Browse Source

forgotten file (a lot of them)

master
bg 9 years ago
parent
commit
2a4779378a
  1. 37
      camellia/camellia.h
  2. 494
      camellia/camellia_C.c
  3. 59
      dsa/dsa.h
  4. 306
      dsa/dsa_key_blob.c
  5. 25
      dsa/dsa_key_blob.h
  6. 76
      dsa/dsa_sign.c
  7. 78
      dsa/dsa_verify.c
  8. 135
      entropium/entropium.c
  9. 84
      entropium/entropium.h
  10. 130
      hmac-md5/hmac-md5.c
  11. 42
      hmac-md5/hmac-md5.h
  12. 131
      hmac-sha1/hmac-sha1.c
  13. 41
      hmac-sha1/hmac-sha1.h
  14. 130
      hmac-sha256/hmac-sha256.c
  15. 43
      hmac-sha256/hmac-sha256.h
  16. 175
      main_headers
  17. 4
      mkfiles/001_scal_std.mk
  18. 26
      mkfiles/002_bcal_algos.mk
  19. 27
      mkfiles/002_hfal_algos.mk
  20. 14
      mkfiles/002_scal_algos.mk
  21. 13
      mkfiles/bmw_asm.mk
  22. 13
      mkfiles/bmw_asm_speed.mk
  23. 13
      mkfiles/bmw_asmmix_speed.mk
  24. 14
      mkfiles/camellia_c.mk
  25. 14
      mkfiles/dsa.mk
  26. 14
      mkfiles/entropium.mk
  27. 14
      mkfiles/hmac-md5.mk
  28. 14
      mkfiles/hmac-sha1.mk
  29. 14
      mkfiles/hmac-sha256.mk
  30. 11
      mkfiles/zza_lib_cli_std.mk
  31. 228
      rsa/rsaes_oaep.c
  32. 55
      rsa/rsaes_oaep.h
  33. 142
      rsa/rsaes_pkcs1v15.c
  34. 36
      rsa/rsaes_pkcs1v15.h
  35. 111
      streamcipher_descriptor.h
  36. 195
      test_src/main-camellia-test.c
  37. 207
      test_src/main-dsa-test.c
  38. 106
      test_src/main-entropium-test.c
  39. 183
      test_src/main-hmac-md5-test.c
  40. 76
      test_src/main-hmac-sha1-test.c
  41. 95
      test_src/main-hmac-sha256-test.c
  42. 794
      test_src/main-rsaes_oaep-test.c
  43. 714
      test_src/main-rsaes_pkcs1v15-test.c
  44. 217
      test_src/main-sha2-test.c
  45. 214
      test_src/nessie_bc_test.c
  46. 47
      test_src/nessie_bc_test.h
  47. 302
      test_src/nessie_mac_test.c
  48. 47
      test_src/nessie_mac_test.h
  49. 185
      test_src/nessie_stream_test.c
  50. 42
      test_src/nessie_stream_test.h

37
camellia/camellia.h

@ -0,0 +1,37 @@
/* camellia.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef CAMELLIA_H_
#define CAMELLIA_H_
#include <stdint.h>
typedef struct camellia128_ctx_s{
uint64_t klr;
uint64_t kll;
uint64_t kar;
uint64_t kal;
}camellia128_ctx_t;
void camellia128_init(const void* key, camellia128_ctx_t* s);
void camellia128_enc(void* block, const camellia128_ctx_t* s);
void camellia128_dec(void* block, const camellia128_ctx_t* s);
#endif /*CAMELLIA_H_*/

