bg
/
arm-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

now with rsassa-pkcs1v15 (old rsa signatures) + many new things

This commit is contained in:
bg 2012-05-05 05:16:29 +02:00
parent e5296441c9
commit 1cdc772d04
48 changed files with 17002 additions and 1557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
arm-makefile.inc
View File

@ -16,7 +16,7 @@ TEST_DIR = test/#
BIN_DIR = bin/#
TESTSRC_DIR = test_src/#
ERASECMD =
TESTPORT = /dev/ttyUSB1
TESTPORT = /dev/ttyUSB2
TESTPORTBAUDR = 115200
TESTLOG_DIR = testlog/#
TESTPREFIX = nessie-#

7
bcal/bcal_camellia128.c
View File

@ -25,18 +25,17 @@
*
*/
#include <avr/pgmspace.h>
#include <stdlib.h>
#include "blockcipher_descriptor.h"
#include "camellia.h"
#include "keysize_descriptor.h"
const char camellia128_str[] PROGMEM = "Camellia-128";
const char camellia128_str[] = "Camellia-128";
const uint8_t camellia128_keysize_desc[] PROGMEM = { KS_TYPE_LIST, 1, KS_INT(128),
const uint8_t camellia128_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(128),
KS_TYPE_TERMINATOR };
const bcdesc_t camellia128_desc PROGMEM = {
const bcdesc_t camellia128_desc = {
BCDESC_TYPE_BLOCKCIPHER,
BC_INIT_TYPE_2,
camellia128_str,

1
bcal/bcal_camellia128.h
View File

@ -25,7 +25,6 @@
*
*/
#include <avr/pgmspace.h>
#include "blockcipher_descriptor.h"
#include "camellia.h"
#include "keysize_descriptor.h"

52
bigint/bigint.c
View File

@ -53,9 +53,9 @@
#define SET_NEG(a) (a)->info |= BIGINT_NEG_MASK
#define SET_POS(a) (a)->info &= ~BIGINT_NEG_MASK
#define XCHG(a,b) do{(a)^=(b); (b)^=(a); (a)^=(b);}while(0)
#define XCHG_PTR(a,b) do{ a = (void*)(((bigint_ptr_int_t)(a)) ^ ((bigint_ptr_int_t)(b))); \
b = (void*)(((bigint_ptr_int_t)(a)) ^ ((bigint_ptr_int_t)(b))); \
a = (void*)(((bigint_ptr_int_t)(a)) ^ ((bigint_ptr_int_t)(b)));}while(0)
#define XCHG_PTR(a,b) do{ a = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b))); \
b = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b))); \
a = (void*)(((intptr_t)(a)) ^ ((intptr_t)(b)));}while(0)
#define GET_SIGN(a) ((a)->info&BIGINT_NEG_MASK)
@ -80,7 +80,7 @@ void bigint_adjust(bigint_t* a){
/******************************************************************************/
uint16_t bigint_length_b(bigint_t* a){
uint16_t bigint_length_b(const bigint_t* a){
if(!a->length_B || a->length_B==0){
return 0;
}
@ -89,13 +89,13 @@ uint16_t bigint_length_b(bigint_t* a){
/******************************************************************************/
uint16_t bigint_length_B(bigint_t* a){
uint16_t bigint_length_B(const bigint_t* a){
return a->length_B * sizeof(bigint_word_t);
}
/******************************************************************************/
uint32_t bigint_get_first_set_bit(bigint_t* a){
uint32_t bigint_get_first_set_bit(const bigint_t* a){
if(a->length_B==0){
return (uint32_t)(-1);
}
@ -105,7 +105,7 @@ uint32_t bigint_get_first_set_bit(bigint_t* a){
/******************************************************************************/
uint32_t bigint_get_last_set_bit(bigint_t* a){
uint32_t bigint_get_last_set_bit(const bigint_t* a){
uint32_t r=0;
uint8_t b=0;
bigint_word_t x=1;
@ -403,7 +403,7 @@ int8_t bigint_cmp_s(const bigint_t* a, const bigint_t* b){
/******************************************************************************/
void bigint_shiftleft(bigint_t* a, uint16_t shift){
uint16_t byteshift, word_alloc;
uint16_t byteshift, word_alloc, words_to_shift;
int16_t i;
uint8_t bitshift;
bigint_word_t *p;
@ -417,14 +417,15 @@ void bigint_shiftleft(bigint_t* a, uint16_t shift){
a->wordv[a->length_B+i] = 0;
}
if(byteshift){
memmove(((uint8_t*)a->wordv)+byteshift, a->wordv, a->length_B*sizeof(bigint_word_t));
memmove(((uint8_t*)a->wordv) + byteshift, a->wordv, a->length_B * sizeof(bigint_word_t));
memset(a->wordv, 0, byteshift);
}
p = (bigint_word_t*)(((uint8_t*)a->wordv)+byteshift);
word_alloc = a->length_B+(byteshift+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t)+1;
p = a->wordv + byteshift / sizeof(bigint_word_t);
words_to_shift = a->length_B + (byteshift % sizeof(bigint_word_t)?1:0);
word_alloc = a->length_B + (byteshift + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t) + 1;
a->wordv[word_alloc-1]=0;
if(bitshift!=0){
for(i=0; i<a->length_B; ++i){
for(i=0; i < words_to_shift; ++i){
t |= ((bigint_wordplus_t)p[i])<<bitshift;
p[i] = (bigint_word_t)t;
t >>= BIGINT_WORD_SIZE;
@ -444,30 +445,29 @@ void bigint_shiftright(bigint_t* a, uint16_t shift){
bigint_wordplus_t t=0;
byteshift = shift/8;
bitshift = shift&7;
if(byteshift >= a->length_B*sizeof(bigint_word_t)){ /* we would shift out more than we have */
if(byteshift >= a->length_B * sizeof(bigint_word_t)){ /* we would shift out more than we have */
bigint_set_zero(a);
return;
}
if(byteshift == a->length_B*sizeof(bigint_word_t)-1 && bitshift>GET_FBS(a)){
if(byteshift == a->length_B * sizeof(bigint_word_t) - 1 && bitshift > GET_FBS(a)){
bigint_set_zero(a);
return;
}
if(byteshift){
memmove(a->wordv, (uint8_t*)a->wordv+byteshift, a->length_B-byteshift);
memset((uint8_t*)a->wordv+a->length_B-byteshift, 0, byteshift);
memmove(a->wordv, (uint8_t*)a->wordv + byteshift, a->length_B * sizeof(bigint_word_t) - byteshift);
memset((uint8_t*)a->wordv + a->length_B * sizeof(bigint_word_t) - byteshift, 0, byteshift);
}
byteshift /= sizeof(bigint_word_t);
if(bitshift!=0){
a->length_B -= (byteshift + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
if(bitshift != 0 && a->length_B){
/* shift to the right */
for(i=a->length_B-byteshift-1; i>0; --i){
t |= ((bigint_wordplus_t)(a->wordv[i]))<<(BIGINT_WORD_SIZE-bitshift);
a->wordv[i] = (bigint_word_t)(t>>BIGINT_WORD_SIZE);
i = a->length_B - 1;
do{
t |= ((bigint_wordplus_t)(a->wordv[i])) << (BIGINT_WORD_SIZE - bitshift);
a->wordv[i] = (bigint_word_t)(t >> BIGINT_WORD_SIZE);
t <<= BIGINT_WORD_SIZE;
}
t |= ((bigint_wordplus_t)(a->wordv[0]))<<(BIGINT_WORD_SIZE-bitshift);
a->wordv[0] = (bigint_word_t)(t>>BIGINT_WORD_SIZE);
}while(i--);
}
a->length_B -= ((shift/8)+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
bigint_adjust(a);
}
@ -792,12 +792,12 @@ void bigint_expmod_u(bigint_t* dest, const bigint_t* a, const bigint_t* exp, con
if(flag){
bigint_square(&res, &res);
bigint_reduce(&res, r);
if(t & (1<<(BIGINT_WORD_SIZE-1))){
if(t & (1 << (BIGINT_WORD_SIZE - 1))){
bigint_mul_u(&res, &res, &base);
bigint_reduce(&res, r);
}
}
t<<=1;
t <<= 1;
}
}

10
bigint/bigint.h
View File

@ -43,15 +43,13 @@ typedef struct{
bigint_word_t *wordv; /* word vector, pointing to the LSB */
}bigint_t;
typedef uint32_t bigint_ptr_int_t;
/******************************************************************************/
void bigint_adjust(bigint_t* a);
uint32_t bigint_get_first_set_bit(bigint_t* a);
uint32_t bigint_get_last_set_bit(bigint_t* a);
uint16_t bigint_length_b(bigint_t* a);
uint16_t bigint_length_B(bigint_t* a);
uint32_t bigint_get_first_set_bit(const bigint_t* a);
uint32_t bigint_get_last_set_bit(const bigint_t* a);
uint16_t bigint_length_b(const bigint_t* a);
uint16_t bigint_length_B(const bigint_t* a);
void bigint_copy(bigint_t* dest, const bigint_t* src);
void bigint_add_u(bigint_t* dest, const bigint_t* a, const bigint_t* b);
void bigint_add_scale_u(bigint_t* dest, const bigint_t* a, uint16_t scale);

23
blake/blake_large.c
View File

@ -137,21 +137,24 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
msg = (uint8_t*)msg + BLAKE_LARGE_BLOCKSIZE_B;
length_b -= BLAKE_LARGE_BLOCKSIZE;
}
uint8_t buffer[128];
union {
uint8_t v8[128];
uint64_t v64[ 16];
} buffer;
uint64_t v[16];
uint64_t ctr;
ctr = ctx->counter*1024+length_b;
memset(buffer, 0, 128);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_large_changeendian(buffer, buffer);
memset(buffer.v8, 0, 128);
memcpy(buffer.v8, msg, (length_b+7)/8);
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
blake_large_changeendian(buffer.v8, buffer.v8);
blake_large_expand(v, ctx);
if(length_b>1024-128-2){
v[12] ^= ctr;
v[13] ^= ctr;
blake_large_compress(v, buffer);
blake_large_compress(v, buffer.v8);
blake_large_collapse(ctx, v);
memset(buffer, 0, 128-8);
memset(buffer.v8, 0, 128-8);
blake_large_expand(v, ctx);
} else {
if(length_b){
@ -160,9 +163,9 @@ void blake_large_lastBlock(blake_large_ctx_t* ctx, const void* msg, uint16_t len
}
}
if(ctx->appendone)
buffer[128-16-8] |= 0x01;
*((uint64_t*)(&(buffer[128-8]))) = ctr;
blake_large_compress(v, buffer);
buffer.v8[128-16-8] |= 0x01;
buffer.v64[15] = ctr;
blake_large_compress(v, buffer.v8);
blake_large_collapse(ctx, v);
}

26
blake/blake_small.c
View File

@ -133,26 +133,30 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
msg = (uint8_t*)msg + BLAKE_SMALL_BLOCKSIZE_B;
length_b -= BLAKE_SMALL_BLOCKSIZE;
}
uint8_t buffer[64];
union {
uint8_t v8[64];
uint32_t v32[16];
uint64_t v64[ 8];
} buffer;
uint32_t v[16];
union {
uint64_t v64;
uint32_t v32[2];
}ctr;
ctr.v64 = ctx->counter*512+length_b;
memset(buffer, 0, 64);
memcpy(buffer, msg, (length_b+7)/8);
buffer[length_b/8] |= 0x80 >> (length_b&0x7);
blake_small_changeendian(buffer, buffer);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, msg, (length_b+7)/8);
buffer.v8[length_b/8] |= 0x80 >> (length_b&0x7);
blake_small_changeendian(buffer.v8, buffer.v8);
blake_small_expand(v, ctx);
if(length_b>512-64-2){
v[12] ^= ctr.v32[0];
v[13] ^= ctr.v32[0];
v[14] ^= ctr.v32[1];
v[15] ^= ctr.v32[1];
blake_small_compress(v, buffer);
blake_small_compress(v, buffer.v8);
blake_small_collapse(ctx, v);
memset(buffer, 0, 64-8);
memset(buffer.v8, 0, 64-8);
blake_small_expand(v, ctx);
}else{
if(length_b){
@ -163,10 +167,10 @@ void blake_small_lastBlock(blake_small_ctx_t* ctx, const void* msg, uint16_t len
}
}
if(ctx->appendone)
buffer[64-8-4] |= 0x01;
*((uint32_t*)(&(buffer[64-8]))) = ctr.v32[1];
*((uint32_t*)(&(buffer[64-4]))) = ctr.v32[0];
blake_small_compress(v, buffer);
buffer.v8[64-8-4] |= 0x01;
buffer.v32[14] = ctr.v32[1];
buffer.v32[15] = ctr.v32[0];
blake_small_compress(v, buffer.v8);
blake_small_collapse(ctx, v);
}

31
bmw/bmw_large.c
View File

@ -520,33 +520,36 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
}
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[128];
union {
uint8_t v8[128];
uint64_t v64[ 16];
} buffer;
while(length_b >= BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(ctx, block);
length_b -= BMW_LARGE_BLOCKSIZE;
block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
}
memset(buffer, 0, 128);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 128);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>128*8-64){
bmw_large_nextBlock(ctx, buffer);
memset(buffer, 0, 128-8);
bmw_large_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 128-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer);
buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer.v8);
#if TWEAK
uint8_t i;
uint64_t q[32];
memset(buffer, 0xaa, 128);
memset(buffer.v8, 0xaa, 128);
for(i=0; i<16; ++i){
buffer[8*i] = i + 0xa0;
buffer.v8[8*i] = i + 0xa0;
}
bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
bmw_large_f2((uint64_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 128);
bmw_large_f0(q, buffer.v64, ctx->h);
bmw_large_f1(q, ctx->h, buffer.v64);
bmw_large_f2(buffer.v64, q, ctx->h);
memcpy(ctx->h, buffer.v8, 128);
#endif
}

