bg
/
arm-crypto-lib
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

forgotten file (a lot of them)

This commit is contained in:
bg 2012-09-18 20:19:51 +02:00
parent e69f1207a9
commit 2a4779378a
50 changed files with 6187 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
camellia/camellia.h Normal file
View File

@ -0,0 +1,37 @@
/* camellia.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef CAMELLIA_H_
#define CAMELLIA_H_
#include <stdint.h>
typedef struct camellia128_ctx_s{
uint64_t klr;
uint64_t kll;
uint64_t kar;
uint64_t kal;
}camellia128_ctx_t;
void camellia128_init(const void* key, camellia128_ctx_t* s);
void camellia128_enc(void* block, const camellia128_ctx_t* s);
void camellia128_dec(void* block, const camellia128_ctx_t* s);
#endif /*CAMELLIA_H_*/

494
camellia/camellia_C.c Normal file
View File

@ -0,0 +1,494 @@
/* camellia_C.c */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
*
*
*
*/
#include <stdint.h>
#include "camellia.h"
#if 0
#include "cli.h"
#include "debug.h"
#include <util/delay.h>
#endif
/*****************************************************************************/
static
uint8_t rol(uint8_t a, uint8_t n){
return ((a<<n) | (a>>(8-n)));
}
/*****************************************************************************/
static
uint8_t ror(uint8_t a, uint8_t n){
return ((a<<(8-n)) | (a>>n));
}
/*****************************************************************************/
static
uint32_t rol32(uint32_t a, uint8_t n){
return ((a<<n)|(a>>(32-n)));
}
/*****************************************************************************/
/*
static
uint64_t rol64(uint64_t a, uint8_t n){
return ((a<<n)|(a>>(64-n)));
}
*/
/*****************************************************************************/
static
const uint8_t camellia_s1_table[256] = {
112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65,
35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189,
134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26,
166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77,
139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153,
223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215,
20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34,
254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80,
170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210,
16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148,
135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226,
82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46,
233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89,
120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250,
114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164,
64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158
};
/*****************************************************************************/
static
uint8_t camellia_s1(uint8_t b){
return camellia_s1_table[b];
}
/*****************************************************************************/
static
uint8_t camellia_s2(uint8_t b){
return rol(camellia_s1_table[b], 1);
}
/*****************************************************************************/
static
uint8_t camellia_s3(uint8_t b){
return ror(camellia_s1_table[b], 1);
}
/*****************************************************************************/
static
uint8_t camellia_s4(uint8_t b){
return camellia_s1_table[rol(b, 1)];
}
/*****************************************************************************/
static
uint64_t camellia_s(uint64_t d){
// cli_putstr("\n\r S von "); cli_hexdump(&(d), 8);
#define D ((uint8_t*)(&d))
D[7] = camellia_s1(D[7]);
D[6] = camellia_s2(D[6]);
D[5] = camellia_s3(D[5]);
D[4] = camellia_s4(D[4]);
D[3] = camellia_s2(D[3]);
D[2] = camellia_s3(D[2]);
D[1] = camellia_s4(D[1]);
D[0] = camellia_s1(D[0]);
#undef D
// cli_putstr(" ist "); cli_hexdump(&(d), 8);
return d;
}
/*****************************************************************************/
static
uint64_t camellia_p(uint64_t d){
uint64_t z=0;
#define D ((uint8_t*)(&d))
#define Z ((uint8_t*)(&z))
/*
Z[0] = D[4] ^ D[3] ^ D[1];
Z[1] = D[5] ^ D[0] ^ D[2];
Z[2] = D[6] ^ D[1] ^ D[3];
Z[3] = D[7] ^ D[2] ^ D[0];
Z[4] = D[0] ^ D[6] ^ D[5];
Z[5] = D[1] ^ D[7] ^ D[6];
Z[6] = D[2] ^ D[4] ^ D[7];
Z[7] = D[3] ^ D[5] ^ D[4];
*/
// Z[7] = z1 z3 z4 z6 z7 z8
// cli_putstr("\n\r P von "); cli_hexdump(&(d), 8);
Z[7] = D[7] ^ D[5] ^ D[4] ^ D[2] ^ D[1] ^ D[0];
Z[6] = D[7] ^ D[6] ^ D[4] ^ D[3] ^ D[1] ^ D[0];
Z[5] = D[7] ^ D[6] ^ D[5] ^ D[3] ^ D[2] ^ D[0];
Z[4] = D[6] ^ D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
Z[3] = D[7] ^ D[6] ^ D[2] ^ D[1] ^ D[0];
Z[2] = D[6] ^ D[5] ^ D[3] ^ D[1] ^ D[0];
Z[1] = D[5] ^ D[4] ^ D[3] ^ D[2] ^ D[0];
Z[0] = D[7] ^ D[4] ^ D[3] ^ D[2] ^ D[1] ;
// cli_putstr(" ist "); cli_hexdump(&(z), 8);
#undef Z
#undef D
return z;
}
/*****************************************************************************/
static
uint64_t camellia_f(uint64_t x, uint64_t k){
uint64_t y;
y = camellia_p(camellia_s(x ^ k));
return y;
}
/*****************************************************************************/
static
uint64_t camellia_fl(uint64_t x, uint64_t k){
// uint64_t lx, lk, y;
uint32_t lx[2], lk[2], yr, yl;
lx[0]=(uint32_t)x;
lx[1]=(uint32_t)(x>>32);
lk[0]=(uint32_t)k;
lk[1]=(uint32_t)(k>>32);
#define Y ((uint32_t*)y)
#define X ((uint32_t*)lx)
#define K ((uint32_t*)lk)
yr = rol32((X[1]) & (K[1]) ,1) ^ (X[0]); /* Yr */
yl = (yr | K[0]) ^ (X[1]); /* Yl */
/*
cli_putstr("\r\nFL(");
cli_hexdump(&(x), 8);
cli_putstr(", ");
cli_hexdump(&(k), 8);
cli_putstr(") = ");
cli_hexdump(y, 8);
*/
#undef K
#undef X
#undef Y
return (((uint64_t)yl)<<32 | yr);
}
/*****************************************************************************/
static
uint64_t camellia_fl_inv(uint64_t y, uint64_t k){
//volatile uint32_t xl, xr;
uint32_t ly[2], lk[2], x[2];
ly[0]=(uint32_t)y;
ly[1]=(uint32_t)(y>>32);
lk[0]=(uint32_t)k;
lk[1]=(uint32_t)(k>>32);
#define Y ((uint32_t*)ly)
#define X ((uint32_t*)x)
#define K ((uint32_t*)lk)
X[1]=(Y[0] | K[0]) ^ Y[1];
X[0]=rol32((X[1] & K[1]),1) ^ Y[0];
/*
cli_putstr("\r\nFL_inv(");
cli_hexdump(&(y), 8);
cli_putstr(", ");
cli_hexdump(&(k), 8);
cli_putstr(") = ");
*/
#undef K
#undef X
#undef Y
return ((uint64_t)(x[1]))<<32 | x[0];
}
/*****************************************************************************/
static
const uint64_t camellia_sigma_table[6] = {
0xA09E667F3BCC908BLL,
0xB67AE8584CAA73B2LL,
0xC6EF372FE94F82BELL,
0x54FF53A5F1D36F1CLL,
0x10E527FADE682D1DLL,
0xB05688C2B3E6C1FDLL
};
/*****************************************************************************/
#if 0
void camellia128_ctx_dump(camellia128_ctx_t *s){
cli_putstr("\r\n==State Dump==");
cli_putstr("\n\rKAl: "); cli_hexdump(&(s->kal), 8);
cli_putstr("\n\rKAr: "); cli_hexdump(&(s->kar), 8);
cli_putstr("\n\rKLl: "); cli_hexdump(&(s->kll), 8);
cli_putstr("\n\rKLr: "); cli_hexdump(&(s->klr), 8);
return;
}
#endif
/*****************************************************************************/
void camellia128_init(const void* key, camellia128_ctx_t* s){
uint8_t i;
s->kll = 0; //((uint64_t*)key)[0];
/* load the key, endian-adjusted, to kll,klr */
for(i=0; i<8; ++i){
s->kll <<= 8;
s->kll |= *((uint8_t*)key);
key = (uint8_t*)key+1;
}
for(i=0; i<8; ++i){
s->klr <<= 8;
s->klr |= *((uint8_t*)key);
key = (uint8_t*)key+1;
}
s->kal = s->kll;
s->kar = s->klr;
s->kar ^= camellia_f(s->kal, camellia_sigma_table[0]);
s->kal ^= camellia_f(s->kar, camellia_sigma_table[1]);
s->kal ^= s->kll;
s->kar ^= s->klr;
s->kar ^= camellia_f(s->kal, camellia_sigma_table[2]);
s->kal ^= camellia_f(s->kar, camellia_sigma_table[3]);
/**/
// cli_putstr("\n\r----------------init finished--------------------");
}
/*****************************************************************************/
static
void camellia128_keyop(camellia128_ctx_t* s, int8_t q){
/* first we do 16 bit left-rols for kl and ka (128bit each) */
uint32_t temp;
temp = (s->kal)>>(64-16-q);
s->kal = s->kal<<(16+q) | s->kar>>(64-16-q);
s->kar = s->kar<<(16+q) | temp;
temp = (s->kll)>>(64-16-q);
s->kll = s->kll<<(16+q) | s->klr>>(64-16-q);
s->klr = s->klr<<(16+q) | temp;
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
}
/*****************************************************************************/
static
void camellia128_keyop_inv(camellia128_ctx_t* s, int8_t q){
/* first we do 16 bit right-rols for kl and ka (128bit each) */
uint32_t temp;
temp = (s->kar)&(0xffffff>>(24-16-q));
s->kar = s->kar>>(16+q) | s->kal<<(64-16-q);
s->kal = s->kal>>(16+q) | ((uint64_t)temp)<<(64-16-q);
temp = (s->klr)&(0xffffff>>(24-16-q));
s->klr = s->klr>>(16+q) | s->kll<<(64-16-q);
s->kll = s->kll>>(16+q) | ((uint64_t)temp)<<(64-16-q);
/* after doing the 16-bit rol we have to rol 1 bit left or rigth depending on q */
}
/*****************************************************************************/
#define SEL_KA 1
#define SEL_KL 0
#define KEY_POSTC1 0x00
#define KEY_POSTC2 0x01
#define KEY_INC2 0x02
#define KEY_DIR 0x04
#define KEY_DIR_NORM 0x00
#define KEY_DIR_INV 0x04
#define KEY_AMMOUNT 0x08
#define KEY_ROL17 0x08
#define KEY_ROL15 0x00
static
void camellia_6rounds(const camellia128_ctx_t* s, uint64_t* bl, uint64_t* br, uint8_t roundop, uint8_t keychoice){
uint8_t i;
uint64_t* k[4];
k[0] = &(((camellia128_ctx_t*)s)->kll);
k[1] = &(((camellia128_ctx_t*)s)->klr);
k[2] = &(((camellia128_ctx_t*)s)->kal);
k[3] = &(((camellia128_ctx_t*)s)->kar);
for(i=0; i<3; ++i){ /* each cycle */
br[0] ^= camellia_f(bl[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?1:0)]));
keychoice >>= 1;
if((i == 1) && (roundop&KEY_INC2)){
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
}
bl[0] ^= camellia_f(br[0],*(k[(keychoice&1)*2+((roundop&KEY_DIR)?0:1)]));
keychoice >>= 1;
/* check if we should do some keyop */
if((i == (roundop&1)) && (!(roundop&KEY_INC2)) ){
((roundop&KEY_DIR)?camellia128_keyop_inv:camellia128_keyop)(((camellia128_ctx_t*)s),(roundop&KEY_AMMOUNT)?1:-1);
/* isn't it fuckin nice what we can do in C?! */
}
}
}
/*****************************************************************************/
static
void change_endian(void* data, uint8_t length){
uint8_t i,a;
for(i=0; i<length/2; ++i){
a = ((uint8_t*)data)[i];
((uint8_t*)data)[i] = ((uint8_t*)data)[length-i-1];
((uint8_t*)data)[length-i-1] = a;
}
}
/*****************************************************************************/
void camellia128_enc(void* block, const camellia128_ctx_t* s){
#define BL (((uint64_t*)block)[0])
#define BR (((uint64_t*)block)[1])
/* endian adjustment */
/*BL*/
/* 1 2 3 4 5 6 7 8
* 8 7 6 5 4 3 2 1
*/
uint64_t temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
/* Prewhitening */
BL ^= s->kll;
BR ^= s->klr;
/* the first 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_POSTC1 , 0x33);
/* FL injection */
camellia128_keyop((camellia128_ctx_t*)s, -1);
BL = camellia_fl(BL, s->kal);
BR = camellia_fl_inv(BR, s->kar);
camellia128_keyop((camellia128_ctx_t*)s, -1);
/* middle 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL15 | KEY_DIR_NORM | KEY_INC2 , 0x34);
/* FL injection */
camellia128_keyop((camellia128_ctx_t*)s, 1);
BL = camellia_fl(BL, s->kll);
BR = camellia_fl_inv(BR, s->klr);
camellia128_keyop((camellia128_ctx_t*)s, 1);
/* last 6 */
camellia_6rounds(s, &BL, &BR, KEY_ROL17 | KEY_DIR_NORM | KEY_POSTC2 , 0x0C);
/* Postwhitening */
BR ^= s->kal;
BL ^= s->kar;
temp64 = BR;
BR = BL;
BL = temp64;
camellia128_keyop((camellia128_ctx_t*)s,1);
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
#undef BL
#undef BR
}
/*****************************************************************************/
void camellia128_dec(void* block, const camellia128_ctx_t* s){
#define BL (((uint64_t*)block)[1])
#define BR (((uint64_t*)block)[0])
/* endian adjustment */
/*BL*/
/* 1 2 3 4 5 6 7 8
* 8 7 6 5 4 3 2 1
*/
uint64_t temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
/* Prewhitening */
BR ^= s->kal; /* kw3 */
BL ^= s->kar; /* kw4 */
/* the first 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL17 | KEY_DIR_INV | KEY_POSTC1 , 0x0C);
/* FL injection */
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
BR = camellia_fl(BR, s->klr);
BL = camellia_fl_inv(BL, s->kll);
camellia128_keyop_inv((camellia128_ctx_t*)s, 1);
/* middle 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_INC2 , 0x0B);
/* FL injection */
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
BR = camellia_fl(BR, s->kar);
BL = camellia_fl_inv(BL, s->kal);
camellia128_keyop_inv((camellia128_ctx_t*)s, -1);
/* last 6 */
camellia_6rounds(s, &BR, &BL, KEY_ROL15 | KEY_DIR_INV | KEY_POSTC2 , 0x33);
/* Postwhitening */
BL ^= s->kll; /* kw1 */
BR ^= s->klr; /* kw2 */
temp64 = BR;
BR = BL;
BL = temp64;
change_endian(&BL, 64/8);
change_endian(&BR, 64/8);
}
/*****************************************************************************/
/*****************************************************************************/
/* EOF */

59
dsa/dsa.h Normal file
View File

@ -0,0 +1,59 @@
/* dsa.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_H_
#define DSA_H_
#include <stdint.h>
#include "hfal-basic.h"
#include "bigint.h"
typedef struct{
bigint_t p;
bigint_t q;
bigint_t g;
} dsa_domainparameters_t;
typedef bigint_t dsa_pubkey_t;
typedef bigint_t dsa_privkey_t;
typedef struct{
bigint_t r;
bigint_t s;
} dsa_signature_t;
typedef struct{
dsa_privkey_t priv;
dsa_pubkey_t pub;
dsa_domainparameters_t domain;
} dsa_ctx_t;
#define DSA_SIGNATURE_OK 1
#define DSA_SIGNATURE_FAIL 0
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k);
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void));
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx);
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx);
#endif /* DSA_H_ */