494
camellia/camellia_C.c

@ -0,0 +1,494 @@
/* camellia_C.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
*
*
*
*/
#include <stdint.h>
#include "camellia.h"
#if 0
#include "cli.h"
#include "debug.h"
#include <util/delay.h>
#endif
/*****************************************************************************/
static
uint8_t rol(uint8_t a, uint8_t n){
return ((a<<n) | (a>>(8-n)));
}
/*****************************************************************************/
static
uint8_t ror(uint8_t a, uint8_t n){
return ((a<<(8-n)) | (a>>n));
}
/*****************************************************************************/
static
uint32_t rol32(uint32_t a, uint8_t n){
return ((a<<n)|(a>>(32-n)));
}
/*****************************************************************************/
/*
static
uint64_t rol64(uint64_t a, uint8_t n){
return ((a<<n)|(a>>(64-n)));
}
*/
/*****************************************************************************/
static
const uint8_t camellia_s1_table[256] = {
112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
};
/*****************************************************************************/
static
uint8_t camellia_s1(uint8_t b){
return camellia_s1_table[b];
}
/*****************************************************************************/
static
uint8_t camellia_s2(uint8_t b){
return rol(camellia_s1_table[b], 1);
}
/*****************************************************************************/
static
uint8_t camellia_s3(uint8_t b){
return ror(camellia_s1_table[b], 1);
}
/*****************************************************************************/
static
uint8_t camellia_s4(uint8_t b){
return camellia_s1_table[rol(b, 1)];
}
/*****************************************************************************/
static
uint64_t camellia_s(uint64_t d){
// cli_putstr("\n\r S von "); cli_hexdump(&(d), 8);
#define D ((uint8_t*)(&d))
D[7] = camellia_s1(D[7]);
D[6] = camellia_s2(D[6]);
D[5] = camellia_s3(D[5]);
D[4] = camellia_s4(D[4]);
D[3] = camellia_s2(D[3]);
D[2] = camellia_s3(D[2]);
D[1] = camellia_s4(D[1]);
D[0] = camellia_s1(D[0]);
#undef D
// cli_putstr(" ist "); cli_hexdump(&(d), 8);
return d;
}
/*****************************************************************************/
static
uint64_t camellia_p(uint64_t d){
uint64_t z=0;
#define D ((uint8_t*)(&d))
#define Z ((uint8_t*)(&z))
/*
Z[0] = D[4] ^ D[3] ^ D[1];
Z[1] = D[5] ^ D[0] ^ D[2];
Z[2] = D[6] ^ D[1] ^ D[3];
Z[3] = D[7] ^ D[2] ^ D[0];
Z[4] = D[0] ^ D[6] ^ D[5];
Z[5] = D[1] ^ D[7] ^ D[6];
Z[6] = D[2] ^ D[4] ^ D[7];
Z[7] = D[3] ^ D[5] ^ D[4];
*/
// Z[7] = z1 z3 z4 z6 z7 z8
// cli_putstr("\n\r P von "); cli_hexdump(&(d), 8);
Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0];
Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0];
Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0];
Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0];
Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0];
Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0];
Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
// cli_putstr(" ist "); cli_hexdump(&(z), 8);
#undef Z
#undef D
return z;
}
/*****************************************************************************/
static
uint64_t camellia_f(uint64_t x, uint64_t k){
uint64_t y;
y = camellia_p(camellia_s(x ^ k));
return y;
}
/*****************************************************************************/
static
uint64_t camellia_fl(uint64_t x, uint64_t k){
// uint64_t lx, lk, y;
uint32_t lx[2], lk[2], yr, yl;
lx[0]=(uint32_t)x;
lx[1]=(uint32_t)(x>>32);
lk[0]=(uint32_t)k;
lk[1]=(uint32_t)(k>>32);
#define Y ((uint32_t*)y)
#define X ((uint32_t*)lx)
#define K ((uint32_t*)lk)
yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */
yl = (yr | K[0]) ^ (X[1]); /* Yl */
/*
cli_putstr("\r\nFL(");
cli_hexdump(&(x), 8);
cli_putstr(", ");
cli_hexdump(&(k), 8);
cli_putstr(") = ");
cli_hexdump(y, 8);
*/
#undef K
#undef X
#undef Y
return (((uint64_t)yl)<<32 | yr);
}
/*****************************************************************************/
static
uint64_t camellia_fl_inv(uint64_t y, uint64_t k){
//volatile uint32_t xl, xr;
uint32_t ly[2], lk[2], x[2];
ly[0]=(uint32_t)y;
ly[1]=(uint32_t)(y>>32);
lk[0]=(uint32_t)k;
lk[1]=(uint32_t)(k>>32);
#define Y ((uint32_t*)ly)
#define X ((uint32_t*)x)
#define K ((uint32_t*)lk)
X[1]=(Y[0] | K[0]) ^ Y[1];
X[0]=rol32((X[1] & K[1]),1) ^ Y[0];
/*
cli_putstr("\r\nFL_inv(");
cli_hexdump(&(y), 8);
cli_putstr(", ");
cli_hexdump(&(k), 8);
cli_putstr(") = ");
*/
#undef K
#undef X
#undef Y
return ((uint64_t)(x[1]))<<32 | x[0];
}
/*****************************************************************************/
static
const uint64_t camellia_sigma_table[6] = {
0xA09E667F3BCC908BLL,
0xB67AE8584CAA73B2LL,
0xC6EF372FE94F82BELL,
0x54FF53A5F1D36F1CLL,
0x10E527FADE682D1DLL,
0xB05688C2B3E6C1FDLL
};
/*****************************************************************************/
#if 0
void camellia128_ctx_dump(camellia128_ctx_t *s){
cli_putstr("\r\n==State Dump==");
cli_putstr("\n\rKAl: "); cli_hexdump(&(s->kal), 8);
cli_putstr("\n\rKAr: "); cli_hexdump(&(s->kar), 8);
cli_putstr("\n\rKLl: "); cli_hexdump(&(s->kll), 8);
cli_putstr("\n\rKLr: "); cli_hexdump(&(s->klr), 8);
return;
}
#endif
/*****************************************************************************/
void camellia128_init(const void* key, camellia128_ctx_t* s){
uint8_t i;
s->kll = 0; //((uint64_t*)key)[0];