31
bmw/bmw_large_speed.c
View File

@ -226,32 +226,35 @@ void bmw_large_nextBlock(bmw_large_ctx_t* ctx, const void* block){
}
void bmw_large_lastBlock(bmw_large_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[128];
union {
uint8_t v8[128];
uint64_t v64[ 16];
} buffer;
while(length_b >= BMW_LARGE_BLOCKSIZE){
bmw_large_nextBlock(ctx, block);
length_b -= BMW_LARGE_BLOCKSIZE;
block = (uint8_t*)block + BMW_LARGE_BLOCKSIZE_B;
}
memset(buffer, 0, 128);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 128);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>128*8-64){
bmw_large_nextBlock(ctx, buffer);
memset(buffer, 0, 128-8);
bmw_large_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 128-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[128-8])) = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer);
buffer.v64[15] = (uint64_t)(ctx->counter*1024LL)+(uint64_t)length_b;
bmw_large_nextBlock(ctx, buffer.v8);
uint8_t i;
uint64_t q[32];
memset(buffer, 0xaa, 128);
memset(buffer.v8, 0xaa, 128);
for(i=0; i<16; ++i){
buffer[8*i] = i + 0xa0;
buffer.v8[8*i] = i + 0xa0;
}
bmw_large_f0(q, (uint64_t*)buffer, ctx->h);
bmw_large_f1(q, ctx->h, (uint64_t*)buffer);
bmw_large_f2((uint64_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 128);
bmw_large_f0(q, buffer.v64, ctx->h);
bmw_large_f1(q, ctx->h, buffer.v64);
bmw_large_f2(buffer.v64, q, ctx->h);
memcpy(ctx->h, buffer.v8, 128);
}
void bmw384_init(bmw384_ctx_t* ctx){

36
bmw/bmw_small.c
View File

@ -401,38 +401,42 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
}
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
union {
uint8_t v8[64];
uint32_t v32[16];
uint64_t v64[ 8];
} buffer;
while(length_b >= BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(ctx, block);
length_b -= BMW_SMALL_BLOCKSIZE;
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>64*8-64){
bmw_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-8);
bmw_small_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 64-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer);
buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer.v8);
#if TWEAK
uint8_t i;
uint32_t q[32];
memset(buffer, 0xaa, 64);
memset(buffer.v8, 0xaa, 64);
for(i=0; i<16;++i){
buffer[i*4] = i+0xa0;
buffer.v8[i*4] = i+0xa0;
}
// dump_x(buffer, 16, 'A');
// dump_x(buffer.v8, 16, 'A');
dump_x(ctx->h, 16, 'M');
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
dump_x(buffer, 16, 'a');
bmw_small_f0(q, buffer.v32, ctx->h);
dump_x(buffer.v8, 16, 'a');
dump_x(q, 16, 'Q');
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
bmw_small_f1(q, ctx->h, buffer.v32);
dump_x(q, 32, 'Q');
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 64);
bmw_small_f2(buffer.v32, q, ctx->h);
memcpy(ctx->h, buffer.v8, 64);
#endif
}

36
bmw/bmw_small_speed.c
View File

@ -228,37 +228,41 @@ void bmw_small_nextBlock(bmw_small_ctx_t* ctx, const void* block){
}
void bmw_small_lastBlock(bmw_small_ctx_t* ctx, const void* block, uint16_t length_b){
uint8_t buffer[64];
union {
uint8_t v8[64];
uint32_t v32[16];
uint64_t v64[ 8];
} buffer;
while(length_b >= BMW_SMALL_BLOCKSIZE){
bmw_small_nextBlock(ctx, block);
length_b -= BMW_SMALL_BLOCKSIZE;
block = (uint8_t*)block + BMW_SMALL_BLOCKSIZE_B;
}
memset(buffer, 0, 64);
memcpy(buffer, block, (length_b+7)/8);
buffer[length_b>>3] |= 0x80 >> (length_b&0x07);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, block, (length_b+7)/8);
buffer.v8[length_b>>3] |= 0x80 >> (length_b&0x07);
if(length_b+1>64*8-64){
bmw_small_nextBlock(ctx, buffer);
memset(buffer, 0, 64-8);
bmw_small_nextBlock(ctx, buffer.v8);
memset(buffer.v8, 0, 64-8);
ctx->counter -= 1;
}
*((uint64_t*)&(buffer[64-8])) = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer);
buffer.v64[7] = (uint64_t)(ctx->counter*512LL)+(uint64_t)length_b;
bmw_small_nextBlock(ctx, buffer.v8);
uint8_t i;
uint32_t q[32];
memset(buffer, 0xaa, 64);
memset(buffer.v8, 0xaa, 64);
for(i=0; i<16;++i){
buffer[i*4] = i+0xa0;
buffer.v8[i*4] = i+0xa0;
}
// dump_x(buffer, 16, 'A');
// dump_x(buffer.v8, 16, 'A');
dump_x(ctx->h, 16, 'M');
bmw_small_f0(q, (uint32_t*)buffer, ctx->h);
dump_x(buffer, 16, 'a');
bmw_small_f0(q, buffer.v32, ctx->h);
dump_x(buffer.v8, 16, 'a');
dump_x(q, 16, 'Q');
bmw_small_f1(q, ctx->h, (uint32_t*)buffer);
bmw_small_f1(q, ctx->h, buffer.v32);
dump_x(q, 32, 'Q');
bmw_small_f2((uint32_t*)buffer, q, ctx->h);
memcpy(ctx->h, buffer, 64);
bmw_small_f2(buffer.v32, q, ctx->h);
memcpy(ctx->h, buffer.v8, 64);
}
void bmw224_init(bmw224_ctx_t* ctx){

34
host/rsa_oaep_check.rb → host/rsaes_oaep_check.rb
View File

@ -1,5 +1,5 @@
#!/usr/bin/ruby
# rsa_oaep_check.rb
# rsaes_oaep_check.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
@ -353,7 +353,7 @@ end
########################################
opts = Getopt::Std.getopts("dc:f:il:s:")
opts = Getopt::Std.getopts("dc:f:il:s:n:")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
@ -397,10 +397,38 @@ else
sv = 1
end
if opts['l']
if opts['l'] && ! opts['n']
$logfile = File.open(opts['l'], 'w')
end
base_name = 'rsaes_oaep'
if opts['n']
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
if File.exists?(logfilename)
i=1
begin
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i, '.txt')
i+=1
end while(File.exists?(logfilename))
while(i>2) do
n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-2, '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
i-=1
end
n1 = sprintf('%s%s', conf['PORT']['testlogbase'], base_name + '_' + opts['n'] + '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', 1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
end
printf("logging to %s", logfilename)
$logfile = File.open(logfilename, 'w')
end
$logfile = STDOUT if ! $logfile
$logfile.sync = true
reset_system()

69
host/rsa_pkcs15_check.rb → host/rsaes_pkcs1v15_check.rb
View File

@ -1,5 +1,5 @@
#!/usr/bin/ruby
# rsa_pkcs15_check.rb
# rsaes_pkcs1v15_check.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
@ -21,10 +21,12 @@
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'fileutils'
$buffer_size = 0 # set automatically in init_system
$conffile_check = Hash.new
$conffile_check.default = 0
$progress_dots = false
$debug = false
$logfile = nil
@ -94,10 +96,15 @@ end
def read_block(f)
d = Array.new
begin
v = false
l = f.gets
x = l.split.collect { |e| e.to_i(16) }
# x = l.split.collect { |e| e.to_i(16) }
t = l.split
t.each { |e| v = true if e.length != 2 }
x = []
x = t.collect { |e| e.to_i(16) } if ! v
d += x
end while x.length == 16
end while x.length == 16 && ! v
return d
end
@ -238,7 +245,7 @@ def load_bigint(d)
if i % 60 == 0
# we should now wait for incomming dot
wait_for_dot()
print('.')
print('.') if $progress_dots
end
end
end
@ -300,7 +307,11 @@ def check_tv(tv)
test_enc = ''
loop do
l = read_line_from_device()
break if ! /([0-9A-Fa-f]{2}\s*)+/.match(l)
t = l.split
v = false
t.each { |e| v = true if e.length != 2 }
x = t.collect { |e| e.to_i(16) }
break if v
test_enc += l if l
end
test_enc_a = Array.new
@ -329,9 +340,23 @@ end
########################################
# MAIN
########################################
help_text = <<EOF
Usage of 'rsaes_pkcs1v15_check':
>ruby rsaes_pkcs1v15_check -f <file> [-c <file>] [-s <a>.<b>] [-n <name> | -l <file>]
-d enable debugging (logging all received text, not only responses)
-c <file> use <file> as configuration file
-f <file> read testvectors from <file>
-s <a>.<b> start with testvector <a>.<b>
-n <name> log to a file which name is based on <name>
EOF
opts = Getopt::Std.getopts('dc:f:il:s:')
opts = Getopt::Std.getopts('dc:f:l:s:n:')
if !opts['f']
print help_text
exit 0
end
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
@ -367,14 +392,42 @@ $sp.flow_control = SerialPort::SOFT
$debug = true if opts['d']
if opts['l']
if opts['l'] && ! opts['n']
$logfile = File.open(opts['l'], 'w')
end
base_name = 'rsaes_pkcs1v15'
if opts['n']
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
if File.exists?(logfilename)
i=1
begin
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_',i,'.txt')
i+=1
end while(File.exists?(logfilename))
while(i>2) do
n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-2, '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
i-=1
end
n1 = sprintf('%s%s', conf['PORT']['testlogbase'], base_name + '_' + opts['n'] + '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', 1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
end
printf("logging to %s", logfilename)
$logfile = File.open(logfilename, 'w')
end
$logfile = STDOUT if ! $logfile
$logfile.sync = true
reset_system()
if opts['s'] && m = opts['s'].match(/([\d]+\.([\d]+))/)
if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) )
sk = m[1].to_i
sv = m[2].to_i
else

