From 2a4779378a7bf4322a0e6b2024284092135e8a3d Mon Sep 17 00:00:00 2001 From: bg Date: Tue, 18 Sep 2012 20:19:51 +0200 Subject: [PATCH] forgotten file (a lot of them) --- camellia/camellia.h | 37 ++ camellia/camellia_C.c | 494 +++++++++++++++++ dsa/dsa.h | 59 +++ dsa/dsa_key_blob.c | 306 +++++++++++ dsa/dsa_key_blob.h | 25 + dsa/dsa_sign.c | 76 +++ dsa/dsa_verify.c | 78 +++ entropium/entropium.c | 135 +++++ entropium/entropium.h | 84 +++ hmac-md5/hmac-md5.c | 130 +++++ hmac-md5/hmac-md5.h | 42 ++ hmac-sha1/hmac-sha1.c | 131 +++++ hmac-sha1/hmac-sha1.h | 41 ++ hmac-sha256/hmac-sha256.c | 130 +++++ hmac-sha256/hmac-sha256.h | 43 ++ main_headers | 175 ++++++ mkfiles/001_scal_std.mk | 4 + mkfiles/002_bcal_algos.mk | 26 + mkfiles/002_hfal_algos.mk | 27 + mkfiles/002_scal_algos.mk | 14 + mkfiles/bmw_asm.mk | 13 + mkfiles/bmw_asm_speed.mk | 13 + mkfiles/bmw_asmmix_speed.mk | 13 + mkfiles/camellia_c.mk | 14 + mkfiles/dsa.mk | 14 + mkfiles/entropium.mk | 14 + mkfiles/hmac-md5.mk | 14 + mkfiles/hmac-sha1.mk | 14 + mkfiles/hmac-sha256.mk | 14 + mkfiles/zza_lib_cli_std.mk | 11 + rsa/rsaes_oaep.c | 228 ++++++++ rsa/rsaes_oaep.h | 55 ++ rsa/rsaes_pkcs1v15.c | 142 +++++ rsa/rsaes_pkcs1v15.h | 36 ++ streamcipher_descriptor.h | 111 ++++ test_src/main-camellia-test.c | 195 +++++++ test_src/main-dsa-test.c | 207 ++++++++ test_src/main-entropium-test.c | 106 ++++ test_src/main-hmac-md5-test.c | 183 +++++++ test_src/main-hmac-sha1-test.c | 76 +++ test_src/main-hmac-sha256-test.c | 95 ++++ test_src/main-rsaes_oaep-test.c | 794 ++++++++++++++++++++++++++++ test_src/main-rsaes_pkcs1v15-test.c | 714 +++++++++++++++++++++++++ test_src/main-sha2-test.c | 217 ++++++++ test_src/nessie_bc_test.c | 214 ++++++++ test_src/nessie_bc_test.h | 47 ++ test_src/nessie_mac_test.c | 302 +++++++++++ test_src/nessie_mac_test.h | 47 ++ test_src/nessie_stream_test.c | 185 +++++++ test_src/nessie_stream_test.h | 42 ++ 50 files changed, 6187 insertions(+) create mode 100644 camellia/camellia.h create mode 100644 camellia/camellia_C.c create mode 100644 dsa/dsa.h create mode 100644 dsa/dsa_key_blob.c create mode 100644 dsa/dsa_key_blob.h create mode 100644 dsa/dsa_sign.c create mode 100644 dsa/dsa_verify.c create mode 100644 entropium/entropium.c create mode 100644 entropium/entropium.h create mode 100644 hmac-md5/hmac-md5.c create mode 100644 hmac-md5/hmac-md5.h create mode 100644 hmac-sha1/hmac-sha1.c create mode 100644 hmac-sha1/hmac-sha1.h create mode 100644 hmac-sha256/hmac-sha256.c create mode 100644 hmac-sha256/hmac-sha256.h create mode 100644 main_headers create mode 100644 mkfiles/001_scal_std.mk create mode 100644 mkfiles/002_bcal_algos.mk create mode 100644 mkfiles/002_hfal_algos.mk create mode 100644 mkfiles/002_scal_algos.mk create mode 100644 mkfiles/bmw_asm.mk create mode 100644 mkfiles/bmw_asm_speed.mk create mode 100644 mkfiles/bmw_asmmix_speed.mk create mode 100644 mkfiles/camellia_c.mk create mode 100644 mkfiles/dsa.mk create mode 100644 mkfiles/entropium.mk create mode 100644 mkfiles/hmac-md5.mk create mode 100644 mkfiles/hmac-sha1.mk create mode 100644 mkfiles/hmac-sha256.mk create mode 100644 mkfiles/zza_lib_cli_std.mk create mode 100644 rsa/rsaes_oaep.c create mode 100644 rsa/rsaes_oaep.h create mode 100644 rsa/rsaes_pkcs1v15.c create mode 100644 rsa/rsaes_pkcs1v15.h create mode 100644 streamcipher_descriptor.h create mode 100644 test_src/main-camellia-test.c create mode 100644 test_src/main-dsa-test.c create mode 100644 test_src/main-entropium-test.c create mode 100644 test_src/main-hmac-md5-test.c create mode 100644 test_src/main-hmac-sha1-test.c create mode 100644 test_src/main-hmac-sha256-test.c create mode 100644 test_src/main-rsaes_oaep-test.c create mode 100644 test_src/main-rsaes_pkcs1v15-test.c create mode 100644 test_src/main-sha2-test.c create mode 100644 test_src/nessie_bc_test.c create mode 100644 test_src/nessie_bc_test.h create mode 100644 test_src/nessie_mac_test.c create mode 100644 test_src/nessie_mac_test.h create mode 100644 test_src/nessie_stream_test.c create mode 100644 test_src/nessie_stream_test.h diff --git a/camellia/camellia.h b/camellia/camellia.h new file mode 100644 index 0000000..15087c1 --- /dev/null +++ b/camellia/camellia.h @@ -0,0 +1,37 @@ +/* camellia.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef CAMELLIA_H_ +#define CAMELLIA_H_ + +#include + +typedef struct camellia128_ctx_s{ + uint64_t klr; + uint64_t kll; + uint64_t kar; + uint64_t kal; +}camellia128_ctx_t; + + +void camellia128_init(const void* key, camellia128_ctx_t* s); +void camellia128_enc(void* block, const camellia128_ctx_t* s); +void camellia128_dec(void* block, const camellia128_ctx_t* s); + + +#endif /*CAMELLIA_H_*/ diff --git a/camellia/camellia_C.c b/camellia/camellia_C.c new file mode 100644 index 0000000..4dfd161 --- /dev/null +++ b/camellia/camellia_C.c @@ -0,0 +1,494 @@ +/* camellia_C.c */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * + * + * + */ + +#include +#include "camellia.h" +#if 0 + #include "cli.h" + #include "debug.h" + #include +#endif +/*****************************************************************************/ + +static +uint8_t rol(uint8_t a, uint8_t n){ + return ((a<>(8-n))); +} + +/*****************************************************************************/ + +static +uint8_t ror(uint8_t a, uint8_t n){ + return ((a<<(8-n)) | (a>>n)); +} + +/*****************************************************************************/ + +static +uint32_t rol32(uint32_t a, uint8_t n){ + return ((a<>(32-n))); +} + +/*****************************************************************************/ +/* +static +uint64_t rol64(uint64_t a, uint8_t n){ + return ((a<>(64-n))); +} +*/ +/*****************************************************************************/ + +static +const uint8_t camellia_s1_table[256] = { + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 +}; + +/*****************************************************************************/ + +static +uint8_t camellia_s1(uint8_t b){ + return camellia_s1_table[b]; +} + +/*****************************************************************************/ + +static +uint8_t camellia_s2(uint8_t b){ + return rol(camellia_s1_table[b], 1); +} + +/*****************************************************************************/ + +static +uint8_t camellia_s3(uint8_t b){ + return ror(camellia_s1_table[b], 1); +} + +/*****************************************************************************/ + +static +uint8_t camellia_s4(uint8_t b){ + return camellia_s1_table[rol(b, 1)]; +} + +/*****************************************************************************/ + +static +uint64_t camellia_s(uint64_t d){ +// cli_putstr("\n\r S von "); cli_hexdump(&(d), 8); + #define D ((uint8_t*)(&d)) + D[7] = camellia_s1(D[7]); + D[6] = camellia_s2(D[6]); + D[5] = camellia_s3(D[5]); + D[4] = camellia_s4(D[4]); + + D[3] = camellia_s2(D[3]); + D[2] = camellia_s3(D[2]); + D[1] = camellia_s4(D[1]); + D[0] = camellia_s1(D[0]); + #undef D +// cli_putstr(" ist "); cli_hexdump(&(d), 8); + return d; +} + +/*****************************************************************************/ + +static +uint64_t camellia_p(uint64_t d){ + uint64_t z=0; + #define D ((uint8_t*)(&d)) + #define Z ((uint8_t*)(&z)) +/* + Z[0] = D[4] ^ D[3] ^ D[1]; + Z[1] = D[5] ^ D[0] ^ D[2]; + Z[2] = D[6] ^ D[1] ^ D[3]; + Z[3] = D[7] ^ D[2] ^ D[0]; + Z[4] = D[0] ^ D[6] ^ D[5]; + Z[5] = D[1] ^ D[7] ^ D[6]; + Z[6] = D[2] ^ D[4] ^ D[7]; + Z[7] = D[3] ^ D[5] ^ D[4]; +*/ +// Z[7] = z1 z3 z4 z6 z7 z8 +// cli_putstr("\n\r P von "); cli_hexdump(&(d), 8); + + Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0]; + Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0]; + Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0]; + Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ; + Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0]; + Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0]; + Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0]; + Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ; + +// cli_putstr(" ist "); cli_hexdump(&(z), 8); + + #undef Z + #undef D + return z; +} + +/*****************************************************************************/ + +static +uint64_t camellia_f(uint64_t x, uint64_t k){ + uint64_t y; + y = camellia_p(camellia_s(x ^ k)); + return y; +} + +/*****************************************************************************/ + +static +uint64_t camellia_fl(uint64_t x, uint64_t k){ +// uint64_t lx, lk, y; + uint32_t lx[2], lk[2], yr, yl; + lx[0]=(uint32_t)x; + lx[1]=(uint32_t)(x>>32); + lk[0]=(uint32_t)k; + lk[1]=(uint32_t)(k>>32); + #define Y ((uint32_t*)y) + #define X ((uint32_t*)lx) + #define K ((uint32_t*)lk) + + yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */ + yl = (yr | K[0]) ^ (X[1]); /* Yl */ + +/* + cli_putstr("\r\nFL("); + cli_hexdump(&(x), 8); + cli_putstr(", "); + cli_hexdump(&(k), 8); + cli_putstr(") = "); + cli_hexdump(y, 8); +*/ + #undef K + #undef X + #undef Y + return (((uint64_t)yl)<<32 | yr); +} + +/*****************************************************************************/ + +static +uint64_t camellia_fl_inv(uint64_t y, uint64_t k){ +//volatile uint32_t xl, xr; + uint32_t ly[2], lk[2], x[2]; + ly[0]=(uint32_t)y; + ly[1]=(uint32_t)(y>>32); + lk[0]=(uint32_t)k; + lk[1]=(uint32_t)(k>>32); + #define Y ((uint32_t*)ly) + #define X ((uint32_t*)x) + #define K ((uint32_t*)lk) + + X[1]=(Y[0] | K[0]) ^ Y[1]; + X[0]=rol32((X[1] & K[1]),1) ^ Y[0]; + +/* + cli_putstr("\r\nFL_inv("); + cli_hexdump(&(y), 8); + cli_putstr(", "); + cli_hexdump(&(k), 8); + cli_putstr(") = "); +*/ + #undef K + #undef X + #undef Y + return ((uint64_t)(x[1]))<<32 | x[0]; +} + +/*****************************************************************************/ + +static +const uint64_t camellia_sigma_table[6] = { + 0xA09E667F3BCC908BLL, + 0xB67AE8584CAA73B2LL, + 0xC6EF372FE94F82BELL, + 0x54FF53A5F1D36F1CLL, + 0x10E527FADE682D1DLL, + 0xB05688C2B3E6C1FDLL +}; + +/*****************************************************************************/ +#if 0 +void camellia128_ctx_dump(camellia128_ctx_t *s){ + cli_putstr("\r\n==State Dump=="); + cli_putstr("\n\rKAl: "); cli_hexdump(&(s->kal), 8); + cli_putstr("\n\rKAr: "); cli_hexdump(&(s->kar), 8); + cli_putstr("\n\rKLl: "); cli_hexdump(&(s->kll), 8); + cli_putstr("\n\rKLr: "); cli_hexdump(&(s->klr), 8); + return; +} +#endif +/*****************************************************************************/ + +void camellia128_init(const void* key, camellia128_ctx_t* s){ + uint8_t i; + s->kll = 0; //((uint64_t*)key)[0]; + + /* load the key, endian-adjusted, to kll,klr */ + for(i=0; i<8; ++i){ + s->kll <<= 8; + s->kll |= *((uint8_t*)key); + key = (uint8_t*)key+1; + } + for(i=0; i<8; ++i){ + s->klr <<= 8; + s->klr |= *((uint8_t*)key); + key = (uint8_t*)key+1; + } + + s->kal = s->kll; + s->kar = s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma_table[0]); + s->kal ^= camellia_f(s->kar, camellia_sigma_table[1]); + + s->kal ^= s->kll; + s->kar ^= s->klr; + + s->kar ^= camellia_f(s->kal, camellia_sigma_table[2]); + s->kal ^= camellia_f(s->kar, camellia_sigma_table[3]); + /**/ +// cli_putstr("\n\r----------------init finished--------------------"); +} + +/*****************************************************************************/ + +static +void camellia128_keyop(camellia128_ctx_t* s, int8_t q){ + /* first we do 16 bit left-rols for kl and ka (128bit each) */ + uint32_t temp; + + temp = (s->kal)>>(64-16-q); + s->kal = s->kal<<(16+q) | s->kar>>(64-16-q); + s->kar = s->kar<<(16+q) | temp; + + temp = (s->kll)>>(64-16-q); + s->kll = s->kll<<(16+q) | s->klr>>(64-16-q); + s->klr = s->klr<<(16+q) | temp; + /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */ +} + +/*****************************************************************************/ + +static +void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){ + /* first we do 16 bit right-rols for kl and ka (128bit each) */ + uint32_t temp; + + temp = (s->kar)&(0xffffff>>(24-16-q)); + s->kar = s->kar>>(16+q) | s->kal<<(64-16-q); + s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q); + + temp = (s->klr)&(0xffffff>>(24-16-q)); + s->klr = s->klr>>(16+q) | s->kll<<(64-16-q); + s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q); + /* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */ +} + +/*****************************************************************************/ + +#define SEL_KA 1 +#define SEL_KL 0 + +#define KEY_POSTC1 0x00 +#define KEY_POSTC2 0x01 +#define KEY_INC2 0x02 + +#define KEY_DIR 0x04 +#define KEY_DIR_NORM 0x00 +#define KEY_DIR_INV 0x04 + +#define KEY_AMMOUNT 0x08 +#define KEY_ROL17 0x08 +#define KEY_ROL15 0x00 + +static +void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){ + uint8_t i; + uint64_t* k[4]; + k[0] = &(((camellia128_ctx_t*)s)->kll); + k[1] = &(((camellia128_ctx_t*)s)->klr); + k[2] = &(((camellia128_ctx_t*)s)->kal); + k[3] = &(((camellia128_ctx_t*)s)->kar); + for(i=0; i<3; ++i){ /* each cycle */ + br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)])); + keychoice >>= 1; + + if((i == 1) && (roundop&KEY_INC2)){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1); + } + + bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)])); + keychoice >>= 1; + + /* check if we should do some keyop */ + if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){ + ((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1); + /* isn't it fuckin nice what we can do in C?! */ + } + } +} + +/*****************************************************************************/ + +static +void change_endian(void* data, uint8_t length){ + uint8_t i,a; + for(i=0; ikll; + BR ^= s->klr; + + /* the first 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33); + /* FL injection */ + camellia128_keyop((camellia128_ctx_t*)s, -1); + BL = camellia_fl(BL, s->kal); + BR = camellia_fl_inv(BR, s->kar); + camellia128_keyop((camellia128_ctx_t*)s, -1); + /* middle 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34); + /* FL injection */ + camellia128_keyop((camellia128_ctx_t*)s, 1); + BL = camellia_fl(BL, s->kll); + BR = camellia_fl_inv(BR, s->klr); + camellia128_keyop((camellia128_ctx_t*)s, 1); + /* last 6 */ + camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C); + /* Postwhitening */ + BR ^= s->kal; + BL ^= s->kar; + + temp64 = BR; + BR = BL; + BL = temp64; + + camellia128_keyop((camellia128_ctx_t*)s,1); + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + + #undef BL + #undef BR +} + +/*****************************************************************************/ + +void camellia128_dec(void* block, const camellia128_ctx_t* s){ + + #define BL (((uint64_t*)block)[1]) + #define BR (((uint64_t*)block)[0]) + /* endian adjustment */ + /*BL*/ + /* 1 2 3 4 5 6 7 8 + * 8 7 6 5 4 3 2 1 + */ + + uint64_t temp64; + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); + /* Prewhitening */ + BR ^= s->kal; /* kw3 */ + BL ^= s->kar; /* kw4 */ + /* the first 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C); + /* FL injection */ + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); + BR = camellia_fl(BR, s->klr); + BL = camellia_fl_inv(BL, s->kll); + camellia128_keyop_inv((camellia128_ctx_t*)s, 1); + /* middle 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B); + /* FL injection */ + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); + BR = camellia_fl(BR, s->kar); + BL = camellia_fl_inv(BL, s->kal); + camellia128_keyop_inv((camellia128_ctx_t*)s, -1); + /* last 6 */ + camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33); + + /* Postwhitening */ + BL ^= s->kll; /* kw1 */ + BR ^= s->klr; /* kw2 */ + + temp64 = BR; + BR = BL; + BL = temp64; + + change_endian(&BL, 64/8); + change_endian(&BR, 64/8); + +} + + + +/*****************************************************************************/ +/*****************************************************************************/ + + + +/* EOF */ diff --git a/dsa/dsa.h b/dsa/dsa.h new file mode 100644 index 0000000..ab744b2 --- /dev/null +++ b/dsa/dsa.h @@ -0,0 +1,59 @@ +/* dsa.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef DSA_H_ +#define DSA_H_ + +#include +#include "hfal-basic.h" +#include "bigint.h" + +typedef struct{ + bigint_t p; + bigint_t q; + bigint_t g; +} dsa_domainparameters_t; + +typedef bigint_t dsa_pubkey_t; +typedef bigint_t dsa_privkey_t; +typedef struct{ + bigint_t r; + bigint_t s; +} dsa_signature_t; + +typedef struct{ + dsa_privkey_t priv; + dsa_pubkey_t pub; + dsa_domainparameters_t domain; +} dsa_ctx_t; + +#define DSA_SIGNATURE_OK 1 +#define DSA_SIGNATURE_FAIL 0 + +uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m, + const dsa_ctx_t* ctx, const bigint_t* k); +uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b, + const hfdesc_t* hash_desc, const dsa_ctx_t* ctx, + uint8_t(*rand_in)(void)); +uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m, + const dsa_ctx_t* ctx); +uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b, + const hfdesc_t* hash_desc, const dsa_ctx_t* ctx); + +#endif /* DSA_H_ */ diff --git a/dsa/dsa_key_blob.c b/dsa/dsa_key_blob.c new file mode 100644 index 0000000..82f3b60 --- /dev/null +++ b/dsa/dsa_key_blob.c @@ -0,0 +1,306 @@ +/* dsa_key_blob.