/* load the key, endian-adjusted, to kll,klr */
for(i=0; i<8; ++i){
s->kll <<= 8;
s->kll |= *((uint8_t*)key);
key = (uint8_t*)key+1;
}
for(i=0; i<8; ++i){
s->klr <<= 8;
s->klr |= *((uint8_t*)key);
key = (uint8_t*)key+1;
}
s->kal = s->kll;
s->kar = s->klr;
s->kar ^= camellia_f(s->kal, camellia_sigma_table[0]);
s->kal ^= camellia_f(s->kar, camellia_sigma_table[1]);
s->kal ^= s->kll;
s->kar ^= s->klr;
s->kar ^= camellia_f(s->kal, camellia_sigma_table[2]);
s->kal ^= camellia_f(s->kar, camellia_sigma_table[3]);
/**/
// cli_putstr("\n\r----------------init finished--------------------");
}
/*****************************************************************************/
static
void camellia128_keyop(camellia128_ctx_t* s, int8_t q){
/* first we do 16 bit left-rols for kl and ka (128bit each) */
uint32_t temp;
temp = (s->kal)>>(64-16-q);
s->kal = s->kal<<(16+q) | s->kar>>(64-16-q);
s->kar = s->kar<<(16+q) | temp;
temp = (s->kll)>>(64-16-q);
s->kll = s->kll<<(16+q) | s->klr>>(64-16-q);
s->klr = s->klr<<(16+q) | temp;
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
}
/*****************************************************************************/
static
void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){
/* first we do 16 bit right-rols for kl and ka (128bit each) */
uint32_t temp;
temp = (s->kar)&(0xffffff>>(24-16-q));
s->kar = s->kar>>(16+q) | s->kal<<(64-16-q);
s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q);
temp = (s->klr)&(0xffffff>>(24-16-q));
s->klr = s->klr>>(16+q) | s->kll<<(64-16-q);
s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q);
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
}
/*****************************************************************************/
#define SEL_KA 1
#define SEL_KL 0
#define KEY_POSTC1 0x00
#define KEY_POSTC2 0x01
#define KEY_INC2 0x02
#define KEY_DIR 0x04
#define KEY_DIR_NORM 0x00
#define KEY_DIR_INV 0x04
#define KEY_AMMOUNT 0x08
#define KEY_ROL17 0x08
#define KEY_ROL15 0x00
static
void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){
uint8_t i;
uint64_t* k[4];
k[0] = &(((camellia128_ctx_t*)s)->kll);
k[1] = &(((camellia128_ctx_t*)s)->klr);
k[2] = &(((camellia128_ctx_t*)s)->kal);
k[3] = &(((camellia128_ctx_t*)s)->kar);
for(i=0; i<3; ++i){ /* each cycle */
br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)]));
keychoice >>= 1;
if((i == 1) && (roundop&KEY_INC2)){
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
}
bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)]));
keychoice >>= 1;
/* check if we should do some keyop */
if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
/* isn't it fuckin nice what we can do in C?! */
}
}
}
/*****************************************************************************/
static
void change_endian(void* data, uint8_t length){
uint8_t i,a;
for(i=0; i<length/2; ++i){
a = ((uint8_t*)data)[i];
((uint8_t*)data)[i] = ((uint8_t*)data)[length-i-1];
((uint8_t*)data)[length-i-1] = a;
}
}
/*****************************************************************************/
void camellia128_enc(void* block, const camellia128_ctx_t* s){
#define BL (((uint64_t*)block)[0])
#define BR (((uint64_t*)block)[1])
/* endian adjustment */
/*BL*/
/* 1 2 3 4 5 6 7 8
* 8 7 6 5 4 3 2 1
*/
uint64_t temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
/* Prewhitening */
BL ^= s->kll;
BR ^= s->klr;
/* the first 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33);
/* FL injection */
camellia128_keyop((camellia128_ctx_t*)s, -1);
BL = camellia_fl(BL, s->kal);
BR = camellia_fl_inv(BR, s->kar);
camellia128_keyop((camellia128_ctx_t*)s, -1);
/* middle 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34);
/* FL injection */
camellia128_keyop((camellia128_ctx_t*)s, 1);
BL = camellia_fl(BL, s->kll);
BR = camellia_fl_inv(BR, s->klr);
camellia128_keyop((camellia128_ctx_t*)s, 1);
/* last 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C);
/* Postwhitening */
BR ^= s->kal;
BL ^= s->kar;
temp64 = BR;
BR = BL;
BL = temp64;
camellia128_keyop((camellia128_ctx_t*)s,1);
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
#undef BL
#undef BR
}
/*****************************************************************************/
void camellia128_dec(void* block, const camellia128_ctx_t* s){
#define BL (((uint64_t*)block)[1])
#define BR (((uint64_t*)block)[0])
/* endian adjustment */
/*BL*/
/* 1 2 3 4 5 6 7 8
* 8 7 6 5 4 3 2 1
*/
uint64_t temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
/* Prewhitening */
BR ^= s->kal; /* kw3 */
BL ^= s->kar; /* kw4 */
/* the first 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C);
/* FL injection */
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
BR = camellia_fl(BR, s->klr);
BL = camellia_fl_inv(BL, s->kll);
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
/* middle 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B);
/* FL injection */
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
BR = camellia_fl(BR, s->kar);
BL = camellia_fl_inv(BL, s->kal);
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
/* last 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33);
/* Postwhitening */
BL ^= s->kll; /* kw1 */
BR ^= s->klr; /* kw2 */
temp64 = BR;
BR = BL;
BL = temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
}
/*****************************************************************************/
/*****************************************************************************/
/* EOF */