440
host/rsassa_pkcs1v15_check.rb Normal file
View File

@ -0,0 +1,440 @@
#!/usr/bin/ruby
# rsassa_pkcs1v15_check.rb
=begin
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
require 'rubygems'
require 'serialport'
require 'getopt/std'
require 'fileutils'
$buffer_size = 0 # set automatically in init_system
$conffile_check = Hash.new
$conffile_check.default = 0
$debug = false
$progress_dots = false
$logfile = nil
################################################################################
# readconfigfile #
################################################################################
def read_line_from_device()
repeat_counter = 10000
l = nil
s = ''
begin
l = $sp.gets()
repeat_counter -= 1
end while !l && repeat_counter > 0
t = Time.new
$logfile.printf("DBG: (%02d:%02d:%02d)<< %s\n", t.hour, t.min, t.sec, l.inspect) if $debug
if l && l.include?("AVR-Crypto-Lib")
$logfile.printf("DBG: system crashed !!!\n")
exit(false)
end
return l
end
def readconfigfile(fname, conf)
return conf if $conffile_check[fname]==1
$conffile_check[fname]=1
section = "default"
if not File.exists?(fname)
return conf
end
file = File.open(fname, "r")
until file.eof
line = file.gets()
next if /[\s]*#/.match(line)
if m=/\[[\s]*([^\s]*)[\s]*\]/.match(line)
section=m[1]
conf[m[1]] = Hash.new
next
end
next if ! /=/.match(line)
m=/[\s]*([^\s]*)[\s]*=[\s]*([^\s]*)/.match(line)
if m[1]=="include"
Dir.glob(m[2]){ |fn| conf = readconfigfile(fn, conf) }
else
conf[section][m[1]] = m[2]
end
end
file.close()
return conf
end
################################################################################
# reset_system #
################################################################################
def reset_system
$sp.print("\r")
sleep 0.1
$sp.print("\r")
sleep 0.1
$sp.print("echo off\r")
sleep 0.1
end
def read_block(f)
d = Array.new
begin
v = false
l = f.gets
# x = l.split.collect { |e| e.to_i(16) }
t = l.split
t.each { |e| v = true if e.length != 2 }
x = []
x = t.collect { |e| e.to_i(16) } if ! v
d += x
end while x.length == 16 && ! v
return d
end
=begin
# Modulus:
# Exponent:
# Modulus:
# Public exponent:
# Exponent:
# Prime 1:
# Prime 2:
# Prime exponent 1:
# Prime exponent 2:
# Coefficient:
# Message:
# Seed:
# Encryption:
=end
def get_next_block(f)
ret = Hash.new
data = Array.new
begin
l = f.gets
end while l && ! m= l.match(/^#[\s](.*):[\s]*$/)
return nil if ! l
ret['tag'] = m[1]
ret['line'] = f.lineno
data = read_block(f)
ret['data'] = data
return ret
end
$key_sequence = [
'Modulus', # 0
'Exponent', # 1
'Modulus', # 2
'Public exponent', # 3
'Exponent', # 4
'Prime 1', # 5
'Prime 2', # 6
'Prime exponent 1', # 7
'Prime exponent 2', # 8
'Coefficient', # 9
]
def key_consitency_check(k)
return true
end
def process_file(f, skip_key=1, skip_vec=1)
a = get_next_block(f)
key_no = 0
ok_counter = 0
fail_counter = 0
begin
if !a || ! a['tag'] == 'Modulus'
printf("ERROR: a = %s %d\n", a.inspect, __LINE__)
return
end
k_seq = Array.new
k_seq[0] = a
(1..($key_sequence.length-1)).each do |i|
a = get_next_block(f)
if ! a || a['tag'] != $key_sequence[i]
printf("ERROR: (expecting: %s) a = %s %d\n", $key_sequence[i], a.inspect, __LINE__)
end
k_seq[i] = a
end
key = convert_key(k_seq)
printf("ERROR: %d\n", __LINE__) if ! key
key_no += 1
vec_no = 0
printf("\n run %3d: ", key_no)
skip_key_flag = (key_no < skip_key)
load_key(key) if ! skip_key_flag
test_seq = Array.new
a = get_next_block(f)
printf("ERROR: %d\n", __LINE__) if ! a
begin
vec_no += 1
b = get_next_block(f)
tv = Hash.new
tv['msg'] = a['data']
tv['sign'] = b['data']
skip_vec_flag = (skip_key_flag || (key_no == skip_key && vec_no < skip_vec))
if skip_vec_flag
printf('o')
else
v = check_tv(tv)
if(v == true)
printf('*')
$logfile.printf("[[Test %2d.%02d = OK]]\n", key_no, vec_no)
ok_counter += 1
else
printf('%c', v ? '*' : '!')
$logfile.printf("[[Test %2d.%02d = FAIL]]\n", key_no, vec_no)
fail_counter += 1
end
end
a = get_next_block(f)
end while a && a['tag'] == 'Message to be signed'
end while a && a['tag'] = 'Modulus'
# printf("\nResult: %d OK / %d FAIL ==> %s \nFinished\n", ok_counter, fail_counter, fail_counter==0 ? ':-)' : ':-(')
return ok_counter,fail_counter
end
def convert_key(k_seq)
l = ['n', 'e', 'd', 'p', 'q', 'dP', 'dQ', 'qInv']
r = Hash.new
return nil if k_seq[0]['data'] != k_seq[2]['data']
return nil if k_seq[1]['data'] != k_seq[3]['data']
8.times do |i|
r[l[i]] = k_seq[2 + i]['data']
end
return r
end
def wait_for_dot
begin
s = $sp.gets()
end while !s || !s.include?('.')
end
def load_bigint(d)
$sp.printf("%d\r", d.length)
while l = read_line_from_device()
break if /data:/.match(l)
end
printf "ERROR: got no answer from system!" if !l
i = 0
d.each do |e|
$sp.printf("%02x", e)
i += 1
if i % 60 == 0
# we should now wait for incomming dot
wait_for_dot()
print('.') if $progress_dots
end
end
end
def hexdump(a)
i = 0
a.each do |e|
printf("\n\t") if i % 16 == 0
printf('%02x ', e)
i += 1
end
puts('') if i % 16 != 1
end
def str_hexdump(a)
i = 0
s = ''
a.each do |e|
s += "\n\t" if i % 16 == 0
s += sprintf('%02x ', e)
i += 1
end
s += "\n" if i % 16 != 1
return s
end
def load_key(k)
$sp.print("load-key\r")
sleep 0.1
v = ['n', 'e', 'p', 'q', 'dP', 'dQ', 'qInv']
v.each do |e|
load_bigint(k[e])
$logfile.printf("DBG: loaded %s\n", e) if $debug
end
while l = read_line_from_device()
break if />/.match(l)
end
end
def strip_leading_zeros(a)
loop do
return [] if a.length == 0
return a if a[0] != 0
a.delete_at(0)
end
end
def check_tv(tv)
sleep 0.1
$sp.print("sha1-test\r")
sleep 0.1
load_bigint(tv['msg'])
$logfile.printf("DBG: loaded %s\n", 'msg') if $debug
sleep 0.1
while l = read_line_from_device()
break if /signature:/.match(l)
end
test_sign = ''
loop do
l = read_line_from_device()
t = l.split
v = false
t.each { |e| v = true if e.length != 2 }
x = t.collect { |e| e.to_i(16) }
break if v
test_sign += l if l
end
test_sign_a = Array.new
test_sign = test_sign.split(/[\W\r\n]+/)
test_sign.each do |e|
v = e.sub(/[^0-9A-Fa-f]/, '')
test_sign_a << v if v.length == 2
end
test_sign_a.collect!{ |e| e.to_i(16) }
strip_leading_zeros(test_sign_a)
strip_leading_zeros(tv['sign'])
sign_ok = (test_sign_a == tv['sign'])
if !sign_ok
$logfile.printf("DBG: ref = %s test = %s\n", str_hexdump(tv['sign']) , str_hexdump(test_sign_a))
end
m = nil
loop do
l = read_line_from_device()
m = /(>>OK<<|ERROR)/.match(l)
break if m
end
return true if sign_ok && (m[1] == '>>OK<<')
return false
end
########################################
# MAIN
########################################
help_text = <<EOF
Usage of 'rsassa_pkcs1v15_check':
>ruby rsassa_pkcs1v15_check -f <file> [-c <file>] [-s <a>.<b>] [-n <name> | -l <file>]
-d enable debugging (logging all received text, not only responses)
-c <file> use <file> as configuration file
-f <file> read testvectors from <file>
-s <a>.<b> start with testvector <a>.<b>
-n <name> log to a file which name is based on <name>
EOF
opts = Getopt::Std.getopts('dc:f:l:s:n:')
if !opts['f']
print help_text
exit 0
end
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
conf = readconfigfile("~/.testport.conf", conf)
conf = readconfigfile("testport.conf", conf)
conf = readconfigfile(opts["c"], conf) if opts["c"]
#puts conf.inspect
puts("serial port interface version: " + SerialPort::VERSION);
$linewidth = 64
params = { "baud" => conf["PORT"]["baud"].to_i,
"data_bits" => conf["PORT"]["databits"].to_i,
"stop_bits" => conf["PORT"]["stopbits"].to_i,
"parity" => SerialPort::NONE }
params["paraty"] = SerialPort::ODD if conf["PORT"]["paraty"].downcase == "odd"
params["paraty"] = SerialPort::EVEN if conf["PORT"]["paraty"].downcase == "even"
params["paraty"] = SerialPort::MARK if conf["PORT"]["paraty"].downcase == "mark"
params["paraty"] = SerialPort::SPACE if conf["PORT"]["paraty"].downcase == "space"
puts("\nPort: "+conf["PORT"]["port"]+"@" +
params["baud"].to_s +
" " +
params["data_bits"].to_s +
conf["PORT"]["paraty"][0,1].upcase +
params["stop_bits"].to_s +
"\n")
$sp = SerialPort.new(conf["PORT"]["port"], params)
$sp.read_timeout=1000; # 5 minutes
$sp.flow_control = SerialPort::SOFT
$debug = true if opts['d']
if opts['l'] && ! opts['n']
$logfile = File.open(opts['l'], 'w')
end
base_name = 'rsassa_pkcs1v15'
if opts['n']
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
if File.exists?(logfilename)
i=1
begin
logfilename = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i, '.txt')
i+=1
end while(File.exists?(logfilename))
while(i>2) do
n1 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-2, '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', i-1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
i-=1
end
n1 = sprintf('%s%s', conf['PORT']['testlogbase'], base_name + '_' + opts['n'] + '.txt')
n2 = sprintf('%s%04d%s', conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '_', 1, '.txt')
File.rename(n1, n2)
printf("%s -> %s\n", n1, n2)
logfilename = conf['PORT']['testlogbase'] + base_name + '_' + opts['n'] + '.txt'
end
printf("logging to %s", logfilename)
$logfile = File.open(logfilename, 'w')
end
$logfile = STDOUT if ! $logfile
$logfile.sync = true
reset_system()
if opts['s'] && ( m = opts['s'].match(/([\d]+)\.([\d]+)/) )
sk = m[1].to_i
sv = m[2].to_i
else
sk = 1
sv = 1
end
f = File.open(opts['f'], "r")
exit if !f
ok,fail = process_file(f,sk,sv)
printf("\nOK: %d FAIL: %d :-%s\n",ok,fail, fail==0 ? ')':'(')

24
host/shavs_test2.rb
View File

@ -241,12 +241,13 @@ end
# -f <file> also read config from <file>
# -i <n> skip until test nr. <n>
# -j <n> start with testfile <n>
# -o use just one testfile
# -h ???
# -d enable debug mode
# -c ???
# -a ???
opts = Getopt::Std.getopts("s:f:i:j:hdca")
opts = Getopt::Std.getopts("s:f:i:j:hdcao")
conf = Hash.new
conf = readconfigfile("/etc/testport.conf", conf)
@ -306,16 +307,16 @@ algo_tasks.each do |algoa|
puts("No test-set defined for #{algo} \r\n")
next
else
i=0
i = opts["j"].to_i if opts["j"]
logfile=File.open(conf["PORT"]["testlogbase"]+algo+".txt", "a")
while conf[algo]["file_#{i}"] != nil
puts("Testing #{algo} with #{conf[algo]["file_#{i}"]}")
reset_system()
init_system(algoa[1])
skip=0
skip=opts["i"].to_i if opts["i"]
nerrors=run_test(conf[algo]["file_#{i}"], skip)
i=0
i = opts["j"].to_i if opts["j"]
logfile=File.open(conf["PORT"]["testlogbase"]+algo+".txt", "a")
while conf[algo]["file_#{i}"] != nil
puts("Testing #{algo} with #{conf[algo]["file_#{i}"]}")
reset_system()
init_system(algoa[1])
skip=0
skip=opts["i"].to_i if opts["i"]
nerrors=run_test(conf[algo]["file_#{i}"], skip)
if nerrors == 0
puts("\n[ok]")
logfile.puts("[ok] "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
@ -324,6 +325,7 @@ algo_tasks.each do |algoa|
logfile.puts("[error] "+nerrors.to_s+" "+conf[algo]["file_#{i}"]+ " ("+Time.now.to_s()+")")
end
i = i+1
break if opts["o"]
end
logfile.close()
end

6
jh/jh_simple_speed_core.c
View File

@ -33,15 +33,15 @@
static
void jh_round(uint8_t* a, uint8_t roundno){
uint8_t b[128];
uint8_t i,r,u,v,x,y;
uint8_t i,r=0,u,v,x,y;
const uint8_t *pr;
pr = jh_round_const + 32*roundno;
for(i=0; i<128; ++i){
if(i%4==0){
r = *pr++;
}
b[i]=jh_lutbox[((r&0xC0)<<2)|a[i]];
r<<=2;
b[i] = jh_lutbox[((r&0xC0)<<2)|a[i]];
r <<= 2;
}
for(i=0;i<128;++i){
u = jh_permutation_table[2*i];

23
md5/md5.c
View File

@ -81,7 +81,7 @@ void md5_core(uint32_t* a, void* block, uint8_t as, uint8_t s, uint8_t i, uint8_
cli_hexdump(&i, 1); cli_putc(']');
#endif
t = a[as] + funcs[fi](a[(as+1)&3], a[(as+2)&3], a[(as+3)&3])
+ *((uint32_t*)block) + pgm_read_dword(md5_T+i) ;
+ *((uint32_t*)block) + md5_T[i] ;
a[as]=a[(as+1)&3] + ROTL32(t, s);
}
@ -139,32 +139,35 @@ void md5_nextBlock(md5_ctx_t *state, const void* block){
void md5_lastBlock(md5_ctx_t *state, const void* block, uint16_t length_b){
uint16_t l;
uint8_t b[64];
union {
uint8_t v8[64];
uint64_t v64[ 8];
} buffer;
while (length_b >= 512){
md5_nextBlock(state, block);
length_b -= 512;
block = ((uint8_t*)block) + 512/8;
}
memset(b, 0, 64);
memcpy(b, block, length_b/8);
memset(buffer.v8, 0, 64);
memcpy(buffer.v8, block, length_b/8);
/* insert padding one */
l=length_b/8;
if(length_b%8){
uint8_t t;
t = ((uint8_t*)block)[l];
t |= (0x80>>(length_b%8));
b[l]=t;
buffer.v8[l]=t;
}else{
b[l]=0x80;
buffer.v8[l]=0x80;
}
/* insert length value */
if(l+sizeof(uint64_t) >= 512/8){
md5_nextBlock(state, b);
md5_nextBlock(state, buffer.v8);
state->counter--;
memset(b, 0, 64-8);
memset(buffer.v8, 0, 64-8);
}
*((uint64_t*)&b[64-sizeof(uint64_t)]) = (state->counter * 512) + length_b;
md5_nextBlock(state, b);
buffer.v64[7] = (state->counter * 512) + length_b;
md5_nextBlock(state, buffer.v8);
}
void md5_ctx2hash(md5_hash_t* dest, const md5_ctx_t* state){

36
md5/md5_sbox.c Normal file
View File

@ -0,0 +1,36 @@
/* md5_sbox.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
const uint32_t md5_T[] = {
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf,
0x4787c62a, 0xa8304613, 0xfd469501, 0x698098d8, 0x8b44f7af,
0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e,
0x49b40821, 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, 0x21e1cde6,
0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8,
0x676f02d9, 0x8d2a4c8a, 0xfffa3942, 0x8771f681, 0x6d9d6122,
0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039,
0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, 0xf4292244, 0x432aff97,
0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d,
0x85845dd1, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 };

