize - saltSize; + byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0)); + if (*M == 0x01 && (unsigned int)(M - representative - (representativeBitLength % 8 != 0)) >= MinPadLen(digestSize)) + { + recoverableMessageLength = salt-M-1; + memcpy(recoverableMessage, M+1, recoverableMessageLength); + } + else + valid = false; + + // verify H = hash of M' + byte c[8]; + UnalignedPutWord(BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength)); + UnalignedPutWord(BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3)); + hash.Update(c, 8); + hash.Update(recoverableMessage, recoverableMessageLength); + hash.Update(digest, digestSize); + hash.Update(salt, saltSize); + valid = hash.Verify(h) && valid; + + if (!AllowRecovery() && valid && recoverableMessageLength != 0) + {throw NotImplemented("PSSR_MEM: message recovery disabled");} + + return result; +} + +NAMESPACE_END @@ -6,163 +6,80 @@ NAMESPACE_BEGIN(CryptoPP) -// TODO: implement standard variant of PSSR -template <class H, class MGF=P1363_MGF1<H> > -class PSSR : public SignatureEncodingMethodWithRecovery +class PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod { -public: - PSSR(unsigned int representativeBitLen); - PSSR(const byte *representative, unsigned int representativeBitLen); - ~PSSR() {} - void Update(const byte *input, unsigned int length); - unsigned int DigestSize() const {return BitsToBytes(representativeBitLen);} - void Restart() {h.Restart();} - void Encode(RandomNumberGenerator &rng, byte *representative); - bool Verify(const byte *representative); - DecodingResult Decode(byte *message); - unsigned int MaximumRecoverableLength() const {return MaximumRecoverableLength(representativeBitLen);} - static unsigned int MaximumRecoverableLength(unsigned int representativeBitLen); - static bool AllowLeftoverMessage() {return true;} - -protected: - static void EncodeRepresentative(byte *representative, unsigned int representativeBitLen, const byte *w, const byte *seed, const byte *m1, unsigned int m1Len); - static unsigned int DecodeRepresentative(const byte *representative, unsigned int representativeBitLen, byte *w, byte *seed, byte *m1); + virtual bool AllowRecovery() const =0; + virtual unsigned int SaltLen(unsigned int hashLen) const =0; + virtual unsigned int MinPadLen(unsigned int hashLen) const =0; + virtual const MaskGeneratingFunction & GetMGF() const =0; - unsigned int representativeBitLen, m1Len; - H h; - SecByteBlock m1, w, seed; +public: + unsigned int MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const; + bool IsProbabilistic() const; + bool AllowNonrecoverablePart() const; + bool RecoverablePartFirst() const; + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; + DecodingResult RecoverMessageFromRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength, + byte *recoverableMessage) const; }; -template <class H, class MGF> -PSSR<H,MGF>::PSSR(unsigned int representativeBitLen) - : representativeBitLen(representativeBitLen), m1Len(0) - , m1(MaximumRecoverableLength()), w(H::DIGESTSIZE), seed(H::DIGESTSIZE) -{ -} - -template <class H, class MGF> -PSSR<H,MGF>::PSSR(const byte *representative, unsigned int representativeBitLen) - : representativeBitLen(representativeBitLen), m1Len(0) - , m1(MaximumRecoverableLength()), w(H::DIGESTSIZE), seed(H::DIGESTSIZE) -{ - m1Len = DecodeRepresentative(representative, representativeBitLen, w, seed, m1); - h.Update(m1, m1Len); -} - -template <class H, class MGF> -void PSSR<H,MGF>::Update(const byte *input, unsigned int length) +template <class H> struct EMSA2HashId { - unsigned int m1LenInc = STDMIN(length, MaximumRecoverableLength() - m1Len); - memcpy(m1+m1Len, input, m1LenInc); - m1Len += m1LenInc; - h.Update(input, length); -} - -template <class H, class MGF> -void PSSR<H,MGF>::Encode(RandomNumberGenerator &rng, byte *representative) -{ - rng.GenerateBlock(seed, seed.size()); - h.Update(seed, seed.size()); - h.Final(w); - EncodeRepresentative(representative, representativeBitLen, w, seed, m1, m1Len); -} + static const byte id; +}; -template <class H, class MGF> -bool PSSR<H,MGF>::Verify(const byte *representative) -{ - SecByteBlock m1r(MaximumRecoverableLength()), wr(H::DIGESTSIZE); - unsigned int m1rLen = DecodeRepresentative(representative, representativeBitLen, wr, seed, m1r); - h.Update(seed, seed.size()); - h.Final(w); - return m1Len==m1rLen && memcmp(m1, m1r, m1Len)==0 && w==wr; -} +// EMSA2HashId can be instantiated with the following two classes. +class SHA; +class RIPEMD160; -template <class H, class MGF> -DecodingResult PSSR<H,MGF>::Decode(byte *message) +template <class BASE> +class EMSA2HashIdLookup : public BASE { - SecByteBlock wh(H::DIGESTSIZE); - h.Update(seed, seed.size()); - h.Final(wh); - if (wh == w) +public: + struct HashIdentifierLookup { - memcpy(message, m1, m1Len); - return DecodingResult(m1Len); - } - else - return DecodingResult(); -} + template <class H> struct HashIdentifierLookup2 + { + static HashIdentifier Lookup() + { + return HashIdentifier(&EMSA2HashId<H>::id, 1); + } + }; + }; +}; -template <class H, class MGF> -unsigned int PSSR<H,MGF>::MaximumRecoverableLength(unsigned int paddedLength) -{ - return paddedLength/8 > 1+2*H::DIGESTSIZE ? paddedLength/8-1-2*H::DIGESTSIZE : 0; -} +template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId; +template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {}; +template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {}; -template <class H, class MGF> -void PSSR<H,MGF>::EncodeRepresentative(byte *pssrBlock, unsigned int pssrBlockLen, const byte *w, const byte *seed, const byte *m1, unsigned int m1Len) +template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false> +class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID> { - assert (m1Len <= MaximumRecoverableLength(pssrBlockLen)); - - // convert from bit length to byte length - if (pssrBlockLen % 8 != 0) - { - pssrBlock[0] = 0; - pssrBlock++; - } - pssrBlockLen /= 8; - - const unsigned int hLen = H::DIGESTSIZE; - const unsigned int wLen = hLen, seedLen = hLen, dbLen = pssrBlockLen-wLen-seedLen; - byte *const maskedSeed = pssrBlock+wLen; - byte *const maskedDB = pssrBlock+wLen+seedLen; + virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} + virtual unsigned int SaltLen(unsigned int hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} + virtual unsigned int MinPadLen(unsigned int hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} + virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} - memcpy(pssrBlock, w, wLen); - memcpy(maskedSeed, seed, seedLen); - memset(maskedDB, 0, dbLen-m1Len-1); - maskedDB[dbLen-m1Len-1] = 0x01; - memcpy(maskedDB+dbLen-m1Len, m1, m1Len); - - MGF::GenerateAndMask(maskedSeed, seedLen+dbLen, w, wLen); -} +public: + static std::string StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} +}; -template <class H, class MGF> -unsigned int PSSR<H,MGF>::DecodeRepresentative(const byte *pssrBlock, unsigned int pssrBlockLen, byte *w, byte *seed, byte *m1) +//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a> +struct PSSR : public SignatureStandard { - // convert from bit length to byte length - if (pssrBlockLen % 8 != 0) - { - if (pssrBlock[0] != 0) - return 0; - pssrBlock++; - } - pssrBlockLen /= 8; - - const unsigned int hLen = H::DIGESTSIZE; - const unsigned int wLen = hLen, seedLen = hLen, dbLen = pssrBlockLen-wLen-seedLen; - - if (pssrBlockLen < 2*hLen+1) - return 0; - - memcpy(w, pssrBlock, wLen); - SecByteBlock t(pssrBlock+wLen, pssrBlockLen-wLen); - byte *const maskedSeed = t; - byte *const maskedDB = t+seedLen; - - MGF::GenerateAndMask(maskedSeed, seedLen+dbLen, w, wLen); - memcpy(seed, maskedSeed, seedLen); - - // DB = 00 ... || 01 || M + typedef PSSR_MEM<true> SignatureMessageEncodingMethod; +}; - byte *M = std::find_if(maskedDB, maskedDB+dbLen, std::bind2nd(std::not_equal_to<byte>(), 0)); - if (M!=maskedDB+dbLen && *M == 0x01) - { - M++; - memcpy(m1, M, maskedDB+dbLen-M); - return maskedDB+dbLen-M; - } - else - return 0; -} +//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a> +struct PSS : public SignatureStandard +{ + typedef PSSR_MEM<false> SignatureMessageEncodingMethod; +}; NAMESPACE_END diff --git a/c5/pubkey.cpp b/c5/pubkey.cpp index 94dc271..0002589 100644 --- a/c5/pubkey.cpp +++ b/c5/pubkey.cpp @@ -5,44 +5,108 @@ NAMESPACE_BEGIN(CryptoPP) -void TF_DigestSignerBase::SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLen, byte *signature) const +void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart) { - assert(digestLen <= MaxDigestLength()); + ArraySink *sink; + HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength)); + word32 counter = counterStart; + while (sink->AvailableSize() > 0) + { + filter.Put(input, inputLength); + filter.PutWord32(counter++); + filter.MessageEnd(); + } +} - SecByteBlock paddedBlock(PaddedBlockByteLength()); - GetPaddingAlgorithm().Pad(rng, digest, digestLen, paddedBlock, PaddedBlockBitLength()); - GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, Integer(paddedBlock, paddedBlock.size())).Encode(signature, DigestSignatureLength()); +bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const +{ + SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength)); + ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength); + return memcmp(representative, computedRepresentative, computedRepresentative.size()) == 0; } -bool TF_DigestVerifierBase::VerifyDigest(const byte *digest, unsigned int digestLen, const byte *signature) const +bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - SecByteBlock paddedBlock(PaddedBlockByteLength()); - Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, DigestSignatureLength())); - if (x.ByteCount() > paddedBlock.size()) + SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize())); + DecodingResult result = RecoverMessageFromRepresentative( + hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage); + return result.isValidCoding && result.messageLength == 0; +} + +void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const +{ + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + const MessageEncodingInterface &mei = GetMessageEncodingInterface(); + unsigned int maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize()); + + if (maxRecoverableLength == 0) + {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");} + if (recoverableMessageLength > maxRecoverableLength) + throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm"); + + ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); + mei.ProcessRecoverableMessage( + ma.AccessHash(), + recoverableMessage, recoverableMessageLength, + NULL, 0, ma.m_semisignature); +} + +unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const +{ + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + SecByteBlock representative(MessageRepresentativeLength()); + GetMessageEncodingInterface().ComputeMessageRepresentative(rng, + ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, + representative, MessageRepresentativeBitLength()); + ma.m_empty = true; + + Integer r(representative, representative.size()); + unsigned int signatureLength = SignatureLength(); + GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength); + return signatureLength; +} + +void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const +{ + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + ma.m_representative.New(MessageRepresentativeLength()); + Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength)); + if (x.BitCount() > MessageRepresentativeBitLength()) x = Integer::Zero(); // don't return false here to prevent timing attack - x.Encode(paddedBlock, paddedBlock.size()); - if (GetPaddingAlgorithm().IsReversible()) - { - SecByteBlock recoveredDigest(MaxDigestLength()); - DecodingResult result = GetPaddingAlgorithm().Unpad(paddedBlock, PaddedBlockBitLength(), recoveredDigest); - return result == DecodingResult(digestLen) && memcmp(digest, recoveredDigest, digestLen) == 0; - } - else - { - SecByteBlock paddedBlock2(PaddedBlockByteLength()); - GetPaddingAlgorithm().Pad(NullRNG(), digest, digestLen, paddedBlock2, PaddedBlockBitLength()); - return paddedBlock == paddedBlock2; - } + x.Encode(ma.m_representative, ma.m_representative.size()); +} + +bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const +{ + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + bool result = GetMessageEncodingInterface().VerifyMessageRepresentative( + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength()); + ma.m_empty = true; + return result; +} + +DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const +{ + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative( + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage); + ma.m_empty = true; + return result; } -DecodingResult TF_DecryptorBase::FixedLengthDecrypt(const byte *cipherText, byte *plainText) const +DecodingResult TF_DecryptorBase::FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const { SecByteBlock paddedBlock(PaddedBlockByteLength()); - Integer x = GetTrapdoorFunctionInterface().CalculateInverse(Integer(cipherText, FixedCiphertextLength())); + Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(cipherText, FixedCiphertextLength())); if (x.ByteCount() > paddedBlock.size()) x = Integer::Zero(); // don't return false here to prevent timing attack x.Encode(paddedBlock, paddedBlock.size()); - return GetPaddingAlgorithm().Unpad(paddedBlock, PaddedBlockBitLength(), plainText); + return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plainText); } void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const @@ -51,7 +115,7 @@ void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText throw InvalidArgument(AlgorithmName() + ": message too long for this public key"); SecByteBlock paddedBlock(PaddedBlockByteLength()); - GetPaddingAlgorithm().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength()); + GetMessageEncodingInterface().