59
dsa/dsa.h

@ -0,0 +1,59 @@
/* dsa.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_H_
#define DSA_H_
#include <stdint.h>
#include "hfal-basic.h"
#include "bigint.h"
typedef struct{
bigint_t p;
bigint_t q;
bigint_t g;
} dsa_domainparameters_t;
typedef bigint_t dsa_pubkey_t;
typedef bigint_t dsa_privkey_t;
typedef struct{
bigint_t r;
bigint_t s;
} dsa_signature_t;
typedef struct{
dsa_privkey_t priv;
dsa_pubkey_t pub;
dsa_domainparameters_t domain;
} dsa_ctx_t;
#define DSA_SIGNATURE_OK 1
#define DSA_SIGNATURE_FAIL 0
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k);
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void));
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx);
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx);
#endif /* DSA_H_ */

306
dsa/dsa_key_blob.c

@ -0,0 +1,306 @@
/* dsa_key_blob.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "cli.h"
#include "dsa.h"
#include "bigint.h"
#define DSA_KEY_BLOB_SIZE 1024
#if DSA_KEY_BLOB_SIZE == 512
#define PRIV_LEN_B (20)
#define PUB_LEN_B (8*8)
#define P_LEN_B (8*8)
#define Q_LEN_B (20)
#define G_LEN_B (8*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
// priv:
0xac, 0xe6, 0xef, 0x99, 0x08, 0xe8, 0x5f, 0xc8,
0xc7, 0x51, 0x97, 0x99, 0xf4, 0xd3, 0x00, 0x0f,
0x49, 0x72, 0xee, 0x46,
// pub:
0x18, 0x02, 0x53, 0x09, 0x61, 0xad, 0x0b, 0x9d,
0x44, 0x80, 0x8d, 0xb4, 0x52, 0xdc, 0xb5, 0xf2,
0x11, 0x20, 0x41, 0xc7, 0xd9, 0x7c, 0x7c, 0x6c,
0xa0, 0x9e, 0xca, 0x0d, 0xff, 0x28, 0x3c, 0x64,
0xfa, 0x92, 0xbb, 0x2c, 0xe9, 0x9b, 0x10, 0x94,
0xa5, 0x8d, 0x03, 0x50, 0xa5, 0x59, 0xd4, 0x3f,
0x57, 0x78, 0x8d, 0xcf, 0x0a, 0x99, 0x5d, 0xa3,
0x2e, 0x80, 0xfa, 0x99, 0x44, 0x73, 0x6d, 0x9a,
// P:
0x9f, 0x2d, 0xc8, 0x3c, 0x34, 0xf9, 0xa1, 0xbc,
0x6a, 0xa7, 0x49, 0x17, 0xd3, 0x82, 0xa2, 0xe2,
0x25, 0x31, 0xc4, 0x3d, 0x1a, 0x3f, 0x0f, 0x8a,
0x8b, 0x84, 0x3c, 0x6c, 0x9c, 0xdd, 0x42, 0xd9,
0x1a, 0x22, 0xf2, 0x55, 0x98, 0xee, 0x7d, 0x98,
0x9c, 0x9a, 0x91, 0x42, 0x5f, 0x4f, 0xa8, 0x32,
0xa0, 0xb0, 0x0f, 0x79, 0xe2, 0x76, 0x08, 0x78,
0x6e, 0xba, 0xf7, 0x74, 0x43, 0x4a, 0xf2, 0xdf,
// Q:
0xdb, 0x30, 0x69, 0xe6, 0x59, 0x77, 0xee, 0x38,
0xea, 0xf7, 0xcc, 0x18, 0x83, 0xcf, 0xb4, 0x21,
0xbc, 0xcf, 0x9a, 0x77,
// G:
0x73, 0x90, 0x27, 0x68, 0xe7, 0xe9, 0x3a, 0x45,
0x6f, 0x7f, 0x95, 0xca, 0x9b, 0xfd, 0x33, 0x75,
0x75, 0xff, 0x0f, 0xe7, 0x69, 0xfd, 0xb7, 0x07,
0x0f, 0x6c, 0x3a, 0xec, 0x47, 0x82, 0x78, 0xb2,
0xb3, 0x0b, 0x7f, 0x11, 0x9d, 0x34, 0x3e, 0xff,
0xb8, 0x09, 0x42, 0x82, 0x81, 0x21, 0xad, 0x2b,
0x51, 0x20, 0xec, 0x9e, 0xf8, 0x15, 0xaa, 0x3d,
0x5f, 0x29, 0x2d, 0xb5, 0xc5, 0x64, 0x53, 0x2d
};
#endif
#if DSA_KEY_BLOB_SIZE == 1024
#define PRIV_LEN_B (20)
#define PUB_LEN_B (16*8)
#define P_LEN_B (16*8)
#define Q_LEN_B (20)
#define G_LEN_B (16*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
// priv:
// 0x00, 0x00, 0x00, 0x00,
0x03, 0xad, 0x17, 0x81, 0x0f, 0x70, 0x7f, 0x89,
0xa2, 0x0a, 0x70, 0x1c, 0x3b, 0x24, 0xff, 0xd2,
0x39, 0x93, 0xd7, 0x8d,
// pub:
0x42, 0x1c, 0xb2, 0x03, 0xe5, 0xc6, 0x69, 0x81,
0x1e, 0x35, 0x85, 0x86, 0xd7, 0x94, 0xd2, 0x1f,
0x77, 0x05, 0x2f, 0xcc, 0xa5, 0x69, 0x46, 0x8f,
0xe1, 0x9f, 0x82, 0xf6, 0x24, 0x2c, 0x64, 0x1b,
0x29, 0x63, 0xd5, 0xb3, 0x32, 0xdc, 0xd9, 0x5a,
0x4e, 0x92, 0xd9, 0x69, 0xcc, 0x51, 0x81, 0xc2,
0xa3, 0x7e, 0xd7, 0xf8, 0x72, 0x1f, 0x8d, 0xd4,
0xe8, 0x59, 0xb0, 0xaa, 0xdd, 0xa0, 0x73, 0xe6,
0xc4, 0x50, 0x7f, 0x4c, 0x7c, 0xde, 0x35, 0x27,
0x49, 0x36, 0x23, 0x36, 0xe4, 0x90, 0x54, 0x24,
0x45, 0x99, 0xa3, 0x10, 0xc3, 0x59, 0x2f, 0x61,
0xff, 0x75, 0xf0, 0x51, 0x1d, 0xa0, 0x8f, 0x69,
0xc1, 0x1e, 0x3e, 0x65, 0xaf, 0x82, 0x9e, 0xa9,
0x91, 0x17, 0x04, 0x7c, 0x56, 0xd1, 0x68, 0x8a,
0x4b, 0xc9, 0x48, 0x92, 0xaf, 0x72, 0xca, 0xbf,
0xf2, 0x2b, 0x9e, 0x42, 0x92, 0x46, 0x19, 0x64,
// P:
0x97, 0x40, 0xda, 0x05, 0x19, 0x77, 0xb7, 0x17,
0x4b, 0x7d, 0xc0, 0x5b, 0x81, 0xdd, 0xcc, 0x0b,
0x86, 0xe0, 0x3c, 0x4d, 0xab, 0x3d, 0x43, 0xe4,
0xe3, 0x5f, 0xf3, 0x56, 0xcd, 0x5c, 0xf2, 0x85,