16
md5/md5_sbox.h
View File

@ -20,21 +20,7 @@
#define MD5_SBOX_H_
#include <stdint.h>
#include <avr/pgmspace.h>
uint32_t md5_T[] PROGMEM = {
0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, 0xf57c0faf,
0x4787c62a, 0xa8304613, 0xfd469501, 0x698098d8, 0x8b44f7af,
0xffff5bb1, 0x895cd7be, 0x6b901122, 0xfd987193, 0xa679438e,
0x49b40821, 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8, 0x21e1cde6,
0xc33707d6, 0xf4d50d87, 0x455a14ed, 0xa9e3e905, 0xfcefa3f8,
0x676f02d9, 0x8d2a4c8a, 0xfffa3942, 0x8771f681, 0x6d9d6122,
0xfde5380c, 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05, 0xd9d4d039,
0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, 0xf4292244, 0x432aff97,
0xab9423a7, 0xfc93a039, 0x655b59c3, 0x8f0ccc92, 0xffeff47d,
0x85845dd1, 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 };
extern const uint32_t md5_T[];
#endif /*MD5_SBOX_H_*/

12
mkfiles/md5_c.mk Normal file
View File

@ -0,0 +1,12 @@
# Makefile for MD5
ALGO_NAME := MD5_C
# comment out the following line for removement of MD5 from the build process
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hfal/ md5/
$(ALGO_NAME)_OBJ := md5.o md5_sbox.o
$(ALGO_NAME)_TESTBIN := main-md5-test.o hfal_md5.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

6
mkfiles/rsa_oaep.mk → mkfiles/rsaes_oaep.mk
View File

@ -1,13 +1,13 @@
# Makefile for RSA
ALGO_NAME := RSA_OAEP
ALGO_NAME := RSAES_OAEP
# comment out the following line for removement of RSA from the build process
PK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ hfal/ sha1/ mgf1/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsa_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-rsa_oaep-test.o $(CLI_STD) random_dummy.o \
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_oaep.o mgf1.o hfal-basic.o hfal_sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-rsaes_oaep-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

14
mkfiles/rsaes_pkcs1v15.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for RSA
ALGO_NAME := RSAES_PKCS1V15
# comment out the following line for removement of RSA from the build process
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsaes_pkcs1v15.o
$(ALGO_NAME)_TESTBIN := main-rsaes_pkcs1v15-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

14
mkfiles/rsassa_pkcs1v15.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for RSA
ALGO_NAME := RSASSA_PKCS1V15
# comment out the following line for removement of RSA from the build process
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := rsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ noekeon/ sha1/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o rsa_basic.o rsassa_pkcs1v15.o
$(ALGO_NAME)_TESTBIN := main-rsassa_pkcs1v15-test.o $(CLI_STD) random_dummy.o \
noekeon.o noekeon_prng.o memxor.o sha1.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

3
mkfiles/zzz_lib.mk
View File

@ -17,6 +17,7 @@ LIB_ALGOS:= \
JH_SIMPLE_SMALL_C \
KECCAK_C \
KHAZAD_SMALL_C \
MD5_C \
MICKEY128 \
NOEKEON_C \
PRESENT \
@ -24,6 +25,8 @@ LIB_ALGOS:= \
RABBIT_C \
RC5 \
RC6 \
RSAES_OAEP \
RSAES_PKCS1V15 \
SALSA20_C \
SEED_C \
SERPENT_BITSLICE \

26
present/present.c
View File

@ -30,18 +30,18 @@
#include "present.h"
static uint8_t sbox(uint8_t b){
uint8_t sb[]={0xC, 0x5, 0x6, 0xB,
0x9, 0x0, 0xA, 0xD,
0x3, 0xE, 0xF, 0x8,
0x4, 0x7, 0x1, 0x2 };
const uint8_t sb[]={ 0xC, 0x5, 0x6, 0xB,
0x9, 0x0, 0xA, 0xD,
0x3, 0xE, 0xF, 0x8,
0x4, 0x7, 0x1, 0x2 };
return (((sb[b>>4])<<4)|(sb[b&0xf]));
}
static uint8_t sbox_inv(uint8_t b){
uint8_t sb[]={0x5, 0xE, 0xF, 0x8,
0xC, 0x1, 0x2, 0xD,
0xB, 0x4, 0x6, 0x3,
0x0, 0x7, 0x9, 0xA };
const uint8_t sb[]={ 0x5, 0xE, 0xF, 0x8,
0xC, 0x1, 0x2, 0xD,
0xB, 0x4, 0x6, 0x3,
0x0, 0x7, 0x9, 0xA };
return (((sb[b>>4])<<4)|(sb[b&0xf]));
}
@ -73,10 +73,14 @@ static void p_inv(uint8_t* o, uint8_t* i){
void present_init(const uint8_t* key, uint8_t keysize_b, present_ctx_t* ctx){
uint8_t tmp[2];
union {
uint8_t v8[10];
union __attribute__((packed)) {
uint8_t v8[10];
uint64_t v64;
uint16_t v16[5];
struct __attribute__((packed)) {
uint8_t v8[1];
uint16_t v16[4];
} off1;
} b;
uint8_t i;
memcpy(b.v8, key, 10);
@ -95,7 +99,7 @@ void present_init(const uint8_t* key, uint8_t keysize_b, present_ctx_t* ctx){
/* rotating done now substitution */
b.v8[9] = (sbox(b.v8[9])&0xF0) | ((b.v8[9])&0x0F);
/* xor with round counter */
*((uint16_t*)(b.v8+1)) ^= (uint16_t)i<<7;
b.off1.v16[0] ^= (uint16_t)i<<7;
memcpy(&(ctx->k[i]), b.v8+2, 8);
}
}

33
rsa/rsa_basic.c
View File

@ -32,7 +32,7 @@
#include "string-extras.h"
#endif
void rsa_enc(bigint_t* data, rsa_publickey_t* key){
void rsa_enc(bigint_t* data, const rsa_publickey_t* key){
/*
cli_putstr("\r\n -->rsa_enc()\r\n m = ");
bigint_print_hex(data);
@ -41,7 +41,7 @@ void rsa_enc(bigint_t* data, rsa_publickey_t* key){
cli_putstr("\r\n n = ");
bigint_print_hex(key->modulus);
*/
bigint_expmod_u(data, data, key->exponent, key->modulus);
bigint_expmod_u(data, data, &key->exponent, &key->modulus);
}
/*
@ -52,47 +52,47 @@ h = (m1 - m2) * qinv % p
m = m2 + q * h
*/
uint8_t rsa_dec_crt_mono(bigint_t* data, rsa_privatekey_t* key){
uint8_t rsa_dec_crt_mono(bigint_t* data, const rsa_privatekey_t* key){
bigint_t m1, m2;
m1.wordv = malloc(key->components[0]->length_B * sizeof(bigint_word_t));
m2.wordv = malloc(key->components[1]->length_B * sizeof(bigint_word_t));
m1.wordv = malloc(key->components[0].length_B * sizeof(bigint_word_t));
m2.wordv = malloc(key->components[1].length_B * sizeof(bigint_word_t));
if(!m1.wordv || !m2.wordv){
#if DEBUG
cli_putstr("\r\nERROR: OOM!");
#endif
free(m1.wordv);
free(m2.wordv);
free(m1.wordv);
return 1;
}
#if DEBUG
cli_putstr("\r\nDBG: expmod m1 ...");
#endif
bigint_expmod_u(&m1, data, key->components[2], key->components[0]);
bigint_expmod_u(&m1, data, &key->components[2], &key->components[0]);
#if DEBUG
cli_putstr("expmod m2 ...");
#endif
bigint_expmod_u(&m2, data, key->components[3], key->components[1]);
bigint_expmod_u(&m2, data, &key->components[3], &key->components[1]);
bigint_sub_s(&m1, &m1, &m2);
while(BIGINT_NEG_MASK & m1.info){
bigint_add_s(&m1, &m1, key->components[0]);
bigint_add_s(&m1, &m1, &key->components[0]);
}
#if DEBUG
cli_putstr("\r\nDBG: reduce-mul ...");
#endif
bigint_reduce(&m1, key->components[0]);
bigint_mul_u(data, &m1, key->components[4]);
bigint_reduce(data, key->components[0]);
bigint_mul_u(data, data, key->components[1]);
bigint_reduce(&m1, &key->components[0]);
bigint_mul_u(data, &m1, &key->components[4]);
bigint_reduce(data, &key->components[0]);
bigint_mul_u(data, data, &key->components[1]);
bigint_add_u(data, data, &m2);
free(m1.wordv);
free(m2.wordv);
free(m1.wordv);
return 0;
}
uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key){
uint8_t rsa_dec(bigint_t* data, const rsa_privatekey_t* key){
if(key->n == 1){
bigint_expmod_u(data, data, key->components[0], key->modulus);
bigint_expmod_u(data, data, &key->components[0], &key->modulus);
return 0;
}
if(key->n == 5){
@ -139,6 +139,7 @@ void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B){
cli_hexdump_rev(&(dest->length_B), 2);
#endif
#endif
dest->info = 0;
bigint_changeendianess(dest);
bigint_adjust(dest);
}

12
rsa/rsa_basic.h
View File

@ -23,14 +23,14 @@
#include "bigint.h"
typedef struct {
bigint_t* exponent;
bigint_t* modulus;
bigint_t exponent;
bigint_t modulus;
} rsa_publickey_t;
typedef struct {
uint8_t n;
bigint_t* modulus;
bigint_t** components;
bigint_t modulus;
bigint_t* components;
} rsa_privatekey_t;
@ -40,8 +40,8 @@ typedef struct {
} rsa_fullkey_t;
void rsa_enc(bigint_t* data, rsa_publickey_t* key);
uint8_t rsa_dec(bigint_t* data, rsa_privatekey_t* key);
void rsa_enc(bigint_t* data, const rsa_publickey_t* key);
uint8_t rsa_dec(bigint_t* data, const rsa_privatekey_t* key);
void rsa_os2ip(bigint_t* dest, const void* data, uint32_t length_B);
void rsa_i2osp(void* dest, bigint_t* src, uint16_t* out_length_B);

228
rsa/rsa_oaep.c
View File

@ -1,228 +0,0 @@
/* rsa_oaep.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "memxor.h"
#include "mgf1.h"
#include "bigint.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "random_dummy.h"
#include "hfal/hfal_sha1.h"
#include "cli.h"
#include "uart_lowlevel.h"
mgf1_parameter_t mgf1_default_parameter = {
&sha1_desc
};
rsa_oaep_parameter_t rsa_oaep_default_parameter = {
mgf1,
&sha1_desc,
&mgf1_default_parameter
};
rsa_label_t rsa_oaep_default_label = {
0, NULL
};
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(key->modulus);
/*
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus->length_B, 2);
*/
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
// cli_putstr("\r\n off = ");
// cli_hexdump_byte(off);
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(dest, 0, seed_buffer - buffer + off);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
// cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
// cli_putstr("\r\n msg (raw, post-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
x.wordv = dest;
bigint_adjust(&x);
rsa_os2ip(&x, NULL, bigint_length_B(key->modulus));
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed){
// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
if(!label){
label = &rsa_oaep_default_label;
}
if(!p){
p = &rsa_oaep_default_parameter;
}
uint16_t x_len, data_len;
bigint_t x;
uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
uint8_t label_hv[hv_len];
uint16_t msg_len = bigint_get_first_set_bit(key->modulus) / 8 + 1;
uint16_t db_len = msg_len - hv_len - 1;
uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
uint8_t *seed_buffer = dest;
uint8_t *db_buffer = seed_buffer + hv_len;
x_len = bigint_get_first_set_bit(key->modulus)/8;
memset(dest, 0, bigint_length_B(key->modulus) - length_B);
memcpy((uint8_t*)dest + bigint_length_B(key->modulus) - length_B, src, length_B);
// cli_putc('a'); uart_flush(0);
x.wordv = dest;
x.length_B = key->modulus->length_B;
x.info = 0;
bigint_adjust(&x);
// cli_putc('b'); uart_flush(0);
rsa_os2ip(&x, NULL, bigint_length_B(key->modulus));
// cli_putc('c'); uart_flush(0);
rsa_dec(&x, key);
// cli_putc('d'); uart_flush(0);
rsa_i2osp(NULL, &x, &data_len);
// cli_putstr("\r\n msg (raw, pre-move):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
if(data_len > x_len){
return 7;
}
/*
cli_putstr("\r\n moving some bytes; x_len = ");
cli_hexdump_rev(&x_len, 2);
cli_putstr(" data_len = ");
cli_hexdump_rev(&data_len, 2);
uart_flush(0);
*/
if(x_len != data_len){
memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
// cli_putstr(" (oh, not dead yet?!)");
// uart_flush(0);
memset(dest, 0, x_len - data_len);
}
hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
/*
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
uart_flush(0);
*/
p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db_buffer, maskbuffer, db_len);
if(memcmp(label_hv, db_buffer, hv_len)){
// cli_putstr("\r\nDBG: DB:\r\n");
// cli_hexdump_block(db_buffer, db_len, 4, 16);
return 2;
}
uint16_t ps_len=0;
while(db_buffer[hv_len + ps_len++] == 0)
;
--ps_len;
if(db_buffer[hv_len + ps_len] != 1){
return 3;
}
if(seed){
memcpy(seed, seed_buffer, hv_len);
}
msg_len = db_len - hv_len - 1 - ps_len;
memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
*out_length = msg_len;
return 0;
}

54
rsa/rsa_oaep.h
View File

@ -1,54 +0,0 @@
/* rsa_oaep.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSA_OAEP_H_
#define RSA_OAEP_H_
#include <stdint.h>
#include "mgf1.h"
void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
typedef struct {
void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
const hfdesc_t* hf;
mgf1_parameter_t* mgf_parameter;
} rsa_oaep_parameter_t;
typedef struct {
uint16_t length_b;
const void* label;
} rsa_label_t;
extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
extern rsa_label_t rsa_oaep_default_label;
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed);
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed);
#endif /* RSA_OAEP_H_ */