306
dsa/dsa_key_blob.c Normal file
View File

@ -0,0 +1,306 @@
/* dsa_key_blob.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "cli.h"
#include "dsa.h"
#include "bigint.h"
#define DSA_KEY_BLOB_SIZE 1024
#if DSA_KEY_BLOB_SIZE == 512
#define PRIV_LEN_B (20)
#define PUB_LEN_B (8*8)
#define P_LEN_B (8*8)
#define Q_LEN_B (20)
#define G_LEN_B (8*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
// priv:
0xac, 0xe6, 0xef, 0x99, 0x08, 0xe8, 0x5f, 0xc8,
0xc7, 0x51, 0x97, 0x99, 0xf4, 0xd3, 0x00, 0x0f,
0x49, 0x72, 0xee, 0x46,
// pub:
0x18, 0x02, 0x53, 0x09, 0x61, 0xad, 0x0b, 0x9d,
0x44, 0x80, 0x8d, 0xb4, 0x52, 0xdc, 0xb5, 0xf2,
0x11, 0x20, 0x41, 0xc7, 0xd9, 0x7c, 0x7c, 0x6c,
0xa0, 0x9e, 0xca, 0x0d, 0xff, 0x28, 0x3c, 0x64,
0xfa, 0x92, 0xbb, 0x2c, 0xe9, 0x9b, 0x10, 0x94,
0xa5, 0x8d, 0x03, 0x50, 0xa5, 0x59, 0xd4, 0x3f,
0x57, 0x78, 0x8d, 0xcf, 0x0a, 0x99, 0x5d, 0xa3,
0x2e, 0x80, 0xfa, 0x99, 0x44, 0x73, 0x6d, 0x9a,
// P:
0x9f, 0x2d, 0xc8, 0x3c, 0x34, 0xf9, 0xa1, 0xbc,
0x6a, 0xa7, 0x49, 0x17, 0xd3, 0x82, 0xa2, 0xe2,
0x25, 0x31, 0xc4, 0x3d, 0x1a, 0x3f, 0x0f, 0x8a,
0x8b, 0x84, 0x3c, 0x6c, 0x9c, 0xdd, 0x42, 0xd9,
0x1a, 0x22, 0xf2, 0x55, 0x98, 0xee, 0x7d, 0x98,
0x9c, 0x9a, 0x91, 0x42, 0x5f, 0x4f, 0xa8, 0x32,
0xa0, 0xb0, 0x0f, 0x79, 0xe2, 0x76, 0x08, 0x78,
0x6e, 0xba, 0xf7, 0x74, 0x43, 0x4a, 0xf2, 0xdf,
// Q:
0xdb, 0x30, 0x69, 0xe6, 0x59, 0x77, 0xee, 0x38,
0xea, 0xf7, 0xcc, 0x18, 0x83, 0xcf, 0xb4, 0x21,
0xbc, 0xcf, 0x9a, 0x77,
// G:
0x73, 0x90, 0x27, 0x68, 0xe7, 0xe9, 0x3a, 0x45,
0x6f, 0x7f, 0x95, 0xca, 0x9b, 0xfd, 0x33, 0x75,
0x75, 0xff, 0x0f, 0xe7, 0x69, 0xfd, 0xb7, 0x07,
0x0f, 0x6c, 0x3a, 0xec, 0x47, 0x82, 0x78, 0xb2,
0xb3, 0x0b, 0x7f, 0x11, 0x9d, 0x34, 0x3e, 0xff,
0xb8, 0x09, 0x42, 0x82, 0x81, 0x21, 0xad, 0x2b,
0x51, 0x20, 0xec, 0x9e, 0xf8, 0x15, 0xaa, 0x3d,
0x5f, 0x29, 0x2d, 0xb5, 0xc5, 0x64, 0x53, 0x2d
};
#endif
#if DSA_KEY_BLOB_SIZE == 1024
#define PRIV_LEN_B (20)
#define PUB_LEN_B (16*8)
#define P_LEN_B (16*8)
#define Q_LEN_B (20)
#define G_LEN_B (16*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
// priv:
// 0x00, 0x00, 0x00, 0x00,
0x03, 0xad, 0x17, 0x81, 0x0f, 0x70, 0x7f, 0x89,
0xa2, 0x0a, 0x70, 0x1c, 0x3b, 0x24, 0xff, 0xd2,
0x39, 0x93, 0xd7, 0x8d,
// pub:
0x42, 0x1c, 0xb2, 0x03, 0xe5, 0xc6, 0x69, 0x81,
0x1e, 0x35, 0x85, 0x86, 0xd7, 0x94, 0xd2, 0x1f,
0x77, 0x05, 0x2f, 0xcc, 0xa5, 0x69, 0x46, 0x8f,
0xe1, 0x9f, 0x82, 0xf6, 0x24, 0x2c, 0x64, 0x1b,
0x29, 0x63, 0xd5, 0xb3, 0x32, 0xdc, 0xd9, 0x5a,
0x4e, 0x92, 0xd9, 0x69, 0xcc, 0x51, 0x81, 0xc2,
0xa3, 0x7e, 0xd7, 0xf8, 0x72, 0x1f, 0x8d, 0xd4,
0xe8, 0x59, 0xb0, 0xaa, 0xdd, 0xa0, 0x73, 0xe6,
0xc4, 0x50, 0x7f, 0x4c, 0x7c, 0xde, 0x35, 0x27,
0x49, 0x36, 0x23, 0x36, 0xe4, 0x90, 0x54, 0x24,
0x45, 0x99, 0xa3, 0x10, 0xc3, 0x59, 0x2f, 0x61,
0xff, 0x75, 0xf0, 0x51, 0x1d, 0xa0, 0x8f, 0x69,
0xc1, 0x1e, 0x3e, 0x65, 0xaf, 0x82, 0x9e, 0xa9,
0x91, 0x17, 0x04, 0x7c, 0x56, 0xd1, 0x68, 0x8a,
0x4b, 0xc9, 0x48, 0x92, 0xaf, 0x72, 0xca, 0xbf,
0xf2, 0x2b, 0x9e, 0x42, 0x92, 0x46, 0x19, 0x64,
// P:
0x97, 0x40, 0xda, 0x05, 0x19, 0x77, 0xb7, 0x17,
0x4b, 0x7d, 0xc0, 0x5b, 0x81, 0xdd, 0xcc, 0x0b,
0x86, 0xe0, 0x3c, 0x4d, 0xab, 0x3d, 0x43, 0xe4,
0xe3, 0x5f, 0xf3, 0x56, 0xcd, 0x5c, 0xf2, 0x85,
0x00, 0x45, 0x3c, 0xba, 0xf0, 0x56, 0xb3, 0x8b,
0x29, 0xc3, 0x55, 0x7b, 0xb6, 0xfb, 0x68, 0xca,
0x35, 0xe5, 0x0e, 0x46, 0xd6, 0xff, 0xc9, 0xbd,
0x08, 0x71, 0x65, 0x3b, 0xf7, 0xab, 0xb1, 0x96,
0x9b, 0x70, 0xdc, 0x8e, 0xf3, 0x02, 0xa4, 0x0f,
0xc6, 0xcd, 0x70, 0xe5, 0xeb, 0xd3, 0x07, 0xb5,
0x7d, 0x40, 0x8c, 0xfd, 0x33, 0x45, 0x8f, 0x9c,
0x7f, 0xa1, 0x69, 0xcb, 0xe6, 0x73, 0x1d, 0x37,
0xc7, 0x5f, 0x18, 0x57, 0x38, 0x96, 0x46, 0x24,
0xad, 0xa6, 0x59, 0x3d, 0x7a, 0x74, 0x6e, 0x88,
0x57, 0x18, 0x86, 0x7b, 0x07, 0x79, 0x52, 0xdd,
0xbc, 0xa7, 0x40, 0x88, 0xa6, 0x66, 0x50, 0x49,
// Q:
// 0x00, 0x00, 0x00, 0x00,
0xb4, 0x6d, 0x89, 0x7a, 0x72, 0xdb, 0x8c, 0x92,
0x60, 0xf9, 0x95, 0x47, 0x81, 0x57, 0xe8, 0x6b,
0xb4, 0xf9, 0xde, 0x51,
// G:
0x76, 0x1e, 0x1b, 0xd2, 0x5c, 0x5f, 0x92, 0x96,
0x42, 0x18, 0xba, 0x8d, 0xe1, 0x24, 0x12, 0x24,
0x6f, 0x3f, 0xb8, 0x05, 0xf9, 0x72, 0x74, 0xfa,
0xef, 0xc3, 0x1e, 0xd5, 0xa5, 0x93, 0x28, 0x07,
0xc0, 0x7b, 0x47, 0xef, 0x15, 0x13, 0x68, 0x18,
0xfb, 0x0d, 0x69, 0xea, 0xcc, 0x5a, 0x43, 0x08,
0x75, 0xec, 0xe4, 0x5e, 0x8e, 0xa9, 0x61, 0xe1,
0xcd, 0x27, 0x8c, 0x55, 0xc9, 0x42, 0x11, 0x11,
0x7f, 0x20, 0x4d, 0x70, 0x34, 0x49, 0x00, 0x8c,
0x79, 0x95, 0x79, 0x0b, 0xfd, 0x8d, 0xda, 0xe3,
0x0c, 0x27, 0x7a, 0x35, 0xe5, 0x35, 0xc9, 0x73,
0x31, 0xaa, 0xed, 0xbe, 0x81, 0x89, 0x67, 0x06,
0xf6, 0x97, 0x0d, 0x44, 0x07, 0xac, 0x09, 0xac,
0x44, 0xf3, 0xc6, 0x8b, 0x30, 0x4c, 0x76, 0x0b,
0x55, 0x74, 0x10, 0x06, 0xda, 0xd4, 0x3d, 0x96,
0x7e, 0xc3, 0xf8, 0x22, 0x9c, 0x71, 0x1d, 0x9c
};
#endif
#if DSA_KEY_BLOB_2048
#define PRIV_LEN_B (20)
#define PUB_LEN_B (32*8)
#define P_LEN_B (32*8)
#define Q_LEN_B (20)
#define G_LEN_B (32*8)
#define ALL_LEN_B (PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B+G_LEN_B)
static const uint8_t dsa_key_blob[] = {
/* priv: */
0x1d, 0xe4, 0x81, 0x02, 0x52, 0x6b, 0x2b, 0x0e,
0x98, 0x08, 0xc8, 0xb9, 0x81, 0x40, 0xd1, 0x1e,
0x86, 0x69, 0x0d, 0xa9,
/* pub: */
0x70, 0xc4, 0x44, 0x28, 0x91, 0x77, 0x2b, 0x09,
0xde, 0xe8, 0x66, 0x0b, 0xa5, 0xc8, 0x05, 0xb4,
0x0a, 0x2d, 0x4f, 0x45, 0x8e, 0x0c, 0x8c, 0x38,
0x61, 0xf3, 0x77, 0x05, 0x64, 0xf7, 0xe6, 0xe9,
0x0b, 0x1f, 0x9b, 0x9f, 0x1f, 0xa1, 0x7e, 0x8f,
0x5b, 0x14, 0x70, 0x1d, 0x4d, 0x1c, 0xdc, 0x9d,
0xe0, 0x0a, 0xc4, 0x7b, 0x70, 0xfd, 0xef, 0xe6,
0x20, 0x2d, 0x17, 0x13, 0xd7, 0x1c, 0xc0, 0xbb,
0x5b, 0xce, 0x84, 0x6a, 0xa5, 0x4e, 0x27, 0x1c,
0x9e, 0xaa, 0xb2, 0xdc, 0xc1, 0xec, 0x74, 0x93,
0x67, 0xdb, 0xe1, 0xaa, 0x5a, 0x86, 0x1d, 0x8a,
0xa9, 0x28, 0x7e, 0xfc, 0xd5, 0x72, 0x94, 0x6c,
0x1d, 0x71, 0x85, 0x92, 0xa7, 0x6e, 0x84, 0x4f,
0x27, 0xf3, 0x7e, 0x04, 0x7d, 0xf2, 0x7c, 0x07,
0xa0, 0x7d, 0x02, 0x7c, 0x30, 0x70, 0xb5, 0x87,
0xc3, 0xf0, 0xc2, 0x0c, 0xdb, 0x26, 0x72, 0x33,
0x20, 0xca, 0xf0, 0x8b, 0x05, 0x20, 0x70, 0x98,
0x65, 0x03, 0xd7, 0xd4, 0x47, 0xf0, 0xb2, 0x6e,
0x2a, 0xbe, 0xcc, 0x83, 0x0d, 0xab, 0x60, 0x61,
0x26, 0x7b, 0xaf, 0xae, 0x18, 0x9e, 0x20, 0xeb,
0x12, 0x31, 0x18, 0x2e, 0x73, 0xca, 0xd4, 0x5e,
0x66, 0x74, 0x61, 0x07, 0x9b, 0x20, 0x68, 0x12,
0x88, 0xb1, 0xc5, 0x0f, 0x85, 0x9b, 0x45, 0x40,
0x7d, 0x76, 0x62, 0x73, 0xba, 0x41, 0x7b, 0xaf,
0xc7, 0xb9, 0x19, 0x7a, 0xd0, 0x55, 0xe6, 0xfd,
0xb5, 0xb9, 0xc4, 0x1b, 0x22, 0x47, 0x8f, 0x7b,
0xd7, 0x75, 0xe8, 0x7f, 0x01, 0xa2, 0x9b, 0x79,
0xde, 0xea, 0x55, 0x3c, 0x61, 0x4d, 0xcd, 0xce,
0x89, 0x8c, 0x76, 0x62, 0x12, 0x4d, 0xd4, 0x47,
0x03, 0x0e, 0xe8, 0xe2, 0xb8, 0xda, 0xca, 0x20,
0xb3, 0x64, 0xb6, 0x07, 0x06, 0x1b, 0xcb, 0x91,
0x51, 0x2c, 0x2e, 0xfa, 0xe1, 0xee, 0x1e, 0x78,
/* P: */
0x8d, 0x09, 0x00, 0x56, 0x63, 0x39, 0x42, 0x8d,
0x15, 0xd5, 0x1d, 0x86, 0x10, 0xde, 0xc7, 0xf4,
0x07, 0xe5, 0x81, 0xbe, 0x67, 0xee, 0xc5, 0x33,
0xd3, 0x41, 0x1b, 0xba, 0xd8, 0xa6, 0x61, 0x49,
0x2d, 0x66, 0xcf, 0x60, 0x9f, 0x52, 0x60, 0x6e,
0x0a, 0x16, 0xdc, 0x0b, 0x24, 0x1b, 0x62, 0x32,
0xc4, 0xab, 0x52, 0x17, 0xbf, 0xc5, 0xa2, 0x2a,
0xa4, 0x5e, 0x8c, 0xff, 0x97, 0x45, 0x51, 0xd9,
0xc3, 0xf2, 0x32, 0x4a, 0xb9, 0x08, 0xc1, 0x6a,
0x7b, 0x82, 0x93, 0x2a, 0x60, 0x29, 0x55, 0x1a,
0x36, 0x1f, 0x05, 0x4f, 0xf1, 0x43, 0x12, 0xb2,
0x73, 0x4e, 0xf6, 0x37, 0x65, 0x3d, 0x0b, 0x70,
0x08, 0xc7, 0x34, 0x0b, 0x4d, 0xc9, 0x08, 0x70,
0xaf, 0x4b, 0x95, 0x0b, 0x7c, 0x9f, 0xcf, 0xfc,
0x57, 0x94, 0x47, 0x6d, 0xd1, 0xaf, 0xc6, 0x52,
0xd9, 0xe2, 0x05, 0xce, 0xb2, 0xb8, 0x91, 0x6f,
0x5a, 0x77, 0x6b, 0x1b, 0xff, 0x97, 0x8c, 0x5e,
0x33, 0xfc, 0x80, 0x29, 0xdf, 0x83, 0x91, 0x0c,
0x28, 0x1b, 0x00, 0xb4, 0xc9, 0x3e, 0xb7, 0x67,
0xca, 0xab, 0x63, 0xd4, 0x48, 0xfe, 0xd2, 0xfd,
0x65, 0x57, 0x33, 0x25, 0xbd, 0xf1, 0xa5, 0x51,
0x51, 0x50, 0xf6, 0xcf, 0xfa, 0x0d, 0x67, 0x4e,
0x90, 0x08, 0x87, 0x34, 0xf6, 0x33, 0xc9, 0x58,
0xb1, 0x87, 0xf8, 0x5d, 0x73, 0x80, 0xde, 0x51,
0xcd, 0x17, 0x70, 0x3e, 0xa4, 0xa8, 0x4f, 0xda,
0xcd, 0xa2, 0x66, 0x0f, 0x95, 0xa7, 0xc6, 0xf7,
0x12, 0x2e, 0x27, 0x94, 0xa9, 0x26, 0x1b, 0x25,
0x16, 0x18, 0x99, 0x3b, 0x32, 0xaf, 0x71, 0x13,
0x35, 0xda, 0xb8, 0x71, 0x5b, 0x50, 0x7c, 0x7a,
0x9d, 0xcc, 0x0d, 0x95, 0xef, 0x6f, 0x64, 0x3c,
0x28, 0x4b, 0x15, 0xe9, 0xd4, 0xad, 0xcc, 0x56,
0xcb, 0x24, 0xf9, 0x61, 0x79, 0xd7, 0x56, 0xd3,
/* Q: */
0xf7, 0xdf, 0x85, 0xf5, 0x63, 0x36, 0x63, 0x71,
0x74, 0x34, 0x98, 0x19, 0xff, 0x79, 0xf2, 0xe2,
0x15, 0x75, 0x3c, 0x95,
/* G: */
0x0c, 0xf6, 0x8b, 0x1a, 0xbe, 0x66, 0x84, 0x98,
0xae, 0xcb, 0xb0, 0xd9, 0x75, 0x75, 0x32, 0x4b,
0xa3, 0xf2, 0x28, 0xa6, 0x6d, 0x13, 0xf2, 0xf3,
0xfd, 0x93, 0x91, 0xb1, 0x21, 0x1e, 0xcc, 0x08,
0x87, 0xce, 0x74, 0xb1, 0xd0, 0x19, 0x50, 0xff,
0xac, 0xef, 0x9f, 0x82, 0xda, 0x75, 0xda, 0x6d,
0x89, 0xf3, 0x0b, 0xdc, 0x27, 0x98, 0x85, 0x01,
0x68, 0xb7, 0xbd, 0x98, 0x83, 0xb1, 0xb0, 0x65,
0x31, 0x71, 0x43, 0x05, 0xa7, 0x76, 0x63, 0xe4,
0x7d, 0x61, 0x53, 0xc7, 0x3e, 0x3b, 0x82, 0x28,
0x65, 0x07, 0xfe, 0x9e, 0xa3, 0x35, 0x2c, 0xdc,
0x9e, 0x05, 0x7c, 0x9a, 0x69, 0xc6, 0x9f, 0xc2,
0x3f, 0x94, 0x6b, 0xad, 0xa4, 0x2b, 0x5d, 0x48,
0x9e, 0x2c, 0xad, 0xd2, 0x89, 0x49, 0xdc, 0xdb,
0x55, 0x49, 0x56, 0xaf, 0xe9, 0x0e, 0x37, 0xe7,
0x1f, 0x42, 0x6a, 0x7c, 0xac, 0xe8, 0x1b, 0xbb,
0x21, 0x82, 0x14, 0x72, 0x17, 0x64, 0xf0, 0x3c,
0x3d, 0xc1, 0x43, 0x27, 0x27, 0x9f, 0xe9, 0x21,
0xf2, 0x2f, 0xf7, 0xfa, 0x3c, 0xed, 0xbf, 0xab,
0xab, 0xb7, 0x3c, 0x6d, 0x1e, 0x85, 0x9f, 0x77,
0x4f, 0x69, 0x09, 0x4e, 0xed, 0x13, 0x84, 0x40,
0x1a, 0xc6, 0xa1, 0xd9, 0x68, 0xb6, 0x18, 0x32,
0x79, 0x25, 0x9e, 0xa6, 0x41, 0x30, 0xd1, 0xc2,
0x7a, 0x8f, 0x0d, 0x46, 0xee, 0xda, 0xb0, 0xbf,
0x64, 0x42, 0x59, 0x7e, 0x22, 0x88, 0xd6, 0x52,
0xec, 0xed, 0xc4, 0x13, 0xb1, 0x7f, 0x5c, 0x77,
0x4c, 0xfd, 0x22, 0x90, 0xd3, 0xe3, 0xa9, 0xc1,
0x0f, 0x25, 0xac, 0xd5, 0x04, 0x84, 0xe6, 0xa8,
0xc7, 0xb4, 0x4f, 0xa2, 0x67, 0xae, 0xaa, 0x92,
0xe9, 0x0a, 0xed, 0x45, 0x5b, 0xf0, 0x1b, 0x69,
0xec, 0xaf, 0x7d, 0xf2, 0x71, 0x25, 0xbf, 0x92,
0xd4, 0xd0, 0x5b, 0xde, 0x5a, 0x2d, 0x18, 0x8e
};
#endif
void load_dsa_key_blob(dsa_ctx_t* ctx){
if(ctx->priv.wordv){
free(ctx->priv.wordv);
}
ctx->priv.wordv = malloc(ALL_LEN_B);
if(ctx->priv.wordv==NULL){
cli_putstr("\r\nERROR: OUT OF MEMORY!!!");
return;
}
memcpy(ctx->priv.wordv, dsa_key_blob, ALL_LEN_B);
ctx->priv.length_W=(PRIV_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->pub.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B);
ctx->pub.length_W = (PUB_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.p.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B);
ctx->domain.p.length_W = (P_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.q.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B);
ctx->domain.q.length_W = (Q_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
ctx->domain.g.wordv = (bigint_word_t*)((uint8_t*)ctx->priv.wordv+PRIV_LEN_B+PUB_LEN_B+P_LEN_B+Q_LEN_B);
ctx->domain.g.length_W = (G_LEN_B+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
bigint_changeendianess(&(ctx->priv));
bigint_changeendianess(&(ctx->pub));
bigint_changeendianess(&(ctx->domain.p));
bigint_changeendianess(&(ctx->domain.q));
bigint_changeendianess(&(ctx->domain.g));
bigint_adjust(&(ctx->priv));
bigint_adjust(&(ctx->pub));
bigint_adjust(&(ctx->domain.p));
bigint_adjust(&(ctx->domain.q));
bigint_adjust(&(ctx->domain.g));
}

25
dsa/dsa_key_blob.h Normal file
View File

@ -0,0 +1,25 @@
/* dsa_key_blob.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DSA_KEY_BLOB_H_
#define DSA_KEY_BLOB_H_
void load_dsa_key_blob(dsa_ctx_t* ctx);
#endif /* DSA_KEY_BLOB_H_ */

76
dsa/dsa_sign.c Normal file
View File

@ -0,0 +1,76 @@
/* dsa_sign.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hashfunction_descriptor.h"
#include "hfal-basic.h"
#define MAX(a,b) (((a)>(b))?(a):(b))
uint8_t dsa_sign_bigint(dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx, const bigint_t* k){
bigint_t tmp, tmp2;
bigint_word_t tmp_b[ctx->domain.p.length_W+5], tmp2_b[ctx->domain.q.length_W+5];
tmp.wordv= tmp_b;
tmp2.wordv = tmp2_b;
bigint_expmod_u(&tmp, &(ctx->domain.g), k, &(ctx->domain.p));
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->r), &tmp);
bigint_mul_u(&tmp, &tmp, &(ctx->priv));
bigint_add_u(&tmp, &tmp, m);
bigint_inverse(&tmp2, k, &(ctx->domain.q));
bigint_mul_u(&tmp, &tmp, &tmp2);
bigint_reduce(&tmp, &(ctx->domain.q));
bigint_copy(&(s->s), &tmp);
if(s->s.length_W==0 || s->r.length_W==0){
return 1;
}
return 0;
}
uint8_t dsa_sign_message(dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx,
uint8_t(*rand_in)(void)){
bigint_t z, k;
uint16_t i, n_B = ctx->domain.q.length_W;
unsigned hash_length = MAX(n_B,(hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8));
bigint_word_t hash_value[hash_length];
bigint_word_t k_b[n_B];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
k.wordv = k_b;
k.length_W = n_B;
do{
for(i=0; i<n_B*sizeof(bigint_word_t); ++i){
((uint8_t*)k_b)[i] = rand_in();
}
k.length_W = n_B;
bigint_adjust(&k);
}while(dsa_sign_bigint(s, &z, ctx, &k));
return 0;
}

78
dsa/dsa_verify.c Normal file
View File

@ -0,0 +1,78 @@
/* dsa_verify.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <string.h>
#include "bigint.h"
#include "dsa.h"
#include "hfal-basic.h"
uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx){
if(s->r.length_W==0 || s->s.length_W==0){
return DSA_SIGNATURE_FAIL;
}
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0){
return DSA_SIGNATURE_FAIL;
}
bigint_t w, u1, u2, v1, v2;
bigint_word_t w_b[ctx->domain.q.length_W], u1_b[ctx->domain.q.length_W*2], u2_b[ctx->domain.q.length_W*2];
bigint_word_t v1_b[ctx->domain.p.length_W*2], v2_b[ctx->domain.p.length_W];
w.wordv = w_b;
u1.wordv = u1_b;
u2.wordv = u2_b;
v1.wordv = v1_b;
v2.wordv = v2_b;
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
bigint_mul_u(&u1, &w, m);
bigint_reduce(&u1, &(ctx->domain.q));
bigint_mul_u(&u2, &w, &(s->r));
bigint_reduce(&u2, &(ctx->domain.q));
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
bigint_mul_u(&v1, &v1, &v2);
bigint_reduce(&v1, &(ctx->domain.p));
bigint_reduce(&v1, &(ctx->domain.q));
if(bigint_cmp_u(&v1, &(s->r))==0){
return DSA_SIGNATURE_OK;
}
return DSA_SIGNATURE_FAIL;
}
uint8_t dsa_verify_message(const dsa_signature_t* s, const void* m, uint16_t m_len_b,
const hfdesc_t* hash_desc, const dsa_ctx_t* ctx){
bigint_t z;
uint16_t n_B = ctx->domain.q.length_W;
unsigned hash_length = (hfal_hash_getHashsize(hash_desc)+sizeof(bigint_word_t)*8-1)/(sizeof(bigint_word_t)*8);
bigint_word_t hash_value[hash_length];
memset(hash_value, 0, hash_length*sizeof(bigint_word_t));
hfal_hash_mem(hash_desc, hash_value, m, m_len_b);
z.wordv = hash_value;
z.length_W = n_B;
bigint_changeendianess(&z);
bigint_adjust(&z);
return dsa_verify_bigint(s, &z, ctx);
}

135
entropium/entropium.c Normal file
View File

@ -0,0 +1,135 @@
/* entropium.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file entropium.c
* \author Daniel Otte
* \email daniel.otte@rub.de
* \date 2006-05-17
* \license GPLv3 or later
* \brief This file contains an implementaition of a pseudo-random-number generator.
*
* Extension 1:
* rndCore is expanded to 512 bits for more security.
*
\verbatim
################################################################################################
# #
# +---------------------------+ #
# | | #
# V | #
# (concat) | #
+---------------+ # o---------o (xor)+---------+ o---------o o----o o---------o # +--------------+
| entropy Block | -----> | sha-256 | --(offset)-< | rndCore | ---> | sha-256 | --+----| +1 |---> | sha-256 | -----> | random Block |
+---------------+ # o---------o (xor)+---------+ o---------o | o----o o---------o # +--------------+
# (xor) (xor) | #
# ^ ^ | #
# \ / | #
# (offset)---------------------+ #
# #
################################################################################################
\endverbatim
*/
#include <inttypes.h>
#include <string.h>
#include "sha256.h"
#include "entropium.h"
#include <stdio.h>
/**
* \brief secret entropy pool.
* This is the core of the random which is generated
*/
static
uint32_t rndCore[16];
/*************************************************************************/
/* idea is: hash the message and add it via xor to rndCore
*
* length in bits
*
* we simply first "hash" rndCore, then entropy.
*/
void entropium_addEntropy(unsigned length_b, const void* data){
sha256_ctx_t s;
static uint8_t offset=0; /* selects if higher or lower half gets updated */
sha256_init(&s);
sha256_nextBlock(&s, rndCore);
while (length_b>=512){
sha256_nextBlock(&s, data);
data = (uint8_t*)data+ 512/8;
length_b -= 512;
}
sha256_lastBlock(&s, data, length_b);
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
}
/*************************************************************************/
void entropium_getRandomBlock(void *b){
sha256_ctx_t s;
uint8_t offset=8;
sha256_init(&s);
sha256_lastBlock(&s, rndCore, 512); /* remember the byte order! */
uint8_t i;
for (i=0; i<8; ++i){
rndCore[i+offset] ^= s.h[i];
}
offset ^= 8; /* hehe */
memcpy(b, s.h, 32); /* back up first hash in b */
((uint8_t*)b)[*((uint8_t*)b)&31]++; /* the important increment step */
sha256_init(&s);
sha256_lastBlock(&s, b, 256);
memcpy(b, s.h, 32);
}
/*************************************************************************/
uint8_t entropium_getRandomByte(void){
static uint8_t block[32];
static uint8_t i = 0;
if(i == 0){
entropium_getRandomBlock((void*)block);
i = 32;
}
return block[--i];
}
void entropium_fillBlockRandom(void* block, unsigned length_B){
while(length_B>ENTROPIUM_RANDOMBLOCK_SIZE){
entropium_getRandomBlock(block);
block = (uint8_t*)block + ENTROPIUM_RANDOMBLOCK_SIZE;
length_B -= ENTROPIUM_RANDOMBLOCK_SIZE;
}
while(length_B){
*((uint8_t*)block) = entropium_getRandomByte();
block= (uint8_t*)block +1; --length_B;
}
}

84
entropium/entropium.h Normal file
View File

@ -0,0 +1,84 @@
/* entropium.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* File: entropium.h
* Author: Daniel Otte
* Date: 23.07.2006
* License: GPL
* Description: This file contains the declarations for the pseudo-random-number generator.
**/
/**
* \file entropium.h
* \author Daniel Otte
* \date 23.07.2006
* \license GPLv3 or later
* \brief This file contains the declarations for the pseudo-random-number generator.
**/
#ifndef ENTROPIUM_H_
#define ENTROPIUM_H_
#include <stdint.h>
/*
* length in bits
*/
#define ENTROPIUM_RANDOMBLOCK_SIZE 32 /* bytes */
/** \fn void entropium_addEntropy(unsigned length_b, const void* data)
* \brief add entropy to the prng
*
* This function adds data to the internal entropy pool
* \param length_b length of the data block in bits
* \param data pointer to the data
*/
void entropium_addEntropy(unsigned length_b, const void* data);
/** \fn void entropium_getRandomBlock(void* b)
* \brief generate a fixed size block of random data
*
* This function writes 32 bytes of random extracted from the entropy pool
* in the supplied buffer.
* \param b buffer where the random data gets written
*/
void entropium_getRandomBlock(void* b);
/** \fn uint8_t entropium_getRandomByte(void)
* \brief get a single byte of random data
*
* This function utilizes a internal buffer which gets automatically filled
* again.
* \return a byte of random data
*/
uint8_t entropium_getRandomByte(void);
/** \fn void entropium_fillBlockRandom(void* block, unsigned length_B)
* \brief get a block of random data
*
* This function writes random data extracted from the entropy pool in the
* supplied buffer. It shares a internal buffer with the
* entropium_getRandomByte() function.
* \param block pointer to the buffer where the random data goes
* \param length_B number of bytes to be written to the buffer
*/
void entropium_fillBlockRandom(void* block, unsigned length_B);
#endif /*PRNG_H_*/

130
hmac-md5/hmac-md5.c Normal file
View File

@ -0,0 +1,130 @@
/* hmac-md5.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "md5.h"
#include "hmac-md5.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b){
uint8_t buffer[MD5_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, MD5_BLOCK_BYTES);
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
md5_init(&(s->a));
md5_nextBlock(&(s->a), buffer);
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
md5_init(&(s->b));
md5_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, MD5_BLOCK_BYTES);
#endif
}
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block){
md5_nextBlock(&(s->a), block);
}
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b){
md5_lastBlock(&(s->a), block, length_b);
}
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s){
md5_ctx2hash((md5_hash_t*)dest, &(s->a));
md5_lastBlock(&(s->b), dest, MD5_HASH_BITS);
md5_ctx2hash((md5_hash_t*)dest, &(s->b));
}
#endif
/*
void hmac_md5_nextBlock()
void hmac_md5_lastBlock()
*/
/*
* keylength in bits!
* message length in bits!
*/
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b){ /* a one-shot*/
md5_ctx_t s;
uint8_t i;
uint8_t buffer[MD5_BLOCK_BYTES];
memset(buffer, 0, MD5_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > MD5_BLOCK_BITS){
md5((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
md5_init(&s);
md5_nextBlock(&s, buffer);
while (msglength_b >= MD5_BLOCK_BITS){
md5_nextBlock(&s, msg);
msg = (uint8_t*)msg + MD5_BLOCK_BYTES;
msglength_b -= MD5_BLOCK_BITS;
}
md5_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<MD5_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
md5_ctx2hash(dest, &s); /* save inner hash temporary to dest */
md5_init(&s);
md5_nextBlock(&s, buffer);
md5_lastBlock(&s, dest, MD5_HASH_BITS);
md5_ctx2hash(dest, &s);
}

42
hmac-md5/hmac-md5.h Normal file
View File

@ -0,0 +1,42 @@
/* hmac-md5.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HMACMD5_H_
#define HMACMD5_H_
#include "md5.h"
#define HMAC_MD5_BITS MD5_HASH_BITS
#define HMAC_MD5_BYTES MD5_HASH_BYTES
#define HMAC_MD5_BLOCK_BITS MD5_BLOCK_BITS
#define HMAC_MD5_BLOCK_BYTES MD5_BLOCK_BYTES
typedef struct{
md5_ctx_t a,b;
} hmac_md5_ctx_t;
void hmac_md5_init(hmac_md5_ctx_t *s, void* key, uint16_t keylength_b);
void hmac_md5_nextBlock(hmac_md5_ctx_t *s, const void* block);
void hmac_md5_lastBlock(hmac_md5_ctx_t *s, const void* block, uint16_t length_b);
void hmac_md5_final(void* dest, hmac_md5_ctx_t *s);
void hmac_md5(void* dest, void* key, uint16_t keylength_b, void* msg, uint32_t msglength_b);
#endif /*HMACMD5_H_*/