0x00, 0x45, 0x3c, 0xba, 0xf0, 0x56, 0xb3, 0x8b,
0x29, 0xc3, 0x55, 0x7b, 0xb6, 0xfb, 0x68, 0xca,
0x35, 0xe5, 0x0e, 0x46, 0xd6, 0xff, 0xc9, 0xbd,
0x08, 0x71, 0x65, 0x3b, 0xf7, 0xab, 0xb1, 0x96,
0x9b, 0x70, 0xdc, 0x8e, 0xf3, 0x02, 0xa4, 0x0f,
0xc6, 0xcd, 0x70, 0xe5, 0xeb, 0xd3, 0x07, 0xb5,
0x7d, 0x40, 0x8c, 0xfd, 0x33, 0x45, 0x8f, 0x9c,
0x7f, 0xa1, 0x69, 0xcb, 0xe6, 0x73, 0x1d, 0x37,
0xc7, 0x5f, 0x18, 0x57, 0x38, 0x96, 0x46, 0x24,
0xad, 0xa6, 0x59, 0x3d, 0x7a, 0x74, 0x6e, 0x88,
0x57, 0x18, 0x86, 0x7b, 0x07, 0x79, 0x52, 0xdd,
0xbc, 0xa7, 0x40, 0x88, 0xa6, 0x66, 0x50, 0x49,
// Q:
// 0x00, 0x00, 0x00, 0x00,
0xb4, 0x6d, 0x89, 0x7a, 0x72, 0xdb, 0x8c, 0x92,
0x60, 0xf9, 0x95, 0x47, 0x81, 0x57, 0xe8, 0x6b,
0xb4, 0xf9, 0xde, 0x51,
// G:
0x76, 0x1e, 0x1b, 0xd2, 0x5c, 0x5f, 0x92, 0x96,
0x42, 0x18, 0xba, 0x8d, 0xe1, 0x24, 0x12, 0x24,
0x6f, 0x3f, 0xb8, 0x05, 0xf9, 0x72, 0x74, 0xfa,
0xef, 0xc3, 0x1e, 0xd5, 0xa5, 0x93, 0x28, 0x07,
0xc0, 0x7b, 0x47, 0xef, 0x15, 0x13, 0x68, 0x18,
0xfb, 0x0d, 0x69, 0xea, 0xcc, 0x5a, 0x43, 0x08,
0x75, 0xec, 0xe4, 0x5e, 0x8e, 0xa9, 0x61, 0xe1,
0xcd, 0x27, 0x8c, 0x55, 0xc9, 0x42, 0x11, 0x11,
0x7f, 0x20, 0x4d, 0x70, 0x34, 0x49, 0x00, 0x8c,
0x79, 0x95, 0x79, 0x0b, 0xfd, 0x8d, 0xda, 0xe3,
0x0c, 0x27, 0x7a, 0x35, 0xe5, 0x35, 0xc9, 0x73,
0x31, 0xaa, 0xed, 0xbe, 0x81, 0x89, 0x67, 0x06,
0xf6, 0x97, 0x0d, 0x44, 0x07, 0xac, 0x09, 0xac,
0x44, 0xf3, 0xc6, 0x8b, 0x30, 0x4c, 0x76, 0x0b,
0x55, 0x74, 0x10, 0x06, 0xda, 0xd4, 0x3d, 0x96,
0x7e, 0xc3, 0xf8, 0x22, 0x9c, 0x71, 0x1d, 0x9c
};
#endif
#if DSA_KEY_BLOB_2048
#define PRIV_LEN_B (20)
#define PUB_LEN_B (32*8)
#define P_LEN_B (32*8)
#define Q_LEN_B (20)
#define G_LEN_B (32*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
/* priv: */
0x1d, 0xe4, 0x81, 0x02, 0x52, 0x6b, 0x2b, 0x0e,
0x98, 0x08, 0xc8, 0xb9, 0x81, 0x40, 0xd1, 0x1e,
0x86, 0x69, 0x0d, 0xa9,
/* pub: */
0x70, 0xc4, 0x44, 0x28, 0x91, 0x77, 0x2b, 0x09,
0xde, 0xe8, 0x66, 0x0b, 0xa5, 0xc8, 0x05, 0xb4,
0x0a, 0x2d, 0x4f, 0x45, 0x8e, 0x0c, 0x8c, 0x38,
0x61, 0xf3, 0x77, 0x05, 0x64, 0xf7, 0xe6, 0xe9,
0x0b, 0x1f, 0x9b, 0x9f, 0x1f, 0xa1, 0x7e, 0x8f,
0x5b, 0x14, 0x70, 0x1d, 0x4d, 0x1c, 0xdc, 0x9d,
0xe0, 0x0a, 0xc4, 0x7b, 0x70, 0xfd, 0xef, 0xe6,
0x20, 0x2d, 0x17, 0x13, 0xd7, 0x1c, 0xc0, 0xbb,
0x5b, 0xce, 0x84, 0x6a, 0xa5, 0x4e, 0x27, 0x1c,
0x9e, 0xaa, 0xb2, 0xdc, 0xc1, 0xec, 0x74, 0x93,
0x67, 0xdb, 0xe1, 0xaa, 0x5a, 0x86, 0x1d, 0x8a,
0xa9, 0x28, 0x7e, 0xfc, 0xd5, 0x72, 0x94, 0x6c,
0x1d, 0x71, 0x85, 0x92, 0xa7, 0x6e, 0x84, 0x4f,
0x27, 0xf3, 0x7e, 0x04, 0x7d, 0xf2, 0x7c, 0x07,
0xa0, 0x7d, 0x02, 0x7c, 0x30, 0x70, 0xb5, 0x87,
0xc3, 0xf0, 0xc2, 0x0c, 0xdb, 0x26, 0x72, 0x33,
0x20, 0xca, 0xf0, 0x8b, 0x05, 0x20, 0x70, 0x98,
0x65, 0x03, 0xd7, 0xd4, 0x47, 0xf0, 0xb2, 0x6e,
0x2a, 0xbe, 0xcc, 0x83, 0x0d, 0xab, 0x60, 0x61,
0x26, 0x7b, 0xaf, 0xae, 0x18, 0x9e, 0x20, 0xeb,
0x12, 0x31, 0x18, 0x2e, 0x73, 0xca, 0xd4, 0x5e,
0x66, 0x74, 0x61, 0x07, 0x9b, 0x20, 0x68, 0x12,
0x88, 0xb1, 0xc5, 0x0f, 0x85, 0x9b, 0x45, 0x40,
0x7d, 0x76, 0x62, 0x73, 0xba, 0x41, 0x7b, 0xaf,
0xc7, 0xb9, 0x19, 0x7a, 0xd0, 0x55, 0xe6, 0xfd,
0xb5, 0xb9, 0xc4, 0x1b, 0x22, 0x47, 0x8f, 0x7b,
0xd7, 0x75, 0xe8, 0x7f, 0x01, 0xa2, 0x9b, 0x79,
0xde, 0xea, 0x55, 0x3c, 0x61, 0x4d, 0xcd, 0xce,
0x89, 0x8c, 0x76, 0x62, 0x12, 0x4d, 0xd4, 0x47,
0x03, 0x0e, 0xe8, 0xe2, 0xb8, 0xda, 0xca, 0x20,
0xb3, 0x64, 0xb6, 0x07, 0x06, 0x1b, 0xcb, 0x91,
0x51, 0x2c, 0x2e, 0xfa, 0xe1, 0xee, 0x1e, 0x78,
/* P: */
0x8d, 0x09, 0x00, 0x56, 0x63, 0x39, 0x42, 0x8d,
0x15, 0xd5, 0x1d, 0x86, 0x10, 0xde, 0xc7, 0xf4,
0x07, 0xe5, 0x81, 0xbe, 0x67, 0xee, 0xc5, 0x33,
0xd3, 0x41, 0x1b, 0xba, 0xd8, 0xa6, 0x61, 0x49,
0x2d, 0x66, 0xcf, 0x60, 0x9f, 0x52, 0x60, 0x6e,
0x0a, 0x16, 0xdc, 0x0b, 0x24, 0x1b, 0x62, 0x32,
0xc4, 0xab, 0x52, 0x17, 0xbf, 0xc5, 0xa2, 0x2a,
0xa4, 0x5e, 0x8c, 0xff, 0x97, 0x45, 0x51, 0xd9,
0xc3, 0xf2, 0x32, 0x4a, 0xb9, 0x08, 0xc1, 0x6a,
0x7b, 0x82, 0x93, 0x2a, 0x60, 0x29, 0x55, 0x1a,
0x36, 0x1f, 0x05, 0x4f, 0xf1, 0x43, 0x12, 0xb2,