142
rsa/rsa_pkcs15.c
View File

@ -1,142 +0,0 @@
/* rsa_pkcs15.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "bigint.h"
#include "rsa_basic.h"
#define DEBUG 0
#if DEBUG
#include "bigint_io.h"
#include "cli.h"
#endif
#include "random_dummy.h"
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B){
return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
}
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_publickey_t* key, const void* pad){
int16_t pad_length;
bigint_t x;
pad_length = rsa_pkcs15_compute_padlength_B(key->modulus, length_B);
if(pad_length<8){
#if DEBUG
cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
cli_hexdump_rev(&pad_length, 2);
#endif
return 2; /* message to long */
}
if(!pad){
#if DEBUG
cli_putstr("\r\nauto-generating pad ...");
#endif
uint16_t i;
uint8_t c;
for(i=0; i<pad_length; ++i){
do{
c = prng_get_byte();
}while(c==0);
((uint8_t*)dest)[i+2] = c;
}
}else{
#if DEBUG
cli_putstr("\r\nsupplied pad: ");
cli_hexdump_block(pad, pad_length, 4, 16);
#endif
memcpy((uint8_t*)dest + 2, pad, pad_length);
}
((uint8_t*)dest)[0] = 0x00;
((uint8_t*)dest)[1] = 0x02;
((uint8_t*)dest)[2+pad_length] = 0x00;
memcpy((uint8_t*)dest+3+pad_length, src, length_B);
x.wordv = dest;
x.length_B = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
#if DEBUG
cli_putstr("\r\nx-data: ");
cli_hexdump_block(x.wordv, x.length_B * sizeof(bigint_word_t), 4, 16);
#endif
bigint_adjust(&x);
rsa_os2ip(&x, NULL, length_B+pad_length+3);
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_privatekey_t* key, void* pad){
bigint_t x;
uint16_t m_length, pad_length=0, idx=0;
x.wordv = dest;
rsa_os2ip(&x, src, length_B);
#if DEBUG
cli_putstr("\r\ncalling rsa_dec() ...");
cli_putstr("\r\nencoded block (src.len = 0x");
cli_hexdump_rev(&length_B, 2);
cli_putstr("):");
cli_hexdump_block(x.wordv, x.length_B * sizeof(bigint_word_t), 4, 16);
#endif
rsa_dec(&x, key);
#if DEBUG
cli_putstr("\r\nfinished rsa_dec() ...");
#endif
rsa_i2osp(NULL, &x, &m_length);
#if DEBUG
cli_putstr("\r\ndecoded block:");
cli_hexdump_block(x.wordv, m_length, 4, 16);
#endif
while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
++idx;
}
if(idx>=m_length){
return 1;
}
if(((uint8_t*)x.wordv)[idx]!=2){
return 3;
}
++idx;
while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)<m_length){
++pad_length;
}
if(pad_length<8 || (idx+pad_length)>=m_length){
return 2;
}
*out_length = m_length - idx - pad_length - 1;
if(pad){
#if DEBUG
cli_putstr("\r\npadding block:");
cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
cli_putstr("\r\npad @ 0x");
cli_hexdump_rev(&pad, 2);
cli_putstr("\r\ndst @ 0x");
cli_hexdump_rev(&dest, 2);
#endif
memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
}
memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
return 0;
}

35
rsa/rsa_pkcs15.h
View File

@ -1,35 +0,0 @@
/* rsa_pkcs15.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSA_PKCS15_H_
#define RSA_PKCS15_H_
#include <stdint.h>
#include "bigint.h"
uint16_t rsa_pkcs15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
uint8_t rsa_encrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_publickey_t* key, const void* pad);
uint8_t rsa_decrypt_pkcs15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, rsa_privatekey_t* key, void* pad);
#endif /* RSA_PKCS15_H_ */

197
rsa/rsassa_pkcs1v15.c Normal file
View File

@ -0,0 +1,197 @@
/* rsassa_pkcs1v15.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "rsa_basic.h"
#include "bigint.h"
#include "rsassa_pkcs1v15.h"
#include "cli.h"
const uint8_t md5_prefix[] =
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00,
0x04, 0x10
};
const pkcs1v15_algo_prefix_t pkcs1v15_md5_prefix = {
18, md5_prefix
};
const uint8_t sha1_prefix[] =
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};
const pkcs1v15_algo_prefix_t pkcs1v15_sha1_prefix = {
15, sha1_prefix
};
const uint8_t sha224_prefix[] =
{ 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,
0x00, 0x04, 0x1c
};
const pkcs1v15_algo_prefix_t pkcs1v15_sha224_prefix = {
19, sha224_prefix
};
const uint8_t sha256_prefix[] =
{ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20
};
const pkcs1v15_algo_prefix_t pkcs1v15_sha256_prefix = {
19, sha256_prefix
};
const uint8_t sha384_prefix[] =
{ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
0x00, 0x04, 0x30
};
const pkcs1v15_algo_prefix_t pkcs1v15_sha384_prefix = {
19, sha384_prefix
};
const uint8_t sha512_prefix[] =
{ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
0x00, 0x04, 0x40
};
const pkcs1v15_algo_prefix_t pkcs1v15_sha512_prefix = {
19, sha512_prefix
};
/*
MD2: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 02 05 00 04 10
MD5: (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10
SHA-1: (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14
SHA-224: (0x)30 2d 30 0d 06 09 60 86 48 01 65 03 04 02 04 05 00 04 1c
SHA-256: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
SHA-384: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 02 05 00 04 30
SHA-512: (0x)30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40
*/
static
uint8_t emsa_pkcs1v15_encode(void* dest, uint16_t dest_length_B, const void* hash,
uint16_t hash_length_B, const pkcs1v15_algo_prefix_t* algo_prefix){
uint16_t ps_length;
if(dest_length_B < algo_prefix->length + hash_length_B + 3 + 8){
return 1;
}
ps_length = dest_length_B - (algo_prefix->length + hash_length_B + 3);
((uint8_t*)dest)[0] = 0x00;
((uint8_t*)dest)[1] = 0x01;
((uint8_t*)dest)[2 + ps_length] = 0x00;
memset((uint8_t*)dest + 2, 0xff, ps_length);
memcpy((uint8_t*)dest + 3 + ps_length, algo_prefix->data, algo_prefix->length);
memcpy((uint8_t*)dest + 3 + ps_length + algo_prefix->length, hash, hash_length_B);
return 0;
}
uint8_t rsa_sign_pkcs1v15(void* dest, uint16_t* out_length_B, const void* hash,
uint16_t hash_length_B, const rsa_privatekey_t* key,
const pkcs1v15_algo_prefix_t* algo_prefix){
uint8_t r;
uint16_t modulus_length;
bigint_t x;
modulus_length = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
r = emsa_pkcs1v15_encode(dest, modulus_length, hash, hash_length_B, algo_prefix);
if(r){
return r;
}
x.wordv = dest;
rsa_os2ip(&x, NULL, modulus_length);
rsa_dec(&x, key);
rsa_i2osp(NULL, &x, out_length_B);
return 0;
}
uint8_t rsa_verify_pkcs1v15(const void* signature, uint16_t signature_length_B,
const void* hash, uint16_t hash_length_B, const rsa_publickey_t* key,
const pkcs1v15_algo_prefix_t* algo_prefix){
uint16_t modulus_length;
uint16_t signature_em_length, ps_length;
bigint_t x;
modulus_length = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
#if PREFERE_HEAP
uint8_t *buffer;
buffer = malloc(bigint_length_B(&key->modulus));
if(!buffer){
return 0x80;
}
#else
uint8_t buffer[bigint_length_B(&key->modulus)];
#endif
/*
cli_putstr("\r\nDBG: signature_length_B: 0x");
cli_hexdump_rev(&signature_length_B, 2);
cli_putstr("\r\nDBG: modulus_length_B: 0x");
cli_hexdump_rev(&modulus_length, 2);
*/
x.wordv = (bigint_word_t*)buffer;
rsa_os2ip(&x, signature, signature_length_B);
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, &signature_em_length);
/*
cli_putstr("\r\nDBG: signature_em_length_B: 0x");
cli_hexdump_rev(&signature_em_length, 2);
*/
if(signature_em_length + 1 != modulus_length){
return 1;
}
if(memcmp(buffer + modulus_length - hash_length_B - 1, hash, hash_length_B)){
return 2;
}
ps_length = modulus_length - (algo_prefix->length + hash_length_B + 3);
if((int16_t)ps_length < 8){
return 3;
}
if(memcmp(buffer + 2 + ps_length, algo_prefix->data, algo_prefix->length)){
return 4;
}
if(buffer[0] != 1){
return 6;
}
if(buffer[1 + ps_length] != 0){
return 7;
}
do{
if(buffer[ps_length] != 0xff){
return 8;
}
}while(--ps_length);
#if PREFERE_HEAP
free(buffer);
#endif
return 0;
}

46
rsa/rsassa_pkcs1v15.h Normal file
View File

@ -0,0 +1,46 @@
/* rsassa_pkcs1v15.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSASSA_PKCS1V15_H_
#define RSASSA_PKCS1V15_H_
#include <stdint.h>
#include "rsa_basic.h"
typedef struct {
const uint8_t length;
const uint8_t *data;
} pkcs1v15_algo_prefix_t;
extern const pkcs1v15_algo_prefix_t pkcs1v15_md5_prefix;
extern const pkcs1v15_algo_prefix_t pkcs1v15_sha1_prefix;
extern const pkcs1v15_algo_prefix_t pkcs1v15_sha224_prefix;
extern const pkcs1v15_algo_prefix_t pkcs1v15_sha256_prefix;
extern const pkcs1v15_algo_prefix_t pkcs1v15_sha384_prefix;
extern const pkcs1v15_algo_prefix_t pkcs1v15_sha512_prefix;
uint8_t rsa_sign_pkcs1v15(void* dest, uint16_t* out_length_B, const void* hash,
uint16_t hash_length_B, const rsa_privatekey_t* key,
const pkcs1v15_algo_prefix_t* algo_prefix);
uint8_t rsa_verify_pkcs1v15(const void* signature, uint16_t signature_length_B,
const void* hash, uint16_t hash_length_B, const rsa_publickey_t* key,
const pkcs1v15_algo_prefix_t* algo_prefix);
#endif /* RSASSA_PKCS1V15_H_ */

30
salsa20/salsa20.c
View File

@ -110,31 +110,31 @@ void salsa20_genBlock128(void* dest, const void* k, const void* iv, uint64_t i){
void salsa20_init(void* key, uint16_t keylength_b, void* iv, salsa20_ctx_t* ctx){
if(keylength_b==256){
memcpy((ctx->a+ 0), sigma+ 0, 4);
memcpy((ctx->a+20), sigma+ 4, 4);
memcpy((ctx->a+40), sigma+ 8, 4);
memcpy((ctx->a+44), (uint8_t*)key+16, 16);
memcpy((ctx->a+60), sigma+12, 4);
memcpy((ctx->a.v8+ 0), sigma+ 0, 4);
memcpy((ctx->a.v8+20), sigma+ 4, 4);
memcpy((ctx->a.v8+40), sigma+ 8, 4);
memcpy((ctx->a.v8+44), (uint8_t*)key+16, 16);
memcpy((ctx->a.v8+60), sigma+12, 4);
}else{
memcpy((ctx->a+ 0), theta+ 0, 4);
memcpy((ctx->a+20), theta+ 4, 4);
memcpy((ctx->a+40), theta+ 8, 4);
memcpy((ctx->a+44), (uint8_t*)key+ 0, 16);
memcpy((ctx->a+60), theta+12, 4);
memcpy((ctx->a.v8+ 0), theta+ 0, 4);
memcpy((ctx->a.v8+20), theta+ 4, 4);
memcpy((ctx->a.v8+40), theta+ 8, 4);
memcpy((ctx->a.v8+44), (uint8_t*)key+ 0, 16);
memcpy((ctx->a.v8+60), theta+12, 4);
}
memcpy((ctx->a+ 4), key, 16);
memset((ctx->a+24), 0, 16);
memcpy((ctx->a.v8+ 4), key, 16);
memset((ctx->a.v8+24), 0, 16);
if(iv){
memcpy((ctx->a+24), iv, 8);
memcpy((ctx->a.v8+24), iv, 8);
}
ctx->buffer_idx=64;
}
uint8_t salsa20_gen(salsa20_ctx_t* ctx){
if(ctx->buffer_idx==64){
memcpy(ctx->buffer, ctx->a, 64);
memcpy(ctx->buffer, ctx->a.v8, 64);
salsa20_hash((uint32_t*)(ctx->buffer));
*((uint64_t*)(ctx->a+32)) += 1;
ctx->a.v64[4] += 1;
ctx->buffer_idx = 0;
}
return ctx->buffer[ctx->buffer_idx++];

5
salsa20/salsa20.h
View File

@ -23,7 +23,10 @@
#include <stdint.h>
typedef struct{
uint8_t a[64];
union {
uint8_t v8[64];
uint64_t v64[ 8];
} a;
uint8_t buffer[64];
uint8_t buffer_idx;
} salsa20_ctx_t;