131
hmac-sha1/hmac-sha1.c Normal file
View File

@ -0,0 +1,131 @@
/* hmac-sha1.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "sha1.h"
#include "hmac-sha1.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHORTONLY
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b){
uint8_t buffer[SHA1_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, SHA1_BLOCK_BYTES);
if (keylength_b > SHA1_BLOCK_BITS){
sha1((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha1_init(&(s->a));
sha1_nextBlock(&(s->a), buffer);
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
sha1_init(&(s->b));
sha1_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, SHA1_BLOCK_BYTES);
#endif
}
void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block){
sha1_nextBlock(&(s->a), block);
}
void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b){
while(length_b>=SHA1_BLOCK_BITS){
sha1_nextBlock(&(s->a), block);
block = (uint8_t*)block + SHA1_BLOCK_BYTES;
length_b -= SHA1_BLOCK_BITS;
}
sha1_lastBlock(&(s->a), block, length_b);
}
void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s){
sha1_ctx2hash(dest, &(s->a));
sha1_lastBlock(&(s->b), dest, SHA1_HASH_BITS);
sha1_ctx2hash(dest, &(s->b));
}
#endif
/*
* keylength in bits!
* message length in bits!
*/
void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
sha1_ctx_t s;
uint8_t i;
uint8_t buffer[SHA1_BLOCK_BYTES];
memset(buffer, 0, SHA1_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > SHA1_BLOCK_BITS){
sha1((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha1_init(&s);
sha1_nextBlock(&s, buffer);
while (msglength_b >= SHA1_BLOCK_BITS){
sha1_nextBlock(&s, msg);
msg = (uint8_t*)msg + SHA1_BLOCK_BYTES;
msglength_b -= SHA1_BLOCK_BITS;
}
sha1_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<SHA1_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
sha1_ctx2hash(dest, &s); /* save inner hash temporary to dest */
sha1_init(&s);
sha1_nextBlock(&s, buffer);
sha1_lastBlock(&s, dest, SHA1_HASH_BITS);
sha1_ctx2hash(dest, &s);
}

41
hmac-sha1/hmac-sha1.h Normal file
View File

@ -0,0 +1,41 @@
/* hmac-sha1.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HMACSHA1_H_
#define HMACSHA1_H_
#include "sha1.h"
#define HMAC_SHA1_BITS SHA1_HASH_BITS
#define HMAC_SHA1_BYTES SHA1_HASH_BYTES
#define HMAC_SHA1_BLOCK_BITS SHA1_BLOCK_BITS
#define HMAC_SHA1_BLOCK_BYTES SHA1_BLOCK_BYTES
typedef struct{
sha1_ctx_t a, b;
} hmac_sha1_ctx_t;
void hmac_sha1_init(hmac_sha1_ctx_t *s, const void* key, uint16_t keylength_b);
void hmac_sha1_nextBlock(hmac_sha1_ctx_t *s, const void* block);
void hmac_sha1_lastBlock(hmac_sha1_ctx_t *s, const void* block, uint16_t length_b);
void hmac_sha1_final(void* dest, hmac_sha1_ctx_t *s);
void hmac_sha1(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
#endif /*HMACSHA1_H_*/

130
hmac-sha256/hmac-sha256.c Normal file
View File

@ -0,0 +1,130 @@
/* hmac-sha256.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* implementation of HMAC as described in RFC2104
* Author: Daniel Otte
* email: daniel.otte@rub.de
* License: GPLv3 or later
**/
/*
* hmac = hash ( k^opad , hash( k^ipad , msg))
*/
#include <stdint.h>
#include <string.h>
#include "config.h"
#include "sha256.h"
#include "hmac-sha256.h"
#define IPAD 0x36
#define OPAD 0x5C
#ifndef HMAC_SHA256_SHORTONLY
void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b){
uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
uint8_t i;
memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
if (keylength_b > HMAC_SHA256_BLOCK_BITS){
sha256((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha256_init(&(s->a));
sha256_nextBlock(&(s->a), buffer);
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD^OPAD;
}
sha256_init(&(s->b));
sha256_nextBlock(&(s->b), buffer);
#if defined SECURE_WIPE_BUFFER
memset(buffer, 0, SHA256_BLOCK_BYTES);
#endif
}
void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block){
sha256_nextBlock(&(s->a), block);
}
void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b){
/* while(length_b>=SHA256_BLOCK_BITS){
sha256_nextBlock(&(s->a), block);
block = (uint8_t*)block + SHA256_BLOCK_BYTES;
length_b -= SHA256_BLOCK_BITS;
}
*/ sha256_lastBlock(&(s->a), block, length_b);
}
void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s){
sha256_ctx2hash(dest, &(s->a));
sha256_lastBlock(&(s->b), dest, SHA256_HASH_BITS);
sha256_ctx2hash(dest, &(s->b));
}
#endif
/*
* keylength in bits!
* message length in bits!
*/
void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b){ /* a one-shot*/
sha256_ctx_t s;
uint8_t i;
uint8_t buffer[HMAC_SHA256_BLOCK_BYTES];
memset(buffer, 0, HMAC_SHA256_BLOCK_BYTES);
/* if key is larger than a block we have to hash it*/
if (keylength_b > SHA256_BLOCK_BITS){
sha256((void*)buffer, key, keylength_b);
} else {
memcpy(buffer, key, (keylength_b+7)/8);
}
for (i=0; i<SHA256_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD;
}
sha256_init(&s);
sha256_nextBlock(&s, buffer);
while (msglength_b >= HMAC_SHA256_BLOCK_BITS){
sha256_nextBlock(&s, msg);
msg = (uint8_t*)msg + HMAC_SHA256_BLOCK_BYTES;
msglength_b -= HMAC_SHA256_BLOCK_BITS;
}
sha256_lastBlock(&s, msg, msglength_b);
/* since buffer still contains key xor ipad we can do ... */
for (i=0; i<HMAC_SHA256_BLOCK_BYTES; ++i){
buffer[i] ^= IPAD ^ OPAD;
}
sha256_ctx2hash(dest, &s); /* save inner hash temporary to dest */
sha256_init(&s);
sha256_nextBlock(&s, buffer);
sha256_lastBlock(&s, dest, SHA256_HASH_BITS);
sha256_ctx2hash(dest, &s);
}

43
hmac-sha256/hmac-sha256.h Normal file
View File

@ -0,0 +1,43 @@
/* hmac-sha256.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef HMACSHA256_H_
#define HMACSHA256_H_
#include "sha256.h"
#define HMAC_SHA256_BITS SHA256_HASH_BITS
#define HMAC_SHA256_BYTES SHA256_HASH_BYTES
#define HMAC_SHA256_BLOCK_BITS SHA256_BLOCK_BITS
#define HMAC_SHA256_BLOCK_BYTES SHA256_BLOCK_BYTES
typedef struct {
sha256_ctx_t a,b;
} hmac_sha256_ctx_t;
void hmac_sha256_init(hmac_sha256_ctx_t *s, const void* key, uint16_t keylength_b);
void hmac_sha256_nextBlock(hmac_sha256_ctx_t *s, const void* block);
void hmac_sha256_lastBlock(hmac_sha256_ctx_t *s, const void* block, uint16_t length_b);
void hmac_sha256_final(void* dest, hmac_sha256_ctx_t *s);
void hmac_sha256(void* dest, const void* key, uint16_t keylength_b, const void* msg, uint32_t msglength_b);
#endif /*HMACSHA256_H_*/

175
main_headers Normal file
View File

@ -0,0 +1,175 @@
./a51/A5_1.h
./aes/aes128_dec.h
./aes/aes128_enc.h
./aes/aes192_dec.h
./aes/aes192_enc.h
./aes/aes256_dec.h
./aes/aes256_enc.h
./aes/aes_dec.h
./aes/aes_enc.h
./aes/aes.h
./aes/aes_invsbox.h
./aes/aes_keyschedule.h
./aes/aes_sbox.h
./aes/aes_types.h
./arcfour/arcfour.h
./backup/keccak/keccak.h
./base64/base64_dec.h
./base64/base64_enc.h
./bcal/bcal_aes128.h
./bcal/bcal_aes192.h
./bcal/bcal_aes256.h
./bcal/bcal-basic.h
./bcal/bcal_camellia128.h
./bcal/bcal_cast5.h
./bcal/bcal_cast6.h
./bcal/bcal-cbc.h
./bcal/bcal-cfb_bit.h
./bcal/bcal-cfb_byte.h
./bcal/bcal-cmac.h
./bcal/bcal_cscipher.h
./bcal/bcal-ctr.h
./bcal/bcal_des.h
./bcal/bcal-eax.h
./bcal/bcal_khazad.h
./bcal/bcal-nessie.h
./bcal/bcal_noekeon.h
./bcal/bcal-ofb.h
./bcal/bcal-performance.h
./bcal/bcal_present80.h
./bcal/bcal_present128.h
./bcal/bcal_rc5.h
./bcal/bcal_rc6.h
./bcal/bcal_seed.h
./bcal/bcal_serpent.h
./bcal/bcal_skipjack.h
./bcal/bcal_tdes2.h
./bcal/bcal_tdes.h
./bcal/bcal_threefish1024.h
./bcal/bcal_threefish256.h
./bcal/bcal_threefish512.h
./bcal/bcal_xtea.h
./bcal/keysize_descriptor.h
./bigint/bigint.h
./bigint/bigint_io.h
./bigint/old_io/bigint_io.h
./blake/blake_common.h
./blake/blake_large.h
./blake/blake_small.h
./blockcipher_descriptor.h
./bmw/bmw_large.h
./bmw/bmw_small.h
./camellia/camellia.h
./cast5/cast5.h
./cast5/cast5-sbox.h
./cast6/cast6.h
./cast6/cast6_sboxes.h
./cscipher/cscipher.h
./cscipher/cscipher_sbox.h
./cubehash/cubehash.h
./des/des.h
./dsa/dsa.h
./dsa/dsa_key_blob.h
./echo/aes_enc_round.h
./echo/echo.h
./entropium/entropium.h
./entropium/sha256.h
./gf256mul/gf256mul.h
./grain/grain.h
./groestl/groestl_large.h
./groestl/groestl_small.h
./hashfunction_descriptor.h
./hfal/hfal-basic.h
./hfal/hfal_blake_large.h
./hfal/hfal_blake_small.h
./hfal/hfal_bmw_large.h
./hfal/hfal_bmw_small.h
./hfal/hfal_cubehash.h
./hfal/hfal_echo.h
./hfal/hfal_groestl_large.h
./hfal/hfal_groestl_small.h
./hfal/hfal-hmac.h
./hfal/hfal_jh.h
./hfal/hfal_keccak.h
./hfal/hfal_md5.h
./hfal/hfal-nessie.h
./hfal/hfal-performance.h
./hfal/hfal_sha1.h
./hfal/hfal_sha224.h
./hfal/hfal_sha256.h
./hfal/hfal_sha384.h
./hfal/hfal_sha512.h
./hfal/hfal_shabal.h
./hfal/hfal_skein1024.h
./hfal/hfal_skein256.h
./hfal/hfal_skein512.h
./hfal/hfal-test.h
./hmac-md5/hmac-md5.h
./hmac-sha1/hmac-sha1.h
./hmac-sha256/hmac-sha256.h
./jh_/jh_simple.h
./jh/jh_simple.h
./jh_/jh_tables.h
./jh/jh_tables.h
./keccak/keccak.h
./khazad/khazad.h
./lfsr-helper.h
./md5/md5.h
./md5/md5_sbox.h
./memxor/memxor.h
./mgf1/mgf1.h
./mickey128/mickey128.h
./mqq-sign/mqq160-sign.h
./mqq-sign/mqq160-sign_P.h
./mqq-sign/mqq160-sign_testkey.h
./mugi/aes_sbox.h
./mugi/mugi.h
./noekeon/noekeon_cbc_enc.h
./noekeon/noekeon_ctr.h
./noekeon/noekeon.h
./noekeon/noekeon_prng.h
./noekeon/omac_noekeon.h
./present/present80.h
./present/present128.h
./prf_tls12/prf_tls12.h
./rabbit/rabbit.h
./rc5/rc5.h
./rc6/rc6.h
./rsa/random_dummy.h
./rsa/rsa_basic.h
./rsa/rsaes_oaep.h
./rsa/rsaes_pkcs1v15.h
./salsa20/salsa20.h
./scal/scal_arcfour.h
./scal/scal-basic.h
./scal/scal_grain.h
./scal/scal_mickey128.h
./scal/scal-nessie.h
./scal/scal_rabbit.h
./scal/scal_salsa20.h
./scal/scal_trivium.h
./seed/seed.h
./seed/seed_sbox.h
./serpent/serpent.h
./serpent/serpent-sboxes.h
./sha1/sha1.h
./sha2/sha224.h
./sha2/sha256.h
./sha2/sha2_large_common.h
./sha2/sha2_small_common.h
./sha2/sha384.h
./sha2/sha512.h
./sha3-api.h
./shabal/shabal.h
./shabea/sha256.h
./shabea/shabea.h
./shacal1/shacal1_enc.h
./shacal2/shacal2_enc.h
./skein/skein.h
./skein/threefish.h
./skein/ubi.h
./skipjack/skipjack.h
./streamcipher_descriptor.h
./trivium/trivium.h
./xtea/xtea.h
./zodiac.h

4
mkfiles/001_scal_std.mk Normal file
View File

@ -0,0 +1,4 @@
SCAL_STD = nessie_common.o performance_test.o memxor.o \
scal-basic.o scal-nessie.o \
keysize_descriptor.o nessie_stream_test.o
# scal-performance.o

26
mkfiles/002_bcal_algos.mk Normal file
View File

@ -0,0 +1,26 @@
# Makefile for bcal-algos (library)
ALGO_NAME := BCAL_ALGOS
$(ALGO_NAME)_DIR := bcal/
$(ALGO_NAME)_INCDIR :=
$(ALGO_NAME)_OBJ := \
bcal_aes128.o \
bcal_aes192.o \
bcal_aes256.o \
bcal_cast5.o \
bcal_cast6.o \
bcal_cscipher.o \
bcal_des.o \
bcal_khazad.o \
bcal_noekeon.o \
bcal_present80.o \
bcal_present128.o \
bcal_rc5.o \
bcal_rc6.o \
bcal_seed.o \
bcal_serpent.o \
bcal_tdes2.o \
bcal_tdes.o \
bcal_xtea.o

27
mkfiles/002_hfal_algos.mk Normal file
View File

@ -0,0 +1,27 @@
# Makefile for hfal-algos (library)
ALGO_NAME := HFAL_ALGOS
$(ALGO_NAME)_DIR := hfal/
$(ALGO_NAME)_INCDIR :=
$(ALGO_NAME)_OBJ := \
hfal_blake_large.o \
hfal_blake_small.o \
hfal_bmw_large.o \
hfal_bmw_small.o \
hfal_cubehash.o \
hfal_echo.o \
hfal_groestl_large.o \
hfal_groestl_small.o \
hfal_jh.o \
hfal_keccak.o \
hfal_md5.o \
hfal_sha1.o \
hfal_sha224.o \
hfal_sha256.o \
hfal_sha384.o \
hfal_sha512.o \
hfal_shabal.o \
hfal_skein1024.o \
hfal_skein256.o \
hfal_skein512.o

14
mkfiles/002_scal_algos.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for scal-algos (library)
ALGO_NAME := SCAL_ALGOS
$(ALGO_NAME)_DIR := scal/
$(ALGO_NAME)_INCDIR :=
$(ALGO_NAME)_OBJ := \
scal_arcfour.o \
scal_grain.o \
scal_mickey128.o \
scal_rabbit.o \
scal_salsa20.o \
scal_trivium.o

13
mkfiles/bmw_asm.mk Normal file
View File

@ -0,0 +1,13 @@
# Makefile for BlueMidnightWish
ALGO_NAME := BMW
# comment out the following line for removement of BlueMidnightWish from the build process
#HASHES += $(ALGO_NAME) # currently buggy
$(ALGO_NAME)_DIR := bmw/
$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := bmw_small-asm-cstub.o bmw_small-asm.o bmw_large.o memxor.o
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
$(ALGO_NAME)_PERFORMANCE_TEST := performance

13
mkfiles/bmw_asm_speed.mk Normal file
View File

@ -0,0 +1,13 @@
# Makefile for BlueMidnightWish
ALGO_NAME := BMW_ASM_SPEED
# comment out the following line for removement of BlueMidnightWish from the build process
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asm_f0.o bmw_large_speed.o memxor.o
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
$(ALGO_NAME)_PERFORMANCE_TEST := performance

13
mkfiles/bmw_asmmix_speed.mk Normal file
View File

@ -0,0 +1,13 @@
# Makefile for BlueMidnightWish
ALGO_NAME := BMW_ASMMIX_SPEED
# comment out the following line for removement of BlueMidnightWish from the build process
HASHES += $(ALGO_NAME)
$(ALGO_NAME)_DIR := bmw/
$(ALGO_NAME)_INCDIR := memxor/ hfal/
$(ALGO_NAME)_OBJ := bmw_small_speed_cstub.o bmw_small_speed_asmmix_f0.o bmw_large_speed.o memxor.o
$(ALGO_NAME)_TESTBIN := main-bmw-test.o hfal_bmw_small.o hfal_bmw_large.o $(CLI_STD) $(HFAL_STD)
$(ALGO_NAME)_NESSIE_TEST := test nessie
$(ALGO_NAME)_PERFORMANCE_TEST := performance

14
mkfiles/camellia_c.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for camellia
ALGO_NAME := CAMELLIA_C
# comment out the following line for removement of serpent from the build process
BLOCK_CIPHERS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := camellia/
$(ALGO_NAME)_INCDIR := bcal/
$(ALGO_NAME)_OBJ := camellia_C.o
$(ALGO_NAME)_TESTBIN := main-camellia-test.o $(CLI_STD) $(BCAL_STD) \
bcal_camellia128.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

14
mkfiles/dsa.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for DSA
ALGO_NAME := DSA
# comment out the following line for removement of DSA from the build process
SIGNATURE += $(ALGO_NAME)
$(ALGO_NAME)_DIR := dsa/
$(ALGO_NAME)_INCDIR := memxor/ bigint/ sha1/ noekeon/ base64/ hfal/
$(ALGO_NAME)_OBJ := bigint.o bigint_io.o sha1.o dsa_sign.o dsa_verify.o dsa_key_blob.o base64_enc.o
$(ALGO_NAME)_TESTBIN := main-dsa-test.o $(CLI_STD) hfal_sha1.o $(HFAL_STD) \
noekeon.o noekeon_prng.o memxor.o
$(ALGO_NAME)_PERFORMANCE_TEST := performance

14
mkfiles/entropium.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for Entropium PRNG
ALGO_NAME := ENTROPIUM
# comment out the following line for removement of PRNG from the build process
PRNGS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := entropium/
$(ALGO_NAME)_INCDIR := sha2/
$(ALGO_NAME)_OBJ := entropium.o sha256.o sha2_small_common.o
$(ALGO_NAME)_TESTBIN := main-entropium-test.o $(CLI_STD) performance_test.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

14
mkfiles/hmac-md5.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for HMAC-MD5
ALGO_NAME := HMAC-MD5
# comment out the following line for removement of HMAC-MD5 from the build process
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-md5/
$(ALGO_NAME)_INCDIR := md5/
$(ALGO_NAME)_OBJ := hmac-md5.o md5.o md5_sbox.o
$(ALGO_NAME)_TESTBIN := main-hmac-md5-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

14
mkfiles/hmac-sha1.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for HMAC-SHA1
ALGO_NAME := HMAC-SHA1
# comment out the following line for removement of HMAC-SHA1 from the build process
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-sha1/
$(ALGO_NAME)_INCDIR := sha1/
$(ALGO_NAME)_OBJ := hmac-sha1.o sha1.o
$(ALGO_NAME)_TESTBIN := main-hmac-sha1-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

14
mkfiles/hmac-sha256.mk Normal file
View File

@ -0,0 +1,14 @@
# Makefile for HMAC-SHA256
ALGO_NAME := HMAC-SHA256
# comment out the following line for removement of HMAC-SHA256 from the build process
MACS += $(ALGO_NAME)
$(ALGO_NAME)_DIR := hmac-sha256/
$(ALGO_NAME)_INCDIR := sha2/
$(ALGO_NAME)_OBJ := hmac-sha256.o sha256.o sha2_small_common.o
$(ALGO_NAME)_TESTBIN := main-hmac-sha256-test.o $(CLI_STD) \
nessie_mac_test.o nessie_common.o
$(ALGO_NAME)_NESSIE_TEST := "nessie"
$(ALGO_NAME)_PERFORMANCE_TEST := "performance"

11
mkfiles/zza_lib_cli_std.mk Normal file
View File

@ -0,0 +1,11 @@
ALGO_NAME := LIB_CLI_STD
LIBRARYS += ALGO_NAME
$(ALGO_NAME)_DIR := test_src/
$(ALGO_NAME)_OBJ := cli.o hexdigit_tab.o dbz_strings.o string-extras.o uart_i.o \
sysclock.o hw_gptm.o dump.o startup.o circularbytebuffer.o \
main-test-common.o
$(ALGO_NAME)_BIN := libcli.a

228
rsa/rsaes_oaep.c Normal file
View File

@ -0,0 +1,228 @@
/* rsa_oaep.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "memxor.h"
#include "mgf1.h"
#include "bigint.h"
#include "rsa_basic.h"
#include "rsaes_oaep.h"
#include "random_dummy.h"
#include "hfal/hfal_sha1.h"
#include "cli.h"
#include "uart_lowlevel.h"
mgf1_parameter_t mgf1_default_parameter = {
&sha1_desc
};
rsa_oaep_parameter_t rsa_oaep_default_parameter = {
mgf1,
&sha1_desc,
&mgf1_default_parameter
};
rsa_label_t rsa_oaep_default_label = {
0, NULL
};
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed){
if(!p){
p = &rsa_oaep_default_parameter;
}
if(!label){
label = &rsa_oaep_default_label;
}
uint16_t hv_len = (hfal_hash_getHashsize(p->hf)+7)/8;
if(length_B > bigint_length_B(&key->modulus) - 2*hv_len - 2){
/* message too long */
return 1;
}
uint16_t buffer_len = bigint_length_B(&key->modulus);
/*
cli_putstr("\r\n buffer_len = ");
cli_hexdump_rev(&buffer_len, 2);
cli_putstr("\r\n modulus_len = ");
cli_hexdump_rev(&key->modulus->length_W, 2);
*/
uint8_t* buffer = (uint8_t*)dest;
uint8_t off;
/* the following needs some explanation:
* off is the offset which is used for compensating the effect of
* changeendian() when it operates on multi-byte words.
* */
off = (sizeof(bigint_word_t) -(bigint_get_first_set_bit(&key->modulus)/8+1)%(sizeof(bigint_word_t)*8))
% (sizeof(bigint_word_t));
buffer += off;
buffer_len -= off;
// cli_putstr("\r\n off = ");
// cli_hexdump_byte(off);
uint8_t* seed_buffer = buffer + 1;
uint16_t db_len = buffer_len - hv_len - 1;
uint8_t* db = seed_buffer + hv_len;
uint16_t maskbuffer_len = db_len>hv_len?db_len:hv_len;
uint8_t maskbuffer[maskbuffer_len];
bigint_t x;
memset(dest, 0, seed_buffer - buffer + off);
memset(db + hv_len, 0, db_len - hv_len - length_B -1);
hfal_hash_mem(p->hf, db, label->label, label->length_b);
db[db_len - length_B - 1] = 0x01;
memcpy(db+db_len - length_B, src, length_B);
if(seed){
memcpy(seed_buffer, seed, hv_len);
}else{
/* generate random seed */
if(!prng_get_byte){
return 2; /* ERROR: no random generator specified */
}
uint16_t i;
for(i=0; i<hv_len; ++i){
seed_buffer[i] = prng_get_byte();
}
}
// cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db, maskbuffer, db_len);
p->mgf(maskbuffer, db, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
// cli_putstr("\r\n msg (raw, post-feistel):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
x.wordv = dest;
bigint_adjust(&x);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed){
// cli_putstr("\r\n -->rsa_decrypt_oaep()"); uart_flush(0);
if(!label){
label = &rsa_oaep_default_label;
}
if(!p){
p = &rsa_oaep_default_parameter;
}
uint16_t x_len, data_len;
bigint_t x;
uint16_t hv_len = hfal_hash_getHashsize(p->hf)/8;
uint8_t label_hv[hv_len];
uint16_t msg_len = bigint_get_first_set_bit(&key->modulus) / 8 + 1;
uint16_t db_len = msg_len - hv_len - 1;
uint8_t maskbuffer[db_len>hv_len?db_len:hv_len];
uint8_t *seed_buffer = dest;
uint8_t *db_buffer = seed_buffer + hv_len;
x_len = bigint_get_first_set_bit(&key->modulus)/8;
memset(dest, 0, bigint_length_B(&key->modulus) - length_B);
memcpy((uint8_t*)dest + bigint_length_B(&key->modulus) - length_B, src, length_B);
// cli_putc('a'); uart_flush(0);
x.wordv = dest;
x.length_W = key->modulus.length_W;
x.info = 0;
bigint_adjust(&x);
// cli_putc('b'); uart_flush(0);
rsa_os2ip(&x, NULL, bigint_length_B(&key->modulus));
// cli_putc('c'); uart_flush(0);
rsa_dec(&x, key);
// cli_putc('d'); uart_flush(0);
rsa_i2osp(NULL, &x, &data_len);
// cli_putstr("\r\n msg (raw, pre-move):\r\n");
// cli_hexdump_block(dest, bigint_length_B(key->modulus), 4, 16);
if(data_len > x_len){
return 7;
}
/*
cli_putstr("\r\n moving some bytes; x_len = ");
cli_hexdump_rev(&x_len, 2);
cli_putstr(" data_len = ");
cli_hexdump_rev(&data_len, 2);
uart_flush(0);
*/
if(x_len != data_len){
memmove((uint8_t*)dest + x_len - data_len, dest, data_len);
// cli_putstr(" (oh, not dead yet?!)");
// uart_flush(0);
memset(dest, 0, x_len - data_len);
}
hfal_hash_mem(p->hf, label_hv, label->label, label->length_b);
/*
cli_putstr("\r\n msg (raw, pre-feistel):\r\n");
cli_hexdump_block(seed_buffer, bigint_length_B(key->modulus), 4, 16);
uart_flush(0);
*/
p->mgf(maskbuffer, db_buffer, db_len, hv_len, p->mgf_parameter);
memxor(seed_buffer, maskbuffer, hv_len);
p->mgf(maskbuffer, seed_buffer, hv_len, db_len, p->mgf_parameter);
memxor(db_buffer, maskbuffer, db_len);
if(memcmp(label_hv, db_buffer, hv_len)){
// cli_putstr("\r\nDBG: DB:\r\n");
// cli_hexdump_block(db_buffer, db_len, 4, 16);
return 2;
}
uint16_t ps_len=0;
while(db_buffer[hv_len + ps_len++] == 0)
;
--ps_len;
if(db_buffer[hv_len + ps_len] != 1){
return 3;
}
if(seed){
memcpy(seed, seed_buffer, hv_len);
}
msg_len = db_len - hv_len - 1 - ps_len;
memmove(dest, db_buffer + hv_len + ps_len + 1, msg_len);
*out_length = msg_len;
return 0;
}