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include "cli.h" +#include "dsa.h" +#include "bigint.h" + + +#define DSA_KEY_BLOB_SIZE 1024 + +#if DSA_KEY_BLOB_SIZE == 512 + +#define PRIV_LEN_B (20) +#define PUB_LEN_B (8*8) +#define P_LEN_B (8*8) +#define Q_LEN_B (20) +#define G_LEN_B (8*8) +#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B) + + +static const uint8_t dsa_key_blob[] = { + +// priv: + 0xac, 0xe6, 0xef, 0x99, 0x08, 0xe8, 0x5f, 0xc8, + 0xc7, 0x51, 0x97, 0x99, 0xf4, 0xd3, 0x00, 0x0f, + 0x49, 0x72, 0xee, 0x46, +// pub: + 0x18, 0x02, 0x53, 0x09, 0x61, 0xad, 0x0b, 0x9d, + 0x44, 0x80, 0x8d, 0xb4, 0x52, 0xdc, 0xb5, 0xf2, + 0x11, 0x20, 0x41, 0xc7, 0xd9, 0x7c, 0x7c, 0x6c, + 0xa0, 0x9e, 0xca, 0x0d, 0xff, 0x28, 0x3c, 0x64, + 0xfa, 0x92, 0xbb, 0x2c, 0xe9, 0x9b, 0x10, 0x94, + 0xa5, 0x8d, 0x03, 0x50, 0xa5, 0x59, 0xd4, 0x3f, + 0x57, 0x78, 0x8d, 0xcf, 0x0a, 0x99, 0x5d, 0xa3, + 0x2e, 0x80, 0xfa, 0x99, 0x44, 0x73, 0x6d, 0x9a, +// P: + 0x9f, 0x2d, 0xc8, 0x3c, 0x34, 0xf9, 0xa1, 0xbc, + 0x6a, 0xa7, 0x49, 0x17, 0xd3, 0x82, 0xa2, 0xe2, + 0x25, 0x31, 0xc4, 0x3d, 0x1a, 0x3f, 0x0f, 0x8a, + 0x8b, 0x84, 0x3c, 0x6c, 0x9c, 0xdd, 0x42, 0xd9, + 0x1a, 0x22, 0xf2, 0x55, 0x98, 0xee, 0x7d, 0x98, + 0x9c, 0x9a, 0x91, 0x42, 0x5f, 0x4f, 0xa8, 0x32, + 0xa0, 0xb0, 0x0f, 0x79, 0xe2, 0x76, 0x08, 0x78, + 0x6e, 0xba, 0xf7, 0x74, 0x43, 0x4a, 0xf2, 0xdf, +// Q: + 0xdb, 0x30, 0x69, 0xe6, 0x59, 0x77, 0xee, 0x38, + 0xea, 0xf7, 0xcc, 0x18, 0x83, 0xcf, 0xb4, 0x21, + 0xbc, 0xcf, 0x9a, 0x77, +// G: + 0x73, 0x90, 0x27, 0x68, 0xe7, 0xe9, 0x3a, 0x45, + 0x6f, 0x7f, 0x95, 0xca, 0x9b, 0xfd, 0x33, 0x75, + 0x75, 0xff, 0x0f, 0xe7, 0x69, 0xfd, 0xb7, 0x07, + 0x0f, 0x6c, 0x3a, 0xec, 0x47, 0x82, 0x78, 0xb2, + 0xb3, 0x0b, 0x7f, 0x11, 0x9d, 0x34, 0x3e, 0xff, + 0xb8, 0x09, 0x42, 0x82, 0x81, 0x21, 0xad, 0x2b, + 0x51, 0x20, 0xec, 0x9e, 0xf8, 0x15, 0xaa, 0x3d, + 0x5f, 0x29, 0x2d, 0xb5, 0xc5, 0x64, 0x53, 0x2d +}; + +#endif + +#if DSA_KEY_BLOB_SIZE == 1024 + +#define PRIV_LEN_B (20) +#define PUB_LEN_B (16*8) +#define P_LEN_B (16*8) +#define Q_LEN_B (20) +#define G_LEN_B (16*8) +#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B) + +static const uint8_t dsa_key_blob[] = { + // priv: +// 0x00, 0x00, 0x00, 0x00, + 0x03, 0xad, 0x17, 0x81, 0x0f, 0x70, 0x7f, 0x89, + 0xa2, 0x0a, 0x70, 0x1c, 0x3b, 0x24, 0xff, 0xd2, + 0x39, 0x93, 0xd7, 0x8d, + // pub: + 0x42, 0x1c, 0xb2, 0x03, 0xe5, 0xc6, 0x69, 0x81, + 0x1e, 0x35, 0x85, 0x86, 0xd7, 0x94, 0xd2, 0x1f, + 0x77, 0x05, 0x2f, 0xcc, 0xa5, 0x69, 0x46, 0x8f, + 0xe1, 0x9f, 0x82, 0xf6, 0x24, 0x2c, 0x64, 0x1b, + 0x29, 0x63, 0xd5, 0xb3, 0x32, 0xdc, 0xd9, 0x5a, + 0x4e, 0x92, 0xd9, 0x69, 0xcc, 0x51, 0x81, 0xc2, + 0xa3, 0x7e, 0xd7, 0xf8, 0x72, 0x1f, 0x8d, 0xd4, + 0xe8, 0x59, 0xb0, 0xaa, 0xdd, 0xa0, 0x73, 0xe6, + 0xc4, 0x50, 0x7f, 0x4c, 0x7c, 0xde, 0x35, 0x27, + 0x49, 0x36, 0x23, 0x36, 0xe4, 0x90, 0x54, 0x24, + 0x45, 0x99, 0xa3, 0x10, 0xc3, 0x59, 0x2f, 0x61, + 0xff, 0x75, 0xf0, 0x51, 0x1d, 0xa0, 0x8f, 0x69, + 0xc1, 0x1e, 0x3e, 0x65, 0xaf, 0x82, 0x9e, 0xa9, + 0x91, 0x17, 0x04, 0x7c, 0x56, 0xd1, 0x68, 0x8a, + 0x4b, 0xc9, 0x48, 0x92, 0xaf, 0x72, 0xca, 0xbf, + 0xf2, 0x2b, 0x9e, 0x42, 0x92, 0x46, 0x19, 0x64, + // P: + 0x97, 0x40, 0xda, 0x05, 0x19, 0x77, 0xb7, 0x17, + 0x4b, 0x7d, 0xc0, 0x5b, 0x81, 0xdd, 0xcc, 0x0b, + 0x86, 0xe0, 0x3c, 0x4d, 0xab, 0x3d, 0x43, 0xe4, + 0xe3, 0x5f, 0xf3, 0x56, 0xcd, 0x5c, 0xf2, 0x85, + 0x00, 0x45, 0x3c, 0xba, 0xf0, 0x56, 0xb3, 0x8b, + 0x29, 0xc3, 0x55, 0x7b, 0xb6, 0xfb, 0x68, 0xca, + 0x35, 0xe5, 0x0e, 0x46, 0xd6, 0xff, 0xc9, 0xbd, + 0x08, 0x71, 0x65, 0x3b, 0xf7, 0xab, 0xb1, 0x96, + 0x9b, 0x70, 0xdc, 0x8e, 0xf3, 0x02, 0xa4, 0x0f, + 0xc6, 0xcd, 0x70, 0xe5, 0xeb, 0xd3, 0x07, 0xb5, + 0x7d, 0x40, 0x8c, 0xfd, 0x33, 0x45, 0x8f, 0x9c, + 0x7f, 0xa1, 0x69, 0xcb, 0xe6, 0x73, 0x1d, 0x37, + 0xc7, 0x5f, 0x18, 0x57, 0x38, 0x96, 0x46, 0x24, + 0xad, 0xa6, 0x59, 0x3d, 0x7a, 0x74, 0x6e, 0x88, + 0x57, 0x18, 0x86, 0x7b, 0x07, 0x79, 0x52, 0xdd, + 0xbc, 0xa7, 0x40, 0x88, 0xa6, 0x66, 0x50, 0x49, + // Q: +// 0x00, 0x00, 0x00, 0x00, + 0xb4, 0x6d, 0x89, 0x7a, 0x72, 0xdb, 0x8c, 0x92, + 0x60, 0xf9, 0x95, 0x47, 0x81, 0x57, 0xe8, 0x6b, + 0xb4, 0xf9, 0xde, 0x51, + // G: + 0x76, 0x1e, 0x1b, 0xd2, 0x5c, 0x5f, 0x92, 0x96, + 0x42, 0x18, 0xba, 0x8d, 0xe1, 0x24, 0x12, 0x24, + 0x6f, 0x3f, 0xb8, 0x05, 0xf9, 0x72, 0x74, 0xfa, + 0xef, 0xc3, 0x1e, 0xd5, 0xa5, 0x93, 0x28, 0x07, + 0xc0, 0x7b, 0x47, 0xef, 0x15, 0x13, 0x68, 0x18, + 0xfb, 0x0d, 0x69, 0xea, 0xcc, 0x5a, 0x43, 0x08, + 0x75, 0xec, 0xe4, 0x5e, 0x8e, 0xa9, 0x61, 0xe1, + 0xcd, 0x27, 0x8c, 0x55, 0xc9, 0x42, 0x11, 0x11, + 0x7f, 0x20, 0x4d, 0x70, 0x34, 0x49, 0x00, 0x8c, + 0x79, 0x95, 0x79, 0x0b, 0xfd, 0x8d, 0xda, 0xe3, + 0x0c, 0x27, 0x7a, 0x35, 0xe5, 0x35, 0xc9, 0x73, + 0x31, 0xaa, 0xed, 0xbe, 0x81, 0x89, 0x67, 0x06, + 0xf6, 0x97, 0x0d, 0x44, 0x07, 0xac, 0x09, 0xac, + 0x44, 0xf3, 0xc6, 0x8b, 0x30, 0x4c, 0x76, 0x0b, + 0x55, 0x74, 0x10, 0x06, 0xda, 0xd4, 0x3d, 0x96, + 0x7e, 0xc3, 0xf8, 0x22, 0x9c, 0x71, 0x1d, 0x9c +}; +#endif + +#if DSA_KEY_BLOB_2048 + +#define PRIV_LEN_B (20) +#define PUB_LEN_B (32*8) +#define P_LEN_B (32*8) +#define Q_LEN_B (20) +#define G_LEN_B (32*8) +#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B) + +static const uint8_t dsa_key_blob[] = { +/* priv: */ + 0x1d, 0xe4, 0x81, 0x02, 0x52, 0x6b, 0x2b, 0x0e, + 0x98, 0x08, 0xc8, 0xb9, 0x81, 0x40, 0xd1, 0x1e, + 0x86, 0x69, 0x0d, 0xa9, +/* pub: */ + 0x70, 0xc4, 0x44, 0x28, 0x91, 0x77, 0x2b, 0x09, + 0xde, 0xe8, 0x66, 0x0b, 0xa5, 0xc8, 0x05, 0xb4, + 0x0a, 0x2d, 0x4f, 0x45, 0x8e, 0x0c, 0x8c, 0x38, + 0x61, 0xf3, 0x77, 0x05, 0x64, 0xf7, 0xe6, 0xe9, + 0x0b, 0x1f, 0x9b, 0x9f, 0x1f, 0xa1, 0x7e, 0x8f, + 0x5b, 0x14, 0x70, 0x1d, 0x4d, 0x1c, 0xdc, 0x9d, + 0xe0, 0x0a, 0xc4, 0x7b, 0x70, 0xfd, 0xef, 0xe6, + 0x20, 0x2d, 0x17, 0x13, 0xd7, 0x1c, 0xc0, 0xbb, + 0x5b, 0xce, 0x84, 0x6a, 0xa5, 0x4e, 0x27, 0x1c, + 0x9e, 0xaa, 0xb2, 0xdc, 0xc1, 0xec, 0x74, 0x93, + 0x67, 0xdb, 0xe1, 0xaa, 0x5a, 0x86, 0x1d, 0x8a, + 0xa9, 0x28, 0x7e, 0xfc, 0xd5, 0x72, 0x94, 0x6c, + 0x1d, 0x71, 0x85, 0x92, 0xa7, 0x6e, 0x84, 0x4f, + 0x27, 0xf3, 0x7e, 0x04, 0x7d, 0xf2, 0x7c, 0x07, + 0xa0, 0x7d, 0x02, 0x7c, 0x30, 0x70, 0xb5, 0x87, + 0xc3, 0xf0, 0xc2, 0x0c, 0xdb, 0x26, 0x72, 0x33, + 0x20, 0xca, 0xf0, 0x8b, 0x05, 0x20, 0x70, 0x98, + 0x65, 0x03, 0xd7, 0xd4, 0x47, 0xf0, 0xb2, 0x6e, + 0x2a, 0xbe, 0xcc, 0x83, 0x0d, 0xab, 0x60, 0x61, + 0x26, 0x7b, 0xaf, 0xae, 0x18, 0x9e, 0x20, 0xeb, + 0x12, 0x31, 0x18, 0x2e, 0x73, 0xca, 0xd4, 0x5e, + 0x66, 0x74, 0x61, 0x07, 0x9b, 0x20, 0x68, 0x12, + 0x88, 0xb1, 0xc5, 0x0f, 0x85, 0x9b, 0x45, 0x40, + 0x7d, 0x76, 0x62, 0x73, 0xba, 0x41, 0x7b, 0xaf, + 0xc7, 0xb9, 0x19, 0x7a, 0xd0, 0x55, 0xe6, 0xfd, + 0xb5, 0xb9, 0xc4, 0x1b, 0x22, 0x47, 0x8f, 0x7b, + 0xd7, 0x75, 0xe8, 0x7f, 0x01, 0xa2, 0x9b, 0x79, + 0xde, 0xea, 0x55, 0x3c, 0x61, 0x4d, 0xcd, 0xce, + 0x89, 0x8c, 0x76, 0x62, 0x12, 0x4d, 0xd4, 0x47, + 0x03, 0x0e, 0xe8, 0xe2, 0xb8, 0xda, 0xca, 0x20, + 0xb3, 0x64, 0xb6, 0x07, 0x06, 0x1b, 0xcb, 0x91, + 0x51, 0x2c, 0x2e, 0xfa, 0xe1, 0xee, 0x1e, 0x78, +/* P: */ + 0x8d, 0x09, 0x00, 0x56, 0x63, 0x39, 0x42, 0x8d, + 0x15, 0xd5, 0x1d, 0x86, 0x10, 0xde, 0xc7, 0xf4, + 0x07, 0xe5, 0x81, 0xbe, 0x67, 0xee, 0xc5, 0x33, + 0xd3, 0x41, 0x1b, 0xba, 0xd8, 0xa6, 0x61, 0x49, + 0x2d, 0x66, 0xcf, 0x60, 0x9f, 0x52, 0x60, 0x6e, + 0x0a, 0x16, 0xdc, 0x0b, 0x24, 0x1b, 0x62, 0x32, + 0xc4, 0xab, 0x52, 0x17, 0xbf, 0xc5, 0xa2, 0x2a, + 0xa4, 0x5e, 0x8c, 0xff, 0x97, 0x45, 0x51, 0xd9, + 0xc3, 0xf2, 0x32, 0x4a, 0xb9, 0x08, 0xc1, 0x6a, + 0x7b, 0x82, 0x93, 0x2a, 0x60, 0x29, 0x55, 0x1a, + 0x36, 0x1f, 0x05, 0x4f, 0xf1, 0x43, 0x12, 0xb2, + 0x73, 0x4e, 0xf6, 0x37, 0x65, 0x3d, 0x0b, 0x70, + 0x08, 0xc7, 0x34, 0x0b, 0x4d, 0xc9, 0x08, 0x70, + 0xaf, 0x4b, 0x95, 0x0b, 0x7c, 0x9f, 0xcf, 0xfc, + 0x57, 0x94, 0x47, 0x6d, 0xd1, 0xaf, 0xc6, 0x52, + 0xd9, 0xe2, 0x05, 0xce, 0xb2, 0xb8, 0x91, 0x6f, + 0x5a, 0x77, 0x6b, 0x1b, 0xff, 0x97, 0x8c, 0x5e, + 0x33, 0xfc, 0x80, 0x29, 0xdf, 0x83, 0x91, 0x0c, + 0x28, 0x1b, 0x00, 0xb4, 0xc9, 0x3e, 0xb7, 0x67, + 0xca, 0xab, 0x63, 0xd4, 0x48, 0xfe, 0xd2, 0xfd, + 0x65, 0x57, 0x33, 0x25, 0xbd, 0xf1, 0xa5, 0x51, + 0x51, 0x50, 0xf6, 0xcf, 0xfa, 0x0d, 0x67, 0x4e, + 0x90, 0x08, 0x87, 0x34, 0xf6, 0x33, 0xc9, 0x58, + 0xb1, 0x87, 0xf8, 0x5d, 0x73, 0x80, 0xde, 0x51, + 0xcd, 0x17, 0x70, 0x3e, 0xa4, 0xa8, 0x4f, 0xda, + 0xcd, 0xa2, 0x66, 0x0f, 0x95, 0xa7, 0xc6, 0xf7, + 0x12, 0x2e, 0x27, 0x94, 0xa9, 0x26, 0x1b, 0x25, + 0x16, 0x18, 0x99, 0x3b, 0x32, 0xaf, 0x71, 0x13, + 0x35, 0xda, 0xb8, 0x71, 0x5b, 0x50, 0x7c, 0x7a, + 0x9d, 0xcc, 0x0d, 0x95, 0xef, 0x6f, 0x64, 0x3c, + 0x28, 0x4b, 0x15, 0xe9, 0xd4, 0xad, 0xcc, 0x56, + 0xcb, 0x24, 0xf9, 0x61, 0x79, 0xd7, 0x56, 0xd3, +/* Q: */ + 0xf7, 0xdf, 0x85, 0xf5, 0x63, 0x36, 0x63, 0x71, + 0x74, 0x34, 0x98, 0x19, 0xff, 0x79, 0xf2, 0xe2, + 0x15, 0x75, 0x3c, 0x95, +/* G: */ + 0x0c, 0xf6, 0x8b, 0x1a, 0xbe, 0x66, 0x84, 0x98, + 0xae, 0xcb, 0xb0, 0xd9, 0x75, 0x75, 0x32, 0x4b, + 0xa3, 0xf2, 0x28, 0xa6, 0x6d, 0x13, 0xf2, 0xf3, + 0xfd, 0x93, 0x91, 0xb1, 0x21, 0x1e, 0xcc, 0x08, + 0x87, 0xce, 0x74, 0xb1, 0xd0, 0x19, 0x50, 0xff, + 0xac, 0xef, 0x9f, 0x82, 0xda, 0x75, 0xda, 0x6d, + 0x89, 0xf3, 0x0b, 0xdc, 0x27, 0x98, 0x85, 0x01, + 0x68, 0xb7, 0xbd, 0x98, 0x83, 0xb1, 0xb0, 0x65, + 0x31, 0x71, 0x43, 0x05, 0xa7, 0x76, 0x63, 0xe4, + 0x7d, 0x61, 0x53, 0xc7, 0x3e, 0x3b, 0x82, 0x28, + 0x65, 0x07, 0xfe, 0x9e, 0xa3, 0x35, 0x2c, 0xdc, + 0x9e, 0x05, 0x7c, 0x9a, 0x69, 0xc6, 0x9f, 0xc2, + 0x3f, 0x94, 0x6b, 0xad, 0xa4, 0x2b, 0x5d, 0x48, + 0x9e, 0x2c, 0xad, 0xd2, 0x89, 0x49, 0xdc, 0xdb, + 0x55, 0x49, 0x56, 0xaf, 0xe9, 0x0e, 0x37, 0xe7, + 0x1f, 0x42, 0x6a, 0x7c, 0xac, 0xe8, 0x1b, 0xbb, + 0x21, 0x82, 0x14, 0x72, 0x17, 0x64, 0xf0, 0x3c, + 0x3d, 0xc1, 0x43, 0x27, 0x27, 0x9f, 0xe9, 0x21, + 0xf2, 0x2f, 0xf7, 0xfa, 0x3c, 0xed, 0xbf, 0xab, + 0xab, 0xb7, 0x3c, 0x6d, 0x1e, 0x85, 0x9f, 0x77, + 0x4f, 0x69, 0x09, 0x4e, 0xed, 0x13, 0x84, 0x40, + 0x1a, 0xc6, 0xa1, 0xd9, 0x68, 0xb6, 0x18, 0x32, + 0x79, 0x25, 0x9e, 0xa6, 0x41, 0x30, 0xd1, 0xc2, + 0x7a, 0x8f, 0x0d, 0x46, 0xee, 0xda, 0xb0, 0xbf, + 0x64, 0x42, 0x59, 0x7e, 0x22, 0x88, 0xd6, 0x52, + 0xec, 0xed, 0xc4, 0x13, 0xb1, 0x7f, 0x5c, 0x77, + 0x4c, 0xfd, 0x22, 0x90, 0xd3, 0xe3, 0xa9, 0xc1, + 0x0f, 0x25, 0xac, 0xd5, 0x04, 0x84, 0xe6, 0xa8, + 0xc7, 0xb4, 0x4f, 0xa2, 0x67, 0xae, 0xaa, 0x92, + 0xe9, 0x0a, 0xed, 0x45, 0x5b, 0xf0, 0x1b, 0x69, + 0xec, 0xaf, 0x7d, 0xf2, 0x71, 0x25, 0xbf, 0x92, + 0xd4, 0xd0, 0x5b, 0xde, 0x5a, 0x2d, 0x18, 0x8e +}; +#endif + +void load_dsa_key_blob(dsa_ctx_t* ctx){ + if(ctx->priv.wordv){ + free(ctx->priv.wordv); + } + ctx->priv.wordv = malloc(ALL_LEN_B); + if(ctx->priv.wordv==NULL){ + cli_putstr("\r\nERROR: OUT OF MEMORY!!!"); + return; + } + memcpy(ctx->priv.wordv, dsa_key_blob, ALL_LEN_B); + ctx->priv.length_W=(PRIV_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t); + ctx->pub.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B); + ctx->pub.length_W = (PUB_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t); + ctx->domain.p.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B); + ctx->domain.p.length_W = (P_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t); + ctx->domain.q.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B); + ctx->domain.q.length_W = (Q_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t); + ctx->domain.g.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B); + ctx->domain.g.length_W = (G_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t); + + bigint_changeendianess(&(ctx->priv)); + bigint_changeendianess(&(ctx->pub)); + bigint_changeendianess(&(ctx->domain.p)); + bigint_changeendianess(&(ctx->domain.q)); + bigint_changeendianess(&(ctx->domain.g)); + + bigint_adjust(&(ctx->priv)); + bigint_adjust(&(ctx->pub)); + bigint_adjust(&(ctx->domain.p)); + bigint_adjust(&(ctx->domain.q)); + bigint_adjust(&(ctx->domain.g)); +} diff --git a/dsa/dsa_key_blob.h b/dsa/dsa_key_blob.h new file mode 100644 index 0000000..efc6390 --- /dev/null +++ b/dsa/dsa_key_blob.h @@ -0,0 +1,25 @@ +/* dsa_key_blob.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef DSA_KEY_BLOB_H_ +#define DSA_KEY_BLOB_H_ + +void load_dsa_key_blob(dsa_ctx_t* ctx); + +#endif /* DSA_KEY_BLOB_H_ */ diff --git a/dsa/dsa_sign.c b/dsa/dsa_sign.c new file mode 100644 index 0000000..e8c826a --- /dev/null +++ b/dsa/dsa_sign.c @@ -0,0 +1,76 @@ +/* dsa_sign.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include "bigint.h" +#include "dsa.h" +#include "hashfunction_descriptor.h" +#include "hfal-basic.h" + +#define MAX(a,b) (((a)>(b))?(a):(b)) + +uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m, + const dsa_ctx_t* ctx, const bigint_t* k){ + bigint_t tmp, tmp2; + bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5]; + tmp.wordv= tmp_b; + tmp2.wordv = tmp2_b; + bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p)); + bigint_reduce(&tmp, &(ctx->domain.q)); + bigint_copy(&(s->r), &tmp); + bigint_mul_u(&tmp, &tmp, &(ctx->priv)); + bigint_add_u(&tmp, &tmp, m); + bigint_inverse(&tmp2, k, &(ctx->domain.q)); + bigint_mul_u(&tmp, &tmp, &tmp2); + bigint_reduce(&tmp, &(ctx->domain.q)); + bigint_copy(&(s->s), &tmp); + + if(s->s.length_W==0 || s->r.length_W==0){ + return 1; + } + + return 0; +} + +uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b, + const hfdesc_t* hash_desc, const dsa_ctx_t* ctx, + uint8_t(*rand_in)(void)){ + bigint_t z, k; + uint16_t i, n_B = ctx->domain.q.length_W; + unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8)); + bigint_word_t hash_value[hash_length]; + bigint_word_t k_b[n_B]; + memset(hash_value, 0, hash_length*sizeof(bigint_word_t)); + hfal_hash_mem(hash_desc, hash_value, m, m_len_b); + z.wordv = hash_value; + z.length_W = n_B; + bigint_changeendianess(&z); + k.wordv = k_b; + k.length_W = n_B; + do{ + for(i=0; i. +*/ + +#include +#include +#include "bigint.h" +#include "dsa.h" +#include "hfal-basic.h" + +uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m, + const dsa_ctx_t* ctx){ + if(s->r.length_W==0 || s->s.length_W==0){ + return DSA_SIGNATURE_FAIL; + } + if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){ + return DSA_SIGNATURE_FAIL; + } + bigint_t w, u1, u2, v1, v2; + bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2]; + bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W]; + w.wordv = w_b; + u1.wordv = u1_b; + u2.wordv = u2_b; + v1.wordv = v1_b; + v2.wordv = v2_b; + bigint_inverse(&w, &(s->s), &(ctx->domain.q)); + bigint_mul_u(&u1, &w, m); + bigint_reduce(&u1, &(ctx->domain.q)); + bigint_mul_u(&u2, &w, &(s->r)); + bigint_reduce(&u2, &(ctx->domain.q)); + bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p)); + bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p)); + bigint_mul_u(&v1, &v1, &v2); + bigint_reduce(&v1, &(ctx->domain.p)); + bigint_reduce(&v1, &(ctx->domain.q)); + if(bigint_cmp_u(&v1, &(s->r))==0){ + return DSA_SIGNATURE_OK; + } + return DSA_SIGNATURE_FAIL; +} + +uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b, + const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){ + bigint_t z; + uint16_t n_B = ctx->domain.q.length_W; + unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8); + bigint_word_t hash_value[hash_length]; + memset(hash_value, 0, hash_length*sizeof(bigint_word_t)); + hfal_hash_mem(hash_desc, hash_value, m, m_len_b); + z.wordv = hash_value; + z.length_W = n_B; + bigint_changeendianess(&z); + bigint_adjust(&z); + return dsa_verify_bigint(s, &z, ctx); +} + + + + + + + diff --git a/entropium/entropium.c b/entropium/entropium.c new file mode 100644 index 0000000..45ef619 --- /dev/null +++ b/entropium/entropium.c @@ -0,0 +1,135 @@ +/* entropium.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file entropium.c + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2006-05-17 + * \license GPLv3 or later + * \brief This file contains an implementaition of a pseudo-random-number generator. + * + * Extension 1: + * rndCore is expanded to 512 bits for more security. + * + \verbatim + ################################################################################################ + # # + # +---------------------------+ # + # | | # + # V | # + # (concat) | # + +---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+ + | entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block | + +---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+ + # (xor) (xor) | # + # ^ ^ | # + # \ / | # + # (offset)---------------------+ # + # # + ################################################################################################ + \endverbatim + */ + +#include +#include +#include "sha256.h" +#include "entropium.h" + +#include + +/** + * \brief secret entropy pool. + * This is the core of the random which is generated + */ +static +uint32_t rndCore[16]; + +/*************************************************************************/ + +/* idea is: hash the message and add it via xor to rndCore + * + * length in bits + * + * we simply first "hash" rndCore, then entropy. + */ +void entropium_addEntropy(unsigned length_b, const void* data){ + sha256_ctx_t s; + static uint8_t offset=0; /* selects if higher or lower half gets updated */ + sha256_init(&s); + sha256_nextBlock(&s, rndCore); + while (length_b>=512){ + sha256_nextBlock(&s, data); + data = (uint8_t*)data+ 512/8; + length_b -= 512; + } + sha256_lastBlock(&s, data, length_b); + uint8_t i; + for (i=0; i<8; ++i){ + rndCore[i+offset] ^= s.h[i]; + } + offset ^= 8; /* hehe */ +} + +/*************************************************************************/ + +void entropium_getRandomBlock(void *b){ + sha256_ctx_t s; + uint8_t offset=8; + + sha256_init(&s); + sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */ + uint8_t i; + for (i=0; i<8; ++i){ + rndCore[i+offset] ^= s.h[i]; + } + offset ^= 8; /* hehe */ + memcpy(b, s.h, 32); /* back up first hash in b */ + ((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */ + sha256_init(&s); + sha256_lastBlock(&s, b, 256); + memcpy(b, s.h, 32); +} + +/*************************************************************************/ + + +uint8_t entropium_getRandomByte(void){ + static uint8_t block[32]; + static uint8_t i = 0; + + if(i == 0){ + entropium_getRandomBlock((void*)block); + i = 32; + } + return block[--i]; +} + +void entropium_fillBlockRandom(void* block, unsigned length_B){ + while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){ + entropium_getRandomBlock(block); + block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE; + length_B -= ENTROPIUM_RANDOMBLOCK_SIZE; + } + while(length_B){ + *((uint8_t*)block) = entropium_getRandomByte(); + block= (uint8_t*)block +1; --length_B; + } +} + + diff --git a/entropium/entropium.h b/entropium/entropium.h new file mode 100644 index 0000000..7f76693 --- /dev/null +++ b/entropium/entropium.h @@ -0,0 +1,84 @@ +/* entropium.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/** + * File: entropium.h + * Author: Daniel Otte + * Date: 23.07.2006 + * License: GPL + * Description: This file contains the declarations for the pseudo-random-number generator. + **/ + +/** + * \file entropium.h + * \author Daniel Otte + * \date 23.07.2006 + * \license GPLv3 or later + * \brief This file contains the declarations for the pseudo-random-number generator. + **/ + + +#ifndef ENTROPIUM_H_ +#define ENTROPIUM_H_ + +#include +/* + * length in bits + */ +#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */ + +/** \fn void entropium_addEntropy(unsigned length_b, const void* data) + * \brief add entropy to the prng + * + * This function adds data to the internal entropy pool + * \param length_b length of the data block in bits + * \param data pointer to the data + */ +void entropium_addEntropy(unsigned length_b, const void* data); + +/** \fn void entropium_getRandomBlock(void* b) + * \brief generate a fixed size block of random data + * + * This function writes 32 bytes of random extracted from the entropy pool + * in the supplied buffer. + * \param b buffer where the random data gets written + */ +void entropium_getRandomBlock(void* b); + +/** \fn uint8_t entropium_getRandomByte(void) + * \brief get a single byte of random data + * + * This function utilizes a internal buffer which gets automatically filled + * again. + * \return a byte of random data + */ +uint8_t entropium_getRandomByte(void); + +/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B) + * \brief get a block of random data + * + * This function writes random data extracted from the entropy pool in the + * supplied buffer. It shares a internal buffer with the + * entropium_getRandomByte() function. + * \param block pointer to the buffer where the random data goes + * \param length_B number of bytes to be written to the buffer + */ +void entropium_fillBlockRandom(void* block, unsigned length_B); + +#endif /*PRNG_H_*/ diff --git a/hmac-md5/hmac-md5.c b/hmac-md5/hmac-md5.c new file mode 100644 index 0000000..a63dcd1 --- /dev/null +++ b/hmac-md5/hmac-md5.c @@ -0,0 +1,130 @@ +/* hmac-md5.