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength()); GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(cipherText, FixedCiphertextLength()); } diff --git a/c5/pubkey.h b/c5/pubkey.h index 7331883..a31d536 100644 --- a/c5/pubkey.h +++ b/c5/pubkey.h @@ -47,15 +47,6 @@ NAMESPACE_BEGIN(CryptoPP) Integer NR_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen); Integer DSA_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen); -template <typename STANDARD> -struct CryptoStandardTraits -{ - typedef typename STANDARD::EncryptionPaddingAlgorithm EncryptionPaddingAlgorithm; - - template <class H> class SignaturePaddingAlgorithm {}; - template <class H> class DecoratedHashingAlgorithm {}; -}; - // ******************************************************** //! . @@ -75,6 +66,7 @@ class RandomizedTrapdoorFunction : public TrapdoorFunctionBounds { public: virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0; + virtual bool IsRandomized() const {return true;} }; //! . @@ -83,6 +75,7 @@ class TrapdoorFunction : public RandomizedTrapdoorFunction public: Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const {return ApplyFunction(x);} + bool IsRandomized() const {return false;} virtual Integer ApplyFunction(const Integer &x) const =0; }; @@ -94,6 +87,7 @@ public: virtual ~RandomizedTrapdoorFunctionInverse() {} virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0; + virtual bool IsRandomized() const {return true;} }; //! . @@ -103,50 +97,42 @@ public: virtual ~TrapdoorFunctionInverse() {} Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const - {return CalculateInverse(x);} + {return CalculateInverse(rng, x);} + bool IsRandomized() const {return false;} - virtual Integer CalculateInverse(const Integer &x) const =0; + virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0; }; // ******************************************************** //! . -class PK_PaddingAlgorithm +class PK_EncryptionMessageEncodingMethod { public: - virtual ~PK_PaddingAlgorithm() {} + virtual ~PK_EncryptionMessageEncodingMethod() {} + //! max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of modulus) virtual unsigned int MaxUnpaddedLength(unsigned int paddedLength) const =0; virtual void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedBitLength) const =0; virtual DecodingResult Unpad(const byte *padded, unsigned int paddedBitLength, byte *raw) const =0; - - virtual bool IsReversible() const {return true;} -}; - -//! . -class PK_NonreversiblePaddingAlgorithm : public PK_PaddingAlgorithm -{ - DecodingResult Unpad(const byte *padded, unsigned int paddedBitLength, byte *raw) const {assert(false); return DecodingResult();} - bool IsReversible() const {return false;} }; // ******************************************************** //! . -template <class TFI> +template <class TFI, class MEI> class TF_Base { protected: - unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} - virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0; - virtual const PK_PaddingAlgorithm & GetPaddingAlgorithm() const =0; - virtual unsigned int PaddedBlockBitLength() const =0; typedef TFI TrapdoorFunctionInterface; virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const =0; + + typedef MEI MessageEncodingInterface; + virtual const MessageEncodingInterface & GetMessageEncodingInterface() const =0; }; // ******************************************************** @@ -156,22 +142,23 @@ template <class INTERFACE, class BASE> class TF_CryptoSystemBase : public INTERFACE, protected BASE { public: - unsigned int FixedMaxPlaintextLength() const {return GetPaddingAlgorithm().MaxUnpaddedLength(PaddedBlockBitLength());} + unsigned int FixedMaxPlaintextLength() const {return GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());} unsigned int FixedCiphertextLength() const {return GetTrapdoorFunctionBounds().MaxImage().ByteCount();} protected: + unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().PreimageBound().BitCount()-1;} }; //! . -class TF_DecryptorBase : public TF_CryptoSystemBase<PK_FixedLengthDecryptor, TF_Base<TrapdoorFunctionInverse> > +class TF_DecryptorBase : public TF_CryptoSystemBase<PK_FixedLengthDecryptor, TF_Base<TrapdoorFunctionInverse, PK_EncryptionMessageEncodingMethod> > { public: - DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const; + DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const; }; //! . -class TF_EncryptorBase : public TF_CryptoSystemBase<PK_FixedLengthEncryptor, TF_Base<RandomizedTrapdoorFunction> > +class TF_EncryptorBase : public TF_CryptoSystemBase<PK_FixedLengthEncryptor, TF_Base<RandomizedTrapdoorFunction, PK_EncryptionMessageEncodingMethod> > { public: void Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const; @@ -179,67 +166,192 @@ public: // ******************************************************** +typedef std::pair<const byte *, unsigned int> HashIdentifier; + //! . -class DigestSignatureSystem +class PK_SignatureMessageEncodingMethod { public: - virtual unsigned int MaxDigestLength() const =0; - virtual unsigned int DigestSignatureLength() const =0; + virtual ~PK_SignatureMessageEncodingMethod() {} + + virtual unsigned int MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const + {return 0;} + + bool IsProbabilistic() const + {return true;} + bool AllowNonrecoverablePart() const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + virtual bool RecoverablePartFirst() const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + // for verification, DL + virtual void ProcessSemisignature(HashTransformation &hash, const byte *semisignature, unsigned int semisignatureLength) const {} + + // for signature + virtual void ProcessRecoverableMessage(HashTransformation &hash, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + const byte *presignature, unsigned int presignatureLength, + SecByteBlock &semisignature) const + { + if (RecoverablePartFirst()) + assert(!"ProcessRecoverableMessage() not implemented"); + } + + virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const =0; + + virtual bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const =0; + + virtual DecodingResult RecoverMessageFromRepresentative( // for TF + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength, + byte *recoveredMessage) const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + virtual DecodingResult RecoverMessageFromSemisignature( // for DL + HashTransformation &hash, HashIdentifier hashIdentifier, + const byte *presignature, unsigned int presignatureLength, + const byte *semisignature, unsigned int semisignatureLength, + byte *recoveredMessage) const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + // VC60 workaround + struct HashIdentifierLookup + { + template <class H> struct HashIdentifierLookup2 + { + static HashIdentifier Lookup() + { + return HashIdentifier(NULL, 0); + } + }; + }; }; -//! . -class DigestSigner : virtual public DigestSignatureSystem, public PrivateKeyAlgorithm +class PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod { public: - virtual void SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLen, byte *signature) const =0; + bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; }; -//! . -class DigestVerifier : virtual public DigestSignatureSystem, public PublicKeyAlgorithm +class PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod { public: - virtual bool VerifyDigest(const byte *digest, unsigned int digestLen, const byte *sig) const =0; + bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; }; -// ******************************************************** +class DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; +}; + +class DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; +}; + +class PK_MessageAccumulatorBase : public PK_MessageAccumulator +{ +public: + PK_MessageAccumulatorBase() : m_empty(true) {} + + virtual HashTransformation & AccessHash() =0; + + void Update(const byte *input, unsigned int length) + { + AccessHash().Update(input, length); + m_empty = m_empty && length == 0; + } + + SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature; + Integer m_k, m_s; + bool m_empty; +}; + +template <class HASH_ALGORITHM> +class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder<HASH_ALGORITHM> +{ +public: + HashTransformation & AccessHash() {return m_object;} +}; //! . template <class INTERFACE, class BASE> -class TF_DigestSignatureSystemBase : public INTERFACE, protected BASE +class TF_SignatureSchemeBase : public INTERFACE, protected BASE { public: - unsigned int MaxDigestLength() const {return GetPaddingAlgorithm().MaxUnpaddedLength(PaddedBlockBitLength());} - unsigned int DigestSignatureLength() const {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} + unsigned int SignatureLength() const + {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} + unsigned int MaxRecoverableLength() const + {return GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());} + unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const + {return MaxRecoverableLength();} + + bool IsProbabilistic() const + {return GetTrapdoorFunctionInterface().IsRandomized() || GetMessageEncodingInterface().IsProbabilistic();} + bool AllowNonrecoverablePart() const + {return GetMessageEncodingInterface().AllowNonrecoverablePart();} + bool RecoverablePartFirst() const + {return GetMessageEncodingInterface().RecoverablePartFirst();} protected: - unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;} + unsigned int MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} + unsigned int MessageRepresentativeBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;} + virtual HashIdentifier GetHashIdentifier() const =0; + virtual unsigned int GetDigestSize() const =0; }; //! . -class TF_DigestSignerBase : public TF_DigestSignatureSystemBase<DigestSigner, TF_Base<RandomizedTrapdoorFunctionInverse> > +class TF_SignerBase : public TF_SignatureSchemeBase<PK_Signer, TF_Base<RandomizedTrapdoorFunctionInverse, PK_SignatureMessageEncodingMethod> > { public: - void SignDigest(RandomNumberGenerator &rng, const byte *message, unsigned int messageLength, byte *signature) const; + void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const; + unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const; }; //! . -class TF_DigestVerifierBase : public TF_DigestSignatureSystemBase<DigestVerifier, TF_Base<TrapdoorFunction> > +class TF_VerifierBase : public TF_SignatureSchemeBase<PK_Verifier, TF_Base<TrapdoorFunction, PK_SignatureMessageEncodingMethod> > { public: - bool VerifyDigest(const byte *digest, unsigned int digestLen, const byte *sig) const; + void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const; + bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const; + DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const; }; // ******************************************************** //! . template <class T1, class T2, class T3> -struct TF_SchemeOptions +struct TF_CryptoSchemeOptions { typedef T1 AlgorithmInfo; typedef T2 Keys; typedef typename Keys::PrivateKey PrivateKey; typedef typename Keys::PublicKey PublicKey; - typedef T3 PaddingAlgorithm; + typedef T3 MessageEncodingMethod; +}; + +//! . +template <class T1, class T2, class T3, class T4> +struct TF_SignatureSchemeOptions : public TF_CryptoSchemeOptions<T1, T2, T3> +{ + typedef T4 HashFunction; }; //! . @@ -279,9 +391,24 @@ public: const KeyClass & GetTrapdoorFunction() const {return GetKey();} protected: - const PK_PaddingAlgorithm & GetPaddingAlgorithm() const {static typename SCHEME_OPTIONS::PaddingAlgorithm paddingScheme; return paddingScheme;} - const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return GetKey();} - const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const {return GetKey();} + const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface() const + {static typename SCHEME_OPTIONS::MessageEncodingMethod messageEncodingMethod; return messageEncodingMethod;} + const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const + {return GetKey();} + const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const + {return GetKey();} + + // for signature scheme + HashIdentifier GetHashIdentifier() const + { + typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L; + return L::Lookup(); + } + unsigned int GetDigestSize() const + { + typedef CPP_TYPENAME SchemeOptions::HashFunction H; + return H::DIGESTSIZE; + } }; //! . @@ -345,267 +472,69 @@ class TF_EncryptorImpl : public TF_PublicObjectImpl<TF_EncryptorBase, SCHEME_OPT //! . template <class SCHEME_OPTIONS> -class TF_DigestSignerImpl : public TF_PrivateObjectImpl<TF_DigestSignerBase, SCHEME_OPTIONS> +class TF_SignerImpl : public TF_PrivateObjectImpl<TF_SignerBase, SCHEME_OPTIONS> { + PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const + { + return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; + } }; //! . template <class SCHEME_OPTIONS> -class TF_DigestVerifierImpl : public TF_PublicObjectImpl<TF_DigestVerifierBase, SCHEME_OPTIONS> -{ -}; - -// ******************************************************** - -//! . -template <class H> -class P1363_MGF1 -{ -public: - static std::string StaticAlgorithmName() {return std::string("MGF1(") + H::StaticAlgorithmName() + ")";} - static void GenerateAndMask(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength); -}; - -template <class H> -void P1363_MGF1<H>::GenerateAndMask(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength) +class TF_VerifierImpl : public TF_PublicObjectImpl<TF_VerifierBase, SCHEME_OPTIONS> { - H h; - ArrayXorSink *sink; - HashFilter filter(h, sink = new ArrayXorSink(output, outputLength)); - word32 counter = 0; - while (sink->AvailableSize() > 0) + PK_MessageAccumulator * NewVerificationAccumulator() const { - filter.Put(input, inputLength); - filter.PutWord32(counter++); - filter.MessageEnd(); + return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; } -} - -// ******************************************************** - -//! . -template <class H> -class P1363_KDF2 -{ -public: - static void DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength); }; -template <class H> -void P1363_KDF2<H>::DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength) -{ - H h; - ArraySink *sink; - HashFilter