55
rsa/rsaes_oaep.h Normal file
View File

@ -0,0 +1,55 @@
/* rsaes_oaep.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2012 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSAES_OAEP_H_
#define RSAES_OAEP_H_
#include <stdint.h>
#include "rsa_basic.h"
#include "mgf1.h"
void mgf1(void* dest, const void* seed, uint16_t seed_len_B, uint16_t out_length_B, const mgf1_parameter_t* p);
typedef struct {
void (*mgf)(void* dst, const void* seed, uint16_t slen_B, uint16_t dstlen_B, const mgf1_parameter_t* p);
const hfdesc_t* hf;
mgf1_parameter_t* mgf_parameter;
} rsa_oaep_parameter_t;
typedef struct {
uint16_t length_b;
const void* label;
} rsa_label_t;
extern rsa_oaep_parameter_t rsa_oaep_default_parameter;
extern rsa_label_t rsa_oaep_default_label;
uint8_t rsa_encrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
const rsa_publickey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, const void* seed);
uint8_t rsa_decrypt_oaep(void* dest, uint16_t* out_length,
const void* src, uint16_t length_B,
const rsa_privatekey_t* key, const rsa_oaep_parameter_t *p,
const rsa_label_t* label, void* seed);
#endif /* RSAES_OAEP_H_ */

142
rsa/rsaes_pkcs1v15.c Normal file
View File

@ -0,0 +1,142 @@
/* rsa_pkcs1v15.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "bigint.h"
#include "rsa_basic.h"
#define DEBUG 0
#if DEBUG
#include "bigint_io.h"
#include "cli.h"
#endif
#include "random_dummy.h"
uint16_t rsa_pkcs1v15_compute_padlength_B(const bigint_t* modulus, uint16_t msg_length_B){
return bigint_get_first_set_bit(modulus) / 8 + 1 - msg_length_B - 3;
}
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, const rsa_publickey_t* key, const void* pad){
int16_t pad_length;
bigint_t x;
pad_length = rsa_pkcs1v15_compute_padlength_B(&key->modulus, length_B);
if(pad_length<8){
#if DEBUG
cli_putstr("\r\nERROR: pad_length<8; pad_length: ");
cli_hexdump_rev(&pad_length, 2);
#endif
return 2; /* message to long */
}
if(!pad){
#if DEBUG
cli_putstr("\r\nauto-generating pad ...");
#endif
uint16_t i;
uint8_t c;
for(i=0; i<pad_length; ++i){
do{
c = prng_get_byte();
}while(c==0);
((uint8_t*)dest)[i+2] = c;
}
}else{
#if DEBUG
cli_putstr("\r\nsupplied pad: ");
cli_hexdump_block(pad, pad_length, 4, 16);
#endif
memcpy((uint8_t*)dest + 2, pad, pad_length);
}
((uint8_t*)dest)[0] = 0x00;
((uint8_t*)dest)[1] = 0x02;
((uint8_t*)dest)[2+pad_length] = 0x00;
memcpy((uint8_t*)dest+3+pad_length, src, length_B);
x.wordv = dest;
x.length_W = (length_B+pad_length+3+sizeof(bigint_word_t)-1)/sizeof(bigint_word_t);
#if DEBUG
cli_putstr("\r\nx-data: ");
cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
#endif
bigint_adjust(&x);
rsa_os2ip(&x, NULL, length_B+pad_length+3);
rsa_enc(&x, key);
rsa_i2osp(NULL, &x, out_length);
return 0;
}
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, const rsa_privatekey_t* key, void* pad){
bigint_t x;
uint16_t m_length, pad_length=0, idx=0;
x.wordv = dest;
rsa_os2ip(&x, src, length_B);
#if DEBUG
cli_putstr("\r\ncalling rsa_dec() ...");
cli_putstr("\r\nencoded block (src.len = 0x");
cli_hexdump_rev(&length_B, 2);
cli_putstr("):");
cli_hexdump_block(x.wordv, x.length_W * sizeof(bigint_word_t), 4, 16);
#endif
rsa_dec(&x, key);
#if DEBUG
cli_putstr("\r\nfinished rsa_dec() ...");
#endif
rsa_i2osp(NULL, &x, &m_length);
#if DEBUG
cli_putstr("\r\ndecoded block:");
cli_hexdump_block(x.wordv, m_length, 4, 16);
#endif
while(((uint8_t*)x.wordv)[idx]==0 && idx<m_length){
++idx;
}
if(idx>=m_length){
return 1;
}
if(((uint8_t*)x.wordv)[idx]!=2){
return 3;
}
++idx;
while(((uint8_t*)x.wordv)[idx+pad_length]!=0 && (idx+pad_length)<m_length){
++pad_length;
}
if(pad_length<8 || (idx+pad_length)>=m_length){
return 2;
}
*out_length = m_length - idx - pad_length - 1;
if(pad){
#if DEBUG
cli_putstr("\r\npadding block:");
cli_hexdump_block(((uint8_t*)x.wordv)+idx, pad_length, 4, 16);
cli_putstr("\r\npad @ 0x");
cli_hexdump_rev(&pad, 2);
cli_putstr("\r\ndst @ 0x");
cli_hexdump_rev(&dest, 2);
#endif
memcpy(pad, ((uint8_t*)x.wordv)+idx, pad_length);
}
memmove(dest, ((uint8_t*)x.wordv) + idx + pad_length + 1, m_length - idx - pad_length - 1);
return 0;
}

36
rsa/rsaes_pkcs1v15.h Normal file
View File

@ -0,0 +1,36 @@
/* rsa_pkcs1v15.h */
/*
This file is part of the AVR-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef RSAES_PKCS1V15_H_
#define RSAES_PKCS1V15_H_
#include <stdint.h>
#include "rsa_basic.h"
#include "bigint.h"
uint16_t rsa_pkcs1v15_compute_padlength_B(bigint_t* modulus, uint16_t msg_length_B);
uint8_t rsa_encrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, const rsa_publickey_t* key, const void* pad);
uint8_t rsa_decrypt_pkcs1v15(void* dest, uint16_t* out_length, const void* src,
uint16_t length_B, const rsa_privatekey_t* key, void* pad);
#endif /* RSAES_PKCS1V15_H_ */

111
streamcipher_descriptor.h Normal file
View File

@ -0,0 +1,111 @@
/* streamcipher_descriptor.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file stremcipher_descriptor.h
* \author Daniel Otte
* \date 2011-01-15
*
* \license GPLv3 or later
*
*/
#ifndef STREAMCIPHER_DESCRIPTOR_H_
#define STREAMCIPHER_DESCRIPTOR_H_
#include <stdint.h>
#ifndef VOID_FPT
#define VOID_FPT
typedef void(*void_fpt)(void);
#endif
typedef void(*sc_init1_fpt)(const void*, void*); /* key of fixed length, no IV*/
typedef void(*sc_init2_fpt)(const void*, const void*, void*); /* key and IV of fixed length */
typedef void(*sc_init3_fpt)(const void*, uint16_t,void*); /* key of variable length, no IV */
typedef void(*sc_init4_fpt)(const void*, uint16_t,const void*, void*); /* key of variable length, IV of fixed length */
typedef void(*sc_init5_fpt)(const void*, uint16_t,const void*, uint16_t, void*); /* key and IV of variable length */
typedef uint8_t(*sc_gen1_fpt)(void*); /* return keystream data */
typedef void(*sc_gen2_fpt)(void*, void*); /* write keystream data to buffer */
typedef uint8_t(*sc_genra1_fpt)(void*, uint64_t); /* return keystream data */
typedef void(*sc_genra2_fpt)(void*, void*, uint64_t); /* write keystream data to buffer */
typedef void(*sc_free_fpt)(void*);
typedef union{
void_fpt initvoid;
sc_init1_fpt init1;
sc_init2_fpt init2;
sc_init3_fpt init3;
sc_init4_fpt init4;
sc_init5_fpt init5;
} sc_init_fpt;
typedef union{
void_fpt genvoid;
sc_gen1_fpt gen1;
sc_gen2_fpt gen2;
} sc_gen_fpt;
typedef union{
void_fpt genravoid;
sc_genra1_fpt genra1;
sc_genra2_fpt genra2;
} sc_genra_fpt;
#define SC_INIT_TYPE 0x07
#define SC_INIT_TYPE_1 0x00 /* key of fixed length, no IV*/
#define SC_INIT_TYPE_2 0x02 /* key and IV of fixed length */
#define SC_INIT_TYPE_3 0x03 /* key of variable length, no IV */
#define SC_INIT_TYPE_4 0x04 /* key of variable length, IV of fixed length */
#define SC_INIT_TYPE_5 0x05 /* key and IV of variable length */
#define SC_GEN_TYPE 0x08
#define SC_GEN_TYPE_1 0x00 /* return data stream byte */
#define SC_GEN_TYPE_2 0x08 /* write data stream block into buffer */
#define SCDESC_TYPE_STREAMCIPHER 0x03
typedef struct {
uint8_t type; /* 3==streamcipher */
uint8_t flags;
const char* name;
uint16_t ctxsize_B;
uint16_t gensize_b;
sc_init_fpt init;
sc_gen_fpt gen;
sc_genra_fpt genra;
sc_free_fpt free;
const void* valid_keysize_desc;
const void* valid_ivsize_desc;
} scdesc_t; /* streamcipher descriptor type */
typedef struct{
const scdesc_t* desc_ptr;
uint16_t keysize;
uint16_t ivsize;
uint16_t index;
uint8_t* buffer;
void* ctx;
} scgen_ctx_t;
#endif /* STREAMCIPHER_DESCRIPTOR_H_ */

195
test_src/main-camellia-test.c Normal file
View File

@ -0,0 +1,195 @@
/* main-camellia-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* camellia test-suit
*
*/
#include "main-test-common.h"
#include "camellia.h"
#include "nessie_bc_test.h"
#include "performance_test.h"
#include "cli.h"
#include "bcal_camellia128.h"
#include "bcal-performance.h"
char* algo_name = "Camellia";
const bcdesc_t* algolist[] = {
(bcdesc_t*)&camellia128_desc,
NULL
};
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void camellia128_init_dummy(void* key, uint16_t keysize_b, void* ctx){
camellia128_init(key, ctx);
}
void testrun_nessie_camellia(void){
nessie_bc_ctx.blocksize_B = 16;
nessie_bc_ctx.keysize_b = 128;
nessie_bc_ctx.name = algo_name;
nessie_bc_ctx.ctx_size_B = sizeof(camellia128_ctx_t);
nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)camellia128_enc;
nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)camellia128_dec;
nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)camellia128_init_dummy;
nessie_bc_run();
}
/*
* P No.001 : 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*/
const uint8_t test_keys[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F,
0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0, 0xF0,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE, 0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01,
0xEF, 0xCD, 0xAB, 0x89, 0x67, 0x45, 0x23, 0x01, 0x10, 0x32, 0x54, 0x76, 0x98, 0xBA, 0xDC, 0xFE
};
void hexdump128(void* data){
uint8_t i;
for(i=0; i<16; ++i){
cli_hexdump(data, 1);
cli_putc(' ');
data = (uint8_t*)data +1;
}
}
void testrun_camellia128(void){
uint8_t data[16];
uint8_t data2[16];
uint8_t key[16];
char str[4];
uint8_t i,j;
str[3]= '\0';
for(j=0; j<10; ++j){
str[0] = ('0'+(j+1)/100);
str[1] = ('0'+((j+1)/10)%10);
str[2] = ('0'+(j+1)%10);
memcpy(key, test_keys+j*16, 16);
cli_putstr("\r\nK No.");
cli_putstr(str);
cli_putstr(" : ");
hexdump128(key);
camellia128_ctx_t ctx;
camellia128_init(key, &ctx);
for(i=0; i<128; ++i){
memset(data, 0x00, 16);
data[i/8] = 0x80>>i%8;
memcpy(data2, data, 16);
str[0] = ('0'+(i+1)/100);
str[1] = ('0'+((i+1)/10)%10);
str[2] = ('0'+(i+1)%10);
cli_putstr("\r\nP No.");
cli_putstr(str);
cli_putstr(" : ");
hexdump128(data);
camellia128_enc(data, &ctx);
cli_putstr("\r\nC No.");
cli_putstr(str);
cli_putstr(" : ");
hexdump128(data);
camellia128_dec(data, &ctx);
if(memcmp(data, data2, 16)){
cli_putstr("\r\n DECRYPTION ERROR !!!");
}
}
}
}
void test_performance_camellia(void){
bcal_performance_multiple(algolist);
}
/*****************************************************************************
* self tests *
*****************************************************************************/
/*
128-bit key
key 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
plaintext 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
ciphertext 67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43
*/
void testrun_camellia(void){
uint8_t data[16] = { 0x01, 0x23, 0x45, 0x67,
0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98,
0x76, 0x54, 0x32, 0x10 };
const uint8_t key[16] = { 0x01, 0x23, 0x45, 0x67,
0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98,
0x76, 0x54, 0x32, 0x10 };
camellia128_ctx_t ctx;
camellia128_init(key, &ctx);
cli_putstr("\r\n key: ");
cli_hexdump(data, 16);
cli_putstr("\r\n plaintext: ");
cli_hexdump(data, 16);
camellia128_enc(data, &ctx);
cli_putstr("\r\n ciphertext: ");
cli_hexdump(data, 16);
camellia128_dec(data, &ctx);
cli_putstr("\r\n decrypted: ");
cli_hexdump(data, 16);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
const char test128_str[] = "test128";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_camellia },
{ test_str, NULL, testrun_camellia},
{ test128_str, NULL, testrun_camellia128},
{ performance_str, NULL, test_performance_camellia},
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

207
test_src/main-dsa-test.c Normal file
View File

@ -0,0 +1,207 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* DSA test-suit
*
*/
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "config.h"
#include "cli.h"
#include "dump.h"
#include "uart_lowlevel.h"
#include "sysclock.h"
#include "hw_gptm.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "dsa.h"
#include "dsa_key_blob.h"
#include "performance_test.h"
#include "hfal_sha1.h"
#include "base64_enc.h"
#include "base64_dec.h"
void uart0_putc(char byte){
uart_putc(UART_0, byte);
}
char uart0_getc(void){
return uart_getc(UART_0);
}
const char* algo_name = "DSA";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
dsa_ctx_t dsa_ctx;
void load_fix_dsa(void){
load_dsa_key_blob(&dsa_ctx);
}
void dsa_print_item(bigint_t* a, const char* pstr){
uint8_t *p;
cli_putstr("\r\n");
cli_putstr(pstr);
cli_putstr(": ");
uint16_t i;
p = (uint8_t*)a->wordv + a->length_W*sizeof(bigint_word_t) -1;
for(i=0; i<a->length_W*sizeof(bigint_word_t)-1; ++i){
if(i%16==0){
cli_putstr("\r\n ");
}
cli_hexdump(p, 1);
cli_putc(':');
--p;
}
if(i%16==0){
cli_putstr("\r\n ");
}
cli_hexdump(p, 1);
}
void dsa_print_signature_b64(dsa_signature_t* s){
uint16_t size_r, size_s, size_o, i,j;
size_r = s->r.length_W*sizeof(bigint_word_t) +2;
size_s = s->s.length_W*sizeof(bigint_word_t) +2;
size_o = size_r + size_s +2;
uint8_t bin_b[size_o];
bin_b[0] = 0x30;
bin_b[1] = size_o -2;
bin_b[2] = 0x02;
bin_b[3] = size_r-2;
j=4;
for(i=s->r.length_W*sizeof(bigint_word_t); i>0; --i){
bin_b[j++] = ((uint8_t*)s->r.wordv)[i-1];
}
bin_b[j++] = 0x02;
bin_b[j++] = size_s -2;
for(i=s->s.length_W*sizeof(bigint_word_t); i>0; --i){
bin_b[j++] = ((uint8_t*)s->s.wordv)[i-1];
}
char b64_b[size_o*4/3+5];
base64enc(b64_b, bin_b, size_o);
cli_putstr(b64_b);
}
void dsa_print_ctx(dsa_ctx_t* ctx){
dsa_print_item(&(ctx->priv), "private");
dsa_print_item(&(ctx->pub), "public");
dsa_print_item(&(ctx->domain.p), "P");
dsa_print_item(&(ctx->domain.q), "Q");
dsa_print_item(&(ctx->domain.g), "G");
}
void dsa_print_signature(const dsa_signature_t* sig){
cli_putstr("\r\nDSA-Signature:\r\n r:");
bigint_print_hex(&(sig->r));
cli_putstr("\r\n s:");
bigint_print_hex(&(sig->s));
}
void quick_test(void){
dsa_signature_t dsa_sig;
uint8_t i, t=0, message[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
load_fix_dsa();
bigint_word_t dsa_sig_s_b[dsa_ctx.domain.q.length_W],
dsa_sig_r_b[dsa_ctx.domain.q.length_W];
dsa_print_ctx(&dsa_ctx);
dsa_sig.r.wordv = dsa_sig_r_b;
dsa_sig.s.wordv = dsa_sig_s_b;
cli_putstr("\r\n\r\n=== DSA QUICK TEST ===");
for(i=0; i<9; ++i){
cli_putstr("\r\n");
cli_putc('1'+i);
cli_putstr(": message: ");
if (i){
cli_hexdump(message, i);
}else{
cli_putstr("<empty>");
}
cli_putstr("\r\n computing signature ... ");
dsa_sign_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx, random8);
dsa_print_signature(&dsa_sig);
cli_putstr("\r\n base64:\r\n--- SIGNATURE ---\r\n ");
dsa_print_signature_b64(&dsa_sig);
cli_putstr("\r\n verifying signature ... ");
t = dsa_verify_message(&dsa_sig, message, i*8, &sha1_desc, &dsa_ctx);
cli_putstr("\r\n verification: ");
if(t==DSA_SIGNATURE_OK){
cli_putstr("[PASS]");
}else{
cli_putstr("[FAIL]");
}
}
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void testrun_performance_bigint(void){
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char quick_test_str[] = "quick-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ quick_test_str, NULL, quick_test },
{ performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
int main (void){
sysclk_set_freq(SYS_FREQ);
sysclk_mosc_verify_enable();
uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE);
gptm_set_timer_32periodic(TIMER0);
cli_rx = uart0_getc;
cli_tx = uart0_putc;
for(;;){
cli_putstr("\r\n\r\nARM-Crypto-Lib VS (");
cli_putstr(algo_name);
cli_putstr("; ");
cli_putstr(__DATE__);
cli_putc(' ');
cli_putstr(__TIME__);
cli_putstr(")\r\nloaded and running\r\n");
cmd_interface(cmdlist);
}
}

106
test_src/main-entropium-test.c Normal file
View File

@ -0,0 +1,106 @@
/* main-entropium-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* entropium test-suit
*
*/
#include "main-test-common.h"
#include "entropium.h"
#include "nessie_bc_test.h"
#include "performance_test.h"
char* algo_name = "Entropium";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_entropium(void){
char c, str[16];
uint8_t data[32];
uint32_t i=0;
while('q'!=cli_getc()){
entropium_getRandomBlock(data);
cli_putstr("\r\n ");
ultoa(i, str, 10);
for(c=strlen(str); c<11; ++c){
cli_putc(' ');
}
cli_putstr(str);
++i;
cli_putstr(" : ");
cli_hexdump(data, 32);
}
cli_putstr("\r\n\r\n");
}
void testrun_performance_entropium(void){
uint64_t t;
char str[16];
uint8_t data[32];
calibrateTimer();
print_overhead();
startTimer(1);
entropium_addEntropy(128, data);
t = stopTimer();
cli_putstr("\r\n\tadd entropy time: ");
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
startTimer(1);
entropium_getRandomBlock(data);
t = stopTimer();
cli_putstr("\r\n\tget random time: ");
ultoa((unsigned long)t, str, 10);
cli_putstr(str);
cli_putstr("\r\n");
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
cmdlist_entry_t cmdlist[] = {
{ nessie_str, NULL, testrun_entropium},
{ test_str, NULL, testrun_entropium},
{ performance_str, NULL, testrun_performance_entropium},
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

183
test_src/main-hmac-md5-test.c Normal file
View File

@ -0,0 +1,183 @@
/* main-hmac-md5-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* HMAC-MD5 test-suit
*
*/
#include "main-test-common.h"
#include "md5.h"
#include "hmac-md5.h"
/*
#include "base64_enc.h"
#include "base64_dec.h"
*/
#include "nessie_mac_test.h"
const char* algo_name = "HMAC-MD5";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_nessie_hmacmd5(void){
nessie_mac_ctx.macsize_b = HMAC_MD5_BITS;
nessie_mac_ctx.keysize_b = HMAC_MD5_BLOCK_BITS;
nessie_mac_ctx.blocksize_B = HMAC_MD5_BLOCK_BYTES;
nessie_mac_ctx.ctx_size_B = sizeof(hmac_md5_ctx_t);
nessie_mac_ctx.name = algo_name;
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_md5_init;
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_md5_nextBlock;
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_md5_lastBlock;
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_md5_final;
nessie_mac_run();
}
void testrun_test_hmacmd5(void){
uint8_t hmac[16];
uint8_t keys[][16] = {
{ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b },
{ 'J', 'e', 'f', 'e', },
{ 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA }
};
uint8_t buffer[50];
cli_putstr("\r\n hmac (1): ");
hmac_md5(hmac, keys[0], 128, "Hi There", 64);
cli_hexdump(hmac, 16);
cli_putstr("\r\n hmac (2): ");
hmac_md5(hmac, keys[1], 4*8, "what do ya want for nothing?", 28*8);
cli_hexdump(hmac, 16);
cli_putstr("\r\n hmac (3): ");
memset(buffer, 0xDD, 50);
hmac_md5(hmac, keys[2], 128, buffer, 50*8);
cli_hexdump(hmac, 16);
}
void hmacmd5_interactive(void){
char key[101];
char msg[101];
uint8_t hmac[HMAC_MD5_BYTES];
uint8_t key_len, msg_len;
cli_putstr("\r\nHMAC-MD5:\r\nkey: ");
cli_getsn(key, 100);
key_len = strlen(key);
cli_putstr("\r\nmsg: ");
cli_getsn(msg, 100);
msg_len = strlen(msg);
hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
cli_putstr("\r\nhmac-md5: ");
cli_hexdump(hmac, HMAC_MD5_BYTES);
}
void strhexdump(char* dest, void* src, uint16_t length){
char table[] = { '0', '1', '2', '3',
'4', '5', '6', '7',
'8', '9', 'a', 'b',
'c', 'd', 'e', 'f' };
while(length--){
*dest++ = table[(*((uint8_t*)src))>>4];
*dest++ = table[(*((uint8_t*)src))&0xf];
src = (uint8_t*)src +1;
}
}
/*
void cram_md5_interactive(void){
char key[101];
char msg_b64[101];
char username[101];
uint8_t msg[100];
uint8_t hmac[HMAC_MD5_BYTES];
int key_len, msg_len;
int ul;
cli_putstr("\r\nCRAM-MD5:\r\nkey: ");
cli_getsn(key, 100);
key_len = strlen(key);
cli_putstr("\r\nusername: ");
cli_getsn(username, 60);
cli_putstr("\r\nchallange: ");
cli_getsn(msg_b64, 100);
if((msg_len = base64_binlength(msg_b64, 1))==-1){
cli_putstr("\r\nERROR in base64 encoding !\r\n");
return;
}
base64dec(msg, msg_b64, 1);
hmac_md5(hmac, key, key_len*8, msg, msg_len*8);
ul=strlen(username);
username[ul]=' ';
strhexdump(username+ul+1, hmac, 128/8);
base64enc(msg_b64, username, ul+1+128/8*2);
cli_putstr("\r\nresponse: ");
cli_hexdump(hmac, HMAC_MD5_BYTES);
cli_putstr("\r\nresponse (b64): ");
cli_putstr(msg_b64);
}
*/
void md5_interactive(void){
char msg[101];
uint8_t hash[MD5_HASH_BYTES];
uint8_t msg_len;
cli_putstr("\r\nmsg: ");
cli_getsn(msg, 100);
msg_len = strlen(msg);
md5((void*)hash, msg, msg_len*8);
cli_putstr("\r\nmd5: ");
cli_hexdump(hash, MD5_HASH_BYTES);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
/* const char performance_str[] = "performance"; */
const char echo_str[] = "echo";
const char hmd5i_str[] = "hmac-md5";
/* const char crammd5i_str[] = "cram-md5"; */
const char md5i_str[] = "md5";
const cmdlist_entry_t const cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_hmacmd5},
{ test_str, NULL, testrun_test_hmacmd5},
{ hmd5i_str, NULL, hmacmd5_interactive},
/* { crammd5i_str, NULL, cram_md5_interactive}, */
{ md5i_str, NULL, md5_interactive},
/* { performance_str, NULL, testrun_performance_hmacmd5}, */
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