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * implementation of HMAC as described in RFC2104 + * Author: Daniel Otte + * email: daniel.otte@rub.de + * License: GPLv3 or later + **/ + +/* + * hmac = hash ( k^opad , hash( k^ipad , msg)) + */ + +#include +#include +#include "config.h" +#include "md5.h" +#include "hmac-md5.h" + +#define IPAD 0x36 +#define OPAD 0x5C + +#ifndef HMAC_SHORTONLY + +void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){ + uint8_t buffer[MD5_BLOCK_BYTES]; + uint8_t i; + + memset(buffer, 0, MD5_BLOCK_BYTES); + if (keylength_b > MD5_BLOCK_BITS){ + md5((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; ia)); + md5_nextBlock(&(s->a), buffer); + + for (i=0; ib)); + md5_nextBlock(&(s->b), buffer); + +#if defined SECURE_WIPE_BUFFER + memset(buffer, 0, MD5_BLOCK_BYTES); +#endif +} + +void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){ + md5_nextBlock(&(s->a), block); +} + +void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){ + md5_lastBlock(&(s->a), block, length_b); +} + +void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){ + md5_ctx2hash((md5_hash_t*)dest, &(s->a)); + md5_lastBlock(&(s->b), dest, MD5_HASH_BITS); + md5_ctx2hash((md5_hash_t*)dest, &(s->b)); +} + +#endif + +/* +void hmac_md5_nextBlock() +void hmac_md5_lastBlock() +*/ + +/* + * keylength in bits! + * message length in bits! + */ +void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/ + md5_ctx_t s; + uint8_t i; + uint8_t buffer[MD5_BLOCK_BYTES]; + + memset(buffer, 0, MD5_BLOCK_BYTES); + + /* if key is larger than a block we have to hash it*/ + if (keylength_b > MD5_BLOCK_BITS){ + md5((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; i= MD5_BLOCK_BITS){ + md5_nextBlock(&s, msg); + msg = (uint8_t*)msg + MD5_BLOCK_BYTES; + msglength_b -= MD5_BLOCK_BITS; + } + md5_lastBlock(&s, msg, msglength_b); + /* since buffer still contains key xor ipad we can do ... */ + for (i=0; i. +*/ +#ifndef HMACMD5_H_ +#define HMACMD5_H_ + +#include "md5.h" + +#define HMAC_MD5_BITS MD5_HASH_BITS +#define HMAC_MD5_BYTES MD5_HASH_BYTES +#define HMAC_MD5_BLOCK_BITS MD5_BLOCK_BITS +#define HMAC_MD5_BLOCK_BYTES MD5_BLOCK_BYTES + +typedef struct{ + md5_ctx_t a,b; +} hmac_md5_ctx_t; + + +void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b); +void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block); +void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b); +void hmac_md5_final(void* dest, hmac_md5_ctx_t *s); + +void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b); + + +#endif /*HMACMD5_H_*/ diff --git a/hmac-sha1/hmac-sha1.c b/hmac-sha1/hmac-sha1.c new file mode 100644 index 0000000..0998570 --- /dev/null +++ b/hmac-sha1/hmac-sha1.c @@ -0,0 +1,131 @@ +/* hmac-sha1.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * implementation of HMAC as described in RFC2104 + * Author: Daniel Otte + * email: daniel.otte@rub.de + * License: GPLv3 or later + **/ + +/* + * hmac = hash ( k^opad , hash( k^ipad , msg)) + */ + +#include +#include +#include "config.h" +#include "sha1.h" +#include "hmac-sha1.h" + +#define IPAD 0x36 +#define OPAD 0x5C + + +#ifndef HMAC_SHORTONLY + +void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b){ + uint8_t buffer[SHA1_BLOCK_BYTES]; + uint8_t i; + + memset(buffer, 0, SHA1_BLOCK_BYTES); + if (keylength_b > SHA1_BLOCK_BITS){ + sha1((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; ia)); + sha1_nextBlock(&(s->a), buffer); + + for (i=0; ib)); + sha1_nextBlock(&(s->b), buffer); + + +#if defined SECURE_WIPE_BUFFER + memset(buffer, 0, SHA1_BLOCK_BYTES); +#endif +} + +void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block){ + sha1_nextBlock(&(s->a), block); +} +void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b){ + while(length_b>=SHA1_BLOCK_BITS){ + sha1_nextBlock(&(s->a), block); + block = (uint8_t*)block + SHA1_BLOCK_BYTES; + length_b -= SHA1_BLOCK_BITS; + } + sha1_lastBlock(&(s->a), block, length_b); +} + +void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s){ + sha1_ctx2hash(dest, &(s->a)); + sha1_lastBlock(&(s->b), dest, SHA1_HASH_BITS); + sha1_ctx2hash(dest, &(s->b)); +} + +#endif + +/* + * keylength in bits! + * message length in bits! + */ +void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/ + sha1_ctx_t s; + uint8_t i; + uint8_t buffer[SHA1_BLOCK_BYTES]; + + memset(buffer, 0, SHA1_BLOCK_BYTES); + + /* if key is larger than a block we have to hash it*/ + if (keylength_b > SHA1_BLOCK_BITS){ + sha1((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; i= SHA1_BLOCK_BITS){ + sha1_nextBlock(&s, msg); + msg = (uint8_t*)msg + SHA1_BLOCK_BYTES; + msglength_b -= SHA1_BLOCK_BITS; + } + sha1_lastBlock(&s, msg, msglength_b); + /* since buffer still contains key xor ipad we can do ... */ + for (i=0; i. +*/ +#ifndef HMACSHA1_H_ +#define HMACSHA1_H_ + +#include "sha1.h" + +#define HMAC_SHA1_BITS SHA1_HASH_BITS +#define HMAC_SHA1_BYTES SHA1_HASH_BYTES +#define HMAC_SHA1_BLOCK_BITS SHA1_BLOCK_BITS +#define HMAC_SHA1_BLOCK_BYTES SHA1_BLOCK_BYTES + +typedef struct{ + sha1_ctx_t a, b; +} hmac_sha1_ctx_t; + + +void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b); +void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block); +void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b); +void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s); + +void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b); + +#endif /*HMACSHA1_H_*/ diff --git a/hmac-sha256/hmac-sha256.c b/hmac-sha256/hmac-sha256.c new file mode 100644 index 0000000..5229101 --- /dev/null +++ b/hmac-sha256/hmac-sha256.c @@ -0,0 +1,130 @@ +/* hmac-sha256.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * implementation of HMAC as described in RFC2104 + * Author: Daniel Otte + * email: daniel.otte@rub.de + * License: GPLv3 or later + **/ + +/* + * hmac = hash ( k^opad , hash( k^ipad , msg)) + */ + +#include +#include +#include "config.h" +#include "sha256.h" +#include "hmac-sha256.h" + +#define IPAD 0x36 +#define OPAD 0x5C + +#ifndef HMAC_SHA256_SHORTONLY + +void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b){ + uint8_t buffer[HMAC_SHA256_BLOCK_BYTES]; + uint8_t i; + + memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES); + if (keylength_b > HMAC_SHA256_BLOCK_BITS){ + sha256((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; ia)); + sha256_nextBlock(&(s->a), buffer); + + for (i=0; ib)); + sha256_nextBlock(&(s->b), buffer); + +#if defined SECURE_WIPE_BUFFER + memset(buffer, 0, SHA256_BLOCK_BYTES); +#endif +} + +void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block){ + sha256_nextBlock(&(s->a), block); +} + +void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b){ +/* while(length_b>=SHA256_BLOCK_BITS){ + sha256_nextBlock(&(s->a), block); + block = (uint8_t*)block + SHA256_BLOCK_BYTES; + length_b -= SHA256_BLOCK_BITS; + } +*/ sha256_lastBlock(&(s->a), block, length_b); +} + +void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s){ + sha256_ctx2hash(dest, &(s->a)); + sha256_lastBlock(&(s->b), dest, SHA256_HASH_BITS); + sha256_ctx2hash(dest, &(s->b)); +} + +#endif + +/* + * keylength in bits! + * message length in bits! + */ +void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/ + sha256_ctx_t s; + uint8_t i; + uint8_t buffer[HMAC_SHA256_BLOCK_BYTES]; + + memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES); + + /* if key is larger than a block we have to hash it*/ + if (keylength_b > SHA256_BLOCK_BITS){ + sha256((void*)buffer, key, keylength_b); + } else { + memcpy(buffer, key, (keylength_b+7)/8); + } + + for (i=0; i= HMAC_SHA256_BLOCK_BITS){ + sha256_nextBlock(&s, msg); + msg = (uint8_t*)msg + HMAC_SHA256_BLOCK_BYTES; + msglength_b -= HMAC_SHA256_BLOCK_BITS; + } + sha256_lastBlock(&s, msg, msglength_b); + /* since buffer still contains key xor ipad we can do ... */ + for (i=0; i. +*/ +#ifndef HMACSHA256_H_ +#define HMACSHA256_H_ + +#include "sha256.h" + +#define HMAC_SHA256_BITS SHA256_HASH_BITS +#define HMAC_SHA256_BYTES SHA256_HASH_BYTES +#define HMAC_SHA256_BLOCK_BITS SHA256_BLOCK_BITS +#define HMAC_SHA256_BLOCK_BYTES SHA256_BLOCK_BYTES + + +typedef struct { + sha256_ctx_t a,b; +} hmac_sha256_ctx_t; + + +void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b); +void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block); +void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b); +void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s); + +void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b); + + +#endif /*HMACSHA256_H_*/ diff --git a/main_headers b/main_headers new file mode 100644 index 0000000..a66ddcd --- /dev/null +++ b/main_headers @@ -0,0 +1,175 @@ +./a51/A5_1.h +./aes/aes128_dec.h +./aes/aes128_enc.h +./aes/aes192_dec.h +./aes/aes192_enc.h +./aes/aes256_dec.h +./aes/aes256_enc.h +./aes/aes_dec.h +./aes/aes_enc.h +./aes/aes.h +./aes/aes_invsbox.h +./aes/aes_keyschedule.h +./aes/aes_sbox.h +./aes/aes_types.h +./arcfour/arcfour.h +./backup/keccak/keccak.h +./base64/base64_dec.h +./base64/base64_enc.h +./bcal/bcal_aes128.h +./bcal/bcal_aes192.h +./bcal/bcal_aes256.h +./bcal/bcal-basic.h +./bcal/bcal_camellia128.h +./bcal/bcal_cast5.h +./bcal/bcal_cast6.h +./bcal/bcal-cbc.h +./bcal/bcal-cfb_bit.h +./bcal/bcal-cfb_byte.h +./bcal/bcal-cmac.h +./bcal/bcal_cscipher.h +./bcal/bcal-ctr.h +./bcal/bcal_des.h +./bcal/bcal-eax.h +./bcal/bcal_khazad.h +./bcal/bcal-nessie.h +./bcal/bcal_noekeon.h +./bcal/bcal-ofb.h +./bcal/bcal-performance.h +./bcal/bcal_present80.h +./bcal/bcal_present128.h +./bcal/bcal_rc5.h +./bcal/bcal_rc6.h +./bcal/bcal_seed.h +./bcal/bcal_serpent.h +./bcal/bcal_skipjack.h +./bcal/bcal_tdes2.h +./bcal/bcal_tdes.h +./bcal/bcal_threefish1024.h +./bcal/bcal_threefish256.h +./bcal/bcal_threefish512.h +./bcal/bcal_xtea.h +./bcal/keysize_descriptor.h +./bigint/bigint.h +./bigint/bigint_io.h +./bigint/old_io/bigint_io.h +./blake/blake_common.h +./blake/blake_large.h +./blake/blake_small.h +./blockcipher_descriptor.h +./bmw/bmw_large.h +./bmw/bmw_small.h +./camellia/camellia.h +./cast5/cast5.h +./cast5/cast5-sbox.h +./cast6/cast6.h +./cast6/cast6_sboxes.h +./cscipher/cscipher.h +./cscipher/cscipher_sbox.h +./cubehash/cubehash.h +./des/des.h +./dsa/dsa.h +./dsa/dsa_key_blob.h +./echo/aes_enc_round.h +./echo/echo.h +./entropium/entropium.h +./entropium/sha256.h +./gf256mul/gf256mul.h +./grain/grain.h +./groestl/groestl_large.h +./groestl/groestl_small.h +./hashfunction_descriptor.h +./hfal/hfal-basic.h +./hfal/hfal_blake_large.h +./hfal/hfal_blake_small.h +./hfal/hfal_bmw_large.h +./hfal/hfal_bmw_small.h +./hfal/hfal_cubehash.h +./hfal/hfal_echo.h +./hfal/hfal_groestl_large.h +./hfal/hfal_groestl_small.h +./hfal/hfal-hmac.h +./hfal/hfal_jh.h +./hfal/hfal_keccak.h +./hfal/hfal_md5.h +./hfal/hfal-nessie.h +./hfal/hfal-performance.h +./hfal/hfal_sha1.h +./hfal/hfal_sha224.h +./hfal/hfal_sha256.h +./hfal/hfal_sha384.h +./hfal/hfal_sha512.h +./hfal/hfal_shabal.h +./hfal/hfal_skein1024.h +./hfal/hfal_skein256.h +./hfal/hfal_skein512.h +./hfal/hfal-test.h +./hmac-md5/hmac-md5.h +./hmac-sha1/hmac-sha1.h +./hmac-sha256/hmac-sha256.h +./jh_/jh_simple.h +./jh/jh_simple.h +./jh_/jh_tables.h +./jh/jh_tables.h +./keccak/keccak.h +./khazad/khazad.h +./lfsr-helper.h +./md5/md5.h +./md5/md5_sbox.h +./memxor/memxor.h +./mgf1/mgf1.h +./mickey128/mickey128.h +./mqq-sign/mqq160-sign.h +./mqq-sign/mqq160-sign_P.h +./mqq-sign/mqq160-sign_testkey.h +./mugi/aes_sbox.h +./mugi/mugi.h +./noekeon/noekeon_cbc_enc.h +./noekeon/noekeon_ctr.h +./noekeon/noekeon.h +./noekeon/noekeon_prng.h +./noekeon/omac_noekeon.h +./present/present80.h +./present/present128.h +./prf_tls12/prf_tls12.h +./rabbit/rabbit.h +./rc5/rc5.h +./rc6/rc6.h +./rsa/random_dummy.h +./rsa/rsa_basic.h +./rsa/rsaes_oaep.h +./rsa/rsaes_pkcs1v15.h +./salsa20/salsa20.h +./scal/scal_arcfour.h +./scal/scal-basic.h +./scal/scal_grain.h +./scal/scal_mickey128.h +./scal/scal-nessie.h +./scal/scal_rabbit.h +./scal/scal_salsa20.h +./scal/scal_trivium.h +./seed/seed.h +./seed/seed_sbox.h +./serpent/serpent.h +./serpent/serpent-sboxes.h +./sha1/sha1.h +./sha2/sha224.h +./sha2/sha256.h +./sha2/sha2_large_common.h +./sha2/sha2_small_common.h +./sha2/sha384.h +./sha2/sha512.h +./sha3-api.h +./shabal/shabal.h +./shabea/sha256.h +./shabea/shabea.h +./shacal1/shacal1_enc.h +./shacal2/shacal2_enc.h +./skein/skein.h +./skein/threefish.h +./skein/ubi.h +./skipjack/skipjack.h +./streamcipher_descriptor.h +./trivium/trivium.h +./xtea/xtea.h +./zodiac.h diff --git a/mkfiles/001_scal_std.mk b/mkfiles/001_scal_std.mk new file mode 100644 index 0000000..911780c --- /dev/null +++ b/mkfiles/001_scal_std.mk @@ -0,0 +1,4 @@ +SCAL_STD = nessie_common.o performance_test.o memxor.o \ + scal-basic.o scal-nessie.o \ + keysize_descriptor.o nessie_stream_test.o +# scal-performance.o diff --git a/mkfiles/002_bcal_algos.mk b/mkfiles/002_bcal_algos.mk new file mode 100644 index 0000000..610908a --- /dev/null +++ b/mkfiles/002_bcal_algos.mk @@ -0,0 +1,26 @@ +# Makefile for bcal-algos (library) +ALGO_NAME := BCAL_ALGOS + +$(ALGO_NAME)_DIR := bcal/ +$(ALGO_NAME)_INCDIR := +$(ALGO_NAME)_OBJ := \ +bcal_aes128.o \ +bcal_aes192.o \ +bcal_aes256.o \ +bcal_cast5.o \ +bcal_cast6.o \ +bcal_cscipher.o \ +bcal_des.o \ +bcal_khazad.o \ +bcal_noekeon.o \ +bcal_present80.o \ +bcal_present128.o \ +bcal_rc5.o \ +bcal_rc6.o \ +bcal_seed.o \ +bcal_serpent.o \ +bcal_tdes2.o \ +bcal_tdes.o \ +bcal_xtea.o + + diff --git a/mkfiles/002_hfal_algos.mk b/mkfiles/002_hfal_algos.mk new file mode 100644 index 0000000..027edd0 --- /dev/null +++ b/mkfiles/002_hfal_algos.mk @@ -0,0 +1,27 @@ +# Makefile for hfal-algos (library) +ALGO_NAME := HFAL_ALGOS + +$(ALGO_NAME)_DIR := hfal/ +$(ALGO_NAME)_INCDIR := +$(ALGO_NAME)_OBJ := \ +hfal_blake_large.o \ +hfal_blake_small.o \ +hfal_bmw_large.o \ +hfal_bmw_small.o \ +hfal_cubehash.o \ +hfal_echo.o \ +hfal_groestl_large.o \ +hfal_groestl_small.o \ +hfal_jh.o \ +hfal_keccak.o \ +hfal_md5.o \ +hfal_sha1.o \ +hfal_sha224.o \ +hfal_sha256.o \ +hfal_sha384.o \ +hfal_sha512.o \ +hfal_shabal.o \ +hfal_skein1024.o \ +hfal_skein256.o \ +hfal_skein512.o + diff --git a/mkfiles/002_scal_algos.mk b/mkfiles/002_scal_algos.mk new file mode 100644 index 0000000..0435b21 --- /dev/null +++ b/mkfiles/002_scal_algos.mk @@ -0,0 +1,14 @@ +# Makefile for scal-algos (library) +ALGO_NAME := SCAL_ALGOS + +$(ALGO_NAME)_DIR := scal/ +$(ALGO_NAME)_INCDIR := +$(ALGO_NAME)_OBJ := \ +scal_arcfour.o \ +scal_grain.o \ +scal_mickey128.o \ +scal_rabbit.o \ +scal_salsa20.o \ +scal_trivium.o + + diff --git a/mkfiles/bmw_asm.mk b/mkfiles/bmw_asm.mk new file mode 100644 index 0000000..8ae84f4 --- /dev/null +++ b/mkfiles/bmw_asm.mk @@ -0,0 +1,13 @@ +# Makefile for BlueMidnightWish +ALGO_NAME := BMW + +# comment out the following line for removement of BlueMidnightWish from the build process +#HASHES += $(ALGO_NAME) # currently buggy + +$(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ +$(ALGO_NAME)_OBJ := bmw_small-asm-cstub.o bmw_small-asm.o bmw_large.o memxor.o +$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) +$(ALGO_NAME)_NESSIE_TEST := test nessie +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/bmw_asm_speed.mk b/mkfiles/bmw_asm_speed.mk new file mode 100644 index 0000000..d7726d9 --- /dev/null +++ b/mkfiles/bmw_asm_speed.mk @@ -0,0 +1,13 @@ +# Makefile for BlueMidnightWish +ALGO_NAME := BMW_ASM_SPEED + +# comment out the following line for removement of BlueMidnightWish from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ +$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asm_f0.o bmw_large_speed.o memxor.o +$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) +$(ALGO_NAME)_NESSIE_TEST := test nessie +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/bmw_asmmix_speed.mk b/mkfiles/bmw_asmmix_speed.mk new file mode 100644 index 0000000..34493b1 --- /dev/null +++ b/mkfiles/bmw_asmmix_speed.mk @@ -0,0 +1,13 @@ +# Makefile for BlueMidnightWish +ALGO_NAME := BMW_ASMMIX_SPEED + +# comment out the following line for removement of BlueMidnightWish from the build process +HASHES += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := bmw/ +$(ALGO_NAME)_INCDIR := memxor/ hfal/ +$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asmmix_f0.o bmw_large_speed.o memxor.o +$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD) +$(ALGO_NAME)_NESSIE_TEST := test nessie +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/camellia_c.mk b/mkfiles/camellia_c.mk new file mode 100644 index 0000000..2c82fe2 --- /dev/null +++ b/mkfiles/camellia_c.mk @@ -0,0 +1,14 @@ +# Makefile for camellia +ALGO_NAME := CAMELLIA_C + +# comment out the following line for removement of serpent from the build process +BLOCK_CIPHERS += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := camellia/ +$(ALGO_NAME)_INCDIR := bcal/ +$(ALGO_NAME)_OBJ := camellia_C.o +$(ALGO_NAME)_TESTBIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \ + bcal_camellia128.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/dsa.mk b/mkfiles/dsa.mk new file mode 100644 index 0000000..4cf94ae --- /dev/null +++ b/mkfiles/dsa.mk @@ -0,0 +1,14 @@ +# Makefile for DSA +ALGO_NAME := DSA + +# comment out the following line for removement of DSA from the build process +SIGNATURE += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := dsa/ +$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/ +$(ALGO_NAME)_OBJ := bigint.o bigint_io.o sha1.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o +$(ALGO_NAME)_TESTBIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \ + noekeon.o noekeon_prng.o memxor.o + +$(ALGO_NAME)_PERFORMANCE_TEST := performance + diff --git a/mkfiles/entropium.mk b/mkfiles/entropium.mk new file mode 100644 index 0000000..cc93fae --- /dev/null +++ b/mkfiles/entropium.mk @@ -0,0 +1,14 @@ +# Makefile for Entropium PRNG +ALGO_NAME := ENTROPIUM + +# comment out the following line for removement of PRNG from the build process +PRNGS += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := entropium/ +$(ALGO_NAME)_INCDIR := sha2/ +$(ALGO_NAME)_OBJ := entropium.o sha256.o sha2_small_common.o +$(ALGO_NAME)_TESTBIN := main-entropium-test.o $(CLI_STD) performance_test.o + +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/hmac-md5.mk b/mkfiles/hmac-md5.mk new file mode 100644 index 0000000..ee03a54 --- /dev/null +++ b/mkfiles/hmac-md5.mk @@ -0,0 +1,14 @@ +# Makefile for HMAC-MD5 +ALGO_NAME := HMAC-MD5 + +# comment out the following line for removement of HMAC-MD5 from the build process +MACS += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := hmac-md5/ +$(ALGO_NAME)_INCDIR := md5/ +$(ALGO_NAME)_OBJ := hmac-md5.o md5.o md5_sbox.o +$(ALGO_NAME)_TESTBIN := main-hmac-md5-test.o $(CLI_STD) \ + nessie_mac_test.o nessie_common.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/hmac-sha1.mk b/mkfiles/hmac-sha1.mk new file mode 100644 index 0000000..b233702 --- /dev/null +++ b/mkfiles/hmac-sha1.mk @@ -0,0 +1,14 @@ +# Makefile for HMAC-SHA1 +ALGO_NAME := HMAC-SHA1 + +# comment out the following line for removement of HMAC-SHA1 from the build process +MACS += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := hmac-sha1/ +$(ALGO_NAME)_INCDIR := sha1/ +$(ALGO_NAME)_OBJ := hmac-sha1.o sha1.o +$(ALGO_NAME)_TESTBIN := main-hmac-sha1-test.o $(CLI_STD) \ + nessie_mac_test.o nessie_common.