0x73, 0x4e, 0xf6, 0x37, 0x65, 0x3d, 0x0b, 0x70,
0x08, 0xc7, 0x34, 0x0b, 0x4d, 0xc9, 0x08, 0x70,
0xaf, 0x4b, 0x95, 0x0b, 0x7c, 0x9f, 0xcf, 0xfc,
0x57, 0x94, 0x47, 0x6d, 0xd1, 0xaf, 0xc6, 0x52,
0xd9, 0xe2, 0x05, 0xce, 0xb2, 0xb8, 0x91, 0x6f,
0x5a, 0x77, 0x6b, 0x1b, 0xff, 0x97, 0x8c, 0x5e,
0x33, 0xfc, 0x80, 0x29, 0xdf, 0x83, 0x91, 0x0c,
0x28, 0x1b, 0x00, 0xb4, 0xc9, 0x3e, 0xb7, 0x67,
0xca, 0xab, 0x63, 0xd4, 0x48, 0xfe, 0xd2, 0xfd,
0x65, 0x57, 0x33, 0x25, 0xbd, 0xf1, 0xa5, 0x51,
0x51, 0x50, 0xf6, 0xcf, 0xfa, 0x0d, 0x67, 0x4e,
0x90, 0x08, 0x87, 0x34, 0xf6, 0x33, 0xc9, 0x58,
0xb1, 0x87, 0xf8, 0x5d, 0x73, 0x80, 0xde, 0x51,
0xcd, 0x17, 0x70, 0x3e, 0xa4, 0xa8, 0x4f, 0xda,
0xcd, 0xa2, 0x66, 0x0f, 0x95, 0xa7, 0xc6, 0xf7,
0x12, 0x2e, 0x27, 0x94, 0xa9, 0x26, 0x1b, 0x25,
0x16, 0x18, 0x99, 0x3b, 0x32, 0xaf, 0x71, 0x13,
0x35, 0xda, 0xb8, 0x71, 0x5b, 0x50, 0x7c, 0x7a,
0x9d, 0xcc, 0x0d, 0x95, 0xef, 0x6f, 0x64, 0x3c,
0x28, 0x4b, 0x15, 0xe9, 0xd4, 0xad, 0xcc, 0x56,
0xcb, 0x24, 0xf9, 0x61, 0x79, 0xd7, 0x56, 0xd3,
/* Q: */
0xf7, 0xdf, 0x85, 0xf5, 0x63, 0x36, 0x63, 0x71,
0x74, 0x34, 0x98, 0x19, 0xff, 0x79, 0xf2, 0xe2,
0x15, 0x75, 0x3c, 0x95,
/* G: */
0x0c, 0xf6, 0x8b, 0x1a, 0xbe, 0x66, 0x84, 0x98,
0xae, 0xcb, 0xb0, 0xd9, 0x75, 0x75, 0x32, 0x4b,
0xa3, 0xf2, 0x28, 0xa6, 0x6d, 0x13, 0xf2, 0xf3,
0xfd, 0x93, 0x91, 0xb1, 0x21, 0x1e, 0xcc, 0x08,
0x87, 0xce, 0x74, 0xb1, 0xd0, 0x19, 0x50, 0xff,
0xac, 0xef, 0x9f, 0x82, 0xda, 0x75, 0xda, 0x6d,
0x89, 0xf3, 0x0b, 0xdc, 0x27, 0x98, 0x85, 0x01,
0x68, 0xb7, 0xbd, 0x98, 0x83, 0xb1, 0xb0, 0x65,
0x31, 0x71, 0x43, 0x05, 0xa7, 0x76, 0x63, 0xe4,
0x7d, 0x61, 0x53, 0xc7, 0x3e, 0x3b, 0x82, 0x28,
0x65, 0x07, 0xfe, 0x9e, 0xa3, 0x35, 0x2c, 0xdc,
0x9e, 0x05, 0x7c, 0x9a, 0x69, 0xc6, 0x9f, 0xc2,
0x3f, 0x94, 0x6b, 0xad, 0xa4, 0x2b, 0x5d, 0x48,
0x9e, 0x2c, 0xad, 0xd2, 0x89, 0x49, 0xdc, 0xdb,
0x55, 0x49, 0x56, 0xaf, 0xe9, 0x0e, 0x37, 0xe7,
0x1f, 0x42, 0x6a, 0x7c, 0xac, 0xe8, 0x1b, 0xbb,
0x21, 0x82, 0x14, 0x72, 0x17, 0x64, 0xf0, 0x3c,
0x3d, 0xc1, 0x43, 0x27, 0x27, 0x9f, 0xe9, 0x21,
0xf2, 0x2f, 0xf7, 0xfa, 0x3c, 0xed, 0xbf, 0xab,
0xab, 0xb7, 0x3c, 0x6d, 0x1e, 0x85, 0x9f, 0x77,
0x4f, 0x69, 0x09, 0x4e, 0xed, 0x13, 0x84, 0x40,
0x1a, 0xc6, 0xa1, 0xd9, 0x68, 0xb6, 0x18, 0x32,
0x79, 0x25, 0x9e, 0xa6, 0x41, 0x30, 0xd1, 0xc2,
0x7a, 0x8f, 0x0d, 0x46, 0xee, 0xda, 0xb0, 0xbf,
0x64, 0x42, 0x59, 0x7e, 0x22, 0x88, 0xd6, 0x52,
0xec, 0xed, 0xc4, 0x13, 0xb1, 0x7f, 0x5c, 0x77,
0x4c, 0xfd, 0x22, 0x90, 0xd3, 0xe3, 0xa9, 0xc1,
0x0f, 0x25, 0xac, 0xd5, 0x04, 0x84, 0xe6, 0xa8,
0xc7, 0xb4, 0x4f, 0xa2, 0x67, 0xae, 0xaa, 0x92,
0xe9, 0x0a, 0xed, 0x45, 0x5b, 0xf0, 0x1b, 0x69,
0xec, 0xaf, 0x7d, 0xf2, 0x71, 0x25, 0xbf, 0x92,
0xd4, 0xd0, 0x5b, 0xde, 0x5a, 0x2d, 0x18, 0x8e
};
#endif
void load_dsa_key_blob(dsa_ctx_t* ctx){
if(ctx->priv.wordv){
free(ctx->priv.wordv);
}
ctx->priv.wordv = malloc(ALL_LEN_B);
if(ctx->priv.wordv==NULL){
cli_putstr("\r\nERROR: OUT OF MEMORY!!!");
return;
}
memcpy(ctx->priv.wordv, dsa_key_blob, ALL_LEN_B);
ctx->priv.length_W=(PRIV_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->pub.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B);
ctx->pub.length_W = (PUB_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.p.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B);
ctx->domain.p.length_W = (P_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.q.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B);
ctx->domain.q.length_W = (Q_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.g.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B);
ctx->domain.g.length_W = (G_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
bigint_changeendianess(&(ctx->priv));
bigint_changeendianess(&(ctx->pub));
bigint_changeendianess(&(ctx->domain.p));
bigint_changeendianess(&(ctx->domain.q));
bigint_changeendianess(&(ctx->domain.g));
bigint_adjust(&(ctx->priv));
bigint_adjust(&(ctx->pub));
bigint_adjust(&(ctx->domain.p));
bigint_adjust(&(ctx->domain.q));
bigint_adjust(&(ctx->domain.g));
}