4
sha1/sha1.c
View File

@ -183,7 +183,7 @@ void sha1_lastBlock(sha1_ctx_t *state, const void* block, uint16_t length){
/********************************************************************************************************/
void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state){
void sha1_ctx2hash (void *dest, sha1_ctx_t *state){
#if defined LITTLE_ENDIAN
uint8_t i;
for(i=0; i<5; ++i){
@ -202,7 +202,7 @@ void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state){
*
*
*/
void sha1 (sha1_hash_t *dest, const void* msg, uint32_t length){
void sha1 (void *dest, const void* msg, uint32_t length){
sha1_ctx_t s;
sha1_init(&s);
while(length & (~0x0001ff)){ /* length>=512 */

7
sha1/sha1.h
View File

@ -65,8 +65,9 @@ typedef struct {
* \brief hash value type
* A variable of this type may hold a SHA-1 hash value
*/
/*
typedef uint8_t sha1_hash_t[SHA1_HASH_BITS/8];
*/
/** \fn sha1_init(sha1_ctx_t *state)
* \brief initializes a SHA-1 context
* This function sets a ::sha1_ctx_t variable to the initialization vector
@ -100,7 +101,7 @@ void sha1_lastBlock (sha1_ctx_t *state, const void* block, uint16_t length_b);
* \param dest pointer to the hash value destination
* \param state pointer to the hash context
*/
void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state);
void sha1_ctx2hash (void *dest, sha1_ctx_t *state);
/** \fn sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b)
* \brief hashing a message which in located entirely in RAM
@ -110,7 +111,7 @@ void sha1_ctx2hash (sha1_hash_t *dest, sha1_ctx_t *state);
* \param msg pointer to the message which should be hashed
* \param length_b length of the message in bits
*/
void sha1(sha1_hash_t *dest, const void* msg, uint32_t length_b);
void sha1(void *dest, const void* msg, uint32_t length_b);

2
test_src/dbz_strings.c
View File

@ -47,7 +47,7 @@ uint8_t dbz_strcount(const char* str){
/******************************************************************************/
void dbz_splitup(char* dbzstr, char** strings){
void dbz_splitup(const char* dbzstr, const char** strings){
if(*dbzstr=='\0' && *(dbzstr+1)=='\0')
return;
*strings++ = dbzstr;

2
test_src/dbz_strings.h
View File

@ -50,6 +50,6 @@ uint8_t dbz_strcount(const char* str);
* \param dbzstr pointer to the double-zero-terminated string
* \param strings pointer to the array of strings (char pointers)
*/
void dbz_splitup(char* dbzstr, char** strings);
void dbz_splitup(const char* dbzstr, const char** strings);
#endif /*DBZ_STRINGS_H_*/

32
test_src/main-md5-test.c
View File

@ -20,11 +20,7 @@
* md5 test suit
*
*/
#include "config.h"
#include "uart_i.h"
#include "debug.h"
#include "main-test-common.h"
#include "md5.h"
#include "nessie_hash_test.h"
@ -32,14 +28,9 @@
#include "hfal_md5.h"
#include "hfal-performance.h"
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "cli.h"
char* algo_name = "MD5";
const hfdesc_t* algolist[] PROGMEM = {
const hfdesc_t* algolist[] = {
(hfdesc_t*)&md5_desc,
NULL
};
@ -126,12 +117,12 @@ void testrun_performance_md5(void){
* main *
*****************************************************************************/
const char nessie_str[] PROGMEM = "nessie";
const char test_str[] PROGMEM = "test";
const char performance_str[] PROGMEM = "performance";
const char echo_str[] PROGMEM = "echo";
const char nessie_str[] = "nessie";
const char test_str[] = "test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] PROGMEM = {
cmdlist_entry_t cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_md5},
{ test_str, NULL, testrun_md5},
{ performance_str, NULL, testrun_performance_md5},
@ -140,15 +131,10 @@ cmdlist_entry_t cmdlist[] PROGMEM = {
};
int main (void){
DEBUG_INIT();
main_setup();
cli_rx = (cli_rx_fpt)uart0_getc;
cli_tx = (cli_tx_fpt)uart0_putc;
testrun_md5();
for(;;){
cli_putstr("\r\n\r\nCrypto-VS (");
cli_putstr(algo_name);
cli_putstr(")\r\nloaded and running\r\n");
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

841
test_src/main-rsa_oaep-test.c
View File

@ -1,841 +0,0 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* RSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsa_oaep.h"
#include "performance_test.h"
const char* algo_name = "RSA-OAEP";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
#if 0
/* ==================================
* Example 1: A 1024-bit RSA Key Pair
* ================================== */
/* ------------------------------
* Components of the RSA Key Pair
* ------------------------------ */
/* RSA modulus n: */
const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
/* RSA public exponent e: */
const uint8_t public_exponent[] = {
0x00, 0x01, 0x00, 0x01
};
/* RSA private exponent d: */
const uint8_t private_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
/* Prime p: */
const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
/* Prime q: */
const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
/* p's CRT exponent dP: */
const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
/* q's CRT exponent dQ: */
const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
/* CRT coefficient qInv: */
const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
};
/* ---------------------------------
* RSAES-OAEP Encryption Example 1.1
* --------------------------------- */
/* Message to be, encrypted: */
const uint8_t message[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
/* Seed: */
const uint8_t seed[] = {
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
0xdd, 0xa0, 0xa5, 0xef
};
/* Encryption: */
const uint8_t encrypted[] = {
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
};
/* Message to be encrypted: */
const uint8_t message2[] = {
0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
};
/* Seed: */
const uint8_t seed2[] = {
0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
0xfe, 0x4f, 0xe3, 0x5f
};
/* Encryption: */
const uint8_t encrypted2[] = {
0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
};
/**********************************************************************************************/
/* ---------------------------------
* RSAES-OAEP Encryption Example 2.1
* --------------------------------- */
/* Message to be encrypted: */
const uint8_t message3[] = {
0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6,
0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7
};
/* Seed: */
const uint8_t seed3[] = {
0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94,
0xe7, 0x1b, 0x17, 0x82
};
/* Encryption: */
const uint8_t encrypted3[] = {
0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99,
0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a,
0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a,
0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34,
0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d,
0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a,
0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f,
0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72,
0x0e
};
#endif
/**********************************************************************************************/
/* ---------------------------------
* RSAES-OAEP Encryption Example 2.4
* --------------------------------- */
/* Message to be encrypted: */
const uint8_t message4[] = {
0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f,
0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21,
0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c,
0x15, 0x3a, 0x10, 0xf0, 0x0a
};
/* Seed: */
const uint8_t seed4[] = {
0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3,
0x80, 0x5a, 0x81, 0x56
};
/* Encryption: */
const uint8_t encrypted4[] = {
/* 0x00,*/ 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57,
0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c,
0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca,
0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b,
0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8,
0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76,
0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde,
0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76,
0x41
};
/**********************************************************************************************/
#if 1
/* RSA modulus n: */
const uint8_t modulus2[] = {
0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e,
0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba,
0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d,
0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d,
0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05,
0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66,
0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f,
0x45
};
/* RSA public exponent e: */
const uint8_t public_exponent2[] = {
0x01, 0x00, 0x01
};
/* RSA private exponent d: */
const uint8_t private_exponent2[] = {
0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa,
0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93,
0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47,
0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc,
0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0,
0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59,
0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25,
0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39
};
/* Prime p: */
const uint8_t p2[] = {
0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d,
0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0,
0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37,
0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a,
0x43
};
/* Prime q: */
const uint8_t q2[] = {
0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a,
0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4,
0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b,
0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b,
0xd7
};
/* p's CRT exponent dP: */
const uint8_t dp2[] = {
0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c,
0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f,
0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30,
0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55
};
/* q's CRT exponent dQ: */
const uint8_t dq2[] = {
0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c,
0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b,
0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91,
0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66,
0xff
};
/* CRT coefficient qInv: */
const uint8_t qinv2[] = {
0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73,
0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b,
0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15,
0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8
};
#endif
/**********************************************************************************************/
uint8_t keys_allocated = 0;
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
#if 0
#define MSG message
#define SEED seed
#define ENCRYPTED encrypted
#define MODULUS modulus
#define PUB_EXPONENT public_exponent
#define PRIV_EXPONENT private_exponent
#define P p
#define Q q
#define DP dp
#define DQ dq
#define QINV qinv
#else
#define MSG message4
#define SEED seed4
#define ENCRYPTED encrypted4
#define MODULUS modulus2
#define PUB_EXPONENT public_exponent2
#define PRIV_EXPONENT private_exponent2
#define P p2
#define Q q2
#define DP dp2
#define DQ dq2
#define QINV qinv2
#endif
uint8_t convert_nibble(uint8_t c){
if(c>='0' && c<='9'){
return c - '0';
}
c |= 'A' ^ 'a';
if(c>='a' && c<='f'){
return c - 'a' + 10;
}
return 0xff;
}
const char *block_ignore_string=" \t\r\n,;";
#define BUFFER_LIMIT 120
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
uint16_t counter = 0;
uint16_t c;
uint8_t v, tmp = 0, idx = 0;
if(!ignore_string){
ignore_string = block_ignore_string;
}
while(counter < length){
c = cli_getc();
if(c > 0xff){
return counter;
}
if(strchr(ignore_string, c)){
continue;
}
v = convert_nibble(c);
if(v > 0x0f){
return counter;
}
if(idx){
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
idx = 0;
if(counter % (BUFFER_LIMIT/2) == 0){
cli_putc('.');
}
}else{
tmp = v;
idx = 1;
}
}
return counter;
}
uint16_t own_atou(const char* str){
uint16_t r=0;
while(*str && *str >= '0' && *str <= '9'){
r *= 10;
r += *str++ - '0';
}
return r;
}
char* own_utoa(unsigned value, char* str, uint8_t radix){
char *p = str, *b = str;
char t;
div_t d;
if(radix>36){
return NULL;
}
if(value == 0){
*p++ = '0';
*p = '\0';
return str;
}
while(value){
d = div(value, radix);
value = d.quot;
if(d.rem < 10){
*p++ = '0' + d.rem;
}else{
*p++ = 'a' + d.rem - 10;
}
}
*p = '\0';
while(str<p){
t = *str;
*str++ = *--p;
*p = t;
}
return b;
}
uint8_t read_bigint(bigint_t* a, char* prompt){
uint16_t read_length, actual_length;
uint8_t off;
uint8_t *buffer;
char read_int_str[18];
cli_putstr(prompt);
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
read_length = own_atou(read_int_str);
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
if(!buffer){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
cli_putstr("\r\n data: ");
memset(buffer, 0, sizeof(bigint_word_t));
actual_length = read_os(buffer + off, read_length, NULL);
if(actual_length != read_length){
cli_putstr("\r\nERROR: unexpected end of data!");
free(buffer);
return 1;
}
a->wordv = (bigint_word_t*)buffer;
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
uint8_t pre_alloc_key_crt(void){
uint8_t c;
pub_key.modulus = malloc(sizeof(bigint_t));
if(!pub_key.modulus){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
priv_key.modulus = pub_key.modulus;
priv_key.n = 5;
priv_key.components = malloc(5 * sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
pub_key.exponent = malloc(sizeof(bigint_t));
if(!pub_key.exponent){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
for(c=0; c<5; ++c){
priv_key.components[c] = malloc(sizeof(bigint_t));
if(!priv_key.components[c]){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
}
return 0;
}
void free_key(void){
uint8_t c;
free(pub_key.modulus->wordv);
free(pub_key.exponent->wordv);
free(pub_key.modulus);
pub_key.modulus = priv_key.modulus = NULL;
free(pub_key.exponent);
pub_key.exponent = NULL;
for(c = 0; c < priv_key.n; ++c){
free(priv_key.components[c]->wordv);
free(priv_key.components[c]);
}
free(priv_key.components);
priv_key.components = NULL;
}
uint8_t read_key_crt(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = pre_alloc_key_crt();
if(r) return r;
r = read_bigint(pub_key.modulus,"\r\n = module =");
if(r) return r;
r = read_bigint(pub_key.exponent,"\r\n = public exponent =");
if(r) return r;
r = read_bigint(priv_key.components[0],"\r\n = p (first prime) =");
if(r) return r;
r = read_bigint(priv_key.components[1],"\r\n = q (second prime) =");
if(r) return r;
r = read_bigint(priv_key.components[2],"\r\n = dp (p's exponent) =");
if(r) return r;
r = read_bigint(priv_key.components[3],"\r\n = dq (q's exponent) =");
if(r) return r;
r = read_bigint(priv_key.components[4],"\r\n = qInv (q' coefficient) =");
return r;
}
uint8_t read_key_conv(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
pub_key.modulus = malloc(sizeof(bigint_t));
if(!pub_key.modulus){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
r = read_bigint(pub_key.modulus,"\r\n = module =");
if(r) return r;
priv_key.modulus = pub_key.modulus;
priv_key.n = 1;
pub_key.exponent = malloc(sizeof(bigint_t));
if(!pub_key.exponent){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
priv_key.components = malloc(sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
priv_key.components[0] = malloc(sizeof(bigint_t));
if(!priv_key.components[0]){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
r = read_bigint(pub_key.exponent,"\r\n = public exponent =");
if(r) return r;
r = read_bigint(priv_key.components[0],"\r\n = private exponent =");
return r;
}
void load_priv_conventional(void){
bigint_t *epriv;
epriv = malloc(sizeof(bigint_t));
if(!epriv){
cli_putstr("\r\nERROR: OOM!");
return;
}
epriv->length_B = (sizeof(PRIV_EXPONENT) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
epriv->wordv = malloc(epriv->length_B * sizeof(bigint_word_t));
if(!epriv->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(epriv->wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
priv_key.components = malloc(sizeof(bigint_t*));
priv_key.components[0] = epriv;
priv_key.n = 1;
bigint_changeendianess(epriv);
bigint_adjust(epriv);
}
void load_priv_crt_mono(void){
bigint_t **v;
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = malloc(5*sizeof(bigint_t*));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i] = malloc(sizeof(bigint_t));
v[i]->info = 0;
v[i]->length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i]->wordv = calloc(v[i]->length_B , sizeof(bigint_word_t));
if(!v[i]->wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i]->wordv, bv[i], sv[i]);
bigint_changeendianess(v[i]);
bigint_adjust(v[i]);
priv_key.components[i] = v[i];
}
}
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
a->length_B = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
a->wordv = malloc(BIGINT_CEIL(length_B));
if(!a->wordv){
cli_putstr("\r\nOOM!\r\n");
return 1;
}
memset(a->wordv, 0, sizeof(bigint_word_t));
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
void load_fix_rsa(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
if(pre_alloc_key_crt()){
cli_putstr("\r\nOOM!\r\n");
return;
}
load_bigint_from_os(pub_key.modulus, MODULUS, sizeof(MODULUS));
load_bigint_from_os(pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
priv_key.n = 5;
load_bigint_from_os(priv_key.components[0], P, sizeof(P));
load_bigint_from_os(priv_key.components[1], Q, sizeof(Q));
load_bigint_from_os(priv_key.components[2], DP, sizeof(DP));
load_bigint_from_os(priv_key.components[3], DQ, sizeof(DQ));
load_bigint_from_os(priv_key.components[4], QINV, sizeof(QINV));
// load_priv_conventional();
// load_priv_crt_mono();
}
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint8_t seed[sizeof(SEED)];
uint16_t clen, plen;
ciphertext = malloc(clen = pub_key.modulus->length_B * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus->length_B * sizeof(bigint_word_t));
memcpy(plaintext, MSG, sizeof(MSG));
memcpy(seed, SEED, sizeof(SEED));
cli_putstr("\r\nplaintext:");
cli_hexdump_block(plaintext, sizeof(MSG), 4, 8);
cli_putstr("\r\nencrypting: ...");
rc = rsa_encrypt_oaep(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, NULL, NULL, seed);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 8);
if(clen!=sizeof(ENCRYPTED)){
cli_putstr("\r\n>>FAIL (no size match)<<");
}else{
if(memcmp(ciphertext, ENCRYPTED, clen)){
cli_putstr("\r\n>>FAIL (no content match)<<");
}else{
cli_putstr("\r\n>>OK<<");
}
}
cli_putstr("\r\ndecrypting: ...");
rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
if(rc){
cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 8);
free(ciphertext);
free(plaintext);
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t msg_len, ciph_len, msg_len_;
uint8_t seed[20], seed_out[20];
char read_int_str[18];
cli_putstr("\r\n== test with given seed ==");
cli_putstr("\r\n = message =");
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
msg = malloc(msg_len);
if(!msg){
cli_putstr("\r\nERROR: OOM!");
return;
}
ciph = malloc(bigint_length_B(pub_key.modulus));
if(!ciph){
cli_putstr("\r\nERROR: OOM!");
return;
}
msg_ = malloc(bigint_length_B(pub_key.modulus));
if(!msg_){
cli_putstr("\r\nERROR: OOM!");
return;
}
cli_putstr("\r\n data: ");
read_os(msg, msg_len, NULL);
cli_putstr("\r\n seed (20 bytes): ");
read_os(seed, 20, NULL);
cli_putstr("\r\n encrypting ...");
rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed);
cli_putstr("\r\n ciphertext:");
cli_hexdump_block(ciph, ciph_len, 4, 16);
cli_putstr("\r\n decrypting ... ");
rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out);
cli_putstr("[done]");
if(msg_len != msg_len_){
char tstr[16];
cli_putstr("\r\nERROR: wrong decrypted message length (");
own_utoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr(" instead of ");
own_utoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr("\r\nERROR: wrong decrypted message:");
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, 20)){
cli_putstr("\r\nERROR: wrong decrypted seed:");
cli_hexdump_block(seed_out, 20, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(seed, 20, 4, 16);
goto end;
}
cli_putstr("\r\n >>OK<<");
end:
free(msg);
free(msg_);
free(ciph);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
prng_get_byte = random8;
}
void load_key(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
read_key_crt();
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr("\r\nenter dump length: ");
cli_getsn(lstr, 15);
len = own_atou(lstr);
cli_putstr("\r\ndumping 0x");
cli_hexdump_rev(&len, 2);
cli_putstr(" byte:");
cli_hexdump_block(pub_key.modulus->wordv, len, 4, 8);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char load_key_str[] = "load-key";
const char load_fix_key_str[] = "load-fix-key";
const char quick_test_str[] = "quick-test";
const char seed_test_str[] = "seed-test";
const char dump_test_str[] = "dump-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
const cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ load_key_str, NULL, load_key },
{ load_fix_key_str, NULL, load_fix_rsa },
{ quick_test_str, NULL, quick_test },
{ seed_test_str, NULL, run_seed_test },
{ dump_test_str, NULL, test_dump },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