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/hmac-sha256.mk b/mkfiles/hmac-sha256.mk new file mode 100644 index 0000000..14e5786 --- /dev/null +++ b/mkfiles/hmac-sha256.mk @@ -0,0 +1,14 @@ +# Makefile for HMAC-SHA256 +ALGO_NAME := HMAC-SHA256 + +# comment out the following line for removement of HMAC-SHA256 from the build process +MACS += $(ALGO_NAME) + +$(ALGO_NAME)_DIR := hmac-sha256/ +$(ALGO_NAME)_INCDIR := sha2/ +$(ALGO_NAME)_OBJ := hmac-sha256.o sha256.o sha2_small_common.o +$(ALGO_NAME)_TESTBIN := main-hmac-sha256-test.o $(CLI_STD) \ + nessie_mac_test.o nessie_common.o +$(ALGO_NAME)_NESSIE_TEST := "nessie" +$(ALGO_NAME)_PERFORMANCE_TEST := "performance" + diff --git a/mkfiles/zza_lib_cli_std.mk b/mkfiles/zza_lib_cli_std.mk new file mode 100644 index 0000000..d41aa2e --- /dev/null +++ b/mkfiles/zza_lib_cli_std.mk @@ -0,0 +1,11 @@ +ALGO_NAME := LIB_CLI_STD + +LIBRARYS += ALGO_NAME + +$(ALGO_NAME)_DIR := test_src/ +$(ALGO_NAME)_OBJ := cli.o hexdigit_tab.o dbz_strings.o string-extras.o uart_i.o \ + sysclock.o hw_gptm.o dump.o startup.o circularbytebuffer.o \ + main-test-common.o +$(ALGO_NAME)_BIN := libcli.a + + diff --git a/rsa/rsaes_oaep.c b/rsa/rsaes_oaep.c new file mode 100644 index 0000000..9b539c8 --- /dev/null +++ b/rsa/rsaes_oaep.c @@ -0,0 +1,228 @@ + +/* rsa_oaep.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include "memxor.h" +#include "mgf1.h" +#include "bigint.h" +#include "rsa_basic.h" +#include "rsaes_oaep.h" + +#include "random_dummy.h" + +#include "hfal/hfal_sha1.h" + +#include "cli.h" +#include "uart_lowlevel.h" + +mgf1_parameter_t mgf1_default_parameter = { + &sha1_desc +}; + +rsa_oaep_parameter_t rsa_oaep_default_parameter = { + mgf1, + &sha1_desc, + &mgf1_default_parameter +}; + +rsa_label_t rsa_oaep_default_label = { + 0, NULL +}; + +uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, + const void* src, uint16_t length_B, + const rsa_publickey_t* key, const rsa_oaep_parameter_t *p, + const rsa_label_t* label, const void* seed){ + + if(!p){ + p = &rsa_oaep_default_parameter; + } + if(!label){ + label = &rsa_oaep_default_label; + } + uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8; + if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){ + /* message too long */ + return 1; + } + uint16_t buffer_len = bigint_length_B(&key->modulus); +/* + cli_putstr("\r\n buffer_len = "); + cli_hexdump_rev(&buffer_len, 2); + cli_putstr("\r\n modulus_len = "); + cli_hexdump_rev(&key->modulus->length_W, 2); +*/ + uint8_t* buffer = (uint8_t*)dest; + uint8_t off; + /* the following needs some explanation: + * off is the offset which is used for compensating the effect of + * changeendian() when it operates on multi-byte words. + * */ + off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(&key->modulus)/8+1)%(sizeof(bigint_word_t)*8)) + % (sizeof(bigint_word_t)); + buffer += off; + buffer_len -= off; +// cli_putstr("\r\n off = "); +// cli_hexdump_byte(off); + uint8_t* seed_buffer = buffer + 1; + uint16_t db_len = buffer_len - hv_len - 1; + uint8_t* db = seed_buffer + hv_len; + uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len; + uint8_t maskbuffer[maskbuffer_len]; + bigint_t x; + + memset(dest, 0, seed_buffer - buffer + off); + memset(db + hv_len, 0, db_len - hv_len - length_B -1); + hfal_hash_mem(p->hf, db, label->label, label->length_b); + db[db_len - length_B - 1] = 0x01; + memcpy(db+db_len - length_B, src, length_B); + if(seed){ + memcpy(seed_buffer, seed, hv_len); + }else{ + /* generate random seed */ + if(!prng_get_byte){ + return 2; /* ERROR: no random generator specified */ + } + uint16_t i; + for(i=0; imodulus), 4, 16); + p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); + memxor(db, maskbuffer, db_len); + p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter); + memxor(seed_buffer, maskbuffer, hv_len); +// cli_putstr("\r\n msg (raw, post-feistel):\r\n"); +// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); + + x.wordv = dest; + bigint_adjust(&x); + + rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus)); + rsa_enc(&x, key); + rsa_i2osp(NULL, &x, out_length); + return 0; +} + +uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length, + const void* src, uint16_t length_B, + const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p, + const rsa_label_t* label, void* seed){ + +// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0); + if(!label){ + label = &rsa_oaep_default_label; + } + if(!p){ + p = &rsa_oaep_default_parameter; + } + uint16_t x_len, data_len; + bigint_t x; + uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8; + uint8_t label_hv[hv_len]; + uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1; + uint16_t db_len = msg_len - hv_len - 1; + uint8_t maskbuffer[db_len>hv_len?db_len:hv_len]; + + uint8_t *seed_buffer = dest; + uint8_t *db_buffer = seed_buffer + hv_len; + + x_len = bigint_get_first_set_bit(&key->modulus)/8; + memset(dest, 0, bigint_length_B(&key->modulus) - length_B); + memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B); + +// cli_putc('a'); uart_flush(0); + + x.wordv = dest; + x.length_W = key->modulus.length_W; + x.info = 0; + bigint_adjust(&x); + + +// cli_putc('b'); uart_flush(0); + rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus)); +// cli_putc('c'); uart_flush(0); + rsa_dec(&x, key); +// cli_putc('d'); uart_flush(0); + rsa_i2osp(NULL, &x, &data_len); + +// cli_putstr("\r\n msg (raw, pre-move):\r\n"); +// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16); + + if(data_len > x_len){ + return 7; + } +/* + cli_putstr("\r\n moving some bytes; x_len = "); + cli_hexdump_rev(&x_len, 2); + cli_putstr(" data_len = "); + cli_hexdump_rev(&data_len, 2); + uart_flush(0); +*/ + if(x_len != data_len){ + memmove((uint8_t*)dest + x_len - data_len, dest, data_len); +// cli_putstr(" (oh, not dead yet?!)"); +// uart_flush(0); + memset(dest, 0, x_len - data_len); + } + + hfal_hash_mem(p->hf, label_hv, label->label, label->length_b); +/* + cli_putstr("\r\n msg (raw, pre-feistel):\r\n"); + cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16); + uart_flush(0); +*/ + p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter); + memxor(seed_buffer, maskbuffer, hv_len); + p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter); + memxor(db_buffer, maskbuffer, db_len); + + if(memcmp(label_hv, db_buffer, hv_len)){ +// cli_putstr("\r\nDBG: DB:\r\n"); +// cli_hexdump_block(db_buffer, db_len, 4, 16); + return 2; + } + + uint16_t ps_len=0; + while(db_buffer[hv_len + ps_len++] == 0) + ; + + --ps_len; + if(db_buffer[hv_len + ps_len] != 1){ + return 3; + } + + if(seed){ + memcpy(seed, seed_buffer, hv_len); + } + + msg_len = db_len - hv_len - 1 - ps_len; + memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len); + + *out_length = msg_len; + + return 0; +} + + diff --git a/rsa/rsaes_oaep.h b/rsa/rsaes_oaep.h new file mode 100644 index 0000000..81acd6a --- /dev/null +++ b/rsa/rsaes_oaep.h @@ -0,0 +1,55 @@ +/* rsaes_oaep.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef RSAES_OAEP_H_ +#define RSAES_OAEP_H_ + +#include +#include "rsa_basic.h" +#include "mgf1.h" + + +void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p); + + +typedef struct { + void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p); + const hfdesc_t* hf; + mgf1_parameter_t* mgf_parameter; +} rsa_oaep_parameter_t; + +typedef struct { + uint16_t length_b; + const void* label; +} rsa_label_t; + +extern rsa_oaep_parameter_t rsa_oaep_default_parameter; +extern rsa_label_t rsa_oaep_default_label; + +uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length, + const void* src, uint16_t length_B, + const rsa_publickey_t* key, const rsa_oaep_parameter_t *p, + const rsa_label_t* label, const void* seed); + +uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length, + const void* src, uint16_t length_B, + const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p, + const rsa_label_t* label, void* seed); + +#endif /* RSAES_OAEP_H_ */ diff --git a/rsa/rsaes_pkcs1v15.c b/rsa/rsaes_pkcs1v15.c new file mode 100644 index 0000000..450053b --- /dev/null +++ b/rsa/rsaes_pkcs1v15.c @@ -0,0 +1,142 @@ +/* rsa_pkcs1v15.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include "bigint.h" +#include "rsa_basic.h" + +#define DEBUG 0 + +#if DEBUG +#include "bigint_io.h" +#include "cli.h" +#endif + +#include "random_dummy.h" + +uint16_t rsa_pkcs1v15_compute_padlength_B(const bigint_t* modulus, uint16_t msg_length_B){ + return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3; +} + +uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, + uint16_t length_B, const rsa_publickey_t* key, const void* pad){ + int16_t pad_length; + bigint_t x; + pad_length = rsa_pkcs1v15_compute_padlength_B(&key->modulus, length_B); + if(pad_length<8){ +#if DEBUG + cli_putstr("\r\nERROR: pad_length<8; pad_length: "); + cli_hexdump_rev(&pad_length, 2); +#endif + return 2; /* message to long */ + } + if(!pad){ +#if DEBUG + cli_putstr("\r\nauto-generating pad ..."); +#endif + uint16_t i; + uint8_t c; + for(i=0; i=m_length){ + return 1; + } + if(((uint8_t*)x.wordv)[idx]!=2){ + return 3; + } + + ++idx; + while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)=m_length){ + return 2; + } + *out_length = m_length - idx - pad_length - 1; + if(pad){ +#if DEBUG + cli_putstr("\r\npadding block:"); + cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16); + cli_putstr("\r\npad @ 0x"); + cli_hexdump_rev(&pad, 2); + cli_putstr("\r\ndst @ 0x"); + cli_hexdump_rev(&dest, 2); +#endif + memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length); + } + memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1); + + return 0; +} + diff --git a/rsa/rsaes_pkcs1v15.h b/rsa/rsaes_pkcs1v15.h new file mode 100644 index 0000000..d429d72 --- /dev/null +++ b/rsa/rsaes_pkcs1v15.h @@ -0,0 +1,36 @@ +/* rsa_pkcs1v15.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef RSAES_PKCS1V15_H_ +#define RSAES_PKCS1V15_H_ + +#include +#include "rsa_basic.h" +#include "bigint.h" + +uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B); + + +uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, + uint16_t length_B, const rsa_publickey_t* key, const void* pad); + +uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src, + uint16_t length_B, const rsa_privatekey_t* key, void* pad); + +#endif /* RSAES_PKCS1V15_H_ */ diff --git a/streamcipher_descriptor.h b/streamcipher_descriptor.h new file mode 100644 index 0000000..7fc8ef3 --- /dev/null +++ b/streamcipher_descriptor.h @@ -0,0 +1,111 @@ +/* streamcipher_descriptor.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file stremcipher_descriptor.h + * \author Daniel Otte + * \date 2011-01-15 + * + * \license GPLv3 or later + * + */ + +#ifndef STREAMCIPHER_DESCRIPTOR_H_ +#define STREAMCIPHER_DESCRIPTOR_H_ +#include + + +#ifndef VOID_FPT +#define VOID_FPT +typedef void(*void_fpt)(void); +#endif + +typedef void(*sc_init1_fpt)(const void*, void*); /* key of fixed length, no IV*/ +typedef void(*sc_init2_fpt)(const void*, const void*, void*); /* key and IV of fixed length */ +typedef void(*sc_init3_fpt)(const void*, uint16_t,void*); /* key of variable length, no IV */ +typedef void(*sc_init4_fpt)(const void*, uint16_t,const void*, void*); /* key of variable length, IV of fixed length */ +typedef void(*sc_init5_fpt)(const void*, uint16_t,const void*, uint16_t, void*); /* key and IV of variable length */ + +typedef uint8_t(*sc_gen1_fpt)(void*); /* return keystream data */ +typedef void(*sc_gen2_fpt)(void*, void*); /* write keystream data to buffer */ + +typedef uint8_t(*sc_genra1_fpt)(void*, uint64_t); /* return keystream data */ +typedef void(*sc_genra2_fpt)(void*, void*, uint64_t); /* write keystream data to buffer */ + + +typedef void(*sc_free_fpt)(void*); + +typedef union{ + void_fpt initvoid; + sc_init1_fpt init1; + sc_init2_fpt init2; + sc_init3_fpt init3; + sc_init4_fpt init4; + sc_init5_fpt init5; +} sc_init_fpt; + +typedef union{ + void_fpt genvoid; + sc_gen1_fpt gen1; + sc_gen2_fpt gen2; +} sc_gen_fpt; + +typedef union{ + void_fpt genravoid; + sc_genra1_fpt genra1; + sc_genra2_fpt genra2; +} sc_genra_fpt; + +#define SC_INIT_TYPE 0x07 +#define SC_INIT_TYPE_1 0x00 /* key of fixed length, no IV*/ +#define SC_INIT_TYPE_2 0x02 /* key and IV of fixed length */ +#define SC_INIT_TYPE_3 0x03 /* key of variable length, no IV */ +#define SC_INIT_TYPE_4 0x04 /* key of variable length, IV of fixed length */ +#define SC_INIT_TYPE_5 0x05 /* key and IV of variable length */ + +#define SC_GEN_TYPE 0x08 +#define SC_GEN_TYPE_1 0x00 /* return data stream byte */ +#define SC_GEN_TYPE_2 0x08 /* write data stream block into buffer */ + +#define SCDESC_TYPE_STREAMCIPHER 0x03 + +typedef struct { + uint8_t type; /* 3==streamcipher */ + uint8_t flags; + const char* name; + uint16_t ctxsize_B; + uint16_t gensize_b; + sc_init_fpt init; + sc_gen_fpt gen; + sc_genra_fpt genra; + sc_free_fpt free; + const void* valid_keysize_desc; + const void* valid_ivsize_desc; +} scdesc_t; /* streamcipher descriptor type */ + +typedef struct{ + const scdesc_t* desc_ptr; + uint16_t keysize; + uint16_t ivsize; + uint16_t index; + uint8_t* buffer; + void* ctx; +} scgen_ctx_t; + +#endif /* STREAMCIPHER_DESCRIPTOR_H_ */ + diff --git a/test_src/main-camellia-test.c b/test_src/main-camellia-test.c new file mode 100644 index 0000000..18f74f0 --- /dev/null +++ b/test_src/main-camellia-test.c @@ -0,0 +1,195 @@ +/* main-camellia-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * camellia test-suit + * + */ +#include "main-test-common.h" + +#include "camellia.h" +#include "nessie_bc_test.h" +#include "performance_test.h" +#include "cli.h" +#include "bcal_camellia128.h" +#include "bcal-performance.h" + +char* algo_name = "Camellia"; + +const bcdesc_t* algolist[] = { + (bcdesc_t*)&camellia128_desc, + NULL +}; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void camellia128_init_dummy(void* key, uint16_t keysize_b, void* ctx){ + camellia128_init(key, ctx); +} + +void testrun_nessie_camellia(void){ + nessie_bc_ctx.blocksize_B = 16; + nessie_bc_ctx.keysize_b = 128; + nessie_bc_ctx.name = algo_name; + nessie_bc_ctx.ctx_size_B = sizeof(camellia128_ctx_t); + nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)camellia128_enc; + nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)camellia128_dec; + nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)camellia128_init_dummy; + + nessie_bc_run(); +} + +/* + * P No.001 : 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + */ + +const uint8_t test_keys[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, + 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01, + 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01, 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE +}; + +void hexdump128(void* data){ + uint8_t i; + for(i=0; i<16; ++i){ + cli_hexdump(data, 1); + cli_putc(' '); + data = (uint8_t*)data +1; + } +} + +void testrun_camellia128(void){ + uint8_t data[16]; + uint8_t data2[16]; + uint8_t key[16]; + char str[4]; + uint8_t i,j; + str[3]= '\0'; + for(j=0; j<10; ++j){ + str[0] = ('0'+(j+1)/100); + str[1] = ('0'+((j+1)/10)%10); + str[2] = ('0'+(j+1)%10); + memcpy(key, test_keys+j*16, 16); + cli_putstr("\r\nK No."); + cli_putstr(str); + cli_putstr(" : "); + hexdump128(key); + camellia128_ctx_t ctx; + camellia128_init(key, &ctx); + for(i=0; i<128; ++i){ + memset(data, 0x00, 16); + data[i/8] = 0x80>>i%8; + memcpy(data2, data, 16); + str[0] = ('0'+(i+1)/100); + str[1] = ('0'+((i+1)/10)%10); + str[2] = ('0'+(i+1)%10); + cli_putstr("\r\nP No."); + cli_putstr(str); + cli_putstr(" : "); + hexdump128(data); + camellia128_enc(data, &ctx); + cli_putstr("\r\nC No."); + cli_putstr(str); + cli_putstr(" : "); + hexdump128(data); + camellia128_dec(data, &ctx); + if(memcmp(data, data2, 16)){ + cli_putstr("\r\n DECRYPTION ERROR !!!"); + } + } + } +} + +void test_performance_camellia(void){ + bcal_performance_multiple(algolist); +} + + +/***************************************************************************** + * self tests * + *****************************************************************************/ +/* +128-bit key +key 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 +plaintext 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10 +ciphertext 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43 +*/ +void testrun_camellia(void){ + + uint8_t data[16] = { 0x01, 0x23, 0x45, 0x67, + 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, + 0x76, 0x54, 0x32, 0x10 }; + + const uint8_t key[16] = { 0x01, 0x23, 0x45, 0x67, + 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, + 0x76, 0x54, 0x32, 0x10 }; + + + camellia128_ctx_t ctx; + camellia128_init(key, &ctx); + cli_putstr("\r\n key: "); + cli_hexdump(data, 16); + cli_putstr("\r\n plaintext: "); + cli_hexdump(data, 16); + camellia128_enc(data, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump(data, 16); + camellia128_dec(data, &ctx); + cli_putstr("\r\n decrypted: "); + cli_hexdump(data, 16); + +} + + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +const char test128_str[] = "test128"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; + +cmdlist_entry_t cmdlist[] = { + { nessie_str, NULL, testrun_nessie_camellia }, + { test_str, NULL, testrun_camellia}, + { test128_str, NULL, testrun_camellia128}, + { performance_str, NULL, test_performance_camellia}, + { echo_str, (void*)1, (void_fpt)echo_ctrl}, + { NULL, NULL, NULL} +}; + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-dsa-test.c b/test_src/main-dsa-test.c new file mode 100644 index 0000000..27737ea --- /dev/null +++ b/test_src/main-dsa-test.c @@ -0,0 +1,207 @@ +/* main-dsa-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * DSA test-suit + * +*/ +#include +#include +#include +#include "config.h" +#include "cli.h" +#include "dump.h" +#include "uart_lowlevel.h" +#include "sysclock.h" +#include "hw_gptm.h" + +#include "noekeon.h" +#include "noekeon_prng.h" +#include "bigint.h" +#include "bigint_io.h" +#include "dsa.h" +#include "dsa_key_blob.h" + +#include "performance_test.h" +#include "hfal_sha1.h" +#include "base64_enc.h" +#include "base64_dec.h" + +void uart0_putc(char byte){ + uart_putc(UART_0, byte); +} + +char uart0_getc(void){ + return uart_getc(UART_0); +} + +const char* algo_name = "DSA"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +dsa_ctx_t dsa_ctx; + +void load_fix_dsa(void){ + load_dsa_key_blob(&dsa_ctx); +} + +void dsa_print_item(bigint_t* a, const char* pstr){ + uint8_t *p; + cli_putstr("\r\n"); + cli_putstr(pstr); + cli_putstr(": "); + uint16_t i; + p = (uint8_t*)a->wordv + a->length_W*sizeof(bigint_word_t) -1; + for(i=0; ilength_W*sizeof(bigint_word_t)-1; ++i){ + if(i%16==0){ + cli_putstr("\r\n "); + } + cli_hexdump(p, 1); + cli_putc(':'); + --p; + } + if(i%16==0){ + cli_putstr("\r\n "); + } + cli_hexdump(p, 1); +} + +void dsa_print_signature_b64(dsa_signature_t* s){ + uint16_t size_r, size_s, size_o, i,j; + size_r = s->r.length_W*sizeof(bigint_word_t) +2; + size_s = s->s.length_W*sizeof(bigint_word_t) +2; + size_o = size_r + size_s +2; + uint8_t bin_b[size_o]; + bin_b[0] = 0x30; + bin_b[1] = size_o -2; + bin_b[2] = 0x02; + bin_b[3] = size_r-2; + j=4; + for(i=s->r.length_W*sizeof(bigint_word_t); i>0; --i){ + bin_b[j++] = ((uint8_t*)s->r.wordv)[i-1]; + } + bin_b[j++] = 0x02; + bin_b[j++] = size_s -2; + for(i=s->s.length_W*sizeof(bigint_word_t); i>0; --i){ + bin_b[j++] = ((uint8_t*)s->s.wordv)[i-1]; + } + char b64_b[size_o*4/3+5]; + base64enc(b64_b, bin_b, size_o); + cli_putstr(b64_b); +} + +void dsa_print_ctx(dsa_ctx_t* ctx){ + dsa_print_item(&(ctx->priv), "private"); + dsa_print_item(&(ctx->pub), "public"); + dsa_print_item(&(ctx->domain.p), "P"); + dsa_print_item(&(ctx->domain.q), "Q"); + dsa_print_item(&(ctx->domain.g), "G"); +} + +void dsa_print_signature(const dsa_signature_t* sig){ + cli_putstr("\r\nDSA-Signature:\r\n r:"); + bigint_print_hex(&(sig->r)); + cli_putstr("\r\n s:"); + bigint_print_hex(&(sig->s)); +} + +void quick_test(void){ + dsa_signature_t dsa_sig; + uint8_t i, t=0, message[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; + load_fix_dsa(); + bigint_word_t dsa_sig_s_b[dsa_ctx.domain.q.length_W], + dsa_sig_r_b[dsa_ctx.domain.q.length_W]; + dsa_print_ctx(&dsa_ctx); + dsa_sig.r.wordv = dsa_sig_r_b; + dsa_sig.s.wordv = dsa_sig_s_b; + cli_putstr("\r\n\r\n=== DSA QUICK TEST ==="); + for(i=0; i<9; ++i){ + cli_putstr("\r\n"); + cli_putc('1'+i); + cli_putstr(": message: "); + if (i){ + cli_hexdump(message, i); + }else{ + cli_putstr(""); + } + cli_putstr("\r\n computing signature ... "); + dsa_sign_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx, random8); + dsa_print_signature(&dsa_sig); + cli_putstr("\r\n base64:\r\n--- SIGNATURE ---\r\n "); + dsa_print_signature_b64(&dsa_sig); + cli_putstr("\r\n verifying signature ... "); + t = dsa_verify_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx); + cli_putstr("\r\n verification: "); + if(t==DSA_SIGNATURE_OK){ + cli_putstr("[PASS]"); + }else{ + cli_putstr("[FAIL]"); + } + } +} + +void reset_prng(void){ + uint8_t buf[16]; + memset(buf, 0, 16); + random_seed(buf); + cli_putstr("\r\nPRNG reset"); +} + +void testrun_performance_bigint(void){ + +} +/***************************************************************************** + * main * + *****************************************************************************/ + +const char echo_test_str[] = "echo-test"; +const char reset_prng_str[] = "reset-prng"; +const char quick_test_str[] = "quick-test"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; + +cmdlist_entry_t cmdlist[] = { + { reset_prng_str, NULL, reset_prng }, + { quick_test_str, NULL, quick_test }, + { performance_str, NULL, testrun_performance_bigint }, + { echo_str, (void*)1, (void_fpt)echo_ctrl }, + { NULL, NULL, NULL } +}; + +int main (void){ + sysclk_set_freq(SYS_FREQ); + sysclk_mosc_verify_enable(); + uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE); + gptm_set_timer_32periodic(TIMER0); + + cli_rx = uart0_getc; + cli_tx = uart0_putc; + + for(;;){ + cli_putstr("\r\n\r\nARM-Crypto-Lib VS ("); + cli_putstr(algo_name); + cli_putstr("; "); + cli_putstr(__DATE__); + cli_putc(' '); + cli_putstr(__TIME__); + cli_putstr(")\r\nloaded and running\r\n"); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-entropium-test.c b/test_src/main-entropium-test.c new file mode 100644 index 0000000..35e8fb1 --- /dev/null +++ b/test_src/main-entropium-test.c @@ -0,0 +1,106 @@ +/* main-entropium-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * entropium test-suit + * +*/ + +#include "main-test-common.h" + +#include "entropium.h" +#include "nessie_bc_test.h" +#include "performance_test.h" + +char* algo_name = "Entropium"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +void testrun_entropium(void){ + char c, str[16]; + uint8_t data[32]; + uint32_t i=0; + while('q'!=cli_getc()){ + entropium_getRandomBlock(data); + cli_putstr("\r\n "); + ultoa(i, str, 10); + for(c=strlen(str); c<11; ++c){ + cli_putc(' '); + } + cli_putstr(str); + ++i; + cli_putstr(" : "); + cli_hexdump(data, 32); + } + cli_putstr("\r\n\r\n"); +} + + +void testrun_performance_entropium(void){ + uint64_t t; + char str[16]; + uint8_t data[32]; + + calibrateTimer(); + print_overhead(); + + startTimer(1); + entropium_addEntropy(128, data); + t = stopTimer(); + cli_putstr("\r\n\tadd entropy time: "); + ultoa((unsigned long)t, str, 10); + cli_putstr(str); + + + startTimer(1); + entropium_getRandomBlock(data); + t = stopTimer(); + cli_putstr("\r\n\tget random time: "); + ultoa((unsigned long)t, str, 10); + cli_putstr(str); + + cli_putstr("\r\n"); +} +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; + +cmdlist_entry_t cmdlist[] = { + { nessie_str, NULL, testrun_entropium}, + { test_str, NULL, testrun_entropium}, + { performance_str, NULL, testrun_performance_entropium}, + { echo_str, (void*)1, (void_fpt)echo_ctrl}, + { NULL, NULL, NULL} +}; + + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-hmac-md5-test.c b/test_src/main-hmac-md5-test.c new file mode 100644 index 0000000..7b6cf8b --- /dev/null +++ b/test_src/main-hmac-md5-test.c @@ -0,0 +1,183 @@ +/* main-hmac-md5-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * HMAC-MD5 test-suit + * +*/ +#include "main-test-common.h" + +#include "md5.h" +#include "hmac-md5.h" +/* +#include "base64_enc.h" +#include "base64_dec.h" +*/ +#include "nessie_mac_test.h" + +const char* algo_name = "HMAC-MD5"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +void testrun_nessie_hmacmd5(void){ + nessie_mac_ctx.macsize_b = HMAC_MD5_BITS; + nessie_mac_ctx.keysize_b = HMAC_MD5_BLOCK_BITS; + nessie_mac_ctx.blocksize_B = HMAC_MD5_BLOCK_BYTES; + nessie_mac_ctx.ctx_size_B = sizeof(hmac_md5_ctx_t); + nessie_mac_ctx.name = algo_name; + nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_md5_init; + nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_md5_nextBlock; + nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_md5_lastBlock; + nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_md5_final; + + nessie_mac_run(); +} + +void testrun_test_hmacmd5(void){ + uint8_t hmac[16]; + uint8_t keys[][16] = { + { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }, + { 'J', 'e', 'f', 'e', }, + { 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA } + }; + uint8_t buffer[50]; + cli_putstr("\r\n hmac (1): "); + hmac_md5(hmac, keys[0], 128, "Hi There", 64); + cli_hexdump(hmac, 16); + + cli_putstr("\r\n hmac (2): "); + hmac_md5(hmac, keys[1], 4*8, "what do ya want for nothing?", 28*8); + cli_hexdump(hmac, 16); + + cli_putstr("\r\n hmac (3): "); + memset(buffer, 0xDD, 50); + hmac_md5(hmac, keys[2], 128, buffer, 50*8); + cli_hexdump(hmac, 16); + +} + +void hmacmd5_interactive(void){ + char key[101]; + char msg[101]; + uint8_t hmac[HMAC_MD5_BYTES]; + uint8_t key_len, msg_len; + cli_putstr("\r\nHMAC-MD5:\r\nkey: "); + cli_getsn(key, 100); + key_len = strlen(key); + cli_putstr("\r\nmsg: "); + cli_getsn(msg, 100); + msg_len = strlen(msg); + hmac_md5(hmac, key, key_len*8, msg, msg_len*8); + cli_putstr("\r\nhmac-md5: "); + cli_hexdump(hmac, HMAC_MD5_BYTES); +} + +void strhexdump(char* dest, void* src, uint16_t length){ + char table[] = { '0', '1', '2', '3', + '4', '5', '6', '7', + '8', '9', 'a', 'b', + 'c', 'd', 'e', 'f' }; + while(length--){ + *dest++ = table[(*((uint8_t*)src))>>4]; + *dest++ = table[(*((uint8_t*)src))&0xf]; + src = (uint8_t*)src +1; + } +} + +/* +void cram_md5_interactive(void){ + char key[101]; + char msg_b64[101]; + char username[101]; + uint8_t msg[100]; + uint8_t hmac[HMAC_MD5_BYTES]; + int key_len, msg_len; + int ul; + cli_putstr("\r\nCRAM-MD5:\r\nkey: "); + cli_getsn(key, 100); + key_len = strlen(key); + cli_putstr("\r\nusername: "); + cli_getsn(username, 60); + cli_putstr("\r\nchallange: "); + cli_getsn(msg_b64, 100); + if((msg_len = base64_binlength(msg_b64, 1))==-1){ + cli_putstr("\r\nERROR in base64 encoding !\r\n"); + return; + } + base64dec(msg, msg_b64, 1); + hmac_md5(hmac, key, key_len*8, msg, msg_len*8); + ul=strlen(username); + username[ul]=' '; + strhexdump(username+ul+1, hmac, 128/8); + base64enc(msg_b64, username, ul+1+128/8*2); + cli_putstr("\r\nresponse: "); + cli_hexdump(hmac, HMAC_MD5_BYTES); + cli_putstr("\r\nresponse (b64): "); + cli_putstr(msg_b64); +} +*/ + + +void md5_interactive(void){ + char msg[101]; + uint8_t hash[MD5_HASH_BYTES]; + uint8_t msg_len; + cli_putstr("\r\nmsg: "); + cli_getsn(msg, 100); + msg_len = strlen(msg); + md5((void*)hash, msg, msg_len*8); + cli_putstr("\r\nmd5: "); + cli_hexdump(hash, MD5_HASH_BYTES); +} + + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +/* const char performance_str[] = "performance"; */ +const char echo_str[] = "echo"; +const char hmd5i_str[] = "hmac-md5"; +/* const char crammd5i_str[] = "cram-md5"; */ +const char md5i_str[] = "md5"; + + +const cmdlist_entry_t const cmdlist[] = { + { nessie_str, NULL, testrun_nessie_hmacmd5}, + { test_str, NULL, testrun_test_hmacmd5}, + { hmd5i_str, NULL, hmacmd5_interactive}, +/* { crammd5i_str, NULL, cram_md5_interactive}, */ + { md5i_str, NULL, md5_interactive}, +/* { performance_str, NULL, testrun_performance_hmacmd5}, */ + { echo_str, (void*)1, (void_fpt)echo_ctrl}, + { NULL, NULL, NULL} +}; + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-hmac-sha1-test.c b/test_src/main-hmac-sha1-test.c new file mode 100644 index 0000000..450493d --- /dev/null +++ b/test_src/main-hmac-sha1-test.c @@ -0,0 +1,76 @@ +/* main-hmac-sha1-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * HMAC-SHA1 test-suit + * +*/ + +#include "main-test-common.h" +#include "sha1.h" +#include "hmac-sha1.h" + +#include "nessie_mac_test.h" + + +const char* algo_name = "HMAC-SHA1"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +void testrun_nessie_hmacsha1(void){ + nessie_mac_ctx.macsize_b = HMAC_SHA1_BITS; + nessie_mac_ctx.keysize_b = HMAC_SHA1_BLOCK_BITS; + nessie_mac_ctx.blocksize_B = HMAC_SHA1_BLOCK_BYTES; + nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha1_ctx_t); + nessie_mac_ctx.name = algo_name; + nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha1_init; + nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha1_nextBlock; + nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha1_lastBlock; + nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha1_final; + + nessie_mac_run(); +} + + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +/* const char performance_str[] = "performance"; */ +const char echo_str[] = "echo"; + +const cmdlist_entry_t const cmdlist[] = { + { nessie_str, NULL, testrun_nessie_hmacsha1}, + { test_str, NULL, testrun_nessie_hmacsha1}, +/* { performance_str, NULL, testrun_performance_hmacsha1}, */ + { echo_str, (void*)1, (void_fpt)echo_ctrl}, + { NULL, NULL, NULL} +}; + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-hmac-sha256-test.c b/test_src/main-hmac-sha256-test.c new file mode 100644 index 0000000..6241043 --- /dev/null +++ b/test_src/main-hmac-sha256-test.c @@ -0,0 +1,95 @@ +/* main-hmac-sha256-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * HMAC-SHA256 test-suit + * +*/ + +#include "main-test-common.h" + +#include "sha256.h" +#include "hmac-sha256.h" + +#include "nessie_mac_test.h" + + +const char* algo_name = "HMAC-SHA256"; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +void testrun_hmacsha256(void){ + uint8_t key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF }; + uint8_t msg[] = { 0x00 }; + uint8_t mac[HMAC_SHA256_BYTES]; + hmac_sha256(mac, key, 512, msg, 0); + cli_putstr("\r\n quick hmac = "); + cli_hexdump(mac, HMAC_SHA256_BYTES); + cli_putstr("\r\n"); +} + +void testrun_nessie_hmacsha256(void){ + nessie_mac_ctx.macsize_b = HMAC_SHA256_BITS; + nessie_mac_ctx.keysize_b = HMAC_SHA256_BLOCK_BITS; + nessie_mac_ctx.blocksize_B = HMAC_SHA256_BLOCK_BYTES; + nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha256_ctx_t); + nessie_mac_ctx.name = algo_name; + nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha256_init; + nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha256_nextBlock; + nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha256_lastBlock; + nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha256_final; + + nessie_mac_run(); +} + + + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +/* const char performance_str[] = "performance"; */ +const char echo_str[] = "echo"; + +const cmdlist_entry_t const cmdlist[] = { + { nessie_str, NULL, testrun_nessie_hmacsha256}, + { test_str, NULL, testrun_hmacsha256}, +/* { performance_str, NULL, testrun_performance_hmacsha256}, */ + { echo_str, (void*)1, (void_fpt)echo_ctrl}, + { NULL, NULL, NULL} +}; + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-rsaes_oaep-test.c b/test_src/main-rsaes_oaep-test.c new file mode 100644 index 0000000..1107c3a --- /dev/null +++ b/test_src/main-rsaes_oaep-test.c @@ -0,0 +1,794 @@ +/* main-dsa-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * RSA test-suit + * +*/ +#include "main-test-common.h" + +#include "noekeon.h" +#include "noekeon_prng.h" +#include "bigint.h" +#include "bigint_io.h" +#include "random_dummy.h" +#include "rsa_basic.h" +#include "rsaes_oaep.h" + +#include "performance_test.h" + +const char* algo_name = "RSAES-OAEP"; + +#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)) +#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t)) + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ +#if 0 +/* ================================== + * Example 1: A 1024-bit RSA Key Pair + * ================================== */ + +/* ------------------------------ + * Components of the RSA Key Pair + * ------------------------------ */ + +/* RSA modulus n: */ +const uint8_t modulus[] = { +0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4, +0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab, +0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85, +0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72, +0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97, +0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14, +0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24, +0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb +}; + +/* RSA public exponent e: */ +const uint8_t public_exponent[] = { +0x00, 0x01, 0x00, 0x01 +}; + +/* RSA private exponent d: */ +const uint8_t private_exponent[] = { +0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c, +0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd, +0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b, +0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55, +0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73, +0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf, +0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde, +0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1 +}; + +/* Prime p: */ +const uint8_t p[] = { +0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b, +0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a, +0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1, +0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d +}; + +/* Prime q: */ +const uint8_t q[] = { +0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7, +0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c, +0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe, +0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77 +}; + +/* p's CRT exponent dP: */ +const uint8_t dp[] = { +0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04, +0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3, +0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d, +0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1 +}; + +/* q's CRT exponent dQ: */ +const uint8_t dq[] = { +0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc, +0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73, +0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a, +0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83 +}; + +/* CRT coefficient qInv: */ +const uint8_t qinv[] = { +0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d, +0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11, +0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81, +0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1 +}; + +/* --------------------------------- + * RSAES-OAEP Encryption Example 1.1 + * --------------------------------- */ + +/* Message to be, encrypted: */ +const uint8_t message[] = { +0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23, +0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34 +}; + +/* Seed: */ +const uint8_t seed[] = { +0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1, +0xdd, 0xa0, 0xa5, 0xef +}; + +/* Encryption: */ +const uint8_t encrypted[] = { +0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f, +0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb, +0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01, +0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f, +0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22, +0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26, +0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c, +0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a +}; + +/* Message to be encrypted: */ +const uint8_t message2[] = { +0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9, +0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5 +}; + +/* Seed: */ +const uint8_t seed2[] = { +0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25, +0xfe, 0x4f, 0xe3, 0x5f +}; + +/* Encryption: */ +const uint8_t encrypted2[] = { +0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf, +0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11, +0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f, +0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52, +0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52, +0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b, +0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1, +0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44 +}; + +/**********************************************************************************************/ +/* --------------------------------- + * RSAES-OAEP Encryption Example 2.1 + * --------------------------------- */ + +/* Message to be encrypted: */ +const uint8_t message3[] = { +0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6, +0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7 +}; + +/* Seed: */ +const uint8_t seed3[] = { +0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94, +0xe7, 0x1b, 0x17, 0x82 +}; + +/* Encryption: */ +const uint8_t encrypted3[] = { +0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99, +0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a, +0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a, +0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34, +0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d, +0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a, +0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f, +0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72, +0x0e +}; +#endif +/**********************************************************************************************/ + +/* --------------------------------- + * RSAES-OAEP Encryption Example 2.4 + * --------------------------------- */ + +/* Message to be encrypted: */ +const uint8_t message4[] = { +0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f, +0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21, +0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c, +0x15, 