76
test_src/main-hmac-sha1-test.c Normal file
View File

@ -0,0 +1,76 @@
/* main-hmac-sha1-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* HMAC-SHA1 test-suit
*
*/
#include "main-test-common.h"
#include "sha1.h"
#include "hmac-sha1.h"
#include "nessie_mac_test.h"
const char* algo_name = "HMAC-SHA1";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_nessie_hmacsha1(void){
nessie_mac_ctx.macsize_b = HMAC_SHA1_BITS;
nessie_mac_ctx.keysize_b = HMAC_SHA1_BLOCK_BITS;
nessie_mac_ctx.blocksize_B = HMAC_SHA1_BLOCK_BYTES;
nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha1_ctx_t);
nessie_mac_ctx.name = algo_name;
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha1_init;
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha1_nextBlock;
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha1_lastBlock;
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha1_final;
nessie_mac_run();
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
/* const char performance_str[] = "performance"; */
const char echo_str[] = "echo";
const cmdlist_entry_t const cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_hmacsha1},
{ test_str, NULL, testrun_nessie_hmacsha1},
/* { performance_str, NULL, testrun_performance_hmacsha1}, */
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

95
test_src/main-hmac-sha256-test.c Normal file
View File

@ -0,0 +1,95 @@
/* main-hmac-sha256-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* HMAC-SHA256 test-suit
*
*/
#include "main-test-common.h"
#include "sha256.h"
#include "hmac-sha256.h"
#include "nessie_mac_test.h"
const char* algo_name = "HMAC-SHA256";
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_hmacsha256(void){
uint8_t key[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
uint8_t msg[] = { 0x00 };
uint8_t mac[HMAC_SHA256_BYTES];
hmac_sha256(mac, key, 512, msg, 0);
cli_putstr("\r\n quick hmac = ");
cli_hexdump(mac, HMAC_SHA256_BYTES);
cli_putstr("\r\n");
}
void testrun_nessie_hmacsha256(void){
nessie_mac_ctx.macsize_b = HMAC_SHA256_BITS;
nessie_mac_ctx.keysize_b = HMAC_SHA256_BLOCK_BITS;
nessie_mac_ctx.blocksize_B = HMAC_SHA256_BLOCK_BYTES;
nessie_mac_ctx.ctx_size_B = sizeof(hmac_sha256_ctx_t);
nessie_mac_ctx.name = algo_name;
nessie_mac_ctx.mac_init = (nessie_mac_init_fpt)hmac_sha256_init;
nessie_mac_ctx.mac_next = (nessie_mac_next_fpt)hmac_sha256_nextBlock;
nessie_mac_ctx.mac_last = (nessie_mac_last_fpt)hmac_sha256_lastBlock;
nessie_mac_ctx.mac_conv = (nessie_mac_conv_fpt)hmac_sha256_final;
nessie_mac_run();
}
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
/* const char performance_str[] = "performance"; */
const char echo_str[] = "echo";
const cmdlist_entry_t const cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_hmacsha256},
{ test_str, NULL, testrun_hmacsha256},
/* { performance_str, NULL, testrun_performance_hmacsha256}, */
{ echo_str, (void*)1, (void_fpt)echo_ctrl},
{ NULL, NULL, NULL}
};
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

794
test_src/main-rsaes_oaep-test.c Normal file
View File

@ -0,0 +1,794 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* RSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsaes_oaep.h"
#include "performance_test.h"
const char* algo_name = "RSAES-OAEP";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
#if 0
/* ==================================
* Example 1: A 1024-bit RSA Key Pair
* ================================== */
/* ------------------------------
* Components of the RSA Key Pair
* ------------------------------ */
/* RSA modulus n: */
const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
/* RSA public exponent e: */
const uint8_t public_exponent[] = {
0x00, 0x01, 0x00, 0x01
};
/* RSA private exponent d: */
const uint8_t private_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
/* Prime p: */
const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
/* Prime q: */
const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
/* p's CRT exponent dP: */
const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
/* q's CRT exponent dQ: */
const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
/* CRT coefficient qInv: */
const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
};
/* ---------------------------------
* RSAES-OAEP Encryption Example 1.1
* --------------------------------- */
/* Message to be, encrypted: */
const uint8_t message[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
/* Seed: */
const uint8_t seed[] = {
0x18, 0xb7, 0x76, 0xea, 0x21, 0x06, 0x9d, 0x69, 0x77, 0x6a, 0x33, 0xe9, 0x6b, 0xad, 0x48, 0xe1,
0xdd, 0xa0, 0xa5, 0xef
};
/* Encryption: */
const uint8_t encrypted[] = {
0x35, 0x4f, 0xe6, 0x7b, 0x4a, 0x12, 0x6d, 0x5d, 0x35, 0xfe, 0x36, 0xc7, 0x77, 0x79, 0x1a, 0x3f,
0x7b, 0xa1, 0x3d, 0xef, 0x48, 0x4e, 0x2d, 0x39, 0x08, 0xaf, 0xf7, 0x22, 0xfa, 0xd4, 0x68, 0xfb,
0x21, 0x69, 0x6d, 0xe9, 0x5d, 0x0b, 0xe9, 0x11, 0xc2, 0xd3, 0x17, 0x4f, 0x8a, 0xfc, 0xc2, 0x01,
0x03, 0x5f, 0x7b, 0x6d, 0x8e, 0x69, 0x40, 0x2d, 0xe5, 0x45, 0x16, 0x18, 0xc2, 0x1a, 0x53, 0x5f,
0xa9, 0xd7, 0xbf, 0xc5, 0xb8, 0xdd, 0x9f, 0xc2, 0x43, 0xf8, 0xcf, 0x92, 0x7d, 0xb3, 0x13, 0x22,
0xd6, 0xe8, 0x81, 0xea, 0xa9, 0x1a, 0x99, 0x61, 0x70, 0xe6, 0x57, 0xa0, 0x5a, 0x26, 0x64, 0x26,
0xd9, 0x8c, 0x88, 0x00, 0x3f, 0x84, 0x77, 0xc1, 0x22, 0x70, 0x94, 0xa0, 0xd9, 0xfa, 0x1e, 0x8c,
0x40, 0x24, 0x30, 0x9c, 0xe1, 0xec, 0xcc, 0xb5, 0x21, 0x00, 0x35, 0xd4, 0x7a, 0xc7, 0x2e, 0x8a
};
/* Message to be encrypted: */
const uint8_t message2[] = {
0x75, 0x0c, 0x40, 0x47, 0xf5, 0x47, 0xe8, 0xe4, 0x14, 0x11, 0x85, 0x65, 0x23, 0x29, 0x8a, 0xc9,
0xba, 0xe2, 0x45, 0xef, 0xaf, 0x13, 0x97, 0xfb, 0xe5, 0x6f, 0x9d, 0xd5
};
/* Seed: */
const uint8_t seed2[] = {
0x0c, 0xc7, 0x42, 0xce, 0x4a, 0x9b, 0x7f, 0x32, 0xf9, 0x51, 0xbc, 0xb2, 0x51, 0xef, 0xd9, 0x25,
0xfe, 0x4f, 0xe3, 0x5f
};
/* Encryption: */
const uint8_t encrypted2[] = {
0x64, 0x0d, 0xb1, 0xac, 0xc5, 0x8e, 0x05, 0x68, 0xfe, 0x54, 0x07, 0xe5, 0xf9, 0xb7, 0x01, 0xdf,
0xf8, 0xc3, 0xc9, 0x1e, 0x71, 0x6c, 0x53, 0x6f, 0xc7, 0xfc, 0xec, 0x6c, 0xb5, 0xb7, 0x1c, 0x11,
0x65, 0x98, 0x8d, 0x4a, 0x27, 0x9e, 0x15, 0x77, 0xd7, 0x30, 0xfc, 0x7a, 0x29, 0x93, 0x2e, 0x3f,
0x00, 0xc8, 0x15, 0x15, 0x23, 0x6d, 0x8d, 0x8e, 0x31, 0x01, 0x7a, 0x7a, 0x09, 0xdf, 0x43, 0x52,
0xd9, 0x04, 0xcd, 0xeb, 0x79, 0xaa, 0x58, 0x3a, 0xdc, 0xc3, 0x1e, 0xa6, 0x98, 0xa4, 0xc0, 0x52,
0x83, 0xda, 0xba, 0x90, 0x89, 0xbe, 0x54, 0x91, 0xf6, 0x7c, 0x1a, 0x4e, 0xe4, 0x8d, 0xc7, 0x4b,
0xbb, 0xe6, 0x64, 0x3a, 0xef, 0x84, 0x66, 0x79, 0xb4, 0xcb, 0x39, 0x5a, 0x35, 0x2d, 0x5e, 0xd1,
0x15, 0x91, 0x2d, 0xf6, 0x96, 0xff, 0xe0, 0x70, 0x29, 0x32, 0x94, 0x6d, 0x71, 0x49, 0x2b, 0x44
};
/**********************************************************************************************/
/* ---------------------------------
* RSAES-OAEP Encryption Example 2.1
* --------------------------------- */
/* Message to be encrypted: */
const uint8_t message3[] = {
0x8f, 0xf0, 0x0c, 0xaa, 0x60, 0x5c, 0x70, 0x28, 0x30, 0x63, 0x4d, 0x9a, 0x6c, 0x3d, 0x42, 0xc6,
0x52, 0xb5, 0x8c, 0xf1, 0xd9, 0x2f, 0xec, 0x57, 0x0b, 0xee, 0xe7
};
/* Seed: */
const uint8_t seed3[] = {
0x8c, 0x40, 0x7b, 0x5e, 0xc2, 0x89, 0x9e, 0x50, 0x99, 0xc5, 0x3e, 0x8c, 0xe7, 0x93, 0xbf, 0x94,
0xe7, 0x1b, 0x17, 0x82
};
/* Encryption: */
const uint8_t encrypted3[] = {
0x01, 0x81, 0xaf, 0x89, 0x22, 0xb9, 0xfc, 0xb4, 0xd7, 0x9d, 0x92, 0xeb, 0xe1, 0x98, 0x15, 0x99,
0x2f, 0xc0, 0xc1, 0x43, 0x9d, 0x8b, 0xcd, 0x49, 0x13, 0x98, 0xa0, 0xf4, 0xad, 0x3a, 0x32, 0x9a,
0x5b, 0xd9, 0x38, 0x55, 0x60, 0xdb, 0x53, 0x26, 0x83, 0xc8, 0xb7, 0xda, 0x04, 0xe4, 0xb1, 0x2a,
0xed, 0x6a, 0xac, 0xdf, 0x47, 0x1c, 0x34, 0xc9, 0xcd, 0xa8, 0x91, 0xad, 0xdc, 0xc2, 0xdf, 0x34,
0x56, 0x65, 0x3a, 0xa6, 0x38, 0x2e, 0x9a, 0xe5, 0x9b, 0x54, 0x45, 0x52, 0x57, 0xeb, 0x09, 0x9d,
0x56, 0x2b, 0xbe, 0x10, 0x45, 0x3f, 0x2b, 0x6d, 0x13, 0xc5, 0x9c, 0x02, 0xe1, 0x0f, 0x1f, 0x8a,
0xbb, 0x5d, 0xa0, 0xd0, 0x57, 0x09, 0x32, 0xda, 0xcf, 0x2d, 0x09, 0x01, 0xdb, 0x72, 0x9d, 0x0f,
0xef, 0xcc, 0x05, 0x4e, 0x70, 0x96, 0x8e, 0xa5, 0x40, 0xc8, 0x1b, 0x04, 0xbc, 0xae, 0xfe, 0x72,
0x0e
};
#endif
/**********************************************************************************************/
/* ---------------------------------
* RSAES-OAEP Encryption Example 2.4
* --------------------------------- */
/* Message to be encrypted: */
const uint8_t message4[] = {
0xa7, 0xeb, 0x2a, 0x50, 0x36, 0x93, 0x1d, 0x27, 0xd4, 0xe8, 0x91, 0x32, 0x6d, 0x99, 0x69, 0x2f,
0xfa, 0xdd, 0xa9, 0xbf, 0x7e, 0xfd, 0x3e, 0x34, 0xe6, 0x22, 0xc4, 0xad, 0xc0, 0x85, 0xf7, 0x21,
0xdf, 0xe8, 0x85, 0x07, 0x2c, 0x78, 0xa2, 0x03, 0xb1, 0x51, 0x73, 0x9b, 0xe5, 0x40, 0xfa, 0x8c,
0x15, 0x3a, 0x10, 0xf0, 0x0a
};
/* Seed: */
const uint8_t seed4[] = {
0x9a, 0x7b, 0x3b, 0x0e, 0x70, 0x8b, 0xd9, 0x6f, 0x81, 0x90, 0xec, 0xab, 0x4f, 0xb9, 0xb2, 0xb3,
0x80, 0x5a, 0x81, 0x56
};
/* Encryption: */
const uint8_t encrypted4[] = {
/* 0x00,*/ 0xa4, 0x57, 0x8c, 0xbc, 0x17, 0x63, 0x18, 0xa6, 0x38, 0xfb, 0xa7, 0xd0, 0x1d, 0xf1, 0x57,
0x46, 0xaf, 0x44, 0xd4, 0xf6, 0xcd, 0x96, 0xd7, 0xe7, 0xc4, 0x95, 0xcb, 0xf4, 0x25, 0xb0, 0x9c,
0x64, 0x9d, 0x32, 0xbf, 0x88, 0x6d, 0xa4, 0x8f, 0xba, 0xf9, 0x89, 0xa2, 0x11, 0x71, 0x87, 0xca,
0xfb, 0x1f, 0xb5, 0x80, 0x31, 0x76, 0x90, 0xe3, 0xcc, 0xd4, 0x46, 0x92, 0x0b, 0x7a, 0xf8, 0x2b,
0x31, 0xdb, 0x58, 0x04, 0xd8, 0x7d, 0x01, 0x51, 0x4a, 0xcb, 0xfa, 0x91, 0x56, 0xe7, 0x82, 0xf8,
0x67, 0xf6, 0xbe, 0xd9, 0x44, 0x9e, 0x0e, 0x9a, 0x2c, 0x09, 0xbc, 0xec, 0xc6, 0xaa, 0x08, 0x76,
0x36, 0x96, 0x5e, 0x34, 0xb3, 0xec, 0x76, 0x6f, 0x2f, 0xe2, 0xe4, 0x30, 0x18, 0xa2, 0xfd, 0xde,
0xb1, 0x40, 0x61, 0x6a, 0x0e, 0x9d, 0x82, 0xe5, 0x33, 0x10, 0x24, 0xee, 0x06, 0x52, 0xfc, 0x76,
0x41
};
/**********************************************************************************************/
#if 1
/* RSA modulus n: */
const uint8_t modulus2[] = {
0x01, 0x94, 0x7c, 0x7f, 0xce, 0x90, 0x42, 0x5f, 0x47, 0x27, 0x9e, 0x70, 0x85, 0x1f, 0x25, 0xd5,
0xe6, 0x23, 0x16, 0xfe, 0x8a, 0x1d, 0xf1, 0x93, 0x71, 0xe3, 0xe6, 0x28, 0xe2, 0x60, 0x54, 0x3e,
0x49, 0x01, 0xef, 0x60, 0x81, 0xf6, 0x8c, 0x0b, 0x81, 0x41, 0x19, 0x0d, 0x2a, 0xe8, 0xda, 0xba,
0x7d, 0x12, 0x50, 0xec, 0x6d, 0xb6, 0x36, 0xe9, 0x44, 0xec, 0x37, 0x22, 0x87, 0x7c, 0x7c, 0x1d,
0x0a, 0x67, 0xf1, 0x4b, 0x16, 0x94, 0xc5, 0xf0, 0x37, 0x94, 0x51, 0xa4, 0x3e, 0x49, 0xa3, 0x2d,
0xde, 0x83, 0x67, 0x0b, 0x73, 0xda, 0x91, 0xa1, 0xc9, 0x9b, 0xc2, 0x3b, 0x43, 0x6a, 0x60, 0x05,
0x5c, 0x61, 0x0f, 0x0b, 0xaf, 0x99, 0xc1, 0xa0, 0x79, 0x56, 0x5b, 0x95, 0xa3, 0xf1, 0x52, 0x66,
0x32, 0xd1, 0xd4, 0xda, 0x60, 0xf2, 0x0e, 0xda, 0x25, 0xe6, 0x53, 0xc4, 0xf0, 0x02, 0x76, 0x6f,
0x45
};
/* RSA public exponent e: */
const uint8_t public_exponent2[] = {
0x01, 0x00, 0x01
};
/* RSA private exponent d: */
const uint8_t private_exponent2[] = {
0x08, 0x23, 0xf2, 0x0f, 0xad, 0xb5, 0xda, 0x89, 0x08, 0x8a, 0x9d, 0x00, 0x89, 0x3e, 0x21, 0xfa,
0x4a, 0x1b, 0x11, 0xfb, 0xc9, 0x3c, 0x64, 0xa3, 0xbe, 0x0b, 0xaa, 0xea, 0x97, 0xfb, 0x3b, 0x93,
0xc3, 0xff, 0x71, 0x37, 0x04, 0xc1, 0x9c, 0x96, 0x3c, 0x1d, 0x10, 0x7a, 0xae, 0x99, 0x05, 0x47,
0x39, 0xf7, 0x9e, 0x02, 0xe1, 0x86, 0xde, 0x86, 0xf8, 0x7a, 0x6d, 0xde, 0xfe, 0xa6, 0xd8, 0xcc,
0xd1, 0xd3, 0xc8, 0x1a, 0x47, 0xbf, 0xa7, 0x25, 0x5b, 0xe2, 0x06, 0x01, 0xa4, 0xa4, 0xb2, 0xf0,
0x8a, 0x16, 0x7b, 0x5e, 0x27, 0x9d, 0x71, 0x5b, 0x1b, 0x45, 0x5b, 0xdd, 0x7e, 0xab, 0x24, 0x59,
0x41, 0xd9, 0x76, 0x8b, 0x9a, 0xce, 0xfb, 0x3c, 0xcd, 0xa5, 0x95, 0x2d, 0xa3, 0xce, 0xe7, 0x25,
0x25, 0xb4, 0x50, 0x16, 0x63, 0xa8, 0xee, 0x15, 0xc9, 0xe9, 0x92, 0xd9, 0x24, 0x62, 0xfe, 0x39
};
/* Prime p: */
const uint8_t p2[] = {
0x01, 0x59, 0xdb, 0xde, 0x04, 0xa3, 0x3e, 0xf0, 0x6f, 0xb6, 0x08, 0xb8, 0x0b, 0x19, 0x0f, 0x4d,
0x3e, 0x22, 0xbc, 0xc1, 0x3a, 0xc8, 0xe4, 0xa0, 0x81, 0x03, 0x3a, 0xbf, 0xa4, 0x16, 0xed, 0xb0,
0xb3, 0x38, 0xaa, 0x08, 0xb5, 0x73, 0x09, 0xea, 0x5a, 0x52, 0x40, 0xe7, 0xdc, 0x6e, 0x54, 0x37,
0x8c, 0x69, 0x41, 0x4c, 0x31, 0xd9, 0x7d, 0xdb, 0x1f, 0x40, 0x6d, 0xb3, 0x76, 0x9c, 0xc4, 0x1a,
0x43
};
/* Prime q: */
const uint8_t q2[] = {
0x01, 0x2b, 0x65, 0x2f, 0x30, 0x40, 0x3b, 0x38, 0xb4, 0x09, 0x95, 0xfd, 0x6f, 0xf4, 0x1a, 0x1a,
0xcc, 0x8a, 0xda, 0x70, 0x37, 0x32, 0x36, 0xb7, 0x20, 0x2d, 0x39, 0xb2, 0xee, 0x30, 0xcf, 0xb4,
0x6d, 0xb0, 0x95, 0x11, 0xf6, 0xf3, 0x07, 0xcc, 0x61, 0xcc, 0x21, 0x60, 0x6c, 0x18, 0xa7, 0x5b,
0x8a, 0x62, 0xf8, 0x22, 0xdf, 0x03, 0x1b, 0xa0, 0xdf, 0x0d, 0xaf, 0xd5, 0x50, 0x6f, 0x56, 0x8b,
0xd7
};
/* p's CRT exponent dP: */
const uint8_t dp2[] = {
0x43, 0x6e, 0xf5, 0x08, 0xde, 0x73, 0x65, 0x19, 0xc2, 0xda, 0x4c, 0x58, 0x0d, 0x98, 0xc8, 0x2c,
0xb7, 0x45, 0x2a, 0x3f, 0xb5, 0xef, 0xad, 0xc3, 0xb9, 0xc7, 0x78, 0x9a, 0x1b, 0xc6, 0x58, 0x4f,
0x79, 0x5a, 0xdd, 0xbb, 0xd3, 0x24, 0x39, 0xc7, 0x46, 0x86, 0x55, 0x2e, 0xcb, 0x6c, 0x2c, 0x30,
0x7a, 0x4d, 0x3a, 0xf7, 0xf5, 0x39, 0xee, 0xc1, 0x57, 0x24, 0x8c, 0x7b, 0x31, 0xf1, 0xa2, 0x55
};
/* q's CRT exponent dQ: */
const uint8_t dq2[] = {
0x01, 0x2b, 0x15, 0xa8, 0x9f, 0x3d, 0xfb, 0x2b, 0x39, 0x07, 0x3e, 0x73, 0xf0, 0x2b, 0xdd, 0x0c,
0x1a, 0x7b, 0x37, 0x9d, 0xd4, 0x35, 0xf0, 0x5c, 0xdd, 0xe2, 0xef, 0xf9, 0xe4, 0x62, 0x94, 0x8b,
0x7c, 0xec, 0x62, 0xee, 0x90, 0x50, 0xd5, 0xe0, 0x81, 0x6e, 0x07, 0x85, 0xa8, 0x56, 0xb4, 0x91,
0x08, 0xdc, 0xb7, 0x5f, 0x36, 0x83, 0x87, 0x4d, 0x1c, 0xa6, 0x32, 0x9a, 0x19, 0x01, 0x30, 0x66,
0xff
};
/* CRT coefficient qInv: */
const uint8_t qinv2[] = {
0x02, 0x70, 0xdb, 0x17, 0xd5, 0x91, 0x4b, 0x01, 0x8d, 0x76, 0x11, 0x8b, 0x24, 0x38, 0x9a, 0x73,
0x50, 0xec, 0x83, 0x6b, 0x00, 0x63, 0xa2, 0x17, 0x21, 0x23, 0x6f, 0xd8, 0xed, 0xb6, 0xd8, 0x9b,
0x51, 0xe7, 0xee, 0xb8, 0x7b, 0x61, 0x1b, 0x71, 0x32, 0xcb, 0x7e, 0xa7, 0x35, 0x6c, 0x23, 0x15,
0x1c, 0x1e, 0x77, 0x51, 0x50, 0x7c, 0x78, 0x6d, 0x9e, 0xe1, 0x79, 0x41, 0x70, 0xa8, 0xc8, 0xe8
};
#endif
/**********************************************************************************************/
uint8_t keys_allocated = 0;
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
#if 0
#define MSG message
#define SEED seed
#define ENCRYPTED encrypted
#define MODULUS modulus
#define PUB_EXPONENT public_exponent
#define PRIV_EXPONENT private_exponent
#define P p
#define Q q
#define DP dp
#define DQ dq
#define QINV qinv
#else
#define MSG message4
#define SEED seed4
#define ENCRYPTED encrypted4
#define MODULUS modulus2
#define PUB_EXPONENT public_exponent2
#define PRIV_EXPONENT private_exponent2
#define P p2
#define Q q2
#define DP dp2
#define DQ dq2
#define QINV qinv2
#endif
uint8_t convert_nibble(uint8_t c){
if(c>='0' && c<='9'){
return c - '0';
}
c |= 'A' ^ 'a';
if(c>='a' && c<='f'){
return c - 'a' + 10;
}
return 0xff;
}
const char *block_ignore_string=" \t\r\n,;";
#define BUFFER_LIMIT 120
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
uint16_t counter = 0;
uint16_t c;
uint8_t v, tmp = 0, idx = 0;
if(!ignore_string){
ignore_string = block_ignore_string;
}
while(counter < length){
c = cli_getc();
if(c > 0xff){
return counter;
}
if(strchr(ignore_string, c)){
continue;
}
v = convert_nibble(c);
if(v > 0x0f){
return counter;
}
if(idx){
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
idx = 0;
if(counter % (BUFFER_LIMIT/2) == 0){
cli_putc('.');
}
}else{
tmp = v;
idx = 1;
}
}
return counter;
}
uint16_t own_atou(const char* str){
uint16_t r=0;
while(*str && *str >= '0' && *str <= '9'){
r *= 10;
r += *str++ - '0';
}
return r;
}
char* own_utoa(unsigned value, char* str, uint8_t radix){
char *p = str, *b = str;
char t;
div_t d;
if(radix>36){
return NULL;
}
if(value == 0){
*p++ = '0';
*p = '\0';
return str;
}
while(value){
d = div(value, radix);
value = d.quot;
if(d.rem < 10){
*p++ = '0' + d.rem;
}else{
*p++ = 'a' + d.rem - 10;
}
}
*p = '\0';
while(str<p){
t = *str;
*str++ = *--p;
*p = t;
}
return b;
}
uint8_t read_bigint(bigint_t* a, char* prompt){
uint16_t read_length, actual_length;
uint8_t off;
uint8_t *buffer;
char read_int_str[18];
cli_putstr(prompt);
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
read_length = own_atou(read_int_str);
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
if(!buffer){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
cli_putstr("\r\n data: ");
memset(buffer, 0, sizeof(bigint_word_t));
actual_length = read_os(buffer + off, read_length, NULL);
if(actual_length != read_length){
cli_putstr("\r\nERROR: unexpected end of data!");
free(buffer);
return 1;
}
a->wordv = (bigint_word_t*)buffer;
a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
uint8_t pre_alloc_key_crt(void){
priv_key.n = 5;
priv_key.components = malloc(5 * sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
return 0;
}
void free_key(void){
uint8_t c;
free(pub_key.modulus.wordv);
free(pub_key.exponent.wordv);
pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
for(c = 0; c < priv_key.n; ++c){
free(priv_key.components[c].wordv);
}
free(priv_key.components);
}
uint8_t read_key_crt(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = pre_alloc_key_crt();
if(r) return r;
r = read_bigint(&pub_key.modulus, "\r\n = module =");
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
if(r) return r;
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
return r;
}
uint8_t read_key_conv(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = read_bigint(&pub_key.modulus,"\r\n = module =");
if(r) return r;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
priv_key.n = 1;
priv_key.components = malloc(sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
return r;
}
void load_priv_conventional(void){
priv_key.components = malloc(sizeof(bigint_t));
priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
sizeof(bigint_word_t));
if(!priv_key.components[0].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
priv_key.n = 1;
bigint_changeendianess(&priv_key.components[0]);
bigint_adjust(&priv_key.components[0]);
}
void load_priv_crt_mono(void){
bigint_t *v;
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = v;
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i].info = 0;
v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
if(!v[i].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i].wordv, bv[i], sv[i]);
bigint_changeendianess(&v[i]);
bigint_adjust(&v[i]);
}
}
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
a->wordv = malloc(BIGINT_CEIL(length_B));
if(!a->wordv){
cli_putstr("\r\nOOM!\r\n");
return 1;
}
memset(a->wordv, 0, sizeof(bigint_word_t));
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
void load_fix_rsa(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
if(pre_alloc_key_crt()){
cli_putstr("\r\nOOM!\r\n");
return;
}
load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
priv_key.n = 5;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
// load_priv_conventional();
// load_priv_crt_mono();
}
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint8_t seed[sizeof(SEED)];
uint16_t clen, plen;
ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
memcpy(plaintext, MSG, sizeof(MSG));
memcpy(seed, SEED, sizeof(SEED));
cli_putstr("\r\nplaintext:");
cli_hexdump_block(plaintext, sizeof(MSG), 4, 8);
cli_putstr("\r\nencrypting: ...");
rc = rsa_encrypt_oaep(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, NULL, NULL, seed);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 8);
if(clen!=sizeof(ENCRYPTED)){
cli_putstr("\r\n>>FAIL (no size match)<<");
}else{
if(memcmp(ciphertext, ENCRYPTED, clen)){
cli_putstr("\r\n>>FAIL (no content match)<<");
}else{
cli_putstr("\r\n>>OK<<");
}
}
cli_putstr("\r\ndecrypting: ...");
rc = rsa_decrypt_oaep(plaintext, &plen, ciphertext, clen, &priv_key, NULL, NULL, NULL);
if(rc){
cli_putstr("\r\nERROR: rsa_decrypt_oaep returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 8);
free(ciphertext);
free(plaintext);
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t msg_len, ciph_len, msg_len_;
uint8_t seed[20], seed_out[20];
char read_int_str[18];
cli_putstr("\r\n== test with given seed ==");
cli_putstr("\r\n = message =");
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
msg = malloc(msg_len);
if(!msg){
cli_putstr("\r\nERROR: OOM!");
return;
}
ciph = malloc(bigint_length_B(&pub_key.modulus));
if(!ciph){
cli_putstr("\r\nERROR: OOM!");
return;
}
msg_ = malloc(bigint_length_B(&pub_key.modulus));
if(!msg_){
cli_putstr("\r\nERROR: OOM!");
return;
}
cli_putstr("\r\n data: ");
read_os(msg, msg_len, NULL);
cli_putstr("\r\n seed (20 bytes): ");
read_os(seed, 20, NULL);
cli_putstr("\r\n encrypting ...");
rsa_encrypt_oaep(ciph, &ciph_len, msg, msg_len, &pub_key, NULL, NULL, seed);
cli_putstr("\r\n ciphertext:");
cli_hexdump_block(ciph, ciph_len, 4, 16);
cli_putstr("\r\n decrypting ... ");
rsa_decrypt_oaep(msg_, &msg_len_, ciph, ciph_len, &priv_key, NULL, NULL, seed_out);
cli_putstr("[done]");
if(msg_len != msg_len_){
char tstr[16];
cli_putstr("\r\nERROR: wrong decrypted message length (");
own_utoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr(" instead of ");
own_utoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr("\r\nERROR: wrong decrypted message:");
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, 20)){
cli_putstr("\r\nERROR: wrong decrypted seed:");
cli_hexdump_block(seed_out, 20, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(seed, 20, 4, 16);
goto end;
}
cli_putstr("\r\n >>OK<<");
end:
free(msg);
free(msg_);
free(ciph);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
prng_get_byte = random8;
}
void load_key(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
read_key_crt();
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr("\r\nenter dump length: ");
cli_getsn(lstr, 15);
len = own_atou(lstr);
cli_putstr("\r\ndumping 0x");
cli_hexdump_rev(&len, 2);
cli_putstr(" byte:");
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char load_key_str[] = "load-key";
const char load_fix_key_str[] = "load-fix-key";
const char quick_test_str[] = "quick-test";
const char seed_test_str[] = "seed-test";
const char dump_test_str[] = "dump-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
const cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ load_key_str, NULL, load_key },
{ load_fix_key_str, NULL, load_fix_rsa },
{ quick_test_str, NULL, quick_test },
{ seed_test_str, NULL, run_seed_test },
{ dump_test_str, NULL, test_dump },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