25
dsa/dsa_key_blob.h

@ -0,0 +1,25 @@
/* dsa_key_blob.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_KEY_BLOB_H_
#define DSA_KEY_BLOB_H_
void load_dsa_key_blob(dsa_ctx_t* ctx);
#endif /* DSA_KEY_BLOB_H_ */

76
dsa/dsa_sign.c

@ -0,0 +1,76 @@
/* dsa_sign.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hashfunction_descriptor.h"
#include "hfal-basic.h"
#define MAX(a,b) (((a)>(b))?(a):(b))
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k){
bigint_t tmp, tmp2;
bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5];
tmp.wordv= tmp_b;
tmp2.wordv = tmp2_b;
bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p));
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->r), &tmp);
bigint_mul_u(&tmp, &tmp, &(ctx->priv));
bigint_add_u(&tmp, &tmp, m);
bigint_inverse(&tmp2, k, &(ctx->domain.q));
bigint_mul_u(&tmp, &tmp, &tmp2);
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->s), &tmp);
if(s->s.length_W==0 || s->r.length_W==0){
return 1;
}
return 0;
}
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void)){
bigint_t z, k;
uint16_t i, n_B = ctx->domain.q.length_W;
unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8));
bigint_word_t hash_value[hash_length];
bigint_word_t k_b[n_B];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
k.wordv = k_b;
k.length_W = n_B;
do{
for(i=0; i<n_B*sizeof(bigint_word_t); ++i){
((uint8_t*)k_b)[i] = rand_in();
}
k.length_W = n_B;
bigint_adjust(&k);
}while(dsa_sign_bigint(s, &z, ctx, &k));
return 0;
}