filter(h, sink = new ArraySink(output, outputLength)); - word32 counter = 1; - while (sink->AvailableSize() > 0) - { - filter.Put(input, inputLength); - filter.PutWord32(counter++); - filter.MessageEnd(); - } -} - // ******************************************************** -//! . -template <class H, class INTERFACE, class DS_INTERFACE> -class PK_SignatureSchemeBase : public INTERFACE -{ -public: - unsigned int SignatureLength() const {return GetDigestSignatureSchemeInterface().DigestSignatureLength();} - HashTransformation * NewMessageAccumulator() const {return new H;} - - virtual const DS_INTERFACE & GetDigestSignatureSchemeInterface() const =0; -}; - -//! . -template <class H> -class PK_SignerBase : public PK_SignatureSchemeBase<H, PK_Signer, DigestSigner> -{ -public: - void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const; -}; - -//! . -template <class H> -class PK_VerifierBase : public PK_SignatureSchemeBase<H, PK_Verifier, DigestVerifier> +class MaskGeneratingFunction { public: - bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const; + virtual ~MaskGeneratingFunction() {} + virtual void GenerateAndMask(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask = true) const =0; }; -template <class H> -void PK_SignerBase<H>::SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const -{ - if (messageAccumulator.DigestSize() > GetDigestSignatureSchemeInterface().MaxDigestLength()) - throw PK_Signer::KeyTooShort(); - SecByteBlock digest(messageAccumulator.DigestSize()); - messageAccumulator.Final(digest); - GetDigestSignatureSchemeInterface().SignDigest(rng, digest, digest.size(), signature); -} - -template <class H> -bool PK_VerifierBase<H>::VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const -{ - SecByteBlock digest(messageAccumulator.DigestSize()); - messageAccumulator.Final(digest); - return GetDigestSignatureSchemeInterface().VerifyDigest(digest, digest.size(), sig); -} +void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart); //! . -template <class BASE, class DS> -class PK_SignatureSchemeImpl : public BASE +class P1363_MGF1 : public MaskGeneratingFunction { public: - typedef typename DS::KeyClass KeyClass; - - // PublicKeyAlgorithm or PrivateKeyAlgorithm - std::string AlgorithmName() const {return m_ds.AlgorithmName();} - - PrivateKey & AccessPrivateKey() {return m_ds.AccessPrivateKey();} - const PrivateKey & GetPrivateKey() const {return m_ds.GetPrivateKey();} - - PublicKey & AccessPublicKey() {return m_ds.AccessPublicKey();} - const PublicKey & GetPublicKey() const {return m_ds.GetPublicKey();} - - KeyClass & AccessKey() {return m_ds.AccessKey();} - const KeyClass & GetKey() const {return m_ds.GetKey();} - - const KeyClass & GetTrapdoorFunction() const {return m_ds.GetTrapdoorFunction();} - - DS & AccessDigestSignatureScheme() {return m_ds;} - const DS & GetDigestSignatureScheme() const {return m_ds;} - -protected: - DS m_ds; -}; - -//! . -template <class DS, class H> -class PK_SignerImpl : public PK_SignatureSchemeImpl<PK_SignerBase<H>, DS>, public PrivateKeyCopier<typename DS::SchemeOptions> -{ - const DigestSigner & GetDigestSignatureSchemeInterface() const {return m_ds;} -public: - // PrivateKeyCopier - void CopyKeyInto(typename DS::SchemeOptions::PublicKey &key) const - {m_ds.CopyKeyInto(key);} - void CopyKeyInto(typename DS::SchemeOptions::PrivateKey &key) const - {m_ds.CopyKeyInto(key);} -}; - -//! . -template <class DS, class H> -class PK_VerifierImpl : public PK_SignatureSchemeImpl<PK_VerifierBase<H>, DS>, public PublicKeyCopier<typename DS::SchemeOptions> -{ - const DigestVerifier & GetDigestSignatureSchemeInterface() const {return m_ds;} -public: - // PublicKeyCopier - void CopyKeyInto(typename DS::SchemeOptions::PublicKey &key) const - {m_ds.CopyKeyInto(key);} + static const char * StaticAlgorithmName() {return "MGF1";} +#if 0 + // VC60 workaround: this function causes internal compiler error + template <class H> + static void GenerateAndMaskTemplate(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, H* dummy=NULL) + { + H h; + P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, mask, 0); + } +#endif + void GenerateAndMask(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask = true) const + { + P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, mask, 0); + } }; // ******************************************************** //! . -class SignatureEncodingMethodWithRecovery : public HashTransformationWithDefaultTruncation -{ -public: - void Final(byte *digest) {} - virtual void Encode(RandomNumberGenerator &rng, byte *representative) =0; - virtual bool Verify(const byte *representative) =0; - virtual DecodingResult Decode(byte *message) =0; - virtual unsigned int MaximumRecoverableLength() const =0; -}; - -//! . template <class H> -class SignatureSystemWithRecoveryBaseTemplate : virtual public PK_SignatureSchemeWithRecovery -{ -public: - unsigned int SignatureLength() const {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} - HashTransformation * NewMessageAccumulator() const {return new H(PaddedBlockBitLength());} - unsigned int MaximumRecoverableLength() const {return H::MaximumRecoverableLength(PaddedBlockBitLength());} - bool AllowLeftoverMessage() const {return H::AllowLeftoverMessage();} - -protected: - unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} - unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;} - - virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0; -}; - -//! . -template <class TF, class H> -class SignerWithRecoveryTemplate : virtual public SignatureSystemWithRecoveryBaseTemplate<H>, virtual public PK_SignerWithRecovery, public TF -{ -public: - typedef TF KeyClass; - - const KeyClass & GetKey() const {return *this;} - KeyClass & AccessKey() {return *this;} - - PrivateKey & AccessPrivateKey() {return *this;} - - SignerWithRecoveryTemplate() {} - void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const; - const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return *this;} -}; - -//! . -template <class TF, class H> -class VerifierWithRecoveryTemplate : virtual public SignatureSystemWithRecoveryBaseTemplate<H>, virtual public PK_VerifierWithRecovery, public TF +class P1363_KDF2 { public: - typedef TF KeyClass; - - const KeyClass & GetKey() const {return *this;} - KeyClass & AccessKey() {return *this;} - - PublicKey & AccessPublicKey() {return *this;} - - VerifierWithRecoveryTemplate() {} - bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const; - bool SignatureUpfrontForRecovery() const {return true;} - HashTransformation * NewRecoveryAccumulator(const byte *signature) const; - DecodingResult Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature) const; - const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return *this;} + static void DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength) + { + H h; + P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, false, 1); + } }; -template <class TF, class H> -void SignerWithRecoveryTemplate<TF, H>::SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const -{ - H &ma = static_cast<H&>(messageAccumulator); - if (ma.MaximumRecoverableLength() == 0) - throw KeyTooShort(); - SecByteBlock representative(PaddedBlockByteLength()); - ma.Encode(rng, representative); - CalculateInverse(Integer(representative, representative.size())).Encode(signature, SignatureLength()); -} - -template <class TF, class H> -bool VerifierWithRecoveryTemplate<TF, H>::VerifyAndRestart(HashTransformation &messageAccumulator, const byte *signature) const -{ - SecByteBlock representative(PaddedBlockByteLength()); - ApplyFunction(Integer(signature, SignatureLength())).Encode(representative, representative.size()); - return messageAccumulator.Verify(representative); -} - -template <class TF, class H> -HashTransformation * VerifierWithRecoveryTemplate<TF, H>::NewRecoveryAccumulator(const byte *signature) const -{ - SecByteBlock representative(PaddedBlockByteLength()); - ApplyFunction(Integer(signature, SignatureLength())).Encode(representative, representative.size()); - return new H(representative, PaddedBlockBitLength()); -} - -template <class TF, class H> -DecodingResult VerifierWithRecoveryTemplate<TF, H>::Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature) const -{ - std::auto_ptr<H> ma(static_cast<H*>(recoveryAccumulator)); - return ma->Decode(recoveredMessage); -} - // ******************************************************** // to be thrown by DecodeElement and AgreeWithStaticPrivateKey @@ -745,8 +674,7 @@ public: bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { - return GetAbstractGroupParameters().GetVoidValue(name, valueType, pValue) - || GetValueHelper(this, name, valueType, pValue) + return GetValueHelper(this, name, valueType, pValue, &GetAbstractGroupParameters()) CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement); } @@ -787,8 +715,7 @@ public: bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { - return GetAbstractGroupParameters().GetVoidValue(name, valueType, pValue) - || GetValueHelper(this, name, valueType, pValue) + return GetValueHelper(this, name, valueType, pValue, &GetAbstractGroupParameters()) CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent); } @@ -930,7 +857,7 @@ public: { typename SIGNATURE_SCHEME::Signer signer(*this); typename SIGNATURE_SCHEME::Verifier verifier(signer); - SignaturePairwiseConsistencyTest(signer, verifier); + SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); } } }; @@ -1001,9 +928,11 @@ template <class T> class DL_ElgamalLikeSignatureAlgorithm { public: - virtual Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLength) const =0; - virtual bool Sign(const DL_GroupParameters<T> ¶ms, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0; +// virtual Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLength) const =0; + virtual void Sign(const DL_GroupParameters<T> ¶ms, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0; virtual bool Verify(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const =0; + virtual Integer RecoverPresignature(const DL_GroupParameters<T> ¶ms, const DL_PublicKey<T> &publicKey, const Integer &r, const Integer &s) const + {throw NotImplemented("DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");} virtual unsigned int RLen(const DL_GroupParameters<T> ¶ms) const {return params.GetSubgroupOrder().ByteCount();} virtual unsigned int SLen(const DL_GroupParameters<T> ¶ms) const @@ -1057,23 +986,39 @@ protected: //! . template <class INTERFACE, class KEY_INTERFACE> -class DL_DigestSignatureSystemBase : public INTERFACE, public DL_Base<KEY_INTERFACE> +class DL_SignatureSchemeBase : public INTERFACE, public DL_Base<KEY_INTERFACE> { public: - unsigned int MaxDigestLength() const {return UINT_MAX;} - unsigned int DigestSignatureLength() const + unsigned int SignatureLength() const { return GetSignatureAlgorithm().RLen(GetAbstractGroupParameters()) + GetSignatureAlgorithm().SLen(GetAbstractGroupParameters()); } + unsigned int MaxRecoverableLength() const + {return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());} + unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const + {assert(false); return 0;} // TODO + + bool IsProbabilistic() const + {return true;} + bool AllowNonrecoverablePart() const + {return GetMessageEncodingInterface().AllowNonrecoverablePart();} + bool RecoverablePartFirst() const + {return GetMessageEncodingInterface().RecoverablePartFirst();} protected: + unsigned int MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} + unsigned int MessageRepresentativeBitLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().BitCount();} + virtual const DL_ElgamalLikeSignatureAlgorithm<CPP_TYPENAME KEY_INTERFACE::Element> & GetSignatureAlgorithm() const =0; + virtual const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const =0; + virtual HashIdentifier GetHashIdentifier() const =0; + virtual unsigned int GetDigestSize() const =0; }; //! . template <class T> -class DL_DigestSignerBase : public DL_DigestSignatureSystemBase<DigestSigner, DL_PrivateKey<T> > +class DL_SignerBase : public DL_SignatureSchemeBase<PK_Signer, DL_PrivateKey<T> > { public: // for validation testing @@ -1083,47 +1028,132 @@ public: const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); const DL_PrivateKey<T> &key = GetKeyInterface(); + r = params.ConvertElementToInteger(params.ExponentiateBase(k)); alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); } - void SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLength, byte *signature) const + void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const + { + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); + GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(), + recoverableMessage, recoverableMessageLength, + ma.m_presignature, ma.m_presignature.size(), + ma.m_semisignature); + } + + unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const { + GetMaterial().DoQuickSanityCheck(); + + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm(); const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); const DL_PrivateKey<T> &key = GetKeyInterface(); - GetMaterial().DoQuickSanityCheck(); - const Integer &q = params.GetSubgroupOrder(); - Integer e = alg.EncodeDigest(q.BitCount(), digest, digestLength); - Integer k, r, s; - - do {k.Randomize(rng, 1, params.GetSubgroupOrder()-1);} - while (!alg.Sign(params, key.GetPrivateExponent(), k, e, r, s)); + SecByteBlock representative(MessageRepresentativeLength()); + GetMessageEncodingInterface().ComputeMessageRepresentative( + rng, + ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, + representative, MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + Integer r; + if (MaxRecoverableLength() > 0) + r.Decode(ma.m_semisignature, ma.m_semisignature.size()); + else + r.Decode(ma.m_presignature, ma.m_presignature.size()); + Integer s; + alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s); unsigned int rLen = alg.RLen(params); r.Encode(signature, rLen); s.Encode(signature+rLen, alg.SLen(params)); + + if (restart) + RestartMessageAccumulator(rng, ma); + + return