633
test_src/main-rsassa_pkcs1v15-test.c Normal file
View File

@ -0,0 +1,633 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* RSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsassa_pkcs1v15.h"
#include "sha1.h"
#include "performance_test.h"
const char* algo_name = "RSASA-PKCS15";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
/* Modulus: */
const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
/* Public exponent: */
const uint8_t pub_exponent[] = { 0x01, 0x00, 0x01 };
/* Exponent: */
const uint8_t priv_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
/* Prime 1: */
const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
/* Prime 2: */
const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
/* Prime exponent 1: */
const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
/* Prime exponent 2: */
const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
/* Coefficient: */
const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
};
/*
* Example 2: A 1024-bit RSA key pair
* ---------------------------------------------------
*/
/* Modulus: */
const uint8_t modulus2[] = {
0x98, 0xb7, 0x05, 0x82, 0xca, 0x80, 0x8f, 0xd1, 0xd3, 0x50, 0x95, 0x62, 0xa0, 0xef, 0x30, 0x5a,
0xf6, 0xd9, 0x87, 0x54, 0x43, 0xb3, 0x5b, 0xdf, 0x24, 0xd5, 0x36, 0x35, 0x3e, 0x3f, 0x12, 0x28,
0xdc, 0xd1, 0x2a, 0x78, 0x56, 0x83, 0x56, 0xc6, 0xff, 0x32, 0x3a, 0xbf, 0x72, 0xac, 0x1c, 0xdb,
0xfe, 0x71, 0x2f, 0xb4, 0x9f, 0xe5, 0x94, 0xa5, 0xa2, 0x17, 0x5d, 0x48, 0xb6, 0x73, 0x25, 0x38,
0xd8, 0xdf, 0x37, 0xcb, 0x97, 0x0b, 0xe4, 0xa5, 0xb5, 0x62, 0xc3, 0xf2, 0x98, 0xdb, 0x9d, 0xdf,
0x75, 0x60, 0x78, 0x77, 0x91, 0x8c, 0xce, 0xd1, 0xd0, 0xd1, 0xf3, 0x77, 0x33, 0x8c, 0x0d, 0x3d,
0x32, 0x07, 0x79, 0x7e, 0x86, 0x2c, 0x65, 0xd1, 0x14, 0x39, 0xe5, 0x88, 0x17, 0x75, 0x27, 0xa7,
0xde, 0xd9, 0x19, 0x71, 0xad, 0xcf, 0x91, 0xe2, 0xe8, 0x34, 0xe3, 0x7f, 0x05, 0xa7, 0x36, 0x55
};
/* Public exponent: */
const uint8_t pub_exponent2[] = {0x01, 0x00, 0x01 };
/* Exponent: */
const uint8_t priv_exponent2[] = {
0x06, 0x14, 0xa7, 0x86, 0x05, 0x2d, 0x28, 0x4c, 0xd9, 0x06, 0xa8, 0xe4, 0x13, 0xf7, 0x62, 0x2c,
0x05, 0x0f, 0x35, 0x49, 0xc0, 0x26, 0x58, 0x9e, 0xa2, 0x77, 0x50, 0xe0, 0xbe, 0xd9, 0x41, 0x0e,
0x5a, 0x78, 0x83, 0xa1, 0xe6, 0x03, 0xf5, 0xc5, 0x17, 0xad, 0x36, 0xd4, 0x9f, 0xaa, 0xc5, 0xbd,
0x66, 0xbc, 0xb8, 0x03, 0x0f, 0xa8, 0xd3, 0x09, 0xe3, 0x51, 0xdd, 0xd7, 0x82, 0xd8, 0x43, 0xdf,
0x97, 0x56, 0x80, 0xae, 0x73, 0xee, 0xa9, 0xaa, 0xb2, 0x89, 0xb7, 0x57, 0x20, 0x5d, 0xad, 0xb8,
0xfd, 0xfb, 0x98, 0x9e, 0xc8, 0xdb, 0x8e, 0x70, 0x95, 0xf5, 0x1f, 0x24, 0x52, 0x9f, 0x56, 0x37,
0xaa, 0x66, 0x93, 0x31, 0xe2, 0x56, 0x9f, 0x8b, 0x85, 0x4a, 0xbe, 0xce, 0xc9, 0x9a, 0xa2, 0x64,
0xc3, 0xda, 0x7c, 0xc6, 0x86, 0x6f, 0x0c, 0x0e, 0x1f, 0xb8, 0x46, 0x98, 0x48, 0x58, 0x1c, 0x73
};
/* Prime 1: */
const uint8_t p2[] = {
0xcb, 0x61, 0xa8, 0x8c, 0x8c, 0x30, 0x5a, 0xd9, 0xa8, 0xfb, 0xec, 0x2b, 0xa4, 0xc8, 0x6c, 0xcc,
0xc2, 0x02, 0x80, 0x24, 0xaa, 0x16, 0x90, 0xc2, 0x9b, 0xc8, 0x26, 0x4d, 0x2f, 0xeb, 0xe8, 0x7e,
0x4f, 0x86, 0xe9, 0x12, 0xef, 0x0f, 0x5c, 0x18, 0x53, 0xd7, 0x1c, 0xbc, 0x9b, 0x14, 0xba, 0xed,
0x3c, 0x37, 0xce, 0xf6, 0xc7, 0xa3, 0x59, 0x8b, 0x6f, 0xbe, 0x06, 0x48, 0x10, 0x90, 0x5b, 0x57
};
/* Prime 2: */
const uint8_t q2[] = {
0xc0, 0x39, 0x9f, 0x0b, 0x93, 0x80, 0xfa, 0xba, 0x38, 0xff, 0x80, 0xd2, 0xff, 0xf6, 0xed, 0xe7,
0x9c, 0xfd, 0xab, 0xf6, 0x58, 0x97, 0x20, 0x77, 0xa5, 0xe2, 0xb2, 0x95, 0x69, 0x3e, 0xa5, 0x10,
0x72, 0x26, 0x8b, 0x91, 0x74, 0x6e, 0xea, 0x9b, 0xe0, 0x4a, 0xd6, 0x61, 0x00, 0xeb, 0xed, 0x73,
0x3d, 0xb4, 0xcd, 0x01, 0x47, 0xa1, 0x8d, 0x6d, 0xe8, 0xc0, 0xcd, 0x8f, 0xbf, 0x24, 0x9c, 0x33
};
/* Prime exponent 1: */
const uint8_t dp2[] = {
0x94, 0x4c, 0x3a, 0x65, 0x79, 0x57, 0x4c, 0xf7, 0x87, 0x33, 0x62, 0xab, 0x14, 0x35, 0x9c, 0xb7,
0xd5, 0x03, 0x93, 0xc2, 0xa8, 0x4f, 0x59, 0xf0, 0xbd, 0x3c, 0xbd, 0x48, 0xed, 0x17, 0x7c, 0x68,
0x95, 0xbe, 0x8e, 0xb6, 0xe2, 0x9f, 0xf5, 0x8c, 0x3b, 0x9e, 0x0f, 0xf3, 0x2a, 0xb5, 0x7b, 0xf3,
0xbe, 0x44, 0x07, 0x62, 0x84, 0x81, 0x84, 0xaa, 0x9a, 0xa9, 0x19, 0xd5, 0x74, 0x56, 0x7e, 0x73
};
/* Prime exponent 2: */
const uint8_t dq2[] = {
0x45, 0xeb, 0xef, 0xd5, 0x87, 0x27, 0x30, 0x8c, 0xd2, 0xb4, 0xe6, 0x08, 0x5a, 0x81, 0x58, 0xd2,
0x9a, 0x41, 0x8f, 0xee, 0xc1, 0x14, 0xe0, 0x03, 0x85, 0xbc, 0xeb, 0x96, 0xfb, 0xbc, 0x84, 0xd0,
0x71, 0xa5, 0x61, 0xb9, 0x5c, 0x30, 0x08, 0x79, 0x00, 0xe2, 0x58, 0x0e, 0xdb, 0x05, 0xf6, 0xce,
0xa7, 0x90, 0x7f, 0xcd, 0xca, 0x5f, 0x92, 0x91, 0x7b, 0x4b, 0xbe, 0xba, 0x5e, 0x1e, 0x14, 0x0f
};
/* Coefficient: */
const uint8_t qinv2[] = {
0xc5, 0x24, 0x68, 0xc8, 0xfd, 0x15, 0xe5, 0xda, 0x2f, 0x6c, 0x8e, 0xba, 0x4e, 0x97, 0xba, 0xeb,
0xe9, 0x95, 0xb6, 0x7a, 0x1a, 0x7a, 0xd7, 0x19, 0xdd, 0x9f, 0xff, 0x36, 0x6b, 0x18, 0x4d, 0x5a,
0xb4, 0x55, 0x07, 0x59, 0x09, 0x29, 0x20, 0x44, 0xec, 0xb3, 0x45, 0xcf, 0x2c, 0xdd, 0x26, 0x22,
0x8e, 0x21, 0xf8, 0x51, 0x83, 0x25, 0x5f, 0x4a, 0x9e, 0x69, 0xf4, 0xc7, 0x15, 0x2e, 0xbb, 0x0f
};
/* PKCS#1 v1.5 signatures
* ---------------------------------------------------------------------------
*/
/* Message to be signed */
const uint8_t message_1_1[] = {
0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, 0xbc, 0x72, 0x13, 0x26,
0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, 0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6,
0x23, 0x71, 0xd4, 0x5c, 0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, 0x57, 0x86, 0xcb, 0x76,
0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3,
0xd5, 0xf5, 0x15, 0xb2, 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f, 0x20, 0x94, 0x57, 0x29,
0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0, 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61,
0x93, 0xc0, 0x31, 0x7e, 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc, 0x72, 0xd0, 0xb7, 0x1c,
0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, 0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca,
0xb2, 0x74, 0x4f, 0xd9, 0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, 0x76, 0xe0, 0x8a, 0xed,
0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, 0xd0 };
/* Signature: */
const uint8_t sign_1_1[] = {
0x6b, 0xc3, 0xa0, 0x66, 0x56, 0x84, 0x29, 0x30, 0xa2, 0x47, 0xe3, 0x0d, 0x58, 0x64, 0xb4, 0xd8,
0x19, 0x23, 0x6b, 0xa7, 0xc6, 0x89, 0x65, 0x86, 0x2a, 0xd7, 0xdb, 0xc4, 0xe2, 0x4a, 0xf2, 0x8e,
0x86, 0xbb, 0x53, 0x1f, 0x03, 0x35, 0x8b, 0xe5, 0xfb, 0x74, 0x77, 0x7c, 0x60, 0x86, 0xf8, 0x50,
0xca, 0xef, 0x89, 0x3f, 0x0d, 0x6f, 0xcc, 0x2d, 0x0c, 0x91, 0xec, 0x01, 0x36, 0x93, 0xb4, 0xea,
0x00, 0xb8, 0x0c, 0xd4, 0x9a, 0xac, 0x4e, 0xcb, 0x5f, 0x89, 0x11, 0xaf, 0xe5, 0x39, 0xad, 0xa4,
0xa8, 0xf3, 0x82, 0x3d, 0x1d, 0x13, 0xe4, 0x72, 0xd1, 0x49, 0x05, 0x47, 0xc6, 0x59, 0xc7, 0x61,
0x7f, 0x3d, 0x24, 0x08, 0x7d, 0xdb, 0x6f, 0x2b, 0x72, 0x09, 0x61, 0x67, 0xfc, 0x09, 0x7c, 0xab,
0x18, 0xe9, 0xa4, 0x58, 0xfc, 0xb6, 0x34, 0xcd, 0xce, 0x8e, 0xe3, 0x58, 0x94, 0xc4, 0x84, 0xd7
};
uint8_t keys_allocated = 0;
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
#if 1
#define MSG message_1_1
#define SIGN sign_1_1
#define MODULUS modulus2
#define PUB_EXPONENT pub_exponent2
#define PRIV_EXPONENT priv_exponent2
#define P p2
#define Q q2
#define DP dp2
#define DQ dq2
#define QINV qinv2
#endif
uint8_t convert_nibble(uint8_t c){
if(c>='0' && c<='9'){
return c - '0';
}
c |= 'A' ^ 'a';
if(c>='a' && c<='f'){
return c - 'a' + 10;
}
return 0xff;
}
const char *block_ignore_string=" \t\r\n,;";
#define BUFFER_LIMIT 120
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
uint16_t counter = 0;
uint16_t c;
uint8_t v, tmp = 0, idx = 0;
if(!ignore_string){
ignore_string = block_ignore_string;
}
while(counter < length){
c = cli_getc();
if(c > 0xff){
return counter;
}
if(strchr(ignore_string, c)){
continue;
}
v = convert_nibble(c);
if(v > 0x0f){
return counter;
}
if(idx){
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
idx = 0;
if(counter % (BUFFER_LIMIT/2) == 0){
cli_putc('.');
}
}else{
tmp = v;
idx = 1;
}
}
return counter;
}
uint16_t own_atou(const char* str){
uint16_t r=0;
while(*str && *str >= '0' && *str <= '9'){
r *= 10;
r += *str++ - '0';
}
return r;
}
uint8_t read_bigint(bigint_t* a, char* prompt){
uint16_t read_length, actual_length;
uint8_t off;
uint8_t *buffer;
char read_int_str[18];
cli_putstr(prompt);
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
read_length = own_atou(read_int_str);
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