78
dsa/dsa_verify.c

@ -0,0 +1,78 @@
/* dsa_verify.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hfal-basic.h"
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx){
if(s->r.length_W==0 || s->s.length_W==0){
return DSA_SIGNATURE_FAIL;
}
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
return DSA_SIGNATURE_FAIL;
}
bigint_t w, u1, u2, v1, v2;
bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
w.wordv = w_b;
u1.wordv = u1_b;
u2.wordv = u2_b;
v1.wordv = v1_b;
v2.wordv = v2_b;
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
bigint_mul_u(&u1, &w, m);
bigint_reduce(&u1, &(ctx->domain.q));
bigint_mul_u(&u2, &w, &(s->r));
bigint_reduce(&u2, &(ctx->domain.q));
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
bigint_mul_u(&v1, &v1, &v2);
bigint_reduce(&v1, &(ctx->domain.p));
bigint_reduce(&v1, &(ctx->domain.q));
if(bigint_cmp_u(&v1, &(s->r))==0){
return DSA_SIGNATURE_OK;
}
return DSA_SIGNATURE_FAIL;
}
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
bigint_t z;
uint16_t n_B = ctx->domain.q.length_W;
unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
bigint_word_t hash_value[hash_length];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
bigint_adjust(&z);
return dsa_verify_bigint(s, &z, ctx);
}

135
entropium/entropium.c

@ -0,0 +1,135 @@
/* entropium.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file entropium.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2006-05-17
* \license GPLv3 or later
* \brief This file contains an implementaition of a pseudo-random-number generator.
*
* Extension 1:
* rndCore is expanded to 512 bits for more security.
*
\verbatim
################################################################################################
# #
# +---------------------------+ #
# | | #
# V | #
# (concat) | #
+---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+
| entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
+---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+
# (xor) (xor) | #
# ^ ^ | #
# \ / | #
# (offset)---------------------+ #
# #
################################################################################################
\endverbatim
*/
#include <inttypes.h>
#include <string.h>
#include "sha256.h"
#include "entropium.h"
#include <stdio.h>
/**
* \brief secret entropy pool.
* This is the core of the random which is generated
*/
static
uint32_t rndCore[16];
/*************************************************************************/
/* idea is: hash the message and add it via xor to rndCore
*
* length in bits
*
* we simply first "hash" rndCore, then entropy.
*/
void entropium_addEntropy(unsigned length_b, const void* data){
sha256_ctx_t s;
static uint8_t offset=0; /* selects if higher or lower half gets updated */
sha256_init(&s);
sha256_nextBlock(&s, rndCore);
while (length_b>=512){
sha256_nextBlock(&s, data);
data = (uint8_t*)data+ 512/8;
length_b -= 512;
}
sha256_lastBlock(&s, data, length_b);
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
}
/*************************************************************************/
void entropium_getRandomBlock(void *b){
sha256_ctx_t s;
uint8_t offset=8;
sha256_init(&s);
sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
memcpy(b, s.h, 32); /* back up first hash in b */
((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
sha256_init(&s);
sha256_lastBlock(&s, b, 256);
memcpy(b, s.h, 32);
}
/*************************************************************************/
uint8_t entropium_getRandomByte(void){
static uint8_t block[32];
static uint8_t i = 0;
if(i == 0){
entropium_getRandomBlock((void*)block);
i = 32;
}
return block[--i];
}
void entropium_fillBlockRandom(void* block, unsigned length_B){
while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
entropium_getRandomBlock(block);
block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
}
while(length_B){
*((uint8_t*)block) = entropium_getRandomByte();
block= (uint8_t*)block +1; --length_B;
}
}

84
entropium/entropium.h

@ -0,0 +1,84 @@
/* entropium.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* File: entropium.h
* Author: Daniel Otte
* Date: 23.07.2006
* License: GPL
* Description: This file contains the declarations for the pseudo-random-number generator.
**/
/**
* \file entropium.h
* \author Daniel Otte
* \date 23.07.2006
* \license GPLv3 or later
* \brief This file contains the declarations for the pseudo-random-number generator.
**/
#ifndef ENTROPIUM_H_
#define ENTROPIUM_H_
#include <stdint.h>
/*
* length in bits
*/
#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */
/** \fn void entropium_addEntropy(unsigned length_b, const void* data)
* \brief add entropy to the prng
*
* This function adds data to the internal entropy pool
* \param length_b length of the data block in bits
* \param data pointer to the data
*/
void entropium_addEntropy(unsigned length_b, const void* data);
/** \fn void entropium_getRandomBlock(void* b)
* \brief generate a fixed size block of random data
*
* This function writes 32 bytes of random extracted from the entropy pool
* in the supplied buffer.
* \param b buffer where the random data gets written
*/
void entropium_getRandomBlock(void* b);
/** \fn uint8_t entropium_getRandomByte(void)
* \brief get a single byte of random data
*
* This function utilizes a internal buffer which gets automatically filled
* again.
* \return a byte of random data
*/
uint8_t entropium_getRandomByte(void);
/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B)
* \brief get a block of random data
*
* This function writes random data extracted from the entropy pool in the
* supplied buffer. It shares a internal buffer with the
* entropium_getRandomByte() function.
* \param block pointer to the buffer where the random data goes
* \param length_B number of bytes to be written to the buffer
*/
void entropium_fillBlockRandom(void* block, unsigned length_B);
#endif /*PRNG_H_*/

130
hmac-md5/hmac-md5.c

@ -0,0 +1,130 @@
/* hmac-md5.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "md5.h"
#include "hmac-md5.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){
uint8_t buffer[MD5_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, MD5_BLOCK_BYTES);
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
md5_init(&(s->a));
md5_nextBlock(&(s->a), buffer);
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
md5_init(&(s->b));
md5_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, MD5_BLOCK_BYTES);
#endif
}
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){
md5_nextBlock(&(s->a), block);
}
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){
md5_lastBlock(&(s->a), block, length_b);
}
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){
md5_ctx2hash((md5_hash_t*)dest, &(s->a));
md5_lastBlock(&(s->b), dest, MD5_HASH_BITS);
md5_ctx2hash((md5_hash_t*)dest, &(s->b));
}
#endif
/*
void hmac_md5_nextBlock()
void hmac_md5_lastBlock()
*/
/*
* keylength in bits!
* message length in bits!
*/
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/
md5_ctx_t s;
uint8_t i;
uint8_t buffer[MD5_BLOCK_BYTES];
memset(buffer, 0, MD5_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);