714
test_src/main-rsaes_pkcs1v15-test.c Normal file
View File

@ -0,0 +1,714 @@
/* main-dsa-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* RSA test-suit
*
*/
#include "main-test-common.h"
#include "noekeon.h"
#include "noekeon_prng.h"
#include "bigint.h"
#include "bigint_io.h"
#include "random_dummy.h"
#include "rsa_basic.h"
#include "rsaes_pkcs1v15.h"
#include "performance_test.h"
const char* algo_name = "RSAES-PKCS15";
#define BIGINT_CEIL(x) ((((x) + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t))
#define BIGINT_OFF(x) ((sizeof(bigint_word_t) - (x) % sizeof(bigint_word_t)) % sizeof(bigint_word_t))
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
/* Modulus: */
const uint8_t modulus[] = {
0xa8, 0xb3, 0xb2, 0x84, 0xaf, 0x8e, 0xb5, 0x0b, 0x38, 0x70, 0x34, 0xa8, 0x60, 0xf1, 0x46, 0xc4,
0x91, 0x9f, 0x31, 0x87, 0x63, 0xcd, 0x6c, 0x55, 0x98, 0xc8, 0xae, 0x48, 0x11, 0xa1, 0xe0, 0xab,
0xc4, 0xc7, 0xe0, 0xb0, 0x82, 0xd6, 0x93, 0xa5, 0xe7, 0xfc, 0xed, 0x67, 0x5c, 0xf4, 0x66, 0x85,
0x12, 0x77, 0x2c, 0x0c, 0xbc, 0x64, 0xa7, 0x42, 0xc6, 0xc6, 0x30, 0xf5, 0x33, 0xc8, 0xcc, 0x72,
0xf6, 0x2a, 0xe8, 0x33, 0xc4, 0x0b, 0xf2, 0x58, 0x42, 0xe9, 0x84, 0xbb, 0x78, 0xbd, 0xbf, 0x97,
0xc0, 0x10, 0x7d, 0x55, 0xbd, 0xb6, 0x62, 0xf5, 0xc4, 0xe0, 0xfa, 0xb9, 0x84, 0x5c, 0xb5, 0x14,
0x8e, 0xf7, 0x39, 0x2d, 0xd3, 0xaa, 0xff, 0x93, 0xae, 0x1e, 0x6b, 0x66, 0x7b, 0xb3, 0xd4, 0x24,
0x76, 0x16, 0xd4, 0xf5, 0xba, 0x10, 0xd4, 0xcf, 0xd2, 0x26, 0xde, 0x88, 0xd3, 0x9f, 0x16, 0xfb
};
/* Public exponent: */
const uint8_t pub_exponent[] = { 0x01, 0x00, 0x01 };
/* Exponent: */
const uint8_t priv_exponent[] = {
0x53, 0x33, 0x9c, 0xfd, 0xb7, 0x9f, 0xc8, 0x46, 0x6a, 0x65, 0x5c, 0x73, 0x16, 0xac, 0xa8, 0x5c,
0x55, 0xfd, 0x8f, 0x6d, 0xd8, 0x98, 0xfd, 0xaf, 0x11, 0x95, 0x17, 0xef, 0x4f, 0x52, 0xe8, 0xfd,
0x8e, 0x25, 0x8d, 0xf9, 0x3f, 0xee, 0x18, 0x0f, 0xa0, 0xe4, 0xab, 0x29, 0x69, 0x3c, 0xd8, 0x3b,
0x15, 0x2a, 0x55, 0x3d, 0x4a, 0xc4, 0xd1, 0x81, 0x2b, 0x8b, 0x9f, 0xa5, 0xaf, 0x0e, 0x7f, 0x55,
0xfe, 0x73, 0x04, 0xdf, 0x41, 0x57, 0x09, 0x26, 0xf3, 0x31, 0x1f, 0x15, 0xc4, 0xd6, 0x5a, 0x73,
0x2c, 0x48, 0x31, 0x16, 0xee, 0x3d, 0x3d, 0x2d, 0x0a, 0xf3, 0x54, 0x9a, 0xd9, 0xbf, 0x7c, 0xbf,
0xb7, 0x8a, 0xd8, 0x84, 0xf8, 0x4d, 0x5b, 0xeb, 0x04, 0x72, 0x4d, 0xc7, 0x36, 0x9b, 0x31, 0xde,
0xf3, 0x7d, 0x0c, 0xf5, 0x39, 0xe9, 0xcf, 0xcd, 0xd3, 0xde, 0x65, 0x37, 0x29, 0xea, 0xd5, 0xd1
};
/* Prime 1: */
const uint8_t p[] = {
0xd3, 0x27, 0x37, 0xe7, 0x26, 0x7f, 0xfe, 0x13, 0x41, 0xb2, 0xd5, 0xc0, 0xd1, 0x50, 0xa8, 0x1b,
0x58, 0x6f, 0xb3, 0x13, 0x2b, 0xed, 0x2f, 0x8d, 0x52, 0x62, 0x86, 0x4a, 0x9c, 0xb9, 0xf3, 0x0a,
0xf3, 0x8b, 0xe4, 0x48, 0x59, 0x8d, 0x41, 0x3a, 0x17, 0x2e, 0xfb, 0x80, 0x2c, 0x21, 0xac, 0xf1,
0xc1, 0x1c, 0x52, 0x0c, 0x2f, 0x26, 0xa4, 0x71, 0xdc, 0xad, 0x21, 0x2e, 0xac, 0x7c, 0xa3, 0x9d
};
/* Prime 2: */
const uint8_t q[] = {
0xcc, 0x88, 0x53, 0xd1, 0xd5, 0x4d, 0xa6, 0x30, 0xfa, 0xc0, 0x04, 0xf4, 0x71, 0xf2, 0x81, 0xc7,
0xb8, 0x98, 0x2d, 0x82, 0x24, 0xa4, 0x90, 0xed, 0xbe, 0xb3, 0x3d, 0x3e, 0x3d, 0x5c, 0xc9, 0x3c,
0x47, 0x65, 0x70, 0x3d, 0x1d, 0xd7, 0x91, 0x64, 0x2f, 0x1f, 0x11, 0x6a, 0x0d, 0xd8, 0x52, 0xbe,
0x24, 0x19, 0xb2, 0xaf, 0x72, 0xbf, 0xe9, 0xa0, 0x30, 0xe8, 0x60, 0xb0, 0x28, 0x8b, 0x5d, 0x77
};
/* Prime exponent 1: */
const uint8_t dp[] = {
0x0e, 0x12, 0xbf, 0x17, 0x18, 0xe9, 0xce, 0xf5, 0x59, 0x9b, 0xa1, 0xc3, 0x88, 0x2f, 0xe8, 0x04,
0x6a, 0x90, 0x87, 0x4e, 0xef, 0xce, 0x8f, 0x2c, 0xcc, 0x20, 0xe4, 0xf2, 0x74, 0x1f, 0xb0, 0xa3,
0x3a, 0x38, 0x48, 0xae, 0xc9, 0xc9, 0x30, 0x5f, 0xbe, 0xcb, 0xd2, 0xd7, 0x68, 0x19, 0x96, 0x7d,
0x46, 0x71, 0xac, 0xc6, 0x43, 0x1e, 0x40, 0x37, 0x96, 0x8d, 0xb3, 0x78, 0x78, 0xe6, 0x95, 0xc1
};
/* Prime exponent 2: */
const uint8_t dq[] = {
0x95, 0x29, 0x7b, 0x0f, 0x95, 0xa2, 0xfa, 0x67, 0xd0, 0x07, 0x07, 0xd6, 0x09, 0xdf, 0xd4, 0xfc,
0x05, 0xc8, 0x9d, 0xaf, 0xc2, 0xef, 0x6d, 0x6e, 0xa5, 0x5b, 0xec, 0x77, 0x1e, 0xa3, 0x33, 0x73,
0x4d, 0x92, 0x51, 0xe7, 0x90, 0x82, 0xec, 0xda, 0x86, 0x6e, 0xfe, 0xf1, 0x3c, 0x45, 0x9e, 0x1a,
0x63, 0x13, 0x86, 0xb7, 0xe3, 0x54, 0xc8, 0x99, 0xf5, 0xf1, 0x12, 0xca, 0x85, 0xd7, 0x15, 0x83
};
/* Coefficient: */
const uint8_t qinv[] = {
0x4f, 0x45, 0x6c, 0x50, 0x24, 0x93, 0xbd, 0xc0, 0xed, 0x2a, 0xb7, 0x56, 0xa3, 0xa6, 0xed, 0x4d,
0x67, 0x35, 0x2a, 0x69, 0x7d, 0x42, 0x16, 0xe9, 0x32, 0x12, 0xb1, 0x27, 0xa6, 0x3d, 0x54, 0x11,
0xce, 0x6f, 0xa9, 0x8d, 0x5d, 0xbe, 0xfd, 0x73, 0x26, 0x3e, 0x37, 0x28, 0x14, 0x27, 0x43, 0x81,
0x81, 0x66, 0xed, 0x7d, 0xd6, 0x36, 0x87, 0xdd, 0x2a, 0x8c, 0xa1, 0xd2, 0xf4, 0xfb, 0xd8, 0xe1
};
/*
* Example 2: A 1024-bit RSA key pair
* ---------------------------------------------------
*/
/* Modulus: */
const uint8_t modulus2[] = {
0x98, 0xb7, 0x05, 0x82, 0xca, 0x80, 0x8f, 0xd1, 0xd3, 0x50, 0x95, 0x62, 0xa0, 0xef, 0x30, 0x5a,
0xf6, 0xd9, 0x87, 0x54, 0x43, 0xb3, 0x5b, 0xdf, 0x24, 0xd5, 0x36, 0x35, 0x3e, 0x3f, 0x12, 0x28,
0xdc, 0xd1, 0x2a, 0x78, 0x56, 0x83, 0x56, 0xc6, 0xff, 0x32, 0x3a, 0xbf, 0x72, 0xac, 0x1c, 0xdb,
0xfe, 0x71, 0x2f, 0xb4, 0x9f, 0xe5, 0x94, 0xa5, 0xa2, 0x17, 0x5d, 0x48, 0xb6, 0x73, 0x25, 0x38,
0xd8, 0xdf, 0x37, 0xcb, 0x97, 0x0b, 0xe4, 0xa5, 0xb5, 0x62, 0xc3, 0xf2, 0x98, 0xdb, 0x9d, 0xdf,
0x75, 0x60, 0x78, 0x77, 0x91, 0x8c, 0xce, 0xd1, 0xd0, 0xd1, 0xf3, 0x77, 0x33, 0x8c, 0x0d, 0x3d,
0x32, 0x07, 0x79, 0x7e, 0x86, 0x2c, 0x65, 0xd1, 0x14, 0x39, 0xe5, 0x88, 0x17, 0x75, 0x27, 0xa7,
0xde, 0xd9, 0x19, 0x71, 0xad, 0xcf, 0x91, 0xe2, 0xe8, 0x34, 0xe3, 0x7f, 0x05, 0xa7, 0x36, 0x55
};
/* Public exponent: */
const uint8_t pub_exponent2[] = {0x01, 0x00, 0x01 };
/* Exponent: */
const uint8_t priv_exponent2[] = {
0x06, 0x14, 0xa7, 0x86, 0x05, 0x2d, 0x28, 0x4c, 0xd9, 0x06, 0xa8, 0xe4, 0x13, 0xf7, 0x62, 0x2c,
0x05, 0x0f, 0x35, 0x49, 0xc0, 0x26, 0x58, 0x9e, 0xa2, 0x77, 0x50, 0xe0, 0xbe, 0xd9, 0x41, 0x0e,
0x5a, 0x78, 0x83, 0xa1, 0xe6, 0x03, 0xf5, 0xc5, 0x17, 0xad, 0x36, 0xd4, 0x9f, 0xaa, 0xc5, 0xbd,
0x66, 0xbc, 0xb8, 0x03, 0x0f, 0xa8, 0xd3, 0x09, 0xe3, 0x51, 0xdd, 0xd7, 0x82, 0xd8, 0x43, 0xdf,
0x97, 0x56, 0x80, 0xae, 0x73, 0xee, 0xa9, 0xaa, 0xb2, 0x89, 0xb7, 0x57, 0x20, 0x5d, 0xad, 0xb8,
0xfd, 0xfb, 0x98, 0x9e, 0xc8, 0xdb, 0x8e, 0x70, 0x95, 0xf5, 0x1f, 0x24, 0x52, 0x9f, 0x56, 0x37,
0xaa, 0x66, 0x93, 0x31, 0xe2, 0x56, 0x9f, 0x8b, 0x85, 0x4a, 0xbe, 0xce, 0xc9, 0x9a, 0xa2, 0x64,
0xc3, 0xda, 0x7c, 0xc6, 0x86, 0x6f, 0x0c, 0x0e, 0x1f, 0xb8, 0x46, 0x98, 0x48, 0x58, 0x1c, 0x73
};
/* Prime 1: */
const uint8_t p2[] = {
0xcb, 0x61, 0xa8, 0x8c, 0x8c, 0x30, 0x5a, 0xd9, 0xa8, 0xfb, 0xec, 0x2b, 0xa4, 0xc8, 0x6c, 0xcc,
0xc2, 0x02, 0x80, 0x24, 0xaa, 0x16, 0x90, 0xc2, 0x9b, 0xc8, 0x26, 0x4d, 0x2f, 0xeb, 0xe8, 0x7e,
0x4f, 0x86, 0xe9, 0x12, 0xef, 0x0f, 0x5c, 0x18, 0x53, 0xd7, 0x1c, 0xbc, 0x9b, 0x14, 0xba, 0xed,
0x3c, 0x37, 0xce, 0xf6, 0xc7, 0xa3, 0x59, 0x8b, 0x6f, 0xbe, 0x06, 0x48, 0x10, 0x90, 0x5b, 0x57
};
/* Prime 2: */
const uint8_t q2[] = {
0xc0, 0x39, 0x9f, 0x0b, 0x93, 0x80, 0xfa, 0xba, 0x38, 0xff, 0x80, 0xd2, 0xff, 0xf6, 0xed, 0xe7,
0x9c, 0xfd, 0xab, 0xf6, 0x58, 0x97, 0x20, 0x77, 0xa5, 0xe2, 0xb2, 0x95, 0x69, 0x3e, 0xa5, 0x10,
0x72, 0x26, 0x8b, 0x91, 0x74, 0x6e, 0xea, 0x9b, 0xe0, 0x4a, 0xd6, 0x61, 0x00, 0xeb, 0xed, 0x73,
0x3d, 0xb4, 0xcd, 0x01, 0x47, 0xa1, 0x8d, 0x6d, 0xe8, 0xc0, 0xcd, 0x8f, 0xbf, 0x24, 0x9c, 0x33
};
/* Prime exponent 1: */
const uint8_t dp2[] = {
0x94, 0x4c, 0x3a, 0x65, 0x79, 0x57, 0x4c, 0xf7, 0x87, 0x33, 0x62, 0xab, 0x14, 0x35, 0x9c, 0xb7,
0xd5, 0x03, 0x93, 0xc2, 0xa8, 0x4f, 0x59, 0xf0, 0xbd, 0x3c, 0xbd, 0x48, 0xed, 0x17, 0x7c, 0x68,
0x95, 0xbe, 0x8e, 0xb6, 0xe2, 0x9f, 0xf5, 0x8c, 0x3b, 0x9e, 0x0f, 0xf3, 0x2a, 0xb5, 0x7b, 0xf3,
0xbe, 0x44, 0x07, 0x62, 0x84, 0x81, 0x84, 0xaa, 0x9a, 0xa9, 0x19, 0xd5, 0x74, 0x56, 0x7e, 0x73
};
/* Prime exponent 2: */
const uint8_t dq2[] = {
0x45, 0xeb, 0xef, 0xd5, 0x87, 0x27, 0x30, 0x8c, 0xd2, 0xb4, 0xe6, 0x08, 0x5a, 0x81, 0x58, 0xd2,
0x9a, 0x41, 0x8f, 0xee, 0xc1, 0x14, 0xe0, 0x03, 0x85, 0xbc, 0xeb, 0x96, 0xfb, 0xbc, 0x84, 0xd0,
0x71, 0xa5, 0x61, 0xb9, 0x5c, 0x30, 0x08, 0x79, 0x00, 0xe2, 0x58, 0x0e, 0xdb, 0x05, 0xf6, 0xce,
0xa7, 0x90, 0x7f, 0xcd, 0xca, 0x5f, 0x92, 0x91, 0x7b, 0x4b, 0xbe, 0xba, 0x5e, 0x1e, 0x14, 0x0f
};
/* Coefficient: */
const uint8_t qinv2[] = {
0xc5, 0x24, 0x68, 0xc8, 0xfd, 0x15, 0xe5, 0xda, 0x2f, 0x6c, 0x8e, 0xba, 0x4e, 0x97, 0xba, 0xeb,
0xe9, 0x95, 0xb6, 0x7a, 0x1a, 0x7a, 0xd7, 0x19, 0xdd, 0x9f, 0xff, 0x36, 0x6b, 0x18, 0x4d, 0x5a,
0xb4, 0x55, 0x07, 0x59, 0x09, 0x29, 0x20, 0x44, 0xec, 0xb3, 0x45, 0xcf, 0x2c, 0xdd, 0x26, 0x22,
0x8e, 0x21, 0xf8, 0x51, 0x83, 0x25, 0x5f, 0x4a, 0x9e, 0x69, 0xf4, 0xc7, 0x15, 0x2e, 0xbb, 0x0f
};
/* PKCS#1 v1.5 encryption of 0x20, random messages with random s0xee,ds
* ---------------------------------------------------------------------------
*/
/* Message: */
const uint8_t message_x[] = {
0x66, 0x28, 0x19, 0x4e, 0x12, 0x07, 0x3d, 0xb0, 0x3b, 0xa9, 0x4c, 0xda, 0x9e, 0xf9, 0x53, 0x23,
0x97, 0xd5, 0x0d, 0xba, 0x79, 0xb9, 0x87, 0x00, 0x4a, 0xfe, 0xfe, 0x34
};
/* Seed: */
const uint8_t seed_x[] = {
0x01, 0x73, 0x41, 0xae, 0x38, 0x75, 0xd5, 0xf8, 0x71, 0x01, 0xf8, 0xcc, 0x4f, 0xa9, 0xb9, 0xbc,
0x15, 0x6b, 0xb0, 0x46, 0x28, 0xfc, 0xcd, 0xb2, 0xf4, 0xf1, 0x1e, 0x90, 0x5b, 0xd3, 0xa1, 0x55,
0xd3, 0x76, 0xf5, 0x93, 0xbd, 0x73, 0x04, 0x21, 0x08, 0x74, 0xeb, 0xa0, 0x8a, 0x5e, 0x22, 0xbc,
0xcc, 0xb4, 0xc9, 0xd3, 0x88, 0x2a, 0x93, 0xa5, 0x4d, 0xb0, 0x22, 0xf5, 0x03, 0xd1, 0x63, 0x38,
0xb6, 0xb7, 0xce, 0x16, 0xdc, 0x7f, 0x4b, 0xbf, 0x9a, 0x96, 0xb5, 0x97, 0x72, 0xd6, 0x60, 0x6e,
0x97, 0x47, 0xc7, 0x64, 0x9b, 0xf9, 0xe0, 0x83, 0xdb, 0x98, 0x18, 0x84, 0xa9, 0x54, 0xab, 0x3c,
0x6f };
/* Encryption: */
const uint8_t encrypted_x[] = {
0x50, 0xb4, 0xc1, 0x41, 0x36, 0xbd, 0x19, 0x8c, 0x2f, 0x3c, 0x3e, 0xd2, 0x43, 0xfc, 0xe0, 0x36,
0xe1, 0x68, 0xd5, 0x65, 0x17, 0x98, 0x4a, 0x26, 0x3c, 0xd6, 0x64, 0x92, 0xb8, 0x08, 0x04, 0xf1,
0x69, 0xd2, 0x10, 0xf2, 0xb9, 0xbd, 0xfb, 0x48, 0xb1, 0x2f, 0x9e, 0xa0, 0x50, 0x09, 0xc7, 0x7d,
0xa2, 0x57, 0xcc, 0x60, 0x0c, 0xce, 0xfe, 0x3a, 0x62, 0x83, 0x78, 0x9d, 0x8e, 0xa0, 0xe6, 0x07,
0xac, 0x58, 0xe2, 0x69, 0x0e, 0xc4, 0xeb, 0xc1, 0x01, 0x46, 0xe8, 0xcb, 0xaa, 0x5e, 0xd4, 0xd5,
0xcc, 0xe6, 0xfe, 0x7b, 0x0f, 0xf9, 0xef, 0xc1, 0xea, 0xbb, 0x56, 0x4d, 0xbf, 0x49, 0x82, 0x85,
0xf4, 0x49, 0xee, 0x61, 0xdd, 0x7b, 0x42, 0xee, 0x5b, 0x58, 0x92, 0xcb, 0x90, 0x60, 0x1f, 0x30,
0xcd, 0xa0, 0x7b, 0xf2, 0x64, 0x89, 0x31, 0x0b, 0xcd, 0x23, 0xb5, 0x28, 0xce, 0xab, 0x3c, 0x31
};
/*
* PKCS#1 v1.5 Encryption Example 2.15
* ----------------------------------
*/
/* Message: */
const uint8_t message_2_15[] = {
0xa6, 0xd0, 0xe8, 0xc1, 0xea, 0x4a, 0xb4, 0xec, 0xc8, 0x95, 0x7d, 0x62, 0x28, 0x15, 0x79, 0x67,
0x5a, 0x64, 0x8d, 0x62, 0xb7, 0xf2, 0x2b, 0x2b, 0x08, 0xd1, 0x31, 0x3f, 0x40, 0x6f, 0x13, 0x7e,
0x99, 0x42, 0x67, 0x35, 0xcd, 0xb9, 0x37, 0x2f, 0xec, 0xa1, 0xee, 0x78, 0x46, 0x3f, 0xa5, 0xde,
0x9c, 0xdd, 0x84, 0x75, 0x6c, 0x68, 0xbd, 0x1d, 0x92, 0xba, 0x96, 0x5f, 0x50, 0x64, 0x10, 0xb1
};
/* Seed: */
const uint8_t seed_2_15[] = {
0x1c, 0x25, 0xc9, 0xb8, 0x32, 0x16, 0x9a, 0x1f, 0xdb, 0x6c, 0x14, 0x8e, 0x47, 0xe6, 0x6c, 0x3c,
0xc8, 0x21, 0x41, 0xe6, 0x11, 0xa6, 0xf3, 0x0c, 0xc9, 0x0c, 0x50, 0x49, 0xe8, 0xc5, 0x02, 0xb3,
0x1c, 0xad, 0xc7, 0x62, 0x39, 0xb7, 0xbd, 0xaf, 0x93, 0xfa, 0x97, 0x34, 0x3e, 0x7e, 0xe5, 0x51,
0xbc, 0x52, 0xfd, 0xb5, 0xec, 0x9e, 0x40, 0x0a, 0xf0, 0x5d, 0xbe, 0xac, 0xda
};
/* Encryption: */
const uint8_t encrypted_2_15[] = {
0xe8, 0xb2, 0xfc, 0x76, 0xdf, 0xb4, 0xa6, 0xcc, 0x43, 0x64, 0xde, 0x8f, 0x68, 0x3c, 0x3f,
0xcd, 0x0a, 0x9e, 0xcf, 0xbd, 0x4a, 0x5a, 0x72, 0x24, 0xf4, 0x9a, 0xe9, 0xb4, 0xf3, 0xb5, 0xcd,
0xc7, 0x1c, 0xbb, 0x8c, 0x66, 0xfd, 0x35, 0xf3, 0xd1, 0x8e, 0xca, 0x98, 0x96, 0x7b, 0xd4, 0x00,
0x5d, 0xf7, 0x91, 0x52, 0x41, 0x6f, 0xd4, 0x7e, 0x56, 0x2c, 0x55, 0xed, 0xc6, 0xd6, 0x12, 0x12,
0x28, 0x6e, 0xf9, 0x75, 0xbc, 0xc8, 0x02, 0x69, 0x25, 0x92, 0x65, 0x39, 0x00, 0x97, 0x3c, 0x72,
0xe0, 0x1a, 0x69, 0x3b, 0x05, 0xfc, 0x2d, 0x58, 0x56, 0xea, 0xef, 0x7a, 0xc0, 0x8f, 0xf5, 0xec,
0xd5, 0x31, 0xe2, 0xc2, 0xce, 0x92, 0x77, 0x45, 0xa1, 0x16, 0x5a, 0x51, 0xaa, 0x66, 0x98, 0xa1,
0xff, 0xcb, 0x87, 0xf8, 0x1e, 0xf6, 0x51, 0x0b, 0xca, 0xf9, 0xcb, 0x76, 0x1e, 0x9e, 0x1f, 0x0f
};
uint8_t keys_allocated = 0;
rsa_publickey_t pub_key;
rsa_privatekey_t priv_key;
#if 1
#define MSG message_2_15
#define SEED seed_2_15
#define ENCRYPTED encrypted_2_15
#define MODULUS modulus2
#define PUB_EXPONENT pub_exponent2
#define PRIV_EXPONENT priv_exponent2
#define P p2
#define Q q2
#define DP dp2
#define DQ dq2
#define QINV qinv2
#endif
uint8_t convert_nibble(uint8_t c){
if(c>='0' && c<='9'){
return c - '0';
}
c |= 'A' ^ 'a';
if(c>='a' && c<='f'){
return c - 'a' + 10;
}
return 0xff;
}
const char *block_ignore_string=" \t\r\n,;";
#define BUFFER_LIMIT 120
uint16_t read_os(void* dst, uint16_t length, const char* ignore_string){
uint16_t counter = 0;
uint16_t c;
uint8_t v, tmp = 0, idx = 0;
if(!ignore_string){
ignore_string = block_ignore_string;
}
while(counter < length){
c = cli_getc();
if(c > 0xff){
return counter;
}
if(strchr(ignore_string, c)){
continue;
}
v = convert_nibble(c);
if(v > 0x0f){
return counter;
}
if(idx){
((uint8_t*)dst)[counter++] = (tmp << 4) | v;
idx = 0;
if(counter % (BUFFER_LIMIT/2) == 0){
cli_putc('.');
}
}else{
tmp = v;
idx = 1;
}
}
return counter;
}
uint16_t own_atou(const char* str){
uint16_t r=0;
while(*str && *str >= '0' && *str <= '9'){
r *= 10;
r += *str++ - '0';
}
return r;
}
uint8_t read_bigint(bigint_t* a, char* prompt){
uint16_t read_length, actual_length;
uint8_t off;
uint8_t *buffer;
char read_int_str[18];
cli_putstr(prompt);
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
read_length = own_atou(read_int_str);
off = (sizeof(bigint_word_t) - (read_length % sizeof(bigint_word_t))) % sizeof(bigint_word_t);
buffer = malloc(((read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t)) * sizeof(bigint_word_t));
if(!buffer){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
cli_putstr("\r\n data: ");
memset(buffer, 0, sizeof(bigint_word_t));
actual_length = read_os(buffer + off, read_length, NULL);
if(actual_length != read_length){
cli_putstr("\r\nERROR: unexpected end of data!");
free(buffer);
return 1;
}
a->wordv = (bigint_word_t*)buffer;
a->length_W = (read_length + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
uint8_t pre_alloc_key_crt(void){
priv_key.n = 5;
priv_key.components = malloc(5 * sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
return 0;
}
void free_key(void){
uint8_t c;
free(pub_key.modulus.wordv);