0x3a, 0x10, 0xf0, 0x0a +}; + +/* Seed: */ +const uint8_t seed4[] = { +0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3, +0x80, 0x5a, 0x81, 0x56 +}; + +/* Encryption: */ +const uint8_t encrypted4[] = { +/* 0x00,*/ 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57, +0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c, +0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca, +0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b, +0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8, +0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76, +0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde, +0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76, +0x41 +}; + +/**********************************************************************************************/ +#if 1 +/* RSA modulus n: */ +const uint8_t modulus2[] = { +0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5, +0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e, +0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba, +0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d, +0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d, +0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05, +0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66, +0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f, +0x45 +}; + +/* RSA public exponent e: */ +const uint8_t public_exponent2[] = { +0x01, 0x00, 0x01 +}; + +/* RSA private exponent d: */ +const uint8_t private_exponent2[] = { +0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa, +0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93, +0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47, +0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc, +0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0, +0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59, +0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25, +0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39 +}; + +/* Prime p: */ +const uint8_t p2[] = { +0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d, +0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0, +0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37, +0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a, +0x43 +}; + +/* Prime q: */ +const uint8_t q2[] = { +0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a, +0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4, +0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b, +0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b, +0xd7 +}; + +/* p's CRT exponent dP: */ +const uint8_t dp2[] = { +0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c, +0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f, +0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30, +0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55 +}; + +/* q's CRT exponent dQ: */ +const uint8_t dq2[] = { +0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c, +0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b, +0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91, +0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66, +0xff +}; + +/* CRT coefficient qInv: */ +const uint8_t qinv2[] = { +0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73, +0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b, +0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15, +0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8 +}; + +#endif +/**********************************************************************************************/ + + +uint8_t keys_allocated = 0; +rsa_publickey_t pub_key; +rsa_privatekey_t priv_key; + +#if 0 + #define MSG message + #define SEED seed + #define ENCRYPTED encrypted + #define MODULUS modulus + #define PUB_EXPONENT public_exponent + #define PRIV_EXPONENT private_exponent + #define P p + #define Q q + #define DP dp + #define DQ dq + #define QINV qinv +#else + #define MSG message4 + #define SEED seed4 + #define ENCRYPTED encrypted4 + #define MODULUS modulus2 + #define PUB_EXPONENT public_exponent2 + #define PRIV_EXPONENT private_exponent2 + #define P p2 + #define Q q2 + #define DP dp2 + #define DQ dq2 + #define QINV qinv2 +#endif + + +uint8_t convert_nibble(uint8_t c){ + if(c>='0' && c<='9'){ + return c - '0'; + } + c |= 'A' ^ 'a'; + if(c>='a' && c<='f'){ + return c - 'a' + 10; + } + return 0xff; +} + +const char *block_ignore_string=" \t\r\n,;"; +#define BUFFER_LIMIT 120 +uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){ + uint16_t counter = 0; + uint16_t c; + uint8_t v, tmp = 0, idx = 0; + if(!ignore_string){ + ignore_string = block_ignore_string; + } + while(counter < length){ + c = cli_getc(); + if(c > 0xff){ + return counter; + } + if(strchr(ignore_string, c)){ + continue; + } + v = convert_nibble(c); + if(v > 0x0f){ + return counter; + } + if(idx){ + ((uint8_t*)dst)[counter++] = (tmp << 4) | v; + idx = 0; + if(counter % (BUFFER_LIMIT/2) == 0){ + cli_putc('.'); + } + }else{ + tmp = v; + idx = 1; + } + } + return counter; +} + +uint16_t own_atou(const char* str){ + uint16_t r=0; + while(*str && *str >= '0' && *str <= '9'){ + r *= 10; + r += *str++ - '0'; + } + return r; +} + +char* own_utoa(unsigned value, char* str, uint8_t radix){ + char *p = str, *b = str; + char t; + div_t d; + if(radix>36){ + return NULL; + } + if(value == 0){ + *p++ = '0'; + *p = '\0'; + return str; + } + while(value){ + d = div(value, radix); + value = d.quot; + if(d.rem < 10){ + *p++ = '0' + d.rem; + }else{ + *p++ = 'a' + d.rem - 10; + } + } + *p = '\0'; + while(strwordv = (bigint_word_t*)buffer; + a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + a->info = 0; + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} + +uint8_t pre_alloc_key_crt(void){ + priv_key.n = 5; + priv_key.components = malloc(5 * sizeof(bigint_t)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + return 0; +} + +void free_key(void){ + uint8_t c; + free(pub_key.modulus.wordv); + free(pub_key.exponent.wordv); + pub_key.modulus.wordv = priv_key.modulus.wordv = NULL; + for(c = 0; c < priv_key.n; ++c){ + free(priv_key.components[c].wordv); + } + free(priv_key.components); +} + +uint8_t read_key_crt(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + r = pre_alloc_key_crt(); + if(r) return r; + r = read_bigint(&pub_key.modulus, "\r\n = module ="); + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + if(r) return r; + r = read_bigint(&pub_key.exponent, "\r\n = public exponent ="); + if(r) return r; + r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) ="); + if(r) return r; + r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) ="); + if(r) return r; + r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) ="); + if(r) return r; + r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) ="); + if(r) return r; + r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) ="); + return r; +} + +uint8_t read_key_conv(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + r = read_bigint(&pub_key.modulus,"\r\n = module ="); + if(r) return r; + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + priv_key.n = 1; + priv_key.components = malloc(sizeof(bigint_t)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + r = read_bigint(&pub_key.exponent, "\r\n = public exponent ="); + if(r) return r; + r = read_bigint(&priv_key.components[0], "\r\n = private exponent ="); + return r; +} + +void load_priv_conventional(void){ + priv_key.components = malloc(sizeof(bigint_t)); + priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) + + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + priv_key.components[0].wordv = malloc(priv_key.components[0].length_W * + sizeof(bigint_word_t)); + if(!priv_key.components[0].wordv){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT)); + priv_key.n = 1; + bigint_changeendianess(&priv_key.components[0]); + bigint_adjust(&priv_key.components[0]); +} + + +void load_priv_crt_mono(void){ + bigint_t *v; + const uint8_t *bv[5] = {P,Q,DP,DQ,QINV}; + uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)}; + uint8_t i; + v = malloc(5 * sizeof(bigint_t)); + if(!v){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + priv_key.components = v; + priv_key.n = 5; + for(i=0; i<5; ++i){ + v[i].info = 0; + v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t)); + if(!v[i].wordv){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + memcpy(v[i].wordv, bv[i], sv[i]); + bigint_changeendianess(&v[i]); + bigint_adjust(&v[i]); + } +} + +uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){ + a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t); + a->wordv = malloc(BIGINT_CEIL(length_B)); + if(!a->wordv){ + cli_putstr("\r\nOOM!\r\n"); + return 1; + } + memset(a->wordv, 0, sizeof(bigint_word_t)); + memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B); + a->info = 0; + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} + +void load_fix_rsa(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; + + if(pre_alloc_key_crt()){ + cli_putstr("\r\nOOM!\r\n"); + return; + } + + load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS)); + load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT)); + priv_key.n = 5; + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + load_bigint_from_os(&priv_key.components[0], P, sizeof(P)); + load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q)); + load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP)); + load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ)); + load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV)); + +// load_priv_conventional(); +// load_priv_crt_mono(); +} + +void quick_test(void){ + uint8_t *ciphertext, *plaintext, rc; + uint8_t seed[sizeof(SEED)]; + uint16_t clen, plen; + ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t)); + plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t)); + memcpy(plaintext, MSG, sizeof(MSG)); + memcpy(seed, SEED, sizeof(SEED)); + cli_putstr("\r\nplaintext:"); + cli_hexdump_block(plaintext, sizeof(MSG), 4, 8); + cli_putstr("\r\nencrypting: ..."); + rc = rsa_encrypt_oaep(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, NULL, NULL, seed); + if(rc){ + cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: "); + cli_hexdump_byte(rc); + return; + + } + + cli_putstr("\r\n\r\nciphertext:"); + cli_hexdump_block(ciphertext, clen, 4, 8); + if(clen!=sizeof(ENCRYPTED)){ + cli_putstr("\r\n>>FAIL (no size match)<<"); + }else{ + if(memcmp(ciphertext, ENCRYPTED, clen)){ + cli_putstr("\r\n>>FAIL (no content match)<<"); + }else{ + cli_putstr("\r\n>>OK<<"); + } + } + + cli_putstr("\r\ndecrypting: ..."); + rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL); + if(rc){ + cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: "); + cli_hexdump_byte(rc); + return; + } + cli_putstr("\r\n\r\nplaintext:"); + cli_hexdump_block(plaintext, plen, 4, 8); + + free(ciphertext); + free(plaintext); +} + +void run_seed_test(void){ + uint8_t *msg, *ciph, *msg_; + uint16_t msg_len, ciph_len, msg_len_; + uint8_t seed[20], seed_out[20]; + char read_int_str[18]; + cli_putstr("\r\n== test with given seed =="); + cli_putstr("\r\n = message ="); + cli_putstr("\r\n length: "); + cli_getsn(read_int_str, 16); + msg_len = own_atou(read_int_str); + msg = malloc(msg_len); + if(!msg){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + ciph = malloc(bigint_length_B(&pub_key.modulus)); + if(!ciph){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + msg_ = malloc(bigint_length_B(&pub_key.modulus)); + if(!msg_){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + cli_putstr("\r\n data: "); + read_os(msg, msg_len, NULL); + cli_putstr("\r\n seed (20 bytes): "); + read_os(seed, 20, NULL); + + cli_putstr("\r\n encrypting ..."); + rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed); + cli_putstr("\r\n ciphertext:"); + cli_hexdump_block(ciph, ciph_len, 4, 16); + cli_putstr("\r\n decrypting ... "); + rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out); + cli_putstr("[done]"); + if(msg_len != msg_len_){ + char tstr[16]; + cli_putstr("\r\nERROR: wrong decrypted message length ("); + + own_utoa(msg_len_, tstr, 10); + cli_putstr(tstr); + cli_putstr(" instead of "); + own_utoa(msg_len, tstr, 10); + cli_putstr(tstr); + cli_putc(')'); + goto end; + } + if(memcmp(msg, msg_, msg_len)){ + cli_putstr("\r\nERROR: wrong decrypted message:"); + cli_hexdump_block(msg_, msg_len_, 4, 16); + cli_putstr("\r\nreference:"); + cli_hexdump_block(msg, msg_len, 4, 16); + goto end; + } + + if(memcmp(seed, seed_out, 20)){ + cli_putstr("\r\nERROR: wrong decrypted seed:"); + cli_hexdump_block(seed_out, 20, 4, 16); + cli_putstr("\r\nreference:"); + cli_hexdump_block(seed, 20, 4, 16); + goto end; + } + cli_putstr("\r\n >>OK<<"); +end: + free(msg); + free(msg_); + free(ciph); +} + +void reset_prng(void){ + uint8_t buf[16]; + memset(buf, 0, 16); + random_seed(buf); + cli_putstr("\r\nPRNG reset"); +} + +void rsa_init(void){ + prng_get_byte = random8; +} + +void load_key(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; + read_key_crt(); +} + +void test_dump(void){ + char lstr[16]; + int len; + cli_putstr("\r\nenter dump length: "); + cli_getsn(lstr, 15); + len = own_atou(lstr); + cli_putstr("\r\ndumping 0x"); + cli_hexdump_rev(&len, 2); + cli_putstr(" byte:"); + cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8); +} + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char echo_test_str[] = "echo-test"; +const char reset_prng_str[] = "reset-prng"; +const char load_key_str[] = "load-key"; +const char load_fix_key_str[] = "load-fix-key"; +const char quick_test_str[] = "quick-test"; +const char seed_test_str[] = "seed-test"; +const char dump_test_str[] = "dump-test"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; + +const cmdlist_entry_t cmdlist[] = { + { reset_prng_str, NULL, reset_prng }, + { load_key_str, NULL, load_key }, + { load_fix_key_str, NULL, load_fix_rsa }, + { quick_test_str, NULL, quick_test }, + { seed_test_str, NULL, run_seed_test }, + { dump_test_str, NULL, test_dump }, +// { performance_str, NULL, testrun_performance_bigint }, + { echo_str, (void*)1, (void_fpt)echo_ctrl }, + { NULL, NULL, NULL } +}; + +void dump_sp(void){ + uint8_t x; + uint8_t *xa = &x; + cli_putstr("\r\nstack pointer: ~"); + cli_hexdump_rev(&xa, 4); +} + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + rsa_init(); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-rsaes_pkcs1v15-test.c b/test_src/main-rsaes_pkcs1v15-test.c new file mode 100644 index 0000000..c0ccd6c --- /dev/null +++ b/test_src/main-rsaes_pkcs1v15-test.c @@ -0,0 +1,714 @@ +/* main-dsa-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * RSA test-suit + * +*/ +#include "main-test-common.h" + +#include "noekeon.h" +#include "noekeon_prng.h" +#include "bigint.h" +#include "bigint_io.h" +#include "random_dummy.h" +#include "rsa_basic.h" +#include "rsaes_pkcs1v15.h" + +#include "performance_test.h" + +const char* algo_name = "RSAES-PKCS15"; + +#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)) +#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t)) + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +/* Modulus: */ +const uint8_t modulus[] = { +0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4, +0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab, +0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85, +0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72, +0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97, +0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14, +0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24, +0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb +}; + +/* Public exponent: */ +const uint8_t pub_exponent[] = { 0x01, 0x00, 0x01 }; + +/* Exponent: */ +const uint8_t priv_exponent[] = { +0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c, +0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd, +0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b, +0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55, +0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73, +0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf, +0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde, +0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1 +}; + +/* Prime 1: */ +const uint8_t p[] = { +0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b, +0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a, +0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1, +0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d +}; + +/* Prime 2: */ +const uint8_t q[] = { +0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7, +0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c, +0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe, +0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77 +}; + +/* Prime exponent 1: */ +const uint8_t dp[] = { +0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04, +0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3, +0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d, +0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1 +}; + +/* Prime exponent 2: */ +const uint8_t dq[] = { +0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc, +0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73, +0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a, +0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83 +}; + +/* Coefficient: */ +const uint8_t qinv[] = { +0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d, +0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11, +0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81, +0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1 +}; + +/* + * Example 2: A 1024-bit RSA key pair + * --------------------------------------------------- + */ + +/* Modulus: */ +const uint8_t modulus2[] = { +0x98, 0xb7, 0x05, 0x82, 0xca, 0x80, 0x8f, 0xd1, 0xd3, 0x50, 0x95, 0x62, 0xa0, 0xef, 0x30, 0x5a, +0xf6, 0xd9, 0x87, 0x54, 0x43, 0xb3, 0x5b, 0xdf, 0x24, 0xd5, 0x36, 0x35, 0x3e, 0x3f, 0x12, 0x28, +0xdc, 0xd1, 0x2a, 0x78, 0x56, 0x83, 0x56, 0xc6, 0xff, 0x32, 0x3a, 0xbf, 0x72, 0xac, 0x1c, 0xdb, +0xfe, 0x71, 0x2f, 0xb4, 0x9f, 0xe5, 0x94, 0xa5, 0xa2, 0x17, 0x5d, 0x48, 0xb6, 0x73, 0x25, 0x38, +0xd8, 0xdf, 0x37, 0xcb, 0x97, 0x0b, 0xe4, 0xa5, 0xb5, 0x62, 0xc3, 0xf2, 0x98, 0xdb, 0x9d, 0xdf, +0x75, 0x60, 0x78, 0x77, 0x91, 0x8c, 0xce, 0xd1, 0xd0, 0xd1, 0xf3, 0x77, 0x33, 0x8c, 0x0d, 0x3d, +0x32, 0x07, 0x79, 0x7e, 0x86, 0x2c, 0x65, 0xd1, 0x14, 0x39, 0xe5, 0x88, 0x17, 0x75, 0x27, 0xa7, +0xde, 0xd9, 0x19, 0x71, 0xad, 0xcf, 0x91, 0xe2, 0xe8, 0x34, 0xe3, 0x7f, 0x05, 0xa7, 0x36, 0x55 +}; + +/* Public exponent: */ +const uint8_t pub_exponent2[] = {0x01, 0x00, 0x01 }; + +/* Exponent: */ +const uint8_t priv_exponent2[] = { +0x06, 0x14, 0xa7, 0x86, 0x05, 0x2d, 0x28, 0x4c, 0xd9, 0x06, 0xa8, 0xe4, 0x13, 0xf7, 0x62, 0x2c, +0x05, 0x0f, 0x35, 0x49, 0xc0, 0x26, 0x58, 0x9e, 0xa2, 0x77, 0x50, 0xe0, 0xbe, 0xd9, 0x41, 0x0e, +0x5a, 0x78, 0x83, 0xa1, 0xe6, 0x03, 0xf5, 0xc5, 0x17, 0xad, 0x36, 0xd4, 0x9f, 0xaa, 0xc5, 0xbd, +0x66, 0xbc, 0xb8, 0x03, 0x0f, 0xa8, 0xd3, 0x09, 0xe3, 0x51, 0xdd, 0xd7, 0x82, 0xd8, 0x43, 0xdf, +0x97, 0x56, 