SignatureLength(); + } + +protected: + void RestartMessageAccumulator(RandomNumberGenerator &rng, PK_MessageAccumulatorBase &ma) const + { + const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm(); + const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); + ma.m_k.Randomize(rng, 1, params.GetSubgroupOrder()-1); + ma.m_presignature.New(params.GetEncodedElementSize(false)); + params.ConvertElementToInteger(params.ExponentiateBase(ma.m_k)).Encode(ma.m_presignature, ma.m_presignature.size()); } }; //! . template <class T> -class DL_DigestVerifierBase : public DL_DigestSignatureSystemBase<DigestVerifier, DL_PublicKey<T> > +class DL_VerifierBase : public DL_SignatureSchemeBase<PK_Verifier, DL_PublicKey<T> > { public: - bool VerifyDigest(const byte *digest, unsigned int digestLength, const byte *signature) const + void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const { + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm(); + const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); + + unsigned int rLen = alg.RLen(params); + ma.m_semisignature.Assign(signature, rLen); + ma.m_s.Decode(signature+rLen, alg.SLen(params)); + + GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size()); + } + + bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const + { + GetMaterial().DoQuickSanityCheck(); + + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm(); const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); const DL_PublicKey<T> &key = GetKeyInterface(); + SecByteBlock representative(MessageRepresentativeLength()); + GetMessageEncodingInterface().ComputeMessageRepresentative(NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, + representative, MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + Integer r(ma.m_semisignature, ma.m_semisignature.size()); + return alg.Verify(params, key, e, r, ma.m_s); + } + + DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const + { GetMaterial().DoQuickSanityCheck(); - const Integer &q = params.GetSubgroupOrder(); - Integer e = alg.EncodeDigest(q.BitCount(), digest, digestLength); - unsigned int rLen = alg.RLen(params); - Integer r(signature, rLen); - Integer s(signature+rLen, alg.SLen(params)); - return alg.Verify(params, key, e, r, s); + + PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm(); + const DL_GroupParameters<T> ¶ms = GetAbstractGroupParameters(); + const DL_PublicKey<T> &key = GetKeyInterface(); + + SecByteBlock representative(MessageRepresentativeLength()); + GetMessageEncodingInterface().ComputeMessageRepresentative( + NullRNG(), + ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), GetHashIdentifier(), ma.m_empty, + representative, MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + ma.m_presignature.New(params.GetEncodedElementSize(false)); + Integer r(ma.m_semisignature, ma.m_semisignature.size()); + alg.RecoverPresignature(params, key, r, ma.m_s).Encode(ma.m_presignature, ma.m_presignature.size()); + + return GetMessageEncodingInterface().RecoverMessageFromSemisignature( + ma.AccessHash(), GetHashIdentifier(), + ma.m_presignature, ma.m_presignature.size(), + ma.m_semisignature, ma.m_semisignature.size(), + recoveredMessage); } }; @@ -1159,7 +1189,7 @@ class DL_DecryptorBase : public DL_CryptoSystemBase<PK, DL_PrivateKey<T> > public: typedef T Element; - DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const + DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const { try { @@ -1237,10 +1267,12 @@ struct DL_KeyedSchemeOptions : public DL_SchemeOptionsBase<T1, typename T2::Publ }; //! . -template <class T1, class T2, class T3> +template <class T1, class T2, class T3, class T4, class T5> struct DL_SignatureSchemeOptions : public DL_KeyedSchemeOptions<T1, T2> { typedef T3 SignatureAlgorithm; + typedef T4 MessageEncodingMethod; + typedef T5 HashFunction; }; //! . @@ -1272,6 +1304,18 @@ protected: typename BASE::KeyInterface & AccessKeyInterface() {return m_key;} const typename BASE::KeyInterface & GetKeyInterface() const {return m_key;} + // for signature scheme + HashIdentifier GetHashIdentifier() const + { + typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L; + return L::Lookup(); + } + unsigned int GetDigestSize() const + { + typedef CPP_TYPENAME SchemeOptions::HashFunction H; + return H::DIGESTSIZE; + } + private: KeyClass m_key; }; @@ -1292,6 +1336,10 @@ protected: {static typename SCHEME_OPTIONS::KeyDerivationAlgorithm a; return a;} const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const {static typename SCHEME_OPTIONS::SymmetricEncryptionAlgorithm a; return a;} + HashIdentifier GetHashIdentifier() const + {return HashIdentifier();} + const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const + {static typename SCHEME_OPTIONS::MessageEncodingMethod a; return a;} }; //! . @@ -1316,14 +1364,24 @@ public: //! . template <class SCHEME_OPTIONS> -class DL_DigestSignerImpl : public DL_PrivateObjectImpl<DL_DigestSignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS> +class DL_SignerImpl : public DL_PrivateObjectImpl<DL_SignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS> { + PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const + { + std::auto_ptr<PK_MessageAccumulatorBase> p(new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>); + RestartMessageAccumulator(rng, *p); + return p.release(); + } }; //! . template <class SCHEME_OPTIONS> -class DL_DigestVerifierImpl : public DL_PublicObjectImpl<DL_DigestVerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS> +class DL_VerifierImpl : public DL_PublicObjectImpl<DL_VerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS> { + PK_MessageAccumulator * NewVerificationAccumulator() const + { + return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>; + } }; //! . @@ -1578,14 +1636,14 @@ class TF_ES; template <class STANDARD, class KEYS, class ALG_INFO = TF_ES<STANDARD, KEYS, int> > class TF_ES : public KEYS { - typedef typename STANDARD::EncryptionPaddingAlgorithm PaddingAlgorithm; + typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod; public: //! see EncryptionStandard for a list of standards typedef STANDARD Standard; - typedef TF_SchemeOptions<ALG_INFO, KEYS, PaddingAlgorithm> SchemeOptions; + typedef TF_CryptoSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod> SchemeOptions; - static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + PaddingAlgorithm::StaticAlgorithmName();} + static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + MessageEncodingMethod::StaticAlgorithmName();} //! implements PK_Decryptor interface typedef PK_FinalTemplate<TF_DecryptorImpl<SchemeOptions> > Decryptor; @@ -1594,55 +1652,42 @@ public: }; template <class STANDARD, class H, class KEYS, class ALG_INFO> // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SSA; +class TF_SS; -//! Trapdoor Function Based Signature Scheme With Appendix -template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SSA<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter -class TF_SSA : public KEYS +//! Trapdoor Function Based Signature Scheme +template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SS<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter +class TF_SS : public KEYS { -#ifdef __GNUC__ - // GCC3 workaround: can't do this typedef in one line - typedef typename STANDARD::SignaturePaddingAlgorithm<H> Type1; - typedef typename Type1::type PaddingAlgorithm; - typedef typename STANDARD::DecoratedHashingAlgorithm<H> Type2; -public: - typedef typename Type2::type DecoratedHashAlgorithm; -#else - // VC60 workaround: using STANDARD directly causes internal compiler error - typedef CryptoStandardTraits<STANDARD> Traits; - typedef typename Traits::SignaturePaddingAlgorithm<H>::type PaddingAlgorithm; public: - typedef typename Traits::DecoratedHashingAlgorithm<H>::type DecoratedHashAlgorithm; -#endif - //! see SignatureStandard for a list of standards typedef STANDARD Standard; - typedef TF_SchemeOptions<ALG_INFO, KEYS, PaddingAlgorithm> SchemeOptions; + typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod; + typedef TF_SignatureSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod, H> SchemeOptions; - static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + PaddingAlgorithm::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} + static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + MessageEncodingMethod::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} //! implements PK_Signer interface - typedef PK_FinalTemplate<PK_SignerImpl<TF_DigestSignerImpl<SchemeOptions>, DecoratedHashAlgorithm> > Signer; + typedef PK_FinalTemplate<TF_SignerImpl<SchemeOptions> > Signer; //! implements PK_Verifier interface - typedef PK_FinalTemplate<PK_VerifierImpl<TF_DigestVerifierImpl<SchemeOptions>, DecoratedHashAlgorithm> > Verifier; + typedef PK_FinalTemplate<TF_VerifierImpl<SchemeOptions> > Verifier; }; -template <class KEYS, class SA, class H, class ALG_INFO> -class DL_SSA; +template <class KEYS, class SA, class MEM, class H, class ALG_INFO> +class DL_SS; -//! Discrete Log Based Signature Scheme With Appendix -template <class KEYS, class SA, class H, class ALG_INFO = DL_SSA<KEYS, SA, H, int> > -class DL_SSA : public KEYS +//! Discrete Log Based Signature Scheme +template <class KEYS, class SA, class MEM, class H, class ALG_INFO = DL_SS<KEYS, SA, MEM, H, int> > +class DL_SS : public KEYS { - typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA> SchemeOptions; + typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA, MEM, H> SchemeOptions; public: static std::string StaticAlgorithmName() {return SA::StaticAlgorithmName() + std::string("/EMSA1(") + H::StaticAlgorithmName() + ")";} //! implements PK_Signer interface - typedef PK_FinalTemplate<PK_SignerImpl<DL_DigestSignerImpl<SchemeOptions>, H> > Signer; + typedef PK_FinalTemplate<DL_SignerImpl<SchemeOptions> > Signer; //! implements PK_Verifier interface - typedef PK_FinalTemplate<PK_VerifierImpl<DL_DigestVerifierImpl<SchemeOptions>, H> > Verifier; + typedef PK_FinalTemplate<DL_VerifierImpl<SchemeOptions> > Verifier; }; //! Discrete Log Based Encryption Scheme diff --git a/c5/rabin.cpp b/c5/rabin.cpp index 80e96a6..7f85056 100644 --- a/c5/rabin.cpp +++ b/c5/rabin.cpp @@ -5,6 +5,7 @@ #include "nbtheory.h" #include "asn.h" #include "sha.h" +#include "modarith.h" #include "oaep.cpp" @@ -138,11 +139,17 @@ void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const seq.MessageEnd(); } -Integer InvertibleRabinFunction::CalculateInverse(const Integer &in) const +Integer InvertibleRabinFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const { DoQuickSanityCheck(); - Integer cp=in%m_p, cq=in%m_q; + ModularArithmetic modn(m_n); + Integer r(rng, Integer::One(), m_n - Integer::One()); + r = modn.Square(r); + Integer r2 = modn.Square(r); + Integer c = modn.Multiply(in, r2); // blind + + Integer cp=c%m_p, cq=c%m_q; int jp = Jacobi(cp, m_p); int jq = Jacobi(cq, m_q); @@ -167,6 +174,8 @@ Integer InvertibleRabinFunction::CalculateInverse(const Integer &in) const Integer out = CRT(cq, m_q, cp, m_p, m_u); + out = modn.Divide(out, r); // unblind + if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd())) out = m_n-out; @@ -57,7 +57,7 @@ public: void BERDecode(BufferedTransformation &bt); void DEREncode(BufferedTransformation &bt) const; - Integer CalculateInverse(const Integer &x) const; + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; bool Validate(RandomNumberGenerator &rng, unsigned int level) const; bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; @@ -92,16 +92,8 @@ struct RabinES : public TF_ES<STANDARD, Rabin> }; //! . -template <class EM> -struct RabinSSR -{ - typedef PK_FinalTemplate<SignerWithRecoveryTemplate<InvertibleRabinFunction, EM> > Signer; - typedef PK_FinalTemplate<VerifierWithRecoveryTemplate<RabinFunction, EM> > Verifier; -}; - -//! . -template <class H> -struct RabinPSSR : public RabinSSR<PSSR<H> > +template <class STANDARD, class H> +struct RabinSS : public TF_SS<STANDARD, H, Rabin> { }; @@ -112,12 +104,6 @@ class SHA; typedef RabinES<OAEP<SHA> >::Decryptor RabinDecryptor; typedef RabinES<OAEP<SHA> >::Encryptor RabinEncryptor; -#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY -// simulate template typedef -#define RabinSignerWith(H) RabinPSSR<H>::Signer -#define RabinVerifierWith(H) RabinPSSR<H>::Verifier -#endif - NAMESPACE_END #endif diff --git a/c5/regtest.cpp b/c5/regtest.cpp new file mode 100644 index 0000000..b01351f --- /dev/null +++ b/c5/regtest.cpp @@ -0,0 +1,35 @@ +#include "factory.h" + +#include "dh.h" +#include "esign.h" +#include "md2.h" +#include "trunhash.h" +#include "rw.h" +#include "md5.h" +#include "rsa.h" +#include "ripemd.h" +#include "dsa.h" + +USING_NAMESPACE(CryptoPP) + +void RegisterFactories() +{ + RegisterDefaultFactoryFor<SimpleKeyAgreementDomain, DH>("DH"); + RegisterDefaultFactoryFor<HashTransformation, SHA1>("SHA-1"); + RegisterDefaultFactoryFor<HashTransformation, SHA256>("SHA-256"); + RegisterDefaultFactoryFor<HashTransformation, SHA384>("SHA-384"); + RegisterDefaultFactoryFor<HashTransformation, SHA512>("SHA-512"); + RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<MD5> >("HMAC(MD5)"); + RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<SHA1> >("HMAC(SHA-1)"); + RegisterDefaultFactoryFor<MessageAuthenticationCode, HMAC<RIPEMD160> >("HMAC(RIPEMD-160)"); + RegisterPublicKeyCryptoSystemDefaultFactories<RSAES<OAEP<SHA1> > >("RSA/OAEP-MGF1(SHA-1)"); + RegisterPublicKeyCryptoSystemDefaultFactories<DLIES<> >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)"); + RegisterSignatureSchemeDefaultFactories<DSA>("DSA(1363)"); + RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, MD2> >("RSA/PKCS1-1.5(MD2)"); + RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)"); + RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)"); + RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)"); +} @@ -51,20 +51,29 @@ byte LC_RNG::GenerateByte() // ******************************************************** -X917RNG::X917RNG(BlockTransformation *c, const byte *seed) +X917RNG::X917RNG(BlockTransformation *c, const byte *seed, unsigned long deterministicTimeVector) : cipher(c), S(cipher->BlockSize()), dtbuf(S), randseed(seed, S), randbuf(S), - randbuf_counter(0) + randbuf_counter(0), + m_deterministicTimeVector(deterministicTimeVector) { - time_t tstamp1 = time(0); - xorbuf(dtbuf, (byte *)&tstamp1, STDMIN((int)sizeof(tstamp1), S)); - cipher->ProcessBlock(dtbuf); - clock_t tstamp2 = clock(); - xorbuf(dtbuf, (byte *)&tstamp2, STDMIN((int)sizeof(tstamp2), S)); - cipher->ProcessBlock(dtbuf); + if (m_deterministicTimeVector) + { + memset(dtbuf, 0, S); + memcpy(dtbuf, (byte *)&m_deterministicTimeVector, STDMIN((int)sizeof(m_deterministicTimeVector), S)); + } + else + { + time_t tstamp1 = time(0); + xorbuf(dtbuf, (byte *)&tstamp1, STDMIN((int)sizeof(tstamp1), S)); + cipher->ProcessBlock(dtbuf); + clock_t tstamp2 = clock(); + xorbuf(dtbuf, (byte *)&tstamp2, STDMIN((int)sizeof(tstamp2), S)); + cipher->ProcessBlock(dtbuf); + } } byte X917RNG::GenerateByte() @@ -72,8 +81,16 @@ byte X917RNG::GenerateByte() if (randbuf_counter==0) { // calculate new enciphered timestamp - clock_t tstamp = clock(); - xorbuf(dtbuf, (byte *)&tstamp, STDMIN((int)sizeof(tstamp), S)); + if (m_deterministicTimeVector) + { + xorbuf(dtbuf, (byte *)&m_deterministicTimeVector, STDMIN((int)sizeof(m_deterministicTimeVector), S)); + while (++m_deterministicTimeVector == 0) {} // skip 0 + } + else + { + clock_t tstamp = clock(); + xorbuf(dtbuf, (byte *)&tstamp, STDMIN((int)sizeof(tstamp), S)); + } cipher->ProcessBlock(dtbuf); // combine enciphered timestamp with seed @@ -32,8 +32,8 @@ private: class X917RNG : public RandomNumberGenerator { public: - // cipher will be deleted by destructor - X917RNG(BlockTransformation *cipher, const byte *seed); + // cipher will be deleted by destructor, deterministicTimeVector = 0 means obtain time vector from system + X917RNG(BlockTransformation *cipher, const byte *seed, unsigned long deterministicTimeVector = 0); byte GenerateByte(); @@ -43,6 +43,7 @@ private: SecByteBlock dtbuf; // buffer for enciphered timestamp SecByteBlock randseed, randbuf; int randbuf_counter; // # of unused bytes left in randbuf + unsigned long m_deterministicTimeVector; }; /** This class implements Maurer's Universal Statistical Test for Random Bit Generators @@ -4,33 +4,42 @@ #include "rsa.h" #include "asn.h" #include "oids.h" +#include "modarith.h" #include "nbtheory.h" #include "sha.h" #include "algparam.h" #include "fips140.h" +#ifndef NDEBUG +#include "pssr.h" +#endif + #include "oaep.cpp" NAMESPACE_BEGIN(CryptoPP) +#ifndef NDEBUG void RSA_TestInstantiations() { - RSASSA<PKCS1v15, SHA>::Verifier x1(1, 1); - RSASSA<PKCS1v15, SHA>::Signer x2(NullRNG(), 1); - RSASSA<PKCS1v15, SHA>::Verifier x3(x2); - RSASSA<PKCS1v15, SHA>::Verifier x4(x2.GetKey()); - RSASSA<PKCS1v15, SHA>::Verifier x5(x3); - RSASSA<PKCS1v15, SHA>::Signer x6 = x2; + RSASS<PKCS1v15, SHA>::Verifier x1(1, 1); + RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1); + RSASS<PKCS1v15, SHA>::Verifier x3(x2); + RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey()); + RSASS<PSS, SHA>::Verifier x5(x3); +#ifndef __MWERKS__ + RSASS<PSSR, SHA>::Signer x6 = x2; + x3 = x2; + x6 = x2; +#endif RSAES<PKCS1v15>::Encryptor x7(x2); +#ifndef __GNUC__ RSAES<PKCS1v15>::Encryptor x8(x3); +#endif RSAES<OAEP<SHA> >::Encryptor x9(x2); - x6 = x2; -#ifndef __MWERKS__ - x3 = x2; -#endif x4 = x2.GetKey(); } +#endif template class OAEP<SHA>; @@ -124,13 +133,13 @@ void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const Nam if (FIPS_140_2_ComplianceEnabled()) { - RSASSA<PKCS1v15, SHA>::Signer signer(*this); - RSASSA<PKCS1v15, SHA>::Verifier verifier(signer); - SignaturePairwiseConsistencyTest(signer, verifier); + RSASS<PKCS1v15, SHA>::Signer signer(*this); + RSASS<PKCS1v15, SHA>::Verifier verifier(signer); + SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); RSAES<OAEP<SHA> >::Decryptor decryptor(*this); RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor); - EncryptionPairwiseConsistencyTest(encryptor, decryptor); + EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor); } } @@ -139,6 +148,40 @@ void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e+e.IsEven())); } +void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d) +{ + m_n = n; + m_e = e; + m_d = d; + + Integer r = --(d*e); + while (r.IsEven()) + r >>= 1; + + ModularArithmetic modn(n); + for (Integer i = 2; ; ++i) + { + Integer a = modn.Exponentiate(i, r); + if (a == 1) + continue; + Integer b; + while (a != -1) + { + b = modn.Square(a); + if (b == 1) + { + m_p = GCD(a-1, n); + m_q = n/m_p; + m_dp = m_d % (m_p-1); + m_dq = m_d % (m_q-1); + m_u = m_q.InverseMod(m_p); + return; + } + a = b; + } + } +} + void InvertibleRSAFunction::BERDecodeKey(BufferedTransformation &bt) { BERSequenceDecoder privateKey(bt); @@ -170,12 +213,20 @@ void InvertibleRSAFunction::DEREncodeKey(BufferedTransformation &bt) const privateKey.MessageEnd(); } -Integer InvertibleRSAFunction::CalculateInverse(const Integer &x) const +Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const { DoQuickSanityCheck(); + ModularArithmetic modn(m_n); + Integer r(rng, Integer::One(), m_n - Integer::One()); + Integer re = modn.Exponentiate(r, m_e); + re = modn.Multiply(re, x); // blind // here we follow the notation of PKCS #1 and let u=q inverse mod p // but in ModRoot, u=p inverse mod q, so we reverse the order of p and q - return ModularRoot(x, m_dq, m_dp, m_q, m_p, m_u); + Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u); + y = modn.Divide(y, r); // unblind + if (modn.Exponentiate(y, m_e) != x) // check + throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation"); + return y; } bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const @@ -223,14 +274,4 @@ void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source) ; } -/* -bool RSAFunctionInverse_NonCRT::Validate(RandomNumberGenerator &rng, unsigned int level) const -{ - bool pass = true; - pass = pass && m_n > Integer::One() && m_n.IsOdd(); - pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n; - return pass; -} -*/ - NAMESPACE_END @@ -57,6 +57,8 @@ public: void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e = 17); void Initialize(const Integer &n, const Integer &e, const Integer &d, const Integer &p, const Integer &q, const Integer &dp, const Integer &dq, const Integer &u) {m_n = n; m_e = e; m_d = d; m_p = p; m_q = q; m_dp = dp; m_dq = dq; m_u = u;} + //! factor n given private exponent + void Initialize(const Integer &n, const Integer &e, const Integer &d); // PKCS8PrivateKey void BERDecode(BufferedTransformation &bt) @@ -67,7 +69,7 @@ public: void DEREncodeKey(BufferedTransformation &bt) const; // TrapdoorFunctionInverse - Integer CalculateInverse(const Integer &x) const; + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; // GeneratableCryptoMaterial bool Validate(RandomNumberGenerator &rng, unsigned int level) const; @@ -98,32 +100,6 @@ protected: Integer m_d, m_p, m_q, m_dp, m_dq, m_u; }; -/* -//! . -class RSAFunctionInverse_NonCRT : public TrapdoorFunctionBounds, public TrapdoorFunctionInverse, public PrivateKey -{ -public: - Integer CalculateInverse(const Integer &x) const - {return a_exp_b_mod_c(x, m_d, m_n);} - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return m_n;} - - bool Validate(RandomNumberGenerator &rng, unsigned int level) const; - - const Integer& GetModulus() const {return m_n;} - const Integer& GetDecryptionExponent() const {return m_d;} - - void SetModulus(const Integer &n) {m_n = n;} - void SetDecryptionExponent(const Integer &d) {m_d = d;} - - void SetPrivateValues(const Integer &n, const Integer &d) - {m_n = n; m_d = d;} - -private: - Integer m_n, m_d; -}; -*/ - //! . struct RSA { @@ -141,7 +117,7 @@ struct RSAES : public TF_ES<STANDARD, RSA> //! <a href="http://www.weidai.com/scan-mirror/sig.html#RSA">RSA signature scheme with appendix</a> /*! See documentation of PKCS1v15 for a list of hash functions that can be used with it. */ template <class STANDARD, class H> -struct RSASSA : public TF_SSA<STANDARD, H, RSA> +struct RSASS : public TF_SS<STANDARD, H, RSA> { }; @@ -153,14 +129,14 @@ typedef RSAES<OAEP<SHA> >::Decryptor RSAES_OAEP_SHA_Decryptor; typedef RSAES<OAEP<SHA> >::Encryptor RSAES_OAEP_SHA_Encryptor; // The three RSA signature schemes defined in PKCS #1 v2.0 -typedef RSASSA<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; -typedef RSASSA<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; +typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer; +typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier; -typedef RSASSA<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; -typedef RSASSA<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; +typedef RSASS<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer; +typedef RSASS<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier; -typedef RSASSA<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; -typedef RSASSA<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; +typedef RSASS<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer; +typedef RSASS<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier; NAMESPACE_END @@ -7,82 +7,53 @@ NAMESPACE_BEGIN(CryptoPP) -template<> const byte EMSA2DigestDecoration<SHA>::decoration = 0x33; -template<> const byte EMSA2DigestDecoration<RIPEMD160>::decoration = 0x31; - -void EMSA2Pad::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *emsa2Block, unsigned int emsa2BlockLen) const -{ - assert (inputLen > 0 && inputLen <= MaxUnpaddedLength(emsa2BlockLen)); - - // convert from bit length to byte length - emsa2BlockLen++; - if (emsa2BlockLen % 8 > 1) - { - emsa2Block[0] = 0; - emsa2Block++; - } - emsa2BlockLen /= 8; - - emsa2Block[0] = input[0]; // indicate empty or non-empty message - memset(emsa2Block+1, 0xbb, emsa2BlockLen-inputLen-2); // padd with 0xbb - emsa2Block[emsa2BlockLen-inputLen-1] = 0xba; // separator - memcpy(emsa2Block+emsa2BlockLen-inputLen, input+1, inputLen-1); - emsa2Block[emsa2BlockLen-1] = 0xcc; // make it congruent to 12 mod 16 -} - -DecodingResult EMSA2Pad::Unpad(const byte *emsa2Block, unsigned int emsa2BlockLen, byte *output) const +void EMSA2Pad::ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const { - // convert from bit length to byte length - emsa2BlockLen++; - if (emsa2BlockLen % 8 > 1) - { - if (emsa2Block[0] != 0) - return DecodingResult(); - emsa2Block++; - } - emsa2BlockLen /= 8; - - // check last byte - if (emsa2Block[emsa2BlockLen-1] != 0xcc) - return DecodingResult(); - - // skip past the padding until we find the seperator - unsigned i=1; - while (i<emsa2BlockLen-1 && emsa2Block[i++] != 0xba) - if (emsa2Block[i-1] != 0xbb) // not valid padding - return DecodingResult(); - assert(i==emsa2BlockLen-1 || emsa2Block[i-1]==0xba); - - unsigned int outputLen = emsa2BlockLen - i; - output[0] = emsa2Block[0]; - memcpy (output+1, emsa2Block+i, outputLen-1); - return DecodingResult(outputLen); + if (representativeBitLength % 8 != 7) + throw PK_SignatureScheme::InvalidKeyLength("EMSA2: EMSA2 requires a key length that is a multiple of 8"); + + unsigned int digestSize = hash.DigestSize(); + if (representativeBitLength < 8*digestSize + 31) + throw PK_SignatureScheme::KeyTooShort(); + + unsigned int representativeByteLength = BitsToBytes(representativeBitLength); + + representative[0] = messageEmpty ? 0x4b : 0x6b; + memset(representative+1, 0xbb, representativeByteLength-digestSize-4); // pad with 0xbb + byte *afterP2 = representative+representativeByteLength-digestSize-3; + afterP2[0] = 0xba; + hash.Final(afterP2+1); + representative[representativeByteLength-2] = *hashIdentifier.first; + representative[representativeByteLength-1] = 0xcc; } // ***************************************************************************** -template <word r> -void RWFunction<r>::BERDecode(BufferedTransformation &bt) +void RWFunction::BERDecode(BufferedTransformation &bt) { BERSequenceDecoder seq(bt); m_n.BERDecode(seq); seq.MessageEnd(); } -template <word r> -void RWFunction<r>::DEREncode(BufferedTransformation &bt) const +void RWFunction::DEREncode(BufferedTransformation &bt) const { DERSequenceEncoder seq(bt); m_n.DEREncode(seq); seq.MessageEnd(); } -template <word r> -Integer RWFunction<r>::ApplyFunction(const Integer &in) const +Integer RWFunction::ApplyFunction(const Integer &in) const { DoQuickSanityCheck(); Integer out = in.Squared()%m_n; + const word r = 12; + // this code was written to handle both r = 6 and r = 12, + // but now only r = 12 is used in P1363 const word r2 = r/2; const word r3a = (16 + 5 - r) % 16; // n%16 could be 5 or 13 const word r3b = (16 + 13 - r) % 16; @@ -112,24 +83,21 @@ Integer RWFunction<r>::ApplyFunction(const Integer &in) const return out; } -template <word r> -bool RWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int level) const +bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const { bool pass = true; pass = pass && m_n > Integer::One() && m_n%8 == 5; return pass; } -template <word r> -bool RWFunction<r>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const +bool RWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { return GetValueHelper(this, name, valueType, pValue).Assignable() CRYPTOPP_GET_FUNCTION_ENTRY(Modulus) ; } -template <word r> -void RWFunction<r>::AssignFrom(const NameValuePairs &source) +void RWFunction::AssignFrom(const NameValuePairs &source) { AssignFromHelper(this, source) CRYPTOPP_SET_FUNCTION_ENTRY(Modulus) @@ -140,8 +108,7 @@ void RWFunction<r>::AssignFrom(const NameValuePairs &source) // private key operations: // generate a random private key -template <word r> -void InvertibleRWFunction<r>::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) +void InvertibleRWFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg) { int modulusSize = 2048; alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize); @@ -157,8 +124,7 @@ void InvertibleRWFunction<r>::GenerateRandom(RandomNumberGenerator &rng, const N m_u = m_q.InverseMod(m_p); } -template <word r> -void InvertibleRWFunction<r>::BERDecode(BufferedTransformation &bt) +void