free(pub_key.exponent.wordv);
pub_key.modulus.wordv = priv_key.modulus.wordv = NULL;
for(c = 0; c < priv_key.n; ++c){
free(priv_key.components[c].wordv);
}
free(priv_key.components);
}
uint8_t read_key_crt(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = pre_alloc_key_crt();
if(r) return r;
r = read_bigint(&pub_key.modulus, "\r\n = module =");
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
if(r) return r;
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = p (first prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[1], "\r\n = q (second prime) =");
if(r) return r;
r = read_bigint(&priv_key.components[2], "\r\n = dp (p's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[3], "\r\n = dq (q's exponent) =");
if(r) return r;
r = read_bigint(&priv_key.components[4], "\r\n = qInv (q' coefficient) =");
return r;
}
uint8_t read_key_conv(void){
uint8_t r;
cli_putstr("\r\n== reading key (crt) ==");
r = read_bigint(&pub_key.modulus,"\r\n = module =");
if(r) return r;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
priv_key.n = 1;
priv_key.components = malloc(sizeof(bigint_t));
if(!priv_key.components){
cli_putstr("\r\nERROR: OOM!");
return 2;
}
r = read_bigint(&pub_key.exponent, "\r\n = public exponent =");
if(r) return r;
r = read_bigint(&priv_key.components[0], "\r\n = private exponent =");
return r;
}
void load_priv_conventional(void){
priv_key.components = malloc(sizeof(bigint_t));
priv_key.components[0].length_W = (sizeof(PRIV_EXPONENT) +
sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
priv_key.components[0].wordv = malloc(priv_key.components[0].length_W *
sizeof(bigint_word_t));
if(!priv_key.components[0].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(priv_key.components[0].wordv, PRIV_EXPONENT, sizeof(PRIV_EXPONENT));
priv_key.n = 1;
bigint_changeendianess(&priv_key.components[0]);
bigint_adjust(&priv_key.components[0]);
}
void load_priv_crt_mono(void){
bigint_t *v;
const uint8_t *bv[5] = {P,Q,DP,DQ,QINV};
uint16_t sv[5] = {sizeof(P), sizeof(Q), sizeof(DP), sizeof(DQ), sizeof(QINV)};
uint8_t i;
v = malloc(5 * sizeof(bigint_t));
if(!v){
cli_putstr("\r\nERROR: OOM!");
return;
}
priv_key.components = v;
priv_key.n = 5;
for(i=0; i<5; ++i){
v[i].info = 0;
v[i].length_W = (sv[i] + sizeof(bigint_word_t) - 1) / sizeof(bigint_word_t);
v[i].wordv = calloc(v[i].length_W , sizeof(bigint_word_t));
if(!v[i].wordv){
cli_putstr("\r\nERROR: OOM!");
return;
}
memcpy(v[i].wordv, bv[i], sv[i]);
bigint_changeendianess(&v[i]);
bigint_adjust(&v[i]);
}
}
uint8_t load_bigint_from_os(bigint_t* a, const void* os, uint16_t length_B){
a->length_W = BIGINT_CEIL(length_B) / sizeof(bigint_word_t);
a->wordv = malloc(BIGINT_CEIL(length_B));
if(!a->wordv){
cli_putstr("\r\nOOM!\r\n");
return 1;
}
memset(a->wordv, 0, sizeof(bigint_word_t));
memcpy((uint8_t*)a->wordv + BIGINT_OFF(length_B), os, length_B);
a->info = 0;
bigint_changeendianess(a);
bigint_adjust(a);
return 0;
}
void load_fix_rsa(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
if(pre_alloc_key_crt()){
cli_putstr("\r\nOOM!\r\n");
return;
}
load_bigint_from_os(&pub_key.modulus, MODULUS, sizeof(MODULUS));
load_bigint_from_os(&pub_key.exponent, PUB_EXPONENT, sizeof(PUB_EXPONENT));
priv_key.n = 5;
memcpy(&priv_key.modulus, &pub_key.modulus, sizeof(bigint_t));
load_bigint_from_os(&priv_key.components[0], P, sizeof(P));
load_bigint_from_os(&priv_key.components[1], Q, sizeof(Q));
load_bigint_from_os(&priv_key.components[2], DP, sizeof(DP));
load_bigint_from_os(&priv_key.components[3], DQ, sizeof(DQ));
load_bigint_from_os(&priv_key.components[4], QINV, sizeof(QINV));
// load_priv_conventional();
// load_priv_crt_mono();
}
void quick_test(void){
uint8_t *ciphertext, *plaintext, rc;
uint8_t seed[sizeof(SEED)], seed_out[sizeof(SEED)];
uint16_t clen, plen;
if(!keys_allocated){
load_fix_rsa();
}
ciphertext = malloc(clen = pub_key.modulus.length_W * sizeof(bigint_word_t));
plaintext = malloc(pub_key.modulus.length_W * sizeof(bigint_word_t));
memcpy(plaintext, MSG, sizeof(MSG));
memcpy(seed, SEED, sizeof(SEED));
cli_putstr("\r\nplaintext:");
cli_hexdump_block(plaintext, sizeof(MSG), 4, 16);
cli_putstr("\r\nseed:");
cli_hexdump_block(seed, sizeof(SEED), 4, 16);
cli_putstr("\r\nencrypting: ...");
rc = rsa_encrypt_pkcs1v15(ciphertext, &clen, plaintext, sizeof(MSG), &pub_key, seed);
if(rc){
cli_putstr("\r\nERROR: rsa_encrypt_pkcs1v15 returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nciphertext:");
cli_hexdump_block(ciphertext, clen, 4, 16);
if(clen!=sizeof(ENCRYPTED)){
cli_putstr("\r\n>>FAIL (no size match)<<");
}else{
if(memcmp(ciphertext, ENCRYPTED, clen)){
cli_putstr("\r\n>>FAIL (no content match)<<");
}else{
cli_putstr("\r\n>>OK<<");
}
}
cli_putstr("\r\ndecrypting: ...");
rc = rsa_decrypt_pkcs1v15(plaintext, &plen, ciphertext, clen, &priv_key, seed_out);
if(rc){
cli_putstr("\r\nERROR: rsa_decrypt_pkcs1v15 returned: ");
cli_hexdump_byte(rc);
return;
}
cli_putstr("\r\n\r\nplaintext:");
cli_hexdump_block(plaintext, plen, 4, 16);
cli_putstr("\r\n\r\nseed (out):");
cli_hexdump_block(seed_out, sizeof(SEED), 4, 16);
free(ciphertext);
free(plaintext);
}
void run_seed_test(void){
uint8_t *msg, *ciph, *msg_;
uint16_t msg_len, ciph_len, msg_len_;
uint16_t seed_len;
uint8_t *seed, *seed_out;
char read_int_str[18];
cli_putstr("\r\n== test with given seed ==");
cli_putstr("\r\n = message =");
cli_putstr("\r\n length: ");
cli_getsn(read_int_str, 16);
msg_len = own_atou(read_int_str);
seed_len = rsa_pkcs1v15_compute_padlength_B(&pub_key.modulus, msg_len);
seed = malloc(seed_len);
if(!seed){
cli_putstr("\r\nERROR: OOM!");
return;
}
seed_out = malloc(seed_len);
if(!seed_out){
cli_putstr("\r\nERROR: OOM!");
return;
}
msg = malloc(msg_len);
if(!msg){
cli_putstr("\r\nERROR: OOM!");
return;
}
ciph = malloc(bigint_length_B(&pub_key.modulus));
if(!ciph){
cli_putstr("\r\nERROR: OOM!");
return;
}
msg_ = malloc(bigint_length_B(&pub_key.modulus));
if(!msg_){
cli_putstr("\r\nERROR: OOM!");
return;
}
cli_putstr("\r\n data: ");
read_os(msg, msg_len, NULL);
cli_putstr("\r\n seed (0x");
cli_hexdump_rev(&seed_len, 2);
cli_putstr(" bytes): ");
read_os(seed, seed_len, NULL);
cli_putstr("\r\n encrypting ...");
/*
cli_putstr("\r\n plaintext:");
cli_hexdump_block(msg, msg_len, 4, 16);
cli_putstr("\r\n seed:");
cli_hexdump_block(seed, seed_len, 4, 16);
*/
rsa_encrypt_pkcs1v15(ciph, &ciph_len, msg, msg_len, &pub_key, seed);
cli_putstr("\r\n ciphertext:");
cli_hexdump_block(ciph, ciph_len, 4, 16);
cli_putstr("\r\n decrypting ... ");
rsa_decrypt_pkcs1v15(msg_, &msg_len_, ciph, ciph_len, &priv_key, seed_out);
cli_putstr("[done]");
if(msg_len != msg_len_){
char tstr[16];
cli_putstr("\r\nERROR: wrong decrypted message length (");
ultoa(msg_len_, tstr, 10);
cli_putstr(tstr);
cli_putstr(" instead of ");
ultoa(msg_len, tstr, 10);
cli_putstr(tstr);
cli_putc(')');
goto end;
}
if(memcmp(msg, msg_, msg_len)){
cli_putstr("\r\nERROR: wrong decrypted message:");
cli_hexdump_block(msg_, msg_len_, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(msg, msg_len, 4, 16);
goto end;
}
if(memcmp(seed, seed_out, seed_len)){
cli_putstr("\r\nERROR: wrong decrypted seed:");
cli_hexdump_block(seed_out, seed_len, 4, 16);
cli_putstr("\r\nreference:");
cli_hexdump_block(seed, seed_len, 4, 16);
goto end;
}
cli_putstr("\r\n >>OK<<");
end:
free(ciph);
free(msg_);
free(msg);
free(seed_out);
free(seed);
}
void reset_prng(void){
uint8_t buf[16];
memset(buf, 0, 16);
random_seed(buf);
cli_putstr("\r\nPRNG reset");
}
void rsa_init(void){
prng_get_byte = random8;
}
void load_key(void){
if(keys_allocated){
free_key();
}
keys_allocated = 1;
read_key_crt();
}
void test_dump(void){
char lstr[16];
int len;
cli_putstr("\r\nenter dump length: ");
cli_getsn(lstr, 15);
len = own_atou(lstr);
cli_putstr("\r\ndumping 0x");
cli_hexdump_rev(&len, 2);
cli_putstr(" byte:");
cli_hexdump_block(pub_key.modulus.wordv, len, 4, 8);
}
/*****************************************************************************
* main *
*****************************************************************************/
const char echo_test_str[] = "echo-test";
const char reset_prng_str[] = "reset-prng";
const char load_key_str[] = "load-key";
const char load_fix_key_str[] = "load-fix-key";
const char quick_test_str[] = "quick-test";
const char seed_test_str[] = "seed-test";
const char dump_test_str[] = "dump-test";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
const cmdlist_entry_t cmdlist[] = {
{ reset_prng_str, NULL, reset_prng },
{ load_key_str, NULL, load_key },
{ load_fix_key_str, NULL, load_fix_rsa },
{ quick_test_str, NULL, quick_test },
{ seed_test_str, NULL, run_seed_test },
{ dump_test_str, NULL, test_dump },
// { performance_str, NULL, testrun_performance_bigint },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ NULL, NULL, NULL }
};
void dump_sp(void){
uint8_t x;
uint8_t *xa = &x;
cli_putstr("\r\nstack pointer: ~");
cli_hexdump_rev(&xa, 4);
}
int main (void){
main_setup();
for(;;){
welcome_msg(algo_name);
rsa_init();
cmd_interface(cmdlist);
}
}

217
test_src/main-sha2-test.c Normal file
View File

@ -0,0 +1,217 @@
/* main-sha512-test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2011 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* SHA-512 test-suit
*
*/
#include "main-test-common.h"
#include "uart_lowlevel.h"
#include "shavs.h"
#include "nessie_hash_test.h"
#include "performance_test.h"
#include "hfal-nessie.h"
#include "hfal-performance.h"
#include "hfal-test.h"
#include "sha224.h"
#include "hfal_sha224.h"
#include "sha256.h"
#include "hfal_sha256.h"
#include "sha384.h"
#include "hfal_sha384.h"
#include "sha512.h"
#include "hfal_sha512.h"
const char* algo_name = "SHA-2";
const hfdesc_t* algolist[] = {
(hfdesc_t*)&sha224_desc,
(hfdesc_t*)&sha256_desc,
(hfdesc_t*)&sha384_desc,
(hfdesc_t*)&sha512_desc,
NULL
};
/*****************************************************************************
* additional validation-functions *
*****************************************************************************/
void testrun_nessie_sha2(void){
hfal_nessie_multiple(algolist);
}
void testrun_performance_sha2(void){
hfal_performance_multiple(algolist);
}
void simple_test(void){
const char *msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
uint8_t hash[64];
sha512_ctx_t ctx;
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
sha512_init(&ctx);
cli_putstr("\r\nDBG: init done"); uart_flush(0);
sha512_lastBlock(&ctx, msg, 3*8);
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
sha512_ctx2hash(hash, &ctx);
cli_putstr("\r\n hash = ");
cli_hexdump(hash, 64);
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
sha512_init(&ctx);
cli_putstr("\r\nDBG: init done"); uart_flush(0);
sha512_lastBlock(&ctx, msg, 896);
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
sha512_ctx2hash(hash, &ctx);
cli_putstr("\r\n hash = ");
cli_hexdump(hash, 64);
uint32_t c=0;
uint8_t buffer[128];
memset(buffer, 'a', 128);
cli_putstr("\r\nDBG: init ..."); uart_flush(0);
sha512_init(&ctx);
cli_putstr("\r\nDBG: init done"); uart_flush(0);
do{
sha512_nextBlock(&ctx, buffer);
c += 128;
}while(c+128<1000000L);
sha512_lastBlock(&ctx, buffer, (1000000-c)*8);
cli_putstr("\r\nDBG: lastBlock done"); uart_flush(0);
sha512_ctx2hash(hash, &ctx);
cli_putstr("\r\n hash = ");
cli_hexdump(hash, 64);
}
/*
void test_monte(void){
uint8_t data1[] = {
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7 };
uint8_t data2[] = {
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
0xF4, 0x1E, 0xCE, 0x26, 0x13, 0xE4, 0x57, 0x39,
0x15, 0x69, 0x6B, 0x5A, 0xDC, 0xD5, 0x1C, 0xA3,
0x28, 0xBE, 0x3B, 0xF5, 0x66, 0xA9, 0xCA, 0x99,
0xC9, 0xCE, 0xB0, 0x27, 0x9C, 0x1C, 0xB0, 0xA7,
0xFD, 0xDF, 0x1B, 0x37, 0xDD, 0x34, 0xB3, 0xB2,
0x01, 0xD4, 0x3C, 0x57, 0xBC, 0xDE, 0x11, 0x58,
0x38, 0xF0, 0xDF, 0x70, 0x1D, 0xA9, 0x3C, 0x3B,
0xF2, 0xC9, 0xC8, 0x68, 0x96, 0xE7, 0xE6, 0xC7 };
uint8_t hash[SHA256_HASH_BYTES];
sha256((sha256_hash_t*)hash, data1, 3*32*8);
cli_putstr("\r\n hash(data1) = ");
cli_hexdump(hash, 32);
sha256((sha256_hash_t*)hash, data2, 3*32*8);
cli_putstr("\r\n hash(data2) = ");
cli_hexdump(hash, 32);
}
void test_monte2(void){
uint8_t data[] = {
0x6c, 0xd4, 0xc0, 0xc5, 0xcb, 0x2c, 0xa2, 0xa0,
0xf1, 0xd1, 0xae, 0xce, 0xba, 0xc0, 0x3b, 0x52,
0xe6, 0x4e, 0xa0, 0x3d, 0x1a, 0x16, 0x54, 0x37,
0x29, 0x36, 0x54, 0x5b, 0x92, 0xbb, 0xc5, 0x48,
0x4a, 0x59, 0xdb, 0x74, 0xbb, 0x60, 0xf9, 0xc4,
0x0c, 0xeb, 0x1a, 0x5a, 0xa3, 0x5a, 0x6f, 0xaf,
0xe8, 0x03, 0x49, 0xe1, 0x4c, 0x25, 0x3a, 0x4e,
0x8b, 0x1d, 0x77, 0x61, 0x2d, 0xdd, 0x81, 0xac,
0xe9, 0x26, 0xae, 0x8b, 0x0a, 0xf6, 0xe5, 0x31,
0x76, 0xdb, 0xff, 0xcc, 0x2a, 0x6b, 0x88, 0xc6,
0xbd, 0x76, 0x5f, 0x93, 0x9d, 0x3d, 0x17, 0x8a,
0x9b, 0xde, 0x9e, 0xf3, 0xaa, 0x13, 0x1c, 0x61,
0xe3, 0x1c, 0x1e, 0x42, 0xcd, 0xfa, 0xf4, 0xb4,
0xdc, 0xde, 0x57, 0x9a, 0x37, 0xe1, 0x50, 0xef,
0xbe, 0xf5, 0x55, 0x5b, 0x4c, 0x1c, 0xb4, 0x04,
0x39, 0xd8, 0x35, 0xa7, 0x24, 0xe2, 0xfa, 0xe7 };
uint8_t hash[SHA256_HASH_BYTES];
sha256((sha256_hash_t*)hash, data, 1024);
cli_putstr("\r\n hash(data) = ");
cli_hexdump(hash, 32);
}
*/
/*****************************************************************************
* main *
*****************************************************************************/
const char nessie_str[] = "nessie";
const char test_str[] = "test";
//const char monte_str[] = "monte";
//const char monte2_str[] = "monte2";
const char performance_str[] = "performance";
const char echo_str[] = "echo";
const char shavs_list_str[] = "shavs_list";
const char shavs_set_str[] = "shavs_set";
const char shavs_test1_str[] = "shavs_test1";
const char shavs_test2_str[] = "shavs_test2";
const char shavs_test3_str[] = "shavs_test3";
const char dump_str[] = "dump";
const cmdlist_entry_t cmdlist[] = {
{ nessie_str, NULL, testrun_nessie_sha2 },
{ test_str, NULL, simple_test },
// { monte_str, NULL, test_monte },
// { monte2_str, NULL, test_monte2 },
{ performance_str, NULL, testrun_performance_sha2 },
{ echo_str, (void*)1, (void_fpt)echo_ctrl },
{ shavs_list_str, NULL, shavs_listalgos },
{ shavs_set_str, (void*)1, (void_fpt)shavs_setalgo },
{ shavs_test1_str, NULL, shavs_test1 },
{ shavs_test2_str, NULL, shavs_test2 },
{ shavs_test3_str, NULL, shavs_test3 },
{ dump_str, (void*)1, (void_fpt)dump },
{ NULL, NULL, NULL }
};
int main(void) {
main_setup();
shavs_algolist=(hfdesc_t**)algolist;
shavs_algo=(hfdesc_t*)&sha256_desc;
for(;;){
welcome_msg(algo_name);
cmd_interface(cmdlist);
}
}