0x80, 0xae, 0x73, 0xee, 0xa9, 0xaa, 0xb2, 0x89, 0xb7, 0x57, 0x20, 0x5d, 0xad, 0xb8, +0xfd, 0xfb, 0x98, 0x9e, 0xc8, 0xdb, 0x8e, 0x70, 0x95, 0xf5, 0x1f, 0x24, 0x52, 0x9f, 0x56, 0x37, +0xaa, 0x66, 0x93, 0x31, 0xe2, 0x56, 0x9f, 0x8b, 0x85, 0x4a, 0xbe, 0xce, 0xc9, 0x9a, 0xa2, 0x64, +0xc3, 0xda, 0x7c, 0xc6, 0x86, 0x6f, 0x0c, 0x0e, 0x1f, 0xb8, 0x46, 0x98, 0x48, 0x58, 0x1c, 0x73 +}; + +/* Prime 1: */ +const uint8_t p2[] = { +0xcb, 0x61, 0xa8, 0x8c, 0x8c, 0x30, 0x5a, 0xd9, 0xa8, 0xfb, 0xec, 0x2b, 0xa4, 0xc8, 0x6c, 0xcc, +0xc2, 0x02, 0x80, 0x24, 0xaa, 0x16, 0x90, 0xc2, 0x9b, 0xc8, 0x26, 0x4d, 0x2f, 0xeb, 0xe8, 0x7e, +0x4f, 0x86, 0xe9, 0x12, 0xef, 0x0f, 0x5c, 0x18, 0x53, 0xd7, 0x1c, 0xbc, 0x9b, 0x14, 0xba, 0xed, +0x3c, 0x37, 0xce, 0xf6, 0xc7, 0xa3, 0x59, 0x8b, 0x6f, 0xbe, 0x06, 0x48, 0x10, 0x90, 0x5b, 0x57 +}; + +/* Prime 2: */ +const uint8_t q2[] = { +0xc0, 0x39, 0x9f, 0x0b, 0x93, 0x80, 0xfa, 0xba, 0x38, 0xff, 0x80, 0xd2, 0xff, 0xf6, 0xed, 0xe7, +0x9c, 0xfd, 0xab, 0xf6, 0x58, 0x97, 0x20, 0x77, 0xa5, 0xe2, 0xb2, 0x95, 0x69, 0x3e, 0xa5, 0x10, +0x72, 0x26, 0x8b, 0x91, 0x74, 0x6e, 0xea, 0x9b, 0xe0, 0x4a, 0xd6, 0x61, 0x00, 0xeb, 0xed, 0x73, +0x3d, 0xb4, 0xcd, 0x01, 0x47, 0xa1, 0x8d, 0x6d, 0xe8, 0xc0, 0xcd, 0x8f, 0xbf, 0x24, 0x9c, 0x33 +}; + +/* Prime exponent 1: */ +const uint8_t dp2[] = { +0x94, 0x4c, 0x3a, 0x65, 0x79, 0x57, 0x4c, 0xf7, 0x87, 0x33, 0x62, 0xab, 0x14, 0x35, 0x9c, 0xb7, +0xd5, 0x03, 0x93, 0xc2, 0xa8, 0x4f, 0x59, 0xf0, 0xbd, 0x3c, 0xbd, 0x48, 0xed, 0x17, 0x7c, 0x68, +0x95, 0xbe, 0x8e, 0xb6, 0xe2, 0x9f, 0xf5, 0x8c, 0x3b, 0x9e, 0x0f, 0xf3, 0x2a, 0xb5, 0x7b, 0xf3, +0xbe, 0x44, 0x07, 0x62, 0x84, 0x81, 0x84, 0xaa, 0x9a, 0xa9, 0x19, 0xd5, 0x74, 0x56, 0x7e, 0x73 +}; + +/* Prime exponent 2: */ +const uint8_t dq2[] = { +0x45, 0xeb, 0xef, 0xd5, 0x87, 0x27, 0x30, 0x8c, 0xd2, 0xb4, 0xe6, 0x08, 0x5a, 0x81, 0x58, 0xd2, +0x9a, 0x41, 0x8f, 0xee, 0xc1, 0x14, 0xe0, 0x03, 0x85, 0xbc, 0xeb, 0x96, 0xfb, 0xbc, 0x84, 0xd0, +0x71, 0xa5, 0x61, 0xb9, 0x5c, 0x30, 0x08, 0x79, 0x00, 0xe2, 0x58, 0x0e, 0xdb, 0x05, 0xf6, 0xce, +0xa7, 0x90, 0x7f, 0xcd, 0xca, 0x5f, 0x92, 0x91, 0x7b, 0x4b, 0xbe, 0xba, 0x5e, 0x1e, 0x14, 0x0f +}; + +/* Coefficient: */ +const uint8_t qinv2[] = { +0xc5, 0x24, 0x68, 0xc8, 0xfd, 0x15, 0xe5, 0xda, 0x2f, 0x6c, 0x8e, 0xba, 0x4e, 0x97, 0xba, 0xeb, +0xe9, 0x95, 0xb6, 0x7a, 0x1a, 0x7a, 0xd7, 0x19, 0xdd, 0x9f, 0xff, 0x36, 0x6b, 0x18, 0x4d, 0x5a, +0xb4, 0x55, 0x07, 0x59, 0x09, 0x29, 0x20, 0x44, 0xec, 0xb3, 0x45, 0xcf, 0x2c, 0xdd, 0x26, 0x22, +0x8e, 0x21, 0xf8, 0x51, 0x83, 0x25, 0x5f, 0x4a, 0x9e, 0x69, 0xf4, 0xc7, 0x15, 0x2e, 0xbb, 0x0f +}; + + +/* PKCS#1 v1.5 encryption of 0x20, random messages with random s0xee,ds + * --------------------------------------------------------------------------- + */ + +/* Message: */ +const uint8_t message_x[] = { +0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23, +0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34 +}; + +/* Seed: */ +const uint8_t seed_x[] = { +0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc, +0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55, +0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc, +0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38, +0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e, +0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c, +0x6f }; + +/* Encryption: */ +const uint8_t encrypted_x[] = { +0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36, +0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1, +0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d, +0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07, +0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5, +0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85, +0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30, +0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31 +}; + +/* + * PKCS#1 v1.5 Encryption Example 2.15 + * ---------------------------------- + */ +/* Message: */ +const uint8_t message_2_15[] = { +0xa6, 0xd0, 0xe8, 0xc1, 0xea, 0x4a, 0xb4, 0xec, 0xc8, 0x95, 0x7d, 0x62, 0x28, 0x15, 0x79, 0x67, +0x5a, 0x64, 0x8d, 0x62, 0xb7, 0xf2, 0x2b, 0x2b, 0x08, 0xd1, 0x31, 0x3f, 0x40, 0x6f, 0x13, 0x7e, +0x99, 0x42, 0x67, 0x35, 0xcd, 0xb9, 0x37, 0x2f, 0xec, 0xa1, 0xee, 0x78, 0x46, 0x3f, 0xa5, 0xde, +0x9c, 0xdd, 0x84, 0x75, 0x6c, 0x68, 0xbd, 0x1d, 0x92, 0xba, 0x96, 0x5f, 0x50, 0x64, 0x10, 0xb1 +}; + +/* Seed: */ +const uint8_t seed_2_15[] = { +0x1c, 0x25, 0xc9, 0xb8, 0x32, 0x16, 0x9a, 0x1f, 0xdb, 0x6c, 0x14, 0x8e, 0x47, 0xe6, 0x6c, 0x3c, +0xc8, 0x21, 0x41, 0xe6, 0x11, 0xa6, 0xf3, 0x0c, 0xc9, 0x0c, 0x50, 0x49, 0xe8, 0xc5, 0x02, 0xb3, +0x1c, 0xad, 0xc7, 0x62, 0x39, 0xb7, 0xbd, 0xaf, 0x93, 0xfa, 0x97, 0x34, 0x3e, 0x7e, 0xe5, 0x51, +0xbc, 0x52, 0xfd, 0xb5, 0xec, 0x9e, 0x40, 0x0a, 0xf0, 0x5d, 0xbe, 0xac, 0xda +}; + +/* Encryption: */ +const uint8_t encrypted_2_15[] = { +0xe8, 0xb2, 0xfc, 0x76, 0xdf, 0xb4, 0xa6, 0xcc, 0x43, 0x64, 0xde, 0x8f, 0x68, 0x3c, 0x3f, +0xcd, 0x0a, 0x9e, 0xcf, 0xbd, 0x4a, 0x5a, 0x72, 0x24, 0xf4, 0x9a, 0xe9, 0xb4, 0xf3, 0xb5, 0xcd, +0xc7, 0x1c, 0xbb, 0x8c, 0x66, 0xfd, 0x35, 0xf3, 0xd1, 0x8e, 0xca, 0x98, 0x96, 0x7b, 0xd4, 0x00, +0x5d, 0xf7, 0x91, 0x52, 0x41, 0x6f, 0xd4, 0x7e, 0x56, 0x2c, 0x55, 0xed, 0xc6, 0xd6, 0x12, 0x12, +0x28, 0x6e, 0xf9, 0x75, 0xbc, 0xc8, 0x02, 0x69, 0x25, 0x92, 0x65, 0x39, 0x00, 0x97, 0x3c, 0x72, +0xe0, 0x1a, 0x69, 0x3b, 0x05, 0xfc, 0x2d, 0x58, 0x56, 0xea, 0xef, 0x7a, 0xc0, 0x8f, 0xf5, 0xec, +0xd5, 0x31, 0xe2, 0xc2, 0xce, 0x92, 0x77, 0x45, 0xa1, 0x16, 0x5a, 0x51, 0xaa, 0x66, 0x98, 0xa1, +0xff, 0xcb, 0x87, 0xf8, 0x1e, 0xf6, 0x51, 0x0b, 0xca, 0xf9, 0xcb, 0x76, 0x1e, 0x9e, 0x1f, 0x0f +}; + +uint8_t keys_allocated = 0; +rsa_publickey_t pub_key; +rsa_privatekey_t priv_key; + +#if 1 + #define MSG message_2_15 + #define SEED seed_2_15 + #define ENCRYPTED encrypted_2_15 + #define MODULUS modulus2 + #define PUB_EXPONENT pub_exponent2 + #define PRIV_EXPONENT priv_exponent2 + #define P p2 + #define Q q2 + #define DP dp2 + #define DQ dq2 + #define QINV qinv2 +#endif + + +uint8_t convert_nibble(uint8_t c){ + if(c>='0' && c<='9'){ + return c - '0'; + } + c |= 'A' ^ 'a'; + if(c>='a' && c<='f'){ + return c - 'a' + 10; + } + return 0xff; +} + +const char *block_ignore_string=" \t\r\n,;"; +#define BUFFER_LIMIT 120 +uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){ + uint16_t counter = 0; + uint16_t c; + uint8_t v, tmp = 0, idx = 0; + if(!ignore_string){ + ignore_string = block_ignore_string; + } + while(counter < length){ + c = cli_getc(); + if(c > 0xff){ + return counter; + } + if(strchr(ignore_string, c)){ + continue; + } + v = convert_nibble(c); + if(v > 0x0f){ + return counter; + } + if(idx){ + ((uint8_t*)dst)[counter++] = (tmp << 4) | v; + idx = 0; + if(counter % (BUFFER_LIMIT/2) == 0){ + cli_putc('.'); + } + }else{ + tmp = v; + idx = 1; + } + } + return counter; +} + +uint16_t own_atou(const char* str){ + uint16_t r=0; + while(*str && *str >= '0' && *str <= '9'){ + r *= 10; + r += *str++ - '0'; + } + return r; +} + +uint8_t read_bigint(bigint_t* a, char* prompt){ + uint16_t read_length, actual_length; + uint8_t off; + uint8_t *buffer; + char read_int_str[18]; + cli_putstr(prompt); + cli_putstr("\r\n length: "); + cli_getsn(read_int_str, 16); + read_length = own_atou(read_int_str); + off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t); + buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t)); + if(!buffer){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + cli_putstr("\r\n data: "); + memset(buffer, 0, sizeof(bigint_word_t)); + actual_length = read_os(buffer + off, read_length, NULL); + if(actual_length != read_length){ + cli_putstr("\r\nERROR: unexpected end of data!"); + free(buffer); + return 1; + } + a->wordv = (bigint_word_t*)buffer; + a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + a->info = 0; + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} + +uint8_t pre_alloc_key_crt(void){ + priv_key.n = 5; + priv_key.components = malloc(5 * sizeof(bigint_t)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + return 0; +} + +void free_key(void){ + uint8_t c; + free(pub_key.modulus.wordv); + free(pub_key.exponent.wordv); + pub_key.modulus.wordv = priv_key.modulus.wordv = NULL; + for(c = 0; c < priv_key.n; ++c){ + free(priv_key.components[c].wordv); + } + free(priv_key.components); +} + +uint8_t read_key_crt(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + r = pre_alloc_key_crt(); + if(r) return r; + r = read_bigint(&pub_key.modulus, "\r\n = module ="); + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + if(r) return r; + r = read_bigint(&pub_key.exponent, "\r\n = public exponent ="); + if(r) return r; + r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) ="); + if(r) return r; + r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) ="); + if(r) return r; + r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) ="); + if(r) return r; + r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) ="); + if(r) return r; + r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) ="); + return r; +} + +uint8_t read_key_conv(void){ + uint8_t r; + cli_putstr("\r\n== reading key (crt) =="); + r = read_bigint(&pub_key.modulus,"\r\n = module ="); + if(r) return r; + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + priv_key.n = 1; + priv_key.components = malloc(sizeof(bigint_t)); + if(!priv_key.components){ + cli_putstr("\r\nERROR: OOM!"); + return 2; + } + r = read_bigint(&pub_key.exponent, "\r\n = public exponent ="); + if(r) return r; + r = read_bigint(&priv_key.components[0], "\r\n = private exponent ="); + return r; +} + +void load_priv_conventional(void){ + priv_key.components = malloc(sizeof(bigint_t)); + priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) + + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + priv_key.components[0].wordv = malloc(priv_key.components[0].length_W * + sizeof(bigint_word_t)); + if(!priv_key.components[0].wordv){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT)); + priv_key.n = 1; + bigint_changeendianess(&priv_key.components[0]); + bigint_adjust(&priv_key.components[0]); +} + + +void load_priv_crt_mono(void){ + bigint_t *v; + const uint8_t *bv[5] = {P,Q,DP,DQ,QINV}; + uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)}; + uint8_t i; + v = malloc(5 * sizeof(bigint_t)); + if(!v){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + priv_key.components = v; + priv_key.n = 5; + for(i=0; i<5; ++i){ + v[i].info = 0; + v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t); + v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t)); + if(!v[i].wordv){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + memcpy(v[i].wordv, bv[i], sv[i]); + bigint_changeendianess(&v[i]); + bigint_adjust(&v[i]); + } +} + +uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){ + a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t); + a->wordv = malloc(BIGINT_CEIL(length_B)); + if(!a->wordv){ + cli_putstr("\r\nOOM!\r\n"); + return 1; + } + memset(a->wordv, 0, sizeof(bigint_word_t)); + memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B); + a->info = 0; + bigint_changeendianess(a); + bigint_adjust(a); + return 0; +} + +void load_fix_rsa(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; + + if(pre_alloc_key_crt()){ + cli_putstr("\r\nOOM!\r\n"); + return; + } + + load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS)); + load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT)); + priv_key.n = 5; + memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t)); + load_bigint_from_os(&priv_key.components[0], P, sizeof(P)); + load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q)); + load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP)); + load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ)); + load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV)); + +// load_priv_conventional(); +// load_priv_crt_mono(); +} + +void quick_test(void){ + uint8_t *ciphertext, *plaintext, rc; + uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)]; + uint16_t clen, plen; + if(!keys_allocated){ + load_fix_rsa(); + } + ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t)); + plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t)); + memcpy(plaintext, MSG, sizeof(MSG)); + memcpy(seed, SEED, sizeof(SEED)); + cli_putstr("\r\nplaintext:"); + cli_hexdump_block(plaintext, sizeof(MSG), 4, 16); + cli_putstr("\r\nseed:"); + cli_hexdump_block(seed, sizeof(SEED), 4, 16); + cli_putstr("\r\nencrypting: ..."); + + rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed); + if(rc){ + cli_putstr("\r\nERROR: rsa_encrypt_pkcs1v15 returned: "); + cli_hexdump_byte(rc); + return; + + } + + cli_putstr("\r\n\r\nciphertext:"); + cli_hexdump_block(ciphertext, clen, 4, 16); + if(clen!=sizeof(ENCRYPTED)){ + cli_putstr("\r\n>>FAIL (no size match)<<"); + }else{ + if(memcmp(ciphertext, ENCRYPTED, clen)){ + cli_putstr("\r\n>>FAIL (no content match)<<"); + }else{ + cli_putstr("\r\n>>OK<<"); + } + } + + cli_putstr("\r\ndecrypting: ..."); + rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out); + if(rc){ + cli_putstr("\r\nERROR: rsa_decrypt_pkcs1v15 returned: "); + cli_hexdump_byte(rc); + return; + } + cli_putstr("\r\n\r\nplaintext:"); + cli_hexdump_block(plaintext, plen, 4, 16); + cli_putstr("\r\n\r\nseed (out):"); + cli_hexdump_block(seed_out, sizeof(SEED), 4, 16); + + free(ciphertext); + free(plaintext); +} + +void run_seed_test(void){ + uint8_t *msg, *ciph, *msg_; + uint16_t msg_len, ciph_len, msg_len_; + uint16_t seed_len; + uint8_t *seed, *seed_out; + char read_int_str[18]; + cli_putstr("\r\n== test with given seed =="); + cli_putstr("\r\n = message ="); + cli_putstr("\r\n length: "); + cli_getsn(read_int_str, 16); + msg_len = own_atou(read_int_str); + seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len); + seed = malloc(seed_len); + if(!seed){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + seed_out = malloc(seed_len); + if(!seed_out){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + msg = malloc(msg_len); + if(!msg){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + ciph = malloc(bigint_length_B(&pub_key.modulus)); + if(!ciph){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + msg_ = malloc(bigint_length_B(&pub_key.modulus)); + if(!msg_){ + cli_putstr("\r\nERROR: OOM!"); + return; + } + cli_putstr("\r\n data: "); + read_os(msg, msg_len, NULL); + cli_putstr("\r\n seed (0x"); + cli_hexdump_rev(&seed_len, 2); + cli_putstr(" bytes): "); + read_os(seed, seed_len, NULL); + + cli_putstr("\r\n encrypting ..."); +/* + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(msg, msg_len, 4, 16); + cli_putstr("\r\n seed:"); + cli_hexdump_block(seed, seed_len, 4, 16); +*/ + rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed); + cli_putstr("\r\n ciphertext:"); + cli_hexdump_block(ciph, ciph_len, 4, 16); + cli_putstr("\r\n decrypting ... "); + rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out); + cli_putstr("[done]"); + if(msg_len != msg_len_){ + char tstr[16]; + cli_putstr("\r\nERROR: wrong decrypted message length ("); + ultoa(msg_len_, tstr, 10); + cli_putstr(tstr); + cli_putstr(" instead of "); + ultoa(msg_len, tstr, 10); + cli_putstr(tstr); + cli_putc(')'); + goto end; + } + if(memcmp(msg, msg_, msg_len)){ + cli_putstr("\r\nERROR: wrong decrypted message:"); + cli_hexdump_block(msg_, msg_len_, 4, 16); + cli_putstr("\r\nreference:"); + cli_hexdump_block(msg, msg_len, 4, 16); + goto end; + } + + if(memcmp(seed, seed_out, seed_len)){ + cli_putstr("\r\nERROR: wrong decrypted seed:"); + cli_hexdump_block(seed_out, seed_len, 4, 16); + cli_putstr("\r\nreference:"); + cli_hexdump_block(seed, seed_len, 4, 16); + goto end; + } + cli_putstr("\r\n >>OK<<"); +end: + free(ciph); + free(msg_); + free(msg); + free(seed_out); + free(seed); +} + +void reset_prng(void){ + uint8_t buf[16]; + memset(buf, 0, 16); + random_seed(buf); + cli_putstr("\r\nPRNG reset"); +} + +void rsa_init(void){ + prng_get_byte = random8; +} + +void load_key(void){ + if(keys_allocated){ + free_key(); + } + keys_allocated = 1; + read_key_crt(); +} + +void test_dump(void){ + char lstr[16]; + int len; + cli_putstr("\r\nenter dump length: "); + cli_getsn(lstr, 15); + len = own_atou(lstr); + cli_putstr("\r\ndumping 0x"); + cli_hexdump_rev(&len, 2); + cli_putstr(" byte:"); + cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8); +} + +/***************************************************************************** + * main * + *****************************************************************************/ + +const char echo_test_str[] = "echo-test"; +const char reset_prng_str[] = "reset-prng"; +const char load_key_str[] = "load-key"; +const char load_fix_key_str[] = "load-fix-key"; +const char quick_test_str[] = "quick-test"; +const char seed_test_str[] = "seed-test"; +const char dump_test_str[] = "dump-test"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; + +const cmdlist_entry_t cmdlist[] = { + { reset_prng_str, NULL, reset_prng }, + { load_key_str, NULL, load_key }, + { load_fix_key_str, NULL, load_fix_rsa }, + { quick_test_str, NULL, quick_test }, + { seed_test_str, NULL, run_seed_test }, + { dump_test_str, NULL, test_dump }, +// { performance_str, NULL, testrun_performance_bigint }, + { echo_str, (void*)1, (void_fpt)echo_ctrl }, + { NULL, NULL, NULL } +}; + +void dump_sp(void){ + uint8_t x; + uint8_t *xa = &x; + cli_putstr("\r\nstack pointer: ~"); + cli_hexdump_rev(&xa, 4); +} + +int main (void){ + main_setup(); + + for(;;){ + welcome_msg(algo_name); + rsa_init(); + cmd_interface(cmdlist); + } +} diff --git a/test_src/main-sha2-test.c b/test_src/main-sha2-test.c new file mode 100644 index 0000000..2c8cd7f --- /dev/null +++ b/test_src/main-sha2-test.c @@ -0,0 +1,217 @@ +/* main-sha512-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * SHA-512 test-suit + * +*/ + +#include "main-test-common.h" +#include "uart_lowlevel.h" + +#include "shavs.h" +#include "nessie_hash_test.h" +#include "performance_test.h" +#include "hfal-nessie.h" +#include "hfal-performance.h" +#include "hfal-test.h" + + +#include "sha224.h" +#include "hfal_sha224.h" +#include "sha256.h" +#include "hfal_sha256.h" +#include "sha384.h" +#include "hfal_sha384.h" +#include "sha512.h" +#include "hfal_sha512.h" + +const char* algo_name = "SHA-2"; + +const hfdesc_t* algolist[] = { + (hfdesc_t*)&sha224_desc, + (hfdesc_t*)&sha256_desc, + (hfdesc_t*)&sha384_desc, + (hfdesc_t*)&sha512_desc, + NULL +}; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +void testrun_nessie_sha2(void){ + hfal_nessie_multiple(algolist); +} + +void testrun_performance_sha2(void){ + hfal_performance_multiple(algolist); +} + +void simple_test(void){ + const char *msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + + uint8_t hash[64]; + sha512_ctx_t ctx; + cli_putstr("\r\nDBG: init ..."); uart_flush(0); + sha512_init(&ctx); + cli_putstr("\r\nDBG: init done"); uart_flush(0); + sha512_lastBlock(&ctx, msg, 3*8); + cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0); + sha512_ctx2hash(hash, &ctx); + cli_putstr("\r\n hash = "); + cli_hexdump(hash, 64); + + + cli_putstr("\r\nDBG: init ..."); uart_flush(0); + sha512_init(&ctx); + cli_putstr("\r\nDBG: init done"); uart_flush(0); + sha512_lastBlock(&ctx, msg, 896); + cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0); + sha512_ctx2hash(hash, &ctx); + cli_putstr("\r\n hash = "); + cli_hexdump(hash, 64); + + uint32_t c=0; + uint8_t buffer[128]; + memset(buffer, 'a', 128); + cli_putstr("\r\nDBG: init ..."); uart_flush(0); + sha512_init(&ctx); + cli_putstr("\r\nDBG: init done"); uart_flush(0); + do{ + sha512_nextBlock(&ctx, buffer); + c += 128; + }while(c+128<1000000L); + sha512_lastBlock(&ctx, buffer, (1000000-c)*8); + cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0); + sha512_ctx2hash(hash, &ctx); + cli_putstr("\r\n hash = "); + cli_hexdump(hash, 64); + + +} + +/* +void test_monte(void){ + uint8_t data1[] = { + 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39, + 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3, + 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99, + 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7, + 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39, + 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3, + 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99, + 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7, + 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39, + 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3, + 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99, + 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7 }; + + uint8_t data2[] = { + 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39, + 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3, + 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99, + 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7, + 0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39, + 0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3, + 0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99, + 0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7, + 0xFD, 0xDF, 0x1B, 0x37, 0xDD, 0x34, 0xB3, 0xB2, + 0x01, 0xD4, 0x3C, 0x57, 0xBC, 0xDE, 0x11, 0x58, + 0x38, 0xF0, 0xDF, 0x70, 0x1D, 0xA9, 0x3C, 0x3B, + 0xF2, 0xC9, 0xC8, 0x68, 0x96, 0xE7, 0xE6, 0xC7 }; + uint8_t hash[SHA256_HASH_BYTES]; + sha256((sha256_hash_t*)hash, data1, 3*32*8); + cli_putstr("\r\n hash(data1) = "); + cli_hexdump(hash, 32); + sha256((sha256_hash_t*)hash, data2, 3*32*8); + cli_putstr("\r\n hash(data2) = "); + cli_hexdump(hash, 32); +} + +void test_monte2(void){ + uint8_t data[] = { + 0x6c, 0xd4, 0xc0, 0xc5, 0xcb, 0x2c, 0xa2, 0xa0, + 0xf1, 0xd1, 0xae, 0xce, 0xba, 0xc0, 0x3b, 0x52, + 0xe6, 0x4e, 0xa0, 0x3d, 0x1a, 0x16, 0x54, 0x37, + 0x29, 0x36, 0x54, 0x5b, 0x92, 0xbb, 0xc5, 0x48, + 0x4a, 0x59, 0xdb, 0x74, 0xbb, 0x60, 0xf9, 0xc4, + 0x0c, 0xeb, 0x1a, 0x5a, 0xa3, 0x5a, 0x6f, 0xaf, + 0xe8, 0x03, 0x49, 0xe1, 0x4c, 0x25, 0x3a, 0x4e, + 0x8b, 0x1d, 0x77, 0x61, 0x2d, 0xdd, 0x81, 0xac, + 0xe9, 0x26, 0xae, 0x8b, 0x0a, 0xf6, 0xe5, 0x31, + 0x76, 0xdb, 0xff, 0xcc, 0x2a, 0x6b, 0x88, 0xc6, + 0xbd, 0x76, 0x5f, 0x93, 0x9d, 0x3d, 0x17, 0x8a, + 0x9b, 0xde, 0x9e, 0xf3, 0xaa, 0x13, 0x1c, 0x61, + 0xe3, 0x1c, 0x1e, 0x42, 0xcd, 0xfa, 0xf4, 0xb4, + 0xdc, 0xde, 0x57, 0x9a, 0x37, 0xe1, 0x50, 0xef, + 0xbe, 0xf5, 0x55, 0x5b, 0x4c, 0x1c, 0xb4, 0x04, + 0x39, 0xd8, 0x35, 0xa7, 0x24, 0xe2, 0xfa, 0xe7 }; + + uint8_t hash[SHA256_HASH_BYTES]; + sha256((sha256_hash_t*)hash, data, 1024); + cli_putstr("\r\n hash(data) = "); + cli_hexdump(hash, 32); +} +*/ +/***************************************************************************** + * main * + *****************************************************************************/ + +const char nessie_str[] = "nessie"; +const char test_str[] = "test"; +//const char monte_str[] = "monte"; +//const char monte2_str[] = "monte2"; +const char performance_str[] = "performance"; +const char echo_str[] = "echo"; +const char shavs_list_str[] = "shavs_list"; +const char shavs_set_str[] = "shavs_set"; +const char shavs_test1_str[] = "shavs_test1"; +const char shavs_test2_str[] = "shavs_test2"; +const char shavs_test3_str[] = "shavs_test3"; +const char dump_str[] = "dump"; + +const cmdlist_entry_t cmdlist[] = { + { nessie_str, NULL, testrun_nessie_sha2 }, + { test_str, NULL, simple_test }, +// { monte_str, NULL, test_monte }, +// { monte2_str, NULL, test_monte2 }, + { performance_str, NULL, testrun_performance_sha2 }, + { echo_str, (void*)1, (void_fpt)echo_ctrl }, + { shavs_list_str, NULL, shavs_listalgos }, + { shavs_set_str, (void*)1, (void_fpt)shavs_setalgo }, + { shavs_test1_str, NULL, shavs_test1 }, + { shavs_test2_str, NULL, shavs_test2 }, + { shavs_test3_str, NULL, shavs_test3 }, + { dump_str, (void*)1, (void_fpt)dump }, + { NULL, NULL, NULL } +}; + +int main(void) { + main_setup(); + + shavs_algolist=(hfdesc_t**)algolist; + shavs_algo=(hfdesc_t*)&sha256_desc; + + for(;;){ + welcome_msg(algo_name); + cmd_interface(cmdlist); + } + +} diff --git a/test_src/nessie_bc_test.c b/test_src/nessie_bc_test.c new file mode 100644 index 0000000..e67dd1c --- /dev/null +++ b/test_src/nessie_bc_test.c @@ -0,0 +1,214 @@ +/* nessie_bc_test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * author: Daniel Otte + * email: daniel.otte@rub.de + * license: GPLv3 + * + * a suit for running the nessie-tests for blockciphers + * + * */ +#include +#include +#include "nessie_bc_test.h" +#include "nessie_common.h" + +volatile nessie_bc_ctx_t nessie_bc_ctx; + +void nessie_bc_init(void){ + memset((void*)&nessie_bc_ctx, 0, sizeof(nessie_bc_ctx_t)); +} + +static +void nessie_bc_free(void* ctx){ + if(nessie_bc_ctx.cipher_free) + nessie_bc_ctx.cipher_free(ctx); +} + +void nessie_bc_enc(uint8_t* key, uint8_t* pt){ + uint8_t ctx[nessie_bc_ctx.ctx_size_B]; + uint8_t buffer[nessie_bc_ctx.blocksize_B]; + uint16_t i; + + /* single test */ + nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8); + nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx); + + memcpy(buffer, pt, nessie_bc_ctx.blocksize_B); + nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B); + nessie_bc_ctx.cipher_enc(buffer, ctx); + nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B); + if(nessie_bc_ctx.cipher_dec){ + nessie_bc_ctx.cipher_dec(buffer, ctx); + nessie_print_item("decrypted", buffer, nessie_bc_ctx.blocksize_B); + } + /* 100 times test */ + memcpy(buffer, pt, nessie_bc_ctx.blocksize_B); + for(i=0; i<100; ++i){ + nessie_bc_ctx.cipher_enc(buffer, ctx); + NESSIE_SEND_ALIVE_A(i); + } + nessie_print_item("Iterated 100 times", buffer, nessie_bc_ctx.blocksize_B); +#ifndef NESSIE_NO1KTEST + /* 1000 times test, we use the 100 preceding steps to fasten things a bit */ + for(; i<1000; ++i){ + nessie_bc_ctx.cipher_enc(buffer, ctx); + NESSIE_SEND_ALIVE_A(i); + } + nessie_print_item("Iterated 1000 times", buffer, nessie_bc_ctx.blocksize_B); +#endif + nessie_bc_free(ctx); +} + +void nessie_bc_dec(uint8_t* key, uint8_t* ct){ + uint8_t ctx[nessie_bc_ctx.ctx_size_B]; + uint8_t buffer[nessie_bc_ctx.blocksize_B]; + + /* single test */ + nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8); + nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx); + memcpy(buffer, ct, nessie_bc_ctx.blocksize_B); + nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B); + nessie_bc_ctx.cipher_dec(buffer, ctx); + nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B); + nessie_bc_ctx.cipher_enc(buffer, ctx); + nessie_print_item("encrypted", buffer, nessie_bc_ctx.blocksize_B); + nessie_bc_free(ctx); +} + +void nessie_bc_run(void){ + uint16_t i; + uint8_t set; + uint8_t key[(nessie_bc_ctx.keysize_b+7)/8]; + uint8_t buffer[nessie_bc_ctx.blocksize_B]; + + nessie_print_header(nessie_bc_ctx.name, nessie_bc_ctx.keysize_b, + nessie_bc_ctx.blocksize_B*8, 0, 0, 0); + /* test set 1 */ + set=1; + nessie_print_setheader(set); + for(i=0; i>(i%8); + memset(buffer, 0, nessie_bc_ctx.blocksize_B); + nessie_bc_enc(key, buffer); + } + /* test set 2 */ + set=2; + nessie_print_setheader(set); + for(i=0; i>(i%8); + nessie_bc_enc(key, buffer); + } + /* test set 3 */ + set=3; + nessie_print_setheader(set); + for(i=0; i<256; ++i){ + nessie_print_set_vector(set, i); + memset(key, i, (nessie_bc_ctx.keysize_b+7)/8); + memset(buffer, i, nessie_bc_ctx.blocksize_B); + nessie_bc_enc(key, buffer); + } + /* test set 4 */ + set=4; + nessie_print_setheader(set); + /* 4 - 0*/ + nessie_print_set_vector(set, 0); + for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){ + key[i]=i; + } + for(i=0; i>(i%8); + memset(buffer, 0, nessie_bc_ctx.blocksize_B); + nessie_bc_dec(key, buffer); + } + /* test set 6 */ + set=6; + nessie_print_setheader(set); + for(i=0; i>(i%8); + nessie_bc_dec(key, buffer); + } + /* test set 7 */ + set=7; + nessie_print_setheader(set); + for(i=0; i<256; ++i){ + nessie_print_set_vector(set, i); + memset(key, i, (nessie_bc_ctx.keysize_b+7)/8); + memset(buffer, i, nessie_bc_ctx.blocksize_B); + nessie_bc_dec(key, buffer); + } + /* test set 8 */ + set=8; + nessie_print_setheader(set); + /* 8 - 0*/ + nessie_print_set_vector(set, 0); + for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){ + key[i]=(uint8_t)i; + } + for(i=0; i. +*/ +#ifndef NESSIE_BC_TEST_H_ +#define NESSIE_BC_TEST_H_ + +#include + +typedef void (*nessie_bc_gen_fpt)(const uint8_t* key, uint16_t keysize_b, void* ctx); +typedef void (*nessie_bc_free_fpt)(void* ctx); +typedef void (*nessie_bc_enc_fpt)(void* buffer, const void* ctx); +typedef void (*nessie_bc_dec_fpt)(void* buffer, const void* ctx); + +typedef struct nessie_bc_ctx_st{ + uint16_t keysize_b; + uint16_t blocksize_B; + uint16_t ctx_size_B; + const char* name; + nessie_bc_gen_fpt cipher_genctx; + nessie_bc_free_fpt cipher_free; + nessie_bc_enc_fpt cipher_enc; + nessie_bc_dec_fpt cipher_dec; +} nessie_bc_ctx_t; + + +extern volatile nessie_bc_ctx_t nessie_bc_ctx; + +void nessie_bc_run(void); +void nessie_bc_init(void); + + +#endif /*NESSIE_BC_TEST_H_*/ diff --git a/test_src/nessie_mac_test.c b/test_src/nessie_mac_test.c new file mode 100644 index 0000000..dcab69a --- /dev/null +++ b/test_src/nessie_mac_test.c @@ -0,0 +1,302 @@ +/* nessie_mac_test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * author: Daniel Otte + * email: daniel.otte@rub.de + * license: GPLv3 + * + * a suit for running the nessie-tests for MACs + * + * */ +#include +#include +#include +#include "nessie_mac_test.h" +#include "nessie_common.h" +#include "dbz_strings.h" + +nessie_mac_ctx_t nessie_mac_ctx; + +#define KEYSIZE_B ((nessie_mac_ctx.keysize_b+7)/8) +#define MACSIZE_B ((nessie_mac_ctx.macsize_b+7)/8) +#define BLOCKSIZE_B (nessie_mac_ctx.blocksize_B) + +#define PRINTKEY nessie_print_item("key", key, KEYSIZE_B) +#define PRINTMAC nessie_print_item("MAC", mac, MACSIZE_B) + + +static const uint8_t keyproto[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + +static +void ascii_mac(const void* data, const void* desc, uint8_t* key){ + uint8_t ctx[nessie_mac_ctx.ctx_size_B]; + uint8_t mac[MACSIZE_B]; + uint16_t sl; + uint8_t buffer[BLOCKSIZE_B]; + + NESSIE_PUTSTR("\r\n message="); + NESSIE_PUTSTR(desc); + PRINTKEY; + nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b); + sl = strlen(data); + while(sl>nessie_mac_ctx.blocksize_B){ + memcpy(buffer, data, BLOCKSIZE_B); + nessie_mac_ctx.mac_next(ctx, buffer); + data = (uint8_t*)data + BLOCKSIZE_B; + sl -= BLOCKSIZE_B; + } + memcpy(buffer, data, sl); + nessie_mac_ctx.mac_last(ctx, buffer, sl*8); + nessie_mac_ctx.mac_conv(mac, ctx); + PRINTMAC; +} + +// message=1 million times "a" + +static +void amillion_mac(uint8_t* key){ + uint8_t ctx[nessie_mac_ctx.ctx_size_B]; + uint8_t mac[MACSIZE_B]; + uint8_t block[nessie_mac_ctx.blocksize_B]; + uint32_t n=1000000LL; + uint16_t i=0; + + NESSIE_PUTSTR("\r\n message="); + NESSIE_PUTSTR("1 million times \"a\""); + PRINTKEY; + + memset(block, 'a', nessie_mac_ctx.blocksize_B); + nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b); + while(n>=nessie_mac_ctx.blocksize_B){ + nessie_mac_ctx.mac_next(ctx, block); + n -= nessie_mac_ctx.blocksize_B; + NESSIE_SEND_ALIVE_A(i++); + } + nessie_mac_ctx.mac_last(ctx, block, n*8); + nessie_mac_ctx.mac_conv(mac, ctx); + PRINTMAC; +} + + +static +void zero_mac(uint16_t n, uint8_t* key){ + uint8_t ctx[nessie_mac_ctx.ctx_size_B]; + uint8_t mac[MACSIZE_B]; + uint8_t block[nessie_mac_ctx.blocksize_B]; + + NESSIE_PUTSTR("\r\n message="); + if(n>=10000) + NESSIE_PUTC('0'+n/10000); + if(n>=1000) + NESSIE_PUTC('0'+(n/1000)%10); + if(n>=100) + NESSIE_PUTC('0'+(n/100)%10); + if(n>=10) + NESSIE_PUTC('0'+(n/10)%10); + NESSIE_PUTC('0'+n%10); + NESSIE_PUTSTR(" zero bits"); + PRINTKEY; + + memset(block, 0, nessie_mac_ctx.blocksize_B); + nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b); + while(n>nessie_mac_ctx.blocksize_B*8){ + nessie_mac_ctx.mac_next(ctx, block); + n -= nessie_mac_ctx.blocksize_B*8; + } + nessie_mac_ctx.mac_last(ctx, block, n); + nessie_mac_ctx.mac_conv(mac, ctx); + PRINTMAC; +} + +static +void one_in512_mac(uint16_t pos, uint8_t* key){ + uint8_t ctx[nessie_mac_ctx.ctx_size_B]; + uint8_t mac[MACSIZE_B]; + uint8_t block[nessie_mac_ctx.blocksize_B]; + uint16_t n=512; + char* tab[8]={"80", "40", "20", "10", + "08", "04", "02", "01" }; + + pos&=511; + NESSIE_PUTSTR("\r\n message="); + NESSIE_PUTSTR("512-bit string: "); + if((pos/8) >=10){ + NESSIE_PUTC('0'+(pos/8/10)%10); + } else { + NESSIE_PUTC(' '); + } + NESSIE_PUTC('0'+(pos/8)%10); + NESSIE_PUTSTR("*00,"); + NESSIE_PUTSTR(tab[pos&7]); + NESSIE_PUTC(','); + if(63-(pos/8) >=10){ + NESSIE_PUTC('0'+((63-pos/8)/10)%10); + } else { + NESSIE_PUTC(' '); + } + NESSIE_PUTC('0'+(63-pos/8)%10); + NESSIE_PUTSTR("*00"); + PRINTKEY; + + /* now the real stuff */ + memset(block, 0, 512/8); + block[pos>>3] = 0x80>>(pos&0x7); + uint8_t* bp; + bp = block; + nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b); + while(n>nessie_mac_ctx.blocksize_B*8){ + nessie_mac_ctx.mac_next(ctx, bp); + n -= nessie_mac_ctx.blocksize_B*8; + bp += nessie_mac_ctx.blocksize_B; + } + nessie_mac_ctx.mac_last(ctx, bp, n); + nessie_mac_ctx.mac_conv(mac, ctx); + PRINTMAC; +} + +static +void tv4_mac(void){ + uint8_t ctx[nessie_mac_ctx.ctx_size_B]; + uint8_t mac[MACSIZE_B]; + uint8_t block[MACSIZE_B]; + uint8_t key[KEYSIZE_B]; + uint16_t n=MACSIZE_B*8; + uint32_t i; + char str[6]; + + NESSIE_PUTSTR("\r\n message="); + utoa(MACSIZE_B*8, str, 10); + NESSIE_PUTSTR(str); + NESSIE_PUTSTR(" zero bits"); + memset(block, 0, MACSIZE_B); + for(i=0; inessie_mac_ctx.blocksize_B*8){ + nessie_mac_ctx.mac_next(ctx, block); + n -= nessie_mac_ctx.blocksize_B*8; + } + nessie_mac_ctx.mac_last(ctx, block, n); + nessie_mac_ctx.mac_conv(mac, ctx); + PRINTMAC; + for(i=1; i<100000L; ++i){ /* this assumes BLOCKSIZE >= HASHSIZE */ + nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b); + nessie_mac_ctx.mac_last(ctx, mac, nessie_mac_ctx.macsize_b); + nessie_mac_ctx.mac_conv(mac, ctx); + NESSIE_SEND_ALIVE_A(i); + } + nessie_print_item("iterated 100000 times", mac, MACSIZE_B); +} + +void nessie_mac_run(void){ + uint16_t i; + uint8_t set; + uint8_t key[KEYSIZE_B]; + + nessie_print_header(nessie_mac_ctx.name, nessie_mac_ctx.keysize_b, 0, 0, + nessie_mac_ctx.macsize_b, 0); + /* test set 1 */ + const char* challange_dbz= + "\0" + "\"\" (empty string)\0" + "a\0" + "\"a\"\0" + "abc\0" + "\"abc\"\0" + "message digest\0" + "\"message digest\"\0" + "abcdefghijklmnopqrstuvwxyz\0" + "\"abcdefghijklmnopqrstuvwxyz\"\0" + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\0" + "\"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\"\0" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789\0" + "\"A...Za...z0...9\"\0" + "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890\0" + "8 times \"1234567890\"\0" + "Now is the time for all \0" + "\"Now is the time for all \"\0" + "Now is the time for it\0" + "\"Now is the time for it\"\0" + ; + + set=1; + nessie_print_setheader(set); + for(i=0; i>3]=0x80>>(i&0x7); + ascii_mac("ABC", "\"ABC\"", key); + } + nessie_print_footer(); +} diff --git a/test_src/nessie_mac_test.h b/test_src/nessie_mac_test.h new file mode 100644 index 0000000..dd1119f --- /dev/null +++ b/test_src/nessie_mac_test.h @@ -0,0 +1,47 @@ +/* nessie_mac_test.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef NESSIE_MAC_TEST_H_ +#define NESSIE_MAC_TEST_H_ + +#include + +typedef void (*nessie_mac_init_fpt)(void* ctx, const void* key, uint16_t keysize_b); +typedef void (*nessie_mac_next_fpt)(void* ctx, const void* buffer); +typedef void (*nessie_mac_last_fpt)(void* ctx, const void* buffer, uint16_t size_b); +typedef void (*nessie_mac_conv_fpt)(void* buffer, void* ctx); + + +typedef struct nessie_mac_ctx_st{ + uint16_t macsize_b; + uint16_t keysize_b; + uint16_t blocksize_B; + uint16_t ctx_size_B; + const char* name; + nessie_mac_init_fpt mac_init; + nessie_mac_next_fpt mac_next; + nessie_mac_last_fpt mac_last; + nessie_mac_conv_fpt mac_conv; +} nessie_mac_ctx_t; + + +extern nessie_mac_ctx_t nessie_mac_ctx; + +void nessie_mac_run(void); + +#endif /*NESSIE_MAC_TEST_H_*/ diff --git a/test_src/nessie_stream_test.c b/test_src/nessie_stream_test.c new file mode 100644 index 0000000..7545a3b --- /dev/null +++ b/test_src/nessie_stream_test.c @@ -0,0 +1,185 @@ +/* nessie_stream_test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * + * author: Daniel Otte + * email: daniel.otte@rub.de + * license: GPLv3 + * + * a suit for running the nessie-tests for streamciphers + * + * */ +#include +#include +#include "nessie_stream_test.h" +#include "nessie_common.h" +#include "memxor.h" + +nessie_stream_ctx_t nessie_stream_ctx; + + +#define BLOCKSIZE_B 64 + + +static +void nessie_gen_block(void* ctx, uint8_t* block){ + uint16_t i; + for(i=0; i>(i%8); + nessie_stream_enc(key); + } + /* test set 2 */ + set=2; + nessie_print_setheader(set); + for(i=0; i<256; ++i){ + nessie_print_set_vector(set, i); + memset(key, i, (nessie_stream_ctx.keysize_b+7)/8); + nessie_stream_enc(key); + } + /* test set 3 */ + set=3; + nessie_print_setheader(set); + for(i=0; i<256; ++i){ + uint8_t j; + nessie_print_set_vector(set, i); + for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){ + key[j]=(i+j)&0xff; + } + nessie_stream_enc(key); + } + /* test set 4 */ + set=4; + nessie_print_setheader(set); + for(i=0; i<4; ++i){ + uint8_t j; + nessie_print_set_vector(set, i); + for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){ + key[j]=(i*5+j*0x53)&0xff; + } + nessie_stream_enc_large(key); + } + + nessie_print_footer(); +} diff --git a/test_src/nessie_stream_test.h b/test_src/nessie_stream_test.h new file mode 100644 index 0000000..00fa7b6 --- /dev/null +++ b/test_src/nessie_stream_test.h @@ -0,0 +1,42 @@ +/* nessie_stream_test.h */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef NESSIE_STREAM_TEST_H_ +#define NESSIE_STREAM_TEST_H_ + +#include + +typedef void (*nessie_stream_genctx_fpt)(uint8_t* key, uint16_t keylength_b, void* ctx); +typedef uint8_t (*nessie_stream_genenc_fpt)(void* ctx); + +typedef struct nessie_stream_ctx_st{ + uint16_t keysize_b; + uint16_t ivsize_b; + uint16_t outsize_b; + uint16_t ctx_size_B; + char* name; + nessie_stream_genctx_fpt cipher_genctx; + nessie_stream_genenc_fpt cipher_enc; +} nessie_stream_ctx_t; + + +extern nessie_stream_ctx_t nessie_stream_ctx; + +void nessie_stream_run(void); + +#endif /*NESSIE_STREAM_TEST_H_*/