if(!buffer){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
cli_putstr("\r\n data: ");
memset(buffer, 0, sizeof(bigint_word_t));
actual_length = read_os(buffer + off, read_length, NULL);
if(actual_length != read_length){
cli_putstr("\r\nERROR: unexpected end of data!");
free(buffer);
return 1;
}
a->wordv = (bigint_word_t*)buffer;
a->length_B = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
uint8_t pre_alloc_key_crt(void){
priv_key.n = 5;
priv_key.components = malloc(5 * sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
return 0;
}
void free_key(void){
uint8_t c;
free(pub_key.modulus.wordv);
free(pub_key.exponent.wordv);
pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
for(c = 0; c < priv_key.n; ++c){
free(priv_key.components[c].wordv);
}
free(priv_key.components);
}
uint8_t read_key_crt(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = pre_alloc_key_crt();
if(r) return r;
r = read_bigint(&pub_key.modulus, "\r\n = module =");
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
if(r) return r;
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
return r;
}
uint8_t read_key_conv(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = read_bigint(&pub_key.modulus,"\r\n = module =");
if(r) return r;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
priv_key.n = 1;
priv_key.components = malloc(sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
return r;
}
void load_priv_conventional(void){
priv_key.components = malloc(sizeof(bigint_t));
priv_key.components[0].length_B = (sizeof(PRIV_EXPONENT) +
sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
priv_key.components[0].wordv = malloc(priv_key.components[0].length_B *
sizeof(bigint_word_t));
if(!priv_key.components[0].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
priv_key.n = 1;
bigint_changeendianess(&priv_key.components[0]);
bigint_adjust(&priv_key.components[0]);
}
void load_priv_crt_mono(void){
bigint_t *v;
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = v;
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i].info = 0;
v[i].length_B = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i].wordv = calloc(v[i].length_B , sizeof(bigint_word_t));
if(!v[i].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i].wordv, bv[i], sv[i]);
bigint_changeendianess(&v[i]);
bigint_adjust(&v[i]);
}
}
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
a->length_B = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
a->wordv = malloc(BIGINT_CEIL(length_B));
if(!a->wordv){
cli_putstr("\r\nOOM!\r\n");
return 1;
}
memset(a->wordv, 0, sizeof(bigint_word_t));
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
void load_fix_rsa(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
if(pre_alloc_key_crt()){
cli_putstr("\r\nOOM!\r\n");
return;
}
load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
priv_key.n = 5;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
// load_priv_conventional();
// load_priv_crt_mono();
}
void quick_test(void){
uint8_t *msg, *sign, hash[20], rc;
uint16_t slen;
if(!keys_allocated){
load_fix_rsa();
}
msg = malloc(sizeof(MSG));
memcpy(msg, MSG, sizeof(MSG));
sign = malloc(pub_key.modulus.length_B * sizeof(bigint_word_t));
cli_putstr("\r\nhashing:...");
sha1(hash, msg, sizeof(MSG) * 8);
cli_putstr("\r\nsigning: ...");
rc = rsa_sign_pkcs1v15(sign, &slen, hash, 20, &priv_key, &pkcs1v15_sha1_prefix);
if(rc){
cli_putstr("\r\nERROR: rsa_sign_pkcs1v15() returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nsignature:");
cli_hexdump_block(sign, slen, 4, 16);
if(slen!=sizeof(SIGN)){
cli_putstr("\r\n>>FAIL (no size match)<<");
}else{
if(memcmp(sign, SIGN, slen)){
cli_putstr("\r\n>>FAIL (no content match)<<");
}else{
cli_putstr("\r\n>>OK<<");
}
}
cli_putstr("\r\nverifying: ...");
rc = rsa_verify_pkcs1v15(sign, slen, hash, 20, &pub_key, &pkcs1v15_sha1_prefix);
if(rc){
cli_putstr("\r\nERROR: rsa_verify_pkcs1v15() returned: ");
cli_hexdump_byte(rc);
return;
}else{
cli_putstr("\r\nsignature >>OK<<");
}
free(sign);
free(msg);
}
void run_sha1_test(void){
uint8_t *msg, *sign, hash[20], rc;
uint16_t msg_len, sign_len;
char read_int_str[18];
cli_putstr("\r\n== test with given seed ==");
cli_putstr("\r\n = message =");
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
msg = malloc(msg_len);
if(!msg){
cli_putstr("\r\nERROR: OOM!");
return;
}
sign = malloc(bigint_length_B(&pub_key.modulus));
if(!sign){
cli_putstr("\r\nERROR: OOM!");
return;
}
cli_putstr("\r\n data: ");
read_os(msg, msg_len, NULL);
cli_putstr("\r\n hashing ...");
sha1(hash, msg, msg_len * 8);
cli_putstr("\r\n signing ...");
/*
cli_putstr("\r\n plaintext:");
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr("\r\n seed:");
cli_hexdump_block(seed, seed_len, 4, 16);
*/
rc = rsa_sign_pkcs1v15(sign, &sign_len, hash, 20, &priv_key, &pkcs1v15_sha1_prefix);
if(rc){
cli_putstr("\r\n ERROR: computing signature failed with code: ");
cli_hexdump_byte(rc);
}
cli_putstr("\r\n signature:");
cli_hexdump_block(sign, sign_len, 4, 16);
cli_putstr("\r\n verifying ... ");
rc = rsa_verify_pkcs1v15(sign, sign_len, hash, 20, &pub_key, &pkcs1v15_sha1_prefix);
cli_putstr("[done]");
if(rc){
cli_putstr("\r\n ERROR: verifying signature failed with code: ");
cli_hexdump_byte(rc);
}else{
cli_putstr("\r\n >>OK<<");
}
free(sign);
free(msg);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
prng_get_byte = random8;
}
void load_key(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
read_key_crt();
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr("\r\nenter dump length: ");
cli_getsn(lstr, 15);
len = own_atou(lstr);
cli_putstr("\r\ndumping 0x");
cli_hexdump_rev(&len, 2);
cli_putstr(" byte:");
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char load_key_str[] = "load-key";
const char load_fix_key_str[] = "load-fix-key";
const char quick_test_str[] = "quick-test";
const char sha1_test_str[] = "sha1-test";
const char dump_test_str[] = "dump-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
const cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ load_key_str, NULL, load_key },
{ load_fix_key_str, NULL, load_fix_rsa },
{ quick_test_str, NULL, quick_test },
{ sha1_test_str, NULL, run_sha1_test },
{ dump_test_str, NULL, test_dump },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

10
test_src/main-salsa20-test.c
View File

@ -42,10 +42,10 @@ void nessie_first(void){
cli_hexdump(key, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr("\r\n internal state: ");
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr("\r\n internal state: ");
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
cli_putstr("\r\n data: ");
cli_hexdump_block(ctx.buffer, 64, 4, 16);
@ -54,13 +54,13 @@ void nessie_first(void){
key[15] = 0x01;
cli_putstr("\r\n testing with key: ");
cli_hexdump(key, 16);
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_init(key, 128, NULL, &ctx);
cli_putstr("\r\n internal state: ");
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
salsa20_gen(&ctx);
cli_putstr("\r\n internal state: ");
cli_hexdump_block(ctx.a, 64, 4, 16);
cli_hexdump_block(ctx.a.v8, 64, 4, 16);
cli_putstr("\r\n data: ");
cli_hexdump_block(ctx.buffer, 64, 4, 16);
}

2
test_src/nessie_hash_test.c
View File

@ -235,7 +235,7 @@ void nessie_hash_run(void){
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890\0"
"8 times \"1234567890\"\0" ;
char* challange[16];
const char* challange[16];
set=1;
nessie_print_setheader(set);
dbz_splitup(challange_dbz, challange);

4
test_src/string-extras.c
View File

@ -157,6 +157,10 @@ void strlwr(char* s){
}
*/
char* utoa(unsigned a, char* buffer, uint8_t radix){
return ultoa((unsigned)a, buffer, radix);
}
char* itoa(int a, char* buffer, uint8_t radix){
if(a<0){
*buffer = '-';

1
test_src/string-extras.h
View File

@ -59,5 +59,6 @@ void str_reverse(char* buffer);
char* ultoa(unsigned long a, char* buffer, uint8_t radix);
char* ulltoa(unsigned long long a, char* buffer, uint8_t radix);
char* utoa(unsigned a, char* buffer, uint8_t radix);
char* ustoa(unsigned short a, char* buffer, uint8_t radix);
// void strlwr(char* s);

6212
testvectors/Md5-128.unverified.test-vectors Normal file
View File

File diff suppressed because it is too large Load Diff

9049
testvectors/rsa-pkcs-1v2-1-vec/pkcs1v15sign-vectors.txt Normal file
View File

File diff suppressed because it is too large Load Diff