InvertibleRWFunction::BERDecode(BufferedTransformation &bt) { BERSequenceDecoder seq(bt); m_n.BERDecode(seq); @@ -168,8 +134,7 @@ void InvertibleRWFunction<r>::BERDecode(BufferedTransformation &bt) seq.MessageEnd(); } -template <word r> -void InvertibleRWFunction<r>::DEREncode(BufferedTransformation &bt) const +void InvertibleRWFunction::DEREncode(BufferedTransformation &bt) const { DERSequenceEncoder seq(bt); m_n.DEREncode(seq); @@ -179,9 +144,10 @@ void InvertibleRWFunction<r>::DEREncode(BufferedTransformation &bt) const seq.MessageEnd(); } -template <word r> -Integer InvertibleRWFunction<r>::CalculateInverse(const Integer &in) const +Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const { + // no need to do blinding because RW is only used for signatures + DoQuickSanityCheck(); Integer cp=in%m_p, cq=in%m_q; @@ -200,10 +166,9 @@ Integer InvertibleRWFunction<r>::CalculateInverse(const Integer &in) const return STDMIN(out, m_n-out); } -template <word r> -bool InvertibleRWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int level) const +bool InvertibleRWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const { - bool pass = RWFunction<r>::Validate(rng, level); + bool pass = RWFunction::Validate(rng, level); pass = pass && m_p > Integer::One() && m_p%8 == 3 && m_p < m_n; pass = pass && m_q > Integer::One() && m_q%8 == 7 && m_q < m_n; pass = pass && m_u.IsPositive() && m_u < m_p; @@ -217,27 +182,22 @@ bool InvertibleRWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int return pass; } -template <word r> -bool InvertibleRWFunction<r>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const +bool InvertibleRWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const { - return GetValueHelper<RWFunction<r> >(this, name, valueType, pValue).Assignable() + return GetValueHelper<RWFunction>(this, name, valueType, pValue).Assignable() CRYPTOPP_GET_FUNCTION_ENTRY(Prime1) CRYPTOPP_GET_FUNCTION_ENTRY(Prime2) CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) ; } -template <word r> -void InvertibleRWFunction<r>::AssignFrom(const NameValuePairs &source) +void InvertibleRWFunction::AssignFrom(const NameValuePairs &source) { - AssignFromHelper<RWFunction<r> >(this, source) + AssignFromHelper<RWFunction>(this, source) CRYPTOPP_SET_FUNCTION_ENTRY(Prime1) CRYPTOPP_SET_FUNCTION_ENTRY(Prime2) CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1) ; } -template class RWFunction<IFSSA_R>; -template class InvertibleRWFunction<IFSSA_R>; - NAMESPACE_END @@ -6,16 +6,12 @@ Rabin-Williams signature schemes as defined in IEEE P1363. */ -#include "pubkey.h" #include "integer.h" +#include "pssr.h" NAMESPACE_BEGIN(CryptoPP) -const word IFSSR_R = 6; -const word IFSSA_R = 12; - //! . -template <word r> class RWFunction : virtual public TrapdoorFunction, public PublicKey { typedef RWFunction ThisClass; @@ -28,8 +24,8 @@ public: void DEREncode(BufferedTransformation &bt) const; Integer ApplyFunction(const Integer &x) const; - Integer PreimageBound() const {return m_n;} - Integer ImageBound() const {return ++(m_n>>1);} + Integer PreimageBound() const {return ++(m_n>>1);} + Integer ImageBound() const {return m_n;} bool Validate(RandomNumberGenerator &rng, unsigned int level) const; bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; @@ -43,8 +39,7 @@ protected: }; //! . -template <word r> -class InvertibleRWFunction : public RWFunction<r>, public TrapdoorFunctionInverse, public PrivateKey +class InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey { typedef InvertibleRWFunction ThisClass; @@ -58,7 +53,7 @@ public: void BERDecode(BufferedTransformation &bt); void DEREncode(BufferedTransformation &bt) const; - Integer CalculateInverse(const Integer &x) const; + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; // GeneratibleCryptoMaterial bool Validate(RandomNumberGenerator &rng, unsigned int level) const; @@ -80,80 +75,37 @@ protected: }; //! . -class EMSA2Pad : public PK_PaddingAlgorithm +class EMSA2Pad : public EMSA2HashIdLookup<PK_DeterministicSignatureMessageEncodingMethod> { public: static const char *StaticAlgorithmName() {return "EMSA2";} unsigned int MaxUnpaddedLength(unsigned int paddedLength) const {return (paddedLength+1)/8-2;} - void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const; - DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const; -}; - -//! . -template <class H> -class EMSA2DecoratedHashModule : public HashTransformationWithDefaultTruncation -{ -public: - EMSA2DecoratedHashModule() : empty(true) {} - void Update(const byte *input, unsigned int length) - {h.Update(input, length); empty = empty && length==0;} - unsigned int DigestSize() const; - void Final(byte *digest); - void Restart() {h.Restart(); empty=true;} - -private: - H h; - bool empty; -}; - -template <class H> struct EMSA2DigestDecoration -{ - static const byte decoration; + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, unsigned int recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, unsigned int representativeBitLength) const; }; //! EMSA2, for use with RW /*! The following hash functions are supported: SHA, RIPEMD160. */ struct P1363_EMSA2 : public SignatureStandard { - template <class H> struct SignaturePaddingAlgorithm {typedef EMSA2Pad type;}; - template <class H> struct DecoratedHashingAlgorithm {typedef EMSA2DecoratedHashModule<H> type;}; + typedef EMSA2Pad SignatureMessageEncodingMethod; }; -template<> struct CryptoStandardTraits<P1363_EMSA2> : public P1363_EMSA2 {}; - -// EMSA2DecoratedHashModule can be instantiated with the following two classes. -class SHA; -class RIPEMD160; - -template <class H> -void EMSA2DecoratedHashModule<H>::Final(byte *digest) -{ - digest[0] = empty ? 0x4b : 0x6b; - h.Final(digest+1); - digest[DigestSize()-1] = EMSA2DigestDecoration<H>::decoration; - empty=true; -} - -template <class H> -unsigned int EMSA2DecoratedHashModule<H>::DigestSize() const -{ - return h.DigestSize() + 2; -} - //! . -template <word r> struct RW { static std::string StaticAlgorithmName() {return "RW";} - typedef RWFunction<r> PublicKey; - typedef InvertibleRWFunction<r> PrivateKey; + typedef RWFunction PublicKey; + typedef InvertibleRWFunction PrivateKey; }; -//! RW -template <class H, class STANDARD = P1363_EMSA2> -struct RWSSA : public TF_SSA<STANDARD, H, RW<IFSSA_R> > +//! RWSS +template <class STANDARD, class H> +struct RWSS : public TF_SS<STANDARD, H, RW> { }; diff --git a/c5/sapphire.cpp b/c5/sapphire.cpp deleted file mode 100644 index 7e46ea7..0000000 --- a/c5/sapphire.cpp +++ /dev/null @@ -1,179 +0,0 @@ -// sapphire.cpp -- modified by Wei Dai from: - -/* sapphire.cpp -- the Saphire II stream cipher class. - Dedicated to the Public Domain the author and inventor: - (Michael Paul Johnson). This code comes with no warranty. - Use it at your own risk. - Ported from the Pascal implementation of the Sapphire Stream - Cipher 9 December 1994. - Added hash pre- and post-processing 27 December 1994. - Modified initialization to make index variables key dependent, - made the output function more resistant to cryptanalysis, - and renamed to Sapphire II 2 January 1995 -*/ - -#include "pch.h" -#include "sapphire.h" - -NAMESPACE_BEGIN(CryptoPP) - -byte SapphireBase::keyrand(unsigned int limit, - const byte *user_key, - byte keysize, - byte *rsum, - unsigned *keypos) -{ - unsigned u, // Value from 0 to limit to return. - retry_limiter, // No infinite loops allowed. - mask; // Select just enough bits. - - retry_limiter = 0; - mask = 1; // Fill mask with enough bits to cover - while (mask < limit) // the desired range. - mask = (mask << 1) + 1; - do - { - *rsum = cards[*rsum] + user_key[(*keypos)++]; - if (*keypos >= keysize) - { - *keypos = 0; // Recycle the user key. - *rsum += keysize; // key "aaaa" != key "aaaaaaaa" - } - u = mask & *rsum; - if (++retry_limiter > 11) - u %= limit; // Prevent very rare long loops. - } - while (u > limit); - return u; -} - -SapphireBase::SapphireBase() - : cards(256) -{ -} - -SapphireBase::SapphireBase(const byte *key, unsigned int keysize) - : cards(256) -{ - assert(keysize < 256); - // Key size may be up to 256 bytes. - // Pass phrases may be used directly, with longer length - // compensating for the low entropy expected in such keys. - // Alternatively, shorter keys hashed from a pass phrase or - // generated randomly may be used. For random keys, lengths - // of from 4 to 16 bytes are recommended, depending on how - // secure you want this to be. - - int i; - byte rsum; - unsigned keypos; - - // Start with cards all in order, one of each. - - for (i=0;i<256;i++) - cards[i] = i; - - // Swap the card at each position with some other card. - - keypos = 0; // Start with first byte of user key. - rsum = 0; - for (i=255;i;i--) - std::swap(cards[i], cards[keyrand(i, key, keysize, &rsum, &keypos)]); - - // Initialize the indices and data dependencies. - // Indices are set to different values instead of all 0 - // to reduce what is known about the state of the cards - // when the first byte is emitted. - - rotor = cards[1]; - ratchet = cards[3]; - avalanche = cards[5]; - last_plain = cards[7]; - last_cipher = cards[rsum]; - - rsum = 0; - keypos = 0; -} - -SapphireBase::~SapphireBase() -{ - rotor = ratchet = avalanche = last_plain = last_cipher = 0; -} - -void SapphireEncryption::ProcessString(byte *outString, const byte *inString, unsigned int length) -{ - while(length--) - *outString++ = SapphireEncryption::ProcessByte(*inString++); -} - -void SapphireEncryption::ProcessString(byte *inoutString, unsigned int length) -{ - while(length--) - { - *inoutString = SapphireEncryption::ProcessByte(*inoutString); - inoutString++; - } -} - -void SapphireDecryption::ProcessString(byte *outString, const byte *inString, unsigned int length) -{ - while(length--) - *outString++ = SapphireDecryption::ProcessByte(*inString++); -} - -void SapphireDecryption::ProcessString(byte *inoutString, unsigned int length) -{ - while(length--) - { - *inoutString = SapphireDecryption::ProcessByte(*inoutString); - inoutString++; - } -} - -SapphireHash::SapphireHash(unsigned int hashLength) - : hashLength(hashLength) -{ - Init(); -} - -void SapphireHash::Init() -{ - // This function is used to initialize non-keyed hash - // computation. - - int i, j; - - // Initialize the indices and data dependencies. - - rotor = 1; - ratchet = 3; - avalanche = 5; - last_plain = 7; - last_cipher = 11; - - // Start with cards all in inverse order. - - for (i=0, j=255;i<256;i++,j--) - cards[i] = (byte) j; -} - -void SapphireHash::Update(const byte *input, unsigned int length) -{ - while(length--) - SapphireEncryption::ProcessByte(*input++); -} - -void SapphireHash::TruncatedFinal(byte *hash, unsigned int size) -{ - ThrowIfInvalidTruncatedSize(size); - - for (int i=255; i>=0; i--) - ProcessByte((byte) i); - - for (unsigned int j=0; j<size; j++) - hash[j] = ProcessByte(0); - - Init(); -} - -NAMESPACE_END diff --git a/c5/sapphire.h b/c5/sapphire.h deleted file mode 100644 index 481554d..0000000 --- a/c5/sapphire.h +++ /dev/null @@ -1,115 +0,0 @@ -#ifndef CRYPTOPP_SAPPHIRE_H -#define CRYPTOPP_SAPPHIRE_H - -#include "seckey.h" -#include "secblock.h" - -NAMESPACE_BEGIN(CryptoPP) - -/// base class, do not use directly -class SapphireBase : public VariableKeyLength<16, 1, 255> -{ -protected: - SapphireBase(); - SapphireBase(const byte *userKey, unsigned int keyLength); - ~SapphireBase(); - - inline void ShuffleCards() - { - ratchet += cards[rotor++]; - byte swaptemp = cards[last_cipher]; - cards[last_cipher] = cards[ratchet]; - cards[ratchet] = cards[last_plain]; - cards[last_plain] = cards[rotor]; - cards[rotor] = swaptemp; - avalanche += cards[swaptemp]; - } - - // These variables comprise the state of the state machine. - - SecByteBlock cards; // A permutation of 0-255. - byte rotor, // Index that rotates smoothly - ratchet, // Index that moves erratically - avalanche, // Index heavily data dependent - last_plain, // Last plain text byte - last_cipher; // Last cipher text byte - -private: - byte keyrand(unsigned int limit, const byte *user_key, byte keysize, byte *rsum, unsigned *keypos); -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Sapphire-II">Sapphire-II Cipher</a> -class SapphireEncryption : public StreamTransformation, public SapphireBase -{ -public: - SapphireEncryption(const byte *userKey, unsigned int keyLength=DEFAULT_KEYLENGTH) - : SapphireBase(userKey, keyLength) {} - - inline byte ProcessByte(byte b) - { - ShuffleCards(); - last_cipher = b^cards[(cards[ratchet] + cards[rotor]) & 0xFF] ^ - cards[cards[(cards[last_plain] + - cards[last_cipher] + - cards[avalanche])&0xFF]]; - last_plain = b; - return last_cipher; - } - - void ProcessString(byte *outString, const byte *inString, unsigned int length); - void ProcessString(byte *inoutString, unsigned int length); - -protected: - SapphireEncryption() {} // for SapphireHash -}; - -/// <a href="http://www.weidai.com/scan-mirror/cs.html#Sapphire-II">Sapphire-II cipher</a> -class SapphireDecryption : public StreamTransformation, public SapphireBase -{ -public: - SapphireDecryption(const byte *userKey, unsigned int keyLength=DEFAULT_KEYLENGTH) - : SapphireBase(userKey, keyLength) {} - - inline byte ProcessByte(byte b) - { - ShuffleCards(); - last_plain = b^cards[(cards[ratchet] + cards[rotor]) & 0xFF] ^ - cards[cards[(cards[last_plain] + - cards[last_cipher] + - cards[avalanche])&0xFF]]; - last_cipher = b; - return last_plain; - } - - void ProcessString(byte *outString, const byte *inString, unsigned int length); - void ProcessString(byte *inoutString, unsigned int length); -}; - -/// Sapphire Random Number Generator -class SapphireRNG : public RandomNumberGenerator, private SapphireEncryption -{ -public: - SapphireRNG(const byte *seed, unsigned int seedLength) - : SapphireEncryption(seed, seedLength) {} - - inline byte GetByte() {return SapphireEncryption::ProcessByte(0);} -}; - -//! Sapphire Hash -/*! Digest Length = 160 bits */ -class SapphireHash : public HashTransformation, private SapphireEncryption -{ -public: - SapphireHash(unsigned int hashLength=20); - void Update(const byte *input, unsigned int length); - void TruncatedFinal(byte *hash, unsigned int size); - unsigned int DigestSize() const {return hashLength;} - -private: - void Init(); - const unsigned int hashLength; -}; - -NAMESPACE_END - -#endif diff --git a/c5/seal.cpp b/c5/seal.cpp index eaae7a7..9736223 100644 --- a/c5/seal.cpp +++ b/c5/seal.cpp @@ -77,8 +77,8 @@ void SEAL_Policy<B>::CipherResynchronize(byte *keystreamBuffer, const byte *IV) template <class B> void SEAL_Policy<B>::SeekToIteration(dword iterationCount) { - m_outsideCounter = m_startCount + iterationCount / m_iterationsPerCount; - m_insideCounter = iterationCount % m_iterationsPerCount; + m_outsideCounter = m_startCount + (unsigned int)(iterationCount / m_iterationsPerCount); + m_insideCounter = (unsigned int)(iterationCount % m_iterationsPerCount); } template <class B> diff --git a/c5/secblock.h b/c5/secblock.h index 31997b6..e07c6a2 100644 --- a/c5/secblock.h +++ b/c5/secblock.h @@ -371,6 +371,15 @@ inline void swap(CryptoPP::SecBlock<T, A> &a, CryptoPP::SecBlock<T, A> &b) a.swap(b); } +#if defined(_STLPORT_VERSION) && !defined(_STLP_MEMBER_TEMPLATE_CLASSES) +template <class _Tp1, class _Tp2> +inline CryptoPP::AllocatorWithCleanup<_Tp2>& +__stl_alloc_rebind(CryptoPP::AllocatorWithCleanup<_Tp1>& __a, const _Tp2*) +{ + return (CryptoPP::AllocatorWithCleanup<_Tp2>&)(__a); +} +#endif + NAMESPACE_END #endif diff --git a/c5/seckey.h b/c5/seckey.h index aa85d14..36ecd36 100644 --- a/c5/seckey.h +++ b/c5/seckey.h @@ -101,7 +101,7 @@ public: if (n < (unsigned int)MIN_KEYLENGTH) return MIN_KEYLENGTH; else if (n > (unsigned int)MAX_KEYLENGTH) - return MAX_KEYLENGTH; + return (unsigned int)MAX_KEYLENGTH; else { n += KEYLENGTH_MULTIPLE-1; @@ -143,7 +143,7 @@ class SimpleKeyingInterfaceImpl : public BASE { public: unsigned int MinKeyLength() const {return INFO::MIN_KEYLENGTH;} - unsigned int MaxKeyLength() const {return INFO::MAX_KEYLENGTH;} + unsigned int MaxKeyLength() const {return (unsigned int)INFO::MAX_KEYLENGTH;} unsigned int DefaultKeyLength() const {return INFO::DEFAULT_KEYLENGTH;} unsigned int GetValidKeyLength(unsigned int n) const {return INFO::StaticGetValidKeyLength(n);} typename BASE::IV_Requirement IVRequirement() const {return (typename BASE::IV_Requirement)INFO::IV_REQUIREMENT;} @@ -179,7 +179,7 @@ public: CheckedSetKey(this, DIR, key, length, param); } - Clonable * Clone() {return new BlockCipherTemplate<DIR, BASE>(*this);} + Clonable * Clone() const {return new BlockCipherTemplate<DIR, BASE>(*this);} }; //! . @@ -205,7 +205,7 @@ public: CheckedSetKey(this, Empty(), key, length, param); } - Clonable * Clone() {return new MessageAuthenticationCodeTemplate<BASE>(*this);} + Clonable * Clone() const {return new MessageAuthenticationCodeTemplate<BASE>(*this);} }; // ************** documentation *************** diff --git a/c5/shark.cpp b/c5/shark.cpp index fff3bfd..0408d8e 100644 --- a/c5/shark.cpp +++ b/c5/shark.cpp @@ -28,7 +28,7 @@ static word64 SHARKTransform(word64 a) GF256 gf256(0xf5); for (unsigned int i=0; i<8; i++) for(unsigned int j=0; j<8; j++) - result ^= word64(gf256.Multiply(iG[i][j], a>>(56-8*j))) << (56-8*i); + result ^= word64(gf256.Multiply(iG[i][j], GF256::Element(a>>(56-8*j)))) << (56-8*i); return result; } diff --git a/c5/simple.h b/c5/simple.h index a9d4f42..e26cefd 100644 --- a/c5/simple.h +++ b/c5/simple.h @@ -134,14 +134,14 @@ public: {ChannelInitialize(NULL_CHANNEL, parameters, propagation);} bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return ChannelFlush(NULL_CHANNEL, hardFlush, propagation, blocking);} - void MessageSeriesEnd(int propagation) - {ChannelMessageSeriesEnd(NULL_CHANNEL, propagation);} + bool MessageSeriesEnd(int propagation=-1, bool blocking=true) + {return ChannelMessageSeriesEnd(NULL_CHANNEL, propagation, blocking);} byte * CreatePutSpace(unsigned int &size) {return ChannelCreatePutSpace(NULL_CHANNEL, size);} unsigned int Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking) {return ChannelPut2(NULL_CHANNEL, begin, length, messageEnd, blocking);} - unsigned int PutModifiable2(byte *begin, byte *end, int messageEnd, bool blocking) - {return ChannelPutModifiable2(NULL_CHANNEL, begin, end, messageEnd, blocking);} + unsigned int PutModifiable2(byte *inString, unsigned int length, int messageEnd, bool blocking) + {return ChannelPutModifiable2(NULL_CHANNEL, inString, length, messageEnd, blocking);} // void ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1) // {PropagateMessageSeriesEnd(propagation, channel);} @@ -151,6 +151,8 @@ public: {ChannelPut(channel, inString, length); return false;} virtual unsigned int ChannelPut2(const std::string &channel, const byte *begin, unsigned int length, int messageEnd, bool blocking) =0; + unsigned int ChannelPutModifiable2(const std::string &channel, byte *begin, unsigned int length, int messageEnd, bool blocking) + {return ChannelPut2(channel, begin, length, messageEnd, blocking);} virtual void ChannelInitialize(const std::string &channel, const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) =0; virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) =0; diff --git a/c5/socketft.h b/c5/socketft.h index 58f2702..2ce5454 100644 --- a/c5/socketft.h +++ b/c5/socketft.h @@ -113,7 +113,6 @@ protected: bool m_own; }; -//! contributed by Denis Bider class SocketsInitializer { public: diff --git a/c5/strciphr.cpp b/c5/strciphr.cpp index 694d158..d948c57 100644 --- a/c5/strciphr.cpp +++ b/c5/strciphr.cpp @@ -16,7 +16,7 @@ byte AdditiveCipherTemplate<S>::GenerateByte() m_leftOver = policy.GetBytesPerIteration(); } - return KeystreamBufferEnd()[-m_leftOver--]; + return *(KeystreamBufferEnd()-m_leftOver--); } template <class S> @@ -99,7 +99,7 @@ void AdditiveCipherTemplate<BASE>::Seek(dword position) if (position > 0) { policy.WriteKeystream(m_buffer, 1); - m_leftOver = bytesPerIteration - position; + m_leftOver = bytesPerIteration - (unsigned int)position; } else m_leftOver = 0; diff --git a/c5/strciphr.h b/c5/strciphr.h index 12fb95e..2a297bb 100644 --- a/c5/strciphr.h +++ b/c5/strciphr.h @@ -36,9 +36,10 @@ NAMESPACE_BEGIN(CryptoPP) template <class POLICY_INTERFACE, class BASE = Empty> class AbstractPolicyHolder : public BASE { -protected: +public: typedef POLICY_INTERFACE PolicyInterface; +protected: virtual const POLICY_INTERFACE & GetPolicy() const =0; virtual POLICY_INTERFACE & AccessPolicy() =0; }; @@ -130,9 +131,9 @@ public: bool IsRandomAccess() const {return GetPolicy().IsRandomAccess();} void Seek(dword position); -protected: typedef typename BASE::PolicyInterface PolicyInterface; +protected: void UncheckedSetKey(const NameValuePairs ¶ms, const byte *key, unsigned int length); unsigned int GetBufferByteSize(const PolicyInterface &policy) const {return policy.GetBytesPerIteration() * policy.GetIterationsToBuffer();} @@ -220,9 +221,9 @@ public: bool IsRandomAccess() const {return false;} bool IsSelfInverting() const {return false;} -protected: typedef typename BASE::PolicyInterface PolicyInterface; +protected: virtual void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, unsigned int length) =0; void UncheckedSetKey(const NameValuePairs ¶ms, const byte *key, unsigned int length); @@ -262,7 +263,7 @@ public: UncheckedSetKey(params, key, length); } - Clonable * Clone() {return new SymmetricCipherFinalTemplate<BASE, INFO>(*this);} + Clonable * Clone() const {return static_cast<SymmetricCipher *>(new SymmetricCipherFinalTemplate<BASE, INFO>(*this));} }; template <class S> diff --git a/c5/test.cpp b/c5/test.cpp index e5c87c9..21eb4f3 100644 --- a/c5/test.cpp +++ b/c5/test.cpp @@ -19,6 +19,7 @@ #include "osrng.h" #include "wait.h" #include "fips140.h" +#include "factory.h" #include "validate.h" #include "bench.h" @@ -26,7 +27,7 @@ #include <iostream> #include <time.h> -#if defined(_WIN32) || defined(__CYGWIN__) +#ifdef CRYPTOPP_WIN32_AVAILABLE #include <windows.h> #endif @@ -78,6 +79,11 @@ void FIPS140_GenerateRandomFiles(); bool Validate(int, bool, const char *); +void RegisterFactories(); +bool RunTestDataFile(const char *filename); + +int (*AdhocTest)(int argc, char *argv[]) = NULL; + #ifdef __BCPLUSPLUS__ int cmain(int argc, char *argv[]) #elif defined(_MSC_VER) @@ -110,7 +116,7 @@ int main(int argc, char *argv[]) { edcFilename = "edc.dat"; -#if defined(_WIN32) || defined(__CYGWIN__) +#ifdef CRYPTOPP_WIN32_AVAILABLE TCHAR filename[MAX_PATH]; GetModuleFileName(GetModuleHandle(NULL), filename, sizeof(filename)); executableName = filename; @@ -199,6 +205,10 @@ int main(int argc, char *argv[]) return 0; case 't': { + if (command == "tv") + { + return !RunTestDataFile(argv[2]); + } // VC60 workaround: use char array instead of std::string to workaround MSVC's getline bug char passPhrase[MAX_PHRASE_LENGTH], plaintext[1024]; @@ -277,6 +287,11 @@ int main(int argc, char *argv[]) else if (command == "ft") ForwardTcpPort(argv[2], argv[3], argv[4]); return 0; + case 'a': + if (AdhocTest) + return (*AdhocTest)(argc, argv); + else + return 0; default: FileSource usage("usage.dat", true, new FileSink(cout)); return 1; @@ -357,11 +372,11 @@ void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilena byte ciphertext[24]; byte decrypted[24]; - CFB_Mode<DES>::Encryption encryption_DES_CBC; + CBC_Mode<DES>::Encryption encryption_DES_CBC; encryption_DES_CBC.SetKeyWithIV(key, 8, iv); encryption_DES_CBC.ProcessString(ciphertext, plaintext, 24); - CFB_Mode<DES>::Decryption decryption_DES_CBC; + CBC_Mode<DES>::Decryption decryption_DES_CBC; decryption_DES_CBC.SetKeyWithIV(key, 8, iv); decryption_DES_CBC.ProcessString(decrypted, ciphertext, 24); @@ -433,7 +448,7 @@ void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilena signer.SignMessage(rng, message, 3, signature); DSA::Verifier verifier(dsaPublicKey); - if (!verifier.VerifyMessage(message, 3, signature)) + if (!verifier.VerifyMessage(message, 3, signature, 40)) { cerr << "DSA signature and verification failed.\n"; abort(); @@ -443,7 +458,7 @@ void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilena // try to verify an invalid signature signature[0] ^= 1; - if (verifier.VerifyMessage(message, 3, signature)) + if (verifier.VerifyMessage(message, 3, signature, 40)) { cerr << "DSA signature verification failed to detect bad signature.\n"; abort(); @@ -523,7 +538,7 @@ string RSADecryptString(const char *privFilename, const char *ciphertext) RSAES_OAEP_SHA_Decryptor priv(privFile); string result; - StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(priv, new StringSink(result)))); + StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(GlobalRNG(), priv, new StringSink(result)))); return result; } @@ -623,7 +638,7 @@ void SecretShareFile(int threshold, int nShares, const char *filename, const cha vector_member_ptrs<FileSink> fileSinks(nShares); string channel; - for (unsigned int i=0; i<nShares; i++) + for (int i=0; i<nShares; i++) { char extension[5] = ".000"; extension[1]='0'+byte(i/100); @@ -647,7 +662,7 @@ void SecretRecoverFile(int threshold, const char *outFilename, char *const *inFi vector_member_ptrs<FileSource> fileSources(threshold); SecByteBlock channel(4); - unsigned int i; + int i; for (i=0; i<threshold; i++) { fileSources[i].reset(new FileSource(inFilenames[i], false)); @@ -906,6 +921,7 @@ bool Validate(int alg, bool thorough, const char *seed) case 56: result = ValidatePBKDF(); break; case 57: result = ValidateESIGN(); break; case 58: result = ValidateDLIES(); break; + case 59: result = ValidateBaseCode(); break; default: result = ValidateAll(thorough); break; } diff --git a/c5/usage.dat b/c5/usage.dat index 201aece..d885914 100644 --- a/c5/usage.dat +++ b/c5/usage.dat @@ -56,7 +56,7 @@ Test Driver for Crypto++(TM) Library, a C++ Class Library of Cryptographic Schem - To forward a TCP connection cryptest ft source-port destination-host destination-port -- To run the FIPS-140-2 sample application +- To run the FIPS 140-2 sample application cryptest fips - To run validation tests diff --git a/c5/validat1.cpp b/c5/validat1.cpp index 88c5b52..5619589 100644 --- a/c5/validat1.cpp +++ b/c5/validat1.cpp @@ -4,6 +4,7 @@ #include "files.h" #include "hex.h" +#include "base64.h" #include "modes.h" #include "cbcmac.h" #include "dmac.h" @@ -223,18 +224,23 @@ bool TestOS_RNG() { bool pass = true; + member_ptr<RandomNumberGenerator> rng; #ifdef BLOCKING_RNG_AVAILABLE + try {rng.reset(new BlockingRng);} + catch (OS_RNG_Err &) {} +#endif + + if (rng.get()) { cout << "\nTesting operating system provided blocking random number generator...\n\n"; - BlockingRng rng; ArraySink *sink; - RandomNumberSource test(rng, 100000, false, new Deflator(sink=new ArraySink(NULL,0))); + RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(sink=new ArraySink(NULL,0))); unsigned long total=0, length=0; time_t t = time(NULL), t1 = 0; // check that it doesn't take too long to generate a reasonable amount of randomness - while (total < 16 && (t1 < 10 || total*8 > t1)) + while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1)) { test.Pump(1); total += 1; @@ -270,7 +276,9 @@ bool TestOS_RNG() total += 1; length += 1; } - if (length > 1024) + // turn off this test because it fails on several systems, including Darwin + // they don't block, or gather entropy too fast? + if (false) // (length > 1024) { cout << "FAILED:"; pass = false; @@ -291,17 +299,21 @@ bool TestOS_RNG() cout << "passed:"; cout << " " << total << " generated bytes compressed to " << sink->TotalPutLength() << " bytes by DEFLATE" << endl; } -#else - cout << "\nNo operating system provided blocking random number generator, skipping test." << endl; -#endif + else + cout << "\nNo operating system provided blocking random number generator, skipping test." << endl; + rng.reset(NULL); #ifdef NONBLOCKING_RNG_AVAILABLE + try {rng.reset(new NonblockingRng);} + catch (OS_RNG_Err &) {} +#endif + + if (rng.get()) { cout << "\nTesting operating system provided nonblocking random number generator...