214
test_src/nessie_bc_test.c Normal file
View File

@ -0,0 +1,214 @@
/* nessie_bc_test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* author: Daniel Otte
* email: daniel.otte@rub.de
* license: GPLv3
*
* a suit for running the nessie-tests for blockciphers
*
* */
#include <stdint.h>
#include <string.h>
#include "nessie_bc_test.h"
#include "nessie_common.h"
volatile nessie_bc_ctx_t nessie_bc_ctx;
void nessie_bc_init(void){
memset((void*)&nessie_bc_ctx, 0, sizeof(nessie_bc_ctx_t));
}
static
void nessie_bc_free(void* ctx){
if(nessie_bc_ctx.cipher_free)
nessie_bc_ctx.cipher_free(ctx);
}
void nessie_bc_enc(uint8_t* key, uint8_t* pt){
uint8_t ctx[nessie_bc_ctx.ctx_size_B];
uint8_t buffer[nessie_bc_ctx.blocksize_B];
uint16_t i;
/* single test */
nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
nessie_bc_ctx.cipher_enc(buffer, ctx);
nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
if(nessie_bc_ctx.cipher_dec){
nessie_bc_ctx.cipher_dec(buffer, ctx);
nessie_print_item("decrypted", buffer, nessie_bc_ctx.blocksize_B);
}
/* 100 times test */
memcpy(buffer, pt, nessie_bc_ctx.blocksize_B);
for(i=0; i<100; ++i){
nessie_bc_ctx.cipher_enc(buffer, ctx);
NESSIE_SEND_ALIVE_A(i);
}
nessie_print_item("Iterated 100 times", buffer, nessie_bc_ctx.blocksize_B);
#ifndef NESSIE_NO1KTEST
/* 1000 times test, we use the 100 preceding steps to fasten things a bit */
for(; i<1000; ++i){
nessie_bc_ctx.cipher_enc(buffer, ctx);
NESSIE_SEND_ALIVE_A(i);
}
nessie_print_item("Iterated 1000 times", buffer, nessie_bc_ctx.blocksize_B);
#endif
nessie_bc_free(ctx);
}
void nessie_bc_dec(uint8_t* key, uint8_t* ct){
uint8_t ctx[nessie_bc_ctx.ctx_size_B];
uint8_t buffer[nessie_bc_ctx.blocksize_B];
/* single test */
nessie_print_item("key", key, (nessie_bc_ctx.keysize_b+7)/8);
nessie_bc_ctx.cipher_genctx(key, nessie_bc_ctx.keysize_b, ctx);
memcpy(buffer, ct, nessie_bc_ctx.blocksize_B);
nessie_print_item("cipher", buffer, nessie_bc_ctx.blocksize_B);
nessie_bc_ctx.cipher_dec(buffer, ctx);
nessie_print_item("plain", buffer, nessie_bc_ctx.blocksize_B);
nessie_bc_ctx.cipher_enc(buffer, ctx);
nessie_print_item("encrypted", buffer, nessie_bc_ctx.blocksize_B);
nessie_bc_free(ctx);
}
void nessie_bc_run(void){
uint16_t i;
uint8_t set;
uint8_t key[(nessie_bc_ctx.keysize_b+7)/8];
uint8_t buffer[nessie_bc_ctx.blocksize_B];
nessie_print_header(nessie_bc_ctx.name, nessie_bc_ctx.keysize_b,
nessie_bc_ctx.blocksize_B*8, 0, 0, 0);
/* test set 1 */
set=1;
nessie_print_setheader(set);
for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
key[i/8] |= 0x80>>(i%8);
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
nessie_bc_enc(key, buffer);
}
/* test set 2 */
set=2;
nessie_print_setheader(set);
for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
buffer[i/8] |= 0x80>>(i%8);
nessie_bc_enc(key, buffer);
}
/* test set 3 */
set=3;
nessie_print_setheader(set);
for(i=0; i<256; ++i){
nessie_print_set_vector(set, i);
memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
memset(buffer, i, nessie_bc_ctx.blocksize_B);
nessie_bc_enc(key, buffer);
}
/* test set 4 */
set=4;
nessie_print_setheader(set);
/* 4 - 0*/
nessie_print_set_vector(set, 0);
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
key[i]=i;
}
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
buffer[i]=i*0x11;
}
nessie_bc_enc(key, buffer);
/* 4 - 1 */
nessie_print_set_vector(set, 1);
/* This is the test vectors in Kasumi */
static uint8_t kasumi_key[] = {
0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 };
static uint8_t kasumi_plain[]={
0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 };
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
key[i]=kasumi_key[i%sizeof(kasumi_key)];
}
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
}
nessie_bc_enc(key, buffer);
/* half done ;-) */
if(nessie_bc_ctx.cipher_dec==NULL)
return;
/* test set 5 */
set=5;
nessie_print_setheader(set);
for(i=0; i<nessie_bc_ctx.keysize_b; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
key[i/8] |= 0x80>>(i%8);
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
nessie_bc_dec(key, buffer);
}
/* test set 6 */
set=6;
nessie_print_setheader(set);
for(i=0; i<nessie_bc_ctx.blocksize_B*8; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, (nessie_bc_ctx.keysize_b+7)/8);
memset(buffer, 0, nessie_bc_ctx.blocksize_B);
buffer[i/8] |= 0x80>>(i%8);
nessie_bc_dec(key, buffer);
}
/* test set 7 */
set=7;
nessie_print_setheader(set);
for(i=0; i<256; ++i){
nessie_print_set_vector(set, i);
memset(key, i, (nessie_bc_ctx.keysize_b+7)/8);
memset(buffer, i, nessie_bc_ctx.blocksize_B);
nessie_bc_dec(key, buffer);
}
/* test set 8 */
set=8;
nessie_print_setheader(set);
/* 8 - 0*/
nessie_print_set_vector(set, 0);
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
key[i]=(uint8_t)i;
}
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
buffer[i]=(uint8_t)(i*0x11);
}
nessie_bc_dec(key, buffer);
/* 8 - 1 */
nessie_print_set_vector(set, 1);
for(i=0; i<(nessie_bc_ctx.keysize_b+7)/8; ++i){
key[i]=kasumi_key[i%sizeof(kasumi_key)];
}
for(i=0; i<nessie_bc_ctx.blocksize_B; ++i){
buffer[i]=kasumi_plain[i%sizeof(kasumi_plain)];
}
nessie_bc_dec(key, buffer);
nessie_print_footer();
}

47
test_src/nessie_bc_test.h Normal file
View File

@ -0,0 +1,47 @@
/* nessie_bc_test.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef NESSIE_BC_TEST_H_
#define NESSIE_BC_TEST_H_
#include <stdint.h>
typedef void (*nessie_bc_gen_fpt)(const uint8_t* key, uint16_t keysize_b, void* ctx);
typedef void (*nessie_bc_free_fpt)(void* ctx);
typedef void (*nessie_bc_enc_fpt)(void* buffer, const void* ctx);
typedef void (*nessie_bc_dec_fpt)(void* buffer, const void* ctx);
typedef struct nessie_bc_ctx_st{
uint16_t keysize_b;
uint16_t blocksize_B;
uint16_t ctx_size_B;
const char* name;
nessie_bc_gen_fpt cipher_genctx;
nessie_bc_free_fpt cipher_free;
nessie_bc_enc_fpt cipher_enc;
nessie_bc_dec_fpt cipher_dec;
} nessie_bc_ctx_t;
extern volatile nessie_bc_ctx_t nessie_bc_ctx;
void nessie_bc_run(void);
void nessie_bc_init(void);
#endif /*NESSIE_BC_TEST_H_*/

302
test_src/nessie_mac_test.c Normal file
View File

@ -0,0 +1,302 @@
/* nessie_mac_test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* author: Daniel Otte
* email: daniel.otte@rub.de
* license: GPLv3
*
* a suit for running the nessie-tests for MACs
*
* */
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include "nessie_mac_test.h"
#include "nessie_common.h"
#include "dbz_strings.h"
nessie_mac_ctx_t nessie_mac_ctx;
#define KEYSIZE_B ((nessie_mac_ctx.keysize_b+7)/8)
#define MACSIZE_B ((nessie_mac_ctx.macsize_b+7)/8)
#define BLOCKSIZE_B (nessie_mac_ctx.blocksize_B)
#define PRINTKEY nessie_print_item("key", key, KEYSIZE_B)
#define PRINTMAC nessie_print_item("MAC", mac, MACSIZE_B)
static const uint8_t keyproto[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
static
void ascii_mac(const void* data, const void* desc, uint8_t* key){
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
uint8_t mac[MACSIZE_B];
uint16_t sl;
uint8_t buffer[BLOCKSIZE_B];
NESSIE_PUTSTR("\r\n message=");
NESSIE_PUTSTR(desc);
PRINTKEY;
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
sl = strlen(data);
while(sl>nessie_mac_ctx.blocksize_B){
memcpy(buffer, data, BLOCKSIZE_B);
nessie_mac_ctx.mac_next(ctx, buffer);
data = (uint8_t*)data + BLOCKSIZE_B;
sl -= BLOCKSIZE_B;
}
memcpy(buffer, data, sl);
nessie_mac_ctx.mac_last(ctx, buffer, sl*8);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
}
// message=1 million times "a"
static
void amillion_mac(uint8_t* key){
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
uint8_t mac[MACSIZE_B];
uint8_t block[nessie_mac_ctx.blocksize_B];
uint32_t n=1000000LL;
uint16_t i=0;
NESSIE_PUTSTR("\r\n message=");
NESSIE_PUTSTR("1 million times \"a\"");
PRINTKEY;
memset(block, 'a', nessie_mac_ctx.blocksize_B);
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
while(n>=nessie_mac_ctx.blocksize_B){
nessie_mac_ctx.mac_next(ctx, block);
n -= nessie_mac_ctx.blocksize_B;
NESSIE_SEND_ALIVE_A(i++);
}
nessie_mac_ctx.mac_last(ctx, block, n*8);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
}
static
void zero_mac(uint16_t n, uint8_t* key){
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
uint8_t mac[MACSIZE_B];
uint8_t block[nessie_mac_ctx.blocksize_B];
NESSIE_PUTSTR("\r\n message=");
if(n>=10000)
NESSIE_PUTC('0'+n/10000);
if(n>=1000)
NESSIE_PUTC('0'+(n/1000)%10);
if(n>=100)
NESSIE_PUTC('0'+(n/100)%10);
if(n>=10)
NESSIE_PUTC('0'+(n/10)%10);
NESSIE_PUTC('0'+n%10);
NESSIE_PUTSTR(" zero bits");
PRINTKEY;
memset(block, 0, nessie_mac_ctx.blocksize_B);
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(ctx, block);
n -= nessie_mac_ctx.blocksize_B*8;
}
nessie_mac_ctx.mac_last(ctx, block, n);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
}
static
void one_in512_mac(uint16_t pos, uint8_t* key){
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
uint8_t mac[MACSIZE_B];
uint8_t block[nessie_mac_ctx.blocksize_B];
uint16_t n=512;
char* tab[8]={"80", "40", "20", "10",
"08", "04", "02", "01" };
pos&=511;
NESSIE_PUTSTR("\r\n message=");
NESSIE_PUTSTR("512-bit string: ");
if((pos/8) >=10){
NESSIE_PUTC('0'+(pos/8/10)%10);
} else {
NESSIE_PUTC(' ');
}
NESSIE_PUTC('0'+(pos/8)%10);
NESSIE_PUTSTR("*00,");
NESSIE_PUTSTR(tab[pos&7]);
NESSIE_PUTC(',');
if(63-(pos/8) >=10){
NESSIE_PUTC('0'+((63-pos/8)/10)%10);
} else {
NESSIE_PUTC(' ');
}
NESSIE_PUTC('0'+(63-pos/8)%10);
NESSIE_PUTSTR("*00");
PRINTKEY;
/* now the real stuff */
memset(block, 0, 512/8);
block[pos>>3] = 0x80>>(pos&0x7);
uint8_t* bp;
bp = block;
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(ctx, bp);
n -= nessie_mac_ctx.blocksize_B*8;
bp += nessie_mac_ctx.blocksize_B;
}
nessie_mac_ctx.mac_last(ctx, bp, n);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
}
static
void tv4_mac(void){
uint8_t ctx[nessie_mac_ctx.ctx_size_B];
uint8_t mac[MACSIZE_B];
uint8_t block[MACSIZE_B];
uint8_t key[KEYSIZE_B];
uint16_t n=MACSIZE_B*8;
uint32_t i;
char str[6];
NESSIE_PUTSTR("\r\n message=");
utoa(MACSIZE_B*8, str, 10);
NESSIE_PUTSTR(str);
NESSIE_PUTSTR(" zero bits");
memset(block, 0, MACSIZE_B);
for(i=0; i<KEYSIZE_B; ++i)
key[i] = keyproto[i%(3*8)];
nessie_print_item("key", key, KEYSIZE_B);
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
while(n>nessie_mac_ctx.blocksize_B*8){
nessie_mac_ctx.mac_next(ctx, block);
n -= nessie_mac_ctx.blocksize_B*8;
}
nessie_mac_ctx.mac_last(ctx, block, n);
nessie_mac_ctx.mac_conv(mac, ctx);
PRINTMAC;
for(i=1; i<100000L; ++i){ /* this assumes BLOCKSIZE >= HASHSIZE */
nessie_mac_ctx.mac_init(ctx, key, nessie_mac_ctx.keysize_b);
nessie_mac_ctx.mac_last(ctx, mac, nessie_mac_ctx.macsize_b);
nessie_mac_ctx.mac_conv(mac, ctx);
NESSIE_SEND_ALIVE_A(i);
}
nessie_print_item("iterated 100000 times", mac, MACSIZE_B);
}
void nessie_mac_run(void){
uint16_t i;
uint8_t set;
uint8_t key[KEYSIZE_B];
nessie_print_header(nessie_mac_ctx.name, nessie_mac_ctx.keysize_b, 0, 0,
nessie_mac_ctx.macsize_b, 0);
/* test set 1 */
const char* challange_dbz=
"\0"
"\"\" (empty string)\0"
"a\0"
"\"a\"\0"
"abc\0"
"\"abc\"\0"
"message digest\0"
"\"message digest\"\0"
"abcdefghijklmnopqrstuvwxyz\0"
"\"abcdefghijklmnopqrstuvwxyz\"\0"
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\0"
"\"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq\"\0"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789\0"
"\"A...Za...z0...9\"\0"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890\0"
"8 times \"1234567890\"\0"
"Now is the time for all \0"
"\"Now is the time for all \"\0"
"Now is the time for it\0"
"\"Now is the time for it\"\0"
;
set=1;
nessie_print_setheader(set);
for(i=0; i<KEYSIZE_B; ++i){
key[i] = keyproto[i%sizeof(keyproto)];
}
const char* challange[20];
dbz_splitup(challange_dbz, challange);
for(i=0; i<10; ++i){
nessie_print_set_vector(set, i);
ascii_mac(challange[2*i], challange[2*i+1], key);
}
nessie_print_set_vector(set, i);
amillion_mac(key);
for(i=0; i<KEYSIZE_B; ++i){
key[i] = keyproto[0x10+i%0x8];
}
for(i=0; i<10; ++i){
nessie_print_set_vector(set, 11+i);
ascii_mac(challange[2*i], challange[2*i+1], key);
}
nessie_print_set_vector(set, 11+i);
amillion_mac(key);
/* test set 2 */
set=2;
for(i=0; i<KEYSIZE_B; ++i){
key[i] = keyproto[i%sizeof(keyproto)];
}
nessie_print_setheader(set);
for(i=0; i<1024; ++i){
nessie_print_set_vector(set, i);
zero_mac(i, key);
}
/* test set 3 */
set=3;
nessie_print_setheader(set);
/* we use the same key as above */
for(i=0; i<512; ++i){
nessie_print_set_vector(set, i);
one_in512_mac(i, key);
}
/* test set 4 */
set=4;
nessie_print_setheader(set);
/* we use the same key as above */
nessie_print_set_vector(set, 0);
tv4_mac();
/* test set 5 */
set=5;
nessie_print_setheader(set);
for(i=0; i<nessie_mac_ctx.keysize_b; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, KEYSIZE_B);
key[i>>3]=0x80>>(i&0x7);
ascii_mac("ABC", "\"ABC\"", key);
}
nessie_print_footer();
}

47
test_src/nessie_mac_test.h Normal file
View File

@ -0,0 +1,47 @@
/* nessie_mac_test.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef NESSIE_MAC_TEST_H_
#define NESSIE_MAC_TEST_H_
#include <stdint.h>
typedef void (*nessie_mac_init_fpt)(void* ctx, const void* key, uint16_t keysize_b);
typedef void (*nessie_mac_next_fpt)(void* ctx, const void* buffer);
typedef void (*nessie_mac_last_fpt)(void* ctx, const void* buffer, uint16_t size_b);
typedef void (*nessie_mac_conv_fpt)(void* buffer, void* ctx);
typedef struct nessie_mac_ctx_st{
uint16_t macsize_b;
uint16_t keysize_b;
uint16_t blocksize_B;
uint16_t ctx_size_B;
const char* name;
nessie_mac_init_fpt mac_init;
nessie_mac_next_fpt mac_next;
nessie_mac_last_fpt mac_last;
nessie_mac_conv_fpt mac_conv;
} nessie_mac_ctx_t;
extern nessie_mac_ctx_t nessie_mac_ctx;
void nessie_mac_run(void);
#endif /*NESSIE_MAC_TEST_H_*/

185
test_src/nessie_stream_test.c Normal file
View File

@ -0,0 +1,185 @@
/* nessie_stream_test.c */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
* author: Daniel Otte
* email: daniel.otte@rub.de
* license: GPLv3
*
* a suit for running the nessie-tests for streamciphers
*
* */
#include <stdint.h>
#include <string.h>
#include "nessie_stream_test.h"
#include "nessie_common.h"
#include "memxor.h"
nessie_stream_ctx_t nessie_stream_ctx;
#define BLOCKSIZE_B 64
static
void nessie_gen_block(void* ctx, uint8_t* block){
uint16_t i;
for(i=0; i<BLOCKSIZE_B; ++i){
block[i] = nessie_stream_ctx.cipher_enc(ctx);
}
}
static
void nessie_stream_enc(uint8_t* key){
uint8_t ctx[nessie_stream_ctx.ctx_size_B];
uint8_t buffer[BLOCKSIZE_B];
uint8_t xorbuffer[BLOCKSIZE_B];
uint8_t i;
memset(xorbuffer, 0, BLOCKSIZE_B);
nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
for(i=0; i<((192-0)/BLOCKSIZE_B-1); ++i){
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
}
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[192..255]", buffer, BLOCKSIZE_B);
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[256..319]", buffer, BLOCKSIZE_B);
for(i=0; i<((448-256)/BLOCKSIZE_B-1); ++i){
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
}
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[448..511]", buffer, BLOCKSIZE_B);
nessie_print_item("stream[0..511]xored", xorbuffer, BLOCKSIZE_B);
}
static
void nessie_stream_enc_large(uint8_t* key){
uint8_t ctx[nessie_stream_ctx.ctx_size_B];
uint8_t buffer[BLOCKSIZE_B];
uint8_t xorbuffer[BLOCKSIZE_B];
uint32_t i;
memset(xorbuffer, 0, BLOCKSIZE_B);
nessie_print_item("key", key, (nessie_stream_ctx.keysize_b+7)/8);
nessie_stream_ctx.cipher_genctx(key, nessie_stream_ctx.keysize_b, ctx);
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[0..63]", buffer, BLOCKSIZE_B);
for(i=0; i<((65472-0)/BLOCKSIZE_B-1); ++i){
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
NESSIE_SEND_ALIVE_A(i);
}
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[65472..65535]", buffer, BLOCKSIZE_B);
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[65536..65599]", buffer, BLOCKSIZE_B);
for(i=0; i<((131008-65536)/BLOCKSIZE_B-1); ++i){
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
NESSIE_SEND_ALIVE_A(i);
}
nessie_gen_block(ctx, buffer);
memxor(xorbuffer, buffer, BLOCKSIZE_B);
nessie_print_item("stream[131008..131071]", buffer, BLOCKSIZE_B);
nessie_print_item("stream[0..131071]xored", xorbuffer, BLOCKSIZE_B);
}
void nessie_stream_run(void){
uint16_t i;
uint8_t set;
uint8_t key[(nessie_stream_ctx.keysize_b+7)/8];
nessie_print_header(nessie_stream_ctx.name, nessie_stream_ctx.keysize_b,
0, 0, 0, nessie_stream_ctx.ivsize_b);
/* test set 1 */
set=1;
nessie_print_setheader(set);
for(i=0; i<nessie_stream_ctx.keysize_b; ++i){
nessie_print_set_vector(set, i);
memset(key, 0, (nessie_stream_ctx.keysize_b+7)/8);
key[i/8] |= 0x80>>(i%8);
nessie_stream_enc(key);
}
/* test set 2 */
set=2;
nessie_print_setheader(set);
for(i=0; i<256; ++i){
nessie_print_set_vector(set, i);
memset(key, i, (nessie_stream_ctx.keysize_b+7)/8);
nessie_stream_enc(key);
}
/* test set 3 */
set=3;
nessie_print_setheader(set);
for(i=0; i<256; ++i){
uint8_t j;
nessie_print_set_vector(set, i);
for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
key[j]=(i+j)&0xff;
}
nessie_stream_enc(key);
}
/* test set 4 */
set=4;
nessie_print_setheader(set);
for(i=0; i<4; ++i){
uint8_t j;
nessie_print_set_vector(set, i);
for(j=0; j<(nessie_stream_ctx.keysize_b+7)/8; ++j){
key[j]=(i*5+j*0x53)&0xff;
}
nessie_stream_enc_large(key);
}
nessie_print_footer();
}

42
test_src/nessie_stream_test.h Normal file
View File

@ -0,0 +1,42 @@
/* nessie_stream_test.h */
/*
This file is part of the ARM-Crypto-Lib.
Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef NESSIE_STREAM_TEST_H_
#define NESSIE_STREAM_TEST_H_
#include <stdint.h>
typedef void (*nessie_stream_genctx_fpt)(uint8_t* key, uint16_t keylength_b, void* ctx);
typedef uint8_t (*nessie_stream_genenc_fpt)(void* ctx);
typedef struct nessie_stream_ctx_st{
uint16_t keysize_b;
uint16_t ivsize_b;
uint16_t outsize_b;
uint16_t ctx_size_B;
char* name;
nessie_stream_genctx_fpt cipher_genctx;
nessie_stream_genenc_fpt cipher_enc;
} nessie_stream_ctx_t;
extern nessie_stream_ctx_t nessie_stream_ctx;
void nessie_stream_run(void);
#endif /*NESSIE_STREAM_TEST_H_*/