\n\n"; - NonblockingRng rng; ArraySink *sink; - RandomNumberSource test(rng, 100000, true, new Deflator(sink=new ArraySink(NULL, 0))); + RandomNumberSource test(*rng, 100000, true, new Deflator(sink=new ArraySink(NULL, 0))); if (sink->TotalPutLength() < 100000) { @@ -312,9 +324,8 @@ bool TestOS_RNG() cout << "passed:"; cout << " 100000 generated bytes compressed to " << sink->TotalPutLength() << " bytes by DEFLATE" << endl; } -#else - cout << "\nNo operating system provided nonblocking random number generator, skipping test." << endl; -#endif + else + cout << "\nNo operating system provided nonblocking random number generator, skipping test." << endl; return pass; } @@ -1248,3 +1259,53 @@ bool ValidateSEAL() cout << (pass ? "passed" : "FAILED") << endl; return pass; } + +bool ValidateBaseCode() +{ + bool pass = true, fail; + byte data[255]; + for (unsigned int i=0; i<255; i++) + data[i] = i; + const char *hexEncoded = +"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627" +"28292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F" +"505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677" +"78797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F" +"A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7" +"C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF" +"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFE"; + const char *base64AndHexEncoded = +"41414543417751464267634943516F4C4441304F4478415245684D554652595847426B6147787764" +"486838674953496A4A43556D4A7967704B6973734C5334764D4445794D7A51310A4E6A63344F546F" +"375044302B50304242516B4E4552555A4853456C4B5330784E546B395155564A5456465657563168" +"5A576C746358563566594746695932526C5A6D646F615770720A6247317562334278636E4E306458" +"5A3365486C3665337839666E2B4167594B44684957476834694A696F754D6A5936506B4A47536B35" +"53566C7065596D5A71626E4A32656E3643680A6F714F6B7061616E714B6D717136797472712B7773" +"624B7A744C573274376935757275387662362F774D484377385446787366497963724C7A4D334F7A" +"39445230745055316462580A324E6E6132397A6433742F6734654C6A354F586D352B6A7036757673" +"3765377638504879382F5431397666342B6672372F50332B0A"; + + cout << "\nBase64 and hex coding validation suite running...\n\n"; + + fail = !TestFilter(HexEncoder().Ref(), data, 255, (const byte *)hexEncoded, strlen(hexEncoded)); + cout << (fail ? "FAILED " : "passed "); + cout << "Hex Encoding\n"; + pass = pass && !fail; + + fail = !TestFilter(HexDecoder().Ref(), (const byte *)hexEncoded, strlen(hexEncoded), data, 255); + cout << (fail ? "FAILED " : "passed "); + cout << "Hex Decoding\n"; + pass = pass && !fail; + + fail = !TestFilter(Base64Encoder(new HexEncoder).Ref(), data, 255, (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded)); + cout << (fail ? "FAILED " : "passed "); + cout << "Base64 Encoding\n"; + pass = pass && !fail; + + fail = !TestFilter(HexDecoder(new Base64Decoder).Ref(), (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded), data, 255); + cout << (fail ? "FAILED " : "passed "); + cout << "Base64 Decoding\n"; + pass = pass && !fail; + + return pass; +} diff --git a/c5/validat2.cpp b/c5/validat2.cpp index 783f7be..9a93019 100644 --- a/c5/validat2.cpp +++ b/c5/validat2.cpp @@ -113,23 +113,42 @@ bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false) const byte *message = (byte *)"test message"; const int messageLen = 12; - byte buffer[512]; - memset(buffer, 0, sizeof(buffer)); - priv.SignMessage(GlobalRNG(), message, messageLen, buffer); - fail = !pub.VerifyMessage(message, messageLen, buffer); + SecByteBlock signature(priv.MaxSignatureLength()); + unsigned int signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); + fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature and verification\n"; - ++buffer[0]; - fail = pub.VerifyMessage(message, messageLen, buffer); + ++signature[0]; + fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "checking invalid signature" << endl; + if (priv.MaxRecoverableLength() > 0) + { + signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature); + SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); + DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); + fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0); + pass = pass && !fail; + + cout << (fail ? "FAILED " : "passed "); + cout << "signature and verification with recovery" << endl; + + ++signature[0]; + result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength); + fail = result.isValidCoding; + pass = pass && !fail; + + cout << (fail ? "FAILED " : "passed "); + cout << "recovery with invalid signature" << endl; + } + return pass; } @@ -149,7 +168,7 @@ bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size())); pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext); - fail = priv.Decrypt(ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); + fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); fail = fail || memcmp(message, plaintext, messageLen); pass = pass && !fail; @@ -254,21 +273,21 @@ bool ValidateRSA() RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys); RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv); - rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); + unsigned int signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); fail = memcmp(signature, out, 64) != 0; pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature check against test vector\n"; - fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out); + fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "verification check against test vector\n"; out[10]++; - fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out); + fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); @@ -305,7 +324,7 @@ bool ValidateRSA() memset(out, 0, 50); memset(outPlain, 0, 8); rsaPub.Encrypt(rng, plain, 8, out); - DecodingResult result = rsaPriv.FixedLengthDecrypt(encrypted, outPlain); + DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain); fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8); pass = pass && !fail; @@ -447,20 +466,20 @@ bool ValidateDSA(bool thorough) cout << (fail ? "FAILED " : "passed "); cout << "prime generation test\n"; - priv.GetDigestSignatureScheme().RawSign(k, h, rOut, sOut); + priv.RawSign(k, h, rOut, sOut); fail = (rOut != r) || (sOut != s); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature check against test vector\n"; - fail = !pub.VerifyMessage((byte *)"abc", 3, sig); + fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "verification check against test vector\n"; - fail = pub.VerifyMessage((byte *)"xyz", 3, sig); + fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); pass = pass && !fail; } FileSource fs1("dsa1024.dat", true, new HexDecoder()); @@ -518,8 +537,8 @@ bool ValidateRabin() { FileSource f("rabi1024.dat", true, new HexDecoder); - RabinPSSR<SHA>::Signer priv(f); - RabinPSSR<SHA>::Verifier pub(priv); + RabinSS<PSSR, SHA>::Signer priv(f); + RabinSS<PSSR, SHA>::Verifier pub(priv); pass = SignatureValidate(priv, pub) && pass; } { @@ -535,8 +554,8 @@ bool ValidateRW() cout << "\nRW validation suite running...\n\n"; FileSource f("rw1024.dat", true, new HexDecoder); - RWSSA<SHA>::Signer priv(f); - RWSSA<SHA>::Verifier pub(priv); + RWSS<PSSR, SHA>::Signer priv(f); + RWSS<PSSR, SHA>::Verifier pub(priv); return SignatureValidate(priv, pub); } @@ -681,20 +700,20 @@ bool ValidateECDSA() Integer rOut, sOut; bool fail, pass=true; - priv.GetDigestSignatureScheme().RawSign(k, h, rOut, sOut); + priv.RawSign(k, h, rOut, sOut); fail = (rOut != r) || (sOut != s); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "signature check against test vector\n"; - fail = !pub.VerifyMessage((byte *)"abc", 3, sig); + fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); cout << "verification check against test vector\n"; - fail = pub.VerifyMessage((byte *)"xyz", 3, sig); + fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); pass = pass && !fail; pass = SignatureValidate(priv, pub) && pass; @@ -723,7 +742,7 @@ bool ValidateESIGN() fail = !SignatureValidate(signer, verifier); pass = pass && !fail; - fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature); + fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); pass = pass && !fail; cout << (fail ? "FAILED " : "passed "); diff --git a/c5/validate.h b/c5/validate.h index 7c2a1d7..486cf48 100644 --- a/c5/validate.h +++ b/c5/validate.h @@ -7,6 +7,7 @@ bool ValidateAll(bool thorough); bool TestSettings(); bool TestOS_RNG(); +bool ValidateBaseCode(); bool ValidateCRC32(); bool ValidateAdler32(); diff --git a/c5/wait.cpp b/c5/wait.cpp index f7a0e36..05d485b 100644 --- a/c5/wait.cpp +++ b/c5/wait.cpp @@ -34,24 +34,170 @@ void WaitObjectContainer::Clear() #ifdef USE_WINDOWS_STYLE_SOCKETS +struct WaitingThreadData +{ + bool waitingToWait, terminate; + HANDLE startWaiting, stopWaiting; + const HANDLE *waitHandles; + unsigned int count; + HANDLE threadHandle; + DWORD threadId; + DWORD* error; +}; + +WaitObjectContainer::~WaitObjectContainer() +{ + try // don't let exceptions escape destructor + { + if (!m_threads.empty()) + { + HANDLE threadHandles[MAXIMUM_WAIT_OBJECTS]; + unsigned int i; + for (i=0; i<m_threads.size(); i++) + { + WaitingThreadData &thread = *m_threads[i]; + while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state + Sleep(0); + thread.terminate = true; + threadHandles[i] = thread.threadHandle; + } + PulseEvent(m_startWaiting); + ::WaitForMultipleObjects(m_threads.size(), threadHandles, TRUE, INFINITE); + for (i=0; i<m_threads.size(); i++) + CloseHandle(threadHandles[i]); + CloseHandle(m_startWaiting); + CloseHandle(m_stopWaiting); + } + } + catch (...) + { + } +} + + void WaitObjectContainer::AddHandle(HANDLE handle) { m_handles.push_back(handle); } +DWORD WINAPI WaitingThread(LPVOID lParam) +{ + std::auto_ptr<WaitingThreadData> pThread((WaitingThreadData *)lParam); + WaitingThreadData &thread = *pThread; + std::vector<HANDLE> handles; + + while (true) + { + thread.waitingToWait = true; + ::WaitForSingleObject(thread.startWaiting, INFINITE); + thread.waitingToWait = false; + + if (thread.terminate) + break; + if (!thread.count) + continue; + + handles.resize(thread.count + 1); + handles[0] = thread.stopWaiting; + std::copy(thread.waitHandles, thread.waitHandles+thread.count, handles.begin()+1); + + DWORD result = ::WaitForMultipleObjects(handles.size(), &handles[0], FALSE, INFINITE); + + if (result == WAIT_OBJECT_0) + continue; // another thread finished waiting first, so do nothing + SetEvent(thread.stopWaiting); + if (!(result > WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + handles.size())) + { + assert(!"error in WaitingThread"); // break here so we can see which thread has an error + *thread.error = ::GetLastError(); + } + } + + return S_OK; // return a value here to avoid compiler warning +} + +void WaitObjectContainer::CreateThreads(unsigned int count) +{ + unsigned int currentCount = m_threads.size(); + if (currentCount == 0) + { + m_startWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); + m_stopWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL); + } + + if (currentCount < count) + { + m_threads.resize(count); + for (unsigned int i=currentCount; i<count; i++) + { + m_threads[i] = new WaitingThreadData; + WaitingThreadData &thread = *m_threads[i]; + thread.terminate = false; + thread.startWaiting = m_startWaiting; + thread.stopWaiting = m_stopWaiting; + thread.waitingToWait = false; + thread.threadHandle = CreateThread(NULL, 0, &WaitingThread, &thread, 0, &thread.threadId); + } + } +} + bool WaitObjectContainer::Wait(unsigned long milliseconds) { if (m_noWait || m_handles.empty()) return true; - DWORD result = ::WaitForMultipleObjects(m_handles.size(), &m_handles[0], FALSE, milliseconds); + if (m_handles.size() > MAXIMUM_WAIT_OBJECTS) + { + // too many wait objects for a single WaitForMultipleObjects call, so use multiple threads + static const unsigned int WAIT_OBJECTS_PER_THREAD = MAXIMUM_WAIT_OBJECTS-1; + unsigned int nThreads = (m_handles.size() + WAIT_OBJECTS_PER_THREAD - 1) / WAIT_OBJECTS_PER_THREAD; + if (nThreads > MAXIMUM_WAIT_OBJECTS) // still too many wait objects, maybe implement recursive threading later? + throw Err("WaitObjectContainer: number of wait objects exceeds limit"); + CreateThreads(nThreads); + DWORD error = S_OK; + + for (unsigned int i=0; i<m_threads.size(); i++) + { + WaitingThreadData &thread = *m_threads[i]; + while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state + Sleep(0); + if (i<nThreads) + { + thread.waitHandles = &m_handles[i*WAIT_OBJECTS_PER_THREAD]; + thread.count = STDMIN(WAIT_OBJECTS_PER_THREAD, m_handles.size() - i*WAIT_OBJECTS_PER_THREAD); + thread.error = &error; + } + else + thread.count = 0; + } - if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size()) - return true; - else if (result == WAIT_TIMEOUT) - return false; + ResetEvent(m_stopWaiting); + PulseEvent(m_startWaiting); + + DWORD result = ::WaitForSingleObject(m_stopWaiting, milliseconds); + if (result == WAIT_OBJECT_0) + { + if (error == S_OK) + return true; + else + throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(error)); + } + SetEvent(m_stopWaiting); + if (result == WAIT_TIMEOUT) + return false; + else + throw Err("WaitObjectContainer: WaitForSingleObject failed with error " + IntToString(::GetLastError())); + } else - throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError())); + { + DWORD result = ::WaitForMultipleObjects(m_handles.size(), &m_handles[0], FALSE, milliseconds); + if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size()) + return true; + else if (result == WAIT_TIMEOUT) + return false; + else + throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError())); + } } #else @@ -16,6 +16,8 @@ NAMESPACE_BEGIN(CryptoPP) +struct WaitingThreadData; + //! container of wait objects class WaitObjectContainer { @@ -34,6 +36,7 @@ public: bool Wait(unsigned long milliseconds); #ifdef USE_WINDOWS_STYLE_SOCKETS + ~WaitObjectContainer(); void AddHandle(HANDLE handle); #else void AddReadFd(int fd); @@ -42,7 +45,11 @@ public: private: #ifdef USE_WINDOWS_STYLE_SOCKETS + void CreateThreads(unsigned int count); std::vector<HANDLE> m_handles; + std::vector<WaitingThreadData *> m_threads; + HANDLE m_startWaiting; + HANDLE m_stopWaiting; #else fd_set m_readfds, m_writefds; int m_maxFd; |